관리-도구

편집 파일: sysc_msgrcv.stp

# msgrcv _____________________________________________________
# long sys_msgrcv (int msqid,
#             struct msgbuf __user *msgp,
#             size_t msgsz,
#             long msgtyp,
#             int msgflg)
#

@define _SYSCALL_MSGRCV_NAME
%(
	name = "msgrcv"
%)

@define _SYSCALL_MSGRCV_ARGSTR
%(
	argstr = sprintf("%d, %p, %u, %d, %s", msqid, msgp_uaddr, msgsz,
	                 msgtyp, msgflg_str)
%)

@define _SYSCALL_MSGRCV_REGARGS
%(
	msqid = int_arg(1)
	msgp_uaddr = pointer_arg(2)
	msgsz = ulong_arg(3)
	msgtyp = long_arg(4)
	msgflg = int_arg(5)
	msgflg_str = _stp_msgflg_str(msgflg)
%)

probe syscall.msgrcv = dw_syscall.msgrcv !, nd_syscall.msgrcv ? {}
probe syscall.msgrcv.return = dw_syscall.msgrcv.return !,
                              nd_syscall.msgrcv.return ? {}

# dw_msgrcv _____________________________________________________

probe dw_syscall.msgrcv = kernel.function("sys_msgrcv").call ?
{
	@__syscall_gate_compat_simple
	@_SYSCALL_MSGRCV_NAME
	msqid = __int32($msqid)
	msgp_uaddr = $msgp
	msgsz = __ulong($msgsz)
	msgtyp = $msgtyp
	msgflg = __int32($msgflg)
	msgflg_str = _stp_msgflg_str(__int32($msgflg))
	@_SYSCALL_MSGRCV_ARGSTR
}
probe dw_syscall.msgrcv.return = kernel.function("sys_msgrcv").return ?
{
	@__syscall_gate_compat_simple
	@_SYSCALL_MSGRCV_NAME
	@SYSC_RETVALSTR($return)
}

# nd_msgrcv _____________________________________________________

probe nd_syscall.msgrcv = nd1_syscall.msgrcv!, nd2_syscall.msgrcv!, tp_syscall.msgrcv
  { }

probe nd1_syscall.msgrcv = kprobe.function("sys_msgrcv") ?
{
	@__syscall_gate_compat_simple
	@_SYSCALL_MSGRCV_NAME
	asmlinkage()
	@_SYSCALL_MSGRCV_REGARGS
	@_SYSCALL_MSGRCV_ARGSTR
}

/* kernel 4.17+ */
probe nd2_syscall.msgrcv = kprobe.function(@arch_syscall_prefix "sys_msgrcv") ?
{
	__set_syscall_pt_regs(pointer_arg(1))
	@_SYSCALL_MSGRCV_NAME
	@_SYSCALL_MSGRCV_REGARGS
	@_SYSCALL_MSGRCV_ARGSTR
}

/* kernel 3.5+, but undesirable because it affects all syscalls */
probe tp_syscall.msgrcv = kernel.trace("sys_enter")
{
	__set_syscall_pt_regs($regs)
	@__syscall_gate(@const("__NR_msgrcv"))
	@_SYSCALL_MSGRCV_NAME
	@_SYSCALL_MSGRCV_REGARGS
	@_SYSCALL_MSGRCV_ARGSTR
}

probe nd_syscall.msgrcv.return = nd1_syscall.msgrcv.return!, nd2_syscall.msgrcv.return!, tp_syscall.msgrcv.return
  { }
  
probe nd1_syscall.msgrcv.return = kprobe.function("sys_msgrcv").return ?
{
	@__syscall_gate_compat_simple
	@_SYSCALL_MSGRCV_NAME
	@SYSC_RETVALSTR(returnval())
}

/* kernel 4.17+ */
probe nd2_syscall.msgrcv.return = kprobe.function(@arch_syscall_prefix "sys_msgrcv").return ?
{
	@_SYSCALL_MSGRCV_NAME
	@SYSC_RETVALSTR(returnval())
}
 
/* kernel 3.5+, but undesirable because it affects all syscalls */
probe tp_syscall.msgrcv.return = kernel.trace("sys_exit")
{
	__set_syscall_pt_regs($regs)
	@__syscall_gate(@const("__NR_msgrcv"))
	@_SYSCALL_MSGRCV_NAME
	@SYSC_RETVALSTR($ret)
}

