Base address at which the linux kernel is loaded

Asked 7/11, 2015 at 4:1 Answered 13/8, 2019 at 18:36

linux linux-kernel kernel-module elf virtual-memory

I have a couple of doubts about how the kernel is loaded into memory. Upon inspecting /proc/kallsyms I'm able to find the address of various symbols in the kernel.

$ cat /proc/kallsyms | head -n 10
00000000 t __vectors_start
80008240 T asm_do_IRQ
80008240 T _stext
80008240 T __exception_text_start
80008244 T do_undefinstr
80008408 T do_IPI
8000840c T do_DataAbort
800084a8 T do_PrefetchAbort
80008544 t gic_handle_irq
800085a0 T secondary_startup

Is there any way I can find the base address at which the kernel is loaded?
In userspace, suppose I use a libc with say the puts function at an offset of 0x200. When loaded into memory at say the address 0x8048000, I would be able to find the resolved puts at 0x8048000 + 0x200. Would the same hold for the kernel? i.e. is the kernel image loaded up into memory as 1 contiguous .text section?

Sleuthhound answered 7/11, 2015 at 4:1 Comment(5)

Do you understand the difference between physical addresses and virtual addresses? – Willard 7/11, 2015 at 5:3

@IgnacioVazquez-Abrams Physical address eg: 80008240(actual RAM address). Virtual Address eg: 0x08048000, requires translation. Am I missing something? – Sleuthhound 7/11, 2015 at 5:7

Yes. The kernel is loaded at one physical location at boot, and mapped to another virtual location for every process on the system at runtime. – Willard 7/11, 2015 at 5:26

Related: #18266563 – Fancyfree 9/11, 2015 at 11:23

@IgnacioVazquez-Abrams that's not entirely correct - the kernel randomises the base physical address of the kernel (where it's decompressed) when it can. – Pennsylvanian 15/1, 2018 at 8:38

for MIPS architecture

file Platform contain the field/variable "load-..." assigned with the location in physical address space.

example:

openwrt/build_dir/target-mips_mips32_musl-1.1.16/linux-brcm63xx_smp/linux-4.4.14/arch/mips/bcm63xx/Platform

#
# Broadcom BCM63XX boards
#
platform-$(CONFIG_BCM63XX)  += bcm63xx/
cflags-$(CONFIG_BCM63XX)    +=                  \
    -I$(srctree)/arch/mips/include/asm/mach-bcm63xx/
load-$(CONFIG_BCM63XX)      := 0xffffffff80010000

for ARM architecture

file Makefile.boot contain the field/variable "zreladdr-y" assigned with the location in physical address space.

example:

openwrt/build_dir/target-mips_mips32_musl-1.1.16/linux-brcm63xx_smp/linux-4.4.14/arch/arm/mach-omap1/Makefile.boot

   zreladdr-y       += 0x10008000
params_phys-y       := 0x10000100
initrd_phys-y       := 0x10800000

for Microblaze architecture

file Makefile contain the field/variable "UIMAGE_LOADADDR" assigned with the location in physical address space (exported from Xilinx ISE).

example:

openwrt/build_dir/target-mips_mips32_musl-1.1.16/linux-brcm63xx_smp/linux-4.4.14/arch/microblaze/boot/Makefile

UIMAGE_LOADADDR = $(CONFIG_KERNEL_BASE_ADDR)

Graffito answered 5/4, 2017 at 6:47 Comment(1)

I don't see how it helps the OP, he asks for a way to determind the kernel base address using a symbol (F) address he already has. – Alwyn 9/5, 2023 at 19:53

Kernel is loaded at physical address of 1MiB which is mapped on PAGE_OFFSET + 0x00100000 (virtual address). usually 8MiB of virtual space is reserved for kernel image starting from PAGE_OFFSET + 0x00100000

Cavein answered 7/11, 2015 at 20:38 Comment(0)

As other answer states that Kernel base address is fixed for particular architecture. But due to many security issues kernel development community decided to make it random. It is called ASLR (Address Space Layout Randomization).

By reading your question (or because I am reading it in 2017), you may be trying to find offset used in ASLR (or KASLR for kernel).

KASLR offset = address of symbol loaded in memory - address of symbol present in binary.

As your question states you already know address of symbol in memory from /proc/kallsyms.

We can find address of symbol in binary using nm utility and vmlinux file.

nm vmlinux | grep do_IPI

This will print address of symbol do_IPI in vmlinux file. Subtracting these two address will provide you KASLR offset.

Keg answered 15/1, 2018 at 8:15 Comment(0)

If you are using u-boot then at boot time bootloader usually print the kernel load address and entry point.

Erase Group Size: 512 Bytes
reading uImage
4670784 bytes read in 469 ms (9.5 MiB/s)
reading devicetree.dtb
20597 bytes read in 17 ms (1.2 MiB/s)
Booting Linux kernel with ramdisk and devicetree
## Booting kernel from Legacy Image at 02004000 ...
   Image Name:   Linux-4.9.0-xilinx
   Image Type:   ARM Linux Kernel Image (uncompressed)
   Data Size:    4670720 Bytes = 4.5 MiB
   Load Address: 10000000
   Entry Point:  10000000
   Verifying Checksum ... OK
## Flattened Device Tree blob at 04000000
   Booting using the fdt blob at 0x4000000
   Loading Kernel Image ... OK
   Loading Device Tree to 1cb3d000, end 1cb45074 ... OK

Starting kernel ...

Acrolein answered 13/8, 2019 at 18:36 Comment(1)

unfortunately this is not always the case – Rubadub 5/7, 2023 at 15:3

-2

In the case of this ARM kernel the load address was at 0x80008000. Also, the kernel is loaded in a contiguous manner.

Sleuthhound answered 8/11, 2015 at 2:26 Comment(1)

Meaning that we have 2GB user address space for ARM. Is that correct ? – Riverside 19/1, 2017 at 5:23

Recommended topics

Hot tags