[PATCH v4][makedumpfile 2/7] Implement kernel kallsyms resolving
Tao Liu
ltao at redhat.com
Tue Apr 14 04:10:52 PDT 2026
Hi Kazu,
On Fri, Apr 3, 2026 at 9:12 PM HAGIO KAZUHITO(萩尾 一仁) <k-hagio-ab at nec.com> wrote:
>
> On 2026/03/18 0:07, Tao Liu wrote:
> > This patch will parse kernel's kallsyms data. During the parsing
> > process, the .init_ksyms sections of makedumpfile and the
> > extensions will be iterated, so the kallsyms symbols which belongs
> > to vmlinux can be resolved at this moment.
> >
> > Suggested-by: Stephen Brennan <stephen.s.brennan at oracle.com>
> > Signed-off-by: Tao Liu <ltao at redhat.com>
> > ---
> > Makefile | 2 +-
> > kallsyms.c | 350 +++++++++++++++++++++++++++++++++++++++++++++++++
> > kallsyms.h | 91 +++++++++++++
> > makedumpfile.c | 3 +
> > makedumpfile.h | 11 ++
> > 5 files changed, 456 insertions(+), 1 deletion(-)
> > create mode 100644 kallsyms.c
> > create mode 100644 kallsyms.h
> >
> > diff --git a/Makefile b/Makefile
> > index 15a4ba0..a57185e 100644
> > --- a/Makefile
> > +++ b/Makefile
> > @@ -45,7 +45,7 @@ CFLAGS_ARCH += -m32
> > endif
> >
> > SRC_BASE = makedumpfile.c makedumpfile.h diskdump_mod.h sadump_mod.h sadump_info.h
> > -SRC_PART = print_info.c dwarf_info.c elf_info.c erase_info.c sadump_info.c cache.c tools.c printk.c detect_cycle.c
> > +SRC_PART = print_info.c dwarf_info.c elf_info.c erase_info.c sadump_info.c cache.c tools.c printk.c detect_cycle.c kallsyms.c
> > OBJ_PART=$(patsubst %.c,%.o,$(SRC_PART))
> > SRC_ARCH = arch/arm.c arch/arm64.c arch/x86.c arch/x86_64.c arch/ia64.c arch/ppc64.c arch/s390x.c arch/ppc.c arch/sparc64.c arch/mips64.c arch/loongarch64.c arch/riscv64.c
> > OBJ_ARCH=$(patsubst %.c,%.o,$(SRC_ARCH))
> > diff --git a/kallsyms.c b/kallsyms.c
> > new file mode 100644
> > index 0000000..f7737cb
> > --- /dev/null
> > +++ b/kallsyms.c
> > @@ -0,0 +1,350 @@
> > +#include <stdint.h>
> > +#include <stdbool.h>
> > +#include <string.h>
> > +#include "makedumpfile.h"
> > +#include "kallsyms.h"
> > +
> > +static uint32_t *kallsyms_offsets = NULL;
> > +static uint16_t *kallsyms_token_index = NULL;
> > +static uint8_t *kallsyms_token_table = NULL;
> > +static uint8_t *kallsyms_names = NULL;
> > +static unsigned long kallsyms_relative_base = 0;
> > +static unsigned int kallsyms_num_syms = 0;
> > +
> > +/* makedumpfile & extensions' .init_ksyms section range array */
> > +static struct section_range **sr = NULL;
> > +static int sr_len = 0;
> > +static int sr_cap = 0;
> > +
> > +/* Which mod's kallsyms should be inited? */
> > +static char **mods = NULL;
> > +static int mods_len = 0;
> > +static int mods_cap = 0;
> > +
> > +INIT_KERN_SYM(_stext);
> > +
> > +/*
> > + * Utility: add elem to arr, which can auto extend its capacity.
