diff options
| author | Mark Wielaard <mjw@redhat.com> | 2009-03-17 16:58:35 +0100 |
|---|---|---|
| committer | Mark Wielaard <mjw@redhat.com> | 2009-03-17 16:58:35 +0100 |
| commit | bf33ee46c8fff4d181b7f28521f12175bd32ec77 (patch) | |
| tree | 5e0a9e1047af60389eee36da54182b52d3d53ee7 /tapset | |
| parent | 524c6f82b0a3c010d0fd6a67b1afcfbf55b789a6 (diff) | |
| parent | 30cb532a560ed152b86506b80490e99195970271 (diff) | |
| download | systemtap-steved-bf33ee46c8fff4d181b7f28521f12175bd32ec77.tar.gz systemtap-steved-bf33ee46c8fff4d181b7f28521f12175bd32ec77.tar.xz systemtap-steved-bf33ee46c8fff4d181b7f28521f12175bd32ec77.zip | |
Merge branch 'master' into pr6866
Resolved conflicts:
runtime/task_finder.c: name vs path.
Diffstat (limited to 'tapset')
| -rw-r--r-- | tapset/aux_syscalls.stp | 2 | ||||
| -rw-r--r-- | tapset/context-symbols.stp | 23 | ||||
| -rw-r--r-- | tapset/context-unwind.stp | 16 | ||||
| -rw-r--r-- | tapset/context.stp | 77 | ||||
| -rw-r--r-- | tapset/i686/registers.stp | 10 | ||||
| -rw-r--r-- | tapset/inet_sock.stp | 50 | ||||
| -rw-r--r-- | tapset/ioscheduler.stp | 20 | ||||
| -rw-r--r-- | tapset/memory.stp | 13 | ||||
| -rw-r--r-- | tapset/networking.stp | 12 | ||||
| -rw-r--r-- | tapset/nfs.stp | 177 | ||||
| -rw-r--r-- | tapset/ppc64/registers.stp | 10 | ||||
| -rw-r--r-- | tapset/process.stp | 4 | ||||
| -rw-r--r-- | tapset/rpc.stp | 95 | ||||
| -rw-r--r-- | tapset/s390x/registers.stp | 12 | ||||
| -rw-r--r-- | tapset/scsi.stp | 28 | ||||
| -rw-r--r-- | tapset/signal.stp | 213 | ||||
| -rw-r--r-- | tapset/socket.stp | 142 | ||||
| -rw-r--r-- | tapset/syscalls.stp | 858 | ||||
| -rw-r--r-- | tapset/syscalls2.stp | 801 | ||||
| -rw-r--r-- | tapset/task.stp | 74 | ||||
| -rw-r--r-- | tapset/tcp.stp | 4 | ||||
| -rw-r--r-- | tapset/timestamp.stp | 49 | ||||
| -rw-r--r-- | tapset/timestamp_gtod.stp | 68 | ||||
| -rw-r--r-- | tapset/udp.stp | 46 | ||||
| -rw-r--r-- | tapset/vfs.stp | 198 | ||||
| -rw-r--r-- | tapset/x86_64/registers.stp | 10 |
26 files changed, 1773 insertions, 1239 deletions
diff --git a/tapset/aux_syscalls.stp b/tapset/aux_syscalls.stp index 42b2abf8..d2e43903 100644 --- a/tapset/aux_syscalls.stp +++ b/tapset/aux_syscalls.stp @@ -1790,6 +1790,7 @@ function _struct_sigaction_u:string(uaddr:long) function _struct_sigaction32_u:string(uaddr:long) %{ /* pure */ +#ifdef CONFIG_COMPAT #include <linux/compat.h> // There seems to be no public cross arch header that defines this. @@ -1831,4 +1832,5 @@ function _struct_sigaction32_u:string(uaddr:long) else strlcpy (THIS->__retvalue, "UNKNOWN", MAXSTRINGLEN); } +#endif %} diff --git a/tapset/context-symbols.stp b/tapset/context-symbols.stp index bd9a93b9..4c200aa8 100644 --- a/tapset/context-symbols.stp +++ b/tapset/context-symbols.stp @@ -6,20 +6,25 @@ // redistribute it and/or modify it under the terms of the GNU General // Public License (GPL); either version 2, or (at your option) any // later version. - +// <tapsetdescription> +// Context functions provide additional information about where an event occurred. These functions can +//provide information such as a backtrace to where the event occured and the current register values for the +//processor. +// </tapsetdescription> %{ #ifndef STP_NEED_SYMBOL_DATA #define STP_NEED_SYMBOL_DATA 1 #endif %} - +// weirdness with print_stack, argument appears in build as undescribed /** - * sfunction print_stack - Print out stack from string + * sfunction print_stack - Print out stack from string. * @stk: String with list of hexidecimal addresses. (FIXME) * * Perform a symbolic lookup of the addresses in the given string, - * which is assumed to be the result of a prior call to - * backtrace(). + * which is assumed to be the result of a prior call to + * <command>backtrace()</command>. + * * Print one line per address, including the address, the * name of the function containing the address, and an estimate of * its position within that function. Return nothing. @@ -36,9 +41,7 @@ function print_stack(stk:string) %{ %} /** - * sfunction probefunc - Function probed - * - * Return the probe point's function name, if known. + * sfunction probefunc - Return the probe point's function name, if known. */ function probefunc:string () %{ /* pure */ char *ptr, *start; @@ -72,9 +75,7 @@ function probefunc:string () %{ /* pure */ %} /** - * sfunction probemod - Module probed - * - * Return the probe point's module name, if known. + * sfunction probemod - Return the probe point's module name, if known. */ function probemod:string () %{ /* pure */ char *ptr, *start; diff --git a/tapset/context-unwind.stp b/tapset/context-unwind.stp index 7c96b7e2..a976f8b6 100644 --- a/tapset/context-unwind.stp +++ b/tapset/context-unwind.stp @@ -6,7 +6,11 @@ // redistribute it and/or modify it under the terms of the GNU General // Public License (GPL); either version 2, or (at your option) any // later version. - +// <tapsetdescription> +// Context functions provide additional information about where an event occurred. These functions can +//provide information such as a backtrace to where the event occured and the current register values for the +//processor. +// </tapsetdescription> %{ #ifndef STP_NEED_UNWIND_DATA #define STP_NEED_UNWIND_DATA 1 @@ -19,7 +23,7 @@ /** * sfunction print_backtrace - Print stack back trace * - * Equivalent to <command>print_stack(backtrace())</command>, + * Equivalent to <command>print_stack(backtrace())</command>, * except that deeper stack nesting may be supported. Return nothing. */ function print_backtrace () %{ @@ -33,8 +37,8 @@ function print_backtrace () %{ /** * sfunction backtrace - Hex backtrace of current stack * - * Return a string of hex addresses that are a backtrace of the - * stack. It may be truncated due to maximum string length. + * Return a string of hex addresses that are a backtrace of the + * stack. Output may be truncated as per maximum string length. */ function backtrace:string () %{ /* pure */ if (CONTEXT->regs) @@ -46,7 +50,7 @@ function backtrace:string () %{ /* pure */ /** * sfunction caller - Return name and address of calling function * - * Return the address and name of the calling function. + * Return the address and name of the calling function. * <emphasis>Works only for return probes at this time.</emphasis> */ function caller:string() %{ /* pure */ @@ -61,7 +65,7 @@ function caller:string() %{ /* pure */ /** * sfunction caller_addr - Return caller address * - * Return the address of the calling function. + * Return the address of the calling function. * <emphasis> Works only for return probes at this time.</emphasis> */ function caller_addr:long () %{ /* pure */ diff --git a/tapset/context.stp b/tapset/context.stp index 7fd961c8..9f4be0e6 100644 --- a/tapset/context.stp +++ b/tapset/context.stp @@ -6,7 +6,11 @@ // redistribute it and/or modify it under the terms of the GNU General // Public License (GPL); either version 2, or (at your option) any // later version. - +// <tapsetdescription> +// Context functions provide additional information about where an event occurred. These functions can +//provide information such as a backtrace to where the event occured and the current register values for the +//processor. +// </tapsetdescription> /** * sfunction print_regs - Print a register dump. */ @@ -17,37 +21,28 @@ function print_regs () %{ %} /** - * sfunction execname - Execname of current processes - * - * Return the name of the current process. + * sfunction execname - Returns the execname of a target process (or group of processes). */ function execname:string () %{ /* pure */ strlcpy (THIS->__retvalue, current->comm, MAXSTRINGLEN); %} /** - * sfunction pid - Process ID of current process - * - * - * Return the id of the current process. + * sfunction pid - Returns the ID of a target process. */ function pid:long () %{ /* pure */ THIS->__retvalue = current->tgid; %} /** - * sfunction tid - Thread ID of current process - * - * Return the id of the current thread. + * sfunction tid - Returns the thread ID of a target process. */ function tid:long () %{ /* pure */ THIS->__retvalue = current->pid; %} /** - * sfunction ppid - Parent Process ID of current process - * - * Return the id of the parent process. + * sfunction ppid - Returns the process ID of a target process's parent process. */ function ppid:long () %{ /* pure */ #if defined(STAPCONF_REAL_PARENT) @@ -58,9 +53,7 @@ function ppid:long () %{ /* pure */ %} /** - * sfunction pexecname - Execname of the parent process. - * - * Return the name of the parent process. + * sfunction pexecname - Returns the execname of a target process's parent process. */ function pexecname:string () %{ /* pure */ #if defined(STAPCONF_REAL_PARENT) @@ -71,9 +64,7 @@ function pexecname:string () %{ /* pure */ %} /** - * sfunction gid - Group ID of current process - * - * Return the gid of the current process. + * sfunction gid - Returns the group ID of a target process. */ function gid:long () %{ /* pure */ #ifdef STAPCONF_TASK_UID @@ -84,9 +75,7 @@ function gid:long () %{ /* pure */ %} /** - * sfunction egid - Effective gid of the current process. - * - * Return the effective gid of the current process. + * sfunction egid - Returns the effective gid of a target process. */ function egid:long () %{ /* pure */ #ifdef STAPCONF_TASK_UID @@ -97,9 +86,7 @@ function egid:long () %{ /* pure */ %} /** - * sfunction uid -User ID of the current process. - * - * Return the uid of the current process. + * sfunction uid - Returns the user ID of a target process. */ function uid:long () %{ /* pure */ #ifdef STAPCONF_TASK_UID @@ -110,9 +97,7 @@ function uid:long () %{ /* pure */ %} /** - * sfunction euid - Effective User ID of the current process. - * - * Return the effective uid of the current process. + * sfunction euid - Return the effective uid of a target process. */ function euid:long () %{ /* pure */ #ifdef STAPCONF_TASK_UID @@ -128,26 +113,24 @@ function cpuid:long () %{ /* pure */ %} /** - * sfunction cpu - The current cpu number. - * - * Return the current cpu number. + * sfunction cpu - Returns the current cpu number. */ function cpu:long () %{ /* pure */ THIS->__retvalue = smp_processor_id(); %} /** - * sfunction pp - Current probe point - * - * Return the probe point associated with the currently running - * probe handler, including alias and wildcard expansion effects. + * sfunction pp - Return the probe point associated with the currently running probe handler, + * including alias and wildcard expansion effects + * Context: + * The current probe point. */ function pp:string () %{ /* pure */ strlcpy (THIS->__retvalue, CONTEXT->probe_point, MAXSTRINGLEN); %} /** - * sfunction registers_valid - Register information valid + * sfunction registers_valid - Determines validity of <command>register()</command> and <command>u_register()</command> in current context. * * Return 1 if register() and u_register() can be used * in the current context, or 0 otherwise. @@ -159,7 +142,7 @@ function registers_valid:long () %{ /* pure */ %} /** - * sfunction user_mode - User Mode + * sfunction user_mode - Determines if probe point occurs in user-mode. * * Return 1 if the probe point occurred in user-mode. */ @@ -176,7 +159,7 @@ function user_mode:long () %{ /* pure */ /* currently a user-mode address? */ %} /** - * sfunction is_return - Is return probe + * sfunction is_return - Determines if probe point is a return probe. * * Return 1 if the probe point is a return probe. * <emphasis>Deprecated.</emphasis> @@ -189,9 +172,7 @@ function is_return:long () %{ /* pure */ %} /** - * sfunction target - Target pid - * - * Return the pid of the target process. + * sfunction target - Return the process ID of the target process. */ function target:long () %{ /* pure */ THIS->__retvalue = _stp_target; @@ -220,18 +201,16 @@ function stp_pid:long () %{ /* pure */ %} /** - * sfunction stack_size - Size of kernel stack - * - * Return the size of the kernel stack. + * sfunction stack_size - Return the size of the kernel stack. */ function stack_size:long () %{ /* pure */ THIS->__retvalue = THREAD_SIZE; %} /** - * sfunction stack_used - Current amount of kernel stack used + * sfunction stack_used - Returns the amount of kernel stack used. * - * Return how many bytes are currently used in the kernel stack. + * Determines how many bytes are currently used in the kernel stack. */ function stack_used:long () %{ /* pure */ char a; @@ -239,9 +218,9 @@ function stack_used:long () %{ /* pure */ %} /** - * sfunction stack_unused - Amount of kernel stack currently available + * sfunction stack_unused - Returns the amount of kernel stack currently available. * - * Return how many bytes are currently available in the kernel stack. + * Determines how many bytes are currently available in the kernel stack. */ function stack_unused:long () %{ /* pure */ char a; diff --git a/tapset/i686/registers.stp b/tapset/i686/registers.stp index b9eaba5b..a6e5694e 100644 --- a/tapset/i686/registers.stp +++ b/tapset/i686/registers.stp @@ -26,6 +26,16 @@ function _stp_register_regs() { function _stp_get_register_by_offset:long (offset:long) %{ /* pure */ long value; + if (!CONTEXT->regs) { + CONTEXT->last_error = "No registers available in this context"; + return; + } + if (THIS->offset < 0 || THIS->offset > sizeof(struct pt_regs) - sizeof(long)) { + snprintf(CONTEXT->error_buffer, sizeof(CONTEXT->error_buffer), + "Bad register offset: %lld", THIS->offset); + CONTEXT->last_error = CONTEXT->error_buffer; + return; + } memcpy(&value, ((char *)CONTEXT->regs) + THIS->offset, sizeof(value)); THIS->__retvalue = value; %} diff --git a/tapset/inet_sock.stp b/tapset/inet_sock.stp index 59ce7fea..33de9775 100644 --- a/tapset/inet_sock.stp +++ b/tapset/inet_sock.stp @@ -1,42 +1,42 @@ // inet_sock information tapset // Copyright (C) 2006 IBM Corp. // Copyright (C) 2006 Intel Corporation. +// Copyright (C) 2009 Red Hat, Inc. // // This file is part of systemtap, and is free software. You can // redistribute it and/or modify it under the terms of the GNU General // Public License (GPL); either version 2, or (at your option) any // later version. -%{ -#include <linux/version.h> -#include <net/sock.h> -#include <net/tcp.h> -#include <net/ip.h> - -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,11) -#define LPORT (inet->inet.num) -#define DADDR (&inet->inet.daddr) -#else -#define LPORT (inet->num) -#define DADDR (&inet->daddr) -#endif -%} - -// Get local port number +// Get local port number given a pointer to a kernel socket, +// as for example kernel.function("tcp_accept").return will +// return. function inet_get_local_port:long(sock:long) -%{ /* pure */ - struct inet_sock *inet = (struct inet_sock *) (long) THIS->sock; - THIS->__retvalue = kread(&(LPORT)); - CATCH_DEREF_FAULT(); -%} +{ +%(kernel_v < "2.6.11" %? + port = @cast(sock, "inet_sock", "kernel")->inet->num; +%: + port = @cast(sock, "inet_sock", "kernel")->num; +%) + return port; +} -// Get IP source address string +// Get IP source address string given a pointer to a kernel socket. function inet_get_ip_source:string(sock:long) +{ +%(kernel_v < "2.6.11" %? + daddr = @cast(sock, "inet_sock", "kernel")->inet->daddr; +%: + daddr = @cast(sock, "inet_sock", "kernel")->daddr; +%) + return daddr_to_string(daddr); +} + +// Turns a daddr as found in an inet_sock into a dotted ip string. +function daddr_to_string:string(daddr:long) %{ /* pure */ - struct inet_sock *inet = (struct inet_sock *) (long) THIS->sock; union { __u32 d; unsigned char addr[4]; } u; - u.d = kread(DADDR); + u.d = THIS->daddr; sprintf(THIS->__retvalue, "%d.%d.%d.%d", u.addr[0], u.addr[1], u.addr[2], u.addr[3]); - CATCH_DEREF_FAULT(); %} diff --git a/tapset/ioscheduler.stp b/tapset/ioscheduler.stp index d7a71aca..a79ae752 100644 --- a/tapset/ioscheduler.stp +++ b/tapset/ioscheduler.stp @@ -5,15 +5,17 @@ // redistribute it and/or modify it under the terms of the GNU General // Public License (GPL); either version 2, or (at your option) any // later version. - +// <tapsetdescription> +// This family of probe points is used to probe IO scheduler activities. +// </tapsetdescription> %{ #include <linux/blkdev.h> #include <linux/elevator.h> %} /** - * probe ioscheduler.elv_next_request - Retrieve request from request queue - * @elevator_name: The elevator name + * probe ioscheduler.elv_next_request - Fires when a request is retrieved from the request queue + * @elevator_name: The type of I/O elevator currently enabled */ probe ioscheduler.elv_next_request = kernel.function("elv_next_request") @@ -26,7 +28,7 @@ probe ioscheduler.elv_next_request } /** - * probe ioscheduler.elv_next_request.return - Return from retrieving a request + * probe ioscheduler.elv_next_request.return - Fires when a request retrieval issues a return signal * @req: Address of the request * @req_flags: Request flags * @disk_major: Disk major number of the request @@ -58,14 +60,14 @@ probe ioscheduler.elv_next_request.return } /** - * probe ioscheduler.elv_add_request - Add a request into request queue - * @elevator_name: The elevator name + * probe ioscheduler.elv_add_request - A request was added to the request queue + * @elevator_name: The type of I/O elevator currently enabled * @req: Address of the request * @req_flags: Request flags * @disk_major: Disk major number of the request * @disk_minor: Disk minor number of the request */ -/* when a request is added to the request queue */ +// when a request is added to the request queue probe ioscheduler.elv_add_request = kernel.function("__elv_add_request") { @@ -96,8 +98,8 @@ probe ioscheduler.elv_add_request } /** - * probe ioscheduler.elv_completed_request - Request is completed - * @elevator_name: The elevator name + * probe ioscheduler.elv_completed_request - Fires when a request is completed + * @elevator_name: The type of I/O elevator currently enabled * @req: Address of the request * @req_flags: Request flags * @disk_major: Disk major number of the request diff --git a/tapset/memory.stp b/tapset/memory.stp index 961cca38..83875aa4 100644 --- a/tapset/memory.stp +++ b/tapset/memory.stp @@ -6,6 +6,9 @@ // redistribute it and/or modify it under the terms of the GNU General // Public License (GPL); either version 2, or (at your option) any // later version. +// <tapsetdescription> +// This family of probe points is used to probe memory-related events. +// </tapsetdescription> %{ #include <linux/mm.h> %} @@ -53,7 +56,7 @@ function vm_fault_contains:long (value:long, test:long) /** * probe vm.pagefault - Records that a page fault occurred. * @address: The address of the faulting memory access; i.e. the address that caused the page fault. - * @write_access: Indicates whether this was a write or read access; <command>1</command> indicates a write, + * @write_access: Indicates whether this was a write or read access; <command>1</command> indicates a write, * while <command>0</command> indicates a read. * * Context: The process which triggered the fault @@ -97,7 +100,7 @@ function addr_to_node:long(addr:long) %{ /* pure */ } %} -/* Return whether a page to be copied is a zero page. */ +// Return whether a page to be copied is a zero page. function _IS_ZERO_PAGE:long(from:long, vaddr:long) %{ /* pure */ THIS->__retvalue = (THIS->from == (long) ZERO_PAGE(THIS->vaddr)); %} @@ -110,8 +113,8 @@ function _IS_ZERO_PAGE:long(from:long, vaddr:long) %{ /* pure */ * Context: * The context is the process attempting the write. * - * Fires when a process attempts to write to a shared page. - * If a copy is necessary, this will be followed by a + * Fires when a process attempts to write to a shared page. + * If a copy is necessary, this will be followed by a * <command>vm.write_shared_copy</command>. */ probe vm.write_shared = kernel.function("do_wp_page") { @@ -119,7 +122,7 @@ probe vm.write_shared = kernel.function("do_wp_page") { } /** - * probe vm.write_shared_copy- Page copy for shared page write. + * probe vm.write_shared_copy - Page copy for shared page write. * @address: The address of the shared write. * @zero: Boolean indicating whether it is a zero page * (can do a clear instead of a copy). diff --git a/tapset/networking.stp b/tapset/networking.stp index d6e90259..f6d78536 100644 --- a/tapset/networking.stp +++ b/tapset/networking.stp @@ -5,11 +5,9 @@ // redistribute it and/or modify it under the terms of the GNU General // Public License (GPL); either version 2, or (at your option) any // later version. - -%{ -#include <linux/netdevice.h> -%} - +// <tapsetdescription> +// This family of probe points is used to probe the activities of the network device. +// </tapsetdescription> /** * probe netdev.receive - Data recieved from network device. * @dev_name: The name of the device. e.g: eth0, ath1. @@ -53,7 +51,7 @@ /// /// </variablelist> ///</para> -/* Main device receive routine, be called when packet arrives on network device */ +// Main device receive routine, be called when packet arrives on network device probe netdev.receive = kernel.function("netif_receive_skb") { @@ -71,7 +69,7 @@ probe netdev.receive * @truesize: The size of the the data to be transmitted. * */ -/* Queue a buffer for transmission to a network device */ +// Queue a buffer for transmission to a network device probe netdev.transmit = kernel.function("dev_queue_xmit") { diff --git a/tapset/nfs.stp b/tapset/nfs.stp index 474b091f..6752747f 100644 --- a/tapset/nfs.stp +++ b/tapset/nfs.stp @@ -135,69 +135,50 @@ function __nfs_wpages:long(inode:long) %{ /* pure */ %} /*Get struct inode from struct page*/ -function __p2i :long(page:long) %{ /* pure */ - struct page *page = (struct page *)((long)THIS->page); - struct address_space *mapping = page? kread(&(page->mapping)) : NULL; - - if (mapping == NULL) - THIS->__retvalue = 0; - else - THIS->__retvalue = (long)kread(&(mapping->host)); - CATCH_DEREF_FAULT(); -%} +function __p2i :long(page:long) +{ + mapping = page? @cast(page, "page", "kernel:nfs")->mapping : 0 + if (mapping == 0) + return 0 + return @cast(mapping, "address_space", "kernel:nfs")->host +} /*Get i_flags from struct page*/ -function __p2i_flag : long (page:long) %{ /* pure */ - struct page *page = (struct page *)((long)THIS->page); - struct address_space *mapping = page? kread(&(page->mapping)) : NULL; - struct inode *host = mapping? kread(&(mapping->host)) : NULL; - - if (host == NULL) - THIS->__retvalue = -1; - else - THIS->__retvalue = kread(&(host->i_flags)); - CATCH_DEREF_FAULT(); -%} +function __p2i_flag : long (page:long) +{ + host = __p2i(page) + if (host == 0) + return -1 + return @cast(host, "inode", "kernel:nfs")->i_flags +} /*Get i_state from struct page*/ -function __p2i_state :long (page:long) %{ /* pure */ - struct page *page = (struct page *)((long)THIS->page); - struct address_space *mapping = page? kread(&(page->mapping)) : NULL; - struct inode *host = mapping? kread(&(mapping->host)) : NULL; - - if (host == NULL) - THIS->__retvalue = -1; - else - THIS->__retvalue = kread(&(host->i_state)); - CATCH_DEREF_FAULT(); -%} +function __p2i_state :long (page:long) +{ + host = __p2i(page) + if (host == 0) + return -1 + return @cast(host, "inode", "kernel:nfs")->i_state +} /*Get i_size from struct page*/ -function __p2i_size :long (page:long) %{ /* pure */ - struct page *page = (struct page *)((long)THIS->page); - struct address_space *mapping = page? kread(&(page->mapping)) : NULL; - struct inode *host = mapping? kread(&(mapping->host)) : NULL; - - if (host == NULL) - THIS->__retvalue = -1; - else - THIS->__retvalue = kread(&(host->i_size)); - CATCH_DEREF_FAULT(); -%} +function __p2i_size :long (page:long) +{ + host = __p2i(page) + if (host == 0) + return -1 + return @cast(host, "inode", "kernel:nfs")->i_size +} /*Get s_flags from struct page*/ -function __p2sb_flag:long (page:long) %{ /* pure */ - struct page *page = (struct page *)((long)THIS->page); - struct address_space *mapping = page? kread(&(page->mapping)) : NULL; - struct inode *host = mapping? kread(&(mapping->host)) : NULL; - struct super_block *i_sb = host? kread(&(host->i_sb)) : NULL; - - if (i_sb == NULL) - THIS->__retvalue = -1; - else - THIS->__retvalue = kread(&(i_sb->s_flags)); - CATCH_DEREF_FAULT(); -%} +function __p2sb_flag:long (page:long) +{ + host = __p2i(page) + i_sb = host? @cast(host, "inode", "kernel:nfs")->i_sb : 0 + if (i_sb == 0) + return -1 + return @cast(i_sb, "super_block", "kernel:nfs")->s_flags +} function __d_loff_t :long (ppos :long) %{ /* pure */ loff_t * ppos = (loff_t *) ((long)THIS->ppos); @@ -209,53 +190,47 @@ function __d_loff_t :long (ppos :long) %{ /* pure */ CATCH_DEREF_FAULT(); %} -function __file_inode:long (file:long) %{ /* pure */ - struct file *file = (struct file *)(long)THIS->file; - struct dentry *dentry = file? kread(&(file->f_dentry)) : NULL; - if (dentry == NULL) - THIS->__retvalue = 0; - else - THIS->__retvalue = (long)kread(&(dentry->d_inode)); - CATCH_DEREF_FAULT(); -%} +function __file_inode:long (file:long) +{ +%( kernel_v >= "2.6.20" %? + dentry = file? @cast(file, "file", "kernel:nfs")->f_path->dentry : 0 +%: + dentry = file? @cast(file, "file", "kernel:nfs")->f_dentry : 0 +%) + if (dentry == 0) + return 0 + return @cast(dentry, "dentry", "kernel:nfs")->d_inode +} -function __file_id:long (file:long) %{ /* pure */ - struct file *file = (struct file *)(long)THIS->file; - struct dentry *dentry = file? kread(&(file->f_dentry)) : NULL; - if (dentry == NULL) - THIS->__retvalue = 0; - else { - struct inode *d_inode = kread(&(dentry->d_inode)); - struct super_block *i_sb = kread(&(d_inode->i_sb)); - THIS->__retvalue = (long)&(i_sb->s_id); - } - CATCH_DEREF_FAULT(); -%} +function __file_id:long (file:long) +{ + d_inode = __file_inode(file) + if (d_inode == 0) + return 0 + return @cast(d_inode, "inode", "kernel:nfs")->i_sb->s_id +} -function __file_mode:long (file:long) %{ /* pure */ - struct file *file = (struct file *)(long)THIS->file; - struct dentry *dentry = file? kread(&(file->f_dentry)) : NULL; - if (dentry == NULL) - THIS->__retvalue = 0; - else { - struct inode *d_inode = kread(&(dentry->d_inode)); - THIS->__retvalue = kread(&(d_inode->i_mode)); - } - CATCH_DEREF_FAULT(); -%} +function __file_mode:long (file:long) +{ + d_inode = __file_inode(file) + if (d_inode == 0) + return 0 + return @cast(d_inode, "inode", "kernel:nfs")->i_mode +} -function __file_parentname:string (file:long) %{ /* pure */ - struct file *file = (struct file *)(long)THIS->file; - struct dentry *dentry = file? kread(&(file->f_dentry)) : NULL; - struct dentry *d_parent = dentry? kread(&(dentry->d_parent)) : NULL; - if (d_parent == NULL) - strlcpy(THIS->__retvalue, "NULL", MAXSTRINGLEN); - else { - const unsigned char *name = kread(&(d_parent->d_name.name)); - deref_string(THIS->__retvalue, name, MAXSTRINGLEN); - } - CATCH_DEREF_FAULT(); -%} +function __file_parentname:string (file:long) +{ +%( kernel_v >= "2.6.20" %? + dentry = file? @cast(file, "file", "kernel:nfs")->f_path->dentry : 0 +%: + dentry = file? @cast(file, "file", "kernel:nfs")->f_dentry : 0 +%) + d_parent = dentry? @cast(dentry, "dentry", "kernel:nfs")->d_parent : 0 + if (d_parent == 0) + return "NULL" + name = @cast(d_parent, "dentry", "kernel:nfs")->d_name->name + return kernel_string(name) +} /* * Combination of generic_segment_checks and iov_length functions @@ -349,8 +324,8 @@ probe nfs.fop.llseek = kernel.function ("nfs_file_llseek") !, { dev = __file_dev($filp) ino = __file_ino($filp) - s_id = __file_id($filp) - devname = kernel_string(s_id) + s_id = __file_id($filp) + devname = kernel_string(s_id) maxbyte = __file_maxbytes($filp) offset = $offset diff --git a/tapset/ppc64/registers.stp b/tapset/ppc64/registers.stp index 6a8ae279..e5decd81 100644 --- a/tapset/ppc64/registers.stp +++ b/tapset/ppc64/registers.stp @@ -64,6 +64,16 @@ function probing_32bit_app() %{ /* pure */ function _stp_get_register_by_offset:long (offset:long) %{ /* pure */ long value; + if (!CONTEXT->regs) { + CONTEXT->last_error = "No registers available in this context"; + return; + } + if (THIS->offset < 0 || THIS->offset > sizeof(struct pt_regs) - sizeof(long)) { + snprintf(CONTEXT->error_buffer, sizeof(CONTEXT->error_buffer), + "Bad register offset: %lld", THIS->offset); + CONTEXT->last_error = CONTEXT->error_buffer; + return; + } memcpy(&value, ((char *)CONTEXT->regs) + THIS->offset, sizeof(value)); THIS->__retvalue = value; %} diff --git a/tapset/process.stp b/tapset/process.stp index ca49aa67..e39f740a 100644 --- a/tapset/process.stp +++ b/tapset/process.stp @@ -5,7 +5,9 @@ // redistribute it and/or modify it under the terms of the GNU General // Public License (GPL); either version 2, or (at your option) any // later version. - +// <tapsetdescription> +// This family of probe points is used to probe process-related activities. +// </tapsetdescription> function _IS_ERR:long(ptr:long) %{ /* pure */ THIS->__retvalue = IS_ERR((const void *)(long)THIS->ptr); diff --git a/tapset/rpc.stp b/tapset/rpc.stp index f97117b5..1d47daed 100644 --- a/tapset/rpc.stp +++ b/tapset/rpc.stp @@ -877,60 +877,40 @@ probe sunrpc.sched.delay.return = kernel.function("rpc_delay").return !, *****************************************************************/ function xid_from_clnt:long(clnt:long) -%{ /* pure */ - struct rpc_clnt *clnt = (struct rpc_clnt *)(long)THIS->clnt; - if (clnt == NULL) - THIS->__retvalue = 0; - else { - struct rpc_xprt *cl_xprt = kread(&(clnt->cl_xprt)); - THIS->__retvalue = kread(&(cl_xprt->xid)); - } - CATCH_DEREF_FAULT(); -%} +{ + if (clnt == 0) + return 0 + return @cast(clnt, "rpc_clnt", "kernel:sunrpc")->cl_xprt->xid +} function prog_from_clnt:long(clnt:long) -%{ /* pure */ - struct rpc_clnt *clnt = (struct rpc_clnt *)(long)THIS->clnt; - if (clnt == NULL) - THIS->__retvalue = 0; - else { -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) - THIS->__retvalue = kread(&(clnt->cl_prog)); -#else - struct rpc_portmap *cl_pmap = kread(&(clnt->cl_pmap)); - THIS->__retvalue = kread(&(cl_pmap->pm_prog)); -#endif - } - CATCH_DEREF_FAULT(); -%} +{ + if (clnt == 0) + return 0 +%(kernel_v >= "2.6.19" %? + return @cast(clnt, "rpc_clnt", "kernel:sunrpc")->cl_prog +%: + return @cast(clnt, "rpc_clnt", "kernel:sunrpc")->cl_pmap->pm_prog +%) +} function vers_from_clnt:long(clnt:long) -%{ /* pure */ - struct rpc_clnt *clnt = (struct rpc_clnt *)(long)THIS->clnt; - if (clnt == NULL) - THIS->__retvalue = 0; - else { -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) - THIS->__retvalue = kread(&(clnt->cl_vers)); -#else - struct rpc_portmap *cl_pmap = kread(&(clnt->cl_pmap)); - THIS->__retvalue = kread(&(cl_pmap->pm_vers)); -#endif - } - CATCH_DEREF_FAULT(); -%} +{ + if (clnt == 0) + return 0 +%(kernel_v >= "2.6.19" %? + return @cast(clnt, "rpc_clnt", "kernel:sunrpc")->cl_vers +%: + return @cast(clnt, "rpc_clnt", "kernel:sunrpc")->cl_pmap->pm_vers +%) +} function prot_from_clnt:long(clnt:long) -%{ /* pure */ - struct rpc_clnt *clnt = (struct rpc_clnt *)(long)THIS->clnt; - if (clnt == NULL) - THIS->__retvalue = 0; - else { - struct rpc_xprt *cl_xprt = kread(&(clnt->cl_xprt)); - THIS->__retvalue = kread(&(cl_xprt->prot)); - } - CATCH_DEREF_FAULT(); -%} +{ + if (clnt == 0) + return 0 + return @cast(clnt, "rpc_clnt", "kernel:sunrpc")->cl_xprt->prot +} function port_from_clnt:long(clnt:long) %{ /* pure */ @@ -942,12 +922,14 @@ function port_from_clnt:long(clnt:long) struct sockaddr_in *sap = (struct sockaddr_in *) &cl_xprt->addr; THIS->__retvalue = ntohs(kread(&(sap->sin_port))); + } #else if (cl_xprt && kread(&(cl_xprt->addr.sin_family)) == AF_INET) { /* Now consider ipv4 only */ THIS->__retvalue = ntohs(kread(&(cl_xprt->addr.sin_port))); + } #endif - } else + else THIS->__retvalue = 0; CATCH_DEREF_FAULT(); %} @@ -975,16 +957,11 @@ function tasks_from_clnt:long(clnt:long) %} function proc_from_msg:long(msg:long) -%{ /* pure */ - struct rpc_message *msg = (struct rpc_message *)(long)THIS->msg; - if (msg == NULL) - THIS->__retvalue = 0; - else { - struct rpc_procinfo *rpc_proc = kread(&(msg->rpc_proc)); - THIS->__retvalue = kread(&(rpc_proc->p_proc)); - } - CATCH_DEREF_FAULT(); -%} +{ + if (msg == 0) + return 0 + return @cast(msg, "rpc_message", "kernel:sunrpc")->rpc_proc->p_proc +} function vers_from_prog:long(program:long, vers:long) %{ /* pure */ diff --git a/tapset/s390x/registers.stp b/tapset/s390x/registers.stp index 84e28348..37218d14 100644 --- a/tapset/s390x/registers.stp +++ b/tapset/s390x/registers.stp @@ -56,8 +56,18 @@ function _stp_probing_kernel: long () %{ /* pure */ function _stp_get_register_by_offset:long (offset:long) %{ /* pure */ long value; + if (!CONTEXT->regs) { + CONTEXT->last_error = "No registers available in this context"; + return; + } + if (THIS->offset < 0 || THIS->offset > sizeof(struct pt_regs) - sizeof(unsigned short)) { + snprintf(CONTEXT->error_buffer, sizeof(CONTEXT->error_buffer), + "Bad register offset: %lld", THIS->offset); + CONTEXT->last_error = CONTEXT->error_buffer; + return; + } - if (THIS->offset <= 152) + if (THIS->offset < sizeof(struct pt_regs) - 2 * sizeof(unsigned short)) memcpy(&value, ((char *)CONTEXT->regs) + THIS->offset, sizeof(value)); else { diff --git a/tapset/scsi.stp b/tapset/scsi.stp index 76b9a114..e1457739 100644 --- a/tapset/scsi.stp +++ b/tapset/scsi.stp @@ -5,7 +5,9 @@ // redistribute it and/or modify it under the terms of the GNU General // Public License (GPL); either version 2, or (at your option) any // later version. - +// <tapsetdescription> +// This family of probe points is used to probe SCSI activities. +// </tapsetdescription> %{ #include <linux/types.h> #include <scsi/scsi_cmnd.h> @@ -21,7 +23,7 @@ * @disk_minor: The minor number of the disk (-1 if no information) * @device_state: The current state of the device. */ -/* FIXME describe the device_state */ +// FIXME describe the device_state probe scsi.ioentry = module("scsi_mod").function("scsi_prep_fn@drivers/scsi/scsi_lib.c")?, kernel.function("scsi_prep_fn@drivers/scsi/scsi_lib.c")? @@ -44,9 +46,9 @@ probe scsi.ioentry * @lun: The lun number * @dev_id: The scsi device id * @device_state: The current state of the device. - * @data_direction: The data_direction specifies whether this command is from/to - * the device. 