Talk about how Linux kernel invokes your module's init function. Note: When you view the the slide deck via web browser, the screenshots may be blurred. You can download and view them offline (Screenshots are clear).

1. Anatomy of the Loadable
Kernel Module (LKM)
Adrian Huang

2. Agenda
• From ‘insmod’ command
• Call path for LKM’s init function
• ‘.gnu.linkonce.this_module’ section
• Deep Dive into call path
• modinfo
Note
• Kernel source: 5.10
• Mainly focus on the ‘init’ function call path

3. From `insmod` command
Hello World Kernel Module strace
finit_module() system call loads an ELF image into kernel space

4. From `insmod` command
Hello World Kernel Module strace
finit_module() system call loads an ELF image into kernel space
finit_module()
• Load an ELF image into kernel space
• Perform symbol relocations
• Initialize module parameters to values
• Run the module’s init function

5. Call path for LKM’s init function
finit_module
load_module
do_init_module
do_one_initcall(mod->init)
mod->init();
Analysis
• Key: mod->init()
• How to assign the address of mod->init()?
kernel_read_file_from_fd
elf_header_check
setup_load_info
blacklisted(info->name)?
cleanup & return
module_sig_check
Y
N
mod = layout_and_allocate(info, ..)
rewrite_section_headers
apply_relocations

6. ‘.gnu.linkonce.this_module’ section (1/6)

7. ‘.gnu.linkonce.this_module’ section (2/6)

8. ‘.gnu.linkonce.this_module’ section (3/6)

9. ‘.gnu.linkonce.this_module’ section (4/6)
User Space Tool – modpost: Generate a file ‘module_name.mod.c’ when
compiling your kernel module

10. ‘.gnu.linkonce.this_module’ section - Where is
‘init_module()’ definition? (5/6)
Hello World Kernel Module module_init() macro
__init macro

11. ‘.gnu.linkonce.this_module’ section (6/6)

12. Deep Dive into call path (1/7)
finit_module
load_module
do_init_module
do_one_initcall(mod->init)
mod->init();
kernel_read_file_from_fd
elf_header_check
setup_load_info
blacklisted(info->name)?
cleanup & return
module_sig_check
Y
N
mod = layout_and_allocate(info, ..)
rewrite_section_headers
apply_relocations
ELF Header
Section 1
.init.text
.exit.text
.gnu.linkonce.this_module
…
Section n
Section Header 1
.init.text
.exit.text
.gnu.linkonce.this_module
…
Section Header n
load_info
name
mod
hdr
len
sechdrs
secstrings
strtab
A (kernel addr)
A + e_shoff

13. finit_module
load_module
do_init_module
do_one_initcall(mod->init)
mod->init();
kernel_read_file_from_fd
elf_header_check
setup_load_info
blacklisted(info->name)?
cleanup & return
module_sig_check
Y
N
mod = layout_and_allocate(info, ..)
rewrite_section_headers
apply_relocations
ELF Header
Section 1
.init.text
.exit.text
.gnu.linkonce.this_module
…
Section n
Section Header 1
.init.text
.exit.text
.gnu.linkonce.this_module
…
Section Header n
load_info
name
mod
hdr
len
sechdrs
secstrings
strtab
A (kernel addr)
A + e_shoff
Deep Dive into call path (2/7)

14. finit_module
load_module
kernel_read_file_from_fd
elf_header_check
setup_load_info
blacklisted(info->name)?
cleanup & return
module_sig_check
Y
N
rewrite_section_headers
ELF Header
Section 1
.init.text
.exit.text
.gnu.linkonce.this_module
…
Section n
Section Header 1
.init.text
.exit.text
.gnu.linkonce.this_module
…
Section Header n
load_info
name
mod
hdr
len
sechdrs
secstrings
strtab
A (kernel addr)
A + e_shoff
for (i = 1; i < info->hdr->e_shnum; i++)
Elf_Shdr *shdr = &info->sechdrs[i];
shdr->sh_addr = (size_t)info->hdr +
shdr->sh_offset;
Deep Dive into call path (3/7)
Update sh_addr (virtual address) of each section header table based on
address ‘A’

15. Update sh_addr (virtual address) of each section header table
based on core/init section memory allocation
module
…
init
core_layout
init_layout
exit
…
module_layout
base
size
text_size
ro_size
ro_after_init_size
.init.text
.symtab
.strtab
Init section memory allocation
0xffffffffc0819000
0xffffffffc081a000
0xffffffffc081a000
module_layout
base
size
text_size
ro_size
ro_after_init_size
Deep Dive into call path (4/7)

16. module
…
init
core_layout
init_layout
exit
…
module_layout
base
size
text_size
ro_size
ro_after_init_size
.symtab
.strtab
Init section memory allocation
0xffffffffc0819000
0xffffffffc081a000
0xffffffffc081a000
module_layout
base
size
text_size
ro_size
ro_after_init_size
init_module
.init.text
Deep Dive into call path (5/7)

17. module
…
init
core_layout
init_layout
exit
…
module_layout
base
size
text_size
ro_size
ro_after_init_size
.symtab
.strtab
Init section memory allocation
0xffffffffc0819000
0xffffffffc081a000
0xffffffffc081a000
module_layout
base
size
text_size
ro_size
ro_after_init_size
init_module
.init.text
Deep Dive into call path (6/7)

18. Deep Dive into call path (7/7)
finit_module
load_module
do_init_module
do_one_initcall(mod->init)
mod->init();
kernel_read_file_from_fd
elf_header_check
setup_load_info
blacklisted(info->name)?
cleanup & return
module_sig_check
Y
N
mod = layout_and_allocate(info, ..)
rewrite_section_headers
apply_relocations
free & cleanup init_layout
Free memory space of init_layout after calling mod->init()

19. modinfo
Key=Value format in .modinfo section