summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorkevinrs <kevinrs>2005-11-10 21:23:27 +0000
committerkevinrs <kevinrs>2005-11-10 21:23:27 +0000
commit6ed93e502ec2845f4e1f76cd33e917d613c66863 (patch)
treeec2efbf768692e81f8e022ff53714dc0c121f47f
parent8d948813b76c1cbeb91379c3a701b95114266243 (diff)
downloadsystemtap-steved-6ed93e502ec2845f4e1f76cd33e917d613c66863.tar.gz
systemtap-steved-6ed93e502ec2845f4e1f76cd33e917d613c66863.tar.xz
systemtap-steved-6ed93e502ec2845f4e1f76cd33e917d613c66863.zip
* system_calls.stp
Polished entry point aliases, no more pointer-deref faults (instead the user-space address is given for pointer arguments). Return probe aliases still dont do much. Tested on vanilla 2.6.13 and 2.6.14. * aux_syscalls.stp Any helpers for the syscall tapset are now in this file. More to come.
Diffstat
-rw-r--r--tapset/aux_syscalls.stp880
-rw-r--r--tapset/system_calls.stp10135
2 files changed, 4819 insertions, 6196 deletions
diff --git a/tapset/aux_syscalls.stp b/tapset/aux_syscalls.stp
index 71e479f0..cdce603f 100644
--- a/tapset/aux_syscalls.stp
+++ b/tapset/aux_syscalls.stp
@@ -7,13 +7,13 @@
*/
function __uget_num:long(u_addr:long)
%{
- long long val = 0;
- if(get_user(val,
- (unsigned long *)(unsigned long)THIS->u_addr))
- {
- THIS->__retvalue = -EFAULT;
- } else
- THIS->__retvalue = val;
+ long long val = 0;
+ if(get_user(val,
+ (unsigned long *)(unsigned long)THIS->u_addr))
+ {
+ THIS->__retvalue = -EFAULT;
+ } else
+ THIS->__retvalue = val;
%}
/*
@@ -25,16 +25,47 @@ function __uget_num:long(u_addr:long)
*/
function __uget_tv_m:long(u_addr:long,member:long)
%{
- struct timeval tv;
- char *ptr = (char *)(unsigned long)THIS->u_addr;
- size_t sz = sizeof(struct timeval);
-
- if(copy_from_user(&tv,ptr,sz))
- THIS->__retvalue = -EFAULT;
- else if(THIS->member == 0)
- THIS->__retvalue = tv.tv_sec;
- else
- THIS->__retvalue = tv.tv_usec;
+ struct timeval tv;
+ char *ptr = (char *)(unsigned long)THIS->u_addr;
+ size_t sz = sizeof(struct timeval);
+
+ if(copy_from_user(&tv,ptr,sz))
+ THIS->__retvalue = -EFAULT;
+ else if(THIS->member == 0)
+ THIS->__retvalue = tv.tv_sec;
+ else
+ THIS->__retvalue = tv.tv_usec;
+%}
+
+/*
+ * Return a time_t / subseconds_t member value of
+ * one of the struct timevals in the struct itimerval
+ * user space pointer parameter
+ * CALLERS:
+ * kernel.syscall.getitimer
+ * kernel.syscall.setitimer
+ */
+function __uget_itimerval_tv_m:long(u_addr:long,member:long)
+%{
+ struct itimerval itv;
+ char *ptr = (char *)(unsigned long)THIS->u_addr;
+ size_t sz = sizeof(struct itimerval);
+
+ if(copy_from_user(&itv,ptr,sz)) {
+ THIS->__retvalue = -EFAULT;
+ return;
+ }
+ switch(THIS->member) {
+ case 0: THIS->__retvalue = itv.it_interval.tv_sec;
+ break;
+ case 1: THIS->__retvalue = itv.it_interval.tv_usec;
+ break;
+ case 2: THIS->__retvalue = itv.it_value.tv_sec;
+ break;
+ case 3: THIS->__retvalue = itv.it_value.tv_usec;
+ break;
+ default: THIS->__retvalue = -1;
+ }
%}
/*
@@ -46,16 +77,16 @@ function __uget_tv_m:long(u_addr:long,member:long)
*/
function __uget_tz_m:long(u_addr:long,member:long)
%{
- struct timezone tz;
- char *ptr = (char *)(unsigned long)THIS->u_addr;
- size_t sz = sizeof(struct timezone);
-
- if(copy_from_user(&tz,ptr,sz))
- THIS->__retvalue = -EFAULT;
- else if(THIS->member == 0)
- THIS->__retvalue = tz.tz_minuteswest;
- else
- THIS->__retvalue = tz.tz_dsttime;
+ struct timezone tz;
+ char *ptr = (char *)(unsigned long)THIS->u_addr;
+ size_t sz = sizeof(struct timezone);
+
+ if(copy_from_user(&tz,ptr,sz))
+ THIS->__retvalue = -EFAULT;
+ else if(THIS->member == 0)
+ THIS->__retvalue = tz.tz_minuteswest;
+ else
+ THIS->__retvalue = tz.tz_dsttime;
%}
/*
@@ -66,42 +97,122 @@ function __uget_tz_m:long(u_addr:long,member:long)
*/
function __uget_timex_m:long(u_addr:long,member:long)
%{
- struct timex tx;
- char *ptr = (char *)(unsigned long)THIS->u_addr;
- size_t sz = sizeof(struct timex);
-
- if(copy_from_user(&tx,ptr,sz))
- THIS->__retvalue = -EFAULT;
- switch(THIS->member) {
- case 0: THIS->__retvalue = tx.modes;
- break;
- case 1: THIS->__retvalue = tx.offset;
- break;
- case 2: THIS->__retvalue = tx.freq;
- break;
- case 3: THIS->__retvalue = tx.maxerror;
- break;
- case 4: THIS->__retvalue = tx.esterror;
- break;
- case 5: THIS->__retvalue = tx.status;
- break;
- case 6: THIS->__retvalue = tx.constant;
- break;
- case 7: THIS->__retvalue = tx.precision;
- break;
- case 8: THIS->__retvalue = tx.tolerance;
- break;
- case 9: THIS->__retvalue = tx.time.tv_sec;
- break;
- case 10: THIS->__retvalue = tx.time.tv_usec;
- break;
- case 11: THIS->__retvalue = tx.tick;
- break;
- default: THIS->__retvalue = -1;
- }
+ struct timex tx;
+ char *ptr = (char *)(unsigned long)THIS->u_addr;
+ size_t sz = sizeof(struct timex);
+
+ if(copy_from_user(&tx,ptr,sz)) {
+ THIS->__retvalue = -EFAULT;
+ return;
+ }
+ switch(THIS->member) {
+ case 0: THIS->__retvalue = tx.modes;
+ break;
+ case 1: THIS->__retvalue = tx.offset;
+ break;
+ case 2: THIS->__retvalue = tx.freq;
+ break;
+ case 3: THIS->__retvalue = tx.maxerror;
+ break;
+ case 4: THIS->__retvalue = tx.esterror;
+ break;
+ case 5: THIS->__retvalue = tx.status;
+ break;
+ case 6: THIS->__retvalue = tx.constant;
+ break;
+ case 7: THIS->__retvalue = tx.precision;
+ break;
+ case 8: THIS->__retvalue = tx.tolerance;
+ break;
+ case 9: THIS->__retvalue = tx.time.tv_sec;
+ break;
+ case 10: THIS->__retvalue = tx.time.tv_usec;
+ break;
+ case 11: THIS->__retvalue = tx.tick;
+ break;
+ default: THIS->__retvalue = -1;
+ }
+%}
+
+/*
+ * Return the clock_t member value of the
+ * struct tms user space pointer parameter
+ * CALLERS:
+ * kernel.syscall.times
+ */
+%{ #include <linux/times.h> %}
+function __uget_tms_m:long(u_addr:long,member:long)
+%{
+ struct tms tms;
+ char *ptr = (char *)(unsigned long)THIS->u_addr;
+ size_t sz = sizeof(struct tms);
+
+ if(copy_from_user(&tms,ptr,sz))
+ THIS->__retvalue = -EFAULT;
+ switch(THIS->member) {
+ case 0: THIS->__retvalue = tms.tms_utime;
+ break;
+ case 1: THIS->__retvalue = tms.tms_stime;
+ break;
+ case 2: THIS->__retvalue = tms.tms_cutime;
+ break;
+ case 3: THIS->__retvalue = tms.tms_cstime;
+ break;
+ default: THIS->__retvalue = -1;
+ }
+%}
+
+/*
+ * Return a time_t / long member value of the
+ * struct timespec user space pointer parameter
+ * CALLERS:
+ * kernel.syscall.nanosleep
+ */
+function __uget_ts_m:long(u_addr:long,member:long)
+%{
+ struct timespec ts;
+ char *ptr = (char *)(unsigned long)THIS->u_addr;
+ size_t sz = sizeof(struct timespec);
+
+ if(copy_from_user(&ts,ptr,sz))
+ THIS->__retvalue = -EFAULT;
+ else if(THIS->member == 0)
+ THIS->__retvalue = ts.tv_sec;
+ else
+ THIS->__retvalue = ts.tv_nsec;
%}
-/*
+/*
+ * Return a time_t / long member value of the
+ * struct timespecs in struct itimerspec user
+ * space pointer parameter
+ * CALLERS:
+ * kernel.syscall.timer_gettime
+ */
+function __uget_itimerspec_ts_m:long(u_addr:long,member:long)
+%{
+ struct itimerspec its;
+ char *ptr = (char *)(unsigned long)THIS->u_addr;
+ size_t sz = sizeof(struct itimerspec);
+
+ if(copy_from_user(&its,ptr,sz)) {
+ THIS->__retvalue = -EFAULT;
+ return;
+ }
+ switch(THIS->member) {
+ case 0: THIS->__retvalue = its.it_interval.tv_sec;
+ break;
+ case 1: THIS->__retvalue = its.it_interval.tv_nsec;
+ break;
+ case 2: THIS->__retvalue = its.it_value.tv_sec;
+ break;
+ case 3: THIS->__retvalue = its.it_value.tv_nsec;
+ break;
+ default: THIS->__retvalue = -1;
+ }
+%}
+
+/*
* Return the symbolic string representation
* of the struct timex.mode member of adjtimex
* consult `man adjtimex` for more information
@@ -121,49 +232,616 @@ function _adjtx_mode_str(f) {
}
/*
- * Return the clock_t member value of the
- * struct tms user space pointer parameter
+ * Return the symbolic string representation
+ * of the how argument given in *sigprocmask
+ * consult `man sigprocmask` for more info
* CALLERS:
- * kernel.syscall.times
+ * kernel.syscall.sigprocmask
+ * kernel.syscall.rt_sigprocmask
*/
-%{ #include <linux/times.h> %}
-function __uget_tms_m:long(u_addr:long,member:long)
-%{
- struct tms tms;
- char *ptr = (char *)(unsigned long)THIS->u_addr;
- size_t sz = sizeof(struct tms);
-
- if(copy_from_user(&tms,ptr,sz))
- THIS->__retvalue = -EFAULT;
- switch(THIS->member) {
- case 0: THIS->__retvalue = tms.tms_utime;
- break;
- case 1: THIS->__retvalue = tms.tms_stime;
- break;
- case 2: THIS->__retvalue = tms.tms_cutime;
- break;
- case 3: THIS->__retvalue = tms.tms_cstime;
- break;
- default: THIS->__retvalue = -1;
- }
-%}
+function _sigprocmask_how_str(how) {
+ if(how==0) return "SIG_BLOCK"
+ if(how==1) return "SIG_UNBLOCK"
+ if(how==2) return "SIG_SETMASK"
+ return ""
+}
/*
- * Return a time_t / long member value of the
- * struct timespec user space pointer parameter
+ * Return the symbolic string representation
+ * of the which argument given to setitimer
+ * consult `man setitimer` for more info
* CALLERS:
- * kernel.syscall.nanosleep
+ * kernel.syscall.getitimer
+ * kernel.syscall.setitimer
*/
-function __uget_ts_m:long(u_addr:long,member:long)
-%{
- struct timespec ts;
- char *ptr = (char *)(unsigned long)THIS->u_addr;
- size_t sz = sizeof(struct timespec);
-
- if(copy_from_user(&ts,ptr,sz))
- THIS->__retvalue = -EFAULT;
- else if(THIS->member == 0)
- THIS->__retvalue = ts.tv_sec;
- else
- THIS->__retvalue = ts.tv_nsec;
-%}
+function _itimer_which_str(which) {
+ if(which==0) return "ITIMER_REAL"
+ if(which==1) return "ITIMER_VIRTUAL"
+ if(which==2) return "ITIMER_PROF"
+ return ""
+}
+
+/*
+ * Return the symbolic string representation
+ * of the clockid argument given to create_timer
+ * consult `man create_timer` for more info
+ * CALLERS:
+ * kernel.syscall.timer_create
+ * kernel.syscall.clock_settime
+ * kernel.syscall.clock_gettime
+ * kernel.syscall.clock_getres
+ * kernel.syscall.clock_nanosleep
+ */
+function _get_wc_str(wc) {
+ if(wc==0) return "CLOCK_REALTIME"
+ if(wc==1) return "CLOCK_MONOTONIC"
+ if(wc==2) return "CLOCK_PROCESS_CPUTIME_ID"
+ if(wc==3) return "CLOCK_THREAD_CPUTIME_ID"
+ if(wc==4) return "CLOCK_REALTIME_HR"
+ if(wc==5) return "CLOCK_MONOTONIC_HR"
+ return ""
+}
+
+function _flock_cmd_str(c) {
+ if(c & 1) bs="LOCK_SH|".bs
+ if(c & 2) bs="LOCK_EX|".bs
+ if(c & 8) bs="LOCK_UN|".bs
+ if(c & 4) bs="LOCK_NB|".bs
+ return substr(bs,0,strlen(bs)-1)
+}
+
+/* `man 2 open` for more information */
+function _sys_open_flag_str(f) {
+ if(f & 8192) bs="O_ASYNC|".bs
+ if(f & 4096) bs="O_SYNC|".bs
+ if(f & 2048) bs="O_NONBLOCK|".bs
+ if(f & 1024) bs="O_APPEND|".bs
+ if(f & 512) bs="O_TRUNC|".bs
+ if(f & 256) bs="O_NDCTTY|".bs
+ if(f & 128) bs="O_EXCL|".bs
+ if(f & 64) bs="O_CREAT|".bs
+ if((f & 3) == 2) bs="O_RDWR|".bs
+ else if((f & 3) == 1) bs="O_WRONLY|".bs
+ else if((f & 3) == 0) bs="O_RDONLY|".bs
+ return substr(bs,0,strlen(bs)-1)
+}
+
+/* `man 2 open` for more information */
+function _access_mode_str(m) {
+ if(m & 4) bs="R_OK|".bs
+ if(m & 2) bs="W_OK|".bs
+ if(m & 1) bs="X_OK|".bs
+ if((m & 3) == 0) bs="F_OK|".bs
+ return substr(bs,0,strlen(bs)-1)
+}
+
+/* `man 2 open` for more information */
+function _sys_open_mode_str(f) {
+ if((f & 448) == 448) bs="S_IRWXU|".bs
+ else {
+ if(f & 256) bs="S_IRUSR|".bs
+ if(f & 128) bs="S_IWUSR|".bs
+ if(f & 64) bs="S_IXUSR|".bs
+ }
+ if((f & 56) == 56) bs="S_IRWXG|".bs
+ else {
+ if(f & 32) bs="S_IRGRP|".bs
+ if(f & 16) bs="S_IWGRP|".bs
+ if(f & 8) bs="S_IXGRP|".bs
+ }
+ if((f & 7) == 7) bs="S_IRWXO|".bs
+ else {
+ if(f & 4) bs="S_IROTH|".bs
+ if(f & 2) bs="S_IWOTH|".bs
+ if(f & 1) bs="S_IXOTH|".bs
+ }
+ return substr(bs,0,strlen(bs)-1)
+}
+
+/* `man 2 mknod` for more information */
+function _mknod_mode_str(mode) {
+ if((mode & 0x8000)==0x8000)
+ return "S_IFREG|"._sys_open_mode_str(mode)
+ if((mode & 0x2000)==0x2000)
+ return "S_IFCHR|"._sys_open_mode_str(mode)
+ if((mode & 0x6000)==0x6000)
+ return "S_IFBLK|"._sys_open_mode_str(mode)
+ if((mode & 0x1000)==0x1000)
+ return "S_IFIFO|"._sys_open_mode_str(mode)
+ if((mode & 0xC000)==0xC000)
+ return "S_IFSOCK|"._sys_open_mode_str(mode)
+ return ""
+}
+
+/* `man msync` for more information */
+function _wait4_opt_str(f) {
+ if(f & 4) bs="MS_SYNC|".bs
+ if(f & 2) bs="MS_INVALIDATE|".bs
+ if(f & 1) bs="MS_ASYNC|".bs
+ return substr(bs,0,strlen(bs)-1)
+}
+
+/* `man wait4` for more information */
+function _msync_flag_str(f) {
+ if(f & 0x01000000) bs="WNOWAIT|".bs
+ if(f & 8) bs="WCONTINUED|".bs
+ if(f & 4) bs="WEXITED|".bs
+ if(f & 2) bs="WSTOPPED|".bs
+ if(f & 1) bs="WNOHANG|".bs
+ return substr(bs,0,strlen(bs)-1)
+}
+
+/* `man sendmsg` for more information */
+function _send_flags_str(f) {
+ if(f & 0x0001) bs="MSG_OOB|".bs
+ if(f & 0x0080) bs="MSG_EOR|".bs
+ if(f & 0x0004) bs="MSG_DONTROUTE|".bs
+ if(f & 0x0040) bs="MSG_DONTWAIT|".bs
+ if(f & 0x4000) bs="MSG_NOSIGNAL|".bs
+ if(f & 0x0800) bs="MSG_CONFIRM|".bs
+ return substr(bs,0,strlen(bs)-1)
+}
+
+/* `man recv` for more information */
+function _recvflags_str(f) {
+ if(f & 1) bs="MSG_OOB|".bs
+ if(f & 2) bs="MSG_PEEK|".bs
+ if(f & 32) bs="MSG_WAITALL|".bs
+ if(f & 256) bs="MSG_TRUNC|".bs
+ if(f & 8192) bs="MSG_ERRQUEUE|".bs
+ return substr(bs,0,strlen(bs)-1)
+}
+
+/* `man mlockall` for more information */
+function _mlockall_flags_str(f) {
+ if(f & 2) bs="MCL_CURRENT|".bs
+ if(f & 1) bs="MCL_FUTURE|".bs
+ return substr(bs,0,strlen(bs)-1)
+}
+
+/*
+ * The following functions return the symbolic string
+ * representation of the flag. If the argument doesnt
+ * map to string, an empty string ("") is returned.
+ */
+
+function _module_flags_str(f) {
+ if(f==8192) return "O_ASYNC"
+ if(f==4096) return "O_SYNC"
+ if(f==2048) return "O_NONBLOCK"
+ if(f==1024) return "O_APPEND"
+ if(f==512) return "O_TRUNC"
+ if(f==256) return "O_NDCTTY"
+ if(f==128) return "O_EXCL"
+ if(f==64) return "O_CREAT"
+ if(f==2) return "O_RDWR"
+ if(f==1) return "O_WRONLY"
+ if(f==0) return "O_RDONLY"
+ return ""
+}
+
+function _sched_policy_str(policy) {
+ if(policy==0) return "SCHED_OTHER"
+ if(policy==1) return "SCHED_FIFO"
+ if(policy==2) return "SCHED_RR"
+ return ""
+}
+
+function _priority_which_str(which) {
+ if(which==0) return "PRIO_PROCESS"
+ if(which==1) return "PRIO_PGRP"
+ if(which==2) return "PRIO_USER"
+ return ""
+}
+
+function _shutdown_how_str(how) {
+ if(how==0) return "SHUT_RD"
+ if(how==1) return "SHUT_WR"
+ if(how==2) return "SHUT_RDWR"
+ return ""
+}
+
+function _reboot_magic_str(magic) {
+ if(magic==0xFEE1DEAD) return "LINUX_REBOOT_MAGIC1"
+ if(magic==672274793) return "LINUX_REBOOT_MAGIC2"
+ if(magic==85072278) return "LINUX_REBOOT_MAGIC2A"
+ if(magic==369367448) return "LINUX_REBOOT_MAGIC2B"
+ if(magic==537993216) return "LINUX_REBOOT_MAGIC2C"
+ return ""
+}
+
+function _reboot_flag_str(flag) {
+ if(flag==0x01234567) return "LINUX_REBOOT_CMD_RESTART"
+ if(flag==0xCDEF0123) return "LINUX_REBOOT_CMD_HALT"
+ if(flag==0x4321FEDC) return "LINUX_REBOOT_CMD_POWER_OFF"
+ if(flag==0xA1B2C3D4) return "LINUX_REBOOT_CMD_RESTART2"
+ if(flag==0x89ABCDEF) return "LINUX_REBOOT_CMD_CAD_ON"
+ if(flag==0x00000000) return "LINUX_REBOOT_CMD_CAD_OFF"
+ return ""
+}
+
+function _waitid_which_str(flag) {
+ if(flag==0) return "P_ALL"
+ if(flag==1) return "P_PID"
+ if(flag==2) return "P_PGID"
+ return ""
+}
+
+function _futex_op_str(op) {
+ if(op==0) return "FUTEX_WAIT"
+ if(op==1) return "FUTEX_WAKE"
+ if(op==2) return "FUTEX_FD"
+ if(op==3) return "FUTEX_REQUEUE"
+ if(op==4) return "FUTEX_CMP_REQUEUE"
+ return ""
+}
+
+function _mountflags_str(op) {
+ if(op==1) return "MS_RDONLY"
+ if(op==2) return "MS_NOSUID"
+ if(op==4) return "MS_NODEV"
+ if(op==8) return "MS_NOEXEC"
+ if(op==16) return "MS_SYNCHRONOUS"
+ if(op==32) return "MS_REMOUNT"
+ if(op==64) return "MS_MANDLOCK"
+ if(op==128) return "S_WRITE"
+ if(op==256) return "S_APPEND"
+ if(op==512) return "S_IMMUTABLE"
+ if(op==1024) return "MS_NOATIME"
+ if(op==2048) return "MS_NODIRATIME"
+ if(op==4096) return "MS_BIND"
+ return ""
+}
+
+function _statfs_f_type_str(f) {
+ if(f==0xadf5) return "ADFS_SUPER_MAGIC"
+ if(f==0xADFF) return "AFFS_SUPER_MAGIC"
+ if(f==0x42465331) return "BEFS_SUPER_MAGIC"
+ if(f==0x1BADFACE) return "BFS_MAGIC"
+ if(f==0xFF534D42) return "CIFS_MAGIC_NUMBER"
+ if(f==0x73757245) return "CODA_SUPER_MAGIC"
+ if(f==0x012FF7B7) return "COH_SUPER_MAGIC"
+ if(f==0x28cd3d45) return "CRAMFS_MAGIC"
+ if(f==0x1373) return "DEVFS_SUPER_MAGIC"
+ if(f==0x00414A53) return "EFS_SUPER_MAGIC"
+ if(f==0x137D) return "EXT_SUPER_MAGIC"
+ if(f==0xEF51) return "EXT2_OLD_SUPER_MAGIC"
+ if(f==0xEF53) return "EXT2_SUPER_MAGIC"
+ if(f==0xEF53) return "EXT3_SUPER_MAGIC"
+ if(f==0x4244) return "HFS_SUPER_MAGIC"
+ if(f==0xF995E849) return "HPFS_SUPER_MAGIC"
+ if(f==0x958458f6) return "HUGETLBFS_MAGIC"
+ if(f==0x9660) return "ISOFS_SUPER_MAGIC"
+ if(f==0x72b6) return "JFFS2_SUPER_MAGIC"
+ if(f==0x3153464a) return "JFS_SUPER_MAGIC"
+ if(f==0x137F) return "MINIX_SUPER_MAGIC"
+ if(f==0x138F) return "MINIX_SUPER_MAGIC2"
+ if(f==0x2468) return "MINIX2_SUPER_MAGIC"
+ if(f==0x2478) return "MINIX2_SUPER_MAGIC2"
+ if(f==0x4d44) return "MSDOS_SUPER_MAGIC"
+ if(f==0x564c) return "NCP_SUPER_MAGIC"
+ if(f==0x6969) return "NFS_SUPER_MAGIC"
+ if(f==0x5346544e) return "NTFS_SB_MAGIC"
+ if(f==0x9fa1) return "OPENPROM_SUPER_MAGIC"
+ if(f==0x9fa0) return "PROC_SUPER_MAGIC"
+ if(f==0x002f) return "QNX4_SUPER_MAGIC"
+ if(f==0x52654973) return "REISERFS_SUPER_MAGIC"
+ if(f==0x7275) return "ROMFS_MAGIC"
+ if(f==0x517B) return "SMB_SUPER_MAGIC"
+ if(f==0x012FF7B6) return "SYSV2_SUPER_MAGIC"
+ if(f==0x012FF7B5) return "SYSV4_SUPER_MAGIC"
+ if(f==0x01021994) return "TMPFS_MAGIC"
+ if(f==0x15013346) return "UDF_SUPER_MAGIC"
+ if(f==0x00011954) return "UFS_MAGIC"
+ if(f==0x9fa2) return "USBDEVICE_SUPER_MAGIC"
+ if(f==0xa501FCF5) return "VXFS_SUPER_MAGIC"
+ if(f==0x012FF7B4) return "XENIX_SUPER_MAGIC"
+ if(f==0x58465342) return "XFS_SUPER_MAGIC"
+ if(f==0x012FD16D) return "_XIAFS_SUPER_MAGIC"
+ return ""
+}
+
+function _mprotect_prot_str(prot) {
+ if(prot==0x00000000) return "PROT_NONE"
+ if(prot==0x00000001) return "PROT_READ"
+ if(prot==0x00000002) return "PROT_WRITE"
+ if(prot==0x00000004) return "PROT_EXEC"
+ return ""
+}
+
+function _madvice_advice_str(behavior) {
+ if(behavior==0x00000000) return "MADV_NORMAL"
+ if(behavior==0x00000001) return "MADV_RANDOM"
+ if(behavior==0x00000002) return "MADV_SEQUENTIAL"
+ if(behavior==0x00000003) return "MADV_WILLNEED"
+ if(behavior==0x00000004) return "MADV_DONTNEED"
+ return ""
+}
+
+function _fcntl_cmd_str(cmd) {
+ if(cmd==0x00000000) return "F_DUPFD"
+ if(cmd==0x00000001) return "F_GETFD"
+ if(cmd==0x00000002) return "F_SETFD"
+ if(cmd==0x00000003) return "F_GETFL"
+ if(cmd==0x00000004) return "F_SETFL"
+ if(cmd==0x00000005) return "F_GETLK"
+ if(cmd==0x00000006) return "F_SETLK"
+ if(cmd==0x00000007) return "F_SETLKW"
+ if(cmd==0x00000008) return "F_SETOWN"
+ if(cmd==0x00000009) return "F_GETOWN"
+ if(cmd==0x0000000A) return "F_SETSIG"
+ if(cmd==0x0000000B) return "F_GETLK64"
+ if(cmd==0x0000000C) return "F_SETLK64"
+ if(cmd==0x0000000D) return "F_SETLKW64"
+ return ""
+}
+
+function _seek_whence_str(w) {
+ if(w==0x00000000) return "SEEK_SET"
+ if(w==0x00000001) return "SEEK_CUR"
+ if(w==0x00000002) return "SEEK_END"
+ return ""
+}
+
+function _quotactl_cmd_str(cmd) {
+ if(cmd==0x800002) return "Q_QUOTAON"
+ if(cmd==0x800003) return "Q_QUOTAOFF"
+ if(cmd==0x800007) return "Q_GETQUOTA"
+ if(cmd==0x800008) return "Q_SETQUOTA"
+ if(cmd==0x800005) return "Q_GETINFO"
+ if(cmd==0x800006) return "Q_SETINFO"
+ if(cmd==0x800004) return "Q_GETFMT"
+ if(cmd==0x800001) return "Q_SYNC"
+ /* XFS Quota Manager (XQM) Codes */
+ if(cmd==0x5801) return "Q_XQUOTAON"
+ if(cmd==0x5802) return "Q_XQUOTAOFF"
+ if(cmd==0x5803) return "Q_XGETQUOTA"
+ if(cmd==0x5804) return "Q_XSETQLIM"
+ if(cmd==0x5805) return "Q_XGETQSTAT"
+ if(cmd==0x5806) return "Q_XQUOTARM"
+ return ""
+}
+
+/* see sys/socket.h (for setsockopt) */
+function _sockopt_optname_str(opt) {
+ if(opt==1) return "SO_DEBUG"
+ if(opt==2) return "SO_REUSEADDR"
+ if(opt==3) return "SO_TYPE"
+ if(opt==4) return "SO_ERROR"
+ if(opt==5) return "SO_DONTROUTE"
+ if(opt==6) return "SO_BROADCAST"
+ if(opt==7) return "SO_SNDBUF"
+ if(opt==8) return "SO_RCVBUF"
+ if(opt==9) return "SO_KEEPALIVE"
+ if(opt==10) return "SO_OOBINLINE"
+ if(opt==11) return "SO_NO_CHECK"
+ if(opt==12) return "SO_PRIORITY"
+ if(opt==13) return "SO_LINGER"
+ if(opt==14) return "SO_BSDCOMPAT"
+
+ if(opt==16) return "SO_PASSCRED"
+ if(opt==17) return "SO_PEERCRED"
+ if(opt==18) return "SO_RCVLOWAT"
+ if(opt==19) return "SO_SNDLOWAT"
+ if(opt==20) return "SO_RCVTIMEO"
+ if(opt==21) return "SO_SNDTIMEO"
+ return ""
+}
+
+/* `man 2 setsockopt` for more information */
+function _sockopt_level_str(l) {
+ if(l==0) return "IP"
+ if(l==1) return "ICMP"
+ if(l==2) return "IGMP"
+ if(l==3) return "GGP"
+ if(l==4) return "IP-ENCAP"
+ if(l==5) return "ST"
+ if(l==6) return "TCP"
+ if(l==7) return "CBT"
+ if(l==8) return "EGP"
+ if(l==9) return "IGP"
+ if(l==10) return "BBN-RCC-MON"
+ if(l==11) return "NVP-II"
+ if(l==12) return "PUP"
+ if(l==13) return "ARGUS"
+ if(l==14) return "EMCON"
+ if(l==15) return "XNET"
+ if(l==16) return "CHAOS"
+ if(l==17) return "UDP"
+ if(l==18) return "MUX"
+ if(l==19) return "DCN-MEAS"
+ if(l==20) return "HMP"
+ if(l==21) return "PRM"
+ if(l==22) return "XNS-IDP"
+ if(l==23) return "TRUNK-1"
+ if(l==24) return "TRUNK-2"
+ if(l==25) return "LEAF-1"
+ if(l==26) return "LEAF-2"
+ if(l==27) return "RDP"
+ if(l==28) return "IRTP"
+ if(l==29) return "ISO-TP4"
+ if(l==30) return "NETBLT"
+ if(l==31) return "MFE-NSP"
+ if(l==32) return "MERIT-INP"
+ if(l==33) return "SEP"
+ if(l==34) return "3PC"
+ if(l==35) return "IDPR"
+ if(l==36) return "XTP"
+ if(l==37) return "DDP"
+ if(l==38) return "IDPR-CMTP"
+ if(l==39) return "TP++"
+ if(l==40) return "IL"
+ if(l==41) return "IPv6"
+ if(l==42) return "SDRP"
+ if(l==43) return "IPv6-Route"
+ if(l==44) return "IPv6-Frag"
+ if(l==45) return "IDRP"
+ if(l==46) return "RSVP"
+ if(l==47) return "GRE"
+ if(l==48) return "MHRP"
+ if(l==49) return "BNA"
+ if(l==50) return "IPv6-Crypt"
+ if(l==51) return "IPv6-Auth"
+ if(l==52) return "I-NLSP"
+ if(l==53) return "SWIPE"
+ if(l==54) return "NARP"
+ if(l==55) return "MOBILE"
+ if(l==56) return "TLSP"
+ if(l==57) return "SKIP"
+ if(l==58) return "IPv6-ICMP"
+ if(l==59) return "IPv6-NoNxt"
+ if(l==60) return "IPv6-Opts"
+ if(l==62) return "CFTP"
+ if(l==64) return "SAT-EXPAK"
+ if(l==65) return "KRYPTOLAN"
+ if(l==66) return "RVD"
+ if(l==67) return "IPPC"
+ if(l==69) return "SAT-MON"
+ if(l==70) return "VISA"
+ if(l==71) return "IPCV"
+ if(l==72) return "CPNX"
+ if(l==73) return "CPHB"
+ if(l==74) return "WSN"
+ if(l==75) return "PVP"
+ if(l==76) return "BR-SAT-MON"
+ if(l==77) return "SUN-ND"
+ if(l==78) return "WB-MON"
+ if(l==79) return "WB-EXPAK"
+ if(l==80) return "ISO-IP"
+ if(l==81) return "VMTP"
+ if(l==82) return "SECURE-VMTP"
+ if(l==83) return "VINES"
+ if(l==84) return "TTP"
+ if(l==85) return "NSFNET-IGP"
+ if(l==86) return "DGP"
+ if(l==87) return "TCF"
+ if(l==88) return "EIGRP"
+ if(l==89) return "OSPFIGP"
+ if(l==90) return "Sprite-RPC"
+ if(l==91) return "LARP"
+ if(l==92) return "MTP"
+ if(l==93) return "AX.25"
+ if(l==94) return "IPIP"
+ if(l==95) return "MICP"
+ if(l==96) return "SCC-SP"
+ if(l==97) return "ETHERIP"
+ if(l==98) return "ENCAP"
+ if(l==100) return "GMTP"
+ if(l==101) return "IFMP"
+ if(l==102) return "PNNI"
+ if(l==103) return "PIM"
+ if(l==104) return "ARIS"
+ if(l==105) return "SCPS"
+ if(l==106) return "QNX"
+ if(l==107) return "A/N"
+ if(l==108) return "IPComp"
+ if(l==109) return "SNP"
+ if(l==110) return "Compaq-Peer"
+ if(l==111) return "IPX-in-IP"
+ if(l==112) return "VRRP"
+ if(l==113) return "PGM"
+ if(l==115) return "L2TP"
+ if(l==116) return "DDX"
+ if(l==117) return "IATP"
+ if(l==118) return "STP"
+ if(l==119) return "SRP"
+ if(l==120) return "UTI"
+ if(l==121) return "SMP"
+ if(l==122) return "SM"
+ if(l==123) return "PTP"
+ if(l==124) return "ISIS"
+ if(l==125) return "FIRE"
+ if(l==126) return "CRTP"
+ if(l==127) return "CRUDP"
+ if(l==128) return "SSCOPMCE"
+ if(l==129) return "IPLT"
+ if(l==130) return "SPS"
+ if(l==131) return "PIPE"
+ if(l==132) return "SCTP"
+ if(l==133) return "FC"
+ return ""
+}
+
+function _sock_family_str(f) {
+ if(f==0) return "PF_UNSPEC"
+ if(f==1) return "PF_UNIX"
+ if(f==1) return "PF_LOCAL"
+ if(f==2) return "PF_INET"
+ if(f==3) return "PF_AX25"
+ if(f==4) return "PF_IPX"
+ if(f==5) return "PF_APPLETALK"
+ if(f==6) return "PF_NETROM"
+ if(f==7) return "PF_BRIDGE"
+ if(f==8) return "PF_ATMPVC"
+ if(f==9) return "PF_X25"
+ if(f==10) return "PF_INET6"
+ if(f==11) return "PF_ROSE"
+ if(f==12) return "PF_DECnet"
+ if(f==13) return "PF_NETBEUI"
+ if(f==14) return "PF_SECURITY"
+ if(f==15) return "PF_KEY"
+ if(f==16) return "PF_NETLINK"
+ if(f==17) return "PF_PACKET"
+ if(f==18) return "PF_ASH"
+ if(f==19) return "PF_ECONET"
+ if(f==20) return "PF_ATMSVC"
+ if(f==22) return "PF_SNA"
+ if(f==23) return "PF_IRDA"
+ if(f==24) return "PF_PPPOX"
+ if(f==25) return "PF_WANPIPE"
+ if(f==26) return "PF_LLC"
+ if(f==31) return "PF_BLUETOOTH"
+ if(f==32) return "PF_MAX"
+ return ""
+}
+
+function _sock_type_str(t) {
+ if(t==1) return "SOCK_STREAM"
+ if(t==2) return "SOCK_DGRAM"
+ if(t==5) return "SOCK_SEQPACKET"
+ if(t==3) return "SOCK_RAW"
+ if(t==4) return "SOCK_RDM"
+ if(t==10) return "SOCK_PACKET"
+ return ""
+}
+
+function _opoll_op_str(o) {
+ if(o==1) return "EPOLL_CTL_ADD"
+ if(o==3) return "EPOLL_CTL_MOD"
+ if(o==2) return "EPOLL_CTL_DEL"
+ return ""
+}
+
+function _epoll_events_str(e) {
+ if(e==1) return "EPOLLIN"
+ if(e==4) return "EPOLLOUT"
+ if(e==2) return "EPOLLPRI"
+ if(e==8) return "EPOLLERR"
+ if(e==16) return "EPOLLHUP"
+ if(e==-2147483648) return "EPOLLET"
+ if(e==1073741824) return "EPOLLONESHOT"
+ return ""
+}
+
+function _rlimit_resource_str(r) {
+ if(r==-1) return "RLIM_INFINITY"
+ if(r==9) return "RLIMIT_AS"
+ if(r==4) return "RLIMIT_CORE"
+ if(r==0) return "RLIMIT_CPU"
+ if(r==2) return "RLIMIT_DATA"
+ if(r==1) return "RLIMIT_FSIZE"
+ if(r==10) return "RLIMIT_LOCKS"
+ if(r==8) return "RLIMIT_MEMLOCK"
+ if(r==7) return "RLIMIT_NOFILE"
+ if(r==6) return "RLIMIT_NPROC"
+ if(r==5) return "RLIMIT_RSS"
+ if(r==3) return "RLIMIT_STACK"
+ return ""
+}
+
+function _rusage_who_str(w) {
+ if(w==0) return "RUSAGE_SELF"
+ if(w==-1) return "RUSAGE_CHILDREN"
+ return ""
+}
+
diff --git a/tapset/system_calls.stp b/tapset/system_calls.stp
index b56f4e89..462c25e6 100644
--- a/tapset/system_calls.stp
+++ b/tapset/system_calls.stp
@@ -15,14 +15,12 @@
probe kernel.syscall.time =
kernel.function("sys_time") {
name = "time"
+ t_uaddr = $tloc
t = __uget_num($tloc)
}
probe kernel.syscall.time.return =
kernel.function("sys_time").return {
name = "time.return"
- /*
- t = __uget_num($tloc)
- */
}
# stime____________________________________________
/*
@@ -31,15 +29,13 @@ probe kernel.syscall.time.return =
*/
probe kernel.syscall.stime =
kernel.function("sys_stime") {
- name = "stime"
+ name = "stime"
+ t_uaddr = $tptr
t = __uget_num($tptr)
}
probe kernel.syscall.stime.return =
kernel.function("sys_stime").return {
name = "stime.return"
- /*
- t = __uget_num($tptr)
- */
}
# gettimeofday_____________________________________
/*
@@ -50,6 +46,8 @@ probe kernel.syscall.stime.return =
probe kernel.syscall.gettimeofday =
kernel.function("sys_gettimeofday") {
name = "gettimeofday"
+ tv_uaddr = $tv
+ tz_uaddr = $tz
tv_tv_sec = __uget_tv_m($tv,0)
tv_tv_usec = __uget_tv_m($tv,1)
tz_tz_minuteswest = __uget_tz_m($tz,0)
@@ -58,12 +56,6 @@ probe kernel.syscall.gettimeofday =
probe kernel.syscall.gettimeofday.return =
kernel.function("sys_gettimeofday").return {
name = "gettimeofday.return"
- /*
- tv_tv_sec = __uget_tv_m($tv,0)
- tv_tv_usec = __uget_tv_m($tv,1)
- tz_tz_minuteswest = __uget_tz_m($tz,0)
- tz_tz_dsttime = __uget_tz_m($tz,1)
- */
}
# settimeofday_____________________________________
/*
@@ -74,6 +66,8 @@ probe kernel.syscall.gettimeofday.return =
probe kernel.syscall.settimeofday =
kernel.function("sys_settimeofday") {
name = "settimeofday"
+ tv_uaddr = $tv
+ tz_uaddr = $tz
tv_tv_sec = __uget_tv_m($tv,0)
tv_tv_usec = __uget_tv_m($tv,1)
tz_tz_minuteswest = __uget_tz_m($tz,0)
@@ -82,12 +76,6 @@ probe kernel.syscall.settimeofday =
probe kernel.syscall.settimeofday.return =
kernel.function("sys_settimeofday").return {
name = "settimeofday.return"
- /*
- tv_tv_sec = __uget_tv_m($tv,0)
- tv_tv_usec = __uget_tv_m($tv,1)
- tz_tz_minuteswest = __uget_tz_m($tz,0)
- tz_tz_dsttime = __uget_tz_m($tz,1)
- */
}
# adjtimex_________________________________________
/*
@@ -97,6 +85,7 @@ probe kernel.syscall.settimeofday.return =
probe kernel.syscall.adjtimex =
kernel.function("sys_adjtimex") {
name = "adjtimex"
+ buf_uaddr = $txc_p
buf_modes = __uget_timex_m($txc_p,0)
buf_modes_str = _adjtx_mode_str(buf_modes)
buf_offset = __uget_timex_m($txc_p,1)
@@ -114,37 +103,6 @@ probe kernel.syscall.adjtimex =
probe kernel.syscall.adjtimex.return =
kernel.function("sys_adjtimex").return {
name = "adjtimex.return"
- /*
- buf_modes = __uget_timex_m($txc_p,0)
- buf_modes_str = _adjtx_mode_str(buf_modes)
- buf_offset = __uget_timex_m($txc_p,1)
- buf_freq = __uget_timex_m($txc_p,2)
- buf_maxerror = __uget_timex_m($txc_p,3)
- buf_esterror = __uget_timex_m($txc_p,4)
- buf_status = __uget_timex_m($txc_p,5)
- buf_constant = __uget_timex_m($txc_p,6)
- buf_precision = __uget_timex_m($txc_p,7)
- buf_tolerance = __uget_timex_m($txc_p,8)
- buf_time_tv_sec = __uget_timex_m($txc_p,9)
- buf_time_tv_usec = __uget_timex_m($txc_p,10)
- buf_tick = __uget_timex_m($txc_p,11)
-
- TODO+++++++++++++++++++++++++++++++++++++++++
- RETURN VALUE
- On success, adjtimex returns the clock state:
-
- #define TIME_OK 0 clock synchronized
- #define TIME_INS 1 insert leap second
- #define TIME_DEL 2 delete leap second
- #define TIME_OOP 3 leap second in progress
- #define TIME_WAIT 4 leap second has occurred
- #define TIME_BAD 5 clock not synchronized
-
- NOTE: Once $retval built-in is working it would
- be nice to export a symbolic name string
- corresponding to the return value.
