diff options
| author | Przemyslaw Pawelczyk <przemyslaw@pawelczyk.it> | 2009-05-23 10:30:40 +0200 |
|---|---|---|
| committer | Josh Stone <jistone@redhat.com> | 2009-05-26 11:21:05 -0700 |
| commit | eee30f40ac28c7090a269611fb1baea5c050c612 (patch) | |
| tree | 38372f6446b4c9851450fe1f3dc256f40ccee10b /tapset/nd_syscalls.stp | |
| parent | c9116e9980ad6e417697737f8d54a4a625811245 (diff) | |
| download | systemtap-steved-eee30f40ac28c7090a269611fb1baea5c050c612.tar.gz systemtap-steved-eee30f40ac28c7090a269611fb1baea5c050c612.tar.xz systemtap-steved-eee30f40ac28c7090a269611fb1baea5c050c612.zip | |
Fix nd_syscalls.stp for architectures using SYSCALL_WRAPPERS.
Add kprobe.function("SyS_*") probe points to nd_syscall.* probe aliases.
Analogue of commit 132c337c with two exceptions:
- remove sufficiency of these new probe points (use '?' instead of '!'),
because translator always considers them resolved,
- make non-SyS probe points optional in probe aliases affected by
syscall wrappers, because otherwise they will fail on such
architectures.
Signed-off-by: Josh Stone <jistone@redhat.com>
Diffstat (limited to 'tapset/nd_syscalls.stp')
| -rw-r--r-- | tapset/nd_syscalls.stp | 873 |
1 files changed, 568 insertions, 305 deletions
diff --git a/tapset/nd_syscalls.stp b/tapset/nd_syscalls.stp index af145394..221e680a 100644 --- a/tapset/nd_syscalls.stp +++ b/tapset/nd_syscalls.stp @@ -34,7 +34,8 @@ # accept _____________________________________________________ # long sys_accept(int fd, struct sockaddr __user *upeer_sockaddr, # int __user *upeer_addrlen) -probe nd_syscall.accept = kprobe.function("sys_accept") ? +probe nd_syscall.accept = kprobe.function("SyS_accept") ?, + kprobe.function("sys_accept") ? { name = "accept" // sockfd = $fd @@ -47,7 +48,8 @@ probe nd_syscall.accept = kprobe.function("sys_accept") ? addrlen_uaddr = pointer_arg(3) argstr = sprintf("%d, %p, %p", sockfd, addr_uaddr, addrlen_uaddr) } -probe nd_syscall.accept.return = kprobe.function("sys_accept").return ? +probe nd_syscall.accept.return = kprobe.function("SyS_accept").return ?, + kprobe.function("sys_accept").return ? { name = "accept" retstr = returnstr(1) @@ -55,7 +57,8 @@ probe nd_syscall.accept.return = kprobe.function("sys_accept").return ? # access _____________________________________________________ # long sys_access(const char __user * filename, int mode) -probe nd_syscall.access = kprobe.function("sys_access") +probe nd_syscall.access = kprobe.function("SyS_access") ?, + kprobe.function("sys_access") ? { name = "access" // pathname = user_string($filename) @@ -68,7 +71,8 @@ probe nd_syscall.access = kprobe.function("sys_access") mode_str = _access_mode_str(mode) argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), mode_str) } -probe nd_syscall.access.return = kprobe.function("sys_access").return +probe nd_syscall.access.return = kprobe.function("SyS_access").return ?, + kprobe.function("sys_access").return ? { name = "access" retstr = returnstr(1) @@ -98,7 +102,8 @@ probe nd_syscall.acct.return = kprobe.function("sys_acct").return ? # size_t plen, # key_serial_t ringid) # -probe nd_syscall.add_key = kprobe.function("sys_add_key") ? +probe nd_syscall.add_key = kprobe.function("SyS_add_key") ?, + kprobe.function("sys_add_key") ? { name = "add_key" // type_uaddr = $_type @@ -123,7 +128,8 @@ probe nd_syscall.add_key = kprobe.function("sys_add_key") ? text_strn(user_string(payload_uaddr), syscall_string_trunc, 1), plen, ringid) } -probe nd_syscall.add_key.return = kprobe.function("sys_add_key").return ? +probe nd_syscall.add_key.return = kprobe.function("SyS_add_key").return ?, + kprobe.function("sys_add_key").return ? { name = "add_key" retstr = returnstr(1) @@ -131,7 +137,8 @@ probe nd_syscall.add_key.return = kprobe.function("sys_add_key").return ? # adjtimex ___________________________________________________ # long sys_adjtimex(struct timex __user *txc_p) -probe nd_syscall.adjtimex = kprobe.function("sys_adjtimex") +probe nd_syscall.adjtimex = kprobe.function("SyS_adjtimex") ?, + kprobe.function("sys_adjtimex") ? { name = "adjtimex" @@ -152,7 +159,8 @@ probe nd_syscall.adjtimex = kprobe.function("sys_adjtimex") asmlinkage() argstr = sprintf("%p", pointer_arg(1)) } -probe nd_syscall.adjtimex.return = kprobe.function("sys_adjtimex").return +probe nd_syscall.adjtimex.return = kprobe.function("SyS_adjtimex").return ?, + kprobe.function("sys_adjtimex").return ? { name = "adjtimex" // retstr = _adjtimex_return_str($return) @@ -176,8 +184,9 @@ probe nd_syscall.compat_adjtimex.return = kprobe.function("compat_sys_adjtimex") # unsigned long sys_alarm (unsigned int seconds) # long sys32_alarm(unsigned int seconds) # -probe nd_syscall.alarm = kprobe.function("sys_alarm") ?, - kprobe.function("sys32_alarm") ? +probe nd_syscall.alarm = kprobe.function("sys32_alarm") ?, + kprobe.function("SyS_alarm") ?, + kprobe.function("sys_alarm") ? { name = "alarm" // seconds = $seconds @@ -186,8 +195,9 @@ probe nd_syscall.alarm = kprobe.function("sys_alarm") ?, seconds = uint_arg(1) argstr = sprint(seconds) } -probe nd_syscall.alarm.return = kprobe.function("sys_alarm").return ?, - kprobe.function("sys32_alarm").return ? +probe nd_syscall.alarm.return = kprobe.function("sys32_alarm").return ?, + kprobe.function("SyS_alarm").return ?, + kprobe.function("sys_alarm").return ? { name = "alarm" retstr = returnstr(1) @@ -195,7 +205,8 @@ probe nd_syscall.alarm.return = kprobe.function("sys_alarm").return ?, # bdflush ____________________________________________________ # long sys_bdflush(int func, long data) -probe nd_syscall.bdflush = kprobe.function("sys_bdflush") ? +probe nd_syscall.bdflush = kprobe.function("SyS_bdflush") ?, + kprobe.function("sys_bdflush") ? { name = "bdflush" // func = $func @@ -213,7 +224,8 @@ probe nd_syscall.bdflush = kprobe.function("sys_bdflush") ? data_str = sprintf("%d", data) argstr = sprintf("%d, %s", func, data_str) } -probe nd_syscall.bdflush.return = kprobe.function("sys_bdflush").return ? +probe nd_syscall.bdflush.return = kprobe.function("SyS_bdflush").return ?, + kprobe.function("sys_bdflush").return ? { name = "bdflush" retstr = returnstr(1) @@ -221,7 +233,8 @@ probe nd_syscall.bdflush.return = kprobe.function("sys_bdflush").return ? # bind _______________________________________________________ # long sys_bind(int fd, struct sockaddr __user *umyaddr, int addrlen) -probe nd_syscall.bind = kprobe.function("sys_bind") ? +probe nd_syscall.bind = kprobe.function("SyS_bind") ?, + kprobe.function("sys_bind") ? { name = "bind" // sockfd = $fd @@ -234,7 +247,8 @@ probe nd_syscall.bind = kprobe.function("sys_bind") ? addrlen = int_arg(3) argstr = sprintf("%d, %s, %d", sockfd, _struct_sockaddr_u(my_addr_uaddr, addrlen), addrlen) } -probe nd_syscall.bind.return = kprobe.function("sys_bind").return ? +probe nd_syscall.bind.return = kprobe.function("SyS_bind").return ?, + kprobe.function("sys_bind").return ? { name = "bind" retstr = returnstr(1) @@ -242,8 +256,9 @@ probe nd_syscall.bind.return = kprobe.function("sys_bind").return ? # brk ________________________________________________________ # unsigned long sys_brk(unsigned long brk) -probe nd_syscall.brk = kprobe.function("sys_brk"), - kprobe.function("ia64_brk") ? +probe nd_syscall.brk = kprobe.function("ia64_brk") ?, + kprobe.function("SyS_brk") ?, + kprobe.function("sys_brk") ? { name = "brk" // brk = $brk @@ -251,8 +266,9 @@ probe nd_syscall.brk = kprobe.function("sys_brk"), brk = ulong_arg(1) argstr = sprintf("%p", brk) } -probe nd_syscall.brk.return = kprobe.function("sys_brk").return, - kprobe.function("ia64_brk").return ? +probe nd_syscall.brk.return = kprobe.function("ia64_brk").return ?, + kprobe.function("SyS_brk").return ?, + kprobe.function("sys_brk").return ? { name = "brk" retstr = returnstr(1) @@ -271,7 +287,8 @@ probe nd_syscall.brk.return = kprobe.function("sys_brk").return, * functions to export. */ # long sys_capget(cap_user_header_t header, cap_user_data_t dataptr) -probe nd_syscall.capget = kprobe.function("sys_capget") +probe nd_syscall.capget = kprobe.function("SyS_capget") ?, + kprobe.function("sys_capget") ? { name = "capget" // header_uaddr = $header @@ -282,7 +299,8 @@ probe nd_syscall.capget = kprobe.function("sys_capget") data_uaddr = pointer_arg(2) argstr = sprintf("%p, %p", header_uaddr, data_uaddr) } -probe nd_syscall.capget.return = kprobe.function("sys_capget").return +probe nd_syscall.capget.return = kprobe.function("SyS_capget").return ?, + kprobe.function("sys_capget").return ? { name = "capget" retstr = returnstr(1) @@ -300,7 +318,8 @@ probe nd_syscall.capget.return = kprobe.function("sys_capget").return * functions to export. */ # long sys_capset(cap_user_header_t header, const cap_user_data_t data) -probe nd_syscall.capset = kprobe.function("sys_capset") +probe nd_syscall.capset = kprobe.function("SyS_capset") ?, + kprobe.function("sys_capset") ? { name = "capset" // header_uaddr = $header @@ -311,7 +330,8 @@ probe nd_syscall.capset = kprobe.function("sys_capset") data_uaddr = pointer_arg(2) argstr = sprintf("%p, %p", header_uaddr, data_uaddr) } -probe nd_syscall.capset.return = kprobe.function("sys_capset").return +probe nd_syscall.capset.return = kprobe.function("SyS_capset").return ?, + kprobe.function("sys_capset").return ? { name = "capset" retstr = returnstr(1) @@ -319,7 +339,8 @@ probe nd_syscall.capset.return = kprobe.function("sys_capset").return # chdir ______________________________________________________ # long sys_chdir(const char __user * filename) -probe nd_syscall.chdir = kprobe.function("sys_chdir") +probe nd_syscall.chdir = kprobe.function("SyS_chdir") ?, + kprobe.function("sys_chdir") ? { name = "chdir" // path = user_string($filename) @@ -328,7 +349,8 @@ probe nd_syscall.chdir = kprobe.function("sys_chdir") path = user_string(pointer_arg(1)) argstr = user_string_quoted(pointer_arg(1)) } -probe nd_syscall.chdir.return = kprobe.function("sys_chdir").return +probe nd_syscall.chdir.return = kprobe.function("SyS_chdir").return ?, + kprobe.function("sys_chdir").return ? { name = "chdir" retstr = returnstr(1) @@ -336,7 +358,8 @@ probe nd_syscall.chdir.return = kprobe.function("sys_chdir").return # chmod ______________________________________________________ # long sys_chmod(const char __user * filename, mode_t mode) -probe nd_syscall.chmod = kprobe.function("sys_chmod") +probe nd_syscall.chmod = kprobe.function("SyS_chmod") ?, + kprobe.function("sys_chmod") ? { name = "chmod" // path = user_string($filename) @@ -347,7 +370,8 @@ probe nd_syscall.chmod = kprobe.function("sys_chmod") mode = uint_arg(2) argstr = sprintf("%s, %#o", user_string_quoted(pointer_arg(1)), mode) } -probe nd_syscall.chmod.return = kprobe.function("sys_chmod").return +probe nd_syscall.chmod.return = kprobe.function("SyS_chmod").return ?, + kprobe.function("sys_chmod").return ? { name = "chmod" retstr = returnstr(1) @@ -355,7 +379,8 @@ probe nd_syscall.chmod.return = kprobe.function("sys_chmod").return # chown ______________________________________________________ # long sys_chown(const char __user * filename, uid_t user, gid_t group) -probe nd_syscall.chown = kprobe.function("sys_chown") +probe nd_syscall.chown = kprobe.function("SyS_chown") ?, + kprobe.function("sys_chown") ? { name = "chown" // path = user_string($filename) @@ -368,7 +393,8 @@ probe nd_syscall.chown = kprobe.function("sys_chown") group = __int32(uint_arg(3)) argstr = sprintf("%s, %d, %d", user_string_quoted(pointer_arg(1)), owner, group) } -probe nd_syscall.chown.return = kprobe.function("sys_chown").return +probe nd_syscall.chown.return = kprobe.function("SyS_chown").return ?, + kprobe.function("sys_chown").return ? { name = "chown" retstr = returnstr(1) @@ -398,7 +424,8 @@ probe nd_syscall.chown16.return = kprobe.function("sys_chown16").return ? # chroot _____________________________________________________ # long sys_chroot(const char __user * filename) -probe nd_syscall.chroot = kprobe.function("sys_chroot") +probe nd_syscall.chroot = kprobe.function("SyS_chroot") ?, + kprobe.function("sys_chroot") ? { name = "chroot" // path = user_string($filename) @@ -407,7 +434,8 @@ probe nd_syscall.chroot = kprobe.function("sys_chroot") path = user_string(pointer_arg(1)) argstr = user_string_quoted(pointer_arg(1)) } -probe nd_syscall.chroot.return = kprobe.function("sys_chroot").return +probe nd_syscall.chroot.return = kprobe.function("SyS_chroot").return ?, + kprobe.function("sys_chroot").return ? { name = "chroot" retstr = returnstr(1) @@ -417,8 +445,9 @@ probe nd_syscall.chroot.return = kprobe.function("sys_chroot").return # long sys_clock_getres(clockid_t which_clock, struct timespec __user *tp) # long compat_clock_getres(clockid_t which_clock, struct compat_timespec __user *tp) # -probe nd_syscall.clock_getres = kprobe.function("sys_clock_getres"), - kprobe.function("compat_clock_getres") ? +probe nd_syscall.clock_getres = kprobe.function("compat_clock_getres") ?, + kprobe.function("SyS_clock_getres") ?, + kprobe.function("sys_clock_getres") ? { name = "clock_getres" // clk_id = $which_clock @@ -431,8 +460,9 @@ probe nd_syscall.clock_getres = kprobe.function("sys_clock_getres"), res_uaddr = pointer_arg(2) argstr = sprintf("%s, %p", clk_id_str, res_uaddr) } -probe nd_syscall.clock_getres.return = kprobe.function("sys_clock_getres").return, - kprobe.function("compat_clock_getres").return ? +probe nd_syscall.clock_getres.return = kprobe.function("compat_clock_getres").return ?, + kprobe.function("SyS_clock_getres").return ?, + kprobe.function("sys_clock_getres").return ? { name = "clock_getres" retstr = returnstr(1) @@ -441,7 +471,8 @@ probe nd_syscall.clock_getres.return = kprobe.function("sys_clock_getres").retur # clock_gettime ______________________________________________ # long sys_clock_gettime(clockid_t which_clock, struct timespec __user *tp) # -probe nd_syscall.clock_gettime = kprobe.function("sys_clock_gettime") +probe nd_syscall.clock_gettime = kprobe.function("SyS_clock_gettime") ?, + kprobe.function("sys_clock_gettime") ? { name = "clock_gettime" // clk_id = $which_clock @@ -452,7 +483,8 @@ probe nd_syscall.clock_gettime = kprobe.function("sys_clock_gettime") clk_id_str = _get_wc_str(clk_id) argstr = sprintf("%s, %p", clk_id_str, pointer_arg(2)) } -probe nd_syscall.clock_gettime.return = kprobe.function("sys_clock_gettime").return +probe nd_syscall.clock_gettime.return = kprobe.function("SyS_clock_gettime").return ?, + kprobe.function("sys_clock_gettime").return ? { name = "clock_gettime" retstr = returnstr(1) @@ -464,7 +496,8 @@ probe nd_syscall.clock_gettime.return = kprobe.function("sys_clock_gettime").ret # const struct timespec __user *rqtp, # struct timespec __user *rmtp) # -probe nd_syscall.clock_nanosleep = kprobe.function("sys_clock_nanosleep") +probe nd_syscall.clock_nanosleep = kprobe.function("SyS_clock_nanosleep") ?, + kprobe.function("sys_clock_nanosleep") ? { name = "clock_nanosleep" // if ($flags == 1) @@ -482,7 +515,8 @@ probe nd_syscall.clock_nanosleep = kprobe.function("sys_clock_nanosleep") argstr = sprintf("%s, %s, %s, %p", _get_wc_str(int_arg(1)), flag_str, _struct_timespec_u(pointer_arg(3), 1), pointer_arg(4)) } -probe nd_syscall.clock_nanosleep.return = kprobe.function("sys_clock_nanosleep").return +probe nd_syscall.clock_nanosleep.return = kprobe.function("SyS_clock_nanosleep").return ?, + kprobe.function("sys_clock_nanosleep").return ? { name = "clock_nanosleep" retstr = returnstr(1) @@ -524,7 +558,8 @@ probe nd_syscall.compat_clock_nanosleep.return = kprobe.function("compat_clock_n # long sys_clock_settime(clockid_t which_clock, # const struct timespec __user *tp) # -probe nd_syscall.clock_settime = kprobe.function("sys_clock_settime") +probe nd_syscall.clock_settime = kprobe.function("SyS_clock_settime") ?, + kprobe.function("sys_clock_settime") ? { name = "clock_settime" // clk_id = $which_clock @@ -537,7 +572,8 @@ probe nd_syscall.clock_settime = kprobe.function("sys_clock_settime") tp_uaddr = pointer_arg(2) argstr = sprintf("%s, %s", clk_id_str, _struct_timespec_u(tp_uaddr, 1)) } -probe nd_syscall.clock_settime.return = kprobe.function("sys_clock_settime").return +probe nd_syscall.clock_settime.return = kprobe.function("SyS_clock_settime").return ?, + kprobe.function("sys_clock_settime").return ? { name = "clock_settime" retstr = returnstr(1) @@ -545,7 +581,8 @@ probe nd_syscall.clock_settime.return = kprobe.function("sys_clock_settime").ret # close ______________________________________________________ # long sys_close(unsigned int fd) -probe nd_syscall.close = kprobe.function("sys_close") +probe nd_syscall.close = kprobe.function("SyS_close") ?, + kprobe.function("sys_close") ? { name = "close" // fd = $fd @@ -553,14 +590,16 @@ probe nd_syscall.close = kprobe.function("sys_close") fd = int_arg(1) argstr = sprint(fd) } -probe nd_syscall.close.return = kprobe.function("sys_close").return +probe nd_syscall.close.return = kprobe.function("SyS_close").return ?, + kprobe.function("sys_close").return ? { name = "close" retstr = returnstr(1) } # connect ____________________________________________________ # long sys_connect(int fd, struct sockaddr __user *uservaddr, int addrlen) -probe nd_syscall.connect = kprobe.function("sys_connect") ? +probe nd_syscall.connect = kprobe.function("SyS_connect") ?, + kprobe.function("sys_connect") ? { name = "connect" // sockfd = $fd @@ -573,7 +612,8 @@ probe nd_syscall.connect = kprobe.function("sys_connect") ? addrlen = int_arg(3) argstr = sprintf("%d, %s, %d", sockfd, _struct_sockaddr_u(serv_addr_uaddr, addrlen), addrlen) } -probe nd_syscall.connect.return = kprobe.function("sys_connect").return ? +probe nd_syscall.connect.return = kprobe.function("SyS_connect").return ?, + kprobe.function("sys_connect").return ? { name = "connect" retstr = returnstr(1) @@ -581,7 +621,8 @@ probe nd_syscall.connect.return = kprobe.function("sys_connect").return ? # creat # long sys_creat(const char __user * pathname, int mode) -probe nd_syscall.creat = kprobe.function("sys_creat") ? +probe nd_syscall.creat = kprobe.function("SyS_creat") ?, + kprobe.function("sys_creat") ? { name = "creat" // mode = $mode @@ -592,7 +633,8 @@ probe nd_syscall.creat = kprobe.function("sys_creat") ? pathname = user_string(pointer_arg(1)) argstr = sprintf("%s, %#o", user_string_quoted(pointer_arg(1)), mode) } -probe nd_syscall.creat.return = kprobe.function("sys_creat").return ? +probe nd_syscall.creat.return = kprobe.function("SyS_creat").return ?, + kprobe.function("sys_creat").return ? { name = "creat" retstr = returnstr(1) @@ -600,7 +642,8 @@ probe nd_syscall.creat.return = kprobe.function("sys_creat").return ? # delete_module ______________________________________________ # long sys_delete_module(const char __user *name_user, unsigned int flags) -probe nd_syscall.delete_module = kprobe.function("sys_delete_module") ? +probe nd_syscall.delete_module = kprobe.function("SyS_delete_module") ?, + kprobe.function("sys_delete_module") ? { name = "delete_module" // name_user = user_string($name_user) @@ -611,7 +654,8 @@ probe nd_syscall.delete_module = kprobe.function("sys_delete_module") ? flags = uint_arg(2) argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), _module_flags_str(uint_arg(2))) } -probe nd_syscall.delete_module.return = kprobe.function("sys_delete_module").return ? +probe nd_syscall.delete_module.return = kprobe.function("SyS_delete_module").return ?, + kprobe.function("sys_delete_module").return ? { name = "delete_module" retstr = returnstr(1) @@ -619,7 +663,8 @@ probe nd_syscall.delete_module.return = kprobe.function("sys_delete_module").ret # dup ________________________________________________________ # long sys_dup(unsigned int fildes) -probe nd_syscall.dup = kprobe.function("sys_dup") +probe nd_syscall.dup = kprobe.function("SyS_dup") ?, + kprobe.function("sys_dup") ? { name = "dup" // oldfd = $fildes @@ -628,7 +673,8 @@ probe nd_syscall.dup = kprobe.function("sys_dup") old_fd = int_arg(1) argstr = sprint(old_fd) } -probe nd_syscall.dup.return = kprobe.function("sys_dup").return +probe nd_syscall.dup.return = kprobe.function("SyS_dup").return ?, + kprobe.function("sys_dup").return ? { name = "dup" retstr = returnstr(1) @@ -636,7 +682,8 @@ probe nd_syscall.dup.return = kprobe.function("sys_dup").return # dup2 _______________________________________________________ # long sys_dup2(unsigned int oldfd, unsigned int newfd) -probe nd_syscall.dup2 = kprobe.function("sys_dup2") +probe nd_syscall.dup2 = kprobe.function("SyS_dup2") ?, + kprobe.function("sys_dup2") ? { name = "dup2" // oldfd = $oldfd @@ -647,7 +694,8 @@ probe nd_syscall.dup2 = kprobe.function("sys_dup2") newfd = int_arg(2) argstr = sprintf("%d, %d", oldfd, newfd) } -probe nd_syscall.dup2.return = kprobe.function("sys_dup2").return +probe nd_syscall.dup2.return = kprobe.function("SyS_dup2").return ?, + kprobe.function("sys_dup2").return ? { name = "dup2" retstr = returnstr(1) @@ -655,7 +703,8 @@ probe nd_syscall.dup2.return = kprobe.function("sys_dup2").return # epoll_create _______________________________________________ # long sys_epoll_create(int size) -probe nd_syscall.epoll_create = kprobe.function("sys_epoll_create") ? +probe nd_syscall.epoll_create = kprobe.function("SyS_epoll_create") ?, + kprobe.function("sys_epoll_create") ? { name = "epoll_create" // size = $size @@ -664,7 +713,8 @@ probe nd_syscall.epoll_create = kprobe.function("sys_epoll_create") ? size = int_arg(1) argstr = sprint(size) } -probe nd_syscall.epoll_create.return = kprobe.function("sys_epoll_create").return ? +probe nd_syscall.epoll_create.return = kprobe.function("SyS_epoll_create").return ?, + kprobe.function("sys_epoll_create").return ? { name = "epoll_create" retstr = returnstr(1) @@ -676,8 +726,9 @@ probe nd_syscall.epoll_create.return = kprobe.function("sys_epoll_create").retur # long compat_sys_epoll_ctl(int epfd, int op, int fd, # struct compat_epoll_event __user *event) # -probe nd_syscall.epoll_ctl = kprobe.function("sys_epoll_ctl") ?, - kprobe.function("compat_sys_epoll_ctl") ? +probe nd_syscall.epoll_ctl = kprobe.function("compat_sys_epoll_ctl") ?, + kprobe.function("SyS_epoll_ctl") ?, + kprobe.function("sys_epoll_ctl") ? { name = "epoll_ctl" // epfd = $epfd @@ -694,8 +745,9 @@ probe nd_syscall.epoll_ctl = kprobe.function("sys_epoll_ctl") ?, event_uaddr = pointer_arg(4) argstr = sprintf("%d, %s, %d, %p", epfd, op_str, fd, event_uaddr) } -probe nd_syscall.epoll_ctl.return = kprobe.function("sys_epoll_ctl").return ?, - kprobe.function("compat_sys_epoll_ctl").return ? +probe nd_syscall.epoll_ctl.return = kprobe.function("compat_sys_epoll_ctl").return ?, + kprobe.function("SyS_epoll_ctl").return ?, + kprobe.function("sys_epoll_ctl").return ? { name = "epoll_ctl" retstr = returnstr(1) @@ -712,8 +764,9 @@ probe nd_syscall.epoll_ctl.return = kprobe.function("sys_epoll_ctl").return ?, # const compat_sigset_t __user *sigmask, # compat_size_t sigsetsize) # -probe nd_syscall.epoll_pwait = kprobe.function("sys_epoll_pwait") ?, - kprobe.function("compat_sys_epoll_pwait") ? +probe nd_syscall.epoll_pwait = kprobe.function("compat_sys_epoll_pwait") ?, + kprobe.function("SyS_epoll_pwait") ?, + kprobe.function("sys_epoll_pwait") ? { name = "epoll_pwait" asmlinkage() @@ -721,8 +774,9 @@ probe nd_syscall.epoll_pwait = kprobe.function("sys_epoll_pwait") ?, // $epfd, $events, $maxevents, $timeout, $sigmask, $sigsetsize) int_arg(1), pointer_arg(2), int_arg(3), int_arg(4), pointer_arg(5), ulong_arg(6)) } -probe nd_syscall.epoll_pwait.return = kprobe.function("sys_epoll_pwait").return ?, - kprobe.function("compat_sys_epoll_pwait").return ? +probe nd_syscall.epoll_pwait.return = kprobe.function("compat_sys_epoll_pwait").return ?, + kprobe.function("SyS_epoll_pwait").return ?, + kprobe.function("sys_epoll_pwait").return ? { name = "epoll_pwait" retstr = returnstr(1) @@ -736,8 +790,9 @@ probe nd_syscall.epoll_pwait.return = kprobe.function("sys_epoll_pwait").return # struct compat_epoll_event __user *events, # int maxevents, int timeout) # -probe nd_syscall.epoll_wait = kprobe.function("sys_epoll_wait") ?, - kprobe.function("compat_sys_epoll_wait") ? +probe nd_syscall.epoll_wait = kprobe.function("compat_sys_epoll_wait") ?, + kprobe.function("SyS_epoll_wait") ?, + kprobe.function("sys_epoll_wait") ? { name = "epoll_wait" // epfd = $epfd @@ -752,8 +807,9 @@ probe nd_syscall.epoll_wait = kprobe.function("sys_epoll_wait") ?, timeout = int_arg(4) argstr = sprintf("%d, %p, %d, %d", epfd, events_uaddr, maxevents, timeout) } -probe nd_syscall.epoll_wait.return = kprobe.function("sys_epoll_wait").return ?, - kprobe.function("compat_sys_epoll_wait").return ? +probe nd_syscall.epoll_wait.return = kprobe.function("compat_sys_epoll_wait").return ?, + kprobe.function("SyS_epoll_wait").return ?, + kprobe.function("sys_epoll_wait").return ? { name = "epoll_wait" retstr = returnstr(1) @@ -762,14 +818,16 @@ probe nd_syscall.epoll_wait.return = kprobe.function("sys_epoll_wait").return ?, # eventfd _____________________________________________________ # long sys_eventfd(unsigned int count) # -probe nd_syscall.eventfd = kprobe.function("sys_eventfd") ? +probe nd_syscall.eventfd = kprobe.function("SyS_eventfd") ?, + kprobe.function("sys_eventfd") ? { name = "eventfd" // argstr = sprint($count) asmlinkage() argstr = sprint(uint_arg(1)) } -probe nd_syscall.eventfd.return = kprobe.function("sys_eventfd").return ? +probe nd_syscall.eventfd.return = kprobe.function("SyS_eventfd").return ?, + kprobe.function("sys_eventfd").return ? { name = "eventfd" retstr = returnstr(1) @@ -838,7 +896,8 @@ probe nd_syscall.exit = kprobe.function("do_exit") # exit_group _________________________________________________ # void sys_exit_group(int error_code) # -probe nd_syscall.exit_group = kprobe.function("sys_exit_group") +probe nd_syscall.exit_group = kprobe.function("SyS_exit_group") ?, + kprobe.function("sys_exit_group") ? { name = "exit_group" // status = $error_code @@ -853,7 +912,8 @@ probe nd_syscall.exit_group = kprobe.function("sys_exit_group") # faccessat __________________________________________________ # new function with 2.6.16 # long sys_faccessat(int dfd, const char __user *filename, int mode) -probe nd_syscall.faccessat = kprobe.function("sys_faccessat") ? +probe nd_syscall.faccessat = kprobe.function("SyS_faccessat") ?, + kprobe.function("sys_faccessat") ? { name = "faccessat" // dirfd = $dfd @@ -870,7 +930,8 @@ probe nd_syscall.faccessat = kprobe.function("sys_faccessat") ? mode_str = _access_mode_str(mode) argstr = sprintf("%s, %s, %s", dirfd_str, user_string_quoted(pointer_arg(2)), mode_str) } -probe nd_syscall.faccessat.return = kprobe.function("sys_faccessat").return ? +probe nd_syscall.faccessat.return = kprobe.function("SyS_faccessat").return ?, + kprobe.function("sys_faccessat").return ? { name = "faccessat" retstr = returnstr(1) @@ -880,7 +941,8 @@ probe nd_syscall.faccessat.return = kprobe.function("sys_faccessat").return ? # fadvise64 __________________________________________________ # long sys_fadvise64(int fd, loff_t offset, size_t len, int advice) # -probe nd_syscall.fadvise64 = kprobe.function("sys_fadvise64") ? +probe nd_syscall.fadvise64 = kprobe.function("SyS_fadvise64") ?, + kprobe.function("sys_fadvise64") ? { name = "fadvise64" // fd = $fd @@ -895,7 +957,8 @@ probe nd_syscall.fadvise64 = kprobe.function("sys_fadvise64") ? advice = int_arg(4) argstr = sprintf("%d, %d, %d, %s", fd, offset, len, _fadvice_advice_str(advice)) } -probe nd_syscall.fadvise64.return = kprobe.function("sys_fadvise64").return ? +probe nd_syscall.fadvise64.return = kprobe.function("SyS_fadvise64").return ?, + kprobe.function("sys_fadvise64").return ? { name = "fadvise64" retstr = returnstr(1) @@ -904,7 +967,8 @@ probe nd_syscall.fadvise64.return = kprobe.function("sys_fadvise64").return ? # fadvise64_64 _______________________________________________ # long sys_fadvise64_64(int fd, loff_t offset, loff_t len, int advice) # -probe nd_syscall.fadvise64_64 = kprobe.function("sys_fadvise64_64") +probe nd_syscall.fadvise64_64 = kprobe.function("SyS_fadvise64_64") ?, + kprobe.function("sys_fadvise64_64") ? { name = "fadvise64_64" // fd = $fd @@ -919,7 +983,8 @@ probe nd_syscall.fadvise64_64 = kprobe.function("sys_fadvise64_64") advice = int_arg(4) argstr = sprintf("%d, %d, %d, %s", fd, offset, len, _fadvice_advice_str(advice)) } -probe nd_syscall.fadvise64_64.return = kprobe.function("sys_fadvise64_64").return +probe nd_syscall.fadvise64_64.return = kprobe.function("SyS_fadvise64_64").return ?, + kprobe.function("sys_fadvise64_64").return ? { name = "fadvise64_64" retstr = returnstr(1) @@ -930,7 +995,8 @@ probe nd_syscall.fadvise64_64.return = kprobe.function("sys_fadvise64_64").retur # fadvise64 __________________________________________________ # long sys_fadvise64(int fd, loff_t offset, size_t len, int advice) # -probe nd_syscall.fadvise64 = kprobe.function("sys_fadvise64") +probe nd_syscall.fadvise64 = kprobe.function("SyS_fadvise64") ?, + kprobe.function("sys_fadvise64") ? { name = "fadvise64" fd = 0 @@ -939,7 +1005,8 @@ probe nd_syscall.fadvise64 = kprobe.function("sys_fadvise64") advice = 0 argstr = "" } -probe nd_syscall.fadvise64.return = kprobe.function("sys_fadvise64").return +probe nd_syscall.fadvise64.return = kprobe.function("SyS_fadvise64").return ?, + kprobe.function("sys_fadvise64").return ? { name = "fadvise64" retstr = returnstr(1) @@ -948,7 +1015,8 @@ probe nd_syscall.fadvise64.return = kprobe.function("sys_fadvise64").return # fadvise64_64 _______________________________________________ # long sys_fadvise64_64(int fd, loff_t offset, loff_t len, int advice) # -probe nd_syscall.fadvise64_64 = kprobe.function("sys_fadvise64_64") +probe nd_syscall.fadvise64_64 = kprobe.function("SyS_fadvise64_64") ?, + kprobe.function("sys_fadvise64_64") ? { name = "fadvise64_64" fd = 0 @@ -957,7 +1025,8 @@ probe nd_syscall.fadvise64_64 = kprobe.function("sys_fadvise64_64") advice = 0 argstr = "" } -probe nd_syscall.fadvise64_64.return = kprobe.function("sys_fadvise64_64").return +probe nd_syscall.fadvise64_64.return = kprobe.function("SyS_fadvise64_64").return ?, + kprobe.function("sys_fadvise64_64").return ? { name = "fadvise64_64" retstr = returnstr(1) @@ -966,7 +1035,8 @@ probe nd_syscall.fadvise64_64.return = kprobe.function("sys_fadvise64_64").retur # fchdir _____________________________________________________ # long sys_fchdir(unsigned int fd) -probe nd_syscall.fchdir = kprobe.function("sys_fchdir") +probe nd_syscall.fchdir = kprobe.function("SyS_fchdir") ?, + kprobe.function("sys_fchdir") ? { name = "fchdir" // fd = $fd @@ -975,7 +1045,8 @@ probe nd_syscall.fchdir = kprobe.function("sys_fchdir") fd = int_arg(1) argstr = sprint(fd) } -probe nd_syscall.fchdir.return = kprobe.function("sys_fchdir").return +probe nd_syscall.fchdir.return = kprobe.function("SyS_fchdir").return ?, + kprobe.function("sys_fchdir").return ? { name = "fchdir" retstr = returnstr(1) @@ -983,7 +1054,8 @@ probe nd_syscall.fchdir.return = kprobe.function("sys_fchdir").return # fchmod _____________________________________________________ # long sys_fchmod(unsigned int fd, mode_t mode) -probe nd_syscall.fchmod = kprobe.function("sys_fchmod") +probe nd_syscall.fchmod = kprobe.function("SyS_fchmod") ?, + kprobe.function("sys_fchmod") ? { name = "fchmod" // fildes = $fd @@ -993,7 +1065,8 @@ probe nd_syscall.fchmod = kprobe.function("sys_fchmod") mode = uint_arg(2) # SAFE? argstr = sprintf("%d, %#o", fildes, mode) } -probe nd_syscall.fchmod.return = kprobe.function("sys_fchmod").return +probe nd_syscall.fchmod.return = kprobe.function("SyS_fchmod").return ?, + kprobe.function("sys_fchmod").return ? { name = "fchmod" retstr = returnstr(1) @@ -1003,7 +1076,8 @@ probe nd_syscall.fchmod.return = kprobe.function("sys_fchmod").return # new function with 2.6.16 # long sys_fchmodat(int dfd, const char __user *filename, # mode_t mode) -probe nd_syscall.fchmodat = kprobe.function("sys_fchmodat") ? +probe nd_syscall.fchmodat = kprobe.function("SyS_fchmodat") ?, + kprobe.function("sys_fchmodat") ? { name = "fchmodat" // dirfd = $dfd @@ -1018,7 +1092,8 @@ probe nd_syscall.fchmodat = kprobe.function("sys_fchmodat") ? mode = uint_arg(3) argstr = sprintf("%s, %s, %#o", dirfd_str, user_string_quoted(pointer_arg(2)), mode) } -probe nd_syscall.fchmodat.return = kprobe.function("sys_fchmodat").return ? +probe nd_syscall.fchmodat.return = kprobe.function("SyS_fchmodat").return ?, + kprobe.function("sys_fchmodat").return ? { name = "fchmodat" retstr = returnstr(1) @@ -1026,7 +1101,8 @@ probe nd_syscall.fchmodat.return = kprobe.function("sys_fchmodat").return ? # fchown _____________________________________________________ # long sys_fchown(unsigned int fd, uid_t user, gid_t group) -probe nd_syscall.fchown = kprobe.function("sys_fchown") +probe nd_syscall.fchown = kprobe.function("SyS_fchown") ?, + kprobe.function("sys_fchown") ? { name = "fchown" // fd = $fd @@ -1039,7 +1115,8 @@ probe nd_syscall.fchown = kprobe.function("sys_fchown") group = __int32(uint_arg(3)) argstr = sprintf("%d, %d, %d", fd, owner, group) } -probe nd_syscall.fchown.return = kprobe.function("sys_fchown").return +probe nd_syscall.fchown.return = kprobe.function("SyS_fchown").return ?, + kprobe.function("sys_fchown").return ? { name = "fchown" retstr = returnstr(1) @@ -1070,7 +1147,8 @@ probe nd_syscall.fchown16.return = kprobe.function("sys_fchown16").return ? # new function with 2.6.16 # long sys_fchownat(int dfd, const char __user *filename, # uid_t user, gid_t group, int flag) -probe nd_syscall.fchownat = kprobe.function("sys_fchownat") ? +probe nd_syscall.fchownat = kprobe.function("SyS_fchownat") ?, + kprobe.function("sys_fchownat") ? { name = "fchownat" // dirfd = $dfd @@ -1093,7 +1171,8 @@ probe nd_syscall.fchownat = kprobe.function("sys_fchownat") ? argstr = sprintf("%s, %s, %d, %d, %s", dirfd_str, user_string_quoted(pointer_arg(2)), owner, group, flags_str) } -probe nd_syscall.fchownat.return = kprobe.function("sys_fchownat").return ? +probe nd_syscall.fchownat.return = kprobe.function("SyS_fchownat").return ?, + kprobe.function("sys_fchownat").return ? { name = "fchownat" retstr = returnstr(1) @@ -1105,10 +1184,11 @@ probe nd_syscall.fchownat.return = kprobe.function("sys_fchownat").return ? # long compat_sys_fcntl64(unsigned int fd, unsigned int cmd, unsigned long arg) # long compat_sys_fcntl(unsigned int fd, unsigned int cmd, unsigned long arg) # -probe nd_syscall.fcntl = kprobe.function("sys_fcntl") ?, +probe nd_syscall.fcntl = kprobe.function("compat_sys_fcntl") ?, + kprobe.function("compat_sys_fcntl64") ?, kprobe.function("sys_fcntl64") ?, - kprobe.function("compat_sys_fcntl") ?, - kprobe.function("compat_sys_fcntl64") ? + kprobe.function("SyS_fcntl") ?, + kprobe.function("sys_fcntl") ? { name = "fcntl" // fd = $fd @@ -1123,10 +1203,11 @@ probe nd_syscall.fcntl = kprobe.function("sys_fcntl") ?, arg = long_arg(3) argstr = sprintf("%d, %s, %p", fd, cmd_str, arg) } -probe nd_syscall.fcntl.return = kprobe.function("sys_fcntl").return ?, +probe nd_syscall.fcntl.return = kprobe.function("compat_sys_fcntl").return ?, + kprobe.function("compat_sys_fcntl64").return ?, kprobe.function("sys_fcntl64").return ?, - kprobe.function("compat_sys_fcntl").return ?, - kprobe.function("compat_sys_fcntl64").return ? + kprobe.function("SyS_fcntl").return ?, + kprobe.function("sys_fcntl").return ? { name = "fcntl" retstr = returnstr(1) @@ -1134,7 +1215,8 @@ probe nd_syscall.fcntl.return = kprobe.function("sys_fcntl").return ?, # fdatasync __________________________________________________ # long sys_fdatasync(unsigned int fd) -probe nd_syscall.fdatasync = kprobe.function("sys_fdatasync") +probe nd_syscall.fdatasync = kprobe.function("SyS_fdatasync") ?, + kprobe.function("sys_fdatasync") ? { name = "fdatasync" // fd = $fd @@ -1142,7 +1224,8 @@ probe nd_syscall.fdatasync = kprobe.function("sys_fdatasync") fd = int_arg(1) argstr = sprint(fd) } -probe nd_syscall.fdatasync.return = kprobe.function("sys_fdatasync").return +probe nd_syscall.fdatasync.return = kprobe.function("SyS_fdatasync").return ?, + kprobe.function("sys_fdatasync").return ? { name = "fdatasync" retstr = returnstr(1) @@ -1151,7 +1234,8 @@ probe nd_syscall.fdatasync.return = kprobe.function("sys_fdatasync").return # fgetxattr __________________________________________________ # ssize_t sys_fgetxattr(int fd, char __user *name, # void __user *value, size_t size) -probe nd_syscall.fgetxattr = kprobe.function("sys_fgetxattr") +probe nd_syscall.fgetxattr = kprobe.function("SyS_fgetxattr") ?, + kprobe.function("sys_fgetxattr") ? { name = "fgetxattr" // filedes = $fd @@ -1167,14 +1251,16 @@ probe nd_syscall.fgetxattr = kprobe.function("sys_fgetxattr") size = ulong_arg(4) argstr = sprintf("%d, %s, %p, %d", filedes, user_string_quoted(pointer_arg(2)), value_uaddr, size) } -probe nd_syscall.fgetxattr.return = kprobe.function("sys_fgetxattr").return +probe nd_syscall.fgetxattr.return = kprobe.function("SyS_fgetxattr").return ?, + kprobe.function("sys_fgetxattr").return ? { name = "fgetxattr" retstr = returnstr(1) } # flistxattr _________________________________________________ # ssize_t sys_flistxattr(int fd, char __user *list, size_t size) -probe nd_syscall.flistxattr = kprobe.function("sys_flistxattr") +probe nd_syscall.flistxattr = kprobe.function("SyS_flistxattr") ?, + kprobe.function("sys_flistxattr") ? { name = "flistxattr" // filedes = $fd @@ -1186,7 +1272,8 @@ probe nd_syscall.flistxattr = kprobe.function("sys_flistxattr") size = ulong_arg(3) argstr = sprintf("%d, %p, %d", filedes, list_uaddr, size) } -probe nd_syscall.flistxattr.return = kprobe.function("sys_flistxattr").return +probe nd_syscall.flistxattr.return = kprobe.function("SyS_flistxattr").return ?, + kprobe.function("sys_flistxattr").return ? { name = "flistxattr" retstr = returnstr(1) @@ -1194,7 +1281,8 @@ probe nd_syscall.flistxattr.return = kprobe.function("sys_flistxattr").return # flock ______________________________________________________ # long sys_flock(unsigned int fd, unsigned int cmd) -probe nd_syscall.flock = kprobe.function("sys_flock") +probe nd_syscall.flock = kprobe.function("SyS_flock") ?, + kprobe.function("sys_flock") ? { name = "flock" // fd = $fd @@ -1204,7 +1292,8 @@ probe nd_syscall.flock = kprobe.function("sys_flock") operation = int_arg(2) argstr = sprintf("%d, %s", fd, _flock_cmd_str(operation)) } -probe nd_syscall.flock.return = kprobe.function("sys_flock").return +probe nd_syscall.flock.return = kprobe.function("SyS_flock").return ?, + kprobe.function("sys_flock").return ? { name = "flock" retstr = returnstr(1) @@ -1285,7 +1374,8 @@ probe nd_syscall.fork.return = kprobe.function("do_fork").return } # fremovexattr _______________________________________________ # long sys_fremovexattr(int fd, char __user *name) -probe nd_syscall.fremovexattr = kprobe.function("sys_fremovexattr") +probe nd_syscall.fremovexattr = kprobe.function("SyS_fremovexattr") ?, + kprobe.function("sys_fremovexattr") ? { name = "fremovexattr" // filedes = $fd @@ -1297,7 +1387,8 @@ probe nd_syscall.fremovexattr = kprobe.function("sys_fremovexattr") name2 = user_string(pointer_arg(2)) argstr = sprintf("%d, %s", filedes, user_string_quoted(pointer_arg(2))) } -probe nd_syscall.fremovexattr.return = kprobe.function("sys_fremovexattr").return +probe nd_syscall.fremovexattr.return = kprobe.function("SyS_fremovexattr").return ?, + kprobe.function("sys_fremovexattr").return ? { name = "fremovexattr" retstr = returnstr(1) @@ -1312,7 +1403,8 @@ probe nd_syscall.fremovexattr.return = kprobe.function("sys_fremovexattr").retur * size_t size, * int flags) */ -probe nd_syscall.fsetxattr = kprobe.function("sys_fsetxattr") +probe nd_syscall.fsetxattr = kprobe.function("SyS_fsetxattr") ?, + kprobe.function("sys_fsetxattr") ? { name = "fsetxattr" // filedes = $fd @@ -1330,7 +1422,8 @@ probe nd_syscall.fsetxattr = kprobe.function("sys_fsetxattr") flags = int_arg(5) argstr = sprintf("%d, %s, %p, %d, %p", filedes, user_string_quoted(pointer_arg(2)), value_uaddr, size, flags) } -probe nd_syscall.fsetxattr.return = kprobe.function("sys_fsetxattr").return +probe nd_syscall.fsetxattr.return = kprobe.function("SyS_fsetxattr").return ?, + kprobe.function("sys_fsetxattr").return ? { name = "fsetxattr" retstr = returnstr(1) @@ -1346,8 +1439,10 @@ probe nd_syscall.fsetxattr.return = kprobe.function("sys_fsetxattr").return # long compat_sys_newfstat(unsigned int fd, struct compat_stat __user * statbuf) # probe nd_syscall.fstat = kprobe.function("sys_fstat") ?, + kprobe.function("SyS_fstat64") ?, kprobe.function("sys_fstat64") ?, kprobe.function("sys32_fstat64") ?, + kprobe.function("SyS_newfstat") ?, kprobe.function("sys_newfstat") ?, kprobe.function("sys_oabi_fstat64") ?, kprobe.function("compat_sys_newfstat") ? @@ -1362,8 +1457,10 @@ probe nd_syscall.fstat = kprobe.function("sys_fstat") ?, argstr = sprintf("%d, %p", filedes, buf_uaddr) } probe nd_syscall.fstat.return = kprobe.function("sys_fstat").return ?, + kprobe.function("SyS_fstat64").return ?, kprobe.function("sys_fstat64").return ?, kprobe.function("sys32_fstat64").return ?, + kprobe.function("SyS_newfstat").return ?, kprobe.function("sys_newfstat").return ?, kprobe.function("sys_oabi_fstat64").return ?, kprobe.function("compat_sys_newfstat").return ? @@ -1377,7 +1474,9 @@ probe nd_syscall.fstat.return = kprobe.function("sys_fstat").return ?, # long sys_newfstatat(int dfd, char __user *filename, struct stat __user *statbuf, int flag) # long sys_fstatat64(int dfd, char __user *filename, struct stat64 __user *statbuf, int flag) # long compat_sys_newfstatat(unsigned int dfd, char __user *filename, struct