diff options
Diffstat (limited to 'tapset/syscalls.stp')
| -rw-r--r-- | tapset/syscalls.stp | 858 |
1 files changed, 562 insertions, 296 deletions
diff --git a/tapset/syscalls.stp b/tapset/syscalls.stp index 4744412a..256174d3 100644 --- a/tapset/syscalls.stp +++ b/tapset/syscalls.stp @@ -28,28 +28,32 @@ # accept _____________________________________________________ # long sys_accept(int fd, struct sockaddr __user *upeer_sockaddr, # int __user *upeer_addrlen) -probe syscall.accept = kernel.function("sys_accept") ? { +probe syscall.accept = kernel.function("SyS_accept") !, + kernel.function("sys_accept") ? { name = "accept" sockfd = $fd addr_uaddr = $upeer_sockaddr addrlen_uaddr = $upeer_addrlen argstr = sprintf("%d, %p, %p", $fd, $upeer_sockaddr, $upeer_addrlen) } -probe syscall.accept.return = kernel.function("sys_accept").return ? { +probe syscall.accept.return = kernel.function("SyS_accept").return !, + kernel.function("sys_accept").return ? { name = "accept" retstr = returnstr(1) } # access _____________________________________________________ # long sys_access(const char __user * filename, int mode) -probe syscall.access = kernel.function("sys_access") { +probe syscall.access = kernel.function("SyS_access") !, + kernel.function("sys_access") { name = "access" pathname = user_string($filename) mode = $mode mode_str = _access_mode_str($mode) argstr = sprintf("%s, %s", user_string_quoted($filename), mode_str) } -probe syscall.access.return = kernel.function("sys_access").return { +probe syscall.access.return = kernel.function("SyS_access").return !, + kernel.function("sys_access").return { name = "access" retstr = returnstr(1) } @@ -73,7 +77,8 @@ probe syscall.acct.return = kernel.function("sys_acct").return ? { # size_t plen, # key_serial_t ringid) # -probe syscall.add_key = kernel.function("sys_add_key") ? { +probe syscall.add_key = kernel.function("SyS_add_key") !, + kernel.function("sys_add_key") ? { name = "add_key" type_uaddr = $_type description_auddr = $_description @@ -86,14 +91,16 @@ probe syscall.add_key = kernel.function("sys_add_key") ? { text_strn(user_string($_payload),syscall_string_trunc,1), $plen, $ringid) } -probe syscall.add_key.return = kernel.function("sys_add_key").return ? { +probe syscall.add_key.return = kernel.function("SyS_add_key").return !, + kernel.function("sys_add_key").return ? { name = "add_key" retstr = returnstr(1) } # adjtimex ___________________________________________________ # long sys_adjtimex(struct timex __user *txc_p) -probe syscall.adjtimex = kernel.function("sys_adjtimex") { +probe syscall.adjtimex = kernel.function("SyS_adjtimex") !, + kernel.function("sys_adjtimex") { name = "adjtimex" /* @@ -111,7 +118,8 @@ probe syscall.adjtimex = kernel.function("sys_adjtimex") { */ argstr = sprintf("%p", $txc_p) } -probe syscall.adjtimex.return = kernel.function("sys_adjtimex").return { +probe syscall.adjtimex.return = kernel.function("SyS_adjtimex").return !, + kernel.function("sys_adjtimex").return { name = "adjtimex" retstr = _adjtimex_return_str($return) } @@ -130,16 +138,18 @@ probe syscall.compat_adjtimex.return = kernel.function("compat_sys_adjtimex").re # long sys32_alarm(unsigned int seconds) # probe syscall.alarm = - kernel.function("sys_alarm") ?, - kernel.function("sys32_alarm") ? + kernel.function("sys32_alarm") ?, + kernel.function("SyS_alarm") !, + kernel.function("sys_alarm") ? { name = "alarm" seconds = $seconds argstr = sprint($seconds) } probe syscall.alarm.return = - kernel.function("sys_alarm").return ?, - kernel.function("sys32_alarm").return ? + kernel.function("sys32_alarm").return ?, + kernel.function("SyS_alarm").return !, + kernel.function("sys_alarm").return ? { name = "alarm" retstr = returnstr(1) @@ -147,7 +157,8 @@ probe syscall.alarm.return = # bdflush ____________________________________________________ # long sys_bdflush(int func,long data) -probe syscall.bdflush = kernel.function("sys_bdflush") ? { +probe syscall.bdflush = kernel.function("SyS_bdflush") !, + kernel.function("sys_bdflush") ? { name = "bdflush" func = $func data = $data @@ -157,21 +168,24 @@ probe syscall.bdflush = kernel.function("sys_bdflush") ? { data_str = sprintf("%d", $data) argstr = sprintf("%d, %s",func, data_str) } -probe syscall.bdflush.return = kernel.function("sys_bdflush").return ? { +probe syscall.bdflush.return = kernel.function("SyS_bdflush").return !, + kernel.function("sys_bdflush").return ? { name = "bdflush" retstr = returnstr(1) } # bind _______________________________________________________ # long sys_bind(int fd, struct sockaddr __user *umyaddr, int addrlen) -probe syscall.bind = kernel.function("sys_bind") ? { +probe syscall.bind = kernel.function("SyS_bind") !, + kernel.function("sys_bind") ? { name = "bind" sockfd = $fd my_addr_uaddr = $umyaddr addrlen = $addrlen argstr = sprintf("%d, %s, %d", $fd, _struct_sockaddr_u($umyaddr,$addrlen),$addrlen) } -probe syscall.bind.return = kernel.function("sys_bind").return ? { +probe syscall.bind.return = kernel.function("SyS_bind").return !, + kernel.function("sys_bind").return ? { name = "bind" retstr = returnstr(1) } @@ -179,16 +193,18 @@ probe syscall.bind.return = kernel.function("sys_bind").return ? { # brk ________________________________________________________ # unsigned long sys_brk(unsigned long brk) probe syscall.brk = - kernel.function("sys_brk"), - kernel.function("ia64_brk") ? + kernel.function("ia64_brk") ?, + kernel.function("SyS_brk") !, + kernel.function("sys_brk") { name = "brk" brk = $brk argstr = sprintf("%p", brk) } probe syscall.brk.return = - kernel.function("sys_brk").return, - kernel.function("ia64_brk").return ? + kernel.function("ia64_brk").return ?, + kernel.function("SyS_brk").return !, + kernel.function("sys_brk").return { name = "brk" retstr = returnstr(1) @@ -207,13 +223,15 @@ probe syscall.brk.return = * functions to export. */ # long sys_capget(cap_user_header_t header, cap_user_data_t dataptr) -probe syscall.capget = kernel.function("sys_capget") { +probe syscall.capget = kernel.function("SyS_capget") !, + kernel.function("sys_capget") { name = "capget" header_uaddr = $header data_uaddr = $dataptr argstr = sprintf("%p, %p", $header, $dataptr) } -probe syscall.capget.return = kernel.function("sys_capget").return { +probe syscall.capget.return = kernel.function("SyS_capget").return !, + kernel.function("sys_capget").return { name = "capget" retstr = returnstr(1) } @@ -230,52 +248,60 @@ probe syscall.capget.return = kernel.function("sys_capget").return { * functions to export. */ # long sys_capset(cap_user_header_t header, const cap_user_data_t data) -probe syscall.capset = kernel.function("sys_capset") { +probe syscall.capset = kernel.function("SyS_capset") !, + kernel.function("sys_capset") { name = "capset" header_uaddr = $header data_uaddr = $data argstr = sprintf("%p, %p", $header, $data) } -probe syscall.capset.return = kernel.function("sys_capset").return { +probe syscall.capset.return = kernel.function("SyS_capset").return !, + kernel.function("sys_capset").return { name = "capset" retstr = returnstr(1) } # chdir ______________________________________________________ # long sys_chdir(const char __user * filename) -probe syscall.chdir = kernel.function("sys_chdir") { +probe syscall.chdir = kernel.function("SyS_chdir") !, + kernel.function("sys_chdir") { name = "chdir" path = user_string($filename) argstr = user_string_quoted($filename) } -probe syscall.chdir.return = kernel.function("sys_chdir").return { +probe syscall.chdir.return = kernel.function("SyS_chdir").return !, + kernel.function("sys_chdir").return { name = "chdir" retstr = returnstr(1) } # chmod ______________________________________________________ # long sys_chmod(const char __user * filename, mode_t mode) -probe syscall.chmod = kernel.function("sys_chmod") { +probe syscall.chmod = kernel.function("SyS_chmod") !, + kernel.function("sys_chmod") { name = "chmod" path = user_string($filename) mode = $mode argstr = sprintf("%s, %#o", user_string_quoted($filename), mode) } -probe syscall.chmod.return = kernel.function("sys_chmod").return { +probe syscall.chmod.return = kernel.function("SyS_chmod").return !, + kernel.function("sys_chmod").return { name = "chmod" retstr = returnstr(1) } # chown ______________________________________________________ # long sys_chown(const char __user * filename, uid_t user, gid_t group) -probe syscall.chown = kernel.function("sys_chown") { +probe syscall.chown = kernel.function("SyS_chown") !, + kernel.function("sys_chown") { name = "chown" path = user_string($filename) owner = __int32($user) group = __int32($group) argstr = sprintf("%s, %d, %d",user_string_quoted($filename), owner, group) } -probe syscall.chown.return = kernel.function("sys_chown").return { +probe syscall.chown.return = kernel.function("SyS_chown").return !, + kernel.function("sys_chown").return { name = "chown" retstr = returnstr(1) } @@ -297,12 +323,14 @@ probe syscall.chown16.return = kernel.function("sys_chown16").return ? { # chroot _____________________________________________________ # long sys_chroot(const char __user * filename) -probe syscall.chroot = kernel.function("sys_chroot") { +probe syscall.chroot = kernel.function("SyS_chroot") !, + kernel.function("sys_chroot") { name = "chroot" path = user_string($filename) argstr = user_string_quoted($filename) } -probe syscall.chroot.return = kernel.function("sys_chroot").return { +probe syscall.chroot.return = kernel.function("SyS_chroot").return !, + kernel.function("sys_chroot").return { name = "chroot" retstr = returnstr(1) } @@ -312,8 +340,9 @@ probe syscall.chroot.return = kernel.function("sys_chroot").return { # long compat_clock_getres(clockid_t which_clock, struct compat_timespec __user *tp) # probe syscall.clock_getres = - kernel.function("sys_clock_getres"), - kernel.function("compat_clock_getres") ? + kernel.function("compat_clock_getres") ?, + kernel.function("SyS_clock_getres") !, + kernel.function("sys_clock_getres") { name = "clock_getres" clk_id = $which_clock @@ -322,8 +351,9 @@ probe syscall.clock_getres = argstr = sprintf("%s, %p", _get_wc_str($which_clock), $tp) } probe syscall.clock_getres.return = - kernel.function("sys_clock_getres").return, - kernel.function("compat_clock_getres").return ? + kernel.function("compat_clock_getres").return ?, + kernel.function("SyS_clock_getres").return !, + kernel.function("sys_clock_getres").return { name = "clock_getres" retstr = returnstr(1) @@ -333,6 +363,7 @@ probe syscall.clock_getres.return = # long sys_clock_gettime(clockid_t which_clock, struct timespec __user *tp) # probe syscall.clock_gettime = + kernel.function("SyS_clock_gettime") !, kernel.function("sys_clock_gettime") { name = "clock_gettime" @@ -340,7 +371,9 @@ probe syscall.clock_gettime = clk_id_str = _get_wc_str($which_clock) argstr = sprintf("%s, %p", _get_wc_str($which_clock), $tp) } -probe syscall.clock_gettime.return = kernel.function("sys_clock_gettime").return +probe syscall.clock_gettime.return = + kernel.function("SyS_clock_gettime").return !, + kernel.function("sys_clock_gettime").return { name = "clock_gettime" retstr = returnstr(1) @@ -352,7 +385,8 @@ probe syscall.clock_gettime.return = kernel.function("sys_clock_gettime").return # const struct timespec __user *rqtp, # struct timespec __user *rmtp) # -probe syscall.clock_nanosleep = kernel.function("sys_clock_nanosleep") { +probe syscall.clock_nanosleep = kernel.function("SyS_clock_nanosleep") !, + kernel.function("sys_clock_nanosleep") { name = "clock_nanosleep" if ($flags == 1) flag_str = "TIMER_ABSTIME" @@ -361,7 +395,9 @@ probe syscall.clock_nanosleep = kernel.function("sys_clock_nanosleep") { argstr = sprintf("%s, %s, %s, %p", _get_wc_str($which_clock), flag_str, _struct_timespec_u($rqtp,1), $rmtp) } -probe