diff options
| author | hien <hien> | 2006-02-04 00:07:11 +0000 |
|---|---|---|
| committer | hien <hien> | 2006-02-04 00:07:11 +0000 |
| commit | 375d97b5e87898d9d5a06a4156e873a9c8677a5d (patch) | |
| tree | c0c19c4d96f426f960c3a382dc21bfbab3093fe3 | |
| parent | 2ad1c02c9e1fd29038cf8cea11254d5eee80f452 (diff) | |
| download | systemtap-steved-375d97b5e87898d9d5a06a4156e873a9c8677a5d.tar.gz systemtap-steved-375d97b5e87898d9d5a06a4156e873a9c8677a5d.tar.xz systemtap-steved-375d97b5e87898d9d5a06a4156e873a9c8677a5d.zip | |
updated- still need more works
| -rw-r--r-- | tapset/syscalls2.stp | 4539 |
1 files changed, 2215 insertions, 2324 deletions
diff --git a/tapset/syscalls2.stp b/tapset/syscalls2.stp index c13bcf23..6dc43c2e 100644 --- a/tapset/syscalls2.stp +++ b/tapset/syscalls2.stp @@ -7,14 +7,14 @@ // Public License (GPL); either version 2, or (at your option) any // later version. -/* Each syscall returns the calls parameters. In addition, the following +# Each syscall returns the calls parameters. In addition, the following * variables are set: * * name - generally the syscall name minus the "sys_". * * argstr - a string containing the decoded args in an easy-to-read format. -* It doesn't need to contain everything, but should have all the -* important args. +* It doesn't need to contain everything, but should have all the +* important args. * * returnp - set to 1 if return probe */ @@ -22,32 +22,32 @@ # open _______________________________________________________ # asmlinkage long sys_open(const char __user * filename, int flags, int mode) probe syscall.open = kernel.function("sys_open") { - name = "open" - filename = user_string($filename) - flags = $flags - mode = $mode - if (f & 64) - argstr = sprintf("\"%s\", %s, 0x%x", filename, _sys_open_flag_str(flags), mode) - else - argstr = sprintf("\"%s\", %s", filename, _sys_open_flag_str(flags)) + name = "open" + filename = user_string($filename) + flags = $flags + mode = $mode + if (f & 64) + argstr = sprintf("\"%s\", %s, 0x%x", filename, _sys_open_flag_str(flags), mode) + else + argstr = sprintf("\"%s\", %s", filename, _sys_open_flag_str(flags)) } probe syscall.open.return = kernel.function("sys_open").return { - name = "open" - returnp = 1 + name = "open" + returnp = 1 } # read _______________________________________________________ # ssize_t sys_read(unsigned int fd, char __user * buf, size_t count) probe syscall.read = kernel.function("sys_read") { - name = "read" - fd = $fd - buf_uaddr = $buf - count = $count - argstr = sprintf("%d, ..., %d", fd, count) + name = "read" + fd = $fd + buf_uaddr = $buf + count = $count + argstr = sprintf("%d, ..., %d", fd, count) } probe syscall.read.return = kernel.function("sys_read").return { - name = "read" - returnp = 1 + name = "read" + returnp = 1 } ####################################################################### @@ -55,2447 +55,2338 @@ probe syscall.read.return = kernel.function("sys_read").return { ####################################################################### # nanosleep __________________________________________________ -/* - * asmlinkage long - * sys_nanosleep(struct timespec __user *rqtp, - * struct timespec __user *rmtp) - */ -probe kernel.syscall.nanosleep = - kernel.function("sys_nanosleep") { - name = "nanosleep" - req_uaddr = $rqtp - rem_uaddr = $rmtp - /* - * XXX NOT SAFE -- might sleep - * req_tv_sec = __uget_ts_m($rqtp,0) - * req_tv_nsec = __uget_ts_m($rqtp,1) - * rem_tv_sec = __uget_ts_m($rmtp,0) - * rem_tv_nsec = __uget_ts_m($rmtp,1) - */ - } -probe kernel.syscall.nanosleep.return = - kernel.function("sys_nanosleep").return { - name = "nanosleep.return" - } +# +# asmlinkage long +# sys_nanosleep(struct timespec __user *rqtp, +# struct timespec __user *rmtp) +# +probe syscall.nanosleep = kernel.function("sys_nanosleep") { + name = "nanosleep" + req_uaddr = $rqtp + rem_uaddr = $rmtp + /* + * XXX NOT SAFE -- might sleep + * req_tv_sec = __uget_ts_m($rqtp,0) + * req_tv_nsec = __uget_ts_m($rqtp,1) + * rem_tv_sec = __uget_ts_m($rmtp,0) + * rem_tv_nsec = __uget_ts_m($rmtp,1) + */ + argstr = "...., ..." +} +probe syscall.nanosleep.return = kernel.function("sys_nanosleep").return { + name = "nanosleep" + returnp = 1 +} # newfstat ___________________________________________________ -/* - * asmlinkage long - * sys_newfstat(unsigned int fd, - * struct stat __user * statbuf) - */ -probe kernel.syscall.newfstat = - kernel.function("sys_newfstat") { - name = "newfstat" - fd = $fd - buf_uaddr = $statbuf - } -probe kernel.syscall.newfstat.return = - kernel.function("sys_newfstat").return { - name = "newfstat.return" - } +# +# asmlinkage long +# sys_newfstat(unsigned int fd, +# struct stat __user * statbuf) +# +probe syscall.newfstat = kernel.function("sys_newfstat") { + name = "newfstat" + fd = $fd + buf_uaddr = $statbuf + argstr = sprintf("%d, ...", fd) +} +probe syscall.newfstat.return = kernel.function("sys_newfstat").return { + name = "newfstat" + returnp = 1 +} # newlstat ___________________________________________________ -/* - * asmlinkage long - * sys_newlstat(char __user * filename, - * struct stat __user * statbuf) - */ -probe kernel.syscall.newlstat = - kernel.function("sys_newlstat") { - name = "newlstat" - filename_uaddr = $filename - buf_uaddr = $statbuf - } -probe kernel.syscall.newlstat.return = - kernel.function("sys_newlstat").return { - name = "newlstat.return" - } +# +# asmlinkage long +# sys_newlstat(char __user * filename, +# struct stat __user * statbuf) +# +probe syscall.newlstat = kernel.function("sys_newlstat") { + name = "newlstat" + filename_uaddr = $filename + buf_uaddr = $statbuf + argstr = "..., ..." +} +probe syscall.newlstat.return = kernel.function("sys_newlstat").return { + name = "newlstat" + returnp = 1 +} # newstat ____________________________________________________ -/* - * asmlinkage long - * sys_newstat(char __user * filename, - * struct stat __user * statbuf) - */ -probe kernel.syscall.newstat = - kernel.function("sys_newstat") { - name = "newstat" - filename_uaddr = $filename - buf_uaddr = $statbuf - } -probe kernel.syscall.newstat.return = - kernel.function("sys_newstat").return { - name = "newstat.return" - } +# +# asmlinkage long +# sys_newstat(char __user * filename, +# struct stat __user * statbuf) +# +probe syscall.newstat = kernel.function("sys_newstat") { + name = "newstat" + filename_uaddr = $filename + buf_uaddr = $statbuf + argstr = "..., ..." +} +probe syscall.newstat.return = kernel.function("sys_newstat").return { + name = "newstat" + returnp = 1 +} # newuname ___________________________________________________ -/* - * asmlinkage long - * sys_newuname(struct new_utsname __user * name) - */ -probe kernel.syscall.newuname = - kernel.function("sys_newuname") { - name = "newuname" - name_uaddr = $name - } -probe kernel.syscall.newuname.return = - kernel.function("sys_newuname").return { - name = "newuname.return" - } +# +# asmlinkage long +# sys_newuname(struct new_utsname __user * name) +# +probe syscall.newuname = kernel.function("sys_newuname") { + name = "newuname" + name_uaddr = $name + argstr = "..." +} +probe syscall.newuname.return = kernel.function("sys_newuname").return { + name = "newuname" + returnp = 1 +} # nfsservctl _________________________________________________ -/* - * long asmlinkage - * sys_nfsservctl(int cmd, - * struct nfsctl_arg __user *arg, - * void __user *res) - */ -probe kernel.syscall.nfsservctl = - kernel.function("sys_nfsservctl") { - name = "nfsservctl" - cmd = $cmd - argp_uaddr = $arg - resp_uaddr = $res - } -probe kernel.syscall.nfsservctl.return = - kernel.function("sys_nfsservctl").return { - name = "nfsservctl.return" - } +# +# long asmlinkage +# sys_nfsservctl(int cmd, +# struct nfsctl_arg __user *arg, +# void __user *res) +# +probe syscall.nfsservctl = kernel.function("sys_nfsservctl") { + name = "nfsservctl" + cmd = $cmd + argp_uaddr = $arg + resp_uaddr = $res +} +probe syscall.nfsservctl.return = kernel.function("sys_nfsservctl").return { + name = "nfsservctl.return" + returnp = 1 +} # nice _______________________________________________________ -/* - * asmlinkage long - * sys_nice(int increment) - */ -probe kernel.syscall.nice = +# +# asmlinkage long +# sys_nice(int increment) +# +probe syscall.nice = kernel.function("sys_nice") { - name = "nice" - inc = $increment - } -probe kernel.syscall.nice.return = - kernel.function("sys_nice").return { - name = "nice.return" - } + name = "nice" + inc = $increment +} +probe syscall.nice.return = kernel.function("sys_nice").return { + name = "nice" + returnp = 1 +} # ni_syscall _________________________________________________ -/* - * asmlinkage long - * sys_ni_syscall(void) - */ -probe kernel.syscall.ni_syscall = - kernel.function("sys_ni_syscall") { - name = "ni_syscall" - } -probe kernel.syscall.ni_syscall.return = - kernel.function("sys_ni_syscall").return { - name = "ni_syscall.return" - } +# +# asmlinkage long +# sys_ni_syscall(void) +# +probe syscall.ni_syscall = kernel.function("sys_ni_syscall") { + name = "ni_syscall" +} +probe syscall.ni_syscall.return = kernel.function("sys_ni_syscall").return { + name = "ni_syscall" + returnp = 1 +} # old_getrlimit ______________________________________________ -/* - * asmlinkage long - * sys_old_getrlimit(unsigned int resource, - * struct rlimit __user *rlim) - */ -probe kernel.syscall.old_getrlimit = - kernel.function("sys_old_getrlimit") { - name = "old_getrlimit" - resource = $resource - resource_str = _rlimit_resource_str($resource) - rlim_uaddr = $rlim - } -probe kernel.syscall.old_getrlimit.return = - kernel.function("sys_old_getrlimit").return { - name = "old_getrlimit.return" - } +# +# asmlinkage long +# sys_old_getrlimit(unsigned int resource, +# struct rlimit __user *rlim) +# +probe syscall.old_getrlimit = kernel.function("sys_old_getrlimit") { + name = "old_getrlimit" + resource = $resource + resource_str = _rlimit_resource_str($resource) + rlim_uaddr = $rlim +} +probe syscall.old_getrlimit.return = kernel.function("sys_old_getrlimit").return { + name = "old_getrlimit" + returnp = 1 +} # oldumount __________________________________________________ -/* - * asmlinkage long - * sys_oldumount(char __user * name) - */ -probe kernel.syscall.oldumount = - kernel.function("sys_umount") { - name = "oldumount" - target_uaddr = $name - } -probe kernel.syscall.oldumount.return = - kernel.function("sys_umount").return { - name = "oldumount.return" - } +# +# asmlinkage long +# sys_oldumount(char __user * name) +# +probe syscall.oldumount = kernel.function("sys_umount") { + name = "oldumount" + target_uaddr = $name +} +probe syscall.oldumount.return = kernel.function("sys_umount").return { + name = "oldumount" + returnp = 1 +} # pause ______________________________________________________ -/* - * sys_pause(void) - */ -probe kernel.syscall.pause = - kernel.function("sys_pause") { - name = "pause" - } -probe kernel.syscall.pause.return = - kernel.function("sys_pause").return { - name = "pause.return" - } +# +# sys_pause(void) +# +probe syscall.pause = kernel.function("sys_pause") { + name = "pause" +} +probe syscall.pause.return = kernel.function("sys_pause").return { + name = "pause" + returnp = 1 +} # pciconfig_iobase ___________________________________________ -/* - * asmlinkage long - * sys_pciconfig_iobase(long which, - * unsigned long bus, - * unsigned long dfn) - */ -/* -probe kernel.syscall.pciconfig_iobase = - kernel.function("sys_pciconfig_iobase") { - name = "pciconfig_iobase" - which = $which - bus = $bus - dfn = $dfn - } -probe kernel.syscall.pciconfig_iobase.return = - kernel.function("sys_pciconfig_iobase").return { - name = "pciconfig_iobase.return" - } +# +# asmlinkage long +# sys_pciconfig_iobase(long which, +# unsigned long bus, +# unsigned long dfn) +# +# +probe syscall.pciconfig_iobase = kernel.function("sys_pciconfig_iobase") { + name = "pciconfig_iobase" + which = $which + bus = $bus + dfn = $dfn +} +probe syscall.pciconfig_iobase.return = kernel.function("sys_pciconfig_iobase").return { + name = "pciconfig_iobase" + returnp = 1 +} */ # pciconfig_read _____________________________________________ -/* - * asmlinkage int - * sys_pciconfig_read(unsigned long bus, - * unsigned long dfn, - * unsigned long off, - * unsigned long len, - * unsigned char *buf) - * { return 0; } - */ -/* -probe kernel.syscall.pciconfig_read = - kernel.function("sys_pciconfig_read") { - name = "pciconfig_read" - bus = $bus - dfn = $dfn - off = $off - len = $len - buf_uaddr = $buf - } -probe kernel.syscall.pciconfig_read.return = - kernel.function("sys_pciconfig_read").return { - name = "pciconfig_read.return" - } +# +# asmlinkage int +# sys_pciconfig_read(unsigned long bus, +# unsigned long dfn, +# unsigned long off, +# unsigned long len, +# unsigned char *buf) +# { return 0; } +# +# +probe syscall.pciconfig_read = kernel.function("sys_pciconfig_read") { + name = "pciconfig_read" + bus = $bus + dfn = $dfn + off = $off + len = $len + buf_uaddr = $buf +} +probe syscall.pciconfig_read.return = + kernel.function("sys_pciconfig_read").return { + name = "pciconfig_read" + returnp = 1 +} */ # pciconfig_write ____________________________________________ -/* - * asmlinkage int - * sys_pciconfig_write(unsigned long bus, - * unsigned long dfn, - * unsigned long off, - * unsigned long len, - * unsigned char *buf) - */ -/* -probe kernel.syscall.pciconfig_write = - kernel.function("sys_pciconfig_write") { - name = "pciconfig_write" - bus = $bus - dfn = $dfn - off = $off - len = $len - buf_uaddr = $buf - } -probe kernel.syscall.pciconfig_write.return = - kernel.function("sys_pciconfig_write").return { - name = "pciconfig_write.return" - } +# +# asmlinkage int +# sys_pciconfig_write(unsigned long bus, +# unsigned long dfn, +# unsigned long off, +# unsigned long len, +# unsigned char *buf) +# +# +probe syscall.pciconfig_write = kernel.function("sys_pciconfig_write") { + name = "pciconfig_write" + bus = $bus + dfn = $dfn + off = $off + len = $len + buf_uaddr = $buf +} +probe syscall.pciconfig_write.return = + kernel.function("sys_pciconfig_write").return { + name = "pciconfig_write" + returnp = 1 +} */ # personality ________________________________________________ -/* - * asmlinkage long - * sys_personality(u_long personality) - */ -probe kernel.syscall.personality = - kernel.function("sys_personality") { - name = "personality" - persona = $personality - } -probe kernel.syscall.personality.return = - kernel.function("sys_personality").return { - name = "personality.return" - } +# +# asmlinkage long +# sys_personality(u_long personality) +# +probe syscall.personality = kernel.function("sys_personality") { + name = "personality" + persona = $personality +} +probe syscall.personality.return = kernel.function("sys_personality").return { + name = "personality" + returnp = 1 +} # pipe _______________________________________________________ -/* - * asmlinkage int - * sys_pipe(unsigned long __user * fildes) - */ -probe kernel.syscall.pipe = - kernel.function("sys_pipe") { - name = "pipe" - fildes_uaddr = $fildes - } -probe kernel.syscall.pipe.return = - kernel.function("sys_pipe").return { - name = "pipe.return" - } +# +# asmlinkage int +# sys_pipe(unsigned long __user * fildes) +# +probe syscall.pipe = kernel.function("sys_pipe") { + name = "pipe" + fildes_uaddr = $fildes +} +probe syscall.pipe.return = kernel.function("sys_pipe").return { + name = "pipe" + returnp = 1 +} # pivot_root _________________________________________________ -/* - * asmlinkage long - * sys_pivot_root(const char __user *new_root, - * const char __user *put_old) - */ -probe kernel.syscall.pivot_root = - kernel.function("sys_pivot_root") { - name = "pivot_root" - new_root_uaddr = $new_root - old_root_uaddr = $put_old - } -probe kernel.syscall.pivot_root.return = - kernel.function("sys_pivot_root").return { - name = "pivot_root.return" - } +# +# asmlinkage long +# sys_pivot_root(const char __user *new_root, +# const char __user *put_old) +# +probe syscall.pivot_root = kernel.function("sys_pivot_root") { + name = "pivot_root" + new_root_uaddr = $new_root + old_root_uaddr = $put_old +} +probe syscall.pivot_root.return = kernel.function("sys_pivot_root").return { + name = "pivot_root" + returnp = 1 +} # poll _______________________________________________________ -/* - * asmlinkage long - * sys_poll(struct pollfd __user * ufds, - * unsigned int nfds, - * long timeout) - */ -probe kernel.syscall.poll = - kernel.function("sys_poll") { - name = "poll" - ufds_uaddr = $ufds - nfds = $nfds - timeout = $timeout - } -probe kernel.syscall.poll.return = - kernel.function("sys_poll").return { - name = "poll.return" - } +# +# asmlinkage long +# sys_poll(struct pollfd __user * ufds, +# unsigned int nfds, +# long timeout) +# +probe syscall.poll = kernel.function("sys_poll") { + name = "poll" + ufds_uaddr = $ufds + nfds = $nfds + timeout = $timeout +} +probe syscall.poll.return = kernel.function("sys_poll").return { + name = "poll" + returnp = 1 +} # prctl ______________________________________________________ -/* - * asmlinkage long - * sys_prctl(int option, - * unsigned long arg2, - * unsigned long arg3, - * unsigned long arg4, - * unsigned long arg5) - */ -probe kernel.syscall.prctl = - kernel.function("sys_prctl") { - name = "prctl" - option = $option - arg2 = $arg2 - arg3 = $arg3 - arg4 = $arg4 - arg5 = $arg5 - } -probe kernel.syscall.prctl.return = - kernel.function("sys_prctl").return { - name = "prctl.return" - } +# +# asmlinkage long +# sys_prctl(int option, +# unsigned long arg2, +# unsigned long arg3, +# unsigned long arg4, +# unsigned long arg5) +# +probe syscall.prctl = kernel.function("sys_prctl") { + name = "prctl" + option = $option + arg2 = $arg2 + arg3 = $arg3 + arg4 = $arg4 + arg5 = $arg5 +} +probe syscall.prctl.return = kernel.function("sys_prctl").return { + name = "prctl" + returnp = 1 +} # pread64 ____________________________________________________ -/* - * asmlinkage ssize_t - * sys_pread64(unsigned int fd, - * char __user *buf, - * size_t count, - * loff_t pos) - */ -probe kernel.syscall.pread64 = - kernel.function("sys_pread64") { - name = "pread64" - fd = $fd - buf_uaddr = $buf - count = $count - offset = $pos - } -probe kernel.syscall.pread64.return = - kernel.function("sys_pread64").return { - name = "pread64.return" - } +# +# asmlinkage ssize_t +# sys_pread64(unsigned int fd, +# char __user *buf, +# size_t count, +# loff_t pos) +# +probe syscall.pread64 = kernel.function("sys_pread64") { + name = "pread64" + fd = $fd + buf_uaddr = $buf + count = $count + offset = $pos +} +probe syscall.pread64.return = kernel.function("sys_pread64").return { + name = "pread64" + returnp = 1 +} # ptrace _____________________________________________________ -/* - * asmlinkage int - * sys_ptrace(long request, - * long pid, - * long addr, - * long data) - */ -probe kernel.syscall.ptrace = - kernel.function("sys_ptrace") { - name = "ptrace" - request = $request - pid = $pid - addr = $addr - data = $data - } -probe kernel.syscall.ptrace.return = - kernel.function("sys_ptrace").return { - name = "ptrace.return" - } +# +# asmlinkage int +# sys_ptrace(long request, +# long pid, +# long addr, +# long data) +# +probe syscall.ptrace = kernel.function("sys_ptrace") { + name = "ptrace" + request = $request + pid = $pid + addr = $addr + data = $data +} +probe syscall.ptrace.return = kernel.function("sys_ptrace").return { + name = "ptrace" + returnp = 1 +} # pwrite64 ___________________________________________________ -/* - * asmlinkage ssize_t - * sys_pwrite64(unsigned int fd, - * const char __user *buf, - * size_t count, - * loff_t pos) - */ -probe kernel.syscall.pwrite64 = - kernel.function("sys_pwrite64") { - name = "pwrite64" - fd = $fd - buf_uaddr = $buf - count = $count - offset = $pos - } -probe kernel.syscall.pwrite64.return = - kernel.function("sys_pwrite64").return { - name = "pwrite64.return" - } +# +# asmlinkage ssize_t +# sys_pwrite64(unsigned int fd, +# const char __user *buf, +# size_t count, +# loff_t pos) +# +probe syscall.pwrite64 = kernel.function("sys_pwrite64") { + name = "pwrite64" + fd = $fd + buf_uaddr = $buf + count = $count + offset = $pos +} +probe syscall.pwrite64.return = kernel.function("sys_pwrite64").return { + name = "pwrite64" + returnp = 1 +} # quotactl ___________________________________________________ -/* - * asmlinkage long - * sys_quotactl(unsigned int cmd, - * const char __user *special, - * qid_t id, - * void __user *addr) - */ -probe kernel.syscall.quotactl = - kernel.function("sys_quotactl") { - name = "quotactl" - cmd = $cmd - cmd_str = _quotactl_cmd_str($cmd) - special_uaddr = $special - id = $id - addr_uaddr = $addr - } -probe kernel.syscall.quotactl.return = - kernel.function("sys_quotactl").return { - name = "quotactl.return" - } +# +# asmlinkage long +# sys_quotactl(unsigned int cmd, +# const char __user *special, +# qid_t id, +# void __user *addr) +# +probe syscall.quotactl = kernel.function("sys_quotactl") { + name = "quotactl" + cmd = $cmd + cmd_str = _quotactl_cmd_str($cmd) + special_uaddr = $special + id = $id + addr_uaddr = $addr +} +probe syscall.quotactl.return = kernel.function("sys_quotactl").return { + name = "quotactl" + returnp = 1 +} # readahead __________________________________________________ -/* - * asmlinkage ssize_t - * sys_readahead(int fd, - * loff_t offset, - * size_t count) - */ -probe kernel.syscall.readahead = - kernel.function("sys_readahead") { - name = "readahead" - fd = $fd - offset = $offset - count = $count - } -probe kernel.syscall.readahead.return = - kernel.function("sys_readahead").return { - name = "readahead.return" - } +# +# asmlinkage ssize_t +# sys_readahead(int fd, +# loff_t offset, +# size_t count) +# +probe syscall.readahead = kernel.function("sys_readahead") { + name = "readahead" + fd = $fd + offset = $offset + count = $count +} +probe syscall.readahead.return = kernel.function("sys_readahead").return { + name = "readahead" + returnp = 1 +} # readlink ___________________________________________________ -/* - * asmlinkage long - * sys_readlink(const char __user * path, - * char __user * buf, - * int bufsiz) - */ -probe kernel.syscall.readlink = - kernel.function("sys_readlink") { - name = "readlink" - path_uaddr = $path - buf_uaddr = $buf - bufsiz = $bufsiz - } -probe kernel.syscall.readlink.return = - kernel.function("sys_readlink").return { - name = "readlink.return" - } +# +# asmlinkage long +# sys_readlink(const char __user * path, +# char __user * buf, +# int bufsiz) +# +probe syscall.readlink = kernel.function("sys_readlink") { + name = "readlink" + path_uaddr = $path + buf_uaddr = $buf + bufsiz = $bufsiz +} +probe syscall.readlink.return = kernel.function("sys_readlink").return { + name = "readlink" + returnp = 1 +} # readv ______________________________________________________ -/* - * asmlinkage ssize_t - * sys_readv(unsigned long fd, - * const struct iovec __user *vec, - * unsigned long vlen) - */ -probe kernel.syscall.readv = - kernel.function("sys_readv") { - name = "readv" - fd = $fd - vector_uaddr = $vec - count = $vlen - } -probe kernel.syscall.readv.return = - kernel.function("sys_readv").return { - name = "readv.return" - } +# +# asmlinkage ssize_t +# sys_readv(unsigned long fd, +# const struct iovec __user *vec, +# unsigned long vlen) +# +probe syscall.readv = kernel.function("sys_readv") { + name = "readv" + fd = $fd + vector_uaddr = $vec + count = $vlen +} +probe syscall.readv.return = kernel.function("sys_readv").return { + name = "readv" + returnp = 1 +} # reboot _____________________________________________________ -/* - * asmlinkage long - * sys_reboot(int magic1, - * int magic2, - * unsigned int cmd, - * void __user * arg) - */ -probe kernel.syscall.reboot = - kernel.function("sys_reboot") { - name = "reboot" - magic = $magic1 - magic_str = _reboot_magic_str($magic1) - magic2 = $magic2 - magic2_str =_reboot_magic_str($magic2) - flag = $cmd - flag_str = _reboot_flag_str(flag) - arg_uaddr = $arg - } -probe kernel.syscall.reboot.return = - kernel.function("sys_reboot").return { - name = "reboot.return" - } +# +# asmlinkage long +# sys_reboot(int magic1, +# int magic2, +# unsigned int cmd, +# void __user * arg) +# +probe syscall.reboot = kernel.function("sys_reboot") { + name = "reboot" + magic = $magic1 + magic_str = _reboot_magic_str($magic1) + magic2 = $magic2 + magic2_str =_reboot_magic_str($magic2) + flag = $cmd + flag_str = _reboot_flag_str(flag) + arg_uaddr = $arg +} +probe syscall.reboot.return = kernel.function("sys_reboot").return { + name = "reboot" + returnp = 1 +} # recv _______________________________________________________ -/* - * asmlinkage long - * sys_recvfrom(int fd, - * void __user * ubuf, - * size_t size, - * unsigned flags, - * struct sockaddr __user *addr, - * int __user *addr_len) - */ -probe kernel.syscall.recv = - kernel.function("sys_recvfrom") { - name = "recv" - s = $fd - buf_uaddr = $ubuf - len = $size - flags = $flags - flags_str = _recvflags_str($flags) - from_uaddr = $addr - fromlen_uaddr = $addr_len - } -probe kernel.syscall.recv.return = - kernel.function("sys_recvfrom").return { - name = "recv.return" - } +# +# asmlinkage long +# sys_recvfrom(int fd, +# void __user * ubuf, +# size_t size, +# unsigned flags, +# struct sockaddr __user *addr, +# int __user *addr_len) +# +probe syscall.recv = kernel.function("sys_recvfrom") { + name = "recv" + s = $fd + buf_uaddr = $ubuf + len = $size + flags = $flags + flags_str = _recvflags_str($flags) + from_uaddr = $addr + fromlen_uaddr = $addr_len +} +probe syscall.recv.return = kernel.function("sys_recvfrom").return { + name = "recv" + returnp = 1 +} # recvfrom ___________________________________________________ -/* - * asmlinkage long - * sys_recvfrom(int fd, - * void __user * ubuf, - * size_t size, - * unsigned flags, - * struct sockaddr __user *addr, - * int __user *addr_len) - */ -probe kernel.syscall.recvfrom = - kernel.function("sys_recvfrom") { - name = "recvfrom" - s = $fd - buf_uaddr = $ubuf - len = $size - flags = $flags - flags_str = _recvflags_str($flags) - from_uaddr = $addr - fromlen = $addr_len - } -probe kernel.syscall.recvfrom.return = - kernel.function("sys_recvfrom").return { - name = "recvfrom.return" - } +# +# asmlinkage long +# sys_recvfrom(int fd, +# void __user * ubuf, +# size_t size, +# unsigned flags, +# struct sockaddr __user *addr, +# int __user *addr_len) +# +probe syscall.recvfrom = kernel.function("sys_recvfrom") { + name = "recvfrom" + s = $fd + buf_uaddr = $ubuf + len = $size + flags = $flags + flags_str = _recvflags_str($flags) + from_uaddr = $addr + fromlen = $addr_len +} +probe syscall.recvfrom.return = kernel.function("sys_recvfrom").return { + name = "recvfrom" + returnp = 1 +} # recvmsg ____________________________________________________ -/* - * asmlinkage long - * sys_recvmsg(int fd, - * struct msghdr __user *msg, - * unsigned int flags) - */ -probe kernel.syscall.recvmsg = - kernel.function("sys_recvmsg") { - name = "recvmsg" - s = $fd - msg_uaddr = $msg - flags = $flags - flags_str = _recvflags_str($flags) - } -probe kernel.syscall.recvmsg.return = - kernel.function("sys_recvmsg").return { - name = "recvmsg.return" - } +# +# asmlinkage long +# sys_recvmsg(int fd, +# struct msghdr __user *msg, +# unsigned int flags) +# +probe syscall.recvmsg = kernel.function("sys_recvmsg") { + name = "recvmsg" + s = $fd + msg_uaddr = $msg + flags = $flags + flags_str = _recvflags_str($flags) +} +probe syscall.recvmsg.return = kernel.function("sys_recvmsg").return { + name = "recvmsg" + returnp = 1 +} # remap_file_pages ___________________________________________ -/* - * asmlinkage long - * sys_remap_file_pages(unsigned long start, - * unsigned long size, - * unsigned long __prot, - * unsigned long pgoff, - * unsigned long flags) - */ -probe kernel.syscall.remap_file_pages = - kernel.function("sys_remap_file_pages") { - name = "remap_file_pages" - start = $start - size = $size - prot = $__prot - pgoff = $pgoff - flags = $flags - } -probe kernel.syscall.remap_file_pages.return = - kernel.function("sys_remap_file_pages").return { - name = "remap_file_pages.return" - } +# +# asmlinkage long +# sys_remap_file_pages(unsigned long start, +# unsigned long size, +# unsigned long __prot, +# unsigned long pgoff, +# unsigned long flags) +# +probe syscall.remap_file_pages = kernel.function("sys_remap_file_pages") { + name = "remap_file_pages" + start = $start + size = $size + prot = $__prot + pgoff = $pgoff + flags = $flags +} +probe syscall.remap_file_pages.return = + kernel.function("sys_remap_file_pages").return { + name = "remap_file_pages" + returnp = 1 +} # removexattr ________________________________________________ -/* - * asmlinkage long - * sys_removexattr(char __user *path, - * char __user *name) - */ -probe kernel.syscall.removexattr = - kernel.function("sys_removexattr") { - name = "removexattr" - path_uaddr = $path - name_uaddr = $name - } -probe kernel.syscall.removexattr.return = - kernel.function("sys_removexattr").return { - name = "removexattr.return" - } +# +# asmlinkage long +# sys_removexattr(char __user *path, +# char __user *name) +# +probe syscall.removexattr = kernel.function("sys_removexattr") { + name = "removexattr" + path_uaddr = $path + name_uaddr = $name +} +probe syscall.removexattr.return = kernel.function("sys_removexattr").return { + name = "removexattr" + returnp = 1 +} # rename _____________________________________________________ -/* - * asmlinkage long - * sys_rename(const char __user * oldname, - * const char __user * newname) - */ -probe kernel.syscall.rename = - kernel.function("sys_rename") { - name = "rename" - oldpath_uaddr = $oldname - newpath_uaddr = $newname - } -probe kernel.syscall.rename.return = - kernel.function("sys_rename").return { - name = "rename.return" - } +# +# asmlinkage long +# sys_rename(const char __user * oldname, +# const char __user * newname) +# +probe syscall.rename = kernel.function("sys_rename") { + name = "rename" + oldpath_uaddr = $oldname + newpath_uaddr = $newname +} +probe syscall.rename.return = kernel.function("sys_rename").return { + name = "rename" + returnp = 1 +} # request_key ________________________________________________ -/* - * asmlinkage long - * sys_request_key(const char __user *_type, - * const char __user *_description, - * const char __user *_callout_info, - * key_serial_t destringid) - */ -probe kernel.syscall.request_key = - kernel.function("sys_request_key") { - name = "request_key" - type_uaddr = $_type - description_uaddr = $_description - callout_info_uaddr = $_callout_info - destringid = $destringid - } -probe kernel.syscall.request_key.return = - kernel.function("sys_request_key").return { - name = "request_key.return" - } +# +# asmlinkage long +# sys_request_key(const char __user *_type, +# const char __user *_description, +# const char __user *_callout_info, +# key_serial_t destringid) +# +probe syscall.request_key = kernel.function("sys_request_key") { + name = "request_key" + type_uaddr = $_type + description_uaddr = $_description + callout_info_uaddr = $_callout_info + destringid = $destringid +} +probe syscall.request_key.return = kernel.function("sys_request_key").return { + name = "request_key" + returnp = 1 +} # restart_syscall ____________________________________________ -/* - * asmlinkage long - * sys_restart_syscall(void) - */ -probe kernel.syscall.restart_syscall = - kernel.function("sys_restart_syscall") { - name = "restart_syscall" - } -probe kernel.syscall.restart_syscall.return = - kernel.function("sys_restart_syscall").return { - name = "restart_syscall.return" - } +# +# asmlinkage long +# sys_restart_syscall(void) +# +probe syscall.restart_syscall = kernel.function("sys_restart_syscall") { + name = "restart_syscall" +} +probe syscall.restart_syscall.return = + kernel.function("sys_restart_syscall").return { + name = "restart_syscall" + returnp = 1 +} # rmdir ______________________________________________________ -/* - * asmlinkage long - * sys_rmdir(const char __user * pathname) - */ -probe kernel.syscall.rmdir = - kernel.function("sys_rmdir") { - name = "rmdir" - pathname_uaddr = $pathname - } -probe kernel.syscall.rmdir.return = - kernel.function("sys_rmdir").return { - name = "rmdir.return" - } +# +# asmlinkage long +# sys_rmdir(const char __user * pathname) +# +probe syscall.rmdir = kernel.function("sys_rmdir") { + name = "rmdir" + pathname_uaddr = $pathname +} +probe syscall.rmdir.return = kernel.function("sys_rmdir").return { + name = "rmdir" + returnp = 1 +} # rt_sigaction _______________________________________________ -/* - * asmlinkage long - * sys_rt_sigaction(int sig, - * const struct sigaction __user *act, - * struct sigaction __user *oact, - * size_t sigsetsize, - * void __user *restorer) - */ -probe kernel.syscall.rt_sigaction = - kernel.function("sys_rt_sigaction") { - name = "rt_sigaction" - sig = $sig - act_uaddr = $act - oact_uaddr = $oact - sigsetsize = $sigsetsize - /* - * unable to find local 'restorer' (maybe i386 specific) - * restorer_uaddr = $restorer - */ - } -probe kernel.syscall.rt_sigaction.return = - kernel.function("sys_rt_sigaction").return { - name = "rt_sigaction.return" - } +# +# asmlinkage long +# sys_rt_sigaction(int sig, +# const struct sigaction __user *act, +# struct sigaction __user *oact, +# size_t sigsetsize, +# void __user *restorer) +# +probe syscall.rt_sigaction = kernel.function("sys_rt_sigaction") { + name = "rt_sigaction" + sig = $sig + act_uaddr = $act + oact_uaddr = $oact + sigsetsize = $sigsetsize + /* + * unable to find local 'restorer' (maybe i386 specific) + * restorer_uaddr = $restorer + */ +} +probe syscall.rt_sigaction.return = kernel.function("sys_rt_sigaction").return { + name = "rt_sigaction" + returnp = 1 +} # rt_sigpending ______________________________________________ -/* - * asmlinkage long - * sys_rt_sigpending(sigset_t __user *set, - * size_t sigsetsize) - */ -probe kernel.syscall.rt_sigpending = - kernel.function("do_sigpending") { - name = "rt_sigpending" - set_uaddr = $set - sigsetsize = $sigsetsize - } -probe kernel.syscall.rt_sigpending.return = - kernel.function("do_sigpending").return { - name = "rt_sigpending.return" - } +# +# asmlinkage long +# sys_rt_sigpending(sigset_t __user *set, +# size_t sigsetsize) +# +probe syscall.rt_sigpending = kernel.function("do_sigpending") { + name = "rt_sigpending" + set_uaddr = $set + sigsetsize = $sigsetsize +} +probe syscall.rt_sigpending.return = kernel.function("do_sigpending").return { + name = "rt_sigpending" + returnp = 1 +} # rt_sigprocmask _____________________________________________ -/* - * asmlinkage long - * sys_rt_sigprocmask(int how, - * sigset_t __user *set, - * sigset_t __user *oset, - * size_t sigsetsize) - */ -probe kernel.syscall.rt_sigprocmask = - kernel.function("sys_rt_sigprocmask") { - name = "rt_sigprocmask" - how = $how - how_str = _sigprocmask_how_str($how) - set_uaddr = $set - oset_uaddr = $oset - sigsetsize = $sigsetsize - } -probe kernel.syscall.rt_sigprocmask.return = - kernel.function("sys_rt_sigprocmask").return { - name = "rt_sigprocmask.return" - } +# +# asmlinkage long +# sys_rt_sigprocmask(int how, +# sigset_t __user *set, +# sigset_t __user *oset, +# size_t sigsetsize) +# +probe syscall.rt_sigprocmask = kernel.function("sys_rt_sigprocmask") { + name = "rt_sigprocmask" + how = $how + how_str = _sigprocmask_how_str($how) + set_uaddr = $set + oset_uaddr = $oset + sigsetsize = $sigsetsize +} +probe syscall.rt_sigprocmask.return = + kernel.function("sys_rt_sigprocmask").return { + name = "rt_sigprocmask" + returnp = 1 +} # rt_sigqueueinfo ____________________________________________ -/* - * asmlinkage long - * sys_rt_sigqueueinfo(int pid, - * int sig, - * siginfo_t __user *uinfo) - */ -probe kernel.syscall.rt_sigqueueinfo = - kernel.function("sys_rt_sigqueueinfo") { - name = "rt_sigqueueinfo" - pid = $pid - sig = $sig - uinfo_uaddr = $uinfo - } -probe kernel.syscall.rt_sigqueueinfo.return = - kernel.function("sys_rt_sigqueueinfo").return { - name = "rt_sigqueueinfo.return" - } +# +# asmlinkage long +# sys_rt_sigqueueinfo(int pid, +# int sig, +# siginfo_t __user *uinfo) +# +probe syscall.rt_sigqueueinfo = kernel.function("sys_rt_sigqueueinfo") { + name = "rt_sigqueueinfo" + pid = $pid + sig = $sig + uinfo_uaddr = $uinfo +} +probe syscall.rt_sigqueueinfo.return = + kernel.function("sys_rt_sigqueueinfo").return { + name = "rt_sigqueueinfo" + returnp = 1 +} # rt_sigsuspend ______________________________________________ -/* - * asmlinkage int - * sys_rt_sigsuspend(struct pt_regs regs) - */ -probe kernel.syscall.rt_sigsuspend = - kernel.function("sys_rt_sigsuspend") { - name = "rt_sigsuspend" - /* - * unsupported type identifier '$regs' - * regs = $regs - */ - } -probe kernel.syscall.rt_sigsuspend.return = - kernel.function("sys_rt_sigsuspend").return { - name = "rt_sigsuspend.return" - } +# +# asmlinkage int +# sys_rt_sigsuspend(struct pt_regs regs) +# +probe syscall.rt_sigsuspend = kernel.function("sys_rt_sigsuspend") { + name = "rt_sigsuspend" + /* + * unsupported type identifier '$regs' + * regs = $regs + */ +} +probe syscall.rt_sigsuspend.return = kernel.function("sys_rt_sigsuspend").return { + name = "rt_sigsuspend" + returnp = 1 +} # rt_sigtimedwait ____________________________________________ -/* - * asmlinkage long - * sys_rt_sigtimedwait(const sigset_t __user *uthese, - * siginfo_t __user *uinfo, - * const struct timespec __user *uts, - * size_t sigsetsize) - */ -probe kernel.syscall.rt_sigtimedwait = - kernel.function("sys_rt_sigtimedwait") { - name = "rt_sigtimedwait" - uthese_uaddr = $uthese - uinfo_uaddr = $uinfo - uts_uaddr = $uts - sigsetsize = $sigsetsize - } -probe kernel.syscall.rt_sigtimedwait.return = - kernel.function("sys_rt_sigtimedwait").return { - name = "rt_sigtimedwait.return" - } +# +# asmlinkage long +# sys_rt_sigtimedwait(const sigset_t __user *uthese, +# siginfo_t __user *uinfo, +# const struct timespec __user *uts, +# size_t sigsetsize) +# +probe syscall.rt_sigtimedwait = kernel.function("sys_rt_sigtimedwait") { + name = "rt_sigtimedwait" + uthese_uaddr = $uthese + uinfo_uaddr = $uinfo + uts_uaddr = $uts + sigsetsize = $sigsetsize +} +probe syscall.rt_sigtimedwait.return = + kernel.function("sys_rt_sigtimedwait").return { + name = "rt_sigtimedwait" + returnp = 1 +} # sched_getaffinity __________________________________________ -/* - * asmlinkage long - * sys_sched_getaffinity(pid_t pid, - * unsigned int len, - * unsigned long __user *user_mask_ptr) - */ -probe kernel.syscall.sched_getaffinity = - kernel.function("sys_sched_getaffinity") { - name = "sched_getaffinity" - pid = $pid - len = $len - mask_uaddr = $user_mask_ptr - } -probe kernel.syscall.sched_getaffinity.return = - kernel.function("sys_sched_getaffinity").return { - name = "sched_getaffinity.return" - } +# +# asmlinkage long +# sys_sched_getaffinity(pid_t pid, +# unsigned int len, +# unsigned long __user *user_mask_ptr) +# +probe syscall.sched_getaffinity = kernel.function("sys_sched_getaffinity") { + name = "sched_getaffinity" + pid = $pid + len = $len + mask_uaddr = $user_mask_ptr +} +probe syscall.sched_getaffinity.return = + kernel.function("sys_sched_getaffinity").return { + name = "sched_getaffinity" +} # sched_getparam _____________________________________________ -/* - * asmlinkage long - * sys_sched_getparam(pid_t pid, - * struct sched_param __user *param) - */ -probe kernel.syscall.sched_getparam = - kernel.function("sys_sched_getparam") { - name = "sched_getparam" - pid = $pid - p_uaddr = $param - } -probe kernel.syscall.sched_getparam.return = - kernel.function("sys_sched_getparam").return { - name = "sched_getparam.return" - } +# +# asmlinkage long +# sys_sched_getparam(pid_t pid, +# struct sched_param __user *param) +# +probe syscall.sched_getparam = kernel.function("sys_sched_getparam") { + name = "sched_getparam" + pid = $pid + p_uaddr = $param +} +probe syscall.sched_getparam.return = + kernel.function("sys_sched_getparam").return { + name = "sched_getparam" + returnp = 1 +} # sched_get_priority_max _____________________________________ -/* - * asmlinkage long - * sys_sched_get_priority_max(int policy) - */ -probe kernel.syscall.sched_get_priority_max = - kernel.function("sys_sched_get_priority_max") { - name = "sched_get_priority_max" - policy = $policy - } -probe kernel.syscall.sched_get_priority_max.return = - kernel.function("sys_sched_get_priority_max").return { - name = "sched_get_priority_max.return" - } +# +# asmlinkage long +# sys_sched_get_priority_max(int policy) +# +probe syscall.sched_get_priority_max = + kernel.function("sys_sched_get_priority_max") { + name = "sched_get_priority_max" + policy = $policy +} +probe syscall.sched_get_priority_max.return = + kernel.function("sys_sched_get_priority_max").return { + name = "sched_get_priority_max" + returnp = 1 +} # sched_get_priority_min _____________________________________ -/* - * asmlinkage long - * sys_sched_get_priority_min(int policy) - */ -probe kernel.syscall.sched_get_priority_min = - kernel.function("sys_sched_get_priority_min") { - name = "sched_get_priority_min" - policy = $policy - } -probe kernel.syscall.sched_get_priority_min.return = - kernel.function("sys_sched_get_priority_min").return { - name = "sched_get_priority_min.return" - } +# +# asmlinkage long +# sys_sched_get_priority_min(int policy) +# +probe syscall.sched_get_priority_min = + kernel.function("sys_sched_get_priority_min") { + name = "sched_get_priority_min" + policy = $policy +} +probe syscall.sched_get_priority_min.return = + kernel.function("sys_sched_get_priority_min").return { + name = "sched_get_priority_min" + returnp = 1 +} # sched_getscheduler _________________________________________ -/* - * asmlinkage long - * sys_sched_getscheduler(pid_t pid) - */ -probe kernel.syscall.sched_getscheduler = - kernel.function("sys_sched_getscheduler") { - name = "sched_getscheduler" - pid = $pid - } -probe kernel.syscall.sched_getscheduler.return = - kernel.function("sys_sched_getscheduler").return { - name = "sched_getscheduler.return" - } +# +# asmlinkage long +# sys_sched_getscheduler(pid_t pid) +# +probe syscall.sched_getscheduler = kernel.function("sys_sched_getscheduler") { + name = "sched_getscheduler" + pid = $pid +} +probe syscall.sched_getscheduler.return = + kernel.function("sys_sched_getscheduler").return { + name = "sched_getscheduler" + returnp = 1 +} # sched_rr_get_interval ______________________________________ -/* - * asmlinkage long - * sys_sched_rr_get_interval(pid_t pid, - * struct timespec __user *interval) - */ -probe kernel.syscall.sched_rr_get_interval = - kernel.function("sys_sched_rr_get_interval") { - name = "sched_rr_get_interval" - pid = $pid - tp_uaddr = $interval - } -probe kernel.syscall.sched_rr_get_interval.return = - kernel.function("sys_sched_rr_get_interval").return { - name = "sched_rr_get_interval.return" - } +# +# asmlinkage long +# sys_sched_rr_get_interval(pid_t pid, +# struct timespec __user *interval) +# +probe