7  

1. The format is similar to that of the output of nm utility, see also this page.

   格式类似于nm实用程序的输出格式,另请参见此页面。

   To put it simple, 'T' usually denotes a global (non-static but not necessarily exported) function, 't' - a function local to the compilation unit (i.e. static), 'D' - global data, 'd' - data local to the compilation unit. 'R' and 'r' - same as 'D'/'d' but for read-only data.

   简单来说,'T'通常表示全局(非静态但不一定是导出)函数,'t' - 编译单元本地的函数(即静态),'D' - 全局数据,'d' - 编译单元的本地数据。 'R'和'r' - 与'D'/'d'相同,但是对于只读数据。

2. These are the items from the special sections needed to export symbols so that the symbols could be used by kernel modules.

   这些是导出符号所需的特殊部分中的项目,以便内核模块可以使用这些符号。

   For each exported symbol, al least the following is defined by EXPORT_SYMBOL():

   对于每个导出的符号,EXPORT_SYMBOL()至少定义以下内容:

   • __kstrtab_<symbol_name> - name of the symbol as a string

   __kstrtab_ - 作为字符串的符号名称

   • __ksymtab_<symbol_name> - a structure with the information about the symbol: its address, address of __kstrtab_<symbol_name>, etc.

   __ksymtab_ - 包含符号信息的结构:其地址,__kstrtab_ 的地址等。

   • __kcrctab_<symbol_name> - address of the control sum (CRC) of the symbol - it is used, for example, to check if the kernel or a module provides an exactly the same symbol as needed by a given kernel module. If a module requires a symbol with a given name and CRC and the kernel provides a symbol with that name but a different CRC (e.g. if the module was compiled for a different kernel version), the module loader will refuse to load that kernel module (unless this check is disabled).

   __kcrctab_ - 符号的控制和(CRC)的地址 - 例如,它用于检查内核或模块是否提供给定内核模块所需的完全相同的符号。如果模块需要具有给定名称和CRC的符号,并且内核提供具有该名称但具有不同CRC的符号(例如,如果模块是针对不同的内核版本编译的),则模块加载器将拒绝加载该内核模块(除非禁用此检查)。

   Take a look at the implementation of EXPORT_SYMBOL() macro in linux/export.h for details.

   有关详细信息,请查看linux / export.h中EXPORT_SYMBOL()宏的实现。

3. Not sure but I have not encountered a situation so far when a function ("text symbol") or a variable ("data symbol") was present in System.map but not shown in /proc/kallsyms if the kernel is compiled properly and with kallsyms fully enabled (CONFIG_KALLSYMS=y, CONFIG_KALLSYMS_ALL=y). If CONFIG_KALLSYMS_ALL=n, only the functions (to be exact, symbols from *.text sections) will be shown in /proc/kallsyms.

   不确定,但到目前为止,当System.map中存在函数(“文本符号”)或变量(“数据符号”)但在/ proc / kallsyms中未显示(如果内核编译正确并且完全启用kallsyms(CONFIG_KALLSYMS = y,CONFIG_KALLSYMS_ALL = y)。如果CONFIG_KALLSYMS_ALL = n,则只有函数(确切地说,来自* .text部分的符号)将显示在/ proc / kallsyms中。

4. Depends on your kernel version. You can take a look at the definition of EXPORT_SYMBOL() for your kernel and find which type __ksymtab_<symbol_name> variables are. In the kernel 3.11, it is struct kernel_symbol defined in linux/export.h. Having the definition of that struct and its address, I suppose, you can get the address of the symbol: struct kernel_symbol::value. Haven't tried this myself though.

   取决于您的内核版本。您可以查看内核的EXPORT_SYMBOL()定义,并找到__ksymtab_ 变量的类型。在内核3.11中,它是linux / export.h中定义的struct kernel_symbol。我想有了该结构的定义及其地址,你可以获得符号的地址:struct kernel_symbol :: value。虽然我自己没试过。

   Note, however, that __ksymtab_nf_hook is for nf_hook but not for nf_hooks. The name must match. nf_hooks and nf_hook are different entities.

   但请注意,__ tsymtab_nf_hook适用于nf_hook但不适用于nf_hooks。名称必须匹配。 nf_hooks和nf_hook是不同的实体。

5. Hard to tell without seeing the code and the relevant part of /proc/kallsyms. Maybe it is #ifdef'ed out and not compiled at all, may be there is something else.

   很难说没有看到代码和/ proc / kallsyms的相关部分。也许它是#ifdef'ed并且根本没有编译,可能还有别的东西。

   Besides, nf_hooks is a data item so it might not show up in /proc/kallsyms if CONFIG_KALLSYMS_ALL is 'n'.

   此外,nf_hooks是一个数据项,因此如果CONFIG_KALLSYMS_ALL为'n',它可能不会出现在/ proc / kallsyms中。