From bec8cf694b0cd89dfa3d082e611326d7bcfad884 Mon Sep 17 00:00:00 2001 From: David Smith Date: Mon, 1 Jun 2009 12:20:08 -0500 Subject: Avoid holding semaphore while making mmap callbacks. * runtime/task_finder.c (__stp_call_mmap_callbacks_for_task): Grabs the 'mmap_sem' sempaphore. Caches vma information, releases the semaphore, then makes mmap callbacks. (__stp_utrace_task_finder_target_quiesce): Calls __stp_call_mmap_callbacks_for_task() to make mmap callbacks on initial attach to a task. --- runtime/task_finder.c | 182 +++++++++++++++++++++++++++++++++++--------------- 1 file changed, 130 insertions(+), 52 deletions(-) diff --git a/runtime/task_finder.c b/runtime/task_finder.c index b35192a2..dab56170 100644 --- a/runtime/task_finder.c +++ b/runtime/task_finder.c @@ -983,6 +983,135 @@ __stp_utrace_task_finder_target_death(struct utrace_attached_engine *engine, return UTRACE_DETACH; } +static void +__stp_call_mmap_callbacks_for_task(struct stap_task_finder_target *tgt, + struct task_struct *tsk) +{ + struct mm_struct *mm; + char *mmpath_buf; + char *mmpath; + struct vm_area_struct *vma; + int file_based_vmas = 0; + struct vma_cache_t { +#ifdef STAPCONF_DPATH_PATH + struct path *f_path; +#else + struct dentry *f_dentry; + struct vfsmount *f_vfsmnt; +#endif + unsigned long addr; + unsigned long length; + unsigned long offset; + unsigned long vm_flags; + }; + struct vma_cache_t *vma_cache = NULL; + struct vma_cache_t *vma_cache_p; + + /* Call the mmap_callback for every vma associated with + * a file. */ + mm = get_task_mm(tsk); + if (! mm) + return; + + // Allocate space for a path + mmpath_buf = _stp_kmalloc(PATH_MAX); + if (mmpath_buf == NULL) { + mmput(mm); + _stp_error("Unable to allocate space for path"); + return; + } + + down_read(&mm->mmap_sem); + + // First find the number of file-based vmas. + vma = mm->mmap; + while (vma) { + if (vma->vm_file) + file_based_vmas++; + vma = vma->vm_next; + } + + // Now allocate an array to cache vma information in. + if (file_based_vmas > 0) + vma_cache = _stp_kmalloc(sizeof(struct vma_cache_t) + * file_based_vmas); + if (vma_cache != NULL) { + // Loop through the vmas again, and cache needed information. + vma = mm->mmap; + vma_cache_p = vma_cache; + while (vma) { + if (vma->vm_file) { +#ifdef STAPCONF_DPATH_PATH + // Notice we're increasing the reference + // count for 'f_path'. This way it won't + // get deleted from out under us. + vma_cache_p->f_path = &(vma->vm_file->f_path); + path_get(vma_cache_p->f_path); +#else + // Notice we're increasing the reference + // count for 'f_dentry' and 'f_vfsmnt'. + // This way they won't get deleted from + // out under us. + vma_cache_p->f_dentry = vma->vm_file->f_dentry; + dget(vma_cache_p->f_path); + vma_cache_p->f_vfsmnt = vma->vm_file->f_vfsmnt; + mntget(vma_cache_p->f_vfsmnt); +#endif + vma_cache_p->addr = vma->vm_start; + vma_cache_p->length = vma->vm_end - vma->vm_start; + vma_cache_p->offset = (vma->vm_pgoff << PAGE_SHIFT); + vma_cache_p->vm_flags = vma->vm_flags; + vma_cache_p++; + } + vma = vma->vm_next; + } + } + + // At this point, we're done with the vmas (assuming we found + // any). We can't hold the 'mmap_sem' semaphore while making + // callbacks. + up_read(&mm->mmap_sem); + + if (vma_cache) { + int i; + + // Loop over our cached information and make callbacks + // based on it. + vma_cache_p = vma_cache; + for (i = 0; i < file_based_vmas; i++) { +#ifdef STAPCONF_DPATH_PATH + mmpath = d_path(vma_cache_p->f_path, mmpath_buf, + PATH_MAX); + path_put(vma_cache_p->f_path); +#else + mmpath = d_path(vma_cache_p->f_dentry, + vma_cache_p->f_vfsmnt, mmpath_buf, + PATH_MAX); + dput(vma_cache_p->f_dentry); + mntput(vma_cache_p->f_vfsmnt); +#endif + if (mmpath == NULL || IS_ERR(mmpath)) { + long err = ((mmpath == NULL) ? 0 + : -PTR_ERR(mmpath)); + _stp_error("Unable to get path (error %ld) for pid %d", + err, (int)tsk->pid); + } + else { + __stp_call_mmap_callbacks(tgt, tsk, mmpath, + vma_cache_p->addr, + vma_cache_p->length, + vma_cache_p->offset, + vma_cache_p->vm_flags); + } + vma_cache_p++; + } + _stp_kfree(vma_cache); + } + + mmput(mm); /* We're done with mm */ + _stp_kfree(mmpath_buf); +} + #ifdef UTRACE_ORIG_VERSION static u32 __stp_utrace_task_finder_target_quiesce(struct utrace_attached_engine *engine, @@ -1043,60 +1172,9 @@ __stp_utrace_task_finder_target_quiesce(enum utrace_resume_action action, don't bother inform map callback clients about its memory map, since they will simply duplicate each other. */ if (tgt->mmap_events == 1 && tsk->tgid == tsk->pid) { - struct mm_struct *mm; - char *mmpath_buf; - char *mmpath; - struct vm_area_struct *vma; - int rc; - - /* Call the mmap_callback for every vma associated with - * a file. */ - mm = get_task_mm(tsk); - if (! mm) - goto utftq_out; - - // Allocate space for a path - mmpath_buf = _stp_kmalloc(PATH_MAX); - if (mmpath_buf == NULL) { - mmput(mm); - _stp_error("Unable to allocate space for path"); - goto utftq_out; - } - - down_read(&mm->mmap_sem); - vma = mm->mmap; - while (vma) { - if (vma->vm_file) { -#ifdef STAPCONF_DPATH_PATH - mmpath = d_path(&(vma->vm_file->f_path), - mmpath_buf, PATH_MAX); -#else - mmpath = d_path(vma->vm_file->f_dentry, - vma->vm_file->f_vfsmnt, - mmpath_buf, PATH_MAX); -#endif - if (mmpath) { - __stp_call_mmap_callbacks(tgt, tsk, - mmpath, - vma->vm_start, - vma->vm_end - vma->vm_start, - (vma->vm_pgoff - << PAGE_SHIFT), - vma->vm_flags); - } - else { - _stp_dbug(__FUNCTION__, __LINE__, - "no mmpath?\n"); - } - } - vma = vma->vm_next; - } - up_read(&mm->mmap_sem); - mmput(mm); /* We're done with mm */ - _stp_kfree(mmpath_buf); + __stp_call_mmap_callbacks_for_task(tgt, tsk); } -utftq_out: __stp_tf_handler_end(); return UTRACE_RESUME; } -- cgit From 63a92162205f7c0b6adfef9d91a58806aa33f606 Mon Sep 17 00:00:00 2001 From: David Smith Date: Mon, 1 Jun 2009 13:25:44 -0500 Subject: Better sdt.exp test cleanup. * testsuite/systemtap.base/sdt.exp: Better cleanup. --- testsuite/systemtap.base/sdt.exp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/testsuite/systemtap.base/sdt.exp b/testsuite/systemtap.base/sdt.exp index c3aed91e..d24093e0 100644 --- a/testsuite/systemtap.base/sdt.exp +++ b/testsuite/systemtap.base/sdt.exp @@ -41,6 +41,7 @@ if {[installtest_p] && [utrace_p]} { } else { untested "$test $extra_flag" } +catch {exec rm -f $testprog} # C++ set testprog "sdt.cxx.exe.$i" @@ -66,5 +67,5 @@ if {[installtest_p] && [utrace_p]} { } else { untested "$test c++ $extra_flag" } +catch {exec rm -f $testprog} } - -- cgit From 209dd533fc8de83015d7e83d0426a1cb956ff9fc Mon Sep 17 00:00:00 2001 From: William Cohen Date: Mon, 1 Jun 2009 14:45:22 -0400 Subject: Add debuginfo-install suggestion for kernel probing. --- dwflpp.cxx | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/dwflpp.cxx b/dwflpp.cxx index d05bdb97..f3429118 100644 --- a/dwflpp.cxx +++ b/dwflpp.cxx @@ -299,11 +299,17 @@ dwflpp::setup_kernel(bool debuginfo_needed) elfutils_kernel_path.c_str(), &dwfl_report_offline_predicate); - if (debuginfo_needed) + if (debuginfo_needed) { + if (rc) { + // Suggest a likely kernel dir to find debuginfo rpm for + string dir = string("/lib/modules/" + sess.kernel_release ); + find_debug_rpms(sess, dir.c_str()); + } dwfl_assert (string("missing ") + sess.architecture + string(" kernel/module debuginfo under '") + sess.kernel_build_tree + string("'"), rc); + } // XXX: it would be nice if we could do a single // ..._report_offline call for an entire systemtap script, so -- cgit From 276465828851648edc5b56f762a0d100051c9e32 Mon Sep 17 00:00:00 2001 From: Josh Stone Date: Mon, 1 Jun 2009 18:47:30 -0700 Subject: Move the blacklist functions into dwflpp For a call like "stap -l 'syscall.*'", I found that ~10% of the time was spent compiling the blacklist regexps over again for each probe point. By moving this functionality into the kernel dwflpp instance, we can reuse the regexps and get an easy speed boost. --- dwflpp.cxx | 291 ++++++++++++++++++++++++++++++++++++++++++++++++++++- dwflpp.h | 21 ++++ tapsets.cxx | 324 +----------------------------------------------------------- 3 files changed, 315 insertions(+), 321 deletions(-) diff --git a/dwflpp.cxx b/dwflpp.cxx index d05bdb97..52981d3f 100644 --- a/dwflpp.cxx +++ b/dwflpp.cxx @@ -66,7 +66,7 @@ static string TOK_KERNEL("kernel"); dwflpp::dwflpp(systemtap_session & session, const string& user_module): sess(session), module(NULL), module_bias(0), mod_info(NULL), module_start(0), module_end(0), cu(NULL), dwfl(NULL), - module_dwarf(NULL), function(NULL) + module_dwarf(NULL), function(NULL), blacklist_enabled(false) { if (user_module.empty()) setup_kernel(); @@ -322,6 +322,8 @@ dwflpp::setup_kernel(bool debuginfo_needed) // run time. See the dwarf_derived_probe ctor and its caller. dwfl_assert ("dwfl_report_end", dwfl_report_end(dwfl, NULL, NULL)); + + build_blacklist(); } @@ -2094,4 +2096,291 @@ dwflpp::literal_stmt_for_pointer (Dwarf_Die *type_die, } +static bool +in_kprobes_function(systemtap_session& sess, Dwarf_Addr addr) +{ + if (sess.sym_kprobes_text_start != 0 && sess.sym_kprobes_text_end != 0) + { + // If the probe point address is anywhere in the __kprobes + // address range, we can't use this probe point. + if (addr >= sess.sym_kprobes_text_start && addr < sess.sym_kprobes_text_end) + return true; + } + return false; +} + + +bool +dwflpp::blacklisted_p(const string& funcname, + const string& filename, + int, + const string& module, + const string& section, + Dwarf_Addr addr, + bool has_return) +{ + if (!blacklist_enabled) + return false; // no blacklist for userspace + + if (section.substr(0, 6) == string(".init.") || + section.substr(0, 6) == string(".exit.") || + section.substr(0, 9) == string(".devinit.") || + section.substr(0, 9) == string(".devexit.") || + section.substr(0, 9) == string(".cpuinit.") || + section.substr(0, 9) == string(".cpuexit.") || + section.substr(0, 9) == string(".meminit.") || + section.substr(0, 9) == string(".memexit.")) + { + // NB: module .exit. routines could be probed in theory: + // if the exit handler in "struct module" is diverted, + // first inserting the kprobes + // then allowing the exit code to run + // then removing these kprobes + if (sess.verbose>1) + clog << " skipping - init/exit"; + return true; + } + + // Check for function marked '__kprobes'. + if (module == TOK_KERNEL && in_kprobes_function(sess, addr)) + { + if (sess.verbose>1) + clog << " skipping - __kprobes"; + return true; + } + + // Check probe point against blacklist. + int goodfn = regexec (&blacklist_func, funcname.c_str(), 0, NULL, 0); + if (has_return) + goodfn = goodfn && regexec (&blacklist_func_ret, funcname.c_str(), 0, NULL, 0); + int goodfile = regexec (&blacklist_file, filename.c_str(), 0, NULL, 0); + + if (! (goodfn && goodfile)) + { + if (sess.guru_mode) + { + if (sess.verbose>1) + clog << " guru mode enabled - ignoring blacklist"; + } + else + { + if (sess.verbose>1) + clog << " skipping - blacklisted"; + return true; + } + } + + // This probe point is not blacklisted. + return false; +} + + +void +dwflpp::build_blacklist() +{ + // We build up the regexps in these strings + + // Add ^ anchors at the front; $ will be added just before regcomp. + + string blfn = "^("; + string blfn_ret = "^("; + string blfile = "^("; + + blfile += "kernel/kprobes.c"; // first alternative, no "|" + blfile += "|arch/.*/kernel/kprobes.c"; + // Older kernels need ... + blfile += "|include/asm/io.h"; + blfile += "|include/asm/bitops.h"; + // While newer ones need ... + blfile += "|arch/.*/include/asm/io.h"; + blfile += "|arch/.*/include/asm/bitops.h"; + blfile += "|drivers/ide/ide-iops.c"; + + // XXX: it would be nice if these blacklisted functions were pulled + // in dynamically, instead of being statically defined here. + // Perhaps it could be populated from script files. A "noprobe + // kernel.function("...")" construct might do the trick. + + // Most of these are marked __kprobes in newer kernels. We list + // them here (anyway) so the translator can block them on older + // kernels that don't have the __kprobes function decorator. This + // also allows detection of problems at translate- rather than + // run-time. + + blfn += "atomic_notifier_call_chain"; // first blfn; no "|" + blfn += "|default_do_nmi"; + blfn += "|__die"; + blfn += "|die_nmi"; + blfn += "|do_debug"; + blfn += "|do_general_protection"; + blfn += "|do_int3"; + blfn += "|do_IRQ"; + blfn += "|do_page_fault"; + blfn += "|do_sparc64_fault"; + blfn += "|do_trap"; + blfn += "|dummy_nmi_callback"; + blfn += "|flush_icache_range"; + blfn += "|ia64_bad_break"; + blfn += "|ia64_do_page_fault"; + blfn += "|ia64_fault"; + blfn += "|io_check_error"; + blfn += "|mem_parity_error"; + blfn += "|nmi_watchdog_tick"; + blfn += "|notifier_call_chain"; + blfn += "|oops_begin"; + blfn += "|oops_end"; + blfn += "|program_check_exception"; + blfn += "|single_step_exception"; + blfn += "|sync_regs"; + blfn += "|unhandled_fault"; + blfn += "|unknown_nmi_error"; + + // Lots of locks + blfn += "|.*raw_.*lock.*"; + blfn += "|.*read_.*lock.*"; + blfn += "|.*write_.*lock.*"; + blfn += "|.*spin_.*lock.*"; + blfn += "|.*rwlock_.*lock.*"; + blfn += "|.*rwsem_.*lock.*"; + blfn += "|.*mutex_.*lock.*"; + blfn += "|raw_.*"; + blfn += "|.*seq_.*lock.*"; + + // atomic functions + blfn += "|atomic_.*"; + blfn += "|atomic64_.*"; + + // few other problematic cases + blfn += "|get_bh"; + blfn += "|put_bh"; + + // Experimental + blfn += "|.*apic.*|.*APIC.*"; + blfn += "|.*softirq.*"; + blfn += "|.*IRQ.*"; + blfn += "|.*_intr.*"; + blfn += "|__delay"; + blfn += "|.*kernel_text.*"; + blfn += "|get_current"; + blfn += "|current_.*"; + blfn += "|.*exception_tables.*"; + blfn += "|.*setup_rt_frame.*"; + + // PR 5759, CONFIG_PREEMPT kernels + blfn += "|.*preempt_count.*"; + blfn += "|preempt_schedule"; + + // These functions don't return, so return probes would never be recovered + blfn_ret += "do_exit"; // no "|" + blfn_ret += "|sys_exit"; + blfn_ret += "|sys_exit_group"; + + // __switch_to changes "current" on x86_64 and i686, so return probes + // would cause kernel panic, and it is marked as "__kprobes" on x86_64 + if (sess.architecture == "x86_64") + blfn += "|__switch_to"; + if (sess.architecture == "i686") + blfn_ret += "|__switch_to"; + + blfn += ")$"; + blfn_ret += ")$"; + blfile += ")$"; + + if (sess.verbose > 2) + { + clog << "blacklist regexps:" << endl; + clog << "blfn: " << blfn << endl; + clog << "blfn_ret: " << blfn_ret << endl; + clog << "blfile: " << blfile << endl; + } + + int rc = regcomp (& blacklist_func, blfn.c_str(), REG_NOSUB|REG_EXTENDED); + if (rc) throw semantic_error ("blacklist_func regcomp failed"); + rc = regcomp (& blacklist_func_ret, blfn_ret.c_str(), REG_NOSUB|REG_EXTENDED); + if (rc) throw semantic_error ("blacklist_func_ret regcomp failed"); + rc = regcomp (& blacklist_file, blfile.c_str(), REG_NOSUB|REG_EXTENDED); + if (rc) throw semantic_error ("blacklist_file regcomp failed"); + + blacklist_enabled = true; +} + + +string +dwflpp::get_blacklist_section(Dwarf_Addr addr) +{ + string blacklist_section; + Dwarf_Addr bias; + // We prefer dwfl_module_getdwarf to dwfl_module_getelf here, + // because dwfl_module_getelf can force costly section relocations + // we don't really need, while either will do for this purpose. + Elf* elf = (dwarf_getelf (dwfl_module_getdwarf (module, &bias)) + ?: dwfl_module_getelf (module, &bias)); + + Dwarf_Addr offset = addr - bias; + if (elf) + { + Elf_Scn* scn = 0; + size_t shstrndx; + dwfl_assert ("getshstrndx", elf_getshstrndx (elf, &shstrndx)); + while ((scn = elf_nextscn (elf, scn)) != NULL) + { + GElf_Shdr shdr_mem; + GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem); + if (! shdr) + continue; // XXX error? + + if (!