관리-도구

편집 파일: sysc_sched_getparam.stp

# sched_getparam _____________________________________________ # # asmlinkage long # sys_sched_getparam(pid_t pid, # struct sched_param __user *param) # @define _SYSCALL_SCHED_GETPARAM_NAME %( name = "sched_getparam" %) @define _SYSCALL_SCHED_GETPARAM_ARGSTR %( argstr = sprintf("%d, %p", pid, p_uaddr) %) @define _SYSCALL_SCHED_GETPARAM_REGARGS %( pid = int_arg(1) p_uaddr = pointer_arg(2) %) probe syscall.sched_getparam = dw_syscall.sched_getparam !, nd_syscall.sched_getparam ? {} probe syscall.sched_getparam.return = dw_syscall.sched_getparam.return !, nd_syscall.sched_getparam.return ? {} # dw_sched_getparam _____________________________________________________ probe dw_syscall.sched_getparam = kernel.function("sys_sched_getparam").call { @_SYSCALL_SCHED_GETPARAM_NAME pid = __int32($pid) p_uaddr = $param @_SYSCALL_SCHED_GETPARAM_ARGSTR } probe dw_syscall.sched_getparam.return = kernel.function("sys_sched_getparam").return { @_SYSCALL_SCHED_GETPARAM_NAME @SYSC_RETVALSTR($return) } # nd_sched_getparam _____________________________________________________ probe nd_syscall.sched_getparam = nd1_syscall.sched_getparam!, nd2_syscall.sched_getparam!, tp_syscall.sched_getparam { } probe nd1_syscall.sched_getparam = kprobe.function("sys_sched_getparam") ? { @_SYSCALL_SCHED_GETPARAM_NAME asmlinkage() @_SYSCALL_SCHED_GETPARAM_REGARGS @_SYSCALL_SCHED_GETPARAM_ARGSTR } /* kernel 4.17+ */ probe nd2_syscall.sched_getparam = kprobe.function(@arch_syscall_prefix "sys_sched_getparam") ? { __set_syscall_pt_regs(pointer_arg(1)) @_SYSCALL_SCHED_GETPARAM_NAME @_SYSCALL_SCHED_GETPARAM_REGARGS @_SYSCALL_SCHED_GETPARAM_ARGSTR } /* kernel 3.5+, but undesirable because it affects all syscalls */ probe tp_syscall.sched_getparam = kernel.trace("sys_enter") { __set_syscall_pt_regs($regs) @__syscall_compat_gate(@const("__NR_sched_getparam"), @const("__NR_compat_sched_getparam")) @_SYSCALL_SCHED_GETPARAM_NAME @_SYSCALL_SCHED_GETPARAM_REGARGS @_SYSCALL_SCHED_GETPARAM_ARGSTR } probe nd_syscall.sched_getparam.return = nd1_syscall.sched_getparam.return!, nd2_syscall.sched_getparam.return!, tp_syscall.sched_getparam.return { } probe nd1_syscall.sched_getparam.return = kprobe.function("sys_sched_getparam").return ? { @_SYSCALL_SCHED_GETPARAM_NAME @SYSC_RETVALSTR(returnval()) } /* kernel 4.17+ */ probe nd2_syscall.sched_getparam.return = kprobe.function(@arch_syscall_prefix "sys_sched_getparam").return ? { @_SYSCALL_SCHED_GETPARAM_NAME @SYSC_RETVALSTR(returnval()) } /* kernel 3.5+, but undesirable because it affects all syscalls */ probe tp_syscall.sched_getparam.return = kernel.trace("sys_exit") { __set_syscall_pt_regs($regs) @__syscall_compat_gate(@const("__NR_sched_getparam"), @const("__NR_compat_sched_getparam")) @_SYSCALL_SCHED_GETPARAM_NAME @SYSC_RETVALSTR($ret) }