libdwfl: read_address should use increasing address in intuit_kernel_bounds

In kernels from 4.14 up to 4.19 in /proc/kallsyms there are special
__entry_SYSCALL_64_trampoline symbols. The problem is that they come
after the last kernel address, but before the module addresses.
And they are (much) smaller than the start address we found. This
confuses intuit_kernel_bounds and makes it fail.

Make sure to check read_address returns an increasing address when
searching for the end.

https://sourceware.org/bugzilla/show_bug.cgi?id=26177

Reported-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mark Wielaard <mark@klomp.org>

1 files changed, 7 insertions, 3 deletions

diff --git a/libdwfl/linux-kernel-modules.c b/libdwfl/linux-kernel-modules.c
index 84a05f28..548cb56f 100644
--- a/libdwfl/linux-kernel-modules.c
+++ b/libdwfl/linux-kernel-modules.c
@@ -538,10 +538,14 @@ intuit_kernel_bounds (Dwarf_Addr *start, Dwarf_Addr *end, Dwarf_Addr *notes)
 
   if (result == 0)
     {
+      Dwarf_Addr addr;
       *end = *start;
-      while (read_address (&state, end))
-	if (*notes == 0 && !strcmp (state.p, "__start_notes\n"))
-	  *notes = *end;
+      while (read_address (&state, &addr) && addr >= *end)
+	{
+	  *end = addr;
+	  if (*notes == 0 && !strcmp (state.p, "__start_notes\n"))
+	    *notes = *end;
+	}
 
       Dwarf_Addr round_kernel = sysconf (_SC_PAGESIZE);
       *start &= -(Dwarf_Addr) round_kernel;