Download as PDF, PPTX
![finit_module
load_module
kernel_read_file_from_fd
elf_header_check
setup_load_info
blacklisted(info->name)?
cleanup & return
module_sig_check
Y
N
rewrite_section_headers
ELF Header
Section 1
.init.text
.exit.text
.gnu.linkonce.this_module
…
Section n
Section Header 1
.init.text
.exit.text
.gnu.linkonce.this_module
…
Section Header n
load_info
name
mod
hdr
len
sechdrs
secstrings
strtab
A (kernel addr)
A + e_shoff
for (i = 1; i < info->hdr->e_shnum; i++)
Elf_Shdr *shdr = &info->sechdrs[i];
shdr->sh_addr = (size_t)info->hdr +
shdr->sh_offset;
Deep Dive into call path (3/7)
Update sh_addr (virtual address) of each section header table based on
address ‘A’](https://image.slidesharecdn.com/anatomyoftheloadablekernelmodulelkm-201222072512/85/Anatomy-of-the-loadable-kernel-module-lkm-14-320.jpg)
Uploaded byAdrian Huang
Anatomy of the loadable kernel module (lkm)
Talk about how Linux kernel invokes your module's init function. Note: When you view the the slide deck via web browser, the screenshots may be blurred. You can download and view them offline (Screenshots are clear).
Anatomy of the loadable kernel module (lkm)
- 1. Anatomy of theLoadable Kernel Module (LKM) Adrian Huang
- 2. Agenda • From ‘insmod’command • Call path for LKM’s init function • ‘.gnu.linkonce.this_module’ section • Deep Dive into call path • modinfo Note • Kernel source: 5.10 • Mainly focus on the ‘init’ function call path
- 3. From `insmod` command HelloWorld Kernel Module strace finit_module() system call loads an ELF image into kernel space
- 4. From `insmod` command HelloWorld Kernel Module strace finit_module() system call loads an ELF image into kernel space finit_module() • Load an ELF image into kernel space • Perform symbol relocations • Initialize module parameters to values • Run the module’s init function
- 5. Call path forLKM’s init function finit_module load_module do_init_module do_one_initcall(mod->init) mod->init(); Analysis • Key: mod->init() • How to assign the address of mod->init()? kernel_read_file_from_fd elf_header_check setup_load_info blacklisted(info->name)? cleanup & return module_sig_check Y N mod = layout_and_allocate(info, ..) rewrite_section_headers apply_relocations
- 6.
- 7.
- 8.
- 9. ‘.gnu.linkonce.this_module’ section (4/6) UserSpace Tool – modpost: Generate a file ‘module_name.mod.c’ when compiling your kernel module
- 10. ‘.gnu.linkonce.this_module’ section -Where is ‘init_module()’ definition? (5/6) Hello World Kernel Module module_init() macro __init macro
- 11.
- 12. Deep Dive intocall path (1/7) finit_module load_module do_init_module do_one_initcall(mod->init) mod->init(); kernel_read_file_from_fd elf_header_check setup_load_info blacklisted(info->name)? cleanup & return module_sig_check Y N mod = layout_and_allocate(info, ..) rewrite_section_headers apply_relocations ELF Header Section 1 .init.text .exit.text .gnu.linkonce.this_module … Section n Section Header 1 .init.text .exit.text .gnu.linkonce.this_module … Section Header n load_info name mod hdr len sechdrs secstrings strtab A (kernel addr) A + e_shoff
- 13. finit_module load_module do_init_module do_one_initcall(mod->init) mod->init(); kernel_read_file_from_fd elf_header_check setup_load_info blacklisted(info->name)? cleanup & return module_sig_check Y N mod= layout_and_allocate(info, ..) rewrite_section_headers apply_relocations ELF Header Section 1 .init.text .exit.text .gnu.linkonce.this_module … Section n Section Header 1 .init.text .exit.text .gnu.linkonce.this_module … Section Header n load_info name mod hdr len sechdrs secstrings strtab A (kernel addr) A + e_shoff Deep Dive into call path (2/7)
- 14. finit_module load_module kernel_read_file_from_fd elf_header_check setup_load_info blacklisted(info->name)? cleanup & return module_sig_check Y N rewrite_section_headers ELFHeader Section 1 .init.text .exit.text .gnu.linkonce.this_module … Section n Section Header 1 .init.text .exit.text .gnu.linkonce.this_module … Section Header n load_info name mod hdr len sechdrs secstrings strtab A (kernel addr) A + e_shoff for (i = 1; i < info->hdr->e_shnum; i++) Elf_Shdr *shdr = &info->sechdrs[i]; shdr->sh_addr = (size_t)info->hdr + shdr->sh_offset; Deep Dive into call path (3/7) Update sh_addr (virtual address) of each section header table based on address ‘A’
- 15. Update sh_addr (virtualaddress) of each section header table based on core/init section memory allocation module … init core_layout init_layout exit … module_layout base size text_size ro_size ro_after_init_size .init.text .symtab .strtab Init section memory allocation 0xffffffffc0819000 0xffffffffc081a000 0xffffffffc081a000 module_layout base size text_size ro_size ro_after_init_size Deep Dive into call path (4/7)
- 16. module … init core_layout init_layout exit … module_layout base size text_size ro_size ro_after_init_size .symtab .strtab Init section memoryallocation 0xffffffffc0819000 0xffffffffc081a000 0xffffffffc081a000 module_layout base size text_size ro_size ro_after_init_size init_module .init.text Deep Dive into call path (5/7)
- 17. module … init core_layout init_layout exit … module_layout base size text_size ro_size ro_after_init_size .symtab .strtab Init section memoryallocation 0xffffffffc0819000 0xffffffffc081a000 0xffffffffc081a000 module_layout base size text_size ro_size ro_after_init_size init_module .init.text Deep Dive into call path (6/7)
- 18. Deep Dive intocall path (7/7) finit_module load_module do_init_module do_one_initcall(mod->init) mod->init(); kernel_read_file_from_fd elf_header_check setup_load_info blacklisted(info->name)? cleanup & return module_sig_check Y N mod = layout_and_allocate(info, ..) rewrite_section_headers apply_relocations free & cleanup init_layout Free memory space of init_layout after calling mod->init()
- 19. modinfo Key=Value format in.modinfo section