https://github.com/deepflowio/show-kernel-struct-offset
https://github.com/deepflowio/show-kernel-struct-offset
Last synced: 5 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/deepflowio/show-kernel-struct-offset
- Owner: deepflowio
- Created: 2023-03-14T01:58:23.000Z (over 3 years ago)
- Default Branch: master
- Last Pushed: 2024-11-19T06:05:02.000Z (over 1 year ago)
- Last Synced: 2025-09-02T18:46:57.952Z (10 months ago)
- Language: C
- Size: 5.86 KB
- Stars: 0
- Watchers: 3
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Show Kernel Struct Offset
用于提取 Linux 内核结构体成员偏移的小工具。
DeepFlow 依赖这些偏移,以支持多版本内核的兼容和正确运行。
## 依赖环境
请确保系统已安装以下工具和包:
- gcc
- make
- objdump
- 当前运行内核对应的内核头文件(kernel-devel)
- 内核调试符号包(kernel-debuginfo),包含 `vmlinux`
## 编译方法
```bash
make
```
会得到如下内容:
```bash
make -C /lib/modules/4.19.17-1.el7.x86_64/build M=/home/jiping/struct-member/show-kernel-struct-offset modules
make[1]: 进入目录“/usr/src/kernels/4.19.17-1.el7.x86_64”
CC [M] /home/jiping/struct-member/show-kernel-struct-offset/skso.o
Building modules, stage 2.
MODPOST 1 modules
CC /home/jiping/struct-member/show-kernel-struct-offset/skso.mod.o
LD [M] /home/jiping/struct-member/show-kernel-struct-offset/skso.ko
make[1]: 离开目录“/usr/src/kernels/4.19.17-1.el7.x86_64”
objdump -d skso.ko
skso.ko: 文件格式 elf64-x86-64
Disassembly of section .text:
0000000000000000 :
0: e8 00 00 00 00 callq 5
5: b8 3c 05 00 00 mov $0x53c,%eax
a: c3 retq
b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
0000000000000010 :
10: e8 00 00 00 00 callq 15
15: b8 ac 06 00 00 mov $0x6ac,%eax
1a: c3 retq
1b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
0000000000000020 :
20: e8 00 00 00 00 callq 25
25: b8 44 05 00 00 mov $0x544,%eax
2a: c3 retq
2b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
0000000000000030 :
30: e8 00 00 00 00 callq 35
35: b8 c8 0a 00 00 mov $0xac8,%eax
3a: c3 retq
3b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
0000000000000040 :
40: e8 00 00 00 00 callq 45
45: b8 f8 01 00 00 mov $0x1f8,%eax
4a: c3 retq
4b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
0000000000000050 :
50: e8 00 00 00 00 callq 55
55: b8 20 00 00 00 mov $0x20,%eax
5a: c3 retq
5b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
0000000000000060 :
60: e8 00 00 00 00 callq 65
65: b8 c8 00 00 00 mov $0xc8,%eax
6a: c3 retq
6b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
0000000000000070 :
70: e8 00 00 00 00 callq 75
75: b8 28 00 00 00 mov $0x28,%eax
7a: c3 retq
7b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
0000000000000080 :
80: e8 00 00 00 00 callq 85
85: b8 20 00 00 00 mov $0x20,%eax
8a: c3 retq
8b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
0000000000000090 :
90: e8 00 00 00 00 callq 95
95: b8 20 00 00 00 mov $0x20,%eax
9a: c3 retq
9b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
00000000000000a0 :
a0: e8 00 00 00 00 callq a5
a5: b8 68 00 00 00 mov $0x68,%eax
aa: c3 retq
ab: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
00000000000000b0 :
b0: e8 00 00 00 00 callq b5
b5: 31 c0 xor %eax,%eax
b7: c3 retq
b8: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1)
bf: 00
00000000000000c0 :
c0: e8 00 00 00 00 callq c5
c5: b8 28 00 00 00 mov $0x28,%eax
ca: c3 retq
cb: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
00000000000000d0 :
d0: e8 00 00 00 00 callq d5
d5: b8 10 00 00 00 mov $0x10,%eax
da: c3 retq
