Fix #25707 - slow iOS kernelcache loading by bulk-reading into memory ##bin

r_cf_value_dict_parse was reading the XML prelink info one byte at a
time through the full I/O stack (seek+read syscalls per byte for a 3MB
buffer). Bulk-read the entire region into memory first.

find_class_registrations was reading 8 bytes per instruction through
the I/O stack while decoding .init. functions. Use load_kext_text_blob
to read the entire kext text section once, matching the pattern already
used by find_class_vtables.

Reduces load time for non-MH_FILESET kernelcaches from ~3min to ~6sec.

Author: trufae

libr/bin/format/xnu/r_cf_dict.c

@@ -76,6 +76,16 @@ RCFValueDict *r_cf_value_dict_parse (RBuffer *file_buf, ut64 offset, ut64 size,
 	int i;
 	char *content = NULL;
 
+	ut8 *buf = malloc (size);
+	if (!buf) {
+		return NULL;
+	}
+	int buf_len = r_buf_read_at (file_buf, offset, buf, size);
+	if (buf_len < 1) {
+		free (buf);
+		return NULL;
+	}
+
 	RXml *x = r_xml_new (4096);
 
 	RList *stack = r_list_newf ((RListFree)&r_cf_parse_state_free);
@@ -92,9 +102,8 @@ RCFValueDict *r_cf_value_dict_parse (RBuffer *file_buf, ut64 offset, ut64 size,
 
 	r_list_push (stack, r_cf_parse_state_new (R_CF_STATE_ROOT));
 
-	for (i = 0; i < size; i++) {
-		ut8 doc = 0;
-		r_buf_read_at (file_buf, offset + i, &doc, 1);
+	for (i = 0; i < buf_len; i++) {
+		ut8 doc = buf[i];
 		if (!doc) {
 			break;
 		}
@@ -379,6 +388,7 @@ RCFValueDict *r_cf_value_dict_parse (RBuffer *file_buf, ut64 offset, ut64 size,
 	r_list_free (stack);
 	r_list_free (idlist);
 	free (content);
+	free (buf);
 
 	return result;
 }

libr/bin/p/bin_xnu_kernelcache.c

@@ -207,6 +207,7 @@ static int ut64_compare(const void *pa, const void *pb);
 static ut64 next_vtable_after(const ut64 *arr, size_t n, ut64 self_start);
 static bool load_kext_text_blob(RBinFile *bf, RKext *kext, RKextTextBlob *blob);
 static const ut8 *text_ptr(const RKextTextBlob *tb, ut64 va);
+static const ut8 *text_ptr_n(const RKextTextBlob *tb, ut64 va, size_t n);
 static bool try_read_exec_va(RBinFile *bf, RKext *kext, ut64 va, void *dst, size_t len);
 static bool try_read_data_va(RBinFile *bf, RKext *kext, ut64 va, void *dst, size_t len);
 static bool try_read_printable_cstr(RBinFile *bf, RKext *kext, ut64 va, char **cstr);
@@ -2003,6 +2004,11 @@ static RList *resolve_iokit_classes(RVecRBinSymbol *symbols, ut64 start_offset,
 static RList *find_class_registrations(RVecRBinSymbol *symbols, ut64 start_offset, RBinFile *bf, RKext *kext) {
 	RList *classes = r_list_newf (r_iokit_class_free);
 
+	RKextTextBlob tb;
+	if (!load_kext_text_blob (bf, kext, &tb)) {
+		return classes;
+	}
+
 	ut64 i;
 	ut64 end_offset = RVecRBinSymbol_length (symbols);
 	for (i = start_offset; i != end_offset; i++) {
@@ -2019,8 +2025,8 @@ static RList *find_class_registrations(RVecRBinSymbol *symbols, ut64 start_offse
 
 		ut64 pc;
 		for (pc = func_vaddr; true; pc += 4) {
-			ut8 bytes[8];
-			if (!try_read_exec_va (bf, kext, pc, bytes, sizeof (bytes))) {
+			const ut8 *bytes = text_ptr_n (&tb, pc, 8);
+			if (!bytes) {
 				break;
 			}
 
@@ -2081,12 +2087,6 @@ static RList *find_class_registrations(RVecRBinSymbol *symbols, ut64 start_offse
 			}
 			w3_site = 0;
 
-			/*
-			 * const int off26 = (int) ((insn & 0x03FFFFFFu) << 6) >> 6;
-			 * const ut64 bl_target = pc + ((ut64) off26 << 2);
-			 * TODO: Implement renaming of bl_target.
-			 */
-
 			char *name = NULL;
 			if (!try_read_printable_cstr (bf, kext, name_va, &name)) {
 				continue;
@@ -2101,6 +2101,7 @@ static RList *find_class_registrations(RVecRBinSymbol *symbols, ut64 start_offse
 		}
 	}
 
+	free (tb.buf);
 	return classes;
 }
 
@@ -2446,6 +2447,13 @@ static const ut8 *text_ptr(const RKextTextBlob *tb, ut64 va) {
 	return tb->buf + (va - tb->va);
 }
 
+static const ut8 *text_ptr_n(const RKextTextBlob *tb, ut64 va, size_t n) {
+	if (va < tb->va || va + n > tb->va + tb->size) {
+		return NULL;
+	}
+	return tb->buf + (va - tb->va);
+}
+
 static bool try_read_exec_va(RBinFile *bf, RKext *kext, ut64 va, void *dst, size_t len) {
 	return r_buf_read_at (bf->buf, va - kext->pa2va_exec, dst, len) == len;
 }