> > + * (*arr) is a pointer array, holding pointers of elem
> > +*/
> > +bool add_to_arr(void ***arr, int *arr_len, int *arr_cap, void *elem)
> > +{
> > + void *tmp;
> > + int new_cap = 0;
> > +
> > + if (*arr == NULL) {
> > + *arr_len = 0;
> > + new_cap = 4;
> > + } else if (*arr_len >= *arr_cap) {
> > + new_cap = (*arr_cap) + ((*arr_cap) >> 1);
> > + }
> > +
> > + if (new_cap) {
> > + tmp = reallocarray(*arr, new_cap, sizeof(void *));
> > + if (!tmp)
> > + goto no_mem;
> > + *arr = tmp;
> > + *arr_cap = new_cap;
> > + }
> > +
> > + (*arr)[(*arr_len)++] = elem;
> > + return true;
> > +
> > +no_mem:
> > + fprintf(stderr, "%s: Not enough memory!\n", __func__);
>
> Could you use ERRMSG() or MSG() instead of fprintf/printf for message
> control, through the patchset?
Fixed in v5.
>
>
> > + return false;
> > +}
> > +
> > +/*
> > + * Utility: add uniq string to arr, which can auto extend its capacity.
> > +*/
> > +bool push_uniq_str(void ***arr, int *arr_len, int *arr_cap, char *str)
> > +{
> > + for (int i = 0; i < (*arr_len); i++) {
> > + if (!strcmp((*arr)[i], str))
> > + /* String already exists, skip it */
> > + return true;
> > + }
> > + return add_to_arr(arr, arr_len, arr_cap, str);
> > +}
> > +
> > +static bool add_ksym_modname(char *modname)
> > +{
> > + return push_uniq_str((void ***)&mods, &mods_len, &mods_cap, modname);
> > +}
> > +
> > +bool check_ksyms_require_modname(char *modname, int *total)
> > +{
> > + if (total)
> > + *total = mods_len;
> > + for (int i = 0; i < mods_len; i++) {
> > + if (!strcmp(modname, mods[i]))
> > + return true;
> > + }
> > + return false;
> > +}
> > +
> > +static void cleanup_ksyms_modname(void)
> > +{
> > + if (mods) {
> > + free(mods);
> > + mods = NULL;
> > + }
> > + mods_len = 0;
> > + mods_cap = 0;
> > +}
> > +
> > +/*
> > + * Used by makedumpfile and extensions, to register their .init_ksyms section.
> > + * so kallsyms can know which module/sym should be inited.
> > +*/
> > +REGISTER_SECTION(ksym)
> > +
> > +static void cleanup_ksyms_section_range(void)
> > +{
> > + for (int i = 0; i < sr_len; i++) {
> > + free(sr[i]);
> > + }
> > + if (sr) {
> > + free(sr);
> > + sr = NULL;
> > + }
> > + sr_len = 0;
> > + sr_cap = 0;
> > +}
> > +
> > +static uint64_t absolute_percpu(uint64_t base, int32_t val)
> > +{
> > + if (val >= 0)
> > + return (uint64_t)val;
> > + else
> > + return base - 1 - val;
> > +}
> > +
> > +static uint64_t calc_addr_absolute_percpu(struct ksym_info *p)
> > +{
> > + return absolute_percpu(kallsyms_relative_base, p->value);
> > +}
> > +
> > +static uint64_t calc_addr_relative_base(struct ksym_info *p)
> > +{
> > + return p->value + kallsyms_relative_base;
> > +}
> > +
> > +static uint64_t calc_addr_place_relative(struct ksym_info *p)
> > +{
> > + return SYMBOL(kallsyms_offsets) + p->index * sizeof(uint32_t) +
> > + (int32_t)kallsyms_offsets[p->index];
> > +}
> > +
> > +#define BUFLEN 1024
> > +static bool parse_kernel_kallsyms(void)
> > +{
> > + char buf[BUFLEN];
>
> There already is BUFSIZE, which is the same value.
>
I have removed it and used BUFSIZE instead.
