Linux驱动之内核加载模块过程分析
Linux內核支持動態的加載模塊運行:比如insmod first_drv.ko,這樣就可以將模塊加載到內核所在空間供應用程序調用。現在簡單描述下insmod first_drv.ko的過程
1、insmod也是一個用戶進程
2、insmod進程從命令行中讀取要鏈接的模塊名字:first_drv.ko
3、insmod進程確定模塊對象代碼所在的文件在系統目錄樹中的位置,即first_drv.ko文件所在的位置
4、insmod進程從文件系統所在的存儲區讀入存有模塊目標代碼的文件
5、insmod調用init_module系統調用。函數將進入內核到達內核函數?sys_init_module,然后sys_init_module函數將模塊二進制文件復制到內核,然后由內核完成剩余的任務。
下面內容轉載自https://blog.csdn.net/chrovery/article/details/51088425
一、前言
對于現在編譯的一些module要insmod在系統上時,可能會報各種各樣的錯誤。這些錯誤仔細研讀內核源碼,都能找出原因。2.6 內核以前的insmod部分主要依賴于modutils源碼包,在用戶層基本將工作完成,加載過程參考前一篇文章。2.6 內核以后的做法是將大部分的原來用戶級操作納入內核中來處理,無論是邏輯上還是代碼量上都比原來減少了許多,通過busybox中的insmod命令與內核接入。把這套源代碼弄明白,就不會出現加載模塊時出現的各種各樣的錯誤,可以寫一些patch代碼,修正這些內核要檢查的項,比如vermagic和crc等等。
二、相關結構
1.模塊依賴關系
struct module_use {
struct list_head source_list;
struct list_head target_list;
struct module *source, *target;
};
2.模塊狀態
enum module_state {
MODULE_STATE_LIVE, /* Normal state. */
MODULE_STATE_COMING, /* Full formed, running module_init. */
MODULE_STATE_GOING, /* Going away. */
MODULE_STATE_UNFORMED, /* Still setting it up. */
};
3.模塊計數
struct module_ref {
unsigned long incs;
unsigned long decs;
} __attribute((aligned(2 * sizeof(unsigned long))));
4.模塊結構
struct module
{
enum module_state state;
/* Member of list of modules */
struct list_head list;
/* Unique handle for this module */
char name[MODULE_NAME_LEN];
/* Sysfs stuff. */
struct module_kobject mkobj;
struct module_attribute *modinfo_attrs;
const char *version;
const char *srcversion;
struct kobject *holders_dir;
/* Exported symbols */
const struct kernel_symbol *syms;
const unsigned long *crcs;
unsigned int num_syms;
/* Kernel parameters. */
struct kernel_param *kp;
unsigned int num_kp;
/* GPL-only exported symbols. */
unsigned int num_gpl_syms;
const struct kernel_symbol *gpl_syms;
const unsigned long *gpl_crcs;
#ifdef CONFIG_UNUSED_SYMBOLS
/* unused exported symbols. */
const struct kernel_symbol *unused_syms;
const unsigned long *unused_crcs;
unsigned int num_unused_syms;
/* GPL-only, unused exported symbols. */
unsigned int num_unused_gpl_syms;
const struct kernel_symbol *unused_gpl_syms;
const unsigned long *unused_gpl_crcs;
#endif
#ifdef CONFIG_MODULE_SIG
/* Signature was verified. */
bool sig_ok;
#endif
/* symbols that will be GPL-only in the near future. */
const struct kernel_symbol *gpl_future_syms;
const unsigned long *gpl_future_crcs;
unsigned int num_gpl_future_syms;
/* Exception table */
unsigned int num_exentries;
struct exception_table_entry *extable;
/* Startup function. */
int (*init)(void);
/* If this is non-NULL, vfree after init() returns */
void *module_init;
/* Here is the actual code + data, vfree'd on unload. */
void *module_core;
/* Here are the sizes of the init and core sections */
unsigned int init_size, core_size;
/* The size of the executable code in each section. */
unsigned int init_text_size, core_text_size;
/* Size of RO sections of the module (text+rodata) */
unsigned int init_ro_size, core_ro_size;
/* Arch-specific module values */
struct mod_arch_specific arch;
unsigned int taints; /* same bits as kernel:tainted */
#ifdef CONFIG_GENERIC_BUG
/* Support for BUG */
unsigned num_bugs;
struct list_head bug_list;
struct bug_entry *bug_table;
#endif
#ifdef CONFIG_KALLSYMS
Elf_Sym *symtab, *core_symtab;
unsigned int num_symtab, core_num_syms;
char *strtab, *core_strtab;
/* Section attributes */
struct module_sect_attrs *sect_attrs;
/* Notes attributes */
struct module_notes_attrs *notes_attrs;
#endif
char *args;
#ifdef CONFIG_SMP
/* Per-cpu data. */
void __percpu *percpu;
unsigned int percpu_size;
#endif
#ifdef CONFIG_TRACEPOINTS
unsigned int num_tracepoints;
struct tracepoint * const *tracepoints_ptrs;
#endif
#ifdef HAVE_JUMP_LABEL
struct jump_entry *jump_entries;
unsigned int num_jump_entries;
#endif
#ifdef CONFIG_TRACING
unsigned int num_trace_bprintk_fmt;
const char **trace_bprintk_fmt_start;
#endif
#ifdef CONFIG_EVENT_TRACING
struct ftrace_event_call **trace_events;
unsigned int num_trace_events;
#endif
#ifdef CONFIG_FTRACE_MCOUNT_RECORD
unsigned int num_ftrace_callsites;
unsigned long *ftrace_callsites;
#endif
#ifdef CONFIG_MODULE_UNLOAD
/* What modules depend on me? */
struct list_head source_list;
/* What modules do I depend on? */
struct list_head target_list;
/* Who is waiting for us to be unloaded */
struct task_struct *waiter;
/* Destruction function. */
void (*exit)(void);
struct module_ref __percpu *refptr;
#endif
#ifdef CONFIG_CONSTRUCTORS
/* Constructor functions. */
ctor_fn_t *ctors;
unsigned int num_ctors;
#endif
};
5.ELF文件信息結構
struct load_info {
Elf_Ehdr *hdr;//指向elf頭
unsigned long len;
Elf_Shdr *sechdrs;//指向節區頭
char *secstrings;//指向字符串節區中節區名稱所在的地址
char *strtab;//指向字符串節區的內容所在地址
unsigned long symoffs;
unsigned long stroffs;
struct _ddebug *debug;
unsigned int num_debug;
bool sig_ok;//模塊簽名檢查
struct {
unsigned int sym;//模塊的符號表節區索引號
unsigned int str;//模塊的字符串節區索引號
unsigned int mod;//模塊的".gnu.linkonce.this_module"節區索引號
unsigned int vers;//模塊的"__versions"節區索引號
unsigned int info;//模塊的.modinfo節區索引號
unsigned int pcpu;
} index;
};
三、源代碼解析
//busybox中insmod.c文件中
int insmod_main(int argc UNUSED_PARAM, char **argv)
{
char *filename;
int rc;
IF_FEATURE_2_4_MODULES(
getopt32(argv, INSMOD_OPTS INSMOD_ARGS);
argv += optind - 1;
);
//取得要加載模塊的路徑名
filename = *++argv;
if (!filename)
bb_show_usage();
rc = bb_init_module(filename, parse_cmdline_module_options(argv,0));
if (rc)
bb_error_msg("can't insert '%s': %s", filename, moderror(rc));
return rc;
}
char* FAST_FUNC parse_cmdline_module_options(char **argv, int quote_spaces)
{
char *options;
int optlen;
options = xzalloc(1);
optlen = 0;
//遍歷模塊名后邊的模塊參數
while (*++argv) {
const char *fmt;
const char *var;
const char *val;
var = *argv;
//為options分配空間
options = xrealloc(options, optlen + 2 + strlen(var) + 2);
fmt = "%.*s%s ";
//若'='存在于var中,則返回'='在var中出現的第一個位置的指針,否則返回字符串var末尾的空字符。
val = strchrnul(var, '=');
if (quote_spaces) {//為0
if (*val) { /* has var=val format. skip '=' */
val++;
if (strchr(val, ' '))
fmt = "%.*s\"%s\" ";
}
}
//模塊參數按格式存入options,"%.*s%s "中“*”對應(int)(val - var),第一個s對應var,表示在var字符串中去除(int)(val - var)個字符顯示,即=前邊的字符被去除。實際上只是將val字符串(即=后邊的字符串)存入options指針指向的地址。
optlen += sprintf(options + optlen, fmt, (int)(val - var), var, val);
}
return options;
}
int FAST_FUNC bb_init_module(const char *filename, const char *options)
{
size_t image_size;
char *image;
int rc;
bool mmaped;
if (!options)
options = "";
//若是2.6以前的版本調用bb_init_module_24(),這種處理就是以前modutils對模塊的加載處理。這里要研究的是2.6以后的模塊加載處理
#if ENABLE_FEATURE_2_4_MODULES
if (get_linux_version_code() < KERNEL_VERSION(2,6,0))
return bb_init_module_24(filename, options);
#endif
image_size = INT_MAX - 4095;//初始化為文件的最大值
mmaped = 0;
//把模塊文件映射進內存,并返回映射空間的大小image_size
image = try_to_mmap_module(filename, &image_size);
if (image) {
mmaped = 1;
} else {
errno = ENOMEM; /* may be changed by e.g. open errors below */
image = xmalloc_open_zipped_read_close(filename, &image_size);
if (!image)
return -errno;
}
errno = 0;
//系統調用,對應內核函數是sys_init_module()函數,進入到內核空間
init_module(image, image_size, options);
rc = errno;
if (mmaped)
munmap(image, image_size);
