open Virt_mem_gettext.Gettext
open Virt_mem_utils
-module MMap = Virt_mem_mmap
-
-let min_kallsyms_tabsize = 1_000L
-let max_kallsyms_tabsize = 250_000L
+open Virt_mem_types
(* Make the kernel size around 16 MB, but just a bit smaller than
* maximum string length so we can still run this on a 32 bit platform.
let kernel_size =
if Sys.word_size = 32 then Sys.max_string_length
else 0x100_0000
-let max_memory_peek = 65536 (* XXX Use D.max_peek function *)
-
-type ksym = string
-
-type image =
- string
- * Virt_mem_utils.architecture
- * ([`Wordsize], [`Endian]) Virt_mem_mmap.t
- * (ksym -> MMap.addr)
-
-type kallsyms_compr =
- | Compressed of (string * MMap.addr) list * MMap.addr
- | Uncompressed of (string * MMap.addr) list
(* When tools register themselves, they are added to this list.
* Later, we will alphabetize the list.
*)
-let tools = ref [
- "capture", (
- "capture",
- s_"capture memory image for post-mortem analysis",
- s_"Capture a memory image to a file for later post-mortem
-analysis. Use the '-o memoryimage' option to specify the
-output file.
-
-Other tools can load the memory image using the '-t' option.",
- false,
- (fun _ _ -> ())
- );
-]
+let tools = ref []
(* Registration function used by the tools. *)
-let register name summary description is_cmd run_fn =
- tools := (name, (name, summary, description, is_cmd, run_fn)) :: !tools
+let register
+ ?(needs_ksyms = false) ?(needs_utsname = false)
+ ?(needs_tasks = false) ?(needs_net_devices = false)
+ ?(needs_everything = false)
+ ~run
+ ?(external_cmd = true)
+ ?(extra_args = [])
+ ?argcheck
+ name summary description =
+ tools :=
+ (name, (name, summary, description,
+ needs_ksyms, needs_utsname, needs_tasks, needs_net_devices,
+ needs_everything,
+ run, external_cmd, extra_args, argcheck))
+ :: !tools
(* Main program, called from mem/virt_mem_main.ml when all the
* tools have had a chance to register themselves.
* module to properly parse the command line (below), so that
* we can have a usage message ready.
*)
- let tool =
+ let tool, ignore_first_anon_arg =
let prog = Sys.executable_name in (* eg. "/usr/bin/virt-dmesg.opt" *)
let prog = Filename.basename prog in(* eg. "virt-dmesg.opt" *)
let prog = (* eg. "virt-dmesg" *)
if String.starts_with prog "virt-" then
String.sub prog 5 (String.length prog - 5)
else prog in
- try Some (List.assoc prog tools)
+ try Some (List.assoc prog tools), false
with Not_found ->
let arg1 = (* First non-option argument. *)
match Array.to_list Sys.argv with
in
loop args in
match arg1 with
- | None -> None
+ | None -> None, false
| Some prog -> (* Recognisable first argument? *)
let prog =
try Filename.chop_extension prog with Invalid_argument _ -> prog in
if String.starts_with prog "virt-" then
String.sub prog 5 (String.length prog - 5)
else prog in
- (try Some (List.assoc prog tools) with Not_found -> None) in
+ (try Some (List.assoc prog tools), true
+ with Not_found -> None, false) in
(* Make a usage message. *)
let usage_msg =
match tool with
| None -> (* Generic usage message. *)
let tools = List.map (
- fun (name, (_, summary, _, is_cmd, _)) ->
- if is_cmd then "virt-"^name, summary
- else "virt-mem "^name, summary
+ fun (name, (_, summary, _, _, _, _, _, _, _, external_cmd, _, _)) ->
+ if external_cmd then "virt-"^name, summary
+ else "virt-mem "^name, summary
) tools in
(* Maximum width of field in the left hand column. *)
let max_width =
<tool> [-options] [domains...]
