Re: Linux kernel file name

Ulrich Windl (ulrich.windl@rz.uni-regensburg.de)
Tue, 10 Dec 1996 15:30:54 +0100


On 10 Dec 96 at 10:53, Hans Lermen wrote:

> On Tue, 10 Dec 1996 stenn@whimsy.udel.edu wrote:
>
> >
> > Well, since the whole point of the exercise is so I can do an nlist() on
> > the kernel to read the values of tick and tickadj (or whatever they're
> > called under linux), there's no need for me to know the kernel name if I
> > can't do an nlist() on it because it's compressed.
>
> Well, symbol table information for a Linux kernel image can be get in
> different ways:
>
> 1. There is an exported list of symbols, that are needed to allow linking
> in the modules: /proc/ksyms.
> This is not the complete symbol table.

This makes that feature rather useless IMHO.

>
> 2. On each compilation of the kernel, there is a symbol table generated
> (System.map). It is common usage to have the System.map of the currently
> loaded kernel in '/' or /usr/src/linux.
> However, to have it 'in sync' with the loaded kernel is the responsibility
> of the system administrator, the kernel itself doesn't care about this.

Wouldn't it be good if there were a way to check if the System.map
really matches the active kernel. What if we add the "kernel version
stamp" as text to the System.map and then use the address from the
System.mao where that value should be. If finally the value in the
kernel is the one from System.map, the kernel finally must be
compatible. (I don't know what syslogd does to obtain its result
"System.map matches kernel", but it is not always correct).

Comments?

>
> You may maintain a set of System.maps in /boot and do a symbolic link to
> /System.map in your /etc/rc. The info of what kernel has been loaded can
> be get out the 'BOOT_IMAGE=' param in '/proc/cmdline'.
> ( what I described in a previous mail )

That is not mandatory, and thus won't work everywhere ("in a standard
installation", whatever that means).

>
> In addition, you can get the full kernel version string out of the kernel
> image file (zImage), as it is part of the uncompressed part of the image
> file: The below /etc/magic entry describes how to obtain it:
>
> 0x202 string HdrS Linux/i386 Kernel
> >0x206 short 0x0105 setupV1 zImage
> >0x206 short 0x0200 setupV2
> >>0x211 byte 0 zImage
> >>0x211 byte 1 bzImage
> >(0x20e.s+0x200) string >\0 "%6.6s"
>
> Comparing this with '/proc/version' makes sure you are looking at the
> right thing.

Seems to be promising, but still you don't have the correct symbol
table. What about fixing /proc/ksyms?

>
> Hans
> <lermen@fgan.de>

Ulrich