All geek questions in one place

What is __ksymtab? in linux kernel

when we cat 'proc / kallsyms' or 'system.map' we get characters like this

.... c033718c T nf_hook_slow c04ca284 r __ksymtab_nf_hook_slow c04ca28c r __ksymtab_nf_hooks c04d24a0 r __kcrctab_nf_hook_slow c04d24a4 r __kcrctab_nf_hooks c04e9122 r __kstrtab_nf_hook_slow c04e9179 r __kstrtab_nf_hooks c054d854 D nf_hooks c0571ca0 d nf_hook_mutex ....
  • What is the meaning of T, r, D, d stuffs?
  • I can find characters in the kernel source as EXPORT_SYMBOL (...) but there are other prefixes with __ksymtab ... or __kstrtab ... what is it?
  • Is it possible that System.map has characters, but are excluded in / proc / kallsyms? (assuming the kernel compiled correctly)
  • I have a linux kernel netfilter, but I can not find the symbol 'nf_hooks' but there is '__ksymtab_nf_hook'. is there any way to get the nf_hooks address using __ksymtab_nf_hook?
  • I see EXPORT_SYMBOL (nf_hook) in my Linux source code, but I cannot find it if I am 'cat / proc / kallsyms'. is there a typical reason for this?

thank you in advance.

+6
source share
1 answer

  • The format is similar to the output format of the nm utility , see also this page .

    Simply put, “T” usually means a global (not static, but not necessarily exported) function, “t” is a function local to the compilation unit (i.e. static), “D” is global data, d 'is data, local to the compilation unit. 'R' and 'r' are the same as 'D' / 'd', but for read-only data.

  • These are elements from special sections necessary for exporting symbols so that symbols can be used by kernel modules.

    For each exported character, at least EXPORT_SYMBOL() defined:

    • __kstrtab_<symbol_name> - the name of the character as a string
    • __ksymtab_<symbol_name> - structure with information about the symbol: its address, address __kstrtab_<symbol_name> , etc.
    • __kcrctab_<symbol_name> - address of the checksum (CRC) of the symbol - it is used, for example, to check whether the kernel or module provides exactly the same symbol as is required for this kernel module. If a module requires a symbol with the given name and CRC, and the kernel provides a symbol with this name but with a different CRC (for example, if the module was compiled for a different version of the kernel), the module loader will refuse to load this kernel module (if this check does not disabled).

    Read more about the implementation of the EXPORT_SYMBOL() macro in linux / export.h .

  • Not sure, but so far I have not encountered a situation where a function ("text character") or a variable ("data character") was present in System.map but was not shown in / proc / kallsyms if the kernel was compiled correctly and fully enabled kallsyms (CONFIG_KALLSYMS = y, CONFIG_KALLSYMS_ALL = y). If CONFIG_KALLSYMS_ALL = n, only functions will be displayed in / proc / kallsyms (more precisely, characters from * .text sections).

  • Depends on your kernel version. You can take a look at the definition of EXPORT_SYMBOL() for your kernel and find variables like __ksymtab_<symbol_name> . In kernel 3.11, it has a struct kernel_symbol defined in linux / export.h . Having a definition of this structure and its address, I suppose you can get the address of the symbol: struct kernel_symbol::value . Didn't try it myself though.

    Note, however, that __ksymtab_nf_hook for nf_hook , but not for nf_hooks . The name must match. nf_hooks and nf_hook are different objects.

  • It's hard to say without seeing the code and the corresponding part of / proc / kallsyms. Maybe it's # ifdef'ed and not compiled at all, maybe there is something else.

    In addition, nf_hooks is a data item, so it may not appear in / proc / kallsyms if CONFIG_KALLSYMS_ALL is "n".

+7
source

Source: https://habr.com/ru/post/952654/

More articles:


All Articles