ksyms pseudo driver

Sat Jul 12 01:16:04 UTC 2008

Andrew Gallatin wrote:
>> its already opened snapshot first. Of course, this requires the read()
>> handler to bounce the buffer into the kernel first before it is written
>> back out to userspace.  (Maybe there is a simple way to do an userspace
>> to userspace copy instead?) The reason I went to all this trouble is to
>> keep /dev/ksyms from turning into an easy way to exhaust all the kernel
>> memory (unintentionally or intentionally).
>>      
>
> Instead of doing the copy in the kernel, can you just have a simple
> ioctl which returns the address and size of the snapshot?  Then the
> userspace side can do the copy itself.
>    
Actually that is what the ioctls do now...   You can just open 
/dev/ksyms to create the snapshot and then use ioctl() to get the size 
and address where the buffer is mapped.   Or you can use mmap().

IOCTLS
      The ioctl(2) command codes below are defined in <sys/ksyms.h>.

      The (third) argument to the ioctl(2) should be a pointer to the type
      indicated.

            KIOCGSIZE (size_t)
                    Returns the total size of the current symbol table.

            KIOCGADDR (void *)
                    Returns the address of the kernel symbol table 
mapped in
                    the process memory.

-stacey.