To display extra help for a single tool, do:
- virt-mem help <tool>
+ virt-mem --help <tool>
Options:") tools
(* Tool-specific usage message. *)
- | Some (name, summary, description, is_cmd, _) ->
- let cmd = if is_cmd then "virt-" ^ name else "virt-mem " ^ name in
+ | Some (name, summary, description, _, _, _, _, _, _, external_cmd, _, _) ->
+ let cmd =
+ if external_cmd then "virt-" ^ name else "virt-mem " ^ name in
sprintf (f_"\
Options:") cmd summary description in
(* Now begin proper parsing of the command line arguments. *)
-
- (* Debug messages. *)
let debug = ref false in
+ let testimages = ref [] in
+ let uri = ref "" in
+ let anon_args = ref [] in
- (* Default wordsize. *)
+ (* Default wordsize (-W). *)
let def_wordsize = ref None in
let set_wordsize = function
| "32" -> def_wordsize := Some W32
| str -> failwith (sprintf (f_"set_wordsize: %s: unknown wordsize") str)
in
- (* Default endianness. *)
+ (* Default endianness (-E). *)
let def_endian = ref None in
let set_endian = function
| "auto" -> def_endian := None
| "le" | "little" | "littleendian" | "intel" ->
- def_endian := Some Bitmatch.LittleEndian
+ def_endian := Some Bitstring.LittleEndian
| "be" | "big" | "bigendian" | "motorola" ->
- def_endian := Some Bitmatch.BigEndian
+ def_endian := Some Bitstring.BigEndian
| str -> failwith (sprintf (f_"set_endian: %s: unknown endianness") str)
in
- (* Default architecture. *)
+ (* Default architecture (-A). *)
let def_architecture = ref None in
let set_architecture = function
| "auto" -> def_architecture := None
def_wordsize := Some (wordsize_of_architecture arch)
in
- (* Default text address. *)
+ (* Default text address (-T). *)
let def_text_addr = ref 0L (* 0 = auto-detect *) in
+ let def_kernel_min = ref 0L in
+ let def_kernel_max = ref 0L in
let set_text_addr = function
| "auto" -> def_text_addr := 0L
- | "i386" -> def_text_addr := 0xc010_0000_L (* common for x86 *)
- | "x86-64"|"x86_64" -> def_text_addr := 0xffffffff_81000000_L (* x86-64? *)
- | str -> def_text_addr := Int64.of_string str
+ | "i386" ->
+ (* common for x86, but we should be able to try a selection *)
+ def_text_addr := 0xc010_0000_L;
+ def_kernel_min := 0xc010_0000_L;
+ def_kernel_max := 0xffff_ffff_L
+ | "x86-64"|"x86_64" ->
+ def_text_addr := 0xffffffff_81000000_L;
+ def_kernel_min := 0xffffffff_81000000_L;
+ def_kernel_max := 0xffffffff_ffffffff_L;
+ | str ->
+ let strs = String.nsplit str "," in
+ match strs with
+ | [str] ->
+ def_text_addr := Int64.of_string str;
+ def_kernel_min := !def_text_addr;
+ def_kernel_max :=
+ if !def_text_addr < 0x1_0000_0000_L
+ then 0xffff_ffff_L
+ else 0xffffffff_ffffffff_L
+ | [str1;str2;str3] ->
+ def_text_addr := Int64.of_string str1;
+ def_kernel_min := Int64.of_string str2;
+ def_kernel_max := Int64.of_string str3
+ | _ -> failwith (sprintf (f_"set_text_addr: %s: incorrect number of parameters to -T option") str)
in
- (* List of kernel images. *)
- let images = ref [] in
- let uri = ref "" in
- let anon_args = ref [] in
-
+ (* Handle -t option. *)
let memory_image filename =
- images :=
- (!def_wordsize, !def_endian, !def_architecture, !def_text_addr, filename)
- :: !images
+ testimages :=
+ (!def_wordsize, !def_endian, !def_architecture,
+ !def_text_addr, !def_kernel_min, !def_kernel_max, filename)
+ :: !testimages
in
+ (* Handle --version option. *)
let version () =
printf "virt-mem %s\n" Virt_mem_version.version;
exit 0
in
- let argspec = Arg.align [
- "-A", Arg.String set_architecture,
- "arch " ^ s_"Set kernel architecture, endianness and word size";
- "-E", Arg.String set_endian,
- "endian " ^ s_"Set kernel endianness";
- "-T", Arg.String set_text_addr,
- "addr " ^ s_"Set kernel text address";
- "-W", Arg.String set_wordsize,
- "addr " ^ s_"Set kernel word size";
- "-c", Arg.Set_string uri,
- "uri " ^ s_ "Connect to URI";
- "--connect", Arg.Set_string uri,
- "uri " ^ s_ "Connect to URI";
- "--debug", Arg.Set debug,
- " " ^ s_"Debug mode (default: false)";
- "-t", Arg.String memory_image,
- "image " ^ s_"Use saved kernel memory image";
- "--version", Arg.Unit version,
- " " ^ s_"Display version and exit";
- ] in
+ (* Handle --list-kernels option. *)
+ let list_kernels () =
+ List.iter print_endline Virt_mem_kernels.kernels;
+ exit 0
+ in
+ (* Function to collect up any anonymous args (domain names/IDs). *)
let anon_arg str = anon_args := str :: !anon_args in
+
+ (* Construct the argspec.
