1 (* Memory info for virtual domains.
2 (C) Copyright 2008 Richard W.M. Jones, Red Hat Inc.
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program; if not, write to the Free Software
17 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 open Virt_mem_gettext.Gettext
26 module MMap = Virt_mem_mmap
32 * Virt_mem_utils.architecture
33 * ([`Wordsize], [`Endian]) Virt_mem_mmap.t
34 * (ksym -> Virt_mem_mmap.addr)
37 (* Verbose messages. *)
38 let verbose = ref false in
40 (* Default wordsize. *)
41 let def_wordsize = ref None in
42 let set_wordsize = function
43 | "32" -> def_wordsize := Some W32
44 | "64" -> def_wordsize := Some W64
45 | "auto" -> def_wordsize := None
46 | str -> failwith (sprintf (f_"set_wordsize: %s: unknown wordsize") str)
49 (* Default endianness. *)
50 let def_endian = ref None in
51 let set_endian = function
52 | "auto" -> def_endian := None
53 | "le" | "little" | "littleendian" | "intel" ->
54 def_endian := Some Bitmatch.LittleEndian
55 | "be" | "big" | "bigendian" | "motorola" ->
56 def_endian := Some Bitmatch.BigEndian
57 | str -> failwith (sprintf (f_"set_endian: %s: unknown endianness") str)
60 (* Default architecture. *)
61 let def_architecture = ref None in
62 let set_architecture = function
63 | "auto" -> def_architecture := None
65 let arch = architecture_of_string arch in
66 def_architecture := Some arch;
67 def_endian := Some (endian_of_architecture arch);
68 def_wordsize := Some (wordsize_of_architecture arch)
71 (* Default text address. *)
72 let def_text_addr = ref 0L (* 0 = auto-detect *) in
73 let set_text_addr = function
74 | "auto" -> def_text_addr := 0L
75 | "i386" -> def_text_addr := 0xc010_0000_L (* common for x86 *)
76 | "x86-64"|"x86_64" -> def_text_addr := 0xffffffff_81000000_L (* x86-64? *)
77 | str -> def_text_addr := Int64.of_string str
80 (* List of kernel images. *)
81 let images = ref [] in
83 let memory_image filename =
85 (!def_wordsize, !def_endian, !def_architecture, !def_text_addr, filename)
89 let argspec = Arg.align [
90 "-A", Arg.String set_architecture,
91 "arch " ^ s_"Set kernel architecture, endianness and word size";
92 "-E", Arg.String set_endian,
93 "endian " ^ s_"Set kernel endianness";
94 "-T", Arg.String set_text_addr,
95 "addr " ^ s_"Set kernel text address";
96 "-W", Arg.String set_wordsize,
97 "addr " ^ s_"Set kernel word size";
98 "-t", Arg.String memory_image,
99 "image " ^ s_"Use saved kernel memory image";
100 "-verbose", Arg.Set verbose,
101 " " ^ s_"Verbose messages";
105 raise (Arg.Bad (sprintf (f_"%s: unknown parameter") str)) in
106 let usage_msg = usage_msg ^ s_"\n\nOPTIONS" in
107 Arg.parse argspec anon_fun usage_msg;
109 let images = !images in
110 let verbose = !verbose in
112 (* Get the kernel images. *)
115 (* XXX use libvirt to get images *)
116 failwith "libvirt: not yet implemented"
119 fun (wordsize, endian, arch, text_addr, filename) ->
120 (* Quite a lot of limitations on the kernel images we can
121 * handle at the moment ...
123 (* XXX We could auto-detect wordsize easily. *)
128 (sprintf (f_"%s: use -W to define word size for this image")
135 (sprintf (f_"%s: use -E to define endianness for this image")
141 | Some I386 -> I386 | Some X86_64 -> X86_64
144 (sprintf (f_"%s: use -A to define architecture (i386/x86-64 only) for this image") filename) in
146 if text_addr = 0L then
148 (sprintf (f_"%s: use -T to define kernel load address for this image")
151 (* Map the virtual memory. *)
152 let fd = openfile filename [O_RDONLY] 0 in
153 let mem = MMap.of_file fd text_addr in
155 (* Force the wordsize and endianness. *)
156 let mem = MMap.set_wordsize mem wordsize in
157 let mem = MMap.set_endian mem endian in
159 (filename, arch, mem)
164 fun (name, arch, mem) ->
165 (* Look for some common entries in the symbol table and from
166 * that find the symbol table itself. These are just supposed to
167 * be symbols which are very likely to be present in any Linux
168 * kernel, although we only need one of them to be present to
169 * find the symbol table.
