Develop Reference

How to correctly hook lsm on linux 5.1x

Below code can hook lsm successfully on Redhat8 server, but it will cause crash on Redhat9 server. I have try to find any resource about hlist_add_head_rcu or hook way change on linux 5.1x but cannot find any useful workaround. Could you help check about why that the same way can work on linux 4.x but cannot work on linux 5.1x? If you know the reason, could you help provide some workaround or suggestions. Thanks for your help.
#include <linux/module.h>
#include <linux/kallsyms.h>
#include <linux/version.h>
#include <linux/security.h>
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,2,0)
#include <linux/lsm_hooks.h>
#endif
#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,7,0)
#define KPROBE_LOOKUP 1
#include <linux/kprobes.h>
static struct kprobe kp = {
.symbol_name = "kallsyms_lookup_name"
};
#endif
#define SECURITY_HOOK_ADDR_NAME "security_hook_heads"
static unsigned long find_symbol_addr(const char *sym){
const char *cpsMethod = "cris test: find_symbol_addr";
unsigned long addr;
#ifdef KPROBE_LOOKUP
typedef unsigned long (*kallsyms_lookup_name_t)(const char *name);
kallsyms_lookup_name_t kallsyms_lookup_name;
register_kprobe(&kp);
kallsyms_lookup_name = (kallsyms_lookup_name_t) kp.addr;
unregister_kprobe(&kp);
#endif
addr = kallsyms_lookup_name(sym);
if (addr == 0) {
pr_err("%s: unable to find addr\n", cpsMethod);
return -EINVAL;
}
pr_info("%s: address is %lx\n", cpsMethod, addr);
return addr;
}
struct security_hook_list cris_hooks[1] = {
};
static int hook_execve_test(struct file *file, int mask)
{
pr_info("cris test: hook_execve_test\n");
return 0;
}
static struct security_hook_heads *cris_lsm_hook = NULL;
bool hook_lsm(void){
const char *cpsMethod = "cris test: hook_lsm";
int count = 0;
int i = 0;
unsigned long addr1;
addr1 = find_symbol_addr(SECURITY_HOOK_ADDR_NAME);
if (addr1 == 0)
{
pr_err("%s: [Fatal] Lookup address for security hook heads failed. Can't enable execve Hook\n", cpsMethod);
return false;
}
cris_lsm_hook = (struct security_hook_heads*)addr1;
cris_hooks[0].head = &(cris_lsm_hook->file_permission);
cris_hooks[0].hook.file_permission = hook_execve_test;
count = ARRAY_SIZE(cris_hooks);
for (i = 0; i < count; i++){
#if LINUX_VERSION_CODE < KERNEL_VERSION(4,17,0)
list_add_rcu(&cris_hooks[i].list, cris_hooks[i].head);
#else
hlist_add_head_rcu(&cris_hooks[i].list, cris_hooks[i].head);
#endif
}
pr_info("%s: finish hook_lsm.\n", cpsMethod);
return true;
}
void unhook_lsm(void){
const char *cpsMethod = "cris test: unhook_lsm";
int count = 0;
int i = 0;
count = ARRAY_SIZE(cris_hooks);
for (i = 0; i < count; i++){
#if LINUX_VERSION_CODE < KERNEL_VERSION(4,17,0)
list_del_rcu(&cris_hooks[i].list);
#else
hlist_del_rcu(&cris_hooks[i].list);
#endif
}
pr_info("%s: Unregister hook module\n", cpsMethod);
}
static int __init prsyms_init(void)
{
hook_lsm();
return 0;
}
static void __exit prsyms_exit(void)
{
unhook_lsm();
}
module_init(prsyms_init);
module_exit(prsyms_exit);
MODULE_LICENSE("GPL");
The version of test servers are:
Redhat8: 4.18.0-147.el8.x86_64
Redhat9: 5.14.0-70.13.1.el9_0.x86_64
And below is dump log from Redhat9 crash dump:
[ 2644.871335] cris test: find_symbol_addr: address is ffffffffb3215c60
[ 2644.871354] BUG: unable to handle page fault for address: ffffffffb3215ea0
[ 2644.871361] #PF: supervisor write access in kernel mode
[ 2644.871363] #PF: error_code(0x0003) - permissions violation
[ 2644.871365] PGD b5a15067 P4D b5a15067 PUD b5a16063 PMD 80000000b54000e1
[ 2644.871377] Oops: 0003 [#1] PREEMPT SMP PTI
[ 2644.871387] CPU: 0 PID: 2437 Comm: insmod Kdump: loaded Tainted: G S OE --------- --- 5.14.0-70.13.1.el9_0.x86_64 #1
[ 2644.871394] Hardware name: VMware, Inc. VMware7,1/440BX Desktop Reference Platform, BIOS VMW71.00V.13989454.B64.1906190538 06/19/2019
[ 2644.871396] RIP: 0010:hook_lsm.cold+0x47/0x95 [testcris]
[ 2644.871416] Code: 02 00 00 48 8d 93 40 02 00 00 48 c7 05 8f 23 00 00 83 70 72 c0 48 89 15 80 23 00 00 48 89 05 69 23 00 00 48 89 15 6a 23 00 00 <48> c7 83 40 02 00 00 40 94 72 c0 48 85 c0 74 08 48 c7 40 08 40 94
[ 2644.871418] RSP: 0018:ffffb5c00260fde0 EFLAGS: 00010246
[ 2644.871421] RAX: ffffffffb3216cf8 RBX: ffffffffb3215c60 RCX: 0000000000000000
[ 2644.871423] RDX: ffffffffb3215ea0 RSI: ffff917efbc17cc0 RDI: ffff917efbc17cc0
[ 2644.871424] RBP: ffffffffc072c000 R08: 0000000000000000 R09: ffffb5c00260fc28
[ 2644.871425] R10: ffffb5c00260fc20 R11: ffffffffb3be8228 R12: ffff917dc12226f0
[ 2644.871427] R13: ffffb5c00260fe88 R14: 0000000000000003 R15: 0000000000000000
[ 2644.871428] FS: 00007f8005409740(0000) GS:ffff917efbc00000(0000) knlGS:0000000000000000
[ 2644.871444] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2644.871447] CR2: ffffffffb3215ea0 CR3: 000000003f536003 CR4: 00000000001706f0
[ 2644.871467] Call Trace:
[ 2644.871473] prsyms_init+0xa/0x1000 [testcris]
[ 2644.871477] do_one_initcall+0x44/0x200
[ 2644.871500] ? load_module+0xab8/0xb80
[ 2644.871503] ? kmem_cache_alloc_trace+0x45/0x420
[ 2644.871523] do_init_module+0x5c/0x270
[ 2644.871536] __do_sys_finit_module+0xae/0x110
[ 2644.871544] do_syscall_64+0x3b/0x90
[ 2644.871592] entry_SYSCALL_64_after_hwframe+0x44/0xae

why it dumped stack twice when my linux driver failed at the second time while first time being insmod ran normally

i started learning linux driver a few days ago and i write a simple driver.fisrt i insmod my driver ,it showed it runs well ,and normal when i rmmod. but when i insmod it again, console log showed "killed", and then i use dmesg. The kernel log showed twice stackdump which surprised me so that i don't how to debug(use printk (●'◡'●)).