else
free(image);
return rc;
}
void* FAST_FUNC try_to_mmap_module(const char *filename, size_t *image_size_p)
{
void *image;
struct stat st;
int fd;
//打開模塊.ko文件,獲得文件描述符
fd = xopen(filename, O_RDONLY);
//由文件描述符取得文件狀態
fstat(fd, &st);
image = NULL;
//文件的size是否超過設定的文件最大值
if (st.st_size <= *image_size_p) {
size_t image_size = st.st_size;//文件size
//以只讀的方式將.ko文件映射到內存中,返回在內存中的起始地址
image = mmap(NULL, image_size, PROT_READ, MAP_PRIVATE, fd, 0);
if (image == MAP_FAILED) {
image = NULL;
}
//檢查一下.ko文件的開頭是否為ELF標準格式
else if (*(uint32_t*)image != SWAP_BE32(0x7f454C46)) {
munmap(image, image_size);
image = NULL;
} else {
*image_size_p = image_size;//返回文件size
}
}
close(fd);
return image;
}
//sys_init_module(void __user *umod,unsigned long len,const char __user *uargs)
//umod : 是一個指針,指向用戶地址空間中的區域,模塊的二進制代碼位于其中。
//len : 該區域的長度。
//uargs : 是一個指針,指定了模塊的參數。
SYSCALL_DEFINE3(init_module, void __user *, umod,unsigned long, len, const char __user *, uargs)
{
int err;
struct load_info info = { };
//是否有權限加載模塊:capable(CAP_SYS_MODULE)
err = may_init_module();
if (err)
return err;
pr_debug("init_module: umod=%p, len=%lu, uargs=%p\n",umod, len, uargs);
//將用戶空間的.ko文件的內存映像(elf格式)拷貝到內核空間,并填充info結構中
err = copy_module_from_user(umod, len, &info);
if (err)
return err;
//模塊的主要操作
return load_module(&info, uargs, 0);
}
static int copy_module_from_user(const void __user *umod, unsigned long len,struct load_info *info)
{
int err;
//模塊文件映射到用戶空間的size(即.ko文件本身的size)
info->len = len;
if (info->len < sizeof(*(info->hdr)))
return -ENOEXEC;
err = security_kernel_module_from_file(NULL);
if (err)
return err;
//在內核空間為模塊分配內存,并將該內存的起始地址付給成員hdr,即該成員現在指向的是整個模塊內存
info->hdr = vmalloc(info->len);
if (!info->hdr)
return -ENOMEM;
//將用戶空間的.ko文件的內存映像(elf格式)拷貝到內核空間info->hdr處
if (copy_from_user(info->hdr, umod, info->len) != 0) {
vfree(info->hdr);
return -EFAULT;
}
return 0;
}
static int load_module(struct load_info *info, const char __user *uargs,int flags)
{
struct module *mod;
long err;
err = module_sig_check(info);//檢查證書
if (err)
goto free_copy;
err = elf_header_check(info);//檢查elf頭
if (err)
goto free_copy;
//布置模塊,并分配相關的內存,把相關節區復制到最終鏡像中
mod = layout_and_allocate(info, flags);
if (IS_ERR(mod)) {
err = PTR_ERR(mod);
goto free_copy;
}
//因為前邊已將模塊鏡像復制到了內核空間的內存中,module對象也指向對應的位置,然后將此module對象添加到modules鏈表中
err = add_unformed_module(mod);
if (err)
goto free_module;
#ifdef CONFIG_MODULE_SIG
mod->sig_ok = info->sig_ok;
if (!mod->sig_ok) {
printk_once(KERN_NOTICE
"%s: module verification failed: signature and/or"
" required key missing - tainting kernel\n",mod->name);
add_taint_module(mod, TAINT_FORCED_MODULE, LOCKDEP_STILL_OK);
}
#endif
//為節區pcpu分配空間,用于多處理器,此處不考慮
err = percpu_modalloc(mod, info);
if (err)
goto unlink_mod;
//模塊計數加1,并初始化模塊鏈表
err = module_unload_init(mod);
if (err)
goto unlink_mod;
//找到其余節區地址,初始化module對象相關指針
find_module_sections(mod, info);
//檢查license和version
err = check_module_license_and_versions(mod);
if (err)
goto free_unload;
//根據.modinfo段設置模塊信息
setup_modinfo(mod, info);
//根據前邊設置的模塊在內核的起始地址,節區的起始地址已經更新,但是節區中符號的地址還未進行更新,這里根據節區的內存地址更新符號地址
err = simplify_symbols(mod, info);
if (err < 0)
goto free_modinfo;
//對模塊中的重定位節區做重定位操作
err = apply_relocations(mod, info);
if (err < 0)
goto free_modinfo;
err = post_relocation(mod, info);
if (err < 0)
goto free_modinfo;
//Flush the instruction cache,no care
flush_module_icache(mod);
//把可選參數從用戶空間復制到內核空間
mod->args = strndup_user(uargs, ~0UL >> 1);
if (IS_ERR(mod->args)) {
err = PTR_ERR(mod->args);
goto free_arch_cleanup;
}
//處理用于debug節區
dynamic_debug_setup(info->debug, info->num_debug);
//確認是否有重定義符號,并且設置模塊狀態為正在運行
err = complete_formation(mod, info);
if (err)
goto ddebug_cleanup;
/* Module is ready to execute: parsing args may do that. */
//分析參數是否有效
err = parse_args(mod->name, mod->args, mod->kp, mod->num_kp,-32768, 32767, unknown_module_param_cb);
if (err < 0)
goto bug_cleanup;
//sysfs文件系統相關,在sysfs中創建模塊相應的項
err = mod_sysfs_setup(mod, info, mod->kp, mod->num_kp);
if (err < 0)
goto bug_cleanup;
//釋放臨時模塊鏡像和其他臨時輔助內存區
free_copy(info);
/* */
trace_module_load(mod);
//調用do_init_module開始運行模塊
return do_init_module(mod);
bug_cleanup:
/* module_bug_cleanup needs module_mutex protection */
mutex_lock(&module_mutex);
module_bug_cleanup(mod);
mutex_unlock(&module_mutex);
ddebug_cleanup:
dynamic_debug_remove(info->debug);
synchronize_sched();
kfree(mod->args);
free_arch_cleanup:
module_arch_cleanup(mod);
free_modinfo:
free_modinfo(mod);
free_unload:
module_unload_free(mod);
unlink_mod:
mutex_lock(&module_mutex);
/* Unlink carefully: kallsyms could be walking list. */
list_del_rcu(&mod->list);
wake_up_all(&module_wq);
mutex_unlock(&module_mutex);
free_module:
module_deallocate(mod, info);
free_copy:
free_copy(info);
return err;
}
static int module_sig_check(struct load_info *info)
{
//#define MODULE_SIG_STRING "~Module signature appended~\n"
int err = -ENOKEY;
const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1;
const void *mod = info->hdr;
//elf文件長度是否大于簽名字符串長度,并且比較該elf格式的模塊文件是否在文件末尾有signature string。若有的話則將該文件長度減去該字符串長度,并確認該簽名是module類型。
if (info->len > markerlen && memcmp(mod + info->len - markerlen, MODULE_SIG_STRING, markerlen) == 0)
{
info->len -= markerlen;//模塊長度減去簽名字符串的長度
err = mod_verify_sig(mod, &info->len);//驗證模塊簽名
}
if (!err) {
info->sig_ok = true;
return 0;
}
/* Not having a signature is only an error if we're strict. */
if (err < 0 && fips_enabled)
panic("Module verification failed with error %d in FIPS mode\n",err);
if (err == -ENOKEY && !sig_enforce)
err = 0;
return err;
}
struct module_signature {
u8 algo; /* Public-key crypto algorithm [enum pkey_algo] */
u8 hash; /* Digest algorithm [enum pkey_hash_algo] */
u8 id_type; /* Key identifier type [enum pkey_id_type] */
u8 signer_len; /* Length of signer's name */
u8 key_id_len; /* Length of key identifier */
u8 __pad[3];
__be32 sig_len; /* Length of signature data */
};
int mod_verify_sig(const void *mod, unsigned long *_modlen)
{
//mod是模塊文件起始地址,_modlen是模塊文件的大小(去掉了最后的簽名字符串長度)
struct public_key_signature *pks;
struct module_signature ms;
struct key *key;
const void *sig;
size_t modlen = *_modlen, sig_len;
int ret;
pr_devel("==>%s(,%zu)\n", __func__, modlen);
//檢查長度
if (modlen <= sizeof(ms))
return -EBADMSG;
//如果.ko文件最后有簽名字符串的話,則簽名字符串之上有一個module_signature結構,讀出這個結構的內容
memcpy(&ms, mod + (modlen - sizeof(ms)), sizeof(ms));
modlen -= sizeof(ms);//相應修改模塊文件長度
sig_len = be32_to_cpu(ms.sig_len);//獲得簽名數據長度
if (sig_len >= modlen)
return -EBADMSG;
modlen -= sig_len;//模塊文件長度再減去簽名數據長度
if ((size_t)ms.signer_len + ms.key_id_len >= modlen)
return -EBADMSG;
//模塊文件長度再減去簽名人名字長度和key長度
modlen -= (size_t)ms.signer_len + ms.key_id_len;
*_modlen = modlen;//去掉簽名驗證的信息后返回模塊真實size
//文件指針移到簽名信息處
sig = mod + modlen;
/* For the moment, only support RSA and X.509 identifiers */
if (ms.algo != PKEY_ALGO_RSA || ms.id_type != PKEY_ID_X509)
return -ENOPKG;
if (ms.hash >= PKEY_HASH__LAST || !pkey_hash_algo[ms.hash])
return -ENOPKG;
//將signer name和key identifier從文件sig處讀出來,返回key
key = request_asymmetric_key(sig, ms.signer_len,sig + ms.signer_len, ms.key_id_len);
if (IS_ERR(key))
return PTR_ERR(key);
//Digest the module contents.
