Skip to content

timer_gettime

Intro

timer_gettime - Get the current value of the timer specified by timerid.

Description

The timer_gettime() system call gets the current value of the timer specified by timerid. It stores the amount of time until the timer expires into the itimerspec pointed to by curr_value. Additional flags, like TIMER_ABSTIME may modify the behavior of this call by setting the reference from which the relative waiting time is calculated. If the timer is disarmed, the itimerspec is set to 0.

Arguments

  • timer_id:timer_t - ID of timer to query.
  • curr_value:struct itimerspec*K[TOCTOU] - Pointer to a preallocated itimerspec structure, to which the timer's current value will be written.

Available Tags

  • K - Originated from kernel-space.
  • U - Originated from user space (for example, pointer to user space memory used to get it)
  • TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
  • OPT - Optional argument - might not always be available (passed with null value)

Hooks

sys_timer_gettime

Type

kprobe.

Purpose

To detect calls to timer_gettime() and to monitor the parameters passed to it.

Example Use Case

This event could be used to detect application calls to timer_gettime() and to gather additional data regarding the timer associated with this call. This data can be used for investigation or profiling purposes.

Issues

No known issues at the moment.

  • timer_create
  • timer_settime
  • timer_delete

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.