Server : Apache System : Linux server2.corals.io 4.18.0-348.2.1.el8_5.x86_64 #1 SMP Mon Nov 15 09:17:08 EST 2021 x86_64 User : corals ( 1002) PHP Version : 7.4.33 Disable Function : exec,passthru,shell_exec,system Directory : /opt/rh/gcc-toolset-11/root/usr/share/systemtap/tapset/linux/ |
# shmat ______________________________________________________
#
# long sys_shmat(int shmid, char __user *shmaddr, int shmflg)
#
@define _SYSCALL_SHMAT_NAME
%(
name = "shmat"
%)
@define _SYSCALL_SHMAT_ARGSTR
%(
argstr = sprintf("%d, %p, %s", shmid, shmaddr_uaddr, shmflg_str)
%)
@define _SYSCALL_SHMAT_REGARGS
%(
shmid = int_arg(1)
shmaddr_uaddr = pointer_arg(2)
shmflg = int_arg(3)
shmflg_str = _shmat_flags_str(shmflg)
%)
@define _SYSCALL_SHMAT_REGARGS_STORE
%(
if (@probewrite(shmid))
set_int_arg(1, shmid)
if (@probewrite(shmaddr_uaddr))
set_pointer_arg(2, shmaddr_uaddr)
if (@probewrite(shmflg))
set_int_arg(3, shmflg)
%)
@define _SYSCALL_IPC_SHMAT_REGARGS
%(
shmid = int_arg(2)
shmaddr_uaddr = pointer_arg(5)
shmflg = int_arg(3)
shmflg_str = _shmat_flags_str(shmflg)
%)
@define _SYSCALL_IPC_SHMAT_REGARGS_STORE
%(
if (@probewrite(shmid))
set_int_arg(2, shmid)
if (@probewrite(shmaddr_uaddr))
set_pointer_arg(5, shmaddr_uaddr)
if (@probewrite(shmflg))
set_int_arg(3, shmflg)
%)
probe syscall.shmat = dw_syscall.shmat !, nd_syscall.shmat ? {}
probe syscall.shmat.return = dw_syscall.shmat.return !, nd_syscall.shmat.return ? {}
# dw_shmat _____________________________________________________
probe dw_syscall.shmat = kernel.function("sys_shmat").call ?
{
@_SYSCALL_SHMAT_NAME
shmid = $shmid
shmaddr_uaddr = $shmaddr
shmflg = $shmflg
shmflg_str = _shmat_flags_str(shmflg)
@_SYSCALL_SHMAT_ARGSTR
}
probe dw_syscall.shmat.return = kernel.function("sys_shmat").return ?
{
@_SYSCALL_SHMAT_NAME
@SYSC_RETVALSTR($return)
}
# nd_shmat _____________________________________________________
probe nd_syscall.shmat = nd1_syscall.shmat!, nd2_syscall.shmat!, tp_syscall.shmat
{ }
probe nd1_syscall.shmat = kprobe.function("sys_shmat") ?
{
@_SYSCALL_SHMAT_NAME
asmlinkage()
@_SYSCALL_SHMAT_REGARGS
@_SYSCALL_SHMAT_ARGSTR
}
/* kernel 4.17+ */
probe nd2_syscall.shmat = kprobe.function(@arch_syscall_prefix "sys_shmat") ?
{
__set_syscall_pt_regs(pointer_arg(1))
@_SYSCALL_SHMAT_NAME
@_SYSCALL_SHMAT_REGARGS
@_SYSCALL_SHMAT_ARGSTR
},
{
%( @_IS_SREG_KERNEL %? @_SYSCALL_SHMAT_REGARGS_STORE %)
}
/* kernel 3.5+, but undesirable because it affects all syscalls */
probe tp_syscall.shmat = kernel.trace("sys_enter")
{
__set_syscall_pt_regs($regs)
@__syscall_gate(@const("__NR_shmat"))
@_SYSCALL_SHMAT_NAME
@_SYSCALL_SHMAT_REGARGS
@_SYSCALL_SHMAT_ARGSTR
},
{
%( @_IS_SREG_KERNEL %? @_SYSCALL_SHMAT_REGARGS_STORE %)
}
probe nd_syscall.shmat.return = nd1_syscall.shmat.return!, nd2_syscall.shmat.return!, tp_syscall.shmat.return
{ }
probe nd1_syscall.shmat.return = kprobe.function("sys_shmat").return ?
{
@_SYSCALL_SHMAT_NAME
@SYSC_RETVALSTR(returnval())
}
/* kernel 4.17+ */
probe nd2_syscall.shmat.return = kprobe.function(@arch_syscall_prefix "sys_shmat").return ?