syscall.sched_rr_get_interval = + kernel.function("sys_sched_rr_get_interval") { + name = "sched_rr_get_interval" + pid = $pid + tp_uaddr = $interval +} +probe syscall.sched_rr_get_interval.return = + kernel.function("sys_sched_rr_get_interval").return { + name = "sched_rr_get_interval" + returnp = 1 +} # sched_yield ________________________________________________ -/* - * asmlinkage long - * sys_sched_yield(void) - */ -probe kernel.syscall.sched_yield = - kernel.function("sys_sched_yield") { - name = "sched_yield" - } -probe kernel.syscall.sched_yield.return = - kernel.function("sys_sched_yield").return { - name = "sched_yield.return" - } +# +# asmlinkage long +# sys_sched_yield(void) +# +probe syscall.sched_yield = kernel.function("sys_sched_yield") { + name = "sched_yield" +} +probe syscall.sched_yield.return = kernel.function("sys_sched_yield").return { + name = "sched_yield" + returnp = 1 +} # select _____________________________________________________ -/* - * asmlinkage long - * sys_select(int n, - * fd_set __user *inp, - * fd_set __user *outp, - * fd_set __user *exp, - * struct timeval __user *tvp) - */ -probe kernel.syscall.select = - kernel.function("sys_select") { - name = "select" - n = $n - readfds_uaddr = $inp - writefds_uaddr = $outp - exceptfds_uaddr = $exp - timeout_uaddr = $tvp - } -probe kernel.syscall.select.return = - kernel.function("sys_select").return { - name = "select.return" - } +# +# asmlinkage long +# sys_select(int n, +# fd_set __user *inp, +# fd_set __user *outp, +# fd_set __user *exp, +# struct timeval __user *tvp) +# +probe syscall.select = kernel.function("sys_select") { + name = "select" + n = $n + readfds_uaddr = $inp + writefds_uaddr = $outp + exceptfds_uaddr = $exp + timeout_uaddr = $tvp +} +probe syscall.select.return = kernel.function("sys_select").return { + name = "select" + returnp = 1 +} # semctl _____________________________________________________ -/* - * asmlinkage long - * sys_semctl (int semid, - * int semnum, - * int cmd, - * union semun arg) - */ -probe kernel.syscall.semctl = - kernel.function("sys_semctl") { - name = "semctl" - semid = $semid - semnum = $semnum - cmd = $cmd - /* - * unsupported type tag identifier '$arg' - * arg = $arg - */ - } -probe kernel.syscall.semctl.return = - kernel.function("sys_semctl").return { - name = "semctl.return" - } +# +# asmlinkage long +# sys_semctl (int semid, +# int semnum, +# int cmd, +# union semun arg) +# +probe syscall.semctl = kernel.function("sys_semctl") { + name = "semctl" + semid = $semid + semnum = $semnum + cmd = $cmd + /* + * unsupported type tag identifier '$arg' + * arg = $arg + */ +} +probe syscall.semctl.return = kernel.function("sys_semctl").return { + name = "semctl" + returnp = 1 +} # semget _____________________________________________________ -/* - * asmlinkage long - * sys_semget (key_t key, - * int nsems, - * int semflg) - */ -probe kernel.syscall.semget = - kernel.function("sys_semget") { - name = "semget" - key = $key - nsems = $nsems - semflg = $semflg - } -probe kernel.syscall.semget.return = - kernel.function("sys_semget").return { - name = "semget.return" - } +# +# asmlinkage long +# sys_semget (key_t key, +# int nsems, +# int semflg) +# +probe syscall.semget = kernel.function("sys_semget") { + name = "semget" + key = $key + nsems = $nsems + semflg = $semflg +} +probe syscall.semget.return = kernel.function("sys_semget").return { + name = "semget" + returnp = 1 +} # semop ______________________________________________________ -/* - * asmlinkage long - * sys_semop (int semid, - * struct sembuf __user *tsops, - * unsigned nsops) - */ -probe kernel.syscall.semop = - kernel.function("sys_semtimedop") { - name = "semop" - semid = $semid - tsops_uaddr = $tsops - nsops = $nsops - } -probe kernel.syscall.semop.return = - kernel.function("sys_semtimedop").return { - name = "semop.return" - } +# +# asmlinkage long +# sys_semop (int semid, +# struct sembuf __user *tsops, +# unsigned nsops) +# +probe syscall.semop = kernel.function("sys_semtimedop") { + name = "semop" + semid = $semid + tsops_uaddr = $tsops + nsops = $nsops +} +probe syscall.semop.return = kernel.function("sys_semtimedop").return { + name = "semop" + returnp = 1 +} # semtimedop _________________________________________________ -/* - * asmlinkage long - * sys_semtimedop(int semid, - * struct sembuf __user *tsops, - * unsigned nsops, - * const struct timespec __user *timeout) - */ -probe kernel.syscall.semtimedop = - kernel.function("sys_semtimedop") { - name = "semtimedop" - semid = $semid - sops_uaddr = $tsops - nsops = $nsops - timeout_uaddr = $timeout - } -probe kernel.syscall.semtimedop.return = - kernel.function("sys_semtimedop").return { - name = "semtimedop.return" - } +# +# asmlinkage long +# sys_semtimedop(int semid, +# struct sembuf __user *tsops, +# unsigned nsops, +# const struct timespec __user *timeout) +# +probe syscall.semtimedop = kernel.function("sys_semtimedop") { + name = "semtimedop" + semid = $semid + sops_uaddr = $tsops + nsops = $nsops + timeout_uaddr = $timeout +} +probe syscall.semtimedop.return = kernel.function("sys_semtimedop").return { + name = "semtimedop" + returnp = 1 +} # send _______________________________________________________ -/* - * asmlinkage long - * sys_sendto(int fd, - * void __user * buff, - * size_t len, - * unsigned flags, - * struct sockaddr __user *addr, - * int addr_len) - */ -probe kernel.syscall.send = - kernel.function("sys_sendto") { - name = "send" - s = $fd - buf_uaddr = $buff - len = $len - flags = $flags - flags_str = _send_flags_str($flags) - to_uaddr = $addr - tolen = $addr_len - } -probe kernel.syscall.send.return = - kernel.function("sys_sendto").return { - name = "send.return" - } +# +# asmlinkage long +# sys_sendto(int fd, +# void __user * buff, +# size_t len, +# unsigned flags, +# struct sockaddr __user *addr, +# int addr_len) +# +probe syscall.send = kernel.function("sys_sendto") { + name = "send" + s = $fd + buf_uaddr = $buff + len = $len + flags = $flags + flags_str = _send_flags_str($flags) + to_uaddr = $addr + tolen = $addr_len +} +probe syscall.send.return = kernel.function("sys_sendto").return { + name = "send" + returnp = 1 +} # sendfile ___________________________________________________ -/* - * asmlinkage ssize_t - * sys_sendfile(int out_fd, - * int in_fd, - * off_t __user *offset, - * size_t count) - */ -probe kernel.syscall.sendfile = - kernel.function("sys_sendfile") { - name = "sendfile" - out_fd = $out_fd - in_fd = $in_fd - offset_uaddr = $offset - count = $count - } -probe kernel.syscall.sendfile.return = - kernel.function("sys_sendfile").return { - name = "sendfile.return" - } +# +# asmlinkage ssize_t +# sys_sendfile(int out_fd, +# int in_fd, +# off_t __user *offset, +# size_t count) +# +probe syscall.sendfile = kernel.function("sys_sendfile") { + name = "sendfile" + out_fd = $out_fd + in_fd = $in_fd + offset_uaddr = $offset + count = $count +} +probe syscall.sendfile.return = kernel.function("sys_sendfile").return { + name = "sendfile" + returnp = 1 +} # sendfile64 _________________________________________________ -/* - * asmlinkage ssize_t - * sys_sendfile64(int out_fd, - * int in_fd, - * loff_t __user *offset, - * size_t count) - */ -probe kernel.syscall.sendfile64 = - kernel.function("sys_sendfile64") { - name = "sendfile64" - out_fd = $out_fd - in_fd = $in_fd - offset_uaddr = $offset - count = $count - } -probe kernel.syscall.sendfile64.return = - kernel.function("sys_sendfile64").return { - name = "sendfile64.return" - } +# +# asmlinkage ssize_t +# sys_sendfile64(int out_fd, +# int in_fd, +# loff_t __user *offset, +# size_t count) +# +probe syscall.sendfile64 = kernel.function("sys_sendfile64") { + name = "sendfile64" + out_fd = $out_fd + in_fd = $in_fd + offset_uaddr = $offset + count = $count +} +probe syscall.sendfile64.return = kernel.function("sys_sendfile64").return { + name = "sendfile64" + returnp = 1 +} # sendmsg ____________________________________________________ -/* - * asmlinkage long - * sys_sendmsg(int fd, - * struct msghdr __user *msg, - * unsigned flags) - */ -probe kernel.syscall.sendmsg = - kernel.function("sys_sendmsg") { - name = "sendmsg" - s = $fd - msg_uaddr = $msg - flags = $flags - flags_str = _send_flags_str($flags) - } -probe kernel.syscall.sendmsg.return = - kernel.function("sys_sendmsg").return { - name = "sendmsg.return" - } +# +# asmlinkage long +# sys_sendmsg(int fd, +# struct msghdr __user *msg, +# unsigned flags) +# +probe syscall.sendmsg = kernel.function("sys_sendmsg") { + name = "sendmsg" + s = $fd + msg_uaddr = $msg + flags = $flags + flags_str = _send_flags_str($flags) +} +probe syscall.sendmsg.return = kernel.function("sys_sendmsg").return { + name = "sendmsg" + returnp = 1 +} # sendto _____________________________________________________ -/* - * asmlinkage long - * sys_sendto(int fd, - * void __user * buff, - * size_t len, - * unsigned flags, - * struct sockaddr __user *addr, - * int addr_len) - */ -probe kernel.syscall.sendto = - kernel.function("sys_sendto") { - name = "sendto" - s = $fd - buf_uaddr = $buff - len = $len - flags = $flags - flags_str = _send_flags_str($flags) - to_uaddr = $addr - tolen = $addr_len - } -probe kernel.syscall.sendto.return = - kernel.function("sys_sendto").return { - name = "sendto.return" - } +# +# asmlinkage long +# sys_sendto(int fd, +# void __user * buff, +# size_t len, +# unsigned flags, +# struct sockaddr __user *addr, +# int addr_len) +# +probe syscall.sendto = kernel.function("sys_sendto") { + name = "sendto" + s = $fd + buf_uaddr = $buff + len = $len + flags = $flags + flags_str = _send_flags_str($flags) + to_uaddr = $addr + tolen = $addr_len +} +probe syscall.sendto.return = kernel.function("sys_sendto").return { + name = "sendto" + returnp = 1 +} # setdomainname ______________________________________________ -/* - * asmlinkage long - * sys_setdomainname(char __user *name, - * int len) - */ -probe kernel.syscall.setdomainname = - kernel.function("sys_setdomainname") { - name = "setdomainname" - hostname_uaddr = $name - len = $len - } -probe kernel.syscall.setdomainname.return = - kernel.function("sys_setdomainname").return { - name = "setdomainname.return" - } +# +# asmlinkage long +# sys_setdomainname(char __user *name, +# int len) +# +probe syscall.setdomainname = kernel.function("sys_setdomainname") { + name = "setdomainname" + hostname_uaddr = $name + len = $len +} +probe syscall.setdomainname.return = + kernel.function("sys_setdomainname").return { + name = "setdomainname" + returnp = 1 +} # setfsgid ___________________________________________________ -/* - * asmlinkage long - * sys_setfsgid(gid_t gid) - */ -probe kernel.syscall.setfsgid = - kernel.function("sys_setfsgid") { - name = "setfsgid" - fsgid = $gid - } -probe kernel.syscall.setfsgid.return = - kernel.function("sys_setfsgid").return { - name = "setfsgid.return" - } +# +# asmlinkage long +# sys_setfsgid(gid_t gid) +# +probe syscall.setfsgid = kernel.function("sys_setfsgid") { + name = "setfsgid" + fsgid = $gid +} +probe syscall.setfsgid.return = kernel.function("sys_setfsgid").return { + name = "setfsgid" + returnp = 1 +} # setfsgid16 _________________________________________________ -/* - * asmlinkage long - * sys_setfsgid16(old_gid_t gid) - */ -probe kernel.syscall.setfsgid16 = - kernel.function("sys_setfsgid") { - name = "setfsgid16" - gid = $gid - } -probe kernel.syscall.setfsgid16.return = - kernel.function("sys_setfsgid").return { - name = "setfsgid16.return" - } +# +# asmlinkage long +# sys_setfsgid16(old_gid_t gid) +# +probe syscall.setfsgid16 = kernel.function("sys_setfsgid") { + name = "setfsgid16" + gid = $gid +} +probe syscall.setfsgid16.return = kernel.function("sys_setfsgid").return { + name = "setfsgid16" + returnp = 1 +} # setfsuid ___________________________________________________ -/* - * asmlinkage long - * sys_setfsuid(uid_t uid) - */ -probe kernel.syscall.setfsuid = - kernel.function("sys_setfsuid") { - name = "setfsuid" - fsuid = $uid - } -probe kernel.syscall.setfsuid.return = - kernel.function("sys_setfsuid").return { - name = "setfsuid.return" - } +# +# asmlinkage long +# sys_setfsuid(uid_t uid) +# +probe syscall.setfsuid = kernel.function("sys_setfsuid") { + name = "setfsuid" + fsuid = $uid +} +probe syscall.setfsuid.return = kernel.function("sys_setfsuid").return { + name = "setfsuid" + returnp = 1 +} # setfsuid16 _________________________________________________ -/* - * asmlinkage long - * sys_setfsuid16(old_uid_t uid) - */ -probe kernel.syscall.setfsuid16 = - kernel.function("sys_setfsuid") { - name = "setfsuid16" - uid = $uid - } -probe kernel.syscall.setfsuid16.return = - kernel.function("sys_setfsuid").return { - name = "setfsuid16.return" - } +# +# asmlinkage long +# sys_setfsuid16(old_uid_t uid) +# +probe syscall.setfsuid16 = kernel.function("sys_setfsuid") { + name = "setfsuid16" + uid = $uid +} +probe syscall.setfsuid16.return = kernel.function("sys_setfsuid").return { + name = "setfsuid16" + returnp = 1 +} # setgid _____________________________________________________ -/* - * asmlinkage long - * sys_setgid(gid_t gid) - */ -probe kernel.syscall.setgid = - kernel.function("sys_setgid") { - name = "setgid" - gid = $gid - } -probe kernel.syscall.setgid.return = - kernel.function("sys_setgid").return { - name = "setgid.return" - } +# +# asmlinkage long +# sys_setgid(gid_t gid) +# +probe syscall.setgid = kernel.function("sys_setgid") { + name = "setgid" + gid = $gid +} +probe syscall.setgid.return = kernel.function("sys_setgid").return { + name = "setgid" + returnp = 1 +} # setgid16 ___________________________________________________ -/* - * asmlinkage long - * sys_setgid16(old_gid_t gid) - */ -probe kernel.syscall.setgid16 = - kernel.function("sys_setgid") { - name = "setgid16" - gid = $gid - } -probe kernel.syscall.setgid16.return = - kernel.function("sys_setgid").return { - name = "setgid16.return" - } +# +# asmlinkage long +# sys_setgid16(old_gid_t gid) +# +probe syscall.setgid16 = kernel.function("sys_setgid") { + name = "setgid16" + gid = $gid +} +probe syscall.setgid16.return = kernel.function("sys_setgid").return { + name = "setgid16" + returnp = 1 +} # setgroups __________________________________________________ -/* - * asmlinkage long - * sys_setgroups(int gidsetsize, - * gid_t __user *grouplist) - */ -probe kernel.syscall.setgroups = - kernel.function("sys_setgroups") { - name = "setgroups" - size = $gidsetsize - /* - * NOTE - * list defined as "gid_t list[]" there - * is no practical way to export these - * values. Therefore just export addr, - * let the user take care of it with - * embedded C if need be. - */ - list_uaddr = $grouplist - } -probe kernel.syscall.setgroups.return = - kernel.function("sys_setgroups").return { - name = "setgroups.return" - } +# +# asmlinkage long +# sys_setgroups(int gidsetsize, +# gid_t __user *grouplist) +# +probe syscall.setgroups = kernel.function("sys_setgroups") { + name = "setgroups" + size = $gidsetsize + /* + * NOTE + * list defined as "gid_t list[]" there + * is no practical way to export these + * values. Therefore just export addr, + * let the user take care of it with + * embedded C if need be. + */ + list_uaddr = $grouplist +} +probe syscall.setgroups.return = kernel.function("sys_setgroups").return { + name = "setgroups" + returnp = 1 +} # setgroups16 ________________________________________________ -/* - * asmlinkage long - * sys_setgroups16(int gidsetsize, - * old_gid_t __user *grouplist) - */ -probe kernel.syscall.setgroups16 = - kernel.function("sys_setgroups16") { - name = "setgroups16" - size = $gidsetsize - list_uaddr = $grouplist - } -probe kernel.syscall.setgroups16.return = - kernel.function("sys_setgroups16").return { - name = "setgroups16.return" - } +# +# asmlinkage long +# sys_setgroups16(int gidsetsize, +# old_gid_t __user *grouplist) +# +probe syscall.setgroups16 = kernel.function("sys_setgroups16") { + name = "setgroups16" + size = $gidsetsize + list_uaddr = $grouplist +} +probe syscall.setgroups16.return = kernel.function("sys_setgroups16").return { + name = "setgroups16" + returnp = 1 +} # sethostname ________________________________________________ -/* - * asmlinkage long - * sys_sethostname(char __user *name, - * int len) - */ -probe kernel.syscall.sethostname = - kernel.function("sys_sethostname") { - name = "sethostname" - hostname_uaddr = $name - len = $len - } -probe kernel.syscall.sethostname.return = - kernel.function("sys_sethostname").return { - name = "sethostname.return" - } +# +# asmlinkage long +# sys_sethostname(char __user *name, +# int len) +# +probe syscall.sethostname = kernel.function("sys_sethostname") { + name = "sethostname" + hostname_uaddr = $name + len = $len +} +probe syscall.sethostname.return = kernel.function("sys_sethostname").return { + name = "sethostname" +} # setitimer __________________________________________________ -/* - * asmlinkage long - * sys_setitimer(int which, - * struct itimerval __user *value, - * struct itimerval __user *ovalue) - */ -probe kernel.syscall.setitimer = - kernel.function("sys_setitimer") { - name = "setitimer" - which = $which - which_str = _itimer_which_str($which) - value_uaddr = $value - ovalue_uaddr = $ovalue - /* - * XXX NOT SAFE -- might sleep - * value_it_interval_tv_sec = __uget_itimerval_tv_m($value,0) - * value_it_interval_tv_usec = __uget_itimerval_tv_m($value,1) - * value_it_value_tv_sec = __uget_itimerval_tv_m($value,2) - * value_it_value_tv_usec = __uget_itimerval_tv_m($value,3) - * ovalue_it_interval_tv_sec = __uget_itimerval_tv_m($ovalue,0) - * ovalue_it_interval_tv_usec =__uget_itimerval_tv_m($ovalue,1) - * ovalue_it_value_tv_sec = __uget_itimerval_tv_m($ovalue,2) - * ovalue_it_value_tv_usec = __uget_itimerval_tv_m($ovalue,3) - */ - } -probe kernel.syscall.setitimer.return = - kernel.function("sys_setitimer").return { - name = "setitimer.return" - } +# +# asmlinkage long +# sys_setitimer(int which, +# struct itimerval __user *value, +# struct itimerval __user *ovalue) +# +probe syscall.setitimer = kernel.function("sys_setitimer") { + name = "setitimer" + which = $which + which_str = _itimer_which_str($which) + value_uaddr = $value + ovalue_uaddr = $ovalue + /* + * XXX NOT SAFE -- might sleep + * value_it_interval_tv_sec = __uget_itimerval_tv_m($value,0) + * value_it_interval_tv_usec = __uget_itimerval_tv_m($value,1) + * value_it_value_tv_sec = __uget_itimerval_tv_m($value,2) + * value_it_value_tv_usec = __uget_itimerval_tv_m($value,3) + * ovalue_it_interval_tv_sec = __uget_itimerval_tv_m($ovalue,0) + * ovalue_it_interval_tv_usec =__uget_itimerval_tv_m($ovalue,1) + * ovalue_it_value_tv_sec = __uget_itimerval_tv_m($ovalue,2) + * ovalue_it_value_tv_usec = __uget_itimerval_tv_m($ovalue,3) + */ +} +probe syscall.setitimer.return = kernel.function("sys_setitimer").return { + name = "setitimer" + returnp = 1 +} # setpgid ____________________________________________________ -/* - * asmlinkage long - * sys_setpgid(pid_t pid, - * pid_t pgid) - */ -probe kernel.syscall.setpgid = - kernel.function("sys_setpgid") { - name = "setpgid" - pid = $pid - pgid = $pgid - } -probe kernel.syscall.setpgid.return = - kernel.function("sys_setpgid").return { - name = "setpgid.return" - } +# +# asmlinkage long +# sys_setpgid(pid_t pid, +# pid_t pgid) +# +probe syscall.setpgid = kernel.function("sys_setpgid") { + name = "setpgid" + pid = $pid + pgid = $pgid +} +probe syscall.setpgid.return = kernel.function("sys_setpgid").return { + name = "setpgid" + returnp = 1 +} # setpriority ________________________________________________ -/* - * asmlinkage long - * sys_setpriority(int which, - * int who, - * int niceval) - */ -probe kernel.syscall.setpriority = - kernel.function("sys_setpriority") { - name = "setpriority" - which = $which - which_str = _priority_which_str($which) - who = $who - prio = $niceval - } -probe kernel.syscall.setpriority.return = - kernel.function("sys_setpriority").return { - name = "setpriority.return" - } +# +# asmlinkage long +# sys_setpriority(int which, +# int who, +# int niceval) +# +probe syscall.setpriority = kernel.function("sys_setpriority") { + name = "setpriority" + which = $which + which_str = _priority_which_str($which) + who = $who + prio = $niceval +} +probe syscall.setpriority.return = kernel.function("sys_setpriority").return { + name = "setpriority" + returnp = 1 +} # setregid ___________________________________________________ -/* - * asmlinkage long - * sys_setregid(gid_t rgid, - * gid_t egid) - */ -probe kernel.syscall.setregid = - kernel.function("sys_setregid") { - name = "setregid" - rgid = $rgid - egid = $egid - } -probe kernel.syscall.setregid.return = - kernel.function("sys_setregid").return { - name = "setregid.return" - } +# +# asmlinkage long +# sys_setregid(gid_t rgid, +# gid_t egid) +# +probe syscall.setregid = kernel.function("sys_setregid") { + name = "setregid" + rgid = $rgid + egid = $egid +} +probe syscall.setregid.return = kernel.function("sys_setregid").return { + name = "setregid" + returnp = 1 +} # setregid16 _________________________________________________ -/* - * asmlinkage long - * sys_setregid16(old_gid_t rgid, - * old_gid_t egid) - */ -probe kernel.syscall.setregid16 = - kernel.function("sys_setregid") { - name = "setregid16" - rgid = $rgid - egid = $egid - } -probe kernel.syscall.setregid16.return = - kernel.function("sys_setregid").return { - name = "setregid16.return" - } +# +# asmlinkage long +# sys_setregid16(old_gid_t rgid, +# old_gid_t egid) +# +probe syscall.setregid16 = kernel.function("sys_setregid") { + name = "setregid16" + rgid = $rgid + egid = $egid +} +probe syscall.setregid16.return = kernel.function("sys_setregid").return { + name = "setregid16" + returnp = 1 +} # setresgid __________________________________________________ -/* - * asmlinkage long - * sys_setresgid(gid_t rgid, - * gid_t egid, - * gid_t sgid) - */ -probe kernel.syscall.setresgid = - kernel.function("sys_setresgid") { - name = "setresgid" - rgid = $rgid - egid = $egid - sgid = $sgid -} -probe kernel.syscall.setresgid.return = - kernel.function("sys_setresgid").return { - name = "setresgid.return" - } +# +# asmlinkage long +# sys_setresgid(gid_t rgid, +# gid_t egid, +# gid_t sgid) +# +probe syscall.setresgid = kernel.function("sys_setresgid") { + name = "setresgid" + rgid = $rgid + egid = $egid + sgid = $sgid +} +probe syscall.setresgid.return = kernel.function("sys_setresgid").return { + name = "setresgid" + returnp = 1 +} # setresgid16 ________________________________________________ -/* - * asmlinkage long - * sys_setresgid16(old_gid_t rgid, - * old_gid_t egid, - * old_gid_t sgid) - */ -probe kernel.syscall.setresgid16 = - kernel.function("sys_setresgid") { - name = "setresgid16" - rgid = $rgid - egid = $egid - sgid = $sgid - } -probe kernel.syscall.setresgid16.return = - kernel.function("sys_setresgid").return { - name = "setresgid16.return" - } +# +# asmlinkage long +# sys_setresgid16(old_gid_t rgid, +# old_gid_t egid, +# old_gid_t sgid) +# +probe syscall.setresgid16 = kernel.function("sys_setresgid") { + name = "setresgid16" + rgid = $rgid + egid = $egid + sgid = $sgid +} +probe syscall.setresgid16.return = kernel.function("sys_setresgid").return { + name = "setresgid16" + returnp = 1 +} # setresuid __________________________________________________ -/* - * asmlinkage long - * sys_setresuid(uid_t ruid, - * uid_t euid, - * uid_t suid) - */ -probe kernel.syscall.setresuid = - kernel.function("sys_setresuid") { - name = "setresuid" - ruid = $ruid - euid = $euid - suid = $suid - } -probe kernel.syscall.setresuid.return = - kernel.function("sys_setresuid").return { - name = "setresuid.return" - } +# +# asmlinkage long +# sys_setresuid(uid_t ruid, +# uid_t euid, +# uid_t suid) +# +probe syscall.setresuid = kernel.function("sys_setresuid") { + name = "setresuid" + ruid = $ruid + euid = $euid + suid = $suid +} +probe syscall.setresuid.return = kernel.function("sys_setresuid").return { + name = "setresuid" + returnp = 1 +} # setresuid16 ________________________________________________ -/* - * asmlinkage long - * sys_setresuid16(old_uid_t ruid, - * old_uid_t euid, - * old_uid_t suid) - */ -probe kernel.syscall.setresuid16 = - kernel.function("sys_setresuid") { - name = "setresuid16" - ruid = $ruid - euid = $euid - suid = $suid - } -probe kernel.syscall.setresuid16.return = - kernel.function("sys_setresuid").return { - name = "setresuid16.return" - } +# +# asmlinkage long +# sys_setresuid16(old_uid_t ruid, +# old_uid_t euid, +# old_uid_t suid) +# +probe syscall.setresuid16 = kernel.function("sys_setresuid") { + name = "setresuid16" + ruid = $ruid + euid = $euid + suid = $suid +} +probe syscall.setresuid16.return = kernel.function("sys_setresuid").return { + name = "setresuid16" + returnp = 1 +} # setreuid ___________________________________________________ -/* - * asmlinkage long - * sys_setreuid(uid_t ruid, - * uid_t euid) - */ -probe kernel.syscall.setreuid = - kernel.function("sys_setreuid") { - name = "setreuid" - ruid = $ruid - euid = $euid - } -probe kernel.syscall.setreuid.return = - kernel.function("sys_setreuid").return { - name = "setreuid.return" - } +# +# asmlinkage long +# sys_setreuid(uid_t ruid, +# uid_t euid) +# +probe syscall.setreuid = kernel.function("sys_setreuid") { + name = "setreuid" + ruid = $ruid + euid = $euid +} +probe syscall.setreuid.return = kernel.function("sys_setreuid").return { + name = "setreuid" + returnp = 1 +} # setreuid16 _________________________________________________ -/* - * asmlinkage long - * sys_setreuid16(old_uid_t ruid, - * old_uid_t euid) - */ -probe kernel.syscall.setreuid16 = - kernel.function("sys_setreuid") { - name = "setreuid16" - ruid = $ruid - euid = $euid - } -probe kernel.syscall.setreuid16.return = - kernel.function("sys_setreuid").return { - name = "setreuid16.return" - } +# +# asmlinkage long +# sys_setreuid16(old_uid_t ruid, +# old_uid_t euid) +# +probe syscall.setreuid16 = kernel.function("sys_setreuid") { + name = "setreuid16" + ruid = $ruid + euid = $euid +} +probe syscall.setreuid16.return = kernel.function("sys_setreuid").return { + name = "setreuid16" + returnp = 1 +} # setrlimit __________________________________________________ -/* - * asmlinkage long - * sys_setrlimit(unsigned int resource, - * struct rlimit __user *rlim) - */ -probe kernel.syscall.setrlimit = - kernel.function("sys_setrlimit") { - name = "setrlimit" - resource = $resource - resource_str = _rlimit_resource_str($resource) - rlim_uaddr = $rlim - } -probe kernel.syscall.setrlimit.return = - kernel.function("sys_setrlimit").return { - name = "setrlimit.return" - } +# +# asmlinkage long +# sys_setrlimit(unsigned int resource, +# struct rlimit __user *rlim) +# +probe syscall.setrlimit = kernel.function("sys_setrlimit") { + name = "setrlimit" + resource = $resource + resource_str = _rlimit_resource_str($resource) + rlim_uaddr = $rlim +} +probe syscall.setrlimit.return = kernel.function("sys_setrlimit").return { + name = "setrlimit" + returnp = 1 +} # setsid _____________________________________________________ -/* - * asmlinkage long - * sys_setsid(void) - */ -probe kernel.syscall.setsid = - kernel.function("sys_setsid") { - name = "setsid" - } -probe kernel.syscall.setsid.return = - kernel.function("sys_setsid").return { - name = "setsid.return" - } +# +# asmlinkage long +# sys_setsid(void) +# +probe syscall.setsid = kernel.function("sys_setsid") { + name = "setsid" +} +probe syscall.setsid.return = kernel.function("sys_setsid").return { + name = "setsid" + returnp = 1 +} # setsockopt _________________________________________________ -/* - * asmlinkage long - * sys_setsockopt(int fd, - * int level, - * int optname, - * char __user *optval, - * int optlen) - */ -probe kernel.syscall.setsockopt = - kernel.function("sys_setsockopt") { - name = "setsockopt" - fd = $fd - level = $level - level_str = _sockopt_level_str($level) - optname = $optname - optname_str = _sockopt_optname_str($optname) - optval_uaddr = $optval - optlen = $optlen - } -probe kernel.syscall.setsockopt.return = - kernel.function("sys_setsockopt").return { - name = "setsockopt.return" - } +# +# asmlinkage long +# sys_setsockopt(int fd, +# int level, +# int optname, +# char __user *optval, +# int optlen) +# +probe syscall.setsockopt = kernel.function("sys_setsockopt") { + name = "setsockopt" + fd = $fd + level = $level + level_str = _sockopt_level_str($level) + optname = $optname + optname_str = _sockopt_optname_str($optname) + optval_uaddr = $optval + optlen = $optlen +} +probe syscall.setsockopt.return = kernel.function("sys_setsockopt").return { + name = "setsockopt" + returnp = 1 +} # set_tid_address ____________________________________________ -/* - * asmlinkage long - * sys_set_tid_address(int __user *tidptr) - */ -probe kernel.syscall.set_tid_address = - kernel.function("sys_set_tid_address") { - name = "set_tid_address" - tidptr_uaddr = $tidptr - } -probe kernel.syscall.set_tid_address.return = - kernel.function("sys_set_tid_address").return { - name = "set_tid_address.return" - } +# +# asmlinkage long +# sys_set_tid_address(int __user *tidptr) +# +probe syscall.set_tid_address = kernel.function("sys_set_tid_address") { + name = "set_tid_address" + tidptr_uaddr = $tidptr +} +probe syscall.set_tid_address.return = + kernel.function("sys_set_tid_address").return { + name = "set_tid_address" + returnp = 1 +} # settimeofday _______________________________________________ -/* - * asmlinkage long - * sys_settimeofday(struct timeval __user *tv, - * struct timezone __user *tz) - */ -probe kernel.syscall.settimeofday = - kernel.function("sys_settimeofday") { - name = "settimeofday" - tv_uaddr = $tv - tz_uaddr = $tz - /* - * XXX NOT SAFE -- might sleep - * tv_tv_sec = __uget_tv_m($tv,0) - * tv_tv_usec = __uget_tv_m($tv,1) - * tz_tz_minuteswest = __uget_tz_m($tz,0) - * tz_tz_dsttime = __uget_tz_m($tz,1) - */ - } -probe kernel.syscall.settimeofday.return = - kernel.function("sys_settimeofday").return { - name = "settimeofday.return" - } +# +# asmlinkage long +# sys_settimeofday(struct timeval __user *tv, +# struct timezone __user *tz) +# +probe syscall.settimeofday = kernel.function("sys_settimeofday") { + name = "settimeofday" + tv_uaddr = $tv + tz_uaddr = $tz + /* + * XXX NOT SAFE -- might sleep + * tv_tv_sec = __uget_tv_m($tv,0) + * tv_tv_usec = __uget_tv_m($tv,1) + * tz_tz_minuteswest = __uget_tz_m($tz,0) + * tz_tz_dsttime = __uget_tz_m($tz,1) + */ +} +probe syscall.settimeofday.return = + kernel.function("sys_settimeofday").return { + name = "settimeofday" + returnp = 1 +} # setuid _____________________________________________________ -/* - * asmlinkage long - * sys_setuid(uid_t uid) - */ -probe kernel.syscall.setuid = - kernel.function("sys_setuid") { - name = "setuid" - uid = $uid - } -probe kernel.syscall.setuid.return = - kernel.function("sys_setuid").return { - name = "setuid.return" - } +# +# asmlinkage long +# sys_setuid(uid_t uid) +# +probe syscall.setuid = kernel.function("sys_setuid") { + name = "setuid" + uid = $uid +} +probe syscall.setuid.return = kernel.function("sys_setuid").return { + name = "setuid" + returnp = 1 +} # setuid16 ___________________________________________________ -/* - * asmlinkage long - * sys_setuid16(old_uid_t uid) - */ -probe kernel.syscall.setuid16 = - kernel.function("sys_setuid") { - name = "setuid16" - uid = $uid - } -probe kernel.syscall.setuid16.return = - kernel.function("sys_setuid").return { - name = "setuid16.return" - } +# +# asmlinkage long +# sys_setuid16(old_uid_t uid) +# +probe syscall.setuid16 = kernel.function("sys_setuid") { + name = "setuid16" + uid = $uid +} +probe syscall.setuid16.return = kernel.function("sys_setuid").return { + name = "setuid16" + returnp = 1 +} # setxattr ___________________________________________________ -/* - * asmlinkage long - * sys_setxattr(char __user *path, - * char __user *name, - * void __user *value, - * size_t size, - * int flags) - */ -probe kernel.syscall.setxattr = - kernel.function("sys_setxattr") { - name = "setxattr" - path_uaddr = $path - name_uaddr = $name - value_uaddr = $value - size = $size - flags = $flags - } -probe kernel.syscall.setxattr.return = - kernel.function("sys_setxattr").return { - name = "setxattr.return" - } +# +# asmlinkage long +# sys_setxattr(char __user *path, +# char __user *name, +# void __user *value, +# size_t size, +# int flags) +# +probe syscall.setxattr = kernel.function("sys_setxattr") { + name = "setxattr" + path_uaddr = $path + name_uaddr = $name + value_uaddr = $value + size = $size + flags = $flags +} +probe syscall.setxattr.return = kernel.function("sys_setxattr").return { + name = "setxattr" + returnp = 1 +} # sgetmask ___________________________________________________ -/* - * sys_sgetmask(void) - */ -probe kernel.syscall.sgetmask = - kernel.function("sys_sgetmask") { - name = "sgetmask" - } -probe kernel.syscall.sgetmask.return = - kernel.function("sys_sgetmask").return { - name = "sgetmask.return" - } +# +# sys_sgetmask(void) +# +probe syscall.sgetmask = kernel.function("sys_sgetmask") { + name = "sgetmask" +} +probe syscall.sgetmask.return = kernel.function("sys_sgetmask").return { + name = "sgetmask" + returnp = 1 +} # shmctl _____________________________________________________ -/* - * asmlinkage long - * sys_shmctl (int shmid, - * int cmd, - * struct shmid_ds __user *buf) - */ -probe kernel.syscall.shmctl = - kernel.function("sys_shmctl") { - name = "shmctl" - shmid = $shmid - cmd = $cmd - buf_uaddr = $buf - } -probe kernel.syscall.shmctl.return = - kernel.function("sys_shmctl").return { - name = "shmctl.return" - } +# +# asmlinkage long +# sys_shmctl (int shmid, +# int cmd, +# struct shmid_ds __user *buf) +# +probe syscall.shmctl = kernel.function("sys_shmctl") { + name = "shmctl" + shmid = $shmid + cmd = $cmd + buf_uaddr = $buf +} +probe syscall.shmctl.return = kernel.function("sys_shmctl").return { + name = "shmctl" + returnp = 1 +} # shmdt ______________________________________________________ -/* - * asmlinkage long - * sys_shmdt(char __user *shmaddr) - */ -probe kernel.syscall.shmdt = - kernel.function("sys_shmdt") { - name = "shmdt" - shmaddr_uaddr = $shmaddr - } -probe kernel.syscall.shmdt.return = - kernel.function("sys_shmdt").return { - name = "shmdt.return" - } +# +# asmlinkage long +# sys_shmdt(char __user *shmaddr) +# +probe syscall.shmdt = kernel.function("sys_shmdt") { + name = "shmdt" + shmaddr_uaddr = $shmaddr +} +probe syscall.shmdt.return = kernel.function("sys_shmdt").return { + name = "shmdt" + returnp = 1 +} # shmget _____________________________________________________ -/* - * asmlinkage long - * sys_shmget (key_t key, - * size_t size, - * int shmflg) - */ -probe kernel.syscall.shmget = - kernel.function("sys_shmget") { - name = "shmget" - key = $key - size = $size - shmflg = $shmflg - } -probe kernel.syscall.shmget.return = - kernel.function("sys_shmget").return { - name = "shmget.return" - } +# +# asmlinkage long +# sys_shmget (key_t key, +# size_t size, +# int shmflg) +# +probe syscall.shmget = kernel.function("sys_shmget") { + name = "shmget" + key = $key + size = $size + shmflg = $shmflg +} +probe syscall.shmget.return = kernel.function("sys_shmget").return { + name = "shmget" + returnp = 1 +} # shutdown ___________________________________________________ -/* - * asmlinkage long - * sys_shutdown(int fd, - * int how) - */ -probe kernel.syscall.shutdown = - kernel.function("sys_shutdown") { - name = "shutdown" - s = $fd - how = $how - how_str = _shutdown_how_str($how) - } -probe kernel.syscall.shutdown.return = - kernel.function("sys_shutdown").return { - name = "shutdown.return" - } +# +# asmlinkage long +# sys_shutdown(int fd, +# int how) +# +probe syscall.shutdown = kernel.function("sys_shutdown") { + name = "shutdown" + s = $fd + how = $how + how_str = _shutdown_how_str($how) +} +probe syscall.shutdown.return = kernel.function("sys_shutdown").return { + name = "shutdown" + returnp = 1 +} # signal _____________________________________________________ -/* - * asmlinkage unsigned long - * sys_signal(int sig, - * __sighandler_t handler) - */ -probe kernel.syscall.signal = - kernel.function("sys_signal") { - name = "signal" - sig = $sig - handler = $handler - } -probe kernel.syscall.signal.return = - kernel.function("sys_signal").return { - name = "signal.return" - } +# +# asmlinkage unsigned long +# sys_signal(int sig, +# __sighandler_t handler) +# +probe syscall.signal = kernel.function("sys_signal") { + name = "signal" + sig = $sig + handler = $handler +} +probe syscall.signal.return = kernel.function("sys_signal").return { + name = "signal" + returnp = 1 +} # sigpending _________________________________________________ -/* - * long do_sigpending(void __user *set, - * unsigned long sigsetsize) - */ -probe kernel.syscall.sigpending = - kernel.function("do_sigpending") { - name = "sigpending" - /* - * NOTE - * set is defined as - * struct { - * unsigned long int __val[128]; - * } - * theres is no practical way to export - * these values. Therefore just export - * addr, let the user take care of it - * with embedded C if need be. - */ - set_uaddr = $set - } -probe kernel.syscall.sigpending.return = - kernel.function("do_sigpending").return { - name = "sigpending.return" - } +# +# long do_sigpending(void __user *set, +# unsigned long sigsetsize) +# +probe syscall.sigpending = kernel.function("do_sigpending") { + name = "sigpending" + /* + * NOTE + * set is defined as + * struct { + * unsigned long int __val[128]; + * } + * theres is no practical way to export + * these values. Therefore just export + * addr, let the user take care of it + * with embedded C if need be. + */ + set_uaddr = $set +} +probe syscall.sigpending.return = kernel.function("do_sigpending").return { + name = "sigpending" + returnp = 1 +} # sigprocmask ________________________________________________ -/* - * asmlinkage long - * sys_sigprocmask(int how, - * old_sigset_t __user *set, - * old_sigset_t __user *oset) - */ -probe kernel.syscall.sigprocmask = - kernel.function("sys_sigprocmask") { - name = "sigprocmask" - how = $how - how_str = _sigprocmask_how_str($how) - /* - * NOTE - * set and oset are defined as - * struct { - * unsigned long int __val[128]; - * } - * theres is no practical way to export - * these values. Therefore just export - * addr, let the user take care of it - * with embedded C if need be. - */ - set_uaddr = $set - oldset_uaddr = $oset - } -probe kernel.syscall.sigprocmask.return = - kernel.function("sigprocmask").return { - name = "sigprocmask.return" - } +# +# asmlinkage long +# sys_sigprocmask(int how, +# old_sigset_t __user *set, +# old_sigset_t __user *oset) +# +probe syscall.sigprocmask = kernel.function("sys_sigprocmask") { + name = "sigprocmask" + how = $how + how_str = _sigprocmask_how_str($how) + /* + * NOTE + * set and oset are defined as + * struct { + * unsigned long int __val[128]; + * } + * theres is no practical way to export + * these values. Therefore just export + * addr, let the user take care of it + * with embedded C if need be. + */ + set_uaddr = $set + oldset_uaddr = $oset +} +probe syscall.sigprocmask.return = kernel.function("sigprocmask").return { + name = "sigprocmask" + returnp = 1 +} # socket _____________________________________________________ -/* - * asmlinkage long - * sys_socket(int family, - * int type, - * int protocol) - */ -probe kernel.syscall.socket = - kernel.function("sys_socket") { - name = "socket" - family = $family - family_str = _sock_family_str($family) - type = $type - type_str = _sock_type_str($type) - protocol = $protocol - } -probe kernel.syscall.socket.return = - kernel.function("sys_socket").return { - name = "socket.return" - } +# +# asmlinkage long +# sys_socket(int family, +# int type, +# int protocol) +# +probe syscall.socket = kernel.function("sys_socket") { + name = "socket" + family = $family + family_str = _sock_family_str($family) + type = $type + type_str = _sock_type_str($type) + protocol = $protocol +} +probe syscall.socket.return = kernel.function("sys_socket").return { + name = "socket" + returnp = 1 +} # socketcall _________________________________________________ -/* - * asmlinkage long - * sys_socketcall(int call, - * unsigned long __user *args) - */ -probe kernel.syscall.socketcall = - kernel.function("sys_socketcall") { - name = "socketcall" - call = $call - args_uaddr = $args - } -probe kernel.syscall.socketcall.return = - kernel.function("sys_socketcall").return { - name = "socketcall.return" - } +# +# asmlinkage long +# sys_socketcall(int call, +# unsigned long __user *args) +# +probe syscall.socketcall = kernel.function("sys_socketcall") { + name = "socketcall" + call = $call + args_uaddr = $args +} +probe syscall.socketcall.return = kernel.function("sys_socketcall").return { + name = "socketcall" + returnp = 1 +} # socketpair _________________________________________________ -/* - * asmlinkage long - * sys_socketpair(int family, - * int type, - * int protocol, - * int __user *usockvec) - */ -probe kernel.syscall.socketpair = - kernel.function("sys_socketpair") { - name = "socketpair" - family = $family - family_str = _sock_family_str($family) - type = $type - type_str = _sock_type_str($type) - protocol = $protocol - sv_uaddr = $usockvec - } -probe kernel.syscall.socketpair.return = - kernel.function("sys_socketpair").return { - name = "socketpair.return" - } +# +# asmlinkage long +# sys_socketpair(int family, +# int type, +# int protocol, +# int __user *usockvec) +# +probe syscall.socketpair = kernel.function("sys_socketpair") { + name = "socketpair" + family = $family + family_str = _sock_family_str($family) + type = $type + type_str = _sock_type_str($type) + protocol = $protocol + sv_uaddr = $usockvec +} +probe syscall.socketpair.return = kernel.function("sys_socketpair").return { + name = "socketpair" + returnp = 1 +} # ssetmask ___________________________________________________ -/* - * asmlinkage long - * sys_ssetmask(int newmask) - */ -probe kernel.syscall.ssetmask = - kernel.function("sys_ssetmask") { - name = "ssetmask" - newmask = $newmask - } -probe kernel.syscall.ssetmask.return = - kernel.function("sys_ssetmask").return { - name = "ssetmask.return" - } +# +# asmlinkage long +# sys_ssetmask(int newmask) +# +probe syscall.ssetmask = kernel.function("sys_ssetmask") { + name = "ssetmask" + newmask = $newmask +} +probe syscall.ssetmask.return = kernel.function("sys_ssetmask").return { + name = "ssetmask" + returnp = 1 +} # stat _______________________________________________________ -/* - * asmlinkage long - * sys_stat(char __user * filename, - * struct __old_kernel_stat __user * statbuf) - */ -probe kernel.syscall.stat = - kernel.function("sys_stat") { - name = "stat" - filename_uaddr = $filename - buf_uaddr = $statbuf - } -probe kernel.syscall.stat.return = - kernel.function("sys_stat").return { - name = "stat.return" - } +# +# asmlinkage long +# sys_stat(char __user * filename, +# struct __old_stat __user * statbuf) +# +probe syscall.stat = kernel.function("sys_stat") { + name = "stat" + filename_uaddr = $filename + buf_uaddr = $statbuf +} +probe syscall.stat.return = kernel.function("sys_stat").return { + name = "stat" + returnp = 1 +} # statfs _____________________________________________________ -/* - * asmlinkage long - * sys_statfs(const char __user * path, - * struct statfs __user * buf) - */ -probe kernel.syscall.statfs = - kernel.function("sys_statfs") { - name = "statfs" - path_uaddr = $path - buf_uaddr = $buf - } -probe kernel.syscall.statfs.return = - kernel.function("sys_statfs").return { - name = "statfs.return" - } +# +# asmlinkage long +# sys_statfs(const char __user * path, +# struct statfs __user * buf) +# +probe syscall.statfs = kernel.function("sys_statfs") { + name = "statfs" + path_uaddr = $path + buf_uaddr = $buf +} +probe syscall.statfs.return = kernel.function("sys_statfs").return { + name = "statfs" + returnp = 1 +} # statfs64 ___________________________________________________ -/* - * asmlinkage long - * sys_statfs64(const char __user *path, - * size_t sz, - * struct statfs64 __user *buf) - */ -probe kernel.syscall.statfs64 = - kernel.function("sys_statfs64") { - name = "statfs64" - path_uaddr = $path - sz = $sz - buf_uaddr = $buf - } -probe kernel.syscall.statfs64.return = - kernel.function("sys_statfs64").return { - name = "statfs64.return" - } +# +# asmlinkage long +# sys_statfs64(const char __user *path, +# size_t sz, +# struct statfs64 __user *buf) +# +probe syscall.statfs64 = kernel.function("sys_statfs64") { + name = "statfs64" + path_uaddr = $path + sz = $sz + buf_uaddr = $buf +} +probe syscall.statfs64.return = kernel.function("sys_statfs64").return { + name = "statfs64" + returnp = 1 +} # stime ______________________________________________________ -/* - * asmlinkage long - * sys_stime(time_t __user *tptr) - */ -probe kernel.syscall.stime = - kernel.function("sys_stime") { - name = "stime" - t_uaddr = $tptr - /* - * XXX NOT SAFE -- might sleep - * t = __uget_num($tptr) - */ - } -probe kernel.syscall.stime.return = - kernel.function("sys_stime").return { - name = "stime.return" - } +# +# asmlinkage long +# sys_stime(time_t __user *tptr) +# +probe syscall.stime = kernel.function("sys_stime") { + name = "stime" + t_uaddr = $tptr + /* + * XXX NOT SAFE -- might sleep + * t = __uget_num($tptr) + */ +} +probe syscall.stime.return = kernel.function("sys_stime").return { + name = "stime" + returnp = 1 +} # swapoff ____________________________________________________ -/* - * asmlinkage long - * sys_swapoff(const char __user * specialfile) - */ -probe kernel.syscall.swapoff = - kernel.function("sys_swapoff") { - name = "swapoff" - path_uaddr = $specialfile - } -probe kernel.syscall.swapoff.return = - kernel.function("sys_swapoff").return { - name = "swapoff.return" - } +# +# asmlinkage long +# sys_swapoff(const char __user * specialfile) +# +probe syscall.swapoff = kernel.function("sys_swapoff") { + name = "swapoff" + path_uaddr = $specialfile +} +probe syscall.swapoff.return = kernel.function("sys_swapoff").return { + name = "swapoff" + returnp = 1 +} # swapon _____________________________________________________ -/* - * asmlinkage long - * sys_swapon(const char __user * specialfile, - * int swap_flags) - */ -probe kernel.syscall.swapon = - kernel.function("sys_swapon") { - name = "swapon" - path_uaddr = $specialfile - swapflags = $swap_flags - } -probe kernel.syscall.swapon.return = - kernel.function("sys_swapon").return { - name = "swapon.return" - } +# +# asmlinkage long +# sys_swapon(const char __user * specialfile, +# int swap_flags) +# +probe syscall.swapon = kernel.function("sys_swapon") { + name = "swapon" + path_uaddr = $specialfile + swapflags = $swap_flags +} +probe syscall.swapon.return = kernel.function("sys_swapon").return { + name = "swapon" + returnp = 1 +} # symlink ____________________________________________________ -/* - * asmlinkage long - * sys_symlink(const char __user * oldname, - * const char __user * newname) - */ -probe kernel.syscall.symlink = - kernel.function("sys_symlink") { - name = "symlink" - oldpath_uaddr = $oldname - newpath_uaddr = $newname - } -probe kernel.syscall.symlink.return = - kernel.function("sys_symlink").return { - name = "symlink.return" - } +# +# asmlinkage long +# sys_symlink(const char __user * oldname, +# const char __user * newname) +# +probe syscall.symlink = kernel.function("sys_symlink") { + name = "symlink" + oldpath_uaddr = $oldname + newpath_uaddr = $newname +} +probe syscall.symlink.return = kernel.function("sys_symlink").return { + name = "symlink" + returnp = 1 +} # sync _______________________________________________________ -/* - * asmlinkage long - * sys_sync(void) - */ -probe kernel.syscall.sync = - kernel.function("do_sync") { - name = "sync" - wait = $wait - } -probe kernel.syscall.sync.return = - kernel.function("do_sync").return { - name = "sync.return" - } +# +# asmlinkage long +# sys_sync(void) +# +probe syscall.sync = kernel.function("do_sync") { + name = "sync" + wait = $wait +} +probe syscall.sync.return = kernel.function("do_sync").return { + name = "sync" + returnp = 1 +} # sysctl _____________________________________________________ -/* - * asmlinkage long - * sys_sysctl(struct __sysctl_args __user *args) - */ -probe kernel.syscall.sysctl = - kernel.function("sys_sysctl") { - name = "sysctl" - args_uaddr = $args - } -probe kernel.syscall.sysctl.return = - kernel.function("sys_sysctl").return { - name = "sysctl.return" - } +# +# asmlinkage long +# sys_sysctl(struct __sysctl_args __user *args) +# +probe syscall.sysctl = kernel.function("sys_sysctl") { + name = "sysctl" + args_uaddr = $args +} +probe syscall.sysctl.return = kernel.function("sys_sysctl").return { + name = "sysctl" + returnp = 1 +} # sysfs ______________________________________________________ -/* - * asmlinkage long - * sys_sysfs(int option, - * unsigned long arg1, - * unsigned long arg2) - */ -probe kernel.syscall.sysfs = - kernel.function("sys_sysfs") { - name = "sysfs" - option = $option - arg1 = $arg1 - arg2 = $arg2 - } -probe kernel.syscall.sysfs.return = - kernel.function("sys_sysfs").return { - name = "sysfs.return" - } +# +# asmlinkage long +# sys_sysfs(int option, +# unsigned long arg1, +# unsigned long arg2) +# +probe syscall.sysfs = kernel.function("sys_sysfs") { + name = "sysfs" + option = $option + arg1 = $arg1 + arg2 = $arg2 +} +probe syscall.sysfs.return = kernel.function("sys_sysfs").return { + name = "sysfs" + returnp = 1 +} # sysinfo ____________________________________________________ -/* - * asmlinkage long - * sys_sysinfo(struct sysinfo __user *info) - */ -probe kernel.syscall.sysinfo = - kernel.function("sys_sysinfo") { - name = "sysinfo" - info_uaddr = $info - } -probe kernel.syscall.sysinfo.return = - kernel.function("sys_sysinfo").return { - name = "sysinfo.return" - } +# +# asmlinkage long +# sys_sysinfo(struct sysinfo __user *info) +# +probe syscall.sysinfo = kernel.function("sys_sysinfo") { + name = "sysinfo" + info_uaddr = $info +} +probe syscall.sysinfo.return = kernel.function("sys_sysinfo").return { + name = "sysinfo" + returnp = 1 +} # syslog _____________________________________________________ -/* - * asmlinkage long - * sys_syslog(int type, - * char __user * buf, - * int len) - */ -probe kernel.syscall.syslog = - kernel.function("do_syslog") { - name = "syslog" - type = $type - bufp_uaddr = $buf - len = $len - } -probe kernel.syscall.syslog.return = - kernel.function("do_syslog").return { - name = "syslog.return" - } +# +# asmlinkage long +# sys_syslog(int type, +# char __user * buf, +# int len) +# +probe syscall.syslog = kernel.function("do_syslog") { + name = "syslog" + type = $type + bufp_uaddr = $buf + len = $len +} +probe syscall.syslog.return = kernel.function("do_syslog").return { + name = "syslog" + returnp = 1 +} # tgkill _____________________________________________________ -/* - * asmlinkage long - * sys_tgkill(int tgid, - * int pid, - * int sig) - */ -probe kernel.syscall.tgkill = - kernel.function("sys_tgkill") { - name = "tgkill" - tgid = $tgid - pid = $pid - sig = $sig - } -probe kernel.syscall.tgkill.return = - kernel.function("sys_tgkill").return { - name = "tgkill.return" - } +# +# asmlinkage long +# sys_tgkill(int tgid, +# int pid, +# int sig) +# +probe syscall.tgkill = kernel.function("sys_tgkill") { + name = "tgkill" + tgid = $tgid + pid = $pid + sig = $sig +} +probe syscall.tgkill.return = kernel.function("sys_tgkill").return { + name = "tgkill" + returnp = 1 +} # time _______________________________________________________ -/* - * asmlinkage long - * sys_time(time_t __user * tloc) - */ -probe kernel.syscall.time = - kernel.function("sys_time") { - name = "time" - t_uaddr = $tloc - /* - * XXX NOT SAFE -- might sleep - * t = __uget_num($tloc) - */ - } -probe kernel.syscall.time.return = - kernel.function("sys_time").return { - name = "time.return" - } +# +# asmlinkage long +# sys_time(time_t __user * tloc) +# +probe syscall.time = kernel.function("sys_time") { + name = "time" + t_uaddr = $tloc + /* + * XXX NOT SAFE -- might sleep + * t = __uget_num($tloc) + */ +} +probe syscall.time.return = kernel.function("sys_time").return { + name = "time" + returnp = 1 +} # timer_create _______________________________________________ -/* - * asmlinkage long - * sys_timer_create(clockid_t which_clock, - * struct sigevent __user *timer_event_spec, - * timer_t __user * created_timer_id) - */ -probe kernel.syscall.timer_create = - kernel.function("sys_timer_create") { - name = "timer_create" - clockid = $which_clock - clockid_str = _get_wc_str($which_clock) - evp_uaddr = $timer_event_spec - timerid_uaddr = $created_timer_id - /* - * XXX NOT SAFE -- might sleep - * timerid = __uget_num($created_timer_id) - */ - } -probe kernel.syscall.timer_create.return = - kernel.function("sys_timer_create").return { - name = "timer_create.return" - } +# +# asmlinkage long +# sys_timer_create(clockid_t which_clock, +# struct sigevent __user *timer_event_spec, +# timer_t __user * created_timer_id) +# +probe syscall.timer_create = kernel.function("sys_timer_create") { + name = "timer_create" + clockid = $which_clock + clockid_str = _get_wc_str($which_clock) + evp_uaddr = $timer_event_spec + timerid_uaddr = $created_timer_id + /* + * XXX NOT SAFE -- might sleep + * timerid = __uget_num($created_timer_id) + */ +} +probe syscall.timer_create.return = + kernel.function("sys_timer_create").return { + name = "timer_create" + returnp = 1 +} # timer_delete _______________________________________________ -/* - * asmlinkage long - * sys_timer_delete(timer_t timer_id) - */ -probe kernel.syscall.timer_delete = - kernel.function("sys_timer_delete") { - name = "timer_delete" - timerid = $timer_id -} -probe kernel.syscall.timer_delete.return = - kernel.function("sys_timer_delete").return { - name = "timer_delete.return" - } +# +# asmlinkage long +# sys_timer_delete(timer_t timer_id) +# +probe syscall.timer_delete = kernel.function("sys_timer_delete") { + name = "timer_delete" + timerid = $timer_id +} +probe syscall.timer_delete.return = kernel.function("sys_timer_delete").return { + name = "timer_delete" + returnp = 1 +} # timer_getoverrun ___________________________________________ -/* - * asmlinkage long - * sys_timer_getoverrun(timer_t timer_id) - */ -probe kernel.syscall.timer_getoverrun = - kernel.function("sys_timer_getoverrun") { - name = "timer_getoverrun" - timerid = $timer_id - } -probe kernel.syscall.timer_getoverrun.return = - kernel.function("sys_timer_getoverrun").return { - name = "timer_getoverrun.return" - } +# +# asmlinkage long +# sys_timer_getoverrun(timer_t timer_id) +# +probe syscall.timer_getoverrun = kernel.function("sys_timer_getoverrun") { + name = "timer_getoverrun" + timerid = $timer_id +} +probe syscall.timer_getoverrun.return = + kernel.function("sys_timer_getoverrun").return { + name = "timer_getoverrun" + returnp = 1 +} # timer_gettime ______________________________________________ -/* - * asmlinkage long - * sys_timer_gettime(timer_t timer_id, - * struct itimerspec __user *setting) - */ -probe kernel.syscall.timer_gettime = - kernel.function("sys_timer_gettime") { - name = "timer_gettime" - timerid = $timer_id - value_uaddr = $setting - /* - * XXX NOT SAFE -- might sleep - * value_it_interval_tv_sec = __uget_itimerspec_ts_m($setting,0) - * value_it_interval_tv_nsec =__uget_itimerspec_ts_m($setting,1) - * value_it_value_tv_sec = __uget_itimerspec_ts_m($setting,2) - * value_it_value_tv_nsec = __uget_itimerspec_ts_m($setting,3) - */ - } -probe kernel.syscall.timer_gettime.return = - kernel.function("sys_timer_gettime").return { - name = "timer_gettime.return" - } +# +# asmlinkage long +# sys_timer_gettime(timer_t timer_id, +# struct itimerspec __user *setting) +# +probe syscall.timer_gettime = kernel.function("sys_timer_gettime") { + name = "timer_gettime" + timerid = $timer_id + value_uaddr = $setting + /* + * XXX NOT SAFE -- might sleep + * value_it_interval_tv_sec = __uget_itimerspec_ts_m($setting,0) + * value_it_interval_tv_nsec =__uget_itimerspec_ts_m($setting,1) + * value_it_value_tv_sec = __uget_itimerspec_ts_m($setting,2) + * value_it_value_tv_nsec = __uget_itimerspec_ts_m($setting,3) + */ +} +probe syscall.timer_gettime.return = + kernel.function("sys_timer_gettime").return { + name = "timer_gettime" + returnp = 1 +} # timer_settime ______________________________________________ -/* - * asmlinkage long - * sys_timer_settime(timer_t timer_id, - * int flags, - * const struct itimerspec __user *new_setting, - * struct itimerspec __user *old_setting) - */ -probe kernel.syscall.timer_settime = - kernel.function("sys_timer_settime") { - name = "timer_settime" - timerid = $timer_id - flags = $flags - value_uaddr = $new_setting - ovalue_uaddr = $old_setting - } -probe kernel.syscall.timer_settime.return = - kernel.function("sys_timer_settime").return { - name = "timer_settime.return" - } +# +# asmlinkage long +# sys_timer_settime(timer_t timer_id, +# int flags, +# const struct itimerspec __user *new_setting, +# struct itimerspec __user *old_setting) +# +probe syscall.timer_settime = kernel.function("sys_timer_settime") { + name = "timer_settime" + timerid = $timer_id + flags = $flags + value_uaddr = $new_setting + ovalue_uaddr = $old_setting +} +probe