관리-도구

편집 파일: sysc_timerfd_create.stp

# timerfd_create _____________________________________________
#
# SYSCALL_DEFINE2(timerfd_create, int, clockid, int, flags)

@define _SYSCALL_TIMERFD_CREATE_NAME
%(
	name = "timerfd_create"
%)

@define _SYSCALL_TIMERFD_CREATE_ARGSTR
%(
	argstr = sprintf("%s, %s", clockid_str, flags_str)
%)

@define _SYSCALL_TIMERFD_CREATE_REGARGS
%(
	clockid = int_arg(1)
	clockid_str = _get_wc_str(clockid)
	flags = int_arg(2)
	flags_str = _stp_timerfd_flags_str(flags)
%)

probe syscall.timerfd_create = dw_syscall.timerfd_create !,
                               nd_syscall.timerfd_create ? {}
probe syscall.timerfd_create.return = dw_syscall.timerfd_create.return !,
                                      nd_syscall.timerfd_create.return ? {}

# dw_timerfd_create _____________________________________________________

probe dw_syscall.timerfd_create = kernel.function("sys_timerfd_create").call ?
{
	@_SYSCALL_TIMERFD_CREATE_NAME
	clockid = __int32($clockid)
	clockid_str = _get_wc_str(clockid)
	flags = __int32($flags)
	flags_str = _stp_timerfd_flags_str(flags)
	@_SYSCALL_TIMERFD_CREATE_ARGSTR
}
probe dw_syscall.timerfd_create.return =
	kernel.function("sys_timerfd_create").return ?
{
	@_SYSCALL_TIMERFD_CREATE_NAME
	@SYSC_RETVALSTR($return)
}

# nd_timerfd_create _____________________________________________________

probe nd_syscall.timerfd_create = nd1_syscall.timerfd_create!, nd2_syscall.timerfd_create!, tp_syscall.timerfd_create
  { }

probe nd1_syscall.timerfd_create = kprobe.function("sys_timerfd_create").call ?
{
	@_SYSCALL_TIMERFD_CREATE_NAME
	asmlinkage()
	@_SYSCALL_TIMERFD_CREATE_REGARGS
	@_SYSCALL_TIMERFD_CREATE_ARGSTR
}

/* kernel 4.17+ */
probe nd2_syscall.timerfd_create = kprobe.function(@arch_syscall_prefix "sys_timerfd_create") ?
{
	__set_syscall_pt_regs(pointer_arg(1))
	@_SYSCALL_TIMERFD_CREATE_NAME
	@_SYSCALL_TIMERFD_CREATE_REGARGS
	@_SYSCALL_TIMERFD_CREATE_ARGSTR
}

/* kernel 3.5+, but undesirable because it affects all syscalls */
probe tp_syscall.timerfd_create = kernel.trace("sys_enter")
{
	__set_syscall_pt_regs($regs)
	@__syscall_compat_gate(@const("__NR_timerfd_create"), @const("__NR_compat_timerfd_create"))
	@_SYSCALL_TIMERFD_CREATE_NAME
	@_SYSCALL_TIMERFD_CREATE_REGARGS
	@_SYSCALL_TIMERFD_CREATE_ARGSTR
}

probe nd_syscall.timerfd_create.return = nd1_syscall.timerfd_create.return!, nd2_syscall.timerfd_create.return!, tp_syscall.timerfd_create.return
  { }

probe nd1_syscall.timerfd_create.return =
	kprobe.function("sys_timerfd_create").return ?
{
	@_SYSCALL_TIMERFD_CREATE_NAME
	@SYSC_RETVALSTR(returnval())
}

/* kernel 4.17+ */
probe nd2_syscall.timerfd_create.return =
	kprobe.function(@arch_syscall_prefix "sys_timerfd_create").return ?
{
	@_SYSCALL_TIMERFD_CREATE_NAME
	@SYSC_RETVALSTR(returnval())
}

/* kernel 3.5+, but undesirable because it affects all syscalls */
probe tp_syscall.timerfd_create.return = kernel.trace("sys_exit")
{
	__set_syscall_pt_regs($regs)
	@__syscall_compat_gate(@const("__NR_timerfd_create"), @const("__NR_compat_timerfd_create"))
	@_SYSCALL_TIMERFD_CREATE_NAME
	@SYSC_RETVALSTR($ret)
}