compat_stat __user *statbuf, int flag) -probe nd_syscall.fstatat = kprobe.function("sys_fstatat64") ?, +probe nd_syscall.fstatat = kprobe.function("SyS_fstatat64") ?, + kprobe.function("sys_fstatat64") ?, + kprobe.function("SyS_newfstatat") ?, kprobe.function("sys_newfstatat") ?, kprobe.function("compat_sys_newfstatat") ?, kprobe.function("sys32_fstatat64") ? @@ -1393,7 +1492,9 @@ probe nd_syscall.fstatat = kprobe.function("sys_fstatat64") ?, buf_uaddr = pointer_arg(3) argstr = sprintf("%s, %s, %p, %s", _dfd_str(dirfd), user_string_quoted(pointer_arg(2)), buf_uaddr, _at_flag_str(int_arg(4))) } -probe nd_syscall.fstatat.return = kprobe.function("sys_fstatat64").return ?, +probe nd_syscall.fstatat.return = kprobe.function("SyS_fstatat64").return ?, + kprobe.function("sys_fstatat64").return ?, + kprobe.function("SyS_newfstatat").return ?, kprobe.function("sys_newfstatat").return ?, kprobe.function("compat_sys_newfstatat").return ?, kprobe.function("sys32_fstatat64").return ? @@ -1406,8 +1507,9 @@ probe nd_syscall.fstatat.return = kprobe.function("sys_fstatat64").return ?, # long sys_fstatfs(unsigned int fd, struct statfs __user * buf) # long compat_sys_fstatfs(unsigned int fd, struct compat_statfs __user *buf) # -probe nd_syscall.fstatfs = kprobe.function("sys_fstatfs"), - kprobe.function("compat_sys_fstatfs") ? +probe nd_syscall.fstatfs = kprobe.function("compat_sys_fstatfs") ?, + kprobe.function("SyS_fstatfs") ?, + kprobe.function("sys_fstatfs") ? { name = "fstatfs" // fd = $fd @@ -1418,8 +1520,9 @@ probe nd_syscall.fstatfs = kprobe.function("sys_fstatfs"), buf_uaddr = pointer_arg(2) argstr = sprintf("%d, %p", fd, buf_uaddr) } -probe nd_syscall.fstatfs.return = kprobe.function("sys_fstatfs").return, - kprobe.function("compat_sys_fstatfs").return ? +probe nd_syscall.fstatfs.return = kprobe.function("compat_sys_fstatfs").return ?, + kprobe.function("SyS_fstatfs").return ?, + kprobe.function("sys_fstatfs").return ? { name = "fstatfs" retstr = returnstr(1) @@ -1429,8 +1532,9 @@ probe nd_syscall.fstatfs.return = kprobe.function("sys_fstatfs").return, # long sys_fstatfs64(unsigned int fd, size_t sz, struct statfs64 __user *buf) # long compat_sys_fstatfs64(unsigned int fd, compat_size_t sz, struct compat_statfs64 __user *buf) # -probe nd_syscall.fstatfs64 = kprobe.function("sys_fstatfs64") ?, - kprobe.function("compat_sys_fstatfs64") ? +probe nd_syscall.fstatfs64 = kprobe.function("compat_sys_fstatfs64") ?, + kprobe.function("SyS_fstatfs64") ?, + kprobe.function("sys_fstatfs64") ? { name = "fstatfs" // fd = $fd @@ -1443,8 +1547,9 @@ probe nd_syscall.fstatfs64 = kprobe.function("sys_fstatfs64") ?, buf_uaddr = pointer_arg(3) argstr = sprintf("%d, %d, %p", fd, sz, buf_uaddr) } -probe nd_syscall.fstatfs64.return = kprobe.function("sys_fstatfs64").return ?, - kprobe.function("compat_sys_fstatfs64").return ? +probe nd_syscall.fstatfs64.return = kprobe.function("compat_sys_fstatfs64").return ?, + kprobe.function("SyS_fstatfs64").return ?, + kprobe.function("sys_fstatfs64").return ? { name = "fstatfs" retstr = returnstr(1) @@ -1452,7 +1557,8 @@ probe nd_syscall.fstatfs64.return = kprobe.function("sys_fstatfs64").return ?, # fsync ______________________________________________________ # long sys_fsync(unsigned int fd) -probe nd_syscall.fsync = kprobe.function("sys_fsync") +probe nd_syscall.fsync = kprobe.function("SyS_fsync") ?, + kprobe.function("sys_fsync") ? { name = "fsync" // fd = $fd @@ -1460,14 +1566,16 @@ probe nd_syscall.fsync = kprobe.function("sys_fsync") fd = int_arg(1) argstr = sprint(fd) } -probe nd_syscall.fsync.return = kprobe.function("sys_fsync").return +probe nd_syscall.fsync.return = kprobe.function("SyS_fsync").return ?, + kprobe.function("sys_fsync").return ? { name = "fsync" retstr = returnstr(1) } # ftruncate __________________________________________________ # long sys_ftruncate(unsigned int fd, unsigned long length) -probe nd_syscall.ftruncate = kprobe.function("sys_ftruncate") +probe nd_syscall.ftruncate = kprobe.function("SyS_ftruncate") ?, + kprobe.function("sys_ftruncate") ? { name = "ftruncate" // fd = $fd @@ -1477,7 +1585,8 @@ probe nd_syscall.ftruncate = kprobe.function("sys_ftruncate") length = ulong_arg(2) argstr = sprintf("%d, %d", fd, length) } -probe nd_syscall.ftruncate.return = kprobe.function("sys_ftruncate").return +probe nd_syscall.ftruncate.return = kprobe.function("SyS_ftruncate").return ?, + kprobe.function("sys_ftruncate").return ? { name = "ftruncate" retstr = returnstr(1) @@ -1512,7 +1621,8 @@ probe nd_syscall.ftruncate64.return = kprobe.function("sys_ftruncate64").return # struct compat_timespec __user *utime, u32 __user *uaddr2, # u32 val3) # -probe nd_syscall.futex = kprobe.function("sys_futex") ? +probe nd_syscall.futex = kprobe.function("SyS_futex") ?, + kprobe.function("sys_futex") ? { name = "futex" // futex_uaddr = $uaddr @@ -1542,7 +1652,8 @@ probe nd_syscall.futex = kprobe.function("sys_futex") ? argstr = sprintf("%p, %s, %d", futex_uaddr, _futex_op_str(op), val) } -probe nd_syscall.futex.return = kprobe.function("sys_futex").return ? +probe nd_syscall.futex.return = kprobe.function("SyS_futex").return ?, + kprobe.function("sys_futex").return ? { name = "futex" retstr = returnstr(1) @@ -1589,7 +1700,8 @@ probe nd_syscall.compat_futex.return = kprobe.function("compat_sys_futex").retur # long compat_sys_futimesat(unsigned int dfd, char __user *filename, struct compat_timeval __user *t) # -probe nd_syscall.futimesat = kprobe.function("sys_futimesat") ? +probe nd_syscall.futimesat = kprobe.function("SyS_futimesat") ?, + kprobe.function("sys_futimesat") ? { name = "futimesat" // dirfd = $dfd @@ -1623,7 +1735,8 @@ probe nd_syscall.compat_futimesat = kprobe.function("compat_sys_futimesat") ? argstr = sprintf("%s, %s, %s", _dfd_str(uint_arg(1)), user_string_quoted(pointer_arg(2)), _struct_compat_timeval_u(pointer_arg(3), 2)) } -probe nd_syscall.futimesat.return = kprobe.function("sys_futimesat").return ? +probe nd_syscall.futimesat.return = kprobe.function("SyS_futimesat").return ?, + kprobe.function("sys_futimesat").return ? { name = "futimesat" retstr = returnstr(1) @@ -1636,7 +1749,8 @@ probe nd_syscall.compat_futimesat.return = kprobe.function("compat_sys_futimesat # getcwd _____________________________________________________ # long sys_getcwd(char __user *buf, unsigned long size) -probe nd_syscall.getcwd = kprobe.function("sys_getcwd") +probe nd_syscall.getcwd = kprobe.function("SyS_getcwd") ?, + kprobe.function("sys_getcwd") ? { name = "getcwd" // buf_uaddr = $buf @@ -1646,7 +1760,8 @@ probe nd_syscall.getcwd = kprobe.function("sys_getcwd") size = ulong_arg(2) argstr = sprintf("%p, %d", buf_uaddr, size) } -probe nd_syscall.getcwd.return = kprobe.function("sys_getcwd").return +probe nd_syscall.getcwd.return = kprobe.function("SyS_getcwd").return ?, + kprobe.function("sys_getcwd").return ? { name = "getcwd" retstr = returnstr(1) @@ -1658,7 +1773,9 @@ probe nd_syscall.getcwd.return = kprobe.function("sys_getcwd").return # long sys_getdents64(unsigned int fd, struct linux_dirent64 __user * dirent, unsigned int count) # long compat_sys_getdents64(unsigned int fd, struct linux_dirent64 __user * dirent, unsigned int count) # -probe nd_syscall.getdents = kprobe.function("sys_getdents") ?, +probe nd_syscall.getdents = kprobe.function("SyS_getdents") ?, + kprobe.function("sys_getdents") ?, + kprobe.function("SyS_getdents64") ?, kprobe.function("sys_getdents64") ?, kprobe.function("compat_sys_getdents") ?, kprobe.function("compat_sys_getdents64") ? @@ -1674,7 +1791,9 @@ probe nd_syscall.getdents = kprobe.function("sys_getdents") ?, count = uint_arg(3) argstr = sprintf("%d, %p, %d", fd, dirp_uaddr, count) } -probe nd_syscall.getdents.return = kprobe.function("sys_getdents").return ?, +probe nd_syscall.getdents.return = kprobe.function("SyS_getdents").return ?, + kprobe.function("sys_getdents").return ?, + kprobe.function("SyS_getdents64").return ?, kprobe.function("sys_getdents64").return ?, kprobe.function("compat_sys_getdents").return ?, kprobe.function("compat_sys_getdents64").return ? @@ -1746,9 +1865,10 @@ probe nd_syscall.getgid.return = kprobe.function("sys_getgid16").return ?, # long sys_getgroups16(int gidsetsize, old_gid_t __user *grouplist) # long sys32_getgroups16(int gidsetsize, u16 __user *grouplist) # -probe nd_syscall.getgroups = kprobe.function("sys_getgroups") ?, - kprobe.function("sys_getgroups16") ?, - kprobe.function("sys32_getgroups16") ? +probe nd_syscall.getgroups = kprobe.function("sys_getgroups16") ?, + kprobe.function("sys32_getgroups16") ?, + kprobe.function("SyS_getgroups") ?, + kprobe.function("sys_getgroups") ? { name = "getgroups" // size = $gidsetsize @@ -1759,9 +1879,10 @@ probe nd_syscall.getgroups = kprobe.function("sys_getgroups") ?, list_uaddr = pointer_arg(2) argstr = sprintf("%d, %p", size, list_uaddr) } -probe nd_syscall.getgroups.return = kprobe.function("sys_getgroups").return ?, - kprobe.function("sys_getgroups16").return ?, - kprobe.function("sys32_getgroups16").return ? +probe nd_syscall.getgroups.return = kprobe.function("sys_getgroups16").return ?, + kprobe.function("sys32_getgroups16").return ?, + kprobe.function("SyS_getgroups").return ?, + kprobe.function("sys_getgroups").return ? { name = "getgroups" retstr = returnstr(1) @@ -1769,7 +1890,8 @@ probe nd_syscall.getgroups.return = kprobe.function("sys_getgroups").return ?, # gethostname ________________________________________________ # long sys_gethostname(char __user *name, int len) -probe nd_syscall.gethostname = kprobe.function("sys_gethostname") ? +probe nd_syscall.gethostname = kprobe.function("SyS_gethostname") ?, + kprobe.function("sys_gethostname") ? { name = "gethostname" // name_uaddr = $name @@ -1779,7 +1901,8 @@ probe nd_syscall.gethostname = kprobe.function("sys_gethostname") ? len = int_arg(2) argstr = sprintf ("%p, %d", name_uaddr, len) } -probe nd_syscall.gethostname.return = kprobe.function("sys_gethostname").return ? +probe nd_syscall.gethostname.return = kprobe.function("SyS_gethostname").return ?, + kprobe.function("sys_gethostname").return ? { name = "gethostname" retstr = returnstr(1) @@ -1788,7 +1911,8 @@ probe nd_syscall.gethostname.return = kprobe.function("sys_gethostname").return # getitimer __________________________________________________ # sys_getitimer(int which, struct itimerval __user *value) # -probe nd_syscall.getitimer = kprobe.function("sys_getitimer") +probe nd_syscall.getitimer = kprobe.function("SyS_getitimer") ?, + kprobe.function("sys_getitimer") ? { name = "getitimer" // which = $which @@ -1799,7 +1923,8 @@ probe nd_syscall.getitimer = kprobe.function("sys_getitimer") value_uaddr = pointer_arg(2) argstr = sprintf("%s, %p", _itimer_which_str(which), value_uaddr) } -probe nd_syscall.getitimer.return = kprobe.function("sys_getitimer").return +probe nd_syscall.getitimer.return = kprobe.function("SyS_getitimer").return ?, + kprobe.function("sys_getitimer").return ? { name = "getitimer" retstr = returnstr(1) @@ -1833,8 +1958,9 @@ probe nd_syscall.compat_getitimer.return = kprobe.function("compat_sys_getitimer # compat_ulong_t maxnode, # compat_ulong_t addr, compat_ulong_t flags) # -probe nd_syscall.get_mempolicy = kprobe.function("sys_get_mempolicy") ?, - kprobe.function("compat_sys_get_mempolicy") ? +probe nd_syscall.get_mempolicy = kprobe.function("compat_sys_get_mempolicy") ?, + kprobe.function("SyS_get_mempolicy") ?, + kprobe.function("sys_get_mempolicy") ? { name = "get_mempolicy" // policy_uaddr = $policy @@ -1853,8 +1979,9 @@ probe nd_syscall.get_mempolicy = kprobe.function("sys_get_mempolicy") ?, argstr = sprintf("%p, %p, %d, %p, 0x%x", policy_uaddr, nmask_uaddr, maxnode, addr, flags) } -probe nd_syscall.get_mempolicy.return = kprobe.function("sys_get_mempolicy").return ?, - kprobe.function("compat_sys_get_mempolicy").return ? +probe nd_syscall.get_mempolicy.return = kprobe.function("compat_sys_get_mempolicy").return ?, + kprobe.function("SyS_get_mempolicy").return ?, + kprobe.function("sys_get_mempolicy").return ? { name = "get_mempolicy" retstr = returnstr(1) @@ -1863,7 +1990,8 @@ probe nd_syscall.get_mempolicy.return = kprobe.function("sys_get_mempolicy").ret # getpeername ________________________________________________ # long sys_getpeername(int fd, struct sockaddr __user *usockaddr, int __user *usockaddr_len) # -probe nd_syscall.getpeername = kprobe.function("sys_getpeername") ? +probe nd_syscall.getpeername = kprobe.function("SyS_getpeername") ?, + kprobe.function("sys_getpeername") ? { name = "getpeername" // s = $fd @@ -1876,7 +2004,8 @@ probe nd_syscall.getpeername = kprobe.function("sys_getpeername") ? namelen_uaddr = pointer_arg(3) argstr = sprintf("%d, %p, %p", s, name_uaddr, namelen_uaddr) } -probe nd_syscall.getpeername.return = kprobe.function("sys_getpeername").return ? +probe nd_syscall.getpeername.return = kprobe.function("SyS_getpeername").return ?, + kprobe.function("sys_getpeername").return ? { name = "getpeername" retstr = returnstr(1) @@ -1884,7 +2013,8 @@ probe nd_syscall.getpeername.return = kprobe.function("sys_getpeername").return # getpgid ____________________________________________________ # long sys_getpgid(pid_t pid) -probe nd_syscall.getpgid = kprobe.function("sys_getpgid") +probe nd_syscall.getpgid = kprobe.function("SyS_getpgid") ?, + kprobe.function("sys_getpgid") ? { name = "getpgid" // pid = $pid @@ -1893,7 +2023,8 @@ probe nd_syscall.getpgid = kprobe.function("sys_getpgid") pid = int_arg(1) argstr = sprintf("%d", pid) } -probe nd_syscall.getpgid.return = kprobe.function("sys_getpgid").return +probe nd_syscall.getpgid.return = kprobe.function("SyS_getpgid").return ?, + kprobe.function("sys_getpgid").return ? { name = "getpgid" retstr = returnstr(1) @@ -1940,7 +2071,8 @@ probe nd_syscall.getppid.return = kprobe.function("sys_getppid").return # getpriority ________________________________________________ # long sys_getpriority(int which, int who) -probe nd_syscall.getpriority = kprobe.function("sys_getpriority") +probe nd_syscall.getpriority = kprobe.function("SyS_getpriority") ?, + kprobe.function("sys_getpriority") ? { name = "getpriority" // which = $which @@ -1950,7 +2082,8 @@ probe nd_syscall.getpriority = kprobe.function("sys_getpriority") who = int_arg(2) argstr = sprintf("%s, %d", _priority_which_str(which), who) } -probe nd_syscall.getpriority.return = kprobe.function("sys_getpriority").return +probe nd_syscall.getpriority.return = kprobe.function("SyS_getpriority").return ?, + kprobe.function("sys_getpriority").return ? { name = "getpriority" retstr = returnstr(1) @@ -1964,7 +2097,8 @@ probe nd_syscall.getpriority.return = kprobe.function("sys_getpriority").return # old_uid_t __user *egid, # old_uid_t __user *sgid) probe nd_syscall.getresgid = kprobe.function("sys_getresgid16") ?, - kprobe.function("sys_getresgid") + kprobe.function("SyS_getresgid") ?, + kprobe.function("sys_getresgid") ? { name = "getresgid" // rgid_uaddr = $rgid @@ -1978,7 +2112,8 @@ probe nd_syscall.getresgid = kprobe.function("sys_getresgid16") ?, argstr = sprintf("%p, %p, %p", rgid_uaddr, egid_uaddr, sgid_uaddr) } probe nd_syscall.getresgid.return = kprobe.function("sys_getresgid16").return ?, - kprobe.function("sys_getresgid").return + kprobe.function("SyS_getresgid").return ?, + kprobe.function("sys_getresgid").return ? { name = "getresgid" retstr = returnstr(1) @@ -1989,7 +2124,8 @@ probe nd_syscall.getresgid.return = kprobe.function("sys_getresgid16").return ?, # uid_t __user *euid, # uid_t __user *suid) probe nd_syscall.getresuid = kprobe.function("sys_getresuid16") ?, - kprobe.function("sys_getresuid") + kprobe.function("SyS_getresuid") ?, + kprobe.function("sys_getresuid") ? { name = "getresuid" // ruid_uaddr = $ruid @@ -2003,7 +2139,8 @@ probe nd_syscall.getresuid = kprobe.function("sys_getresuid16") ?, argstr = sprintf("%p, %p, %p", ruid_uaddr, euid_uaddr, suid_uaddr) } probe nd_syscall.getresuid.return = kprobe.function("sys_getresuid16").return ?, - kprobe.function("sys_getresuid").return + kprobe.function("SyS_getresuid").return ?, + kprobe.function("sys_getresuid").return ? { name = "getresuid" retstr = returnstr(1) @@ -2013,7 +2150,9 @@ probe nd_syscall.getresuid.return = kprobe.function("sys_getresuid16").return ?, # long sys_getrlimit(unsigned int resource, struct rlimit __user *rlim) # long sys_old_getrlimit(unsigned int resource, struct rlimit __user *rlim) # long compat_sys_getrlimit (unsigned int resource, struct compat_rlimit __user *rlim) -probe nd_syscall.getrlimit = kprobe.function("sys_getrlimit"), +probe nd_syscall.getrlimit = kprobe.function("SyS_getrlimit") ?, + kprobe.function("sys_getrlimit") ?, + kprobe.function("SyS_old_getrlimit") ?, kprobe.function("sys_old_getrlimit") ?, kprobe.function("compat_sys_getrlimit") ? { @@ -2026,7 +2165,9 @@ probe nd_syscall.getrlimit = kprobe.function("sys_getrlimit"), rlim_uaddr = pointer_arg(2) argstr = sprintf("%s, %p", _rlimit_resource_str(resource), rlim_uaddr) } -probe nd_syscall.getrlimit.return = kprobe.function("sys_getrlimit").return, +probe nd_syscall.getrlimit.return = kprobe.function("SyS_getrlimit").return ?, + kprobe.function("sys_getrlimit").return ?, + kprobe.function("SyS_old_getrlimit").return ?, kprobe.function("sys_old_getrlimit").return ?, kprobe.function("compat_sys_getrlimit").return ? { @@ -2036,7 +2177,8 @@ probe nd_syscall.getrlimit.return = kprobe.function("sys_getrlimit").return, # getrusage __________________________________________________ # long sys_getrusage(int who, struct rusage __user *ru) -probe nd_syscall.getrusage = kprobe.function("sys_getrusage") +probe nd_syscall.getrusage = kprobe.function("SyS_getrusage") ?, + kprobe.function("sys_getrusage") ? { name = "getrusage" // who = $who @@ -2056,7 +2198,8 @@ probe nd_syscall.getrusage = kprobe.function("sys_getrusage") usage_uaddr = pointer_arg(2) argstr = sprintf("%s, %p", who_str, usage_uaddr) } -probe nd_syscall.getrusage.return = kprobe.function("sys_getrusage").return +probe nd_syscall.getrusage.return = kprobe.function("SyS_getrusage").return ?, + kprobe.function("sys_getrusage").return ? { name = "getrusage" retstr = returnstr(1) @@ -2064,7 +2207,8 @@ probe nd_syscall.getrusage.return = kprobe.function("sys_getrusage").return # getsid _____________________________________________________ # long sys_getsid(pid_t pid) -probe nd_syscall.getsid = kprobe.function("sys_getsid") +probe nd_syscall.getsid = kprobe.function("SyS_getsid") ?, + kprobe.function("sys_getsid") ? { name = "getsid" // pid = $pid @@ -2072,7 +2216,8 @@ probe nd_syscall.getsid = kprobe.function("sys_getsid") pid = int_arg(1) argstr = sprint(pid) } -probe nd_syscall.getsid.return = kprobe.function("sys_getsid").return +probe nd_syscall.getsid.return = kprobe.function("SyS_getsid").return ?, + kprobe.function("sys_getsid").return ? { name = "getsid" retstr = returnstr(1) @@ -2082,7 +2227,8 @@ probe nd_syscall.getsid.return = kprobe.function("sys_getsid").return # long sys_getsockname(int fd, # struct sockaddr __user *usockaddr, # int __user *usockaddr_len) -probe nd_syscall.getsockname = kprobe.function("sys_getsockname") ? +probe nd_syscall.getsockname = kprobe.function("SyS_getsockname") ?, + kprobe.function("sys_getsockname") ? { name = "getsockname" // s = $fd @@ -2095,7 +2241,8 @@ probe nd_syscall.getsockname = kprobe.function("sys_getsockname") ? namelen_uaddr = pointer_arg(3) argstr = sprintf("%d, %p, %p", s, name_uaddr, namelen_uaddr) } -probe nd_syscall.getsockname.return = kprobe.function("sys_getsockname").return ? +probe nd_syscall.getsockname.return = kprobe.function("SyS_getsockname").return ?, + kprobe.function("sys_getsockname").return ? { name = "getsockname" retstr = returnstr(1) @@ -2108,8 +2255,9 @@ probe nd_syscall.getsockname.return = kprobe.function("sys_getsockname").return # char __user *optval, # int __user *optlen) # -probe nd_syscall.getsockopt = kprobe.function("sys_getsockopt") ?, - kprobe.function("compat_sys_getsockopt") ? +probe nd_syscall.getsockopt = kprobe.function("compat_sys_getsockopt") ?, + kprobe.function("SyS_getsockopt") ?, + kprobe.function("sys_getsockopt") ? { name = "getsockopt" // fd = $fd @@ -2132,8 +2280,9 @@ probe nd_syscall.getsockopt = kprobe.function("sys_getsockopt") ?, argstr = sprintf("%d, %s, %s, %p, %p", fd, _sockopt_level_str(level), _sockopt_optname_str(optname), optval_uaddr, optlen_uaddr) } -probe nd_syscall.getsockopt.return = kprobe.function("sys_getsockopt").return ?, - kprobe.function("compat_sys_getsockopt").return ? +probe nd_syscall.getsockopt.return = kprobe.function("compat_sys_getsockopt").return ?, + kprobe.function("SyS_getsockopt").return ?, + kprobe.function("sys_getsockopt").return ? { name = "getsockopt" retstr = returnstr(1) @@ -2159,9 +2308,10 @@ probe nd_syscall.gettid.return = kprobe.function("sys_gettid").return # struct timezone __user *tz) # long compat_sys_gettimeofday(struct compat_timeval __user *tv, # struct timezone __user *tz) -probe nd_syscall.gettimeofday = kprobe.function("sys_gettimeofday"), +probe nd_syscall.gettimeofday = kprobe.function("compat_sys_gettimeofday") ?, kprobe.function("sys32_gettimeofday") ?, - kprobe.function("compat_sys_gettimeofday") ? + kprobe.function("SyS_gettimeofday") ?, + kprobe.function("sys_gettimeofday") ? { name = "gettimeofday" // tv_uaddr = $tv @@ -2173,9 +2323,10 @@ probe nd_syscall.gettimeofday = kprobe.function("sys_gettimeofday"), argstr = sprintf("%p, %p", tv_uaddr, tz_uaddr) } -probe nd_syscall.gettimeofday.return = kprobe.function("sys_gettimeofday").return, +probe nd_syscall.gettimeofday.return = kprobe.function("compat_sys_gettimeofday").return ?, kprobe.function("sys32_gettimeofday").return ?, - kprobe.function("compat_sys_gettimeofday").return ? + kprobe.function("SyS_gettimeofday").return ?, + kprobe.function("sys_gettimeofday").return ? { name = "gettimeofday" retstr = returnstr(1) @@ -2204,7 +2355,8 @@ probe nd_syscall.getuid.return = kprobe.function("sys_getuid16").return ?, # getxattr ___________________________________________________ # ssize_t sys_getxattr(char __user *path, char __user *name, # void __user *value, size_t size) -probe nd_syscall.getxattr = kprobe.function("sys_getxattr") +probe nd_syscall.getxattr = kprobe.function("SyS_getxattr") ?, + kprobe.function("sys_getxattr") ? { name = "getxattr" // %( kernel_v >= "2.6.27" %? @@ -2234,7 +2386,8 @@ probe nd_syscall.getxattr = kprobe.function("sys_getxattr") user_string_quoted(pointer_arg(2)), value_uaddr, size) } -probe nd_syscall.getxattr.return = kprobe.function("sys_getxattr").return +probe nd_syscall.getxattr.return = kprobe.function("SyS_getxattr").return ?, + kprobe.function("sys_getxattr").return ? { name = "getxattr" retstr = returnstr(1) @@ -2245,7 +2398,8 @@ probe nd_syscall.getxattr.return = kprobe.function("sys_getxattr").return # unsigned long len, # const char __user *uargs) # -probe nd_syscall.init_module = kprobe.function("sys_init_module") ? +probe nd_syscall.init_module = kprobe.function("SyS_init_module") ?, + kprobe.function("sys_init_module") ? { name = "init_module" // umod_uaddr = $umod @@ -2258,7 +2412,8 @@ probe nd_syscall.init_module = kprobe.function("sys_init_module") ? uargs = user_string(pointer_arg(3)) argstr = sprintf("%p, %d, %s", umod_uaddr, len, user_string_quoted(pointer_arg(4))) } -probe nd_syscall.init_module.return = kprobe.function("sys_init_module").return ? +probe nd_syscall.init_module.return = kprobe.function("SyS_init_module").return ?, + kprobe.function("sys_init_module").return ? { name = "init_module" retstr = returnstr(1) @@ -2268,7 +2423,8 @@ probe nd_syscall.init_module.return = kprobe.function("sys_init_module").return # # long sys_inotify_add_watch(int fd, const char __user *path, u32 mask) # -probe nd_syscall.inotify_add_watch = kprobe.function("sys_inotify_add_watch") ? +probe nd_syscall.inotify_add_watch = kprobe.function("SyS_inotify_add_watch") ?, + kprobe.function("sys_inotify_add_watch") ? { name = "inotify_add_watch" // fd = $fd @@ -2289,7 +2445,8 @@ probe nd_syscall.inotify_add_watch = kprobe.function("sys_inotify_add_watch") ? mask = uint_arg(3) argstr = sprintf("%d, %s, %d", fd, user_string_quoted(path_uaddr), mask) } -probe nd_syscall.inotify_add_watch.return = kprobe.function("sys_inotify_add_watch").return ? +probe nd_syscall.inotify_add_watch.return = kprobe.function("SyS_inotify_add_watch").return ?, + kprobe.function("sys_inotify_add_watch").return ? { name = "inotify_add_watch" retstr = returnstr(1) @@ -2314,7 +2471,8 @@ probe nd_syscall.inotify_init.return = kprobe.function("sys_inotify_init").retur # # long sys_inotify_rm_watch(int fd, u32 wd) # -probe nd_syscall.inotify_rm_watch = kprobe.function("sys_inotify_rm_watch") ? +probe nd_syscall.inotify_rm_watch = kprobe.function("SyS_inotify_rm_watch") ?, + kprobe.function("sys_inotify_rm_watch") ? { name = "inotify_rm_watch" // fd = $fd @@ -2325,7 +2483,8 @@ probe nd_syscall.inotify_rm_watch = kprobe.function("sys_inotify_rm_watch") ? wd = uint_arg(2) argstr = sprintf("%d, %d", fd, wd) } -probe nd_syscall.inotify_rm_watch.return = kprobe.function("sys_inotify_rm_watch").return ? +probe nd_syscall.inotify_rm_watch.return = kprobe.function("SyS_inotify_rm_watch").return ?, + kprobe.function("sys_inotify_rm_watch").return ? { name = "inotify_rm_watch" retstr = returnstr(1) @@ -2335,7 +2494,8 @@ probe nd_syscall.inotify_rm_watch.return = kprobe.function("sys_inotify_rm_watch # long sys_io_cancel(aio_context_t ctx_id, # struct iocb __user *iocb, # struct io_event __user *result) -probe nd_syscall.io_cancel = kprobe.function("sys_io_cancel") +probe nd_syscall.io_cancel = kprobe.function("SyS_io_cancel") ?, + kprobe.function("sys_io_cancel") ? { name = "io_cancel" // ctx_id = $ctx_id @@ -2347,7 +2507,8 @@ probe nd_syscall.io_cancel = kprobe.function("sys_io_cancel") result_uaddr = pointer_arg(3) argstr = sprintf("%d, %p, %p", ctx_id, iocb_uaddr, result_uaddr) } -probe nd_syscall.io_cancel.return = kprobe.function("sys_io_cancel").return +probe nd_syscall.io_cancel.return = kprobe.function("SyS_io_cancel").return ?, + kprobe.function("sys_io_cancel").return ? { name = "io_cancel" retstr = returnstr(1) @@ -2357,8 +2518,9 @@ probe nd_syscall.io_cancel.return = kprobe.function("sys_io_cancel").return # long sys_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg) # long compat_sys_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg) # -probe nd_syscall.ioctl = kprobe.function("sys_ioctl") ?, - kprobe.function("compat_sys_ioctl") ? +probe nd_syscall.ioctl = kprobe.function("compat_sys_ioctl") ?, + kprobe.function("SyS_ioctl") ?, + kprobe.function("sys_ioctl") ? { name = "ioctl" // fd = $fd @@ -2371,8 +2533,9 @@ probe nd_syscall.ioctl = kprobe.function("sys_ioctl") ?, argp = ulong_arg(3) argstr = sprintf("%d, %d, %p", fd, request, argp) } -probe nd_syscall.ioctl.return = kprobe.function("sys_ioctl").return ?, - kprobe.function("compat_sys_ioctl").return ? +probe nd_syscall.ioctl.return = kprobe.function("compat_sys_ioctl").return ?, + kprobe.function("SyS_ioctl").return ?, + kprobe.function("sys_ioctl").return ? { name = "ioctl" retstr = returnstr(1) @@ -2380,7 +2543,8 @@ probe nd_syscall.ioctl.return = kprobe.function("sys_ioctl").return ?, # io_destroy _________________________________________________ # long sys_io_destroy(aio_context_t ctx) -probe nd_syscall.io_destroy = kprobe.function("sys_io_destroy") +probe nd_syscall.io_destroy = kprobe.function("SyS_io_destroy") ?, + kprobe.function("sys_io_destroy") ? { name = "io_destroy" // ctx = $ctx @@ -2388,7 +2552,8 @@ probe nd_syscall.io_destroy = kprobe.function("sys_io_destroy") ctx = ulong_arg(1) argstr = sprintf("%d", ctx) } -probe nd_syscall.io_destroy.return = kprobe.function("sys_io_destroy").return +probe