(shdr->sh_flags & SHF_ALLOC)) + continue; + + GElf_Addr start = shdr->sh_addr; + GElf_Addr end = start + shdr->sh_size; + if (! (offset >= start && offset < end)) + continue; + + blacklist_section = elf_strptr (elf, shstrndx, shdr->sh_name); + break; + } + } + return blacklist_section; +} + + +Dwarf_Addr +dwflpp::relocate_address(Dwarf_Addr addr, + string& reloc_section, + string& blacklist_section) +{ + Dwarf_Addr reloc_addr = addr; + if (!module) + { + assert(module_name == TOK_KERNEL); + reloc_section = ""; + blacklist_section = ""; + } + else if (dwfl_module_relocations (module) > 0) + { + // This is a relocatable module; libdwfl already knows its + // sections, so we can relativize addr. + int idx = dwfl_module_relocate_address (module, &reloc_addr); + const char* r_s = dwfl_module_relocation_info (module, idx, NULL); + if (r_s) + reloc_section = r_s; + blacklist_section = reloc_section; + + if (reloc_section == "" && dwfl_module_relocations (module) == 1) + { + blacklist_section = get_blacklist_section(addr); + reloc_section = ".dynamic"; + reloc_addr = addr; + } + } + else + { + blacklist_section = get_blacklist_section(addr); + reloc_section = ".absolute"; + } + return reloc_addr; +} + + /* vim: set sw=2 ts=8 cino=>4,n-2,{2,^-2,t0,(0,u0,w1,M1 : */ diff --git a/dwflpp.h b/dwflpp.h index 042b37a9..554e02d4 100644 --- a/dwflpp.h +++ b/dwflpp.h @@ -25,6 +25,7 @@ extern "C" { #include +#include } @@ -268,6 +269,19 @@ struct dwflpp bool lvalue, exp_type & ty); + bool blacklisted_p(const std::string& funcname, + const std::string& filename, + int line, + const std::string& module, + const std::string& section, + Dwarf_Addr addr, + bool has_return); + + Dwarf_Addr relocate_address(Dwarf_Addr addr, + std::string& reloc_section, + std::string& blacklist_section); + + private: Dwfl * dwfl; @@ -361,6 +375,13 @@ private: std::string express_as_string (std::string prelude, std::string postlude, struct location *head); + + regex_t blacklist_func; // function/statement probes + regex_t blacklist_func_ret; // only for .return probes + regex_t blacklist_file; // file name + bool blacklist_enabled; + void build_blacklist(); + std::string get_blacklist_section(Dwarf_Addr addr); }; #endif // DWFLPP_H diff --git a/tapsets.cxx b/tapsets.cxx index e88928dc..f83924ab 100644 --- a/tapsets.cxx +++ b/tapsets.cxx @@ -43,7 +43,6 @@ extern "C" { #include #include #include -#include #include #include #include @@ -550,19 +549,6 @@ struct dwarf_query : public base_query int line, Dwarf_Die *scope_die, Dwarf_Addr addr); - string get_blacklist_section(Dwarf_Addr addr); - - regex_t blacklist_func; // function/statement probes - regex_t blacklist_func_ret; // only for .return probes - regex_t blacklist_file; // file name - void build_blacklist(); - - bool blacklisted_p(const string& funcname, - const string& filename, - int line, - const string& module, - const string& section, - Dwarf_Addr addr); // Extracted parameters. string function_val; @@ -705,7 +691,6 @@ dwarf_query::dwarf_query(systemtap_session & sess, else if (has_statement_str) spec_type = parse_function_spec(statement_str_val); - build_blacklist(); // XXX: why not reuse amongst dwarf_query instances? dbinfo_reqt = assess_dbinfo_reqt(); query_done = false; } @@ -872,138 +857,6 @@ dwarf_query::handle_query_module() } -void -dwarf_query::build_blacklist() -{ - // No blacklist for userspace. - if (has_process) - return; - - // We build up the regexps in these strings - - // Add ^ anchors at the front; $ will be added just before regcomp. - - string blfn = "^("; - string blfn_ret = "^("; - string blfile = "^("; - - blfile += "kernel/kprobes.c"; // first alternative, no "|" - blfile += "|arch/.*/kernel/kprobes.c"; - // Older kernels need ... - blfile += "|include/asm/io.h"; - blfile += "|include/asm/bitops.h"; - // While newer ones need ... - blfile += "|arch/.*/include/asm/io.h"; - blfile += "|arch/.*/include/asm/bitops.h"; - blfile += "|drivers/ide/ide-iops.c"; - - // XXX: it would be nice if these blacklisted functions were pulled - // in dynamically, instead of being statically defined here. - // Perhaps it could be populated from script files. A "noprobe - // kernel.function("...")" construct might do the trick. - - // Most of these are marked __kprobes in newer kernels. We list - // them here (anyway) so the translator can block them on older - // kernels that don't have the __kprobes function decorator. This - // also allows detection of problems at translate- rather than - // run-time. - - blfn += "atomic_notifier_call_chain"; // first blfn; no "|" - blfn += "|default_do_nmi"; - blfn += "|__die"; - blfn += "|die_nmi"; - blfn += "|do_debug"; - blfn += "|do_general_protection"; - blfn += "|do_int3"; - blfn += "|do_IRQ"; - blfn += "|do_page_fault"; - blfn += "|do_sparc64_fault"; - blfn += "|do_trap"; - blfn += "|dummy_nmi_callback"; - blfn += "|flush_icache_range"; - blfn += "|ia64_bad_break"; - blfn += "|ia64_do_page_fault"; - blfn += "|ia64_fault"; - blfn += "|io_check_error"; - blfn += "|mem_parity_error"; - blfn += "|nmi_watchdog_tick"; - blfn += "|notifier_call_chain"; - blfn += "|oops_begin"; - blfn += "|oops_end"; - blfn += "|program_check_exception"; - blfn += "|single_step_exception"; - blfn += "|sync_regs"; - blfn += "|unhandled_fault"; - blfn += "|unknown_nmi_error"; - - // Lots of locks - blfn += "|.*raw_.*lock.*"; - blfn += "|.*read_.*lock.*"; - blfn += "|.*write_.*lock.*"; - blfn += "|.*spin_.*lock.*"; - blfn += "|.*rwlock_.*lock.*"; - blfn += "|.*rwsem_.*lock.*"; - blfn += "|.*mutex_.*lock.*"; - blfn += "|raw_.*"; - blfn += "|.*seq_.*lock.*"; - - // atomic functions - blfn += "|atomic_.*"; - blfn += "|atomic64_.*"; - - // few other problematic cases - blfn += "|get_bh"; - blfn += "|put_bh"; - - // Experimental - blfn += "|.*apic.*|.*APIC.*"; - blfn += "|.*softirq.*"; - blfn += "|.*IRQ.*"; - blfn += "|.*_intr.*"; - blfn += "|__delay"; - blfn += "|.*kernel_text.*"; - blfn += "|get_current"; - blfn += "|current_.*"; - blfn += "|.*exception_tables.*"; - blfn += "|.*setup_rt_frame.*"; - - // PR 5759, CONFIG_PREEMPT kernels - blfn += "|.*preempt_count.*"; - blfn += "|preempt_schedule"; - - // These functions don't return, so return probes would never be recovered - blfn_ret += "do_exit"; // no "|" - blfn_ret += "|sys_exit"; - blfn_ret += "|sys_exit_group"; - - // __switch_to changes "current" on x86_64 and i686, so return probes - // would cause kernel panic, and it is marked as "__kprobes" on x86_64 - if (sess.architecture == "x86_64") - blfn += "|__switch_to"; - if (sess.architecture == "i686") - blfn_ret += "|__switch_to"; - - blfn += ")$"; - blfn_ret += ")$"; - blfile += ")$"; - - if (sess.verbose > 2) - { - clog << "blacklist regexps:" << endl; - clog << "blfn: " << blfn << endl; - clog << "blfn_ret: " << blfn_ret << endl; - clog << "blfile: " << blfile << endl; - } - - int rc = regcomp (& blacklist_func, blfn.c_str(), REG_NOSUB|REG_EXTENDED); - if (rc) throw semantic_error ("blacklist_func regcomp failed"); - rc = regcomp (& blacklist_func_ret, blfn_ret.c_str(), REG_NOSUB|REG_EXTENDED); - if (rc) throw semantic_error ("blacklist_func_ret regcomp failed"); - rc = regcomp (& blacklist_file, blfile.c_str(), REG_NOSUB|REG_EXTENDED); - if (rc) throw semantic_error ("blacklist_file regcomp failed"); -} - - function_spec_type dwarf_query::parse_function_spec(string & spec) { @@ -1094,129 +947,6 @@ dwarf_query::parse_function_spec(string & spec) } -#if 0 -// Forward declaration. -static int query_kernel_module (Dwfl_Module *, void **, const char *, - Dwarf_Addr, void *); -#endif - - -// XXX: pull this into dwflpp -static bool -in_kprobes_function(systemtap_session& sess, Dwarf_Addr addr) -{ - if (sess.sym_kprobes_text_start != 0 && sess.sym_kprobes_text_end != 0) - { - // If the probe point address is anywhere in the __kprobes - // address range, we can't use this probe point. - if (addr >= sess.sym_kprobes_text_start && addr < sess.sym_kprobes_text_end) - return true; - } - return false; -} - - -bool -dwarf_query::blacklisted_p(const string& funcname, - const string& filename, - int, - const string& module, - const string& section, - Dwarf_Addr addr) -{ - if (has_process) - return false; // no blacklist for userspace - - if (section.substr(0, 6) == string(".init.") || - section.substr(0, 6) == string(".exit.") || - section.substr(0, 9) == string(".devinit.") || - section.substr(0, 9) == string(".devexit.") || - section.substr(0, 9) == string(".cpuinit.") || - section.substr(0, 9) == string(".cpuexit.") || - section.substr(0, 9) == string(".meminit.") || - section.substr(0, 9) == string(".memexit.")) - { - // NB: module .exit. routines could be probed in theory: - // if the exit handler in "struct module" is diverted, - // first inserting the kprobes - // then allowing the exit code to run - // then removing these kprobes - if (sess.verbose>1) - clog << " skipping - init/exit"; - return true; - } - - // Check for function marked '__kprobes'. - if (module == TOK_KERNEL && in_kprobes_function(sess, addr)) - { - if (sess.verbose>1) - clog << " skipping - __kprobes"; - return true; - } - - // Check probe point against blacklist. - int goodfn = regexec (&blacklist_func, funcname.c_str(), 0, NULL, 0); - if (has_return) - goodfn = goodfn && regexec (&blacklist_func_ret, funcname.c_str(), 0, NULL, 0); - int goodfile = regexec (&blacklist_file, filename.c_str(), 0, NULL, 0); - - if (! (goodfn && goodfile)) - { - if (sess.guru_mode) - { - if (sess.verbose>1) - clog << " guru mode enabled - ignoring blacklist"; - } - else - { - if (sess.verbose>1) - clog << " skipping - blacklisted"; - return true; - } - } - - // This probe point is not blacklisted. - return false; -} - -string dwarf_query::get_blacklist_section(Dwarf_Addr addr) -{ - string blacklist_section; - Dwarf_Addr bias; - // We prefer dwfl_module_getdwarf to dwfl_module_getelf here, - // because dwfl_module_getelf can force costly section relocations - // we don't really need, while either will do for this purpose. - Elf* elf = (dwarf_getelf (dwfl_module_getdwarf (dw.module, &bias)) - ?: dwfl_module_getelf (dw.module, &bias)); - - Dwarf_Addr offset = addr - bias; - if (elf) - { - Elf_Scn* scn = 0; - size_t shstrndx; - dwfl_assert ("getshstrndx", elf_getshstrndx (elf, &shstrndx)); - while ((scn = elf_nextscn (elf, scn)) != NULL) - { - GElf_Shdr shdr_mem; - GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem); - if (! shdr) continue; // XXX error? - - if (!(shdr->sh_flags & SHF_ALLOC)) - continue; - - GElf_Addr start = shdr->sh_addr; - GElf_Addr end = start + shdr->sh_size; - if (! (offset >= start && offset < end)) - continue; - - blacklist_section = elf_strptr (elf, shstrndx, shdr->sh_name); - break; - } - } - return blacklist_section; -} - - void dwarf_query::add_probe_point(const string& funcname, const char* filename, @@ -1225,40 +955,13 @@ dwarf_query::add_probe_point(const string& funcname, Dwarf_Addr addr) { string reloc_section; // base section for relocation purposes - Dwarf_Addr reloc_addr = addr; // relocated + Dwarf_Addr reloc_addr; // relocated string blacklist_section; // linking section for blacklist purposes const string& module = dw.module_name; // "kernel" or other assert (! has_absolute); // already handled in dwarf_builder::build() - if (!dw.module) - { - assert(module == TOK_KERNEL); - reloc_section = ""; - blacklist_section = ""; - } - else if (dwfl_module_relocations (dw.module) > 0) - { - // This is a relocatable module; libdwfl already knows its - // sections, so we can relativize addr. - int idx = dwfl_module_relocate_address (dw.module, &reloc_addr); - const char* r_s = dwfl_module_relocation_info (dw.module, idx, NULL); - if (r_s) - reloc_section = r_s; - blacklist_section = reloc_section; - - if(reloc_section == "" && dwfl_module_relocations (dw.module) == 1) - { - blacklist_section = this->get_blacklist_section(addr); - reloc_section = ".dynamic"; - reloc_addr = addr; - } - } - else - { - blacklist_section = this->get_blacklist_section(addr); - reloc_section = ".absolute"; - } + reloc_addr = dw.relocate_address(addr, reloc_section, blacklist_section); if (sess.verbose > 1) { @@ -1274,7 +977,8 @@ dwarf_query::add_probe_point(const string& funcname, clog << " pc=0x" << hex << addr << dec; } - bool bad = blacklisted_p (funcname, filename, line, module, blacklist_section, addr); + bool bad = dw.blacklisted_p (funcname, filename, line, module, + blacklist_section, addr, has_return); if (sess.verbose > 1) clog << endl; @@ -1777,26 +1481,6 @@ query_cu (Dwarf_Die * cudie, void * arg) } -#if 0 -static int -query_kernel_module (Dwfl_Module *mod, - void **, - const char *name, - Dwarf_Addr, - void *arg) -{ - if (TOK_KERNEL == name) - { - Dwfl_Module **m = (Dwfl_Module **)arg; - - *m = mod; - return DWARF_CB_ABORT; - } - return DWARF_CB_OK; -} -#endif - - static void validate_module_elf (Dwfl_Module *mod, const char *name, base_query *q) { -- cgit From c8ad068755e7424e767660f2c27cb3b1e2d5343d Mon Sep 17 00:00:00 2001 From: Josh Stone Date: Tue, 2 Jun 2009 00:43:49 -0700 Subject: Cache the last result of dwarf_getscopes This one function accounted for ~30% of my callgrind profile of "stap -l 'syscall.*'", even though it was only called ~1200 times. We call dwarf_getscopes for each $target variable, with the same parameters within a given probe. Since they're no nicely grouped, it's easy to just cache the most recent call, and the next few calls will be a hit. Overall this cuts the number of calls down to about 300, for an easy speed gain. --- dwflpp.cxx | 24 ++++++++++++++++++++++-- dwflpp.h | 5 +++++ 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/dwflpp.cxx b/dwflpp.cxx index 52981d3f..6ca9780d 100644 --- a/dwflpp.cxx +++ b/dwflpp.cxx @@ -66,7 +66,8 @@ static string TOK_KERNEL("kernel"); dwflpp::dwflpp(systemtap_session & session, const string& user_module): sess(session), module(NULL), module_bias(0), mod_info(NULL), module_start(0), module_end(0), cu(NULL), dwfl(NULL), - module_dwarf(NULL), function(NULL), blacklist_enabled(false) + module_dwarf(NULL), function(NULL), blacklist_enabled(false), + pc_cached_scopes(0), num_cached_scopes(0), cached_scopes(NULL) { if (user_module.empty()) setup_kernel(); @@ -77,6 +78,7 @@ dwflpp::dwflpp(systemtap_session & session, const string& user_module): dwflpp::~dwflpp() { + free(cached_scopes); if (dwfl) dwfl_end(dwfl); } @@ -165,6 +167,9 @@ dwflpp::focus_on_cu(Dwarf_Die * c) // Reset existing pointers and names function_name.clear(); function = NULL; + + free(cached_scopes); + cached_scopes = NULL; } @@ -1341,7 +1346,7 @@ dwflpp::find_variable_and_frame_base (Dwarf_Die *scope_die, assert (cu); - nscopes = dwarf_getscopes (cu, pc, &scopes); + nscopes = dwarf_getscopes_cached (pc, &scopes); int sidx; // if pc and scope_die are disjoint then we need dwarf_getscopes_die for (sidx = 0; sidx < nscopes; sidx++) @@ -2383,4 +2388,19 @@ dwflpp::relocate_address(Dwarf_Addr addr, } +int +dwflpp::dwarf_getscopes_cached (Dwarf_Addr pc, Dwarf_Die **scopes) +{ + if (!cached_scopes || pc != pc_cached_scopes) + { + free(cached_scopes); + cached_scopes = NULL; + pc_cached_scopes = pc; + num_cached_scopes = dwarf_getscopes(cu, pc, &cached_scopes); + } + *scopes = cached_scopes; + return num_cached_scopes; +} + + /* vim: set sw=2 ts=8 cino=>4,n-2,{2,^-2,t0,(0,u0,w1,M1 : */ diff --git a/dwflpp.h b/dwflpp.h index 554e02d4..314e7583 100644 --- a/dwflpp.h +++ b/dwflpp.h @@ -382,6 +382,11 @@ private: bool blacklist_enabled; void build_blacklist(); std::string get_blacklist_section(Dwarf_Addr addr); + + Dwarf_Addr pc_cached_scopes; + int num_cached_scopes; + Dwarf_Die *cached_scopes; + int dwarf_getscopes_cached (Dwarf_Addr pc, Dwarf_Die **scopes); }; #endif // DWFLPP_H -- cgit From 8224f4bed15ec757d8f0146d6c56b374374b6bc0 Mon Sep 17 00:00:00 2001 From: Josh Stone Date: Tue, 2 Jun 2009 01:28:00 -0700 Subject: More nd_syscalls2 cleanup, and add SYSCALL_WRAPPERS MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Fix a few more formatting issues - Add SYSCALL_WRAPPERS analogous to 132c33 tapset/syscalls2.stp Thanks to Przemysław Pawełczyk for the helpful translation scripts. --- tapset/nd_syscalls2.stp | 866 ++++++++++++++++++++++++++++++++---------------- 1 file changed, 575 insertions(+), 291 deletions(-) diff --git a/tapset/nd_syscalls2.stp b/tapset/nd_syscalls2.stp index 53c40453..49210012 100644 --- a/tapset/nd_syscalls2.stp +++ b/tapset/nd_syscalls2.stp @@ -28,7 +28,8 @@ # long compat_sys_nanosleep(struct compat_timespec __user *rqtp, # struct compat_timespec __user *rmtp) # -probe nd_syscall.nanosleep = kprobe.function("sys_nanosleep") +probe nd_syscall.nanosleep = kprobe.function("SyS_nanosleep") ?, + kprobe.function("sys_nanosleep") ? { name = "nanosleep" // req_uaddr = $rqtp @@ -39,7 +40,8 @@ probe nd_syscall.nanosleep = kprobe.function("sys_nanosleep") rem_uaddr = pointer_arg(2) argstr = sprintf("%s, %p", _struct_timespec_u(req_uaddr, 1), rem_uaddr) } -probe nd_syscall.nanosleep.return = kprobe.function("sys_nanosleep").return +probe nd_syscall.nanosleep.return = kprobe.function("SyS_nanosleep").return ?, + kprobe.function("sys_nanosleep").return ? { name = "nanosleep" retstr = returnstr(1) @@ -91,7 +93,8 @@ probe nd_syscall.nfsservctl.return = kprobe.function("sys_nfsservctl").return ?, # nice _______________________________________________________ # long sys_nice(int increment) # -probe nd_syscall.nice = kprobe.function("sys_nice") ? +probe nd_syscall.nice = kprobe.function("SyS_nice") ?, + kprobe.function("sys_nice") ? { name = "nice" // inc = $increment @@ -100,7 +103,8 @@ probe nd_syscall.nice = kprobe.function("sys_nice") ? inc = int_arg(1) argstr = sprintf("%d", inc) } -probe nd_syscall.nice.return = kprobe.function("sys_nice").return ? +probe nd_syscall.nice.return = kprobe.function("SyS_nice").return ?, + kprobe.function("sys_nice").return ? { name = "nice" retstr = returnstr(1) @@ -125,9 +129,10 @@ probe nd_syscall.ni_syscall.return = kprobe.function("sys_ni_syscall").return # long sys_open(const char __user * filename, int flags, int mode) # (obsolete) long sys32_open(const char * filename, int flags, int mode) # -probe nd_syscall.open = kprobe.function("sys_open") ?, - kprobe.function("compat_sys_open") ?, - kprobe.function("sys32_open") ? +probe nd_syscall.open = kprobe.function("compat_sys_open") ?, + kprobe.function("sys32_open") ?, + kprobe.function("SyS_open") ?, + kprobe.function("sys_open") ? { name = "open" // filename = user_string($filename) @@ -150,9 +155,10 @@ probe nd_syscall.open = kprobe.function("sys_open") ?, argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), _sys_open_flag_str(flags)) } -probe nd_syscall.open.return = kprobe.function("sys_open").return ?, - kprobe.function("compat_sys_open").return ?, +probe nd_syscall.open.return = kprobe.function("compat_sys_open").return ?, kprobe.function("sys32_open").return ? + kprobe.function("SyS_open").return ? + kprobe.function("sys_open").return ? { name = "open" retstr = returnstr(1) @@ -162,8 +168,9 @@ probe nd_syscall.open.return = kprobe.function("sys_open").return ?, # long sys_openat(int dfd, const char __user *filename, int flags, int mode) # long compat_sys_openat(unsigned int dfd, const char __user *filename, int flags, int mode) # -probe nd_syscall.openat = kprobe.function("sys_openat") ?, - kprobe.function("compat_sys_openat") ? +probe nd_syscall.openat = kprobe.function("compat_sys_openat") ?, + kprobe.function("SyS_openat") ?, + kprobe.function("sys_openat") ? { name = "openat" // filename = user_string($filename) @@ -190,8 +197,9 @@ probe nd_syscall.openat = kprobe.function("sys_openat") ?, user_string_quoted(pointer_arg(2)), _sys_open_flag_str(flags)) } -probe nd_syscall.openat.return = kprobe.function("sys_openat").return ?, - kprobe.function("compat_sys_openat").return ? +probe nd_syscall.openat.return = kprobe.function("compat_sys_openat").return ?, + kprobe.function("SyS_openat").return ?, + kprobe.function("sys_openat").return ? { name = "openat" retstr = returnstr(1) @@ -260,7 +268,7 @@ probe nd_syscall.pause.return = kprobe.function("sys_pause").return ?, # argstr = sprintf("%p, %p, %p, %d, %p", bus, dfn, off, # len, buf_uaddr) #} -#probe nd_syscall.pciconfig_read.return = # kprobe.function("sys_pciconfig_read").return +#probe nd_syscall.pciconfig_read.return = kprobe.function("sys_pciconfig_read").return #{ # name = "pciconfig_read" # retstr = returnstr(1) @@ -287,7 +295,7 @@ probe nd_syscall.pause.return = kprobe.function("sys_pause").return ?, # argstr = sprintf("%p, %p, %p, %d, %p", bus, dfn, off, # len, buf_uaddr) #} -#probe nd_syscall.pciconfig_write.return = # kprobe.function("sys_pciconfig_write").return +#probe nd_syscall.pciconfig_write.return = kprobe.function("sys_pciconfig_write").return #{ # name = "pciconfig_write" # retstr = returnstr(1) @@ -298,7 +306,8 @@ probe nd_syscall.pause.return = kprobe.function("sys_pause").return ?, # asmlinkage long # sys_personality(u_long personality) # -probe nd_syscall.personality = kprobe.function("sys_personality") +probe nd_syscall.personality = kprobe.function("SyS_personality") ?, + kprobe.function("sys_personality") ? { name = "personality" // persona = $personality @@ -306,7 +315,8 @@ probe nd_syscall.personality = kprobe.function("sys_personality") persona = ulong_arg(1) argstr = sprintf("%p", persona); } -probe nd_syscall.personality.return = kprobe.function("sys_personality").return +probe nd_syscall.personality.return = kprobe.function("SyS_personality").return ?, + kprobe.function("sys_personality").return ? { name = "personality" retstr = returnstr(1) @@ -317,7 +327,8 @@ probe nd_syscall.personality.return = kprobe.function("sys_personality").return # asmlinkage int # sys_pipe(unsigned long __user * fildes) # -probe nd_syscall.pipe = kprobe.function("sys_pipe") +probe nd_syscall.pipe = kprobe.function("SyS_pipe") ?, + kprobe.function("sys_pipe") ? { name = "pipe" %( arch == "ia64" %? @@ -332,7 +343,8 @@ probe nd_syscall.pipe = kprobe.function("sys_pipe") %) } -probe nd_syscall.pipe.return = kprobe.function("sys_pipe").return +probe nd_syscall.pipe.return = kprobe.function("SyS_pipe").return ?, + kprobe.function("sys_pipe").return ? { name = "pipe" retstr = returnstr(1) @@ -342,7 +354,8 @@ probe nd_syscall.pipe.return = kprobe.function("sys_pipe").return # # long sys_pivot_root(const char __user *new_root, const char __user *put_old) # -probe nd_syscall.pivot_root = kprobe.function("sys_pivot_root") +probe nd_syscall.pivot_root = kprobe.function("SyS_pivot_root") ?, + kprobe.function("sys_pivot_root") ? { name = "pivot_root" // new_root_str = user_string($new_root) @@ -355,7 +368,8 @@ probe nd_syscall.pivot_root = kprobe.function("sys_pivot_root") argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), user_string_quoted(pointer_arg(2))) } -probe nd_syscall.pivot_root.return = kprobe.function("sys_pivot_root").return +probe nd_syscall.pivot_root.return = kprobe.function("SyS_pivot_root").return ?, + kprobe.function("sys_pivot_root").return ? { name = "pivot_root" retstr = returnstr(1) @@ -365,7 +379,8 @@ probe nd_syscall.pivot_root.return = kprobe.function("sys_pivot_root").return # # long sys_poll(struct pollfd __user * ufds, unsigned int nfds, long timeout) # -probe nd_syscall.poll = kprobe.function("sys_poll") +probe nd_syscall.poll = kprobe.function("SyS_poll") ?, + kprobe.function("sys_poll") ? { name = "poll" // ufds_uaddr = $ufds @@ -378,7 +393,8 @@ probe nd_syscall.poll = kprobe.function("sys_poll") timeout = long_arg(3) argstr = sprintf("%p, %d, %d", ufds_uaddr, nfds, timeout) } -probe nd_syscall.poll.return = kprobe.function("sys_poll").return +probe nd_syscall.poll.return = kprobe.function("SyS_poll").return ?, + kprobe.function("sys_poll").return ? { name = "poll" retstr = returnstr(1) @@ -390,7 +406,8 @@ probe nd_syscall.poll.return = kprobe.function("sys_poll").return # struct timespec __user *tsp, const sigset_t __user *sigmask, # size_t sigsetsize) # -probe nd_syscall.ppoll = kprobe.function("sys_ppoll") ? +probe nd_syscall.ppoll = kprobe.function("SyS_ppoll") ?, + kprobe.function("sys_ppoll") ? { name = "ppoll" // argstr = sprintf("%p, %d, %s, %p, %d", @@ -407,7 +424,8 @@ probe nd_syscall.ppoll = kprobe.function("sys_ppoll") ? pointer_arg(4), ulong_arg(5)) } -probe nd_syscall.ppoll.return = kprobe.function("sys_ppoll").return ? +probe nd_syscall.ppoll.return = kprobe.function("SyS_ppoll").return ?, + kprobe.function("sys_ppoll").return ? { name = "ppoll" retstr = returnstr(1) @@ -448,7 +466,8 @@ probe nd_syscall.compat_ppoll.return = kprobe.function("compat_sys_ppoll").retur # unsigned long arg4, # unsigned long arg5) # -probe nd_syscall.prctl = kprobe.function("sys_prctl") +probe nd_syscall.prctl = kprobe.function("SyS_prctl") ?, + kprobe.function("sys_prctl") ? { name = "prctl" // option = $option @@ -465,7 +484,8 @@ probe nd_syscall.prctl = kprobe.function("sys_prctl") argstr = sprintf("%p, %p, %p, %p, %p", option, arg2, arg3, arg4, arg5) } -probe nd_syscall.prctl.return = kprobe.function("sys_prctl").return +probe nd_syscall.prctl.return = kprobe.function("SyS_prctl").return ?, + kprobe.function("sys_prctl").return ? { name = "prctl" retstr = returnstr(1) @@ -478,7 +498,8 @@ probe nd_syscall.prctl.return = kprobe.function("sys_prctl").return # size_t count, # loff_t pos) # -probe nd_syscall.pread = kprobe.function("sys_pread64") +probe nd_syscall.pread = kprobe.function("SyS_pread64") ?, + kprobe.function("sys_pread64") ? { name = "pread" // fd = $fd @@ -493,7 +514,8 @@ probe nd_syscall.pread = kprobe.function("sys_pread64") offset = longlong_arg(4) argstr = sprintf("%d, %p, %d, %d", fd, buf_uaddr, count, offset) } -probe nd_syscall.pread.return = kprobe.function("sys_pread64").return +probe nd_syscall.pread.return = kprobe.function("SyS_pread64").return ?, + kprobe.function("sys_pread64").return ? { name = "pread" retstr = returnstr(1) @@ -504,7 +526,8 @@ probe nd_syscall.pread.return = kprobe.function("sys_pread64").return # long sys_pselect6(int n, fd_set __user *inp, fd_set __user *outp, # fd_set __user *exp, struct timespec __user *tsp, void __user *sig) # -probe nd_syscall.pselect6 = kprobe.function("sys_pselect6") ? +probe nd_syscall.pselect6 = kprobe.function("SyS_pselect6") ?, + kprobe.function("sys_pselect6") ? { name = "pselect6" // argstr = sprintf("%d, %p, %p, %p, %s, %p", $n, $inp, $outp, $exp, @@ -513,7 +536,8 @@ probe nd_syscall.pselect6 = kprobe.function("sys_pselect6") ? argstr = sprintf("%d, %p, %p, %p, %s, %p", int_arg(1) , pointer_arg(2), pointer_arg(3), pointer_arg(4), _struct_timespec_u(pointer_arg(5), 1), pointer_arg(6)) } -probe nd_syscall.pselect6.return = kprobe.function("sys_pselect6").return ? +probe nd_syscall.pselect6.return = kprobe.function("SyS_pselect6").return ?, + kprobe.function("sys_pselect6").return ? { name = "pselect6" retstr = returnstr(1) @@ -575,7 +599,8 @@ probe nd_syscall.compat_pselect7.return = kprobe.function("compat_sys_pselect7") # long addr, # long data) # -probe nd_syscall.ptrace = kprobe.function("sys_ptrace") ? +probe nd_syscall.ptrace = kprobe.function("SyS_ptrace") ?, + kprobe.function("sys_ptrace") ? { name = "ptrace" // request = $request @@ -589,7 +614,8 @@ probe nd_syscall.ptrace = kprobe.function("sys_ptrace") ? data = long_arg(4) argstr = sprintf("%d, %d, %p, %p", request, pid, addr, data) } -probe nd_syscall.ptrace.return = kprobe.function("sys_ptrace").return ? +probe nd_syscall.ptrace.return = kprobe.function("SyS_ptrace").return ?, + kprobe.function("sys_ptrace").return ? { name = "ptrace" retstr = returnstr(1) @@ -602,7 +628,8 @@ probe nd_syscall.ptrace.return = kprobe.function("sys_ptrace").return ? # size_t count, # loff_t pos) # -probe nd_syscall.pwrite = kprobe.function("sys_pwrite64") +probe nd_syscall.pwrite = kprobe.function("SyS_pwrite64") ?, + kprobe.function("sys_pwrite64") ? { name = "pwrite" // fd = $fd @@ -621,7 +648,8 @@ probe nd_syscall.pwrite = kprobe.function("sys_pwrite64") text_strn(user_string(buf_uaddr), syscall_string_trunc, 1), count, offset) } -probe nd_syscall.pwrite.return = kprobe.function("sys_pwrite64").return +probe nd_syscall.pwrite.return = kprobe.function("SyS_pwrite64").return ?, + kprobe.function("sys_pwrite64").return ? { name = "pwrite" retstr = returnstr(1) @@ -668,7 +696,8 @@ probe nd_syscall.pwrite32.return = kprobe.function("sys32_pwrite64").return ? # qid_t id, # void __user *addr) # -probe nd_syscall.quotactl = kprobe.function("sys_quotactl") ? +probe nd_syscall.quotactl = kprobe.function("SyS_quotactl") ?, + kprobe.function("sys_quotactl") ? { name = "quotactl" // cmd = $cmd @@ -687,7 +716,8 @@ probe nd_syscall.quotactl = kprobe.function("sys_quotactl") ? addr_uaddr = pointer_arg(4) argstr = sprintf("%s, %s, %d, %p", cmd_str, special_str, id, addr_uaddr) } -probe nd_syscall.quotactl.return = kprobe.function("sys_quotactl").return ? +probe nd_syscall.quotactl.return = kprobe.function("SyS_quotactl").return ?, + kprobe.function("sys_quotactl").return ? { name = "quotactl" retstr = returnstr(1) @@ -695,7 +725,8 @@ probe nd_syscall.quotactl.return = kprobe.function("sys_quotactl").return ? # read _______________________________________________________ # ssize_t sys_read(unsigned int fd, char __user * buf, size_t count) -probe nd_syscall.read = kprobe.function("sys_read") +probe nd_syscall.read = kprobe.function("SyS_read") ?, + kprobe.function("sys_read") ? { name = "read" // fd = $fd @@ -708,7 +739,8 @@ probe nd_syscall.read = kprobe.function("sys_read") count = ulong_arg(3) argstr = sprintf("%d, %p, %d", fd, buf_uaddr, count) } -probe nd_syscall.read.return = kprobe.function("sys_read").return +probe nd_syscall.read.return = kprobe.function("SyS_read").return ?, + kprobe.function("sys_read").return ? { name = "read" retstr = returnstr(1) @@ -721,7 +753,8 @@ probe nd_syscall.read.return = kprobe.function("sys_read").return # loff_t offset, # size_t count) # -probe nd_syscall.readahead = kprobe.function("sys_readahead") +probe nd_syscall.readahead = kprobe.function("SyS_readahead") ?, + kprobe.function("sys_readahead") ? { name = "readahead" // fd = $fd @@ -733,7 +766,8 @@ probe nd_syscall.readahead = kprobe.function("sys_readahead") count = ulong_arg(3) argstr = sprintf("%d, %p, %p", fd, offset, count) } -probe nd_syscall.readahead.return = kprobe.function("sys_readahead").return +probe nd_syscall.readahead.return = kprobe.function("SyS_readahead").return ?, + kprobe.function("sys_readahead").return ? { name = "readahead" retstr = returnstr(1) @@ -765,7 +799,8 @@ probe nd_syscall.readdir.return = kprobe.function("compat_sys_old_readdir").retu # char __user * buf, # int bufsiz) # -probe nd_syscall.readlink = kprobe.function("sys_readlink") +probe nd_syscall.readlink = kprobe.function("SyS_readlink") ?, + kprobe.function("sys_readlink") ? { name = "readlink" // path = user_string($path) @@ -780,7 +815,8 @@ probe nd_syscall.readlink = kprobe.function("sys_readlink") argstr = sprintf("%s, %p, %d", user_string_quoted(pointer_arg(1)), buf_uaddr, bufsiz) } -probe nd_syscall.readlink.return = kprobe.function("sys_readlink").return +probe nd_syscall.readlink.return = kprobe.function("SyS_readlink").return ?, + kprobe.function("sys_readlink").return ? { name = "readlink" retstr = returnstr(1) @@ -792,7 +828,8 @@ probe nd_syscall.readlink.return = kprobe.function("sys_readlink").return # char __user * buf, # int bufsiz) # -probe nd_syscall.readlinkat = kprobe.function("sys_readlinkat") ? +probe nd_syscall.readlinkat = kprobe.function("SyS_readlinkat") ?, + kprobe.function("sys_readlinkat") ? { name = "readlinkat" //dfd = $dfd @@ -809,7 +846,8 @@ probe nd_syscall.readlinkat = kprobe.function("sys_readlinkat") ? argstr = sprintf("%s, %s, %p, %d", _dfd_str(dfd), user_string_quoted(pointer_arg(2)), buf_uaddr, bufsiz) } -probe nd_syscall.readlinkat.return = kprobe.function("sys_readlinkat").return ? +probe nd_syscall.readlinkat.return = kprobe.function("SyS_readlinkat").return ?, + kprobe.function("sys_readlinkat").return ? { name = "readlinkat" retstr = returnstr(1) @@ -824,8 +862,9 @@ probe nd_syscall.readlinkat.return = kprobe.function("sys_readlinkat").return ? # const struct compat_iovec __user *vec, # unsigned long vlen) # -probe nd_syscall.readv = kprobe.function("sys_readv"), - kprobe.function("compat_sys_readv") ? +probe nd_syscall.readv = kprobe.function("compat_sys_readv") ?, + kprobe.function("SyS_readv") ?, + kprobe.function("sys_readv") ? { name = "readv" // vector_uaddr = $vec @@ -843,8 +882,9 @@ probe nd_syscall.readv = kprobe.function("sys_readv"), fd = ulong_arg(1) argstr = sprintf("%d, %p, %d", fd, vector_uaddr, count) } -probe nd_syscall.readv.return = kprobe.function("sys_readv").return, - kprobe.function("compat_sys_readv").return ? +probe nd_syscall.readv.return = kprobe.function("compat_sys_readv").return ?, + kprobe.function("SyS_readv").return ?, + kprobe.function("sys_readv").return ? { name = "readv" retstr = returnstr(1) @@ -857,7 +897,8 @@ probe nd_syscall.readv.return = kprobe.function("sys_readv").return, # unsigned int cmd, # void __user * arg) # -probe nd_syscall.reboot = kprobe.function("sys_reboot") +probe nd_syscall.reboot = kprobe.function("SyS_reboot") ?, + kprobe.function("sys_reboot") ? { name = "reboot" // magic = $magic1 @@ -880,7 +921,8 @@ probe nd_syscall.reboot = kprobe.function("sys_reboot") argstr = sprintf("%s, %s, %s, %p", magic_str, magic2_str, flag_str, arg_uaddr) } -probe nd_syscall.reboot.return = kprobe.function("sys_reboot").return +probe nd_syscall.reboot.return = kprobe.function("SyS_reboot").return ?, + kprobe.function("sys_reboot").return ? { name = "reboot" retstr = returnstr(1) @@ -922,7 +964,8 @@ probe nd_syscall.recv.return = kprobe.function("sys_recv").return ? # struct sockaddr __user *addr, # int __user *addr_len) # -probe nd_syscall.recvfrom = kprobe.function("sys_recvfrom") ? +probe nd_syscall.recvfrom = kprobe.function("SyS_recvfrom") ?, + kprobe.function("sys_recvfrom") ? { name = "recvfrom" // s = $fd @@ -945,7 +988,8 @@ probe nd_syscall.recvfrom = kprobe.function("sys_recvfrom") ? argstr = sprintf("%d, %p, %d, %s, %p, %p", s, buf_uaddr, len, flags_str, addr_uaddr, addrlen_uaddr) } -probe nd_syscall.recvfrom.return = kprobe.function("sys_recvfrom").return ? +probe nd_syscall.recvfrom.return = kprobe.function("SyS_recvfrom").return ?, + kprobe.function("sys_recvfrom").return ? { name = "recvfrom" retstr = returnstr(1) @@ -957,7 +1001,8 @@ probe nd_syscall.recvfrom.return = kprobe.function("sys_recvfrom").return ? # struct msghdr __user *msg, # unsigned int flags) # -probe nd_syscall.recvmsg = kprobe.function("sys_recvmsg") ? +probe nd_syscall.recvmsg = kprobe.function("SyS_recvmsg") ?, + kprobe.function("sys_recvmsg") ? { name = "recvmsg" // s = $fd @@ -972,7 +1017,8 @@ probe nd_syscall.recvmsg = kprobe.function("sys_recvmsg") ? flags_str = _recvflags_str(flags) argstr = sprintf("%d, %p, %s", s, msg_uaddr, flags_str) } -probe nd_syscall.recvmsg.return = kprobe.function("sys_recvmsg").return ? +probe nd_syscall.recvmsg.return = kprobe.function("SyS_recvmsg").return ?, + kprobe.function("sys_recvmsg").return ? { name = "recvmsg" retstr = returnstr(1) @@ -1011,7 +1057,8 @@ probe nd_syscall.compat_sys_recvmsg.return = kprobe.function("compat_sys_recvmsg # unsigned long pgoff, # unsigned long flags) # -probe nd_syscall.remap_file_pages = kprobe.function("sys_remap_file_pages") ? +probe nd_syscall.remap_file_pages = kprobe.function("SyS_remap_file_pages") ?, + kprobe.function("sys_remap_file_pages") ? { name = "remap_file_pages" // start = $start @@ -1032,7 +1079,8 @@ probe nd_syscall.remap_file_pages = kprobe.function("sys_remap_file_pages") ? argstr = sprintf("%p, %p, %p, %p, %p", start, size, prot, pgoff, flags) } -probe