# compat_sys_msgrcv ________________________________________
#
# long compat_sys_msgrcv(int first, int second, int msgtyp, int third,
#			int version, void __user *uptr)
# COMPAT_SYSCALL_DEFINE5(msgrcv, int, msqid, compat_uptr_t, msgp,
#		       compat_ssize_t, msgsz, long, msgtyp, int, msgflg)
# ifdef CONFIG_ARCH_WANT_OLD_COMPAT_IPC
#  COMPAT_SYSCALL_DEFINE6(ipc, u32, call, int, first, int, second,
#	u32, third, compat_uptr_t, ptr, u32, fifth)
# endif
#

probe syscall.compat_sys_msgrcv = dw_syscall.compat_sys_msgrcv !,
                                  nd_syscall.compat_sys_msgrcv ? {}
probe syscall.compat_sys_msgrcv.return = dw_syscall.compat_sys_msgrcv.return !,
                                         nd_syscall.compat_sys_msgrcv.return ? {}

# dw_compat_sys_msgrcv _____________________________________________________

probe dw_syscall.compat_sys_msgrcv = __syscall.compat_msgrcv ?,
	__syscall.compat_ipc.msgrcv ?
{
	@_SYSCALL_MSGRCV_NAME
	msgflg_str = _stp_msgflg_str(msgflg)
	@_SYSCALL_MSGRCV_ARGSTR
}
probe __syscall.compat_msgrcv = kernel.function("compat_sys_msgrcv").call ?
{
	@__compat_syscall_gate_negative(@const("__NR_compat_ipc"))
	msqid = __int32(@choose_defined($msqid, $first))
	if (@defined($version)) {
		msgp_uaddr = _stp_compat_msgrcv_msgbuf($uptr, $version)
		msgtyp = _stp_compat_msgrcv_msgtyp($uptr, $version, $msgtyp)
	}
	else {
		msgp_uaddr = $msgp
		msgtyp = __int32($msgtyp)
	}
	msgsz = __uint32(@choose_defined($msgsz, $second))
	msgflg = __int32(@choose_defined($msgflg, $third))
}
probe __syscall.compat_ipc.msgrcv = kernel.function("compat_sys_ipc").call ?,
				    kernel.function("sys32_ipc").call ?
{
	if (($call & 0xffff) != @const("MSGRCV")) next;
	msqid = __int32($first)
	msgsz = __uint32($second)
	msgflg = __int32($third)

# __version isn't quite correct (it should be shifted down 16
	# bits), but all we really need is zero/non-zero.
	__version = $call & 0xffff0000
	msgp_uaddr = _stp_compat_msgrcv_msgbuf($ptr, __version)
	msgtyp = _stp_compat_msgrcv_msgtyp($ptr, __version,
					   @choose_defined($fifth, 0))
}
probe dw_syscall.compat_sys_msgrcv.return =
	__syscall.compat_sys_msgrcv.return ?,
	__syscall.compat_ipc.msgrcv.return ?
{
	@_SYSCALL_MSGRCV_NAME
	@SYSC_RETVALSTR($return)
}
probe __syscall.compat_sys_msgrcv.return =
	kernel.function("compat_sys_msgrcv").return ?
{
	@__compat_syscall_gate_negative(@const("__NR_compat_ipc"))
}
probe __syscall.compat_ipc.msgrcv.return =
	kernel.function("compat_sys_ipc").return ?,
	kernel.function("sys32_ipc").return ?
{
	if ((@entry($call) & 0xffff) != @const("MSGRCV")) next;
}

# nd_compat_sys_msgrcv _____________________________________________________

probe nd_syscall.compat_sys_msgrcv = nd1_syscall.compat_sys_msgrcv!, nd2_syscall.compat_sys_msgrcv!, tp_syscall.compat_sys_msgrcv
  { }

probe nd1_syscall.compat_sys_msgrcv = __nd1_syscall.compat_msgrcv ?,
	__nd1_syscall.compat_ipc.msgrcv ?
{
	@_SYSCALL_MSGRCV_NAME
	msgflg_str = _stp_msgflg_str(msgflg)
	@_SYSCALL_MSGRCV_ARGSTR
}
probe __nd1_syscall.compat_msgrcv = kprobe.function("compat_sys_msgrcv") ?
{
	@__compat_syscall_gate_negative(@const("__NR_compat_ipc"))
	asmlinkage()
	msqid = int_arg(1)
%(kernel_v >= "3.15.0" %?
	msgp_uaddr = pointer_arg(2)
	msgsz = uint_arg(3)
	msgtyp = long_arg(4)
	msgflg = int_arg(5)
%:
	__version = int_arg(5)
	__uptr = pointer_arg(6)
	msgp_uaddr = _stp_compat_msgrcv_msgbuf(__uptr, __version)
	msgtyp = _stp_compat_msgrcv_msgtyp(__uptr, __version, int_arg(3))
	msgsz = uint_arg(2)
	msgflg = int_arg(4)
%)
}

