KVM_OPEN(3) Library Functions Manual KVM_OPEN(3)

NAME

kvm_open, kvm_openfiles, kvm_closeinitialize kernel virtual memory access

LIBRARY

Kernel Data Access Library (libkvm, -lkvm)

SYNOPSIS

#include <fcntl.h>
#include <kvm.h>

kvm_t *
kvm_open(const char *execfile, const char *corefile, char *swapfile, int flags, const char *errstr);

kvm_t *
kvm_openfiles(const char *execfile, const char *corefile, char *swapfile, int flags, char *errbuf);

int
kvm_close(kvm_t *kd);

DESCRIPTION

The functions kvm_open() and kvm_openfiles() return a descriptor used to access kernel virtual memory via the kvm(3) library routines. Both active kernels and crash dumps are accessible through this interface.

execfile is the executable image of the kernel being examined. This file must contain a symbol table. If this argument is NULL, the currently running system is assumed; in this case, the functions will attempt to use the ksyms(4) device indicated by _PATH_KSYMS in <paths.h>; if that fails, then they will use the file indicated by the sysctl(3) variable machdep.booted_kernel, or (if the sysctl information is not available) the default kernel path indicated by _PATH_UNIX in <paths.h>.

corefile is the kernel memory device file. It can be either /dev/mem or a crash dump core generated by savecore(8). If corefile is NULL, the default indicated by _PATH_MEM from <paths.h> is used.

swapfile should indicate the swap device. If NULL, _PATH_DRUM from <paths.h> is used.

The flags argument indicates read/write access as in open(2) and applies only to the core file. The only permitted flags from open(2) are O_RDONLY, O_WRONLY, and O_RDWR.

As a special case, a flags argument of KVM_NO_FILES will initialize the kvm(3) library for use on active kernels only using sysctl(3) for retrieving kernel data and ignores the execfile, corefile and swapfile arguments. Only a small subset of the kvm(3) library functions are available using this method. These are currently kvm_getproc2(3), kvm_getargv2(3) and kvm_getenvv2(3).

There are two open routines which differ only with respect to the error mechanism. One provides backward compatibility with the SunOS kvm library, while the other provides an improved error reporting framework.

The kvm_open() function is the Sun kvm compatible open call. Here, the errstr argument indicates how errors should be handled. If it is NULL, no errors are reported and the application cannot know the specific nature of the failed kvm call. If it is not NULL, errors are printed to stderr with errstr prepended to the message, as in perror(3). Normally, the name of the program is used here. The string is assumed to persist at least until the corresponding kvm_close() call.

The kvm_openfiles() function provides BSD style error reporting. Here, error messages are not printed out by the library. Instead, the application obtains the error message corresponding to the most recent kvm library call using kvm_geterr() (see kvm_geterr(3)). The results are undefined if the most recent kvm call did not produce an error. Since kvm_geterr() requires a kvm descriptor, but the open routines return NULL on failure, kvm_geterr() cannot be used to get the error message if open fails. Thus, kvm_openfiles() will place any error message in the errbuf argument. This buffer should be _POSIX2_LINE_MAX characters large (from <limits.h>).

RETURN VALUES

The kvm_open() and kvm_openfiles() functions both return a descriptor to be used in all subsequent kvm library calls. The library is fully re-entrant. On failure, NULL is returned, in which case kvm_openfiles() writes the error message into errbuf.

The kvm_close() function returns 0 on success and -1 on failure.

SEE ALSO

open(2), kvm(3), kvm_getargv(3), kvm_getenvv(3), kvm_geterr(3), kvm_getkernelname(3), kvm_getprocs(3), kvm_nlist(3), kvm_read(3), kvm_write(3)

BUGS

There should not be two open calls. The ill-defined error semantics of the Sun library and the desire to have a backward-compatible library for BSD left little choice.
September 14, 2011 NetBSD 6.1