Linux Kernel Module - For NLKB

1. Kernel Module Taku Shimosawa 0 Feb. 21, 2015 Pour le livre nouveau du Linux noyau

2. Notes • Linux kernel version: 3.19 • Quoted source codes come from kernel/module.c unless otherwise noted. 1

3. Kernel Module • A feature for dynamically adding/removing kernel features while the kernel is running • Benefits • To update the kernel features while running • To reduce memory consumption (and CPU overhead) by loading only necessary kernel modules • Avoiding GPL (Not required to compliant with GPL; proprietary drivers) • Many kernel features can be compiled either linked to the kernel statically or independent modules • File systems, device drivers, etc. • “TRISTATE” in Kconfig (y, m, or n) 2

4. Where is the kernel module? • Linux kernel modules are ELF binaries with an extension “.ko” • Many distributions locate the kernel modules under /lib/modules • e.g. /lib/modules/3.13.0-44-generic/kernel (Ubuntu 14.10) • “depmod” finds the kernel modules located under the directory to create module dependency map (modules.dep) • “modprobe” utility loads a kernel module with its dependent modules by looking up the modules.dep file • However, a module located in any place can be loaded to the kernel if specified explicitly. 3

5. What is the “dependency?” • A kernel module can export “symbols” that may be used by another kernel module • A symbol : a name for a location in the memory; a global variable or a function in C • If a module (B) uses a symbol exported by another module (A), then the module B has dependency for the module A • Thus, the module A should be loaded before the module B is loaded • (There seems to be no way to load modules that have circular dependencies (e.g. A depends on B; B also depends on A)) 4 Kernel module A Kernel module B function f() { } EXPORT_SYMBOL(f); function g() { f(); } DEP

6. Exported Symbols • The symbols explicitly marked as “export” can be accessed by other kernel modules • The Linux kernel itself has “export”-ed symbols. • Kernel modules are allowed to use only the exported symbols in the kernel • Not all the global functions are available for the modules! • The symbols to be exported are declared with the EXPORT_SYMBOL and EXPORT_SYMBOL_GPL macros. • The latter makes the symbol available only for GPL modules. 5 struct task_struct *pid_task(struct pid *pid, enum pid_type type) { ... } EXPORT_SYMBOL(pid_task); ... struct task_struct *get_pid_task(struct pid *pid, enum pid_type type) { ... } EXPORT_SYMBOL_GPL(get_pid_task); (kernel/pid.c)

7. (BTW) • What makes difference? 6 struct task_struct *pid_task(struct pid *pid, enum pid_type type) { ... } EXPORT_SYMBOL(pid_task); struct task_struct *get_pid_task(struct pid *pid, enum pid_type type) { struct task_struct *result; rcu_read_lock(); result = pid_task(pid, type); if (result) get_task_struct(result); rcu_read_unlock(); return result; } EXPORT_SYMBOL_GPL(get_pid_task); (kernel/pid.c)

8. Make a kernel module! • Out-of-tree module • The only necessary files are • Makefile • C source file(s) • Example for Makefile 7 obj-m += hello.o KERN_BUILD=/lib/modules/$(shell uname -r)/build all: make -C $(KERN_BUILD) M=$(PWD) modules clean: make -C $(KERN_BUILD) M=$(PWD) clean cf. obj-$(CONFIG_SHIMOS) = shimos.o

9. Inside the kernel module • What sections are inside a kernel module? 8 $ readelf –a hello.ko Section Headers: [Nr] Name Type Address Offset Size EntSize Flags Link Info Align … [ 2] .text PROGBITS 0000000000000000 00000064 0000000000000000 0000000000000000 AX 0 0 1 [ 3] .init.text PROGBITS 0000000000000000 00000064 0000000000000016 0000000000000000 AX 0 0 1 [ 4] .rela.init.text RELA 0000000000000000 000009c0 0000000000000030 0000000000000018 16 3 8 [ 5] .exit.text PROGBITS 0000000000000000 0000007a 0000000000000006 0000000000000000 AX 0 0 1 … [ 7] .modinfo PROGBITS 0000000000000000 00000091 00000000000000c1 0000000000000000 A 0 0 1 [ 8] __versions PROGBITS 0000000000000000 00000160 0000000000000080 0000000000000000 A 0 0 32 … [18] .gnu.linkonce.thi PROGBITS 0000000000000000 00000280 0000000000000260 0000000000000000 WA 0 0 32

10. Sections 9 Section Name Description .gnu.linkonce.this_module Module structure .modinfo String-style module information (Licenses, etc.) __versions Expected (compile-time) versions (CRC) of the symbols that this module depends on. __ksymtab* Table of symbols which this module exports. __kcrctab* Table of versions of symbols which this module exports. *.init Sections used while initialization (__init) .text, .data, etc. The code and data * : (none), _gpl, _gpl_future, _unused, unused_gpl (License restriction / attribute of the symbols)

11. Module load and unload • The simplest way : “insmod” and “rmmod” commands • More sophisticated way is “modprobe” and “modprobe –r” • The former tries to load modules which the specified module depends on • The latter tries to unload modules which the specified module depends on 10 # insmod (file name) [parameters…] (e.g.) # insmod helloworld.ko msg=hoge # rmmod (module name) (e.g.) # rmmod helloworld

12. How insmod calls the kernel? • Source: kmod-19 11 KMOD_EXPORT int kmod_module_insert_module(struct kmod_module *mod, unsigned int flags, const char *options) { ... if (kmod_file_get_direct(mod->file)) { unsigned int kernel_flags = 0; if (flags & KMOD_INSERT_FORCE_VERMAGIC) kernel_flags |= MODULE_INIT_IGNORE_VERMAGIC; if (flags & KMOD_INSERT_FORCE_MODVERSION) kernel_flags |= MODULE_INIT_IGNORE_MODVERSIONS; err = finit_module(kmod_file_get_fd(mod->file), args, kernel_flags); if (err == 0 || errno != ENOSYS) goto init_finished; } ... (libkmod/libkmod-module.c)

13. System calls • 3 Module-related System Calls • init_module • finit_module • To load a module • delete_module • To unload a module 12 int init_module(void *module_image, unsigned long len, const char *param_values); int finit_module(int fd, const char *param_values, int flags); int delete_module(const char *name, int flags); (from man pages)

14. init_module / finit_module • Load a kernel module • How to specify the module? • init_module : by user memory buffer that contains the kernel module image • finit_module : by file descriptor for the kernel module file • By using finit_module, some flags can be specified 13 flags MODULE_INIT_IGNORE_MODVERSIONS Ignore symbol version hashes MODULE_INIT_IGNORE_VERMAGIC Ignore kernel version magic

15. delete_module • Unload a kernel module • Specifies a module to be unloaded by its “name” • Some flags can be specified • Why different policy from finit_module…? 14 flags O_NONBLOCK | O_TRUNC Forcefully unload the module (even when the ref count is not zero; taints the kernel) O_NONBLOCK Returns immediately with an error (EWOULDBLOCK) O_NONBLOCK not set Stops the module, and waits until the ref count reaches zero. (UNINTERRUPTIBLE)

