关于BTF特性,对修复结构体方便,解决kp痛点 #221
Description
CONFIG_DEBUG_INFO_BTF=y 应该是内核android13之上才有
可以直接在kernel中获取结构体等信息,有大佬有兴趣开个新分支维护更新吗
PS C:\Users\Administrator\Desktop\MEMTOOL\kerneltool\build> .\ktool.exe
[+] not a standard ELF file, searching for BTF magic in kernel image...
[+] found BTF data at offset 0x1645d98 (little-endian), size 0x560366
[+] BTF header: magic=0xeb9f, version=1, type_len=3331060, str_len=2305882, endian=little
[+] parsing BTF types: hdr_len=24, type_off=0, type_len=3331060
[+] type[0]: kind=4, vlen=8, name_off=1, offset=0
[+] type[1]: kind=2, vlen=0, name_off=0, offset=108
[+] type[2]: kind=10, vlen=0, name_off=0, offset=120
[+] type[3]: kind=1, vlen=0, name_off=88, offset=132
[+] type[4]: kind=5, vlen=3, name_off=0, offset=148
[+] parsed 130615 BTF types (validated 130615 types in second pass)
[+] parsed BTF successfully
[DEBUG] BTF parsed successfully, calling btf_find_by_name...
[DEBUG] btf_find_by_name called with name='mm_struct'
[DEBUG] btf->types=000001906F394070, btf->nr_types=130615
[DEBUG] btf->strings=000001906EB35214
[DEBUG] str_len=2305882, is_be=0
[+] searching for type 'mm_struct' in 130615 types...
[+] string table at 000001906EB35214, str_len=2305882, is_be=0
[DEBUG] Testing first type access...
[DEBUG] First type name_off=1
[+] test: first type name_off=1, name=tracepoint
[+] found type 'mm_struct' at ID 642
[DEBUG] btf_find_by_name returned: 642
mm_struct members (including nested structs):
[DEBUG] btf_get_struct_members: struct_type_id=642
[DEBUG] btf_get_struct_members: type_id=642, kind=4 (STRUCT=4, UNION=5)
[DEBUG] btf_get_struct_members: type_id=642, name='mm_struct', kind=4
[DEBUG] size=960, info_raw=0x04000002, info_direct=0x04000002
[DEBUG] vlen (with endian)=2, vlen_from_info_raw=2
[DEBUG] kind_from_info_raw=4, info bytes: 02 00 00 04
[DEBUG] Analyzing info field: info_raw=0x04000002, info_direct=0x04000002
[DEBUG] According to new BTF format: vlen should be in low 16 bits (bits 0-15)
[DEBUG] btf_get_struct_members: member array at 000001906E80F7E4
[DEBUG] member[0]: name_off=0, name=(null), type_id=641, offset=0
[DEBUG] member[1]: name_off=19048, name=cpu_bitmap, type_id=427, offset=960
[DEBUG] btf_get_struct_members: returning 2 members
<anon>: offset=0x0000, type_id=641
[DEBUG] btf_get_struct_members: struct_type_id=641
[DEBUG] btf_get_struct_members: type_id=641, kind=4 (STRUCT=4, UNION=5)
[DEBUG] btf_get_struct_members: type_id=641, name='(null)', kind=4
[DEBUG] size=960, info_raw=0x04000035, info_direct=0x04000035
[DEBUG] vlen (with endian)=53, vlen_from_info_raw=53
[DEBUG] kind_from_info_raw=4, info bytes: 35 00 00 04
[DEBUG] Analyzing info field: info_raw=0x04000035, info_direct=0x04000035
[DEBUG] According to new BTF format: vlen should be in low 16 bits (bits 0-15)
[DEBUG] btf_get_struct_members: member array at 000001906E80F55C
[DEBUG] member[0]: name_off=18534, name=mm_mt, type_id=644, offset=0
[DEBUG] member[1]: name_off=7477, name=get_unmapped_area, type_id=647, offset=24
[DEBUG] member[2]: name_off=18540, name=mmap_base, type_id=10, offset=32
[DEBUG] member[3]: name_off=18550, name=mmap_legacy_base, type_id=10, offset=40
[DEBUG] member[4]: name_off=18567, name=task_size, type_id=10, offset=48
[DEBUG] btf_get_struct_members: returning 53 members
mm_mt: offset=0x0000, type_id=644
[DEBUG] btf_get_struct_members: struct_type_id=644
[DEBUG] btf_get_struct_members: type_id=644, kind=4 (STRUCT=4, UNION=5)
[DEBUG] btf_get_struct_members: type_id=644, name='maple_tree', kind=4
[DEBUG] size=24, info_raw=0x04000003, info_direct=0x04000003
[DEBUG] vlen (with endian)=3, vlen_from_info_raw=3
[DEBUG] kind_from_info_raw=4, info bytes: 03 00 00 04
[DEBUG] Analyzing info field: info_raw=0x04000003, info_direct=0x04000003
[DEBUG] According to new BTF format: vlen should be in low 16 bits (bits 0-15)
[DEBUG] btf_get_struct_members: member array at 000001906E80F82C
[DEBUG] member[0]: name_off=0, name=(null), type_id=643, offset=0
[DEBUG] member[1]: name_off=19095, name=ma_root, type_id=19, offset=8
[DEBUG] member[2]: name_off=19103, name=ma_flags, type_id=48, offset=16
[DEBUG] btf_get_struct_members: returning 3 members
<anon>: offset=0x0000, type_id=643
[DEBUG] btf_get_struct_members: struct_type_id=643
[DEBUG] btf_get_struct_members: type_id=643, kind=5 (STRUCT=4, UNION=5)
[DEBUG] btf_get_struct_members: type_id=643, name='(null)', kind=5
[DEBUG] size=4, info_raw=0x05000002, info_direct=0x05000002
[DEBUG] vlen (with endian)=2, vlen_from_info_raw=2
[DEBUG] kind_from_info_raw=5, info bytes: 02 00 00 05
[DEBUG] Analyzing info field: info_raw=0x05000002, info_direct=0x05000002
[DEBUG] According to new BTF format: vlen should be in low 16 bits (bits 0-15)
[DEBUG] btf_get_struct_members: member array at 000001906E80F808
[DEBUG] member[0]: name_off=19059, name=ma_lock, type_id=121, offset=0
[DEBUG] member[1]: name_off=19067, name=ma_external_lock, type_id=645, offset=0
[DEBUG] btf_get_struct_members: returning 2 members
ma_lock: offset=0x0000, type_id=121
ma_external_lock: offset=0x0000, type_id=645
ma_root: offset=0x0008, type_id=19
ma_flags: offset=0x0010, type_id=48
get_unmapped_area: offset=0x0018, type_id=647
mmap_base: offset=0x0020, type_id=10
mmap_legacy_base: offset=0x0028, type_id=10
task_size: offset=0x0030, type_id=10
pgd: offset=0x0038, type_id=649
membarrier_state: offset=0x0040, type_id=7
mm_users: offset=0x0044, type_id=7
mm_count: offset=0x0048, type_id=7
pgtables_bytes: offset=0x0050, type_id=55
map_count: offset=0x0058, type_id=9
page_table_lock: offset=0x005c, type_id=121
mmap_lock: offset=0x0060, type_id=653