volatility icon indicating copy to clipboard operation
volatility copied to clipboard

Published 20 hours ago verified publisher icon volatilityfoundation

Plan to add NUMA support?

Open JohCn opened this issue 4 years ago • 3 comments

Hi,

I am trying to analyze a Linux 2.6.28 memory dump. The kernel is built with CONFIG_DISCONTIGMEM=y. I get this error while trying to use "linux_find_file" plugin - "phys_addr_of_page: Unable to determine physical address of page. NUMA is not supported at this time."

From the source code, currently only FLATMEM and SPARSEMEM memory models are supported. Is there any plan to support DISCONTIGMEM in near future? If not, any other options/tools to analyze this memory dump?

Thanks

JohCn avatar Jan 02 '21 20:01 JohCn

Hey @JohCn,

Is this a distro provided kernel? If so can you send the uname -a output and the profile you are using?

atcuno avatar Jan 03 '21 18:01 atcuno

Hi @atcuno,

This is a custom kernel. Basically, I am trying to analyze the memory dump from a gadget that runs a custom Linux 2.6.28 kernel on ARM. The device does not support 'uname' command. Here is the output from /proc/version -

Linux version 2.6.28 (gcc version 4.4.0 20100318 (Faraday C/C++ Compiler with Linux-3.3 Headers Release 20121022) ) #1 PREEMPT Tue Feb 21 20:04:05 CST 2017

Volatility profile attached. Linux-2-6-28.zip

Regards

JohCn avatar Jan 03 '21 22:01 JohCn

Hi @atcuno,

I would appreciate it if you could let me know if you are planning to add support for DISCONTIGMEM.

Regards, Nikshep

JohCn avatar Jan 09 '21 06:01 JohCn