summaryrefslogtreecommitdiffstats
path: root/tapset/system_calls.stp
diff options
context:
space:
mode:
Diffstat (limited to 'tapset/system_calls.stp')
-rw-r--r--tapset/system_calls.stp1264
1 files changed, 1193 insertions, 71 deletions
diff --git a/tapset/system_calls.stp b/tapset/system_calls.stp
index 4399f0e4..c821b013 100644
--- a/tapset/system_calls.stp
+++ b/tapset/system_calls.stp
@@ -1461,11 +1461,6 @@ probe kernel.syscall.waitpid =
probe kernel.syscall.waitpid.return =
kernel.function("sys_wait4").return {
name = "waitpid.return"
- }
-# set_tid_address__________________________________
-probe kernel.syscall.set_tid_address =
- kernel.function("sys_set_tid_address") {
- name = "set_tid_address"
pid = $pid
/*
status = $stat_addr
@@ -1474,112 +1469,258 @@ probe kernel.syscall.set_tid_address =
options_str =
_wait4_opt_str($options)
}
+# set_tid_address__________________________________
+/* asmlinkage long sys_set_tid_address(int __user *tidptr) */
+probe kernel.syscall.set_tid_address =
+ kernel.function("sys_set_tid_address") {
+ name = "set_tid_address"
+ /*
+ tidptr = $tidptr
+ */
+ }
probe kernel.syscall.set_tid_address.return =
kernel.function("sys_set_tid_address").return {
name = "set_tid_address.return"
+ /*
+ tidptr = $tidptr
+ */
+
}
# futex____________________________________________
+/* asmlinkage long sys_futex(u32 __user *uaddr,
+ int op, int val,
+ struct timespec __user *utime,
+ u32 __user *uaddr2,
+ int val3) */
probe kernel.syscall.futex =
kernel.function("sys_futex") {
name = "futex"
+ /*
+ uaddr = $uaddr
+ */
+ op = $op
+ op_str = _futex_op_str($op)
+ val = $val
+ /*
+ utime_tv_sec = $utime->tv_sec
+ utime_tv_usec = $utime->tv_usec
+ uaddr2 = $uaddr2
+ val3 = $val3
+ */
}
probe kernel.syscall.futex.return =
kernel.function("sys_futex").return {
name = "futex.return"
+ /*
+ uaddr = $uaddr
+ */
+ op = $op
+ op_str = _futex_op_str($op)
+ val = $val
+ /*
+ utime_tv_sec = $utime->tv_sec
+ utime_tv_usec = $utime->tv_usec
+ uaddr2 = $uaddr2
+ val3 = $val3
+ */
}
# init_module______________________________________
+/*sys_init_module(void __user *umod,
+ unsigned long len,
+ const char __user *uargs) */
probe kernel.syscall.init_module =
kernel.function("sys_init_module") {
name = "init_module"
+ /*
+ void __user *umod
+ */
+ len = $len
+ /*
+ uargs = $uargs
+ */
}
probe kernel.syscall.init_module.return =
kernel.function("sys_init_module").return {
name = "init_module.return"
+ /*
+ void __user *umod
+ */
+ len = $len
+ /*
+ uargs = $uargs
+ */
}
# delete_module____________________________________
+/* asmlinkage long
+ sys_delete_module(const char __user *name_user,
+ unsigned int flags) */
probe kernel.syscall.delete_module =
kernel.function("sys_delete_module") {
+ /*
name = "delete_module"
+ name_user = $name_user
+ */
+ flags = $flags
+ flags_str = _module_flags_str($flags)
}
probe kernel.syscall.delete_module.return =
kernel.function("sys_delete_module").return {
name = "delete_module.return"
+ /*
+ name = "delete_module"
+ name_user = $name_user
+ */
+ flags = $flags
+ flags_str = _module_flags_str($flags)
}
# rt_sigprocmask___________________________________
+/* asmlinkage long sys_rt_sigprocmask(int how,
+ sigset_t __user *set,
+ sigset_t __user *oset,
+ size_t sigsetsize) */
probe kernel.syscall.rt_sigprocmask =
kernel.function("sys_rt_sigprocmask") {
name = "rt_sigprocmask"
+ how = $how
+ how_str = _sigprocmask_how_str($how)
+ /*
+ set = $set
+ oset = $oset
+ */
+ sigsetsize = $sigsetsize
}
probe kernel.syscall.rt_sigprocmask.return =
kernel.function("sys_rt_sigprocmask").return {
name = "rt_sigprocmask.return"
+ how = $how
+ how_str = _sigprocmask_how_str($how)
+ /*
+ set = $set
+ oset = $oset
+ */
+ sigsetsize = $sigsetsize
}
# rt_sigpending____________________________________
+/* asmlinkage long
+ sys_rt_sigpending(sigset_t __user *set, size_t sigsetsize) */
probe kernel.syscall.rt_sigpending =
kernel.function("do_sigpending") {
name = "rt_sigpending"
+ sigsetsize = $sigsetsize
}
probe kernel.syscall.rt_sigpending.return =
kernel.function("do_sigpending").return {
name = "rt_sigpending.return"
+ /*
+ set = $set
+ */
}
# rt_sigtimedwait__________________________________
+/* asmlinkage long
+ sys_rt_sigtimedwait(const sigset_t __user *uthese,
+ siginfo_t __user *uinfo,
+ const struct timespec __user *uts,
+ size_t sigsetsize) */
probe kernel.syscall.rt_sigtimedwait =
kernel.function("sys_rt_sigtimedwait") {
name = "rt_sigtimedwait"
+ /*
+ set = $uthese
+ uts_tv_sec = $uts->tv_sec
+ uts_tv_usec = $uts->tv_usec
+ */
+ sigsetsize = $sigsetsize
}
probe kernel.syscall.rt_sigtimedwait.return =
kernel.function("sys_rt_sigtimedwait").return {
name = "rt_sigtimedwait.return"
+ /*
+ set = $uthese
+ info = $uinfo
+ uts_tv_sec = $uts->tv_sec
+ uts_tv_usec = $uts->tv_usec
+ */
+ sigsetsize = $sigsetsize
}
# kill_____________________________________________
+/* asmlinkage long sys_kill(int pid, int sig) */
probe kernel.syscall.kill =
kernel.function("sys_kill") {
name = "kill"
+ pid = $pid
+ sig = $sig
}
probe kernel.syscall.kill.return =
kernel.function("sys_kill").return {
name = "kill.return"
+ pid = $pid
+ sig = $sig
}
# tgkill___________________________________________
+/* asmlinkage long sys_tgkill(int tgid, int pid, int sig) */
probe kernel.syscall.tgkill =
kernel.function("sys_tgkill") {
name = "tgkill"
+ tgid = $tgid
+ pid = $pid
+ sig = $sig
}
probe kernel.syscall.tgkill.return =
kernel.function("sys_tgkill").return {
name = "tgkill.return"
+ tgid = $tgid
+ pid = $pid
+ sig = $sig
}
# tkill____________________________________________
+/* asmlinkage long sys_tkill(int pid, int sig) */
probe kernel.syscall.tkill =
kernel.function("sys_tkill") {
name = "tkill"
+ pid = $pid
+ sig = $sig
}
probe kernel.syscall.tkill.return =
kernel.function("sys_tkill").return {
name = "tkill.return"
+ pid = $pid
+ sig = $sig
}
# rt_sigqueueinfo__________________________________
+/* smlinkage long
+ sys_rt_sigqueueinfo(int pid, int sig,
+ siginfo_t __user *uinfo) */
probe kernel.syscall.rt_sigqueueinfo =
kernel.function("sys_rt_sigqueueinfo") {
name = "rt_sigqueueinfo"
+ pid = $pid
+ sig = $sig
+ /*
+ uinfo = $uinfo
+ */
}
probe kernel.syscall.rt_sigqueueinfo.return =
kernel.function("sys_rt_sigqueueinfo").return {
name = "rt_sigqueueinfo.return"
+ pid = $pid
+ sig = $sig
+ /*
+ uinfo = $uinfo
+ */
}
# sgetmask_________________________________________
+/* sys_sgetmask(void) */
probe kernel.syscall.sgetmask =
kernel.function("sys_sgetmask") {
name = "sgetmask"
@@ -1590,26 +1731,45 @@ probe kernel.syscall.sgetmask.return =
name = "sgetmask.return"
}
# ssetmask_________________________________________
+/* asmlinkage long sys_ssetmask(int newmask) */
probe kernel.syscall.ssetmask =
kernel.function("sys_ssetmask") {
name = "ssetmask"
+ newmask = $newmask
}
probe kernel.syscall.ssetmask.return =
kernel.function("sys_ssetmask").return {
name = "ssetmask.return"
+ newmask = $newmask
}
# signal___________________________________________
+/* asmlinkage unsigned long
+ sys_signal(int sig, __sighandler_t handler)
+*/
probe kernel.syscall.signal =
kernel.function("sys_signal") {
name = "signal"
+ sig = $sig
+ /*
+ I do not think that there is any
+ reason to export this...
