Skip to content

eventfd2

Intro

eventfd2 - create/get an eventfd file descriptor for improved asynchronous handling of events.

Description

eventfd2 creates an "eventfd" object that can be used as an event wait/notify mechanism by user-space applications, and by the kernel to notify user-space applications of events. It is similar to the pipe system call, but the read/write operations on /dev/eventfd are atomic. The initval argument is a initial value of the counter; The flags argument is a bitmask of flags that affects the semantics of the create.

Arguments

  • initval:unsigned int[U] - the initial value of the counter.
  • flags:int[U] - a bitmask which can be set to request specific eventfd features and/or classes of behavior.

Available Tags

  • K - Originated from kernel-space.
  • U - Originated from user space (for example, pointer to user space memory used to get it)
  • TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
  • OPT - Optional argument - might not always be available (passed with null value)

Hooks

sys_eventfd2

Type

Kprobe

Purpose

To track the execution of eventfd2 syscall.

Example Use Case

An application may use an eventfd object as a notification of an event, for example an overflow of a threshold, by setting initval to zero, and storing the count that triggered the event in the user space, each time the kernel reads the count, it will add the trigger count and set the counter to the initial value.

Issues

None.

pipe(), poll()

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.