minix3/commands/swifi/db_sym.c

599 lines
14 KiB
C
Raw Permalink Normal View History

2020-02-21 00:59:27 +05:30
/*
* Mach Operating System
* Copyright (c) 1991,1990 Carnegie Mellon University
* All Rights Reserved.
*
* Permission to use, copy, modify and distribute this software and its
* documentation is hereby granted, provided that both the copyright
* notice and this permission notice appear in all copies of the
* software, derivative works or modified versions, and any portions
* thereof, and that both notices appear in supporting documentation.
*
* CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS
* CONDITION. CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR
* ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE.
*
* Carnegie Mellon requests users of this software to return to
*
* Software Distribution Coordinator or Software.Distribution@CS.CMU.EDU
* School of Computer Science
* Carnegie Mellon University
* Pittsburgh PA 15213-3890
*
* any improvements or extensions that they make and grant Carnegie the
* rights to redistribute these changes.
*/
/*
* Author: David B. Golub, Carnegie Mellon University
* Date: 7/90
*/
#if 0
//#include <sys/param.h>
//#include <sys/systm.h>
#endif
#if 0
#include <linux/kernel.h>
#include <linux/string.h>
#include <linux/kallsyms.h>
#endif
#include "ddb.h"
#include "db_sym.h"
#include "swifi.h"
#include "extra.h"
/*
* Multiple symbol tables
*/
#ifndef MAXNOSYMTABS
#define MAXNOSYMTABS 3 /* mach, ux, emulator */
#endif
#if 0
static db_symtab_t db_symtabs[MAXNOSYMTABS] = {{0,},};
static int db_nsymtab = 0;
static db_symtab_t *db_last_symtab;
static db_sym_t db_lookup __P(( char *symstr));
static char *db_qualify __P((db_sym_t sym, char *symtabname));
static boolean_t db_symbol_is_ambiguous __P((db_sym_t sym));
static boolean_t db_line_at_pc __P((db_sym_t, char **, int *,
db_expr_t));
/*
* Add symbol table, with given name, to list of symbol tables.
*/
void
db_add_symbol_table(start, end, name, ref)
char *start;
char *end;
char *name;
char *ref;
{
if (db_nsymtab >= MAXNOSYMTABS) {
printk ("No slots left for %s symbol table", name);
panic ("db_sym.c: db_add_symbol_table");
}
db_symtabs[db_nsymtab].start = start;
db_symtabs[db_nsymtab].end = end;
db_symtabs[db_nsymtab].name = name;
db_symtabs[db_nsymtab].private = ref;
db_nsymtab++;
}
/*
* db_qualify("vm_map", "ux") returns "unix:vm_map".
*
* Note: return value points to static data whose content is
* overwritten by each call... but in practice this seems okay.
*/
static char *
db_qualify(sym, symtabname)
db_sym_t sym;
register char *symtabname;
{
char *symname;
static char tmp[256];
db_symbol_values(sym, &symname, 0);
strcpy(tmp,symtabname);
strcat(tmp,":");
strcat(tmp,symname);
return tmp;
}
boolean_t
db_eqname(src, dst, c)
char *src;
char *dst;
char c;
{
if (!strcmp(src, dst))
return (TRUE);
if (src[0] == c)
return (!strcmp(src+1,dst));
return (FALSE);
}
boolean_t
db_value_of_name(name, valuep)
char *name;
db_expr_t *valuep;
{
db_sym_t sym;
sym = db_lookup(name);
if (sym == DB_SYM_NULL)
return (FALSE);
db_symbol_values(sym, &name, valuep);
return (TRUE);
}
/*
* Lookup a symbol.
* If the symbol has a qualifier (e.g., ux:vm_map),
* then only the specified symbol table will be searched;
* otherwise, all symbol tables will be searched.
*/
static db_sym_t
db_lookup(symstr)
char *symstr;
{
db_sym_t sp;
register int i;
int symtab_start = 0;
int symtab_end = db_nsymtab;
register char *cp;
/*
* Look for, remove, and remember any symbol table specifier.