syscall.clock_nanosleep.return = kernel.function("sys_clock_nanosleep").return { +probe syscall.clock_nanosleep.return = + kernel.function("SyS_clock_nanosleep").return !, + kernel.function("sys_clock_nanosleep").return { name = "clock_nanosleep" retstr = returnstr(1) } @@ -395,53 +431,61 @@ probe syscall.compat_clock_nanosleep.return = # long sys_clock_settime(clockid_t which_clock, # const struct timespec __user *tp) # -probe syscall.clock_settime = kernel.function("sys_clock_settime") { +probe syscall.clock_settime = kernel.function("SyS_clock_settime") !, + kernel.function("sys_clock_settime") { name = "clock_settime" clk_id = $which_clock clk_id_str = _get_wc_str($which_clock) tp_uaddr = $tp argstr = sprintf("%s, %s", clk_id_str, _struct_timespec_u($tp,1)) } -probe syscall.clock_settime.return = kernel.function("sys_clock_settime").return { +probe syscall.clock_settime.return = kernel.function("SyS_clock_settime").return !, + kernel.function("sys_clock_settime").return { name = "clock_settime" retstr = returnstr(1) } # close ______________________________________________________ # long sys_close(unsigned int fd) -probe syscall.close = kernel.function("sys_close") { +probe syscall.close = kernel.function("SyS_close") !, + kernel.function("sys_close") { name = "close" fd = $fd argstr = sprint(fd) } -probe syscall.close.return = kernel.function("sys_close").return { +probe syscall.close.return = kernel.function("SyS_close").return !, + kernel.function("sys_close").return { name = "close" retstr = returnstr(1) } # connect ____________________________________________________ # long sys_connect(int fd, struct sockaddr __user *uservaddr, int addrlen) -probe syscall.connect = kernel.function("sys_connect") ? { +probe syscall.connect = kernel.function("SyS_connect") !, + kernel.function("sys_connect") ? { name = "connect" sockfd = $fd serv_addr_uaddr = $uservaddr addrlen = $addrlen argstr = sprintf("%d, %s, %d", $fd, _struct_sockaddr_u($uservaddr,$addrlen),$addrlen) } -probe syscall.connect.return = kernel.function("sys_connect").return ? { +probe syscall.connect.return = kernel.function("SyS_connect").return !, + kernel.function("sys_connect").return ? { name = "connect" retstr = returnstr(1) } # creat # long sys_creat(const char __user * pathname, int mode) -probe syscall.creat = kernel.function("sys_creat") ? +probe syscall.creat = kernel.function("SyS_creat") !, + kernel.function("sys_creat") ? { name = "creat" mode = $mode pathname = user_string($pathname) argstr = sprintf("%s, %#o", user_string_quoted($pathname), $mode) } -probe syscall.creat.return = kernel.function("sys_creat").return ? +probe syscall.creat.return = kernel.function("SyS_creat").return !, + kernel.function("sys_creat").return ? { name = "creat" retstr = returnstr(1) @@ -449,50 +493,59 @@ probe syscall.creat.return = kernel.function("sys_creat").return ? # delete_module ______________________________________________ # long sys_delete_module(const char __user *name_user, unsigned int flags) -probe syscall.delete_module = kernel.function("sys_delete_module") ? { +probe syscall.delete_module = kernel.function("SyS_delete_module") !, + kernel.function("sys_delete_module") ? { name = "delete_module" name_user = user_string($name_user) flags = $flags argstr = sprintf("%s, %s", user_string_quoted($name_user), _module_flags_str($flags)) } -probe syscall.delete_module.return = kernel.function("sys_delete_module").return ? { +probe syscall.delete_module.return = kernel.function("SyS_delete_module").return !, + kernel.function("sys_delete_module").return ? { name = "delete_module" retstr = returnstr(1) } # dup ________________________________________________________ # long sys_dup(unsigned int fildes) -probe syscall.dup = kernel.function("sys_dup") { +probe syscall.dup = kernel.function("SyS_dup") !, + kernel.function("sys_dup") { name = "dup" oldfd = $fildes argstr = sprint($fildes) } -probe syscall.dup.return = kernel.function("sys_dup").return { +probe syscall.dup.return = kernel.function("SyS_dup").return !, + kernel.function("sys_dup").return { name = "dup" retstr = returnstr(1) } # dup2 _______________________________________________________ # long sys_dup2(unsigned int oldfd, unsigned int newfd) -probe syscall.dup2 = kernel.function("sys_dup2") { +probe syscall.dup2 = kernel.function("SyS_dup2") !, + kernel.function("sys_dup2") { name = "dup2" oldfd = $oldfd newfd = $newfd argstr = sprintf("%d, %d", $oldfd, $newfd) } -probe syscall.dup2.return = kernel.function("sys_dup2").return { +probe syscall.dup2.return = kernel.function("SyS_dup2").return !, + kernel.function("sys_dup2").return { name = "dup2" retstr = returnstr(1) } # epoll_create _______________________________________________ # long sys_epoll_create(int size) -probe syscall.epoll_create = kernel.function("sys_epoll_create") ? { +probe syscall.epoll_create = kernel.function("SyS_epoll_create") !, + kernel.function("sys_epoll_create") ? { name = "epoll_create" size = $size argstr = sprint($size) } -probe syscall.epoll_create.return = kernel.function("sys_epoll_create").return ? { +probe syscall.epoll_create.return = + kernel.function("SyS_epoll_create").return !, + kernel.function("sys_epoll_create").return ? { name = "epoll_create" retstr = returnstr(1) } @@ -504,8 +557,9 @@ probe syscall.epoll_create.return = kernel.function("sys_epoll_create").return ? # struct compat_epoll_event __user *event) # probe syscall.epoll_ctl = - kernel.function("sys_epoll_ctl") ?, - kernel.function("compat_sys_epoll_ctl") ? + kernel.function("compat_sys_epoll_ctl") ?, + kernel.function("SyS_epoll_ctl") !, + kernel.function("sys_epoll_ctl") ? { name = "epoll_ctl" epfd = $epfd @@ -516,8 +570,9 @@ probe syscall.epoll_ctl = argstr = sprintf("%d, %s, %d, %p", $epfd, _opoll_op_str($op), $fd, $event) } probe syscall.epoll_ctl.return = - kernel.function("sys_epoll_ctl").return ?, - kernel.function("compat_sys_epoll_ctl").return ? + kernel.function("compat_sys_epoll_ctl").return ?, + kernel.function("SyS_epoll_ctl").return !, + kernel.function("sys_epoll_ctl").return ? { name = "epoll_ctl" retstr = returnstr(1) @@ -535,16 +590,18 @@ probe syscall.epoll_ctl.return = # compat_size_t sigsetsize) # probe syscall.epoll_pwait = - kernel.function("sys_epoll_pwait") ?, - kernel.function("compat_sys_epoll_pwait") ? + kernel.function("compat_sys_epoll_pwait") ?, + kernel.function("SyS_epoll_pwait") !, + kernel.function("sys_epoll_pwait") ? { name = "epoll_pwait" argstr = sprintf("%d, %p, %d, %d, %p, %d", $epfd, $events, $maxevents, $timeout, $sigmask, $sigsetsize) } probe syscall.epoll_pwait.return = - kernel.function("sys_epoll_pwait").return ?, - kernel.function("compat_sys_epoll_pwait").return ? + kernel.function("compat_sys_epoll_pwait").return ?, + kernel.function("SyS_epoll_pwait").return !, + kernel.function("sys_epoll_pwait").return ? { name = "epoll_pwait" retstr = returnstr(1) @@ -559,8 +616,9 @@ probe syscall.epoll_pwait.return = # int maxevents, int timeout) # probe syscall.epoll_wait = - kernel.function("sys_epoll_wait") ?, - kernel.function("compat_sys_epoll_wait") ? + kernel.function("compat_sys_epoll_wait") ?, + kernel.function("SyS_epoll_wait") !, + kernel.function("sys_epoll_wait") ? { name = "epoll_wait" epfd = $epfd @@ -570,8 +628,9 @@ probe syscall.epoll_wait = argstr = sprintf("%d, %p, %d, %d", $epfd, $events, $maxevents, $timeout) } probe syscall.epoll_wait.return = - kernel.function("sys_epoll_wait").return ?, - kernel.function("compat_sys_epoll_wait").return ? + kernel.function("compat_sys_epoll_wait").return ?, + kernel.function("SyS_epoll_wait").return !, + kernel.function("sys_epoll_wait").return ? { name = "epoll_wait" retstr = returnstr(1) @@ -580,11 +639,13 @@ probe syscall.epoll_wait.return = # eventfd _____________________________________________________ # long sys_eventfd(unsigned int count) # -probe syscall.eventfd = kernel.function("sys_eventfd") ? { +probe syscall.eventfd = kernel.function("SyS_eventfd") !, + kernel.function("sys_eventfd") ? { name = "eventfd" argstr = sprint($count) } -probe syscall.eventfd.return = kernel.function("sys_eventfd").return ? { +probe syscall.eventfd.return = kernel.function("SyS_eventfd").return !, + kernel.function("sys_eventfd").return ? { name = "eventfd" retstr = returnstr(1) } @@ -636,7 +697,8 @@ probe syscall.exit = kernel.function("do_exit") { # exit_group _________________________________________________ # void sys_exit_group(int error_code) # -probe syscall.exit_group = kernel.function("sys_exit_group") { +probe syscall.exit_group = kernel.function("SyS_exit_group") !, + kernel.function("sys_exit_group") { name = "exit_group" status = $error_code argstr = sprint($error_code) @@ -647,7 +709,8 @@ probe syscall.exit_group = kernel.function("sys_exit_group") { # faccessat __________________________________________________ # new function with 2.6.16 # long sys_faccessat(int dfd, const char __user *filename, int mode) -probe syscall.faccessat = kernel.function("sys_faccessat") ? { +probe syscall.faccessat = kernel.function("SyS_faccessat") !, + kernel.function("sys_faccessat") ? { name = "faccessat" dfd = $dfd dfd_str = _dfd_str($dfd) @@ -657,7 +720,8 @@ probe syscall.faccessat = kernel.function("sys_faccessat") ? { mode_str = _access_mode_str($mode) argstr = sprintf("%s, %s, %s", dfd_str, user_string_quoted($filename), mode_str) } -probe syscall.faccessat.return = kernel.function("sys_faccessat").return ? { +probe syscall.faccessat.return = kernel.function("SyS_faccessat").return !, + kernel.function("sys_faccessat").return ? { name = "faccessat" retstr = returnstr(1) } @@ -666,7 +730,8 @@ probe syscall.faccessat.return = kernel.function("sys_faccessat").return ? { # fadvise64 __________________________________________________ # long sys_fadvise64(int fd, loff_t offset, size_t len, int advice) # -probe syscall.fadvise64 = kernel.function("sys_fadvise64") ? { +probe syscall.fadvise64 = kernel.function("SyS_fadvise64") !, + kernel.function("sys_fadvise64") ? { name = "fadvise64" fs = $fd offset = $offset @@ -674,7 +739,8 @@ probe syscall.fadvise64 = kernel.function("sys_fadvise64") ? { advice = $advice argstr = sprintf("%d, %d, %d, %s", $fd, $offset, $len, _fadvice_advice_str($advice)) } -probe syscall.fadvise64.return = kernel.function("sys_fadvise64").return ? { +probe syscall.fadvise64.return = kernel.function("SyS_fadvise64").return !, + kernel.function("sys_fadvise64").return ? { name = "fadvise64" retstr = returnstr(1) } @@ -682,7 +748,8 @@ probe syscall.fadvise64.return = kernel.function("sys_fadvise64").return ? { # fadvise64_64 _______________________________________________ # long sys_fadvise64_64(int fd, loff_t offset, loff_t len, int advice) # -probe syscall.fadvise64_64 = kernel.function("sys_fadvise64_64") { +probe syscall.fadvise64_64 = kernel.function("SyS_fadvise64_64") !, + kernel.function("sys_fadvise64_64") ? { name = "fadvise64_64" fs = $fd offset = $offset @@ -690,7 +757,8 @@ probe syscall.fadvise64_64 = kernel.function("sys_fadvise64_64") { advice = $advice argstr = sprintf("%d, %d, %d, %s", $fd, $offset, $len, _fadvice_advice_str($advice)) } -probe syscall.fadvise64_64.return = kernel.function("sys_fadvise64_64").return { +probe syscall.fadvise64_64.return = kernel.function("SyS_fadvise64_64").return !, + kernel.function("sys_fadvise64_64").return ? { name = "fadvise64_64" retstr = returnstr(1) } @@ -700,7 +768,8 @@ probe syscall.fadvise64_64.return = kernel.function("sys_fadvise64_64").return # fadvise64 __________________________________________________ # long sys_fadvise64(int fd, loff_t offset, size_t len, int advice) # -probe syscall.fadvise64 = kernel.function("sys_fadvise64") { +probe