>
> > + int index = 0, i, j;
> > + uint8_t *compressd_data;
> > + uint8_t *uncompressd_data;
> > + uint8_t len, len_old;
> > + struct ksym_info **p;
> > + uint64_t (*calc_addr)(struct ksym_info *);
> > + struct ksym_info *stext_p;
> > +
> > + for (i = 0; i < kallsyms_num_syms; i++) {
> > + memset(buf, 0, BUFLEN);
> > + len = kallsyms_names[index];
> > + if (len & 0x80) {
> > + index++;
> > + len_old = len;
> > + len = kallsyms_names[index];
> > + if (len & 0x80) {
> > + fprintf(stderr, "%s: BUG! Unexpected 3-byte length,"
> > + " should be detected in init_kernel_kallsyms()\n",
> > + __func__);
> > + goto out;
> > + }
> > + len = (len_old & 0x7F) | (len << 7);
> > + }
> > + index++;
> > +
> > + compressd_data = &kallsyms_names[index];
> > + index += len;
> > + while (len--) {
> > + uncompressd_data = &kallsyms_token_table[kallsyms_token_index[*compressd_data]];
> > + if (strlen(buf) + strlen((char *)uncompressd_data) >= BUFLEN) {
> > + goto next_symbol;
> > + }
> > + strcat(buf, (char *)uncompressd_data);
> > + compressd_data++;
> > + }
> > +
> > + /* Now check if the symbol is we wanted */
> > + for (j = 0; j < sr_len; j++) {
> > + for (p = (struct ksym_info **)(sr[j]->start);
> > + p < (struct ksym_info **)(sr[j]->stop);
> > + p++) {
> > + if (!strcmp((*p)->modname, "vmlinux") &&
> > + !strcmp((*p)->symname, &buf[1])) {
> > + (*p)->value = kallsyms_offsets[i];
> > + (*p)->index = i;
> > + }
> > + }
> > + }
> > +next_symbol:
>
> gcc-8.5.0 rejects this style, how about adding ";" here to avoid this?
>
> kallsyms.c: In function ‘parse_kernel_kallsyms’:
> kallsyms.c:193:1: error: label at end of compound statement
> next_symbol:
> ^~~~~~~~~~~
> make: *** [Makefile:109: kallsyms.o] Error 1
I reproduced the error in rhel8 compiling. Sorry I didn't test the
compiling against rhel8 before so missed this. Removed the next_symbol
tag in v5.
>
>
> > + }
> > +
> > + /* Check the approach for calc absolute kallsyms address
> > + *
> > + * A complete comment of each approaches please refer to:
> > + * https://github.com/osandov/drgn/commit/744f36ec3c3f64d7e1323a0037898158698585c4
> > + */
> > + if (!KERN_SYM_EXIST(_stext)) {
> > + fprintf(stderr, "%s: symbol _stext not found!\n", __func__);
> > + goto out;
> > + }
> > +
> > + stext_p = GET_KERN_SYM_PTR(_stext);
> > +
> > + if (SYMBOL(_stext) == calc_addr_absolute_percpu(stext_p)) {
> > + calc_addr = calc_addr_absolute_percpu;
> > + } else if (SYMBOL(_stext) == calc_addr_relative_base(stext_p)) {
> > + calc_addr = calc_addr_relative_base;
> > + } else if (SYMBOL(_stext) == calc_addr_place_relative(stext_p)) {
> > + calc_addr = calc_addr_place_relative;
> > + } else {
> > + fprintf(stderr, "%s: Wrong calculate kallsyms symbol value!\n", __func__);
> > + goto out;
> > + }
> > +
> > + /* Now do the calc */
> > + for (j = 0; j < sr_len; j++) {
> > + for (p = (struct ksym_info **)(sr[j]->start);
> > + p < (struct ksym_info **)(sr[j]->stop);