+ * May include extra arguments specified by the tool.
+ *)
+ let argspec =
+ let extra_args = match tool with
+ | None -> []
+ | Some (_, _,_, _, _, _, _, _, _, _, extra_args, _) -> extra_args in
+ let argspec = [
+ "-A", Arg.String set_architecture,
+ "arch " ^ s_"Set kernel architecture, endianness and word size";
+ "-E", Arg.String set_endian,
+ "endian " ^ s_"Set kernel endianness";
+ "-T", Arg.String set_text_addr,
+ "addr " ^ s_"Set kernel text address";
+ "-W", Arg.String set_wordsize,
+ "addr " ^ s_"Set kernel word size";
+ "-c", Arg.Set_string uri,
+ "uri " ^ s_ "Connect to URI";
+ "--connect", Arg.Set_string uri,
+ "uri " ^ s_ "Connect to URI";
+ "--debug", Arg.Set debug,
+ " " ^ s_"Debug mode (default: false)";
+ "--list-kernels", Arg.Unit list_kernels,
+ " " ^ s_"List known kernels";
+ "-t", Arg.String memory_image,
+ "image " ^ s_"Use saved kernel memory image";
+ "--version", Arg.Unit version,
+ " " ^ s_"Display version and exit";
+ ] @ extra_args in
+
+ (* Sort options alphabetically on first alpha character. *)
+ let cmp (a,_,_) (b,_,_) =
+ let chars = "-" in
+ let a = String.strip ~chars a and b = String.strip ~chars b in
+ compare a b
+ in
+ let argspec = List.sort ~cmp argspec in
+ (* Make the options line up nicely. *)
+ Arg.align argspec in
+
+ (* Parse the command line. This will exit if --version or --help found. *)
Arg.parse argspec anon_arg usage_msg;
- let images = !images in
+ let testimages = !testimages in
let debug = !debug in
let uri = if !uri = "" then None else Some !uri in
+
+ (* Discard the first anonymous argument if, above, we previously
+ * found it contained the tool name.
+ *)
let anon_args = List.rev !anon_args in
+ let anon_args =
+ if ignore_first_anon_arg then List.tl anon_args else anon_args in
(* At this point, either --help was specified on the command line
* (and so the program has exited) or we must have determined tool,
* or the user didn't give us a valid tool (eg. "virt-mem foobar").
* Detect that final case now and give an error.
*)
- let name, _, _, _, run_fn =
+ let name, _, _,
+ needs_ksyms, needs_utsname, needs_tasks, needs_net_devices,
+ needs_everything,
+ run, external_cmd, extra_args, argcheck =
match tool with
| Some t -> t
| None ->
in
if debug then eprintf "tool = %s\n%!" name;
+ (* Optional argument checking in the tool. *)
+ (match argcheck with
+ | None -> ()
+ | Some argcheck -> argcheck debug
+ );
+
(* Get the kernel images. *)
let images =
- if images = [] then (
+ if testimages = [] then (
let conn =
let name = uri in
try C.connect_readonly ?name ()
List.map (
fun (dom, _) ->
- let name = D.get_name dom in
+ let domname = D.get_name dom in
let wordsize =
match !def_wordsize with
| None ->
failwith
(sprintf (f_"%s: use -W to define word size for this image")
- name);
+ domname);
| Some ws -> ws in
let endian =
match !def_endian with
| None ->
failwith
(sprintf (f_"%s: use -E to define endianness for this image")
- name);
+ domname);
| Some e -> e in
let arch =
| Some I386 -> I386 | Some X86_64 -> X86_64
| _ ->
failwith
- (sprintf (f_"%s: use -A to define architecture (i386/x86-64 only) for this image") name) in
+ (sprintf (f_"%s: use -A to define architecture (i386/x86-64 only) for this image") domname) in
- if !def_text_addr = 0L then
- failwith
- (sprintf (f_"%s: use -T to define kernel load address for this image") name);
+ if !def_text_addr = 0L ||
+ !def_kernel_min = 0L ||
+ !def_kernel_max = 0L then
+ failwith
+ (sprintf (f_"%s: use -T to define kernel load address for this image") domname);
+ (* Download the static part of the kernel. *)
let start_t = gettimeofday () in
- (* Read the kernel memory.