Many times tried on search machine, i got nothing. so i throwed it here, needing your guys help very very desperate. i truely wanna know why it failed at second time, why stackdump happened twice and how could i fix this driver. thanks very very much!
my vm linux kernel version is : 5.13.0
driver code is here:
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/init.h>
#include <linux/printk.h>
#include <linux/fs.h>
#include <linux/kdev_t.h>
#include <linux/device.h>
#include <linux/export.h>
#include <linux/types.h>
#include <linux/kobject.h>
static ssize_t my_file_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
return snprintf(buf, 64, "%s", __func__);
}
static ssize_t my_file_store(struct device *dev,
struct device_attribute *attr, const char *buf, size_t count)
{
pr_info("going to my_file_store\n");
return count;
}
static DEVICE_ATTR(my_file, 0664, my_file_show, my_file_store);
static int my_devid = -1;
static struct class *my_class = NULL;
static struct device *my_device = NULL;
static int __init my_init(void){
pr_info("going to %s\n", __func__);
int ret = 0;
ret = alloc_chrdev_region(&my_devid, 0, 1, "my_devid");
if(ret < 0){
my_devid = -1;
pr_err("[%s,%d]alloc_chrdev_region failed\n", __func__, __LINE__);
goto FAULT;
}
pr_info("my devid %d\n", my_devid);
my_class = class_create(THIS_MODULE, "my_class");
if(my_class == NULL){
pr_err("[%s,%d]class_create failed\n", __func__, __LINE__);
goto FAULT;
}
pr_info("[%s,%d]goes here\n", __func__, __LINE__);
my_device = device_create(my_class, NULL, my_devid, "%s", "my_dev");
if(my_device == NULL){
pr_err("[%s,%d] device_create failed\n", __func__, __LINE__);
goto FAULT;
}
pr_info("[%s,%d]goes here\n", __func__, __LINE__);
ret = device_create_file(my_device, &dev_attr_my_file);
if(ret < 0){
pr_err("sysfs_create_file failed\n");
goto FAULT;
}
pr_info("go to init tail now\n");
return 0;
FAULT:
if(my_devid != -1){
unregister_chrdev_region(my_devid, "my_devid");
my_devid = -1;
}
if(my_device != NULL){
device_destroy(my_class, my_devid);
my_device = NULL;
}
if(my_class != NULL){
class_destroy(my_class);
my_class = NULL;
}
return 0;
}
static void __exit my_exit(void){
pr_info("going to %s\n", __func__);
device_remove_file(my_device, &dev_attr_my_file);
if(my_devid != -1){
unregister_chrdev_region(my_devid, "my_devid");
my_devid = -1;
}
if(my_device != NULL){
device_destroy(my_class, my_devid);
my_device = NULL;
}
if(my_class != NULL){
class_destroy(my_class);
my_class = NULL;
}
}
module_init(my_init);
module_exit(my_exit);
MODULE_AUTHOR("tid");
MODULE_LICENSE("GPL");
this is dmesg:
going to my_init
[87682.699433] my devid 247463936
[87682.700041] [my_init,47]goes here
[87682.706933] [my_init,54]goes here
[87682.706937] go to init tail now
[87704.903499] going to my_exit
[87747.424115] going to my_init
[87747.424385] my devid 262144000
[87747.424418] [my_init,47]goes here
[87747.424784] sysfs: cannot create duplicate filename '/devices/virtual/my_class'
[87747.424989] CPU: 1 PID: 462167 Comm: insmod Tainted: G OE 5.13.0-27-generic #29~20.04.1-Ubuntu
[87747.424992] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020
[87747.425172] Call Trace:
[87747.426055] dump_stack+0x7d/0x9c
[87747.427617] sysfs_warn_dup.cold+0x17/0x27
[87747.427889] sysfs_create_dir_ns+0xb8/0xd0
[87747.428703] kobject_add_internal+0xbd/0x2b0
[87747.429021] kobject_add+0x7e/0xb0
[87747.429023] ? kmem_cache_alloc_trace+0x37c/0x440
[87747.429671] get_device_parent.isra.0+0x179/0x1b0
[87747.429943] device_add+0xe3/0x8e0
[87747.429945] device_create_groups_vargs+0xd4/0xf0
[87747.429946] ? 0xffffffffc09b1000
[87747.429948] device_create+0x49/0x60
[87747.429950] my_init+0xf0/0x1000 [test]
[87747.430241] do_one_initcall+0x46/0x1d0
[87747.430632] ? __cond_resched+0x19/0x30
[87747.430866] ? kmem_cache_alloc_trace+0x37c/0x440
[87747.430869] do_init_module+0x62/0x260
[87747.430898] load_module+0x125d/0x1440
[87747.431183] __do_sys_finit_module+0xc2/0x120
[87747.431185] ? __do_sys_finit_module+0xc2/0x120
[87747.431186] __x64_sys_finit_module+0x1a/0x20
[87747.431188] do_syscall_64+0x61/0xb0
[87747.431260] ? __x64_sys_newfstat+0x16/0x20
[87747.431361] ? do_syscall_64+0x6e/0xb0
[87747.431363] ? __x64_sys_lseek+0x1a/0x20
[87747.431380] ? do_syscall_64+0x6e/0xb0
[87747.431382] ? exc_page_fault+0x8f/0x170
[87747.431383] ? asm_exc_page_fault+0x8/0x30
[87747.431385] entry_SYSCALL_64_after_hwframe+0x44/0xae
[87747.431386] RIP: 0033:0x7fd6b8d3789d
[87747.431388] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c3 f5 0c 00 f7 d8 64 89 01 48
[87747.431390] RSP: 002b:00007ffe09073bd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[87747.431405] RAX: ffffffffffffffda RBX: 0000557d4fa68760 RCX: 00007fd6b8d3789d
[87747.431405] RDX: 0000000000000000 RSI: 0000557d4db48358 RDI: 0000000000000003
[87747.431406] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007fd6b8e0b260
[87747.431407] R10: 0000000000000003 R11: 0000000000000246 R12: 0000557d4db48358
[87747.431407] R13: 0000000000000000 R14: 0000557d4fa683d0 R15: 0000000000000000
[87747.431503] kobject_add_internal failed for my_class with -EEXIST, don't try to register things with the same name in the same directory.