> > + p++) {
> > + if (!strcmp((*p)->modname, "vmlinux") &&
> > + SYM_EXIST(*p)) {
> > + (*p)->value = calc_addr(*p);
> > + }
> > + }
> > + }
> > +
> > + return true;
> > +out:
> > + return false;
> > +}
> > +
> > +static bool vmcore_info_ready = false;
> > +
> > +bool read_vmcoreinfo_kallsyms(void)
> > +{
> > + READ_SYMBOL("kallsyms_names", kallsyms_names);
> > + READ_SYMBOL("kallsyms_num_syms", kallsyms_num_syms);
> > + READ_SYMBOL("kallsyms_token_table", kallsyms_token_table);
> > + READ_SYMBOL("kallsyms_token_index", kallsyms_token_index);
> > + READ_SYMBOL("kallsyms_offsets", kallsyms_offsets);
> > + READ_SYMBOL("kallsyms_relative_base", kallsyms_relative_base);
> > + vmcore_info_ready = true;
> > + return true;
> > +}
> > +
> > +/*
> > + * Makedumpfile's .init_ksyms section
> > +*/
> > +extern struct ksym_info *__start_init_ksyms[];
> > +extern struct ksym_info *__stop_init_ksyms[];
> > +
> > +bool init_kernel_kallsyms(void)
> > +{
> > + const int token_index_size = (UINT8_MAX + 1) * sizeof(uint16_t);
> > + uint64_t last_token, len;
> > + unsigned char data, data_old;
> > + int i;
> > + bool ret = false;
> > +
> > + if (vmcore_info_ready == false) {
> > + fprintf(stderr, "%s: vmcoreinfo not ready for kallsyms!\n",
> > + __func__);
> > + return ret;
> > + }
> > +
> > + if (!register_ksym_section((char *)__start_init_ksyms,
> > + (char *)__stop_init_ksyms))
> > + return ret;
> > +
> > + readmem(VADDR, SYMBOL(kallsyms_num_syms), &kallsyms_num_syms,
> > + sizeof(kallsyms_num_syms));
> > + if (SYMBOL(kallsyms_relative_base) != NOT_FOUND_SYMBOL)
> > + readmem(VADDR, SYMBOL(kallsyms_relative_base),
> > + &kallsyms_relative_base, sizeof(kallsyms_relative_base));
> > +
> > + kallsyms_offsets = malloc(sizeof(uint32_t) * kallsyms_num_syms);
> > + if (!kallsyms_offsets)
> > + goto no_mem;
> > + readmem(VADDR, SYMBOL(kallsyms_offsets), kallsyms_offsets,
> > + kallsyms_num_syms * sizeof(uint32_t));
> > +
> > + kallsyms_token_index = malloc(token_index_size);
> > + if (!kallsyms_token_index)
> > + goto no_mem;
> > + readmem(VADDR, SYMBOL(kallsyms_token_index), kallsyms_token_index,
> > + token_index_size);
> > +
> > + last_token = SYMBOL(kallsyms_token_table) + kallsyms_token_index[UINT8_MAX];
> > + do {
> > + readmem(VADDR, last_token++, &data, 1);
> > + } while(data);
> > + len = last_token - SYMBOL(kallsyms_token_table);
> > + kallsyms_token_table = malloc(len);
> > + if (!kallsyms_token_table)
> > + goto no_mem;
> > + readmem(VADDR, SYMBOL(kallsyms_token_table), kallsyms_token_table, len);
> > +
> > + for (len = 0, i = 0; i < kallsyms_num_syms; i++) {
> > + readmem(VADDR, SYMBOL(kallsyms_names) + len, &data, 1);
> > + /*
> > + * The 2-byte representation was added in commit 73bbb94466fd3
> > + * ("kallsyms: support "big" kernel symbols") in v6.1, thus for
> > + * v6.1+, they indicate a long symbol, but for kernel versions
> > + * prior to v6.1, they might be ambiguous.
