Server : Apache System : Linux server2.corals.io 4.18.0-348.2.1.el8_5.x86_64 #1 SMP Mon Nov 15 09:17:08 EST 2021 x86_64 User : corals ( 1002) PHP Version : 7.4.33 Disable Function : exec,passthru,shell_exec,system Directory : /opt/rh/gcc-toolset-11/root/usr/share/systemtap/tapset/linux/ |
# utimes _____________________________________________________
#
# long sys_utimes(char __user * filename, struct timeval __user * utimes)
#
@define _SYSCALL_UTIMES_NAME
%(
name = "utimes"
%)
@define _SYSCALL_UTIMES_ARGSTR
%(
argstr = sprintf("%s, %s", filename, tvp_uaddr_str)
%)
@define _SYSCALL_UTIMES_REGARGS
%(
filename_uaddr = pointer_arg(1)
filename = user_string_quoted(filename_uaddr)
filename_unquoted = user_string_nofault(pointer_arg(1))
tvp_uaddr = pointer_arg(2)
tvp_uaddr_str = _struct_timeval_u(tvp_uaddr, 2)
%)
@define _SYSCALL_UTIMES_REGARGS_STORE
%(
if (@probewrite(filename_uaddr))
set_pointer_arg(1, filename_uaddr)
if (@probewrite(filename_unquoted))
set_user_string_arg(pointer_arg(1), filename_unquoted)
if (@probewrite(tvp_uaddr))
set_pointer_arg(2, tvp_uaddr)
%)
@define _SYSCALL_COMPAT_SYS_UTIMES_REGARGS
%(
filename = user_string_quoted(pointer_arg(1))
filename_unquoted = user_string_nofault(pointer_arg(1))
timeval = pointer_arg(2)
tvp_uaddr_str = _struct_compat_timeval_u(timeval, 2)
%)
@define _SYSCALL_COMPAT_SYS_UTIMES_REGARGS_STORE
%(
if (@probewrite(filename_unquoted))
set_user_string_arg(pointer_arg(1), filename_unquoted)
if (@probewrite(timeval))
set_pointer_arg(2, timeval)
%)
probe syscall.utimes = dw_syscall.utimes !, nd_syscall.utimes ? {}
probe syscall.utimes.return = dw_syscall.utimes.return !,
nd_syscall.utimes.return ? {}
# dw_utimes _____________________________________________________
probe dw_syscall.utimes = kernel.function("sys_utimes").call
{
@_SYSCALL_UTIMES_NAME
filename_uaddr = $filename
filename = user_string_quoted($filename)
tvp_uaddr = $utimes
tvp_uaddr_str = _struct_timeval_u(tvp_uaddr, 2)
@_SYSCALL_UTIMES_ARGSTR
}
probe dw_syscall.utimes.return = kernel.function("sys_utimes").return
{
@_SYSCALL_UTIMES_NAME
@SYSC_RETVALSTR($return)
}
# nd_utimes _____________________________________________________
probe nd_syscall.utimes = nd1_syscall.utimes!, nd2_syscall.utimes!, tp_syscall.utimes
{ }
probe nd1_syscall.utimes = kprobe.function("sys_utimes") ?
{
@_SYSCALL_UTIMES_NAME
asmlinkage()
@_SYSCALL_UTIMES_REGARGS
@_SYSCALL_UTIMES_ARGSTR
}
/* kernel 4.17+ */
probe nd2_syscall.utimes = kprobe.function(@arch_syscall_prefix "sys_utimes") ?
{
__set_syscall_pt_regs(pointer_arg(1))
@_SYSCALL_UTIMES_NAME
@_SYSCALL_UTIMES_REGARGS
@_SYSCALL_UTIMES_ARGSTR
},
{
%( @_IS_SREG_KERNEL %? @_SYSCALL_UTIMES_REGARGS_STORE %)
}
/* kernel 3.5+, but undesirable because it affects all syscalls */
probe tp_syscall.utimes = kernel.trace("sys_enter")
{
__set_syscall_pt_regs($regs)
@__syscall_gate(@const("__NR_utimes"))
@_SYSCALL_UTIMES_NAME
@_SYSCALL_UTIMES_REGARGS
@_SYSCALL_UTIMES_ARGSTR
},
{
%( @_IS_SREG_KERNEL %? @_SYSCALL_UTIMES_REGARGS_STORE %)
}
probe nd_syscall.utimes.return = nd1_syscall.utimes.return!, nd2_syscall.utimes.return!, tp_syscall.utimes.return
{ }
probe nd1_syscall.utimes.return = kprobe.function("sys_utimes").return ?
