說明:文章基於arm64分析,使用的工具是crash_arm64.
mod 命令介紹
進入crash調試窗口後,輸入 help mod
即可查看mod工具的使用幫助信息。
crash_arm64> help mod
NAME
mod - module information and loading of symbols and debugging data
SYNOPSIS
mod -s module [objfile] | -d module | -S [directory] [-D|-t|-r|-R|-o|-g]
DESCRIPTION
With no arguments, this command displays basic information of the currently
installed modules, consisting of the module address, name, size, the
object file name (if known), and whether the module was compiled with
CONFIG_KALLSYMS.
The arguments are concerned with with the loading or deleting of symbolic
and debugging data from a module's object file. A modules's object file
always contains symbolic data (symbol names and addresses), but contains
debugging data only if the module was compiled with the -g CFLAG. In
addition, the module may have compiled with CONFIG_KALLSYMS, which means
that the module's symbolic data will have been loaded into the kernel's
address space when it was installed. If the module was not compiled with
CONFIG_KALLSYMS, then only the module's exported symbols will be loaded
into the kernel's address space. Therefore, for the purpose of this
command, it should noted that a kernel module may have been compiled in
one of following manners:
1. If the module was built without CONFIG_KALLSYMS and without the -g CFLAG,
then the loading of the module's additional non-exported symbols can
be accomplished with this command.
2. If the module was built with CONFIG_KALLSYMS, but without the -g CFLAG,
then there is no benefit in loading the symbols from the module object
file, because all of the module's symbols will have been loaded into the
kernel's address space when it was installed.
3. If the module was built with CONFIG_KALLSYMS and with the the -g CFLAG,
then the loading of the module's debugging data can be accomplished
with this command.
4. If the module was built without CONFIG_KALLSYMS but with the -g CFLAG,
then the loading of the both module's symbolic and debugging data can
be accomplished with this command.
-s module [objfile] Loads symbolic and debugging data from the object file
for the module specified. If no objfile argument is
appended, a search will be made for an object file
consisting of the module name with a .o or .ko suffix,
starting at the `/lib/modules/<release>`directory on
the host system, or if not found there, starting at the
directory containing the kernel namelist file. If an
objfile argument is appended, then that file will be
used.
-d module Deletes the symbolic and debugging data of the module
specified.
-S [directory] Load symbolic and debugging data from the object file
for all loaded modules. For each module, a search
will be made for an object file consisting of the
module name with a .o or .ko suffix, starting at the
/lib/modules/<release> directory of the host system,
or if not found there, starting at the directory
containing the kernel namelist file. If a directory
argument is appended, then the search will be restricted
to that directory.
-D Deletes the symbolic and debugging data of all modules.
-t Display the contents of the module's "taints" bitmask
if it is non-zero. When possible, the "taints" bits
are translated to symbolic letters of the taint type;
otherwise the hexadecimal value is shown. In older
kernels, the contents of the "license_gplok" field is
displayed in hexadecimal; the field may be either a
bitmask or a boolean, depending upon the kernel version.
The relevant kernel sources should be consulted for the
meaning of the letter(s) or hexadecimal bit value(s).
For modules that have a "gpgsig_ok" field that is zero
(unsigned), the notation "(U)" is shown.
-r Passes the -readnow flag to the embedded gdb module,
which will override the two-stage strategy that it uses
for reading symbol tables from module object files.
-R Reinitialize module data. All currently-loaded symbolic
and debugging data will be deleted, and the installed
module list will be updated (live system only).
-g When used with -s or -S, add a module object's section
start and end addresses to its symbol list.
-o Load module symbols with old mechanism.
If the crash_arm64 session was invoked with the "--mod <directory>" option, or
a CRASH_MODULE_PATH environment variable exists, then /lib/modules/<release>
will be overridden as the default directory tree that is searched for module
object files.
After symbolic and debugging data have been loaded, backtraces and text
disassembly will be displayed appropriately. Depending upon the processor
architecture, data may also printed symbolically with the "p" command;
at a minimum, the "rd" command may be used with module data symbols.
If crash_arm64 can recognize that the set of modules has changed while running a
session on a live kernel, the module data will be reinitialized the next
time this command is run; the -r option forces the reinitialization.