+ handler = $handler
+ */
}
probe kernel.syscall.signal.return =
kernel.function("sys_signal").return {
name = "signal.return"
+ sig = $sig
+ /*
+ I do not think that there is any
+ reason to export this...
+ handler = $handler
+ */
}
# pause____________________________________________
+/* sys_pause(void) */
probe kernel.syscall.pause =
kernel.function("sys_pause") {
name = "pause"
@@ -1620,6 +1780,7 @@ probe kernel.syscall.pause.return =
name = "pause.return"
}
# sync_____________________________________________
+/* asmlinkage long sys_sync(void) */
probe kernel.syscall.sync =
kernel.function("do_sync") {
name = "sync"
@@ -1630,279 +1791,709 @@ probe kernel.syscall.sync.return =
name = "sync.return"
}
# fsync____________________________________________
+/* asmlinkage long sys_fsync(unsigned int fd) */
probe kernel.syscall.fsync =
kernel.function("sys_fsync") {
name = "fsync"
+ fd = $fd
}
probe kernel.syscall.fsync.return =
kernel.function("sys_fsync").return {
name = "fsync.return"
+ fd = $fd
}
# fdatasync________________________________________
+/* asmlinkage long sys_fdatasync(unsigned int fd) */
probe kernel.syscall.fdatasync =
kernel.function("sys_fdatasync") {
name = "fdatasync"
+ fd = $fd
}
probe kernel.syscall.fdatasync.return =
kernel.function("sys_fdatasync").return {
name = "fdatasync.return"
+ fd = $fd
}
# bdflush__________________________________________
+/* asmlinkage long sys_bdflush(int func, long data) */
probe kernel.syscall.bdflush =
kernel.function("sys_bdflush") {
name = "bdflush"
+ func = $func
+ data = $data
}
probe kernel.syscall.bdflush.return =
kernel.function("sys_bdflush").return {
name = "bdflush.return"
+ func = $func
+ data = $data
}
# mount____________________________________________
+/* asmlinkage long sys_mount(char __user * dev_name,
+ char __user * dir_name,
+ char __user * type,
+ unsigned long flags,
+ void __user * data) */
probe kernel.syscall.mount =
kernel.function("sys_mount") {
name = "mount"
+ /*
+ source = $dev_name
+ target = $dir_name
+ filesystemtype = $type
+
+ void pointers are still being worked out
+ void __user * data
+ */
+ mountflags = $flags
+ mountflags_str =
+ _mountflags_str($flags)
}
probe kernel.syscall.mount.return =
kernel.function("sys_mount").return {
name = "mount.return"
+ /*
+ source = $dev_name
+ target = $dir_name
+ filesystemtype = $type
+
+ void pointers are still being worked out
+ void __user * data
+ */
+ mountflags = $flags
+ mountflags_str =
+ _mountflags_str($flags)
}
# umount___________________________________________
+/* asmlinkage long sys_umount(char __user * name, int flags) */
probe kernel.syscall.umount =
kernel.function("sys_umount") {
name = "umount"
+ /*
+ target = $name
+ */
+ flags = $flags
+ flags_str = _mountflags_str($flags)
}
probe kernel.syscall.umount.return =
kernel.function("sys_umount").return {
name = "umount.return"
+ /*
+ target = $name
+ */
+ flags = $flags
+ flags_str = _mountflags_str($flags)
}
# oldumount________________________________________
+/* smlinkage long sys_oldumount(char __user * name) */
probe kernel.syscall.oldumount =
kernel.function("sys_umount") {
name = "oldumount"
+ /*
+ target = $name
+ */
}
probe kernel.syscall.oldumount.return =
kernel.function("sys_umount").return {
name = "oldumount.return"
+ /*
+ target = $name
+ */
}
# truncate_________________________________________
+/* asmlinkage long sys_truncate(const char __user * path,
+ unsigned long length) */
probe kernel.syscall.truncate =
kernel.function("do_sys_truncate") {
name = "truncate"
+ /*
+ path = $path
+ */
+ length = $length
}
probe kernel.syscall.truncate.return =
kernel.function("do_sys_truncate").return {
name = "truncate.return"
+ /*
+ path = $path
+ */
+ length = $length
}
# ftruncate________________________________________
+/* static inline long do_sys_ftruncate(unsigned int fd,
+ loff_t length,
+ int small) */
probe kernel.syscall.ftruncate =
kernel.function("do_sys_ftrancate") {
name = "ftruncate"
+ fd = $fd
+ length = $length
+ small = $small
}
probe kernel.syscall.ftruncate.return =
kernel.function("do_sys_ftrancate").return {
name = "ftruncate.return"
+ fd = $fd
+ length = $length
+ small = $small
}
# stat_____________________________________________
+/* asmlinkage long sys_stat(char __user * filename,
+ struct __old_kernel_stat __user * statbuf) */
probe kernel.syscall.stat =
kernel.function("sys_stat") {
name = "stat"
+ /*
+ filename = $filename
+ */
}
probe kernel.syscall.stat.return =
kernel.function("sys_stat").return {
name = "stat.return"
+ /*
+ filename = $filename
+ buf_st_dev = $statbuf->st_dev
+ buf_st_ino = $statbuf->st_ino
+ buf_st_mode = $statbuf->st_mode
+ buf_st_nlink = $statbuf->st_nlink
+ buf_st_uid = $statbuf->st_uid
+ buf_st_gid = $statbuf->st_gid
+ buf_st_rdev = $statbuf->st_rdev
+ buf_st_size = $statbuf->st_size
+ buf_st_atime = $statbuf->st_atime
+ buf_st_mtime = $statbuf->st_mtime
+ buf_st_ctime = $statbuf->st_ctime
+ */
}
# statfs___________________________________________
+/* asmlinkage long sys_statfs(const char __user * path,
+ struct statfs __user * buf) */
probe kernel.syscall.statfs =
kernel.function("sys_statfs") {
name = "statfs"
+ /*
+ path = $path
+ */
}
probe kernel.syscall.statfs.return =
kernel.function("sys_statfs").return {
name = "statfs.return"
+ /*
+ path = $path
+ buf_f_type = $buf->f_type
+ buf_f_bsize = $buf->f_bsize
+ buf_f_blocks = $buf->f_blocks
+ buf_f_bfree = $buf->f_bfree
+ buf_f_bavail = $buf->f_bavail
+ buf_f_files = $buf->f_files
+ buf_f_ffree = $buf->f_ffree
+ buf_f_fsid = $buf->f_fsid
+ buf_f_namelen = $buf->f_namelen
+ buf_f_frsize = $buf->f_frsize
+ buf_f_spare == __u32 f_spare[5];
+ buf_f_type_str =
+ _statfs_f_type_str($buf->f_type)
+ */
}
# statfs64_________________________________________
+/* asmlinkage long sys_statfs64(const char __user *path,
+ size_t sz,
+ struct statfs64 __user *buf) */
probe kernel.syscall.statfs64 =
kernel.function("sys_statfs64") {
name = "statfs64"
+ /*
+ path = $path
+ */
+ sz = $sz
}
probe kernel.syscall.statfs64.return =
kernel.function("sys_statfs64").return {
name = "statfs64.return"
+ /*
+ path = $path
+ */
+ sz = $sz
+ /*
+ buf_f_type = $buf->f_type
+ buf_f_bsize = $buf->f_bsize
+ buf_f_blocks = $buf->f_blocks
+ buf_f_bfree = $buf->f_bfree
+ buf_f_bavail = $buf->f_bavail
+ buf_f_files = $buf->f_files
+ buf_f_ffree = $buf->f_ffree
+ buf_f_fsid = $buf->f_fsid
+ buf_f_namelen = $buf->f_namelen
+ buf_f_frsize = $buf->f_frsize
+ buf_f_spare == __u32 f_spare[5];
+ buf_f_type_str =
+ _statfs_f_type_str($buf->f_type)
+ */
}
# fstatfs__________________________________________
+/* asmlinkage long sys_fstatfs(unsigned int fd,
+ struct statfs __user * buf) */
probe kernel.syscall.fstatfs =
kernel.function("sys_fstatfs") {
name = "fstatfs"
+ fd = $fd
}
probe kernel.syscall.fstatfs.return =
kernel.function("sys_fstatfs").return {
name = "fstatfs.return"
+ fd = $fd
+ /*
+ path = $path
+ buf_f_type = $buf->f_type