> > + */
> > + if (data & 0x80) {
> > + len += 1;
> > + data_old = data;
> > + readmem(VADDR, SYMBOL(kallsyms_names) + len, &data, 1);
> > + if (data & 0x80) {
> > + fprintf(stderr, "%s: BUG! Unexpected 3-byte length"
> > + " encoding in kallsyms names\n", __func__);
> > + goto out;
> > + }
> > + data = (data_old & 0x7F) | (data << 7);
> > + }
> > + len += data + 1;
> > + }
> > + kallsyms_names = malloc(len);
> > + if (!kallsyms_names)
> > + goto no_mem;
> > + readmem(VADDR, SYMBOL(kallsyms_names), kallsyms_names, len);
> > +
> > + ret = parse_kernel_kallsyms();
> > + goto out;
> > +
> > +no_mem:
> > + fprintf(stderr, "%s: Not enough memory!\n", __func__);
> > +out:
> > + if (kallsyms_offsets) {
> > + free(kallsyms_offsets);
> > + kallsyms_offsets = NULL;
> > + }
> > + if (kallsyms_token_index) {
> > + free(kallsyms_token_index);
> > + kallsyms_token_index = NULL;
> > + }
> > + if (kallsyms_token_table) {
> > + free(kallsyms_token_table);
> > + kallsyms_token_table = NULL;
> > + }
> > + if (kallsyms_names) {
> > + free(kallsyms_names);
> > + kallsyms_names = NULL;
> > + }
> > + return ret;
> > +}
> > \ No newline at end of file
> > diff --git a/kallsyms.h b/kallsyms.h
> > new file mode 100644
> > index 0000000..3791284
> > --- /dev/null
> > +++ b/kallsyms.h
> > @@ -0,0 +1,91 @@
> > +#ifndef _KALLSYMS_H
> > +#define _KALLSYMS_H
> > +
> > +#include <stdint.h>
> > +#include <stdbool.h>
> > +
> > +struct ksym_info {
> > + /********in******/
> > + char *modname;
> > + char *symname;
> > + bool sym_required;
> > + /********out*****/
> > + uint64_t value;
> > + int index; // -1 if sym not found
> > +};
> > +
> > +#define QUATE(x) #x
>
> Is this intended? I think what this does is "quote"..
I removed QUATE(x) macro, but use #x directly in v5 macros.
>
> Thanks,
> Kazu
>
>
> > +#define INIT_MOD_SYM_RQD(MOD, SYM, R) \
> > + struct ksym_info _##MOD##_##SYM = { \
> > + QUATE(MOD), QUATE(SYM), R, 0, -1 \
> > + }; \
> > + __attribute__((section(".init_ksyms"), used)) \
> > + struct ksym_info * _ptr_##MOD##_##SYM = &_##MOD##_##SYM
> > +
> > +#define GET_MOD_SYM(MOD, SYM) (_##MOD##_##SYM.value)
> > +#define GET_MOD_SYM_PTR(MOD, SYM) (&_##MOD##_##SYM)
> > +#define MOD_SYM_EXIST(MOD, SYM) (_##MOD##_##SYM.index >= 0)
> > +#define SYM_EXIST(p) ((p)->index >= 0)
> > +
> > +#define GET_KERN_SYM(SYM) GET_MOD_SYM(vmlinux, SYM)
> > +#define GET_KERN_SYM_PTR(SYM) GET_MOD_SYM_PTR(vmlinux, SYM)
> > +#define KERN_SYM_EXIST(SYM) MOD_SYM_EXIST(vmlinux, SYM)
> > +
> > +/*
> > + * Required syms will be checked automatically before extension running.
> > + * Optinal syms should be checked manually at extension runtime.
