Skip to content

io_pgetevents_time32

Intro

io_pgetevents_time32 - syscall to retrieve data from an I/O controller

Description

This system call reads (with a timeout) events generated by an I/O controller. The platforms that support this system call are x86-64, arm64 and ia64.

The timeout argument sets an upper bound on the amount of time that the call will block. Setting the timeout to NULL makes the call block until an event is generated. Data of the event is written into the struct io_event_t which is passed to this call.

Arguments

  • ctx: struct iocb *[U] - pointer to an array of io_context_t structures.
  • nr: long[U] - number of events requested.
  • events: struct io_event_t *[U] - pointer to an array of io_event_t structures.
  • timeout: struct timespec *[U, TOCTOU] - pointer to a timespec structure.

Available Tags

  • K - Originated from kernel-space.
  • U - Originated from user space (for example, pointer to user space memory used to get it)
  • TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
  • OPT - Optional argument - might not always be available (passed with null value)

Hooks

sys_io_pgetevents_time32

Type

Kprobe + Kretprobe

Purpose

To trace all invocation of io_pgetevents_time32 and get the context of each invocation.

Example Use Case

This system call can be used to test the responsiveness of a tracee. For example, when checking if a given process is unresponsive or hangs.

Issues

This system call is vulnerable to Time Of Check/Time Of Use (TOCTOU) race conditions.

  • io_destroy - destroys an I/O context assigned to a user

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.