NAME
kvm_open,
kvm_openfiles,
kvm_close —
initialize kernel virtual
memory access
LIBRARY
Kernel Data Access Library (libkvm, -lkvm)
SYNOPSIS
#include <fcntl.h>
#include <kvm.h>
kvm_t *
kvm_open(
const
char *execfile,
const char
*corefile,
char
*swapfile,
int flags,
const char *errstr);
kvm_t *
kvm_openfiles(
const
char *execfile,
const char
*corefile,
char
*swapfile,
int flags,
char *errbuf);
int
kvm_close(
kvm_t
*kd);
DESCRIPTION
The functions
kvm_open() and
kvm_openfiles()
return a descriptor used to access kernel virtual memory via the
kvm(3) library routines. Both
active kernels and crash dumps are accessible through this interface.
execfile is the executable image of the kernel being
examined. This file must contain a symbol table. If this argument is
NULL
, the currently running system is assumed; in this
case, the functions will attempt to use the
ksyms(4) device indicated by
_PATH_KSYMS
in
<paths.h>; if that fails, then they
will use the file indicated by the
sysctl(3) variable
machdep.booted_kernel, or (if the sysctl information is
not available) the default kernel path indicated by
_PATH_UNIX
in
<paths.h>.
corefile is the kernel memory device file. It can be
either
/dev/mem or a crash dump core generated by
savecore(8). If
corefile is
NULL
, the default
indicated by
_PATH_MEM
from
<paths.h> is used.
swapfile should indicate the swap device. If
NULL
,
_PATH_DRUM
from
<paths.h> is used.
The
flags argument indicates read/write access as in
open(2) and applies only to the
core file. The only permitted flags from
open(2) are
O_RDONLY
,
O_WRONLY
, and
O_RDWR
.
As a special case, a
flags argument of
KVM_NO_FILES
will initialize the
kvm(3) library for use on active
kernels only using
sysctl(3) for
retrieving kernel data and ignores the
execfile,
corefile and
swapfile arguments.
Only a small subset of the
kvm(3)
library functions are available using this method. These are currently
kvm_getproc2(3),
kvm_getargv2(3) and
kvm_getenvv2(3).
There are two open routines which differ only with respect to the error
mechanism. One provides backward compatibility with the SunOS kvm library,
while the other provides an improved error reporting framework.
The
kvm_open() function is the Sun kvm compatible open call.
Here, the
errstr argument indicates how errors should be
handled. If it is
NULL
, no errors are reported and the
application cannot know the specific nature of the failed kvm call. If it is
not
NULL
, errors are printed to stderr with
errstr prepended to the message, as in
perror(3). Normally, the name of
the program is used here. The string is assumed to persist at least until the
corresponding
kvm_close() call.
The
kvm_openfiles() function provides
BSD style error reporting. Here, error messages are
not printed out by the library. Instead, the application obtains the error
message corresponding to the most recent kvm library call using
kvm_geterr() (see
kvm_geterr(3)). The results
are undefined if the most recent kvm call did not produce an error. Since
kvm_geterr() requires a kvm descriptor, but the open
routines return
NULL
on failure,
kvm_geterr() cannot be used to get the error message if open
fails. Thus,
kvm_openfiles() will place any error message in
the
errbuf argument. This buffer should be
_POSIX2_LINE_MAX characters large (from
<limits.h>).
RETURN VALUES
The
kvm_open() and
kvm_openfiles() functions
both return a descriptor to be used in all subsequent kvm library calls. The
library is fully re-entrant. On failure,
NULL
is
returned, in which case
kvm_openfiles() writes the error
message into
errbuf.
The
kvm_close() function returns 0 on success and -1 on
failure.
SEE ALSO
open(2),
kvm(3),
kvm_getargv(3),
kvm_getenvv(3),
kvm_geterr(3),
kvm_getkernelname(3),
kvm_getprocs(3),
kvm_nlist(3),
kvm_read(3),
kvm_write(3)
BUGS
There should not be two open calls. The ill-defined error semantics of the Sun
library and the desire to have a backward-compatible library for
BSD left little choice.