- i.e. clockstate = get_clock_state($retval)
- */
}
# times____________________________________________
/*
@@ -154,6 +112,7 @@ probe kernel.syscall.adjtimex.return =
probe kernel.syscall.times =
kernel.function("sys_times") {
name = "times"
+ buf_uaddr = $tbuf
buf_tms_utime = __uget_tms_m($tbuf,0)
buf_tms_stime = __uget_tms_m($tbuf,1)
buf_tms_cutime = __uget_tms_m($tbuf,2)
@@ -162,12 +121,6 @@ probe kernel.syscall.times =
probe kernel.syscall.times.return =
kernel.function("sys_times").return {
name = "times.return"
- /*
- buf_tms_utime = __uget_tms_m($tbuf,0)
- buf_tms_stime = __uget_tms_m($tbuf,1)
- buf_tms_cutime = __uget_tms_m($tbuf,2)
- buf_tms_cstime = __uget_tms_m($tbuf,3)
- */
}
# gettid___________________________________________
/*
@@ -191,6 +144,8 @@ probe kernel.syscall.gettid.return =
probe kernel.syscall.nanosleep =
kernel.function("sys_nanosleep") {
name = "nanosleep"
+ req_uaddr = $rqtp
+ rem_uaddr = $rmtp
req_tv_sec = __uget_ts_m($rqtp,0)
req_tv_nsec = __uget_ts_m($rqtp,1)
rem_tv_sec = __uget_ts_m($rmtp,0)
@@ -199,12 +154,6 @@ probe kernel.syscall.nanosleep =
probe kernel.syscall.nanosleep.return =
kernel.function("sys_nanosleep").return {
name = "nanosleep.return"
- /*
- req_tv_sec = __uget_ts_m($rqtp,0)
- req_tv_nsec = __uget_ts_m($rqtp,1)
- rem_tv_sec = __uget_ts_m($rmtp,0)
- rem_tv_nsec = __uget_ts_m($rmtp,1)
- */
}
# alarm____________________________________________
/*
@@ -281,11 +230,11 @@ probe kernel.syscall.geteuid.return =
* sys_getgid(void)
*/
probe kernel.syscall.getgid =
- kernel.function("sys_gid") {
+ kernel.function("sys_getgid") {
name = "getgid"
}
probe kernel.syscall.getgid.return =
- kernel.function("sys_gid").return {
+ kernel.function("sys_getgid").return {
name = "getgid.return"
}
# getegid__________________________________________
@@ -302,6829 +251,4825 @@ probe kernel.syscall.getegid.return =
name = "getegid.return"
}
# getresuid________________________________________
-/* asmlinkage long sys_getresuid(uid_t __user *ruid,
- uid_t __user *euid,
- uid_t __user *suid) */
+/*
+ * asmlinkage long
+ * sys_getresuid(uid_t __user *ruid,
+ * uid_t __user *euid,
+ * uid_t __user *suid)
+ */
probe kernel.syscall.getresuid =
- kernel.function("sys_getresuid") {
- name = "getresuid"
- }
-
+ kernel.function("sys_getresuid") {
+ name = "getresuid"
+ ruid_uaddr = $ruid
+ euid_uaddr = $euid
+ suid_uaddr = $suid
+ ruid = __uget_num($ruid)
+ euid = __uget_num($euid)
+ suid = __uget_num($suid)
+ }
probe kernel.syscall.getresuid.return =
- kernel.function("sys_getresuid").return {
- name = "getresuid.return"
- /*
- ruid = $ruid
- euid = $euid
- suid = $suid
- */
- }
+ kernel.function("sys_getresuid").return {
+ name = "getresuid.return"
+ }
# getresgid________________________________________
-/* asmlinkage long sys_getresgid(gid_t __user *rgid,
- gid_t __user *egid,
- gid_t __user *sgid) */
+/*
+ * asmlinkage
+ * long sys_getresgid(gid_t __user *rgid,
+ * gid_t __user *egid,
+ * gid_t __user *sgid)
+ */
probe kernel.syscall.getresgid =
- kernel.function("sys_retresgid") {
- name = "getresgid"
- }
-
+ kernel.function("sys_getresgid") {
+ name = "getresgid"
+ rgid_uaddr = $rgid
+ egid_uaddr = $egid
+ sgid_uaddr = $sgid
+ rgid = __uget_num($rgid)
+ egid = __uget_num($egid)
+ sgid = __uget_num($sgid)
+ }
probe kernel.syscall.getresgid.return =
- kernel.function("sys_retresgid").return {
- name = "getresgid.return"
- /*
- rgid = $rgid
- egid = $egid
- sgid = $sgid
- */
- }
+ kernel.function("sys_getresgid").return {
+ name = "getresgid.return"
+ }
# getpgid__________________________________________
-/* asmlinkage long sys_getpid(void) */
+/*
+ * asmlinkage long
+ * sys_getpgid(void)
+ */
probe kernel.syscall.getpgid =
- kernel.function("sys_getpgid") {
- name = "getpgid"
- }
-
+ kernel.function("sys_getpgid") {
+ name = "getpgid"
+ }
probe kernel.syscall.getpgid.return =
- kernel.function("sys_getpgid").return {
- name = "getpgid.return"
- }
+ kernel.function("sys_getpgid").return {
+ name = "getpgid.return"
+ }
# getpgrp__________________________________________
-/* asmlinkage long sys_getpgrp(void) */
+/*
+ * asmlinkage long
+ * sys_getpgrp(void)
+ */
probe kernel.syscall.getpgrp =
- kernel.function("sys_getpgrp") {
- name = "getpgrp"
- }
-
+ kernel.function("sys_getpgrp") {
+ name = "getpgrp"
+ }
probe kernel.syscall.getpgrp.return =
- kernel.function("sys_getpgrp").return {
- name = "getpgrp.return"
- }
+ kernel.function("sys_getpgrp").return {
+ name = "getpgrp.return"
+ }
# getsid___________________________________________
-/* asmlinkage long sys_getsid(pid_t pid) */
+/*
+ * asmlinkage long
+ * sys_getsid(pid_t pid)
+ */
probe kernel.syscall.getsid =
- kernel.function("sys_getsid") {
- name = "getsid"
- pid = $pid
- }
-
+ kernel.function("sys_getsid") {
+ name = "getsid"
+ pid = $pid
+ }
probe kernel.syscall.getsid.return =
- kernel.function("sys_getsid").return {
- name = "getsid.return"
- pid = $pid
- }
+ kernel.function("sys_getsid").return {
+ name = "getsid.return"
+ /*
+ pid = $pid
+ */
+ }
# getgroups________________________________________
-/* asmlinkage long sys_getgroups(int gidsetsize,
- gid_t __user *grouplist) */
+/*
+ * asmlinkage long
+ * sys_getgroups(int gidsetsize,
+ * gid_t __user *grouplist)
+ */
probe kernel.syscall.getgroups =
- kernel.function("sys_getgroups") {
- name = "getgroups"
- }
-
+ kernel.function("sys_getgroups") {
+ name = "getgroups"
+ size = $gidsetsize
+ /*
+ NOTE
+ list defined as "gid_t list[]" there
+ is no practical way to export these
+ values. Therefore just export addr,
+ let the user take care of it with
+ embedded C if need be.
+ */
+ list_uaddr = $grouplist
+ }
probe kernel.syscall.getgroups.return =
- kernel.function("sys_getgroups").return {
- name = "getgroups.return"
- /*
- SUMMARY
- int getgroups(int size, gid_t list[]);
-
- Up to size supplementary group IDs are returned
- in list. It is unspecified whether the effective
- group ID of the calling process is included in
- the returned list. (Thus, an application should
- also call getegid(2) and add or remove the resulting
- value.) If size is zero, list is not modified, but
- the total number of supplementary group IDs for the
- process is returned.
-
- Note: I do not think SystemTap has support for arrays,
- this may be able to be delegated to an embedded
- aux function....
- */
- }
+ kernel.function("sys_getgroups").return {
+ name = "getgroups.return"
+ }
# setregid_________________________________________
-/* asmlinkage long sys_setregid(gid_t rgid, gid_t egid) */
+/*
+ * asmlinkage long
+ * sys_setregid(gid_t rgid,
+ * gid_t egid)
+ */
probe kernel.syscall.setregid =
- kernel.function("sys_setregid") {
- name = "setregid"
- rgid = $rgid
- egid = $egid
- }
-
+ kernel.function("sys_setregid") {
+ name = "setregid"
+ rgid = $rgid
+ egid = $egid
+ }
probe kernel.syscall.setregid.return =
- kernel.function("sys_setregid").return {
- name = "setregid.return"
- rgid = $rgid
- egid = $egid
- }
+ kernel.function("sys_setregid").return {
+ name = "setregid.return"
+ }
# setgid___________________________________________
-/* asmlinkage long sys_setgid(gid_t gid) */
+/*
+ * asmlinkage long
+ * sys_setgid(gid_t gid)
+ */
probe kernel.syscall.setgid =
- kernel.function("sys_setgid") {
- name = "setgid"
- gid = $gid
- }
-
+ kernel.function("sys_setgid") {
+ name = "setgid"
+ gid = $gid
+ }
probe kernel.syscall.setgid.return =
- kernel.function("sys_setgid").return {
- name = "setgid.return"
- gid = $gid
- }
+ kernel.function("sys_setgid").return {
+ name = "setgid.return"
+ }
# setreuid_________________________________________
-/* asmlinkage long sys_setreuid(uid_t ruid, uid_t euid) */
+/*
+ * asmlinkage long
+ * sys_setreuid(uid_t ruid,
+ * uid_t euid)
+ */
probe kernel.syscall.setreuid =
- kernel.function("sys_setreuid") {
- name = "setreuid"
- ruid = $ruid
- euid = $euid
- }
-
+ kernel.function("sys_setreuid") {
+ name = "setreuid"
+ ruid = $ruid
+ euid = $euid
+ }
probe kernel.syscall.setreuid.return =
- kernel.function("sys_setreuid").return {
- name = "setreuid.return"
- ruid = $ruid
- euid = $euid
- }
+ kernel.function("sys_setreuid").return {
+ name = "setreuid.return"
+ }
# setuid___________________________________________
-/* asmlinkage long sys_setuid(uid_t uid) */
+/*
+ * asmlinkage long
+ * sys_setuid(uid_t uid)
+ */
probe kernel.syscall.setuid =
- kernel.function("sys_setuid") {
- name = "setuid"
- uid = $uid
- }
-
+ kernel.function("sys_setuid") {
+ name = "setuid"
+ uid = $uid
+ }
probe kernel.syscall.setuid.return =
- kernel.function("sys_setuid").return {
- name = "setuid.return"
- uid = $uid
- }
+ kernel.function("sys_setuid").return {
+ name = "setuid.return"
+ }
# setresuid________________________________________
-/* asmlinkage long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid) */
+/*
+ * asmlinkage long
+ * sys_setresuid(uid_t ruid,
+ * uid_t euid,
+ * uid_t suid)
+ */
probe kernel.syscall.setresuid =
- kernel.function("sys_setresuid") {
- name = "setresuid"
- ruid = $ruid
- euid = $euid
- suid = $suid
- }
-
+ kernel.function("sys_setresuid") {
+ name = "setresuid"
+ ruid = $ruid
+ euid = $euid
+ suid = $suid
+ }
probe kernel.syscall.setresuid.return =
- kernel.function("sys_setresuid").return {
- name = "setresuid.return"
- ruid = $ruid
- euid = $euid
- suid = $suid
- }
+ kernel.function("sys_setresuid").return {
+ name = "setresuid.return"
+ }
# setresgid________________________________________
-/* asmlinkage long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid) */
+/*
+ * asmlinkage long
+ * sys_setresgid(gid_t rgid,
+ * gid_t egid,
+ * gid_t sgid)
+ */
probe kernel.syscall.setresgid =
- kernel.function("sys_setresgid") {
- name = "setresgid"
- rgid = $rgid
- egid = $egid
- sgid = $sgid
- }
-
+ kernel.function("sys_setresgid") {
+ name = "setresgid"
+ rgid = $rgid
+ egid = $egid
+ sgid = $sgid
+}
probe kernel.syscall.setresgid.return =
- kernel.function("sys_setresgid").return {
- name = "setresgid.return"
- rgid = $rgid
- egid = $egid
- sgid = $sgid
- }
+ kernel.function("sys_setresgid").return {
+ name = "setresgid.return"
+ }
# setfsuid_________________________________________
-/* asmlinkage long sys_setfsuid(uid_t uid) */
+/*
+ * asmlinkage long
+ * sys_setfsuid(uid_t uid)
+ */
probe kernel.syscall.setfsuid =
- kernel.function("sys_setfsuid") {
- name = "setfsuid"
- fsuid = $uid
- }
-
+ kernel.function("sys_setfsuid") {
+ name = "setfsuid"
+ fsuid = $uid
+ }
probe kernel.syscall.setfsuid.return =
- kernel.function("sys_setfsuid").return {
- name = "setfsuid.return"
- fsuid = $uid
- }
+ kernel.function("sys_setfsuid").return {
+ name = "setfsuid.return"
+ }
# setfsgid_________________________________________
-/* asmlinkage long sys_setfsgid(gid_t gid) */
+/*
+ * asmlinkage long
+ * sys_setfsgid(gid_t gid)
+ */
probe kernel.syscall.setfsgid =
- kernel.function("sys_setfsgid") {
- name = "setfsgid"
- fsgid = $gid
- }
-
+ kernel.function("sys_setfsgid") {
+ name = "setfsgid"
+ fsgid = $gid
+ }
probe kernel.syscall.setfsgid.return =
- kernel.function("sys_setfsgid").return {
- name = "setfsgid.return"
- fsgid = $gid
- }
+ kernel.function("sys_setfsgid").return {
+ name = "setfsgid.return"
+ }
# setpgid__________________________________________
-/* asmlinkage long sys_setpgid(pid_t pid, pid_t pgid) */
+/*
+ * asmlinkage long
+ * sys_setpgid(pid_t pid,
+ * pid_t pgid)
+ */
probe kernel.syscall.setpgid =
- kernel.function("sys_setpgid") {
- name = "setpgid"
- pid = $pid
- pgid = $pgid
- }
-
+ kernel.function("sys_setpgid") {
+ name = "setpgid"
+ pid = $pid
+ pgid = $pgid
+ }
probe kernel.syscall.setpgid.return =
- kernel.function("sys_setpgid").return {
- name = "setpgid.return"
- pid = $pid
- pgid = $pgid
- }
+ kernel.function("sys_setpgid").return {
+ name = "setpgid.return"
+ }
# setsid___________________________________________
-/* asmlinkage long sys_setsid(void) */
+/*
+ * asmlinkage long
+ * sys_setsid(void)
+ */
probe kernel.syscall.setsid =
- kernel.function("sys_setsid") {
- name = "setsid"
- }
-
+ kernel.function("sys_setsid") {
+ name = "setsid"
+ }
probe kernel.syscall.setsid.return =
- kernel.function("sys_setsid").return {
- name = "setsid.return"
- }
+ kernel.function("sys_setsid").return {
+ name = "setsid.return"
+ }
# setgroups________________________________________
-/* asmlinkage long sys_setgroups(int gidsetsize,
- gid_t __user *grouplist) */
+/*
+ * asmlinkage long
+ * sys_setgroups(int gidsetsize,
+ * gid_t __user *grouplist)
+ */
probe kernel.syscall.setgroups =
- kernel.function("sys_setgroups") {
- name = "setgroups"
- /*
- SUMMARY (see getgroups for same issue)
- int setgroups(size_t size, const gid_t *list);
-
- Sets the supplementary group IDs for the process.
- Only the super-user may use this function.
-
- Note: I do not think SystemTap has support for arrays,
- this may be able to be delegated to an embedded
- aux function....
- */
- }
-
+ kernel.function("sys_setgroups") {
+ name = "setgroups"
+ size = $gidsetsize
+ /*
+ NOTE
+ list defined as "gid_t list[]" there
+ is no practical way to export these
+ values. Therefore just export addr,
+ let the user take care of it with
+ embedded C if need be.
+ */
+ list_uaddr = $grouplist
+ }
probe kernel.syscall.setgroups.return =
- kernel.function("sys_setgroups").return {
- name = "setgroups.return"
- /*
- SUMMARY (see getgroups for same issue)
- int setgroups(size_t size, const gid_t *list);
-
- Sets the supplementary group IDs for the process.
- Only the super-user may use this function.
-
- Note: I do not think SystemTap has support for arrays, this may be able to be delegated to an embedded
- aux function....
- */
- }
+ kernel.function("sys_setgroups").return {
+ name = "setgroups.return"
+ }
# acct_____________________________________________
-/* asmlinkage long sys_acct(const char __user *name) */
+/*
+ * asmlinkage long
+ * sys_acct(const char __user *name)
+ */
probe kernel.syscall.acct =
- kernel.function("sys_acct") {
- name = "acct"
- /*
- filename = $name
- */
- }
-
+ kernel.function("sys_acct") {
+ name = "acct"
+ filename_uaddr = $name
+ filename = user_string($name)
+ }
probe kernel.syscall.acct.return =
- kernel.function("sys_acct").return {
- name = "acct.return"
- /*
- filename = $name
- */
- }
+ kernel.function("sys_acct").return {
+ name = "acct.return"
+ }
# capget___________________________________________
-/* asmlinkage long sys_capget(cap_user_header_t header,
- cap_user_data_t dataptr) */
-probe kernel.syscall.capget =
- kernel.function("sys_capget") {
- name = "capget"
- version = $header->version
- target_pid = $header->pid
- effective = $dataptr->effective
- permitted = $dataptr->permitted
- inheritable = $dataptr->inheritable
- /*
- DESCRIPTION
- These two functions are the raw kernel interface
- for getting and setting capabilities. The kernel API
- is likely to change and use of these functions (in
- particular the format of the cap_user_*_t types) is
- subject to change with each kernel revision.
-
- These system calls are specific to Linux.
- The portable interfaces are cap_set_proc(3) and
- cap_get_proc(3).
- */
- }
+/*
+ NOTE
+ this is probably not a good function
+ to probe. The structures are always
+ changing. It also seems like it is
+ not really used. Cscope produced no
+ reference of this function in the
+ kernel (returned no callers). Perhaps
+ cap_get_proc / cap_set_proc are better
+ functions to export.
+*/
+/*
+ * asmlinkage long
+ * sys_capget(cap_user_header_t header,
+ * cap_user_data_t dataptr)
+ */
+probe kernel.syscall.capget =
+ kernel.function("sys_capget") {
+ name = "capget"
+ header_uaddr = $header
+ data_uaddr = $dataptr
+ /*
+ NOTE
+ These two functions are the raw kernel
+ interface for getting and setting
+ capabilities. The kernel API is likely
+ to change and use of these functions (in
+ particular the format of the cap_user_*_t
+ types) is subject to change with each
+ kernel revision.
+ */
+ }
probe kernel.syscall.capget.return =
- kernel.function("sys_capget").return {
- name = "capget.return"
- version = $header->version
- target_pid = $header->pid
- effective = $dataptr->effective
- permitted = $dataptr->permitted
- inheritable = $dataptr->inheritable
- /*
- DESCRIPTION
- These two functions are the raw kernel interface
- for getting and setting capabilities. The kernel API
- is likely to change and use of these functions (in
- particular the format of the cap_user_*_t types) is
- subject to change with each kernel revision.
-
- These system calls are specific to Linux.
- The portable interfaces are cap_set_proc(3) and
- cap_get_proc(3).
- */
- }
+ kernel.function("sys_capget").return {
+ name = "capget.return"
+ }
# capset___________________________________________
-/* asmlinkage long sys_capset(cap_user_header_t header,
- const cap_user_data_t data) */
-probe kernel.syscall.capset =
- kernel.function("sys_capset") {
- name = "capset"
- version = $header->version
- target_pid = $header->pid
- effective = $data->effective
- permitted = $data->permitted
- inheritable = $data->inheritable
- /*
- DESCRIPTION
- These two functions are the raw kernel interface
- for getting and setting capabilities. The kernel API
- is likely to change and use of these functions (in
- particular the format of the cap_user_*_t types) is
- subject to change with each kernel revision.
-
- These system calls are specific to Linux.
- The portable interfaces are cap_set_proc(3) and
- cap_get_proc(3).
- */
- }
+/*
+ NOTE
+ this is probably not a good function
+ to probe. The structures are always
+ changing. It also seems like it is
+ not really used. Cscope produced no
+ reference of this function in the
+ kernel (returned no callers). Perhaps
+ cap_get_proc / cap_set_proc are better
+ functions to export.
+*/
+/*
+ * asmlinkage long
+ * sys_capset(cap_user_header_t header,
+ * const cap_user_data_t data)
+ */
+probe kernel.syscall.capset =
+ kernel.function("sys_capset") {
+ name = "capset"
+ header_uaddr = $header
+ data_uaddr = $data
+ /*
+ NOTE
+ These two functions are the raw kernel
+ interface for getting and setting
+ capabilities. The kernel API is likely
+ to change and use of these functions (in
+ particular the format of the cap_user_*_t
+ types) is subject to change with each
+ kernel revision.
+
+ These system calls are specific to Linux.
+ The portable interfaces are cap_set_proc
+ and cap_get_proc.
+ */
+ }
probe kernel.syscall.capset.return =
- kernel.function("sys_capset").return {
- name = "capset.return"
- version = $header->version
- target_pid = $header->pid
- effective = $data->effective
- permitted = $data->permitted
- inheritable = $data->inheritable
- /*
- DESCRIPTION
- These two functions are the raw kernel interface
- for getting and setting capabilities. The kernel API
- is likely to change and use of these functions (in
- particular the format of the cap_user_*_t types) is
- subject to change with each kernel revision.
-
- These system calls are specific to Linux.
- The portable interfaces are cap_set_proc(3) and
- cap_get_proc(3).
- */
- }
+ kernel.function("sys_capset").return {
+ name = "capset.return"
+ }
# personality______________________________________
-/* asmlinkage long sys_personality(u_long personality) */
+/*
+ * asmlinkage long
+ * sys_personality(u_long personality)
+ */
probe kernel.syscall.personality =
- kernel.function("sys_personality") {
- name = "personality"
- persona = $personality
- }
-
+ kernel.function("sys_personality") {
+ name = "personality"
+ persona = $personality
+ }
probe kernel.syscall.personality.return =
- kernel.function("sys_personality").return {
- name = "personality.return"
- persona = $personality
- }
+ kernel.function("sys_personality").return {
+ name = "personality.return"
+ }
# sigpending_______________________________________
-/* asmlinkage long sys_sigpending(old_sigset_t __user *set) */
+/*
+ * long do_sigpending(void __user *set,
+ * unsigned long sigsetsize)
+ */
probe kernel.syscall.sigpending =
- kernel.function("do_sigpending") {
- name = "sigpending"
- }
+ kernel.function("do_sigpending") {
+ name = "sigpending"
+ /*
+ NOTE
+ set is defined as
+ struct {
+ unsigned long int __val[128];
+ }
+ theres is no practical way to export
+ these values. Therefore just export
+ addr, let the user take care of it
+ with embedded C if need be.
+ */
+ /*
+ XXX Cannot deal w void pointers yet
+ set_uaddr = $set
+ */
+ }
probe kernel.syscall.sigpending.return =
- kernel.function("do_sigpending").return {
- name = "sigpending.return"
- /*
- set = $set
- */
- }
+ kernel.function("do_sigpending").return {
+ name = "sigpending.return"
+ }
# sigprocmask______________________________________
-/* asmlinkage long
- sys_sigprocmask(int how,
- old_sigset_t __user *set,
- old_sigset_t __user *oset) */
+/*
+ * asmlinkage long
+ * sys_sigprocmask(int how,
+ * old_sigset_t __user *set,
+ * old_sigset_t __user *oset)
+ */
probe kernel.syscall.sigprocmask =
- kernel.function("sys_sigprocmask") {
- name = "sigprocmask"
- how = $how
- how_str = _sigprocmask_how_str($how)
- /*
- set = $set
- oldset = $oset
- */
- }
-
+ kernel.function("sys_sigprocmask") {
+ name = "sigprocmask"
+ how = $how
+ how_str = _sigprocmask_how_str($how)
+ /*
+ NOTE
+ set and oset are defined as
+ struct {
+ unsigned long int __val[128];
+ }
+ theres is no practical way to export
+ these values. Therefore just export
+ addr, let the user take care of it
+ with embedded C if need be.
+ */
+ set_uaddr = $set
+ oldset_uaddr = $oset
+ }
probe kernel.syscall.sigprocmask.return =
- kernel.function("sys_sigprocmask").return {
- name = "sigprocmask.return"
- how = $how
- how_str = _sigprocmask_how_str($how)
- /*
- set = $set
- oldset = $oset
- */
- }
+ kernel.function("sigprocmask").return {
+ name = "sigprocmask.return"
+ }
# getitimer________________________________________
-/* asmlinkage long
- sys_getitimer(int which,
- struct itimerval __user *value) */
+/*
+ * asmlinkage long
+ * sys_getitimer(int which,
+ * struct itimerval __user *value)
+ */
probe kernel.syscall.getitimer =
- kernel.function("sys_getitimer") {
- name = "getitimer"
- which = $which
- which_str = _itimer_which_str($which)
- /*
- value_it_interval_tv_sec = $value->it_interval->tv_sec
- value_it_interval_tv_usec = $value->it_interval->tv_usec
- value_it_value_tv_sec = $value->it_value->tv_sec
- value_it_value_tv_usec = $value->it_value->tv_usec
- */
- }
-
+ kernel.function("sys_getitimer") {
+ name = "getitimer"
+ which = $which
+ which_str = _itimer_which_str($which)
+ value_uaddr = $value
+ value_it_interval_tv_sec =
+ __uget_itimerval_tv_m($value,0)
+ value_it_interval_tv_usec =
+ __uget_itimerval_tv_m($value,1)
+ value_it_value_tv_sec =
+ __uget_itimerval_tv_m($value,2)
+ value_it_value_tv_usec =
+ __uget_itimerval_tv_m($value,3)
+ }
probe kernel.syscall.getitimer.return =
- kernel.function("sys_getitimer").return {
- name = "getitimer.return"
- which = $which
- which_str = _itimer_which_str($which)
- /*
- value_it_interval_tv_sec = $value->it_interval->tv_sec
- value_it_interval_tv_usec = $value->it_interval->tv_usec
- value_it_value_tv_sec = $value->it_value->tv_sec
- value_it_value_tv_usec = $value->it_value->tv_usec
- */
- }
+ kernel.function("sys_getitimer").return {
+ name = "getitimer.return"
+ }
# setitimer________________________________________
-/* asmlinkage long
- sys_setitimer(int which,
- struct itimerval __user *value,
- struct itimerval __user *ovalue) */
+/*
+ * asmlinkage long
+ * sys_setitimer(int which,
+ * struct itimerval __user *value,
+ * struct itimerval __user *ovalue)
+ */
probe kernel.syscall.setitimer =
- kernel.function("sys_setitimer") {
- name = "setitimer"
- which = $which
- which_str = _itimer_which_str($which)
- /*
- value_it_interval_tv_sec = $value->it_interval->tv_sec
- value_it_interval_tv_usec = $value->it_interval->tv_usec
- value_it_value_tv_sec = $value->it_value->tv_sec
- value_it_value_tv_usec = $value->it_value->tv_usec
- */
- }
-
+ kernel.function("sys_setitimer") {
+ name = "setitimer"
+ which = $which
+ which_str = _itimer_which_str($which)
+ value_uaddr = $value
+ ovalue_uaddr = $ovalue
+ value_it_interval_tv_sec =
+ __uget_itimerval_tv_m($value,0)
+ value_it_interval_tv_usec =
+ __uget_itimerval_tv_m($value,1)
+ value_it_value_tv_sec =
+ __uget_itimerval_tv_m($value,2)
+ value_it_value_tv_usec =
+ __uget_itimerval_tv_m($value,3)
+ ovalue_it_interval_tv_sec =
+ __uget_itimerval_tv_m($ovalue,0)
+ ovalue_it_interval_tv_usec =
+ __uget_itimerval_tv_m($ovalue,1)
+ ovalue_it_value_tv_sec =
+ __uget_itimerval_tv_m($ovalue,2)
+ ovalue_it_value_tv_usec =
+ __uget_itimerval_tv_m($ovalue,3)
+ }
probe kernel.syscall.setitimer.return =
- kernel.function("sys_setitimer").return {
- name = "setitimer.return"
- which = $which
- which_str = _itimer_which_str($which)
- /*
- value_it_interval_tv_sec = $value->it_interval->tv_sec
- value_it_interval_tv_usec = $value->it_interval->tv_usec
- value_it_value_tv_sec = $value->it_value->tv_sec
- value_it_value_tv_usec = $value->it_value->tv_usec
-
- ovalue_it_interval_tv_sec = $ovalue->it_interval->tv_sec
- ovalue_it_interval_tv_usec = $ovalue->it_interval->tv_usec
- ovalue_it_value_tv_sec = $ovalue->it_value->tv_sec
- ovalue_it_value_tv_usec = $ovalue->it_value->tv_usec
- */
- }
+ kernel.function("sys_setitimer").return {
+ name = "setitimer.return"
+ }
# timer_create_____________________________________
-/* asmlinkage long
- sys_timer_create(clockid_t which_clock,
- struct sigevent __user *timer_event_spec,
- timer_t __user * created_timer_id) */
+/*
+ * asmlinkage long
+ * sys_timer_create(clockid_t which_clock,
+ * struct sigevent __user *timer_event_spec,
+ * timer_t __user * created_timer_id)
+ */
probe kernel.syscall.timer_create =
- kernel.function("sys_timer_create") {
- name = "timer_create"
- which_clock = $which_clock
- which_clock_str = _get_wc_str($which_clock)
- /* ...a little unsure about this...
-
- typedef struct sigevent {
- sigval_t sigev_value;
- int sigev_signo;
- int sigev_notify;
- union {
- int _pad[SIGEV_PAD_SIZE];
- int _tid;
-
- struct {
- void (*_function)(sigval_t);
- void *_attribute;
- // really pthread_attr_t
- } _sigev_thread;
- } _sigev_un;
- } sigevent_t;
-
- */
- }
+ kernel.function("sys_timer_create") {
+ name = "timer_create"
+ clockid = $which_clock
+ clockid_str = _get_wc_str($which_clock)
+ evp_uaddr = $timer_event_spec
+ /* ...a little unsure about this...
+
+ typedef struct sigevent {
+ sigval_t sigev_value;
+ int sigev_signo;
+ int sigev_notify;
+ union {
+ int _pad[SIGEV_PAD_SIZE];
+ int _tid;
+ struct {
+ void (*_function)(sigval_t);
+ void *_attribute;
+ // really pthread_attr_t
+ } _sigev_thread;
+ } _sigev_un;
+ } sigevent_t;
+ */
+ timerid_uaddr = $created_timer_id
+ timerid = __uget_num($created_timer_id)
+ }
probe kernel.syscall.timer_create.return =
- kernel.function("sys_timer_create").return {
- name = "timer_create.return"
- which_clock = $which_clock
- which_clock_str = _get_wc_str($which_clock)
- /* ...a little unsure about this...
-
- typedef struct sigevent {
- sigval_t sigev_value;
- int sigev_signo;
- int sigev_notify;
- union {
- int _pad[SIGEV_PAD_SIZE];
- int _tid;
-
- struct {
- void (*_function)(sigval_t);
- void *_attribute;
- // really pthread_attr_t
- } _sigev_thread;
- } _sigev_un;
- } sigevent_t;
- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- created_timer_id = $created_timer_id
- */
- }
+ kernel.function("sys_timer_create").return {
+ name = "timer_create.return"
+ }
# timer_gettime____________________________________
-/* asmlinkage long
- sys_timer_gettime(timer_t timer_id,
- struct itimerspec __user *setting) */
+/*
+ * asmlinkage long
+ * sys_timer_gettime(timer_t timer_id,
+ * struct itimerspec __user *setting)
+ */
probe kernel.syscall.timer_gettime =
- kernel.function("sys_timer_gettime") {
- name = "timer_gettime"
- timer_id = $timer_id
- }
-
+ kernel.function("sys_timer_gettime") {
+ name = "timer_gettime"
+ timerid = $timer_id
+ value_uaddr = $setting
+ value_it_interval_tv_sec =
+ __uget_itimerspec_ts_m($setting,0)
+ value_it_interval_tv_nsec =
+ __uget_itimerspec_ts_m($setting,1)
+ value_it_value_tv_sec =
+ __uget_itimerspec_ts_m($setting,2)
+ value_it_value_tv_nsec =
+ __uget_itimerspec_ts_m($setting,3)
+ }
probe kernel.syscall.timer_gettime.return =
- kernel.function("sys_timer_gettime").return {
- name = "timer_gettime.return"
- timer_id = $timer_id
- /*
- setting_it_interval_tv_sec =
- $setting->it_interval->tv_sec
- setting_it_interval_tv_usec =
- $setting->it_interval->tv_usec
- setting_it_value_tv_sec =
- $setting->it_value->tv_sec
- setting_it_value_tv_usec =
- $setting->it_value->tv_usec
- */
- }
+ kernel.function("sys_timer_gettime").return {
+ name = "timer_gettime.return"
+ }
# timer_getoverrun_________________________________
-/* asmlinkage long sys_timer_getoverrun(timer_t timer_id) */
+/*
+ * asmlinkage long
+ * sys_timer_getoverrun(timer_t timer_id)
+ */
probe kernel.syscall.timer_getoverrun =
- kernel.function("sys_timer_getoverrun") {
- name = "timer_getoverrun"
- timer_id = $timer_id
- }
-
+ kernel.function("sys_timer_getoverrun") {
+ name = "timer_getoverrun"
+ timerid = $timer_id
+ }
probe kernel.syscall.timer_getoverrun.return =
- kernel.function("sys_timer_getoverrun").return {
- name = "timer_getoverrun.return"
- timer_id = $timer_id
- }
+ kernel.function("sys_timer_getoverrun").return {
+ name = "timer_getoverrun.return"
+ }
# timer_settime____________________________________
-/* asmlinkage long
- sys_timer_settime(timer_t timer_id, int flags,
- const struct itimerspec __user *new_setting,
- struct itimerspec __user *old_setting) */
+/*
+ * asmlinkage long
+ * sys_timer_settime(timer_t timer_id,
+ * int flags,
+ * const struct itimerspec __user *new_setting,
+ * struct itimerspec __user *old_setting)
+ */
probe kernel.syscall.timer_settime =
- kernel.function("sys_timer_settime") {
- name = "timer_settime"
- timer_id = $timer_id
- flags = $flags
- /*
- new_setting_it_interval_tv_sec =
- $new_setting->it_interval->tv_sec
- new_setting_it_interval_tv_usec =
- $new_setting->it_interval->tv_usec
- */
- }
-
+ kernel.function("sys_timer_settime") {
+ name = "timer_settime"
+ timerid = $timer_id
+ flags = $flags
+ value_uaddr = $new_setting
+ ovalue_uaddr = $old_setting
+ }
probe kernel.syscall.timer_settime.return =
- kernel.function("sys_timer_settime").return {
- name = "timer_settime.return"
- name = "timer_settime"
- timer_id = $timer_id
- flags = $flags
- /*
- new_setting_it_interval_tv_sec =
- $new_setting->it_interval->tv_sec
- new_setting_it_interval_tv_usec =
- $new_setting->it_interval->tv_usec
- old_setting_it_interval_tv_sec =
- $old_setting->it_interval->tv_sec
- old_setting_it_interval_tv_usec =
- $old_setting->it_interval->tv_usec
- */
- }
+ kernel.function("sys_timer_settime").return {
+ name = "timer_settime.return"
+ }
# timer_delete_____________________________________
-/* asmlinkage long sys_timer_delete(timer_t timer_id) */
+/*
+ * asmlinkage long
+ * sys_timer_delete(timer_t timer_id)
+ */
probe kernel.syscall.timer_delete =
- kernel.function("sys_timer_delete") {
- name = "timer_delete"
- timer_id = $timer_id
- }
-
+ kernel.function("sys_timer_delete") {
+ name = "timer_delete"
+ timerid = $timer_id
+}
probe kernel.syscall.timer_delete.return =
- kernel.function("sys_timer_delete").return {
- name = "timer_delete.return"
- timer_id = $timer_id
- }
+ kernel.function("sys_timer_delete").return {
+ name = "timer_delete.return"
+ }
# clock_settime____________________________________
-/* asmlinkage long
- sys_clock_settime(clockid_t which_clock,
- const struct timespec __user *tp) */
+/*
+ * asmlinkage long
+ * sys_clock_settime(clockid_t which_clock,
+ * const struct timespec __user *tp)
+ */
probe kernel.syscall.clock_settime =
- kernel.function("sys_clock_settime") {
- name = "clock_settime"
- which_clock = $which_clock
- which_clock_str = _get_wc_str($which_clock)
- /*
- tp_tv_sec = $tp->tv_sec
- tp_tv_usec = $tp->tv_usec
- */
- }
-
+ kernel.function("sys_clock_settime") {
+ name = "clock_settime"
+ clk_id = $which_clock
+ clk_id_str = _get_wc_str($which_clock)
+ tp_uaddr = $tp
+ }
probe kernel.syscall.clock_settime.return =
- kernel.function("sys_clock_settime").return {
- name = "clock_settime.return"
- which_clock = $which_clock
- which_clock_str = _get_wc_str($which_clock)
- /*
- tp_tv_sec = $tp->tv_sec
- tp_tv_usec = $tp->tv_usec
- */
- }
+ kernel.function("sys_clock_settime").return {
+ name = "clock_settime.return"
+ }
# clock_gettime____________________________________
-/* asmlinkage long
- sys_clock_gettime(clockid_t which_clock,
- struct timespec __user *tp) */
-probe kernel.syscall.clock_gettime =
- kernel.function("sys_clock_gettime") {
- name = "clock_gettime"
- which_clock = $which_clock
- which_clock_str = _get_wc_str($which_clock)
- }
-
+/*
+ * asmlinkage long
+ * sys_clock_gettime(clockid_t which_clock,
+ * struct timespec __user *tp)
+ */
+probe kernel.syscall.clock_gettime =
+ kernel.function("sys_clock_gettime") {
+ name = "clock_gettime"
+ clk_id = $which_clock
+ clk_id_str = _get_wc_str($which_clock)
+ tp_uaddr = $tp
+}
probe kernel.syscall.clock_gettime.return =
- kernel.function("sys_clock_gettime").return {
- name = "clock_gettime.return"
- which_clock = $which_clock
- which_clock_str = _get_wc_str($which_clock)
- /*
- tp_tv_sec = $tp->tv_sec
- tp_tv_usec = $tp->tv_usec
- */
- }
+ kernel.function("sys_clock_gettime").return {
+ name = "clock_gettime.return"
+ }
# clock_getres_____________________________________
-/* asmlinkage long
- sys_clock_getres(clockid_t which_clock,
- struct timespec __user *tp) */
+/*
+ * asmlinkage long
+ * sys_clock_getres(clockid_t which_clock,
+ * struct timespec __user *tp)
+ */
probe kernel.syscall.clock_getres =
- kernel.function("sys_clock_getres") {
- name = "clock_getres"
- which_clock = $which_clock
- which_clock_str = _get_wc_str($which_clock)
- }
-
+ kernel.function("sys_clock_getres") {
+ name = "clock_getres"
+ clk_id = $which_clock
+ clk_id_str = _get_wc_str($which_clock)
+ res_uaddr = $tp
+ }
probe kernel.syscall.clock_getres.return =
- kernel.function("sys_clock_getres").return {
- name = "clock_getres.return"
- which_clock = $which_clock
- which_clock_str = _get_wc_str($which_clock)
- /*
- tp_tv_sec = $tp->tv_sec
- tp_tv_usec = $tp->tv_usec
- */
- }
+ kernel.function("sys_clock_getres").return {
+ name = "clock_getres.return"
+ }
# clock_nanosleep__________________________________
-/* asmlinkage long
- sys_clock_nanosleep(clockid_t which_clock,
- int flags,
- const struct timespec __user *rqtp,
- struct timespec __user *rmtp) */
+/*
+ * asmlinkage long
+ * sys_clock_nanosleep(clockid_t which_clock,
+ * int flags,
+ * const struct timespec __user *rqtp,
+ * struct timespec __user *rmtp)
+ */
probe kernel.syscall.clock_nanosleep =
- kernel.function("sys_clock_nanosleep") {
- name = "clock_nanosleep"
- which_clock = $which_clock
- which_clock_str = _get_wc_str($which_clock)
- flags = $flags
- flag_str = "TIMER_ABSTIME"
- /*
- rqtp_tv_sec = $rqtp->tv_sec
- rqtp_tv_usec = $rqtp->tv_usec
- */
- }
-
+ kernel.function("sys_clock_nanosleep") {
+ name = "clock_nanosleep"
+ clock_id = $which_clock
+ clock_id_str = _get_wc_str($which_clock)
+ flags = $flags
+ flag_str = "TIMER_ABSTIME"
+ rqtp_uaddr = $rqtp
+ rmtp_uaddr = $rmtp
+ }
probe kernel.syscall.clock_nanosleep.return =
- kernel.function("sys_clock_nanosleep").return {
- name = "clock_nanosleep.return"
- which_clock = $which_clock
- which_clock_str = _get_wc_str($which_clock)
- flags = $flags
- flag_str = "TIMER_ABSTIME"
- /*
- rqtp_tv_sec = $rqtp->tv_sec
- rqtp_tv_usec = $rqtp->tv_usec
- rmtp_tv_sec = $rmtp->tv_sec
- rmtp_tv_usec = $rmtp->tv_usec
- */
- }
+ kernel.function("sys_clock_nanosleep").return {
+ name = "clock_nanosleep.return"
+ }