16. Data structures for modules • struct load_info • Used while initializing a module • Most members are ELF-related. 15 struct load_info { Elf_Ehdr *hdr; unsigned long len; Elf_Shdr *sechdrs; char *secstrings, *strtab; unsigned long symoffs, stroffs; struct _ddebug *debug; unsigned int num_debug; bool sig_ok; struct { unsigned int sym, str, mod, vers, info, pcpu; } index; }; (include/linux/module.h)

17. Data structures for modules • struct module (too large..) 16 struct module { enum module_state state; /* Member of list of modules */ struct list_head list; /* Unique handle for this module */ char name[MODULE_NAME_LEN]; /* Sysfs stuff. */ struct module_kobject mkobj; ... /* Exported symbols */ const struct kernel_symbol *syms; const unsigned long *crcs; unsigned int num_syms; /* Kernel parameters. */ struct kernel_param *kp; unsigned int num_kp; “modules” list Exported symbols Symbol CRC

18. Data structures for modules 17 /* GPL-only exported symbols. */ unsigned int num_gpl_syms; const struct kernel_symbol *gpl_syms; const unsigned long *gpl_crcs; ... #ifdef CONFIG_MODULE_SIG /* Signature was verified. */ bool sig_ok; #endif ... /* Exception table */ unsigned int num_exentries; struct exception_table_entry *extable; /* Startup function. */ int (*init)(void); /* If this is non-NULL, vfree after init() returns */ void *module_init; ... /* Here is the actual code + data, vfree'd on unload. */ void *module_core; GPL Symbols “init” function “init” sections Other (core) sections

19. Data structures for modules 18 /* Here are the sizes of the init and core sections */ unsigned int init_size, core_size; /* The size of the executable code in each section. */ unsigned int init_text_size, core_text_size; /* Size of RO sections of the module (text+rodata) */ unsigned int init_ro_size, core_ro_size; /* Arch-specific module values */ struct mod_arch_specific arch; ... /* The command line arguments (may be mangled). People like keeping pointers to this stuff */ char *args; ... #ifdef CONFIG_SMP /* Per-cpu data. */ void __percpu *percpu; unsigned int percpu_size; #endifz Sizes of sections Command line parameters Per-CPU Datas

20. Data structures for modules 19 ... #ifdef CONFIG_MODULE_UNLOAD /* What modules depend on me? */ struct list_head source_list; /* What modules do I depend on? */ struct list_head target_list; /* Destruction function. */ void (*exit)(void); struct module_ref __percpu *refptr; #endif #ifdef CONFIG_CONSTRUCTORS /* Constructor functions. */ ctor_fn_t *ctors; unsigned int num_ctors; #endif }; (include/linux/module.h) Lists to manage dependencies (only unload is enabled)

21. Module state • state in struct module • During its load, state becomes (created) -> UNFORMED -> COMING -> LIVE. • During its unload, state becomes LIVE -> GOING -> (removed) 20 state description MODULE_STATE_UNFORMED Appeared in the modules list, but still during set up MODULE_STATE_COMING Fully formed. Running module_init. MODULE_STATE_LIVE Normal state. MODULE_STATE_GOING Being unloaded.

22. Global module information Variables Description LIST_HEAD(modules) List of modules that are in the kernel. DEFINE_MUTEX(module_mutex) Protection against “modules,” etc. • Add : RCU list operations • Remove : stop_machine(~3.18) 21 /* * Mutex protects: * 1) List of modules (also safely readable with preempt_disable), * 2) module_use links, * 3) module_addr_min/module_addr_max. * (delete uses stop_machine/add uses RCU list operations). */ DEFINE_MUTEX(module_mutex); EXPORT_SYMBOL_GPL(module_mutex);

23. Loading a Module • Load the whole module file onto memory • Parse the ELF and module information • Check the module information to determine whether the module is loadable or not • Layout the sections and copy to the final location • Add the module to the kernel • Resolve the symbols and apply relocations • Copy module parameters • Call the init function 22 System Calls load_module layout_and_allocate setup_load_info check_mod_info layout_sections layout_symtabs move_module add_unformed_mo dule simply_symbols apply_relocations do_init_module UNFORMED COMING LIVE

24. Unloading a Module • Check if the reference count of the module is zero • If zero or it is forced unloading, then set the state to GOING • If not zero, it fails • Call the “exit” function • Free and cleanup everything 23 sys_delete_module try_stop_module __try_stop_module free_module

25. stop_machine (-3.18) • Until Linux 3.18, the reference count check and module remove in module unloading is implemented with stop_machine. 24 static int try_stop_module(struct module *mod, int flags, int *forced) { struct stopref sref = { mod, flags, forced }; return stop_machine(__try_stop_module, &sref, NULL); } static void free_module(struct module *mod) { ... mutex_lock(&module_mutex); stop_machine(__unlink_module, mod, NULL); mutex_unlock(&module_mutex); ... }

26. Now (3.19) • Reference count is now atomic_t (was per-cpu int before) and checked without stop_machine • (thanks to a mysterious guy) 25 static int try_stop_module(struct module *mod, int flags, int *forced) { /* If it's not unused, quit unless we're forcing. */ if (try_release_module_ref(mod) != 0) { *forced = try_force_unload(flags); if (!(*forced)) return -EWOULDBLOCK; } /* Mark it as dying. */ mod->state = MODULE_STATE_GOING; return 0; }

27. Now (3.19) • Stop_machine also goes away from removing 26 static void free_module(struct module *mod) { ... /* Now we can delete it from the lists */ mutex_lock(&module_mutex); /* Unlink carefully: kallsyms could be walking list. */ list_del_rcu(&mod->list); /* Remove this module from bug list, this uses list_del_rcu */ module_bug_cleanup(mod); /* Wait for RCU synchronizing before releasing mod->list and buglist. */ synchronize_rcu(); mutex_unlock(&module_mutex); ... }

28. Details (1) Loading 27

29. sys_init_module/sys_finit_module • Initialize a load_info structure • Check whether module load is permitted or not. (may_init_module function) • [finit only] Flags check • [init only] Copy module data in user memory to kernel memory (copy_module_from_user function) • [finit only] Read from the fd into kernel memory (copy_module_from_fd function) • Call the load_module function 28

30. may_init_module • Capability: CAP_SYS_MODULE • “module_disabled” parameter • Blocks loading and unloading of modules 29 /* Block module loading/unloading? */ int modules_disabled = 0; core_param(nomodule, modules_disabled, bint, 0); ... static int may_init_module(void) { if (!capable(CAP_SYS_MODULE) || modules_disabled) return -EPERM; return 0; } (kernel/module.c) # sysctl kernel.modules_disabled kernel.modules_disabled = 0

31. copy_module_from_fd • Pass the file struct to the security module • vmalloc an area for the module data • Load the whole module file into the area • Set the pointer to info->hdr 30 static int copy_module_from_fd(int fd, struct load_info *info) { ... err = security_kernel_module_from_file(f.file); if (err) goto out; ... info->hdr = vmalloc(stat.size); if (!info->hdr) { err = -ENOMEM; goto out; } ... while (pos < stat.size) { bytes = kernel_read(f.file, pos, (char *)(info->hdr) + pos, stat.size - pos); ... } info->len = pos;

