clock_gettime¶

Intro¶

clock_gettime - Retrieve the current time of a specific clock

Description¶

clock_gettime() retrieves the current time from the clock specified by clockid. The tp argument is a pointer to a struct timespec, in which the current time is stored. It supports the following clock ids: - CLOCK_REALTIME: system-wide realtime clock - CLOCK_MONOTONIC: system-wide monotonically increasing clock - CLOCK_PROCESS_CPUTIME_ID: per-process accounting clock - CLOCK_THREAD_CPUTIME_ID: per-thread accounting clock

Using clock_gettime() is a much more accurate approach than calling time() to retrieve the current time, as the latter will return the timestamp of the System Time Zone.

Arguments¶

clockid:const clockid_t[K] - Id of the clock whose current time should be retrieved.
tp:struct timespec*[KU] - Pointer to a timespec structure where the current time will be stored.

Available Tags¶

K - Originated from kernel-space.
U - Originated from user space (for example, pointer to user space memory used to get it)
TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
OPT - Optional argument - might not always be available (passed with null value)

Hooks¶

sys_clock_gettime¶

Type¶

Kprobe

Purpose¶

Capture all calls to clock_gettime and monitor the process that calls it.

Example Use Case¶

Monitoring the wall clock time of a process and calculating the total execution time.

Issues¶

This API may suffer from resource contention when multiple processes call it simultaneously.

N/A

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.