summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--dwflpp.cxx321
-rw-r--r--dwflpp.h26
-rw-r--r--runtime/task_finder.c182
-rw-r--r--tapset/nd_syscalls2.stp868
-rw-r--r--tapsets.cxx324
-rw-r--r--testsuite/systemtap.base/sdt.exp3
6 files changed, 1056 insertions, 668 deletions
diff --git a/dwflpp.cxx b/dwflpp.cxx
index d05bdb97..3af26053 100644
--- a/dwflpp.cxx
+++ b/dwflpp.cxx
@@ -66,7 +66,8 @@ static string TOK_KERNEL("kernel");
dwflpp::dwflpp(systemtap_session & session, const string& user_module):
sess(session), module(NULL), module_bias(0), mod_info(NULL),
module_start(0), module_end(0), cu(NULL), dwfl(NULL),
- module_dwarf(NULL), function(NULL)
+ module_dwarf(NULL), function(NULL), blacklist_enabled(false),
+ pc_cached_scopes(0), num_cached_scopes(0), cached_scopes(NULL)
{
if (user_module.empty())
setup_kernel();
@@ -77,6 +78,7 @@ dwflpp::dwflpp(systemtap_session & session, const string& user_module):
dwflpp::~dwflpp()
{
+ free(cached_scopes);
if (dwfl)
dwfl_end(dwfl);
}
@@ -165,6 +167,9 @@ dwflpp::focus_on_cu(Dwarf_Die * c)
// Reset existing pointers and names
function_name.clear();
function = NULL;
+
+ free(cached_scopes);
+ cached_scopes = NULL;
}
@@ -299,11 +304,17 @@ dwflpp::setup_kernel(bool debuginfo_needed)
elfutils_kernel_path.c_str(),
&dwfl_report_offline_predicate);
- if (debuginfo_needed)
+ if (debuginfo_needed) {
+ if (rc) {
+ // Suggest a likely kernel dir to find debuginfo rpm for
+ string dir = string("/lib/modules/" + sess.kernel_release );
+ find_debug_rpms(sess, dir.c_str());
+ }
dwfl_assert (string("missing ") + sess.architecture +
string(" kernel/module debuginfo under '") +
sess.kernel_build_tree + string("'"),
rc);
+ }
// XXX: it would be nice if we could do a single
// ..._report_offline call for an entire systemtap script, so
@@ -322,6 +333,8 @@ dwflpp::setup_kernel(bool debuginfo_needed)
// run time. See the dwarf_derived_probe ctor and its caller.
dwfl_assert ("dwfl_report_end", dwfl_report_end(dwfl, NULL, NULL));
+
+ build_blacklist();
}
@@ -1339,7 +1352,7 @@ dwflpp::find_variable_and_frame_base (Dwarf_Die *scope_die,
assert (cu);
- nscopes = dwarf_getscopes (cu, pc, &scopes);
+ nscopes = dwarf_getscopes_cached (pc, &scopes);
int sidx;
// if pc and scope_die are disjoint then we need dwarf_getscopes_die
for (sidx = 0; sidx < nscopes; sidx++)
@@ -2094,4 +2107,306 @@ dwflpp::literal_stmt_for_pointer (Dwarf_Die *type_die,
}
+static bool
+in_kprobes_function(systemtap_session& sess, Dwarf_Addr addr)
+{
+ if (sess.sym_kprobes_text_start != 0 && sess.sym_kprobes_text_end != 0)
+ {
+ // If the probe point address is anywhere in the __kprobes
+ // address range, we can't use this probe point.
+ if (addr >= sess.sym_kprobes_text_start && addr < sess.sym_kprobes_text_end)
+ return true;
+ }
+ return false;
+}
+
+
+bool
+dwflpp::blacklisted_p(const string& funcname,
+ const string& filename,
+ int,
+ const string& module,
+ const string& section,
+ Dwarf_Addr addr,
+ bool has_return)
+{
+ if (!blacklist_enabled)
+ return false; // no blacklist for userspace
+
+ if (section.substr(0, 6) == string(".init.") ||
+ section.substr(0, 6) == string(".exit.") ||
+ section.substr(0, 9) == string(".devinit.") ||
+ section.substr(0, 9) == string(".devexit.") ||
+ section.substr(0, 9) == string(".cpuinit.") ||
+ section.substr(0, 9) == string(".cpuexit.") ||
+ section.substr(0, 9) == string(".meminit.") ||
+ section.substr(0, 9) == string(".memexit."))
+ {
+ // NB: module .exit. routines could be probed in theory:
+ // if the exit handler in "struct module" is diverted,
+ // first inserting the kprobes
+ // then allowing the exit code to run
+ // then removing these kprobes
+ if (sess.verbose>1)
+ clog << " skipping - init/exit";
+ return true;
+ }
+
+ // Check for function marked '__kprobes'.
+ if (module == TOK_KERNEL && in_kprobes_function(sess, addr))
+ {
+ if (sess.verbose>1)
+ clog << " skipping - __kprobes";
+ return true;
+ }
+
+ // Check probe point against blacklist.
+ int goodfn = regexec (&blacklist_func, funcname.c_str(), 0, NULL, 0);
+ if (has_return)
+ goodfn = goodfn && regexec (&blacklist_func_ret, funcname.c_str(), 0, NULL, 0);
+ int goodfile = regexec (&blacklist_file, filename.c_str(), 0, NULL, 0);
+
+ if (! (goodfn && goodfile))
+ {
+ if (sess.guru_mode)
+ {
+ if (sess.verbose>1)
+ clog << " guru mode enabled - ignoring blacklist";
+ }
+ else
+ {
+ if (sess.verbose>1)
+ clog << " skipping - blacklisted";
+ return true;
+ }
+ }
+
+ // This probe point is not blacklisted.
+ return false;
+}
+
+
+void
+dwflpp::build_blacklist()
+{
+ // We build up the regexps in these strings
+
+ // Add ^ anchors at the front; $ will be added just before regcomp.
+
+ string blfn = "^(";
+ string blfn_ret = "^(";
+ string blfile = "^(";
+
+ blfile += "kernel/kprobes.c"; // first alternative, no "|"
+ blfile += "|arch/.*/kernel/kprobes.c";
+ // Older kernels need ...
+ blfile += "|include/asm/io.h";
+ blfile += "|include/asm/bitops.h";
+ // While newer ones need ...
+ blfile += "|arch/.*/include/asm/io.h";
+ blfile += "|arch/.*/include/asm/bitops.h";
+ blfile += "|drivers/ide/ide-iops.c";
+
+ // XXX: it would be nice if these blacklisted functions were pulled
+ // in dynamically, instead of being statically defined here.
+ // Perhaps it could be populated from script files. A "noprobe
+ // kernel.function("...")" construct might do the trick.
+
+ // Most of these are marked __kprobes in newer kernels. We list
+ // them here (anyway) so the translator can block them on older
+ // kernels that don't have the __kprobes function decorator. This
+ // also allows detection of problems at translate- rather than
+ // run-time.
+
+ blfn += "atomic_notifier_call_chain"; // first blfn; no "|"
+ blfn += "|default_do_nmi";
+ blfn += "|__die";
+ blfn += "|die_nmi";
+ blfn += "|do_debug";
+ blfn += "|do_general_protection";
+ blfn += "|do_int3";
+ blfn += "|do_IRQ";
+ blfn += "|do_page_fault";
+ blfn += "|do_sparc64_fault";
+ blfn += "|do_trap";
+ blfn += "|dummy_nmi_callback";
+ blfn += "|flush_icache_range";
+ blfn += "|ia64_bad_break";
+ blfn += "|ia64_do_page_fault";
+ blfn += "|ia64_fault";
+ blfn += "|io_check_error";
+ blfn += "|mem_parity_error";
+ blfn += "|nmi_watchdog_tick";
+ blfn += "|notifier_call_chain";
+ blfn += "|oops_begin";
+ blfn += "|oops_end";
+ blfn += "|program_check_exception";
+ blfn += "|single_step_exception";
+ blfn += "|sync_regs";
+ blfn += "|unhandled_fault";
+ blfn += "|unknown_nmi_error";
+
+ // Lots of locks
+ blfn += "|.*raw_.*lock.*";
+ blfn += "|.*read_.*lock.*";
+ blfn += "|.*write_.*lock.*";
+ blfn += "|.*spin_.*lock.*";
+ blfn += "|.*rwlock_.*lock.*";
+ blfn += "|.*rwsem_.*lock.*";
+ blfn += "|.*mutex_.*lock.*";
+ blfn += "|raw_.*";
+ blfn += "|.*seq_.*lock.*";
+
+ // atomic functions
+ blfn += "|atomic_.*";
+ blfn += "|atomic64_.*";
+
+ // few other problematic cases
+ blfn += "|get_bh";
+ blfn += "|put_bh";
+
+ // Experimental
+ blfn += "|.*apic.*|.*APIC.*";
+ blfn += "|.*softirq.*";
+ blfn += "|.*IRQ.*";
+ blfn += "|.*_intr.*";
+ blfn += "|__delay";
+ blfn += "|.*kernel_text.*";
+ blfn += "|get_current";
+ blfn += "|current_.*";
+ blfn += "|.*exception_tables.*";
+ blfn += "|.*setup_rt_frame.*";
+
+ // PR 5759, CONFIG_PREEMPT kernels
+ blfn += "|.*preempt_count.*";
+ blfn += "|preempt_schedule";
+
+ // These functions don't return, so return probes would never be recovered
+ blfn_ret += "do_exit"; // no "|"
+ blfn_ret += "|sys_exit";
+ blfn_ret += "|sys_exit_group";
+
+ // __switch_to changes "current" on x86_64 and i686, so return probes
+ // would cause kernel panic, and it is marked as "__kprobes" on x86_64
+ if (sess.architecture == "x86_64")
+ blfn += "|__switch_to";
+ if (sess.architecture == "i686")
+ blfn_ret += "|__switch_to";
+
+ blfn += ")$";
+ blfn_ret += ")$";
+ blfile += ")$";
+
+ if (sess.verbose > 2)
+ {
+ clog << "blacklist regexps:" << endl;
+ clog << "blfn: " << blfn << endl;
+ clog << "blfn_ret: " << blfn_ret << endl;
+ clog << "blfile: " << blfile << endl;
+ }
+
+ int rc = regcomp (& blacklist_func, blfn.c_str(), REG_NOSUB|REG_EXTENDED);
+ if (rc) throw semantic_error ("blacklist_func regcomp failed");
+ rc = regcomp (& blacklist_func_ret, blfn_ret.c_str(), REG_NOSUB|REG_EXTENDED);
+ if (rc) throw semantic_error ("blacklist_func_ret regcomp failed");
+ rc = regcomp (& blacklist_file, blfile.c_str(), REG_NOSUB|REG_EXTENDED);
+ if (rc) throw semantic_error ("blacklist_file regcomp failed");
+
+ blacklist_enabled = true;
+}
+
+
+string
+dwflpp::get_blacklist_section(Dwarf_Addr addr)
+{
+ string blacklist_section;
+ Dwarf_Addr bias;
+ // We prefer dwfl_module_getdwarf to dwfl_module_getelf here,
+ // because dwfl_module_getelf can force costly section relocations
+ // we don't really need, while either will do for this purpose.
+ Elf* elf = (dwarf_getelf (dwfl_module_getdwarf (module, &bias))
+ ?: dwfl_module_getelf (module, &bias));
+
+ Dwarf_Addr offset = addr - bias;
+ if (elf)
+ {
+ Elf_Scn* scn = 0;
+ size_t shstrndx;
+ dwfl_assert ("getshstrndx", elf_getshstrndx (elf, &shstrndx));
+ while ((scn = elf_nextscn (elf, scn)) != NULL)
+ {
+ GElf_Shdr shdr_mem;
+ GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem);
+ if (! shdr)
+ continue; // XXX error?
+
+ if (!(shdr->sh_flags & SHF_ALLOC))
+ continue;
+
+ GElf_Addr start = shdr->sh_addr;
+ GElf_Addr end = start + shdr->sh_size;
+ if (! (offset >= start && offset < end))
+ continue;
+
+ blacklist_section = elf_strptr (elf, shstrndx, shdr->sh_name);
+ break;
+ }
+ }
+ return blacklist_section;
+}
+
+
+Dwarf_Addr
+dwflpp::relocate_address(Dwarf_Addr addr,
+ string& reloc_section,
+ string& blacklist_section)
+{
+ Dwarf_Addr reloc_addr = addr;
+ if (!module)
+ {
+ assert(module_name == TOK_KERNEL);
+ reloc_section = "";
+ blacklist_section = "";
+ }
+ else if (dwfl_module_relocations (module) > 0)
+ {
+ // This is a relocatable module; libdwfl already knows its
+ // sections, so we can relativize addr.
+ int idx = dwfl_module_relocate_address (module, &reloc_addr);
+ const char* r_s = dwfl_module_relocation_info (module, idx, NULL);
+ if (r_s)
+ reloc_section = r_s;
+ blacklist_section = reloc_section;
+
+ if (reloc_section == "" && dwfl_module_relocations (module) == 1)
+ {
+ blacklist_section = get_blacklist_section(addr);
+ reloc_section = ".dynamic";
+ reloc_addr = addr;
+ }
+ }
+ else
+ {
+ blacklist_section = get_blacklist_section(addr);
+ reloc_section = ".absolute";
+ }
+ return reloc_addr;
+}
+
+
+int
+dwflpp::dwarf_getscopes_cached (Dwarf_Addr pc, Dwarf_Die **scopes)
+{
+ if (!cached_scopes || pc != pc_cached_scopes)
+ {
+ free(cached_scopes);
+ cached_scopes = NULL;
+ pc_cached_scopes = pc;
+ num_cached_scopes = dwarf_getscopes(cu, pc, &cached_scopes);
+ }
+ *scopes = cached_scopes;
+ return num_cached_scopes;
+}
+
+
/* vim: set sw=2 ts=8 cino=>4,n-2,{2,^-2,t0,(0,u0,w1,M1 : */
diff --git a/dwflpp.h b/dwflpp.h
index 042b37a9..314e7583 100644
--- a/dwflpp.h
+++ b/dwflpp.h
@@ -25,6 +25,7 @@
extern "C" {
#include <elfutils/libdwfl.h>
+#include <regex.h>
}
@@ -268,6 +269,19 @@ struct dwflpp
bool lvalue,
exp_type & ty);
+ bool blacklisted_p(const std::string& funcname,
+ const std::string& filename,
+ int line,
+ const std::string& module,
+ const std::string& section,
+ Dwarf_Addr addr,
+ bool has_return);
+
+ Dwarf_Addr relocate_address(Dwarf_Addr addr,
+ std::string& reloc_section,
+ std::string& blacklist_section);
+
+
private:
Dwfl * dwfl;
@@ -361,6 +375,18 @@ private:
std::string express_as_string (std::string prelude,
std::string postlude,
struct location *head);
+
+ regex_t blacklist_func; // function/statement probes
+ regex_t blacklist_func_ret; // only for .return probes
+ regex_t blacklist_file; // file name
+ bool blacklist_enabled;
+ void build_blacklist();
+ std::string get_blacklist_section(Dwarf_Addr addr);
+
+ Dwarf_Addr pc_cached_scopes;
+ int num_cached_scopes;
+ Dwarf_Die *cached_scopes;
+ int dwarf_getscopes_cached (Dwarf_Addr pc, Dwarf_Die **scopes);
};
#endif // DWFLPP_H
diff --git a/runtime/task_finder.c b/runtime/task_finder.c
index b35192a2..dab56170 100644
--- a/runtime/task_finder.c
+++ b/runtime/task_finder.c
@@ -983,6 +983,135 @@ __stp_utrace_task_finder_target_death(struct utrace_attached_engine *engine,
return UTRACE_DETACH;
}
+static void
+__stp_call_mmap_callbacks_for_task(struct stap_task_finder_target *tgt,
+ struct task_struct *tsk)
+{
+ struct mm_struct *mm;
+ char *mmpath_buf;
+ char *mmpath;
+ struct vm_area_struct *vma;
+ int file_based_vmas = 0;
+ struct vma_cache_t {
+#ifdef STAPCONF_DPATH_PATH
+ struct path *f_path;
+#else
+ struct dentry *f_dentry;
+ struct vfsmount *f_vfsmnt;
+#endif
+ unsigned long addr;
+ unsigned long length;
+ unsigned long offset;
+ unsigned long vm_flags;
+ };
+ struct vma_cache_t *vma_cache = NULL;
+ struct vma_cache_t *vma_cache_p;
+
+ /* Call the mmap_callback for every vma associated with
+ * a file. */
+ mm = get_task_mm(tsk);
+ if (! mm)
+ return;
+
+ // Allocate space for a path
+ mmpath_buf = _stp_kmalloc(PATH_MAX);
+ if (mmpath_buf == NULL) {
+ mmput(mm);
+ _stp_error("Unable to allocate space for path");
+ return;
+ }
+
+ down_read(&mm->mmap_sem);
+
+ // First find the number of file-based vmas.
+ vma = mm->mmap;
+ while (vma) {
+ if (vma->vm_file)
+ file_based_vmas++;
+ vma = vma->vm_next;
+ }
+
+ // Now allocate an array to cache vma information in.
+ if (file_based_vmas > 0)
+ vma_cache = _stp_kmalloc(sizeof(struct vma_cache_t)
+ * file_based_vmas);
+ if (vma_cache != NULL) {
+ // Loop through the vmas again, and cache needed information.
+ vma = mm->mmap;
+ vma_cache_p = vma_cache;
+ while (vma) {
+ if (vma->vm_file) {
+#ifdef STAPCONF_DPATH_PATH
+ // Notice we're increasing the reference
+ // count for 'f_path'. This way it won't
+ // get deleted from out under us.
+ vma_cache_p->f_path = &(vma->vm_file->f_path);
+ path_get(vma_cache_p->f_path);
+#else
+ // Notice we're increasing the reference
+ // count for 'f_dentry' and 'f_vfsmnt'.
+ // This way they won't get deleted from
+ // out under us.
+ vma_cache_p->f_dentry = vma->vm_file->f_dentry;
+ dget(vma_cache_p->f_path);
+ vma_cache_p->f_vfsmnt = vma->vm_file->f_vfsmnt;
+ mntget(vma_cache_p->f_vfsmnt);
+#endif
+ vma_cache_p->addr = vma->vm_start;
+ vma_cache_p->length = vma->vm_end - vma->vm_start;
+ vma_cache_p->offset = (vma->vm_pgoff << PAGE_SHIFT);
+ vma_cache_p->vm_flags = vma->vm_flags;
+ vma_cache_p++;
+ }
+ vma = vma->vm_next;
+ }
+ }
+
+ // At this point, we're done with the vmas (assuming we found
+ // any). We can't hold the 'mmap_sem' semaphore while making
+ // callbacks.
+ up_read(&mm->mmap_sem);
+
+ if (vma_cache) {
+ int i;
+
+ // Loop over our cached information and make callbacks
+ // based on it.