32. copy_module_from_user • Differences: • Pass “NULL” pointer to the security module • Just copy_from_user instead of kernel_read 31 static int copy_module_from_user(const void __user *umod, unsigned long len, struct load_info *info) {... info->len = len; ... err = security_kernel_module_from_file(NULL); if (err) return err; ... /* Suck in entire file: we'll want most of it. */ info->hdr = vmalloc(info->len); if (!info->hdr) return -ENOMEM; ... if (copy_from_user(info->hdr, umod, info->len) != 0) { vfree(info->hdr); return -EFAULT; } return 0;

33. load_module function (1) • Signature check (module_sig_check) • ELF header check (elf_header_check) • Layout and allocate the final location for the module (layout_and_allocate) • Add the module to the “modules” list (add_unformed_module) • Allocate per-cpu areas used in the module (percpu_modalloc) • Initialize link lists used for dependency management and unloading features (module_unload_init) • Find optional sections (find_module_sections) • License and version dirty hack (check_module_license_and_versions) • Setup MODINFO_ATTR fields (setup_modinfo) 32

34. load_module function (2) • Resolve the symbols (simplify_symbols) • Fix up the addresses in the module (apply_relocations) • Extable and per-cpu initialization (post_relocation) • Flush I-cache for the module area (flush_module_icache) • Copy the module parameters to mod->args. • Check duplication of symbols, and setup NX attributes. (complete_formation) • Parse the module parameters (parse_args) • sysfs setup (mod_sysfs_setup) • Free the copy in the load_info structure (free_copy) • Call the init function of the module (do_init_module) 33

35. module_sig_check • Check the signature in the module (if CONFIG_MODULE_SIG=y) • If a module is signed, “signature” and “marker” resides at the tail of the module file. • If signature is OK, module->sig_ok is set to true. • If no signature is found (-ENOKEY) and signature is not enforced, it returns success(0). • Signature is enforced either • When CONFIG_MODULE_SIG_FORCE is Y • When “sig_enforce” parameter is set 34 Module (ELF) Signature Marker “~Module signature appended~n” $ hd /lib/module/3.13.0-45-generic/kernel/fs/btrfs/btrfs.ko 0014b470 f8 a6 b7 74 01 06 01 1e 14 00 00 00 00 00 02 02 |...t............| 0014b480 7e 4d 6f 64 75 6c 65 20 73 69 67 6e 61 74 75 72 |~Module signatur| 0014b490 65 20 61 70 70 65 6e 64 65 64 7e 0a |e appended~.| 0014b49c

36. elf_header_check • Sanity check for the ELF header • The magic number is correct • The architecture is correct • The length is large enough to contain all the section headers, etc. 35 static int elf_header_check(struct load_info *info) { if (info->len < sizeof(*(info->hdr))) return -ENOEXEC; if (memcmp(info->hdr->e_ident, ELFMAG, SELFMAG) != 0 || info->hdr->e_type != ET_REL || !elf_check_arch(info->hdr) || info->hdr->e_shentsize != sizeof(Elf_Shdr)) return -ENOEXEC; if (info->hdr->e_shoff >= info->len || (info->hdr->e_shnum * sizeof(Elf_Shdr) > info->len - info->hdr->e_shoff)) return -ENOEXEC; return 0; }

37. ELF (.ko) ELF Header 36 Elf_Ehdr e_ident e_type e_shoff e_shentsize e_shnum e_shstrndx … … Elf_Shdr Elf_Shdr load_info.hdr (ELF_EHdr) = The head of the kernel module file = The head of the ELF = Pointer to ELF_EHdr e_shentsize e_shentsize e_shoff e_shnum ELF (.ko) e_ident: magic (‘x7fELF’), 32/64-bit, etc. (16 byte in total incl. padding) e_type: ET_REL / ET_EXEC / ET_DYN

38. layout_and_allocate • Fill the section information of the load_info, and create a module structure pointing to the temporary location (setup_load_info) • Check the module information and report if the module taints the kernel (check_modinfo) • Calculate the size required for the final location of the module (layout_sections / layout_symtab) • Allocate the memory of the calculated size, and copy the contents of the module, and move the pointer of the module structure there (move_module). 37

39. setup_load_info • Set the following members according to the ELF header and section headers. • sechdrs (Pointer to the section header) • secstrings (Pointer to the string section that contains section names) • index.info, index.ver (Section indices of modinfo, version) • index.sym, index.str (Section indices of symbols, strings) • strtab (Pointer to the string section) • index.mod (section index of module section) • “.gnu.linkonce.this_module” section • Set the module pointer to this section (temporally) • index.pcu (section index for per-cpu section) • “.data..percpu” section (if exists) • Return a pointer to a (temporary) module structure 38

40. setup_load_info • info->sechdrs • info->secstrings • info->strtab • Each section’s offset is stored in ELF_Shdr.sh_offset • info->index.info = 12 • info->index.vers = 16 • info->index.sym = 24 • info->index.str = 25 • info->index.mod = 18 • struct module *mod • info->index.pcpu = 0 • No per-cpu data in this example. 39 Elf_Ehdr Elf_Shdr (0) Elf_Shdr (18) .gnu.linkonce.this_module Elf_Shdr (23) : .shstrtab Elf_Shdr (24) : .symtab Elf_Shdr (25) : .strtab … .shstrtab section .strtab section .gnu.linkonce.this_module section Elf_Shdr (12) : .modinfo Elf_Shdr (16) : __versions Header Section (Contents)

41. check_modinfo (1) • Check “modinfo” in the module, and check if the version magic is identical to the current kernel, and mark “tainted” if it taints the kernel. • “Modinfo” resides in the “.modinfo” section, and is composed of zero-terminated strings of key-value pairs connected by “=“. 40 description=Hello world kernel module0 author=Taku Shimosawa <shimos@shimos.net>0 license=GPL v20 srcversion=8D5BACDC1EA9421ABFF79DD0 depends=0 vermagic=3.13.0-44-generic SMP mod_unload modversions

42. check_modinfo (2) • First, check the version magic in the module 41 static int check_modinfo(struct module *mod, struct load_info *info, int flags) { const char *modmagic = get_modinfo(info, "vermagic"); ... if (flags & MODULE_INIT_IGNORE_VERMAGIC) modmagic = NULL; ... if (!modmagic) { err = try_to_force_load(mod, "bad vermagic"); if (err) return err; } else if (!same_magic(modmagic, vermagic, info->index.vers)) { pr_err("%s: version magic '%s' should be '%s'n", mod->name, modmagic, vermagic); return -ENOEXEC; }

