c - Linux Kernel - why a function's address in System.map is one byte preceding its address as seen in real time?

Question

In linux kernel source code, added this lines in tasklet_action code:

printk("tasklet_action = %p
" , *tasklet_action);
printk("tasklet_action = %p
" , &tasklet_action);
printk("tasklet_action = %p
" , tasklet_action);

In the output I get:

tasklet_action = c03441a1
tasklet_action = c03441a1
tasklet_action = c03441a1

But when searching it in the system.map file the tasklet_action address is at c03441a0 so there is an offset of 1 byte.

• Why do I have this offset?
• Is it always an one byte offset?

Answer 1

My guess is that you are running on ARM in Thumb mode, or on some other architecture that uses the bottom bit of the function pointer to indicate which mode to run in.

If so, the answer is that your function really is located at the address in the system.map.

The value you get at run time is the location and the mode.

Instructions, on these kinds of architectures, always must be 2- or 4-byte aligned, which would leave the bottom bit always zero. When the architecture grew an extra mode the designers made use of the 'wasted' bit to encode the mode. It's clever, but confusing, and not just for you: a lot of software, like debuggers, broke in many nasty ways when this was first invented.

The concept is particularly confusing for x86 programmers who are used to variable-length instructions with any random alignment.