diff options
| author | kevinrs <kevinrs> | 2005-12-07 18:15:49 +0000 |
|---|---|---|
| committer | kevinrs <kevinrs> | 2005-12-07 18:15:49 +0000 |
| commit | 406357f996e25314b86e75f9bea436e478637fd1 (patch) | |
| tree | 9af4315e9327819cb317ab056c929978a3f53c6b | |
| parent | 456aa31c26cbaa32a4964b621b7d3e06152aaf17 (diff) | |
| download | systemtap-steved-406357f996e25314b86e75f9bea436e478637fd1.tar.gz systemtap-steved-406357f996e25314b86e75f9bea436e478637fd1.tar.xz systemtap-steved-406357f996e25314b86e75f9bea436e478637fd1.zip | |
* system_calls.stp:
* alphabatized for easier navigation
* removed comments from reference to void pointer args
* removed reference to some unsafe copy_from_user funcs
* added final aliases for i386
* aux_syscalls.stp
* commented out embedded C functions that made use of
copy_from_user(), a function that might sleep and that
was causing Oops on my machine when sleep was called
from invalid context.
| -rw-r--r-- | tapset/aux_syscalls.stp | 41 | ||||
| -rw-r--r-- | tapset/system_calls.stp | 8500 |
2 files changed, 4469 insertions, 4072 deletions
diff --git a/tapset/aux_syscalls.stp b/tapset/aux_syscalls.stp index cdce603f..d23f6b19 100644 --- a/tapset/aux_syscalls.stp +++ b/tapset/aux_syscalls.stp @@ -1,10 +1,11 @@ /* - * Return the 64 bit long value of the + * Return the 64 bit long value of the * scalar user space pointer parameter * CALLERS: * kernel.syscall.time * kernel.syscall.stime */ +/* function __uget_num:long(u_addr:long) %{ long long val = 0; @@ -15,14 +16,15 @@ function __uget_num:long(u_addr:long) } else THIS->__retvalue = val; %} - +*/ /* - * Return a time_t/subseconds_t member value of + * Return a time_t/subseconds_t member value of * struct timeval user space pointer parameter * CALLERS: * kernel.syscall.gettimeofday - * kernel.syscall.settimeofday + * kernel.syscall.settimeofday */ +/* function __uget_tv_m:long(u_addr:long,member:long) %{ struct timeval tv; @@ -36,15 +38,16 @@ function __uget_tv_m:long(u_addr:long,member:long) else THIS->__retvalue = tv.tv_usec; %} - +*/ /* * Return a time_t / subseconds_t member value of - * one of the struct timevals in the struct itimerval + * one of the struct timevals in the struct itimerval * user space pointer parameter * CALLERS: * kernel.syscall.getitimer * kernel.syscall.setitimer */ +/* function __uget_itimerval_tv_m:long(u_addr:long,member:long) %{ struct itimerval itv; @@ -67,7 +70,7 @@ function __uget_itimerval_tv_m:long(u_addr:long,member:long) default: THIS->__retvalue = -1; } %} - +*/ /* * Return a integer member value of struct * timezone user space pointer parameter @@ -75,6 +78,7 @@ function __uget_itimerval_tv_m:long(u_addr:long,member:long) * kernel.syscall.gettimeofday * kernel.syscall.settimeofday */ +/* function __uget_tz_m:long(u_addr:long,member:long) %{ struct timezone tz; @@ -88,13 +92,14 @@ function __uget_tz_m:long(u_addr:long,member:long) else THIS->__retvalue = tz.tz_dsttime; %} - +*/ /* - * Return integer member value of struct + * Return integer member value of struct * timex user space pointer parameter * CALLERS: * kernel.syscall.adjtimex */ +/* function __uget_timex_m:long(u_addr:long,member:long) %{ struct timex tx; @@ -133,13 +138,14 @@ function __uget_timex_m:long(u_addr:long,member:long) default: THIS->__retvalue = -1; } %} - +*/ /* - * Return the clock_t member value of the + * Return the clock_t member value of the * struct tms user space pointer parameter * CALLERS: - * kernel.syscall.times + * kernel.syscall.times */ +/* %{ #include <linux/times.h> %} function __uget_tms_m:long(u_addr:long,member:long) %{ @@ -161,13 +167,14 @@ function __uget_tms_m:long(u_addr:long,member:long) default: THIS->__retvalue = -1; } %} - +*/ /* * Return a time_t / long member value of the * struct timespec user space pointer parameter * CALLERS: * kernel.syscall.nanosleep */ +/* function __uget_ts_m:long(u_addr:long,member:long) %{ struct timespec ts; @@ -181,14 +188,15 @@ function __uget_ts_m:long(u_addr:long,member:long) else THIS->__retvalue = ts.tv_nsec; %} - +*/ /* * Return a time_t / long member value of the - * struct timespecs in struct itimerspec user + * struct timespecs in struct itimerspec user * space pointer parameter * CALLERS: * kernel.syscall.timer_gettime */ +/* function __uget_itimerspec_ts_m:long(u_addr:long,member:long) %{ struct itimerspec its; @@ -211,7 +219,7 @@ function __uget_itimerspec_ts_m:long(u_addr:long,member:long) default: THIS->__retvalue = -1; } %} - +*/ /* * Return the symbolic string representation * of the struct timex.mode member of adjtimex @@ -844,4 +852,3 @@ function _rusage_who_str(w) { if(w==-1) return "RUSAGE_CHILDREN" return "" } - diff --git a/tapset/system_calls.stp b/tapset/system_calls.stp index 9ceca7a1..f2b7aed3 100644 --- a/tapset/system_calls.stp +++ b/tapset/system_calls.stp @@ -7,2440 +7,2220 @@ // Public License (GPL); either version 2, or (at your option) any // later version. -# time_____________________________________________ +# accept _____________________________________________________ /* * asmlinkage long - * sys_time(time_t __user * tloc) + * sys_accept(int fd, + * struct sockaddr __user *upeer_sockaddr, + * int __user *upeer_addrlen) */ -probe kernel.syscall.time = - kernel.function("sys_time") { - name = "time" - t_uaddr = $tloc - t = __uget_num($tloc) +probe kernel.syscall.accept = + kernel.function("sys_accept") { + name = "accept" + s = $fd + addr_uaddr = $upeer_sockaddr + addrlen_uaddr = $upeer_addrlen } -probe kernel.syscall.time.return = - kernel.function("sys_time").return { - name = "time.return" +probe kernel.syscall.accept.return = + kernel.function("sys_accept").return { + name = "accept.return" } -# stime____________________________________________ +# access _____________________________________________________ /* * asmlinkage long - * sys_stime(time_t __user *tptr) + * sys_access(const char __user * filename, + * int mode) */ -probe kernel.syscall.stime = - kernel.function("sys_stime") { - name = "stime" - t_uaddr = $tptr - t = __uget_num($tptr) +probe kernel.syscall.access = + kernel.function("sys_access") { + name = "access" + pathname_uaddr = $filename + mode = $mode + mode_str = _access_mode_str($mode) } -probe kernel.syscall.stime.return = - kernel.function("sys_stime").return { - name = "stime.return" +probe kernel.syscall.access.return = + kernel.function("sys_access").return { + name = "access.return" } -# gettimeofday_____________________________________ -/* - * asmlinkage long - * sys_gettimeofday(struct timeval __user *tv, - * struct timezone __user *tz) +# acct _______________________________________________________ +/* + * asmlinkage long + * sys_acct(const char __user *name) */ -probe kernel.syscall.gettimeofday = - kernel.function("sys_gettimeofday") { - name = "gettimeofday" - tv_uaddr = $tv - tz_uaddr = $tz - tv_tv_sec = __uget_tv_m($tv,0) - tv_tv_usec = __uget_tv_m($tv,1) - tz_tz_minuteswest = __uget_tz_m($tz,0) - tz_tz_dsttime = __uget_tz_m($tz,1) +probe kernel.syscall.acct = + kernel.function("sys_acct") { + name = "acct" + filename_uaddr = $name + /* + * XXX NOT SAFE -- might sleep + * filename = user_string($name) + */ } -probe kernel.syscall.gettimeofday.return = - kernel.function("sys_gettimeofday").return { - name = "gettimeofday.return" +probe kernel.syscall.acct.return = + kernel.function("sys_acct").return { + name = "acct.return" } -# settimeofday_____________________________________ -/* - * asmlinkage long - * sys_settimeofday(struct timeval __user *tv, - * struct timezone __user *tz) +# add_key ____________________________________________________ +/* + * asmlinkage long + * sys_add_key(const char __user *_type, + * const char __user *_description, + * const void __user *_payload, + * size_t plen, + * key_serial_t ringid) */ -probe kernel.syscall.settimeofday = - kernel.function("sys_settimeofday") { - name = "settimeofday" - tv_uaddr = $tv - tz_uaddr = $tz - tv_tv_sec = __uget_tv_m($tv,0) - tv_tv_usec = __uget_tv_m($tv,1) - tz_tz_minuteswest = __uget_tz_m($tz,0) - tz_tz_dsttime = __uget_tz_m($tz,1) +probe kernel.syscall.add_key = + kernel.function("sys_add_key") { + name = "add_key" + type_uaddr = $_type + description_auddr = $_description + payload_uaddr = $_payload + plen = $plen + ringid = $ringid } -probe kernel.syscall.settimeofday.return = - kernel.function("sys_settimeofday").return { - name = "settimeofday.return" +probe kernel.syscall.add_key.return = + kernel.function("sys_add_key").return { + name = "add_key.return" } -# adjtimex_________________________________________ -/* - * asmlinkage long +# adjtimex ___________________________________________________ +/* + * asmlinkage long * sys_adjtimex(struct timex __user *txc_p) */ -probe kernel.syscall.adjtimex = +probe kernel.syscall.adjtimex = kernel.function("sys_adjtimex") { name = "adjtimex" buf_uaddr = $txc_p - buf_modes = __uget_timex_m($txc_p,0) - buf_modes_str = _adjtx_mode_str(buf_modes) - buf_offset = __uget_timex_m($txc_p,1) - buf_freq = __uget_timex_m($txc_p,2) - buf_maxerror = __uget_timex_m($txc_p,3) - buf_esterror = __uget_timex_m($txc_p,4) - buf_status = __uget_timex_m($txc_p,5) - buf_constant = __uget_timex_m($txc_p,6) - buf_precision = __uget_timex_m($txc_p,7) - buf_tolerance = __uget_timex_m($txc_p,8) - buf_time_tv_sec = __uget_timex_m($txc_p,9) - buf_time_tv_usec = __uget_timex_m($txc_p,10) - buf_tick = __uget_timex_m($txc_p,11) - } -probe kernel.syscall.adjtimex.return = + /* + * XXX NOT SAFE -- might sleep + * buf_modes = __uget_timex_m($txc_p,0) + */ + buf_modes_str = _adjtx_mode_str(buf_modes) + /* + * XXX NOT SAFE -- might sleep + * buf_offset = __uget_timex_m($txc_p,1) + * buf_freq = __uget_timex_m($txc_p,2) + * buf_maxerror = __uget_timex_m($txc_p,3) + * buf_esterror = __uget_timex_m($txc_p,4) + * buf_status = __uget_timex_m($txc_p,5) + * buf_constant = __uget_timex_m($txc_p,6) + * buf_precision = __uget_timex_m($txc_p,7) + * buf_tolerance = __uget_timex_m($txc_p,8) + * buf_time_tv_sec = __uget_timex_m($txc_p,9) + * buf_time_tv_usec = __uget_timex_m($txc_p,10) + * buf_tick = __uget_timex_m($txc_p,11) + */ + } +probe kernel.syscall.adjtimex.return = kernel.function("sys_adjtimex").return { name = "adjtimex.return" } -# times____________________________________________ +# alarm ______________________________________________________ /* - * asmlinkage long - * sys_times(struct tms __user * tbuf) + * asmlinkage unsigned long + * sys_alarm (unsigned int seconds) */ -probe kernel.syscall.times = - kernel.function("sys_times") { - name = "times" - buf_uaddr = $tbuf - buf_tms_utime = __uget_tms_m($tbuf,0) - buf_tms_stime = __uget_tms_m($tbuf,1) - buf_tms_cutime = __uget_tms_m($tbuf,2) - buf_tms_cstime = __uget_tms_m($tbuf,3) +probe kernel.syscall.alarm = + kernel.function("sys_alarm") { + name = "alarm" + seconds = $seconds } -probe kernel.syscall.times.return = - kernel.function("sys_times").return { - name = "times.return" +probe kernel.syscall.alarm.return = + kernel.function("sys_alarm").return { + name = "alarm.return" } -# gettid___________________________________________ -/* +# bdflush ____________________________________________________ +/* * asmlinkage long - * sys_gettid(void) + * sys_bdflush(int func, + * long data) */ -probe kernel.syscall.gettid = - kernel.function("sys_gettid") { - name = "gettid" +probe kernel.syscall.bdflush = + kernel.function("sys_bdflush") { + name = "bdflush" + func = $func + data = $data } -probe kernel.syscall.gettid.return = - kernel.function("sys_gettid").return { - name = "gettid.return" +probe kernel.syscall.bdflush.return = + kernel.function("sys_bdflush").return { + name = "bdflush.return" } -# nanosleep________________________________________ -/* - * asmlinkage long - * sys_nanosleep(struct timespec __user *rqtp, - * struct timespec __user *rmtp) +# bind _______________________________________________________ +/* + * asmlinkage long + * sys_bind(int fd, + * struct sockaddr __user *umyaddr, + * int addrlen) */ -probe kernel.syscall.nanosleep = - kernel.function("sys_nanosleep") { - name = "nanosleep" - req_uaddr = $rqtp - rem_uaddr = $rmtp - req_tv_sec = __uget_ts_m($rqtp,0) - req_tv_nsec = __uget_ts_m($rqtp,1) - rem_tv_sec = __uget_ts_m($rmtp,0) - rem_tv_nsec = __uget_ts_m($rmtp,1) +probe kernel.syscall.bind = + kernel.function("sys_bind") { + name = "bind" + sockfd = $fd + my_addr_uaddr = $umyaddr + addrlen = $addrlen } -probe kernel.syscall.nanosleep.return = - kernel.function("sys_nanosleep").return { - name = "nanosleep.return" +probe kernel.syscall.bind.return = + kernel.function("sys_bind").return { + name = "bind.return" } -# alarm____________________________________________ +# brk ________________________________________________________ /* - * asmlinkage unsigned long - * sys_alarm(unsigned int seconds) + * asmlinkage unsigned long + * sys_brk(unsigned long brk) */ -probe kernel.syscall.alarm = - kernel.function("sys_alarm") { - name = "alarm" - seconds = $seconds +probe kernel.syscall.brk = + kernel.function("sys_brk") { + name = "brk" + brk = $brk } -probe kernel.syscall.alarm.return = - kernel.function("sys_alarm").return { - name = "alarm.return" - /* - seconds = $seconds - */ +probe kernel.syscall.brk.return = + kernel.function("sys_brk").return { + name = "brk.return" } -# getpid___________________________________________ +# capget _____________________________________________________ +/* + * NOTE + * this is probably not a good function + * to probe. The structures are always + * changing. It also seems like it is + * not really used. Cscope produced no + * reference of this function in the + * kernel (returned no callers). Perhaps + * cap_get_proc / cap_set_proc are better + * functions to export. + */ /* * asmlinkage long - * sys_getpid(void) + * sys_capget(cap_user_header_t header, + * cap_user_data_t dataptr) */ -probe kernel.syscall.getpid = - kernel.function("sys_getpid") { - name = "getpid" +probe kernel.syscall.capget = + kernel.function("sys_capget") { + name = "capget" + header_uaddr = $header + data_uaddr = $dataptr + /* + * NOTE + * These two functions are the raw kernel + * interface for getting and setting + * capabilities. The kernel API is likely + * to change and use of these functions (in + * particular the format of the cap_user_*_t + * types) is subject to change with each + * kernel revision. + */ } -probe kernel.syscall.getpid.return = - kernel.function("sys_getpid").return { - name = "getpid.return" +probe kernel.syscall.capget.return = + kernel.function("sys_capget").return { + name = "capget.return" } -# getppid__________________________________________ -/* - * asmlinkage long - * sys_getppid(void) +# capset _____________________________________________________ +/* + * NOTE + * this is probably not a good function + * to probe. The structures are always + * changing. It also seems like it is + * not really used. Cscope produced no + * reference of this function in the + * kernel (returned no callers). Perhaps + * cap_get_proc / cap_set_proc are better + * functions to export. */ -probe kernel.syscall.getppid = - kernel.function("sys_getppid") { - name = "getppid" +/* + * asmlinkage long + * sys_capset(cap_user_header_t header, + * const cap_user_data_t data) + */ +probe kernel.syscall.capset = + kernel.function("sys_capset") { + name = "capset" + header_uaddr = $header + data_uaddr = $data + /* + * NOTE + * These two functions are the raw kernel + * interface for getting and setting + * capabilities. The kernel API is likely + * to change and use of these functions (in + * particular the format of the cap_user_*_t + * types) is subject to change with each + * kernel revision. + * + * These system calls are specific to Linux. + * The portable interfaces are cap_set_proc + * and cap_get_proc. + */ } -probe kernel.syscall.getppid.return = - kernel.function("sys_getppid").return { - name = "getppid.return" +probe kernel.syscall.capset.return = + kernel.function("sys_capset").return { + name = "capset.return" } -# getuid___________________________________________ -/* - * asmlinkage long - * sys_getuid(void) +# chdir ______________________________________________________ +/* + * asmlinkage long + * sys_chdir(const char __user * filename) */ -probe kernel.syscall.getuid = - kernel.function("sys_getuid") { - name = "getuid" +probe kernel.syscall.chdir = + kernel.function("sys_chdir") { + name = "chdir" + path_uaddr = $filename } -probe kernel.syscall.getuid.return = - kernel.function("sys_getuid").return { - name = "getuid.return" +probe kernel.syscall.chdir.return = + kernel.function("sys_chdir").return { + name = "chdir.return" } -# geteuid__________________________________________ -/* - * asmlinkage long - * sys_geteuid(void) +# chmod ______________________________________________________ +/* + * asmlinkage long + * sys_chmod(const char __user * filename, + * mode_t mode) */ -probe kernel.syscall.geteuid = - kernel.function("sys_geteuid") { - name = "geteuid" +probe kernel.syscall.chmod = + kernel.function("sys_chmod") { + name = "chmod" + path_uaddr = $filename + mode = $mode + mode_str = _sys_open_mode_str($mode) } -probe kernel.syscall.geteuid.return = - kernel.function("sys_geteuid").return { - name = "geteuid.return" +probe kernel.syscall.chmod.return = + kernel.function("sys_chmod").return { + name = "chmod.return" } -# getgid___________________________________________ -/* - * asmlinkage long - * sys_getgid(void) +# chown ______________________________________________________ +/* + * asmlinkage long + * sys_chown(const char __user * filename, + * uid_t user, + * gid_t group) */ -probe kernel.syscall.getgid = - kernel.function("sys_getgid") { - name = "getgid" +probe kernel.syscall.chown = + kernel.function("sys_chown") { + name = "chown" + path_uaddr = $filename + owner = $user + group = $group } -probe kernel.syscall.getgid.return = - kernel.function("sys_getgid").return { - name = "getgid.return" +probe kernel.syscall.chown.return = + kernel.function("sys_chown").return { + name = "chown.return" } -# getegid__________________________________________ -/* - * asmlinkage long - * sys_getegid(void) +# chown16 ____________________________________________________ +/* + * asmlinkage long + * sys_chown16(const char __user * filename, + * old_uid_t user, + * old_gid_t group) */ -probe kernel.syscall.getegid = - kernel.function("sys_getegid") { - name = "getegid" +probe kernel.syscall.chown16 = + kernel.function("sys_chown") { + name = "chown16" + path_uaddr = $filename + owner = $user + group = $group } -probe kernel.syscall.getegid.return = - kernel.function("sys_getegid").return { - name = "getegid.return" +probe kernel.syscall.chown16.return = + kernel.function("sys_chown").return { + name = "chown16.return" } -# getresuid________________________________________ -/* - * asmlinkage long - * sys_getresuid(uid_t __user *ruid, - * uid_t __user *euid, - * uid_t __user *suid) +# chroot _____________________________________________________ +/* + * asmlinkage long + * sys_chroot(const char __user * filename) */ -probe kernel.syscall.getresuid = - kernel.function("sys_getresuid") { - name = "getresuid" - ruid_uaddr = $ruid - euid_uaddr = $euid - suid_uaddr = $suid - ruid = __uget_num($ruid) - euid = __uget_num($euid) - suid = __uget_num($suid) +probe kernel.syscall.chroot = + kernel.function("sys_chroot") { + name = "chroot" + path_uaddr = $filename } -probe kernel.syscall.getresuid.return = - kernel.function("sys_getresuid").return { - name = "getresuid.return" +probe kernel.syscall.chroot.return = + kernel.function("sys_chroot").return { + name = "chroot.return" } -# getresgid________________________________________ -/* - * asmlinkage - * long sys_getresgid(gid_t __user *rgid, - * gid_t __user *egid, - * gid_t __user *sgid) +# clock_getres _______________________________________________ +/* + * asmlinkage long + * sys_clock_getres(clockid_t which_clock, + * struct timespec __user *tp) */ -probe kernel.syscall.getresgid = - kernel.function("sys_getresgid") { - name = "getresgid" - rgid_uaddr = $rgid - egid_uaddr = $egid - sgid_uaddr = $sgid - rgid = __uget_num($rgid) - egid = __uget_num($egid) - sgid = __uget_num($sgid) +probe kernel.syscall.clock_getres = + kernel.function("sys_clock_getres") { + name = "clock_getres" + clk_id = $which_clock + clk_id_str = _get_wc_str($which_clock) + res_uaddr = $tp } -probe kernel.syscall.getresgid.return = - kernel.function("sys_getresgid").return { - name = "getresgid.return" +probe kernel.syscall.clock_getres.return = + kernel.function("sys_clock_getres").return { + name = "clock_getres.return" } -# getpgid__________________________________________ -/* +# clock_gettime ______________________________________________ +/* * asmlinkage long - * sys_getpgid(void) + * sys_clock_gettime(clockid_t which_clock, + * struct timespec __user *tp) */ -probe kernel.syscall.getpgid = - kernel.function("sys_getpgid") { - name = "getpgid" - } -probe kernel.syscall.getpgid.return = - kernel.function("sys_getpgid").return { - name = "getpgid.return" +probe kernel.syscall.clock_gettime = + kernel.function("sys_clock_gettime") { + name = "clock_gettime" + clk_id = $which_clock + clk_id_str = _get_wc_str($which_clock) + tp_uaddr = $tp +} +probe kernel.syscall.clock_gettime.return = + kernel.function("sys_clock_gettime").return { + name = "clock_gettime.return" } -# getpgrp__________________________________________ -/* +# clock_nanosleep ____________________________________________ +/* * asmlinkage long - * sys_getpgrp(void) + * sys_clock_nanosleep(clockid_t which_clock, + * int flags, + * const struct timespec __user *rqtp, + * struct timespec __user *rmtp) */ -probe kernel.syscall.getpgrp = - kernel.function("sys_getpgrp") { - name = "getpgrp" +probe kernel.syscall.clock_nanosleep = + kernel.function("sys_clock_nanosleep") { + name = "clock_nanosleep" + clock_id = $which_clock + clock_id_str = _get_wc_str($which_clock) + flags = $flags + flag_str = "TIMER_ABSTIME" + rqtp_uaddr = $rqtp + rmtp_uaddr = $rmtp } -probe kernel.syscall.getpgrp.return = - kernel.function("sys_getpgrp").return { - name = "getpgrp.return" +probe kernel.syscall.clock_nanosleep.return = + kernel.function("sys_clock_nanosleep").return { + name = "clock_nanosleep.return" } -# getsid___________________________________________ -/* +# clock_settime ______________________________________________ +/* * asmlinkage long - * sys_getsid(pid_t pid) + * sys_clock_settime(clockid_t which_clock, + * const struct timespec __user *tp) */ -probe kernel.syscall.getsid = - kernel.function("sys_getsid") { - name = "getsid" - pid = $pid +probe kernel.syscall.clock_settime = + kernel.function("sys_clock_settime") { + name = "clock_settime" + clk_id = $which_clock + clk_id_str = _get_wc_str($which_clock) + tp_uaddr = $tp } -probe kernel.syscall.getsid.return = - kernel.function("sys_getsid").return { - name = "getsid.return" - /* - pid = $pid - */ +probe kernel.syscall.clock_settime.return = + kernel.function("sys_clock_settime").return { + name = "clock_settime.return" } -# getgroups________________________________________ +# clone ______________________________________________________ /* - * asmlinkage long - * sys_getgroups(int gidsetsize, - * gid_t __user *grouplist) - */ -probe kernel.syscall.getgroups = - kernel.function("sys_getgroups") { - name = "getgroups" - size = $gidsetsize + * asmlinkage long + * do_fork(unsigned long clone_flags, + * unsigned long stack_start, + * struct pt_regs *regs, + * unsigned long stack_size, + * int __user *parent_tidptr, + * int __user *child_tidptr) + */ +probe kernel.syscall.clone = + kernel.function("do_fork") { + name = "clone" + clone_flags = $clone_flags /* - NOTE - list defined as "gid_t list[]" there - is no practical way to export these - values. Therefore just export addr, - let the user take care of it with - embedded C if need be. - */ - list_uaddr = $grouplist + * unable to find local 'start_stack' (maybe i386 specific) + * start_stack = $start_stack + */ + regs_uaddr = $regs + stack_size = $stack_size + parent_tid_uaddr = $parent_tidptr + child_tid_uaddr = $child_tidptr } -probe kernel.syscall.getgroups.return = - kernel.function("sys_getgroups").return { - name = "getgroups.return" +probe kernel.syscall.clone.return = + kernel.function("do_fork").return { + name = "clone.return" } -# setregid_________________________________________ +# close ______________________________________________________ /* - * asmlinkage long - * sys_setregid(gid_t rgid, - * gid_t egid) + * asmlinkage long + * sys_close(unsigned int fd) */ -probe kernel.syscall.setregid = - kernel.function("sys_setregid") { - name = "setregid" - rgid = $rgid - egid = $egid +probe kernel.syscall.close = + kernel.function("sys_close") { + name = "close" + fd = $fd +} +probe kernel.syscall.close.return = + kernel.function("sys_close").return { + name = "close.return" } -probe kernel.syscall.setregid.return = - kernel.function("sys_setregid").return { - name = "setregid.return" +# connect ____________________________________________________ +/* + * asmlinkage long + * sys_connect(int fd, + * struct sockaddr __user *uservaddr, + * int addrlen) + */ +probe kernel.syscall.connect = + kernel.function("sys_connect") { + name = "connect" + sockfd = $fd + serv_addr_uaddr = $uservaddr + addrlen = $addrlen +} +probe kernel.syscall.connect.return = + kernel.function("sys_connect").return { + name = "connect.return" } -# setgid___________________________________________ -/* +# creat ______________________________________________________ +/* * asmlinkage long - * sys_setgid(gid_t gid) + * sys_creat(const char __user * pathname, + * int mode) */ -probe kernel.syscall.setgid = - kernel.function("sys_setgid") { - name = "setgid" - gid = $gid +probe kernel.syscall.creat = + kernel.function("sys_open") { + name = "creat" + pathname_uaddr = $filename + mode = $mode + mode_str = _sys_open_mode_str($mode) } -probe kernel.syscall.setgid.return = - kernel.function("sys_setgid").return { - name = "setgid.return" +probe kernel.syscall.creat.return = + kernel.function("sys_open").return { + name = "creat.return" } -# setreuid_________________________________________ -/* - * asmlinkage long - * sys_setreuid(uid_t ruid, - * uid_t euid) +# delete_module ______________________________________________ +/* + * asmlinkage long + * sys_delete_module(const char __user *name_user, + * unsigned int flags) */ -probe kernel.syscall.setreuid = - kernel.function("sys_setreuid") { - name = "setreuid" - ruid = $ruid - euid = $euid +probe kernel.syscall.delete_module = + kernel.function("sys_delete_module") { + name = "delete_module" + name_user_uaddr = $name_user + flags = $flags + flags_str = _module_flags_str($flags) } -probe kernel.syscall.setreuid.return = - kernel.function("sys_setreuid").return { - name = "setreuid.return" +probe kernel.syscall.delete_module.return = + kernel.function("sys_delete_module").return { + name = "delete_module.return" } -# setuid___________________________________________ -/* - * asmlinkage long - * sys_setuid(uid_t uid) +# dup ________________________________________________________ +/* + * asmlinkage long + * sys_dup(unsigned int fildes) */ -probe kernel.syscall.setuid = - kernel.function("sys_setuid") { - name = "setuid" - uid = $uid +probe kernel.syscall.dup = + kernel.function("sys_dup") { + name = "dup" + oldfd = $fildes } -probe kernel.syscall.setuid.return = - kernel.function("sys_setuid").return { - name = "setuid.return" +probe kernel.syscall.dup.return = + kernel.function("sys_dup").return { + name = "dup.return" } -# setresuid________________________________________ +# dup2 _______________________________________________________ /* - * asmlinkage long - * sys_setresuid(uid_t ruid, - * uid_t euid, - * uid_t suid) + * asmlinkage long + * sys_dup2(unsigned int oldfd, + * unsigned int newfd) */ -probe kernel.syscall.setresuid = - kernel.function("sys_setresuid") { - name = "setresuid" - ruid = $ruid - euid = $euid - suid = $suid +probe kernel.syscall.dup2 = + kernel.function("sys_dup2") { + name = "dup2" + oldfd = $oldfd + newfd = $newfd } -probe kernel.syscall.setresuid.return = - kernel.function("sys_setresuid").return { - name = "setresuid.return" +probe kernel.syscall.dup2.return = + kernel.function("sys_dup2").return { + name = "dup2.return" } -# setresgid________________________________________ -/* - * asmlinkage long - * sys_setresgid(gid_t rgid, - * gid_t egid, - * gid_t sgid) +# epoll_create _______________________________________________ +/* + * asmlinkage long + * sys_epoll_create(int size) */ -probe kernel.syscall.setresgid = - kernel.function("sys_setresgid") { - name = "setresgid" - rgid = $rgid - egid = $egid - sgid = $sgid -} -probe kernel.syscall.setresgid.return = - kernel.function("sys_setresgid").return { - name = "setresgid.return" +probe kernel.syscall.epoll_create = + kernel.function("sys_epoll_create") { + name = "epoll_create" + size = $size } -# setfsuid_________________________________________ -/* - * asmlinkage long - * sys_setfsuid(uid_t uid) +probe kernel.syscall.epoll_create.return = + kernel.function("sys_epoll_create").return { + name = "epoll_create.return" + } +# epoll_ctl __________________________________________________ +/* + * asmlinkage long + * sys_epoll_ctl(int epfd, + * int op, + * int fd, + * struct epoll_event __user *event) */ -probe kernel.syscall.setfsuid = - kernel.function("sys_setfsuid") { - name = "setfsuid" - fsuid = $uid +probe kernel.syscall.epoll_ctl = + kernel.function("sys_epoll_ctl") { + name = "epoll_ctl" + epfd = $epfd + op = $op + op_str = _opoll_op_str($op) + fd = $fd + event_uaddr = $event } -probe kernel.syscall.setfsuid.return = - kernel.function("sys_setfsuid").return { - name = "setfsuid.return" +probe kernel.syscall.epoll_ctl.return = + kernel.function("sys_epoll_ctl").return { + name = "epoll_ctl.return" } -# setfsgid_________________________________________ -/* - * asmlinkage long - * sys_setfsgid(gid_t gid) +# epoll_wait _________________________________________________ +/* + * asmlinkage long + * sys_epoll_wait(int epfd, + * struct epoll_event __user *events, + * int maxevents, + * int timeout) */ -probe kernel.syscall.setfsgid = - kernel.function("sys_setfsgid") { - name = "setfsgid" - fsgid = $gid +probe kernel.syscall.epoll_wait = + kernel.function("sys_epoll_wait") { + name = "epoll_wait" + epfd = $epfd + events_uaddr = $events + maxevents = $maxevents + timeout = $timeout } -probe kernel.syscall.setfsgid.return = - kernel.function("sys_setfsgid").return { - name = "setfsgid.return" +probe kernel.syscall.epoll_wait.return = + kernel.function("sys_epoll_wait").return { + name = "epoll_wait.return" } -# setpgid__________________________________________ -/* - * asmlinkage long - * sys_setpgid(pid_t pid, - * pid_t pgid) +# execve _____________________________________________________ +/* + * asmlinkage int + * sys_execve(struct pt_regs regs) */ -probe kernel.syscall.setpgid = - kernel.function("sys_setpgid") { - name = "setpgid" - pid = $pid - pgid = $pgid +probe kernel.syscall.execve = + kernel.function("sys_execve") { + name = "execve" + /* + * unsupported type identifier '$regs' + * regs = $regs + */ } -probe kernel.syscall.setpgid.return = - kernel.function("sys_setpgid").return { - name = "setpgid.return" +probe kernel.syscall.execve.return = + kernel.function("sys_execve").return { + name = "execve.return" } -# setsid___________________________________________ -/* - * asmlinkage long - * sys_setsid(void) +# exit _______________________________________________________ +/* + * asmlinkage long + * sys_exit(int error_code) */ -probe