43. check_modinfo (3) • Version magic • Example: • same_magic function • Compare the vermagic strings excluding CRCs if they have CRCs. 42 #define VERMAGIC_STRING UTS_RELEASE " " MODULE_VERMAGIC_SMP MODULE_VERMAGIC_PREEMPT MODULE_VERMAGIC_MODULE_UNLOAD MODULE_VERMAGIC_MODVERSIONS MODULE_ARCH_VERMAGIC (include/linux/vermagic.h) 3.13.0-44-generic SMP mod_unload modversions

44. check_modinfo (4) • …And mark tainted if any is necesary 43 if (!get_modinfo(info, "intree")) add_taint_module(mod, TAINT_OOT_MODULE, LOCKDEP_STILL_OK); if (get_modinfo(info, "staging")) { add_taint_module(mod, TAINT_CRAP, LOCKDEP_STILL_OK); pr_warn("%s: module is from the staging directory, the quality " "is unknown, you have been warned.n", mod->name); } /* Set up license info based on the info section */ set_license(mod, get_modinfo(info, "license"));

45. check_modinfo (5) • License information is also important 44 static void set_license(struct module *mod, const char *license) { if (!license) license = "unspecified"; if (!license_is_gpl_compatible(license)) { if (!test_taint(TAINT_PROPRIETARY_MODULE)) pr_warn("%s: module license '%s' taints kernel.n", mod->name, license); add_taint_module(mod, TAINT_PROPRIETARY_MODULE, LOCKDEP_NOW_UNRELIABLE); } }

46. check_modinfo (6) • GPL compatible? • See the “GPL0….” case 45 static inline int license_is_gpl_compatible(const char *license) { return (strcmp(license, "GPL") == 0 || strcmp(license, "GPL v2") == 0 || strcmp(license, "GPL and additional rights") == 0 || strcmp(license, "Dual BSD/GPL") == 0 || strcmp(license, "Dual MIT/GPL") == 0 || strcmp(license, "Dual MPL/GPL") == 0); } (include/linux/license.h)

47. check_modinfo (7) • Also, the kernel is marked tainted when the module is loaded forcefully 46 static int try_to_force_load(struct module *mod, const char *reason) { #ifdef CONFIG_MODULE_FORCE_LOAD if (!test_taint(TAINT_FORCED_MODULE)) pr_warn("%s: %s: kernel tainted.n", mod->name, reason); add_taint_module(mod, TAINT_FORCED_MODULE, LOCKDEP_NOW_UNRELIABLE); return 0; #else return -ENOEXEC; #endif }

48. Taints! • Tainted mask are composed of several flags that identifies the reason of tainting • Lockdep is disabled if it will not work well • Ignoring the version magic, proprietary drivers, forceful unload 47 void add_taint(unsigned flag, enum lockdep_ok lockdep_ok) { if (lockdep_ok == LOCKDEP_NOW_UNRELIABLE && __debug_locks_off()) pr_warn("Disabling lock debugging due to kernel taintn"); set_bit(flag, &tainted_mask); } (kernel/panic.c) static inline void add_taint_module(struct module *mod, unsigned flag, enum lockdep_ok lockdep_ok) { add_taint(flag, lockdep_ok); mod->taints |= (1U << flag); } (kernel/module.c) Kernel global flags Per-module flags

49. Taints! • 15 reasons are defined 48 #define TAINT_PROPRIETARY_MODULE 0 #define TAINT_FORCED_MODULE 1 #define TAINT_CPU_OUT_OF_SPEC 2 #define TAINT_FORCED_RMMOD 3 #define TAINT_MACHINE_CHECK 4 #define TAINT_BAD_PAGE 5 #define TAINT_USER 6 #define TAINT_DIE 7 #define TAINT_OVERRIDDEN_ACPI_TABLE 8 #define TAINT_WARN 9 #define TAINT_CRAP 10 #define TAINT_FIRMWARE_WORKAROUND 11 #define TAINT_OOT_MODULE 12 #define TAINT_UNSIGNED_MODULE 13 #define TAINT_SOFTLOCKUP 14 (include/linux/kernel.h) $ sysctl kernel.tainted kernel.tainted = 12288 12288 = 0x3000

50. layout_sections • Calculate the size of final memory to load the module • Load only sections with “SHF_ALLOC” flags set • Calculate sizes for “core” and “init” • “init” sections are determined when the section name starts with “.init” • Sets the following member of module • core_size : sum of the sizes of the “core” sections to be loaded • core_text_size, core_ro_size : sum of the sizes of the text and R/O “core” sections • init_size : sum of the sizes of the “init” sections to be loaded • init_text_size, init_ro_size : … of “init” sections • sh_entsize in ELF_Shdr is used as the offset of the memory where the section will be loaded. 49

51. layout_sections • The sections in the example “hello.ko” are categorized as follows: 50 Sections Core Text .text, .exit.text R/O __ksymtab, __kcrctab, .rodata.str1.1, __ksymtab_strings __mcount_loc, R/W .data, .gnu.linkonce.this_module, .bss, Init Text .init.text R/O R/W (Others) Not loaded .rela.text, .rela.init.text, .rela__ksymtab, .rela__kcrctab .rela__mcount_loc, .rela.gnu.linonce.this_module .comment, .note.GNU-stack, .shstrtab, .symtab, .strtab .modinfo, __versions (*) (*) These two sections originally have SHF_ALLOC, but the flags are dropped by rewrite_section_headers

52. layout_symtab • Put the symtab and strtab at the end of the init part • (Actually this function does not put, but add init_size by the size of symtab) • Put the symtab and strtab for the core symbols at the end of core part. 51

53. move_module • Allocate the final memory of the module, and update the boundary addresses for the modules (module_alloc_update_bounds) • Copy the section contents and update sh_addr’s 52 static void *module_alloc_update_bounds(unsigned long size) { void *ret = module_alloc(size); if (ret) { mutex_lock(&module_mutex); if ((unsigned long)ret < module_addr_min) module_addr_min = (unsigned long)ret; if ((unsigned long)ret + size > module_addr_max) module_addr_max = (unsigned long)ret + size; mutex_unlock(&module_mutex); } return ret; }

54. module_alloc : x86 • x86 • Get_module_load_offset() determines the load offset as a random value at the first time if KASLR is enabled 53 #define MODULES_VADDR VMALLOC_START #define MODULES_END VMALLOC_END (arch/x86/include/asm/pgtable_32_types.h) #define MODULES_VADDR (__START_KERNEL_map + KERNEL_IMAGE_SIZE) #define MODULES_END _AC(0xffffffffff000000, UL) (arch/x86/include/asm/pgtable_64_types.h) void *module_alloc(unsigned long size) { if (PAGE_ALIGN(size) > MODULES_LEN) return NULL; return __vmalloc_node_range(size, 1, MODULES_VADDR + get_module_load_offset(), MODULES_END, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL_EXEC, NUMA_NO_NODE, __builtin_return_address(0)); } (arch/x86/kernel/module.c)

