/proc/kallsyms and symbol size - Kernel

This is a discussion on /proc/kallsyms and symbol size - Kernel ; Hello, Many monitoring tools use /proc/kallsyms to build a symbol table for the kernel. This technique has the advantage that it does not require root privileges, nor an up-to-date /boot/System.map, nor a decompressed kernel in /boot. The problem is that ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: /proc/kallsyms and symbol size

  1. /proc/kallsyms and symbol size

    Hello,

    Many monitoring tools use /proc/kallsyms to build a symbol table for the kernel.
    This technique has the advantage that it does not require root privileges, nor
    an up-to-date /boot/System.map, nor a decompressed kernel in /boot.

    The problem is that /proc/kallsyms does not report the size of the symbols.
    Yet, the information is available in the kernel as it is used by functions such
    as __print_symbol(). Having the size is useful to correlate the address obtained
    is a sample with a symbol name. Most tools use an approximation which assumes
    symbols are contiguous to estimate the size.

    Apart from the backward compatbility problem for the output of kallsyms, what
    would be the major issue with exposing this information?

    Thanks.

    --
    -Stephane
    -
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  2. Re: /proc/kallsyms and symbol size

    Stephane Eranian wrote:
    > Hello,


    Hi, Stephane

    > Many monitoring tools use /proc/kallsyms to build a symbol table for the kernel.
    > This technique has the advantage that it does not require root privileges, nor
    > an up-to-date /boot/System.map, nor a decompressed kernel in /boot.
    >
    > The problem is that /proc/kallsyms does not report the size of the symbols.
    > Yet, the information is available in the kernel as it is used by functions such
    > as __print_symbol(). Having the size is useful to correlate the address obtained
    > is a sample with a symbol name. Most tools use an approximation which assumes
    > symbols are contiguous to estimate the size.


    That is actually what the kernel does internally, too. It does not keep
    the size of the symbol, but tries to guess it from the address of the
    next non-aliased symbol.

    Since the addresses are sorted, this works fine most of the time. This
    is done to reduce the size used by the symbol table in the running kernel.

    Just take a look at "get_symbol_pos" in kernel/kallsyms.c and
    "get_ksymbol" in kernel/module.c to see exactly how this is done

    --
    Paulo Marques - www.grupopie.com

    "There cannot be a crisis today; my schedule is already full."
    -
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  3. Re: /proc/kallsyms and symbol size

    Paulo,

    On Tue, Sep 25, 2007 at 05:21:06PM +0100, Paulo Marques wrote:
    > Stephane Eranian wrote:
    > >Hello,

    >
    > Hi, Stephane
    >
    > >Many monitoring tools use /proc/kallsyms to build a symbol table for the
    > >kernel.
    > >This technique has the advantage that it does not require root privileges,
    > >nor
    > >an up-to-date /boot/System.map, nor a decompressed kernel in /boot.
    > >
    > >The problem is that /proc/kallsyms does not report the size of the symbols.
    > >Yet, the information is available in the kernel as it is used by functions
    > >such as __print_symbol(). Having the size is useful to correlate the address
    > >obtained
    > >is a sample with a symbol name. Most tools use an approximation which
    > >assumes
    > >symbols are contiguous to estimate the size.

    >
    > That is actually what the kernel does internally, too. It does not keep
    > the size of the symbol, but tries to guess it from the address of the
    > next non-aliased symbol.
    >
    > Since the addresses are sorted, this works fine most of the time. This
    > is done to reduce the size used by the symbol table in the running kernel.
    >
    > Just take a look at "get_symbol_pos" in kernel/kallsyms.c and
    > "get_ksymbol" in kernel/module.c to see exactly how this is done
    >

    Ok. Then we cannot really do better.

    Also thank you for alerting me on the aliased symbols. I have modified
    my user code to only keep the first symbol.

    Thanks for you help.

    --

    -Stephane
    -
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

+ Reply to Thread