disassembly Linux kernel using objdump

Question

If I try to disassem Linux kernel, it takes quite long time due to the big size of Linux elf-binary.

Is there a way to only disassem a function or a symbol, for instance start_kernel function?

What I don't want is to use grep, since it anyway takes very long time.

Answer 1

For disassembling a given function in the Linux kernel you can use the following objdump command.

objdump vmlinux --disassemble='add your function name here'

From the objdump documentation:

   --disassemble=symbol
       Display the assembler mnemonics for the machine instructions
       from the input file.  This option only disassembles those
       sections which are expected to contain instructions.  If the
       optional symbol argument is given, then display the assembler
       mnemonics starting at symbol.  If symbol is a function name
       then disassembly will stop at the end of the function,
       otherwise it will stop when the next symbol is encountered.
       If there are no matches for symbol then nothing will be
       displayed.

Answer 2

You can not disassemble particular function or symbol alone but instead of full kernel image, you can disassemble specific object file.

ex.

objdump -DS XYZ.o > XYZ.S

Answer 3

Unless you have compiled kernel with debugging symbols included, there are no symbols for objdump to use. It is highly unlikely the kernel binary has debugging symbols included, unless you've specifically compiled it with such options.

In case your kernel binary does have debugging symbols, they can be found using nm -g and then further used with objdump -j <symbol>.