55. module_alloc : ARM • ARM 54 #ifndef CONFIG_THUMB2_KERNEL #define MODULES_VADDR (PAGE_OFFSET - SZ_16M) #else /* smaller range for Thumb-2 symbols relocation (2^24)*/ #define MODULES_VADDR (PAGE_OFFSET - SZ_8M) #endif (arch/arm/include/asm/memory.h) #define MODULES_END (PAGE_OFFSET) #define MODULES_VADDR (MODULES_END - SZ_64M) (arch/arm64/include/asm/memory.h) #ifdef CONFIG_MMU void *module_alloc(unsigned long size) { return __vmalloc_node_range(size, 1, MODULES_VADDR, MODULES_END, GFP_KERNEL, PAGE_KERNEL_EXEC, NUMA_NO_NODE, __builtin_return_address(0)); } #endif (arch/arm/kernel/module.c)

56. module to final place • Struct module for the module loaded was pointed to the temporary module image memory • Now, it’s loaded and copied to the final location , so the pointer is also changed to the final location 55 /* Module has been copied to its final place now: return it. */ mod = (void *)info->sechdrs[info->index.mod].sh_addr;

57. load_module function (1) [RE] • Signature check (module_sig_check) • ELF header check (elf_header_check) • Layout and allocate the final location for the module (layout_and_allocate) • Add the module to the “modules” list (add_unformed_module) • Allocate per-cpu areas used in the module (percpu_modalloc) • Initialize link lists used for dependency management and unloading features (module_unload_init) • Find optional sections (find_module_sections) • License and version dirty hack (check_module_license_and_versions) • Setup MODINFO_ATTR fields (setup_modinfo) 56

58. add_unformed_module • Add the module to the “modules” list • Checking the duplicated loading of the same module • If the same module is still being loaded, this waits for the completion of the load, and it tries again • Just in case that the module fails to be loaded 57

59. add_unformed_module 58 static int add_unformed_module(struct module *mod) { mod->state = MODULE_STATE_UNFORMED; ... again: mutex_lock(&module_mutex); old = find_module_all(mod->name, strlen(mod->name), true); if (old != NULL) { if (old->state == MODULE_STATE_COMING || old->state == MODULE_STATE_UNFORMED) { mutex_unlock(&module_mutex); err = wait_finished_loading(mod); if (err) goto out_unlocked; goto again; } err = -EEXIST; goto out; } list_add_rcu(&mod->list, &modules); err = 0; ...

60. When loading occurs concurrently 59 Module A UNFORMED LIVE Module A UNFORMED (fail) Module B (depends on A) UNFORMED Resolve Resolve LIVE wakeup_all (@do_init_module) time COMING

61. percpu_modalloc • Allocate per-cpu area for the size of the per-cpu section 60 static int percpu_modalloc(struct module *mod, struct load_info *info) { Elf_Shdr *pcpusec = &info->sechdrs[info->index.pcpu]; unsigned long align = pcpusec->sh_addralign; if (!pcpusec->sh_size) return 0; ... mod->percpu = __alloc_reserved_percpu(pcpusec->sh_size, align); if (!mod->percpu) { pr_warn("%s: Could not allocate %lu bytes percpu datan", mod->name, (unsigned long)pcpusec->sh_size); return -ENOMEM; } mod->percpu_size = pcpusec->sh_size; return 0; }

62. module_unload_init • Initialize a reference counter for the module • After this function, it becomes 2. • Initialize lists that manages dependency • source_list : list of “usages” in which the module is contained as their “source” (= the list of modules which uses the symbols of the module) • target_list : list of “usages” in which the module is contained as their “target” (= the list of modules symbols of which the module uses) 61 static int module_unload_init(struct module *mod) { atomic_set(&mod->refcnt, MODULE_REF_BASE); INIT_LIST_HEAD(&mod->source_list); INIT_LIST_HEAD(&mod->target_list); atomic_inc(&mod->refcnt); return 0; }

63. find_module_sections • Find additional sections in the module • Mostly related to symbol tables, and tracers 62 Sections __param __ksymtab __kcrctab __ksymtab_gpl __kcrctab_gpl __ksymtab_gpl_future __kcrctab_gpl_future __ksymtab_unused __kcrctab_unused __ksymtab_unused_gpl __kcrctab_unused_gtpl Sections .ctors / .init_array __tracepoints_ptrs __jump_table _ftrace_events __trace_printk_fmt __mcount_loc __ex_table __verbose

64. check_module_license_and_versions • Some hacks on specific modules • e.g.) ndiswrapper driver may be GPL (it needs symbols exported only to GPL modules), but the driver it loads will not be GPL, so mark tainted 63 static int check_module_license_and_versions(struct module *mod) { if (strcmp(mod->name, "ndiswrapper") == 0) add_taint(TAINT_PROPRIETARY_MODULE, LOCKDEP_NOW_UNRELIABLE); /* driverloader was caught wrongly pretending to be under GPL */ if (strcmp(mod->name, "driverloader") == 0) add_taint_module(mod, TAINT_PROPRIETARY_MODULE, LOCKDEP_NOW_UNRELIABLE); /* lve claims to be GPL but upstream won't provide source */ if (strcmp(mod->name, "lve") == 0) add_taint_module(mod, TAINT_PROPRIETARY_MODULE, LOCKDEP_NOW_UNRELIABLE);

65. check_module_license_and_versions • Checks whether the symbols have CRCs (versions) 64 #ifdef CONFIG_MODVERSIONS if ((mod->num_syms && !mod->crcs) || (mod->num_gpl_syms && !mod->gpl_crcs) || (mod->num_gpl_future_syms && !mod->gpl_future_crcs) #ifdef CONFIG_UNUSED_SYMBOLS || (mod->num_unused_syms && !mod->unused_crcs) || (mod->num_unused_gpl_syms && !mod->unused_gpl_crcs) #endif ) { return try_to_force_load(mod, "no versions for exported symbols"); } #endif return 0;

66. setup_modinfo • Call “setup” for module attributes • Only “version” and “srcversion” have “setup” callback. • Module attributes • version, srcversion • uevent • initstate • coresize, initsize • taint • refcnt 65 #define MODINFO_ATTR(field) static void setup_modinfo_##field(struct module *mod, const char *s) { mod->field = kstrdup(s, GFP_KERNEL); }

67. load_module function (2) [Re] • Resolve the symbols (simplify_symbols) • Fix up the addresses in the module (apply_relocations) • Extable and per-cpu initialization (post_relocation) • Flush I-cache for the module area (flush_module_icache) • Copy the module parameters to mod->args. • Check duplication of symbols, and setup NX attributes. (complete_formation) • Parse the module parameters (parse_args) • sysfs setup (mod_sysfs_setup) • Free the copy in the load_info structure (free_copy) • Call the init function of the module (do_init_module) 66

68. simplify_symbols • Change the address of the unresolved symbols in the “symtab” section to the actual addresses 67 static int simplify_symbols(struct module *mod, const struct load_info *info) { Elf_Shdr *symsec = &info->sechdrs[info->index.sym]; Elf_Sym *sym = (void *)symsec->sh_addr; ... for (i = 1; i < symsec->sh_size / sizeof(Elf_Sym); i++) { const char *name = info->strtab + sym[i].st_name; ... case SHN_UNDEF: ksym = resolve_symbol_wait(mod, info, name); /* Ok if resolved. */ if (ksym && !IS_ERR(ksym)) { sym[i].st_value = ksym->value; break; } /* Ok if weak. */ if (!ksym && ELF_ST_BIND(sym[i].st_info) == STB_WEAK) break;

