Server : Apache System : Linux server2.corals.io 4.18.0-348.2.1.el8_5.x86_64 #1 SMP Mon Nov 15 09:17:08 EST 2021 x86_64 User : corals ( 1002) PHP Version : 7.4.33 Disable Function : exec,passthru,shell_exec,system Directory : /proc/self/root/opt/rh/gcc-toolset-11/root/usr/share/systemtap/tapset/bpf/ |
// context tapset
// Copyright (C) 2016-2021 Red Hat Inc.
//
// This file is part of systemtap, and is free software. You can
// redistribute it and/or modify it under the terms of the GNU General
// Public License (GPL); either version 2, or (at your option) any
// later version.
/**
* sfunction execname - Returns the execname of a target process (or group of processes)
*
* Description: Returns the execname of a target process (or group of processes).
*/
function execname:string ()
%{ /* bpf */ /* pure */ /* unprivileged */ /* stable */
/* buf = bpf_stk_alloc(BPF_MAXSTRINGLEN);
buf[0] = 0x0; // guarantee NUL byte
rc = get_current_comm(buf, BPF_MAXSTRINGLEN); */
alloc, $buf, BPF_MAXSTRINGLEN;
0x62, $buf, -, -, 0x0; /* stw [$buf+0], 0x0 -- guarantee NUL byte */
call, $rc, get_current_comm, $buf, BPF_MAXSTRINGLEN;
/* if (rc < 0) return err_msg;
return buf; */
0xc5, $rc, -, _err, 0; /* jslt $rc, 0, _err */
0xbf, $$, $buf, -, -; /* mov $$, $buf */
0x05, -, -, _done, -; /* ja _done */
label, _err;
0xbf, $$, "<unknown>", -, -; /* mov $$, <unknown> */
label, _done;
%}
// TODO: pexecname ()
/**
* sfunction pid - Returns the ID of a thread group
*
* Description: This function returns the userspace pid / kernel tgid
* of a target process.
*/
function pid:long ()
%{ /* bpf */ /* pure */ /* unprivileged */ /* stable */
/* BPF_FUNC_get_current_pid_tgid returns tgid << 32 | pid */
0x85, 0, 0, 0, 14; /* call BPF_FUNC_get_current_pid_tgid */
0xbf, $$, 0, 0, 0; /* movx $$, r0 */
0x77, $$, 0, 0, 32 /* rshk $$, 32 */
%}
// TODO: ns_pid:long ()
/**
* sfunction tid - Returns the thread ID of a target process
*
* Description: This function returns the userspace tid / kernel pid
* of a target process.
*/
function tid:long ()
%{ /* bpf */ /* pure */ /* unprivileged */ /* stable */
/* BPF_FUNC_get_current_pid_tgid returns tgid << 32 | pid */
0x85, 0, 0, 0, 14; /* call BPF_FUNC_get_current_pid_tgid */
0xbc, $$, 0, 0, 0 /* movwx $$, r0 */
%}
// TODO: ns_tid:long ()
// TODO: ppid:long ()
// TODO: ns_ppid:long ()
// TODO: pgrp:long ()
// TODO: ns_pgrp:long ()
// TODO: sid:long ()
// TODO: ns_sid:long ()
/**
* sfunction gid - Returns the group ID of a target process
*
* Description: This function returns the group ID of a target process.
*/
function gid:long ()
%{ /* bpf */ /* pure */ /* unprivileged */ /* stable */
/* BPF_FUNC_get_current_uid_gid returns gid << 32 | uid */
0x85, 0, 0, 0, 15; /* call BPF_FUNC_get_current_uid_gid */
0xbf, $$, 0, 0, 0; /* movx $$, r0 */
0x77, $$, 0, 0, 32 /* rshk $$, 32 */
%}
// TODO: ns_gid:long ()
// TODO: egid:long ()
// TODO: ns_egid:long ()
/**
* sfunction uid - Returns the user ID of a target process
*
* Description: This function returns the user ID of the target process.
*/
function uid:long ()
%{ /* bpf */ /* pure */ /* unprivileged */ /* stable */
/* BPF_FUNC_get_current_uid_gid returns gid << 32 | uid */
0x85, 0, 0, 0, 15; /* call BPF_FUNC_get_current_uid_gid */
0xbc, $$, 0, 0, 0 /* movwx $$, r0 */
%}
// TODO: ns_uid:long ()
// TODO: euid:long ()
// TODO: ns_euid:long ()
// XXX: is_myproc () is only relevant for unprivileged use of eBPF (still theoretical).
// TODO: Old systemtap-compat scripts should not be running on eBPF backend in the first place?
/**
* sfunction cpuid - Returns the current cpu number
*
* Description: This function returns the current cpu number.
* Deprecated in SystemTap 1.4 and removed in SystemTap 1.5.
*/
%( systemtap_v <= "1.4" %?
function cpuid:long ()
%{ /* bpf */ /* pure */
0x85, 0, 0, 0, 8; /* call BPF_FUNC_get_smp_processor_id */
0xbf, $$, 0, 0, 0 /* movx $$, r0 */
%}
%)
/**
* sfunction cpu - Returns the current cpu number
*
* Description: This function returns the current cpu number.
*/
function cpu:long ()
%{ /* bpf */ /* pure */ /* unprivileged */ /* stable */
0x85, 0, 0, 0, 8; /* call BPF_FUNC_get_smp_processor_id */
0xbf, $$, 0, 0, 0 /* movx $$, r0 */
%}
// TODO: registers_valid:long ()
// TODO: user_mode:long ()
// TODO: is_return:long ()
// TODO: target:long ()
// TODO: module_name:string ()
// XXX: module_size:string () -- not clear if this should refer to the entire .bo or to just the current eBPF routine.
// TODO: stp_pid:long ()
// XXX: remote_id:long (), remote_uri:string() -- pending an evaluation of remote eBPF execution.
// XXX: stack_size() -- not clear if this should be the eBPF stack size or the kernel stack size.
// XXX: stack_used(),stack_unused() probably a fairly ill-defined idea with the eBPF stack.
// TODO: Other context functions for info about things like eBPF maps.
// TODO: addr:long ()
// TODO: uaddr:long ()
// XXX: cmdline_args:string(n:long, m:long, delim:string) -- requires string concatenation & loops.
// TODO: cmdline_arg:string(n:long)
// XXX: cmdline_string:string() -- requires string concatenation & loops.
global _stp_target
/**
* Description: This function copies the system's target PID set with
* either -x or -c in stabpf. This function only works with the user-space
* bpf interpreter, so it runs during initialization to copy target PID value
* into a systemtap global which can be read from other more constrained
* contexts.
*/
function _stp_get_target:long ()
%{ /* bpf */ /* pure */ /* unprivileged */ /* userspace */
0x85, 0, 0, 0, -5; /* call BPF_FUNC_get_target */
0xbf, $$, 0, 0, 0 /* movx $$, r0 */
%}
probe init
{
_stp_target = _stp_get_target()
}
/**
* sfunction target - Return the process ID of the target process
*
* Description: This function returns the process ID of the target
* process. This is useful in conjunction with the -x PID or
* -c CMD command-line options to stap. An example of its use is
* to create scripts that filter on a specific process.
*
* -x <pid>
* target() returns the pid specified by -x
*
* -c <command>
* target() returns the pid for the executed command specified by -c
*/
function target:long ()
{
return _stp_target
}