0 (DMA_BIDIRECTIONAL), 1 (DMA_TO_DEVICE), - * 2 (DMA_FROM_DEVICE), 3 (DMA_NONE) + * @data_direction: The data_direction specifies whether this command is from/to the device. + * 0 (DMA_BIDIRECTIONAL), 1 (DMA_TO_DEVICE), + * 2 (DMA_FROM_DEVICE), 3 (DMA_NONE) * @request_buffer: The request buffer address * @req_bufflen: The request buffer length */ @@ -79,7 +81,7 @@ probe scsi.iodispatching * @dev_id: The scsi device id * @device_state: The current state of the device * @data_direction: The data_direction specifies whether this command is - * from/to the device. + * from/to the device. */ probe scsi.iodone = module("scsi_mod").function("scsi_done@drivers/scsi/scsi.c")?, @@ -104,10 +106,10 @@ probe scsi.iodone * @dev_id: The scsi device id * @device_state: The current state of the device * @data_direction: The data_direction specifies whether this command is from/to - * the device + * the device * @goodbytes: The bytes completed. */ -/* mid-layer processes the completed IO */ +// mid-layer processes the completed IO probe scsi.iocompleted = module("scsi_mod").function("scsi_io_completion@drivers/scsi/scsi_lib.c")?, kernel.function("scsi_io_completion@drivers/scsi/scsi_lib.c")? @@ -136,9 +138,7 @@ function scsi_timer_pending:long(var:long) %} function get_devstate_from_req:long(var:long) -%{ /* pure */ - struct request_queue *q = (struct request_queue *)((long)THIS->var); - struct scsi_device *sdev = (struct scsi_device *)kread(&(q->queuedata)); - THIS->__retvalue = kread(&(sdev->sdev_state)); - CATCH_DEREF_FAULT(); -%} +{ + sdev = @cast(var, "request_queue", "kernel:scsi_mod")->queuedata + return @cast(sdev, "scsi_device", "kernel:scsi_mod")->sdev_state +} diff --git a/tapset/signal.stp b/tapset/signal.stp index f40958e6..711ee70f 100644 --- a/tapset/signal.stp +++ b/tapset/signal.stp @@ -8,16 +8,17 @@ // Public License (GPL); either version 2, or (at your option) any // later version. // -// Note : Since there are so many signals sent to processes at any give -// point, it's better to filter the information according to the -// requirements. For example, filter only for a particular signal -// (if sig==2) or filter only for a particular process -// (if pid_name==stap). // - +// <tapsetdescription> +// This family of probe points is used to probe signal activities. +// Since there are so many signals sent to processes at any given +// point, it is advisable to filter the information according to the +// requirements. For example, filter only for a particular signal +// (if sig==2) or for a particular process (if pid_name==stap). +// </tapsetdescription> /** - * probe signal.send- Fires when a system call or kernel function sends a signal to a process. + * probe signal.send - Signal being sent to a process * Arguments: * @sig: The number of the signal * @sig_name: A string representation of the signal @@ -27,7 +28,8 @@ * @task: A task handle to the signal recipient * @sinfo: The address of <command>siginfo</command> struct * @shared: Indicates whether the signal is shared by the thread group - * @send2queue- Indicates whether the signal is sent to an existing <command>sigqueue</command> + * @send2queue: Indicates whether the signal is sent to an existing + * <command>sigqueue</command> * @name: The name of the function used to send out the signal * * Context: @@ -114,14 +116,14 @@ probe _signal.send.part3 = kernel.function("send_sigqueue") } /** - * probe signal.send.return - Fires when a signal sent to a process returns. + * probe signal.send.return - Signal being sent to a process completed * @retstr: The return value to either <command>__group_send_sig_info</command>, - * <command>specific_send_sig_info</command>, or <command>send_sigqueue</command>. - * Refer to the Description of this probe for more information about the return - * values of each function call. + * <command>specific_send_sig_info</command>, + * or <command>send_sigqueue</command> * @shared: Indicates whether the sent signal is shared by the thread group. - * @send2queue: Indicates whether the sent signal was sent to an existing <command>sigqueue</command> - * @name: The name of the function used to send out the signal. + * @send2queue: Indicates whether the sent signal was sent to an + * existing <command>sigqueue</command> + * @name: The name of the function used to send out the signal * * Context: * The signal's sender. <remark>(correct?)</remark> @@ -129,24 +131,24 @@ probe _signal.send.part3 = kernel.function("send_sigqueue") * Possible <command>__group_send_sig_info</command> and * <command>specific_send_sig_info</command> return values are as follows; * - * <command>0</command> - The signal is sucessfully sent to a process, + * <command>0</command> -- The signal is sucessfully sent to a process, * which means that * <1> the signal was ignored by the receiving process, * <2> this is a non-RT signal and the system already has one queued, and * <3> the signal was successfully added to the <command>sigqueue</command> of the receiving process. * - * <command>-EAGAIN</command> - The <command>sigqueue</command> of the receiving process is + * <command>-EAGAIN</command> -- The <command>sigqueue</command> of the receiving process is * overflowing, the signal was RT, and the signal was sent by a user using something other * than <command>kill()</command> * * Possible <command>send_group_sigqueue</command> and * <command>send_sigqueue</command> return values are as follows; * - * <command>0</command> - The signal was either sucessfully added into the + * <command>0</command> -- The signal was either sucessfully added into the * <command>sigqueue</command> of the receiving process, or a <command>SI_TIMER</command> entry is already * queued (in which case, the overrun count will be simply incremented). * - * <command>1</command> - The signal was ignored by the receiving process. + * <command>1</command> -- The signal was ignored by the receiving process. * * * <command>-1</command> - (<command>send_sigqueue</command> only) The task was marked @@ -232,7 +234,7 @@ probe _signal.send.part3.return = kernel.function("send_sigqueue").return } /** - * probe signal.checkperm - Fires when a permission check is performed on a sent signal + * probe signal.checkperm - Check being performed on a sent signal * @sig: The number of the signal * @sig_name: A string representation of the signal * @sig_pid: The PID of the process receiving the signal @@ -240,7 +242,8 @@ probe _signal.send.part3.return = kernel.function("send_sigqueue").return * @si_code: Indicates the signal type * @task: A task handle to the signal recipient * @sinfo: The address of the <command>siginfo</command> structure - * @name: Name of the probe point; default value is <command>signal.checkperm</command> + * @name: Name of the probe point; default value is + * <command>signal.checkperm</command> */ probe signal.checkperm = kernel.function("check_kill_permission") { @@ -261,6 +264,12 @@ probe signal.checkperm = kernel.function("check_kill_permission") si_code="SI_USER or SI_TIMER or SI_ASYNCIO" } +/** + * probe signal.checkperm.return - Check performed on a sent signal completed + * @name: Name of the probe point; default value is + * <command>signal.checkperm</command> + * @retstr: Return value as a string + */ probe signal.checkperm.return = kernel.function("check_kill_permission").return { name = "signal.checkperm" @@ -269,15 +278,15 @@ probe signal.checkperm.return = kernel.function("check_kill_permission").return /** - * probe signal.wakeup - Wakes up a sleeping process, making it ready for new active signals - * @sig_pid: The PID of the process you wish to wake - * @pid_name: Name of the process you wish to wake - * @resume: Indicates whether to wake up a task in a <command>STOPPED</command> or - * <command>TRACED</command> state + * probe signal.wakeup - Sleeping process being wakened for signal + * @sig_pid: The PID of the process to wake + * @pid_name: Name of the process to wake + * @resume: Indicates whether to wake up a task in a + * <command>STOPPED</command> or <command>TRACED</command> state * @state_mask: A string representation indicating the mask - * of task states you wish to wake. Possible values are <command>TASK_INTERRUPTIBLE</command>, - * <command>TASK_STOPPED</command>, <command>TASK_TRACED</command>, - * and <command>TASK_INTERRUPTIBLE</command>. + * of task states to wake. Possible values are + * <command>TASK_INTERRUPTIBLE</command>, <command>TASK_STOPPED</command>, + * <command>TASK_TRACED</command>, and <command>TASK_INTERRUPTIBLE</command>. */ probe signal.wakeup = kernel.function("signal_wake_up") { @@ -293,8 +302,7 @@ probe signal.wakeup = kernel.function("signal_wake_up") /** - * probe signal.check_ignored - Fires when a system call or kernel function checks whether a - * signal was ignored or not + * probe signal.check_ignored - Checking to see signal is ignored * @sig_pid: The PID of the process receiving the signal * @pid_name: Name of the process receiving the signal * @sig: The number of the signal @@ -308,6 +316,12 @@ probe signal.check_ignored = kernel.function("sig_ignored") sig_name = _signal_name($sig) } +/** + * probe signal.check_ignored.return - Check to see signal is ignored completed + * @name: Name of the probe point; default value is + * <command>signal.checkperm</command> + * @retstr: Return value as a string + */ probe signal.check_ignored.return = kernel.function("sig_ignored").return ? { name = "sig_ignored" @@ -333,8 +347,7 @@ probe signal.handle_stop = kernel.function("handle_stop_signal") /** - * probe signal.force_segv - Fires when a system call, kernel function, or process sent a - * <command>SIGSEGV</command> as a result of problems it encountered while handling a received signal + * probe signal.force_segv - Forcing send of <command>SIGSEGV</command> * @sig_pid: The PID of the process receiving the signal * @pid_name: Name of the process receiving the signal * @sig: The number of the signal @@ -360,6 +373,12 @@ probe _signal.force_segv.part2 = kernel.function("force_sigsegv_info") ? sig_name = _signal_name($sig) } +/** + * probe signal.force_segv.return - Forcing send of <command>SIGSEGV</command> complete + * @name: Name of the probe point; default value is + * <command>force_sigsegv</command> + * @retstr: Return value as a string + */ probe signal.force_segv.return = kernel.function("force_sigsegv").return, kernel.function("force_sigsegv_info").return ? @@ -370,9 +389,8 @@ probe signal.force_segv.return = /** - * probe signal.syskill - Fires when the kernel function <command>sys_kill</command> - * sends a kill signal to a process - * @pid: The PID of the process receiving the kill signal + * probe signal.syskill - Sending kill signal to a process + * @pid: The PID of the process receiving the signal * @sig: The specific signal sent to the process */ probe signal.syskill = syscall.kill @@ -380,33 +398,43 @@ probe signal.syskill = syscall.kill sig_name = _signal_name($sig) } +/** + * probe signal.syskill.return - Sending kill signal completed + */ probe signal.syskill.return = syscall.kill.return { } + /** - * probe signal.sys_tkill - Fires when <command>tkill</command> sends a kill signal - * to a process that is part of a thread group + * probe signal.sys_tkill - Sending a kill signal to a thread * @pid: The PID of the process receiving the kill signal * @sig: The specific signal sent to the process + * @sig_name: The specific signal sent to the process + * * The <command>tkill</command> call is analogous to <command>kill(2)</command>, * except that it also allows a process within a specific thread group to - * be targetted. Such processes are targetted through their unique thread IDs (TID). + * be targetted. Such processes are targetted through their unique + * thread IDs (TID). */ probe signal.systkill = syscall.tkill { sig_name = _signal_name($sig) } +/** + * probe signal.systkill.return - Sending kill signal to a thread completed + */ probe signal.systkill.return = syscall.tkill.return { } /** - * probe signal.sys_tgkill - Fires when the kernel function <command>tgkill</command> - * sends a kill signal to a specific thread group + * probe signal.sys_tgkill - Sending kill signal to a thread group * @pid: The PID of the thread receiving the kill signal * @tgid: The thread group ID of the thread receiving the kill signal * @sig: The specific kill signal sent to the process + * @sig_name: A string representation of the signal + * * The <command>tgkill</command> call is similar to <command>tkill</command>, * except that it also allows the caller to specify the thread group ID of * the thread to be signalled. This protects against TID reuse. @@ -416,12 +444,15 @@ probe signal.systgkill = syscall.tgkill sig_name = _signal_name($sig) } +/** + * probe signal.sys_tgkill.return - Sending kill signal to a thread group completed + */ probe signal.systgkill.return = syscall.tgkill.return { } /** - * probe signal.send_sig_queue - Fires when a signal is queued to a process + * probe signal.send_sig_queue - Queuing a signal to a process * @sig: The queued signal * @sig_name: A string representation of the signal * @sig_pid: The PID of the process to which the signal is queued @@ -439,6 +470,10 @@ probe signal.send_sig_queue = sigqueue_addr = $q } +/** + * probe signal.send_sig_queue.return - Queuing a signal to a process completed + * @retstr: Return value as a string + */ probe signal.send_sig_queue.return = kernel.function("send_sigqueue").return, kernel.function("send_group_sigqueue").return ? @@ -448,25 +483,25 @@ probe signal.send_sig_queue.return = /** - * probe signal.pending - Fires when the <command>SIGPENDING</command> system call is used; - * this normally occurs when the <command>do_sigpending</command> kernel function is executed - * @sigset_add: The address of the user-space signal set (<command>sigset_t</command>) - * @sigset_size: The size of the user-space signal set. - * - * Synopsis: - * <programlisting>long do_sigpending(void __user *set, unsigned long sigsetsize)</programlisting> + * probe signal.pending - Examining pending signal + * @sigset_add: The address of the user-space signal set + * (<command>sigset_t</command>) + * @sigset_size: The size of the user-space signal set * * This probe is used to examine a set of signals pending for delivery - * to a specific thread. + * to a specific thread. This normally occurs when the + * <command>do_sigpending</command> kernel function is executed. */ -// long do_sigpending(void __user *set, unsigned long sigsetsize) - probe signal.pending = kernel.function("do_sigpending") { sigset_add=$set sigset_size=$sigsetsize } +/** + * probe signal.pending.return - Examination of pending signal completed + * @retstr: Return value as a string + */ probe signal.pending.return = kernel.function("do_sigpending").return { retstr = returnstr(1) @@ -474,22 +509,17 @@ probe signal.pending.return = kernel.function("do_sigpending").return /** - * probe signal.handle - Fires when the signal handler is invoked + * probe signal.handle - Signal handler being invoked * @sig: The signal number that invoked the signal handler * @sinfo: The address of the <command>siginfo</command> table - * @sig_code: The <command>si_code</command> value of the <command>siginfo</command> signal - * @ka_addr: The address of the <command>k_sigaction</command> table associated with the signal + * @sig_code: The <command>si_code</command> value of the + * <command>siginfo</command> signal + * @ka_addr: The address of the <command>k_sigaction</command> table + * associated with the signal * @oldset_addr: The address of the bitmask array of blocked signals * @regs: The address of the kernel-mode stack area * @sig_mode: Indicates whether the signal was a user-mode or kernel-mode signal - * - * Synopsis: - * <programlisting>static int handle_signal(unsigned long sig, siginfo_t *info, struct k_sigaction *ka, - * sigset_t *oldset, struct pt_regs * regs)</programlisting> */ -//static int handle_signal(unsigned long sig, siginfo_t *info, struct k_sigaction *ka, -// sigset_t *oldset, struct pt_regs * regs) - probe signal.handle = kernel.function("handle_signal") { sig = $sig @@ -508,6 +538,10 @@ probe signal.handle = kernel.function("handle_signal") sig_mode = "Kernel Mode Signal" } +/** + * probe signal.handle.return - Signal handler invocation completed + * @retstr: Return value as a string + */ probe signal.handle.return = kernel.function("handle_signal").return ? { retstr = returnstr(1) @@ -515,11 +549,12 @@ probe signal.handle.return = kernel.function("handle_signal").return ? /** - * probe signal.do_action - Initiates a trace when a thread is about to examine - * and change a signal action + * probe signal.do_action - Examining or changing a signal action * @sig: The signal to be examined/changed - * @sigact_addr: The address of the new <command>sigaction</command> struct associated with the signal - * @oldsigact_addr: The address of the old <command>sigaction</command> struct associated with the signal + * @sigact_addr: The address of the new <command>sigaction</command> + * struct associated with the signal + * @oldsigact_addr: The address of the old <command>sigaction</command> + * struct associated with the signal * @sa_handler: The new handler of the signal * @sa_mask: The new mask of the signal */ @@ -535,6 +570,10 @@ probe signal.do_action = kernel.function("do_sigaction") } } +/** + * probe signal.do_action.return - Examining or changing a signal action completed + * @retstr: Return value as a string + */ probe signal.do_action.return = kernel.function("do_sigaction").return { retstr = returnstr(1) @@ -554,16 +593,17 @@ function __get_action_mask:long(act:long) %{ /* pure */ /** - * probe signal.procmask - Initiates a trace when a thread is about to examine and change blocked signals + * probe signal.procmask - Examining or changing blocked signals * @how: Indicates how to change the blocked signals; possible values are * <command>SIG_BLOCK=0</command> (for blocking signals), * <command>SIG_UNBLOCK=1</command> (for unblocking signals), and * <command>SIG_SETMASK=2</command> for setting the signal mask. - * @sigset_addr: The address of the signal set (<command>sigset_t</command>) to be implemented - * @oldsigset_addr: The old address of the signal set (<command>sigset_t</command>) - * @sigset: The actual value to be set for <command>sigset_t</command> <remark>(correct?)</remark> - * Synopsis: - * <programlisting>int sigprocmask(int how, sigset_t *set, sigset_t *oldset)</programlisting> + * @sigset_addr: The address of the signal set (<command>sigset_t</command>) + * to be implemented + * @oldsigset_addr: The old address of the signal set + * (<command>sigset_t</command>) + * @sigset: The actual value to be set for <command>sigset_t</command> + * <remark>(correct?)</remark> */ probe signal.procmask = kernel.function("sigprocmask") { @@ -591,16 +631,13 @@ probe signal.procmask.return = kernel.function("sigprocmask").return /** - * probe signal.flush - Fires when all pending signals for a task are flushed + * probe signal.flush - Flusing all pending signals for a task * @task: The task handler of the process performing the flush - * @sig_pid: The PID of the process associated with the task performing the flush - * @pid_name: The name of the process associated with the task performing the flush - * - * Synopsis: - * <programlisting>void flush_signals(struct task_struct *t)</programlisting> + * @sig_pid: The PID of the process associated with the task + * performing the flush + * @pid_name: The name of the process associated with the task + * performing the flush */ -//void flush_signals(struct task_struct *t) - probe signal.flush = kernel.function("flush_signals") { task = $t @@ -608,17 +645,15 @@ probe signal.flush = kernel.function("flush_signals") pid_name = kernel_string($t->comm) } -function get_sa_flags:long (act:long) %{ /* pure */ - struct k_sigaction *act = (struct k_sigaction *)((long)THIS->act); - THIS->__retvalue = kread(&act->sa.sa_flags); - CATCH_DEREF_FAULT(); -%} +function get_sa_flags:long (act:long) +{ + return @cast(act, "k_sigaction", "kernel")->sa->sa_flags +} -function get_sa_handler:long (act:long) %{ /* pure */ - struct k_sigaction *act = (struct k_sigaction *)((long)THIS->act); - THIS->__retvalue = (long)kread(&act->sa.sa_handler); - CATCH_DEREF_FAULT(); -%} +function get_sa_handler:long (act:long) +{ + return @cast(act, "k_sigaction", "kernel")->sa->sa_handler +} // sa_mask contains the set of signals to be blocked when executing the // signal handler. This function returns a string, delimited by ",". diff --git a/tapset/socket.stp b/tapset/socket.stp index 842dbfc4..0f01b8d4 100644 --- a/tapset/socket.stp +++ b/tapset/socket.stp @@ -5,7 +5,9 @@ // redistribute it and/or modify it under the terms of the GNU General // Public License (GPL); either version 2, or (at your option) any // later version. - +// <tapsetdescription> +// This family of probe points is used to probe socket activities. +// </tapsetdescription> %{ #include <net/sock.h> #include <asm/bitops.h> @@ -65,8 +67,8 @@ probe socket.receive = socket.recvmsg.return, ### FUNCTION SPECIFIC SEND/RECEIVE PROBES ### -/* - * probe socket.sendmsg - Message being sent on socket +/** + * probe socket.sendmsg - Message is currently being sent on a socket. * @name: Name of this probe * @size: Message size in bytes * @protocol: Protocol value @@ -93,7 +95,7 @@ probe socket.sendmsg = kernel.function ("sock_sendmsg") } /** - * probe socket.sendmsg.return - Return from Message being sent on socket + * probe socket.sendmsg.return - Return from <command>socket.sendmsg</command>. * @name: Name of this probe * @size: Size of message sent (in bytes) or error code if success = 0 * @protocol: Protocol value @@ -149,7 +151,7 @@ probe socket.recvmsg = kernel.function ("sock_recvmsg") type = $sock->type } -/* +/** * probe socket.recvmsg.return - Return from Message being received on socket * @name: Name of this probe * @size: Size of message received (in bytes) or error code if success = 0 @@ -196,14 +198,14 @@ probe socket.recvmsg.return = kernel.function ("sock_recvmsg").return * Fires at the beginning of sending a message on a socket * via the sock_aio_write() function */ -/* - * 2.6.9~2.6.15: - * static ssize_t sock_aio_write(struct kiocb *iocb, const char __user *ubuf, size_t size, loff_t pos); - * 2.6.16~2.6.18: - * static ssize_t sock_aio_write(struct kiocb *iocb, const char __user *ubuf, size_t count, loff_t pos); - * 2.6.19~2.6.26: - * static ssize_t sock_aio_write(struct kiocb *iocb, const struct iovec *iov, unsigned long nr_segs, loff_t pos); - */ +// +// 2.6.9~2.6.15: +// static ssize_t sock_aio_write(struct kiocb *iocb, const char __user *ubuf, size_t size, loff_t pos); +// 2.6.16~2.6.18: +// static ssize_t sock_aio_write(struct kiocb *iocb, const char __user *ubuf, size_t count, loff_t pos); +// 2.6.19~2.6.26: +// static ssize_t sock_aio_write(struct kiocb *iocb, const struct iovec *iov, unsigned long nr_segs, loff_t pos); + probe socket.aio_write = kernel.function ("sock_aio_write") { name = "socket.aio_write" @@ -270,14 +272,14 @@ probe socket.aio_write.return = kernel.function ("sock_aio_write").return * Fires at the beginning of receiving a message on a socket * via the sock_aio_read() function */ -/* - * 2.6.9~2.6.15: - * static ssize_t sock_aio_read(struct kiocb *iocb, char __user *ubuf, size_t size, loff_t pos); - * 2.6.16~2.6.18: - * static ssize_t sock_aio_read(struct kiocb *iocb, char __user *ubuf, size_t count, loff_t pos); - * 2.6.19~2.6.26: - * static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov, unsigned long nr_segs, loff_t pos); - */ +// +// 2.6.9~2.6.15: +// static ssize_t sock_aio_read(struct kiocb *iocb, char __user *ubuf, size_t size, loff_t pos); +// 2.6.16~2.6.18: +// static ssize_t sock_aio_read(struct kiocb *iocb, char __user *ubuf, size_t count, loff_t pos); +// 2.6.19~2.6.26: +// static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov, unsigned long nr_segs, loff_t pos); + probe socket.aio_read = kernel.function ("sock_aio_read") { name = "socket.aio_read" @@ -541,18 +543,16 @@ probe socket.close.return = kernel.function ("sock_release").return ####### PROTOCOL HELPER FUNCTIONS ######## -/* - * sock_prot_num2str - * Given a protocol number, return a string representation. +/** + * sfunction sock_prot_num2str - Given a protocol number, return a string representation. */ function sock_prot_num2str:string (proto:long) { return (proto in _prot_num2str ? _prot_num2str[proto] : "UNDEF") } -/* - * sock_prot_str2num - * Given a protocol name (string), return the corresponding protocol number. +/** + * sfunction sock_prot_str2num - Given a protocol name (string), return the corresponding protocol number. */ function sock_prot_str2num:long (proto:string) { @@ -561,18 +561,16 @@ function sock_prot_str2num:long (proto:string) ######### PROTOCOL FAMILY HELPER FUNCTIONS ########### -/* - * sock_fam_num2str - * Given a protocol family number, return a string representation. +/** + * sfunction sock_fam_num2str - Given a protocol family number, return a string representation. */ function sock_fam_num2str:string (family:long) { return (family in _fam_num2str ? _fam_num2str[family] : "UNDEF") } -/* - * sock_fam_str2num - * Given a protocol family name (string), return the corresponding +/** + * sfunction sock_fam_str2num - Given a protocol family name (string), return the corresponding * protocol family number. */ function sock_fam_str2num:long (family:string) @@ -582,18 +580,16 @@ function sock_fam_str2num:long (family:string) ######### SOCKET STATE HELPER FUNCTIONS ########## -/* - * sock_state_num2str - * Given a socket state number, return a string representation. +/** + * sfunction sock_state_num2str - Given a socket state number, return a string representation. */ function sock_state_num2str:string (state:long) { return (state in _state_num2str ? _state_num2str[state] : "UNDEF") } -/* - * sock_state_str2num - * Given a socket state string, return the corresponding state number. +/** + * sfunction sock_state_str2num - Given a socket state string, return the corresponding state number. */ function sock_state_str2num:long (state:string) { @@ -922,53 +918,43 @@ function _get_sock_size:long (iov:long, nr_segs:long) %} function _sock_prot_num:long (sock:long) -%{ /* pure */ - struct socket *sktp = (struct socket *)(long)(THIS->sock); - struct sock *skp = sktp? kread(&(sktp->sk)) : NULL; - if (skp == NULL) - THIS->__retvalue = -1; +{ + skp = sock? @cast(sock, "socket", "kernel")->sk : 0 + if (skp == 0) + return -1 else - THIS->__retvalue = kread(&(skp->sk_protocol)); - CATCH_DEREF_FAULT(); -%} + return @cast(skp, "sock", "kernel")->sk_protocol +} function _sock_fam_num:long (sock:long) -%{ /* pure */ - struct socket *sockp = (struct socket *)(long)(THIS->sock); - const struct proto_ops *ops = sockp? kread(&(sockp->ops)) : NULL; - if (ops == NULL) - THIS->__retvalue = -1; +{ + ops = sock? @cast(sock, "socket", "kernel")->ops : 0 + if (ops == 0) + return -1 else - THIS->__retvalue = kread(&(ops->family)); - CATCH_DEREF_FAULT(); -%} + return @cast(ops, "proto_ops", "kernel")->family +} function _sock_state_num:long (sock:long) -%{ /* pure */ - struct socket *sockp = (struct socket *)(long)(THIS->sock); - if (sockp == NULL) - THIS->__retvalue = -1; +{ + if (sock == 0) + return -1 else - THIS->__retvalue = kread(&(sockp->state)); - CATCH_DEREF_FAULT(); -%} + return @cast(sock, "socket", "kernel")->state +} function _sock_type_num:long (sock:long) -%{ /* pure */ - struct socket *sockp = (struct socket *)(long)(THIS->sock); - if (sockp == NULL) - THIS->__retvalue = -1; - else - THIS->__retvalue = kread(&(sockp->type)); - CATCH_DEREF_FAULT(); -%} +{ + if (sock == 0) + return -1 + else + return @cast(sock, "socket", "kernel")->type +} function _sock_flags_num:long (sock:long) -%{ /* pure */ - struct socket *sockp = (struct socket *)(long)(THIS->sock); - if (sockp == NULL) - THIS->__retvalue = -1; - else - THIS->__retvalue = kread(&(sockp->flags)); - CATCH_DEREF_FAULT(); -%} +{ + if (sock == 0) + return -1 + else + return @cast(sock, "socket", "kernel")->flags +} diff --git a/tapset/syscalls.stp b/tapset/syscalls.stp index 4744412a..256174d3 100644 --- a/tapset/syscalls.stp +++ b/tapset/syscalls.stp @@ -28,28 +28,32 @@ # accept _____________________________________________________ # long sys_accept(int fd, struct sockaddr __user *upeer_sockaddr, # int __user *upeer_addrlen) -probe syscall.accept = kernel.function("sys_accept") ? { +probe syscall.accept = kernel.function("SyS_accept") !, + kernel.function("sys_accept") ? { name = "accept" sockfd = $fd addr_uaddr = $upeer_sockaddr addrlen_uaddr = $upeer_addrlen argstr = sprintf("%d, %p, %p", $fd, $upeer_sockaddr, $upeer_addrlen) } -probe syscall.accept.return = kernel.function("sys_accept").return ? { +probe syscall.accept.return = kernel.function("SyS_accept").return !, + kernel.function("sys_accept").return ? { name = "accept" retstr = returnstr(1) } # access _____________________________________________________ # long sys_access(const char __user * filename, int mode) -probe syscall.access = kernel.function("sys_access") { +probe syscall.access = kernel.function("SyS_access") !, + kernel.function("sys_access") { name = "access" pathname = user_string($filename) mode = $mode mode_str = _access_mode_str($mode) argstr = sprintf("%s, %s", user_string_quoted($filename), mode_str) } -probe syscall.access.return = kernel.function("sys_access").return { +probe syscall.access.return = kernel.function("SyS_access").return !, + kernel.function("sys_access").return { name = "access" retstr = returnstr(1) } @@ -73,7 +77,8 @@ probe syscall.acct.return = kernel.function("sys_acct").return ? { # size_t plen, # key_serial_t ringid) # -probe syscall.add_key = kernel.function("sys_add_key") ? { +probe syscall.add_key = kernel.function("SyS_add_key") !, + kernel.function("sys_add_key") ? { name = "add_key" type_uaddr = $_type description_auddr = $_description @@ -86,14 +91,16 @@ probe syscall.add_key = kernel.function("sys_add_key") ? { text_strn(user_string($_payload),syscall_string_trunc,1), $plen, $ringid) } -probe syscall.add_key.return = kernel.function("sys_add_key").return ? { +probe syscall.add_key.return = kernel.function("SyS_add_key").return !, + kernel.function("sys_add_key").return ? { name = "add_key" retstr = returnstr(1) } # adjtimex ___________________________________________________ # long sys_adjtimex(struct timex __user *txc_p) -probe syscall.adjtimex = kernel.function("sys_adjtimex") { +probe syscall.adjtimex = kernel.function("SyS_adjtimex") !, + kernel.function("sys_adjtimex") { name = "adjtimex" /* @@ -111,7 +118,8 @@ probe syscall.adjtimex = kernel.function("sys_adjtimex") { */ argstr = sprintf("%p", $txc_p) } -probe syscall.adjtimex.return = kernel.function("sys_adjtimex").return { +probe syscall.adjtimex.return = kernel.function("SyS_adjtimex").return !, + kernel.function("sys_adjtimex").return { name = "adjtimex" retstr = _adjtimex_return_str($return) } @@ -130,16 +138,18 @@ probe syscall.compat_adjtimex.return = kernel.function("compat_sys_adjtimex").re # long sys32_alarm(unsigned int seconds) # probe syscall.alarm = - kernel.function("sys_alarm") ?, - kernel.function("sys32_alarm") ? + kernel.function("sys32_alarm") ?, + kernel.function("SyS_alarm") !, + kernel.function("sys_alarm") ? { name = "alarm" seconds = $seconds argstr = sprint($seconds) } probe syscall.alarm.return = - kernel.function("sys_alarm").return ?, - kernel.function("sys32_alarm").return ? + kernel.function("sys32_alarm").return ?, + kernel.function("SyS_alarm").return !, + kernel.function("sys_alarm").return ? { name = "alarm" retstr = returnstr(1) @@ -147,7 +157,8 @@ probe syscall.alarm.return = # bdflush ____________________________________________________ # long sys_bdflush(int func,long data) -probe syscall.bdflush = kernel.function("sys_bdflush") ? { +probe syscall.bdflush = kernel.function("SyS_bdflush") !, + kernel.function("sys_bdflush") ? { name = "bdflush" func = $func data = $data @@ -157,21 +168,24 @@ probe syscall.bdflush = kernel.function("sys_bdflush") ? { data_str = sprintf("%d", $data) argstr = sprintf("%d, %s",func, data_str) } -probe syscall.bdflush.return = kernel.function("sys_bdflush").return ? { +probe syscall.bdflush.return = kernel.function("SyS_bdflush").return !, + kernel.function("sys_bdflush").return ? { name = "bdflush" retstr = returnstr(1) } # bind _______________________________________________________ # long sys_bind(int fd, struct sockaddr __user *umyaddr, int addrlen) -probe syscall.bind = kernel.function("sys_bind") ? { +probe syscall.bind = kernel.function("SyS_bind") !, + kernel.function("sys_bind") ? { name = "bind" sockfd = $fd my_addr_uaddr = $umyaddr addrlen = $addrlen argstr = sprintf("%d, %s, %d", $fd, _struct_sockaddr_u($umyaddr,$addrlen),$addrlen) } -probe syscall.bind.return = kernel.function("sys_bind").return ? { +probe syscall.bind.return = kernel.function("SyS_bind").return !, + kernel.function("sys_bind").return ? { name = "bind" retstr = returnstr(1) } @@ -179,16 +193,18 @@ probe syscall.bind.return = kernel.function("sys_bind").return ? { # brk ________________________________________________________ # unsigned long sys_brk(unsigned long brk) probe syscall.brk = - kernel.function("sys_brk"), - kernel.function("ia64_brk") ? + kernel.function("ia64_brk") ?, + kernel.function("SyS_brk") !, + kernel.function("sys_brk") { name = "brk" brk = $brk argstr = sprintf("%p", brk) } probe syscall.brk.return = - kernel.function("sys_brk").return, - kernel.function("ia64_brk").return ? + kernel.function("ia64_brk").return ?, + kernel.function("SyS_brk").return !, + kernel.function("sys_brk").return { name = "brk" retstr = returnstr(1) @@ -207,13 +223,15 @@ probe syscall.brk.return = * functions to export. */ # long sys_capget(cap_user_header_t header, cap_user_data_t dataptr) -probe syscall.capget = kernel.function("sys_capget") { +probe syscall.capget = kernel.function("SyS_capget") !, + kernel.function("sys_capget") { name = "capget" header_uaddr = $header data_uaddr = $dataptr argstr = sprintf("%p, %p", $header, $dataptr) } -probe syscall.capget.return = kernel.function("sys_capget").return { +probe syscall.capget.return = kernel.function("SyS_capget").return !, + kernel.function("sys_capget").return { name = "capget" retstr = returnstr(1) } @@ -230,52 +248,60 @@ probe syscall.capget.return = kernel.function("sys_capget").return { * functions to export. */ # long sys_capset(cap_user_header_t header, const cap_user_data_t data) -probe syscall.capset = kernel.function("sys_capset") { +probe syscall.capset = kernel.function("SyS_capset") !, + kernel.function("sys_capset") { name = "capset" header_uaddr = $header data_uaddr = $data argstr = sprintf("%p, %p", $header, $data) } -probe syscall.capset.return = kernel.function("sys_capset").return { +probe syscall.capset.return = kernel.function("SyS_capset").return !, + kernel.function("sys_capset").return { name = "capset" retstr = returnstr(1) } # chdir ______________________________________________________ # long sys_chdir(const char __user * filename) -probe syscall.chdir = kernel.function("sys_chdir") { +probe syscall.chdir = kernel.function("SyS_chdir") !, + kernel.function("sys_chdir") { name = "chdir" path = user_string($filename) argstr = user_string_quoted($filename) } -probe syscall.chdir.return = kernel.function("sys_chdir").return { +probe syscall.chdir.return = kernel.function("SyS_chdir").return !, + kernel.function("sys_chdir").return { name = "chdir" retstr = returnstr(1) } # chmod ______________________________________________________ # long sys_chmod(const char __user * filename, mode_t mode) -probe syscall.chmod = kernel.function("sys_chmod") { +probe syscall.chmod = kernel.function("SyS_chmod") !, + kernel.function("sys_chmod") { name = "chmod" path = user_string($filename) mode = $mode argstr = sprintf("%s, %#o", user_string_quoted($filename), mode) } -probe syscall.chmod.return = kernel.function("sys_chmod").return { +probe syscall.chmod.return = kernel.function("SyS_chmod").return !, + kernel.function("sys_chmod").return { name = "chmod" retstr = returnstr(1) } # chown ______________________________________________________ # long sys_chown(const char __user * filename, uid_t user, gid_t group) -probe syscall.chown = kernel.function("sys_chown") { +probe syscall.chown = kernel.function("SyS_chown") !, + kernel.function("sys_chown") { name = "chown" path = user_string($filename) owner = __int32($user) group = __int32($group) argstr = sprintf("%s, %d, %d",user_string_quoted($filename), owner, group) } -probe syscall.chown.return = kernel.function("sys_chown").return { +probe syscall.chown.return = kernel.function("SyS_chown").return !, + kernel.function("sys_chown").return { name = "chown" retstr = returnstr(1) } @@ -297,12 +323,14 @@ probe syscall.chown16.return = kernel.function("sys_chown16").return ? { # chroot _____________________________________________________ # long sys_chroot(const char __user * filename) -probe syscall.chroot = kernel.function("sys_chroot") { +probe syscall.chroot = kernel.function("SyS_chroot") !, + kernel.function("sys_chroot") { name = "chroot" path = user_string($filename) argstr = user_string_quoted($filename) } -probe syscall.chroot.return = kernel.function("sys_chroot").return { +probe syscall.chroot.return = kernel.function("SyS_chroot").return !, + kernel.function("sys_chroot").return { name = "chroot" retstr = returnstr(1) } @@ -312,8 +340,9 @@ probe syscall.chroot.return = kernel.function("sys_chroot").return { # long compat_clock_getres(clockid_t which_clock, struct compat_timespec __user *tp) # probe syscall.clock_getres = - kernel.function("sys_clock_getres"), - kernel.function("compat_clock_getres") ? + kernel.function("compat_clock_getres") ?, + kernel.function("SyS_clock_getres") !, + kernel.function("sys_clock_getres") { name = "clock_getres" clk_id = $which_clock @@ -322,8 +351,9 @@ probe syscall.clock_getres = argstr = sprintf("%s, %p", _get_wc_str($which_clock), $tp) } probe syscall.clock_getres.return = - kernel.function("sys_clock_getres").return, - kernel.function("compat_clock_getres").return ? + kernel.function("compat_clock_getres").return ?, + kernel.function("SyS_clock_getres").return !, + kernel.function("sys_clock_getres").return { name = "clock_getres" retstr = returnstr(1) @@ -333,6 +363,7 @@ probe syscall.clock_getres.return = # long sys_clock_gettime(clockid_t which_clock, struct timespec __user *tp) # probe syscall.clock_gettime = + kernel.function("SyS_clock_gettime") !, kernel.function("sys_clock_gettime") { name = "clock_gettime" @@ -340,7 +371,9 @@ probe syscall.clock_gettime = clk_id_str = _get_wc_str($which_clock) argstr = sprintf("%s, %p", _get_wc_str($which_clock), $tp) } -probe syscall.clock_gettime.return = kernel.function("sys_clock_gettime").return +probe syscall.clock_gettime.return = + kernel.function("SyS_clock_gettime").return !, + kernel.function("sys_clock_gettime").return { name = "clock_gettime" retstr = returnstr(1) @@ -352,7 +385,8 @@ probe syscall.clock_gettime.return = kernel.function("sys_clock_gettime").return # const struct timespec __user *rqtp, # struct timespec __user *rmtp) # -probe syscall.clock_nanosleep = kernel.function("sys_clock_nanosleep") { +probe syscall.clock_nanosleep = kernel.function("SyS_clock_nanosleep") !, + kernel.function("sys_clock_nanosleep") { name = "clock_nanosleep" if ($flags == 1) flag_str = "TIMER_ABSTIME" @@ -361,7 +395,9 @@ probe syscall.clock_nanosleep = kernel.function("sys_clock_nanosleep") { argstr = sprintf("%s, %s, %s, %p", _get_wc_str($which_clock), flag_str, _struct_timespec_u($rqtp,1), $rmtp) } -probe syscall.clock_nanosleep.return = kernel.function("sys_clock_nanosleep").return { +probe syscall.clock_nanosleep.return = + kernel.function("SyS_clock_nanosleep").return !, + kernel.function("sys_clock_nanosleep").return { name = "clock_nanosleep" retstr = returnstr(1) } @@ -395,53 +431,61 @@ probe syscall.compat_clock_nanosleep.return = # long sys_clock_settime(clockid_t which_clock, # const struct timespec __user *tp) # -probe syscall.clock_settime = kernel.function("sys_clock_settime") { +probe syscall.clock_settime = kernel.function("SyS_clock_settime") !, + kernel.function("sys_clock_settime") { name = "clock_settime" clk_id = $which_clock clk_id_str = _get_wc_str($which_clock) tp_uaddr = $tp argstr = sprintf("%s, %s", clk_id_str, _struct_timespec_u($tp,1)) } -probe syscall.clock_settime.return = kernel.function("sys_clock_settime").return { +probe syscall.clock_settime.return = kernel.function("SyS_clock_settime").return !, + kernel.function("sys_clock_settime").return { name = "clock_settime" retstr = returnstr(1) } # close ______________________________________________________ # long sys_close(unsigned int fd) -probe syscall.close = kernel.function("sys_close") { +probe syscall.close = kernel.function("SyS_close") !, + kernel.function("sys_close") { name = "close" fd = $fd argstr = sprint(fd) } -probe syscall.close.return = kernel.function("sys_close").return { +probe syscall.close.return = kernel.function("SyS_close").return !, + kernel.function("sys_close").return { name = "close" retstr = returnstr(1) } # connect ____________________________________________________ # long sys_connect(int fd, struct sockaddr __user *uservaddr, int addrlen) -probe syscall.connect = kernel.function("sys_connect") ? { +probe syscall.connect = kernel.function("SyS_connect") !, + kernel.function("sys_connect") ? { name = "connect" sockfd = $fd serv_addr_uaddr = $uservaddr addrlen = $addrlen argstr = sprintf("%d, %s, %d", $fd, _struct_sockaddr_u($uservaddr,$addrlen),$addrlen) } -probe syscall.connect.return = kernel.function("sys_connect").return ? { +probe syscall.connect.return = kernel.function("SyS_connect").return !, + kernel.function("sys_connect").return ? { name = "connect" retstr = returnstr(1) } # creat # long sys_creat(const char __user * pathname, int mode) -probe syscall.creat = kernel.function("sys_creat") ? +probe syscall.creat = kernel.function("SyS_creat") !, + kernel.function("sys_creat") ? { name = "creat" mode = $mode pathname = user_string($pathname) argstr = sprintf("%s, %#o", user_string_quoted($pathname), $mode) } -probe syscall.creat.return = kernel.function("sys_creat").return ? +probe syscall.creat.return = kernel.function("SyS_creat").return !, + kernel.function("sys_creat").return ? { name = "creat" retstr = returnstr(1) @@ -449,50 +493,59 @@ probe syscall.creat.return = kernel.function("sys_creat").return ? # delete_module ______________________________________________ # long sys_delete_module(const char __user *name_user, unsigned int flags) -probe syscall.delete_module = kernel.function("sys_delete_module") ? { +probe syscall.delete_module = kernel.function("SyS_delete_module") !, + kernel.function("sys_delete_module") ? { name = "delete_module" name_user = user_string($name_user) flags = $flags argstr = sprintf("%s, %s", user_string_quoted($name_user), _module_flags_str($flags)) } -probe syscall.delete_module.return = kernel.function("sys_delete_module").return ? { +probe syscall.delete_module.return = kernel.function("SyS_delete_module").return !, + kernel.function("sys_delete_module").return ? { name = "delete_module" retstr = returnstr(1) } # dup ________________________________________________________ # long sys_dup(unsigned int fildes) -probe syscall.dup = kernel.function("sys_dup") { +probe syscall.dup = kernel.function("SyS_dup") !, + kernel.function("sys_dup") { name = "dup" oldfd = $fildes argstr = sprint($fildes) } -probe syscall.dup.return = kernel.function("sys_dup").return { +probe syscall.dup.return = kernel.function("SyS_dup").return !, + kernel.function("sys_dup").return { name = "dup" retstr = returnstr(1) } # dup2 _______________________________________________________ # long sys_dup2(unsigned int oldfd, unsigned int newfd) -probe syscall.dup2 = kernel.function("sys_dup2") { +probe syscall.dup2 = kernel.function("SyS_dup2") !, + kernel.function("sys_dup2") { name = "dup2" oldfd = $oldfd newfd = $newfd argstr = sprintf("%d, %d", $oldfd, $newfd) } -probe syscall.dup2.return = kernel.function("sys_dup2").return { +probe syscall.dup2.return = kernel.function("SyS_dup2").return !, + kernel.function("sys_dup2").return { name = "dup2" retstr = returnstr(1) } # epoll_create _______________________________________________ # long sys_epoll_create(int size) -probe syscall.epoll_create = kernel.function("sys_epoll_create") ? { +probe syscall.epoll_create = kernel.function("SyS_epoll_create") !, + kernel.function("sys_epoll_create") ? { name = "epoll_create" size = $size argstr = sprint($size) } -probe syscall.epoll_create.return = kernel.function("sys_epoll_create").return ? { +probe syscall.epoll_create.return = + kernel.function("SyS_epoll_create").return !, + kernel.function("sys_epoll_create").return ? { name = "epoll_create" retstr = returnstr(1) } @@ -504,8 +557,9 @@ probe syscall.epoll_create.return = kernel.function("sys_epoll_create").return ? # struct compat_epoll_event __user *event) # probe syscall.epoll_ctl = - kernel.function("sys_epoll_ctl") ?, - kernel.function("compat_sys_epoll_ctl") ? + kernel.function("compat_sys_epoll_ctl") ?, + kernel.function("SyS_epoll_ctl") !, + kernel.function("sys_epoll_ctl") ? { name = "epoll_ctl" epfd = $epfd @@ -516,8 +570,9 @@ probe syscall.epoll_ctl = argstr = sprintf("%d, %s, %d, %p", $epfd, _opoll_op_str($op), $fd, $event) } probe syscall.epoll_ctl.return = - kernel.function("sys_epoll_ctl").return ?, - kernel.function("compat_sys_epoll_ctl").return ? + kernel.function("compat_sys_epoll_ctl").return ?, + kernel.function("SyS_epoll_ctl").return !, + kernel.function("sys_epoll_ctl").return ? { name = "epoll_ctl" retstr = returnstr(1) @@ -535,16 +590,18 @@ probe syscall.epoll_ctl.return = # compat_size_t sigsetsize) # probe syscall.epoll_pwait = - kernel.function("sys_epoll_pwait") ?, - kernel.function("compat_sys_epoll_pwait") ? + kernel.function("compat_sys_epoll_pwait") ?, + kernel.function("SyS_epoll_pwait") !, + kernel.function("sys_epoll_pwait") ? { name = "epoll_pwait" argstr = sprintf("%d, %p, %d, %d, %p, %d", $epfd, $events, $maxevents, $timeout, $sigmask, $sigsetsize) } probe syscall.epoll_pwait.return = - kernel.function("sys_epoll_pwait").return ?, - kernel.function("compat_sys_epoll_pwait").return ? + kernel.function("compat_sys_epoll_pwait").return ?, + kernel.function("SyS_epoll_pwait").return !, + kernel.function("sys_epoll_pwait").return ? { name = "epoll_pwait" retstr = returnstr(1) @@ -559,8 +616,9 @@ probe syscall.epoll_pwait.return = # int maxevents, int timeout) # probe syscall.epoll_wait = - kernel.function("sys_epoll_wait") ?, - kernel.function("compat_sys_epoll_wait") ? + kernel.function("compat_sys_epoll_wait") ?, + kernel.function("SyS_epoll_wait") !, + kernel.function("sys_epoll_wait") ? { name = "epoll_wait" epfd = $epfd @@ -570,8 +628,9 @@ probe syscall.epoll_wait = argstr = sprintf("%d, %p, %d, %d", $epfd, $events, $maxevents, $timeout) } probe syscall.epoll_wait.return = - kernel.function("sys_epoll_wait").return ?, - kernel.function("compat_sys_epoll_wait").return ? + kernel.function("compat_sys_epoll_wait").return ?, + kernel.function("SyS_epoll_wait").return !, + kernel.function("sys_epoll_wait").return ? { name = "epoll_wait" retstr = returnstr(1) @@ -580,11 +639,13 @@ probe syscall.epoll_wait.return = # eventfd _____________________________________________________ # long sys_eventfd(unsigned int count) # -probe syscall.eventfd = kernel.function("sys_eventfd") ? { +probe syscall.eventfd = kernel.function("SyS_eventfd") !, + kernel.function("sys_eventfd") ? { name = "eventfd" argstr = sprint($count) } -probe syscall.eventfd.return = kernel.function("sys_eventfd").return ? { +probe syscall.eventfd.return = kernel.function("SyS_eventfd").return !, + kernel.function("sys_eventfd").return ? { name = "eventfd" retstr = returnstr(1) } @@ -636,7 +697,8 @@ probe syscall.exit = kernel.function("do_exit") { # exit_group _________________________________________________ # void sys_exit_group(int error_code) # -probe syscall.exit_group = kernel.function("sys_exit_group") { +probe syscall.exit_group = kernel.function("SyS_exit_group") !, + kernel.function("sys_exit_group") { name = "exit_group" status = $error_code argstr = sprint($error_code) @@ -647,7 +709,8 @@ probe syscall.exit_group = kernel.function("sys_exit_group") { # faccessat __________________________________________________ # new function with 2.6.16 # long sys_faccessat(int dfd, const char __user *filename, int mode) -probe syscall.faccessat = kernel.function("sys_faccessat") ? { +probe syscall.faccessat = kernel.function("SyS_faccessat") !, + kernel.function("sys_faccessat") ? { name = "faccessat" dfd = $dfd dfd_str = _dfd_str($dfd) @@ -657,7 +720,8 @@ probe syscall.faccessat = kernel.function("sys_faccessat") ? { mode_str = _access_mode_str($mode) argstr = sprintf("%s, %s, %s", dfd_str, user_string_quoted($filename), mode_str) } -probe syscall.faccessat.return = kernel.function("sys_faccessat").return ? { +probe syscall.faccessat.return = kernel.function("SyS_faccessat").return !, + kernel.function("sys_faccessat").return ? { name = "faccessat" retstr = returnstr(1) } @@ -666,7 +730,8 @@ probe syscall.faccessat.return = kernel.function("sys_faccessat").return ? { # fadvise64 __________________________________________________ # long sys_fadvise64(int fd, loff_t offset, size_t len, int advice) # -probe syscall.fadvise64 = kernel.function("sys_fadvise64") ? { +probe syscall.fadvise64 = kernel.function("SyS_fadvise64") !, + kernel.function("sys_fadvise64") ? { name = "fadvise64" fs = $fd offset = $offset @@ -674,7 +739,8 @@ probe syscall.fadvise64 = kernel.function("sys_fadvise64") ? { advice = $advice argstr = sprintf("%d, %d, %d, %s", $fd, $offset, $len, _fadvice_advice_str($advice)) } -probe syscall.fadvise64.return = kernel.function("sys_fadvise64").return ? { +probe syscall.fadvise64.return = kernel.function("SyS_fadvise64").return !, + kernel.function("sys_fadvise64").return ? { name = "fadvise64" retstr = returnstr(1) } @@ -682,7 +748,8 @@ probe syscall.fadvise64.return = kernel.function("sys_fadvise64").return ? { # fadvise64_64 _______________________________________________ # long sys_fadvise64_64(int fd, loff_t offset, loff_t len, int advice) # -probe syscall.fadvise64_64 = kernel.function("sys_fadvise64_64") { +probe syscall.fadvise64_64 = kernel.function("SyS_fadvise64_64") !, + kernel.function("sys_fadvise64_64") ? { name = "fadvise64_64" fs = $fd offset = $offset @@ -690,7 +757,8 @@ probe syscall.fadvise64_64 = kernel.function("sys_fadvise64_64") { advice = $advice argstr = sprintf("%d, %d, %d, %s", $fd, $offset, $len, _fadvice_advice_str($advice)) } -probe syscall.fadvise64_64.return = kernel.function("sys_fadvise64_64").return { +probe syscall.fadvise64_64.return = kernel.function("SyS_fadvise64_64").return !, + kernel.function("sys_fadvise64_64").return ? { name = "fadvise64_64" retstr = returnstr(1) } @@ -700,7 +768,8 @@ probe syscall.fadvise64_64.return = kernel.function("sys_fadvise64_64").return # fadvise64 __________________________________________________ # long sys_fadvise64(int fd, loff_t offset, size_t len, int advice) # -probe syscall.fadvise64 = kernel.function("sys_fadvise64") { +probe syscall.fadvise64 = kernel.function("SyS_fadvise64") !, + kernel.function("sys_fadvise64") { name = "fadvise64" fs = 0 offset = 0 @@ -708,7 +777,8 @@ probe syscall.fadvise64 = kernel.function("sys_fadvise64") { advice = 0 argstr = "" } -probe syscall.fadvise64.return = kernel.function("sys_fadvise64").return { +probe syscall.fadvise64.return = kernel.function("SyS_fadvise64").return !, + kernel.function("sys_fadvise64").return { name = "fadvise64" retstr = returnstr(1) } @@ -716,7 +786,8 @@ probe syscall.fadvise64.return = kernel.function("sys_fadvise64").return { # fadvise64_64 _______________________________________________ # long sys_fadvise64_64(int fd, loff_t offset, loff_t len, int advice) # -probe syscall.fadvise64_64 = kernel.function("sys_fadvise64_64") { +probe syscall.fadvise64_64 = kernel.function("SyS_fadvise64_64") !, + kernel.function("sys_fadvise64_64") { name = "fadvise64_64" fs = 0 offset = 0 @@ -724,7 +795,8 @@ probe syscall.fadvise64_64 = kernel.function("sys_fadvise64_64") { advice = 0 argstr = "" } -probe syscall.fadvise64_64.return = kernel.function("sys_fadvise64_64").return { +probe syscall.fadvise64_64.return = kernel.function("SyS_fadvise64_64").return !, + kernel.function("sys_fadvise64_64").return { name = "fadvise64_64" retstr = returnstr(1) } @@ -732,25 +804,29 @@ probe syscall.fadvise64_64.return = kernel.function("sys_fadvise64_64").return # fchdir _____________________________________________________ # long sys_fchdir(unsigned int fd) -probe syscall.fchdir = kernel.function("sys_fchdir") { +probe syscall.fchdir = kernel.function("SyS_fchdir") !, + kernel.function("sys_fchdir") { name = "fchdir" fd = $fd argstr = sprint($fd) } -probe syscall.fchdir.return = kernel.function("sys_fchdir").return { +probe syscall.fchdir.return = kernel.function("SyS_fchdir").return !, + kernel.function("sys_fchdir").return { name = "fchdir" retstr = returnstr(1) } # fchmod _____________________________________________________ # long sys_fchmod(unsigned int fd, mode_t mode) -probe syscall.fchmod = kernel.function("sys_fchmod") { +probe syscall.fchmod = kernel.function("SyS_fchmod") !, + kernel.function("sys_fchmod") { name = "fchmod" fildes = $fd mode = $mode argstr = sprintf("%d, %#o", $fd, $mode) } -probe syscall.fchmod.return = kernel.function("sys_fchmod").return { +probe syscall.fchmod.return = kernel.function("SyS_fchmod").return !, + kernel.function("sys_fchmod").return { name = "fchmod" retstr = returnstr(1) } @@ -759,7 +835,8 @@ probe syscall.fchmod.return = kernel.function("sys_fchmod").return { # new function with 2.6.16 # long sys_fchmodat(int dfd, const char __user *filename, # mode_t mode) -probe syscall.fchmodat = kernel.function("sys_fchmodat") ? { +probe syscall.fchmodat = kernel.function("SyS_fchmodat") !, + kernel.function("sys_fchmodat") ? { name = "fchmodat" dfd = $dfd dfd_str = _dfd_str($dfd) @@ -768,21 +845,24 @@ probe syscall.fchmodat = kernel.function("sys_fchmodat") ? { mode = $mode argstr = sprintf("%s, %s, %#o", dfd_str, user_string_quoted($filename), $mode) } -probe syscall.fchmodat.return = kernel.function("sys_fchmodat").return ? { +probe syscall.fchmodat.return = kernel.function("SyS_fchmodat").return !, + kernel.function("sys_fchmodat").return ? { name = "fchmodat" retstr = returnstr(1) } # fchown _____________________________________________________ # long sys_fchown(unsigned int fd, uid_t user, gid_t group) -probe syscall.fchown = kernel.function("sys_fchown") { +probe syscall.fchown = kernel.function("SyS_fchown") !, + kernel.function("sys_fchown") { name = "fchown" fd = $fd owner = __int32($user) group = __int32($group) argstr = sprintf("%d, %d, %d", $fd, owner, group) } -probe syscall.fchown.return = kernel.function("sys_fchown").return { +probe syscall.fchown.return = kernel.function("SyS_fchown").return !, + kernel.function("sys_fchown").return { name = "fchown" retstr = returnstr(1) } @@ -805,7 +885,8 @@ probe syscall.fchown16.return = kernel.function("sys_fchown16").return ? { # new function with 2.6.16 # long sys_fchownat(int dfd, const char __user *filename, # uid_t user, gid_t group, int flag) -probe syscall.fchownat = kernel.function("sys_fchownat") ? { +probe syscall.fchownat = kernel.function("SyS_fchownat") !, + kernel.function("sys_fchownat") ? { name = "fchownat" dfd = $dfd dfd_str = _dfd_str($dfd) @@ -818,7 +899,8 @@ probe syscall.fchownat = kernel.function("sys_fchownat") ? { argstr = sprintf("%s, %s, %d, %d, %s", dfd_str, user_string_quoted($filename), user, group, flag_str) } -probe syscall.fchownat.return = kernel.function("sys_fchownat").return ? { +probe syscall.fchownat.return = kernel.function("SyS_fchownat").return !, + kernel.function("sys_fchownat").return ? { name = "fchownat" retstr = returnstr(1) } @@ -830,10 +912,11 @@ probe syscall.fchownat.return = kernel.function("sys_fchownat").return ? { # long compat_sys_fcntl(unsigned int fd, unsigned int cmd, unsigned long arg) # probe syscall.fcntl = - kernel.function("sys_fcntl") ?, - kernel.function("sys_fcntl64") ?, kernel.function("compat_sys_fcntl") ?, - kernel.function("compat_sys_fcntl64") ? + kernel.function("compat_sys_fcntl64") ?, + kernel.function("sys_fcntl64") ?, + kernel.function("SyS_fcntl") !, + kernel.function("sys_fcntl") ? { name = "fcntl" fd = $fd @@ -843,10 +926,11 @@ probe syscall.fcntl = argstr = sprintf("%d, %s, %p", $fd, _fcntl_cmd_str($cmd), $arg) } probe syscall.fcntl.return = - kernel.function("sys_fcntl").return ?, - kernel.function("sys_fcntl64").return ?, kernel.function("compat_sys_fcntl").return ?, - kernel.function("compat_sys_fcntl64").return ? + kernel.function("compat_sys_fcntl64").return ?, + kernel.function("sys_fcntl64").return ?, + kernel.function("SyS_fcntl").return !, + kernel.function("sys_fcntl").return ? { name = "fcntl" retstr = returnstr(1) @@ -854,12 +938,14 @@ probe syscall.fcntl.return = # fdatasync __________________________________________________ # long sys_fdatasync(unsigned int fd) -probe syscall.fdatasync = kernel.function("sys_fdatasync") { +probe syscall.fdatasync = kernel.function("SyS_fdatasync") !, + kernel.function("sys_fdatasync") { name = "fdatasync" fd = $fd argstr = sprint(fd) } -probe syscall.fdatasync.return = kernel.function("sys_fdatasync").return { +probe syscall.fdatasync.return = kernel.function("SyS_fdatasync").return !, + kernel.function("sys_fdatasync").return { name = "fdatasync" retstr = returnstr(1) } @@ -867,7 +953,8 @@ probe syscall.fdatasync.return = kernel.function("sys_fdatasync").return { # fgetxattr __________________________________________________ # ssize_t sys_fgetxattr(int fd, char __user *name, # void __user *value, size_t size) -probe syscall.fgetxattr = kernel.function("sys_fgetxattr") { +probe syscall.fgetxattr = kernel.function("SyS_fgetxattr") !, + kernel.function("sys_fgetxattr") { name = "fgetxattr" filedes = $fd #FIXME @@ -876,33 +963,38 @@ probe syscall.fgetxattr = kernel.function("sys_fgetxattr") { size = $size argstr = sprintf("%d, %s, %p, %d", filedes, user_string_quoted($name), value_uaddr, size) } -probe syscall.fgetxattr.return = kernel.function("sys_fgetxattr").return { +probe syscall.fgetxattr.return = kernel.function("SyS_fgetxattr").return !, + kernel.function("sys_fgetxattr").return { name = "fgetxattr" retstr = returnstr(1) } # flistxattr _________________________________________________ # ssize_t sys_flistxattr(int fd, char __user *list, size_t size) -probe syscall.flistxattr = kernel.function("sys_flistxattr") { +probe syscall.flistxattr = kernel.function("SyS_flistxattr") !, + kernel.function("sys_flistxattr") { name = "flistxattr" filedes = $fd list_uaddr = $list size = $size argstr = sprintf("%d, %p, %d", filedes, list_uaddr, size) } -probe syscall.flistxattr.return = kernel.function("sys_flistxattr").return { +probe syscall.flistxattr.return = kernel.function("SyS_flistxattr").return !, + kernel.function("sys_flistxattr").return { name = "flistxattr" retstr = returnstr(1) } # flock ______________________________________________________ # long sys_flock(unsigned int fd, unsigned int cmd) -probe syscall.flock = kernel.function("sys_flock") { +probe syscall.flock = kernel.function("SyS_flock") !, + kernel.function("sys_flock") { name = "flock" fd = $fd operation = $cmd argstr = sprintf("%d, %s", fd, _flock_cmd_str(operation)) } -probe syscall.flock.return = kernel.function("sys_flock").return { +probe syscall.flock.return = kernel.function("SyS_flock").return !, + kernel.function("sys_flock").return { name = "flock" retstr = returnstr(1) } @@ -971,13 +1063,15 @@ probe syscall.fork.return = kernel.function("do_fork").return { } # fremovexattr _______________________________________________ # long sys_fremovexattr(int fd, char __user *name) -probe syscall.fremovexattr = kernel.function("sys_fremovexattr") { +probe syscall.fremovexattr = kernel.function("SyS_fremovexattr") !, + kernel.function("sys_fremovexattr") { name = "fremovexattr" filedes = $fd name_uaddr = $name argstr = sprintf("FIXME PLEASE") } -probe syscall.fremovexattr.return = kernel.function("sys_fremovexattr").return { +probe syscall.fremovexattr.return = kernel.function("SyS_fremovexattr").return !, + kernel.function("sys_fremovexattr").return { name = "fremovexattr" retstr = returnstr(1) } @@ -991,7 +1085,8 @@ probe syscall.fremovexattr.return = kernel.function("sys_fremovexattr").return { * size_t size, * int flags) */ -probe syscall.fsetxattr = kernel.function("sys_fsetxattr") { +probe syscall.fsetxattr = kernel.function("SyS_fsetxattr") !, + kernel.function("sys_fsetxattr") { name = "fsetxattr" filedes = $fd # FIXME @@ -1001,7 +1096,8 @@ probe syscall.fsetxattr = kernel.function("sys_fsetxattr") { flags = $flags argstr = sprintf("%d, %s, %p, %d, %p", filedes, user_string_quoted($name), value_uaddr, size, flags) } -probe syscall.fsetxattr.return = kernel.function("sys_fsetxattr").return { +probe syscall.fsetxattr.return = kernel.function("SyS_fsetxattr").return !, + kernel.function("sys_fsetxattr").return { name = "fsetxattr" retstr = returnstr(1) } @@ -1017,8 +1113,10 @@ probe syscall.fsetxattr.return = kernel.function("sys_fsetxattr").return { # probe syscall.fstat = kernel.function("sys_fstat") ?, + kernel.function("SyS_fstat64") ?, kernel.function("sys_fstat64") ?, kernel.function("sys32_fstat64") ?, + kernel.function("SyS_newfstat") ?, kernel.function("sys_newfstat") ?, kernel.function("sys_oabi_fstat64") ?, kernel.function("compat_sys_newfstat") ? @@ -1030,8 +1128,10 @@ probe syscall.fstat = } probe syscall.fstat.return = kernel.function("sys_fstat").return ?, + kernel.function("SyS_fstat64").return ?, kernel.function("sys_fstat64").return ?, kernel.function("sys32_fstat64").return ?, + kernel.function("SyS_newfstat").return ?, kernel.function("sys_newfstat").return ?, kernel.function("sys_oabi_fstat64").return ?, kernel.function("compat_sys_newfstat").return ? @@ -1046,7 +1146,9 @@ probe syscall.fstat.return = # long sys_fstatat64(int dfd, char __user *filename, struct stat64 __user *statbuf, int flag) # long compat_sys_newfstatat(unsigned int dfd, char __user *filename, struct compat_stat __user *statbuf, int flag) probe syscall.fstatat = + kernel.function("SyS_fstatat64") ?, kernel.function("sys_fstatat64") ?, + kernel.function("SyS_newfstatat") ?, kernel.function("sys_newfstatat") ?, kernel.function("compat_sys_newfstatat") ?, kernel.function("sys32_fstatat64") ? @@ -1058,7 +1160,9 @@ probe syscall.fstatat = argstr = sprintf("%s, %s, %p, %s", _dfd_str($dfd), user_string_quoted($filename), $statbuf, _at_flag_str($flag)) } probe syscall.fstatat.return = + kernel.function("SyS_fstatat64").return ?, kernel.function("sys_fstatat64").return ?, + kernel.function("SyS_newfstatat").return ?, kernel.function("sys_newfstatat").return ?, kernel.function("compat_sys_newfstatat").return ?, kernel.function("sys32_fstatat64").return ? @@ -1072,8 +1176,9 @@ probe syscall.fstatat.return = # long compat_sys_fstatfs(unsigned int fd, struct compat_statfs __user *buf) # probe syscall.fstatfs = - kernel.function("sys_fstatfs"), - kernel.function("compat_sys_fstatfs") ? + kernel.function("compat_sys_fstatfs") ?, + kernel.function("SyS_fstatfs") !, + kernel.function("sys_fstatfs") { name = "fstatfs" fd = $fd @@ -1081,8 +1186,9 @@ probe syscall.fstatfs = argstr = sprintf("%d, %p", $fd, $buf) } probe syscall.fstatfs.return = - kernel.function("sys_fstatfs").return, - kernel.function("compat_sys_fstatfs").return ? + kernel.function("compat_sys_fstatfs").return ?, + kernel.function("SyS_fstatfs").return !, + kernel.function("sys_fstatfs").return { name = "fstatfs" retstr = returnstr(1) @@ -1093,8 +1199,9 @@ probe syscall.fstatfs.return = # long compat_sys_fstatfs64(unsigned int fd, compat_size_t sz, struct compat_statfs64 __user *buf) # probe syscall.fstatfs64 = - kernel.function("sys_fstatfs64") ?, - kernel.function("compat_sys_fstatfs64") ? + kernel.function("compat_sys_fstatfs64") ?, + kernel.function("SyS_fstatfs64") !, + kernel.function("sys_fstatfs64") ? { name = "fstatfs" fd = $fd @@ -1103,8 +1210,9 @@ probe syscall.fstatfs64 = argstr = sprintf("%d, %d, %p", $fd, $sz, $buf) } probe syscall.fstatfs64.return = - kernel.function("sys_fstatfs64").return ?, - kernel.function("compat_sys_fstatfs64").return ? + kernel.function("compat_sys_fstatfs64").return ?, + kernel.function("SyS_fstatfs64").return !, + kernel.function("sys_fstatfs64").return ? { name = "fstatfs" retstr = returnstr(1) @@ -1112,24 +1220,28 @@ probe syscall.fstatfs64.return = # fsync ______________________________________________________ # long sys_fsync(unsigned int fd) -probe syscall.fsync = kernel.function("sys_fsync") { +probe syscall.fsync = kernel.function("SyS_fsync") !, + kernel.function("sys_fsync") { name = "fsync" fd = $fd argstr = sprint(fd) } -probe syscall.fsync.return = kernel.function("sys_fsync").return { +probe syscall.fsync.return = kernel.function("SyS_fsync").return !, + kernel.function("sys_fsync").return { name = "fsync" retstr = returnstr(1) } # ftruncate __________________________________________________ # long sys_ftruncate(unsigned int fd, unsigned long length) -probe syscall.ftruncate = kernel.function("sys_ftruncate") { +probe syscall.ftruncate = kernel.function("SyS_ftruncate") !, + kernel.function("sys_ftruncate") { name = "ftruncate" fd = $fd length = $length argstr = sprintf("%d, %d", fd, length) } -probe syscall.ftruncate.return = kernel.function("sys_ftruncate").return { +probe syscall.ftruncate.return = kernel.function("SyS_ftruncate").return !, + kernel.function("sys_ftruncate").return { name = "ftruncate" retstr = returnstr(1) } @@ -1158,7 +1270,8 @@ probe syscall.ftruncate64.return = kernel.function("sys_ftruncate64").return ? { # struct compat_timespec __user *utime, u32 __user *uaddr2, # u32 val3) # -probe syscall.futex = kernel.function("sys_futex") ? { +probe syscall.futex = kernel.function("SyS_futex") !, + kernel.function("sys_futex") ? { name = "futex" futex_uaddr = $uaddr op = $op @@ -1173,7 +1286,8 @@ probe syscall.futex = kernel.function("sys_futex") ? { argstr = sprintf("%p, %s, %d", $uaddr, _futex_op_str($op), $val) } -probe syscall.futex.return = kernel.function("sys_futex").return ? { +probe syscall.futex.return = kernel.function("SyS_futex").return !, + kernel.function("sys_futex").return ? { name = "futex" retstr = returnstr(1) } @@ -1203,7 +1317,8 @@ probe syscall.compat_futex.return = kernel.function("compat_sys_futex").return ? # long compat_sys_futimesat(unsigned int dfd, char __user *filename, struct compat_timeval __user *t) # -probe syscall.futimesat = kernel.function("sys_futimesat") ? { +probe syscall.futimesat = kernel.function("SyS_futimesat") !, + kernel.function("sys_futimesat") ? { name = "futimesat" dirfd = $dfd filename_uaddr = $filename @@ -1221,7 +1336,8 @@ probe syscall.compat_futimesat = kernel.function("compat_sys_futimesat") ? { argstr = sprintf("%s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), _struct_compat_timeval_u($t, 2)) } -probe syscall.futimesat.return = kernel.function("sys_futimesat").return ? { +probe syscall.futimesat.return = kernel.function("SyS_futimesat").return !, + kernel.function("sys_futimesat").return ? { name = "futimesat" retstr = returnstr(1) } @@ -1232,13 +1348,15 @@ probe syscall.compat_futimesat.return = kernel.function("compat_sys_futimesat"). # getcwd _____________________________________________________ # long sys_getcwd(char __user *buf, unsigned long size) -probe syscall.getcwd = kernel.function("sys_getcwd") { +probe syscall.getcwd = kernel.function("SyS_getcwd") !, + kernel.function("sys_getcwd") { name = "getcwd" buf_uaddr = $buf size = $size argstr = sprintf("%p, %d", buf_uaddr, size) } -probe syscall.getcwd.return = kernel.function("sys_getcwd").return { +probe syscall.getcwd.return = kernel.function("SyS_getcwd").return !, + kernel.function("sys_getcwd").return { name = "getcwd" retstr = returnstr(1) } @@ -1250,7 +1368,9 @@ probe syscall.getcwd.return = kernel.function("sys_getcwd").return { # long compat_sys_getdents64(unsigned int fd, struct linux_dirent64 __user * dirent, unsigned int count) # probe syscall.getdents = + kernel.function("SyS_getdents") ?, kernel.function("sys_getdents") ?, + kernel.function("SyS_getdents64") ?, kernel.function("sys_getdents64") ?, kernel.function("compat_sys_getdents") ?, kernel.function("compat_sys_getdents64") ? @@ -1262,7 +1382,9 @@ probe syscall.getdents = argstr = sprintf("%d, %p, %d", $fd, $dirent, $count) } probe syscall.getdents.return = + kernel.function("SyS_getdents").return ?, kernel.function("sys_getdents").return ?, + kernel.function("SyS_getdents64").return ?, kernel.function("sys_getdents64").return ?, kernel.function("compat_sys_getdents").return ?, kernel.function("compat_sys_getdents64").return ? @@ -1341,9 +1463,10 @@ probe syscall.getgid.return = # long sys32_getgroups16(int gidsetsize, u16 __user *grouplist) # probe syscall.getgroups = - kernel.function("sys_getgroups") ?, kernel.function("sys_getgroups16") ?, - kernel.function("sys32_getgroups16") ? + kernel.function("sys32_getgroups16") ?, + kernel.function("SyS_getgroups") !, + kernel.function("sys_getgroups") ? { name = "getgroups" size = $gidsetsize @@ -1351,9 +1474,10 @@ probe syscall.getgroups = argstr = sprintf("%d, %p", $gidsetsize, $grouplist) } probe syscall.getgroups.return = - kernel.function("sys_getgroups").return ?, kernel.function("sys_getgroups16").return ?, - kernel.function("sys32_getgroups16").return ? + kernel.function("sys32_getgroups16").return ?, + kernel.function("SyS_getgroups").return !, + kernel.function("sys_getgroups").return ? { name = "getgroups" retstr = returnstr(1) @@ -1361,13 +1485,15 @@ probe syscall.getgroups.return = # gethostname ________________________________________________ # long sys_gethostname(char __user *name, int len) -probe syscall.gethostname = kernel.function("sys_gethostname") ? { +probe syscall.gethostname = kernel.function("SyS_gethostname") !, + kernel.function("sys_gethostname") ? { name = "gethostname" name_uaddr = $name len = $len argstr = sprintf ("%p, %d", name_uaddr, len) } -probe syscall.gethostname.return = kernel.function("sys_gethostname").return ? { +probe syscall.gethostname.return = kernel.function("SyS_gethostname").return !, + kernel.function("sys_gethostname").return ? { name = "gethostname" retstr = returnstr(1) } @@ -1375,13 +1501,15 @@ probe syscall.gethostname.return = kernel.function("sys_gethostname").return ? { # getitimer __________________________________________________ # sys_getitimer(int which, struct itimerval __user *value) # -probe syscall.getitimer = kernel.function("sys_getitimer") { +probe syscall.getitimer = kernel.function("SyS_getitimer") !, + kernel.function("sys_getitimer") { name = "getitimer" which = $which value_uaddr = $value argstr = sprintf("%s, %p", _itimer_which_str($which), $value) } -probe syscall.getitimer.return = kernel.function("sys_getitimer").return { +probe syscall.getitimer.return = kernel.function("SyS_getitimer").return !, + kernel.function("sys_getitimer").return { name = "getitimer" retstr = returnstr(1) } @@ -1409,8 +1537,9 @@ probe syscall.compat_getitimer.return = kernel.function("compat_sys_getitimer"). # compat_ulong_t addr, compat_ulong_t flags) # probe syscall.get_mempolicy = - kernel.function("sys_get_mempolicy") ?, - kernel.function("compat_sys_get_mempolicy") ? + kernel.function("compat_sys_get_mempolicy") ?, + kernel.function("SyS_get_mempolicy") !, + kernel.function("sys_get_mempolicy") ? { name = "get_mempolicy" policy_uaddr = $policy @@ -1422,8 +1551,9 @@ probe syscall.get_mempolicy = $nmask, $maxnode, $addr, $flags) } probe syscall.get_mempolicy.return = - kernel.function("sys_get_mempolicy").return ?, - kernel.function("compat_sys_get_mempolicy").return ? + kernel.function("compat_sys_get_mempolicy").return ?, + kernel.function("SyS_get_mempolicy").return !, + kernel.function("sys_get_mempolicy").return ? { name = "get_mempolicy" retstr = returnstr(1) @@ -1432,26 +1562,30 @@ probe syscall.get_mempolicy.return = # getpeername ________________________________________________ # long sys_getpeername(int fd, struct sockaddr __user *usockaddr, int __user *usockaddr_len) # -probe syscall.getpeername = kernel.function("sys_getpeername") ? { +probe syscall.getpeername = kernel.function("SyS_getpeername") !, + kernel.function("sys_getpeername") ? { name = "getpeername" s = $fd name_uaddr = $usockaddr namelen_uaddr = $usockaddr_len argstr = sprintf("%d, %p, %p", $fd, $usockaddr, $usockaddr_len) } -probe syscall.getpeername.return = kernel.function("sys_getpeername").return ? { +probe syscall.getpeername.return = kernel.function("SyS_getpeername").return !, + kernel.function("sys_getpeername").return ? { name = "getpeername" retstr = returnstr(1) } # getpgid ____________________________________________________ # long sys_getpgid(pid_t pid) -probe syscall.getpgid = kernel.function("sys_getpgid") { +probe syscall.getpgid = kernel.function("SyS_getpgid") !, + kernel.function("sys_getpgid") { name = "getpgid" pid = $pid argstr = sprintf("%d", $pid) } -probe syscall.getpgid.return = kernel.function("sys_getpgid").return { +probe syscall.getpgid.return = kernel.function("SyS_getpgid").return !, + kernel.function("sys_getpgid").return { name = "getpgid" retstr = returnstr(1) } @@ -1491,13 +1625,15 @@ probe syscall.getppid.return = kernel.function("sys_getppid").return { # getpriority ________________________________________________ # long sys_getpriority(int which, int who) -probe syscall.getpriority = kernel.function("sys_getpriority") { +probe syscall.getpriority = kernel.function("SyS_getpriority") !, + kernel.function("sys_getpriority") { name = "getpriority" which = $which who = $who argstr = sprintf("%s, %d", _priority_which_str(which), who) } -probe syscall.getpriority.return = kernel.function("sys_getpriority").return { +probe syscall.getpriority.return = kernel.function("SyS_getpriority").return !, + kernel.function("sys_getpriority").return { name = "getpriority" retstr = returnstr(1) } @@ -1511,7 +1647,8 @@ probe syscall.getpriority.return = kernel.function("sys_getpriority").return { # old_uid_t __user *sgid) probe syscall.getresgid = kernel.function("sys_getresgid16") ?, - kernel.function("sys_getresgid") + kernel.function("SyS_getresgid") !, + kernel.function("sys_getresgid") { name = "getresgid" rgid_uaddr = $rgid @@ -1521,6 +1658,7 @@ probe syscall.getresgid = } probe syscall.getresgid.return = kernel.function("sys_getresgid16").return ?, + kernel.function("SyS_getresgid").return !, kernel.function("sys_getresgid").return { name = "getresgid" @@ -1533,6 +1671,7 @@ probe syscall.getresgid.return = # uid_t __user *suid) probe syscall.getresuid = kernel.function("sys_getresuid16") ?, + kernel.function("SyS_getresuid") !, kernel.function("sys_getresuid") { name = "getresuid" @@ -1543,7 +1682,8 @@ probe syscall.getresuid = } probe syscall.getresuid.return = kernel.function("sys_getresuid16").return ?, - kernel.function("sys_getresuid").return + kernel.function("SyS_getresuid").return !, + kernel.function("sys_getresuid").return { name = "getresuid" retstr = returnstr(1) @@ -1553,7 +1693,9 @@ probe syscall.getresuid.return = # long sys_getrlimit(unsigned int resource, struct rlimit __user *rlim) # long sys_old_getrlimit(unsigned int resource, struct rlimit __user *rlim) # long compat_sys_getrlimit (unsigned int resource, struct compat_rlimit __user *rlim) -probe syscall.getrlimit = kernel.function("sys_getrlimit"), +probe syscall.getrlimit = kernel.function("SyS_getrlimit") ?, + kernel.function("sys_getrlimit") ?, + kernel.function("SyS_old_getrlimit") ?, kernel.function("sys_old_getrlimit") ?, kernel.function("compat_sys_getrlimit") ? { @@ -1562,7 +1704,9 @@ probe syscall.getrlimit = kernel.function("sys_getrlimit"), rlim_uaddr = $rlim argstr = sprintf("%s, %p", _rlimit_resource_str($resource), $rlim) } -probe syscall.getrlimit.return = kernel.function("sys_getrlimit").return, +probe syscall.getrlimit.return = kernel.function("SyS_getrlimit").return ?, + kernel.function("sys_getrlimit").return ?, + kernel.function("SyS_old_getrlimit").return ?, kernel.function("sys_old_getrlimit").return ?, kernel.function("compat_sys_getrlimit").return ? { @@ -1572,7 +1716,8 @@ probe syscall.getrlimit.return = kernel.function("sys_getrlimit").return, # getrusage __________________________________________________ # long sys_getrusage(int who, struct rusage __user *ru) -probe syscall.getrusage = kernel.function("sys_getrusage") { +probe syscall.getrusage = kernel.function("SyS_getrusage") !, + kernel.function("sys_getrusage") { name = "getrusage" who = $who if($who==-2) @@ -1587,19 +1732,22 @@ probe syscall.getrusage = kernel.function("sys_getrusage") { usage_uaddr = $ru argstr = sprintf("%s, %p", who_str, usage_uaddr) } -probe syscall.getrusage.return = kernel.function("sys_getrusage").return { +probe syscall.getrusage.return = kernel.function("SyS_getrusage").return !, + kernel.function("sys_getrusage").return { name = "getrusage" retstr = returnstr(1) } # getsid _____________________________________________________ # long sys_getsid(pid_t pid) -probe syscall.getsid = kernel.function("sys_getsid") { +probe syscall.getsid = kernel.function("SyS_getsid") !, + kernel.function("sys_getsid") { name = "getsid" pid = $pid argstr = sprint(pid) } -probe syscall.getsid.return = kernel.function("sys_getsid").return { +probe syscall.getsid.return = kernel.function("SyS_getsid").return !, + kernel.function("sys_getsid").return { name = "getsid" retstr = returnstr(1) } @@ -1608,14 +1756,16 @@ probe syscall.getsid.return = kernel.function("sys_getsid").return { # long sys_getsockname(int fd, # struct sockaddr __user *usockaddr, # int __user *usockaddr_len) -probe syscall.getsockname = kernel.function("sys_getsockname") ? { +probe syscall.getsockname = kernel.function("SyS_getsockname") !, + kernel.function("sys_getsockname") ? { name = "getsockname" s = $fd name_uaddr = $usockaddr namelen_uaddr = $usockaddr_len argstr = sprintf("%d, %p, %p", $fd, $usockaddr, $usockaddr_len) } -probe syscall.getsockname.return = kernel.function("sys_getsockname").return ? { +probe syscall.getsockname.return = kernel.function("SyS_getsockname").return !, + kernel.function("sys_getsockname").return ? { name = "getsockname" retstr = returnstr(1) } @@ -1628,8 +1778,9 @@ probe syscall.getsockname.return = kernel.function("sys_getsockname").return ? { # int __user *optlen) # probe syscall.getsockopt = - kernel.function("sys_getsockopt") ?, - kernel.function("compat_sys_getsockopt") ? + kernel.function("compat_sys_getsockopt") ?, + kernel.function("SyS_getsockopt") !, + kernel.function("sys_getsockopt") ? { name = "getsockopt" fd = $fd @@ -1643,8 +1794,9 @@ probe syscall.getsockopt = _sockopt_optname_str($optname), $optval, $optlen) } probe syscall.getsockopt.return = - kernel.function("sys_getsockopt").return ?, - kernel.function("compat_sys_getsockopt").return ? + kernel.function("compat_sys_getsockopt").return ?, + kernel.function("SyS_getsockopt").return !, + kernel.function("sys_getsockopt").return ? { name = "getsockopt" retstr = returnstr(1) @@ -1669,9 +1821,10 @@ probe syscall.gettid.return = kernel.function("sys_gettid").return { # long compat_sys_gettimeofday(struct compat_timeval __user *tv, # struct timezone __user *tz) probe syscall.gettimeofday = - kernel.function("sys_gettimeofday"), + kernel.function("compat_sys_gettimeofday") ?, kernel.function("sys32_gettimeofday") ?, - kernel.function("compat_sys_gettimeofday") ? + kernel.function("SyS_gettimeofday") !, + kernel.function("sys_gettimeofday") { name = "gettimeofday" tv_uaddr = $tv @@ -1680,9 +1833,10 @@ probe syscall.gettimeofday = } probe syscall.gettimeofday.return = - kernel.function("sys_gettimeofday").return, + kernel.function("compat_sys_gettimeofday").return ?, kernel.function("sys32_gettimeofday").return ?, - kernel.function("compat_sys_gettimeofday").return ? + kernel.function("SyS_gettimeofday").return !, + kernel.function("sys_gettimeofday").return { name = "gettimeofday" retstr = returnstr(1) @@ -1713,7 +1867,8 @@ probe syscall.getuid.return = # getxattr ___________________________________________________ # ssize_t sys_getxattr(char __user *path, char __user *name, # void __user *value, size_t size) -probe syscall.getxattr = kernel.function("sys_getxattr") { +probe syscall.getxattr = kernel.function("SyS_getxattr") !, + kernel.function("sys_getxattr") { name = "getxattr" %( kernel_v >= "2.6.27" %? path = user_string($pathname) @@ -1733,7 +1888,8 @@ probe syscall.getxattr = kernel.function("sys_getxattr") { user_string_quoted($name), value_uaddr, size) } -probe syscall.getxattr.return = kernel.function("sys_getxattr").return { +probe syscall.getxattr.return = kernel.function("SyS_getxattr").return !, + kernel.function("sys_getxattr").return { name = "getxattr" retstr = returnstr(1) } @@ -1743,14 +1899,16 @@ probe syscall.getxattr.return = kernel.function("sys_getxattr").return { # unsigned long len, # const char __user *uargs) # -probe syscall.init_module = kernel.function("sys_init_module") ? { +probe syscall.init_module = kernel.function("SyS_init_module") !, + kernel.function("sys_init_module") ? { name = "init_module" umod_uaddr = $umod len = $len uargs = user_string($uargs) argstr = sprintf("%p, %d, %s", $umod, $len, user_string_quoted($uargs)) } -probe syscall.init_module.return = kernel.function("sys_init_module").return ? { +probe syscall.init_module.return = kernel.function("SyS_init_module").return !, + kernel.function("sys_init_module").return ? { name = "init_module" retstr = returnstr(1) } @@ -1759,7 +1917,8 @@ probe syscall.init_module.return = kernel.function("sys_init_module").return ? { # # long sys_inotify_add_watch(int fd, const char __user *path, u32 mask) # -probe syscall.inotify_add_watch = kernel.function("sys_inotify_add_watch") ? { +probe syscall.inotify_add_watch = kernel.function("SyS_inotify_add_watch") !, + kernel.function("sys_inotify_add_watch") ? { name = "inotify_add_watch" fd = $fd mask = $mask @@ -1774,7 +1933,8 @@ probe syscall.inotify_add_watch = kernel.function("sys_inotify_add_watch") ? { %) } -probe syscall.inotify_add_watch.return = kernel.function("sys_inotify_add_watch").return ? { +probe syscall.inotify_add_watch.return = kernel.function("SyS_inotify_add_watch").return !, + kernel.function("sys_inotify_add_watch").return ? { name = "inotify_add_watch" retstr = returnstr(1) } @@ -1796,13 +1956,15 @@ probe syscall.inotify_init.return = kernel.function("sys_inotify_init").return ? # # long sys_inotify_rm_watch(int fd, u32 wd) # -probe syscall.inotify_rm_watch = kernel.function("sys_inotify_rm_watch") ? { +probe syscall.inotify_rm_watch = kernel.function("SyS_inotify_rm_watch") !, + kernel.function("sys_inotify_rm_watch") ? { name = "inotify_rm_watch" fd = $fd wd = $wd argstr = sprintf("%d, %d", $fd, $wd) } -probe syscall.inotify_rm_watch.return = kernel.function("sys_inotify_rm_watch").return ? { +probe syscall.inotify_rm_watch.return = kernel.function("SyS_inotify_rm_watch").return !, + kernel.function("sys_inotify_rm_watch").return ? { name = "inotify_rm_watch" retstr = returnstr(1) } @@ -1811,14 +1973,16 @@ probe syscall.inotify_rm_watch.return = kernel.function("sys_inotify_rm_watch"). # long sys_io_cancel(aio_context_t ctx_id, # struct iocb __user *iocb, # struct io_event __user *result) -probe syscall.io_cancel = kernel.function("sys_io_cancel") { +probe syscall.io_cancel = kernel.function("SyS_io_cancel") !, + kernel.function("sys_io_cancel") { name = "io_cancel" ctx_id = $ctx_id iocb_uaddr = $iocb result_uaddr = $result argstr = sprintf("%d, %p, %p", ctx_id, iocb_uaddr, result_uaddr) } -probe syscall.io_cancel.return = kernel.function("sys_io_cancel").return { +probe syscall.io_cancel.return = kernel.function("SyS_io_cancel").return !, + kernel.function("sys_io_cancel").return { name = "io_cancel" retstr = returnstr(1) } @@ -1828,8 +1992,9 @@ probe syscall.io_cancel.return = kernel.function("sys_io_cancel").return { # long compat_sys_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg) # probe syscall.ioctl = - kernel.function("sys_ioctl") ?, - kernel.function("compat_sys_ioctl") ? + kernel.function("compat_sys_ioctl") ?, + kernel.function("SyS_ioctl") !, + kernel.function("sys_ioctl") ? { name = "ioctl" fd = $fd @@ -1838,8 +2003,9 @@ probe syscall.ioctl = argstr = sprintf("%d, %d, %p", $fd, $cmd, $arg) } probe syscall.ioctl.return = - kernel.function("sys_ioctl").return ?, - kernel.function("compat_sys_ioctl").return ? + kernel.function("compat_sys_ioctl").return ?, + kernel.function("SyS_ioctl").return !, + kernel.function("sys_ioctl").return ? { name = "ioctl" retstr = returnstr(1) @@ -1847,12 +2013,14 @@ probe syscall.ioctl.return = # io_destroy _________________________________________________ # long sys_io_destroy(aio_context_t ctx) -probe syscall.io_destroy = kernel.function("sys_io_destroy") { +probe syscall.io_destroy = kernel.function("SyS_io_destroy") !, + kernel.function("sys_io_destroy") { name = "io_destroy" ctx = $ctx argstr = sprintf("%d", ctx) } -probe syscall.io_destroy.return = kernel.function("sys_io_destroy").return { +probe syscall.io_destroy.return = kernel.function("SyS_io_destroy").return !, + kernel.function("sys_io_destroy").return { name = "io_destroy" retstr = returnstr(1) } @@ -1870,8 +2038,9 @@ probe syscall.io_destroy.return = kernel.function("sys_io_destroy").return { # struct compat_timespec __user *timeout) # probe syscall.io_getevents = - kernel.function("sys_io_getevents") ?, - kernel.function("compat_sys_io_getevents") ? + kernel.function("compat_sys_io_getevents") ?, + kernel.function("SyS_io_getevents") !, + kernel.function("sys_io_getevents") ? { name = "io_getevents" ctx_id = $ctx_id @@ -1884,8 +2053,9 @@ probe syscall.io_getevents = $nr, $events, $timeout, timestr) } probe syscall.io_getevents.return = - kernel.function("sys_io_getevents").return ?, - kernel.function("compat_sys_io_getevents").return ? + kernel.function("compat_sys_io_getevents").return ?, + kernel.function("SyS_io_getevents").return !, + kernel.function("sys_io_getevents").return ? { name = "io_getevents" retstr = returnstr(1) @@ -1909,14 +2079,16 @@ probe syscall.ioperm.return = kernel.function("sys_ioperm").return ? { # io_setup ___________________________________________________ # long sys_io_setup(unsigned nr_events, aio_context_t __user *ctxp) # -probe syscall.io_setup = kernel.function("sys_io_setup") { +probe syscall.io_setup = kernel.function("SyS_io_setup") !, + kernel.function("sys_io_setup") { name = "io_setup" maxevents = $nr_events ctxp_uaddr = $ctxp argstr = sprintf("%d, %p", $nr_events, $ctxp) } -probe syscall.io_setup.return = kernel.function("sys_io_setup").return { +probe syscall.io_setup.return = kernel.function("SyS_io_setup").return !, + kernel.function("sys_io_setup").return { name = "io_setup" retstr = returnstr(1) } @@ -1937,14 +2109,16 @@ probe syscall.compat_io_setup.return = kernel.function("compat_sys_io_setup").re # io_submit __________________________________________________ # long sys_io_submit(aio_context_t ctx_id, long nr, struct iocb __user * __user *iocbpp) # -probe syscall.io_submit = kernel.function("sys_io_submit") { +probe syscall.io_submit = kernel.function("SyS_io_submit") !, + kernel.function("sys_io_submit") { name = "io_submit" ctx_id = $ctx_id nr = $nr iocbpp_uaddr = $iocbpp argstr = sprintf("%d, %d, %p", $ctx_id, $nr, $iocbpp) } -probe syscall.io_submit.return = kernel.function("sys_io_submit").return { +probe syscall.io_submit.return = kernel.function("SyS_io_submit").return !, + kernel.function("sys_io_submit").return { name = "io_submit" retstr = returnstr(1) } @@ -1965,13 +2139,15 @@ probe syscall.compat_io_submit.return = kernel.function("compat_sys_io_submit"). # ioprio_get _________________________________________________ # long sys_ioprio_get(int which, int who) # -probe syscall.ioprio_get = kernel.function("sys_ioprio_get") ? { +probe syscall.ioprio_get = kernel.function("SyS_ioprio_get") !, + kernel.function("sys_ioprio_get") ? { name = "ioprio_get" which = $which who = $who argstr = sprintf("%d, %d", $which, $who) } -probe syscall.ioprio_get.return = kernel.function("sys_ioprio_get").return ? { +probe syscall.ioprio_get.return = kernel.function("SyS_ioprio_get").return !, + kernel.function("sys_ioprio_get").return ? { name = "ioprio_get" retstr = returnstr(1) } @@ -1979,14 +2155,16 @@ probe syscall.ioprio_get.return = kernel.function("sys_ioprio_get").return ? { # ioprio_set _________________________________________________ # long sys_ioprio_set(int which, int who, int ioprio) # -probe syscall.ioprio_set = kernel.function("sys_ioprio_set") ? { +probe syscall.ioprio_set = kernel.function("SyS_ioprio_set") !, + kernel.function("sys_ioprio_set") ? { name = "ioprio_set" which = $which who = $who ioprio = $ioprio argstr = sprintf("%d, %d, %d", $which, $who, $ioprio) } -probe syscall.ioprio_set.return = kernel.function("sys_ioprio_set").return ? { +probe syscall.ioprio_set.return = kernel.function("SyS_ioprio_set").return !, + kernel.function("sys_ioprio_set").return ? { name = "ioprio_set" retstr = returnstr(1) } @@ -2002,8 +2180,9 @@ probe syscall.ioprio_set.return = kernel.function("sys_ioprio_set").return ? { # unsigned long flags) # probe syscall.kexec_load = - kernel.function("sys_kexec_load") ?, - kernel.function("compat_sys_kexec_load") ? + kernel.function("compat_sys_kexec_load") ?, + kernel.function("SyS_kexec_load") !, + kernel.function("sys_kexec_load") ? { name = "kexec_load" entry = $entry @@ -2013,8 +2192,9 @@ probe syscall.kexec_load = argstr = sprintf("%p, %d, %p, %d", $entry, $nr_segments, $segments, $flags) } probe syscall.kexec_load.return = - kernel.function("sys_kexec_load").return ?, - kernel.function("compat_sys_kexec_load").return ? + kernel.function("compat_sys_kexec_load").return ?, + kernel.function("SyS_kexec_load").return !, + kernel.function("sys_kexec_load").return ? { name = "kexec_load" retstr = returnstr(1) @@ -2029,16 +2209,18 @@ probe syscall.kexec_load.return = # long compat_sys_keyctl(u32 option, u32 arg2, u32 arg3, u32 arg4, u32 arg5) # probe syscall.keyctl = - kernel.function("sys_keyctl") ?, - kernel.function("compat_sys_keyctl") ? + kernel.function("compat_sys_keyctl") ?, + kernel.function("SyS_keyctl") !, + kernel.function("sys_keyctl") ? { name = "keyctl" argstr = sprintf("%d, ...", $option) } probe syscall.keyctl.return = - kernel.function("sys_keyctl").return ?, - kernel.function("compat_sys_keyctl").return ? + kernel.function("compat_sys_keyctl").return ?, + kernel.function("SyS_keyctl").return !, + kernel.function("sys_keyctl").return ? { name = "keyctl" retstr = returnstr(1) @@ -2046,13 +2228,15 @@ probe syscall.keyctl.return = # kill _______________________________________________________ # long sys_kill(int pid, int sig) -probe syscall.kill = kernel.function("sys_kill") { +probe syscall.kill = kernel.function("SyS_kill") !, + kernel.function("sys_kill") { name = "kill" pid = $pid sig = $sig argstr = sprintf("%d, %s", $pid, _signal_name($sig)) } -probe syscall.kill.return = kernel.function("sys_kill").return { +probe syscall.kill.return = kernel.function("SyS_kill").return !, + kernel.function("sys_kill").return { name = "kill" retstr = returnstr(1) } @@ -2060,14 +2244,16 @@ probe syscall.kill.return = kernel.function("sys_kill").return { # lchown _____________________________________________________ # long sys_lchown(const char __user * filename, uid_t user, gid_t group) # -probe syscall.lchown = kernel.function("sys_lchown") { +probe syscall.lchown = kernel.function("SyS_lchown") !, + kernel.function("sys_lchown") { name = "lchown" path = user_string($filename) owner = __int32($user) group = __int32($group) argstr = sprintf("%s, %d, %d",user_string_quoted($filename), owner, group) } -probe syscall.lchown.return = kernel.function("sys_lchown").return { +probe syscall.lchown.return = kernel.function("SyS_lchown").return !, + kernel.function("sys_lchown").return { name = "lchown" retstr = returnstr(1) } @@ -2094,7 +2280,8 @@ probe syscall.lchown16.return = kernel.function("sys_lchown16").return ? { # void __user *value, # size_t size) # -probe syscall.lgetxattr = kernel.function("sys_lgetxattr") { +probe syscall.lgetxattr = kernel.function("SyS_lgetxattr") !, + kernel.function("sys_lgetxattr") { name = "lgetxattr" %( kernel_v >= "2.6.27" %? path = user_string($pathname) @@ -2114,7 +2301,8 @@ probe syscall.lgetxattr = kernel.function("sys_lgetxattr") { user_string_quoted($name), value_uaddr, size) } -probe syscall.lgetxattr.return = kernel.function("sys_lgetxattr").return { +probe syscall.lgetxattr.return = kernel.function("SyS_lgetxattr").return !, + kernel.function("sys_lgetxattr").return { name = "lgetxattr" retstr = returnstr(1) } @@ -2122,7 +2310,8 @@ probe syscall.lgetxattr.return = kernel.function("sys_lgetxattr").return { # link _______________________________________________________ # long sys_link(const char __user * oldname, # const char __user * newname) -probe syscall.link = kernel.function("sys_link") { +probe syscall.link = kernel.function("SyS_link") !, + kernel.function("sys_link") { name = "link" oldpath = user_string($oldname) newpath = user_string($newname) @@ -2130,7 +2319,8 @@ probe syscall.link = kernel.function("sys_link") { user_string_quoted($oldname), user_string_quoted($newname)) } -probe syscall.link.return = kernel.function("sys_link").return { +probe syscall.link.return = kernel.function("SyS_link").return !, + kernel.function("sys_link").return { name = "link" retstr = returnstr(1) } @@ -2139,7 +2329,8 @@ probe syscall.link.return = kernel.function("sys_link").return { # new function with 2.6.16 # long sys_linkat(int olddfd, const char __user *oldname, # int newdfd, const char __user *newname, int flags) -probe syscall.linkat = kernel.function("sys_linkat") ? { +probe syscall.linkat = kernel.function("SyS_linkat") !, + kernel.function("sys_linkat") ? { name = "linkat" olddfd = $olddfd olddfd_str = _dfd_str($olddfd) @@ -2156,20 +2347,23 @@ probe syscall.linkat = kernel.function("sys_linkat") ? { newdfd_str, user_string_quoted($newname), flags_str) } -probe syscall.linkat.return = kernel.function("sys_linkat").return ? { +probe syscall.linkat.return = kernel.function("SyS_linkat").return !, + kernel.function("sys_linkat").return ? { name = "linkat" retstr = returnstr(1) } # listen _____________________________________________________ # long sys_listen(int fd, int backlog) -probe syscall.listen = kernel.function("sys_listen") ? { +probe syscall.listen = kernel.function("SyS_listen") !, + kernel.function("sys_listen") ? { name = "listen" sockfd = $fd backlog = $backlog argstr = sprintf("%d, %d", $fd, $backlog) } -probe syscall.listen.return = kernel.function("sys_listen").return ? { +probe syscall.listen.return = kernel.function("SyS_listen").return !, + kernel.function("sys_listen").return ? { name = "listen" retstr = returnstr(1) } @@ -2177,7 +2371,8 @@ probe syscall.listen.return = kernel.function("sys_listen").return ? { # listxattr __________________________________________________ # ssize_t sys_listxattr(char __user *path, char __user *list, size_t size) # -probe syscall.listxattr = kernel.function("sys_listxattr") { +probe syscall.listxattr = kernel.function("SyS_listxattr") !, + kernel.function("sys_listxattr") { name = "listxattr" list_uaddr = $list size = $size @@ -2191,7 +2386,8 @@ probe syscall.listxattr = kernel.function("sys_listxattr") { argstr = sprintf("%s, %p, %d", user_string_quoted($path), $list, $size) %) } -probe syscall.listxattr.return = kernel.function("sys_listxattr").return { +probe syscall.listxattr.return = kernel.function("SyS_listxattr").return !, + kernel.function("sys_listxattr").return { name = "listxattr" retstr = returnstr(1) } @@ -2199,7 +2395,8 @@ probe syscall.listxattr.return = kernel.function("sys_listxattr").return { # llistxattr _________________________________________________ # ssize_t sys_llistxattr(char __user *path, char __user *list, size_t size) # -probe syscall.llistxattr = kernel.function("sys_llistxattr") { +probe syscall.llistxattr = kernel.function("SyS_llistxattr") !, + kernel.function("sys_llistxattr") { name = "llistxattr" list_uaddr = $list size = $size @@ -2213,7 +2410,8 @@ probe syscall.llistxattr = kernel.function("sys_llistxattr") { argstr = sprintf("%s, %p, %d", user_string_quoted($path), $list, $size) %) } -probe syscall.llistxattr.return = kernel.function("sys_llistxattr").return { +probe syscall.llistxattr.return = kernel.function("SyS_llistxattr").return !, + kernel.function("sys_llistxattr").return { name = "llistxattr" retstr = returnstr(1) } @@ -2224,7 +2422,8 @@ probe syscall.llistxattr.return = kernel.function("sys_llistxattr").return { # unsigned long offset_low, # loff_t __user * result, # unsigned int origin) -probe syscall.llseek = kernel.function("sys_llseek") ? { +probe syscall.llseek = kernel.function("SyS_llseek") !, + kernel.function("sys_llseek") ? { name = "llseek" fd = $fd offset_high = $offset_high @@ -2235,7 +2434,8 @@ probe syscall.llseek = kernel.function("sys_llseek") ? { argstr = sprintf("%d, 0x%x, 0x%x, %p, %s", $fd, $offset_high, $offset_low, $result, whence_str) } -probe syscall.llseek.return = kernel.function("sys_llseek").return ? { +probe syscall.llseek.return = kernel.function("SyS_llseek").return !, + kernel.function("sys_llseek").return ? { name = "llseek" retstr = returnstr(1) } @@ -2243,14 +2443,16 @@ probe syscall.llseek.return = kernel.function("sys_llseek").return ? { # lookup_dcookie _____________________________________________ # long sys_lookup_dcookie(u64 cookie64, char __user * buf, size_t len) # -probe syscall.lookup_dcookie = kernel.function("sys_lookup_dcookie") ? { +probe syscall.lookup_dcookie = kernel.function("SyS_lookup_dcookie") !, + kernel.function("sys_lookup_dcookie") ? { name = "lookup_dcookie" cookie = $cookie64 buffer_uaddr = $buf len = $len argstr = sprintf("%d, %p, %d", $cookie64, $buf, $len) } -probe syscall.lookup_dcookie.return = kernel.function("sys_lookup_dcookie").return ? { +probe syscall.lookup_dcookie.return = kernel.function("SyS_lookup_dcookie").return !, + kernel.function("sys_lookup_dcookie").return ? { name = "lookup_dcookie" retstr = returnstr(1) } @@ -2258,7 +2460,8 @@ probe syscall.lookup_dcookie.return = kernel.function("sys_lookup_dcookie").retu # lremovexattr _______________________________________________ # long sys_lremovexattr(char __user *path, char __user *name) # -probe syscall.lremovexattr = kernel.function("sys_lremovexattr") { +probe syscall.lremovexattr = kernel.function("SyS_lremovexattr") !, + kernel.function("sys_lremovexattr") { name = "lremovexattr" name_uaddr = $name name2 = user_string($name) @@ -2272,14 +2475,16 @@ probe syscall.lremovexattr = kernel.function("sys_lremovexattr") { argstr = sprintf("%s, %s", user_string_quoted($path), user_string_quoted($name)) %) } -probe syscall.lremovexattr.return = kernel.function("sys_lremovexattr").return { +probe syscall.lremovexattr.return = kernel.function("SyS_lremovexattr").return !, + kernel.function("sys_lremovexattr").return { name = "lremovexattr" retstr = returnstr(1) } # lseek ______________________________________________________ # off_t sys_lseek(unsigned int fd, off_t offset, unsigned int origin) -probe syscall.lseek = kernel.function("sys_lseek") { +probe syscall.lseek = kernel.function("SyS_lseek") !, + kernel.function("sys_lseek") { name = "lseek" fildes = $fd # offset = __int32($offset) @@ -2288,7 +2493,8 @@ probe syscall.lseek = kernel.function("sys_lseek") { whence_str = _seek_whence_str($origin) argstr = sprintf("%d, %d, %s", $fd, offset, whence_str) } -probe syscall.lseek.return = kernel.function("sys_lseek").return { +probe syscall.lseek.return = kernel.function("SyS_lseek").return !, + kernel.function("sys_lseek").return { name = "lseek" retstr = returnstr(1) } @@ -2300,7 +2506,8 @@ probe syscall.lseek.return = kernel.function("sys_lseek").return { # size_t size, # int flags) # -probe syscall.lsetxattr = kernel.function("sys_lsetxattr") { +probe syscall.lsetxattr = kernel.function("SyS_lsetxattr") !, + kernel.function("sys_lsetxattr") { name = "lsetxattr" %( kernel_v >= "2.6.27" %? path_uaddr = $pathname @@ -2323,7 +2530,8 @@ probe syscall.lsetxattr = kernel.function("sys_lsetxattr") { user_string_quoted($name), value_uaddr, $size, $flags) } -probe syscall.lsetxattr.return = kernel.function("sys_lsetxattr").return { +probe syscall.lsetxattr.return = kernel.function("SyS_lsetxattr").return !, + kernel.function("sys_lsetxattr").return { name = "lsetxattr" retstr = returnstr(1) } @@ -2339,9 +2547,11 @@ probe syscall.lsetxattr.return = kernel.function("sys_lsetxattr").return { # probe syscall.lstat = kernel.function("sys_lstat") ?, + kernel.function("SyS_newlstat") ?, kernel.function("sys_newlstat") ?, kernel.function("compat_sys_newlstat") ?, kernel.function("sys32_lstat64") ?, + kernel.function("SyS_lstat64") ?, kernel.function("sys_lstat64") ?, kernel.function("sys_oabi_lstat64") ? { @@ -2352,9 +2562,11 @@ probe syscall.lstat = } probe syscall.lstat.return = kernel.function("sys_lstat").return ?, + kernel.function("SyS_newlstat").return ?, kernel.function("sys_newlstat").return ?, kernel.function("compat_sys_newlstat").return ?, kernel.function("sys32_lstat64").return ?, + kernel.function("SyS_lstat64").return ?, kernel.function("sys_lstat64").return ?, kernel.function("sys_oabi_lstat64").return ? { @@ -2365,7 +2577,8 @@ probe syscall.lstat.return = # madvise ____________________________________________________ # long sys_madvise(unsigned long start, size_t len_in, int behavior) # -probe syscall.madvise = kernel.function("sys_madvise") ? { +probe syscall.madvise = kernel.function("SyS_madvise") !, + kernel.function("sys_madvise") ? { name = "madvise" start = $start length = $len_in @@ -2373,7 +2586,8 @@ probe syscall.madvise = kernel.function("sys_madvise") ? { advice_str = _madvice_advice_str($behavior) argstr = sprintf("%p, %d, %s", $start, $len_in, _madvice_advice_str($behavior)) } -probe syscall.madvise.return = kernel.function("sys_madvise").return ? { +probe syscall.madvise.return = kernel.function("SyS_madvise").return !, + kernel.function("sys_madvise").return ? { name = "madvise" retstr = returnstr(1) } @@ -2394,8 +2608,9 @@ probe syscall.madvise.return = kernel.function("sys_madvise").return ? { # compat_ulong_t flags) # probe syscall.mbind = - kernel.function("sys_mbind") ?, - kernel.function("compat_sys_mbind") ? + kernel.function("compat_sys_mbind") ?, + kernel.function("SyS_mbind") !, + kernel.function("sys_mbind") ? { name = "mbind" start = $start @@ -2408,8 +2623,9 @@ probe syscall.mbind = $nmask, $maxnode, $flags) } probe syscall.mbind.return = - kernel.function("sys_mbind").return ?, - kernel.function("compat_sys_mbind").return ? + kernel.function("compat_sys_mbind").return ?, + kernel.function("SyS_mbind").return !, + kernel.function("sys_mbind").return ? { name = "mbind" retstr = returnstr(1) @@ -2419,11 +2635,13 @@ probe syscall.mbind.return = # long sys_migrate_pages(pid_t pid, unsigned long maxnode, # const unsigned long __user *old_nodes, # const unsigned long __user *new_nodes) -probe syscall.migrate_pages = kernel.function("sys_migrate_pages") ? { +probe syscall.migrate_pages = kernel.function("SyS_migrate_pages") !, + kernel.function("sys_migrate_pages") ? { name = "migrate_pages" argstr = sprintf("%d, %d, %p, %p", $pid, $maxnode, $old_nodes, $new_nodes) } -probe syscall.migrate_pages.return = kernel.function("sys_migrate_pages").return ? { +probe syscall.migrate_pages.return = kernel.function("SyS_migrate_pages").return !, + kernel.function("sys_migrate_pages").return ? { name = "migrate_pages" retstr = returnstr(1) } @@ -2431,28 +2649,32 @@ probe syscall.migrate_pages.return = kernel.function("sys_migrate_pages").return # mincore ____________________________________________________ # long sys_mincore(unsigned long start, size_t len, unsigned char __user * vec) # -probe syscall.mincore = kernel.function("sys_mincore") ? { +probe syscall.mincore = kernel.function("SyS_mincore") !, + kernel.function("sys_mincore") ? { name = "mincore" start = $start length = $len vec_uaddr = $vec argstr = sprintf("%p, %d, %p", $start, $len, $vec) } -probe syscall.mincore.return = kernel.function("sys_mincore").return ? { +probe syscall.mincore.return = kernel.function("SyS_mincore").return !, + kernel.function("sys_mincore").return ? { name = "mincore" retstr = returnstr(1) } # mkdir ______________________________________________________ # long sys_mkdir(const char __user * pathname, int mode) -probe syscall.mkdir = kernel.function("sys_mkdir") { +probe syscall.mkdir = kernel.function("SyS_mkdir") !, + kernel.function("sys_mkdir") { name = "mkdir" pathname_uaddr = $pathname pathname = user_string($pathname) mode = $mode argstr = sprintf("%s, %#o", user_string_quoted($pathname), $mode) } -probe syscall.mkdir.return = kernel.function("sys_mkdir").return { +probe syscall.mkdir.return = kernel.function("SyS_mkdir").return !, + kernel.function("sys_mkdir").return { name = "mkdir" retstr = returnstr(1) } @@ -2460,21 +2682,24 @@ probe syscall.mkdir.return = kernel.function("sys_mkdir").return { # mkdirat ____________________________________________________ # new function with 2.6.16 # long sys_mkdirat(int dfd, const char __user *pathname, int mode) -probe syscall.mkdirat = kernel.function("sys_mkdirat") ? { +probe syscall.mkdirat = kernel.function("SyS_mkdirat") !, + kernel.function("sys_mkdirat") ? { name = "mkdirat" dirfd = $dfd pathname = user_string($pathname) mode = $mode argstr = sprintf("%s, %s, %#o", _dfd_str($dfd), user_string_quoted($pathname), $mode) } -probe syscall.mkdirat.return = kernel.function("sys_mkdirat").return ? { +probe syscall.mkdirat.return = kernel.function("SyS_mkdirat").return !, + kernel.function("sys_mkdirat").return ? { name = "mkdirat" retstr = returnstr(1) } # mknod # long sys_mknod(const char __user * filename, int mode, unsigned dev) -probe syscall.mknod = kernel.function("sys_mknod") { +probe syscall.mknod = kernel.function("SyS_mknod") !, + kernel.function("sys_mknod") { name = "mknod" pathname = user_string($filename) mode = $mode @@ -2482,7 +2707,8 @@ probe syscall.mknod = kernel.function("sys_mknod") { argstr = sprintf("%s, %s, %p", user_string_quoted($filename), _mknod_mode_str($mode), dev) } -probe syscall.mknod.return = kernel.function("sys_mknod").return { +probe syscall.mknod.return = kernel.function("SyS_mknod").return !, + kernel.function("sys_mknod").return { name = "mknod" retstr = returnstr(1) } @@ -2491,7 +2717,8 @@ probe syscall.mknod.return = kernel.function("sys_mknod").return { # new function with 2.6.16 # long sys_mknodat(int dfd, const char __user *filename, # int mode, unsigned dev) -probe syscall.mknodat = kernel.function("sys_mknodat") ? { +probe syscall.mknodat = kernel.function("SyS_mknodat") !, + kernel.function("sys_mknodat") ? { name = "mknodat" dfd = $dfd dfd_str = _dfd_str($dfd) @@ -2503,7 +2730,8 @@ probe syscall.mknodat = kernel.function("sys_mknodat") ? { argstr = sprintf("%s, %s, %s, %p", dfd_str, user_string_quoted($filename), mode_str, $dev) } -probe syscall.mknodat.return = kernel.function("sys_mknodat").return ? { +probe syscall.mknodat.return = kernel.function("SyS_mknodat").return !, + kernel.function("sys_mknodat").return ? { name = "mknodat" retstr = returnstr(1) } @@ -2512,13 +2740,15 @@ probe syscall.mknodat.return = kernel.function("sys_mknodat").return ? { # # long sys_mlock(unsigned long start, size_t len) # -probe syscall.mlock = kernel.function("sys_mlock") ? { +probe syscall.mlock = kernel.function("SyS_mlock") !, + kernel.function("sys_mlock") ? { name = "mlock" addr = $start len = $len argstr = sprintf("%p, %d", $start, $len) } -probe syscall.mlock.return = kernel.function("sys_mlock").return ? { +probe syscall.mlock.return = kernel.function("SyS_mlock").return !, + kernel.function("sys_mlock").return ? { name = "mlock" retstr = returnstr(1) } @@ -2526,12 +2756,14 @@ probe syscall.mlock.return = kernel.function("sys_mlock").return ? { # # long sys_mlockall(int flags) # -probe syscall.mlockall = kernel.function("sys_mlockall") ? { +probe syscall.mlockall = kernel.function("SyS_mlockall") !, + kernel.function("sys_mlockall") ? { name = "mlockall" flags = $flags argstr = _mlockall_flags_str($flags) } -probe syscall.mlockall.return = kernel.function("sys_mlockall").return ? { +probe syscall.mlockall.return = kernel.function("SyS_mlockall").return !, + kernel.function("sys_mlockall").return ? { name = "mlockall" retstr = returnstr(1) } @@ -2565,15 +2797,17 @@ probe syscall.modify_ldt.return = kernel.function("sys_modify_ldt").return ? { # int flags) # probe syscall.move_pages = - kernel.function("sys_move_pages") ?, - kernel.function("compat_sys_move_pages") ? + kernel.function("compat_sys_move_pages") ?, + kernel.function("SyS_move_pages") !, + kernel.function("sys_move_pages") ? { name = "move_pages" argstr = sprintf("%d, %d, %p, %p, 0x%x", $pid, $nr_pages, $nodes, $status, $flags) } probe syscall.move_pages.return = - kernel.function("sys_move_pages").return ?, - kernel.function("compat_sys_move_pages").return ? + kernel.function("compat_sys_move_pages").return ?, + kernel.function("SyS_move_pages").return !, + kernel.function("sys_move_pages").return ? { name = "move_pages" retstr = returnstr(1) @@ -2591,8 +2825,9 @@ probe syscall.move_pages.return = # unsigned long flags, # void __user * data) probe syscall.mount = - kernel.function("sys_mount"), - kernel.function("compat_sys_mount") ? + kernel.function("compat_sys_mount") ?, + kernel.function("SyS_mount") !, + kernel.function("sys_mount") { name = "mount" source = user_string($dev_name) @@ -2608,8 +2843,9 @@ probe syscall.mount = mountflags_str, data) } probe syscall.mount.return = - kernel.function("sys_mount").return, - kernel.function("compat_sys_mount").return ? + kernel.function("compat_sys_mount").return ?, + kernel.function("SyS_mount").return !, + kernel.function("sys_mount").return { name = "mount" retstr = returnstr(1) @@ -2618,7 +2854,8 @@ probe syscall.mount.return = # mprotect ___________________________________________________ # long sys_mprotect(unsigned long start, size_t len, unsigned long prot) # -probe syscall.mprotect = kernel.function("sys_mprotect") ? { +probe syscall.mprotect = kernel.function("SyS_mprotect") !, + kernel.function("sys_mprotect") ? { name = "mprotect" addr = $start len = $len @@ -2626,7 +2863,8 @@ probe syscall.mprotect = kernel.function("sys_mprotect") ? { prot_str = _mprotect_prot_str($prot) argstr = sprintf("%p, %d, %s", $start, $len, _mprotect_prot_str($prot)) } -probe syscall.mprotect.return = kernel.function("sys_mprotect").return ? { +probe syscall.mprotect.return = kernel.function("SyS_mprotect").return !, + kernel.function("sys_mprotect").return ? { name = "mprotect" retstr = returnstr(1) } @@ -2640,8 +2878,9 @@ probe syscall.mprotect.return = kernel.function("sys_mprotect").return ? { # struct compat_mq_attr __user *u_omqstat) # probe syscall.mq_getsetattr = - kernel.function("sys_mq_getsetattr") ?, - kernel.function("compat_sys_mq_getsetattr") ? + kernel.function("compat_sys_mq_getsetattr") ?, + kernel.function("SyS_mq_getsetattr") !, + kernel.function("sys_mq_getsetattr") ? { name = "mq_getsetattr" mqdes = $mqdes @@ -2650,8 +2889,9 @@ probe syscall.mq_getsetattr = argstr = sprintf("%d, %p, %p", $mqdes, $u_mqstat, $u_omqstat) } probe syscall.mq_getsetattr.return = - kernel.function("sys_mq_getsetattr").return ?, - kernel.function("compat_sys_mq_getsetattr").return ? + kernel.function("compat_sys_mq_getsetattr").return ?, + kernel.function("SyS_mq_getsetattr").return !, + kernel.function("sys_mq_getsetattr").return ? { name = "mq_getsetattr" retstr = returnstr(1) @@ -2662,8 +2902,9 @@ probe syscall.mq_getsetattr.return = # long compat_sys_mq_notify(mqd_t mqdes, const struct compat_sigevent __user *u_notification) # probe syscall.mq_notify = - kernel.function("sys_mq_notify") ?, - kernel.function("compat_sys_mq_notify") ? + kernel.function("compat_sys_mq_notify") ?, + kernel.function("SyS_mq_notify") !, + kernel.function("sys_mq_notify") ? { name = "mq_notify" mqdes = $mqdes @@ -2671,8 +2912,9 @@ probe syscall.mq_notify = argstr = sprintf("%d, %p", $mqdes, $u_notification) } probe syscall.mq_notify.return = - kernel.function("sys_mq_notify").return ?, - kernel.function("compat_sys_mq_notify").return ? + kernel.function("compat_sys_mq_notify").return ?, + kernel.function("SyS_mq_notify").return !, + kernel.function("sys_mq_notify").return ? { name = "mq_notify" retstr = returnstr(1) @@ -2688,8 +2930,9 @@ probe syscall.mq_notify.return = # struct compat_mq_attr __user *u_attr) # probe syscall.mq_open = - kernel.function("sys_mq_open") ?, - kernel.function("compat_sys_mq_open") ? + kernel.function("compat_sys_mq_open") ?, + kernel.function("SyS_mq_open") !, + kernel.function("sys_mq_open") ? { name = "mq_open" name_uaddr = $u_name @@ -2704,8 +2947,9 @@ probe syscall.mq_open = argstr = sprintf("%s, %s", user_string_quoted($u_name), _sys_open_flag_str($oflag)) } probe syscall.mq_open.return = - kernel.function("sys_mq_open").return ?, - kernel.function("compat_sys_mq_open").return ? + kernel.function("compat_sys_mq_open").return ?, + kernel.function("SyS_mq_open").return !, + kernel.function("sys_mq_open").return ? { name = "mq_open" retstr = returnstr(1) @@ -2723,8 +2967,9 @@ probe syscall.mq_open.return = # const struct compat_timespec __user *u_abs_timeout) # probe syscall.mq_timedreceive = - kernel.function("sys_mq_timedreceive") ?, - kernel.function("compat_sys_mq_timedreceive") ? + kernel.function("compat_sys_mq_timedreceive") ?, + kernel.function("SyS_mq_timedreceive") !, + kernel.function("sys_mq_timedreceive") ? { name = "mq_timedreceive" mqdes = $mqdes @@ -2736,8 +2981,9 @@ probe syscall.mq_timedreceive = $u_msg_prio, $u_abs_timeout) } probe syscall.mq_timedreceive.return = - kernel.function("sys_mq_timedreceive").return ?, - kernel.function("compat_sys_mq_timedreceive").return ? + kernel.function("compat_sys_mq_timedreceive").return ?, + kernel.function("SyS_mq_timedreceive").return !, + kernel.function("sys_mq_timedreceive").return ? { name = "mq_timedreceive" retstr = returnstr(1) @@ -2755,8 +3001,9 @@ probe syscall.mq_timedreceive.return = # const struct compat_timespec __user *u_abs_timeout) # probe syscall.mq_timedsend = - kernel.function("sys_mq_timedsend") ?, - kernel.function("compat_sys_mq_timedsend") ? + kernel.function("compat_sys_mq_timedsend") ?, + kernel.function("SyS_mq_timedsend") !, + kernel.function("sys_mq_timedsend") ? { name = "mq_timedsend" mqdes = $mqdes @@ -2768,8 +3015,9 @@ probe syscall.mq_timedsend = $msg_prio, $u_abs_timeout) } probe syscall.mq_timedsend.return = - kernel.function("sys_mq_timedsend").return ?, - kernel.function("compat_sys_mq_timedsend").return ? + kernel.function("compat_sys_mq_timedsend").return ?, + kernel.function("SyS_mq_timedsend").return !, + kernel.function("sys_mq_timedsend").return ? { name = "mq_timedsend" retstr = returnstr(1) @@ -2778,13 +3026,15 @@ probe syscall.mq_timedsend.return = # mq_unlink __________________________________________________ # long sys_mq_unlink(const char __user *u_name) # -probe syscall.mq_unlink = kernel.function("sys_mq_unlink") ? { +probe syscall.mq_unlink = kernel.function("SyS_mq_unlink") !, + kernel.function("sys_mq_unlink") ? { name = "mq_unlink" u_name_uaddr = $u_name u_name = user_string($u_name) argstr = user_string_quoted($u_name) } -probe syscall.mq_unlink.return = kernel.function("sys_mq_unlink").return ? { +probe syscall.mq_unlink.return = kernel.function("SyS_mq_unlink").return !, + kernel.function("sys_mq_unlink").return ? { name = "mq_unlink" retstr = returnstr(1) } @@ -2797,8 +3047,9 @@ probe syscall.mq_unlink.return = kernel.function("sys_mq_unlink").return ? { # unsigned long new_addr) # probe syscall.mremap = - kernel.function("sys_mremap") ?, - kernel.function("ia64_mremap") ? + kernel.function("ia64_mremap") ?, + kernel.function("SyS_mremap") !, + kernel.function("sys_mremap") ? { name = "mremap" old_address = $addr @@ -2810,8 +3061,9 @@ probe syscall.mremap = _mremap_flags($flags), $new_addr) } probe syscall.mremap.return = - kernel.function("sys_mremap").return ?, - kernel.function("ia64_mremap").return ? + kernel.function("ia64_mremap").return ?, + kernel.function("SyS_mremap").return !, + kernel.function("sys_mremap").return ? { name = "mremap" retstr = returnstr(2) @@ -2820,14 +3072,16 @@ probe syscall.mremap.return = # msgctl _____________________________________________________ # long sys_msgctl (int msqid, int cmd, struct msqid_ds __user *buf) # -probe syscall.msgctl = kernel.function("sys_msgctl") ? { +probe syscall.msgctl = kernel.function("SyS_msgctl") !, + kernel.function("sys_msgctl") ? { name = "msgctl" msqid = $msqid cmd = $cmd buf_uaddr = $buf argstr = sprintf("%d, %d, %p", $msqid, $cmd, $buf) } -probe syscall.msgctl.return = kernel.function("sys_msgctl").return ? { +probe syscall.msgctl.return = kernel.function("SyS_msgctl").return !, + kernel.function("sys_msgctl").return ? { name = "msgctl" retstr = returnstr(1) } @@ -2847,14 +3101,16 @@ probe syscall.compat_sys_msgctl.return = kernel.function("compat_sys_msgctl").re # msgget _____________________________________________________ # long sys_msgget (key_t key, int msgflg) # -probe syscall.msgget = kernel.function("sys_msgget") ? { +probe syscall.msgget = kernel.function("SyS_msgget") !, + kernel.function("sys_msgget") ? { name = "msgget" key = $key msgflg = $msgflg msgflg_str = _sys_open_flag_str($msgflg) argstr = sprintf("%d, %s", $key, _sys_open_flag_str($msgflg)) } -probe syscall.msgget.return = kernel.function("sys_msgget").return ? { +probe syscall.msgget.return = kernel.function("SyS_msgget").return !, + kernel.function("sys_msgget").return ? { name = "msgget" retstr = returnstr(1) } @@ -2866,7 +3122,8 @@ probe syscall.msgget.return = kernel.function("sys_msgget").return ? { # long msgtyp, # int msgflg) # -probe syscall.msgrcv = kernel.function("sys_msgrcv") ? { +probe syscall.msgrcv = kernel.function("SyS_msgrcv") !, + kernel.function("sys_msgrcv") ? { name = "msgrcv" msqid = $msqid msgp_uaddr = $msgp @@ -2875,7 +3132,8 @@ probe syscall.msgrcv = kernel.function("sys_msgrcv") ? { msgflg = $msgflg argstr = sprintf("%d, %p, %d, %d, %d", $msqid, $msgp, $msgsz, $msgtyp, $msgflg) } -probe syscall.msgrcv.return = kernel.function("sys_msgrcv").return ? { +probe syscall.msgrcv.return = kernel.function("SyS_msgrcv").return !, + kernel.function("sys_msgrcv").return ? { name = "msgrcv" retstr = returnstr(1) } @@ -2899,7 +3157,8 @@ probe syscall.compat_sys_msgrcv.return = kernel.function("compat_sys_msgrcv").re # size_t msgsz, # int msgflg) # -probe syscall.msgsnd = kernel.function("sys_msgsnd") ? { +probe syscall.msgsnd = kernel.function("SyS_msgsnd") !, + kernel.function("sys_msgsnd") ? { name = "msgsnd" msqid = $msqid msgp_uaddr = $msgp @@ -2907,7 +3166,8 @@ probe syscall.msgsnd = kernel.function("sys_msgsnd") ? { msgflg = $msgflg argstr = sprintf("%d, %p, %d, %d", $msqid, $msgp, $msgsz, $msgflg) } -probe syscall.msgsnd.return = kernel.function("sys_msgsnd").return ? { +probe syscall.msgsnd.return = kernel.function("SyS_msgsnd").return !, + kernel.function("sys_msgsnd").return ? { name = "msgsnd" retstr = returnstr(1) } @@ -2926,27 +3186,31 @@ probe syscall.compat_sys_msgsnd.return = kernel.function("compat_sys_msgsnd").re # msync ______________________________________________________ # long sys_msync(unsigned long start, size_t len, int flags) -probe syscall.msync = kernel.function("sys_msync") ? { +probe syscall.msync = kernel.function("SyS_msync") !, + kernel.function("sys_msync") ? { name = "msync" start = $start length = $len flags = $flags argstr = sprintf("%p, %d, %s",start, length, _msync_flag_str(flags)) } -probe syscall.msync.return = kernel.function("sys_msync").return ? { +probe syscall.msync.return = kernel.function("SyS_msync").return !, + kernel.function("sys_msync").return ? { name = "msync" retstr = returnstr(1) } # munlock ____________________________________________________ # long sys_munlock(unsigned long start, size_t len) -probe syscall.munlock = kernel.function("sys_munlock") ? { +probe syscall.munlock = kernel.function("SyS_munlock") !, + kernel.function("sys_munlock") ? { name = "munlock" addr = $start len = $len argstr = sprintf("%p, %d", addr, len) } -probe syscall.munlock.return = kernel.function("sys_munlock").return ? { +probe syscall.munlock.return = kernel.function("SyS_munlock").return !, + kernel.function("sys_munlock").return ? { name = "munlock" retstr = returnstr(1) } @@ -2964,13 +3228,15 @@ probe syscall.munlockall.return = kernel.function("sys_munlockall").return ? { # munmap _____________________________________________________ # long sys_munmap(unsigned long addr, size_t len) -probe syscall.munmap = kernel.function("sys_munmap") { +probe syscall.munmap = kernel.function("SyS_munmap") !, + kernel.function("sys_munmap") { name = "munmap" start = $addr length = $len argstr = sprintf("%p, %d", start, length) } -probe syscall.munmap.return = kernel.function("sys_munmap").return { +probe syscall.munmap.return = kernel.function("SyS_munmap").return !, + kernel.function("sys_munmap").return { name = "munmap" retstr = returnstr(1) } diff --git a/tapset/syscalls2.stp b/tapset/syscalls2.stp index 3b592e14..65bcf9bf 100644 --- a/tapset/syscalls2.stp +++ b/tapset/syscalls2.stp @@ -28,13 +28,15 @@ # long compat_sys_nanosleep(struct compat_timespec __user *rqtp, # struct compat_timespec __user *rmtp) # -probe syscall.nanosleep = kernel.function("sys_nanosleep") { +probe syscall.nanosleep = kernel.function("SyS_nanosleep") !, + kernel.function("sys_nanosleep") { name = "nanosleep" req_uaddr = $rqtp rem_uaddr = $rmtp argstr = sprintf("%s, %p", _struct_timespec_u($rqtp,1), $rmtp) } -probe syscall.nanosleep.return = kernel.function("sys_nanosleep").return { +probe syscall.nanosleep.return = kernel.function("SyS_nanosleep").return !, + kernel.function("sys_nanosleep").return { name = "nanosleep" retstr = returnstr(1) } @@ -76,12 +78,14 @@ probe syscall.nfsservctl.return = # nice _______________________________________________________ # long sys_nice(int increment) # -probe syscall.nice = kernel.function("sys_nice") ? { +probe syscall.nice = kernel.function("SyS_nice") !, + kernel.function("sys_nice") ? { name = "nice" inc = $increment argstr = sprintf("%d", $increment) } -probe syscall.nice.return = kernel.function("sys_nice").return ? { +probe syscall.nice.return = kernel.function("SyS_nice").return !, + kernel.function("sys_nice").return ? { name = "nice" retstr = returnstr(1) } @@ -104,9 +108,10 @@ probe syscall.ni_syscall.return = kernel.function("sys_ni_syscall").return { # (obsolete) long sys32_open(const char * filename, int flags, int mode) # probe syscall.open = - kernel.function("sys_open") ?, kernel.function("compat_sys_open") ?, - kernel.function("sys32_open") ? + kernel.function("sys32_open") ?, + kernel.function("SyS_open") !, + kernel.function("sys_open") ? { name = "open" filename = user_string($filename) @@ -120,9 +125,10 @@ probe syscall.open = _sys_open_flag_str($flags)) } probe syscall.open.return = - kernel.function("sys_open").return ?, kernel.function("compat_sys_open").return ?, - kernel.function("sys32_open").return ? + kernel.function("sys32_open").return ?, + kernel.function("SyS_open").return !, + kernel.function("sys_open").return ? { name = "open" retstr = returnstr(1) @@ -133,8 +139,9 @@ probe syscall.open.return = # long compat_sys_openat(unsigned int dfd, const char __user *filename, int flags, int mode) # probe syscall.openat = - kernel.function("sys_openat") ?, - kernel.function("compat_sys_openat") ? + kernel.function("compat_sys_openat") ?, + kernel.function("SyS_openat") !, + kernel.function("sys_openat") ? { name = "openat" filename = user_string($filename) @@ -150,8 +157,9 @@ probe syscall.openat = _sys_open_flag_str($flags)) } probe syscall.openat.return = - kernel.function("sys_openat").return ?, - kernel.function("compat_sys_openat").return ? + kernel.function("compat_sys_openat").return ?, + kernel.function("SyS_openat").return !, + kernel.function("sys_openat").return ? { name = "openat" retstr = returnstr(1) @@ -251,12 +259,14 @@ probe syscall.pause.return = kernel.function("sys_pause").return ?, # asmlinkage long # sys_personality(u_long personality) # -probe syscall.personality = kernel.function("sys_personality") { +probe syscall.personality = kernel.function("SyS_personality") !, + kernel.function("sys_personality") { name = "personality" persona = $personality argstr = sprintf("%p", persona); } -probe syscall.personality.return = kernel.function("sys_personality").return { +probe syscall.personality.return = kernel.function("SyS_personality").return !, + kernel.function("sys_personality").return { name = "personality" retstr = returnstr(1) } @@ -267,12 +277,14 @@ probe syscall.personality.return = kernel.function("sys_personality").return { # %(arch == "x86_64" %? # x86_64 gcc 4.1 problem -probe syscall.pipe = kernel.function("sys_pipe") { +probe syscall.pipe = kernel.function("SyS_pipe") !, + kernel.function("sys_pipe") { name = "pipe" argstr = "" } %: -probe syscall.pipe = kernel.function("sys_pipe") { +probe syscall.pipe = kernel.function("SyS_pipe") !, + kernel.function("sys_pipe") { name = "pipe" %( arch == "ia64" %? # ia64 just returns value directly, no fildes argument @@ -283,7 +295,8 @@ probe syscall.pipe = kernel.function("sys_pipe") { %) } %) -probe syscall.pipe.return = kernel.function("sys_pipe").return { +probe syscall.pipe.return = kernel.function("SyS_pipe").return !, + kernel.function("sys_pipe").return { name = "pipe" retstr = returnstr(1) } @@ -292,14 +305,16 @@ probe syscall.pipe.return = kernel.function("sys_pipe").return { # # long sys_pivot_root(const char __user *new_root, const char __user *put_old) # -probe syscall.pivot_root = kernel.function("sys_pivot_root") { +probe syscall.pivot_root = kernel.function("SyS_pivot_root") !, + kernel.function("sys_pivot_root") { name = "pivot_root" new_root_str = user_string($new_root) old_root_str = user_string($put_old) argstr = sprintf("%s, %s", user_string_quoted($new_root), user_string_quoted($put_old)) } -probe syscall.pivot_root.return = kernel.function("sys_pivot_root").return { +probe syscall.pivot_root.return = kernel.function("SyS_pivot_root").return !, + kernel.function("sys_pivot_root").return { name = "pivot_root" retstr = returnstr(1) } @@ -308,7 +323,8 @@ probe syscall.pivot_root.return = kernel.function("sys_pivot_root").return { # # long sys_poll(struct pollfd __user * ufds, unsigned int nfds, long timeout) # -probe syscall.poll = kernel.function("sys_poll") { +probe syscall.poll = kernel.function("SyS_poll") !, + kernel.function("sys_poll") { name = "poll" ufds_uaddr = $ufds nfds = $nfds @@ -319,7 +335,8 @@ probe syscall.poll = kernel.function("sys_poll") { %) argstr = sprintf("%p, %d, %d", $ufds, $nfds, timeout) } -probe syscall.poll.return = kernel.function("sys_poll").return { +probe syscall.poll.return = kernel.function("SyS_poll").return !, + kernel.function("sys_poll").return { name = "poll" retstr = returnstr(1) } @@ -330,7 +347,8 @@ probe syscall.poll.return = kernel.function("sys_poll").return { # struct timespec __user *tsp, const sigset_t __user *sigmask, # size_t sigsetsize) # -probe syscall.ppoll = kernel.function("sys_ppoll") ? { +probe syscall.ppoll = kernel.function("SyS_ppoll") !, + kernel.function("sys_ppoll") ? { name = "ppoll" argstr = sprintf("%p, %d, %s, %p, %d", $ufds, @@ -339,7 +357,8 @@ probe syscall.ppoll = kernel.function("sys_ppoll") ? { $sigmask, $sigsetsize) } -probe syscall.ppoll.return = kernel.function("sys_ppoll").return ? { +probe syscall.ppoll.return = kernel.function("SyS_ppoll").return !, + kernel.function("sys_ppoll").return ? { name = "ppoll" retstr = returnstr(1) } @@ -370,7 +389,8 @@ probe syscall.compat_ppoll.return = kernel.function("compat_sys_ppoll").return ? # unsigned long arg4, # unsigned long arg5) # -probe syscall.prctl = kernel.function("sys_prctl") { +probe syscall.prctl = kernel.function("SyS_prctl") !, + kernel.function("sys_prctl") { name = "prctl" option = $option arg2 = $arg2 @@ -380,7 +400,8 @@ probe syscall.prctl = kernel.function("sys_prctl") { argstr = sprintf("%p, %p, %p, %p, %p", option, arg2, arg3, arg4, arg5) } -probe syscall.prctl.return = kernel.function("sys_prctl").return { +probe syscall.prctl.return = kernel.function("SyS_prctl").return !, + kernel.function("sys_prctl").return { name = "prctl" retstr = returnstr(1) } @@ -391,7 +412,8 @@ probe syscall.prctl.return = kernel.function("sys_prctl").return { # size_t count, # loff_t pos) # -probe syscall.pread = kernel.function("sys_pread64") { +probe syscall.pread = kernel.function("SyS_pread64") !, + kernel.function("sys_pread64") { name = "pread" fd = $fd buf_uaddr = $buf @@ -399,7 +421,8 @@ probe syscall.pread = kernel.function("sys_pread64") { offset = $pos argstr = sprintf("%d, %p, %d, %d", $fd, $buf, $count, $pos) } -probe syscall.pread.return = kernel.function("sys_pread64").return { +probe syscall.pread.return = kernel.function("SyS_pread64").return !, + kernel.function("sys_pread64").return { name = "pread" retstr = returnstr(1) } @@ -409,12 +432,14 @@ probe syscall.pread.return = kernel.function("sys_pread64").return { # long sys_pselect6(int n, fd_set __user *inp, fd_set __user *outp, # fd_set __user *exp, struct timespec __user *tsp, void __user *sig) # -probe syscall.pselect6 = kernel.function("sys_pselect6") ? { +probe syscall.pselect6 = kernel.function("SyS_pselect6") !, + kernel.function("sys_pselect6") ? { name = "pselect6" argstr = sprintf("%d, %p, %p, %p, %s, %p", $n, $inp, $outp, $exp, _struct_timespec_u($tsp,1), $sig) } -probe syscall.pselect6.return = kernel.function("sys_pselect6").return ? { +probe syscall.pselect6.return = kernel.function("SyS_pselect6").return !, + kernel.function("sys_pselect6").return ? { name = "pselect6" retstr = returnstr(1) } @@ -460,7 +485,8 @@ probe syscall.compat_pselect7.return = kernel.function("compat_sys_pselect7").re # long addr, # long data) # -probe syscall.ptrace = kernel.function("sys_ptrace") ? { +probe syscall.ptrace = kernel.function("SyS_ptrace") !, + kernel.function("sys_ptrace") ? { name = "ptrace" request = $request pid = $pid @@ -468,7 +494,8 @@ probe syscall.ptrace = kernel.function("sys_ptrace") ? { data = $data argstr = sprintf("%d, %d, %p, %p", request, pid, addr, data) } -probe syscall.ptrace.return = kernel.function("sys_ptrace").return ? { +probe syscall.ptrace.return = kernel.function("SyS_ptrace").return !, + kernel.function("sys_ptrace").return ? { name = "ptrace" retstr = returnstr(1) } @@ -480,7 +507,8 @@ probe syscall.ptrace.return = kernel.function("sys_ptrace").return ? { # size_t count, # loff_t pos) # -probe syscall.pwrite = kernel.function("sys_pwrite64") { +probe syscall.pwrite = kernel.function("SyS_pwrite64") !, + kernel.function("sys_pwrite64") { name = "pwrite" fd = $fd buf_uaddr = $buf @@ -490,7 +518,8 @@ probe syscall.pwrite = kernel.function("sys_pwrite64") { text_strn(user_string($buf),syscall_string_trunc,1), $count, $pos) } -probe syscall.pwrite.return = kernel.function("sys_pwrite64").return { +probe syscall.pwrite.return = kernel.function("SyS_pwrite64").return !, + kernel.function("sys_pwrite64").return { name = "pwrite" retstr = returnstr(1) } @@ -526,7 +555,8 @@ probe syscall.pwrite32.return = kernel.function("sys32_pwrite64").return ? { # qid_t id, # void __user *addr) # -probe syscall.quotactl = kernel.function("sys_quotactl") ? { +probe syscall.quotactl = kernel.function("SyS_quotactl") !, + kernel.function("sys_quotactl") ? { name = "quotactl" cmd = $cmd cmd_str = _quotactl_cmd_str($cmd) @@ -536,7 +566,8 @@ probe syscall.quotactl = kernel.function("sys_quotactl") ? { addr_uaddr = $addr argstr = sprintf("%s, %s, %d, %p", cmd_str, special_str, $id, $addr) } -probe syscall.quotactl.return = kernel.function("sys_quotactl").return ? { +probe syscall.quotactl.return = kernel.function("SyS_quotactl").return !, + kernel.function("sys_quotactl").return ? { name = "quotactl" retstr = returnstr(1) } @@ -544,14 +575,16 @@ probe syscall.quotactl.return = kernel.function("sys_quotactl").return ? { # read _______________________________________________________ # ssize_t sys_read(unsigned int fd, char __user * buf, size_t count) -probe syscall.read = kernel.function("sys_read") { +probe syscall.read = kernel.function("SyS_read") !, + kernel.function("sys_read") { name = "read" fd = $fd buf_uaddr = $buf count = $count argstr = sprintf("%d, %p, %d", $fd, $buf, $count) } -probe syscall.read.return = kernel.function("sys_read").return { +probe syscall.read.return = kernel.function("SyS_read").return !, + kernel.function("sys_read").return { name = "read" retstr = returnstr(1) } @@ -563,14 +596,16 @@ probe syscall.read.return = kernel.function("sys_read").return { # loff_t offset, # size_t count) # -probe syscall.readahead = kernel.function("sys_readahead") { +probe syscall.readahead = kernel.function("SyS_readahead") !, + kernel.function("sys_readahead") { name = "readahead" fd = $fd offset = $offset count = $count argstr = sprintf("%d, %p, %p", fd, offset, count) } -probe syscall.readahead.return = kernel.function("sys_readahead").return { +probe syscall.readahead.return = kernel.function("SyS_readahead").return !, + kernel.function("sys_readahead").return { name = "readahead" retstr = returnstr(1) } @@ -601,7 +636,8 @@ probe syscall.readdir.return = # char __user * buf, # int bufsiz) # -probe syscall.readlink = kernel.function("sys_readlink") { +probe syscall.readlink = kernel.function("SyS_readlink") !, + kernel.function("sys_readlink") { name = "readlink" path = user_string($path) buf_uaddr = $buf @@ -609,7 +645,8 @@ probe syscall.readlink = kernel.function("sys_readlink") { argstr = sprintf("%s, %p, %d", user_string_quoted($path), $buf, $bufsiz) } -probe syscall.readlink.return = kernel.function("sys_readlink").return { +probe syscall.readlink.return = kernel.function("SyS_readlink").return !, + kernel.function("sys_readlink").return { name = "readlink" retstr = returnstr(1) } @@ -620,7 +657,8 @@ probe syscall.readlink.return = kernel.function("sys_readlink").return { # char __user * buf, # int bufsiz) # -probe syscall.readlinkat = kernel.function("sys_readlinkat") ? { +probe syscall.readlinkat = kernel.function("SyS_readlinkat") !, + kernel.function("sys_readlinkat") ? { name = "readlinkat" dfd = $dfd buf_uaddr = $buf @@ -634,7 +672,8 @@ probe syscall.readlinkat = kernel.function("sys_readlinkat") ? { %) } -probe syscall.readlinkat.return = kernel.function("sys_readlinkat").return ? { +probe syscall.readlinkat.return = kernel.function("SyS_readlinkat").return !, + kernel.function("sys_readlinkat").return ? { name = "readlinkat" retstr = returnstr(1) } @@ -649,8 +688,9 @@ probe syscall.readlinkat.return = kernel.function("sys_readlinkat").return ? { # unsigned long vlen) # probe syscall.readv = - kernel.function("sys_readv"), - kernel.function("compat_sys_readv") ? + kernel.function("compat_sys_readv") ?, + kernel.function("SyS_readv") !, + kernel.function("sys_readv") { name = "readv" vector_uaddr = $vec @@ -664,8 +704,9 @@ probe syscall.readv = %) } probe syscall.readv.return = - kernel.function("sys_readv").return, - kernel.function("compat_sys_readv").return ? + kernel.function("compat_sys_readv").return ?, + kernel.function("SyS_readv").return !, + kernel.function("sys_readv").return { name = "readv" retstr = returnstr(1) @@ -678,7 +719,8 @@ probe syscall.readv.return = # unsigned int cmd, # void __user * arg) # -probe syscall.reboot = kernel.function("sys_reboot") { +probe syscall.reboot = kernel.function("SyS_reboot") !, + kernel.function("sys_reboot") { name = "reboot" magic = $magic1 magic_str = _reboot_magic_str($magic1) @@ -690,7 +732,8 @@ probe syscall.reboot = kernel.function("sys_reboot") { argstr = sprintf("%s, %s, %s, %p", magic_str, magic2_str, flag_str, $arg) } -probe syscall.reboot.return = kernel.function("sys_reboot").return { +probe syscall.reboot.return = kernel.function("SyS_reboot").return !, + kernel.function("sys_reboot").return { name = "reboot" retstr = returnstr(1) } @@ -722,7 +765,8 @@ probe syscall.recv.return = kernel.function("sys_recv").return ? { # struct sockaddr __user *addr, # int __user *addr_len) # -probe syscall.recvfrom = kernel.function("sys_recvfrom") ? { +probe syscall.recvfrom = kernel.function("SyS_recvfrom") !, + kernel.function("sys_recvfrom") ? { name = "recvfrom" s = $fd buf_uaddr = $ubuf @@ -734,7 +778,8 @@ probe syscall.recvfrom = kernel.function("sys_recvfrom") ? { argstr = sprintf("%d, %p, %d, %s, %p, %p", $fd, $ubuf, $size, _recvflags_str($flags), $addr, $addr_len) } -probe syscall.recvfrom.return = kernel.function("sys_recvfrom").return ? { +probe syscall.recvfrom.return = kernel.function("SyS_recvfrom").return !, + kernel.function("sys_recvfrom").return ? { name = "recvfrom" retstr = returnstr(1) } @@ -745,7 +790,8 @@ probe syscall.recvfrom.return = kernel.function("sys_recvfrom").return ? { # struct msghdr __user *msg, # unsigned int flags) # -probe syscall.recvmsg = kernel.function("sys_recvmsg") ? { +probe syscall.recvmsg = kernel.function("SyS_recvmsg") !, + kernel.function("sys_recvmsg") ? { name = "recvmsg" s = $fd msg_uaddr = $msg @@ -753,7 +799,8 @@ probe syscall.recvmsg = kernel.function("sys_recvmsg") ? { flags_str = _recvflags_str($flags) argstr = sprintf("%d, %p, %s", $fd, $msg, _recvflags_str($flags)) } -probe syscall.recvmsg.return = kernel.function("sys_recvmsg").return ? { +probe syscall.recvmsg.return = kernel.function("SyS_recvmsg").return !, + kernel.function("sys_recvmsg").return ? { name = "recvmsg" retstr = returnstr(1) } @@ -783,7 +830,8 @@ probe syscall.compat_sys_recvmsg.return = kernel.function("compat_sys_recvmsg"). # unsigned long pgoff, # unsigned long flags) # -probe syscall.remap_file_pages = kernel.function("sys_remap_file_pages") ? { +probe syscall.remap_file_pages = kernel.function("SyS_remap_file_pages") !, + kernel.function("sys_remap_file_pages") ? { name = "remap_file_pages" start = $start size = $size @@ -798,6 +846,7 @@ probe syscall.remap_file_pages = kernel.function("sys_remap_file_pages") ? { pgoff, flags) } probe syscall.remap_file_pages.return = + kernel.function("SyS_remap_file_pages").return !, kernel.function("sys_remap_file_pages").return ? { name = "remap_file_pages" retstr = returnstr(1) @@ -809,7 +858,8 @@ probe syscall.remap_file_pages.return = # sys_removexattr(char __user *path, # char __user *name) # -probe syscall.removexattr = kernel.function("sys_removexattr") { +probe syscall.removexattr = kernel.function("SyS_removexattr") !, + kernel.function("sys_removexattr") { name = "removexattr" name_str = user_string($name) %( kernel_v >= "2.6.27" %? @@ -823,7 +873,8 @@ probe syscall.removexattr = kernel.function("sys_removexattr") { %) } -probe syscall.removexattr.return = kernel.function("sys_removexattr").return { +probe syscall.removexattr.return = kernel.function("SyS_removexattr").return !, + kernel.function("sys_removexattr").return { name = "removexattr" retstr = returnstr(1) } @@ -833,14 +884,16 @@ probe syscall.removexattr.return = kernel.function("sys_removexattr").return { # sys_rename(const char __user * oldname, # const char __user * newname) # -probe syscall.rename = kernel.function("sys_rename") { +probe syscall.rename = kernel.function("SyS_rename") !, + kernel.function("sys_rename") { name = "rename" oldpath = user_string($oldname) newpath = user_string($newname) argstr = sprintf("%s, %s", user_string_quoted($oldname), user_string_quoted($newname)) } -probe syscall.rename.return = kernel.function("sys_rename").return { +probe syscall.rename.return = kernel.function("SyS_rename").return !, + kernel.function("sys_rename").return { name = "rename" retstr = returnstr(1) } @@ -849,7 +902,8 @@ probe syscall.rename.return = kernel.function("sys_rename").return { # new function with 2.6.16 # long sys_renameat(int olddfd, const char __user *oldname, # int newdfd, const char __user *newname) -probe syscall.renameat = kernel.function("sys_renameat") ? { +probe syscall.renameat = kernel.function("SyS_renameat") !, + kernel.function("sys_renameat") ? { name = "renameat" olddfd = $olddfd olddfd_str = _dfd_str($olddfd) @@ -863,7 +917,8 @@ probe syscall.renameat = kernel.function("sys_renameat") ? { olddfd_str, user_string_quoted($oldname), newdfd_str, user_string_quoted($newname)) } -probe syscall.renameat.return = kernel.function("sys_renameat").return ? { +probe syscall.renameat.return = kernel.function("SyS_renameat").return !, + kernel.function("sys_renameat").return ? { name = "renameat" retstr = returnstr(1) } @@ -876,7 +931,8 @@ probe syscall.renameat.return = kernel.function("sys_renameat").return ? { # key_serial_t destringid) # compat_sys_request_key() calls sys_request_key, so don't need probe there. # -probe syscall.request_key = kernel.function("sys_request_key") ? { +probe syscall.request_key = kernel.function("SyS_request_key") !, + kernel.function("sys_request_key") ? { name = "request_key" type_uaddr = $_type description_uaddr = $_description @@ -884,7 +940,8 @@ probe syscall.request_key = kernel.function("sys_request_key") ? { destringid = $destringid argstr = sprintf("%p, %p, %p, %p", $_type, $_description, $_callout_info, $destringid) } -probe syscall.request_key.return = kernel.function("sys_request_key").return ? { +probe syscall.request_key.return = kernel.function("SyS_request_key").return !, + kernel.function("sys_request_key").return ? { name = "request_key" retstr = returnstr(1) } @@ -908,12 +965,14 @@ probe syscall.restart_syscall.return = # asmlinkage long # sys_rmdir(const char __user * pathname) # -probe syscall.rmdir = kernel.function("sys_rmdir") { +probe syscall.rmdir = kernel.function("SyS_rmdir") !, + kernel.function("sys_rmdir") { name = "rmdir" pathname = user_string($pathname) argstr = user_string_quoted($pathname) } -probe syscall.rmdir.return = kernel.function("sys_rmdir").return { +probe syscall.rmdir.return = kernel.function("SyS_rmdir").return !, + kernel.function("sys_rmdir").return { name = "rmdir" retstr = returnstr(1) } @@ -925,7 +984,8 @@ probe syscall.rmdir.return = kernel.function("sys_rmdir").return { # struct sigaction __user *oact, # size_t sigsetsize) # -probe syscall.rt_sigaction = kernel.function("sys_rt_sigaction") ? { +probe syscall.rt_sigaction = kernel.function("SyS_rt_sigaction") !, + kernel.function("sys_rt_sigaction") ? { name = "rt_sigaction" sig = $sig act_uaddr = $act @@ -934,7 +994,9 @@ probe syscall.rt_sigaction = kernel.function("sys_rt_sigaction") ? { argstr = sprintf("%s, {%s}, %p, %d", _signal_name($sig), _struct_sigaction_u($act), $oact, $sigsetsize) } -probe syscall.rt_sigaction.return = kernel.function("sys_rt_sigaction").return ? { +probe syscall.rt_sigaction.return = + kernel.function("SyS_rt_sigaction").return !, + kernel.function("sys_rt_sigaction").return ? { name = "rt_sigaction" retstr = returnstr(1) } @@ -972,13 +1034,16 @@ probe syscall.rt_sigaction32.return = kernel.function("sys32_rt_sigaction").retu # # long sys_rt_sigpending(sigset_t __user *set, size_t sigsetsize) # -probe syscall.rt_sigpending = kernel.function("sys_rt_sigpending") ? { +probe syscall.rt_sigpending = kernel.function("SyS_rt_sigpending") !, + kernel.function("sys_rt_sigpending") ? { name = "rt_sigpending" set_uaddr = $set sigsetsize = $sigsetsize argstr = sprintf("%p, %d", $set, $sigsetsize) } -probe syscall.rt_sigpending.return = kernel.function("sys_rt_sigpending").return ? { +probe syscall.rt_sigpending.return = + kernel.function("SyS_rt_sigpending").return !, + kernel.function("sys_rt_sigpending").return ? { name = "rt_sigpending" retstr = returnstr(1) } @@ -991,6 +1056,7 @@ probe syscall.rt_sigpending.return = kernel.function("sys_rt_sigpending").return probe syscall.rt_sigprocmask = kernel.function("sys32_rt_sigprocmask") ?, kernel.function("compat_sys_rt_sigprocmask") ?, + kernel.function("SyS_rt_sigprocmask") !, kernel.function("sys_rt_sigprocmask") ? { name = "rt_sigprocmask" @@ -1004,6 +1070,7 @@ probe syscall.rt_sigprocmask = probe syscall.rt_sigprocmask.return = kernel.function("sys32_rt_sigprocmask").return ?, kernel.function("compat_sys_rt_sigprocmask").return ?, + kernel.function("SyS_rt_sigprocmask").return !, kernel.function("sys_rt_sigprocmask").return ? { name = "rt_sigprocmask" @@ -1014,7 +1081,8 @@ probe syscall.rt_sigprocmask.return = # # long sys_rt_sigqueueinfo(int pid, int sig,siginfo_t __user *uinfo) # -probe syscall.rt_sigqueueinfo = kernel.function("sys_rt_sigqueueinfo") { +probe syscall.rt_sigqueueinfo = kernel.function("SyS_rt_sigqueueinfo") !, + kernel.function("sys_rt_sigqueueinfo") { name = "rt_sigqueueinfo" pid = $pid sig = $sig @@ -1022,6 +1090,7 @@ probe syscall.rt_sigqueueinfo = kernel.function("sys_rt_sigqueueinfo") { argstr = sprintf("%d, %s, %p", $pid, _signal_name($sig), $uinfo) } probe syscall.rt_sigqueueinfo.return = + kernel.function("SyS_rt_sigqueueinfo").return !, kernel.function("sys_rt_sigqueueinfo").return { name = "rt_sigqueueinfo" retstr = returnstr(1) @@ -1050,17 +1119,19 @@ probe syscall.rt_sigreturn.return = # sys_rt_sigsuspend(struct pt_regs regs) # probe syscall.rt_sigsuspend = - kernel.function("sys_rt_sigsuspend") ?, kernel.function("compat_sys_rt_sigsuspend") ?, - kernel.function("ia64_rt_sigsuspend") ? + kernel.function("ia64_rt_sigsuspend") ?, + kernel.function("SyS_rt_sigsuspend") !, + kernel.function("sys_rt_sigsuspend") ? { name = "rt_sigsuspend" argstr = "" } probe syscall.rt_sigsuspend.return = - kernel.function("sys_rt_sigsuspend").return ?, kernel.function("compat_sys_rt_sigsuspend").return ?, - kernel.function("ia64_rt_sigsuspend").return ? + kernel.function("ia64_rt_sigsuspend").return ?, + kernel.function("SyS_rt_sigsuspend").return !, + kernel.function("sys_rt_sigsuspend").return ? { name = "rt_sigsuspend" retstr = returnstr(1) @@ -1077,8 +1148,9 @@ probe syscall.rt_sigsuspend.return = # struct compat_timespec __user *uts, compat_size_t sigsetsize) # probe syscall.rt_sigtimedwait = - kernel.function("sys_rt_sigtimedwait"), - kernel.function("compat_sys_rt_sigtimedwait") ? + kernel.function("compat_sys_rt_sigtimedwait") ?, + kernel.function("SyS_rt_sigtimedwait") !, + kernel.function("sys_rt_sigtimedwait") { name = "rt_sigtimedwait" uthese_uaddr = $uthese @@ -1088,8 +1160,9 @@ probe syscall.rt_sigtimedwait = argstr = sprintf("%p, %p, %p, %d", $uthese, $uinfo, $uts, $sigsetsize) } probe syscall.rt_sigtimedwait.return = - kernel.function("sys_rt_sigtimedwait").return, - kernel.function("compat_sys_rt_sigtimedwait").return ? + kernel.function("compat_sys_rt_sigtimedwait").return ?, + kernel.function("SyS_rt_sigtimedwait").return !, + kernel.function("sys_rt_sigtimedwait").return { name = "rt_sigtimedwait" retstr = returnstr(1) @@ -1102,7 +1175,8 @@ probe syscall.rt_sigtimedwait.return = # unsigned int len, # unsigned long __user *user_mask_ptr) # -probe syscall.sched_getaffinity = kernel.function("sys_sched_getaffinity") { +probe syscall.sched_getaffinity = kernel.function("SyS_sched_getaffinity") !, + kernel.function("sys_sched_getaffinity") { name = "sched_getaffinity" pid = $pid len = $len @@ -1110,6 +1184,7 @@ probe syscall.sched_getaffinity = kernel.function("sys_sched_getaffinity") { argstr = sprintf("%d, %p, %p", pid, len, mask_uaddr) } probe syscall.sched_getaffinity.return = + kernel.function("SyS_sched_getaffinity").return !, kernel.function("sys_sched_getaffinity").return { name = "sched_getaffinity" retstr = returnstr(1) @@ -1120,13 +1195,15 @@ probe syscall.sched_getaffinity.return = # sys_sched_getparam(pid_t pid, # struct sched_param __user *param) # -probe syscall.sched_getparam = kernel.function("sys_sched_getparam") { +probe syscall.sched_getparam = kernel.function("SyS_sched_getparam") !, + kernel.function("sys_sched_getparam") { name = "sched_getparam" pid = $pid p_uaddr = $param argstr = sprintf("%d, %p", pid, p_uaddr) } probe syscall.sched_getparam.return = + kernel.function("SyS_sched_getparam").return !, kernel.function("sys_sched_getparam").return { name = "sched_getparam" retstr = returnstr(1) @@ -1137,12 +1214,14 @@ probe syscall.sched_getparam.return = # sys_sched_get_priority_max(int policy) # probe syscall.sched_get_priority_max = + kernel.function("SyS_sched_get_priority_max") !, kernel.function("sys_sched_get_priority_max") { name = "sched_get_priority_max" policy = $policy argstr = sprint(policy) } probe syscall.sched_get_priority_max.return = + kernel.function("SyS_sched_get_priority_max").return !, kernel.function("sys_sched_get_priority_max").return { name = "sched_get_priority_max" retstr = returnstr(1) @@ -1153,12 +1232,14 @@ probe syscall.sched_get_priority_max.return = # sys_sched_get_priority_min(int policy) # probe syscall.sched_get_priority_min = + kernel.function("SyS_sched_get_priority_min") !, kernel.function("sys_sched_get_priority_min") { name = "sched_get_priority_min" policy = $policy argstr = sprint(policy) } probe syscall.sched_get_priority_min.return = + kernel.function("SyS_sched_get_priority_min").return !, kernel.function("sys_sched_get_priority_min").return { name = "sched_get_priority_min" retstr = returnstr(1) @@ -1167,12 +1248,14 @@ probe syscall.sched_get_priority_min.return = # # long sys_sched_getscheduler(pid_t pid) # -probe syscall.sched_getscheduler = kernel.function("sys_sched_getscheduler") { +probe syscall.sched_getscheduler = kernel.function("SyS_sched_getscheduler") !, + kernel.function("sys_sched_getscheduler") { name = "sched_getscheduler" pid = $pid argstr = sprint($pid) } -probe syscall.sched_getscheduler.return = kernel.function("sys_sched_getscheduler").return { +probe syscall.sched_getscheduler.return = kernel.function("SyS_sched_getscheduler").return !, + kernel.function("sys_sched_getscheduler").return { name = "sched_getscheduler" retstr = returnstr(1) } @@ -1180,13 +1263,15 @@ probe syscall.sched_getscheduler.return = kernel.function("sys_sched_getschedule # # long sys_sched_rr_get_interval(pid_t pid, struct timespec __user *interval) # -probe syscall.sched_rr_get_interval = kernel.function("sys_sched_rr_get_interval") { +probe syscall.sched_rr_get_interval = kernel.function("SyS_sched_rr_get_interval") !, + kernel.function("sys_sched_rr_get_interval") { name = "sched_rr_get_interval" pid = $pid tp_uaddr = $interval argstr = sprintf("%d, %s", $pid, _struct_timespec_u($interval,1)) } -probe syscall.sched_rr_get_interval.return = kernel.function("sys_sched_rr_get_interval").return { +probe syscall.sched_rr_get_interval.return = kernel.function("SyS_sched_rr_get_interval").return !, + kernel.function("sys_sched_rr_get_interval").return { name = "sched_rr_get_interval" retstr = returnstr(1) } @@ -1198,7 +1283,8 @@ probe syscall.sched_rr_get_interval.return = kernel.function("sys_sched_rr_get_i # FIXME: why the problem with x86_64? # %( arch != "x86_64" %? -probe syscall.sched_setaffinity = kernel.function("sys_sched_setaffinity") { +probe syscall.sched_setaffinity = kernel.function("SyS_sched_setaffinity") !, + kernel.function("sys_sched_setaffinity") { name = "sched_setaffinity" pid = $pid len = $len @@ -1206,7 +1292,8 @@ probe syscall.sched_setaffinity = kernel.function("sys_sched_setaffinity") { argstr = sprintf("%d, %d, %p", $pid, $len, $user_mask_ptr) } %: -probe syscall.sched_setaffinity = kernel.function("sys_sched_setaffinity") { +probe syscall.sched_setaffinity = kernel.function("SyS_sched_setaffinity") !, + kernel.function("sys_sched_setaffinity") { name = "sched_setaffinity" pid = $pid len = 0 @@ -1214,7 +1301,8 @@ probe syscall.sched_setaffinity = kernel.function("sys_sched_setaffinity") { argstr = sprintf("%d, <unknown>, %p", $pid, $user_mask_ptr) } %) -probe syscall.sched_setaffinity.return = kernel.function("sys_sched_setaffinity").return { +probe syscall.sched_setaffinity.return = kernel.function("SyS_sched_setaffinity").return !, + kernel.function("sys_sched_setaffinity").return { name = "sched_setaffinity" retstr = returnstr(1) } @@ -1223,13 +1311,16 @@ probe syscall.sched_setaffinity.return = kernel.function("sys_sched_setaffinity" # # long sys_sched_setparam(pid_t pid, struct sched_param __user *param) # -probe syscall.sched_setparam = kernel.function("sys_sched_setparam") ? { +probe syscall.sched_setparam = kernel.function("SyS_sched_setparam") !, + kernel.function("sys_sched_setparam") ? { name = "sched_setparam" pid = $pid p_uaddr = $param argstr = sprintf("%d, %p", $pid, $param) } -probe syscall.sched_setparam.return = kernel.function("sys_sched_setparam").return ? { +probe syscall.sched_setparam.return = + kernel.function("SyS_sched_setparam").return !, + kernel.function("sys_sched_setparam").return ? { name = "sched_setparam" retstr = returnstr(1) } @@ -1238,7 +1329,9 @@ probe syscall.sched_setparam.return = kernel.function("sys_sched_setparam").retu # # long sys_sched_setscheduler(pid_t pid, int policy, struct sched_param __user *param) # -probe syscall.sched_setscheduler = kernel.function("sys_sched_setscheduler") ? { +probe syscall.sched_setscheduler = + kernel.function("SyS_sched_setscheduler") !, + kernel.function("sys_sched_setscheduler") ? { name = "sched_setscheduler" pid = $pid policy = $policy @@ -1246,7 +1339,9 @@ probe syscall.sched_setscheduler = kernel.function("sys_sched_setscheduler") ? { p_uaddr = $param argstr = sprintf("%d, %s, %p", $pid, policy_str, $param) } -probe syscall.sched_setscheduler.return = kernel.function("sys_sched_setscheduler").return ? { +probe syscall.sched_setscheduler.return = + kernel.function("SyS_sched_setscheduler").return !, + kernel.function("sys_sched_setscheduler").return ? { name = "sched_setscheduler" retstr = returnstr(1) } @@ -1270,7 +1365,8 @@ probe syscall.sched_yield.return = kernel.function("sys_sched_yield").return { # fd_set __user *exp, # struct timeval __user *tvp) # -probe syscall.select = kernel.function("sys_select") { +probe syscall.select = kernel.function("SyS_select") !, + kernel.function("sys_select") { name = "select" n = $n readfds_uaddr = $inp @@ -1280,7 +1376,8 @@ probe syscall.select = kernel.function("sys_select") { argstr = sprintf("%d, %p, %p, %p, %s", $n, $inp, $outp, $exp, _struct_timeval_u($tvp, 1)) } -probe syscall.select.return = kernel.function("sys_select").return { +probe syscall.select.return = kernel.function("SyS_select").return !, + kernel.function("sys_select").return { name = "select" retstr = returnstr(1) } @@ -1311,7 +1408,8 @@ probe syscall.compat_select.return = kernel.function("compat_sys_select").return # int cmd, # union semun arg) # -probe syscall.semctl = kernel.function("sys_semctl") ? { +probe syscall.semctl = kernel.function("SyS_semctl") !, + kernel.function("sys_semctl") ? { name = "semctl" semid = $semid semnum = $semnum @@ -1322,7 +1420,8 @@ probe syscall.semctl = kernel.function("sys_semctl") ? { */ argstr = sprintf("%d, %d, %s", $semid, $semnum, _semctl_cmd($cmd)) } -probe syscall.semctl.return = kernel.function("sys_semctl").return ? { +probe syscall.semctl.return = kernel.function("SyS_semctl").return !, + kernel.function("sys_semctl").return ? { name = "semctl" retstr = returnstr(1) } @@ -1342,14 +1441,16 @@ probe syscall.compat_sys_semctl.return = kernel.function("compat_sys_semctl").re # semget _____________________________________________________ # long sys_semget (key_t key, int nsems, int semflg) # -probe syscall.semget = kernel.function("sys_semget") ? { +probe syscall.semget = kernel.function("SyS_semget") !, + kernel.function("sys_semget") ? { name = "semget" key = $key nsems = $nsems semflg = $semflg argstr = sprintf("%d, %d, %s", $key, $nsems, __sem_flags($semflg)) } -probe syscall.semget.return = kernel.function("sys_semget").return ? { +probe syscall.semget.return = kernel.function("SyS_semget").return !, + kernel.function("sys_semget").return ? { name = "semget" retstr = returnstr(1) } @@ -1360,14 +1461,16 @@ probe syscall.semget.return = kernel.function("sys_semget").return ? { # struct sembuf __user *tsops, # unsigned nsops) # -probe syscall.semop = kernel.function("sys_semtimedop") ? { +probe syscall.semop = kernel.function("SyS_semtimedop") !, + kernel.function("sys_semtimedop") ? { name = "semop" semid = $semid tsops_uaddr = $tsops nsops = $nsops argstr = sprintf("%d, %p, %d", $semid, $tsops, $nsops) } -probe syscall.semop.return = kernel.function("sys_semtimedop").return ? { +probe syscall.semop.return = kernel.function("SyS_semtimedop").return !, + kernel.function("sys_semtimedop").return ? { name = "semop" retstr = returnstr(1) } @@ -1379,7 +1482,8 @@ probe syscall.semop.return = kernel.function("sys_semtimedop").return ? { # unsigned nsops, # const struct timespec __user *timeout) # -probe syscall.semtimedop = kernel.function("sys_semtimedop") ? { +probe syscall.semtimedop = kernel.function("SyS_semtimedop") !, + kernel.function("sys_semtimedop") ? { name = "semtimedop" semid = $semid sops_uaddr = $tsops @@ -1388,7 +1492,8 @@ probe syscall.semtimedop = kernel.function("sys_semtimedop") ? { argstr = sprintf("%d, %p, %d, %s", $semid, $tsops, $nsops, _struct_timespec_u($timeout,1)) } -probe syscall.semtimedop.return = kernel.function("sys_semtimedop").return ? { +probe syscall.semtimedop.return = kernel.function("SyS_semtimedop").return !, + kernel.function("sys_semtimedop").return ? { name = "semtimedop" retstr = returnstr(1) } @@ -1418,7 +1523,8 @@ probe syscall.compat_sys_semtimedop.return = kernel.function("compat_sys_semtime # size_t len, # unsigned flags) # -probe syscall.send = kernel.function("sys_send") ? { +probe syscall.send = kernel.function("SyS_send") !, + kernel.function("sys_send") ? { name = "send" s = $fd buf_uaddr = $buff @@ -1427,7 +1533,8 @@ probe syscall.send = kernel.function("sys_send") ? { flags_str = _sendflags_str($flags) argstr = sprintf("%d, %p, %d, %s", $fd, $buff, $len, flags_str) } -probe syscall.send.return = kernel.function("sys_send").return ? { +probe syscall.send.return = kernel.function("SyS_send").return !, + kernel.function("sys_send").return ? { name = "send" retstr = returnstr(1) } @@ -1440,7 +1547,9 @@ probe syscall.send.return = kernel.function("sys_send").return ? { # size_t count) # probe syscall.sendfile = + kernel.function("SyS_sendfile") ?, kernel.function("sys_sendfile") ?, + kernel.function("SyS_sendfile64") ?, kernel.function("sys_sendfile64") ? { name = "sendfile" @@ -1452,7 +1561,9 @@ probe syscall.sendfile = $count) } probe syscall.sendfile.return = + kernel.function("SyS_sendfile").return ?, kernel.function("sys_sendfile").return ?, + kernel.function("SyS_sendfile64").return ?, kernel.function("sys_sendfile64").return ? { name = "sendfile" @@ -1463,7 +1574,8 @@ probe syscall.sendfile.return = # # long sys_sendmsg(int fd, struct msghdr __user *msg, unsigned flags) # -probe syscall.sendmsg = kernel.function("sys_sendmsg") ? { +probe syscall.sendmsg = kernel.function("SyS_sendmsg") !, + kernel.function("sys_sendmsg") ? { name = "sendmsg" s = $fd msg_uaddr = $msg @@ -1471,7 +1583,8 @@ probe syscall.sendmsg = kernel.function("sys_sendmsg") ? { flags_str = _sendflags_str($flags) argstr = sprintf("%d, %p, %s", $fd, $msg, _sendflags_str($flags)) } -probe syscall.sendmsg.return = kernel.function("sys_sendmsg").return ? { +probe syscall.sendmsg.return = kernel.function("SyS_sendmsg").return !, + kernel.function("sys_sendmsg").return ? { name = "sendmsg" retstr = returnstr(1) } @@ -1500,7 +1613,8 @@ probe syscall.compat_sys_sendmsg.return = kernel.function("compat_sys_sendmsg"). # struct sockaddr __user *addr, # int addr_len) # -probe syscall.sendto = kernel.function("sys_sendto") ? { +probe syscall.sendto = kernel.function("SyS_sendto") !, + kernel.function("sys_sendto") ? { name = "sendto" s = $fd buf_uaddr = $buff @@ -1512,7 +1626,8 @@ probe syscall.sendto = kernel.function("sys_sendto") ? { argstr = sprintf("%d, %p, %d, %s, %s, %d", $fd, $buff, $len, flags_str, _struct_sockaddr_u($addr,$addr_len), $addr_len) } -probe syscall.sendto.return = kernel.function("sys_sendto").return ? { +probe syscall.sendto.return = kernel.function("SyS_sendto").return !, + kernel.function("sys_sendto").return ? { name = "sendto" retstr = returnstr(1) } @@ -1523,13 +1638,15 @@ probe syscall.sendto.return = kernel.function("sys_sendto").return ? { # sys_setdomainname(char __user *name, # int len) # -probe syscall.setdomainname = kernel.function("sys_setdomainname") { +probe syscall.setdomainname = kernel.function("SyS_setdomainname") !, + kernel.function("sys_setdomainname") { name = "setdomainname" hostname_uaddr = $name len = $len argstr = sprintf("%p, %d", $name, $len) } probe syscall.setdomainname.return = + kernel.function("SyS_setdomainname").return !, kernel.function("sys_setdomainname").return { name = "setdomainname" retstr = returnstr(1) @@ -1540,16 +1657,18 @@ probe syscall.setdomainname.return = # long sys_setfsgid16(old_gid_t gid) # probe syscall.setfsgid = - kernel.function("sys_setfsgid") ?, - kernel.function("sys_setfsgid16") ? + kernel.function("sys_setfsgid16") ?, + kernel.function("SyS_setfsgid") !, + kernel.function("sys_setfsgid") ? { name = "setfsgid" fsgid = $gid argstr = sprint($gid) } probe syscall.setfsgid.return = - kernel.function("sys_setfsgid").return ?, - kernel.function("sys_setfsgid16").return ? + kernel.function("sys_setfsgid16").return ?, + kernel.function("SyS_setfsgid").return !, + kernel.function("sys_setfsgid").return ? { name = "setfsgid" retstr = returnstr(1) @@ -1560,16 +1679,18 @@ probe syscall.setfsgid.return = # long sys_setfsuid16(old_uid_t uid) # probe syscall.setfsuid = - kernel.function("sys_setfsuid") ?, - kernel.function("sys_setfsuid16") ? + kernel.function("sys_setfsuid16") ?, + kernel.function("SyS_setfsuid") !, + kernel.function("sys_setfsuid") ? { name = "setfsuid" fsuid = $uid argstr = sprint($uid) } probe syscall.setfsuid.return = - kernel.function("sys_setfsuid").return ?, - kernel.function("sys_setfsuid16").return ? + kernel.function("sys_setfsuid16").return ?, + kernel.function("SyS_setfsuid").return !, + kernel.function("sys_setfsuid").return ? { name = "setfsuid" retstr = returnstr(1) @@ -1581,16 +1702,18 @@ probe syscall.setfsuid.return = # long sys_setgid16(old_gid_t gid) # probe syscall.setgid = - kernel.function("sys_setgid") ?, - kernel.function("sys_setgid16") ? + kernel.function("sys_setgid16") ?, + kernel.function("SyS_setgid") !, + kernel.function("sys_setgid") ? { name = "setgid" gid = $gid argstr = sprint($gid) } probe syscall.setgid.return = - kernel.function("sys_setgid").return ?, - kernel.function("sys_setgid16").return ? + kernel.function("sys_setgid16").return ?, + kernel.function("SyS_setgid").return !, + kernel.function("sys_setgid").return ? { name = "setgid" retstr = returnstr(1) @@ -1603,9 +1726,10 @@ probe syscall.setgid.return = # long sys32_setgroups16(int gidsetsize, u16 __user *grouplist) # probe syscall.setgroups = - kernel.function("sys_setgroups") ?, kernel.function("sys_setgroups16") ?, - kernel.function("sys32_setgroups16") ? + kernel.function("sys32_setgroups16") ?, + kernel.function("SyS_setgroups") !, + kernel.function("sys_setgroups") ? { name = "setgroups" size = $gidsetsize @@ -1613,9 +1737,10 @@ probe syscall.setgroups = argstr = sprintf("%d, %p", $gidsetsize, $grouplist) } probe syscall.setgroups.return = - kernel.function("sys_setgroups").return ?, kernel.function("sys_setgroups16").return ?, - kernel.function("sys32_setgroups16").return ? + kernel.function("sys32_setgroups16").return ?, + kernel.function("SyS_setgroups").return !, + kernel.function("sys_setgroups").return ? { name = "setgroups" retstr = returnstr(1) @@ -1627,14 +1752,16 @@ probe syscall.setgroups.return = # sys_sethostname(char __user *name, # int len) # -probe syscall.sethostname = kernel.function("sys_sethostname") { +probe syscall.sethostname = kernel.function("SyS_sethostname") !, + kernel.function("sys_sethostname") { name = "sethostname" hostname_uaddr = $name name_str = user_string($name) len = $len argstr = sprintf("%s, %d", user_string_quoted($name), $len) } -probe syscall.sethostname.return = kernel.function("sys_sethostname").return { +probe syscall.sethostname.return = kernel.function("SyS_sethostname").return !, + kernel.function("sys_sethostname").return { name = "sethostname" retstr = returnstr(1) } @@ -1644,7 +1771,8 @@ probe syscall.sethostname.return = kernel.function("sys_sethostname").return { # struct itimerval __user *value, # struct itimerval __user *ovalue) # -probe syscall.setitimer = kernel.function("sys_setitimer") { +probe syscall.setitimer = kernel.function("SyS_setitimer") !, + kernel.function("sys_setitimer") { name = "setitimer" which = $which value_uaddr = $value @@ -1652,7 +1780,8 @@ probe syscall.setitimer = kernel.function("sys_setitimer") { argstr = sprintf("%s, %s, %p", _itimer_which_str($which), _struct_itimerval_u($value), $ovalue) } -probe syscall.setitimer.return = kernel.function("sys_setitimer").return { +probe syscall.setitimer.return = kernel.function("SyS_setitimer").return !, + kernel.function("sys_setitimer").return { name = "setitimer" retstr = returnstr(1) } @@ -1680,8 +1809,9 @@ probe syscall.compat_setitimer.return = kernel.function("compat_sys_setitimer"). # unsigned long maxnode) # probe syscall.set_mempolicy = - kernel.function("sys_set_mempolicy") ?, - kernel.function("compat_sys_set_mempolicy") ? + kernel.function("compat_sys_set_mempolicy") ?, + kernel.function("SyS_set_mempolicy") !, + kernel.function("sys_set_mempolicy") ? { name = "set_mempolicy" mode = $mode @@ -1690,8 +1820,9 @@ probe syscall.set_mempolicy = argstr = sprintf("%d, %p, %d", $mode, $nmask, $maxnode) } probe syscall.set_mempolicy.return = - kernel.function("sys_set_mempolicy").return ?, - kernel.function("compat_sys_set_mempolicy").return ? + kernel.function("compat_sys_set_mempolicy").return ?, + kernel.function("SyS_set_mempolicy").return !, + kernel.function("sys_set_mempolicy").return ? { name = "set_mempolicy" retstr = returnstr(1) @@ -1703,13 +1834,15 @@ probe syscall.set_mempolicy.return = # sys_setpgid(pid_t pid, # pid_t pgid) # -probe syscall.setpgid = kernel.function("sys_setpgid") { +probe syscall.setpgid = kernel.function("SyS_setpgid") !, + kernel.function("sys_setpgid") { name = "setpgid" pid = $pid pgid = $pgid argstr = sprintf("%d, %d", $pid, $pgid) } -probe syscall.setpgid.return = kernel.function("sys_setpgid").return { +probe syscall.setpgid.return = kernel.function("SyS_setpgid").return !, + kernel.function("sys_setpgid").return { name = "setpgid" retstr = returnstr(1) } @@ -1720,7 +1853,8 @@ probe syscall.setpgid.return = kernel.function("sys_setpgid").return { # int who, # int niceval) # -probe syscall.setpriority = kernel.function("sys_setpriority") { +probe syscall.setpriority = kernel.function("SyS_setpriority") !, + kernel.function("sys_setpriority") { name = "setpriority" which = $which which_str = _priority_which_str($which) @@ -1728,7 +1862,8 @@ probe syscall.setpriority = kernel.function("sys_setpriority") { prio = $niceval argstr = sprintf("%s, %d, %d", which_str, $who, $niceval) } -probe syscall.setpriority.return = kernel.function("sys_setpriority").return { +probe syscall.setpriority.return = kernel.function("SyS_setpriority").return !, + kernel.function("sys_setpriority").return { name = "setpriority" retstr = returnstr(1) } @@ -1736,13 +1871,15 @@ probe syscall.setpriority.return = kernel.function("sys_setpriority").return { # setregid ___________________________________________________ # long sys_setregid(gid_t rgid, gid_t egid) # -probe syscall.setregid = kernel.function("sys_setregid") { +probe syscall.setregid = kernel.function("SyS_setregid") !, + kernel.function("sys_setregid") { name = "setregid" rgid = __int32($rgid) egid = __int32($egid) argstr = sprintf("%d, %d", rgid, egid) } -probe syscall.setregid.return = kernel.function("sys_setregid").return { +probe syscall.setregid.return = kernel.function("SyS_setregid").return !, + kernel.function("sys_setregid").return { name = "setregid" retstr = returnstr(1) } @@ -1762,14 +1899,16 @@ probe syscall.setregid16.return = kernel.function("sys_setregid16").return ? { # setresgid __________________________________________________ # long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid) # -probe syscall.setresgid = kernel.function("sys_setresgid") { +probe syscall.setresgid = kernel.function("SyS_setresgid") !, + kernel.function("sys_setresgid") { name = "setresgid" rgid = __int32($rgid) egid = __int32($egid) sgid = __int32($sgid) argstr = sprintf("%d, %d, %d", rgid, egid, sgid) } -probe syscall.setresgid.return = kernel.function("sys_setresgid").return { +probe syscall.setresgid.return = kernel.function("SyS_setresgid").return !, + kernel.function("sys_setresgid").return { name = "setresgid" retstr = returnstr(1) } @@ -1795,14 +1934,16 @@ probe syscall.setresgid16.return = kernel.function("sys_setresgid16").return ? { # # long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid) # -probe syscall.setresuid = kernel.function("sys_setresuid") { +probe syscall.setresuid = kernel.function("SyS_setresuid") !, + kernel.function("sys_setresuid") { name = "setresuid" ruid = __int32($ruid) euid = __int32($euid) suid = __int32($suid) argstr = sprintf("%d, %d, %d", ruid, euid, suid) } -probe syscall.setresuid.return = kernel.function("sys_setresuid").return { +probe syscall.setresuid.return = kernel.function("SyS_setresuid").return !, + kernel.function("sys_setresuid").return { name = "setresuid" retstr = returnstr(1) } @@ -1826,13 +1967,15 @@ probe syscall.setresuid16.return = kernel.function("sys_setresuid16").return ? { # setreuid ___________________________________________________ # long sys_setreuid(uid_t ruid, uid_t euid) # -probe syscall.setreuid = kernel.function("sys_setreuid") { +probe syscall.setreuid = kernel.function("SyS_setreuid") !, + kernel.function("sys_setreuid") { name = "setreuid" ruid = __int32($ruid) euid = __int32($euid) argstr = sprintf("%d, %d", ruid, euid) } -probe syscall.setreuid.return = kernel.function("sys_setreuid").return { +probe syscall.setreuid.return = kernel.function("SyS_setreuid").return !, + kernel.function("sys_setreuid").return { name = "setreuid" retstr = returnstr(1) } @@ -1855,14 +1998,16 @@ probe syscall.setreuid16.return = kernel.function("sys_setreuid16").return ? { # sys_setrlimit(unsigned int resource, # struct rlimit __user *rlim) # -probe syscall.setrlimit = kernel.function("sys_setrlimit") { +probe syscall.setrlimit = kernel.function("SyS_setrlimit") !, + kernel.function("sys_setrlimit") { name = "setrlimit" resource = $resource rlim_uaddr = $rlim argstr = sprintf("%s, %s", _rlimit_resource_str($resource), _struct_rlimit_u($rlim)) } -probe syscall.setrlimit.return = kernel.function("sys_setrlimit").return { +probe syscall.setrlimit.return = kernel.function("SyS_setrlimit").return !, + kernel.function("sys_setrlimit").return { name = "setrlimit" retstr = returnstr(1) } @@ -1888,8 +2033,9 @@ probe syscall.setsid.return = kernel.function("sys_setsid").return { # int optlen) # probe syscall.setsockopt = - kernel.function("sys_setsockopt") ?, - kernel.function("compat_sys_setsockopt") ? + kernel.function("compat_sys_setsockopt") ?, + kernel.function("SyS_setsockopt") !, + kernel.function("sys_setsockopt") ? { name = "setsockopt" fd = $fd @@ -1903,8 +2049,9 @@ probe syscall.setsockopt = optname_str, $optval, $optlen) } probe syscall.setsockopt.return = - kernel.function("sys_setsockopt").return ?, - kernel.function("compat_sys_setsockopt").return ? + kernel.function("compat_sys_setsockopt").return ?, + kernel.function("SyS_setsockopt").return !, + kernel.function("sys_setsockopt").return ? { name = "setsockopt" retstr = returnstr(1) @@ -1915,12 +2062,14 @@ probe syscall.setsockopt.return = # asmlinkage long # sys_set_tid_address(int __user *tidptr) # -probe syscall.set_tid_address = kernel.function("sys_set_tid_address") { +probe syscall.set_tid_address = kernel.function("SyS_set_tid_address") !, + kernel.function("sys_set_tid_address") { name = "set_tid_address" tidptr_uaddr = $tidptr argstr = sprintf("%p", tidptr_uaddr) } probe syscall.set_tid_address.return = + kernel.function("SyS_set_tid_address").return !, kernel.function("sys_set_tid_address").return { name = "set_tid_address" retstr = returnstr(1) @@ -1930,13 +2079,15 @@ probe syscall.set_tid_address.return = # long sys_settimeofday(struct timeval __user *tv, # struct timezone __user *tz) # -probe syscall.settimeofday = kernel.function("sys_settimeofday") { +probe syscall.settimeofday = kernel.function("SyS_settimeofday") !, + kernel.function("sys_settimeofday") { name = "settimeofday" tv_uaddr = $tv tz_uaddr = $tz argstr = sprintf("%s, %s", _struct_timeval_u($tv, 1), _struct_timezone_u($tz)) } -probe syscall.settimeofday.return = kernel.function("sys_settimeofday").return { +probe syscall.settimeofday.return = kernel.function("SyS_settimeofday").return !, + kernel.function("sys_settimeofday").return { name = "settimeofday" retstr = returnstr(1) } @@ -1968,6 +2119,7 @@ probe syscall.settimeofday32.return = # probe syscall.setuid = kernel.function("sys_setuid16") ?, + kernel.function("SyS_setuid") !, kernel.function("sys_setuid") { name = "setuid" @@ -1976,6 +2128,7 @@ probe syscall.setuid = } probe syscall.setuid.return = kernel.function("sys_setuid16").return ?, + kernel.function("SyS_setuid").return !, kernel.function("sys_setuid").return { name = "setuid" @@ -1989,7 +2142,8 @@ probe syscall.setuid.return = # size_t size, # int flags) # -probe syscall.setxattr = kernel.function("sys_setxattr") { +probe syscall.setxattr = kernel.function("SyS_setxattr") !, + kernel.function("sys_setxattr") { name = "setxattr" %( kernel_v >= "2.6.27" %? path_uaddr = $pathname @@ -2012,7 +2166,8 @@ probe syscall.setxattr = kernel.function("sys_setxattr") { user_string_quoted($name), value_uaddr, $size, $flags) } -probe syscall.setxattr.return = kernel.function("sys_setxattr").return { +probe syscall.setxattr.return = kernel.function("SyS_setxattr").return !, + kernel.function("sys_setxattr").return { name = "setxattr" retstr = returnstr(1) } @@ -2033,14 +2188,16 @@ probe syscall.sgetmask.return = kernel.function("sys_sgetmask").return ? { # # long sys_shmat(int shmid, char __user *shmaddr, int shmflg) # -probe syscall.shmat = kernel.function("sys_shmat") ? { +probe syscall.shmat = kernel.function("SyS_shmat") !, + kernel.function("sys_shmat") ? { name = "shmat" shmid = $shmid shmaddr_uaddr = $shmaddr shmflg = $shmflg argstr = sprintf("%d, %p, %s", $shmid, $shmaddr, _shmat_flags_str($shmflg)) } -probe syscall.shmat.return = kernel.function("sys_shmat").return ? { +probe syscall.shmat.return = kernel.function("SyS_shmat").return !, + kernel.function("sys_shmat").return ? { name = "shmat" retstr = returnstr(1) } @@ -2068,14 +2225,16 @@ probe syscall.compat_sys_shmat.return = kernel.function("compat_sys_shmat").retu # int cmd, # struct shmid_ds __user *buf) # -probe syscall.shmctl = kernel.function("sys_shmctl") ? { +probe syscall.shmctl = kernel.function("SyS_shmctl") !, + kernel.function("sys_shmctl") ? { name = "shmctl" shmid = $shmid cmd = $cmd buf_uaddr = $buf argstr = sprintf("%d, %s, %p", $shmid, _semctl_cmd($cmd), $buf) } -probe syscall.shmctl.return = kernel.function("sys_shmctl").return ? { +probe syscall.shmctl.return = kernel.function("SyS_shmctl").return !, + kernel.function("sys_shmctl").return ? { name = "shmctl" retstr = returnstr(1) } @@ -2099,12 +2258,14 @@ probe syscall.compat_sys_shmctl.return = kernel.function("compat_sys_shmctl").re # # long sys_shmdt(char __user *shmaddr) # -probe syscall.shmdt = kernel.function("sys_shmdt") ? { +probe syscall.shmdt = kernel.function("SyS_shmdt") !, + kernel.function("sys_shmdt") ? { name = "shmdt" shmaddr_uaddr = $shmaddr argstr = sprintf("%p", $shmaddr) } -probe syscall.shmdt.return = kernel.function("sys_shmdt").return ? { +probe syscall.shmdt.return = kernel.function("SyS_shmdt").return !, + kernel.function("sys_shmdt").return ? { name = "shmdt" retstr = returnstr(1) } @@ -2115,14 +2276,16 @@ probe syscall.shmdt.return = kernel.function("sys_shmdt").return ? { # size_t size, # int shmflg) # -probe syscall.shmget = kernel.function("sys_shmget") ? { +probe syscall.shmget = kernel.function("SyS_shmget") !, + kernel.function("sys_shmget") ? { name = "shmget" key = $key size = $size shmflg = $shmflg argstr = sprintf("%d, %d, %d", $key, $size, $shmflg) } -probe syscall.shmget.return = kernel.function("sys_shmget").return ? { +probe syscall.shmget.return = kernel.function("SyS_shmget").return !, + kernel.function("sys_shmget").return ? { name = "shmget" retstr = returnstr(1) } @@ -2131,14 +2294,16 @@ probe syscall.shmget.return = kernel.function("sys_shmget").return ? { # # long sys_shutdown(int fd, int how) # -probe syscall.shutdown = kernel.function("sys_shutdown") ? { +probe syscall.shutdown = kernel.function("SyS_shutdown") !, + kernel.function("sys_shutdown") ? { name = "shutdown" s = $fd how = $how how_str = _shutdown_how_str($how) argstr = sprintf("%d, %s", $fd, how_str) } -probe syscall.shutdown.return = kernel.function("sys_shutdown").return ? { +probe syscall.shutdown.return = kernel.function("SyS_shutdown").return !, + kernel.function("sys_shutdown").return ? { name = "shutdown" retstr = returnstr(1) } @@ -2173,13 +2338,15 @@ probe syscall.sigaction32.return = kernel.function("sys32_sigaction").return ? { # signal _____________________________________________________ # unsigned long sys_signal(int sig, __sighandler_t handler) # -probe syscall.signal = kernel.function("sys_signal") ? { +probe syscall.signal = kernel.function("SyS_signal") !, + kernel.function("sys_signal") ? { name = "signal" sig = $sig handler = $handler argstr = sprintf("%s, %s", _signal_name($sig), _sighandler_str($handler)) } -probe syscall.signal.return = kernel.function("sys_signal").return ? { +probe syscall.signal.return = kernel.function("SyS_signal").return !, + kernel.function("sys_signal").return ? { name = "signal" retstr = returnstr(1) } @@ -2190,11 +2357,13 @@ probe syscall.signal.return = kernel.function("sys_signal").return ? { # long compat_sys_signalfd(int ufd, const compat_sigset_t __user *sigmask, # compat_size_t sigsetsize) # -probe syscall.signalfd = kernel.function("sys_signalfd") ? { +probe syscall.signalfd = kernel.function("SyS_signalfd") !, + kernel.function("sys_signalfd") ? { name = "signalfd" argstr = sprintf("%d, %p, %d", $ufd, $user_mask, $sizemask) } -probe syscall.signalfd.return = kernel.function("sys_signalfd").return ? { +probe syscall.signalfd.return = kernel.function("SyS_signalfd").return !, + kernel.function("sys_signalfd").return ? { name = "signalfd" retstr = returnstr(1) } @@ -2210,11 +2379,13 @@ probe syscall.compat_signalfd.return = kernel.function("compat_sys_signalfd").re # sigpending _________________________________________________ # long sys_sigpending(old_sigset_t __user *set) # -probe syscall.sigpending = kernel.function("sys_sigpending") ? { +probe syscall.sigpending = kernel.function("SyS_sigpending") !, + kernel.function("sys_sigpending") ? { name = "sigpending" argstr = sprintf("%p", $set) } -probe syscall.sigpending.return = kernel.function("sys_sigpending").return ? { +probe syscall.sigpending.return = kernel.function("SyS_sigpending").return !, + kernel.function("sys_sigpending").return ? { name = "sigpending" retstr = returnstr(1) } @@ -2222,7 +2393,8 @@ probe syscall.sigpending.return = kernel.function("sys_sigpending").return ? { # sigprocmask ________________________________________________ # long sys_sigprocmask(int how, old_sigset_t __user *set, old_sigset_t __user *oset) # -probe syscall.sigprocmask = kernel.function("sys_sigprocmask") ? +probe syscall.sigprocmask = kernel.function("SyS_sigprocmask") !, + kernel.function("sys_sigprocmask") ? { name = "sigprocmask" how = $how @@ -2231,7 +2403,8 @@ probe syscall.sigprocmask = kernel.function("sys_sigprocmask") ? oldset_uaddr = $oset argstr = sprintf("%s, %p, %p", how_str, $set, $oset) } -probe syscall.sigprocmask.return = kernel.function("sys_sigprocmask").return ? +probe syscall.sigprocmask.return = kernel.function("SyS_sigprocmask").return !, + kernel.function("sys_sigprocmask").return ? { name = "sigprocmask" retstr = returnstr(1) @@ -2275,7 +2448,8 @@ probe syscall.sigsuspend.return = # socket _____________________________________________________ # long sys_socket(int family, int type, int protocol) # -probe syscall.socket = kernel.function("sys_socket") ? { +probe syscall.socket = kernel.function("SyS_socket") !, + kernel.function("sys_socket") ? { name = "socket" family = $family type = $type @@ -2284,7 +2458,8 @@ probe syscall.socket = kernel.function("sys_socket") ? { _sock_type_str($type), $protocol) } -probe syscall.socket.return = kernel.function("sys_socket").return ? { +probe syscall.socket.return = kernel.function("SyS_socket").return !, + kernel.function("sys_socket").return ? { name = "socket" retstr = returnstr(1) } @@ -2311,7 +2486,8 @@ probe syscall.socket.return = kernel.function("sys_socket").return ? { # int protocol, # int __user *usockvec) # -probe syscall.socketpair = kernel.function("sys_socketpair") ? { +probe syscall.socketpair = kernel.function("SyS_socketpair") !, + kernel.function("sys_socketpair") ? { name = "socketpair" family = $family type = $type @@ -2322,7 +2498,8 @@ probe syscall.socketpair = kernel.function("sys_socketpair") ? { _sock_type_str($type), $protocol, sv_uaddr) } -probe syscall.socketpair.return = kernel.function("sys_socketpair").return ? { +probe syscall.socketpair.return = kernel.function("SyS_socketpair").return !, + kernel.function("sys_socketpair").return ? { name = "socketpair" retstr = returnstr(1) } @@ -2333,12 +2510,14 @@ probe syscall.socketpair.return = kernel.function("sys_socketpair").return ? { # int fd_out, loff_t __user *off_out, # size_t len, unsigned int flags) # -probe syscall.splice = kernel.function("sys_splice") ? { +probe syscall.splice = kernel.function("SyS_splice") !, + kernel.function("sys_splice") ? { name = "splice" argstr = sprintf("%d, %p, %d, %p, %d, 0x%x", $fd_in, $off_in, $fd_out, $off_out, $len, $flags) } -probe syscall.splice.return = kernel.function("sys_splice").return ? { +probe syscall.splice.return = kernel.function("SyS_splice").return !, + kernel.function("sys_splice").return ? { name = "splice" retstr = returnstr(1) } @@ -2347,12 +2526,14 @@ probe syscall.splice.return = kernel.function("sys_splice").return ? { # # long sys_ssetmask(int newmask) # -probe syscall.ssetmask = kernel.function("sys_ssetmask") ? { +probe syscall.ssetmask = kernel.function("SyS_ssetmask") !, + kernel.function("sys_ssetmask") ? { name = "ssetmask" newmask = $newmask argstr = sprint($newmask) } -probe syscall.ssetmask.return = kernel.function("sys_ssetmask").return ? { +probe syscall.ssetmask.return = kernel.function("SyS_ssetmask").return !, + kernel.function("sys_ssetmask").return ? { name = "ssetmask" retstr = returnstr(1) } @@ -2365,8 +2546,10 @@ probe syscall.ssetmask.return = kernel.function("sys_ssetmask").return ? { # long compat_sys_newstat(char __user * filename, struct compat_stat __user *statbuf) probe syscall.stat = kernel.function("sys_stat") ?, + kernel.function("SyS_newstat") ?, kernel.function("sys_newstat") ?, kernel.function("sys32_stat64") ?, + kernel.function("SyS_stat64") ?, kernel.function("sys_stat64") ?, kernel.function("sys_oabi_stat64") ?, kernel.function("compat_sys_newstat") ? @@ -2379,8 +2562,10 @@ probe syscall.stat = } probe syscall.stat.return = kernel.function("sys_stat").return ?, + kernel.function("SyS_newstat").return ?, kernel.function("sys_newstat").return ?, kernel.function("sys32_stat64").return ?, + kernel.function("SyS_stat64").return ?, kernel.function("sys_stat64").return ?, kernel.function("sys_oabi_stat64").return ?, kernel.function("compat_sys_newstat").return ? @@ -2394,8 +2579,9 @@ probe syscall.stat.return = # long compat_sys_statfs(const char __user *path, struct compat_statfs __user *buf) # probe syscall.statfs = - kernel.function("sys_statfs"), - kernel.function("compat_sys_statfs") ? + kernel.function("compat_sys_statfs") ?, + kernel.function("SyS_statfs") !, + kernel.function("sys_statfs") ? { name = "statfs" buf_uaddr = $buf @@ -2409,8 +2595,9 @@ probe syscall.statfs = } probe syscall.statfs.return = - kernel.function("sys_statfs").return, - kernel.function("compat_sys_statfs").return ? + kernel.function("compat_sys_statfs").return ?, + kernel.function("SyS_statfs").return !, + kernel.function("sys_statfs").return ? { name = "statfs" retstr = returnstr(1) @@ -2422,8 +2609,9 @@ probe syscall.statfs.return = # long compat_sys_statfs64(const char __user *path, compat_size_t sz, struct compat_statfs64 __user *buf) # probe syscall.statfs64 = - kernel.function("sys_statfs64") ?, - kernel.function("compat_sys_statfs64") ? + kernel.function("compat_sys_statfs64") ?, + kernel.function("SyS_statfs64") !, + kernel.function("sys_statfs64") ? { name = "statfs" sz = $sz @@ -2438,8 +2626,9 @@ probe syscall.statfs64 = } probe syscall.statfs64.return = - kernel.function("sys_statfs64").return ?, - kernel.function("compat_sys_statfs64").return ? + kernel.function("compat_sys_statfs64").return ?, + kernel.function("SyS_statfs64").return !, + kernel.function("sys_statfs64").return ? { name = "statfs" retstr = returnstr(1) @@ -2451,8 +2640,9 @@ probe syscall.statfs64.return = # long compat_sys_stime(compat_time_t __user *tptr) # probe syscall.stime = - kernel.function("sys_stime") ?, - kernel.function("compat_sys_stime") ? + kernel.function("compat_sys_stime") ?, + kernel.function("SyS_stime") !, + kernel.function("sys_stime") ? { name = "stime" t_uaddr = $tptr @@ -2460,8 +2650,9 @@ probe syscall.stime = argstr = sprintf("%p", $tptr) } probe syscall.stime.return = - kernel.function("sys_stime").return ?, - kernel.function("compat_sys_stime").return ? + kernel.function("compat_sys_stime").return ?, + kernel.function("SyS_stime").return !, + kernel.function("sys_stime").return ? { name = "stime" retstr = returnstr(1) @@ -2472,12 +2663,14 @@ probe syscall.stime.return = # asmlinkage long # sys_swapoff(const char __user * specialfile) # -probe syscall.swapoff = kernel.function("sys_swapoff")? { +probe syscall.swapoff = kernel.function("SyS_swapoff") !, + kernel.function("sys_swapoff") ? { name = "swapoff" path = user_string($specialfile) argstr = user_string_quoted($specialfile) } -probe syscall.swapoff.return = kernel.function("sys_swapoff").return ? { +probe syscall.swapoff.return = kernel.function("SyS_swapoff").return !, + kernel.function("sys_swapoff").return ? { name = "swapoff" retstr = returnstr(1) } @@ -2487,13 +2680,15 @@ probe syscall.swapoff.return = kernel.function("sys_swapoff").return ? { # sys_swapon(const char __user * specialfile, # int swap_flags) # -probe syscall.swapon = kernel.function("sys_swapon") ? { +probe syscall.swapon = kernel.function("SyS_swapon") !, + kernel.function("sys_swapon") ? { name = "swapon" path = user_string($specialfile) swapflags = $swap_flags argstr = sprintf("%s, %d", user_string_quoted($specialfile), swapflags) } -probe syscall.swapon.return = kernel.function("sys_swapon").return ? { +probe syscall.swapon.return = kernel.function("SyS_swapon").return !, + kernel.function("sys_swapon").return ? { name = "swapon" retstr = returnstr(1) } @@ -2501,14 +2696,16 @@ probe syscall.swapon.return = kernel.function("sys_swapon").return ? { # symlink ____________________________________________________ # long sys_symlink(const char __user * oldname, # const char __user * newname) -probe syscall.symlink = kernel.function("sys_symlink") { +probe syscall.symlink = kernel.function("SyS_symlink") !, + kernel.function("sys_symlink") { name = "symlink" oldpath = user_string($oldname) newpath = user_string($newname) argstr = sprintf("%s, %s", user_string_quoted($oldname), user_string_quoted($newname)) } -probe syscall.symlink.return = kernel.function("sys_symlink").return { +probe syscall.symlink.return = kernel.function("SyS_symlink").return !, + kernel.function("sys_symlink").return { name = "symlink" retstr = returnstr(1) } @@ -2517,7 +2714,8 @@ probe syscall.symlink.return = kernel.function("sys_symlink").return { # new function with 2.6.16 # long sys_symlinkat(const char __user *oldname, int newdfd, # const char __user *newname) -probe syscall.symlinkat = kernel.function("sys_symlinkat") ? { +probe syscall.symlinkat = kernel.function("SyS_symlinkat") !, + kernel.function("sys_symlinkat") ? { name = "symlinkat" oldname = $oldname oldname_str = user_string($oldname) @@ -2528,7 +2726,8 @@ probe syscall.symlinkat = kernel.function("sys_symlinkat") ? { argstr = sprintf("%s, %s, %s", user_string_quoted($oldname), newdfd_str, user_string_quoted($newname)) } -probe syscall.symlinkat.return = kernel.function("sys_symlinkat").return ? { +probe syscall.symlinkat.return = kernel.function("SyS_symlinkat").return !, + kernel.function("sys_symlinkat").return ? { name = "symlinkat" retstr = returnstr(1) } @@ -2551,15 +2750,17 @@ probe syscall.sync.return = kernel.function("sys_sync").return { # long sys_sysctl(struct __sysctl_args __user *args) # probe syscall.sysctl = - kernel.function("sys_sysctl") ?, - kernel.function("compat_sys_sysctl") ? + kernel.function("compat_sys_sysctl") ?, + kernel.function("SyS_sysctl") !, + kernel.function("sys_sysctl") ? { name = "sysctl" argstr = sprintf("%p", $args) } probe syscall.sysctl.return = - kernel.function("sys_sysctl").return ?, - kernel.function("compat_sys_sysctl").return ? + kernel.function("compat_sys_sysctl").return ?, + kernel.function("SyS_sysctl").return !, + kernel.function("sys_sysctl").return ? { name = "sysctl" retstr = returnstr(1) @@ -2572,7 +2773,8 @@ probe syscall.sysctl.return = # unsigned long arg1, # unsigned long arg2) # -probe syscall.sysfs = kernel.function("sys_sysfs") { +probe syscall.sysfs = kernel.function("SyS_sysfs") !, + kernel.function("sys_sysfs") { name = "sysfs" option = $option arg1 = $arg1 @@ -2586,7 +2788,8 @@ probe syscall.sysfs = kernel.function("sys_sysfs") { else argstr = sprintf("%d, %d, %d", $option, $arg1, $arg2) } -probe syscall.sysfs.return = kernel.function("sys_sysfs").return { +probe syscall.sysfs.return = kernel.function("SyS_sysfs").return !, + kernel.function("sys_sysfs").return { name = "sysfs" retstr = returnstr(1) } @@ -2595,16 +2798,18 @@ probe syscall.sysfs.return = kernel.function("sys_sysfs").return { # long sys_sysinfo(struct sysinfo __user *info) # long compat_sys_sysinfo(struct compat_sysinfo __user *info) probe syscall.sysinfo = - kernel.function("sys_sysinfo"), - kernel.function("compat_sys_sysinfo") ? + kernel.function("compat_sys_sysinfo") ?, + kernel.function("SyS_sysinfo") !, + kernel.function("sys_sysinfo") { name = "sysinfo" info_uaddr = $info argstr = sprintf("%p", $info) } probe syscall.sysinfo.return = - kernel.function("sys_sysinfo").return, - kernel.function("compat_sys_sysinfo").return ? + kernel.function("compat_sys_sysinfo").return ?, + kernel.function("SyS_sysinfo").return !, + kernel.function("sys_sysinfo").return { name = "sysinfo" retstr = returnstr(1) @@ -2614,14 +2819,16 @@ probe syscall.sysinfo.return = # # long sys_syslog(int type, char __user * buf, int len) # -probe syscall.syslog = kernel.function("sys_syslog") { +probe syscall.syslog = kernel.function("SyS_syslog") !, + kernel.function("sys_syslog") { name = "syslog" type = $type bufp_uaddr = $buf len = $len argstr = sprintf("%d, %p, %d", $type, $buf, $len) } -probe syscall.syslog.return = kernel.function("sys_syslog").return { +probe syscall.syslog.return = kernel.function("SyS_syslog").return !, + kernel.function("sys_syslog").return { name = "syslog" retstr = returnstr(1) } @@ -2630,11 +2837,13 @@ probe syscall.syslog.return = kernel.function("sys_syslog").return { # # long sys_tee(int fdin, int fdout, size_t len, unsigned int flags) # -probe syscall.tee = kernel.function("sys_tee") ? { +probe syscall.tee = kernel.function("SyS_tee") !, + kernel.function("sys_tee") ? { name = "tee" argstr = sprintf("%d, %d, %d, 0x%x", $fdin, $fdout, $len, $flags) } -probe syscall.tee.return = kernel.function("sys_tee").return ? { +probe syscall.tee.return = kernel.function("SyS_tee").return !, + kernel.function("sys_tee").return ? { name = "tee" retstr = returnstr(1) } @@ -2646,14 +2855,16 @@ probe syscall.tee.return = kernel.function("sys_tee").return ? { # int pid, # int sig) # -probe syscall.tgkill = kernel.function("sys_tgkill") { +probe syscall.tgkill = kernel.function("SyS_tgkill") !, + kernel.function("sys_tgkill") { name = "tgkill" tgid = $tgid pid = $pid sig = $sig argstr = sprintf("%d, %d, %s", $tgid, $pid, _signal_name($sig)) } -probe syscall.tgkill.return = kernel.function("sys_tgkill").return { +probe syscall.tgkill.return = kernel.function("SyS_tgkill").return !, + kernel.function("sys_tgkill").return { name = "tgkill" retstr = returnstr(1) } @@ -2665,20 +2876,22 @@ probe syscall.tgkill.return = kernel.function("sys_tgkill").return { # long compat_sys_time(compat_time_t __user * tloc) # probe syscall.time = - kernel.function("sys_time")?, kernel.function("sys32_time") ?, kernel.function("sys_time64") ?, - kernel.function("compat_sys_time") ? + kernel.function("compat_sys_time") ?, + kernel.function("SyS_time") !, + kernel.function("sys_time") ? { name = "time" t_uaddr = $tloc argstr = sprintf("%p", $tloc) } probe syscall.time.return = - kernel.function("sys_time").return?, kernel.function("sys32_time").return ?, kernel.function("sys_time64").return ?, - kernel.function("compat_sys_time").return ? + kernel.function("compat_sys_time").return ?, + kernel.function("SyS_time").return !, + kernel.function("sys_time").return ? { name = "time" retstr = returnstr(1) @@ -2690,7 +2903,8 @@ probe syscall.time.return = # struct sigevent __user *timer_event_spec, # timer_t __user * created_timer_id) # -probe syscall.timer_create = kernel.function("sys_timer_create") { +probe syscall.timer_create = kernel.function("SyS_timer_create") !, + kernel.function("sys_timer_create") { name = "timer_create" clockid = $which_clock clockid_str = _get_wc_str($which_clock) @@ -2699,6 +2913,7 @@ probe syscall.timer_create = kernel.function("sys_timer_create") { argstr = sprintf("%s, %p, %p", clockid_str, $timer_event_spec, $created_timer_id) } probe syscall.timer_create.return = + kernel.function("SyS_timer_create").return !, kernel.function("sys_timer_create").return { name = "timer_create" retstr = returnstr(1) @@ -2708,12 +2923,14 @@ probe syscall.timer_create.return = # # long sys_timer_delete(timer_t timer_id) # -probe syscall.timer_delete = kernel.function("sys_timer_delete") { +probe syscall.timer_delete = kernel.function("SyS_timer_delete") !, + kernel.function("sys_timer_delete") { name = "timer_delete" timerid = $timer_id argstr = sprint($timer_id) } -probe syscall.timer_delete.return = kernel.function("sys_timer_delete").return { +probe syscall.timer_delete.return = kernel.function("SyS_timer_delete").return !, + kernel.function("sys_timer_delete").return { name = "timer_delete" retstr = returnstr(1) } @@ -2722,12 +2939,14 @@ probe syscall.timer_delete.return = kernel.function("sys_timer_delete").return { # # long sys_timer_getoverrun(timer_t timer_id) # -probe syscall.timer_getoverrun = kernel.function("sys_timer_getoverrun") { +probe syscall.timer_getoverrun = kernel.function("SyS_timer_getoverrun") !, + kernel.function("sys_timer_getoverrun") { name = "timer_getoverrun" timerid = $timer_id argstr = sprint($timer_id) } probe syscall.timer_getoverrun.return = + kernel.function("SyS_timer_getoverrun").return !, kernel.function("sys_timer_getoverrun").return { name = "timer_getoverrun" retstr = returnstr(1) @@ -2738,13 +2957,15 @@ probe syscall.timer_getoverrun.return = # long sys_timer_gettime(timer_t timer_id, # struct itimerspec __user *setting) # -probe syscall.timer_gettime = kernel.function("sys_timer_gettime") { +probe syscall.timer_gettime = kernel.function("SyS_timer_gettime") !, + kernel.function("sys_timer_gettime") { name = "timer_gettime" timerid = $timer_id value_uaddr = $setting argstr = sprintf("%d, %p", $timer_id, $setting) } probe syscall.timer_gettime.return = + kernel.function("SyS_timer_gettime").return !, kernel.function("sys_timer_gettime").return { name = "timer_gettime" retstr = returnstr(1) @@ -2757,7 +2978,8 @@ probe syscall.timer_gettime.return = # const struct itimerspec __user *new_setting, # struct itimerspec __user *old_setting) # -probe syscall.timer_settime = kernel.function("sys_timer_settime") { +probe syscall.timer_settime = kernel.function("SyS_timer_settime") !, + kernel.function("sys_timer_settime") { name = "timer_settime" timerid = $timer_id flags = $flags @@ -2768,6 +2990,7 @@ probe syscall.timer_settime = kernel.function("sys_timer_settime") { $old_setting) } probe syscall.timer_settime.return = + kernel.function("SyS_timer_settime").return !, kernel.function("sys_timer_settime").return { name = "timer_settime" retstr = returnstr(1) @@ -2800,15 +3023,17 @@ probe syscall.timerfd.return = # long sys_times(struct tms __user * tbuf) # long compat_sys_times(struct compat_tms __user *tbuf) probe syscall.times = - kernel.function("sys_times") ?, - kernel.function("compat_sys_times") ? + kernel.function("compat_sys_times") ?, + kernel.function("SyS_times") !, + kernel.function("sys_times") ? { name = "times" argstr = sprintf("%p", $tbuf) } probe syscall.times.return = - kernel.function("sys_times").return ?, - kernel.function("compat_sys_times").return ? + kernel.function("compat_sys_times").return ?, + kernel.function("SyS_times").return !, + kernel.function("sys_times").return ? { name = "times" retstr = returnstr(1) @@ -2820,13 +3045,15 @@ probe syscall.times.return = # sys_tkill(int pid, # int sig) # -probe syscall.tkill = kernel.function("sys_tkill") { +probe syscall.tkill = kernel.function("SyS_tkill") !, + kernel.function("sys_tkill") { name = "tkill" pid = $pid sig = $sig argstr = sprintf("%d, %s", $pid, _signal_name($sig)) } -probe syscall.tkill.return = kernel.function("sys_tkill").return { +probe syscall.tkill.return = kernel.function("SyS_tkill").return !, + kernel.function("sys_tkill").return { name = "tkill" retstr = returnstr(1) } @@ -2836,14 +3063,18 @@ probe syscall.tkill.return = kernel.function("sys_tkill").return { # sys_truncate(const char __user * path, unsigned long length) # sys_truncate64(const char __user * path, loff_t length) # -probe syscall.truncate = kernel.function("sys_truncate")?, kernel.function("sys_truncate64") ? { +probe syscall.truncate = kernel.function("SyS_truncate") !, + kernel.function("sys_truncate") ?, + kernel.function("sys_truncate64") ? { name = "truncate" path_uaddr = $path path = user_string($path) length = $length argstr = sprintf("%s, %d", user_string_quoted($path), $length) } -probe syscall.truncate.return = kernel.function("sys_truncate").return ?, kernel.function("sys_truncate64").return ? { +probe syscall.truncate.return = kernel.function("SyS_truncate").return !, + kernel.function("sys_truncate").return ?, + kernel.function("sys_truncate64").return ? { name = "truncate" retstr = returnstr(1) } @@ -2865,12 +3096,14 @@ probe syscall.tux.return = kernel.function("sys_tux").return ? { # umask ______________________________________________________ # long sys_umask(int mask) # -probe syscall.umask = kernel.function("sys_umask") { +probe syscall.umask = kernel.function("SyS_umask") !, + kernel.function("sys_umask") { name = "umask" mask = $mask argstr = sprintf("%#o", $mask) } -probe syscall.umask.return = kernel.function("sys_umask").return { +probe syscall.umask.return = kernel.function("SyS_umask").return !, + kernel.function("sys_umask").return { name = "umask" retstr = returnstr(3) } @@ -2878,14 +3111,16 @@ probe syscall.umask.return = kernel.function("sys_umask").return { # umount _____________________________________________________ # long sys_umount(char __user * name, int flags) # -probe syscall.umount = kernel.function("sys_umount") { +probe syscall.umount = kernel.function("SyS_umount") !, + kernel.function("sys_umount") { name = "umount" target = user_string($name) flags = $flags flags_str = _umountflags_str($flags) argstr = sprintf("%s, %s", user_string_quoted($name), flags_str) } -probe syscall.umount.return = kernel.function("sys_umount").return { +probe syscall.umount.return = kernel.function("SyS_umount").return !, + kernel.function("sys_umount").return { name = "umount" retstr = returnstr(1) } @@ -2902,6 +3137,7 @@ probe syscall.uname = kernel.function("sys_olduname") ?, kernel.function("sys32_olduname") ?, kernel.function("sys32_uname") ?, + kernel.function("SyS_newuname") !, kernel.function("sys_newuname") ? { name = "uname" @@ -2913,6 +3149,7 @@ probe syscall.uname.return = kernel.function("sys_olduname").return ?, kernel.function("sys32_olduname").return ?, kernel.function("sys32_uname").return ?, + kernel.function("SyS_newuname").return !, kernel.function("sys_newuname").return ? { name = "uname" @@ -2922,13 +3159,15 @@ probe syscall.uname.return = # unlink _____________________________________________________ # long sys_unlink(const char __user * pathname) # -probe syscall.unlink = kernel.function("sys_unlink") { +probe syscall.unlink = kernel.function("SyS_unlink") !, + kernel.function("sys_unlink") { name = "unlink" pathname_uaddr = $pathname pathname = user_string($pathname) argstr = user_string_quoted($pathname) } -probe syscall.unlink.return = kernel.function("sys_unlink").return { +probe syscall.unlink.return = kernel.function("SyS_unlink").return !, + kernel.function("sys_unlink").return { name = "unlink" retstr = returnstr(1) } @@ -2937,7 +3176,8 @@ probe syscall.unlink.return = kernel.function("sys_unlink").return { # new function with 2.6.16 # long sys_unlinkat(int dfd, const char __user *pathname, # int flag) -probe syscall.unlinkat = kernel.function("sys_unlinkat") ? { +probe syscall.unlinkat = kernel.function("SyS_unlinkat") !, + kernel.function("sys_unlinkat") ? { name = "unlinkat" dfd = $dfd dfd_str = _dfd_str($dfd) @@ -2947,7 +3187,8 @@ probe syscall.unlinkat = kernel.function("sys_unlinkat") ? { flag_str = _at_flag_str($flag) argstr = sprintf("%s, %s, %s", dfd_str, user_string_quoted($pathname), flag_str) } -probe syscall.unlinkat.return = kernel.function("sys_unlinkat").return ? { +probe syscall.unlinkat.return = kernel.function("SyS_unlinkat").return !, + kernel.function("sys_unlinkat").return ? { name = "unlinkat" retstr = returnstr(1) } @@ -2955,12 +3196,14 @@ probe syscall.unlinkat.return = kernel.function("sys_unlinkat").return ? { # unshare ____________________________________________________ # new function with 2.6.16 # long sys_unshare(unsigned long unshare_flags) -probe syscall.unshare = kernel.function("sys_unshare") ? { +probe syscall.unshare = kernel.function("SyS_unshare") !, + kernel.function("sys_unshare") ? { name = "unshare" unshare_flags = $unshare_flags argstr = __fork_flags(unshare_flags) } -probe syscall.unshare.return = kernel.function("sys_unshare").return ? { +probe syscall.unshare.return = kernel.function("SyS_unshare").return !, + kernel.function("sys_unshare").return ? { name = "unshare" retstr = returnstr(1) } @@ -2970,20 +3213,23 @@ probe syscall.unshare.return = kernel.function("sys_unshare").return ? { # asmlinkage long # sys_uselib(const char __user * library) # -probe syscall.uselib = kernel.function("sys_uselib") { +probe syscall.uselib = kernel.function("SyS_uselib") !, + kernel.function("sys_uselib") { name = "uselib" library_uaddr = $library library = user_string($library) argstr = user_string_quoted($library) } -probe syscall.uselib.return = kernel.function("sys_uselib").return { +probe syscall.uselib.return = kernel.function("SyS_uselib").return !, + kernel.function("sys_uselib").return { name = "uselib" retstr = returnstr(1) } # ustat ______________________________________________________ # long sys_ustat(unsigned dev, struct ustat __user * ubuf) # -probe syscall.ustat = kernel.function("sys_ustat") { +probe syscall.ustat = kernel.function("SyS_ustat") !, + kernel.function("sys_ustat") { name = "ustat" dev = $dev ubuf_uaddr = $ubuf @@ -2998,7 +3244,8 @@ probe syscall.ustat32 = kernel.function("sys32_ustat") ? { } probe syscall.ustat.return = - kernel.function("sys_ustat").return, + kernel.function("SyS_ustat").return ?, + kernel.function("sys_ustat").return?, kernel.function("sys32_ustat").return ? { name = "ustat" @@ -3007,7 +3254,8 @@ probe syscall.ustat.return = # utime ______________________________________________________ # long sys_utime(char __user * filename, struct utimbuf __user * times) -probe syscall.utime = kernel.function("sys_utime") ? { +probe syscall.utime = kernel.function("SyS_utime") !, + kernel.function("sys_utime") ? { name = "utime" filename_uaddr = $filename filename = user_string($filename) @@ -3017,7 +3265,8 @@ probe syscall.utime = kernel.function("sys_utime") ? { argstr = sprintf("%s, [%s, %s]", user_string_quoted($filename), ctime(actime), ctime(modtime)) } -probe syscall.utime.return = kernel.function("sys_utime").return ? { +probe syscall.utime.return = kernel.function("SyS_utime").return !, + kernel.function("sys_utime").return ? { name = "utime" retstr = returnstr(1) } @@ -3042,7 +3291,8 @@ probe syscall.compat_utime.return = kernel.function("compat_sys_utime").return ? # # long sys_utimes(char __user * filename, struct timeval __user * utimes) # -probe syscall.utimes = kernel.function("sys_utimes") { +probe syscall.utimes = kernel.function("SyS_utimes") !, + kernel.function("sys_utimes") { name = "utimes" filename_uaddr = $filename filename = user_string($filename) @@ -3050,7 +3300,8 @@ probe syscall.utimes = kernel.function("sys_utimes") { argstr = sprintf("%s, %s", user_string_quoted($filename), _struct_timeval_u($utimes, 2)) } -probe syscall.utimes.return = kernel.function("sys_utimes").return { +probe syscall.utimes.return = kernel.function("SyS_utimes").return !, + kernel.function("sys_utimes").return { name = "utimes" retstr = returnstr(1) } @@ -3073,7 +3324,8 @@ probe syscall.compat_sys_utimes.return = kernel.function("compat_sys_utimes").re # long sys_utimensat(int dfd, char __user *filename, struct timespec __user *utimes, int flags) # long compat_sys_utimensat(unsigned int dfd, char __user *filename, struct compat_timespec __user *t, int flags) # -probe syscall.utimensat = kernel.function("sys_utimensat") ? { +probe syscall.utimensat = kernel.function("SyS_utimensat") !, + kernel.function("sys_utimensat") ? { name = "utimensat" argstr = sprintf("%s, %s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), _struct_timespec_u($utimes,2), _at_flag_str($flags)) @@ -3083,7 +3335,8 @@ probe syscall.compat_utimensat = kernel.function("compat_sys_utimensat") ? { argstr = sprintf("%s, %s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), _struct_compat_timespec_u($t,2), _at_flag_str($flags)) } -probe syscall.utimensat.return = kernel.function("sys_utimensat").return ? { +probe syscall.utimensat.return = kernel.function("SyS_utimensat").return !, + kernel.function("sys_utimensat").return ? { name = "utimensat" retstr = returnstr(1) } @@ -3113,7 +3366,8 @@ probe syscall.vhangup.return = kernel.function("sys_vhangup").return { # long compat_sys_vmsplice(int fd, const struct compat_iovec __user *iov32, # unsigned int nr_segs, unsigned int flags) # -probe syscall.vmsplice = kernel.function("sys_vmsplice") ? { +probe syscall.vmsplice = kernel.function("SyS_vmsplice") !, + kernel.function("sys_vmsplice") ? { name = "vmsplice" argstr = sprintf("%d, %p, %d, 0x%x", $fd, $iov, $nr_segs, $flags) } @@ -3121,7 +3375,8 @@ probe syscall.compat_vmsplice = kernel.function("compat_sys_vmsplice") ? { name = "vmsplice" argstr = sprintf("%d, %p, %d, 0x%x", $fd, $iov32, $nr_segs, $flags) } -probe syscall.vmsplice.return = kernel.function("sys_vmsplice").return ? { +probe syscall.vmsplice.return = kernel.function("SyS_vmsplice").return !, + kernel.function("sys_vmsplice").return ? { name = "vmsplice" retstr = returnstr(1) } @@ -3137,7 +3392,8 @@ probe syscall.compat_vmsplice.return = kernel.function("compat_sys_vmsplice").re # int options, # struct rusage __user *ru) # -probe syscall.wait4 = kernel.function("sys_wait4") { +probe syscall.wait4 = kernel.function("SyS_wait4") !, + kernel.function("sys_wait4") { name = "wait4" pid = %( kernel_vr >= "2.6.25" %? $upid %: $pid%) status_uaddr = $stat_addr @@ -3148,7 +3404,8 @@ probe syscall.wait4 = kernel.function("sys_wait4") { %( kernel_vr >= "2.6.25" %? $upid %: $pid%), $stat_addr,_wait4_opt_str($options), $ru) } -probe syscall.wait4.return = kernel.function("sys_wait4").return { +probe syscall.wait4.return = kernel.function("SyS_wait4").return !, + kernel.function("sys_wait4").return { name = "wait4" retstr = returnstr(1) } @@ -3160,7 +3417,8 @@ probe syscall.wait4.return = kernel.function("sys_wait4").return { # int options, # struct rusage __user *ru) # -probe syscall.waitid = kernel.function("sys_waitid") { +probe syscall.waitid = kernel.function("SyS_waitid") !, + kernel.function("sys_waitid") { name = "waitid" pid = %( kernel_vr >= "2.6.25" %? $upid %: $pid%) which = $which @@ -3173,7 +3431,8 @@ probe syscall.waitid = kernel.function("sys_waitid") { %( kernel_vr >= "2.6.25" %? $upid %: $pid%), $infop, _waitid_opt_str($options), $ru) } -probe syscall.waitid.return = kernel.function("sys_waitid").return { +probe syscall.waitid.return = kernel.function("SyS_waitid").return !, + kernel.function("sys_waitid").return { name = "waitid" retstr = returnstr(1) } @@ -3185,7 +3444,8 @@ probe syscall.waitid.return = kernel.function("sys_waitid").return { # int options, # struct rusage __user *ru) # -probe syscall.waitpid = kernel.function("sys_wait4") { +probe syscall.waitpid = kernel.function("SyS_wait4") !, + kernel.function("sys_wait4") { name = "waitpid" pid = $pid status_uaddr = $stat_addr @@ -3195,7 +3455,8 @@ probe syscall.waitpid = kernel.function("sys_wait4") { argstr = sprintf("%d, %p, %s, %p", $pid, $stat_addr, options_str, $ru) } -probe syscall.waitpid.return = kernel.function("sys_wait4").return { +probe syscall.waitpid.return = kernel.function("SyS_wait4").return !, + kernel.function("sys_wait4").return { name = "waitpid" retstr = returnstr(1) } @@ -3207,14 +3468,16 @@ probe syscall.waitpid.return = kernel.function("sys_wait4").return { # const char __user * buf, # size_t count) # -probe syscall.write = kernel.function("sys_write") { +probe syscall.write = kernel.function("SyS_write") !, + kernel.function("sys_write") { name = "write" fd = $fd buf_uaddr = $buf count = $count argstr = sprintf("%d, %s, %d", $fd, text_strn(user_string($buf),syscall_string_trunc,1), $count) } -probe syscall.write.return = kernel.function("sys_write").return { +probe syscall.write.return = kernel.function("SyS_write").return !, + kernel.function("sys_write").return { name = "write" retstr = returnstr(1) } @@ -3229,8 +3492,9 @@ probe syscall.write.return = kernel.function("sys_write").return { # unsigned long vlen) # probe syscall.writev = - kernel.function("sys_writev"), - kernel.function("compat_sys_writev") ? + kernel.function("compat_sys_writev") ?, + kernel.function("SyS_writev") !, + kernel.function("sys_writev") { name = "writev" vector_uaddr = $vec @@ -3244,8 +3508,9 @@ probe syscall.writev = %) } probe syscall.writev.return = - kernel.function("sys_writev").return, - kernel.function("compat_sys_writev").return ? + kernel.function("compat_sys_writev").return ?, + kernel.function("SyS_writev").return !, + kernel.function("sys_writev").return { name = "writev" retstr = returnstr(1) diff --git a/tapset/task.stp b/tapset/task.stp index 684cef93..f1a10b0a 100644 --- a/tapset/task.stp +++ b/tapset/task.stp @@ -43,35 +43,55 @@ function task_parent:long (task:long) %{ /* pure */ // TASK_TRACED 8 // EXIT_ZOMBIE 16 // EXIT_DEAD 32 -function task_state:long (task:long) %{ /* pure */ - struct task_struct *t = (struct task_struct *)(long)THIS->task; - THIS->__retvalue = kread(&(t->state)); - CATCH_DEREF_FAULT(); -%} +function task_state:long (task:long) +{ + return @cast(task, "task_struct", "kernel")->state +} // Return the name of the given task -function task_execname:string (task:long) %{ /* pure */ - struct task_struct *t = (struct task_struct *)(long)THIS->task; - deref_string(THIS->__retvalue, t->comm, MAXSTRINGLEN); - CATCH_DEREF_FAULT(); -%} +function task_execname:string (task:long) +{ + return kernel_string(@cast(task, "task_struct", "kernel")->comm) +} // Return the process id of the given task -function task_pid:long (task:long) %{ /* pure */ - struct task_struct *t = (struct task_struct *)(long)THIS->task; - THIS->__retvalue = kread(&(t->tgid)); +function task_pid:long (task:long) +{ + return @cast(task, "task_struct", "kernel")->tgid +} + + +// Return the task of the given process id +function pid2task:long (pid:long) %{ /* pure */ + struct task_struct *t = NULL; + pid_t t_pid = (pid_t)(long)THIS->pid; + rcu_read_lock(); +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24) + t = find_task_by_vpid (t_pid); +#else + t = find_task_by_pid (t_pid); +#endif + rcu_read_unlock(); + THIS->__retvalue = (long)t; CATCH_DEREF_FAULT(); %} +// Return the name of the given process id +function pid2execname:string (pid:long) { + tsk = pid2task(pid) + if (tsk) + return task_execname(tsk) + return "" +} + // Return the thread id of the given task -function task_tid:long (task:long) %{ /* pure */ - struct task_struct *t = (struct task_struct *)(long)THIS->task; - THIS->__retvalue = kread(&(t->pid)); - CATCH_DEREF_FAULT(); -%} +function task_tid:long (task:long) +{ + return @cast(task, "task_struct", "kernel")->pid +} // Return the group id of the given task @@ -156,22 +176,14 @@ function task_nice:long (task:long) %{ /* pure */ // Return the scheduled cpu for the given task function task_cpu:long (task:long) +{ %( kernel_v >= "2.6.22" %? -%{ /* pure */ - struct task_struct *t = (struct task_struct *)(long)THIS->task; - struct thread_info *ti = kread(&(t->stack)); - THIS->__retvalue = kread(&(ti->cpu)); - CATCH_DEREF_FAULT(); -%} + ti = @cast(task, "task_struct", "kernel")->stack %: -%{ /* pure */ - struct task_struct *t = (struct task_struct *)(long)THIS->task; - struct thread_info *ti = kread(&(t->thread_info)); - THIS->__retvalue = kread(&(ti->cpu)); - CATCH_DEREF_FAULT(); -%} + ti = @cast(task, "task_struct", "kernel")->thread_info %) - + return @cast(ti, "thread_info", "kernel")->cpu +} // Return the number of open file handlers for the given task function task_open_file_handles:long (task:long) diff --git a/tapset/tcp.stp b/tapset/tcp.stp index 995d6abc..1375f115 100644 --- a/tapset/tcp.stp +++ b/tapset/tcp.stp @@ -7,7 +7,9 @@ // redistribute it and/or modify it under the terms of the GNU General // Public License (GPL); either version 2, or (at your option) any // later version. - +// <tapsetdescription> +// This family of probe points is used to probe events that occur in the TCP layer, +// </tapsetdescription> %{ #include <linux/version.h> #include <net/sock.h> diff --git a/tapset/timestamp.stp b/tapset/timestamp.stp index 29763cb9..0b9d350a 100644 --- a/tapset/timestamp.stp +++ b/tapset/timestamp.stp @@ -6,11 +6,11 @@ // redistribute it and/or modify it under the terms of the GNU General // Public License (GPL); either version 2, or (at your option) any // later version. - -%{ -#include <linux/time.h> -%} - +// <tapsetdescription> +// Each timestamp function returns a value to indicate when a function is executed. These +//returned values can then be used to indicate when an event occurred, provide an ordering for events, +//or compute the amount of time elapsed between two time stamps. +// </tapsetdescription> /** * sfunction get_cycles - Processor cycle count. * @@ -21,43 +21,4 @@ function get_cycles:long () %{ /* pure */ THIS->__retvalue = (int64_t) c; %} - -/** - * sfunction gettimeofday_ns - Number of nanoseconds since UNIX epoch. - * - * Return the number of nanoseconds since the UNIX epoch. - */ -function gettimeofday_ns:long () %{ /* pure */ - /* NOTE: we can't use do_gettimeofday because we could be called from a - * context where xtime_lock is already held. See bug #2525. */ - THIS->__retvalue = _stp_gettimeofday_ns(); -%} - -/** - * sfunction gettimeofday_us - Number of microseconds since UNIX epoch. - * - * Return the number of microseconds since the UNIX epoch. - */ -function gettimeofday_us:long () { - return gettimeofday_ns() / 1000; -} - -/** - * sfunction gettimeofday_ms - Number of milliseconds since UNIX epoch. - * - * Return the number of milliseconds since the UNIX epoch. - */ -function gettimeofday_ms:long () { - return gettimeofday_ns() / 1000000; -} - -/** - * sfunction gettimeofday_s - Number of seconds since UNIX epoch. - * - * Return the number of seconds since the UNIX epoch. - */ -function gettimeofday_s:long () { - return gettimeofday_ns() / 1000000000; -} - // likewise jiffies, monotonic_clock ... diff --git a/tapset/timestamp_gtod.stp b/tapset/timestamp_gtod.stp new file mode 100644 index 00000000..43b127dc --- /dev/null +++ b/tapset/timestamp_gtod.stp @@ -0,0 +1,68 @@ +// timestamp tapset -- gettimeofday variants +// Copyright (C) 2005-2009 Red Hat Inc. +// Copyright (C) 2006 Intel Corporation. +// +// This file is part of systemtap, and is free software. You can +// redistribute it and/or modify it under the terms of the GNU General +// Public License (GPL); either version 2, or (at your option) any +// later version. + +function _gettimeofday_init:long() %{ + THIS->__retvalue = _stp_init_time(); /* Kick off the Big Bang. */ +%} + +probe begin(-0x8000000000000000) { + if (_gettimeofday_init() != 0) + error("couldn't initialize gettimeofday") +} + +function _gettimeofday_kill() %{ + _stp_kill_time(); /* Go to a beach. Drink a beer. */ +%} + +probe end(0x7FFFFFFFFFFFFFFF), error(0x7FFFFFFFFFFFFFFF) { + _gettimeofday_kill() +} + + +/** + * sfunction gettimeofday_ns - Number of nanoseconds since UNIX epoch. + * + * Return the number of nanoseconds since the UNIX epoch. + */ +function gettimeofday_ns:long () %{ /* pure */ + /* NOTE: we can't use do_gettimeofday because we could be called from a + * context where xtime_lock is already held. See bug #2525. */ + THIS->__retvalue = _stp_gettimeofday_ns(); + if (THIS->__retvalue < 0) + CONTEXT->last_error = "gettimeofday not initialized"; +%} + +/** + * sfunction gettimeofday_us - Number of microseconds since UNIX epoch. + * + * Return the number of microseconds since the UNIX epoch. + */ +function gettimeofday_us:long () { + return gettimeofday_ns() / 1000; +} + +/** + * sfunction gettimeofday_ms - Number of milliseconds since UNIX epoch. + * + * Return the number of milliseconds since the UNIX epoch. + */ +function gettimeofday_ms:long () { + return gettimeofday_ns() / 1000000; +} + +/** + * sfunction gettimeofday_s - Number of seconds since UNIX epoch. + * + * Return the number of seconds since the UNIX epoch. + */ +function gettimeofday_s:long () { + return gettimeofday_ns() / 1000000000; +} + +// likewise jiffies, monotonic_clock ... diff --git a/tapset/udp.stp b/tapset/udp.stp index 707cf77d..2255074a 100644 --- a/tapset/udp.stp +++ b/tapset/udp.stp @@ -5,7 +5,9 @@ // redistribute it and/or modify it under the terms of the GNU General // Public License (GPL); either version 2, or (at your option) any // later version. - +// <tapsetdescription> +// This family of probe points is used to probe events that occur in the UDP layer. +// </tapsetdescription> %{ #include <linux/version.h> #include <net/sock.h> @@ -15,12 +17,12 @@ /** * probe udp.sendmsg - Fires whenever a process sends a UDP message - * @name: Name of this probe - * @sock: Network socket - * @size: Number of bytes to send + * @name: The name of this probe + * @sock: Network socket used by the process + * @size: Number of bytes sent by the process * * Context: - * The process which sends a udp message + * The process which sent a UDP message */ probe udp.sendmsg = kernel.function("udp_sendmsg") { name = "udp.sendmsg" @@ -30,11 +32,11 @@ probe udp.sendmsg = kernel.function("udp_sendmsg") { /** * probe udp.sendmsg.return - Fires whenever an attempt to send a UDP message is completed - * @name: Name of this probe - * @size: Number of bytes sent + * @name: The name of this probe + * @size: Number of bytes sent by the process * * Context: - * The process which sends a udp message + * The process which sent a UDP message */ probe udp.sendmsg.return = kernel.function("udp_sendmsg").return { name = "udp.sendmsg" @@ -43,12 +45,12 @@ probe udp.sendmsg.return = kernel.function("udp_sendmsg").return { /** * probe udp.recvmsg - Fires whenever a UDP message is received - * @name: Name of this probe - * @sock: Network socket - * @size: Number of bytes received + * @name: The name of this probe + * @sock: Network socket used by the process + * @size: Number of bytes received by the process * * Context: - * The process which receives a udp message + * The process which received a UDP message */ probe udp.recvmsg = kernel.function("udp_recvmsg") { name = "udp.recvmsg" @@ -57,12 +59,12 @@ probe udp.recvmsg = kernel.function("udp_recvmsg") { } /** - * probe udp.recvmsg.return - An attempt to receive a UDP message received has been completed - * @name: Name of this probe - * @size: Number of bytes received + * probe udp.recvmsg.return - Fires whenever an attempt to receive a UDP message received is completed + * @name: The name of this probe + * @size: Number of bytes received by the process * * Context: - * The process which receives a udp message + * The process which received a UDP message */ probe udp.recvmsg.return = kernel.function("udp_recvmsg").return { name = "udp.recvmsg" @@ -70,13 +72,13 @@ probe udp.recvmsg.return = kernel.function("udp_recvmsg").return { } /** - * probe udp.disconnect - A process requests for UPD to be UDP disconnected - * @name: Name of this probe - * @sock: Network socket + * probe udp.disconnect - Fires when a process requests for a UDP disconnection + * @name: The name of this probe + * @sock: Network socket used by the process * @flags: Flags (e.g. FIN, etc) * * Context: - * The process which disconnects UDP + * The process which requests a UDP disconnection */ probe udp.disconnect = kernel.function("udp_disconnect") { name = "udp.disconnect" @@ -86,11 +88,11 @@ probe udp.disconnect = kernel.function("udp_disconnect") { /** * probe udp.disconnect.return - UDP has been disconnected successfully - * @name: Name of this probe + * @name: The name of this probe * @ret: Error code (0: no error) * * Context: - * The process which disconnects udp + * The process which requested a UDP disconnection */ probe udp.disconnect.return = kernel.function("udp_disconnect").return { name = "udp.disconnect" diff --git a/tapset/vfs.stp b/tapset/vfs.stp index 43603177..23d95098 100644 --- a/tapset/vfs.stp +++ b/tapset/vfs.stp @@ -51,139 +51,93 @@ function ppos_pos:long (ppos:long) %{ /* pure */ CATCH_DEREF_FAULT(); %} -function __page_ino:long (page:long) %{ /* pure */ - struct page *page = (struct page *)(long)THIS->page; - struct address_space *mapping = page? kread(&(page->mapping)) : NULL; - if (mapping == NULL) { - THIS->__retvalue = -1; - } else { - struct inode *host = kread(&(mapping->host)); - THIS->__retvalue = kread(&(host->i_ino)); - } - CATCH_DEREF_FAULT(); -%} - -function __address_inode:long (page:long) %{ /* pure */ - struct page *page = (struct page *)(long)THIS->page; - struct address_space *mapping = kread(&(page->mapping)); - if (mapping == NULL) { - THIS->__retvalue = -1; - } else { - THIS->__retvalue = (long)kread(&(mapping->host)); - } - CATCH_DEREF_FAULT(); -%} +function __address_inode:long (page:long) +{ + mapping = page? @cast(page, "page", "kernel")->mapping : 0 + if (mapping == 0) + return -1 + else + return @cast(mapping, "address_space", "kernel")->host +} -function __page_dev:long (page:long) %{ /* pure */ - struct page *page = (struct page *)(long)THIS->page; - struct address_space *mapping = page? kread(&(page->mapping)) : NULL; - if (mapping == NULL) { - THIS->__retvalue = -1; - } else { - struct inode *host = kread(&(mapping->host)); - struct super_block *i_sb = kread(&(host->i_sb)); - THIS->__retvalue = kread(&(i_sb->s_dev)); - } - CATCH_DEREF_FAULT(); -%} +function __page_ino:long (page:long) +{ + host = __address_inode(page) + if (host == -1) + return -1 + else + return @cast(host, "inode", "kernel")->i_ino +} -function __page_bdev:long (page:long) %{ /* pure */ - struct page *page = (struct page *)(long)THIS->page; - struct address_space *mapping = page? kread(&(page->mapping)) : NULL; - if (mapping == NULL) { - THIS->__retvalue = 0; - } else { - struct inode *host = kread(&(mapping->host)); - struct super_block *i_sb = kread(&(host->i_sb)); - THIS->__retvalue = (long)kread(&(i_sb->s_bdev)); - } - CATCH_DEREF_FAULT(); -%} +function __page_dev:long (page:long) +{ + host = __address_inode(page) + if (host == -1) + return -1 + return @cast(host, "inode", "kernel")->i_sb->s_dev +} -function __page_index:long (page:long) %{ /* pure */ - struct page *page = (struct page *)(long)THIS->page; - THIS->__retvalue = (long)kread(&(page->index)); - CATCH_DEREF_FAULT(); -%} +function __page_bdev:long (page:long) +{ + host = __address_inode(page) + if (host == -1) + return 0 + return @cast(host, "inode", "kernel")->i_sb->s_bdev +} -function __file_dev:long (file:long) %{ /* pure */ - struct file *file = (struct file *)(long)THIS->file; - struct dentry *dentry = file? kread(&(file->f_dentry)) : NULL; - if (dentry == NULL) { - THIS->__retvalue = 0; - } else { - struct inode *d_inode = kread(&(dentry->d_inode)); - struct super_block *i_sb = kread(&(d_inode->i_sb)); - THIS->__retvalue = kread(&(i_sb->s_dev)); - } - CATCH_DEREF_FAULT(); -%} +function __page_index:long (page:long) +{ + return @cast(page, "page", "kernel")->index +} -function __file_bdev:long (file:long) %{ /* pure */ - struct file *file = (struct file *)(long)THIS->file; - struct dentry *dentry = file? kread(&(file->f_dentry)) : NULL; - if (dentry == NULL) { - THIS->__retvalue = 0; - } else { - struct inode *d_inode = kread(&(dentry->d_inode)); - struct super_block *i_sb = kread(&(d_inode->i_sb)); - THIS->__retvalue = (long)kread(&(i_sb->s_bdev)); - } - CATCH_DEREF_FAULT(); -%} +function __file_dev:long (file:long) +{ + d_inode = __file_inode(file) + if (d_inode == 0) + return 0 + return @cast(d_inode, "inode", "kernel")->i_sb->s_dev +} -function __file_ino:long (file:long) %{ /* pure */ - struct file *file = (struct file *)(long)THIS->file; - struct dentry *dentry = file? kread(&(file->f_dentry)) : NULL; - if (dentry == NULL) { - THIS->__retvalue = 0; - } else { - struct inode *d_inode = kread(&(dentry->d_inode)); - THIS->__retvalue = kread(&(d_inode->i_ino)); - } - CATCH_DEREF_FAULT(); -%} +function __file_bdev:long (file:long) +{ + d_inode = __file_inode(file) + if (d_inode == 0) + return 0 + return @cast(d_inode, "inode", "kernel")->i_sb->s_bdev +} -function __file_maxbytes:long (file:long) %{ /* pure */ - struct file *file = (struct file *)(long)THIS->file; - struct dentry *dentry = file? kread(&(file->f_dentry)) : NULL; - if (dentry == NULL) { - THIS->__retvalue = 0; - } else { - struct inode *d_inode = kread(&(dentry->d_inode)); - struct super_block *i_sb = kread(&(d_inode->i_sb)); - THIS->__retvalue = kread(&(i_sb->s_maxbytes)); - } - CATCH_DEREF_FAULT(); -%} +function __file_ino:long (file:long) +{ + d_inode = __file_inode(file) + if (d_inode == 0) + return 0 + return @cast(d_inode, "inode", "kernel")->i_ino +} -function __file_filename:string (file:long) %{ /* pure */ - struct file *file = (struct file *)(long)THIS->file; - struct dentry *dentry = file? kread(&(file->f_dentry)) : NULL; - const unsigned char *name = dentry? kread(&(dentry->d_name.name)) : NULL; - if (name == NULL) { - strlcpy(THIS->__retvalue, "NULL", MAXSTRINGLEN); - } else { - deref_string(THIS->__retvalue, name, MAXSTRINGLEN); - } - CATCH_DEREF_FAULT(); -%} +function __file_maxbytes:long (file:long) +{ + d_inode = __file_inode(file) + if (d_inode == 0) + return 0 + return @cast(d_inode, "inode", "kernel")->i_sb->s_maxbytes +} -function __inode_num:long(file:long) -%{ - struct file *file = NULL; - struct dentry *dentry = NULL; - struct inode *inode = NULL; - - file = (struct file *)(long)THIS->file; - dentry = file? kread(&(file->f_dentry)) : NULL; - inode = dentry? kread(&(dentry->d_inode)) : NULL; - THIS->__retvalue = inode? (long)(kread(&(inode->i_ino))) : 0; - CATCH_DEREF_FAULT(); -%} +function __file_filename:string (file:long) +{ +%( kernel_v >= "2.6.20" %? + dentry = file? @cast(file, "file", "kernel")->f_path->dentry : 0 +%: + dentry = file? @cast(file, "file", "kernel")->f_dentry : 0 +%) + name = dentry? @cast(dentry, "dentry", "kernel")->d_name->name : 0 + if (name == 0) + return "NULL" + else + return kernel_string(name) +} function _get_fopv_size:long (iov:long, nr_segs:long) -%{ +%{ /* pure */ struct iovec *iovp = (struct iovec *)(long)THIS->iov; if (iovp) { int i; diff --git a/tapset/x86_64/registers.stp b/tapset/x86_64/registers.stp index dd5eefb0..2e21f3eb 100644 --- a/tapset/x86_64/registers.stp +++ b/tapset/x86_64/registers.stp @@ -40,6 +40,16 @@ function _stp_register_regs() { function _stp_get_register_by_offset:long (offset:long) %{ /* pure */ long value; + if (!CONTEXT->regs) { + CONTEXT->last_error = "No registers available in this context"; + return; + } + if (THIS->offset < 0 || THIS->offset > sizeof(struct pt_regs) - sizeof(long)) { + snprintf(CONTEXT->error_buffer, sizeof(CONTEXT->error_buffer), + "Bad register offset: %lld", THIS->offset); + CONTEXT->last_error = CONTEXT->error_buffer; + return; + } memcpy(&value, ((char *)CONTEXT->regs) + THIS->offset, sizeof(value)); THIS->__retvalue = value; %} |