mq_notify¶
Intro¶
mq_notify - register notification request on a message queue
Description¶
The mq_notify() system call establishes or modifies a notification request on the message queue specified by the mqdes argument. If the sevp argument is not a null pointer, then the notification will be as specified in the referenced structure.
The receiving process will be sent a SIGEV_SIGNAL signal with si_value equal to the sival_ptr member of the sigevent structure when (1) a message arrives on the empty queue specified by mqdes and (2) a message is removed from the queue and the number of messages on the queue subsequently becomes lower than the current value of the queue's notification threshold, mq_notify(). This signal will be sent to the process that registered the notification, provided that the notification request is still active by the time the message arrives or is removed from the queue.
A process can register at most one notification request for each message queue.
If the sevp argument is a null pointer, any previously registered notification request for the message queue specified by the mqdes argument will be canceled.
Some of the advantages of using mq_notify() include the ability to register for notification of any incoming message, being able to specify a custom signal handler function that is called when the signal is received, and the ability to register multiple notification requests on different queues.
Arguments¶
mqdes
:mqd_t
- a message queue descriptor.sevp
:const struct sigevent*
- pointer to a structure that specifies the type of notification to set. If the value of this argument is NULL, the notification for the specified message queue is canceled.
Available Tags¶
- K - Originated from kernel-space.
- U - Originated from user space (for example, pointer to user space memory used to get it)
- TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
- OPT - Optional argument - might not always be available (passed with null value)
Hooks¶
mq_notify_entry¶
Type¶
Kprobe
Purpose¶
To trace the system call entry point.
mq_notify_exit¶
Type¶
Kretprobe
Purpose¶
To trace the system call exit point.
Example Use Case¶
mq_notify() can be used to be notified when a message is sent to a queue, or when a message is taken off a queue that was previously emptied. This is useful for applications that need to react to messages in a timely manner or are interested in knowing what messages are being sent and taken from a queue.
Issues¶
Because the notification is triggered by either a message coming in or a message being taken out, this function is vulnerable to Time of Check Time of Use (TOCTOU) race conditions.
Related Events¶
This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.