Linux's kernel is a single kernel monolithic, and any function can access public data structures and function calls. In the design of the program, you need to name some function names, variable names, and so on, the same kernel contains a lot of global symbols.
The kernel is not the brain cortex, and variables and functions-addresses (pointers)-are used to access the corresponding variables and functions.
The kernel symbol table is for programmers to access the program body's corresponding address (pointer) through the symbol, and establishes a dynamic, can change the mapping table.
A symbol table example:
C03441A0 b Dmi_broken
C03441A4 b is_sony_vaio_laptop
You can see that the variable Dmi_broken is located at the kernel address c03441a0.
This is similar to GDB's netizens function, unlike the kernel, which takes the form of a file as a carrier.
"/proc/ksyms"
Ksyms is a kernel data image file that is created when the kernel boots, in fact, is the kernel data (/proc file system features and detailed text at the end), no actual size.
Each table entry in the ksyms represents a global kernel symbol. These symbols can be referenced by lkm to see which functions lkm can invoke (there is a security issue here)
"System.map"
Located under/or/boot,/usr/src/linux/
Each symbol name and its corresponding address pointer will change each time the kernel is recompiled. (There is a change, there is a constant). So the system needs to update this file itself.
(Additional instructions are required for system.map and system errors).
The System.map file acts as a kernel symbol table for a specific kernel, linking the system.map used by the system.
General steps to create:
Generates kernel vmlinux-2 when compiled. After x.y, save in/usr/src/linux/, then the compilation script will run "nm/usr/src/linux/vmlinux-2." x.y > System.map "and handcuff it to/boot.
The specific build process can be inspired by the kernel compilation script:
Note: The role of NM vmlinux is to filter out unwanted symbols.
It is worth noting that the kernel itself does not really use SYSTEM.MAP, but other programs such as KLOGD, lsof and PS need a correct system.map. Some drivers that are connected to the kernel header, rather than the GLIBC library, also need system.map to resolve symbols (module loading is related to kernel versions, but not to the compiled kernel that is consistent with the kernel version and the symbol table changes).
KLOGD Kernel Log Daemon
In order to perform name-address resolution, KLOGD needs to use System.map.
Man Klogd know that KLOGD will look for System.map from the path:
/boot/system.map
/system.map
/usr/src/linux/system.map
Such as:
# strace-f/sbin/klogd | grep ' System.map '
Open ("/boot/system.map-2.4.18", o_rdonly| O_largefile) = 2
# strace PS 2>&1 1>/dev/null | grep System
Open ("/boot/system.map-2.4.18", o_rdonly| o_nonblock| O_noctty) = 6
"/proc File system"
A pseudo file system, it only exists in memory, and does not occupy the external space. Provides an interface for operations that access system kernel data. Some are dynamically variable.
A number-named directory is a process directory with the PID number of the process as the directory name, and the self directory is the information interface that reads the process itself, and is the origin of a Link,proc file system.
APM Advanced Power Management Information
CmdLine kernel command line
Cpuinfo About CPU Information
Devices Available devices (block/character devices)
Dma Used DMS Channels
Filesystems Supported file Systems
Use of interrupts interrupts
Use of Ioports I/O ports
Core impression of Kcore kernel
KMSG Kernel Message
Ksyms Kernel symbol table
LOADAVG Load Balancing
Locks Kernel Lock
Meminfo Memory Information
Misc Miscellaneous
Modules Load Module List
Mounts-Loaded file system
partitions system-recognized partition table
RTC Real Time Clock
Slabinfo Slab Pool Info
Stat Comprehensive Statistics State table s
The utilization of Swaps in the swap space
Version kernel versions
Uptime System normal Running time
The process directory is structured as follows:
Directory Name Directory Contents
CmdLine command Line arguments
Environ environment variable Value
Fd a directory that contains all the file descriptors
Memory utilization of MEM process
Stat process Status
Status Process status in Human readable form
Cwd links to current working directory
Exe Link to the executable of this process
Maps Memory Impressions
STATM Process Memory status information
Root links The root directory of this process
View System Information: Cat/proc/mem
modifying kernel parameters
/proc/sys not only provides kernel information, but it can also modify kernel parameters. To change the kernel parameters, you can redirect the vi edit or echo + parameter to the file:
# echo 8192 >/proc/sys/fs/file-max
"About security issues invoked by the ksyms lkm"
Symbol table declarations that can bypass LKM calls
static struct symbol_table module_syms= {
#include <linux/symtab_begin.h>
...
};
Register_symtab (&module_syms);
Register_symtab (NULL);
"About the relationship between System.map and kernel error oops"
※ Kernel error (oops) ※
The most common error condition for programming is a paragraph error (segfault), signal 11.
The most common bug in the Linux kernel is also a segment error. However, when the kernel references an invalid pointer, it is not called a segment error--and is called "oops". A oops indicates that there is a bug in the kernel.
When a oops occurs, it does not mean that the kernel is definitely in an unstable state; a oops may only kill the current process and leave the remaining kernel in a good, stable state. -Robust Linux
A oops is not a kernel dead loop (panic)
After the kernel calls the Panic () function, the kernel stops running and must be restarted;
If a critical part of the system is compromised, such as a key driver, a oops may also cause the kernel to enter a dead loop (panic).
When a oops occurs, the system displays information about the debugging issues, such as the contents of all CPU registers and the location of the page descriptor chart, especially the contents of the EIP (instruction pointer) as follows:
Eip:0010:[<00000000>]
Call Trace: []
※ Relationship with System.map ※
Linux uses KLOGD to intercept the kernel oops and record it using SYSLOGD. KLOGD is a kernel message logger (logger) that can be parsed between names-addresses through System.map files. The syslogd logger is usually used.
In-depth description: In fact, KLOGD will perform two types of address resolution activities.
Static conversion, the System.map file will be used.
Dynamic conversion, which is used for loadable modules, without the use of System.map
KLOGD Dynamic Transformation
Suppose you load a kernel module that generates oops. KLOGD will intercept the message. and resolves the address. If the address belongs to a dynamic loading module, there are no entries in the System.map file. At this point klogd will query the kernel for the symbols that load the module output.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