+ buf_f_bsize = $buf->f_bsize
+ buf_f_blocks = $buf->f_blocks
+ buf_f_bfree = $buf->f_bfree
+ buf_f_bavail = $buf->f_bavail
+ buf_f_files = $buf->f_files
+ buf_f_ffree = $buf->f_ffree
+ buf_f_fsid = $buf->f_fsid
+ buf_f_namelen = $buf->f_namelen
+ buf_f_frsize = $buf->f_frsize
+ buf_f_spare == __u32 f_spare[5];
+ buf_f_type_str =
+ _statfs_f_type_str($buf->f_type)
+ */
}
# fstatfs64________________________________________
+/* asmlinkage long sys_fstatfs64(unsigned int fd,
+ size_t sz,
+ struct statfs64 __user *buf) */
probe kernel.syscall.fstatfs64 =
kernel.function("sys_fstatfs64") {
name = "fstatfs64"
+ fd = $fd
+ sz = $sz
}
probe kernel.syscall.fstatfs64.return =
kernel.function("sys_fstatfs64").return {
name = "fstatfs64.return"
+ fd = $fd
+ sz = $sz
+ /*
+ path = $path
+ buf_f_type = $buf->f_type
+ buf_f_bsize = $buf->f_bsize
+ buf_f_blocks = $buf->f_blocks
+ buf_f_bfree = $buf->f_bfree
+ buf_f_bavail = $buf->f_bavail
+ buf_f_files = $buf->f_files
+ buf_f_ffree = $buf->f_ffree
+ buf_f_fsid = $buf->f_fsid
+ buf_f_namelen = $buf->f_namelen
+ buf_f_frsize = $buf->f_frsize
+ buf_f_spare == __u32 f_spare[5];
+ buf_f_type_str =
+ _statfs_f_type_str($buf->f_type)
+ */
}
# lstat____________________________________________
+/* asmlinkage long sys_lstat(char __user * filename,
+ struct __old_kernel_stat __user * statbuf) */
probe kernel.syscall.lstat =
kernel.function("sys_lstat") {
name = "lstat"
+ /*
+ file_name = $file_name
+ */
}
probe kernel.syscall.lstat.return =
kernel.function("sys_lstat").return {
name = "lstat.return"
+ /*
+ file_name = $filename
+ buf_f_type = $statbuf->f_type
+ buf_f_bsize = $statbuf->f_bsize
+ buf_f_blocks = $statbuf->f_blocks
+ buf_f_bfree = $statbuf->f_bfree
+ buf_f_bavail = $statbuf->f_bavail
+ buf_f_files = $statbuf->f_files
+ buf_f_ffree = $statbuf->f_ffree
+ buf_f_fsid = $statbuf->f_fsid
+ buf_f_namelen = $statbuf->f_namelen
+ buf_f_frsize = $statbuf->f_frsize
+ buf_f_spare == __u32 f_spare[5];
+ buf_f_type_str =
+ _statfs_f_type_str($statbuf->f_type)
+ */
}
# fstat____________________________________________
+/* asmlinkage long sys_fstat(unsigned int fd,
+ struct __old_kernel_stat __user * statbuf) */
probe kernel.syscall.fstat =
kernel.function("sys_fstat") {
name = "fstat"
+ fd = $fd
}
probe kernel.syscall.fstat.return =
kernel.function("sys_fstat").return {
name = "fstat.return"
+ fd = $fd
+ /*
+ buf_f_type = $statbuf->f_type
+ buf_f_bsize = $statbuf->f_bsize
+ buf_f_blocks = $statbuf->f_blocks
+ buf_f_bfree = $statbuf->f_bfree
+ buf_f_bavail = $statbuf->f_bavail
+ buf_f_files = $statbuf->f_files
+ buf_f_ffree = $statbuf->f_ffree
+ buf_f_fsid = $statbuf->f_fsid
+ buf_f_namelen = $statbuf->f_namelen
+ buf_f_frsize = $statbuf->f_frsize
+ buf_f_spare == __u32 f_spare[5];
+ buf_f_type_str =
+ _statfs_f_type_str($statbuf->f_type)
+ */
}
# newstat__________________________________________
+/* asmlinkage long sys_newstat(char __user * filename,
+ struct stat __user * statbuf) */
probe kernel.syscall.newstat =
kernel.function("sys_newstat") {
name = "newstat"
+ /*
+ filename = $filename
+ */
}
probe kernel.syscall.newstat.return =
kernel.function("sys_newstat").return {
name = "newstat.return"
+ /*
+ filename = $filename
+ buf_f_type = $statbuf->f_type
+ buf_f_bsize = $statbuf->f_bsize
+ buf_f_blocks = $statbuf->f_blocks
+ buf_f_bfree = $statbuf->f_bfree
+ buf_f_bavail = $statbuf->f_bavail
+ buf_f_files = $statbuf->f_files
+ buf_f_ffree = $statbuf->f_ffree
+ buf_f_fsid = $statbuf->f_fsid
+ buf_f_namelen = $statbuf->f_namelen
+ buf_f_frsize = $statbuf->f_frsize
+ buf_f_spare == __u32 f_spare[5];
+ buf_f_type_str =
+ _statfs_f_type_str($statbuf->f_type)
+ */
}
# newlstat_________________________________________
+/* asmlinkage long sys_newlstat(char __user * filename,
+ struct stat __user * statbuf) */
probe kernel.syscall.newlstat =
kernel.function("sys_newlstat") {
name = "newlstat"
+ /*
+ filename = $filename
+ */
}
probe kernel.syscall.newlstat.return =
kernel.function("sys_newlstat").return {
name = "newlstat.return"
+ /*
+ filename = $filename
+ buf_f_type = $statbuf->f_type
+ buf_f_bsize = $statbuf->f_bsize
+ buf_f_blocks = $statbuf->f_blocks
+ buf_f_bfree = $statbuf->f_bfree
+ buf_f_bavail = $statbuf->f_bavail
+ buf_f_files = $statbuf->f_files
+ buf_f_ffree = $statbuf->f_ffree
+ buf_f_fsid = $statbuf->f_fsid
+ buf_f_namelen = $statbuf->f_namelen
+ buf_f_frsize = $statbuf->f_frsize
+ buf_f_spare == __u32 f_spare[5];
+ buf_f_type_str =
+ _statfs_f_type_str($statbuf->f_type)
+ */
}
# newfstat_________________________________________
+/* asmlinkage long sys_newfstat(unsigned int fd,
+ struct stat __user * statbuf) */
probe kernel.syscall.newfstat =
kernel.function("sys_newfstat") {
name = "newfstat"
+ fd = $fd
}
probe kernel.syscall.newfstat.return =
kernel.function("sys_newfstat").return {
name = "newfstat.return"
+ fd = $fd
+ /*
+ buf_f_type = $statbuf->f_type
+ buf_f_bsize = $statbuf->f_bsize
+ buf_f_blocks = $statbuf->f_blocks
+ buf_f_bfree = $statbuf->f_bfree
+ buf_f_bavail = $statbuf->f_bavail
+ buf_f_files = $statbuf->f_files
+ buf_f_ffree = $statbuf->f_ffree
+ buf_f_fsid = $statbuf->f_fsid
+ buf_f_namelen = $statbuf->f_namelen
+ buf_f_frsize = $statbuf->f_frsize
+ buf_f_spare == __u32 f_spare[5];
+ buf_f_type_str =
+ _statfs_f_type_str($statbuf->f_type)
+ */
}
# ustat____________________________________________
+/* asmlinkage long sys_ustat(unsigned dev, struct ustat __user * ubuf) */
probe kernel.syscall.ustat =
kernel.function("sys_ustat") {
name = "ustat"
+ dev = $dev
}
probe kernel.syscall.ustat.return =
kernel.function("sys_ustat").return {
name = "ustat.return"
+ dev = $dev
+ /*
+ ubuf_f_tfree = $ubuf->f_tfree
+ ubuf_f_tinode = $ubuf->f_tinode
+ */
}
# stat64___________________________________________
+/* asmlinkage long sys_stat64(char __user * filename,
+ struct stat64 __user * statbuf) */
probe kernel.syscall.stat64 =
kernel.function("sys_stat64") {
name = "stat64"
+ /*
+ filename = $filename
+ */
}
probe kernel.syscall.stat64.return =
kernel.function("sys_stat64").return {
name = "stat64.return"
+ /*
+ filename = $filename
+ buf_f_type = $statbuf->f_type
+ buf_f_bsize = $statbuf->f_bsize
+ buf_f_blocks = $statbuf->f_blocks
+ buf_f_bfree = $statbuf->f_bfree
+ buf_f_bavail = $statbuf->f_bavail
+ buf_f_files = $statbuf->f_files
+ buf_f_ffree = $statbuf->f_ffree
+ buf_f_fsid = $statbuf->f_fsid
+ buf_f_namelen = $statbuf->f_namelen
+ buf_f_frsize = $statbuf->f_frsize
+ buf_f_spare == __u32 f_spare[5];
+ buf_f_type_str =
+ _statfs_f_type_str($statbuf->f_type)
+ */
}
# fstat64__________________________________________
+/* asmlinkage long sys_fstat64(unsigned long fd,
+ struct stat64 __user * statbuf) */
probe kernel.syscall.fstat64 =
kernel.function("sys_fstat64") {
name = "fstat64"
+ fd = $fd
}
probe kernel.syscall.fstat64.return =
kernel.function("sys_fstat64").return {
name = "fstat64.return"
+ fd = $fd
+ /*
+ buf_f_type = $statbuf->f_type
