관리-도구

편집 파일: sysc_get_robust_list.stp

# get_robust_list ____________________________________________ # SYSCALL_DEFINE3(get_robust_list, int, pid, # struct robust_list_head __user * __user *, head_ptr, # size_t __user *, len_ptr) # COMPAT_SYSCALL_DEFINE3(get_robust_list, int, pid, # compat_uptr_t __user *, head_ptr, # compat_size_t __user *, len_ptr) @define _SYSCALL_GET_ROBUST_LIST_NAME %( name = "get_robust_list" %) @define _SYSCALL_GET_ROBUST_LIST_ARGSTR %( argstr = sprintf("%d, %p, %p", pid, list_head_uaddr, len_uaddr) %) @define _SYSCALL_GET_ROBUST_LIST_REGARGS %( pid = int_arg(1) list_head_uaddr = pointer_arg(2) len_uaddr = pointer_arg(3) %) probe syscall.get_robust_list = dw_syscall.get_robust_list !, nd_syscall.get_robust_list ? {} probe syscall.get_robust_list.return = dw_syscall.get_robust_list.return !, nd_syscall.get_robust_list.return ? {} # dw_get_robust_list _____________________________________________________ probe dw_syscall.get_robust_list = __syscall.get_robust_list ?, kernel.function("compat_sys_get_robust_list") ? { @_SYSCALL_GET_ROBUST_LIST_NAME pid = __int32($pid) list_head_uaddr = @__pointer($head_ptr) len_uaddr = @__pointer($len_ptr) @_SYSCALL_GET_ROBUST_LIST_ARGSTR } probe __syscall.get_robust_list = kernel.function("sys_get_robust_list") { @__syscall_gate_compat_simple } probe dw_syscall.get_robust_list.return = __syscall.get_robust_list.return ?, kernel.function("compat_sys_get_robust_list").return ? { @_SYSCALL_GET_ROBUST_LIST_NAME @SYSC_RETVALSTR($return) } probe __syscall.get_robust_list.return = kernel.function("sys_get_robust_list").return { @__syscall_gate_compat_simple } # nd_get_robust_list _____________________________________________________ probe nd_syscall.get_robust_list = nd1_syscall.get_robust_list!, nd2_syscall.get_robust_list!, tp_syscall.get_robust_list { } probe nd1_syscall.get_robust_list = __nd1_syscall.get_robust_list ?, kprobe.function("compat_sys_get_robust_list") ? { @_SYSCALL_GET_ROBUST_LIST_NAME asmlinkage() @_SYSCALL_GET_ROBUST_LIST_REGARGS @_SYSCALL_GET_ROBUST_LIST_ARGSTR } probe __nd1_syscall.get_robust_list = kprobe.function("sys_get_robust_list") { @__syscall_gate_compat_simple } /* kernel 4.17+ */ probe nd2_syscall.get_robust_list = kprobe.function(@arch_syscall_prefix "sys_get_robust_list") ?, kprobe.function(@arch_syscall_prefix "compat_sys_get_robust_list") ? { __set_syscall_pt_regs(pointer_arg(1)) @_SYSCALL_GET_ROBUST_LIST_NAME @_SYSCALL_GET_ROBUST_LIST_REGARGS @_SYSCALL_GET_ROBUST_LIST_ARGSTR } /* kernel 3.5+, but undesirable because it affects all syscalls */ probe tp_syscall.get_robust_list = kernel.trace("sys_enter") { __set_syscall_pt_regs($regs) @__syscall_compat_gate(@const("__NR_get_robust_list"), @const("__NR_compat_get_robust_list")) @_SYSCALL_GET_ROBUST_LIST_NAME @_SYSCALL_GET_ROBUST_LIST_REGARGS @_SYSCALL_GET_ROBUST_LIST_ARGSTR } probe nd_syscall.get_robust_list.return = nd1_syscall.get_robust_list.return!, nd2_syscall.get_robust_list.return!, tp_syscall.get_robust_list.return { } probe nd1_syscall.get_robust_list.return = __nd1_syscall.get_robust_list.return ?, kprobe.function("compat_sys_get_robust_list").return ? { @_SYSCALL_GET_ROBUST_LIST_NAME @SYSC_RETVALSTR(returnval()) } probe __nd1_syscall.get_robust_list.return = kprobe.function("sys_get_robust_list").return { @__syscall_gate_compat_simple } /* kernel 4.17+ */ probe nd2_syscall.get_robust_list.return = kprobe.function(@arch_syscall_prefix "sys_get_robust_list").return ?, kprobe.function(@arch_syscall_prefix "compat_sys_get_robust_list").return ? { @_SYSCALL_GET_ROBUST_LIST_NAME @SYSC_RETVALSTR(returnval()) } /* kernel 3.5+, but undesirable because it affects all syscalls */ probe tp_syscall.get_robust_list.return = kernel.trace("sys_exit") { __set_syscall_pt_regs($regs) @__syscall_compat_gate(@const("__NR_get_robust_list"), @const("__NR_compat_get_robust_list")) @_SYSCALL_GET_ROBUST_LIST_NAME @SYSC_RETVALSTR($ret) }