Base address at which the linux kernel is loaded

Question

I have a couple of doubts about how the kernel is loaded into memory. Upon inspecting /proc/kallsyms I'm able to find the address of various symbols in the kernel.

$ cat /proc/kallsyms | head -n 10
00000000 t __vectors_start
80008240 T asm_do_IRQ
80008240 T _stext
80008240 T __exception_text_start
80008244 T do_undefinstr
80008408 T do_IPI
8000840c T do_DataAbort
800084a8 T do_PrefetchAbort
80008544 t gic_handle_irq
800085a0 T secondary_startup

1. Is there any way I can find the base address at which the kernel is loaded?
2. In userspace, suppose I use a libc with say the puts function at an offset of 0x200. When loaded into memory at say the address 0x8048000, I would be able to find the resolved puts at 0x8048000 + 0x200. Would the same hold for the kernel? i.e. is the kernel image loaded up into memory as 1 contiguous .text section?

Answer 1

If you are using u-boot then at boot time bootloader usually print the kernel load address and entry point.

Erase Group Size: 512 Bytes
reading uImage
4670784 bytes read in 469 ms (9.5 MiB/s)
reading devicetree.dtb
20597 bytes read in 17 ms (1.2 MiB/s)
Booting Linux kernel with ramdisk and devicetree
## Booting kernel from Legacy Image at 02004000 ...
   Image Name:   Linux-4.9.0-xilinx
   Image Type:   ARM Linux Kernel Image (uncompressed)
   Data Size:    4670720 Bytes = 4.5 MiB
   Load Address: 10000000
   Entry Point:  10000000
   Verifying Checksum ... OK
## Flattened Device Tree blob at 04000000
   Booting using the fdt blob at 0x4000000
   Loading Kernel Image ... OK
   Loading Device Tree to 1cb3d000, end 1cb45074 ... OK

Starting kernel ...

Answer 2

As other answer states that Kernel base address is fixed for particular architecture. But due to many security issues kernel development community decided to make it random. It is called ASLR (Address Space Layout Randomization).

By reading your question (or because I am reading it in 2017), you may be trying to find offset used in ASLR (or KASLR for kernel).

KASLR offset = address of symbol loaded in memory - address of symbol present in binary.

As your question states you already know address of symbol in memory from /proc/kallsyms.

We can find address of symbol in binary using nm utility and vmlinux file.

nm vmlinux | grep do_IPI

This will print address of symbol do_IPI in vmlinux file. Subtracting these two address will provide you KASLR offset.

Answer 3

for MIPS architecture

file Platform contain the field/variable "load-..." assigned with the location in physical address space.

example:

openwrt/build_dir/target-mips_mips32_musl-1.1.16/linux-brcm63xx_smp/linux-4.4.14/arch/mips/bcm63xx/Platform

#
# Broadcom BCM63XX boards
#
platform-$(CONFIG_BCM63XX)  += bcm63xx/
cflags-$(CONFIG_BCM63XX)    +=                  \
    -I$(srctree)/arch/mips/include/asm/mach-bcm63xx/
load-$(CONFIG_BCM63XX)      := 0xffffffff80010000

for ARM architecture

file Makefile.boot contain the field/variable "zreladdr-y" assigned with the location in physical address space.

example:

openwrt/build_dir/target-mips_mips32_musl-1.1.16/linux-brcm63xx_smp/linux-4.4.14/arch/arm/mach-omap1/Makefile.boot

   zreladdr-y       += 0x10008000
params_phys-y       := 0x10000100
initrd_phys-y       := 0x10800000

for Microblaze architecture

file Makefile contain the field/variable "UIMAGE_LOADADDR" assigned with the location in physical address space (exported from Xilinx ISE).

example:

openwrt/build_dir/target-mips_mips32_musl-1.1.16/linux-brcm63xx_smp/linux-4.4.14/arch/microblaze/boot/Makefile

UIMAGE_LOADADDR = $(CONFIG_KERNEL_BASE_ADDR)

Answer 4

Kernel is loaded at physical address of 1MiB which is mapped on PAGE_OFFSET + 0x00100000 (virtual address). usually 8MiB of virtual space is reserved for kernel image starting from PAGE_OFFSET + 0x00100000

Answer 5

In the case of this ARM kernel the load address was at 0x80008000. Also, the kernel is loaded in a contiguous manner.