관리-도구

편집 파일: sysc_copy_file_range.stp

# copy_file_range ___________________________________________ # SYSCALL_DEFINE6(copy_file_range, int, fd_in, loff_t __user *, off_in, # int, fd_out, loff_t __user *, off_out, # size_t, len, unsigned int, flags) @define _SYSCALL_COPY_FILE_RANGE_NAME %( name = "copy_file_range" %) @define _SYSCALL_COPY_FILE_RANGE_ARGSTR %( argstr = sprintf("%d, %p, %d, %p, %u, 0x%x", fd_in, off_in, fd_out, off_out, len, flags) %) @define _SYSCALL_COPY_FILE_RANGE_REGARGS %( fd_in = int_arg(1) off_in = pointer_arg(2) fd_out = int_arg(3) off_out = pointer_arg(4) len = ulong_arg(5) flags = uint_arg(6) %) probe syscall.copy_file_range = dw_syscall.copy_file_range !, nd_syscall.copy_file_range ? {} probe syscall.copy_file_range.return = dw_syscall.copy_file_range.return !, nd_syscall.copy_file_range.return ? {} # dw_copy_file_range _____________________________________________________ probe dw_syscall.copy_file_range = kernel.function("sys_copy_file_range").call ? { @_SYSCALL_COPY_FILE_RANGE_NAME fd_in = __int32($fd_in) off_in = @__pointer($off_in) fd_out = __int32($fd_out) off_out = @__pointer($off_out) len = __ulong($len) flags = __uint32($flags) @_SYSCALL_COPY_FILE_RANGE_ARGSTR } probe dw_syscall.copy_file_range.return = kernel.function("sys_copy_file_range").return ? { @_SYSCALL_COPY_FILE_RANGE_NAME @SYSC_RETVALSTR($return) } # nd_copy_file_range _____________________________________________________ probe nd_syscall.copy_file_range = nd1_syscall.copy_file_range!, nd2_syscall.copy_file_range!, tp_syscall.copy_file_range { } probe nd1_syscall.copy_file_range = kprobe.function("sys_copy_file_range").call ? { @_SYSCALL_COPY_FILE_RANGE_NAME @_SYSCALL_COPY_FILE_RANGE_REGARGS @_SYSCALL_COPY_FILE_RANGE_ARGSTR } /* kernel 4.17+ */ probe nd2_syscall.copy_file_range = kprobe.function(@arch_syscall_prefix "sys_copy_file_range") ? { __set_syscall_pt_regs(pointer_arg(1)) @_SYSCALL_COPY_FILE_RANGE_NAME @_SYSCALL_COPY_FILE_RANGE_REGARGS @_SYSCALL_COPY_FILE_RANGE_ARGSTR } /* kernel 3.5+, but undesirable because it affects all syscalls */ probe tp_syscall.copy_file_range = kernel.trace("sys_enter") { __set_syscall_pt_regs($regs) @__syscall_compat_gate(@const("__NR_copy_file_range"), @const("__NR_compat_copy_file_range")) @_SYSCALL_COPY_FILE_RANGE_NAME @_SYSCALL_COPY_FILE_RANGE_REGARGS @_SYSCALL_COPY_FILE_RANGE_ARGSTR } probe nd_syscall.copy_file_range.return = nd1_syscall.copy_file_range.return!, nd2_syscall.copy_file_range.return!, tp_syscall.copy_file_range.return { } probe nd1_syscall.copy_file_range.return = kprobe.function("sys_copy_file_range").return ? { @_SYSCALL_COPY_FILE_RANGE_NAME @SYSC_RETVALSTR(returnval()) } /* kernel 4.17+ */ probe nd2_syscall.copy_file_range.return = kprobe.function(@arch_syscall_prefix "sys_copy_file_range").return ? { @_SYSCALL_COPY_FILE_RANGE_NAME @SYSC_RETVALSTR(returnval()) } /* kernel 3.5+, but undesirable because it affects all syscalls */ probe tp_syscall.copy_file_range.return = kernel.trace("sys_exit") { __set_syscall_pt_regs($regs) @__syscall_compat_gate(@const("__NR_copy_file_range"), @const("__NR_compat_copy_file_range")) @_SYSCALL_COPY_FILE_RANGE_NAME @SYSC_RETVALSTR($ret) }