nd_syscall.remap_file_pages.return = kprobe.function("sys_remap_file_pages").return ? +probe nd_syscall.remap_file_pages.return = kprobe.function("SyS_remap_file_pages").return ?, + kprobe.function("sys_remap_file_pages").return ? { name = "remap_file_pages" retstr = returnstr(1) @@ -1044,7 +1092,8 @@ probe nd_syscall.remap_file_pages.return = kprobe.function("sys_remap_file_pages # sys_removexattr(char __user *path, # char __user *name) # -probe nd_syscall.removexattr = kprobe.function("sys_removexattr") +probe nd_syscall.removexattr = kprobe.function("SyS_removexattr") ?, + kprobe.function("sys_removexattr") ? { name = "removexattr" // path = user_string($path) @@ -1057,7 +1106,8 @@ probe nd_syscall.removexattr = kprobe.function("sys_removexattr") argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), user_string_quoted(pointer_arg(2))) } -probe nd_syscall.removexattr.return = kprobe.function("sys_removexattr").return +probe nd_syscall.removexattr.return = kprobe.function("SyS_removexattr").return ?, + kprobe.function("sys_removexattr").return ? { name = "removexattr" retstr = returnstr(1) @@ -1069,7 +1119,8 @@ probe nd_syscall.removexattr.return = kprobe.function("sys_removexattr").return # sys_rename(const char __user * oldname, # const char __user * newname) # -probe nd_syscall.rename = kprobe.function("sys_rename") +probe nd_syscall.rename = kprobe.function("SyS_rename") ?, + kprobe.function("sys_rename") ? { name = "rename" // oldpath = user_string($oldname) @@ -1082,12 +1133,24 @@ probe nd_syscall.rename = kprobe.function("sys_rename") argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), user_string_quoted(pointer_arg(2))) } -probe nd_syscall.rename.return = kprobe.function("sys_rename").return +probe nd_syscall.rename.return = kprobe.function("SyS_rename").return ?, + kprobe.function("sys_rename").return ? { name = "rename" retstr = returnstr(1) } +# renameat ___________________________________________________ +# TODO +#probe nd_syscall.renameat = kprobe.function("SyS_renameat") ?, +# kprobe.function("sys_renameat") ? +#{ +#} +#probe nd_syscall.renameat.return = kprobe.function("SyS_renameat").return ?, +# kprobe.function("sys_renameat").return ? +#{ +#} + # request_key ________________________________________________ # # long sys_request_key(const char __user *_type, @@ -1096,7 +1159,8 @@ probe nd_syscall.rename.return = kprobe.function("sys_rename").return # key_serial_t destringid) # compat_sys_request_key() calls sys_request_key, so don't need probe there. # -probe nd_syscall.request_key = kprobe.function("sys_request_key") ? +probe nd_syscall.request_key = kprobe.function("SyS_request_key") ?, + kprobe.function("sys_request_key") ? { name = "request_key" // type_uaddr = $_type @@ -1111,7 +1175,8 @@ probe nd_syscall.request_key = kprobe.function("sys_request_key") ? destringid = u32_arg(4) argstr = sprintf("%p, %p, %p, %p", type_uaddr, description_uaddr, callout_info_uaddr, destringid) } -probe nd_syscall.request_key.return = kprobe.function("sys_request_key").return ? +probe nd_syscall.request_key.return = kprobe.function("SyS_request_key").return ?, + kprobe.function("sys_request_key").return ? { name = "request_key" retstr = returnstr(1) @@ -1138,7 +1203,8 @@ probe nd_syscall.restart_syscall.return = kprobe.function("sys_restart_syscall") # asmlinkage long # sys_rmdir(const char __user * pathname) # -probe nd_syscall.rmdir = kprobe.function("sys_rmdir") +probe nd_syscall.rmdir = kprobe.function("SyS_rmdir") ?, + kprobe.function("sys_rmdir") ? { name = "rmdir" // pathname = user_string($pathname) @@ -1147,7 +1213,8 @@ probe nd_syscall.rmdir = kprobe.function("sys_rmdir") pathname = user_string(pointer_arg(1)) argstr = user_string_quoted(pointer_arg(1)) } -probe nd_syscall.rmdir.return = kprobe.function("sys_rmdir").return +probe nd_syscall.rmdir.return = kprobe.function("SyS_rmdir").return ?, + kprobe.function("sys_rmdir").return ? { name = "rmdir" retstr = returnstr(1) @@ -1160,7 +1227,8 @@ probe nd_syscall.rmdir.return = kprobe.function("sys_rmdir").return # struct sigaction __user *oact, # size_t sigsetsize) # -probe nd_syscall.rt_sigaction = kprobe.function("sys_rt_sigaction") ? +probe nd_syscall.rt_sigaction = kprobe.function("SyS_rt_sigaction") ?, + kprobe.function("sys_rt_sigaction") ? { name = "rt_sigaction" // sig = $sig @@ -1177,7 +1245,8 @@ probe nd_syscall.rt_sigaction = kprobe.function("sys_rt_sigaction") ? argstr = sprintf("%s, {%s}, %p, %d", _signal_name(sig), _struct_sigaction_u(act_uaddr), oact_uaddr, sigsetsize) } -probe nd_syscall.rt_sigaction.return = kprobe.function("sys_rt_sigaction").return ? +probe nd_syscall.rt_sigaction.return = kprobe.function("SyS_rt_sigaction").return ?, + kprobe.function("sys_rt_sigaction").return ? { name = "rt_sigaction" retstr = returnstr(1) @@ -1221,7 +1290,8 @@ probe nd_syscall.rt_sigaction32.return = kprobe.function("sys32_rt_sigaction").r # # long sys_rt_sigpending(sigset_t __user *set, size_t sigsetsize) # -probe nd_syscall.rt_sigpending = kprobe.function("sys_rt_sigpending") ? +probe nd_syscall.rt_sigpending = kprobe.function("SyS_rt_sigpending") ?, + kprobe.function("sys_rt_sigpending") ? { name = "rt_sigpending" // set_uaddr = $set @@ -1232,7 +1302,8 @@ probe nd_syscall.rt_sigpending = kprobe.function("sys_rt_sigpending") ? sigsetsize = ulong_arg(2) argstr = sprintf("%p, %d", set_uaddr, sigsetsize) } -probe nd_syscall.rt_sigpending.return = kprobe.function("sys_rt_sigpending").return ? +probe nd_syscall.rt_sigpending.return = kprobe.function("SyS_rt_sigpending").return ?, + kprobe.function("sys_rt_sigpending").return ? { name = "rt_sigpending" retstr = returnstr(1) @@ -1245,6 +1316,7 @@ probe nd_syscall.rt_sigpending.return = kprobe.function("sys_rt_sigpending").ret # probe nd_syscall.rt_sigprocmask = kprobe.function("sys32_rt_sigprocmask") ?, kprobe.function("compat_sys_rt_sigprocmask") ?, + kprobe.function("SyS_rt_sigprocmask") ?, kprobe.function("sys_rt_sigprocmask") ? { name = "rt_sigprocmask" @@ -1265,6 +1337,7 @@ probe nd_syscall.rt_sigprocmask = kprobe.function("sys32_rt_sigprocmask") ?, } probe nd_syscall.rt_sigprocmask.return = kprobe.function("sys32_rt_sigprocmask").return ?, kprobe.function("compat_sys_rt_sigprocmask").return ?, + kprobe.function("SyS_rt_sigprocmask").return ?, kprobe.function("sys_rt_sigprocmask").return ? { name = "rt_sigprocmask" @@ -1275,7 +1348,8 @@ probe nd_syscall.rt_sigprocmask.return = kprobe.function("sys32_rt_sigprocmask") # # long sys_rt_sigqueueinfo(int pid, int sig, siginfo_t __user *uinfo) # -probe nd_syscall.rt_sigqueueinfo = kprobe.function("sys_rt_sigqueueinfo") +probe nd_syscall.rt_sigqueueinfo = kprobe.function("SyS_rt_sigqueueinfo") ?, + kprobe.function("sys_rt_sigqueueinfo") ? { name = "rt_sigqueueinfo" // pid = $pid @@ -1288,7 +1362,8 @@ probe nd_syscall.rt_sigqueueinfo = kprobe.function("sys_rt_sigqueueinfo") uinfo_uaddr = pointer_arg(3) argstr = sprintf("%d, %s, %p", pid, _signal_name(sig), uinfo_uaddr) } -probe nd_syscall.rt_sigqueueinfo.return = kprobe.function("sys_rt_sigqueueinfo").return +probe nd_syscall.rt_sigqueueinfo.return = kprobe.function("SyS_rt_sigqueueinfo").return ?, + kprobe.function("sys_rt_sigqueueinfo").return ? { name = "rt_sigqueueinfo" retstr = returnstr(1) @@ -1314,16 +1389,18 @@ probe nd_syscall.rt_sigreturn.return = kprobe.function("sys_rt_sigreturn").retur # # sys_rt_sigsuspend(struct pt_regs regs) # -probe nd_syscall.rt_sigsuspend = kprobe.function("sys_rt_sigsuspend") ?, - kprobe.function("compat_sys_rt_sigsuspend") ?, - kprobe.function("ia64_rt_sigsuspend") ? +probe nd_syscall.rt_sigsuspend = kprobe.function("compat_sys_rt_sigsuspend") ?, + kprobe.function("ia64_rt_sigsuspend") ?, + kprobe.function("SyS_rt_sigsuspend") ?, + kprobe.function("sys_rt_sigsuspend") ? { name = "rt_sigsuspend" argstr = "" } -probe nd_syscall.rt_sigsuspend.return = kprobe.function("sys_rt_sigsuspend").return ?, - kprobe.function("compat_sys_rt_sigsuspend").return ?, - kprobe.function("ia64_rt_sigsuspend").return ? +probe nd_syscall.rt_sigsuspend.return = kprobe.function("compat_sys_rt_sigsuspend").return ?, + kprobe.function("ia64_rt_sigsuspend").return ?, + kprobe.function("SyS_rt_sigsuspend").return ?, + kprobe.function("sys_rt_sigsuspend").return ? { name = "rt_sigsuspend" retstr = returnstr(1) @@ -1339,8 +1416,9 @@ probe nd_syscall.rt_sigsuspend.return = kprobe.function("sys_rt_sigsuspend").ret # struct compat_siginfo __user *uinfo, # struct compat_timespec __user *uts, compat_size_t sigsetsize) # -probe nd_syscall.rt_sigtimedwait = kprobe.function("sys_rt_sigtimedwait"), - kprobe.function("compat_sys_rt_sigtimedwait") ? +probe nd_syscall.rt_sigtimedwait = kprobe.function("compat_sys_rt_sigtimedwait") ?, + kprobe.function("SyS_rt_sigtimedwait") ?, + kprobe.function("sys_rt_sigtimedwait") ? { name = "rt_sigtimedwait" // uthese_uaddr = $uthese @@ -1358,8 +1436,9 @@ probe nd_syscall.rt_sigtimedwait = kprobe.function("sys_rt_sigtimedwait"), sigsetsize = u32_arg(4) argstr = sprintf("%p, %p, %p, %d", uthese_uaddr, uinfo_uaddr, uts_uaddr, sigsetsize) } -probe nd_syscall.rt_sigtimedwait.return = kprobe.function("sys_rt_sigtimedwait").return, - kprobe.function("compat_sys_rt_sigtimedwait").return ? +probe nd_syscall.rt_sigtimedwait.return = kprobe.function("compat_sys_rt_sigtimedwait").return ?, + kprobe.function("SyS_rt_sigtimedwait").return ?, + kprobe.function("sys_rt_sigtimedwait").return ? { name = "rt_sigtimedwait" retstr = returnstr(1) @@ -1372,7 +1451,8 @@ probe nd_syscall.rt_sigtimedwait.return = kprobe.function("sys_rt_sigtimedwait") # unsigned int len, # unsigned long __user *user_mask_ptr) # -probe nd_syscall.sched_getaffinity = kprobe.function("sys_sched_getaffinity") +probe nd_syscall.sched_getaffinity = kprobe.function("SyS_sched_getaffinity") ?, + kprobe.function("sys_sched_getaffinity") ? { name = "sched_getaffinity" // pid = $pid @@ -1384,7 +1464,8 @@ probe nd_syscall.sched_getaffinity = kprobe.function("sys_sched_getaffinity") mask_uaddr = pointer_arg(3) argstr = sprintf("%d, %p, %p", pid, len, mask_uaddr) } -probe nd_syscall.sched_getaffinity.return = kprobe.function("sys_sched_getaffinity").return +probe nd_syscall.sched_getaffinity.return = kprobe.function("SyS_sched_getaffinity").return ?, + kprobe.function("sys_sched_getaffinity").return ? { name = "sched_getaffinity" retstr = returnstr(1) @@ -1396,7 +1477,8 @@ probe nd_syscall.sched_getaffinity.return = kprobe.function("sys_sched_getaffini # sys_sched_getparam(pid_t pid, # struct sched_param __user *param) # -probe nd_syscall.sched_getparam = kprobe.function("sys_sched_getparam") +probe nd_syscall.sched_getparam = kprobe.function("SyS_sched_getparam") ?, + kprobe.function("sys_sched_getparam") ? { name = "sched_getparam" // pid = $pid @@ -1406,7 +1488,8 @@ probe nd_syscall.sched_getparam = kprobe.function("sys_sched_getparam") p_uaddr = pointer_arg(2) argstr = sprintf("%d, %p", pid, p_uaddr) } -probe nd_syscall.sched_getparam.return = kprobe.function("sys_sched_getparam").return +probe nd_syscall.sched_getparam.return = kprobe.function("SyS_sched_getparam").return ?, + kprobe.function("sys_sched_getparam").return ? { name = "sched_getparam" retstr = returnstr(1) @@ -1417,7 +1500,8 @@ probe nd_syscall.sched_getparam.return = kprobe.function("sys_sched_getparam").r # asmlinkage long # sys_sched_get_priority_max(int policy) # -probe nd_syscall.sched_get_priority_max = kprobe.function("sys_sched_get_priority_max") +probe nd_syscall.sched_get_priority_max = kprobe.function("SyS_sched_get_priority_max") ?, + kprobe.function("sys_sched_get_priority_max") ? { name = "sched_get_priority_max" // policy = $policy @@ -1425,7 +1509,8 @@ probe nd_syscall.sched_get_priority_max = kprobe.function("sys_sched_get_priorit policy = int_arg(1) argstr = sprint(policy) } -probe nd_syscall.sched_get_priority_max.return = kprobe.function("sys_sched_get_priority_max").return +probe nd_syscall.sched_get_priority_max.return = kprobe.function("SyS_sched_get_priority_max").return ?, + kprobe.function("sys_sched_get_priority_max").return ? { name = "sched_get_priority_max" retstr = returnstr(1) @@ -1436,7 +1521,8 @@ probe nd_syscall.sched_get_priority_max.return = kprobe.function("sys_sched_get_ # asmlinkage long # sys_sched_get_priority_min(int policy) # -probe nd_syscall.sched_get_priority_min = kprobe.function("sys_sched_get_priority_min") +probe nd_syscall.sched_get_priority_min = kprobe.function("SyS_sched_get_priority_min") ?, + kprobe.function("sys_sched_get_priority_min") ? { name = "sched_get_priority_min" // policy = $policy @@ -1444,7 +1530,8 @@ probe nd_syscall.sched_get_priority_min = kprobe.function("sys_sched_get_priorit policy = int_arg(1) argstr = sprint(policy) } -probe nd_syscall.sched_get_priority_min.return = kprobe.function("sys_sched_get_priority_min").return +probe nd_syscall.sched_get_priority_min.return = kprobe.function("SyS_sched_get_priority_min").return ?, + kprobe.function("sys_sched_get_priority_min").return ? { name = "sched_get_priority_min" retstr = returnstr(1) @@ -1454,7 +1541,8 @@ probe nd_syscall.sched_get_priority_min.return = kprobe.function("sys_sched_get_ # # long sys_sched_getscheduler(pid_t pid) # -probe nd_syscall.sched_getscheduler = kprobe.function("sys_sched_getscheduler") +probe nd_syscall.sched_getscheduler = kprobe.function("SyS_sched_getscheduler") ?, + kprobe.function("sys_sched_getscheduler") ? { name = "sched_getscheduler" // pid = $pid @@ -1463,7 +1551,8 @@ probe nd_syscall.sched_getscheduler = kprobe.function("sys_sched_getscheduler") pid = int_arg(1) argstr = sprint(pid) } -probe nd_syscall.sched_getscheduler.return = kprobe.function("sys_sched_getscheduler").return +probe nd_syscall.sched_getscheduler.return = kprobe.function("SyS_sched_getscheduler").return ?, + kprobe.function("sys_sched_getscheduler").return ? { name = "sched_getscheduler" retstr = returnstr(1) @@ -1473,7 +1562,8 @@ probe nd_syscall.sched_getscheduler.return = kprobe.function("sys_sched_getsched # # long sys_sched_rr_get_interval(pid_t pid, struct timespec __user *interval) # -probe nd_syscall.sched_rr_get_interval = kprobe.function("sys_sched_rr_get_interval") +probe nd_syscall.sched_rr_get_interval = kprobe.function("SyS_sched_rr_get_interval") ?, + kprobe.function("sys_sched_rr_get_interval") ? { name = "sched_rr_get_interval" // pid = $pid @@ -1484,7 +1574,8 @@ probe nd_syscall.sched_rr_get_interval = kprobe.function("sys_sched_rr_get_inter tp_uaddr = pointer_arg(2) argstr = sprintf("%d, %s", pid, _struct_timespec_u(tp_uaddr, 1)) } -probe nd_syscall.sched_rr_get_interval.return = kprobe.function("sys_sched_rr_get_interval").return +probe nd_syscall.sched_rr_get_interval.return = kprobe.function("SyS_sched_rr_get_interval").return ?, + kprobe.function("sys_sched_rr_get_interval").return ? { name = "sched_rr_get_interval" retstr = returnstr(1) @@ -1497,7 +1588,8 @@ probe nd_syscall.sched_rr_get_interval.return = kprobe.function("sys_sched_rr_ge # FIXME: why the problem with x86_64? # %( arch != "x86_64" %? -probe nd_syscall.sched_setaffinity = kprobe.function("sys_sched_setaffinity") +probe nd_syscall.sched_setaffinity = kprobe.function("SyS_sched_setaffinity") ?, + kprobe.function("sys_sched_setaffinity") ? { name = "sched_setaffinity" // pid = $pid @@ -1511,7 +1603,8 @@ probe nd_syscall.sched_setaffinity = kprobe.function("sys_sched_setaffinity") argstr = sprintf("%d, %d, %p", pid, len, mask_uaddr) } %: -probe nd_syscall.sched_setaffinity = kprobe.function("sys_sched_setaffinity") +probe nd_syscall.sched_setaffinity = kprobe.function("SyS_sched_setaffinity") ?, + kprobe.function("sys_sched_setaffinity") ? { name = "sched_setaffinity" // pid = $pid @@ -1525,7 +1618,8 @@ probe nd_syscall.sched_setaffinity = kprobe.function("sys_sched_setaffinity") argstr = sprintf("%d, , %p", pid, mask_uaddr) } %) -probe nd_syscall.sched_setaffinity.return = kprobe.function("sys_sched_setaffinity").return +probe nd_syscall.sched_setaffinity.return = kprobe.function("SyS_sched_setaffinity").return ?, + kprobe.function("sys_sched_setaffinity").return ? { name = "sched_setaffinity" retstr = returnstr(1) @@ -1535,7 +1629,8 @@ probe nd_syscall.sched_setaffinity.return = kprobe.function("sys_sched_setaffini # # long sys_sched_setparam(pid_t pid, struct sched_param __user *param) # -probe nd_syscall.sched_setparam = kprobe.function("sys_sched_setparam") ? +probe nd_syscall.sched_setparam = kprobe.function("SyS_sched_setparam") ?, + kprobe.function("sys_sched_setparam") ? { name = "sched_setparam" // pid = $pid @@ -1546,7 +1641,8 @@ probe nd_syscall.sched_setparam = kprobe.function("sys_sched_setparam") ? p_uaddr = pointer_arg(2) argstr = sprintf("%d, %p", pid, p_uaddr) } -probe nd_syscall.sched_setparam.return = kprobe.function("sys_sched_setparam").return ? +probe nd_syscall.sched_setparam.return = kprobe.function("SyS_sched_setparam").return ?, + kprobe.function("sys_sched_setparam").return ? { name = "sched_setparam" retstr = returnstr(1) @@ -1556,7 +1652,8 @@ probe nd_syscall.sched_setparam.return = kprobe.function("sys_sched_setparam").r # # long sys_sched_setscheduler(pid_t pid, int policy, struct