관리-도구

편집 파일: sysc_epoll_pwait.stp

# epoll_pwait _________________________________________________ # # long sys_epoll_pwait(int epfd, struct epoll_event __user *events, # int maxevents, int timeout, const sigset_t __user *sigmask, # size_t sigsetsize) # long compat_sys_epoll_pwait(int epfd, # struct compat_epoll_event __user *events, # int maxevents, int timeout, # const compat_sigset_t __user *sigmask, # compat_size_t sigsetsize) # @define _SYSCALL_EPOLL_PWAIT_NAME %( name = "epoll_pwait" %) @define _SYSCALL_EPOLL_PWAIT_ARGSTR %( argstr = sprintf("%d, %p, %d, %d, %p, %d", epfd, events_uaddr, maxevents, timeout, sigmask_uaddr, sigsetsize) %) @define _SYSCALL_EPOLL_PWAIT_REGARGS %( epfd = int_arg(1) events_uaddr = pointer_arg(2) maxevents = int_arg(3) timeout = int_arg(4) sigmask_uaddr = pointer_arg(5) sigsetsize = ulong_arg(6) %) probe syscall.epoll_pwait = dw_syscall.epoll_pwait !, nd_syscall.epoll_pwait ? {} probe syscall.epoll_pwait.return = dw_syscall.epoll_pwait.return !, nd_syscall.epoll_pwait.return ? {} # dw_epoll_pwait _____________________________________________________ probe dw_syscall.epoll_pwait = kernel.function("compat_sys_epoll_pwait").call ?, kernel.function("sys_epoll_pwait").call ? { @_SYSCALL_EPOLL_PWAIT_NAME epfd = __int32($epfd) events_uaddr = @__pointer($events) maxevents = __int32($maxevents) timeout = __int32($timeout) sigmask_uaddr = @__pointer($sigmask) sigsetsize = $sigsetsize @_SYSCALL_EPOLL_PWAIT_ARGSTR } probe dw_syscall.epoll_pwait.return = kernel.function("compat_sys_epoll_pwait").return ?, kernel.function("sys_epoll_pwait").return ? { @_SYSCALL_EPOLL_PWAIT_NAME @SYSC_RETVALSTR($return) } # nd_epoll_pwait _____________________________________________________ probe nd_syscall.epoll_pwait = nd1_syscall.epoll_pwait!, nd2_syscall.epoll_pwait!, tp_syscall.epoll_pwait { } probe nd1_syscall.epoll_pwait = kprobe.function("compat_sys_epoll_pwait") ?, kprobe.function("sys_epoll_pwait") ? { @_SYSCALL_EPOLL_PWAIT_NAME asmlinkage() @_SYSCALL_EPOLL_PWAIT_REGARGS @_SYSCALL_EPOLL_PWAIT_ARGSTR } /* kernel 4.17+ */ probe nd2_syscall.epoll_pwait = kprobe.function(@arch_syscall_prefix "sys_epoll_pwait") ? { __set_syscall_pt_regs(pointer_arg(1)) @_SYSCALL_EPOLL_PWAIT_NAME @_SYSCALL_EPOLL_PWAIT_REGARGS @_SYSCALL_EPOLL_PWAIT_ARGSTR } /* kernel 3.5+, but undesirable because it affects all syscalls */ probe tp_syscall.epoll_pwait = kernel.trace("sys_enter") { __set_syscall_pt_regs($regs) @__syscall_compat_gate(@const("__NR_epoll_pwait"), @const("__NR_compat_epoll_pwait")) @_SYSCALL_EPOLL_PWAIT_NAME @_SYSCALL_EPOLL_PWAIT_REGARGS @_SYSCALL_EPOLL_PWAIT_ARGSTR } probe nd_syscall.epoll_pwait.return = nd1_syscall.epoll_pwait.return!, nd2_syscall.epoll_pwait.return!, tp_syscall.epoll_pwait.return { } probe nd1_syscall.epoll_pwait.return = kprobe.function("compat_sys_epoll_pwait").return ?, kprobe.function("sys_epoll_pwait").return ? { @_SYSCALL_EPOLL_PWAIT_NAME @SYSC_RETVALSTR(returnval()) } /* kernel 4.17+ */ probe nd2_syscall.epoll_pwait.return = kprobe.function(@arch_syscall_prefix "sys_epoll_pwait").return ? { @_SYSCALL_EPOLL_PWAIT_NAME @SYSC_RETVALSTR(returnval()) } /* kernel 3.5+, but undesirable because it affects all syscalls */ probe tp_syscall.epoll_pwait.return = kernel.trace("sys_exit") { __set_syscall_pt_regs($regs) @__syscall_compat_gate(@const("__NR_epoll_pwait"), @const("__NR_compat_epoll_pwait")) @_SYSCALL_EPOLL_PWAIT_NAME @SYSC_RETVALSTR($ret) }