- * Maximum 64K can be read over remote connections.
- *)
- let str = String.create kernel_size in
- let rec loop i =
- let remaining = kernel_size - i in
- if remaining > 0 then (
- let size = min remaining max_memory_peek in
- D.memory_peek dom [D.Virtual]
- (!def_text_addr +^ Int64.of_int i) size str i;
- loop (i + size)
- )
- in
- loop 0;
+ let image =
+ try
+ load_static_memory ~dom ~domname ~arch
+ ~wordsize ~endian
+ ~kernel_min:!def_kernel_min ~kernel_max:!def_kernel_max
+ !def_text_addr kernel_size
+ with
+ | LoadMemoryError (AddressOutOfRange, _) ->
+ prerr_endline (s_"virt-mem: error loading kernel memory: address out of range
+Possibly the '-T' command line parameter was used inconsistently.");
+ exit 1
+ (* Allow any other exceptions to escape & kill the program. *) in
if debug then (
let end_t = gettimeofday () in
(end_t -. start_t)
);
- (* Map the virtual memory. *)
- let mem = MMap.of_string str !def_text_addr in
-
- (* Force the wordsize and endianness. *)
- let mem = MMap.set_wordsize mem wordsize in
- let mem = MMap.set_endian mem endian in
+ image
- (name, arch, mem)
) xmls
) else (
(* One or more -t options passed. *)
failwith (s_"virt-mem: if -t given on command line, then no domain arguments should be listed");
List.map (
- fun (wordsize, endian, arch, text_addr, filename) ->
+ fun (wordsize, endian, arch,
+ text_addr, kernel_min, kernel_max, filename) ->
(* Quite a lot of limitations on the kernel images we can
* handle at the moment ...
*)
(* Map the virtual memory. *)
let fd = openfile filename [O_RDONLY] 0 in
- let mem = MMap.of_file fd text_addr in
+ let mem = Virt_mem_mmap.of_file fd text_addr in
(* Force the wordsize and endianness. *)
- let mem = MMap.set_wordsize mem wordsize in
- let mem = MMap.set_endian mem endian in
+ let mem = Virt_mem_mmap.set_wordsize mem wordsize in
+ let mem = Virt_mem_mmap.set_endian mem endian in
- (filename, arch, mem)
- ) images
+ { dom = None; domname = filename; mem = mem; arch = arch;
+ kernel_min = kernel_min; kernel_max = kernel_max }
+ ) testimages
) in
+ (* Now build the kdata, depending on what the tool asked for. *)
let images =
List.map (
- fun (name, arch, mem) ->
- (* Look for some common entries in the exported symbol table and
- * from that find the symbol table itself. These are just
- * supposed to be symbols which are very likely to be present
- * in any Linux kernel, although we only need one of them to be
- * present to find the symbol table.
- *
- * NB. Must not be __initdata, must be in EXPORT_SYMBOL.
- *)
- let common_ksyms = [
- "init_task"; (* first task_struct *)
- "root_mountflags"; (* flags for mounting root fs *)
- "init_uts_ns"; (* uname strings *)
- "sys_open"; (* open(2) entry point *)
- "sys_chdir"; (* chdir(2) entry point *)
- "sys_chroot"; (* chroot(2) entry point *)
- "sys_umask"; (* umask(2) entry point *)
- "schedule"; (* scheduler entry point *)
- ] in
- (* Searching for <NUL>string<NUL> *)
- let common_ksyms_nul = List.map (sprintf "\000%s\000") common_ksyms in
-
- let start_t = gettimeofday () in
-
- (* Search for these strings in the memory image. *)
- let ksym_strings = List.map (MMap.find_all mem) common_ksyms_nul in
- let ksym_strings = List.concat ksym_strings in
- (* Adjust found addresses to start of the string (skip <NUL>). *)
- let ksym_strings = List.map Int64.succ ksym_strings in
-
- if debug then (
- let end_t = gettimeofday () in
- eprintf "timing: searching for common_ksyms took %f seconds\n%!"