# nice_____________________________________________
-/* asmlinkage long sys_nice(int increment) */
+/*
+ * asmlinkage long
+ * sys_nice(int increment)
+ */
probe kernel.syscall.nice =
- kernel.function("sys_nice") {
- name = "nice"
- inc = $increment
- }
-
+ kernel.function("sys_nice") {
+ name = "nice"
+ inc = $increment
+ }
probe kernel.syscall.nice.return =
- kernel.function("sys_nice").return {
- name = "nice.return"
- inc = $increment
- }
+ kernel.function("sys_nice").return {
+ name = "nice.return"
+ }
# sched_setscheduler_______________________________
-/* asmlinkage long
- sys_sched_setscheduler(pid_t pid, int policy,
- struct sched_param __user *param) */
+/*
+ * asmlinkage long
+ * sys_sched_setscheduler(pid_t pid,
+ * int policy,
+ * struct sched_param __user *param)
+ */
probe kernel.syscall.sched_setscheduler =
- kernel.function("do_sched_setscheduler") {
- name = "sched_setscheduler"
- pid = $pid
- policy = $policy
- policy_str = _sched_policy_str($policy)
- /*
- p_sched_priority = param->sched_parameter
- */
- }
-
+ kernel.function("do_sched_setscheduler") {
+ name = "sched_setscheduler"
+ pid = $pid
+ policy = $policy
+ policy_str = _sched_policy_str($policy)
+ p_uaddr = $param
+ }
probe kernel.syscall.sched_setscheduler.return =
- kernel.function("do_sched_setscheduler").return {
- name = "sched_setscheduler.return"
- pid = $pid
- policy = $policy
- policy_str = _sched_policy_str($policy)
- /*
- p_sched_priority = param->sched_parameter
- */
- }
+ kernel.function("do_sched_setscheduler").return {
+ name = "sched_setscheduler.return"
+ }
# sched_setparam___________________________________
-/* asmlinkage long
- sys_sched_setparam(pid_t pid,
- struct sched_param __user *param) */
+/*
+ * asmlinkage long
+ * sys_sched_setparam(pid_t pid,
+ * struct sched_param __user *param)
+ */
probe kernel.syscall.sched_setparam =
- kernel.function("do_sched_setscheduler") {
- name = "sched_setparam"
- pid = $pid
- /*
- p_sched_priority = param->sched_parameter
- */
- }
-
+ kernel.function("do_sched_setscheduler") {
+ name = "sched_setparam"
+ pid = $pid
+ p_uaddr = $param
+ }
probe kernel.syscall.sched_setparam.return =
- kernel.function("do_sched_setscheduler").return {
- name = "sched_setparam.return"
- pid = $pid
- /*
- p_sched_priority = param->sched_parameter
- */
- }
+ kernel.function("do_sched_setscheduler").return {
+ name = "sched_setparam.return"
+ }
# sched_getscheduler_______________________________
-/* asmlinkage long sys_sched_getscheduler(pid_t pid) */
+/*
+ * asmlinkage long
+ * sys_sched_getscheduler(pid_t pid)
+ */
probe kernel.syscall.sched_getscheduler =
- kernel.function("sys_sched_getscheduler") {
- name = "sched_getscheduler"
- pid = $pid
- }
-
+ kernel.function("sys_sched_getscheduler") {
+ name = "sched_getscheduler"
+ pid = $pid
+ }
probe kernel.syscall.sched_getscheduler.return =
- kernel.function("sys_sched_getscheduler").return {
- name = "sched_getscheduler.return"
- pid = $pid
- }
+ kernel.function("sys_sched_getscheduler").return {
+ name = "sched_getscheduler.return"
+ }
# sched_getparam___________________________________
-/* asmlinkage long
- sys_sched_getparam(pid_t pid,
- struct sched_param __user *param) */
+/*
+ * asmlinkage long
+ * sys_sched_getparam(pid_t pid,
+ * struct sched_param __user *param)
+ */
probe kernel.syscall.sched_getparam =
- kernel.function("sys_sched_getparam") {
- name = "sched_getparam"
- pid = $pid
- }
-
+ kernel.function("sys_sched_getparam") {
+ name = "sched_getparam"
+ pid = $pid
+ p_uaddr = $param
+ }
probe kernel.syscall.sched_getparam.return =
- kernel.function("sys_sched_getparam").return {
- name = "sched_getparam.return"
- pid = $pid
- /*
- p_sched_priority = param->sched_parameter
- */
- }
+ kernel.function("sys_sched_getparam").return {
+ name = "sched_getparam.return"
+ }
# sched_setaffinity________________________________
-/* long sched_setaffinity(pid_t pid, cpumask_t new_mask) */
+/*
+ * asmlinkage long
+ * sys_sched_setaffinity(pid_t pid,
+ * unsigned int len,
+ * unsigned long __user *user_mask_ptr)
+ */
probe kernel.syscall.sched_setaffinity =
- kernel.function("sys_sched_setaffinity") {
- name = "sched_setaffinity"
- pid = $pid
- mask = $new_mask
- }
-
+ kernel.function("sys_sched_setaffinity") {
+ name = "sched_setaffinity"
+ pid = $pid
+ len = $len
+ mask_uaddr = $user_mask_ptr
+ }
probe kernel.syscall.sched_setaffinity.return =
- kernel.function("sys_sched_setaffinity").return {
- name = "sched_setaffinity.return"
- pid = $pid
- mask = $new_mask
- }
+ kernel.function("sys_sched_setaffinity").return {
+ name = "sched_setaffinity.return"
+ }
# sched_getaffinity________________________________
-/* asmlinkage long
- sys_sched_getaffinity(pid_t pid, unsigned int len,
- unsigned long __user *user_mask_ptr) */
+/*
+ * asmlinkage long
+ * sys_sched_getaffinity(pid_t pid,
+ * unsigned int len,
+ * unsigned long __user *user_mask_ptr)
+ */
probe kernel.syscall.sched_getaffinity =
- kernel.function("sys_sched_getaffinity") {
- name = "sched_getaffinity"
- pid = $pid
- len = $len
- }
-
+ kernel.function("sys_sched_getaffinity") {
+ name = "sched_getaffinity"
+ pid = $pid
+ len = $len
+ mask_uaddr = $user_mask_ptr
+ }
probe kernel.syscall.sched_getaffinity.return =
- kernel.function("sys_sched_getaffinity").return {
- name = "sched_getaffinity.return"
- pid = $pid
- len = $len
- /*
- mask = $user_mask_ptr
- */
- }
+ kernel.function("sys_sched_getaffinity").return {
+ name = "sched_getaffinity.return"
+ }
# sched_yield______________________________________
-/* asmlinkage long sys_sched_yield(void) */
+/*
+ * asmlinkage long
+ * sys_sched_yield(void)
+ */
probe kernel.syscall.sched_yield =
- kernel.function("sys_sched_yield") {
- name = "sched_yield"
- }
-
+ kernel.function("sys_sched_yield") {
+ name = "sched_yield"
+ }
probe kernel.syscall.sched_yield.return =
- kernel.function("sys_sched_yield").return {
- name = "sched_yield.return"
- }
+ kernel.function("sys_sched_yield").return {
+ name = "sched_yield.return"
+ }
# sched_get_priority_max___________________________
-/* asmlinkage long sys_sched_get_priority_max(int policy) */
+/*
+ * asmlinkage long
+ * sys_sched_get_priority_max(int policy)
+ */
probe kernel.syscall.sched_get_priority_max =
- kernel.function("sys_sched_get_priority_max") {
- name = "sched_get_priority_max"
- policy = $policy
- }
-
+ kernel.function("sys_sched_get_priority_max") {
+ name = "sched_get_priority_max"
+ policy = $policy
+ }
probe kernel.syscall.sched_get_priority_max.return =
- kernel.function("sys_sched_get_priority_max").return {
- name = "sched_get_priority_max.return"
- policy = $policy
- }
+ kernel.function("sys_sched_get_priority_max").return {
+ name = "sched_get_priority_max.return"
+ }
# sched_get_priority_min___________________________
-/* asmlinkage long sys_sched_get_priority_min(int policy) */
+/*
+ * asmlinkage long
+ * sys_sched_get_priority_min(int policy)
+ */
probe kernel.syscall.sched_get_priority_min =
- kernel.function("sys_sched_get_priority_min") {
- name = "sched_get_priority_min"
- policy = $policy
- }
-
+ kernel.function("sys_sched_get_priority_min") {
+ name = "sched_get_priority_min"
+ policy = $policy
+ }
probe kernel.syscall.sched_get_priority_min.return =
- kernel.function("sys_sched_get_priority_min").return {
- name = "sched_get_priority_min.return"
- policy = $policy
- }
+ kernel.function("sys_sched_get_priority_min").return {
+ name = "sched_get_priority_min.return"
+ }
# sched_rr_get_interval____________________________
-/* asmlinkage long
- sys_sched_rr_get_interval(pid_t pid,
- struct timespec __user *interval) */
-probe kernel.syscall.sched_rr_get_interval =
- kernel.function("sys_sched_rr_get_interval") {
- name = "sched_rr_get_interval"
- pid = $pid
- }
-
+/*
+ * asmlinkage long
+ * sys_sched_rr_get_interval(pid_t pid,
+ * struct timespec __user *interval)
+ */
+probe kernel.syscall.sched_rr_get_interval =
+ kernel.function("sys_sched_rr_get_interval") {
+ name = "sched_rr_get_interval"
+ pid = $pid
+ tp_uaddr = $interval
+ }
probe kernel.syscall.sched_rr_get_interval.return =
- kernel.function("sys_sched_rr_get_interval").return {
- name = "sched_rr_get_interval.return"
- pid = $pid
- /*
- tp_tv_sec = $tp->tv_sec
- tp_tv_usec = $tp->tv_usec
- */
- }
+ kernel.function("sys_sched_rr_get_interval").return {
+ name = "sched_rr_get_interval.return"
+ }
# setpriority______________________________________
-/* asmlinkage long
- sys_setpriority(int which, int who, int niceval) */
+/*
+ * asmlinkage long
+ * sys_setpriority(int which,
+ * int who,
+ * int niceval)
+ */
probe kernel.syscall.setpriority =
- kernel.function("sys_setpriority") {
- name = "setpriority"
- which = $which
- which_str =
- _priority_which_str($which)
- who = $who
- prio = $niceval
- }
-
+ kernel.function("sys_setpriority") {
+ name = "setpriority"
+ which = $which
+ which_str =
+ _priority_which_str($which)
+ who = $who
+ prio = $niceval
+ }
probe kernel.syscall.setpriority.return =
- kernel.function("sys_setpriority").return {
- name = "setpriority.return"
- which = $which
- which_str =
- _priority_which_str($which)
- who = $who
- prio = $niceval
- }
+ kernel.function("sys_setpriority").return {
+ name = "setpriority.return"
+ }
# getpriority______________________________________
-/* asmlinkage long sys_getpriority(int which, int who) */
+/*
+ * asmlinkage long
+ * sys_getpriority(int which,
+ * int who)
+ */
probe kernel.syscall.getpriority =
- kernel.function("sys_getpriority") {
- name = "getpriority"
- which = $which
- which_str =
- _priority_which_str($which)
- who = $who
- }
-
+ kernel.function("sys_getpriority") {
+ name = "getpriority"
+ which = $which
+ which_str =
+ _priority_which_str($which)
+ who = $who
+ }
probe kernel.syscall.getpriority.return =
- kernel.function("sys_getpriority").return {
- name = "getpriority.return"
- which = $which
- which_str =
- _priority_which_str($which)
- who = $who
- }
+ kernel.function("sys_getpriority").return {
+ name = "getpriority.return"
+ }
# shutdown_________________________________________
-/* asmlinkage long sys_shutdown(int fd, int how) */
+/*
+ * asmlinkage long
+ * sys_shutdown(int fd,
+ * int how)
+ */
probe kernel.syscall.shutdown =
- kernel.function("sys_shutdown") {
- name = "shutdown"
- s = $fd
- how = $how
- how_str = _shutdown_how_str($how)
- }
-
+ kernel.function("sys_shutdown") {
+ name = "shutdown"
+ s = $fd
+ how = $how
+ how_str = _shutdown_how_str($how)
+ }
probe kernel.syscall.shutdown.return =
- kernel.function("sys_shutdown").return {
- name = "shutdown.return"
- s = $fd
- how = $how
- how_str = _shutdown_how_str($how)
- }
+ kernel.function("sys_shutdown").return {
+ name = "shutdown.return"
+ }
# reboot___________________________________________
-/* asmlinkage long
- sys_reboot(int magic1, int magic2,
- unsigned int cmd, void __user * arg) */
+/*
+ * asmlinkage long
+ * sys_reboot(int magic1,
+ * int magic2,
+ * unsigned int cmd,
+ * void __user * arg)
+ */
probe kernel.syscall.reboot =
- kernel.function("sys_reboot") {
- name = "reboot"
- magic = $magic1
- magic_str =
- _reboot_magic_str($magic1)
- magic2 = $magic2
- magic2_str =
- _reboot_magic_str($magic2)
- flag = $cmd
- flag_str =
- _reboot_flag_str(flag)
- /*
- void __user * arg
- */
- }
-
+ kernel.function("sys_reboot") {
+ name = "reboot"
+ magic = $magic1
+ magic_str =
+ _reboot_magic_str($magic1)
+ magic2 = $magic2
+ magic2_str =
+ _reboot_magic_str($magic2)
+ flag = $cmd
+ flag_str =
+ _reboot_flag_str(flag)
+ /*
+ void __user * arg
+ */
+ }
probe kernel.syscall.reboot.return =
- kernel.function("sys_reboot").return {
- name = "reboot.return"
- magic = $magic1
- magic_str =
- _reboot_magic_str($magic1)
- magic2 = $magic2
- magic2_str =
- _reboot_magic_str($magic2)
- flag = $cmd
- flag_str =
- _reboot_flag_str(flag)
- /*
- void __user * arg
- */
- }
+ kernel.function("sys_reboot").return {
+ name = "reboot.return"
+ }
# restart_syscall__________________________________
-/* asmlinkage long sys_restart_syscall(void) */
+/*
+ * asmlinkage long
+ * sys_restart_syscall(void)
+ */
probe kernel.syscall.restart_syscall =
- kernel.function("sys_restart_syscall") {
- name = "restart_syscall"
- }
-
+ kernel.function("sys_restart_syscall") {
+ name = "restart_syscall"
+ }
probe kernel.syscall.restart_syscall.return =
- kernel.function("sys_restart_syscall").return {
- name = "restart_syscall.return"
- }
+ kernel.function("sys_restart_syscall").return {
+ name = "restart_syscall.return"
+ }
# exit_____________________________________________
-/* asmlinkage long sys_exit(int error_code) */
+/*
+ * asmlinkage long
+ * sys_exit(int error_code)
+ */
probe kernel.syscall.exit =
- kernel.function("do_exit") {
- name = "exit"
- %( kernel_v > "2.6.9" %? status = $error_code %)
- }
-
+ kernel.function("do_exit") {
+ name = "exit"
+ status = $code
+ }
probe kernel.syscall.exit.return =
- kernel.function("do_exit").return {
- name = "exit.return"
- status = $error_code
- }
+ kernel.function("do_exit").return {
+ name = "exit.return"
+ }
# exit_group_______________________________________
-/* smlinkage void sys_exit_group(int error_code) */
+/*
+ * asmlinkage void
+ * sys_exit_group(int error_code)
+ */
probe kernel.syscall.exit_group =
- kernel.function("do_group_exit") {
- name = "exit_group"
- %( kernel_v > "2.6.9" %? status = $error_code %)
- }
-
+ kernel.function("sys_exit_group") {
+ name = "exit_group"
+ status = $error_code
+ }
probe kernel.syscall.exit_group.return =
- kernel.function("do_group_exit").return {
- name = "exit_group.return"
- %( kernel_v > "2.6.9" %? status = $error_code %)
- }
+ kernel.function("do_group_exit").return {
+ name = "exit_group.return"
+ }
# wait4____________________________________________
-/* asmlinkage long
- sys_wait4(pid_t pid, int __user *stat_addr,
- int options, struct rusage __user *ru) */
+/*
+ * asmlinkage long
+ * sys_wait4(pid_t pid,
+ * int __user *stat_addr,
+ * int options,
+ * struct rusage __user *ru)
+ */
probe kernel.syscall.wait4 =
- kernel.function("sys_wait4") {
- name = "wait4"
- pid = $pid
- /*
- status = $stat_addr
- */
- options = $options
- options_str =
- _wait4_opt_str($options)
- }
-
+ kernel.function("sys_wait4") {
+ name = "wait4"
+ pid = $pid
+ status_uaddr = $stat_addr
+ options = $options
+ options_str =
+ _wait4_opt_str($options)
+ rusage_uaddr = $ru
+ }
probe kernel.syscall.wait4.return =
- kernel.function("sys_wait4").return {
- name = "wait4.return"
- pid = $pid
- /*
- status = $stat_addr
- */
- options = $options
- options_str =
- _wait4_opt_str($options)
- }
+ kernel.function("sys_wait4").return {
+ name = "wait4.return"
+ }
# waitid___________________________________________
-/* asmlinkage long
- sys_waitid(int which, pid_t pid,
- struct siginfo __user *infop, int options,
- struct rusage __user *ru) */
+/*
+ * asmlinkage long
+ * sys_waitid(int which,
+ * pid_t pid,
+ * struct siginfo __user *infop,
+ * int options,
+ * struct rusage __user *ru)
+ */
probe kernel.syscall.waitid =
- kernel.function("sys_waitid") {
- name = "waitid"
- which = $which
- which_str =
- _waitid_which_str($which)
- pid = $pid
- options = $options
- options_str =
- _wait4_opt_str($options)
- }
-
+ kernel.function("sys_waitid") {
+ name = "waitid"
+ which = $which
+ which_str =
+ _waitid_which_str($which)
+ pid = $pid
+ infop_uaddr = $infop
+ options = $options
+ options_str =
+ _wait4_opt_str($options)
+ }
probe kernel.syscall.waitid.return =
- kernel.function("sys_waitid").return {
- name = "waitid.return"
- which = $which
- which_str =
- _waitid_which_str($which)
- pid = $pid
- options = $options
- options_str =
- _wait4_opt_str($options)
- /*
-typedef struct siginfo {
- int si_signo;
- int si_errno;
- int si_code;
-
- union {
- int _pad[SI_PAD_SIZE];
-
- // kill()
- struct {
- pid_t _pid; // sender's pid
- __ARCH_SI_UID_T _uid; // sender's uid
- } _kill;
-
- // POSIX.1b timers
- struct {
- timer_t _tid; // timer id
- int _overrun; // overrun count
- char _pad[sizeof( __ARCH_SI_UID_T) - sizeof(int)];
- sigval_t _sigval; // same as below
- int _sys_private; // not to be passed to user
- } _timer;
-
- // POSIX.1b signals
- struct {
- pid_t _pid; // sender's pid
- __ARCH_SI_UID_T _uid; // sender's uid
- sigval_t _sigval;
- } _rt;
-
- // SIGCHLD
- struct {
- pid_t _pid; // which child
- __ARCH_SI_UID_T _uid; // sender's uid
- int _status; // exit code
- clock_t _utime;
- clock_t _stime;
- } _sigchld;
-
- // SIGILL, SIGFPE, SIGSEGV, SIGBUS
- struct {
- void __user *_addr; // faulting insn/memory ref.
-#ifdef __ARCH_SI_TRAPNO
- int _trapno; // TRAP # which caused the signal
-#endif
- } _sigfault;
-
- // SIGPOLL
- struct {
- __ARCH_SI_BAND_T _band; // POLL_IN, POLL_OUT, POLL_MSG
- int _fd;
- } _sigpoll;
- } _sifields;
-} siginfo_t;
-
- */
- }
+ kernel.function("sys_waitid").return {
+ name = "waitid.return"
+ }
# waitpid__________________________________________
-/* asmlinkage long
- sys_wait4(pid_t pid, int __user *stat_addr,
- int options, struct rusage __user *ru) */
+/*
+ * asmlinkage long
+ * sys_wait4(pid_t pid,
+ * int __user *stat_addr,
+ * int options,
+ * struct rusage __user *ru)
+ */
probe kernel.syscall.waitpid =
- kernel.function("sys_wait4") {
- name = "waitpid"
- pid = $pid
- /*
- status = $stat_addr
- */
- options = $options
- options_str =
- _wait4_opt_str($options)
- }
-
+ kernel.function("sys_wait4") {
+ name = "waitpid"
+ pid = $pid
+ status_uaddr = $stat_addr
+ options = $options
+ options_str =
+ _wait4_opt_str($options)
+ rusage_uaddr = $ru
+ }
probe kernel.syscall.waitpid.return =
- kernel.function("sys_wait4").return {
- name = "waitpid.return"
- pid = $pid
- /*
- status = $stat_addr
- */
- options = $options
- options_str =
- _wait4_opt_str($options)
- }
+ kernel.function("sys_wait4").return {
+ name = "waitpid.return"
+ }
# set_tid_address__________________________________
-/* asmlinkage long sys_set_tid_address(int __user *tidptr) */
+/*
+ * asmlinkage long
+ * sys_set_tid_address(int __user *tidptr)
+ */
probe kernel.syscall.set_tid_address =
- kernel.function("sys_set_tid_address") {
- name = "set_tid_address"
- /*
- tidptr = $tidptr
- */
- }
-
+ kernel.function("sys_set_tid_address") {
+ name = "set_tid_address"
+ tidptr_uaddr = $tidptr
+ }
probe kernel.syscall.set_tid_address.return =
- kernel.function("sys_set_tid_address").return {
- name = "set_tid_address.return"
- /*
- tidptr = $tidptr
- */
-
- }
+ kernel.function("sys_set_tid_address").return {
+ name = "set_tid_address.return"
+ }
# futex____________________________________________
-/* asmlinkage long sys_futex(u32 __user *uaddr,
- int op, int val,
- struct timespec __user *utime,
- u32 __user *uaddr2,
- int val3) */
+/*
+ * asmlinkage long
+ * sys_futex(u32 __user *uaddr,
+ * int op,
+ * int val,
+ * struct timespec __user *utime,
+ * u32 __user *uaddr2,
+ * int val3)
+ */
probe kernel.syscall.futex =
- kernel.function("sys_futex") {
- name = "futex"
- /*
- uaddr = $uaddr
- */
- op = $op
- op_str = _futex_op_str($op)
- val = $val
- /*
- utime_tv_sec = $utime->tv_sec
- utime_tv_usec = $utime->tv_usec
- uaddr2 = $uaddr2
- val3 = $val3
- */
- }
-
+ kernel.function("sys_futex") {
+ name = "futex"
+ futex_uaddr = $uaddr
+ op = $op
+ op_str = _futex_op_str($op)
+ val = $val
+ timeout_uaddr = $utime
+ uaddr2_uaddr = $uaddr2
+ val3 = $val3
+ }
probe kernel.syscall.futex.return =
- kernel.function("sys_futex").return {
- name = "futex.return"
- /*
- uaddr = $uaddr
- */
- op = $op
- op_str = _futex_op_str($op)
- val = $val
- /*
- utime_tv_sec = $utime->tv_sec
- utime_tv_usec = $utime->tv_usec
- uaddr2 = $uaddr2
- val3 = $val3
- */
- }
+ kernel.function("sys_futex").return {
+ name = "futex.return"
+ }
# init_module______________________________________
-/*sys_init_module(void __user *umod,
- unsigned long len,
- const char __user *uargs) */
+/*
+ * sys_init_module(void __user *umod,
+ * unsigned long len,
+ * const char __user *uargs)
+ */
probe kernel.syscall.init_module =
- kernel.function("sys_init_module") {
- name = "init_module"
- /*
- void __user *umod
- */
- len = $len
- /*
- uargs = $uargs
- */
- }
-
+ kernel.function("sys_init_module") {
+ name = "init_module"
+ /*
+ umod_uaddr = $umod
+ */
+ len = $len
+ uargs_uaddr = $uargs
+ }
probe kernel.syscall.init_module.return =
- kernel.function("sys_init_module").return {
- name = "init_module.return"
- /*
- void __user *umod
- */
- len = $len
- /*
- uargs = $uargs
- */
- }
+ kernel.function("sys_init_module").return {
+ name = "init_module.return"
+ }
# delete_module____________________________________
-/* asmlinkage long
- sys_delete_module(const char __user *name_user,
- unsigned int flags) */
+/*
+ * asmlinkage long
+ * sys_delete_module(const char __user *name_user,
+ * unsigned int flags)
+ */
probe kernel.syscall.delete_module =
- kernel.function("sys_delete_module") {
- /*
- name = "delete_module"
- name_user = $name_user
- */
- flags = $flags
- flags_str = _module_flags_str($flags)
- }
-
+ kernel.function("sys_delete_module") {
+ name = "delete_module"
+ name_user_uaddr = $name_user
+ flags = $flags
+ flags_str = _module_flags_str($flags)
+ }
probe kernel.syscall.delete_module.return =
- kernel.function("sys_delete_module").return {
- name = "delete_module.return"
- /*
- name = "delete_module"
- name_user = $name_user
- */
- flags = $flags
- flags_str = _module_flags_str($flags)
- }
+ kernel.function("sys_delete_module").return {
+ name = "delete_module.return"
+ }
# rt_sigprocmask___________________________________
-/* asmlinkage long sys_rt_sigprocmask(int how,
- sigset_t __user *set,
- sigset_t __user *oset,
- size_t sigsetsize) */
+/*
+ * asmlinkage long
+ * sys_rt_sigprocmask(int how,
+ * sigset_t __user *set,
+ * sigset_t __user *oset,
+ * size_t sigsetsize)
+ */
probe kernel.syscall.rt_sigprocmask =
- kernel.function("sys_rt_sigprocmask") {
- name = "rt_sigprocmask"
- how = $how
- how_str = _sigprocmask_how_str($how)
- /*
- set = $set
- oset = $oset
- */
- sigsetsize = $sigsetsize
- }
-
+ kernel.function("sys_rt_sigprocmask") {
+ name = "rt_sigprocmask"
+ how = $how
+ how_str = _sigprocmask_how_str($how)
+ set_uaddr = $set
+ oset_uaddr = $oset
+ sigsetsize = $sigsetsize
+ }
probe kernel.syscall.rt_sigprocmask.return =
- kernel.function("sys_rt_sigprocmask").return {
- name = "rt_sigprocmask.return"
- how = $how
- how_str = _sigprocmask_how_str($how)
- /*
- set = $set
- oset = $oset
- */
- sigsetsize = $sigsetsize
- }
+ kernel.function("sys_rt_sigprocmask").return {
+ name = "rt_sigprocmask.return"
+ }
# rt_sigpending____________________________________
-/* asmlinkage long
- sys_rt_sigpending(sigset_t __user *set, size_t sigsetsize) */
+/*
+ * asmlinkage long
+ * sys_rt_sigpending(sigset_t __user *set,
+ * size_t sigsetsize)
+ */
probe kernel.syscall.rt_sigpending =
- kernel.function("do_sigpending") {
- name = "rt_sigpending"
- sigsetsize = $sigsetsize
- }
-
+ kernel.function("do_sigpending") {
+ name = "rt_sigpending"
+ //set_uaddr = $set
+ sigsetsize = $sigsetsize
+ }
probe kernel.syscall.rt_sigpending.return =
- kernel.function("do_sigpending").return {
- name = "rt_sigpending.return"
- /*
- set = $set
- */
- }
+ kernel.function("do_sigpending").return {
+ name = "rt_sigpending.return"
+ }
# rt_sigtimedwait__________________________________
-/* asmlinkage long
- sys_rt_sigtimedwait(const sigset_t __user *uthese,
- siginfo_t __user *uinfo,
- const struct timespec __user *uts,
- size_t sigsetsize) */
+/*
+ * asmlinkage long
+ * sys_rt_sigtimedwait(const sigset_t __user *uthese,
+ * siginfo_t __user *uinfo,
+ * const struct timespec __user *uts,
+ * size_t sigsetsize)
+ */
probe kernel.syscall.rt_sigtimedwait =
- kernel.function("sys_rt_sigtimedwait") {
- name = "rt_sigtimedwait"
- /*
- set = $uthese
- uts_tv_sec = $uts->tv_sec
- uts_tv_usec = $uts->tv_usec
- */
- sigsetsize = $sigsetsize
- }
-
+ kernel.function("sys_rt_sigtimedwait") {
+ name = "rt_sigtimedwait"
+ uthese_uaddr = $uthese
+ uinfo_uaddr = $uinfo
+ uts_uaddr = $uts
+ sigsetsize = $sigsetsize
+ }
probe kernel.syscall.rt_sigtimedwait.return =
- kernel.function("sys_rt_sigtimedwait").return {
- name = "rt_sigtimedwait.return"
- /*
- set = $uthese
- info = $uinfo
- uts_tv_sec = $uts->tv_sec
- uts_tv_usec = $uts->tv_usec
- */
- sigsetsize = $sigsetsize
- }
+ kernel.function("sys_rt_sigtimedwait").return {
+ name = "rt_sigtimedwait.return"
+ }
# kill_____________________________________________
-/* asmlinkage long sys_kill(int pid, int sig) */
+/*
+ * asmlinkage long
+ * sys_kill(int pid, int sig)
+ */
probe kernel.syscall.kill =
- kernel.function("sys_kill") {
- name = "kill"
- pid = $pid
- sig = $sig
- }
-
+ kernel.function("sys_kill") {
+ name = "kill"
+ pid = $pid
+ sig = $sig
+ }
probe kernel.syscall.kill.return =
- kernel.function("sys_kill").return {
- name = "kill.return"
- pid = $pid
- sig = $sig
- }
+ kernel.function("sys_kill").return {
+ name = "kill.return"
+ }
# tgkill___________________________________________
-/* asmlinkage long sys_tgkill(int tgid, int pid, int sig) */
+/*
+ * asmlinkage long
+ * sys_tgkill(int tgid,
+ * int pid,
+ * int sig)
+ */
probe kernel.syscall.tgkill =
- kernel.function("sys_tgkill") {
- name = "tgkill"
- tgid = $tgid
- pid = $pid
- sig = $sig
- }
-
+ kernel.function("sys_tgkill") {
+ name = "tgkill"
+ tgid = $tgid
+ pid = $pid
+ sig = $sig
+ }
probe kernel.syscall.tgkill.return =
- kernel.function("sys_tgkill").return {
- name = "tgkill.return"
- tgid = $tgid
- pid = $pid
- sig = $sig
- }
+ kernel.function("sys_tgkill").return {
+ name = "tgkill.return"
+ }
# tkill____________________________________________
-/* asmlinkage long sys_tkill(int pid, int sig) */
+/*
+ * asmlinkage long
+ * sys_tkill(int pid,
+ * int sig)
+ */
probe kernel.syscall.tkill =
- kernel.function("sys_tkill") {
- name = "tkill"
- pid = $pid
- sig = $sig
- }
-
+ kernel.function("sys_tkill") {
+ name = "tkill"
+ pid = $pid
+ sig = $sig
+ }
probe kernel.syscall.tkill.return =
- kernel.function("sys_tkill").return {
- name = "tkill.return"
- pid = $pid
- sig = $sig
- }
+ kernel.function("sys_tkill").return {
+ name = "tkill.return"
+ }
# rt_sigqueueinfo__________________________________
-/* smlinkage long
- sys_rt_sigqueueinfo(int pid, int sig,
- siginfo_t __user *uinfo) */
+/*
+ * asmlinkage long
+ * sys_rt_sigqueueinfo(int pid,
+ * int sig,
+ * siginfo_t __user *uinfo)
+ */
probe kernel.syscall.rt_sigqueueinfo =
- kernel.function("sys_rt_sigqueueinfo") {
- name = "rt_sigqueueinfo"
- pid = $pid
- sig = $sig
- /*
- uinfo = $uinfo
- */
- }
-
+ kernel.function("sys_rt_sigqueueinfo") {
+ name = "rt_sigqueueinfo"
+ pid = $pid
+ sig = $sig
+ uinfo_uaddr = $uinfo
+ }
probe kernel.syscall.rt_sigqueueinfo.return =
- kernel.function("sys_rt_sigqueueinfo").return {
- name = "rt_sigqueueinfo.return"
- pid = $pid
- sig = $sig
- /*
- uinfo = $uinfo
- */
- }
+ kernel.function("sys_rt_sigqueueinfo").return {
+ name = "rt_sigqueueinfo.return"
+ }
# sgetmask_________________________________________
-/* sys_sgetmask(void) */
+/*
+ * sys_sgetmask(void)
+ */
probe kernel.syscall.sgetmask =
- kernel.function("sys_sgetmask") {
- name = "sgetmask"
- }
-
+ kernel.function("sys_sgetmask") {
+ name = "sgetmask"
+ }
probe kernel.syscall.sgetmask.return =
- kernel.function("sys_sgetmask").return {
- name = "sgetmask.return"
- }
+ kernel.function("sys_sgetmask").return {
+ name = "sgetmask.return"
+ }
# ssetmask_________________________________________
-/* asmlinkage long sys_ssetmask(int newmask) */
+/*
+ * asmlinkage long
+ * sys_ssetmask(int newmask)
+ */
probe kernel.syscall.ssetmask =
- kernel.function("sys_ssetmask") {
- name = "ssetmask"
- newmask = $newmask
- }
-
+ kernel.function("sys_ssetmask") {
+ name = "ssetmask"
+ newmask = $newmask
+ }
probe kernel.syscall.ssetmask.return =
- kernel.function("sys_ssetmask").return {
- name = "ssetmask.return"
- newmask = $newmask
- }
+ kernel.function("sys_ssetmask").return {
+ name = "ssetmask.return"
+ }
# signal___________________________________________
-/* asmlinkage unsigned long
- sys_signal(int sig, __sighandler_t handler)
-*/
+/*
+ * asmlinkage unsigned long
+ * sys_signal(int sig,
+ * __sighandler_t handler)
+ */
probe kernel.syscall.signal =
- kernel.function("sys_signal") {
- name = "signal"
- sig = $sig
- /*
- I do not think that there is any
- reason to export this...
- handler = $handler
- */
- }
-
+ kernel.function("sys_signal") {
+ name = "signal"
+ sig = $sig
+ /*
+ handler = $handler
+ */
+ }
probe kernel.syscall.signal.return =
- kernel.function("sys_signal").return {
- name = "signal.return"
- sig = $sig
- /*
- I do not think that there is any
- reason to export this...
- handler = $handler
- */
- }
+ kernel.function("sys_signal").return {
+ name = "signal.return"
+ }
# pause____________________________________________
-/* sys_pause(void) */
+/*
+ * sys_pause(void)
+ */
probe kernel.syscall.pause =
- kernel.function("sys_pause") {
- name = "pause"
- }
-
+ kernel.function("sys_pause") {
+ name = "pause"
+ }
probe kernel.syscall.pause.return =
- kernel.function("sys_pause").return {
- name = "pause.return"
- }
+ kernel.function("sys_pause").return {
+ name = "pause.return"
+ }
# sync_____________________________________________
-/* asmlinkage long sys_sync(void) */
+/*
+ * asmlinkage long
+ * sys_sync(void)
+ */
probe kernel.syscall.sync =
- kernel.function("do_sync") {
- name = "sync"
- }
-
+ kernel.function("do_sync") {
+ name = "sync"
+ }
probe kernel.syscall.sync.return =
- kernel.function("do_sync").return {
- name = "sync.return"
- }
+ kernel.function("do_sync").return {
+ name = "sync.return"
+ }
# fsync____________________________________________
-/* asmlinkage long sys_fsync(unsigned int fd) */
+/*
+ * asmlinkage long
+ * sys_fsync(unsigned int fd)
+ */
probe kernel.syscall.fsync =
- kernel.function("sys_fsync") {
- name = "fsync"
- fd = $fd
- }
-
+ kernel.function("sys_fsync") {
+ name = "fsync"
+ fd = $fd
+ }
probe kernel.syscall.fsync.return =
- kernel.function("sys_fsync").return {
- name = "fsync.return"
- fd = $fd
- }
+ kernel.function("sys_fsync").return {
+ name = "fsync.return"
+ fd = $fd
+ }
# fdatasync________________________________________
-/* asmlinkage long sys_fdatasync(unsigned int fd) */
+/*
+ * asmlinkage long
+ * sys_fdatasync(unsigned int fd)
+ */
probe kernel.syscall.fdatasync =
- kernel.function("sys_fdatasync") {
- name = "fdatasync"
- fd = $fd
- }
-
+ kernel.function("sys_fdatasync") {
+ name = "fdatasync"
+ fd = $fd
+ }
probe kernel.syscall.fdatasync.return =
- kernel.function("sys_fdatasync").return {
- name = "fdatasync.return"
- fd = $fd
- }
+ kernel.function("sys_fdatasync").return {
+ name = "fdatasync.return"
+ }
# bdflush__________________________________________
-/* asmlinkage long sys_bdflush(int func, long data) */
+/*
+ * asmlinkage long
+ * sys_bdflush(int func,
+ * long data)
+ */
probe kernel.syscall.bdflush =
- kernel.function("sys_bdflush") {
- name = "bdflush"
- func = $func
- data = $data
- }
-
+ kernel.function("sys_bdflush") {
+ name = "bdflush"
+ func = $func
+ data = $data
+ }
probe kernel.syscall.bdflush.return =
- kernel.function("sys_bdflush").return {
- name = "bdflush.return"
- func = $func
- data = $data
- }
+ kernel.function("sys_bdflush").return {
+ name = "bdflush.return"
+ }
# mount____________________________________________
-/* asmlinkage long sys_mount(char __user * dev_name,
- char __user * dir_name,
- char __user * type,
- unsigned long flags,
- void __user * data) */
+/*
+ * asmlinkage long
+ * sys_mount(char __user * dev_name,
+ * char __user * dir_name,
+ * char __user * type,
+ * unsigned long flags,
+ * void __user * data)
+ */
probe kernel.syscall.mount =
- kernel.function("sys_mount") {
- name = "mount"
- /*
- source = $dev_name
- target = $dir_name
- filesystemtype = $type
-
- void pointers are still being worked out
- void __user * data
- */
- mountflags = $flags
- mountflags_str =
- _mountflags_str($flags)
- }
-
+ kernel.function("sys_mount") {
+ name = "mount"
+ source_uaddr = $dev_name
+ target_uaddr = $dir_name
+ filesystemtype_uaddr = $type
+ mountflags = $flags
+ mountflags_str =
+ _mountflags_str($flags)
+ /*
+ data_uaddr = $data
+ */
+ }
probe kernel.syscall.mount.return =
- kernel.function("sys_mount").return {
- name = "mount.return"
- /*
- source = $dev_name
- target = $dir_name
- filesystemtype = $type
-
- void pointers are still being worked out
- void __user * data
- */
- mountflags = $flags
- mountflags_str =
- _mountflags_str($flags)
- }
+ kernel.function("sys_mount").return {
+ name = "mount.return"
+ }
# umount___________________________________________
-/* asmlinkage long sys_umount(char __user * name, int flags) */
+/*
+ * asmlinkage long
+ * sys_umount(char __user * name,
+ * int flags)
+ */
probe kernel.syscall.umount =
- kernel.function("sys_umount") {
- name = "umount"
- /*
- target = $name
- */
- flags = $flags
- flags_str = _mountflags_str($flags)
- }
-
+ kernel.function("sys_umount") {
+ name = "umount"
+ target_uaddr = $name
+ flags = $flags
+ flags_str = _mountflags_str($flags)
+ }
probe kernel.syscall.umount.return =
- kernel.function("sys_umount").return {
- name = "umount.return"
- /*
- target = $name
- */
- flags = $flags
- flags_str = _mountflags_str($flags)
- }
+ kernel.function("sys_umount").return {
+ name = "umount.return"
+ }
# oldumount________________________________________
-/* smlinkage long sys_oldumount(char __user * name) */
+/*
+ * asmlinkage long
+ * sys_oldumount(char __user * name)
+ */
probe kernel.syscall.oldumount =
- kernel.function("sys_umount") {
- name = "oldumount"
- /*
- target = $name
- */
- }
-
+ kernel.function("sys_umount") {
+ name = "oldumount"
+ target_uaddr = $name
+ }
probe kernel.syscall.oldumount.return =
- kernel.function("sys_umount").return {
- name = "oldumount.return"
- /*
- target = $name
- */
- }
+ kernel.function("sys_umount").return {
+ name = "oldumount.return"
+ }
# truncate_________________________________________
-/* asmlinkage long sys_truncate(const char __user * path,
- unsigned long length) */
+/*
+ * asmlinkage long
+ * sys_truncate(const char __user * path,
+ * unsigned long length)
+ */
probe kernel.syscall.truncate =
- kernel.function("do_sys_truncate") {
- name = "truncate"
- /*
- path = $path
- */
- length = $length
- }
-
+ kernel.function("sys_truncate") {
+ name = "truncate"
+ path_uaddr = $path
+ length = $length
+ }
probe kernel.syscall.truncate.return =
- kernel.function("do_sys_truncate").return {
- name = "truncate.return"
- /*
- path = $path
- */
- length = $length
- }
+ kernel.function("sys_truncate").return {
+ name = "truncate.return"
+ }
# ftruncate________________________________________
-/* static inline long do_sys_ftruncate(unsigned int fd,
- loff_t length,
- int small) */
+/*
+ * static inline long
+ * do_sys_ftruncate(unsigned int fd,
+ * loff_t length,
+ * int small)
+ */
probe kernel.syscall.ftruncate =
- kernel.function("do_sys_ftrancate") {
- name = "ftruncate"
- fd = $fd
- length = $length
- small = $small
- }
-
+ kernel.function("sys_ftruncate") {
+ name = "ftruncate"
+ fd = $fd
+ length = $length
+ }
probe kernel.syscall.ftruncate.return =
- kernel.function("do_sys_ftrancate").return {
- name = "ftruncate.return"
- fd = $fd
- length = $length
- small = $small
- }
+ kernel.function("sys_ftrancate").return {
+ name = "ftruncate.return"
+ }
# stat_____________________________________________
-/* asmlinkage long sys_stat(char __user * filename,
- struct __old_kernel_stat __user * statbuf) */
+/*
+ * asmlinkage long
+ * sys_stat(char __user * filename,
+ * struct __old_kernel_stat __user * statbuf)
+ */
probe kernel.syscall.stat =
- kernel.function("sys_stat") {
- name = "stat"
- /*
- filename = $filename
- */
- }
-
+ kernel.function("sys_stat") {
+ name = "stat"
+ filename_uaddr = $filename
+ buf_uaddr = $statbuf
+ }
probe kernel.syscall.stat.return =