db: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
00000000000000e0 :
e0: e8 00 00 00 00 callq e5
e5: b8 18 00 00 00 mov $0x18,%eax
ea: c3 retq
eb: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
00000000000000f0 :
f0: e8 00 00 00 00 callq f5
f5: b8 28 00 00 00 mov $0x28,%eax
fa: c3 retq
fb: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
0000000000000100 :
100: e8 00 00 00 00 callq 105
105: b8 18 00 00 00 mov $0x18,%eax
10a: c3 retq
10b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
0000000000000110 :
110: e8 00 00 00 00 callq 115
115: b8 10 00 00 00 mov $0x10,%eax
11a: c3 retq
11b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
0000000000000120 :
120: e8 00 00 00 00 callq 125
125: b8 04 00 00 00 mov $0x4,%eax
12a: c3 retq
12b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
0000000000000130 :
130: e8 00 00 00 00 callq 135
135: 31 c0 xor %eax,%eax
137: c3 retq
138: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1)
13f: 00
0000000000000140 :
140: e8 00 00 00 00 callq 145
145: b8 48 00 00 00 mov $0x48,%eax
14a: c3 retq
14b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
0000000000000150 :
150: e8 00 00 00 00 callq 155
155: b8 38 00 00 00 mov $0x38,%eax
15a: c3 retq
15b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
0000000000000160 :
160: e8 00 00 00 00 callq 165
165: b8 0c 00 00 00 mov $0xc,%eax
16a: c3 retq
16b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
0000000000000170 :
170: e8 00 00 00 00 callq 175
175: b8 0e 00 00 00 mov $0xe,%eax
17a: c3 retq
17b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
0000000000000180 :
180: e8 00 00 00 00 callq 185
185: b8 12 00 00 00 mov $0x12,%eax
18a: c3 retq
18b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
0000000000000190 :
190: e8 00 00 00 00 callq 195
195: b8 13 00 00 00 mov $0x13,%eax
19a: c3 retq
19b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
00000000000001a0 :
1a0: e8 00 00 00 00 callq 1a5
1a5: b8 10 00 00 00 mov $0x10,%eax
1aa: c3 retq
1ab: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
00000000000001b0 :
1b0: e8 00 00 00 00 callq 1b5
1b5: 31 c0 xor %eax,%eax
1b7: c3 retq
1b8: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1)
1bf: 00
00000000000001c0 :
1c0: e8 00 00 00 00 callq 1c5
1c5: b8 10 00 00 00 mov $0x10,%eax
1ca: c3 retq
1cb: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
00000000000001d0 :
1d0: e8 00 00 00 00 callq 1d5
1d5: 31 c0 xor %eax,%eax
1d7: c3 retq
1d8: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1)
1df: 00
00000000000001e0 :
1e0: e8 00 00 00 00 callq 1e5
1e5: c3 retq
```
## 注意
内核结构体 `struct mount` 和 `struct mnt_namespace` 定义在:`linux/source/fs/mount.h`
但此文件通常不包含在 `kernel-devel` 包中,导致无法直接通过头文件获取结构体成员偏移。
## 解决方案
利用 `kernel-debuginfo` 包中的 `vmlinux` 文件和 `pahole` 工具,通过 DWARF 调试信息提取结构体成员的偏移。
## 示例
以 CentOS / RHEL 7,内核版本 4.19.17 为例,使用如下命令:
```c
pahole -C mount /usr/lib/debug/lib/modules/4.19.17-1.el7.x86_64/vmlinux
struct mount {
...
struct vfsmount mnt; /* 32 24 */
...
struct mnt_namespace * mnt_ns; /* 224 8 */
...
int mnt_id; /* 284 4 */
};
pahole -C mnt_namespace /usr/lib/debug/lib/modules/4.19.17-1.el7.x86_64/vmlinux
struct mnt_namespace {
...
struct ns_common ns; /* 8 24 */
...
};
```
通过上面的方式得到 mnt、mnt_ns、mnt_id、ns 的偏移。
## 如果遇到问题
如果遇到问题或你的系统还未支持,请新建 issue,运行 `make` 并将完整输出和 `pahole` 得到的偏移值粘贴到 issue 中。
提交地址:
https://github.com/deepflowio/deepflow/issues