- (end_t -. start_t)
- );
-
- let start_t = gettimeofday () in
-
- (* For any we found, try to look up the symbol table
- * base addr and size.
- *)
- let ksymtabs = List.map (
- fun addr ->
- (* Search for 'addr' appearing in the image. *)
- let addrs = MMap.find_pointer_all mem addr in
-
- (* Now consider each of these addresses and search back
- * until we reach the beginning of the (possible) symbol
- * table.
- *
- * Kernel symbol table struct is:
- * struct kernel_symbol {
- * unsigned long value;
- * const char *name; <-- initial pointer
- * } symbols[];
- *)
- let pred_long2 addr =
- MMap.pred_long mem (MMap.pred_long mem addr)
- in
- let base_addrs = List.map (
- fun addr ->
- let rec loop addr =
- (* '*addr' should point to a C identifier. If it does,
- * step backwards to the previous symbol table entry.
- *)
- let addrp = MMap.follow_pointer mem addr in
- if MMap.is_C_identifier mem addrp then
- loop (pred_long2 addr)
- else
- MMap.succ_long mem addr
- in
- loop addr
- ) addrs in
-
- (* Also look for the end of the symbol table and
- * calculate its size.
- *)
- let base_addrs_sizes = List.map (
- fun base_addr ->
- let rec loop addr =
- let addr2 = MMap.succ_long mem addr in
- let addr2p = MMap.follow_pointer mem addr2 in
- if MMap.is_C_identifier mem addr2p then
- loop (MMap.succ_long mem addr2)
- else
- addr
- in
- let end_addr = loop base_addr in
- base_addr, end_addr -^ base_addr
- ) base_addrs in
-
- base_addrs_sizes
- ) ksym_strings in
- let ksymtabs = List.concat ksymtabs in
-
- (* Simply ignore any symbol table candidates which are too small. *)
- let ksymtabs = List.filter (fun (_, size) -> size > 64L) ksymtabs in
-
- if debug then (
- eprintf "%s: candidate symbol tables at:\n" name;
- List.iter (
- fun (addr, size) ->
- eprintf "\t%Lx\t%Lx\t%!" addr size;
- eprintf "first symbol: %s\n%!"
- (MMap.get_string mem
- (MMap.follow_pointer mem
- (MMap.succ_long mem addr)))
- ) ksymtabs
- );
-
- (* Vote for the most popular symbol table candidate and from this
- * generate a function to look up ksyms.
- *)
- let lookup_ksym =
- let freqs = frequency ksymtabs in
- match freqs with
- | [] ->
- eprintf (f_"%s: cannot find start of kernel symbol table\n") name;
- (fun _ -> raise Not_found)
-
- | (_, (ksymtab_addr, ksymtab_size)) :: _ ->
- if debug then
- eprintf
- "%s: Kernel symbol table found at %Lx, size %Lx bytes\n%!"
- name ksymtab_addr ksymtab_size;
-
- (* Load the whole symbol table as a bitstring. *)
- let ksymtab =
- Bitmatch.bitstring_of_string
- (MMap.get_bytes mem ksymtab_addr
- (Int64.to_int ksymtab_size)) in
-
- (* Function to look up an address in the symbol table. *)
- let lookup_ksym sym =
- let bits = bits_of_wordsize (MMap.get_wordsize mem) in
- let e = MMap.get_endian mem in
- let rec loop bs =
- bitmatch bs with
- | { value : bits : endian(e);
- name_ptr : bits : endian(e) }
- when MMap.get_string mem name_ptr = sym ->
- value
- | { _ : bits : endian(e);
- _ : bits : endian(e);
- bs : -1 : bitstring } ->
- loop bs
- | { _ } -> raise Not_found
- in
- loop ksymtab
- in
-
- lookup_ksym
- in
-
- if debug then (
- let end_t = gettimeofday () in
- eprintf "timing: searching for ordinary ksyms took %f seconds\n%!"