*/
for (cp = symstr; *cp; cp++) {
if (*cp == ':') {
*cp = '\0';
for (i = 0; i < db_nsymtab; i++) {
if (! strcmp(symstr, db_symtabs[i].name)) {
symtab_start = i;
symtab_end = i + 1;
break;
}
}
*cp = ':';
if (i == db_nsymtab) {
db_error("invalid symbol table name");
}
symstr = cp+1;
}
}
/*
* Look in the specified set of symbol tables.
* Return on first match.
*/
for (i = symtab_start; i < symtab_end; i++) {
sp = X_db_lookup(&db_symtabs[i], symstr);
if (sp) {
db_last_symtab = &db_symtabs[i];
return sp;
}
}
return 0;
}
/*
* Does this symbol name appear in more than one symbol table?
* Used by db_symbol_values to decide whether to qualify a symbol.
*/
static boolean_t db_qualify_ambiguous_names = FALSE;
static boolean_t
db_symbol_is_ambiguous(sym)
db_sym_t sym;
{
char *sym_name;
register int i;
register
boolean_t found_once = FALSE;
if (!db_qualify_ambiguous_names)
return FALSE;
db_symbol_values(sym, &sym_name, 0);
for (i = 0; i < db_nsymtab; i++) {
if (X_db_lookup(&db_symtabs[i], sym_name)) {
if (found_once)
return TRUE;
found_once = TRUE;
}
}
return FALSE;
}
/*
* Find the closest symbol to val, and return its name
* and the difference between val and the symbol found.
*/
db_sym_t
db_search_symbol( val, strategy, offp)
register db_addr_t val;
db_strategy_t strategy;
db_expr_t *offp;
{
register
unsigned int diff;
unsigned int newdiff;
register int i;
db_sym_t ret = DB_SYM_NULL, sym;
newdiff = diff = ~0;
db_last_symtab = 0;
for (i = 0; i < db_nsymtab; i++) {
sym = X_db_search_symbol(&db_symtabs[i], val, strategy, &newdiff);
if (newdiff < diff) {
db_last_symtab = &db_symtabs[i];
diff = newdiff;
ret = sym;
}
}
*offp = diff;
return ret;
}
/*
* Return name and value of a symbol
*/
void
db_symbol_values(sym, namep, valuep)
db_sym_t sym;
char **namep;
db_expr_t *valuep;
{
db_expr_t value;
if (sym == DB_SYM_NULL) {
*namep = 0;
return;
}
X_db_symbol_values(sym, namep, &value);
if (db_symbol_is_ambiguous(sym))
*namep = db_qualify(sym, db_last_symtab->name);
if (valuep)
*valuep = value;
}
/*
* Print a the closest symbol to value
*
* After matching the symbol according to the given strategy
* we print it in the name+offset format, provided the symbol's
* value is close enough (eg smaller than db_maxoff).
* We also attempt to print [filename:linenum] when applicable
* (eg for procedure names).
*
* If we could not find a reasonable name+offset representation,
* then we just print the value in hex. Small values might get
* bogus symbol associations, e.g. 3 might get some absolute
* value like _INCLUDE_VERSION or something, therefore we do
* not accept symbols whose value is "small" (and use plain hex).
*/
void
db_printsym(off, strategy)
db_expr_t off;
db_strategy_t strategy;
{
db_expr_t d;
char *filename;
char *name;
db_expr_t value;
int linenum;
db_sym_t cursym;
cursym = db_search_symbol(off, strategy, &d);
db_symbol_values(cursym, &name, &value);
if (name == 0)
value = off;
if (value >= DB_SMALL_VALUE_MIN && value <= DB_SMALL_VALUE_MAX) {
printk("0x%x", off);
return;
}
if (name == 0 || d >= db_maxoff) {
printk("0x%x", off);
return;
}
printk("%s", name);
if (d)
printk("+0x%x", d);
if (strategy == DB_STGY_PROC) {
// if (db_line_at_pc(cursym, &filename, &linenum, off))
// printk(" [%s:%d]", filename, linenum);
}
}
#endif
unsigned int db_maxoff = 0x10000;
unsigned long modAddr = 0;
/* NWT: fault injection routine only.
