PMAP(1) | General Commands Manual | PMAP(1) |
pmap
—
pmap |
[-adlmPRsv ] [-A
address] [-D
number] [-E
address] [-M
core] [-N
system] [-p
pid] [-S
address] [-V
address] [pid ...] |
pmap
utility lists the virtual memory mappings
underlying the given process. The start address of each entry is always given,
and, depending on the options given, other information such as the end
address, the underlying file's device and inode numbers, and various
protection information will be displayed, along with the path to the file, if
such data is available.
By default, pmap
displays information for
its parent process, so that when run from a shell prompt, the shell's memory
information is displayed. If other PIDs are given as arguments on the
command line, information for those processes will be printed also. If the
special PID of 0 is given, then information for the kernel's memory map is
printed.
The options are as follows:
-A
address-a
-D
number0x01
0x02
0x04
0x08
0x10
0x20
0x40
0x1000
-d
-v
option, the device number, inode number, name,
vnode addresses, or other identifying information from the vm_map_entries
will be printed.-E
address-l
-v
option, identifiers for all entries are
printed.-M
core-m
-v
option is also given, device number, inode
number, and filename or other identifying information is printed.-N
system-P
pmap
to print information about
itself.-p
pidpmap
to print information about the given
process. If -p
pid occurs
last on the command line, the -p
is optional.-R
pmap
to
print the entries of the submap as well. The submap output is indented,
and does not affect any total printed at the bottom of the output.-S
address-s
-V
address-v
-d
,
-l
, or -m
, more
information is printed, possibly including device and inode numbers, file
path names, or other identifying information. If specified more than once,
a small note will be printed in between two entries that are not adjacent,
making the visual identification of spaces in the process's map easier to
see, that indicates the number of pages and the amount of memory space
that is skipped.The -P
and -p
options override each other, so the last one to appear on the command line
takes effect. If you do wish to see information about
pmap
and another process as the same time, simply
omit the -p
and place the extra PID at the end of
the command line.
pmap
utility exits 0 on success,
and >0 if an error occurs.
Here is a portion of the default output from
pmap
being run at an
sh(1) prompt showing the starting
address of the map entry, the size of the map entry, the current protection
level of the map entry, and either the name of the file backing the entry or
some other descriptive text.
$ pmap 08048000 420K read/exec /bin/sh 080B1000 8K read/write /bin/sh 080B3000 28K read/write [ anon ] 080BA000 16K read/write/exec [ heap ] ...
When the ddb(4) output style is selected, the first thing printed is the contents of the vm_map structure, followed by the individual map entries.
$ pmap -d MAP 0xcf7cac84: [0x0->0xbfbfe000] #ent=8, sz=34041856, ref=1, version=20, flags=0x41 pmap=0xcf44cee0(resident=<unknown>) - 0xcfa3a358: 0x8048000->0x80b1000: obj=0xcf45a8e8/0x0, amap=0x0/0 submap=F, cow=T, nc=T, prot(max)=5/7, inh=1, wc=0, adv=0 ...
The value of the flags field (in hexadecimal) is taken from the
include file
<uvm/uvm_map.h>
:
The “submap”, “cow”, and
“nc” fields are true or false, and indicate whether the map is
a submap, whether it is marked for copy on write, and whether it needs a
copy. The “prot” (or protection) field, along with
“max” (maximum protection allowed) are made up of the
following flags from
<uvm/uvm_extern.h>
:
UVM_PROT_READ |
0x01 read allowed |
UVM_PROT_WRITE |
0x02 write allowed |
UVM_PROT_EXEC |
0x04 execute allowed |
The “obj” and “amap” fields are pointers to, and offsets into, the underlying uvm_object or amap. The value for resident is always unknown because digging such information out of the kernel is beyond the scope of this application.
The two output styles that mirror the contents of the /proc file system appear as follows:
$ pmap -m 0x8048000 0x80b1000 r-x rwx COW NC 1 0 0 0x80b1000 0x80b3000 rw- rwx COW NC 1 0 0 0x80b3000 0x80ba000 rw- rwx COW NNC 1 0 0 0x80ba000 0x80be000 rwx rwx COW NNC 1 0 0 ... $ pmap -l 08048000-080b1000 r-xp 00000000 00:00 70173 /bin/sh 080b1000-080b3000 rw-p 00068000 00:00 70173 /bin/sh 080b3000-080ba000 rw-p 00000000 00:00 0 080ba000-080be000 rwxp 00000000 00:00 0 ...
Here the protection and maximum protection values are indicated with ‘r’, ‘w’, and ‘x’ characters, indicating read permission, write permission, and execute permission, respectively. The “COW”, “NC”, and “NNC” values that follow indicate, again, that the map is marked for copy on write and either needs or does not need a copy. It is also possible to see the value “NCOW” here, which indicates that an entry will not be copied. The three following numbers indicate the inheritance type of the map, the wired count of the map, and any advice value assigned via madvise(2).
In the second form, the permissions indicated are followed by a ‘p’ or ‘s’ character indicating whether the map entry is private or shared (copy on write or not), and the numbers are the offset into the underlying object, the device and numbers of the object if it is a file, and the path to the file (if available).
As noted above (see section DESCRIPTION), the “all” output format is an amalgam of the previous output formats.
$ pmap -a Start End Size Offset rwxpc RWX I/W/A ... 08048000-080b0fff 420k 00000000 r-xp+ (rwx) 1/0/0 ... ...
In this format, the column labeled “rwxpc” contains the permissions for the mapping along with the shared/private flag, and a character indicating whether the mapping needs to be copied on write (‘+’) or has already been copied (‘-’) and is followed by a column that indicates the maximum permissions for the map entry. The column labeled “I/W/A” indicates the inheritance, wired, and advice values for the map entry, as previously described. The pointer value at the end of the output line for entries backed by vnodes is the address of the vnode in question.
pmap
utility appeared in NetBSD
2.0.
pmap
utility and documentation was written by
Andrew Brown ⟨atatat@NetBSD.org⟩.
pmap
is reading from the
correct kernel in order to retrieve the proper symbol information.
Since processes can change state while
pmap
is running, some of the information printed may
be inaccurate. This is especially important to consider when examining the
kernel's map, since merely executing pmap
will cause
some of the information to change.
The pathnames to files backing certain vnodes (such as the text and data sections of programs and shared libraries) are extracted from the kernel's namei cache which is considerably volatile. If a path is not found there in its entirety, as much information as was available will be printed. In most cases, simply running ls(1) or stat(1) with the expected path to the file will cause the information to be reentered into the cache.
The Solaris command by the same name has some interesting command
line flags that would be nice to emulate here. In particular, the
-r
option that lists a process's reserved addresses,
and the -x
option that prints
resident/shared/private mapping details for each entry.
Some of the output modes can be or are wider than the standard 80 columns of a terminal. Some sort of formatting might be nice.
pmap
uses
kvm(3) to read the requested data
directly from kernel memory, no such limitation exists.
If any of the -A
,
-E
, -M
,
-N
, -S
, or
-V
options are used, any extra privileges that
pmap
has will be dropped.
February 6, 2009 | NetBSD 9.4 |