EXAMPLES
Display the currently-installed modules:
crash_arm64> mod
MODULE NAME SIZE OBJECT FILE
c8019000 soundcore 2788 (not loaded)
c801b000 soundlow 336 (not loaded)
c801d000 sound 59864 (not loaded)
c802d000 ad1848 15728 (not loaded)
c8032000 uart401 6000 (not loaded)
c8035000 cs4232 2472 (not loaded)
c8043000 opl3 11048 (not loaded)
c8047000 3c59x 18152 (not loaded)
c804d000 sunrpc 53796 (not loaded)
c805c000 lockd 31528 (not loaded)
c8065000 nfsd 151896 (not loaded)
c8092000 nfs 29752 (not loaded)
Display the currently-installed modules on a system where all modules were
compiled with CONFIG_KALLSYMS:
crash_arm64> mod
MODULE NAME SIZE OBJECT FILE
e080d000 jbd 57016 (not loaded) [CONFIG_KALLSYMS]
e081e000 ext3 92360 (not loaded) [CONFIG_KALLSYMS]
e0838000 usbcore 83168 (not loaded) [CONFIG_KALLSYMS]
e0850000 usb-uhci 27532 (not loaded) [CONFIG_KALLSYMS]
e085a000 ehci-hcd 20904 (not loaded) [CONFIG_KALLSYMS]
e0865000 input 6208 (not loaded) [CONFIG_KALLSYMS]
e086a000 hid 22404 (not loaded) [CONFIG_KALLSYMS]
e0873000 mousedev 5688 (not loaded) [CONFIG_KALLSYMS]
e0878000 keybdev 2976 (not loaded) [CONFIG_KALLSYMS]
e08fd000 cdrom 34144 (not loaded) [CONFIG_KALLSYMS]
e0909000 ide-cd 35776 (not loaded) [CONFIG_KALLSYMS]
e0915000 scsi_mod 117928 (not loaded) [CONFIG_KALLSYMS]
e0935000 ide-scsi 12752 (not loaded) [CONFIG_KALLSYMS]
e093c000 microcode 5248 (not loaded) [CONFIG_KALLSYMS]
e0943000 sr_mod 18136 (not loaded) [CONFIG_KALLSYMS]
e0956000 floppy 59056 (not loaded) [CONFIG_KALLSYMS]
e0966000 sg 38060 (not loaded) [CONFIG_KALLSYMS]
e0971000 ip_tables 16544 (not loaded) [CONFIG_KALLSYMS]
e097d000 iptable_filter 2412 (not loaded) [CONFIG_KALLSYMS]
e097f000 e1000 76096 (not loaded) [CONFIG_KALLSYMS]
e09ba000 autofs 13780 (not loaded) [CONFIG_KALLSYMS]
e09c1000 parport 39072 (not loaded) [CONFIG_KALLSYMS]
e09ce000 lp 9220 (not loaded) [CONFIG_KALLSYMS]
e09d4000 parport_pc 19204 (not loaded) [CONFIG_KALLSYMS]
e09e2000 agpgart 59128 (not loaded) [CONFIG_KALLSYMS]
e0a1a000 radeon 117156 (not loaded) [CONFIG_KALLSYMS]
e2dc7000 sunrpc 91996 (not loaded) [CONFIG_KALLSYMS]
e2de1000 lockd 60624 (not loaded) [CONFIG_KALLSYMS]
e2df3000 nfs 96880 (not loaded) [CONFIG_KALLSYMS]
Load the symbolic and debugging data of all modules:
crash_arm64> mod -S
MODULE NAME SIZE OBJECT FILE
c8019000 soundcore 2788 /lib/modules/2.2.5-15/misc/soundcore.o
c801b000 soundlow 336 /lib/modules/2.2.5-15/misc/soundlow.o
c801d000 sound 59864 /lib/modules/2.2.5-15/misc/sound.o
c802d000 ad1848 15728 /lib/modules/2.2.5-15/misc/ad1848.o
c8032000 uart401 6000 /lib/modules/2.2.5-15/misc/uart401.o
c8035000 cs4232 2472 /lib/modules/2.2.5-15/misc/cs4232.o
c8043000 opl3 11048 /lib/modules/2.2.5-15/misc/opl3.o
c8047000 3c59x 18152 /lib/modules/2.2.5-15/net/3c59x.o
c804d000 sunrpc 53796 /lib/modules/2.2.5-15/misc/sunrpc.o
c805c000 lockd 31528 /lib/modules/2.2.5-15/fs/lockd.o
c8065000 nfsd 151896 /lib/modules/2.2.5-15/fs/nfsd.o
c8092000 nfs 29752 /lib/modules/2.2.5-15/fs/nfs.o
Load the symbolic and debugging data of the soundcore module from its
known location:
