관리-도구

편집 파일: sysc_io_getevents.stp

# io_getevents _______________________________________________ # long sys_io_getevents(aio_context_t ctx_id, # long min_nr, # long nr, # struct io_event __user *events, # struct timespec __user *timeout) # long compat_sys_io_getevents(aio_context_t ctx_id, # long min_nr, # long nr, # struct io_event __user *events, # struct compat_timespec __user *timeout) # @define _SYSCALL_IO_GETEVENTS_NAME %( name = "io_getevents" %) @define _SYSCALL_IO_GETEVENTS_ARGSTR %( argstr = sprintf("%u, %d, %d, %p, %s", ctx_id, min_nr, nr, events_uaddr, timestr) %) @define _SYSCALL_IO_GETEVENTS_REGARGS %( ctx_id = ulong_arg(1) min_nr = @__compat_task ? int_arg(2) : long_arg(2) nr = @__compat_task ? int_arg(3) : long_arg(3) events_uaddr = pointer_arg(4) timeout_uaddr = pointer_arg(5) timestr = (@__compat_task ? _struct_compat_timespec_u(timeout_uaddr, 1) : _struct_timespec_u(timeout_uaddr, 1)) %) probe syscall.io_getevents = dw_syscall.io_getevents !, nd_syscall.io_getevents ? {} probe syscall.io_getevents.return = dw_syscall.io_getevents.return !, nd_syscall.io_getevents.return ? {} # dw_io_getevents _____________________________________________________ probe dw_syscall.io_getevents = __syscall.io_getevents ?, kernel.function("compat_sys_io_getevents").call ? { @_SYSCALL_IO_GETEVENTS_NAME ctx_id = @__compat_ulong($ctx_id) events_uaddr = $events timeout_uaddr = $timeout nr = @__compat_long($nr) min_nr = @__compat_long($min_nr) timestr = (@__compat_task ? _struct_compat_timespec_u($timeout, 1) : _struct_timespec_u($timeout, 1)) @_SYSCALL_IO_GETEVENTS_ARGSTR } probe __syscall.io_getevents = kernel.function("sys_io_getevents").call { @__syscall_gate(@const("__NR_io_getevents")) } probe dw_syscall.io_getevents.return = __syscall.io_getevents.return, kernel.function("compat_sys_io_getevents").return ? { @_SYSCALL_IO_GETEVENTS_NAME @SYSC_RETVALSTR($return) } probe __syscall.io_getevents.return = kernel.function("sys_io_getevents").return ? { @__syscall_gate(@const("__NR_io_getevents")) } # nd_io_getevents _____________________________________________________ probe nd_syscall.io_getevents = nd1_syscall.io_getevents!, nd2_syscall.io_getevents!, tp_syscall.io_getevents { } probe nd1_syscall.io_getevents = __nd1_syscall.io_getevents ?, kprobe.function("compat_sys_io_getevents") ? { @_SYSCALL_IO_GETEVENTS_NAME asmlinkage() @_SYSCALL_IO_GETEVENTS_REGARGS @_SYSCALL_IO_GETEVENTS_ARGSTR } probe __nd1_syscall.io_getevents = kprobe.function("sys_io_getevents") { @__syscall_gate_compat_simple } /* kernel 4.17+ */ probe nd2_syscall.io_getevents = kprobe.function(@arch_syscall_prefix "sys_io_getevents") ?, kprobe.function(@arch_syscall_prefix "compat_sys_io_getevents") ? { __set_syscall_pt_regs(pointer_arg(1)) @_SYSCALL_IO_GETEVENTS_NAME @_SYSCALL_IO_GETEVENTS_REGARGS @_SYSCALL_IO_GETEVENTS_ARGSTR } /* kernel 3.5+, but undesirable because it affects all syscalls */ probe tp_syscall.io_getevents = kernel.trace("sys_enter") { __set_syscall_pt_regs($regs) @__syscall_compat_gate(@const("__NR_io_getevents"), @const("__NR_compat_io_getevents")) @_SYSCALL_IO_GETEVENTS_NAME @_SYSCALL_IO_GETEVENTS_REGARGS @_SYSCALL_IO_GETEVENTS_ARGSTR } probe nd_syscall.io_getevents.return = nd1_syscall.io_getevents.return!, nd2_syscall.io_getevents.return!, tp_syscall.io_getevents.return { } probe nd1_syscall.io_getevents.return = __nd1_syscall.io_getevents.return, kprobe.function("compat_sys_io_getevents").return ? { @_SYSCALL_IO_GETEVENTS_NAME @SYSC_RETVALSTR(returnval()) } probe __nd1_syscall.io_getevents.return = kprobe.function("sys_io_getevents").return ? { @__syscall_gate_compat_simple } /* kernel 4.17+ */ probe nd2_syscall.io_getevents.return = kprobe.function(@arch_syscall_prefix "sys_io_getevents").return ?, kprobe.function(@arch_syscall_prefix "compat_sys_io_getevents").return ? { @_SYSCALL_IO_GETEVENTS_NAME @SYSC_RETVALSTR(returnval()) } /* kernel 3.5+, but undesirable because it affects all syscalls */ probe tp_syscall.io_getevents.return = kernel.trace("sys_exit") { __set_syscall_pt_regs($regs) @__syscall_compat_gate(@const("__NR_io_getevents"), @const("__NR_compat_io_getevents")) @_SYSCALL_IO_GETEVENTS_NAME @SYSC_RETVALSTR($ret) }