1 (* Memory info for virtual domains.
2 (C) Copyright 2008 Richard W.M. Jones, Red Hat Inc.
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program; if not, write to the Free Software
17 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 module C = Libvirt.Connect
26 module D = Libvirt.Domain
28 open Virt_mem_gettext.Gettext
30 module MMap = Virt_mem_mmap
32 let min_kallsyms_tabsize = 1_000L
33 let max_kallsyms_tabsize = 250_000L
35 let kernel_size = 0x100_0000
36 let max_memory_peek = 0x1_000
42 * Virt_mem_utils.architecture
43 * ([`Wordsize], [`Endian]) Virt_mem_mmap.t
47 | Compressed of (string * MMap.addr) list * MMap.addr
48 | Uncompressed of (string * MMap.addr) list
52 let debug = ref false in
54 (* Default wordsize. *)
55 let def_wordsize = ref None in
56 let set_wordsize = function
57 | "32" -> def_wordsize := Some W32
58 | "64" -> def_wordsize := Some W64
59 | "auto" -> def_wordsize := None
60 | str -> failwith (sprintf (f_"set_wordsize: %s: unknown wordsize") str)
63 (* Default endianness. *)
64 let def_endian = ref None in
65 let set_endian = function
66 | "auto" -> def_endian := None
67 | "le" | "little" | "littleendian" | "intel" ->
68 def_endian := Some Bitmatch.LittleEndian
69 | "be" | "big" | "bigendian" | "motorola" ->
70 def_endian := Some Bitmatch.BigEndian
71 | str -> failwith (sprintf (f_"set_endian: %s: unknown endianness") str)
74 (* Default architecture. *)
75 let def_architecture = ref None in
76 let set_architecture = function
77 | "auto" -> def_architecture := None
79 let arch = architecture_of_string arch in
80 def_architecture := Some arch;
81 def_endian := Some (endian_of_architecture arch);
82 def_wordsize := Some (wordsize_of_architecture arch)
85 (* Default text address. *)
86 let def_text_addr = ref 0L (* 0 = auto-detect *) in
87 let set_text_addr = function
88 | "auto" -> def_text_addr := 0L
89 | "i386" -> def_text_addr := 0xc010_0000_L (* common for x86 *)
90 | "x86-64"|"x86_64" -> def_text_addr := 0xffffffff_81000000_L (* x86-64? *)
91 | str -> def_text_addr := Int64.of_string str
94 (* List of kernel images. *)
95 let images = ref [] in
98 let memory_image filename =
100 (!def_wordsize, !def_endian, !def_architecture, !def_text_addr, filename)
105 printf "virt-mem %s\n" Virt_mem_version.version;
107 let major, minor, release =
108 let v, _ = Libvirt.get_version () in
109 v / 1_000_000, (v / 1_000) mod 1_000, v mod 1_000 in
110 printf "libvirt %d.%d.%d\n" major minor release;
114 let argspec = Arg.align [
115 "-A", Arg.String set_architecture,
116 "arch " ^ s_"Set kernel architecture, endianness and word size";
117 "-E", Arg.String set_endian,
118 "endian " ^ s_"Set kernel endianness";
119 "-T", Arg.String set_text_addr,
120 "addr " ^ s_"Set kernel text address";
121 "-W", Arg.String set_wordsize,
122 "addr " ^ s_"Set kernel word size";
123 "-c", Arg.Set_string uri,
124 "uri " ^ s_ "Connect to URI";
125 "--connect", Arg.Set_string uri,
126 "uri " ^ s_ "Connect to URI";
127 "--debug", Arg.Set debug,
128 " " ^ s_"Debug mode (default: false)";
129 "-t", Arg.String memory_image,
130 "image " ^ s_"Use saved kernel memory image";
131 "--version", Arg.Unit version,
132 " " ^ s_"Display version and exit";
136 raise (Arg.Bad (sprintf (f_"%s: unknown parameter") str)) in
137 let usage_msg = usage_msg ^ s_"\n\nOPTIONS" in
138 Arg.parse argspec anon_fun usage_msg;
140 let images = !images in
141 let debug = !debug in
142 let uri = if !uri = "" then None else Some !uri in
144 (* Get the kernel images. *)
146 if images = [] then (
149 try C.connect_readonly ?name ()
150 with Libvirt.Virterror err ->
151 prerr_endline (Libvirt.Virterror.to_string err);
152 (* If non-root and no explicit connection URI, print a warning. *)
153 if Unix.geteuid () <> 0 && name = None then (
154 print_endline (s_ "NB: If you want to monitor a local Xen hypervisor, you usually need to be root");
158 (* List of active domains. *)
160 let nr_active_doms = C.num_of_domains conn in
162 Array.to_list (C.list_domains conn nr_active_doms) in
164 List.map (D.lookup_by_id conn) active_doms in
168 let xmls = List.map (fun dom -> dom, D.get_xml_desc dom) doms in
171 let xmls = List.map (fun (dom, xml) ->
172 dom, Xml.parse_string xml) xmls in
174 (* XXX Do something with the XML XXX
175 * such as detecting arch, wordsize, endianness.
