| Server IP : 104.21.25.180 / Your IP : 162.159.115.42 Web Server : Apache/2.4.37 System : Linux almalinux.duckdns.org 4.18.0-553.111.1.el8_10.x86_64 #1 SMP Sun Mar 8 20:06:07 EDT 2026 x86_64 User : ricodeal ( 1046) PHP Version : 7.4.33 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /usr/share/systemtap/tapset/ |
Upload File : |
// livepatch tapset macros
// Copyright (C) 2022 Red Hat Inc.
//
// This file is part of systemtap, and is free software. You can
// redistribute it and/or modify it under the terms of the GNU General
// Public License (GPL); either version 2, or (at your option) any
// later version.
private cve_id
private cve_load_time
global cve_notify_p = 1
global cve_fix_p = 1
global cve_trace_p = 1
global cve_enabled_p = 1
global cve_tmpdisabled_s = -1
probe begin {
cve_id = module_name()
cve_load_time = gettimeofday_s()
if (cve_notify_p)
printf("%s mitigation loaded\n", cve_id)
}
probe end,error {
if (cve_notify_p)
printf("%s mitigation unloaded\n", cve_id)
}
# Parameter reading and updating
@define cve_probe_procfs_parameter (glbl, f_name) %(
probe procfs(@f_name).read
{ $value = sprintf("%d\n", @glbl) }
probe procfs(@f_name).write
{ @glbl = strtol($value, 10) }
%)
@cve_probe_procfs_parameter(cve_notify_p , "cve_notify_p")
@cve_probe_procfs_parameter(cve_trace_p , "cve_trace_p")
@cve_probe_procfs_parameter(cve_fix_p , "cve_fix_p")
@cve_probe_procfs_parameter(cve_enabled_p , "cve_enabled_p")
probe procfs("cve_tmpdisabled_s").read
{ $value = sprintf("%d\n", cve_tmpdisabled_s) }
probe procfs("cve_tmpdisabled_s").write
{ cve_tmpdisabled_s = strtol($value, 10)
if (cve_tmpdisabled_s > 0)
cve_enabled_p = 0 # trigger temporary disable
}
# The metric accumulation and prometheus
global cve_metrics
/**
* sfunction cve_count_metric - Increment the count of key
*
* @key: The metric
*
* Description: This function increments the count of the metric
* key by 1. The metrics can be accessed in
* /proc/systemtap/MODULE_NAME/__prometheus
*/
function cve_count_metric (key:string) {
cve_metrics[key] ++
}
/**
* sfunction cve_record_metric - Set the value of key
*
* @key: The metric
* @value: The new value
*
* Description: This function sets the value of the metric
* key. The metrics can be accessed in
* /proc/systemtap/MODULE_NAME/__prometheus
*/
function cve_record_metric (key:string, value:long) {
cve_metrics[key] = value
}
probe prometheus {
cve_record_metric("runtime", gettimeofday_s() - cve_load_time)
@prometheus_dump_array1(cve_metrics, cve_id, "metric")
}
# Disabling the patch
probe timer.s(1) {
if(!cve_enabled_p && cve_tmpdisabled_s >= 0){
if(cve_tmpdisabled_s > 0){
cve_tmpdisabled_s--
}else{
if (cve_notify_p)
printf("%s reenabling\n", cve_id)
cve_enabled_p = 1
cve_tmpdisabled_s = -1
}
}
}
/**
* sfunction cve_tmpdisable - Disable the cve livepatch
*
* @duration: The number of seconds to disable
*
* Description: This function temporarily disables the
* conditionals which use cve_enabled_p for duration seconds.
* If duration is -1, disable the livepatch until reenabled.
*/
function cve_tmpdisable(duration:long){
if (cve_notify_p)
printf("%s disabling temporarily\n", cve_id)
cve_enabled_p = 0
cve_tmpdisabled_s = duration
}