[87747.431713] [my_init,54]goes here
[87747.431749] BUG: kernel NULL pointer dereference, address: 000000000000001f
[87747.431765] #PF: supervisor read access in kernel mode
[87747.431780] #PF: error_code(0x0000) - not-present page
[87747.431819] PGD 0 P4D 0
[87747.431821] Oops: 0000 [#1] SMP NOPTI
[87747.431823] CPU: 1 PID: 462167 Comm: insmod Tainted: G OE 5.13.0-27-generic #29~20.04.1-Ubuntu
[87747.431825] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020
[87747.431826] RIP: 0010:sysfs_create_file_ns+0x26/0x90
[87747.431829] Code: 9c 0f 1f 00 0f 1f 44 00 00 55 48 89 e5 41 55 41 54 53 48 83 ec 10 65 48 8b 04 25 28 00 00 00 48 89 45 e0 31 c0 48 85 ff 74 5b <48> 83 7f 30 00 48 89 fb 74 51 49 89 f4 48 85 f6 74 49 49 89 d5 48
[87747.431831] RSP: 0018:ffffa39a0406fbe0 EFLAGS: 00010282
[87747.431832] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000027
[87747.431833] RDX: 0000000000000000 RSI: ffffffffc09ae020 RDI: ffffffffffffffef
[87747.431834] RBP: ffffa39a0406fc08 R08: ffff8e77b9e589c0 R09: ffffa39a0406fa18
[87747.431835] R10: 0000000000000001 R11: 0000000000000001 R12: ffffffffc09ae020
[87747.431836] R13: ffffffffffffffef R14: ffffffffc09ae040 R15: 0000000000000000
[87747.431837] FS: 00007fd6b8bf2540(0000) GS:ffff8e77b9e40000(0000) knlGS:0000000000000000
[87747.431838] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[87747.432290] CR2: 000000000000001f CR3: 000000001f4c8005 CR4: 00000000003706e0
[87747.432721] Call Trace:
[87747.432724] device_create_file+0x42/0x80
[87747.432726] ? 0xffffffffc09b1000
[87747.432728] my_init+0x141/0x1000 [test]
[87747.432730] do_one_initcall+0x46/0x1d0
[87747.432732] ? __cond_resched+0x19/0x30
[87747.432734] ? kmem_cache_alloc_trace+0x37c/0x440
[87747.432737] do_init_module+0x62/0x260
[87747.432739] load_module+0x125d/0x1440
[87747.432741] __do_sys_finit_module+0xc2/0x120
[87747.432742] ? __do_sys_finit_module+0xc2/0x120
[87747.432743] __x64_sys_finit_module+0x1a/0x20
[87747.432745] do_syscall_64+0x61/0xb0
[87747.432747] ? __x64_sys_newfstat+0x16/0x20
[87747.432749] ? do_syscall_64+0x6e/0xb0
[87747.432750] ? __x64_sys_lseek+0x1a/0x20
[87747.432752] ? do_syscall_64+0x6e/0xb0
[87747.432754] ? exc_page_fault+0x8f/0x170
[87747.432755] ? asm_exc_page_fault+0x8/0x30
[87747.432756] entry_SYSCALL_64_after_hwframe+0x44/0xae
[87747.432758] RIP: 0033:0x7fd6b8d3789d
[87747.432759] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c3 f5 0c 00 f7 d8 64 89 01 48
[87747.432760] RSP: 002b:00007ffe09073bd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[87747.432762] RAX: ffffffffffffffda RBX: 0000557d4fa68760 RCX: 00007fd6b8d3789d
[87747.433030] RDX: 0000000000000000 RSI: 0000557d4db48358 RDI: 0000000000000003
[87747.433032] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007fd6b8e0b260
[87747.433033] R10: 0000000000000003 R11: 0000000000000246 R12: 0000557d4db48358
[87747.433033] R13: 0000000000000000 R14: 0000557d4fa683d0 R15: 0000000000000000
[87747.433036] Modules linked in: test(OE+) vsock_loopback vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vsock nls_iso8859_1 intel_rapl_msr intel_rapl_common crct10dif_pclmul ghash_clmulni_intel aesni_intel crypto_simd cryptd rapl vmw_balloon snd_ens1371 snd_ac97_codec gameport ac97_bus snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi joydev input_leds serio_raw snd_seq snd_seq_device snd_timer snd soundcore vmw_vmci mac_hid sch_fq_codel vmwgfx ttm drm_kms_helper cec rc_core fb_sys_fops syscopyarea sysfillrect sysimgblt msr nfsd parport_pc auth_rpcgss ppdev nfs_acl lockd lp grace parport drm sunrpc ip_tables x_tables autofs4 hid_generic ahci e1000 libahci usbhid hid mptspi mptscsih mptbase crc32_pclmul psmouse scsi_transport_spi i2c_piix4 pata_acpi [last unloaded: test]
[87747.433869] CR2: 000000000000001f
[87747.434327] ---[ end trace d7785aaa07b44309 ]---
[87747.434352] RIP: 0010:sysfs_create_file_ns+0x26/0x90
[87747.434357] Code: 9c 0f 1f 00 0f 1f 44 00 00 55 48 89 e5 41 55 41 54 53 48 83 ec 10 65 48 8b 04 25 28 00 00 00 48 89 45 e0 31 c0 48 85 ff 74 5b <48> 83 7f 30 00 48 89 fb 74 51 49 89 f4 48 85 f6 74 49 49 89 d5 48
[87747.434359] RSP: 0018:ffffa39a0406fbe0 EFLAGS: 00010282
[87747.434361] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000027
[87747.434362] RDX: 0000000000000000 RSI: ffffffffc09ae020 RDI: ffffffffffffffef
[87747.434363] RBP: ffffa39a0406fc08 R08: ffff8e77b9e589c0 R09: ffffa39a0406fa18
[87747.434363] R10: 0000000000000001 R11: 0000000000000001 R12: ffffffffc09ae020
[87747.434364] R13: ffffffffffffffef R14: ffffffffc09ae040 R15: 0000000000000000
[87747.434365] FS: 00007fd6b8bf2540(0000) GS:ffff8e77b9e40000(0000) knlGS:0000000000000000
[87747.434366] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[87747.434368] CR2: 000000000000001f CR3: 000000001f4c8005 CR4: 00000000003706e0

MAMP PRO crashes on launch (Monterey 12.0.1)

Not sure if it's the fault of the new system since I have seen others successfully run mamp pro from MacRumors.
And I have tried to give full disk access via system preference, also, I ran sudo /Applications/MAMP/bin/startApache.sh in the terminal with no luck to fix.
From the problem report EXC_BAD_ACCESS (SIGBUS), I guess it's something about memory or index problem?
I don't know how to fix this problem, please help me,
here's the full crash report:
-------------------------------------
Translated Report (Full Report Below)
-------------------------------------
Process: MAMP PRO [51611]
Path: /Applications/MAMP PRO.app/Contents/MacOS/MAMP PRO
Identifier: de.appsolute.mamppro
Version: 6.6 (33836)
Code Type: X86-64 (Native)
Parent Process: launchd [1]
User ID: 501
Date/Time: 2021-10-26 12:26:16.4555 +0800
OS Version: macOS 12.0.1 (21A559)
Report Version: 12
Bridge OS Version: 3.0 (14Y908)
Anonymous UUID: 2F9EDB7E-C40F-322A-A424-13F4D70BBC05
Sleep/Wake UUID: DF0A7272-42C0-43BE-A25D-C5F5AB3C5DF6
Time Awake Since Boot: 6500 seconds
Time Since Wake: 4085 seconds
System Integrity Protection: disabled
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGBUS)
Exception Codes: KERN_PROTECTION_FAILURE at 0x00007ff8465e2450
Exception Codes: 0x0000000000000002, 0x00007ff8465e2450
Exception Note: EXC_CORPSE_NOTIFY
Termination Reason: Namespace SIGNAL, Code 10 Bus error: 10
Terminating Process: exc handler [51611]
VM Region Info: 0x7ff8465e2450 is in 0x7ff8465e18a0-0x7ff84661bbd0; bytes after start: 2992 bytes before end: 235391
REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL
unused shlib __TEXT 7ff8465e1898-7ff8465e18a0 [ 8] r--/rw- SM=COW ... this process
---> __DATA_CONST 7ff8465e18a0-7ff84661bbd0 [ 233K] r--/rw- SM=COW ...aunchServices
__DATA_CONST 7ff84661bbd0-7ff846658a48 [ 244K] r--/rw- SM=COW .../A/MetalTools
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libConfigurer64.dylib 0x10d79faf8 0x10d77a000 + 154360
1 ??? 0x7ff8890bc518 ???
