0

I want to inspect the memory where the functions from kernel/bpf/verifier.c are loaded into. After compilation to verifier.o the object is linked "into" the kernel. At /proc/kallsyms only non static functions are listed. However I want the addresses of all functions defined in that c file. If kaslr is turned off they should lie sequentially in the kernel space or?

If so is there a way to determine the address range?

Thanks

Benedict Schlüter
  • 329
  • 4
  • 16
  • Just an idea: could you `printk` the address of each function in that file using `&function_name`? – wxz Apr 23 '21 at 17:20
  • I could, but the file is large (13k rows) and this does not scale and does not give me the size of the function. I am searching for a more generic way. Also most functions here are static. And to write the code for it could become dirty and unstable – Benedict Schlüter Apr 23 '21 at 17:37
  • Another idea: [this answer](https://stackoverflow.com/a/44614878/13020139) might give you more information in kallsyms (although still not sure if it covers everything you want, I'm looking). – wxz Apr 23 '21 at 17:42
  • Yep, I already saw this post. I tried to compile the bpf subsystem with the no inline flags, but I guess this was unsuccessfull (appended it to cflags in the makefile in the kernel/bpf dir). However if the compilation was successfull and there were no inlines, this method does not work either. Maybe I give it a try with the Kernel option but the reply suggest it only affects non-static variables not functions. – Benedict Schlüter Apr 23 '21 at 17:48
  • The only other option I can think of at the moment is reading the [`System.map`](https://en.wikipedia.org/wiki/System.map) file in your `/boot/` directory. – wxz Apr 23 '21 at 17:52

1 Answers1

1

The solution for my particular problem is to compile the kernel with debug_info=y and obtain the address range from the large vmlinux binary with readelf -Ws vmlinux

However the kernel needs to be bootet with nokalsr or kalsr turned off in the config at compile time.

Benedict Schlüter
  • 329
  • 4
  • 16