- kernel.function("sys_stat").return {
- name = "stat.return"
- /*
- filename = $filename
- buf_st_dev = $statbuf->st_dev
- buf_st_ino = $statbuf->st_ino
- buf_st_mode = $statbuf->st_mode
- buf_st_nlink = $statbuf->st_nlink
- buf_st_uid = $statbuf->st_uid
- buf_st_gid = $statbuf->st_gid
- buf_st_rdev = $statbuf->st_rdev
- buf_st_size = $statbuf->st_size
- buf_st_atime = $statbuf->st_atime
- buf_st_mtime = $statbuf->st_mtime
- buf_st_ctime = $statbuf->st_ctime
- */
- }
+ kernel.function("sys_stat").return {
+ name = "stat.return"
+ }
# statfs___________________________________________
-/* asmlinkage long sys_statfs(const char __user * path,
- struct statfs __user * buf) */
+/*
+ * asmlinkage long
+ * sys_statfs(const char __user * path,
+ * struct statfs __user * buf)
+ */
probe kernel.syscall.statfs =
- kernel.function("sys_statfs") {
- name = "statfs"
- /*
- path = $path
- */
- }
-
+ kernel.function("sys_statfs") {
+ name = "statfs"
+ path_uaddr = $path
+ buf_uaddr
+ }
probe kernel.syscall.statfs.return =
- kernel.function("sys_statfs").return {
- name = "statfs.return"
- /*
- path = $path
- buf_f_type = $buf->f_type
- buf_f_bsize = $buf->f_bsize
- buf_f_blocks = $buf->f_blocks
- buf_f_bfree = $buf->f_bfree
- buf_f_bavail = $buf->f_bavail
- buf_f_files = $buf->f_files
- buf_f_ffree = $buf->f_ffree
- buf_f_fsid = $buf->f_fsid
- buf_f_namelen = $buf->f_namelen
- buf_f_frsize = $buf->f_frsize
- buf_f_spare == __u32 f_spare[5];
- buf_f_type_str =
- _statfs_f_type_str($buf->f_type)
- */
- }
+ kernel.function("sys_statfs").return {
+ name = "statfs.return"
+ }
# statfs64_________________________________________
-/* asmlinkage long sys_statfs64(const char __user *path,
- size_t sz,
- struct statfs64 __user *buf) */
+/*
+ * asmlinkage long
+ * sys_statfs64(const char __user *path,
+ * size_t sz,
+ * struct statfs64 __user *buf)
+ */
probe kernel.syscall.statfs64 =
- kernel.function("sys_statfs64") {
- name = "statfs64"
- /*
- path = $path
- */
- sz = $sz
- }
-
+ kernel.function("sys_statfs64") {
+ name = "statfs64"
+ path_uaddr = $path
+ sz = $sz
+ buf_uaddr = $buf
+ }
probe kernel.syscall.statfs64.return =
- kernel.function("sys_statfs64").return {
- name = "statfs64.return"
- /*
- path = $path
- */
- sz = $sz
- /*
- buf_f_type = $buf->f_type
- buf_f_bsize = $buf->f_bsize
- buf_f_blocks = $buf->f_blocks
- buf_f_bfree = $buf->f_bfree
- buf_f_bavail = $buf->f_bavail
- buf_f_files = $buf->f_files
- buf_f_ffree = $buf->f_ffree
- buf_f_fsid = $buf->f_fsid
- buf_f_namelen = $buf->f_namelen
- buf_f_frsize = $buf->f_frsize
- buf_f_spare == __u32 f_spare[5];
- buf_f_type_str =
- _statfs_f_type_str($buf->f_type)
- */
- }
+ kernel.function("sys_statfs64").return {
+ name = "statfs64.return"
+ }
# fstatfs__________________________________________
-/* asmlinkage long sys_fstatfs(unsigned int fd,
- struct statfs __user * buf) */
+/*
+ * asmlinkage long
+ * sys_fstatfs(unsigned int fd,
+ * struct statfs __user * buf)
+ */
probe kernel.syscall.fstatfs =
- kernel.function("sys_fstatfs") {
- name = "fstatfs"
- fd = $fd
- }
-
+ kernel.function("sys_fstatfs") {
+ name = "fstatfs"
+ fd = $fd
+ buf_uaddr = $buf
+ }
probe kernel.syscall.fstatfs.return =
- kernel.function("sys_fstatfs").return {
- name = "fstatfs.return"
- fd = $fd
- /*
- path = $path
- buf_f_type = $buf->f_type
- buf_f_bsize = $buf->f_bsize
- buf_f_blocks = $buf->f_blocks
- buf_f_bfree = $buf->f_bfree
- buf_f_bavail = $buf->f_bavail
- buf_f_files = $buf->f_files
- buf_f_ffree = $buf->f_ffree
- buf_f_fsid = $buf->f_fsid
- buf_f_namelen = $buf->f_namelen
- buf_f_frsize = $buf->f_frsize
- buf_f_spare == __u32 f_spare[5];
- buf_f_type_str =
- _statfs_f_type_str($buf->f_type)
- */
- }
+ kernel.function("sys_fstatfs").return {
+ name = "fstatfs.return"
+ }
# fstatfs64________________________________________
-/* asmlinkage long sys_fstatfs64(unsigned int fd,
- size_t sz,
- struct statfs64 __user *buf) */
+/*
+ * asmlinkage long
+ * sys_fstatfs64(unsigned int fd,
+ * size_t sz,
+ * struct statfs64 __user *buf)
+ */
probe kernel.syscall.fstatfs64 =
- kernel.function("sys_fstatfs64") {
- name = "fstatfs64"
- fd = $fd
- sz = $sz
- }
-
+ kernel.function("sys_fstatfs64") {
+ name = "fstatfs64"
+ fd = $fd
+ sz = $sz
+ buf_uaddr = $buf
+ }
probe kernel.syscall.fstatfs64.return =
- kernel.function("sys_fstatfs64").return {
- name = "fstatfs64.return"
- fd = $fd
- sz = $sz
- /*
- path = $path
- buf_f_type = $buf->f_type
- buf_f_bsize = $buf->f_bsize
- buf_f_blocks = $buf->f_blocks
- buf_f_bfree = $buf->f_bfree
- buf_f_bavail = $buf->f_bavail
- buf_f_files = $buf->f_files
- buf_f_ffree = $buf->f_ffree
- buf_f_fsid = $buf->f_fsid
- buf_f_namelen = $buf->f_namelen
- buf_f_frsize = $buf->f_frsize
- buf_f_spare == __u32 f_spare[5];
- buf_f_type_str =
- _statfs_f_type_str($buf->f_type)
- */
- }
+ kernel.function("sys_fstatfs64").return {
+ name = "fstatfs64.return"
+ }
# lstat____________________________________________
-/* asmlinkage long sys_lstat(char __user * filename,
- struct __old_kernel_stat __user * statbuf) */
+/*
+ * asmlinkage long
+ * sys_lstat(char __user * filename,
+ * struct __old_kernel_stat __user * statbuf)
+ */
probe kernel.syscall.lstat =
- kernel.function("sys_lstat") {
- name = "lstat"
- /*
- file_name = $file_name
- */
- }
-
+ kernel.function("sys_lstat") {
+ name = "lstat"
+ filename_uaddr = $filename
+ buf_uaddr = $statbuf
+ }
probe kernel.syscall.lstat.return =
- kernel.function("sys_lstat").return {
- name = "lstat.return"
- /*
- file_name = $filename
- buf_f_type = $statbuf->f_type
- buf_f_bsize = $statbuf->f_bsize
- buf_f_blocks = $statbuf->f_blocks
- buf_f_bfree = $statbuf->f_bfree
- buf_f_bavail = $statbuf->f_bavail
- buf_f_files = $statbuf->f_files
- buf_f_ffree = $statbuf->f_ffree
- buf_f_fsid = $statbuf->f_fsid
- buf_f_namelen = $statbuf->f_namelen
- buf_f_frsize = $statbuf->f_frsize
- buf_f_spare == __u32 f_spare[5];
- buf_f_type_str =
- _statfs_f_type_str($statbuf->f_type)
- */
- }
+ kernel.function("sys_lstat").return {
+ name = "lstat.return"
+ }
# fstat____________________________________________
-/* asmlinkage long sys_fstat(unsigned int fd,
- struct __old_kernel_stat __user * statbuf) */
+/*
+ * asmlinkage long
+ * sys_fstat(unsigned int fd,
+ * struct __old_kernel_stat __user * statbuf)
+ */
probe kernel.syscall.fstat =
- kernel.function("sys_fstat") {
- name = "fstat"
- fd = $fd
- }
-
+ kernel.function("sys_fstat") {
+ name = "fstat"
+ fd = $fd
+ buf_uaddr = $statbuf
+}
probe kernel.syscall.fstat.return =
- kernel.function("sys_fstat").return {
- name = "fstat.return"
- fd = $fd
- /*
- buf_f_type = $statbuf->f_type
- buf_f_bsize = $statbuf->f_bsize
- buf_f_blocks = $statbuf->f_blocks
- buf_f_bfree = $statbuf->f_bfree
- buf_f_bavail = $statbuf->f_bavail
- buf_f_files = $statbuf->f_files
- buf_f_ffree = $statbuf->f_ffree
- buf_f_fsid = $statbuf->f_fsid
- buf_f_namelen = $statbuf->f_namelen
- buf_f_frsize = $statbuf->f_frsize
- buf_f_spare == __u32 f_spare[5];
- buf_f_type_str =
- _statfs_f_type_str($statbuf->f_type)
- */
- }
+ kernel.function("sys_fstat").return {
+ name = "fstat.return"
+ }
# newstat__________________________________________
-/* asmlinkage long sys_newstat(char __user * filename,
- struct stat __user * statbuf) */
+/*
+ * asmlinkage long
+ * sys_newstat(char __user * filename,
+ * struct stat __user * statbuf)
+ */
+/*
probe kernel.syscall.newstat =
- kernel.function("sys_newstat") {
- name = "newstat"
- /*
- filename = $filename
- */
- }
-
+ kernel.function("sys_newstat") {
+ name = "newstat"
+ filename_uaddr = $filename
+ buf_uaddr = $statbuf
+ }
probe kernel.syscall.newstat.return =
- kernel.function("sys_newstat").return {
- name = "newstat.return"
- /*
- filename = $filename
- buf_f_type = $statbuf->f_type
- buf_f_bsize = $statbuf->f_bsize
- buf_f_blocks = $statbuf->f_blocks
- buf_f_bfree = $statbuf->f_bfree
- buf_f_bavail = $statbuf->f_bavail
- buf_f_files = $statbuf->f_files
- buf_f_ffree = $statbuf->f_ffree
- buf_f_fsid = $statbuf->f_fsid
- buf_f_namelen = $statbuf->f_namelen
- buf_f_frsize = $statbuf->f_frsize
- buf_f_spare == __u32 f_spare[5];
- buf_f_type_str =
- _statfs_f_type_str($statbuf->f_type)
- */
- }
+ kernel.function("sys_newstat").return {
+ name = "newstat.return"
+ }
+*/
# newlstat_________________________________________
-/* asmlinkage long sys_newlstat(char __user * filename,
- struct stat __user * statbuf) */
+/*
+ * asmlinkage long
+ * sys_newlstat(char __user * filename,
+ * struct stat __user * statbuf)
+ */
+/*
probe kernel.syscall.newlstat =
- kernel.function("sys_newlstat") {
- name = "newlstat"
- /*
- filename = $filename
- */
- }
-
+ kernel.function("sys_newlstat") {
+ name = "newlstat"
+ filename_uaddr = $filename
+ buf_uaddr = $statbuf
+ }
probe kernel.syscall.newlstat.return =
- kernel.function("sys_newlstat").return {
- name = "newlstat.return"
- /*
- filename = $filename
- buf_f_type = $statbuf->f_type
- buf_f_bsize = $statbuf->f_bsize
- buf_f_blocks = $statbuf->f_blocks
- buf_f_bfree = $statbuf->f_bfree
- buf_f_bavail = $statbuf->f_bavail
- buf_f_files = $statbuf->f_files
- buf_f_ffree = $statbuf->f_ffree
- buf_f_fsid = $statbuf->f_fsid
- buf_f_namelen = $statbuf->f_namelen
- buf_f_frsize = $statbuf->f_frsize
- buf_f_spare == __u32 f_spare[5];
- buf_f_type_str =
- _statfs_f_type_str($statbuf->f_type)
- */
- }
+ kernel.function("sys_newlstat").return {
+ name = "newlstat.return"
+ }
+*/
# newfstat_________________________________________
-/* asmlinkage long sys_newfstat(unsigned int fd,
- struct stat __user * statbuf) */
+/*
+ * asmlinkage long
+ * sys_newfstat(unsigned int fd,
+ * struct stat __user * statbuf)
+ */
+/*
probe kernel.syscall.newfstat =
- kernel.function("sys_newfstat") {
- name = "newfstat"
- fd = $fd
- }
-
+ kernel.function("sys_newfstat") {
+ name = "newfstat"
+ fd = $fd
+ buf_uaddr = $statbuf
+ }
probe kernel.syscall.newfstat.return =
- kernel.function("sys_newfstat").return {
- name = "newfstat.return"
- fd = $fd
- /*
- buf_f_type = $statbuf->f_type
- buf_f_bsize = $statbuf->f_bsize
- buf_f_blocks = $statbuf->f_blocks
- buf_f_bfree = $statbuf->f_bfree
- buf_f_bavail = $statbuf->f_bavail
- buf_f_files = $statbuf->f_files
- buf_f_ffree = $statbuf->f_ffree
- buf_f_fsid = $statbuf->f_fsid
- buf_f_namelen = $statbuf->f_namelen
- buf_f_frsize = $statbuf->f_frsize
- buf_f_spare == __u32 f_spare[5];
- buf_f_type_str =
- _statfs_f_type_str($statbuf->f_type)
- */
- }
+ kernel.function("sys_newfstat").return {
+ name = "newfstat.return"
+ }
+*/
# ustat____________________________________________
-/* asmlinkage long sys_ustat(unsigned dev, struct ustat __user * ubuf) */
+/*
+ * asmlinkage long
+ * sys_ustat(unsigned dev,
+ * struct ustat __user * ubuf)
+ */
probe kernel.syscall.ustat =
- kernel.function("sys_ustat") {
- name = "ustat"
- dev = $dev
- }
-
+ kernel.function("sys_ustat") {
+ name = "ustat"
+ dev = $dev
+ ubuf_uaddr = $ubuf
+ }
probe kernel.syscall.ustat.return =
- kernel.function("sys_ustat").return {
- name = "ustat.return"
- dev = $dev
- /*
- ubuf_f_tfree = $ubuf->f_tfree
- ubuf_f_tinode = $ubuf->f_tinode
- */
- }
+ kernel.function("sys_ustat").return {
+ name = "ustat.return"
+ }
# stat64___________________________________________
-/* asmlinkage long sys_stat64(char __user * filename,
- struct stat64 __user * statbuf) */
+/*
+ * asmlinkage long
+ * sys_stat64(char __user * filename,
+ * struct stat64 __user * statbuf)
+ */
probe kernel.syscall.stat64 =
- kernel.function("sys_stat64") {
- name = "stat64"
- /*
- filename = $filename
- */
- }
-
+ kernel.function("sys_stat64") {
+ name = "stat64"
+ filename_uaddr = $filename
+ buf_uaddr = $statbuf
+ }
probe kernel.syscall.stat64.return =
- kernel.function("sys_stat64").return {
- name = "stat64.return"
- /*
- filename = $filename
- buf_f_type = $statbuf->f_type
- buf_f_bsize = $statbuf->f_bsize
- buf_f_blocks = $statbuf->f_blocks
- buf_f_bfree = $statbuf->f_bfree
- buf_f_bavail = $statbuf->f_bavail
- buf_f_files = $statbuf->f_files
- buf_f_ffree = $statbuf->f_ffree
- buf_f_fsid = $statbuf->f_fsid
- buf_f_namelen = $statbuf->f_namelen
- buf_f_frsize = $statbuf->f_frsize
- buf_f_spare == __u32 f_spare[5];
- buf_f_type_str =
- _statfs_f_type_str($statbuf->f_type)
- */
- }
+ kernel.function("sys_stat64").return {
+ name = "stat64.return"
+ }
# fstat64__________________________________________
-/* asmlinkage long sys_fstat64(unsigned long fd,
- struct stat64 __user * statbuf) */
+/*
+ * asmlinkage long
+ * sys_fstat64(unsigned long fd,
+ * struct stat64 __user * statbuf)
+ */
probe kernel.syscall.fstat64 =
- kernel.function("sys_fstat64") {
- name = "fstat64"
- fd = $fd
- }
-
+ kernel.function("sys_fstat64") {
+ name = "fstat64"
+ fd = $fd
+ buf_uaddr = $statbuf
+ }
probe kernel.syscall.fstat64.return =
- kernel.function("sys_fstat64").return {
- name = "fstat64.return"
- fd = $fd
- /*
- buf_f_type = $statbuf->f_type
- buf_f_bsize = $statbuf->f_bsize
- buf_f_blocks = $statbuf->f_blocks
- buf_f_bfree = $statbuf->f_bfree
- buf_f_bavail = $statbuf->f_bavail
- buf_f_files = $statbuf->f_files
- buf_f_ffree = $statbuf->f_ffree
- buf_f_fsid = $statbuf->f_fsid
- buf_f_namelen = $statbuf->f_namelen
- buf_f_frsize = $statbuf->f_frsize
- buf_f_spare == __u32 f_spare[5];
- buf_f_type_str =
- _statfs_f_type_str($statbuf->f_type)
- */
- }
+ kernel.function("sys_fstat64").return {
+ name = "fstat64.return"
+ }
# lstat64__________________________________________
-/* asmlinkage long sys_lstat64(char __user * filename,
- struct stat64 __user * statbuf) */
-probe kernel.syscall.lstat64 =
- kernel.function("sys_lstat64") {
- name = "lstat64"
- /*
- filename = $filename
- */
- }
-
+/*
+ * asmlinkage long
+ * sys_lstat64(char __user * filename,
+ * struct stat64 __user * statbuf)
+ */
+probe kernel.syscall.lstat64 =
+ kernel.function("sys_lstat64") {
+ name = "lstat64"
+ filename_uaddr = $filename
+ buf_uaddr = $statbuf
+ }
probe kernel.syscall.lstat64.return =
- kernel.function("sys_lstat64").return {
- name = "lstat64.return"
- /*
- filename = $filename
- buf_f_type = $statbuf->f_type
- buf_f_bsize = $statbuf->f_bsize
- buf_f_blocks = $statbuf->f_blocks
- buf_f_bfree = $statbuf->f_bfree
- buf_f_bavail = $statbuf->f_bavail
- buf_f_files = $statbuf->f_files
- buf_f_ffree = $statbuf->f_ffree
- buf_f_fsid = $statbuf->f_fsid
- buf_f_namelen = $statbuf->f_namelen
- buf_f_frsize = $statbuf->f_frsize
- buf_f_spare == __u32 f_spare[5];
- buf_f_type_str =
- _statfs_f_type_str($statbuf->f_type)
- */
- }
+ kernel.function("sys_lstat64").return {
+ name = "lstat64.return"
+ }
# truncate64_______________________________________
-/* asmlinkage long sys_truncate64(const char __user * path,
- loff_t length) */
+/*
+ * asmlinkage long
+ * sys_truncate64(const char __user * path,
+ * loff_t length)
+ */
probe kernel.syscall.truncate64 =
- kernel.function("do_sys_truncate") {
- name = "truncate64"
- /*
- path = $path
- */
- length = $length
- }
-
+ kernel.function("sys_truncate") {
+ name = "truncate64"
+ path_uaddr = $path
+ length = $length
+ }
probe kernel.syscall.truncate64.return =
- kernel.function("do_sys_truncate").return {
- name = "truncate64.return"
- /*
- path = $path
- */
- length = $length
- }
+ kernel.function("sys_truncate").return {
+ name = "truncate64.return"
+ }
# ftruncate64______________________________________
-/* asmlinkage long sys_ftruncate64(unsigned int fd,
- loff_t length) */
+/*
+ * asmlinkage long
+ * sys_ftruncate64(unsigned int fd,
+ * loff_t length)
+ */
probe kernel.syscall.ftruncate64 =
- kernel.function("do_sys_ftruncate") {
- name = "ftruncate64"
- fd = $fd
- length = $length
- }
-
+ kernel.function("sys_ftruncate") {
+ name = "ftruncate64"
+ fd = $fd
+ length = $length
+ }
probe kernel.syscall.ftruncate64.return =
- kernel.function("do_sys_ftruncate").return {
- name = "ftruncate64.return"
- fd = $fd
- length = $length
- }
+ kernel.function("sys_ftruncate").return {
+ name = "ftruncate64.return"
+ }
# setxattr_________________________________________
-/* asmlinkage long
- sys_setxattr(char __user *path, char __user *name,
- void __user *value, size_t size, int flags)*/
+/*
+ * asmlinkage long
+ * sys_setxattr(char __user *path,
+ * char __user *name,
+ * void __user *value,
+ * size_t size,
+ * int flags)
+ */
probe kernel.syscall.setxattr =
- kernel.function("sys_setxattr") {
- name = "setxattr"
- /*
- path = $path
- name = $name
- void __user *value
- */
- size = $size
- flags = $flags
- }
-
+ kernel.function("sys_setxattr") {
+ name = "setxattr"
+ path_uaddr = $path
+ name_uaddr = $name
+ /*
+ void __user *value
+ */
+ size = $size
+ flags = $flags
+ }
probe kernel.syscall.setxattr.return =
- kernel.function("sys_setxattr").return {
- name = "setxattr.return"
- /*
- path = $path
- name = $name
- void __user *value
- */
- size = $size
- flags = $flags
- }
+ kernel.function("sys_setxattr").return {
+ name = "setxattr.return"
+ }
# lsetxattr________________________________________
-/* asmlinkage long
- sys_lsetxattr(char __user *path, char __user *name,
- void __user *value, size_t size, int flags) */
+/*
+ * asmlinkage long
+ * sys_lsetxattr(char __user *path,
+ * char __user *name,
+ * void __user *value,
+ * size_t size,
+ * int flags)
+ */
probe kernel.syscall.lsetxattr =
- kernel.function("sys_lsetxattr") {
- name = "lsetxattr"
- /*
- path = $path
- name = $name
- void __user *value
- */
- size = $size
- flags = $flags
- }
-
+ kernel.function("sys_lsetxattr") {
+ name = "lsetxattr"
+ path_uaddr = $path
+ name_uaddr = $name
+ /*
+ void __user *value
+ */
+ size = $size
+ flags = $flags
+ }
probe kernel.syscall.lsetxattr.return =
- kernel.function("sys_lsetxattr").return {
- name = "lsetxattr.return"
- /*
- path = $path
- name = $name
- void __user *value
- */
- size = $size
- flags = $flags
- }
+ kernel.function("sys_lsetxattr").return {
+ name = "lsetxattr.return"
+ }
# fsetxattr________________________________________
-/* asmlinkage long sys_fsetxattr(int fd, char __user *name,
- void __user *value,
- size_t size, int flags) */
+/*
+ * asmlinkage long
+ * sys_fsetxattr(int fd,
+ * char __user *name,
+ * void __user *value,
+ * size_t size,
+ * int flags)
+ */
probe kernel.syscall.fsetxattr =
- kernel.function("sys_fsetxattr") {
- name = "fsetxattr"
- fildes = $fd
- /*
- name = $name
- void __user *value
- */
- size = $size
- flags = $flags
- }
-
+ kernel.function("sys_fsetxattr") {
+ name = "fsetxattr"
+ fildes = $fd
+ name_uaddr = $name
+ /*
+ void __user *value
+ */
+ size = $size
+ flags = $flags
+ }
probe kernel.syscall.fsetxattr.return =
- kernel.function("sys_fsetxattr").return {
- name = "fsetxattr.return"
- fildes = $fd
- /*
- name = $name
- void __user *value
- */
- size = $size
- flags = $flags
- }
+ kernel.function("sys_fsetxattr").return {
+ name = "fsetxattr.return"
+ }
# getxattr_________________________________________
-/* asmlinkage ssize_t sys_getxattr(char __user *path,
- char __user *name,
- void __user *value,
- size_t size) */
+/*
+ * asmlinkage ssize_t
+ * sys_getxattr(char __user *path,
+ * char __user *name,
+ * void __user *value,
+ * size_t size)
+ */
probe kernel.syscall.getxattr =
- kernel.function("sys_getxattr") {
- name = "getxattr"
- /*
- path = $path
- name = $name
- void __user *value
- */
- size = $size
- }
-
+ kernel.function("sys_getxattr") {
+ name = "getxattr"
+ path_uaddr = $path
+ name_uaddr = $name
+ /*
+ void __user *value
+ */
+ size = $size
+ }
probe kernel.syscall.getxattr.return =
- kernel.function("sys_getxattr").return {
- name = "getxattr.return"
- }
+ kernel.function("sys_getxattr").return {
+ name = "getxattr.return"
+ }
# lgetxattr________________________________________
-/* asmlinkage ssize_t sys_lgetxattr(char __user *path,
- char __user *name,
- void __user *value,
- size_t size) */
+/*
+ * asmlinkage ssize_t
+ * sys_lgetxattr(char __user *path,
+ * char __user *name,
+ * void __user *value,
+ * size_t size)
+ */
probe kernel.syscall.lgetxattr =
- kernel.function("sys_lgetxattr") {
- name = "lgetxattr"
- /*
- path = $path
- name = $name
- void __user *value
- */
- size = $size
- }
-
+ kernel.function("sys_lgetxattr") {
+ name = "lgetxattr"
+ path_uaddr = $path
+ name_uaddr = $name
+ /*
+ void __user *value
+ */
+ size = $size
+ }
probe kernel.syscall.lgetxattr.return =
- kernel.function("sys_lgetxattr").return {
- name = "lgetxattr.return"
- /*
- path = $path
- name = $name
- void __user *value
- */
- size = $size
- }
+ kernel.function("sys_lgetxattr").return {
+ name = "lgetxattr.return"
+ }
# fgetxattr________________________________________
-/* asmlinkage ssize_t
- sys_fgetxattr(int fd, char __user *name,
- void __user *value, size_t size) */
+/*
+ * asmlinkage ssize_t
+ * sys_fgetxattr(int fd,
+ * char __user *name,
+ * void __user *value,
+ * size_t size)
+ */
probe kernel.syscall.fgetxattr =
- kernel.function("sys_fgetxattr") {
- name = "fgetxattr"
- fildes = $fd
- /*
- path = $name
- void __user *value
- */
- size = $size
- }
-
+ kernel.function("sys_fgetxattr") {
+ name = "fgetxattr"
+ fildes = $fd
+ path_uaddr = $name
+ /*
+ void __user *value
+ */
+ size = $size
+ }
probe kernel.syscall.fgetxattr.return =
- kernel.function("sys_fgetxattr").return {
- name = "fgetxattr.return"
- name = "fgetxattr"
- fildes = $fd
- /*
- path = $name
- void __user *value
- */
- size = $size
- }
+ kernel.function("sys_fgetxattr").return {
+ name = "fgetxattr.return"
+ }
# listxattr________________________________________
-/* asmlinkage ssize_t
- sys_listxattr(char __user *path, char __user *list,
- size_t size) */
+/*
+ * asmlinkage ssize_t
+ * sys_listxattr(char __user *path,
+ * char __user *list,
+ * size_t size)
+ */
probe kernel.syscall.listxattr =
- kernel.function("sys_listxattr") {
- name = "listxattr"
- /*
- path = $path
- */
- size = $size
- }
-
+ kernel.function("sys_listxattr") {
+ name = "listxattr"
+ path_uaddr = $path
+ list_uaddr = $list
+ size = $size
+ }
probe kernel.syscall.listxattr.return =
- kernel.function("sys_listxattr").return {
- name = "listxattr.return"
- /*
- path = $path
- char __user *list
- */
- size = $size
- }
+ kernel.function("sys_listxattr").return {
+ name = "listxattr.return"
+ }
# llistxattr_______________________________________
-/* asmlinkage ssize_t
- sys_llistxattr(char __user *path, char __user *list,
- size_t size) */
+/*
+ * asmlinkage ssize_t
+ * sys_llistxattr(char __user *path,
+ * char __user *list,
+ * size_t size)
+ */
probe kernel.syscall.llistxattr =
- kernel.function("sys_llistxattr") {
- name = "llistxattr"
- /*
- path = $path
- */
- size = $size
- }
-
+ kernel.function("sys_llistxattr") {
+ name = "llistxattr"
+ path_uaddr = $path
+ list_uaddr = $list
+ size = $size
+ }
probe kernel.syscall.llistxattr.return =
- kernel.function("sys_llistxattr").return {
- name = "llistxattr.return"
- /*
- path = $path
- char __user *list
- */
- size = $size
- }
+ kernel.function("sys_llistxattr").return {
+ name = "llistxattr.return"
+ }
# flistxattr_______________________________________
-/* asmlinkage ssize_t
- sys_flistxattr(int fd, char __user *list, size_t size) */
+/*
+ * asmlinkage ssize_t
+ * sys_flistxattr(int fd,
+ * char __user *list,
+ * size_t size)
+ */
probe kernel.syscall.flistxattr =
- kernel.function("sys_flistxattr") {
- name = "flistxattr"
- fildes = $fd
- size = $size
- }
-
+ kernel.function("sys_flistxattr") {
+ name = "flistxattr"
+ fildes = $fd
+ list_uaddr = $list
+ size = $size
+ }
probe kernel.syscall.flistxattr.return =
- kernel.function("sys_flistxattr").return {
- name = "flistxattr.return"
- fildes = $fd
- /*
- char __user *list
- */
- size = $size
- }
+ kernel.function("sys_flistxattr").return {
+ name = "flistxattr.return"
+ }
# removexattr______________________________________
-/* asmlinkage long
- sys_removexattr(char __user *path, char __user *name) */
+/*
+ * asmlinkage long
+ * sys_removexattr(char __user *path,
+ * char __user *name)
+ */
probe kernel.syscall.removexattr =
- kernel.function("sys_removexattr") {
- name = "removexattr"
- /*
- path = $path
- name = $name
- */
- }
-
+ kernel.function("sys_removexattr") {
+ name = "removexattr"
+ path_uaddr = $path
+ name_uaddr = $name
+ }
probe kernel.syscall.removexattr.return =
- kernel.function("sys_removexattr").return {
- name = "removexattr.return"
- /*
- path = $path
- name = $name
- */
- }
+ kernel.function("sys_removexattr").return {
+ name = "removexattr.return"
+ }
# lremovexattr_____________________________________
-/* asmlinkage long
- sys_lremovexattr(char __user *path, char __user *name) */
+/*
+ * asmlinkage long
+ * sys_lremovexattr(char __user *path,
+ * char __user *name)
+ */
probe kernel.syscall.lremovexattr =
- kernel.function("sys_lremovexattr") {
- name = "lremovexattr"
- /*
- path = $path
- name = $name
- */
- }
-
+ kernel.function("sys_lremovexattr") {
+ name = "lremovexattr"
+ path_uaddr = $path
+ name_uaddr = $name
+ }
probe kernel.syscall.lremovexattr.return =
- kernel.function("sys_lremovexattr").return {
- name = "lremovexattr.return"
- /*
- path = $path
- name = $name
- */
- }
+ kernel.function("sys_lremovexattr").return {
+ name = "lremovexattr.return"
+ }
# fremovexattr_____________________________________
-/* asmlinkage long sys_fremovexattr(int fd,
- char __user *name) */
+/*
+ * asmlinkage long
+ * sys_fremovexattr(int fd,
+ * char __user *name)
+ */
probe kernel.syscall.fremovexattr =
- kernel.function("sys_fremovexattr") {
- name = "fremovexattr"
- filedes = $fd
- /*
- name = $name
- */
- }
-
+ kernel.function("sys_fremovexattr") {
+ name = "fremovexattr"
+ filedes = $fd
+ name_uaddr = $name
+ }
probe kernel.syscall.fremovexattr.return =
- kernel.function("sys_fremovexattr").return {
- name = "fremovexattr.return"
- filedes = $fd
- /*
- name = $name
- */
- }
+ kernel.function("sys_fremovexattr").return {
+ name = "fremovexattr.return"
+ }
# brk______________________________________________
-/* asmlinkage unsigned long sys_brk(unsigned long brk) */
+/*
+ * asmlinkage unsigned long
+ * sys_brk(unsigned long brk)
+ */
probe kernel.syscall.brk =
- kernel.function("sys_brk") {
- name = "brk"
- brk = $brk
- }
-
+ kernel.function("sys_brk") {
+ name = "brk"
+ brk = $brk
+ }
probe kernel.syscall.brk.return =
- kernel.function("sys_brk").return {
- name = "brk.return"
- brk = $brk
- }
+ kernel.function("sys_brk").return {
+ name = "brk.return"
+ }
# mprotect_________________________________________
-/* asmlinkage long sys_mprotect(unsigned long start,
- size_t len,
- unsigned long prot) */
+/*
+ * asmlinkage long
+ * sys_mprotect(unsigned long start,
+ * size_t len,
+ * unsigned long prot)
+ */
probe kernel.syscall.mprotect =
- kernel.function("sys_mprotect") {
- name = "mprotect"
- addr = $start
- len = $len
- prot = $prot
- prot_str =
- _mprotect_prot_str($prot)
- }
-
+ kernel.function("sys_mprotect") {
+ name = "mprotect"
+ addr = $start
+ len = $len
+ prot = $prot
+ prot_str = _mprotect_prot_str($prot)
+ }
probe kernel.syscall.mprotect.return =
- kernel.function("sys_mprotect").return {
- name = "mprotect.return"
- addr = $start
- len = $len
- prot = $prot
- prot_str =
- _mprotect_prot_str($prot)
- }
+ kernel.function("sys_mprotect").return {
+ name = "mprotect.return"
+ }
# mremap___________________________________________
-/* asmlinkage unsigned long sys_mremap(unsigned long addr,
- unsigned long old_len, unsigned long new_len,
- unsigned long flags, unsigned long new_addr) */
+/*
+ * asmlinkage unsigned long
+ * sys_mremap(unsigned long addr,
+ * unsigned long old_len,
+ * unsigned long new_len,
+ * unsigned long flags,
+ * unsigned long new_addr)
+ */
probe kernel.syscall.mremap =
- kernel.function("sys_mremap") {
- name = "mremap"
- old_address = $addr
- old_size = $old_len
- new_size = $new_len
- flags = $flags
- new_address = $new_addr
- }
-
+ kernel.function("sys_mremap") {
+ name = "mremap"
+ old_address = $addr
+ old_size = $old_len
+ new_size = $new_len
+ flags = $flags
+ new_address = $new_addr
+ }
probe kernel.syscall.mremap.return =
- kernel.function("sys_mremap").return {
- name = "mremap.return"
- old_address = $addr
- old_size = $old_len
- new_size = $new_len
- flags = $flags
- new_address = $new_addr
- }
+ kernel.function("sys_mremap").return {
+ name = "mremap.return"
+ }
# remap_file_pages_________________________________
-/* asmlinkage long sys_remap_file_pages(unsigned long start,
- unsigned long size,
- unsigned long __prot,
- unsigned long pgoff,
- unsigned long flags)*/
+/*
+ * asmlinkage long
+ * sys_remap_file_pages(unsigned long start,
+ * unsigned long size,
+ * unsigned long __prot,
+ * unsigned long pgoff,
+ * unsigned long flags)
+ */
probe kernel.syscall.remap_file_pages =
- kernel.function("sys_remap_file_pages") {
- name = "remap_file_pages"
- start = $start
- size = $size
- prot = $__prot
- pgoff = $pgoff
- flags = $flags
- }
-
+ kernel.function("sys_remap_file_pages") {
+ name = "remap_file_pages"
+ start = $start
+ size = $size
+ prot = $__prot
+ pgoff = $pgoff
+ flags = $flags
+ }
probe kernel.syscall.remap_file_pages.return =
- kernel.function("sys_remap_file_pages").return {
- name = "remap_file_pages.return"
- start = $start
- size = $size
- prot = $__prot
- pgoff = $pgoff
- flags = $flags
- }
+ kernel.function("sys_remap_file_pages").return {
+ name = "remap_file_pages.return"
+ }
# msync____________________________________________
-/* asmlinkage long sys_msync(unsigned long start,
- size_t len,
- int flags)*/
+/*
+ * asmlinkage long
+ * sys_msync(unsigned long start,
+ * size_t len,
+ * int flags)
+ */
probe kernel.syscall.msync =
- kernel.function("sys_msync") {
- name = "msync"
- start = $start
- length = $len
- flags = $flags
- flags_str = _msync_flag_str($flags)
- }
-
+ kernel.function("sys_msync") {
+ name = "msync"
+ start = $start
+ length = $len
+ flags = $flags
+ flags_str = _msync_flag_str($flags)
+ }
probe kernel.syscall.msync.return =
- kernel.function("sys_msync").return {
- name = "msync.return"
- start = $start
- length = $len
- flags = $flags
- flags_str = _msync_flag_str($flags)
- }
+ kernel.function("sys_msync").return {
+ name = "msync.return"
+ }
# fadvise64________________________________________
-/* asmlinkage long sys_fadvise64_64(int fd,
- loff_t offset,
- loff_t len,
- int advice) */
+/*
+ * asmlinkage long
+ * sys_fadvise64_64(int fd,
+ * loff_t offset,
+ * loff_t len,
+ * int advice)
+ */
probe kernel.syscall.fadvise64 =
- kernel.function("sys_fadvise64_64") {
- name = "fadvise64"
- fs = $fd
- offset = $offset
- len = $len
- advice = $advice
- /*
- advice_str =
- _advise_advice_str($advice)
- */
- }
-
+ kernel.function("sys_fadvise64_64") {
+ name = "fadvise64"
+ fd = $fd
+ offset = $offset
+ len = $len
+ advice = $advice
+ }
probe kernel.syscall.fadvise64.return =
- kernel.function("sys_fadvise64_64").return {
- name = "fadvise64.return"
- fs = $fd
- offset = $offset
- len = $len
- advice = $advice
- /*
- advice_str =
- _advise_advice_str($advice)
- */
- }
+ kernel.function("sys_fadvise64_64").return {
+ name = "fadvise64.return"
+ }
# fadvise64_64_____________________________________
-/* asmlinkage long sys_fadvise64_64(int fd,
- loff_t offset,
- loff_t len,
- int advice) */
+/*
+ * asmlinkage long
+ * sys_fadvise64_64(int fd,
+ * loff_t offset,
+ * loff_t len,
+ * int advice)
+ */
probe kernel.syscall.fadvise64_64 =
- kernel.function("sys_fadvise64_64") {
- name = "fadvise64_64"
- fs = $fd
- offset = $offset
- len = $len
- advice = $advice
- /*
- advice_str =
- _advise_advice_str($advice)
- */
- }
-
+ kernel.function("sys_fadvise64_64") {
+ name = "fadvise64_64"
+ fs = $fd
+ offset = $offset
+ len = $len
+ advice = $advice
+ }
probe kernel.syscall.fadvise64_64.return =
- kernel.function("sys_fadvise64_64").return {
- name = "fadvise64_64.return"
- fs = $fd
- offset = $offset
- len = $len
- advice = $advice
- /*
- advice_str =
- _advise_advice_str($advice)
- */
- }
+ kernel.function("sys_fadvise64_64").return {
+ name = "fadvise64_64.return"
+ }
# munmap___________________________________________
-/* asmlinkage long sys_munmap(unsigned long addr, size_t len) */
+/*
+ * asmlinkage long
+ * sys_munmap(unsigned long addr,
+ * size_t len)
+ */
probe kernel.syscall.munmap =
- kernel.function("sys_munmap") {
- name = "munmap"
- start = $addr
- length = $len
- }
-
+ kernel.function("sys_munmap") {
+ name = "munmap"
+ start = $addr
+ length = $len
+ }
probe kernel.syscall.munmap.return =
- kernel.function("sys_munmap").return {
- name = "munmap.return"
- start = $addr
- length = $len
- }
+ kernel.function("sys_munmap").return {
+ name = "munmap.return"
+ }
# mlock____________________________________________
-/* asmlinkage long sys_mlock(unsigned long start, size_t len) */
+/*
+ * asmlinkage long
+ * sys_mlock(unsigned long start,
+ * size_t len)
+ */
probe kernel.syscall.mlock =
- kernel.function("sys_mlock") {
- name = "mlock"
- addr = $start
- len = $len
- }
-
+ kernel.function("sys_mlock") {
+ name = "mlock"
+ addr = $start
+ len = $len
+ }
probe kernel.syscall.mlock.return =
- kernel.function("sys_mlock").return {
- name = "mlock.return"
- addr = $start
- len = $len
- }
+ kernel.function("sys_mlock").return {
+ name = "mlock.return"
+ }
# munlock__________________________________________
-/* asmlinkage long sys_munlock(unsigned long start, size_t len) */
-probe kernel.syscall.munlock =
- kernel.function("sys_munlock") {
- name = "munlock"
- addr = $start
- len = $len
- }
-
+/*
+ * asmlinkage long
+ * sys_munlock(unsigned long start,
+ * size_t len)
+ */
+probe kernel.syscall.munlock =
+ kernel.function("sys_munlock") {
+ name = "munlock"
+ addr = $start
+ len = $len
+ }
probe kernel.syscall.munlock.return =
- kernel.function("sys_munlock").return {
- name = "munlock.return"
- addr = $start
- len = $len
- }
+ kernel.function("sys_munlock").return {
+ name = "munlock.return"
+ }
# mlockall_________________________________________
-/* asmlinkage long sys_mlockall(int flags) */
+/*
+ * asmlinkage long
+ * sys_mlockall(int flags)
+ */
probe kernel.syscall.mlockall =
- kernel.function("sys_mlockall") {
- name = "mlockall"
- flags = $flags
- flags_str =
- _mlockall_flags_str($flags)
- }
-
+ kernel.function("sys_mlockall") {
+ name = "mlockall"
+ flags = $flags
+ flags_str = _mlockall_flags_str($flags)
+ }
probe kernel.syscall.mlockall.return =
- kernel.function("sys_mlockall").return {
- name = "mlockall.return"
- flags = $flags
- flags_str =
- _mlockall_flags_str($flags)
- }
+ kernel.function("sys_mlockall").return {
+ name = "mlockall.return"
+ }
# munlockall_______________________________________
-/* smlinkage long sys_mlockall(int flags) */
+/*
+ * asmlinkage long
+ * sys_munlockall(void)
+ */
probe kernel.syscall.munlockall =
- kernel.function("sys_munlockall") {
- name = "munlockall"
- flags = $flags
- flags_str =
- _mlockall_flags_str($flags)
- }
-
+ kernel.function("sys_munlockall") {
+ name = "munlockall"
+ }
probe kernel.syscall.munlockall.return =
- kernel.function("sys_munlockall").return {
- name = "munlockall.return"
- flags = $flags
- flags_str =
- _mlockall_flags_str($flags)
- }
+ kernel.function("sys_munlockall").return {
+ name = "munlockall.return"
+ }
# madvise__________________________________________
-/* asmlinkage long sys_madvise(unsigned long start,
- size_t len_in,
- int behavior) */
+/*
+ * asmlinkage long
+ * sys_madvise(unsigned long start,
+ * size_t len_in,
+ * int behavior)
+ */
probe kernel.syscall.madvise =
- kernel.function("sys_madvise") {
- name = "madvise"
- start = $start
- length = $len_in
- advice = $behavior
- advice_str =
- _madvice_advice_str($behavior)
- }
-
+ kernel.function("sys_madvise") {
+ name = "madvise"
+ start = $start
+ length = $len_in
+ advice = $behavior
+ advice_str = _madvice_advice_str($behavior)
+ }
probe kernel.syscall.madvise.return =
- kernel.function("sys_madvise").return {
- name = "madvise.return"
