Explain some important kernel files commonly used in RedHat system

Time:2020-12-8

In the network, many servers use Linux system. In order to further improve the performance of the server, it may be necessary to recompile the Linux kernel according to the specific hardware and requirements. To compile the Linux kernel, we need to follow the prescribed steps, and several important files are involved in the process of compiling the kernel. For example, for RedHat Linux, there are some files related to the Linux kernel in the / boot directory, which are executed in / boot.

People who have compiled the RedHat Linux kernel System.map , vmlinuz, initrd-2.4.7-10.img may be more impressive, because the process of compiling the kernel involves the establishment of these files and other operations. So how do these documents come into being? What are their functions? This paper introduces them.

1、 Vmlinuz

The vmulinz kernel is compressible. “VM” stands for “virtual memory”. Linux supports virtual memory, unlike the old operating system such as DOS, which has a memory limit of 640kb. Linux can use hard disk space as virtual memory, so it is named “VM”. Vmlinuz is an executable Linux kernel, which is located in / boot / vmlinuz. It is generally a soft link. For example, the figure shows the soft link of vmlinuz-2.4.7-10.

There are two ways to build vmlinuz. First, the kernel is created by “make zimage” when compiling the kernel, and then generated by “CP / usr / SRC / linux-2.4/arch/i386/linux/boot/zimage/boot/vmlinuz”. Zimage is suitable for small kernels and exists for backward compatibility.

Second, the kernel is created by command make bzimage during kernel compilation, and then generated by “CP / usr / SRC / linux-2.4/arch/i386/linux/boot/bzimage/boot/vmlinuz”. Bzimage is a compressed kernel image. It should be noted that bzimage is not compressed by bzip2. BZ in bzimage is easy to be misunderstood. BZ means “big zimage”. B in bzimage means “big”. Both zimage (vmlinuz) and bzimage (vmlinuz) are compressed with gzip. They are not only a compressed file, but also have gzip decompression code embedded in the beginning of the two files. So you can’t unpack vmlinuz with gunzip or gzip – DC.

The kernel file contains a tiny gzip to unzip the kernel and boot it. The difference between the two is that the old zimage decompresses the kernel to low-end memory (the first 640K), and bzimage decompresses the kernel to high-end memory (1m or more). If the kernel is small, you can use either zimage or bzimage, and the system runtime is the same. Large cores use bzimage, not zimage. Vmlinux is an uncompressed kernel and vmlinuz is a compressed file of vmlinux.

2、 Initrd-x.x.x.img

Initrd is short for “initial ramdisk”. Initrd is generally used to temporarily boot hardware to a state where the actual kernel vmlinuz can take over and continue to boot. Initrd-2.4.7-10.img in the figure is mainly used to load ext3 and other file systems and SCSI device drivers.

For example, if a SCSI hard disk is used and the kernel vmlinuz does not have a driver for this SCSI hardware, then the kernel cannot load the root file system before loading the SCSI module, but the SCSI module is stored in / lib / modules of the root file system. To solve this problem, boot an initrd kernel that can read the actual kernel and use initrd to correct the SCSI boot problem. Initrd-2.4.7-10.img is a file compressed by gzip. Initrd can load some modules and install file system.

The initrd image file is created using mkinitrd. The mkinitrd utility can create initrd image files. This command is proprietary to RedHat. Other Linux distributions may have commands. This is a very convenient utility. For details, please refer to help: man mkinitrd creates the initrd image file.

3 System.map

System.map Is a kernel symbol table for a specific kernel. It’s for the kernel you’re currently running System.map Link to.

How is the kernel symbol table created? System.map Is generated by “nm vmlinux” and irrelevant symbols are filtered out.

For the example in this article, when compiling the kernel, System.map Created in / usr / SRC / linux-2.4/ System.map 。 Like this:

  

Copy code

The code is as follows:

nm /boot/vmlinux-2.4.7-10 > System.map

The following lines are from / usr / SRC / linux-2.4/makefile:

  

Copy code

The code is as follows:

nm vmlinux | grep -v ‘\(compiled\)\|\(\.o$$\)\|\( [aUw] \)\|\(\.\.ng$$\)\|\(LASH[RL]DI\)’ | sort > System.map

Then copy to / boot:

  

Copy code

The code is as follows:

cp /usr/src/linux/System.map /boot/System.map-2.4.7-10

Here is the picture below System.map Part of the document:

In programming, some symbols such as variable name or function name will be named. The Linux kernel is a very complex code block with many global symbols.

The Linux kernel does not use symbolic names, but identifies variable or function names by their addresses. For example, instead of using size_ T bytesread, which refers to this variable like c0343f20.

For people who use computers, they prefer to use things like size_ T bytesread instead of a name like c0343f20. The kernel is mainly written in C, so the compiler / connector allows us to code with symbolic names and address when the kernel is running.

However, in some cases, we need to know the address of the symbol, or we need to know the symbol corresponding to the address. This is done by the symbol table, which is a list of all symbols with their addresses. The above figure is a kernel symbol table. From the above figure, we can see that the variable name checkcputype is in the kernel address c0100a5.

The Linux symbol table uses two files:

Copy code

The code is as follows:

  /proc/ksyms</p>
<p>  System.map

/ Pro / ksyms is a “profile file” created at kernel boot time. In fact, it is not really a file, it is just a representation of kernel data, but it gives people the illusion that it is a disk file, which can be seen from its file size of 0. However, System.map Is the actual file that exists on your file system.

When you compile a new kernel, the address of each symbol name will change, your old one System.map Has the wrong symbol information. Each time the kernel is compiled, a new System.map You should use the new one System.map To replace the old one System.map 。

Although the kernel itself is not really used System.map But other programs such as klogd, lsof and PS need a correct one System.map 。 If you use the wrong or not System.map The output of klogd will be unreliable, which will bring difficulties to program troubleshooting. No, System.map You may be faced with some annoying cues.

In addition, a few drivers need System.map To parse symbols that are not created for the specific kernel you are currently running System.map They don’t work.

In order to perform name address resolution, klogd needs to use System.map 。 System.map It should be placed where the software that uses it can find it. Execution: man klogd shows that if the System.map Given to klogd as a variable location, it will look in three places in the following order System.map :

Copy code

The code is as follows:

  /boot/System.map</p>
<p>  /System.map</p>
<p>  /usr/src/linux/System.map

   System.map With version information, klogd can intelligently find the correct map file.