kernel.syscall.setsid = - kernel.function("sys_setsid") { - name = "setsid" +probe kernel.syscall.exit = + kernel.function("do_exit") { + name = "exit" + status = $code } -probe kernel.syscall.setsid.return = - kernel.function("sys_setsid").return { - name = "setsid.return" +probe kernel.syscall.exit.return = + kernel.function("do_exit").return { + name = "exit.return" } -# setgroups________________________________________ -/* - * asmlinkage long - * sys_setgroups(int gidsetsize, - * gid_t __user *grouplist) +# exit_group _________________________________________________ +/* + * asmlinkage void + * sys_exit_group(int error_code) */ -probe kernel.syscall.setgroups = - kernel.function("sys_setgroups") { - name = "setgroups" - size = $gidsetsize - /* - NOTE - list defined as "gid_t list[]" there - is no practical way to export these - values. Therefore just export addr, - let the user take care of it with - embedded C if need be. - */ - list_uaddr = $grouplist +probe kernel.syscall.exit_group = + kernel.function("sys_exit_group") { + name = "exit_group" + status = $error_code } -probe kernel.syscall.setgroups.return = - kernel.function("sys_setgroups").return { - name = "setgroups.return" +probe kernel.syscall.exit_group.return = + kernel.function("do_group_exit").return { + name = "exit_group.return" } -# acct_____________________________________________ +# fadvise64 __________________________________________________ /* * asmlinkage long - * sys_acct(const char __user *name) + * sys_fadvise64_64(int fd, + * loff_t offset, + * loff_t len, + * int advice) */ -probe kernel.syscall.acct = - kernel.function("sys_acct") { - name = "acct" - filename_uaddr = $name - filename = user_string($name) - } -probe kernel.syscall.acct.return = - kernel.function("sys_acct").return { - name = "acct.return" +probe kernel.syscall.fadvise64 = + kernel.function("sys_fadvise64_64") { + name = "fadvise64" + fd = $fd + offset = $offset + len = $len + advice = $advice } -# capget___________________________________________ -/* - NOTE - this is probably not a good function - to probe. The structures are always - changing. It also seems like it is - not really used. Cscope produced no - reference of this function in the - kernel (returned no callers). Perhaps - cap_get_proc / cap_set_proc are better - functions to export. -*/ - -/* - * asmlinkage long - * sys_capget(cap_user_header_t header, - * cap_user_data_t dataptr) - */ -probe kernel.syscall.capget = - kernel.function("sys_capget") { - name = "capget" - header_uaddr = $header - data_uaddr = $dataptr - /* - NOTE - These two functions are the raw kernel - interface for getting and setting - capabilities. The kernel API is likely - to change and use of these functions (in - particular the format of the cap_user_*_t - types) is subject to change with each - kernel revision. - */ +probe kernel.syscall.fadvise64.return = + kernel.function("sys_fadvise64_64").return { + name = "fadvise64.return" } -probe kernel.syscall.capget.return = - kernel.function("sys_capget").return { - name = "capget.return" - } -# capset___________________________________________ -/* - NOTE - this is probably not a good function - to probe. The structures are always - changing. It also seems like it is - not really used. Cscope produced no - reference of this function in the - kernel (returned no callers). Perhaps - cap_get_proc / cap_set_proc are better - functions to export. -*/ - -/* - * asmlinkage long - * sys_capset(cap_user_header_t header, - * const cap_user_data_t data) +# fadvise64_64 _______________________________________________ +/* + * asmlinkage long + * sys_fadvise64_64(int fd, + * loff_t offset, + * loff_t len, + * int advice) */ -probe kernel.syscall.capset = - kernel.function("sys_capset") { - name = "capset" - header_uaddr = $header - data_uaddr = $data - /* - NOTE - These two functions are the raw kernel - interface for getting and setting - capabilities. The kernel API is likely - to change and use of these functions (in - particular the format of the cap_user_*_t - types) is subject to change with each - kernel revision. - - These system calls are specific to Linux. - The portable interfaces are cap_set_proc - and cap_get_proc. - */ +probe kernel.syscall.fadvise64_64 = + kernel.function("sys_fadvise64_64") { + name = "fadvise64_64" + fs = $fd + offset = $offset + len = $len + advice = $advice } -probe kernel.syscall.capset.return = - kernel.function("sys_capset").return { - name = "capset.return" +probe kernel.syscall.fadvise64_64.return = + kernel.function("sys_fadvise64_64").return { + name = "fadvise64_64.return" } -# personality______________________________________ -/* - * asmlinkage long - * sys_personality(u_long personality) +# fchdir _____________________________________________________ +/* + * asmlinkage long + * sys_fchdir(unsigned int fd) */ -probe kernel.syscall.personality = - kernel.function("sys_personality") { - name = "personality" - persona = $personality +probe kernel.syscall.fchdir = + kernel.function("sys_fchdir") { + name = "fchdir" + fd = $fd } -probe kernel.syscall.personality.return = - kernel.function("sys_personality").return { - name = "personality.return" +probe kernel.syscall.fchdir.return = + kernel.function("sys_fchdir").return { + name = "fchdir.return" } -# sigpending_______________________________________ -/* - * long do_sigpending(void __user *set, - * unsigned long sigsetsize) +# fchmod _____________________________________________________ +/* + * asmlinkage long + * sys_fchmod(unsigned int fd, + * mode_t mode) */ -probe kernel.syscall.sigpending = - kernel.function("do_sigpending") { - name = "sigpending" - /* - NOTE - set is defined as - struct { - unsigned long int __val[128]; - } - theres is no practical way to export - these values. Therefore just export - addr, let the user take care of it - with embedded C if need be. - */ - - /* - XXX Cannot deal w void pointers yet - set_uaddr = $set - */ +probe kernel.syscall.fchmod = + kernel.function("sys_fchmod") { + name = "fchmod" + fildes = $fd + mode = $mode + mode_str = _sys_open_mode_str($mode) } -probe kernel.syscall.sigpending.return = - kernel.function("do_sigpending").return { - name = "sigpending.return" +probe kernel.syscall.fchmod.return = + kernel.function("sys_fchmod").return { + name = "fchmod.return" } -# sigprocmask______________________________________ -/* - * asmlinkage long - * sys_sigprocmask(int how, - * old_sigset_t __user *set, - * old_sigset_t __user *oset) +# fchown _____________________________________________________ +/* + * asmlinkage long + * sys_fchown(unsigned int fd, + * uid_t user, + * gid_t group) */ -probe kernel.syscall.sigprocmask = - kernel.function("sys_sigprocmask") { - name = "sigprocmask" - how = $how - how_str = _sigprocmask_how_str($how) - /* - NOTE - set and oset are defined as - struct { - unsigned long int __val[128]; - } - theres is no practical way to export - these values. Therefore just export - addr, let the user take care of it - with embedded C if need be. - */ - set_uaddr = $set - oldset_uaddr = $oset +probe kernel.syscall.fchown = + kernel.function("sys_fchown") { + name = "fchown" + fd = $fd + owner = $user + group = $group } -probe kernel.syscall.sigprocmask.return = - kernel.function("sigprocmask").return { - name = "sigprocmask.return" +probe kernel.syscall.fchown.return = + kernel.function("sys_fchown").return { + name = "fchown.return" } -# getitimer________________________________________ -/* - * asmlinkage long - * sys_getitimer(int which, - * struct itimerval __user *value) +# fchown16 ___________________________________________________ +/* + * asmlinkage long + * sys_fchown16(unsigned int fd, + * old_uid_t user, + * old_gid_t group) */ -probe kernel.syscall.getitimer = - kernel.function("sys_getitimer") { - name = "getitimer" - which = $which - which_str = _itimer_which_str($which) - value_uaddr = $value - value_it_interval_tv_sec = - __uget_itimerval_tv_m($value,0) - value_it_interval_tv_usec = - __uget_itimerval_tv_m($value,1) - value_it_value_tv_sec = - __uget_itimerval_tv_m($value,2) - value_it_value_tv_usec = - __uget_itimerval_tv_m($value,3) - } -probe kernel.syscall.getitimer.return = - kernel.function("sys_getitimer").return { - name = "getitimer.return" +probe kernel.syscall.fchown16 = + kernel.function("sys_fchown") { + name = "fchown16" + fd = $fd + owner = $user + group = $group } -# setitimer________________________________________ -/* - * asmlinkage long - * sys_setitimer(int which, - * struct itimerval __user *value, - * struct itimerval __user *ovalue) - */ -probe kernel.syscall.setitimer = - kernel.function("sys_setitimer") { - name = "setitimer" - which = $which - which_str = _itimer_which_str($which) - value_uaddr = $value - ovalue_uaddr = $ovalue - value_it_interval_tv_sec = - __uget_itimerval_tv_m($value,0) - value_it_interval_tv_usec = - __uget_itimerval_tv_m($value,1) - value_it_value_tv_sec = - __uget_itimerval_tv_m($value,2) - value_it_value_tv_usec = - __uget_itimerval_tv_m($value,3) - ovalue_it_interval_tv_sec = - __uget_itimerval_tv_m($ovalue,0) - ovalue_it_interval_tv_usec = - __uget_itimerval_tv_m($ovalue,1) - ovalue_it_value_tv_sec = - __uget_itimerval_tv_m($ovalue,2) - ovalue_it_value_tv_usec = - __uget_itimerval_tv_m($ovalue,3) - } -probe kernel.syscall.setitimer.return = - kernel.function("sys_setitimer").return { - name = "setitimer.return" +probe kernel.syscall.fchown16.return = + kernel.function("sys_fchown").return { + name = "fchown16.return" } -# timer_create_____________________________________ -/* +# fcntl ______________________________________________________ +/* * asmlinkage long - * sys_timer_create(clockid_t which_clock, - * struct sigevent __user *timer_event_spec, - * timer_t __user * created_timer_id) + * sys_fcntl(int fd, + * unsigned int cmd, + * unsigned long arg) */ -probe kernel.syscall.timer_create = - kernel.function("sys_timer_create") { - name = "timer_create" - clockid = $which_clock - clockid_str = _get_wc_str($which_clock) - evp_uaddr = $timer_event_spec - /* ...a little unsure about this... - - typedef struct sigevent { - sigval_t sigev_value; - int sigev_signo; - int sigev_notify; - union { - int _pad[SIGEV_PAD_SIZE]; - int _tid; - struct { - void (*_function)(sigval_t); - void *_attribute; - // really pthread_attr_t - } _sigev_thread; - } _sigev_un; - } sigevent_t; - - */ - timerid_uaddr = $created_timer_id - timerid = __uget_num($created_timer_id) +probe kernel.syscall.fcntl = + kernel.function("sys_fcntl") { + name = "fcntl" + fd = $fd + cmd = $cmd + cmd_str = _fcntl_cmd_str($cmd) + arg = $arg } -probe kernel.syscall.timer_create.return = - kernel.function("sys_timer_create").return { - name = "timer_create.return" - } -# timer_gettime____________________________________ -/* +probe kernel.syscall.fcntl.return = + kernel.function("sys_fcntl").return { + name = "fcntl.return" + } +# fcntl64 ____________________________________________________ +/* * asmlinkage long - * sys_timer_gettime(timer_t timer_id, - * struct itimerspec __user *setting) + * sys_fcntl64(unsigned int fd, + * unsigned int cmd, + * unsigned long arg) */ -probe kernel.syscall.timer_gettime = - kernel.function("sys_timer_gettime") { - name = "timer_gettime" - timerid = $timer_id - value_uaddr = $setting - value_it_interval_tv_sec = - __uget_itimerspec_ts_m($setting,0) - value_it_interval_tv_nsec = - __uget_itimerspec_ts_m($setting,1) - value_it_value_tv_sec = - __uget_itimerspec_ts_m($setting,2) - value_it_value_tv_nsec = - __uget_itimerspec_ts_m($setting,3) - } -probe kernel.syscall.timer_gettime.return = - kernel.function("sys_timer_gettime").return { - name = "timer_gettime.return" +probe kernel.syscall.fcntl64 = + kernel.function("sys_fcntl64") { + name = "fcntl64" + fd = $fd + cmd = $cmd + cmd_str = _fcntl_cmd_str($cmd) + arg = $arg } -# timer_getoverrun_________________________________ -/* - * asmlinkage long - * sys_timer_getoverrun(timer_t timer_id) +probe kernel.syscall.fcntl64.return = + kernel.function("sys_fcntl64").return { + name = "fcntl64.return" + } +# fdatasync __________________________________________________ +/* + * asmlinkage long + * sys_fdatasync(unsigned int fd) */ -probe kernel.syscall.timer_getoverrun = - kernel.function("sys_timer_getoverrun") { - name = "timer_getoverrun" - timerid = $timer_id +probe kernel.syscall.fdatasync = + kernel.function("sys_fdatasync") { + name = "fdatasync" + fd = $fd } -probe kernel.syscall.timer_getoverrun.return = - kernel.function("sys_timer_getoverrun").return { - name = "timer_getoverrun.return" +probe kernel.syscall.fdatasync.return = + kernel.function("sys_fdatasync").return { + name = "fdatasync.return" } -# timer_settime____________________________________ -/* - * asmlinkage long - * sys_timer_settime(timer_t timer_id, - * int flags, - * const struct itimerspec __user *new_setting, - * struct itimerspec __user *old_setting) +# fgetxattr __________________________________________________ +/* + * asmlinkage ssize_t + * sys_fgetxattr(int fd, + * char __user *name, + * void __user *value, + * size_t size) */ -probe kernel.syscall.timer_settime = - kernel.function("sys_timer_settime") { - name = "timer_settime" - timerid = $timer_id - flags = $flags - value_uaddr = $new_setting - ovalue_uaddr = $old_setting +probe kernel.syscall.fgetxattr = + kernel.function("sys_fgetxattr") { + name = "fgetxattr" + fildes = $fd + path_uaddr = $name + value_uaddr = $value + size = $size } -probe kernel.syscall.timer_settime.return = - kernel.function("sys_timer_settime").return { - name = "timer_settime.return" +probe kernel.syscall.fgetxattr.return = + kernel.function("sys_fgetxattr").return { + name = "fgetxattr.return" } -# timer_delete_____________________________________ -/* - * asmlinkage long - * sys_timer_delete(timer_t timer_id) +# flistxattr _________________________________________________ +/* + * asmlinkage ssize_t + * sys_flistxattr(int fd, + * char __user *list, + * size_t size) */ -probe kernel.syscall.timer_delete = - kernel.function("sys_timer_delete") { - name = "timer_delete" - timerid = $timer_id -} -probe kernel.syscall.timer_delete.return = - kernel.function("sys_timer_delete").return { - name = "timer_delete.return" +probe kernel.syscall.flistxattr = + kernel.function("sys_flistxattr") { + name = "flistxattr" + fildes = $fd + list_uaddr = $list + size = $size } -# clock_settime____________________________________ -/* +probe kernel.syscall.flistxattr.return = + kernel.function("sys_flistxattr").return { + name = "flistxattr.return" + } +# flock ______________________________________________________ +/* * asmlinkage long - * sys_clock_settime(clockid_t which_clock, - * const struct timespec __user *tp) + * sys_flock(unsigned int fd, + * unsigned int cmd) */ -probe kernel.syscall.clock_settime = - kernel.function("sys_clock_settime") { - name = "clock_settime" - clk_id = $which_clock - clk_id_str = _get_wc_str($which_clock) - tp_uaddr = $tp +probe kernel.syscall.flock = + kernel.function("sys_flock") { + name = "flock" + fd = $fd + operation = $cmd } -probe kernel.syscall.clock_settime.return = - kernel.function("sys_clock_settime").return { - name = "clock_settime.return" +probe kernel.syscall.flock.return = + kernel.function("sys_flock").return { + name = "flock.return" } -# clock_gettime____________________________________ +# fork _______________________________________________________ /* * asmlinkage long - * sys_clock_gettime(clockid_t which_clock, - * struct timespec __user *tp) - */ -probe kernel.syscall.clock_gettime = - kernel.function("sys_clock_gettime") { - name = "clock_gettime" - clk_id = $which_clock - clk_id_str = _get_wc_str($which_clock) - tp_uaddr = $tp -} -probe kernel.syscall.clock_gettime.return = - kernel.function("sys_clock_gettime").return { - name = "clock_gettime.return" + * do_fork(unsigned long clone_flags, + * unsigned long stack_start, + * struct pt_regs *regs, + * unsigned long stack_size, + * int __user *parent_tidptr, + * int __user *child_tidptr) + */ +probe kernel.syscall.fork = + kernel.function("do_fork") { + name = "fork" + clone_flags = $clone_flags + /* + * unable to find local 'start_stack' (maybe i386 specific) + * start_stack = $start_stack + */ + regs_uaddr = $regs + stack_size = $stack_size + parent_tid_uaddr = $parent_tidptr + child_tid_uaddr = $child_tidptr } -# clock_getres_____________________________________ -/* +probe kernel.syscall.fork.return = + kernel.function("do_fork").return { + name = "fork.return" + } +# fremovexattr _______________________________________________ +/* * asmlinkage long - * sys_clock_getres(clockid_t which_clock, - * struct timespec __user *tp) + * sys_fremovexattr(int fd, + * char __user *name) */ -probe kernel.syscall.clock_getres = - kernel.function("sys_clock_getres") { - name = "clock_getres" - clk_id = $which_clock - clk_id_str = _get_wc_str($which_clock) - res_uaddr = $tp +probe kernel.syscall.fremovexattr = + kernel.function("sys_fremovexattr") { + name = "fremovexattr" + filedes = $fd + name_uaddr = $name } -probe kernel.syscall.clock_getres.return = - kernel.function("sys_clock_getres").return { - name = "clock_getres.return" +probe kernel.syscall.fremovexattr.return = + kernel.function("sys_fremovexattr").return { + name = "fremovexattr.return" } -# clock_nanosleep__________________________________ -/* +# fsetxattr __________________________________________________ +/* * asmlinkage long - * sys_clock_nanosleep(clockid_t which_clock, - * int flags, - * const struct timespec __user *rqtp, - * struct timespec __user *rmtp) + * sys_fsetxattr(int fd, + * char __user *name, + * void __user *value, + * size_t size, + * int flags) */ -probe kernel.syscall.clock_nanosleep = - kernel.function("sys_clock_nanosleep") { - name = "clock_nanosleep" - clock_id = $which_clock - clock_id_str = _get_wc_str($which_clock) +probe kernel.syscall.fsetxattr = + kernel.function("sys_fsetxattr") { + name = "fsetxattr" + fildes = $fd + name_uaddr = $name + value_uaddr = $value + size = $size flags = $flags - flag_str = "TIMER_ABSTIME" - rqtp_uaddr = $rqtp - rmtp_uaddr = $rmtp - } -probe kernel.syscall.clock_nanosleep.return = - kernel.function("sys_clock_nanosleep").return { - name = "clock_nanosleep.return" } -# nice_____________________________________________ -/* - * asmlinkage long - * sys_nice(int increment) - */ -probe kernel.syscall.nice = - kernel.function("sys_nice") { - name = "nice" - inc = $increment - } -probe kernel.syscall.nice.return = - kernel.function("sys_nice").return { - name = "nice.return" +probe kernel.syscall.fsetxattr.return = + kernel.function("sys_fsetxattr").return { + name = "fsetxattr.return" } -# sched_setscheduler_______________________________ -/* - * asmlinkage long - * sys_sched_setscheduler(pid_t pid, - * int policy, - * struct sched_param __user *param) +# fstat ______________________________________________________ +/* + * asmlinkage long + * sys_fstat(unsigned int fd, + * struct __old_kernel_stat __user * statbuf) */ -probe kernel.syscall.sched_setscheduler = - kernel.function("do_sched_setscheduler") { - name = "sched_setscheduler" - pid = $pid - policy = $policy - policy_str = _sched_policy_str($policy) - p_uaddr = $param - } -probe kernel.syscall.sched_setscheduler.return = - kernel.function("do_sched_setscheduler").return { - name = "sched_setscheduler.return" +probe kernel.syscall.fstat = + kernel.function("sys_fstat") { + name = "fstat" + fd = $fd + buf_uaddr = $statbuf +} +probe kernel.syscall.fstat.return = + kernel.function("sys_fstat").return { + name = "fstat.return" } -# sched_setparam___________________________________ -/* - * asmlinkage long - * sys_sched_setparam(pid_t pid, - * struct sched_param __user *param) +# fstat64 ____________________________________________________ +/* + * asmlinkage long + * sys_fstat64(unsigned long fd, + * struct stat64 __user * statbuf) */ -probe kernel.syscall.sched_setparam = - kernel.function("do_sched_setscheduler") { - name = "sched_setparam" - pid = $pid - p_uaddr = $param +probe kernel.syscall.fstat64 = + kernel.function("sys_fstat64") { + name = "fstat64" + fd = $fd + buf_uaddr = $statbuf } -probe kernel.syscall.sched_setparam.return = - kernel.function("do_sched_setscheduler").return { - name = "sched_setparam.return" +probe kernel.syscall.fstat64.return = + kernel.function("sys_fstat64").return { + name = "fstat64.return" } -# sched_getscheduler_______________________________ -/* - * asmlinkage long - * sys_sched_getscheduler(pid_t pid) +# fstatfs ____________________________________________________ +/* + * asmlinkage long + * sys_fstatfs(unsigned int fd, + * struct statfs __user * buf) */ -probe kernel.syscall.sched_getscheduler = - kernel.function("sys_sched_getscheduler") { - name = "sched_getscheduler" - pid = $pid +probe kernel.syscall.fstatfs = + kernel.function("sys_fstatfs") { + name = "fstatfs" + fd = $fd + buf_uaddr = $buf } -probe kernel.syscall.sched_getscheduler.return = - kernel.function("sys_sched_getscheduler").return { - name = "sched_getscheduler.return" +probe kernel.syscall.fstatfs.return = + kernel.function("sys_fstatfs").return { + name = "fstatfs.return" } -# sched_getparam___________________________________ -/* - * asmlinkage long - * sys_sched_getparam(pid_t pid, - * struct sched_param __user *param) +# fstatfs64 __________________________________________________ +/* + * asmlinkage long + * sys_fstatfs64(unsigned int fd, + * size_t sz, + * struct statfs64 __user *buf) */ -probe kernel.syscall.sched_getparam = - kernel.function("sys_sched_getparam") { - name = "sched_getparam" - pid = $pid - p_uaddr = $param +probe kernel.syscall.fstatfs64 = + kernel.function("sys_fstatfs64") { + name = "fstatfs64" + fd = $fd + sz = $sz + buf_uaddr = $buf } -probe kernel.syscall.sched_getparam.return = - kernel.function("sys_sched_getparam").return { - name = "sched_getparam.return" +probe kernel.syscall.fstatfs64.return = + kernel.function("sys_fstatfs64").return { + name = "fstatfs64.return" } -# sched_setaffinity________________________________ -/* - * asmlinkage long - * sys_sched_setaffinity(pid_t pid, - * unsigned int len, - * unsigned long __user *user_mask_ptr) +# fsync ______________________________________________________ +/* + * asmlinkage long + * sys_fsync(unsigned int fd) */ -probe kernel.syscall.sched_setaffinity = - kernel.function("sys_sched_setaffinity") { - name = "sched_setaffinity" - pid = $pid - len = $len - mask_uaddr = $user_mask_ptr +probe kernel.syscall.fsync = + kernel.function("sys_fsync") { + name = "fsync" + fd = $fd } -probe kernel.syscall.sched_setaffinity.return = - kernel.function("sys_sched_setaffinity").return { - name = "sched_setaffinity.return" +probe kernel.syscall.fsync.return = + kernel.function("sys_fsync").return { + name = "fsync.return" } -# sched_getaffinity________________________________ -/* - * asmlinkage long - * sys_sched_getaffinity(pid_t pid, - * unsigned int len, - * unsigned long __user *user_mask_ptr) +# ftruncate __________________________________________________ +/* + * static inline long + * do_sys_ftruncate(unsigned int fd, + * loff_t length, + * int small) */ -probe kernel.syscall.sched_getaffinity = - kernel.function("sys_sched_getaffinity") { - name = "sched_getaffinity" - pid = $pid - len = $len - mask_uaddr = $user_mask_ptr +probe kernel.syscall.ftruncate = + kernel.function("sys_ftruncate") { + name = "ftruncate" + fd = $fd + length = $length } -probe kernel.syscall.sched_getaffinity.return = - kernel.function("sys_sched_getaffinity").return { - name = "sched_getaffinity.return" +probe kernel.syscall.ftruncate.return = + kernel.function("sys_ftrancate").return { + name = "ftruncate.return" } -# sched_yield______________________________________ -/* - * asmlinkage long - * sys_sched_yield(void) +# ftruncate64 ________________________________________________ +/* + * asmlinkage long + * sys_ftruncate64(unsigned int fd, + * loff_t length) */ -probe kernel.syscall.sched_yield = - kernel.function("sys_sched_yield") { - name = "sched_yield" +probe kernel.syscall.ftruncate64 = + kernel.function("sys_ftruncate") { + name = "ftruncate64" + fd = $fd + length = $length } -probe kernel.syscall.sched_yield.return = - kernel.function("sys_sched_yield").return { - name = "sched_yield.return" +probe kernel.syscall.ftruncate64.return = + kernel.function("sys_ftruncate").return { + name = "ftruncate64.return" } -# sched_get_priority_max___________________________ -/* - * asmlinkage long - * sys_sched_get_priority_max(int policy) +# futex ______________________________________________________ +/* + * asmlinkage long + * sys_futex(u32 __user *uaddr, + * int op, + * int val, + * struct timespec __user *utime, + * u32 __user *uaddr2, + * int val3) */ -probe kernel.syscall.sched_get_priority_max = - kernel.function("sys_sched_get_priority_max") { - name = "sched_get_priority_max" - policy = $policy +probe kernel.syscall.futex = + kernel.function("sys_futex") { + name = "futex" + futex_uaddr = $uaddr + op = $op + op_str = _futex_op_str($op) + val = $val + timeout_uaddr = $utime + uaddr2_uaddr = $uaddr2 + val3 = $val3 } -probe kernel.syscall.sched_get_priority_max.return = - kernel.function("sys_sched_get_priority_max").return { - name = "sched_get_priority_max.return" +probe kernel.syscall.futex.return = + kernel.function("sys_futex").return { + name = "futex.return" } -# sched_get_priority_min___________________________ -/* - * asmlinkage long - * sys_sched_get_priority_min(int policy) +# getcwd _____________________________________________________ +/* + * asmlinkage long + * sys_getcwd(char __user *buf, + * unsigned long size) */ -probe kernel.syscall.sched_get_priority_min = - kernel.function("sys_sched_get_priority_min") { - name = "sched_get_priority_min" - policy = $policy +probe kernel.syscall.getcwd = + kernel.function("sys_getcwd") { + name = "getcwd" + buf_uaddr = $buf + size = $size } -probe kernel.syscall.sched_get_priority_min.return = - kernel.function("sys_sched_get_priority_min").return { - name = "sched_get_priority_min.return" +probe kernel.syscall.getcwd.return = + kernel.function("sys_getcwd").return { + name = "getcwd.return" } -# sched_rr_get_interval____________________________ -/* - * asmlinkage long - * sys_sched_rr_get_interval(pid_t pid, - * struct timespec __user *interval) +# getdents ___________________________________________________ +/* + * asmlinkage long + * sys_getdents(unsigned int fd, + * struct linux_dirent __user * dirent, + * unsigned int count) */ -probe kernel.syscall.sched_rr_get_interval = - kernel.function("sys_sched_rr_get_interval") { - name = "sched_rr_get_interval" - pid = $pid - tp_uaddr = $interval +probe kernel.syscall.getdents = + kernel.function("sys_getdents") { + name = "getdents" + fd = $fd + dirp_uaddr = $dirent + count = $count } -probe kernel.syscall.sched_rr_get_interval.return = - kernel.function("sys_sched_rr_get_interval").return { - name = "sched_rr_get_interval.return" +probe kernel.syscall.getdents.return = + kernel.function("sys_getdents").return { + name = "getdents.return" } -# setpriority______________________________________ -/* - * asmlinkage long - * sys_setpriority(int which, - * int who, - * int niceval) +# getdents64 _________________________________________________ +/* + * asmlinkage long + * sys_getdents64(unsigned int fd, + * struct linux_dirent64 __user * dirent, + * unsigned int count) */ -probe kernel.syscall.setpriority = - kernel.function("sys_setpriority") { - name = "setpriority" - which = $which - which_str = - _priority_which_str($which) - who = $who - prio = $niceval +probe kernel.syscall.getdents64 = + kernel.function("sys_getdents64") { + name = "getdents64" + fd = $fd + dirp_uaddr = $dirent + count = $count } -probe kernel.syscall.setpriority.return = - kernel.function("sys_setpriority").return { - name = "setpriority.return" +probe kernel.syscall.getdents64.return = + kernel.function("sys_getdents64").return { + name = "getdents64.return" } -# getpriority______________________________________ -/* - * asmlinkage long - * sys_getpriority(int which, - * int who) +# getegid ____________________________________________________ +/* + * asmlinkage long + * sys_getegid(void) */ -probe kernel.syscall.getpriority = - kernel.function("sys_getpriority") { - name = "getpriority" - which = $which - which_str = - _priority_which_str($which) - who = $who +probe kernel.syscall.getegid = + kernel.function("sys_getegid") { + name = "getegid" } -probe kernel.syscall.getpriority.return = - kernel.function("sys_getpriority").return { - name = "getpriority.return" +probe kernel.syscall.getegid.return = + kernel.function("sys_getegid").return { + name = "getegid.return" } -# shutdown_________________________________________ -/* - * asmlinkage long - * sys_shutdown(int fd, - * int how) +# getegid16 __________________________________________________ +/* + * asmlinkage long + * sys_getegid16(void) */ -probe kernel.syscall.shutdown = - kernel.function("sys_shutdown") { - name = "shutdown" - s = $fd - how = $how - how_str = _shutdown_how_str($how) +probe kernel.syscall.getegid16 = + kernel.function("sys_getegid16") { + name = "getegid16" } -probe kernel.syscall.shutdown.return = - kernel.function("sys_shutdown").return { - name = "shutdown.return" +probe kernel.syscall.getegid16.return = + kernel.function("sys_getegid16").return { + name = "getegid16.return" } -# reboot___________________________________________ -/* - * asmlinkage long - * sys_reboot(int magic1, - * int magic2, - * unsigned int cmd, - * void __user * arg) +# geteuid ____________________________________________________ +/* + * asmlinkage long + * sys_geteuid(void) */ -probe kernel.syscall.reboot = - kernel.function("sys_reboot") { - name = "reboot" - magic = $magic1 - magic_str = - _reboot_magic_str($magic1) - magic2 = $magic2 - magic2_str = - _reboot_magic_str($magic2) - flag = $cmd - flag_str = - _reboot_flag_str(flag) - /* - void __user * arg - */ +probe kernel.syscall.geteuid = + kernel.function("sys_geteuid") { + name = "geteuid" } -probe kernel.syscall.reboot.return = - kernel.function("sys_reboot").return { - name = "reboot.return" +probe kernel.syscall.geteuid.return = + kernel.function("sys_geteuid").return { + name = "geteuid.return" } -# restart_syscall__________________________________ +# geteuid16 __________________________________________________ /* - * asmlinkage long - * sys_restart_syscall(void) + * asmlinkage long + * sys_geteuid16(void) */ -probe kernel.syscall.restart_syscall = - kernel.function("sys_restart_syscall") { - name = "restart_syscall" +probe kernel.syscall.geteuid16 = + kernel.function("sys_geteuid16") { + name = "geteuid16" } -probe kernel.syscall.restart_syscall.return = - kernel.function("sys_restart_syscall").return { - name = "restart_syscall.return" +probe kernel.syscall.geteuid16.return = + kernel.function("sys_geteuid16").return { + name = "geteuid16.return" } -# exit_____________________________________________ -/* - * asmlinkage long - * sys_exit(int error_code) +# getgid _____________________________________________________ +/* + * asmlinkage long + * sys_getgid(void) */ -probe kernel.syscall.exit = - kernel.function("do_exit") { - name = "exit" - status = $code +probe kernel.syscall.getgid = + kernel.function("sys_getgid") { + name = "getgid" } -probe kernel.syscall.exit.return = - kernel.function("do_exit").return { - name = "exit.return" +probe kernel.syscall.getgid.return = + kernel.function("sys_getgid").return { + name = "getgid.return" } -# exit_group_______________________________________ -/* - * asmlinkage void - * sys_exit_group(int error_code) +# getgid16 ___________________________________________________ +/* + * asmlinkage long + * sys_getgid16(void) */ -probe kernel.syscall.exit_group = - kernel.function("sys_exit_group") { - name = "exit_group" - status = $error_code +probe kernel.syscall.getgid16 = + kernel.function("sys_getgid16") { + name = "getgid16" } -probe kernel.syscall.exit_group.return = - kernel.function("do_group_exit").return { - name = "exit_group.return" +probe kernel.syscall.getgid16.return = + kernel.function("sys_getgid16").return { + name = "getgid16.return" } -# wait4____________________________________________ -/* - * asmlinkage long - * sys_wait4(pid_t pid, - * int __user *stat_addr, - * int options, - * struct rusage __user *ru) +# getgroups __________________________________________________ +/* + * asmlinkage long + * sys_getgroups(int gidsetsize, + * gid_t __user *grouplist) */ -probe kernel.syscall.wait4 = - kernel.function("sys_wait4") { - name = "wait4" - pid = $pid - status_uaddr = $stat_addr - options = $options - options_str = - _wait4_opt_str($options) - rusage_uaddr = $ru +probe kernel.syscall.getgroups = + kernel.function("sys_getgroups") { + name = "getgroups" + size = $gidsetsize + /* + * NOTE + * list defined as "gid_t list[]" there + * is no practical way to export these + * values. Therefore just export addr, + * let the user take care of it with + * embedded C if need be. + */ + list_uaddr = $grouplist } -probe kernel.syscall.wait4.return = - kernel.function("sys_wait4").return { - name = "wait4.return" +probe kernel.syscall.getgroups.return = + kernel.function("sys_getgroups").return { + name = "getgroups.return" } -# waitid___________________________________________ -/* - * asmlinkage long - * sys_waitid(int which, - * pid_t pid, - * struct siginfo __user *infop, - * int options, - * struct rusage __user *ru) +# getgroups16 ________________________________________________ +/* + * asmlinkage long + * sys_getgroups16(int gidsetsize, + * old_gid_t __user *grouplist) */ -probe kernel.syscall.waitid = - kernel.function("sys_waitid") { - name = "waitid" - which = $which - which_str = - _waitid_which_str($which) - pid = $pid - infop_uaddr = $infop - options = $options - options_str = - _wait4_opt_str($options) +probe kernel.syscall.getgroups16 = + kernel.function("sys_getgroups16") { + name = "getgroups16" + size = $gidsetsize + list_uaddr = $grouplist } -probe kernel.syscall.waitid.return = - kernel.function("sys_waitid").return { - name = "waitid.return" +probe kernel.syscall.getgroups16.return = + kernel.function("sys_getgroups16").return { + name = "getgroups16.return" } -# waitpid__________________________________________ -/* +# gethostname ________________________________________________ +/* * asmlinkage long - * sys_wait4(pid_t pid, - * int __user *stat_addr, - * int options, - * struct rusage __user *ru) + * sys_gethostname(char __user *name, + * int len) */ -probe kernel.syscall.waitpid = - kernel.function("sys_wait4") { - name = "waitpid" - pid = $pid - status_uaddr = $stat_addr - options = $options - options_str = - _wait4_opt_str($options) - rusage_uaddr = $ru +probe kernel.syscall.gethostname = + kernel.function("sys_gethostname") { + name = "gethostname" + hostname_uaddr = $name + len = $len } -probe kernel.syscall.waitpid.return = - kernel.function("sys_wait4").return { - name = "waitpid.return" +probe kernel.syscall.gethostname.return = + kernel.function("sys_gethostname").return { + name = "gethostname.return" } -# set_tid_address__________________________________ -/* - * asmlinkage long - * sys_set_tid_address(int __user *tidptr) +# getitimer __________________________________________________ +/* + * asmlinkage long + * sys_getitimer(int which, + * struct itimerval __user *value) */ -probe kernel.syscall.set_tid_address = - kernel.function("sys_set_tid_address") { - name = "set_tid_address" - tidptr_uaddr = $tidptr +probe kernel.syscall.getitimer = + kernel.function("sys_getitimer") { + name = "getitimer" + which = $which + which_str = _itimer_which_str($which) + value_uaddr = $value + /* + * XXX NOT SAFE -- might sleep + * value_it_interval_tv_sec = __uget_itimerval_tv_m($value,0) + * value_it_interval_tv_usec = __uget_itimerval_tv_m($value,1) + * value_it_value_tv_sec = __uget_itimerval_tv_m($value,2) + * value_it_value_tv_usec = __uget_itimerval_tv_m($value,3) + */ } -probe kernel.syscall.set_tid_address.return = - kernel.function("sys_set_tid_address").return { - name = "set_tid_address.return" +probe kernel.syscall.getitimer.return = + kernel.function("sys_getitimer").return { + name = "getitimer.return" } -# futex____________________________________________ +# get_mempolicy ______________________________________________ /* - * asmlinkage long - * sys_futex(u32 __user *uaddr, - * int op, - * int val, - * struct timespec __user *utime, - * u32 __user *uaddr2, - * int val3) + * asmlinkage long + * sys_get_mempolicy(int __user *policy, + * unsigned long __user *nmask, + * unsigned long maxnode, + * unsigned long addr, + * unsigned long flags) */ -probe kernel.syscall.futex = - kernel.function("sys_futex") { - name = "futex" - futex_uaddr = $uaddr - op = $op - op_str = _futex_op_str($op) - val = $val - timeout_uaddr = $utime - uaddr2_uaddr = $uaddr2 - val3 = $val3 +/* +probe kernel.syscall.get_mempolicy = + kernel.function("sys_get_mempolicy") { + name = "get_mempolicy" + policy_uaddr = $policy + nmask_uaddr = $nmask + maxnode = $maxnode + addr = $addr + flags = $flags } -probe kernel.syscall.futex.return = - kernel.function("sys_futex").return { - name = "futex.return" +probe kernel.syscall.get_mempolicy.return = + kernel.function("sys_get_mempolicy").return { + name = "get_mempolicy.return" } -# init_module______________________________________ -/* - * sys_init_module(void __user *umod, - * unsigned long len, - * const char __user *uargs) +*/ +# getpeername ________________________________________________ +/* + * asmlinkage long + * sys_getpeername(int fd, + * struct sockaddr __user *usockaddr, + * int __user *usockaddr_len) */ -probe kernel.syscall.init_module = - kernel.function("sys_init_module") { - name = "init_module" - /* - umod_uaddr = $umod - */ - len = $len - uargs_uaddr = $uargs +probe kernel.syscall.getpeername = + kernel.function("sys_getpeername") { + name = "getpeername" + s = $fd + name_uaddr = $usockaddr + namelen_uaddr = $usockaddr_len } -probe kernel.syscall.init_module.return = - kernel.function("sys_init_module").return { - name = "init_module.return" +probe kernel.syscall.getpeername.return = + kernel.function("sys_getpeername").return { + name = "getpeername.return" } -# delete_module____________________________________ -/* +# getpgid ____________________________________________________ +/* * asmlinkage long - * sys_delete_module(const char __user *name_user, - * unsigned int flags) + * sys_getpgid(void) */ -probe kernel.syscall.delete_module = - kernel.function("sys_delete_module") { - name = "delete_module" - name_user_uaddr = $name_user - flags = $flags - flags_str = _module_flags_str($flags) +probe kernel.syscall.getpgid = + kernel.function("sys_getpgid") { + name = "getpgid" } -probe kernel.syscall.delete_module.return = - kernel.function("sys_delete_module").return { - name = "delete_module.return" +probe kernel.syscall.getpgid.return = + kernel.function("sys_getpgid").return { + name = "getpgid.return" } -# rt_sigprocmask___________________________________ +# getpgrp ____________________________________________________ /* - * asmlinkage long - * sys_rt_sigprocmask(int how, - * sigset_t __user *set, - * sigset_t __user *oset, - * size_t sigsetsize) + * asmlinkage long + * sys_getpgrp(void) */ -probe kernel.syscall.rt_sigprocmask = - kernel.function("sys_rt_sigprocmask") { - name = "rt_sigprocmask" - how = $how - how_str = _sigprocmask_how_str($how) - set_uaddr = $set - oset_uaddr = $oset - sigsetsize = $sigsetsize +probe kernel.syscall.getpgrp = + kernel.function("sys_getpgrp") { + name = "getpgrp" } -probe kernel.syscall.rt_sigprocmask.return = - kernel.function("sys_rt_sigprocmask").return { - name = "rt_sigprocmask.return" +probe kernel.syscall.getpgrp.return = + kernel.function("sys_getpgrp").return { + name = "getpgrp.return" } -# rt_sigpending____________________________________ -/* +# getpid _____________________________________________________ +/* * asmlinkage long - * sys_rt_sigpending(sigset_t __user *set, - * size_t sigsetsize) + * sys_getpid(void) */ -probe kernel.syscall.rt_sigpending = - kernel.function("do_sigpending") { - name = "rt_sigpending" - //set_uaddr = $set - sigsetsize = $sigsetsize +probe kernel.syscall.getpid = + kernel.function("sys_getpid") { + name = "getpid" } -probe kernel.syscall.rt_sigpending.return = - kernel.function("do_sigpending").return { - name = "rt_sigpending.return" +probe kernel.syscall.getpid.return = + kernel.function("sys_getpid").return { + name = "getpid.return" } -# rt_sigtimedwait__________________________________ +# getppid ____________________________________________________ /* * asmlinkage long - * sys_rt_sigtimedwait(const sigset_t __user *uthese, - * siginfo_t __user *uinfo, - * const struct timespec __user *uts, - * size_t sigsetsize) + * sys_getppid(void) */ -probe kernel.syscall.rt_sigtimedwait = - kernel.function("sys_rt_sigtimedwait") { - name = "rt_sigtimedwait" - uthese_uaddr = $uthese - uinfo_uaddr = $uinfo - uts_uaddr = $uts - sigsetsize = $sigsetsize +probe kernel.syscall.getppid = + kernel.function("sys_getppid") { + name = "getppid" } -probe kernel.syscall.rt_sigtimedwait.return = - kernel.function("sys_rt_sigtimedwait").return { - name = "rt_sigtimedwait.return" +probe kernel.syscall.getppid.return = + kernel.function("sys_getppid").return { + name = "getppid.return" } -# kill_____________________________________________ -/* - * asmlinkage long - * sys_kill(int pid, int sig) +# getpriority ________________________________________________ +/* + * asmlinkage long + * sys_getpriority(int which, + * int who) */ -probe kernel.syscall.kill = - kernel.function("sys_kill") { - name = "kill" - pid = $pid - sig = $sig +probe kernel.syscall.getpriority = + kernel.function("sys_getpriority") { + name = "getpriority" + which = $which + which_str = _priority_which_str($which) + who = $who } -probe kernel.syscall.kill.return = - kernel.function("sys_kill").return { - name = "kill.return" +probe kernel.syscall.getpriority.return = + kernel.function("sys_getpriority").return { + name = "getpriority.return" } -# tgkill___________________________________________ -/* - * asmlinkage long - * sys_tgkill(int tgid, - * int pid, - * int sig) +# getresgid __________________________________________________ +/* + * asmlinkage + * long sys_getresgid(gid_t __user *rgid, + * gid_t __user *egid, + * gid_t __user *sgid) */ -probe kernel.syscall.tgkill = - kernel.function("sys_tgkill") { - name = "tgkill" - tgid = $tgid - pid = $pid - sig = $sig +probe kernel.syscall.getresgid = + kernel.function("sys_getresgid") { + name = "getresgid" + rgid_uaddr = $rgid + egid_uaddr = $egid + sgid_uaddr = $sgid + /* + * XXX NOT SAFE -- might sleep + * rgid = __uget_num($rgid) + * egid = __uget_num($egid) + * sgid = __uget_num($sgid) + */ } -probe kernel.syscall.tgkill.return = - kernel.function("sys_tgkill").return { - name = "tgkill.return" +probe kernel.syscall.getresgid.return = + kernel.function("sys_getresgid").return { + name = "getresgid.return" } -# tkill____________________________________________ -/* - * asmlinkage long - * sys_tkill(int pid, - * int sig) +# getresgid16 ________________________________________________ +/* + * asmlinkage long + * sys_getresgid16(old_uid_t __user *rgid, + * old_uid_t __user *egid, + * old_uid_t __user *sgid) */ -probe kernel.syscall.tkill = - kernel.function("sys_tkill") { - name = "tkill" - pid = $pid - sig = $sig +probe kernel.syscall.getresgid16 = + kernel.function("sys_getresgid") { + name = "getresgid16" + rgid_uaddr = $rgid + egid_uaddr = $egid + sgid_uaddr = $sgid } -probe kernel.syscall.tkill.return = - kernel.function("sys_tkill").return { - name = "tkill.return" +probe kernel.syscall.getresgid16.return = + kernel.function("sys_getresgid").return { + name = "getresgid16.return" } -# rt_sigqueueinfo__________________________________ -/* +# getresuid __________________________________________________ +/* * asmlinkage long - * sys_rt_sigqueueinfo(int pid, - * int sig, - * siginfo_t __user *uinfo) + * sys_getresuid(uid_t __user *ruid, + * uid_t __user *euid, + * uid_t __user *suid) */ -probe kernel.syscall.rt_sigqueueinfo = - kernel.function("sys_rt_sigqueueinfo") { - name = "rt_sigqueueinfo" - pid = $pid - sig = $sig - uinfo_uaddr = $uinfo +probe kernel.syscall.getresuid = + kernel.function("sys_getresuid") { + name = "getresuid" + ruid_uaddr = $ruid + euid_uaddr = $euid + suid_uaddr = $suid + /* + * XXX NOT SAFE -- might sleep + * ruid = __uget_num($ruid) + * euid = __uget_num($euid) + * suid = __uget_num($suid) + */ } -probe kernel.syscall.rt_sigqueueinfo.return = - kernel.function("sys_rt_sigqueueinfo").return { - name = "rt_sigqueueinfo.return" +probe kernel.syscall.getresuid.return = + kernel.function("sys_getresuid").return { + name = "getresuid.return" } -# sgetmask_________________________________________ -/* - * sys_sgetmask(void) +# getresuid16 ________________________________________________ +/* + * asmlinkage long + * sys_getresuid16(old_uid_t __user *ruid, + * old_uid_t __user *euid, + * old_uid_t __user *suid) */ -probe kernel.syscall.sgetmask = - kernel.function("sys_sgetmask") { - name = "sgetmask" +probe kernel.syscall.getresuid16 = + kernel.function("sys_getresuid") { + name = "getresuid16" + ruid_uaddr = $ruid + euid_uaddr = $euid + suid_uaddr = $suid } -probe kernel.syscall.sgetmask.return = - kernel.function("sys_sgetmask").return { - name = "sgetmask.return" +probe kernel.syscall.getresuid16.return = + kernel.function("sys_getresuid").return { + name = "getresuid16.return" } -# ssetmask_________________________________________ -/* - * asmlinkage long - * sys_ssetmask(int newmask) +# getrlimit __________________________________________________ +/* + * asmlinkage long + * sys_getrlimit(unsigned int resource, + * struct rlimit __user *rlim) */ -probe kernel.syscall.ssetmask = - kernel.function("sys_ssetmask") { - name = "ssetmask" - newmask = $newmask +probe kernel.syscall.getrlimit = + kernel.function("sys_getrlimit") { + name = "getrlimit" + resource = $resource + resource_str = _rlimit_resource_str($resource) + rlim_uaddr = $rlim } -probe kernel.syscall.ssetmask.return = - kernel.function("sys_ssetmask").return { - name = "ssetmask.return" +probe kernel.syscall.getrlimit.return = + kernel.function("sys_getrlimit").return { + name = "getrlimit.return" } -# signal___________________________________________ -/* - * asmlinkage unsigned long - * sys_signal(int sig, - * __sighandler_t handler) +# getrusage __________________________________________________ +/* + * asmlinkage long + * sys_getrusage(int who, + * struct rusage __user *ru) */ -probe kernel.syscall.signal = - kernel.function("sys_signal") { - name = "signal" - sig = $sig - /* - handler = $handler - */ +probe kernel.syscall.getrusage = + kernel.function("sys_getrusage") { + name = "getrusage" + who = $who + who_str = _rusage_who_str($who) + usage_uaddr = $ru } -probe kernel.syscall.signal.return = - kernel.function("sys_signal").return { - name = "signal.return" +probe kernel.syscall.getrusage.return = + kernel.function("sys_getrusage").return { + name = "getrusage.return" } -# pause____________________________________________ -/* - * sys_pause(void) +# getsid _____________________________________________________ +/* + * asmlinkage long + * sys_getsid(pid_t pid) */ -probe kernel.syscall.pause = - kernel.function("sys_pause") { - name = "pause" +probe kernel.syscall.getsid = + kernel.function("sys_getsid") { + name = "getsid" + pid = $pid } -probe kernel.syscall.pause.return = - kernel.function("sys_pause").return { - name = "pause.return" +probe kernel.syscall.getsid.return = + kernel.function("sys_getsid").return { + name = "getsid.return" } -# sync_____________________________________________ -/* - * asmlinkage long - * sys_sync(void) +# getsockname ________________________________________________ +/* + * asmlinkage long + * sys_getsockname(int fd, + * struct sockaddr __user *usockaddr, + * int __user *usockaddr_len) */ -probe kernel.syscall.sync = - kernel.function("do_sync") { - name = "sync" +probe kernel.syscall.getsockname = + kernel.function("sys_getsockname") { + name = "getsockname" + s = $fd + name_uaddr = $usockaddr + namelen_uaddr = $usockaddr_len } -probe kernel.syscall.sync.return = - kernel.function("do_sync").return { - name = "sync.return" +probe kernel.syscall.getsockname.return = + kernel.function("sys_getsockname").return { + name = "getsockname.return" } -# fsync____________________________________________ -/* - * asmlinkage long - * sys_fsync(unsigned int fd) +# getsockopt _________________________________________________ +/* + * asmlinkage long + * sys_getsockopt(int fd, + * int level, + * int optname, + * char __user *optval, + * int __user *optlen) */ -probe kernel.syscall.fsync = - kernel.function("sys_fsync") { - name = "fsync" +probe kernel.syscall.getsockopt = + kernel.function("sys_getsockopt") { + name = "getsockopt" fd = $fd + level = $level + level_str = _sockopt_level_str($level) + optname = $optname + optname_str = _sockopt_optname_str($optname) + optval_uaddr = $optval + optlen_uaddr = $optlen } -probe kernel.syscall.fsync.return = - kernel.function("sys_fsync").return { - name = "fsync.return" - fd = $fd +probe kernel.syscall.getsockopt.return = + kernel.function("sys_getsockopt").return { + name = "getsockopt.return" } -# fdatasync________________________________________ -/* - * asmlinkage long - * sys_fdatasync(unsigned int fd) +# get_thread_area ____________________________________________ +/* + * asmlinkage int + * sys_get_thread_area(struct user_desc __user *u_info) */ -probe kernel.syscall.fdatasync = - kernel.function("sys_fdatasync") { - name = "fdatasync" - fd = $fd +probe kernel.syscall.get_thread_area = + kernel.function("sys_get_thread_area") { + name = "get_thread_area" + u_info_uaddr = $u_info } -probe kernel.syscall.fdatasync.return = - kernel.function("sys_fdatasync").return { - name = "fdatasync.return" +probe kernel.syscall.get_thread_area.return = + kernel.function("sys_get_thread_area").return { + name = "get_thread_area.return" } -# bdflush__________________________________________ -/* - * asmlinkage long - * sys_bdflush(int func, - * long data) +# gettid _____________________________________________________ +/* + * asmlinkage long + * sys_gettid(void) */ -probe kernel.syscall.bdflush = - kernel.function("sys_bdflush") { - name = "bdflush" - func = $func - data = $data +probe kernel.syscall.gettid = + kernel.function("sys_gettid") { + name = "gettid" } -probe kernel.syscall.bdflush.return = - kernel.function("sys_bdflush").return { - name = "bdflush.return" +probe kernel.syscall.gettid.return = + kernel.function("sys_gettid").return { + name = "gettid.return" } -# mount____________________________________________ -/* - * asmlinkage long - * sys_mount(char __user * dev_name, - * char __user * dir_name, - * char __user * type, - * unsigned long flags, - * void __user * data) +# gettimeofday _______________________________________________ +/* + * asmlinkage long + * sys_gettimeofday(struct timeval __user *tv, + * struct timezone __user *tz) */ -probe kernel.syscall.mount = - kernel.function("sys_mount") { - name = "mount" - source_uaddr = $dev_name - target_uaddr = $dir_name - filesystemtype_uaddr = $type - mountflags = $flags - mountflags_str = - _mountflags_str($flags) - /* - data_uaddr = $data - */ +probe kernel.syscall.gettimeofday = + kernel.function("sys_gettimeofday") { + name = "gettimeofday" + tv_uaddr = $tv + tz_uaddr = $tz + /* + * XXX NOT SAFE -- might sleep + * tv_tv_sec = __uget_tv_m($tv,0) + * tv_tv_usec = __uget_tv_m($tv,1) + * tz_tz_minuteswest = __uget_tz_m($tz,0) + * tz_tz_dsttime = __uget_tz_m($tz,1) + */ } -probe kernel.syscall.mount.return = - kernel.function("sys_mount").return { - name = "mount.return" +probe kernel.syscall.gettimeofday.return = + kernel.function("sys_gettimeofday").return { + name = "gettimeofday.return" } -# umount___________________________________________ -/* - * asmlinkage long - * sys_umount(char __user * name, - * int flags) +# getuid _____________________________________________________ +/* + * asmlinkage long + * sys_getuid(void) */ -probe kernel.syscall.umount = - kernel.function("sys_umount") { - name = "umount" - target_uaddr = $name - flags = $flags - flags_str = _mountflags_str($flags) +probe kernel.syscall.getuid = + kernel.function("sys_getuid") { + name = "getuid" } -probe kernel.syscall.umount.return = - kernel.function("sys_umount").return { - name = "umount.return" +probe kernel.syscall.getuid.return = + kernel.function("sys_getuid").return { + name = "getuid.return" } -# oldumount________________________________________ -/* - * asmlinkage long - * sys_oldumount(char __user * name) +# getuid16 ___________________________________________________ +/* + * asmlinkage long + * sys_getuid16(void) */ -probe kernel.syscall.oldumount = - kernel.function("sys_umount") { - name = "oldumount" - target_uaddr = $name +probe kernel.syscall.getuid16 = + kernel.function("sys_getuid16") { + name = "getuid16" } -probe kernel.syscall.oldumount.return = - kernel.function("sys_umount").return { - name = "oldumount.return" +probe kernel.syscall.getuid16.return = + kernel.function("sys_getuid16").return { + name = "getuid16.return" } -# truncate_________________________________________ -/* - * asmlinkage long - * sys_truncate(const char __user * path, - * unsigned long length) +# getxattr ___________________________________________________ +/* + * asmlinkage ssize_t + * sys_getxattr(char __user *path, + * char __user *name, + * void __user *value, + * size_t size) */ -probe kernel.syscall.truncate = - kernel.function("sys_truncate") { - name = "truncate" +probe kernel.syscall.getxattr = + kernel.function("sys_getxattr") { + name = "getxattr" path_uaddr = $path - length = $length + name_uaddr = $name + value_uaddr = $value + size = $size } -probe kernel.syscall.truncate.return = - kernel.function("sys_truncate").return { - name = "truncate.return" +probe kernel.syscall.getxattr.return = + kernel.function("sys_getxattr").return { + name = "getxattr.return" } -# ftruncate________________________________________ -/* - * static inline long - * do_sys_ftruncate(unsigned int fd, - * loff_t length, - * int small) +# init_module ________________________________________________ +/* + * sys_init_module(void __user *umod, + * unsigned long len, + * const char __user *uargs) */ -probe kernel.syscall.ftruncate = - kernel.function("sys_ftruncate") { - name = "ftruncate" - fd = $fd - length = $length +probe kernel.syscall.init_module = + kernel.function("sys_init_module") { + name = "init_module" + umod_uaddr = $umod + len = $len + uargs_uaddr = $uargs } -probe kernel.syscall.ftruncate.return = - kernel.function("sys_ftrancate").return { - name = "ftruncate.return" +probe kernel.syscall.init_module.return = + kernel.function("sys_init_module").return { + name = "init_module.return" } -# stat_____________________________________________ -/* +# inotify_add_watch __________________________________________ +/* * asmlinkage long - * sys_stat(char __user * filename, - * struct __old_kernel_stat __user * statbuf) + * sys_inotify_add_watch(int fd, + * const char __user *path, + * u32 mask) */ -probe kernel.syscall.stat = - kernel.function("sys_stat") { - name = "stat" - filename_uaddr = $filename - buf_uaddr = $statbuf - } -probe kernel.syscall.stat.return = - kernel.function("sys_stat").return { - name = "stat.return" - } -# statfs___________________________________________ -/* - * asmlinkage long - * sys_statfs(const char __user * path, - * struct statfs __user * buf) - */ -probe kernel.syscall.statfs = - kernel.function("sys_statfs") { - name = "statfs" +probe kernel.syscall.inotify_add_watch = + kernel.function("sys_inotify_add_watch") { + name = "inotify_add_watch" + fd = $fd path_uaddr = $path - buf_uaddr = $buf + mask = $mask } -probe kernel.syscall.statfs.return = - kernel.function("sys_statfs").return { - name = "statfs.return" +probe kernel.syscall.inotify_add_watch.return = + kernel.function("sys_inotify_add_watch").return { + name = "inotify_add_watch.return" } -# statfs64_________________________________________ -/* - * asmlinkage long - * sys_statfs64(const char __user *path, - * size_t sz, - * struct statfs64 __user *buf) +# inotify_init _______________________________________________ +/* + * asmlinkage long + * sys_inotify_init(void) + * */ -probe kernel.syscall.statfs64 = - kernel.function("sys_statfs64") { - name = "statfs64" - path_uaddr = $path - sz = $sz - buf_uaddr = $buf - } -probe kernel.syscall.statfs64.return = - kernel.function("sys_statfs64").return { - name = "statfs64.return" +probe kernel.syscall.inotify_init = + kernel.function("sys_inotify_init") { + name = "inotify_init" } -# fstatfs__________________________________________ -/* - * asmlinkage long - * sys_fstatfs(unsigned int fd, - * struct statfs __user * buf) - */ -probe kernel.syscall.fstatfs = - kernel.function("sys_fstatfs") { - name = "fstatfs" - fd = $fd - buf_uaddr = $buf +probe kernel.syscall.inotify_init.return = + kernel.function("sys_inotify_init").return { + name = "inotify_init.return" } -probe kernel.syscall.fstatfs.return = - kernel.function("sys_fstatfs").return { - name = "fstatfs.return" - } -# fstatfs64________________________________________ -/* - * asmlinkage long - * sys_fstatfs64(unsigned int fd, - * size_t sz, - * struct statfs64 __user *buf) +# inotify_rm_watch ___________________________________________ +/* + * asmlinkage long + * sys_inotify_rm_watch(int fd, + * u32 wd) */ -probe kernel.syscall.fstatfs64 = - kernel.function("sys_fstatfs64") { - name = "fstatfs64" +probe kernel.syscall.inotify_rm_watch = + kernel.function("sys_inotify_rm_watch") { + name = "inotify_rm_watch" fd = $fd - sz = $sz - buf_uaddr = $buf + wd = $wd } -probe kernel.syscall.fstatfs64.return = - kernel.function("sys_fstatfs64").return { - name = "fstatfs64.return" +probe kernel.syscall.inotify_rm_watch.return = + kernel.function("sys_inotify_rm_watch").return { + name = "inotify_rm_watch.return" } -# lstat____________________________________________ -/* - * asmlinkage long - * sys_lstat(char __user * filename, - * struct __old_kernel_stat __user * statbuf) +# io_cancel __________________________________________________ +/* + * asmlinkage long + * sys_io_cancel(aio_context_t ctx_id, + * struct iocb __user *iocb, + * struct io_event __user *result) */ -probe kernel.syscall.lstat = - kernel.function("sys_lstat") { - name = "lstat" - filename_uaddr = $filename - buf_uaddr = $statbuf +probe kernel.syscall.io_cancel = + kernel.function("sys_io_cancel") { + name = "io_cancel" + ctx_id = $ctx_id + iocb_uaddr = $iocb + result_uaddr = $result } -probe kernel.syscall.lstat.return = - kernel.function("sys_lstat").return { - name = "lstat.return" +probe kernel.syscall.io_cancel.return = + kernel.function("sys_io_cancel").return { + name = "io_cancel.return" } -# fstat____________________________________________ -/* - * asmlinkage long - * sys_fstat(unsigned int fd, - * struct __old_kernel_stat __user * statbuf) +# ioctl ______________________________________________________ +/* + * asmlinkage long + * sys_ioctl(unsigned int fd, + * unsigned int cmd, + * unsigned long arg) */ -probe kernel.syscall.fstat = - kernel.function("sys_fstat") { - name = "fstat" +probe kernel.syscall.ioctl = + kernel.function("sys_ioctl") { + name = "ioctl" fd = $fd - buf_uaddr = $statbuf -} -probe kernel.syscall.fstat.return = - kernel.function("sys_fstat").return { - name = "fstat.return" + request = $cmd + argp = $arg } -# newstat__________________________________________ -/* - * asmlinkage long - * sys_newstat(char __user * filename, - * struct stat __user * statbuf) - */ +probe kernel.syscall.ioctl.return = + kernel.function("sys_ioctl").return { + name = "ioctl.return" + } +# io_destroy _________________________________________________ /* -probe kernel.syscall.newstat = - kernel.function("sys_newstat") { - name = "newstat" - filename_uaddr = $filename - buf_uaddr = $statbuf + * asmlinkage long + * sys_io_destroy(aio_context_t ctx) + */ +probe kernel.syscall.io_destroy = + kernel.function("sys_io_destroy") { + name = "io_destroy" + ctx = $ctx } -probe kernel.syscall.newstat.return = - kernel.function("sys_newstat").return { - name = "newstat.return" +probe kernel.syscall.io_destroy.return = + kernel.function("sys_io_destroy").return { + name = "io_destroy.return" } -*/ -# newlstat_________________________________________ -/* - * asmlinkage long - * sys_newlstat(char __user * filename, - * struct stat __user * statbuf) - */ +# io_getevents _______________________________________________ /* -probe kernel.syscall.newlstat = - kernel.function("sys_newlstat") { - name = "newlstat" - filename_uaddr = $filename - buf_uaddr = $statbuf + * asmlinkage long + * sys_io_getevents(aio_context_t ctx_id, + * long min_nr, + * long nr, + * struct io_event __user *events, + * struct timespec __user *timeout) + */ +probe kernel.syscall.io_getevents = + kernel.function("sys_io_getevents") { + name = "io_getevents" + ctx_id = $ctx_id + min_nr = $min_nr + nr = $nr + events_uaddr = $events + timeout_uaddr = $timeout } -probe kernel.syscall.newlstat.return = - kernel.function("sys_newlstat").return { - name = "newlstat.return" +probe kernel.syscall.io_getevents.return = + kernel.function("sys_io_getevents").return { + name = "io_getevents.return" } -*/ -# newfstat_________________________________________ -/* - * asmlinkage long - * sys_newfstat(unsigned int fd, - * struct stat __user * statbuf) - */ +# ioperm _____________________________________________________ /* -probe kernel.syscall.newfstat = - kernel.function("sys_newfstat") { - name = "newfstat" - fd = $fd - buf_uaddr = $statbuf + * asmlinkage long + * sys_ioperm(unsigned long from, + * unsigned long num, + * int turn_on) + */ +probe kernel.syscall.ioperm = + kernel.function("sys_ioperm") { + name = "ioperm" + from = $from + num = $num + turn_on = $turn_on } -probe kernel.syscall.newfstat.return = - kernel.function("sys_newfstat").return { - name = "newfstat.return" +probe kernel.syscall.ioperm.return = + kernel.function("sys_ioperm").return { + name = "ioperm.return" } -*/ -# ustat____________________________________________ -/* - * asmlinkage long - * sys_ustat(unsigned dev, - * struct ustat __user * ubuf) +# iopl _______________________________________________________ +/* + * asmlinkage long + * sys_iopl(unsigned long unused) */ -probe kernel.syscall.ustat = - kernel.function("sys_ustat") { - name = "ustat" - dev = $dev - ubuf_uaddr = $ubuf +probe kernel.syscall.iopl = + kernel.function("sys_iopl") { + name = "iopl" + level = $unused } -probe kernel.syscall.ustat.return = - kernel.function("sys_ustat").return { - name = "ustat.return" +probe kernel.syscall.iopl.return = + kernel.function("sys_iopl").return { + name = "iopl.return" } -# stat64___________________________________________ -/* - * asmlinkage long - * sys_stat64(char __user * filename, - * struct stat64 __user * statbuf) +# ioprio_get _________________________________________________ +/* + * asmlinkage long + * sys_ioprio_get(int which, + * int who) */ -probe kernel.syscall.stat64 = - kernel.function("sys_stat64") { - name = "stat64" - filename_uaddr = $filename - buf_uaddr = $statbuf +probe kernel.syscall.ioprio_get = + kernel.function("sys_ioprio_get") { + name = "ioprio_get" + which = $which + who = $who } -probe kernel.syscall.stat64.return = - kernel.function("sys_stat64").return { - name = "stat64.return" +probe kernel.syscall.ioprio_get.return = + kernel.function("sys_ioprio_get").return { + name = "ioprio_get.return" } -# fstat64__________________________________________ -/* - * asmlinkage long - * sys_fstat64(unsigned long fd, - * struct stat64 __user * statbuf) +# ioprio_set _________________________________________________ +/* + * asmlinkage long + * sys_ioprio_set(int which, + * int who, + * int ioprio) */ -probe kernel.syscall.fstat64 = - kernel.function("sys_fstat64") { - name = "fstat64" - fd = $fd - buf_uaddr = $statbuf +probe kernel.syscall.ioprio_set = + kernel.function("sys_ioprio_set") { + name = "ioprio_set" + which = $which + who = $who + ioprio = $ioprio } -probe kernel.syscall.fstat64.return = - kernel.function("sys_fstat64").return { - name = "fstat64.return" +probe kernel.syscall.ioprio_set.return = + kernel.function("sys_ioprio_set").return { + name = "ioprio_set.return" } -# lstat64__________________________________________ -/* - * asmlinkage long - * sys_lstat64(char __user * filename, - * struct stat64 __user * statbuf) - */ -probe kernel.syscall.lstat64 = - kernel.function("sys_lstat64") { - name = "lstat64" - filename_uaddr = $filename - buf_uaddr = $statbuf +# io_setup ___________________________________________________ +/* + * asmlinkage long + * sys_io_setup(unsigned nr_events, + * aio_context_t __user *ctxp) + */ +probe kernel.syscall.io_setup = + kernel.function("sys_io_setup") { + name = "io_setup" + maxevents = $nr_events + ctxp_uaddr = $ctxp } -probe kernel.syscall.lstat64.return = - kernel.function("sys_lstat64").return { - name = "lstat64.return" +probe kernel.syscall.io_setup.return = + kernel.function("sys_io_setup").return { + name = "io_setup.return" } -# truncate64_______________________________________ -/* - * asmlinkage long - * sys_truncate64(const char __user * path, - * loff_t length) +# io_submit __________________________________________________ +/* + * asmlinkage long + * sys_io_submit(aio_context_t ctx_id, + * long nr, + * struct iocb __user * __user *iocbpp) */ -probe kernel.syscall.truncate64 = - kernel.function("sys_truncate") { - name = "truncate64" - path_uaddr = $path - length = $length +probe kernel.syscall.io_submit = + kernel.function("sys_io_submit") { + name = "io_submit" + ctx_id = $ctx_id + nr = $nr + iocbpp_uaddr = $iocbpp +} +probe kernel.syscall.io_submit.return = + kernel.function("sys_io_submit").return { + name = "io_submit.return" } -probe kernel.syscall.truncate64.return = - kernel.function("sys_truncate").return { - name = "truncate64.return" +# ipc ________________________________________________________ +/* + * asmlinkage int + * sys_ipc(uint call, + * int first, + * int second, + * int third, + * void __user *ptr, + * long fifth) + */ +probe kernel.syscall.ipc = + kernel.function("sys_ipc") { + name = "ipc" + call = $call + first = $first + second = $second + third = $third + ptr_uaddr = $ptr + fifth = $fifth } -# ftruncate64______________________________________ -/* - * asmlinkage long - * sys_ftruncate64(unsigned int fd, - * loff_t length) +probe kernel.syscall.ipc.return = + kernel.function("sys_ipc").return { + name = "ipc.return" + } +# kexec_load _________________________________________________ +/* + * asmlinkage long + * sys_kexec_load(unsigned long entry, + * unsigned long nr_segments, + * struct kexec_segment __user *segments, + * unsigned long flags) */ -probe kernel.syscall.ftruncate64 = - kernel.function("sys_ftruncate") { - name = "ftruncate64" - fd = $fd - length = $length +/* +probe kernel.syscall.kexec_load = + kernel.function("sys_kexec_load") { + name = "kexec_load" + entry = $entry + nr_segments = $nr_segments + segments_uaddr = $segments_uaddr + flags = $flags } -probe kernel.syscall.ftruncate64.return = - kernel.function("sys_ftruncate").return { - name = "ftruncate64.return" +probe kernel.syscall.kexec_load.return = + kernel.function("sys_kexec_load").return { + name = "kexec_load.return" } -# setxattr_________________________________________ -/* +*/ +# keyctl _____________________________________________________ +/* * asmlinkage long - * sys_setxattr(char __user *path, - * char __user *name, - * void __user *value, - * size_t size, - * int flags) + * sys_keyctl(int option, + * unsigned long arg2, + * unsigned long arg3, + * unsigned long arg4, + * unsigned long arg5) */ -probe kernel.syscall.setxattr = - kernel.function("sys_setxattr") { - name = "setxattr" - path_uaddr = $path - name_uaddr = $name - /* - void __user *value - */ - size = $size - flags = $flags +probe kernel.syscall.keyctl = + kernel.function("sys_keyctl") { + name = "keyctl" + option = $option + arg2 = $arg2 + arg3 = $arg3 + arg4 = $arg4 + arg5 = $arg5 } -probe kernel.syscall.setxattr.return = - kernel.function("sys_setxattr").return { - name = "setxattr.return" +probe kernel.syscall.keyctl.return = + kernel.function("sys_keyctl").return { + name = "keyctl.return" } -# lsetxattr________________________________________ -/* +# kill _______________________________________________________ +/* * asmlinkage long - * sys_lsetxattr(char __user *path, - * char __user *name, - * void __user *value, - * size_t size, - * int flags) + * sys_kill(int pid, int sig) */ -probe kernel.syscall.lsetxattr = - kernel.function("sys_lsetxattr") { - name = "lsetxattr" - path_uaddr = $path - name_uaddr = $name - /* - void __user *value - */ - size = $size - flags = $flags +probe kernel.syscall.kill = + kernel.function("sys_kill") { + name = "kill" + pid = $pid + sig = $sig } -probe kernel.syscall.lsetxattr.return = - kernel.function("sys_lsetxattr").return { - name = "lsetxattr.return" +probe kernel.syscall.kill.return = + kernel.function("sys_kill").return { + name = "kill.return" } -# fsetxattr________________________________________ -/* - * asmlinkage long - * sys_fsetxattr(int fd, - * char __user *name, - * void __user *value, - * size_t size, - * int flags) +# lchown _____________________________________________________ +/* + * asmlinkage long + * sys_lchown(const char __user * filename, + * uid_t user, + * gid_t group) */ -probe kernel.syscall.fsetxattr = - kernel.function("sys_fsetxattr") { - name = "fsetxattr" - fildes = $fd - name_uaddr = $name - /* - void __user *value - */ - size = $size - flags = $flags +probe kernel.syscall.lchown = + kernel.function("sys_lchown") { + name = "lchown" + path_uaddr = $filename + owner = $user + group = $group } -probe kernel.syscall.fsetxattr.return = - kernel.function("sys_fsetxattr").return { - name = "fsetxattr.return" +probe kernel.syscall.lchown.return = + kernel.function("sys_lchown").return { + name = "lchown.return" } -# getxattr_________________________________________ -/* - * asmlinkage ssize_t - * sys_getxattr(char __user *path, - * char __user *name, - * void __user *value, - * size_t size) +# lchown16 ___________________________________________________ +/* + * asmlinkage long + * sys_lchown16(const char __user * filename, + * old_uid_t user, + * old_gid_t group) */ -probe kernel.syscall.getxattr = - kernel.function("sys_getxattr") { - name = "getxattr" - path_uaddr = $path - name_uaddr = $name - /* - void __user *value - */ - size = $size +probe kernel.syscall.lchown16 = + kernel.function("sys_lchown") { + name = "lchown16" + path_uaddr = $filename + owner = $user + group = $group } -probe kernel.syscall.getxattr.return = - kernel.function("sys_getxattr").return { - name = "getxattr.return" +probe kernel.syscall.lchown16.return = + kernel.function("sys_lchown").return { + name = "lchown16.return" } -# lgetxattr________________________________________ -/* - * asmlinkage ssize_t - * sys_lgetxattr(char __user *path, +# lgetxattr __________________________________________________ +/* + * asmlinkage ssize_t + * sys_lgetxattr(char __user *path, * char __user *name, * void __user *value, * size_t size) */ -probe kernel.syscall.lgetxattr = +probe kernel.syscall.lgetxattr = kernel.function("sys_lgetxattr") { name = "lgetxattr" path_uaddr = $path name_uaddr = $name - /* - void __user *value - */ + value_uaddr = $value size = $size } -probe kernel.syscall.lgetxattr.return = +probe kernel.syscall.lgetxattr.return = kernel.function("sys_lgetxattr").return { name = "lgetxattr.return" } -# fgetxattr________________________________________ -/* - * asmlinkage ssize_t - * sys_fgetxattr(int fd, - * char __user *name, - * void __user *value, - * size_t size) +# link _______________________________________________________ +/* + * asmlinkage long + * sys_link(const char __user * oldname, + * const char __user * newname) */ -probe kernel.syscall.fgetxattr = - kernel.function("sys_fgetxattr") { - name = "fgetxattr" - fildes = $fd - path_uaddr = $name - /* - void __user *value - */ - size = $size +probe kernel.syscall.link = + kernel.function("sys_link") { + name = "link" + oldpath_uaddr = $oldname + newpath_uaddr = $newname } -probe kernel.syscall.fgetxattr.return = - kernel.function("sys_fgetxattr").return { - name = "fgetxattr.return" +probe kernel.syscall.link.return = + kernel.function("sys_link").return { + name = "link.return" } -# listxattr________________________________________ -/* +# listen _____________________________________________________ +/* + * asmlinkage long + * sys_listen(int fd, + * int backlog) + */ +probe kernel.syscall.listen = + kernel.function("sys_listen") { + name = "listen" + s = $fd + backlog = $backlog + } +probe kernel.syscall.listen.return = + kernel.function("sys_listen").return { + name = "listen.return" + } +# listxattr __________________________________________________ +/* * asmlinkage ssize_t * sys_listxattr(char __user *path, * char __user *list, * size_t size) */ -probe kernel.syscall.listxattr = +probe kernel.syscall.listxattr = kernel.function("sys_listxattr") { name = "listxattr" path_uaddr = $path list_uaddr = $list size = $size } -probe kernel.syscall.listxattr.return = +probe kernel.syscall.listxattr.return = kernel.function("sys_listxattr").return { name = "listxattr.return" } -# llistxattr_______________________________________ -/* +# llistxattr _________________________________________________ +/* * asmlinkage ssize_t * sys_llistxattr(char __user *path, * char __user *list, * size_t size) */ -probe kernel.syscall.llistxattr = +probe kernel.syscall.llistxattr = kernel.function("sys_llistxattr") { name = "llistxattr" path_uaddr = $path list_uaddr = $list size = $size } -probe kernel.syscall.llistxattr.return = +probe kernel.syscall.llistxattr.return = kernel.function("sys_llistxattr").return { name = "llistxattr.return" } -# flistxattr_______________________________________ -/* - * asmlinkage ssize_t - * sys_flistxattr(int fd, - * char __user *list, - * size_t size) +# llseek _____________________________________________________ +/* + * asmlinkage long + * sys_llseek(unsigned int fd, + * unsigned long offset_high, + * unsigned long offset_low, + * loff_t __user * result, + * unsigned int origin) */ -probe kernel.syscall.flistxattr = - kernel.function("sys_flistxattr") { - name = "flistxattr" - fildes = $fd - list_uaddr = $list - size = $size +probe kernel.syscall.llseek = + kernel.function("sys_llseek") { + name = "llseek" + fd = $fd + offset_high = $offset_high + offset_low = $offset_low + result_uaddr = $result + whence = $origin + whence_str = _seek_whence_str($origin) } -probe kernel.syscall.flistxattr.return = - kernel.function("sys_flistxattr").return { - name = "flistxattr.return" +probe kernel.syscall.llseek.return = + kernel.function("sys_llseek").return { + name = "llseek.return" } -# removexattr______________________________________ -/* +# lookup_dcookie _____________________________________________ +/* * asmlinkage long - * sys_removexattr(char __user *path, - * char __user *name) + * sys_lookup_dcookie(u64 cookie64, + * char __user * buf, + * size_t len) */ -probe kernel.syscall.removexattr = - kernel.function("sys_removexattr") { - name = "removexattr" - path_uaddr = $path - name_uaddr = $name +probe kernel.syscall.lookup_dcookie = + kernel.function("sys_lookup_dcookie") { + name = "lookup_dcookie" + cookie = $cookie64 + buffer_uaddr = $buf + len = $len } -probe kernel.syscall.removexattr.return = - kernel.function("sys_removexattr").return { - name = "removexattr.return" +probe kernel.syscall.lookup_dcookie.return = + kernel.function("sys_lookup_dcookie").return { + name = "lookup_dcookie.return" } -# lremovexattr_____________________________________ +# lremovexattr _______________________________________________ /* * asmlinkage long * sys_lremovexattr(char __user *path, - * char __user *name) - */ -probe kernel.syscall.lremovexattr = + * char __user *name) + */ +probe kernel.syscall.lremovexattr = kernel.function("sys_lremovexattr") { name = "lremovexattr" path_uaddr = $path name_uaddr = $name } -probe kernel.syscall.lremovexattr.return = +probe kernel.syscall.lremovexattr.return = kernel.function("sys_lremovexattr").return { name = "lremovexattr.return" } -# fremovexattr_____________________________________ -/* - * asmlinkage long - * sys_fremovexattr(int fd, - * char __user *name) - */ -probe kernel.syscall.fremovexattr = - kernel.function("sys_fremovexattr") { - name = "fremovexattr" - filedes = $fd - name_uaddr = $name - } -probe kernel.syscall.fremovexattr.return = - kernel.function("sys_fremovexattr").return { - name = "fremovexattr.return" - } -# brk______________________________________________ -/* - * asmlinkage unsigned long - * sys_brk(unsigned long brk) - */ -probe kernel.syscall.brk = - kernel.function("sys_brk") { - name = "brk" - brk = $brk - } -probe kernel.syscall.brk.return = - kernel.function("sys_brk").return { - name = "brk.return" - } -# mprotect_________________________________________ -/* - * asmlinkage long - * sys_mprotect(unsigned long start, - * size_t len, - * unsigned long prot) - */ -probe kernel.syscall.mprotect = - kernel.function("sys_mprotect") { - name = "mprotect" - addr = $start - len = $len - prot = $prot - prot_str = _mprotect_prot_str($prot) - } -probe kernel.syscall.mprotect.return = - kernel.function("sys_mprotect").return { - name = "mprotect.return" - } -# mremap___________________________________________ -/* - * asmlinkage unsigned long - * sys_mremap(unsigned long addr, - * unsigned long old_len, - * unsigned long new_len, - * unsigned long flags, - * unsigned long new_addr) +# lseek ______________________________________________________ +/* + * asmlinkage off_t + * sys_lseek(unsigned int fd, + * off_t offset, + * unsigned int origin) */ -probe kernel.syscall.mremap = - kernel.function("sys_mremap") { - name = "mremap" - old_address = $addr - old_size = $old_len - new_size = $new_len - flags = $flags - new_address = $new_addr +probe kernel.syscall.lseek = + kernel.function("sys_lseek") { + name = "lseek" + fildes = $fd + offset = $offset + whence = $origin + whence_str = _seek_whence_str($origin) } -probe kernel.syscall.mremap.return = - kernel.function("sys_mremap").return { - name = "mremap.return" +probe kernel.syscall.lseek.return = + kernel.function("sys_lseek").return { + name = "lseek.return" } -# remap_file_pages_________________________________ -/* - * asmlinkage long - * sys_remap_file_pages(unsigned long start, - * unsigned long size, - * unsigned long __prot, - * unsigned long pgoff, - * unsigned long flags) +# lsetxattr __________________________________________________ +/* + * asmlinkage long + * sys_lsetxattr(char __user *path, + * char __user *name, + * void __user *value, + * size_t size, + * int flags) */ -probe kernel.syscall.remap_file_pages = - kernel.function("sys_remap_file_pages") { - name = "remap_file_pages" - start = $start +probe kernel.syscall.lsetxattr = + kernel.function("sys_lsetxattr") { + name = "lsetxattr" + path_uaddr = $path + name_uaddr = $name + value_uaddr = $value size = $size - prot = $__prot - pgoff = $pgoff - flags = $flags - } -probe kernel.syscall.remap_file_pages.return = - kernel.function("sys_remap_file_pages").return { - name = "remap_file_pages.return" - } -# msync____________________________________________ -/* - * asmlinkage long - * sys_msync(unsigned long start, - * size_t len, - * int flags) - */ -probe kernel.syscall.msync = - kernel.function("sys_msync") { - name = "msync" - start = $start - length = $len flags = $flags - flags_str = _msync_flag_str($flags) - } -probe kernel.syscall.msync.return = - kernel.function("sys_msync").return { - name = "msync.return" } -# fadvise64________________________________________ -/* - * asmlinkage long - * sys_fadvise64_64(int fd, - * loff_t offset, - * loff_t len, - * int advice) - */ -probe kernel.syscall.fadvise64 = - kernel.function("sys_fadvise64_64") { - name = "fadvise64" - fd = $fd - offset = $offset - len = $len - advice = $advice - } -probe kernel.syscall.fadvise64.return = - kernel.function("sys_fadvise64_64").return { - name = "fadvise64.return" - } -# fadvise64_64_____________________________________ -/* - * asmlinkage long - * sys_fadvise64_64(int fd, - * loff_t offset, - * loff_t len, - * int advice) - */ -probe kernel.syscall.fadvise64_64 = - kernel.function("sys_fadvise64_64") { - name = "fadvise64_64" - fs = $fd - offset = $offset - len = $len - advice = $advice - } -probe kernel.syscall.fadvise64_64.return = - kernel.function("sys_fadvise64_64").return { - name = "fadvise64_64.return" - } -# munmap___________________________________________ -/* - * asmlinkage long - * sys_munmap(unsigned long addr, - * size_t len) - */ -probe kernel.syscall.munmap = - kernel.function("sys_munmap") { - name = "munmap" - start = $addr - length = $len - } -probe kernel.syscall.munmap.return = - kernel.function("sys_munmap").return { - name = "munmap.return" - } -# mlock____________________________________________ -/* - * asmlinkage long - * sys_mlock(unsigned long start, - * size_t len) - */ -probe kernel.syscall.mlock = - kernel.function("sys_mlock") { - name = "mlock" - addr = $start - len = $len - } -probe kernel.syscall.mlock.return = - kernel.function("sys_mlock").return { - name = "mlock.return" - } -# munlock__________________________________________ -/* - * asmlinkage long - * sys_munlock(unsigned long start, - * size_t len) - */ -probe kernel.syscall.munlock = - kernel.function("sys_munlock") { - name = "munlock" - addr = $start - len = $len - } -probe kernel.syscall.munlock.return = - kernel.function("sys_munlock").return { - name = "munlock.return" +probe kernel.syscall.lsetxattr.return = + kernel.function("sys_lsetxattr").return { + name = "lsetxattr.return" } -# mlockall_________________________________________ -/* - * asmlinkage long - * sys_mlockall(int flags) +# lstat ______________________________________________________ +/* + * asmlinkage long + * sys_lstat(char __user * filename, + * struct __old_kernel_stat __user * statbuf) */ -probe kernel.syscall.mlockall = - kernel.function("sys_mlockall") { - name = "mlockall" - flags = $flags - flags_str = _mlockall_flags_str($flags) +probe kernel.syscall.lstat = + kernel.function("sys_lstat") { + name = "lstat" + filename_uaddr = $filename + buf_uaddr = $statbuf } -probe kernel.syscall.mlockall.return = - kernel.function("sys_mlockall").return { - name = "mlockall.return" +probe kernel.syscall.lstat.return = + kernel.function("sys_lstat").return { + name = "lstat.return" } -# munlockall_______________________________________ -/* - * asmlinkage long - * sys_munlockall(void) +# lstat64 ____________________________________________________ +/* + * asmlinkage long + * sys_lstat64(char __user * filename, + * struct stat64 __user * statbuf) */ -probe kernel.syscall.munlockall = - kernel.function("sys_munlockall") { - name = "munlockall" +probe kernel.syscall.lstat64 = + kernel.function("sys_lstat64") { + name = "lstat64" + filename_uaddr = $filename + buf_uaddr = $statbuf } -probe kernel.syscall.munlockall.return = - kernel.function("sys_munlockall").return { - name = "munlockall.return" +probe kernel.syscall.lstat64.return = + kernel.function("sys_lstat64").return { + name = "lstat64.return" } -# madvise__________________________________________ -/* - * asmlinkage long - * sys_madvise(unsigned long start, +# madvise ____________________________________________________ +/* + * asmlinkage long + * sys_madvise(unsigned long start, * size_t len_in, * int behavior) */ -probe kernel.syscall.madvise = +probe kernel.syscall.madvise = kernel.function("sys_madvise") { name = "madvise" start = $start @@ -2448,2634 +2228,3244 @@ probe kernel.syscall.madvise = advice = $behavior advice_str = _madvice_advice_str($behavior) } -probe kernel.syscall.madvise.return = +probe kernel.syscall.madvise.return = kernel.function("sys_madvise").return { name = "madvise.return" } -# mincore__________________________________________ -/* - * asmlinkage long +# mbind ______________________________________________________ +/* + * asmlinkage long + * sys_mbind(unsigned long start, + * unsigned long len, + * unsigned long mode, + * unsigned long __user *nmask, + * unsigned long maxnode, + * unsigned flags) + */ +/* +probe kernel.syscall.mbind = + kernel.function("sys_mbind") { + name = "mbind" + start = $start + len = $len + mode = $mode + nmask_uaddr = $nmask + maxnode = $maxnode + flags = $flags + } +probe kernel.syscall.mbind.return = + kernel.function("sys_mbind").return { + name = "mbind.return" + } +*/ +# mincore ____________________________________________________ +/* + * asmlinkage long * sys_mincore(unsigned long start, * size_t len, * unsigned char __user * vec) */ -probe kernel.syscall.mincore = +probe kernel.syscall.mincore = kernel.function("sys_mincore") { name = "mincore" start = $start length = $len vec_uaddr = $vec } -probe kernel.syscall.mincore.return = +probe kernel.syscall.mincore.return = kernel.function("sys_mincore").return { name = "mincore.return" } -# pivot_root_______________________________________ -/* - * asmlinkage long - * sys_pivot_root(const char __user *new_root, - * const char __user *put_old) - */ -probe kernel.syscall.pivot_root = - kernel.function("sys_pivot_root") { - name = "pivot_root" - new_root_uaddr = $new_root - old_root_uaddr = $put_old - } -probe kernel.syscall.pivot_root.return = - kernel.function("sys_pivot_root").return { - name = "pivot_root.return" - } -# chroot___________________________________________ -/* - * asmlinkage long - * sys_chroot(const char __user * filename) +# mkdir ______________________________________________________ +/* + * asmlinkage long + * sys_mkdir(const char __user * pathname, + * int mode) */ -probe kernel.syscall.chroot = - kernel.function("sys_chroot") { - name = "chroot" - path_uaddr = $filename +probe kernel.syscall.mkdir = + kernel.function("sys_mkdir") { + name = "mkdir" + pathname_uaddr = $pathname + mode = $mode } -probe kernel.syscall.chroot.return = - kernel.function("sys_chroot").return { - name = "chroot.return" +probe kernel.syscall.mkdir.return = + kernel.function("sys_mkdir").return { + name = "mkdir.return" } -# mknod____________________________________________ -/* - * asmlinkage long +# mknod ______________________________________________________ +/* + * asmlinkage long * sys_mknod(const char __user * filename, - * int mode, - * unsigned dev) + * int mode, + * unsigned dev) */ -probe kernel.syscall.mknod = +probe kernel.syscall.mknod = kernel.function("sys_mknod") { name = "mknod" pathname_uaddr = $filename mode = $mode - mode_str = _mknod_mode_str($mode) + mode_str = _mknod_mode_str($mode) dev = $dev } -probe kernel.syscall.mknod.return = +probe kernel.syscall.mknod.return = kernel.function("sys_mknod").return { name = "mknod.return" } -# link_____________________________________________ -/* - * asmlinkage long - * sys_link(const char __user * oldname, - * const char __user * newname) - */ -probe kernel.syscall.link = - kernel.function("sys_link") { - name = "link" - oldpath_uaddr = $oldname - newpath_uaddr = $newname - } -probe kernel.syscall.link.return = - kernel.function("sys_link").return { - name = "link.return" - } -# symlink__________________________________________ -/* - * asmlinkage long - * sys_symlink(const char __user * oldname, - * const char __user * newname) - */ -probe kernel.syscall.symlink = - kernel.function("sys_symlink") { - name = "symlink" - oldpath_uaddr = $oldname - newpath_uaddr = $newname - } -probe kernel.syscall.symlink.return = - kernel.function("sys_symlink").return { - name = "symlink.return" - } -# unlink___________________________________________ -/* - * asmlinkage long - * sys_unlink(const char __user * pathname) - */ -probe kernel.syscall.unlink = - kernel.function("sys_unlink") { - name = "unlink" - pathname_uaddr = $pathname - } -probe kernel.syscall.unlink.return = - kernel.function("sys_unlink").return { - name = "unlink.return" - } -# rename___________________________________________ -/* - * asmlinkage long - * sys_rename(const char __user * oldname, - * const char __user * newname) - */ -probe kernel.syscall.rename = - kernel.function("sys_rename") { - name = "rename" - oldpath_uaddr = $oldname - newpath_uaddr = $newname - } -probe kernel.syscall.rename.return = - kernel.function("sys_rename").return { - name = "rename.return" - } -# chmod____________________________________________ -/* - * asmlinkage long - * sys_chmod(const char __user * filename, - * mode_t mode) +# mlock ______________________________________________________ +/* + * asmlinkage long + * sys_mlock(unsigned long start, + * size_t len) */ -probe kernel.syscall.chmod = - kernel.function("sys_chmod") { - name = "chmod" - path_uaddr = $filename - mode = $mode - mode_str = _sys_open_mode_str($mode) +probe kernel.syscall.mlock = + kernel.function("sys_mlock") { + name = "mlock" + addr = $start + len = $len } -probe kernel.syscall.chmod.return = - kernel.function("sys_chmod").return { - name = "chmod.return" +probe kernel.syscall.mlock.return = + kernel.function("sys_mlock").return { + name = "mlock.return" } -# fchmod___________________________________________ +# mlockall ___________________________________________________ /* - * asmlinkage long - * sys_fchmod(unsigned int fd, - * mode_t mode) + * asmlinkage long + * sys_mlockall(int flags) */ -probe kernel.syscall.fchmod = - kernel.function("sys_fchmod") { - name = "fchmod" - fildes = $fd - mode = $mode - mode_str = _sys_open_mode_str($mode) +probe kernel.syscall.mlockall = + kernel.function("sys_mlockall") { + name = "mlockall" + flags = $flags + flags_str = _mlockall_flags_str($flags) } -probe kernel.syscall.fchmod.return = - kernel.function("sys_fchmod").return { - name = "fchmod.return" +probe kernel.syscall.mlockall.return = + kernel.function("sys_mlockall").return { + name = "mlockall.return" } -# fcntl____________________________________________ -/* - * asmlinkage long - * sys_fcntl(int fd, - * unsigned int cmd, - * unsigned long arg) +# mmap2 ______________________________________________________ +/* + * unsigned long + * sys_mmap2(unsigned long addr, + * size_t len, + * unsigned long prot, + * unsigned long flags, + * unsigned long fd, + * unsigned long pgoff) */ -probe kernel.syscall.fcntl = - kernel.function("sys_fcntl") { - name = "fcntl" +probe kernel.syscall.mmap2 = + kernel.function("sys_mmap2") { + name = "mmap2" + addr = $addr + len = $len + prot = $prot + flags = $flags fd = $fd - cmd = $cmd - cmd_str = _fcntl_cmd_str($cmd) - arg = $arg + pgoff = $pgoff } -probe kernel.syscall.fcntl.return = - kernel.function("sys_fcntl").return { - name = "fcntl.return" +probe kernel.syscall.mmap2.return = + kernel.function("sys_mmap2").return { + name = "mmap2.return" } -# fcntl64__________________________________________ -/* - * asmlinkage long - * sys_fcntl64(unsigned int fd, - * unsigned int cmd, - * unsigned long arg) +# modify_ldt _________________________________________________ +/* + * asmlinkage int + * sys_modify_ldt(int func, + * void __user *ptr, + * unsigned long bytecount) */ -probe kernel.syscall.fcntl64 = - kernel.function("sys_fcntl64") { - name = "fcntl64" - fd = $fd - cmd = $cmd - cmd_str = _fcntl_cmd_str($cmd) - arg = $arg +probe kernel.syscall.modify_ldt = + kernel.function("sys_modify_ldt") { + name = "modify_ldt" + func = $func + ptr_uaddr = $ptr + bytecount = $bytecount } -probe kernel.syscall.fcntl64.return = - kernel.function("sys_fcntl64").return { - name = "fcntl64.return" - fd = $fd +probe kernel.syscall.modify_ldt.return = + kernel.function("sys_modify_ldt").return { + name = "modify_ldt.return" } -# dup______________________________________________ -/* - * asmlinkage long - * sys_dup(unsigned int fildes) +# mount ______________________________________________________ +/* + * asmlinkage long + * sys_mount(char __user * dev_name, + * char __user * dir_name, + * char __user * type, + * unsigned long flags, + * void __user * data) */ -probe kernel.syscall.dup = - kernel.function("sys_dup") { - name = "dup" - oldfd = $fildes +probe kernel.syscall.mount = + kernel.function("sys_mount") { + name = "mount" + source_uaddr = $dev_name + target_uaddr = $dir_name + filesystemtype_uaddr = $type + mountflags = $flags + mountflags_str = _mountflags_str($flags) + data_uaddr = $data } -probe kernel.syscall.dup.return = - kernel.function("sys_dup").return { - name = "dup.return" +probe kernel.syscall.mount.return = + kernel.function("sys_mount").return { + name = "mount.return" } -# dup2_____________________________________________ -/* - * asmlinkage long - * sys_dup2(unsigned int oldfd, - * unsigned int newfd) +# mprotect ___________________________________________________ +/* + * asmlinkage long + * sys_mprotect(unsigned long start, + * size_t len, + * unsigned long prot) */ -probe kernel.syscall.dup2 = - kernel.function("sys_dup2") { - name = "dup2" - oldfd = $oldfd - newfd = $newfd +probe kernel.syscall.mprotect = + kernel.function("sys_mprotect") { + name = "mprotect" + addr = $start + len = $len + prot = $prot + prot_str = _mprotect_prot_str($prot) } -probe kernel.syscall.dup2.return = - kernel.function("sys_dup2").return { - name = "dup2.return" +probe kernel.syscall.mprotect.return = + kernel.function("sys_mprotect").return { + name = "mprotect.return" } -# ioperm___________________________________________ -/* - * asmlinkage long - * sys_ioperm(unsigned long from, - * unsigned long num, - * int turn_on) +# mq_getsetattr ______________________________________________ +/* + * asmlinkage long + * sys_mq_getsetattr(mqd_t mqdes, + * const struct mq_attr __user *u_mqstat, + * struct mq_attr __user *u_omqstat) */ -probe kernel.syscall.ioperm = - kernel.function("sys_ioperm") { - name = "ioperm" - from = $from - num = $num - turn_on = $turn_on +probe kernel.syscall.mq_getsetattr = + kernel.function("sys_mq_getsetattr") { + name = "mq_getsetattr" + mqdes = $mqdes + u_mqstat_uaddr = $u_mqstat + u_omqstat_uaddr = $u_omqstat } -probe kernel.syscall.ioperm.return = - kernel.function("sys_ioperm").return { - name = "ioperm.return" +probe kernel.syscall.mq_getsetattr.return = + kernel.function("sys_mq_getsetattr").return { + name = "mq_getsetattr.return" } -# ioctl____________________________________________ -/* - * asmlinkage long - * sys_ioctl(unsigned int fd, - * unsigned int cmd, - * unsigned long arg) +# mq_notify __________________________________________________ +/* + * asmlinkage long + * sys_mq_notify(mqd_t mqdes, + * const struct sigevent __user *u_notification) */ -probe kernel.syscall.ioctl = - kernel.function("sys_ioctl") { - name = "ioctl" - fd = $fd - request = $cmd - argp = $arg +probe kernel.syscall.mq_notify = + kernel.function("sys_mq_notify") { + name = "mq_notify" + mqdes = $mqdes + notification_uaddr = $u_notification } -probe kernel.syscall.ioctl.return = - kernel.function("sys_ioctl").return { - name = "ioctl.return" +probe kernel.syscall.mq_notify.return = + kernel.function("sys_mq_notify").return { + name = "mq_notify.return" } -# flock____________________________________________ -/* - * asmlinkage long - * sys_flock(unsigned int fd, - * unsigned int cmd) +# mq_open ____________________________________________________ +/* + * asmlinkage long + * sys_mq_open(const char __user *u_name, + * int oflag, + * mode_t mode, + * struct mq_attr __user *u_attr) */ -probe kernel.syscall.flock = - kernel.function("sys_flock") { - name = "flock" - fd = $fd - operation = $cmd +probe kernel.syscall.mq_open = + kernel.function("sys_mq_open") { + name = "mq_open" + name_uaddr = $u_name + oflag = $oflag + mode = $mode + u_attr_uaddr = $u_attr } -probe kernel.syscall.flock.return = - kernel.function("sys_flock").return { - name = "flock.return" +probe kernel.syscall.mq_open.return = + kernel.function("sys_mq_open").return { + name = "mq_open.return" } -# io_setup_________________________________________ -/* - * asmlinkage long - * sys_io_setup(unsigned nr_events, - * aio_context_t __user *ctxp) +# mq_timedreceive ____________________________________________ +/* + * asmlinkage ssize_t + * sys_mq_timedreceive(mqd_t mqdes, + * char __user *u_msg_ptr, + * size_t msg_len, + * unsigned int __user *u_msg_prio, + * const struct timespec __user *u_abs_timeout) */ -probe kernel.syscall.io_setup = - kernel.function("sys_io_setup") { - name = "io_setup" - maxevents = $nr_events - ctxp_uaddr = $ctxp +probe kernel.syscall.mq_timedreceive = + kernel.function("sys_mq_timedreceive") { + name = "mq_timedreceive" + mqdes = $mqdes + msg_ptr_uaddr = $u_msg_ptr + msg_len = $msg_len + msg_prio_uaddr = $u_msg_prio + abs_timout_uaddr = $u_abs_timeout } -probe kernel.syscall.io_setup.return = - kernel.function("sys_io_setup").return { - name = "io_setup.return" +probe kernel.syscall.mq_timedreceive.return = + kernel.function("sys_mq_timedreceive").return { + name = "mq_timedreceive.return" } -# io_destroy_______________________________________ -/* - * asmlinkage long - * sys_io_destroy(aio_context_t ctx) +# mq_timedsend _______________________________________________ +/* + * asmlinkage long + * sys_mq_timedsend(mqd_t mqdes, + * const char __user *u_msg_ptr, + * size_t msg_len, + * unsigned int msg_prio, + * const struct timespec __user *u_abs_timeout) */ -probe kernel.syscall.io_destroy = - kernel.function("sys_io_destroy") { - name = "io_destroy" - ctx = $ctx +probe kernel.syscall.mq_timedsend = + kernel.function("sys_mq_timedsend") { + name = "mq_timedsend" + mqdes = $mqdes + msg_ptr_uaddr = $u_msg_ptr + msg_len = $msg_len + msg_prio = $msg_prio + abs_timeout_uaddr = $u_abs_timeout } -probe kernel.syscall.io_destroy.return = - kernel.function("sys_io_destroy").return { - name = "io_destroy.return" +probe kernel.syscall.mq_timedsend.return = + kernel.function("sys_mq_timedsend").return { + name = "mq_timedsend.return" } -# io_getevents_____________________________________ -/* - * asmlinkage long - * sys_io_getevents(aio_context_t ctx_id, - * long min_nr, - * long nr, - * struct io_event __user *events, - * struct timespec __user *timeout) +# mq_unlink __________________________________________________ +/* + * asmlinkage long + * sys_mq_unlink(const char __user *u_name) */ -probe kernel.syscall.io_getevents = - kernel.function("sys_io_getevents") { - name = "io_getevents" - ctx_id = $ctx_id - min_nr = $min_nr - nr = $nr - events_uaddr = $events - timeout_uaddr = $timeout - } -probe kernel.syscall.io_getevents.return = - kernel.function("sys_io_getevents").return { - name = "io_getevents.return" +probe kernel.syscall.mq_unlink = + kernel.function("sys_mq_unlink") { + name = "mq_unlink" + u_name_uaddr = $u_name } -# io_submit________________________________________ -/* - * asmlinkage long - * sys_io_submit(aio_context_t ctx_id, - * long nr, - * struct iocb __user * __user *iocbpp) - */ -probe kernel.syscall.io_submit = - kernel.function("sys_io_submit") { - name = "io_submit" - ctx_id = $ctx_id - nr = $nr - iocbpp_uaddr = $iocbpp -} -probe kernel.syscall.io_submit.return = - kernel.function("sys_io_submit").return { - name = "io_submit.return" +probe kernel.syscall.mq_unlink.return = + kernel.function("sys_mq_unlink").return { + name = "mq_unlink.return" } -# io_cancel________________________________________ -/* - * asmlinkage long - * sys_io_cancel(aio_context_t ctx_id, - * struct iocb __user *iocb, - * struct io_event __user *result) +# mremap _____________________________________________________ +/* + * asmlinkage unsigned long + * sys_mremap(unsigned long addr, + * unsigned long old_len, + * unsigned long new_len, + * unsigned long flags, + * unsigned long new_addr) */ -probe kernel.syscall.io_cancel = - kernel.function("sys_io_cancel") { - name = "io_cancel" - ctx_id = $ctx_id - iocb_uaddr = $iocb - result_uaddr = $result +probe kernel.syscall.mremap = + kernel.function("sys_mremap") { + name = "mremap" + old_address = $addr + old_size = $old_len + new_size = $new_len + flags = $flags + new_address = $new_addr } -probe kernel.syscall.io_cancel.return = - kernel.function("sys_io_cancel").return { - name = "io_cancel.return" +probe kernel.syscall.mremap.return = + kernel.function("sys_mremap").return { + name = "mremap.return" } -# sendfile_________________________________________ -/* - * asmlinkage ssize_t - * sys_sendfile(int out_fd, - * int in_fd, - * off_t __user *offset, - * size_t count) +# msgctl _____________________________________________________ +/* + * asmlinkage long + * sys_msgctl (int msqid, + * int cmd, + * struct msqid_ds __user *buf) */ -probe kernel.syscall.sendfile = - kernel.function("sys_sendfile") { - name = "sendfile" - out_fd = $out_fd - in_fd = $in_fd - offset_uaddr = $offset - count = $count +probe kernel.syscall.msgctl = + kernel.function("sys_msgctl") { + name = "msgctl" + msqid = $msqid + cmd = $cmd + buf_uaddr = $buf } -probe kernel.syscall.sendfile.return = - kernel.function("sys_sendfile").return { - name = "sendfile.return" +probe kernel.syscall.msgctl.return = + kernel.function("sys_msgctl").return { + name = "msgctl.return" } -# sendfile64_______________________________________ -/* - * asmlinkage ssize_t - * sys_sendfile64(int out_fd, - * int in_fd, - * loff_t __user *offset, - * size_t count) +# msgget _____________________________________________________ +/* + * asmlinkage long + * sys_msgget (key_t key, + * int msgflg) */ -probe kernel.syscall.sendfile64 = - kernel.function("sys_sendfile64") { - name = "sendfile64" - out_fd = $out_fd - in_fd = $in_fd - offset_uaddr = $offset - count = $count +probe kernel.syscall.msgget = + kernel.function("sys_msgget") { + name = "msgget" + key = $key + msgflg = $msgflg + msgflg_str = _sys_open_flag_str($msgflg) } -probe kernel.syscall.sendfile64.return = - kernel.function("sys_sendfile64").return { - name = "sendfile64.return" +probe kernel.syscall.msgget.return = + kernel.function("sys_msgget").return { + name = "msgget.return" } -# readlink_________________________________________ -/* - * asmlinkage long - * sys_readlink(const char __user * path, - * char __user * buf, - * int bufsiz) +# msgrcv _____________________________________________________ +/* + * asmlinkage long + * sys_msgrcv (int msqid, + * struct msgbuf __user *msgp, + * size_t msgsz, + * long msgtyp, + * int msgflg) */ -probe kernel.syscall.readlink = - kernel.function("sys_readlink") { - name = "readlink" - path_uaddr = $path - buf_uaddr = $buf - bufsiz = $bufsiz +probe kernel.syscall.msgrcv = + kernel.function("sys_msgrcv") { + name = "msgrcv" + msqid = $msqid + msgp_uaddr = $msgp + msgsz = $msgsz + msgtyp = $msgtyp + msgflg = $msgflg } -probe kernel.syscall.readlink.return = - kernel.function("sys_readlink").return { - name = "readlink.return" +probe kernel.syscall.msgrcv.return = + kernel.function("sys_msgrcv").return { + name = "msgrcv.return" } -# creat____________________________________________ -/* - * asmlinkage long - * sys_creat(const char __user * pathname, - * int mode) +# msgsnd _____________________________________________________ +/* + * asmlinkage long + * sys_msgsnd (int msqid, + * struct msgbuf __user *msgp, + * size_t msgsz, + * int msgflg) */ -probe kernel.syscall.creat = - kernel.function("sys_open") { - name = "creat" - pathname_uaddr = $filename - mode = $mode - mode_str = _sys_open_mode_str($mode) +probe kernel.syscall.msgsnd = + kernel.function("sys_msgsnd") { + name = "msgsnd" + msqid = $msqid + msgp_uaddr = $msgp + msgsz = $msgsz + msgflg = $msgflg } -probe kernel.syscall.creat.return = - kernel.function("sys_open").return { - name = "creat.return" +probe kernel.syscall.msgsnd.return = + kernel.function("sys_msgsnd").return { + name = "msgsnd.return" } -# open_____________________________________________ -/* - * asmlinkage long - * sys_open(const char __user * filename, - * int flags, - * int mode) +# msync ______________________________________________________ +/* + * asmlinkage long + * sys_msync(unsigned long start, + * size_t len, + * int flags) */ -probe kernel.syscall.open = - kernel.function("sys_open") { - name = "open" - filename_uaddr = $filename +probe kernel.syscall.msync = + kernel.function("sys_msync") { + name = "msync" + start = $start + length = $len flags = $flags - mode = $mode - mode_str = _sys_open_mode_str($mode) - } -probe kernel.syscall.open.return = - kernel.function("sys_open").return { - name = "open.return" + flags_str = _msync_flag_str($flags) } -# close____________________________________________ -/* - * asmlinkage long - * sys_close(unsigned int fd) - */ -probe kernel.syscall.close = - kernel.function("sys_close") { - name = "close" - fd = $fd -} -probe kernel.syscall.close.return = - kernel.function("sys_close").return { - name = "close.return" +probe kernel.syscall.msync.return = + kernel.function("sys_msync").return { + name = "msync.return" } -# access___________________________________________ -/* - * asmlinkage long - * sys_access(const char __user * filename, - * int mode) +# munlock ____________________________________________________ +/* + * asmlinkage long + * sys_munlock(unsigned long start, + * size_t len) */ -probe kernel.syscall.access = - kernel.function("sys_access") { - name = "access" - pathname_uaddr = $filename - mode = $mode - mode_str = _access_mode_str($mode) +probe kernel.syscall.munlock = + kernel.function("sys_munlock") { + name = "munlock" + addr = $start + len = $len } -probe kernel.syscall.access.return = - kernel.function("sys_access").return { - name = "access.return" +probe kernel.syscall.munlock.return = + kernel.function("sys_munlock").return { + name = "munlock.return" } -# vhangup__________________________________________ -/* - * asmlinkage long - * sys_vhangup(void) +# munlockall _________________________________________________ +/* + * asmlinkage long + * sys_munlockall(void) */ -probe kernel.syscall.vhangup = - kernel.function("sys_vhangup") { - name = "vhangup" +probe kernel.syscall.munlockall = + kernel.function("sys_munlockall") { + name = "munlockall" } -probe kernel.syscall.vhangup.return = - kernel.function("sys_vhangup").return { - name = "vhangup.return" +probe kernel.syscall.munlockall.return = + kernel.function("sys_munlockall").return { + name = "munlockall.return" } -# chown____________________________________________ -/* - * asmlinkage long - * sys_chown(const char __user * filename, - * uid_t user, - * gid_t group) +# munmap _____________________________________________________ +/* + * asmlinkage long + * sys_munmap(unsigned long addr, + * size_t len) */ -probe kernel.syscall.chown = - kernel.function("sys_chown") { - name = "chown" - path_uaddr = $filename - owner = $user - group = $group +probe kernel.syscall.munmap = + kernel.function("sys_munmap") { + name = "munmap" + start = $addr + length = $len } -probe kernel.syscall.chown.return = - kernel.function("sys_chown").return { - name = "chown.return" +probe kernel.syscall.munmap.return = + kernel.function("sys_munmap").return { + name = "munmap.return" } -# lchown___________________________________________ -/* - * asmlinkage long - * sys_lchown(const char __user * filename, - * uid_t user, - * gid_t group) +# nanosleep __________________________________________________ +/* + * asmlinkage long + * sys_nanosleep(struct timespec __user *rqtp, + * struct timespec __user *rmtp) */ -probe kernel.syscall.lchown = - kernel.function("sys_lchown") { - name = "lchown" - path_uaddr = $filename - owner = $user - group = $group +probe kernel.syscall.nanosleep = + kernel.function("sys_nanosleep") { + name = "nanosleep" + req_uaddr = $rqtp + rem_uaddr = $rmtp + /* + * XXX NOT SAFE -- might sleep + * req_tv_sec = __uget_ts_m($rqtp,0) + * req_tv_nsec = __uget_ts_m($rqtp,1) + * rem_tv_sec = __uget_ts_m($rmtp,0) + * rem_tv_nsec = __uget_ts_m($rmtp,1) + */ } -probe kernel.syscall.lchown.return = - kernel.function("sys_lchown").return { - name = "lchown.return" +probe kernel.syscall.nanosleep.return = + kernel.function("sys_nanosleep").return { + name = "nanosleep.return" } -# fchown___________________________________________ -/* - * asmlinkage long - * sys_fchown(unsigned int fd, - * uid_t user, - * gid_t group) +# newfstat ___________________________________________________ +/* + * asmlinkage long + * sys_newfstat(unsigned int fd, + * struct stat __user * statbuf) */ -probe kernel.syscall.fchown = - kernel.function("sys_fchown") { - name = "fchown" +/* +probe kernel.syscall.newfstat = + kernel.function("sys_newfstat") { + name = "newfstat" fd = $fd - owner = $user - group = $group + buf_uaddr = $statbuf } -probe kernel.syscall.fchown.return = - kernel.function("sys_fchown").return { - name = "fchown.return" +probe kernel.syscall.newfstat.return = + kernel.function("sys_newfstat").return { + name = "newfstat.return" } -# chown16__________________________________________ -/* - * asmlinkage long - * sys_chown16(const char __user * filename, - * old_uid_t user, - * old_gid_t group) +*/ +# newlstat ___________________________________________________ +/* + * asmlinkage long + * sys_newlstat(char __user * filename, + * struct stat __user * statbuf) */ -probe kernel.syscall.chown16 = - kernel.function("sys_chown") { - name = "chown16" - path_uaddr = $filename - owner = $user - group = $group +/* +probe kernel.syscall.newlstat = + kernel.function("sys_newlstat") { + name = "newlstat" + filename_uaddr = $filename + buf_uaddr = $statbuf } -probe kernel.syscall.chown16.return = - kernel.function("sys_chown").return { - name = "chown16.return" +probe kernel.syscall.newlstat.return = + kernel.function("sys_newlstat").return { + name = "newlstat.return" } -# lchown16_________________________________________ -/* - * asmlinkage long - * sys_lchown16(const char __user * filename, - * old_uid_t user, - * old_gid_t group) +*/ +# newstat ____________________________________________________ +/* + * asmlinkage long + * sys_newstat(char __user * filename, + * struct stat __user * statbuf) */ -probe kernel.syscall.lchown16 = - kernel.function("sys_lchown") { - name = "lchown16" - path_uaddr = $filename - owner = $user - group = $group +/* +probe kernel.syscall.newstat = + kernel.function("sys_newstat") { + name = "newstat" + filename_uaddr = $filename + buf_uaddr = $statbuf } -probe kernel.syscall.lchown16.return = - kernel.function("sys_lchown").return { - name = "lchown16.return" +probe kernel.syscall.newstat.return = + kernel.function("sys_newstat").return { + name = "newstat.return" } -# fchown16_________________________________________ -/* - * asmlinkage long - * sys_fchown16(unsigned int fd, - * old_uid_t user, - * old_gid_t group) +*/ +# newuname ___________________________________________________ +/* + * asmlinkage long + * sys_newuname(struct new_utsname __user * name) */ -probe kernel.syscall.fchown16 = - kernel.function("sys_fchown") { - name = "fchown16" - fd = $fd - owner = $user - group = $group +probe kernel.syscall.newuname = + kernel.function("sys_newuname") { + name = "newuname" + name_uaddr = $name } -probe kernel.syscall.fchown16.return = - kernel.function("sys_fchown").return { - name = "fchown16.return" +probe kernel.syscall.newuname.return = + kernel.function("sys_newuname").return { + name = "newuname.return" } -# setregid16_______________________________________ -/* - * asmlinkage long - * sys_setregid16(old_gid_t rgid, - * old_gid_t egid) +# nfsservctl _________________________________________________ +/* + * long asmlinkage + * sys_nfsservctl(int cmd, + * struct nfsctl_arg __user *arg, + * void __user *res) */ -probe kernel.syscall.setregid16 = - kernel.function("sys_setregid") { - name = "setregid16" - rgid = $rgid - egid = $egid +probe kernel.syscall.nfsservctl = + kernel.function("sys_nfsservctl") { + name = "nfsservctl" + cmd = $cmd + argp_uaddr = $arg + resp_uaddr = $res } -probe kernel.syscall.setregid16.return = - kernel.function("sys_setregid").return { - name = "setregid16.return" +probe kernel.syscall.nfsservctl.return = + kernel.function("sys_nfsservctl").return { + name = "nfsservctl.return" } -# setgid16_________________________________________ -/* - * asmlinkage long - * sys_setgid16(old_gid_t gid) +# nice _______________________________________________________ +/* + * asmlinkage long + * sys_nice(int increment) */ -probe kernel.syscall.setgid16 = - kernel.function("sys_setgid") { - name = "setgid16" - gid = $gid +probe kernel.syscall.nice = + kernel.function("sys_nice") { + name = "nice" + inc = $increment } -probe kernel.syscall.setgid16.return = - kernel.function("sys_setgid").return { - name = "setgid16.return" +probe kernel.syscall.nice.return = + kernel.function("sys_nice").return { + name = "nice.return" } -# setreuid16_______________________________________ -/* - * asmlinkage long - * sys_setreuid16(old_uid_t ruid, - * old_uid_t euid) +# ni_syscall _________________________________________________ +/* + * asmlinkage long + * sys_ni_syscall(void) */ -probe kernel.syscall.setreuid16 = - kernel.function("sys_setreuid") { - name = "setreuid16" - ruid = $ruid - euid = $euid +probe kernel.syscall.ni_syscall = + kernel.function("sys_ni_syscall") { + name = "ni_syscall" } -probe kernel.syscall.setreuid16.return = - kernel.function("sys_setreuid").return { - name = "setreuid16.return" +probe kernel.syscall.ni_syscall.return = + kernel.function("sys_ni_syscall").return { + name = "ni_syscall.return" } -# setuid16_________________________________________ -/* - * asmlinkage long - * sys_setuid16(old_uid_t uid) +# old_getrlimit ______________________________________________ +/* + * asmlinkage long + * sys_old_getrlimit(unsigned int resource, + * struct rlimit __user *rlim) */ -probe kernel.syscall.setuid16 = - kernel.function("sys_setuid") { - name = "setuid16" - uid = $uid +probe kernel.syscall.old_getrlimit = + kernel.function("sys_old_getrlimit") { + name = "old_getrlimit" + resource = $resource + resource_str = _rlimit_resource_str($resource) + rlim_uaddr = $rlim } -probe kernel.syscall.setuid16.return = - kernel.function("sys_setuid").return { - name = "setuid16.return" +probe kernel.syscall.old_getrlimit.return = + kernel.function("sys_old_getrlimit").return { + name = "old_getrlimit.return" } -# setresuid16______________________________________ -/* - * asmlinkage long - * sys_setresuid16(old_uid_t ruid, - * old_uid_t euid, - * old_uid_t suid) +# oldumount __________________________________________________ +/* + * asmlinkage long + * sys_oldumount(char __user * name) */ -probe kernel.syscall.setresuid16 = - kernel.function("sys_setresuid") { - name = "setresuid16" - ruid = $ruid - euid = $euid - suid = $suid +probe kernel.syscall.oldumount = + kernel.function("sys_umount") { + name = "oldumount" + target_uaddr = $name } -probe kernel.syscall.setresuid16.return = - kernel.function("sys_setresuid").return { - name = "setresuid16.return" +probe kernel.syscall.oldumount.return = + kernel.function("sys_umount").return { + name = "oldumount.return" } -# getresuid16______________________________________ -/* - * asmlinkage long - * sys_getresuid16(old_uid_t __user *ruid, - * old_uid_t __user *euid, - * old_uid_t __user *suid) +# olduname ___________________________________________________ +/* + * asmlinkage long + * sys_olduname(struct new_utsname __user * name) */ -probe kernel.syscall.getresuid16 = - kernel.function("sys_getresuid") { - name = "getresuid16" - ruid_uaddr = $ruid - euid_uaddr = $euid - suid_uaddr = $suid +probe kernel.syscall.olduname = + kernel.function("sys_olduname") { + name = "olduname" + name_uaddr = $name } -probe kernel.syscall.getresuid16.return = - kernel.function("sys_getresuid").return { - name = "getresuid16.return" +probe kernel.syscall.olduname.return = + kernel.function("sys_olduname").return { + name = "olduname.return" } -# setresgid16______________________________________ -/* - * asmlinkage long - * sys_setresgid16(old_gid_t rgid, - * old_gid_t egid, - * old_gid_t sgid) +# open _______________________________________________________ +/* + * asmlinkage long + * sys_open(const char __user * filename, + * int flags, + * int mode) */ -probe kernel.syscall.setresgid16 = - kernel.function("sys_setresgid") { - name = "setresgid16" - rgid = $rgid - egid = $egid - sgid = $sgid +probe kernel.syscall.open = + kernel.function("sys_open") { + name = "open" + filename_uaddr = $filename + flags = $flags + mode = $mode + mode_str = _sys_open_mode_str($mode) } -probe kernel.syscall.setresgid16.return = - kernel.function("sys_setresgid").return { - name = "setresgid16.return" +probe kernel.syscall.open.return = + kernel.function("sys_open").return { + name = "open.return" } -# getresgid16______________________________________ -/* - * asmlinkage long - * sys_getresuid16(old_uid_t __user *ruid, - * old_uid_t __user *euid, - * old_uid_t __user *suid) +# pause ______________________________________________________ +/* + * sys_pause(void) */ -probe kernel.syscall.getresgid16 = - kernel.function("sys_getresgid") { - name = "getresgid16" - rgid_uaddr = $rgid - egid_uaddr = $egid - sgid_uaddr = $sgid +probe kernel.syscall.pause = + kernel.function("sys_pause") { + name = "pause" } -probe kernel.syscall.getresgid16.return = - kernel.function("sys_getresgid").return { - name = "getresgid16.return" +probe kernel.syscall.pause.return = + kernel.function("sys_pause").return { + name = "pause.return" } -# setfsuid16_______________________________________ -/* - * asmlinkage long - * sys_setfsuid16(old_uid_t uid) +# pciconfig_iobase ___________________________________________ +/* + * asmlinkage long + * sys_pciconfig_iobase(long which, + * unsigned long bus, + * unsigned long dfn) */ -probe kernel.syscall.setfsuid16 = - kernel.function("sys_setfsuid") { - name = "setfsuid16" - uid = $uid +/* +probe kernel.syscall.pciconfig_iobase = + kernel.function("sys_pciconfig_iobase") { + name = "pciconfig_iobase" + which = $which + bus = $bus + dfn = $dfn } -probe kernel.syscall.setfsuid16.return = - kernel.function("sys_setfsuid").return { - name = "setfsuid16.return" +probe kernel.syscall.pciconfig_iobase.return = + kernel.function("sys_pciconfig_iobase").return { + name = "pciconfig_iobase.return" } -# setfsgid16_______________________________________ -/* - * asmlinkage long - * sys_setfsgid16(old_gid_t gid) +*/ +# pciconfig_read _____________________________________________ +/* + * asmlinkage int + * sys_pciconfig_read(unsigned long bus, + * unsigned long dfn, + * unsigned long off, + * unsigned long len, + * unsigned char *buf) + * { return 0; } */ -probe kernel.syscall.setfsgid16 = - kernel.function("sys_setfsgid") { - name = "setfsgid16" - gid = $gid +/* +probe kernel.syscall.pciconfig_read = + kernel.function("sys_pciconfig_read") { + name = "pciconfig_read" + bus = $bus + dfn = $dfn + off = $off + len = $len + buf_uaddr = $buf } -probe kernel.syscall.setfsgid16.return = - kernel.function("sys_setfsgid").return { - name = "setfsgid16.return" +probe kernel.syscall.pciconfig_read.return = + kernel.function("sys_pciconfig_read").return { + name = "pciconfig_read.return" } -# getgroups16______________________________________ -/* - * asmlinkage long - * sys_getgroups16(int gidsetsize, - * old_gid_t __user *grouplist) +*/ +# pciconfig_write ____________________________________________ +/* + * asmlinkage int + * sys_pciconfig_write(unsigned long bus, + * unsigned long dfn, + * unsigned long off, + * unsigned long len, + * unsigned char *buf) */ -probe kernel.syscall.getgroups16 = - kernel.function("sys_getgroups16") { - name = "getgroups16" - size = $gidsetsize - list_uaddr = $grouplist +/* +probe kernel.syscall.pciconfig_write = + kernel.function("sys_pciconfig_write") { + name = "pciconfig_write" + bus = $bus + dfn = $dfn + off = $off + len = $len + buf_uaddr = $buf } -probe kernel.syscall.getgroups16.return = - kernel.function("sys_getgroups16").return { - name = "getgroups16.return" +probe kernel.syscall.pciconfig_write.return = + kernel.function("sys_pciconfig_write").return { + name = "pciconfig_write.return" } -# setgroups16______________________________________ -/* - * asmlinkage long - * sys_setgroups16(int gidsetsize, - * old_gid_t __user *grouplist) +*/ +# personality ________________________________________________ +/* + * asmlinkage long + * sys_personality(u_long personality) */ -probe kernel.syscall.setgroups16 = - kernel.function("sys_setgroups16") { - name = "setgroups16" - size = $gidsetsize - list_uaddr = $grouplist +probe kernel.syscall.personality = + kernel.function("sys_personality") { + name = "personality" + persona = $personality } -probe kernel.syscall.setgroups16.return = - kernel.function("sys_setgroups16").return { - name = "setgroups16.return" +probe kernel.syscall.personality.return = + kernel.function("sys_personality").return { + name = "personality.return" } -# getuid16_________________________________________ -/* - * asmlinkage long - * sys_getuid16(void) +# pipe _______________________________________________________ +/* + * asmlinkage int + * sys_pipe(unsigned long __user * fildes) */ -probe kernel.syscall.getuid16 = - kernel.function("sys_getuid16") { - name = "getuid16" +probe kernel.syscall.pipe = + kernel.function("sys_pipe") { + name = "pipe" + fildes_uaddr = $fildes } -probe kernel.syscall.getuid16.return = - kernel.function("sys_getuid16").return { - name = "getuid16.return" +probe kernel.syscall.pipe.return = + kernel.function("sys_pipe").return { + name = "pipe.return" } -# geteuid16________________________________________ -/* - * asmlinkage long - * sys_geteuid16(void) +# pivot_root _________________________________________________ +/* + * asmlinkage long + * sys_pivot_root(const char __user *new_root, + * const char __user *put_old) */ -probe kernel.syscall.geteuid16 = - kernel.function("sys_geteuid16") { - name = "geteuid16" +probe kernel.syscall.pivot_root = + kernel.function("sys_pivot_root") { + name = "pivot_root" + new_root_uaddr = $new_root + old_root_uaddr = $put_old } -probe kernel.syscall.geteuid16.return = - kernel.function("sys_geteuid16").return { - name = "geteuid16.return" +probe kernel.syscall.pivot_root.return = + kernel.function("sys_pivot_root").return { + name = "pivot_root.return" } -# getgid16_________________________________________ -/* - * asmlinkage long - * sys_getgid16(void) +# poll _______________________________________________________ +/* + * asmlinkage long + * sys_poll(struct pollfd __user * ufds, + * unsigned int nfds, + * long timeout) */ -probe kernel.syscall.getgid16 = - kernel.function("sys_getgid16") { - name = "getgid16" +probe kernel.syscall.poll = + kernel.function("sys_poll") { + name = "poll" + ufds_uaddr = $ufds + nfds = $nfds + timeout = $timeout } -probe kernel.syscall.getgid16.return = - kernel.function("sys_getgid16").return { - name = "getgid16.return" +probe kernel.syscall.poll.return = + kernel.function("sys_poll").return { + name = "poll.return" } -# getegid16________________________________________ -/* - * asmlinkage long - * sys_getegid16(void) +# prctl ______________________________________________________ +/* + * asmlinkage long + * sys_prctl(int option, + * unsigned long arg2, + * unsigned long arg3, + * unsigned long arg4, + * unsigned long arg5) */ -probe kernel.syscall.getegid16 = - kernel.function("sys_getegid16") { - name = "getegid16" +probe kernel.syscall.prctl = + kernel.function("sys_prctl") { + name = "prctl" + option = $option + arg2 = $arg2 + arg3 = $arg3 + arg4 = $arg4 + arg5 = $arg5 } -probe kernel.syscall.getegid16.return = - kernel.function("sys_getegid16").return { - name = "getegid16.return" +probe kernel.syscall.prctl.return = + kernel.function("sys_prctl").return { + name = "prctl.return" } -# utime____________________________________________ -/* - * asmlinkage long - * sys_utime(char __user * filename, - * struct utimbuf __user * times) +# pread64 ____________________________________________________ +/* + * asmlinkage ssize_t + * sys_pread64(unsigned int fd, + * char __user *buf, + * size_t count, + * loff_t pos) */ -probe kernel.syscall.utime = - kernel.function("sys_utime") { - name = "utime" - filename_uaddr = $filename - buf_uaddr = $times +probe kernel.syscall.pread64 = + kernel.function("sys_pread64") { + name = "pread64" + fd = $fd + buf_uaddr = $buf + count = $count + offset = $pos } -probe kernel.syscall.utime.return = - kernel.function("sys_utime").return { - name = "utime.return" +probe kernel.syscall.pread64.return = + kernel.function("sys_pread64").return { + name = "pread64.return" } -# utimes___________________________________________ -/* - * asmlinkage long - * sys_utimes(char __user * filename, - * struct timeval __user * utimes) +# ptrace _____________________________________________________ +/* + * asmlinkage int + * sys_ptrace(long request, + * long pid, + * long addr, + * long data) */ -probe kernel.syscall.utimes = - kernel.function("sys_utimes") { - name = "utimes" - filename_uaddr = $filename - tvp_uaddr = $utimes +probe kernel.syscall.ptrace = + kernel.function("sys_ptrace") { + name = "ptrace" + request = $request + pid = $pid + addr = $addr + data = $data } -probe kernel.syscall.utimes.return = - kernel.function("sys_utimes").return { - name = "utimes.return" +probe kernel.syscall.ptrace.return = + kernel.function("sys_ptrace").return { + name = "ptrace.return" } -# lseek____________________________________________ -/* - * asmlinkage off_t - * sys_lseek(unsigned int fd, - * off_t offset, - * unsigned int origin) +# pwrite64 ___________________________________________________ +/* + * asmlinkage ssize_t + * sys_pwrite64(unsigned int fd, + * const char __user *buf, + * size_t count, + * loff_t pos) */ -probe kernel.syscall.lseek = - kernel.function("sys_lseek") { - name = "lseek" - fildes = $fd - offset = $offset - whence = $origin - whence_str = _seek_whence_str($origin) +probe kernel.syscall.pwrite64 = + kernel.function("sys_pwrite64") { + name = "pwrite64" + fd = $fd + buf_uaddr = $buf + count = $count + offset = $pos } -probe kernel.syscall.lseek.return = - kernel.function("sys_lseek").return { - name = "lseek.return" +probe kernel.syscall.pwrite64.return = + kernel.function("sys_pwrite64").return { + name = "pwrite64.return" } -# llseek___________________________________________ -/* - * asmlinkage long - * sys_llseek(unsigned int fd, - * unsigned long offset_high, - * unsigned long offset_low, - * loff_t __user * result, - * unsigned int origin) +# quotactl ___________________________________________________ +/* + * asmlinkage long + * sys_quotactl(unsigned int cmd, + * const char __user *special, + * qid_t id, + * void __user *addr) */ -probe kernel.syscall.llseek = - kernel.function("sys_llseek") { - name = "llseek" - fd = $fd - offset_high = $offset_high - offset_low = $offset_low - result_uaddr = $result - whence = $origin - whence_str = _seek_whence_str($origin) +probe kernel.syscall.quotactl = + kernel.function("sys_quotactl") { + name = "quotactl" + cmd = $cmd + cmd_str = _quotactl_cmd_str($cmd) + special_uaddr = $special + id = $id + addr_uaddr = $addr } -probe kernel.syscall.llseek.return = - kernel.function("sys_llseek").return { - name = "llseek.return" +probe kernel.syscall.quotactl.return = + kernel.function("sys_quotactl").return { + name = "quotactl.return" } -# read_____________________________________________ -/* - * asmlinkage ssize_t +# read _______________________________________________________ +/* + * asmlinkage ssize_t * sys_read(unsigned int fd, * char __user * buf, - * size_t count) + * size_t count) */ -probe kernel.syscall.read = +probe kernel.syscall.read = kernel.function("sys_read") { name = "read" fd = $fd buf_uaddr = $buf count = $count } -probe kernel.syscall.read.return = +probe kernel.syscall.read.return = kernel.function("sys_read").return { name = "read.return" } -# readahead________________________________________ -/* - * asmlinkage ssize_t +# readahead __________________________________________________ +/* + * asmlinkage ssize_t * sys_readahead(int fd, * loff_t offset, * size_t count) */ -probe kernel.syscall.readahead = +probe kernel.syscall.readahead = kernel.function("sys_readahead") { name = "readahead" fd = $fd offset = $offset count = $count } -probe kernel.syscall.readahead.return = +probe kernel.syscall.readahead.return = kernel.function("sys_readahead").return { name = "readahead.return" } -# readv____________________________________________ +# readlink ___________________________________________________ +/* + * asmlinkage long + * sys_readlink(const char __user * path, + * char __user * buf, + * int bufsiz) + */ +probe kernel.syscall.readlink = + kernel.function("sys_readlink") { + name = "readlink" + path_uaddr = $path + buf_uaddr = $buf + bufsiz = $bufsiz + } +probe kernel.syscall.readlink.return = + kernel.function("sys_readlink").return { + name = "readlink.return" + } +# readv ______________________________________________________ /* - * asmlinkage ssize_t - * sys_readv(unsigned long fd, + * asmlinkage ssize_t + * sys_readv(unsigned long fd, * const struct iovec __user *vec, - * unsigned long vlen) + * unsigned long vlen) */ -probe kernel.syscall.readv = +probe kernel.syscall.readv = kernel.function("sys_readv") { name = "readv" fd = $fd vector_uaddr = $vec count = $vlen } -probe kernel.syscall.readv.return = +probe kernel.syscall.readv.return = kernel.function("sys_readv").return { name = "readv.return" } -# write____________________________________________ -/* - * asmlinkage ssize_t - * sys_write(unsigned int fd, - * const char __user * buf, - * size_t count) +# reboot _____________________________________________________ +/* + * asmlinkage long + * sys_reboot(int magic1, + * int magic2, + * unsigned int cmd, + * void __user * arg) */ -probe kernel.syscall.write = - kernel.function("sys_write") { - name = "write" - fd = $fd - buf_uaddr = $buf - count = $count +probe kernel.syscall.reboot = + kernel.function("sys_reboot") { + name = "reboot" + magic = $magic1 + magic_str = _reboot_magic_str($magic1) + magic2 = $magic2 + magic2_str =_reboot_magic_str($magic2) + flag = $cmd + flag_str = _reboot_flag_str(flag) + arg_uaddr = $arg } -probe kernel.syscall.write.return = - kernel.function("sys_write").return { - name = "write.return" +probe kernel.syscall.reboot.return = + kernel.function("sys_reboot").return { + name = "reboot.return" } -# writev___________________________________________ -/* - * asmlinkage ssize_t - * sys_writev(unsigned long fd, - * const struct iovec __user *vec, - * unsigned long vlen) +# recv _______________________________________________________ +/* + * asmlinkage long + * sys_recvfrom(int fd, + * void __user * ubuf, + * size_t size, + * unsigned flags, + * struct sockaddr __user *addr, + * int __user *addr_len) */ -probe kernel.syscall.writev = - kernel.function("sys_writev") { - name = "writev" - fd = $fd - vector_uaddr = $vec - count = $vlen +probe kernel.syscall.recv = + kernel.function("sys_recvfrom") { + name = "recv" + s = $fd + buf_uaddr = $ubuf + len = $size + flags = $flags + flags_str = _recvflags_str($flags) + from_uaddr = $addr + fromlen_uaddr = $addr_len } -probe kernel.syscall.writev.return = - kernel.function("sys_writev").return { - name = "writev.return" +probe kernel.syscall.recv.return = + kernel.function("sys_recvfrom").return { + name = "recv.return" } -# pread64__________________________________________ -/* - * asmlinkage ssize_t - * sys_pread64(unsigned int fd, - * char __user *buf, - * size_t count, - * loff_t pos) +# recvfrom ___________________________________________________ +/* + * asmlinkage long + * sys_recvfrom(int fd, + * void __user * ubuf, + * size_t size, + * unsigned flags, + * struct sockaddr __user *addr, + * int __user *addr_len) */ -probe kernel.syscall.pread64 = - kernel.function("sys_pread64") { - name = "pread64" - fd = $fd - buf_uaddr = $buf - count = $count - offset = $pos +probe kernel.syscall.recvfrom = + kernel.function("sys_recvfrom") { + name = "recvfrom" + s = $fd + buf_uaddr = $ubuf + len = $size + flags = $flags + flags_str = _recvflags_str($flags) + from_uaddr = $addr + fromlen = $addr_len } -probe kernel.syscall.pread64.return = - kernel.function("sys_pread64").return { - name = "pread64.return" +probe kernel.syscall.recvfrom.return = + kernel.function("sys_recvfrom").return { + name = "recvfrom.return" } -# pwrite64_________________________________________ -/* - * asmlinkage ssize_t - * sys_pwrite64(unsigned int fd, - * const char __user *buf, - * size_t count, - * loff_t pos) +# recvmsg ____________________________________________________ +/* + * asmlinkage long + * sys_recvmsg(int fd, + * struct msghdr __user *msg, + * unsigned int flags) */ -probe kernel.syscall.pwrite64 = - kernel.function("sys_pwrite64") { - name = "pwrite64" - fd = $fd - buf_uaddr = $buf - count = $count - offset = $pos +probe kernel.syscall.recvmsg = + kernel.function("sys_recvmsg") { + name = "recvmsg" + s = $fd + msg_uaddr = $msg + flags = $flags + flags_str = _recvflags_str($flags) } -probe kernel.syscall.pwrite64.return = - kernel.function("sys_pwrite64").return { - name = "pwrite64.return" +probe kernel.syscall.recvmsg.return = + kernel.function("sys_recvmsg").return { + name = "recvmsg.return" } -# getcwd___________________________________________ -/* - * asmlinkage long - * sys_getcwd(char __user *buf, - * unsigned long size) +# remap_file_pages ___________________________________________ +/* + * asmlinkage long + * sys_remap_file_pages(unsigned long start, + * unsigned long size, + * unsigned long __prot, + * unsigned long pgoff, + * unsigned long flags) */ -probe kernel.syscall.getcwd = - kernel.function("sys_getcwd") { - name = "getcwd" - buf_uaddr = $buf +probe kernel.syscall.remap_file_pages = + kernel.function("sys_remap_file_pages") { + name = "remap_file_pages" + start = $start size = $size + prot = $__prot + pgoff = $pgoff + flags = $flags } -probe kernel.syscall.getcwd.return = - kernel.function("sys_getcwd").return { - name = "getcwd.return" +probe kernel.syscall.remap_file_pages.return = + kernel.function("sys_remap_file_pages").return { + name = "remap_file_pages.return" } -# mkdir____________________________________________ -/* - * asmlinkage long - * sys_mkdir(const char __user * pathname, - * int mode) +# removexattr ________________________________________________ +/* + * asmlinkage long + * sys_removexattr(char __user *path, + * char __user *name) */ -probe kernel.syscall.mkdir = - kernel.function("sys_mkdir") { - name = "mkdir" - pathname_uaddr = $pathname - mode = $mode +probe kernel.syscall.removexattr = + kernel.function("sys_removexattr") { + name = "removexattr" + path_uaddr = $path + name_uaddr = $name } -probe kernel.syscall.mkdir.return = - kernel.function("sys_mkdir").return { - name = "mkdir.return" +probe kernel.syscall.removexattr.return = + kernel.function("sys_removexattr").return { + name = "removexattr.return" } -# chdir____________________________________________ -/* - * asmlinkage long - * sys_chdir(const char __user * filename) +# rename _____________________________________________________ +/* + * asmlinkage long + * sys_rename(const char __user * oldname, + * const char __user * newname) */ -probe kernel.syscall.chdir = - kernel.function("sys_chdir") { - name = "chdir" - path_uaddr = $filename +probe kernel.syscall.rename = + kernel.function("sys_rename") { + name = "rename" + oldpath_uaddr = $oldname + newpath_uaddr = $newname } -probe kernel.syscall.chdir.return = - kernel.function("sys_chdir").return { - name = "chdir.return" +probe kernel.syscall.rename.return = + kernel.function("sys_rename").return { + name = "rename.return" } -# fchdir___________________________________________ -/* - * asmlinkage long - * sys_fchdir(unsigned int fd) +# request_key ________________________________________________ +/* + * asmlinkage long + * sys_request_key(const char __user *_type, + * const char __user *_description, + * const char __user *_callout_info, + * key_serial_t destringid) */ -probe kernel.syscall.fchdir = - kernel.function("sys_fchdir") { - name = "fchdir" - fd = $fd +probe kernel.syscall.request_key = + kernel.function("sys_request_key") { + name = "request_key" + type_uaddr = $_type + description_uaddr = $_description + callout_info_uaddr = $_callout_info + destringid = $destringid } -probe kernel.syscall.fchdir.return = - kernel.function("sys_fchdir").return { - name = "fchdir.return" +probe kernel.syscall.request_key.return = + kernel.function("sys_request_key").return { + name = "request_key.return" } -# rmdir____________________________________________ -/* - * asmlinkage long - * sys_rmdir(const char __user * pathname) +# restart_syscall ____________________________________________ +/* + * asmlinkage long + * sys_restart_syscall(void) */ -probe kernel.syscall.rmdir = +probe kernel.syscall.restart_syscall = + kernel.function("sys_restart_syscall") { + name = "restart_syscall" + } +probe kernel.syscall.restart_syscall.return = + kernel.function("sys_restart_syscall").return { + name = "restart_syscall.return" + } +# rmdir ______________________________________________________ +/* + * asmlinkage long + * sys_rmdir(const char __user * pathname) + */ +probe kernel.syscall.rmdir = kernel.function("sys_rmdir") { name = "rmdir" pathname_uaddr = $pathname } -probe kernel.syscall.rmdir.return = +probe kernel.syscall.rmdir.return = kernel.function("sys_rmdir").return { name = "rmdir.return" } -# lookup_dcookie___________________________________ -/* - * asmlinkage long - * sys_lookup_dcookie(u64 cookie64, - * char __user * buf, - * size_t len) +# rt_sigaction _______________________________________________ +/* + * asmlinkage long + * sys_rt_sigaction(int sig, + * const struct sigaction __user *act, + * struct sigaction __user *oact, + * size_t sigsetsize, + * void __user *restorer) */ -probe kernel.syscall.lookup_dcookie = - kernel.function("sys_lookup_dcookie") { - name = "lookup_dcookie" - cookie = $cookie64 - buffer_uaddr = $buf - len = $len +probe kernel.syscall.rt_sigaction = + kernel.function("sys_rt_sigaction") { + name = "rt_sigaction" + sig = $sig + act_uaddr = $act + oact_uaddr = $oact + sigsetsize = $sigsetsize + /* + * unable to find local 'restorer' (maybe i386 specific) + * restorer_uaddr = $restorer + */ } -probe kernel.syscall.lookup_dcookie.return = - kernel.function("sys_lookup_dcookie").return { - name = "lookup_dcookie.return" +probe kernel.syscall.rt_sigaction.return = + kernel.function("sys_rt_sigaction").return { + name = "rt_sigaction.return" } -# quotactl_________________________________________ -/* - * asmlinkage long - * sys_quotactl(unsigned int cmd, - * const char __user *special, - * qid_t id, - * void __user *addr) +# rt_sigpending ______________________________________________ +/* + * asmlinkage long + * sys_rt_sigpending(sigset_t __user *set, + * size_t sigsetsize) */ -probe kernel.syscall.quotactl = - kernel.function("sys_quotactl") { - name = "quotactl" - cmd = $cmd - cmd_str = _quotactl_cmd_str($cmd) - special_uaddr = $special - id = $id +probe kernel.syscall.rt_sigpending = + kernel.function("do_sigpending") { + name = "rt_sigpending" + set_uaddr = $set + sigsetsize = $sigsetsize + } +probe kernel.syscall.rt_sigpending.return = + kernel.function("do_sigpending").return { + name = "rt_sigpending.return" + } +# rt_sigprocmask _____________________________________________ +/* + * asmlinkage long + * sys_rt_sigprocmask(int how, + * sigset_t __user *set, + * sigset_t __user *oset, + * size_t sigsetsize) + */ +probe kernel.syscall.rt_sigprocmask = + kernel.function("sys_rt_sigprocmask") { + name = "rt_sigprocmask" + how = $how + how_str = _sigprocmask_how_str($how) + set_uaddr = $set + oset_uaddr = $oset + sigsetsize = $sigsetsize + } +probe kernel.syscall.rt_sigprocmask.return = + kernel.function("sys_rt_sigprocmask").return { + name = "rt_sigprocmask.return" + } +# rt_sigqueueinfo ____________________________________________ +/* + * asmlinkage long + * sys_rt_sigqueueinfo(int pid, + * int sig, + * siginfo_t __user *uinfo) + */ +probe kernel.syscall.rt_sigqueueinfo = + kernel.function("sys_rt_sigqueueinfo") { + name = "rt_sigqueueinfo" + pid = $pid + sig = $sig + uinfo_uaddr = $uinfo + } +probe kernel.syscall.rt_sigqueueinfo.return = + kernel.function("sys_rt_sigqueueinfo").return { + name = "rt_sigqueueinfo.return" + } +# rt_sigreturn _______________________________________________ +/* + * asmlinkage int + * sys_rt_sigreturn(unsigned long __unused) + */ +probe kernel.syscall.rt_sigreturn = + kernel.function("sys_rt_sigreturn") { + name = "rt_sigreturn" + unused = $__unused + } +probe kernel.syscall.rt_sigreturn.return = + kernel.function("sys_rt_sigreturn").return { + name = "rt_sigreturn.return" + } +# rt_sigsuspend ______________________________________________ +/* + * asmlinkage int + * sys_rt_sigsuspend(struct pt_regs regs) + */ +probe kernel.syscall.rt_sigsuspend = + kernel.function("sys_rt_sigsuspend") { + name = "rt_sigsuspend" /* - addr = $addr - */ + * unsupported type identifier '$regs' + * regs = $regs + */ } -probe kernel.syscall.quotactl.return = - kernel.function("sys_quotactl").return { - name = "quotactl.return" +probe kernel.syscall.rt_sigsuspend.return = + kernel.function("sys_rt_sigsuspend").return { + name = "rt_sigsuspend.return" } -# getdents_________________________________________ -/* - * asmlinkage long - * sys_getdents(unsigned int fd, - * struct linux_dirent __user * dirent, - * unsigned int count) +# rt_sigtimedwait ____________________________________________ +/* + * asmlinkage long + * sys_rt_sigtimedwait(const sigset_t __user *uthese, + * siginfo_t __user *uinfo, + * const struct timespec __user *uts, + * size_t sigsetsize) */ -probe kernel.syscall.getdents = - kernel.function("sys_getdents") { - name = "getdents" - fd = $fd - dirp_uaddr = $dirent - count = $count +probe kernel.syscall.rt_sigtimedwait = + kernel.function("sys_rt_sigtimedwait") { + name = "rt_sigtimedwait" + uthese_uaddr = $uthese + uinfo_uaddr = $uinfo + uts_uaddr = $uts + sigsetsize = $sigsetsize } -probe kernel.syscall.getdents.return = - kernel.function("sys_getdents").return { - name = "getdents.return" +probe kernel.syscall.rt_sigtimedwait.return = + kernel.function("sys_rt_sigtimedwait").return { + name = "rt_sigtimedwait.return" } -# getdents64_______________________________________ -/* - * asmlinkage long - * sys_getdents64(unsigned int fd, - * struct linux_dirent64 __user * dirent, - * unsigned int count) +# sched_getaffinity __________________________________________ +/* + * asmlinkage long + * sys_sched_getaffinity(pid_t pid, + * unsigned int len, + * unsigned long __user *user_mask_ptr) */ -probe kernel.syscall.getdents64 = - kernel.function("sys_getdents64") { - name = "getdents64" - fd = $fd - dirp_uaddr = $dirent - count = $count +probe kernel.syscall.sched_getaffinity = + kernel.function("sys_sched_getaffinity") { + name = "sched_getaffinity" + pid = $pid + len = $len + mask_uaddr = $user_mask_ptr } -probe kernel.syscall.getdents64.return = - kernel.function("sys_getdents64").return { - name = "getdents64.return" +probe kernel.syscall.sched_getaffinity.return = + kernel.function("sys_sched_getaffinity").return { + name = "sched_getaffinity.return" } -# setsockopt_______________________________________ -/* - * asmlinkage long - * sys_setsockopt(int fd, - * int level, - * int optname, - * char __user *optval, - * int optlen) +# sched_getparam _____________________________________________ +/* + * asmlinkage long + * sys_sched_getparam(pid_t pid, + * struct sched_param __user *param) */ -probe kernel.syscall.setsockopt = - kernel.function("sys_setsockopt") { - name = "setsockopt" - fd = $fd - level = $level - level_str = _sockopt_level_str($level) - optname = $optname - optname_str = _sockopt_optname_str($optname) - optval_uaddr = $optval - optlen = $optlen +probe kernel.syscall.sched_getparam = + kernel.function("sys_sched_getparam") { + name = "sched_getparam" + pid = $pid + p_uaddr = $param } -probe kernel.syscall.setsockopt.return = - kernel.function("sys_setsockopt").return { - name = "setsockopt.return" +probe kernel.syscall.sched_getparam.return = + kernel.function("sys_sched_getparam").return { + name = "sched_getparam.return" } -# getsockopt_______________________________________ -/* - * asmlinkage long - * sys_getsockopt(int fd, - * int level, - * int optname, - * char __user *optval, - * int __user *optlen) +# sched_get_priority_max _____________________________________ +/* + * asmlinkage long + * sys_sched_get_priority_max(int policy) */ -probe kernel.syscall.getsockopt = - kernel.function("sys_getsockopt") { - name = "getsockopt" - fd = $fd - level = $level - level_str = _sockopt_level_str($level) - optname = $optname - optname_str = _sockopt_optname_str($optname) - optval_uaddr = $optval - optlen_uaddr = $optlen +probe kernel.syscall.sched_get_priority_max = + kernel.function("sys_sched_get_priority_max") { + name = "sched_get_priority_max" + policy = $policy } -probe kernel.syscall.getsockopt.return = - kernel.function("sys_getsockopt").return { - name = "getsockopt.return" +probe kernel.syscall.sched_get_priority_max.return = + kernel.function("sys_sched_get_priority_max").return { + name = "sched_get_priority_max.return" } -# bind_____________________________________________ -/* - * asmlinkage long - * sys_bind(int fd, - * struct sockaddr __user *umyaddr, - * int addrlen) +# sched_get_priority_min _____________________________________ +/* + * asmlinkage long + * sys_sched_get_priority_min(int policy) */ -probe kernel.syscall.bind = - kernel.function("sys_bind") { - name = "bind" - sockfd = $fd - my_addr_uaddr = $umyaddr - addrlen = $addrlen +probe kernel.syscall.sched_get_priority_min = + kernel.function("sys_sched_get_priority_min") { + name = "sched_get_priority_min" + policy = $policy } -probe kernel.syscall.bind.return = - kernel.function("sys_bind").return { - name = "bind.return" +probe kernel.syscall.sched_get_priority_min.return = + kernel.function("sys_sched_get_priority_min").return { + name = "sched_get_priority_min.return" } -# connect__________________________________________ -/* +# sched_getscheduler _________________________________________ +/* * asmlinkage long - * sys_connect(int fd, - * struct sockaddr __user *uservaddr, - * int addrlen) + * sys_sched_getscheduler(pid_t pid) */ -probe kernel.syscall.connect = - kernel.function("sys_connect") { - name = "connect" - sockfd = $fd - serv_addr_uaddr = $uservaddr - addrlen = $addrlen -} -probe kernel.syscall.connect.return = - kernel.function("sys_connect").return { - name = "connect.return" +probe kernel.syscall.sched_getscheduler = + kernel.function("sys_sched_getscheduler") { + name = "sched_getscheduler" + pid = $pid } -# accept___________________________________________ -/* - * asmlinkage long - * sys_accept(int fd, - * struct sockaddr __user *upeer_sockaddr, - * int __user *upeer_addrlen) +probe kernel.syscall.sched_getscheduler.return = + kernel.function("sys_sched_getscheduler").return { + name = "sched_getscheduler.return" + } +# sched_rr_get_interval ______________________________________ +/* + * asmlinkage long + * sys_sched_rr_get_interval(pid_t pid, + * struct timespec __user *interval) */ -probe kernel.syscall.accept = - kernel.function("sys_accept") { - name = "accept" - s = $fd - addr_uaddr = $upeer_sockaddr - addrlen_uaddr = $upeer_addrlen +probe kernel.syscall.sched_rr_get_interval = + kernel.function("sys_sched_rr_get_interval") { + name = "sched_rr_get_interval" + pid = $pid + tp_uaddr = $interval } -probe kernel.syscall.accept.return = - kernel.function("sys_accept").return { - name = "accept.return" +probe kernel.syscall.sched_rr_get_interval.return = + kernel.function("sys_sched_rr_get_interval").return { + name = "sched_rr_get_interval.return" } -# getsockname______________________________________ -/* - * asmlinkage long - * sys_getsockname(int fd, - * struct sockaddr __user *usockaddr, - * int __user *usockaddr_len) +# sched_setaffinity __________________________________________ +/* + * asmlinkage long + * sys_sched_setaffinity(pid_t pid, + * unsigned int len, + * unsigned long __user *user_mask_ptr) */ -probe kernel.syscall.getsockname = - kernel.function("sys_getsockname") { - name = "getsockname" - s = $fd - name_uaddr = $usockaddr - namelen_uaddr = $usockaddr_len +probe kernel.syscall.sched_setaffinity = + kernel.function("sys_sched_setaffinity") { + name = "sched_setaffinity" + pid = $pid + len = $len + mask_uaddr = $user_mask_ptr } -probe kernel.syscall.getsockname.return = - kernel.function("sys_getsockname").return { - name = "getsockname.return" +probe kernel.syscall.sched_setaffinity.return = + kernel.function("sys_sched_setaffinity").return { + name = "sched_setaffinity.return" } -# getpeername______________________________________ -/* - * asmlinkage long - * sys_getpeername(int fd, - * struct sockaddr __user *usockaddr, - * int __user *usockaddr_len) +# sched_setparam _____________________________________________ +/* + * asmlinkage long + * sys_sched_setparam(pid_t pid, + * struct sched_param __user *param) */ -probe kernel.syscall.getpeername = - kernel.function("sys_getpeername") { - name = "getpeername" - s = $fd - name_uaddr = $usockaddr - namelen_uaddr = $usockaddr_len +probe kernel.syscall.sched_setparam = + kernel.function("do_sched_setscheduler") { + name = "sched_setparam" + pid = $pid + p_uaddr = $param } -probe kernel.syscall.getpeername.return = - kernel.function("sys_getpeername").return { - name = "getpeername.return" +probe kernel.syscall.sched_setparam.return = + kernel.function("do_sched_setscheduler").return { + name = "sched_setparam.return" } -# send_____________________________________________ -/* - * asmlinkage long - * sys_sendto(int fd, +# sched_setscheduler _________________________________________ +/* + * asmlinkage long + * sys_sched_setscheduler(pid_t pid, + * int policy, + * struct sched_param __user *param) + */ +probe kernel.syscall.sched_setscheduler = + kernel.function("do_sched_setscheduler") { + name = "sched_setscheduler" + pid = $pid + policy = $policy + policy_str = _sched_policy_str($policy) + p_uaddr = $param + } +probe kernel.syscall.sched_setscheduler.return = + kernel.function("do_sched_setscheduler").return { + name = "sched_setscheduler.return" + } +# sched_yield ________________________________________________ +/* + * asmlinkage long + * sys_sched_yield(void) + */ +probe kernel.syscall.sched_yield = + kernel.function("sys_sched_yield") { + name = "sched_yield" + } +probe kernel.syscall.sched_yield.return = + kernel.function("sys_sched_yield").return { + name = "sched_yield.return" + } +# select _____________________________________________________ +/* + * asmlinkage long + * sys_select(int n, + * fd_set __user *inp, + * fd_set __user *outp, + * fd_set __user *exp, + * struct timeval __user *tvp) + */ +probe kernel.syscall.select = + kernel.function("sys_select") { + name = "select" + n = $n + readfds_uaddr = $inp + writefds_uaddr = $outp + exceptfds_uaddr = $exp + timeout_uaddr = $tvp + } +probe kernel.syscall.select.return = + kernel.function("sys_select").return { + name = "select.return" + } +# semctl _____________________________________________________ +/* + * asmlinkage long + * sys_semctl (int semid, + * int semnum, + * int cmd, + * union semun arg) + */ +probe kernel.syscall.semctl = + kernel.function("sys_semctl") { + name = "semctl" + semid = $semid + semnum = $semnum + cmd = $cmd + /* + * unsupported type tag identifier '$arg' + * arg = $arg + */ + } +probe kernel.syscall.semctl.return = + kernel.function("sys_semctl").return { + name = "semctl.return" + } +# semget _____________________________________________________ +/* + * asmlinkage long + * sys_semget (key_t key, + * int nsems, + * int semflg) + */ +probe kernel.syscall.semget = + kernel.function("sys_semget") { + name = "semget" + key = $key + nsems = $nsems + semflg = $semflg + } +probe kernel.syscall.semget.return = + kernel.function("sys_semget").return { + name = "semget.return" + } +# semop ______________________________________________________ +/* + * asmlinkage long + * sys_semop (int semid, + * struct sembuf __user *tsops, + * unsigned nsops) + */ +probe kernel.syscall.semop = + kernel.function("sys_semtimedop") { + name = "semop" + semid = $semid + tsops_uaddr = $tsops + nsops = $nsops + } +probe kernel.syscall.semop.return = + kernel.function("sys_semtimedop").return { + name = "semop.return" + } +# semtimedop _________________________________________________ +/* + * asmlinkage long + * sys_semtimedop(int semid, + * struct sembuf __user *tsops, + * unsigned nsops, + * const struct timespec __user *timeout) + */ +probe kernel.syscall.semtimedop = + kernel.function("sys_semtimedop") { + name = "semtimedop" + semid = $semid + sops_uaddr = $tsops + nsops = $nsops + timeout_uaddr = $timeout + } +probe kernel.syscall.semtimedop.return = + kernel.function("sys_semtimedop").return { + name = "semtimedop.return" + } +# send _______________________________________________________ +/* + * asmlinkage long + * sys_sendto(int fd, * void __user * buff, - * size_t len, + * size_t len, * unsigned flags, * struct sockaddr __user *addr, - * int addr_len) + * int addr_len) */ -probe kernel.syscall.send = +probe kernel.syscall.send = kernel.function("sys_sendto") { name = "send" s = $fd - /* - buf = $buf - */ + buf_uaddr = $buff len = $len flags = $flags flags_str = _send_flags_str($flags) to_uaddr = $addr tolen = $addr_len } -probe kernel.syscall.send.return = +probe kernel.syscall.send.return = kernel.function("sys_sendto").return { name = "send.return" } -# sendto___________________________________________ -/* - * asmlinkage long - * sys_sendto(int fd, +# sendfile ___________________________________________________ +/* + * asmlinkage ssize_t + * sys_sendfile(int out_fd, + * int in_fd, + * off_t __user *offset, + * size_t count) + */ +probe kernel.syscall.sendfile = + kernel.function("sys_sendfile") { + name = "sendfile" + out_fd = $out_fd + in_fd = $in_fd + offset_uaddr = $offset + count = $count + } +probe kernel.syscall.sendfile.return = + kernel.function("sys_sendfile").return { + name = "sendfile.return" + } +# sendfile64 _________________________________________________ +/* + * asmlinkage ssize_t + * sys_sendfile64(int out_fd, + * int in_fd, + * loff_t __user *offset, + * size_t count) + */ +probe kernel.syscall.sendfile64 = + kernel.function("sys_sendfile64") { + name = "sendfile64" + out_fd = $out_fd + in_fd = $in_fd + offset_uaddr = $offset + count = $count + } +probe kernel.syscall.sendfile64.return = + kernel.function("sys_sendfile64").return { + name = "sendfile64.return" + } +# sendmsg ____________________________________________________ +/* + * asmlinkage long + * sys_sendmsg(int fd, + * struct msghdr __user *msg, + * unsigned flags) + */ +probe kernel.syscall.sendmsg = + kernel.function("sys_sendmsg") { + name = "sendmsg" + s = $fd + msg_uaddr = $msg + flags = $flags + flags_str = _send_flags_str($flags) + } +probe kernel.syscall.sendmsg.return = + kernel.function("sys_sendmsg").return { + name = "sendmsg.return" + } +# sendto _____________________________________________________ +/* + * asmlinkage long + * sys_sendto(int fd, * void __user * buff, - * size_t len, + * size_t len, * unsigned flags, * struct sockaddr __user *addr, - * int addr_len) + * int addr_len) */ -probe kernel.syscall.sendto = +probe kernel.syscall.sendto = kernel.function("sys_sendto") { name = "sendto" s = $fd - /* - buf = $buf - */ + buf_uaddr = $buff len = $len flags = $flags flags_str = _send_flags_str($flags) to_uaddr = $addr tolen = $addr_len } -probe kernel.syscall.sendto.return = +probe kernel.syscall.sendto.return = kernel.function("sys_sendto").return { name = "sendto.return" } -# sendmsg__________________________________________ -/* - * asmlinkage long - * sys_sendmsg(int fd, - * struct msghdr __user *msg, - * unsigned flags) +# setdomainname ______________________________________________ +/* + * asmlinkage long + * sys_setdomainname(char __user *name, + * int len) */ -probe kernel.syscall.sendmsg = - kernel.function("sys_sendmsg") { - name = "sendmsg" - s = $fd - msg_uaddr = $msg - flags = $flags - flags_str = _send_flags_str($flags) +probe kernel.syscall.setdomainname = + kernel.function("sys_setdomainname") { + name = "setdomainname" + hostname_uaddr = $name + len = $len } -probe kernel.syscall.sendmsg.return = - kernel.function("sys_sendmsg").return { - name = "sendmsg.return" +probe kernel.syscall.setdomainname.return = + kernel.function("sys_setdomainname").return { + name = "setdomainname.return" } -# recv_____________________________________________ -/* - * asmlinkage long - * sys_recvfrom(int fd, - * void __user * ubuf, - * size_t size, - * unsigned flags, - * struct sockaddr __user *addr, - * int __user *addr_len) +# setfsgid ___________________________________________________ +/* + * asmlinkage long + * sys_setfsgid(gid_t gid) */ -probe kernel.syscall.recv = - kernel.function("sys_recvfrom") { - name = "recv" - s = $fd - /* - buf = $buf - */ - len = $size - flags = $flags - flags_str = _recvflags_str($flags) - from_uaddr = $addr - fromlen_uaddr = $addr_len +probe kernel.syscall.setfsgid = + kernel.function("sys_setfsgid") { + name = "setfsgid" + fsgid = $gid } -probe kernel.syscall.recv.return = - kernel.function("sys_recvfrom").return { - name = "recv.return" +probe kernel.syscall.setfsgid.return = + kernel.function("sys_setfsgid").return { + name = "setfsgid.return" } -# recvfrom_________________________________________ -/* - * asmlinkage long - * sys_recvfrom(int fd, - * void __user * ubuf, - * size_t size, - * unsigned flags, - * struct sockaddr __user *addr, - * int __user *addr_len) +# setfsgid16 _________________________________________________ +/* + * asmlinkage long + * sys_setfsgid16(old_gid_t gid) */ -probe kernel.syscall.recvfrom = - kernel.function("sys_recvfrom") { - name = "recvfrom" - s = $fd - /* - buf = $buf - */ - len = $size - flags = $flags - flags_str = _recvflags_str($flags) - from_uaddr = $addr - fromlen = $addr_len +probe kernel.syscall.setfsgid16 = + kernel.function("sys_setfsgid") { + name = "setfsgid16" + gid = $gid } -probe kernel.syscall.recvfrom.return = - kernel.function("sys_recvfrom").return { - name = "recvfrom.return" +probe kernel.syscall.setfsgid16.return = + kernel.function("sys_setfsgid").return { + name = "setfsgid16.return" } -# recvmsg__________________________________________ -/* - * asmlinkage long - * sys_recvmsg(int fd, - * struct msghdr __user *msg, - * unsigned int flags) +# setfsuid ___________________________________________________ +/* + * asmlinkage long + * sys_setfsuid(uid_t uid) */ -probe kernel.syscall.recvmsg = - kernel.function("sys_recvmsg") { - name = "recvmsg" - s = $fd - msg_uaddr = $msg - flags = $flags - flags_str = _recvflags_str($flags) +probe kernel.syscall.setfsuid = + kernel.function("sys_setfsuid") { + name = "setfsuid" + fsuid = $uid } -probe kernel.syscall.recvmsg.return = - kernel.function("sys_recvmsg").return { - name = "recvmsg.return" +probe kernel.syscall.setfsuid.return = + kernel.function("sys_setfsuid").return { + name = "setfsuid.return" } -# socket___________________________________________ -/* - * asmlinkage long - * sys_socket(int family, - * int type, - * int protocol) +# setfsuid16 _________________________________________________ +/* + * asmlinkage long + * sys_setfsuid16(old_uid_t uid) */ -probe kernel.syscall.socket = - kernel.function("sys_socket") { - name = "socket" - family = $family - family_str = _sock_family_str($family) - type = $type - type_str = _sock_type_str($type) - protocol = $protocol +probe kernel.syscall.setfsuid16 = + kernel.function("sys_setfsuid") { + name = "setfsuid16" + uid = $uid } -probe kernel.syscall.socket.return = - kernel.function("sys_socket").return { - name = "socket.return" +probe kernel.syscall.setfsuid16.return = + kernel.function("sys_setfsuid").return { + name = "setfsuid16.return" } -# socketpair_______________________________________ -/* - * asmlinkage long - * sys_socketpair(int family, - * int type, - * int protocol, - * int __user *usockvec) +# setgid _____________________________________________________ +/* + * asmlinkage long + * sys_setgid(gid_t gid) */ -probe kernel.syscall.socketpair = - kernel.function("sys_socketpair") { - name = "socketpair" - family = $family - family_str = _sock_family_str($family) - type = $type - type_str = _sock_type_str($type) - protocol = $protocol - sv_uaddr = $usockvec +probe kernel.syscall.setgid = + kernel.function("sys_setgid") { + name = "setgid" + gid = $gid } -probe kernel.syscall.socketpair.return = - kernel.function("sys_socketpair").return { - name = "socketpair.return" +probe kernel.syscall.setgid.return = + kernel.function("sys_setgid").return { + name = "setgid.return" } -# socketcall_______________________________________ -/* - * asmlinkage long - * sys_socketcall(int call, - * unsigned long __user *args) +# setgid16 ___________________________________________________ +/* + * asmlinkage long + * sys_setgid16(old_gid_t gid) */ -probe kernel.syscall.socketcall = - kernel.function("sys_socketcall") { - name = "socketcall" - call = $call - args_uaddr = $args +probe kernel.syscall.setgid16 = + kernel.function("sys_setgid") { + name = "setgid16" + gid = $gid } -probe kernel.syscall.socketcall.return = - kernel.function("sys_socketcall").return { - name = "socketcall.return" +probe kernel.syscall.setgid16.return = + kernel.function("sys_setgid").return { + name = "setgid16.return" } -# listen___________________________________________ -/* - * asmlinkage long - * sys_listen(int fd, - * int backlog) +# setgroups __________________________________________________ +/* + * asmlinkage long + * sys_setgroups(int gidsetsize, + * gid_t __user *grouplist) */ -probe kernel.syscall.listen = - kernel.function("sys_listen") { - name = "listen" - s = $fd - backlog = $backlog +probe kernel.syscall.setgroups = + kernel.function("sys_setgroups") { + name = "setgroups" + size = $gidsetsize + /* + * NOTE + * list defined as "gid_t list[]" there + * is no practical way to export these + * values. Therefore just export addr, + * let the user take care of it with + * embedded C if need be. + */ + list_uaddr = $grouplist } -probe kernel.syscall.listen.return = - kernel.function("sys_listen").return { - name = "listen.return" +probe kernel.syscall.setgroups.return = + kernel.function("sys_setgroups").return { + name = "setgroups.return" } -# poll_____________________________________________ -/* - * asmlinkage long - * sys_poll(struct pollfd __user * ufds, - * unsigned int nfds, - * long timeout) +# setgroups16 ________________________________________________ +/* + * asmlinkage long + * sys_setgroups16(int gidsetsize, + * old_gid_t __user *grouplist) */ -probe kernel.syscall.poll = - kernel.function("sys_poll") { - name = "poll" - ufds_uaddr = $ufds - nfds = $nfds - timeout = $timeout +probe kernel.syscall.setgroups16 = + kernel.function("sys_setgroups16") { + name = "setgroups16" + size = $gidsetsize + list_uaddr = $grouplist } -probe kernel.syscall.poll.return = - kernel.function("sys_poll").return { - name = "poll.return" +probe kernel.syscall.setgroups16.return = + kernel.function("sys_setgroups16").return { + name = "setgroups16.return" } -# select___________________________________________ -/* - * asmlinkage long - * sys_select(int n, - * fd_set __user *inp, - * fd_set __user *outp, - * fd_set __user *exp, - * struct timeval __user *tvp) +# sethostname ________________________________________________ +/* + * asmlinkage long + * sys_sethostname(char __user *name, + * int len) */ -probe kernel.syscall.select = - kernel.function("sys_select") { - name = "select" - n = $n - readfds_uaddr = $inp - writefds_uaddr = $outp - exceptfds_uaddr = $exp - timeout_uaddr = $tvp +probe kernel.syscall.sethostname = + kernel.function("sys_sethostname") { + name = "sethostname" + hostname_uaddr = $name + len = $len } -probe kernel.syscall.select.return = - kernel.function("sys_select").return { - name = "select.return" +probe kernel.syscall.sethostname.return = + kernel.function("sys_sethostname").return { + name = "sethostname.return" } -# epoll_create_____________________________________ -/* - * asmlinkage long - * sys_epoll_create(int size) +# setitimer __________________________________________________ +/* + * asmlinkage long + * sys_setitimer(int which, + * struct itimerval __user *value, + * struct itimerval __user *ovalue) */ -probe kernel.syscall.epoll_create = - kernel.function("sys_epoll_create") { - name = "epoll_create" - size = $size +probe kernel.syscall.setitimer = + kernel.function("sys_setitimer") { + name = "setitimer" + which = $which + which_str = _itimer_which_str($which) + value_uaddr = $value + ovalue_uaddr = $ovalue + /* + * XXX NOT SAFE -- might sleep + * value_it_interval_tv_sec = __uget_itimerval_tv_m($value,0) + * value_it_interval_tv_usec = __uget_itimerval_tv_m($value,1) + * value_it_value_tv_sec = __uget_itimerval_tv_m($value,2) + * value_it_value_tv_usec = __uget_itimerval_tv_m($value,3) + * ovalue_it_interval_tv_sec = __uget_itimerval_tv_m($ovalue,0) + * ovalue_it_interval_tv_usec =__uget_itimerval_tv_m($ovalue,1) + * ovalue_it_value_tv_sec = __uget_itimerval_tv_m($ovalue,2) + * ovalue_it_value_tv_usec = __uget_itimerval_tv_m($ovalue,3) + */ } -probe kernel.syscall.epoll_create.return = - kernel.function("sys_epoll_create").return { - name = "epoll_create.return" +probe kernel.syscall.setitimer.return = + kernel.function("sys_setitimer").return { + name = "setitimer.return" } -# epoll_ctl________________________________________ -/* - * asmlinkage long - * sys_epoll_ctl(int epfd, - * int op, - * int fd, - * struct epoll_event __user *event) +# set_mempolicy ______________________________________________ +/* + * asmlinkage long + * sys_set_mempolicy(int mode, + * unsigned long __user *nmask, + * unsigned long maxnode) */ -probe kernel.syscall.epoll_ctl = - kernel.function("sys_epoll_ctl") { - name = "epoll_ctl" - epfd = $epfd - op = $op - op_str = _opoll_op_str($op) - fd = $fd - event_uaddr = $event +/* +probe kernel.syscall.set_mempolicy = + kernel.function("sys_set_mempolicy") { + name = "set_mempolicy" + mode = $mode + nmask_uaddr = $nmask + maxnode = $maxnode } -probe kernel.syscall.epoll_ctl.return = - kernel.function("sys_epoll_ctl").return { - name = "epoll_ctl.return" +probe kernel.syscall.set_mempolicy.return = + kernel.function("sys_set_mempolicy").return { + name = "set_mempolicy.return" } -# epoll_wait_______________________________________ -/* - * asmlinkage long - * sys_epoll_wait(int epfd, - * struct epoll_event __user *events, - * int maxevents, - * int timeout) +*/ +# setpgid ____________________________________________________ +/* + * asmlinkage long + * sys_setpgid(pid_t pid, + * pid_t pgid) */ -probe kernel.syscall.epoll_wait = - kernel.function("sys_epoll_wait") { - name = "epoll_wait" - epfd = $epfd - events_uaddr = $events - maxevents = $maxevents - timeout = $timeout +probe kernel.syscall.setpgid = + kernel.function("sys_setpgid") { + name = "setpgid" + pid = $pid + pgid = $pgid } -probe kernel.syscall.epoll_wait.return = - kernel.function("sys_epoll_wait").return { - name = "epoll_wait.return" +probe kernel.syscall.setpgid.return = + kernel.function("sys_setpgid").return { + name = "setpgid.return" } -# gethostname______________________________________ -/* - * asmlinkage long - * sys_gethostname(char __user *name, - * int len) +# setpriority ________________________________________________ +/* + * asmlinkage long + * sys_setpriority(int which, + * int who, + * int niceval) */ -probe kernel.syscall.gethostname = - kernel.function("sys_gethostname") { - name = "gethostname" - hostname_uaddr = $name - len = $len +probe kernel.syscall.setpriority = + kernel.function("sys_setpriority") { + name = "setpriority" + which = $which + which_str = _priority_which_str($which) + who = $who + prio = $niceval } -probe kernel.syscall.gethostname.return = - kernel.function("sys_gethostname").return { - name = "gethostname.return" +probe kernel.syscall.setpriority.return = + kernel.function("sys_setpriority").return { + name = "setpriority.return" } -# sethostname______________________________________ -/* - * asmlinkage long - * sys_sethostname(char __user *name, - * int len) +# setregid ___________________________________________________ +/* + * asmlinkage long + * sys_setregid(gid_t rgid, + * gid_t egid) */ -probe kernel.syscall.sethostname = - kernel.function("sys_sethostname") { - name = "sethostname" - hostname_uaddr = $name - len = $len +probe kernel.syscall.setregid = + kernel.function("sys_setregid") { + name = "setregid" + rgid = $rgid + egid = $egid } -probe kernel.syscall.sethostname.return = - kernel.function("sys_sethostname").return { - name = "sethostname.return" +probe kernel.syscall.setregid.return = + kernel.function("sys_setregid").return { + name = "setregid.return" } -# setdomainname____________________________________ -/* - * asmlinkage long - * sys_setdomainname(char __user *name, - * int len) +# setregid16 _________________________________________________ +/* + * asmlinkage long + * sys_setregid16(old_gid_t rgid, + * old_gid_t egid) */ -probe kernel.syscall.setdomainname = - kernel.function("sys_setdomainname") { - name = "setdomainname" - hostname_uaddr = $name - len = $len +probe kernel.syscall.setregid16 = + kernel.function("sys_setregid") { + name = "setregid16" + rgid = $rgid + egid = $egid } -probe kernel.syscall.setdomainname.return = - kernel.function("sys_setdomainname").return { - name = "setdomainname.return" +probe kernel.syscall.setregid16.return = + kernel.function("sys_setregid").return { + name = "setregid16.return" } -# newuname_________________________________________ -/* - * asmlinkage long - * sys_newuname(struct new_utsname __user * name) +# setresgid __________________________________________________ +/* + * asmlinkage long + * sys_setresgid(gid_t rgid, + * gid_t egid, + * gid_t sgid) */ -probe kernel.syscall.newuname = - kernel.function("sys_newuname") { - name = "newuname" - name_uaddr = $name +probe kernel.syscall.setresgid = + kernel.function("sys_setresgid") { + name = "setresgid" + rgid = $rgid + egid = $egid + sgid = $sgid +} +probe kernel.syscall.setresgid.return = + kernel.function("sys_setresgid").return { + name = "setresgid.return" } -probe kernel.syscall.newuname.return = - kernel.function("sys_newuname").return { - name = "newuname.return" +# setresgid16 ________________________________________________ +/* + * asmlinkage long + * sys_setresgid16(old_gid_t rgid, + * old_gid_t egid, + * old_gid_t sgid) + */ +probe kernel.syscall.setresgid16 = + kernel.function("sys_setresgid") { + name = "setresgid16" + rgid = $rgid + egid = $egid + sgid = $sgid } -# getrlimit________________________________________ -/* - * asmlinkage long - * sys_getrlimit(unsigned int resource, - * struct rlimit __user *rlim) +probe kernel.syscall.setresgid16.return = + kernel.function("sys_setresgid").return { + name = "setresgid16.return" + } +# setresuid __________________________________________________ +/* + * asmlinkage long + * sys_setresuid(uid_t ruid, + * uid_t euid, + * uid_t suid) */ -probe kernel.syscall.getrlimit = - kernel.function("sys_getrlimit") { - name = "getrlimit" - resource = $resource - resource_str = _rlimit_resource_str($resource) - rlim_uaddr = $rlim +probe kernel.syscall.setresuid = + kernel.function("sys_setresuid") { + name = "setresuid" + ruid = $ruid + euid = $euid + suid = $suid } -probe kernel.syscall.getrlimit.return = - kernel.function("sys_getrlimit").return { - name = "getrlimit.return" +probe kernel.syscall.setresuid.return = + kernel.function("sys_setresuid").return { + name = "setresuid.return" } -# old_getrlimit____________________________________ -/* - * asmlinkage long - * sys_old_getrlimit(unsigned int resource, - * struct rlimit __user *rlim) +# setresuid16 ________________________________________________ +/* + * asmlinkage long + * sys_setresuid16(old_uid_t ruid, + * old_uid_t euid, + * old_uid_t suid) */ -probe kernel.syscall.old_getrlimit = - kernel.function("sys_old_getrlimit") { - name = "old_getrlimit" - resource = $resource - resource_str = _rlimit_resource_str($resource) - rlim_uaddr = $rlim +probe kernel.syscall.setresuid16 = + kernel.function("sys_setresuid") { + name = "setresuid16" + ruid = $ruid + euid = $euid + suid = $suid } -probe kernel.syscall.old_getrlimit.return = - kernel.function("sys_old_getrlimit").return { - name = "old_getrlimit.return" +probe kernel.syscall.setresuid16.return = + kernel.function("sys_setresuid").return { + name = "setresuid16.return" } -# setrlimit________________________________________ -/* - * asmlinkage long +# setreuid ___________________________________________________ +/* + * asmlinkage long + * sys_setreuid(uid_t ruid, + * uid_t euid) + */ +probe kernel.syscall.setreuid = + kernel.function("sys_setreuid") { + name = "setreuid" + ruid = $ruid + euid = $euid + } +probe kernel.syscall.setreuid.return = + kernel.function("sys_setreuid").return { + name = "setreuid.return" + } +# setreuid16 _________________________________________________ +/* + * asmlinkage long + * sys_setreuid16(old_uid_t ruid, + * old_uid_t euid) + */ +probe kernel.syscall.setreuid16 = + kernel.function("sys_setreuid") { + name = "setreuid16" + ruid = $ruid + euid = $euid + } +probe kernel.syscall.setreuid16.return = + kernel.function("sys_setreuid").return { + name = "setreuid16.return" + } +# setrlimit __________________________________________________ +/* + * asmlinkage long * sys_setrlimit(unsigned int resource, - * struct rlimit __user *rlim) + * struct rlimit __user *rlim) */ -probe kernel.syscall.setrlimit = +probe kernel.syscall.setrlimit = kernel.function("sys_setrlimit") { name = "setrlimit" resource = $resource resource_str = _rlimit_resource_str($resource) rlim_uaddr = $rlim } -probe kernel.syscall.setrlimit.return = +probe kernel.syscall.setrlimit.return = kernel.function("sys_setrlimit").return { name = "setrlimit.return" } -# getrusage________________________________________ -/* - * asmlinkage long - * sys_getrusage(int who, - * struct rusage __user *ru) - */ -probe kernel.syscall.getrusage = - kernel.function("sys_getrusage") { - name = "getrusage" - who = $who - who_str = _rusage_who_str($who) - usage_uaddr = $ru - } -probe kernel.syscall.getrusage.return = - kernel.function("sys_getrusage").return { - name = "getrusage.return" - } -# umask____________________________________________ -/* - * asmlinkage long - * sys_umask(int mask) +# setsid _____________________________________________________ +/* + * asmlinkage long + * sys_setsid(void) */ -probe kernel.syscall.umask = - kernel.function("sys_umask") { - name = "umask" - mask = $mask +probe kernel.syscall.setsid = + kernel.function("sys_setsid") { + name = "setsid" } -probe kernel.syscall.umask.return = - kernel.function("sys_umask").return { - name = "umask.return" +probe kernel.syscall.setsid.return = + kernel.function("sys_setsid").return { + name = "setsid.return" } -# msgget___________________________________________ -/* - * asmlinkage long - * sys_msgget (key_t key, - * int msgflg) +# setsockopt _________________________________________________ +/* + * asmlinkage long + * sys_setsockopt(int fd, + * int level, + * int optname, + * char __user *optval, + * int optlen) */ -probe kernel.syscall.msgget = - kernel.function("sys_msgget") { - name = "msgget" - key = $key - msgflg = $msgflg - msgflg_str = _sys_open_flag_str($msgflg) +probe kernel.syscall.setsockopt = + kernel.function("sys_setsockopt") { + name = "setsockopt" + fd = $fd + level = $level + level_str = _sockopt_level_str($level) + optname = $optname + optname_str = _sockopt_optname_str($optname) + optval_uaddr = $optval + optlen = $optlen } -probe kernel.syscall.msgget.return = - kernel.function("sys_msgget").return { - name = "msgget.return" +probe kernel.syscall.setsockopt.return = + kernel.function("sys_setsockopt").return { + name = "setsockopt.return" } -# msgsnd___________________________________________ -/* - * asmlinkage long - * sys_msgsnd (int msqid, - * struct msgbuf __user *msgp, - * size_t msgsz, - * int msgflg) +# set_thread_area ____________________________________________ +/* + * asmlinkage int + * sys_set_thread_area(struct user_desc __user *u_info) */ -probe kernel.syscall.msgsnd = - kernel.function("sys_msgsnd") { - name = "msgsnd" - msqid = $msqid - msgp_uaddr = $msgp - msgsz = $msgsz - msgflg = $msgflg +probe kernel.syscall.set_thread_area = + kernel.function("sys_set_thread_area") { + name = "set_thread_area" + u_info_uaddr = $u_info } -probe kernel.syscall.msgsnd.return = - kernel.function("sys_msgsnd").return { - name = "msgsnd.return" +probe kernel.syscall.set_thread_area.return = + kernel.function("sys_set_thread_area").return { + name = "set_thread_area.return" } -# msgrcv___________________________________________ -/* - * asmlinkage long - * sys_msgrcv (int msqid, - * struct msgbuf __user *msgp, - * size_t msgsz, - * long msgtyp, - * int msgflg) +# set_tid_address ____________________________________________ +/* + * asmlinkage long + * sys_set_tid_address(int __user *tidptr) */ -probe kernel.syscall.msgrcv = - kernel.function("sys_msgrcv") { - name = "msgrcv" - msqid = $msqid - msgp_uaddr = $msgp - msgsz = $msgsz - msgtyp = $msgtyp - msgflg = $msgflg +probe kernel.syscall.set_tid_address = + kernel.function("sys_set_tid_address") { + name = "set_tid_address" + tidptr_uaddr = $tidptr } -probe kernel.syscall.msgrcv.return = - kernel.function("sys_msgrcv").return { - name = "msgrcv.return" +probe kernel.syscall.set_tid_address.return = + kernel.function("sys_set_tid_address").return { + name = "set_tid_address.return" } -# msgctl___________________________________________ -/* - * asmlinkage long - * sys_msgctl (int msqid, - * int cmd, - * struct msqid_ds __user *buf) +# settimeofday _______________________________________________ +/* + * asmlinkage long + * sys_settimeofday(struct timeval __user *tv, + * struct timezone __user *tz) */ -probe kernel.syscall.msgctl = - kernel.function("sys_msgctl") { - name = "msgctl" - msqid = $msqid - cmd = $cmd - buf_uaddr = $buf +probe kernel.syscall.settimeofday = + kernel.function("sys_settimeofday") { + name = "settimeofday" + tv_uaddr = $tv + tz_uaddr = $tz + /* + * XXX NOT SAFE -- might sleep + * tv_tv_sec = __uget_tv_m($tv,0) + * tv_tv_usec = __uget_tv_m($tv,1) + * tz_tz_minuteswest = __uget_tz_m($tz,0) + * tz_tz_dsttime = __uget_tz_m($tz,1) + */ } -probe kernel.syscall.msgctl.return = - kernel.function("sys_msgctl").return { - name = "msgctl.return" +probe kernel.syscall.settimeofday.return = + kernel.function("sys_settimeofday").return { + name = "settimeofday.return" } -# semget___________________________________________ -/* - * asmlinkage long - * sys_semget (key_t key, - * int nsems, - * int semflg) +# setuid _____________________________________________________ +/* + * asmlinkage long + * sys_setuid(uid_t uid) */ -probe kernel.syscall.semget = - kernel.function("sys_semget") { - name = "semget" - key = $key - nsems = $nsems - semflg = $semflg +probe kernel.syscall.setuid = + kernel.function("sys_setuid") { + name = "setuid" + uid = $uid } -probe kernel.syscall.semget.return = - kernel.function("sys_semget").return { - name = "semget.return" +probe kernel.syscall.setuid.return = + kernel.function("sys_setuid").return { + name = "setuid.return" } -# semop____________________________________________ -/* - * asmlinkage long - * sys_semop (int semid, - * struct sembuf __user *tsops, - * unsigned nsops) +# setuid16 ___________________________________________________ +/* + * asmlinkage long + * sys_setuid16(old_uid_t uid) */ -probe kernel.syscall.semop = - kernel.function("sys_semtimedop") { - name = "semop" - semid = $semid - tsops_uaddr = $tsops - nsops = $nsops +probe kernel.syscall.setuid16 = + kernel.function("sys_setuid") { + name = "setuid16" + uid = $uid } -probe kernel.syscall.semop.return = - kernel.function("sys_semtimedop").return { - name = "semop.return" +probe kernel.syscall.setuid16.return = + kernel.function("sys_setuid").return { + name = "setuid16.return" } -# semctl___________________________________________ -/* - * asmlinkage long - * sys_semctl (int semid, - * int semnum, - * int cmd, - * union semun arg) +# setxattr ___________________________________________________ +/* + * asmlinkage long + * sys_setxattr(char __user *path, + * char __user *name, + * void __user *value, + * size_t size, + * int flags) */ -probe kernel.syscall.semctl = - kernel.function("sys_semctl") { - name = "semctl" - semid = $semid - semnum = $semnum - cmd = $cmd - //arg = $arg +probe kernel.syscall.setxattr = + kernel.function("sys_setxattr") { + name = "setxattr" + path_uaddr = $path + name_uaddr = $name + value_uaddr = $value + size = $size + flags = $flags } -probe kernel.syscall.semctl.return = - kernel.function("sys_semctl").return { - name = "semctl.return" +probe kernel.syscall.setxattr.return = + kernel.function("sys_setxattr").return { + name = "setxattr.return" } -# semtimedop_______________________________________ -/* - * asmlinkage long - * sys_semtimedop(int semid, - * struct sembuf __user *tsops, - * unsigned nsops, - * const struct timespec __user *timeout) +# set_zone_reclaim ___________________________________________ +/* + * asmlinkage long + * sys_set_zone_reclaim(unsigned int node, + * unsigned int zone, + * unsigned int state) + */ +probe kernel.syscall.set_zone_reclaim = + kernel.function("sys_set_zone_reclaim") { + name = "set_zone_reclaim" + node = $node + zone = $zone + state = $state + } +probe kernel.syscall.set_zone_reclaim.return = + kernel.function("sys_set_zone_reclaim").return { + name = "set_zone_reclaim.return" + } +# sgetmask ___________________________________________________ +/* + * sys_sgetmask(void) */ -probe kernel.syscall.semtimedop = - kernel.function("sys_semtimedop") { - name = "semtimedop" - semid = $semid - sops_uaddr = $tsops - nsops = $nsops - timeout_uaddr = $timeout +probe kernel.syscall.sgetmask = + kernel.function("sys_sgetmask") { + name = "sgetmask" } -probe kernel.syscall.semtimedop.return = - kernel.function("sys_semtimedop").return { - name = "semtimedop.return" +probe kernel.syscall.sgetmask.return = + kernel.function("sys_sgetmask").return { + name = "sgetmask.return" } -# shmat____________________________________________ -/* - * asmlinkage long - * sys_shmat(int shmid, +# shmat ______________________________________________________ +/* + * asmlinkage long + * sys_shmat(int shmid, * char __user *shmaddr, - * int shmflg, - * unsigned long *addr) + * int shmflg, + * unsigned long *addr) */ -probe kernel.syscall.shmat = +probe kernel.syscall.shmat = kernel.function("sys_shmat") { name = "shmat" shmid = $shmid shmaddr_uaddr = $shmaddr shmflg = $shmflg } -probe kernel.syscall.shmat.return = +probe kernel.syscall.shmat.return = kernel.function("sys_shmat").return { name = "shmat.return" } -# shmget___________________________________________ -/* - * asmlinkage long - * sys_shmget (key_t key, - * size_t size, - * int shmflg) +# shmctl _____________________________________________________ +/* + * asmlinkage long + * sys_shmctl (int shmid, + * int cmd, + * struct shmid_ds __user *buf) */ -probe kernel.syscall.shmget = +probe kernel.syscall.shmctl = + kernel.function("sys_shmctl") { + name = "shmctl" + shmid = $shmid + cmd = $cmd + buf_uaddr = $buf + } +probe kernel.syscall.shmctl.return = + kernel.function("sys_shmctl").return { + name = "shmctl.return" + } +# shmdt ______________________________________________________ +/* + * asmlinkage long + * sys_shmdt(char __user *shmaddr) + */ +probe kernel.syscall.shmdt = + kernel.function("sys_shmdt") { + name = "shmdt" + shmaddr_uaddr = $shmaddr + } +probe kernel.syscall.shmdt.return = + kernel.function("sys_shmdt").return { + name = "shmdt.return" + } +# shmget _____________________________________________________ +/* + * asmlinkage long + * sys_shmget (key_t key, + * size_t size, + * int shmflg) + */ +probe kernel.syscall.shmget = kernel.function("sys_shmget") { name = "shmget" key = $key size = $size shmflg = $shmflg } -probe kernel.syscall.shmget.return = +probe kernel.syscall.shmget.return = kernel.function("sys_shmget").return { name = "shmget.return" } -# shmdt____________________________________________ -/* - * asmlinkage long - * sys_shmdt(char __user *shmaddr) +# shutdown ___________________________________________________ +/* + * asmlinkage long + * sys_shutdown(int fd, + * int how) */ -probe kernel.syscall.shmdt = - kernel.function("sys_shmdt") { - name = "shmdt" - shmaddr_uaddr = $shmaddr +probe kernel.syscall.shutdown = + kernel.function("sys_shutdown") { + name = "shutdown" + s = $fd + how = $how + how_str = _shutdown_how_str($how) } -probe kernel.syscall.shmdt.return = - kernel.function("sys_shmdt").return { - name = "shmdt.return" +probe kernel.syscall.shutdown.return = + kernel.function("sys_shutdown").return { + name = "shutdown.return" } -# shmctl___________________________________________ -/* - * asmlinkage long - * sys_shmctl (int shmid, - * int cmd, - * struct shmid_ds __user *buf) +# sigaction __________________________________________________ +/* + * asmlinkage int + * sys_sigaction(int sig, + * const struct old_sigaction __user *act, + * struct old_sigaction __user *oact) + */ +probe kernel.syscall.sigaction = + kernel.function("sys_sigaction") { + name = "sigaction" + sig = $sig + act_uaddr = $act + oact_uaddr = $oact + } +probe kernel.syscall.sigaction.return = + kernel.function("sys_sigaction").return { + name = "sigaction.return" + } +# sigaltstack ________________________________________________ +/* + * asmlinkage int + * sys_sigaltstack(unsigned long ebx) */ -probe kernel.syscall.shmctl = - kernel.function("sys_shmctl") { - name = "shmctl" - shmid = $shmid - cmd = $cmd - buf_uaddr = $buf +probe kernel.syscall.sigaltstack = + kernel.function("sys_sigaltstack") { + name = "sigaltstack" + ebx = $ebx } -probe kernel.syscall.shmctl.return = - kernel.function("sys_shmctl").return { - name = "shmctl.return" +probe kernel.syscall.sigaltstack.return = + kernel.function("sys_sigaltstack").return { + name = "sigaltstack.return" } -# mq_open__________________________________________ -/* - * asmlinkage long - * sys_mq_open(const char __user *u_name, - * int oflag, - * mode_t mode, - * struct mq_attr __user *u_attr) +# signal _____________________________________________________ +/* + * asmlinkage unsigned long + * sys_signal(int sig, + * __sighandler_t handler) */ -probe kernel.syscall.mq_open = - kernel.function("sys_mq_open") { - name = "mq_open" - name_uaddr = $u_name - oflag = $oflag - mode = $mode - u_attr_uaddr = $u_attr +probe kernel.syscall.signal = + kernel.function("sys_signal") { + name = "signal" + sig = $sig + handler = $handler } -probe kernel.syscall.mq_open.return = - kernel.function("sys_mq_open").return { - name = "mq_open.return" +probe kernel.syscall.signal.return = + kernel.function("sys_signal").return { + name = "signal.return" } -# mq_unlink________________________________________ -/* - * asmlinkage long - * sys_mq_unlink(const char __user *u_name) +# sigpending _________________________________________________ +/* + * long do_sigpending(void __user *set, + * unsigned long sigsetsize) */ -probe kernel.syscall.mq_unlink = - kernel.function("sys_mq_unlink") { - name = "mq_unlink" - u_name_uaddr = $u_name +probe kernel.syscall.sigpending = + kernel.function("do_sigpending") { + name = "sigpending" + /* + * NOTE + * set is defined as + * struct { + * unsigned long int __val[128]; + * } + * theres is no practical way to export + * these values. Therefore just export + * addr, let the user take care of it + * with embedded C if need be. + */ + set_uaddr = $set } -probe kernel.syscall.mq_unlink.return = - kernel.function("sys_mq_unlink").return { - name = "mq_unlink.return" +probe kernel.syscall.sigpending.return = + kernel.function("do_sigpending").return { + name = "sigpending.return" } -# mq_timedsend_____________________________________ -/* - * asmlinkage long - * sys_mq_timedsend(mqd_t mqdes, - * const char __user *u_msg_ptr, - * size_t msg_len, - * unsigned int msg_prio, - * const struct timespec __user *u_abs_timeout) +# sigprocmask ________________________________________________ +/* + * asmlinkage long + * sys_sigprocmask(int how, + * old_sigset_t __user *set, + * old_sigset_t __user *oset) */ -probe kernel.syscall.mq_timedsend = - kernel.function("sys_mq_timedsend") { - name = "mq_timedsend" - mqdes = $mqdes - msg_ptr_uaddr = $u_msg_ptr - msg_len = $msg_len - msg_prio = $msg_prio - abs_timeout_uaddr = $u_abs_timeout +probe kernel.syscall.sigprocmask = + kernel.function("sys_sigprocmask") { + name = "sigprocmask" + how = $how + how_str = _sigprocmask_how_str($how) + /* + * NOTE + * set and oset are defined as + * struct { + * unsigned long int __val[128]; + * } + * theres is no practical way to export + * these values. Therefore just export + * addr, let the user take care of it + * with embedded C if need be. + */ + set_uaddr = $set + oldset_uaddr = $oset } -probe kernel.syscall.mq_timedsend.return = - kernel.function("sys_mq_timedsend").return { - name = "mq_timedsend.return" +probe kernel.syscall.sigprocmask.return = + kernel.function("sigprocmask").return { + name = "sigprocmask.return" } -# mq_timedreceive__________________________________ -/* - * asmlinkage ssize_t - * sys_mq_timedreceive(mqd_t mqdes, - * char __user *u_msg_ptr, - * size_t msg_len, - * unsigned int __user *u_msg_prio, - * const struct timespec __user *u_abs_timeout) +# sigreturn __________________________________________________ +/* + * asmlinkage int + * sys_sigreturn(unsigned long __unused) */ -probe kernel.syscall.mq_timedreceive = - kernel.function("sys_mq_timedreceive") { - name = "mq_timedreceive" - mqdes = $mqdes - msg_ptr_uaddr = $u_msg_ptr - msg_len = $msg_len - msg_prio_uaddr = $u_msg_prio - abs_timout_uaddr = $u_abs_timeout +probe kernel.syscall.sigreturn = + kernel.function("sys_sigreturn") { + name = "sigreturn" + unused = $__unused } -probe kernel.syscall.mq_timedreceive.return = - kernel.function("sys_mq_timedreceive").return { - name = "mq_timedreceive.return" +probe kernel.syscall.sigreturn.return = + kernel.function("sys_sigreturn").return { + name = "sigreturn.return" } -# mq_notify________________________________________ -/* - * asmlinkage long - * sys_mq_notify(mqd_t mqdes, - * const struct sigevent __user *u_notification) +# sigsuspend _________________________________________________ +/* + * asmlinkage int + * sys_sigsuspend(int history0, + * int history1, + * old_sigset_t mask) + */ +probe kernel.syscall.sigsuspend = + kernel.function("sys_sigsuspend") { + name = "sigsuspend" + history0 = $history0 + history1 = $history1 + mask = $mask + } +probe kernel.syscall.sigsuspend.return = + kernel.function("sys_sigsuspend").return { + name = "sigsuspend.return" + } +# socket _____________________________________________________ +/* + * asmlinkage long + * sys_socket(int family, + * int type, + * int protocol) */ -probe kernel.syscall.mq_notify = - kernel.function("sys_mq_notify") { - name = "mq_notify" - mqdes = $mqdes - notification_uaddr = $u_notification +probe kernel.syscall.socket = + kernel.function("sys_socket") { + name = "socket" + family = $family + family_str = _sock_family_str($family) + type = $type + type_str = _sock_type_str($type) + protocol = $protocol } -probe kernel.syscall.mq_notify.return = - kernel.function("sys_mq_notify").return { - name = "mq_notify.return" +probe kernel.syscall.socket.return = + kernel.function("sys_socket").return { + name = "socket.return" } -# mq_getsetattr____________________________________ -/* - * asmlinkage long - * sys_mq_getsetattr(mqd_t mqdes, - * const struct mq_attr __user *u_mqstat, - * struct mq_attr __user *u_omqstat) +# socketcall _________________________________________________ +/* + * asmlinkage long + * sys_socketcall(int call, + * unsigned long __user *args) */ -probe kernel.syscall.mq_getsetattr = - kernel.function("sys_mq_getsetattr") { - name = "mq_getsetattr" - mqdes = $mqdes - u_mqstat_uaddr = $u_mqstat - u_omqstat_uaddr = $u_omqstat +probe kernel.syscall.socketcall = + kernel.function("sys_socketcall") { + name = "socketcall" + call = $call + args_uaddr = $args } -probe kernel.syscall.mq_getsetattr.return = - kernel.function("sys_mq_getsetattr").return { - name = "mq_getsetattr.return" +probe kernel.syscall.socketcall.return = + kernel.function("sys_socketcall").return { + name = "socketcall.return" } -# pciconfig_iobase_________________________________ -/* +# socketpair _________________________________________________ +/* * asmlinkage long - * sys_pciconfig_iobase(long which, - * unsigned long bus, - * unsigned long dfn) + * sys_socketpair(int family, + * int type, + * int protocol, + * int __user *usockvec) */ +probe kernel.syscall.socketpair = + kernel.function("sys_socketpair") { + name = "socketpair" + family = $family + family_str = _sock_family_str($family) + type = $type + type_str = _sock_type_str($type) + protocol = $protocol + sv_uaddr = $usockvec + } +probe kernel.syscall.socketpair.return = + kernel.function("sys_socketpair").return { + name = "socketpair.return" + } +# ssetmask ___________________________________________________ /* -probe kernel.syscall.pciconfig_iobase = - kernel.function("sys_pciconfig_iobase") { - name = "pciconfig_iobase" - which = $which - bus = $bus - dfn = $dfn + * asmlinkage long + * sys_ssetmask(int newmask) + */ +probe kernel.syscall.ssetmask = + kernel.function("sys_ssetmask") { + name = "ssetmask" + newmask = $newmask } -probe kernel.syscall.pciconfig_iobase.return = - kernel.function("sys_pciconfig_iobase").return { - name = "pciconfig_iobase.return" +probe kernel.syscall.ssetmask.return = + kernel.function("sys_ssetmask").return { + name = "ssetmask.return" } -*/ -# pciconfig_read___________________________________ -/* - * asmlinkage int - * sys_pciconfig_read(unsigned long bus, - * unsigned long dfn, - * unsigned long off, - * unsigned long len, - * unsigned char *buf) - * { return 0; } +# stat _______________________________________________________ +/* + * asmlinkage long + * sys_stat(char __user * filename, + * struct __old_kernel_stat __user * statbuf) */ +probe kernel.syscall.stat = + kernel.function("sys_stat") { + name = "stat" + filename_uaddr = $filename + buf_uaddr = $statbuf + } +probe kernel.syscall.stat.return = + kernel.function("sys_stat").return { + name = "stat.return" + } +# stat64 _____________________________________________________ /* -probe kernel.syscall.pciconfig_read = - kernel.function("sys_pciconfig_read") { - name = "pciconfig_read" - bus = $bus - dfn = $dfn - off = $off - len = $len - buf_uaddr = $buf + * asmlinkage long + * sys_stat64(char __user * filename, + * struct stat64 __user * statbuf) + */ +probe kernel.syscall.stat64 = + kernel.function("sys_stat64") { + name = "stat64" + filename_uaddr = $filename + buf_uaddr = $statbuf } -probe kernel.syscall.pciconfig_read.return = - kernel.function("sys_pciconfig_read").return { - name = "pciconfig_read.return" +probe kernel.syscall.stat64.return = + kernel.function("sys_stat64").return { + name = "stat64.return" } -*/ -# pciconfig_write__________________________________ -/* - * asmlinkage int - * sys_pciconfig_write(unsigned long bus, - * unsigned long dfn, - * unsigned long off, - * unsigned long len, - * unsigned char *buf) +# statfs _____________________________________________________ +/* + * asmlinkage long + * sys_statfs(const char __user * path, + * struct statfs __user * buf) */ +probe kernel.syscall.statfs = + kernel.function("sys_statfs") { + name = "statfs" + path_uaddr = $path + buf_uaddr = $buf + } +probe kernel.syscall.statfs.return = + kernel.function("sys_statfs").return { + name = "statfs.return" + } +# statfs64 ___________________________________________________ /* -probe kernel.syscall.pciconfig_write = - kernel.function("sys_pciconfig_write") { - name = "pciconfig_write" - bus = $bus - dfn = $dfn - off = $off - len = $len + * asmlinkage long + * sys_statfs64(const char __user *path, + * size_t sz, + * struct statfs64 __user *buf) + */ +probe kernel.syscall.statfs64 = + kernel.function("sys_statfs64") { + name = "statfs64" + path_uaddr = $path + sz = $sz buf_uaddr = $buf } -probe kernel.syscall.pciconfig_write.return = - kernel.function("sys_pciconfig_write").return { - name = "pciconfig_write.return" +probe kernel.syscall.statfs64.return = + kernel.function("sys_statfs64").return { + name = "statfs64.return" } -*/ -# prctl____________________________________________ -/* - * asmlinkage long - * sys_prctl(int option, - * unsigned long arg2, - * unsigned long arg3, - * unsigned long arg4, - * unsigned long arg5) +# stime ______________________________________________________ +/* + * asmlinkage long + * sys_stime(time_t __user *tptr) */ -probe kernel.syscall.prctl = - kernel.function("sys_prctl") { - name = "prctl" - option = $option - arg2 = $arg2 - arg3 = $arg3 - arg4 = $arg4 - arg5 = $arg5 +probe kernel.syscall.stime = + kernel.function("sys_stime") { + name = "stime" + t_uaddr = $tptr + /* + * XXX NOT SAFE -- might sleep + * t = __uget_num($tptr) + */ } -probe kernel.syscall.prctl.return = - kernel.function("sys_prctl").return { - name = "prctl.return" +probe kernel.syscall.stime.return = + kernel.function("sys_stime").return { + name = "stime.return" } -# swapon___________________________________________ -/* - * asmlinkage long +# swapoff ____________________________________________________ +/* + * asmlinkage long + * sys_swapoff(const char __user * specialfile) + */ +probe kernel.syscall.swapoff = + kernel.function("sys_swapoff") { + name = "swapoff" + path_uaddr = $specialfile + } +probe kernel.syscall.swapoff.return = + kernel.function("sys_swapoff").return { + name = "swapoff.return" + } +# swapon _____________________________________________________ +/* + * asmlinkage long * sys_swapon(const char __user * specialfile, - * int swap_flags) + * int swap_flags) */ -probe kernel.syscall.swapon = +probe kernel.syscall.swapon = kernel.function("sys_swapon") { name = "swapon" path_uaddr = $specialfile swapflags = $swap_flags } -probe kernel.syscall.swapon.return = +probe kernel.syscall.swapon.return = kernel.function("sys_swapon").return { name = "swapon.return" } -# swapoff__________________________________________ -/* - * asmlinkage long - * sys_swapoff(const char __user * specialfile) +# symlink ____________________________________________________ +/* + * asmlinkage long + * sys_symlink(const char __user * oldname, + * const char __user * newname) */ -probe kernel.syscall.swapoff = - kernel.function("sys_swapoff") { - name = "swapoff" - path_uaddr = $specialfile +probe kernel.syscall.symlink = + kernel.function("sys_symlink") { + name = "symlink" + oldpath_uaddr = $oldname + newpath_uaddr = $newname } -probe kernel.syscall.swapoff.return = - kernel.function("sys_swapoff").return { - name = "swapoff.return" +probe kernel.syscall.symlink.return = + kernel.function("sys_symlink").return { + name = "symlink.return" } -# sysctl___________________________________________ -/* - * asmlinkage long - * sys_sysctl(struct __sysctl_args __user *args) +# sync _______________________________________________________ +/* + * asmlinkage long + * sys_sync(void) */ -probe kernel.syscall.sysctl = +probe kernel.syscall.sync = + kernel.function("do_sync") { + name = "sync" + wait = $wait + } +probe kernel.syscall.sync.return = + kernel.function("do_sync").return { + name = "sync.return" + } +# sysctl _____________________________________________________ +/* + * asmlinkage long + * sys_sysctl(struct __sysctl_args __user *args) + */ +probe kernel.syscall.sysctl = kernel.function("sys_sysctl") { name = "sysctl" args_uaddr = $args } -probe kernel.syscall.sysctl.return = +probe kernel.syscall.sysctl.return = kernel.function("sys_sysctl").return { name = "sysctl.return" } -# sysinfo__________________________________________ -/* - * asmlinkage long - * sys_sysinfo(struct sysinfo __user *info) - */ -probe kernel.syscall.sysinfo = - kernel.function("sys_sysinfo") { - name = "sysinfo" - info_uaddr = $info - } -probe kernel.syscall.sysinfo.return = - kernel.function("sys_sysinfo").return { - name = "sysinfo.return" - } -# sysfs____________________________________________ -/* - * asmlinkage long +# sysfs ______________________________________________________ +/* + * asmlinkage long * sys_sysfs(int option, * unsigned long arg1, - * unsigned long arg2) + * unsigned long arg2) */ -probe kernel.syscall.sysfs = +probe kernel.syscall.sysfs = kernel.function("sys_sysfs") { name = "sysfs" option = $option arg1 = $arg1 arg2 = $arg2 } -probe kernel.syscall.sysfs.return = +probe kernel.syscall.sysfs.return = kernel.function("sys_sysfs").return { name = "sysfs.return" } -# nfsservctl_______________________________________ -/* - * long asmlinkage - * sys_nfsservctl(int cmd, - * struct nfsctl_arg __user *arg, - * void __user *res) +# sysinfo ____________________________________________________ +/* + * asmlinkage long + * sys_sysinfo(struct sysinfo __user *info) */ -probe kernel.syscall.nfsservctl = - kernel.function("sys_nfsservctl") { - name = "nfsservctl" - cmd = $cmd - argp_uaddr = $arg - resp_uaddr = $res +probe kernel.syscall.sysinfo = + kernel.function("sys_sysinfo") { + name = "sysinfo" + info_uaddr = $info } -probe kernel.syscall.nfsservctl.return = - kernel.function("sys_nfsservctl").return { - name = "nfsservctl.return" +probe kernel.syscall.sysinfo.return = + kernel.function("sys_sysinfo").return { + name = "sysinfo.return" } -# syslog___________________________________________ -/* - * asmlinkage long - * sys_syslog(int type, - * char __user * buf, - * int len) +# syslog _____________________________________________________ +/* + * asmlinkage long + * sys_syslog(int type, + * char __user * buf, + * int len) */ -probe kernel.syscall.syslog = +probe kernel.syscall.syslog = kernel.function("do_syslog") { name = "syslog" type = $type bufp_uaddr = $buf len = $len } -probe kernel.syscall.syslog.return = +probe kernel.syscall.syslog.return = kernel.function("do_syslog").return { name = "syslog.return" } -# uselib___________________________________________ -/* - * asmlinkage long - * sys_uselib(const char __user * library) +# tgkill _____________________________________________________ +/* + * asmlinkage long + * sys_tgkill(int tgid, + * int pid, + * int sig) */ -probe kernel.syscall.uselib = - kernel.function("sys_uselib") { - name = "uselib" - library_uaddr = $library +probe kernel.syscall.tgkill = + kernel.function("sys_tgkill") { + name = "tgkill" + tgid = $tgid + pid = $pid + sig = $sig } -probe kernel.syscall.uselib.return = - kernel.function("sys_uselib").return { - name = "uselib.return" +probe kernel.syscall.tgkill.return = + kernel.function("sys_tgkill").return { + name = "tgkill.return" } -# add_key__________________________________________ -/* - * asmlinkage long - * sys_add_key(const char __user *_type, - * const char __user *_description, - * const void __user *_payload, - * size_t plen, - * key_serial_t ringid) +# time _______________________________________________________ +/* + * asmlinkage long + * sys_time(time_t __user * tloc) */ -probe kernel.syscall.add_key = - kernel.function("sys_add_key") { - name = "add_key" - type_uaddr = $_type - description_auddr = $_description - payload_uaddr = $_payload - plen = $plen - ringid = $ringid +probe kernel.syscall.time = + kernel.function("sys_time") { + name = "time" + t_uaddr = $tloc + /* + * XXX NOT SAFE -- might sleep + * t = __uget_num($tloc) + */ } -probe kernel.syscall.add_key.return = - kernel.function("sys_add_key").return { - name = "add_key.return" +probe kernel.syscall.time.return = + kernel.function("sys_time").return { + name = "time.return" } -# request_key______________________________________ -/* - * asmlinkage long - * sys_request_key(const char __user *_type, - * const char __user *_description, - * const char __user *_callout_info, - * key_serial_t destringid) +# timer_create _______________________________________________ +/* + * asmlinkage long + * sys_timer_create(clockid_t which_clock, + * struct sigevent __user *timer_event_spec, + * timer_t __user * created_timer_id) */ -probe kernel.syscall.request_key = - kernel.function("sys_request_key") { - name = "request_key" - type_uaddr = $_type - description_uaddr = $_description - callout_info_uaddr = $_callout_info - destringid = $destringid +probe kernel.syscall.timer_create = + kernel.function("sys_timer_create") { + name = "timer_create" + clockid = $which_clock + clockid_str = _get_wc_str($which_clock) + evp_uaddr = $timer_event_spec + timerid_uaddr = $created_timer_id + /* + * XXX NOT SAFE -- might sleep + * timerid = __uget_num($created_timer_id) + */ } -probe kernel.syscall.request_key.return = - kernel.function("sys_request_key").return { - name = "request_key.return" +probe kernel.syscall.timer_create.return = + kernel.function("sys_timer_create").return { + name = "timer_create.return" } -# keyctl___________________________________________ -/* - * asmlinkage long - * sys_keyctl(int option, - * unsigned long arg2, - * unsigned long arg3, - * unsigned long arg4, - * unsigned long arg5) +# timer_delete _______________________________________________ +/* + * asmlinkage long + * sys_timer_delete(timer_t timer_id) */ -probe kernel.syscall.keyctl = - kernel.function("sys_keyctl") { - name = "keyctl" - option = $option - arg2 = $arg2 - arg3 = $arg3 - arg4 = $arg4 - arg5 = $arg5 +probe kernel.syscall.timer_delete = + kernel.function("sys_timer_delete") { + name = "timer_delete" + timerid = $timer_id +} +probe kernel.syscall.timer_delete.return = + kernel.function("sys_timer_delete").return { + name = "timer_delete.return" } -probe kernel.syscall.keyctl.return = - kernel.function("sys_keyctl").return { - name = "keyctl.return" +# timer_getoverrun ___________________________________________ +/* + * asmlinkage long + * sys_timer_getoverrun(timer_t timer_id) + */ +probe kernel.syscall.timer_getoverrun = + kernel.function("sys_timer_getoverrun") { + name = "timer_getoverrun" + timerid = $timer_id } -# modify_ldt_______________________________________ -/* - * asmlinkage int - * sys_modify_ldt(int func, - * void __user *ptr, - * unsigned long bytecount) +probe kernel.syscall.timer_getoverrun.return = + kernel.function("sys_timer_getoverrun").return { + name = "timer_getoverrun.return" + } +# timer_gettime ______________________________________________ +/* + * asmlinkage long + * sys_timer_gettime(timer_t timer_id, + * struct itimerspec __user *setting) */ -probe kernel.syscall.modify_ldt = - kernel.function("sys_modify_ldt") { - name = "modify_ldt" - func = $func +probe kernel.syscall.timer_gettime = + kernel.function("sys_timer_gettime") { + name = "timer_gettime" + timerid = $timer_id + value_uaddr = $setting /* - ptr = $ptr - */ - bytecount = $bytecount + * XXX NOT SAFE -- might sleep + * value_it_interval_tv_sec = __uget_itimerspec_ts_m($setting,0) + * value_it_interval_tv_nsec =__uget_itimerspec_ts_m($setting,1) + * value_it_value_tv_sec = __uget_itimerspec_ts_m($setting,2) + * value_it_value_tv_nsec = __uget_itimerspec_ts_m($setting,3) + */ } -probe kernel.syscall.modify_ldt.return = - kernel.function("sys_modify_ldt").return { - name = "modify_ldt.return" +probe kernel.syscall.timer_gettime.return = + kernel.function("sys_timer_gettime").return { + name = "timer_gettime.return" } -# mmap2____________________________________________ -/* - * unsigned long sys_mmap2(unsigned long addr, - * size_t len, - * unsigned long prot, - * unsigned long flags, - * unsigned long fd, - * unsigned long pgoff) - */ -probe kernel.syscall.mmap2 = - kernel.function("sys_mmap2") { - name = "mmap2" - addr = $addr - len = $len - prot = $prot +# timer_settime ______________________________________________ +/* + * asmlinkage long + * sys_timer_settime(timer_t timer_id, + * int flags, + * const struct itimerspec __user *new_setting, + * struct itimerspec __user *old_setting) + */ +probe kernel.syscall.timer_settime = + kernel.function("sys_timer_settime") { + name = "timer_settime" + timerid = $timer_id flags = $flags - fd = $fd - pgoff = $pgoff + value_uaddr = $new_setting + ovalue_uaddr = $old_setting } -probe kernel.syscall.mmap2.return = - kernel.function("sys_mmap2").return { - name = "mmap2.return" +probe kernel.syscall.timer_settime.return = + kernel.function("sys_timer_settime").return { + name = "timer_settime.return" } -# execve___________________________________________ -/* - * asmlinkage int - * sys_execve(struct pt_regs regs) +# times ______________________________________________________ +/* + * asmlinkage long + * sys_times(struct tms __user * tbuf) */ -probe kernel.syscall.execve = - kernel.function("sys_execve") { - name = "execve" - //regs = $regs +probe kernel.syscall.times = + kernel.function("sys_times") { + name = "times" + buf_uaddr = $tbuf + /* + * XXX NOT SAFE -- might sleep + * buf_tms_utime = __uget_tms_m($tbuf,0) + * buf_tms_stime = __uget_tms_m($tbuf,1) + * buf_tms_cutime = __uget_tms_m($tbuf,2) + * buf_tms_cstime = __uget_tms_m($tbuf,3) + */ } -probe kernel.syscall.execve.return = - kernel.function("sys_execve").return { - name = "execve.return" +probe kernel.syscall.times.return = + kernel.function("sys_times").return { + name = "times.return" } -# clone____________________________________________ -/* - * long do_fork(unsigned long clone_flags, - * unsigned long stack_start, - * struct pt_regs *regs, - * unsigned long stack_size, - * int __user *parent_tidptr, - * int __user *child_tidptr) - */ -probe kernel.syscall.clone = - kernel.function("do_fork") { - name = "clone" - clone_flags = $clone_flags - //start_stack = $start_stack - regs_uaddr = $regs - stack_size = $stack_size - parent_tid_uaddr = $parent_tidptr - child_tid_uaddr = $child_tidptr +# tkill ______________________________________________________ +/* + * asmlinkage long + * sys_tkill(int pid, + * int sig) + */ +probe kernel.syscall.tkill = + kernel.function("sys_tkill") { + name = "tkill" + pid = $pid + sig = $sig } -probe kernel.syscall.clone.return = - kernel.function("do_fork").return { - name = "clone.return" +probe kernel.syscall.tkill.return = + kernel.function("sys_tkill").return { + name = "tkill.return" } -# fork_____________________________________________ +# truncate ___________________________________________________ /* - * long do_fork(unsigned long clone_flags, - * unsigned long stack_start, - * struct pt_regs *regs, - * unsigned long stack_size, - * int __user *parent_tidptr, - * int __user *child_tidptr) + * asmlinkage long + * sys_truncate(const char __user * path, + * unsigned long length) */ -probe kernel.syscall.fork = - kernel.function("do_fork") { - name = "fork" - clone_flags = $clone_flags - //start_stack = $start_stack - regs_uaddr = $regs - stack_size = $stack_size - parent_tid_uaddr = $parent_tidptr - child_tid_uaddr = $child_tidptr +probe kernel.syscall.truncate = + kernel.function("sys_truncate") { + name = "truncate" + path_uaddr = $path + length = $length } -probe kernel.syscall.fork.return = - kernel.function("do_fork").return { - name = "fork.return" +probe kernel.syscall.truncate.return = + kernel.function("sys_truncate").return { + name = "truncate.return" + } +# truncate64 _________________________________________________ +/* + * asmlinkage long + * sys_truncate64(const char __user * path, + * loff_t length) + */ +probe kernel.syscall.truncate64 = + kernel.function("sys_truncate") { + name = "truncate64" + path_uaddr = $path + length = $length + } +probe kernel.syscall.truncate64.return = + kernel.function("sys_truncate").return { + name = "truncate64.return" + } +# umask ______________________________________________________ +/* + * asmlinkage long + * sys_umask(int mask) + */ +probe kernel.syscall.umask = + kernel.function("sys_umask") { + name = "umask" + mask = $mask + } +probe kernel.syscall.umask.return = + kernel.function("sys_umask").return { + name = "umask.return" + } +# umount _____________________________________________________ +/* + * asmlinkage long + * sys_umount(char __user * name, + * int flags) + */ +probe kernel.syscall.umount = + kernel.function("sys_umount") { + name = "umount" + target_uaddr = $name + flags = $flags + flags_str = _mountflags_str($flags) + } +probe kernel.syscall.umount.return = + kernel.function("sys_umount").return { + name = "umount.return" + } +# uname ______________________________________________________ +/* + * asmlinkage int + * int sys_uname(struct old_utsname __user *name) + */ +probe kernel.syscall.uname = + kernel.function("sys_uname") { + name = "uname" + name_uaddr = $name + } +probe kernel.syscall.uname.return = + kernel.function("sys_uname").return { + name = "uname.return" + } +# unlink _____________________________________________________ +/* + * asmlinkage long + * sys_unlink(const char __user * pathname) + */ +probe kernel.syscall.unlink = + kernel.function("sys_unlink") { + name = "unlink" + pathname_uaddr = $pathname + } +probe kernel.syscall.unlink.return = + kernel.function("sys_unlink").return { + name = "unlink.return" + } +# uselib _____________________________________________________ +/* + * asmlinkage long + * sys_uselib(const char __user * library) + */ +probe kernel.syscall.uselib = + kernel.function("sys_uselib") { + name = "uselib" + library_uaddr = $library + } +probe kernel.syscall.uselib.return = + kernel.function("sys_uselib").return { + name = "uselib.return" } -# vfork____________________________________________ +# ustat ______________________________________________________ /* - * long do_fork(unsigned long clone_flags, - * unsigned long stack_start, - * struct pt_regs *regs, - * unsigned long stack_size, - * int __user *parent_tidptr, - * int __user *child_tidptr) + * asmlinkage long + * sys_ustat(unsigned dev, + * struct ustat __user * ubuf) */ -probe kernel.syscall.vfork = +probe kernel.syscall.ustat = + kernel.function("sys_ustat") { + name = "ustat" + dev = $dev + ubuf_uaddr = $ubuf + } +probe kernel.syscall.ustat.return = + kernel.function("sys_ustat").return { + name = "ustat.return" + } +# utime ______________________________________________________ +/* + * asmlinkage long + * sys_utime(char __user * filename, + * struct utimbuf __user * times) + */ +probe kernel.syscall.utime = + kernel.function("sys_utime") { + name = "utime" + filename_uaddr = $filename + buf_uaddr = $times + } +probe kernel.syscall.utime.return = + kernel.function("sys_utime").return { + name = "utime.return" + } +# utimes _____________________________________________________ +/* + * asmlinkage long + * sys_utimes(char __user * filename, + * struct timeval __user * utimes) + */ +probe kernel.syscall.utimes = + kernel.function("sys_utimes") { + name = "utimes" + filename_uaddr = $filename + tvp_uaddr = $utimes + } +probe kernel.syscall.utimes.return = + kernel.function("sys_utimes").return { + name = "utimes.return" + } +# vfork ______________________________________________________ +/* + * asmlinkage long + * do_fork(unsigned long clone_flags, + * unsigned long stack_start, + * struct pt_regs *regs, + * unsigned long stack_size, + * int __user *parent_tidptr, + * int __user *child_tidptr) + */ +probe kernel.syscall.vfork = kernel.function("do_fork") { name = "vfork" clone_flags = $clone_flags - //start_stack = $start_stack + /* + * unable to find local 'start_stack' (maybe i386 specific) + * start_stack = $start_stack + */ regs_uaddr = $regs stack_size = $stack_size parent_tid_uaddr = $parent_tidptr child_tid_uaddr = $child_tidptr } -probe kernel.syscall.vfork.return = +probe kernel.syscall.vfork.return = kernel.function("do_fork").return { name = "vfork.return" } -# pipe_____________________________________________ -/* - * asmlinkage int - * sys_pipe(unsigned long __user * fildes) +# vhangup ____________________________________________________ +/* + * asmlinkage long + * sys_vhangup(void) */ -probe kernel.syscall.pipe = - kernel.function("sys_pipe") { - name = "pipe" - fildes_uaddr = $fildes +probe kernel.syscall.vhangup = + kernel.function("sys_vhangup") { + name = "vhangup" } -probe kernel.syscall.pipe.return = - kernel.function("sys_pipe").return { - name = "pipe.return" +probe kernel.syscall.vhangup.return = + kernel.function("sys_vhangup").return { + name = "vhangup.return" } -# ptrace___________________________________________ -/* - * asmlinkage int - * sys_ptrace(long request, - * long pid, - * long addr, - * long data) +# vm86 _______________________________________________________ +/* + * asmlinkage int + * sys_vm86(struct pt_regs regs) */ -probe kernel.syscall.ptrace = - kernel.function("sys_ptrace") { - name = "ptrace" - request = $request +probe kernel.syscall.vm86 = + kernel.function("sys_vm86") { + name = "vm86" + /* + * unsupported type identifier '$regs' + * regs = $regs + */ + } +probe kernel.syscall.vm86.return = + kernel.function("sys_vm86").return { + name = "vm86.return" + } +# vm86old ____________________________________________________ +/* + * asmlinkage int + * sys_vm86old(struct pt_regs regs) + */ +probe kernel.syscall.vm86old = + kernel.function("sys_vm86old") { + name = "vm86old" + /* + * unsupported type identifier '$regs' + * regs = $regs + */ + } +probe kernel.syscall.vm86old.return = + kernel.function("sys_vm86old").return { + name = "vm86old.return" + } +# wait4 ______________________________________________________ +/* + * asmlinkage long + * sys_wait4(pid_t pid, + * int __user *stat_addr, + * int options, + * struct rusage __user *ru) + */ +probe kernel.syscall.wait4 = + kernel.function("sys_wait4") { + name = "wait4" pid = $pid - addr = $addr - data = $data + status_uaddr = $stat_addr + options = $options + options_str = _wait4_opt_str($options) + rusage_uaddr = $ru } -probe kernel.syscall.ptrace.return = - kernel.function("sys_ptrace").return { - name = "ptrace.return" +probe kernel.syscall.wait4.return = + kernel.function("sys_wait4").return { + name = "wait4.return" } -# iopl_____________________________________________ -/* - * asmlinkage long - * sys_iopl(unsigned long unused) +# waitid _____________________________________________________ +/* + * asmlinkage long + * sys_waitid(int which, + * pid_t pid, + * struct siginfo __user *infop, + * int options, + * struct rusage __user *ru) */ -probe kernel.syscall.iopl = - kernel.function("sys_iopl") { - name = "iopl" - level = $unused +probe kernel.syscall.waitid = + kernel.function("sys_waitid") { + name = "waitid" + which = $which + which_str = _waitid_which_str($which) + pid = $pid + infop_uaddr = $infop + options = $options + options_str = _wait4_opt_str($options) } -probe kernel.syscall.iopl.return = - kernel.function("sys_iopl").return { - name = "iopl.return" +probe kernel.syscall.waitid.return = + kernel.function("sys_waitid").return { + name = "waitid.return" } -# rt_sigaction_____________________________________ -/* +# waitpid ____________________________________________________ +/* * asmlinkage long - * sys_rt_sigaction(int sig, - * const struct sigaction __user *act, - * struct sigaction __user *oact, - * size_t sigsetsize, - * void __user *restorer) + * sys_wait4(pid_t pid, + * int __user *stat_addr, + * int options, + * struct rusage __user *ru) */ -probe kernel.syscall.rt_sigaction = - kernel.function("sys_rt_sigaction") { - name = "rt_sigaction" - sig = $sig - act_uaddr = $act - oact_uaddr = $oact - sigsetsize = $sigsetsize - /* - restorer = $restorer - */ +probe kernel.syscall.waitpid = + kernel.function("sys_wait4") { + name = "waitpid" + pid = $pid + status_uaddr = $stat_addr + options = $options + options_str = _wait4_opt_str($options) + rusage_uaddr = $ru } -probe kernel.syscall.rt_sigaction.return = - kernel.function("sys_rt_sigaction").return { - name = "rt_sigaction.return" +probe kernel.syscall.waitpid.return = + kernel.function("sys_wait4").return { + name = "waitpid.return" + } +# write ______________________________________________________ +/* + * asmlinkage ssize_t + * sys_write(unsigned int fd, + * const char __user * buf, + * size_t count) + */ +probe kernel.syscall.write = + kernel.function("sys_write") { + name = "write" + fd = $fd + buf_uaddr = $buf + count = $count + } +probe kernel.syscall.write.return = + kernel.function("sys_write").return { + name = "write.return" + } +# writev _____________________________________________________ +/* + * asmlinkage ssize_t + * sys_writev(unsigned long fd, + * const struct iovec __user *vec, + * unsigned long vlen) + */ +probe kernel.syscall.writev = + kernel.function("sys_writev") { + name = "writev" + fd = $fd + vector_uaddr = $vec + count = $vlen + } +probe kernel.syscall.writev.return = + kernel.function("sys_writev").return { + name = "writev.return" } |