- start = $start
- length = $len_in
- advice = $behavior
- advice_str =
- _madvice_advice_str($behavior)
- }
+ kernel.function("sys_madvise").return {
+ name = "madvise.return"
+ }
# mincore__________________________________________
-/* asmlinkage long sys_mincore(unsigned long start,
- size_t len,
- unsigned char __user * vec) */
+/*
+ * asmlinkage long
+ * sys_mincore(unsigned long start,
+ * size_t len,
+ * unsigned char __user * vec)
+ */
probe kernel.syscall.mincore =
- kernel.function("sys_mincore") {
- name = "mincore"
- start = $start
- length = $len
- }
-
+ kernel.function("sys_mincore") {
+ name = "mincore"
+ start = $start
+ length = $len
+ vec_uaddr = $vec
+ }
probe kernel.syscall.mincore.return =
- kernel.function("sys_mincore").return {
- name = "mincore.return"
- start = $start
- length = $len
- /*
- vec = $vec
- */
- }
+ kernel.function("sys_mincore").return {
+ name = "mincore.return"
+ }
# pivot_root_______________________________________
-/* asmlinkage long sys_pivot_root(const char __user *new_root,
- const char __user *put_old) */
+/*
+ * asmlinkage long
+ * sys_pivot_root(const char __user *new_root,
+ * const char __user *put_old)
+ */
probe kernel.syscall.pivot_root =
- kernel.function("sys_pivot_root") {
- name = "pivot_root"
- /*
- new_root = $new_root
- old_root = $old_root
- */
- }
-
+ kernel.function("sys_pivot_root") {
+ name = "pivot_root"
+ new_root_uaddr = $new_root
+ old_root_uaddr = $put_old
+ }
probe kernel.syscall.pivot_root.return =
- kernel.function("sys_pivot_root").return {
- name = "pivot_root.return"
- /*
- new_root = $new_root
- old_root = $old_root
- */
- }
+ kernel.function("sys_pivot_root").return {
+ name = "pivot_root.return"
+ }
# chroot___________________________________________
-/* asmlinkage long sys_chroot(const char __user * filename) */
+/*
+ * asmlinkage long
+ * sys_chroot(const char __user * filename)
+ */
probe kernel.syscall.chroot =
- kernel.function("sys_chroot") {
- name = "chroot"
- /*
- path = $filename
- */
- }
-
+ kernel.function("sys_chroot") {
+ name = "chroot"
+ path_uaddr = $filename
+ }
probe kernel.syscall.chroot.return =
- kernel.function("sys_chroot").return {
- name = "chroot.return"
- /*
- path = $filename
- */
- }
+ kernel.function("sys_chroot").return {
+ name = "chroot.return"
+ }
# mknod____________________________________________
-/* asmlinkage long sys_mknod(const char __user * filename,
- int mode, unsigned dev) */
+/*
+ * asmlinkage long
+ * sys_mknod(const char __user * filename,
+ * int mode,
+ * unsigned dev)
+ */
probe kernel.syscall.mknod =
- kernel.function("sys_mknod") {
- name = "mknod"
- /*
- pathname = $filename
- */
- mode = $mode
- mode_str =
- _mknod_mode_str($mode)
- dev = $dev
- }
-
+ kernel.function("sys_mknod") {
+ name = "mknod"
+ pathname_uaddr = $filename
+ mode = $mode
+ mode_str = _mknod_mode_str($mode)
+ dev = $dev
+ }
probe kernel.syscall.mknod.return =
- kernel.function("sys_mknod").return {
- name = "mknod.return"
- /*
- pathname = $filename
- */
- mode = $mode
- mode_str =
- _mknod_mode_str($mode)
- dev = $dev
- }
+ kernel.function("sys_mknod").return {
+ name = "mknod.return"
+ }
# link_____________________________________________
-/* asmlinkage long sys_link(const char __user * oldname,
- const char __user * newname) */
+/*
+ * asmlinkage long
+ * sys_link(const char __user * oldname,
+ * const char __user * newname)
+ */
probe kernel.syscall.link =
- kernel.function("sys_link") {
- name = "link"
- /*
- oldpath = $oldname
- newpath = $newpath
- */
- }
-
+ kernel.function("sys_link") {
+ name = "link"
+ oldpath_uaddr = $oldname
+ newpath_uaddr = $newname
+ }
probe kernel.syscall.link.return =
- kernel.function("sys_link").return {
- name = "link.return"
- /*
- oldpath = $oldname
- newpath = $newpath
- */
- }
+ kernel.function("sys_link").return {
+ name = "link.return"
+ }
# symlink__________________________________________
-/* asmlinkage long sys_symlink(const char __user * oldname,
- const char __user * newname) */
+/*
+ * asmlinkage long
+ * sys_symlink(const char __user * oldname,
+ * const char __user * newname)
+ */
probe kernel.syscall.symlink =
- kernel.function("sys_symlink") {
- name = "symlink"
- /*
- oldpath = $oldname
- newpath = $newpath
- */
- }
-
+ kernel.function("sys_symlink") {
+ name = "symlink"
+ oldpath_uaddr = $oldname
+ newpath_uaddr = $newname
+ }
probe kernel.syscall.symlink.return =
- kernel.function("sys_symlink").return {
- name = "symlink.return"
- /*
- oldpath = $oldname
- newpath = $newpath
- */
- }
+ kernel.function("sys_symlink").return {
+ name = "symlink.return"
+ }
# unlink___________________________________________
-/* asmlinkage long sys_unlink(const char __user * pathname) */
+/*
+ * asmlinkage long
+ * sys_unlink(const char __user * pathname)
+ */
probe kernel.syscall.unlink =
- kernel.function("sys_unlink") {
- name = "unlink"
- /*
- pathname = $pathname
- */
- }
-
+ kernel.function("sys_unlink") {
+ name = "unlink"
+ pathname_uaddr = $pathname
+ }
probe kernel.syscall.unlink.return =
- kernel.function("sys_unlink").return {
- name = "unlink.return"
- /*
- pathname = $pathname
- */
- }
+ kernel.function("sys_unlink").return {
+ name = "unlink.return"
+ }
# rename___________________________________________
-/* asmlinkage long sys_rename(const char __user * oldname,
- const char __user * newname) */
+/*
+ * asmlinkage long
+ * sys_rename(const char __user * oldname,
+ * const char __user * newname)
+ */
probe kernel.syscall.rename =
- kernel.function("sys_rename") {
- name = "rename"
- /*
- oldpath = $oldname
- newpath = $newname
- */
- }
-
+ kernel.function("sys_rename") {
+ name = "rename"
+ oldpath_uaddr = $oldname
+ newpath_uaddr = $newname
+ }
probe kernel.syscall.rename.return =
- kernel.function("sys_rename").return {
- name = "rename.return"
- /*
- oldpath = $oldname
- newpath = $newname
- */
- }
+ kernel.function("sys_rename").return {
+ name = "rename.return"
+ }
# chmod____________________________________________
-/* asmlinkage long sys_chmod(const char __user * filename,
- mode_t mode) */
+/*
+ * asmlinkage long
+ * sys_chmod(const char __user * filename,
+ * mode_t mode)
+ */
probe kernel.syscall.chmod =
- kernel.function("sys_chmod") {
- name = "chmod"
- /*
- path = $filename
- */
- mode = $mode
- mode_str = _sys_open_mode_str($mode)
- }
-
+ kernel.function("sys_chmod") {
+ name = "chmod"
+ path_uaddr = $filename
+ mode = $mode
+ mode_str = _sys_open_mode_str($mode)
+ }
probe kernel.syscall.chmod.return =
- kernel.function("sys_chmod").return {
- name = "chmod.return"
- /*
- path = $filename
- */
- mode = $mode
- mode_str = _sys_open_mode_str($mode)
- }
+ kernel.function("sys_chmod").return {
+ name = "chmod.return"
+ }
# fchmod___________________________________________
-/* asmlinkage long sys_fchmod(unsigned int fd, mode_t mode) */
+/*
+ * asmlinkage long
+ * sys_fchmod(unsigned int fd,
+ * mode_t mode)
+ */
probe kernel.syscall.fchmod =
- kernel.function("sys_fchmod") {
- name = "fchmod"
- fildes = $fd
- mode = $mode
- mode_str = _sys_open_mode_str($mode)
- }
-
+ kernel.function("sys_fchmod") {
+ name = "fchmod"
+ fildes = $fd
+ mode = $mode
+ mode_str = _sys_open_mode_str($mode)
+ }
probe kernel.syscall.fchmod.return =
- kernel.function("sys_fchmod").return {
- name = "fchmod.return"
- fildes = $fd
- mode = $mode
- mode_str = _sys_open_mode_str($mode)
- }
+ kernel.function("sys_fchmod").return {
+ name = "fchmod.return"
+ }
# fcntl____________________________________________
-/* asmlinkage long sys_fcntl(int fd, unsigned int cmd, unsigned long arg) */
+/*
+ * asmlinkage long
+ * sys_fcntl(int fd,
+ * unsigned int cmd,
+ * unsigned long arg)
+ */
probe kernel.syscall.fcntl =
- kernel.function("sys_fcntl") {
- name = "fcntl"
- fd = $fd
- cmd = $cmd
- cmd_str = _fcntl_cmd_str($cmd)
- arg = $arg
- }
-
+ kernel.function("sys_fcntl") {
+ name = "fcntl"
+ fd = $fd
+ cmd = $cmd
+ cmd_str = _fcntl_cmd_str($cmd)
+ arg = $arg
+ }
probe kernel.syscall.fcntl.return =
- kernel.function("sys_fcntl").return {
- name = "fcntl.return"
- fd = $fd
- cmd = $cmd
- cmd_str = _fcntl_cmd_str($cmd)
- arg = $arg
- }
+ kernel.function("sys_fcntl").return {
+ name = "fcntl.return"
+ }
# fcntl64__________________________________________
-/* asmlinkage long sys_fcntl64(unsigned int fd,
- unsigned int cmd,
- unsigned long arg) */
+/*
+ * asmlinkage long
+ * sys_fcntl64(unsigned int fd,
+ * unsigned int cmd,
+ * unsigned long arg)
+ */
probe kernel.syscall.fcntl64 =
- kernel.function("sys_fcntl64") {
- name = "fcntl64"
- fd = $fd
- cmd = $cmd
- cmd_str = _fcntl_cmd_str($cmd)
- arg = $arg
- }
-
+ kernel.function("sys_fcntl64") {
+ name = "fcntl64"
+ fd = $fd
+ cmd = $cmd
+ cmd_str = _fcntl_cmd_str($cmd)
+ arg = $arg
+ }
probe kernel.syscall.fcntl64.return =
- kernel.function("sys_fcntl64").return {
- name = "fcntl64.return"
- fd = $fd
- cmd = $cmd
- cmd_str = _fcntl_cmd_str($cmd)
- arg = $arg
- }
+ kernel.function("sys_fcntl64").return {
+ name = "fcntl64.return"
+ fd = $fd
+ }
# dup______________________________________________
-/* asmlinkage long sys_dup(unsigned int fildes) */
+/*
+ * asmlinkage long
+ * sys_dup(unsigned int fildes)
+ */
probe kernel.syscall.dup =
- kernel.function("sys_dup") {
- name = "dup"
- oldfd = $fildes
- }
-
+ kernel.function("sys_dup") {
+ name = "dup"
+ oldfd = $fildes
+ }
probe kernel.syscall.dup.return =
- kernel.function("sys_dup").return {
- name = "dup.return"
- oldfd = $fildes
- }
+ kernel.function("sys_dup").return {
+ name = "dup.return"
+ }
# dup2_____________________________________________
-/* asmlinkage long sys_dup2(unsigned int oldfd,
- unsigned int newfd) */
+/*
+ * asmlinkage long
+ * sys_dup2(unsigned int oldfd,
+ * unsigned int newfd)
+ */
probe kernel.syscall.dup2 =
- kernel.function("sys_dup2") {
- name = "dup2"
- oldfd = $oldfd
- newfd = $newfd
- }
-
+ kernel.function("sys_dup2") {
+ name = "dup2"
+ oldfd = $oldfd
+ newfd = $newfd
+ }
probe kernel.syscall.dup2.return =
- kernel.function("sys_dup2").return {
- name = "dup2.return"
- oldfd = $oldfd
- newfd = $newfd
- }
+ kernel.function("sys_dup2").return {
+ name = "dup2.return"
+ }
# ioperm___________________________________________
-/* asmlinkage long sys_ioperm(unsigned long from,
- unsigned long num,
- int turn_on) */
+/*
+ * asmlinkage long
+ * sys_ioperm(unsigned long from,
+ * unsigned long num,
+ * int turn_on)
+ */
probe kernel.syscall.ioperm =
- kernel.function("sys_ioperm") {
- name = "ioperm"
- from = $from
- num = $num
- turn_on = $turn_on
- }
-
+ kernel.function("sys_ioperm") {
+ name = "ioperm"
+ from = $from
+ num = $num
+ turn_on = $turn_on
+ }
probe kernel.syscall.ioperm.return =
- kernel.function("sys_ioperm").return {
- name = "ioperm.return"
- from = $from
- num = $num
- turn_on = $turn_on
- }
+ kernel.function("sys_ioperm").return {
+ name = "ioperm.return"
+ }
# ioctl____________________________________________
-/* asmlinkage long sys_ioctl(unsigned int fd,
- unsigned int cmd,
- unsigned long arg) */
+/*
+ * asmlinkage long
+ * sys_ioctl(unsigned int fd,
+ * unsigned int cmd,
+ * unsigned long arg)
+ */
probe kernel.syscall.ioctl =
- kernel.function("sys_ioctl") {
- name = "ioctl"
- /*
- d = $fd
- request = $cmd
- argp = $arg
- */
- }
-
+ kernel.function("sys_ioctl") {
+ name = "ioctl"
+ fd = $fd
+ request = $cmd
+ argp = $arg
+ }
probe kernel.syscall.ioctl.return =
- kernel.function("sys_ioctl").return {
- name = "ioctl.return"
- /*
- d = $fd
- request = $cmd
- argp = $arg
- */
- }
+ kernel.function("sys_ioctl").return {
+ name = "ioctl.return"
+ }
# flock____________________________________________
-/* asmlinkage long sys_flock(unsigned int fd,
- unsigned int cmd) */
+/*
+ * asmlinkage long
+ * sys_flock(unsigned int fd,
+ * unsigned int cmd)
+ */
probe kernel.syscall.flock =
- kernel.function("sys_flock") {
- name = "flock"
- fd = $fd
- operation = $cmd
- operation_str =
- _flock_cmd_str($cmd)
- }
-
+ kernel.function("sys_flock") {
+ name = "flock"
+ fd = $fd
+ operation = $cmd
+ }
probe kernel.syscall.flock.return =
- kernel.function("sys_flock").return {
- name = "flock.return"
- fd = $fd
- operation = $cmd
- operation_str =
- _flock_cmd_str($cmd)
- }
+ kernel.function("sys_flock").return {
+ name = "flock.return"
+ }
# io_setup_________________________________________
-/* asmlinkage long sys_io_setup(unsigned nr_events,
- aio_context_t __user *ctxp) */
+/*
+ * asmlinkage long
+ * sys_io_setup(unsigned nr_events,
+ * aio_context_t __user *ctxp)
+ */
probe kernel.syscall.io_setup =
- kernel.function("sys_io_setup") {
- name = "io_setup"
- maxevents = $nr_events
- }
-
+ kernel.function("sys_io_setup") {
+ name = "io_setup"
+ maxevents = $nr_events
+ ctxp_uaddr = $ctxp
+ }
probe kernel.syscall.io_setup.return =
- kernel.function("sys_io_setup").return {
- name = "io_setup.return"
- maxevents = $nr_events
- /*
- ctxp = $ctxp
- */
- }
+ kernel.function("sys_io_setup").return {
+ name = "io_setup.return"
+ }
# io_destroy_______________________________________
-/* asmlinkage long sys_io_destroy(aio_context_t ctx) */
+/*
+ * asmlinkage long
+ * sys_io_destroy(aio_context_t ctx)
+ */
probe kernel.syscall.io_destroy =
- kernel.function("sys_io_destroy") {
- name = "io_destroy"
- ctx = $ctx
- }
-
+ kernel.function("sys_io_destroy") {
+ name = "io_destroy"
+ ctx = $ctx
+ }
probe kernel.syscall.io_destroy.return =
- kernel.function("sys_io_destroy").return {
- name = "io_destroy.return"
- ctx = $ctx
- }
+ kernel.function("sys_io_destroy").return {
+ name = "io_destroy.return"
+ }
# io_getevents_____________________________________
-/* asmlinkage long sys_io_getevents(aio_context_t ctx_id,
- long min_nr,
- long nr,
- struct io_event __user *events,
- struct timespec __user *timeout) */
+/*
+ * asmlinkage long
+ * sys_io_getevents(aio_context_t ctx_id,
+ * long min_nr,
+ * long nr,
+ * struct io_event __user *events,
+ * struct timespec __user *timeout)
+ */
probe kernel.syscall.io_getevents =
- kernel.function("sys_io_getevents") {
- name = "io_getevents"
- ctx_id = $ctx_id
- min_nr = $min_nr
- nr = $nr
- /*
- timeout_tv_sec = $timeout->tv_sec
- timeout_tv_usec = $timeout->tv_usec
- */
- }
-
+ kernel.function("sys_io_getevents") {
+ name = "io_getevents"
+ ctx_id = $ctx_id
+ min_nr = $min_nr
+ nr = $nr
+ events_uaddr = $events
+ timeout_uaddr = $timeout
+ }
probe kernel.syscall.io_getevents.return =
- kernel.function("sys_io_getevents").return {
- name = "io_getevents.return"
- ctx_id = $ctx_id
- min_nr = $min_nr
- nr = $nr
- /*
- events_data = $events->data
- events_obj = $events->obj
- events_res = $events->res
- events_res2 = $events->res2
-
- timeout_tv_sec = $timeout->tv_sec
- timeout_tv_usec = $timeout->tv_usec
- */
- }
+ kernel.function("sys_io_getevents").return {
+ name = "io_getevents.return"
+ }
# io_submit________________________________________
-/* asmlinkage long sys_io_submit(aio_context_t ctx_id, long nr,
- struct iocb __user * __user *iocbpp) */
+/*
+ * asmlinkage long
+ * sys_io_submit(aio_context_t ctx_id,
+ * long nr,
+ * struct iocb __user * __user *iocbpp)
+ */
probe kernel.syscall.io_submit =
- kernel.function("sys_io_submit") {
- name = "io_submit"
- ctx_id = $ctx_id
- nr = $nr
- /*
- struct iocb __user * __user *iocbpp
- iocbpp should be an array of nr AIO request blocks
- */
- }
-
+ kernel.function("sys_io_submit") {
+ name = "io_submit"
+ ctx_id = $ctx_id
+ nr = $nr
+ iocbpp_uaddr = $iocbpp
+}
probe kernel.syscall.io_submit.return =
- kernel.function("sys_io_submit").return {
- name = "io_submit.return"
- ctx_id = $ctx_id
- nr = $nr
- /*
- struct iocb __user * __user *iocbpp
- iocbpp should be an array of nr AIO request blocks
- */
- }
+ kernel.function("sys_io_submit").return {
+ name = "io_submit.return"
+ }
# io_cancel________________________________________
-/* asmlinkage long sys_io_cancel(aio_context_t ctx_id,
- struct iocb __user *iocb,
- struct io_event __user *result) */
+/*
+ * asmlinkage long
+ * sys_io_cancel(aio_context_t ctx_id,
+ * struct iocb __user *iocb,
+ * struct io_event __user *result)
+ */
probe kernel.syscall.io_cancel =
- kernel.function("sys_io_cancel") {
- name = "io_cancel"
- ctx_id = $ctx_id
- /*
- iocb_aio_data = $iocb->aio_data
- iocb_aio_key = $iocb->aio_key
- iocb_aio_reserved1 = $iocb->aio_reserved1
- iocb_aio_lio_opcode = $iocb->aio_lio_opcode
- iocb_aio_reqprio = $iocb->aio_reqprio
- iocb_aio_fildes = $iocb->aio_fildes
- iocb_aio_buf = $iocb->aio_buf
- iocb_aio_nbytes = $iocb->aio_nbytes
- iocb_aio_offset = $iocb->aio_offset
- iocb_aio_reserved2 = $iocb->aio_reserved2
- iocb_aio_reserved3 = $iocb->aio_reserved3
- */
- }
-
+ kernel.function("sys_io_cancel") {
+ name = "io_cancel"
+ ctx_id = $ctx_id
+ iocb_uaddr = $iocb
+ result_uaddr = $result
+ }
probe kernel.syscall.io_cancel.return =
- kernel.function("sys_io_cancel").return {
- name = "io_cancel.return"
- ctx_id = $ctx_id
- /*
- iocb_aio_data = $iocb->aio_data
- iocb_aio_key = $iocb->aio_key
- iocb_aio_reserved1 = $iocb->aio_reserved1
- iocb_aio_lio_opcode = $iocb->aio_lio_opcode
- iocb_aio_reqprio = $iocb->aio_reqprio
- iocb_aio_fildes = $iocb->aio_fildes
- iocb_aio_buf = $iocb->aio_buf
- iocb_aio_nbytes = $iocb->aio_nbytes
- iocb_aio_offset = $iocb->aio_offset
- iocb_aio_reserved2 = $iocb->aio_reserved2
- iocb_aio_reserved3 = $iocb->aio_reserved3
-
- result_data = $result->data
- result_obj = $result->obj
- result_res = $result->res
- result_res2 = $result->res2
- */
- }
+ kernel.function("sys_io_cancel").return {
+ name = "io_cancel.return"
+ }
# sendfile_________________________________________
-/* asmlinkage ssize_t sys_sendfile(int out_fd, int in_fd,
- off_t __user *offset,
- size_t count) */
+/*
+ * asmlinkage ssize_t
+ * sys_sendfile(int out_fd,
+ * int in_fd,
+ * off_t __user *offset,
+ * size_t count)
+ */
probe kernel.syscall.sendfile =
- kernel.function("sys_sendfile") {
- name = "sendfile"
- out_fd = $out_fd
- in_fd = $in_fd
- /*
- offset = $offset
- */
- count = $count
- }
-
+ kernel.function("sys_sendfile") {
+ name = "sendfile"
+ out_fd = $out_fd
+ in_fd = $in_fd
+ offset_uaddr = $offset
+ count = $count
+ }
probe kernel.syscall.sendfile.return =
- kernel.function("sys_sendfile").return {
- name = "sendfile.return"
- out_fd = $out_fd
- in_fd = $in_fd
- /*
- offset = $offset
- */
- count = $count
- }
+ kernel.function("sys_sendfile").return {
+ name = "sendfile.return"
+ }
# sendfile64_______________________________________
-/* asmlinkage ssize_t sys_sendfile64(int out_fd,
- int in_fd,
- loff_t __user *offset,
- size_t count) */
+/*
+ * asmlinkage ssize_t
+ * sys_sendfile64(int out_fd,
+ * int in_fd,
+ * loff_t __user *offset,
+ * size_t count)
+ */
probe kernel.syscall.sendfile64 =
- kernel.function("sys_sendfile64") {
- name = "sendfile64"
- out_fd = $out_fd
- in_fd = $in_fd
- /*
- offset = $offset
- */
- count = $count
- }
-
+ kernel.function("sys_sendfile64") {
+ name = "sendfile64"
+ out_fd = $out_fd
+ in_fd = $in_fd
+ offset_uaddr = $offset
+ count = $count
+ }
probe kernel.syscall.sendfile64.return =
- kernel.function("sys_sendfile64").return {
- name = "sendfile64.return"
- out_fd = $out_fd
- in_fd = $in_fd
- /*
- offset = $offset
- */
- count = $count
- }
+ kernel.function("sys_sendfile64").return {
+ name = "sendfile64.return"
+ }
# readlink_________________________________________
-/* asmlinkage long sys_readlink(const char __user * path,
- char __user * buf, int bufsiz) */
+/*
+ * asmlinkage long
+ * sys_readlink(const char __user * path,
+ * char __user * buf,
+ * int bufsiz)
+ */
probe kernel.syscall.readlink =
- kernel.function("sys_readlink") {
- name = "readlink"
- /*
- path = $path
- */
- bufsiz = $bufsiz
- }
-
+ kernel.function("sys_readlink") {
+ name = "readlink"
+ path_uaddr = $path
+ buf_uaddr = $buf
+ bufsiz = $bufsiz
+ }
probe kernel.syscall.readlink.return =
- kernel.function("sys_readlink").return {
- name = "readlink.return"
- /*
- path = $path
- buf = $buf
- */
- bufsiz = $bufsiz
- }
+ kernel.function("sys_readlink").return {
+ name = "readlink.return"
+ }
# creat____________________________________________
-/* asmlinkage long sys_creat(const char __user * pathname, int mode) */
+/*
+ * asmlinkage long
+ * sys_creat(const char __user * pathname,
+ * int mode)
+ */
probe kernel.syscall.creat =
- kernel.function("sys_open") {
- name = "creat"
- /*
- pathname = $pathname
- */
- mode = $mode
- mode_str =
- _sys_open_mode_str($mode)
- }
-
+ kernel.function("sys_open") {
+ name = "creat"
+ pathname_uaddr = $filename
+ mode = $mode
+ mode_str = _sys_open_mode_str($mode)
+ }
probe kernel.syscall.creat.return =
- kernel.function("sys_open").return {
- name = "creat.return"
- /*
- pathname = $pathname
- */
- mode = $mode
- mode_str =
- _sys_open_mode_str($mode)
- }
+ kernel.function("sys_open").return {
+ name = "creat.return"
+ }
# open_____________________________________________
-/* asmlinkage long sys_open(const char __user * filename,
- int flags, int mode) */
+/*
+ * asmlinkage long
+ * sys_open(const char __user * filename,
+ * int flags,
+ * int mode)
+ */
probe kernel.syscall.open =
- kernel.function("sys_open") {
- name = "open"
- /*
- pathname = $pathname
- */
- mode = $mode
- mode_str =
- _sys_open_mode_str($mode)
- }
-
+ kernel.function("sys_open") {
+ name = "open"
+ filename_uaddr = $filename
+ flags = $flags
+ mode = $mode
+ mode_str = _sys_open_mode_str($mode)
+ }
probe kernel.syscall.open.return =
- kernel.function("sys_open").return {
- name = "open.return"
- /*
- pathname = $pathname
- */
- mode = $mode
- mode_str =
- _sys_open_mode_str($mode)
- }
+ kernel.function("sys_open").return {
+ name = "open.return"
+ }
# close____________________________________________
-/* asmlinkage long sys_close(unsigned int fd) */
+/*
+ * asmlinkage long
+ * sys_close(unsigned int fd)
+ */
probe kernel.syscall.close =
- kernel.function("sys_close") {
- name = "close"
- fd = $fd
- /*
- TODO: write _get_fname_from_fd()
- */
- }
-
+ kernel.function("sys_close") {
+ name = "close"
+ fd = $fd
+}
probe kernel.syscall.close.return =
- kernel.function("sys_close").return {
- name = "close.return"
- fd = $fd
- /*
- TODO: write _get_fname_from_fd()
- */
- }
+ kernel.function("sys_close").return {
+ name = "close.return"
+ }
# access___________________________________________
-/* asmlinkage long sys_access(const char __user * filename,
- int mode) */
+/*
+ * asmlinkage long
+ * sys_access(const char __user * filename,
+ * int mode)
+ */
probe kernel.syscall.access =
- kernel.function("sys_access") {
- name = "access"
- /*
- pathname = $filename
- */
- mode = $mode
- mode_str = _access_mode_str($mode)
- }
-
+ kernel.function("sys_access") {
+ name = "access"
+ pathname_uaddr = $filename
+ mode = $mode
+ mode_str = _access_mode_str($mode)
+ }
probe kernel.syscall.access.return =
- kernel.function("sys_access").return {
- name = "access.return"
- /*
- pathname = $filename
- */
- mode = $mode
- mode_str = _access_mode_str($mode)
- }
+ kernel.function("sys_access").return {
+ name = "access.return"
+ }
# vhangup__________________________________________
-/* asmlinkage long sys_vhangup(void) */
+/*
+ * asmlinkage long
+ * sys_vhangup(void)
+ */
probe kernel.syscall.vhangup =
- kernel.function("sys_vhangup") {
- name = "vhangup"
- }
-
+ kernel.function("sys_vhangup") {
+ name = "vhangup"
+ }
probe kernel.syscall.vhangup.return =
- kernel.function("sys_vhangup").return {
- name = "vhangup.return"
- }
+ kernel.function("sys_vhangup").return {
+ name = "vhangup.return"
+ }
# chown____________________________________________
-/* asmlinkage long sys_chown(const char __user * filename,
- uid_t user,
- gid_t group) */
+/*
+ * asmlinkage long
+ * sys_chown(const char __user * filename,
+ * uid_t user,
+ * gid_t group)
+ */
probe kernel.syscall.chown =
- kernel.function("sys_chown") {
- name = "chown"
- /*
- path = $filename
- */
- owner = $user
- group = $group
- }
-
+ kernel.function("sys_chown") {
+ name = "chown"
+ path_uaddr = $filename
+ owner = $user
+ group = $group
+ }
probe kernel.syscall.chown.return =
- kernel.function("sys_chown").return {
- name = "chown.return"
- /*
- path = $filename
- */
- owner = $user
- group = $group
- }
+ kernel.function("sys_chown").return {
+ name = "chown.return"
+ }
# lchown___________________________________________
-/* asmlinkage long sys_lchown(const char __user * filename,
- uid_t user,
- gid_t group) */
+/*
+ * asmlinkage long
+ * sys_lchown(const char __user * filename,
+ * uid_t user,
+ * gid_t group)
+ */
probe kernel.syscall.lchown =
- kernel.function("sys_lchown") {
- name = "lchown"
- /*
- path = $filename
- */
- owner = $user
- group = $group
- }
-
+ kernel.function("sys_lchown") {
+ name = "lchown"
+ path_uaddr = $filename
+ owner = $user
+ group = $group
+ }
probe kernel.syscall.lchown.return =
- kernel.function("sys_lchown").return {
- name = "lchown.return"
- /*
- path = $filename
- */
- owner = $user
- group = $group
- }
+ kernel.function("sys_lchown").return {
+ name = "lchown.return"
+ }
# fchown___________________________________________
-/* asmlinkage long sys_fchown(unsigned int fd,
- uid_t user,
- gid_t group) */
+/*
+ * asmlinkage long
+ * sys_fchown(unsigned int fd,
+ * uid_t user,
+ * gid_t group)
+ */
probe kernel.syscall.fchown =
- kernel.function("sys_fchown") {
- name = "fchown"
- fd = $fd
- owner = $user
- group = $group
- }
-
+ kernel.function("sys_fchown") {
+ name = "fchown"
+ fd = $fd
+ owner = $user
+ group = $group
+ }
probe kernel.syscall.fchown.return =
- kernel.function("sys_fchown").return {
- name = "fchown.return"
- fd = $fd
- owner = $user
- group = $group
- }
+ kernel.function("sys_fchown").return {
+ name = "fchown.return"
+ }
# chown16__________________________________________
-/* asmlinkage long sys_chown16(const char __user * filename,
- old_uid_t user,
- old_gid_t group) */
+/*
+ * asmlinkage long
+ * sys_chown16(const char __user * filename,
+ * old_uid_t user,
+ * old_gid_t group)
+ */
probe kernel.syscall.chown16 =
- kernel.function("sys_chown") {
- name = "chown16"
- /*
- path = $filename
- */
- owner = $user
- group = $group
- }
-
+ kernel.function("sys_chown") {
+ name = "chown16"
+ path_uaddr = $filename
+ owner = $user
+ group = $group
+ }
probe kernel.syscall.chown16.return =
- kernel.function("sys_chown").return {
- name = "chown16.return"
- /*
- path = $filename
- */
- owner = $user
- group = $group
- }
+ kernel.function("sys_chown").return {
+ name = "chown16.return"
+ }
# lchown16_________________________________________
-/* asmlinkage long sys_lchown16(const char __user * filename,
- old_uid_t user,
- old_gid_t group) */
+/*
+ * asmlinkage long
+ * sys_lchown16(const char __user * filename,
+ * old_uid_t user,
+ * old_gid_t group)
+ */
probe kernel.syscall.lchown16 =
- kernel.function("sys_lchown") {
- name = "lchown16"
- /*
- path = $filename
- */
- owner = $user
- group = $group
- }
-
+ kernel.function("sys_lchown") {
+ name = "lchown16"
+ path_uaddr = $filename
+ owner = $user
+ group = $group
+ }
probe kernel.syscall.lchown16.return =
- kernel.function("sys_lchown").return {
- name = "lchown16.return"
- /*
- path = $filename
- */
- owner = $user
- group = $group
- }
+ kernel.function("sys_lchown").return {
+ name = "lchown16.return"
+ }
# fchown16_________________________________________
-/* asmlinkage long sys_fchown16(unsigned int fd,
- old_uid_t user,
- old_gid_t group) */
+/*
+ * asmlinkage long
+ * sys_fchown16(unsigned int fd,
+ * old_uid_t user,
+ * old_gid_t group)
+ */
probe kernel.syscall.fchown16 =
- kernel.function("sys_fchown") {
- name = "fchown16"
- fd = $fd
- owner = $user
- group = $group
- }
-
+ kernel.function("sys_fchown") {
+ name = "fchown16"
+ fd = $fd
+ owner = $user
+ group = $group
+ }
probe kernel.syscall.fchown16.return =
- kernel.function("sys_fchown").return {
- name = "fchown16.return"
- fd = $fd
- owner = $user
- group = $group
- }
+ kernel.function("sys_fchown").return {
+ name = "fchown16.return"
+ }
# setregid16_______________________________________
-/* asmlinkage long sys_setregid16(old_gid_t rgid,
- old_gid_t egid) */
+/*
+ * asmlinkage long
+ * sys_setregid16(old_gid_t rgid,
+ * old_gid_t egid)
+ */
probe kernel.syscall.setregid16 =
- kernel.function("sys_setregid") {
- name = "setregid16"
- }
-
+ kernel.function("sys_setregid") {
+ name = "setregid16"
+ rgid = $rgid
+ egid = $egid
+ }
probe kernel.syscall.setregid16.return =
- kernel.function("sys_setregid").return {
- name = "setregid16.return"
- }
+ kernel.function("sys_setregid").return {
+ name = "setregid16.return"
+ }
# setgid16_________________________________________
-/* asmlinkage long sys_setgid16(old_gid_t gid) */
+/*
+ * asmlinkage long
+ * sys_setgid16(old_gid_t gid)
+ */
probe kernel.syscall.setgid16 =
- kernel.function("sys_setgid") {
- name = "setgid16"
- gid = $gid
- }
-
+ kernel.function("sys_setgid") {
+ name = "setgid16"
+ gid = $gid
+ }
probe kernel.syscall.setgid16.return =
- kernel.function("sys_setgid").return {
- name = "setgid16.return"
- gid = $gid
- }
+ kernel.function("sys_setgid").return {
+ name = "setgid16.return"
+ }
# setreuid16_______________________________________
-/* asmlinkage long sys_setreuid16(old_uid_t ruid,
- old_uid_t euid) */
+/*
+ * asmlinkage long
+ * sys_setreuid16(old_uid_t ruid,
+ * old_uid_t euid)
+ */
probe kernel.syscall.setreuid16 =
- kernel.function("sys_setreuid") {
- name = "setreuid16"
- ruid = $ruid
- euid = $euid
- }
-
+ kernel.function("sys_setreuid") {
+ name = "setreuid16"
+ ruid = $ruid
+ euid = $euid
+ }
probe kernel.syscall.setreuid16.return =
- kernel.function("sys_setreuid").return {
- name = "setreuid16.return"
- ruid = $ruid
- euid = $euid
- }
+ kernel.function("sys_setreuid").return {
+ name = "setreuid16.return"
+ }
# setuid16_________________________________________
-/* asmlinkage long sys_setuid16(old_uid_t uid) */
+/*
+ * asmlinkage long
+ * sys_setuid16(old_uid_t uid)
+ */
probe kernel.syscall.setuid16 =
- kernel.function("sys_setuid") {
- name = "setuid16"
- uid = $uid
- }
-
+ kernel.function("sys_setuid") {
+ name = "setuid16"
+ uid = $uid
+ }
probe kernel.syscall.setuid16.return =
- kernel.function("sys_setuid").return {
- name = "setuid16.return"
- uid = $uid
- }
+ kernel.function("sys_setuid").return {
+ name = "setuid16.return"
+ }
# setresuid16______________________________________
-/* asmlinkage long sys_setresuid16(old_uid_t ruid,
- old_uid_t euid,
- old_uid_t suid) */
+/*
+ * asmlinkage long
+ * sys_setresuid16(old_uid_t ruid,
+ * old_uid_t euid,
+ * old_uid_t suid)
+ */
probe kernel.syscall.setresuid16 =
- kernel.function("sys_setresuid") {
- name = "setresuid16"
- ruid = $ruid
- euid = $euid
- suid = $suid
- }
-
+ kernel.function("sys_setresuid") {
+ name = "setresuid16"
+ ruid = $ruid
+ euid = $euid
+ suid = $suid
+ }
probe kernel.syscall.setresuid16.return =
- kernel.function("sys_setresuid").return {
- name = "setresuid16.return"
- ruid = $ruid
- euid = $euid
- suid = $suid
- }
+ kernel.function("sys_setresuid").return {
+ name = "setresuid16.return"
+ }
# getresuid16______________________________________
-/* asmlinkage long sys_getresuid16(old_uid_t __user *ruid,
- old_uid_t __user *euid,
- old_uid_t __user *suid) */
+/*
+ * asmlinkage long
+ * sys_getresuid16(old_uid_t __user *ruid,
+ * old_uid_t __user *euid,
+ * old_uid_t __user *suid)
+ */
probe kernel.syscall.getresuid16 =
- kernel.function("sys_getresuid") {
- name = "getresuid16"
- }
-
+ kernel.function("sys_getresuid") {
+ name = "getresuid16"
+ ruid_uaddr = $ruid
+ euid_uaddr = $euid
+ suid_uaddr = $suid
+ }
probe kernel.syscall.getresuid16.return =
- kernel.function("sys_getresuid").return {
- name = "getresuid16.return"
- /*
- ruid = $ruid
- euid = $euid
- suid = $suid
- */
- }
+ kernel.function("sys_getresuid").return {
+ name = "getresuid16.return"
+ }
# setresgid16______________________________________
-/* asmlinkage long sys_setresgid16(old_gid_t rgid,
- old_gid_t egid,
- old_gid_t sgid) */
+/*
+ * asmlinkage long
+ * sys_setresgid16(old_gid_t rgid,
+ * old_gid_t egid,
+ * old_gid_t sgid)
+ */
probe kernel.syscall.setresgid16 =
- kernel.function("sys_setresgid") {
- name = "setresgid16"
- rgid = $rgid
- egid = $egid
- sgid = $sgid
- }
-
+ kernel.function("sys_setresgid") {
+ name = "setresgid16"
+ rgid = $rgid
+ egid = $egid
+ sgid = $sgid
+ }
probe kernel.syscall.setresgid16.return =
- kernel.function("sys_setresgid").return {
- name = "setresgid16.return"
- rgid = $rgid
- egid = $egid
- sgid = $sgid
- }
+ kernel.function("sys_setresgid").return {
+ name = "setresgid16.return"
+ }
# getresgid16______________________________________
-/* asmlinkage long sys_getresuid16(old_uid_t __user *ruid,
- old_uid_t __user *euid,
- old_uid_t __user *suid) */
+/*
+ * asmlinkage long
+ * sys_getresuid16(old_uid_t __user *ruid,
+ * old_uid_t __user *euid,
+ * old_uid_t __user *suid)
+ */
probe kernel.syscall.getresgid16 =
- kernel.function("sys_getresgid") {
- name = "getresgid16"
- }
-
+ kernel.function("sys_getresgid") {
+ name = "getresgid16"
+ ruid_uaddr = $ruid
+ euid_uaddr = $euid
+ suid_uaddr = $suid
+ }
probe kernel.syscall.getresgid16.return =
- kernel.function("sys_getresgid").return {
- name = "getresgid16.return"
- /*
- ruid = $ruid
- euid = $euid
- suid = $suid
- */
- }
+ kernel.function("sys_getresgid").return {
+ name = "getresgid16.return"
+ }
# setfsuid16_______________________________________
-/* asmlinkage long sys_setfsuid16(old_uid_t uid) */
+/*
+ * asmlinkage long
+ * sys_setfsuid16(old_uid_t uid)
+ */
probe kernel.syscall.setfsuid16 =
- kernel.function("sys_setfsuid") {
- name = "setfsuid16"
- uid = $uid
- }
-
+ kernel.function("sys_setfsuid") {
+ name = "setfsuid16"
+ uid = $uid
+ }
probe kernel.syscall.setfsuid16.return =
- kernel.function("sys_setfsuid").return {
- name = "setfsuid16.return"
- uid = $uid
- }
+ kernel.function("sys_setfsuid").return {
+ name = "setfsuid16.return"
+ }
# setfsgid16_______________________________________
-/* asmlinkage long sys_setfsgid16(old_gid_t gid) */
+/*
+ * asmlinkage long
+ * sys_setfsgid16(old_gid_t gid)
+ */
probe kernel.syscall.setfsgid16 =
- kernel.function("sys_setfsgid") {
- name = "setfsgid16"
- gid = $gid
- }
-
+ kernel.function("sys_setfsgid") {
+ name = "setfsgid16"
+ gid = $gid
+ }
probe kernel.syscall.setfsgid16.return =
- kernel.function("sys_setfsgid").return {
- name = "setfsgid16.return"
- gid = $gid
- }
+ kernel.function("sys_setfsgid").return {
+ name = "setfsgid16.return"
+ }
# getgroups16______________________________________
-/* asmlinkage long sys_getgroups16(int gidsetsize,
- old_gid_t __user *grouplist) */
+/*
+ * asmlinkage long
+ * sys_getgroups16(int gidsetsize,
+ * old_gid_t __user *grouplist)
+ */
probe kernel.syscall.getgroups16 =
- kernel.function("sys_getgroups16") {
- name = "getgroups16"
- size = $gidsetsize
- }
-
+ kernel.function("sys_getgroups16") {
+ name = "getgroups16"
+ size = $gidsetsize
+ list_uaddr = $grouplist
+ }
probe kernel.syscall.getgroups16.return =
- kernel.function("sys_getgroups16").return {
- name = "getgroups16.return"
- /*
- old_gid_t __user *grouplist
- */
- }
+ kernel.function("sys_getgroups16").return {
+ name = "getgroups16.return"
+ }
# setgroups16______________________________________
-/* asmlinkage long sys_setgroups16(int gidsetsize,
- old_gid_t __user *grouplist) */
+/*
+ * asmlinkage long
+ * sys_setgroups16(int gidsetsize,
+ * old_gid_t __user *grouplist)
+ */
probe kernel.syscall.setgroups16 =
- kernel.function("sys_setgroups16") {
- name = "setgroups16"
- size = $gidsetsize
- /*
- old_gid_t __user *grouplist
- */
- }
-
+ kernel.function("sys_setgroups16") {
+ name = "setgroups16"
+ size = $gidsetsize
+ list_uaddr = $grouplist
+ }
probe kernel.syscall.setgroups16.return =
- kernel.function("sys_setgroups16").return {
- name = "setgroups16.return"
- size = $gidsetsize
- /*
- old_gid_t __user *grouplist
- */
