관리-도구

편집 파일: sysc_msgctl.stp

# msgctl _____________________________________________________ # long sys_msgctl (int msqid, int cmd, struct msqid_ds __user *buf) # @define _SYSCALL_MSGCTL_NAME %( name = "msgctl" %) @define _SYSCALL_MSGCTL_ARGSTR %( argstr = sprintf("%d, %s, %p", msqid, cmd_str, buf_uaddr) %) @define _SYSCALL_MSGCTL_REGARGS %( msqid = int_arg(1) cmd = int_arg(2) cmd_str = _stp_msgctl_cmd_str(cmd) buf_uaddr = pointer_arg(3) %) @define _SYSCALL_IPC_MSGCTL_REGARGS %( msqid = int_arg(2) cmd = int_arg(3) cmd_str = _stp_msgctl_cmd_str(cmd) buf_uaddr = pointer_arg(5) %) probe syscall.msgctl = dw_syscall.msgctl !, nd_syscall.msgctl ? {} probe syscall.msgctl.return = dw_syscall.msgctl.return !, nd_syscall.msgctl.return ? {} # dw_msgctl _____________________________________________________ probe dw_syscall.msgctl = kernel.function("sys_msgctl").call ? { @__syscall_gate2(@const("__NR_msgctl"), @const("__NR_ipc")) @_SYSCALL_MSGCTL_NAME msqid = __int32($msqid) cmd = __int32($cmd) cmd_str = _stp_msgctl_cmd_str(__int32($cmd)) buf_uaddr = $buf @_SYSCALL_MSGCTL_ARGSTR } probe dw_syscall.msgctl.return = kernel.function("sys_msgctl").return ? { @__syscall_gate2(@const("__NR_msgctl"), @const("__NR_ipc")) @_SYSCALL_MSGCTL_NAME @SYSC_RETVALSTR($return) } # nd_msgctl _____________________________________________________ probe nd_syscall.msgctl = nd1_syscall.msgctl!, nd2_syscall.msgctl!, tp_syscall.msgctl { } probe nd1_syscall.msgctl = kprobe.function("sys_msgctl") ? { @__syscall_gate2(@const("__NR_msgctl"), @const("__NR_ipc")) @_SYSCALL_MSGCTL_NAME asmlinkage() @_SYSCALL_MSGCTL_REGARGS @_SYSCALL_MSGCTL_ARGSTR } /* kernel 4.17+ */ probe nd2_syscall.msgctl = kprobe.function(@arch_syscall_prefix "sys_msgctl") ? { __set_syscall_pt_regs(pointer_arg(1)) @_SYSCALL_MSGCTL_NAME @_SYSCALL_MSGCTL_REGARGS @_SYSCALL_MSGCTL_ARGSTR } /* kernel 3.5+, but undesirable because it affects all syscalls */ probe tp_syscall.msgctl = kernel.trace("sys_enter") { __set_syscall_pt_regs($regs) @__syscall_gate(@const("__NR_msgctl")) @_SYSCALL_MSGCTL_NAME @_SYSCALL_MSGCTL_REGARGS @_SYSCALL_MSGCTL_ARGSTR } probe nd_syscall.msgctl.return = nd1_syscall.msgctl.return!, nd2_syscall.msgctl.return!, tp_syscall.msgctl.return { } probe nd1_syscall.msgctl.return = kprobe.function("sys_msgctl").return ? { @__syscall_gate2(@const("__NR_msgctl"), @const("__NR_ipc")) @_SYSCALL_MSGCTL_NAME @SYSC_RETVALSTR(returnval()) } /* kernel 4.17+ */ probe nd2_syscall.msgctl.return = kprobe.function(@arch_syscall_prefix "sys_msgctl").return ? { @_SYSCALL_MSGCTL_NAME @SYSC_RETVALSTR(returnval()) } /* kernel 3.5+, but undesirable because it affects all syscalls */ probe tp_syscall.msgctl.return = kernel.trace("sys_exit") { __set_syscall_pt_regs($regs) @__syscall_gate(@const("__NR_msgctl")) @_SYSCALL_MSGCTL_NAME @SYSC_RETVALSTR($ret) } # compat_sys_msgctl ________________________________________ # # long compat_sys_msgctl(int first, int second, void __user *uptr) # ifdef CONFIG_ARCH_WANT_OLD_COMPAT_IPC # COMPAT_SYSCALL_DEFINE6(ipc, u32, call, int, first, int, second, # u32, third, compat_uptr_t, ptr, u32, fifth) # endif # probe syscall.compat_sys_msgctl = dw_syscall.compat_sys_msgctl !, nd_syscall.compat_sys_msgctl ? {} probe syscall.compat_sys_msgctl.return = dw_syscall.compat_sys_msgctl.return !, nd_syscall.compat_sys_msgctl.return ? {} # dw_compat_sys_msgctl _____________________________________________________ probe dw_syscall.compat_sys_msgctl = __syscall.compat_msgctl ?, __syscall.compat_ipc.msgctl ? { @_SYSCALL_MSGCTL_NAME cmd_str = _stp_msgctl_cmd_str(cmd) @_SYSCALL_MSGCTL_ARGSTR } probe __syscall.compat_msgctl = kernel.function("compat_sys_msgctl").call ? { @__compat_syscall_gate_negative(@const("__NR_compat_ipc")) msqid = __int32(@choose_defined($first, $msqid)) cmd = __int32(@choose_defined($second, $cmd)) buf_uaddr = $uptr } probe __syscall.compat_ipc.msgctl = kernel.function("compat_sys_ipc").call ?, kernel.function("sys32_ipc").call ? { if (($call & 0xffff) != @const("MSGCTL")) next; msqid = __int32($first) cmd = __int32($second) buf_uaddr = $ptr } probe dw_syscall.compat_sys_msgctl.return = __syscall.compat_sys_msgctl.return ?, __syscall.compat_ipc.msgctl.return ? { @_SYSCALL_MSGCTL_NAME @SYSC_RETVALSTR($return) } probe __syscall.compat_sys_msgctl.return = kernel.function("compat_sys_msgctl").return ? { @__compat_syscall_gate_negative(@const("__NR_compat_ipc")) } probe __syscall.compat_ipc.msgctl.return = kernel.function("compat_sys_ipc").return ?, kernel.function("sys32_ipc").return ? { if ((@entry($call) & 0xffff) != @const("MSGCTL")) next; } # nd_compat_sys_msgctl _____________________________________________________ probe nd_syscall.compat_sys_msgctl = nd1_syscall.compat_sys_msgctl!, nd2_syscall.compat_sys_msgctl!, tp_syscall.compat_sys_msgctl { } probe nd1_syscall.compat_sys_msgctl = __nd1_syscall.compat_msgctl ?, __nd1_syscall.compat_ipc.msgctl ? { @_SYSCALL_MSGCTL_NAME asmlinkage() @_SYSCALL_MSGCTL_ARGSTR } probe __nd1_syscall.compat_msgctl = kprobe.function("compat_sys_msgctl") ? { @__compat_syscall_gate_negative(@const("__NR_compat_ipc")) asmlinkage() @_SYSCALL_MSGCTL_REGARGS } probe __nd1_syscall.compat_ipc.msgctl = kprobe.function("compat_sys_ipc") ?, kprobe.function("sys32_ipc") ? { asmlinkage() if ((uint_arg(1) & 0xffff) != @const("MSGCTL")) next; @_SYSCALL_IPC_MSGCTL_REGARGS } /* kernel 4.17+ */ probe nd2_syscall.compat_sys_msgctl = kprobe.function(@arch_syscall_prefix "compat_sys_ipc") ? { __set_syscall_pt_regs(pointer_arg(1)) if ((uint_arg(1) & 0xffff) != @const("MSGCTL")) next; @_SYSCALL_MSGCTL_NAME @_SYSCALL_IPC_MSGCTL_REGARGS @_SYSCALL_MSGCTL_ARGSTR } /* kernel 3.5+, but undesirable because it affects all syscalls */ probe tp_syscall.compat_sys_msgctl = kernel.trace("sys_enter") { __set_syscall_pt_regs($regs) @__compat_syscall_gate(@const("__NR_compat_ipc")) if ((uint_arg(1) & 0xffff) != @const("MSGCTL")) next; @_SYSCALL_MSGCTL_NAME @_SYSCALL_IPC_MSGCTL_REGARGS @_SYSCALL_MSGCTL_ARGSTR } probe nd_syscall.compat_sys_msgctl.return = nd1_syscall.compat_sys_msgctl.return!, nd2_syscall.compat_sys_msgctl.return!, tp_syscall.compat_sys_msgctl.return { } probe nd1_syscall.compat_sys_msgctl.return = __nd1_syscall.compat_sys_msgctl.return ?, __nd1_syscall.compat_ipc.msgctl.return ? { @_SYSCALL_MSGCTL_NAME @SYSC_RETVALSTR(returnval()) } probe __nd1_syscall.compat_sys_msgctl.return = kprobe.function("compat_sys_msgctl").return ? { @__compat_syscall_gate_negative(@const("__NR_compat_ipc")) } probe __nd1_syscall.compat_ipc.msgctl.return = kprobe.function("compat_sys_ipc").return ?, kprobe.function("sys32_ipc").return ? { if ((@entry(__asmlinkage_int_arg(1)) & 0xffff) != @const("MSGCTL")) next; } /* kernel 4.17+ */ probe nd2_syscall.compat_sys_msgctl.return = kprobe.function(@arch_syscall_prefix "compat_sys_ipc").return ? { __set_syscall_pt_regs(@entry(pointer_arg(1))) if ((uint_arg(1) & 0xffff) != @const("MSGCTL")) next; @_SYSCALL_MSGCTL_NAME @SYSC_RETVALSTR(returnval()) } /* kernel 3.5+, but undesirable because it affects all syscalls */ probe tp_syscall.compat_sys_msgctl.return = kernel.trace("sys_exit") { __set_syscall_pt_regs($regs) @__compat_syscall_gate(@const("__NR_compat_ipc")) if ((uint_arg(1) & 0xffff) != @const("MSGCTL")) next; @_SYSCALL_MSGCTL_NAME @SYSC_RETVALSTR($ret) }