Skip to content

io_getevents

Intro

io_getevents - system call which get events from the completion queue

Description

io_getevents() is a system call which can be used to retrieve events from the completion queue of specified io_context_t context, identified by ctx_id, if there was something written to the completion queue by an io_io_submit call. The number of events reads from the completion queue is equal to the returned long number, nr, which is equal to the requested maximum nr, or less if the queue doesn't have enough events. The min_nr parameter is the minimum number of events which should be available in the queue, else the call will be blocked. The events array will be filled with the events from the completion queue, or it will be allocated if the events parameter is null. Timeout will specify the time in which the call should finish, otherwise io_getevents will fail.

Arguments

  • ctx_id:io_context_t[K] - io context which will hold the completion queue.
  • min_nr:long[K] - minimum number of events which should be available in the completion queue.
  • nr:long[K] - maximum number of events which should be read from the completion queue.
  • events:struct io_event*[KU] - array which should be filled with the events from the completion queue. If the argument is null, the array will be allocated.
  • timeout:struct timespec*[K] - time in which the call should finish.

Available Tags

  • K - Originated from kernel-space.
  • U - Originated from user space (for example, pointer to user space memory used to get it)

Hooks

io_getevents

Type

Kprobe

Purpose

Tracing the io_getevents syscall, with the goal of monitoring its behaviour.

Example Use Case

If a user needs to track when io_getevents is called, the io_getevents event is the ideal solution. It will provide information about the syscall such as parameters and duration. This is useful for monitoring low level kernel behavior or for performance analysis.

Issues

If the events array is allocated in the user space, it could trigger a TOCTOU attack.

  • io_submit - This syscall is related to io_getevents, since its responsible for writing to the completion queue which is read by io_getevents.

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.