7

I would like to know the address of a kernel module. Actually, from stack trace it looks that the crash has been triggered from a kernel module (which have been insmoded after system boots up). There are several modules I insmod manually. So I need to detect which module among these is triggering the crash. Please let me know how to get the address of each modules loaded using insmod.

Ciro Santilli OurBigBook.com
  • 347,512
  • 102
  • 1,199
  • 985
Souvik
  • 601
  • 1
  • 8
  • 16

3 Answers3

8

cat /proc/modules should give you a rough guide to where things are loaded. You might get more of a clue about exactly where the kernel crash is by looking at /proc/kallsyms.

Ciro Santilli OurBigBook.com
  • 347,512
  • 102
  • 1,199
  • 985
Dipstick
  • 9,854
  • 2
  • 30
  • 30
4

/sys/module/<MODULE_NAME>/sections/ contains addresses of all sections of your module. Since most section begin with a dot (.), don't forget to pass -a to ls when listing this directory content:

$ ls -a /sys/module/usbcore/sections/
.                      __ex_table                 __param
..                     .fixup                     .rodata
.altinstr_replacement  .gnu.linkonce.this_module  .rodata.str1.1
.altinstructions       .init.text                 .rodata.str1.8
.bss                   __kcrctab_gpl              .smp_locks
__bug_table            __ksymtab_gpl              .strtab
.data                  __ksymtab_strings          .symtab
.data..read_mostly     __mcount_loc               .text
.data.unlikely         .note.gnu.build-id         .text.unlikely
.exit.text             .parainstructions          __verbose
Jérôme Pouiller
  • 9,249
  • 5
  • 39
  • 47
  • Do you understand why the value of `.text` is something much smaller than the values shown by `/proc/modules` and `pr_debug` https://stackoverflow.com/a/49836301/895245 (both the same, and correct according to QEMU + GDB)? – Ciro Santilli OurBigBook.com Apr 14 '18 at 21:31
  • 1
    @CiroSantilli包子露宪六四事件法轮功 Here, I find same values in `/proc/modules` and in `/sys/module//sections/.text` – Jérôme Pouiller Apr 16 '18 at 07:14
  • Thanks for confirming. Here is a minimal reproducible example where I see the difference: https://github.com/cirosantilli/linux-kernel-module-cheat/tree/bfba11afddae2f7b2c1335b4e23133e9cd3c9126#gdb-module_init-calculate-entry-address – Ciro Santilli OurBigBook.com Apr 16 '18 at 09:05
  • 1
    @CiroSantilli I won't qualify your example "minimal". Are you sure you are not confused between output of `readelf` and files from `/sys`? `.text` address provided by `readelf` is much smaller since it is not yet relocated. – Jérôme Pouiller Apr 16 '18 at 13:43
  • OK, minimal within bisecting 50 kernel configs :-) I am certain, give it a try. – Ciro Santilli OurBigBook.com Apr 16 '18 at 13:46
1

pr_debug on dmesg

If we enable pr_debug, then it shows the base address the module was loaded at.

This can be useful for example if the module panics at init_module and you can't read /proc/modules interactively.

The best way to enable pr_debug is to compile the kernel with CONFIG_DYNAMIC_DEBUG=y as explained at: Why is pr_debug of the Linux kernel not giving any output?

Then when you do:

echo 8 > /proc/sys/kernel/printk
echo 'file kernel/module.c +p' > /sys/kernel/debug/dynamic_debug/control
insmod mymodule.ko

we see a line of form:

0xffffffffc0005000 .text

which contains the base address.

Ciro Santilli OurBigBook.com
  • 347,512
  • 102
  • 1,199
  • 985
  • 1
    This is amazingly useful and might have helped me get to the bottom of a months-long bug-hunt. But how on earth do you derive these incantations? – bodgesoc Jun 27 '20 at 20:26
  • 1
    @bodgesoc thanks! It's like any open source problem: a mixture of read the source/Google into it/notice by chance when you don't need it :-) – Ciro Santilli OurBigBook.com Jun 27 '20 at 20:47