Server : Apache System : Linux server2.corals.io 4.18.0-348.2.1.el8_5.x86_64 #1 SMP Mon Nov 15 09:17:08 EST 2021 x86_64 User : corals ( 1002) PHP Version : 7.4.33 Disable Function : exec,passthru,shell_exec,system Directory : /opt/rh/gcc-toolset-11/root/usr/share/systemtap/tapset/linux/ |
// kernel process tapset
// Copyright (C) 2006 Intel Corporation.
// Copyright (C) 2014-2017 Red Hat Inc.
//
// This file is part of systemtap, and is free software. You can
// redistribute it and/or modify it under the terms of the GNU General
// Public License (GPL); either version 2, or (at your option) any
// later version.
// <tapsetdescription>
// This family of probe points is used to probe process-related activities.
// </tapsetdescription>
@__private30 function _IS_ERR:long(ptr:long) %{ /* pure */
STAP_RETVALUE = IS_ERR((const void *)(uintptr_t)STAP_ARG_ptr);
%}
/**
* probe kprocess.create - Fires whenever a new process or thread is successfully created
* @new_pid: The PID of the newly created process
* @new_tid: The TID of the newly created task
*
* Context:
* Parent of the created process.
*
* Fires whenever a new process is successfully created, either as a result of
* fork (or one of its syscall variants), or a new kernel thread.
*/
probe tp_kprocess.create = kernel.trace("sched:sched_process_fork") {
task = $child
if (_IS_ERR(task)) next
new_pid = task_pid(task)
new_tid = task_tid(task)
}
probe dw_kprocess.create = kernel.function("copy_process").return {
task = $return
if (_IS_ERR(task)) next
new_pid = task_pid(task)
new_tid = task_tid(task)
}
probe kprocess.create = tp_kprocess.create!, dw_kprocess.create {}
/**
* probe kprocess.start - Starting new process
*
* Context:
* Newly created process.
*
* Fires immediately before a new process begins execution.
*
*/
probe kprocess.start = kernel.function("schedule_tail") { }
/**
* probe kprocess.exec - Attempt to exec to a new program
*
* @filename: The path to the new executable
* @name: Name of the system call ("execve") (SystemTap v2.5+)
* @args: The arguments to pass to the new executable, including
* the 0th arg (SystemTap v2.5+)
* @argstr: A string containing the filename followed by the
* arguments to pass, excluding 0th arg (SystemTap v2.5+)
*
* Context:
* The caller of exec.
*
* Fires whenever a process attempts to exec to a new program. Aliased
* to the syscall.execve probe in SystemTap v2.5+.
*/
%(systemtap_v <= "2.4" %?
probe kprocess.exec =
kernel.function("do_execve"),
kernel.function("compat_do_execve") ?
{
filename = kernel_string($filename)
}
%:
probe kprocess.exec = syscall.execve
{
/*
name = "execve"
filename = user_string_quoted(@choose_defined($filename, $name))
# kernel 3.0 changed the pointer's name to __argv
__argv = @choose_defined($__argv, $argv)
args = __get_argv(__argv, 0)
argstr = sprintf("%s %s", filename, __get_argv(__argv, 1))
*/
}
%)
/**
* probe kprocess.exec_complete - Return from exec to a new program
* @errno: The error number resulting from the exec
* @success: A boolean indicating whether the exec was successful
* @name: Name of the system call ("execve") (SystemTap v2.5+)
* @retstr: A string representation of errno (SystemTap v2.5+)
*
* Context:
* On success, the context of the new executable.
* On failure, remains in the context of the caller.
*
* Fires at the completion of an exec call. Aliased to the
* syscall.execve.return probe in SystemTap v2.5+.
*/
%(systemtap_v <= "2.4" %?
probe kprocess.exec_complete =
kernel.function("do_execve").return,
kernel.function("compat_do_execve").return ?
%:
probe kprocess.exec_complete = syscall.execve.return
%)
{
errno = retval
success = (errno >= 0)
/*
name = "execve"
retstr = return_str(1, retval)
*/
}
/**
* probe kprocess.exit - Exit from process
* @code: The exit code of the process
*
* Context:
* The process which is terminating.
*
* Fires when a process terminates. This will always be followed by a
* kprocess.release, though the latter may be delayed if the process waits in a
* zombie state.
*/
probe kprocess.exit = kernel.function("do_exit") {
code = $code
}
/**
* probe kprocess.release - Process released
* @task: A task handle to the process being released
* @released_pid: PID of the process being released
* @released_tid: TID of the task being released
* @pid: Same as @released_pid for compatibility (deprecated)
*
* Context:
* The context of the parent, if it wanted notification of this process'
* termination, else the context of the process itself.
*
* Fires when a process is released from the kernel. This always follows a
* kprocess.exit, though it may be delayed somewhat if the process waits in a
* zombie state.
*/
probe kprocess.release = kernel.function("release_task") {
task = $p
%(systemtap_v <= "1.7" %?
pid = task_pid($p)
%)
released_pid = task_pid($p)
released_tid = task_tid($p)
}