nd_syscall.io_destroy.return = kprobe.function("SyS_io_destroy").return ?, + kprobe.function("sys_io_destroy").return ? { name = "io_destroy" retstr = returnstr(1) @@ -2406,8 +2571,9 @@ probe nd_syscall.io_destroy.return = kprobe.function("sys_io_destroy").return # struct io_event __user *events, # struct compat_timespec __user *timeout) # -probe nd_syscall.io_getevents = kprobe.function("sys_io_getevents") ?, - kprobe.function("compat_sys_io_getevents") ? +probe nd_syscall.io_getevents = kprobe.function("compat_sys_io_getevents") ?, + kprobe.function("SyS_io_getevents") ?, + kprobe.function("sys_io_getevents") ? { name = "io_getevents" // ctx_id = $ctx_id @@ -2428,8 +2594,9 @@ probe nd_syscall.io_getevents = kprobe.function("sys_io_getevents") ?, argstr = sprintf("%d, %d, %d, %p, %p, %s", ctx_id, min_nr, nr, events_uaddr, timeout_uaddr, timestr) } -probe nd_syscall.io_getevents.return = kprobe.function("sys_io_getevents").return ?, - kprobe.function("compat_sys_io_getevents").return ? +probe nd_syscall.io_getevents.return = kprobe.function("compat_sys_io_getevents").return ?, + kprobe.function("SyS_io_getevents").return ?, + kprobe.function("sys_io_getevents").return ? { name = "io_getevents" retstr = returnstr(1) @@ -2460,7 +2627,8 @@ probe nd_syscall.ioperm.return = kprobe.function("sys_ioperm").return ? # io_setup ___________________________________________________ # long sys_io_setup(unsigned nr_events, aio_context_t __user *ctxp) # -probe nd_syscall.io_setup = kprobe.function("sys_io_setup") +probe nd_syscall.io_setup = kprobe.function("SyS_io_setup") ?, + kprobe.function("sys_io_setup") ? { name = "io_setup" // maxevents = $nr_events @@ -2472,7 +2640,8 @@ probe nd_syscall.io_setup = kprobe.function("sys_io_setup") argstr = sprintf("%d, %p", maxevents, ctxp_uaddr) } -probe nd_syscall.io_setup.return = kprobe.function("sys_io_setup").return +probe nd_syscall.io_setup.return = kprobe.function("SyS_io_setup").return ?, + kprobe.function("sys_io_setup").return ? { name = "io_setup" retstr = returnstr(1) @@ -2500,7 +2669,8 @@ probe nd_syscall.compat_io_setup.return = kprobe.function("compat_sys_io_setup") # io_submit __________________________________________________ # long sys_io_submit(aio_context_t ctx_id, long nr, struct iocb __user * __user *iocbpp) # -probe nd_syscall.io_submit = kprobe.function("sys_io_submit") +probe nd_syscall.io_submit = kprobe.function("SyS_io_submit") ?, + kprobe.function("sys_io_submit") ? { name = "io_submit" // ctx_id = $ctx_id @@ -2513,7 +2683,8 @@ probe nd_syscall.io_submit = kprobe.function("sys_io_submit") iocbpp_uaddr = pointer_arg(3) argstr = sprintf("%d, %d, %p", ctx_id, nr, iocbpp_uaddr) } -probe nd_syscall.io_submit.return = kprobe.function("sys_io_submit").return +probe nd_syscall.io_submit.return = kprobe.function("SyS_io_submit").return ?, + kprobe.function("sys_io_submit").return ? { name = "io_submit" retstr = returnstr(1) @@ -2542,7 +2713,8 @@ probe nd_syscall.compat_io_submit.return = kprobe.function("compat_sys_io_submit # ioprio_get _________________________________________________ # long sys_ioprio_get(int which, int who) # -probe nd_syscall.ioprio_get = kprobe.function("sys_ioprio_get") ? +probe nd_syscall.ioprio_get = kprobe.function("SyS_ioprio_get") ?, + kprobe.function("sys_ioprio_get") ? { name = "ioprio_get" // which = $which @@ -2553,7 +2725,8 @@ probe nd_syscall.ioprio_get = kprobe.function("sys_ioprio_get") ? who = int_arg(2) argstr = sprintf("%d, %d", which, who) } -probe nd_syscall.ioprio_get.return = kprobe.function("sys_ioprio_get").return ? +probe nd_syscall.ioprio_get.return = kprobe.function("SyS_ioprio_get").return ?, + kprobe.function("sys_ioprio_get").return ? { name = "ioprio_get" retstr = returnstr(1) @@ -2562,7 +2735,8 @@ probe nd_syscall.ioprio_get.return = kprobe.function("sys_ioprio_get").return ? # ioprio_set _________________________________________________ # long sys_ioprio_set(int which, int who, int ioprio) # -probe nd_syscall.ioprio_set = kprobe.function("sys_ioprio_set") ? +probe nd_syscall.ioprio_set = kprobe.function("SyS_ioprio_set") ?, + kprobe.function("sys_ioprio_set") ? { name = "ioprio_set" // which = $which @@ -2575,7 +2749,8 @@ probe nd_syscall.ioprio_set = kprobe.function("sys_ioprio_set") ? ioprio = int_arg(3) argstr = sprintf("%d, %d, %d", which, who, ioprio) } -probe nd_syscall.ioprio_set.return = kprobe.function("sys_ioprio_set").return ? +probe nd_syscall.ioprio_set.return = kprobe.function("SyS_ioprio_set").return ?, + kprobe.function("sys_ioprio_set").return ? { name = "ioprio_set" retstr = returnstr(1) @@ -2591,8 +2766,9 @@ probe nd_syscall.ioprio_set.return = kprobe.function("sys_ioprio_set").return ? # struct compat_kexec_segment __user *segments, # unsigned long flags) # -probe nd_syscall.kexec_load = kprobe.function("sys_kexec_load") ?, - kprobe.function("compat_sys_kexec_load") ? +probe nd_syscall.kexec_load = kprobe.function("compat_sys_kexec_load") ?, + kprobe.function("SyS_kexec_load") ?, + kprobe.function("sys_kexec_load") ? { name = "kexec_load" // entry = $entry @@ -2607,8 +2783,9 @@ probe nd_syscall.kexec_load = kprobe.function("sys_kexec_load") ?, flags = ulong_arg(4) argstr = sprintf("%p, %d, %p, %d", entry, nr_segments, segments_uaddr, flags) } -probe nd_syscall.kexec_load.return = kprobe.function("sys_kexec_load").return ?, - kprobe.function("compat_sys_kexec_load").return ? +probe nd_syscall.kexec_load.return = kprobe.function("compat_sys_kexec_load").return ?, + kprobe.function("SyS_kexec_load").return ?, + kprobe.function("sys_kexec_load").return ? { name = "kexec_load" retstr = returnstr(1) @@ -2622,8 +2799,9 @@ probe nd_syscall.kexec_load.return = kprobe.function("sys_kexec_load").return ?, # unsigned long arg5) # long compat_sys_keyctl(u32 option, u32 arg2, u32 arg3, u32 arg4, u32 arg5) # -probe nd_syscall.keyctl = kprobe.function("sys_keyctl") ?, - kprobe.function("compat_sys_keyctl") ? +probe nd_syscall.keyctl = kprobe.function("compat_sys_keyctl") ?, + kprobe.function("SyS_keyctl") ?, + kprobe.function("sys_keyctl") ? { name = "keyctl" // argstr = sprintf("%d, ...", $option) @@ -2631,8 +2809,9 @@ probe nd_syscall.keyctl = kprobe.function("sys_keyctl") ?, argstr = sprintf("%d, ...", uint_arg(1)) } -probe nd_syscall.keyctl.return = kprobe.function("sys_keyctl").return ?, - kprobe.function("compat_sys_keyctl").return ? +probe nd_syscall.keyctl.return = kprobe.function("compat_sys_keyctl").return ?, + kprobe.function("SyS_keyctl").return ?, + kprobe.function("sys_keyctl").return ? { name = "keyctl" retstr = returnstr(1) @@ -2640,7 +2819,8 @@ probe nd_syscall.keyctl.return = kprobe.function("sys_keyctl").return ?, # kill _______________________________________________________ # long sys_kill(int pid, int sig) -probe nd_syscall.kill = kprobe.function("sys_kill") +probe nd_syscall.kill = kprobe.function("SyS_kill") ?, + kprobe.function("sys_kill") ? { name = "kill" // pid = $pid @@ -2651,7 +2831,8 @@ probe nd_syscall.kill = kprobe.function("sys_kill") sig = int_arg(2) argstr = sprintf("%d, %s", pid, _signal_name(sig)) } -probe nd_syscall.kill.return = kprobe.function("sys_kill").return +probe nd_syscall.kill.return = kprobe.function("SyS_kill").return ?, + kprobe.function("sys_kill").return ? { name = "kill" retstr = returnstr(1) @@ -2660,7 +2841,8 @@ probe nd_syscall.kill.return = kprobe.function("sys_kill").return # lchown _____________________________________________________ # long sys_lchown(const char __user * filename, uid_t user, gid_t group) # -probe nd_syscall.lchown = kprobe.function("sys_lchown") +probe nd_syscall.lchown = kprobe.function("SyS_lchown") ?, + kprobe.function("sys_lchown") ? { name = "lchown" // path = user_string($filename) @@ -2673,7 +2855,8 @@ probe nd_syscall.lchown = kprobe.function("sys_lchown") group = __int32(uint_arg(3)) argstr = sprintf("%s, %d, %d", user_string_quoted(pointer_arg(1)), owner, group) } -probe nd_syscall.lchown.return = kprobe.function("sys_lchown").return +probe nd_syscall.lchown.return = kprobe.function("SyS_lchown").return ?, + kprobe.function("sys_lchown").return ? { name = "lchown" retstr = returnstr(1) @@ -2707,7 +2890,8 @@ probe nd_syscall.lchown16.return = kprobe.function("sys_lchown16").return ? # void __user *value, # size_t size) # -probe nd_syscall.lgetxattr = kprobe.function("sys_lgetxattr") +probe nd_syscall.lgetxattr = kprobe.function("SyS_lgetxattr") ?, + kprobe.function("sys_lgetxattr") ? { name = "lgetxattr" // %( kernel_v >= "2.6.27" %? @@ -2738,7 +2922,8 @@ probe nd_syscall.lgetxattr = kprobe.function("sys_lgetxattr") user_string_quoted(pointer_arg(2)), value_uaddr, size) } -probe nd_syscall.lgetxattr.return = kprobe.function("sys_lgetxattr").return +probe nd_syscall.lgetxattr.return = kprobe.function("SyS_lgetxattr").return ?, + kprobe.function("sys_lgetxattr").return ? { name = "lgetxattr" retstr = returnstr(1) @@ -2746,7 +2931,8 @@ probe nd_syscall.lgetxattr.return = kprobe.function("sys_lgetxattr").return # link _______________________________________________________ # long sys_link(const char __user * oldname, # const char __user * newname) -probe nd_syscall.link = kprobe.function("sys_link") +probe nd_syscall.link = kprobe.function("SyS_link") ?, + kprobe.function("sys_link") ? { name = "link" // oldpath = user_string($oldname) @@ -2761,7 +2947,8 @@ probe nd_syscall.link = kprobe.function("sys_link") user_string_quoted(pointer_arg(1)), user_string_quoted(pointer_arg(2))) } -probe nd_syscall.link.return = kprobe.function("sys_link").return +probe nd_syscall.link.return = kprobe.function("SyS_link").return ?, + kprobe.function("sys_link").return ? { name = "link" retstr = returnstr(1) @@ -2771,7 +2958,8 @@ probe nd_syscall.link.return = kprobe.function("sys_link").return # new function with 2.6.16 # long sys_linkat(int olddfd, const char __user *oldname, # int newdfd, const char __user *newname, int flags) -probe nd_syscall.linkat = kprobe.function("sys_linkat") ? +probe nd_syscall.linkat = kprobe.function("SyS_linkat") ?, + kprobe.function("sys_linkat") ? { name = "linkat" // olddirfd = $olddfd @@ -2800,7 +2988,8 @@ probe nd_syscall.linkat = kprobe.function("sys_linkat") ? newdirfd_str, user_string_quoted(pointer_arg(4)), flags_str) } -probe nd_syscall.linkat.return = kprobe.function("sys_linkat").return ? +probe nd_syscall.linkat.return = kprobe.function("SyS_linkat").return ?, + kprobe.function("sys_linkat").return ? { name = "linkat" retstr = returnstr(1) @@ -2808,7 +2997,8 @@ probe nd_syscall.linkat.return = kprobe.function("sys_linkat").return ? # listen _____________________________________________________ # long sys_listen(int fd, int backlog) -probe nd_syscall.listen = kprobe.function("sys_listen") ? +probe nd_syscall.listen = kprobe.function("SyS_listen") ?, + kprobe.function("sys_listen") ? { name = "listen" // sockfd = $fd @@ -2819,7 +3009,8 @@ probe nd_syscall.listen = kprobe.function("sys_listen") ? backlog = int_arg(2) argstr = sprintf("%d, %d", sockfd, backlog) } -probe nd_syscall.listen.return = kprobe.function("sys_listen").return ? +probe nd_syscall.listen.return = kprobe.function("SyS_listen").return ?, + kprobe.function("sys_listen").return ? { name = "listen" retstr = returnstr(1) @@ -2828,7 +3019,8 @@ probe nd_syscall.listen.return = kprobe.function("sys_listen").return ? # listxattr __________________________________________________ # ssize_t sys_listxattr(char __user *path, char __user *list, size_t size) # -probe nd_syscall.listxattr = kprobe.function("sys_listxattr") +probe nd_syscall.listxattr = kprobe.function("SyS_listxattr") ?, + kprobe.function("sys_listxattr") ? { name = "listxattr" // list_uaddr = $list @@ -2849,7 +3041,8 @@ probe nd_syscall.listxattr = kprobe.function("sys_listxattr") size = ulong_arg(3) argstr = sprintf("%s, %p, %d", user_string_quoted(path_uaddr), list_uaddr, size) } -probe nd_syscall.listxattr.return = kprobe.function("sys_listxattr").return +probe nd_syscall.listxattr.return = kprobe.function("SyS_listxattr").return ?, + kprobe.function("sys_listxattr").return ? { name = "listxattr" retstr = returnstr(1) @@ -2858,7 +3051,8 @@ probe nd_syscall.listxattr.return = kprobe.function("sys_listxattr").return # llistxattr _________________________________________________ # ssize_t sys_llistxattr(char __user *path, char __user *list, size_t size) # -probe nd_syscall.llistxattr = kprobe.function("sys_llistxattr") +probe nd_syscall.llistxattr = kprobe.function("SyS_llistxattr") ?, + kprobe.function("sys_llistxattr") ? { name = "llistxattr" // list_uaddr = $list @@ -2879,7 +3073,8 @@ probe nd_syscall.llistxattr = kprobe.function("sys_llistxattr") size = ulong_arg(3) argstr = sprintf("%s, %p, %d", user_string_quoted(path_uaddr), list_uaddr, size) } -probe nd_syscall.llistxattr.return = kprobe.function("sys_llistxattr").return +probe nd_syscall.llistxattr.return = kprobe.function("SyS_llistxattr").return ?, + kprobe.function("sys_llistxattr").return ? { name = "llistxattr" retstr = returnstr(1) @@ -2891,7 +3086,8 @@ probe nd_syscall.llistxattr.return = kprobe.function("sys_llistxattr").return # unsigned long offset_low, # loff_t __user * result, # unsigned int origin) -probe nd_syscall.llseek = kprobe.function("sys_llseek") ? +probe nd_syscall.llseek = kprobe.function("SyS_llseek") ?, + kprobe.function("sys_llseek") ? { name = "llseek" // fd = $fd @@ -2912,7 +3108,8 @@ probe nd_syscall.llseek = kprobe.function("sys_llseek") ? argstr = sprintf("%d, 0x%x, 0x%x, %p, %s", fd, offset_high, offset_low, result_uaddr, whence_str) } -probe nd_syscall.llseek.return = kprobe.function("sys_llseek").return ? +probe nd_syscall.llseek.return = kprobe.function("SyS_llseek").return ?, + kprobe.function("sys_llseek").return ? { name = "llseek" retstr = returnstr(1) @@ -2921,7 +3118,8 @@ probe nd_syscall.llseek.return = kprobe.function("sys_llseek").return ? # lookup_dcookie _____________________________________________ # long sys_lookup_dcookie(u64 cookie64, char __user * buf, size_t len) # -probe nd_syscall.lookup_dcookie = kprobe.function("sys_lookup_dcookie") ? +probe nd_syscall.lookup_dcookie = kprobe.function("SyS_lookup_dcookie") ?, + kprobe.function("sys_lookup_dcookie") ? { name = "lookup_dcookie" // cookie = $cookie64 @@ -2934,7 +3132,8 @@ probe nd_syscall.lookup_dcookie = kprobe.function("sys_lookup_dcookie") ? len = ulong_arg(3) argstr = sprintf("%d, %p, %d", cookie, buffer_uaddr, len) } -probe nd_syscall.lookup_dcookie.return = kprobe.function("sys_lookup_dcookie").return ? +probe nd_syscall.lookup_dcookie.return = kprobe.function("SyS_lookup_dcookie").return ?, + kprobe.function("sys_lookup_dcookie").return ? { name = "lookup_dcookie" retstr = returnstr(1) @@ -2943,7 +3142,8 @@ probe nd_syscall.lookup_dcookie.return = kprobe.function("sys_lookup_dcookie").r # lremovexattr _______________________________________________ # long sys_lremovexattr(char __user *path, char __user *name) # -probe nd_syscall.lremovexattr = kprobe.function("sys_lremovexattr") +probe nd_syscall.lremovexattr = kprobe.function("SyS_lremovexattr") ?, + kprobe.function("sys_lremovexattr") ? { name = "lremovexattr" // name_uaddr = $name @@ -2964,7 +3164,8 @@ probe nd_syscall.lremovexattr = kprobe.function("sys_lremovexattr") name2 = user_string(name_uaddr) argstr = sprintf("%s, %s", user_string_quoted(path_uaddr), user_string_quoted(name_uaddr)) } -probe nd_syscall.lremovexattr.return = kprobe.function("sys_lremovexattr").return +probe nd_syscall.lremovexattr.return = kprobe.function("SyS_lremovexattr").return ?, + kprobe.function("sys_lremovexattr").return ? { name = "lremovexattr" retstr = returnstr(1) @@ -2972,7 +3173,8 @@ probe nd_syscall.lremovexattr.return = kprobe.function("sys_lremovexattr").retur # lseek ______________________________________________________ # off_t sys_lseek(unsigned int fd, off_t offset, unsigned int origin) -probe nd_syscall.lseek = kprobe.function("sys_lseek") +probe nd_syscall.lseek = kprobe.function("SyS_lseek") ?, + kprobe.function("sys_lseek") ? { name = "lseek" // fildes = $fd @@ -2988,7 +3190,8 @@ probe nd_syscall.lseek = kprobe.function("sys_lseek") whence_str = _seek_whence_str(whence) argstr = sprintf("%d, %d, %s", fildes, offset, whence_str) } -probe nd_syscall.lseek.return = kprobe.function("sys_lseek").return +probe nd_syscall.lseek.return = kprobe.function("SyS_lseek").return ?, + kprobe.function("sys_lseek").return ? { name = "lseek" retstr = returnstr(1) @@ -3001,7 +3204,8 @@ probe nd_syscall.lseek.return = kprobe.function("sys_lseek").return # size_t size, # int flags) # -probe nd_syscall.lsetxattr = kprobe.function("sys_lsetxattr") +probe nd_syscall.lsetxattr = kprobe.function("SyS_lsetxattr") ?, + kprobe.function("sys_lsetxattr") ? { name = "lsetxattr" // %( kernel_v >= "2.6.27" %? @@ -3037,7 +3241,8 @@ probe nd_syscall.lsetxattr = kprobe.function("sys_lsetxattr") user_string_quoted(name_uaddr), value_uaddr, size, flags) } -probe nd_syscall.lsetxattr.return = kprobe.function("sys_lsetxattr").return +probe nd_syscall.lsetxattr.return = kprobe.function("SyS_lsetxattr").return ?, + kprobe.function("sys_lsetxattr").return ? { name = "lsetxattr" retstr = returnstr(1) @@ -3053,9 +3258,11 @@ probe nd_syscall.lsetxattr.return = kprobe.function("sys_lsetxattr").return # struct oldabi_stat64 __user * statbuf) # probe nd_syscall.lstat = kprobe.function("sys_lstat") ?, + kprobe.function("SyS_newlstat") ?, kprobe.function("sys_newlstat") ?, kprobe.function("compat_sys_newlstat") ?, kprobe.function("sys32_lstat64") ?, + kprobe.function("SyS_lstat64") ?, kprobe.function("sys_lstat64") ?, kprobe.function("sys_oabi_lstat64") ? { @@ -3069,9 +3276,11 @@ probe nd_syscall.lstat = kprobe.function("sys_lstat") ?, argstr = sprintf("%s, %p", user_string_quoted(pointer_arg(1)), buf_uaddr) } probe nd_syscall.lstat.return = kprobe.function("sys_lstat").return ?, + kprobe.function("SyS_newlstat").return ?, kprobe.function("sys_newlstat").return ?, kprobe.function("compat_sys_newlstat").return ?, kprobe.function("sys32_lstat64").return ?, + kprobe.function("SyS_lstat64").return ?, kprobe.function("sys_lstat64").return ?, kprobe.function("sys_oabi_lstat64").return ? { @@ -3082,7 +3291,8 @@ probe nd_syscall.lstat.return = kprobe.function("sys_lstat").return ?, # madvise ____________________________________________________ # long sys_madvise(unsigned long start, size_t len_in, int behavior) # -probe nd_syscall.madvise = kprobe.function("sys_madvise") ? +probe nd_syscall.madvise = kprobe.function("SyS_madvise") ?, + kprobe.function("sys_madvise") ? { name = "madvise" // start = $start @@ -3097,7 +3307,8 @@ probe nd_syscall.madvise = kprobe.function("sys_madvise") ? advice_str = _madvice_advice_str(advice) argstr = sprintf("%p, %d, %s", start, length, _madvice_advice_str(advice)) } -probe nd_syscall.madvise.return = kprobe.function("sys_madvise").return ? +probe nd_syscall.madvise.return = kprobe.function("SyS_madvise").return ?, + kprobe.function("sys_madvise").return ? { name = "madvise" retstr = returnstr(1) @@ -3118,8 +3329,9 @@ probe nd_syscall.madvise.return = kprobe.function("sys_madvise").return ? # compat_ulong_t maxnode, # compat_ulong_t flags) # -probe nd_syscall.mbind = kprobe.function("sys_mbind") ?, - kprobe.function("compat_sys_mbind") ? +probe nd_syscall.mbind = kprobe.function("compat_sys_mbind") ?, + kprobe.function("SyS_mbind") ?, + kprobe.function("sys_mbind") ? { name = "mbind" // start = $start @@ -3140,8 +3352,9 @@ probe nd_syscall.mbind = kprobe.function("sys_mbind") ?, argstr = sprintf("%d, %d, %d, %p, %d, 0x%x", start, len, mode, nmask_uaddr, maxnode, flags) } -probe nd_syscall.mbind.return = kprobe.function("sys_mbind").return ?, - kprobe.function("compat_sys_mbind").return ? +probe nd_syscall.mbind.return = kprobe.function("compat_sys_mbind").return ?, + kprobe.function("SyS_mbind").return ?, + kprobe.function("sys_mbind").return ? { name = "mbind" retstr = returnstr(1) @@ -3151,14 +3364,16 @@ probe nd_syscall.mbind.return = kprobe.function("sys_mbind").return ?, # long sys_migrate_pages(pid_t pid, unsigned long maxnode, # const unsigned long __user *old_nodes, # const unsigned long __user *new_nodes) -probe nd_syscall.migrate_pages = kprobe.function("sys_migrate_pages") ? +probe nd_syscall.migrate_pages = kprobe.function("SyS_migrate_pages") ?, + kprobe.function("sys_migrate_pages") ? { name = "migrate_pages" // argstr = sprintf("%d, %d, %p, %p", $pid, $maxnode, $old_nodes, $new_nodes) asmlinkage() argstr = sprintf("%d, %d, %p, %p", int_arg(1), ulong_arg(2), pointer_arg(3), pointer_arg(4)) } -probe nd_syscall.migrate_pages.return = kprobe.function("sys_migrate_pages").return ? +probe nd_syscall.migrate_pages.return = kprobe.function("SyS_migrate_pages").return ?, + kprobe.function("sys_migrate_pages").return ? { name = "migrate_pages" retstr = returnstr(1) @@ -3167,7 +3382,8 @@ probe nd_syscall.migrate_pages.return = kprobe.function("sys_migrate_pages").ret # mincore ____________________________________________________ # long sys_mincore(unsigned long start, size_t len, unsigned char __user * vec) # -probe nd_syscall.mincore = kprobe.function("sys_mincore") ? +probe nd_syscall.mincore = kprobe.function("SyS_mincore") ?, + kprobe.function("sys_mincore") ? { name = "mincore" // start = $start @@ -3180,7 +3396,8 @@ probe nd_syscall.mincore = kprobe.function("sys_mincore") ? vec_uaddr = pointer_arg(3) argstr = sprintf("%p, %d, %p", start, length, vec_uaddr) } -probe nd_syscall.mincore.return = kprobe.function("sys_mincore").return ? +probe nd_syscall.mincore.return = kprobe.function("SyS_mincore").return ?, + kprobe.function("sys_mincore").return ? { name = "mincore" retstr = returnstr(1) @@ -3188,7 +3405,8 @@ probe nd_syscall.mincore.return = kprobe.function("sys_mincore").return ? # mkdir ______________________________________________________ # long sys_mkdir(const char __user * pathname, int mode) -probe nd_syscall.mkdir = kprobe.function("sys_mkdir") +probe nd_syscall.mkdir = kprobe.function("SyS_mkdir") ?, + kprobe.function("sys_mkdir") ? { name = "mkdir" // pathname_uaddr = $pathname @@ -3201,7 +3419,8 @@ probe nd_syscall.mkdir = kprobe.function("sys_mkdir") mode = int_arg(2) argstr = sprintf("%s, %#o", user_string_quoted(pathname_uaddr), mode) } -probe nd_syscall.mkdir.return = kprobe.function("sys_mkdir").return +probe nd_syscall.mkdir.return = kprobe.function("SyS_mkdir").return ?, + kprobe.function("sys_mkdir").return ? { name = "mkdir" retstr = returnstr(1) @@ -3210,7 +3429,8 @@ probe nd_syscall.mkdir.return = kprobe.function("sys_mkdir").return # mkdirat ____________________________________________________ # new function with 2.6.16 # long sys_mkdirat(int dfd, const char __user *pathname, int mode) -probe nd_syscall.mkdirat = kprobe.function("sys_mkdirat") ? +probe nd_syscall.mkdirat = kprobe.function("SyS_mkdirat") ?, + kprobe.function("sys_mkdirat") ? { name = "mkdirat" // dirfd = $dfd @@ -3223,7 +3443,8 @@ probe nd_syscall.mkdirat = kprobe.function("sys_mkdirat") ? mode = int_arg(3) argstr = sprintf("%d, %s, %#o", dirfd, user_string_quoted(pointer_arg(2)), mode) } -probe nd_syscall.mkdirat.return = kprobe.function("sys_mkdirat").return ? +probe nd_syscall.mkdirat.return = kprobe.function("SyS_mkdirat").return ?, + kprobe.function("sys_mkdirat").return ? { name = "mkdirat" retstr = returnstr(1) @@ -3231,7 +3452,8 @@ probe nd_syscall.mkdirat.return = kprobe.function("sys_mkdirat").return ? # mknod # long sys_mknod(const char __user * filename, int mode, unsigned dev) -probe nd_syscall.mknod = kprobe.function("sys_mknod") +probe nd_syscall.mknod = kprobe.function("SyS_mknod") ?, + kprobe.function("sys_mknod") ? { name = "mknod" // pathname = user_string($filename) @@ -3245,7 +3467,8 @@ probe nd_syscall.mknod = kprobe.function("sys_mknod") argstr = sprintf("%s, %s, %p", user_string_quoted(pointer_arg(1)), _mknod_mode_str(mode), dev) } -probe nd_syscall.mknod.return = kprobe.function("sys_mknod").return +probe nd_syscall.mknod.return = kprobe.function("SyS_mknod").return ?, + kprobe.function("sys_mknod").return ? { name = "mknod" retstr = returnstr(1) @@ -3255,7 +3478,8 @@ probe nd_syscall.mknod.return = kprobe.function("sys_mknod").return # new function with 2.6.16 # long sys_mknodat(int dfd, const char __user *filename, # int mode, unsigned dev) -probe nd_syscall.mknodat = kprobe.function("sys_mknodat") ? +probe nd_syscall.mknodat = kprobe.function("SyS_mknodat") ?, + kprobe.function("sys_mknodat") ? { name = "mknodat" // dirfd = $dfd @@ -3276,7 +3500,8 @@ probe nd_syscall.mknodat = kprobe.function("sys_mknodat") ? argstr = sprintf("%s, %s, %s, %p", dirfd_str, user_string_quoted(pointer_arg(2)), mode_str, dev) } -probe nd_syscall.mknodat.return = kprobe.function("sys_mknodat").return ? +probe nd_syscall.mknodat.return = kprobe.function("SyS_mknodat").return ?, + kprobe.function("sys_mknodat").return ? { name = "mknodat" retstr = returnstr(1) @@ -3286,7 +3511,8 @@ probe nd_syscall.mknodat.return = kprobe.function("sys_mknodat").return ? # # long sys_mlock(unsigned long start, size_t len) # -probe nd_syscall.mlock = kprobe.function("sys_mlock") ? +probe nd_syscall.mlock = kprobe.function("SyS_mlock") ?, + kprobe.function("sys_mlock") ? { name = "mlock" // addr = $start @@ -3297,7 +3523,8 @@ probe nd_syscall.mlock = kprobe.function("sys_mlock") ? len = ulong_arg(2) argstr = sprintf("%p, %d", addr, len) } -probe nd_syscall.mlock.return = kprobe.function("sys_mlock").return ? +probe nd_syscall.mlock.return = kprobe.function("SyS_mlock").return ?, + kprobe.function("sys_mlock").return ? { name = "mlock" retstr = returnstr(1) @@ -3306,7 +3533,8 @@ probe nd_syscall.mlock.return = kprobe.function("sys_mlock").return ? # # long sys_mlockall(int flags) # -probe nd_syscall.mlockall = kprobe.function("sys_mlockall") ? +probe nd_syscall.mlockall = kprobe.function("SyS_mlockall") ?, + kprobe.function("sys_mlockall") ? { name = "mlockall" // flags = $flags @@ -3315,7 +3543,8 @@ probe nd_syscall.mlockall = kprobe.function("sys_mlockall") ? flags = int_arg(1) argstr = _mlockall_flags_str(flags) } -probe nd_syscall.mlockall.return = kprobe.function("sys_mlockall").return ? +probe nd_syscall.mlockall.return = kprobe.function("SyS_mlockall").return ?, + kprobe.function("sys_mlockall").return ? { name = "mlockall" retstr = returnstr(1) @@ -3356,16 +3585,18 @@ probe nd_syscall.modify_ldt.return = kprobe.function("sys_modify_ldt").return ? # int __user *status, # int flags) # -probe nd_syscall.move_pages = kprobe.function("sys_move_pages") ?, - kprobe.function("compat_sys_move_pages") ? +probe nd_syscall.move_pages = kprobe.function("compat_sys_move_pages") ?, + kprobe.function("SyS_move_pages") ?, + kprobe.function("sys_move_pages") ? { name = "move_pages" // argstr = sprintf("%d, %d, %p, %p, 0x%x", $pid, $nr_pages, $nodes, $status, $flags) asmlinkage() argstr = sprintf("%d, %d, %p, %p, 0x%x", int_arg(1), ulong_arg(2), pointer_arg(4), pointer_arg(5), int_arg(6)) } -probe nd_syscall.move_pages.return = kprobe.function("sys_move_pages").return ?, - kprobe.function("compat_sys_move_pages").return ? +probe nd_syscall.move_pages.return = kprobe.function("compat_sys_move_pages").return ?, + kprobe.function("SyS_move_pages").return ?, + kprobe.function("sys_move_pages").return ? { name = "move_pages" retstr = returnstr(1) @@ -3382,8 +3613,9 @@ probe nd_syscall.move_pages.return = kprobe.function("sys_move_pages").return ?, # char __user * type, # unsigned long flags, # void __user * data) -probe nd_syscall.mount = kprobe.function("sys_mount"), - kprobe.function("compat_sys_mount") ? +probe nd_syscall.mount = kprobe.function("compat_sys_mount") ?, + kprobe.function("SyS_mount") ?, + kprobe.function("sys_mount") ? { name = "mount" // source = user_string($dev_name) @@ -3410,8 +3642,9 @@ probe