+ vma_cache_p = vma_cache;
+ for (i = 0; i < file_based_vmas; i++) {
+#ifdef STAPCONF_DPATH_PATH
+ mmpath = d_path(vma_cache_p->f_path, mmpath_buf,
+ PATH_MAX);
+ path_put(vma_cache_p->f_path);
+#else
+ mmpath = d_path(vma_cache_p->f_dentry,
+ vma_cache_p->f_vfsmnt, mmpath_buf,
+ PATH_MAX);
+ dput(vma_cache_p->f_dentry);
+ mntput(vma_cache_p->f_vfsmnt);
+#endif
+ if (mmpath == NULL || IS_ERR(mmpath)) {
+ long err = ((mmpath == NULL) ? 0
+ : -PTR_ERR(mmpath));
+ _stp_error("Unable to get path (error %ld) for pid %d",
+ err, (int)tsk->pid);
+ }
+ else {
+ __stp_call_mmap_callbacks(tgt, tsk, mmpath,
+ vma_cache_p->addr,
+ vma_cache_p->length,
+ vma_cache_p->offset,
+ vma_cache_p->vm_flags);
+ }
+ vma_cache_p++;
+ }
+ _stp_kfree(vma_cache);
+ }
+
+ mmput(mm); /* We're done with mm */
+ _stp_kfree(mmpath_buf);
+}
+
#ifdef UTRACE_ORIG_VERSION
static u32
__stp_utrace_task_finder_target_quiesce(struct utrace_attached_engine *engine,
@@ -1043,60 +1172,9 @@ __stp_utrace_task_finder_target_quiesce(enum utrace_resume_action action,
don't bother inform map callback clients about its memory map,
since they will simply duplicate each other. */
if (tgt->mmap_events == 1 && tsk->tgid == tsk->pid) {
- struct mm_struct *mm;
- char *mmpath_buf;
- char *mmpath;
- struct vm_area_struct *vma;
- int rc;
-
- /* Call the mmap_callback for every vma associated with
- * a file. */
- mm = get_task_mm(tsk);
- if (! mm)
- goto utftq_out;
-
- // Allocate space for a path
- mmpath_buf = _stp_kmalloc(PATH_MAX);
- if (mmpath_buf == NULL) {
- mmput(mm);
- _stp_error("Unable to allocate space for path");
- goto utftq_out;
- }
-
- down_read(&mm->mmap_sem);
- vma = mm->mmap;
- while (vma) {
- if (vma->vm_file) {
-#ifdef STAPCONF_DPATH_PATH
- mmpath = d_path(&(vma->vm_file->f_path),
- mmpath_buf, PATH_MAX);
-#else
- mmpath = d_path(vma->vm_file->f_dentry,
- vma->vm_file->f_vfsmnt,
- mmpath_buf, PATH_MAX);
-#endif
- if (mmpath) {
- __stp_call_mmap_callbacks(tgt, tsk,
- mmpath,
- vma->vm_start,
- vma->vm_end - vma->vm_start,
- (vma->vm_pgoff
- << PAGE_SHIFT),
- vma->vm_flags);
- }
- else {
- _stp_dbug(__FUNCTION__, __LINE__,
- "no mmpath?\n");
- }
- }
- vma = vma->vm_next;
- }
- up_read(&mm->mmap_sem);
- mmput(mm); /* We're done with mm */
- _stp_kfree(mmpath_buf);
+ __stp_call_mmap_callbacks_for_task(tgt, tsk);
}
-utftq_out:
__stp_tf_handler_end();
return UTRACE_RESUME;
}
diff --git a/tapset/nd_syscalls2.stp b/tapset/nd_syscalls2.stp
index 53c40453..43b8307f 100644
--- a/tapset/nd_syscalls2.stp
+++ b/tapset/nd_syscalls2.stp
@@ -28,7 +28,8 @@
# long compat_sys_nanosleep(struct compat_timespec __user *rqtp,
# struct compat_timespec __user *rmtp)
#
-probe nd_syscall.nanosleep = kprobe.function("sys_nanosleep")
+probe nd_syscall.nanosleep = kprobe.function("SyS_nanosleep") ?,
+ kprobe.function("sys_nanosleep") ?
{
name = "nanosleep"
// req_uaddr = $rqtp
@@ -39,7 +40,8 @@ probe nd_syscall.nanosleep = kprobe.function("sys_nanosleep")
rem_uaddr = pointer_arg(2)
argstr = sprintf("%s, %p", _struct_timespec_u(req_uaddr, 1), rem_uaddr)
}
-probe nd_syscall.nanosleep.return = kprobe.function("sys_nanosleep").return
+probe nd_syscall.nanosleep.return = kprobe.function("SyS_nanosleep").return ?,
+ kprobe.function("sys_nanosleep").return ?
{
name = "nanosleep"
retstr = returnstr(1)
@@ -91,7 +93,8 @@ probe nd_syscall.nfsservctl.return = kprobe.function("sys_nfsservctl").return ?,
# nice _______________________________________________________
# long sys_nice(int increment)
#
-probe nd_syscall.nice = kprobe.function("sys_nice") ?
+probe nd_syscall.nice = kprobe.function("SyS_nice") ?,
+ kprobe.function("sys_nice") ?
{
name = "nice"
// inc = $increment
@@ -100,7 +103,8 @@ probe nd_syscall.nice = kprobe.function("sys_nice") ?
inc = int_arg(1)
argstr = sprintf("%d", inc)
}
-probe nd_syscall.nice.return = kprobe.function("sys_nice").return ?
+probe nd_syscall.nice.return = kprobe.function("SyS_nice").return ?,
+ kprobe.function("sys_nice").return ?
{
name = "nice"
retstr = returnstr(1)
@@ -125,9 +129,10 @@ probe nd_syscall.ni_syscall.return = kprobe.function("sys_ni_syscall").return
# long sys_open(const char __user * filename, int flags, int mode)
# (obsolete) long sys32_open(const char * filename, int flags, int mode)
#
-probe nd_syscall.open = kprobe.function("sys_open") ?,
- kprobe.function("compat_sys_open") ?,
- kprobe.function("sys32_open") ?
+probe nd_syscall.open = kprobe.function("compat_sys_open") ?,
+ kprobe.function("sys32_open") ?,
+ kprobe.function("SyS_open") ?,
+ kprobe.function("sys_open") ?
{
name = "open"
// filename = user_string($filename)
@@ -150,9 +155,10 @@ probe nd_syscall.open = kprobe.function("sys_open") ?,
argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)),
_sys_open_flag_str(flags))
}
-probe nd_syscall.open.return = kprobe.function("sys_open").return ?,
- kprobe.function("compat_sys_open").return ?,
- kprobe.function("sys32_open").return ?
+probe nd_syscall.open.return = kprobe.function("compat_sys_open").return ?,
+ kprobe.function("sys32_open").return ?,
+ kprobe.function("SyS_open").return ?,
+ kprobe.function("sys_open").return ?
{
name = "open"
retstr = returnstr(1)
@@ -162,8 +168,9 @@ probe nd_syscall.open.return = kprobe.function("sys_open").return ?,
# long sys_openat(int dfd, const char __user *filename, int flags, int mode)
# long compat_sys_openat(unsigned int dfd, const char __user *filename, int flags, int mode)
#
-probe nd_syscall.openat = kprobe.function("sys_openat") ?,
- kprobe.function("compat_sys_openat") ?
+probe nd_syscall.openat = kprobe.function("compat_sys_openat") ?,
+ kprobe.function("SyS_openat") ?,
+ kprobe.function("sys_openat") ?
{
name = "openat"
// filename = user_string($filename)
@@ -190,8 +197,9 @@ probe nd_syscall.openat = kprobe.function("sys_openat") ?,
user_string_quoted(pointer_arg(2)),
_sys_open_flag_str(flags))
}
-probe nd_syscall.openat.return = kprobe.function("sys_openat").return ?,
- kprobe.function("compat_sys_openat").return ?
+probe nd_syscall.openat.return = kprobe.function("compat_sys_openat").return ?,
+ kprobe.function("SyS_openat").return ?,
+ kprobe.function("sys_openat").return ?
{
name = "openat"
retstr = returnstr(1)
@@ -260,7 +268,7 @@ probe nd_syscall.pause.return = kprobe.function("sys_pause").return ?,
# argstr = sprintf("%p, %p, %p, %d, %p", bus, dfn, off,
# len, buf_uaddr)
#}
-#probe nd_syscall.pciconfig_read.return = # kprobe.function("sys_pciconfig_read").return
+#probe nd_syscall.pciconfig_read.return = kprobe.function("sys_pciconfig_read").return
#{
# name = "pciconfig_read"
# retstr = returnstr(1)
@@ -287,7 +295,7 @@ probe nd_syscall.pause.return = kprobe.function("sys_pause").return ?,
# argstr = sprintf("%p, %p, %p, %d, %p", bus, dfn, off,
# len, buf_uaddr)
#}
-#probe nd_syscall.pciconfig_write.return = # kprobe.function("sys_pciconfig_write").return
+#probe nd_syscall.pciconfig_write.return = kprobe.function("sys_pciconfig_write").return
#{
# name = "pciconfig_write"
# retstr = returnstr(1)
@@ -298,7 +306,8 @@ probe nd_syscall.pause.return = kprobe.function("sys_pause").return ?,
# asmlinkage long
# sys_personality(u_long personality)
#
-probe nd_syscall.personality = kprobe.function("sys_personality")
+probe nd_syscall.personality = kprobe.function("SyS_personality") ?,
+ kprobe.function("sys_personality") ?
{
name = "personality"
// persona = $personality
@@ -306,7 +315,8 @@ probe nd_syscall.personality = kprobe.function("sys_personality")
persona = ulong_arg(1)
argstr = sprintf("%p", persona);
}
-probe nd_syscall.personality.return = kprobe.function("sys_personality").return
+probe nd_syscall.personality.return = kprobe.function("SyS_personality").return ?,
+ kprobe.function("sys_personality").return ?
{
name = "personality"
retstr = returnstr(1)
@@ -317,7 +327,8 @@ probe nd_syscall.personality.return = kprobe.function("sys_personality").return
# asmlinkage int
# sys_pipe(unsigned long __user * fildes)
#
-probe nd_syscall.pipe = kprobe.function("sys_pipe")
+probe nd_syscall.pipe = kprobe.function("SyS_pipe") ?,
+ kprobe.function("sys_pipe") ?
{
name = "pipe"
%( arch == "ia64" %?
@@ -332,7 +343,8 @@ probe nd_syscall.pipe = kprobe.function("sys_pipe")
%)
}
-probe nd_syscall.pipe.return = kprobe.function("sys_pipe").return
+probe nd_syscall.pipe.return = kprobe.function("SyS_pipe").return ?,
+ kprobe.function("sys_pipe").return ?
{
name = "pipe"
retstr = returnstr(1)
@@ -342,7 +354,8 @@ probe nd_syscall.pipe.return = kprobe.function("sys_pipe").return
#
# long sys_pivot_root(const char __user *new_root, const char __user *put_old)
#
-probe nd_syscall.pivot_root = kprobe.function("sys_pivot_root")
+probe nd_syscall.pivot_root = kprobe.function("SyS_pivot_root") ?,
+ kprobe.function("sys_pivot_root") ?
{
name = "pivot_root"
// new_root_str = user_string($new_root)
@@ -355,7 +368,8 @@ probe nd_syscall.pivot_root = kprobe.function("sys_pivot_root")
argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)),
user_string_quoted(pointer_arg(2)))
}
-probe nd_syscall.pivot_root.return = kprobe.function("sys_pivot_root").return
+probe nd_syscall.pivot_root.return = kprobe.function("SyS_pivot_root").return ?,
+ kprobe.function("sys_pivot_root").return ?
{
name = "pivot_root"
retstr = returnstr(1)
@@ -365,7 +379,8 @@ probe nd_syscall.pivot_root.return = kprobe.function("sys_pivot_root").return
#
# long sys_poll(struct pollfd __user * ufds, unsigned int nfds, long timeout)
#
-probe nd_syscall.poll = kprobe.function("sys_poll")
+probe nd_syscall.poll = kprobe.function("SyS_poll") ?,
+ kprobe.function("sys_poll") ?
{
name = "poll"
// ufds_uaddr = $ufds
@@ -378,7 +393,8 @@ probe nd_syscall.poll = kprobe.function("sys_poll")
timeout = long_arg(3)
argstr = sprintf("%p, %d, %d", ufds_uaddr, nfds, timeout)
}
-probe nd_syscall.poll.return = kprobe.function("sys_poll").return
+probe nd_syscall.poll.return = kprobe.function("SyS_poll").return ?,
+ kprobe.function("sys_poll").return ?
{
name = "poll"
retstr = returnstr(1)
@@ -390,7 +406,8 @@ probe nd_syscall.poll.return = kprobe.function("sys_poll").return
# struct timespec __user *tsp, const sigset_t __user *sigmask,
# size_t sigsetsize)
#
-probe nd_syscall.ppoll = kprobe.function("sys_ppoll") ?
+probe nd_syscall.ppoll = kprobe.function("SyS_ppoll") ?,
+ kprobe.function("sys_ppoll") ?
{
name = "ppoll"
// argstr = sprintf("%p, %d, %s, %p, %d",
@@ -407,7 +424,8 @@ probe nd_syscall.ppoll = kprobe.function("sys_ppoll") ?
pointer_arg(4),
ulong_arg(5))
}
-probe nd_syscall.ppoll.return = kprobe.function("sys_ppoll").return ?
+probe nd_syscall.ppoll.return = kprobe.function("SyS_ppoll").return ?,
+ kprobe.function("sys_ppoll").return ?
{
name = "ppoll"
retstr = returnstr(1)
@@ -448,7 +466,8 @@ probe nd_syscall.compat_ppoll.return = kprobe.function("compat_sys_ppoll").retur
# unsigned long arg4,
# unsigned long arg5)
#
-probe nd_syscall.prctl = kprobe.function("sys_prctl")
+probe nd_syscall.prctl = kprobe.function("SyS_prctl") ?,
+ kprobe.function("sys_prctl") ?
{
name = "prctl"
// option = $option
@@ -465,7 +484,8 @@ probe nd_syscall.prctl = kprobe.function("sys_prctl")
argstr = sprintf("%p, %p, %p, %p, %p", option, arg2, arg3,
arg4, arg5)
}
-probe nd_syscall.prctl.return = kprobe.function("sys_prctl").return
+probe nd_syscall.prctl.return = kprobe.function("SyS_prctl").return ?,
+ kprobe.function("sys_prctl").return ?
{
name = "prctl"
retstr = returnstr(1)
@@ -478,7 +498,8 @@ probe nd_syscall.prctl.return = kprobe.function("sys_prctl").return
# size_t count,
# loff_t pos)
#
-probe nd_syscall.pread = kprobe.function("sys_pread64")
+probe nd_syscall.pread = kprobe.function("SyS_pread64") ?,
+ kprobe.function("sys_pread64") ?
{
name = "pread"
// fd = $fd
@@ -493,7 +514,8 @@ probe nd_syscall.pread = kprobe.function("sys_pread64")
offset = longlong_arg(4)
argstr = sprintf("%d, %p, %d, %d", fd, buf_uaddr, count, offset)
}
-probe nd_syscall.pread.return = kprobe.function("sys_pread64").return
+probe nd_syscall.pread.return = kprobe.function("SyS_pread64").return ?,
+ kprobe.function("sys_pread64").return ?
{
name = "pread"
retstr = returnstr(1)
@@ -504,7 +526,8 @@ probe nd_syscall.pread.return = kprobe.function("sys_pread64").return
# long sys_pselect6(int n, fd_set __user *inp, fd_set __user *outp,
# fd_set __user *exp, struct timespec __user *tsp, void __user *sig)
#
-probe nd_syscall.pselect6 = kprobe.function("sys_pselect6") ?
+probe nd_syscall.pselect6 = kprobe.function("SyS_pselect6") ?,
+ kprobe.function("sys_pselect6") ?
{
name = "pselect6"
// argstr = sprintf("%d, %p, %p, %p, %s, %p", $n, $inp, $outp, $exp,
@@ -513,7 +536,8 @@ probe nd_syscall.pselect6 = kprobe.function("sys_pselect6") ?
argstr = sprintf("%d, %p, %p, %p, %s, %p", int_arg(1) , pointer_arg(2), pointer_arg(3), pointer_arg(4),
_struct_timespec_u(pointer_arg(5), 1), pointer_arg(6))
}
-probe nd_syscall.pselect6.return = kprobe.function("sys_pselect6").return ?
+probe nd_syscall.pselect6.return = kprobe.function("SyS_pselect6").return ?,
+ kprobe.function("sys_pselect6").return ?
{
name = "pselect6"
retstr = returnstr(1)
@@ -575,7 +599,8 @@ probe nd_syscall.compat_pselect7.return = kprobe.function("compat_sys_pselect7")
# long addr,
# long data)
#
-probe nd_syscall.ptrace = kprobe.function("sys_ptrace") ?
+probe nd_syscall.ptrace = kprobe.function("SyS_ptrace") ?,
+ kprobe.function("sys_ptrace") ?
{
name = "ptrace"
// request = $request
@@ -589,7 +614,8 @@ probe nd_syscall.ptrace = kprobe.function("sys_ptrace") ?
data = long_arg(4)
argstr = sprintf("%d, %d, %p, %p", request, pid, addr, data)
}
-probe nd_syscall.ptrace.return = kprobe.function("sys_ptrace").return ?
+probe nd_syscall.ptrace.return = kprobe.function("SyS_ptrace").return ?,
+ kprobe.function("sys_ptrace").return ?
{
name = "ptrace"
retstr = returnstr(1)
@@ -602,7 +628,8 @@ probe nd_syscall.ptrace.return = kprobe.function("sys_ptrace").return ?
# size_t count,
# loff_t pos)
#
-probe nd_syscall.pwrite = kprobe.function("sys_pwrite64")
+probe nd_syscall.pwrite = kprobe.function("SyS_pwrite64") ?,
+ kprobe.function("sys_pwrite64") ?
{
name = "pwrite"
// fd = $fd
@@ -621,7 +648,8 @@ probe nd_syscall.pwrite = kprobe.function("sys_pwrite64")
text_strn(user_string(buf_uaddr), syscall_string_trunc, 1),
count, offset)
}
-probe nd_syscall.pwrite.return = kprobe.function("sys_pwrite64").return
+probe nd_syscall.pwrite.return = kprobe.function("SyS_pwrite64").return ?,
+ kprobe.function("sys_pwrite64").return ?
{
name = "pwrite"
retstr = returnstr(1)
@@ -668,7 +696,8 @@ probe nd_syscall.pwrite32.return = kprobe.function("sys32_pwrite64").return ?
# qid_t id,
# void __user *addr)
#
-probe nd_syscall.quotactl = kprobe.function("sys_quotactl") ?
+probe nd_syscall.quotactl = kprobe.function("SyS_quotactl") ?,
+ kprobe.function("sys_quotactl") ?
{
name = "quotactl"
// cmd = $cmd
@@ -687,7 +716,8 @@ probe nd_syscall.quotactl = kprobe.function("sys_quotactl") ?
addr_uaddr = pointer_arg(4)
argstr = sprintf("%s, %s, %d, %p", cmd_str, special_str, id, addr_uaddr)
}
-probe nd_syscall.quotactl.return = kprobe.function("sys_quotactl").return ?
+probe nd_syscall.quotactl.return = kprobe.function("SyS_quotactl").return ?,
+ kprobe.function("sys_quotactl").return ?
{
name = "quotactl"
retstr = returnstr(1)
@@ -695,7 +725,8 @@ probe nd_syscall.quotactl.return = kprobe.function("sys_quotactl").return ?
# read _______________________________________________________
# ssize_t sys_read(unsigned int fd, char __user * buf, size_t count)
-probe nd_syscall.read = kprobe.function("sys_read")
+probe nd_syscall.read = kprobe.function("SyS_read") ?,
+ kprobe.function("sys_read") ?
{
name = "read"
// fd = $fd
@@ -708,7 +739,8 @@ probe nd_syscall.read = kprobe.function("sys_read")
count = ulong_arg(3)
argstr = sprintf("%d, %p, %d", fd, buf_uaddr, count)
}
-probe nd_syscall.read.return = kprobe.function("sys_read").return
+probe nd_syscall.read.return = kprobe.function("SyS_read").return ?,
+ kprobe.function("sys_read").return ?
{
name = "read"
retstr = returnstr(1)
@@ -721,7 +753,8 @@ probe nd_syscall.read.return = kprobe.function("sys_read").return
# loff_t offset,
# size_t count)
#
-probe nd_syscall.readahead = kprobe.function("sys_readahead")
+probe nd_syscall.readahead = kprobe.function("SyS_readahead") ?,
+ kprobe.function("sys_readahead") ?
{
name = "readahead"
// fd = $fd
@@ -733,7 +766,8 @@ probe nd_syscall.readahead = kprobe.function("sys_readahead")
count = ulong_arg(3)
argstr = sprintf("%d, %p, %p", fd, offset, count)
}
-probe nd_syscall.readahead.return = kprobe.function("sys_readahead").return
+probe nd_syscall.readahead.return = kprobe.function("SyS_readahead").return ?,
+ kprobe.function("sys_readahead").return ?
{
name = "readahead"
retstr = returnstr(1)
@@ -765,7 +799,8 @@ probe nd_syscall.readdir.return = kprobe.function("compat_sys_old_readdir").retu
# char __user * buf,
# int bufsiz)
#
-probe nd_syscall.readlink = kprobe.function("sys_readlink")
+probe nd_syscall.readlink = kprobe.function("SyS_readlink") ?,
+ kprobe.function("sys_readlink") ?
{
name = "readlink"
// path = user_string($path)
@@ -780,7 +815,8 @@ probe nd_syscall.readlink = kprobe.function("sys_readlink")
argstr = sprintf("%s, %p, %d", user_string_quoted(pointer_arg(1)),
buf_uaddr, bufsiz)
}
-probe nd_syscall.readlink.return = kprobe.function("sys_readlink").return
+probe nd_syscall.readlink.return = kprobe.function("SyS_readlink").return ?,
+ kprobe.function("sys_readlink").return ?
{
name = "readlink"
retstr = returnstr(1)
@@ -792,7 +828,8 @@ probe nd_syscall.readlink.return = kprobe.function("sys_readlink").return
# char __user * buf,
# int bufsiz)
#
-probe nd_syscall.readlinkat = kprobe.function("sys_readlinkat") ?
+probe nd_syscall.readlinkat = kprobe.function("SyS_readlinkat") ?,
+ kprobe.function("sys_readlinkat") ?
{
name = "readlinkat"
//dfd = $dfd
@@ -809,7 +846,8 @@ probe nd_syscall.readlinkat = kprobe.function("sys_readlinkat") ?
argstr = sprintf("%s, %s, %p, %d", _dfd_str(dfd), user_string_quoted(pointer_arg(2)),
buf_uaddr, bufsiz)
}
-probe nd_syscall.readlinkat.return = kprobe.function("sys_readlinkat").return ?