2 libConfigurer64.dylib 0x10d79f96d 0x10d77a000 + 153965
3 dyld 0x111648759 invocation function for block in dyld4::APIs::_dyld_register_func_for_add_image(void (*)(mach_header const*, long)) + 175
4 dyld 0x111630649 dyld4::RuntimeState::withLoadersReadLock(void () block_pointer) + 41
5 dyld 0x11164865a dyld4::APIs::_dyld_register_func_for_add_image(void (*)(mach_header const*, long)) + 116
6 libConfigurer64.dylib 0x10d7a87d3 0x10d77a000 + 190419
7 libobjc.A.dylib 0x7ff806767c6e load_images + 1546
8 dyld 0x11163541c dyld4::RuntimeState::notifyObjCInit(dyld4::Loader const*) + 170
9 dyld 0x11163abfd dyld4::Loader::runInitializersBottomUp(dyld4::RuntimeState&, dyld3::Array<dyld4::Loader const*>&) const + 167
10 dyld 0x11163abeb dyld4::Loader::runInitializersBottomUp(dyld4::RuntimeState&, dyld3::Array<dyld4::Loader const*>&) const + 149
11 dyld 0x11163abeb dyld4::Loader::runInitializersBottomUp(dyld4::RuntimeState&, dyld3::Array<dyld4::Loader const*>&) const + 149
12 dyld 0x11163acac dyld4::Loader::runInitializersBottomUpPlusUpwardLinks(dyld4::RuntimeState&) const + 108
13 dyld 0x11164e32e dyld4::APIs::runAllInitializersForMain() + 222
14 dyld 0x11162c358 dyld4::prepare(dyld4::APIs&, dyld3::MachOAnalyzer const*) + 3438
15 dyld 0x11162b4b4 start + 388
Thread 1:
0 libsystem_pthread.dylib 0x7ff8068cc00c start_wqthread + 0
Thread 2:
0 libsystem_pthread.dylib 0x7ff8068cc00c start_wqthread + 0
Thread 0 crashed with X86 Thread State (64-bit):
rax: 0x000000010d79e91b rbx: 0x0000000000000176 rcx: 0x00007ff8465e18a0 rdx: 0xffffffffffffffff
rdi: 0x00007ff88b9b1a60 rsi: 0x0000600002c4866f rbp: 0x00007ff7b35f90a0 rsp: 0x00007ff7b35f9030
r8: 0x0000000000000000 r9: 0x0000000000000990 r10: 0x0000000000000005 r11: 0x0000000000000005
r12: 0x00007ff806e1a510 r13: 0x0000000000000000 r14: 0x00007ff88b9b1a51 r15: 0x00006000008481e0
rip: 0x000000010d79faf8 rfl: 0x0000000000010246 cr2: 0x00007ff8465e2450
Logical CPU: 6
Error Code: 0x00000006 (no mapping for user data write)
Trap Number: 14
Thread 0 instruction stream:
e1 48 8b 45 b8 48 8b 40-10 48 85 c0 4c 8b 65 c8 .H.E.H.#.H..L.e.
4c 8b 7d a8 48 8b 5d c0-41 bd 00 00 00 80 75 a6 L.}.H.].A.....u.
eb 4c 4b 8b 44 ef 10 48-85 c0 74 23 48 8b 4d d0 .LK.D..H..t#H.M.
48 8b 55 c0 48 8b 0c d1-4b 3b 4c ef 08 4c 8b 65 H.U.H...K;L..L.e
c8 74 10 48 89 08 48 8b-45 b8 4c 8b 38 eb 04 4c .t.H..H.E.L.8..L
8b 65 c8 4b 8b 44 ef 08-48 8b 4d d0 48 8b 5d c0 .e.K.D..H.M.H.].
[48]89 04 d9 4c 8b 7d a8-41 bd 00 00 00 80 ff c3 H...L.}.A....... <==
49 8b 44 24 28 48 c1 e8-03 48 39 d8 0f 87 e4 fe I.D$(H...H9.....
ff ff 48 83 c4 48 5b 41-5c 41 5d 41 5e 41 5f 5d ..H..H[A\A]A^A_]
c3 55 48 89 e5 48 89 f2-48 89 fe 48 8b 3d ae d5 .UH..H..H..H.=..
08 00 5d e9 a3 fc ff ff-55 48 89 e5 41 57 41 56 ..].....UH..AWAV
41 55 41 54 53 48 81 ec-b8 11 00 00 48 89 bd 30 AUATSH......H..0
Binary Images:
0x10d77a000 - 0x10d829fff libConfigurer64.dylib (*) <ae387cc4-9425-3323-ac9f-ba486703833b> /Applications/MAMP PRO.app/Contents/Resources/libConfigurer64.dylib
0x0 - 0xffffffffffffffff ??? (*) <00000000-0000-0000-0000-000000000000> ???
