-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathkallsyms.c
86 lines (73 loc) · 2.5 KB
/
kallsyms.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
// SPDX-License-Identifier: (GPL-2.0 OR MIT)
/**
* Lookup and grep kallsyms from kernel space. Note that this module depends on
* kallsyms_on_each_symbol(), which needs CONFIG_LIVEPATCH=y on kernel >= 5.12.
*
* Tested on kernel 4.19, 5.10, 5.18 (x86-64); 5.4 (arm64).
*
* Changelog:
*
* v0.2: Support kernel >= v5.7 using kprobes to find kallsyms_on_each_symbol()
* even if not exported.
* v0.1: Initial version.
*/
#include <linux/init.h> // module_{init,exit}()
#include <linux/module.h> // THIS_MODULE, MODULE_VERSION, ...
#include <linux/kernel.h> // printk(), pr_*()
#include <linux/moduleparam.h> // module_param()
#include <linux/string.h> // strcmp()
#include <linux/version.h> // LINUX_VERSION_CODE, KERNEL_VERSION()
// Since v5.7, kallsyms_on_each_symbol() and others aren't exported anymore.
#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,7,0)
#include <linux/kprobes.h> // [un]register_kprobe
#define KALLSYMS_NOT_EXPORTED
#else
#include <linux/kallsyms.h> // kallsyms_on_each_symbol()
#endif
#ifdef pr_fmt
#undef pr_fmt
#endif
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
static char *find = NULL;
module_param(find, charp, 0);
static int print_ksym(void *_, const char *name, struct module *module, unsigned long addr)
{
if (module && module->name[0])
pr_info("0x%px %s [%s]\n", (void*)addr, name, module->name);
else
pr_info("0x%px %s\n", (void*)addr, name);
return 0;
}
static int grep_ksym(void *_, const char *name, struct module *module, unsigned long addr)
{
if (strstr(name, find))
return print_ksym(NULL, name, module, addr);
return 0;
}
static int __init modinit(void)
{
static int (*pkallsyms_on_each_symbol)(int (*fn)(void *, const char *, struct module *, unsigned long), void *);
#ifdef KALLSYMS_NOT_EXPORTED
// Find the symbol through a kprobes hack
struct kprobe kp = { .symbol_name = "kallsyms_on_each_symbol" };
int err;
err = register_kprobe(&kp);
if (err) {
pr_err("register_kprobe() failed: %d\n", err);
return err;
}
pkallsyms_on_each_symbol = (typeof(pkallsyms_on_each_symbol))kp.addr;
unregister_kprobe(&kp);
#else
pkallsyms_on_each_symbol = &kallsyms_on_each_symbol;
#endif
pkallsyms_on_each_symbol(find ? grep_ksym : print_ksym, NULL);
// Just fail loading with a random error to make it simpler to use this
// module multiple times in a row.
return -ECANCELED;
}
module_init(modinit);
MODULE_VERSION("0.2");
MODULE_DESCRIPTION("Kernel symbol list/search utility.");
MODULE_AUTHOR("Marco Bonelli");
MODULE_LICENSE("Dual MIT/GPL");