+probe nd_syscall.readlinkat.return = kprobe.function("SyS_readlinkat").return ?,
+ kprobe.function("sys_readlinkat").return ?
{
name = "readlinkat"
retstr = returnstr(1)
@@ -824,8 +862,9 @@ probe nd_syscall.readlinkat.return = kprobe.function("sys_readlinkat").return ?
# const struct compat_iovec __user *vec,
# unsigned long vlen)
#
-probe nd_syscall.readv = kprobe.function("sys_readv"),
- kprobe.function("compat_sys_readv") ?
+probe nd_syscall.readv = kprobe.function("compat_sys_readv") ?,
+ kprobe.function("SyS_readv") ?,
+ kprobe.function("sys_readv") ?
{
name = "readv"
// vector_uaddr = $vec
@@ -843,8 +882,9 @@ probe nd_syscall.readv = kprobe.function("sys_readv"),
fd = ulong_arg(1)
argstr = sprintf("%d, %p, %d", fd, vector_uaddr, count)
}
-probe nd_syscall.readv.return = kprobe.function("sys_readv").return,
- kprobe.function("compat_sys_readv").return ?
+probe nd_syscall.readv.return = kprobe.function("compat_sys_readv").return ?,
+ kprobe.function("SyS_readv").return ?,
+ kprobe.function("sys_readv").return ?
{
name = "readv"
retstr = returnstr(1)
@@ -857,7 +897,8 @@ probe nd_syscall.readv.return = kprobe.function("sys_readv").return,
# unsigned int cmd,
# void __user * arg)
#
-probe nd_syscall.reboot = kprobe.function("sys_reboot")
+probe nd_syscall.reboot = kprobe.function("SyS_reboot") ?,
+ kprobe.function("sys_reboot") ?
{
name = "reboot"
// magic = $magic1
@@ -880,7 +921,8 @@ probe nd_syscall.reboot = kprobe.function("sys_reboot")
argstr = sprintf("%s, %s, %s, %p", magic_str, magic2_str,
flag_str, arg_uaddr)
}
-probe nd_syscall.reboot.return = kprobe.function("sys_reboot").return
+probe nd_syscall.reboot.return = kprobe.function("SyS_reboot").return ?,
+ kprobe.function("sys_reboot").return ?
{
name = "reboot"
retstr = returnstr(1)
@@ -922,7 +964,8 @@ probe nd_syscall.recv.return = kprobe.function("sys_recv").return ?
# struct sockaddr __user *addr,
# int __user *addr_len)
#
-probe nd_syscall.recvfrom = kprobe.function("sys_recvfrom") ?
+probe nd_syscall.recvfrom = kprobe.function("SyS_recvfrom") ?,
+ kprobe.function("sys_recvfrom") ?
{
name = "recvfrom"
// s = $fd
@@ -945,7 +988,8 @@ probe nd_syscall.recvfrom = kprobe.function("sys_recvfrom") ?
argstr = sprintf("%d, %p, %d, %s, %p, %p",
s, buf_uaddr, len, flags_str, addr_uaddr, addrlen_uaddr)
}
-probe nd_syscall.recvfrom.return = kprobe.function("sys_recvfrom").return ?
+probe nd_syscall.recvfrom.return = kprobe.function("SyS_recvfrom").return ?,
+ kprobe.function("sys_recvfrom").return ?
{
name = "recvfrom"
retstr = returnstr(1)
@@ -957,7 +1001,8 @@ probe nd_syscall.recvfrom.return = kprobe.function("sys_recvfrom").return ?
# struct msghdr __user *msg,
# unsigned int flags)
#
-probe nd_syscall.recvmsg = kprobe.function("sys_recvmsg") ?
+probe nd_syscall.recvmsg = kprobe.function("SyS_recvmsg") ?,
+ kprobe.function("sys_recvmsg") ?
{
name = "recvmsg"
// s = $fd
@@ -972,7 +1017,8 @@ probe nd_syscall.recvmsg = kprobe.function("sys_recvmsg") ?
flags_str = _recvflags_str(flags)
argstr = sprintf("%d, %p, %s", s, msg_uaddr, flags_str)
}
-probe nd_syscall.recvmsg.return = kprobe.function("sys_recvmsg").return ?
+probe nd_syscall.recvmsg.return = kprobe.function("SyS_recvmsg").return ?,
+ kprobe.function("sys_recvmsg").return ?
{
name = "recvmsg"
retstr = returnstr(1)
@@ -1011,7 +1057,8 @@ probe nd_syscall.compat_sys_recvmsg.return = kprobe.function("compat_sys_recvmsg
# unsigned long pgoff,
# unsigned long flags)
#
-probe nd_syscall.remap_file_pages = kprobe.function("sys_remap_file_pages") ?
+probe nd_syscall.remap_file_pages = kprobe.function("SyS_remap_file_pages") ?,
+ kprobe.function("sys_remap_file_pages") ?
{
name = "remap_file_pages"
// start = $start
@@ -1032,7 +1079,8 @@ probe nd_syscall.remap_file_pages = kprobe.function("sys_remap_file_pages") ?
argstr = sprintf("%p, %p, %p, %p, %p", start, size, prot,
pgoff, flags)
}
-probe nd_syscall.remap_file_pages.return = kprobe.function("sys_remap_file_pages").return ?
+probe nd_syscall.remap_file_pages.return = kprobe.function("SyS_remap_file_pages").return ?,
+ kprobe.function("sys_remap_file_pages").return ?
{
name = "remap_file_pages"
retstr = returnstr(1)
@@ -1044,7 +1092,8 @@ probe nd_syscall.remap_file_pages.return = kprobe.function("sys_remap_file_pages
# sys_removexattr(char __user *path,
# char __user *name)
#
-probe nd_syscall.removexattr = kprobe.function("sys_removexattr")
+probe nd_syscall.removexattr = kprobe.function("SyS_removexattr") ?,
+ kprobe.function("sys_removexattr") ?
{
name = "removexattr"
// path = user_string($path)
@@ -1057,7 +1106,8 @@ probe nd_syscall.removexattr = kprobe.function("sys_removexattr")
argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)),
user_string_quoted(pointer_arg(2)))
}
-probe nd_syscall.removexattr.return = kprobe.function("sys_removexattr").return
+probe nd_syscall.removexattr.return = kprobe.function("SyS_removexattr").return ?,
+ kprobe.function("sys_removexattr").return ?
{
name = "removexattr"
retstr = returnstr(1)
@@ -1069,7 +1119,8 @@ probe nd_syscall.removexattr.return = kprobe.function("sys_removexattr").return
# sys_rename(const char __user * oldname,
# const char __user * newname)
#
-probe nd_syscall.rename = kprobe.function("sys_rename")
+probe nd_syscall.rename = kprobe.function("SyS_rename") ?,
+ kprobe.function("sys_rename") ?
{
name = "rename"
// oldpath = user_string($oldname)
@@ -1082,12 +1133,24 @@ probe nd_syscall.rename = kprobe.function("sys_rename")
argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)),
user_string_quoted(pointer_arg(2)))
}
-probe nd_syscall.rename.return = kprobe.function("sys_rename").return
+probe nd_syscall.rename.return = kprobe.function("SyS_rename").return ?,
+ kprobe.function("sys_rename").return ?
{
name = "rename"
retstr = returnstr(1)
}
+# renameat ___________________________________________________
+# TODO
+#probe nd_syscall.renameat = kprobe.function("SyS_renameat") ?,
+# kprobe.function("sys_renameat") ?
+#{
+#}
+#probe nd_syscall.renameat.return = kprobe.function("SyS_renameat").return ?,
+# kprobe.function("sys_renameat").return ?
+#{
+#}
+
# request_key ________________________________________________
#
# long sys_request_key(const char __user *_type,
@@ -1096,7 +1159,8 @@ probe nd_syscall.rename.return = kprobe.function("sys_rename").return
# key_serial_t destringid)
# compat_sys_request_key() calls sys_request_key, so don't need probe there.
#
-probe nd_syscall.request_key = kprobe.function("sys_request_key") ?
+probe nd_syscall.request_key = kprobe.function("SyS_request_key") ?,
+ kprobe.function("sys_request_key") ?
{
name = "request_key"
// type_uaddr = $_type
@@ -1111,7 +1175,8 @@ probe nd_syscall.request_key = kprobe.function("sys_request_key") ?
destringid = u32_arg(4)
argstr = sprintf("%p, %p, %p, %p", type_uaddr, description_uaddr, callout_info_uaddr, destringid)
}
-probe nd_syscall.request_key.return = kprobe.function("sys_request_key").return ?
+probe nd_syscall.request_key.return = kprobe.function("SyS_request_key").return ?,
+ kprobe.function("sys_request_key").return ?
{
name = "request_key"
retstr = returnstr(1)
@@ -1138,7 +1203,8 @@ probe nd_syscall.restart_syscall.return = kprobe.function("sys_restart_syscall")
# asmlinkage long
# sys_rmdir(const char __user * pathname)
#
-probe nd_syscall.rmdir = kprobe.function("sys_rmdir")
+probe nd_syscall.rmdir = kprobe.function("SyS_rmdir") ?,
+ kprobe.function("sys_rmdir") ?
{
name = "rmdir"
// pathname = user_string($pathname)
@@ -1147,7 +1213,8 @@ probe nd_syscall.rmdir = kprobe.function("sys_rmdir")
pathname = user_string(pointer_arg(1))
argstr = user_string_quoted(pointer_arg(1))
}
-probe nd_syscall.rmdir.return = kprobe.function("sys_rmdir").return
+probe nd_syscall.rmdir.return = kprobe.function("SyS_rmdir").return ?,
+ kprobe.function("sys_rmdir").return ?
{
name = "rmdir"
retstr = returnstr(1)
@@ -1160,7 +1227,8 @@ probe nd_syscall.rmdir.return = kprobe.function("sys_rmdir").return
# struct sigaction __user *oact,
# size_t sigsetsize)
#
-probe nd_syscall.rt_sigaction = kprobe.function("sys_rt_sigaction") ?
+probe nd_syscall.rt_sigaction = kprobe.function("SyS_rt_sigaction") ?,
+ kprobe.function("sys_rt_sigaction") ?
{
name = "rt_sigaction"
// sig = $sig
@@ -1177,7 +1245,8 @@ probe nd_syscall.rt_sigaction = kprobe.function("sys_rt_sigaction") ?
argstr = sprintf("%s, {%s}, %p, %d", _signal_name(sig),
_struct_sigaction_u(act_uaddr), oact_uaddr, sigsetsize)
}
-probe nd_syscall.rt_sigaction.return = kprobe.function("sys_rt_sigaction").return ?
+probe nd_syscall.rt_sigaction.return = kprobe.function("SyS_rt_sigaction").return ?,
+ kprobe.function("sys_rt_sigaction").return ?
{
name = "rt_sigaction"
retstr = returnstr(1)
@@ -1221,7 +1290,8 @@ probe nd_syscall.rt_sigaction32.return = kprobe.function("sys32_rt_sigaction").r
#
# long sys_rt_sigpending(sigset_t __user *set, size_t sigsetsize)
#
-probe nd_syscall.rt_sigpending = kprobe.function("sys_rt_sigpending") ?
+probe nd_syscall.rt_sigpending = kprobe.function("SyS_rt_sigpending") ?,
+ kprobe.function("sys_rt_sigpending") ?
{
name = "rt_sigpending"
// set_uaddr = $set
@@ -1232,7 +1302,8 @@ probe nd_syscall.rt_sigpending = kprobe.function("sys_rt_sigpending") ?
sigsetsize = ulong_arg(2)
argstr = sprintf("%p, %d", set_uaddr, sigsetsize)
}
-probe nd_syscall.rt_sigpending.return = kprobe.function("sys_rt_sigpending").return ?
+probe nd_syscall.rt_sigpending.return = kprobe.function("SyS_rt_sigpending").return ?,
+ kprobe.function("sys_rt_sigpending").return ?
{
name = "rt_sigpending"
retstr = returnstr(1)
@@ -1245,6 +1316,7 @@ probe nd_syscall.rt_sigpending.return = kprobe.function("sys_rt_sigpending").ret
#
probe nd_syscall.rt_sigprocmask = kprobe.function("sys32_rt_sigprocmask") ?,
kprobe.function("compat_sys_rt_sigprocmask") ?,
+ kprobe.function("SyS_rt_sigprocmask") ?,
kprobe.function("sys_rt_sigprocmask") ?
{
name = "rt_sigprocmask"
@@ -1265,6 +1337,7 @@ probe nd_syscall.rt_sigprocmask = kprobe.function("sys32_rt_sigprocmask") ?,
}
probe nd_syscall.rt_sigprocmask.return = kprobe.function("sys32_rt_sigprocmask").return ?,
kprobe.function("compat_sys_rt_sigprocmask").return ?,
+ kprobe.function("SyS_rt_sigprocmask").return ?,
kprobe.function("sys_rt_sigprocmask").return ?
{
name = "rt_sigprocmask"
@@ -1275,7 +1348,8 @@ probe nd_syscall.rt_sigprocmask.return = kprobe.function("sys32_rt_sigprocmask")
#
# long sys_rt_sigqueueinfo(int pid, int sig, siginfo_t __user *uinfo)
#
-probe nd_syscall.rt_sigqueueinfo = kprobe.function("sys_rt_sigqueueinfo")
+probe nd_syscall.rt_sigqueueinfo = kprobe.function("SyS_rt_sigqueueinfo") ?,
+ kprobe.function("sys_rt_sigqueueinfo") ?
{
name = "rt_sigqueueinfo"
// pid = $pid
@@ -1288,7 +1362,8 @@ probe nd_syscall.rt_sigqueueinfo = kprobe.function("sys_rt_sigqueueinfo")
uinfo_uaddr = pointer_arg(3)
argstr = sprintf("%d, %s, %p", pid, _signal_name(sig), uinfo_uaddr)
}
-probe nd_syscall.rt_sigqueueinfo.return = kprobe.function("sys_rt_sigqueueinfo").return
+probe nd_syscall.rt_sigqueueinfo.return = kprobe.function("SyS_rt_sigqueueinfo").return ?,
+ kprobe.function("sys_rt_sigqueueinfo").return ?
{
name = "rt_sigqueueinfo"
retstr = returnstr(1)
@@ -1314,16 +1389,18 @@ probe nd_syscall.rt_sigreturn.return = kprobe.function("sys_rt_sigreturn").retur
#
# sys_rt_sigsuspend(struct pt_regs regs)
#
-probe nd_syscall.rt_sigsuspend = kprobe.function("sys_rt_sigsuspend") ?,
- kprobe.function("compat_sys_rt_sigsuspend") ?,
- kprobe.function("ia64_rt_sigsuspend") ?
+probe nd_syscall.rt_sigsuspend = kprobe.function("compat_sys_rt_sigsuspend") ?,
+ kprobe.function("ia64_rt_sigsuspend") ?,
+ kprobe.function("SyS_rt_sigsuspend") ?,
+ kprobe.function("sys_rt_sigsuspend") ?
{
name = "rt_sigsuspend"
argstr = ""
}
-probe nd_syscall.rt_sigsuspend.return = kprobe.function("sys_rt_sigsuspend").return ?,
- kprobe.function("compat_sys_rt_sigsuspend").return ?,
- kprobe.function("ia64_rt_sigsuspend").return ?
+probe nd_syscall.rt_sigsuspend.return = kprobe.function("compat_sys_rt_sigsuspend").return ?,
+ kprobe.function("ia64_rt_sigsuspend").return ?,
+ kprobe.function("SyS_rt_sigsuspend").return ?,
+ kprobe.function("sys_rt_sigsuspend").return ?
{
name = "rt_sigsuspend"
retstr = returnstr(1)
@@ -1339,8 +1416,9 @@ probe nd_syscall.rt_sigsuspend.return = kprobe.function("sys_rt_sigsuspend").ret
# struct compat_siginfo __user *uinfo,
# struct compat_timespec __user *uts, compat_size_t sigsetsize)
#
-probe nd_syscall.rt_sigtimedwait = kprobe.function("sys_rt_sigtimedwait"),
- kprobe.function("compat_sys_rt_sigtimedwait") ?
+probe nd_syscall.rt_sigtimedwait = kprobe.function("compat_sys_rt_sigtimedwait") ?,
+ kprobe.function("SyS_rt_sigtimedwait") ?,
+ kprobe.function("sys_rt_sigtimedwait") ?
{
name = "rt_sigtimedwait"
// uthese_uaddr = $uthese
@@ -1358,8 +1436,9 @@ probe nd_syscall.rt_sigtimedwait = kprobe.function("sys_rt_sigtimedwait"),
sigsetsize = u32_arg(4)
argstr = sprintf("%p, %p, %p, %d", uthese_uaddr, uinfo_uaddr, uts_uaddr, sigsetsize)
}
-probe nd_syscall.rt_sigtimedwait.return = kprobe.function("sys_rt_sigtimedwait").return,
- kprobe.function("compat_sys_rt_sigtimedwait").return ?
+probe nd_syscall.rt_sigtimedwait.return = kprobe.function("compat_sys_rt_sigtimedwait").return ?,
+ kprobe.function("SyS_rt_sigtimedwait").return ?,
+ kprobe.function("sys_rt_sigtimedwait").return ?
{
name = "rt_sigtimedwait"
retstr = returnstr(1)
@@ -1372,7 +1451,8 @@ probe nd_syscall.rt_sigtimedwait.return = kprobe.function("sys_rt_sigtimedwait")
# unsigned int len,
# unsigned long __user *user_mask_ptr)
#
-probe nd_syscall.sched_getaffinity = kprobe.function("sys_sched_getaffinity")
+probe nd_syscall.sched_getaffinity = kprobe.function("SyS_sched_getaffinity") ?,
+ kprobe.function("sys_sched_getaffinity") ?
{
name = "sched_getaffinity"
// pid = $pid
@@ -1384,7 +1464,8 @@ probe nd_syscall.sched_getaffinity = kprobe.function("sys_sched_getaffinity")
mask_uaddr = pointer_arg(3)
argstr = sprintf("%d, %p, %p", pid, len, mask_uaddr)
}
-probe nd_syscall.sched_getaffinity.return = kprobe.function("sys_sched_getaffinity").return
+probe nd_syscall.sched_getaffinity.return = kprobe.function("SyS_sched_getaffinity").return ?,
+ kprobe.function("sys_sched_getaffinity").return ?
{
name = "sched_getaffinity"
retstr = returnstr(1)
@@ -1396,7 +1477,8 @@ probe nd_syscall.sched_getaffinity.return = kprobe.function("sys_sched_getaffini
# sys_sched_getparam(pid_t pid,
# struct sched_param __user *param)
#
-probe nd_syscall.sched_getparam = kprobe.function("sys_sched_getparam")
+probe nd_syscall.sched_getparam = kprobe.function("SyS_sched_getparam") ?,
+ kprobe.function("sys_sched_getparam") ?
{
name = "sched_getparam"
// pid = $pid
@@ -1406,7 +1488,8 @@ probe nd_syscall.sched_getparam = kprobe.function("sys_sched_getparam")
p_uaddr = pointer_arg(2)
argstr = sprintf("%d, %p", pid, p_uaddr)
}
-probe nd_syscall.sched_getparam.return = kprobe.function("sys_sched_getparam").return
+probe nd_syscall.sched_getparam.return = kprobe.function("SyS_sched_getparam").return ?,
+ kprobe.function("sys_sched_getparam").return ?
{
name = "sched_getparam"
retstr = returnstr(1)
@@ -1417,7 +1500,8 @@ probe nd_syscall.sched_getparam.return = kprobe.function("sys_sched_getparam").r
# asmlinkage long
# sys_sched_get_priority_max(int policy)
#
-probe nd_syscall.sched_get_priority_max = kprobe.function("sys_sched_get_priority_max")
+probe nd_syscall.sched_get_priority_max = kprobe.function("SyS_sched_get_priority_max") ?,
+ kprobe.function("sys_sched_get_priority_max") ?
{
name = "sched_get_priority_max"
// policy = $policy
@@ -1425,7 +1509,8 @@ probe nd_syscall.sched_get_priority_max = kprobe.function("sys_sched_get_priorit
policy = int_arg(1)
argstr = sprint(policy)
}
-probe nd_syscall.sched_get_priority_max.return = kprobe.function("sys_sched_get_priority_max").return
+probe nd_syscall.sched_get_priority_max.return = kprobe.function("SyS_sched_get_priority_max").return ?,
+ kprobe.function("sys_sched_get_priority_max").return ?
{
name = "sched_get_priority_max"
retstr = returnstr(1)
@@ -1436,7 +1521,8 @@ probe nd_syscall.sched_get_priority_max.return = kprobe.function("sys_sched_get_
# asmlinkage long
# sys_sched_get_priority_min(int policy)
#
-probe nd_syscall.sched_get_priority_min = kprobe.function("sys_sched_get_priority_min")
+probe nd_syscall.sched_get_priority_min = kprobe.function("SyS_sched_get_priority_min") ?,
+ kprobe.function("sys_sched_get_priority_min") ?