0x111626000 - 0x111691fff dyld (*) <1a6ae033-9438-33c0-8077-988fd885250a> /usr/lib/dyld
0x7ff80675e000 - 0x7ff806797fff libobjc.A.dylib (*) <7cfcdc89-2bee-3784-b7af-c676f60fe211> /usr/lib/libobjc.A.dylib
0x7ff8068ca000 - 0x7ff8068d5fff libsystem_pthread.dylib (*) <29a2750e-f31b-3630-8761-242a6bc3e99e> /usr/lib/system/libsystem_pthread.dylib
External Modification Summary:
Calls made by other processes targeting this process:
task_for_pid: 0
thread_create: 0
thread_set_state: 0
Calls made by this process:
task_for_pid: 0
thread_create: 0
thread_set_state: 0
Calls made by all processes on this machine:
task_for_pid: 0
thread_create: 0
thread_set_state: 0
VM Region Summary:
ReadOnly portion of Libraries: Total=1.1G resident=0K(0%) swapped_out_or_unallocated=1.1G(100%)
Writable regions: Total=634.4M written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=634.4M(100%)
VIRTUAL REGION
REGION TYPE SIZE COUNT (non-coalesced)
=========== ======= =======
Activity Tracing 256K 1
Kernel Alloc Once 8K 1
MALLOC 240.1M 38
MALLOC guard page 16K 4
MALLOC_NANO (reserved) 384.0M 1 reserved VM address space (unallocated)
STACK GUARD 56.0M 3
Stack 9232K 3
VM_ALLOCATE 8K 2
__DATA 31.0M 457
__DATA_CONST 27.9M 298
__DATA_DIRTY 1535K 193
__FONT_DATA 4K 1
__LINKEDIT 641.2M 10
__OBJC_RO 81.5M 1
__OBJC_RW 3120K 2
__TEXT 471.8M 501
__UNICODE 588K 1
dyld private memory 1024K 1
mapped file 28.3M 2
shared memory 44K 4
=========== ======= =======
TOTAL 1.9G 1524
TOTAL, minus reserved VM space 1.6G 1524
-----------
Full Report
-----------
{"app_name":"MAMP PRO","timestamp":"2021-10-26 12:26:16.00 +0800","app_version":"6.6","slice_uuid":"5878e976-c589-3c37-a57d-1944c5b9a8f5","build_version":"33836","platform":1,"bundleID":"de.appsolute.mamppro","share_with_app_devs":1,"is_first_party":0,"bug_type":"309","os_version":"macOS 12.0.1 (21A559)","incident_id":"360E81F0-70F6-4779-A485-FE8587745FEF","name":"MAMP PRO"}
{
"uptime" : 6500,
"procLaunch" : "2021-10-26 12:26:16.2837 +0800",
"procRole" : "Background",
"version" : 2,
"userID" : 501,
"deployVersion" : 210,
"modelCode" : "MacBookPro14,3",
"procStartAbsTime" : 6564479054579,
"coalitionID" : 1333,
"osVersion" : {
"train" : "macOS 12.0.1",
"build" : "21A559",
"releaseType" : "User"
},
"captureTime" : "2021-10-26 12:26:16.4555 +0800",
"incident" : "360E81F0-70F6-4779-A485-FE8587745FEF",
"bug_type" : "309",
"pid" : 51611,
"procExitAbsTime" : 6564650188612,
"cpuType" : "X86-64",
"procName" : "MAMP PRO",
"procPath" : "\/Applications\/MAMP PRO.app\/Contents\/MacOS\/MAMP PRO",
"bundleInfo" : {"CFBundleShortVersionString":"6.6","CFBundleVersion":"33836","CFBundleIdentifier":"de.appsolute.mamppro"},
"storeInfo" : {"deviceIdentifierForVendor":"4883B9B5-EDFA-5C8A-88FB-B55B61A3932A","thirdParty":true},
"parentProc" : "launchd",
"parentPid" : 1,
"coalitionName" : "de.appsolute.mamppro",
"crashReporterKey" : "2F9EDB7E-C40F-322A-A424-13F4D70BBC05",
"wakeTime" : 4085,
"bridgeVersion" : {"build":"14Y908","train":"3.0"},
"sleepWakeUUID" : "DF0A7272-42C0-43BE-A25D-C5F5AB3C5DF6",
"sip" : "disabled",
"vmRegionInfo" : "0x7ff8465e2450 is in 0x7ff8465e18a0-0x7ff84661bbd0; bytes after start: 2992 bytes before end: 235391\n REGION TYPE START - END [ VSIZE] PRT\/MAX SHRMOD REGION DETAIL\n unused shlib __TEXT 7ff8465e1898-7ff8465e18a0 [ 8] r--\/rw- SM=COW ... this process\n---> __DATA_CONST 7ff8465e18a0-7ff84661bbd0 [ 233K] r--\/rw- SM=COW ...aunchServices\n __DATA_CONST 7ff84661bbd0-7ff846658a48 [ 244K] r--\/rw- SM=COW ...\/A\/MetalTools",
"isCorpse" : 1,
"exception" : {"codes":"0x0000000000000002, 0x00007ff8465e2450","rawCodes":[2,140704309191760],"type":"EXC_BAD_ACCESS","signal":"SIGBUS","subtype":"KERN_PROTECTION_FAILURE at 0x00007ff8465e2450"},
"termination" : {"flags":0,"code":10,"namespace":"SIGNAL","indicator":"Bus error: 10","byProc":"exc handler","byPid":51611},
"vmregioninfo" : "0x7ff8465e2450 is in 0x7ff8465e18a0-0x7ff84661bbd0; bytes after start: 2992 bytes before end: 235391\n REGION TYPE START - END [ VSIZE] PRT\/MAX SHRMOD REGION DETAIL\n unused shlib __TEXT 7ff8465e1898-7ff8465e18a0 [ 8] r--\/rw- SM=COW ... this process\n---> __DATA_CONST 7ff8465e18a0-7ff84661bbd0 [ 233K] r--\/rw- SM=COW ...aunchServices\n __DATA_CONST 7ff84661bbd0-7ff846658a48 [ 244K] r--\/rw- SM=COW ...\/A\/MetalTools",
"extMods" : {"caller":{"thread_create":0,"thread_set_state":0,"task_for_pid":0},"system":{"thread_create":0,"thread_set_state":0,"task_for_pid":0},"targeted":{"thread_create":0,"thread_set_state":0,"task_for_pid":0},"warnings":0},
"faultingThread" : 0,
"threads" : [{"triggered":true,"id":187807,"instructionState":{"instructionStream":{"bytes":[225,72,139,69,184,72,139,64,16,72,133,192,76,139,101,200,76,139,125,168,72,139,93,192,65,189,0,0,0,128,117,166,235,76,75,139,68,239,16,72,133,192,116,35,72,139,77,208,72,139,85,192,72,139,12,209,75,59,76,239,8,76,139,101,200,116,16,72,137,8,72,139,69,184,76,139,56,235,4,76,139,101,200,75,139,68,239,8,72,139,77,208,72,139,93,192,72,137,4,217,76,139,125,168,65,189,0,0,0,128,255,195,73,139,68,36,40,72,193,232,3,72,57,216,15,135,228,254,255,255,72,131,196,72,91,65,92,65,93,65,94,65,95,93,195,85,72,137,229,72,137,242,72,137,254,72,139,61,174,213,8,0,93,233,163,252,255,255,85,72,137,229,65,87,65,86,65,85,65,84,83,72,129,236,184,17,0,0,72,137,189,48],"offset":96}},"threadState":{"r13":{"value":0},"rax":{"value":4521060635},"rflags":{"value":66118},"cpu":{"value":6},"r14":{"value":140705470814801},"rsi":{"value":105553162700399},"r8":{"value":0},"cr2":{"value":140704309191760},"rdx":{"value":18446744073709551615},"r10":{"value":5},"r9":{"value":2448},"r15":{"value":105553124950496},"rbx":{"value":374},"trap":{"value":14,"description":"(no mapping for user data write)"},"err":{"value":6},"r11":{"value":5},"rip":{"value":4521065208,"matchesCrashFrame":1},"rbp":{"value":140701843034272},"rsp":{"value":140701843034160},"r12":{"value":140703244068112},"rcx":{"value":140704309188768},"flavor":"x86_THREAD_STATE","rdi":{"value":140705470814816}},"queue":"com.apple.main-thread","frames":[{"imageOffset":154360,"imageIndex":0},{"imageOffset":140705427866904,"imageIndex":1},{"imageOffset":153965,"imageIndex":0},{"imageOffset":141145,"symbol":"invocation function for block in dyld4::APIs::_dyld_register_func_for_add_image(void (*)(mach_header