+ buf_f_bsize = $statbuf->f_bsize
+ buf_f_blocks = $statbuf->f_blocks
+ buf_f_bfree = $statbuf->f_bfree
+ buf_f_bavail = $statbuf->f_bavail
+ buf_f_files = $statbuf->f_files
+ buf_f_ffree = $statbuf->f_ffree
+ buf_f_fsid = $statbuf->f_fsid
+ buf_f_namelen = $statbuf->f_namelen
+ buf_f_frsize = $statbuf->f_frsize
+ buf_f_spare == __u32 f_spare[5];
+ buf_f_type_str =
+ _statfs_f_type_str($statbuf->f_type)
+ */
}
# lstat64__________________________________________
+/* asmlinkage long sys_lstat64(char __user * filename,
+ struct stat64 __user * statbuf) */
probe kernel.syscall.lstat64 =
kernel.function("sys_lstat64") {
name = "lstat64"
+ /*
+ filename = $filename
+ */
}
probe kernel.syscall.lstat64.return =
kernel.function("sys_lstat64").return {
name = "lstat64.return"
+ /*
+ filename = $filename
+ buf_f_type = $statbuf->f_type
+ buf_f_bsize = $statbuf->f_bsize
+ buf_f_blocks = $statbuf->f_blocks
+ buf_f_bfree = $statbuf->f_bfree
+ buf_f_bavail = $statbuf->f_bavail
+ buf_f_files = $statbuf->f_files
+ buf_f_ffree = $statbuf->f_ffree
+ buf_f_fsid = $statbuf->f_fsid
+ buf_f_namelen = $statbuf->f_namelen
+ buf_f_frsize = $statbuf->f_frsize
+ buf_f_spare == __u32 f_spare[5];
+ buf_f_type_str =
+ _statfs_f_type_str($statbuf->f_type)
+ */
}
# truncate64_______________________________________
+/* asmlinkage long sys_truncate64(const char __user * path,
+ loff_t length) */
probe kernel.syscall.truncate64 =
kernel.function("do_sys_truncate") {
name = "truncate64"
+ /*
+ path = $path
+ */
+ length = $length
}
probe kernel.syscall.truncate64.return =
kernel.function("do_sys_truncate").return {
name = "truncate64.return"
+ /*
+ path = $path
+ */
+ length = $length
}
# ftruncate64______________________________________
+/* asmlinkage long sys_ftruncate64(unsigned int fd,
+ loff_t length) */
probe kernel.syscall.ftruncate64 =
kernel.function("do_sys_ftruncate") {
name = "ftruncate64"
+ fd = $fd
+ length = $length
}
probe kernel.syscall.ftruncate64.return =
kernel.function("do_sys_ftruncate").return {
name = "ftruncate64.return"
+ fd = $fd
+ length = $length
}
# setxattr_________________________________________
+/* asmlinkage long
+ sys_setxattr(char __user *path, char __user *name,
+ void __user *value, size_t size, int flags)*/
probe kernel.syscall.setxattr =
kernel.function("sys_setxattr") {
name = "setxattr"
+ /*
+ path = $path
+ name = $name
+ void __user *value
+ */
+ size = $size
+ flags = $flags
}
probe kernel.syscall.setxattr.return =
kernel.function("sys_setxattr").return {
name = "setxattr.return"
+ /*
+ path = $path
+ name = $name
+ void __user *value
+ */
+ size = $size
+ flags = $flags
}
# lsetxattr________________________________________
+/* asmlinkage long
+ sys_lsetxattr(char __user *path, char __user *name,
+ void __user *value, size_t size, int flags) */
probe kernel.syscall.lsetxattr =
kernel.function("sys_lsetxattr") {
name = "lsetxattr"
+ /*
+ path = $path
+ name = $name
+ void __user *value
+ */
+ size = $size
+ flags = $flags
}
probe kernel.syscall.lsetxattr.return =
kernel.function("sys_lsetxattr").return {
name = "lsetxattr.return"
+ /*
+ path = $path
+ name = $name
+ void __user *value
+ */
+ size = $size
+ flags = $flags
}
# fsetxattr________________________________________
+/* asmlinkage long sys_fsetxattr(int fd, char __user *name,
+ void __user *value,
+ size_t size, int flags) */
probe kernel.syscall.fsetxattr =
kernel.function("sys_fsetxattr") {
name = "fsetxattr"
+ fildes = $fd
+ /*
+ name = $name
+ void __user *value
+ */
+ size = $size
+ flags = $flags
}
probe kernel.syscall.fsetxattr.return =
kernel.function("sys_fsetxattr").return {
name = "fsetxattr.return"
+ fildes = $fd
+ /*
+ name = $name
+ void __user *value
+ */
+ size = $size
+ flags = $flags
}
# getxattr_________________________________________
+/* asmlinkage ssize_t sys_getxattr(char __user *path,
+ char __user *name,
+ void __user *value,
+ size_t size) */
probe kernel.syscall.getxattr =
kernel.function("sys_getxattr") {
name = "getxattr"
+ /*
+ path = $path
+ name = $name
+ void __user *value
+ */
+ size = $size
}
probe kernel.syscall.getxattr.return =
@@ -1910,364 +2501,733 @@ probe kernel.syscall.getxattr.return =
name = "getxattr.return"
}
# lgetxattr________________________________________
+/* asmlinkage ssize_t sys_lgetxattr(char __user *path,
+ char __user *name,
+ void __user *value,
+ size_t size) */
probe kernel.syscall.lgetxattr =
kernel.function("sys_lgetxattr") {
name = "lgetxattr"
+ /*
+ path = $path
+ name = $name
+ void __user *value
+ */
+ size = $size
}
probe kernel.syscall.lgetxattr.return =
kernel.function("sys_lgetxattr").return {
name = "lgetxattr.return"
+ /*
+ path = $path
+ name = $name
+ void __user *value
+ */
+ size = $size
}
# fgetxattr________________________________________
+/* asmlinkage ssize_t
+ sys_fgetxattr(int fd, char __user *name,
+ void __user *value, size_t size) */
probe kernel.syscall.fgetxattr =
kernel.function("sys_fgetxattr") {
name = "fgetxattr"
+ fildes = $fd
+ /*
+ path = $name
+ void __user *value
+ */
+ size = $size
}
probe kernel.syscall.fgetxattr.return =
kernel.function("sys_fgetxattr").return {
name = "fgetxattr.return"
+ name = "fgetxattr"
+ fildes = $fd
+ /*
+ path = $name
+ void __user *value
+ */
+ size = $size
}
# listxattr________________________________________
+/* asmlinkage ssize_t
+ sys_listxattr(char __user *path, char __user *list,
+ size_t size) */
probe kernel.syscall.listxattr =
kernel.function("sys_listxattr") {
name = "listxattr"
+ /*
+ path = $path
+ */
+ size = $size
}
probe kernel.syscall.listxattr.return =
kernel.function("sys_listxattr").return {
name = "listxattr.return"
+ /*
+ path = $path
+ char __user *list
+ */
+ size = $size
}
# llistxattr_______________________________________
+/* asmlinkage ssize_t
+ sys_llistxattr(char __user *path, char __user *list,
+ size_t size) */
probe kernel.syscall.llistxattr =
kernel.function("sys_llistxattr") {
name = "llistxattr"
+ /*
+ path = $path
+ */
+ size = $size
}
probe kernel.syscall.llistxattr.return =
kernel.function("sys_llistxattr").return {
name = "llistxattr.return"
+ /*
+ path = $path
+ char __user *list
+ */
+ size = $size
}
# flistxattr_______________________________________
+/* asmlinkage ssize_t
+ sys_flistxattr(int fd, char __user *list, size_t size) */
probe kernel.syscall.flistxattr =
kernel.function("sys_flistxattr") {
name = "flistxattr"
+ fildes = $fd
+ size = $size
}
probe kernel.syscall.flistxattr.return =
kernel.function("sys_flistxattr").return {
name = "flistxattr.return"
+ fildes = $fd
+ /*
+ char __user *list
+ */
+ size = $size
}
# removexattr______________________________________
+/* asmlinkage long
+ sys_removexattr(char __user *path, char __user *name) */
probe kernel.syscall.removexattr =
kernel.function("sys_removexattr") {
name = "removexattr"
+ /*
+ path = $path
+ name = $name
+ */
}
probe kernel.syscall.removexattr.return =
kernel.function("sys_removexattr").return {