69. resolve_symbol_wait • Waits if the resolved symbol is that of the module which is under initialization. 68 static const struct kernel_symbol * resolve_symbol_wait(struct module *mod, const struct load_info *info, const char *name) { const struct kernel_symbol *ksym; char owner[MODULE_NAME_LEN]; if (wait_event_interruptible_timeout(module_wq, !IS_ERR(ksym = resolve_symbol(mod, info, name, owner)) || PTR_ERR(ksym) != -EBUSY, 30 * HZ) <= 0) { pr_warn("%s: gave up waiting for init of module %s.n", mod->name, owner); } return ksym; }

70. resolve_symbol • Find the symbol from the kernel’s symbol tables and other modules’ symbol tables. (find_symbol) • If found, check if the version (CRC) of the symbol matches one that the module expects (check_versions) • And add dependency for the target module and the symbol owner module (ref_module) 69

71. find_symbol (1) • Well, try to find it from the kernel 70 bool each_symbol_section(bool (*fn)(const struct symsearch *arr, struct module *owner, void *data), void *data) { struct module *mod; static const struct symsearch arr[] = { { __start___ksymtab, __stop___ksymtab, __start___kcrctab, NOT_GPL_ONLY, false }, { __start___ksymtab_gpl, __stop___ksymtab_gpl, __start___kcrctab_gpl, GPL_ONLY, false }, { __start___ksymtab_gpl_future, __stop___ksymtab_gpl_future, __start___kcrctab_gpl_future, WILL_BE_GPL_ONLY, false }, ... }; if (each_symbol_in_section(arr, ARRAY_SIZE(arr), NULL, fn, data)) return true;

72. find_symbol (2) • And, try to find in the modules (after UNFORMED) 71 list_for_each_entry_rcu(mod, &modules, list) { struct symsearch arr[] = { { mod->syms, mod->syms + mod->num_syms, mod->crcs, NOT_GPL_ONLY, false }, { mod->gpl_syms, mod->gpl_syms + mod->num_gpl_syms, mod->gpl_crcs, GPL_ONLY, false }, { mod->gpl_future_syms, mod->gpl_future_syms + mod->num_gpl_future_syms, mod->gpl_future_crcs, WILL_BE_GPL_ONLY, false }, if (mod->state == MODULE_STATE_UNFORMED) continue; if (each_symbol_in_section(arr, ARRAY_SIZE(arr), mod, fn, data)) return true; } return false; }

73. find_symbol (3) • Bianry search in the section! 72 static int cmp_name(const void *va, const void *vb) { const char *a; const struct kernel_symbol *b; a = va; b = vb; return strcmp(a, b->name); } static bool find_symbol_in_section(const struct symsearch *syms, struct module *owner, void *data) { struct find_symbol_arg *fsa = data; sym = bsearch(fsa->name, syms->start, syms->stop - syms->start, sizeof(struct kernel_symbol), cmp_name); if (sym != NULL && check_symbol(syms, owner, sym - syms->start, data)) return true; return false; } Checks the found symbol’s target license

74. ref_module • If the target module is NULL (=the symbol is in the kernel) or the module already uses the target module, it immediately returns. • Increment the reference counter of the target module (if the target module is in the middle of initialization, returns –EBUSY) • Add usage • Source : the module • Target : the target module 73 static int add_module_usage(struct module *a, struct module *b) { struct module_use *use; use = kmalloc(sizeof(*use), GFP_ATOMIC); use->source = a; use->target = b; list_add(&use->source_list, &b->source_list); list_add(&use->target_list, &a->target_list); }

75. Usage example 74 Kernel module A Kernel module B function f() { } function g() { f(); } DEP struct module A refcnt : 2 struct module B refcnt: 1 struct module_use source: &B target: &A source_list target_list source_list target_list

76. apply_relocations • Apply relocations for each “rel” section • “rel” sections • Section Type : SHT_REL or SHT_RELA 75 [Nr] Name Type Address Offset Size EntSize Flags Link Info Align [ 2] .text PROGBITS 0000000000000000 00000070 0000000000000019 0000000000000000 AX 0 0 16 [ 3] .rela.text RELA 0000000000000000 00000ca8 0000000000000048 0000000000000018 24 2 8 [ 4] .init.text PROGBITS 0000000000000000 00000089 0000000000000016 0000000000000000 AX 0 0 1 [ 5] .rela.init.text RELA 0000000000000000 00000cf0 0000000000000030 0000000000000018 24 4 8 [24] .symtab SYMTAB 0000000000000000 00000db0 00000000000003c0 0000000000000018 25 32 8 [25] .strtab STRTAB 0000000000000000 00001170 000000000000014a 0000000000000000 0 0 1

77. Relocation • Example • This function uses the “printk” symbol outside the module. (And also __fentry__) 76 0000000000000000 <say_hello>: 0: e8 00 00 00 00 callq 5 <say_hello+0x5> 1: R_X86_64_PC32 __fentry__-0x4 5: 55 push %rbp 6: 48 c7 c7 00 00 00 00 mov $0x0,%rdi 9: R_X86_64_32S .rodata.str1.1 d: 31 c0 xor %eax,%eax f: 48 89 e5 mov %rsp,%rbp 12: e8 00 00 00 00 callq 17 <say_hello+0x17> 13: R_X86_64_PC32 printk-0x4 17: 5d pop %rbp 18: c3 retq void say_hello(void) { printk(KERN_INFO "Hello, World.n"); } RIP-relative is based on the next instruction

78. apply_relocate[_add] • Addressing is architecture-dependent, so the relocation is also architecture-dependent • x86_64 (RELA) • An RELA section is an array of Elf64_Rela • In the “printk” example • r_offset = 0x13 • r_info = R_X86_64_PC32 (RIP-relative in x86_64) • r_addend = -0x04 77 typedef struct elf64_rela { Elf64_Addr r_offset; /* Location at which to apply the action */ Elf64_Xword r_info; /* index and type of relocation */ Elf64_Sxword r_addend; /* Constant addend used to compute value */ } Elf64_Rela;

79. apply_relocate_add in x86_64 78 int apply_relocate_add(Elf64_Shdr *sechdrs, const char *strtab, unsigned int symindex, unsigned int relsec, struct module *me) { ... for (i = 0; i < sechdrs[relsec].sh_size / sizeof(*rel); i++) { /* This is where to make the change */ loc = (void *)sechdrs[sechdrs[relsec].sh_info].sh_addr + rel[i].r_offset; /* This is the symbol it is referring to. Note that all undefined symbols have been resolved. */ sym = (Elf64_Sym *)sechdrs[symindex].sh_addr + ELF64_R_SYM(rel[i].r_info); ... val = sym->st_value + rel[i].r_addend;