- (end_t -. start_t)
- );
-
- let start_t = gettimeofday () in
-
- (* Now try to find the /proc/kallsyms table. This is in an odd
- * compressed format (but not a very successful compression
- * format). However if it exists we know that it will contain
- * addresses of the common ksyms above, and it has some
- * characteristics which make it easy to detect in the
- * memory.
- *
- * kallsyms contains a complete list of symbols so is much
- * more useful than the basic list of exports.
- *)
- let ksym_addrs = List.filter_map (
- fun ksym -> try Some (lookup_ksym ksym) with Not_found -> None
- ) common_ksyms in
-
- (* Search for those kernel addresses in the image. We're looking
- * for the table kallsyms_addresses followed by kallsyms_num_syms
- * (number of symbols in the table).
- *)
- let ksym_addrs = List.map (MMap.find_pointer_all mem) ksym_addrs in
- let ksym_addrs = List.concat ksym_addrs in
-
- (* Test each one to see if it's a candidate list of kernel
- * addresses followed by length of list.
- *)
- let kallsymtabs = List.filter_map (
- fun addr ->
- (* Search upwards from address until we find the length field.
- * If found, jump backwards by length and check all addresses.
- *)
- if debug then
- eprintf "%s: testing candidate kallsyms at %Lx\n" name addr;
- let rec loop addr =
- let addrp = MMap.follow_pointer mem addr in
- if MMap.is_mapped mem addrp then
- loop (MMap.succ_long mem addr) (* continue up the table *)
- else
- if addrp >= min_kallsyms_tabsize &&
- addrp <= max_kallsyms_tabsize then (
- (* addrp might be the symbol count. Count backwards and
- * check the full table.
- *)
- let num_entries = Int64.to_int addrp in
- let entry_size = bytes_of_wordsize (MMap.get_wordsize mem) in
- let start_addr =
- addr -^ Int64.of_int (entry_size * num_entries) in
- let end_addr = addr in
- let rec loop2 addr =
- if addr < end_addr then (
- let addrp = MMap.follow_pointer mem addr in
- if MMap.is_mapped mem addrp then
- loop2 (MMap.succ_long mem addr)
- else
- None (* can't verify the full address table *)
- ) else
- (* ok! *)
- let names_addr = MMap.succ_long mem end_addr in
- if debug then
- eprintf "%s: candidate kallsyms found at %Lx (names_addr at %Lx, num_entries %d)\n"
- name start_addr names_addr num_entries;
- Some (start_addr, num_entries, names_addr)
- in
- loop2 start_addr
- )
- else
- None (* forget it *)
- in
- match loop addr with
- | None -> None
- | Some (start_addr, num_entries, names_addr) ->
- (* As an additional verification, check the list of
- * kallsyms_names.
- *)
- try
- (* If the first byte is '\000' and is followed by a
- * C identifier, then this is old-school list of
- * symbols with prefix compression as in 2.6.9.
- * Otherwise Huffman-compressed kallsyms as in
- * 2.6.25.
- *)
- if MMap.get_byte mem names_addr = 0 &&
- MMap.is_C_identifier mem (names_addr+^1L) then (
- let names = ref [] in
- let prev = ref "" in
- let rec loop names_addr start_addr num =
- if num > 0 then (
- let prefix = MMap.get_byte mem names_addr in
- let prefix = String.sub !prev 0 prefix in
- let name = MMap.get_string mem (names_addr+^1L) in
- let len = String.length name in
- let name = prefix ^ name in
- prev := name;
- let names_addr = names_addr +^ Int64.of_int len +^ 2L in
- let sym_value = MMap.follow_pointer mem start_addr in
- let start_addr = MMap.succ_long mem start_addr in
- (*eprintf "%S -> %Lx\n" name sym_value;*)
- names := (name, sym_value) :: !names;
- loop names_addr start_addr (num-1)
- )
- in
- loop names_addr start_addr num_entries;
- let names = List.rev !names in
-
- Some (start_addr, num_entries, names_addr,
- Uncompressed names)
- )
- else ( (* new-style "compressed" names. *)
- let compressed_names = ref [] in
- let rec loop names_addr start_addr num =
- if num > 0 then (
- let len = MMap.get_byte mem names_addr in
- let name = MMap.get_bytes mem (names_addr+^1L) len in
- let names_addr = names_addr +^ Int64.of_int len +^ 1L in
- let sym_value = MMap.follow_pointer mem start_addr in
- let start_addr = MMap.succ_long mem start_addr in
- compressed_names :=
- (name, sym_value) :: !compressed_names;
- loop names_addr start_addr (num-1)
- ) else
- names_addr
- in
- let markers_addr = loop names_addr start_addr num_entries in
- let markers_addr = MMap.align mem markers_addr in
- let compressed_names = List.rev !compressed_names in
-
- Some (start_addr, num_entries, names_addr,
- Compressed (compressed_names, markers_addr))
- )
- with
- Invalid_argument _ -> None (* bad names list *)
- ) ksym_addrs in
-
- if debug then (
- eprintf "%s: candidate kallsyms at:\n" name;
- List.iter (
- function
- | (start_addr, num_entries, names_addr, Uncompressed _) ->
- eprintf "\t%Lx %d entries names_addr=%Lx old-style\n%!"