name = "removexattr.return"
+ /*
+ path = $path
+ name = $name
+ */
}
# lremovexattr_____________________________________
+/* asmlinkage long
+ sys_lremovexattr(char __user *path, char __user *name) */
probe kernel.syscall.lremovexattr =
kernel.function("sys_lremovexattr") {
name = "lremovexattr"
+ /*
+ path = $path
+ name = $name
+ */
}
probe kernel.syscall.lremovexattr.return =
kernel.function("sys_lremovexattr").return {
name = "lremovexattr.return"
+ /*
+ path = $path
+ name = $name
+ */
}
# fremovexattr_____________________________________
+/* asmlinkage long sys_fremovexattr(int fd,
+ char __user *name) */
probe kernel.syscall.fremovexattr =
kernel.function("sys_fremovexattr") {
name = "fremovexattr"
+ filedes = $fd
+ /*
+ name = $name
+ */
}
probe kernel.syscall.fremovexattr.return =
kernel.function("sys_fremovexattr").return {
name = "fremovexattr.return"
+ filedes = $fd
+ /*
+ name = $name
+ */
}
# brk______________________________________________
+/* asmlinkage unsigned long sys_brk(unsigned long brk) */
probe kernel.syscall.brk =
kernel.function("sys_brk") {
name = "brk"
+ brk = $brk
}
probe kernel.syscall.brk.return =
kernel.function("sys_brk").return {
name = "brk.return"
+ brk = $brk
}
# mprotect_________________________________________
+/* asmlinkage long sys_mprotect(unsigned long start,
+ size_t len,
+ unsigned long prot) */
probe kernel.syscall.mprotect =
kernel.function("sys_mprotect") {
name = "mprotect"
+ addr = $start
+ len = $len
+ prot = $prot
+ prot_str =
+ _mprotect_prot_str($prot)
}
probe kernel.syscall.mprotect.return =
kernel.function("sys_mprotect").return {
name = "mprotect.return"
+ addr = $start
+ len = $len
+ prot = $prot
+ prot_str =
+ _mprotect_prot_str($prot)
}
# mremap___________________________________________
+/* asmlinkage unsigned long sys_mremap(unsigned long addr,
+ unsigned long old_len, unsigned long new_len,
+ unsigned long flags, unsigned long new_addr) */
probe kernel.syscall.mremap =
kernel.function("sys_mremap") {
name = "mremap"
+ old_address = $addr
+ old_size = $old_len
+ new_size = $new_len
+ flags = $flags
+ new_address = $new_addr
}
probe kernel.syscall.mremap.return =
kernel.function("sys_mremap").return {
name = "mremap.return"
+ old_address = $addr
+ old_size = $old_len
+ new_size = $new_len
+ flags = $flags
+ new_address = $new_addr
}
# remap_file_pages_________________________________
+/* asmlinkage long sys_remap_file_pages(unsigned long start,
+ unsigned long size,
+ unsigned long __prot,
+ unsigned long pgoff,
+ unsigned long flags)*/
probe kernel.syscall.remap_file_pages =
kernel.function("sys_remap_file_pages") {
name = "remap_file_pages"
+ start = $start
+ size = $size
+ prot = $__prot
+ pgoff = $pgoff
+ flags = $flags
}
probe kernel.syscall.remap_file_pages.return =
kernel.function("sys_remap_file_pages").return {
name = "remap_file_pages.return"
+ start = $start
+ size = $size
+ prot = $__prot
+ pgoff = $pgoff
+ flags = $flags
}
# msync____________________________________________
+/* asmlinkage long sys_msync(unsigned long start,
+ size_t len,
+ int flags)*/
probe kernel.syscall.msync =
kernel.function("sys_msync") {
name = "msync"
+ start = $start
+ length = $len
+ flags = $flags
+ flags_str = _msync_flag_str($flags)
}
probe kernel.syscall.msync.return =
kernel.function("sys_msync").return {
name = "msync.return"
+ start = $start
+ length = $len
+ flags = $flags
+ flags_str = _msync_flag_str($flags)
}
# fadvise64________________________________________
+/* asmlinkage long sys_fadvise64_64(int fd,
+ loff_t offset,
+ loff_t len,
+ int advice) */
probe kernel.syscall.fadvise64 =
kernel.function("sys_fadvise64_64") {
name = "fadvise64"
+ fs = $fd
+ offset = $offset
+ len = $len
+ advice = $advice
+ /*
+ advice_str =
+ _advise_advice_str($advice)
+ */
}
probe kernel.syscall.fadvise64.return =
kernel.function("sys_fadvise64_64").return {
name = "fadvise64.return"
+ fs = $fd
+ offset = $offset
+ len = $len
+ advice = $advice
+ /*
+ advice_str =
+ _advise_advice_str($advice)
+ */
}
# fadvise64_64_____________________________________
+/* asmlinkage long sys_fadvise64_64(int fd,
+ loff_t offset,
+ loff_t len,
+ int advice) */
probe kernel.syscall.fadvise64_64 =
kernel.function("sys_fadvise64_64") {
name = "fadvise64_64"
+ fs = $fd
+ offset = $offset
+ len = $len
+ advice = $advice
+ /*
+ advice_str =
+ _advise_advice_str($advice)
+ */
}
probe kernel.syscall.fadvise64_64.return =
kernel.function("sys_fadvise64_64").return {
name = "fadvise64_64.return"
+ fs = $fd
+ offset = $offset
+ len = $len
+ advice = $advice
+ /*
+ advice_str =
+ _advise_advice_str($advice)
+ */
}
# munmap___________________________________________
+/* asmlinkage long sys_munmap(unsigned long addr, size_t len) */
probe kernel.syscall.munmap =
kernel.function("sys_munmap") {
name = "munmap"
+ start = $addr
+ length = $len
}
probe kernel.syscall.munmap.return =
kernel.function("sys_munmap").return {
name = "munmap.return"
+ start = $addr
+ length = $len
}
# mlock____________________________________________
+/* asmlinkage long sys_mlock(unsigned long start, size_t len) */
probe kernel.syscall.mlock =
kernel.function("sys_mlock") {
name = "mlock"
+ addr = $start
+ len = $len
}
probe kernel.syscall.mlock.return =
kernel.function("sys_mlock").return {
name = "mlock.return"
+ addr = $start
+ len = $len
}
# munlock__________________________________________
+/* asmlinkage long sys_munlock(unsigned long start, size_t len) */
probe kernel.syscall.munlock =
kernel.function("sys_munlock") {
name = "munlock"
+ addr = $start
+ len = $len
}
probe kernel.syscall.munlock.return =
kernel.function("sys_munlock").return {
name = "munlock.return"
+ addr = $start
+ len = $len
}
# mlockall_________________________________________
+/* asmlinkage long sys_mlockall(int flags) */
probe kernel.syscall.mlockall =
kernel.function("sys_mlockall") {
name = "mlockall"
+ flags = $flags
+ flags_str =
+ _mlockall_flags_str($flags)
}
probe kernel.syscall.mlockall.return =
kernel.function("sys_mlockall").return {
name = "mlockall.return"
+ flags = $flags
+ flags_str =
+ _mlockall_flags_str($flags)
}
# munlockall_______________________________________
+/* smlinkage long sys_mlockall(int flags) */
probe kernel.syscall.munlockall =
kernel.function("sys_munlockall") {
name = "munlockall"
+ flags = $flags
+ flags_str =
+ _mlockall_flags_str($flags)
}
probe kernel.syscall.munlockall.return =
kernel.function("sys_munlockall").return {
name = "munlockall.return"
+ flags = $flags
+ flags_str =
+ _mlockall_flags_str($flags)
}
# madvise__________________________________________
+/* asmlinkage long sys_madvise(unsigned long start,
+ size_t len_in,
+ int behavior) */
probe kernel.syscall.madvise =
kernel.function("sys_madvise") {
name = "madvise"
+ start = $start
+ length = $len_in
+ advice = $behavior
+ advice_str =
+ _madvice_advice_str($behavior)
}
probe kernel.syscall.madvise.return =
kernel.function("sys_madvise").return {
