2

I saw from this SO post that /proc/kallsyms should have the symbols of dynamically loaded modules as well as static code whereas System.map contains only the symbols of static code. However, when I cat /proc/kallsyms I seem to only have symbols in the text section of the kernel (T and t flags), save one or two symbols like

0000000000000000 D irq_stack_union
0000000000000000 D __per_cpu_start

On the other hand, in System.map I have symbols from many sections - essentially everything from /proc/kallsyms except loaded kernel module symbols.

To show the magnitude of this difference I used the wc command.

user@debian:~/$ cat /boot/System.map-3.2.0-4-amd64 | wc
  51256  153768 2117121
user@debian:~/$ cat /proc/kallsyms | wc
  29336   92637 1161409

What is the reason for this difference? Where are all of the data section related symbols in my /proc/kallsyms file?

Edit: As requested, here are the kallsyms configuration options.

user@debian:~$ cat /boot/config-3.2.0-4-amd64 | grep KALLSYMS
CONFIG_KALLSYMS=y
# CONFIG_KALLSYMS_ALL is not set
Marco Bonelli
  • 63,369
  • 21
  • 118
  • 128
peachykeen
  • 4,143
  • 4
  • 30
  • 49
  • Does this answer your question? [System.map file and /proc/kallsyms](https://stackoverflow.com/questions/28936630/system-map-file-and-proc-kallsyms) – Mikel Rychliski Apr 15 '20 at 16:21
  • Thank you, but no it doesn't. That is the post I linked above. I get why and how `kallsyms` and `System.map` should be different due to that post, but my question reflects a different situation than that post. – peachykeen Apr 15 '20 at 16:27
  • Sorry about that.. My guess is that /proc/kallsyms is derived from the internal data structures used to print opps messages, so it never had a reason to store the address of symbols outside of the .text section. The kernel doesn't actually keep the non-text symbols in memory. – Mikel Rychliski Apr 15 '20 at 16:33
  • Does using `sudo cat` change anything? Also, what's the output of the `uname -r` command? – Marco Bonelli Apr 15 '20 at 18:26
  • Hi @MarcoBonelli using `sudo` doesn't change anything. Output of `uname -r` is `3.2.0-4-amd64`. – peachykeen Apr 15 '20 at 19:42
  • @peachykeen can you also check the output of: `sudo cat /boot/config-3.2.0-4-amd64 | grep KALLSYMS`, those config options are relevant, add it to the post. – Marco Bonelli Apr 15 '20 at 20:03
  • @MarcoBonelli : I added the output to my post above. Not having `CONFIG_KALLSYMS_ALL` set to `y` seems like it is my answer. – peachykeen Apr 15 '20 at 20:11

1 Answers1

4

You don't have CONFIG_KALLSYMS_ALL set to y, therefore only text symbols are exported to /proc/kallsyms. Setting this to y and re-building the kernel (although not that simple to do) should solve the problem.

I don't know if this is because you have an old kernel or some distro that disables it in their build. You could also try upgrading to a newer kernel. In my Debian 9 Linux v4.9 it seems to be enabled.

Marco Bonelli
  • 63,369
  • 21
  • 118
  • 128