syscall.fadvise64 = kernel.function("SyS_fadvise64") !, + kernel.function("sys_fadvise64") { name = "fadvise64" fs = 0 offset = 0 @@ -708,7 +777,8 @@ probe syscall.fadvise64 = kernel.function("sys_fadvise64") { advice = 0 argstr = "" } -probe syscall.fadvise64.return = kernel.function("sys_fadvise64").return { +probe syscall.fadvise64.return = kernel.function("SyS_fadvise64").return !, + kernel.function("sys_fadvise64").return { name = "fadvise64" retstr = returnstr(1) } @@ -716,7 +786,8 @@ probe syscall.fadvise64.return = kernel.function("sys_fadvise64").return { # fadvise64_64 _______________________________________________ # long sys_fadvise64_64(int fd, loff_t offset, loff_t len, int advice) # -probe syscall.fadvise64_64 = kernel.function("sys_fadvise64_64") { +probe syscall.fadvise64_64 = kernel.function("SyS_fadvise64_64") !, + kernel.function("sys_fadvise64_64") { name = "fadvise64_64" fs = 0 offset = 0 @@ -724,7 +795,8 @@ probe syscall.fadvise64_64 = kernel.function("sys_fadvise64_64") { advice = 0 argstr = "" } -probe syscall.fadvise64_64.return = kernel.function("sys_fadvise64_64").return { +probe syscall.fadvise64_64.return = kernel.function("SyS_fadvise64_64").return !, + kernel.function("sys_fadvise64_64").return { name = "fadvise64_64" retstr = returnstr(1) } @@ -732,25 +804,29 @@ probe syscall.fadvise64_64.return = kernel.function("sys_fadvise64_64").return # fchdir _____________________________________________________ # long sys_fchdir(unsigned int fd) -probe syscall.fchdir = kernel.function("sys_fchdir") { +probe syscall.fchdir = kernel.function("SyS_fchdir") !, + kernel.function("sys_fchdir") { name = "fchdir" fd = $fd argstr = sprint($fd) } -probe syscall.fchdir.return = kernel.function("sys_fchdir").return { +probe syscall.fchdir.return = kernel.function("SyS_fchdir").return !, + kernel.function("sys_fchdir").return { name = "fchdir" retstr = returnstr(1) } # fchmod _____________________________________________________ # long sys_fchmod(unsigned int fd, mode_t mode) -probe syscall.fchmod = kernel.function("sys_fchmod") { +probe syscall.fchmod = kernel.function("SyS_fchmod") !, + kernel.function("sys_fchmod") { name = "fchmod" fildes = $fd mode = $mode argstr = sprintf("%d, %#o", $fd, $mode) } -probe syscall.fchmod.return = kernel.function("sys_fchmod").return { +probe syscall.fchmod.return = kernel.function("SyS_fchmod").return !, + kernel.function("sys_fchmod").return { name = "fchmod" retstr = returnstr(1) } @@ -759,7 +835,8 @@ probe syscall.fchmod.return = kernel.function("sys_fchmod").return { # new function with 2.6.16 # long sys_fchmodat(int dfd, const char __user *filename, # mode_t mode) -probe syscall.fchmodat = kernel.function("sys_fchmodat") ? { +probe syscall.fchmodat = kernel.function("SyS_fchmodat") !, + kernel.function("sys_fchmodat") ? { name = "fchmodat" dfd = $dfd dfd_str = _dfd_str($dfd) @@ -768,21 +845,24 @@ probe syscall.fchmodat = kernel.function("sys_fchmodat") ? { mode = $mode argstr = sprintf("%s, %s, %#o", dfd_str, user_string_quoted($filename), $mode) } -probe syscall.fchmodat.return = kernel.function("sys_fchmodat").return ? { +probe syscall.fchmodat.return = kernel.function("SyS_fchmodat").return !, + kernel.function("sys_fchmodat").return ? { name = "fchmodat" retstr = returnstr(1) } # fchown _____________________________________________________ # long sys_fchown(unsigned int fd, uid_t user, gid_t group) -probe syscall.fchown = kernel.function("sys_fchown") { +probe syscall.fchown = kernel.function("SyS_fchown") !, + kernel.function("sys_fchown") { name = "fchown" fd = $fd owner = __int32($user) group = __int32($group) argstr = sprintf("%d, %d, %d", $fd, owner, group) } -probe syscall.fchown.return = kernel.function("sys_fchown").return { +probe syscall.fchown.return = kernel.function("SyS_fchown").return !, + kernel.function("sys_fchown").return { name = "fchown" retstr = returnstr(1) } @@ -805,7 +885,8 @@ probe syscall.fchown16.return = kernel.function("sys_fchown16").return ? { # new function with 2.6.16 # long sys_fchownat(int dfd, const char __user *filename, # uid_t user, gid_t group, int flag) -probe syscall.fchownat = kernel.function("sys_fchownat") ? { +probe syscall.fchownat = kernel.function("SyS_fchownat") !, + kernel.function("sys_fchownat") ? { name = "fchownat" dfd = $dfd dfd_str = _dfd_str($dfd) @@ -818,7 +899,8 @@ probe syscall.fchownat = kernel.function("sys_fchownat") ? { argstr = sprintf("%s, %s, %d, %d, %s", dfd_str, user_string_quoted($filename), user, group, flag_str) } -probe syscall.fchownat.return = kernel.function("sys_fchownat").return ? { +probe syscall.fchownat.return = kernel.function("SyS_fchownat").return !, + kernel.function("sys_fchownat").return ? { name = "fchownat" retstr = returnstr(1) } @@ -830,10 +912,11 @@ probe syscall.fchownat.return = kernel.function("sys_fchownat").return ? { # long compat_sys_fcntl(unsigned int fd, unsigned int cmd, unsigned long arg) # probe syscall.fcntl = - kernel.function("sys_fcntl") ?, - kernel.function("sys_fcntl64") ?, kernel.function("compat_sys_fcntl") ?, - kernel.function("compat_sys_fcntl64") ? + kernel.function("compat_sys_fcntl64") ?, + kernel.function("sys_fcntl64") ?, + kernel.function("SyS_fcntl") !, + kernel.function("sys_fcntl") ? { name = "fcntl" fd = $fd @@ -843,10 +926,11 @@ probe syscall.fcntl = argstr = sprintf("%d, %s, %p", $fd, _fcntl_cmd_str($cmd), $arg) } probe syscall.fcntl.return = - kernel.function("sys_fcntl").return ?, - kernel.function("sys_fcntl64").return ?, kernel.function("compat_sys_fcntl").return ?, - kernel.function("compat_sys_fcntl64").return ? + kernel.function("compat_sys_fcntl64").return ?, + kernel.function("sys_fcntl64").return ?, + kernel.function("SyS_fcntl").return !, + kernel.function("sys_fcntl").return ? { name = "fcntl" retstr = returnstr(1) @@ -854,12 +938,14 @@ probe syscall.fcntl.return = # fdatasync __________________________________________________ # long sys_fdatasync(unsigned int fd) -probe syscall.fdatasync = kernel.function("sys_fdatasync") { +probe syscall.fdatasync = kernel.function("SyS_fdatasync") !, + kernel.function("sys_fdatasync") { name = "fdatasync" fd = $fd argstr = sprint(fd) } -probe syscall.fdatasync.return = kernel.function("sys_fdatasync").return { +probe syscall.fdatasync.return = kernel.function("SyS_fdatasync").return !, + kernel.function("sys_fdatasync").return { name = "fdatasync" retstr = returnstr(1) } @@ -867,7 +953,8 @@ probe syscall.fdatasync.return = kernel.function("sys_fdatasync").return { # fgetxattr __________________________________________________ # ssize_t sys_fgetxattr(int fd, char __user *name, # void __user *value, size_t size) -probe syscall.fgetxattr = kernel.function("sys_fgetxattr") { +probe syscall.fgetxattr = kernel.function("SyS_fgetxattr") !, + kernel.function("sys_fgetxattr") { name = "fgetxattr" filedes = $fd #FIXME @@ -876,33 +963,38 @@ probe syscall.fgetxattr = kernel.function("sys_fgetxattr") { size = $size argstr = sprintf("%d, %s, %p, %d", filedes, user_string_quoted($name), value_uaddr, size) } -probe syscall.fgetxattr.return = kernel.function("sys_fgetxattr").return { +probe syscall.fgetxattr.return = kernel.function("SyS_fgetxattr").return !, + kernel.function("sys_fgetxattr").return { name = "fgetxattr" retstr = returnstr(1) } # flistxattr _________________________________________________ # ssize_t sys_flistxattr(int fd, char __user *list, size_t size) -probe syscall.flistxattr = kernel.function("sys_flistxattr") { +probe syscall.flistxattr = kernel.function("SyS_flistxattr") !, + kernel.function("sys_flistxattr") { name = "flistxattr" filedes = $fd list_uaddr = $list size = $size argstr = sprintf("%d, %p, %d", filedes, list_uaddr, size) } -probe syscall.flistxattr.return = kernel.function("sys_flistxattr").return { +probe syscall.flistxattr.return = kernel.function("SyS_flistxattr").return !, + kernel.function("sys_flistxattr").return { name = "flistxattr" retstr = returnstr(1) } # flock ______________________________________________________ # long sys_flock(unsigned int fd, unsigned int cmd) -probe syscall.flock = kernel.function("sys_flock") { +probe syscall.flock = kernel.function("SyS_flock") !, + kernel.function("sys_flock") { name = "flock" fd = $fd operation = $cmd argstr = sprintf("%d, %s", fd, _flock_cmd_str(operation)) } -probe syscall.flock.return = kernel.function("sys_flock").return { +probe syscall.flock.return = kernel.function("SyS_flock").return !, + kernel.function("sys_flock").return { name = "flock" retstr = returnstr(1) } @@ -971,13 +1063,15 @@ probe syscall.fork.return = kernel.function("do_fork").return { } # fremovexattr _______________________________________________ # long sys_fremovexattr(int fd, char __user *name) -probe syscall.fremovexattr = kernel.function("sys_fremovexattr") { +probe syscall.fremovexattr = kernel.function("SyS_fremovexattr") !, + kernel.function("sys_fremovexattr") { name = "fremovexattr" filedes = $fd name_uaddr = $name argstr = sprintf("FIXME PLEASE") } -probe syscall.fremovexattr.return = kernel.function("sys_fremovexattr").return { +probe syscall.fremovexattr.return = kernel.function("SyS_fremovexattr").return !, + kernel.function("sys_fremovexattr").return { name = "fremovexattr" retstr = returnstr(1) } @@ -991,7 +1085,8 @@ probe syscall.fremovexattr.return = kernel.function("sys_fremovexattr").return { * size_t size, * int flags) */ -probe syscall.fsetxattr = kernel.function("sys_fsetxattr") { +probe syscall.fsetxattr = kernel.function("SyS_fsetxattr") !, + kernel.function("sys_fsetxattr") { name = "fsetxattr" filedes = $fd # FIXME @@ -1001,7 +1096,8 @@ probe syscall.fsetxattr = kernel.function("sys_fsetxattr") { flags = $flags argstr = sprintf("%d, %s, %p, %d, %p", filedes, user_string_quoted($name), value_uaddr, size, flags) } -probe syscall.fsetxattr.return = kernel.function("sys_fsetxattr").return { +probe syscall.fsetxattr.return = kernel.function("SyS_fsetxattr").return !, + kernel.function("sys_fsetxattr").return { name = "fsetxattr" retstr = returnstr(1) } @@ -1017,8 +1113,10 @@ probe syscall.fsetxattr.return = kernel.function("sys_fsetxattr").return { # probe syscall.fstat = kernel.function("sys_fstat") ?, + kernel.function("SyS_fstat64") ?, kernel.function("sys_fstat64") ?, kernel.function("sys32_fstat64") ?, + kernel.function("SyS_newfstat") ?, kernel.function("sys_newfstat") ?, kernel.function("sys_oabi_fstat64") ?, kernel.function("compat_sys_newfstat") ? @@ -1030,8 +1128,10 @@ probe syscall.fstat = } probe syscall.fstat.return = kernel.function("sys_fstat").return ?, + kernel.function("SyS_fstat64").return ?, kernel.function("sys_fstat64").return ?, kernel.function("sys32_fstat64").return ?, + kernel.function("SyS_newfstat").return ?, kernel.function("sys_newfstat").return ?, kernel.function("sys_oabi_fstat64").return ?, kernel.function("compat_sys_newfstat").return ? @@ -1046,7 +1146,9 @@ probe syscall.fstat.return = # long sys_fstatat64(int dfd, char __user *filename, struct stat64 __user *statbuf, int flag) # long compat_sys_newfstatat(unsigned int dfd, char __user *filename, struct compat_stat __user *statbuf, int flag) probe syscall.fstatat = + kernel.function("SyS_fstatat64") ?, kernel.function("sys_fstatat64") ?, + kernel.function("SyS_newfstatat") ?, kernel.function("sys_newfstatat") ?, kernel.function("compat_sys_newfstatat") ?, kernel.function("sys32_fstatat64") ? @@ -1058,7 +1160,9 @@ probe syscall.fstatat = argstr = sprintf("%s, %s, %p, %s", _dfd_str($dfd), user_string_quoted($filename), $statbuf, _at_flag_str($flag)) } probe syscall.fstatat.return = + kernel.function("SyS_fstatat64").return ?, kernel.function("sys_fstatat64").return ?, + kernel.function("SyS_newfstatat").return ?, kernel.function("sys_newfstatat").return ?, kernel.function("compat_sys_newfstatat").return ?, kernel.function("sys32_fstatat64").return ? @@ -1072,8 +1176,9 @@ probe syscall.fstatat.return = # long compat_sys_fstatfs(unsigned int fd, struct compat_statfs __user *buf) # probe syscall.fstatfs = - kernel.function("sys_fstatfs"), - kernel.function("compat_sys_fstatfs") ? + kernel.function("compat_sys_fstatfs") ?, + kernel.function("SyS_fstatfs") !, + kernel.function("sys_fstatfs") { name = "fstatfs" fd = $fd @@ -1081,8 +1186,9 @@ probe syscall.fstatfs = argstr = sprintf("%d, %p", $fd, $buf) } probe syscall.fstatfs.return = - kernel.function("sys_fstatfs").return, - kernel.function("compat_sys_fstatfs").return ? + kernel.function("compat_sys_fstatfs").return ?, + kernel.function("SyS_fstatfs").return !, + kernel.function("sys_fstatfs").return { name = "fstatfs" retstr = returnstr(1) @@ -1093,8 +1199,9 @@ probe syscall.fstatfs.return = # long compat_sys_fstatfs64(unsigned int fd, compat_size_t sz, struct compat_statfs64 __user *buf) # probe syscall.fstatfs64 = - kernel.function("sys_fstatfs64") ?, - kernel.function("compat_sys_fstatfs64") ? + kernel.function("compat_sys_fstatfs64") ?, + kernel.function("SyS_fstatfs64") !, + kernel.function("sys_fstatfs64") ? { name = "fstatfs" fd = $fd @@ -1103,8 +1210,9 @@ probe syscall.fstatfs64 = argstr = sprintf("%d, %d, %p", $fd, $sz, $buf) } probe syscall.fstatfs64.return = - kernel.function("sys_fstatfs64").return ?, - kernel.function("compat_sys_fstatfs64").return ? + kernel.function("compat_sys_fstatfs64").return ?, + kernel.function("SyS_fstatfs64").return !, + kernel.function("sys_fstatfs64").return ? { name = "fstatfs" retstr = returnstr(1) @@ -1112,24 +1220,28 @@ probe syscall.fstatfs64.return = # fsync ______________________________________________________ # long sys_fsync(unsigned int fd) -probe syscall.fsync = kernel.function("sys_fsync") { +probe syscall.fsync = kernel.function("SyS_fsync") !, + kernel.function("sys_fsync") { name = "fsync" fd = $fd argstr = sprint(fd) } -probe syscall.fsync.return = kernel.function("sys_fsync").return { +probe syscall.fsync.return = kernel.function("SyS_fsync").return !, + kernel.function("sys_fsync").return { name = "fsync" retstr = returnstr(1) } # ftruncate __________________________________________________ # long sys_ftruncate(unsigned int fd, unsigned long length) -probe syscall.ftruncate = kernel.function("sys_ftruncate") { +probe syscall.ftruncate = kernel.function("SyS_ftruncate") !, + kernel.function("sys_ftruncate") { name = "ftruncate" fd = $fd length = $length argstr = sprintf("%d, %d", fd, length) } -probe syscall.ftruncate.return = kernel.function("sys_ftruncate").return { +probe syscall.ftruncate.return = kernel.function("SyS_ftruncate").return !, + kernel.function("sys_ftruncate").return { name = "ftruncate" retstr = returnstr(1) } @@ -1158,7 +1270,8 @@ probe syscall.ftruncate64.return = kernel.function("sys_ftruncate64").return ? { # struct compat_timespec __user *utime, u32 __user *uaddr2, # u32 val3) # -probe syscall.futex = kernel.function("sys_futex") ? { +probe syscall.futex = kernel.function("SyS_futex") !, + kernel.function("sys_futex") ? { name = "futex" futex_uaddr = $uaddr op = $op @@ -1173,7 +1286,8 @@ probe syscall.futex = kernel.function("sys_futex") ? { argstr = sprintf("%p, %s, %d", $uaddr, _futex_op_str($op), $val) } -probe syscall.futex.return = kernel.function("sys_futex").return ? { +probe syscall.futex.return = kernel.function("SyS_futex").return !, + kernel.function("sys_futex").return ? { name = "futex" retstr = returnstr(1) } @@ -1203,7 +1317,8 @@ probe syscall.compat_futex.return = kernel.function("compat_sys_futex").return ? # long compat_sys_futimesat(unsigned int dfd, char __user *filename, struct compat_timeval __user *t) # -probe syscall.futimesat = kernel.function("sys_futimesat") ? { +probe syscall.futimesat = kernel.function("SyS_futimesat") !, + kernel.function("sys_futimesat") ? { name = "futimesat" dirfd = $dfd filename_uaddr = $filename @@ -1221,7 +1336,8 @@ probe syscall.compat_futimesat = kernel.function("compat_sys_futimesat") ? { argstr = sprintf("%s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), _struct_compat_timeval_u($t, 2)) } -probe syscall.futimesat.return = kernel.function("sys_futimesat").return ? { +probe syscall.futimesat.return = kernel.function("SyS_futimesat").return !, + kernel.function("sys_futimesat").return ? { name = "futimesat" retstr = returnstr(1) } @@ -1232,13 +1348,15 @@ probe syscall.compat_futimesat.return = kernel.function("compat_sys_futimesat"). # getcwd _____________________________________________________ # long sys_getcwd(char __user *buf, unsigned long size) -probe syscall.getcwd = kernel.function("sys_getcwd") { +probe syscall.getcwd = kernel.function("SyS_getcwd") !, + kernel.function("sys_getcwd") { name = "getcwd" buf_uaddr = $buf size = $size argstr = sprintf("%p, %d", buf_uaddr, size) } -probe syscall.getcwd.return = kernel.function("sys_getcwd").return { +probe syscall.getcwd.return = kernel.function("SyS_getcwd").return !, + kernel.function("sys_getcwd").return { name = "getcwd" retstr = returnstr(1) } @@ -1250,7 +1368,9 @@ probe syscall.getcwd.return = kernel.function("sys_getcwd").return { # long compat_sys_getdents64(unsigned int fd, struct linux_dirent64 __user * dirent, unsigned int count) # probe syscall.getdents = + kernel.function("SyS_getdents") ?, kernel.function("sys_getdents") ?, + kernel.function("SyS_getdents64") ?, kernel.function("sys_getdents64") ?, kernel.function("compat_sys_getdents") ?, kernel.function("compat_sys_getdents64") ? @@ -1262,7 +1382,9 @@ probe syscall.getdents = argstr = sprintf("%d, %p, %d", $fd, $dirent, $count) } probe syscall.getdents.return = + kernel.function("SyS_getdents").return ?, kernel.function("sys_getdents").return ?, + kernel.function("SyS_getdents64").return ?, kernel.function("sys_getdents64").return ?, kernel.function("compat_sys_getdents").return ?, kernel.function("compat_sys_getdents64").return ? @@ -1341,9 +1463,10 @@ probe syscall.getgid.return = # long sys32_getgroups16(int gidsetsize, u16 __user *grouplist) # probe syscall.getgroups = - kernel.function("sys_getgroups") ?, kernel.function("sys_getgroups16") ?, - kernel.function("sys32_getgroups16") ? + kernel.function("sys32_getgroups16") ?, + kernel.function("SyS_getgroups") !, + kernel.function("sys_getgroups") ? { name = "getgroups" size = $gidsetsize @@ -1351,9 +1474,10 @@ probe syscall.getgroups = argstr = sprintf("%d, %p", $gidsetsize, $grouplist) } probe syscall.getgroups.return = - kernel.function("sys_getgroups").return ?, kernel.function("sys_getgroups16").return ?, - kernel.function("sys32_getgroups16").return ? + kernel.function("sys32_getgroups16").return ?, + kernel.function("SyS_getgroups").return !, + kernel.function("sys_getgroups").return ? { name = "getgroups" retstr = returnstr(1) @@ -1361,13 +1485,15 @@ probe syscall.getgroups.return = # gethostname ________________________________________________ # long sys_gethostname(char __user *name, int len) -probe syscall.gethostname = kernel.function("sys_gethostname") ? { +probe syscall.gethostname = kernel.function("SyS_gethostname") !, + kernel.function("sys_gethostname") ? { name = "gethostname" name_uaddr = $name len = $len argstr = sprintf ("%p, %d", name_uaddr, len) } -probe syscall.gethostname.return = kernel.function("sys_gethostname").return ? { +probe syscall.gethostname.return = kernel.function("SyS_gethostname").return !, + kernel.function("sys_gethostname").return ? { name = "gethostname" retstr = returnstr(1) } @@ -1375,13 +1501,15 @@ probe syscall.gethostname.return = kernel.function("sys_gethostname").return ? { # getitimer __________________________________________________ # sys_getitimer(int which, struct itimerval __user *value) # -probe syscall.getitimer = kernel.function("sys_getitimer") { +probe syscall.getitimer = kernel.function("SyS_getitimer") !, + kernel.function("sys_getitimer") { name = "getitimer" which = $which value_uaddr = $value argstr = sprintf("%s, %p", _itimer_which_str($which), $value) } -probe syscall.getitimer.return = kernel.function("sys_getitimer").return { +probe syscall.getitimer.return = kernel.function("SyS_getitimer").return !, + kernel.function("sys_getitimer").return { name = "getitimer" retstr = returnstr(1) } @@ -1409,8 +1537,9 @@ probe syscall.compat_getitimer.return = kernel.function("compat_sys_getitimer"). # compat_ulong_t addr, compat_ulong_t flags) # probe syscall.get_mempolicy = - kernel.function("sys_get_mempolicy") ?, - kernel.function("compat_sys_get_mempolicy") ? + kernel.function("compat_sys_get_mempolicy") ?, + kernel.function("SyS_get_mempolicy") !, + kernel.function("sys_get_mempolicy") ? { name = "get_mempolicy" policy_uaddr = $policy @@ -1422,8 +1551,9 @@ probe syscall.get_mempolicy = $nmask, $maxnode, $addr, $flags) } probe syscall.get_mempolicy.return = - kernel.function("sys_get_mempolicy").return ?, - kernel.function("compat_sys_get_mempolicy").return ? + kernel.function("compat_sys_get_mempolicy").return ?, + kernel.function("SyS_get_mempolicy").return !, + kernel.function("sys_get_mempolicy").return ? { name = "get_mempolicy" retstr = returnstr(1) @@ -1432,26 +1562,30 @@ probe syscall.get_mempolicy.return = # getpeername ________________________________________________ # long sys_getpeername(int fd, struct sockaddr __user *usockaddr, int __user *usockaddr_len) # -probe syscall.getpeername = kernel.function("sys_getpeername") ? { +probe syscall.getpeername = kernel.function("SyS_getpeername") !, + kernel.function("sys_getpeername") ? { name = "getpeername" s = $fd name_uaddr = $usockaddr namelen_uaddr = $usockaddr_len argstr = sprintf("%d, %p, %p", $fd, $usockaddr, $usockaddr_len) } -probe syscall.getpeername.return = kernel.function("sys_getpeername").return ? { +probe syscall.getpeername.return = kernel.function("SyS_getpeername").return !, + kernel.function("sys_getpeername").return ? { name = "getpeername" retstr = returnstr(1) } # getpgid ____________________________________________________ # long sys_getpgid(pid_t pid) -probe syscall.getpgid = kernel.function("sys_getpgid") { +probe syscall.getpgid = kernel.function("SyS_getpgid") !, + kernel.function("sys_getpgid") { name = "getpgid" pid = $pid argstr = sprintf("%d", $pid) } -probe syscall.getpgid.return = kernel.function("sys_getpgid").return { +probe syscall.getpgid.return = kernel.function("SyS_getpgid").return !, + kernel.function("sys_getpgid").return { name = "getpgid" retstr = returnstr(1) } @@ -1491,13 +1625,15 @@ probe syscall.getppid.return = kernel.function("sys_getppid").return { # getpriority ________________________________________________ # long sys_getpriority(int which, int who) -probe syscall.getpriority = kernel.function("sys_getpriority") { +probe syscall.getpriority = kernel.function("SyS_getpriority") !, + kernel.function("sys_getpriority") { name = "getpriority" which = $which who = $who argstr = sprintf("%s, %d", _priority_which_str(which), who) } -probe syscall.getpriority.return = kernel.function("sys_getpriority").return { +probe syscall.getpriority.return = kernel.function("SyS_getpriority").return !, + kernel.function("sys_getpriority").return { name = "getpriority" retstr = returnstr(1) } @@ -1511,7 +1647,8 @@ probe syscall.getpriority.return = kernel.function("sys_getpriority").return { # old_uid_t __user *sgid) probe syscall.getresgid = kernel.function("sys_getresgid16") ?, - kernel.function("sys_getresgid") + kernel.function("SyS_getresgid") !, + kernel.function("sys_getresgid") { name = "getresgid" rgid_uaddr = $rgid @@ -1521,6 +1658,7 @@ probe syscall.getresgid = } probe syscall.getresgid.return = kernel.function("sys_getresgid16").return ?, + kernel.function("SyS_getresgid").return !, kernel.function("sys_getresgid").return { name = "getresgid" @@ -1533,6 +1671,7 @@ probe syscall.getresgid.return = # uid_t __user *suid) probe syscall.getresuid = kernel.function("sys_getresuid16") ?, + kernel.function("SyS_getresuid") !, kernel.function("sys_getresuid") { name = "getresuid" @@ -1543,7 +1682,8 @@ probe syscall.getresuid = } probe syscall.getresuid.return = kernel.function("sys_getresuid16").return ?, - kernel.function("sys_getresuid").return + kernel.function("SyS_getresuid").return !, + kernel.function("sys_getresuid").return { name = "getresuid" retstr = returnstr(1) @@ -1553,7 +1693,9 @@ probe syscall.getresuid.return = # long sys_getrlimit(unsigned int resource, struct rlimit __user *rlim) # long sys_old_getrlimit(unsigned int resource, struct rlimit __user *rlim) # long compat_sys_getrlimit (unsigned int resource, struct compat_rlimit __user *rlim) -probe syscall.getrlimit = kernel.function("sys_getrlimit"), +probe syscall.getrlimit = kernel.function("SyS_getrlimit") ?, + kernel.function("sys_getrlimit") ?, + kernel.function("SyS_old_getrlimit") ?, kernel.function("sys_old_getrlimit") ?, kernel.function("compat_sys_getrlimit") ? { @@ -1562,7 +1704,9 @@ probe syscall.getrlimit = kernel.function("sys_getrlimit"), rlim_uaddr = $rlim argstr = sprintf("%s, %p", _rlimit_resource_str($resource), $rlim) } -probe syscall.getrlimit.return = kernel.function("sys_getrlimit").return, +probe syscall.getrlimit.return = kernel.function("SyS_getrlimit").return ?, + kernel.function("sys_getrlimit").return ?, + kernel.function("SyS_old_getrlimit").return ?, kernel.function("sys_old_getrlimit").return ?, kernel.function("compat_sys_getrlimit").return ? { @@ -1572,7 +1716,8 @@ probe syscall.getrlimit.return = kernel.function("sys_getrlimit").return, # getrusage __________________________________________________ # long sys_getrusage(int who, struct rusage __user *ru) -probe syscall.getrusage = kernel.function("sys_getrusage") { +probe syscall.getrusage = kernel.function("SyS_getrusage") !, + kernel.function("sys_getrusage") { name = "getrusage" who = $who if($who==-2) @@ -1587,19 +1732,22 @@ probe syscall.getrusage = kernel.function("sys_getrusage") { usage_uaddr = $ru argstr = sprintf("%s, %p", who_str, usage_uaddr) } -probe syscall.getrusage.return = kernel.function("sys_getrusage").return { +probe syscall.getrusage.return = kernel.function("SyS_getrusage").return !, + kernel.function("sys_getrusage").return { name = "getrusage" retstr = returnstr(1) } # getsid _____________________________________________________ # long sys_getsid(pid_t pid) -probe syscall.getsid = kernel.function("sys_getsid") { +probe syscall.getsid = kernel.function("SyS_getsid") !, + kernel.function("sys_getsid") { name = "getsid" pid = $pid argstr = sprint(pid) } -probe syscall.getsid.return = kernel.function("sys_getsid").return { +probe syscall.getsid.return = kernel.function("SyS_getsid").return !, + kernel.function("sys_getsid").return { name = "getsid" retstr = returnstr(1) } @@ -1608,14 +1756,16 @@ probe syscall.getsid.return = kernel.function("sys_getsid").return { # long sys_getsockname(int fd, # struct sockaddr __user *usockaddr, # int __user *usockaddr_len) -probe syscall.getsockname = kernel.function("sys_getsockname") ? { +probe syscall.getsockname = kernel.function("SyS_getsockname") !, + kernel.function("sys_getsockname") ? { name = "getsockname" s = $fd name_uaddr = $usockaddr namelen_uaddr = $usockaddr_len argstr = sprintf("%d, %p, %p", $fd, $usockaddr, $usockaddr_len) } -probe syscall.getsockname.return = kernel.function("sys_getsockname").return ? { +probe syscall.getsockname.return = kernel.function("SyS_getsockname").return !, + kernel.function("sys_getsockname").return ? { name = "getsockname" retstr = returnstr(1) } @@ -1628,8 +1778,9 @@ probe syscall.getsockname.return = kernel.function("sys_getsockname").return ? { # int __user *optlen) # probe syscall.getsockopt = - kernel.function("sys_getsockopt") ?, - kernel.function("compat_sys_getsockopt") ? + kernel.function("compat_sys_getsockopt") ?, + kernel.function("SyS_getsockopt") !, + kernel.function("sys_getsockopt") ? { name = "getsockopt" fd = $fd @@ -1643,8 +1794,9 @@ probe syscall.getsockopt = _sockopt_optname_str($optname), $optval, $optlen) } probe syscall.getsockopt.return = - kernel.function("sys_getsockopt").return ?, - kernel.function("compat_sys_getsockopt").return ? + kernel.function("compat_sys_getsockopt").return ?, + kernel.function("SyS_getsockopt").return !, + kernel.function("sys_getsockopt").return ? { name = "getsockopt" retstr = returnstr(1) @@ -1669,9 +1821,10 @@ probe syscall.gettid.return = kernel.function("sys_gettid").return { # long compat_sys_gettimeofday(struct compat_timeval __user *tv, # struct timezone __user *tz) probe syscall.gettimeofday = - kernel.function("sys_gettimeofday"), + kernel.function("compat_sys_gettimeofday") ?, kernel.function("sys32_gettimeofday") ?, - kernel.function("compat_sys_gettimeofday") ? + kernel.function("SyS_gettimeofday") !, + kernel.function("sys_gettimeofday") { name = "gettimeofday" tv_uaddr = $tv @@ -1680,9 +1833,10 @@ probe syscall.gettimeofday = } probe syscall.gettimeofday.return = - kernel.function("sys_gettimeofday").return, + kernel.function("compat_sys_gettimeofday").return ?, kernel.function("sys32_gettimeofday").return ?, - kernel.function("compat_sys_gettimeofday").return ? + kernel.function("SyS_gettimeofday").return !, + kernel.function("sys_gettimeofday").return { name = "gettimeofday" retstr = returnstr(1) @@ -1713,7 +1867,8 @@ probe syscall.getuid.return = # getxattr ___________________________________________________ # ssize_t sys_getxattr(char __user *path, char __user *name, # void __user *value, size_t size) -probe syscall.getxattr = kernel.function("sys_getxattr") { +probe syscall.getxattr = kernel.function("SyS_getxattr") !, + kernel.function("sys_getxattr") { name = "getxattr" %( kernel_v >= "2.6.27" %? path = user_string($pathname) @@ -1733,7 +1888,8 @@ probe syscall.getxattr = kernel.function("sys_getxattr") { user_string_quoted($name), value_uaddr, size) } -probe syscall.getxattr.return = kernel.function("sys_getxattr").return { +probe syscall.getxattr.return = kernel.function("SyS_getxattr").return !, + kernel.function("sys_getxattr").return { name = "getxattr" retstr = returnstr(1) } @@ -1743,14 +1899,16 @@ probe syscall.getxattr.return = kernel.function("sys_getxattr").return { # unsigned long len, # const char __user *uargs) # -probe syscall.init_module = kernel.function("sys_init_module") ? { +probe syscall.init_module = kernel.function("SyS_init_module") !, + kernel.function("sys_init_module") ? { name = "init_module" umod_uaddr = $umod len = $len uargs = user_string($uargs) argstr = sprintf("%p, %d, %s", $umod, $len, user_string_quoted($uargs)) } -probe syscall.init_module.return = kernel.function("sys_init_module").return ? { +probe syscall.init_module.return = kernel.function("SyS_init_module").return !, + kernel.function("sys_init_module").return ? { name = "init_module" retstr = returnstr(1) } @@ -1759,7 +1917,8 @@ probe syscall.init_module.return = kernel.function("sys_init_module").return ? { # # long sys_inotify_add_watch(int fd, const char __user *path, u32 mask) # -probe syscall.inotify_add_watch = kernel.function("sys_inotify_add_watch") ? { +probe syscall.inotify_add_watch = kernel.function("SyS_inotify_add_watch") !, + kernel.function("sys_inotify_add_watch") ? { name = "inotify_add_watch" fd = $fd mask = $mask @@ -1774,7 +1933,8 @@ probe syscall.inotify_add_watch = kernel.function("sys_inotify_add_watch") ? { %) } -probe syscall.inotify_add_watch.return = kernel.function("sys_inotify_add_watch").return ? { +probe syscall.inotify_add_watch.return = kernel.function("SyS_inotify_add_watch").return !, + kernel.function("sys_inotify_add_watch").return ? { name = "inotify_add_watch" retstr = returnstr(1) } @@ -1796,13 +1956,15 @@ probe syscall.inotify_init.return = kernel.function("sys_inotify_init").return ? # # long sys_inotify_rm_watch(int fd, u32 wd) # -probe syscall.inotify_rm_watch = kernel.function("sys_inotify_rm_watch") ? { +probe syscall.inotify_rm_watch = kernel.function("SyS_inotify_rm_watch") !, + kernel.function("sys_inotify_rm_watch") ? { name = "inotify_rm_watch" fd = $fd wd = $wd argstr = sprintf("%d, %d", $fd, $wd) } -probe syscall.inotify_rm_watch.return = kernel.function("sys_inotify_rm_watch").return ? { +probe syscall.inotify_rm_watch.return = kernel.function("SyS_inotify_rm_watch").return !, + kernel.function("sys_inotify_rm_watch").return ? { name = "inotify_rm_watch" retstr = returnstr(1) } @@ -1811,14 +1973,16 @@ probe syscall.inotify_rm_watch.return = kernel.function("sys_inotify_rm_watch"). # long sys_io_cancel(aio_context_t ctx_id, # struct iocb __user *iocb, # struct io_event __user *result) -probe syscall.io_cancel = kernel.function("sys_io_cancel") { +probe syscall.io_cancel = kernel.function("SyS_io_cancel") !, + kernel.function("sys_io_cancel") { name = "io_cancel" ctx_id = $ctx_id iocb_uaddr = $iocb result_uaddr = $result argstr = sprintf("%d, %p, %p", ctx_id, iocb_uaddr, result_uaddr) } -probe syscall.io_cancel.return = kernel.function("sys_io_cancel").return { +probe syscall.io_cancel.return = kernel.function("SyS_io_cancel").return !, + kernel.function("sys_io_cancel").return { name = "io_cancel" retstr = returnstr(1) } @@ -1828,8 +1992,9 @@ probe syscall.io_cancel.return = kernel.function("sys_io_cancel").return { # long compat_sys_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg) # probe syscall.ioctl = - kernel.function("sys_ioctl") ?, - kernel.function("compat_sys_ioctl") ? + kernel.function("compat_sys_ioctl") ?, + kernel.function("SyS_ioctl") !, + kernel.function("sys_ioctl") ? { name = "ioctl" fd = $fd @@ -1838,8 +2003,9 @@ probe syscall.ioctl = argstr = sprintf("%d, %d, %p", $fd, $cmd, $arg) } probe syscall.ioctl.return = - kernel.function("sys_ioctl").return ?, - kernel.function("compat_sys_ioctl").return ? + kernel.function("compat_sys_ioctl").return ?, + kernel.function("SyS_ioctl").return !, + kernel.function("sys_ioctl").return ? { name = "ioctl" retstr = returnstr(1) @@ -1847,12 +2013,14 @@ probe syscall.ioctl.return = # io_destroy _________________________________________________ # long sys_io_destroy(aio_context_t ctx) -probe syscall.io_destroy = kernel.function("sys_io_destroy") { +probe syscall.io_destroy = kernel.function("SyS_io_destroy") !, + kernel.function("sys_io_destroy") { name = "io_destroy" ctx = $ctx argstr = sprintf("%d", ctx) } -probe syscall.io_destroy.return = kernel.function("sys_io_destroy").return { +probe syscall.io_destroy.return = kernel.function("SyS_io_destroy").return !, + kernel.function("sys_io_destroy").return { name = "io_destroy" retstr = returnstr(1) } @@ -1870,8 +2038,9 @@ probe syscall.io_destroy.return = kernel.function("sys_io_destroy").return { # struct compat_timespec __user *timeout) # probe syscall.io_getevents = - kernel.function("sys_io_getevents") ?, - kernel.function("compat_sys_io_getevents") ? + kernel.function("compat_sys_io_getevents") ?, + kernel.function("SyS_io_getevents") !, + kernel.function("sys_io_getevents") ? { name = "io_getevents" ctx_id = $ctx_id @@ -1884,8 +2053,9 @@ probe syscall.io_getevents = $nr, $events, $timeout, timestr) } probe syscall.io_getevents.return = - kernel.function("sys_io_getevents").return ?, - kernel.function("compat_sys_io_getevents").return ? + kernel.function("compat_sys_io_getevents").return ?, + kernel.function("SyS_io_getevents").return !, + kernel.function("sys_io_getevents").return ? { name = "io_getevents" retstr = returnstr(1) @@ -1909,14 +2079,16 @@ probe syscall.ioperm.return = kernel.function("sys_ioperm").return ? { # io_setup ___________________________________________________ # long sys_io_setup(unsigned nr_events, aio_context_t __user *ctxp) # -probe syscall.io_setup = kernel.function("sys_io_setup") { +probe syscall.io_setup = kernel.function("SyS_io_setup") !, + kernel.function("sys_io_setup") { name = "io_setup" maxevents = $nr_events ctxp_uaddr = $ctxp argstr = sprintf("%d, %p", $nr_events, $ctxp) } -probe syscall.io_setup.return = kernel.function("sys_io_setup").return { +probe syscall.io_setup.return = kernel.function("SyS_io_setup").return !, + kernel.function("sys_io_setup").return { name = "io_setup" retstr = returnstr(1) } @@ -1937,14 +2109,16 @@ probe syscall.compat_io_setup.return = kernel.function("compat_sys_io_setup").re # io_submit __________________________________________________ # long sys_io_submit(aio_context_t ctx_id, long nr, struct iocb __user * __user *iocbpp) # -probe syscall.io_submit = kernel.function("sys_io_submit") { +probe syscall.io_submit = kernel.function("SyS_io_submit") !, + kernel.function("sys_io_submit") { name = "io_submit" ctx_id = $ctx_id nr = $nr iocbpp_uaddr = $iocbpp argstr = sprintf("%d, %d, %p", $ctx_id, $nr, $iocbpp) } -probe syscall.io_submit.return = kernel.function("sys_io_submit").return { +probe syscall.io_submit.return = kernel.function("SyS_io_submit").return !, + kernel.function("sys_io_submit").return { name = "io_submit" retstr = returnstr(1) } @@ -1965,13 +2139,15 @@ probe syscall.compat_io_submit.return = kernel.function("compat_sys_io_submit"). # ioprio_get _________________________________________________ # long sys_ioprio_get(int which, int who) # -probe syscall.ioprio_get = kernel.function("sys_ioprio_get") ? { +probe syscall.ioprio_get = kernel.function("SyS_ioprio_get") !, + kernel.function("sys_ioprio_get") ? { name = "ioprio_get" which = $which who = $who argstr = sprintf("%d, %d", $which, $who) } -probe syscall.ioprio_get.return = kernel.function("sys_ioprio_get").return ? { +probe syscall.ioprio_get.return = kernel.function("SyS_ioprio_get").return !, + kernel.function("sys_ioprio_get").return ? { name = "ioprio_get" retstr = returnstr(1) } @@ -1979,14 +2155,16 @@ probe syscall.ioprio_get.return = kernel.function("sys_ioprio_get").return ? { # ioprio_set _________________________________________________ # long sys_ioprio_set(int which, int who, int ioprio) # -probe syscall.ioprio_set = kernel.function("sys_ioprio_set") ? { +probe syscall.ioprio_set = kernel.function("SyS_ioprio_set") !, + kernel.function("sys_ioprio_set") ? { name = "ioprio_set" which = $which who = $who ioprio = $ioprio argstr = sprintf("%d, %d, %d", $which, $who, $ioprio) } -probe syscall.ioprio_set.return = kernel.function("sys_ioprio_set").return ? { +probe syscall.ioprio_set.return = kernel.function("SyS_ioprio_set").return !, + kernel.function("sys_ioprio_set").return ? { name = "ioprio_set" retstr = returnstr(1) } @@ -2002,8 +2180,9 @@ probe syscall.ioprio_set.return = kernel.function("sys_ioprio_set").return ? { # unsigned long flags) # probe syscall.kexec_load = - kernel.function("sys_kexec_load") ?, - kernel.function("compat_sys_kexec_load") ? + kernel.function("compat_sys_kexec_load") ?, + kernel.function("SyS_kexec_load") !, + kernel.function("sys_kexec_load") ? { name = "kexec_load" entry = $entry @@ -2013,8 +2192,9 @@ probe syscall.kexec_load = argstr = sprintf("%p, %d, %p, %d", $entry, $nr_segments, $segments, $flags) } probe syscall.kexec_load.return = - kernel.function("sys_kexec_load").return ?, - kernel.function("compat_sys_kexec_load").return ? + kernel.function("compat_sys_kexec_load").return ?, + kernel.function("SyS_kexec_load").return !, + kernel.function("sys_kexec_load").return ? { name = "kexec_load" retstr = returnstr(1) @@ -2029,16 +2209,18 @@ probe syscall.kexec_load.return = # long compat_sys_keyctl(u32 option, u32 arg2, u32 arg3, u32 arg4, u32 arg5) # probe syscall.keyctl = - kernel.function("sys_keyctl") ?, - kernel.function("compat_sys_keyctl") ? + kernel.function("compat_sys_keyctl") ?, + kernel.function("SyS_keyctl") !, + kernel.function("sys_keyctl") ? { name = "keyctl" argstr = sprintf("%d, ...", $option) } probe syscall.keyctl.return = - kernel.function("sys_keyctl").return ?, - kernel.function("compat_sys_keyctl").return ? + kernel.function("compat_sys_keyctl").return ?, + kernel.function("SyS_keyctl").return !, + kernel.function("sys_keyctl").return ? { name = "keyctl" retstr = returnstr(1) @@ -2046,13 +2228,15 @@ probe syscall.keyctl.return = # kill _______________________________________________________ # long sys_kill(int pid, int sig) -probe syscall.kill = kernel.function("sys_kill") { +probe syscall.kill = kernel.function("SyS_kill") !, + kernel.function("sys_kill") { name = "kill" pid = $pid sig = $sig argstr = sprintf("%d, %s", $pid, _signal_name($sig)) } -probe syscall.kill.return = kernel.function("sys_kill").return { +probe syscall.kill.return = kernel.function("SyS_kill").return !, + kernel.function("sys_kill").return { name = "kill" retstr = returnstr(1) } @@ -2060,14 +2244,16 @@ probe syscall.kill.return = kernel.function("sys_kill").return { # lchown _____________________________________________________ # long sys_lchown(const char __user * filename, uid_t user, gid_t group) # -probe syscall.lchown = kernel.function("sys_lchown") { +probe syscall.lchown = kernel.function("SyS_lchown") !, + kernel.function("sys_lchown") { name = "lchown" path = user_string($filename) owner = __int32($user) group = __int32($group) argstr = sprintf("%s, %d, %d",user_string_quoted($filename), owner, group) } -probe syscall.lchown.return = kernel.function("sys_lchown").return { +probe syscall.lchown.return = kernel.function("SyS_lchown").return !, + kernel.function("sys_lchown").return { name = "lchown" retstr = returnstr(1) } @@ -2094,7 +2280,8 @@ probe syscall.lchown16.return = kernel.function("sys_lchown16").return ? { # void __user *value, # size_t size) # -probe syscall.lgetxattr = kernel.function("sys_lgetxattr") { +probe syscall.lgetxattr = kernel.function("SyS_lgetxattr") !, + kernel.function("sys_lgetxattr") { name = "lgetxattr" %( kernel_v >= "2.6.27" %? path = user_string($pathname) @@ -2114,7 +2301,8 @@ probe syscall.lgetxattr = kernel.function("sys_lgetxattr") { user_string_quoted($name), value_uaddr, size) } -probe syscall.lgetxattr.return = kernel.function("sys_lgetxattr").return { +probe syscall.lgetxattr.return = kernel.function("SyS_lgetxattr").return !, + kernel.function("sys_lgetxattr").return { name = "lgetxattr" retstr = returnstr(1) } @@ -2122,7 +2310,8 @@ probe syscall.lgetxattr.return = kernel.function("sys_lgetxattr").return { # link _______________________________________________________ # long sys_link(const char __user * oldname, # const char __user * newname) -probe syscall.link = kernel.function("sys_link") { +probe syscall.link = kernel.function("SyS_link") !, + kernel.function("sys_link") { name = "link" oldpath = user_string($oldname) newpath = user_string($newname) @@ -2130,7 +2319,8 @@ probe syscall.link = kernel.function("sys_link") { user_string_quoted($oldname), user_string_quoted($newname)) } -probe syscall.link.return = kernel.function("sys_link").return { +probe syscall.link.return = kernel.function("SyS_link").return !, + kernel.function("sys_link").return { name = "link" retstr = returnstr(1) } @@ -2139,7 +2329,8 @@ probe syscall.link.return = kernel.function("sys_link").return { # new function with 2.6.16 # long sys_linkat(int olddfd, const char __user *oldname, # int newdfd, const char __user *newname, int flags) -probe syscall.linkat = kernel.function("sys_linkat") ? { +probe syscall.linkat = kernel.function("SyS_linkat") !, + kernel.function("sys_linkat") ? { name = "linkat" olddfd = $olddfd olddfd_str = _dfd_str($olddfd) @@ -2156,20 +2347,23 @@ probe syscall.linkat = kernel.function("sys_linkat") ? { newdfd_str, user_string_quoted($newname), flags_str) } -probe syscall.linkat.return = kernel.function("sys_linkat").return ? { +probe syscall.linkat.return = kernel.function("SyS_linkat").return !, + kernel.function("sys_linkat").return ? { name = "linkat" retstr = returnstr(1) } # listen _____________________________________________________ # long sys_listen(int fd, int backlog) -probe syscall.listen = kernel.function("sys_listen") ? { +probe syscall.listen = kernel.function("SyS_listen") !, + kernel.function("sys_listen") ? { name = "listen" sockfd = $fd backlog = $backlog argstr = sprintf("%d, %d", $fd, $backlog) } -probe syscall.listen.return = kernel.function("sys_listen").return ? { +probe syscall.listen.return = kernel.function("SyS_listen").return !, + kernel.function("sys_listen").return ? { name = "listen" retstr = returnstr(1) } @@ -2177,7 +2371,8 @@ probe syscall.listen.return = kernel.function("sys_listen").return ? { # listxattr __________________________________________________ # ssize_t sys_listxattr(char __user *path, char __user *list, size_t size) # -probe syscall.listxattr = kernel.function("sys_listxattr") { +probe syscall.listxattr = kernel.function("SyS_listxattr") !, + kernel.function("sys_listxattr") { name = "listxattr" list_uaddr = $list size = $size @@ -2191,7 +2386,8 @@ probe syscall.listxattr = kernel.function("sys_listxattr") { argstr = sprintf("%s, %p, %d", user_string_quoted($path), $list, $size) %) } -probe syscall.listxattr.return = kernel.function("sys_listxattr").return { +probe syscall.listxattr.return = kernel.function("SyS_listxattr").return !, + kernel.function("sys_listxattr").return { name = "listxattr" retstr = returnstr(1) } @@ -2199,7 +2395,8 @@ probe syscall.listxattr.return = kernel.function("sys_listxattr").return { # llistxattr _________________________________________________ # ssize_t sys_llistxattr(char __user *path, char __user *list, size_t size) # -probe syscall.llistxattr = kernel.function("sys_llistxattr") { +probe syscall.llistxattr = kernel.function("SyS_llistxattr") !, + kernel.function("sys_llistxattr") { name = "llistxattr" list_uaddr = $list size = $size @@ -2213,7 +2410,8 @@ probe syscall.llistxattr = kernel.function("sys_llistxattr") { argstr = sprintf("%s, %p, %d", user_string_quoted($path), $list, $size) %) } -probe syscall.llistxattr.return = kernel.function("sys_llistxattr").return { +probe syscall.llistxattr.return = kernel.function("SyS_llistxattr").return !, + kernel.function("sys_llistxattr").return { name = "llistxattr" retstr = returnstr(1) } @@ -2224,7 +2422,8 @@ probe syscall.llistxattr.return = kernel.function("sys_llistxattr").return { # unsigned long offset_low, # loff_t __user * result, # unsigned int origin) -probe syscall.llseek = kernel.function("sys_llseek") ? { +probe syscall.llseek = kernel.function("SyS_llseek") !, + kernel.function("sys_llseek") ? { name = "llseek" fd = $fd offset_high = $offset_high @@ -2235,7 +2434,8 @@ probe syscall.llseek = kernel.function("sys_llseek") ? { argstr = sprintf("%d, 0x%x, 0x%x, %p, %s", $fd, $offset_high, $offset_low, $result, whence_str) } -probe syscall.llseek.return = kernel.function("sys_llseek").return ? { +probe syscall.llseek.return = kernel.function("SyS_llseek").return !, + kernel.function("sys_llseek").return ? { name = "llseek" retstr = returnstr(1) } @@ -2243,14 +2443,16 @@ probe syscall.llseek.return = kernel.function("sys_llseek").return ? { # lookup_dcookie _____________________________________________ # long sys_lookup_dcookie(u64 cookie64, char __user * buf, size_t len) # -probe syscall.lookup_dcookie = kernel.function("sys_lookup_dcookie") ? { +probe syscall.lookup_dcookie = kernel.function("SyS_lookup_dcookie") !, + kernel.function("sys_lookup_dcookie") ? { name = "lookup_dcookie" cookie = $cookie64 