관리-도구

편집 파일: sysc_io_submit.stp

# io_submit __________________________________________________
# long compat_sys_io_submit(aio_context_t ctx_id, int nr, u32 __user *iocb)
# long sys_io_submit(aio_context_t ctx_id, long nr, struct iocb __user * __user *iocbpp)
#

@define _SYSCALL_IO_SUBMIT_NAME
%(
	name = "io_submit"
%)

@define _SYSCALL_IO_SUBMIT_ARGSTR
%(
	argstr = sprintf("%u, %d, %p", ctx_id, nr, iocbpp_uaddr)
%)

@define _SYSCALL_IO_SUBMIT_REGARGS
%(
	ctx_id = ulong_arg(1)
	nr = @__compat_task ? int_arg(2) : long_arg(2)
	iocbpp_uaddr = pointer_arg(3)
%)

probe syscall.io_submit = dw_syscall.io_submit !, nd_syscall.io_submit ? {}
probe syscall.io_submit.return = dw_syscall.io_submit.return !, nd_syscall.io_submit.return ? {}

# dw_io_submit _____________________________________________________

probe dw_syscall.io_submit = __syscall.io_submit,
	kernel.function("compat_sys_io_submit").call ?
{
	@_SYSCALL_IO_SUBMIT_NAME
	ctx_id = @__compat_ulong($ctx_id)
	nr = @__compat_long($nr)
	iocbpp_uaddr = @choose_defined($iocbpp, $iocb)
	@_SYSCALL_IO_SUBMIT_ARGSTR
}
probe __syscall.io_submit = kernel.function("sys_io_submit").call
{
	@__syscall_gate(@const("__NR_io_submit"))
}
probe dw_syscall.io_submit.return = __syscall.io_submit.return,
	kernel.function("compat_sys_io_submit").return ?
{
	@_SYSCALL_IO_SUBMIT_NAME
	@SYSC_RETVALSTR($return)
}
probe __syscall.io_submit.return = kernel.function("sys_io_submit").return
{
	@__syscall_gate(@const("__NR_io_submit"))
}

# nd_io_submit _____________________________________________________

probe nd_syscall.io_submit = nd1_syscall.io_submit!, nd2_syscall.io_submit!, tp_syscall.io_submit
  { }

probe nd1_syscall.io_submit = __nd1_syscall.io_submit,
	kprobe.function("compat_sys_io_submit") ?
{
	@_SYSCALL_IO_SUBMIT_NAME
	asmlinkage()
	@_SYSCALL_IO_SUBMIT_REGARGS
	@_SYSCALL_IO_SUBMIT_ARGSTR
}
probe __nd1_syscall.io_submit = kprobe.function("sys_io_submit") ?
{
	@__syscall_gate(@const("__NR_io_submit"))
}

/* kernel 4.17+ */
probe nd2_syscall.io_submit = kprobe.function(@arch_syscall_prefix "sys_io_submit") ?,
	kprobe.function(@arch_syscall_prefix "compat_sys_io_submit") ?
{
	__set_syscall_pt_regs(pointer_arg(1))
	@_SYSCALL_IO_SUBMIT_NAME
	@_SYSCALL_IO_SUBMIT_REGARGS
	@_SYSCALL_IO_SUBMIT_ARGSTR
}

/* kernel 3.5+, but undesirable because it affects all syscalls */
probe tp_syscall.io_submit = kernel.trace("sys_enter")
{
	__set_syscall_pt_regs($regs)
	@__syscall_compat_gate(@const("__NR_io_submit"), @const("__NR_compat_io_submit"))
	@_SYSCALL_IO_SUBMIT_NAME
	@_SYSCALL_IO_SUBMIT_REGARGS
	@_SYSCALL_IO_SUBMIT_ARGSTR
}

probe nd_syscall.io_submit.return = nd1_syscall.io_submit.return!, nd2_syscall.io_submit.return!, tp_syscall.io_submit.return
  { }

probe nd1_syscall.io_submit.return = __nd1_syscall.io_submit.return,
	kprobe.function("compat_sys_io_submit").return ?
{
	@_SYSCALL_IO_SUBMIT_NAME
	@SYSC_RETVALSTR(returnval())
}
probe __nd1_syscall.io_submit.return = kprobe.function("sys_io_submit").return ?
{
	@__syscall_gate(@const("__NR_io_submit"))
}

/* kernel 4.17+ */
probe nd2_syscall.io_submit.return = kprobe.function(@arch_syscall_prefix "sys_io_submit").return ?,
	kprobe.function(@arch_syscall_prefix "compat_sys_io_submit").return ?
{
	@_SYSCALL_IO_SUBMIT_NAME
	@SYSC_RETVALSTR(returnval())
}

/* kernel 3.5+, but undesirable because it affects all syscalls */
probe tp_syscall.io_submit.return = kernel.trace("sys_exit")
{
	__set_syscall_pt_regs($regs)
	@__syscall_compat_gate(@const("__NR_io_submit"), @const("__NR_compat_io_submit"))
	@_SYSCALL_IO_SUBMIT_NAME
	@SYSC_RETVALSTR($ret)
}