- }
+ kernel.function("sys_setgroups16").return {
+ name = "setgroups16.return"
+ }
# getuid16_________________________________________
-/* asmlinkage long sys_getuid16(void) */
+/*
+ * asmlinkage long
+ * sys_getuid16(void)
+ */
probe kernel.syscall.getuid16 =
- kernel.function("sys_getuid16") {
- name = "getuid16"
- }
-
+ kernel.function("sys_getuid16") {
+ name = "getuid16"
+ }
probe kernel.syscall.getuid16.return =
- kernel.function("sys_getuid16").return {
- name = "getuid16.return"
- }
+ kernel.function("sys_getuid16").return {
+ name = "getuid16.return"
+ }
# geteuid16________________________________________
-/* asmlinkage long sys_geteuid16(void) */
+/*
+ * asmlinkage long
+ * sys_geteuid16(void)
+ */
probe kernel.syscall.geteuid16 =
- kernel.function("sys_geteuid16") {
- name = "geteuid16"
- }
-
+ kernel.function("sys_geteuid16") {
+ name = "geteuid16"
+ }
probe kernel.syscall.geteuid16.return =
- kernel.function("sys_geteuid16").return {
- name = "geteuid16.return"
- }
+ kernel.function("sys_geteuid16").return {
+ name = "geteuid16.return"
+ }
# getgid16_________________________________________
-/* asmlinkage long sys_getgid16(void) */
+/*
+ * asmlinkage long
+ * sys_getgid16(void)
+ */
probe kernel.syscall.getgid16 =
- kernel.function("sys_getgid16") {
- name = "getgid16"
- }
-
+ kernel.function("sys_getgid16") {
+ name = "getgid16"
+ }
probe kernel.syscall.getgid16.return =
- kernel.function("sys_getgid16").return {
- name = "getgid16.return"
- }
+ kernel.function("sys_getgid16").return {
+ name = "getgid16.return"
+ }
# getegid16________________________________________
-/* asmlinkage long sys_getegid16(void) */
+/*
+ * asmlinkage long
+ * sys_getegid16(void)
+ */
probe kernel.syscall.getegid16 =
- kernel.function("sys_getegid16") {
- name = "getegid16"
- }
-
+ kernel.function("sys_getegid16") {
+ name = "getegid16"
+ }
probe kernel.syscall.getegid16.return =
- kernel.function("sys_getegid16").return {
- name = "getegid16.return"
- }
+ kernel.function("sys_getegid16").return {
+ name = "getegid16.return"
+ }
# utime____________________________________________
-/* asmlinkage long sys_utime(char __user * filename,
- struct utimbuf __user * times) */
+/*
+ * asmlinkage long
+ * sys_utime(char __user * filename,
+ * struct utimbuf __user * times)
+ */
probe kernel.syscall.utime =
- kernel.function("sys_utime") {
- name = "utime"
- /*
- filename = $filename
- times_actime = $times->actime
- times_modtime = $times->modtime
- */
- }
-
+ kernel.function("sys_utime") {
+ name = "utime"
+ filename_uaddr = $filename
+ buf_uaddr = $times
+ }
probe kernel.syscall.utime.return =
- kernel.function("sys_utime").return {
- name = "utime.return"
- /*
- filename = $filename
- times_actime = $times->actime
- times_modtime = $times->modtime
- */
- }
+ kernel.function("sys_utime").return {
+ name = "utime.return"
+ }
# utimes___________________________________________
-/* asmlinkage long sys_utimes(char __user * filename,
- struct timeval __user * utimes) */
+/*
+ * asmlinkage long
+ * sys_utimes(char __user * filename,
+ * struct timeval __user * utimes)
+ */
probe kernel.syscall.utimes =
- kernel.function("sys_utimes") {
- name = "utimes"
- /*
- filename = $filename
- tvp_tv_sec = $utimes->tv_sec
- tvp_tv_usec = $utimes->tv_usec
- */
- }
-
+ kernel.function("sys_utimes") {
+ name = "utimes"
+ filename_uaddr = $filename
+ tvp_uaddr = $utimes
+ }
probe kernel.syscall.utimes.return =
- kernel.function("sys_utimes").return {
- name = "utimes.return"
- /*
- filename = $filename
- tvp_tv_sec = $utimes->tv_sec
- tvp_tv_usec = $utimes->tv_usec
- */
- }
+ kernel.function("sys_utimes").return {
+ name = "utimes.return"
+ }
# lseek____________________________________________
-/* asmlinkage off_t sys_lseek(unsigned int fd,
- off_t offset,
- unsigned int origin) */
+/*
+ * asmlinkage off_t
+ * sys_lseek(unsigned int fd,
+ * off_t offset,
+ * unsigned int origin)
+ */
probe kernel.syscall.lseek =
- kernel.function("sys_lseek") {
- name = "lseek"
- fildes = $fd
- offset = $offset
- whence = $origin
- whence_str =
- _seek_whence_str($origin)
- }
-
+ kernel.function("sys_lseek") {
+ name = "lseek"
+ fildes = $fd
+ offset = $offset
+ whence = $origin
+ whence_str = _seek_whence_str($origin)
+ }
probe kernel.syscall.lseek.return =
- kernel.function("sys_lseek").return {
- name = "lseek.return"
- fildes = $fd
- offset = $offset
- whence = $origin
- whence_str =
- _seek_whence_str($origin)
- }
+ kernel.function("sys_lseek").return {
+ name = "lseek.return"
+ }
# llseek___________________________________________
-/* asmlinkage long sys_llseek(unsigned int fd,
- unsigned long offset_high,
- unsigned long offset_low,
- loff_t __user * result,
- unsigned int origin) */
+/*
+ * asmlinkage long
+ * sys_llseek(unsigned int fd,
+ * unsigned long offset_high,
+ * unsigned long offset_low,
+ * loff_t __user * result,
+ * unsigned int origin)
+ */
probe kernel.syscall.llseek =
- kernel.function("sys_llseek") {
- name = "llseek"
- fd = $fd
- offset_high = $offset_high
- offset_low = $offset_low
- whence = $origin
- whence_str =
- _seek_whence_str($origin)
- }
-
+ kernel.function("sys_llseek") {
+ name = "llseek"
+ fd = $fd
+ offset_high = $offset_high
+ offset_low = $offset_low
+ result_uaddr = $result
+ whence = $origin
+ whence_str = _seek_whence_str($origin)
+ }
probe kernel.syscall.llseek.return =
- kernel.function("sys_llseek").return {
- name = "llseek.return"
- fd = $fd
- offset_high = $offset_high
- offset_low = $offset_low
- /*
- result = $result
- */
- whence = $origin
- whence_str =
- _seek_whence_str($origin)
- }
+ kernel.function("sys_llseek").return {
+ name = "llseek.return"
+ }
# read_____________________________________________
-/* asmlinkage ssize_t sys_read(unsigned int fd,
- char __user * buf,
- size_t count) */
+/*
+ * asmlinkage ssize_t
+ * sys_read(unsigned int fd,
+ * char __user * buf,
+ * size_t count)
+ */
probe kernel.syscall.read =
- kernel.function("sys_read") {
- name = "read"
- fd = $fd
- count = $count
- }
-
+ kernel.function("sys_read") {
+ name = "read"
+ fd = $fd
+ buf_uaddr = $buf
+ count = $count
+ }
probe kernel.syscall.read.return =
- kernel.function("sys_read").return {
- name = "read.return"
- fd = $fd
- /*
- buf = $buf
- */
- count = $count
- }
+ kernel.function("sys_read").return {
+ name = "read.return"
+ }
# readahead________________________________________
-/* asmlinkage ssize_t sys_readahead(int fd,
- loff_t offset,
- size_t count) */
+/*
+ * asmlinkage ssize_t
+ * sys_readahead(int fd,
+ * loff_t offset,
+ * size_t count)
+ */
probe kernel.syscall.readahead =
- kernel.function("sys_readahead") {
- name = "readahead"
- fd = $fd
- offset = $offset
- count = $count
- }
-
+ kernel.function("sys_readahead") {
+ name = "readahead"
+ fd = $fd
+ offset = $offset
+ count = $count
+ }
probe kernel.syscall.readahead.return =
- kernel.function("sys_readahead").return {
- name = "readahead.return"
- fd = $fd
- offset = $offset
- count = $count
- }
+ kernel.function("sys_readahead").return {
+ name = "readahead.return"
+ }
# readv____________________________________________
-/* asmlinkage ssize_t sys_readv(unsigned long fd,
- const struct iovec __user *vec,
- unsigned long vlen) */
+/*
+ * asmlinkage ssize_t
+ * sys_readv(unsigned long fd,
+ * const struct iovec __user *vec,
+ * unsigned long vlen)
+ */
probe kernel.syscall.readv =
- kernel.function("sys_readv") {
- name = "readv"
- fd = $fd
- count = $vlen
- }
-
+ kernel.function("sys_readv") {
+ name = "readv"
+ fd = $fd
+ vector_uaddr = $vec
+ count = $vlen
+ }
probe kernel.syscall.readv.return =
- kernel.function("sys_readv").return {
- name = "readv.return"
- fd = $fd
- /*
- void *iov_base
- vector_iov_base = $vec->iov_base
- vector_iov_len = $ven->iov_len
- */
- count = $vlen
- }
+ kernel.function("sys_readv").return {
+ name = "readv.return"
+ }
# write____________________________________________
-/* asmlinkage ssize_t sys_write(unsigned int fd,
- const char __user * buf,
- size_t count) */
+/*
+ * asmlinkage ssize_t
+ * sys_write(unsigned int fd,
+ * const char __user * buf,
+ * size_t count)
+ */
probe kernel.syscall.write =
- kernel.function("sys_write") {
- name = "write"
- fd = $fd
- /*
- buf = $buf
- */
- count = $count
- }
-
+ kernel.function("sys_write") {
+ name = "write"
+ fd = $fd
+ buf_uaddr = $buf
+ count = $count
+ }
probe kernel.syscall.write.return =
- kernel.function("sys_write").return {
- name = "write.return"
- fd = $fd
- /*
- buf = $buf
- */
- count = $count
- }
+ kernel.function("sys_write").return {
+ name = "write.return"
+ }
# writev___________________________________________
-/* asmlinkage ssize_t sys_writev(unsigned long fd,
- const struct iovec __user *vec,
- unsigned long vlen) */
+/*
+ * asmlinkage ssize_t
+ * sys_writev(unsigned long fd,
+ * const struct iovec __user *vec,
+ * unsigned long vlen)
+ */
probe kernel.syscall.writev =
- kernel.function("sys_writev") {
- name = "writev"
- fd = $fd
- /*
- void *iov_base
- vector_iov_base = $vec->iov_base
- vector_iov_len = $vec->iov_len
- */
- count = $vlen
- }
-
+ kernel.function("sys_writev") {
+ name = "writev"
+ fd = $fd
+ vector_uaddr = $vec
+ count = $vlen
+ }
probe kernel.syscall.writev.return =
- kernel.function("sys_writev").return {
- name = "writev.return"
- fd = $fd
- /*
- void *iov_base
- vector_iov_base = $vec->iov_base
- vector_iov_len = $vec->iov_len
- */
- count = $vlen
- }
+ kernel.function("sys_writev").return {
+ name = "writev.return"
+ }
# pread64__________________________________________
-/* asmlinkage ssize_t sys_pread64(unsigned int fd, char __user *buf,
- size_t count, loff_t pos) */
+/*
+ * asmlinkage ssize_t
+ * sys_pread64(unsigned int fd,
+ * char __user *buf,
+ * size_t count,
+ * loff_t pos)
+ */
probe kernel.syscall.pread64 =
- kernel.function("sys_pread64") {
- name = "pread64"
- fd = $fd
- count = $count
- offset = $pos
- }
-
+ kernel.function("sys_pread64") {
+ name = "pread64"
+ fd = $fd
+ buf_uaddr = $buf
+ count = $count
+ offset = $pos
+ }
probe kernel.syscall.pread64.return =
- kernel.function("sys_pread64").return {
- name = "pread64.return"
- fd = $fd
- /*
- void *buf
- buf = $buf
- */
- count = $count
- offset = $pos
- }
+ kernel.function("sys_pread64").return {
+ name = "pread64.return"
+ }
# pwrite64_________________________________________
-/* asmlinkage ssize_t sys_pwrite64(unsigned int fd,
- const char __user *buf,
- size_t count, loff_t pos) */
+/*
+ * asmlinkage ssize_t
+ * sys_pwrite64(unsigned int fd,
+ * const char __user *buf,
+ * size_t count,
+ * loff_t pos)
+ */
probe kernel.syscall.pwrite64 =
- kernel.function("sys_pwrite64") {
- name = "pwrite64"
- fd = $fd
- /*
- const void *buf
- buf = $buf
- */
- count = $count
- offset = $pos
- }
-
+ kernel.function("sys_pwrite64") {
+ name = "pwrite64"
+ fd = $fd
+ buf_uaddr = $buf
+ count = $count
+ offset = $pos
+ }
probe kernel.syscall.pwrite64.return =
- kernel.function("sys_pwrite64").return {
- name = "pwrite64.return"
- fd = $fd
- /*
- const void *buf
- buf = $buf
- */
- count = $count
- offset = $pos
- }
+ kernel.function("sys_pwrite64").return {
+ name = "pwrite64.return"
+ }
# getcwd___________________________________________
-/* asmlinkage long sys_getcwd(char __user *buf, unsigned long size) */
+/*
+ * asmlinkage long
+ * sys_getcwd(char __user *buf,
+ * unsigned long size)
+ */
probe kernel.syscall.getcwd =
- kernel.function("sys_getcwd") {
- name = "getcwd"
- size = $size
- }
-
+ kernel.function("sys_getcwd") {
+ name = "getcwd"
+ buf_uaddr = $buf
+ size = $size
+ }
probe kernel.syscall.getcwd.return =
- kernel.function("sys_getcwd").return {
- name = "getcwd.return"
- /*
- buf = $buf
- */
- size = $size
- }
+ kernel.function("sys_getcwd").return {
+ name = "getcwd.return"
+ }
# mkdir____________________________________________
-/* asmlinkage long sys_mkdir(const char __user * pathname, int mode) */
+/*
+ * asmlinkage long
+ * sys_mkdir(const char __user * pathname,
+ * int mode)
+ */
probe kernel.syscall.mkdir =
- kernel.function("sys_mkdir") {
- name = "mkdir"
- /*
- pathname = $pathname
- */
- mode = $mode
- /*
- mode_str = _mode_str($mode)
- */
- }
-
+ kernel.function("sys_mkdir") {
+ name = "mkdir"
+ pathname_uaddr = $pathname
+ mode = $mode
+ }
probe kernel.syscall.mkdir.return =
- kernel.function("sys_mkdir").return {
- name = "mkdir.return"
- /*
- pathname = $pathname
- */
- mode = $mode
- /*
- mode_str = _mode_str($mode)
- */
- }
+ kernel.function("sys_mkdir").return {
+ name = "mkdir.return"
+ }
# chdir____________________________________________
-/* asmlinkage long sys_chdir(const char __user * filename) */
+/*
+ * asmlinkage long
+ * sys_chdir(const char __user * filename)
+ */
probe kernel.syscall.chdir =
- kernel.function("sys_chdir") {
- name = "chdir"
- /*
- path = $filename
- */
- }
-
+ kernel.function("sys_chdir") {
+ name = "chdir"
+ path_uaddr = $filename
+ }
probe kernel.syscall.chdir.return =
- kernel.function("sys_chdir").return {
- name = "chdir.return"
- /*
- path = $filename
- */
- }
+ kernel.function("sys_chdir").return {
+ name = "chdir.return"
+ }
# fchdir___________________________________________
-/* asmlinkage long sys_fchdir(unsigned int fd) */
+/*
+ * asmlinkage long
+ * sys_fchdir(unsigned int fd)
+ */
probe kernel.syscall.fchdir =
- kernel.function("sys_fchdir") {
- name = "fchdir"
- fd = $fd
- }
-
+ kernel.function("sys_fchdir") {
+ name = "fchdir"
+ fd = $fd
+ }
probe kernel.syscall.fchdir.return =
- kernel.function("sys_fchdir").return {
- name = "fchdir.return"
- fd = $fd
- }
+ kernel.function("sys_fchdir").return {
+ name = "fchdir.return"
+ }
# rmdir____________________________________________
-/* asmlinkage long sys_rmdir(const char __user * pathname) */
+/*
+ * asmlinkage long
+ * sys_rmdir(const char __user * pathname)
+ */
probe kernel.syscall.rmdir =
- kernel.function("sys_rmdir") {
- name = "rmdir"
- /*
- pathname = $pathname
- */
- }
-
+ kernel.function("sys_rmdir") {
+ name = "rmdir"
+ pathname_uaddr = $pathname
+ }
probe kernel.syscall.rmdir.return =
- kernel.function("sys_rmdir").return {
- name = "rmdir.return"
- /*
- pathname = $pathname
- */
- }
+ kernel.function("sys_rmdir").return {
+ name = "rmdir.return"
+ }
# lookup_dcookie___________________________________
-/* asmlinkage long sys_lookup_dcookie(u64 cookie64,
- char __user * buf,
- size_t len) */
+/*
+ * asmlinkage long
+ * sys_lookup_dcookie(u64 cookie64,
+ * char __user * buf,
+ * size_t len)
+ */
probe kernel.syscall.lookup_dcookie =
- kernel.function("sys_lookup_dcookie") {
- name = "lookup_dcookie"
- cookie = $cookie64
- len = $len
- }
-
+ kernel.function("sys_lookup_dcookie") {
+ name = "lookup_dcookie"
+ cookie = $cookie64
+ buffer_uaddr = $buf
+ len = $len
+ }
probe kernel.syscall.lookup_dcookie.return =
- kernel.function("sys_lookup_dcookie").return {
- name = "lookup_dcookie.return"
- cookie = $cookie64
- /*
- buffer = $buf
- */
- len = $len
- }
+ kernel.function("sys_lookup_dcookie").return {
+ name = "lookup_dcookie.return"
+ }
# quotactl_________________________________________
-/* asmlinkage long sys_quotactl(unsigned int cmd,
- const char __user *special,
- qid_t id, void __user *addr) */
+/*
+ * asmlinkage long
+ * sys_quotactl(unsigned int cmd,
+ * const char __user *special,
+ * qid_t id,
+ * void __user *addr)
+ */
probe kernel.syscall.quotactl =
- kernel.function("sys_quotactl") {
- name = "quotactl"
- cmd = $cmd
- cmd_str = _quotactl_cmd_str($cmd)
- /*
- special = $special
- */
- id = $id
- /*
- addr = $addr
- */
- }
-
+ kernel.function("sys_quotactl") {
+ name = "quotactl"
+ cmd = $cmd
+ cmd_str = _quotactl_cmd_str($cmd)
+ special_uaddr = $special
+ id = $id
+ /*
+ addr = $addr
+ */
+ }
probe kernel.syscall.quotactl.return =
- kernel.function("sys_quotactl").return {
- name = "quotactl.return"
- cmd = $cmd
- cmd_str = _quotactl_cmd_str($cmd)
- /*
- special = $special
- */
- id = $id
- /*
- addr = $addr
- */
- }
+ kernel.function("sys_quotactl").return {
+ name = "quotactl.return"
+ }
# getdents_________________________________________
-/* asmlinkage long sys_getdents(unsigned int fd,
- struct linux_dirent __user * dirent,
- unsigned int count) */
+/*
+ * asmlinkage long
+ * sys_getdents(unsigned int fd,
+ * struct linux_dirent __user * dirent,
+ * unsigned int count)
+ */
probe kernel.syscall.getdents =
- kernel.function("sys_getdents") {
- name = "getdents"
- fd = $fd
- count = $count
- }
-
+ kernel.function("sys_getdents") {
+ name = "getdents"
+ fd = $fd
+ dirp_uaddr = $dirent
+ count = $count
+ }
probe kernel.syscall.getdents.return =
- kernel.function("sys_getdents").return {
- name = "getdents.return"
- fd = $fd
- /*
- dirp_d_ino = $dirent->d_ino
- dirp_d_off = $dirent->d_off
- dirp_d_reclen = $dirent->d_reclen
- dirp_d_name = $dirent->d_name
- */
- count = $count
- }
+ kernel.function("sys_getdents").return {
+ name = "getdents.return"
+ }
# getdents64_______________________________________
-/* asmlinkage long sys_getdents64(unsigned int fd,
- struct linux_dirent64 __user * dirent,
- unsigned int count) */
+/*
+ * asmlinkage long
+ * sys_getdents64(unsigned int fd,
+ * struct linux_dirent64 __user * dirent,
+ * unsigned int count)
+ */
probe kernel.syscall.getdents64 =
- kernel.function("sys_getdents64") {
- name = "getdents64"
- fd = $fd
- count = $count
- }
-
+ kernel.function("sys_getdents64") {
+ name = "getdents64"
+ fd = $fd
+ dirp_uaddr = $dirent
+ count = $count
+ }
probe kernel.syscall.getdents64.return =
- kernel.function("sys_getdents64").return {
- name = "getdents64.return"
- fd = $fd
- /*
- dirp_d_ino = $dirent->d_ino
- dirp_d_off = $dirent->d_off
- dirp_d_reclen = $dirent->d_reclen
- dirp_d_name = $dirent->d_name
- */
- count = $count
- }
+ kernel.function("sys_getdents64").return {
+ name = "getdents64.return"
+ }
# setsockopt_______________________________________
-/* asmlinkage long sys_setsockopt(int fd, int level,
- int optname,
- char __user *optval,
- int optlen) */
+/*
+ * asmlinkage long
+ * sys_setsockopt(int fd,
+ * int level,
+ * int optname,
+ * char __user *optval,
+ * int optlen)
+ */
probe kernel.syscall.setsockopt =
- kernel.function("sys_setsockopt") {
- name = "setsockopt"
- fd = $fd
- level = $level
- level_str =
- _sockopt_level_str($level)
- optname = $optname
- optname_str =
- _sockopt_optname_str($optname)
- /*
- optval = $optval
- */
- optlen = $optlen
- }
-
+ kernel.function("sys_setsockopt") {
+ name = "setsockopt"
+ fd = $fd
+ level = $level
+ level_str = _sockopt_level_str($level)
+ optname = $optname
+ optname_str = _sockopt_optname_str($optname)
+ optval_uaddr = $optval
+ optlen = $optlen
+ }
probe kernel.syscall.setsockopt.return =
- kernel.function("sys_setsockopt").return {
- name = "setsockopt.return"
- fd = $fd
- level = $level
- level_str =
- _sockopt_level_str($level)
- optname = $optname
- optname_str =
- _sockopt_optname_str($optname)
- /*
- optval = $optval
- */
- optlen = $optlen
- }
+ kernel.function("sys_setsockopt").return {
+ name = "setsockopt.return"
+ }
# getsockopt_______________________________________
-/* asmlinkage long sys_getsockopt(int fd, int level,
- int optname,
- char __user *optval,
- int __user *optlen) */
+/*
+ * asmlinkage long
+ * sys_getsockopt(int fd,
+ * int level,
+ * int optname,
+ * char __user *optval,
+ * int __user *optlen)
+ */
probe kernel.syscall.getsockopt =
- kernel.function("sys_getsockopt") {
- name = "getsockopt"
- fd = $fd
- level = $level
- level_str =
- _sockopt_level_str($level)
- optname = $optname
- optname_str =
- _sockopt_optname_str($optname)
- }
-
+ kernel.function("sys_getsockopt") {
+ name = "getsockopt"
+ fd = $fd
+ level = $level
+ level_str = _sockopt_level_str($level)
+ optname = $optname
+ optname_str = _sockopt_optname_str($optname)
+ optval_uaddr = $optval
+ optlen_uaddr = $optlen
+ }
probe kernel.syscall.getsockopt.return =
- kernel.function("sys_getsockopt").return {
- name = "getsockopt.return"
- fd = $fd
- level = $level
- level_str =
- _sockopt_level_str($level)
- optname = $optname
- optname_str =
- _sockopt_optname_str($optname)
- /*
- optval = $optval
- optlen = $optlen
- */
- }
+ kernel.function("sys_getsockopt").return {
+ name = "getsockopt.return"
+ }
# bind_____________________________________________
-/* asmlinkage long sys_bind(int fd,
- struct sockaddr __user *umyaddr,
- int addrlen) */
+/*
+ * asmlinkage long
+ * sys_bind(int fd,
+ * struct sockaddr __user *umyaddr,
+ * int addrlen)
+ */
probe kernel.syscall.bind =
- kernel.function("sys_bind") {
- name = "bind"
- sockfd = $fd
- /*
- my_addr_sa_family = $umyaddr->sa_family
- my_addr_sa_data = $umyaddr->sa_data
-
- This alias requires more extensive research before it
- will be complete...
-
- The rules used in name binding vary between address families.
- Consult the manual entries in Section 7 for detailed
- information. For AF_INET see ip(7), for AF_UNIX see unix(7),
- for AF_APPLETALK see ddp(7), for AF_PACKET see packet(7),
- for AF_X25 see x25(7) and for AF_NETLINK see netlink(7).
- */
- addrlen = $addrlen
- }
-
+ kernel.function("sys_bind") {
+ name = "bind"
+ sockfd = $fd
+ my_addr_uaddr = $umyaddr
+ addrlen = $addrlen
+ }
probe kernel.syscall.bind.return =
- kernel.function("sys_bind").return {
- name = "bind.return"
- sockfd = $fd
- /*
- my_addr_sa_family = $umyaddr->sa_family
- my_addr_sa_data = $umyaddr->sa_data
-
- This alias requires more extensive research before it
- will be complete...
-
- The rules used in name binding vary between address families.
- Consult the manual entries in Section 7 for detailed
- information. For AF_INET see ip(7), for AF_UNIX see unix(7),
- for AF_APPLETALK see ddp(7), for AF_PACKET see packet(7),
- for AF_X25 see x25(7) and for AF_NETLINK see netlink(7).
- */
- }
+ kernel.function("sys_bind").return {
+ name = "bind.return"
+ }
# connect__________________________________________
-/* asmlinkage long sys_socket(int family, int type, int protocol) */
+/*
+ * asmlinkage long
+ * sys_connect(int fd,
+ * struct sockaddr __user *uservaddr,
+ * int addrlen)
+ */
probe kernel.syscall.connect =
- kernel.function("sys_connect") {
- name = "connect"
- /*
- my_addr_sa_family = $umyaddr->sa_family
- my_addr_sa_data = $umyaddr->sa_data
-
- This alias requires more extensive research before it
- will be complete...
-
- The rules used in name binding vary between address families.
- Consult the manual entries in Section 7 for detailed
- information. For AF_INET see ip(7), for AF_UNIX see unix(7),
- for AF_APPLETALK see ddp(7), for AF_PACKET see packet(7),
- for AF_X25 see x25(7) and for AF_NETLINK see netlink(7).
- */
- }
-
+ kernel.function("sys_connect") {
+ name = "connect"
+ sockfd = $fd
+ serv_addr_uaddr = $uservaddr
+ addrlen = $addrlen
+}
probe kernel.syscall.connect.return =
- kernel.function("sys_connect").return {
- name = "connect.return"
- /*
- my_addr_sa_family = $umyaddr->sa_family
- my_addr_sa_data = $umyaddr->sa_data
-
- This alias requires more extensive research before it
- will be complete...
-
- The rules used in name binding vary between address families.
- Consult the manual entries in Section 7 for detailed
- information. For AF_INET see ip(7), for AF_UNIX see unix(7),
- for AF_APPLETALK see ddp(7), for AF_PACKET see packet(7),
- for AF_X25 see x25(7) and for AF_NETLINK see netlink(7).
- */
- }
+ kernel.function("sys_connect").return {
+ name = "connect.return"
+ }
# accept___________________________________________
-/* asmlinkage long sys_accept(int fd,
- struct sockaddr __user *upeer_sockaddr,
- int __user *upeer_addrlen) */
+/*
+ * asmlinkage long
+ * sys_accept(int fd,
+ * struct sockaddr __user *upeer_sockaddr,
+ * int __user *upeer_addrlen)
+ */
probe kernel.syscall.accept =
- kernel.function("sys_accept") {
- name = "accept"
- s = $fd
- /*
- addr_sa_family = $upeer_sockaddr->sa_family
- addr_sa_data = $upeer_sockaddr->sa_data
- addrlen = $upeer_addrlen
-
- See above ...
- */
- }
-
+ kernel.function("sys_accept") {
+ name = "accept"
+ s = $fd
+ addr_uaddr = $upeer_sockaddr
+ addrlen_uaddr = $upeer_addrlen
+ }
probe kernel.syscall.accept.return =
- kernel.function("sys_accept").return {
- name = "accept.return"
- s = $fd
- /*
- addr_sa_family = $upeer_sockaddr->sa_family
- addr_sa_data = $upeer_sockaddr->sa_data
- addrlen = $upeer_addrlen
-
- See above ...
- */
- }
+ kernel.function("sys_accept").return {
+ name = "accept.return"
+ }
# getsockname______________________________________
-/* asmlinkage long sys_getsockname(int fd,
- struct sockaddr __user *usockaddr,
- int __user *usockaddr_len)*/
+/*
+ * asmlinkage long
+ * sys_getsockname(int fd,
+ * struct sockaddr __user *usockaddr,
+ * int __user *usockaddr_len)
+ */
probe kernel.syscall.getsockname =
- kernel.function("sys_getsockname") {
- name = "getsockname"
- s = $fd
- /*
- name_sa_family = $usockaddr->sa_family
- name_sa_data = $usockaddr->sa_data
- namelen = $usockaddr_len
-
- See above ...
- */
- }
-
+ kernel.function("sys_getsockname") {
+ name = "getsockname"
+ s = $fd
+ name_uaddr = $usockaddr
+ namelen_uaddr = $usockaddr_len
+ }
probe kernel.syscall.getsockname.return =
- kernel.function("sys_getsockname").return {
- name = "getsockname.return"
- s = $fd
- /*
- name_sa_family = $usockaddr->sa_family
- name_sa_data = $usockaddr->sa_data
- namelen = $usockaddr_len
-
- See above ...
- */
- }
+ kernel.function("sys_getsockname").return {
+ name = "getsockname.return"
+ }
# getpeername______________________________________
-/* asmlinkage long sys_getpeername(int fd,
- struct sockaddr __user *usockaddr,
- int __user *usockaddr_len) */
+/*
+ * asmlinkage long
+ * sys_getpeername(int fd,
+ * struct sockaddr __user *usockaddr,
+ * int __user *usockaddr_len)
+ */
probe kernel.syscall.getpeername =
- kernel.function("sys_getpeername") {
- name = "getpeername"
- s = $fd
- /*
- name_sa_family = $usockaddr->sa_family
- name_sa_data = $usockaddr->sa_data
- namelen = $usockaddr_len
-
- See above ...
- */
- }
-
+ kernel.function("sys_getpeername") {
+ name = "getpeername"
+ s = $fd
+ name_uaddr = $usockaddr
+ namelen_uaddr = $usockaddr_len
+ }
probe kernel.syscall.getpeername.return =
- kernel.function("sys_getpeername").return {
- name = "getpeername.return"
- /*
- name_sa_family = $usockaddr->sa_family
- name_sa_data = $usockaddr->sa_data
- namelen = $usockaddr_len
-
- See above ...
- */
- }
+ kernel.function("sys_getpeername").return {
+ name = "getpeername.return"
+ }
# send_____________________________________________
-/* asmlinkage long sys_sendto(int fd, void __user * buff,
- size_t len, unsigned flags,
- struct sockaddr __user *addr,
- int addr_len) */
+/*
+ * asmlinkage long
+ * sys_sendto(int fd,
+ * void __user * buff,
+ * size_t len,
+ * unsigned flags,
+ * struct sockaddr __user *addr,
+ * int addr_len)
+ */
probe kernel.syscall.send =
- kernel.function("sys_sendto") {
- name = "send"
- s = $fd
- /*
- buf = $buf
- */
- len = $len
- flags = $flags
- flags_str = _send_flags_str($flags)
- /*
- to_sa_family = $addr->sa_family
- to_sa_data = $addr->sa_data
- tolen = $addr_len
- */
- }
-
+ kernel.function("sys_sendto") {
+ name = "send"
+ s = $fd
+ /*
+ buf = $buf
+ */
+ len = $len
+ flags = $flags
+ flags_str = _send_flags_str($flags)
+ to_uaddr = $addr
+ tolen = $addr_len
+ }
probe kernel.syscall.send.return =
- kernel.function("sys_sendto").return {
- name = "send.return"
- s = $fd
- /*
- buf = $buf
- */
- len = $len
- flags = $flags
- flags_str = _send_flags_str($flags)
- /*
- to_sa_family = $addr->sa_family
- to_sa_data = $addr->sa_data
- tolen = $addr_len
- */
- }
+ kernel.function("sys_sendto").return {
+ name = "send.return"
+ }
# sendto___________________________________________
-/* asmlinkage long sys_sendto(int fd, void __user * buff,
- size_t len, unsigned flags,
- struct sockaddr __user *addr,
- int addr_len) */
+/*
+ * asmlinkage long
+ * sys_sendto(int fd,
+ * void __user * buff,
+ * size_t len,
+ * unsigned flags,
+ * struct sockaddr __user *addr,
+ * int addr_len)
+ */
probe kernel.syscall.sendto =
- kernel.function("sys_sendto") {
- name = "sendto"
- s = $fd
- /*
- buf = $buf
- */
- len = $len
- flags = $flags
- flags_str = _send_flags_str($flags)
- /*
- to_sa_family = $addr->sa_family
- to_sa_data = $addr->sa_data
- tolen = $addr_len
- */
- }
-
+ kernel.function("sys_sendto") {
+ name = "sendto"
+ s = $fd
+ /*
+ buf = $buf
+ */
+ len = $len
+ flags = $flags
+ flags_str = _send_flags_str($flags)
+ to_uaddr = $addr
+ tolen = $addr_len
+ }
probe kernel.syscall.sendto.return =
- kernel.function("sys_sendto").return {
- name = "sendto.return"
- s = $fd
- /*
- buf = $buf
- */
- len = $len
- flags = $flags
- flags_str = _send_flags_str($flags)
- /*
- to_sa_family = $addr->sa_family
- to_sa_data = $addr->sa_data
- tolen = $addr_len
- */
- }
+ kernel.function("sys_sendto").return {
+ name = "sendto.return"
+ }
# sendmsg__________________________________________
-/* asmlinkage long sys_sendmsg(int fd,
- struct msghdr __user *msg,
- unsigned flags) */
+/*
+ * asmlinkage long
+ * sys_sendmsg(int fd,
+ * struct msghdr __user *msg,
+ * unsigned flags)
+ */
probe kernel.syscall.sendmsg =
- kernel.function("sys_sendmsg") {
- name = "sendmsg"
- s = $fd
- /*
- msg_msg_name = $msg->msg_name
- msg_msg_namelen = $msg->msg_namelen
-
- msg_msg_iov_iov_base = $msg->msg_iov->iovbase
- msg_msg_iov_iov_len = $msg->msg_iov->iov_len
-
- msg_msg_iovlen = $msg->msg_iovlen
- msg_msg_control = $msg->msg_control
- msg_msg_corntollen = $msg->msg_controllen
- msg_msg_flags = $msg->msg_flags
- */
- flags = $flags
- flags_str = _send_flags_str($flags)
- }
-
+ kernel.function("sys_sendmsg") {
+ name = "sendmsg"
+ s = $fd
+ msg_uaddr = $msg
+ flags = $flags
+ flags_str = _send_flags_str($flags)
+ }
probe kernel.syscall.sendmsg.return =
- kernel.function("sys_sendmsg").return {
- name = "sendmsg.return"
- s = $fd
- /*
- msg_msg_name = $msg->msg_name
- msg_msg_namelen = $msg->msg_namelen
-
- msg_msg_iov_iov_base = $msg->msg_iov->iovbase
- msg_msg_iov_iov_len = $msg->msg_iov->iov_len
-
- msg_msg_iovlen = $msg->msg_iovlen
- msg_msg_control = $msg->msg_control
- msg_msg_corntollen = $msg->msg_controllen
- msg_msg_flags = $msg->msg_flags
- */
- flags = $flags
- flags_str = _send_flags_str($flags)
- }
+ kernel.function("sys_sendmsg").return {
+ name = "sendmsg.return"
+ }
# recv_____________________________________________
-/* asmlinkage long sys_recvfrom(int fd,
- void __user * ubuf,
- size_t size,
- unsigned flags,
- struct sockaddr __user *addr,
- int __user *addr_len) */
+/*
+ * asmlinkage long
+ * sys_recvfrom(int fd,
+ * void __user * ubuf,
+ * size_t size,
+ * unsigned flags,
+ * struct sockaddr __user *addr,
+ * int __user *addr_len)
+ */
probe kernel.syscall.recv =
- kernel.function("sys_recvfrom") {
- name = "recv"
- s = $fd
- len = $size
- flags = $flags
- flags_str = _recvflags_str($flags)
- /*
- fromlen = $addr_len
- */
- }
-
+ kernel.function("sys_recvfrom") {
+ name = "recv"
+ s = $fd
+ /*
+ buf = $buf
+ */
+ len = $size
+ flags = $flags
+ flags_str = _recvflags_str($flags)
+ from_uaddr = $addr
+ fromlen_uaddr = $addr_len
+ }
probe kernel.syscall.recv.return =
- kernel.function("sys_recvfrom").return {
- name = "recv.return"
- s = $fd
- /*
- buf = $buf
- */
- len = $size
- flags = $flags
- flags_str = _recvflags_str($flags)
- /*
- from_sa_family = $addr->sa_family
- from_sa_data = $addr->sa_data
- fromlen = $addr_len
- */
- }
+ kernel.function("sys_recvfrom").return {
+ name = "recv.return"
+ }
# recvfrom_________________________________________
-/* asmlinkage long sys_recvfrom(int fd,
- void __user * ubuf,
- size_t size,
- unsigned flags,
- struct sockaddr __user *addr,
- int __user *addr_len) */
+/*
+ * asmlinkage long
+ * sys_recvfrom(int fd,
+ * void __user * ubuf,
+ * size_t size,
+ * unsigned flags,
+ * struct sockaddr __user *addr,
+ * int __user *addr_len)
+ */
probe kernel.syscall.recvfrom =
- kernel.function("sys_recvfrom") {
- name = "recvfrom"
- s = $fd
- len = $size
- flags = $flags
- flags_str = _recvflags_str($flags)
- /*
- fromlen = $addr_len
- */
- }
-
+ kernel.function("sys_recvfrom") {
+ name = "recvfrom"
+ s = $fd
+ /*
+ buf = $buf
+ */
+ len = $size
+ flags = $flags
+ flags_str = _recvflags_str($flags)
+ from_uaddr = $addr
+ fromlen = $addr_len
+ }
probe kernel.syscall.recvfrom.return =
- kernel.function("sys_recvfrom").return {
- name = "recvfrom.return"
- s = $fd
- /*
- buf = $buf
- */
- len = $size
- flags = $flags
- flags_str = _recvflags_str($flags)
- /*
- from_sa_family = $addr->sa_family
- from_sa_data = $addr->sa_data
- fromlen = $addr_len
- */
- }
+ kernel.function("sys_recvfrom").return {
+ name = "recvfrom.return"
+ }
# recvmsg__________________________________________
-/* asmlinkage long sys_recvmsg(int fd,
- struct msghdr __user *msg,
- unsigned int flags) */
+/*
+ * asmlinkage long
+ * sys_recvmsg(int fd,
+ * struct msghdr __user *msg,
+ * unsigned int flags)
+ */
probe kernel.syscall.recvmsg =
- kernel.function("sys_recvmsg") {
- name = "recvmsg"
- s = $fd
- flags = $flags
-
- msg_msg_corntollen = $msg->msg_controllen
- msg_msg_flags = $msg->msg_flags
- flags = _recvflags_str($flags)
- }
-
+ kernel.function("sys_recvmsg") {
+ name = "recvmsg"
+ s = $fd
+ msg_uaddr = $msg
+ flags = $flags
+ flags_str = _recvflags_str($flags)
+ }
probe kernel.syscall.recvmsg.return =
- kernel.function("sys_recvmsg").return {
- name = "recvmsg.return"
- s = $fd
- flags = $flags
- flags = _recvflags_str($flags)
- /*
- msg_msg_name = $msg->msg_name
- msg_msg_namelen = $msg->msg_namelen
-
- msg_msg_iov_iov_base = $msg->msg_iov->iovbase
- msg_msg_iov_iov_len = $msg->msg_iov->iov_len
-
- msg_msg_iovlen = $msg->msg_iovlen
- msg_msg_control = $msg->msg_control
- msg_msg_corntollen = $msg->msg_controllen
- msg_msg_flags = $msg->msg_flags
- */
- }
+ kernel.function("sys_recvmsg").return {
+ name = "recvmsg.return"
+ }
# socket___________________________________________
-/* asmlinkage long sys_socket(int family, int type, int protocol) */
+/*
+ * asmlinkage long
+ * sys_socket(int family,
+ * int type,
+ * int protocol)
+ */
probe kernel.syscall.socket =
- kernel.function("sys_socket") {
- name = "socket"
- family = $family
- family_str =
- _sock_family_str($family)
- type = type
- type_str =
- _sock_type_str($type)
- protocol = $protocol
- }
-
+ kernel.function("sys_socket") {
+ name = "socket"
+ family = $family
+ family_str = _sock_family_str($family)
+ type = $type
+ type_str = _sock_type_str($type)
+ protocol = $protocol
+ }
probe kernel.syscall.socket.return =
- kernel.function("sys_socket").return {
- name = "socket.return"
- family = $family
- family_str =
- _sock_family_str($family)
- type = type
- type_str =
- _sock_type_str($type)
- protocol = $protocol
- }
+ kernel.function("sys_socket").return {
+ name = "socket.return"
+ }
# socketpair_______________________________________
-/* asmlinkage long sys_socketpair(int family, int type,
- int protocol, int __user *usockvec) */
+/*
+ * asmlinkage long
+ * sys_socketpair(int family,
+ * int type,
+ * int protocol,
+ * int __user *usockvec)
+ */
probe kernel.syscall.socketpair =
- kernel.function("sys_socketpair") {
- name = "socketpair"
- family = $family
- family_str =
- _sock_family_str($family)
- type = type
- type_str =
- _sock_type_str($type)
- protocol = $protocol
- }
-
+ kernel.function("sys_socketpair") {
+ name = "socketpair"
+ family = $family
+ family_str = _sock_family_str($family)
+ type = $type
+ type_str = _sock_type_str($type)
+ protocol = $protocol
+ sv_uaddr = $usockvec
+ }
probe kernel.syscall.socketpair.return =
- kernel.function("sys_socketpair").return {
- name = "socketpair.return"
- family = $family
- family_str =
- _sock_family_str($family)
- type = type
- type_str =
- _sock_type_str($type)
- protocol = $protocol
- /*
- ..of course, accessing sv vector will
- require some embedded C aux function.
