#!/bin/sh # SPDX-License-Identifier: GPL-2.0 # description: Kprobe event user-memory access # requires: kprobe_events '$arg<N>':README grep -A10 "fetcharg:" README | grep -q 'ustring' || exit_unsupported grep -A10 "fetcharg:" README | grep -q '\[u\]<offset>' || exit_unsupported :;: "user-memory access syntax and ustring working on user memory";: echo 'p:myevent do_sys_open path=+0($arg2):ustring path2=+u0($arg2):string' \ > kprobe_events echo 'p:myevent2 do_sys_openat2 path=+0($arg2):ustring path2=+u0($arg2):string' \ >> kprobe_events grep myevent kprobe_events | \ grep -q 'path=+0($arg2):ustring path2=+u0($arg2):string' echo 1 > events/kprobes/myevent/enable echo 1 > events/kprobes/myevent2/enable echo > /dev/null echo 0 > events/kprobes/myevent/enable echo 0 > events/kprobes/myevent2/enable grep myevent trace | grep -q 'path="/dev/null" path2="/dev/null"' :;: "user-memory access syntax and ustring not working with kernel memory";: echo 'p:myevent vfs_symlink path=+0($arg3):ustring path2=+u0($arg3):string' \ > kprobe_events echo 1 > events/kprobes/myevent/enable ln -s foo $TMPDIR/bar echo 0 > events/kprobes/myevent/enable grep myevent trace | grep -q 'path=(fault) path2=(fault)' exit 0