- start_addr num_entries names_addr
- | (start_addr, num_entries, names_addr,
- Compressed (_, markers_addr)) ->
- eprintf "\t%Lx %d entries names_addr=%Lx markers_addr=%Lx\n%!"
- start_addr num_entries names_addr markers_addr
- ) kallsymtabs
- );
-
- (* Vote for the most popular symbol table candidate and
- * enhance the function for looking up ksyms.
- *)
- let lookup_ksym =
- let freqs = frequency kallsymtabs in
- match freqs with
- | [] ->
- (* Can't find any kallsymtabs, just return the lookup_ksym
- * function generated previously from the exported symbols.
- *)
- lookup_ksym
-
- | (_, (_, _, _, Uncompressed names)) :: _ ->
- let lookup_ksym name =
- try (* first look it up in kallsyms table. *)
- List.assoc name names
- with Not_found -> (* try the old exports table instead *)
- lookup_ksym name
- in
- lookup_ksym
-
- | (_, (start_addr, num_entries, names_addr,
- Compressed (compressed_names, markers_addr))) :: _ ->
- (* Skip the markers and look for the token table. *)
- let num_markers = Int64.of_int ((num_entries + 255) / 256) in
- let marker_size =
- Int64.of_int (bytes_of_wordsize (MMap.get_wordsize mem)) in
- let tokens_addr = markers_addr +^ marker_size *^ num_markers in
-
- (* Now read out the compression tokens, which are just
- * 256 ASCIIZ strings that map bytes in the compression
- * names to substrings.
- *)
- let tokens = Array.make 256 "" in
- let rec loop i addr =
- if i < 256 then (
- let str = MMap.get_string mem addr in
- let len = String.length str in
- let addr = addr +^ Int64.of_int (len+1) in
- tokens.(i) <- str;
- loop (i+1) addr
- )
- in
- loop 0 tokens_addr;
-
- (* Expand the compressed names using the tokens. *)
- let names = List.filter_map (
- fun (name, sym_value) ->
- let f c = tokens.(Char.code c) in
- let name = String.replace_chars f name in
- (* First character in uncompressed output is the symbol
- * type, eg. 'T'/'t' for text etc.
- *)
- (* NOTE: Symbol names are NOT unique
- * (eg. 'con_start' is both a function and data in
- * some kernels). XXX We need to handle this situation
- * better.
- *)
- (*let typ = name.[0] in*)
- let name = String.sub name 1 (String.length name - 1) in
- (*eprintf "%S -> %Lx\n" name sym_value;*)
- Some (name, sym_value)
- ) compressed_names in
-
- let lookup_ksym name =
- try (* first look it up in kallsyms table. *)
- List.assoc name names
- with Not_found -> (* try the old exports table instead *)
- lookup_ksym name
- in
-
- lookup_ksym in
-
- if debug then (
- let end_t = gettimeofday () in
- eprintf "timing: searching for kallsyms took %f seconds\n%!"
- (end_t -. start_t)
- );
-
- (* Just wrap the lookup_ksym call in something which prints
- * the query when debug is set.
