[PATCH v3 3/8] Implement kernel modules' kallsyms resolving

Mon Jan 19 18:54:55 PST 2026

With kernel's kallsyms and btf ready, we can get any kernel types and
symbol addresses. So we can iterate kernel modules' linked list, and
parse each one of kernel module's structure to get its kallsyms data.

Signed-off-by: Tao Liu <ltao at redhat.com>
---
 kallsyms.c | 111 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 kallsyms.h |   3 ++
 2 files changed, 114 insertions(+)

diff --git a/kallsyms.c b/kallsyms.c
index ecf64e0..9069c88 100644
--- a/kallsyms.c
+++ b/kallsyms.c
@@ -3,6 +3,7 @@
 #include <string.h>
 #include "makedumpfile.h"
 #include "kallsyms.h"
+#include "btf_info.h"
 
 static uint32_t *kallsyms_offsets = NULL;
 static uint16_t *kallsyms_token_index = NULL;
@@ -263,3 +264,113 @@ out:
 		free(kallsyms_names);
 	return ret;
 }
+
+#define MEMBER_OFF(S, M) \
+	GET_STRUCT_MEMBER_MOFF(S, M) / 8
+
+uint64_t next_list(uint64_t list)
+{
+	static int list_head_next_offset = 0;
+	static int list_head_next_size = 0;
+
+	struct struct_member_info smi;
+	uint64_t next = 0;
+
+	if (!list_head_next_size) {
+		INIT_STRUCT_MEMBER(list_head, next);
+		list_head_next_size = GET_STRUCT_MEMBER_MSIZE(list_head, next);
+		list_head_next_offset = MEMBER_OFF(list_head, next);
+	}
+	readmem(VADDR, list + list_head_next_offset, &next, list_head_next_size);
+	return next;
+}
+
+bool init_module_kallsyms(void)
+{
+	struct struct_member_info smi;
+	uint64_t modules, list, value = 0, symtab = 0, strtab = 0;
+	uint32_t st_name = 0;
+	int num_symtab, i, j;
+	struct syment *mod_syment;
+	char symname[512], ch;
+	bool ret = false;
+
+	modules = get_kallsyms_value_by_name("modules");
+	if (!modules) {
+		/* Not a failure if no module enabled */
+		ret = true;
+		goto out;
+	}
+
+	INIT_STRUCT_MEMBER(module, list);
+	INIT_STRUCT_MEMBER(module, core_kallsyms);
+	INIT_STRUCT_MEMBER(mod_kallsyms, symtab);
+	INIT_STRUCT_MEMBER(mod_kallsyms, num_symtab);
+	INIT_STRUCT_MEMBER(mod_kallsyms, strtab);
+	INIT_STRUCT_MEMBER(elf64_sym, st_name);
+	INIT_STRUCT_MEMBER(elf64_sym, st_value);
+
+	for (list = next_list(modules); list != modules; list = next_list(list)) {
+		readmem(VADDR, list - MEMBER_OFF(module, list) +
+				MEMBER_OFF(module, core_kallsyms) +
+				MEMBER_OFF(mod_kallsyms, num_symtab),
+			&num_symtab, GET_STRUCT_MEMBER_MSIZE(mod_kallsyms, num_symtab));
+		readmem(VADDR, list - MEMBER_OFF(module, list) +
+				MEMBER_OFF(module, core_kallsyms) +
+				MEMBER_OFF(mod_kallsyms, symtab),
+			&symtab, GET_STRUCT_MEMBER_MSIZE(mod_kallsyms, symtab));
+		readmem(VADDR, list - MEMBER_OFF(module, list) +
+				MEMBER_OFF(module, core_kallsyms) +
+				MEMBER_OFF(mod_kallsyms, strtab),
+			&strtab, GET_STRUCT_MEMBER_MSIZE(mod_kallsyms, strtab));
+		for (i = 0; i < num_symtab; i++) {
+			j = 0;
+			readmem(VADDR, symtab + i * GET_STRUCT_MEMBER_SSIZE(elf64_sym, st_value) +
+					MEMBER_OFF(elf64_sym, st_value),
+				&value, GET_STRUCT_MEMBER_MSIZE(elf64_sym, st_value));
+			readmem(VADDR, symtab + i * GET_STRUCT_MEMBER_SSIZE(elf64_sym, st_name) +
+					MEMBER_OFF(elf64_sym, st_name),
+				&st_name, GET_STRUCT_MEMBER_MSIZE(elf64_sym, st_name));
+			do {
+				readmem(VADDR, strtab + st_name + j++, &ch, 1);
+			} while (ch != '\0');
+			if (j == 1 || j > sizeof(symname))
+				/* Skip empty or too long string */
+				continue;
+			readmem(VADDR, strtab + st_name, symname, j);
+			if (is_unwanted_symbol(symname))
+				continue;
+			mod_syment = (struct syment *)calloc(1, sizeof(struct syment));
+			if (!mod_syment)
+				goto no_mem;
+			mod_syment->name = strdup(symname);
+			if (!mod_syment->name) {
+				free(mod_syment);
+				goto no_mem;
+			}
+			mod_syment->value = value;
+			name_hash_install(mod_syment);
+		}
+	}
+	ret = true;
+	goto out;
+no_mem:
+	/* Hashtable will be cleaned later */
+	fprintf(stderr, "%s: Not enough memory!\n", __func__);
+out:
+	return ret;
+}
+
+void cleanup_kallsyms(void)
+{
+	struct syment *en, *en_tmp;
+
+	for (int i = 0; i < NAME_HASH; i++) {
+		for (en = name_hash_table[i]; en;) {
+			en_tmp = en;
+			en = en->name_hash_next;
+			free(en_tmp->name);
+			free(en_tmp);
+		}
+	}
+}
diff --git a/kallsyms.h b/kallsyms.h
index a4fbe10..78af4ef 100644
--- a/kallsyms.h
+++ b/kallsyms.h
@@ -12,6 +12,9 @@ struct __attribute__((packed)) syment {
 
 bool read_vmcoreinfo_kallsyms(void);
 bool init_kernel_kallsyms(void);
+bool init_module_kallsyms(void);
+void cleanup_kallsyms(void);
+uint64_t next_list(uint64_t);
 uint64_t get_kallsyms_value_by_name(char *);
 
 #endif /* _KALLSYMS_H */
\ No newline at end of file
-- 
2.47.0


