Skip to content

Add support for DWARF debug info usage for kernel module address symbolization #1391

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
danielocfb wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add support for DWARF debug info usage for kernel module address symbolization #1391

danielocfb wants to merge 3 commits into from

Conversation

@danielocfb
Copy link
Collaborator

@danielocfb danielocfb commented Dec 19, 2025

Please see individual commits for descriptions.

@d-e-s-o
Add parser for /proc/modules
ab8fe70 
Add a parser for /proc/modules style files, ModMap. /proc/modules
contains information about memory ranges of modules. We need such
information in order to understand which module a given kernel address
belongs to. On top of just parsing contents, objects of this type
provide the means for querying the module name that an address belongs
to, if any.

Signed-off-by: Daniel Müller <[email protected]>
@d-e-s-o
Add logic for dealing with depmod binary files
f481717 
Add logic for parsing depmod binary files. These files basically
contain a search tree for efficiently looking up module paths (relative
to a base directory) given a module name. Making such a lookup possible
enables the loading of module binaries, which may contain DWARF debug
information for symbolization that resolves source code information (as
opposed to /proc/kallsyms, which only has limited function granularity
for addresses).

Signed-off-by: Daniel Müller <[email protected]>
@danielocfb danielocfb requested a review from anakryiko December 19, 2025 14:21
@danielocfb danielocfb force-pushed the topic/kernel-mod-syms branch 4 times, most recently from 5941d58 to a2e3f78 Compare December 19, 2025 14:46
@d-e-s-o d-e-s-o force-pushed the topic/kernel-mod-syms branch 4 times, most recently from ace6526 to c724915 Compare December 26, 2025 18:31
@danielocfb danielocfb added the blocked The pull request is blocked and cannot progress at the moment. label Jan 8, 2026
anakryiko
anakryiko approved these changes Jan 9, 2026
View reviewed changes
Copy link
Member

@anakryiko anakryiko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good, great to see this happening (and sorry for delay!)

left minor questions/comments, but non are blocking

src/kernel/modmap.rs Outdated
}

// Each line has format:
// <module_name> <size> <instances> <dependencies> <state> <offset>
Copy link
Member

@anakryiko anakryiko Jan 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: not offset, absolute start address (and just for comment completeness there could be extra flags afterwards in ()

src/kernel/modmap.rs
let addr = if let Ok(addr) = Addr::from_str_radix(addr.trim_start_matches("0x"), 16) {
// A start address of 0 means that the address was
// masked -- it is not usable for our purposes.
if addr == 0 {
Copy link
Member

@anakryiko anakryiko Jan 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do you have some means to emit warning (for debugging)? might be useful

looking at kernel code (I was curious how this /proc/modules file is generated), I think either all module addresses will be zero (if kptr_restrict sysctl is set, or not enough capabilities to see real kernel address) or they will all be valid, so you can really break out of here and save time (and logging spam, if you decide to log this condition)

Copy link
Collaborator

@d-e-s-o d-e-s-o Jan 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the way it would manifest is that we'd report Reason::MissingSyms when symbolizing and there are no modules. It's the same mechanism we use for stripped ELF binaries or masked /proc/kallsyms addresses.

src/kernel/resolver.rs


#[cfg(feature = "xz")]
fn decompress_xz(path: &Path) -> Result<NamedTempFile> {
Copy link
Member

@anakryiko anakryiko Jan 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

curious, will this temporary file be deleted by blazesym when ElfResolver is destroyed, or it will stay in /tmp and is expected to be cleaned up eventually outside of blazesym's control?

Copy link
Collaborator

@d-e-s-o d-e-s-o Jan 9, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, once the NamedTempFile leaves scope the file will be removed (so in this case that would be by the time KernelResolver::find_sym returns, on the current call path), so there shouldn't be any left overs.

@d-e-s-o
Resolve kernel module addresses with DWARF
a332212 
Add support for looking up and incorporating DWARF information for
symbolization of kernel module addresses. So far we have only supported
using DWARF for addresses belonging to the core kernel. We rely on the
previously introduced /proc/modules map for deciding whether an address
belongs to a kernel module. We then use the depmod file for looking up
the kernel module, optionally taking into account debug links as usual.

Signed-off-by: Daniel Müller <[email protected]>
@d-e-s-o d-e-s-o force-pushed the topic/kernel-mod-syms branch from c724915 to a332212 Compare January 12, 2026 18:28
@d-e-s-o
Copy link
Collaborator

d-e-s-o commented Jan 12, 2026

Rebased and address review comments. Thanks for the review. This support is still blocked on ELF relocations and/or additional testing.

@codecov
Copy link

codecov bot commented Jan 12, 2026

Codecov Report

❌ Patch coverage is 81.97279% with 53 lines in your changes missing coverage. Please review.
✅ Project coverage is 95.42%. Comparing base (f9a91a6) to head (a332212).

Files with missing lines Patch % Lines
src/kernel/resolver.rs 42.10% 22 Missing ⚠️
src/kernel/depmod.rs 87.50% 18 Missing ⚠️
src/pathlike.rs 0.00% 6 Missing ⚠️
src/kernel/cache.rs 54.54% 5 Missing ⚠️
src/kernel/modmap.rs 97.89% 2 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1391      +/-   ##
==========================================
- Coverage   95.79%   95.42%   -0.38%     
==========================================
  Files          61       63       +2     
  Lines       11075    11359     +284     
==========================================
+ Hits        10609    10839     +230     
- Misses        466      520      +54

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@d-e-s-o d-e-s-o d-e-s-o left review comments

@anakryiko anakryiko anakryiko approved these changes

Assignees

No one assigned

Labels

blocked The pull request is blocked and cannot progress at the moment.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@danielocfb @d-e-s-o @anakryiko