- fun (name, (arch, mem)) ->
- (* Look for some common entries in the symbol table and from
- * that find the symbol table itself. These are just supposed to
- * be symbols which are very likely to be present in any Linux
- * kernel, although we only need one of them to be present to
- * find the symbol table.
- *
- * NB. Must not be __initdata.
- *)
- let common_ksyms = [
- "init_task"; (* first task_struct *)
- "root_mountflags"; (* flags for mounting root fs *)
- "init_uts_ns"; (* uname strings *)
- "sys_open"; (* open(2) entry point *)
- "sys_chdir"; (* chdir(2) entry point *)
- "sys_chroot"; (* chroot(2) entry point *)
- "sys_umask"; (* umask(2) entry point *)
- "schedule"; (* scheduler entry point *)
- ] in
- (* Searching for <NUL>string<NUL> *)
- let common_ksyms = List.map (sprintf "\000%s\000") common_ksyms in
-
- (* Search for these strings in the memory image. *)
- let ksym_strings = List.map (MMap.find_all mem) common_ksyms in
- let ksym_strings = List.concat ksym_strings in
- (* Adjust found addresses to start of the string (skip <NUL>). *)
- let ksym_strings = List.map Int64.succ ksym_strings in
-
- (* For any we found, try to look up the symbol table
- * base addr and size.
- *)
- let ksymtabs = List.map (
- fun addr ->
- (* Search for 'addr' appearing in the image. *)
- let addrs = MMap.find_pointer_all mem addr in
-
- (* Now consider each of these addresses and search back
- * until we reach the beginning of the (possible) symbol
- * table.
- *
- * Kernel symbol table struct is:
- * struct kernel_symbol {
- * unsigned long value;
- * const char *name; <-- initial pointer
- * } symbols[];
- *)
- let pred_long2 addr = MMap.pred_long mem (MMap.pred_long mem addr) in
- let base_addrs = List.map (
- fun addr ->
- let rec loop addr =
- (* '*addr' should point to a C identifier. If it does,
- * step backwards to the previous symbol table entry.
- *)
- let addrp = MMap.follow_pointer mem addr in
- if MMap.is_C_identifier mem addrp then
- loop (pred_long2 addr)
- else
- MMap.succ_long mem addr
- in
- loop addr
- ) addrs in
-
- (* Also look for the end of the symbol table and
- * calculate its size.
- *)
- let base_addrs_sizes = List.map (
- fun base_addr ->
- let rec loop addr =
- let addr2 = MMap.succ_long mem addr in
- let addr2p = MMap.follow_pointer mem addr2 in
- if MMap.is_C_identifier mem addr2p then
- loop (MMap.succ_long mem addr2)
- else
- addr
- in
- let end_addr = loop base_addr in
- base_addr, end_addr -^ base_addr
- ) base_addrs in
-
- base_addrs_sizes
- ) ksym_strings in
- let ksymtabs = List.concat ksymtabs in
-
- (* Simply ignore any symbol table candidates which are too small. *)
- let ksymtabs = List.filter (fun (_, size) -> size > 64L) ksymtabs in
-
- if verbose then (
- printf "name %s:\n" name;
- List.iter (
- fun (addr, size) ->
- printf "\t%Lx\t%Lx\t%!" addr size;
- printf "first symbol: %s\n%!"
- (MMap.get_string mem
- (MMap.follow_pointer mem
- (MMap.succ_long mem addr)))
- ) ksymtabs
- );
-
- (* Vote for the most popular symbol table candidate. *)
- let freqs = frequency ksymtabs in
- match freqs with
- | [] ->
- eprintf "%s: cannot find start of kernel symbol table\n" name
- | (_, (ksymtab_addr, ksymtab_size)) :: _ ->
- if verbose then
- printf "%s: Kernel symbol table found at %Lx, size %Lx bytes\n%!"