nd_syscall.mount = kprobe.function("sys_mount"), user_string_quoted(pointer_arg(3)), mountflags_str, data) } -probe nd_syscall.mount.return = kprobe.function("sys_mount").return, - kprobe.function("compat_sys_mount").return ? +probe nd_syscall.mount.return = kprobe.function("compat_sys_mount").return ?, + kprobe.function("SyS_mount").return ?, + kprobe.function("sys_mount").return ? { name = "mount" retstr = returnstr(1) @@ -3420,7 +3653,8 @@ probe nd_syscall.mount.return = kprobe.function("sys_mount").return, # mprotect ___________________________________________________ # long sys_mprotect(unsigned long start, size_t len, unsigned long prot) # -probe nd_syscall.mprotect = kprobe.function("sys_mprotect") ? +probe nd_syscall.mprotect = kprobe.function("SyS_mprotect") ?, + kprobe.function("sys_mprotect") ? { name = "mprotect" // addr = $start @@ -3435,7 +3669,8 @@ probe nd_syscall.mprotect = kprobe.function("sys_mprotect") ? prot_str = _mprotect_prot_str(prot) argstr = sprintf("%p, %d, %s", addr, len, _mprotect_prot_str(prot)) } -probe nd_syscall.mprotect.return = kprobe.function("sys_mprotect").return ? +probe nd_syscall.mprotect.return = kprobe.function("SyS_mprotect").return ?, + kprobe.function("sys_mprotect").return ? { name = "mprotect" retstr = returnstr(1) @@ -3449,8 +3684,9 @@ probe nd_syscall.mprotect.return = kprobe.function("sys_mprotect").return ? # const struct compat_mq_attr __user *u_mqstat, # struct compat_mq_attr __user *u_omqstat) # -probe nd_syscall.mq_getsetattr = kprobe.function("sys_mq_getsetattr") ?, - kprobe.function("compat_sys_mq_getsetattr") ? +probe nd_syscall.mq_getsetattr = kprobe.function("compat_sys_mq_getsetattr") ?, + kprobe.function("SyS_mq_getsetattr") ?, + kprobe.function("sys_mq_getsetattr") ? { name = "mq_getsetattr" // mqdes = $mqdes @@ -3463,8 +3699,9 @@ probe nd_syscall.mq_getsetattr = kprobe.function("sys_mq_getsetattr") ?, u_omqstat_uaddr = pointer_arg(3) argstr = sprintf("%d, %p, %p", mqdes, u_mqstat_uaddr, u_omqstat_uaddr) } -probe nd_syscall.mq_getsetattr.return = kprobe.function("sys_mq_getsetattr").return ?, - kprobe.function("compat_sys_mq_getsetattr").return ? +probe nd_syscall.mq_getsetattr.return = kprobe.function("compat_sys_mq_getsetattr").return ?, + kprobe.function("SyS_mq_getsetattr").return ?, + kprobe.function("sys_mq_getsetattr").return ? { name = "mq_getsetattr" retstr = returnstr(1) @@ -3474,8 +3711,9 @@ probe nd_syscall.mq_getsetattr.return = kprobe.function("sys_mq_getsetattr").ret # long sys_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification) # long compat_sys_mq_notify(mqd_t mqdes, const struct compat_sigevent __user *u_notification) # -probe nd_syscall.mq_notify = kprobe.function("sys_mq_notify") ?, - kprobe.function("compat_sys_mq_notify") ? +probe nd_syscall.mq_notify = kprobe.function("compat_sys_mq_notify") ?, + kprobe.function("SyS_mq_notify") ?, + kprobe.function("sys_mq_notify") ? { name = "mq_notify" // mqdes = $mqdes @@ -3486,8 +3724,9 @@ probe nd_syscall.mq_notify = kprobe.function("sys_mq_notify") ?, notification_uaddr = pointer_arg(2) argstr = sprintf("%d, %p", mqdes, notification_uaddr) } -probe nd_syscall.mq_notify.return = kprobe.function("sys_mq_notify").return ?, - kprobe.function("compat_sys_mq_notify").return ? +probe nd_syscall.mq_notify.return = kprobe.function("compat_sys_mq_notify").return ?, + kprobe.function("SyS_mq_notify").return ?, + kprobe.function("sys_mq_notify").return ? { name = "mq_notify" retstr = returnstr(1) @@ -3502,8 +3741,9 @@ probe nd_syscall.mq_notify.return = kprobe.function("sys_mq_notify").return ?, # int oflag, compat_mode_t mode, # struct compat_mq_attr __user *u_attr) # -probe nd_syscall.mq_open = kprobe.function("sys_mq_open") ?, - kprobe.function("compat_sys_mq_open") ? +probe nd_syscall.mq_open = kprobe.function("compat_sys_mq_open") ?, + kprobe.function("SyS_mq_open") ?, + kprobe.function("sys_mq_open") ? { name = "mq_open" // name_uaddr = $u_name @@ -3529,8 +3769,9 @@ probe nd_syscall.mq_open = kprobe.function("sys_mq_open") ?, else argstr = sprintf("%s, %s", user_string_quoted(name_uaddr), _sys_open_flag_str(oflag)) } -probe nd_syscall.mq_open.return = kprobe.function("sys_mq_open").return ?, - kprobe.function("compat_sys_mq_open").return ? +probe nd_syscall.mq_open.return = kprobe.function("compat_sys_mq_open").return ?, + kprobe.function("SyS_mq_open").return ?, + kprobe.function("sys_mq_open").return ? { name = "mq_open" retstr = returnstr(1) @@ -3547,8 +3788,9 @@ probe nd_syscall.mq_open.return = kprobe.function("sys_mq_open").return ?, # size_t msg_len, unsigned int __user *u_msg_prio, # const struct compat_timespec __user *u_abs_timeout) # -probe nd_syscall.mq_timedreceive = kprobe.function("sys_mq_timedreceive") ?, - kprobe.function("compat_sys_mq_timedreceive") ? +probe nd_syscall.mq_timedreceive = kprobe.function("compat_sys_mq_timedreceive") ?, + kprobe.function("SyS_mq_timedreceive") ?, + kprobe.function("sys_mq_timedreceive") ? { name = "mq_timedreceive" // mqdes = $mqdes @@ -3567,8 +3809,9 @@ probe nd_syscall.mq_timedreceive = kprobe.function("sys_mq_timedreceive") ?, argstr = sprintf("%d, %p, %d, %p, %p", mqdes, msg_ptr_uaddr, msg_len, msg_prio_uaddr, abs_timeout_uaddr) } -probe nd_syscall.mq_timedreceive.return = kprobe.function("sys_mq_timedreceive").return ?, - kprobe.function("compat_sys_mq_timedreceive").return ? +probe nd_syscall.mq_timedreceive.return = kprobe.function("compat_sys_mq_timedreceive").return ?, + kprobe.function("SyS_mq_timedreceive").return ?, + kprobe.function("sys_mq_timedreceive").return ? { name = "mq_timedreceive" retstr = returnstr(1) @@ -3585,8 +3828,9 @@ probe nd_syscall.mq_timedreceive.return = kprobe.function("sys_mq_timedreceive") # size_t msg_len, unsigned int msg_prio, # const struct compat_timespec __user *u_abs_timeout) # -probe nd_syscall.mq_timedsend = kprobe.function("sys_mq_timedsend") ?, - kprobe.function("compat_sys_mq_timedsend") ? +probe nd_syscall.mq_timedsend = kprobe.function("compat_sys_mq_timedsend") ?, + kprobe.function("SyS_mq_timedsend") ?, + kprobe.function("sys_mq_timedsend") ? { name = "mq_timedsend" // mqdes = $mqdes @@ -3605,8 +3849,9 @@ probe nd_syscall.mq_timedsend = kprobe.function("sys_mq_timedsend") ?, argstr = sprintf("%d, %p, %d, %d, %p", mqdes, msg_ptr_uaddr, msg_len, msg_prio, abs_timeout_uaddr) } -probe nd_syscall.mq_timedsend.return = kprobe.function("sys_mq_timedsend").return ?, - kprobe.function("compat_sys_mq_timedsend").return ? +probe nd_syscall.mq_timedsend.return = kprobe.function("compat_sys_mq_timedsend").return ?, + kprobe.function("SyS_mq_timedsend").return ?, + kprobe.function("sys_mq_timedsend").return ? { name = "mq_timedsend" retstr = returnstr(1) @@ -3615,7 +3860,8 @@ probe nd_syscall.mq_timedsend.return = kprobe.function("sys_mq_timedsend").retur # mq_unlink __________________________________________________ # long sys_mq_unlink(const char __user *u_name) # -probe nd_syscall.mq_unlink = kprobe.function("sys_mq_unlink") ? +probe nd_syscall.mq_unlink = kprobe.function("SyS_mq_unlink") ?, + kprobe.function("sys_mq_unlink") ? { name = "mq_unlink" // u_name_uaddr = $u_name @@ -3626,7 +3872,8 @@ probe nd_syscall.mq_unlink = kprobe.function("sys_mq_unlink") ? u_name = user_string(u_name_uaddr) argstr = user_string_quoted(u_name_uaddr) } -probe nd_syscall.mq_unlink.return = kprobe.function("sys_mq_unlink").return ? +probe nd_syscall.mq_unlink.return = kprobe.function("SyS_mq_unlink").return ?, + kprobe.function("sys_mq_unlink").return ? { name = "mq_unlink" retstr = returnstr(1) @@ -3639,8 +3886,9 @@ probe nd_syscall.mq_unlink.return = kprobe.function("sys_mq_unlink").return ? # unsigned long flags, # unsigned long new_addr) # -probe nd_syscall.mremap = kprobe.function("sys_mremap") ?, - kprobe.function("ia64_mremap") ? +probe nd_syscall.mremap = kprobe.function("ia64_mremap") ?, + kprobe.function("SyS_mremap") ?, + kprobe.function("sys_mremap") ? { name = "mremap" // old_address = $addr @@ -3659,8 +3907,9 @@ probe nd_syscall.mremap = kprobe.function("sys_mremap") ?, argstr = sprintf("%p, %d, %d, %s, %p", old_address, old_size, new_size, _mremap_flags(flags), new_address) } -probe nd_syscall.mremap.return = kprobe.function("sys_mremap").return ?, - kprobe.function("ia64_mremap").return ? +probe nd_syscall.mremap.return = kprobe.function("ia64_mremap").return ?, + kprobe.function("SyS_mremap").return ?, + kprobe.function("sys_mremap").return ? { name = "mremap" retstr = returnstr(2) @@ -3669,7 +3918,8 @@ probe nd_syscall.mremap.return = kprobe.function("sys_mremap").return ?, # msgctl _____________________________________________________ # long sys_msgctl (int msqid, int cmd, struct msqid_ds __user *buf) # -probe nd_syscall.msgctl = kprobe.function("sys_msgctl") ? +probe nd_syscall.msgctl = kprobe.function("SyS_msgctl") ?, + kprobe.function("sys_msgctl") ? { name = "msgctl" // msqid = $msqid @@ -3682,7 +3932,8 @@ probe nd_syscall.msgctl = kprobe.function("sys_msgctl") ? buf_uaddr = pointer_arg(3) argstr = sprintf("%d, %d, %p", msqid, cmd, buf_uaddr) } -probe nd_syscall.msgctl.return = kprobe.function("sys_msgctl").return ? +probe nd_syscall.msgctl.return = kprobe.function("SyS_msgctl").return ?, + kprobe.function("sys_msgctl").return ? { name = "msgctl" retstr = returnstr(1) @@ -3707,7 +3958,8 @@ probe nd_syscall.compat_sys_msgctl.return = kprobe.function("compat_sys_msgctl") # msgget _____________________________________________________ # long sys_msgget (key_t key, int msgflg) # -probe nd_syscall.msgget = kprobe.function("sys_msgget") ? +probe nd_syscall.msgget = kprobe.function("SyS_msgget") ?, + kprobe.function("sys_msgget") ? { name = "msgget" // key = $key @@ -3720,7 +3972,8 @@ probe nd_syscall.msgget = kprobe.function("sys_msgget") ? msgflg_str = _sys_open_flag_str(msgflg) argstr = sprintf("%d, %s", key, _sys_open_flag_str(msgflg)) } -probe nd_syscall.msgget.return = kprobe.function("sys_msgget").return ? +probe nd_syscall.msgget.return = kprobe.function("SyS_msgget").return ?, + kprobe.function("sys_msgget").return ? { name = "msgget" retstr = returnstr(1) @@ -3733,7 +3986,8 @@ probe nd_syscall.msgget.return = kprobe.function("sys_msgget").return ? # long msgtyp, # int msgflg) # -probe nd_syscall.msgrcv = kprobe.function("sys_msgrcv") ? +probe nd_syscall.msgrcv = kprobe.function("SyS_msgrcv") ?, + kprobe.function("sys_msgrcv") ? { name = "msgrcv" // msqid = $msqid @@ -3750,7 +4004,8 @@ probe nd_syscall.msgrcv = kprobe.function("sys_msgrcv") ? msgflg = int_arg(5) argstr = sprintf("%d, %p, %d, %d, %d", msqid, msgp_uaddr, msgsz, msgtyp, msgflg) } -probe nd_syscall.msgrcv.return = kprobe.function("sys_msgrcv").return ? +probe nd_syscall.msgrcv.return = kprobe.function("SyS_msgrcv").return ?, + kprobe.function("sys_msgrcv").return ? { name = "msgrcv" retstr = returnstr(1) @@ -3779,7 +4034,8 @@ probe nd_syscall.compat_sys_msgrcv.return = kprobe.function("compat_sys_msgrcv") # size_t msgsz, # int msgflg) # -probe nd_syscall.msgsnd = kprobe.function("sys_msgsnd") ? +probe nd_syscall.msgsnd = kprobe.function("SyS_msgsnd") ?, + kprobe.function("sys_msgsnd") ? { name = "msgsnd" // msqid = $msqid @@ -3794,7 +4050,8 @@ probe nd_syscall.msgsnd = kprobe.function("sys_msgsnd") ? msgflg = int_arg(4) argstr = sprintf("%d, %p, %d, %d", msqid, msgp_uaddr, msgsz, msgflg) } -probe nd_syscall.msgsnd.return = kprobe.function("sys_msgsnd").return ? +probe nd_syscall.msgsnd.return = kprobe.function("SyS_msgsnd").return ?, + kprobe.function("sys_msgsnd").return ? { name = "msgsnd" retstr = returnstr(1) @@ -3818,7 +4075,8 @@ probe nd_syscall.compat_sys_msgsnd.return = kprobe.function("compat_sys_msgsnd") # msync ______________________________________________________ # long sys_msync(unsigned long start, size_t len, int flags) -probe nd_syscall.msync = kprobe.function("sys_msync") ? +probe nd_syscall.msync = kprobe.function("SyS_msync") ?, + kprobe.function("sys_msync") ? { name = "msync" // start = $start @@ -3830,7 +4088,8 @@ probe nd_syscall.msync = kprobe.function("sys_msync") ? flags = int_arg(3) argstr = sprintf("%p, %d, %s", start, length, _msync_flag_str(flags)) } -probe nd_syscall.msync.return = kprobe.function("sys_msync").return ? +probe nd_syscall.msync.return = kprobe.function("SyS_msync").return ?, + kprobe.function("sys_msync").return ? { name = "msync" retstr = returnstr(1) @@ -3838,7 +4097,8 @@ probe nd_syscall.msync.return = kprobe.function("sys_msync").return ? # munlock ____________________________________________________ # long sys_munlock(unsigned long start, size_t len) -probe nd_syscall.munlock = kprobe.function("sys_munlock") ? +probe nd_syscall.munlock = kprobe.function("SyS_munlock") ?, + kprobe.function("sys_munlock") ? { name = "munlock" // addr = $start @@ -3848,7 +4108,8 @@ probe nd_syscall.munlock = kprobe.function("sys_munlock") ? len = ulong_arg(2) argstr = sprintf("%p, %d", addr, len) } -probe nd_syscall.munlock.return = kprobe.function("sys_munlock").return ? +probe nd_syscall.munlock.return = kprobe.function("SyS_munlock").return ?, + kprobe.function("sys_munlock").return ? { name = "munlock" retstr = returnstr(1) @@ -3869,7 +4130,8 @@ probe nd_syscall.munlockall.return = kprobe.function("sys_munlockall").return ? # munmap _____________________________________________________ # long sys_munmap(unsigned long addr, size_t len) -probe nd_syscall.munmap = kprobe.function("sys_munmap") +probe nd_syscall.munmap = kprobe.function("SyS_munmap") ?, + kprobe.function("sys_munmap") ? { name = "munmap" // start = $addr @@ -3879,7 +4141,8 @@ probe nd_syscall.munmap = kprobe.function("sys_munmap") length = ulong_arg(2) argstr = sprintf("%p, %d", start, length) } -probe nd_syscall.munmap.return = kprobe.function("sys_munmap").return +probe nd_syscall.munmap.return = kprobe.function("SyS_munmap").return ?, + kprobe.function("sys_munmap").return ? { name = "munmap" retstr = returnstr(1) |