sched_param __user *param) # -probe nd_syscall.sched_setscheduler = kprobe.function("sys_sched_setscheduler") ? +probe nd_syscall.sched_setscheduler = kprobe.function("SyS_sched_setscheduler") ?, + kprobe.function("sys_sched_setscheduler") ? { name = "sched_setscheduler" // pid = $pid @@ -1571,7 +1668,8 @@ probe nd_syscall.sched_setscheduler = kprobe.function("sys_sched_setscheduler") p_uaddr = pointer_arg(3) argstr = sprintf("%d, %s, %p", pid, policy_str, p_uaddr) } -probe nd_syscall.sched_setscheduler.return = kprobe.function("sys_sched_setscheduler").return ? +probe nd_syscall.sched_setscheduler.return = kprobe.function("SyS_sched_setscheduler").return ?, + kprobe.function("sys_sched_setscheduler").return ? { name = "sched_setscheduler" retstr = returnstr(1) @@ -1598,7 +1696,8 @@ probe nd_syscall.sched_yield.return = kprobe.function("sys_sched_yield").return # fd_set __user *exp, # struct timeval __user *tvp) # -probe nd_syscall.select = kprobe.function("sys_select") +probe nd_syscall.select = kprobe.function("SyS_select") ?, + kprobe.function("sys_select") ? { name = "select" // n = $n @@ -1617,7 +1716,8 @@ probe nd_syscall.select = kprobe.function("sys_select") argstr = sprintf("%d, %p, %p, %p, %s", n, readfds_uaddr, writefds_uaddr, exceptfds_uaddr, _struct_timeval_u(timeout_uaddr, 1)) } -probe nd_syscall.select.return = kprobe.function("sys_select").return +probe nd_syscall.select.return = kprobe.function("SyS_select").return ?, + kprobe.function("sys_select").return ? { name = "select" retstr = returnstr(1) @@ -1659,7 +1759,8 @@ probe nd_syscall.compat_select.return = kprobe.function("compat_sys_select").ret # int cmd, # union semun arg) # -probe nd_syscall.semctl = kprobe.function("sys_semctl") ? +probe nd_syscall.semctl = kprobe.function("SyS_semctl") ?, + kprobe.function("sys_semctl") ? { name = "semctl" // semid = $semid @@ -1676,7 +1777,8 @@ probe nd_syscall.semctl = kprobe.function("sys_semctl") ? cmd = int_arg(3) argstr = sprintf("%d, %d, %s", semid, semnum, _semctl_cmd(cmd)) // ** jk done } -probe nd_syscall.semctl.return = kprobe.function("sys_semctl").return ? +probe nd_syscall.semctl.return = kprobe.function("SyS_semctl").return ?, + kprobe.function("sys_semctl").return ? { name = "semctl" retstr = returnstr(1) @@ -1700,7 +1802,8 @@ probe nd_syscall.semctl.return = kprobe.function("sys_semctl").return ? # semget _____________________________________________________ # long sys_semget (key_t key, int nsems, int semflg) # -probe nd_syscall.semget = kprobe.function("sys_semget") ? +probe nd_syscall.semget = kprobe.function("SyS_semget") ?, + kprobe.function("sys_semget") ? { name = "semget" // key = $key @@ -1713,7 +1816,8 @@ probe nd_syscall.semget = kprobe.function("sys_semget") ? semflg = int_arg(3) argstr = sprintf("%d, %d, %s", key, nsems, __sem_flags(semflg)) } -probe nd_syscall.semget.return = kprobe.function("sys_semget").return ? +probe nd_syscall.semget.return = kprobe.function("SyS_semget").return ?, + kprobe.function("sys_semget").return ? { name = "semget" retstr = returnstr(1) @@ -1725,7 +1829,8 @@ probe nd_syscall.semget.return = kprobe.function("sys_semget").return ? # struct sembuf __user *tsops, # unsigned nsops) # -probe nd_syscall.semop = kprobe.function("sys_semtimedop") ? +probe nd_syscall.semop = kprobe.function("SyS_semtimedop") ?, + kprobe.function("sys_semtimedop") ? { name = "semop" // semid = $semid @@ -1738,7 +1843,8 @@ probe nd_syscall.semop = kprobe.function("sys_semtimedop") ? nsops = uint_arg(3) argstr = sprintf("%d, %p, %d", semid, tsops_uaddr, nsops) } -probe nd_syscall.semop.return = kprobe.function("sys_semtimedop").return ? +probe nd_syscall.semop.return = kprobe.function("SyS_semtimedop").return ?, + kprobe.function("sys_semtimedop").return ? { name = "semop" retstr = returnstr(1) @@ -1751,7 +1857,8 @@ probe nd_syscall.semop.return = kprobe.function("sys_semtimedop").return ? # unsigned nsops, # const struct timespec __user *timeout) # -probe nd_syscall.semtimedop = kprobe.function("sys_semtimedop") ? +probe nd_syscall.semtimedop = kprobe.function("SyS_semtimedop") ?, + kprobe.function("sys_semtimedop") ? { name = "semtimedop" // semid = $semid @@ -1768,7 +1875,8 @@ probe nd_syscall.semtimedop = kprobe.function("sys_semtimedop") ? argstr = sprintf("%d, %p, %d, %s", semid, sops_uaddr, nsops, _struct_timespec_u(timeout_uaddr, 1)) } -probe nd_syscall.semtimedop.return = kprobe.function("sys_semtimedop").return ? +probe nd_syscall.semtimedop.return = kprobe.function("SyS_semtimedop").return ?, + kprobe.function("sys_semtimedop").return ? { name = "semtimedop" retstr = returnstr(1) @@ -1809,7 +1917,8 @@ probe nd_syscall.compat_sys_semtimedop.return = kprobe.function("compat_sys_semt # size_t len, # unsigned flags) # -probe nd_syscall.send = kprobe.function("sys_send") ? +probe nd_syscall.send = kprobe.function("SyS_send") ?, + kprobe.function("sys_send") ? { name = "send" // s = $fd @@ -1826,7 +1935,8 @@ probe nd_syscall.send = kprobe.function("sys_send") ? flags_str = _sendflags_str(flags) argstr = sprintf("%d, %p, %d, %s", s, buf_uaddr, len, flags_str) } -probe nd_syscall.send.return = kprobe.function("sys_send").return ? +probe nd_syscall.send.return = kprobe.function("SyS_send").return ?, + kprobe.function("sys_send").return ? { name = "send" retstr = returnstr(1) @@ -1839,7 +1949,9 @@ probe nd_syscall.send.return = kprobe.function("sys_send").return ? # off_t __user *offset, # size_t count) # -probe nd_syscall.sendfile = kprobe.function("sys_sendfile") ?, +probe nd_syscall.sendfile = kprobe.function("SyS_sendfile") ?, + kprobe.function("sys_sendfile") ?, + kprobe.function("SyS_sendfile64") ?, kprobe.function("sys_sendfile64") ? { name = "sendfile" @@ -1857,7 +1969,9 @@ probe nd_syscall.sendfile = kprobe.function("sys_sendfile") ?, argstr = sprintf("%d, %d, %p, %d", out_fd, in_fd, offset_uaddr, count) } -probe nd_syscall.sendfile.return = kprobe.function("sys_sendfile").return ?, +probe nd_syscall.sendfile.return = kprobe.function("SyS_sendfile").return ?, + kprobe.function("sys_sendfile").return ?, + kprobe.function("SyS_sendfile64").return ?, kprobe.function("sys_sendfile64").return ? { name = "sendfile" @@ -1868,7 +1982,8 @@ probe nd_syscall.sendfile.return = kprobe.function("sys_sendfile").return ?, # # long sys_sendmsg(int fd, struct msghdr __user *msg, unsigned flags) # -probe nd_syscall.sendmsg = kprobe.function("sys_sendmsg") ? +probe nd_syscall.sendmsg = kprobe.function("SyS_sendmsg") ?, + kprobe.function("sys_sendmsg") ? { name = "sendmsg" // s = $fd @@ -1883,7 +1998,8 @@ probe nd_syscall.sendmsg = kprobe.function("sys_sendmsg") ? flags_str = _sendflags_str(flags) argstr = sprintf("%d, %p, %s", s, msg_uaddr, _sendflags_str(flags)) } -probe nd_syscall.sendmsg.return = kprobe.function("sys_sendmsg").return ? +probe nd_syscall.sendmsg.return = kprobe.function("SyS_sendmsg").return ?, + kprobe.function("sys_sendmsg").return ? { name = "sendmsg" retstr = returnstr(1) @@ -1921,7 +2037,8 @@ probe nd_syscall.compat_sys_sendmsg.return = kprobe.function("compat_sys_sendmsg # struct sockaddr __user *addr, # int addr_len) # -probe nd_syscall.sendto = kprobe.function("sys_sendto") ? +probe nd_syscall.sendto = kprobe.function("SyS_sendto") ?, + kprobe.function("sys_sendto") ? { name = "sendto" // s = $fd @@ -1944,7 +2061,8 @@ probe nd_syscall.sendto = kprobe.function("sys_sendto") ? argstr = sprintf("%d, %p, %d, %s, %s, %d", s, buf_uaddr, len, flags_str, _struct_sockaddr_u(to_uaddr, tolen), tolen) } -probe nd_syscall.sendto.return = kprobe.function("sys_sendto").return ? +probe nd_syscall.sendto.return = kprobe.function("SyS_sendto").return ?, + kprobe.function("sys_sendto").return ? { name = "sendto" retstr = returnstr(1) @@ -1956,7 +2074,8 @@ probe nd_syscall.sendto.return = kprobe.function("sys_sendto").return ? # sys_setdomainname(char __user *name, # int len) # -probe nd_syscall.setdomainname = kprobe.function("sys_setdomainname") +probe nd_syscall.setdomainname = kprobe.function("SyS_setdomainname") ?, + kprobe.function("sys_setdomainname") ? { name = "setdomainname" // hostname_uaddr = $name @@ -1967,7 +2086,8 @@ probe nd_syscall.setdomainname = kprobe.function("sys_setdomainname") len = int_arg(2) argstr = sprintf("%p, %d", hostname_uaddr, len) } -probe nd_syscall.setdomainname.return = kprobe.function("sys_setdomainname").return +probe nd_syscall.setdomainname.return = kprobe.function("SyS_setdomainname").return ?, + kprobe.function("sys_setdomainname").return ? { name = "setdomainname" retstr = returnstr(1) @@ -1977,8 +2097,9 @@ probe nd_syscall.setdomainname.return = kprobe.function("sys_setdomainname").ret # long sys_setfsgid(gid_t gid) # long sys_setfsgid16(old_gid_t gid) # -probe nd_syscall.setfsgid = kprobe.function("sys_setfsgid") ?, - kprobe.function("sys_setfsgid16") ? +probe nd_syscall.setfsgid = kprobe.function("sys_setfsgid16") ?, + kprobe.function("SyS_setfsgid") ?, + kprobe.function("sys_setfsgid") ? { name = "setfsgid" // fsgid = $gid @@ -1987,8 +2108,9 @@ probe nd_syscall.setfsgid = kprobe.function("sys_setfsgid") ?, fsgid = uint_arg(1) argstr = sprint(fsgid) } -probe nd_syscall.setfsgid.return = kprobe.function("sys_setfsgid").return ?, - kprobe.function("sys_setfsgid16").return ? +probe nd_syscall.setfsgid.return = kprobe.function("sys_setfsgid16").return ?, + kprobe.function("SyS_setfsgid").return ?, + kprobe.function("sys_setfsgid").return ? { name = "setfsgid" retstr = returnstr(1) @@ -1998,8 +2120,9 @@ probe nd_syscall.setfsgid.return = kprobe.function("sys_setfsgid").return ?, # long sys_setfsuid(uid_t uid) # long sys_setfsuid16(old_uid_t uid) # -probe nd_syscall.setfsuid = kprobe.function("sys_setfsuid") ?, - kprobe.function("sys_setfsuid16") ? +probe nd_syscall.setfsuid = kprobe.function("sys_setfsuid16") ?, + kprobe.function("SyS_setfsuid") ?, + kprobe.function("sys_setfsuid") ? { name = "setfsuid" // fsuid = $uid @@ -2008,8 +2131,9 @@ probe nd_syscall.setfsuid = kprobe.function("sys_setfsuid") ?, fsuid = uint_arg(1) argstr = sprint(fsuid) } -probe nd_syscall.setfsuid.return = kprobe.function("sys_setfsuid").return ?, - kprobe.function("sys_setfsuid16").return ? +probe nd_syscall.setfsuid.return = kprobe.function("sys_setfsuid16").return ?, + kprobe.function("SyS_setfsuid").return ?, + kprobe.function("sys_setfsuid").return ? { name = "setfsuid" retstr = returnstr(1) @@ -2020,8 +2144,9 @@ probe nd_syscall.setfsuid.return = kprobe.function("sys_setfsuid").return ?, # long sys_setgid(gid_t gid) # long sys_setgid16(old_gid_t gid) # -probe nd_syscall.setgid = kprobe.function("sys_setgid") ?, - kprobe.function("sys_setgid16") ? +probe nd_syscall.setgid = kprobe.function("sys_setgid16") ?, + kprobe.function("SyS_setgid") ?, + kprobe.function("sys_setgid") ? { name = "setgid" // gid = $gid @@ -2030,8 +2155,9 @@ probe nd_syscall.setgid = kprobe.function("sys_setgid") ?, gid = uint_arg(1) argstr = sprint(gid) } -probe nd_syscall.setgid.return = kprobe.function("sys_setgid").return ?, - kprobe.function("sys_setgid16").return ? +probe nd_syscall.setgid.return = kprobe.function("sys_setgid16").return ?, + kprobe.function("SyS_setgid").return ?, + kprobe.function("sys_setgid").return ? { name = "setgid" retstr = returnstr(1) @@ -2043,9 +2169,10 @@ probe nd_syscall.setgid.return = kprobe.function("sys_setgid").return ?, # long sys_setgroups16(int gidsetsize, old_gid_t __user *grouplist) # long sys32_setgroups16(int gidsetsize, u16 __user *grouplist) # -probe nd_syscall.setgroups = kprobe.function("sys_setgroups") ?, - kprobe.function("sys_setgroups16") ?, - kprobe.function("sys32_setgroups16") ? +probe nd_syscall.setgroups = kprobe.function("sys_setgroups16") ?, + kprobe.function("sys32_setgroups16") ?, + kprobe.function("SyS_setgroups") ?, + kprobe.function("sys_setgroups") ? { name = "setgroups" // size = $gidsetsize @@ -2056,9 +2183,10 @@ probe nd_syscall.setgroups = kprobe.function("sys_setgroups") ?, list_uaddr = pointer_arg(2) argstr = sprintf("%d, %p", size, list_uaddr) } -probe nd_syscall.setgroups.return = kprobe.function("sys_setgroups").return ?, - kprobe.function("sys_setgroups16").return ?, - kprobe.function("sys32_setgroups16").return ? +probe nd_syscall.setgroups.return = kprobe.function("sys_setgroups16").return ?, + kprobe.function("sys32_setgroups16").return ?, + kprobe.function("SyS_setgroups").return ?, + kprobe.function("sys_setgroups").return ? { name = "setgroups" retstr = returnstr(1) @@ -2070,7 +2198,8 @@ probe nd_syscall.setgroups.return = kprobe.function("sys_setgroups").return ?, # sys_sethostname(char __user *name, # int len) # -probe nd_syscall.sethostname = kprobe.function("sys_sethostname") +probe nd_syscall.sethostname = kprobe.function("SyS_sethostname") ?, + kprobe.function("sys_sethostname") ? { name = "sethostname" // hostname_uaddr = $name @@ -2083,7 +2212,8 @@ probe nd_syscall.sethostname = kprobe.function("sys_sethostname") len = int_arg(2) argstr = sprintf("%s, %d", user_string_quoted(hostname_uaddr), len) } -probe nd_syscall.sethostname.return = kprobe.function("sys_sethostname").return +probe nd_syscall.sethostname.return = kprobe.function("SyS_sethostname").return ?, + kprobe.function("sys_sethostname").return ? { name = "sethostname" retstr = returnstr(1) @@ -2095,7 +2225,8 @@ probe nd_syscall.sethostname.return = kprobe.function("sys_sethostname").return # struct itimerval __user *value, # struct itimerval __user *ovalue) # -probe nd_syscall.setitimer = kprobe.function("sys_setitimer") +probe nd_syscall.setitimer = kprobe.function("SyS_setitimer") ?, + kprobe.function("sys_setitimer") ? { name = "setitimer" // which = $which @@ -2110,7 +2241,8 @@ probe nd_syscall.setitimer = kprobe.function("sys_setitimer") argstr = sprintf("%s, %s, %p", _itimer_which_str(which), _struct_itimerval_u(value_uaddr), ovalue_uaddr) } -probe nd_syscall.setitimer.return = kprobe.function("sys_setitimer").return +probe nd_syscall.setitimer.return = kprobe.function("SyS_setitimer").return ?, + kprobe.function("sys_setitimer").return ? { name = "setitimer" retstr = returnstr(1) @@ -2146,8 +2278,9 @@ probe nd_syscall.compat_setitimer.return = kprobe.function("compat_sys_setitimer # unsigned long __user *nmask, # unsigned long maxnode) # -probe nd_syscall.set_mempolicy = kprobe.function("sys_set_mempolicy") ?, - kprobe.function("compat_sys_set_mempolicy") ? +probe nd_syscall.set_mempolicy = kprobe.function("compat_sys_set_mempolicy") ?, + kprobe.function("SyS_set_mempolicy") ?, + kprobe.function("sys_set_mempolicy") ? { name = "set_mempolicy" // mode = $mode @@ -2160,8 +2293,9 @@ probe nd_syscall.set_mempolicy = kprobe.function("sys_set_mempolicy") ?, maxnode = ulong_arg(3) argstr = sprintf("%d, %p, %d", mode, nmask_uaddr, maxnode) } -probe nd_syscall.set_mempolicy.return = kprobe.function("sys_set_mempolicy").return ?, - kprobe.function("compat_sys_set_mempolicy").return ? +probe nd_syscall.set_mempolicy.return = kprobe.function("compat_sys_set_mempolicy").return ?, + kprobe.function("SyS_set_mempolicy").return ?, + kprobe.function("sys_set_mempolicy").return ? { name = "set_mempolicy" retstr = returnstr(1) @@ -2173,7 +2307,8 @@ probe nd_syscall.set_mempolicy.return = kprobe.function("sys_set_mempolicy").ret # sys_setpgid(pid_t pid, # pid_t pgid) # -probe nd_syscall.setpgid = kprobe.function("sys_setpgid") +probe nd_syscall.setpgid = kprobe.function("SyS_setpgid") ?, + kprobe.function("sys_setpgid") ? { name = "setpgid" // pid = $pid @@ -2184,7 +2319,8 @@ probe nd_syscall.setpgid = kprobe.function("sys_setpgid") pgid = int_arg(2) argstr = sprintf("%d, %d", pid, pgid) } -probe nd_syscall.setpgid.return = kprobe.function("sys_setpgid").return +probe nd_syscall.setpgid.return = kprobe.function("SyS_setpgid").return ?, + kprobe.function("sys_setpgid").return ? { name = "setpgid" retstr = returnstr(1) @@ -2197,7 +2333,8 @@ probe nd_syscall.setpgid.return = kprobe.function("sys_setpgid").return # int who, # int niceval) # -probe nd_syscall.setpriority = kprobe.function("sys_setpriority") +probe nd_syscall.setpriority = kprobe.function("SyS_setpriority") ?, + kprobe.function("sys_setpriority") ? { name = "setpriority" // which = $which @@ -2212,7 +2349,8 @@ probe nd_syscall.setpriority = kprobe.function("sys_setpriority") prio = int_arg(3) argstr = sprintf("%s, %d, %d", which_str, who, prio) } -probe nd_syscall.setpriority.return = kprobe.function("sys_setpriority").return +probe nd_syscall.setpriority.return = kprobe.function("SyS_setpriority").return ?, + kprobe.function("sys_setpriority").return ? { name = "setpriority" retstr = returnstr(1) @@ -2221,7 +2359,8 @@ probe nd_syscall.setpriority.return = kprobe.function("sys_setpriority").return # setregid ___________________________________________________ # long sys_setregid(gid_t rgid, gid_t egid) # -probe nd_syscall.setregid = kprobe.function("sys_setregid") +probe nd_syscall.setregid = kprobe.function("SyS_setregid") ?, + kprobe.function("sys_setregid") ? { name = "setregid" // rgid = __int32($rgid) @@ -2231,7 +2370,8 @@ probe nd_syscall.setregid = kprobe.function("sys_setregid") egid = __int32(uint_arg(2)) argstr = sprintf("%d, %d", rgid, egid) } -probe nd_syscall.setregid.return = kprobe.function("sys_setregid").return +probe nd_syscall.setregid.return = kprobe.function("SyS_setregid").return ?, + kprobe.function("sys_setregid").return ? { name = "setregid" retstr = returnstr(1) @@ -2259,7 +2399,8 @@ probe nd_syscall.setregid16.return = kprobe.function("sys_setregid16").return ? # setresgid __________________________________________________ # long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid) # -probe nd_syscall.setresgid = kprobe.function("sys_setresgid") +probe nd_syscall.setresgid = kprobe.function("SyS_setresgid") ?, + kprobe.function("sys_setresgid") ? { name = "setresgid" // rgid = __int32($rgid) @@ -2271,7 +2412,8 @@ probe nd_syscall.setresgid = kprobe.function("sys_setresgid") sgid = __int32(uint_arg(3)) argstr = sprintf("%d, %d, %d", rgid, egid, sgid) } -probe nd_syscall.setresgid.return = kprobe.function("sys_setresgid").return +probe nd_syscall.setresgid.return = kprobe.function("SyS_setresgid").return ?, + kprobe.function("sys_setresgid").return ? { name = "setresgid" retstr = returnstr(1) @@ -2305,7 +2447,8 @@ probe nd_syscall.setresgid16.return = kprobe.function("sys_setresgid16").return # # long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid) # -probe nd_syscall.setresuid = kprobe.function("sys_setresuid") +probe nd_syscall.setresuid = kprobe.function("SyS_setresuid") ?, + kprobe.function("sys_setresuid") ? { name = "setresuid" // ruid = __int32($ruid) @@ -2317,7 +2460,8 @@ probe nd_syscall.setresuid = kprobe.function("sys_setresuid") suid = __int32(uint_arg(3)) argstr = sprintf("%d, %d, %d", ruid, euid, suid) } -probe nd_syscall.setresuid.return = kprobe.function("sys_setresuid").return +probe nd_syscall.setresuid.return = kprobe.function("SyS_setresuid").return ?, + kprobe.function("sys_setresuid").return ? { name = "setresuid" retstr = returnstr(1) @@ -2348,7 +2492,8 @@ probe nd_syscall.setresuid16.return = kprobe.function("sys_setresuid16").return # setreuid ___________________________________________________ # long sys_setreuid(uid_t ruid, uid_t euid) # -probe nd_syscall.setreuid = kprobe.function("sys_setreuid") +probe nd_syscall.setreuid = kprobe.function("SyS_setreuid") ?, + kprobe.function("sys_setreuid") ? { name = "setreuid" // ruid = __int32($ruid) @@ -2358,7 +2503,8 @@ probe nd_syscall.setreuid = kprobe.function("sys_setreuid") euid = __int32(uint_arg(2)) argstr = sprintf("%d, %d", ruid, euid) } -probe nd_syscall.setreuid.return = kprobe.function("sys_setreuid").return +probe nd_syscall.setreuid.return = kprobe.function("SyS_setreuid").return ?, + kprobe.function("sys_setreuid").return ? { name = "setreuid" retstr = returnstr(1) @@ -2389,7 +2535,8 @@ probe nd_syscall.setreuid16.return = kprobe.function("sys_setreuid16").return ? # sys_setrlimit(unsigned int resource, # struct rlimit __user *rlim) # -probe nd_syscall.setrlimit = kprobe.function("sys_setrlimit") +probe nd_syscall.setrlimit = kprobe.function("SyS_setrlimit") ?, + kprobe.function("sys_setrlimit") ? { name = "setrlimit" // resource = $resource @@ -2402,7 +2549,8 @@ probe nd_syscall.setrlimit = kprobe.function("sys_setrlimit") argstr = sprintf("%s, %s", _rlimit_resource_str(resource), _struct_rlimit_u(rlim_uaddr)) } -probe nd_syscall.setrlimit.return = kprobe.function("sys_setrlimit").return +probe nd_syscall.setrlimit.return = kprobe.function("SyS_setrlimit").return ?, + kprobe.function("sys_setrlimit").return ? { name = "setrlimit" retstr = returnstr(1) @@ -2431,8 +2579,9 @@ probe nd_syscall.setsid.return = kprobe.function("sys_setsid").return # char __user *optval, # int optlen) # -probe nd_syscall.setsockopt = kprobe.function("sys_setsockopt") ?, - kprobe.function("compat_sys_setsockopt") ? +probe nd_syscall.setsockopt = kprobe.function("compat_sys_setsockopt") ?, + kprobe.function("SyS_setsockopt") ?, + kprobe.function("sys_setsockopt") ? { name = "setsockopt" // fd = $fd @@ -2455,8 +2604,9 @@ probe nd_syscall.setsockopt = kprobe.function("sys_setsockopt") ?, argstr = sprintf("%d, %s, %s, %p, %d", fd, level_str, optname_str, optval_uaddr, optlen) } -probe nd_syscall.setsockopt.return = kprobe.function("sys_setsockopt").return ?, - kprobe.function("compat_sys_setsockopt").return ? +probe nd_syscall.setsockopt.return = kprobe.function("compat_sys_setsockopt").return ?, + kprobe.function("SyS_setsockopt").return ?, + kprobe.function("sys_setsockopt").return ? { name = "setsockopt" retstr = returnstr(1) @@ -2467,7 +2617,8 @@ probe nd_syscall.setsockopt.return = kprobe.function("sys_setsockopt").return ?, # asmlinkage long # sys_set_tid_address(int __user *tidptr) # -probe nd_syscall.set_tid_address = kprobe.function("sys_set_tid_address") +probe nd_syscall.set_tid_address = kprobe.function("SyS_set_tid_address") ?, + kprobe.function("sys_set_tid_address") ? { name = "set_tid_address" // tidptr_uaddr = $tidptr @@ -2475,7 +2626,8 @@ probe nd_syscall.set_tid_address = kprobe.function("sys_set_tid_address") tidptr_uaddr = pointer_arg(1) argstr = sprintf("%p", tidptr_uaddr) } -probe nd_syscall.set_tid_address.return = kprobe.function("sys_set_tid_address").return +probe nd_syscall.set_tid_address.return = kprobe.function("SyS_set_tid_address").return ?, + kprobe.function("sys_set_tid_address").return ? { name = "set_tid_address" retstr = returnstr(1) @@ -2486,7 +2638,8 @@ probe nd_syscall.set_tid_address.return = kprobe.function("sys_set_tid_address") # long sys_settimeofday(struct timeval __user *tv, # struct timezone __user *tz) # -probe nd_syscall.settimeofday = kprobe.function("sys_settimeofday") +probe nd_syscall.settimeofday = kprobe.function("SyS_settimeofday") ?, + kprobe.function("sys_settimeofday") ? { name = "settimeofday" // ttv_uaddr = $tv @@ -2497,7 +2650,8 @@ probe nd_syscall.settimeofday = kprobe.function("sys_settimeofday") tz_uaddr = pointer_arg(2) argstr = sprintf("%s, %s", _struct_timeval_u(tv_uaddr, 1), _struct_timezone_u(tz_uaddr)) } -probe nd_syscall.settimeofday.return = kprobe.function("sys_settimeofday").return +probe nd_syscall.settimeofday.return = kprobe.function("SyS_settimeofday").return ?, + kprobe.function("sys_settimeofday").return ? { name = "settimeofday" retstr = returnstr(1) @@ -2531,7 +2685,8 @@ probe nd_syscall.settimeofday32.return = kprobe.function("sys32_settimeofday").r # long sys_setuid16(old_uid_t uid) # probe nd_syscall.setuid = kprobe.function("sys_setuid16") ?, - kprobe.function("sys_setuid") + kprobe.function("SyS_setuid") ?, + kprobe.function("sys_setuid") ? { name = "setuid" // uid = $uid @@ -2541,7 +2696,8 @@ probe nd_syscall.setuid = kprobe.function("sys_setuid16") ?, argstr = sprint(uid) } probe nd_syscall.setuid.return = kprobe.function("sys_setuid16").return ?, - kprobe.function("sys_setuid").return + kprobe.function("SyS_setuid").return ?, + kprobe.function("sys_setuid").return ? { name = "setuid" retstr = returnstr(1) @@ -2554,7 +2710,8 @@ probe nd_syscall.setuid.return = kprobe.function("sys_setuid16").return ?, # size_t size, # int flags) # -probe nd_syscall.setxattr = kprobe.function("sys_setxattr") +probe nd_syscall.setxattr = kprobe.function("SyS_setxattr") ?, + kprobe.function("sys_setxattr") ? { name = "setxattr" // path_uaddr = $path @@ -2581,7 +2738,8 @@ probe nd_syscall.setxattr = kprobe.function("sys_setxattr") user_string_quoted(name_uaddr), value_uaddr, size, flags) } -probe nd_syscall.setxattr.return = kprobe.function("sys_setxattr").return +probe nd_syscall.setxattr.return = kprobe.function("SyS_setxattr").return ?, + kprobe.function("sys_setxattr").return ? { name = "setxattr" retstr = returnstr(1) @@ -2591,7 +2749,7 @@ probe nd_syscall.setxattr.return = kprobe.function("sys_setxattr").return # # sys_sgetmask(void) # -probe nd_syscall.sgetmask = kprobe.function("sys_sgetmask")? +probe nd_syscall.sgetmask = kprobe.function("sys_sgetmask") ? { name = "sgetmask" argstr = "" @@ -2606,7 +2764,8 @@ probe nd_syscall.sgetmask.return = kprobe.function("sys_sgetmask").return ? # # long sys_shmat(int shmid, char __user *shmaddr, int shmflg) # -probe nd_syscall.shmat = kprobe.function("sys_shmat") ? +probe nd_syscall.shmat = kprobe.function("SyS_shmat") ?, + kprobe.function("sys_shmat") ? { name = "shmat" // shmid = $shmid @@ -2619,7 +2778,8 @@ probe nd_syscall.shmat = kprobe.function("sys_shmat") ? shmflg = int_arg(3) argstr = sprintf("%d, %p, %s", shmid, shmaddr_uaddr, _shmat_flags_str(shmflg)) } -probe nd_syscall.shmat.return = kprobe.function("sys_shmat").return ? +probe nd_syscall.shmat.return = kprobe.function("SyS_shmat").return ?, + kprobe.function("sys_shmat").return ? { name = "shmat" retstr = returnstr(1) @@ -2645,7 +2805,7 @@ probe nd_syscall.compat_sys_shmat = kprobe.function("compat_sys_shmat") ? uptr_uaddr = pointer_arg(5) argstr = sprintf("%d, %d, %d, %d, %p", first, second, third, int_arg(4), uptr_uaddr) } -probe nd_syscall.compat_sys_shmat.return = kprobe.function("compat_sys_shmat").return ? +probe nd_syscall.compat_sys_shmat.return = kprobe.function("compat_sys_shmat").return ? { name = "compat_sys_shmat" retstr = returnstr(1) @@ -2657,7 +2817,8 @@ probe nd_syscall.compat_sys_shmat.return = kprobe.function("compat_sys_shmat").r # int cmd, # struct shmid_ds __user *buf) # -probe nd_syscall.shmctl = kprobe.function("sys_shmctl") ? +probe nd_syscall.shmctl = kprobe.function("SyS_shmctl") ?, + kprobe.function("sys_shmctl") ? { name = "shmctl" // shmid = $shmid @@ -2670,7 +2831,8 @@ probe nd_syscall.shmctl = kprobe.function("sys_shmctl") ? buf_uaddr = pointer_arg(3) argstr = sprintf("%d, %s, %p", shmid, _semctl_cmd(cmd), buf_uaddr) } -probe nd_syscall.shmctl.return = kprobe.function("sys_shmctl").return ? +probe nd_syscall.shmctl.return = kprobe.function("SyS_shmctl").return ?, + kprobe.function("sys_shmctl").return ? { name = "shmctl" retstr = returnstr(1) @@ -2703,7 +2865,8 @@ probe nd_syscall.compat_sys_shmctl.return = kprobe.function("compat_sys_shmctl") # # long sys_shmdt(char __user *shmaddr) # -probe nd_syscall.shmdt = kprobe.function("sys_shmdt") ? +probe nd_syscall.shmdt = kprobe.function("SyS_shmdt") ?, + kprobe.function("sys_shmdt") ? { name = "shmdt" // shmaddr_uaddr = $shmaddr @@ -2712,7 +2875,8 @@ probe nd_syscall.shmdt = kprobe.function("sys_shmdt") ? shmaddr_uaddr = pointer_arg(1) argstr = sprintf("%p", shmaddr_uaddr) } -probe nd_syscall.shmdt.return = kprobe.function("sys_shmdt").return ? +probe nd_syscall.shmdt.return = kprobe.function("SyS_shmdt").return ?, + kprobe.function("sys_shmdt").return ? { name = "shmdt" retstr = returnstr(1) @@ -2724,7 +2888,8 @@ probe nd_syscall.shmdt.return = kprobe.function("sys_shmdt").return ? # size_t size, # int shmflg) # -probe nd_syscall.shmget = kprobe.function("sys_shmget") ? +probe nd_syscall.shmget = kprobe.function("SyS_shmget") ?, + kprobe.function("sys_shmget") ? { name = "shmget" // key = $key @@ -2737,7 +2902,8 @@ probe nd_syscall.shmget = kprobe.function("sys_shmget") ? shmflg = int_arg(3) argstr = sprintf("%d, %d, %d", key, size, shmflg) } -probe nd_syscall.shmget.return = kprobe.function("sys_shmget").return ? +probe nd_syscall.shmget.return = kprobe.function("SyS_shmget").return ?, + kprobe.function("sys_shmget").return ? { name = "shmget" retstr = returnstr(1) @@ -2747,7 +2913,8 @@ probe nd_syscall.shmget.return = kprobe.function("sys_shmget").return ? # # long sys_shutdown(int fd, int how) # -probe nd_syscall.shutdown = kprobe.function("sys_shutdown") ? +probe nd_syscall.shutdown = kprobe.function("SyS_shutdown") ?, + kprobe.function("sys_shutdown") ? { name = "shutdown" // s = $fd @@ -2760,7 +2927,8 @@ probe nd_syscall.shutdown = kprobe.function("sys_shutdown") ? how_str = _shutdown_how_str(how) argstr = sprintf("%d, %s", s, how_str) } -probe nd_syscall.shutdown.return = kprobe.function("sys_shutdown").return ? +probe nd_syscall.shutdown.return = kprobe.function("SyS_shutdown").return ?, + kprobe.function("sys_shutdown").return ? { name = "shutdown" retstr = returnstr(1) @@ -2810,7 +2978,8 @@ probe nd_syscall.sigaction32.return = kprobe.function("sys32_sigaction").return # signal _____________________________________________________ # unsigned long sys_signal(int sig, __sighandler_t handler) # -probe nd_syscall.signal = kprobe.function("sys_signal") ? +probe nd_syscall.signal = kprobe.function("SyS_signal") ?, + kprobe.function("sys_signal") ? { name = "signal" // sig = $sig @@ -2821,7 +2990,8 @@ probe nd_syscall.signal = kprobe.function("sys_signal") ? handler = pointer_arg(2) argstr = sprintf("%s, %s", _signal_name(sig), _sighandler_str(handler)) } -probe nd_syscall.signal.return = kprobe.function("sys_signal").return ? +probe nd_syscall.signal.return = kprobe.function("SyS_signal").return ?, + kprobe.function("sys_signal").return ? { name = "signal" retstr = returnstr(1) @@ -2833,14 +3003,16 @@ probe nd_syscall.signal.return = kprobe.function("sys_signal").return ? # long compat_sys_signalfd(int ufd, const compat_sigset_t __user *sigmask, # compat_size_t sigsetsize) # -probe nd_syscall.signalfd = kprobe.function("sys_signalfd") ? +probe nd_syscall.signalfd = kprobe.function("SyS_signalfd") ?, + kprobe.function("sys_signalfd") ? { name = "signalfd" // argstr = sprintf("%d, %p, %d", $ufd, $user_mask, $sizemask) asmlinkage() argstr = sprintf("%d, %p, %d", int_arg(1), pointer_arg(2), ulong_arg(3)) } -probe nd_syscall.signalfd.return = kprobe.function("sys_signalfd").return ? +probe nd_syscall.signalfd.return = kprobe.function("SyS_signalfd").return ?, + kprobe.function("sys_signalfd").return ? { name = "signalfd" retstr = returnstr(1) @@ -2861,14 +3033,16 @@ probe nd_syscall.compat_signalfd.return = kprobe.function("compat_sys_signalfd") # sigpending _________________________________________________ # long sys_sigpending(old_sigset_t __user *set) # -probe nd_syscall.sigpending = kprobe.function("sys_sigpending") ? +probe nd_syscall.sigpending = kprobe.function("SyS_sigpending") ?, + kprobe.function("sys_sigpending") ? { name = "sigpending" // argstr = sprintf("%p", $set) asmlinkage() argstr = sprintf("%p", pointer_arg(1)) } -probe nd_syscall.sigpending.return = kprobe.function("sys_sigpending").return ? +probe nd_syscall.sigpending.return = kprobe.function("SyS_sigpending").return ?, + kprobe.function("sys_sigpending").return ? { name = "sigpending" retstr = returnstr(1) @@ -2877,7 +3051,8 @@ probe nd_syscall.sigpending.return = kprobe.function("sys_sigpending").return ? # sigprocmask ________________________________________________ # long sys_sigprocmask(int how, old_sigset_t __user *set, old_sigset_t __user *oset) # -probe nd_syscall.sigprocmask = kprobe.function("sys_sigprocmask") ? +probe nd_syscall.sigprocmask = kprobe.function("SyS_sigprocmask") ?, + kprobe.function("sys_sigprocmask") ? { name = "sigprocmask" // how = $how @@ -2892,7 +3067,8 @@ probe nd_syscall.sigprocmask = kprobe.function("sys_sigprocmask") ? oldset_uaddr = pointer_arg(3) argstr = sprintf("%s, %p, %p", how_str, set_uaddr, oldset_uaddr) } -probe nd_syscall.sigprocmask.return = kprobe.function("sys_sigprocmask").return ? +probe nd_syscall.sigprocmask.return = kprobe.function("SyS_sigprocmask").return ?, + kprobe.function("sys_sigprocmask").return ? { name = "sigprocmask" retstr = returnstr(1) @@ -2932,7 +3108,8 @@ probe nd_syscall.sigsuspend.return = kprobe.function("sys_sigsuspend").return ?, # socket _____________________________________________________ # long sys_socket(int family, int type, int protocol) # -probe nd_syscall.socket = kprobe.function("sys_socket") ? +probe nd_syscall.socket = kprobe.function("SyS_socket") ?, + kprobe.function("sys_socket") ? { name = "socket" // family = $family @@ -2949,7 +3126,8 @@ probe nd_syscall.socket = kprobe.function("sys_socket") ? _sock_type_str(type), protocol) } -probe nd_syscall.socket.return = kprobe.function("sys_socket").return ? +probe nd_syscall.socket.return = kprobe.function("SyS_socket").return ?, + kprobe.function("sys_socket").return ? { name = "socket" retstr = returnstr(1) @@ -2979,7 +3157,8 @@ probe nd_syscall.socket.return = kprobe.function("sys_socket").return ? # int protocol, # int __user *usockvec) # -probe nd_syscall.socketpair = kprobe.function("sys_socketpair") ? +probe nd_syscall.socketpair = kprobe.function("SyS_socketpair") ?, + kprobe.function("sys_socketpair") ? { name = "socketpair" // family = $family @@ -3000,7 +3179,8 @@ probe nd_syscall.socketpair = kprobe.function("sys_socketpair") ? _sock_type_str(type), protocol, sv_uaddr) } -probe nd_syscall.socketpair.return = kprobe.function("sys_socketpair").return ? +probe nd_syscall.socketpair.return = kprobe.function("SyS_socketpair").return ?, + kprobe.function("sys_socketpair").return ? { name = "socketpair" retstr = returnstr(1) @@ -3012,7 +3192,8 @@ probe nd_syscall.socketpair.return = kprobe.function("sys_socketpair").return ? # int fd_out, loff_t __user *off_out, # size_t len, unsigned int flags) # -probe nd_syscall.splice = kprobe.function("sys_splice") ? +probe nd_syscall.splice = kprobe.function("SyS_splice") ?, + kprobe.function("sys_splice") ? { name = "splice" // argstr = sprintf("%d, %p, %d, %p, %d, 0x%x", @@ -3021,7 +3202,8 @@ probe nd_syscall.splice = kprobe.function("sys_splice") ? argstr = sprintf("%d, %p, %d, %p, %d, 