관리-도구

편집 파일: sysc_select.stp

# select _____________________________________________________ # long sys_select(int n, # fd_set __user *inp, # fd_set __user *outp, # fd_set __user *exp, # struct timeval __user *tvp) # @define _SYSCALL_SELECT_NAME %( name = "select" %) @define _SYSCALL_SELECT_ARGSTR %( argstr = sprintf("%d, %p, %p, %p, %s", n, readfds_uaddr, writefds_uaddr, exceptfds_uaddr, timeout_str) %) @define _SYSCALL_SELECT_REGARGS %( n = int_arg(1) readfds_uaddr = pointer_arg(2) writefds_uaddr = pointer_arg(3) exceptfds_uaddr = pointer_arg(4) timeout_uaddr = pointer_arg(5) %) probe syscall.select = dw_syscall.select !, nd_syscall.select ? {} probe syscall.select.return = dw_syscall.select.return !, nd_syscall.select.return ? {} # dw_select _____________________________________________________ probe dw_syscall.select = kernel.function("sys_select").call { @_SYSCALL_SELECT_NAME n = __int32($n) readfds_uaddr = $inp writefds_uaddr = $outp exceptfds_uaddr = $exp timeout_uaddr = $tvp timeout_str = _struct_timeval_u(timeout_uaddr, 1) @_SYSCALL_SELECT_ARGSTR } probe dw_syscall.select.return = kernel.function("sys_select").return { @_SYSCALL_SELECT_NAME @SYSC_RETVALSTR($return) } # nd_select _____________________________________________________ probe nd_syscall.select = nd1_syscall.select!, nd2_syscall.select!, tp_syscall.select { } probe nd1_syscall.select = kprobe.function("sys_select") ? { @_SYSCALL_SELECT_NAME asmlinkage() @_SYSCALL_SELECT_REGARGS timeout_str = _struct_timeval_u(timeout_uaddr, 1) @_SYSCALL_SELECT_ARGSTR } /* kernel 4.17+ */ probe nd2_syscall.select = kprobe.function(@arch_syscall_prefix "sys_select") ? { __set_syscall_pt_regs(pointer_arg(1)) @_SYSCALL_SELECT_NAME @_SYSCALL_SELECT_REGARGS timeout_str = _struct_timeval_u(timeout_uaddr, 1) @_SYSCALL_SELECT_ARGSTR } /* kernel 3.5+, but undesirable because it affects all syscalls */ probe tp_syscall.select = kernel.trace("sys_enter") { __set_syscall_pt_regs($regs) @__syscall_gate2(@const("__NR_select"), @const("__NR__newselect")) @_SYSCALL_SELECT_NAME @_SYSCALL_SELECT_REGARGS timeout_str = _struct_timeval_u(timeout_uaddr, 1) @_SYSCALL_SELECT_ARGSTR } probe nd_syscall.select.return = nd1_syscall.select.return!, nd2_syscall.select.return!, tp_syscall.select.return { } probe nd1_syscall.select.return = kprobe.function("sys_select").return ? { @_SYSCALL_SELECT_NAME @SYSC_RETVALSTR(returnval()) } /* kernel 4.17+ */ probe nd2_syscall.select.return = kprobe.function(@arch_syscall_prefix "sys_select").return ? { @_SYSCALL_SELECT_NAME @SYSC_RETVALSTR(returnval()) } /* kernel 3.5+, but undesirable because it affects all syscalls */ probe tp_syscall.select.return = kernel.trace("sys_exit") { __set_syscall_pt_regs($regs) @__syscall_gate2(@const("__NR_select"), @const("__NR__newselect")) @_SYSCALL_SELECT_NAME @SYSC_RETVALSTR($ret) } # long compat_sys_select(int n, # compat_ulong_t __user *inp, # compat_ulong_t __user *outp, # compat_ulong_t __user *exp, # struct compat_timeval __user *tvp) # probe syscall.compat_select = dw_syscall.compat_select !, nd_syscall.compat_select ? {} probe syscall.compat_select.return = dw_syscall.compat_select.return !, nd_syscall.compat_select.return ? {} # dw_compat_select _____________________________________________________ probe dw_syscall.compat_select = kernel.function("compat_sys_select").call ? { @_SYSCALL_SELECT_NAME n = __int32($n) readfds_uaddr = @__pointer($inp) writefds_uaddr = @__pointer($outp) exceptfds_uaddr = @__pointer($exp) timeout_uaddr = @__pointer($tvp) timeout_str = _struct_compat_timeval_u(timeout_uaddr, 1) @_SYSCALL_SELECT_ARGSTR } probe dw_syscall.compat_select.return = kernel.function("compat_sys_select").return ? { @_SYSCALL_SELECT_NAME @SYSC_RETVALSTR($return) } # nd_compat_select _____________________________________________________ probe nd_syscall.compat_select = nd1_syscall.compat_select!, nd2_syscall.compat_select!, tp_syscall.compat_select { } probe nd1_syscall.compat_select = kprobe.function("compat_sys_select") ? { @_SYSCALL_SELECT_NAME asmlinkage() @_SYSCALL_SELECT_REGARGS timeout_str = _struct_compat_timeval_u(timeout_uaddr, 1) @_SYSCALL_SELECT_ARGSTR } /* kernel 4.17+ */ probe nd2_syscall.compat_select = kprobe.function(@arch_syscall_prefix "compat_sys_select") ? { __set_syscall_pt_regs(pointer_arg(1)) @_SYSCALL_SELECT_NAME @_SYSCALL_SELECT_REGARGS timeout_str = _struct_compat_timeval_u(timeout_uaddr, 1) @_SYSCALL_SELECT_ARGSTR } /* kernel 3.5+, but undesirable because it affects all syscalls */ probe tp_syscall.compat_select = kernel.trace("sys_enter") { __set_syscall_pt_regs($regs) @__compat_syscall_gate(@const("__NR_compat__newselect")) @_SYSCALL_SELECT_NAME @_SYSCALL_SELECT_REGARGS timeout_str = _struct_compat_timeval_u(timeout_uaddr, 1) @_SYSCALL_SELECT_ARGSTR } probe nd_syscall.compat_select.return = nd1_syscall.compat_select.return!, nd2_syscall.compat_select.return!, tp_syscall.compat_select.return { } probe nd1_syscall.compat_select.return = kprobe.function("compat_sys_select").return ? { @_SYSCALL_SELECT_NAME @SYSC_RETVALSTR(returnval()) } /* kernel 4.17+ */ probe nd2_syscall.compat_select.return = kprobe.function(@arch_syscall_prefix "compat_sys_select").return ? { @_SYSCALL_SELECT_NAME @SYSC_RETVALSTR(returnval()) } /* kernel 3.5+, but undesirable because it affects all syscalls */ probe tp_syscall.compat_select.return = kernel.trace("sys_exit") { __set_syscall_pt_regs($regs) @__compat_syscall_gate(@const("__NR_compat__newselect")) @_SYSCALL_SELECT_NAME @SYSC_RETVALSTR($ret) }