name = "madvise.return"
+ start = $start
+ length = $len_in
+ advice = $behavior
+ advice_str =
+ _madvice_advice_str($behavior)
}
# mincore__________________________________________
+/* asmlinkage long sys_mincore(unsigned long start,
+ size_t len,
+ unsigned char __user * vec) */
probe kernel.syscall.mincore =
kernel.function("sys_mincore") {
name = "mincore"
+ start = $start
+ length = $len
}
probe kernel.syscall.mincore.return =
kernel.function("sys_mincore").return {
name = "mincore.return"
+ start = $start
+ length = $len
+ /*
+ vec = $vec
+ */
}
# pivot_root_______________________________________
+/* asmlinkage long sys_pivot_root(const char __user *new_root,
+ const char __user *put_old) */
probe kernel.syscall.pivot_root =
kernel.function("sys_pivot_root") {
name = "pivot_root"
+ /*
+ new_root = $new_root
+ old_root = $old_root
+ */
}
probe kernel.syscall.pivot_root.return =
kernel.function("sys_pivot_root").return {
name = "pivot_root.return"
+ /*
+ new_root = $new_root
+ old_root = $old_root
+ */
}
# chroot___________________________________________
+/* asmlinkage long sys_chroot(const char __user * filename) */
probe kernel.syscall.chroot =
kernel.function("sys_chroot") {
name = "chroot"
+ /*
+ path = $filename
+ */
}
probe kernel.syscall.chroot.return =
kernel.function("sys_chroot").return {
name = "chroot.return"
+ /*
+ path = $filename
+ */
}
# mknod____________________________________________
+/* asmlinkage long sys_mknod(const char __user * filename,
+ int mode, unsigned dev) */
probe kernel.syscall.mknod =
kernel.function("sys_mknod") {
name = "mknod"
+ /*
+ pathname = $filename
+ */
+ mode = $mode
+ mode_str =
+ _mknod_mode_str($mode)
+ dev = $dev
}
probe kernel.syscall.mknod.return =
kernel.function("sys_mknod").return {
name = "mknod.return"
+ /*
+ pathname = $filename
+ */
+ mode = $mode
+ mode_str =
+ _mknod_mode_str($mode)
+ dev = $dev
}
# link_____________________________________________
+/* asmlinkage long sys_link(const char __user * oldname,
+ const char __user * newname) */
probe kernel.syscall.link =
kernel.function("sys_link") {
name = "link"
+ /*
+ oldpath = $oldname
+ newpath = $newpath
+ */
}
probe kernel.syscall.link.return =
kernel.function("sys_link").return {
name = "link.return"
+ /*
+ oldpath = $oldname
+ newpath = $newpath
+ */
}
# symlink__________________________________________
+/* asmlinkage long sys_symlink(const char __user * oldname,
+ const char __user * newname) */
probe kernel.syscall.symlink =
kernel.function("sys_symlink") {
name = "symlink"
+ /*
+ oldpath = $oldname
+ newpath = $newpath
+ */
}
probe kernel.syscall.symlink.return =
kernel.function("sys_symlink").return {
name = "symlink.return"
+ /*
+ oldpath = $oldname
+ newpath = $newpath
+ */
}
# unlink___________________________________________
+/* asmlinkage long sys_unlink(const char __user * pathname) */
probe kernel.syscall.unlink =
kernel.function("sys_unlink") {
name = "unlink"
+ /*
+ pathname = $pathname
+ */
}
probe kernel.syscall.unlink.return =
kernel.function("sys_unlink").return {
name = "unlink.return"
+ /*
+ pathname = $pathname
+ */
}
# rename___________________________________________
+/* asmlinkage long sys_rename(const char __user * oldname,
+ const char __user * newname) */
probe kernel.syscall.rename =
kernel.function("sys_rename") {
name = "rename"
+ /*
+ oldpath = $oldname
+ newpath = $newname
+ */
}
probe kernel.syscall.rename.return =
kernel.function("sys_rename").return {
name = "rename.return"
+ /*
+ oldpath = $oldname
+ newpath = $newname
+ */
}
# chmod____________________________________________
+/* asmlinkage long sys_chmod(const char __user * filename,
+ mode_t mode) */
probe kernel.syscall.chmod =
kernel.function("sys_chmod") {
name = "chmod"
+ /*
+ path = $filename
+ */
+ mode = $mode
+ mode_str = _sys_open_mode_str($mode)
}
probe kernel.syscall.chmod.return =
kernel.function("sys_chmod").return {
name = "chmod.return"
+ /*
+ path = $filename
+ */
+ mode = $mode
+ mode_str = _sys_open_mode_str($mode)
}
# fchmod___________________________________________
+/* asmlinkage long sys_fchmod(unsigned int fd, mode_t mode) */
probe kernel.syscall.fchmod =
kernel.function("sys_fchmod") {
name = "fchmod"
+ fildes = $fd
+ mode = $mode
+ mode_str = _sys_open_mode_str($mode)
}
probe kernel.syscall.fchmod.return =
kernel.function("sys_fchmod").return {
name = "fchmod.return"
+ fildes = $fd
+ mode = $mode
+ mode_str = _sys_open_mode_str($mode)
}
# fcntl____________________________________________
+/* asmlinkage long sys_fcntl(int fd, unsigned int cmd, unsigned long arg) */
probe kernel.syscall.fcntl =
kernel.function("sys_fcntl") {
name = "fcntl"
+ fd = $fd
+ cmd = $cmd
+ cmd_str = _fcntl_cmd_str($cmd)
+ arg = $arg
}
probe kernel.syscall.fcntl.return =
kernel.function("sys_fcntl").return {
name = "fcntl.return"
+ fd = $fd
+ cmd = $cmd
+ cmd_str = _fcntl_cmd_str($cmd)
+ arg = $arg
}
# fcntl64__________________________________________
+/* asmlinkage long sys_fcntl64(unsigned int fd,
+ unsigned int cmd,
+ unsigned long arg) */
probe kernel.syscall.fcntl64 =
kernel.function("sys_fcntl64") {
name = "fcntl64"
+ fd = $fd
+ cmd = $cmd
+ cmd_str = _fcntl_cmd_str($cmd)
+ arg = $arg
}
probe kernel.syscall.fcntl64.return =
kernel.function("sys_fcntl64").return {
name = "fcntl64.return"
+ fd = $fd
+ cmd = $cmd
+ cmd_str = _fcntl_cmd_str($cmd)
+ arg = $arg
}
# dup______________________________________________
+/* asmlinkage long sys_dup(unsigned int fildes) */
probe kernel.syscall.dup =
kernel.function("sys_dup") {
name = "dup"
+ oldfd = $fildes
}
probe kernel.syscall.dup.return =
kernel.function("sys_dup").return {
name = "dup.return"
+ oldfd = $fildes
}
# dup2_____________________________________________
+/* asmlinkage long sys_dup2(unsigned int oldfd,
+ unsigned int newfd) */
probe kernel.syscall.dup2 =
kernel.function("sys_dup2") {
name = "dup2"
+ oldfd = $oldfd
+ newfd = $newfd
}
probe kernel.syscall.dup2.return =
kernel.function("sys_dup2").return {
name = "dup2.return"
+ oldfd = $oldfd
+ newfd = $newfd
}
# ioperm___________________________________________
+/* asmlinkage long sys_ioperm(unsigned long from,
+ unsigned long num,
+ int turn_on) */
probe kernel.syscall.ioperm =
kernel.function("sys_ioperm") {
name = "ioperm"
+ from = $from
+ num = $num
+ turn_on = $turn_on
}
probe kernel.syscall.ioperm.return =
kernel.function("sys_ioperm").return {
name = "ioperm.return"
+ from = $from
+ num = $num
+ turn_on = $turn_on
}
# ioctl____________________________________________
probe kernel.syscall.ioctl =
@@ -3584,9 +4544,9 @@ probe kernel.syscall.rt_sigaction.return =
/* AUX HELPER FUNCTIONS AUX HELPER FUNCTIONS AUX HELPER FUNCTIONS */
/*
- These functions construct the bitwise-or'd symbolic string
- representation of the f param, based on the function arg.
-*/
+ * These functions construct the bitwise-or'd symbolic string
+ * representation of the f param, based on the function arg.