* figure out start of function address given an address (off) in kernel text.
* name = function name
* value = function address
* d = difference between off and function address
* input is the desired address off and fault type
* returns closest instruction address (if found), NULL otherwise
*/
unsigned long
find_faulty_instr(db_expr_t off, int type, int *instr_len)
{
db_expr_t d;
char *name;
db_expr_t value, cur_value, prev_value = 0;
int verbose=0, found=0;
const char * mod_name = NULL;
unsigned long mod_start;
unsigned long mod_end;
const char * sec_name = NULL;
unsigned long sec_start;
unsigned long sec_end;
const char * sym_name = NULL;
unsigned long sym_start;
unsigned long sym_end;
*instr_len = 0;
if (kallsyms_address_to_symbol(off,
&mod_name, &mod_start, &mod_end,
&sec_name, &sec_start, &sec_end,
&sym_name, &sym_start, &sym_end) == 0) {
return(0);
}
value = (db_expr_t) sym_start;
d = off - sym_start;
name = (char *) sym_name;
if (name == 0) {
value = off;
}
if (value >= DB_SMALL_VALUE_MIN && value <= DB_SMALL_VALUE_MAX) {
printk("0x%x", off);
return 0;
}
if (name == 0 || d >= db_maxoff) {
printk("0x%x", off);
return 0 ;
}
/* 2) backup to start of function (SOF)
* 3) delineate instruction boundaries, find instruction length too.
*/
if(verbose) {
printk("function %s", sym_name);
}
/* 4) skip instructions until we get to our faulty address */
cur_value = value;
while(cur_value < sec_end) {
if(verbose) {
#if 0
// db_printsym(cur_value, DB_STGY_PROC);
// printk(":\t");
#endif
}
prev_value=cur_value;
modAddr=0;
if(verbose) {
#if 0
//cur_value=db_disasm(prev_value, FALSE);
#endif
} else {
cur_value=my_disasm(prev_value, FALSE);
}
/* 4a) bail out if instruction is leave (0xc9) */
if(cur_value-prev_value == 1) {
unsigned char *c;
c=(unsigned char *) prev_value;
if(text_read_ub(c)==0xc9) {
if(verbose) printk("bailing out as we hit a leave\n");
found=0;
break;
}
}
/* 5a) init fault: from SOF, look for movl $X, -Y(%ebp),
* (C645Fxxx or C745Fxxx) and replace with nop.
*/
if(type==INIT_FAULT) {
unsigned char *c;
c=(unsigned char *) prev_value;
if(*c==0x66 || *c==0x67)
c++; /* override prefix */
if(*c==0xC6 || *c==0xC7)
c++; /* movb or movl imm */
else
continue;
if(*c==0x45)
c++; /* [ebp] */
else
continue;
if(*c & 0x80)
found=1; /* negative displacement */
else
continue;
found=1;
break;
} else if(type==NOP_FAULT) {
/* 5b) nop*: replace instruction with nop */
if(cur_value> off) {
found=1;
break;
}
} else if(type==DST_FAULT || type==SRC_FAULT) {
/* 5c) dst/src: flip bits in mod/rm, sib, disp or imm fields */
if(cur_value>off && (cur_value-prev_value) > 1) {
found=1;
break;
}
} else if(type==BRANCH_FAULT || type==LOOP_FAULT) {
/* 5e) brc*: search forward utnil we hit a Jxx or rep (F3 or F2).
* replace instr with nop.