// What is going on here? compat_sys_ipc() takes 6 arguments and
// sys32_ipc() takes 5. That last extra argument is passed to
// _stp_compat_msgrcv_msgtype(). So, we'll need to break this down
// into 2 subprobes. To make sure we keep things in sync, we'll put the
// common code in a macro.
@define __ND_SYSCALL_COMPAT_IPC_MSGRCV_CODE
%(
	asmlinkage()
	if ((uint_arg(1) & 0xffff) != @const("MSGRCV")) next;
	msqid = int_arg(2)
	msgsz = uint_arg(3)
	msgflg = int_arg(4)

# __version isn't quite correct (it should be shifted down 16
	# bits), but all we really need is zero/non-zero.
	__version = uint_arg(1) & 0xffff0000
	__uptr = pointer_arg(5)
	msgp_uaddr = _stp_compat_msgrcv_msgbuf(__uptr, __version)
%)

probe __nd1_syscall.compat_ipc.msgrcv = __nd1_syscall.compat_sys_ipc.msgrcv ?,
				       __nd1_syscall.sys32_ipc.msgrcv ?
{
}
probe __nd1_syscall.compat_sys_ipc.msgrcv = kprobe.function("compat_sys_ipc") ?
{
	@__ND_SYSCALL_COMPAT_IPC_MSGRCV_CODE
	msgtyp = _stp_compat_msgrcv_msgtyp(__uptr, __version, int_arg(6))
}
probe __nd1_syscall.sys32_ipc.msgrcv = kprobe.function("sys32_ipc") ?
{
	@__ND_SYSCALL_COMPAT_IPC_MSGRCV_CODE
	msgtyp = _stp_compat_msgrcv_msgtyp(__uptr, __version, 0)
}

/* kernel 4.17+ */
probe nd2_syscall.compat_sys_msgrcv = kprobe.function(@arch_syscall_prefix "compat_sys_ipc") ?
{
	__set_syscall_pt_regs(pointer_arg(1))
	@_SYSCALL_MSGRCV_NAME
	@__ND_SYSCALL_COMPAT_IPC_MSGRCV_CODE
	msgtyp = _stp_compat_msgrcv_msgtyp(__uptr, __version, int_arg(6))
	msgflg_str = _stp_msgflg_str(msgflg)
	@_SYSCALL_MSGRCV_ARGSTR
}

/* kernel 3.5+, but undesirable because it affects all syscalls */
probe tp_syscall.compat_sys_msgrcv = kernel.trace("sys_enter")
{
	__set_syscall_pt_regs($regs)
	@__compat_syscall_gate(@const("__NR_compat_ipc"))
	if ((uint_arg(1) & 0xffff) != @const("MSGRCV")) next;
	@_SYSCALL_MSGRCV_NAME
	@__ND_SYSCALL_COMPAT_IPC_MSGRCV_CODE
	msgtyp = _stp_compat_msgrcv_msgtyp(__uptr, __version, int_arg(6))
	msgflg_str = _stp_msgflg_str(msgflg)
	@_SYSCALL_MSGRCV_ARGSTR
}

probe nd_syscall.compat_sys_msgrcv.return = nd1_syscall.compat_sys_msgrcv.return!, nd2_syscall.compat_sys_msgrcv.return!, tp_syscall.compat_sys_msgrcv.return
  { }
  
probe nd1_syscall.compat_sys_msgrcv.return =
	__nd1_syscall.compat_sys_msgrcv.return ?,
	__nd1_syscall.compat_ipc.msgrcv.return ?
{
	@_SYSCALL_MSGRCV_NAME
	@SYSC_RETVALSTR(returnval())
}
probe __nd1_syscall.compat_sys_msgrcv.return =
	kprobe.function("compat_sys_msgrcv").return ?
{
	@__compat_syscall_gate_negative(@const("__NR_compat_ipc"))
}
probe __nd1_syscall.compat_ipc.msgrcv.return =
	kprobe.function("compat_sys_ipc").return ?,
	kprobe.function("sys32_ipc").return ?
{
	if ((@entry(__asmlinkage_int_arg(1)) & 0xffff) != @const("MSGRCV")) next;
}

/* kernel 4.17+ */
probe nd2_syscall.compat_sys_msgrcv.return =
	kprobe.function(@arch_syscall_prefix "compat_sys_ipc").return ?
{
	__set_syscall_pt_regs(@entry(pointer_arg(1)))
	if ((uint_arg(1) & 0xffff) != @const("MSGRCV")) next;
	@_SYSCALL_MSGRCV_NAME
	@SYSC_RETVALSTR(returnval())
}

/* kernel 3.5+, but undesirable because it affects all syscalls */
probe tp_syscall.compat_sys_msgrcv.return = kernel.trace("sys_exit")
{
	__set_syscall_pt_regs($regs)
	@__compat_syscall_gate(@const("__NR_compat_ipc"))
	if ((uint_arg(1) & 0xffff) != @const("MSGRCV")) next;
	@_SYSCALL_MSGRCV_NAME
	@SYSC_RETVALSTR($ret)
}