{
name = "sched_get_priority_min"
// policy = $policy
@@ -1444,7 +1530,8 @@ probe nd_syscall.sched_get_priority_min = kprobe.function("sys_sched_get_priorit
policy = int_arg(1)
argstr = sprint(policy)
}
-probe nd_syscall.sched_get_priority_min.return = kprobe.function("sys_sched_get_priority_min").return
+probe nd_syscall.sched_get_priority_min.return = kprobe.function("SyS_sched_get_priority_min").return ?,
+ kprobe.function("sys_sched_get_priority_min").return ?
{
name = "sched_get_priority_min"
retstr = returnstr(1)
@@ -1454,7 +1541,8 @@ probe nd_syscall.sched_get_priority_min.return = kprobe.function("sys_sched_get_
#
# long sys_sched_getscheduler(pid_t pid)
#
-probe nd_syscall.sched_getscheduler = kprobe.function("sys_sched_getscheduler")
+probe nd_syscall.sched_getscheduler = kprobe.function("SyS_sched_getscheduler") ?,
+ kprobe.function("sys_sched_getscheduler") ?
{
name = "sched_getscheduler"
// pid = $pid
@@ -1463,7 +1551,8 @@ probe nd_syscall.sched_getscheduler = kprobe.function("sys_sched_getscheduler")
pid = int_arg(1)
argstr = sprint(pid)
}
-probe nd_syscall.sched_getscheduler.return = kprobe.function("sys_sched_getscheduler").return
+probe nd_syscall.sched_getscheduler.return = kprobe.function("SyS_sched_getscheduler").return ?,
+ kprobe.function("sys_sched_getscheduler").return ?
{
name = "sched_getscheduler"
retstr = returnstr(1)
@@ -1473,7 +1562,8 @@ probe nd_syscall.sched_getscheduler.return = kprobe.function("sys_sched_getsched
#
# long sys_sched_rr_get_interval(pid_t pid, struct timespec __user *interval)
#
-probe nd_syscall.sched_rr_get_interval = kprobe.function("sys_sched_rr_get_interval")
+probe nd_syscall.sched_rr_get_interval = kprobe.function("SyS_sched_rr_get_interval") ?,
+ kprobe.function("sys_sched_rr_get_interval") ?
{
name = "sched_rr_get_interval"
// pid = $pid
@@ -1484,7 +1574,8 @@ probe nd_syscall.sched_rr_get_interval = kprobe.function("sys_sched_rr_get_inter
tp_uaddr = pointer_arg(2)
argstr = sprintf("%d, %s", pid, _struct_timespec_u(tp_uaddr, 1))
}
-probe nd_syscall.sched_rr_get_interval.return = kprobe.function("sys_sched_rr_get_interval").return
+probe nd_syscall.sched_rr_get_interval.return = kprobe.function("SyS_sched_rr_get_interval").return ?,
+ kprobe.function("sys_sched_rr_get_interval").return ?
{
name = "sched_rr_get_interval"
retstr = returnstr(1)
@@ -1497,7 +1588,8 @@ probe nd_syscall.sched_rr_get_interval.return = kprobe.function("sys_sched_rr_ge
# FIXME: why the problem with x86_64?
#
%( arch != "x86_64" %?
-probe nd_syscall.sched_setaffinity = kprobe.function("sys_sched_setaffinity")
+probe nd_syscall.sched_setaffinity = kprobe.function("SyS_sched_setaffinity") ?,
+ kprobe.function("sys_sched_setaffinity") ?
{
name = "sched_setaffinity"
// pid = $pid
@@ -1511,7 +1603,8 @@ probe nd_syscall.sched_setaffinity = kprobe.function("sys_sched_setaffinity")
argstr = sprintf("%d, %d, %p", pid, len, mask_uaddr)
}
%:
-probe nd_syscall.sched_setaffinity = kprobe.function("sys_sched_setaffinity")
+probe nd_syscall.sched_setaffinity = kprobe.function("SyS_sched_setaffinity") ?,
+ kprobe.function("sys_sched_setaffinity") ?
{
name = "sched_setaffinity"
// pid = $pid
@@ -1525,7 +1618,8 @@ probe nd_syscall.sched_setaffinity = kprobe.function("sys_sched_setaffinity")
argstr = sprintf("%d, <unknown>, %p", pid, mask_uaddr)
}
%)
-probe nd_syscall.sched_setaffinity.return = kprobe.function("sys_sched_setaffinity").return
+probe nd_syscall.sched_setaffinity.return = kprobe.function("SyS_sched_setaffinity").return ?,
+ kprobe.function("sys_sched_setaffinity").return ?
{
name = "sched_setaffinity"
retstr = returnstr(1)
@@ -1535,7 +1629,8 @@ probe nd_syscall.sched_setaffinity.return = kprobe.function("sys_sched_setaffini
#
# long sys_sched_setparam(pid_t pid, struct sched_param __user *param)
#
-probe nd_syscall.sched_setparam = kprobe.function("sys_sched_setparam") ?
+probe nd_syscall.sched_setparam = kprobe.function("SyS_sched_setparam") ?,
+ kprobe.function("sys_sched_setparam") ?
{
name = "sched_setparam"
// pid = $pid
@@ -1546,7 +1641,8 @@ probe nd_syscall.sched_setparam = kprobe.function("sys_sched_setparam") ?
p_uaddr = pointer_arg(2)
argstr = sprintf("%d, %p", pid, p_uaddr)
}
-probe nd_syscall.sched_setparam.return = kprobe.function("sys_sched_setparam").return ?
+probe nd_syscall.sched_setparam.return = kprobe.function("SyS_sched_setparam").return ?,
+ kprobe.function("sys_sched_setparam").return ?
{
name = "sched_setparam"
retstr = returnstr(1)
@@ -1556,7 +1652,8 @@ probe nd_syscall.sched_setparam.return = kprobe.function("sys_sched_setparam").r
#
# long sys_sched_setscheduler(pid_t pid, int policy, struct sched_param __user *param)
#
-probe nd_syscall.sched_setscheduler = kprobe.function("sys_sched_setscheduler") ?
+probe nd_syscall.sched_setscheduler = kprobe.function("SyS_sched_setscheduler") ?,
+ kprobe.function("sys_sched_setscheduler") ?
{
name = "sched_setscheduler"
// pid = $pid
@@ -1571,7 +1668,8 @@ probe nd_syscall.sched_setscheduler = kprobe.function("sys_sched_setscheduler")
p_uaddr = pointer_arg(3)
argstr = sprintf("%d, %s, %p", pid, policy_str, p_uaddr)
}
-probe nd_syscall.sched_setscheduler.return = kprobe.function("sys_sched_setscheduler").return ?
+probe nd_syscall.sched_setscheduler.return = kprobe.function("SyS_sched_setscheduler").return ?,
+ kprobe.function("sys_sched_setscheduler").return ?
{
name = "sched_setscheduler"
retstr = returnstr(1)
@@ -1598,7 +1696,8 @@ probe nd_syscall.sched_yield.return = kprobe.function("sys_sched_yield").return
# fd_set __user *exp,
# struct timeval __user *tvp)
#
-probe nd_syscall.select = kprobe.function("sys_select")
+probe nd_syscall.select = kprobe.function("SyS_select") ?,
+ kprobe.function("sys_select") ?
{
name = "select"
// n = $n
@@ -1617,7 +1716,8 @@ probe nd_syscall.select = kprobe.function("sys_select")
argstr = sprintf("%d, %p, %p, %p, %s", n, readfds_uaddr, writefds_uaddr,
exceptfds_uaddr, _struct_timeval_u(timeout_uaddr, 1))
}
-probe nd_syscall.select.return = kprobe.function("sys_select").return
+probe nd_syscall.select.return = kprobe.function("SyS_select").return ?,
+ kprobe.function("sys_select").return ?
{
name = "select"
retstr = returnstr(1)
@@ -1659,7 +1759,8 @@ probe nd_syscall.compat_select.return = kprobe.function("compat_sys_select").ret
# int cmd,
# union semun arg)
#
-probe nd_syscall.semctl = kprobe.function("sys_semctl") ?
+probe nd_syscall.semctl = kprobe.function("SyS_semctl") ?,
+ kprobe.function("sys_semctl") ?
{
name = "semctl"
// semid = $semid
@@ -1676,7 +1777,8 @@ probe nd_syscall.semctl = kprobe.function("sys_semctl") ?
cmd = int_arg(3)
argstr = sprintf("%d, %d, %s", semid, semnum, _semctl_cmd(cmd)) // ** jk done
}
-probe nd_syscall.semctl.return = kprobe.function("sys_semctl").return ?
+probe nd_syscall.semctl.return = kprobe.function("SyS_semctl").return ?,
+ kprobe.function("sys_semctl").return ?
{
name = "semctl"
retstr = returnstr(1)
@@ -1700,7 +1802,8 @@ probe nd_syscall.semctl.return = kprobe.function("sys_semctl").return ?
# semget _____________________________________________________
# long sys_semget (key_t key, int nsems, int semflg)
#
-probe nd_syscall.semget = kprobe.function("sys_semget") ?
+probe nd_syscall.semget = kprobe.function("SyS_semget") ?,
+ kprobe.function("sys_semget") ?
{
name = "semget"
// key = $key
@@ -1713,7 +1816,8 @@ probe nd_syscall.semget = kprobe.function("sys_semget") ?
semflg = int_arg(3)
argstr = sprintf("%d, %d, %s", key, nsems, __sem_flags(semflg))
}
-probe nd_syscall.semget.return = kprobe.function("sys_semget").return ?
+probe nd_syscall.semget.return = kprobe.function("SyS_semget").return ?,
+ kprobe.function("sys_semget").return ?
{
name = "semget"
retstr = returnstr(1)
@@ -1725,7 +1829,8 @@ probe nd_syscall.semget.return = kprobe.function("sys_semget").return ?
# struct sembuf __user *tsops,
# unsigned nsops)
#
-probe nd_syscall.semop = kprobe.function("sys_semtimedop") ?
+probe nd_syscall.semop = kprobe.function("SyS_semtimedop") ?,
+ kprobe.function("sys_semtimedop") ?
{
name = "semop"
// semid = $semid
@@ -1738,7 +1843,8 @@ probe nd_syscall.semop = kprobe.function("sys_semtimedop") ?
nsops = uint_arg(3)
argstr = sprintf("%d, %p, %d", semid, tsops_uaddr, nsops)
}
-probe nd_syscall.semop.return = kprobe.function("sys_semtimedop").return ?
+probe nd_syscall.semop.return = kprobe.function("SyS_semtimedop").return ?,
+ kprobe.function("sys_semtimedop").return ?
{
name = "semop"
retstr = returnstr(1)
@@ -1751,7 +1857,8 @@ probe nd_syscall.semop.return = kprobe.function("sys_semtimedop").return ?
# unsigned nsops,
# const struct timespec __user *timeout)
#
-probe nd_syscall.semtimedop = kprobe.function("sys_semtimedop") ?
+probe nd_syscall.semtimedop = kprobe.function("SyS_semtimedop") ?,
+ kprobe.function("sys_semtimedop") ?
{
name = "semtimedop"
// semid = $semid
@@ -1768,7 +1875,8 @@ probe nd_syscall.semtimedop = kprobe.function("sys_semtimedop") ?
argstr = sprintf("%d, %p, %d, %s", semid, sops_uaddr, nsops,
_struct_timespec_u(timeout_uaddr, 1))
}
-probe nd_syscall.semtimedop.return = kprobe.function("sys_semtimedop").return ?
+probe nd_syscall.semtimedop.return = kprobe.function("SyS_semtimedop").return ?,
+ kprobe.function("sys_semtimedop").return ?
{
name = "semtimedop"
retstr = returnstr(1)
@@ -1809,7 +1917,8 @@ probe nd_syscall.compat_sys_semtimedop.return = kprobe.function("compat_sys_semt
# size_t len,
# unsigned flags)
#
-probe nd_syscall.send = kprobe.function("sys_send") ?
+probe nd_syscall.send = kprobe.function("SyS_send") ?,
+ kprobe.function("sys_send") ?
{
name = "send"
// s = $fd
@@ -1826,7 +1935,8 @@ probe nd_syscall.send = kprobe.function("sys_send") ?
flags_str = _sendflags_str(flags)
argstr = sprintf("%d, %p, %d, %s", s, buf_uaddr, len, flags_str)
}
-probe nd_syscall.send.return = kprobe.function("sys_send").return ?
+probe nd_syscall.send.return = kprobe.function("SyS_send").return ?,
+ kprobe.function("sys_send").return ?
{
name = "send"
retstr = returnstr(1)
@@ -1839,7 +1949,9 @@ probe nd_syscall.send.return = kprobe.function("sys_send").return ?
# off_t __user *offset,
# size_t count)
#
-probe nd_syscall.sendfile = kprobe.function("sys_sendfile") ?,
+probe nd_syscall.sendfile = kprobe.function("SyS_sendfile") ?,
+ kprobe.function("sys_sendfile") ?,
+ kprobe.function("SyS_sendfile64") ?,
kprobe.function("sys_sendfile64") ?
{
name = "sendfile"
@@ -1857,7 +1969,9 @@ probe nd_syscall.sendfile = kprobe.function("sys_sendfile") ?,
argstr = sprintf("%d, %d, %p, %d", out_fd, in_fd, offset_uaddr,
count)
}
-probe nd_syscall.sendfile.return = kprobe.function("sys_sendfile").return ?,
+probe nd_syscall.sendfile.return = kprobe.function("SyS_sendfile").return ?,
+ kprobe.function("sys_sendfile").return ?,
+ kprobe.function("SyS_sendfile64").return ?,
kprobe.function("sys_sendfile64").return ?
{
name = "sendfile"
@@ -1868,7 +1982,8 @@ probe nd_syscall.sendfile.return = kprobe.function("sys_sendfile").return ?,
#
# long sys_sendmsg(int fd, struct msghdr __user *msg, unsigned flags)
#
-probe nd_syscall.sendmsg = kprobe.function("sys_sendmsg") ?
+probe nd_syscall.sendmsg = kprobe.function("SyS_sendmsg") ?,
+ kprobe.function("sys_sendmsg") ?
{
name = "sendmsg"
// s = $fd
@@ -1883,7 +1998,8 @@ probe nd_syscall.sendmsg = kprobe.function("sys_sendmsg") ?
flags_str = _sendflags_str(flags)
argstr = sprintf("%d, %p, %s", s, msg_uaddr, _sendflags_str(flags))
}
-probe nd_syscall.sendmsg.return = kprobe.function("sys_sendmsg").return ?
+probe nd_syscall.sendmsg.return = kprobe.function("SyS_sendmsg").return ?,
+ kprobe.function("sys_sendmsg").return ?
{
name = "sendmsg"
retstr = returnstr(1)
@@ -1921,7 +2037,8 @@ probe nd_syscall.compat_sys_sendmsg.return = kprobe.function("compat_sys_sendmsg
# struct sockaddr __user *addr,
# int addr_len)
#
-probe nd_syscall.sendto = kprobe.function("sys_sendto") ?
+probe nd_syscall.sendto = kprobe.function("SyS_sendto") ?,
+ kprobe.function("sys_sendto") ?
{
name = "sendto"
// s = $fd
@@ -1944,7 +2061,8 @@ probe nd_syscall.sendto = kprobe.function("sys_sendto") ?
argstr = sprintf("%d, %p, %d, %s, %s, %d", s, buf_uaddr,
len, flags_str, _struct_sockaddr_u(to_uaddr, tolen), tolen)
}
-probe nd_syscall.sendto.return = kprobe.function("sys_sendto").return ?
+probe nd_syscall.sendto.return = kprobe.function("SyS_sendto").return ?,
+ kprobe.function("sys_sendto").return ?
{
name = "sendto"
retstr = returnstr(1)
@@ -1956,7 +2074,8 @@ probe nd_syscall.sendto.return = kprobe.function("sys_sendto").return ?
# sys_setdomainname(char __user *name,
# int len)
#
-probe nd_syscall.setdomainname = kprobe.function("sys_setdomainname")
+probe nd_syscall.setdomainname = kprobe.function("SyS_setdomainname") ?,
+ kprobe.function("sys_setdomainname") ?
{
name = "setdomainname"
// hostname_uaddr = $name
@@ -1967,7 +2086,8 @@ probe nd_syscall.setdomainname = kprobe.function("sys_setdomainname")
len = int_arg(2)
argstr = sprintf("%p, %d", hostname_uaddr, len)
}
-probe nd_syscall.setdomainname.return = kprobe.function("sys_setdomainname").return
+probe nd_syscall.setdomainname.return = kprobe.function("SyS_setdomainname").return ?,
+ kprobe.function("sys_setdomainname").return ?
{
name = "setdomainname"
retstr = returnstr(1)
@@ -1977,8 +2097,9 @@ probe nd_syscall.setdomainname.return = kprobe.function("sys_setdomainname").ret
# long sys_setfsgid(gid_t gid)
# long sys_setfsgid16(old_gid_t gid)
#
-probe nd_syscall.setfsgid = kprobe.function("sys_setfsgid") ?,
- kprobe.function("sys_setfsgid16") ?
+probe nd_syscall.setfsgid = kprobe.function("sys_setfsgid16") ?,
+ kprobe.function("SyS_setfsgid") ?,
+ kprobe.function("sys_setfsgid") ?
{
name = "setfsgid"
// fsgid = $gid
@@ -1987,8 +2108,9 @@ probe nd_syscall.setfsgid = kprobe.function("sys_setfsgid") ?,
fsgid = uint_arg(1)
argstr = sprint(fsgid)
}
-probe nd_syscall.setfsgid.return = kprobe.function("sys_setfsgid").return ?,
- kprobe.function("sys_setfsgid16").return ?
+probe nd_syscall.setfsgid.return = kprobe.function("sys_setfsgid16").return ?,
+ kprobe.function("SyS_setfsgid").return ?,
+ kprobe.function("sys_setfsgid").return ?
{
name = "setfsgid"
retstr = returnstr(1)
@@ -1998,8 +2120,9 @@ probe nd_syscall.setfsgid.return = kprobe.function("sys_setfsgid").return ?,
# long sys_setfsuid(uid_t uid)
# long sys_setfsuid16(old_uid_t uid)
#
-probe nd_syscall.setfsuid = kprobe.function("sys_setfsuid") ?,
- kprobe.function("sys_setfsuid16") ?
+probe nd_syscall.setfsuid = kprobe.function("sys_setfsuid16") ?,
+ kprobe.function("SyS_setfsuid") ?,
+ kprobe.function("sys_setfsuid") ?
{
name = "setfsuid"
// fsuid = $uid
@@ -2008,8 +2131,9 @@ probe nd_syscall.setfsuid = kprobe.function("sys_setfsuid") ?,
fsuid = uint_arg(1)
argstr = sprint(fsuid)
}
-probe nd_syscall.setfsuid.return = kprobe.function("sys_setfsuid").return ?,
- kprobe.function("sys_setfsuid16").return ?
+probe nd_syscall.setfsuid.return = kprobe.function("sys_setfsuid16").return ?,
+ kprobe.function("SyS_setfsuid").return ?,
+ kprobe.function("sys_setfsuid").return ?
{
name = "setfsuid"
retstr = returnstr(1)
@@ -2020,8 +2144,9 @@ probe nd_syscall.setfsuid.return = kprobe.function("sys_setfsuid").return ?,
# long sys_setgid(gid_t gid)
# long sys_setgid16(old_gid_t gid)
#
-probe nd_syscall.setgid = kprobe.function("sys_setgid") ?,
- kprobe.function("sys_setgid16") ?
+probe nd_syscall.setgid = kprobe.function("sys_setgid16") ?,
+ kprobe.function("SyS_setgid") ?,
+ kprobe.function("sys_setgid") ?
{
name = "setgid"
// gid = $gid
@@ -2030,8 +2155,9 @@ probe nd_syscall.setgid = kprobe.function("sys_setgid") ?,
gid = uint_arg(1)
argstr = sprint(gid)
}
-probe nd_syscall.setgid.return = kprobe.function("sys_setgid").return ?,
- kprobe.function("sys_setgid16").return ?
+probe nd_syscall.setgid.return = kprobe.function("sys_setgid16").return ?,
+ kprobe.function("SyS_setgid").return ?,
+ kprobe.function("sys_setgid").return ?
{
name = "setgid"
retstr = returnstr(1)
@@ -2043,9 +2169,10 @@ probe nd_syscall.setgid.return = kprobe.function("sys_setgid").return ?,
# long sys_setgroups16(int gidsetsize, old_gid_t __user *grouplist)
# long sys32_setgroups16(int gidsetsize, u16 __user *grouplist)
#
-probe nd_syscall.setgroups = kprobe.function("sys_setgroups") ?,
- kprobe.function("sys_setgroups16") ?,
- kprobe.function("sys32_setgroups16") ?