0x%x", int_arg(1), pointer_arg(2), int_arg(3), pointer_arg(4), ulong_arg(5), uint_arg(6)) } -probe nd_syscall.splice.return = kprobe.function("sys_splice").return ? +probe nd_syscall.splice.return = kprobe.function("SyS_splice").return ?, + kprobe.function("sys_splice").return ? { name = "splice" retstr = returnstr(1) @@ -3031,7 +3213,8 @@ probe nd_syscall.splice.return = kprobe.function("sys_splice").return ? # # long sys_ssetmask(int newmask) # -probe nd_syscall.ssetmask = kprobe.function("sys_ssetmask") ? +probe nd_syscall.ssetmask = kprobe.function("SyS_ssetmask") ?, + kprobe.function("sys_ssetmask") ? { name = "ssetmask" // newmask = $newmask @@ -3040,7 +3223,8 @@ probe nd_syscall.ssetmask = kprobe.function("sys_ssetmask") ? newmask = int_arg(1) argstr = sprint(newmask) } -probe nd_syscall.ssetmask.return = kprobe.function("sys_ssetmask").return ? +probe nd_syscall.ssetmask.return = kprobe.function("SyS_ssetmask").return ?, + kprobe.function("sys_ssetmask").return ? { name = "ssetmask" retstr = returnstr(1) @@ -3053,8 +3237,10 @@ probe nd_syscall.ssetmask.return = kprobe.function("sys_ssetmask").return ? # long sys_oabi_stat64(char __user * filename, struct oldabi_stat64 __user * statbuf) # long compat_sys_newstat(char __user * filename, struct compat_stat __user *statbuf) probe nd_syscall.stat = kprobe.function("sys_stat") ?, + kprobe.function("SyS_newstat") ?, kprobe.function("sys_newstat") ?, kprobe.function("sys32_stat64") ?, + kprobe.function("SyS_stat64") ?, kprobe.function("sys_stat64") ?, kprobe.function("sys_oabi_stat64") ?, kprobe.function("compat_sys_newstat") ? @@ -3071,8 +3257,10 @@ probe nd_syscall.stat = kprobe.function("sys_stat") ?, argstr = sprintf("%s, %p", user_string_quoted(filename_uaddr), buf_uaddr) } probe nd_syscall.stat.return = kprobe.function("sys_stat").return ?, + kprobe.function("SyS_newstat").return ?, kprobe.function("sys_newstat").return ?, kprobe.function("sys32_stat64").return ?, + kprobe.function("SyS_stat64").return ?, kprobe.function("sys_stat64").return ?, kprobe.function("sys_oabi_stat64").return ?, kprobe.function("compat_sys_newstat").return ? @@ -3085,8 +3273,9 @@ probe nd_syscall.stat.return = kprobe.function("sys_stat").return ?, # long sys_statfs(const char __user * path, struct statfs __user * buf) # long compat_sys_statfs(const char __user *path, struct compat_statfs __user *buf) # -probe nd_syscall.statfs = kprobe.function("sys_statfs"), - kprobe.function("compat_sys_statfs") ? +probe nd_syscall.statfs = kprobe.function("compat_sys_statfs") ?, + kprobe.function("SyS_statfs") ?, + kprobe.function("sys_statfs") ? { name = "statfs" // path = user_string($path) @@ -3097,8 +3286,9 @@ probe nd_syscall.statfs = kprobe.function("sys_statfs"), buf_uaddr = pointer_arg(2) argstr = sprintf("%s, %p", user_string_quoted(pointer_arg(1)), buf_uaddr) } -probe nd_syscall.statfs.return = kprobe.function("sys_statfs").return, - kprobe.function("compat_sys_statfs").return ? +probe nd_syscall.statfs.return = kprobe.function("compat_sys_statfs").return ?, + kprobe.function("SyS_statfs").return ?, + kprobe.function("sys_statfs").return ? { name = "statfs" retstr = returnstr(1) @@ -3109,8 +3299,9 @@ probe nd_syscall.statfs.return = kprobe.function("sys_statfs").return, # long sys_statfs64(const char __user *path, size_t sz, struct statfs64 __user *buf) # long compat_sys_statfs64(const char __user *path, compat_size_t sz, struct compat_statfs64 __user *buf) # -probe nd_syscall.statfs64 = kprobe.function("sys_statfs64") ?, - kprobe.function("compat_sys_statfs64") ? +probe nd_syscall.statfs64 = kprobe.function("compat_sys_statfs64") ?, + kprobe.function("SyS_statfs64") ?, + kprobe.function("sys_statfs64") ? { name = "statfs" // path = user_string($path) @@ -3123,8 +3314,9 @@ probe nd_syscall.statfs64 = kprobe.function("sys_statfs64") ?, buf_uaddr = pointer_arg(3) argstr = sprintf("%s, %d, %p", user_string_quoted(pointer_arg(1)), sz, buf_uaddr) } -probe nd_syscall.statfs64.return = kprobe.function("sys_statfs64").return ?, - kprobe.function("compat_sys_statfs64").return ? +probe nd_syscall.statfs64.return = kprobe.function("compat_sys_statfs64").return ?, + kprobe.function("SyS_statfs64").return ?, + kprobe.function("sys_statfs64").return ? { name = "statfs" retstr = returnstr(1) @@ -3135,8 +3327,9 @@ probe nd_syscall.statfs64.return = kprobe.function("sys_statfs64").return ?, # long sys_stime(time_t __user *tptr) # long compat_sys_stime(compat_time_t __user *tptr) # -probe nd_syscall.stime = kprobe.function("sys_stime") ?, - kprobe.function("compat_sys_stime") ? +probe nd_syscall.stime = kprobe.function("compat_sys_stime") ?, + kprobe.function("SyS_stime") ?, + kprobe.function("sys_stime") ? { name = "stime" // t_uaddr = $tptr @@ -3146,8 +3339,9 @@ probe nd_syscall.stime = kprobe.function("sys_stime") ?, t_uaddr = pointer_arg(1) argstr = sprintf("%p", t_uaddr) } -probe nd_syscall.stime.return = kprobe.function("sys_stime").return ?, - kprobe.function("compat_sys_stime").return ? +probe nd_syscall.stime.return = kprobe.function("compat_sys_stime").return ?, + kprobe.function("SyS_stime").return ?, + kprobe.function("sys_stime").return ? { name = "stime" retstr = returnstr(1) @@ -3158,7 +3352,8 @@ probe nd_syscall.stime.return = kprobe.function("sys_stime").return ?, # asmlinkage long # sys_swapoff(const char __user * specialfile) # -probe nd_syscall.swapoff = kprobe.function("sys_swapoff")? +probe nd_syscall.swapoff = kprobe.function("SyS_swapoff") ?, + kprobe.function("sys_swapoff") ? { name = "swapoff" // path = user_string($specialfile) @@ -3167,7 +3362,8 @@ probe nd_syscall.swapoff = kprobe.function("sys_swapoff")? path = user_string(pointer_arg(1)) argstr = user_string_quoted(pointer_arg(1)) } -probe nd_syscall.swapoff.return = kprobe.function("sys_swapoff").return ? +probe nd_syscall.swapoff.return = kprobe.function("SyS_swapoff").return ?, + kprobe.function("sys_swapoff").return ? { name = "swapoff" retstr = returnstr(1) @@ -3179,7 +3375,8 @@ probe nd_syscall.swapoff.return = kprobe.function("sys_swapoff").return ? # sys_swapon(const char __user * specialfile, # int swap_flags) # -probe nd_syscall.swapon = kprobe.function("sys_swapon") ? +probe nd_syscall.swapon = kprobe.function("SyS_swapon") ?, + kprobe.function("sys_swapon") ? { name = "swapon" // path = user_string($specialfile) @@ -3190,7 +3387,8 @@ probe nd_syscall.swapon = kprobe.function("sys_swapon") ? swapflags = int_arg(2) argstr = sprintf("%s, %d", user_string_quoted(pointer_arg(1)), swapflags) } -probe nd_syscall.swapon.return = kprobe.function("sys_swapon").return ? +probe nd_syscall.swapon.return = kprobe.function("SyS_swapon").return ?, + kprobe.function("sys_swapon").return ? { name = "swapon" retstr = returnstr(1) @@ -3199,7 +3397,8 @@ probe nd_syscall.swapon.return = kprobe.function("sys_swapon").return ? # symlink ____________________________________________________ # long sys_symlink(const char __user * oldname, # const char __user * newname) -probe nd_syscall.symlink = kprobe.function("sys_symlink") +probe nd_syscall.symlink = kprobe.function("SyS_symlink") ?, + kprobe.function("sys_symlink") ? { name = "symlink" // oldpath = user_string($oldname) @@ -3212,7 +3411,8 @@ probe nd_syscall.symlink = kprobe.function("sys_symlink") argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), user_string_quoted(pointer_arg(2))) } -probe nd_syscall.symlink.return = kprobe.function("sys_symlink").return +probe nd_syscall.symlink.return = kprobe.function("SyS_symlink").return ?, + kprobe.function("sys_symlink").return ? { name = "symlink" retstr = returnstr(1) @@ -3222,7 +3422,8 @@ probe nd_syscall.symlink.return = kprobe.function("sys_symlink").return # new function with 2.6.16 # long sys_symlinkat(const char __user *oldname, int newdfd, # const char __user *newname) -probe nd_syscall.symlinkat = kprobe.function("sys_symlinkat") ? +probe nd_syscall.symlinkat = kprobe.function("SyS_symlinkat") ?, + kprobe.function("sys_symlinkat") ? { name = "symlinkat" // oldname = $oldname @@ -3243,7 +3444,8 @@ probe nd_syscall.symlinkat = kprobe.function("sys_symlinkat") ? argstr = sprintf("%s, %s, %s", user_string_quoted(oldname), newdfd_str, user_string_quoted(newname)) } -probe nd_syscall.symlinkat.return = kprobe.function("sys_symlinkat").return ? +probe nd_syscall.symlinkat.return = kprobe.function("SyS_symlinkat").return ?, + kprobe.function("sys_symlinkat").return ? { name = "symlinkat" retstr = returnstr(1) @@ -3268,16 +3470,18 @@ probe nd_syscall.sync.return = kprobe.function("sys_sync").return # # long sys_sysctl(struct __sysctl_args __user *args) # -probe nd_syscall.sysctl = kprobe.function("sys_sysctl") ?, - kprobe.function("compat_sys_sysctl") ? +probe nd_syscall.sysctl = kprobe.function("compat_sys_sysctl") ?, + kprobe.function("SyS_sysctl") ?, + kprobe.function("sys_sysctl") ? { name = "sysctl" // argstr = sprintf("%p", $args) asmlinkage() argstr = sprintf("%p", pointer_arg(1)) } -probe nd_syscall.sysctl.return = kprobe.function("sys_sysctl").return ?, - kprobe.function("compat_sys_sysctl").return ? +probe nd_syscall.sysctl.return = kprobe.function("compat_sys_sysctl").return ?, + kprobe.function("SyS_sysctl").return ?, + kprobe.function("sys_sysctl").return ? { name = "sysctl" retstr = returnstr(1) @@ -3290,7 +3494,8 @@ probe nd_syscall.sysctl.return = kprobe.function("sys_sysctl").return ?, # unsigned long arg1, # unsigned long arg2) # -probe nd_syscall.sysfs = kprobe.function("sys_sysfs") +probe nd_syscall.sysfs = kprobe.function("SyS_sysfs") ?, + kprobe.function("sys_sysfs") ? { name = "sysfs" // option = $option @@ -3315,7 +3520,8 @@ probe nd_syscall.sysfs = kprobe.function("sys_sysfs") else argstr = sprintf("%d, %d, %d", option, arg1, arg2) } -probe nd_syscall.sysfs.return = kprobe.function("sys_sysfs").return +probe nd_syscall.sysfs.return = kprobe.function("SyS_sysfs").return ?, + kprobe.function("sys_sysfs").return ? { name = "sysfs" retstr = returnstr(1) @@ -3325,8 +3531,9 @@ probe nd_syscall.sysfs.return = kprobe.function("sys_sysfs").return # # long sys_sysinfo(struct sysinfo __user *info) # long compat_sys_sysinfo(struct compat_sysinfo __user *info) -probe nd_syscall.sysinfo = kprobe.function("sys_sysinfo"), - kprobe.function("compat_sys_sysinfo") ? +probe nd_syscall.sysinfo = kprobe.function("compat_sys_sysinfo") ?, + kprobe.function("SyS_sysinfo") ?, + kprobe.function("sys_sysinfo") ? { name = "sysinfo" // info_uaddr = $info @@ -3335,8 +3542,9 @@ probe nd_syscall.sysinfo = kprobe.function("sys_sysinfo"), info_uaddr = pointer_arg(1) argstr = sprintf("%p", info_uaddr) } -probe nd_syscall.sysinfo.return = kprobe.function("sys_sysinfo").return, - kprobe.function("compat_sys_sysinfo").return ? +probe nd_syscall.sysinfo.return = kprobe.function("compat_sys_sysinfo").return ?, + kprobe.function("SyS_sysinfo").return ?, + kprobe.function("sys_sysinfo").return ? { name = "sysinfo" retstr = returnstr(1) @@ -3346,7 +3554,8 @@ probe nd_syscall.sysinfo.return = kprobe.function("sys_sysinfo").return, # # long sys_syslog(int type, char __user * buf, int len) # -probe nd_syscall.syslog = kprobe.function("sys_syslog") +probe nd_syscall.syslog = kprobe.function("SyS_syslog") ?, + kprobe.function("sys_syslog") ? { name = "syslog" // type = $type @@ -3359,7 +3568,8 @@ probe nd_syscall.syslog = kprobe.function("sys_syslog") len = int_arg(3) argstr = sprintf("%d, %p, %d", type, bufp_uaddr, len) } -probe nd_syscall.syslog.return = kprobe.function("sys_syslog").return +probe nd_syscall.syslog.return = kprobe.function("SyS_syslog").return ?, + kprobe.function("sys_syslog").return ? { name = "syslog" retstr = returnstr(1) @@ -3369,14 +3579,16 @@ probe nd_syscall.syslog.return = kprobe.function("sys_syslog").return # # long sys_tee(int fdin, int fdout, size_t len, unsigned int flags) # -probe nd_syscall.tee = kprobe.function("sys_tee") ? +probe nd_syscall.tee = kprobe.function("SyS_tee") ?, + kprobe.function("sys_tee") ? { name = "tee" // argstr = sprintf("%d, %d, %d, 0x%x", $fdin, $fdout, $len, $flags) asmlinkage() argstr = sprintf("%d, %d, %d, 0x%x", int_arg(1), int_arg(2), ulong_arg(3), uint_arg(4)) } -probe nd_syscall.tee.return = kprobe.function("sys_tee").return ? +probe nd_syscall.tee.return = kprobe.function("SyS_tee").return ?, + kprobe.function("sys_tee").return ? { name = "tee" retstr = returnstr(1) @@ -3389,7 +3601,8 @@ probe nd_syscall.tee.return = kprobe.function("sys_tee").return ? # int pid, # int sig) # -probe nd_syscall.tgkill = kprobe.function("sys_tgkill") +probe nd_syscall.tgkill = kprobe.function("SyS_tgkill") ?, + kprobe.function("sys_tgkill") ? { name = "tgkill" // tgid = $tgid @@ -3402,7 +3615,8 @@ probe nd_syscall.tgkill = kprobe.function("sys_tgkill") sig = int_arg(3) argstr = sprintf("%d, %d, %s", tgid, pid, _signal_name(sig)) } -probe nd_syscall.tgkill.return = kprobe.function("sys_tgkill").return +probe nd_syscall.tgkill.return = kprobe.function("SyS_tgkill").return ?, + kprobe.function("sys_tgkill").return ? { name = "tgkill" retstr = returnstr(1) @@ -3415,10 +3629,11 @@ probe nd_syscall.tgkill.return = kprobe.function("sys_tgkill").return # long sys32_time(compat_time_t __user * tloc) # long compat_sys_time(compat_time_t __user * tloc) # -probe nd_syscall.time = kprobe.function("sys_time")?, - kprobe.function("sys32_time") ?, +probe nd_syscall.time = kprobe.function("sys32_time") ?, kprobe.function("sys_time64") ?, - kprobe.function("compat_sys_time") ? + kprobe.function("compat_sys_time") ?, + kprobe.function("SyS_time") ?, + kprobe.function("sys_time") ? { name = "time" // t_uaddr = $tloc @@ -3427,10 +3642,11 @@ probe nd_syscall.time = kprobe.function("sys_time")?, t_uaddr = pointer_arg(1) argstr = sprintf("%p", t_uaddr) } -probe nd_syscall.time.return = kprobe.function("sys_time").return?, - kprobe.function("sys32_time").return ?, +probe nd_syscall.time.return = kprobe.function("sys32_time").return ?, kprobe.function("sys_time64").return ?, - kprobe.function("compat_sys_time").return ? + kprobe.function("compat_sys_time").return ?, + kprobe.function("SyS_time").return ?, + kprobe.function("sys_time").return ? { name = "time" retstr = returnstr(1) @@ -3442,7 +3658,8 @@ probe nd_syscall.time.return = kprobe.function("sys_time").return?, # struct sigevent __user *timer_event_spec, # timer_t __user * created_timer_id) # -probe nd_syscall.timer_create = kprobe.function("sys_timer_create") +probe nd_syscall.timer_create = kprobe.function("SyS_timer_create") ?, + kprobe.function("sys_timer_create") ? { name = "timer_create" // clockid = $which_clock @@ -3457,7 +3674,8 @@ probe nd_syscall.timer_create = kprobe.function("sys_timer_create") timerid_uaddr = pointer_arg(3) argstr = sprintf("%s, %p, %p", clockid_str, evp_uaddr, timerid_uaddr) } -probe nd_syscall.timer_create.return = kprobe.function("sys_timer_create").return +probe nd_syscall.timer_create.return = kprobe.function("SyS_timer_create").return ?, + kprobe.function("sys_timer_create").return ? { name = "timer_create" retstr = returnstr(1) @@ -3467,7 +3685,8 @@ probe nd_syscall.timer_create.return = kprobe.function("sys_timer_create").retur # # long sys_timer_delete(timer_t timer_id) # -probe nd_syscall.timer_delete = kprobe.function("sys_timer_delete") +probe nd_syscall.timer_delete = kprobe.function("SyS_timer_delete") ?, + kprobe.function("sys_timer_delete") ? { name = "timer_delete" // timerid = $timer_id @@ -3476,7 +3695,8 @@ probe nd_syscall.timer_delete = kprobe.function("sys_timer_delete") timerid = int_arg(1) argstr = sprint(timerid) } -probe nd_syscall.timer_delete.return = kprobe.function("sys_timer_delete").return +probe nd_syscall.timer_delete.return = kprobe.function("SyS_timer_delete").return ?, + kprobe.function("sys_timer_delete").return ? { name = "timer_delete" retstr = returnstr(1) @@ -3486,7 +3706,8 @@ probe nd_syscall.timer_delete.return = kprobe.function("sys_timer_delete").retur # # long sys_timer_getoverrun(timer_t timer_id) # -probe nd_syscall.timer_getoverrun = kprobe.function("sys_timer_getoverrun") +probe nd_syscall.timer_getoverrun = kprobe.function("SyS_timer_getoverrun") ?, + kprobe.function("sys_timer_getoverrun") ? { name = "timer_getoverrun" // timerid = $timer_id @@ -3495,7 +3716,8 @@ probe nd_syscall.timer_getoverrun = kprobe.function("sys_timer_getoverrun") timerid = int_arg(1) argstr = sprint(timerid) } -probe nd_syscall.timer_getoverrun.return = kprobe.function("sys_timer_getoverrun").return +probe nd_syscall.timer_getoverrun.return = kprobe.function("SyS_timer_getoverrun").return ?, + kprobe.function("sys_timer_getoverrun").return ? { name = "timer_getoverrun" retstr = returnstr(1) @@ -3506,7 +3728,8 @@ probe nd_syscall.timer_getoverrun.return = kprobe.function("sys_timer_getoverrun # long sys_timer_gettime(timer_t timer_id, # struct itimerspec __user *setting) # -probe nd_syscall.timer_gettime = kprobe.function("sys_timer_gettime") +probe nd_syscall.timer_gettime = kprobe.function("SyS_timer_gettime") ?, + kprobe.function("sys_timer_gettime") ? { name = "timer_gettime" // timerid = $timer_id @@ -3517,7 +3740,8 @@ probe nd_syscall.timer_gettime = kprobe.function("sys_timer_gettime") value_uaddr = pointer_arg(2) argstr = sprintf("%d, %p", timerid, value_uaddr) } -probe nd_syscall.timer_gettime.return = kprobe.function("sys_timer_gettime").return +probe nd_syscall.timer_gettime.return = kprobe.function("SyS_timer_gettime").return ?, + kprobe.function("sys_timer_gettime").return ? { name = "timer_gettime" retstr = returnstr(1) @@ -3530,7 +3754,8 @@ probe nd_syscall.timer_gettime.return = kprobe.function("sys_timer_gettime").ret # const struct itimerspec __user *new_setting, # struct itimerspec __user *old_setting) # -probe nd_syscall.timer_settime = kprobe.function("sys_timer_settime") +probe nd_syscall.timer_settime = kprobe.function("SyS_timer_settime") ?, + kprobe.function("sys_timer_settime") ? { name = "timer_settime" // timerid = $timer_id @@ -3549,7 +3774,8 @@ probe nd_syscall.timer_settime = kprobe.function("sys_timer_settime") _struct_itimerspec_u(value_uaddr), ovalue_uaddr) } -probe nd_syscall.timer_settime.return = kprobe.function("sys_timer_settime").return +probe nd_syscall.timer_settime.return = kprobe.function("SyS_timer_settime").return ?, + kprobe.function("sys_timer_settime").return ? { name = "timer_settime" retstr = returnstr(1) @@ -3581,16 +3807,18 @@ probe nd_syscall.timerfd.return = kprobe.function("sys_timerfd").return ?, # # long sys_times(struct tms __user * tbuf) # long compat_sys_times(struct compat_tms __user *tbuf) -probe nd_syscall.times = kprobe.function("sys_times") ?, - kprobe.function("compat_sys_times") ? +probe nd_syscall.times = kprobe.function("compat_sys_times") ?, + kprobe.function("SyS_times") ?, + kprobe.function("sys_times") ? { name = "times" // argstr = sprintf("%p", $tbuf) asmlinkage() argstr = sprintf("%p", pointer_arg(1)) } -probe nd_syscall.times.return = kprobe.function("sys_times").return ?, - kprobe.function("compat_sys_times").return ? +probe nd_syscall.times.return = kprobe.function("compat_sys_times").return ?, + kprobe.function("SyS_times").return ?, + kprobe.function("sys_times").return ? { name = "times" retstr = returnstr(1) @@ -3602,7 +3830,8 @@ probe nd_syscall.times.return = kprobe.function("sys_times").return ?, # sys_tkill(int pid, # int sig) # -probe nd_syscall.tkill = kprobe.function("sys_tkill") +probe nd_syscall.tkill = kprobe.function("SyS_tkill") ?, + kprobe.function("sys_tkill") ? { name = "tkill" // pid = $pid @@ -3613,7 +3842,8 @@ probe nd_syscall.tkill = kprobe.function("sys_tkill") sig = int_arg(2) argstr = sprintf("%d, %s", pid, _signal_name(sig)) } -probe nd_syscall.tkill.return = kprobe.function("sys_tkill").return +probe nd_syscall.tkill.return = kprobe.function("SyS_tkill").return ?, + kprobe.function("sys_tkill").return ? { name = "tkill" retstr = returnstr(1) @@ -3624,7 +3854,8 @@ probe nd_syscall.tkill.return = kprobe.function("sys_tkill").return # sys_truncate(const char __user * path, unsigned long length) # sys_truncate64(const char __user * path, loff_t length) # -probe nd_syscall.truncate = kprobe.function("sys_truncate")?, +probe nd_syscall.truncate = kprobe.function("SyS_truncate") ?, + kprobe.function("sys_truncate") ?, kprobe.function("sys_truncate64") ? { name = "truncate" @@ -3641,7 +3872,8 @@ probe nd_syscall.truncate = kprobe.function("sys_truncate")?, length = longlong_arg(2) argstr = sprintf("%s, %d", user_string_quoted(path_uaddr), length) } -probe nd_syscall.truncate.return = kprobe.function("sys_truncate").return ?, +probe nd_syscall.truncate.return = kprobe.function("SyS_truncate").return ?, + kprobe.function("sys_truncate").return ?, kprobe.function("sys_truncate64").return ? { name = "truncate" @@ -3672,7 +3904,8 @@ probe nd_syscall.tux.return = kprobe.function("sys_tux").return ? # umask ______________________________________________________ # long sys_umask(int mask) # -probe nd_syscall.umask = kprobe.function("sys_umask") +probe nd_syscall.umask = kprobe.function("SyS_umask") ?, + kprobe.function("sys_umask") ? { name = "umask" // mask = $mask @@ -3681,7 +3914,8 @@ probe nd_syscall.umask = kprobe.function("sys_umask") mask = int_arg(1) argstr = sprintf("%#o", mask) } -probe nd_syscall.umask.return = kprobe.function("sys_umask").return +probe nd_syscall.umask.return = kprobe.function("SyS_umask").return ?, + kprobe.function("sys_umask").return ? { name = "umask" retstr = returnstr(3) @@ -3690,7 +3924,8 @@ probe nd_syscall.umask.return = kprobe.function("sys_umask").return # umount _____________________________________________________ # long sys_umount(char __user * name, int flags) # -probe nd_syscall.umount = kprobe.function("sys_umount") +probe nd_syscall.umount = kprobe.function("SyS_umount") ?, + kprobe.function("sys_umount") ? { name = "umount" // target = user_string($name) @@ -3703,7 +3938,8 @@ probe nd_syscall.umount = kprobe.function("sys_umount") flags_str = _umountflags_str(flags) argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), flags_str) } -probe nd_syscall.umount.return = kprobe.function("sys_umount").return +probe nd_syscall.umount.return = kprobe.function("SyS_umount").return ?, + kprobe.function("sys_umount").return ? { name = "umount" retstr = returnstr(1) @@ -3721,6 +3957,7 @@ probe nd_syscall.uname = kprobe.function("sys_uname") ?, kprobe.function("sys_olduname") ?, kprobe.function("sys32_olduname") ?, kprobe.function("sys32_uname") ?, + kprobe.function("SyS_newuname") ?, kprobe.function("sys_newuname") ? { name = "uname" @@ -3739,6 +3976,7 @@ probe nd_syscall.uname.return = kprobe.function("sys_uname").return ?, kprobe.function("sys_olduname").return ?, kprobe.function("sys32_olduname").return ?, kprobe.function("sys32_uname").return ?, + kprobe.function("SyS_newuname").return ?, kprobe.function("sys_newuname").return ? { name = "uname" @@ -3748,7 +3986,8 @@ probe nd_syscall.uname.return = kprobe.function("sys_uname").return ?, # unlink _____________________________________________________ # long sys_unlink(const char __user * pathname) # -probe nd_syscall.unlink = kprobe.function("sys_unlink") +probe nd_syscall.unlink = kprobe.function("SyS_unlink") ?, + kprobe.function("sys_unlink") ? { name = "unlink" // pathname_uaddr = $pathname @@ -3759,18 +3998,42 @@ probe nd_syscall.unlink = kprobe.function("sys_unlink") pathname = user_string(pathname_uaddr) argstr = user_string_quoted(pathname_uaddr) } -probe nd_syscall.unlink.return = kprobe.function("sys_unlink").return +probe nd_syscall.unlink.return = kprobe.function("SyS_unlink").return ?, + kprobe.function("sys_unlink").return ? { name = "unlink" retstr = returnstr(1) } +# unlinkat ___________________________________________________ +# TODO +#probe nd_syscall.unlinkat = kprobe.function("SyS_unlinkat") ?, +# kprobe.function("sys_unlinkat") ? +#{ +#} +#probe nd_syscall.unlinkat.return = kprobe.function("SyS_unlinkat").return ?, +# kprobe.function("sys_unlinkat").return ? +#{ +#} + +# unshare ____________________________________________________ +# TODO +#probe nd_syscall.unshare = kprobe.function("SyS_unshare") ?, +# kprobe.function("sys_unshare") ? +#{ +#} +#probe nd_syscall.unshare.return = kprobe.function("SyS_unshare").return ?, +# kprobe.function("sys_unshare").return ? +#{ +#} + # uselib _____________________________________________________ # # asmlinkage long # sys_uselib(const char __user * library) # -probe nd_syscall.uselib = kprobe.function("sys_uselib") +probe nd_syscall.uselib = kprobe.function("SyS_uselib") ?, + kprobe.function("sys_uselib") ? { name = "uselib" // library_uaddr = $library @@ -3781,7 +4044,8 @@ probe nd_syscall.uselib = kprobe.function("sys_uselib") library = user_string(library_uaddr) argstr = user_string_quoted(library_uaddr) } -probe nd_syscall.uselib.return = kprobe.function("sys_uselib").return +probe nd_syscall.uselib.return = kprobe.function("SyS_uselib").return ?, + kprobe.function("sys_uselib").return ? { name = "uselib" retstr = returnstr(1) @@ -3790,7 +4054,8 @@ probe nd_syscall.uselib.return = kprobe.function("sys_uselib").return # ustat ______________________________________________________ # long sys_ustat(unsigned dev, struct ustat __user * ubuf) # -probe nd_syscall.ustat = kprobe.function("sys_ustat") +probe nd_syscall.ustat = kprobe.function("SyS_ustat") ?, + kprobe.function("sys_ustat") ? { name = "ustat" // dev = $dev @@ -3813,7 +4078,8 @@ probe nd_syscall.ustat32 = kprobe.function("sys32_ustat") ? argstr = sprintf("%d, %p", dev, pointer_arg(2)) } -probe nd_syscall.ustat.return = kprobe.function("sys_ustat").return, +probe nd_syscall.ustat.return = kprobe.function("SyS_ustat").return ?, + kprobe.function("sys_ustat").return ?, kprobe.function("sys32_ustat").return ? { name = "ustat" @@ -3822,7 +4088,8 @@ probe nd_syscall.ustat.return = kprobe.function("sys_ustat").return, # utime ______________________________________________________ # long sys_utime(char __user * filename, struct utimbuf __user * times) -probe nd_syscall.utime = kprobe.function("sys_utime") ? +probe nd_syscall.utime = kprobe.function("SyS_utime") ?, + kprobe.function("sys_utime") ? { name = "utime" asmlinkage() @@ -3834,7 +4101,8 @@ probe nd_syscall.utime = kprobe.function("sys_utime") ? argstr = sprintf("%s, [%s, %s]", filename, ctime(actime), ctime(modtime)) } -probe nd_syscall.utime.return = kprobe.function("sys_utime").return ? +probe nd_syscall.utime.return = kprobe.function("SyS_utime").return ?, + kprobe.function("sys_utime").return ? { name = "utime" retstr = returnstr(1) @@ -3863,7 +4131,8 @@ probe nd_syscall.compat_utime.return = kprobe.function("compat_sys_utime").retur # # long sys_utimes(char __user * filename, struct timeval __user * utimes) # -probe nd_syscall.utimes = kprobe.function("sys_utimes") +probe nd_syscall.utimes = kprobe.function("SyS_utimes") ?, + kprobe.function("sys_utimes") ? { name = "utimes" // filename_uaddr = $filename @@ -3878,7 +4147,8 @@ probe nd_syscall.utimes = kprobe.function("sys_utimes") argstr = sprintf("%s, %s", user_string_quoted(filename_uaddr), _struct_timeval_u(tvp_uaddr, 2)) } -probe nd_syscall.utimes.return = kprobe.function("sys_utimes").return +probe nd_syscall.utimes.return = kprobe.function("SyS_utimes").return ?, + kprobe.function("sys_utimes").return ? { name = "utimes" retstr = returnstr(1) @@ -3909,7 +4179,8 @@ probe nd_syscall.compat_sys_utimes.return = kprobe.function("compat_sys_utimes") # long sys_utimensat(int dfd, char __user *filename, struct timespec __user *utimes, int flags) # long compat_sys_utimensat(unsigned int dfd, char __user *filename, struct compat_timespec __user *t, int flags) # -probe nd_syscall.utimensat = kprobe.function("sys_utimensat") ? +probe nd_syscall.utimensat = kprobe.function("SyS_utimensat") ?, + kprobe.function("sys_utimensat") ? { name = "utimensat" // argstr = sprintf("%s, %s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), _struct_timespec_u($utimes, 2), @@ -3927,12 +4198,13 @@ probe nd_syscall.compat_utimensat = kprobe.function("compat_sys_utimensat") ? argstr = sprintf("%s, %s, %s, %s", _dfd_str(uint_arg(1)), user_string_quoted(pointer_arg(2)), _struct_compat_timespec_u(pointer_arg(3), 2), _at_flag_str(int_arg(4))) } -probe nd_syscall.utimensat.return = kprobe.function("sys_utimensat").return ? +probe nd_syscall.utimensat.return = kprobe.function("SyS_utimensat").return ?, + kprobe.function("sys_utimensat").return ? { name = "utimensat" retstr = returnstr(1) } -probe nd_syscall.compat_utimensat.return = kprobe.function("compat_sys_utimensat").return ? +probe nd_syscall.compat_utimensat.return = kprobe.function("compat_sys_utimensat").return ? { name = "utimensat" retstr = returnstr(1) @@ -3961,7 +4233,8 @@ probe nd_syscall.vhangup.return = kprobe.function("sys_vhangup").return # long compat_sys_vmsplice(int fd, const struct compat_iovec __user *iov32, # unsigned int nr_segs, unsigned int flags) # -probe nd_syscall.vmsplice = kprobe.function("sys_vmsplice") ? +probe nd_syscall.vmsplice = kprobe.function("SyS_vmsplice") ?, + kprobe.function("sys_vmsplice") ? { name = "vmsplice" // argstr = sprintf("%d, %p, %d, 0x%x", $fd, $iov, $nr_segs, $flags) @@ -3975,7 +4248,8 @@ probe nd_syscall.compat_vmsplice = kprobe.function("compat_sys_vmsplice") ? asmlinkage() argstr = sprintf("%d, %p, %d, 0x%x", int_arg(1), pointer_arg(2), uint_arg(3), uint_arg(4)) } -probe nd_syscall.vmsplice.return = kprobe.function("sys_vmsplice").return ? +probe nd_syscall.vmsplice.return = kprobe.function("SyS_vmsplice").return ?, + kprobe.function("sys_vmsplice").return ? { name = "vmsplice" retstr = returnstr(1) @@ -3993,7 +4267,8 @@ probe nd_syscall.compat_vmsplice.return = kprobe.function("compat_sys_vmsplice") # int options, # struct rusage __user *ru) # -probe nd_syscall.wait4 = kprobe.function("sys_wait4") +probe nd_syscall.wait4 = kprobe.function("SyS_wait4") ?, + kprobe.function("sys_wait4") ? { name = "wait4" // pid = %( kernel_vr >= "2.6.25" %? $upid %: $pid%) @@ -4013,7 +4288,8 @@ probe nd_syscall.wait4 = kprobe.function("sys_wait4") argstr = sprintf("%d, %p, %s, %p", pid, status_uaddr, _wait4_opt_str(options), rusage_uaddr) } -probe nd_syscall.wait4.return = kprobe.function("sys_wait4").return +probe nd_syscall.wait4.return = kprobe.function("SyS_wait4").return ?, + kprobe.function("sys_wait4").return ? { name = "wait4" retstr = returnstr(1) @@ -4027,7 +4303,8 @@ probe nd_syscall.wait4.return = kprobe.function("sys_wait4").return # int options, # struct rusage __user *ru) # -probe nd_syscall.waitid = kprobe.function("sys_waitid") +probe nd_syscall.waitid = kprobe.function("SyS_waitid") ?, + kprobe.function("sys_waitid") ? { name = "waitid" // pid = %( kernel_vr >= "2.6.25" %? $upid %: $pid%) @@ -4051,7 +4328,8 @@ probe nd_syscall.waitid = kprobe.function("sys_waitid") argstr = sprintf("%d, %d, %p, %s, %p", which, pid, infop_uaddr, _waitid_opt_str(options), rusage_uaddr) } -probe nd_syscall.waitid.return = kprobe.function("sys_waitid").return +probe nd_syscall.waitid.return = kprobe.function("SyS_waitid").return ?, + kprobe.function("sys_waitid").return ? { name = "waitid" retstr = returnstr(1) @@ -4065,7 +4343,8 @@ probe nd_syscall.waitid.return = kprobe.function("sys_waitid").return # int options, # struct rusage __user *ru) # -probe nd_syscall.waitpid = kprobe.function("sys_wait4") +probe nd_syscall.waitpid = kprobe.function("SyS_wait4") ?, + kprobe.function("sys_wait4") ? { name = "waitpid" pid = $pid @@ -4076,7 +4355,8 @@ probe nd_syscall.waitpid = kprobe.function("sys_wait4") argstr = sprintf("%d, %p, %s, %p", $pid, $stat_addr, options_str, $ru) } -probe nd_syscall.waitpid.return = kprobe.function("sys_wait4").return +probe nd_syscall.waitpid.return = kprobe.function("SyS_wait4").return ?, + kprobe.function("sys_wait4").return ? { name = "waitpid" retstr = returnstr(1) @@ -4089,7 +4369,8 @@ probe nd_syscall.waitpid.return = kprobe.function("sys_wait4").return # const char __user * buf, # size_t count) # -probe nd_syscall.write = kprobe.function("sys_write") +probe nd_syscall.write = kprobe.function("SyS_write") ?, + kprobe.function("sys_write") ? { name = "write" // fd = $fd @@ -4103,7 +4384,8 @@ probe nd_syscall.write = kprobe.function("sys_write") argstr = sprintf("%d, %s, %d", fd, text_strn(user_string(buf_uaddr), syscall_string_trunc, 1), count) } -probe nd_syscall.write.return = kprobe.function("sys_write").return +probe nd_syscall.write.return = kprobe.function("SyS_write").return ?, + kprobe.function("sys_write").return ? { name = "write" retstr = returnstr(1) @@ -4118,8 +4400,9 @@ probe nd_syscall.write.return = kprobe.function("sys_write").return # const struct compat_iovec __user *vec, # unsigned long vlen) # -probe nd_syscall.writev = kprobe.function("sys_writev"), - kprobe.function("compat_sys_writev") ? +probe nd_syscall.writev = kprobe.function("compat_sys_writev") ?, + kprobe.function("SyS_writev") ?, + kprobe.function("sys_writev") ? { name = "writev" // vector_uaddr = $vec @@ -4138,8 +4421,9 @@ probe nd_syscall.writev = kprobe.function("sys_writev"), argstr = sprintf("%d, %p, %d", fd, vector_uaddr, count) } -probe nd_syscall.writev.return = kprobe.function("sys_writev").return, - kprobe.function("compat_sys_writev").return ? +probe nd_syscall.writev.return = kprobe.function("compat_sys_writev").return ?, + kprobe.function("SyS_writev").return ?, + kprobe.function("sys_writev").return ? { name = "writev" retstr = returnstr(1) -- cgit From 874b38cf7d259179a2a455cd34ea5a5b9348604b Mon Sep 17 00:00:00 2001 From: Mark Wielaard Date: Tue, 2 Jun 2009 14:55:30 +0200 Subject: Fix nd_syscall2 open.return typo. * tapset/nd_syscalls2.stp (nd_syscall.open.return): Add commas after alternatives. --- tapset/nd_syscalls2.stp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tapset/nd_syscalls2.stp b/tapset/nd_syscalls2.stp index 49210012..43b8307f 100644 --- a/tapset/nd_syscalls2.stp +++ b/tapset/nd_syscalls2.stp @@ -156,8 +156,8 @@ probe nd_syscall.open = kprobe.function("compat_sys_open") ?, _sys_open_flag_str(flags)) } probe nd_syscall.open.return = kprobe.function("compat_sys_open").return ?, - kprobe.function("sys32_open").return ? - kprobe.function("SyS_open").return ? + kprobe.function("sys32_open").return ?, + kprobe.function("SyS_open").return ?, kprobe.function("sys_open").return ? { name = "open" -- cgit