lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20070926065047.GE1993@frankl.hpl.hp.com>
Date:	Tue, 25 Sep 2007 23:50:47 -0700
From:	Stephane Eranian <eranian@....hp.com>
To:	Paulo Marques <pmarques@...popie.com>
Cc:	linux-kernel@...r.kernel.org, perfmon@...ali.hpl.hp.com
Subject: Re: /proc/kallsyms and symbol size

Paulo,

On Tue, Sep 25, 2007 at 05:21:06PM +0100, Paulo Marques wrote:
> Stephane Eranian wrote:
> >Hello,
> 
> Hi, Stephane
> 
> >Many monitoring tools use /proc/kallsyms to build a symbol table for the 
> >kernel.
> >This technique has the advantage that it does not require root privileges, 
> >nor
> >an up-to-date /boot/System.map, nor a decompressed kernel in /boot.
> >
> >The problem is that /proc/kallsyms does not report the size of the symbols.
> >Yet, the information is available in the kernel as it is used by functions 
> >such as __print_symbol(). Having the size is useful to correlate the address 
> >obtained
> >is a sample with a symbol name. Most tools use an approximation which 
> >assumes
> >symbols are contiguous to estimate the size.
> 
> That is actually what the kernel does internally, too. It does not keep 
> the size of the symbol, but tries to guess it from the address of the 
> next non-aliased symbol.
> 
> Since the addresses are sorted, this works fine most of the time. This 
> is done to reduce the size used by the symbol table in the running kernel.
> 
> Just take a look at "get_symbol_pos" in kernel/kallsyms.c and 
> "get_ksymbol" in kernel/module.c to see exactly how this is done
> 
Ok. Then we cannot really do better. 

Also thank you for alerting me on the aliased symbols. I have modified
my user code to only keep the first symbol.

Thanks for you help.

-- 

-Stephane
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