const*, long))","symbolLocation":175,"imageIndex":2},{"imageOffset":42569,"symbol":"dyld4::RuntimeState::withLoadersReadLock(void () block_pointer)","symbolLocation":41,"imageIndex":2},{"imageOffset":140890,"symbol":"dyld4::APIs::_dyld_register_func_for_add_image(void (*)(mach_header const*, long))","symbolLocation":116,"imageIndex":2},{"imageOffset":190419,"imageIndex":0},{"imageOffset":40046,"symbol":"load_images","symbolLocation":1546,"imageIndex":3},{"imageOffset":62492,"symbol":"dyld4::RuntimeState::notifyObjCInit(dyld4::Loader const*)","symbolLocation":170,"imageIndex":2},{"imageOffset":84989,"symbol":"dyld4::Loader::runInitializersBottomUp(dyld4::RuntimeState&, dyld3::Array<dyld4::Loader const*>&) const","symbolLocation":167,"imageIndex":2},{"imageOffset":84971,"symbol":"dyld4::Loader::runInitializersBottomUp(dyld4::RuntimeState&, dyld3::Array<dyld4::Loader const*>&) const","symbolLocation":149,"imageIndex":2},{"imageOffset":84971,"symbol":"dyld4::Loader::runInitializersBottomUp(dyld4::RuntimeState&, dyld3::Array<dyld4::Loader const*>&) const","symbolLocation":149,"imageIndex":2},{"imageOffset":85164,"symbol":"dyld4::Loader::runInitializersBottomUpPlusUpwardLinks(dyld4::RuntimeState&) const","symbolLocation":108,"imageIndex":2},{"imageOffset":164654,"symbol":"dyld4::APIs::runAllInitializersForMain()","symbolLocation":222,"imageIndex":2},{"imageOffset":25432,"symbol":"dyld4::prepare(dyld4::APIs&, dyld3::MachOAnalyzer const*)","symbolLocation":3438,"imageIndex":2},{"imageOffset":21684,"symbol":"start","symbolLocation":388,"imageIndex":2}]},{"id":187837,"frames":[{"imageOffset":8204,"symbol":"start_wqthread","symbolLocation":0,"imageIndex":4}]},{"id":187838,"frames":[{"imageOffset":8204,"symbol":"start_wqthread","symbolLocation":0,"imageIndex":4}]}],
"usedImages" : [
{
"source" : "P",
"arch" : "x86_64",
"base" : 4520910848,
"size" : 720896,
"uuid" : "ae387cc4-9425-3323-ac9f-ba486703833b",
"path" : "\/Applications\/MAMP PRO.app\/Contents\/Resources\/libConfigurer64.dylib",
"name" : "libConfigurer64.dylib"
},
{
"size" : 0,
"source" : "A",
"base" : 0,
"uuid" : "00000000-0000-0000-0000-000000000000"
},
{
"source" : "P",
"arch" : "x86_64",
"base" : 4586627072,
"size" : 442368,
"uuid" : "1a6ae033-9438-33c0-8077-988fd885250a",
"path" : "\/usr\/lib\/dyld",
"name" : "dyld"
},
{
"source" : "P",
"arch" : "x86_64h",
"base" : 140703237005312,
"size" : 237568,
"uuid" : "7cfcdc89-2bee-3784-b7af-c676f60fe211",
"path" : "\/usr\/lib\/libobjc.A.dylib",
"name" : "libobjc.A.dylib"
},
{
"source" : "P",
"arch" : "x86_64",
"base" : 140703238496256,
"size" : 49152,
"uuid" : "29a2750e-f31b-3630-8761-242a6bc3e99e",
"path" : "\/usr\/lib\/system\/libsystem_pthread.dylib",
"name" : "libsystem_pthread.dylib"
}
],
"sharedCache" : {
"base" : 140703235268608,
"size" : 15213641728,
"uuid" : "3d05845f-3f65-358f-9ebf-2236e772ac01"
},
"vmSummary" : "ReadOnly portion of Libraries: Total=1.1G resident=0K(0%) swapped_out_or_unallocated=1.1G(100%)\nWritable regions: Total=634.4M written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=634.4M(100%)\n\n VIRTUAL REGION \nREGION TYPE SIZE COUNT (non-coalesced) \n=========== ======= ======= \nActivity Tracing 256K 1 \nKernel Alloc Once 8K 1 \nMALLOC 240.1M 38 \nMALLOC guard page 16K 4 \nMALLOC_NANO (reserved) 384.0M 1 reserved VM address space (unallocated)\nSTACK GUARD 56.0M 3 \nStack 9232K 3 \nVM_ALLOCATE 8K 2 \n__DATA 31.0M 457 \n__DATA_CONST 27.9M 298 \n__DATA_DIRTY 1535K 193 \n__FONT_DATA 4K 1 \n__LINKEDIT 641.2M 10 \n__OBJC_RO 81.5M 1 \n__OBJC_RW 3120K 2 \n__TEXT 471.8M 501 \n__UNICODE 588K 1 \ndyld private memory 1024K 1 \nmapped file 28.3M 2 \nshared memory 44K 4 \n=========== ======= ======= \nTOTAL 1.9G 1524 \nTOTAL, minus reserved VM space 1.6G 1524 \n",
"legacyInfo" : {
"threadTriggered" : {
"queue" : "com.apple.main-thread"
}
},
"trialInfo" : {
"rollouts" : [
{
"rolloutId" : "607844aa04477260f58a8077",
"factorPackIds" : {
"SIRI_MORPHUN_ASSETS" : "60ef663fa2f864203caf575c"
},
"deploymentId" : 250000055
},
{
"rolloutId" : "60da5e84ab0ca017dace9abf",
"factorPackIds" : {
},
"deploymentId" : 250000007
},
{
"rolloutId" : "60356660bbe37970735c5624",
"factorPackIds" : {
},
"deploymentId" : 250000013
},
{
"rolloutId" : "602ad4dac86151000cf27e46",
"factorPackIds" : {
"SIRI_DICTATION_ASSETS" : "6164895c201f677a9a4cb9e7"
},
"deploymentId" : 250000232
},
{
"rolloutId" : "5fc94383418129005b4e9ae0",
"factorPackIds" : {
},
"deploymentId" : 250000144
},
{
"rolloutId" : "5ffde50ce2aacd000d47a95f",
"factorPackIds" : {
},
"deploymentId" : 250000063
},
{
"rolloutId" : "601d9415f79519000ccd4b69",
"factorPackIds" : {
"SIRI_TEXT_TO_SPEECH" : "61704b7f20024a1072784bb1"
},
"deploymentId" : 250000291
}
],
"experiments" : [
]
}
}
Model: MacBookPro14,3, BootROM 447.40.12.0.0, 4 processors, Quad-Core Intel Core i7, 3.1 GHz, 16 GB, SMC 2.45f5
Graphics: Intel HD Graphics 630, Intel HD Graphics 630, Built-In
Display: Color LCD, 2880 x 1800 Retina, Main, MirrorOff, Online
Graphics: Radeon Pro 560, Radeon Pro 560, PCIe, 4 GB
Memory Module: BANK 0/DIMM0, 8 GB, LPDDR3, 2133 MHz, 0x80CE, 0x4B3445424533303445422D45474347202020
Memory Module: BANK 1/DIMM0, 8 GB, LPDDR3, 2133 MHz, 0x80CE, 0x4B3445424533303445422D45474347202020
AirPort: spairport_wireless_card_type_wifi (0x14E4, 0x173), Broadcom BCM43xx 1.0 (7.77.111.1 AirPortDriverBrcmNIC-1710.2)
AirPort:
Bluetooth: Version (null), 0 services, 0 devices, 0 incoming serial ports
Network Service: Wi-Fi, AirPort, en0
USB Device: USB30Bus
USB Device: Apple T1 Controller
Thunderbolt Bus: MacBook Pro, Apple Inc., 41.5
Thunderbolt Bus: MacBook Pro, Apple Inc., 41.5

I downloaded a new version of MAMP from this site - https://appstorrent.ru/269-mamp-pro.html
turned off the ISP. Instruction here - https://appstorrent.ru/510-sip.html
And MAMP started working (MacBook Pro m1. Monterey)

I face a similar issue, though I was not using pro. I could not even launch MAMP at all without a crash and error report like yours. My report was a little different, the reason was EXC_BAD_ACCESS (SIGSEGV)
I was able to determine the issue was MAMP trying to launch using nginx instead of apache. I opened the Applications > MAMP > conf folder and deleted the nginx folder and was then able to launch MAMP. Before starting the server I switched from nginx to apache, and it has worked since.