+probe nd_syscall.setgroups = kprobe.function("sys_setgroups16") ?,
+ kprobe.function("sys32_setgroups16") ?,
+ kprobe.function("SyS_setgroups") ?,
+ kprobe.function("sys_setgroups") ?
{
name = "setgroups"
// size = $gidsetsize
@@ -2056,9 +2183,10 @@ probe nd_syscall.setgroups = kprobe.function("sys_setgroups") ?,
list_uaddr = pointer_arg(2)
argstr = sprintf("%d, %p", size, list_uaddr)
}
-probe nd_syscall.setgroups.return = kprobe.function("sys_setgroups").return ?,
- kprobe.function("sys_setgroups16").return ?,
- kprobe.function("sys32_setgroups16").return ?
+probe nd_syscall.setgroups.return = kprobe.function("sys_setgroups16").return ?,
+ kprobe.function("sys32_setgroups16").return ?,
+ kprobe.function("SyS_setgroups").return ?,
+ kprobe.function("sys_setgroups").return ?
{
name = "setgroups"
retstr = returnstr(1)
@@ -2070,7 +2198,8 @@ probe nd_syscall.setgroups.return = kprobe.function("sys_setgroups").return ?,
# sys_sethostname(char __user *name,
# int len)
#
-probe nd_syscall.sethostname = kprobe.function("sys_sethostname")
+probe nd_syscall.sethostname = kprobe.function("SyS_sethostname") ?,
+ kprobe.function("sys_sethostname") ?
{
name = "sethostname"
// hostname_uaddr = $name
@@ -2083,7 +2212,8 @@ probe nd_syscall.sethostname = kprobe.function("sys_sethostname")
len = int_arg(2)
argstr = sprintf("%s, %d", user_string_quoted(hostname_uaddr), len)
}
-probe nd_syscall.sethostname.return = kprobe.function("sys_sethostname").return
+probe nd_syscall.sethostname.return = kprobe.function("SyS_sethostname").return ?,
+ kprobe.function("sys_sethostname").return ?
{
name = "sethostname"
retstr = returnstr(1)
@@ -2095,7 +2225,8 @@ probe nd_syscall.sethostname.return = kprobe.function("sys_sethostname").return
# struct itimerval __user *value,
# struct itimerval __user *ovalue)
#
-probe nd_syscall.setitimer = kprobe.function("sys_setitimer")
+probe nd_syscall.setitimer = kprobe.function("SyS_setitimer") ?,
+ kprobe.function("sys_setitimer") ?
{
name = "setitimer"
// which = $which
@@ -2110,7 +2241,8 @@ probe nd_syscall.setitimer = kprobe.function("sys_setitimer")
argstr = sprintf("%s, %s, %p", _itimer_which_str(which),
_struct_itimerval_u(value_uaddr), ovalue_uaddr)
}
-probe nd_syscall.setitimer.return = kprobe.function("sys_setitimer").return
+probe nd_syscall.setitimer.return = kprobe.function("SyS_setitimer").return ?,
+ kprobe.function("sys_setitimer").return ?
{
name = "setitimer"
retstr = returnstr(1)
@@ -2146,8 +2278,9 @@ probe nd_syscall.compat_setitimer.return = kprobe.function("compat_sys_setitimer
# unsigned long __user *nmask,
# unsigned long maxnode)
#
-probe nd_syscall.set_mempolicy = kprobe.function("sys_set_mempolicy") ?,
- kprobe.function("compat_sys_set_mempolicy") ?
+probe nd_syscall.set_mempolicy = kprobe.function("compat_sys_set_mempolicy") ?,
+ kprobe.function("SyS_set_mempolicy") ?,
+ kprobe.function("sys_set_mempolicy") ?
{
name = "set_mempolicy"
// mode = $mode
@@ -2160,8 +2293,9 @@ probe nd_syscall.set_mempolicy = kprobe.function("sys_set_mempolicy") ?,
maxnode = ulong_arg(3)
argstr = sprintf("%d, %p, %d", mode, nmask_uaddr, maxnode)
}
-probe nd_syscall.set_mempolicy.return = kprobe.function("sys_set_mempolicy").return ?,
- kprobe.function("compat_sys_set_mempolicy").return ?
+probe nd_syscall.set_mempolicy.return = kprobe.function("compat_sys_set_mempolicy").return ?,
+ kprobe.function("SyS_set_mempolicy").return ?,
+ kprobe.function("sys_set_mempolicy").return ?
{
name = "set_mempolicy"
retstr = returnstr(1)
@@ -2173,7 +2307,8 @@ probe nd_syscall.set_mempolicy.return = kprobe.function("sys_set_mempolicy").ret
# sys_setpgid(pid_t pid,
# pid_t pgid)
#
-probe nd_syscall.setpgid = kprobe.function("sys_setpgid")
+probe nd_syscall.setpgid = kprobe.function("SyS_setpgid") ?,
+ kprobe.function("sys_setpgid") ?
{
name = "setpgid"
// pid = $pid
@@ -2184,7 +2319,8 @@ probe nd_syscall.setpgid = kprobe.function("sys_setpgid")
pgid = int_arg(2)
argstr = sprintf("%d, %d", pid, pgid)
}
-probe nd_syscall.setpgid.return = kprobe.function("sys_setpgid").return
+probe nd_syscall.setpgid.return = kprobe.function("SyS_setpgid").return ?,
+ kprobe.function("sys_setpgid").return ?
{
name = "setpgid"
retstr = returnstr(1)
@@ -2197,7 +2333,8 @@ probe nd_syscall.setpgid.return = kprobe.function("sys_setpgid").return
# int who,
# int niceval)
#
-probe nd_syscall.setpriority = kprobe.function("sys_setpriority")
+probe nd_syscall.setpriority = kprobe.function("SyS_setpriority") ?,
+ kprobe.function("sys_setpriority") ?
{
name = "setpriority"
// which = $which
@@ -2212,7 +2349,8 @@ probe nd_syscall.setpriority = kprobe.function("sys_setpriority")
prio = int_arg(3)
argstr = sprintf("%s, %d, %d", which_str, who, prio)
}
-probe nd_syscall.setpriority.return = kprobe.function("sys_setpriority").return
+probe nd_syscall.setpriority.return = kprobe.function("SyS_setpriority").return ?,
+ kprobe.function("sys_setpriority").return ?
{
name = "setpriority"
retstr = returnstr(1)
@@ -2221,7 +2359,8 @@ probe nd_syscall.setpriority.return = kprobe.function("sys_setpriority").return
# setregid ___________________________________________________
# long sys_setregid(gid_t rgid, gid_t egid)
#
-probe nd_syscall.setregid = kprobe.function("sys_setregid")
+probe nd_syscall.setregid = kprobe.function("SyS_setregid") ?,
+ kprobe.function("sys_setregid") ?
{
name = "setregid"
// rgid = __int32($rgid)
@@ -2231,7 +2370,8 @@ probe nd_syscall.setregid = kprobe.function("sys_setregid")
egid = __int32(uint_arg(2))
argstr = sprintf("%d, %d", rgid, egid)
}
-probe nd_syscall.setregid.return = kprobe.function("sys_setregid").return
+probe nd_syscall.setregid.return = kprobe.function("SyS_setregid").return ?,
+ kprobe.function("sys_setregid").return ?
{
name = "setregid"
retstr = returnstr(1)
@@ -2259,7 +2399,8 @@ probe nd_syscall.setregid16.return = kprobe.function("sys_setregid16").return ?
# setresgid __________________________________________________
# long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid)
#
-probe nd_syscall.setresgid = kprobe.function("sys_setresgid")
+probe nd_syscall.setresgid = kprobe.function("SyS_setresgid") ?,
+ kprobe.function("sys_setresgid") ?
{
name = "setresgid"
// rgid = __int32($rgid)
@@ -2271,7 +2412,8 @@ probe nd_syscall.setresgid = kprobe.function("sys_setresgid")
sgid = __int32(uint_arg(3))
argstr = sprintf("%d, %d, %d", rgid, egid, sgid)
}
-probe nd_syscall.setresgid.return = kprobe.function("sys_setresgid").return
+probe nd_syscall.setresgid.return = kprobe.function("SyS_setresgid").return ?,
+ kprobe.function("sys_setresgid").return ?
{
name = "setresgid"
retstr = returnstr(1)
@@ -2305,7 +2447,8 @@ probe nd_syscall.setresgid16.return = kprobe.function("sys_setresgid16").return
#
# long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid)
#
-probe nd_syscall.setresuid = kprobe.function("sys_setresuid")
+probe nd_syscall.setresuid = kprobe.function("SyS_setresuid") ?,
+ kprobe.function("sys_setresuid") ?
{
name = "setresuid"
// ruid = __int32($ruid)
@@ -2317,7 +2460,8 @@ probe nd_syscall.setresuid = kprobe.function("sys_setresuid")
suid = __int32(uint_arg(3))
argstr = sprintf("%d, %d, %d", ruid, euid, suid)
}
-probe nd_syscall.setresuid.return = kprobe.function("sys_setresuid").return
+probe nd_syscall.setresuid.return = kprobe.function("SyS_setresuid").return ?,
+ kprobe.function("sys_setresuid").return ?
{
name = "setresuid"
retstr = returnstr(1)
@@ -2348,7 +2492,8 @@ probe nd_syscall.setresuid16.return = kprobe.function("sys_setresuid16").return
# setreuid ___________________________________________________
# long sys_setreuid(uid_t ruid, uid_t euid)
#
-probe nd_syscall.setreuid = kprobe.function("sys_setreuid")
+probe nd_syscall.setreuid = kprobe.function("SyS_setreuid") ?,
+ kprobe.function("sys_setreuid") ?
{
name = "setreuid"
// ruid = __int32($ruid)
@@ -2358,7 +2503,8 @@ probe nd_syscall.setreuid = kprobe.function("sys_setreuid")
euid = __int32(uint_arg(2))
argstr = sprintf("%d, %d", ruid, euid)
}
-probe nd_syscall.setreuid.return = kprobe.function("sys_setreuid").return
+probe nd_syscall.setreuid.return = kprobe.function("SyS_setreuid").return ?,
+ kprobe.function("sys_setreuid").return ?
{
name = "setreuid"
retstr = returnstr(1)
@@ -2389,7 +2535,8 @@ probe nd_syscall.setreuid16.return = kprobe.function("sys_setreuid16").return ?
# sys_setrlimit(unsigned int resource,
# struct rlimit __user *rlim)
#
-probe nd_syscall.setrlimit = kprobe.function("sys_setrlimit")
+probe nd_syscall.setrlimit = kprobe.function("SyS_setrlimit") ?,
+ kprobe.function("sys_setrlimit") ?
{
name = "setrlimit"
// resource = $resource
@@ -2402,7 +2549,8 @@ probe nd_syscall.setrlimit = kprobe.function("sys_setrlimit")
argstr = sprintf("%s, %s", _rlimit_resource_str(resource),
_struct_rlimit_u(rlim_uaddr))
}
-probe nd_syscall.setrlimit.return = kprobe.function("sys_setrlimit").return
+probe nd_syscall.setrlimit.return = kprobe.function("SyS_setrlimit").return ?,
+ kprobe.function("sys_setrlimit").return ?
{
name = "setrlimit"
retstr = returnstr(1)
@@ -2431,8 +2579,9 @@ probe nd_syscall.setsid.return = kprobe.function("sys_setsid").return
# char __user *optval,
# int optlen)
#
-probe nd_syscall.setsockopt = kprobe.function("sys_setsockopt") ?,
- kprobe.function("compat_sys_setsockopt") ?
+probe nd_syscall.setsockopt = kprobe.function("compat_sys_setsockopt") ?,
+ kprobe.function("SyS_setsockopt") ?,
+ kprobe.function("sys_setsockopt") ?
{
name = "setsockopt"
// fd = $fd
@@ -2455,8 +2604,9 @@ probe nd_syscall.setsockopt = kprobe.function("sys_setsockopt") ?,
argstr = sprintf("%d, %s, %s, %p, %d", fd, level_str,
optname_str, optval_uaddr, optlen)
}
-probe nd_syscall.setsockopt.return = kprobe.function("sys_setsockopt").return ?,
- kprobe.function("compat_sys_setsockopt").return ?
+probe nd_syscall.setsockopt.return = kprobe.function("compat_sys_setsockopt").return ?,
+ kprobe.function("SyS_setsockopt").return ?,
+ kprobe.function("sys_setsockopt").return ?
{
name = "setsockopt"
retstr = returnstr(1)
@@ -2467,7 +2617,8 @@ probe nd_syscall.setsockopt.return = kprobe.function("sys_setsockopt").return ?,
# asmlinkage long
# sys_set_tid_address(int __user *tidptr)
#
-probe nd_syscall.set_tid_address = kprobe.function("sys_set_tid_address")
+probe nd_syscall.set_tid_address = kprobe.function("SyS_set_tid_address") ?,
+ kprobe.function("sys_set_tid_address") ?
{
name = "set_tid_address"
// tidptr_uaddr = $tidptr
@@ -2475,7 +2626,8 @@ probe nd_syscall.set_tid_address = kprobe.function("sys_set_tid_address")
tidptr_uaddr = pointer_arg(1)
argstr = sprintf("%p", tidptr_uaddr)
}
-probe nd_syscall.set_tid_address.return = kprobe.function("sys_set_tid_address").return
+probe nd_syscall.set_tid_address.return = kprobe.function("SyS_set_tid_address").return ?,
+ kprobe.function("sys_set_tid_address").return ?
{
name = "set_tid_address"
retstr = returnstr(1)
@@ -2486,7 +2638,8 @@ probe nd_syscall.set_tid_address.return = kprobe.function("sys_set_tid_address")
# long sys_settimeofday(struct timeval __user *tv,
# struct timezone __user *tz)
#
-probe nd_syscall.settimeofday = kprobe.function("sys_settimeofday")
+probe nd_syscall.settimeofday = kprobe.function("SyS_settimeofday") ?,
+ kprobe.function("sys_settimeofday") ?
{
name = "settimeofday"
// ttv_uaddr = $tv
@@ -2497,7 +2650,8 @@ probe nd_syscall.settimeofday = kprobe.function("sys_settimeofday")
tz_uaddr = pointer_arg(2)
argstr = sprintf("%s, %s", _struct_timeval_u(tv_uaddr, 1), _struct_timezone_u(tz_uaddr))
}
-probe nd_syscall.settimeofday.return = kprobe.function("sys_settimeofday").return
+probe nd_syscall.settimeofday.return = kprobe.function("SyS_settimeofday").return ?,
+ kprobe.function("sys_settimeofday").return ?
{
name = "settimeofday"
retstr = returnstr(1)
@@ -2531,7 +2685,8 @@ probe nd_syscall.settimeofday32.return = kprobe.function("sys32_settimeofday").r
# long sys_setuid16(old_uid_t uid)
#
probe nd_syscall.setuid = kprobe.function("sys_setuid16") ?,
- kprobe.function("sys_setuid")
+ kprobe.function("SyS_setuid") ?,
+ kprobe.function("sys_setuid") ?
{
name = "setuid"
// uid = $uid
@@ -2541,7 +2696,8 @@ probe nd_syscall.setuid = kprobe.function("sys_setuid16") ?,
argstr = sprint(uid)
}
probe nd_syscall.setuid.return = kprobe.function("sys_setuid16").return ?,
- kprobe.function("sys_setuid").return
+ kprobe.function("SyS_setuid").return ?,
+ kprobe.function("sys_setuid").return ?
{
name = "setuid"
retstr = returnstr(1)
@@ -2554,7 +2710,8 @@ probe nd_syscall.setuid.return = kprobe.function("sys_setuid16").return ?,
# size_t size,
# int flags)
#
-probe nd_syscall.setxattr = kprobe.function("sys_setxattr")
+probe nd_syscall.setxattr = kprobe.function("SyS_setxattr") ?,
+ kprobe.function("sys_setxattr") ?
{
name = "setxattr"
// path_uaddr = $path
@@ -2581,7 +2738,8 @@ probe nd_syscall.setxattr = kprobe.function("sys_setxattr")
user_string_quoted(name_uaddr),
value_uaddr, size, flags)
}
-probe nd_syscall.setxattr.return = kprobe.function("sys_setxattr").return
+probe nd_syscall.setxattr.return = kprobe.function("SyS_setxattr").return ?,
+ kprobe.function("sys_setxattr").return ?
{
name = "setxattr"
retstr = returnstr(1)
@@ -2591,7 +2749,7 @@ probe nd_syscall.setxattr.return = kprobe.function("sys_setxattr").return
#
# sys_sgetmask(void)
#
-probe nd_syscall.sgetmask = kprobe.function("sys_sgetmask")?
+probe nd_syscall.sgetmask = kprobe.function("sys_sgetmask") ?
{
name = "sgetmask"
argstr = ""
@@ -2606,7 +2764,8 @@ probe nd_syscall.sgetmask.return = kprobe.function("sys_sgetmask").return ?
#
# long sys_shmat(int shmid, char __user *shmaddr, int shmflg)
#
-probe nd_syscall.shmat = kprobe.function("sys_shmat") ?
+probe nd_syscall.shmat = kprobe.function("SyS_shmat") ?,
+ kprobe.function("sys_shmat") ?
{
name = "shmat"
// shmid = $shmid
@@ -2619,7 +2778,8 @@ probe nd_syscall.shmat = kprobe.function("sys_shmat") ?
shmflg = int_arg(3)
argstr = sprintf("%d, %p, %s", shmid, shmaddr_uaddr, _shmat_flags_str(shmflg))
}
-probe nd_syscall.shmat.return = kprobe.function("sys_shmat").return ?
+probe nd_syscall.shmat.return = kprobe.function("SyS_shmat").return ?,
+ kprobe.function("sys_shmat").return ?
{
name = "shmat"
retstr = returnstr(1)
@@ -2645,7 +2805,7 @@ probe nd_syscall.compat_sys_shmat = kprobe.function("compat_sys_shmat") ?
uptr_uaddr = pointer_arg(5)
argstr = sprintf("%d, %d, %d, %d, %p", first, second, third, int_arg(4), uptr_uaddr)
}
-probe nd_syscall.compat_sys_shmat.return = kprobe.function("compat_sys_shmat").return ?
+probe nd_syscall.compat_sys_shmat.return = kprobe.function("compat_sys_shmat").return ?
{
name = "compat_sys_shmat"
retstr = returnstr(1)
@@ -2657,7 +2817,8 @@ probe nd_syscall.compat_sys_shmat.return = kprobe.function("compat_sys_shmat").r
# int cmd,
# struct shmid_ds __user *buf)
#
-probe nd_syscall.shmctl = kprobe.function("sys_shmctl") ?
+probe nd_syscall.shmctl = kprobe.function("SyS_shmctl") ?,
+ kprobe.function("sys_shmctl") ?
{
name = "shmctl"
// shmid = $shmid
@@ -2670,7 +2831,8 @@ probe nd_syscall.shmctl = kprobe.function("sys_shmctl") ?
buf_uaddr = pointer_arg(3)
argstr = sprintf("%d, %s, %p", shmid, _semctl_cmd(cmd), buf_uaddr)
}
-probe nd_syscall.shmctl.return = kprobe.function("sys_shmctl").return ?
+probe nd_syscall.shmctl.return = kprobe.function("SyS_shmctl").return ?,
+ kprobe.function("sys_shmctl").return ?
{
name = "shmctl"
retstr = returnstr(1)
@@ -2703,7 +2865,8 @@ probe nd_syscall.compat_sys_shmctl.return = kprobe.function("compat_sys_shmctl")
#
# long sys_shmdt(char __user *shmaddr)
#
-probe nd_syscall.shmdt = kprobe.function("sys_shmdt") ?
+probe nd_syscall.shmdt = kprobe.function("SyS_shmdt") ?,
+ kprobe.function("sys_shmdt") ?
{
name = "shmdt"
// shmaddr_uaddr = $shmaddr
@@ -2712,7 +2875,8 @@ probe nd_syscall.shmdt = kprobe.function("sys_shmdt") ?
shmaddr_uaddr = pointer_arg(1)
argstr = sprintf("%p", shmaddr_uaddr)
}
-probe nd_syscall.shmdt.return = kprobe.function("sys_shmdt").return ?
+probe nd_syscall.shmdt.return = kprobe.function("SyS_shmdt").return ?,
+ kprobe.function("sys_shmdt").return ?
{
name = "shmdt"
retstr = returnstr(1)
@@ -2724,7 +2888,8 @@ probe nd_syscall.shmdt.return = kprobe.function("sys_shmdt").return ?
# size_t size,
# int shmflg)
#
-probe nd_syscall.shmget = kprobe.function("sys_shmget") ?
+probe nd_syscall.shmget = kprobe.function("SyS_shmget") ?,
+ kprobe.function("sys_shmget") ?
{
name = "shmget"
// key = $key
@@ -2737,7 +2902,8 @@ probe nd_syscall.shmget = kprobe.function("sys_shmget") ?
shmflg = int_arg(3)
argstr = sprintf("%d, %d, %d", key, size, shmflg)
}
-probe nd_syscall.shmget.return = kprobe.function("sys_shmget").return ?