185 let name = D.get_name dom in
188 match !def_wordsize with
191 (sprintf (f_"%s: use -W to define word size for this image")
195 match !def_endian with
198 (sprintf (f_"%s: use -E to define endianness for this image")
203 match !def_architecture with
204 | Some I386 -> I386 | Some X86_64 -> X86_64
207 (sprintf (f_"%s: use -A to define architecture (i386/x86-64 only) for this image") name) in
209 if !def_text_addr = 0L then
211 (sprintf (f_"%s: use -T to define kernel load address for this image")
214 (* Read the kernel memory.
215 * Maximum 64K can be read over remote connections.
217 let str = String.create kernel_size in
219 let remaining = kernel_size - i in
220 if remaining > 0 then (
221 let size = min remaining max_memory_peek in
222 D.memory_peek dom [D.Virtual]
223 (!def_text_addr +^ Int64.of_int i) size str i;
229 (* Map the virtual memory. *)
230 let mem = MMap.of_string str !def_text_addr in
232 (* Force the wordsize and endianness. *)
233 let mem = MMap.set_wordsize mem wordsize in
234 let mem = MMap.set_endian mem endian in
240 fun (wordsize, endian, arch, text_addr, filename) ->
241 (* Quite a lot of limitations on the kernel images we can
242 * handle at the moment ...
244 (* XXX We could auto-detect wordsize easily. *)
249 (sprintf (f_"%s: use -W to define word size for this image")
256 (sprintf (f_"%s: use -E to define endianness for this image")
262 | Some I386 -> I386 | Some X86_64 -> X86_64
265 (sprintf (f_"%s: use -A to define architecture (i386/x86-64 only) for this image") filename) in
267 if text_addr = 0L then
269 (sprintf (f_"%s: use -T to define kernel load address for this image")
272 (* Map the virtual memory. *)
273 let fd = openfile filename [O_RDONLY] 0 in
274 let mem = MMap.of_file fd text_addr in
276 (* Force the wordsize and endianness. *)
277 let mem = MMap.set_wordsize mem wordsize in
278 let mem = MMap.set_endian mem endian in
280 (filename, arch, mem)
285 fun (name, arch, mem) ->
286 (* Look for some common entries in the exported symbol table and
287 * from that find the symbol table itself. These are just
288 * supposed to be symbols which are very likely to be present
289 * in any Linux kernel, although we only need one of them to be
290 * present to find the symbol table.
292 * NB. Must not be __initdata, must be in EXPORT_SYMBOL.
295 "init_task"; (* first task_struct *)
296 "root_mountflags"; (* flags for mounting root fs *)
297 "init_uts_ns"; (* uname strings *)
298 "sys_open"; (* open(2) entry point *)
299 "sys_chdir"; (* chdir(2) entry point *)
300 "sys_chroot"; (* chroot(2) entry point *)
301 "sys_umask"; (* umask(2) entry point *)
302 "schedule"; (* scheduler entry point *)
304 (* Searching for <NUL>string<NUL> *)
305 let common_ksyms_nul = List.map (sprintf "\000%s\000") common_ksyms in
307 (* Search for these strings in the memory image. *)
308 let ksym_strings = List.map (MMap.find_all mem) common_ksyms_nul in
309 let ksym_strings = List.concat ksym_strings in
310 (* Adjust found addresses to start of the string (skip <NUL>). *)
311 let ksym_strings = List.map Int64.succ ksym_strings in
313 (* For any we found, try to look up the symbol table
314 * base addr and size.
316 let ksymtabs = List.map (
318 (* Search for 'addr' appearing in the image. *)
319 let addrs = MMap.find_pointer_all mem addr in
321 (* Now consider each of these addresses and search back
322 * until we reach the beginning of the (possible) symbol
325 * Kernel symbol table struct is:
326 * struct kernel_symbol {
327 * unsigned long value;
328 * const char *name; <-- initial pointer
331 let pred_long2 addr =
332 MMap.pred_long mem (MMap.pred_long mem addr)
334 let base_addrs = List.map (
337 (* '*addr' should point to a C identifier. If it does,
338 * step backwards to the previous symbol table entry.
340 let addrp = MMap.follow_pointer mem addr in
341 if MMap.is_C_identifier mem addrp then
342 loop (pred_long2 addr)
344 MMap.succ_long mem addr
349 (* Also look for the end of the symbol table and
350 * calculate its size.