+ */
/* `man 2 open` for more information */
function _sys_open_flag_str(f) {
@@ -3594,13 +4554,13 @@ function _sys_open_flag_str(f) {
if(f & 4096) bs="O_SYNC|".bs
if(f & 2048) bs="O_NONBLOCK|".bs
if(f & 1024) bs="O_APPEND|".bs
- if(f & 512) bs="O_TRUNC|".bs
- if(f & 256) bs="O_NDCTTY|".bs
- if(f & 128) bs="O_EXCL|".bs
- if(f & 64) bs="O_CREAT|".bs
- if ((f & 3) == 2) bs="O_RDWR|".bs
- else if ((f & 3) == 1) bs="O_WRONLY|".bs
- else if ((f & 3) == 0) bs="O_RDONLY|".bs
+ if(f & 512) bs="O_TRUNC|".bs
+ if(f & 256) bs="O_NDCTTY|".bs
+ if(f & 128) bs="O_EXCL|".bs
+ if(f & 64) bs="O_CREAT|".bs
+ if((f & 3) == 2) bs="O_RDWR|".bs
+ else if((f & 3) == 1) bs="O_WRONLY|".bs
+ else if((f & 3) == 0) bs="O_RDONLY|".bs
return substr(bs,0,strlen(bs)-1)
}
@@ -3608,7 +4568,7 @@ function _sys_open_flag_str(f) {
function _sys_open_mode_str(f) {
if((f & 448) == 448) bs="S_IRWXU|".bs
else {
- if(f & 256) bs="S_IRUSR|".bs
+ if(f & 256) bs="S_IRUSR|".bs
if(f & 128) bs="S_IWUSR|".bs
if(f & 64) bs="S_IXUSR|".bs
}
@@ -3618,14 +4578,30 @@ function _sys_open_mode_str(f) {
if(f & 16) bs="S_IWGRP|".bs
if(f & 8) bs="S_IXGRP|".bs
}
- if ((f & 7) == 7) bs="S_IRWXO|".bs
+ if((f & 7) == 7) bs="S_IRWXO|".bs
else {
- if(f & 4) bs="S_IROTH|".bs
- if(f & 2) bs="S_IWOTH|".bs
- if(f & 1) bs="S_IXOTH|".bs
+ if(f & 4) bs="S_IROTH|".bs
+ if(f & 2) bs="S_IWOTH|".bs
+ if(f & 1) bs="S_IXOTH|".bs
}
return substr(bs,0,strlen(bs)-1)
}
+
+/* `man 2 mknod` for more information */
+function _mknod_mode_str(mode) {
+ if((mode & 0x8000)==0x8000)
+ return "S_IFREG|"._sys_open_mode_str(mode)
+ if((mode & 0x2000)==0x2000)
+ return "S_IFCHR|"._sys_open_mode_str(mode)
+ if((mode & 0x6000)==0x6000)
+ return "S_IFBLK|"._sys_open_mode_str(mode)
+ if((mode & 0x1000)==0x1000)
+ return "S_IFIFO|"._sys_open_mode_str(mode)
+ if((mode & 0xC000)==0xC000)
+ return "S_IFSOCK|"._sys_open_mode_str(mode)
+ return ""
+}
+
/* `man adjtimex` for more information */
function _sys_adjtimex_mode_str(f) {
if((f & 32769) == 32769) bs="ADJ_OFFSET_SINGLESHOT|".bs
@@ -3639,82 +4615,228 @@ function _sys_adjtimex_mode_str(f) {
return substr(bs,0,strlen(bs)-1)
}
+/* `man msync` for more information */
+function _wait4_opt_str(f) {
+ if(f & 4) bs="MS_SYNC|".bs
+ if(f & 2) bs="MS_INVALIDATE|".bs
+ if(f & 1) bs="MS_ASYNC|".bs
+ return substr(bs,0,strlen(bs)-1)
+}
+
+/* `man wait4` for more information */
+function _msync_flag_str(f) {
+ if(f & 0x01000000) bs="WNOWAIT|".bs
+ if(f & 8) bs="WCONTINUED|".bs
+ if(f & 4) bs="WEXITED|".bs
+ if(f & 2) bs="WSTOPPED|".bs
+ if(f & 1) bs="WNOHANG|".bs
+ return substr(bs,0,strlen(bs)-1)
+}
+
+/* `man mlockall` for more information */
+function _mlockall_flags_str(f) {
+ if(f & 2) bs="MCL_CURRENT|".bs
+ if(f & 1) bs="MCL_FUTURE|".bs
+ return substr(bs,0,strlen(bs)-1)
+}
+
+/*
+ * The following functions return the symbolic string
+ * representation of the flag. If the argument doesnt
+ * map to string, an empty string ("") is returned.
+ */
+
+function _module_flags_str(f) {
+ if(f==8192) return "O_ASYNC"
+ if(f==4096) return "O_SYNC"
+ if(f==2048) return "O_NONBLOCK"
+ if(f==1024) return "O_APPEND"
+ if(f==512) return "O_TRUNC"
+ if(f==256) return "O_NDCTTY"
+ if(f==128) return "O_EXCL"
+ if(f==64) return "O_CREAT"
+ if(f==2) return "O_RDWR"
+ if(f==1) return "O_WRONLY"
+ if(f==0) return "O_RDONLY"
+ return ""
+}
+
function _get_wc_str(wc) {
- if (wc==0) return "CLOCK_REALTIME"
- if (wc==1) return "CLOCK_MONOTONIC"
- if (wc==2) return "CLOCK_PROCESS_CPUTIME_ID"
- if (wc==3) return "CLOCK_THREAD_CPUTIME_ID"
- if (wc==4) return "CLOCK_REALTIME_HR"
- if (wc==5) return "CLOCK_MONOTONIC_HR"
- return ""
+ if(wc==0) return "CLOCK_REALTIME"
+ if(wc==1) return "CLOCK_MONOTONIC"
+ if(wc==2) return "CLOCK_PROCESS_CPUTIME_ID"
+ if(wc==3) return "CLOCK_THREAD_CPUTIME_ID"
+ if(wc==4) return "CLOCK_REALTIME_HR"
+ if(wc==5) return "CLOCK_MONOTONIC_HR"
+ return ""
}
function _sigprocmask_how_str(how) {
- if (how==0) return "SIG_BLOCK"
- if (how==1) return "SIG_UNBLOCK"
- if (how==2) return "SIG_SETMASK"
- return ""
+ if(how==0) return "SIG_BLOCK"
+ if(how==1) return "SIG_UNBLOCK"
+ if(how==2) return "SIG_SETMASK"
+ return ""
}
function _itimer_which_str(which) {
- if (which==0) return "ITIMER_REAL"
- if (which==1) return "ITIMER_VIRTUAL"
- if (which==2) return "ITIMER_PROF"
- return ""
+ if(which==0) return "ITIMER_REAL"
+ if(which==1) return "ITIMER_VIRTUAL"
+ if(which==2) return "ITIMER_PROF"
+ return ""
}
function _sched_policy_str(policy) {
- if (policy==0) return "SCHED_OTHER"
- if (policy==1) return "SCHED_FIFO"
- if (policy==2) return "SCHED_RR"
- return ""
+ if(policy==0) return "SCHED_OTHER"
+ if(policy==1) return "SCHED_FIFO"
+ if(policy==2) return "SCHED_RR"
+ return ""
}
function _priority_which_str(which) {
- if(which==0) return "PRIO_PROCESS"
- if(which==1) return "PRIO_PGRP"
- if(which==2) return "PRIO_USER"
- return ""
+ if(which==0) return "PRIO_PROCESS"
+ if(which==1) return "PRIO_PGRP"
+ if(which==2) return "PRIO_USER"
+ return ""
}
function _shutdown_how_str(how) {
- if(how==0) return "SHUT_RD"
- if(how==1) return "SHUT_WR"
- if(how==2) return "SHUT_RDWR"
- return ""
+ if(how==0) return "SHUT_RD"
+ if(how==1) return "SHUT_WR"
+ if(how==2) return "SHUT_RDWR"
+ return ""
}
function _reboot_magic_str(magic) {
- if(magic==0xFEE1DEAD) return "LINUX_REBOOT_MAGIC1"
- if(magic==672274793) return "LINUX_REBOOT_MAGIC2"
- if(magic==85072278) return "LINUX_REBOOT_MAGIC2A"
