blob: 0f60087583d8f7b09c38f4ac024fafb9ccc823f4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
#!/bin/sh
# SPDX-License-Identifier: GPL-2.0
# description: Kprobe event user-memory access
[ -f kprobe_events ] || exit_unsupported # this is configurable
grep -q '\$arg<N>' README || exit_unresolved # depends on arch
grep -A10 "fetcharg:" README | grep -q 'ustring' || exit_unsupported
grep -A10 "fetcharg:" README | grep -q '\[u\]<offset>' || exit_unsupported
:;: "user-memory access syntax and ustring working on user memory";:
echo 'p:myevent do_sys_open path=+0($arg2):ustring path2=+u0($arg2):string' \
> kprobe_events
grep myevent kprobe_events | \
grep -q 'path=+0($arg2):ustring path2=+u0($arg2):string'
echo 1 > events/kprobes/myevent/enable
echo > /dev/null
echo 0 > events/kprobes/myevent/enable
grep myevent trace | grep -q 'path="/dev/null" path2="/dev/null"'
:;: "user-memory access syntax and ustring not working with kernel memory";:
echo 'p:myevent vfs_symlink path=+0($arg3):ustring path2=+u0($arg3):string' \
> kprobe_events
echo 1 > events/kprobes/myevent/enable
ln -s foo $TMPDIR/bar
echo 0 > events/kprobes/myevent/enable
grep myevent trace | grep -q 'path=(fault) path2=(fault)'
exit 0
|