pks = mod_make_digest(ms.hash, mod, modlen);
if (IS_ERR(pks)) {
ret = PTR_ERR(pks);
goto error_put_key;
}
//Extract an MPI array from the signature data. This represents the actual signature. Each raw MPI is prefaced by a BE 2-byte value indicating the size of the MPI in bytes.RSA signatures only have one MPI, so currently we only read one.
ret = mod_extract_mpi_array(pks, sig + ms.signer_len + ms.key_id_len,sig_len);
if (ret < 0)
goto error_free_pks;
//Initiate the use of an asymmetric key to verify a signature
//key: The asymmetric key to verify against
//sig: The signature to check
ret = verify_signature(key, pks);
pr_devel("verify_signature() = %d\n", ret);
error_free_pks:
mpi_free(pks->rsa.s);
kfree(pks);
error_put_key:
key_put(key);
pr_devel("<==%s() = %d\n", __func__, ret);
return ret;
}
static int elf_header_check(struct load_info *info)
{
if (info->len < sizeof(*(info->hdr)))
return -ENOEXEC;
//檢查elf文件頭,以及文件類型(.ko文件必是可重定位文件),架構以及節區大小是否設置正確
if (memcmp(info->hdr->e_ident, ELFMAG, SELFMAG) != 0|| info->hdr->e_type != ET_REL
|| !elf_check_arch(info->hdr)|| info->hdr->e_shentsize != sizeof(Elf_Shdr))
return -ENOEXEC;
//檢查節區的偏移地址
if (info->hdr->e_shoff >= info->len
|| (info->hdr->e_shnum * sizeof(Elf_Shdr) >info->len - info->hdr->e_shoff))
return -ENOEXEC;
return 0;
}
static struct module *layout_and_allocate(struct load_info *info, int flags)
{
struct module *mod;
int err;
//設置info結構,并檢查module_layout的crc值,并返回一個存儲在.gnu.linkonce.this_module節區中的struct module結構,該module的起始地址正是.gnu.linkonce.this_module節區起始地址
mod = setup_load_info(info, flags);
if (IS_ERR(mod))
return mod;
//檢查.modinfo節區中的信息,包括version magic
err = check_modinfo(mod, info, flags);
if (err)
return ERR_PTR(err);
//什么也不做,返回0
err = module_frob_arch_sections(info->hdr, info->sechdrs,info->secstrings, mod);
if (err < 0)
return ERR_PTR(err);
//移除SHF_ALLOC標志
info->sechdrs[info->index.pcpu].sh_flags &= ~(unsigned long)SHF_ALLOC;
//只有節區頭部設置了SHF_ALLOC標志,才最終存于內存中,且內存分為init部分和core部分
layout_sections(mod, info);
//為symbol section以及跟它相關的string table布置位置,更新相關size
layout_symtab(mod, info);
//為mod指向的臨時鏡像中標記了SHF_ALLOC節區分配內存,并從臨時鏡像復制到最終的位置,并且修改節區的起始地址
err = move_module(mod, info);
if (err)
return ERR_PTR(err);
//因為前邊已將模塊靠誒到最終的內存位置,所以各個節區的起始地址已經改變,之前mod指向的地址已經無效,所以重新將新的“.gnu.linkonce.this_module”節區的起始地址(指向一個module對象)賦給mod對象
mod = (void *)info->sechdrs[info->index.mod].sh_addr;
//掃描檢查內存泄露???
kmemleak_load_module(mod, info);
return mod;
}
static struct module *setup_load_info(struct load_info *info)
{
unsigned int i;
int err;
struct module *mod;
//找到節區頭部表開始地址
info->sechdrs = (void *)info->hdr + info->hdr->e_shoff;
//找到節區名稱的字符串節區的起始地址
info->secstrings = (void *)info->hdr + info->sechdrs[info->hdr->e_shstrndx].sh_offset;
//根據elf格式的.ko文件拷貝到內核空間內存中的虛擬地址為基地址(即(void *)info->hdr),重寫節區在內存映像中節區第一個字節應處的位置
err = rewrite_section_headers(info);
if (err)
return ERR_PTR(err);
/*遍歷所有節區找到符號表(類型為 SHT_SYMTAB 的唯一段)和相關的符號字符串表的位置,
前者的 sh_link 即為后者的段索引*/
for (i = 1; i < info->hdr->e_shnum; i++) {
if (info->sechdrs[i].sh_type == SHT_SYMTAB){
//找到符號表節區.symtab索引
info->index.sym = i;
//找到符號表字符串節區索引,即.strtab節區
info->index.str = info->sechdrs[i].sh_link;
//字符串節區內容開始地址
info->strtab = (char *)info->hdr + info->sechdrs[info->index.str].sh_offset;
break;
}
}
//在.gnu.linkonce.this_module節區中,有一個struct module的實例,此結構大部分成員是NULL,編譯器只是初始化了name,init,exit和arch等幾個成員。
info->index.mod = find_sec(info, ".gnu.linkonce.this_module");
if (!info->index.mod) {
printk(KERN_WARNING "No module found in object\n");
return ERR_PTR(-ENOEXEC);
}
//mod指向 struct module的實例,該實例中提供了模塊的名稱和指向初始化以及清理函數的指針,但其他成員仍然初始化為 NULL 或 0. 將該模塊的地址暫時設為臨時映像中節區給出的地址,后邊會對module的地址再做出修正.
mod = (void *)info->sechdrs[info->index.mod].sh_addr;
if (info->index.sym == 0) {
printk(KERN_WARNING "%s: module has no symbols (stripped?)\n", mod->name);
return ERR_PTR(-ENOEXEC);
}
//查找".data..percpu"節區索引號
info->index.pcpu = find_pcpusec(info);
//檢查模塊中“module_layout”符號的crc值,若失敗則打印著名模塊加載錯誤“Exec format error ”
if (!check_modstruct_version(info->sechdrs, info->index.vers, mod))
return ERR_PTR(-ENOEXEC);
return mod;
}
static int rewrite_section_headers(struct load_info *info, int flags)
{
unsigned int i;
info->sechdrs[0].sh_addr = 0;//節區0地址是0,表示此節區不出現在內存映像中
for (i = 1; i < info->hdr->e_shnum; i++) {
Elf_Shdr *shdr = &info->sechdrs[i];
//判斷節區size
if (shdr->sh_type != SHT_NOBITS && info->len < shdr->sh_offset + shdr->sh_size) {
printk(KERN_ERR "Module len %lu truncated\n",info->len);
return -ENOEXEC;
}
//在elf文件拷貝到內核空間的基地址基礎上重新設置節區在內核空間的起始地址,shdr->sh_addr表示節區在內存映像中節區第一個字節應處的位置
shdr->sh_addr = (size_t)info->hdr + shdr->sh_offset;
#ifndef CONFIG_MODULE_UNLOAD
/* Don't load .exit sections */
if (strstarts(info->secstrings+shdr->sh_name, ".exit"))
shdr->sh_flags &= ~(unsigned long)SHF_ALLOC;
#endif
}
//找到__versions和.modinfo節區,并記錄節區索引
if (flags & MODULE_INIT_IGNORE_MODVERSIONS)
info->index.vers = 0;
else
info->index.vers = find_sec(info, "__versions");
info->index.info = find_sec(info, ".modinfo");
//這兩個節區清楚SHF_ALLOC標志,表示此節區在進程執行過程中不占用內存
info->sechdrs[info->index.info].sh_flags &= ~(unsigned long)SHF_ALLOC;
info->sechdrs[info->index.vers].sh_flags &= ~(unsigned long)SHF_ALLOC;
return 0;
}
static inline int check_modstruct_version(Elf_Shdr *sechdrs,unsigned int versindex,struct module *mod)
{
const unsigned long *crc;
//查找系統內核中“module_layout”符號,并返回該符號的crc值
if (!find_symbol(VMLINUX_SYMBOL_STR(module_layout), NULL,&crc, true, false))
BUG();
//系統中“module_layout”符號的crc值與模塊中的“module_layout”符號crc值是否一致
return check_version(sechdrs, versindex,VMLINUX_SYMBOL_STR(module_layout), mod, crc,NULL);
}
//查找符號使用的結構體
struct find_symbol_arg {
//輸入
const char *name;//要查找的符號名
bool gplok;//如果為真,則表示內核模塊支持GPL許可
bool warn;//警告信息標志
//輸出
struct module *owner;//該符號所屬的模塊
const unsigned long *crc;//該符號的crc值
const struct kernel_symbol *sym;//符號結構
};
const struct kernel_symbol *find_symbol(const char *name,struct module **owner,const unsigned long **crc,bool gplok,bool warn)
{
//設置查找符號參數結構
struct find_symbol_arg fsa;
fsa.name = name;
fsa.gplok = gplok;
fsa.warn = warn;
//查找符號,填寫符號參數結構的輸出部分
if (each_symbol_section(find_symbol_in_section, &fsa)) {
if (owner)//NULL,下邊不需賦值
*owner = fsa.owner;
if (crc)//得到該符號的crc值
*crc = fsa.crc;
//返回以name命名的內核符號結構
return fsa.sym;
}
//沒有找到內核符號,返回NULL
pr_debug("Failed to find symbol %s\n", name);
return NULL;
}
bool each_symbol_section(bool (*fn)(const struct symsearch *arr,struct module *owner,void *data),void *data)
{
struct module *mod;
//第一部分在內核導出的符號表中查找對應的符號,找到就返回對應的符號信息,否則,再進行第二部分查找.