{
@_SYSCALL_UTIMES_NAME
@SYSC_RETVALSTR(returnval())
}
/* kernel 4.17+ */
probe nd2_syscall.utimes.return = kprobe.function(@arch_syscall_prefix "sys_utimes").return ?
{
@_SYSCALL_UTIMES_NAME
@SYSC_RETVALSTR(returnval())
}
/* kernel 3.5+, but undesirable because it affects all syscalls */
probe tp_syscall.utimes.return = kernel.trace("sys_exit")
{
__set_syscall_pt_regs($regs)
@__syscall_gate(@const("__NR_utimes"))
@_SYSCALL_UTIMES_NAME
@SYSC_RETVALSTR($ret)
}
# compat_sys_utimes ________________________________________
#
# long compat_sys_utimes(char __user *filename, struct compat_timeval __user *t)
#
probe syscall.compat_sys_utimes = dw_syscall.compat_sys_utimes !,
nd_syscall.compat_sys_utimes ? {}
probe syscall.compat_sys_utimes.return = dw_syscall.compat_sys_utimes.return !,
nd_syscall.compat_sys_utimes.return ? {}
# dw_compat_sys_utimes _____________________________________________________
probe dw_syscall.compat_sys_utimes = kernel.function("compat_sys_utimes").call ?
{
@_SYSCALL_UTIMES_NAME
filename = user_string_quoted(@__pointer($filename))
timeval = @__pointer($t)
tvp_uaddr_str = _struct_compat_timeval_u(timeval, 2)
@_SYSCALL_UTIMES_ARGSTR
}
probe dw_syscall.compat_sys_utimes.return = kernel.function("compat_sys_utimes").return ?
{
@_SYSCALL_UTIMES_NAME
@SYSC_RETVALSTR($return)
}
# nd_compat_sys_utimes _____________________________________________________
probe nd_syscall.compat_sys_utimes = nd1_syscall.compat_sys_utimes!, nd2_syscall.compat_sys_utimes!, tp_syscall.compat_sys_utimes
{ }
probe nd1_syscall.compat_sys_utimes = kprobe.function("compat_sys_utimes") ?
{
@_SYSCALL_UTIMES_NAME
asmlinkage()
@_SYSCALL_COMPAT_SYS_UTIMES_REGARGS
@_SYSCALL_UTIMES_ARGSTR
}
/* kernel 4.17+ */
probe nd2_syscall.compat_sys_utimes = kprobe.function(@arch_syscall_prefix "compat_sys_utimes") ?
{
__set_syscall_pt_regs(pointer_arg(1))
@_SYSCALL_UTIMES_NAME
@_SYSCALL_COMPAT_SYS_UTIMES_REGARGS
@_SYSCALL_UTIMES_ARGSTR
},
{
%( @_IS_SREG_KERNEL %? @_SYSCALL_COMPAT_SYS_UTIMES_REGARGS_STORE %)
}
/* kernel 3.5+, but undesirable because it affects all syscalls */
probe tp_syscall.compat_sys_utimes = kernel.trace("sys_enter")
{
__set_syscall_pt_regs($regs)
@__compat_syscall_gate(@const("__NR_compat_utimes"))
@_SYSCALL_UTIMES_NAME
@_SYSCALL_COMPAT_SYS_UTIMES_REGARGS
@_SYSCALL_UTIMES_ARGSTR
},
{
%( @_IS_SREG_KERNEL %? @_SYSCALL_COMPAT_SYS_UTIMES_REGARGS_STORE %)
}
probe nd_syscall.compat_sys_utimes.return = nd1_syscall.compat_sys_utimes.return!, nd2_syscall.compat_sys_utimes.return!, tp_syscall.compat_sys_utimes.return
{ }
probe nd1_syscall.compat_sys_utimes.return = kprobe.function("compat_sys_utimes").return ?
{
@_SYSCALL_UTIMES_NAME
@SYSC_RETVALSTR(returnval())
}
/* kernel 4.17+ */
probe nd2_syscall.compat_sys_utimes.return = kprobe.function(@arch_syscall_prefix "compat_sys_utimes").return ?
{
@_SYSCALL_UTIMES_NAME
@SYSC_RETVALSTR(returnval())
}
/* kernel 3.5+, but undesirable because it affects all syscalls */
probe tp_syscall.compat_sys_utimes.return = kernel.trace("sys_exit")
{
__set_syscall_pt_regs($regs)
@__compat_syscall_gate(@const("__NR_compat_utimes"))
@_SYSCALL_UTIMES_NAME
@SYSC_RETVALSTR($ret)
}