- if(magic==369367448) return "LINUX_REBOOT_MAGIC2B"
- if(magic==537993216) return "LINUX_REBOOT_MAGIC2C"
- return ""
+ if(magic==0xFEE1DEAD) return "LINUX_REBOOT_MAGIC1"
+ if(magic==672274793) return "LINUX_REBOOT_MAGIC2"
+ if(magic==85072278) return "LINUX_REBOOT_MAGIC2A"
+ if(magic==369367448) return "LINUX_REBOOT_MAGIC2B"
+ if(magic==537993216) return "LINUX_REBOOT_MAGIC2C"
+ return ""
}
function _reboot_flag_str(flag) {
- if(flag==0x01234567) return "LINUX_REBOOT_CMD_RESTART"
- if(flag==0xCDEF0123) return "LINUX_REBOOT_CMD_HALT"
- if(flag==0x4321FEDC) return "LINUX_REBOOT_CMD_POWER_OFF"
- if(flag==0xA1B2C3D4) return "LINUX_REBOOT_CMD_RESTART2"
- if(flag==0x89ABCDEF) return "LINUX_REBOOT_CMD_CAD_ON"
- if(flag==0x00000000) return "LINUX_REBOOT_CMD_CAD_OFF"
- return ""
+ if(flag==0x01234567) return "LINUX_REBOOT_CMD_RESTART"
+ if(flag==0xCDEF0123) return "LINUX_REBOOT_CMD_HALT"
+ if(flag==0x4321FEDC) return "LINUX_REBOOT_CMD_POWER_OFF"
+ if(flag==0xA1B2C3D4) return "LINUX_REBOOT_CMD_RESTART2"
+ if(flag==0x89ABCDEF) return "LINUX_REBOOT_CMD_CAD_ON"
+ if(flag==0x00000000) return "LINUX_REBOOT_CMD_CAD_OFF"
+ return ""
}
function _waitid_which_str(flag) {
- if(flag==0) return "P_ALL"
- if(flag==1) return "P_PID"
- if(flag==2) return "P_PGID"
- return ""
+ if(flag==0) return "P_ALL"
+ if(flag==1) return "P_PID"
+ if(flag==2) return "P_PGID"
+ return ""
}
-function _wait4_opt_str(f) {
- if(f & 0x01000000) bs="WNOWAIT|".bs
- if(f & 8) bs="WCONTINUED|".bs
- if(f & 4) bs="WEXITED|".bs
- if(f & 2) bs="WSTOPPED|".bs
- if(f & 1) bs="WNOHANG|".bs
- return substr(bs,0,strlen(bs)-1)
+function _futex_op_str(op) {
+ if(op==0) return "FUTEX_WAIT"
+ if(op==1) return "FUTEX_WAKE"
+ if(op==2) return "FUTEX_FD"
+ if(op==3) return "FUTEX_REQUEUE"
+ if(op==4) return "FUTEX_CMP_REQUEUE"
+ return ""
+}
+
+function _mountflags_str(op) {
+ if(op==1) return "MS_RDONLY"
+ if(op==2) return "MS_NOSUID"
+ if(op==4) return "MS_NODEV"
+ if(op==8) return "MS_NOEXEC"
+ if(op==16) return "MS_SYNCHRONOUS"
+ if(op==32) return "MS_REMOUNT"
+ if(op==64) return "MS_MANDLOCK"
+ if(op==128) return "S_WRITE"
+ if(op==256) return "S_APPEND"
+ if(op==512) return "S_IMMUTABLE"
+ if(op==1024) return "MS_NOATIME"
+ if(op==2048) return "MS_NODIRATIME"
+ if(op==4096) return "MS_BIND"
+ return ""
+}
+
+function _statfs_f_type_str(f) {
+ if(f==0xadf5) return "ADFS_SUPER_MAGIC"
+ if(f==0xADFF) return "AFFS_SUPER_MAGIC"
+ if(f==0x42465331) return "BEFS_SUPER_MAGIC"
+ if(f==0x1BADFACE) return "BFS_MAGIC"
+ if(f==0xFF534D42) return "CIFS_MAGIC_NUMBER"
+ if(f==0x73757245) return "CODA_SUPER_MAGIC"
+ if(f==0x012FF7B7) return "COH_SUPER_MAGIC"
+ if(f==0x28cd3d45) return "CRAMFS_MAGIC"
+ if(f==0x1373) return "DEVFS_SUPER_MAGIC"
+ if(f==0x00414A53) return "EFS_SUPER_MAGIC"
+ if(f==0x137D) return "EXT_SUPER_MAGIC"
+ if(f==0xEF51) return "EXT2_OLD_SUPER_MAGIC"
+ if(f==0xEF53) return "EXT2_SUPER_MAGIC"
+ if(f==0xEF53) return "EXT3_SUPER_MAGIC"
+ if(f==0x4244) return "HFS_SUPER_MAGIC"
+ if(f==0xF995E849) return "HPFS_SUPER_MAGIC"
+ if(f==0x958458f6) return "HUGETLBFS_MAGIC"
+ if(f==0x9660) return "ISOFS_SUPER_MAGIC"
+ if(f==0x72b6) return "JFFS2_SUPER_MAGIC"
+ if(f==0x3153464a) return "JFS_SUPER_MAGIC"
+ if(f==0x137F) return "MINIX_SUPER_MAGIC"
+ if(f==0x138F) return "MINIX_SUPER_MAGIC2"
+ if(f==0x2468) return "MINIX2_SUPER_MAGIC"
+ if(f==0x2478) return "MINIX2_SUPER_MAGIC2"
+ if(f==0x4d44) return "MSDOS_SUPER_MAGIC"
+ if(f==0x564c) return "NCP_SUPER_MAGIC"
+ if(f==0x6969) return "NFS_SUPER_MAGIC"
+ if(f==0x5346544e) return "NTFS_SB_MAGIC"
+ if(f==0x9fa1) return "OPENPROM_SUPER_MAGIC"
+ if(f==0x9fa0) return "PROC_SUPER_MAGIC"
+ if(f==0x002f) return "QNX4_SUPER_MAGIC"
+ if(f==0x52654973) return "REISERFS_SUPER_MAGIC"
+ if(f==0x7275) return "ROMFS_MAGIC"
+ if(f==0x517B) return "SMB_SUPER_MAGIC"
+ if(f==0x012FF7B6) return "SYSV2_SUPER_MAGIC"
+ if(f==0x012FF7B5) return "SYSV4_SUPER_MAGIC"
+ if(f==0x01021994) return "TMPFS_MAGIC"
+ if(f==0x15013346) return "UDF_SUPER_MAGIC"
+ if(f==0x00011954) return "UFS_MAGIC"
+ if(f==0x9fa2) return "USBDEVICE_SUPER_MAGIC"
+ if(f==0xa501FCF5) return "VXFS_SUPER_MAGIC"
+ if(f==0x012FF7B4) return "XENIX_SUPER_MAGIC"
+ if(f==0x58465342) return "XFS_SUPER_MAGIC"
+ if(f==0x012FD16D) return "_XIAFS_SUPER_MAGIC"
+ return ""
+}
+
+function _mprotect_prot_str(prot) {
+ if(prot==0x00000000) return "PROT_NONE"
+ if(prot==0x00000001) return "PROT_READ"
+ if(prot==0x00000002) return "PROT_WRITE"
+ if(prot==0x00000004) return "PROT_EXEC"
+ return ""
+}
+
+function _madvice_advice_str(behavior) {
+ if(behavior==0x00000000) return "MADV_NORMAL"
+ if(behavior==0x00000001) return "MADV_RANDOM"
+ if(behavior==0x00000002) return "MADV_SEQUENTIAL"
+ if(behavior==0x00000003) return "MADV_WILLNEED"
+ if(behavior==0x00000004) return "MADV_DONTNEED"
+ return ""
+}
+
+function _fcntl_cmd_str(cmd) {
+ if(cmd==0x00000000) return "F_DUPFD"
+ if(cmd==0x00000001) return "F_GETFD"
+ if(cmd==0x00000002) return "F_SETFD"
+ if(cmd==0x00000003) return "F_GETFL"
+ if(cmd==0x00000004) return "F_SETFL"
+ if(cmd==0x00000005) return "F_GETLK"
+ if(cmd==0x00000006) return "F_SETLK"
+ if(cmd==0x00000007) return "F_SETLKW"
+ if(cmd==0x00000008) return "F_SETOWN"
+ if(cmd==0x00000009) return "F_GETOWN"
+ if(cmd==0x0000000A) return "F_SETSIG"
+ if(cmd==0x0000000B) return "F_GETLK64"
+ if(cmd==0x0000000C) return "F_SETLK64"
+ if(cmd==0x0000000D) return "F_SETLKW64"
+ return ""
}
generated by cgit (git 2.34.1) at 2025-08-05 11:08:17 +0000