- sv_0 = $usockvec[0]
- sv_1 = $usockvec[1]
- */
- }
+ kernel.function("sys_socketpair").return {
+ name = "socketpair.return"
+ }
# socketcall_______________________________________
-/* asmlinkage long sys_socketcall(int call,
- unsigned long __user *args) */
+/*
+ * asmlinkage long
+ * sys_socketcall(int call,
+ * unsigned long __user *args)
+ */
probe kernel.syscall.socketcall =
- kernel.function("sys_socketcall") {
- name = "socketcall"
- call = $call
- /*
- args = $args
- */
- }
-
+ kernel.function("sys_socketcall") {
+ name = "socketcall"
+ call = $call
+ args_uaddr = $args
+ }
probe kernel.syscall.socketcall.return =
- kernel.function("sys_socketcall").return {
- name = "socketcall.return"
- call = $call
- /*
- args = $args
- */
- }
+ kernel.function("sys_socketcall").return {
+ name = "socketcall.return"
+ }
# listen___________________________________________
-/* asmlinkage long sys_listen(int fd, int backlog) */
+/*
+ * asmlinkage long
+ * sys_listen(int fd,
+ * int backlog)
+ */
probe kernel.syscall.listen =
- kernel.function("sys_listen") {
- name = "listen"
- s = $fd
- backlog = $backlog
- }
-
+ kernel.function("sys_listen") {
+ name = "listen"
+ s = $fd
+ backlog = $backlog
+ }
probe kernel.syscall.listen.return =
- kernel.function("sys_listen").return {
- name = "listen.return"
- s = $fd
- backlog = $backlog
- }
+ kernel.function("sys_listen").return {
+ name = "listen.return"
+ }
# poll_____________________________________________
-/* asmlinkage long sys_poll(struct pollfd __user * ufds,
- unsigned int nfds,
- long timeout) */
+/*
+ * asmlinkage long
+ * sys_poll(struct pollfd __user * ufds,
+ * unsigned int nfds,
+ * long timeout)
+ */
probe kernel.syscall.poll =
- kernel.function("sys_poll") {
- name = "poll"
- nfds = $nfds
- timeout = $timout
- }
-
+ kernel.function("sys_poll") {
+ name = "poll"
+ ufds_uaddr = $ufds
+ nfds = $nfds
+ timeout = $timeout
+ }
probe kernel.syscall.poll.return =
- kernel.function("sys_poll").return {
- name = "poll.return"
- /*
- ufds = nfds size array of struct pollfd
- struct pollfd {
- int fd;
- short events;
- short revents;
- };
- where revents =
- #define POLLIN 0x0001 // There is data to read
- #define POLLPRI 0x0002 // There is urgent data to read
- #define POLLOUT 0x0004 // Writing now will not block
- #define POLLERR 0x0008 // Error condition
- #define POLLHUP 0x0010 // Hung up
- #define POLLNVAL 0x0020 // Invalid request: fd not open
- When compiling XPG4.2 source one also has
- #ifdef _XOPEN_SOURCE
- #define POLLRDNORM 0x0040 // Normal data may be read
- #define POLLRDBAND 0x0080 // Priority data may be read
- #define POLLWRNORM 0x0100 // Writing now will not block
- #define POLLWRBAND 0x0200 // Priority data may be written
- #endif
- Finally, Linux knows about
- #ifdef _GNU_SOURCE
- #define POLLMSG 0x0400
- #endif
- */
- nfds = $nfds
- timeout = $timout
- }
+ kernel.function("sys_poll").return {
+ name = "poll.return"
+ }
# select___________________________________________
-/* asmlinkage long sys_select(int n, fd_set __user *inp,
- fd_set __user *outp,
- fd_set __user *exp,
- struct timeval __user *tvp) */
+/*
+ * asmlinkage long
+ * sys_select(int n,
+ * fd_set __user *inp,
+ * fd_set __user *outp,
+ * fd_set __user *exp,
+ * struct timeval __user *tvp)
+ */
probe kernel.syscall.select =
- kernel.function("sys_select") {
- name = "select"
- n = $n
- /*
- readfds = $inp
- writefds = $outp
- exceptfds = $exp
- timeout_tv_sec = $tvp->tv_sec
- timoute_tv_usec = $tvp->tv_usec
- */
- }
-
+ kernel.function("sys_select") {
+ name = "select"
+ n = $n
+ readfds_uaddr = $inp
+ writefds_uaddr = $outp
+ exceptfds_uaddr = $exp
+ timeout_uaddr = $tvp
+ }
probe kernel.syscall.select.return =
- kernel.function("sys_select").return {
- name = "select.return"
- n = $n
- /*
- readfds = $inp
- writefds = $outp
- exceptfds = $exp
- timeout_tv_sec = $tvp->tv_sec
- timoute_tv_usec = $tvp->tv_usec
- */
- }
+ kernel.function("sys_select").return {
+ name = "select.return"
+ }
# epoll_create_____________________________________
-/* asmlinkage long sys_epoll_create(int size) */
+/*
+ * asmlinkage long
+ * sys_epoll_create(int size)
+ */
probe kernel.syscall.epoll_create =
- kernel.function("sys_epoll_create") {
- name = "epoll_create"
- size = $size
- }
-
+ kernel.function("sys_epoll_create") {
+ name = "epoll_create"
+ size = $size
+ }
probe kernel.syscall.epoll_create.return =
- kernel.function("sys_epoll_create").return {
- name = "epoll_create.return"
- size = $size
- }
+ kernel.function("sys_epoll_create").return {
+ name = "epoll_create.return"
+ }
# epoll_ctl________________________________________
-/* asmlinkage long sys_epoll_ctl(int epfd, int op,
- int fd,
- struct epoll_event __user *event) */
+/*
+ * asmlinkage long
+ * sys_epoll_ctl(int epfd,
+ * int op,
+ * int fd,
+ * struct epoll_event __user *event)
+ */
probe kernel.syscall.epoll_ctl =
- kernel.function("sys_epoll_ctl") {
- name = "epoll_ctl"
- epfd = $epfd
- op = $op
- op_str = _opoll_op_str($op)
- fd = $fd
- /*
- event_events = $event->events
- event_events_str =
- _epoll_events_str($event->events)
- event_data_ptr = $event->data->ptr
- event_data_fd = $event->data->fd
- event_data_u32 = $event->data->u32
- event_data_u64 = $event->data->u64
- */
- }
-
+ kernel.function("sys_epoll_ctl") {
+ name = "epoll_ctl"
+ epfd = $epfd
+ op = $op
+ op_str = _opoll_op_str($op)
+ fd = $fd
+ event_uaddr = $event
+ }
probe kernel.syscall.epoll_ctl.return =
- kernel.function("sys_epoll_ctl").return {
- name = "epoll_ctl.return"
- epfd = $epfd
- op = $op
- op_str = _opoll_op_str($op)
- fd = $fd
- /*
- event_events = $event->events
- event_events_str =
- _epoll_events_str($event->events)
- event_data_ptr = $event->data->ptr
- event_data_fd = $event->data->fd
- event_data_u32 = $event->data->u32
- event_data_u64 = $event->data->u64
- */
- }
+ kernel.function("sys_epoll_ctl").return {
+ name = "epoll_ctl.return"
+ }
# epoll_wait_______________________________________
-/* asmlinkage long sys_epoll_wait(int epfd,
- struct epoll_event __user *events,
- int maxevents, int timeout) */
+/*
+ * asmlinkage long
+ * sys_epoll_wait(int epfd,
+ * struct epoll_event __user *events,
+ * int maxevents,
+ * int timeout)
+ */
probe kernel.syscall.epoll_wait =
- kernel.function("sys_epoll_wait") {
- name = "epoll_wait"
- epfd = $epfd
- /*
- events_events = $events->events
- events_events_str =
- _epoll_events_str($events->events)
- events_data_ptr = $events->data->ptr
- events_data_fd = $events->data->fd
- events_data_u32 = $events->data->u32
- events_data_u64 = $events->data->u64
- */
- maxevents = $maxevents
- timeout = $timeout
- }
-
+ kernel.function("sys_epoll_wait") {
+ name = "epoll_wait"
+ epfd = $epfd
+ events_uaddr = $events
+ maxevents = $maxevents
+ timeout = $timeout
+ }
probe kernel.syscall.epoll_wait.return =
- kernel.function("sys_epoll_wait").return {
- name = "epoll_wait.return"
- epfd = $epfd
- /*
- events_events = $events->events
- events_events_str =
- _epoll_events_str($events->events)
- events_data_ptr = $events->data->ptr
- events_data_fd = $events->data->fd
- events_data_u32 = $events->data->u32
- events_data_u64 = $events->data->u64
- */
- maxevents = $maxevents
- timeout = $timeout
- }
+ kernel.function("sys_epoll_wait").return {
+ name = "epoll_wait.return"
+ }
# gethostname______________________________________
-/* asmlinkage long sys_gethostname(char __user *name,
- int len) */
+/*
+ * asmlinkage long
+ * sys_gethostname(char __user *name,
+ * int len)
+ */
probe kernel.syscall.gethostname =
- kernel.function("sys_gethostname") {
- name = "gethostname"
- len = $len
- }
-
+ kernel.function("sys_gethostname") {
+ name = "gethostname"
+ hostname_uaddr = $name
+ len = $len
+ }
probe kernel.syscall.gethostname.return =
- kernel.function("sys_gethostname").return {
- name = "gethostname.return"
- /*
- hostname = $name
- */
- len = $len
- }
+ kernel.function("sys_gethostname").return {
+ name = "gethostname.return"
+ }
# sethostname______________________________________
-/* asmlinkage long sys_sethostname(char __user *name, int len) */
+/*
+ * asmlinkage long
+ * sys_sethostname(char __user *name,
+ * int len)
+ */
probe kernel.syscall.sethostname =
- kernel.function("sys_sethostname") {
- name = "sethostname"
- /*
- hostname = $name
- */
- len = $len
- }
-
+ kernel.function("sys_sethostname") {
+ name = "sethostname"
+ hostname_uaddr = $name
+ len = $len
+ }
probe kernel.syscall.sethostname.return =
- kernel.function("sys_sethostname").return {
- name = "sethostname.return"
- /*
- hostname = $name
- */
- len = $len
- }
+ kernel.function("sys_sethostname").return {
+ name = "sethostname.return"
+ }
# setdomainname____________________________________
-/* asmlinkage long sys_setdomainname(char __user *name, int len) */
+/*
+ * asmlinkage long
+ * sys_setdomainname(char __user *name,
+ * int len)
+ */
probe kernel.syscall.setdomainname =
- kernel.function("sys_setdomainname") {
- name = "setdomainname"
- /*
- hostname = $name
- */
- len = $len
- }
-
+ kernel.function("sys_setdomainname") {
+ name = "setdomainname"
+ hostname_uaddr = $name
+ len = $len
+ }
probe kernel.syscall.setdomainname.return =
- kernel.function("sys_setdomainname").return {
- name = "setdomainname.return"
- /*
- hostname = $name
- */
- len = $len
- }
+ kernel.function("sys_setdomainname").return {
+ name = "setdomainname.return"
+ }
# newuname_________________________________________
-/* asmlinkage long sys_newuname(struct new_utsname __user * name) */
+/*
+ * asmlinkage long
+ * sys_newuname(struct new_utsname __user * name)
+ */
probe kernel.syscall.newuname =
- kernel.function("sys_newuname") {
- name = "newuname"
- /*
- name_sysname = $name->sysname
- name_nodename = $name->nodename
- name_release = $name->release
- name_version = $name->version
- name_machine = $name->machine
- name_domainname = $name->domainname
- */
- }
-
+ kernel.function("sys_newuname") {
+ name = "newuname"
+ name_uaddr = $name
+ }
probe kernel.syscall.newuname.return =
- kernel.function("sys_newuname").return {
- name = "newuname.return"
- /*
- name_sysname = $name->sysname
- name_nodename = $name->nodename
- name_release = $name->release
- name_version = $name->version
- name_machine = $name->machine
- name_domainname = $name->domainname
- */
- }
+ kernel.function("sys_newuname").return {
+ name = "newuname.return"
+ }
# getrlimit________________________________________
-/* asmlinkage long sys_getrlimit(unsigned int resource,
- struct rlimit __user *rlim) */
+/*
+ * asmlinkage long
+ * sys_getrlimit(unsigned int resource,
+ * struct rlimit __user *rlim)
+ */
probe kernel.syscall.getrlimit =
- kernel.function("sys_getrlimit") {
- name = "getrlimit"
- resource = $resource
- resource_str =
- _rlimit_resource_str($resource)
- }
-
+ kernel.function("sys_getrlimit") {
+ name = "getrlimit"
+ resource = $resource
+ resource_str = _rlimit_resource_str($resource)
+ rlim_uaddr = $rlim
+ }
probe kernel.syscall.getrlimit.return =
- kernel.function("sys_getrlimit").return {
- name = "getrlimit.return"
- resource = $resource
- resource_str =
- _rlimit_resource_str($resource)
- /*
- rlim_rlim_cur = $rlim->rlim_cur
- rlim_rlim_max = $rlim->rlim_max
- */
- }
+ kernel.function("sys_getrlimit").return {
+ name = "getrlimit.return"
+ }
# old_getrlimit____________________________________
-/* asmlinkage long sys_old_getrlimit(unsigned int resource,
- struct rlimit __user *rlim) */
+/*
+ * asmlinkage long
+ * sys_old_getrlimit(unsigned int resource,
+ * struct rlimit __user *rlim)
+ */
probe kernel.syscall.old_getrlimit =
- kernel.function("sys_old_getrlimit") {
- name = "old_getrlimit"
- resource = $resource
- resource_str =
- _rlimit_resource_str($resource)
- }
-
+ kernel.function("sys_old_getrlimit") {
+ name = "old_getrlimit"
+ resource = $resource
+ resource_str = _rlimit_resource_str($resource)
+ rlim_uaddr = $rlim
+ }
probe kernel.syscall.old_getrlimit.return =
- kernel.function("sys_old_getrlimit").return {
- name = "old_getrlimit.return"
- resource = $resource
- resource_str =
- _rlimit_resource_str($resource)
- /*
- rlim_rlim_cur = $rlim->rlim_cur
- rlim_rlim_max = $rlim->rlim_max
- */
- }
+ kernel.function("sys_old_getrlimit").return {
+ name = "old_getrlimit.return"
+ }
# setrlimit________________________________________
-/* asmlinkage long sys_setrlimit(unsigned int resource,
- struct rlimit __user *rlim) */
+/*
+ * asmlinkage long
+ * sys_setrlimit(unsigned int resource,
+ * struct rlimit __user *rlim)
+ */
probe kernel.syscall.setrlimit =
- kernel.function("sys_setrlimit") {
- name = "setrlimit"
- resource = $resource
- resource_str =
- _rlimit_resource_str($resource)
- /*
- rlim_rlim_cur = $rlim->rlim_cur
- rlim_rlim_max = $rlim->rlim_max
- */
- }
-
+ kernel.function("sys_setrlimit") {
+ name = "setrlimit"
+ resource = $resource
+ resource_str = _rlimit_resource_str($resource)
+ rlim_uaddr = $rlim
+ }
probe kernel.syscall.setrlimit.return =
- kernel.function("sys_setrlimit").return {
- name = "setrlimit.return"
- resource = $resource
- resource_str =
- _rlimit_resource_str($resource)
- /*
- rlim_rlim_cur = $rlim->rlim_cur
- rlim_rlim_max = $rlim->rlim_max
- */
- }
+ kernel.function("sys_setrlimit").return {
+ name = "setrlimit.return"
+ }
# getrusage________________________________________
-/* asmlinkage long sys_getrusage(int who, struct rusage __user *ru) */
+/*
+ * asmlinkage long
+ * sys_getrusage(int who,
+ * struct rusage __user *ru)
+ */
probe kernel.syscall.getrusage =
- kernel.function("sys_getrusage") {
- name = "getrusage"
- who = $who
- who_str =
- _rusage_who_str($who)
- /*
- usage_ru_utime_tv_sec = $ru->ru_utime->tv_sec
- usage_ru_utime_tv_usec = $ru->ru_utime->tv_usec
- usage_ru_stime_tv_sec = $ru->ru_stime->tv_sec
- usage_ru_stime_tv_sec = $ru->ru_stime->tv_sec
- usage_ru_maxrss = $ru->ru_maxrss
- usage_ru_ixrss = $ru->ru_ixrss
- usage_ru_idrss = $ru->ru_idrss
- usage_ru_isrss = $ru->ru_isrss
- usage_ru_minflt = $ru->ru_minflt
- usage_ru_majflt = $ru->ru_majflt
- usage_ru_nswap = $ru->ru_nswap
- usage_ru_inblock = $ru->ru_inblock
- usage_ru_oublock = $ru->ru_oublock
- usage_ru_msgsnd = $ru->ru_msgsnd
- usage_ru_msgrcv = $ru->ru_msgrcv
- usage_ru_nsignals = $ru->ru_nsignals
- usage_ru_nvcsw = $ru->ru_nvcsw
- usage_ru_nivcsw = $ru->ru_nivcsw
- */
- }
-
+ kernel.function("sys_getrusage") {
+ name = "getrusage"
+ who = $who
+ who_str = _rusage_who_str($who)
+ usage_uaddr = $ru
+ }
probe kernel.syscall.getrusage.return =
- kernel.function("sys_getrusage").return {
- name = "getrusage.return"
- who = $who
- who_str =
- _rusage_who_str($who)
- /*
- usage_ru_utime_tv_sec = $ru->ru_utime->tv_sec
- usage_ru_utime_tv_usec = $ru->ru_utime->tv_usec
- usage_ru_stime_tv_sec = $ru->ru_stime->tv_sec
- usage_ru_stime_tv_sec = $ru->ru_stime->tv_sec
- usage_ru_maxrss = $ru->ru_maxrss
- usage_ru_ixrss = $ru->ru_ixrss
- usage_ru_idrss = $ru->ru_idrss
- usage_ru_isrss = $ru->ru_isrss
- usage_ru_minflt = $ru->ru_minflt
- usage_ru_majflt = $ru->ru_majflt
- usage_ru_nswap = $ru->ru_nswap
- usage_ru_inblock = $ru->ru_inblock
- usage_ru_oublock = $ru->ru_oublock
- usage_ru_msgsnd = $ru->ru_msgsnd
- usage_ru_msgrcv = $ru->ru_msgrcv
- usage_ru_nsignals = $ru->ru_nsignals
- usage_ru_nvcsw = $ru->ru_nvcsw
- usage_ru_nivcsw = $ru->ru_nivcsw
- */
- }
+ kernel.function("sys_getrusage").return {
+ name = "getrusage.return"
+ }
# umask____________________________________________
-/* asmlinkage long sys_umask(int mask) */
+/*
+ * asmlinkage long
+ * sys_umask(int mask)
+ */
probe kernel.syscall.umask =
- kernel.function("sys_umask") {
- name = "umask"
- mask = $mask
- }
-
+ kernel.function("sys_umask") {
+ name = "umask"
+ mask = $mask
+ }
probe kernel.syscall.umask.return =
- kernel.function("sys_umask").return {
- name = "umask.return"
- mask = $mask
- }
+ kernel.function("sys_umask").return {
+ name = "umask.return"
+ }
# msgget___________________________________________
-/* asmlinkage long sys_msgget (key_t key, int msgflg) */
+/*
+ * asmlinkage long
+ * sys_msgget (key_t key,
+ * int msgflg)
+ */
probe kernel.syscall.msgget =
- kernel.function("sys_msgget") {
- name = "msgget"
- key = $key
- msgflg = $msgflg
- msgflg_str = _sys_open_flag_str($msgflg)
- }
-
+ kernel.function("sys_msgget") {
+ name = "msgget"
+ key = $key
+ msgflg = $msgflg
+ msgflg_str = _sys_open_flag_str($msgflg)
+ }
probe kernel.syscall.msgget.return =
- kernel.function("sys_msgget").return {
- name = "msgget.return"
- key = $key
- msgflg = $msgflg
- msgflg_str = _sys_open_flag_str($msgflg)
- }
+ kernel.function("sys_msgget").return {
+ name = "msgget.return"
+ }
# msgsnd___________________________________________
-/* asmlinkage long sys_msgsnd (int msqid,
- struct msgbuf __user *msgp,
- size_t msgsz, int msgflg) */
+/*
+ * asmlinkage long
+ * sys_msgsnd (int msqid,
+ * struct msgbuf __user *msgp,
+ * size_t msgsz,
+ * int msgflg)
+ */
probe kernel.syscall.msgsnd =
- kernel.function("sys_msgsnd") {
- name = "msgsnd"
- msqid = $msqid
- /*
- msgp_mtype = $msgp->mtype
- msgp_mtext = $msgp->mtext
- */
- msgsz = $msgsz
- msgflg = $msgflg
- }
-
+ kernel.function("sys_msgsnd") {
+ name = "msgsnd"
+ msqid = $msqid
+ msgp_uaddr = $msgp
+ msgsz = $msgsz
+ msgflg = $msgflg
+ }
probe kernel.syscall.msgsnd.return =
- kernel.function("sys_msgsnd").return {
- name = "msgsnd.return"
- msqid = $msqid
- /*
- msgp_mtype = $msgp->mtype
- msgp_mtext = $msgp->mtext
- */
- msgsz = $msgsz
- msgflg = $msgflg
- }
+ kernel.function("sys_msgsnd").return {
+ name = "msgsnd.return"
+ }
# msgrcv___________________________________________
-/* asmlinkage long sys_msgrcv (int msqid, struct msgbuf __user *msgp, size_t msgsz,
- long msgtyp, int msgflg) */
+/*
+ * asmlinkage long
+ * sys_msgrcv (int msqid,
+ * struct msgbuf __user *msgp,
+ * size_t msgsz,
+ * long msgtyp,
+ * int msgflg)
+ */
probe kernel.syscall.msgrcv =
- kernel.function("sys_msgrcv") {
- name = "msgrcv"
- msqid = $msqid
- msgsz = $msgsz
- msgtyp = $msgtyp
- msgflg = $msgflg
- }
-
+ kernel.function("sys_msgrcv") {
+ name = "msgrcv"
+ msqid = $msqid
+ msgp_uaddr = $msgp
+ msgsz = $msgsz
+ msgtyp = $msgtyp
+ msgflg = $msgflg
+ }
probe kernel.syscall.msgrcv.return =
- kernel.function("sys_msgrcv").return {
- name = "msgrcv.return"
- msqid = $msqid
- /*
- msgp_mtype = $msgp->mtype
- msgp_mtext = $msgp->mtext
- */
- msgsz = $msgsz
- msgtyp = $msgtyp
- msgflg = $msgflg
- }
+ kernel.function("sys_msgrcv").return {
+ name = "msgrcv.return"
+ }
# msgctl___________________________________________
-/* asmlinkage long sys_msgctl (int msqid, int cmd,
- struct msqid_ds __user *buf) */
+/*
+ * asmlinkage long
+ * sys_msgctl (int msqid,
+ * int cmd,
+ * struct msqid_ds __user *buf)
+ */
probe kernel.syscall.msgctl =
- kernel.function("sys_msgctl") {
- name = "msgctl"
- msqid = $msqid
- cmd = $cmd
- /*
- buf_msg_perm_key = $buf->msg_perm->key
- buf_msg_perm_uid = $buf->msg_perm->uid
- buf_msg_perm_gid = $buf->msg_perm->gid
- buf_msg_perm_cuid = $buf->msg_perm->cuid
- buf_msg_perm_cgid = $buf->msg_perm->cgid
- buf_msg_perm_mode = $buf->msg_perm->mode
- buf_msg_perm_seq = $buf->msg_perm->seq
-
- buf_msg_stime = $buf->msg_stime
- buf_msg_rtime = $buf->msg_rtime
- buf_msg_ctime = $buf->msg_ctime
- buf_msg_lcbytes = $buf->msg_lcbytes
- buf_msg_lqbytes = $buf->msg_lqbytes
- buf_msg_cbytes = $buf->msg_cbytes
- buf_msg_qnum = $buf->msg_qnum
- buf_msg_qbytes = $buf->msg_qbytes
- buf_msg_lspid = $msg->msg_lspid
- */
- }
-
+ kernel.function("sys_msgctl") {
+ name = "msgctl"
+ msqid = $msqid
+ cmd = $cmd
+ buf_uaddr = $buf
+ }
probe kernel.syscall.msgctl.return =
- kernel.function("sys_msgctl").return {
- name = "msgctl.return"
- msqid = $msqid
- cmd = $cmd
- /*
- buf_msg_perm_key = $buf->msg_perm->key
- buf_msg_perm_uid = $buf->msg_perm->uid
- buf_msg_perm_gid = $buf->msg_perm->gid
- buf_msg_perm_cuid = $buf->msg_perm->cuid
- buf_msg_perm_cgid = $buf->msg_perm->cgid
- buf_msg_perm_mode = $buf->msg_perm->mode
- buf_msg_perm_seq = $buf->msg_perm->seq
-
- buf_msg_stime = $buf->msg_stime
- buf_msg_rtime = $buf->msg_rtime
- buf_msg_ctime = $buf->msg_ctime
- buf_msg_lcbytes = $buf->msg_lcbytes
- buf_msg_lqbytes = $buf->msg_lqbytes
- buf_msg_cbytes = $buf->msg_cbytes
- buf_msg_qnum = $buf->msg_qnum
- buf_msg_qbytes = $buf->msg_qbytes
- buf_msg_lspid = $msg->msg_lspid
- */
- }
+ kernel.function("sys_msgctl").return {
+ name = "msgctl.return"
+ }
# semget___________________________________________
-/* asmlinkage long sys_semget (key_t key,
- int nsems,
- int semflg) */
+/*
+ * asmlinkage long
+ * sys_semget (key_t key,
+ * int nsems,
+ * int semflg)
+ */
probe kernel.syscall.semget =
- kernel.function("sys_semget") {
- name = "semget"
- key = $key
- nsems = $nsems
- semflg = $semflg
- }
-
+ kernel.function("sys_semget") {
+ name = "semget"
+ key = $key
+ nsems = $nsems
+ semflg = $semflg
+ }
probe kernel.syscall.semget.return =
- kernel.function("sys_semget").return {
- name = "semget.return"
- key = $key
- nsems = $nsems
- semflg = $semflg
- }
+ kernel.function("sys_semget").return {
+ name = "semget.return"
+ }
# semop____________________________________________
-/* asmlinkage long sys_semop (int semid,
- struct sembuf __user *tsops,
- unsigned nsops) */
+/*
+ * asmlinkage long
+ * sys_semop (int semid,
+ * struct sembuf __user *tsops,
+ * unsigned nsops)
+ */
probe kernel.syscall.semop =
- kernel.function("sys_semtimedop") {
- name = "semop"
- semid = $semid
- /*
- Each of the nsops elements in the array pointed to by sops
- */
- nsops = $nsops
- }
-
+ kernel.function("sys_semtimedop") {
+ name = "semop"
+ semid = $semid
+ tsops_uaddr = $tsops
+ nsops = $nsops
+ }
probe kernel.syscall.semop.return =
- kernel.function("sys_semtimedop").return {
- name = "semop.return"
- semid = $semid
- /*
- Each of the nsops elements in the array pointed to by sops
- */
- nsops = $nsops
- }
+ kernel.function("sys_semtimedop").return {
+ name = "semop.return"
+ }
# semctl___________________________________________
-/* asmlinkage long sys_semctl (int semid, int semnum,
- int cmd, union semun arg) */
+/*
+ * asmlinkage long
+ * sys_semctl (int semid,
+ * int semnum,
+ * int cmd,
+ * union semun arg)
+ */
probe kernel.syscall.semctl =
- kernel.function("sys_semctl") {
- name = "semctl"
- semid = $semid
- semnum = $semnum
- cmd = $cmd
- /*
- TODO Implement _semctl_cmd_str()
- cmd_str = _semctl_cmd_str($cmd)
- */
- }
-
+ kernel.function("sys_semctl") {
+ name = "semctl"
+ semid = $semid
+ semnum = $semnum
+ cmd = $cmd
+ arg = $arg
+ }
probe kernel.syscall.semctl.return =
- kernel.function("sys_semctl").return {
- name = "semctl.return"
- semid = $semid
- semnum = $semnum
- cmd = $cmd
- /*
- TODO Implement _semctl_cmd_str()
- cmd_str = _semctl_cmd_str($cmd)
- */
- }
+ kernel.function("sys_semctl").return {
+ name = "semctl.return"
+ }
# semtimedop_______________________________________
-/* asmlinkage long sys_semtimedop(int semid, struct sembuf __user *tsops,
- unsigned nsops, const struct timespec __user *timeout) */
+/*
+ * asmlinkage long
+ * sys_semtimedop(int semid,
+ * struct sembuf __user *tsops,
+ * unsigned nsops,
+ * const struct timespec __user *timeout)
+ */
probe kernel.syscall.semtimedop =
- kernel.function("sys_semtimedop") {
- name = "semtimedop"
- semid = $semid
- /*
- sops_sem_num = $tsops->sem_num
- sops_sem_op = $tsops->sem_op
- sops_sem_flg = $tsops->sem_flg
- */
- nsops = $nsops
- /*
- timeout_tv_sec = $timeout->tv_sec
- timeout_tv_nsec = $timeout->tv_nsec
- */
- }
-
+ kernel.function("sys_semtimedop") {
+ name = "semtimedop"
+ semid = $semid
+ sops_uaddr = $tsops
+ nsops = $nsops
+ timeout_uaddr = $timeout
+ }
probe kernel.syscall.semtimedop.return =
- kernel.function("sys_semtimedop").return {
- name = "semtimedop.return"
- /*
- sops_sem_num = $tsops->sem_num
- sops_sem_op = $tsops->sem_op
- sops_sem_flg = $tsops->sem_flg
- */
- nsops = $nsops
- /*
- timeout_tv_sec = $timeout->tv_sec
- timeout_tv_nsec = $timeout->tv_nsec
- */
- }
+ kernel.function("sys_semtimedop").return {
+ name = "semtimedop.return"
+ }
# shmat____________________________________________
-/* asmlinkage long sys_shmat(int shmid, char __user *shmaddr,
- int shmflg, unsigned long *addr) */
+/*
+ * asmlinkage long
+ * sys_shmat(int shmid,
+ * char __user *shmaddr,
+ * int shmflg,
+ * unsigned long *addr)
+ */
probe kernel.syscall.shmat =
- kernel.function("sys_shmat") {
- name = "shmat"
- shmid = $shmid
- /*
- shmaddr = $shmaddr
- */
- shmflg = $shmflg
- /*
- addr = $addr
- */
- }
-
+ kernel.function("sys_shmat") {
+ name = "shmat"
+ shmid = $shmid
+ shmaddr_uaddr = $shmaddr
+ shmflg = $shmflg
+ }
probe kernel.syscall.shmat.return =
- kernel.function("sys_shmat").return {
- name = "shmat.return"
- shmid = $shmid
- /*
- shmaddr = $shmaddr
- */
- shmflg = $shmflg
- /*
- addr = $addr
- */
- }
+ kernel.function("sys_shmat").return {
+ name = "shmat.return"
+ }
# shmget___________________________________________
-/* asmlinkage long sys_shmget (key_t key, size_t size, int shmflg) */
+/*
+ * asmlinkage long
+ * sys_shmget (key_t key,
+ * size_t size,
+ * int shmflg)
+ */
probe kernel.syscall.shmget =
- kernel.function("sys_shmget") {
- name = "shmget"
- key = $key
- size = $size
- shmflg = $shmflg
- }
-
+ kernel.function("sys_shmget") {
+ name = "shmget"
+ key = $key
+ size = $size
+ shmflg = $shmflg
+ }
probe kernel.syscall.shmget.return =
- kernel.function("sys_shmget").return {
- name = "shmget.return"
- key = $key
- size = $size
- shmflg = $shmflg
- }
+ kernel.function("sys_shmget").return {
+ name = "shmget.return"
+ }
# shmdt____________________________________________
-/* asmlinkage long sys_shmdt(char __user *shmaddr) */
+/*
+ * asmlinkage long
+ * sys_shmdt(char __user *shmaddr)
+ */
probe kernel.syscall.shmdt =
- kernel.function("sys_shmdt") {
- name = "shmdt"
- /*
- shmaddr = $shmaddr
- */
- }
-
+ kernel.function("sys_shmdt") {
+ name = "shmdt"
+ shmaddr_uaddr = $shmaddr
+ }
probe kernel.syscall.shmdt.return =
- kernel.function("sys_shmdt").return {
- name = "shmdt.return"
- /*
- shmaddr = $shmaddr
- */
- }
+ kernel.function("sys_shmdt").return {
+ name = "shmdt.return"
+ }
# shmctl___________________________________________
-/* asmlinkage long sys_shmctl (int shmid, int cmd,
- struct shmid_ds __user *buf) */
+/*
+ * asmlinkage long
+ * sys_shmctl (int shmid,
+ * int cmd,
+ * struct shmid_ds __user *buf)
+ */
probe kernel.syscall.shmctl =
- kernel.function("sys_shmctl") {
- name = "shmctl"
- shmid = $shmid
- cmd = $cmd
- /*
- buf_shm_perm_key = $buf->shm_perm->key
- buf_shm_perm_uid = $buf->shm_perm->uid
- buf_shm_perm_gid = $buf->shm_perm->gid
- buf_shm_perm_cuid = $buf->shm_perm->cuid
- buf_shm_perm_cgid = $buf->shm_perm->cgid
- buf_shm_perm_mode = $buf->shm_perm->mode
- buf_shm_perm_seq = $buf->shm_perm->seq
-
- buf_shm_segsz = $buf->shm_segsz
- buf_shm_atime = $buf->shm_atime
- buf_shm_dtime = $buf->shm_dtime
- buf_shm_ctime = $buf->shm_ctime
- buf_shm_cpid = $buf->shm_cpid
- buf_shm_lpid = $buf->shm_lpid
- buf_shm_nattch = $buf->shm_nattch
- */
- }
-
+ kernel.function("sys_shmctl") {
+ name = "shmctl"
+ shmid = $shmid
+ cmd = $cmd
+ buf_uaddr = $buf
+ }
probe kernel.syscall.shmctl.return =
- kernel.function("sys_shmctl").return {
- name = "shmctl.return"
- shmid = $shmid
- cmd = $cmd
- /*
- buf_shm_perm_key = $buf->shm_perm->key
- buf_shm_perm_uid = $buf->shm_perm->uid
- buf_shm_perm_gid = $buf->shm_perm->gid
- buf_shm_perm_cuid = $buf->shm_perm->cuid
- buf_shm_perm_cgid = $buf->shm_perm->cgid
- buf_shm_perm_mode = $buf->shm_perm->mode
- buf_shm_perm_seq = $buf->shm_perm->seq
-
- buf_shm_segsz = $buf->shm_segsz
- buf_shm_atime = $buf->shm_atime
- buf_shm_dtime = $buf->shm_dtime
- buf_shm_ctime = $buf->shm_ctime
- buf_shm_cpid = $buf->shm_cpid
- buf_shm_lpid = $buf->shm_lpid
- buf_shm_nattch = $buf->shm_nattch
- */
- }
+ kernel.function("sys_shmctl").return {
+ name = "shmctl.return"
+ }
# mq_open__________________________________________
-/* asmlinkage long sys_mq_open(const char __user *u_name, int oflag, mode_t mode,
- struct mq_attr __user *u_attr) */
+/*
+ * asmlinkage long
+ * sys_mq_open(const char __user *u_name,
+ * int oflag,
+ * mode_t mode,
+ * struct mq_attr __user *u_attr)
+ */
probe kernel.syscall.mq_open =
- kernel.function("sys_mq_open") {
- name = "mq_open"
- /*
- name = u_name
- */
- oflag = $oflag
- /* TODO implement _mq_open_oflg_str() */
- /* oflag_str = _mq_open_oflg_str() */
- /*
- u_attr_mq_flags = $u_attr->mq_flags
- u_attr_mq_maxmsg = $u_attr->mq_maxmsg
- u_attr_mq_msgsize = $u_attr->mq_msgsize
- u_attr_mq_curmsgs = $u_attr->mq_curmsgs
- */
- }
-
+ kernel.function("sys_mq_open") {
+ name = "mq_open"
+ name_uaddr = $u_name
+ oflag = $oflag
+ mode = $mode
+ u_attr_uaddr = $u_attr
+ }
probe kernel.syscall.mq_open.return =
- kernel.function("sys_mq_open").return {
- name = "mq_open.return"
- /*
- name = u_name
- */
- oflag = $oflag
- /* TODO implement _mq_open_oflg_str() */
- /* oflag_str = _mq_open_oflg_str() */
- /*
- u_attr_mq_flags = $u_attr->mq_flags
- u_attr_mq_maxmsg = $u_attr->mq_maxmsg
- u_attr_mq_msgsize = $u_attr->mq_msgsize
- u_attr_mq_curmsgs = $u_attr->mq_curmsgs
- */
- }
+ kernel.function("sys_mq_open").return {
+ name = "mq_open.return"
+ }
# mq_unlink________________________________________
-/* asmlinkage long sys_mq_unlink(const char __user *u_name) */
+/*
+ * asmlinkage long
+ * sys_mq_unlink(const char __user *u_name)
+ */
probe kernel.syscall.mq_unlink =
- kernel.function("sys_mq_unlink") {
- name = "mq_unlink"
- /*
- u_name = $u_name
- */
- }
-
+ kernel.function("sys_mq_unlink") {
+ name = "mq_unlink"
+ u_name_uaddr = $u_name
+ }
probe kernel.syscall.mq_unlink.return =
- kernel.function("sys_mq_unlink").return {
- name = "mq_unlink.return"
- /*
- u_name = $u_name
- */
- }
+ kernel.function("sys_mq_unlink").return {
+ name = "mq_unlink.return"
+ }
# mq_timedsend_____________________________________
-/* asmlinkage long sys_mq_timedsend(mqd_t mqdes,
- const char __user *u_msg_ptr,
- size_t msg_len,
- unsigned int msg_prio,
- const struct timespec __user *u_abs_timeout) */
+/*
+ * asmlinkage long
+ * sys_mq_timedsend(mqd_t mqdes,
+ * const char __user *u_msg_ptr,
+ * size_t msg_len,
+ * unsigned int msg_prio,
+ * const struct timespec __user *u_abs_timeout)
+ */
probe kernel.syscall.mq_timedsend =
- kernel.function("sys_mq_timedsend") {
- name = "mq_timedsend"
- mqdes = $mqdes
- /*
- msg_ptr = $u_msg_ptr
- */
- msg_len = $msg_len
- msg_prio = $msg_prio
- /*
- abs_timeout_tv_sec = $u_abs_timeout->tv_sec
- abs_timeout_tv_usec = $u_abs_timeout->tv_usec
- */
- }
-
+ kernel.function("sys_mq_timedsend") {
+ name = "mq_timedsend"
+ mqdes = $mqdes
+ msg_ptr_uaddr = $u_msg_ptr
+ msg_len = $msg_len
+ msg_prio = $msg_prio
+ abs_timeout_uaddr = $u_abs_timeout
+ }
probe kernel.syscall.mq_timedsend.return =
- kernel.function("sys_mq_timedsend").return {
- name = "mq_timedsend.return"
- mqdes = $mqdes
- /*
- msg_ptr = $u_msg_ptr
- */
- msg_len = $msg_len
- msg_prio = $msg_prio
- /*
- abs_timeout_tv_sec = $u_abs_timeout->tv_sec
- abs_timeout_tv_usec = $u_abs_timeout->tv_usec
- */
- }
+ kernel.function("sys_mq_timedsend").return {
+ name = "mq_timedsend.return"
+ }
# mq_timedreceive__________________________________
-/* asmlinkage ssize_t sys_mq_timedreceive(mqd_t mqdes,
- char __user *u_msg_ptr,
- size_t msg_len,
- unsigned int __user *u_msg_prio,
- const struct timespec __user *u_abs_timeout) */
+/*
+ * asmlinkage ssize_t
+ * sys_mq_timedreceive(mqd_t mqdes,
+ * char __user *u_msg_ptr,
+ * size_t msg_len,
+ * unsigned int __user *u_msg_prio,
+ * const struct timespec __user *u_abs_timeout)
+ */
probe kernel.syscall.mq_timedreceive =
- kernel.function("sys_mq_timedreceive") {
- name = "mq_timedreceive"
- mqdes = $mqdes
- /*
- msg_ptr = $u_msg_ptr
- */
- msg_len = $msg_len
- /*
- msg_prio = $u_msg_prio
- abs_timout_tv_sec = $u_abs_timeout->tv_sec
- abs_timout_tv_usec = $u_abs_timeout->tv_usec
- */
- }
-
+ kernel.function("sys_mq_timedreceive") {
+ name = "mq_timedreceive"
+ mqdes = $mqdes
+ msg_ptr_uaddr = $u_msg_ptr
+ msg_len = $msg_len
+ msg_prio_uaddr = $u_msg_prio
+ abs_timout_uaddr = $u_abs_timeout
+ }
probe kernel.syscall.mq_timedreceive.return =
- kernel.function("sys_mq_timedreceive").return {
- name = "mq_timedreceive.return"
- mqdes = $mqdes
- /*
- msg_ptr = $u_msg_ptr
- */
- msg_len = $msg_len
- /*
- msg_prio = $u_msg_prio
- abs_timout_tv_sec = $u_abs_timeout->tv_sec
- abs_timout_tv_usec = $u_abs_timeout->tv_usec
- */
- }
+ kernel.function("sys_mq_timedreceive").return {
+ name = "mq_timedreceive.return"
+ }
# mq_notify________________________________________
-/* asmlinkage long sys_mq_notify(mqd_t mqdes,
- const struct sigevent __user *u_notification) */
+/*
+ * asmlinkage long
+ * sys_mq_notify(mqd_t mqdes,
+ * const struct sigevent __user *u_notification)
+ */
probe kernel.syscall.mq_notify =
- kernel.function("sys_mq_notify") {
- name = "mq_notify"
- mqdes = $mqdes
- /*
- TODO requires embedded auxf to export
- typedef struct sigevent {
- sigval_t sigev_value;
- int sigev_signo;
- int sigev_notify;
- union {
- int _pad[SIGEV_PAD_SIZE];
- int _tid;
- struct {
- void (*_function)(sigval_t);
- void *_attribute; // really pthread_attr_t
- } _sigev_thread;
- } _sigev_un;
- } sigevent_t;
- */
- }
-
+ kernel.function("sys_mq_notify") {
+ name = "mq_notify"
+ mqdes = $mqdes
+ notification_uaddr = $u_notification
+ }
probe kernel.syscall.mq_notify.return =
- kernel.function("sys_mq_notify").return {
- name = "mq_notify.return"
- mqdes = $mqdes
- /*
- TODO requires embedded auxf to export
- typedef struct sigevent {
- sigval_t sigev_value;
- int sigev_signo;
- int sigev_notify;
- union {
- int _pad[SIGEV_PAD_SIZE];
- int _tid;
- struct {
- void (*_function)(sigval_t);
- void *_attribute; // really pthread_attr_t
- } _sigev_thread;
- } _sigev_un;
- } sigevent_t;
- */
- }
+ kernel.function("sys_mq_notify").return {
+ name = "mq_notify.return"
+ }
# mq_getsetattr____________________________________
-/* asmlinkage long sys_mq_getsetattr(mqd_t mqdes,
- const struct mq_attr __user *u_mqstat,
- struct mq_attr __user *u_omqstat) */
+/*
+ * asmlinkage long
+ * sys_mq_getsetattr(mqd_t mqdes,
+ * const struct mq_attr __user *u_mqstat,
+ * struct mq_attr __user *u_omqstat)
+ */
probe kernel.syscall.mq_getsetattr =
- kernel.function("sys_mq_getsetattr") {
- name = "mq_getsetattr"
- mqdes = $mqdes
- /*
- u_mqstat_mq_flags = $u_mqstat->mq_flags
- u_mqstat_mq_maxmsg = $u_mqstat->mq_maxmsg
- u_mqstat_mq_msgsize = $u_mqstat->mq_msgsize
- u_mqstat_mq_curmsgs = $u_mqstat->mq_curmsgs
-
- u_omqstat_mq_flags = $u_omqstat->mq_flags
- u_omqstat_mq_maxmsg = $u_omqstat->mq_maxmsg
- u_omqstat_mq_msgsize = $u_omqstat->mq_msgsize
- u_omqstat_mq_curmsgs = $u_omqstat->mq_curmsgs
- */
- }
-
+ kernel.function("sys_mq_getsetattr") {
+ name = "mq_getsetattr"
+ mqdes = $mqdes
+ u_mqstat_uaddr = $u_mqstat
+ u_omqstat_uaddr = $u_omqstat
+ }
probe kernel.syscall.mq_getsetattr.return =
- kernel.function("sys_mq_getsetattr").return {
- name = "mq_getsetattr.return"
- mqdes = $mqdes
- /*
- u_mqstat_mq_flags = $u_mqstat->mq_flags
- u_mqstat_mq_maxmsg = $u_mqstat->mq_maxmsg
- u_mqstat_mq_msgsize = $u_mqstat->mq_msgsize
- u_mqstat_mq_curmsgs = $u_mqstat->mq_curmsgs
-
- u_omqstat_mq_flags = $u_omqstat->mq_flags
- u_omqstat_mq_maxmsg = $u_omqstat->mq_maxmsg
- u_omqstat_mq_msgsize = $u_omqstat->mq_msgsize
- u_omqstat_mq_curmsgs = $u_omqstat->mq_curmsgs
- */
- }
+ kernel.function("sys_mq_getsetattr").return {
+ name = "mq_getsetattr.return"
+ }
# pciconfig_iobase_________________________________
-/* asmlinkage long
- sys_pciconfig_iobase(long which, unsigned long bus,
- unsigned long dfn) */
+/*
+ * asmlinkage long
+ * sys_pciconfig_iobase(long which,
+ * unsigned long bus,
+ * unsigned long dfn)
+ */
probe kernel.syscall.pciconfig_iobase =
- kernel.function("sys_pciconfig_iobase") {
- name = "pciconfig_iobase"
- which = $which
- bus = $bus
- dfn = $dfn
- }
-
+ kernel.function("sys_pciconfig_iobase") {
+ name = "pciconfig_iobase"
+ which = $which
+ bus = $bus
+ dfn = $dfn
+ }
probe kernel.syscall.pciconfig_iobase.return =
- kernel.function("sys_pciconfig_iobase").return {
- name = "pciconfig_iobase.return"
- which = $which
- bus = $bus
- dfn = $dfn
- }
+ kernel.function("sys_pciconfig_iobase").return {
+ name = "pciconfig_iobase.return"
+ }
# pciconfig_read___________________________________
-/* NOTE: This is a nop function: PCI interation is
- handled at the kernel PCI layer. Not used. */
-/* asmlinkage int sys_pciconfig_read(unsigned long bus, unsigned long dfn,
- unsigned long off, unsigned long len,
- unsigned char *buf) { return 0; } */
+/*
+ * asmlinkage int
+ * sys_pciconfig_read(unsigned long bus,
+ * unsigned long dfn,
+ * unsigned long off,
+ * unsigned long len,
+ * unsigned char *buf)
+ * { return 0; }
+ */
probe kernel.syscall.pciconfig_read =
- kernel.function("sys_pciconfig_read") {
- name = "pciconfig_read"
- bus = $bus
- dfn = $dfn
- off = $off
- len = $len
- /*
- buf = $buf
- */
- }
-
+ kernel.function("sys_pciconfig_read") {
+ name = "pciconfig_read"
+ bus = $bus
+ dfn = $dfn
+ off = $off
+ len = $len
+ buf_uaddr = $buf
+ }
probe kernel.syscall.pciconfig_read.return =
- kernel.function("sys_pciconfig_read").return {
- name = "pciconfig_read.return"
- bus = $bus
- dfn = $dfn
- off = $off
- len = $len
- /*
- buf = $buf
- */
- }
+ kernel.function("sys_pciconfig_read").return {
+ name = "pciconfig_read.return"
+ }
# pciconfig_write__________________________________
-/* NOTE: This is a nop function: PCI interation is
- handled at the kernel PCI layer. Not used. */
-/* asmlinkage int sys_pciconfig_write(unsigned long bus, unsigned long dfn,
- unsigned long off, unsigned long len,
- unsigned char *buf) */
+/*
+ * asmlinkage int
+ * sys_pciconfig_write(unsigned long bus,
+ * unsigned long dfn,
+ * unsigned long off,
+ * unsigned long len,
+ * unsigned char *buf)
+ */
probe kernel.syscall.pciconfig_write =
- kernel.function("sys_pciconfig_write") {
- name = "pciconfig_write"
- bus = $bus
- dfn = $dfn
- off = $off
- len = $len
- /*
- buf = $buf
- */
- }
-
+ kernel.function("sys_pciconfig_write") {
+ name = "pciconfig_write"
+ bus = $bus
+ dfn = $dfn
+ off = $off
+ len = $len
+ buf_uaddr = $buf
+ }
probe kernel.syscall.pciconfig_write.return =
- kernel.function("sys_pciconfig_write").return {
- name = "pciconfig_write.return"
- bus = $bus
- dfn = $dfn
- off = $off
- len = $len
- /*
- buf = $buf
- */
- }
+ kernel.function("sys_pciconfig_write").return {
+ name = "pciconfig_write.return"
+ }
# prctl____________________________________________
-/* asmlinkage long sys_prctl(int option, unsigned long arg2, unsigned long arg3,
- unsigned long arg4, unsigned long arg5) */
+/*
+ * asmlinkage long
+ * sys_prctl(int option,
+ * unsigned long arg2,
+ * unsigned long arg3,
+ * unsigned long arg4,
+ * unsigned long arg5)
+ */
probe kernel.syscall.prctl =
- kernel.function("sys_prctl") {
- name = "prctl"
- options = $options
- arg2 = $arg2
- arg3 = $arg3
- arg4 = $arg4
- arg5 = $arg5
- }
-
+ kernel.function("sys_prctl") {
+ name = "prctl"
+ option = $option
+ arg2 = $arg2
+ arg3 = $arg3
+ arg4 = $arg4
+ arg5 = $arg5
+ }
probe kernel.syscall.prctl.return =
- kernel.function("sys_prctl").return {
- name = "prctl.return"
- options = $options
- arg2 = $arg2
- arg3 = $arg3
- arg4 = $arg4
- arg5 = $arg5
- }
+ kernel.function("sys_prctl").return {
+ name = "prctl.return"
+ }
# swapon___________________________________________
-/* asmlinkage long sys_swapon(const char __user * specialfile,
- int swap_flags) */
+/*
+ * asmlinkage long
+ * sys_swapon(const char __user * specialfile,
+ * int swap_flags)
+ */
probe kernel.syscall.swapon =
- kernel.function("sys_swapon") {
- name = "swapon"
- /*
- path = $specialfile
- */
- swapflags = $swapflags
- }
-
+ kernel.function("sys_swapon") {
+ name = "swapon"
+ path_uaddr = $specialfile
+ swapflags = $swap_flags
+ }
probe kernel.syscall.swapon.return =
- kernel.function("sys_swapon").return {
- name = "swapon.return"
- /*
- path = $specialfile
- */
- swapflags = $swapflags
- }
+ kernel.function("sys_swapon").return {
+ name = "swapon.return"
+ }
# swapoff__________________________________________
-/* asmlinkage long sys_swapoff(const char __user * specialfile) */
+/*
+ * asmlinkage long
+ * sys_swapoff(const char __user * specialfile)
+ */
probe kernel.syscall.swapoff =
- kernel.function("sys_swapoff") {
- name = "swapoff"
- /*
- path = $specialfile
- */
- }
-
+ kernel.function("sys_swapoff") {
+ name = "swapoff"
+ path_uaddr = $specialfile
+ }
probe kernel.syscall.swapoff.return =
- kernel.function("sys_swapoff").return {
- name = "swapoff.return"
- /*
- path = $specialfile
- */
- }
+ kernel.function("sys_swapoff").return {
+ name = "swapoff.return"
+ }
# sysctl___________________________________________
-/* asmlinkage long sys_sysctl(struct __sysctl_args __user *args) */
+/*
+ * asmlinkage long
+ * sys_sysctl(struct __sysctl_args __user *args)
+ */
probe kernel.syscall.sysctl =
- kernel.function("sys_sysctl") {
- name = "sysctl"
- /*
- args_name = $args->name
- args_nlen = $args->nlen
- args_oldval = $args->oldval
- args_oldlenp = $args->oldlenp
- args_newval = $args->newval
- args_newlen = $args->newlen
- */
- }
-
+ kernel.function("sys_sysctl") {
+ name = "sysctl"
+ args_uaddr = $args
+ }
probe kernel.syscall.sysctl.return =
- kernel.function("sys_sysctl").return {
- name = "sysctl.return"
- /*
- args_name = $args->name
- args_nlen = $args->nlen
- args_oldval = $args->oldval
- args_oldlenp = $args->oldlenp
- args_newval = $args->newval
- args_newlen = $args->newlen
- */
- }
+ kernel.function("sys_sysctl").return {
+ name = "sysctl.return"
+ }
# sysinfo__________________________________________
-/* asmlinkage long sys_sysinfo(struct sysinfo __user *info) */
+/*
+ * asmlinkage long
+ * sys_sysinfo(struct sysinfo __user *info)
+ */
probe kernel.syscall.sysinfo =
- kernel.function("sys_sysinfo") {
- name = "sysinfo"
- }
-
+ kernel.function("sys_sysinfo") {
+ name = "sysinfo"
+ info_uaddr = $info
+ }
probe kernel.syscall.sysinfo.return =
- kernel.function("sys_sysinfo").return {
- name = "sysinfo.return"
- info_uptime = $info->uptime
- /*
- info_loads_1 = $info->loads[0]
- info_loads_2 = $info->loads[1]
- info_loads_3 = $info->loads[2]
- */
- info_totalram = $info->totalram
- info_freeram = $info->freeram
- info_sharedram = $info->sharedram
- info_bufferram = $info->bufferram
- info_totalswap = $info->totalswap
- info_freeswap = $info->freeswap
- info_procs = $info->prcs
- info_totalhigh = $info->totalhigh
- info_freehigh = $info->freehigh
- info_mem_unit = $info->mem_unit
- }
+ kernel.function("sys_sysinfo").return {
+ name = "sysinfo.return"
+ }
# sysfs____________________________________________
-/* asmlinkage long sys_sysfs(int option,
- unsigned long arg1,
- unsigned long arg2) */
+/*
+ * asmlinkage long
+ * sys_sysfs(int option,
+ * unsigned long arg1,
+ * unsigned long arg2)
+ */
probe kernel.syscall.sysfs =
- kernel.function("sys_sysfs") {
- name = "sysfs"
- option = $option
- arg1 = $arg1
- arg2 = $arg2
- }
-
+ kernel.function("sys_sysfs") {
+ name = "sysfs"
+ option = $option
+ arg1 = $arg1
+ arg2 = $arg2
+ }
probe kernel.syscall.sysfs.return =
- kernel.function("sys_sysfs").return {
- name = "sysfs.return"
- option = $option
- arg1 = $arg1
- arg2 = $arg2
- }
+ kernel.function("sys_sysfs").return {
+ name = "sysfs.return"
+ }
# nfsservctl_______________________________________
-/* long asmlinkage sys_nfsservctl(int cmd,
- struct nfsctl_arg __user *arg,
- void __user *res) */
+/*
+ * long asmlinkage
+ * sys_nfsservctl(int cmd,
+ * struct nfsctl_arg __user *arg,
+ * void __user *res)
+ */
probe kernel.syscall.nfsservctl =
- kernel.function("sys_nfsservctl") {
- name = "nfsservctl"
- cmd = $cmd
- /*
- TODO create embedded auxf to export this stuff
-
- ...from the man page...nfsservctl(int cmd,
- struct nfsctl_arg *argp,
- union nfsctl_res *resp);
- struct nfsctl_arg {
- int ca_version; // safeguard
- union {
- struct nfsctl_svc u_svc;
- struct nfsctl_client u_client;
- struct nfsctl_export u_export;
- struct nfsctl_uidmap u_umap;
- struct nfsctl_fhparm u_getfh;
- unsigned int u_debug;
- } u;
- }
-
- union nfsctl_res {
- struct knfs_fh cr_getfh;
- unsigned int cr_debug;
- };
- */
- }
-
+ kernel.function("sys_nfsservctl") {
+ name = "nfsservctl"
+ cmd = $cmd
+ argp_uaddr = $arg
+ resp_uaddr = $res
+ }
probe kernel.syscall.nfsservctl.return =
- kernel.function("sys_nfsservctl").return {
- name = "nfsservctl.return"
- cmd = $cmd
- /*
- TODO create embedded auxf to export this stuff
-
- ...from the man page...nfsservctl(int cmd,
- struct nfsctl_arg *argp,
- union nfsctl_res *resp);
- struct nfsctl_arg {
- int ca_version; // safeguard
- union {
- struct nfsctl_svc u_svc;
- struct nfsctl_client u_client;
- struct nfsctl_export u_export;
- struct nfsctl_uidmap u_umap;
- struct nfsctl_fhparm u_getfh;
- unsigned int u_debug;
- } u;
- }
-
- union nfsctl_res {
- struct knfs_fh cr_getfh;
- unsigned int cr_debug;
- };
- */
-
- }
+ kernel.function("sys_nfsservctl").return {
+ name = "nfsservctl.return"
+ }
# syslog___________________________________________
-/* asmlinkage long sys_syslog(int type, char __user * buf, int len) */
+/*
+ * asmlinkage long
+ * sys_syslog(int type,
+ * char __user * buf,
+ * int len)
+ */
probe kernel.syscall.syslog =
- kernel.function("do_syslog") {
- name = "syslog"
- type = $type
- /*
- bufp = $buf
- */
- len = $len
- }
-
+ kernel.function("do_syslog") {
+ name = "syslog"
+ type = $type
+ bufp_uaddr = $buf
+ len = $len
+ }
probe kernel.syscall.syslog.return =
- kernel.function("do_syslog").return {
- name = "syslog.return"
- type = $type
- /*
- bufp = $buf
- */
- len = $len
- }
+ kernel.function("do_syslog").return {
+ name = "syslog.return"
+ }
# uselib___________________________________________
-/* asmlinkage long sys_uselib(const char __user * library) */
+/*
+ * asmlinkage long
+ * sys_uselib(const char __user * library)
+ */
probe kernel.syscall.uselib =
- kernel.function("sys_uselib") {
- name = "uselib"
- /*
- library = $library
- */
- }
-
+ kernel.function("sys_uselib") {
+ name = "uselib"
+ library_uaddr = $library
+ }
probe kernel.syscall.uselib.return =
- kernel.function("sys_uselib").return {
- name = "uselib.return"
- /*
- library = $library
- */
- }
+ kernel.function("sys_uselib").return {
+ name = "uselib.return"
+ }
# add_key__________________________________________
-/* asmlinkage long sys_add_key(const char __user *_type,
- const char __user *_description,
- const void __user *_payload,
- size_t plen,
- key_serial_t ringid) */
+/*
+ * asmlinkage long
+ * sys_add_key(const char __user *_type,
+ * const char __user *_description,
+ * const void __user *_payload,
+ * size_t plen,
+ * key_serial_t ringid)
+ */
probe kernel.syscall.add_key =
- kernel.function("sys_add_key") {
- name = "add_key"
- /*
- type = $_type
- description = $_description
- payload = $payload
- */
- plen = $plen
- ringid = $ringid
- }
-
+ kernel.function("sys_add_key") {
+ name = "add_key"
+ type_uaddr = $_type
+ description_auddr = $_description
+ payload_uaddr = $payload
+ plen = $plen
+ ringid = $ringid
+ }
probe kernel.syscall.add_key.return =
- kernel.function("sys_add_key").return {
- name = "add_key.return"
- /*
- type = $_type
- description = $_description
- payload = $payload
- */
- plen = $plen
- ringid = $ringid
- }
+ kernel.function("sys_add_key").return {
+ name = "add_key.return"
+ }
# request_key______________________________________
-/* asmlinkage long sys_request_key(const char __user *_type,
- const char __user *_description,
- const char __user *_callout_info,
- key_serial_t destringid) */
+/*
+ * asmlinkage long
+ * sys_request_key(const char __user *_type,
+ * const char __user *_description,
+ * const char __user *_callout_info,
+ * key_serial_t destringid)
+ */
probe kernel.syscall.request_key =
- kernel.function("sys_request_key") {
- name = "request_key"
- /*
- type = $_type
- description = $_description
- callout_info = $_callout_info
- */
- destringid = $destringid
- }
-
+ kernel.function("sys_request_key") {
+ name = "request_key"
+ type_uaddr = $_type
+ description_uaddr = $_description
+ callout_info_uaddr = $_callout_info
+ destringid = $destringid
+ }
probe kernel.syscall.request_key.return =
- kernel.function("sys_request_key").return {
- name = "request_key.return"
- /*
- type = $_type
- description = $_description
- callout_info = $_callout_info
- */
- destringid = $destringid
- }
+ kernel.function("sys_request_key").return {
+ name = "request_key.return"
+ }
# keyctl___________________________________________
-/* asmlinkage long sys_keyctl(int option, unsigned long arg2, unsigned long arg3,
- unsigned long arg4, unsigned long arg5) */
+/*
+ * asmlinkage long
+ * sys_keyctl(int option,
+ * unsigned long arg2,
+ * unsigned long arg3,
+ * unsigned long arg4,
+ * unsigned long arg5)
+ */
probe kernel.syscall.keyctl =
- kernel.function("sys_keyctl") {
- name = "keyctl"
- option = $option
- arg2 = $arg2
- arg3 = $arg3
- arg4 = $arg4
- arg5 = $arg5
- }
-
+ kernel.function("sys_keyctl") {
+ name = "keyctl"
+ option = $option
+ arg2 = $arg2
+ arg3 = $arg3
+ arg4 = $arg4
+ arg5 = $arg5
+ }
probe kernel.syscall.keyctl.return =
- kernel.function("sys_keyctl").return {
- name = "keyctl.return"
- option = $option
- arg2 = $arg2
- arg3 = $arg3
- arg4 = $arg4
- arg5 = $arg5
- }
+ kernel.function("sys_keyctl").return {
+ name = "keyctl.return"
+ }
# modify_ldt_______________________________________
-/* asmlinkage int sys_modify_ldt(int func,
- void __user *ptr,
- unsigned long bytecount) */
+/*
+ * asmlinkage int
+ * sys_modify_ldt(int func,
+ * void __user *ptr,
+ * unsigned long bytecount)
+ */
probe kernel.syscall.modify_ldt =
- kernel.function("sys_modify_ldt") {
- name = "modify_ldt"
- func = $func
- bytecount = $bytecount
- }
-
+ kernel.function("sys_modify_ldt") {
+ name = "modify_ldt"
+ func = $func
+ /*
+ ptr = $ptr
+ */
+ bytecount = $bytecount
+ }
probe kernel.syscall.modify_ldt.return =
- kernel.function("sys_modify_ldt").return {
- name = "modify_ldt.return"
- func = $func
- /*
- ptr points to a modify_ldt_ldt_s structure and
- bytecount must equal the size of this structure
- */
- bytecount = $bytecount
- }
+ kernel.function("sys_modify_ldt").return {
+ name = "modify_ldt.return"
+ }
# mmap2____________________________________________
-/* static inline unsigned long do_mmap2(unsigned long addr,
- size_t len,
- unsigned long prot,
- unsigned long flags,
- unsigned long fd,
- unsigned long pgoff) */
+/*
+ * unsigned long sys_mmap2(unsigned long addr,
+ * size_t len,
+ * unsigned long prot,
+ * unsigned long flags,
+ * unsigned long fd,
+ * unsigned long pgoff)
+ */
probe kernel.syscall.mmap2 =
- kernel.function("do_mmap2") {
- name = "mmap2"
- addr = $addr
- len = $len
- prot = $prot
- flags = $flags
- fd = $fd
- pgoff = $pgoff
- }
-
+ kernel.function("sys_mmap2") {
+ name = "mmap2"
+ addr = $addr
+ len = $len
+ prot = $prot
+ flags = $flags
+ fd = $fd
+ pgoff = $pgoff
+ }
probe kernel.syscall.mmap2.return =
- kernel.function("do_mmap2").return {
- name = "mmap2.return"
- addr = $addr
- len = $len
- prot = $prot
- flags = $flags
- fd = $fd
- pgoff = $pgoff
- }
+ kernel.function("sys_mmap2").return {
+ name = "mmap2.return"
+ }
# execve___________________________________________
-/* NOTE: arch specific */
-/* asmlinkage int sys_execve(struct pt_regs regs) */
+/*
+ * asmlinkage int
+ * sys_execve(struct pt_regs regs)
+ */
probe kernel.syscall.execve =
- kernel.function("sys_execve") {
- name = "execve"
- /*
- TODO figure this one out
- filename = $regs->ebx
- argv[] = $regs->ecx
- envp[] = $regs->edx
- */
- }
-
+ kernel.function("sys_execve") {
+ name = "execve"
+ regs = $regs
+ }
probe kernel.syscall.execve.return =
- kernel.function("sys_execve").return {
- name = "execve.return"
- /*
- ...hmm, if execve() succeedes were in trouble here...