/*struct symsearch {
const struct kernel_symbol *start, *stop;
const unsigned long *crcs;
enum {
NOT_GPL_ONLY,
GPL_ONLY,
WILL_BE_GPL_ONLY,
} licence;
bool unused;
};
*/
static const struct symsearch arr[] = {
{ __start___ksymtab, __stop___ksymtab,
__start___kcrctab,NOT_GPL_ONLY, false },
{ __start___ksymtab_gpl, __stop___ksymtab_gpl,
__start___kcrctab_gpl,GPL_ONLY, false },
{ __start___ksymtab_gpl_future, __stop___ksymtab_gpl_future,
__start___kcrctab_gpl_future,WILL_BE_GPL_ONLY, false },
#ifdef CONFIG_UNUSED_SYMBOLS
{ __start___ksymtab_unused, __stop___ksymtab_unused,
__start___kcrctab_unused,NOT_GPL_ONLY, true },
{ __start___ksymtab_unused_gpl, __stop___ksymtab_unused_gpl,
__start___kcrctab_unused_gpl,GPL_ONLY, true },
#endif
};
if (each_symbol_in_section(arr, ARRAY_SIZE(arr), NULL, fn, data))
return true;
//在內核導出的符號表中沒有找到對應的符號,則在系統已加載的模塊中查找
list_for_each_entry_rcu(mod, &modules, list) {
struct symsearch arr[] = {
{ mod->syms, mod->syms + mod->num_syms,
mod->crcs,NOT_GPL_ONLY, false },
{ mod->gpl_syms, mod->gpl_syms + mod->num_gpl_syms,
mod->gpl_crcs,GPL_ONLY, false },
{ mod->gpl_future_syms,mod->gpl_future_syms + mod->num_gpl_future_syms,
mod->gpl_future_crcs,WILL_BE_GPL_ONLY, false },
#ifdef CONFIG_UNUSED_SYMBOLS
{ mod->unused_syms,mod->unused_syms + mod->num_unused_syms,
mod->unused_crcs, NOT_GPL_ONLY, true },
{ mod->unused_gpl_syms,mod->unused_gpl_syms + mod->num_unused_gpl_syms,
mod->unused_gpl_crcs,GPL_ONLY, true },
#endif
};
//若模塊狀態為MODULE_STATE_UNFORMED,則此模塊的符號不可用
if (mod->state == MODULE_STATE_UNFORMED)
continue;
if (each_symbol_in_section(arr, ARRAY_SIZE(arr), mod, fn, data))
return true;
}
return false;
}
static bool each_symbol_in_section(const struct symsearch *arr,unsigned int arrsize,struct module *owner,bool (*fn)(const struct symsearch *syms,struct module *owner,void *data),void *data)
{
unsigned int j;
//調用find_symbol_in_section()對每個數組指定的符號地址范圍進行查找
for (j = 0; j < arrsize; j++) {
if (fn(&arr[j], owner, data))//調用find_symbol_in_section()
return true;
}
return false;
}
static bool find_symbol_in_section(const struct symsearch *syms,struct module *owner,void *data)
{
struct find_symbol_arg *fsa = data;
struct kernel_symbol *sym;
//在范圍內查找符號名為fsa->name的內核符號
sym = bsearch(fsa->name, syms->start, syms->stop - syms->start,sizeof(struct kernel_symbol), cmp_name);
//若找到內核符號,則對其進行check是否有效
if (sym != NULL && check_symbol(syms, owner, sym - syms->start, data))
return true;
return false;
}
void *bsearch(const void *key, const void *base, size_t num, size_t size,int (*cmp)(const void *key, const void *elt))
{
size_t start = 0, end = num;
int result;
while (start < end) {//折半查找
size_t mid = start + (end - start) / 2;
//調用cmp_name()函數比較符號名是否一致
result = cmp(key, base + mid * size);
if (result < 0)
end = mid;
else if (result > 0)
start = mid + 1;
else
return (void *)base + mid * size;
}
return NULL;
}
static int cmp_name(const void *va, const void *vb)
{
const char *a;
const struct kernel_symbol *b;
a = va; b = vb;
return strcmp(a, b->name);
}
static bool check_symbol(const struct symsearch *syms,struct module *owner,unsigned int symnum, void *data)
{
struct find_symbol_arg *fsa = data;
if (!fsa->gplok) {//若未設置gplok,則必須為GPL許可
if (syms->licence == GPL_ONLY)
return false;
if (syms->licence == WILL_BE_GPL_ONLY && fsa->warn) {
printk(KERN_WARNING "Symbol %s is being used "
"by a non-GPL module, which will not "
"be allowed in the future\n", fsa->name);
}
}
#ifdef CONFIG_UNUSED_SYMBOLS
if (syms->unused && fsa->warn) {
printk(KERN_WARNING "Symbol %s is marked as UNUSED, "
"however this module is using it.\n", fsa->name);
printk(KERN_WARNING"This symbol will go away in the future.\n");
printk(KERN_WARNING
"Please evalute if this is the right api to use and if "
"it really is, submit a report the linux kernel "
"mailinglist together with submitting your code for "
"inclusion.\n");
}
#endif
fsa->owner = owner;//符號所屬模塊
//#define symversion(base, idx) ((base != NULL) ? ((base) + (idx)) : NULL)
fsa->crc = symversion(syms->crcs, symnum);//符號的crc值
fsa->sym = &syms->start[symnum];//返回的符號結構
return true;
}
static int check_version(Elf_Shdr *sechdrs,unsigned int versindex,const char *symname,struct module *mod, const unsigned long *crc,const struct module *crc_owner)
{
unsigned int i, num_versions;
struct modversion_info *versions;
//若系統中的該符號crc值為0,則直接返回1完事
if (!crc)
return 1;
//若該模塊的elf格式文件中沒有__versions節區,則嘗試強制加載模塊
//但是try_to_force_load()函數的實現依賴于CONFIG_MODULE_FORCE_LOAD宏是否定義。而該宏默認是沒有定義的,所以這里會返回失敗,看來內核并不推薦強制加載模塊。
if (versindex == 0)
return try_to_force_load(mod, symname) == 0;
//找到模塊“__versions”節區在內存映像中的起始地址。相當于節區的contents內容
versions = (void *) sechdrs[versindex].sh_addr;
num_versions = sechdrs[versindex].sh_size/ sizeof(struct modversion_info);
for (i = 0; i < num_versions; i++) {
if (strcmp(versions[i].name, symname) != 0)//在此節區中找到要比較的符號
continue;
//比較該模塊中的符號crc值和現在系統上的內核符號的crc值是否一致
if (versions[i].crc == maybe_relocated(*crc, crc_owner))
return 1;
pr_debug("Found checksum %lX vs module %lX\n",maybe_relocated(*crc, crc_owner), versions[i].crc);
goto bad_version;
}
//若在“__versions”節區沒有找到要比較的符號,則會給出加載模塊時常見錯誤:“no symbol version for”
printk(KERN_WARNING "%s: no symbol version for %s\n",mod->name, symname);
return 0;
bad_version:
//如果比較符號的額crc值不一致,則會給出加載模塊時常見錯誤“disagrees about version of symbol”
printk("%s: disagrees about version of symbol %s\n",mod->name, symname);
return 0;
}
static int try_to_force_load(struct module *mod, const char *reason)
{
#ifdef CONFIG_MODULE_FORCE_LOAD
//若選項CONFIG_MODULE_FORCE_LOAD打開,則檢查tainted_mask是否設置了TAINT_FORCED_MODULE標志,若沒有給出警告信息
if (!test_taint(TAINT_FORCED_MODULE))
printk(KERN_WARNING "%s: %s: kernel tainted.\n",mod->name, reason);
//設置mod->taints和tainted_mask的TAINT_FORCED_MODULE標志,表示強制加載該模塊,并返回正確值0
add_taint_module(mod, TAINT_FORCED_MODULE, LOCKDEP_NOW_UNRELIABLE);
return 0;
#else
//若選項CONFIG_MODULE_FORCE_LOAD未打開,則直接返回錯誤
return -ENOEXEC;
#endif
}
static int check_modinfo(struct module *mod, struct load_info *info, int flags)
{
//從模塊.modinfo節區中獲得version magic
const char *modmagic = get_modinfo(info, "vermagic");
int err;
if (flags & MODULE_INIT_IGNORE_VERMAGIC)
modmagic = NULL;
//若version magic為0,則嘗試強制加載
if (!modmagic) {
err = try_to_force_load(mod, "bad vermagic");
if (err)
return err;
}
//與內核的vermagic是否一致,若不一致,給出著名錯誤:“version magic ... should be ...”,返回錯誤碼
else if (!same_magic(modmagic, vermagic, info->index.vers)) {
printk(KERN_ERR "%s: version magic '%s' should be '%s'\n",mod->name, modmagic, vermagic);
