systemtap-common 1.6-1ubuntu1 / usr / share / systemtap / tapset / i386 / registers.stp

This file is indexed.

/usr/share/systemtap/tapset/i386/registers.stp is in systemtap-common 1.6-1ubuntu1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
global _reg_offsets, _stp_regs_registered, _sp_offset, _ss_offset

function test_x86_gs:long() %{ /* pure */
#ifdef STAPCONF_X86_GS
	THIS->__retvalue = 1;
#else
	THIS->__retvalue = 0;
#endif
%}

function _stp_register_regs() {

	/* Same order as pt_regs */
	_reg_offsets["ebx"] =  0		_reg_offsets["bx"] =  0
	_reg_offsets["ecx"] =  4		_reg_offsets["cx"] =  4
	_reg_offsets["edx"] =  8		_reg_offsets["dx"] =  8
	_reg_offsets["esi"] = 12		_reg_offsets["si"] = 12
	_reg_offsets["edi"] = 16		_reg_offsets["di"] = 16
	_reg_offsets["ebp"] = 20		_reg_offsets["bp"] = 20
	_reg_offsets["eax"] = 24		_reg_offsets["ax"] = 24
	_reg_offsets["xds"] = 28		_reg_offsets["ds"] = 28
	_reg_offsets["xes"] = 32		_reg_offsets["es"] = 32
	_reg_offsets["xfs"] = 36		_reg_offsets["fs"] = 36
	gs_incr = 0
if (test_x86_gs()) {
	gs_incr = 4
	_reg_offsets["xgs"] = 40		_reg_offsets["gs"] = 40
}
	_reg_offsets["orig_eax"] = 40 + gs_incr	_reg_offsets["orig_ax"] = 40 + gs_incr
	_reg_offsets["eip"] = 44 + gs_incr	_reg_offsets["ip"] = 44 + gs_incr
	_reg_offsets["xcs"] = 48 + gs_incr	_reg_offsets["cs"] = 48 + gs_incr
	_reg_offsets["eflags"] = 52 + gs_incr	_reg_offsets["flags"] = 52 + gs_incr
	_reg_offsets["esp"] = 56 + gs_incr	_reg_offsets["sp"] = 56 + gs_incr
	_reg_offsets["xss"] = 60 + gs_incr	_reg_offsets["ss"] = 60 + gs_incr
	_sp_offset = 56 + gs_incr
	_ss_offset = 60 + gs_incr

	_stp_regs_registered = 1
}

function _stp_get_register_by_offset:long (offset:long) %{ /* pure */
	long value;
	if (!CONTEXT->regs) {
		CONTEXT->last_error = "No registers available in this context";
		return;
	}
	if (THIS->offset < 0 || THIS->offset > sizeof(struct pt_regs) - sizeof(long)) {
		snprintf(CONTEXT->error_buffer, sizeof(CONTEXT->error_buffer),
				"Bad register offset: %lld", THIS->offset);
		CONTEXT->last_error = CONTEXT->error_buffer;
		return;
	}
	memcpy(&value, ((char *)CONTEXT->regs) + THIS->offset, sizeof(value));
	THIS->__retvalue = value;
%}

function _stp_probing_kernel:long () %{ /* pure */
	THIS->__retvalue = !user_mode(CONTEXT->regs);
%}

/*
 * esp and ss aren't saved on a breakpoint in kernel mode, so
 * the pre-trap stack pointer is &regs->sp.
 */
function _stp_kernel_sp:long (sp_offset:long) %{ /* pure */
	THIS->__retvalue = ((long) CONTEXT->regs) + THIS->sp_offset;
%}

/* Assume ss register hasn't changed since we took the trap. */
function _stp_kernel_ss:long () %{ /* pure */
	unsigned short ss;
	asm volatile("movw %%ss, %0" : : "m" (ss));
	THIS->__retvalue = ss;
%}

/* Return the named register value as a signed value. */
function register:long (name:string) {
	if (!registers_valid()) {
		error("cannot access CPU registers in this context")
		return 0
	}
	if (!_stp_regs_registered)
		_stp_register_regs()
	offset = _reg_offsets[name]
	if (offset == 0 && !(name in _reg_offsets)) {
		error("Unknown register: " . name)
		return 0
	}
	if (_stp_probing_kernel()) {
		if (offset == _sp_offset)
			return _stp_kernel_sp(_sp_offset)
		else if (offset == _ss_offset)
			return _stp_kernel_ss()
	}
	return _stp_get_register_by_offset(offset)
}