- *)
- let lookup_ksym =
- if debug then
- let lookup_ksym sym =
- try
- let value = lookup_ksym sym in
- eprintf "lookup_ksym %S = %Lx\n%!" sym value;
- value
- with Not_found ->
- eprintf "lookup_ksym %S failed\n%!" sym;
- raise Not_found
- in
- lookup_ksym
- else
- lookup_ksym
- in
-
- ((name, arch, mem, lookup_ksym) : image)
+ fun image ->
+ let kdata = { ksyms = None; utsname = None; tasks = None;
+ net_devices = None } in
+ image, kdata
) images in
-
- (* Run the actual tool. *)
- run_fn debug images
+ (* Certain needs are dependent on others ... *)
+ let needs_ksyms =
+ if needs_utsname then true
+ else needs_ksyms in
+ let needs_ksyms, needs_utsname =
+ if needs_tasks then true, true
+ else needs_ksyms, needs_utsname in
+ let needs_ksyms, needs_utsname =
+ if needs_net_devices then true, true
+ else needs_ksyms, needs_utsname in
+ let needs_ksyms, needs_utsname, needs_tasks, needs_net_devices =
+ if needs_everything then true, true, true, true
+ else needs_ksyms, needs_utsname, needs_tasks, needs_net_devices in
+
+ (* Do the kernel symbol analysis. *)
+ let images =
+ if not needs_ksyms then images
+ else
+ List.map (
+ fun (image, kdata) ->
+ (* Look for ordinary kernel symbols: *)
+ let image, ksyms =
+ Virt_mem_ksyms.find_kernel_symbols debug image in
+
+ match ksyms with
+ | None -> image, kdata
+ | Some ksyms ->
+ (* Look for kallsyms: *)
+ let image, kallsyms =
+ Virt_mem_kallsyms.find_kallsyms debug image ksyms in
+
+ let ksyms =
+ match kallsyms with
+ | None -> ksyms (* no kallsyms, just use module symbols *)
+ | Some kallsyms -> kallsyms (* ksyms + kallsyms *) in
+
+ image, { kdata with ksyms = Some ksyms }
+ ) images in
+
+ (* Get the kernel version (utsname analysis). *)
+ let images =
+ if not needs_utsname then images
+ else
+ List.map (
+ fun (image, ({ ksyms = ksyms } as kdata)) ->
+ match ksyms with
+ | None -> image, kdata
+ | Some ksyms ->
+ let image, utsname =
+ Virt_mem_utsname.find_utsname debug image ksyms in
+ let kdata = { kdata with utsname = utsname } in
+ image, kdata
+ ) images in
+
+ (* Get the tasks. *)
+ let images =
+ if not needs_tasks then images
+ else
+ List.map (
+ fun (image, ({ ksyms = ksyms; utsname = utsname } as kdata)) ->
+ match ksyms, utsname with
+ | Some ksyms, Some { uts_kernel_release = kversion } ->
+ let image, tasks =
+ Virt_mem_tasks.find_tasks debug image ksyms kversion in
+ let kdata = { kdata with tasks = tasks } in
+ image, kdata
+ | _, _ -> image, kdata
+ ) images in
+
+ (* Get the net devices. *)
+ let images =
+ if not needs_net_devices then images
+ else
+ List.map (
+ fun (image, ({ ksyms = ksyms; utsname = utsname } as kdata)) ->
+ match ksyms, utsname with
+ | Some ksyms, Some { uts_kernel_release = kversion } ->
+ let image, net_devices =
+ Virt_mem_net_devices.find_net_devices debug
+ image ksyms kversion in
+ let kdata = { kdata with net_devices = net_devices } in
+ image, kdata
+ | _, _ -> image, kdata
+ ) images in
+
+ (* Run the tool's main function. *)
+ let errors = ref 0 in
+ List.iter (
+ fun (image, kdata) ->
+ try
+ if not needs_everything then (
+ if needs_ksyms && kdata.ksyms = None then
+ failwith (s_"could not read kernel symbols")
+ else if needs_utsname && kdata.utsname = None then
+ failwith (s_"could not read kernel version")
+ else if needs_tasks && kdata.tasks = None then
+ failwith (s_"could not read process table")
+ else if needs_net_devices && kdata.net_devices = None then
+ failwith (s_"could not read net device table")
+ );
+ run debug image kdata
+ with exn ->
+ eprintf "%s: %s\n" image.domname (Printexc.to_string exn);
+ incr errors
+ ) images;
+ exit (if !errors > 0 then 1 else 0)
git.annexia.org / virt-mem.git / blobdiff