{
@_SYSCALL_SHMAT_NAME
@SYSC_RETVALSTR(returnval())
}
/* kernel 3.5+, but undesirable because it affects all syscalls */
probe tp_syscall.shmat.return = kernel.trace("sys_exit")
{
__set_syscall_pt_regs($regs)
@__syscall_gate(@const("__NR_shmat"))
@_SYSCALL_SHMAT_NAME
@SYSC_RETVALSTR($ret)
}
# compat_sys_shmat ________________________________________
#
# long compat_sys_shmat(int first, int second, compat_uptr_t third,
# int version, void __user *uptr)
# COMPAT_SYSCALL_DEFINE3(shmat, int, shmid, compat_uptr_t, shmaddr,
# int, shmflg)
#
probe syscall.compat_sys_shmat = dw_syscall.compat_sys_shmat !,
nd_syscall.compat_sys_shmat ? {}
probe syscall.compat_sys_shmat.return = dw_syscall.compat_sys_shmat.return !,
nd_syscall.compat_sys_shmat.return ? {}
# dw_compat_sys_shmat _____________________________________________________
probe dw_syscall.compat_sys_shmat = kernel.function("compat_sys_shmat").call ?
{
@_SYSCALL_SHMAT_NAME
%( systemtap_v < "2.3" %?
first = @choose_defined($shmid, $first)
second = @choose_defined($shmflg, $second)
third = @choose_defined($third, 0)
uptr_uaddr = @choose_defined($shmaddr, $uptr)
%)
shmid = @choose_defined($shmid, $first)
shmaddr_uaddr = @choose_defined($shmaddr, $uptr)
shmflg = @choose_defined($shmflg, $second)
shmflg_str = _shmat_flags_str(shmflg)
@_SYSCALL_SHMAT_ARGSTR
}
probe dw_syscall.compat_sys_shmat.return = kernel.function("compat_sys_shmat").return ?
{
@_SYSCALL_SHMAT_NAME
@SYSC_RETVALSTR($return)
}
# nd_compat_sys_shmat _____________________________________________________
probe nd_syscall.compat_sys_shmat = nd1_syscall.compat_sys_shmat!, nd2_syscall.compat_sys_shmat!, tp_syscall.compat_sys_shmat
{ }
probe nd1_syscall.compat_sys_shmat = kprobe.function("compat_sys_shmat") ?
{
@_SYSCALL_SHMAT_NAME
%( systemtap_v < "2.3" %?
first = int_arg(1)
second = int_arg(2)
third = u32_arg(3)
uptr_uaddr = pointer_arg(5)
%)
shmid = int_arg(1)
%( kernel_v > "3.9" || CONFIG_ARCH_WANT_OLD_COMPAT_IPC == "y" %?
shmflg = int_arg(3)
shmaddr_uaddr = pointer_arg(2)
%:
shmflg = int_arg(2)
shmaddr_uaddr = pointer_arg(5)
%)
shmflg_str = _shmat_flags_str(shmflg)
@_SYSCALL_SHMAT_ARGSTR
}
/* kernel 4.17+ */
probe nd2_syscall.compat_sys_shmat =
kprobe.function(@arch_syscall_prefix "compat_sys_ipc") ?
{
__set_syscall_pt_regs(pointer_arg(1))
if (int_arg(1) != @const("SHMAT")) next;
@_SYSCALL_SHMAT_NAME
@_SYSCALL_IPC_SHMAT_REGARGS
@_SYSCALL_SHMAT_ARGSTR
},
{
%( @_IS_SREG_KERNEL %? @_SYSCALL_IPC_SHMAT_REGARGS_STORE %)
}
/* kernel 3.5+, but undesirable because it affects all syscalls */
probe tp_syscall.compat_sys_shmat = kernel.trace("sys_enter")
{
__set_syscall_pt_regs($regs)
@__compat_syscall_gate(@const("__NR_compat_ipc"))
if (int_arg(1) != @const("SHMAT")) next;
@_SYSCALL_SHMAT_NAME
@_SYSCALL_IPC_SHMAT_REGARGS
@_SYSCALL_SHMAT_ARGSTR
},
{
%( @_IS_SREG_KERNEL %? @_SYSCALL_IPC_SHMAT_REGARGS_STORE %)
}
probe nd_syscall.compat_sys_shmat.return = nd1_syscall.compat_sys_shmat.return!, nd2_syscall.compat_sys_shmat.return!, tp_syscall.compat_sys_shmat.return
{ }
probe nd1_syscall.compat_sys_shmat.return = kprobe.function("compat_sys_shmat").return ?
{
@_SYSCALL_SHMAT_NAME
@SYSC_RETVALSTR(returnval())
}
/* kernel 4.17+ */
probe nd2_syscall.compat_sys_shmat.return =
kprobe.function(@arch_syscall_prefix "compat_sys_ipc").return ?
{
__set_syscall_pt_regs(@entry(pointer_arg(1)))
if (int_arg(1) != @const("SHMAT")) next;
@_SYSCALL_SHMAT_NAME
@SYSC_RETVALSTR(returnval())
}
/* kernel 3.5+, but undesirable because it affects all syscalls */
probe tp_syscall.compat_sys_shmat.return = kernel.trace("sys_exit")
{
__set_syscall_pt_regs($regs)
@__compat_syscall_gate(@const("__NR_compat_ipc"))
if (int_arg(1) != @const("SHMAT")) next;
@_SYSCALL_SHMAT_NAME
@SYSC_RETVALSTR($ret)
}