syscall.timer_settime.return = + kernel.function("sys_timer_settime").return { + name = "timer_settime" + returnp = 1 +} # times ______________________________________________________ -/* - * asmlinkage long - * sys_times(struct tms __user * tbuf) - */ -probe kernel.syscall.times = - kernel.function("sys_times") { - name = "times" - buf_uaddr = $tbuf - /* - * XXX NOT SAFE -- might sleep - * buf_tms_utime = __uget_tms_m($tbuf,0) - * buf_tms_stime = __uget_tms_m($tbuf,1) - * buf_tms_cutime = __uget_tms_m($tbuf,2) - * buf_tms_cstime = __uget_tms_m($tbuf,3) - */ - } -probe kernel.syscall.times.return = - kernel.function("sys_times").return { - name = "times.return" - } +# +# asmlinkage long +# sys_times(struct tms __user * tbuf) +# +probe syscall.times = kernel.function("sys_times") { + name = "times" + buf_uaddr = $tbuf + /* + * XXX NOT SAFE -- might sleep + * buf_tms_utime = __uget_tms_m($tbuf,0) + * buf_tms_stime = __uget_tms_m($tbuf,1) + * buf_tms_cutime = __uget_tms_m($tbuf,2) + * buf_tms_cstime = __uget_tms_m($tbuf,3) + */ +} +probe syscall.times.return = kernel.function("sys_times").return { + name = "times" + returnp = 1 +} # tkill ______________________________________________________ -/* - * asmlinkage long - * sys_tkill(int pid, - * int sig) - */ -probe kernel.syscall.tkill = - kernel.function("sys_tkill") { - name = "tkill" - pid = $pid - sig = $sig - } -probe kernel.syscall.tkill.return = - kernel.function("sys_tkill").return { - name = "tkill.return" - } +# +# asmlinkage long +# sys_tkill(int pid, +# int sig) +# +probe syscall.tkill = kernel.function("sys_tkill") { + name = "tkill" + pid = $pid + sig = $sig +} +probe syscall.tkill.return = kernel.function("sys_tkill").return { + name = "tkill" + returnp = 1 +} # truncate ___________________________________________________ -/* - * asmlinkage long - * sys_truncate(const char __user * path, - * unsigned long length) - */ -probe kernel.syscall.truncate = - kernel.function("sys_truncate") { - name = "truncate" - path_uaddr = $path - length = $length - } -probe kernel.syscall.truncate.return = - kernel.function("sys_truncate").return { - name = "truncate.return" - } +# +# asmlinkage long +# sys_truncate(const char __user * path, +# unsigned long length) +# +probe syscall.truncate = kernel.function("sys_truncate") { + name = "truncate" + path_uaddr = $path + length = $length +} +probe syscall.truncate.return = kernel.function("sys_truncate").return { + name = "truncate" + returnp = 1 +} # truncate64 _________________________________________________ -/* - * asmlinkage long - * sys_truncate64(const char __user * path, - * loff_t length) - */ -probe kernel.syscall.truncate64 = - kernel.function("sys_truncate") { - name = "truncate64" - path_uaddr = $path - length = $length - } -probe kernel.syscall.truncate64.return = - kernel.function("sys_truncate").return { - name = "truncate64.return" - } +# +# asmlinkage long +# sys_truncate64(const char __user * path, +# loff_t length) +# +probe syscall.truncate64 = kernel.function("sys_truncate") { + name = "truncate64" + path_uaddr = $path + length = $length +} +probe syscall.truncate64.return = kernel.function("sys_truncate").return { + name = "truncate64" + returnp = 1 +} # umount _____________________________________________________ -/* - * asmlinkage long - * sys_umount(char __user * name, - * int flags) - */ -probe kernel.syscall.umount = - kernel.function("sys_umount") { - name = "umount" - target_uaddr = $name - flags = $flags - flags_str = _mountflags_str($flags) - } -probe kernel.syscall.umount.return = - kernel.function("sys_umount").return { - name = "umount.return" - } +# +# asmlinkage long +# sys_umount(char __user * name, +# int flags) +# +probe syscall.umount = kernel.function("sys_umount") { + name = "umount" + target_uaddr = $name + flags = $flags + flags_str = _mountflags_str($flags) +} +probe syscall.umount.return = kernel.function("sys_umount").return { + name = "umount" + returnp = 1 +} # uname ______________________________________________________ -/* - * asmlinkage int - * int sys_uname(struct old_utsname __user *name) - */ -probe kernel.syscall.uname = - kernel.function("sys_uname") { - name = "uname" - name_uaddr = $name - } -probe kernel.syscall.uname.return = - kernel.function("sys_uname").return { - name = "uname.return" - } +# +# asmlinkage int +# int sys_uname(struct old_utsname __user *name) +# +probe syscall.uname = kernel.function("sys_uname") { + name = "uname" + name_uaddr = $name +} +probe syscall.uname.return = kernel.function("sys_uname").return { + name = "uname" + returnp = 1 +} # unlink _____________________________________________________ -/* - * asmlinkage long - * sys_unlink(const char __user * pathname) - */ -probe kernel.syscall.unlink = - kernel.function("sys_unlink") { - name = "unlink" - pathname_uaddr = $pathname - } -probe kernel.syscall.unlink.return = - kernel.function("sys_unlink").return { - name = "unlink.return" - } +# +# asmlinkage long +# sys_unlink(const char __user * pathname) +# +probe syscall.unlink = kernel.function("sys_unlink") { + name = "unlink" + pathname_uaddr = $pathname +} +probe syscall.unlink.return = kernel.function("sys_unlink").return { + name = "unlink" + returnp = 1 +} # uselib _____________________________________________________ -/* - * asmlinkage long - * sys_uselib(const char __user * library) - */ -probe kernel.syscall.uselib = - kernel.function("sys_uselib") { - name = "uselib" - library_uaddr = $library - } -probe kernel.syscall.uselib.return = - kernel.function("sys_uselib").return { - name = "uselib.return" - } +# +# asmlinkage long +# sys_uselib(const char __user * library) +# +probe syscall.uselib = kernel.function("sys_uselib") { + name = "uselib" + library_uaddr = $library +} +probe syscall.uselib.return = kernel.function("sys_uselib").return { + name = "uselib" + returnp = 1 +} # ustat ______________________________________________________ -/* - * asmlinkage long - * sys_ustat(unsigned dev, - * struct ustat __user * ubuf) - */ -probe kernel.syscall.ustat = - kernel.function("sys_ustat") { - name = "ustat" - dev = $dev - ubuf_uaddr = $ubuf - } -probe kernel.syscall.ustat.return = - kernel.function("sys_ustat").return { - name = "ustat.return" - } +# +# asmlinkage long +# sys_ustat(unsigned dev, +# struct ustat __user * ubuf) +# +probe syscall.ustat = kernel.function("sys_ustat") { + name = "ustat" + dev = $dev + ubuf_uaddr = $ubuf +} +probe syscall.ustat.return = kernel.function("sys_ustat").return { + name = "ustat" + returnp = 1 +} # utime ______________________________________________________ -/* - * asmlinkage long - * sys_utime(char __user * filename, - * struct utimbuf __user * times) - */ -probe kernel.syscall.utime = - kernel.function("sys_utime") { - name = "utime" - filename_uaddr = $filename - buf_uaddr = $times - } -probe kernel.syscall.utime.return = - kernel.function("sys_utime").return { - name = "utime.return" - } +# +# asmlinkage long +# sys_utime(char __user * filename, +# struct utimbuf __user * times) +# +probe syscall.utime = kernel.function("sys_utime") { + name = "utime" + filename_uaddr = $filename + buf_uaddr = $times +} +probe syscall.utime.return = kernel.function("sys_utime").return { + name = "utime" + returnp = 1 +} # utimes _____________________________________________________ -/* - * asmlinkage long - * sys_utimes(char __user * filename, - * struct timeval __user * utimes) - */ -probe kernel.syscall.utimes = - kernel.function("sys_utimes") { - name = "utimes" - filename_uaddr = $filename - tvp_uaddr = $utimes - } -probe kernel.syscall.utimes.return = - kernel.function("sys_utimes").return { - name = "utimes.return" - } +# +# asmlinkage long +# sys_utimes(char __user * filename, +# struct timeval __user * utimes) +# +probe syscall.utimes = kernel.function("sys_utimes") { + name = "utimes" + filename_uaddr = $filename + tvp_uaddr = $utimes +} +probe syscall.utimes.return = kernel.function("sys_utimes").return { + name = "utimes" + returnp = 1 +} # vfork ______________________________________________________ -/* - * asmlinkage long - * do_fork(unsigned long clone_flags, - * unsigned long stack_start, - * struct pt_regs *regs, - * unsigned long stack_size, - * int __user *parent_tidptr, - * int __user *child_tidptr) - */ -probe kernel.syscall.vfork = - kernel.function("do_fork") { - name = "vfork" - clone_flags = $clone_flags - /* - * unable to find local 'start_stack' (maybe i386 specific) - * start_stack = $start_stack - */ - regs_uaddr = $regs - stack_size = $stack_size - parent_tid_uaddr = $parent_tidptr - child_tid_uaddr = $child_tidptr - } -probe kernel.syscall.vfork.return = - kernel.function("do_fork").return { - name = "vfork.return" - } +# +# asmlinkage long +# do_fork(unsigned long clone_flags, +# unsigned long stack_start, +# struct pt_regs *regs, +# unsigned long stack_size, +# int __user *parent_tidptr, +# int __user *child_tidptr) +# +probe syscall.vfork = kernel.function("do_fork") { + name = "vfork" + clone_flags = $clone_flags + /* + * unable to find local 'start_stack' (maybe i386 specific) + * start_stack = $start_stack + */ + regs_uaddr = $regs + stack_size = $stack_size + parent_tid_uaddr = $parent_tidptr + child_tid_uaddr = $child_tidptr +} +probe syscall.vfork.return = kernel.function("do_fork").return { + name = "vfork" + returnp = 1 +} # vhangup ____________________________________________________ -/* - * asmlinkage long - * sys_vhangup(void) - */ -probe kernel.syscall.vhangup = - kernel.function("sys_vhangup") { - name = "vhangup" - } -probe kernel.syscall.vhangup.return = - kernel.function("sys_vhangup").return { - name = "vhangup.return" - } +# +# asmlinkage long +# sys_vhangup(void) +# +probe syscall.vhangup = kernel.function("sys_vhangup") { + name = "vhangup" +} +probe syscall.vhangup.return = kernel.function("sys_vhangup").return { + name = "vhangup" + returnp = 1 +} # wait4 ______________________________________________________ -/* - * asmlinkage long - * sys_wait4(pid_t pid, - * int __user *stat_addr, - * int options, - * struct rusage __user *ru) - */ -probe kernel.syscall.wait4 = - kernel.function("sys_wait4") { - name = "wait4" - pid = $pid - status_uaddr = $stat_addr - options = $options - options_str = _wait4_opt_str($options) - rusage_uaddr = $ru - } -probe kernel.syscall.wait4.return = - kernel.function("sys_wait4").return { - name = "wait4.return" - } +# +# asmlinkage long +# sys_wait4(pid_t pid, +# int __user *stat_addr, +# int options, +# struct rusage __user *ru) +# +probe syscall.wait4 = kernel.function("sys_wait4") { + name = "wait4" + pid = $pid + status_uaddr = $stat_addr + options = $options + options_str = _wait4_opt_str($options) + rusage_uaddr = $ru +} +probe syscall.wait4.return = kernel.function("sys_wait4").return { + name = "wait4" + returnp = 1 +} # waitid _____________________________________________________ -/* - * asmlinkage long - * sys_waitid(int which, - * pid_t pid, - * struct siginfo __user *infop, - * int options, - * struct rusage __user *ru) - */ -probe kernel.syscall.waitid = - kernel.function("sys_waitid") { - name = "waitid" - which = $which - which_str = _waitid_which_str($which) - pid = $pid - infop_uaddr = $infop - options = $options - options_str = _wait4_opt_str($options) - } -probe kernel.syscall.waitid.return = - kernel.function("sys_waitid").return { - name = "waitid.return" - } +# +# asmlinkage long +# sys_waitid(int which, +# pid_t pid, +# struct siginfo __user *infop, +# int options, +# struct rusage __user *ru) +# +probe syscall.waitid = kernel.function("sys_waitid") { + name = "waitid" + which = $which + which_str = _waitid_which_str($which) + pid = $pid + infop_uaddr = $infop + options = $options + options_str = _wait4_opt_str($options) +} +probe syscall.waitid.return = kernel.function("sys_waitid").return { + name = "waitid" + returnp = 1 +} # waitpid ____________________________________________________ -/* - * asmlinkage long - * sys_wait4(pid_t pid, - * int __user *stat_addr, - * int options, - * struct rusage __user *ru) - */ -probe kernel.syscall.waitpid = - kernel.function("sys_wait4") { - name = "waitpid" - pid = $pid - status_uaddr = $stat_addr - options = $options - options_str = _wait4_opt_str($options) - rusage_uaddr = $ru - } -probe kernel.syscall.waitpid.return = - kernel.function("sys_wait4").return { - name = "waitpid.return" - } +# +# asmlinkage long +# sys_wait4(pid_t pid, +# int __user *stat_addr, +# int options, +# struct rusage __user *ru) +# +probe syscall.waitpid = kernel.function("sys_wait4") { + name = "waitpid" + pid = $pid + status_uaddr = $stat_addr + options = $options + options_str = _wait4_opt_str($options) + rusage_uaddr = $ru +} +probe syscall.waitpid.return = kernel.function("sys_wait4").return { + name = "waitpid" + returnp = 1 +} # write ______________________________________________________ -/* - * asmlinkage ssize_t - * sys_write(unsigned int fd, - * const char __user * buf, - * size_t count) - */ -probe kernel.syscall.write = - kernel.function("sys_write") { - name = "write" - fd = $fd - buf_uaddr = $buf - count = $count - } -probe kernel.syscall.write.return = - kernel.function("sys_write").return { - name = "write.return" - } +# +# asmlinkage ssize_t +# sys_write(unsigned int fd, +# const char __user * buf, +# size_t count) +# +probe syscall.write = kernel.function("sys_write") { + name = "write" + fd = $fd + buf_uaddr = $buf + count = $count +} +probe syscall.write.return = kernel.function("sys_write").return { + name = "write" + returnp = 1 +} # writev _____________________________________________________ -/* - * asmlinkage ssize_t - * sys_writev(unsigned long fd, - * const struct iovec __user *vec, - * unsigned long vlen) - */ -probe kernel.syscall.writev = - kernel.function("sys_writev") { - name = "writev" - fd = $fd - vector_uaddr = $vec - count = $vlen - } -probe kernel.syscall.writev.return = - kernel.function("sys_writev").return { - name = "writev.return" - } +# +# asmlinkage ssize_t +# sys_writev(unsigned long fd, +# const struct iovec __user *vec, +# unsigned long vlen) +# +probe syscall.writev = kernel.function("sys_writev") { + name = "writev" + fd = $fd + vector_uaddr = $vec + count = $vlen +} +probe syscall.writev.return = kernel.function("sys_writev").return { + name = "writev" + returnp = 1 +} + |