- name ksymtab_addr ksymtab_size;
-
- (* Load the whole symbol table as a bitstring. *)
- let ksymtab =
- Bitmatch.bitstring_of_string
- (MMap.get_bytes mem ksymtab_addr (Int64.to_int ksymtab_size)) in
-
- (* Function to look up an address in the symbol table. *)
- let lookup_ksym sym =
- let bits = bits_of_wordsize (MMap.get_wordsize mem) in
- let e = MMap.get_endian mem in
- let rec loop bs =
- bitmatch bs with
- | { value : bits : endian(e);
- name_ptr : bits : endian(e) }
- when MMap.get_string mem name_ptr = sym ->
- value
- | { _ : bits : endian(e);
- _ : bits : endian(e);
- bs : -1 : bitstring } ->
- loop bs
- | { _ } -> raise Not_found
- in
- loop ksymtab
- in
-
- if verbose then (
- (* This just tests looking up kernel symbols. *)
- printf "init_task = %Lx\n" (lookup_ksym "init_task");
- printf "schedule = %Lx\n" (lookup_ksym "schedule");
- printf "system_utsname = %s\n"
- (try
- let addr = lookup_ksym "system_utsname" in
- sprintf "%Lx" addr
- with Not_found -> "not found");
- printf "init_uts_ns = %s\n"
- (try
- let addr = lookup_ksym "init_uts_ns" in
- sprintf "%Lx" addr
- with Not_found -> "not found");
- );
-
-
-
-
- ) images
+ fun kimage ->
+ try
+ (* Do the kernel symbol analysis. *)
+ let kimage =
+ if not needs_ksyms then kimage
+ else (
+ (* Look for ordinary kernel symbols: *)
+ let kimage = Virt_mem_ksyms.find_kernel_symbols debug kimage in
+
+ if kimage.have_ksyms then
+ (* Look for kallsyms: *)
+ Virt_mem_kallsyms.find_kallsyms debug kimage
+ else kimage
+ ) in
+
+ (* Get the kernel version (utsname analysis). *)
+ let kimage =
+ if not needs_utsname then kimage
+ else (
+ if kimage.have_ksyms then
+ Virt_mem_utsname.find_utsname debug kimage
+ else
+ kimage
+ ) in
+
+ (* Get the tasks. *)
+ let kimage =
+ if not needs_tasks then kimage
+ else (
+ let { ksyms = ksyms; have_ksyms = have_ksyms; utsname = utsname;
+ addrmap = addrmap } = kimage in
+ match have_ksyms, utsname with
+ | true, Some { uts_kernel_release = kernel_version } ->
+ let kimage = ref kimage in
+ let load struct_name addr size =
+ if debug then
+ eprintf "load for task, %s: %Lx %d ...\n"
+ struct_name addr size;
+ let mapped =
+ Virt_mem_mmap.is_mapped_range !kimage.mem addr size in
+ if not mapped then kimage := load_memory !kimage addr size;
+ let bits = Virt_mem_mmap.get_bytes !kimage.mem addr size in
+ Bitstring.bitstring_of_string bits
+ in
+ let addrmap =
+ try
+ let init_task = Ksymmap.find "init_task" ksyms in
+ Some (Kernel.task_struct_follower debug kernel_version
+ load addrmap init_task)
+ with
+ Not_found ->
+ eprintf (f_"%s: cannot find init_task symbol in kernel image.\n") !kimage.domname;
+ None in
+ (match addrmap with
+ | None -> !kimage
+ | Some addrmap ->
+ { !kimage with addrmap = addrmap; have_tasks = true }
+ )
+ | _, _ -> kimage
+ ) in
+
+ (* Get the net devices. *)
+ let kimage =
+ if not needs_net_devices then kimage
+ else (
+ let { ksyms = ksyms; have_ksyms = have_ksyms; utsname = utsname;
+ addrmap = addrmap } = kimage in
+ match have_ksyms, utsname with
+ | true, Some { uts_kernel_release = kernel_version } ->
+ let kimage = ref kimage in
+ let load struct_name addr size =
+ if debug then
+ eprintf "load for net dev, %s: %Lx %d ...\n"
+ struct_name addr size;
+ let mapped =
+ Virt_mem_mmap.is_mapped_range !kimage.mem addr size in
+ if not mapped then kimage := load_memory !kimage addr size;
+ let bits = Virt_mem_mmap.get_bytes !kimage.mem addr size in
+ Bitstring.bitstring_of_string bits
+ in
+ let addrmap =
+ try
+ let dev_base = Ksymmap.find "dev_base" ksyms in
+ Some (Kernel.net_device_follower debug kernel_version
+ load addrmap dev_base)
+ with Not_found ->
+ try
+ let dev_base_head = Ksymmap.find "dev_base_head" ksyms in
+ (* XXX adjust to get offset of start of net_device *)
+ assert false
+ with Not_found ->
+ try
+ let init_net = Ksymmap.find "init_net" ksyms in
+ Some (Kernel.net_follower debug kernel_version
+ load addrmap init_net)
+ with Not_found ->
+ eprintf (f_"%s: cannot find dev_base, dev_base_head or init_net symbols in kernel image.\n") !kimage.domname;
+ None in
+ (match addrmap with
+ | None -> !kimage
+ | Some addrmap ->
+ { !kimage with addrmap = addrmap; have_net_devices = true }
+ )
+ | _, _ -> kimage
+ ) in
+
+ (* Run the tool's main function. *)
+ if not needs_everything then (
+ if needs_ksyms && kimage.have_ksyms = false then
+ failwith (s_"could not read kernel symbols")
+ else if needs_utsname && kimage.utsname = None then
+ failwith (s_"could not read kernel version")
+ else if needs_tasks && kimage.have_tasks = false then
+ failwith (s_"could not read process table")
+ else if needs_net_devices && kimage.have_net_devices = false then
+ failwith (s_"could not read net device table")
+ );
+ run debug kimage
+ with exn ->
+ eprintf "%s: %s\n" kimage.domname (Printexc.to_string exn);
+ incr errors
+ ) kimages;
+
+ exit (if !errors > 0 then 1 else 0)