+probe nd_syscall.shmget.return = kprobe.function("SyS_shmget").return ?,
+ kprobe.function("sys_shmget").return ?
{
name = "shmget"
retstr = returnstr(1)
@@ -2747,7 +2913,8 @@ probe nd_syscall.shmget.return = kprobe.function("sys_shmget").return ?
#
# long sys_shutdown(int fd, int how)
#
-probe nd_syscall.shutdown = kprobe.function("sys_shutdown") ?
+probe nd_syscall.shutdown = kprobe.function("SyS_shutdown") ?,
+ kprobe.function("sys_shutdown") ?
{
name = "shutdown"
// s = $fd
@@ -2760,7 +2927,8 @@ probe nd_syscall.shutdown = kprobe.function("sys_shutdown") ?
how_str = _shutdown_how_str(how)
argstr = sprintf("%d, %s", s, how_str)
}
-probe nd_syscall.shutdown.return = kprobe.function("sys_shutdown").return ?
+probe nd_syscall.shutdown.return = kprobe.function("SyS_shutdown").return ?,
+ kprobe.function("sys_shutdown").return ?
{
name = "shutdown"
retstr = returnstr(1)
@@ -2810,7 +2978,8 @@ probe nd_syscall.sigaction32.return = kprobe.function("sys32_sigaction").return
# signal _____________________________________________________
# unsigned long sys_signal(int sig, __sighandler_t handler)
#
-probe nd_syscall.signal = kprobe.function("sys_signal") ?
+probe nd_syscall.signal = kprobe.function("SyS_signal") ?,
+ kprobe.function("sys_signal") ?
{
name = "signal"
// sig = $sig
@@ -2821,7 +2990,8 @@ probe nd_syscall.signal = kprobe.function("sys_signal") ?
handler = pointer_arg(2)
argstr = sprintf("%s, %s", _signal_name(sig), _sighandler_str(handler))
}
-probe nd_syscall.signal.return = kprobe.function("sys_signal").return ?
+probe nd_syscall.signal.return = kprobe.function("SyS_signal").return ?,
+ kprobe.function("sys_signal").return ?
{
name = "signal"
retstr = returnstr(1)
@@ -2833,14 +3003,16 @@ probe nd_syscall.signal.return = kprobe.function("sys_signal").return ?
# long compat_sys_signalfd(int ufd, const compat_sigset_t __user *sigmask,
# compat_size_t sigsetsize)
#
-probe nd_syscall.signalfd = kprobe.function("sys_signalfd") ?
+probe nd_syscall.signalfd = kprobe.function("SyS_signalfd") ?,
+ kprobe.function("sys_signalfd") ?
{
name = "signalfd"
// argstr = sprintf("%d, %p, %d", $ufd, $user_mask, $sizemask)
asmlinkage()
argstr = sprintf("%d, %p, %d", int_arg(1), pointer_arg(2), ulong_arg(3))
}
-probe nd_syscall.signalfd.return = kprobe.function("sys_signalfd").return ?
+probe nd_syscall.signalfd.return = kprobe.function("SyS_signalfd").return ?,
+ kprobe.function("sys_signalfd").return ?
{
name = "signalfd"
retstr = returnstr(1)
@@ -2861,14 +3033,16 @@ probe nd_syscall.compat_signalfd.return = kprobe.function("compat_sys_signalfd")
# sigpending _________________________________________________
# long sys_sigpending(old_sigset_t __user *set)
#
-probe nd_syscall.sigpending = kprobe.function("sys_sigpending") ?
+probe nd_syscall.sigpending = kprobe.function("SyS_sigpending") ?,
+ kprobe.function("sys_sigpending") ?
{
name = "sigpending"
// argstr = sprintf("%p", $set)
asmlinkage()
argstr = sprintf("%p", pointer_arg(1))
}
-probe nd_syscall.sigpending.return = kprobe.function("sys_sigpending").return ?
+probe nd_syscall.sigpending.return = kprobe.function("SyS_sigpending").return ?,
+ kprobe.function("sys_sigpending").return ?
{
name = "sigpending"
retstr = returnstr(1)
@@ -2877,7 +3051,8 @@ probe nd_syscall.sigpending.return = kprobe.function("sys_sigpending").return ?
# sigprocmask ________________________________________________
# long sys_sigprocmask(int how, old_sigset_t __user *set, old_sigset_t __user *oset)
#
-probe nd_syscall.sigprocmask = kprobe.function("sys_sigprocmask") ?
+probe nd_syscall.sigprocmask = kprobe.function("SyS_sigprocmask") ?,
+ kprobe.function("sys_sigprocmask") ?
{
name = "sigprocmask"
// how = $how
@@ -2892,7 +3067,8 @@ probe nd_syscall.sigprocmask = kprobe.function("sys_sigprocmask") ?
oldset_uaddr = pointer_arg(3)
argstr = sprintf("%s, %p, %p", how_str, set_uaddr, oldset_uaddr)
}
-probe nd_syscall.sigprocmask.return = kprobe.function("sys_sigprocmask").return ?
+probe nd_syscall.sigprocmask.return = kprobe.function("SyS_sigprocmask").return ?,
+ kprobe.function("sys_sigprocmask").return ?
{
name = "sigprocmask"
retstr = returnstr(1)
@@ -2932,7 +3108,8 @@ probe nd_syscall.sigsuspend.return = kprobe.function("sys_sigsuspend").return ?,
# socket _____________________________________________________
# long sys_socket(int family, int type, int protocol)
#
-probe nd_syscall.socket = kprobe.function("sys_socket") ?
+probe nd_syscall.socket = kprobe.function("SyS_socket") ?,
+ kprobe.function("sys_socket") ?
{
name = "socket"
// family = $family
@@ -2949,7 +3126,8 @@ probe nd_syscall.socket = kprobe.function("sys_socket") ?
_sock_type_str(type),
protocol)
}
-probe nd_syscall.socket.return = kprobe.function("sys_socket").return ?
+probe nd_syscall.socket.return = kprobe.function("SyS_socket").return ?,
+ kprobe.function("sys_socket").return ?
{
name = "socket"
retstr = returnstr(1)
@@ -2979,7 +3157,8 @@ probe nd_syscall.socket.return = kprobe.function("sys_socket").return ?
# int protocol,
# int __user *usockvec)
#
-probe nd_syscall.socketpair = kprobe.function("sys_socketpair") ?
+probe nd_syscall.socketpair = kprobe.function("SyS_socketpair") ?,
+ kprobe.function("sys_socketpair") ?
{
name = "socketpair"
// family = $family
@@ -3000,7 +3179,8 @@ probe nd_syscall.socketpair = kprobe.function("sys_socketpair") ?
_sock_type_str(type),
protocol, sv_uaddr)
}
-probe nd_syscall.socketpair.return = kprobe.function("sys_socketpair").return ?
+probe nd_syscall.socketpair.return = kprobe.function("SyS_socketpair").return ?,
+ kprobe.function("sys_socketpair").return ?
{
name = "socketpair"
retstr = returnstr(1)
@@ -3012,7 +3192,8 @@ probe nd_syscall.socketpair.return = kprobe.function("sys_socketpair").return ?
# int fd_out, loff_t __user *off_out,
# size_t len, unsigned int flags)
#
-probe nd_syscall.splice = kprobe.function("sys_splice") ?
+probe nd_syscall.splice = kprobe.function("SyS_splice") ?,
+ kprobe.function("sys_splice") ?
{
name = "splice"
// argstr = sprintf("%d, %p, %d, %p, %d, 0x%x",
@@ -3021,7 +3202,8 @@ probe nd_syscall.splice = kprobe.function("sys_splice") ?
argstr = sprintf("%d, %p, %d, %p, %d, 0x%x",
int_arg(1), pointer_arg(2), int_arg(3), pointer_arg(4), ulong_arg(5), uint_arg(6))
}
-probe nd_syscall.splice.return = kprobe.function("sys_splice").return ?
+probe nd_syscall.splice.return = kprobe.function("SyS_splice").return ?,
+ kprobe.function("sys_splice").return ?
{
name = "splice"
retstr = returnstr(1)
@@ -3031,7 +3213,8 @@ probe nd_syscall.splice.return = kprobe.function("sys_splice").return ?
#
# long sys_ssetmask(int newmask)
#
-probe nd_syscall.ssetmask = kprobe.function("sys_ssetmask") ?
+probe nd_syscall.ssetmask = kprobe.function("SyS_ssetmask") ?,
+ kprobe.function("sys_ssetmask") ?
{
name = "ssetmask"
// newmask = $newmask
@@ -3040,7 +3223,8 @@ probe nd_syscall.ssetmask = kprobe.function("sys_ssetmask") ?
newmask = int_arg(1)
argstr = sprint(newmask)
}
-probe nd_syscall.ssetmask.return = kprobe.function("sys_ssetmask").return ?
+probe nd_syscall.ssetmask.return = kprobe.function("SyS_ssetmask").return ?,
+ kprobe.function("sys_ssetmask").return ?
{
name = "ssetmask"
retstr = returnstr(1)
@@ -3053,8 +3237,10 @@ probe nd_syscall.ssetmask.return = kprobe.function("sys_ssetmask").return ?
# long sys_oabi_stat64(char __user * filename, struct oldabi_stat64 __user * statbuf)
# long compat_sys_newstat(char __user * filename, struct compat_stat __user *statbuf)
probe nd_syscall.stat = kprobe.function("sys_stat") ?,
+ kprobe.function("SyS_newstat") ?,
kprobe.function("sys_newstat") ?,
kprobe.function("sys32_stat64") ?,
+ kprobe.function("SyS_stat64") ?,
kprobe.function("sys_stat64") ?,
kprobe.function("sys_oabi_stat64") ?,
kprobe.function("compat_sys_newstat") ?
@@ -3071,8 +3257,10 @@ probe nd_syscall.stat = kprobe.function("sys_stat") ?,
argstr = sprintf("%s, %p", user_string_quoted(filename_uaddr), buf_uaddr)
}
probe nd_syscall.stat.return = kprobe.function("sys_stat").return ?,
+ kprobe.function("SyS_newstat").return ?,
kprobe.function("sys_newstat").return ?,
kprobe.function("sys32_stat64").return ?,
+ kprobe.function("SyS_stat64").return ?,
kprobe.function("sys_stat64").return ?,
kprobe.function("sys_oabi_stat64").return ?,
kprobe.function("compat_sys_newstat").return ?
@@ -3085,8 +3273,9 @@ probe nd_syscall.stat.return = kprobe.function("sys_stat").return ?,
# long sys_statfs(const char __user * path, struct statfs __user * buf)
# long compat_sys_statfs(const char __user *path, struct compat_statfs __user *buf)
#
-probe nd_syscall.statfs = kprobe.function("sys_statfs"),
- kprobe.function("compat_sys_statfs") ?
+probe nd_syscall.statfs = kprobe.function("compat_sys_statfs") ?,
+ kprobe.function("SyS_statfs") ?,
+ kprobe.function("sys_statfs") ?
{
name = "statfs"
// path = user_string($path)
@@ -3097,8 +3286,9 @@ probe nd_syscall.statfs = kprobe.function("sys_statfs"),
buf_uaddr = pointer_arg(2)
argstr = sprintf("%s, %p", user_string_quoted(pointer_arg(1)), buf_uaddr)
}
-probe nd_syscall.statfs.return = kprobe.function("sys_statfs").return,
- kprobe.function("compat_sys_statfs").return ?
+probe nd_syscall.statfs.return = kprobe.function("compat_sys_statfs").return ?,
+ kprobe.function("SyS_statfs").return ?,
+ kprobe.function("sys_statfs").return ?
{
name = "statfs"
retstr = returnstr(1)
@@ -3109,8 +3299,9 @@ probe nd_syscall.statfs.return = kprobe.function("sys_statfs").return,
# long sys_statfs64(const char __user *path, size_t sz, struct statfs64 __user *buf)
# long compat_sys_statfs64(const char __user *path, compat_size_t sz, struct compat_statfs64 __user *buf)
#
-probe nd_syscall.statfs64 = kprobe.function("sys_statfs64") ?,
- kprobe.function("compat_sys_statfs64") ?
+probe nd_syscall.statfs64 = kprobe.function("compat_sys_statfs64") ?,
+ kprobe.function("SyS_statfs64") ?,
+ kprobe.function("sys_statfs64") ?
{
name = "statfs"
// path = user_string($path)
@@ -3123,8 +3314,9 @@ probe nd_syscall.statfs64 = kprobe.function("sys_statfs64") ?,
buf_uaddr = pointer_arg(3)
argstr = sprintf("%s, %d, %p", user_string_quoted(pointer_arg(1)), sz, buf_uaddr)
}
-probe nd_syscall.statfs64.return = kprobe.function("sys_statfs64").return ?,
- kprobe.function("compat_sys_statfs64").return ?
+probe nd_syscall.statfs64.return = kprobe.function("compat_sys_statfs64").return ?,
+ kprobe.function("SyS_statfs64").return ?,
+ kprobe.function("sys_statfs64").return ?
{
name = "statfs"
retstr = returnstr(1)
@@ -3135,8 +3327,9 @@ probe nd_syscall.statfs64.return = kprobe.function("sys_statfs64").return ?,
# long sys_stime(time_t __user *tptr)
# long compat_sys_stime(compat_time_t __user *tptr)
#
-probe nd_syscall.stime = kprobe.function("sys_stime") ?,
- kprobe.function("compat_sys_stime") ?
+probe nd_syscall.stime = kprobe.function("compat_sys_stime") ?,
+ kprobe.function("SyS_stime") ?,
+ kprobe.function("sys_stime") ?
{
name = "stime"
// t_uaddr = $tptr
@@ -3146,8 +3339,9 @@ probe nd_syscall.stime = kprobe.function("sys_stime") ?,
t_uaddr = pointer_arg(1)
argstr = sprintf("%p", t_uaddr)
}
-probe nd_syscall.stime.return = kprobe.function("sys_stime").return ?,
- kprobe.function("compat_sys_stime").return ?
+probe nd_syscall.stime.return = kprobe.function("compat_sys_stime").return ?,
+ kprobe.function("SyS_stime").return ?,
+ kprobe.function("sys_stime").return ?
{
name = "stime"
retstr = returnstr(1)
@@ -3158,7 +3352,8 @@ probe nd_syscall.stime.return = kprobe.function("sys_stime").return ?,
# asmlinkage long
# sys_swapoff(const char __user * specialfile)
#
-probe nd_syscall.swapoff = kprobe.function("sys_swapoff")?
+probe nd_syscall.swapoff = kprobe.function("SyS_swapoff") ?,
+ kprobe.function("sys_swapoff") ?
{
name = "swapoff"
// path = user_string($specialfile)
@@ -3167,7 +3362,8 @@ probe nd_syscall.swapoff = kprobe.function("sys_swapoff")?
path = user_string(pointer_arg(1))
argstr = user_string_quoted(pointer_arg(1))
}
-probe nd_syscall.swapoff.return = kprobe.function("sys_swapoff").return ?
+probe nd_syscall.swapoff.return = kprobe.function("SyS_swapoff").return ?,
+ kprobe.function("sys_swapoff").return ?
{
name = "swapoff"
retstr = returnstr(1)
@@ -3179,7 +3375,8 @@ probe nd_syscall.swapoff.return = kprobe.function("sys_swapoff").return ?
# sys_swapon(const char __user * specialfile,
# int swap_flags)
#
-probe nd_syscall.swapon = kprobe.function("sys_swapon") ?
+probe nd_syscall.swapon = kprobe.function("SyS_swapon") ?,
+ kprobe.function("sys_swapon") ?
{
name = "swapon"
// path = user_string($specialfile)
@@ -3190,7 +3387,8 @@ probe nd_syscall.swapon = kprobe.function("sys_swapon") ?
swapflags = int_arg(2)
argstr = sprintf("%s, %d", user_string_quoted(pointer_arg(1)), swapflags)
}
-probe nd_syscall.swapon.return = kprobe.function("sys_swapon").return ?
+probe nd_syscall.swapon.return = kprobe.function("SyS_swapon").return ?,
+ kprobe.function("sys_swapon").return ?
{
name = "swapon"
retstr = returnstr(1)
@@ -3199,7 +3397,8 @@ probe nd_syscall.swapon.return = kprobe.function("sys_swapon").return ?
# symlink ____________________________________________________
# long sys_symlink(const char __user * oldname,
# const char __user * newname)
-probe nd_syscall.symlink = kprobe.function("sys_symlink")
+probe nd_syscall.symlink = kprobe.function("SyS_symlink") ?,
+ kprobe.function("sys_symlink") ?
{
name = "symlink"
// oldpath = user_string($oldname)
@@ -3212,7 +3411,8 @@ probe nd_syscall.symlink = kprobe.function("sys_symlink")
argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)),
user_string_quoted(pointer_arg(2)))
}
-probe nd_syscall.symlink.return = kprobe.function("sys_symlink").return
+probe nd_syscall.symlink.return = kprobe.function("SyS_symlink").return ?,
+ kprobe.function("sys_symlink").return ?
{
name = "symlink"
retstr = returnstr(1)
@@ -3222,7 +3422,8 @@ probe nd_syscall.symlink.return = kprobe.function("sys_symlink").return
# new function with 2.6.16
# long sys_symlinkat(const char __user *oldname, int newdfd,
# const char __user *newname)
-probe nd_syscall.symlinkat = kprobe.function("sys_symlinkat") ?
+probe nd_syscall.symlinkat = kprobe.function("SyS_symlinkat") ?,
+ kprobe.function("sys_symlinkat") ?
{
name = "symlinkat"
// oldname = $oldname
@@ -3243,7 +3444,8 @@ probe nd_syscall.symlinkat = kprobe.function("sys_symlinkat") ?
argstr = sprintf("%s, %s, %s", user_string_quoted(oldname),
newdfd_str, user_string_quoted(newname))
}
-probe nd_syscall.symlinkat.return = kprobe.function("sys_symlinkat").return ?
+probe nd_syscall.symlinkat.return = kprobe.function("SyS_symlinkat").return ?,
+ kprobe.function("sys_symlinkat").return ?
{
name = "symlinkat"
retstr = returnstr(1)
@@ -3268,16 +3470,18 @@ probe nd_syscall.sync.return = kprobe.function("sys_sync").return
#
# long sys_sysctl(struct __sysctl_args __user *args)
#
-probe nd_syscall.sysctl = kprobe.function("sys_sysctl") ?,
- kprobe.function("compat_sys_sysctl") ?
+probe nd_syscall.sysctl = kprobe.function("compat_sys_sysctl") ?,
+ kprobe.function("SyS_sysctl") ?,
+ kprobe.function("sys_sysctl") ?
{
name = "sysctl"
// argstr = sprintf("%p", $args)
asmlinkage()
argstr = sprintf("%p", pointer_arg(1))
}
-probe nd_syscall.sysctl.return = kprobe.function("sys_sysctl").return ?,
- kprobe.function("compat_sys_sysctl").return ?
+probe nd_syscall.sysctl.return = kprobe.function("compat_sys_sysctl").return ?,
+ kprobe.function("SyS_sysctl").return ?,
+ kprobe.function("sys_sysctl").return ?
{
name = "sysctl"
retstr = returnstr(1)
@@ -3290,7 +3494,8 @@ probe nd_syscall.sysctl.return = kprobe.function("sys_sysctl").return ?,
# unsigned long arg1,
# unsigned long arg2)
#
-probe nd_syscall.sysfs = kprobe.function("sys_sysfs")
+probe nd_syscall.sysfs = kprobe.function("SyS_sysfs") ?,
+ kprobe.function("sys_sysfs") ?
{
name = "sysfs"
// option = $option
@@ -3315,7 +3520,8 @@ probe nd_syscall.sysfs = kprobe.function("sys_sysfs")
else
argstr = sprintf("%d, %d, %d", option, arg1, arg2)
}
-probe nd_syscall.sysfs.return = kprobe.function("sys_sysfs").return
+probe nd_syscall.sysfs.return = kprobe.function("SyS_sysfs").return ?,
+ kprobe.function("sys_sysfs").return ?
{
name = "sysfs"
retstr = returnstr(1)
@@ -3325,8 +3531,9 @@ probe nd_syscall.sysfs.return = kprobe.function("sys_sysfs").return
#
# long sys_sysinfo(struct sysinfo __user *info)
# long compat_sys_sysinfo(struct compat_sysinfo __user *info)
-probe nd_syscall.sysinfo = kprobe.function("sys_sysinfo"),
- kprobe.function("compat_sys_sysinfo") ?
+probe nd_syscall.sysinfo = kprobe.function("compat_sys_sysinfo") ?,
+ kprobe.function("SyS_sysinfo") ?,
+ kprobe.function("sys_sysinfo") ?
