Skip to content

timer_settime

Intro

timer_settime - sets the timer referred to by timerid to the values specified in value

Description

The timer_settime() function establishes the timer, timerid, to expire at the time specified by value. When the timer expires, the specific reasons for this expiration can be obtained by inspecting the value of the overrun argument. The timer can be one-shot or periodic. If a timer is re-established with timer_settime() while it is in a pending state, the time of the next expiration is reset.

The flags argument is formed by ORing together one or more of the following flags: - TIMER_ABSTIME: use absolute value for setting timer. - TIMER_RELTIME: use relative value for setting timer.

Arguments

  • timer_id:timer_t[K] - Identifier of the timer.
  • flags:int[K] - flags for setting timer.
  • new_value:const struct itimerspec*[K] - struct of new relative or absolute values for setting timer.
  • old_value:struct itimerspec*[K, TOCTOU] - struct of old values.

Available Tags

  • K - Originated from kernel-space.
  • U - Originated from user space (for example, pointer to user space memory used to get it)
  • TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
  • OPT - Optional argument - might not always be available (passed with null value)

Hooks

sys_timer_settime

Type

Kprobes

Purpose

To monitor the arguments and parameters of the timer_settime syscall

__do_timer_settime

Type

Jprobes

Purpose

To intercept completed syscalls and inspect the return value of the timer_settime syscall

Example Use Case

timer_settime is typically used in applications to set a timer that will trigger a callback when it elapses. The callback can be used to execute periodic tasks or to perform timeouts.

Issues

At the time of writing, timer_settime is vulnerable to a TOCTOU race condition. Since the argument old_value is passed as non-const, and the value of old_value might change between the time it is checked and the time it is used.

  • timer_create
  • timer_gettime
  • timer_getoverrun
  • timer_delete

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.