352 let base_addrs_sizes = List.map (
355 let addr2 = MMap.succ_long mem addr in
356 let addr2p = MMap.follow_pointer mem addr2 in
357 if MMap.is_C_identifier mem addr2p then
358 loop (MMap.succ_long mem addr2)
362 let end_addr = loop base_addr in
363 base_addr, end_addr -^ base_addr
368 let ksymtabs = List.concat ksymtabs in
370 (* Simply ignore any symbol table candidates which are too small. *)
371 let ksymtabs = List.filter (fun (_, size) -> size > 64L) ksymtabs in
374 printf "%s: candidate symbol tables at:\n" name;
377 printf "\t%Lx\t%Lx\t%!" addr size;
378 printf "first symbol: %s\n%!"
380 (MMap.follow_pointer mem
381 (MMap.succ_long mem addr)))
385 (* Vote for the most popular symbol table candidate and from this
386 * generate a function to look up ksyms.
389 let freqs = frequency ksymtabs in
392 eprintf (f_"%s: cannot find start of kernel symbol table\n") name;
393 (fun _ -> raise Not_found)
395 | (_, (ksymtab_addr, ksymtab_size)) :: _ ->
398 "%s: Kernel symbol table found at %Lx, size %Lx bytes\n%!"
399 name ksymtab_addr ksymtab_size;
401 (* Load the whole symbol table as a bitstring. *)
403 Bitmatch.bitstring_of_string
404 (MMap.get_bytes mem ksymtab_addr
405 (Int64.to_int ksymtab_size)) in
407 (* Function to look up an address in the symbol table. *)
408 let lookup_ksym sym =
409 let bits = bits_of_wordsize (MMap.get_wordsize mem) in
410 let e = MMap.get_endian mem in
413 | { value : bits : endian(e);
414 name_ptr : bits : endian(e) }
415 when MMap.get_string mem name_ptr = sym ->
417 | { _ : bits : endian(e);
418 _ : bits : endian(e);
419 bs : -1 : bitstring } ->
421 | { _ } -> raise Not_found
429 (* Now try to find the /proc/kallsyms table. This is in an odd
430 * compressed format (but not a very successful compression
431 * format). However if it exists we know that it will contain
432 * addresses of the common ksyms above, and it has some
433 * characteristics which make it easy to detect in the
436 * kallsyms contains a complete list of symbols so is much
437 * more useful than the basic list of exports.
439 let ksym_addrs = List.filter_map (
440 fun ksym -> try Some (lookup_ksym ksym) with Not_found -> None
443 (* Search for those kernel addresses in the image. We're looking
444 * for the table kallsyms_addresses followed by kallsyms_num_syms
445 * (number of symbols in the table).
447 let ksym_addrs = List.map (MMap.find_pointer_all mem) ksym_addrs in
448 let ksym_addrs = List.concat ksym_addrs in
450 (* Test each one to see if it's a candidate list of kernel
451 * addresses followed by length of list.
453 let kallsymtabs = List.filter_map (
455 (* Search upwards from address until we find the length field.
456 * If found, jump backwards by length and check all addresses.
459 printf "%s: testing candidate kallsyms at %Lx\n" name addr;
461 let addrp = MMap.follow_pointer mem addr in
462 if MMap.is_mapped mem addrp then
463 loop (MMap.succ_long mem addr) (* continue up the table *)
465 if addrp >= min_kallsyms_tabsize &&
466 addrp <= max_kallsyms_tabsize then (
467 (* addrp might be the symbol count. Count backwards and
468 * check the full table.
470 let num_entries = Int64.to_int addrp in
471 let entry_size = bytes_of_wordsize (MMap.get_wordsize mem) in
473 addr -^ Int64.of_int (entry_size * num_entries) in
474 let end_addr = addr in
476 if addr < end_addr then (
477 let addrp = MMap.follow_pointer mem addr in
478 if MMap.is_mapped mem addrp then
479 loop2 (MMap.succ_long mem addr)
481 None (* can't verify the full address table *)
484 let names_addr = MMap.succ_long mem end_addr in
486 printf "%s: candidate kallsyms found at %Lx (names_addr at %Lx, num_entries %d)\n"
487 name start_addr names_addr num_entries;
488 Some (start_addr, num_entries, names_addr)
497 | Some (start_addr, num_entries, names_addr) ->
498 (* As an additional verification, check the list of
502 (* If the first byte is '\000' and is followed by a
503 * C identifier, then this is old-school list of
504 * symbols with prefix compression as in 2.6.9.