*/
unsigned char *c;
c=(unsigned char *) prev_value;
/* look for repX prefix */
if(text_read_ub(c)==0xf3 || text_read_ub(c)==0xf2) {
if(verbose)
printk("found repX prefix\n");
/* take out repX prefix only */
found=1;
cur_value=prev_value+1;
break;
} else if( (text_read_ub(c)&0xf0)==0x70 ||
(text_read_ub(c)>=0xe0 && text_read_ub(c)<=0xe2) ) {
/* look for jXX 8 (7X), loop,jcx (e0-3), jXX 16/32 (0f 8X) */
found=1;
if(verbose)
printk("found jXX rel8, loop or jcx\n");
break;
} else if(text_read_ub(c)==0x66 ||
text_read_ub(c)==0x67) { /* override prefix */
c++;
} else if(text_read_ub(c++)==0xf && (text_read_ub(c)&0xf0)==0x80 ) {
found=1; /* 0x0f 0x8X */
if(verbose) printk("found branch!\n");
break;
}
} else if(type==PTR_FAULT) {
/* 5f) ptr: if instruction has regmodrm byte (i_has_modrm),
* and mod field has address ([eyy]dispxx), eyy!=ebp
* flip 1 bit in lower byte (0x0f) or any bit in following
* bytes (sib, imm or disp).
*/
if(cur_value>off && modAddr) {
unsigned char *c;
c=(unsigned char *) modAddr;
if( text_read_ub(c)>0x3f && text_read_ub(c)<0xc0 &&
(text_read_ub(c)&7)!=5 ) {
found=1;
break;
}
}
} else if(type==INTERFACE_FAULT) {
/* 5f) i/f: look for movl XX(ebp), reg or movb XX(ebp), reg,
* where XX is positive. replace instr with nop.
* movl=0x8a, movb=0x8b, mod=01XXX101 (disp8[ebp]), disp>0
*/
unsigned char *c;
c=(unsigned char *) prev_value;
if( text_read_ub(c)==0x8a || text_read_ub(c)==0x8b) {
c++;
if( ((text_read_ub(c++))&0xc7)==0x45 && (text_read_ub(c)&0x80)==0 ) {
/* 75% chance that we'll choose the next arg */
if(random()&0x3) {
found=1;
break;
} else {
if(verbose) printk("skipped...\n");
}
}
}
}else if(type==IRQ_FAULT) {
/* 5g) i/f: look for push reg or offset(reg) / popf,
* where XX is positive. replace instr with nop.
* movl=0x8a, movb=0x8b, mod=01XXX101 (disp8[ebp]), disp>0
*/
unsigned char *c;
c=(unsigned char *) prev_value;
if (((text_read_ub(c) & 0xf8) == 0x50) ||
(text_read_ub(c) == 0xff)) {
if (text_read_ub(c) == 0xff) {
c++;
#if 0
//
// Look for push x(ebp)
#endif
if ((text_read_ub(c) & 0x78) != 0x70) {
continue;
}
/*
// Skip the offset
*/
c++;
}
c++;
if (text_read_ub(c) == 0x9d) {
/*
// Increment cur_value to include the
// popf instruction
*/
cur_value++;
found = 1;
break;
}
}
}
}
/* if we're doing nop fault, then we're done.
*/
if(found) {
*instr_len=cur_value-prev_value;
off=prev_value;
if(verbose) {
printk("%s", name);
if (d) printk("+0x%x", d);
printk(" @ %x, ", value);
printk("instr @ %x, len=%d, ", off, *instr_len);
#if 0
// db_disasm(prev_value, FALSE);
#endif
}
return off;
} else {
if(verbose) printk("cannot locate instruction in function\n");
*instr_len=0;
return 0;
}
}
#if 0
static boolean_t
db_line_at_pc( sym, filename, linenum, pc)
db_sym_t sym;
char **filename;
int *linenum;
db_expr_t pc;
{
return X_db_line_at_pc( db_last_symtab, sym, filename, linenum, pc);
}
int
db_sym_numargs(sym, nargp, argnames)
db_sym_t sym;
int *nargp;
char **argnames;
{
return X_db_sym_numargs(db_last_symtab, sym, nargp, argnames);
}
#endif