Actually, the PRO feature of mamp isn't necessary for my personal use, but still I felt like building my host from scratch.
For those who don't want to spend time on this, try XAMPP
After some research, these are what I learned:
macOS has PHP and httpd(AKA apache) pre-installed
if you want to install the latest version you need brew installed
DIY an httpd.conf file needs some Googles, if you are not familiar with the computer and just want things to get to work, try XMAPP then.

Reserving Relocatable Address Space in ELF Section

Here is an example project that adds a binary section to an elf object file. This works with GCC:
#include <unistd.h>
extern char _binary_metamorphosis_txt_start;
int main() {
char* x = &_binary_metamorphosis_txt_start;
int r;
r = write(1,"Starting:\n",10);
r = write(1,x,40);
r = write(1,"\n",1);
return r;
}
In the unlinked assembly, we can see:
leaq _binary_metamorphosis_txt_start(%rip), %rsi
Then, we stick a bunch of text into an object file:
> vim metamorphosis.txt
... copy Franz Kafka's classic work into a text file ...
> ld -r -b binary metamorphosis.txt -o metamorphosis.o
> objdump -x metamorphosis.o
metamorphosis.o: file format elf64-x86-64
...
SYMBOL TABLE:
0000000000000000 l d .data 0000000000000000 .data
0000000000009587 g .data 0000000000000000 _binary_metamorphosis_txt_end
0000000000000000 g .data 0000000000000000 _binary_metamorphosis_txt_start
0000000000009587 g *ABS* 0000000000000000 _binary_metamorphosis_txt_size
Then we compile and link it all together:
> gcc -O -Wall main.c metamorphosis.o
> ./a.out
Starting:
One morning, when Gregor Samsa woke from
Cool. It works. But what if, instead of linking some extra content into my binary, I want to reserve some space and then mmap something in myself. I don't want to hardcode the virtual address. I just want to reserve space near the text, data, and bss sections. And I don't want it to start out backed by anything. From the previous example, the binary I end up with has these sections (the contents of The Metamorphosis end up in .data after linking):
> readelf -W -S a.out
There are 29 section headers, starting at offset 0xaf50:
Section Headers:
[Nr] Name Type Address Off Size ES Flg Lk Inf Al
[ 0] NULL 0000000000000000 000000 000000 00 0 0 0
[ 1] .interp PROGBITS 0000000000000238 000238 00001c 00 A 0 0 1
[ 2] .note.ABI-tag NOTE 0000000000000254 000254 000020 00 A 0 0 4
[ 3] .note.gnu.build-id NOTE 0000000000000274 000274 000024 00 A 0 0 4
[ 4] .gnu.hash GNU_HASH 0000000000000298 000298 00001c 00 A 5 0 8
[ 5] .dynsym DYNSYM 00000000000002b8 0002b8 0000a8 18 A 6 1 8
[ 6] .dynstr STRTAB 0000000000000360 000360 000083 00 A 0 0 1
[ 7] .gnu.version VERSYM 00000000000003e4 0003e4 00000e 02 A 5 0 2
[ 8] .gnu.version_r VERNEED 00000000000003f8 0003f8 000020 00 A 6 1 8
[ 9] .rela.dyn RELA 0000000000000418 000418 0000c0 18 A 5 0 8
[10] .rela.plt RELA 00000000000004d8 0004d8 000018 18 AI 5 22 8
[11] .init PROGBITS 00000000000004f0 0004f0 000017 00 AX 0 0 4
[12] .plt PROGBITS 0000000000000510 000510 000020 10 AX 0 0 16
[13] .plt.got PROGBITS 0000000000000530 000530 000008 08 AX 0 0 8
[14] .text PROGBITS 0000000000000540 000540 0001d2 00 AX 0 0 16
[15] .fini PROGBITS 0000000000000714 000714 000009 00 AX 0 0 4
[16] .rodata PROGBITS 0000000000000720 000720 00000f 00 A 0 0 4
[17] .eh_frame_hdr PROGBITS 0000000000000730 000730 00003c 00 A 0 0 4
[18] .eh_frame PROGBITS 0000000000000770 000770 000100 00 A 0 0 8
[19] .init_array INIT_ARRAY 0000000000200db8 000db8 000008 08 WA 0 0 8
[20] .fini_array FINI_ARRAY 0000000000200dc0 000dc0 000008 08 WA 0 0 8
[21] .dynamic DYNAMIC 0000000000200dc8 000dc8 0001f0 10 WA 6 0 8
[22] .got PROGBITS 0000000000200fb8 000fb8 000048 08 WA 0 0 8
[23] .data PROGBITS 0000000000201000 001000 009597 00 WA 0 0 8
[24] .bss NOBITS 000000000020a597 00a597 000001 00 WA 0 0 1
[25] .comment PROGBITS 0000000000000000 00a597 000029 01 MS 0 0 1
[26] .symtab SYMTAB 0000000000000000 00a5c0 000630 18 27 43 8
[27] .strtab STRTAB 0000000000000000 00abf0 000260 00 0 0 1
[28] .shstrtab STRTAB 0000000000000000 00ae50 0000fe 00 0 0 1
The very first section has type NULL. It also has no flags (not even allocate). There are also .symtab, .strtab, and .shstrtab section that are not allocated, but unlike the NULL section, these have non-zero size. However, I don't think any of these cause virtual address space to be reserved. What I'm trying to do is get GCC to emit something like a NULL section but with a non-zero size of my choosing. And it should provide a promise than nothing else will use that virual address space. That way, at runtime, I could back it with memory from a file using MAP_FIXED:
extern char _my_unmapped_section_start;
int main() {
char* x = &_my_unmapped_section_start;
int fd = open("/etc/bunch_of_data.bin", O_RDONLY);
mmap(x, 4096 * 100, PROT_READ, MAP_SHARED | MAP_FIXED, fd, 0);
char theThousandthCharacter = x[999];
...