-
- TODO figure this one out
- filename = $regs->ebx
- argv[] = $regs->ecx
- envp[] = $regs->edx
- */
- }
+ kernel.function("sys_execve").return {
+ name = "execve.return"
+ }
# clone____________________________________________
-/* long do_fork(unsigned long clone_flags,
- unsigned long stack_start,
- struct pt_regs *regs,
- unsigned long stack_size,
- int __user *parent_tidptr,
- int __user *child_tidptr) */
+/*
+ * long do_fork(unsigned long clone_flags,
+ * unsigned long stack_start,
+ * struct pt_regs *regs,
+ * unsigned long stack_size,
+ * int __user *parent_tidptr,
+ * int __user *child_tidptr)
+ */
probe kernel.syscall.clone =
- kernel.function("do_fork") {
- name = "clone"
- clone_flags = $clone_flags
- %( kernel_v > "2.6.9" %? start_stack = $start_stack %)
- /* Export this???
- regs = $regs->...
- */
- stack_size = $stack_size
- /*
- parent_tid = $parent_tidptr
- child_tid = $child_tidptr
- */
- }
-
+ kernel.function("do_fork") {
+ name = "clone"
+ clone_flags = $clone_flags
+ start_stack = $start_stack
+ regs_uaddr = $regs
+ stack_size = $stack_size
+ parent_tid_uaddr = $parent_tidptr
+ child_tid_uaddr = $child_tidptr
+ }
probe kernel.syscall.clone.return =
- kernel.function("do_fork").return {
- name = "clone.return"
- clone_flags = $clone_flags
- start_stack = $start_stack
- /* Export this???
- regs = $regs->...
- */
- stack_size = $stack_size
- /*
- parent_tid = $parent_tidptr
- child_tid = $child_tidptr
- */
- }
+ kernel.function("do_fork").return {
+ name = "clone.return"
+ }
# fork_____________________________________________
+/*
+ * long do_fork(unsigned long clone_flags,
+ * unsigned long stack_start,
+ * struct pt_regs *regs,
+ * unsigned long stack_size,
+ * int __user *parent_tidptr,
+ * int __user *child_tidptr)
+ */
probe kernel.syscall.fork =
- kernel.function("do_fork") {
- name = "fork"
- clone_flags = $clone_flags
- start_stack = $start_stack
- /* Export this???
- regs = $regs->...
- */
- stack_size = $stack_size
- /*
- parent_tid = $parent_tidptr
- child_tid = $child_tidptr
- */
- }
-
+ kernel.function("do_fork") {
+ name = "fork"
+ clone_flags = $clone_flags
+ start_stack = $start_stack
+ regs_uaddr = $regs
+ stack_size = $stack_size
+ parent_tid_uaddr = $parent_tidptr
+ child_tid_uaddr = $child_tidptr
+ }
probe kernel.syscall.fork.return =
- kernel.function("do_fork").return {
- name = "fork.return"
- clone_flags = $clone_flags
- start_stack = $start_stack
- /* Export this???
- regs = $regs->...
- */
- stack_size = $stack_size
- /*
- parent_tid = $parent_tidptr
- child_tid = $child_tidptr
- */
- }
+ kernel.function("do_fork").return {
+ name = "fork.return"
+ }
# vfork____________________________________________
+/*
+ * long do_fork(unsigned long clone_flags,
+ * unsigned long stack_start,
+ * struct pt_regs *regs,
+ * unsigned long stack_size,
+ * int __user *parent_tidptr,
+ * int __user *child_tidptr)
+ */
probe kernel.syscall.vfork =
- kernel.function("do_fork") {
- name = "vfork"
- clone_flags = $clone_flags
- start_stack = $start_stack
- /* Export this???
- regs = $regs->...
- */
- stack_size = $stack_size
- /*
- parent_tid = $parent_tidptr
- child_tid = $child_tidptr
- */
- }
-
+ kernel.function("do_fork") {
+ name = "vfork"
+ clone_flags = $clone_flags
+ start_stack = $start_stack
+ regs_uaddr = $regs
+ stack_size = $stack_size
+ parent_tid_uaddr = $parent_tidptr
+ child_tid_uaddr = $child_tidptr
+ }
probe kernel.syscall.vfork.return =
- kernel.function("do_fork").return {
- name = "vfork.return"
- clone_flags = $clone_flags
- start_stack = $start_stack
- /* Export this???
- regs = $regs->...
- */
- stack_size = $stack_size
- /*
- parent_tid = $parent_tidptr
- child_tid = $child_tidptr
- */
- }
+ kernel.function("do_fork").return {
+ name = "vfork.return"
+ }
# pipe_____________________________________________
-/* asmlinkage int sys_pipe(unsigned long __user * fildes) */
+/*
+ * asmlinkage int
+ * sys_pipe(unsigned long __user * fildes)
+ */
probe kernel.syscall.pipe =
- kernel.function("sys_pipe") {
- name = "pipe"
- }
-
+ kernel.function("sys_pipe") {
+ name = "pipe"
+ fildes_uaddr = $fildes
+ }
probe kernel.syscall.pipe.return =
- kernel.function("sys_pipe").return {
- name = "pipe.return"
- /*
- TODO implement embedded auxf to extract
- these fildes
- fildes_read = $fildes[0]
- fildes_write = $fildes[1]
- */
- }
+ kernel.function("sys_pipe").return {
+ name = "pipe.return"
+ }
# ptrace___________________________________________
-/* asmlinkage int sys_ptrace(long request,
- long pid,
- long addr,
- long data) */
+/*
+ * asmlinkage int
+ * sys_ptrace(long request,
+ * long pid,
+ * long addr,
+ * long data)
+ */
probe kernel.syscall.ptrace =
- kernel.function("sys_ptrace") {
- name = "ptrace"
- pid = $pid
- addr = $addr
- data = $data
- }
-
+ kernel.function("sys_ptrace") {
+ name = "ptrace"
+ request = $request
+ pid = $pid
+ addr = $addr
+ data = $data
+ }
probe kernel.syscall.ptrace.return =
- kernel.function("sys_ptrace").return {
- name = "ptrace.return"
- pid = $pid
- addr = $addr
- data = $data
- }
+ kernel.function("sys_ptrace").return {
+ name = "ptrace.return"
+ }
# iopl_____________________________________________
-/* asmlinkage long sys_iopl(unsigned long unused) */
+/*
+ * asmlinkage long
+ * sys_iopl(unsigned long unused)
+ */
probe kernel.syscall.iopl =
- kernel.function("sys_iopl") {
- name = "iopl"
- level = $unused
- }
-
+ kernel.function("sys_iopl") {
+ name = "iopl"
+ level = $unused
+ }
probe kernel.syscall.iopl.return =
- kernel.function("sys_iopl").return {
- name = "iopl.return"
- level = $unused
- }
+ kernel.function("sys_iopl").return {
+ name = "iopl.return"
+ }
# rt_sigaction_____________________________________
-/* asmlinkage long
- sys_rt_sigaction(int sig, const struct sigaction __user *act,
- struct sigaction __user *oact,
- size_t sigsetsize, void __user *restorer) */
+/*
+ * asmlinkage long
+ * sys_rt_sigaction(int sig,
+ * const struct sigaction __user *act,
+ * struct sigaction __user *oact,
+ * size_t sigsetsize,
+ * void __user *restorer)
+ */
probe kernel.syscall.rt_sigaction =
- kernel.function("sys_rt_sigaction") {
- name = "rt_sigaction"
- sig = $sig
- /*
- act_sa_handler = $act->sa_handler
- act_sa_mask = $act->sa_mask
- act_sa_flags = $act->sa_flags
- act_sa_restorer = $act->sa_restorer
- */
- sigsetsize = $sigsetsize
- /*
- restorer = $restorer
- */
- }
-
+ kernel.function("sys_rt_sigaction") {
+ name = "rt_sigaction"
+ sig = $sig
+ act_uaddr = $act
+ oact_uaddr = $oact
+ sigsetsize = $sigsetsize
+ /*
+ restorer = $restorer
+ */
+ }
probe kernel.syscall.rt_sigaction.return =
- kernel.function("sys_rt_sigaction").return {
- name = "rt_sigaction.return"
- sig = $sig
- /*
- act_sa_handler = $act->sa_handler
- act_sa_mask = $act->sa_mask
- act_sa_flags = $act->sa_flags
- act_sa_restorer = $act->sa_restorer
-
- oact_sa_handler = $oact->sa_handler
- oact_sa_mask = $oact->sa_mask
- oact_sa_flags = $oact->sa_flags
- oact_sa_restorer = $oact->sa_restorer
- */
- sigsetsize = $sigsetsize
- /*
- restorer = $restorer
- */
- }
-
-
-/* AUX HELPER FUNCTIONS AUX HELPER FUNCTIONS AUX HELPER FUNCTIONS */
-
-/*
- * These functions construct the bitwise-or'd symbolic string
- * representation of the f param, based on the function arg.
- */
-
-/* `man 2 open` for more information */
-function _sys_open_flag_str(f) {
- if(f & 8192) bs="O_ASYNC|".bs
- if(f & 4096) bs="O_SYNC|".bs
- if(f & 2048) bs="O_NONBLOCK|".bs
- if(f & 1024) bs="O_APPEND|".bs
- if(f & 512) bs="O_TRUNC|".bs
- if(f & 256) bs="O_NDCTTY|".bs
- if(f & 128) bs="O_EXCL|".bs
- if(f & 64) bs="O_CREAT|".bs
- if((f & 3) == 2) bs="O_RDWR|".bs
- else if((f & 3) == 1) bs="O_WRONLY|".bs
- else if((f & 3) == 0) bs="O_RDONLY|".bs
- return substr(bs,0,strlen(bs)-1)
-}
-
-/* `man 2 open` for more information */
-function _access_mode_str(m) {
- if(m & 4) bs="R_OK|".bs
- if(m & 2) bs="W_OK|".bs
- if(m & 1) bs="X_OK|".bs
- if((m & 3) == 0) bs="F_OK|".bs
- return substr(bs,0,strlen(bs)-1)
-}
-
-/* `man 2 open` for more information */
-function _sys_open_mode_str(f) {
- if((f & 448) == 448) bs="S_IRWXU|".bs
- else {
- if(f & 256) bs="S_IRUSR|".bs
- if(f & 128) bs="S_IWUSR|".bs
- if(f & 64) bs="S_IXUSR|".bs
- }
- if((f & 56) == 56) bs="S_IRWXG|".bs
- else {
- if(f & 32) bs="S_IRGRP|".bs
- if(f & 16) bs="S_IWGRP|".bs
- if(f & 8) bs="S_IXGRP|".bs
- }
- if((f & 7) == 7) bs="S_IRWXO|".bs
- else {
- if(f & 4) bs="S_IROTH|".bs
- if(f & 2) bs="S_IWOTH|".bs
- if(f & 1) bs="S_IXOTH|".bs
- }
- return substr(bs,0,strlen(bs)-1)
-}
-
-/* `man 2 mknod` for more information */
-function _mknod_mode_str(mode) {
- if((mode & 0x8000)==0x8000)
- return "S_IFREG|"._sys_open_mode_str(mode)
- if((mode & 0x2000)==0x2000)
- return "S_IFCHR|"._sys_open_mode_str(mode)
- if((mode & 0x6000)==0x6000)
- return "S_IFBLK|"._sys_open_mode_str(mode)
- if((mode & 0x1000)==0x1000)
- return "S_IFIFO|"._sys_open_mode_str(mode)
- if((mode & 0xC000)==0xC000)
- return "S_IFSOCK|"._sys_open_mode_str(mode)
- return ""
-}
-
-/* `man flock` for more information */
-function _flock_cmd_str(c) {
- if(c & 1) bs="LOCK_SH|".bs
- if(c & 2) bs="LOCK_EX|".bs
- if(c & 8) bs="LOCK_UN|".bs
- if(c & 4) bs="LOCK_NB|".bs
- return substr(bs,0,strlen(bs)-1)
-}
-
-/* `man msync` for more information */
-function _wait4_opt_str(f) {
- if(f & 4) bs="MS_SYNC|".bs
- if(f & 2) bs="MS_INVALIDATE|".bs
- if(f & 1) bs="MS_ASYNC|".bs
- return substr(bs,0,strlen(bs)-1)
-}
-
-/* `man wait4` for more information */
-function _msync_flag_str(f) {
- if(f & 0x01000000) bs="WNOWAIT|".bs
- if(f & 8) bs="WCONTINUED|".bs
- if(f & 4) bs="WEXITED|".bs
- if(f & 2) bs="WSTOPPED|".bs
- if(f & 1) bs="WNOHANG|".bs
- return substr(bs,0,strlen(bs)-1)
-}
-
-/* `man sendmsg` for more information */
-function _send_flags_str(f) {
- if(f & 0x0001) bs="MSG_OOB|".bs
- if(f & 0x0080) bs="MSG_EOR|".bs
- if(f & 0x0004) bs="MSG_DONTROUTE|".bs
- if(f & 0x0040) bs="MSG_DONTWAIT|".bs
- if(f & 0x4000) bs="MSG_NOSIGNAL|".bs
- if(f & 0x0800) bs="MSG_CONFIRM|".bs
- return substr(bs,0,strlen(bs)-1)
-}
-
-/* `man recv` for more information */
-function _recvflags_str(f) {
- if(f & 1) bs="MSG_OOB|".bs
- if(f & 2) bs="MSG_PEEK|".bs
- if(f & 32) bs="MSG_WAITALL|".bs
- if(f & 256) bs="MSG_TRUNC|".bs
- if(f & 8192) bs="MSG_ERRQUEUE|".bs
- return substr(bs,0,strlen(bs)-1)
-}
-
-/* `man mlockall` for more information */
-function _mlockall_flags_str(f) {
- if(f & 2) bs="MCL_CURRENT|".bs
- if(f & 1) bs="MCL_FUTURE|".bs
- return substr(bs,0,strlen(bs)-1)
-}
-
-/*
- * The following functions return the symbolic string
- * representation of the flag. If the argument doesnt
- * map to string, an empty string ("") is returned.
- */
-
-function _module_flags_str(f) {
- if(f==8192) return "O_ASYNC"
- if(f==4096) return "O_SYNC"
- if(f==2048) return "O_NONBLOCK"
- if(f==1024) return "O_APPEND"
- if(f==512) return "O_TRUNC"
- if(f==256) return "O_NDCTTY"
- if(f==128) return "O_EXCL"
- if(f==64) return "O_CREAT"
- if(f==2) return "O_RDWR"
- if(f==1) return "O_WRONLY"
- if(f==0) return "O_RDONLY"
- return ""
-}
-
-function _get_wc_str(wc) {
- if(wc==0) return "CLOCK_REALTIME"
- if(wc==1) return "CLOCK_MONOTONIC"
- if(wc==2) return "CLOCK_PROCESS_CPUTIME_ID"
- if(wc==3) return "CLOCK_THREAD_CPUTIME_ID"
- if(wc==4) return "CLOCK_REALTIME_HR"
- if(wc==5) return "CLOCK_MONOTONIC_HR"
- return ""
-}
-
-function _sigprocmask_how_str(how) {
- if(how==0) return "SIG_BLOCK"
- if(how==1) return "SIG_UNBLOCK"
- if(how==2) return "SIG_SETMASK"
- return ""
-}
-
-function _itimer_which_str(which) {
- if(which==0) return "ITIMER_REAL"
- if(which==1) return "ITIMER_VIRTUAL"
- if(which==2) return "ITIMER_PROF"
- return ""
-}
-
-function _sched_policy_str(policy) {
- if(policy==0) return "SCHED_OTHER"
- if(policy==1) return "SCHED_FIFO"
- if(policy==2) return "SCHED_RR"
- return ""
-}
-
-function _priority_which_str(which) {
- if(which==0) return "PRIO_PROCESS"
- if(which==1) return "PRIO_PGRP"
- if(which==2) return "PRIO_USER"
- return ""
-}
-
-function _shutdown_how_str(how) {
- if(how==0) return "SHUT_RD"
- if(how==1) return "SHUT_WR"
- if(how==2) return "SHUT_RDWR"
- return ""
-}
-
-function _reboot_magic_str(magic) {
- if(magic==0xFEE1DEAD) return "LINUX_REBOOT_MAGIC1"
- if(magic==672274793) return "LINUX_REBOOT_MAGIC2"
- if(magic==85072278) return "LINUX_REBOOT_MAGIC2A"
- if(magic==369367448) return "LINUX_REBOOT_MAGIC2B"
- if(magic==537993216) return "LINUX_REBOOT_MAGIC2C"
- return ""
-}
-
-function _reboot_flag_str(flag) {
- if(flag==0x01234567) return "LINUX_REBOOT_CMD_RESTART"
- if(flag==0xCDEF0123) return "LINUX_REBOOT_CMD_HALT"
- if(flag==0x4321FEDC) return "LINUX_REBOOT_CMD_POWER_OFF"
- if(flag==0xA1B2C3D4) return "LINUX_REBOOT_CMD_RESTART2"
- if(flag==0x89ABCDEF) return "LINUX_REBOOT_CMD_CAD_ON"
- if(flag==0x00000000) return "LINUX_REBOOT_CMD_CAD_OFF"
- return ""
-}
-
-function _waitid_which_str(flag) {
- if(flag==0) return "P_ALL"
- if(flag==1) return "P_PID"
- if(flag==2) return "P_PGID"
- return ""
-}
-
-function _futex_op_str(op) {
- if(op==0) return "FUTEX_WAIT"
- if(op==1) return "FUTEX_WAKE"
- if(op==2) return "FUTEX_FD"
- if(op==3) return "FUTEX_REQUEUE"
- if(op==4) return "FUTEX_CMP_REQUEUE"
- return ""
-}
-
-function _mountflags_str(op) {
- if(op==1) return "MS_RDONLY"
- if(op==2) return "MS_NOSUID"
- if(op==4) return "MS_NODEV"
- if(op==8) return "MS_NOEXEC"
- if(op==16) return "MS_SYNCHRONOUS"
- if(op==32) return "MS_REMOUNT"
- if(op==64) return "MS_MANDLOCK"
- if(op==128) return "S_WRITE"
- if(op==256) return "S_APPEND"
- if(op==512) return "S_IMMUTABLE"
- if(op==1024) return "MS_NOATIME"
- if(op==2048) return "MS_NODIRATIME"
- if(op==4096) return "MS_BIND"
- return ""
-}
-
-function _statfs_f_type_str(f) {
- if(f==0xadf5) return "ADFS_SUPER_MAGIC"
- if(f==0xADFF) return "AFFS_SUPER_MAGIC"
- if(f==0x42465331) return "BEFS_SUPER_MAGIC"
- if(f==0x1BADFACE) return "BFS_MAGIC"
- if(f==0xFF534D42) return "CIFS_MAGIC_NUMBER"
- if(f==0x73757245) return "CODA_SUPER_MAGIC"
- if(f==0x012FF7B7) return "COH_SUPER_MAGIC"
- if(f==0x28cd3d45) return "CRAMFS_MAGIC"
- if(f==0x1373) return "DEVFS_SUPER_MAGIC"
- if(f==0x00414A53) return "EFS_SUPER_MAGIC"
- if(f==0x137D) return "EXT_SUPER_MAGIC"
- if(f==0xEF51) return "EXT2_OLD_SUPER_MAGIC"
- if(f==0xEF53) return "EXT2_SUPER_MAGIC"
- if(f==0xEF53) return "EXT3_SUPER_MAGIC"
- if(f==0x4244) return "HFS_SUPER_MAGIC"
- if(f==0xF995E849) return "HPFS_SUPER_MAGIC"
- if(f==0x958458f6) return "HUGETLBFS_MAGIC"
- if(f==0x9660) return "ISOFS_SUPER_MAGIC"
- if(f==0x72b6) return "JFFS2_SUPER_MAGIC"
- if(f==0x3153464a) return "JFS_SUPER_MAGIC"
- if(f==0x137F) return "MINIX_SUPER_MAGIC"
- if(f==0x138F) return "MINIX_SUPER_MAGIC2"
- if(f==0x2468) return "MINIX2_SUPER_MAGIC"
- if(f==0x2478) return "MINIX2_SUPER_MAGIC2"
- if(f==0x4d44) return "MSDOS_SUPER_MAGIC"
- if(f==0x564c) return "NCP_SUPER_MAGIC"
- if(f==0x6969) return "NFS_SUPER_MAGIC"
- if(f==0x5346544e) return "NTFS_SB_MAGIC"
- if(f==0x9fa1) return "OPENPROM_SUPER_MAGIC"
- if(f==0x9fa0) return "PROC_SUPER_MAGIC"
- if(f==0x002f) return "QNX4_SUPER_MAGIC"
- if(f==0x52654973) return "REISERFS_SUPER_MAGIC"
- if(f==0x7275) return "ROMFS_MAGIC"
- if(f==0x517B) return "SMB_SUPER_MAGIC"
- if(f==0x012FF7B6) return "SYSV2_SUPER_MAGIC"
- if(f==0x012FF7B5) return "SYSV4_SUPER_MAGIC"
- if(f==0x01021994) return "TMPFS_MAGIC"
- if(f==0x15013346) return "UDF_SUPER_MAGIC"
- if(f==0x00011954) return "UFS_MAGIC"
- if(f==0x9fa2) return "USBDEVICE_SUPER_MAGIC"
- if(f==0xa501FCF5) return "VXFS_SUPER_MAGIC"
- if(f==0x012FF7B4) return "XENIX_SUPER_MAGIC"
- if(f==0x58465342) return "XFS_SUPER_MAGIC"
- if(f==0x012FD16D) return "_XIAFS_SUPER_MAGIC"
- return ""
-}
-
-function _mprotect_prot_str(prot) {
- if(prot==0x00000000) return "PROT_NONE"
- if(prot==0x00000001) return "PROT_READ"
- if(prot==0x00000002) return "PROT_WRITE"
- if(prot==0x00000004) return "PROT_EXEC"
- return ""
-}
-
-function _madvice_advice_str(behavior) {
- if(behavior==0x00000000) return "MADV_NORMAL"
- if(behavior==0x00000001) return "MADV_RANDOM"
- if(behavior==0x00000002) return "MADV_SEQUENTIAL"
- if(behavior==0x00000003) return "MADV_WILLNEED"
- if(behavior==0x00000004) return "MADV_DONTNEED"
- return ""
-}
-
-function _fcntl_cmd_str(cmd) {
- if(cmd==0x00000000) return "F_DUPFD"
- if(cmd==0x00000001) return "F_GETFD"
- if(cmd==0x00000002) return "F_SETFD"
- if(cmd==0x00000003) return "F_GETFL"
- if(cmd==0x00000004) return "F_SETFL"
- if(cmd==0x00000005) return "F_GETLK"
- if(cmd==0x00000006) return "F_SETLK"
- if(cmd==0x00000007) return "F_SETLKW"
- if(cmd==0x00000008) return "F_SETOWN"
- if(cmd==0x00000009) return "F_GETOWN"
- if(cmd==0x0000000A) return "F_SETSIG"
- if(cmd==0x0000000B) return "F_GETLK64"
- if(cmd==0x0000000C) return "F_SETLK64"
- if(cmd==0x0000000D) return "F_SETLKW64"
- return ""
-}
-
-function _seek_whence_str(w) {
- if(w==0x00000000) return "SEEK_SET"
- if(w==0x00000001) return "SEEK_CUR"
- if(w==0x00000002) return "SEEK_END"
- return ""
-}
-
-function _quotactl_cmd_str(cmd) {
- if(cmd==0x800002) return "Q_QUOTAON"
- if(cmd==0x800003) return "Q_QUOTAOFF"
- if(cmd==0x800007) return "Q_GETQUOTA"
- if(cmd==0x800008) return "Q_SETQUOTA"
- if(cmd==0x800005) return "Q_GETINFO"
- if(cmd==0x800006) return "Q_SETINFO"
- if(cmd==0x800004) return "Q_GETFMT"
- if(cmd==0x800001) return "Q_SYNC"
- /* XFS Quota Manager (XQM) Codes */
- if(cmd==0x5801) return "Q_XQUOTAON"
- if(cmd==0x5802) return "Q_XQUOTAOFF"
- if(cmd==0x5803) return "Q_XGETQUOTA"
- if(cmd==0x5804) return "Q_XSETQLIM"
- if(cmd==0x5805) return "Q_XGETQSTAT"
- if(cmd==0x5806) return "Q_XQUOTARM"
- return ""
-}
-
-/* see sys/socket.h (for setsockopt) */
-function _sockopt_optname_str(opt) {
- if(opt==1) return "SO_DEBUG"
- if(opt==2) return "SO_REUSEADDR"
- if(opt==3) return "SO_TYPE"
- if(opt==4) return "SO_ERROR"
- if(opt==5) return "SO_DONTROUTE"
- if(opt==6) return "SO_BROADCAST"
- if(opt==7) return "SO_SNDBUF"
- if(opt==8) return "SO_RCVBUF"
- if(opt==9) return "SO_KEEPALIVE"
- if(opt==10) return "SO_OOBINLINE"
- if(opt==11) return "SO_NO_CHECK"
- if(opt==12) return "SO_PRIORITY"
- if(opt==13) return "SO_LINGER"
- if(opt==14) return "SO_BSDCOMPAT"
-
- if(opt==16) return "SO_PASSCRED"
- if(opt==17) return "SO_PEERCRED"
- if(opt==18) return "SO_RCVLOWAT"
- if(opt==19) return "SO_SNDLOWAT"
- if(opt==20) return "SO_RCVTIMEO"
- if(opt==21) return "SO_SNDTIMEO"
- return ""
-}
-
-/* `man 2 setsockopt` for more information */
-function _sockopt_level_str(l) {
- if(l==0) return "IP"
- if(l==1) return "ICMP"
- if(l==2) return "IGMP"
- if(l==3) return "GGP"
- if(l==4) return "IP-ENCAP"
- if(l==5) return "ST"
- if(l==6) return "TCP"
- if(l==7) return "CBT"
- if(l==8) return "EGP"
- if(l==9) return "IGP"
- if(l==10) return "BBN-RCC-MON"
- if(l==11) return "NVP-II"
- if(l==12) return "PUP"
- if(l==13) return "ARGUS"
- if(l==14) return "EMCON"
- if(l==15) return "XNET"
- if(l==16) return "CHAOS"
- if(l==17) return "UDP"
- if(l==18) return "MUX"
- if(l==19) return "DCN-MEAS"
- if(l==20) return "HMP"
- if(l==21) return "PRM"
- if(l==22) return "XNS-IDP"
- if(l==23) return "TRUNK-1"
- if(l==24) return "TRUNK-2"
- if(l==25) return "LEAF-1"
- if(l==26) return "LEAF-2"
- if(l==27) return "RDP"
- if(l==28) return "IRTP"
- if(l==29) return "ISO-TP4"
- if(l==30) return "NETBLT"
- if(l==31) return "MFE-NSP"
- if(l==32) return "MERIT-INP"
- if(l==33) return "SEP"
- if(l==34) return "3PC"
- if(l==35) return "IDPR"
- if(l==36) return "XTP"
- if(l==37) return "DDP"
- if(l==38) return "IDPR-CMTP"
- if(l==39) return "TP++"
- if(l==40) return "IL"
- if(l==41) return "IPv6"
- if(l==42) return "SDRP"
- if(l==43) return "IPv6-Route"
- if(l==44) return "IPv6-Frag"
- if(l==45) return "IDRP"
- if(l==46) return "RSVP"
- if(l==47) return "GRE"
- if(l==48) return "MHRP"
- if(l==49) return "BNA"
- if(l==50) return "IPv6-Crypt"
- if(l==51) return "IPv6-Auth"
- if(l==52) return "I-NLSP"
- if(l==53) return "SWIPE"
- if(l==54) return "NARP"
- if(l==55) return "MOBILE"
- if(l==56) return "TLSP"
- if(l==57) return "SKIP"
- if(l==58) return "IPv6-ICMP"
- if(l==59) return "IPv6-NoNxt"
- if(l==60) return "IPv6-Opts"
- if(l==62) return "CFTP"
- if(l==64) return "SAT-EXPAK"
- if(l==65) return "KRYPTOLAN"
- if(l==66) return "RVD"
- if(l==67) return "IPPC"
- if(l==69) return "SAT-MON"
- if(l==70) return "VISA"
- if(l==71) return "IPCV"
- if(l==72) return "CPNX"
- if(l==73) return "CPHB"
- if(l==74) return "WSN"
- if(l==75) return "PVP"
- if(l==76) return "BR-SAT-MON"
- if(l==77) return "SUN-ND"
- if(l==78) return "WB-MON"
- if(l==79) return "WB-EXPAK"
- if(l==80) return "ISO-IP"
- if(l==81) return "VMTP"
- if(l==82) return "SECURE-VMTP"
- if(l==83) return "VINES"
- if(l==84) return "TTP"
- if(l==85) return "NSFNET-IGP"
- if(l==86) return "DGP"
- if(l==87) return "TCF"
- if(l==88) return "EIGRP"
- if(l==89) return "OSPFIGP"
- if(l==90) return "Sprite-RPC"
- if(l==91) return "LARP"
- if(l==92) return "MTP"
- if(l==93) return "AX.25"
- if(l==94) return "IPIP"
- if(l==95) return "MICP"
- if(l==96) return "SCC-SP"
- if(l==97) return "ETHERIP"
- if(l==98) return "ENCAP"
- if(l==100) return "GMTP"
- if(l==101) return "IFMP"
- if(l==102) return "PNNI"
- if(l==103) return "PIM"
- if(l==104) return "ARIS"
- if(l==105) return "SCPS"
- if(l==106) return "QNX"
- if(l==107) return "A/N"
- if(l==108) return "IPComp"
- if(l==109) return "SNP"
- if(l==110) return "Compaq-Peer"
- if(l==111) return "IPX-in-IP"
- if(l==112) return "VRRP"
- if(l==113) return "PGM"
- if(l==115) return "L2TP"
- if(l==116) return "DDX"
- if(l==117) return "IATP"
- if(l==118) return "STP"
- if(l==119) return "SRP"
- if(l==120) return "UTI"
- if(l==121) return "SMP"
- if(l==122) return "SM"
- if(l==123) return "PTP"
- if(l==124) return "ISIS"
- if(l==125) return "FIRE"
- if(l==126) return "CRTP"
- if(l==127) return "CRUDP"
- if(l==128) return "SSCOPMCE"
- if(l==129) return "IPLT"
- if(l==130) return "SPS"
- if(l==131) return "PIPE"
- if(l==132) return "SCTP"
- if(l==133) return "FC"
- return ""
-}
-
-function _sock_family_str(f) {
- if(f==0) return "PF_UNSPEC"
- if(f==1) return "PF_UNIX"
- if(f==1) return "PF_LOCAL"
- if(f==2) return "PF_INET"
- if(f==3) return "PF_AX25"
- if(f==4) return "PF_IPX"
- if(f==5) return "PF_APPLETALK"
- if(f==6) return "PF_NETROM"
- if(f==7) return "PF_BRIDGE"
- if(f==8) return "PF_ATMPVC"
- if(f==9) return "PF_X25"
- if(f==10) return "PF_INET6"
- if(f==11) return "PF_ROSE"
- if(f==12) return "PF_DECnet"
- if(f==13) return "PF_NETBEUI"
- if(f==14) return "PF_SECURITY"
- if(f==15) return "PF_KEY"
- if(f==16) return "PF_NETLINK"
- if(f==17) return "PF_PACKET"
- if(f==18) return "PF_ASH"
- if(f==19) return "PF_ECONET"
- if(f==20) return "PF_ATMSVC"
- if(f==22) return "PF_SNA"
- if(f==23) return "PF_IRDA"
- if(f==24) return "PF_PPPOX"
- if(f==25) return "PF_WANPIPE"
- if(f==26) return "PF_LLC"
- if(f==31) return "PF_BLUETOOTH"
- if(f==32) return "PF_MAX"
- return ""
-}
-
-function _sock_type_str(t) {
- if(t==1) return "SOCK_STREAM"
- if(t==2) return "SOCK_DGRAM"
- if(t==5) return "SOCK_SEQPACKET"
- if(t==3) return "SOCK_RAW"
- if(t==4) return "SOCK_RDM"
- if(t==10) return "SOCK_PACKET"
- return ""
-}
-
-function _opoll_op_str(o) {
- if(o==1) return "EPOLL_CTL_ADD"
- if(o==3) return "EPOLL_CTL_MOD"
- if(o==2) return "EPOLL_CTL_DEL"
- return ""
-}
-
-function _epoll_events_str(e) {
- if(e==1) return "EPOLLIN"
- if(e==4) return "EPOLLOUT"
- if(e==2) return "EPOLLPRI"
- if(e==8) return "EPOLLERR"
- if(e==16) return "EPOLLHUP"
- if(e==-2147483648) return "EPOLLET"
- if(e==1073741824) return "EPOLLONESHOT"
- return ""
-}
-
-function _rlimit_resource_str(r) {
- if(r==-1) return "RLIM_INFINITY"
- if(r==9) return "RLIMIT_AS"
- if(r==4) return "RLIMIT_CORE"
- if(r==0) return "RLIMIT_CPU"
- if(r==2) return "RLIMIT_DATA"
- if(r==1) return "RLIMIT_FSIZE"
- if(r==10) return "RLIMIT_LOCKS"
- if(r==8) return "RLIMIT_MEMLOCK"
- if(r==7) return "RLIMIT_NOFILE"
- if(r==6) return "RLIMIT_NPROC"
- if(r==5) return "RLIMIT_RSS"
- if(r==3) return "RLIMIT_STACK"
- return ""
-}
-
-function _rusage_who_str(w) {
- if(w==0) return "RUSAGE_SELF"
- if(w==-1) return "RUSAGE_CHILDREN"
- return ""
-}
+ kernel.function("sys_rt_sigaction").return {
+ name = "rt_sigaction.return"
+ }
generated by cgit (git 2.34.1) at 2025-08-02 15:05:04 +0000