{
name = "sysinfo"
// info_uaddr = $info
@@ -3335,8 +3542,9 @@ probe nd_syscall.sysinfo = kprobe.function("sys_sysinfo"),
info_uaddr = pointer_arg(1)
argstr = sprintf("%p", info_uaddr)
}
-probe nd_syscall.sysinfo.return = kprobe.function("sys_sysinfo").return,
- kprobe.function("compat_sys_sysinfo").return ?
+probe nd_syscall.sysinfo.return = kprobe.function("compat_sys_sysinfo").return ?,
+ kprobe.function("SyS_sysinfo").return ?,
+ kprobe.function("sys_sysinfo").return ?
{
name = "sysinfo"
retstr = returnstr(1)
@@ -3346,7 +3554,8 @@ probe nd_syscall.sysinfo.return = kprobe.function("sys_sysinfo").return,
#
# long sys_syslog(int type, char __user * buf, int len)
#
-probe nd_syscall.syslog = kprobe.function("sys_syslog")
+probe nd_syscall.syslog = kprobe.function("SyS_syslog") ?,
+ kprobe.function("sys_syslog") ?
{
name = "syslog"
// type = $type
@@ -3359,7 +3568,8 @@ probe nd_syscall.syslog = kprobe.function("sys_syslog")
len = int_arg(3)
argstr = sprintf("%d, %p, %d", type, bufp_uaddr, len)
}
-probe nd_syscall.syslog.return = kprobe.function("sys_syslog").return
+probe nd_syscall.syslog.return = kprobe.function("SyS_syslog").return ?,
+ kprobe.function("sys_syslog").return ?
{
name = "syslog"
retstr = returnstr(1)
@@ -3369,14 +3579,16 @@ probe nd_syscall.syslog.return = kprobe.function("sys_syslog").return
#
# long sys_tee(int fdin, int fdout, size_t len, unsigned int flags)
#
-probe nd_syscall.tee = kprobe.function("sys_tee") ?
+probe nd_syscall.tee = kprobe.function("SyS_tee") ?,
+ kprobe.function("sys_tee") ?
{
name = "tee"
// argstr = sprintf("%d, %d, %d, 0x%x", $fdin, $fdout, $len, $flags)
asmlinkage()
argstr = sprintf("%d, %d, %d, 0x%x", int_arg(1), int_arg(2), ulong_arg(3), uint_arg(4))
}
-probe nd_syscall.tee.return = kprobe.function("sys_tee").return ?
+probe nd_syscall.tee.return = kprobe.function("SyS_tee").return ?,
+ kprobe.function("sys_tee").return ?
{
name = "tee"
retstr = returnstr(1)
@@ -3389,7 +3601,8 @@ probe nd_syscall.tee.return = kprobe.function("sys_tee").return ?
# int pid,
# int sig)
#
-probe nd_syscall.tgkill = kprobe.function("sys_tgkill")
+probe nd_syscall.tgkill = kprobe.function("SyS_tgkill") ?,
+ kprobe.function("sys_tgkill") ?
{
name = "tgkill"
// tgid = $tgid
@@ -3402,7 +3615,8 @@ probe nd_syscall.tgkill = kprobe.function("sys_tgkill")
sig = int_arg(3)
argstr = sprintf("%d, %d, %s", tgid, pid, _signal_name(sig))
}
-probe nd_syscall.tgkill.return = kprobe.function("sys_tgkill").return
+probe nd_syscall.tgkill.return = kprobe.function("SyS_tgkill").return ?,
+ kprobe.function("sys_tgkill").return ?
{
name = "tgkill"
retstr = returnstr(1)
@@ -3415,10 +3629,11 @@ probe nd_syscall.tgkill.return = kprobe.function("sys_tgkill").return
# long sys32_time(compat_time_t __user * tloc)
# long compat_sys_time(compat_time_t __user * tloc)
#
-probe nd_syscall.time = kprobe.function("sys_time")?,
- kprobe.function("sys32_time") ?,
+probe nd_syscall.time = kprobe.function("sys32_time") ?,
kprobe.function("sys_time64") ?,
- kprobe.function("compat_sys_time") ?
+ kprobe.function("compat_sys_time") ?,
+ kprobe.function("SyS_time") ?,
+ kprobe.function("sys_time") ?
{
name = "time"
// t_uaddr = $tloc
@@ -3427,10 +3642,11 @@ probe nd_syscall.time = kprobe.function("sys_time")?,
t_uaddr = pointer_arg(1)
argstr = sprintf("%p", t_uaddr)
}
-probe nd_syscall.time.return = kprobe.function("sys_time").return?,
- kprobe.function("sys32_time").return ?,
+probe nd_syscall.time.return = kprobe.function("sys32_time").return ?,
kprobe.function("sys_time64").return ?,
- kprobe.function("compat_sys_time").return ?
+ kprobe.function("compat_sys_time").return ?,
+ kprobe.function("SyS_time").return ?,
+ kprobe.function("sys_time").return ?
{
name = "time"
retstr = returnstr(1)
@@ -3442,7 +3658,8 @@ probe nd_syscall.time.return = kprobe.function("sys_time").return?,
# struct sigevent __user *timer_event_spec,
# timer_t __user * created_timer_id)
#
-probe nd_syscall.timer_create = kprobe.function("sys_timer_create")
+probe nd_syscall.timer_create = kprobe.function("SyS_timer_create") ?,
+ kprobe.function("sys_timer_create") ?
{
name = "timer_create"
// clockid = $which_clock
@@ -3457,7 +3674,8 @@ probe nd_syscall.timer_create = kprobe.function("sys_timer_create")
timerid_uaddr = pointer_arg(3)
argstr = sprintf("%s, %p, %p", clockid_str, evp_uaddr, timerid_uaddr)
}
-probe nd_syscall.timer_create.return = kprobe.function("sys_timer_create").return
+probe nd_syscall.timer_create.return = kprobe.function("SyS_timer_create").return ?,
+ kprobe.function("sys_timer_create").return ?
{
name = "timer_create"
retstr = returnstr(1)
@@ -3467,7 +3685,8 @@ probe nd_syscall.timer_create.return = kprobe.function("sys_timer_create").retur
#
# long sys_timer_delete(timer_t timer_id)
#
-probe nd_syscall.timer_delete = kprobe.function("sys_timer_delete")
+probe nd_syscall.timer_delete = kprobe.function("SyS_timer_delete") ?,
+ kprobe.function("sys_timer_delete") ?
{
name = "timer_delete"
// timerid = $timer_id
@@ -3476,7 +3695,8 @@ probe nd_syscall.timer_delete = kprobe.function("sys_timer_delete")
timerid = int_arg(1)
argstr = sprint(timerid)
}
-probe nd_syscall.timer_delete.return = kprobe.function("sys_timer_delete").return
+probe nd_syscall.timer_delete.return = kprobe.function("SyS_timer_delete").return ?,
+ kprobe.function("sys_timer_delete").return ?
{
name = "timer_delete"
retstr = returnstr(1)
@@ -3486,7 +3706,8 @@ probe nd_syscall.timer_delete.return = kprobe.function("sys_timer_delete").retur
#
# long sys_timer_getoverrun(timer_t timer_id)
#
-probe nd_syscall.timer_getoverrun = kprobe.function("sys_timer_getoverrun")
+probe nd_syscall.timer_getoverrun = kprobe.function("SyS_timer_getoverrun") ?,
+ kprobe.function("sys_timer_getoverrun") ?
{
name = "timer_getoverrun"
// timerid = $timer_id
@@ -3495,7 +3716,8 @@ probe nd_syscall.timer_getoverrun = kprobe.function("sys_timer_getoverrun")
timerid = int_arg(1)
argstr = sprint(timerid)
}
-probe nd_syscall.timer_getoverrun.return = kprobe.function("sys_timer_getoverrun").return
+probe nd_syscall.timer_getoverrun.return = kprobe.function("SyS_timer_getoverrun").return ?,
+ kprobe.function("sys_timer_getoverrun").return ?
{
name = "timer_getoverrun"
retstr = returnstr(1)
@@ -3506,7 +3728,8 @@ probe nd_syscall.timer_getoverrun.return = kprobe.function("sys_timer_getoverrun
# long sys_timer_gettime(timer_t timer_id,
# struct itimerspec __user *setting)
#
-probe nd_syscall.timer_gettime = kprobe.function("sys_timer_gettime")
+probe nd_syscall.timer_gettime = kprobe.function("SyS_timer_gettime") ?,
+ kprobe.function("sys_timer_gettime") ?
{
name = "timer_gettime"
// timerid = $timer_id
@@ -3517,7 +3740,8 @@ probe nd_syscall.timer_gettime = kprobe.function("sys_timer_gettime")
value_uaddr = pointer_arg(2)
argstr = sprintf("%d, %p", timerid, value_uaddr)
}
-probe nd_syscall.timer_gettime.return = kprobe.function("sys_timer_gettime").return
+probe nd_syscall.timer_gettime.return = kprobe.function("SyS_timer_gettime").return ?,
+ kprobe.function("sys_timer_gettime").return ?
{
name = "timer_gettime"
retstr = returnstr(1)
@@ -3530,7 +3754,8 @@ probe nd_syscall.timer_gettime.return = kprobe.function("sys_timer_gettime").ret
# const struct itimerspec __user *new_setting,
# struct itimerspec __user *old_setting)
#
-probe nd_syscall.timer_settime = kprobe.function("sys_timer_settime")
+probe nd_syscall.timer_settime = kprobe.function("SyS_timer_settime") ?,
+ kprobe.function("sys_timer_settime") ?
{
name = "timer_settime"
// timerid = $timer_id
@@ -3549,7 +3774,8 @@ probe nd_syscall.timer_settime = kprobe.function("sys_timer_settime")
_struct_itimerspec_u(value_uaddr),
ovalue_uaddr)
}
-probe nd_syscall.timer_settime.return = kprobe.function("sys_timer_settime").return
+probe nd_syscall.timer_settime.return = kprobe.function("SyS_timer_settime").return ?,
+ kprobe.function("sys_timer_settime").return ?
{
name = "timer_settime"
retstr = returnstr(1)
@@ -3581,16 +3807,18 @@ probe nd_syscall.timerfd.return = kprobe.function("sys_timerfd").return ?,
#
# long sys_times(struct tms __user * tbuf)
# long compat_sys_times(struct compat_tms __user *tbuf)
-probe nd_syscall.times = kprobe.function("sys_times") ?,
- kprobe.function("compat_sys_times") ?
+probe nd_syscall.times = kprobe.function("compat_sys_times") ?,
+ kprobe.function("SyS_times") ?,
+ kprobe.function("sys_times") ?
{
name = "times"
// argstr = sprintf("%p", $tbuf)
asmlinkage()
argstr = sprintf("%p", pointer_arg(1))
}
-probe nd_syscall.times.return = kprobe.function("sys_times").return ?,
- kprobe.function("compat_sys_times").return ?
+probe nd_syscall.times.return = kprobe.function("compat_sys_times").return ?,
+ kprobe.function("SyS_times").return ?,
+ kprobe.function("sys_times").return ?
{
name = "times"
retstr = returnstr(1)
@@ -3602,7 +3830,8 @@ probe nd_syscall.times.return = kprobe.function("sys_times").return ?,
# sys_tkill(int pid,
# int sig)
#
-probe nd_syscall.tkill = kprobe.function("sys_tkill")
+probe nd_syscall.tkill = kprobe.function("SyS_tkill") ?,
+ kprobe.function("sys_tkill") ?
{
name = "tkill"
// pid = $pid
@@ -3613,7 +3842,8 @@ probe nd_syscall.tkill = kprobe.function("sys_tkill")
sig = int_arg(2)
argstr = sprintf("%d, %s", pid, _signal_name(sig))
}
-probe nd_syscall.tkill.return = kprobe.function("sys_tkill").return
+probe nd_syscall.tkill.return = kprobe.function("SyS_tkill").return ?,
+ kprobe.function("sys_tkill").return ?
{
name = "tkill"
retstr = returnstr(1)
@@ -3624,7 +3854,8 @@ probe nd_syscall.tkill.return = kprobe.function("sys_tkill").return
# sys_truncate(const char __user * path, unsigned long length)
# sys_truncate64(const char __user * path, loff_t length)
#
-probe nd_syscall.truncate = kprobe.function("sys_truncate")?,
+probe nd_syscall.truncate = kprobe.function("SyS_truncate") ?,
+ kprobe.function("sys_truncate") ?,
kprobe.function("sys_truncate64") ?
{
name = "truncate"
@@ -3641,7 +3872,8 @@ probe nd_syscall.truncate = kprobe.function("sys_truncate")?,
length = longlong_arg(2)
argstr = sprintf("%s, %d", user_string_quoted(path_uaddr), length)
}
-probe nd_syscall.truncate.return = kprobe.function("sys_truncate").return ?,
+probe nd_syscall.truncate.return = kprobe.function("SyS_truncate").return ?,
+ kprobe.function("sys_truncate").return ?,
kprobe.function("sys_truncate64").return ?
{
name = "truncate"
@@ -3672,7 +3904,8 @@ probe nd_syscall.tux.return = kprobe.function("sys_tux").return ?
# umask ______________________________________________________
# long sys_umask(int mask)
#
-probe nd_syscall.umask = kprobe.function("sys_umask")
+probe nd_syscall.umask = kprobe.function("SyS_umask") ?,
+ kprobe.function("sys_umask") ?
{
name = "umask"
// mask = $mask
@@ -3681,7 +3914,8 @@ probe nd_syscall.umask = kprobe.function("sys_umask")
mask = int_arg(1)
argstr = sprintf("%#o", mask)
}
-probe nd_syscall.umask.return = kprobe.function("sys_umask").return
+probe nd_syscall.umask.return = kprobe.function("SyS_umask").return ?,
+ kprobe.function("sys_umask").return ?
{
name = "umask"
retstr = returnstr(3)
@@ -3690,7 +3924,8 @@ probe nd_syscall.umask.return = kprobe.function("sys_umask").return
# umount _____________________________________________________
# long sys_umount(char __user * name, int flags)
#
-probe nd_syscall.umount = kprobe.function("sys_umount")
+probe nd_syscall.umount = kprobe.function("SyS_umount") ?,
+ kprobe.function("sys_umount") ?
{
name = "umount"
// target = user_string($name)
@@ -3703,7 +3938,8 @@ probe nd_syscall.umount = kprobe.function("sys_umount")
flags_str = _umountflags_str(flags)
argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), flags_str)
}
-probe nd_syscall.umount.return = kprobe.function("sys_umount").return
+probe nd_syscall.umount.return = kprobe.function("SyS_umount").return ?,
+ kprobe.function("sys_umount").return ?
{
name = "umount"
retstr = returnstr(1)
@@ -3721,6 +3957,7 @@ probe nd_syscall.uname = kprobe.function("sys_uname") ?,
kprobe.function("sys_olduname") ?,
kprobe.function("sys32_olduname") ?,
kprobe.function("sys32_uname") ?,
+ kprobe.function("SyS_newuname") ?,
kprobe.function("sys_newuname") ?
{
name = "uname"
@@ -3739,6 +3976,7 @@ probe nd_syscall.uname.return = kprobe.function("sys_uname").return ?,
kprobe.function("sys_olduname").return ?,
kprobe.function("sys32_olduname").return ?,
kprobe.function("sys32_uname").return ?,
+ kprobe.function("SyS_newuname").return ?,
kprobe.function("sys_newuname").return ?
{
name = "uname"
@@ -3748,7 +3986,8 @@ probe nd_syscall.uname.return = kprobe.function("sys_uname").return ?,
# unlink _____________________________________________________
# long sys_unlink(const char __user * pathname)
#
-probe nd_syscall.unlink = kprobe.function("sys_unlink")
+probe nd_syscall.unlink = kprobe.function("SyS_unlink") ?,
+ kprobe.function("sys_unlink") ?
{
name = "unlink"
// pathname_uaddr = $pathname
@@ -3759,18 +3998,42 @@ probe nd_syscall.unlink = kprobe.function("sys_unlink")
pathname = user_string(pathname_uaddr)
argstr = user_string_quoted(pathname_uaddr)
}
-probe nd_syscall.unlink.return = kprobe.function("sys_unlink").return
+probe nd_syscall.unlink.return = kprobe.function("SyS_unlink").return ?,
+ kprobe.function("sys_unlink").return ?
{
name = "unlink"
retstr = returnstr(1)
}
+# unlinkat ___________________________________________________
+# TODO
+#probe nd_syscall.unlinkat = kprobe.function("SyS_unlinkat") ?,
+# kprobe.function("sys_unlinkat") ?
+#{
+#}
+#probe nd_syscall.unlinkat.return = kprobe.function("SyS_unlinkat").return ?,
+# kprobe.function("sys_unlinkat").return ?
+#{
+#}
+
+# unshare ____________________________________________________
+# TODO
+#probe nd_syscall.unshare = kprobe.function("SyS_unshare") ?,
+# kprobe.function("sys_unshare") ?
+#{
+#}
+#probe nd_syscall.unshare.return = kprobe.function("SyS_unshare").return ?,
+# kprobe.function("sys_unshare").return ?
+#{
+#}
+
# uselib _____________________________________________________
#
# asmlinkage long
# sys_uselib(const char __user * library)
#
-probe nd_syscall.uselib = kprobe.function("sys_uselib")
+probe nd_syscall.uselib = kprobe.function("SyS_uselib") ?,
+ kprobe.function("sys_uselib") ?
{
name = "uselib"
// library_uaddr = $library
@@ -3781,7 +4044,8 @@ probe nd_syscall.uselib = kprobe.function("sys_uselib")
library = user_string(library_uaddr)
argstr = user_string_quoted(library_uaddr)
}
-probe nd_syscall.uselib.return = kprobe.function("sys_uselib").return
+probe nd_syscall.uselib.return = kprobe.function("SyS_uselib").return ?,
+ kprobe.function("sys_uselib").return ?
{
name = "uselib"
retstr = returnstr(1)
@@ -3790,7 +4054,8 @@ probe nd_syscall.uselib.return = kprobe.function("sys_uselib").return
# ustat ______________________________________________________
# long sys_ustat(unsigned dev, struct ustat __user * ubuf)
#
-probe nd_syscall.ustat = kprobe.function("sys_ustat")
+probe nd_syscall.ustat = kprobe.function("SyS_ustat") ?,
+ kprobe.function("sys_ustat") ?
{
name = "ustat"
// dev = $dev
@@ -3813,7 +4078,8 @@ probe nd_syscall.ustat32 = kprobe.function("sys32_ustat") ?
argstr = sprintf("%d, %p", dev, pointer_arg(2))
}
-probe nd_syscall.ustat.return = kprobe.function("sys_ustat").return,
+probe nd_syscall.ustat.return = kprobe.function("SyS_ustat").return ?,
+ kprobe.function("sys_ustat").return ?,
kprobe.function("sys32_ustat").return ?
{
name = "ustat"
@@ -3822,7 +4088,8 @@ probe nd_syscall.ustat.return = kprobe.function("sys_ustat").return,
# utime ______________________________________________________
# long sys_utime(char __user * filename, struct utimbuf __user * times)
-probe nd_syscall.utime = kprobe.function("sys_utime") ?
+probe nd_syscall.utime = kprobe.function("SyS_utime") ?,
+ kprobe.function("sys_utime") ?
{
name = "utime"
asmlinkage()
@@ -3834,7 +4101,8 @@ probe nd_syscall.utime = kprobe.function("sys_utime") ?
argstr = sprintf("%s, [%s, %s]", filename,
ctime(actime), ctime(modtime))
}
-probe nd_syscall.utime.return = kprobe.function("sys_utime").return ?
+probe nd_syscall.utime.return = kprobe.function("SyS_utime").return ?,
+ kprobe.function("sys_utime").return ?
{
name = "utime"
retstr = returnstr(1)
@@ -3863,7 +4131,8 @@ probe nd_syscall.compat_utime.return = kprobe.function("compat_sys_utime").retur
#
# long sys_utimes(char __user * filename, struct timeval __user * utimes)
#
-probe nd_syscall.utimes = kprobe.function("sys_utimes")
+probe nd_syscall.utimes = kprobe.function("SyS_utimes") ?,
+ kprobe.function("sys_utimes") ?
{
name = "utimes"
// filename_uaddr = $filename
@@ -3878,7 +4147,8 @@ probe nd_syscall.utimes = kprobe.function("sys_utimes")
argstr = sprintf("%s, %s", user_string_quoted(filename_uaddr),
_struct_timeval_u(tvp_uaddr, 2))
}
-probe nd_syscall.utimes.return = kprobe.function("sys_utimes").return
+probe nd_syscall.utimes.return = kprobe.function("SyS_utimes").return ?,
+ kprobe.function("sys_utimes").return ?
{
name = "utimes"
retstr = returnstr(1)
@@ -3909,7 +4179,8 @@ probe nd_syscall.compat_sys_utimes.return = kprobe.function("compat_sys_utimes")
# long sys_utimensat(int dfd, char __user *filename, struct timespec __user *utimes, int flags)
# long compat_sys_utimensat(unsigned int dfd, char __user *filename, struct compat_timespec __user *t, int flags)
#
-probe nd_syscall.utimensat = kprobe.function("sys_utimensat") ?