}
I don't even want it to start out zeroed like a bss section is. If anything, I want it to be like a PROT_NONE mapping. I've tried going about this several ways:
Linker scripts with NOLOAD or DSECT
Patching object files with objcopy --add-section
I've not been able to get either of these working though. What I'm trying to figure out is whether or not it's possible to get a ELF binary that has think behavior. I'm not totally sure whether or not ELF can even represent this. If it can, then is there a straightforward way to get gcc and ld to do this?
To address the "XY problem" concern, I'll add that I'm not actually trying to use C for anything. This is just part of an idea for implementing a high-level language. I'm pondering how to share read-only (immutable) data that's part of the standard library that I don't want to duplicate into every compiled binary. It would be nice to get RIP-relative addressing for this data rather than going through a GOT like C would typically do in this situation. For function calls, ASLR on shared objects (the standard library) is pretty standard and provides some amount of attack mitigation, so I'm fine with the standard "go through of GOT" on function calls. But on immutable data (in a read-only memory map), I don't belive there is any reason to prefer the extra indirection. So I was thinking about how to make it possible to skip the GOT for data.

Why AMD64 RSP register was subtracted 8 bytes wrongly?

Now I met one issue about kernel panic at linux-3.0, it seems RSP register was subtracted 8 bytes wrongly. So I can not Judge it is a CPU bug or kernel bug. But I go through the assemble code of do page_fault, no find any code to -8 for rsp.hope you can give me some ideas. Thanks!
BTW:This issue is hard to be reproduced, and only met in one x86 machine.
(1) For AMD64, r12-r15 and rbx, rbp are callee save registers, when call do_page_fault, in this function, they will be saved.
The stack like below:
00007f48c91c1000(r11)
0000000000000000(rbx)
00007ffc0f907bb0(rbp)
00007f48c9558000(r12)
00007f48c91c9708(r13)
00007f48ca168500(r14)
00007f48ca168500(r15)(caller save)
ffffffff81461fc5(page_fault+0x25/0x30)* (return address)
00007f48ca168500(r15) (callee save)
00007f48ca168500(r14)
00007f48c91c9708(r13)
00007f48c9558000(r12)
00007ffc0f907bb0(rbp)
00007f48c91e8598(rbx)
(2) But I got one wrong return value when do_page_fault finished, it should pop “page_fault+0x25/0x30” to RIP, but it seems pop the “00007f48ca168500(r15)” to RIP and cause this following OOP, it seems RSP register was subtracted 8 bytes wrongly in do_page_fault function:
<6>[29205.617769] ovs-vsctl[33927]: segfault at 7f48c9558000 ip 00007f48c9f62285 sp 00007ffc0f907ad0 error 6 in ld-2.11.3.so[7f48c9f57000+1f000]
<1>[29205.617808] BUG: unable to handle kernel paging request at 00007f48ca168500
<1>[29205.621539] IP: [<00007f48ca168500>] 0x7f48ca1684ff
<4>[29205.621539] PGD 3f76860067 PUD 32cf7f7067 PMD 2afce53067 PTE 800000375422e067
<1>[29205.621539] Thread overran stack, or stack corrupted
<0>[29205.621539] Oops: 0011 [#1] SMP
<4>[29205.621539] Inexact backtrace:
<4>[29205.621539]
<4>[29205.621539] CPU 43
<4>[29205.621539] Supported: No, Unsupported modules are loaded
<4>[29205.621539]
<4>[29205.621539] Pid: 33927, comm: ovs-vsctl Tainted: GF NX 3.0.93-0.8-default #1 xxxxx
<4>[29205.621539] RIP: 0010:[<00007f48ca168500>] [<00007f48ca168500>] 0x7f48ca1684ff
<4>[29205.621539] RSP: 0000:ffff882b370adf50 EFLAGS: 00010286
<4>[29205.621539] RAX: 0000000000000000 RBX: 00007f48c91c0000 RCX: ffff883fb99c03c0
<4>[29205.621539] RDX: 0000000000000000 RSI: 0000000000000286 RDI: 0000000000000286
<4>[29205.621539] RBP: 0000000000000000 R08: 0000000000000020 R09: 0000000000000000
<4>[29205.621539] R10: 0000000000000006 R11: 000000000000004a R12: 00007ffc0f907bb0
<4>[29205.621539] R13: 00007f48c9558000 R14: 00007f48c91c9708 R15: 00007f48ca168500
<4>[29205.621539] FS: 00007f48ca163c00(0000) GS:ffff88407f3e0000(0000) knlGS:0000000000000000
<4>[29205.621539] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<4>[29205.621539] CR2: 00007f48ca168500 CR3: 0000002b3ce96000 CR4: 00000000001427e0
<4>[29205.621539] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
<4>[29205.621539] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
<4>[29205.621539] Process ovs-vsctl (pid: 33927, threadinfo ffff882b370ac000, task ffff883fb99c03c0)
<0>[29205.621539] Stack:
<4>[29205.621539] ffffffff81461fc5 00007f48ca168500(r15) 00007f48ca168500(r14) 00007f48c91c9708(r13)
<4>[29205.621539] 00007f48c9558000(r12) 00007ffc0f907bb0(rbp) 00007f48c91e8598(rbx) 00007f48c91c1000(r11)
<4>[29205.621539] 00007f48c955ed60(r10) 0000000000000001(r9) 00007f48c91c5cb8(r8) 0000000000000007
<0>[29205.621539] Call Trace:
<0>[29205.621539] Inexact backtrace:
<0>[29205.621539]
<4>[29205.621539] [<ffffffff81461fc5>] ? page_fault+0x25/0x30
<0>[29205.621539] Code: Bad RIP value.
<1>[29205.621539] RIP [<00007f48ca168500>] 0x7f48ca1684ff
<4>[29205.621539] RSP <ffff882b370adf50>
<0>[29205.621539] CR2: 00007f48ca168500
Page_fault call sequence:
ffffffff81461fa0 <page_fault>:
ffffffff81461fa0: ff 15 ca aa 5b 00 callq *0x5baaca(%rip) # ffff:
ffff81a1ca70 <pv_irq_ops+0x30>
ffffffff81461fa6: 48 83 ec 78 sub $0x78,%rsp
ffffffff81461faa: e8 b1 01 00 00 callq ffffffff81462160 <error_entry>
ffffffff81461faf: 48 89 e7 mov %rsp,%rdi
ffffffff81461fb2: 48 8b 74 24 78 mov 0x78(%rsp),%rsi
ffffffff81461fb7: 48 c7 44 24 78 ff ff movq $0xffffffffffffffff,0x78(%rsp)
ffffffff81461fbe: ff ff
ffffffff81461fc0: e8 6b 32 00 00 callq ffffffff81465230 <do_page_fault>
ffffffff81461fc5: e9 46 02 00 00 jmpq ffffffff81462210 <error_exit>  ffffffff81461fc5(page_fault+0x25/0x30)
ffffffff81461fca: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1)