io_pgetevents_time32 - syscall to retrieve data from an I/O controller
This system call reads (with a timeout) events generated by an I/O controller. The platforms that support this system call are x86-64, arm64 and ia64.
The timeout argument sets an upper bound on the amount of time
that the call will block. Setting the timeout to
NULL makes the
call block until an event is generated. Data of the event is written
into the struct
io_event_t which is passed to this call.
struct iocb *[U] - pointer to an array of
long[U] - number of events requested.
struct io_event_t *[U] - pointer to an array of
struct timespec *[U, TOCTOU] - pointer to a
- K - Originated from kernel-space.
- U - Originated from user space (for example, pointer to user space memory used to get it)
- TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
- OPT - Optional argument - might not always be available (passed with null value)
Kprobe + Kretprobe
To trace all invocation of
io_pgetevents_time32 and get the context of each invocation.
Example Use Case¶
This system call can be used to test the responsiveness of a tracee. For example, when checking if a given process is unresponsive or hangs.
This system call is vulnerable to Time Of Check/Time Of Use (TOCTOU) race conditions.
- io_destroy - destroys an I/O context assigned to a user
This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.