return -ENOEXEC;
}
//返回.modinfo節區中intree=“...”的內容,若不存在設置標志TAINT_OOT_MODULE
if (!get_modinfo(info, "intree"))
add_taint_module(mod, TAINT_OOT_MODULE, LOCKDEP_STILL_OK);
//返回.modinfo節區中staging=“...”的內容,存在設置標志TAINT_CRAP
if (get_modinfo(info, "staging")) {
add_taint_module(mod, TAINT_CRAP, LOCKDEP_STILL_OK);
printk(KERN_WARNING "%s: module is from the staging directory,"" the quality is unknown, you have been warned.\n",mod->name);
}
//取出.modinfo節區的license字段指定的license類型,并對此license檢查
set_license(mod, get_modinfo(info, "license"));
return 0;
}
static char *get_modinfo(struct load_info *info, const char *tag)
{
char *p;
unsigned int taglen = strlen(tag);
//找到模塊.modinfo節區
Elf_Shdr *infosec = &info->sechdrs[info->index.info];
unsigned long size = infosec->sh_size;
//查找.modinfo節區中的內容,返回"*tag"字符串=后邊的內容
for (p = (char *)infosec->sh_addr; p; p = next_string(p, &size))
{
if (strncmp(p, tag, taglen) == 0 && p[taglen] == '=')
return p + taglen + 1;
}
return NULL;
}
static inline int same_magic(const char *amagic, const char *bmagic, bool has_crcs)
{
//從字符串中依次取出以“ ”結尾的字符串段進行比較
if (has_crcs) {
amagic += strcspn(amagic, " ");
bmagic += strcspn(bmagic, " ");
}
return strcmp(amagic, bmagic) == 0;
}
static void set_license(struct module *mod, const char *license)
{
if (!license)
license = "unspecified";
//比較模塊的license類型是否是內核指定的GPL類型,若不是則設置TAINT_PROPRIETARY_MODULE標志
if (!license_is_gpl_compatible(license)) {
if (!test_taint(TAINT_PROPRIETARY_MODULE))
printk(KERN_WARNING "%s: module license '%s' taints kernel.\n", mod->name, license);
add_taint_module(mod, TAINT_PROPRIETARY_MODULE,LOCKDEP_NOW_UNRELIABLE);
}
}
static inline int license_is_gpl_compatible(const char *license)
{
return (strcmp(license, "GPL") == 0
|| strcmp(license, "GPL v2") == 0
|| strcmp(license, "GPL and additional rights") == 0
|| strcmp(license, "Dual BSD/GPL") == 0
|| strcmp(license, "Dual MIT/GPL") == 0
|| strcmp(license, "Dual MPL/GPL") == 0);
}
static void layout_sections(struct module *mod, struct load_info *info)
{
//注意:節的復制是按照原來ELF的順序,將所有標志包含SHF_ALLOC的節都復制到相應的分配空間(module_core/module_init),例外的情況是SHT_NOBITS,也就是BSS段,文件中沒有分配空間,因此不需要復制.
//sections函數首先為標記了SHF_ALLOC的section定義了四種類型:code, read-only data,read-write data和small data. 帶有SHF_ALLOC的section必定屬于四類中的一類。函數遍歷section header table中的所有項,將section name不是以".init"開始的section劃歸為COREsection. 以".init"開始的section劃歸為INIT section.
static unsigned long const masks[][2] = {
{ SHF_EXECINSTR | SHF_ALLOC, ARCH_SHF_SMALL },//code
{ SHF_ALLOC, SHF_WRITE | ARCH_SHF_SMALL },//read only data
{ SHF_WRITE | SHF_ALLOC, ARCH_SHF_SMALL },//read-write data
{ ARCH_SHF_SMALL | SHF_ALLOC, 0 }//small data
};
unsigned int m, i;
//遍歷所有節區初始化sh_entsize成員
//某些節區中包含固定大小的項目,如符號表。對于這類節區,此成員sh_entsize給出每個表項的長度字節數。如果節區中并不包含固定長度表項的表格,此成員取值為 0。
for (i = 0; i < info->hdr->e_shnum; i++)
info->sechdrs[i].sh_entsize = ~0UL;
//劃分為兩部分: CORE INIT
//第1部分CORE:查找標志中含有SHF_ALLOC的section
for (m = 0; m < ARRAY_SIZE(masks); ++m) {
for (i = 0; i < info->hdr->e_shnum; ++i) {
Elf_Shdr *s = &info->sechdrs[i];
//找到節區名
const char *sname = info->secstrings + s->sh_name;
//含有SHF_ALLOC的section需要加載到最終的內存
//含有SHF_ALLOC的section并且不以init開頭的節區劃分到CORE部分
if ((s->sh_flags & masks[m][0]) != masks[m][0]
|| (s->sh_flags & masks[m][1])
|| s->sh_entsize != ~0UL || strstarts(sname, ".init"))
continue;
//把由于對齊產生的偏移保存到節區的sh_entsize字段,后邊mod通過sh_entsize就可以找到該節區存儲的位置。并把符合要求的節區大小加到mod->core_size
s->sh_entsize = get_offset(mod, &mod->core_size, s, i);
}
//由于我們節的復制是按順序的,而.text節是第一個節,因此mod->module_core實際上指向的就是.text段。而mod->core_text_size中也包含了.text節的大小.
switch (m) {
case 0: //可執行的段,代碼段都一樣
mod->core_size = debug_align(mod->core_size);
mod->core_text_size = mod->core_size;
break;
case 1: //只讀段
mod->core_size = debug_align(mod->core_size);
mod->core_ro_size = mod->core_size;
break;
case 3: //所有段
mod->core_size = debug_align(mod->core_size);
break;
}
}
//第2部分INIT
for (m = 0; m < ARRAY_SIZE(masks); ++m) {
for (i = 0; i < info->hdr->e_shnum; ++i) {
Elf_Shdr *s = &info->sechdrs[i];
const char *sname = info->secstrings + s->sh_name;
//含有SHF_ALLOC的section需要加載到最終的內存
//含有SHF_ALLOC的section并且以init開頭的劃分到INIT部分
if ((s->sh_flags & masks[m][0]) != masks[m][0]
|| (s->sh_flags & masks[m][1])
|| s->sh_entsize != ~0UL
|| !strstarts(sname, ".init"))
continue;
//把由于對齊產生的偏移保存到節區的sh_entsize字段,并把符合要求的節區大小加到 mod->init_size
s->sh_entsize = (get_offset(mod, &mod->init_size, s, i) | INIT_OFFSET_MASK);
}
switch (m) {
case 0://代碼段
mod->init_size = debug_align(mod->init_size);
mod->init_text_size = mod->init_size;
break;
case 1://只讀段
mod->init_size = debug_align(mod->init_size);
mod->init_ro_size = mod->init_size;
break;
case 3://所有段
mod->init_size = debug_align(mod->init_size);
break;
}
}
}
static long get_offset(struct module *mod, unsigned int *size,Elf_Shdr *sechdr, unsigned int section)
{
//#define ALIGN(x, a) __ALIGN_KERNEL((x), (a))
//#define __ALIGN_KERNEL(x, a) __ALIGN_KERNEL_MASK(x, (typeof(x))(a) - 1)
//#define __ALIGN_KERNEL_MASK(x, mask) (((x) + (mask)) & ~(mask))
long ret;
*size += arch_mod_section_prepend(mod, section);//空函數,返回0
ret = ALIGN(*size, sechdr->sh_addralign ?: 1);//返回*size字節對齊后的值
*size = ret + sechdr->sh_size;//把當前節區的size也加到*size上
return ret;
}
static void layout_symtab(struct module *mod, struct load_info *info)
{
Elf_Shdr *symsect = info->sechdrs + info->index.sym;//找到符號表節區頭部
Elf_Shdr *strsect = info->sechdrs + info->index.str;//找到字符串表節區頭部
const Elf_Sym *src;
unsigned int i, nsrc, ndst, strtab_size = 0;
//符號節區設置SHF_ALLOC標志,表示在內存占空間
symsect->sh_flags |= SHF_ALLOC;
//設置符號表節區每個表項的長度字節數,并把符號表的size加到mod->init_size
symsect->sh_entsize = get_offset(mod, &mod->init_size, symsect,info->index.sym) | INIT_OFFSET_MASK;
pr_debug("\t%s\n", info->secstrings + symsect->sh_name);
src = (void *)info->hdr + symsect->sh_offset;//符號表節區內容起始地址
nsrc = symsect->sh_size / sizeof(*src);//符號表項個數
//計算該模塊包含的所有符號名長度所占的空間
for (ndst = i = 0; i < nsrc; i++) {
//is_core_symbol檢查符號是否有效且屬于SHF_ALLOC
if (i == 0 || is_core_symbol(src+i, info->sechdrs, info->hdr->e_shnum)) {
strtab_size += strlen(&info->strtab[src[i].st_name])+1;
ndst++;
}
}
//將mod->core_size按符號節區對齊約束對齊后得到的值返回給info->symoffs
info->symoffs = ALIGN(mod->core_size, symsect->sh_addralign ?: 1);
//將符號表節區內容(即ndst個符號表項)添加到core部分的后邊,并重新設置core部分的size。
info->stroffs = mod->core_size = info->symoffs + ndst * sizeof(Elf_Sym);
//core部分再把符號名的字符串所占空間加上
mod->core_size += strtab_size;
//注意:這里只是為符號項和符號的名稱長度分配了空間,還并沒有將內容拷貝過來,在下邊的add_kallsyms函數中進行拷貝!!!
