drop vdso

drop_vdso.c

#include <elf.h>
#include <linux/auxvec.h>
#include <stdio.h>
#include <sys/syscall.h>
#include <time.h>

void drop_vdso(char *envp[]) {
  Elf64_auxv_t *auxv, *ehdr, *last;

  while(*envp++ != NULL); // skip the environment vars

  for (auxv = (Elf64_auxv_t*)envp; auxv->a_type != AT_NULL; auxv++) {
    if (auxv->a_type == AT_SYSINFO_EHDR) {
      ehdr = auxv;
    } else {
      last = auxv;
    }
  }
  *ehdr = *last;  // replace the EHDR with the last non-ehdr entry
  last->a_type = AT_NULL;  // drop the last one off the bottom
}

__attribute__ ((constructor))
void init(int argc, char *argv[], char *envp[]) {
  drop_vdso(envp);
}

Oh lol are you running against mainline?

Pretty much. It's arch, which AFAIK is a slightly patched mainline.

if you want to video chat pair debug

That sounds fun, but I think I figured it out (see below). I'm in PST too.

If you share the error

no error, it just doesn't appear to drop vdso

I figured it out. I didn't realize the importance of __attribute__((constructor)) and was just calling drop_vdso as the first line in main(), which simply doesn't drop vdso. Then, I was getting segfaults because I added __attribute__((constructor)), and ended up calling drop_vdso twice *facepalm*. That was all in a C project I whipped up to test your exact code, but I'm trying to remove vdso in Rust, which doesn't have any __attribute__((constructor))-like mechanisms to run code before main (or before glibc finds vdso). Luckily, it seems I can use a dlopen trick to overwrite the symbols from vdso. Unfortunately this trick fails when compiled with statically-linked musl because it doesn't support dlopen. I'd rather musl works, so I'm still in search of a better trick. Musl doesn't use vdso!