#!/usr/bin/stap -g
# Author: Soren Hansen <soren@linux2go.dk>
# License: GPLv2+
#
# Rewrite the "count" argument on x86 when attempting vfs_write to "mem" file.

function filename_from_file:string(file:long) {
    dentry = dentry_from_file(file);
    filename = @cast(dentry, "dentry", "kernel<linux/dcache.h>")->d_name->name;
    return kernel_string(filename);
}

function fsname_from_file:string(file:long) {
    mnt = mnt_from_file(file);
    sb = @cast(mnt, "vfsmount", "kernel<linux/mount.h>")->mnt_sb;
    fstype = @cast(sb, "super_block", "kernel<linux/fs.h>")->s_type;
    fsname = @cast(fstype, "file_system_type", "kernel<linux/fs.h>")->name;
    return kernel_string(fsname);
}

function mnt_from_file:long(file:long) {
    return @cast(file, "file", "kernel<linux/fs.h>")->f_path->mnt;
}

function dentry_from_file:long(file:long) {
    return @cast(file, "file", "kernel<linux/fs.h>")->f_path->dentry;
}


/*
 * Probes
 */

function not_a_chance ()
%{
        CONTEXT->regs->dx = 0;
%}

probe kprobe.function("vfs_write")  {
    file = pointer_arg(1)
    if ((fsname_from_file(file) == "proc") && (filename_from_file(file) == "mem")) {
        not_a_chance();
    }
}