//把字符串節區加到模塊的init部分
strsect->sh_flags |= SHF_ALLOC;//字符串節區也設置上需要內存空間標志
strsect->sh_entsize = get_offset(mod, &mod->init_size, strsect,info->index.str) | INIT_OFFSET_MASK;
pr_debug("\t%s\n", info->secstrings + strsect->sh_name);
}
static bool is_core_symbol(const Elf_Sym *src, const Elf_Shdr *sechdrs,unsigned int shnum)
{
const Elf_Shdr *sec;
//未定義的符號,或者符號索引號大于符號總個數,或者符號名為空則直接返回0
if (src->st_shndx == SHN_UNDEF|| src->st_shndx >= shnum|| !src->st_name)
return false;
//找到符號所在的節區,若該節區不占內存,則也返回0
sec = sechdrs + src->st_shndx;
if (!(sec->sh_flags & SHF_ALLOC)
#ifndef CONFIG_KALLSYMS_ALL
|| !(sec->sh_flags & SHF_EXECINSTR)
#endif
|| (sec->sh_entsize & INIT_OFFSET_MASK))
return false;
return true;
}
static int move_module(struct module *mod, struct load_info *info)
{
int i;
void *ptr;
//在內核空間為模塊的core部分分配空間,返回地址
ptr = module_alloc_update_bounds(mod->core_size);
//但是要掃描這個指針所分配的內存的內容。分配數據結構那么該結構本身不打印,但是會掃描結構內部的成員變量,是否引用其他指針。
kmemleak_not_leak(ptr);
if (!ptr)
return -ENOMEM;
memset(ptr, 0, mod->core_size);
mod->module_core = ptr;//地址賦給module_core成員
//在內核空間為init section分配內存,初始化后存儲在module對象的module_init成員中
if (mod->init_size) {
//為模塊的init部分分配空間,返回地址
ptr = module_alloc_update_bounds(mod->init_size);
kmemleak_ignore(ptr);
if (!ptr) {
module_free(mod, mod->module_core);
return -ENOMEM;
}
memset(ptr, 0, mod->init_size);
mod->module_init = ptr;//地址賦給module_init
} else
mod->module_init = NULL;
/* Transfer each section which specifies SHF_ALLOC */
pr_debug("final section addresses:\n");
//遍歷所有節區,拷貝需要占用內存(標志為SHF_ALLOC的節區)的段到init section 或core section,并且調整各個節區的運行時地址
for (i = 0; i < info->hdr->e_shnum; i++) {
void *dest;
Elf_Shdr *shdr = &info->sechdrs[i];
if (!(shdr->sh_flags & SHF_ALLOC))
continue;
//如果節區首部的sh_entsize的最高位設置的話,表示該段屬于init section,則從module_init開始的內存中獲取當前段應該存儲的地址,否則從module_core開始的內存中獲取當前段應該存儲的地址。
if (shdr->sh_entsize & INIT_OFFSET_MASK)
dest = mod->module_init + (shdr->sh_entsize & ~INIT_OFFSET_MASK);
else
dest = mod->module_core + shdr->sh_entsize;
//將當前節區的內容從ELF文件頭拷貝到指定的段(init section或core section)中
if (shdr->sh_type != SHT_NOBITS)
memcpy(dest, (void *)shdr->sh_addr, shdr->sh_size);
//更改節區的運行時地址,sh_addr原先存儲的地址是相對于ELF文件頭的地址,現在是在內核空間分配新的內存空間后,節區新的運行地址(即節區內容的起始地址)。
shdr->sh_addr = (unsigned long)dest;
pr_debug("\t0x%lx %s\n",(long)shdr->sh_addr, info->secstrings + shdr->sh_name);
}
return 0;
}
static void *module_alloc_update_bounds(unsigned long size)
{
//在內核空間中分配size大小的空間,返回起始地址
void *ret = module_alloc(size);
//更新模塊邊界值
if (ret) {
mutex_lock(&module_mutex);
if ((unsigned long)ret < module_addr_min)
module_addr_min = (unsigned long)ret;
if ((unsigned long)ret + size > module_addr_max)
module_addr_max = (unsigned long)ret + size;
mutex_unlock(&module_mutex);
}
return ret;
}
static int add_unformed_module(struct module *mod)
{
int err;
struct module *old;
mod->state = MODULE_STATE_UNFORMED;
again:
mutex_lock(&module_mutex);
//在內核中查找此模塊是否已加入鏈表
old = find_module_all(mod->name, strlen(mod->name), true);
if (old != NULL) {
if (old->state == MODULE_STATE_COMING|| old->state == MODULE_STATE_UNFORMED) {
/* Wait in case it fails to load. */
mutex_unlock(&module_mutex);
err = wait_event_interruptible(module_wq,finished_loading(mod->name));
if (err)
goto out_unlocked;
goto again;
}
err = -EEXIST;
goto out;
}
//若還沒有,則掛入全局模塊鏈表modules
list_add_rcu(&mod->list, &modules);
err = 0;
out:
mutex_unlock(&module_mutex);
out_unlocked:
return err;
}
static int module_unload_init(struct module *mod)
{
//初始化多處理下用于引用計數的refptr成員
mod->refptr = alloc_percpu(struct module_ref);
if (!mod->refptr)
return -ENOMEM;
//初始化module對象的鏈表
INIT_LIST_HEAD(&mod->source_list);
INIT_LIST_HEAD(&mod->target_list);
//模塊計數加1
__this_cpu_write(mod->refptr->incs, 1);
/* Backwards compatibility macros put refcount during init. */
mod->waiter = current;
return 0;
}
static void find_module_sections(struct module *mod, struct load_info *info)
{
mod->kp = section_objs(info, "__param",sizeof(*mod->kp), &mod->num_kp);
mod->syms = section_objs(info, "__ksymtab",sizeof(*mod->syms), &mod->num_syms);
mod->crcs = section_addr(info, "__kcrctab");
mod->gpl_syms = section_objs(info, "__ksymtab_gpl",sizeof(*mod->gpl_syms),&mod->num_gpl_syms);
mod->gpl_crcs = section_addr(info, "__kcrctab_gpl");
mod->gpl_future_syms = section_objs(info,"__ksymtab_gpl_future",
sizeof(*mod->gpl_future_syms),&mod->num_gpl_future_syms);
mod->gpl_future_crcs = section_addr(info, "__kcrctab_gpl_future");
#ifdef CONFIG_UNUSED_SYMBOLS
mod->unused_syms = section_objs(info, "__ksymtab_unused",sizeof(*mod->unused_syms),&mod->num_unused_syms);
mod->unused_crcs = section_addr(info, "__kcrctab_unused");
mod->unused_gpl_syms = section_objs(info, "__ksymtab_unused_gpl",sizeof(*mod->unused_gpl_syms),&mod->num_unused_gpl_syms);
mod->unused_gpl_crcs = section_addr(info, "__kcrctab_unused_gpl");
#endif
#ifdef CONFIG_CONSTRUCTORS
mod->ctors = section_objs(info, ".ctors",sizeof(*mod->ctors), &mod->num_ctors);
#endif
#ifdef CONFIG_TRACEPOINTS
mod->tracepoints_ptrs = section_objs(info, "__tracepoints_ptrs",sizeof(*mod->tracepoints_ptrs),&mod->num_tracepoints);
#endif
#ifdef HAVE_JUMP_LABEL
mod->jump_entries = section_objs(info, "__jump_table",sizeof(*mod->jump_entries),&mod->num_jump_entries);
#endif
#ifdef CONFIG_EVENT_TRACING
mod->trace_events = section_objs(info, "_ftrace_events",sizeof(*mod->trace_events),&mod->num_trace_events);
#endif
#ifdef CONFIG_TRACING
mod->trace_bprintk_fmt_start = section_objs(info, "__trace_printk_fmt",sizeof(*mod->trace_bprintk_fmt_start),&mod->num_trace_bprintk_fmt);
#endif
#ifdef CONFIG_FTRACE_MCOUNT_RECORD
/* sechdrs[0].sh_size is always zero */
mod->ftrace_callsites = section_objs(info, "__mcount_loc",sizeof(*mod->ftrace_callsites),&mod->num_ftrace_callsites);
#endif
mod->extable = section_objs(info, "__ex_table",sizeof(*mod->extable), &mod->num_exentries);
if (section_addr(info, "__obsparm"))
printk(KERN_WARNING "%s: Ignoring obsolete parameters\n",mod->name);