/*
 * Return the named register value as an unsigned value.  Specifically,
 * don't sign-extend the register value when promoting it to 64 bits.
 */
function u_register:long (name:string) {
	return register(name) & 0xffffffff;
}

/* Return the value of function arg #argnum (1=first arg) as a signed value. */
function _stp_arg:long (argnum:long) %{ /* pure */
	long val;
	int n, nr_regargs, result;

	THIS->__retvalue = 0;
	if (!CONTEXT->regs) {
		snprintf(CONTEXT->error_buffer, sizeof(CONTEXT->error_buffer),
			"cannot access function args in this context");
		CONTEXT->last_error = CONTEXT->error_buffer;
		return;
	}
	if (THIS->argnum < 1)
		goto bad_argnum;
	n = (int) THIS->argnum;
	nr_regargs = _stp_get_regparm(CONTEXT->regparm, CONTEXT->regs);
	result = _stp_get_arg32_by_number(n, nr_regargs, CONTEXT->regs, &val);
	switch (result) {
	case 0:
		/* Arg is in register. */
		THIS->__retvalue = (int64_t) val;
		break;
	case 1:
		/* Arg is on kernel stack. */
		THIS->__retvalue = kread((long *) val);
		break;
	case 2:
	    {
		/* Arg is on user stack. */
	    	const char __user *vaddr = (const char __user*) val;
		if (_stp_copy_from_user((char*)&val, vaddr, sizeof(val)) != 0) {
			/* Stack page not resident. */
			_stp_warn("cannot access arg(%d) "
				"at user stack address %p\n", n, vaddr);
			THIS->__retvalue = 0;
		} else
			THIS->__retvalue = (int64_t) val;
		break;
	    }
	default:
		goto bad_argnum;
	}
	return;

bad_argnum:
	snprintf(CONTEXT->error_buffer, sizeof(CONTEXT->error_buffer),
				"cannot access arg(%lld)", THIS->argnum);
	CONTEXT->last_error = CONTEXT->error_buffer;
	return;

	if (0) {
deref_fault: /* branched to from kread() */
		snprintf (CONTEXT->error_buffer, sizeof(CONTEXT->error_buffer),
        		"kernel fault at %#lx accessing arg(%lld)", val,
			THIS->argnum);
    		CONTEXT->last_error = CONTEXT->error_buffer;
	}
%}

/* Return the value of function arg #argnum as a signed int. */
function int_arg:long (argnum:long) {
	return _stp_arg(argnum)
}

/* Return the value of function arg #argnum as an unsigned int. */
function uint_arg:long (argnum:long) {
	return _stp_arg(argnum) & 0xffffffff;
}

function long_arg:long (argnum:long) {
	return int_arg(argnum)
}

function ulong_arg:long (argnum:long) {
	return uint_arg(argnum)
}

function longlong_arg:long (argnum:long) {
	/*
	 * TODO: If argnum == nr_regarg, gcc puts the whole 64-bit arg
	 * on the stack.
	 */
	lowbits = uint_arg(argnum)
	highbits = uint_arg(argnum+1)
	return ((highbits << 32) | lowbits)
}

function ulonglong_arg:long (argnum:long) {
	return longlong_arg(argnum)
}

function pointer_arg:long (argnum:long) {
	return ulong_arg(argnum)
}

function s32_arg:long (argnum:long) {
	return int_arg(argnum)
}

function u32_arg:long (argnum:long) {
	return uint_arg(argnum)
}

function s64_arg:long (argnum:long) {
	return longlong_arg(argnum)
}

function u64_arg:long (argnum:long) {
	return ulonglong_arg(argnum)
}

function asmlinkage() %{
	CONTEXT->regparm = _STP_REGPARM | 0;
%}

function fastcall() %{
	CONTEXT->regparm = _STP_REGPARM | 3;
%}

function regparm(n:long) %{
	if (THIS->n < 0 || THIS->n > 3) {
		snprintf(CONTEXT->error_buffer, sizeof(CONTEXT->error_buffer),
			"For i386, regparm value must be in the range 0-3.");
		CONTEXT->last_error = CONTEXT->error_buffer;
	} else
		CONTEXT->regparm = _STP_REGPARM | (int) THIS->n;
%}

APT Browse - Built by Thomas Orozco.