> > + */
> > +#define INIT_MOD_SYM(MOD, SYM) INIT_MOD_SYM_RQD(MOD, SYM, 1)
> > +#define INIT_OPT_MOD_SYM(MOD, SYM) INIT_MOD_SYM_RQD(MOD, SYM, 0)
> > +
> > +#define INIT_KERN_SYM(SYM) INIT_MOD_SYM(vmlinux, SYM)
> > +#define INIT_OPT_KERN_SYM(SYM) INIT_OPT_MOD_SYM(vmlinux, SYM)
> > +
> > +struct section_range {
> > + char *start;
> > + char *stop;
> > +};
> > +
> > +#define REGISTER_SECTION(T) \
> > +bool register_##T##_section(char *start, char *stop) \
> > +{ \
> > + struct section_range *new_sr; \
> > + struct T##_info **p; \
> > + bool ret = false; \
> > + \
> > + if (!start || !stop) { \
> > + fprintf(stderr, "%s: Invalid section start/stop\n", \
> > + __func__); \
> > + goto out; \
> > + } \
> > + \
> > + for (p = (struct T##_info **)start; \
> > + p < (struct T##_info **)stop; \
> > + p++) { \
> > + if (!add_##T##_modname((*p)->modname)) \
> > + goto out; \
> > + } \
> > + \
> > + new_sr = malloc(sizeof(struct section_range)); \
> > + if (!new_sr) { \
> > + fprintf(stderr, "%s: Not enough memory!\n", __func__); \
> > + goto out; \
> > + } \
> > + new_sr->start = start; \
> > + new_sr->stop = stop; \
> > + if (!add_to_arr((void ***)&sr, &sr_len, &sr_cap, new_sr)) { \
> > + free(new_sr); \
> > + goto out; \
> > + } \
> > + ret = true; \
> > +out: \
> > + return ret; \
> > +}
> > +
> > +bool add_to_arr(void ***arr, int *arr_len, int *arr_cap, void *elem);
> > +bool push_uniq_str(void ***arr, int *arr_len, int *arr_cap, char *str);
> > +bool check_ksyms_require_modname(char *modname, int *total);
> > +bool register_ksym_section(char *start, char *stop);
> > +bool read_vmcoreinfo_kallsyms(void);
> > +bool init_kernel_kallsyms(void);
> > +#endif /* _KALLSYMS_H */
> > \ No newline at end of file
> > diff --git a/makedumpfile.c b/makedumpfile.c
> > index 12fb0d8..dba3628 100644
> > --- a/makedumpfile.c
> > +++ b/makedumpfile.c
> > @@ -27,6 +27,7 @@
> > #include <limits.h>
> > #include <assert.h>
> > #include <zlib.h>
> > +#include "kallsyms.h"
> >
> > struct symbol_table symbol_table;
> > struct size_table size_table;
> > @@ -3105,6 +3106,8 @@ read_vmcoreinfo_from_vmcore(off_t offset, unsigned long size, int flag_xen_hv)
> > if (!read_vmcoreinfo())
> > goto out;
> > }
> > + read_vmcoreinfo_kallsyms();
> > +
> > close_vmcoreinfo();
> >
> > ret = TRUE;
> > diff --git a/makedumpfile.h b/makedumpfile.h
> > index 134eb7a..0f13743 100644
> > --- a/makedumpfile.h
> > +++ b/makedumpfile.h
> > @@ -259,6 +259,7 @@ static inline int string_exists(char *s) { return (s ? TRUE : FALSE); }
> > #define UINT(ADDR) *((unsigned int *)(ADDR))
> > #define ULONG(ADDR) *((unsigned long *)(ADDR))
> > #define ULONGLONG(ADDR) *((unsigned long long *)(ADDR))
> > +#define VOID_PTR(ADDR) *((void **)(ADDR))
> >
> >
> > /*
> > @@ -1919,6 +1920,16 @@ struct symbol_table {
> > * symbols on sparc64 arch
> > */
> > unsigned long long vmemmap_table;
> > +
> > + /*
> > + * kallsyms related
> > + */
> > + unsigned long long kallsyms_names;
> > + unsigned long long kallsyms_num_syms;
> > + unsigned long long kallsyms_token_table;
> > + unsigned long long kallsyms_token_index;
> > + unsigned long long kallsyms_offsets;
> > + unsigned long long kallsyms_relative_base;
> > };
> >
> > struct size_table {
More information about the kexec
mailing list