info->debug = section_objs(info, "__verbose",sizeof(*info->debug), &info->num_debug);
}
static void *section_objs(const struct load_info *info,const char *name,size_t object_size,unsigned int *num)
{
//根據節區名找到節區索引值
unsigned int sec = find_sec(info, name);
//計算節區項目數
*num = info->sechdrs[sec].sh_size / object_size;
//返回節區起始地址
return (void *)info->sechdrs[sec].sh_addr;
}
static int check_module_license_and_versions(struct module *mod)
{
if (strcmp(mod->name, "ndiswrapper") == 0)
add_taint(TAINT_PROPRIETARY_MODULE, LOCKDEP_NOW_UNRELIABLE);
/* driverloader was caught wrongly pretending to be under GPL */
if (strcmp(mod->name, "driverloader") == 0)
add_taint_module(mod, TAINT_PROPRIETARY_MODULE,LOCKDEP_NOW_UNRELIABLE);
/* lve claims to be GPL but upstream won't provide source */
if (strcmp(mod->name, "lve") == 0)
add_taint_module(mod, TAINT_PROPRIETARY_MODULE,LOCKDEP_NOW_UNRELIABLE);
#ifdef CONFIG_MODVERSIONS
if ((mod->num_syms && !mod->crcs)|| (mod->num_gpl_syms && !mod->gpl_crcs)
|| (mod->num_gpl_future_syms && !mod->gpl_future_crcs)
#ifdef CONFIG_UNUSED_SYMBOLS
|| (mod->num_unused_syms && !mod->unused_crcs)
|| (mod->num_unused_gpl_syms && !mod->unused_gpl_crcs)
#endif
) {
return try_to_force_load(mod,"no versions for exported symbols");
}
#endif
return 0;
}
static struct module_attribute *modinfo_attrs[] = {
&module_uevent,
&modinfo_version,
&modinfo_srcversion,
&modinfo_initstate,
&modinfo_coresize,
&modinfo_initsize,
&modinfo_taint,
#ifdef CONFIG_MODULE_UNLOAD
&modinfo_refcnt,
#endif
NULL,
};
static void setup_modinfo(struct module *mod, struct load_info *info)
{
struct module_attribute *attr;
int i;
for (i = 0; (attr = modinfo_attrs[i]); i++) {
if (attr->setup)
attr->setup(mod, get_modinfo(info, attr->attr.name));
}
}
static int simplify_symbols(struct module *mod, const struct load_info *info)
{
Elf_Shdr *symsec = &info->sechdrs[info->index.sym];
Elf_Sym *sym = (void *)symsec->sh_addr;
unsigned long secbase;
unsigned int i;
int ret = 0;
const struct kernel_symbol *ksym;
//遍歷模塊所有符號
for (i = 1; i < symsec->sh_size / sizeof(Elf_Sym); i++) {
const char *name = info->strtab + sym[i].st_name;
//不同符號類型必須進行不同的處理。
switch (sym[i].st_shndx) {
case SHN_COMMON://標注了一個尚未分配的公共塊符號
DEBUGP("Common symbol: %s\n", name);
printk("%s: please compile with -fno-common\n", mod->name);
ret = -ENOEXEC;
break;
case SHN_ABS://完全定義的符號是最容易的,因為什么也不需要做。
DEBUGP("Absolute symbol: 0x%08lx\n", (long)sym[i].st_value);
break;
case SHN_UNDEF://未定義的符號,會進行crc檢查
//會調用check_version檢查crc值是否一致,若一致返回內核中的同名符號
ksym = resolve_symbol_wait(mod, info, name);
//如果符號已經解決(crc一致),則沒有問題,將內核中的符號地址賦給模塊中的符號地址
if (ksym && !IS_ERR(ksym)) {
sym[i].st_value = ksym->value;//使用內核中的符號值
break;
}
//如果符號定義為弱的,也沒有問題
if (!ksym && ELF_ST_BIND(sym[i].st_info) == STB_WEAK)
break;
printk(KERN_WARNING "%s: Unknown symbol %s (err %li)\n", mod->name, name, PTR_ERR(ksym));
ret = PTR_ERR(ksym) ?: -ENOENT;
break;
//解決其他符號時(符號通過st_shndx成員指向固定的節區),根據節區新的起始地址
default:
if (sym[i].st_shndx == info->index.pcpu)
secbase = (unsigned long)mod_percpu(mod);
else
secbase = info->sechdrs[sym[i].st_shndx].sh_addr;
//根據符號所在節區的起始地址更改符號地址
sym[i].st_value += secbase;
break;
}
}
return ret;
}
static const struct kernel_symbol *resolve_symbol_wait(struct module *mod,const struct load_info *info, const char *name)
{
const struct kernel_symbol *ksym;
char owner[MODULE_NAME_LEN];
//調用resolve_symbol()函數
if (wait_event_interruptible_timeout(module_wq,!IS_ERR(ksym = resolve_symbol(mod, info, name, owner))|| PTR_ERR(ksym) != -EBUSY,30 * HZ) <=0) {
printk(KERN_WARNING "%s: gave up waiting for init of module %s.\n",mod->name, owner);
}
return ksym;
}
static const struct kernel_symbol *resolve_symbol(struct module *mod,const struct load_info *info,const char *name,char ownername[])
{
struct module *owner;
const struct kernel_symbol *sym;
const unsigned long *crc;
int err;
mutex_lock(&module_mutex);
//從內核中查找符號名為name的符號,并返回該符號的crc值
sym = find_symbol(name, &owner, &crc,!(mod->taints & (1 << TAINT_PROPRIETARY_MODULE)), true);
if (!sym)
goto unlock;
//檢查該內核中的符號和模塊中此未定義的符號的crc值是否一致
if (!check_version(info->sechdrs, info->index.vers, name, mod, crc,owner)) {
sym = ERR_PTR(-EINVAL);
goto getname;
}
//更新模塊的依賴關系,即修正模塊的source_list和target_list鏈表
err = ref_module(mod, owner);
if (err) {
sym = ERR_PTR(err);
goto getname;
}
getname:
strncpy(ownername, module_name(owner), MODULE_NAME_LEN);
unlock:
mutex_unlock(&module_mutex);
return sym;
}
static int apply_relocations(struct module *mod, const struct load_info *info)
{
unsigned int i;
int err = 0;
//遍歷所有的節區
for (i = 1; i < info->hdr->e_shnum; i++) {
//對于重定位節區來說,其sh_info指向重定位所適用的節區的節區頭部索引
//像.rel.text節區對應.text節區
unsigned int infosec = info->sechdrs[i].sh_info;
//如果當前節區附加的節區的索引大于節區的數目,則info不是一個有效的索引,不做處理。
if (infosec >= info->hdr->e_shnum)
continue;
//如果節區在執行過程中不占內存,則 不需要進行處理。
if (!(info->sechdrs[infosec].sh_flags & SHF_ALLOC))
continue;
//此節區包含重定位表項,其中沒有補齊,進行符號重定位,則調用apply_relocate來處理
if (info->sechdrs[i].sh_type == SHT_REL)
err = apply_relocate(info->sechdrs, info->strtab,info->index.sym, i, mod);
//此節區包含重定位表項,其中有補齊,進行符號重定位,則調用apply_relocate_add來處理
else if (info->sechdrs[i].sh_type == SHT_RELA)
err = apply_relocate_add(info->sechdrs, info->strtab,info->index.sym, i, mod);
if (err < 0)
break;
}
return err;
}
int apply_relocate(Elf32_Shdr *sechdrs,const char *strtab,unsigned int symindex,unsigned int relsec,struct module *me)
{
//sechdrs表示節區頭部表起始地址,strtab表示字符串節區的內容,symindex表示符號節區在節區頭部表的索引值,relsec表示重定位節區的索引值(例如:.rel.text節區),該節區的內容是重定位結構的表項
unsigned int i;
//找到重定位節區中的重定位表項起始地址
Elf32_Rel *rel = (void *)sechdrs[relsec].sh_addr;
Elf32_Sym *sym;
uint32_t *location;
DEBUGP("Applying relocate section %u to %u\n",relsec, sechdrs[relsec].sh_info);
//遍歷重定位節區中的重定位表項
for (i = 0; i < sechdrs[relsec].sh_size / sizeof(*rel); i++) {
//r_offset指定在此節區的區間r_offset處需要重新填寫這個符號(.r_info指定)的絕對地址。找到重定位的位置,重定位節區relsec的sh_info表示重定位所適用的節區的節區頭部索引值
//像.rel.text節區對應.text節區
location = (void *)sechdrs[sechdrs[relsec].sh_info].sh_addr+ rel[i].r_offset;