80. apply_relocate_add in x86_64 79 switch (ELF64_R_TYPE(rel[i].r_info)) { ... case R_X86_64_64: *(u64 *)loc = val; break; ... case R_X86_64_32S: *(s32 *)loc = val; if ((s64)val != *(s32 *)loc) goto overflow; break; case R_X86_64_PC32: val -= (u64)loc; *(u32 *)loc = val; #if 0 if ((s64)val != *(s32 *)loc) goto overflow; #endif break; Calculate the delta between the current address and the target address

81. post_relocation • Sort the exception table (sort_extable) • Exception table: the instruction addresses which the page fault handler treats specially page faults for. • get_user etc. • Copy the per-cpu section contents for all the possible cpus. (percpu_modcopy) • Set kallsyms-related members to the final location, and copy core symtab from the whole symtab. (add_kallsyms) • Call architecture-dependent finalizing function of loading (module_finalize) 80 for_each_possible_cpu(cpu) memcpy(per_cpu_ptr(mod->percpu, cpu), from, size);

82. module_finalize in x86_64 • Alternatives, paravirt and so on. 81 int module_finalize(const Elf_Ehdr *hdr, const Elf_Shdr *sechdrs, struct module *me) { const Elf_Shdr *s, *text = NULL, *alt = NULL, *locks = NULL, *para = NULL; char *secstrings = (void *)hdr + sechdrs[hdr->e_shstrndx].sh_offset; for (s = sechdrs; s < sechdrs + hdr->e_shnum; s++) { if (!strcmp(".text", secstrings + s->sh_name)) text = s; if (!strcmp(".altinstructions", secstrings + s->sh_name)) alt = s; if (!strcmp(".smp_locks", secstrings + s->sh_name)) locks = s; if (!strcmp(".parainstructions", secstrings + s->sh_name)) para = s; if (alt) { /* patch .altinstructions */ void *aseg = (void *)alt->sh_addr; apply_alternatives(aseg, aseg + alt->sh_size); } ...

83. flush_module_icache • Flush instruction cache for text area so that the code be executed correctly 82 static void flush_module_icache(const struct module *mod) { mm_segment_t old_fs; /* flush the icache in correct context */ old_fs = get_fs(); set_fs(KERNEL_DS); if (mod->module_init) flush_icache_range((unsigned long)mod->module_init, (unsigned long)mod->module_init + mod->init_size); flush_icache_range((unsigned long)mod->module_core, (unsigned long)mod->module_core + mod->core_size); set_fs(old_fs); }

84. complete_formation • Check if the exported symbols are already exported by another module (verify_export_symbols) • Add section information of symbols for BUG report (module_bug_finalize) • Set NX and RO for core and init area. • Set the module state to MODULE_STATE_COMING 83 mod->state = MODULE_STATE_COMING;

85. load_module function (2) [Re] • Resolve the symbols (simplify_symbols) • Fix up the addresses in the module (apply_relocations) • Extable and per-cpu initialization (post_relocation) • Flush I-cache for the module area (flush_module_icache) • Copy the module parameters to mod->args. • Check duplication of symbols, and setup NX attributes. (complete_formation) • Parse the module parameters (parse_args) • sysfs setup (mod_sysfs_setup) • Free the copy in the load_info structure (free_copy) • Call the init function of the module (do_init_module) 84

86. do_init_module (1) • Make a structure for call_rcu to free init area • And call the init function in the module • Set the module state to MODULE_STATE_LIVE 85 struct mod_initfree *freeinit; freeinit = kmalloc(sizeof(*freeinit), GFP_KERNEL); ... freeinit->module_init = mod->module_init; do_mod_ctors(mod); /* Start the module */ if (mod->init != NULL) ret = do_one_initcall(mod->init); mod->state = MODULE_STATE_LIVE;

87. do_init_module (2) • To avoid deadlock, perform synchronize • Drop the initial reference • And clears the init-related stuffs! 86 if (current->flags & PF_USED_ASYNC) async_synchronize_full(); mutex_lock(&module_mutex); /* Drop initial reference. */ module_put(mod); trim_init_extable(mod); #ifdef CONFIG_KALLSYMS mod->num_symtab = mod->core_num_syms; mod->symtab = mod->core_symtab; mod->strtab = mod->core_strtab; #endif unset_module_init_ro_nx(mod); module_arch_freeing_init(mod);

88. do_init_module (3) • Finally, frees the init stuffs • Wakes up if someone is waiting for the completion of the initialization. 87 call_rcu(&freeinit->rcu, do_free_init); mutex_unlock(&module_mutex); wake_up_all(&module_wq);

89. Details (2) Unloading 88

90. sys_delete_module • Check capability and module blocking parameter • Find the specified module by name • If the module has the init function AND does not have the exit function and it is not forceful unload, it fails with –EBUSY • Try to stop the module (try_stop_module) • Call the exit function • Frees the module 89

91. Now (3.19) [RE] • Reference count is now atomic_t (was per-cpu int before) and checked without stop_machine • (thanks to a mysterious guy) 90 static int try_stop_module(struct module *mod, int flags, int *forced) { /* If it's not unused, quit unless we're forcing. */ if (try_release_module_ref(mod) != 0) { *forced = try_force_unload(flags); if (!(*forced)) return -EWOULDBLOCK; } /* Mark it as dying. */ mod->state = MODULE_STATE_GOING; return 0; }

92. try_release_module_ref • Decrement the reference counter and checks if it reaches is zero (= can be unloaded). 91 static int try_release_module_ref(struct module *mod) { int ret; /* Try to decrement refcnt which we set at loading */ ret = atomic_sub_return(MODULE_REF_BASE, &mod->refcnt); BUG_ON(ret < 0); if (ret) /* Someone can put this right now, recover with checking */ ret = atomic_add_unless(&mod->refcnt, MODULE_REF_BASE, 0); return ret; }

93. Details (3) Building a out-of-tree kernel module 92

94. Build steps (1) : .c -> .o • make .tmp_versions, create .tmp_versions/<module>.mod • The file contains the names of the final .ko file and source .o files • Compile .tmp_[name].o from [name].c • Calculate the CRCs (version) for the exported symbols • Find a __ksymtab section in .tmp_[name].o • objdump –h (obj) | grep –q __ksymtab • Calculate CRC for exported symbols in the source file by genksyms (Output is LD Script format) • Compile the CRC values into the object file. 93 cmd_modversions = if $(OBJDUMP) -h $(@D)/.tmp_$(@F) | grep -q __ksymtab; then $(call cmd_gensymtypes,$(KBUILD_SYMTYPES),$(@:.o=.symtypes)) > $(@D)/.tmp_$(@F:.o=.ver); $(LD) $(LDFLAGS) -r -o $@ $(@D)/.tmp_$(@F) -T $(@D)/.tmp_$(@F:.o=.ver); rm -f $(@D)/.tmp_$(@F) $(@D)/.tmp_$(@F:.o=.ver); else mv -f $(@D)/.tmp_$(@F) $@; fi; _crc_say_hello = 0xb37b83db ;