171 * NB. Must not be __initdata.
174 "init_task"; (* first task_struct *)
175 "root_mountflags"; (* flags for mounting root fs *)
176 "init_uts_ns"; (* uname strings *)
177 "sys_open"; (* open(2) entry point *)
178 "sys_chdir"; (* chdir(2) entry point *)
179 "sys_chroot"; (* chroot(2) entry point *)
180 "sys_umask"; (* umask(2) entry point *)
181 "schedule"; (* scheduler entry point *)
183 (* Searching for <NUL>string<NUL> *)
184 let common_ksyms = List.map (sprintf "\000%s\000") common_ksyms in
186 (* Search for these strings in the memory image. *)
187 let ksym_strings = List.map (MMap.find_all mem) common_ksyms in
188 let ksym_strings = List.concat ksym_strings in
189 (* Adjust found addresses to start of the string (skip <NUL>). *)
190 let ksym_strings = List.map Int64.succ ksym_strings in
192 (* For any we found, try to look up the symbol table
193 * base addr and size.
195 let ksymtabs = List.map (
197 (* Search for 'addr' appearing in the image. *)
198 let addrs = MMap.find_pointer_all mem addr in
200 (* Now consider each of these addresses and search back
201 * until we reach the beginning of the (possible) symbol
204 * Kernel symbol table struct is:
205 * struct kernel_symbol {
206 * unsigned long value;
207 * const char *name; <-- initial pointer
210 let pred_long2 addr =
211 MMap.pred_long mem (MMap.pred_long mem addr)
213 let base_addrs = List.map (
216 (* '*addr' should point to a C identifier. If it does,
217 * step backwards to the previous symbol table entry.
219 let addrp = MMap.follow_pointer mem addr in
220 if MMap.is_C_identifier mem addrp then
221 loop (pred_long2 addr)
223 MMap.succ_long mem addr
228 (* Also look for the end of the symbol table and
229 * calculate its size.
231 let base_addrs_sizes = List.map (
234 let addr2 = MMap.succ_long mem addr in
235 let addr2p = MMap.follow_pointer mem addr2 in
236 if MMap.is_C_identifier mem addr2p then
237 loop (MMap.succ_long mem addr2)
241 let end_addr = loop base_addr in
242 base_addr, end_addr -^ base_addr
247 let ksymtabs = List.concat ksymtabs in
249 (* Simply ignore any symbol table candidates which are too small. *)
250 let ksymtabs = List.filter (fun (_, size) -> size > 64L) ksymtabs in
253 printf "name %s:\n" name;
256 printf "\t%Lx\t%Lx\t%!" addr size;
257 printf "first symbol: %s\n%!"
259 (MMap.follow_pointer mem
260 (MMap.succ_long mem addr)))
264 (* Vote for the most popular symbol table candidate and from this
265 * generate a function to look up ksyms.
268 let freqs = frequency ksymtabs in
271 eprintf (f_"%s: cannot find start of kernel symbol table\n") name;
272 (fun _ -> raise Not_found)
274 | (_, (ksymtab_addr, ksymtab_size)) :: _ ->
277 "%s: Kernel symbol table found at %Lx, size %Lx bytes\n%!"
278 name ksymtab_addr ksymtab_size;
280 (* Load the whole symbol table as a bitstring. *)
282 Bitmatch.bitstring_of_string
283 (MMap.get_bytes mem ksymtab_addr
284 (Int64.to_int ksymtab_size)) in
286 (* Function to look up an address in the symbol table. *)
287 let lookup_ksym sym =
288 let bits = bits_of_wordsize (MMap.get_wordsize mem) in
289 let e = MMap.get_endian mem in
292 | { value : bits : endian(e);
293 name_ptr : bits : endian(e) }
294 when MMap.get_string mem name_ptr = sym ->
296 | { _ : bits : endian(e);
297 _ : bits : endian(e);
298 bs : -1 : bitstring } ->
300 | { _ } -> raise Not_found
307 ((name, arch, mem, lookup_ksym) : image)