//找到重定位的符號,ELF32_R_SYM(rel[i].r_info)表示這個符號在在符號表節區的內容中的索引值
sym = (Elf32_Sym *)sechdrs[symindex].sh_addr+ ELF32_R_SYM(rel[i].r_info);
//sym->st_value是符號的絕對地址
switch (ELF32_R_TYPE(rel[i].r_info)) {//重定位類型
case R_386_32://絕對地址修正
//在要被修正地址處loc,把該地址下的值加上符號的絕對地址,等于這個位置處的取值就是符號地址了,一般來說*location初始值是0,加上符號絕對地址就能在此位置處找到符號地址了
*location += sym->st_value;
break;
case R_386_PC32://相對地址修正
/* Add the value, subtract its position */
*location += sym->st_value - (uint32_t)location;
break;
default:
pr_err("%s: Unknown relocation: %u\n",me->name, ELF32_R_TYPE(rel[i].r_info));
return -ENOEXEC;
}
}
return 0;
}
static int post_relocation(struct module *mod, const struct load_info *info)
{
//對模塊的異常表進行排序
sort_extable(mod->extable, mod->extable + mod->num_exentries);
//因為mod對象已經復制到了內核中的最終位置,拷貝模塊的percpu數據到mod對象的內存地址處。
percpu_modcopy(mod, (void *)info->sechdrs[info->index.pcpu].sh_addr,info->sechdrs[info->index.pcpu].sh_size);
//初始化module對象中中字符串表、符號表相關的成員,初始化core部分中的字符串表和符號表
add_kallsyms(mod, info);
/* Arch-specific module finalizing. */
return module_finalize(info->hdr, info->sechdrs, mod);//x86是空函數
}
static void add_kallsyms(struct module *mod, const struct load_info *info)
{
unsigned int i, ndst;
const Elf_Sym *src;
Elf_Sym *dst;
char *s;
Elf_Shdr *symsec = &info->sechdrs[info->index.sym];//符號表節區
//符號表節區開始地址
mod->symtab = (void *)symsec->sh_addr;
//符號表項個數
mod->num_symtab = symsec->sh_size / sizeof(Elf_Sym);
//找到字符串節區
mod->strtab = (void *)info->sechdrs[info->index.str].sh_addr;
//遍歷符號表節區中的符號表項,獲取符號的屬性(STB_LOCAL,STB_GLOBAL...)
for (i = 0; i < mod->num_symtab; i++)
mod->symtab[i].st_info = elf_type(&mod->symtab[i], info);
//將core部分存儲符號項的偏移地址info->symoffs加上core部分的起始地址得到存儲符號項的地址。將符號表項的地址付給core_symtab成員,符號名稱起始地址付給core_strtab成員
mod->core_symtab = dst = mod->module_core + info->symoffs;
mod->core_strtab = s = mod->module_core + info->stroffs;
src = mod->symtab;//符號表節區開始地址
//將符號表節區的符號項(若干的Elf_Sym結構)內容拷貝到core部分指定地址處
//將符號項中符號的名稱拷貝到core部分指定地址處,并重新設置符號項中名稱在符號字符串中的索引值st_name
for (ndst = i = 0; i < mod->num_symtab; i++) {
if (i == 0 || is_core_symbol(src+i, info->sechdrs, info->hdr->e_shnum)) {
//符號項拷貝到mod->module_core + info->symoffs
dst[ndst] = src[i];
//重新設置符號名在mod->core_strtab中的索引值
dst[ndst++].st_name = s - mod->core_strtab;
//符號名稱拷貝到mod->module_core + info->stroffs
s += strlcpy(s, &mod->strtab[src[i].st_name],KSYM_NAME_LEN) + 1;
}
}
mod->core_num_syms = ndst;//符號個數
}
static int complete_formation(struct module *mod, struct load_info *info)
{
int err;
mutex_lock(&module_mutex);
//確認是否有重定義符號
err = verify_export_symbols(mod);
if (err < 0)
goto out;
//模塊bug相關操作
module_bug_finalize(info->hdr, info->sechdrs, mod);
//設置模塊的狀態
mod->state = MODULE_STATE_COMING;
out:
mutex_unlock(&module_mutex);
return err;
}
static int verify_export_symbols(struct module *mod)
{
unsigned int i;
struct module *owner;
const struct kernel_symbol *s;
struct {
const struct kernel_symbol *sym;
unsigned int num;
} arr[] = {
{ mod->syms, mod->num_syms },
{ mod->gpl_syms, mod->num_gpl_syms },
{ mod->gpl_future_syms, mod->num_gpl_future_syms },
#ifdef CONFIG_UNUSED_SYMBOLS
{ mod->unused_syms, mod->num_unused_syms },
{ mod->unused_gpl_syms, mod->num_unused_gpl_syms },
#endif
};
//遍歷模塊中的符號,在內核中檢查是否已經導出,若已經導出該符號,則給出著名error:“exports duplicate symbol”
for (i = 0; i < ARRAY_SIZE(arr); i++) {
for (s = arr[i].sym; s < arr[i].sym + arr[i].num; s++) {
if (find_symbol(s->name, &owner, NULL, true, false)) {
printk(KERN_ERR "%s: exports duplicate symbol %s"" (owned by %s)\n",mod->name, s->name, module_name(owner));
return -ENOEXEC;
}
}
}
return 0;
}
static int do_init_module(struct module *mod)
{
int ret = 0;
current->flags &= ~PF_USED_ASYNC;
//內核通知
blocking_notifier_call_chain(&module_notify_list,MODULE_STATE_COMING, mod);
//Set RO and NX regions for core
set_section_ro_nx(mod->module_core,mod->core_text_size,mod->core_ro_size,mod->core_size);
//Set RO and NX regions for init
set_section_ro_nx(mod->module_init,mod->init_text_size,mod->init_ro_size,mod->init_size);
//調用模塊構造函數
do_mod_ctors(mod);
//啟動模塊
if (mod->init != NULL)
ret = do_one_initcall(mod->init);
if (ret < 0) {
/* Init routine failed: abort. Try to protect us from buggy refcounters. */
mod->state = MODULE_STATE_GOING;
synchronize_sched();
module_put(mod);
blocking_notifier_call_chain(&module_notify_list,MODULE_STATE_GOING, mod);
free_module(mod);
wake_up_all(&module_wq);
return ret;
}
if (ret > 0) {
printk(KERN_WARNING"%s: '%s'->init suspiciously returned %d, it should follow 0/-E convention\n""%s: loading module anyway...\n",__func__,mod->name, ret,__func__);
dump_stack();
}
//模塊初始化完成,更改狀態,通知內核
mod->state = MODULE_STATE_LIVE;
blocking_notifier_call_chain(&module_notify_list,MODULE_STATE_LIVE, mod);
if (current->flags & PF_USED_ASYNC)
async_synchronize_full();
mutex_lock(&module_mutex);
/* Drop initial reference. */
module_put(mod);
rim_init_extable(mod);
#ifdef CONFIG_KALLSYMS
mod->num_symtab = mod->core_num_syms;
mod->symtab = mod->core_symtab;
mod->strtab = mod->core_strtab;
#endif
//釋放初始化部分空間,這部分只是在初始化有效,初始化結束回收資源,清空
unset_module_init_ro_nx(mod);
module_free(mod, mod->module_init);
mod->module_init = NULL;
mod->init_size = 0;
mod->init_ro_size = 0;
mod->init_text_size = 0;
mutex_unlock(&module_mutex);
wake_up_all(&module_wq);
return 0;
}
int __init_or_module do_one_initcall(initcall_t fn)
{
int count = preempt_count();
int ret;
char msgbuf[64];
if (initcall_debug)
ret = do_one_initcall_debug(fn);
else
ret = fn();//執行模塊的init_module函數
msgbuf[0] = 0;
if (preempt_count() != count) {
sprintf(msgbuf, "preemption imbalance ");
preempt_count() = count;
}
if (irqs_disabled()) {
strlcat(msgbuf, "disabled interrupts ", sizeof(msgbuf));
local_irq_enable();
}
WARN(msgbuf[0], "initcall %pF returned with %s\n", fn, msgbuf);
return ret;
}
轉載于:https://www.cnblogs.com/andyfly/p/9466805.html
《新程序員》:云原生和全面數字化實踐50位技術專家共同創作,文字、視頻、音頻交互閱讀總結
以上是生活随笔為你收集整理的Linux驱动之内核加载模块过程分析的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: Java学习day2
- 下一篇: C# 向TIM或者QQ自动发送中文消息