95. Exported Symbols • Each exported symbol has a struct in __ksymtab* section. 94 #define __EXPORT_SYMBOL(sym, sec) extern typeof(sym) sym; __CRC_SYMBOL(sym, sec) static const char __kstrtab_##sym[] __attribute__((section("__ksymtab_strings"), aligned(1))) = VMLINUX_SYMBOL_STR(sym); extern const struct kernel_symbol __ksymtab_##sym; __visible const struct kernel_symbol __ksymtab_##sym __used __attribute__((section("___ksymtab" sec "+" #sym), unused)) = { (unsigned long)&sym, __kstrtab_##sym } #define EXPORT_SYMBOL(sym) __EXPORT_SYMBOL(sym, "") #define EXPORT_SYMBOL_GPL(sym) __EXPORT_SYMBOL(sym, "_gpl") #define EXPORT_SYMBOL_GPL_FUTURE(sym) __EXPORT_SYMBOL(sym, "_gpl_future") (include/linux/export.h)

96. CRC sections • Declare CRC symbols in CRC sections with the weak attribute. 95 #ifndef __GENKSYMS__ #ifdef CONFIG_MODVERSIONS /* Mark the CRC weak since genksyms apparently decides not to * generate a checksums for some symbols */ #define __CRC_SYMBOL(sym, sec) extern __visible void *__crc_##sym __attribute__((weak)); static const unsigned long __kcrctab_##sym __used __attribute__((section("___kcrctab" sec "+" #sym), unused)) = (unsigned long) &__crc_##sym; #else #define __CRC_SYMBOL(sym, sec) #endif (include/linux/export.h)

97. Build Steps (2) : .c -> .o • Create __mcount_loc list (if –pg is enabled) • The list of pointers where “mcount” is called • Fix up the dep file • Link into a single object file (<module>.o) if the module is composed of multiple object files 96

98. Build Steps (3) – Stage 2 • Create <module>.mod.c and <module>.symvers by modpost command • Compile the <module>.mod.c • Link the <module>.mod.o and <module>.o into a module <module>.ko 97 modpost = scripts/mod/modpost $(if $(CONFIG_MODVERSIONS),-m) $(if $(CONFIG_MODULE_SRCVERSION_ALL),-a,) $(if $(KBUILD_EXTMOD),-i,-o) $(kernelsymfile) $(if $(KBUILD_EXTMOD),-I $(modulesymfile)) $(if $(KBUILD_EXTRA_SYMBOLS), $(patsubst %, -e %,$(KBUILD_EXTRA_SYMBOLS))) $(if $(KBUILD_EXTMOD),-o $(modulesymfile)) $(if $(CONFIG_DEBUG_SECTION_MISMATCH),,-S) $(if $(KBUILD_EXTMOD)$(KBUILD_MODPOST_WARN),-w) MODPOST_OPT=$(subst -i,-n,$(filter -i,$(MAKEFLAGS))) # We can go over command line length here, so be careful. quiet_cmd_modpost = MODPOST $(words $(filter-out vmlinux FORCE, $^)) modules cmd_modpost = $(MODLISTCMD) | sed 's/.ko$$/.o/' | $(modpost) $(MODPOST_OPT) -s -T -

99. modpost (1) • Collects module information, symbol information and versions from kernel symbols, object files, and generate module source file and symvers file. • Arguments • Options 98 Option Description -m CONFIG_MODVERSIONS (Symbol version) -a CONFIG_MODULE_SRCVERSION_ALL (“srcversion” in modinfo) MD4 for the source files that made the module -I (symvers file) Input symbol versions (kernel symbols) -e (symvers file) Input extra symbol versions -o (symvers file) Output symbol versions (for exported symbols of the module) -T (files) Source (object) file list $ modpost [Options...] [(Module object files...)]

100. modpost (2) • Generate the source file 99 for (mod = modules; mod; mod = mod->next) { char fname[PATH_MAX]; ... buf.pos = 0; add_header(&buf, mod); add_intree_flag(&buf, !external_module); add_staging_flag(&buf, mod->name); err |= add_versions(&buf, mod); add_depends(&buf, mod, modules); add_moddevtable(&buf, mod); add_srcversion(&buf, mod); sprintf(fname, "%s.mod.c", mod->name); write_if_changed(&buf, fname); } (scripts/mod/modpost.c)

101. modpost (3) • Dump the symbol versions 100 static void write_dump(const char *fname) { struct buffer buf = { }; struct symbol *symbol; int n; for (n = 0; n < SYMBOL_HASH_SIZE ; n++) { symbol = symbolhash[n]; while (symbol) { if (dump_sym(symbol)) buf_printf(&buf, "0x%08xt%st%st%sn", symbol->crc, symbol->name, symbol->module->name, export_str(symbol->export)); symbol = symbol->next; } } write_if_changed(&buf, fname); } (scripts/mod/modpost.c)0xb37b83db say_hello /home/shimos/test_module/hello EXPORT_SYMBOL

102. Generated <module>.mod.c (1) • Example 101 #include <linux/module.h> #include <linux/vermagic.h> #include <linux/compiler.h> MODULE_INFO(vermagic, VERMAGIC_STRING); __visible struct module __this_module __attribute__((section(".gnu.linkonce.this_module"))) = { .name = KBUILD_MODNAME, .init = init_module, #ifdef CONFIG_MODULE_UNLOAD .exit = cleanup_module, #endif .arch = MODULE_ARCH_INIT, }; static const struct modversion_info ____versions[] __used __attribute__((section("__versions"))) = { { 0x9412fa01, __VMLINUX_SYMBOL_STR(module_layout) }, { 0x27e1a049, __VMLINUX_SYMBOL_STR(printk) }, { 0xbdfb6dbb, __VMLINUX_SYMBOL_STR(__fentry__) }, }; ... Additional modinfo is included Base of struct module Symbols and (expected) versions which this module depends on.

103. Generated <module>.mod.c (2) • Example 102 static const char __module_depends[] __used __attribute__((section(".modinfo"))) = "depends="; MODULE_INFO(srcversion, "8D5BACDC1EA9421ABFF79DD") Modinfo about dependency (but the kernel does not use this) Modinfo “srcversion”

104. modinfo • The modinfo string is created by macros, and concatenated by collecting the string into a single section 103 #define __MODULE_INFO(tag, name, info) static const char __UNIQUE_ID(name)[] __used __attribute__((section(".modinfo"), unused, aligned(1))) = __stringify(tag) "=" info (include/linux/moduleparam.h) #define MODULE_INFO(tag, info) __MODULE_INFO(tag, tag, info) ... #define MODULE_LICENSE(_license) MODULE_INFO(license, _license) ... #define MODULE_AUTHOR(_author) MODULE_INFO(author, _author) ... (include/linux/module.h)

105. UNIQUE_ID 104 #define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __COUNTER__) (include/linux/compiler-gcc4.h)

Linux Kernel Module - For NLKB

Linux Kernel Module - For NLKB

Recommended

More Related Content

What's hot

What's hot(20)

Similar to Linux Kernel Module - For NLKB

Similar to Linux Kernel Module - For NLKB(20)

Recently uploaded

Recently uploaded(20)

Linux Kernel Module - For NLKB