505 * Otherwise Huffman-compressed kallsyms as in
508 if MMap.get_byte mem names_addr = 0 &&
509 MMap.is_C_identifier mem (names_addr+^1L) then (
510 let names = ref [] in
512 let rec loop names_addr start_addr num =
514 let prefix = MMap.get_byte mem names_addr in
515 let prefix = String.sub !prev 0 prefix in
516 let name = MMap.get_string mem (names_addr+^1L) in
517 let len = String.length name in
518 let name = prefix ^ name in
520 let names_addr = names_addr +^ Int64.of_int len +^ 2L in
521 let sym_value = MMap.follow_pointer mem start_addr in
522 let start_addr = MMap.succ_long mem start_addr in
523 (*printf "%S -> %Lx\n" name sym_value;*)
524 names := (name, sym_value) :: !names;
525 loop names_addr start_addr (num-1)
528 loop names_addr start_addr num_entries;
529 let names = List.rev !names in
531 Some (start_addr, num_entries, names_addr,
534 else ( (* new-style "compressed" names. *)
535 let compressed_names = ref [] in
536 let rec loop names_addr start_addr num =
538 let len = MMap.get_byte mem names_addr in
539 let name = MMap.get_bytes mem (names_addr+^1L) len in
540 let names_addr = names_addr +^ Int64.of_int len +^ 1L in
541 let sym_value = MMap.follow_pointer mem start_addr in
542 let start_addr = MMap.succ_long mem start_addr in
544 (name, sym_value) :: !compressed_names;
545 loop names_addr start_addr (num-1)
549 let markers_addr = loop names_addr start_addr num_entries in
550 let markers_addr = MMap.align mem markers_addr in
551 let compressed_names = List.rev !compressed_names in
553 Some (start_addr, num_entries, names_addr,
554 Compressed (compressed_names, markers_addr))
557 Invalid_argument _ -> None (* bad names list *)
561 printf "%s: candidate kallsyms at:\n" name;
564 | (start_addr, num_entries, names_addr, Uncompressed _) ->
565 printf "\t%Lx %d entries names_addr=%Lx old-style\n%!"
566 start_addr num_entries names_addr
567 | (start_addr, num_entries, names_addr,
568 Compressed (_, markers_addr)) ->
569 printf "\t%Lx %d entries names_addr=%Lx markers_addr=%Lx\n%!"
570 start_addr num_entries names_addr markers_addr
574 (* Vote for the most popular symbol table candidate and
575 * enhance the function for looking up ksyms.
578 let freqs = frequency kallsymtabs in
581 (* Can't find any kallsymtabs, just return the lookup_ksym
582 * function generated previously from the exported symbols.
586 | (_, (_, _, _, Uncompressed names)) :: _ ->
587 let lookup_ksym name =
588 try (* first look it up in kallsyms table. *)
589 List.assoc name names
590 with Not_found -> (* try the old exports table instead *)
595 | (_, (start_addr, num_entries, names_addr,
596 Compressed (compressed_names, markers_addr))) :: _ ->
597 (* Skip the markers and look for the token table. *)
598 let num_markers = Int64.of_int ((num_entries + 255) / 256) in
600 Int64.of_int (bytes_of_wordsize (MMap.get_wordsize mem)) in
601 let tokens_addr = markers_addr +^ marker_size *^ num_markers in
603 (* Now read out the compression tokens, which are just
604 * 256 ASCIIZ strings that map bytes in the compression
605 * names to substrings.
607 let tokens = Array.make 256 "" in
608 let rec loop i addr =
610 let str = MMap.get_string mem addr in
611 let len = String.length str in
612 let addr = addr +^ Int64.of_int (len+1) in
619 (* Expand the compressed names using the tokens. *)
620 let names = List.filter_map (
621 fun (name, sym_value) ->
622 let f c = tokens.(Char.code c) in
623 let name = String.replace_chars f name in
624 (* First character in uncompressed output is the symbol
625 * type, eg. 'T'/'t' for text etc.
627 (* NOTE: Symbol names are NOT unique
628 * (eg. 'con_start' is both a function and data in
629 * some kernels). XXX We need to handle this situation
632 (*let typ = name.[0] in*)
633 let name = String.sub name 1 (String.length name - 1) in
634 (*printf "%S -> %Lx\n" name sym_value;*)
635 Some (name, sym_value)
636 ) compressed_names in
638 let lookup_ksym name =
639 try (* first look it up in kallsyms table. *)
640 List.assoc name names
641 with Not_found -> (* try the old exports table instead *)
647 (* Just wrap the lookup_ksym call in something which prints
648 * the query when debug is set.
652 let lookup_ksym sym =
654 let value = lookup_ksym sym in
655 printf "lookup_ksym %S = %Lx\n%!" sym value;
658 printf "lookup_ksym %S failed\n%!" sym;
666 ((name, arch, mem, lookup_ksym) : image)