crash_arm64> mod -s soundcore
MODULE NAME SIZE OBJECT FILE
c8019000 soundcore 2788 /lib/modules/2.2.5-15/misc/soundcore.o
Delete the current symbolic and debugging data of the soundcore module,
and then re-load it from a specified object file:
crash_arm64> mod -d soundcore
crash_arm64> mod -s soundcore /tmp/soundcore.o
MODULE NAME SIZE OBJECT FILE
c8019000 soundcore 2788 /tmp/soundcore.o
After installing a new kernel module on a live system, reinitialize the
installed module list:
crash_arm64> !insmod mdacon
crash_arm64> mod
mod: NOTE: modules have changed on this system -- reinitializing
MODULE NAME SIZE OBJECT FILE
c8019000 soundcore 2788 (not loaded)
c801b000 soundlow 336 (not loaded)
c801d000 sound 59864 (not loaded)
c802d000 ad1848 15728 (not loaded)
c8032000 uart401 6000 (not loaded)
c8035000 cs4232 2472 (not loaded)
c8043000 opl3 11048 (not loaded)
c8047000 3c59x 18152 (not loaded)
c804d000 sunrpc 53796 (not loaded)
c805c000 lockd 31528 (not loaded)
c8065000 nfs 29752 (not loaded)
c806e000 autofs 9316 (not loaded)
c8072000 nfsd 151896 (not loaded)
c80a1000 mdacon 3556 (not loaded)
Display modules that are "tainted", where in this case
where they are proprietary and unsigned:
crash_arm64> mod -t
NAME TAINT
vxspec P(U)
vxportal P(U)
fdd P(U)
vxfs P(U)
vxdmp P(U)
vxio P(U)
vxglm P(U)
vxgms P(U)
vxodm P(U)
部分翻譯:
NAME
mod - 模塊信息以及符號和調試數據的加載
SYNOPSIS
mod -s module [objfile] | -d module | -S [directory] [-D|-t|-r|-R|-o|-g]
DESCRIPTION
該命令不帶任何參數,顯示當前已安裝模塊的基本信息,包括模塊地址,名稱,大小,目標文件名(如果知道)以及模塊是否使用CONFIG_KALLSYMS編譯。
這些參數與從模塊的目標文件中加載或刪除符號和調試數據有關。模塊的目標文件始終包含符號數據(符號名稱和地址),但是僅當使用-g CFLAG編譯模塊時,才包含調試數據。另外,該模塊可能已使用CONFIG_KALLSYMS進行編譯,這意味着該模塊的符號數據在安裝時將被加載到內核的地址空間中。如果模塊不是使用CONFIG_KALLSYMS編譯的,則僅模塊的導出符號將被加載到內核的地址空間中。因此,出於此命令的目的,應注意,內核模塊可能已通過以下方式之一進行了編譯:
1.如果模塊是在沒有CONFIG_KALLSYMS且沒有-g CFLAG的情況下構建的,則可以使用此命令來完成模塊其他非導出符號的加載。
2.如果模塊是使用CONFIG_KALLSYMS構建的,但沒有-g CFLAG,則從模塊目標文件中加載符號沒有任何好處,因爲當模塊被加載時,所有模塊的符號都會被加載到內核的地址空間中。已安裝。
3.如果模塊是使用CONFIG_KALLSYMS和-g CFLAG構建的,則可以使用此命令完成模塊調試數據的加載。
4.如果模塊是在沒有CONFIG_KALLSYMS的情況下構建的,但帶有-g CFLAG的模塊,則可以使用此命令來完成兩個模塊的符號數據和調試數據的加載。
-s module [objfile] | 從目標文件中加載指定模塊的符號和調試數據。 如果未附加objfile參數,則將從主機系統上的/ lib / modules / 目錄開始搜索由後綴爲.o或.ko的模塊名稱組成的目標文件。 在包含內核名稱列表文件的目錄中找到。 如果附加了參數,則將使用該文件。 |
-d module | 刪除指定模塊的符號和調試數據。 |
-S [directory] | 從目標文件中爲所有已加載的模塊加載符號和調試數據。 對於每個模塊,將從主機系統的/ lib / modules / 目錄開始搜索一個目標文件,該目標文件由帶有.o或.ko後綴的模塊名稱組成,或者如果找不到該文件, 從包含內核名稱列表文件的目錄開始。 如果附加了目錄參數,則搜索將限於該目錄。 |
-D | 刪除所有模塊的符號和調試數據。 |
-t | 如果模塊的“污點”位掩碼非零,則顯示其內容。 如果可能,將“污點”位轉換爲污點類型的符號字母。 否則,將顯示十六進制值。 在老內核中,“ license_gplok”字段的內容以十六進制顯示; 該字段可以是位掩碼,也可以是布爾值,具體取決於內核版本。有關字母或十六進制位值的含義,請查閱相關的內核源。 對於“ gpgsig_ok”字段爲零(無符號)的模塊,將顯示符號“(U)”。 |
-r | 將-readnow標誌傳遞給嵌入式gdb模塊,該模塊將覆蓋用於從模塊目標文件讀取符號表的兩階段策略。 |
-R | 重新初始化模塊數據。 所有當前加載的符號和調試數據將被刪除,並且已安裝的模塊列表將被更新(僅適用於實時系統)。 |
-g | 與-s或-S一起使用時,將模塊對象的節開始和結束地址添加到其符號列表中。 |
-o | 使用舊機制加載模塊符號。 |
如果使用“ --mod ”選項調用了crash_arm64會話,或者存在CRASH_MODULE_PATH環境變量,則/ lib / modules / 將被覆蓋,作爲搜索模塊對象文件的默認目錄樹。
加載符號和調試數據後,將適當顯示回溯和文本反彙編。 根據處理器架構的不同,數據也可以使用“ p”命令進行象徵性打印。 至少,“ rd”命令可與模塊數據符號一起使用。
如果crash_arm64在實時內核上運行會話時識別出模塊組已更改,則下次運行該命令時將重新初始化模塊數據;否則,將重新初始化模塊數據。 -r選項強制重新初始化。