+probe nd_syscall.utimensat = kprobe.function("SyS_utimensat") ?,
+ kprobe.function("sys_utimensat") ?
{
name = "utimensat"
// argstr = sprintf("%s, %s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), _struct_timespec_u($utimes, 2),
@@ -3927,12 +4198,13 @@ probe nd_syscall.compat_utimensat = kprobe.function("compat_sys_utimensat") ?
argstr = sprintf("%s, %s, %s, %s", _dfd_str(uint_arg(1)), user_string_quoted(pointer_arg(2)),
_struct_compat_timespec_u(pointer_arg(3), 2), _at_flag_str(int_arg(4)))
}
-probe nd_syscall.utimensat.return = kprobe.function("sys_utimensat").return ?
+probe nd_syscall.utimensat.return = kprobe.function("SyS_utimensat").return ?,
+ kprobe.function("sys_utimensat").return ?
{
name = "utimensat"
retstr = returnstr(1)
}
-probe nd_syscall.compat_utimensat.return = kprobe.function("compat_sys_utimensat").return ?
+probe nd_syscall.compat_utimensat.return = kprobe.function("compat_sys_utimensat").return ?
{
name = "utimensat"
retstr = returnstr(1)
@@ -3961,7 +4233,8 @@ probe nd_syscall.vhangup.return = kprobe.function("sys_vhangup").return
# long compat_sys_vmsplice(int fd, const struct compat_iovec __user *iov32,
# unsigned int nr_segs, unsigned int flags)
#
-probe nd_syscall.vmsplice = kprobe.function("sys_vmsplice") ?
+probe nd_syscall.vmsplice = kprobe.function("SyS_vmsplice") ?,
+ kprobe.function("sys_vmsplice") ?
{
name = "vmsplice"
// argstr = sprintf("%d, %p, %d, 0x%x", $fd, $iov, $nr_segs, $flags)
@@ -3975,7 +4248,8 @@ probe nd_syscall.compat_vmsplice = kprobe.function("compat_sys_vmsplice") ?
asmlinkage()
argstr = sprintf("%d, %p, %d, 0x%x", int_arg(1), pointer_arg(2), uint_arg(3), uint_arg(4))
}
-probe nd_syscall.vmsplice.return = kprobe.function("sys_vmsplice").return ?
+probe nd_syscall.vmsplice.return = kprobe.function("SyS_vmsplice").return ?,
+ kprobe.function("sys_vmsplice").return ?
{
name = "vmsplice"
retstr = returnstr(1)
@@ -3993,7 +4267,8 @@ probe nd_syscall.compat_vmsplice.return = kprobe.function("compat_sys_vmsplice")
# int options,
# struct rusage __user *ru)
#
-probe nd_syscall.wait4 = kprobe.function("sys_wait4")
+probe nd_syscall.wait4 = kprobe.function("SyS_wait4") ?,
+ kprobe.function("sys_wait4") ?
{
name = "wait4"
// pid = %( kernel_vr >= "2.6.25" %? $upid %: $pid%)
@@ -4013,7 +4288,8 @@ probe nd_syscall.wait4 = kprobe.function("sys_wait4")
argstr = sprintf("%d, %p, %s, %p", pid, status_uaddr, _wait4_opt_str(options), rusage_uaddr)
}
-probe nd_syscall.wait4.return = kprobe.function("sys_wait4").return
+probe nd_syscall.wait4.return = kprobe.function("SyS_wait4").return ?,
+ kprobe.function("sys_wait4").return ?
{
name = "wait4"
retstr = returnstr(1)
@@ -4027,7 +4303,8 @@ probe nd_syscall.wait4.return = kprobe.function("sys_wait4").return
# int options,
# struct rusage __user *ru)
#
-probe nd_syscall.waitid = kprobe.function("sys_waitid")
+probe nd_syscall.waitid = kprobe.function("SyS_waitid") ?,
+ kprobe.function("sys_waitid") ?
{
name = "waitid"
// pid = %( kernel_vr >= "2.6.25" %? $upid %: $pid%)
@@ -4051,7 +4328,8 @@ probe nd_syscall.waitid = kprobe.function("sys_waitid")
argstr = sprintf("%d, %d, %p, %s, %p", which,
pid, infop_uaddr, _waitid_opt_str(options), rusage_uaddr)
}
-probe nd_syscall.waitid.return = kprobe.function("sys_waitid").return
+probe nd_syscall.waitid.return = kprobe.function("SyS_waitid").return ?,
+ kprobe.function("sys_waitid").return ?
{
name = "waitid"
retstr = returnstr(1)
@@ -4065,7 +4343,8 @@ probe nd_syscall.waitid.return = kprobe.function("sys_waitid").return
# int options,
# struct rusage __user *ru)
#
-probe nd_syscall.waitpid = kprobe.function("sys_wait4")
+probe nd_syscall.waitpid = kprobe.function("SyS_wait4") ?,
+ kprobe.function("sys_wait4") ?
{
name = "waitpid"
pid = $pid
@@ -4076,7 +4355,8 @@ probe nd_syscall.waitpid = kprobe.function("sys_wait4")
argstr = sprintf("%d, %p, %s, %p", $pid, $stat_addr,
options_str, $ru)
}
-probe nd_syscall.waitpid.return = kprobe.function("sys_wait4").return
+probe nd_syscall.waitpid.return = kprobe.function("SyS_wait4").return ?,
+ kprobe.function("sys_wait4").return ?
{
name = "waitpid"
retstr = returnstr(1)
@@ -4089,7 +4369,8 @@ probe nd_syscall.waitpid.return = kprobe.function("sys_wait4").return
# const char __user * buf,
# size_t count)
#
-probe nd_syscall.write = kprobe.function("sys_write")
+probe nd_syscall.write = kprobe.function("SyS_write") ?,
+ kprobe.function("sys_write") ?
{
name = "write"
// fd = $fd
@@ -4103,7 +4384,8 @@ probe nd_syscall.write = kprobe.function("sys_write")
argstr = sprintf("%d, %s, %d", fd, text_strn(user_string(buf_uaddr), syscall_string_trunc, 1), count)
}
-probe nd_syscall.write.return = kprobe.function("sys_write").return
+probe nd_syscall.write.return = kprobe.function("SyS_write").return ?,
+ kprobe.function("sys_write").return ?
{
name = "write"
retstr = returnstr(1)
@@ -4118,8 +4400,9 @@ probe nd_syscall.write.return = kprobe.function("sys_write").return
# const struct compat_iovec __user *vec,
# unsigned long vlen)
#
-probe nd_syscall.writev = kprobe.function("sys_writev"),
- kprobe.function("compat_sys_writev") ?
+probe nd_syscall.writev = kprobe.function("compat_sys_writev") ?,
+ kprobe.function("SyS_writev") ?,
+ kprobe.function("sys_writev") ?
{
name = "writev"
// vector_uaddr = $vec
@@ -4138,8 +4421,9 @@ probe nd_syscall.writev = kprobe.function("sys_writev"),
argstr = sprintf("%d, %p, %d", fd, vector_uaddr, count)
}
-probe nd_syscall.writev.return = kprobe.function("sys_writev").return,
- kprobe.function("compat_sys_writev").return ?
+probe nd_syscall.writev.return = kprobe.function("compat_sys_writev").return ?,
+ kprobe.function("SyS_writev").return ?,
+ kprobe.function("sys_writev").return ?
{
name = "writev"
retstr = returnstr(1)
diff --git a/tapsets.cxx b/tapsets.cxx
index ee27f169..9948f0ff 100644
--- a/tapsets.cxx
+++ b/tapsets.cxx
@@ -43,7 +43,6 @@ extern "C" {
#include <dwarf.h>
#include <elf.h>
#include <obstack.h>
-#include <regex.h>
#include <glob.h>
#include <fnmatch.h>
#include <stdio.h>
@@ -553,19 +552,6 @@ struct dwarf_query : public base_query
int line,
Dwarf_Die *scope_die,
Dwarf_Addr addr);
- string get_blacklist_section(Dwarf_Addr addr);
-
- regex_t blacklist_func; // function/statement probes
- regex_t blacklist_func_ret; // only for .return probes
- regex_t blacklist_file; // file name
- void build_blacklist();
-
- bool blacklisted_p(const string& funcname,
- const string& filename,
- int line,
- const string& module,
- const string& section,
- Dwarf_Addr addr);
// Extracted parameters.
string function_val;
@@ -708,7 +694,6 @@ dwarf_query::dwarf_query(systemtap_session & sess,
else if (has_statement_str)
spec_type = parse_function_spec(statement_str_val);
- build_blacklist(); // XXX: why not reuse amongst dwarf_query instances?
dbinfo_reqt = assess_dbinfo_reqt();
query_done = false;
}
@@ -875,138 +860,6 @@ dwarf_query::handle_query_module()
}
-void
-dwarf_query::build_blacklist()
-{
- // No blacklist for userspace.
- if (has_process)
- return;
-
- // We build up the regexps in these strings
-
- // Add ^ anchors at the front; $ will be added just before regcomp.
-
- string blfn = "^(";
- string blfn_ret = "^(";
- string blfile = "^(";
-
- blfile += "kernel/kprobes.c"; // first alternative, no "|"
- blfile += "|arch/.*/kernel/kprobes.c";
- // Older kernels need ...
- blfile += "|include/asm/io.h";
- blfile += "|include/asm/bitops.h";
- // While newer ones need ...
- blfile += "|arch/.*/include/asm/io.h";
- blfile += "|arch/.*/include/asm/bitops.h";
- blfile += "|drivers/ide/ide-iops.c";
-
- // XXX: it would be nice if these blacklisted functions were pulled
- // in dynamically, instead of being statically defined here.
- // Perhaps it could be populated from script files. A "noprobe
- // kernel.function("...")" construct might do the trick.
-
- // Most of these are marked __kprobes in newer kernels. We list
- // them here (anyway) so the translator can block them on older
- // kernels that don't have the __kprobes function decorator. This
- // also allows detection of problems at translate- rather than
- // run-time.
-
- blfn += "atomic_notifier_call_chain"; // first blfn; no "|"
- blfn += "|default_do_nmi";
- blfn += "|__die";
- blfn += "|die_nmi";
- blfn += "|do_debug";
- blfn += "|do_general_protection";
- blfn += "|do_int3";
- blfn += "|do_IRQ";
- blfn += "|do_page_fault";
- blfn += "|do_sparc64_fault";
- blfn += "|do_trap";
- blfn += "|dummy_nmi_callback";
- blfn += "|flush_icache_range";
- blfn += "|ia64_bad_break";
- blfn += "|ia64_do_page_fault";
- blfn += "|ia64_fault";
- blfn += "|io_check_error";
- blfn += "|mem_parity_error";
- blfn += "|nmi_watchdog_tick";
- blfn += "|notifier_call_chain";
- blfn += "|oops_begin";
- blfn += "|oops_end";
- blfn += "|program_check_exception";
- blfn += "|single_step_exception";
- blfn += "|sync_regs";
- blfn += "|unhandled_fault";
- blfn += "|unknown_nmi_error";
-
- // Lots of locks
- blfn += "|.*raw_.*lock.*";
- blfn += "|.*read_.*lock.*";
- blfn += "|.*write_.*lock.*";
- blfn += "|.*spin_.*lock.*";
- blfn += "|.*rwlock_.*lock.*";
- blfn += "|.*rwsem_.*lock.*";
- blfn += "|.*mutex_.*lock.*";
- blfn += "|raw_.*";
- blfn += "|.*seq_.*lock.*";
-
- // atomic functions
- blfn += "|atomic_.*";
- blfn += "|atomic64_.*";
-
- // few other problematic cases
- blfn += "|get_bh";
- blfn += "|put_bh";
-
- // Experimental
- blfn += "|.*apic.*|.*APIC.*";
- blfn += "|.*softirq.*";
- blfn += "|.*IRQ.*";
- blfn += "|.*_intr.*";
- blfn += "|__delay";
- blfn += "|.*kernel_text.*";
- blfn += "|get_current";
- blfn += "|current_.*";
- blfn += "|.*exception_tables.*";
- blfn += "|.*setup_rt_frame.*";
-
- // PR 5759, CONFIG_PREEMPT kernels
- blfn += "|.*preempt_count.*";
- blfn += "|preempt_schedule";
-
- // These functions don't return, so return probes would never be recovered
- blfn_ret += "do_exit"; // no "|"
- blfn_ret += "|sys_exit";
- blfn_ret += "|sys_exit_group";
-
- // __switch_to changes "current" on x86_64 and i686, so return probes
- // would cause kernel panic, and it is marked as "__kprobes" on x86_64
- if (sess.architecture == "x86_64")
- blfn += "|__switch_to";
- if (sess.architecture == "i686")
- blfn_ret += "|__switch_to";
-
- blfn += ")$";
- blfn_ret += ")$";
- blfile += ")$";
-
- if (sess.verbose > 2)
- {
- clog << "blacklist regexps:" << endl;
- clog << "blfn: " << blfn << endl;
- clog << "blfn_ret: " << blfn_ret << endl;
- clog << "blfile: " << blfile << endl;
- }
-
- int rc = regcomp (& blacklist_func, blfn.c_str(), REG_NOSUB|REG_EXTENDED);
- if (rc) throw semantic_error ("blacklist_func regcomp failed");
- rc = regcomp (& blacklist_func_ret, blfn_ret.c_str(), REG_NOSUB|REG_EXTENDED);
- if (rc) throw semantic_error ("blacklist_func_ret regcomp failed");
- rc = regcomp (& blacklist_file, blfile.c_str(), REG_NOSUB|REG_EXTENDED);
- if (rc) throw semantic_error ("blacklist_file regcomp failed");
-}
-
-
function_spec_type
dwarf_query::parse_function_spec(string & spec)
{
@@ -1097,129 +950,6 @@ dwarf_query::parse_function_spec(string & spec)
}
-#if 0
-// Forward declaration.
-static int query_kernel_module (Dwfl_Module *, void **, const char *,
- Dwarf_Addr, void *);
-#endif
-
-
-// XXX: pull this into dwflpp
-static bool
-in_kprobes_function(systemtap_session& sess, Dwarf_Addr addr)
-{
- if (sess.sym_kprobes_text_start != 0 && sess.sym_kprobes_text_end != 0)
- {
- // If the probe point address is anywhere in the __kprobes
- // address range, we can't use this probe point.
- if (addr >= sess.sym_kprobes_text_start && addr < sess.sym_kprobes_text_end)
- return true;
- }
- return false;
-}
-
-
-bool
-dwarf_query::blacklisted_p(const string& funcname,
- const string& filename,
- int,
- const string& module,
- const string& section,
- Dwarf_Addr addr)
-{
- if (has_process)
- return false; // no blacklist for userspace
-
- if (section.substr(0, 6) == string(".init.") ||
- section.substr(0, 6) == string(".exit.") ||
- section.substr(0, 9) == string(".devinit.") ||
- section.substr(0, 9) == string(".devexit.") ||
- section.substr(0, 9) == string(".cpuinit.") ||
- section.substr(0, 9) == string(".cpuexit.") ||
- section.substr(0, 9) == string(".meminit.") ||
- section.substr(0, 9) == string(".memexit."))
- {
- // NB: module .exit. routines could be probed in theory:
- // if the exit handler in "struct module" is diverted,
- // first inserting the kprobes
- // then allowing the exit code to run
- // then removing these kprobes
- if (sess.verbose>1)
- clog << " skipping - init/exit";
- return true;
- }
-
- // Check for function marked '__kprobes'.
- if (module == TOK_KERNEL && in_kprobes_function(sess, addr))
- {
- if (sess.verbose>1)
- clog << " skipping - __kprobes";
- return true;
- }
-
- // Check probe point against blacklist.
- int goodfn = regexec (&blacklist_func, funcname.c_str(), 0, NULL, 0);
- if (has_return)
- goodfn = goodfn && regexec (&blacklist_func_ret, funcname.c_str(), 0, NULL, 0);
- int goodfile = regexec (&blacklist_file, filename.c_str(), 0, NULL, 0);
-
- if (! (goodfn && goodfile))
- {
- if (sess.guru_mode)
- {
- if (sess.verbose>1)
- clog << " guru mode enabled - ignoring blacklist";
- }
- else
- {
- if (sess.verbose>1)
- clog << " skipping - blacklisted";
- return true;
- }
- }
-
- // This probe point is not blacklisted.
- return false;
-}
-
-string dwarf_query::get_blacklist_section(Dwarf_Addr addr)
-{
- string blacklist_section;
- Dwarf_Addr bias;
- // We prefer dwfl_module_getdwarf to dwfl_module_getelf here,
- // because dwfl_module_getelf can force costly section relocations
- // we don't really need, while either will do for this purpose.
- Elf* elf = (dwarf_getelf (dwfl_module_getdwarf (dw.module, &bias))
- ?: dwfl_module_getelf (dw.module, &bias));
-
- Dwarf_Addr offset = addr - bias;
- if (elf)
- {
- Elf_Scn* scn = 0;
- size_t shstrndx;
- dwfl_assert ("getshstrndx", elf_getshstrndx (elf, &shstrndx));
- while ((scn = elf_nextscn (elf, scn)) != NULL)
- {
- GElf_Shdr shdr_mem;
- GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem);
- if (! shdr) continue; // XXX error?
-
- if (!(shdr->sh_flags & SHF_ALLOC))
- continue;
-
- GElf_Addr start = shdr->sh_addr;
- GElf_Addr end = start + shdr->sh_size;
- if (! (offset >= start && offset < end))
- continue;
-
- blacklist_section = elf_strptr (elf, shstrndx, shdr->sh_name);
- break;
- }
- }
- return blacklist_section;
-}
-
-
void
dwarf_query::add_probe_point(const string& funcname,
const char* filename,
@@ -1228,40 +958,13 @@ dwarf_query::add_probe_point(const string& funcname,
Dwarf_Addr addr)
{
string reloc_section; // base section for relocation purposes
- Dwarf_Addr reloc_addr = addr; // relocated
+ Dwarf_Addr reloc_addr; // relocated
string blacklist_section; // linking section for blacklist purposes
const string& module = dw.module_name; // "kernel" or other
assert (! has_absolute); // already handled in dwarf_builder::build()
- if (!dw.module)
- {
- assert(module == TOK_KERNEL);
- reloc_section = "";
- blacklist_section = "";
- }
- else if (dwfl_module_relocations (dw.module) > 0)
- {
- // This is a relocatable module; libdwfl already knows its
- // sections, so we can relativize addr.
- int idx = dwfl_module_relocate_address (dw.module, &reloc_addr);
- const char* r_s = dwfl_module_relocation_info (dw.module, idx, NULL);
- if (r_s)
- reloc_section = r_s;
- blacklist_section = reloc_section;
-
- if(reloc_section == "" && dwfl_module_relocations (dw.module) == 1)
- {
- blacklist_section = this->get_blacklist_section(addr);
- reloc_section = ".dynamic";
- reloc_addr = addr;
- }
- }
- else
- {
- blacklist_section = this->get_blacklist_section(addr);
- reloc_section = ".absolute";
- }
+ reloc_addr = dw.relocate_address(addr, reloc_section, blacklist_section);
if (sess.verbose > 1)
{
@@ -1277,7 +980,8 @@ dwarf_query::add_probe_point(const string& funcname,
clog << " pc=0x" << hex << addr << dec;
}
- bool bad = blacklisted_p (funcname, filename, line, module, blacklist_section, addr);
+ bool bad = dw.blacklisted_p (funcname, filename, line, module,
+ blacklist_section, addr, has_return);
if (sess.verbose > 1)
clog << endl;
@@ -1780,26 +1484,6 @@ query_cu (Dwarf_Die * cudie, void * arg)
}
-#if 0
-static int
-query_kernel_module (Dwfl_Module *mod,
- void **,
- const char *name,
- Dwarf_Addr,
- void *arg)
-{
- if (TOK_KERNEL == name)
- {
- Dwfl_Module **m = (Dwfl_Module **)arg;
-
- *m = mod;
- return DWARF_CB_ABORT;
- }
- return DWARF_CB_OK;
-}
-#endif
-
-
static void
validate_module_elf (Dwfl_Module *mod, const char *name, base_query *q)
{
diff --git a/testsuite/systemtap.base/sdt.exp b/testsuite/systemtap.base/sdt.exp
index c3aed91e..d24093e0 100644
--- a/testsuite/systemtap.base/sdt.exp
+++ b/testsuite/systemtap.base/sdt.exp
@@ -41,6 +41,7 @@ if {[installtest_p] && [utrace_p]} {
} else {
untested "$test $extra_flag"
}
+catch {exec rm -f $testprog}
# C++
set testprog "sdt.cxx.exe.$i"
@@ -66,5 +67,5 @@ if {[installtest_p] && [utrace_p]} {
} else {
untested "$test c++ $extra_flag"
}
+catch {exec rm -f $testprog}
}
-
generated by cgit (git 2.34.1) at 2025-08-05 05:34:23 +0000