buffer_uaddr = $buf len = $len argstr = sprintf("%d, %p, %d", $cookie64, $buf, $len) } -probe syscall.lookup_dcookie.return = kernel.function("sys_lookup_dcookie").return ? { +probe syscall.lookup_dcookie.return = kernel.function("SyS_lookup_dcookie").return !, + kernel.function("sys_lookup_dcookie").return ? { name = "lookup_dcookie" retstr = returnstr(1) } @@ -2258,7 +2460,8 @@ probe syscall.lookup_dcookie.return = kernel.function("sys_lookup_dcookie").retu # lremovexattr _______________________________________________ # long sys_lremovexattr(char __user *path, char __user *name) # -probe syscall.lremovexattr = kernel.function("sys_lremovexattr") { +probe syscall.lremovexattr = kernel.function("SyS_lremovexattr") !, + kernel.function("sys_lremovexattr") { name = "lremovexattr" name_uaddr = $name name2 = user_string($name) @@ -2272,14 +2475,16 @@ probe syscall.lremovexattr = kernel.function("sys_lremovexattr") { argstr = sprintf("%s, %s", user_string_quoted($path), user_string_quoted($name)) %) } -probe syscall.lremovexattr.return = kernel.function("sys_lremovexattr").return { +probe syscall.lremovexattr.return = kernel.function("SyS_lremovexattr").return !, + kernel.function("sys_lremovexattr").return { name = "lremovexattr" retstr = returnstr(1) } # lseek ______________________________________________________ # off_t sys_lseek(unsigned int fd, off_t offset, unsigned int origin) -probe syscall.lseek = kernel.function("sys_lseek") { +probe syscall.lseek = kernel.function("SyS_lseek") !, + kernel.function("sys_lseek") { name = "lseek" fildes = $fd # offset = __int32($offset) @@ -2288,7 +2493,8 @@ probe syscall.lseek = kernel.function("sys_lseek") { whence_str = _seek_whence_str($origin) argstr = sprintf("%d, %d, %s", $fd, offset, whence_str) } -probe syscall.lseek.return = kernel.function("sys_lseek").return { +probe syscall.lseek.return = kernel.function("SyS_lseek").return !, + kernel.function("sys_lseek").return { name = "lseek" retstr = returnstr(1) } @@ -2300,7 +2506,8 @@ probe syscall.lseek.return = kernel.function("sys_lseek").return { # size_t size, # int flags) # -probe syscall.lsetxattr = kernel.function("sys_lsetxattr") { +probe syscall.lsetxattr = kernel.function("SyS_lsetxattr") !, + kernel.function("sys_lsetxattr") { name = "lsetxattr" %( kernel_v >= "2.6.27" %? path_uaddr = $pathname @@ -2323,7 +2530,8 @@ probe syscall.lsetxattr = kernel.function("sys_lsetxattr") { user_string_quoted($name), value_uaddr, $size, $flags) } -probe syscall.lsetxattr.return = kernel.function("sys_lsetxattr").return { +probe syscall.lsetxattr.return = kernel.function("SyS_lsetxattr").return !, + kernel.function("sys_lsetxattr").return { name = "lsetxattr" retstr = returnstr(1) } @@ -2339,9 +2547,11 @@ probe syscall.lsetxattr.return = kernel.function("sys_lsetxattr").return { # probe syscall.lstat = kernel.function("sys_lstat") ?, + kernel.function("SyS_newlstat") ?, kernel.function("sys_newlstat") ?, kernel.function("compat_sys_newlstat") ?, kernel.function("sys32_lstat64") ?, + kernel.function("SyS_lstat64") ?, kernel.function("sys_lstat64") ?, kernel.function("sys_oabi_lstat64") ? { @@ -2352,9 +2562,11 @@ probe syscall.lstat = } probe syscall.lstat.return = kernel.function("sys_lstat").return ?, + kernel.function("SyS_newlstat").return ?, kernel.function("sys_newlstat").return ?, kernel.function("compat_sys_newlstat").return ?, kernel.function("sys32_lstat64").return ?, + kernel.function("SyS_lstat64").return ?, kernel.function("sys_lstat64").return ?, kernel.function("sys_oabi_lstat64").return ? { @@ -2365,7 +2577,8 @@ probe syscall.lstat.return = # madvise ____________________________________________________ # long sys_madvise(unsigned long start, size_t len_in, int behavior) # -probe syscall.madvise = kernel.function("sys_madvise") ? { +probe syscall.madvise = kernel.function("SyS_madvise") !, + kernel.function("sys_madvise") ? { name = "madvise" start = $start length = $len_in @@ -2373,7 +2586,8 @@ probe syscall.madvise = kernel.function("sys_madvise") ? { advice_str = _madvice_advice_str($behavior) argstr = sprintf("%p, %d, %s", $start, $len_in, _madvice_advice_str($behavior)) } -probe syscall.madvise.return = kernel.function("sys_madvise").return ? { +probe syscall.madvise.return = kernel.function("SyS_madvise").return !, + kernel.function("sys_madvise").return ? { name = "madvise" retstr = returnstr(1) } @@ -2394,8 +2608,9 @@ probe syscall.madvise.return = kernel.function("sys_madvise").return ? { # compat_ulong_t flags) # probe syscall.mbind = - kernel.function("sys_mbind") ?, - kernel.function("compat_sys_mbind") ? + kernel.function("compat_sys_mbind") ?, + kernel.function("SyS_mbind") !, + kernel.function("sys_mbind") ? { name = "mbind" start = $start @@ -2408,8 +2623,9 @@ probe syscall.mbind = $nmask, $maxnode, $flags) } probe syscall.mbind.return = - kernel.function("sys_mbind").return ?, - kernel.function("compat_sys_mbind").return ? + kernel.function("compat_sys_mbind").return ?, + kernel.function("SyS_mbind").return !, + kernel.function("sys_mbind").return ? { name = "mbind" retstr = returnstr(1) @@ -2419,11 +2635,13 @@ probe syscall.mbind.return = # long sys_migrate_pages(pid_t pid, unsigned long maxnode, # const unsigned long __user *old_nodes, # const unsigned long __user *new_nodes) -probe syscall.migrate_pages = kernel.function("sys_migrate_pages") ? { +probe syscall.migrate_pages = kernel.function("SyS_migrate_pages") !, + kernel.function("sys_migrate_pages") ? { name = "migrate_pages" argstr = sprintf("%d, %d, %p, %p", $pid, $maxnode, $old_nodes, $new_nodes) } -probe syscall.migrate_pages.return = kernel.function("sys_migrate_pages").return ? { +probe syscall.migrate_pages.return = kernel.function("SyS_migrate_pages").return !, + kernel.function("sys_migrate_pages").return ? { name = "migrate_pages" retstr = returnstr(1) } @@ -2431,28 +2649,32 @@ probe syscall.migrate_pages.return = kernel.function("sys_migrate_pages").return # mincore ____________________________________________________ # long sys_mincore(unsigned long start, size_t len, unsigned char __user * vec) # -probe syscall.mincore = kernel.function("sys_mincore") ? { +probe syscall.mincore = kernel.function("SyS_mincore") !, + kernel.function("sys_mincore") ? { name = "mincore" start = $start length = $len vec_uaddr = $vec argstr = sprintf("%p, %d, %p", $start, $len, $vec) } -probe syscall.mincore.return = kernel.function("sys_mincore").return ? { +probe syscall.mincore.return = kernel.function("SyS_mincore").return !, + kernel.function("sys_mincore").return ? { name = "mincore" retstr = returnstr(1) } # mkdir ______________________________________________________ # long sys_mkdir(const char __user * pathname, int mode) -probe syscall.mkdir = kernel.function("sys_mkdir") { +probe syscall.mkdir = kernel.function("SyS_mkdir") !, + kernel.function("sys_mkdir") { name = "mkdir" pathname_uaddr = $pathname pathname = user_string($pathname) mode = $mode argstr = sprintf("%s, %#o", user_string_quoted($pathname), $mode) } -probe syscall.mkdir.return = kernel.function("sys_mkdir").return { +probe syscall.mkdir.return = kernel.function("SyS_mkdir").return !, + kernel.function("sys_mkdir").return { name = "mkdir" retstr = returnstr(1) } @@ -2460,21 +2682,24 @@ probe syscall.mkdir.return = kernel.function("sys_mkdir").return { # mkdirat ____________________________________________________ # new function with 2.6.16 # long sys_mkdirat(int dfd, const char __user *pathname, int mode) -probe syscall.mkdirat = kernel.function("sys_mkdirat") ? { +probe syscall.mkdirat = kernel.function("SyS_mkdirat") !, + kernel.function("sys_mkdirat") ? { name = "mkdirat" dirfd = $dfd pathname = user_string($pathname) mode = $mode argstr = sprintf("%s, %s, %#o", _dfd_str($dfd), user_string_quoted($pathname), $mode) } -probe syscall.mkdirat.return = kernel.function("sys_mkdirat").return ? { +probe syscall.mkdirat.return = kernel.function("SyS_mkdirat").return !, + kernel.function("sys_mkdirat").return ? { name = "mkdirat" retstr = returnstr(1) } # mknod # long sys_mknod(const char __user * filename, int mode, unsigned dev) -probe syscall.mknod = kernel.function("sys_mknod") { +probe syscall.mknod = kernel.function("SyS_mknod") !, + kernel.function("sys_mknod") { name = "mknod" pathname = user_string($filename) mode = $mode @@ -2482,7 +2707,8 @@ probe syscall.mknod = kernel.function("sys_mknod") { argstr = sprintf("%s, %s, %p", user_string_quoted($filename), _mknod_mode_str($mode), dev) } -probe syscall.mknod.return = kernel.function("sys_mknod").return { +probe syscall.mknod.return = kernel.function("SyS_mknod").return !, + kernel.function("sys_mknod").return { name = "mknod" retstr = returnstr(1) } @@ -2491,7 +2717,8 @@ probe syscall.mknod.return = kernel.function("sys_mknod").return { # new function with 2.6.16 # long sys_mknodat(int dfd, const char __user *filename, # int mode, unsigned dev) -probe syscall.mknodat = kernel.function("sys_mknodat") ? { +probe syscall.mknodat = kernel.function("SyS_mknodat") !, + kernel.function("sys_mknodat") ? { name = "mknodat" dfd = $dfd dfd_str = _dfd_str($dfd) @@ -2503,7 +2730,8 @@ probe syscall.mknodat = kernel.function("sys_mknodat") ? { argstr = sprintf("%s, %s, %s, %p", dfd_str, user_string_quoted($filename), mode_str, $dev) } -probe syscall.mknodat.return = kernel.function("sys_mknodat").return ? { +probe syscall.mknodat.return = kernel.function("SyS_mknodat").return !, + kernel.function("sys_mknodat").return ? { name = "mknodat" retstr = returnstr(1) } @@ -2512,13 +2740,15 @@ probe syscall.mknodat.return = kernel.function("sys_mknodat").return ? { # # long sys_mlock(unsigned long start, size_t len) # -probe syscall.mlock = kernel.function("sys_mlock") ? { +probe syscall.mlock = kernel.function("SyS_mlock") !, + kernel.function("sys_mlock") ? { name = "mlock" addr = $start len = $len argstr = sprintf("%p, %d", $start, $len) } -probe syscall.mlock.return = kernel.function("sys_mlock").return ? { +probe syscall.mlock.return = kernel.function("SyS_mlock").return !, + kernel.function("sys_mlock").return ? { name = "mlock" retstr = returnstr(1) } @@ -2526,12 +2756,14 @@ probe syscall.mlock.return = kernel.function("sys_mlock").return ? { # # long sys_mlockall(int flags) # -probe syscall.mlockall = kernel.function("sys_mlockall") ? { +probe syscall.mlockall = kernel.function("SyS_mlockall") !, + kernel.function("sys_mlockall") ? { name = "mlockall" flags = $flags argstr = _mlockall_flags_str($flags) } -probe syscall.mlockall.return = kernel.function("sys_mlockall").return ? { +probe syscall.mlockall.return = kernel.function("SyS_mlockall").return !, + kernel.function("sys_mlockall").return ? { name = "mlockall" retstr = returnstr(1) } @@ -2565,15 +2797,17 @@ probe syscall.modify_ldt.return = kernel.function("sys_modify_ldt").return ? { # int flags) # probe syscall.move_pages = - kernel.function("sys_move_pages") ?, - kernel.function("compat_sys_move_pages") ? + kernel.function("compat_sys_move_pages") ?, + kernel.function("SyS_move_pages") !, + kernel.function("sys_move_pages") ? { name = "move_pages" argstr = sprintf("%d, %d, %p, %p, 0x%x", $pid, $nr_pages, $nodes, $status, $flags) } probe syscall.move_pages.return = - kernel.function("sys_move_pages").return ?, - kernel.function("compat_sys_move_pages").return ? + kernel.function("compat_sys_move_pages").return ?, + kernel.function("SyS_move_pages").return !, + kernel.function("sys_move_pages").return ? { name = "move_pages" retstr = returnstr(1) @@ -2591,8 +2825,9 @@ probe syscall.move_pages.return = # unsigned long flags, # void __user * data) probe syscall.mount = - kernel.function("sys_mount"), - kernel.function("compat_sys_mount") ? + kernel.function("compat_sys_mount") ?, + kernel.function("SyS_mount") !, + kernel.function("sys_mount") { name = "mount" source = user_string($dev_name) @@ -2608,8 +2843,9 @@ probe syscall.mount = mountflags_str, data) } probe syscall.mount.return = - kernel.function("sys_mount").return, - kernel.function("compat_sys_mount").return ? + kernel.function("compat_sys_mount").return ?, + kernel.function("SyS_mount").return !, + kernel.function("sys_mount").return { name = "mount" retstr = returnstr(1) @@ -2618,7 +2854,8 @@ probe syscall.mount.return = # mprotect ___________________________________________________ # long sys_mprotect(unsigned long start, size_t len, unsigned long prot) # -probe syscall.mprotect = kernel.function("sys_mprotect") ? { +probe syscall.mprotect = kernel.function("SyS_mprotect") !, + kernel.function("sys_mprotect") ? { name = "mprotect" addr = $start len = $len @@ -2626,7 +2863,8 @@ probe syscall.mprotect = kernel.function("sys_mprotect") ? { prot_str = _mprotect_prot_str($prot) argstr = sprintf("%p, %d, %s", $start, $len, _mprotect_prot_str($prot)) } -probe syscall.mprotect.return = kernel.function("sys_mprotect").return ? { +probe syscall.mprotect.return = kernel.function("SyS_mprotect").return !, + kernel.function("sys_mprotect").return ? { name = "mprotect" retstr = returnstr(1) } @@ -2640,8 +2878,9 @@ probe syscall.mprotect.return = kernel.function("sys_mprotect").return ? { # struct compat_mq_attr __user *u_omqstat) # probe syscall.mq_getsetattr = - kernel.function("sys_mq_getsetattr") ?, - kernel.function("compat_sys_mq_getsetattr") ? + kernel.function("compat_sys_mq_getsetattr") ?, + kernel.function("SyS_mq_getsetattr") !, + kernel.function("sys_mq_getsetattr") ? { name = "mq_getsetattr" mqdes = $mqdes @@ -2650,8 +2889,9 @@ probe syscall.mq_getsetattr = argstr = sprintf("%d, %p, %p", $mqdes, $u_mqstat, $u_omqstat) } probe syscall.mq_getsetattr.return = - kernel.function("sys_mq_getsetattr").return ?, - kernel.function("compat_sys_mq_getsetattr").return ? + kernel.function("compat_sys_mq_getsetattr").return ?, + kernel.function("SyS_mq_getsetattr").return !, + kernel.function("sys_mq_getsetattr").return ? { name = "mq_getsetattr" retstr = returnstr(1) @@ -2662,8 +2902,9 @@ probe syscall.mq_getsetattr.return = # long compat_sys_mq_notify(mqd_t mqdes, const struct compat_sigevent __user *u_notification) # probe syscall.mq_notify = - kernel.function("sys_mq_notify") ?, - kernel.function("compat_sys_mq_notify") ? + kernel.function("compat_sys_mq_notify") ?, + kernel.function("SyS_mq_notify") !, + kernel.function("sys_mq_notify") ? { name = "mq_notify" mqdes = $mqdes @@ -2671,8 +2912,9 @@ probe syscall.mq_notify = argstr = sprintf("%d, %p", $mqdes, $u_notification) } probe syscall.mq_notify.return = - kernel.function("sys_mq_notify").return ?, - kernel.function("compat_sys_mq_notify").return ? + kernel.function("compat_sys_mq_notify").return ?, + kernel.function("SyS_mq_notify").return !, + kernel.function("sys_mq_notify").return ? { name = "mq_notify" retstr = returnstr(1) @@ -2688,8 +2930,9 @@ probe syscall.mq_notify.return = # struct compat_mq_attr __user *u_attr) # probe syscall.mq_open = - kernel.function("sys_mq_open") ?, - kernel.function("compat_sys_mq_open") ? + kernel.function("compat_sys_mq_open") ?, + kernel.function("SyS_mq_open") !, + kernel.function("sys_mq_open") ? { name = "mq_open" name_uaddr = $u_name @@ -2704,8 +2947,9 @@ probe syscall.mq_open = argstr = sprintf("%s, %s", user_string_quoted($u_name), _sys_open_flag_str($oflag)) } probe syscall.mq_open.return = - kernel.function("sys_mq_open").return ?, - kernel.function("compat_sys_mq_open").return ? + kernel.function("compat_sys_mq_open").return ?, + kernel.function("SyS_mq_open").return !, + kernel.function("sys_mq_open").return ? { name = "mq_open" retstr = returnstr(1) @@ -2723,8 +2967,9 @@ probe syscall.mq_open.return = # const struct compat_timespec __user *u_abs_timeout) # probe syscall.mq_timedreceive = - kernel.function("sys_mq_timedreceive") ?, - kernel.function("compat_sys_mq_timedreceive") ? + kernel.function("compat_sys_mq_timedreceive") ?, + kernel.function("SyS_mq_timedreceive") !, + kernel.function("sys_mq_timedreceive") ? { name = "mq_timedreceive" mqdes = $mqdes @@ -2736,8 +2981,9 @@ probe syscall.mq_timedreceive = $u_msg_prio, $u_abs_timeout) } probe syscall.mq_timedreceive.return = - kernel.function("sys_mq_timedreceive").return ?, - kernel.function("compat_sys_mq_timedreceive").return ? + kernel.function("compat_sys_mq_timedreceive").return ?, + kernel.function("SyS_mq_timedreceive").return !, + kernel.function("sys_mq_timedreceive").return ? { name = "mq_timedreceive" retstr = returnstr(1) @@ -2755,8 +3001,9 @@ probe syscall.mq_timedreceive.return = # const struct compat_timespec __user *u_abs_timeout) # probe syscall.mq_timedsend = - kernel.function("sys_mq_timedsend") ?, - kernel.function("compat_sys_mq_timedsend") ? + kernel.function("compat_sys_mq_timedsend") ?, + kernel.function("SyS_mq_timedsend") !, + kernel.function("sys_mq_timedsend") ? { name = "mq_timedsend" mqdes = $mqdes @@ -2768,8 +3015,9 @@ probe syscall.mq_timedsend = $msg_prio, $u_abs_timeout) } probe syscall.mq_timedsend.return = - kernel.function("sys_mq_timedsend").return ?, - kernel.function("compat_sys_mq_timedsend").return ? + kernel.function("compat_sys_mq_timedsend").return ?, + kernel.function("SyS_mq_timedsend").return !, + kernel.function("sys_mq_timedsend").return ? { name = "mq_timedsend" retstr = returnstr(1) @@ -2778,13 +3026,15 @@ probe syscall.mq_timedsend.return = # mq_unlink __________________________________________________ # long sys_mq_unlink(const char __user *u_name) # -probe syscall.mq_unlink = kernel.function("sys_mq_unlink") ? { +probe syscall.mq_unlink = kernel.function("SyS_mq_unlink") !, + kernel.function("sys_mq_unlink") ? { name = "mq_unlink" u_name_uaddr = $u_name u_name = user_string($u_name) argstr = user_string_quoted($u_name) } -probe syscall.mq_unlink.return = kernel.function("sys_mq_unlink").return ? { +probe syscall.mq_unlink.return = kernel.function("SyS_mq_unlink").return !, + kernel.function("sys_mq_unlink").return ? { name = "mq_unlink" retstr = returnstr(1) } @@ -2797,8 +3047,9 @@ probe syscall.mq_unlink.return = kernel.function("sys_mq_unlink").return ? { # unsigned long new_addr) # probe syscall.mremap = - kernel.function("sys_mremap") ?, - kernel.function("ia64_mremap") ? + kernel.function("ia64_mremap") ?, + kernel.function("SyS_mremap") !, + kernel.function("sys_mremap") ? { name = "mremap" old_address = $addr @@ -2810,8 +3061,9 @@ probe syscall.mremap = _mremap_flags($flags), $new_addr) } probe syscall.mremap.return = - kernel.function("sys_mremap").return ?, - kernel.function("ia64_mremap").return ? + kernel.function("ia64_mremap").return ?, + kernel.function("SyS_mremap").return !, + kernel.function("sys_mremap").return ? { name = "mremap" retstr = returnstr(2) @@ -2820,14 +3072,16 @@ probe syscall.mremap.return = # msgctl _____________________________________________________ # long sys_msgctl (int msqid, int cmd, struct msqid_ds __user *buf) # -probe syscall.msgctl = kernel.function("sys_msgctl") ? { +probe syscall.msgctl = kernel.function("SyS_msgctl") !, + kernel.function("sys_msgctl") ? { name = "msgctl" msqid = $msqid cmd = $cmd buf_uaddr = $buf argstr = sprintf("%d, %d, %p", $msqid, $cmd, $buf) } -probe syscall.msgctl.return = kernel.function("sys_msgctl").return ? { +probe syscall.msgctl.return = kernel.function("SyS_msgctl").return !, + kernel.function("sys_msgctl").return ? { name = "msgctl" retstr = returnstr(1) } @@ -2847,14 +3101,16 @@ probe syscall.compat_sys_msgctl.return = kernel.function("compat_sys_msgctl").re # msgget _____________________________________________________ # long sys_msgget (key_t key, int msgflg) # -probe syscall.msgget = kernel.function("sys_msgget") ? { +probe syscall.msgget = kernel.function("SyS_msgget") !, + kernel.function("sys_msgget") ? { name = "msgget" key = $key msgflg = $msgflg msgflg_str = _sys_open_flag_str($msgflg) argstr = sprintf("%d, %s", $key, _sys_open_flag_str($msgflg)) } -probe syscall.msgget.return = kernel.function("sys_msgget").return ? { +probe syscall.msgget.return = kernel.function("SyS_msgget").return !, + kernel.function("sys_msgget").return ? { name = "msgget" retstr = returnstr(1) } @@ -2866,7 +3122,8 @@ probe syscall.msgget.return = kernel.function("sys_msgget").return ? { # long msgtyp, # int msgflg) # -probe syscall.msgrcv = kernel.function("sys_msgrcv") ? { +probe syscall.msgrcv = kernel.function("SyS_msgrcv") !, + kernel.function("sys_msgrcv") ? { name = "msgrcv" msqid = $msqid msgp_uaddr = $msgp @@ -2875,7 +3132,8 @@ probe syscall.msgrcv = kernel.function("sys_msgrcv") ? { msgflg = $msgflg argstr = sprintf("%d, %p, %d, %d, %d", $msqid, $msgp, $msgsz, $msgtyp, $msgflg) } -probe syscall.msgrcv.return = kernel.function("sys_msgrcv").return ? { +probe syscall.msgrcv.return = kernel.function("SyS_msgrcv").return !, + kernel.function("sys_msgrcv").return ? { name = "msgrcv" retstr = returnstr(1) } @@ -2899,7 +3157,8 @@ probe syscall.compat_sys_msgrcv.return = kernel.function("compat_sys_msgrcv").re # size_t msgsz, # int msgflg) # -probe syscall.msgsnd = kernel.function("sys_msgsnd") ? { +probe syscall.msgsnd = kernel.function("SyS_msgsnd") !, + kernel.function("sys_msgsnd") ? { name = "msgsnd" msqid = $msqid msgp_uaddr = $msgp @@ -2907,7 +3166,8 @@ probe syscall.msgsnd = kernel.function("sys_msgsnd") ? { msgflg = $msgflg argstr = sprintf("%d, %p, %d, %d", $msqid, $msgp, $msgsz, $msgflg) } -probe syscall.msgsnd.return = kernel.function("sys_msgsnd").return ? { +probe syscall.msgsnd.return = kernel.function("SyS_msgsnd").return !, + kernel.function("sys_msgsnd").return ? { name = "msgsnd" retstr = returnstr(1) } @@ -2926,27 +3186,31 @@ probe syscall.compat_sys_msgsnd.return = kernel.function("compat_sys_msgsnd").re # msync ______________________________________________________ # long sys_msync(unsigned long start, size_t len, int flags) -probe syscall.msync = kernel.function("sys_msync") ? { +probe syscall.msync = kernel.function("SyS_msync") !, + kernel.function("sys_msync") ? { name = "msync" start = $start length = $len flags = $flags argstr = sprintf("%p, %d, %s",start, length, _msync_flag_str(flags)) } -probe syscall.msync.return = kernel.function("sys_msync").return ? { +probe syscall.msync.return = kernel.function("SyS_msync").return !, + kernel.function("sys_msync").return ? { name = "msync" retstr = returnstr(1) } # munlock ____________________________________________________ # long sys_munlock(unsigned long start, size_t len) -probe syscall.munlock = kernel.function("sys_munlock") ? { +probe syscall.munlock = kernel.function("SyS_munlock") !, + kernel.function("sys_munlock") ? { name = "munlock" addr = $start len = $len argstr = sprintf("%p, %d", addr, len) } -probe syscall.munlock.return = kernel.function("sys_munlock").return ? { +probe syscall.munlock.return = kernel.function("SyS_munlock").return !, + kernel.function("sys_munlock").return ? { name = "munlock" retstr = returnstr(1) } @@ -2964,13 +3228,15 @@ probe syscall.munlockall.return = kernel.function("sys_munlockall").return ? { # munmap _____________________________________________________ # long sys_munmap(unsigned long addr, size_t len) -probe syscall.munmap = kernel.function("sys_munmap") { +probe syscall.munmap = kernel.function("SyS_munmap") !, + kernel.function("sys_munmap") { name = "munmap" start = $addr length = $len argstr = sprintf("%p, %d", start, length) } -probe syscall.munmap.return = kernel.function("sys_munmap").return { +probe syscall.munmap.return = kernel.function("SyS_munmap").return !, + kernel.function("sys_munmap").return { name = "munmap" retstr = returnstr(1) } |