From 1a88a67755fa23e8fcf74058ffa984b132f9ce02 Mon Sep 17 00:00:00 2001 From: Przemyslaw Pawelczyk Date: Sun, 17 May 2009 19:42:48 +0200 Subject: Fix typo in mq_timedreceive probe point. * tapset/syscalls.stp: Rename abs_timout_uaddr to abs_timeout_uaddr. --- tapset/syscalls.stp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tapset') diff --git a/tapset/syscalls.stp b/tapset/syscalls.stp index a215dc12..0eaf84c8 100644 --- a/tapset/syscalls.stp +++ b/tapset/syscalls.stp @@ -2976,7 +2976,7 @@ probe syscall.mq_timedreceive = msg_ptr_uaddr = $u_msg_ptr msg_len = $msg_len msg_prio_uaddr = $u_msg_prio - abs_timout_uaddr = $u_abs_timeout + abs_timeout_uaddr = $u_abs_timeout argstr = sprintf("%d, %p, %d, %p, %p", $mqdes, $u_msg_ptr, $msg_len, $u_msg_prio, $u_abs_timeout) } -- cgit From 798b8ec79ebc0cb335fc9c4bfdaaec0138b90774 Mon Sep 17 00:00:00 2001 From: Przemyslaw Pawelczyk Date: Sun, 17 May 2009 20:09:34 +0200 Subject: Complete the names-to-numbers conversion in nd_syscalls.stp. Replace in-scope variables references with *_arg functions. Use 'kprobe' family of probes instead of 'kernel' family for dwarfless probing. Also fix a few typos and unify formatting. Signed-off-by: Josh Stone --- tapset/nd_syscalls.stp | 2691 ++++++++++++++++++++++++++++++------------------ 1 file changed, 1711 insertions(+), 980 deletions(-) (limited to 'tapset') diff --git a/tapset/nd_syscalls.stp b/tapset/nd_syscalls.stp index a0e5286b..32c3640e 100644 --- a/tapset/nd_syscalls.stp +++ b/tapset/nd_syscalls.stp @@ -12,9 +12,6 @@ * nd_syscalls.stp is a copy of syscalls.stp, modified to refer to * function arguments by number rather than name, so that this tapset * can be used even when the probed kernel lacks debugging information. - * - * So far, the names-to-numbers conversion covers only syscall.a* - * through syscall.c*, plus a few others. */ @@ -37,7 +34,8 @@ # accept _____________________________________________________ # long sys_accept(int fd, struct sockaddr __user *upeer_sockaddr, # int __user *upeer_addrlen) -probe nd_syscall.accept = kernel.function("sys_accept") ? { +probe nd_syscall.accept = kprobe.function("sys_accept") ? +{ name = "accept" // sockfd = $fd // addr_uaddr = $upeer_sockaddr @@ -49,14 +47,16 @@ probe nd_syscall.accept = kernel.function("sys_accept") ? { addrlen_uaddr = pointer_arg(3) argstr = sprintf("%d, %p, %p", sockfd, addr_uaddr, addrlen_uaddr) } -probe nd_syscall.accept.return = kernel.function("sys_accept").return ? { +probe nd_syscall.accept.return = kprobe.function("sys_accept").return ? +{ name = "accept" retstr = returnstr(1) } # access _____________________________________________________ # long sys_access(const char __user * filename, int mode) -probe nd_syscall.access = kernel.function("sys_access") { +probe nd_syscall.access = kprobe.function("sys_access") +{ name = "access" // pathname = user_string($filename) // mode = $mode @@ -68,22 +68,25 @@ probe nd_syscall.access = kernel.function("sys_access") { mode_str = _access_mode_str(mode) argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), mode_str) } -probe nd_syscall.access.return = kernel.function("sys_access").return { +probe nd_syscall.access.return = kprobe.function("sys_access").return +{ name = "access" retstr = returnstr(1) } # acct _______________________________________________________ # long sys_acct(const char __user *name) -probe nd_syscall.acct = kernel.function("sys_acct") ? { +probe nd_syscall.acct = kprobe.function("sys_acct") ? +{ name = "acct" - // filename = user_string($name) + // filename = user_string($name) // argstr = user_string_quoted($name) asmlinkage() filename = user_string(pointer_arg(1)) argstr = user_string_quoted(pointer_arg(1)) } -probe nd_syscall.acct.return = kernel.function("sys_acct").return ? { +probe nd_syscall.acct.return = kprobe.function("sys_acct").return ? +{ name = "acct" retstr = returnstr(1) } @@ -95,7 +98,8 @@ probe nd_syscall.acct.return = kernel.function("sys_acct").return ? { # size_t plen, # key_serial_t ringid) # -probe nd_syscall.add_key = kernel.function("sys_add_key") ? { +probe nd_syscall.add_key = kprobe.function("sys_add_key") ? +{ name = "add_key" // type_uaddr = $_type // description_auddr = $_description @@ -105,7 +109,7 @@ probe nd_syscall.add_key = kernel.function("sys_add_key") ? { // argstr = sprintf("%s, %s, %s, %d, %d", // user_string_quoted($_type), // user_string_quoted($_description), - // text_strn(user_string($_payload),syscall_string_trunc,1), + // text_strn(user_string($_payload), syscall_string_trunc, 1), // $plen, $ringid) asmlinkage() type_uaddr = pointer_arg(1) @@ -116,49 +120,54 @@ probe nd_syscall.add_key = kernel.function("sys_add_key") ? { argstr = sprintf("%s, %s, %s, %d, %d", user_string_quoted(type_uaddr), user_string_quoted(description_uaddr), - text_strn(user_string(payload_uaddr),syscall_string_trunc,1), + text_strn(user_string(payload_uaddr), syscall_string_trunc, 1), plen, ringid) } -probe nd_syscall.add_key.return = kernel.function("sys_add_key").return ? { +probe nd_syscall.add_key.return = kprobe.function("sys_add_key").return ? +{ name = "add_key" retstr = returnstr(1) } # adjtimex ___________________________________________________ # long sys_adjtimex(struct timex __user *txc_p) -probe nd_syscall.adjtimex = kernel.function("sys_adjtimex") { +probe nd_syscall.adjtimex = kprobe.function("sys_adjtimex") +{ name = "adjtimex" /* - * buf_offset = __uget_timex_m($txc_p,1) - * buf_freq = __uget_timex_m($txc_p,2) - * buf_maxerror = __uget_timex_m($txc_p,3) - * buf_esterror = __uget_timex_m($txc_p,4) - * buf_status = __uget_timex_m($txc_p,5) - * buf_constant = __uget_timex_m($txc_p,6) - * buf_precision = __uget_timex_m($txc_p,7) - * buf_tolerance = __uget_timex_m($txc_p,8) - * buf_time_tv_sec = __uget_timex_m($txc_p,9) - * buf_time_tv_usec = __uget_timex_m($txc_p,10) - * buf_tick = __uget_timex_m($txc_p,11) + * buf_offset = __uget_timex_m($txc_p, 1) + * buf_freq = __uget_timex_m($txc_p, 2) + * buf_maxerror = __uget_timex_m($txc_p, 3) + * buf_esterror = __uget_timex_m($txc_p, 4) + * buf_status = __uget_timex_m($txc_p, 5) + * buf_constant = __uget_timex_m($txc_p, 6) + * buf_precision = __uget_timex_m($txc_p, 7) + * buf_tolerance = __uget_timex_m($txc_p, 8) + * buf_time_tv_sec = __uget_timex_m($txc_p, 9) + * buf_time_tv_usec = __uget_timex_m($txc_p, 10) + * buf_tick = __uget_timex_m($txc_p, 11) */ // argstr = sprintf("%p", $txc_p) asmlinkage() argstr = sprintf("%p", pointer_arg(1)) } -probe nd_syscall.adjtimex.return = kernel.function("sys_adjtimex").return { +probe nd_syscall.adjtimex.return = kprobe.function("sys_adjtimex").return +{ name = "adjtimex" // retstr = _adjtimex_return_str($return) retstr = _adjtimex_return_str(returnval()) } # long compat_sys_adjtimex(struct compat_timex __user *utp) -probe nd_syscall.compat_adjtimex = kernel.function("compat_sys_adjtimex") ? { +probe nd_syscall.compat_adjtimex = kprobe.function("compat_sys_adjtimex") ? +{ name = "compat_adjtimex" // argstr = sprintf("%p", $utp) asmlinkage() argstr = sprintf("%p", pointer_arg(1)) } -probe nd_syscall.compat_adjtimex.return = kernel.function("compat_sys_adjtimex").return ? { +probe nd_syscall.compat_adjtimex.return = kprobe.function("compat_sys_adjtimex").return ? +{ name = "compat_adjtimex" retstr = returnstr(1) } @@ -167,9 +176,8 @@ probe nd_syscall.compat_adjtimex.return = kernel.function("compat_sys_adjtimex") # unsigned long sys_alarm (unsigned int seconds) # long sys32_alarm(unsigned int seconds) # -probe nd_syscall.alarm = - kernel.function("sys_alarm") ?, - kernel.function("sys32_alarm") ? +probe nd_syscall.alarm = kprobe.function("sys_alarm") ?, + kprobe.function("sys32_alarm") ? { name = "alarm" // seconds = $seconds @@ -178,62 +186,64 @@ probe nd_syscall.alarm = seconds = uint_arg(1) argstr = sprint(seconds) } -probe nd_syscall.alarm.return = - kernel.function("sys_alarm").return ?, - kernel.function("sys32_alarm").return ? +probe nd_syscall.alarm.return = kprobe.function("sys_alarm").return ?, + kprobe.function("sys32_alarm").return ? { name = "alarm" retstr = returnstr(1) } # bdflush ____________________________________________________ -# long sys_bdflush(int func,long data) -probe nd_syscall.bdflush = kernel.function("sys_bdflush") ? { +# long sys_bdflush(int func, long data) +probe nd_syscall.bdflush = kprobe.function("sys_bdflush") ? +{ name = "bdflush" // func = $func // data = $data - // if (($func>=2)&&($func%2==0)) - // data_str = sprintf("%p", $data) - // else - // data_str = sprintf("%d", $data) + // if (($func>=2)&&($func%2==0)) + // data_str = sprintf("%p", $data) + // else + // data_str = sprintf("%d", $data) asmlinkage() func = int_arg(1) data = long_arg(2) - if ((func>=2)&&(func%2==0)) - data_str = sprintf("%p", data) - else - data_str = sprintf("%d", data) - argstr = sprintf("%d, %s",func, data_str) + if ((func>=2)&&(func%2==0)) + data_str = sprintf("%p", data) + else + data_str = sprintf("%d", data) + argstr = sprintf("%d, %s", func, data_str) } -probe nd_syscall.bdflush.return = kernel.function("sys_bdflush").return ? { +probe nd_syscall.bdflush.return = kprobe.function("sys_bdflush").return ? +{ name = "bdflush" retstr = returnstr(1) } # bind _______________________________________________________ # long sys_bind(int fd, struct sockaddr __user *umyaddr, int addrlen) -probe nd_syscall.bind = kernel.function("sys_bind") ? { +probe nd_syscall.bind = kprobe.function("sys_bind") ? +{ name = "bind" // sockfd = $fd // my_addr_uaddr = $umyaddr // addrlen = $addrlen - // argstr = sprintf("%d, %s, %d", $fd, _struct_sockaddr_u($umyaddr,$addrlen),$addrlen) + // argstr = sprintf("%d, %s, %d", $fd, _struct_sockaddr_u($umyaddr, $addrlen), $addrlen) asmlinkage() sockfd = int_arg(1) my_addr_uaddr = pointer_arg(2) addrlen = int_arg(3) - argstr = sprintf("%d, %s, %d", sockfd, _struct_sockaddr_u(my_addr_uaddr,addrlen),addrlen) + argstr = sprintf("%d, %s, %d", sockfd, _struct_sockaddr_u(my_addr_uaddr, addrlen), addrlen) } -probe nd_syscall.bind.return = kernel.function("sys_bind").return ? { +probe nd_syscall.bind.return = kprobe.function("sys_bind").return ? +{ name = "bind" retstr = returnstr(1) } # brk ________________________________________________________ # unsigned long sys_brk(unsigned long brk) -probe nd_syscall.brk = - kernel.function("sys_brk"), - kernel.function("ia64_brk") ? +probe nd_syscall.brk = kprobe.function("sys_brk"), + kprobe.function("ia64_brk") ? { name = "brk" // brk = $brk @@ -241,9 +251,8 @@ probe nd_syscall.brk = brk = ulong_arg(1) argstr = sprintf("%p", brk) } -probe nd_syscall.brk.return = - kernel.function("sys_brk").return, - kernel.function("ia64_brk").return ? +probe nd_syscall.brk.return = kprobe.function("sys_brk").return, + kprobe.function("ia64_brk").return ? { name = "brk" retstr = returnstr(1) @@ -262,7 +271,8 @@ probe nd_syscall.brk.return = * functions to export. */ # long sys_capget(cap_user_header_t header, cap_user_data_t dataptr) -probe nd_syscall.capget = kernel.function("sys_capget") { +probe nd_syscall.capget = kprobe.function("sys_capget") +{ name = "capget" // header_uaddr = $header // data_uaddr = $dataptr @@ -272,7 +282,8 @@ probe nd_syscall.capget = kernel.function("sys_capget") { data_uaddr = pointer_arg(2) argstr = sprintf("%p, %p", header_uaddr, data_uaddr) } -probe nd_syscall.capget.return = kernel.function("sys_capget").return { +probe nd_syscall.capget.return = kprobe.function("sys_capget").return +{ name = "capget" retstr = returnstr(1) } @@ -289,7 +300,8 @@ probe nd_syscall.capget.return = kernel.function("sys_capget").return { * functions to export. */ # long sys_capset(cap_user_header_t header, const cap_user_data_t data) -probe nd_syscall.capset = kernel.function("sys_capset") { +probe nd_syscall.capset = kprobe.function("sys_capset") +{ name = "capset" // header_uaddr = $header // data_uaddr = $data @@ -299,14 +311,16 @@ probe nd_syscall.capset = kernel.function("sys_capset") { data_uaddr = pointer_arg(2) argstr = sprintf("%p, %p", header_uaddr, data_uaddr) } -probe nd_syscall.capset.return = kernel.function("sys_capset").return { +probe nd_syscall.capset.return = kprobe.function("sys_capset").return +{ name = "capset" retstr = returnstr(1) } # chdir ______________________________________________________ # long sys_chdir(const char __user * filename) -probe nd_syscall.chdir = kernel.function("sys_chdir") { +probe nd_syscall.chdir = kprobe.function("sys_chdir") +{ name = "chdir" // path = user_string($filename) // argstr = user_string_quoted($filename) @@ -314,14 +328,16 @@ probe nd_syscall.chdir = kernel.function("sys_chdir") { path = user_string(pointer_arg(1)) argstr = user_string_quoted(pointer_arg(1)) } -probe nd_syscall.chdir.return = kernel.function("sys_chdir").return { +probe nd_syscall.chdir.return = kprobe.function("sys_chdir").return +{ name = "chdir" retstr = returnstr(1) } # chmod ______________________________________________________ # long sys_chmod(const char __user * filename, mode_t mode) -probe nd_syscall.chmod = kernel.function("sys_chmod") { +probe nd_syscall.chmod = kprobe.function("sys_chmod") +{ name = "chmod" // path = user_string($filename) // mode = $mode @@ -331,26 +347,29 @@ probe nd_syscall.chmod = kernel.function("sys_chmod") { mode = uint_arg(2) argstr = sprintf("%s, %#o", user_string_quoted(pointer_arg(1)), mode) } -probe nd_syscall.chmod.return = kernel.function("sys_chmod").return { +probe nd_syscall.chmod.return = kprobe.function("sys_chmod").return +{ name = "chmod" retstr = returnstr(1) } # chown ______________________________________________________ # long sys_chown(const char __user * filename, uid_t user, gid_t group) -probe nd_syscall.chown = kernel.function("sys_chown") { +probe nd_syscall.chown = kprobe.function("sys_chown") +{ name = "chown" // path = user_string($filename) // owner = __int32($user) // group = __int32($group) - // argstr = sprintf("%s, %d, %d",user_string_quoted($filename), owner, group) + // argstr = sprintf("%s, %d, %d", user_string_quoted($filename), owner, group) asmlinkage() path = user_string(pointer_arg(1)) owner = __int32(uint_arg(2)) group = __int32(uint_arg(3)) - argstr = sprintf("%s, %d, %d",user_string_quoted(pointer_arg(1)), owner, group) + argstr = sprintf("%s, %d, %d", user_string_quoted(pointer_arg(1)), owner, group) } -probe nd_syscall.chown.return = kernel.function("sys_chown").return { +probe nd_syscall.chown.return = kprobe.function("sys_chown").return +{ name = "chown" retstr = returnstr(1) } @@ -358,7 +377,8 @@ probe nd_syscall.chown.return = kernel.function("sys_chown").return { # long sys_chown16(const char __user * filename, old_uid_t user, # old_gid_t group) # -probe nd_syscall.chown16 = kernel.function("sys_chown16") ? { +probe nd_syscall.chown16 = kprobe.function("sys_chown16") ? +{ name = "chown16" // path = user_string($filename) // owner = __short($user) @@ -370,14 +390,16 @@ probe nd_syscall.chown16 = kernel.function("sys_chown16") ? { group = __short(uint_arg(3)) argstr = sprintf("%s, %d, %d", user_string_quoted(pointer_arg(1)), owner, group) } -probe nd_syscall.chown16.return = kernel.function("sys_chown16").return ? { +probe nd_syscall.chown16.return = kprobe.function("sys_chown16").return ? +{ name = "chown16" retstr = returnstr(1) } # chroot _____________________________________________________ # long sys_chroot(const char __user * filename) -probe nd_syscall.chroot = kernel.function("sys_chroot") { +probe nd_syscall.chroot = kprobe.function("sys_chroot") +{ name = "chroot" // path = user_string($filename) // argstr = user_string_quoted($filename) @@ -385,7 +407,8 @@ probe nd_syscall.chroot = kernel.function("sys_chroot") { path = user_string(pointer_arg(1)) argstr = user_string_quoted(pointer_arg(1)) } -probe nd_syscall.chroot.return = kernel.function("sys_chroot").return { +probe nd_syscall.chroot.return = kprobe.function("sys_chroot").return +{ name = "chroot" retstr = returnstr(1) } @@ -394,9 +417,8 @@ probe nd_syscall.chroot.return = kernel.function("sys_chroot").return { # long sys_clock_getres(clockid_t which_clock, struct timespec __user *tp) # long compat_clock_getres(clockid_t which_clock, struct compat_timespec __user *tp) # -probe nd_syscall.clock_getres = - kernel.function("sys_clock_getres"), - kernel.function("compat_clock_getres") ? +probe nd_syscall.clock_getres = kprobe.function("sys_clock_getres"), + kprobe.function("compat_clock_getres") ? { name = "clock_getres" // clk_id = $which_clock @@ -409,9 +431,8 @@ probe nd_syscall.clock_getres = res_uaddr = pointer_arg(2) argstr = sprintf("%s, %p", clk_id_str, res_uaddr) } -probe nd_syscall.clock_getres.return = - kernel.function("sys_clock_getres").return, - kernel.function("compat_clock_getres").return ? +probe nd_syscall.clock_getres.return = kprobe.function("sys_clock_getres").return, + kprobe.function("compat_clock_getres").return ? { name = "clock_getres" retstr = returnstr(1) @@ -420,8 +441,7 @@ probe nd_syscall.clock_getres.return = # clock_gettime ______________________________________________ # long sys_clock_gettime(clockid_t which_clock, struct timespec __user *tp) # -probe nd_syscall.clock_gettime = - kernel.function("sys_clock_gettime") +probe nd_syscall.clock_gettime = kprobe.function("sys_clock_gettime") { name = "clock_gettime" // clk_id = $which_clock @@ -432,7 +452,7 @@ probe nd_syscall.clock_gettime = clk_id_str = _get_wc_str(clk_id) argstr = sprintf("%s, %p", clk_id_str, pointer_arg(2)) } -probe nd_syscall.clock_gettime.return = kernel.function("sys_clock_gettime").return +probe nd_syscall.clock_gettime.return = kprobe.function("sys_clock_gettime").return { name = "clock_gettime" retstr = returnstr(1) @@ -444,14 +464,15 @@ probe nd_syscall.clock_gettime.return = kernel.function("sys_clock_gettime").ret # const struct timespec __user *rqtp, # struct timespec __user *rmtp) # -probe nd_syscall.clock_nanosleep = kernel.function("sys_clock_nanosleep") { +probe nd_syscall.clock_nanosleep = kprobe.function("sys_clock_nanosleep") +{ name = "clock_nanosleep" // if ($flags == 1) // flag_str = "TIMER_ABSTIME" // else // flag_str = sprintf("0x%x", $flags) // argstr = sprintf("%s, %s, %s, %p", _get_wc_str($which_clock), flag_str, - // _struct_timespec_u($rqtp,1), $rmtp) + // _struct_timespec_u($rqtp, 1), $rmtp) asmlinkage() flags = int_arg(2) if (flags == 1) @@ -459,9 +480,10 @@ probe nd_syscall.clock_nanosleep = kernel.function("sys_clock_nanosleep") { else flag_str = sprintf("0x%x", flags) argstr = sprintf("%s, %s, %s, %p", _get_wc_str(int_arg(1)), flag_str, - _struct_timespec_u(pointer_arg(3),1), pointer_arg(4)) + _struct_timespec_u(pointer_arg(3), 1), pointer_arg(4)) } -probe nd_syscall.clock_nanosleep.return = kernel.function("sys_clock_nanosleep").return { +probe nd_syscall.clock_nanosleep.return = kprobe.function("sys_clock_nanosleep").return +{ name = "clock_nanosleep" retstr = returnstr(1) } @@ -471,9 +493,8 @@ probe nd_syscall.clock_nanosleep.return = kernel.function("sys_clock_nanosleep") # struct compat_timespec __user *rqtp, # struct compat_timespec __user *rmtp) # -probe nd_syscall.compat_clock_nanosleep = - kernel.function("compat_clock_nanosleep") ?, - kernel.function("compat_sys_clock_nanosleep") ? +probe nd_syscall.compat_clock_nanosleep = kprobe.function("compat_clock_nanosleep") ?, + kprobe.function("compat_sys_clock_nanosleep") ? { name = "compat_clock_nanosleep" // if ($flags == 1) @@ -481,7 +502,7 @@ probe nd_syscall.compat_clock_nanosleep = // else // flag_str = sprintf("0x%x", $flags) // argstr = sprintf("%s, %s, %s, %p", _get_wc_str($which_clock), flag_str, - // _struct_compat_timespec_u($rqtp,1), $rmtp) + // _struct_compat_timespec_u($rqtp, 1), $rmtp) asmlinkage() flags = int_arg(2) if (flags == 1) @@ -489,12 +510,11 @@ probe nd_syscall.compat_clock_nanosleep = else flag_str = sprintf("0x%x", flags) argstr = sprintf("%s, %s, %s, %p", _get_wc_str(int_arg(1)), flag_str, - _struct_compat_timespec_u(pointer_arg(3),1), + _struct_compat_timespec_u(pointer_arg(3), 1), pointer_arg(4)) } -probe nd_syscall.compat_clock_nanosleep.return = - kernel.function("compat_clock_nanosleep").return ?, - kernel.function("compat_sys_clock_nanosleep").return ? +probe nd_syscall.compat_clock_nanosleep.return = kprobe.function("compat_clock_nanosleep").return ?, + kprobe.function("compat_sys_clock_nanosleep").return ? { name = "compat_clock_nanosleep" retstr = returnstr(1) @@ -504,68 +524,75 @@ probe nd_syscall.compat_clock_nanosleep.return = # long sys_clock_settime(clockid_t which_clock, # const struct timespec __user *tp) # -probe nd_syscall.clock_settime = kernel.function("sys_clock_settime") { +probe nd_syscall.clock_settime = kprobe.function("sys_clock_settime") +{ name = "clock_settime" // clk_id = $which_clock // clk_id_str = _get_wc_str($which_clock) // tp_uaddr = $tp - // argstr = sprintf("%s, %s", clk_id_str, _struct_timespec_u($tp,1)) + // argstr = sprintf("%s, %s", clk_id_str, _struct_timespec_u($tp, 1)) asmlinkage() clk_id = int_arg(1) clk_id_str = _get_wc_str(clk_id) tp_uaddr = pointer_arg(2) - argstr = sprintf("%s, %s", clk_id_str, _struct_timespec_u(tp_uaddr,1)) + argstr = sprintf("%s, %s", clk_id_str, _struct_timespec_u(tp_uaddr, 1)) } -probe nd_syscall.clock_settime.return = kernel.function("sys_clock_settime").return { +probe nd_syscall.clock_settime.return = kprobe.function("sys_clock_settime").return +{ name = "clock_settime" retstr = returnstr(1) } # close ______________________________________________________ # long sys_close(unsigned int fd) -probe nd_syscall.close = kernel.function("sys_close") { +probe nd_syscall.close = kprobe.function("sys_close") +{ name = "close" // fd = $fd asmlinkage() fd = int_arg(1) argstr = sprint(fd) } -probe nd_syscall.close.return = kernel.function("sys_close").return { +probe nd_syscall.close.return = kprobe.function("sys_close").return +{ name = "close" retstr = returnstr(1) } # connect ____________________________________________________ # long sys_connect(int fd, struct sockaddr __user *uservaddr, int addrlen) -probe nd_syscall.connect = kernel.function("sys_connect") ? { +probe nd_syscall.connect = kprobe.function("sys_connect") ? +{ name = "connect" // sockfd = $fd // serv_addr_uaddr = $uservaddr // addrlen = $addrlen - // argstr = sprintf("%d, %s, %d", $fd, _struct_sockaddr_u($uservaddr,$addrlen),$addrlen) + // argstr = sprintf("%d, %s, %d", $fd, _struct_sockaddr_u($uservaddr, $addrlen), $addrlen) asmlinkage() sockfd = int_arg(1) serv_addr_uaddr = pointer_arg(2) addrlen = int_arg(3) - argstr = sprintf("%d, %s, %d", sockfd, _struct_sockaddr_u(serv_addr_uaddr,addrlen),addrlen) + argstr = sprintf("%d, %s, %d", sockfd, _struct_sockaddr_u(serv_addr_uaddr, addrlen), addrlen) } -probe nd_syscall.connect.return = kernel.function("sys_connect").return ? { +probe nd_syscall.connect.return = kprobe.function("sys_connect").return ? +{ name = "connect" retstr = returnstr(1) } # creat # long sys_creat(const char __user * pathname, int mode) -probe nd_syscall.creat = kernel.function("sys_creat") ? +probe nd_syscall.creat = kprobe.function("sys_creat") ? { name = "creat" // mode = $mode // pathname = user_string($pathname) // argstr = sprintf("%s, %#o", user_string_quoted($pathname), $mode) + asmlinkage() mode = int_arg(2) pathname = user_string(pointer_arg(1)) argstr = sprintf("%s, %#o", user_string_quoted(pointer_arg(1)), mode) } -probe nd_syscall.creat.return = kernel.function("sys_creat").return ? +probe nd_syscall.creat.return = kprobe.function("sys_creat").return ? { name = "creat" retstr = returnstr(1) @@ -573,20 +600,27 @@ probe nd_syscall.creat.return = kernel.function("sys_creat").return ? # delete_module ______________________________________________ # long sys_delete_module(const char __user *name_user, unsigned int flags) -probe nd_syscall.delete_module = kernel.function("sys_delete_module") ? { +probe nd_syscall.delete_module = kprobe.function("sys_delete_module") ? +{ name = "delete_module" - name_user = user_string($name_user) - flags = $flags - argstr = sprintf("%s, %s", user_string_quoted($name_user), _module_flags_str($flags)) + // name_user = user_string($name_user) + // flags = $flags + // argstr = sprintf("%s, %s", user_string_quoted($name_user), _module_flags_str($flags)) + asmlinkage() + name_user = user_string(pointer_arg(1)) + flags = uint_arg(2) + argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), _module_flags_str(uint_arg(2))) } -probe nd_syscall.delete_module.return = kernel.function("sys_delete_module").return ? { +probe nd_syscall.delete_module.return = kprobe.function("sys_delete_module").return ? +{ name = "delete_module" retstr = returnstr(1) } # dup ________________________________________________________ # long sys_dup(unsigned int fildes) -probe nd_syscall.dup = kernel.function("sys_dup") { +probe nd_syscall.dup = kprobe.function("sys_dup") +{ name = "dup" // oldfd = $fildes // argstr = sprint($fildes) @@ -594,32 +628,44 @@ probe nd_syscall.dup = kernel.function("sys_dup") { old_fd = int_arg(1) argstr = sprint(old_fd) } -probe nd_syscall.dup.return = kernel.function("sys_dup").return { +probe nd_syscall.dup.return = kprobe.function("sys_dup").return +{ name = "dup" retstr = returnstr(1) } # dup2 _______________________________________________________ # long sys_dup2(unsigned int oldfd, unsigned int newfd) -probe nd_syscall.dup2 = kernel.function("sys_dup2") { +probe nd_syscall.dup2 = kprobe.function("sys_dup2") +{ name = "dup2" - oldfd = $oldfd - newfd = $newfd - argstr = sprintf("%d, %d", $oldfd, $newfd) + // oldfd = $oldfd + // newfd = $newfd + // argstr = sprintf("%d, %d", $oldfd, $newfd) + asmlinkage() + oldfd = int_arg(1) + newfd = int_arg(2) + argstr = sprintf("%d, %d", oldfd, newfd) } -probe nd_syscall.dup2.return = kernel.function("sys_dup2").return { +probe nd_syscall.dup2.return = kprobe.function("sys_dup2").return +{ name = "dup2" retstr = returnstr(1) } # epoll_create _______________________________________________ # long sys_epoll_create(int size) -probe nd_syscall.epoll_create = kernel.function("sys_epoll_create") ? { +probe nd_syscall.epoll_create = kprobe.function("sys_epoll_create") ? +{ name = "epoll_create" - size = $size - argstr = sprint($size) + // size = $size + // argstr = sprint($size) + asmlinkage() + size = int_arg(1) + argstr = sprint(size) } -probe nd_syscall.epoll_create.return = kernel.function("sys_epoll_create").return ? { +probe nd_syscall.epoll_create.return = kprobe.function("sys_epoll_create").return ? +{ name = "epoll_create" retstr = returnstr(1) } @@ -630,21 +676,26 @@ probe nd_syscall.epoll_create.return = kernel.function("sys_epoll_create").retur # long compat_sys_epoll_ctl(int epfd, int op, int fd, # struct compat_epoll_event __user *event) # -probe nd_syscall.epoll_ctl = - kernel.function("sys_epoll_ctl") ?, - kernel.function("compat_sys_epoll_ctl") ? +probe nd_syscall.epoll_ctl = kprobe.function("sys_epoll_ctl") ?, + kprobe.function("compat_sys_epoll_ctl") ? { name = "epoll_ctl" - epfd = $epfd - op = $op - op_str = _opoll_op_str($op) - fd = $fd - event_uaddr = $event - argstr = sprintf("%d, %s, %d, %p", $epfd, _opoll_op_str($op), $fd, $event) + // epfd = $epfd + // eop = $op + // eop_str = _opoll_op_str($op) + // efd = $fd + // eevent_uaddr = $event + // eargstr = sprintf("%d, %s, %d, %p", $epfd, _opoll_op_str($op), $fd, $event) + asmlinkage() + epfd = int_arg(1) + op = int_arg(2) + op_str = _opoll_op_str(op) + fd = int_arg(3) + event_uaddr = pointer_arg(4) + argstr = sprintf("%d, %s, %d, %p", epfd, op_str, fd, event_uaddr) } -probe nd_syscall.epoll_ctl.return = - kernel.function("sys_epoll_ctl").return ?, - kernel.function("compat_sys_epoll_ctl").return ? +probe nd_syscall.epoll_ctl.return = kprobe.function("sys_epoll_ctl").return ?, + kprobe.function("compat_sys_epoll_ctl").return ? { name = "epoll_ctl" retstr = returnstr(1) @@ -661,17 +712,17 @@ probe nd_syscall.epoll_ctl.return = # const compat_sigset_t __user *sigmask, # compat_size_t sigsetsize) # -probe nd_syscall.epoll_pwait = - kernel.function("sys_epoll_pwait") ?, - kernel.function("compat_sys_epoll_pwait") ? +probe nd_syscall.epoll_pwait = kprobe.function("sys_epoll_pwait") ?, + kprobe.function("compat_sys_epoll_pwait") ? { name = "epoll_pwait" + asmlinkage() argstr = sprintf("%d, %p, %d, %d, %p, %d", - $epfd, $events, $maxevents, $timeout, $sigmask, $sigsetsize) +// $epfd, $events, $maxevents, $timeout, $sigmask, $sigsetsize) + int_arg(1), pointer_arg(2), int_arg(3), int_arg(4), pointer_arg(5), ulong_arg(6)) } -probe nd_syscall.epoll_pwait.return = - kernel.function("sys_epoll_pwait").return ?, - kernel.function("compat_sys_epoll_pwait").return ? +probe nd_syscall.epoll_pwait.return = kprobe.function("sys_epoll_pwait").return ?, + kprobe.function("compat_sys_epoll_pwait").return ? { name = "epoll_pwait" retstr = returnstr(1) @@ -685,20 +736,24 @@ probe nd_syscall.epoll_pwait.return = # struct compat_epoll_event __user *events, # int maxevents, int timeout) # -probe nd_syscall.epoll_wait = - kernel.function("sys_epoll_wait") ?, - kernel.function("compat_sys_epoll_wait") ? +probe nd_syscall.epoll_wait = kprobe.function("sys_epoll_wait") ?, + kprobe.function("compat_sys_epoll_wait") ? { name = "epoll_wait" - epfd = $epfd - events_uaddr = $events - maxevents = $maxevents - timeout = $timeout - argstr = sprintf("%d, %p, %d, %d", $epfd, $events, $maxevents, $timeout) + // epfd = $epfd + // events_uaddr = $events + // maxevents = $maxevents + // timeout = $timeout + // argstr = sprintf("%d, %p, %d, %d", $epfd, $events, $maxevents, $timeout) + asmlinkage() + epfd = int_arg(1) + events_uaddr = pointer_arg(2) + maxevents = int_arg(3) + timeout = int_arg(4) + argstr = sprintf("%d, %p, %d, %d", epfd, events_uaddr, maxevents, timeout) } -probe nd_syscall.epoll_wait.return = - kernel.function("sys_epoll_wait").return ?, - kernel.function("compat_sys_epoll_wait").return ? +probe nd_syscall.epoll_wait.return = kprobe.function("sys_epoll_wait").return ?, + kprobe.function("compat_sys_epoll_wait").return ? { name = "epoll_wait" retstr = returnstr(1) @@ -707,11 +762,15 @@ probe nd_syscall.epoll_wait.return = # eventfd _____________________________________________________ # long sys_eventfd(unsigned int count) # -probe nd_syscall.eventfd = kernel.function("sys_eventfd") ? { +probe nd_syscall.eventfd = kprobe.function("sys_eventfd") ? +{ name = "eventfd" - argstr = sprint($count) + // argstr = sprint($count) + asmlinkage() + argstr = sprint(uint_arg(1)) } -probe nd_syscall.eventfd.return = kernel.function("sys_eventfd").return ? { +probe nd_syscall.eventfd.return = kprobe.function("sys_eventfd").return ? +{ name = "eventfd" retstr = returnstr(1) } @@ -723,18 +782,21 @@ probe nd_syscall.eventfd.return = kernel.function("sys_eventfd").return ? { # char __user *__user *argv, # char __user *__user *envp, # struct pt_regs * regs) -probe nd_syscall.execve = kernel.function("do_execve") { +probe nd_syscall.execve = kprobe.function("do_execve") +{ name = "execve" // filename = kernel_string($filename) // args = __get_argv($argv, 0) // argstr = sprintf("%s %s", filename, __get_argv($argv, 1)) + asmlinkage() filename = kernel_string(pointer_arg(1)) args = __get_argv(pointer_arg(2), 0) argstr = sprintf("%s %s", filename, __get_argv(pointer_arg(2), 1)) } # v2.6.15-rc2 or earlier has problems with sys_execve return probes # another reason to probe on do_execve -probe nd_syscall.execve.return = kernel.function("do_execve").return { +probe nd_syscall.execve.return = kprobe.function("do_execve").return +{ name = "execve" retstr = returnstr(1) } @@ -742,33 +804,47 @@ probe nd_syscall.execve.return = kernel.function("do_execve").return { # compat_uptr_t __user *argv, # compat_uptr_t __user *envp, # struct pt_regs * regs) -probe nd_syscall.compat_execve = kernel.function("compat_do_execve") ? { +probe nd_syscall.compat_execve = kprobe.function("compat_do_execve") ? +{ name = "compat_execve" - filename = kernel_string($filename) - args = __get_compat_argv($argv, 0) - argstr = sprintf("%s %s", filename, __get_compat_argv($argv, 1)) + // filename = kernel_string($filename) + // args = __get_compat_argv($argv, 0) + // argstr = sprintf("%s %s", filename, __get_compat_argv($argv, 1)) + asmlinkage() + filename = kernel_string(pointer_arg(1)) + args = __get_compat_argv(pointer_arg(2), 0) + argstr = sprintf("%s %s", filename, __get_compat_argv(pointer_arg(2), 1)) } -probe nd_syscall.compat_execve.return = kernel.function("compat_do_execve").return ? { +probe nd_syscall.compat_execve.return = kprobe.function("compat_do_execve").return ? +{ name = "compat_execve" retstr = returnstr(1) } # exit _______________________________________________________ # long sys_exit(int error_code) -probe nd_syscall.exit = kernel.function("do_exit") { +probe nd_syscall.exit = kprobe.function("do_exit") +{ name = "exit" - status = $code - argstr = sprint($code) + // status = $code + // argstr = sprint($code) + asmlinkage() + status = int_arg(1) + argstr = sprint(status) } probe nd_syscall.exit.return = end {} # exit_group _________________________________________________ # void sys_exit_group(int error_code) # -probe nd_syscall.exit_group = kernel.function("sys_exit_group") { +probe nd_syscall.exit_group = kprobe.function("sys_exit_group") +{ name = "exit_group" - status = $error_code - argstr = sprint($error_code) + // status = $error_code + // argstr = sprint($error_code) + asmlinkage() + status = int_arg(1) + argstr = sprint(status) } probe nd_syscall.exit_group.return = end {} @@ -777,15 +853,23 @@ probe nd_syscall.exit_group.return = end {} # fadvise64 __________________________________________________ # long sys_fadvise64(int fd, loff_t offset, size_t len, int advice) # -probe nd_syscall.fadvise64 = kernel.function("sys_fadvise64") ? { +probe nd_syscall.fadvise64 = kprobe.function("sys_fadvise64") ? +{ name = "fadvise64" - fs = $fd - offset = $offset - len = $len - advice = $advice - argstr = sprintf("%d, %d, %d, %s", $fd, $offset, $len, _fadvice_advice_str($advice)) + // fd = $fd + // offset = $offset + // len = $len + // advice = $advice + // argstr = sprintf("%d, %d, %d, %s", $fd, $offset, $len, _fadvice_advice_str($advice)) + asmlinkage() + fd = int_arg(1) + offset = longlong_arg(2) + len = ulong_arg(3) + advice = int_arg(4) + argstr = sprintf("%d, %d, %d, %s", fd, offset, len, _fadvice_advice_str(advice)) } -probe nd_syscall.fadvise64.return = kernel.function("sys_fadvise64").return ? { +probe nd_syscall.fadvise64.return = kprobe.function("sys_fadvise64").return ? +{ name = "fadvise64" retstr = returnstr(1) } @@ -793,15 +877,23 @@ probe nd_syscall.fadvise64.return = kernel.function("sys_fadvise64").return ? { # fadvise64_64 _______________________________________________ # long sys_fadvise64_64(int fd, loff_t offset, loff_t len, int advice) # -probe nd_syscall.fadvise64_64 = kernel.function("sys_fadvise64_64") { +probe nd_syscall.fadvise64_64 = kprobe.function("sys_fadvise64_64") +{ name = "fadvise64_64" - fs = $fd - offset = $offset - len = $len - advice = $advice - argstr = sprintf("%d, %d, %d, %s", $fd, $offset, $len, _fadvice_advice_str($advice)) + // fd = $fd + // offset = $offset + // len = $len + // advice = $advice + // argstr = sprintf("%d, %d, %d, %s", $fd, $offset, $len, _fadvice_advice_str($advice)) + asmlinkage() + fd = int_arg(1) + offset = longlong_arg(2) + len = ulong_arg(3) + advice = int_arg(4) + argstr = sprintf("%d, %d, %d, %s", fd, offset, len, _fadvice_advice_str(advice)) } -probe nd_syscall.fadvise64_64.return = kernel.function("sys_fadvise64_64").return { +probe nd_syscall.fadvise64_64.return = kprobe.function("sys_fadvise64_64").return +{ name = "fadvise64_64" retstr = returnstr(1) } @@ -811,15 +903,17 @@ probe nd_syscall.fadvise64_64.return = kernel.function("sys_fadvise64_64").retu # fadvise64 __________________________________________________ # long sys_fadvise64(int fd, loff_t offset, size_t len, int advice) # -probe nd_syscall.fadvise64 = kernel.function("sys_fadvise64") { +probe nd_syscall.fadvise64 = kprobe.function("sys_fadvise64") +{ name = "fadvise64" - fs = 0 + fd = 0 offset = 0 len = 0 advice = 0 argstr = "" } -probe nd_syscall.fadvise64.return = kernel.function("sys_fadvise64").return { +probe nd_syscall.fadvise64.return = kprobe.function("sys_fadvise64").return +{ name = "fadvise64" retstr = returnstr(1) } @@ -827,15 +921,17 @@ probe nd_syscall.fadvise64.return = kernel.function("sys_fadvise64").return { # fadvise64_64 _______________________________________________ # long sys_fadvise64_64(int fd, loff_t offset, loff_t len, int advice) # -probe nd_syscall.fadvise64_64 = kernel.function("sys_fadvise64_64") { +probe nd_syscall.fadvise64_64 = kprobe.function("sys_fadvise64_64") +{ name = "fadvise64_64" - fs = 0 + fd = 0 offset = 0 len = 0 advice = 0 argstr = "" } -probe nd_syscall.fadvise64_64.return = kernel.function("sys_fadvise64_64").return { +probe nd_syscall.fadvise64_64.return = kprobe.function("sys_fadvise64_64").return +{ name = "fadvise64_64" retstr = returnstr(1) } @@ -843,53 +939,77 @@ probe nd_syscall.fadvise64_64.return = kernel.function("sys_fadvise64_64").retu # fchdir _____________________________________________________ # long sys_fchdir(unsigned int fd) -probe nd_syscall.fchdir = kernel.function("sys_fchdir") { +probe nd_syscall.fchdir = kprobe.function("sys_fchdir") +{ name = "fchdir" - fd = $fd - argstr = sprint($fd) + // fd = $fd + // argstr = sprint($fd) + asmlinkage() + fd = int_arg(1) + argstr = sprint(fd) } -probe nd_syscall.fchdir.return = kernel.function("sys_fchdir").return { +probe nd_syscall.fchdir.return = kprobe.function("sys_fchdir").return +{ name = "fchdir" retstr = returnstr(1) } # fchmod _____________________________________________________ # long sys_fchmod(unsigned int fd, mode_t mode) -probe nd_syscall.fchmod = kernel.function("sys_fchmod") { +probe nd_syscall.fchmod = kprobe.function("sys_fchmod") +{ name = "fchmod" - fildes = $fd - mode = $mode - argstr = sprintf("%d, %#o", $fd, $mode) + // fildes = $fd + // mode = $mode + asmlinkage() + fildes = int_arg(1) + mode = uint_arg(2) # SAFE? + argstr = sprintf("%d, %#o", fildes, mode) } -probe nd_syscall.fchmod.return = kernel.function("sys_fchmod").return { +probe nd_syscall.fchmod.return = kprobe.function("sys_fchmod").return +{ name = "fchmod" retstr = returnstr(1) } # fchown _____________________________________________________ # long sys_fchown(unsigned int fd, uid_t user, gid_t group) -probe nd_syscall.fchown = kernel.function("sys_fchown") { +probe nd_syscall.fchown = kprobe.function("sys_fchown") +{ name = "fchown" - fd = $fd - owner = __int32($user) - group = __int32($group) - argstr = sprintf("%d, %d, %d", $fd, owner, group) + // fd = $fd + // owner = __int32($user) + // group = __int32($group) + // argstr = sprintf("%d, %d, %d", $fd, owner, group) + asmlinkage() + fd = int_arg(1) + owner = __int32(uint_arg(2)) + group = __int32(uint_arg(3)) + argstr = sprintf("%d, %d, %d", fd, owner, group) } -probe nd_syscall.fchown.return = kernel.function("sys_fchown").return { +probe nd_syscall.fchown.return = kprobe.function("sys_fchown").return +{ name = "fchown" retstr = returnstr(1) } # fchown16 ___________________________________________________ # long sys_fchown16(unsigned int fd, old_uid_t user, old_gid_t group) -probe nd_syscall.fchown16 = kernel.function("sys_fchown16") ? { +probe nd_syscall.fchown16 = kprobe.function("sys_fchown16") ? +{ name = "fchown16" - fd = $fd - owner = __short($user) - group = __short($group) - argstr = sprintf("%d, %d, %d", $fd, owner, group) + // fd = $fd + // owner = __short($user) + // group = __short($group) + // argstr = sprintf("%d, %d, %d", $fd, owner, group) + asmlinkage() + fd = int_arg(1) + owner = __short(uint_arg(2)) + group = __short(uint_arg(3)) + argstr = sprintf("%d, %d, %d", fd, owner, group) } -probe nd_syscall.fchown16.return = kernel.function("sys_fchown16").return ? { +probe nd_syscall.fchown16.return = kprobe.function("sys_fchown16").return ? +{ name = "fchown16" retstr = returnstr(1) } @@ -900,24 +1020,28 @@ probe nd_syscall.fchown16.return = kernel.function("sys_fchown16").return ? { # long compat_sys_fcntl64(unsigned int fd, unsigned int cmd, unsigned long arg) # long compat_sys_fcntl(unsigned int fd, unsigned int cmd, unsigned long arg) # -probe nd_syscall.fcntl = - kernel.function("sys_fcntl") ?, - kernel.function("sys_fcntl64") ?, - kernel.function("compat_sys_fcntl") ?, - kernel.function("compat_sys_fcntl64") ? +probe nd_syscall.fcntl = kprobe.function("sys_fcntl") ?, + kprobe.function("sys_fcntl64") ?, + kprobe.function("compat_sys_fcntl") ?, + kprobe.function("compat_sys_fcntl64") ? { name = "fcntl" - fd = $fd - cmd = $cmd - cmd_str = _fcntl_cmd_str($cmd) - arg = $arg - argstr = sprintf("%d, %s, %p", $fd, _fcntl_cmd_str($cmd), $arg) -} -probe nd_syscall.fcntl.return = - kernel.function("sys_fcntl").return ?, - kernel.function("sys_fcntl64").return ?, - kernel.function("compat_sys_fcntl").return ?, - kernel.function("compat_sys_fcntl64").return ? + // fd = $fd + // cmd = $cmd + // cmd_str = _fcntl_cmd_str($cmd) + // arg = $arg + // argstr = sprintf("%d, %s, %p", $fd, _fcntl_cmd_str($cmd), $arg) + asmlinkage() + fd = int_arg(1) + cmd = int_arg(2) + cmd_str = _fcntl_cmd_str(cmd) + arg = long_arg(3) + argstr = sprintf("%d, %s, %p", fd, cmd_str, arg) +} +probe nd_syscall.fcntl.return = kprobe.function("sys_fcntl").return ?, + kprobe.function("sys_fcntl64").return ?, + kprobe.function("compat_sys_fcntl").return ?, + kprobe.function("compat_sys_fcntl64").return ? { name = "fcntl" retstr = returnstr(1) @@ -925,12 +1049,16 @@ probe nd_syscall.fcntl.return = # fdatasync __________________________________________________ # long sys_fdatasync(unsigned int fd) -probe nd_syscall.fdatasync = kernel.function("sys_fdatasync") { +probe nd_syscall.fdatasync = kprobe.function("sys_fdatasync") +{ name = "fdatasync" - fd = $fd + // fd = $fd + asmlinkage() + fd = int_arg(1) argstr = sprint(fd) } -probe nd_syscall.fdatasync.return = kernel.function("sys_fdatasync").return { +probe nd_syscall.fdatasync.return = kprobe.function("sys_fdatasync").return +{ name = "fdatasync" retstr = returnstr(1) } @@ -938,42 +1066,61 @@ probe nd_syscall.fdatasync.return = kernel.function("sys_fdatasync").return { # fgetxattr __________________________________________________ # ssize_t sys_fgetxattr(int fd, char __user *name, # void __user *value, size_t size) -probe nd_syscall.fgetxattr = kernel.function("sys_fgetxattr") { +probe nd_syscall.fgetxattr = kprobe.function("sys_fgetxattr") +{ name = "fgetxattr" - filedes = $fd -#FIXME - name2 = user_string($name) - value_uaddr = $value - size = $size - argstr = sprintf("%d, %s, %p, %d", filedes, user_string_quoted($name), value_uaddr, size) -} -probe nd_syscall.fgetxattr.return = kernel.function("sys_fgetxattr").return { + // filedes = $fd + // name2 = user_string($name) + // value_uaddr = $value + // size = $size + // argstr = sprintf("%d, %s, %p, %d", $fd, user_string_quoted($name), value_uaddr, size) + asmlinkage() + filedes = int_arg(1) + # FIXME + name2 = user_string(pointer_arg(2)) + value_uaddr = pointer_arg(3) + size = ulong_arg(4) + argstr = sprintf("%d, %s, %p, %d", filedes, user_string_quoted(pointer_arg(2)), value_uaddr, size) +} +probe nd_syscall.fgetxattr.return = kprobe.function("sys_fgetxattr").return +{ name = "fgetxattr" retstr = returnstr(1) } # flistxattr _________________________________________________ # ssize_t sys_flistxattr(int fd, char __user *list, size_t size) -probe nd_syscall.flistxattr = kernel.function("sys_flistxattr") { +probe nd_syscall.flistxattr = kprobe.function("sys_flistxattr") +{ name = "flistxattr" - filedes = $fd - list_uaddr = $list - size = $size + // filedes = $fd + // list_uaddr = $list + // size = $size + asmlinkage() + filedes = int_arg(1) + list_uaddr = pointer_arg(2) + size = ulong_arg(3) argstr = sprintf("%d, %p, %d", filedes, list_uaddr, size) } -probe nd_syscall.flistxattr.return = kernel.function("sys_flistxattr").return { +probe nd_syscall.flistxattr.return = kprobe.function("sys_flistxattr").return +{ name = "flistxattr" retstr = returnstr(1) } # flock ______________________________________________________ # long sys_flock(unsigned int fd, unsigned int cmd) -probe nd_syscall.flock = kernel.function("sys_flock") { +probe nd_syscall.flock = kprobe.function("sys_flock") +{ name = "flock" - fd = $fd - operation = $cmd + // fd = $fd + // operation = $cmd + asmlinkage() + fd = int_arg(1) + operation = int_arg(2) argstr = sprintf("%d, %s", fd, _flock_cmd_str(operation)) } -probe nd_syscall.flock.return = kernel.function("sys_flock").return { +probe nd_syscall.flock.return = kprobe.function("sys_flock").return +{ name = "flock" retstr = returnstr(1) } @@ -1016,13 +1163,15 @@ CATCH_DEREF_FAULT(); # unsigned long stack_size, # int __user *parent_tidptr, # int __user *child_tidptr) -probe nd_syscall.fork = kernel.function("do_fork") { +probe nd_syscall.fork = kprobe.function("do_fork") +{ // clone_flags = $clone_flags // stack_start = $stack_start // regs = $regs // stack_size = $stack_size // parent_tid_uaddr = $parent_tidptr // child_tid_uaddr = $child_tidptr + asmlinkage() clone_flags = ulong_arg(1) stack_start = ulong_arg(2) regs = pointer_arg(3) @@ -1042,19 +1191,27 @@ probe nd_syscall.fork = kernel.function("do_fork") { argstr = __fork_flags(clone_flags) } } -probe nd_syscall.fork.return = kernel.function("do_fork").return { +probe nd_syscall.fork.return = kprobe.function("do_fork").return +{ name = "fork" retstr = returnstr(1) } # fremovexattr _______________________________________________ # long sys_fremovexattr(int fd, char __user *name) -probe nd_syscall.fremovexattr = kernel.function("sys_fremovexattr") { +probe nd_syscall.fremovexattr = kprobe.function("sys_fremovexattr") +{ name = "fremovexattr" - filedes = $fd - name_uaddr = $name - argstr = sprintf("FIXME PLEASE") + // filedes = $fd + // name2 = user_string($name) + // argstr = sprintf("%d, %s", $fd, user_string_quoted($name)) + asmlinkage() + filedes = int_arg(1) + # FIXME + name2 = user_string(pointer_arg(2)) + argstr = sprintf("%d, %s", filedes, user_string_quoted(pointer_arg(2))) } -probe nd_syscall.fremovexattr.return = kernel.function("sys_fremovexattr").return { +probe nd_syscall.fremovexattr.return = kprobe.function("sys_fremovexattr").return +{ name = "fremovexattr" retstr = returnstr(1) } @@ -1068,17 +1225,26 @@ probe nd_syscall.fremovexattr.return = kernel.function("sys_fremovexattr").retur * size_t size, * int flags) */ -probe nd_syscall.fsetxattr = kernel.function("sys_fsetxattr") { +probe nd_syscall.fsetxattr = kprobe.function("sys_fsetxattr") +{ name = "fsetxattr" - filedes = $fd -# FIXME - name2 = user_string($name) - value_uaddr = $value - size = $size - flags = $flags - argstr = sprintf("%d, %s, %p, %d, %p", filedes, user_string_quoted($name), value_uaddr, size, flags) -} -probe nd_syscall.fsetxattr.return = kernel.function("sys_fsetxattr").return { + // filedes = $fd + // name2 = user_string($name) + // value_uaddr = $value + // size = $size + // flags = $flags + // argstr = sprintf("%d, %s, %p, %d, %p", filedes, user_string_quoted($name), value_uaddr, size, flags) + asmlinkage() + filedes = int_arg(1) + # FIXME + name2 = user_string(pointer_arg(2)) + value_uaddr = pointer_arg(3) + size = ulong_arg(4) + flags = int_arg(5) + argstr = sprintf("%d, %s, %p, %d, %p", filedes, user_string_quoted(pointer_arg(2)), value_uaddr, size, flags) +} +probe nd_syscall.fsetxattr.return = kprobe.function("sys_fsetxattr").return +{ name = "fsetxattr" retstr = returnstr(1) } @@ -1092,26 +1258,28 @@ probe nd_syscall.fsetxattr.return = kernel.function("sys_fsetxattr").return { # struct oldabi_stat64 __user * statbuf) # long compat_sys_newfstat(unsigned int fd, struct compat_stat __user * statbuf) # -probe nd_syscall.fstat = - kernel.function("sys_fstat") ?, - kernel.function("sys_fstat64") ?, - kernel.function("sys32_fstat64") ?, - kernel.function("sys_newfstat") ?, - kernel.function("sys_oabi_fstat64") ?, - kernel.function("compat_sys_newfstat") ? +probe nd_syscall.fstat = kprobe.function("sys_fstat") ?, + kprobe.function("sys_fstat64") ?, + kprobe.function("sys32_fstat64") ?, + kprobe.function("sys_newfstat") ?, + kprobe.function("sys_oabi_fstat64") ?, + kprobe.function("compat_sys_newfstat") ? { name = "fstat" - filedes = $fd - buf_uaddr = $statbuf - argstr = sprintf("%d, %p", $fd, $statbuf) -} -probe nd_syscall.fstat.return = - kernel.function("sys_fstat").return ?, - kernel.function("sys_fstat64").return ?, - kernel.function("sys32_fstat64").return ?, - kernel.function("sys_newfstat").return ?, - kernel.function("sys_oabi_fstat64").return ?, - kernel.function("compat_sys_newfstat").return ? + // filedes = $fd + // buf_uaddr = $statbuf + // argstr = sprintf("%d, %p", $fd, $statbuf) + asmlinkage() + filedes = int_arg(1) + buf_uaddr = pointer_arg(2) + argstr = sprintf("%d, %p", filedes, buf_uaddr) +} +probe nd_syscall.fstat.return = kprobe.function("sys_fstat").return ?, + kprobe.function("sys_fstat64").return ?, + kprobe.function("sys32_fstat64").return ?, + kprobe.function("sys_newfstat").return ?, + kprobe.function("sys_oabi_fstat64").return ?, + kprobe.function("compat_sys_newfstat").return ? { name = "fstat" retstr = returnstr(1) @@ -1122,23 +1290,26 @@ probe nd_syscall.fstat.return = # long sys_newfstatat(int dfd, char __user *filename, struct stat __user *statbuf, int flag) # long sys_fstatat64(int dfd, char __user *filename, struct stat64 __user *statbuf, int flag) # long compat_sys_newfstatat(unsigned int dfd, char __user *filename, struct compat_stat __user *statbuf, int flag) -probe nd_syscall.fstatat = - kernel.function("sys_fstatat64") ?, - kernel.function("sys_newfstatat") ?, - kernel.function("compat_sys_newfstatat") ?, - kernel.function("sys32_fstatat64") ? +probe nd_syscall.fstatat = kprobe.function("sys_fstatat64") ?, + kprobe.function("sys_newfstatat") ?, + kprobe.function("compat_sys_newfstatat") ?, + kprobe.function("sys32_fstatat64") ? { name = "fstatat" - dirfd = $dfd - path = user_string($filename) - buf_uaddr = $statbuf - argstr = sprintf("%s, %s, %p, %s", _dfd_str($dfd), user_string_quoted($filename), $statbuf, _at_flag_str($flag)) + // dirfd = $dfd + // path = user_string($filename) + // buf_uaddr = $statbuf + // argstr = sprintf("%s, %s, %p, %s", _dfd_str($dfd), user_string_quoted($filename), $statbuf, _at_flag_str($flag)) + asmlinkage() + dirfd = int_arg(1) + path = user_string(pointer_arg(2)) + buf_uaddr = pointer_arg(3) + argstr = sprintf("%s, %s, %p, %s", _dfd_str(dirfd), user_string_quoted(pointer_arg(2)), buf_uaddr, _at_flag_str(int_arg(4))) } -probe nd_syscall.fstatat.return = - kernel.function("sys_fstatat64").return ?, - kernel.function("sys_newfstatat").return ?, - kernel.function("compat_sys_newfstatat").return ?, - kernel.function("sys32_fstatat64").return ? +probe nd_syscall.fstatat.return = kprobe.function("sys_fstatat64").return ?, + kprobe.function("sys_newfstatat").return ?, + kprobe.function("compat_sys_newfstatat").return ?, + kprobe.function("sys32_fstatat64").return ? { name = "fstatat" retstr = returnstr(1) @@ -1148,18 +1319,20 @@ probe nd_syscall.fstatat.return = # long sys_fstatfs(unsigned int fd, struct statfs __user * buf) # long compat_sys_fstatfs(unsigned int fd, struct compat_statfs __user *buf) # -probe nd_syscall.fstatfs = - kernel.function("sys_fstatfs"), - kernel.function("compat_sys_fstatfs") ? +probe nd_syscall.fstatfs = kprobe.function("sys_fstatfs"), + kprobe.function("compat_sys_fstatfs") ? { name = "fstatfs" - fd = $fd - buf_uaddr = $buf - argstr = sprintf("%d, %p", $fd, $buf) + // fd = $fd + // buf_uaddr = $buf + // argstr = sprintf("%d, %p", $fd, $buf) + asmlinkage() + fd = int_arg(1) + buf_uaddr = pointer_arg(2) + argstr = sprintf("%d, %p", fd, buf_uaddr) } -probe nd_syscall.fstatfs.return = - kernel.function("sys_fstatfs").return, - kernel.function("compat_sys_fstatfs").return ? +probe nd_syscall.fstatfs.return = kprobe.function("sys_fstatfs").return, + kprobe.function("compat_sys_fstatfs").return ? { name = "fstatfs" retstr = returnstr(1) @@ -1169,19 +1342,22 @@ probe nd_syscall.fstatfs.return = # long sys_fstatfs64(unsigned int fd, size_t sz, struct statfs64 __user *buf) # long compat_sys_fstatfs64(unsigned int fd, compat_size_t sz, struct compat_statfs64 __user *buf) # -probe nd_syscall.fstatfs64 = - kernel.function("sys_fstatfs64") ?, - kernel.function("compat_sys_fstatfs64") ? +probe nd_syscall.fstatfs64 = kprobe.function("sys_fstatfs64") ?, + kprobe.function("compat_sys_fstatfs64") ? { name = "fstatfs" - fd = $fd - sz = $sz - buf_uaddr = $buf - argstr = sprintf("%d, %d, %p", $fd, $sz, $buf) + // fd = $fd + // sz = $sz + // buf_uaddr = $buf + // argstr = sprintf("%d, %d, %p", $fd, $sz, $buf) + asmlinkage() + fd = int_arg(1) + sz = ulong_arg(2) + buf_uaddr = pointer_arg(3) + argstr = sprintf("%d, %d, %p", fd, sz, buf_uaddr) } -probe nd_syscall.fstatfs64.return = - kernel.function("sys_fstatfs64").return ?, - kernel.function("compat_sys_fstatfs64").return ? +probe nd_syscall.fstatfs64.return = kprobe.function("sys_fstatfs64").return ?, + kprobe.function("compat_sys_fstatfs64").return ? { name = "fstatfs" retstr = returnstr(1) @@ -1189,37 +1365,51 @@ probe nd_syscall.fstatfs64.return = # fsync ______________________________________________________ # long sys_fsync(unsigned int fd) -probe nd_syscall.fsync = kernel.function("sys_fsync") { +probe nd_syscall.fsync = kprobe.function("sys_fsync") +{ name = "fsync" - fd = $fd + // fd = $fd + asmlinkage() + fd = int_arg(1) argstr = sprint(fd) } -probe nd_syscall.fsync.return = kernel.function("sys_fsync").return { +probe nd_syscall.fsync.return = kprobe.function("sys_fsync").return +{ name = "fsync" retstr = returnstr(1) } # ftruncate __________________________________________________ # long sys_ftruncate(unsigned int fd, unsigned long length) -probe nd_syscall.ftruncate = kernel.function("sys_ftruncate") { +probe nd_syscall.ftruncate = kprobe.function("sys_ftruncate") +{ name = "ftruncate" - fd = $fd - length = $length + // fd = $fd + // length = $length + asmlinkage() + fd = int_arg(1) + length = ulong_arg(2) argstr = sprintf("%d, %d", fd, length) } -probe nd_syscall.ftruncate.return = kernel.function("sys_ftruncate").return { +probe nd_syscall.ftruncate.return = kprobe.function("sys_ftruncate").return +{ name = "ftruncate" retstr = returnstr(1) } # ftruncate64 ________________________________________________ # long sys_ftruncate64(unsigned int fd, loff_t length) -probe nd_syscall.ftruncate64 = kernel.function("sys_ftruncate64") ? { +probe nd_syscall.ftruncate64 = kprobe.function("sys_ftruncate64") ? +{ name = "ftruncate" - fd = $fd - length = $length + // fd = $fd + // length = $length + asmlinkage() + fd = int_arg(1) + length = longlong_arg(2) argstr = sprintf("%d, %d", fd, length) } -probe nd_syscall.ftruncate64.return = kernel.function("sys_ftruncate64").return ? { +probe nd_syscall.ftruncate64.return = kprobe.function("sys_ftruncate64").return ? +{ name = "ftruncate" retstr = returnstr(1) } @@ -1235,7 +1425,8 @@ probe nd_syscall.ftruncate64.return = kernel.function("sys_ftruncate64").return # struct compat_timespec __user *utime, u32 __user *uaddr2, # u32 val3) # -probe nd_syscall.futex = kernel.function("sys_futex") ? { +probe nd_syscall.futex = kprobe.function("sys_futex") ? +{ name = "futex" // futex_uaddr = $uaddr // op = $op @@ -1245,7 +1436,7 @@ probe nd_syscall.futex = kernel.function("sys_futex") ? { // val3 = $val3 // if (op == 0) // argstr = sprintf("%p, %s, %d, %s", $uaddr, _futex_op_str($op), - // $val, _struct_timespec_u($utime,1)) + // $val, _struct_timespec_u($utime, 1)) // else // argstr = sprintf("%p, %s, %d", $uaddr, _futex_op_str($op), // $val) @@ -1259,16 +1450,18 @@ probe nd_syscall.futex = kernel.function("sys_futex") ? { if (op == 0) argstr = sprintf("%p, %s, %d, %s", futex_uaddr, _futex_op_str(op), val, - _struct_timespec_u(utime_uaddr,1)) + _struct_timespec_u(utime_uaddr, 1)) else argstr = sprintf("%p, %s, %d", futex_uaddr, _futex_op_str(op), val) } -probe nd_syscall.futex.return = kernel.function("sys_futex").return ? { +probe nd_syscall.futex.return = kprobe.function("sys_futex").return ? +{ name = "futex" retstr = returnstr(1) } -probe nd_syscall.compat_futex = kernel.function("compat_sys_futex") ? { +probe nd_syscall.compat_futex = kprobe.function("compat_sys_futex") ? +{ name = "futex" // futex_uaddr = $uaddr // op = $op @@ -1278,7 +1471,7 @@ probe nd_syscall.compat_futex = kernel.function("compat_sys_futex") ? { // val3 = $val3 // if (op == 0) // argstr = sprintf("%p, %s, %d, %s", $uaddr, _futex_op_str($op), - // $val, _struct_compat_timespec_u($utime,1)) + // $val, _struct_compat_timespec_u($utime, 1)) // else // argstr = sprintf("%p, %s, %d", $uaddr, _futex_op_str($op), // $val) @@ -1292,12 +1485,13 @@ probe nd_syscall.compat_futex = kernel.function("compat_sys_futex") ? { if (op == 0) argstr = sprintf("%p, %s, %d, %s", futex_uaddr, _futex_op_str(op), val, - _struct_compat_timespec_u(utime_uaddr,1)) + _struct_compat_timespec_u(utime_uaddr, 1)) else argstr = sprintf("%p, %s, %d", futex_uaddr, _futex_op_str(op), val) } -probe nd_syscall.compat_futex.return = kernel.function("compat_sys_futex").return ? { +probe nd_syscall.compat_futex.return = kprobe.function("compat_sys_futex").return ? +{ name = "futex" retstr = returnstr(1) } @@ -1308,69 +1502,95 @@ probe nd_syscall.compat_futex.return = kernel.function("compat_sys_futex").retur # long compat_sys_futimesat(unsigned int dfd, char __user *filename, struct compat_timeval __user *t) # -probe nd_syscall.futimesat = kernel.function("sys_futimesat") ? { +probe nd_syscall.futimesat = kprobe.function("sys_futimesat") ? +{ name = "futimesat" - dirfd = $dfd - filename_uaddr = $filename - filename = user_string($filename) - tvp_uaddr = $utimes - argstr = sprintf("%s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), - _struct_timeval_u($utimes, 2)) -} -probe nd_syscall.compat_futimesat = kernel.function("compat_sys_futimesat") ? { + // dirfd = $dfd + // filename_uaddr = $filename + // filename = user_string($filename) + // tvp_uaddr = $utimes + // argstr = sprintf("%s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), + // _struct_timeval_u($utimes, 2)) + asmlinkage() + dirfd = int_arg(1) + filename_uaddr = pointer_arg(2) + filename = user_string(filename_uaddr) + tvp_uaddr = pointer_arg(3) + argstr = sprintf("%s, %s, %s", _dfd_str(dirfd), user_string_quoted(filename_uaddr), + _struct_timeval_u(tvp_uaddr, 2)) +} +probe nd_syscall.compat_futimesat = kprobe.function("compat_sys_futimesat") ? +{ name = "futimesat" - dirfd = $dfd - filename_uaddr = $filename - filename = user_string($filename) - tvp_uaddr = $t - argstr = sprintf("%s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), - _struct_compat_timeval_u($t, 2)) -} -probe nd_syscall.futimesat.return = kernel.function("sys_futimesat").return ? { + // dirfd = $dfd + // filename_uaddr = $filename + // filename = user_string($filename) + // tvp_uaddr = $utimes + // argstr = sprintf("%s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), + // _struct_timeval_u($utimes, 2)) + asmlinkage() + dirfd = uint_arg(1) + filename_uaddr = pointer_arg(2) + filename = user_string(pointer_arg(2)) + tvp_uaddr = pointer_arg(3) + argstr = sprintf("%s, %s, %s", _dfd_str(uint_arg(1)), user_string_quoted(pointer_arg(2)), + _struct_compat_timeval_u(pointer_arg(3), 2)) +} +probe nd_syscall.futimesat.return = kprobe.function("sys_futimesat").return ? +{ name = "futimesat" retstr = returnstr(1) } -probe nd_syscall.compat_futimesat.return = kernel.function("compat_sys_futimesat").return ? { +probe nd_syscall.compat_futimesat.return = kprobe.function("compat_sys_futimesat").return ? +{ name = "futimesat" retstr = returnstr(1) } # getcwd _____________________________________________________ # long sys_getcwd(char __user *buf, unsigned long size) -probe nd_syscall.getcwd = kernel.function("sys_getcwd") { +probe nd_syscall.getcwd = kprobe.function("sys_getcwd") +{ name = "getcwd" - buf_uaddr = $buf - size = $size + // buf_uaddr = $buf + // size = $size + asmlinkage() + buf_uaddr = pointer_arg(1) + size = ulong_arg(2) argstr = sprintf("%p, %d", buf_uaddr, size) } -probe nd_syscall.getcwd.return = kernel.function("sys_getcwd").return { +probe nd_syscall.getcwd.return = kprobe.function("sys_getcwd").return +{ name = "getcwd" retstr = returnstr(1) } # getdents ___________________________________________________ # long sys_getdents(unsigned int fd, struct linux_dirent __user * dirent, unsigned int count) -# long compat_sys_getdents(unsigned int fd,struct compat_linux_dirent __user *dirent, unsigned int count) +# long compat_sys_getdents(unsigned int fd, struct compat_linux_dirent __user *dirent, unsigned int count) # long sys_getdents64(unsigned int fd, struct linux_dirent64 __user * dirent, unsigned int count) # long compat_sys_getdents64(unsigned int fd, struct linux_dirent64 __user * dirent, unsigned int count) # -probe nd_syscall.getdents = - kernel.function("sys_getdents") ?, - kernel.function("sys_getdents64") ?, - kernel.function("compat_sys_getdents") ?, - kernel.function("compat_sys_getdents64") ? +probe nd_syscall.getdents = kprobe.function("sys_getdents") ?, + kprobe.function("sys_getdents64") ?, + kprobe.function("compat_sys_getdents") ?, + kprobe.function("compat_sys_getdents64") ? { name = "getdents" - fd = $fd - dirp_uaddr = $dirent - count = $count - argstr = sprintf("%d, %p, %d", $fd, $dirent, $count) + // fd = $fd + // dirp_uaddr = $dirent + // count = $count + // argstr = sprintf("%d, %p, %d", $fd, $dirent, $count) + asmlinkage() + fd = int_arg(1) + dirp_uaddr = pointer_arg(2) + count = uint_arg(3) + argstr = sprintf("%d, %p, %d", fd, dirp_uaddr, count) } -probe nd_syscall.getdents.return = - kernel.function("sys_getdents").return ?, - kernel.function("sys_getdents64").return ?, - kernel.function("compat_sys_getdents").return ?, - kernel.function("compat_sys_getdents64").return ? +probe nd_syscall.getdents.return = kprobe.function("sys_getdents").return ?, + kprobe.function("sys_getdents64").return ?, + kprobe.function("compat_sys_getdents").return ?, + kprobe.function("compat_sys_getdents64").return ? { name = "getdents" retstr = returnstr(1) @@ -1381,18 +1601,16 @@ probe nd_syscall.getdents.return = # long sys_getegid16(void) # long sys32_getegid16(void) # -probe nd_syscall.getegid = - kernel.function("sys_getegid16") ?, - kernel.function("sys32_getegid16") ?, - kernel.function("sys_getegid") +probe nd_syscall.getegid = kprobe.function("sys_getegid16") ?, + kprobe.function("sys32_getegid16") ?, + kprobe.function("sys_getegid") { name = "getegid" argstr = "" } -probe nd_syscall.getegid.return = - kernel.function("sys_getegid16").return ?, - kernel.function("sys32_getegid16").return ?, - kernel.function("sys_getegid").return +probe nd_syscall.getegid.return = kprobe.function("sys_getegid16").return ?, + kprobe.function("sys32_getegid16").return ?, + kprobe.function("sys_getegid").return { name = "getegid" retstr = returnstr(1) @@ -1402,18 +1620,16 @@ probe nd_syscall.getegid.return = # long sys_geteuid(void) # long sys32_geteuid16(void) # -probe nd_syscall.geteuid = - kernel.function("sys_geteuid16") ?, - kernel.function("sys32_geteuid16") ?, - kernel.function("sys_geteuid") +probe nd_syscall.geteuid = kprobe.function("sys_geteuid16") ?, + kprobe.function("sys32_geteuid16") ?, + kprobe.function("sys_geteuid") { name = "geteuid" argstr = "" } -probe nd_syscall.geteuid.return = - kernel.function("sys_geteuid16").return ?, - kernel.function("sys32_geteuid16").return ?, - kernel.function("sys_geteuid").return +probe nd_syscall.geteuid.return = kprobe.function("sys_geteuid16").return ?, + kprobe.function("sys32_geteuid16").return ?, + kprobe.function("sys_geteuid").return { name = "geteuid" retstr = returnstr(1) @@ -1423,18 +1639,16 @@ probe nd_syscall.geteuid.return = # long sys_getgid(void) # long sys32_getgid16(void) # -probe nd_syscall.getgid = - kernel.function("sys_getgid16") ?, - kernel.function("sys32_getgid16") ?, - kernel.function("sys_getgid") +probe nd_syscall.getgid = kprobe.function("sys_getgid16") ?, + kprobe.function("sys32_getgid16") ?, + kprobe.function("sys_getgid") { name = "getgid" argstr = "" } -probe nd_syscall.getgid.return = - kernel.function("sys_getgid16").return ?, - kernel.function("sys32_getgid16").return ?, - kernel.function("sys_getgid").return +probe nd_syscall.getgid.return = kprobe.function("sys_getgid16").return ?, + kprobe.function("sys32_getgid16").return ?, + kprobe.function("sys_getgid").return { name = "getgid" retstr = returnstr(1) @@ -1445,20 +1659,22 @@ probe nd_syscall.getgid.return = # long sys_getgroups16(int gidsetsize, old_gid_t __user *grouplist) # long sys32_getgroups16(int gidsetsize, u16 __user *grouplist) # -probe nd_syscall.getgroups = - kernel.function("sys_getgroups") ?, - kernel.function("sys_getgroups16") ?, - kernel.function("sys32_getgroups16") ? +probe nd_syscall.getgroups = kprobe.function("sys_getgroups") ?, + kprobe.function("sys_getgroups16") ?, + kprobe.function("sys32_getgroups16") ? { name = "getgroups" - size = $gidsetsize - list_uaddr = $grouplist - argstr = sprintf("%d, %p", $gidsetsize, $grouplist) + // size = $gidsetsize + // list_uaddr = $grouplist + // argstr = sprintf("%d, %p", $gidsetsize, $grouplist) + asmlinkage() + size = int_arg(1) + list_uaddr = pointer_arg(2) + argstr = sprintf("%d, %p", size, list_uaddr) } -probe nd_syscall.getgroups.return = - kernel.function("sys_getgroups").return ?, - kernel.function("sys_getgroups16").return ?, - kernel.function("sys32_getgroups16").return ? +probe nd_syscall.getgroups.return = kprobe.function("sys_getgroups").return ?, + kprobe.function("sys_getgroups16").return ?, + kprobe.function("sys32_getgroups16").return ? { name = "getgroups" retstr = returnstr(1) @@ -1466,13 +1682,18 @@ probe nd_syscall.getgroups.return = # gethostname ________________________________________________ # long sys_gethostname(char __user *name, int len) -probe nd_syscall.gethostname = kernel.function("sys_gethostname") ? { +probe nd_syscall.gethostname = kprobe.function("sys_gethostname") ? +{ name = "gethostname" - name_uaddr = $name - len = $len + // name_uaddr = $name + // len = $len + asmlinkage() + name_uaddr = pointer_arg(1) + len = int_arg(2) argstr = sprintf ("%p, %d", name_uaddr, len) } -probe nd_syscall.gethostname.return = kernel.function("sys_gethostname").return ? { +probe nd_syscall.gethostname.return = kprobe.function("sys_gethostname").return ? +{ name = "gethostname" retstr = returnstr(1) } @@ -1480,24 +1701,36 @@ probe nd_syscall.gethostname.return = kernel.function("sys_gethostname").return # getitimer __________________________________________________ # sys_getitimer(int which, struct itimerval __user *value) # -probe nd_syscall.getitimer = kernel.function("sys_getitimer") { +probe nd_syscall.getitimer = kprobe.function("sys_getitimer") +{ name = "getitimer" - which = $which - value_uaddr = $value - argstr = sprintf("%s, %p", _itimer_which_str($which), $value) + // which = $which + // value_uaddr = $value + // argstr = sprintf("%s, %p", _itimer_which_str($which), $value) + asmlinkage() + which = int_arg(1) + value_uaddr = pointer_arg(2) + argstr = sprintf("%s, %p", _itimer_which_str(which), value_uaddr ) } -probe nd_syscall.getitimer.return = kernel.function("sys_getitimer").return { +probe nd_syscall.getitimer.return = kprobe.function("sys_getitimer").return +{ name = "getitimer" retstr = returnstr(1) } # long compat_sys_getitimer(int which, struct compat_itimerval __user *it -probe nd_syscall.compat_getitimer = kernel.function("compat_sys_getitimer") ? { +probe nd_syscall.compat_getitimer = kprobe.function("compat_sys_getitimer") ? +{ name = "getitimer" - which = $which - value_uaddr = $it - argstr = sprintf("%s, %p", _itimer_which_str($which), $it) + // which = $which + // value_uaddr = $it + // argstr = sprintf("%s, %p", _itimer_which_str($which), $it) + asmlinkage() + which = int_arg(1) + value_uaddr = pointer_arg(2) + argstr = sprintf("%s, %p", _itimer_which_str(which), value_uaddr) } -probe nd_syscall.compat_getitimer.return = kernel.function("compat_sys_getitimer").return ? { +probe nd_syscall.compat_getitimer.return = kprobe.function("compat_sys_getitimer").return ? +{ name = "getitimer" retstr = returnstr(1) } @@ -1513,22 +1746,28 @@ probe nd_syscall.compat_getitimer.return = kernel.function("compat_sys_getitimer # compat_ulong_t maxnode, # compat_ulong_t addr, compat_ulong_t flags) # -probe nd_syscall.get_mempolicy = - kernel.function("sys_get_mempolicy") ?, - kernel.function("compat_sys_get_mempolicy") ? +probe nd_syscall.get_mempolicy = kprobe.function("sys_get_mempolicy") ?, + kprobe.function("compat_sys_get_mempolicy") ? { name = "get_mempolicy" - policy_uaddr = $policy - nmask_uaddr = $nmask - maxnode = $maxnode - addr = $addr - flags = $flags - argstr = sprintf("%p, %p, %d, %p, 0x%x", $policy, - $nmask, $maxnode, $addr, $flags) -} -probe nd_syscall.get_mempolicy.return = - kernel.function("sys_get_mempolicy").return ?, - kernel.function("compat_sys_get_mempolicy").return ? + // policy_uaddr = $policy + // nmask_uaddr = $nmask + // maxnode = $maxnode + // addr = $addr + // flags = $flags + // argstr = sprintf("%p, %p, %d, %p, 0x%x", $policy, + // $nmask, $maxnode, $addr, $flags) + asmlinkage() + policy_uaddr = pointer_arg(1) + nmask_uaddr = pointer_arg(2) + maxnode = ulong_arg(3) + addr = ulong_arg(4) + flags = ulong_arg(5) + argstr = sprintf("%p, %p, %d, %p, 0x%x", policy_uaddr, + nmask_uaddr, maxnode, addr, flags) +} +probe nd_syscall.get_mempolicy.return = kprobe.function("sys_get_mempolicy").return ?, + kprobe.function("compat_sys_get_mempolicy").return ? { name = "get_mempolicy" retstr = returnstr(1) @@ -1537,72 +1776,95 @@ probe nd_syscall.get_mempolicy.return = # getpeername ________________________________________________ # long sys_getpeername(int fd, struct sockaddr __user *usockaddr, int __user *usockaddr_len) # -probe nd_syscall.getpeername = kernel.function("sys_getpeername") ? { +probe nd_syscall.getpeername = kprobe.function("sys_getpeername") ? +{ name = "getpeername" - s = $fd - name_uaddr = $usockaddr - namelen_uaddr = $usockaddr_len - argstr = sprintf("%d, %p, %p", $fd, $usockaddr, $usockaddr_len) + // s = $fd + // name_uaddr = $usockaddr + // namelen_uaddr = $usockaddr_len + // argstr = sprintf("%d, %p, %p", $fd, $usockaddr, $usockaddr_len) + asmlinkage() + s = int_arg(1) + name_uaddr = pointer_arg(2) + namelen_uaddr = pointer_arg(3) + argstr = sprintf("%d, %p, %p", s, name_uaddr, namelen_uaddr) } -probe nd_syscall.getpeername.return = kernel.function("sys_getpeername").return ? { +probe nd_syscall.getpeername.return = kprobe.function("sys_getpeername").return ? +{ name = "getpeername" retstr = returnstr(1) } # getpgid ____________________________________________________ # long sys_getpgid(pid_t pid) -probe nd_syscall.getpgid = kernel.function("sys_getpgid") { +probe nd_syscall.getpgid = kprobe.function("sys_getpgid") +{ name = "getpgid" - pid = $pid - argstr = sprintf("%d", $pid) + // pid = $pid + // argstr = sprintf("%d", $pid) + asmlinkage() + pid = int_arg(1) + argstr = sprintf("%d", pid) } -probe nd_syscall.getpgid.return = kernel.function("sys_getpgid").return { +probe nd_syscall.getpgid.return = kprobe.function("sys_getpgid").return +{ name = "getpgid" retstr = returnstr(1) } # getpgrp ____________________________________________________ # long sys_getpgrp(void) -probe nd_syscall.getpgrp = kernel.function("sys_getpgrp") ? { +probe nd_syscall.getpgrp = kprobe.function("sys_getpgrp") ? +{ name = "getpgrp" argstr = "" } -probe nd_syscall.getpgrp.return = kernel.function("sys_getpgrp").return ? { +probe nd_syscall.getpgrp.return = kprobe.function("sys_getpgrp").return ? +{ name = "getpgrp" retstr = returnstr(1) } # getpid _____________________________________________________ # long sys_getpid(void) -probe nd_syscall.getpid = kernel.function("sys_getpid") { +probe nd_syscall.getpid = kprobe.function("sys_getpid") +{ name = "getpid" argstr = "" } -probe nd_syscall.getpid.return = kernel.function("sys_getpid").return { +probe nd_syscall.getpid.return = kprobe.function("sys_getpid").return +{ name = "getpid" retstr = returnstr(1) } # getppid ____________________________________________________ # long sys_getppid(void) -probe nd_syscall.getppid = kernel.function("sys_getppid") { +probe nd_syscall.getppid = kprobe.function("sys_getppid") +{ name = "getppid" argstr = "" } -probe nd_syscall.getppid.return = kernel.function("sys_getppid").return { +probe nd_syscall.getppid.return = kprobe.function("sys_getppid").return +{ name = "getppid" retstr = returnstr(1) } # getpriority ________________________________________________ # long sys_getpriority(int which, int who) -probe nd_syscall.getpriority = kernel.function("sys_getpriority") { +probe nd_syscall.getpriority = kprobe.function("sys_getpriority") +{ name = "getpriority" - which = $which - who = $who + // which = $which + // who = $who + asmlinkage() + which = int_arg(1) + who = int_arg(2) argstr = sprintf("%s, %d", _priority_which_str(which), who) } -probe nd_syscall.getpriority.return = kernel.function("sys_getpriority").return { +probe nd_syscall.getpriority.return = kprobe.function("sys_getpriority").return +{ name = "getpriority" retstr = returnstr(1) } @@ -1614,19 +1876,22 @@ probe nd_syscall.getpriority.return = kernel.function("sys_getpriority").return # long sys_getresgid16(old_uid_t __user *rgid, # old_uid_t __user *egid, # old_uid_t __user *sgid) -probe nd_syscall.getresgid = - kernel.function("sys_getresgid16") ?, - kernel.function("sys_getresgid") +probe nd_syscall.getresgid = kprobe.function("sys_getresgid16") ?, + kprobe.function("sys_getresgid") { name = "getresgid" - rgid_uaddr = $rgid - egid_uaddr = $egid - sgid_uaddr = $sgid - argstr = sprintf("%p, %p, %p", $rgid, $egid, $sgid) + // rgid_uaddr = $rgid + // egid_uaddr = $egid + // sgid_uaddr = $sgid + // argstr = sprintf("%p, %p, %p", $rgid, $egid, $sgid) + asmlinkage() + rgid_uaddr = pointer_arg(1) + egid_uaddr = pointer_arg(2) + sgid_uaddr = pointer_arg(3) + argstr = sprintf("%p, %p, %p", rgid_uaddr, egid_uaddr, sgid_uaddr) } -probe nd_syscall.getresgid.return = - kernel.function("sys_getresgid16").return ?, - kernel.function("sys_getresgid").return +probe nd_syscall.getresgid.return = kprobe.function("sys_getresgid16").return ?, + kprobe.function("sys_getresgid").return { name = "getresgid" retstr = returnstr(1) @@ -1636,19 +1901,22 @@ probe nd_syscall.getresgid.return = # long sys_getresuid(uid_t __user *ruid, # uid_t __user *euid, # uid_t __user *suid) -probe nd_syscall.getresuid = - kernel.function("sys_getresuid16") ?, - kernel.function("sys_getresuid") +probe nd_syscall.getresuid = kprobe.function("sys_getresuid16") ?, + kprobe.function("sys_getresuid") { name = "getresuid" - ruid_uaddr = $ruid - euid_uaddr = $euid - suid_uaddr = $suid - argstr = sprintf("%p, %p, %p", $ruid, $euid, $suid) + // ruid_uaddr = $ruid + // euid_uaddr = $euid + // suid_uaddr = $suid + // argstr = sprintf("%p, %p, %p", $ruid, $euid, $suid) + asmlinkage() + ruid_uaddr = pointer_arg(1) + euid_uaddr = pointer_arg(2) + suid_uaddr = pointer_arg(3) + argstr = sprintf("%p, %p, %p", ruid_uaddr, euid_uaddr, suid_uaddr) } -probe nd_syscall.getresuid.return = - kernel.function("sys_getresuid16").return ?, - kernel.function("sys_getresuid").return +probe nd_syscall.getresuid.return = kprobe.function("sys_getresuid16").return ?, + kprobe.function("sys_getresuid").return { name = "getresuid" retstr = returnstr(1) @@ -1658,18 +1926,22 @@ probe nd_syscall.getresuid.return = # long sys_getrlimit(unsigned int resource, struct rlimit __user *rlim) # long sys_old_getrlimit(unsigned int resource, struct rlimit __user *rlim) # long compat_sys_getrlimit (unsigned int resource, struct compat_rlimit __user *rlim) -probe nd_syscall.getrlimit = kernel.function("sys_getrlimit"), - kernel.function("sys_old_getrlimit") ?, - kernel.function("compat_sys_getrlimit") ? +probe nd_syscall.getrlimit = kprobe.function("sys_getrlimit"), + kprobe.function("sys_old_getrlimit") ?, + kprobe.function("compat_sys_getrlimit") ? { name = "getrlimit" - resource = $resource - rlim_uaddr = $rlim - argstr = sprintf("%s, %p", _rlimit_resource_str($resource), $rlim) + // resource = $resource + // rlim_uaddr = $rlim + // argstr = sprintf("%s, %p", _rlimit_resource_str($resource), $rlim) + asmlinkage() + resource = uint_arg(1) + rlim_uaddr = pointer_arg(2) + argstr = sprintf("%s, %p", _rlimit_resource_str(resource), rlim_uaddr) } -probe nd_syscall.getrlimit.return = kernel.function("sys_getrlimit").return, - kernel.function("sys_old_getrlimit").return ?, - kernel.function("compat_sys_getrlimit").return ? +probe nd_syscall.getrlimit.return = kprobe.function("sys_getrlimit").return, + kprobe.function("sys_old_getrlimit").return ?, + kprobe.function("compat_sys_getrlimit").return ? { name = "getrlimit" retstr = returnstr(1) @@ -1677,7 +1949,8 @@ probe nd_syscall.getrlimit.return = kernel.function("sys_getrlimit").return, # getrusage __________________________________________________ # long sys_getrusage(int who, struct rusage __user *ru) -probe nd_syscall.getrusage = kernel.function("sys_getrusage") { +probe nd_syscall.getrusage = kprobe.function("sys_getrusage") +{ name = "getrusage" // who = $who // if($who==-2) @@ -1704,19 +1977,24 @@ probe nd_syscall.getrusage = kernel.function("sys_getrusage") { usage_uaddr = pointer_arg(2) argstr = sprintf("%s, %p", who_str, usage_uaddr) } -probe nd_syscall.getrusage.return = kernel.function("sys_getrusage").return { +probe nd_syscall.getrusage.return = kprobe.function("sys_getrusage").return +{ name = "getrusage" retstr = returnstr(1) } # getsid _____________________________________________________ # long sys_getsid(pid_t pid) -probe nd_syscall.getsid = kernel.function("sys_getsid") { +probe nd_syscall.getsid = kprobe.function("sys_getsid") +{ name = "getsid" - pid = $pid + // pid = $pid + asmlinkage() + pid = int_arg(1) argstr = sprint(pid) } -probe nd_syscall.getsid.return = kernel.function("sys_getsid").return { +probe nd_syscall.getsid.return = kprobe.function("sys_getsid").return +{ name = "getsid" retstr = returnstr(1) } @@ -1725,14 +2003,21 @@ probe nd_syscall.getsid.return = kernel.function("sys_getsid").return { # long sys_getsockname(int fd, # struct sockaddr __user *usockaddr, # int __user *usockaddr_len) -probe nd_syscall.getsockname = kernel.function("sys_getsockname") ? { +probe nd_syscall.getsockname = kprobe.function("sys_getsockname") ? +{ name = "getsockname" - s = $fd - name_uaddr = $usockaddr - namelen_uaddr = $usockaddr_len - argstr = sprintf("%d, %p, %p", $fd, $usockaddr, $usockaddr_len) + // s = $fd + // name_uaddr = $usockaddr + // namelen_uaddr = $usockaddr_len + // argstr = sprintf("%d, %p, %p", $fd, $usockaddr, $usockaddr_len) + asmlinkage() + s = int_arg(1) + name_uaddr = pointer_arg(2) + namelen_uaddr = pointer_arg(3) + argstr = sprintf("%d, %p, %p", s, name_uaddr, namelen_uaddr) } -probe nd_syscall.getsockname.return = kernel.function("sys_getsockname").return ? { +probe nd_syscall.getsockname.return = kprobe.function("sys_getsockname").return ? +{ name = "getsockname" retstr = returnstr(1) } @@ -1744,24 +2029,32 @@ probe nd_syscall.getsockname.return = kernel.function("sys_getsockname").return # char __user *optval, # int __user *optlen) # -probe nd_syscall.getsockopt = - kernel.function("sys_getsockopt") ?, - kernel.function("compat_sys_getsockopt") ? +probe nd_syscall.getsockopt = kprobe.function("sys_getsockopt") ?, + kprobe.function("compat_sys_getsockopt") ? { name = "getsockopt" - fd = $fd - level = $level - level_str = _sockopt_level_str($level) - optname = $optname - optname_str = _sockopt_optname_str($optname) - optval_uaddr = $optval - optlen_uaddr = $optlen - argstr = sprintf("%d, %s, %s, %p, %p", $fd, _sockopt_level_str($level), - _sockopt_optname_str($optname), $optval, $optlen) -} -probe nd_syscall.getsockopt.return = - kernel.function("sys_getsockopt").return ?, - kernel.function("compat_sys_getsockopt").return ? + // fd = $fd + // level = $level + // level_str = _sockopt_level_str($level) + // optname = $optname + // optname_str = _sockopt_optname_str($optname) + // optval_uaddr = $optval + // optlen_uaddr = $optlen + // argstr = sprintf("%d, %s, %s, %p, %p", $fd, _sockopt_level_str($level), + // _sockopt_optname_str($optname), $optval, $optlen) + asmlinkage() + fd = int_arg(1) + level = int_arg(2) + level_str = _sockopt_level_str(level) + optname = int_arg(3) + optname_str = _sockopt_optname_str(optname) + optval_uaddr = pointer_arg(4) + optlen_uaddr = pointer_arg(5) + argstr = sprintf("%d, %s, %s, %p, %p", fd, _sockopt_level_str(level), + _sockopt_optname_str(optname), optval_uaddr, optlen_uaddr) +} +probe nd_syscall.getsockopt.return = kprobe.function("sys_getsockopt").return ?, + kprobe.function("compat_sys_getsockopt").return ? { name = "getsockopt" retstr = returnstr(1) @@ -1769,11 +2062,13 @@ probe nd_syscall.getsockopt.return = # gettid _____________________________________________________ # long sys_gettid(void) -probe nd_syscall.gettid = kernel.function("sys_gettid") { +probe nd_syscall.gettid = kprobe.function("sys_gettid") +{ name = "gettid" argstr = "" } -probe nd_syscall.gettid.return = kernel.function("sys_gettid").return { +probe nd_syscall.gettid.return = kprobe.function("sys_gettid").return +{ name = "gettid" retstr = returnstr(1) } @@ -1785,21 +2080,23 @@ probe nd_syscall.gettid.return = kernel.function("sys_gettid").return { # struct timezone __user *tz) # long compat_sys_gettimeofday(struct compat_timeval __user *tv, # struct timezone __user *tz) -probe nd_syscall.gettimeofday = - kernel.function("sys_gettimeofday"), - kernel.function("sys32_gettimeofday") ?, - kernel.function("compat_sys_gettimeofday") ? +probe nd_syscall.gettimeofday = kprobe.function("sys_gettimeofday"), + kprobe.function("sys32_gettimeofday") ?, + kprobe.function("compat_sys_gettimeofday") ? { name = "gettimeofday" - tv_uaddr = $tv - tz_uaddr = $tz - argstr = sprintf("%p, %p", $tv, $tz) + // tv_uaddr = $tv + // tz_uaddr = $tz + // argstr = sprintf("%p, %p", $tv, $tz) + asmlinkage() + tv_uaddr = pointer_arg(1) + tz_uaddr = pointer_arg(2) + argstr = sprintf("%p, %p", tv_uaddr, tz_uaddr) } -probe nd_syscall.gettimeofday.return = - kernel.function("sys_gettimeofday").return, - kernel.function("sys32_gettimeofday").return ?, - kernel.function("compat_sys_gettimeofday").return ? +probe nd_syscall.gettimeofday.return = kprobe.function("sys_gettimeofday").return, + kprobe.function("sys32_gettimeofday").return ?, + kprobe.function("compat_sys_gettimeofday").return ? { name = "gettimeofday" retstr = returnstr(1) @@ -1810,18 +2107,16 @@ probe nd_syscall.gettimeofday.return = # long sys_getuid16(void) # long sys32_getuid16(void) # -probe nd_syscall.getuid = - kernel.function("sys_getuid16") ?, - kernel.function("sys32_getuid16") ?, - kernel.function("sys_getuid") +probe nd_syscall.getuid = kprobe.function("sys_getuid16") ?, + kprobe.function("sys32_getuid16") ?, + kprobe.function("sys_getuid") { name = "getuid" argstr = "" } -probe nd_syscall.getuid.return = - kernel.function("sys_getuid16").return ?, - kernel.function("sys32_getuid16").return ?, - kernel.function("sys_getuid").return +probe nd_syscall.getuid.return = kprobe.function("sys_getuid16").return ?, + kprobe.function("sys32_getuid16").return ?, + kprobe.function("sys_getuid").return { name = "getuid" retstr = returnstr(1) @@ -1830,19 +2125,38 @@ probe nd_syscall.getuid.return = # getxattr ___________________________________________________ # ssize_t sys_getxattr(char __user *path, char __user *name, # void __user *value, size_t size) -probe nd_syscall.getxattr = kernel.function("sys_getxattr") { +probe nd_syscall.getxattr = kprobe.function("sys_getxattr") +{ name = "getxattr" - path = user_string($path) + // %( kernel_v >= "2.6.27" %? + // path = user_string($pathname) + // %: + // path = user_string($path) + // %) + // name2 = user_string($name) + // value_uaddr = $value + // size = $size + // argstr = sprintf("%s, %s, %p, %d", + // %( kernel_v >= "2.6.27" %? + // user_string_quoted($pathname), + // %: + // user_string_quoted($path), + // %) + // user_string_quoted($name), + // value_uaddr, size) + asmlinkage() + path = pointer_arg(1) # FIXME - name2 = user_string($name) - value_uaddr = $value - size = $size + name2 = user_string(pointer_arg(2)) + value_uaddr = pointer_arg(3) + size = ulong_arg(4) argstr = sprintf("%s, %s, %p, %d", - user_string_quoted($path), - user_string_quoted($name), + user_string_quoted(path), + user_string_quoted(pointer_arg(2)), value_uaddr, size) } -probe nd_syscall.getxattr.return = kernel.function("sys_getxattr").return { +probe nd_syscall.getxattr.return = kprobe.function("sys_getxattr").return +{ name = "getxattr" retstr = returnstr(1) } @@ -1852,14 +2166,21 @@ probe nd_syscall.getxattr.return = kernel.function("sys_getxattr").return { # unsigned long len, # const char __user *uargs) # -probe nd_syscall.init_module = kernel.function("sys_init_module") ? { +probe nd_syscall.init_module = kprobe.function("sys_init_module") ? +{ name = "init_module" - umod_uaddr = $umod - len = $len - uargs = user_string($uargs) - argstr = sprintf("%p, %d, %s", $umod, $len, user_string_quoted($uargs)) + // umod_uaddr = $umod + // len = $len + // uargs = user_string($uargs) + // argstr = sprintf("%p, %d, %s", $umod, $len, user_string_quoted($uargs)) + asmlinkage() + umod_uaddr = pointer_arg(1) + len = ulong_arg(2) + uargs = user_string(pointer_arg(3)) + argstr = sprintf("%p, %d, %s", umod_uaddr, len, user_string_quoted(pointer_arg(4))) } -probe nd_syscall.init_module.return = kernel.function("sys_init_module").return ? { +probe nd_syscall.init_module.return = kprobe.function("sys_init_module").return ? +{ name = "init_module" retstr = returnstr(1) } @@ -1868,15 +2189,29 @@ probe nd_syscall.init_module.return = kernel.function("sys_init_module").return # # long sys_inotify_add_watch(int fd, const char __user *path, u32 mask) # -probe nd_syscall.inotify_add_watch = kernel.function("sys_inotify_add_watch") ? { +probe nd_syscall.inotify_add_watch = kprobe.function("sys_inotify_add_watch") ? +{ name = "inotify_add_watch" - fd = $fd - path_uaddr = $path - path = user_string($path) - mask = $mask - argstr = sprintf("%d, %s, %d", $fd, user_string_quoted($path), $mask) + // fd = $fd + // mask = $mask + // %( kernel_v >= "2.6.27" %? + // path_uaddr = $pathname + // path = user_string($pathname) + // argstr = sprintf("%d, %s, %d", $fd, user_string_quoted($pathname), $mask) + // %: + // path_uaddr = $path + // path = user_string($path) + // argstr = sprintf("%d, %s, %d", $fd, user_string_quoted($path), $mask) + // %) + asmlinkage() + fd = int_arg(1) + path_uaddr = pointer_arg(2) + path = user_string(path_uaddr) + mask = uint_arg(3) + argstr = sprintf("%d, %s, %d", fd, user_string_quoted(path_uaddr), mask) } -probe nd_syscall.inotify_add_watch.return = kernel.function("sys_inotify_add_watch").return ? { +probe nd_syscall.inotify_add_watch.return = kprobe.function("sys_inotify_add_watch").return ? +{ name = "inotify_add_watch" retstr = returnstr(1) } @@ -1885,11 +2220,13 @@ probe nd_syscall.inotify_add_watch.return = kernel.function("sys_inotify_add_wat # # long sys_inotify_init(void) # -probe nd_syscall.inotify_init = kernel.function("sys_inotify_init") ? { +probe nd_syscall.inotify_init = kprobe.function("sys_inotify_init") ? +{ name = "inotify_init" argstr = "" } -probe nd_syscall.inotify_init.return = kernel.function("sys_inotify_init").return ? { +probe nd_syscall.inotify_init.return = kprobe.function("sys_inotify_init").return ? +{ name = "inotify_init" retstr = returnstr(1) } @@ -1898,13 +2235,19 @@ probe nd_syscall.inotify_init.return = kernel.function("sys_inotify_init").retur # # long sys_inotify_rm_watch(int fd, u32 wd) # -probe nd_syscall.inotify_rm_watch = kernel.function("sys_inotify_rm_watch") ? { +probe nd_syscall.inotify_rm_watch = kprobe.function("sys_inotify_rm_watch") ? +{ name = "inotify_rm_watch" - fd = $fd - wd = $wd - argstr = sprintf("%d, %d", $fd, $wd) + // fd = $fd + // wd = $wd + // argstr = sprintf("%d, %d", $fd, $wd) + asmlinkage() + fd = int_arg(1) + wd = uint_arg(2) + argstr = sprintf("%d, %d", fd, wd) } -probe nd_syscall.inotify_rm_watch.return = kernel.function("sys_inotify_rm_watch").return ? { +probe nd_syscall.inotify_rm_watch.return = kprobe.function("sys_inotify_rm_watch").return ? +{ name = "inotify_rm_watch" retstr = returnstr(1) } @@ -1913,14 +2256,20 @@ probe nd_syscall.inotify_rm_watch.return = kernel.function("sys_inotify_rm_watch # long sys_io_cancel(aio_context_t ctx_id, # struct iocb __user *iocb, # struct io_event __user *result) -probe nd_syscall.io_cancel = kernel.function("sys_io_cancel") { +probe nd_syscall.io_cancel = kprobe.function("sys_io_cancel") +{ name = "io_cancel" - ctx_id = $ctx_id - iocb_uaddr = $iocb - result_uaddr = $result + // ctx_id = $ctx_id + // iocb_uaddr = $iocb + // result_uaddr = $result + asmlinkage() + ctx_id = ulong_arg(1) + iocb_uaddr = pointer_arg(2) + result_uaddr = pointer_arg(3) argstr = sprintf("%d, %p, %p", ctx_id, iocb_uaddr, result_uaddr) } -probe nd_syscall.io_cancel.return = kernel.function("sys_io_cancel").return { +probe nd_syscall.io_cancel.return = kprobe.function("sys_io_cancel").return +{ name = "io_cancel" retstr = returnstr(1) } @@ -1929,19 +2278,22 @@ probe nd_syscall.io_cancel.return = kernel.function("sys_io_cancel").return { # long sys_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg) # long compat_sys_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg) # -probe nd_syscall.ioctl = - kernel.function("sys_ioctl") ?, - kernel.function("compat_sys_ioctl") ? +probe nd_syscall.ioctl = kprobe.function("sys_ioctl") ?, + kprobe.function("compat_sys_ioctl") ? { name = "ioctl" - fd = $fd - request = $cmd - argp = $arg - argstr = sprintf("%d, %d, %p", $fd, $cmd, $arg) + // fd = $fd + // request = $cmd + // argp = $arg + // argstr = sprintf("%d, %d, %p", $fd, $cmd, $arg) + asmlinkage() + fd = int_arg(1) + request = int_arg(2) + argp = ulong_arg(3) + argstr = sprintf("%d, %d, %p", fd, request, argp) } -probe nd_syscall.ioctl.return = - kernel.function("sys_ioctl").return ?, - kernel.function("compat_sys_ioctl").return ? +probe nd_syscall.ioctl.return = kprobe.function("sys_ioctl").return ?, + kprobe.function("compat_sys_ioctl").return ? { name = "ioctl" retstr = returnstr(1) @@ -1949,12 +2301,16 @@ probe nd_syscall.ioctl.return = # io_destroy _________________________________________________ # long sys_io_destroy(aio_context_t ctx) -probe nd_syscall.io_destroy = kernel.function("sys_io_destroy") { +probe nd_syscall.io_destroy = kprobe.function("sys_io_destroy") +{ name = "io_destroy" - ctx = $ctx + // ctx = $ctx + asmlinkage() + ctx = ulong_arg(1) argstr = sprintf("%d", ctx) } -probe nd_syscall.io_destroy.return = kernel.function("sys_io_destroy").return { +probe nd_syscall.io_destroy.return = kprobe.function("sys_io_destroy").return +{ name = "io_destroy" retstr = returnstr(1) } @@ -1971,23 +2327,30 @@ probe nd_syscall.io_destroy.return = kernel.function("sys_io_destroy").return { # struct io_event __user *events, # struct compat_timespec __user *timeout) # -probe nd_syscall.io_getevents = - kernel.function("sys_io_getevents") ?, - kernel.function("compat_sys_io_getevents") ? +probe nd_syscall.io_getevents = kprobe.function("sys_io_getevents") ?, + kprobe.function("compat_sys_io_getevents") ? { name = "io_getevents" - ctx_id = $ctx_id - min_nr = $min_nr - nr = $nr - events_uaddr = $events - timeout_uaddr = $timeout - timestr = _struct_timespec_u($timeout,1) - argstr = sprintf("%d, %d, %d, %p, %p, %s", $ctx_id, $min_nr, - $nr, $events, $timeout, timestr) -} -probe nd_syscall.io_getevents.return = - kernel.function("sys_io_getevents").return ?, - kernel.function("compat_sys_io_getevents").return ? + // ctx_id = $ctx_id + // min_nr = $min_nr + // nr = $nr + // events_uaddr = $events + // timeout_uaddr = $timeout + // timestr = _struct_timespec_u($timeout, 1) + // argstr = sprintf("%d, %d, %d, %p, %p, %s", $ctx_id, $min_nr, + // $nr, $events, $timeout, timestr) + asmlinkage() + ctx_id = ulong_arg(1) + min_nr = long_arg(2) + nr = long_arg(3) + events_uaddr = pointer_arg(4) + timeout_uaddr = pointer_arg(5) + timestr = _struct_timespec_u(timeout_uaddr, 1) + argstr = sprintf("%d, %d, %d, %p, %p, %s", ctx_id, min_nr, + nr, events_uaddr, timeout_uaddr, timestr) +} +probe nd_syscall.io_getevents.return = kprobe.function("sys_io_getevents").return ?, + kprobe.function("compat_sys_io_getevents").return ? { name = "io_getevents" retstr = returnstr(1) @@ -1996,14 +2359,21 @@ probe nd_syscall.io_getevents.return = # ioperm _____________________________________________________ # long sys_ioperm(unsigned long from, unsigned long num, int turn_on) # -probe nd_syscall.ioperm = kernel.function("sys_ioperm") ? { +probe nd_syscall.ioperm = kprobe.function("sys_ioperm") ? +{ name = "ioperm" - from = $from - num = $num - turn_on = $turn_on - argstr = sprintf("%d, %d, %d", $from, $num, $turn_on) + // from = $from + // num = $num + // turn_on = $turn_on + // argstr = sprintf("%d, %d, %d", $from, $num, $turn_on) + asmlinkage() + from = ulong_arg(1) + num = ulong_arg(2) + turn_on = int_arg(3) + argstr = sprintf("%d, %d, %d", from, num, turn_on) } -probe nd_syscall.ioperm.return = kernel.function("sys_ioperm").return ? { +probe nd_syscall.ioperm.return = kprobe.function("sys_ioperm").return ? +{ name = "ioperm" retstr = returnstr(1) } @@ -2011,27 +2381,39 @@ probe nd_syscall.ioperm.return = kernel.function("sys_ioperm").return ? { # io_setup ___________________________________________________ # long sys_io_setup(unsigned nr_events, aio_context_t __user *ctxp) # -probe nd_syscall.io_setup = kernel.function("sys_io_setup") { +probe nd_syscall.io_setup = kprobe.function("sys_io_setup") +{ name = "io_setup" - maxevents = $nr_events - ctxp_uaddr = $ctxp - argstr = sprintf("%d, %p", $nr_events, $ctxp) + // maxevents = $nr_events + // ctxp_uaddr = $ctxp + // argstr = sprintf("%d, %p", $nr_events, $ctxp) + asmlinkage() + maxevents = uint_arg(1) + ctxp_uaddr = pointer_arg(2) + argstr = sprintf("%d, %p", maxevents, ctxp_uaddr) } -probe nd_syscall.io_setup.return = kernel.function("sys_io_setup").return { +probe nd_syscall.io_setup.return = kprobe.function("sys_io_setup").return +{ name = "io_setup" retstr = returnstr(1) } # long compat_sys_io_setup(unsigned nr_reqs, u32 __user *ctx32p) # -probe nd_syscall.compat_io_setup = kernel.function("compat_sys_io_setup") ? { +probe nd_syscall.compat_io_setup = kprobe.function("compat_sys_io_setup") ? +{ name = "io_setup" - maxevents = $nr_reqs - ctxp_uaddr = $ctx32p - argstr = sprintf("%d, %p", $nr_reqs, $ctx32p) + // maxevents = $nr_reqs + // ctxp_uaddr = $ctx32p + // argstr = sprintf("%d, %p", $nr_reqs, $ctx32p) + asmlinkage() + maxevents = uint_arg(1) + ctxp_uaddr = pointer_arg(2) + argstr = sprintf("%d, %p", maxevents, ctxp_uaddr) } -probe nd_syscall.compat_io_setup.return = kernel.function("compat_sys_io_setup").return ? { +probe nd_syscall.compat_io_setup.return = kprobe.function("compat_sys_io_setup").return ? +{ name = "io_setup" retstr = returnstr(1) } @@ -2039,27 +2421,41 @@ probe nd_syscall.compat_io_setup.return = kernel.function("compat_sys_io_setup") # io_submit __________________________________________________ # long sys_io_submit(aio_context_t ctx_id, long nr, struct iocb __user * __user *iocbpp) # -probe nd_syscall.io_submit = kernel.function("sys_io_submit") { +probe nd_syscall.io_submit = kprobe.function("sys_io_submit") +{ name = "io_submit" - ctx_id = $ctx_id - nr = $nr - iocbpp_uaddr = $iocbpp - argstr = sprintf("%d, %d, %p", $ctx_id, $nr, $iocbpp) + // ctx_id = $ctx_id + // nr = $nr + // iocbpp_uaddr = $iocbpp + // argstr = sprintf("%d, %d, %p", $ctx_id, $nr, $iocbpp) + asmlinkage() + ctx_id = ulong_arg(1) + nr = long_arg(2) + iocbpp_uaddr = pointer_arg(3) + argstr = sprintf("%d, %d, %p", ctx_id, nr, iocbpp_uaddr) } -probe nd_syscall.io_submit.return = kernel.function("sys_io_submit").return { +probe nd_syscall.io_submit.return = kprobe.function("sys_io_submit").return +{ name = "io_submit" retstr = returnstr(1) } # long compat_sys_io_submit(aio_context_t ctx_id, int nr, u32 __user *iocb) # -probe nd_syscall.compat_io_submit = kernel.function("compat_sys_io_submit") ? { +probe nd_syscall.compat_io_submit = kprobe.function("compat_sys_io_submit") ? +{ name = "io_submit" - ctx_id = $ctx_id - nr = $nr - iocbpp_uaddr = $iocb - argstr = sprintf("%d, %d, %p", $ctx_id, $nr, $iocb) + // ctx_id = $ctx_id + // nr = $nr + // iocbpp_uaddr = $iocb + // argstr = sprintf("%d, %d, %p", $ctx_id, $nr, $iocb) + asmlinkage() + ctx_id = ulong_arg(1) + nr = int_arg(2) + iocbpp_uaddr = pointer_arg(3) + argstr = sprintf("%d, %d, %p", ctx_id, nr, iocbpp_uaddr) } -probe nd_syscall.compat_io_submit.return = kernel.function("compat_sys_io_submit").return ? { +probe nd_syscall.compat_io_submit.return = kprobe.function("compat_sys_io_submit").return ? +{ name = "io_submit" retstr = returnstr(1) } @@ -2067,13 +2463,19 @@ probe nd_syscall.compat_io_submit.return = kernel.function("compat_sys_io_submit # ioprio_get _________________________________________________ # long sys_ioprio_get(int which, int who) # -probe nd_syscall.ioprio_get = kernel.function("sys_ioprio_get") ? { +probe nd_syscall.ioprio_get = kprobe.function("sys_ioprio_get") ? +{ name = "ioprio_get" - which = $which - who = $who - argstr = sprintf("%d, %d", $which, $who) + // which = $which + // who = $who + // argstr = sprintf("%d, %d", $which, $who) + asmlinkage() + which = int_arg(1) + who = int_arg(2) + argstr = sprintf("%d, %d", which, who) } -probe nd_syscall.ioprio_get.return = kernel.function("sys_ioprio_get").return ? { +probe nd_syscall.ioprio_get.return = kprobe.function("sys_ioprio_get").return ? +{ name = "ioprio_get" retstr = returnstr(1) } @@ -2081,14 +2483,21 @@ probe nd_syscall.ioprio_get.return = kernel.function("sys_ioprio_get").return ? # ioprio_set _________________________________________________ # long sys_ioprio_set(int which, int who, int ioprio) # -probe nd_syscall.ioprio_set = kernel.function("sys_ioprio_set") ? { +probe nd_syscall.ioprio_set = kprobe.function("sys_ioprio_set") ? +{ name = "ioprio_set" - which = $which - who = $who - ioprio = $ioprio - argstr = sprintf("%d, %d, %d", $which, $who, $ioprio) + // which = $which + // who = $who + // ioprio = $ioprio + // argstr = sprintf("%d, %d, %d", $which, $who, $ioprio) + asmlinkage() + which = int_arg(1) + who = int_arg(2) + ioprio = int_arg(3) + argstr = sprintf("%d, %d, %d", which, who, ioprio) } -probe nd_syscall.ioprio_set.return = kernel.function("sys_ioprio_set").return ? { +probe nd_syscall.ioprio_set.return = kprobe.function("sys_ioprio_set").return ? +{ name = "ioprio_set" retstr = returnstr(1) } @@ -2103,20 +2512,24 @@ probe nd_syscall.ioprio_set.return = kernel.function("sys_ioprio_set").return ? # struct compat_kexec_segment __user *segments, # unsigned long flags) # -probe nd_syscall.kexec_load = - kernel.function("sys_kexec_load") ?, - kernel.function("compat_sys_kexec_load") ? +probe nd_syscall.kexec_load = kprobe.function("sys_kexec_load") ?, + kprobe.function("compat_sys_kexec_load") ? { name = "kexec_load" - entry = $entry - nr_segments = $nr_segments - segments_uaddr = $segments - flags = $flags - argstr = sprintf("%p, %d, %p, %d", $entry, $nr_segments, $segments, $flags) + // entry = $entry + // nr_segments = $nr_segments + // segments_uaddr = $segments + // flags = $flags + // argstr = sprintf("%p, %d, %p, %d", $entry, $nr_segments, $segments, $flags) + asmlinkage() + entry = ulong_arg(1) + nr_segments = ulong_arg(2) + segments_uaddr = pointer_arg(3) + flags = ulong_arg(4) + argstr = sprintf("%p, %d, %p, %d", entry, nr_segments, segments_uaddr, flags) } -probe nd_syscall.kexec_load.return = - kernel.function("sys_kexec_load").return ?, - kernel.function("compat_sys_kexec_load").return ? +probe nd_syscall.kexec_load.return = kprobe.function("sys_kexec_load").return ?, + kprobe.function("compat_sys_kexec_load").return ? { name = "kexec_load" retstr = returnstr(1) @@ -2130,17 +2543,17 @@ probe nd_syscall.kexec_load.return = # unsigned long arg5) # long compat_sys_keyctl(u32 option, u32 arg2, u32 arg3, u32 arg4, u32 arg5) # -probe nd_syscall.keyctl = - kernel.function("sys_keyctl") ?, - kernel.function("compat_sys_keyctl") ? +probe nd_syscall.keyctl = kprobe.function("sys_keyctl") ?, + kprobe.function("compat_sys_keyctl") ? { name = "keyctl" - argstr = sprintf("%d, ...", $option) + // argstr = sprintf("%d, ...", $option) + asmlinkage() + argstr = sprintf("%d, ...", uint_arg(1)) } -probe nd_syscall.keyctl.return = - kernel.function("sys_keyctl").return ?, - kernel.function("compat_sys_keyctl").return ? +probe nd_syscall.keyctl.return = kprobe.function("sys_keyctl").return ?, + kprobe.function("compat_sys_keyctl").return ? { name = "keyctl" retstr = returnstr(1) @@ -2148,13 +2561,19 @@ probe nd_syscall.keyctl.return = # kill _______________________________________________________ # long sys_kill(int pid, int sig) -probe nd_syscall.kill = kernel.function("sys_kill") { +probe nd_syscall.kill = kprobe.function("sys_kill") +{ name = "kill" - pid = $pid - sig = $sig - argstr = sprintf("%d, %s", $pid, _signal_name($sig)) + // pid = $pid + // sig = $sig + // argstr = sprintf("%d, %s", $pid, _signal_name($sig)) + asmlinkage() + pid = int_arg(1) + sig = int_arg(2) + argstr = sprintf("%d, %s", pid, _signal_name(sig)) } -probe nd_syscall.kill.return = kernel.function("sys_kill").return { +probe nd_syscall.kill.return = kprobe.function("sys_kill").return +{ name = "kill" retstr = returnstr(1) } @@ -2162,14 +2581,21 @@ probe nd_syscall.kill.return = kernel.function("sys_kill").return { # lchown _____________________________________________________ # long sys_lchown(const char __user * filename, uid_t user, gid_t group) # -probe nd_syscall.lchown = kernel.function("sys_lchown") { +probe nd_syscall.lchown = kprobe.function("sys_lchown") +{ name = "lchown" - path = user_string($filename) - owner = __int32($user) - group = __int32($group) - argstr = sprintf("%s, %d, %d",user_string_quoted($filename), owner, group) + // path = user_string($filename) + // owner = __int32($user) + // group = __int32($group) + // argstr = sprintf("%s, %d, %d", user_string_quoted($filename), owner, group) + asmlinkage() + path = user_string(pointer_arg(1)) + owner = __int32(uint_arg(2)) + group = __int32(uint_arg(3)) + argstr = sprintf("%s, %d, %d", user_string_quoted(pointer_arg(1)), owner, group) } -probe nd_syscall.lchown.return = kernel.function("sys_lchown").return { +probe nd_syscall.lchown.return = kprobe.function("sys_lchown").return +{ name = "lchown" retstr = returnstr(1) } @@ -2178,14 +2604,21 @@ probe nd_syscall.lchown.return = kernel.function("sys_lchown").return { # long sys_lchown16(const char __user * filename, old_uid_t user, # old_gid_t group) # -probe nd_syscall.lchown16 = kernel.function("sys_lchown16") ? { +probe nd_syscall.lchown16 = kprobe.function("sys_lchown16") ? +{ name = "lchown16" - path = user_string($filename) - owner = __short($user) - group = __short($group) - argstr = sprintf("%s, %d, %d", user_string_quoted($filename), owner, group) + // path = user_string($filename) + // owner = __short($user) + // group = __short($group) + // argstr = sprintf("%s, %d, %d", user_string_quoted($filename), owner, group) + asmlinkage() + path = user_string(pointer_arg(1)) + owner = __short(uint_arg(2)) + group = __short(uint_arg(3)) + argstr = sprintf("%s, %d, %d", user_string_quoted(pointer_arg(1)), owner, group) } -probe nd_syscall.lchown16.return = kernel.function("sys_lchown16").return ? { +probe nd_syscall.lchown16.return = kprobe.function("sys_lchown16").return ? +{ name = "lchown16" retstr = returnstr(1) } @@ -2195,47 +2628,81 @@ probe nd_syscall.lchown16.return = kernel.function("sys_lchown16").return ? { # void __user *value, # size_t size) # -probe nd_syscall.lgetxattr = kernel.function("sys_lgetxattr") { +probe nd_syscall.lgetxattr = kprobe.function("sys_lgetxattr") +{ name = "lgetxattr" - path = user_string($path) + // %( kernel_v >= "2.6.27" %? + // path = user_string($pathname) + // %: + // path = user_string($path) + // %) + // # FIXME + // name2 = user_string($name) + // value_uaddr = $value + // size = $size + // argstr = sprintf("%s, %s, %p, %d", + // %( kernel_v >= "2.6.27" %? + // user_string_quoted($pathname), + // %: + // user_string_quoted($path), + // %) + // user_string_quoted($name), + // value_uaddr, size) + asmlinkage() + path = user_string(pointer_arg(1)) # FIXME - name2 = user_string($name) - value_uaddr = $value - size = $size + name2 = user_string(pointer_arg(2)) + value_uaddr = pointer_arg(3) + size = ulong_arg(4) argstr = sprintf("%s, %s, %p, %d", - user_string_quoted($path), - user_string_quoted($name), + user_string_quoted(pointer_arg(1)), + user_string_quoted(pointer_arg(2)), value_uaddr, size) } -probe nd_syscall.lgetxattr.return = kernel.function("sys_lgetxattr").return { +probe nd_syscall.lgetxattr.return = kprobe.function("sys_lgetxattr").return +{ name = "lgetxattr" retstr = returnstr(1) } # link _______________________________________________________ # long sys_link(const char __user * oldname, # const char __user * newname) -probe nd_syscall.link = kernel.function("sys_link") { +probe nd_syscall.link = kprobe.function("sys_link") +{ name = "link" - oldpath = user_string($oldname) - newpath = user_string($newname) + // oldpath = user_string($oldname) + // newpath = user_string($newname) + // argstr = sprintf("%s, %s", + // user_string_quoted($oldname), + // user_string_quoted($newname)) + asmlinkage() + oldpath = user_string(pointer_arg(1)) + newpath = user_string(pointer_arg(2)) argstr = sprintf("%s, %s", - user_string_quoted($oldname), - user_string_quoted($newname)) + user_string_quoted(pointer_arg(1)), + user_string_quoted(pointer_arg(2))) } -probe nd_syscall.link.return = kernel.function("sys_link").return { +probe nd_syscall.link.return = kprobe.function("sys_link").return +{ name = "link" retstr = returnstr(1) } # listen _____________________________________________________ # long sys_listen(int fd, int backlog) -probe nd_syscall.listen = kernel.function("sys_listen") ? { +probe nd_syscall.listen = kprobe.function("sys_listen") ? +{ name = "listen" - sockfd = $fd - backlog = $backlog - argstr = sprintf("%d, %d", $fd, $backlog) + // sockfd = $fd + // backlog = $backlog + // argstr = sprintf("%d, %d", $fd, $backlog) + asmlinkage() + sockfd = int_arg(1) + backlog = int_arg(2) + argstr = sprintf("%d, %d", sockfd, backlog) } -probe nd_syscall.listen.return = kernel.function("sys_listen").return ? { +probe nd_syscall.listen.return = kprobe.function("sys_listen").return ? +{ name = "listen" retstr = returnstr(1) } @@ -2243,15 +2710,29 @@ probe nd_syscall.listen.return = kernel.function("sys_listen").return ? { # listxattr __________________________________________________ # ssize_t sys_listxattr(char __user *path, char __user *list, size_t size) # -probe nd_syscall.listxattr = kernel.function("sys_listxattr") { +probe nd_syscall.listxattr = kprobe.function("sys_listxattr") +{ name = "listxattr" - path_uaddr = $path - path = user_string($path) - list_uaddr = $list - size = $size - argstr = sprintf("%s, %p, %d", user_string_quoted($path), $list, $size) + // list_uaddr = $list + // size = $size + // %( kernel_v >= "2.6.27" %? + // path_uaddr = $pathname + // path = user_string($pathname) + // argstr = sprintf("%s, %p, %d", user_string_quoted($pathname), $list, $size) + // %: + // path_uaddr = $path + // path = user_string($path) + // argstr = sprintf("%s, %p, %d", user_string_quoted($path), $list, $size) + // %) + asmlinkage() + path_uaddr = pointer_arg(1) + path = user_string(path_uaddr) + list_uaddr = pointer_arg(2) + size = ulong_arg(3) + argstr = sprintf("%s, %p, %d", user_string_quoted(path_uaddr), list_uaddr, size) } -probe nd_syscall.listxattr.return = kernel.function("sys_listxattr").return { +probe nd_syscall.listxattr.return = kprobe.function("sys_listxattr").return +{ name = "listxattr" retstr = returnstr(1) } @@ -2259,15 +2740,29 @@ probe nd_syscall.listxattr.return = kernel.function("sys_listxattr").return { # llistxattr _________________________________________________ # ssize_t sys_llistxattr(char __user *path, char __user *list, size_t size) # -probe nd_syscall.llistxattr = kernel.function("sys_llistxattr") { +probe nd_syscall.llistxattr = kprobe.function("sys_llistxattr") +{ name = "llistxattr" - path_uaddr = $path - path = user_string($path) - list_uaddr = $list - size = $size - argstr = sprintf("%s, %p, %d", user_string_quoted($path), $list, $size) + // list_uaddr = $list + // size = $size + // %( kernel_v >= "2.6.27" %? + // path_uaddr = $pathname + // path = user_string($pathname) + // argstr = sprintf("%s, %p, %d", user_string_quoted($pathname), $list, $size) + // %: + // path_uaddr = $path + // path = user_string($path) + // argstr = sprintf("%s, %p, %d", user_string_quoted($path), $list, $size) + // %) + asmlinkage() + path_uaddr = pointer_arg(1) + path = user_string(path_uaddr) + list_uaddr = pointer_arg(2) + size = ulong_arg(3) + argstr = sprintf("%s, %p, %d", user_string_quoted(path_uaddr), list_uaddr, size) } -probe nd_syscall.llistxattr.return = kernel.function("sys_llistxattr").return { +probe nd_syscall.llistxattr.return = kprobe.function("sys_llistxattr").return +{ name = "llistxattr" retstr = returnstr(1) } @@ -2278,18 +2773,29 @@ probe nd_syscall.llistxattr.return = kernel.function("sys_llistxattr").return { # unsigned long offset_low, # loff_t __user * result, # unsigned int origin) -probe nd_syscall.llseek = kernel.function("sys_llseek") ? { +probe nd_syscall.llseek = kprobe.function("sys_llseek") ? +{ name = "llseek" - fd = $fd - offset_high = $offset_high - offset_low = $offset_low - result_uaddr = $result - whence = $origin - whence_str = _seek_whence_str($origin) - argstr = sprintf("%d, 0x%x, 0x%x, %p, %s", $fd, $offset_high, - $offset_low, $result, whence_str) -} -probe nd_syscall.llseek.return = kernel.function("sys_llseek").return ? { + // fd = $fd + // offset_high = $offset_high + // offset_low = $offset_low + // result_uaddr = $result + // whence = $origin + // whence_str = _seek_whence_str($origin) + // argstr = sprintf("%d, 0x%x, 0x%x, %p, %s", $fd, $offset_high, + // $offset_low, $result, whence_str) + asmlinkage() + fd = int_arg(1) + offset_high = ulong_arg(2) + offset_low = ulong_arg(3) + result_uaddr = pointer_arg(4) + whence = uint_arg(5) + whence_str = _seek_whence_str(whence) + argstr = sprintf("%d, 0x%x, 0x%x, %p, %s", fd, offset_high, + offset_low, result_uaddr, whence_str) +} +probe nd_syscall.llseek.return = kprobe.function("sys_llseek").return ? +{ name = "llseek" retstr = returnstr(1) } @@ -2297,14 +2803,21 @@ probe nd_syscall.llseek.return = kernel.function("sys_llseek").return ? { # lookup_dcookie _____________________________________________ # long sys_lookup_dcookie(u64 cookie64, char __user * buf, size_t len) # -probe nd_syscall.lookup_dcookie = kernel.function("sys_lookup_dcookie") ? { +probe nd_syscall.lookup_dcookie = kprobe.function("sys_lookup_dcookie") ? +{ name = "lookup_dcookie" - cookie = $cookie64 - buffer_uaddr = $buf - len = $len - argstr = sprintf("%d, %p, %d", $cookie64, $buf, $len) + // cookie = $cookie64 + // buffer_uaddr = $buf + // len = $len + // argstr = sprintf("%d, %p, %d", $cookie64, $buf, $len) + asmlinkage() + cookie = ulonglong_arg(1) + buffer_uaddr = pointer_arg(2) + len = ulong_arg(3) + argstr = sprintf("%d, %p, %d", cookie, buffer_uaddr, len) } -probe nd_syscall.lookup_dcookie.return = kernel.function("sys_lookup_dcookie").return ? { +probe nd_syscall.lookup_dcookie.return = kprobe.function("sys_lookup_dcookie").return ? +{ name = "lookup_dcookie" retstr = returnstr(1) } @@ -2312,31 +2825,53 @@ probe nd_syscall.lookup_dcookie.return = kernel.function("sys_lookup_dcookie").r # lremovexattr _______________________________________________ # long sys_lremovexattr(char __user *path, char __user *name) # -probe nd_syscall.lremovexattr = kernel.function("sys_lremovexattr") { +probe nd_syscall.lremovexattr = kprobe.function("sys_lremovexattr") +{ name = "lremovexattr" - path_uaddr = $path - path = user_string($path) - name_uaddr = $name - name2 = user_string($name) - argstr = sprintf("%s, %s", user_string_quoted($path), user_string_quoted($name)) + // name_uaddr = $name + // name2 = user_string($name) + // %( kernel_v >= "2.6.27" %? + // path_uaddr = $pathname + // path = user_string($pathname) + // argstr = sprintf("%s, %s", user_string_quoted($pathname), user_string_quoted($name)) + // %: + // path_uaddr = $path + // path = user_string($path) + // argstr = sprintf("%s, %s", user_string_quoted($path), user_string_quoted($name)) + // %) + asmlinkage() + path_uaddr = pointer_arg(1) + path = user_string(path_uaddr) + name_uaddr = pointer_arg(2) + name2 = user_string(name_uaddr) + argstr = sprintf("%s, %s", user_string_quoted(path_uaddr), user_string_quoted(name_uaddr)) } -probe nd_syscall.lremovexattr.return = kernel.function("sys_lremovexattr").return { +probe nd_syscall.lremovexattr.return = kprobe.function("sys_lremovexattr").return +{ name = "lremovexattr" retstr = returnstr(1) } # lseek ______________________________________________________ # off_t sys_lseek(unsigned int fd, off_t offset, unsigned int origin) -probe nd_syscall.lseek = kernel.function("sys_lseek") { - name = "lseek" - fildes = $fd -# offset = __int32($offset) - offset = $offset - whence = $origin - whence_str = _seek_whence_str($origin) - argstr = sprintf("%d, %d, %s", $fd, offset, whence_str) -} -probe nd_syscall.lseek.return = kernel.function("sys_lseek").return { +probe nd_syscall.lseek = kprobe.function("sys_lseek") +{ + // name = "lseek" + // fildes = $fd + // # offset = __int32($offset) + // offset = $offset + // whence = $origin + // whence_str = _seek_whence_str($origin) + // argstr = sprintf("%d, %d, %s", $fd, offset, whence_str) + asmlinkage() + fildes = int_arg(1) + offset = long_arg(2) + whence = uint_arg(3) + whence_str = _seek_whence_str(whence) + argstr = sprintf("%d, %d, %s", fildes, offset, whence_str) +} +probe nd_syscall.lseek.return = kprobe.function("sys_lseek").return +{ name = "lseek" retstr = returnstr(1) } @@ -2348,21 +2883,44 @@ probe nd_syscall.lseek.return = kernel.function("sys_lseek").return { # size_t size, # int flags) # -probe nd_syscall.lsetxattr = kernel.function("sys_lsetxattr") { +probe nd_syscall.lsetxattr = kprobe.function("sys_lsetxattr") +{ name = "lsetxattr" - path_uaddr = $path - path = user_string($path) - name_uaddr = $name - name_str = user_string($name) - value_uaddr = $value - size = $size - flags = $flags + // %( kernel_v >= "2.6.27" %? + // path_uaddr = $pathname + // path = user_string($pathname) + // %: + // path_uaddr = $path + // path = user_string($path) + // %) + // name_uaddr = $name + // name_str = user_string($name) + // value_uaddr = $value + // size = $size + // flags = $flags + // argstr = sprintf("%s, %s, %p, %d, %d", + // %( kernel_v >= "2.6.27" %? + // user_string_quoted($pathname), + // %: + // user_string_quoted($path), + // %) + // user_string_quoted($name), + // value_uaddr, $size, $flags) + asmlinkage() + path_uaddr = pointer_arg(1) + path = user_string(path_uaddr) + name_uaddr = pointer_arg(2) + name_str = user_string(name_uaddr) + value_uaddr = pointer_arg(3) + size = ulong_arg(4) + flags = int_arg(5) argstr = sprintf("%s, %s, %p, %d, %d", - user_string_quoted($path), - user_string_quoted($name), - value_uaddr, $size, $flags) + user_string_quoted(path_uaddr), + user_string_quoted(name_uaddr), + value_uaddr, size, flags) } -probe nd_syscall.lsetxattr.return = kernel.function("sys_lsetxattr").return { +probe nd_syscall.lsetxattr.return = kprobe.function("sys_lsetxattr").return +{ name = "lsetxattr" retstr = returnstr(1) } @@ -2376,26 +2934,28 @@ probe nd_syscall.lsetxattr.return = kernel.function("sys_lsetxattr").return { # long sys_oabi_lstat64(char __user * filename, # struct oldabi_stat64 __user * statbuf) # -probe nd_syscall.lstat = - kernel.function("sys_lstat") ?, - kernel.function("sys_newlstat") ?, - kernel.function("compat_sys_newlstat") ?, - kernel.function("sys32_lstat64") ?, - kernel.function("sys_lstat64") ?, - kernel.function("sys_oabi_lstat64") ? +probe nd_syscall.lstat = kprobe.function("sys_lstat") ?, + kprobe.function("sys_newlstat") ?, + kprobe.function("compat_sys_newlstat") ?, + kprobe.function("sys32_lstat64") ?, + kprobe.function("sys_lstat64") ?, + kprobe.function("sys_oabi_lstat64") ? { name = "lstat" - path = user_string($filename) - buf_uaddr = $statbuf - argstr = sprintf("%s, %p", user_string_quoted($filename), $statbuf) -} -probe nd_syscall.lstat.return = - kernel.function("sys_lstat").return ?, - kernel.function("sys_newlstat").return ?, - kernel.function("compat_sys_newlstat").return ?, - kernel.function("sys32_lstat64").return ?, - kernel.function("sys_lstat64").return ?, - kernel.function("sys_oabi_lstat64").return ? + // path = user_string($filename) + // buf_uaddr = $statbuf + // argstr = sprintf("%s, %p", user_string_quoted($filename), $statbuf) + asmlinkage() + path = user_string(pointer_arg(1)) + buf_uaddr = pointer_arg(2) + argstr = sprintf("%s, %p", user_string_quoted(pointer_arg(1)), buf_uaddr) +} +probe nd_syscall.lstat.return = kprobe.function("sys_lstat").return ?, + kprobe.function("sys_newlstat").return ?, + kprobe.function("compat_sys_newlstat").return ?, + kprobe.function("sys32_lstat64").return ?, + kprobe.function("sys_lstat64").return ?, + kprobe.function("sys_oabi_lstat64").return ? { name = "lstat" retstr = returnstr(1) @@ -2404,15 +2964,23 @@ probe nd_syscall.lstat.return = # madvise ____________________________________________________ # long sys_madvise(unsigned long start, size_t len_in, int behavior) # -probe nd_syscall.madvise = kernel.function("sys_madvise") ? { +probe nd_syscall.madvise = kprobe.function("sys_madvise") ? +{ name = "madvise" - start = $start - length = $len_in - advice = $behavior - advice_str = _madvice_advice_str($behavior) - argstr = sprintf("%p, %d, %s", $start, $len_in, _madvice_advice_str($behavior)) + // start = $start + // length = $len_in + // advice = $behavior + // advice_str = _madvice_advice_str($behavior) + // argstr = sprintf("%p, %d, %s", $start, $len_in, _madvice_advice_str($behavior)) + asmlinkage() + start = ulong_arg(1) + length = ulong_arg(2) + advice = int_arg(3) + advice_str = _madvice_advice_str(advice) + argstr = sprintf("%p, %d, %s", start, length, _madvice_advice_str(advice)) } -probe nd_syscall.madvise.return = kernel.function("sys_madvise").return ? { +probe nd_syscall.madvise.return = kprobe.function("sys_madvise").return ? +{ name = "madvise" retstr = returnstr(1) } @@ -2432,23 +3000,30 @@ probe nd_syscall.madvise.return = kernel.function("sys_madvise").return ? { # compat_ulong_t maxnode, # compat_ulong_t flags) # -probe nd_syscall.mbind = - kernel.function("sys_mbind") ?, - kernel.function("compat_sys_mbind") ? +probe nd_syscall.mbind = kprobe.function("sys_mbind") ?, + kprobe.function("compat_sys_mbind") ? { name = "mbind" - start = $start - len = $len - mode = $mode - nmask_uaddr = $nmask - maxnode = $maxnode - flags = $flags - argstr = sprintf("%d, %d, %d, %p, %d, 0x%x", $start, $len, $mode, - $nmask, $maxnode, $flags) -} -probe nd_syscall.mbind.return = - kernel.function("sys_mbind").return ?, - kernel.function("compat_sys_mbind").return ? + // start = $start + // len = $len + // mode = $mode + // nmask_uaddr = $nmask + // maxnode = $maxnode + // flags = $flags + // argstr = sprintf("%d, %d, %d, %p, %d, 0x%x", $start, $len, $mode, + // $nmask, $maxnode, $flags) + asmlinkage() + start = ulong_arg(1) + len = long_arg(2) + mode = ulong_arg(3) + nmask_uaddr = pointer_arg(4) + maxnode = ulong_arg(5) + flags = uint_arg(6) + argstr = sprintf("%d, %d, %d, %p, %d, 0x%x", start, len, mode, + nmask_uaddr, maxnode, flags) +} +probe nd_syscall.mbind.return = kprobe.function("sys_mbind").return ?, + kprobe.function("compat_sys_mbind").return ? { name = "mbind" retstr = returnstr(1) @@ -2458,11 +3033,15 @@ probe nd_syscall.mbind.return = # long sys_migrate_pages(pid_t pid, unsigned long maxnode, # const unsigned long __user *old_nodes, # const unsigned long __user *new_nodes) -probe nd_syscall.migrate_pages = kernel.function("sys_migrate_pages") ? { +probe nd_syscall.migrate_pages = kprobe.function("sys_migrate_pages") ? +{ name = "migrate_pages" - argstr = sprintf("%d, %d, %p, %p", $pid, $maxnode, $old_nodes, $new_nodes) + // argstr = sprintf("%d, %d, %p, %p", $pid, $maxnode, $old_nodes, $new_nodes) + asmlinkage() + argstr = sprintf("%d, %d, %p, %p", int_arg(1), ulong_arg(2), pointer_arg(3), pointer_arg(4)) } -probe nd_syscall.migrate_pages.return = kernel.function("sys_migrate_pages").return ? { +probe nd_syscall.migrate_pages.return = kprobe.function("sys_migrate_pages").return ? +{ name = "migrate_pages" retstr = returnstr(1) } @@ -2470,28 +3049,42 @@ probe nd_syscall.migrate_pages.return = kernel.function("sys_migrate_pages").ret # mincore ____________________________________________________ # long sys_mincore(unsigned long start, size_t len, unsigned char __user * vec) # -probe nd_syscall.mincore = kernel.function("sys_mincore") ? { +probe nd_syscall.mincore = kprobe.function("sys_mincore") ? +{ name = "mincore" - start = $start - length = $len - vec_uaddr = $vec - argstr = sprintf("%p, %d, %p", $start, $len, $vec) + // start = $start + // length = $len + // vec_uaddr = $vec + // argstr = sprintf("%p, %d, %p", $start, $len, $vec) + asmlinkage() + start = ulong_arg(1) + length = ulong_arg(2) + vec_uaddr = pointer_arg(3) + argstr = sprintf("%p, %d, %p", start, length, vec_uaddr) } -probe nd_syscall.mincore.return = kernel.function("sys_mincore").return ? { +probe nd_syscall.mincore.return = kprobe.function("sys_mincore").return ? +{ name = "mincore" retstr = returnstr(1) } # mkdir ______________________________________________________ # long sys_mkdir(const char __user * pathname, int mode) -probe nd_syscall.mkdir = kernel.function("sys_mkdir") { +probe nd_syscall.mkdir = kprobe.function("sys_mkdir") +{ name = "mkdir" - pathname_uaddr = $pathname - pathname = user_string($pathname) - mode = $mode - argstr = sprintf("%s, %#o", user_string_quoted($pathname), $mode) + // pathname_uaddr = $pathname + // pathname = user_string($pathname) + // mode = $mode + // argstr = sprintf("%s, %#o", user_string_quoted($pathname), $mode) + asmlinkage() + pathname_uaddr = pointer_arg(1) + pathname = user_string(pathname_uaddr) + mode = int_arg(2) + argstr = sprintf("%s, %#o", user_string_quoted(pathname_uaddr), mode) } -probe nd_syscall.mkdir.return = kernel.function("sys_mkdir").return { +probe nd_syscall.mkdir.return = kprobe.function("sys_mkdir").return +{ name = "mkdir" retstr = returnstr(1) } @@ -2499,29 +3092,43 @@ probe nd_syscall.mkdir.return = kernel.function("sys_mkdir").return { # mkdirat ____________________________________________________ # new function with 2.6.16 # long sys_mkdirat(int dfd, const char __user *pathname, int mode) -probe nd_syscall.mkdirat = kernel.function("sys_mkdirat") ? { +probe nd_syscall.mkdirat = kprobe.function("sys_mkdirat") ? +{ name = "mkdirat" - dirfd = $dfd - pathname = user_string($pathname) - mode = $mode - argstr = sprintf("%d, %s, %#o", $dfd, user_string_quoted($pathname), $mode) + // dirfd = $dfd + // pathname = user_string($pathname) + // mode = $mode + // argstr = sprintf("%d, %s, %#o", $dfd, user_string_quoted($pathname), $mode) + asmlinkage() + dirfd = int_arg(1) + pathname = user_string(pointer_arg(2)) + mode = int_arg(3) + argstr = sprintf("%d, %s, %#o", dirfd, user_string_quoted(pointer_arg(2)), mode) } -probe nd_syscall.mkdirat.return = kernel.function("sys_mkdirat").return ? { +probe nd_syscall.mkdirat.return = kprobe.function("sys_mkdirat").return ? +{ name = "mkdirat" retstr = returnstr(1) } # mknod # long sys_mknod(const char __user * filename, int mode, unsigned dev) -probe nd_syscall.mknod = kernel.function("sys_mknod") { +probe nd_syscall.mknod = kprobe.function("sys_mknod") +{ name = "mknod" - pathname = user_string($filename) - mode = $mode - dev = $dev - argstr = sprintf("%s, %s, %p", user_string_quoted($filename), _mknod_mode_str($mode), dev) + // pathname = user_string($filename) + // mode = $mode + // dev = $dev + // argstr = sprintf("%s, %s, %p", user_string_quoted($filename), _mknod_mode_str($mode), dev) + asmlinkage() + pathname = user_string(pointer_arg(1)) + mode = int_arg(2) + dev = uint_arg(3) + argstr = sprintf("%s, %s, %p", user_string_quoted(pointer_arg(1)), _mknod_mode_str(mode), dev) } -probe nd_syscall.mknod.return = kernel.function("sys_mknod").return { +probe nd_syscall.mknod.return = kprobe.function("sys_mknod").return +{ name = "mknod" retstr = returnstr(1) } @@ -2530,13 +3137,19 @@ probe nd_syscall.mknod.return = kernel.function("sys_mknod").return { # # long sys_mlock(unsigned long start, size_t len) # -probe nd_syscall.mlock = kernel.function("sys_mlock") ? { +probe nd_syscall.mlock = kprobe.function("sys_mlock") ? +{ name = "mlock" - addr = $start - len = $len - argstr = sprintf("%p, %d", $start, $len) + // addr = $start + // len = $len + // argstr = sprintf("%p, %d", $start, $len) + asmlinkage() + addr = ulong_arg(1) + len = ulong_arg(2) + argstr = sprintf("%p, %d", addr, len) } -probe nd_syscall.mlock.return = kernel.function("sys_mlock").return ? { +probe nd_syscall.mlock.return = kprobe.function("sys_mlock").return ? +{ name = "mlock" retstr = returnstr(1) } @@ -2544,12 +3157,17 @@ probe nd_syscall.mlock.return = kernel.function("sys_mlock").return ? { # # long sys_mlockall(int flags) # -probe nd_syscall.mlockall = kernel.function("sys_mlockall") ? { +probe nd_syscall.mlockall = kprobe.function("sys_mlockall") ? +{ name = "mlockall" - flags = $flags - argstr = _mlockall_flags_str($flags) + // flags = $flags + // argstr = _mlockall_flags_str($flags) + asmlinkage() + flags = int_arg(1) + argstr = _mlockall_flags_str(flags) } -probe nd_syscall.mlockall.return = kernel.function("sys_mlockall").return ? { +probe nd_syscall.mlockall.return = kprobe.function("sys_mlockall").return ? +{ name = "mlockall" retstr = returnstr(1) } @@ -2557,14 +3175,21 @@ probe nd_syscall.mlockall.return = kernel.function("sys_mlockall").return ? { # modify_ldt _________________________________________________ # int sys_modify_ldt(int func, void __user *ptr, unsigned long bytecount) # -probe nd_syscall.modify_ldt = kernel.function("sys_modify_ldt") ? { +probe nd_syscall.modify_ldt = kprobe.function("sys_modify_ldt") ? +{ name = "modify_ldt" - func = $func - ptr_uaddr = $ptr - bytecount = $bytecount - argstr = sprintf("%d, %p, %d", $func, $ptr, $bytecount) + // func = $func + // ptr_uaddr = $ptr + // bytecount = $bytecount + // argstr = sprintf("%d, %p, %d", $func, $ptr, $bytecount) + asmlinkage() + func = int_arg(1) + ptr_uaddr = pointer_arg(2) + bytecount = ulong_arg(3) + argstr = sprintf("%d, %p, %d", func, ptr_uaddr, bytecount) } -probe nd_syscall.modify_ldt.return = kernel.function("sys_modify_ldt").return ? { +probe nd_syscall.modify_ldt.return = kprobe.function("sys_modify_ldt").return ? +{ name = "modify_ldt" retstr = returnstr(1) } @@ -2582,16 +3207,16 @@ probe nd_syscall.modify_ldt.return = kernel.function("sys_modify_ldt").return ? # int __user *status, # int flags) # -probe nd_syscall.move_pages = - kernel.function("sys_move_pages") ?, - kernel.function("compat_sys_move_pages") ? +probe nd_syscall.move_pages = kprobe.function("sys_move_pages") ?, + kprobe.function("compat_sys_move_pages") ? { name = "move_pages" - argstr = sprintf("%d, %d, %p, %p, 0x%x", $pid, $nr_pages, $nodes, $status, $flags) + // argstr = sprintf("%d, %d, %p, %p, 0x%x", $pid, $nr_pages, $nodes, $status, $flags) + asmlinkage() + argstr = sprintf("%d, %d, %p, %p, 0x%x", int_arg(1), ulong_arg(2), pointer_arg(4), pointer_arg(5), int_arg(6)) } -probe nd_syscall.move_pages.return = - kernel.function("sys_move_pages").return ?, - kernel.function("compat_sys_move_pages").return ? +probe nd_syscall.move_pages.return = kprobe.function("sys_move_pages").return ?, + kprobe.function("compat_sys_move_pages").return ? { name = "move_pages" retstr = returnstr(1) @@ -2608,26 +3233,36 @@ probe nd_syscall.move_pages.return = # char __user * type, # unsigned long flags, # void __user * data) -probe nd_syscall.mount = - kernel.function("sys_mount"), - kernel.function("compat_sys_mount") ? +probe nd_syscall.mount = kprobe.function("sys_mount"), + kprobe.function("compat_sys_mount") ? { name = "mount" - source = user_string($dev_name) - target = user_string($dir_name) - filesystemtype = user_string($type) - mountflags = $flags - mountflags_str = _mountflags_str($flags) - data = text_strn(user_string($data),syscall_string_trunc,1) + // source = user_string($dev_name) + // target = user_string($dir_name) + // filesystemtype = user_string($type) + // mountflags = $flags + // mountflags_str = _mountflags_str($flags) + // data = text_strn(user_string($data), syscall_string_trunc, 1) + // argstr = sprintf("%s, %s, %s, %s, %s", + // user_string_quoted($dev_name), + // user_string_quoted($dir_name), + // user_string_quoted($type), + // mountflags_str, data) + asmlinkage() + source = user_string(pointer_arg(1)) + target = user_string(pointer_arg(2)) + filesystemtype = user_string(pointer_arg(3)) + mountflags = ulong_arg(4) + mountflags_str = _mountflags_str(mountflags) + data = text_strn(user_string(pointer_arg(5)), syscall_string_trunc, 1) argstr = sprintf("%s, %s, %s, %s, %s", - user_string_quoted($dev_name), - user_string_quoted($dir_name), - user_string_quoted($type), + user_string_quoted(pointer_arg(1)), + user_string_quoted(pointer_arg(2)), + user_string_quoted(pointer_arg(3)), mountflags_str, data) } -probe nd_syscall.mount.return = - kernel.function("sys_mount").return, - kernel.function("compat_sys_mount").return ? +probe nd_syscall.mount.return = kprobe.function("sys_mount").return, + kprobe.function("compat_sys_mount").return ? { name = "mount" retstr = returnstr(1) @@ -2636,15 +3271,23 @@ probe nd_syscall.mount.return = # mprotect ___________________________________________________ # long sys_mprotect(unsigned long start, size_t len, unsigned long prot) # -probe nd_syscall.mprotect = kernel.function("sys_mprotect") ? { +probe nd_syscall.mprotect = kprobe.function("sys_mprotect") ? +{ name = "mprotect" - addr = $start - len = $len - prot = $prot - prot_str = _mprotect_prot_str($prot) - argstr = sprintf("%p, %d, %s", $start, $len, _mprotect_prot_str($prot)) + // addr = $start + // len = $len + // prot = $prot + // prot_str = _mprotect_prot_str($prot) + // argstr = sprintf("%p, %d, %s", $start, $len, _mprotect_prot_str($prot)) + asmlinkage() + addr = ulong_arg(1) + len = ulong_arg(2) + prot = ulong_arg(3) + prot_str = _mprotect_prot_str(prot) + argstr = sprintf("%p, %d, %s", addr, len, _mprotect_prot_str(prot)) } -probe nd_syscall.mprotect.return = kernel.function("sys_mprotect").return ? { +probe nd_syscall.mprotect.return = kprobe.function("sys_mprotect").return ? +{ name = "mprotect" retstr = returnstr(1) } @@ -2657,19 +3300,22 @@ probe nd_syscall.mprotect.return = kernel.function("sys_mprotect").return ? { # const struct compat_mq_attr __user *u_mqstat, # struct compat_mq_attr __user *u_omqstat) # -probe nd_syscall.mq_getsetattr = - kernel.function("sys_mq_getsetattr") ?, - kernel.function("compat_sys_mq_getsetattr") ? +probe nd_syscall.mq_getsetattr = kprobe.function("sys_mq_getsetattr") ?, + kprobe.function("compat_sys_mq_getsetattr") ? { name = "mq_getsetattr" - mqdes = $mqdes - u_mqstat_uaddr = $u_mqstat - u_omqstat_uaddr = $u_omqstat - argstr = sprintf("%d, %p, %p", $mqdes, $u_mqstat, $u_omqstat) + // mqdes = $mqdes + // u_mqstat_uaddr = $u_mqstat + // u_omqstat_uaddr = $u_omqstat + // argstr = sprintf("%d, %p, %p", $mqdes, $u_mqstat, $u_omqstat) + asmlinkage() + mqdes = int_arg(1) + u_mqstat_uaddr = pointer_arg(2) + u_omqstat_uaddr = pointer_arg(3) + argstr = sprintf("%d, %p, %p", mqdes, u_mqstat_uaddr, u_omqstat_uaddr) } -probe nd_syscall.mq_getsetattr.return = - kernel.function("sys_mq_getsetattr").return ?, - kernel.function("compat_sys_mq_getsetattr").return ? +probe nd_syscall.mq_getsetattr.return = kprobe.function("sys_mq_getsetattr").return ?, + kprobe.function("compat_sys_mq_getsetattr").return ? { name = "mq_getsetattr" retstr = returnstr(1) @@ -2679,18 +3325,20 @@ probe nd_syscall.mq_getsetattr.return = # long sys_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification) # long compat_sys_mq_notify(mqd_t mqdes, const struct compat_sigevent __user *u_notification) # -probe nd_syscall.mq_notify = - kernel.function("sys_mq_notify") ?, - kernel.function("compat_sys_mq_notify") ? +probe nd_syscall.mq_notify = kprobe.function("sys_mq_notify") ?, + kprobe.function("compat_sys_mq_notify") ? { name = "mq_notify" - mqdes = $mqdes - notification_uaddr = $u_notification - argstr = sprintf("%d, %p", $mqdes, $u_notification) + // mqdes = $mqdes + // notification_uaddr = $u_notification + // argstr = sprintf("%d, %p", $mqdes, $u_notification) + asmlinkage() + mqdes = int_arg(1) + notification_uaddr = pointer_arg(2) + argstr = sprintf("%d, %p", mqdes, notification_uaddr) } -probe nd_syscall.mq_notify.return = - kernel.function("sys_mq_notify").return ?, - kernel.function("compat_sys_mq_notify").return ? +probe nd_syscall.mq_notify.return = kprobe.function("sys_mq_notify").return ?, + kprobe.function("compat_sys_mq_notify").return ? { name = "mq_notify" retstr = returnstr(1) @@ -2705,9 +3353,8 @@ probe nd_syscall.mq_notify.return = # int oflag, compat_mode_t mode, # struct compat_mq_attr __user *u_attr) # -probe nd_syscall.mq_open = - kernel.function("sys_mq_open") ?, - kernel.function("compat_sys_mq_open") ? +probe nd_syscall.mq_open = kprobe.function("sys_mq_open") ?, + kprobe.function("compat_sys_mq_open") ? { name = "mq_open" // name_uaddr = $u_name @@ -2733,9 +3380,8 @@ probe nd_syscall.mq_open = else argstr = sprintf("%s, %s", user_string_quoted(name_uaddr), _sys_open_flag_str(oflag)) } -probe nd_syscall.mq_open.return = - kernel.function("sys_mq_open").return ?, - kernel.function("compat_sys_mq_open").return ? +probe nd_syscall.mq_open.return = kprobe.function("sys_mq_open").return ?, + kprobe.function("compat_sys_mq_open").return ? { name = "mq_open" retstr = returnstr(1) @@ -2752,22 +3398,28 @@ probe nd_syscall.mq_open.return = # size_t msg_len, unsigned int __user *u_msg_prio, # const struct compat_timespec __user *u_abs_timeout) # -probe nd_syscall.mq_timedreceive = - kernel.function("sys_mq_timedreceive") ?, - kernel.function("compat_sys_mq_timedreceive") ? +probe nd_syscall.mq_timedreceive = kprobe.function("sys_mq_timedreceive") ?, + kprobe.function("compat_sys_mq_timedreceive") ? { name = "mq_timedreceive" - mqdes = $mqdes - msg_ptr_uaddr = $u_msg_ptr - msg_len = $msg_len - msg_prio_uaddr = $u_msg_prio - abs_timout_uaddr = $u_abs_timeout - argstr = sprintf("%d, %p, %d, %p, %p", $mqdes, $u_msg_ptr, $msg_len, - $u_msg_prio, $u_abs_timeout) -} -probe nd_syscall.mq_timedreceive.return = - kernel.function("sys_mq_timedreceive").return ?, - kernel.function("compat_sys_mq_timedreceive").return ? + // mqdes = $mqdes + // msg_ptr_uaddr = $u_msg_ptr + // msg_len = $msg_len + // msg_prio_uaddr = $u_msg_prio + // abs_timout_uaddr = $u_abs_timeout + // argstr = sprintf("%d, %p, %d, %p, %p", $mqdes, $u_msg_ptr, $msg_len, + // $u_msg_prio, $u_abs_timeout) + asmlinkage() + mqdes = int_arg(1) + msg_ptr_uaddr = pointer_arg(2) + msg_len = ulong_arg(3) + msg_prio_uaddr = pointer_arg(4) + abs_timeout_uaddr = pointer_arg(5) + argstr = sprintf("%d, %p, %d, %p, %p", mqdes, msg_ptr_uaddr, msg_len, + msg_prio_uaddr, abs_timeout_uaddr) +} +probe nd_syscall.mq_timedreceive.return = kprobe.function("sys_mq_timedreceive").return ?, + kprobe.function("compat_sys_mq_timedreceive").return ? { name = "mq_timedreceive" retstr = returnstr(1) @@ -2784,22 +3436,28 @@ probe nd_syscall.mq_timedreceive.return = # size_t msg_len, unsigned int msg_prio, # const struct compat_timespec __user *u_abs_timeout) # -probe nd_syscall.mq_timedsend = - kernel.function("sys_mq_timedsend") ?, - kernel.function("compat_sys_mq_timedsend") ? +probe nd_syscall.mq_timedsend = kprobe.function("sys_mq_timedsend") ?, + kprobe.function("compat_sys_mq_timedsend") ? { name = "mq_timedsend" - mqdes = $mqdes - msg_ptr_uaddr = $u_msg_ptr - msg_len = $msg_len - msg_prio = $msg_prio - abs_timeout_uaddr = $u_abs_timeout - argstr = sprintf("%d, %p, %d, %d, %p", $mqdes, $u_msg_ptr, $msg_len, - $msg_prio, $u_abs_timeout) -} -probe nd_syscall.mq_timedsend.return = - kernel.function("sys_mq_timedsend").return ?, - kernel.function("compat_sys_mq_timedsend").return ? + // mqdes = $mqdes + // msg_ptr_uaddr = $u_msg_ptr + // msg_len = $msg_len + // msg_prio = $msg_prio + // abs_timeout_uaddr = $u_abs_timeout + // argstr = sprintf("%d, %p, %d, %d, %p", $mqdes, $u_msg_ptr, $msg_len, + // $msg_prio, $u_abs_timeout) + asmlinkage() + mqdes = int_arg(1) + msg_ptr_uaddr = pointer_arg(2) + msg_len = ulong_arg(3) + msg_prio = uint_arg(4) + abs_timeout_uaddr = pointer_arg(5) + argstr = sprintf("%d, %p, %d, %d, %p", mqdes, msg_ptr_uaddr, msg_len, + msg_prio, abs_timeout_uaddr) +} +probe nd_syscall.mq_timedsend.return = kprobe.function("sys_mq_timedsend").return ?, + kprobe.function("compat_sys_mq_timedsend").return ? { name = "mq_timedsend" retstr = returnstr(1) @@ -2808,13 +3466,19 @@ probe nd_syscall.mq_timedsend.return = # mq_unlink __________________________________________________ # long sys_mq_unlink(const char __user *u_name) # -probe nd_syscall.mq_unlink = kernel.function("sys_mq_unlink") ? { +probe nd_syscall.mq_unlink = kprobe.function("sys_mq_unlink") ? +{ name = "mq_unlink" - u_name_uaddr = $u_name - u_name = user_string($u_name) - argstr = user_string_quoted($u_name) + // u_name_uaddr = $u_name + // u_name = user_string($u_name) + // argstr = user_string_quoted($u_name) + asmlinkage() + u_name_uaddr = pointer_arg(1) + u_name = user_string(u_name_uaddr) + argstr = user_string_quoted(u_name_uaddr) } -probe nd_syscall.mq_unlink.return = kernel.function("sys_mq_unlink").return ? { +probe nd_syscall.mq_unlink.return = kprobe.function("sys_mq_unlink").return ? +{ name = "mq_unlink" retstr = returnstr(1) } @@ -2826,22 +3490,28 @@ probe nd_syscall.mq_unlink.return = kernel.function("sys_mq_unlink").return ? { # unsigned long flags, # unsigned long new_addr) # -probe nd_syscall.mremap = - kernel.function("sys_mremap") ?, - kernel.function("ia64_mremap") ? +probe nd_syscall.mremap = kprobe.function("sys_mremap") ?, + kprobe.function("ia64_mremap") ? { name = "mremap" - old_address = $addr - old_size = $old_len - new_size = $new_len - flags = $flags - new_address = $new_addr - argstr = sprintf("%p, %d, %d, %s, %p", $addr, $old_len, $new_len, - _mremap_flags($flags), $new_addr) -} -probe nd_syscall.mremap.return = - kernel.function("sys_mremap").return ?, - kernel.function("ia64_mremap").return ? + // old_address = $addr + // old_size = $old_len + // new_size = $new_len + // flags = $flags + // new_address = $new_addr + // argstr = sprintf("%p, %d, %d, %s, %p", $addr, $old_len, $new_len, + // _mremap_flags($flags), $new_addr) + asmlinkage() + old_address = ulong_arg(1) + old_size = ulong_arg(2) + new_size = ulong_arg(3) + flags = ulong_arg(4) + new_address = ulong_arg(5) + argstr = sprintf("%p, %d, %d, %s, %p", old_address, old_size, new_size, + _mremap_flags(flags), new_address) +} +probe nd_syscall.mremap.return = kprobe.function("sys_mremap").return ?, + kprobe.function("ia64_mremap").return ? { name = "mremap" retstr = returnstr(2) @@ -2850,14 +3520,21 @@ probe nd_syscall.mremap.return = # msgctl _____________________________________________________ # long sys_msgctl (int msqid, int cmd, struct msqid_ds __user *buf) # -probe nd_syscall.msgctl = kernel.function("sys_msgctl") ? { +probe nd_syscall.msgctl = kprobe.function("sys_msgctl") ? +{ name = "msgctl" - msqid = $msqid - cmd = $cmd - buf_uaddr = $buf - argstr = sprintf("%d, %d, %p", $msqid, $cmd, $buf) + // msqid = $msqid + // cmd = $cmd + // buf_uaddr = $buf + // argstr = sprintf("%d, %d, %p", $msqid, $cmd, $buf) + asmlinkage() + msqid = int_arg(1) + cmd = int_arg(2) + buf_uaddr = pointer_arg(3) + argstr = sprintf("%d, %d, %p", msqid, cmd, buf_uaddr) } -probe nd_syscall.msgctl.return = kernel.function("sys_msgctl").return ? { +probe nd_syscall.msgctl.return = kprobe.function("sys_msgctl").return ? +{ name = "msgctl" retstr = returnstr(1) } @@ -2865,11 +3542,15 @@ probe nd_syscall.msgctl.return = kernel.function("sys_msgctl").return ? { # # long compat_sys_msgctl(int first, int second, void __user *uptr) # -probe nd_syscall.compat_sys_msgctl = kernel.function("compat_sys_msgctl") ? { +probe nd_syscall.compat_sys_msgctl = kprobe.function("compat_sys_msgctl") ? +{ name = "compat_sys_msgctl" - argstr = sprintf("%d, %d, %p", $first, $second, $uptr) + // argstr = sprintf("%d, %d, %p", $first, $second, $uptr) + asmlinkage() + argstr = sprintf("%d, %d, %p", int_arg(1), int_arg(2), pointer_arg(3)) } -probe nd_syscall.compat_sys_msgctl.return = kernel.function("compat_sys_msgctl").return ? { +probe nd_syscall.compat_sys_msgctl.return = kprobe.function("compat_sys_msgctl").return ? +{ name = "compat_sys_msgctl" retstr = returnstr(1) } @@ -2877,14 +3558,21 @@ probe nd_syscall.compat_sys_msgctl.return = kernel.function("compat_sys_msgctl") # msgget _____________________________________________________ # long sys_msgget (key_t key, int msgflg) # -probe nd_syscall.msgget = kernel.function("sys_msgget") ? { +probe nd_syscall.msgget = kprobe.function("sys_msgget") ? +{ name = "msgget" - key = $key - msgflg = $msgflg - msgflg_str = _sys_open_flag_str($msgflg) - argstr = sprintf("%d, %s", $key, _sys_open_flag_str($msgflg)) + // key = $key + // msgflg = $msgflg + // msgflg_str = _sys_open_flag_str($msgflg) + // argstr = sprintf("%d, %s", $key, _sys_open_flag_str($msgflg)) + asmlinkage() + key = int_arg(1) + msgflg = int_arg(2) + msgflg_str = _sys_open_flag_str(msgflg) + argstr = sprintf("%d, %s", key, _sys_open_flag_str(msgflg)) } -probe nd_syscall.msgget.return = kernel.function("sys_msgget").return ? { +probe nd_syscall.msgget.return = kprobe.function("sys_msgget").return ? +{ name = "msgget" retstr = returnstr(1) } @@ -2896,16 +3584,25 @@ probe nd_syscall.msgget.return = kernel.function("sys_msgget").return ? { # long msgtyp, # int msgflg) # -probe nd_syscall.msgrcv = kernel.function("sys_msgrcv") ? { +probe nd_syscall.msgrcv = kprobe.function("sys_msgrcv") ? +{ name = "msgrcv" - msqid = $msqid - msgp_uaddr = $msgp - msgsz = $msgsz - msgtyp = $msgtyp - msgflg = $msgflg - argstr = sprintf("%d, %p, %d, %d, %d", $msqid, $msgp, $msgsz, $msgtyp, $msgflg) -} -probe nd_syscall.msgrcv.return = kernel.function("sys_msgrcv").return ? { + // msqid = $msqid + // msgp_uaddr = $msgp + // msgsz = $msgsz + // msgtyp = $msgtyp + // msgflg = $msgflg + // argstr = sprintf("%d, %p, %d, %d, %d", $msqid, $msgp, $msgsz, $msgtyp, $msgflg) + asmlinkage() + msqid = int_arg(1) + msgp_uaddr = pointer_arg(2) + msgsz = ulong_arg(3) + msgtyp = long_arg(4) + msgflg = int_arg(5) + argstr = sprintf("%d, %p, %d, %d, %d", msqid, msgp_uaddr, msgsz, msgtyp, msgflg) +} +probe nd_syscall.msgrcv.return = kprobe.function("sys_msgrcv").return ? +{ name = "msgrcv" retstr = returnstr(1) } @@ -2914,11 +3611,15 @@ probe nd_syscall.msgrcv.return = kernel.function("sys_msgrcv").return ? { # long compat_sys_msgrcv(int first, int second, int msgtyp, int third, # int version, void __user *uptr) # -probe nd_syscall.compat_sys_msgrcv = kernel.function("compat_sys_msgrcv") ? { +probe nd_syscall.compat_sys_msgrcv = kprobe.function("compat_sys_msgrcv") ? +{ name = "compat_sys_msgrcv" - argstr = sprintf("%d, %d, %d, %p", $first, $second, $third, $uptr) + // argstr = sprintf("%d, %d, %d, %p", $first, $second, $third, $uptr) + asmlinkage() + argstr = sprintf("%d, %d, %d, %p", int_arg(1), int_arg(2), int_arg(3), pointer_arg(5)) } -probe nd_syscall.compat_sys_msgrcv.return = kernel.function("compat_sys_msgrcv").return ? { +probe nd_syscall.compat_sys_msgrcv.return = kprobe.function("compat_sys_msgrcv").return ? +{ name = "compat_sys_msgrcv" retstr = returnstr(1) } @@ -2929,15 +3630,23 @@ probe nd_syscall.compat_sys_msgrcv.return = kernel.function("compat_sys_msgrcv") # size_t msgsz, # int msgflg) # -probe nd_syscall.msgsnd = kernel.function("sys_msgsnd") ? { +probe nd_syscall.msgsnd = kprobe.function("sys_msgsnd") ? +{ name = "msgsnd" - msqid = $msqid - msgp_uaddr = $msgp - msgsz = $msgsz - msgflg = $msgflg - argstr = sprintf("%d, %p, %d, %d", $msqid, $msgp, $msgsz, $msgflg) + // msqid = $msqid + // msgp_uaddr = $msgp + // msgsz = $msgsz + // msgflg = $msgflg + // argstr = sprintf("%d, %p, %d, %d", $msqid, $msgp, $msgsz, $msgflg) + asmlinkage() + msqid = int_arg(1) + msgp_uaddr = pointer_arg(2) + msgsz = ulong_arg(3) + msgflg = int_arg(4) + argstr = sprintf("%d, %p, %d, %d", msqid, msgp_uaddr, msgsz, msgflg) } -probe nd_syscall.msgsnd.return = kernel.function("sys_msgsnd").return ? { +probe nd_syscall.msgsnd.return = kprobe.function("sys_msgsnd").return ? +{ name = "msgsnd" retstr = returnstr(1) } @@ -2945,62 +3654,84 @@ probe nd_syscall.msgsnd.return = kernel.function("sys_msgsnd").return ? { # # long compat_sys_msgsnd(int first, int second, int third, void __user *uptr) # -probe nd_syscall.compat_sys_msgsnd = kernel.function("compat_sys_msgsnd") ? { +probe nd_syscall.compat_sys_msgsnd = kprobe.function("compat_sys_msgsnd") ? +{ name = "compat_sys_msgsnd" - argstr = sprintf("%d, %d, %d, %p", $first, $second, $third, $uptr) + // argstr = sprintf("%d, %d, %d, %p", $first, $second, $third, $uptr) + asmlinkage() + argstr = sprintf("%d, %d, %d, %p", int_arg(1), int_arg(2), int_arg(3), pointer_arg(4)) } -probe nd_syscall.compat_sys_msgsnd.return = kernel.function("compat_sys_msgsnd").return ? { +probe nd_syscall.compat_sys_msgsnd.return = kprobe.function("compat_sys_msgsnd").return ? +{ name = "compat_sys_msgsnd" retstr = returnstr(1) } # msync ______________________________________________________ # long sys_msync(unsigned long start, size_t len, int flags) -probe nd_syscall.msync = kernel.function("sys_msync") ? { +probe nd_syscall.msync = kprobe.function("sys_msync") ? +{ name = "msync" - start = $start - length = $len - flags = $flags - argstr = sprintf("%p, %d, %s",start, length, _msync_flag_str(flags)) + // start = $start + // length = $len + // flags = $flags + asmlinkage() + start = ulong_arg(1) + length = ulong_arg(2) + flags = int_arg(3) + argstr = sprintf("%p, %d, %s", start, length, _msync_flag_str(flags)) } -probe nd_syscall.msync.return = kernel.function("sys_msync").return ? { +probe nd_syscall.msync.return = kprobe.function("sys_msync").return ? +{ name = "msync" retstr = returnstr(1) } # munlock ____________________________________________________ # long sys_munlock(unsigned long start, size_t len) -probe nd_syscall.munlock = kernel.function("sys_munlock") ? { +probe nd_syscall.munlock = kprobe.function("sys_munlock") ? +{ name = "munlock" - addr = $start - len = $len + // addr = $start + // len = $len + asmlinkage() + addr = ulong_arg(1) + len = ulong_arg(2) argstr = sprintf("%p, %d", addr, len) } -probe nd_syscall.munlock.return = kernel.function("sys_munlock").return ? { +probe nd_syscall.munlock.return = kprobe.function("sys_munlock").return ? +{ name = "munlock" retstr = returnstr(1) } # munlockall _________________________________________________ # long sys_munlockall(void) -probe nd_syscall.munlockall = kernel.function("sys_munlockall") ? { +probe nd_syscall.munlockall = kprobe.function("sys_munlockall") ? +{ name = "munlockall" argstr = "" } -probe nd_syscall.munlockall.return = kernel.function("sys_munlockall").return ? { +probe nd_syscall.munlockall.return = kprobe.function("sys_munlockall").return ? +{ name = "munlockall" retstr = returnstr(1) } # munmap _____________________________________________________ # long sys_munmap(unsigned long addr, size_t len) -probe nd_syscall.munmap = kernel.function("sys_munmap") { +probe nd_syscall.munmap = kprobe.function("sys_munmap") +{ name = "munmap" - start = $addr - length = $len + // start = $addr + // length = $len + asmlinkage() + start = ulong_arg(1) + length = ulong_arg(2) argstr = sprintf("%p, %d", start, length) } -probe nd_syscall.munmap.return = kernel.function("sys_munmap").return { +probe nd_syscall.munmap.return = kprobe.function("sys_munmap").return +{ name = "munmap" retstr = returnstr(1) } -- cgit From bad69f1da34100f1822d0ffe58866f78b46c325b Mon Sep 17 00:00:00 2001 From: Przemyslaw Pawelczyk Date: Tue, 19 May 2009 09:49:55 +0200 Subject: Correct misnamed variables in syscalls.stp. Rename variables accordingly to argument names used in man pages in syscall.(faccess|fchmod|fchown|link|mknod)at probe points. Signed-off-by: Josh Stone --- tapset/syscalls.stp | 60 ++++++++++++++++++++++++----------------------------- 1 file changed, 27 insertions(+), 33 deletions(-) (limited to 'tapset') diff --git a/tapset/syscalls.stp b/tapset/syscalls.stp index 0eaf84c8..1b042693 100644 --- a/tapset/syscalls.stp +++ b/tapset/syscalls.stp @@ -712,13 +712,12 @@ probe syscall.exit_group = kernel.function("SyS_exit_group") !, probe syscall.faccessat = kernel.function("SyS_faccessat") !, kernel.function("sys_faccessat") ? { name = "faccessat" - dfd = $dfd - dfd_str = _dfd_str($dfd) - filename = $filename - filename_str = user_string($filename) + dirfd = $dfd + dirfd_str = _dfd_str($dfd) + pathname = user_string($filename) mode = $mode mode_str = _access_mode_str($mode) - argstr = sprintf("%s, %s, %s", dfd_str, user_string_quoted($filename), mode_str) + argstr = sprintf("%s, %s, %s", dirfd_str, user_string_quoted($filename), mode_str) } probe syscall.faccessat.return = kernel.function("SyS_faccessat").return !, kernel.function("sys_faccessat").return ? { @@ -838,12 +837,11 @@ probe syscall.fchmod.return = kernel.function("SyS_fchmod").return !, probe syscall.fchmodat = kernel.function("SyS_fchmodat") !, kernel.function("sys_fchmodat") ? { name = "fchmodat" - dfd = $dfd - dfd_str = _dfd_str($dfd) - filename = $filename - filename_str = user_string($filename) + dirfd = $dfd + dirfd_str = _dfd_str($dfd) + pathname = user_string($filename) mode = $mode - argstr = sprintf("%s, %s, %#o", dfd_str, user_string_quoted($filename), $mode) + argstr = sprintf("%s, %s, %#o", dirfd_str, user_string_quoted($filename), $mode) } probe syscall.fchmodat.return = kernel.function("SyS_fchmodat").return !, kernel.function("sys_fchmodat").return ? { @@ -888,16 +886,15 @@ probe syscall.fchown16.return = kernel.function("sys_fchown16").return ? { probe syscall.fchownat = kernel.function("SyS_fchownat") !, kernel.function("sys_fchownat") ? { name = "fchownat" - dfd = $dfd - dfd_str = _dfd_str($dfd) - filename = $filename - filename_str = user_string($filename) - user = __int32($user) + dirfd = $dfd + dirfd_str = _dfd_str($dfd) + pathname = user_string($filename) + owner = __int32($user) group = __int32($group) - flag = $flag - flag_str = _at_flag_str($flag) + flags = $flag + flags_str = _at_flag_str($flag) argstr = sprintf("%s, %s, %d, %d, %s", - dfd_str, user_string_quoted($filename), user, group, flag_str) + dirfd_str, user_string_quoted($filename), owner, group, flags_str) } probe syscall.fchownat.return = kernel.function("SyS_fchownat").return !, kernel.function("sys_fchownat").return ? { @@ -2332,19 +2329,17 @@ probe syscall.link.return = kernel.function("SyS_link").return !, probe syscall.linkat = kernel.function("SyS_linkat") !, kernel.function("sys_linkat") ? { name = "linkat" - olddfd = $olddfd - olddfd_str = _dfd_str($olddfd) - oldname = $oldname - oldname_str = user_string($oldname) - newdfd = $newdfd - newdfd_str = _dfd_str($newdfd) - newname = $newname - newname_str = user_string($newname) + olddirfd = $olddfd + olddirfd_str = _dfd_str($olddfd) + oldpath = user_string($oldname) + newdirfd = $newdfd + newdirfd_str = _dfd_str($newdfd) + newpath = user_string($newname) flags = $flags flags_str = _at_flag_str($flags) argstr = sprintf("%s, %s, %s, %s, %s", - olddfd_str, user_string_quoted($oldname), - newdfd_str, user_string_quoted($newname), + olddirfd_str, user_string_quoted($oldname), + newdirfd_str, user_string_quoted($newname), flags_str) } probe syscall.linkat.return = kernel.function("SyS_linkat").return !, @@ -2720,15 +2715,14 @@ probe syscall.mknod.return = kernel.function("SyS_mknod").return !, probe syscall.mknodat = kernel.function("SyS_mknodat") !, kernel.function("sys_mknodat") ? { name = "mknodat" - dfd = $dfd - dfd_str = _dfd_str($dfd) - filename = $filename - filename_str = user_string($filename) + dirfd = $dfd + dirfd_str = _dfd_str($dfd) + pathname = user_string($filename) mode = $mode mode_str = _mknod_mode_str($mode) dev = $dev argstr = sprintf("%s, %s, %s, %p", - dfd_str, user_string_quoted($filename), mode_str, $dev) + dirfd_str, user_string_quoted($filename), mode_str, $dev) } probe syscall.mknodat.return = kernel.function("SyS_mknodat").return !, kernel.function("sys_mknodat").return ? { -- cgit From c0c1ccc66e32dcdf53983acbefb1c3a03eb1c2eb Mon Sep 17 00:00:00 2001 From: Przemyslaw Pawelczyk Date: Tue, 19 May 2009 13:04:29 +0200 Subject: Unify formatting of syscalls.stp and syscalls2.stp. Rules: - Specify probe points for aliases starting from the alias declaration line and with one probe point per line. - Use K&R indent style -- probe alias/point/function opening brace goes to the line following the declaration, other opening braces are kept on the same line as the control statements. - Indent using tabs. - Surround operators with spaces. - Put spaces after commas. - Avoid trailing whitespaces. Signed-off-by: Josh Stone --- tapset/syscalls.stp | 1153 +++++++++++++++++++++++++------------------- tapset/syscalls2.stp | 1313 +++++++++++++++++++++++++++++--------------------- 2 files changed, 1407 insertions(+), 1059 deletions(-) (limited to 'tapset') diff --git a/tapset/syscalls.stp b/tapset/syscalls.stp index 1b042693..6d7075d5 100644 --- a/tapset/syscalls.stp +++ b/tapset/syscalls.stp @@ -21,7 +21,7 @@ * braces are decoded structs. * * retstr - a string containing the return value in an easy-to-read format. -* Set in return probes only. +* Set in return probes only. */ @@ -29,7 +29,8 @@ # long sys_accept(int fd, struct sockaddr __user *upeer_sockaddr, # int __user *upeer_addrlen) probe syscall.accept = kernel.function("SyS_accept") !, - kernel.function("sys_accept") ? { + kernel.function("sys_accept") ? +{ name = "accept" sockfd = $fd addr_uaddr = $upeer_sockaddr @@ -37,7 +38,8 @@ probe syscall.accept = kernel.function("SyS_accept") !, argstr = sprintf("%d, %p, %p", $fd, $upeer_sockaddr, $upeer_addrlen) } probe syscall.accept.return = kernel.function("SyS_accept").return !, - kernel.function("sys_accept").return ? { + kernel.function("sys_accept").return ? +{ name = "accept" retstr = returnstr(1) } @@ -45,7 +47,8 @@ probe syscall.accept.return = kernel.function("SyS_accept").return !, # access _____________________________________________________ # long sys_access(const char __user * filename, int mode) probe syscall.access = kernel.function("SyS_access") !, - kernel.function("sys_access") { + kernel.function("sys_access") +{ name = "access" pathname = user_string($filename) mode = $mode @@ -53,19 +56,22 @@ probe syscall.access = kernel.function("SyS_access") !, argstr = sprintf("%s, %s", user_string_quoted($filename), mode_str) } probe syscall.access.return = kernel.function("SyS_access").return !, - kernel.function("sys_access").return { + kernel.function("sys_access").return +{ name = "access" retstr = returnstr(1) } # acct _______________________________________________________ # long sys_acct(const char __user *name) -probe syscall.acct = kernel.function("sys_acct") ? { +probe syscall.acct = kernel.function("sys_acct") ? +{ name = "acct" - filename = user_string($name) + filename = user_string($name) argstr = user_string_quoted($name) } -probe syscall.acct.return = kernel.function("sys_acct").return ? { +probe syscall.acct.return = kernel.function("sys_acct").return ? +{ name = "acct" retstr = returnstr(1) } @@ -78,21 +84,23 @@ probe syscall.acct.return = kernel.function("sys_acct").return ? { # key_serial_t ringid) # probe syscall.add_key = kernel.function("SyS_add_key") !, - kernel.function("sys_add_key") ? { + kernel.function("sys_add_key") ? +{ name = "add_key" type_uaddr = $_type description_auddr = $_description payload_uaddr = $_payload plen = $plen ringid = $ringid - argstr = sprintf("%s, %s, %s, %d, %d", - user_string_quoted($_type), - user_string_quoted($_description), - text_strn(user_string($_payload),syscall_string_trunc,1), - $plen, $ringid) + argstr = sprintf("%s, %s, %s, %d, %d", + user_string_quoted($_type), + user_string_quoted($_description), + text_strn(user_string($_payload), syscall_string_trunc, 1), + $plen, $ringid) } probe syscall.add_key.return = kernel.function("SyS_add_key").return !, - kernel.function("sys_add_key").return ? { + kernel.function("sys_add_key").return ? +{ name = "add_key" retstr = returnstr(1) } @@ -100,35 +108,39 @@ probe syscall.add_key.return = kernel.function("SyS_add_key").return !, # adjtimex ___________________________________________________ # long sys_adjtimex(struct timex __user *txc_p) probe syscall.adjtimex = kernel.function("SyS_adjtimex") !, - kernel.function("sys_adjtimex") { + kernel.function("sys_adjtimex") +{ name = "adjtimex" - + /* - * buf_offset = __uget_timex_m($txc_p,1) - * buf_freq = __uget_timex_m($txc_p,2) - * buf_maxerror = __uget_timex_m($txc_p,3) - * buf_esterror = __uget_timex_m($txc_p,4) - * buf_status = __uget_timex_m($txc_p,5) - * buf_constant = __uget_timex_m($txc_p,6) - * buf_precision = __uget_timex_m($txc_p,7) - * buf_tolerance = __uget_timex_m($txc_p,8) - * buf_time_tv_sec = __uget_timex_m($txc_p,9) - * buf_time_tv_usec = __uget_timex_m($txc_p,10) - * buf_tick = __uget_timex_m($txc_p,11) + * buf_offset = __uget_timex_m($txc_p, 1) + * buf_freq = __uget_timex_m($txc_p, 2) + * buf_maxerror = __uget_timex_m($txc_p, 3) + * buf_esterror = __uget_timex_m($txc_p, 4) + * buf_status = __uget_timex_m($txc_p, 5) + * buf_constant = __uget_timex_m($txc_p, 6) + * buf_precision = __uget_timex_m($txc_p, 7) + * buf_tolerance = __uget_timex_m($txc_p, 8) + * buf_time_tv_sec = __uget_timex_m($txc_p, 9) + * buf_time_tv_usec = __uget_timex_m($txc_p, 10) + * buf_tick = __uget_timex_m($txc_p, 11) */ argstr = sprintf("%p", $txc_p) } probe syscall.adjtimex.return = kernel.function("SyS_adjtimex").return !, - kernel.function("sys_adjtimex").return { + kernel.function("sys_adjtimex").return +{ name = "adjtimex" retstr = _adjtimex_return_str($return) } # long compat_sys_adjtimex(struct compat_timex __user *utp) -probe syscall.compat_adjtimex = kernel.function("compat_sys_adjtimex") ? { +probe syscall.compat_adjtimex = kernel.function("compat_sys_adjtimex") ? +{ name = "compat_adjtimex" argstr = sprintf("%p", $utp) } -probe syscall.compat_adjtimex.return = kernel.function("compat_sys_adjtimex").return ? { +probe syscall.compat_adjtimex.return = kernel.function("compat_sys_adjtimex").return ? +{ name = "compat_adjtimex" retstr = returnstr(1) } @@ -137,8 +149,7 @@ probe syscall.compat_adjtimex.return = kernel.function("compat_sys_adjtimex").re # unsigned long sys_alarm (unsigned int seconds) # long sys32_alarm(unsigned int seconds) # -probe syscall.alarm = - kernel.function("sys32_alarm") ?, +probe syscall.alarm = kernel.function("sys32_alarm") ?, kernel.function("SyS_alarm") !, kernel.function("sys_alarm") ? { @@ -146,8 +157,7 @@ probe syscall.alarm = seconds = $seconds argstr = sprint($seconds) } -probe syscall.alarm.return = - kernel.function("sys32_alarm").return ?, +probe syscall.alarm.return = kernel.function("sys32_alarm").return ?, kernel.function("SyS_alarm").return !, kernel.function("sys_alarm").return ? { @@ -156,20 +166,22 @@ probe syscall.alarm.return = } # bdflush ____________________________________________________ -# long sys_bdflush(int func,long data) +# long sys_bdflush(int func, long data) probe syscall.bdflush = kernel.function("SyS_bdflush") !, - kernel.function("sys_bdflush") ? { + kernel.function("sys_bdflush") ? +{ name = "bdflush" func = $func data = $data - if (($func>=2)&&($func%2==0)) - data_str = sprintf("%p", $data) - else - data_str = sprintf("%d", $data) - argstr = sprintf("%d, %s",func, data_str) + if (($func >= 2) && ($func % 2 == 0)) + data_str = sprintf("%p", $data) + else + data_str = sprintf("%d", $data) + argstr = sprintf("%d, %s", func, data_str) } probe syscall.bdflush.return = kernel.function("SyS_bdflush").return !, - kernel.function("sys_bdflush").return ? { + kernel.function("sys_bdflush").return ? +{ name = "bdflush" retstr = returnstr(1) } @@ -177,23 +189,24 @@ probe syscall.bdflush.return = kernel.function("SyS_bdflush").return !, # bind _______________________________________________________ # long sys_bind(int fd, struct sockaddr __user *umyaddr, int addrlen) probe syscall.bind = kernel.function("SyS_bind") !, - kernel.function("sys_bind") ? { + kernel.function("sys_bind") ? +{ name = "bind" sockfd = $fd my_addr_uaddr = $umyaddr addrlen = $addrlen - argstr = sprintf("%d, %s, %d", $fd, _struct_sockaddr_u($umyaddr,$addrlen),$addrlen) + argstr = sprintf("%d, %s, %d", $fd, _struct_sockaddr_u($umyaddr, $addrlen), $addrlen) } probe syscall.bind.return = kernel.function("SyS_bind").return !, - kernel.function("sys_bind").return ? { + kernel.function("sys_bind").return ? +{ name = "bind" retstr = returnstr(1) } # brk ________________________________________________________ # unsigned long sys_brk(unsigned long brk) -probe syscall.brk = - kernel.function("ia64_brk") ?, +probe syscall.brk = kernel.function("ia64_brk") ?, kernel.function("SyS_brk") !, kernel.function("sys_brk") { @@ -201,8 +214,7 @@ probe syscall.brk = brk = $brk argstr = sprintf("%p", brk) } -probe syscall.brk.return = - kernel.function("ia64_brk").return ?, +probe syscall.brk.return = kernel.function("ia64_brk").return ?, kernel.function("SyS_brk").return !, kernel.function("sys_brk").return { @@ -224,14 +236,16 @@ probe syscall.brk.return = */ # long sys_capget(cap_user_header_t header, cap_user_data_t dataptr) probe syscall.capget = kernel.function("SyS_capget") !, - kernel.function("sys_capget") { + kernel.function("sys_capget") +{ name = "capget" header_uaddr = $header data_uaddr = $dataptr argstr = sprintf("%p, %p", $header, $dataptr) } probe syscall.capget.return = kernel.function("SyS_capget").return !, - kernel.function("sys_capget").return { + kernel.function("sys_capget").return +{ name = "capget" retstr = returnstr(1) } @@ -249,14 +263,16 @@ probe syscall.capget.return = kernel.function("SyS_capget").return !, */ # long sys_capset(cap_user_header_t header, const cap_user_data_t data) probe syscall.capset = kernel.function("SyS_capset") !, - kernel.function("sys_capset") { + kernel.function("sys_capset") +{ name = "capset" header_uaddr = $header data_uaddr = $data argstr = sprintf("%p, %p", $header, $data) } probe syscall.capset.return = kernel.function("SyS_capset").return !, - kernel.function("sys_capset").return { + kernel.function("sys_capset").return +{ name = "capset" retstr = returnstr(1) } @@ -264,13 +280,15 @@ probe syscall.capset.return = kernel.function("SyS_capset").return !, # chdir ______________________________________________________ # long sys_chdir(const char __user * filename) probe syscall.chdir = kernel.function("SyS_chdir") !, - kernel.function("sys_chdir") { + kernel.function("sys_chdir") +{ name = "chdir" path = user_string($filename) argstr = user_string_quoted($filename) } probe syscall.chdir.return = kernel.function("SyS_chdir").return !, - kernel.function("sys_chdir").return { + kernel.function("sys_chdir").return +{ name = "chdir" retstr = returnstr(1) } @@ -278,14 +296,16 @@ probe syscall.chdir.return = kernel.function("SyS_chdir").return !, # chmod ______________________________________________________ # long sys_chmod(const char __user * filename, mode_t mode) probe syscall.chmod = kernel.function("SyS_chmod") !, - kernel.function("sys_chmod") { + kernel.function("sys_chmod") +{ name = "chmod" path = user_string($filename) mode = $mode argstr = sprintf("%s, %#o", user_string_quoted($filename), mode) } probe syscall.chmod.return = kernel.function("SyS_chmod").return !, - kernel.function("sys_chmod").return { + kernel.function("sys_chmod").return +{ name = "chmod" retstr = returnstr(1) } @@ -293,30 +313,34 @@ probe syscall.chmod.return = kernel.function("SyS_chmod").return !, # chown ______________________________________________________ # long sys_chown(const char __user * filename, uid_t user, gid_t group) probe syscall.chown = kernel.function("SyS_chown") !, - kernel.function("sys_chown") { + kernel.function("sys_chown") +{ name = "chown" path = user_string($filename) owner = __int32($user) group = __int32($group) - argstr = sprintf("%s, %d, %d",user_string_quoted($filename), owner, group) + argstr = sprintf("%s, %d, %d", user_string_quoted($filename), owner, group) } probe syscall.chown.return = kernel.function("SyS_chown").return !, - kernel.function("sys_chown").return { + kernel.function("sys_chown").return +{ name = "chown" retstr = returnstr(1) } # chown16 ___________________________________________________ -# long sys_chown16(const char __user * filename, old_uid_t user, +# long sys_chown16(const char __user * filename, old_uid_t user, # old_gid_t group) # -probe syscall.chown16 = kernel.function("sys_chown16") ? { +probe syscall.chown16 = kernel.function("sys_chown16") ? +{ name = "chown16" path = user_string($filename) owner = __short($user) group = __short($group) argstr = sprintf("%s, %d, %d", user_string_quoted($filename), owner, group) } -probe syscall.chown16.return = kernel.function("sys_chown16").return ? { +probe syscall.chown16.return = kernel.function("sys_chown16").return ? +{ name = "chown16" retstr = returnstr(1) } @@ -324,13 +348,15 @@ probe syscall.chown16.return = kernel.function("sys_chown16").return ? { # chroot _____________________________________________________ # long sys_chroot(const char __user * filename) probe syscall.chroot = kernel.function("SyS_chroot") !, - kernel.function("sys_chroot") { + kernel.function("sys_chroot") +{ name = "chroot" path = user_string($filename) argstr = user_string_quoted($filename) } probe syscall.chroot.return = kernel.function("SyS_chroot").return !, - kernel.function("sys_chroot").return { + kernel.function("sys_chroot").return +{ name = "chroot" retstr = returnstr(1) } @@ -338,9 +364,8 @@ probe syscall.chroot.return = kernel.function("SyS_chroot").return !, # clock_getres _______________________________________________ # long sys_clock_getres(clockid_t which_clock, struct timespec __user *tp) # long compat_clock_getres(clockid_t which_clock, struct compat_timespec __user *tp) -# -probe syscall.clock_getres = - kernel.function("compat_clock_getres") ?, +# +probe syscall.clock_getres = kernel.function("compat_clock_getres") ?, kernel.function("SyS_clock_getres") !, kernel.function("sys_clock_getres") { @@ -350,8 +375,7 @@ probe syscall.clock_getres = res_uaddr = $tp argstr = sprintf("%s, %p", _get_wc_str($which_clock), $tp) } -probe syscall.clock_getres.return = - kernel.function("compat_clock_getres").return ?, +probe syscall.clock_getres.return = kernel.function("compat_clock_getres").return ?, kernel.function("SyS_clock_getres").return !, kernel.function("sys_clock_getres").return { @@ -362,8 +386,7 @@ probe syscall.clock_getres.return = # clock_gettime ______________________________________________ # long sys_clock_gettime(clockid_t which_clock, struct timespec __user *tp) # -probe syscall.clock_gettime = - kernel.function("SyS_clock_gettime") !, +probe syscall.clock_gettime = kernel.function("SyS_clock_gettime") !, kernel.function("sys_clock_gettime") { name = "clock_gettime" @@ -371,8 +394,7 @@ probe syscall.clock_gettime = clk_id_str = _get_wc_str($which_clock) argstr = sprintf("%s, %p", _get_wc_str($which_clock), $tp) } -probe syscall.clock_gettime.return = - kernel.function("SyS_clock_gettime").return !, +probe syscall.clock_gettime.return = kernel.function("SyS_clock_gettime").return !, kernel.function("sys_clock_gettime").return { name = "clock_gettime" @@ -386,18 +408,19 @@ probe syscall.clock_gettime.return = # struct timespec __user *rmtp) # probe syscall.clock_nanosleep = kernel.function("SyS_clock_nanosleep") !, - kernel.function("sys_clock_nanosleep") { + kernel.function("sys_clock_nanosleep") +{ name = "clock_nanosleep" if ($flags == 1) flag_str = "TIMER_ABSTIME" else flag_str = sprintf("0x%x", $flags) argstr = sprintf("%s, %s, %s, %p", _get_wc_str($which_clock), flag_str, - _struct_timespec_u($rqtp,1), $rmtp) + _struct_timespec_u($rqtp, 1), $rmtp) } -probe syscall.clock_nanosleep.return = - kernel.function("SyS_clock_nanosleep").return !, - kernel.function("sys_clock_nanosleep").return { +probe syscall.clock_nanosleep.return = kernel.function("SyS_clock_nanosleep").return !, + kernel.function("sys_clock_nanosleep").return +{ name = "clock_nanosleep" retstr = returnstr(1) } @@ -407,8 +430,7 @@ probe syscall.clock_nanosleep.return = # struct compat_timespec __user *rqtp, # struct compat_timespec __user *rmtp) # -probe syscall.compat_clock_nanosleep = - kernel.function("compat_clock_nanosleep") ?, +probe syscall.compat_clock_nanosleep = kernel.function("compat_clock_nanosleep") ?, kernel.function("compat_sys_clock_nanosleep") ? { name = "compat_clock_nanosleep" @@ -417,10 +439,9 @@ probe syscall.compat_clock_nanosleep = else flag_str = sprintf("0x%x", $flags) argstr = sprintf("%s, %s, %s, %p", _get_wc_str($which_clock), flag_str, - _struct_compat_timespec_u($rqtp,1), $rmtp) + _struct_compat_timespec_u($rqtp, 1), $rmtp) } -probe syscall.compat_clock_nanosleep.return = - kernel.function("compat_clock_nanosleep").return ?, +probe syscall.compat_clock_nanosleep.return = kernel.function("compat_clock_nanosleep").return ?, kernel.function("compat_sys_clock_nanosleep").return ? { name = "compat_clock_nanosleep" @@ -432,15 +453,17 @@ probe syscall.compat_clock_nanosleep.return = # const struct timespec __user *tp) # probe syscall.clock_settime = kernel.function("SyS_clock_settime") !, - kernel.function("sys_clock_settime") { + kernel.function("sys_clock_settime") +{ name = "clock_settime" clk_id = $which_clock clk_id_str = _get_wc_str($which_clock) tp_uaddr = $tp - argstr = sprintf("%s, %s", clk_id_str, _struct_timespec_u($tp,1)) + argstr = sprintf("%s, %s", clk_id_str, _struct_timespec_u($tp, 1)) } probe syscall.clock_settime.return = kernel.function("SyS_clock_settime").return !, - kernel.function("sys_clock_settime").return { + kernel.function("sys_clock_settime").return +{ name = "clock_settime" retstr = returnstr(1) } @@ -448,28 +471,32 @@ probe syscall.clock_settime.return = kernel.function("SyS_clock_settime").return # close ______________________________________________________ # long sys_close(unsigned int fd) probe syscall.close = kernel.function("SyS_close") !, - kernel.function("sys_close") { + kernel.function("sys_close") +{ name = "close" fd = $fd argstr = sprint(fd) } probe syscall.close.return = kernel.function("SyS_close").return !, - kernel.function("sys_close").return { + kernel.function("sys_close").return +{ name = "close" retstr = returnstr(1) } # connect ____________________________________________________ # long sys_connect(int fd, struct sockaddr __user *uservaddr, int addrlen) probe syscall.connect = kernel.function("SyS_connect") !, - kernel.function("sys_connect") ? { + kernel.function("sys_connect") ? +{ name = "connect" sockfd = $fd serv_addr_uaddr = $uservaddr addrlen = $addrlen - argstr = sprintf("%d, %s, %d", $fd, _struct_sockaddr_u($uservaddr,$addrlen),$addrlen) + argstr = sprintf("%d, %s, %d", $fd, _struct_sockaddr_u($uservaddr, $addrlen), $addrlen) } probe syscall.connect.return = kernel.function("SyS_connect").return !, - kernel.function("sys_connect").return ? { + kernel.function("sys_connect").return ? +{ name = "connect" retstr = returnstr(1) } @@ -494,14 +521,16 @@ probe syscall.creat.return = kernel.function("SyS_creat").return !, # delete_module ______________________________________________ # long sys_delete_module(const char __user *name_user, unsigned int flags) probe syscall.delete_module = kernel.function("SyS_delete_module") !, - kernel.function("sys_delete_module") ? { + kernel.function("sys_delete_module") ? +{ name = "delete_module" name_user = user_string($name_user) flags = $flags argstr = sprintf("%s, %s", user_string_quoted($name_user), _module_flags_str($flags)) } probe syscall.delete_module.return = kernel.function("SyS_delete_module").return !, - kernel.function("sys_delete_module").return ? { + kernel.function("sys_delete_module").return ? +{ name = "delete_module" retstr = returnstr(1) } @@ -509,13 +538,15 @@ probe syscall.delete_module.return = kernel.function("SyS_delete_module").return # dup ________________________________________________________ # long sys_dup(unsigned int fildes) probe syscall.dup = kernel.function("SyS_dup") !, - kernel.function("sys_dup") { + kernel.function("sys_dup") +{ name = "dup" oldfd = $fildes argstr = sprint($fildes) } probe syscall.dup.return = kernel.function("SyS_dup").return !, - kernel.function("sys_dup").return { + kernel.function("sys_dup").return +{ name = "dup" retstr = returnstr(1) } @@ -523,14 +554,16 @@ probe syscall.dup.return = kernel.function("SyS_dup").return !, # dup2 _______________________________________________________ # long sys_dup2(unsigned int oldfd, unsigned int newfd) probe syscall.dup2 = kernel.function("SyS_dup2") !, - kernel.function("sys_dup2") { + kernel.function("sys_dup2") +{ name = "dup2" oldfd = $oldfd newfd = $newfd argstr = sprintf("%d, %d", $oldfd, $newfd) } probe syscall.dup2.return = kernel.function("SyS_dup2").return !, - kernel.function("sys_dup2").return { + kernel.function("sys_dup2").return +{ name = "dup2" retstr = returnstr(1) } @@ -538,14 +571,15 @@ probe syscall.dup2.return = kernel.function("SyS_dup2").return !, # epoll_create _______________________________________________ # long sys_epoll_create(int size) probe syscall.epoll_create = kernel.function("SyS_epoll_create") !, - kernel.function("sys_epoll_create") ? { + kernel.function("sys_epoll_create") ? +{ name = "epoll_create" size = $size argstr = sprint($size) } -probe syscall.epoll_create.return = - kernel.function("SyS_epoll_create").return !, - kernel.function("sys_epoll_create").return ? { +probe syscall.epoll_create.return = kernel.function("SyS_epoll_create").return !, + kernel.function("sys_epoll_create").return ? +{ name = "epoll_create" retstr = returnstr(1) } @@ -556,8 +590,7 @@ probe syscall.epoll_create.return = # long compat_sys_epoll_ctl(int epfd, int op, int fd, # struct compat_epoll_event __user *event) # -probe syscall.epoll_ctl = - kernel.function("compat_sys_epoll_ctl") ?, +probe syscall.epoll_ctl = kernel.function("compat_sys_epoll_ctl") ?, kernel.function("SyS_epoll_ctl") !, kernel.function("sys_epoll_ctl") ? { @@ -569,8 +602,7 @@ probe syscall.epoll_ctl = event_uaddr = $event argstr = sprintf("%d, %s, %d, %p", $epfd, _opoll_op_str($op), $fd, $event) } -probe syscall.epoll_ctl.return = - kernel.function("compat_sys_epoll_ctl").return ?, +probe syscall.epoll_ctl.return = kernel.function("compat_sys_epoll_ctl").return ?, kernel.function("SyS_epoll_ctl").return !, kernel.function("sys_epoll_ctl").return ? { @@ -589,8 +621,7 @@ probe syscall.epoll_ctl.return = # const compat_sigset_t __user *sigmask, # compat_size_t sigsetsize) # -probe syscall.epoll_pwait = - kernel.function("compat_sys_epoll_pwait") ?, +probe syscall.epoll_pwait = kernel.function("compat_sys_epoll_pwait") ?, kernel.function("SyS_epoll_pwait") !, kernel.function("sys_epoll_pwait") ? { @@ -598,8 +629,7 @@ probe syscall.epoll_pwait = argstr = sprintf("%d, %p, %d, %d, %p, %d", $epfd, $events, $maxevents, $timeout, $sigmask, $sigsetsize) } -probe syscall.epoll_pwait.return = - kernel.function("compat_sys_epoll_pwait").return ?, +probe syscall.epoll_pwait.return = kernel.function("compat_sys_epoll_pwait").return ?, kernel.function("SyS_epoll_pwait").return !, kernel.function("sys_epoll_pwait").return ? { @@ -615,8 +645,7 @@ probe syscall.epoll_pwait.return = # struct compat_epoll_event __user *events, # int maxevents, int timeout) # -probe syscall.epoll_wait = - kernel.function("compat_sys_epoll_wait") ?, +probe syscall.epoll_wait = kernel.function("compat_sys_epoll_wait") ?, kernel.function("SyS_epoll_wait") !, kernel.function("sys_epoll_wait") ? { @@ -627,8 +656,7 @@ probe syscall.epoll_wait = timeout = $timeout argstr = sprintf("%d, %p, %d, %d", $epfd, $events, $maxevents, $timeout) } -probe syscall.epoll_wait.return = - kernel.function("compat_sys_epoll_wait").return ?, +probe syscall.epoll_wait.return = kernel.function("compat_sys_epoll_wait").return ?, kernel.function("SyS_epoll_wait").return !, kernel.function("sys_epoll_wait").return ? { @@ -640,12 +668,14 @@ probe syscall.epoll_wait.return = # long sys_eventfd(unsigned int count) # probe syscall.eventfd = kernel.function("SyS_eventfd") !, - kernel.function("sys_eventfd") ? { + kernel.function("sys_eventfd") ? +{ name = "eventfd" argstr = sprint($count) } probe syscall.eventfd.return = kernel.function("SyS_eventfd").return !, - kernel.function("sys_eventfd").return ? { + kernel.function("sys_eventfd").return ? +{ name = "eventfd" retstr = returnstr(1) } @@ -657,7 +687,8 @@ probe syscall.eventfd.return = kernel.function("SyS_eventfd").return !, # char __user *__user *argv, # char __user *__user *envp, # struct pt_regs * regs) -probe syscall.execve = kernel.function("do_execve") { +probe syscall.execve = kernel.function("do_execve") +{ name = "execve" filename = kernel_string($filename) args = __get_argv($argv, 0) @@ -665,7 +696,8 @@ probe syscall.execve = kernel.function("do_execve") { } # v2.6.15-rc2 or earlier has problems with sys_execve return probes # another reason to probe on do_execve -probe syscall.execve.return = kernel.function("do_execve").return { +probe syscall.execve.return = kernel.function("do_execve").return +{ name = "execve" retstr = returnstr(1) } @@ -673,20 +705,23 @@ probe syscall.execve.return = kernel.function("do_execve").return { # compat_uptr_t __user *argv, # compat_uptr_t __user *envp, # struct pt_regs * regs) -probe syscall.compat_execve = kernel.function("compat_do_execve") ? { +probe syscall.compat_execve = kernel.function("compat_do_execve") ? +{ name = "compat_execve" filename = kernel_string($filename) args = __get_compat_argv($argv, 0) argstr = sprintf("%s %s", filename, __get_compat_argv($argv, 1)) } -probe syscall.compat_execve.return = kernel.function("compat_do_execve").return ? { +probe syscall.compat_execve.return = kernel.function("compat_do_execve").return ? +{ name = "compat_execve" retstr = returnstr(1) } # exit _______________________________________________________ # long sys_exit(int error_code) -probe syscall.exit = kernel.function("do_exit") { +probe syscall.exit = kernel.function("do_exit") +{ name = "exit" status = $code argstr = sprint($code) @@ -698,7 +733,8 @@ probe syscall.exit = kernel.function("do_exit") { # void sys_exit_group(int error_code) # probe syscall.exit_group = kernel.function("SyS_exit_group") !, - kernel.function("sys_exit_group") { + kernel.function("sys_exit_group") +{ name = "exit_group" status = $error_code argstr = sprint($error_code) @@ -710,7 +746,8 @@ probe syscall.exit_group = kernel.function("SyS_exit_group") !, # new function with 2.6.16 # long sys_faccessat(int dfd, const char __user *filename, int mode) probe syscall.faccessat = kernel.function("SyS_faccessat") !, - kernel.function("sys_faccessat") ? { + kernel.function("sys_faccessat") ? +{ name = "faccessat" dirfd = $dfd dirfd_str = _dfd_str($dfd) @@ -720,7 +757,8 @@ probe syscall.faccessat = kernel.function("SyS_faccessat") !, argstr = sprintf("%s, %s, %s", dirfd_str, user_string_quoted($filename), mode_str) } probe syscall.faccessat.return = kernel.function("SyS_faccessat").return !, - kernel.function("sys_faccessat").return ? { + kernel.function("sys_faccessat").return ? +{ name = "faccessat" retstr = returnstr(1) } @@ -730,7 +768,8 @@ probe syscall.faccessat.return = kernel.function("SyS_faccessat").return !, # long sys_fadvise64(int fd, loff_t offset, size_t len, int advice) # probe syscall.fadvise64 = kernel.function("SyS_fadvise64") !, - kernel.function("sys_fadvise64") ? { + kernel.function("sys_fadvise64") ? +{ name = "fadvise64" fd = $fd offset = $offset @@ -739,7 +778,8 @@ probe syscall.fadvise64 = kernel.function("SyS_fadvise64") !, argstr = sprintf("%d, %d, %d, %s", $fd, $offset, $len, _fadvice_advice_str($advice)) } probe syscall.fadvise64.return = kernel.function("SyS_fadvise64").return !, - kernel.function("sys_fadvise64").return ? { + kernel.function("sys_fadvise64").return ? +{ name = "fadvise64" retstr = returnstr(1) } @@ -748,7 +788,8 @@ probe syscall.fadvise64.return = kernel.function("SyS_fadvise64").return !, # long sys_fadvise64_64(int fd, loff_t offset, loff_t len, int advice) # probe syscall.fadvise64_64 = kernel.function("SyS_fadvise64_64") !, - kernel.function("sys_fadvise64_64") ? { + kernel.function("sys_fadvise64_64") ? +{ name = "fadvise64_64" fd = $fd offset = $offset @@ -757,7 +798,8 @@ probe syscall.fadvise64_64 = kernel.function("SyS_fadvise64_64") !, argstr = sprintf("%d, %d, %d, %s", $fd, $offset, $len, _fadvice_advice_str($advice)) } probe syscall.fadvise64_64.return = kernel.function("SyS_fadvise64_64").return !, - kernel.function("sys_fadvise64_64").return ? { + kernel.function("sys_fadvise64_64").return ? +{ name = "fadvise64_64" retstr = returnstr(1) } @@ -768,7 +810,8 @@ probe syscall.fadvise64_64.return = kernel.function("SyS_fadvise64_64").return ! # long sys_fadvise64(int fd, loff_t offset, size_t len, int advice) # probe syscall.fadvise64 = kernel.function("SyS_fadvise64") !, - kernel.function("sys_fadvise64") { + kernel.function("sys_fadvise64") +{ name = "fadvise64" fd = 0 offset = 0 @@ -777,7 +820,8 @@ probe syscall.fadvise64 = kernel.function("SyS_fadvise64") !, argstr = "" } probe syscall.fadvise64.return = kernel.function("SyS_fadvise64").return !, - kernel.function("sys_fadvise64").return { + kernel.function("sys_fadvise64").return +{ name = "fadvise64" retstr = returnstr(1) } @@ -786,7 +830,8 @@ probe syscall.fadvise64.return = kernel.function("SyS_fadvise64").return !, # long sys_fadvise64_64(int fd, loff_t offset, loff_t len, int advice) # probe syscall.fadvise64_64 = kernel.function("SyS_fadvise64_64") !, - kernel.function("sys_fadvise64_64") { + kernel.function("sys_fadvise64_64") +{ name = "fadvise64_64" fd = 0 offset = 0 @@ -795,7 +840,8 @@ probe syscall.fadvise64_64 = kernel.function("SyS_fadvise64_64") !, argstr = "" } probe syscall.fadvise64_64.return = kernel.function("SyS_fadvise64_64").return !, - kernel.function("sys_fadvise64_64").return { + kernel.function("sys_fadvise64_64").return +{ name = "fadvise64_64" retstr = returnstr(1) } @@ -804,13 +850,15 @@ probe syscall.fadvise64_64.return = kernel.function("SyS_fadvise64_64").return ! # fchdir _____________________________________________________ # long sys_fchdir(unsigned int fd) probe syscall.fchdir = kernel.function("SyS_fchdir") !, - kernel.function("sys_fchdir") { + kernel.function("sys_fchdir") +{ name = "fchdir" fd = $fd argstr = sprint($fd) } probe syscall.fchdir.return = kernel.function("SyS_fchdir").return !, - kernel.function("sys_fchdir").return { + kernel.function("sys_fchdir").return +{ name = "fchdir" retstr = returnstr(1) } @@ -818,14 +866,16 @@ probe syscall.fchdir.return = kernel.function("SyS_fchdir").return !, # fchmod _____________________________________________________ # long sys_fchmod(unsigned int fd, mode_t mode) probe syscall.fchmod = kernel.function("SyS_fchmod") !, - kernel.function("sys_fchmod") { + kernel.function("sys_fchmod") +{ name = "fchmod" fildes = $fd mode = $mode argstr = sprintf("%d, %#o", $fd, $mode) } probe syscall.fchmod.return = kernel.function("SyS_fchmod").return !, - kernel.function("sys_fchmod").return { + kernel.function("sys_fchmod").return +{ name = "fchmod" retstr = returnstr(1) } @@ -835,7 +885,8 @@ probe syscall.fchmod.return = kernel.function("SyS_fchmod").return !, # long sys_fchmodat(int dfd, const char __user *filename, # mode_t mode) probe syscall.fchmodat = kernel.function("SyS_fchmodat") !, - kernel.function("sys_fchmodat") ? { + kernel.function("sys_fchmodat") ? +{ name = "fchmodat" dirfd = $dfd dirfd_str = _dfd_str($dfd) @@ -844,7 +895,8 @@ probe syscall.fchmodat = kernel.function("SyS_fchmodat") !, argstr = sprintf("%s, %s, %#o", dirfd_str, user_string_quoted($filename), $mode) } probe syscall.fchmodat.return = kernel.function("SyS_fchmodat").return !, - kernel.function("sys_fchmodat").return ? { + kernel.function("sys_fchmodat").return ? +{ name = "fchmodat" retstr = returnstr(1) } @@ -852,29 +904,33 @@ probe syscall.fchmodat.return = kernel.function("SyS_fchmodat").return !, # fchown _____________________________________________________ # long sys_fchown(unsigned int fd, uid_t user, gid_t group) probe syscall.fchown = kernel.function("SyS_fchown") !, - kernel.function("sys_fchown") { + kernel.function("sys_fchown") +{ name = "fchown" fd = $fd owner = __int32($user) group = __int32($group) - argstr = sprintf("%d, %d, %d", $fd, owner, group) + argstr = sprintf("%d, %d, %d", $fd, owner, group) } probe syscall.fchown.return = kernel.function("SyS_fchown").return !, - kernel.function("sys_fchown").return { + kernel.function("sys_fchown").return +{ name = "fchown" retstr = returnstr(1) } # fchown16 ___________________________________________________ # long sys_fchown16(unsigned int fd, old_uid_t user, old_gid_t group) -probe syscall.fchown16 = kernel.function("sys_fchown16") ? { +probe syscall.fchown16 = kernel.function("sys_fchown16") ? +{ name = "fchown16" fd = $fd owner = __short($user) group = __short($group) argstr = sprintf("%d, %d, %d", $fd, owner, group) } -probe syscall.fchown16.return = kernel.function("sys_fchown16").return ? { +probe syscall.fchown16.return = kernel.function("sys_fchown16").return ? +{ name = "fchown16" retstr = returnstr(1) } @@ -884,7 +940,8 @@ probe syscall.fchown16.return = kernel.function("sys_fchown16").return ? { # long sys_fchownat(int dfd, const char __user *filename, # uid_t user, gid_t group, int flag) probe syscall.fchownat = kernel.function("SyS_fchownat") !, - kernel.function("sys_fchownat") ? { + kernel.function("sys_fchownat") ? +{ name = "fchownat" dirfd = $dfd dirfd_str = _dfd_str($dfd) @@ -897,7 +954,8 @@ probe syscall.fchownat = kernel.function("SyS_fchownat") !, dirfd_str, user_string_quoted($filename), owner, group, flags_str) } probe syscall.fchownat.return = kernel.function("SyS_fchownat").return !, - kernel.function("sys_fchownat").return ? { + kernel.function("sys_fchownat").return ? +{ name = "fchownat" retstr = returnstr(1) } @@ -908,8 +966,7 @@ probe syscall.fchownat.return = kernel.function("SyS_fchownat").return !, # long compat_sys_fcntl64(unsigned int fd, unsigned int cmd, unsigned long arg) # long compat_sys_fcntl(unsigned int fd, unsigned int cmd, unsigned long arg) # -probe syscall.fcntl = - kernel.function("compat_sys_fcntl") ?, +probe syscall.fcntl = kernel.function("compat_sys_fcntl") ?, kernel.function("compat_sys_fcntl64") ?, kernel.function("sys_fcntl64") ?, kernel.function("SyS_fcntl") !, @@ -919,11 +976,10 @@ probe syscall.fcntl = fd = $fd cmd = $cmd cmd_str = _fcntl_cmd_str($cmd) - arg = $arg + arg = $arg argstr = sprintf("%d, %s, %p", $fd, _fcntl_cmd_str($cmd), $arg) } -probe syscall.fcntl.return = - kernel.function("compat_sys_fcntl").return ?, +probe syscall.fcntl.return = kernel.function("compat_sys_fcntl").return ?, kernel.function("compat_sys_fcntl64").return ?, kernel.function("sys_fcntl64").return ?, kernel.function("SyS_fcntl").return !, @@ -936,13 +992,15 @@ probe syscall.fcntl.return = # fdatasync __________________________________________________ # long sys_fdatasync(unsigned int fd) probe syscall.fdatasync = kernel.function("SyS_fdatasync") !, - kernel.function("sys_fdatasync") { + kernel.function("sys_fdatasync") +{ name = "fdatasync" fd = $fd argstr = sprint(fd) } probe syscall.fdatasync.return = kernel.function("SyS_fdatasync").return !, - kernel.function("sys_fdatasync").return { + kernel.function("sys_fdatasync").return +{ name = "fdatasync" retstr = returnstr(1) } @@ -951,7 +1009,8 @@ probe syscall.fdatasync.return = kernel.function("SyS_fdatasync").return !, # ssize_t sys_fgetxattr(int fd, char __user *name, # void __user *value, size_t size) probe syscall.fgetxattr = kernel.function("SyS_fgetxattr") !, - kernel.function("sys_fgetxattr") { + kernel.function("sys_fgetxattr") +{ name = "fgetxattr" filedes = $fd #FIXME @@ -961,14 +1020,16 @@ probe syscall.fgetxattr = kernel.function("SyS_fgetxattr") !, argstr = sprintf("%d, %s, %p, %d", filedes, user_string_quoted($name), value_uaddr, size) } probe syscall.fgetxattr.return = kernel.function("SyS_fgetxattr").return !, - kernel.function("sys_fgetxattr").return { + kernel.function("sys_fgetxattr").return +{ name = "fgetxattr" retstr = returnstr(1) } # flistxattr _________________________________________________ # ssize_t sys_flistxattr(int fd, char __user *list, size_t size) probe syscall.flistxattr = kernel.function("SyS_flistxattr") !, - kernel.function("sys_flistxattr") { + kernel.function("sys_flistxattr") +{ name = "flistxattr" filedes = $fd list_uaddr = $list @@ -976,7 +1037,8 @@ probe syscall.flistxattr = kernel.function("SyS_flistxattr") !, argstr = sprintf("%d, %p, %d", filedes, list_uaddr, size) } probe syscall.flistxattr.return = kernel.function("SyS_flistxattr").return !, - kernel.function("sys_flistxattr").return { + kernel.function("sys_flistxattr").return +{ name = "flistxattr" retstr = returnstr(1) } @@ -984,19 +1046,22 @@ probe syscall.flistxattr.return = kernel.function("SyS_flistxattr").return !, # flock ______________________________________________________ # long sys_flock(unsigned int fd, unsigned int cmd) probe syscall.flock = kernel.function("SyS_flock") !, - kernel.function("sys_flock") { + kernel.function("sys_flock") +{ name = "flock" fd = $fd operation = $cmd argstr = sprintf("%d, %s", fd, _flock_cmd_str(operation)) } probe syscall.flock.return = kernel.function("SyS_flock").return !, - kernel.function("sys_flock").return { + kernel.function("sys_flock").return +{ name = "flock" retstr = returnstr(1) } -function __is_user_regs:long (regs:long) %{ /* pure */ +function __is_user_regs:long (regs:long) /* pure */ +%{ struct pt_regs * regs = (void *)((unsigned long)THIS->regs); /* copied from asm/ptrace.h */ #if defined(__i386__) @@ -1034,17 +1099,18 @@ CATCH_DEREF_FAULT(); # unsigned long stack_size, # int __user *parent_tidptr, # int __user *child_tidptr) -probe syscall.fork = kernel.function("do_fork") { +probe syscall.fork = kernel.function("do_fork") +{ clone_flags = $clone_flags stack_start = $stack_start regs = $regs stack_size = $stack_size parent_tid_uaddr = $parent_tidptr child_tid_uaddr = $child_tidptr - + if (!__is_user_regs(regs)) { name = "fork_kernel_thread" - argstr = __fork_flags(clone_flags) + argstr = __fork_flags(clone_flags) } else if (clone_flags & 17) name = "fork" else if (clone_flags & 0x4000) @@ -1054,21 +1120,24 @@ probe syscall.fork = kernel.function("do_fork") { argstr = __fork_flags(clone_flags) } } -probe syscall.fork.return = kernel.function("do_fork").return { +probe syscall.fork.return = kernel.function("do_fork").return +{ name = "fork" retstr = returnstr(1) } # fremovexattr _______________________________________________ # long sys_fremovexattr(int fd, char __user *name) probe syscall.fremovexattr = kernel.function("SyS_fremovexattr") !, - kernel.function("sys_fremovexattr") { + kernel.function("sys_fremovexattr") +{ name = "fremovexattr" filedes = $fd name_uaddr = $name argstr = sprintf("FIXME PLEASE") } probe syscall.fremovexattr.return = kernel.function("SyS_fremovexattr").return !, - kernel.function("sys_fremovexattr").return { + kernel.function("sys_fremovexattr").return +{ name = "fremovexattr" retstr = returnstr(1) } @@ -1083,7 +1152,8 @@ probe syscall.fremovexattr.return = kernel.function("SyS_fremovexattr").return ! * int flags) */ probe syscall.fsetxattr = kernel.function("SyS_fsetxattr") !, - kernel.function("sys_fsetxattr") { + kernel.function("sys_fsetxattr") +{ name = "fsetxattr" filedes = $fd # FIXME @@ -1094,7 +1164,8 @@ probe syscall.fsetxattr = kernel.function("SyS_fsetxattr") !, argstr = sprintf("%d, %s, %p, %d, %p", filedes, user_string_quoted($name), value_uaddr, size, flags) } probe syscall.fsetxattr.return = kernel.function("SyS_fsetxattr").return !, - kernel.function("sys_fsetxattr").return { + kernel.function("sys_fsetxattr").return +{ name = "fsetxattr" retstr = returnstr(1) } @@ -1108,8 +1179,7 @@ probe syscall.fsetxattr.return = kernel.function("SyS_fsetxattr").return !, # struct oldabi_stat64 __user * statbuf) # long compat_sys_newfstat(unsigned int fd, struct compat_stat __user * statbuf) # -probe syscall.fstat = - kernel.function("sys_fstat") ?, +probe syscall.fstat = kernel.function("sys_fstat") ?, kernel.function("SyS_fstat64") ?, kernel.function("sys_fstat64") ?, kernel.function("sys32_fstat64") ?, @@ -1123,8 +1193,7 @@ probe syscall.fstat = buf_uaddr = $statbuf argstr = sprintf("%d, %p", $fd, $statbuf) } -probe syscall.fstat.return = - kernel.function("sys_fstat").return ?, +probe syscall.fstat.return = kernel.function("sys_fstat").return ?, kernel.function("SyS_fstat64").return ?, kernel.function("sys_fstat64").return ?, kernel.function("sys32_fstat64").return ?, @@ -1142,9 +1211,8 @@ probe syscall.fstat.return = # long sys_newfstatat(int dfd, char __user *filename, struct stat __user *statbuf, int flag) # long sys_fstatat64(int dfd, char __user *filename, struct stat64 __user *statbuf, int flag) # long compat_sys_newfstatat(unsigned int dfd, char __user *filename, struct compat_stat __user *statbuf, int flag) -probe syscall.fstatat = - kernel.function("SyS_fstatat64") ?, - kernel.function("sys_fstatat64") ?, +probe syscall.fstatat = kernel.function("SyS_fstatat64") ?, + kernel.function("sys_fstatat64") ?, kernel.function("SyS_newfstatat") ?, kernel.function("sys_newfstatat") ?, kernel.function("compat_sys_newfstatat") ?, @@ -1156,9 +1224,8 @@ probe syscall.fstatat = buf_uaddr = $statbuf argstr = sprintf("%s, %s, %p, %s", _dfd_str($dfd), user_string_quoted($filename), $statbuf, _at_flag_str($flag)) } -probe syscall.fstatat.return = - kernel.function("SyS_fstatat64").return ?, - kernel.function("sys_fstatat64").return ?, +probe syscall.fstatat.return = kernel.function("SyS_fstatat64").return ?, + kernel.function("sys_fstatat64").return ?, kernel.function("SyS_newfstatat").return ?, kernel.function("sys_newfstatat").return ?, kernel.function("compat_sys_newfstatat").return ?, @@ -1172,8 +1239,7 @@ probe syscall.fstatat.return = # long sys_fstatfs(unsigned int fd, struct statfs __user * buf) # long compat_sys_fstatfs(unsigned int fd, struct compat_statfs __user *buf) # -probe syscall.fstatfs = - kernel.function("compat_sys_fstatfs") ?, +probe syscall.fstatfs = kernel.function("compat_sys_fstatfs") ?, kernel.function("SyS_fstatfs") !, kernel.function("sys_fstatfs") { @@ -1182,8 +1248,7 @@ probe syscall.fstatfs = buf_uaddr = $buf argstr = sprintf("%d, %p", $fd, $buf) } -probe syscall.fstatfs.return = - kernel.function("compat_sys_fstatfs").return ?, +probe syscall.fstatfs.return = kernel.function("compat_sys_fstatfs").return ?, kernel.function("SyS_fstatfs").return !, kernel.function("sys_fstatfs").return { @@ -1195,8 +1260,7 @@ probe syscall.fstatfs.return = # long sys_fstatfs64(unsigned int fd, size_t sz, struct statfs64 __user *buf) # long compat_sys_fstatfs64(unsigned int fd, compat_size_t sz, struct compat_statfs64 __user *buf) # -probe syscall.fstatfs64 = - kernel.function("compat_sys_fstatfs64") ?, +probe syscall.fstatfs64 = kernel.function("compat_sys_fstatfs64") ?, kernel.function("SyS_fstatfs64") !, kernel.function("sys_fstatfs64") ? { @@ -1206,8 +1270,7 @@ probe syscall.fstatfs64 = buf_uaddr = $buf argstr = sprintf("%d, %d, %p", $fd, $sz, $buf) } -probe syscall.fstatfs64.return = - kernel.function("compat_sys_fstatfs64").return ?, +probe syscall.fstatfs64.return = kernel.function("compat_sys_fstatfs64").return ?, kernel.function("SyS_fstatfs64").return !, kernel.function("sys_fstatfs64").return ? { @@ -1218,40 +1281,46 @@ probe syscall.fstatfs64.return = # fsync ______________________________________________________ # long sys_fsync(unsigned int fd) probe syscall.fsync = kernel.function("SyS_fsync") !, - kernel.function("sys_fsync") { + kernel.function("sys_fsync") +{ name = "fsync" fd = $fd argstr = sprint(fd) } probe syscall.fsync.return = kernel.function("SyS_fsync").return !, - kernel.function("sys_fsync").return { + kernel.function("sys_fsync").return +{ name = "fsync" retstr = returnstr(1) } # ftruncate __________________________________________________ # long sys_ftruncate(unsigned int fd, unsigned long length) probe syscall.ftruncate = kernel.function("SyS_ftruncate") !, - kernel.function("sys_ftruncate") { + kernel.function("sys_ftruncate") +{ name = "ftruncate" fd = $fd length = $length argstr = sprintf("%d, %d", fd, length) } probe syscall.ftruncate.return = kernel.function("SyS_ftruncate").return !, - kernel.function("sys_ftruncate").return { + kernel.function("sys_ftruncate").return +{ name = "ftruncate" retstr = returnstr(1) } # ftruncate64 ________________________________________________ # long sys_ftruncate64(unsigned int fd, loff_t length) -probe syscall.ftruncate64 = kernel.function("sys_ftruncate64") ? { +probe syscall.ftruncate64 = kernel.function("sys_ftruncate64") ? +{ name = "ftruncate" fd = $fd length = $length argstr = sprintf("%d, %d", fd, length) } -probe syscall.ftruncate64.return = kernel.function("sys_ftruncate64").return ? { +probe syscall.ftruncate64.return = kernel.function("sys_ftruncate64").return ? +{ name = "ftruncate" retstr = returnstr(1) } @@ -1268,7 +1337,8 @@ probe syscall.ftruncate64.return = kernel.function("sys_ftruncate64").return ? { # u32 val3) # probe syscall.futex = kernel.function("SyS_futex") !, - kernel.function("sys_futex") ? { + kernel.function("sys_futex") ? +{ name = "futex" futex_uaddr = $uaddr op = $op @@ -1277,18 +1347,20 @@ probe syscall.futex = kernel.function("SyS_futex") !, uaddr2_uaddr = $uaddr2 val3 = $val3 if (op == 0) - argstr = sprintf("%p, %s, %d, %s", $uaddr, _futex_op_str($op), - $val, _struct_timespec_u($utime,1)) + argstr = sprintf("%p, %s, %d, %s", $uaddr, _futex_op_str($op), + $val, _struct_timespec_u($utime, 1)) else - argstr = sprintf("%p, %s, %d", $uaddr, _futex_op_str($op), - $val) + argstr = sprintf("%p, %s, %d", $uaddr, _futex_op_str($op), + $val) } probe syscall.futex.return = kernel.function("SyS_futex").return !, - kernel.function("sys_futex").return ? { + kernel.function("sys_futex").return ? +{ name = "futex" retstr = returnstr(1) } -probe syscall.compat_futex = kernel.function("compat_sys_futex") ? { +probe syscall.compat_futex = kernel.function("compat_sys_futex") ? +{ name = "futex" futex_uaddr = $uaddr op = $op @@ -1297,13 +1369,14 @@ probe syscall.compat_futex = kernel.function("compat_sys_futex") ? { uaddr2_uaddr = $uaddr2 val3 = $val3 if (op == 0) - argstr = sprintf("%p, %s, %d, %s", $uaddr, _futex_op_str($op), - $val, _struct_compat_timespec_u($utime,1)) + argstr = sprintf("%p, %s, %d, %s", $uaddr, _futex_op_str($op), + $val, _struct_compat_timespec_u($utime, 1)) else - argstr = sprintf("%p, %s, %d", $uaddr, _futex_op_str($op), - $val) + argstr = sprintf("%p, %s, %d", $uaddr, _futex_op_str($op), + $val) } -probe syscall.compat_futex.return = kernel.function("compat_sys_futex").return ? { +probe syscall.compat_futex.return = kernel.function("compat_sys_futex").return ? +{ name = "futex" retstr = returnstr(1) } @@ -1315,30 +1388,34 @@ probe syscall.compat_futex.return = kernel.function("compat_sys_futex").return ? # probe syscall.futimesat = kernel.function("SyS_futimesat") !, - kernel.function("sys_futimesat") ? { + kernel.function("sys_futimesat") ? +{ name = "futimesat" dirfd = $dfd filename_uaddr = $filename filename = user_string($filename) tvp_uaddr = $utimes - argstr = sprintf("%s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), + argstr = sprintf("%s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), _struct_timeval_u($utimes, 2)) } -probe syscall.compat_futimesat = kernel.function("compat_sys_futimesat") ? { +probe syscall.compat_futimesat = kernel.function("compat_sys_futimesat") ? +{ name = "futimesat" dirfd = $dfd filename_uaddr = $filename filename = user_string($filename) tvp_uaddr = $t - argstr = sprintf("%s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), + argstr = sprintf("%s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), _struct_compat_timeval_u($t, 2)) } probe syscall.futimesat.return = kernel.function("SyS_futimesat").return !, - kernel.function("sys_futimesat").return ? { + kernel.function("sys_futimesat").return ? +{ name = "futimesat" retstr = returnstr(1) } -probe syscall.compat_futimesat.return = kernel.function("compat_sys_futimesat").return ? { +probe syscall.compat_futimesat.return = kernel.function("compat_sys_futimesat").return ? +{ name = "futimesat" retstr = returnstr(1) } @@ -1346,26 +1423,27 @@ probe syscall.compat_futimesat.return = kernel.function("compat_sys_futimesat"). # getcwd _____________________________________________________ # long sys_getcwd(char __user *buf, unsigned long size) probe syscall.getcwd = kernel.function("SyS_getcwd") !, - kernel.function("sys_getcwd") { + kernel.function("sys_getcwd") +{ name = "getcwd" buf_uaddr = $buf size = $size argstr = sprintf("%p, %d", buf_uaddr, size) } probe syscall.getcwd.return = kernel.function("SyS_getcwd").return !, - kernel.function("sys_getcwd").return { + kernel.function("sys_getcwd").return +{ name = "getcwd" retstr = returnstr(1) } # getdents ___________________________________________________ # long sys_getdents(unsigned int fd, struct linux_dirent __user * dirent, unsigned int count) -# long compat_sys_getdents(unsigned int fd,struct compat_linux_dirent __user *dirent, unsigned int count) +# long compat_sys_getdents(unsigned int fd, struct compat_linux_dirent __user *dirent, unsigned int count) # long sys_getdents64(unsigned int fd, struct linux_dirent64 __user * dirent, unsigned int count) # long compat_sys_getdents64(unsigned int fd, struct linux_dirent64 __user * dirent, unsigned int count) # -probe syscall.getdents = - kernel.function("SyS_getdents") ?, +probe syscall.getdents = kernel.function("SyS_getdents") ?, kernel.function("sys_getdents") ?, kernel.function("SyS_getdents64") ?, kernel.function("sys_getdents64") ?, @@ -1378,8 +1456,7 @@ probe syscall.getdents = count = $count argstr = sprintf("%d, %p, %d", $fd, $dirent, $count) } -probe syscall.getdents.return = - kernel.function("SyS_getdents").return ?, +probe syscall.getdents.return = kernel.function("SyS_getdents").return ?, kernel.function("sys_getdents").return ?, kernel.function("SyS_getdents64").return ?, kernel.function("sys_getdents64").return ?, @@ -1395,16 +1472,14 @@ probe syscall.getdents.return = # long sys_getegid16(void) # long sys32_getegid16(void) # -probe syscall.getegid = - kernel.function("sys_getegid16") ?, +probe syscall.getegid = kernel.function("sys_getegid16") ?, kernel.function("sys32_getegid16") ?, kernel.function("sys_getegid") { name = "getegid" argstr = "" } -probe syscall.getegid.return = - kernel.function("sys_getegid16").return ?, +probe syscall.getegid.return = kernel.function("sys_getegid16").return ?, kernel.function("sys32_getegid16").return ?, kernel.function("sys_getegid").return { @@ -1416,16 +1491,14 @@ probe syscall.getegid.return = # long sys_geteuid(void) # long sys32_geteuid16(void) # -probe syscall.geteuid = - kernel.function("sys_geteuid16") ?, +probe syscall.geteuid = kernel.function("sys_geteuid16") ?, kernel.function("sys32_geteuid16") ?, kernel.function("sys_geteuid") { name = "geteuid" argstr = "" } -probe syscall.geteuid.return = - kernel.function("sys_geteuid16").return ?, +probe syscall.geteuid.return = kernel.function("sys_geteuid16").return ?, kernel.function("sys32_geteuid16").return ?, kernel.function("sys_geteuid").return { @@ -1437,16 +1510,14 @@ probe syscall.geteuid.return = # long sys_getgid(void) # long sys32_getgid16(void) # -probe syscall.getgid = - kernel.function("sys_getgid16") ?, +probe syscall.getgid = kernel.function("sys_getgid16") ?, kernel.function("sys32_getgid16") ?, - kernel.function("sys_getgid") + kernel.function("sys_getgid") { name = "getgid" argstr = "" } -probe syscall.getgid.return = - kernel.function("sys_getgid16").return ?, +probe syscall.getgid.return = kernel.function("sys_getgid16").return ?, kernel.function("sys32_getgid16").return ?, kernel.function("sys_getgid").return { @@ -1459,8 +1530,7 @@ probe syscall.getgid.return = # long sys_getgroups16(int gidsetsize, old_gid_t __user *grouplist) # long sys32_getgroups16(int gidsetsize, u16 __user *grouplist) # -probe syscall.getgroups = - kernel.function("sys_getgroups16") ?, +probe syscall.getgroups = kernel.function("sys_getgroups16") ?, kernel.function("sys32_getgroups16") ?, kernel.function("SyS_getgroups") !, kernel.function("sys_getgroups") ? @@ -1470,8 +1540,7 @@ probe syscall.getgroups = list_uaddr = $grouplist argstr = sprintf("%d, %p", $gidsetsize, $grouplist) } -probe syscall.getgroups.return = - kernel.function("sys_getgroups16").return ?, +probe syscall.getgroups.return = kernel.function("sys_getgroups16").return ?, kernel.function("sys32_getgroups16").return ?, kernel.function("SyS_getgroups").return !, kernel.function("sys_getgroups").return ? @@ -1483,14 +1552,16 @@ probe syscall.getgroups.return = # gethostname ________________________________________________ # long sys_gethostname(char __user *name, int len) probe syscall.gethostname = kernel.function("SyS_gethostname") !, - kernel.function("sys_gethostname") ? { + kernel.function("sys_gethostname") ? +{ name = "gethostname" name_uaddr = $name len = $len argstr = sprintf ("%p, %d", name_uaddr, len) } probe syscall.gethostname.return = kernel.function("SyS_gethostname").return !, - kernel.function("sys_gethostname").return ? { + kernel.function("sys_gethostname").return ? +{ name = "gethostname" retstr = returnstr(1) } @@ -1499,25 +1570,29 @@ probe syscall.gethostname.return = kernel.function("SyS_gethostname").return !, # sys_getitimer(int which, struct itimerval __user *value) # probe syscall.getitimer = kernel.function("SyS_getitimer") !, - kernel.function("sys_getitimer") { + kernel.function("sys_getitimer") +{ name = "getitimer" which = $which value_uaddr = $value - argstr = sprintf("%s, %p", _itimer_which_str($which), $value) + argstr = sprintf("%s, %p", _itimer_which_str($which), $value) } probe syscall.getitimer.return = kernel.function("SyS_getitimer").return !, - kernel.function("sys_getitimer").return { + kernel.function("sys_getitimer").return +{ name = "getitimer" retstr = returnstr(1) } # long compat_sys_getitimer(int which, struct compat_itimerval __user *it -probe syscall.compat_getitimer = kernel.function("compat_sys_getitimer") ? { +probe syscall.compat_getitimer = kernel.function("compat_sys_getitimer") ? +{ name = "getitimer" which = $which value_uaddr = $it - argstr = sprintf("%s, %p", _itimer_which_str($which), $it) + argstr = sprintf("%s, %p", _itimer_which_str($which), $it) } -probe syscall.compat_getitimer.return = kernel.function("compat_sys_getitimer").return ? { +probe syscall.compat_getitimer.return = kernel.function("compat_sys_getitimer").return ? +{ name = "getitimer" retstr = returnstr(1) } @@ -1533,8 +1608,7 @@ probe syscall.compat_getitimer.return = kernel.function("compat_sys_getitimer"). # compat_ulong_t maxnode, # compat_ulong_t addr, compat_ulong_t flags) # -probe syscall.get_mempolicy = - kernel.function("compat_sys_get_mempolicy") ?, +probe syscall.get_mempolicy = kernel.function("compat_sys_get_mempolicy") ?, kernel.function("SyS_get_mempolicy") !, kernel.function("sys_get_mempolicy") ? { @@ -1545,10 +1619,9 @@ probe syscall.get_mempolicy = addr = $addr flags = $flags argstr = sprintf("%p, %p, %d, %p, 0x%x", $policy, - $nmask, $maxnode, $addr, $flags) + $nmask, $maxnode, $addr, $flags) } -probe syscall.get_mempolicy.return = - kernel.function("compat_sys_get_mempolicy").return ?, +probe syscall.get_mempolicy.return = kernel.function("compat_sys_get_mempolicy").return ?, kernel.function("SyS_get_mempolicy").return !, kernel.function("sys_get_mempolicy").return ? { @@ -1560,7 +1633,8 @@ probe syscall.get_mempolicy.return = # long sys_getpeername(int fd, struct sockaddr __user *usockaddr, int __user *usockaddr_len) # probe syscall.getpeername = kernel.function("SyS_getpeername") !, - kernel.function("sys_getpeername") ? { + kernel.function("sys_getpeername") ? +{ name = "getpeername" s = $fd name_uaddr = $usockaddr @@ -1568,7 +1642,8 @@ probe syscall.getpeername = kernel.function("SyS_getpeername") !, argstr = sprintf("%d, %p, %p", $fd, $usockaddr, $usockaddr_len) } probe syscall.getpeername.return = kernel.function("SyS_getpeername").return !, - kernel.function("sys_getpeername").return ? { + kernel.function("sys_getpeername").return ? +{ name = "getpeername" retstr = returnstr(1) } @@ -1576,46 +1651,54 @@ probe syscall.getpeername.return = kernel.function("SyS_getpeername").return !, # getpgid ____________________________________________________ # long sys_getpgid(pid_t pid) probe syscall.getpgid = kernel.function("SyS_getpgid") !, - kernel.function("sys_getpgid") { + kernel.function("sys_getpgid") +{ name = "getpgid" pid = $pid argstr = sprintf("%d", $pid) } probe syscall.getpgid.return = kernel.function("SyS_getpgid").return !, - kernel.function("sys_getpgid").return { + kernel.function("sys_getpgid").return +{ name = "getpgid" retstr = returnstr(1) } # getpgrp ____________________________________________________ # long sys_getpgrp(void) -probe syscall.getpgrp = kernel.function("sys_getpgrp") ? { +probe syscall.getpgrp = kernel.function("sys_getpgrp") ? +{ name = "getpgrp" argstr = "" } -probe syscall.getpgrp.return = kernel.function("sys_getpgrp").return ? { +probe syscall.getpgrp.return = kernel.function("sys_getpgrp").return ? +{ name = "getpgrp" retstr = returnstr(1) } # getpid _____________________________________________________ # long sys_getpid(void) -probe syscall.getpid = kernel.function("sys_getpid") { +probe syscall.getpid = kernel.function("sys_getpid") +{ name = "getpid" argstr = "" } -probe syscall.getpid.return = kernel.function("sys_getpid").return { +probe syscall.getpid.return = kernel.function("sys_getpid").return +{ name = "getpid" retstr = returnstr(1) } # getppid ____________________________________________________ # long sys_getppid(void) -probe syscall.getppid = kernel.function("sys_getppid") { +probe syscall.getppid = kernel.function("sys_getppid") +{ name = "getppid" argstr = "" } -probe syscall.getppid.return = kernel.function("sys_getppid").return { +probe syscall.getppid.return = kernel.function("sys_getppid").return +{ name = "getppid" retstr = returnstr(1) } @@ -1623,14 +1706,16 @@ probe syscall.getppid.return = kernel.function("sys_getppid").return { # getpriority ________________________________________________ # long sys_getpriority(int which, int who) probe syscall.getpriority = kernel.function("SyS_getpriority") !, - kernel.function("sys_getpriority") { + kernel.function("sys_getpriority") +{ name = "getpriority" which = $which who = $who argstr = sprintf("%s, %d", _priority_which_str(which), who) } probe syscall.getpriority.return = kernel.function("SyS_getpriority").return !, - kernel.function("sys_getpriority").return { + kernel.function("sys_getpriority").return +{ name = "getpriority" retstr = returnstr(1) } @@ -1642,8 +1727,7 @@ probe syscall.getpriority.return = kernel.function("SyS_getpriority").return !, # long sys_getresgid16(old_uid_t __user *rgid, # old_uid_t __user *egid, # old_uid_t __user *sgid) -probe syscall.getresgid = - kernel.function("sys_getresgid16") ?, +probe syscall.getresgid = kernel.function("sys_getresgid16") ?, kernel.function("SyS_getresgid") !, kernel.function("sys_getresgid") { @@ -1653,8 +1737,7 @@ probe syscall.getresgid = sgid_uaddr = $sgid argstr = sprintf("%p, %p, %p", $rgid, $egid, $sgid) } -probe syscall.getresgid.return = - kernel.function("sys_getresgid16").return ?, +probe syscall.getresgid.return = kernel.function("sys_getresgid16").return ?, kernel.function("SyS_getresgid").return !, kernel.function("sys_getresgid").return { @@ -1663,11 +1746,10 @@ probe syscall.getresgid.return = } # getresuid __________________________________________________ -# long sys_getresuid(uid_t __user *ruid, +# long sys_getresuid(uid_t __user *ruid, # uid_t __user *euid, # uid_t __user *suid) -probe syscall.getresuid = - kernel.function("sys_getresuid16") ?, +probe syscall.getresuid = kernel.function("sys_getresuid16") ?, kernel.function("SyS_getresuid") !, kernel.function("sys_getresuid") { @@ -1677,8 +1759,7 @@ probe syscall.getresuid = suid_uaddr = $suid argstr = sprintf("%p, %p, %p", $ruid, $euid, $suid) } -probe syscall.getresuid.return = - kernel.function("sys_getresuid16").return ?, +probe syscall.getresuid.return = kernel.function("sys_getresuid16").return ?, kernel.function("SyS_getresuid").return !, kernel.function("sys_getresuid").return { @@ -1693,8 +1774,8 @@ probe syscall.getresuid.return = probe syscall.getrlimit = kernel.function("SyS_getrlimit") ?, kernel.function("sys_getrlimit") ?, kernel.function("SyS_old_getrlimit") ?, - kernel.function("sys_old_getrlimit") ?, - kernel.function("compat_sys_getrlimit") ? + kernel.function("sys_old_getrlimit") ?, + kernel.function("compat_sys_getrlimit") ? { name = "getrlimit" resource = $resource @@ -1704,8 +1785,8 @@ probe syscall.getrlimit = kernel.function("SyS_getrlimit") ?, probe syscall.getrlimit.return = kernel.function("SyS_getrlimit").return ?, kernel.function("sys_getrlimit").return ?, kernel.function("SyS_old_getrlimit").return ?, - kernel.function("sys_old_getrlimit").return ?, - kernel.function("compat_sys_getrlimit").return ? + kernel.function("sys_old_getrlimit").return ?, + kernel.function("compat_sys_getrlimit").return ? { name = "getrlimit" retstr = returnstr(1) @@ -1714,23 +1795,21 @@ probe syscall.getrlimit.return = kernel.function("SyS_getrlimit").return ?, # getrusage __________________________________________________ # long sys_getrusage(int who, struct rusage __user *ru) probe syscall.getrusage = kernel.function("SyS_getrusage") !, - kernel.function("sys_getrusage") { + kernel.function("sys_getrusage") +{ name = "getrusage" who = $who - if($who==-2) - { + if ($who == -2) { # RUSAGE_BOTH is not valid argument for sys_getrusage who_str = sprintf("UNKNOWN VALUE: %d", $who) - } - else - { + } else who_str = _rusage_who_str($who) - } usage_uaddr = $ru argstr = sprintf("%s, %p", who_str, usage_uaddr) } probe syscall.getrusage.return = kernel.function("SyS_getrusage").return !, - kernel.function("sys_getrusage").return { + kernel.function("sys_getrusage").return +{ name = "getrusage" retstr = returnstr(1) } @@ -1738,13 +1817,15 @@ probe syscall.getrusage.return = kernel.function("SyS_getrusage").return !, # getsid _____________________________________________________ # long sys_getsid(pid_t pid) probe syscall.getsid = kernel.function("SyS_getsid") !, - kernel.function("sys_getsid") { + kernel.function("sys_getsid") +{ name = "getsid" pid = $pid argstr = sprint(pid) } probe syscall.getsid.return = kernel.function("SyS_getsid").return !, - kernel.function("sys_getsid").return { + kernel.function("sys_getsid").return +{ name = "getsid" retstr = returnstr(1) } @@ -1754,7 +1835,8 @@ probe syscall.getsid.return = kernel.function("SyS_getsid").return !, # struct sockaddr __user *usockaddr, # int __user *usockaddr_len) probe syscall.getsockname = kernel.function("SyS_getsockname") !, - kernel.function("sys_getsockname") ? { + kernel.function("sys_getsockname") ? +{ name = "getsockname" s = $fd name_uaddr = $usockaddr @@ -1762,7 +1844,8 @@ probe syscall.getsockname = kernel.function("SyS_getsockname") !, argstr = sprintf("%d, %p, %p", $fd, $usockaddr, $usockaddr_len) } probe syscall.getsockname.return = kernel.function("SyS_getsockname").return !, - kernel.function("sys_getsockname").return ? { + kernel.function("sys_getsockname").return ? +{ name = "getsockname" retstr = returnstr(1) } @@ -1774,8 +1857,7 @@ probe syscall.getsockname.return = kernel.function("SyS_getsockname").return !, # char __user *optval, # int __user *optlen) # -probe syscall.getsockopt = - kernel.function("compat_sys_getsockopt") ?, +probe syscall.getsockopt = kernel.function("compat_sys_getsockopt") ?, kernel.function("SyS_getsockopt") !, kernel.function("sys_getsockopt") ? { @@ -1788,10 +1870,9 @@ probe syscall.getsockopt = optval_uaddr = $optval optlen_uaddr = $optlen argstr = sprintf("%d, %s, %s, %p, %p", $fd, _sockopt_level_str($level), - _sockopt_optname_str($optname), $optval, $optlen) + _sockopt_optname_str($optname), $optval, $optlen) } -probe syscall.getsockopt.return = - kernel.function("compat_sys_getsockopt").return ?, +probe syscall.getsockopt.return = kernel.function("compat_sys_getsockopt").return ?, kernel.function("SyS_getsockopt").return !, kernel.function("sys_getsockopt").return ? { @@ -1801,11 +1882,13 @@ probe syscall.getsockopt.return = # gettid _____________________________________________________ # long sys_gettid(void) -probe syscall.gettid = kernel.function("sys_gettid") { +probe syscall.gettid = kernel.function("sys_gettid") +{ name = "gettid" argstr = "" } -probe syscall.gettid.return = kernel.function("sys_gettid").return { +probe syscall.gettid.return = kernel.function("sys_gettid").return +{ name = "gettid" retstr = returnstr(1) } @@ -1813,12 +1896,11 @@ probe syscall.gettid.return = kernel.function("sys_gettid").return { # gettimeofday _______________________________________________ # long sys_gettimeofday(struct timeval __user *tv, # struct timezone __user *tz) -# long sys32_gettimeofday(struct compat_timeval __user *tv, +# long sys32_gettimeofday(struct compat_timeval __user *tv, # struct timezone __user *tz) # long compat_sys_gettimeofday(struct compat_timeval __user *tv, # struct timezone __user *tz) -probe syscall.gettimeofday = - kernel.function("compat_sys_gettimeofday") ?, +probe syscall.gettimeofday = kernel.function("compat_sys_gettimeofday") ?, kernel.function("sys32_gettimeofday") ?, kernel.function("SyS_gettimeofday") !, kernel.function("sys_gettimeofday") @@ -1829,8 +1911,7 @@ probe syscall.gettimeofday = argstr = sprintf("%p, %p", $tv, $tz) } -probe syscall.gettimeofday.return = - kernel.function("compat_sys_gettimeofday").return ?, +probe syscall.gettimeofday.return = kernel.function("compat_sys_gettimeofday").return ?, kernel.function("sys32_gettimeofday").return ?, kernel.function("SyS_gettimeofday").return !, kernel.function("sys_gettimeofday").return @@ -1844,16 +1925,14 @@ probe syscall.gettimeofday.return = # long sys_getuid16(void) # long sys32_getuid16(void) # -probe syscall.getuid = - kernel.function("sys_getuid16") ?, +probe syscall.getuid = kernel.function("sys_getuid16") ?, kernel.function("sys32_getuid16") ?, kernel.function("sys_getuid") { name = "getuid" argstr = "" } -probe syscall.getuid.return = - kernel.function("sys_getuid16").return ?, +probe syscall.getuid.return = kernel.function("sys_getuid16").return ?, kernel.function("sys32_getuid16").return ?, kernel.function("sys_getuid").return { @@ -1865,7 +1944,8 @@ probe syscall.getuid.return = # ssize_t sys_getxattr(char __user *path, char __user *name, # void __user *value, size_t size) probe syscall.getxattr = kernel.function("SyS_getxattr") !, - kernel.function("sys_getxattr") { + kernel.function("sys_getxattr") +{ name = "getxattr" %( kernel_v >= "2.6.27" %? path = user_string($pathname) @@ -1876,17 +1956,18 @@ probe syscall.getxattr = kernel.function("SyS_getxattr") !, name2 = user_string($name) value_uaddr = $value size = $size - argstr = sprintf("%s, %s, %p, %d", + argstr = sprintf("%s, %s, %p, %d", %( kernel_v >= "2.6.27" %? - user_string_quoted($pathname), + user_string_quoted($pathname), %: - user_string_quoted($path), + user_string_quoted($path), %) user_string_quoted($name), value_uaddr, size) } probe syscall.getxattr.return = kernel.function("SyS_getxattr").return !, - kernel.function("sys_getxattr").return { + kernel.function("sys_getxattr").return +{ name = "getxattr" retstr = returnstr(1) } @@ -1897,7 +1978,8 @@ probe syscall.getxattr.return = kernel.function("SyS_getxattr").return !, # const char __user *uargs) # probe syscall.init_module = kernel.function("SyS_init_module") !, - kernel.function("sys_init_module") ? { + kernel.function("sys_init_module") ? +{ name = "init_module" umod_uaddr = $umod len = $len @@ -1905,7 +1987,8 @@ probe syscall.init_module = kernel.function("SyS_init_module") !, argstr = sprintf("%p, %d, %s", $umod, $len, user_string_quoted($uargs)) } probe syscall.init_module.return = kernel.function("SyS_init_module").return !, - kernel.function("sys_init_module").return ? { + kernel.function("sys_init_module").return ? +{ name = "init_module" retstr = returnstr(1) } @@ -1915,7 +1998,8 @@ probe syscall.init_module.return = kernel.function("SyS_init_module").return !, # long sys_inotify_add_watch(int fd, const char __user *path, u32 mask) # probe syscall.inotify_add_watch = kernel.function("SyS_inotify_add_watch") !, - kernel.function("sys_inotify_add_watch") ? { + kernel.function("sys_inotify_add_watch") ? +{ name = "inotify_add_watch" fd = $fd mask = $mask @@ -1931,7 +2015,8 @@ probe syscall.inotify_add_watch = kernel.function("SyS_inotify_add_watch") !, } probe syscall.inotify_add_watch.return = kernel.function("SyS_inotify_add_watch").return !, - kernel.function("sys_inotify_add_watch").return ? { + kernel.function("sys_inotify_add_watch").return ? +{ name = "inotify_add_watch" retstr = returnstr(1) } @@ -1940,11 +2025,13 @@ probe syscall.inotify_add_watch.return = kernel.function("SyS_inotify_add_watch" # # long sys_inotify_init(void) # -probe syscall.inotify_init = kernel.function("sys_inotify_init") ? { +probe syscall.inotify_init = kernel.function("sys_inotify_init") ? +{ name = "inotify_init" argstr = "" } -probe syscall.inotify_init.return = kernel.function("sys_inotify_init").return ? { +probe syscall.inotify_init.return = kernel.function("sys_inotify_init").return ? +{ name = "inotify_init" retstr = returnstr(1) } @@ -1954,14 +2041,16 @@ probe syscall.inotify_init.return = kernel.function("sys_inotify_init").return ? # long sys_inotify_rm_watch(int fd, u32 wd) # probe syscall.inotify_rm_watch = kernel.function("SyS_inotify_rm_watch") !, - kernel.function("sys_inotify_rm_watch") ? { + kernel.function("sys_inotify_rm_watch") ? +{ name = "inotify_rm_watch" fd = $fd wd = $wd argstr = sprintf("%d, %d", $fd, $wd) } probe syscall.inotify_rm_watch.return = kernel.function("SyS_inotify_rm_watch").return !, - kernel.function("sys_inotify_rm_watch").return ? { + kernel.function("sys_inotify_rm_watch").return ? +{ name = "inotify_rm_watch" retstr = returnstr(1) } @@ -1971,15 +2060,17 @@ probe syscall.inotify_rm_watch.return = kernel.function("SyS_inotify_rm_watch"). # struct iocb __user *iocb, # struct io_event __user *result) probe syscall.io_cancel = kernel.function("SyS_io_cancel") !, - kernel.function("sys_io_cancel") { + kernel.function("sys_io_cancel") +{ name = "io_cancel" ctx_id = $ctx_id iocb_uaddr = $iocb result_uaddr = $result - argstr = sprintf("%d, %p, %p", ctx_id, iocb_uaddr, result_uaddr) + argstr = sprintf("%d, %p, %p", ctx_id, iocb_uaddr, result_uaddr) } probe syscall.io_cancel.return = kernel.function("SyS_io_cancel").return !, - kernel.function("sys_io_cancel").return { + kernel.function("sys_io_cancel").return +{ name = "io_cancel" retstr = returnstr(1) } @@ -1988,8 +2079,7 @@ probe syscall.io_cancel.return = kernel.function("SyS_io_cancel").return !, # long sys_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg) # long compat_sys_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg) # -probe syscall.ioctl = - kernel.function("compat_sys_ioctl") ?, +probe syscall.ioctl = kernel.function("compat_sys_ioctl") ?, kernel.function("SyS_ioctl") !, kernel.function("sys_ioctl") ? { @@ -1999,8 +2089,7 @@ probe syscall.ioctl = argp = $arg argstr = sprintf("%d, %d, %p", $fd, $cmd, $arg) } -probe syscall.ioctl.return = - kernel.function("compat_sys_ioctl").return ?, +probe syscall.ioctl.return = kernel.function("compat_sys_ioctl").return ?, kernel.function("SyS_ioctl").return !, kernel.function("sys_ioctl").return ? { @@ -2011,13 +2100,15 @@ probe syscall.ioctl.return = # io_destroy _________________________________________________ # long sys_io_destroy(aio_context_t ctx) probe syscall.io_destroy = kernel.function("SyS_io_destroy") !, - kernel.function("sys_io_destroy") { + kernel.function("sys_io_destroy") +{ name = "io_destroy" ctx = $ctx argstr = sprintf("%d", ctx) } probe syscall.io_destroy.return = kernel.function("SyS_io_destroy").return !, - kernel.function("sys_io_destroy").return { + kernel.function("sys_io_destroy").return +{ name = "io_destroy" retstr = returnstr(1) } @@ -2034,8 +2125,7 @@ probe syscall.io_destroy.return = kernel.function("SyS_io_destroy").return !, # struct io_event __user *events, # struct compat_timespec __user *timeout) # -probe syscall.io_getevents = - kernel.function("compat_sys_io_getevents") ?, +probe syscall.io_getevents = kernel.function("compat_sys_io_getevents") ?, kernel.function("SyS_io_getevents") !, kernel.function("sys_io_getevents") ? { @@ -2045,12 +2135,11 @@ probe syscall.io_getevents = nr = $nr events_uaddr = $events timeout_uaddr = $timeout - timestr = _struct_timespec_u($timeout,1) + timestr = _struct_timespec_u($timeout, 1) argstr = sprintf("%d, %d, %d, %p, %p, %s", $ctx_id, $min_nr, $nr, $events, $timeout, timestr) } -probe syscall.io_getevents.return = - kernel.function("compat_sys_io_getevents").return ?, +probe syscall.io_getevents.return = kernel.function("compat_sys_io_getevents").return ?, kernel.function("SyS_io_getevents").return !, kernel.function("sys_io_getevents").return ? { @@ -2061,23 +2150,26 @@ probe syscall.io_getevents.return = # ioperm _____________________________________________________ # long sys_ioperm(unsigned long from, unsigned long num, int turn_on) # -probe syscall.ioperm = kernel.function("sys_ioperm") ? { +probe syscall.ioperm = kernel.function("sys_ioperm") ? +{ name = "ioperm" from = $from num = $num turn_on = $turn_on argstr = sprintf("%d, %d, %d", $from, $num, $turn_on) } -probe syscall.ioperm.return = kernel.function("sys_ioperm").return ? { +probe syscall.ioperm.return = kernel.function("sys_ioperm").return ? +{ name = "ioperm" retstr = returnstr(1) } # io_setup ___________________________________________________ # long sys_io_setup(unsigned nr_events, aio_context_t __user *ctxp) -# +# probe syscall.io_setup = kernel.function("SyS_io_setup") !, - kernel.function("sys_io_setup") { + kernel.function("sys_io_setup") +{ name = "io_setup" maxevents = $nr_events ctxp_uaddr = $ctxp @@ -2085,20 +2177,23 @@ probe syscall.io_setup = kernel.function("SyS_io_setup") !, } probe syscall.io_setup.return = kernel.function("SyS_io_setup").return !, - kernel.function("sys_io_setup").return { + kernel.function("sys_io_setup").return +{ name = "io_setup" retstr = returnstr(1) } # long compat_sys_io_setup(unsigned nr_reqs, u32 __user *ctx32p) # -probe syscall.compat_io_setup = kernel.function("compat_sys_io_setup") ? { +probe syscall.compat_io_setup = kernel.function("compat_sys_io_setup") ? +{ name = "io_setup" maxevents = $nr_reqs ctxp_uaddr = $ctx32p argstr = sprintf("%d, %p", $nr_reqs, $ctx32p) } -probe syscall.compat_io_setup.return = kernel.function("compat_sys_io_setup").return ? { +probe syscall.compat_io_setup.return = kernel.function("compat_sys_io_setup").return ? +{ name = "io_setup" retstr = returnstr(1) } @@ -2107,7 +2202,8 @@ probe syscall.compat_io_setup.return = kernel.function("compat_sys_io_setup").re # long sys_io_submit(aio_context_t ctx_id, long nr, struct iocb __user * __user *iocbpp) # probe syscall.io_submit = kernel.function("SyS_io_submit") !, - kernel.function("sys_io_submit") { + kernel.function("sys_io_submit") +{ name = "io_submit" ctx_id = $ctx_id nr = $nr @@ -2115,20 +2211,23 @@ probe syscall.io_submit = kernel.function("SyS_io_submit") !, argstr = sprintf("%d, %d, %p", $ctx_id, $nr, $iocbpp) } probe syscall.io_submit.return = kernel.function("SyS_io_submit").return !, - kernel.function("sys_io_submit").return { + kernel.function("sys_io_submit").return +{ name = "io_submit" retstr = returnstr(1) } # long compat_sys_io_submit(aio_context_t ctx_id, int nr, u32 __user *iocb) # -probe syscall.compat_io_submit = kernel.function("compat_sys_io_submit") ? { +probe syscall.compat_io_submit = kernel.function("compat_sys_io_submit") ? +{ name = "io_submit" ctx_id = $ctx_id nr = $nr iocbpp_uaddr = $iocb argstr = sprintf("%d, %d, %p", $ctx_id, $nr, $iocb) } -probe syscall.compat_io_submit.return = kernel.function("compat_sys_io_submit").return ? { +probe syscall.compat_io_submit.return = kernel.function("compat_sys_io_submit").return ? +{ name = "io_submit" retstr = returnstr(1) } @@ -2137,14 +2236,16 @@ probe syscall.compat_io_submit.return = kernel.function("compat_sys_io_submit"). # long sys_ioprio_get(int which, int who) # probe syscall.ioprio_get = kernel.function("SyS_ioprio_get") !, - kernel.function("sys_ioprio_get") ? { + kernel.function("sys_ioprio_get") ? +{ name = "ioprio_get" which = $which who = $who argstr = sprintf("%d, %d", $which, $who) } probe syscall.ioprio_get.return = kernel.function("SyS_ioprio_get").return !, - kernel.function("sys_ioprio_get").return ? { + kernel.function("sys_ioprio_get").return ? +{ name = "ioprio_get" retstr = returnstr(1) } @@ -2153,7 +2254,8 @@ probe syscall.ioprio_get.return = kernel.function("SyS_ioprio_get").return !, # long sys_ioprio_set(int which, int who, int ioprio) # probe syscall.ioprio_set = kernel.function("SyS_ioprio_set") !, - kernel.function("sys_ioprio_set") ? { + kernel.function("sys_ioprio_set") ? +{ name = "ioprio_set" which = $which who = $who @@ -2161,7 +2263,8 @@ probe syscall.ioprio_set = kernel.function("SyS_ioprio_set") !, argstr = sprintf("%d, %d, %d", $which, $who, $ioprio) } probe syscall.ioprio_set.return = kernel.function("SyS_ioprio_set").return !, - kernel.function("sys_ioprio_set").return ? { + kernel.function("sys_ioprio_set").return ? +{ name = "ioprio_set" retstr = returnstr(1) } @@ -2176,8 +2279,7 @@ probe syscall.ioprio_set.return = kernel.function("SyS_ioprio_set").return !, # struct compat_kexec_segment __user *segments, # unsigned long flags) # -probe syscall.kexec_load = - kernel.function("compat_sys_kexec_load") ?, +probe syscall.kexec_load = kernel.function("compat_sys_kexec_load") ?, kernel.function("SyS_kexec_load") !, kernel.function("sys_kexec_load") ? { @@ -2188,13 +2290,12 @@ probe syscall.kexec_load = flags = $flags argstr = sprintf("%p, %d, %p, %d", $entry, $nr_segments, $segments, $flags) } -probe syscall.kexec_load.return = - kernel.function("compat_sys_kexec_load").return ?, +probe syscall.kexec_load.return = kernel.function("compat_sys_kexec_load").return ?, kernel.function("SyS_kexec_load").return !, kernel.function("sys_kexec_load").return ? { name = "kexec_load" - retstr = returnstr(1) + retstr = returnstr(1) } # keyctl _____________________________________________________ @@ -2205,8 +2306,7 @@ probe syscall.kexec_load.return = # unsigned long arg5) # long compat_sys_keyctl(u32 option, u32 arg2, u32 arg3, u32 arg4, u32 arg5) # -probe syscall.keyctl = - kernel.function("compat_sys_keyctl") ?, +probe syscall.keyctl = kernel.function("compat_sys_keyctl") ?, kernel.function("SyS_keyctl") !, kernel.function("sys_keyctl") ? { @@ -2214,8 +2314,7 @@ probe syscall.keyctl = argstr = sprintf("%d, ...", $option) } -probe syscall.keyctl.return = - kernel.function("compat_sys_keyctl").return ?, +probe syscall.keyctl.return = kernel.function("compat_sys_keyctl").return ?, kernel.function("SyS_keyctl").return !, kernel.function("sys_keyctl").return ? { @@ -2226,14 +2325,16 @@ probe syscall.keyctl.return = # kill _______________________________________________________ # long sys_kill(int pid, int sig) probe syscall.kill = kernel.function("SyS_kill") !, - kernel.function("sys_kill") { + kernel.function("sys_kill") +{ name = "kill" pid = $pid sig = $sig argstr = sprintf("%d, %s", $pid, _signal_name($sig)) } probe syscall.kill.return = kernel.function("SyS_kill").return !, - kernel.function("sys_kill").return { + kernel.function("sys_kill").return +{ name = "kill" retstr = returnstr(1) } @@ -2242,31 +2343,35 @@ probe syscall.kill.return = kernel.function("SyS_kill").return !, # long sys_lchown(const char __user * filename, uid_t user, gid_t group) # probe syscall.lchown = kernel.function("SyS_lchown") !, - kernel.function("sys_lchown") { + kernel.function("sys_lchown") +{ name = "lchown" path = user_string($filename) owner = __int32($user) group = __int32($group) - argstr = sprintf("%s, %d, %d",user_string_quoted($filename), owner, group) -} + argstr = sprintf("%s, %d, %d", user_string_quoted($filename), owner, group) +} probe syscall.lchown.return = kernel.function("SyS_lchown").return !, - kernel.function("sys_lchown").return { + kernel.function("sys_lchown").return +{ name = "lchown" retstr = returnstr(1) } # lchown16 ___________________________________________________ -# long sys_lchown16(const char __user * filename, old_uid_t user, +# long sys_lchown16(const char __user * filename, old_uid_t user, # old_gid_t group) # -probe syscall.lchown16 = kernel.function("sys_lchown16") ? { +probe syscall.lchown16 = kernel.function("sys_lchown16") ? +{ name = "lchown16" path = user_string($filename) owner = __short($user) group = __short($group) argstr = sprintf("%s, %d, %d", user_string_quoted($filename), owner, group) } -probe syscall.lchown16.return = kernel.function("sys_lchown16").return ? { +probe syscall.lchown16.return = kernel.function("sys_lchown16").return ? +{ name = "lchown16" retstr = returnstr(1) } @@ -2278,7 +2383,8 @@ probe syscall.lchown16.return = kernel.function("sys_lchown16").return ? { # size_t size) # probe syscall.lgetxattr = kernel.function("SyS_lgetxattr") !, - kernel.function("sys_lgetxattr") { + kernel.function("sys_lgetxattr") +{ name = "lgetxattr" %( kernel_v >= "2.6.27" %? path = user_string($pathname) @@ -2289,17 +2395,18 @@ probe syscall.lgetxattr = kernel.function("SyS_lgetxattr") !, name2 = user_string($name) value_uaddr = $value size = $size - argstr = sprintf("%s, %s, %p, %d", + argstr = sprintf("%s, %s, %p, %d", %( kernel_v >= "2.6.27" %? - user_string_quoted($pathname), + user_string_quoted($pathname), %: - user_string_quoted($path), + user_string_quoted($path), %) user_string_quoted($name), value_uaddr, size) } probe syscall.lgetxattr.return = kernel.function("SyS_lgetxattr").return !, - kernel.function("sys_lgetxattr").return { + kernel.function("sys_lgetxattr").return +{ name = "lgetxattr" retstr = returnstr(1) } @@ -2308,18 +2415,20 @@ probe syscall.lgetxattr.return = kernel.function("SyS_lgetxattr").return !, # long sys_link(const char __user * oldname, # const char __user * newname) probe syscall.link = kernel.function("SyS_link") !, - kernel.function("sys_link") { + kernel.function("sys_link") +{ name = "link" oldpath = user_string($oldname) newpath = user_string($newname) - argstr = sprintf("%s, %s", - user_string_quoted($oldname), + argstr = sprintf("%s, %s", + user_string_quoted($oldname), user_string_quoted($newname)) } probe syscall.link.return = kernel.function("SyS_link").return !, - kernel.function("sys_link").return { + kernel.function("sys_link").return +{ name = "link" - retstr = returnstr(1) + retstr = returnstr(1) } # linkat _____________________________________________________ @@ -2327,7 +2436,8 @@ probe syscall.link.return = kernel.function("SyS_link").return !, # long sys_linkat(int olddfd, const char __user *oldname, # int newdfd, const char __user *newname, int flags) probe syscall.linkat = kernel.function("SyS_linkat") !, - kernel.function("sys_linkat") ? { + kernel.function("sys_linkat") ? +{ name = "linkat" olddirfd = $olddfd olddirfd_str = _dfd_str($olddfd) @@ -2343,7 +2453,8 @@ probe syscall.linkat = kernel.function("SyS_linkat") !, flags_str) } probe syscall.linkat.return = kernel.function("SyS_linkat").return !, - kernel.function("sys_linkat").return ? { + kernel.function("sys_linkat").return ? +{ name = "linkat" retstr = returnstr(1) } @@ -2351,14 +2462,16 @@ probe syscall.linkat.return = kernel.function("SyS_linkat").return !, # listen _____________________________________________________ # long sys_listen(int fd, int backlog) probe syscall.listen = kernel.function("SyS_listen") !, - kernel.function("sys_listen") ? { + kernel.function("sys_listen") ? +{ name = "listen" sockfd = $fd - backlog = $backlog - argstr = sprintf("%d, %d", $fd, $backlog) -} + backlog = $backlog + argstr = sprintf("%d, %d", $fd, $backlog) +} probe syscall.listen.return = kernel.function("SyS_listen").return !, - kernel.function("sys_listen").return ? { + kernel.function("sys_listen").return ? +{ name = "listen" retstr = returnstr(1) } @@ -2367,7 +2480,8 @@ probe syscall.listen.return = kernel.function("SyS_listen").return !, # ssize_t sys_listxattr(char __user *path, char __user *list, size_t size) # probe syscall.listxattr = kernel.function("SyS_listxattr") !, - kernel.function("sys_listxattr") { + kernel.function("sys_listxattr") +{ name = "listxattr" list_uaddr = $list size = $size @@ -2382,7 +2496,8 @@ probe syscall.listxattr = kernel.function("SyS_listxattr") !, %) } probe syscall.listxattr.return = kernel.function("SyS_listxattr").return !, - kernel.function("sys_listxattr").return { + kernel.function("sys_listxattr").return +{ name = "listxattr" retstr = returnstr(1) } @@ -2391,7 +2506,8 @@ probe syscall.listxattr.return = kernel.function("SyS_listxattr").return !, # ssize_t sys_llistxattr(char __user *path, char __user *list, size_t size) # probe syscall.llistxattr = kernel.function("SyS_llistxattr") !, - kernel.function("sys_llistxattr") { + kernel.function("sys_llistxattr") +{ name = "llistxattr" list_uaddr = $list size = $size @@ -2406,7 +2522,8 @@ probe syscall.llistxattr = kernel.function("SyS_llistxattr") !, %) } probe syscall.llistxattr.return = kernel.function("SyS_llistxattr").return !, - kernel.function("sys_llistxattr").return { + kernel.function("sys_llistxattr").return +{ name = "llistxattr" retstr = returnstr(1) } @@ -2418,7 +2535,8 @@ probe syscall.llistxattr.return = kernel.function("SyS_llistxattr").return !, # loff_t __user * result, # unsigned int origin) probe syscall.llseek = kernel.function("SyS_llseek") !, - kernel.function("sys_llseek") ? { + kernel.function("sys_llseek") ? +{ name = "llseek" fd = $fd offset_high = $offset_high @@ -2430,7 +2548,8 @@ probe syscall.llseek = kernel.function("SyS_llseek") !, $offset_low, $result, whence_str) } probe syscall.llseek.return = kernel.function("SyS_llseek").return !, - kernel.function("sys_llseek").return ? { + kernel.function("sys_llseek").return ? +{ name = "llseek" retstr = returnstr(1) } @@ -2439,7 +2558,8 @@ probe syscall.llseek.return = kernel.function("SyS_llseek").return !, # long sys_lookup_dcookie(u64 cookie64, char __user * buf, size_t len) # probe syscall.lookup_dcookie = kernel.function("SyS_lookup_dcookie") !, - kernel.function("sys_lookup_dcookie") ? { + kernel.function("sys_lookup_dcookie") ? +{ name = "lookup_dcookie" cookie = $cookie64 buffer_uaddr = $buf @@ -2447,7 +2567,8 @@ probe syscall.lookup_dcookie = kernel.function("SyS_lookup_dcookie") !, argstr = sprintf("%d, %p, %d", $cookie64, $buf, $len) } probe syscall.lookup_dcookie.return = kernel.function("SyS_lookup_dcookie").return !, - kernel.function("sys_lookup_dcookie").return ? { + kernel.function("sys_lookup_dcookie").return ? +{ name = "lookup_dcookie" retstr = returnstr(1) } @@ -2456,22 +2577,24 @@ probe syscall.lookup_dcookie.return = kernel.function("SyS_lookup_dcookie").retu # long sys_lremovexattr(char __user *path, char __user *name) # probe syscall.lremovexattr = kernel.function("SyS_lremovexattr") !, - kernel.function("sys_lremovexattr") { + kernel.function("sys_lremovexattr") +{ name = "lremovexattr" name_uaddr = $name name2 = user_string($name) %( kernel_v >= "2.6.27" %? path_uaddr = $pathname path = user_string($pathname) - argstr = sprintf("%s, %s", user_string_quoted($pathname), user_string_quoted($name)) + argstr = sprintf("%s, %s", user_string_quoted($pathname), user_string_quoted($name)) %: path_uaddr = $path path = user_string($path) - argstr = sprintf("%s, %s", user_string_quoted($path), user_string_quoted($name)) + argstr = sprintf("%s, %s", user_string_quoted($path), user_string_quoted($name)) %) } probe syscall.lremovexattr.return = kernel.function("SyS_lremovexattr").return !, - kernel.function("sys_lremovexattr").return { + kernel.function("sys_lremovexattr").return +{ name = "lremovexattr" retstr = returnstr(1) } @@ -2479,7 +2602,8 @@ probe syscall.lremovexattr.return = kernel.function("SyS_lremovexattr").return ! # lseek ______________________________________________________ # off_t sys_lseek(unsigned int fd, off_t offset, unsigned int origin) probe syscall.lseek = kernel.function("SyS_lseek") !, - kernel.function("sys_lseek") { + kernel.function("sys_lseek") +{ name = "lseek" fildes = $fd # offset = __int32($offset) @@ -2489,7 +2613,8 @@ probe syscall.lseek = kernel.function("SyS_lseek") !, argstr = sprintf("%d, %d, %s", $fd, offset, whence_str) } probe syscall.lseek.return = kernel.function("SyS_lseek").return !, - kernel.function("sys_lseek").return { + kernel.function("sys_lseek").return +{ name = "lseek" retstr = returnstr(1) } @@ -2502,7 +2627,8 @@ probe syscall.lseek.return = kernel.function("SyS_lseek").return !, # int flags) # probe syscall.lsetxattr = kernel.function("SyS_lsetxattr") !, - kernel.function("sys_lsetxattr") { + kernel.function("sys_lsetxattr") +{ name = "lsetxattr" %( kernel_v >= "2.6.27" %? path_uaddr = $pathname @@ -2516,17 +2642,18 @@ probe syscall.lsetxattr = kernel.function("SyS_lsetxattr") !, value_uaddr = $value size = $size flags = $flags - argstr = sprintf("%s, %s, %p, %d, %d", + argstr = sprintf("%s, %s, %p, %d, %d", %( kernel_v >= "2.6.27" %? - user_string_quoted($pathname), + user_string_quoted($pathname), %: - user_string_quoted($path), + user_string_quoted($path), %) user_string_quoted($name), value_uaddr, $size, $flags) } probe syscall.lsetxattr.return = kernel.function("SyS_lsetxattr").return !, - kernel.function("sys_lsetxattr").return { + kernel.function("sys_lsetxattr").return +{ name = "lsetxattr" retstr = returnstr(1) } @@ -2540,8 +2667,7 @@ probe syscall.lsetxattr.return = kernel.function("SyS_lsetxattr").return !, # long sys_oabi_lstat64(char __user * filename, # struct oldabi_stat64 __user * statbuf) # -probe syscall.lstat = - kernel.function("sys_lstat") ?, +probe syscall.lstat = kernel.function("sys_lstat") ?, kernel.function("SyS_newlstat") ?, kernel.function("sys_newlstat") ?, kernel.function("compat_sys_newlstat") ?, @@ -2553,10 +2679,9 @@ probe syscall.lstat = name = "lstat" path = user_string($filename) buf_uaddr = $statbuf - argstr = sprintf("%s, %p", user_string_quoted($filename), $statbuf) + argstr = sprintf("%s, %p", user_string_quoted($filename), $statbuf) } -probe syscall.lstat.return = - kernel.function("sys_lstat").return ?, +probe syscall.lstat.return = kernel.function("sys_lstat").return ?, kernel.function("SyS_newlstat").return ?, kernel.function("sys_newlstat").return ?, kernel.function("compat_sys_newlstat").return ?, @@ -2564,7 +2689,7 @@ probe syscall.lstat.return = kernel.function("SyS_lstat64").return ?, kernel.function("sys_lstat64").return ?, kernel.function("sys_oabi_lstat64").return ? -{ +{ name = "lstat" retstr = returnstr(1) } @@ -2573,7 +2698,8 @@ probe syscall.lstat.return = # long sys_madvise(unsigned long start, size_t len_in, int behavior) # probe syscall.madvise = kernel.function("SyS_madvise") !, - kernel.function("sys_madvise") ? { + kernel.function("sys_madvise") ? +{ name = "madvise" start = $start length = $len_in @@ -2582,7 +2708,8 @@ probe syscall.madvise = kernel.function("SyS_madvise") !, argstr = sprintf("%p, %d, %s", $start, $len_in, _madvice_advice_str($behavior)) } probe syscall.madvise.return = kernel.function("SyS_madvise").return !, - kernel.function("sys_madvise").return ? { + kernel.function("sys_madvise").return ? +{ name = "madvise" retstr = returnstr(1) } @@ -2602,8 +2729,7 @@ probe syscall.madvise.return = kernel.function("SyS_madvise").return !, # compat_ulong_t maxnode, # compat_ulong_t flags) # -probe syscall.mbind = - kernel.function("compat_sys_mbind") ?, +probe syscall.mbind = kernel.function("compat_sys_mbind") ?, kernel.function("SyS_mbind") !, kernel.function("sys_mbind") ? { @@ -2615,10 +2741,9 @@ probe syscall.mbind = maxnode = $maxnode flags = $flags argstr = sprintf("%d, %d, %d, %p, %d, 0x%x", $start, $len, $mode, - $nmask, $maxnode, $flags) + $nmask, $maxnode, $flags) } -probe syscall.mbind.return = - kernel.function("compat_sys_mbind").return ?, +probe syscall.mbind.return = kernel.function("compat_sys_mbind").return ?, kernel.function("SyS_mbind").return !, kernel.function("sys_mbind").return ? { @@ -2631,12 +2756,14 @@ probe syscall.mbind.return = # const unsigned long __user *old_nodes, # const unsigned long __user *new_nodes) probe syscall.migrate_pages = kernel.function("SyS_migrate_pages") !, - kernel.function("sys_migrate_pages") ? { + kernel.function("sys_migrate_pages") ? +{ name = "migrate_pages" argstr = sprintf("%d, %d, %p, %p", $pid, $maxnode, $old_nodes, $new_nodes) } probe syscall.migrate_pages.return = kernel.function("SyS_migrate_pages").return !, - kernel.function("sys_migrate_pages").return ? { + kernel.function("sys_migrate_pages").return ? +{ name = "migrate_pages" retstr = returnstr(1) } @@ -2645,7 +2772,8 @@ probe syscall.migrate_pages.return = kernel.function("SyS_migrate_pages").return # long sys_mincore(unsigned long start, size_t len, unsigned char __user * vec) # probe syscall.mincore = kernel.function("SyS_mincore") !, - kernel.function("sys_mincore") ? { + kernel.function("sys_mincore") ? +{ name = "mincore" start = $start length = $len @@ -2653,15 +2781,17 @@ probe syscall.mincore = kernel.function("SyS_mincore") !, argstr = sprintf("%p, %d, %p", $start, $len, $vec) } probe syscall.mincore.return = kernel.function("SyS_mincore").return !, - kernel.function("sys_mincore").return ? { + kernel.function("sys_mincore").return ? +{ name = "mincore" - retstr = returnstr(1) + retstr = returnstr(1) } # mkdir ______________________________________________________ # long sys_mkdir(const char __user * pathname, int mode) probe syscall.mkdir = kernel.function("SyS_mkdir") !, - kernel.function("sys_mkdir") { + kernel.function("sys_mkdir") +{ name = "mkdir" pathname_uaddr = $pathname pathname = user_string($pathname) @@ -2669,16 +2799,18 @@ probe syscall.mkdir = kernel.function("SyS_mkdir") !, argstr = sprintf("%s, %#o", user_string_quoted($pathname), $mode) } probe syscall.mkdir.return = kernel.function("SyS_mkdir").return !, - kernel.function("sys_mkdir").return { + kernel.function("sys_mkdir").return +{ name = "mkdir" - retstr = returnstr(1) + retstr = returnstr(1) } # mkdirat ____________________________________________________ # new function with 2.6.16 # long sys_mkdirat(int dfd, const char __user *pathname, int mode) probe syscall.mkdirat = kernel.function("SyS_mkdirat") !, - kernel.function("sys_mkdirat") ? { + kernel.function("sys_mkdirat") ? +{ name = "mkdirat" dirfd = $dfd pathname = user_string($pathname) @@ -2686,7 +2818,8 @@ probe syscall.mkdirat = kernel.function("SyS_mkdirat") !, argstr = sprintf("%s, %s, %#o", _dfd_str($dfd), user_string_quoted($pathname), $mode) } probe syscall.mkdirat.return = kernel.function("SyS_mkdirat").return !, - kernel.function("sys_mkdirat").return ? { + kernel.function("sys_mkdirat").return ? +{ name = "mkdirat" retstr = returnstr(1) } @@ -2694,16 +2827,18 @@ probe syscall.mkdirat.return = kernel.function("SyS_mkdirat").return !, # mknod # long sys_mknod(const char __user * filename, int mode, unsigned dev) probe syscall.mknod = kernel.function("SyS_mknod") !, - kernel.function("sys_mknod") { + kernel.function("sys_mknod") +{ name = "mknod" - pathname = user_string($filename) + pathname = user_string($filename) mode = $mode dev = $dev argstr = sprintf("%s, %s, %p", user_string_quoted($filename), _mknod_mode_str($mode), dev) } probe syscall.mknod.return = kernel.function("SyS_mknod").return !, - kernel.function("sys_mknod").return { + kernel.function("sys_mknod").return +{ name = "mknod" retstr = returnstr(1) } @@ -2713,7 +2848,8 @@ probe syscall.mknod.return = kernel.function("SyS_mknod").return !, # long sys_mknodat(int dfd, const char __user *filename, # int mode, unsigned dev) probe syscall.mknodat = kernel.function("SyS_mknodat") !, - kernel.function("sys_mknodat") ? { + kernel.function("sys_mknodat") ? +{ name = "mknodat" dirfd = $dfd dirfd_str = _dfd_str($dfd) @@ -2725,7 +2861,8 @@ probe syscall.mknodat = kernel.function("SyS_mknodat") !, dirfd_str, user_string_quoted($filename), mode_str, $dev) } probe syscall.mknodat.return = kernel.function("SyS_mknodat").return !, - kernel.function("sys_mknodat").return ? { + kernel.function("sys_mknodat").return ? +{ name = "mknodat" retstr = returnstr(1) } @@ -2735,14 +2872,16 @@ probe syscall.mknodat.return = kernel.function("SyS_mknodat").return !, # long sys_mlock(unsigned long start, size_t len) # probe syscall.mlock = kernel.function("SyS_mlock") !, - kernel.function("sys_mlock") ? { + kernel.function("sys_mlock") ? +{ name = "mlock" addr = $start len = $len argstr = sprintf("%p, %d", $start, $len) } probe syscall.mlock.return = kernel.function("SyS_mlock").return !, - kernel.function("sys_mlock").return ? { + kernel.function("sys_mlock").return ? +{ name = "mlock" retstr = returnstr(1) } @@ -2751,13 +2890,15 @@ probe syscall.mlock.return = kernel.function("SyS_mlock").return !, # long sys_mlockall(int flags) # probe syscall.mlockall = kernel.function("SyS_mlockall") !, - kernel.function("sys_mlockall") ? { + kernel.function("sys_mlockall") ? +{ name = "mlockall" flags = $flags argstr = _mlockall_flags_str($flags) } probe syscall.mlockall.return = kernel.function("SyS_mlockall").return !, - kernel.function("sys_mlockall").return ? { + kernel.function("sys_mlockall").return ? +{ name = "mlockall" retstr = returnstr(1) } @@ -2765,14 +2906,16 @@ probe syscall.mlockall.return = kernel.function("SyS_mlockall").return !, # modify_ldt _________________________________________________ # int sys_modify_ldt(int func, void __user *ptr, unsigned long bytecount) # -probe syscall.modify_ldt = kernel.function("sys_modify_ldt") ? { +probe syscall.modify_ldt = kernel.function("sys_modify_ldt") ? +{ name = "modify_ldt" func = $func ptr_uaddr = $ptr bytecount = $bytecount argstr = sprintf("%d, %p, %d", $func, $ptr, $bytecount) } -probe syscall.modify_ldt.return = kernel.function("sys_modify_ldt").return ? { +probe syscall.modify_ldt.return = kernel.function("sys_modify_ldt").return ? +{ name = "modify_ldt" retstr = returnstr(1) } @@ -2790,16 +2933,14 @@ probe syscall.modify_ldt.return = kernel.function("sys_modify_ldt").return ? { # int __user *status, # int flags) # -probe syscall.move_pages = - kernel.function("compat_sys_move_pages") ?, +probe syscall.move_pages = kernel.function("compat_sys_move_pages") ?, kernel.function("SyS_move_pages") !, kernel.function("sys_move_pages") ? { name = "move_pages" argstr = sprintf("%d, %d, %p, %p, 0x%x", $pid, $nr_pages, $nodes, $status, $flags) } -probe syscall.move_pages.return = - kernel.function("compat_sys_move_pages").return ?, +probe syscall.move_pages.return = kernel.function("compat_sys_move_pages").return ?, kernel.function("SyS_move_pages").return !, kernel.function("sys_move_pages").return ? { @@ -2813,13 +2954,12 @@ probe syscall.move_pages.return = # char __user * type, # unsigned long flags, # void __user * data) -# long compat_sys_mount(char __user * dev_name, +# long compat_sys_mount(char __user * dev_name, # char __user * dir_name, -# char __user * type, -# unsigned long flags, +# char __user * type, +# unsigned long flags, # void __user * data) -probe syscall.mount = - kernel.function("compat_sys_mount") ?, +probe syscall.mount = kernel.function("compat_sys_mount") ?, kernel.function("SyS_mount") !, kernel.function("sys_mount") { @@ -2829,15 +2969,14 @@ probe syscall.mount = filesystemtype = user_string($type) mountflags = $flags mountflags_str = _mountflags_str($flags) - data = text_strn(user_string($data),syscall_string_trunc,1) - argstr = sprintf("%s, %s, %s, %s, %s", - user_string_quoted($dev_name), - user_string_quoted($dir_name), - user_string_quoted($type), + data = text_strn(user_string($data), syscall_string_trunc, 1) + argstr = sprintf("%s, %s, %s, %s, %s", + user_string_quoted($dev_name), + user_string_quoted($dir_name), + user_string_quoted($type), mountflags_str, data) } -probe syscall.mount.return = - kernel.function("compat_sys_mount").return ?, +probe syscall.mount.return = kernel.function("compat_sys_mount").return ?, kernel.function("SyS_mount").return !, kernel.function("sys_mount").return { @@ -2849,7 +2988,8 @@ probe syscall.mount.return = # long sys_mprotect(unsigned long start, size_t len, unsigned long prot) # probe syscall.mprotect = kernel.function("SyS_mprotect") !, - kernel.function("sys_mprotect") ? { + kernel.function("sys_mprotect") ? +{ name = "mprotect" addr = $start len = $len @@ -2858,7 +2998,8 @@ probe syscall.mprotect = kernel.function("SyS_mprotect") !, argstr = sprintf("%p, %d, %s", $start, $len, _mprotect_prot_str($prot)) } probe syscall.mprotect.return = kernel.function("SyS_mprotect").return !, - kernel.function("sys_mprotect").return ? { + kernel.function("sys_mprotect").return ? +{ name = "mprotect" retstr = returnstr(1) } @@ -2871,8 +3012,7 @@ probe syscall.mprotect.return = kernel.function("SyS_mprotect").return !, # const struct compat_mq_attr __user *u_mqstat, # struct compat_mq_attr __user *u_omqstat) # -probe syscall.mq_getsetattr = - kernel.function("compat_sys_mq_getsetattr") ?, +probe syscall.mq_getsetattr = kernel.function("compat_sys_mq_getsetattr") ?, kernel.function("SyS_mq_getsetattr") !, kernel.function("sys_mq_getsetattr") ? { @@ -2882,8 +3022,7 @@ probe syscall.mq_getsetattr = u_omqstat_uaddr = $u_omqstat argstr = sprintf("%d, %p, %p", $mqdes, $u_mqstat, $u_omqstat) } -probe syscall.mq_getsetattr.return = - kernel.function("compat_sys_mq_getsetattr").return ?, +probe syscall.mq_getsetattr.return = kernel.function("compat_sys_mq_getsetattr").return ?, kernel.function("SyS_mq_getsetattr").return !, kernel.function("sys_mq_getsetattr").return ? { @@ -2895,8 +3034,7 @@ probe syscall.mq_getsetattr.return = # long sys_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification) # long compat_sys_mq_notify(mqd_t mqdes, const struct compat_sigevent __user *u_notification) # -probe syscall.mq_notify = - kernel.function("compat_sys_mq_notify") ?, +probe syscall.mq_notify = kernel.function("compat_sys_mq_notify") ?, kernel.function("SyS_mq_notify") !, kernel.function("sys_mq_notify") ? { @@ -2905,8 +3043,7 @@ probe syscall.mq_notify = notification_uaddr = $u_notification argstr = sprintf("%d, %p", $mqdes, $u_notification) } -probe syscall.mq_notify.return = - kernel.function("compat_sys_mq_notify").return ?, +probe syscall.mq_notify.return = kernel.function("compat_sys_mq_notify").return ?, kernel.function("SyS_mq_notify").return !, kernel.function("sys_mq_notify").return ? { @@ -2923,8 +3060,7 @@ probe syscall.mq_notify.return = # int oflag, compat_mode_t mode, # struct compat_mq_attr __user *u_attr) # -probe syscall.mq_open = - kernel.function("compat_sys_mq_open") ?, +probe syscall.mq_open = kernel.function("compat_sys_mq_open") ?, kernel.function("SyS_mq_open") !, kernel.function("sys_mq_open") ? { @@ -2935,13 +3071,12 @@ probe syscall.mq_open = u_attr_uaddr = $u_attr oflag = $oflag if (oflag & 64) - argstr = sprintf("%s, %s, %#o, %p", user_string_quoted($u_name), + argstr = sprintf("%s, %s, %#o, %p", user_string_quoted($u_name), _sys_open_flag_str($oflag), $mode, $u_attr) else argstr = sprintf("%s, %s", user_string_quoted($u_name), _sys_open_flag_str($oflag)) } -probe syscall.mq_open.return = - kernel.function("compat_sys_mq_open").return ?, +probe syscall.mq_open.return = kernel.function("compat_sys_mq_open").return ?, kernel.function("SyS_mq_open").return !, kernel.function("sys_mq_open").return ? { @@ -2960,8 +3095,7 @@ probe syscall.mq_open.return = # size_t msg_len, unsigned int __user *u_msg_prio, # const struct compat_timespec __user *u_abs_timeout) # -probe syscall.mq_timedreceive = - kernel.function("compat_sys_mq_timedreceive") ?, +probe syscall.mq_timedreceive = kernel.function("compat_sys_mq_timedreceive") ?, kernel.function("SyS_mq_timedreceive") !, kernel.function("sys_mq_timedreceive") ? { @@ -2972,10 +3106,9 @@ probe syscall.mq_timedreceive = msg_prio_uaddr = $u_msg_prio abs_timeout_uaddr = $u_abs_timeout argstr = sprintf("%d, %p, %d, %p, %p", $mqdes, $u_msg_ptr, $msg_len, - $u_msg_prio, $u_abs_timeout) + $u_msg_prio, $u_abs_timeout) } -probe syscall.mq_timedreceive.return = - kernel.function("compat_sys_mq_timedreceive").return ?, +probe syscall.mq_timedreceive.return = kernel.function("compat_sys_mq_timedreceive").return ?, kernel.function("SyS_mq_timedreceive").return !, kernel.function("sys_mq_timedreceive").return ? { @@ -2994,8 +3127,7 @@ probe syscall.mq_timedreceive.return = # size_t msg_len, unsigned int msg_prio, # const struct compat_timespec __user *u_abs_timeout) # -probe syscall.mq_timedsend = - kernel.function("compat_sys_mq_timedsend") ?, +probe syscall.mq_timedsend = kernel.function("compat_sys_mq_timedsend") ?, kernel.function("SyS_mq_timedsend") !, kernel.function("sys_mq_timedsend") ? { @@ -3006,10 +3138,9 @@ probe syscall.mq_timedsend = msg_prio = $msg_prio abs_timeout_uaddr = $u_abs_timeout argstr = sprintf("%d, %p, %d, %d, %p", $mqdes, $u_msg_ptr, $msg_len, - $msg_prio, $u_abs_timeout) + $msg_prio, $u_abs_timeout) } -probe syscall.mq_timedsend.return = - kernel.function("compat_sys_mq_timedsend").return ?, +probe syscall.mq_timedsend.return = kernel.function("compat_sys_mq_timedsend").return ?, kernel.function("SyS_mq_timedsend").return !, kernel.function("sys_mq_timedsend").return ? { @@ -3021,14 +3152,16 @@ probe syscall.mq_timedsend.return = # long sys_mq_unlink(const char __user *u_name) # probe syscall.mq_unlink = kernel.function("SyS_mq_unlink") !, - kernel.function("sys_mq_unlink") ? { + kernel.function("sys_mq_unlink") ? +{ name = "mq_unlink" u_name_uaddr = $u_name u_name = user_string($u_name) argstr = user_string_quoted($u_name) } probe syscall.mq_unlink.return = kernel.function("SyS_mq_unlink").return !, - kernel.function("sys_mq_unlink").return ? { + kernel.function("sys_mq_unlink").return ? +{ name = "mq_unlink" retstr = returnstr(1) } @@ -3040,8 +3173,7 @@ probe syscall.mq_unlink.return = kernel.function("SyS_mq_unlink").return !, # unsigned long flags, # unsigned long new_addr) # -probe syscall.mremap = - kernel.function("ia64_mremap") ?, +probe syscall.mremap = kernel.function("ia64_mremap") ?, kernel.function("SyS_mremap") !, kernel.function("sys_mremap") ? { @@ -3054,8 +3186,7 @@ probe syscall.mremap = argstr = sprintf("%p, %d, %d, %s, %p", $addr, $old_len, $new_len, _mremap_flags($flags), $new_addr) } -probe syscall.mremap.return = - kernel.function("ia64_mremap").return ?, +probe syscall.mremap.return = kernel.function("ia64_mremap").return ?, kernel.function("SyS_mremap").return !, kernel.function("sys_mremap").return ? { @@ -3067,7 +3198,8 @@ probe syscall.mremap.return = # long sys_msgctl (int msqid, int cmd, struct msqid_ds __user *buf) # probe syscall.msgctl = kernel.function("SyS_msgctl") !, - kernel.function("sys_msgctl") ? { + kernel.function("sys_msgctl") ? +{ name = "msgctl" msqid = $msqid cmd = $cmd @@ -3075,7 +3207,8 @@ probe syscall.msgctl = kernel.function("SyS_msgctl") !, argstr = sprintf("%d, %d, %p", $msqid, $cmd, $buf) } probe syscall.msgctl.return = kernel.function("SyS_msgctl").return !, - kernel.function("sys_msgctl").return ? { + kernel.function("sys_msgctl").return ? +{ name = "msgctl" retstr = returnstr(1) } @@ -3083,11 +3216,13 @@ probe syscall.msgctl.return = kernel.function("SyS_msgctl").return !, # # long compat_sys_msgctl(int first, int second, void __user *uptr) # -probe syscall.compat_sys_msgctl = kernel.function("compat_sys_msgctl") ? { +probe syscall.compat_sys_msgctl = kernel.function("compat_sys_msgctl") ? +{ name = "compat_sys_msgctl" argstr = sprintf("%d, %d, %p", $first, $second, $uptr) } -probe syscall.compat_sys_msgctl.return = kernel.function("compat_sys_msgctl").return ? { +probe syscall.compat_sys_msgctl.return = kernel.function("compat_sys_msgctl").return ? +{ name = "compat_sys_msgctl" retstr = returnstr(1) } @@ -3096,7 +3231,8 @@ probe syscall.compat_sys_msgctl.return = kernel.function("compat_sys_msgctl").re # long sys_msgget (key_t key, int msgflg) # probe syscall.msgget = kernel.function("SyS_msgget") !, - kernel.function("sys_msgget") ? { + kernel.function("sys_msgget") ? +{ name = "msgget" key = $key msgflg = $msgflg @@ -3104,7 +3240,8 @@ probe syscall.msgget = kernel.function("SyS_msgget") !, argstr = sprintf("%d, %s", $key, _sys_open_flag_str($msgflg)) } probe syscall.msgget.return = kernel.function("SyS_msgget").return !, - kernel.function("sys_msgget").return ? { + kernel.function("sys_msgget").return ? +{ name = "msgget" retstr = returnstr(1) } @@ -3117,7 +3254,8 @@ probe syscall.msgget.return = kernel.function("SyS_msgget").return !, # int msgflg) # probe syscall.msgrcv = kernel.function("SyS_msgrcv") !, - kernel.function("sys_msgrcv") ? { + kernel.function("sys_msgrcv") ? +{ name = "msgrcv" msqid = $msqid msgp_uaddr = $msgp @@ -3127,7 +3265,8 @@ probe syscall.msgrcv = kernel.function("SyS_msgrcv") !, argstr = sprintf("%d, %p, %d, %d, %d", $msqid, $msgp, $msgsz, $msgtyp, $msgflg) } probe syscall.msgrcv.return = kernel.function("SyS_msgrcv").return !, - kernel.function("sys_msgrcv").return ? { + kernel.function("sys_msgrcv").return ? +{ name = "msgrcv" retstr = returnstr(1) } @@ -3136,11 +3275,13 @@ probe syscall.msgrcv.return = kernel.function("SyS_msgrcv").return !, # long compat_sys_msgrcv(int first, int second, int msgtyp, int third, # int version, void __user *uptr) # -probe syscall.compat_sys_msgrcv = kernel.function("compat_sys_msgrcv") ? { +probe syscall.compat_sys_msgrcv = kernel.function("compat_sys_msgrcv") ? +{ name = "compat_sys_msgrcv" argstr = sprintf("%d, %d, %d, %p", $first, $second, $third, $uptr) } -probe syscall.compat_sys_msgrcv.return = kernel.function("compat_sys_msgrcv").return ? { +probe syscall.compat_sys_msgrcv.return = kernel.function("compat_sys_msgrcv").return ? +{ name = "compat_sys_msgrcv" retstr = returnstr(1) } @@ -3152,7 +3293,8 @@ probe syscall.compat_sys_msgrcv.return = kernel.function("compat_sys_msgrcv").re # int msgflg) # probe syscall.msgsnd = kernel.function("SyS_msgsnd") !, - kernel.function("sys_msgsnd") ? { + kernel.function("sys_msgsnd") ? +{ name = "msgsnd" msqid = $msqid msgp_uaddr = $msgp @@ -3161,7 +3303,8 @@ probe syscall.msgsnd = kernel.function("SyS_msgsnd") !, argstr = sprintf("%d, %p, %d, %d", $msqid, $msgp, $msgsz, $msgflg) } probe syscall.msgsnd.return = kernel.function("SyS_msgsnd").return !, - kernel.function("sys_msgsnd").return ? { + kernel.function("sys_msgsnd").return ? +{ name = "msgsnd" retstr = returnstr(1) } @@ -3169,11 +3312,13 @@ probe syscall.msgsnd.return = kernel.function("SyS_msgsnd").return !, # # long compat_sys_msgsnd(int first, int second, int third, void __user *uptr) # -probe syscall.compat_sys_msgsnd = kernel.function("compat_sys_msgsnd") ? { +probe syscall.compat_sys_msgsnd = kernel.function("compat_sys_msgsnd") ? +{ name = "compat_sys_msgsnd" argstr = sprintf("%d, %d, %d, %p", $first, $second, $third, $uptr) } -probe syscall.compat_sys_msgsnd.return = kernel.function("compat_sys_msgsnd").return ? { +probe syscall.compat_sys_msgsnd.return = kernel.function("compat_sys_msgsnd").return ? +{ name = "compat_sys_msgsnd" retstr = returnstr(1) } @@ -3181,15 +3326,17 @@ probe syscall.compat_sys_msgsnd.return = kernel.function("compat_sys_msgsnd").re # msync ______________________________________________________ # long sys_msync(unsigned long start, size_t len, int flags) probe syscall.msync = kernel.function("SyS_msync") !, - kernel.function("sys_msync") ? { + kernel.function("sys_msync") ? +{ name = "msync" start = $start length = $len flags = $flags - argstr = sprintf("%p, %d, %s",start, length, _msync_flag_str(flags)) + argstr = sprintf("%p, %d, %s", start, length, _msync_flag_str(flags)) } probe syscall.msync.return = kernel.function("SyS_msync").return !, - kernel.function("sys_msync").return ? { + kernel.function("sys_msync").return ? +{ name = "msync" retstr = returnstr(1) } @@ -3197,25 +3344,29 @@ probe syscall.msync.return = kernel.function("SyS_msync").return !, # munlock ____________________________________________________ # long sys_munlock(unsigned long start, size_t len) probe syscall.munlock = kernel.function("SyS_munlock") !, - kernel.function("sys_munlock") ? { + kernel.function("sys_munlock") ? +{ name = "munlock" addr = $start len = $len argstr = sprintf("%p, %d", addr, len) } probe syscall.munlock.return = kernel.function("SyS_munlock").return !, - kernel.function("sys_munlock").return ? { + kernel.function("sys_munlock").return ? +{ name = "munlock" retstr = returnstr(1) } # munlockall _________________________________________________ # long sys_munlockall(void) -probe syscall.munlockall = kernel.function("sys_munlockall") ? { +probe syscall.munlockall = kernel.function("sys_munlockall") ? +{ name = "munlockall" argstr = "" } -probe syscall.munlockall.return = kernel.function("sys_munlockall").return ? { +probe syscall.munlockall.return = kernel.function("sys_munlockall").return ? +{ name = "munlockall" retstr = returnstr(1) } @@ -3223,14 +3374,16 @@ probe syscall.munlockall.return = kernel.function("sys_munlockall").return ? { # munmap _____________________________________________________ # long sys_munmap(unsigned long addr, size_t len) probe syscall.munmap = kernel.function("SyS_munmap") !, - kernel.function("sys_munmap") { + kernel.function("sys_munmap") +{ name = "munmap" start = $addr length = $len argstr = sprintf("%p, %d", start, length) } probe syscall.munmap.return = kernel.function("SyS_munmap").return !, - kernel.function("sys_munmap").return { + kernel.function("sys_munmap").return +{ name = "munmap" retstr = returnstr(1) } diff --git a/tapset/syscalls2.stp b/tapset/syscalls2.stp index 65bcf9bf..ade1496c 100644 --- a/tapset/syscalls2.stp +++ b/tapset/syscalls2.stp @@ -29,24 +29,28 @@ # struct compat_timespec __user *rmtp) # probe syscall.nanosleep = kernel.function("SyS_nanosleep") !, - kernel.function("sys_nanosleep") { + kernel.function("sys_nanosleep") +{ name = "nanosleep" req_uaddr = $rqtp rem_uaddr = $rmtp - argstr = sprintf("%s, %p", _struct_timespec_u($rqtp,1), $rmtp) + argstr = sprintf("%s, %p", _struct_timespec_u($rqtp, 1), $rmtp) } probe syscall.nanosleep.return = kernel.function("SyS_nanosleep").return !, - kernel.function("sys_nanosleep").return { + kernel.function("sys_nanosleep").return +{ name = "nanosleep" retstr = returnstr(1) } -probe syscall.compat_nanosleep = kernel.function("compat_sys_nanosleep") ? { +probe syscall.compat_nanosleep = kernel.function("compat_sys_nanosleep") ? +{ name = "nanosleep" req_uaddr = $rqtp rem_uaddr = $rmtp - argstr = sprintf("%s, %p", _struct_compat_timespec_u($rqtp,1), $rmtp) + argstr = sprintf("%s, %p", _struct_compat_timespec_u($rqtp, 1), $rmtp) } -probe syscall.compat_nanosleep.return = kernel.function("compat_sys_nanosleep").return ? { +probe syscall.compat_nanosleep.return = kernel.function("compat_sys_nanosleep").return ? +{ name = "nanosleep" retstr = returnstr(1) } @@ -57,8 +61,7 @@ probe syscall.compat_nanosleep.return = kernel.function("compat_sys_nanosleep"). # long compat_sys_nfsservctl(int cmd, struct compat_nfsctl_arg __user *arg, # union compat_nfsctl_res __user *res) # -probe syscall.nfsservctl = - kernel.function("sys_nfsservctl") ?, +probe syscall.nfsservctl = kernel.function("sys_nfsservctl") ?, kernel.function("compat_sys_nfsservctl") ? { name = "nfsservctl" @@ -67,8 +70,7 @@ probe syscall.nfsservctl = resp_uaddr = $res argstr = sprintf("%s, %p, %p", _nfsctl_cmd_str($cmd), $arg, $res) } -probe syscall.nfsservctl.return = - kernel.function("sys_nfsservctl").return ?, +probe syscall.nfsservctl.return = kernel.function("sys_nfsservctl").return ?, kernel.function("compat_sys_nfsservctl").return ? { name = "nfsservctl" @@ -79,13 +81,15 @@ probe syscall.nfsservctl.return = # long sys_nice(int increment) # probe syscall.nice = kernel.function("SyS_nice") !, - kernel.function("sys_nice") ? { + kernel.function("sys_nice") ? +{ name = "nice" inc = $increment argstr = sprintf("%d", $increment) } probe syscall.nice.return = kernel.function("SyS_nice").return !, - kernel.function("sys_nice").return ? { + kernel.function("sys_nice").return ? +{ name = "nice" retstr = returnstr(1) } @@ -94,11 +98,13 @@ probe syscall.nice.return = kernel.function("SyS_nice").return !, # # long sys_ni_syscall(void) # -probe syscall.ni_syscall = kernel.function("sys_ni_syscall") { +probe syscall.ni_syscall = kernel.function("sys_ni_syscall") +{ name = "ni_syscall" argstr = "" } -probe syscall.ni_syscall.return = kernel.function("sys_ni_syscall").return { +probe syscall.ni_syscall.return = kernel.function("sys_ni_syscall").return +{ name = "ni_syscall" retstr = returnstr(1) } @@ -107,8 +113,7 @@ probe syscall.ni_syscall.return = kernel.function("sys_ni_syscall").return { # long sys_open(const char __user * filename, int flags, int mode) # (obsolete) long sys32_open(const char * filename, int flags, int mode) # -probe syscall.open = - kernel.function("compat_sys_open") ?, +probe syscall.open = kernel.function("compat_sys_open") ?, kernel.function("sys32_open") ?, kernel.function("SyS_open") !, kernel.function("sys_open") ? @@ -118,14 +123,13 @@ probe syscall.open = flags = $flags mode = $mode if (flags & 64) - argstr = sprintf("%s, %s, %#o", user_string_quoted($filename), - _sys_open_flag_str($flags), $mode) + argstr = sprintf("%s, %s, %#o", user_string_quoted($filename), + _sys_open_flag_str($flags), $mode) else - argstr = sprintf("%s, %s", user_string_quoted($filename), + argstr = sprintf("%s, %s", user_string_quoted($filename), _sys_open_flag_str($flags)) } -probe syscall.open.return = - kernel.function("compat_sys_open").return ?, +probe syscall.open.return = kernel.function("compat_sys_open").return ?, kernel.function("sys32_open").return ?, kernel.function("SyS_open").return !, kernel.function("sys_open").return ? @@ -138,8 +142,7 @@ probe syscall.open.return = # long sys_openat(int dfd, const char __user *filename, int flags, int mode) # long compat_sys_openat(unsigned int dfd, const char __user *filename, int flags, int mode) # -probe syscall.openat = - kernel.function("compat_sys_openat") ?, +probe syscall.openat = kernel.function("compat_sys_openat") ?, kernel.function("SyS_openat") !, kernel.function("sys_openat") ? { @@ -149,15 +152,14 @@ probe syscall.openat = mode = $mode if ($flags & 64) argstr = sprintf("%s, %s, %s, %#o", _dfd_str($dfd), - user_string_quoted($filename), - _sys_open_flag_str($flags), $mode) + user_string_quoted($filename), + _sys_open_flag_str($flags), $mode) else argstr = sprintf("%s, %s, %s", _dfd_str($dfd), - user_string_quoted($filename), + user_string_quoted($filename), _sys_open_flag_str($flags)) } -probe syscall.openat.return = - kernel.function("compat_sys_openat").return ?, +probe syscall.openat.return = kernel.function("compat_sys_openat").return ?, kernel.function("SyS_openat").return !, kernel.function("sys_openat").return ? { @@ -170,15 +172,15 @@ probe syscall.openat.return = # sys_pause(void) # probe syscall.pause = kernel.function("sys_pause") ?, - kernel.function("sys32_pause") ?, - kernel.function("compat_sys_pause") ? -{ + kernel.function("sys32_pause") ?, + kernel.function("compat_sys_pause") ? +{ name = "pause" argstr = "" } -probe syscall.pause.return = kernel.function("sys_pause").return ?, - kernel.function("sys32_pause").return ?, - kernel.function("compat_sys_pause").return ? +probe syscall.pause.return = kernel.function("sys_pause").return ?, + kernel.function("sys32_pause").return ?, + kernel.function("compat_sys_pause").return ? { name = "pause" retstr = returnstr(1) @@ -192,14 +194,16 @@ probe syscall.pause.return = kernel.function("sys_pause").return ?, # unsigned long dfn) # # -#probe syscall.pciconfig_iobase = kernel.function("sys_pciconfig_iobase") { +#probe syscall.pciconfig_iobase = kernel.function("sys_pciconfig_iobase") +#{ # name = "pciconfig_iobase" # which = $which # bus = $bus # dfn = $dfn # argstr = sprintf("%p, %p, %p", which, bus, dfn) #} -#probe syscall.pciconfig_iobase.return = kernel.function("sys_pciconfig_iobase").return { +#probe syscall.pciconfig_iobase.return = kernel.function("sys_pciconfig_iobase").return +#{ # name = "pciconfig_iobase" # retstr = returnstr(1) #} @@ -214,7 +218,8 @@ probe syscall.pause.return = kernel.function("sys_pause").return ?, # { return 0; } # # -#probe syscall.pciconfig_read = kernel.function("sys_pciconfig_read") { +#probe syscall.pciconfig_read = kernel.function("sys_pciconfig_read") +#{ # name = "pciconfig_read" # bus = $bus # dfn = $dfn @@ -224,8 +229,8 @@ probe syscall.pause.return = kernel.function("sys_pause").return ?, # argstr = sprintf("%p, %p, %p, %d, %p", bus, dfn, off, # len, buf_uaddr) #} -#probe syscall.pciconfig_read.return = -# kernel.function("sys_pciconfig_read").return { +#probe syscall.pciconfig_read.return = kernel.function("sys_pciconfig_read").return +#{ # name = "pciconfig_read" # retstr = returnstr(1) #} @@ -239,7 +244,8 @@ probe syscall.pause.return = kernel.function("sys_pause").return ?, # unsigned char *buf) # # -#probe syscall.pciconfig_write = kernel.function("sys_pciconfig_write") { +#probe syscall.pciconfig_write = kernel.function("sys_pciconfig_write") +#{ # name = "pciconfig_write" # bus = $bus # dfn = $dfn @@ -249,8 +255,8 @@ probe syscall.pause.return = kernel.function("sys_pause").return ?, # argstr = sprintf("%p, %p, %p, %d, %p", bus, dfn, off, # len, buf_uaddr) #} -#probe syscall.pciconfig_write.return = -# kernel.function("sys_pciconfig_write").return { +#probe syscall.pciconfig_write.return = kernel.function("sys_pciconfig_write").return +#{ # name = "pciconfig_write" # retstr = returnstr(1) #} @@ -260,13 +266,15 @@ probe syscall.pause.return = kernel.function("sys_pause").return ?, # sys_personality(u_long personality) # probe syscall.personality = kernel.function("SyS_personality") !, - kernel.function("sys_personality") { + kernel.function("sys_personality") +{ name = "personality" persona = $personality argstr = sprintf("%p", persona); } probe syscall.personality.return = kernel.function("SyS_personality").return !, - kernel.function("sys_personality").return { + kernel.function("sys_personality").return +{ name = "personality" retstr = returnstr(1) } @@ -278,13 +286,15 @@ probe syscall.personality.return = kernel.function("SyS_personality").return !, %(arch == "x86_64" %? # x86_64 gcc 4.1 problem probe syscall.pipe = kernel.function("SyS_pipe") !, - kernel.function("sys_pipe") { + kernel.function("sys_pipe") +{ name = "pipe" argstr = "" } %: probe syscall.pipe = kernel.function("SyS_pipe") !, - kernel.function("sys_pipe") { + kernel.function("sys_pipe") +{ name = "pipe" %( arch == "ia64" %? # ia64 just returns value directly, no fildes argument @@ -296,7 +306,8 @@ probe syscall.pipe = kernel.function("SyS_pipe") !, } %) probe syscall.pipe.return = kernel.function("SyS_pipe").return !, - kernel.function("sys_pipe").return { + kernel.function("sys_pipe").return +{ name = "pipe" retstr = returnstr(1) } @@ -306,15 +317,17 @@ probe syscall.pipe.return = kernel.function("SyS_pipe").return !, # long sys_pivot_root(const char __user *new_root, const char __user *put_old) # probe syscall.pivot_root = kernel.function("SyS_pivot_root") !, - kernel.function("sys_pivot_root") { + kernel.function("sys_pivot_root") +{ name = "pivot_root" new_root_str = user_string($new_root) old_root_str = user_string($put_old) argstr = sprintf("%s, %s", user_string_quoted($new_root), - user_string_quoted($put_old)) + user_string_quoted($put_old)) } probe syscall.pivot_root.return = kernel.function("SyS_pivot_root").return !, - kernel.function("sys_pivot_root").return { + kernel.function("sys_pivot_root").return +{ name = "pivot_root" retstr = returnstr(1) } @@ -324,7 +337,8 @@ probe syscall.pivot_root.return = kernel.function("SyS_pivot_root").return !, # long sys_poll(struct pollfd __user * ufds, unsigned int nfds, long timeout) # probe syscall.poll = kernel.function("SyS_poll") !, - kernel.function("sys_poll") { + kernel.function("sys_poll") +{ name = "poll" ufds_uaddr = $ufds nfds = $nfds @@ -336,7 +350,8 @@ probe syscall.poll = kernel.function("SyS_poll") !, argstr = sprintf("%p, %d, %d", $ufds, $nfds, timeout) } probe syscall.poll.return = kernel.function("SyS_poll").return !, - kernel.function("sys_poll").return { + kernel.function("sys_poll").return +{ name = "poll" retstr = returnstr(1) } @@ -348,17 +363,19 @@ probe syscall.poll.return = kernel.function("SyS_poll").return !, # size_t sigsetsize) # probe syscall.ppoll = kernel.function("SyS_ppoll") !, - kernel.function("sys_ppoll") ? { + kernel.function("sys_ppoll") ? +{ name = "ppoll" - argstr = sprintf("%p, %d, %s, %p, %d", + argstr = sprintf("%p, %d, %s, %p, %d", $ufds, $nfds, - _struct_timespec_u($tsp,1), + _struct_timespec_u($tsp, 1), $sigmask, $sigsetsize) } probe syscall.ppoll.return = kernel.function("SyS_ppoll").return !, - kernel.function("sys_ppoll").return ? { + kernel.function("sys_ppoll").return ? +{ name = "ppoll" retstr = returnstr(1) } @@ -366,16 +383,18 @@ probe syscall.ppoll.return = kernel.function("SyS_ppoll").return !, # unsigned int nfds, struct compat_timespec __user *tsp, # const compat_sigset_t __user *sigmask, compat_size_t sigsetsize) # -probe syscall.compat_ppoll = kernel.function("compat_sys_ppoll") ? { +probe syscall.compat_ppoll = kernel.function("compat_sys_ppoll") ? +{ name = "ppoll" - argstr = sprintf("%p, %d, %s, %p, %d", + argstr = sprintf("%p, %d, %s, %p, %d", $ufds, $nfds, - _struct_compat_timespec_u($tsp,1), + _struct_compat_timespec_u($tsp, 1), $sigmask, $sigsetsize) } -probe syscall.compat_ppoll.return = kernel.function("compat_sys_ppoll").return ? { +probe syscall.compat_ppoll.return = kernel.function("compat_sys_ppoll").return ? +{ name = "ppoll" retstr = returnstr(1) } @@ -390,7 +409,8 @@ probe syscall.compat_ppoll.return = kernel.function("compat_sys_ppoll").return ? # unsigned long arg5) # probe syscall.prctl = kernel.function("SyS_prctl") !, - kernel.function("sys_prctl") { + kernel.function("sys_prctl") +{ name = "prctl" option = $option arg2 = $arg2 @@ -398,10 +418,11 @@ probe syscall.prctl = kernel.function("SyS_prctl") !, arg4 = $arg4 arg5 = $arg5 argstr = sprintf("%p, %p, %p, %p, %p", option, arg2, arg3, - arg4, arg5) + arg4, arg5) } probe syscall.prctl.return = kernel.function("SyS_prctl").return !, - kernel.function("sys_prctl").return { + kernel.function("sys_prctl").return +{ name = "prctl" retstr = returnstr(1) } @@ -413,7 +434,8 @@ probe syscall.prctl.return = kernel.function("SyS_prctl").return !, # loff_t pos) # probe syscall.pread = kernel.function("SyS_pread64") !, - kernel.function("sys_pread64") { + kernel.function("sys_pread64") +{ name = "pread" fd = $fd buf_uaddr = $buf @@ -422,7 +444,8 @@ probe syscall.pread = kernel.function("SyS_pread64") !, argstr = sprintf("%d, %p, %d, %d", $fd, $buf, $count, $pos) } probe syscall.pread.return = kernel.function("SyS_pread64").return !, - kernel.function("sys_pread64").return { + kernel.function("sys_pread64").return +{ name = "pread" retstr = returnstr(1) } @@ -433,22 +456,26 @@ probe syscall.pread.return = kernel.function("SyS_pread64").return !, # fd_set __user *exp, struct timespec __user *tsp, void __user *sig) # probe syscall.pselect6 = kernel.function("SyS_pselect6") !, - kernel.function("sys_pselect6") ? { + kernel.function("sys_pselect6") ? +{ name = "pselect6" argstr = sprintf("%d, %p, %p, %p, %s, %p", $n, $inp, $outp, $exp, - _struct_timespec_u($tsp,1), $sig) + _struct_timespec_u($tsp, 1), $sig) } probe syscall.pselect6.return = kernel.function("SyS_pselect6").return !, - kernel.function("sys_pselect6").return ? { + kernel.function("sys_pselect6").return ? +{ name = "pselect6" retstr = returnstr(1) } -probe syscall.compat_pselect6 = kernel.function("compat_sys_pselect6") ? { +probe syscall.compat_pselect6 = kernel.function("compat_sys_pselect6") ? +{ name = "pselect6" argstr = sprintf("%d, %p, %p, %p, %s, %p", $n, $inp, $outp, $exp, - _struct_compat_timespec_u($tsp,1), $sig) + _struct_compat_timespec_u($tsp, 1), $sig) } -probe syscall.compat_pselect6.return = kernel.function("compat_sys_pselect6").return ? { +probe syscall.compat_pselect6.return = kernel.function("compat_sys_pselect6").return ? +{ name = "pselect6" retstr = returnstr(1) } @@ -456,24 +483,28 @@ probe syscall.compat_pselect6.return = kernel.function("compat_sys_pselect6").re # pselect7 _____________________________________________________ # # long sys_pselect7(int n, fd_set __user *inp, fd_set __user *outp, -# fd_set __user *exp, struct timespec __user *tsp, +# fd_set __user *exp, struct timespec __user *tsp, # const sigset_t __user *sigmask, size_t sigsetsize) # -probe syscall.pselect7 = kernel.function("sys_pselect7") ? { +probe syscall.pselect7 = kernel.function("sys_pselect7") ? +{ name = "pselect7" argstr = sprintf("%d, %p, %p, %p, %s, %p, %d", $n, $inp, $outp, $exp, - _struct_timespec_u($tsp,1), $sigmask, $sigsetsize) + _struct_timespec_u($tsp, 1), $sigmask, $sigsetsize) } -probe syscall.pselect7.return = kernel.function("sys_pselect7").return ? { +probe syscall.pselect7.return = kernel.function("sys_pselect7").return ? +{ name = "pselect7" retstr = returnstr(1) } -probe syscall.compat_pselect7a = kernel.function("compat_sys_pselect7") ? { +probe syscall.compat_pselect7a = kernel.function("compat_sys_pselect7") ? +{ name = "pselect7" argstr = sprintf("%d, %p, %p, %p, %s, %p, %d", $n, $inp, $outp, $exp, - _struct_compat_timespec_u($tsp,1), $sigmask, $sigsetsize) + _struct_compat_timespec_u($tsp, 1), $sigmask, $sigsetsize) } -probe syscall.compat_pselect7.return = kernel.function("compat_sys_pselect7").return ? { +probe syscall.compat_pselect7.return = kernel.function("compat_sys_pselect7").return ? +{ name = "pselect7" retstr = returnstr(1) } @@ -486,8 +517,9 @@ probe syscall.compat_pselect7.return = kernel.function("compat_sys_pselect7").re # long data) # probe syscall.ptrace = kernel.function("SyS_ptrace") !, - kernel.function("sys_ptrace") ? { - name = "ptrace" + kernel.function("sys_ptrace") ? +{ + name = "ptrace" request = $request pid = $pid addr = $addr @@ -495,7 +527,8 @@ probe syscall.ptrace = kernel.function("SyS_ptrace") !, argstr = sprintf("%d, %d, %p, %p", request, pid, addr, data) } probe syscall.ptrace.return = kernel.function("SyS_ptrace").return !, - kernel.function("sys_ptrace").return ? { + kernel.function("sys_ptrace").return ? +{ name = "ptrace" retstr = returnstr(1) } @@ -508,42 +541,46 @@ probe syscall.ptrace.return = kernel.function("SyS_ptrace").return !, # loff_t pos) # probe syscall.pwrite = kernel.function("SyS_pwrite64") !, - kernel.function("sys_pwrite64") { + kernel.function("sys_pwrite64") +{ name = "pwrite" fd = $fd buf_uaddr = $buf count = $count offset = $pos - argstr = sprintf("%d, %s, %d, %d", $fd, - text_strn(user_string($buf),syscall_string_trunc,1), - $count, $pos) + argstr = sprintf("%d, %s, %d, %d", $fd, + text_strn(user_string($buf), syscall_string_trunc, 1), + $count, $pos) } probe syscall.pwrite.return = kernel.function("SyS_pwrite64").return !, - kernel.function("sys_pwrite64").return { + kernel.function("sys_pwrite64").return +{ name = "pwrite" retstr = returnstr(1) } # long sys32_pwrite64(unsigned int fd, const char __user *ubuf, # size_t count, u32 poshi, u32 poslo) -probe syscall.pwrite32 = kernel.function("sys32_pwrite64") ? { +probe syscall.pwrite32 = kernel.function("sys32_pwrite64") ? +{ name = "pwrite" fd = $fd buf_uaddr = $buf count = $count offset = ($poshi << 32) + $poslo %( arch == "s390x" %? - buf_uaddr = $ubuf - argstr = sprintf("%d, %s, %d, %d", $fd, - text_strn(user_string($ubuf),syscall_string_trunc,1), - $count, ($poshi << 32) + $poslo) + buf_uaddr = $ubuf + argstr = sprintf("%d, %s, %d, %d", $fd, + text_strn(user_string($ubuf), syscall_string_trunc, 1), + $count, ($poshi << 32) + $poslo) %: buf_uaddr = $buf - argstr = sprintf("%d, %s, %d, %d", $fd, - text_strn(user_string($buf),syscall_string_trunc,1), - $count, ($poshi << 32) + $poslo) + argstr = sprintf("%d, %s, %d, %d", $fd, + text_strn(user_string($buf), syscall_string_trunc, 1), + $count, ($poshi << 32) + $poslo) %) } -probe syscall.pwrite32.return = kernel.function("sys32_pwrite64").return ? { +probe syscall.pwrite32.return = kernel.function("sys32_pwrite64").return ? +{ name = "pwrite" retstr = returnstr(1) } @@ -556,7 +593,8 @@ probe syscall.pwrite32.return = kernel.function("sys32_pwrite64").return ? { # void __user *addr) # probe syscall.quotactl = kernel.function("SyS_quotactl") !, - kernel.function("sys_quotactl") ? { + kernel.function("sys_quotactl") ? +{ name = "quotactl" cmd = $cmd cmd_str = _quotactl_cmd_str($cmd) @@ -567,7 +605,8 @@ probe syscall.quotactl = kernel.function("SyS_quotactl") !, argstr = sprintf("%s, %s, %d, %p", cmd_str, special_str, $id, $addr) } probe syscall.quotactl.return = kernel.function("SyS_quotactl").return !, - kernel.function("sys_quotactl").return ? { + kernel.function("sys_quotactl").return ? +{ name = "quotactl" retstr = returnstr(1) } @@ -576,7 +615,8 @@ probe syscall.quotactl.return = kernel.function("SyS_quotactl").return !, # read _______________________________________________________ # ssize_t sys_read(unsigned int fd, char __user * buf, size_t count) probe syscall.read = kernel.function("SyS_read") !, - kernel.function("sys_read") { + kernel.function("sys_read") +{ name = "read" fd = $fd buf_uaddr = $buf @@ -584,7 +624,8 @@ probe syscall.read = kernel.function("SyS_read") !, argstr = sprintf("%d, %p, %d", $fd, $buf, $count) } probe syscall.read.return = kernel.function("SyS_read").return !, - kernel.function("sys_read").return { + kernel.function("sys_read").return +{ name = "read" retstr = returnstr(1) } @@ -597,7 +638,8 @@ probe syscall.read.return = kernel.function("SyS_read").return !, # size_t count) # probe syscall.readahead = kernel.function("SyS_readahead") !, - kernel.function("sys_readahead") { + kernel.function("sys_readahead") +{ name = "readahead" fd = $fd offset = $offset @@ -605,7 +647,8 @@ probe syscall.readahead = kernel.function("SyS_readahead") !, argstr = sprintf("%d, %p, %p", fd, offset, count) } probe syscall.readahead.return = kernel.function("SyS_readahead").return !, - kernel.function("sys_readahead").return { + kernel.function("sys_readahead").return +{ name = "readahead" retstr = returnstr(1) } @@ -614,16 +657,14 @@ probe syscall.readahead.return = kernel.function("SyS_readahead").return !, # # long compat_sys_old_readdir(unsigned int fd, struct compat_old_linux_dirent __user *dirent, unsigned int count) # int old32_readdir(unsigned int fd, struct old_linux_dirent32 *dirent, unsigned int count) -# -probe syscall.readdir = - kernel.function("compat_sys_old_readdir") ?, +# +probe syscall.readdir = kernel.function("compat_sys_old_readdir") ?, kernel.function("old32_readdir") ? { name = "readdir" argstr = sprintf("%d, %p, %d", $fd, $dirent, $count) } -probe syscall.readdir.return = - kernel.function("compat_sys_old_readdir").return ?, +probe syscall.readdir.return = kernel.function("compat_sys_old_readdir").return ?, kernel.function("old32_readdir").return ? { name = "readdir" @@ -637,16 +678,18 @@ probe syscall.readdir.return = # int bufsiz) # probe syscall.readlink = kernel.function("SyS_readlink") !, - kernel.function("sys_readlink") { + kernel.function("sys_readlink") +{ name = "readlink" path = user_string($path) buf_uaddr = $buf bufsiz = $bufsiz - argstr = sprintf("%s, %p, %d", user_string_quoted($path), - $buf, $bufsiz) + argstr = sprintf("%s, %p, %d", user_string_quoted($path), + $buf, $bufsiz) } probe syscall.readlink.return = kernel.function("SyS_readlink").return !, - kernel.function("sys_readlink").return { + kernel.function("sys_readlink").return +{ name = "readlink" retstr = returnstr(1) } @@ -658,7 +701,8 @@ probe syscall.readlink.return = kernel.function("SyS_readlink").return !, # int bufsiz) # probe syscall.readlinkat = kernel.function("SyS_readlinkat") !, - kernel.function("sys_readlinkat") ? { + kernel.function("sys_readlinkat") ? +{ name = "readlinkat" dfd = $dfd buf_uaddr = $buf @@ -673,7 +717,8 @@ probe syscall.readlinkat = kernel.function("SyS_readlinkat") !, } probe syscall.readlinkat.return = kernel.function("SyS_readlinkat").return !, - kernel.function("sys_readlinkat").return ? { + kernel.function("sys_readlinkat").return ? +{ name = "readlinkat" retstr = returnstr(1) } @@ -683,12 +728,11 @@ probe syscall.readlinkat.return = kernel.function("SyS_readlinkat").return !, # ssize_t sys_readv(unsigned long fd, # const struct iovec __user *vec, # unsigned long vlen) -# ssize_t compat_sys_readv(unsigned long fd, -# const struct compat_iovec __user *vec, +# ssize_t compat_sys_readv(unsigned long fd, +# const struct compat_iovec __user *vec, # unsigned long vlen) # -probe syscall.readv = - kernel.function("compat_sys_readv") ?, +probe syscall.readv = kernel.function("compat_sys_readv") ?, kernel.function("SyS_readv") !, kernel.function("sys_readv") { @@ -703,8 +747,7 @@ probe syscall.readv = argstr = sprintf("unknown fd, %p, %d", $vec, $vlen) %) } -probe syscall.readv.return = - kernel.function("compat_sys_readv").return ?, +probe syscall.readv.return = kernel.function("compat_sys_readv").return ?, kernel.function("SyS_readv").return !, kernel.function("sys_readv").return { @@ -720,7 +763,8 @@ probe syscall.readv.return = # void __user * arg) # probe syscall.reboot = kernel.function("SyS_reboot") !, - kernel.function("sys_reboot") { + kernel.function("sys_reboot") +{ name = "reboot" magic = $magic1 magic_str = _reboot_magic_str($magic1) @@ -730,10 +774,11 @@ probe syscall.reboot = kernel.function("SyS_reboot") !, flag_str = _reboot_flag_str($cmd) arg_uaddr = $arg argstr = sprintf("%s, %s, %s, %p", magic_str, magic2_str, - flag_str, $arg) + flag_str, $arg) } probe syscall.reboot.return = kernel.function("SyS_reboot").return !, - kernel.function("sys_reboot").return { + kernel.function("sys_reboot").return +{ name = "reboot" retstr = returnstr(1) } @@ -742,7 +787,8 @@ probe syscall.reboot.return = kernel.function("SyS_reboot").return !, # # long sys_recv(int fd, void __user *ubuf, size_t size, unsigned flags) # -probe syscall.recv = kernel.function("sys_recv") ? { +probe syscall.recv = kernel.function("sys_recv") ? +{ name = "recv" s = $fd buf_uaddr = $ubuf @@ -751,7 +797,8 @@ probe syscall.recv = kernel.function("sys_recv") ? { flags_str = _recvflags_str($flags) argstr = sprintf("%d, %p, %d, %s", $fd, $ubuf, $size, _recvflags_str($flags)) } -probe syscall.recv.return = kernel.function("sys_recv").return ? { +probe syscall.recv.return = kernel.function("sys_recv").return ? +{ name = "recv" retstr = returnstr(1) } @@ -766,7 +813,8 @@ probe syscall.recv.return = kernel.function("sys_recv").return ? { # int __user *addr_len) # probe syscall.recvfrom = kernel.function("SyS_recvfrom") !, - kernel.function("sys_recvfrom") ? { + kernel.function("sys_recvfrom") ? +{ name = "recvfrom" s = $fd buf_uaddr = $ubuf @@ -779,7 +827,8 @@ probe syscall.recvfrom = kernel.function("SyS_recvfrom") !, $fd, $ubuf, $size, _recvflags_str($flags), $addr, $addr_len) } probe syscall.recvfrom.return = kernel.function("SyS_recvfrom").return !, - kernel.function("sys_recvfrom").return ? { + kernel.function("sys_recvfrom").return ? +{ name = "recvfrom" retstr = returnstr(1) } @@ -791,7 +840,8 @@ probe syscall.recvfrom.return = kernel.function("SyS_recvfrom").return !, # unsigned int flags) # probe syscall.recvmsg = kernel.function("SyS_recvmsg") !, - kernel.function("sys_recvmsg") ? { + kernel.function("sys_recvmsg") ? +{ name = "recvmsg" s = $fd msg_uaddr = $msg @@ -800,7 +850,8 @@ probe syscall.recvmsg = kernel.function("SyS_recvmsg") !, argstr = sprintf("%d, %p, %s", $fd, $msg, _recvflags_str($flags)) } probe syscall.recvmsg.return = kernel.function("SyS_recvmsg").return !, - kernel.function("sys_recvmsg").return ? { + kernel.function("sys_recvmsg").return ? +{ name = "recvmsg" retstr = returnstr(1) } @@ -810,14 +861,16 @@ probe syscall.recvmsg.return = kernel.function("SyS_recvmsg").return !, # struct compat_msghdr __user *msg, # unsigned int flags) # -probe syscall.compat_sys_recvmsg = kernel.function("compat_sys_recvmsg") ? { +probe syscall.compat_sys_recvmsg = kernel.function("compat_sys_recvmsg") ? +{ name = "compat_sys_recvmsg" s = $fd msg_uaddr = $msg flags = $flags argstr = sprintf("%d, %p, %s", $fd, $msg, _recvflags_str($flags)) } -probe syscall.compat_sys_recvmsg.return = kernel.function("compat_sys_recvmsg").return ? { +probe syscall.compat_sys_recvmsg.return = kernel.function("compat_sys_recvmsg").return ? +{ name = "compat_sys_recvmsg" retstr = returnstr(1) } @@ -831,7 +884,8 @@ probe syscall.compat_sys_recvmsg.return = kernel.function("compat_sys_recvmsg"). # unsigned long flags) # probe syscall.remap_file_pages = kernel.function("SyS_remap_file_pages") !, - kernel.function("sys_remap_file_pages") ? { + kernel.function("sys_remap_file_pages") ? +{ name = "remap_file_pages" start = $start size = $size @@ -843,11 +897,11 @@ probe syscall.remap_file_pages = kernel.function("SyS_remap_file_pages") !, pgoff = $pgoff flags = $flags argstr = sprintf("%p, %p, %p, %p, %p", start, size, prot, - pgoff, flags) + pgoff, flags) } -probe syscall.remap_file_pages.return = - kernel.function("SyS_remap_file_pages").return !, - kernel.function("sys_remap_file_pages").return ? { +probe syscall.remap_file_pages.return = kernel.function("SyS_remap_file_pages").return !, + kernel.function("sys_remap_file_pages").return ? +{ name = "remap_file_pages" retstr = returnstr(1) } @@ -859,22 +913,24 @@ probe syscall.remap_file_pages.return = # char __user *name) # probe syscall.removexattr = kernel.function("SyS_removexattr") !, - kernel.function("sys_removexattr") { + kernel.function("sys_removexattr") +{ name = "removexattr" name_str = user_string($name) %( kernel_v >= "2.6.27" %? path = user_string($pathname) - argstr = sprintf("%s, %s", user_string_quoted($pathname), + argstr = sprintf("%s, %s", user_string_quoted($pathname), user_string_quoted($name)) %: path = user_string($path) - argstr = sprintf("%s, %s", user_string_quoted($path), + argstr = sprintf("%s, %s", user_string_quoted($path), user_string_quoted($name)) %) } probe syscall.removexattr.return = kernel.function("SyS_removexattr").return !, - kernel.function("sys_removexattr").return { + kernel.function("sys_removexattr").return +{ name = "removexattr" retstr = returnstr(1) } @@ -885,15 +941,17 @@ probe syscall.removexattr.return = kernel.function("SyS_removexattr").return !, # const char __user * newname) # probe syscall.rename = kernel.function("SyS_rename") !, - kernel.function("sys_rename") { + kernel.function("sys_rename") +{ name = "rename" oldpath = user_string($oldname) newpath = user_string($newname) - argstr = sprintf("%s, %s", user_string_quoted($oldname), - user_string_quoted($newname)) + argstr = sprintf("%s, %s", user_string_quoted($oldname), + user_string_quoted($newname)) } probe syscall.rename.return = kernel.function("SyS_rename").return !, - kernel.function("sys_rename").return { + kernel.function("sys_rename").return +{ name = "rename" retstr = returnstr(1) } @@ -903,7 +961,8 @@ probe syscall.rename.return = kernel.function("SyS_rename").return !, # long sys_renameat(int olddfd, const char __user *oldname, # int newdfd, const char __user *newname) probe syscall.renameat = kernel.function("SyS_renameat") !, - kernel.function("sys_renameat") ? { + kernel.function("sys_renameat") ? +{ name = "renameat" olddfd = $olddfd olddfd_str = _dfd_str($olddfd) @@ -918,7 +977,8 @@ probe syscall.renameat = kernel.function("SyS_renameat") !, newdfd_str, user_string_quoted($newname)) } probe syscall.renameat.return = kernel.function("SyS_renameat").return !, - kernel.function("sys_renameat").return ? { + kernel.function("sys_renameat").return ? +{ name = "renameat" retstr = returnstr(1) } @@ -932,7 +992,8 @@ probe syscall.renameat.return = kernel.function("SyS_renameat").return !, # compat_sys_request_key() calls sys_request_key, so don't need probe there. # probe syscall.request_key = kernel.function("SyS_request_key") !, - kernel.function("sys_request_key") ? { + kernel.function("sys_request_key") ? +{ name = "request_key" type_uaddr = $_type description_uaddr = $_description @@ -941,7 +1002,8 @@ probe syscall.request_key = kernel.function("SyS_request_key") !, argstr = sprintf("%p, %p, %p, %p", $_type, $_description, $_callout_info, $destringid) } probe syscall.request_key.return = kernel.function("SyS_request_key").return !, - kernel.function("sys_request_key").return ? { + kernel.function("sys_request_key").return ? +{ name = "request_key" retstr = returnstr(1) } @@ -951,12 +1013,13 @@ probe syscall.request_key.return = kernel.function("SyS_request_key").return !, # asmlinkage long # sys_restart_syscall(void) # -probe syscall.restart_syscall = kernel.function("sys_restart_syscall") { +probe syscall.restart_syscall = kernel.function("sys_restart_syscall") +{ name = "restart_syscall" argstr = "" } -probe syscall.restart_syscall.return = - kernel.function("sys_restart_syscall").return { +probe syscall.restart_syscall.return = kernel.function("sys_restart_syscall").return +{ name = "restart_syscall" retstr = returnstr(1) } @@ -966,13 +1029,15 @@ probe syscall.restart_syscall.return = # sys_rmdir(const char __user * pathname) # probe syscall.rmdir = kernel.function("SyS_rmdir") !, - kernel.function("sys_rmdir") { + kernel.function("sys_rmdir") +{ name = "rmdir" pathname = user_string($pathname) argstr = user_string_quoted($pathname) } probe syscall.rmdir.return = kernel.function("SyS_rmdir").return !, - kernel.function("sys_rmdir").return { + kernel.function("sys_rmdir").return +{ name = "rmdir" retstr = returnstr(1) } @@ -985,31 +1050,32 @@ probe syscall.rmdir.return = kernel.function("SyS_rmdir").return !, # size_t sigsetsize) # probe syscall.rt_sigaction = kernel.function("SyS_rt_sigaction") !, - kernel.function("sys_rt_sigaction") ? { + kernel.function("sys_rt_sigaction") ? +{ name = "rt_sigaction" sig = $sig act_uaddr = $act oact_uaddr = $oact sigsetsize = $sigsetsize argstr = sprintf("%s, {%s}, %p, %d", _signal_name($sig), - _struct_sigaction_u($act), $oact, $sigsetsize) + _struct_sigaction_u($act), $oact, $sigsetsize) } -probe syscall.rt_sigaction.return = - kernel.function("SyS_rt_sigaction").return !, - kernel.function("sys_rt_sigaction").return ? { +probe syscall.rt_sigaction.return = kernel.function("SyS_rt_sigaction").return !, + kernel.function("sys_rt_sigaction").return ? +{ name = "rt_sigaction" retstr = returnstr(1) } # -# long sys32_rt_sigaction(int sig, +# long sys32_rt_sigaction(int sig, # struct sigaction32 __user *act, -# struct sigaction32 __user *oact, +# struct sigaction32 __user *oact, # unsigned int sigsetsize) # ppc only -# compat_sys_rt_sigaction(int sig, +# compat_sys_rt_sigaction(int sig, # const struct sigaction32 __user *act, -# struct sigaction32 __user *oact, +# struct sigaction32 __user *oact, # size_t sigsetsize) probe syscall.rt_sigaction32 = kernel.function("sys32_rt_sigaction") ?, @@ -1021,7 +1087,7 @@ probe syscall.rt_sigaction32 = kernel.function("sys32_rt_sigaction") ?, oact_uaddr = $oact sigsetsize = $sigsetsize argstr = sprintf("%s, {%s}, %p, %d", _signal_name($sig), - _struct_sigaction32_u($act), $oact, $sigsetsize) + _struct_sigaction32_u($act), $oact, $sigsetsize) } probe syscall.rt_sigaction32.return = kernel.function("sys32_rt_sigaction").return ?, kernel.function("compat_sys_rt_sigaction").return ? @@ -1035,15 +1101,16 @@ probe syscall.rt_sigaction32.return = kernel.function("sys32_rt_sigaction").retu # long sys_rt_sigpending(sigset_t __user *set, size_t sigsetsize) # probe syscall.rt_sigpending = kernel.function("SyS_rt_sigpending") !, - kernel.function("sys_rt_sigpending") ? { + kernel.function("sys_rt_sigpending") ? +{ name = "rt_sigpending" set_uaddr = $set sigsetsize = $sigsetsize argstr = sprintf("%p, %d", $set, $sigsetsize) } -probe syscall.rt_sigpending.return = - kernel.function("SyS_rt_sigpending").return !, - kernel.function("sys_rt_sigpending").return ? { +probe syscall.rt_sigpending.return = kernel.function("SyS_rt_sigpending").return !, + kernel.function("sys_rt_sigpending").return ? +{ name = "rt_sigpending" retstr = returnstr(1) } @@ -1053,8 +1120,7 @@ probe syscall.rt_sigpending.return = # long compat_sys_rt_sigprocmask(int how, compat_sigset_t __user *set, compat_sigset_t __user *oset, compat_size_t sigsetsize) # long sys_rt_sigprocmask(int how, sigset_t __user *set, sigset_t __user *oset, size_t sigsetsize) # -probe syscall.rt_sigprocmask = - kernel.function("sys32_rt_sigprocmask") ?, +probe syscall.rt_sigprocmask = kernel.function("sys32_rt_sigprocmask") ?, kernel.function("compat_sys_rt_sigprocmask") ?, kernel.function("SyS_rt_sigprocmask") !, kernel.function("sys_rt_sigprocmask") ? @@ -1065,10 +1131,9 @@ probe syscall.rt_sigprocmask = set_uaddr = $set oldset_uaddr = $oset argstr = sprintf("%s, [%s], %p, %d", how_str, _stp_sigset_u($set), - $oset, $sigsetsize) + $oset, $sigsetsize) } -probe syscall.rt_sigprocmask.return = - kernel.function("sys32_rt_sigprocmask").return ?, +probe syscall.rt_sigprocmask.return = kernel.function("sys32_rt_sigprocmask").return ?, kernel.function("compat_sys_rt_sigprocmask").return ?, kernel.function("SyS_rt_sigprocmask").return !, kernel.function("sys_rt_sigprocmask").return ? @@ -1079,19 +1144,20 @@ probe syscall.rt_sigprocmask.return = # rt_sigqueueinfo ____________________________________________ # -# long sys_rt_sigqueueinfo(int pid, int sig,siginfo_t __user *uinfo) +# long sys_rt_sigqueueinfo(int pid, int sig, siginfo_t __user *uinfo) # probe syscall.rt_sigqueueinfo = kernel.function("SyS_rt_sigqueueinfo") !, - kernel.function("sys_rt_sigqueueinfo") { + kernel.function("sys_rt_sigqueueinfo") +{ name = "rt_sigqueueinfo" pid = $pid sig = $sig uinfo_uaddr = $uinfo argstr = sprintf("%d, %s, %p", $pid, _signal_name($sig), $uinfo) } -probe syscall.rt_sigqueueinfo.return = - kernel.function("SyS_rt_sigqueueinfo").return !, - kernel.function("sys_rt_sigqueueinfo").return { +probe syscall.rt_sigqueueinfo.return = kernel.function("SyS_rt_sigqueueinfo").return !, + kernel.function("sys_rt_sigqueueinfo").return +{ name = "rt_sigqueueinfo" retstr = returnstr(1) } @@ -1099,16 +1165,14 @@ probe syscall.rt_sigqueueinfo.return = # rt_sigreturn _______________________________________________ # int sys_rt_sigreturn(unsigned long __unused) # -probe syscall.rt_sigreturn = - kernel.function("sys_rt_sigreturn") ?, - kernel.function("sys32_rt_sigreturn") ? +probe syscall.rt_sigreturn = kernel.function("sys_rt_sigreturn") ?, + kernel.function("sys32_rt_sigreturn") ? { name = "rt_sigreturn" argstr = "" } -probe syscall.rt_sigreturn.return = - kernel.function("sys_rt_sigreturn").return ?, - kernel.function("sys32_rt_sigreturn").return ? +probe syscall.rt_sigreturn.return = kernel.function("sys_rt_sigreturn").return ?, + kernel.function("sys32_rt_sigreturn").return ? { name = "rt_sigreturn" retstr = returnstr(1) @@ -1118,8 +1182,7 @@ probe syscall.rt_sigreturn.return = # # sys_rt_sigsuspend(struct pt_regs regs) # -probe syscall.rt_sigsuspend = - kernel.function("compat_sys_rt_sigsuspend") ?, +probe syscall.rt_sigsuspend = kernel.function("compat_sys_rt_sigsuspend") ?, kernel.function("ia64_rt_sigsuspend") ?, kernel.function("SyS_rt_sigsuspend") !, kernel.function("sys_rt_sigsuspend") ? @@ -1127,8 +1190,7 @@ probe syscall.rt_sigsuspend = name = "rt_sigsuspend" argstr = "" } -probe syscall.rt_sigsuspend.return = - kernel.function("compat_sys_rt_sigsuspend").return ?, +probe syscall.rt_sigsuspend.return = kernel.function("compat_sys_rt_sigsuspend").return ?, kernel.function("ia64_rt_sigsuspend").return ?, kernel.function("SyS_rt_sigsuspend").return !, kernel.function("sys_rt_sigsuspend").return ? @@ -1147,8 +1209,7 @@ probe syscall.rt_sigsuspend.return = # struct compat_siginfo __user *uinfo, # struct compat_timespec __user *uts, compat_size_t sigsetsize) # -probe syscall.rt_sigtimedwait = - kernel.function("compat_sys_rt_sigtimedwait") ?, +probe syscall.rt_sigtimedwait = kernel.function("compat_sys_rt_sigtimedwait") ?, kernel.function("SyS_rt_sigtimedwait") !, kernel.function("sys_rt_sigtimedwait") { @@ -1159,8 +1220,7 @@ probe syscall.rt_sigtimedwait = sigsetsize = $sigsetsize argstr = sprintf("%p, %p, %p, %d", $uthese, $uinfo, $uts, $sigsetsize) } -probe syscall.rt_sigtimedwait.return = - kernel.function("compat_sys_rt_sigtimedwait").return ?, +probe syscall.rt_sigtimedwait.return = kernel.function("compat_sys_rt_sigtimedwait").return ?, kernel.function("SyS_rt_sigtimedwait").return !, kernel.function("sys_rt_sigtimedwait").return { @@ -1176,16 +1236,17 @@ probe syscall.rt_sigtimedwait.return = # unsigned long __user *user_mask_ptr) # probe syscall.sched_getaffinity = kernel.function("SyS_sched_getaffinity") !, - kernel.function("sys_sched_getaffinity") { + kernel.function("sys_sched_getaffinity") +{ name = "sched_getaffinity" pid = $pid len = $len mask_uaddr = $user_mask_ptr argstr = sprintf("%d, %p, %p", pid, len, mask_uaddr) } -probe syscall.sched_getaffinity.return = - kernel.function("SyS_sched_getaffinity").return !, - kernel.function("sys_sched_getaffinity").return { +probe syscall.sched_getaffinity.return = kernel.function("SyS_sched_getaffinity").return !, + kernel.function("sys_sched_getaffinity").return +{ name = "sched_getaffinity" retstr = returnstr(1) } @@ -1196,15 +1257,16 @@ probe syscall.sched_getaffinity.return = # struct sched_param __user *param) # probe syscall.sched_getparam = kernel.function("SyS_sched_getparam") !, - kernel.function("sys_sched_getparam") { + kernel.function("sys_sched_getparam") +{ name = "sched_getparam" pid = $pid p_uaddr = $param argstr = sprintf("%d, %p", pid, p_uaddr) } -probe syscall.sched_getparam.return = - kernel.function("SyS_sched_getparam").return !, - kernel.function("sys_sched_getparam").return { +probe syscall.sched_getparam.return = kernel.function("SyS_sched_getparam").return !, + kernel.function("sys_sched_getparam").return +{ name = "sched_getparam" retstr = returnstr(1) } @@ -1213,16 +1275,16 @@ probe syscall.sched_getparam.return = # asmlinkage long # sys_sched_get_priority_max(int policy) # -probe syscall.sched_get_priority_max = - kernel.function("SyS_sched_get_priority_max") !, - kernel.function("sys_sched_get_priority_max") { +probe syscall.sched_get_priority_max = kernel.function("SyS_sched_get_priority_max") !, + kernel.function("sys_sched_get_priority_max") +{ name = "sched_get_priority_max" policy = $policy argstr = sprint(policy) } -probe syscall.sched_get_priority_max.return = - kernel.function("SyS_sched_get_priority_max").return !, - kernel.function("sys_sched_get_priority_max").return { +probe syscall.sched_get_priority_max.return = kernel.function("SyS_sched_get_priority_max").return !, + kernel.function("sys_sched_get_priority_max").return +{ name = "sched_get_priority_max" retstr = returnstr(1) } @@ -1231,16 +1293,16 @@ probe syscall.sched_get_priority_max.return = # asmlinkage long # sys_sched_get_priority_min(int policy) # -probe syscall.sched_get_priority_min = - kernel.function("SyS_sched_get_priority_min") !, - kernel.function("sys_sched_get_priority_min") { +probe syscall.sched_get_priority_min = kernel.function("SyS_sched_get_priority_min") !, + kernel.function("sys_sched_get_priority_min") +{ name = "sched_get_priority_min" policy = $policy argstr = sprint(policy) } -probe syscall.sched_get_priority_min.return = - kernel.function("SyS_sched_get_priority_min").return !, - kernel.function("sys_sched_get_priority_min").return { +probe syscall.sched_get_priority_min.return = kernel.function("SyS_sched_get_priority_min").return !, + kernel.function("sys_sched_get_priority_min").return +{ name = "sched_get_priority_min" retstr = returnstr(1) } @@ -1249,13 +1311,15 @@ probe syscall.sched_get_priority_min.return = # long sys_sched_getscheduler(pid_t pid) # probe syscall.sched_getscheduler = kernel.function("SyS_sched_getscheduler") !, - kernel.function("sys_sched_getscheduler") { + kernel.function("sys_sched_getscheduler") +{ name = "sched_getscheduler" pid = $pid argstr = sprint($pid) } probe syscall.sched_getscheduler.return = kernel.function("SyS_sched_getscheduler").return !, - kernel.function("sys_sched_getscheduler").return { + kernel.function("sys_sched_getscheduler").return +{ name = "sched_getscheduler" retstr = returnstr(1) } @@ -1264,14 +1328,16 @@ probe syscall.sched_getscheduler.return = kernel.function("SyS_sched_getschedule # long sys_sched_rr_get_interval(pid_t pid, struct timespec __user *interval) # probe syscall.sched_rr_get_interval = kernel.function("SyS_sched_rr_get_interval") !, - kernel.function("sys_sched_rr_get_interval") { + kernel.function("sys_sched_rr_get_interval") +{ name = "sched_rr_get_interval" pid = $pid tp_uaddr = $interval - argstr = sprintf("%d, %s", $pid, _struct_timespec_u($interval,1)) + argstr = sprintf("%d, %s", $pid, _struct_timespec_u($interval, 1)) } probe syscall.sched_rr_get_interval.return = kernel.function("SyS_sched_rr_get_interval").return !, - kernel.function("sys_sched_rr_get_interval").return { + kernel.function("sys_sched_rr_get_interval").return +{ name = "sched_rr_get_interval" retstr = returnstr(1) } @@ -1284,7 +1350,8 @@ probe syscall.sched_rr_get_interval.return = kernel.function("SyS_sched_rr_get_i # %( arch != "x86_64" %? probe syscall.sched_setaffinity = kernel.function("SyS_sched_setaffinity") !, - kernel.function("sys_sched_setaffinity") { + kernel.function("sys_sched_setaffinity") +{ name = "sched_setaffinity" pid = $pid len = $len @@ -1293,7 +1360,8 @@ probe syscall.sched_setaffinity = kernel.function("SyS_sched_setaffinity") !, } %: probe syscall.sched_setaffinity = kernel.function("SyS_sched_setaffinity") !, - kernel.function("sys_sched_setaffinity") { + kernel.function("sys_sched_setaffinity") +{ name = "sched_setaffinity" pid = $pid len = 0 @@ -1302,7 +1370,8 @@ probe syscall.sched_setaffinity = kernel.function("SyS_sched_setaffinity") !, } %) probe syscall.sched_setaffinity.return = kernel.function("SyS_sched_setaffinity").return !, - kernel.function("sys_sched_setaffinity").return { + kernel.function("sys_sched_setaffinity").return +{ name = "sched_setaffinity" retstr = returnstr(1) } @@ -1312,15 +1381,16 @@ probe syscall.sched_setaffinity.return = kernel.function("SyS_sched_setaffinity" # long sys_sched_setparam(pid_t pid, struct sched_param __user *param) # probe syscall.sched_setparam = kernel.function("SyS_sched_setparam") !, - kernel.function("sys_sched_setparam") ? { + kernel.function("sys_sched_setparam") ? +{ name = "sched_setparam" pid = $pid p_uaddr = $param argstr = sprintf("%d, %p", $pid, $param) } -probe syscall.sched_setparam.return = - kernel.function("SyS_sched_setparam").return !, - kernel.function("sys_sched_setparam").return ? { +probe syscall.sched_setparam.return = kernel.function("SyS_sched_setparam").return !, + kernel.function("sys_sched_setparam").return ? +{ name = "sched_setparam" retstr = returnstr(1) } @@ -1329,9 +1399,9 @@ probe syscall.sched_setparam.return = # # long sys_sched_setscheduler(pid_t pid, int policy, struct sched_param __user *param) # -probe syscall.sched_setscheduler = - kernel.function("SyS_sched_setscheduler") !, - kernel.function("sys_sched_setscheduler") ? { +probe syscall.sched_setscheduler = kernel.function("SyS_sched_setscheduler") !, + kernel.function("sys_sched_setscheduler") ? +{ name = "sched_setscheduler" pid = $pid policy = $policy @@ -1339,9 +1409,9 @@ probe syscall.sched_setscheduler = p_uaddr = $param argstr = sprintf("%d, %s, %p", $pid, policy_str, $param) } -probe syscall.sched_setscheduler.return = - kernel.function("SyS_sched_setscheduler").return !, - kernel.function("sys_sched_setscheduler").return ? { +probe syscall.sched_setscheduler.return = kernel.function("SyS_sched_setscheduler").return !, + kernel.function("sys_sched_setscheduler").return ? +{ name = "sched_setscheduler" retstr = returnstr(1) } @@ -1349,11 +1419,13 @@ probe syscall.sched_setscheduler.return = # sched_yield ________________________________________________ # long sys_sched_yield(void) # -probe syscall.sched_yield = kernel.function("sys_sched_yield") { +probe syscall.sched_yield = kernel.function("sys_sched_yield") +{ name = "sched_yield" argstr = "" } -probe syscall.sched_yield.return = kernel.function("sys_sched_yield").return { +probe syscall.sched_yield.return = kernel.function("sys_sched_yield").return +{ name = "sched_yield" retstr = returnstr(1) } @@ -1366,7 +1438,8 @@ probe syscall.sched_yield.return = kernel.function("sys_sched_yield").return { # struct timeval __user *tvp) # probe syscall.select = kernel.function("SyS_select") !, - kernel.function("sys_select") { + kernel.function("sys_select") +{ name = "select" n = $n readfds_uaddr = $inp @@ -1374,20 +1447,22 @@ probe syscall.select = kernel.function("SyS_select") !, exceptfds_uaddr = $exp timeout_uaddr = $tvp argstr = sprintf("%d, %p, %p, %p, %s", $n, $inp, $outp, $exp, - _struct_timeval_u($tvp, 1)) + _struct_timeval_u($tvp, 1)) } probe syscall.select.return = kernel.function("SyS_select").return !, - kernel.function("sys_select").return { + kernel.function("sys_select").return +{ name = "select" retstr = returnstr(1) } -# long compat_sys_select(int n, +# long compat_sys_select(int n, # compat_ulong_t __user *inp, -# compat_ulong_t __user *outp, +# compat_ulong_t __user *outp, # compat_ulong_t __user *exp, # struct compat_timeval __user *tvp) # -probe syscall.compat_select = kernel.function("compat_sys_select") ? { +probe syscall.compat_select = kernel.function("compat_sys_select") ? +{ name = "select" n = $n readfds_uaddr = $inp @@ -1395,9 +1470,10 @@ probe syscall.compat_select = kernel.function("compat_sys_select") ? { exceptfds_uaddr = $exp timeout_uaddr = $tvp argstr = sprintf("%d, %p, %p, %p, %s", $n, $inp, $outp, $exp, - _struct_compat_timeval_u($tvp, 1)) + _struct_compat_timeval_u($tvp, 1)) } -probe syscall.compat_select.return = kernel.function("compat_sys_select").return ? { +probe syscall.compat_select.return = kernel.function("compat_sys_select").return ? +{ name = "select" retstr = returnstr(1) } @@ -1409,7 +1485,8 @@ probe syscall.compat_select.return = kernel.function("compat_sys_select").return # union semun arg) # probe syscall.semctl = kernel.function("SyS_semctl") !, - kernel.function("sys_semctl") ? { + kernel.function("sys_semctl") ? +{ name = "semctl" semid = $semid semnum = $semnum @@ -1421,7 +1498,8 @@ probe syscall.semctl = kernel.function("SyS_semctl") !, argstr = sprintf("%d, %d, %s", $semid, $semnum, _semctl_cmd($cmd)) } probe syscall.semctl.return = kernel.function("SyS_semctl").return !, - kernel.function("sys_semctl").return ? { + kernel.function("sys_semctl").return ? +{ name = "semctl" retstr = returnstr(1) } @@ -1429,11 +1507,13 @@ probe syscall.semctl.return = kernel.function("SyS_semctl").return !, # # long compat_sys_semctl(int first, int second, int third, void __user *uptr) # -probe syscall.compat_sys_semctl = kernel.function("compat_sys_semctl") ? { +probe syscall.compat_sys_semctl = kernel.function("compat_sys_semctl") ? +{ name = "compat_sys_semctl" - argstr = sprintf("%d, %d, %d, %p", $first, $second, $third, $uptr) + argstr = sprintf("%d, %d, %d, %p", $first, $second, $third, $uptr) } -probe syscall.compat_sys_semctl.return = kernel.function("compat_sys_semctl").return ? { +probe syscall.compat_sys_semctl.return = kernel.function("compat_sys_semctl").return ? +{ name = "compat_sys_semctl" retstr = returnstr(1) } @@ -1442,7 +1522,8 @@ probe syscall.compat_sys_semctl.return = kernel.function("compat_sys_semctl").re # long sys_semget (key_t key, int nsems, int semflg) # probe syscall.semget = kernel.function("SyS_semget") !, - kernel.function("sys_semget") ? { + kernel.function("sys_semget") ? +{ name = "semget" key = $key nsems = $nsems @@ -1450,7 +1531,8 @@ probe syscall.semget = kernel.function("SyS_semget") !, argstr = sprintf("%d, %d, %s", $key, $nsems, __sem_flags($semflg)) } probe syscall.semget.return = kernel.function("SyS_semget").return !, - kernel.function("sys_semget").return ? { + kernel.function("sys_semget").return ? +{ name = "semget" retstr = returnstr(1) } @@ -1462,7 +1544,8 @@ probe syscall.semget.return = kernel.function("SyS_semget").return !, # unsigned nsops) # probe syscall.semop = kernel.function("SyS_semtimedop") !, - kernel.function("sys_semtimedop") ? { + kernel.function("sys_semtimedop") ? +{ name = "semop" semid = $semid tsops_uaddr = $tsops @@ -1470,7 +1553,8 @@ probe syscall.semop = kernel.function("SyS_semtimedop") !, argstr = sprintf("%d, %p, %d", $semid, $tsops, $nsops) } probe syscall.semop.return = kernel.function("SyS_semtimedop").return !, - kernel.function("sys_semtimedop").return ? { + kernel.function("sys_semtimedop").return ? +{ name = "semop" retstr = returnstr(1) } @@ -1483,17 +1567,19 @@ probe syscall.semop.return = kernel.function("SyS_semtimedop").return !, # const struct timespec __user *timeout) # probe syscall.semtimedop = kernel.function("SyS_semtimedop") !, - kernel.function("sys_semtimedop") ? { + kernel.function("sys_semtimedop") ? +{ name = "semtimedop" semid = $semid sops_uaddr = $tsops nsops = $nsops timeout_uaddr = $timeout argstr = sprintf("%d, %p, %d, %s", $semid, $tsops, $nsops, - _struct_timespec_u($timeout,1)) + _struct_timespec_u($timeout, 1)) } probe syscall.semtimedop.return = kernel.function("SyS_semtimedop").return !, - kernel.function("sys_semtimedop").return ? { + kernel.function("sys_semtimedop").return ? +{ name = "semtimedop" retstr = returnstr(1) } @@ -1502,16 +1588,18 @@ probe syscall.semtimedop.return = kernel.function("SyS_semtimedop").return !, # long compat_sys_semtimedop(int semid, struct sembuf __user *tsems, # unsigned nsops, const struct compat_timespec __user *timeout) # -probe syscall.compat_sys_semtimedop = kernel.function("compat_sys_semtimedop") ? { +probe syscall.compat_sys_semtimedop = kernel.function("compat_sys_semtimedop") ? +{ name = "compat_sys_semtimedop" semid = $semid sops_uaddr = $tsems nsops = $nsops timeout_uaddr = $timeout argstr = sprintf("%d, %p, %d, %s", $semid, $tsems, $nsops, - _struct_compat_timespec_u($timeout,1)) + _struct_compat_timespec_u($timeout, 1)) } -probe syscall.compat_sys_semtimedop.return = kernel.function("compat_sys_semtimedop").return ? { +probe syscall.compat_sys_semtimedop.return = kernel.function("compat_sys_semtimedop").return ? +{ name = "compat_sys_semtimedop" retstr = returnstr(1) } @@ -1524,7 +1612,8 @@ probe syscall.compat_sys_semtimedop.return = kernel.function("compat_sys_semtime # unsigned flags) # probe syscall.send = kernel.function("SyS_send") !, - kernel.function("sys_send") ? { + kernel.function("sys_send") ? +{ name = "send" s = $fd buf_uaddr = $buff @@ -1534,7 +1623,8 @@ probe syscall.send = kernel.function("SyS_send") !, argstr = sprintf("%d, %p, %d, %s", $fd, $buff, $len, flags_str) } probe syscall.send.return = kernel.function("SyS_send").return !, - kernel.function("sys_send").return ? { + kernel.function("sys_send").return ? +{ name = "send" retstr = returnstr(1) } @@ -1546,8 +1636,7 @@ probe syscall.send.return = kernel.function("SyS_send").return !, # off_t __user *offset, # size_t count) # -probe syscall.sendfile = - kernel.function("SyS_sendfile") ?, +probe syscall.sendfile = kernel.function("SyS_sendfile") ?, kernel.function("sys_sendfile") ?, kernel.function("SyS_sendfile64") ?, kernel.function("sys_sendfile64") ? @@ -1558,10 +1647,9 @@ probe syscall.sendfile = offset_uaddr = $offset count = $count argstr = sprintf("%d, %d, %p, %d", $out_fd, $in_fd, $offset, - $count) + $count) } -probe syscall.sendfile.return = - kernel.function("SyS_sendfile").return ?, +probe syscall.sendfile.return = kernel.function("SyS_sendfile").return ?, kernel.function("sys_sendfile").return ?, kernel.function("SyS_sendfile64").return ?, kernel.function("sys_sendfile64").return ? @@ -1575,7 +1663,8 @@ probe syscall.sendfile.return = # long sys_sendmsg(int fd, struct msghdr __user *msg, unsigned flags) # probe syscall.sendmsg = kernel.function("SyS_sendmsg") !, - kernel.function("sys_sendmsg") ? { + kernel.function("sys_sendmsg") ? +{ name = "sendmsg" s = $fd msg_uaddr = $msg @@ -1584,7 +1673,8 @@ probe syscall.sendmsg = kernel.function("SyS_sendmsg") !, argstr = sprintf("%d, %p, %s", $fd, $msg, _sendflags_str($flags)) } probe syscall.sendmsg.return = kernel.function("SyS_sendmsg").return !, - kernel.function("sys_sendmsg").return ? { + kernel.function("sys_sendmsg").return ? +{ name = "sendmsg" retstr = returnstr(1) } @@ -1592,14 +1682,16 @@ probe syscall.sendmsg.return = kernel.function("SyS_sendmsg").return !, # # long compat_sys_sendmsg(int fd, struct compat_msghdr __user *msg, unsigned flags) # -probe syscall.compat_sys_sendmsg = kernel.function("compat_sys_sendmsg") ? { +probe syscall.compat_sys_sendmsg = kernel.function("compat_sys_sendmsg") ? +{ name = "compat_sys_sendmsg" s = $fd msg_uaddr = $msg flags = $flags argstr = sprintf("%d, %p, %s", $fd, $msg, _sendflags_str($flags)) } -probe syscall.compat_sys_sendmsg.return = kernel.function("compat_sys_sendmsg").return ? { +probe syscall.compat_sys_sendmsg.return = kernel.function("compat_sys_sendmsg").return ? +{ name = "compat_sys_sendmsg" retstr = returnstr(1) } @@ -1614,7 +1706,8 @@ probe syscall.compat_sys_sendmsg.return = kernel.function("compat_sys_sendmsg"). # int addr_len) # probe syscall.sendto = kernel.function("SyS_sendto") !, - kernel.function("sys_sendto") ? { + kernel.function("sys_sendto") ? +{ name = "sendto" s = $fd buf_uaddr = $buff @@ -1624,10 +1717,11 @@ probe syscall.sendto = kernel.function("SyS_sendto") !, to_uaddr = $addr tolen = $addr_len argstr = sprintf("%d, %p, %d, %s, %s, %d", $fd, $buff, - $len, flags_str, _struct_sockaddr_u($addr,$addr_len), $addr_len) + $len, flags_str, _struct_sockaddr_u($addr, $addr_len), $addr_len) } probe syscall.sendto.return = kernel.function("SyS_sendto").return !, - kernel.function("sys_sendto").return ? { + kernel.function("sys_sendto").return ? +{ name = "sendto" retstr = returnstr(1) } @@ -1639,15 +1733,16 @@ probe syscall.sendto.return = kernel.function("SyS_sendto").return !, # int len) # probe syscall.setdomainname = kernel.function("SyS_setdomainname") !, - kernel.function("sys_setdomainname") { + kernel.function("sys_setdomainname") +{ name = "setdomainname" hostname_uaddr = $name len = $len argstr = sprintf("%p, %d", $name, $len) } -probe syscall.setdomainname.return = - kernel.function("SyS_setdomainname").return !, - kernel.function("sys_setdomainname").return { +probe syscall.setdomainname.return = kernel.function("SyS_setdomainname").return !, + kernel.function("sys_setdomainname").return +{ name = "setdomainname" retstr = returnstr(1) } @@ -1656,8 +1751,7 @@ probe syscall.setdomainname.return = # long sys_setfsgid(gid_t gid) # long sys_setfsgid16(old_gid_t gid) # -probe syscall.setfsgid = - kernel.function("sys_setfsgid16") ?, +probe syscall.setfsgid = kernel.function("sys_setfsgid16") ?, kernel.function("SyS_setfsgid") !, kernel.function("sys_setfsgid") ? { @@ -1665,8 +1759,7 @@ probe syscall.setfsgid = fsgid = $gid argstr = sprint($gid) } -probe syscall.setfsgid.return = - kernel.function("sys_setfsgid16").return ?, +probe syscall.setfsgid.return = kernel.function("sys_setfsgid16").return ?, kernel.function("SyS_setfsgid").return !, kernel.function("sys_setfsgid").return ? { @@ -1678,8 +1771,7 @@ probe syscall.setfsgid.return = # long sys_setfsuid(uid_t uid) # long sys_setfsuid16(old_uid_t uid) # -probe syscall.setfsuid = - kernel.function("sys_setfsuid16") ?, +probe syscall.setfsuid = kernel.function("sys_setfsuid16") ?, kernel.function("SyS_setfsuid") !, kernel.function("sys_setfsuid") ? { @@ -1687,8 +1779,7 @@ probe syscall.setfsuid = fsuid = $uid argstr = sprint($uid) } -probe syscall.setfsuid.return = - kernel.function("sys_setfsuid16").return ?, +probe syscall.setfsuid.return = kernel.function("sys_setfsuid16").return ?, kernel.function("SyS_setfsuid").return !, kernel.function("sys_setfsuid").return ? { @@ -1701,8 +1792,7 @@ probe syscall.setfsuid.return = # long sys_setgid(gid_t gid) # long sys_setgid16(old_gid_t gid) # -probe syscall.setgid = - kernel.function("sys_setgid16") ?, +probe syscall.setgid = kernel.function("sys_setgid16") ?, kernel.function("SyS_setgid") !, kernel.function("sys_setgid") ? { @@ -1710,8 +1800,7 @@ probe syscall.setgid = gid = $gid argstr = sprint($gid) } -probe syscall.setgid.return = - kernel.function("sys_setgid16").return ?, +probe syscall.setgid.return = kernel.function("sys_setgid16").return ?, kernel.function("SyS_setgid").return !, kernel.function("sys_setgid").return ? { @@ -1725,8 +1814,7 @@ probe syscall.setgid.return = # long sys_setgroups16(int gidsetsize, old_gid_t __user *grouplist) # long sys32_setgroups16(int gidsetsize, u16 __user *grouplist) # -probe syscall.setgroups = - kernel.function("sys_setgroups16") ?, +probe syscall.setgroups = kernel.function("sys_setgroups16") ?, kernel.function("sys32_setgroups16") ?, kernel.function("SyS_setgroups") !, kernel.function("sys_setgroups") ? @@ -1736,8 +1824,7 @@ probe syscall.setgroups = list_uaddr = $grouplist argstr = sprintf("%d, %p", $gidsetsize, $grouplist) } -probe syscall.setgroups.return = - kernel.function("sys_setgroups16").return ?, +probe syscall.setgroups.return = kernel.function("sys_setgroups16").return ?, kernel.function("sys32_setgroups16").return ?, kernel.function("SyS_setgroups").return !, kernel.function("sys_setgroups").return ? @@ -1753,7 +1840,8 @@ probe syscall.setgroups.return = # int len) # probe syscall.sethostname = kernel.function("SyS_sethostname") !, - kernel.function("sys_sethostname") { + kernel.function("sys_sethostname") +{ name = "sethostname" hostname_uaddr = $name name_str = user_string($name) @@ -1761,7 +1849,8 @@ probe syscall.sethostname = kernel.function("SyS_sethostname") !, argstr = sprintf("%s, %d", user_string_quoted($name), $len) } probe syscall.sethostname.return = kernel.function("SyS_sethostname").return !, - kernel.function("sys_sethostname").return { + kernel.function("sys_sethostname").return +{ name = "sethostname" retstr = returnstr(1) } @@ -1772,16 +1861,18 @@ probe syscall.sethostname.return = kernel.function("SyS_sethostname").return !, # struct itimerval __user *ovalue) # probe syscall.setitimer = kernel.function("SyS_setitimer") !, - kernel.function("sys_setitimer") { + kernel.function("sys_setitimer") +{ name = "setitimer" which = $which value_uaddr = $value ovalue_uaddr = $ovalue - argstr = sprintf("%s, %s, %p", _itimer_which_str($which), + argstr = sprintf("%s, %s, %p", _itimer_which_str($which), _struct_itimerval_u($value), $ovalue) } probe syscall.setitimer.return = kernel.function("SyS_setitimer").return !, - kernel.function("sys_setitimer").return { + kernel.function("sys_setitimer").return +{ name = "setitimer" retstr = returnstr(1) } @@ -1790,15 +1881,17 @@ probe syscall.setitimer.return = kernel.function("SyS_setitimer").return !, # struct compat_itimerval __user *in, # struct compat_itimerval __user *out) # -probe syscall.compat_setitimer = kernel.function("compat_sys_setitimer") ? { +probe syscall.compat_setitimer = kernel.function("compat_sys_setitimer") ? +{ name = "setitimer" which = $which value_uaddr = $in ovalue_uaddr = $out - argstr = sprintf("%s, %s, %p", _itimer_which_str($which), + argstr = sprintf("%s, %s, %p", _itimer_which_str($which), _struct_compat_itimerval_u($in), $out) } -probe syscall.compat_setitimer.return = kernel.function("compat_sys_setitimer").return ? { +probe syscall.compat_setitimer.return = kernel.function("compat_sys_setitimer").return ? +{ name = "setitimer" retstr = returnstr(1) } @@ -1808,8 +1901,7 @@ probe syscall.compat_setitimer.return = kernel.function("compat_sys_setitimer"). # unsigned long __user *nmask, # unsigned long maxnode) # -probe syscall.set_mempolicy = - kernel.function("compat_sys_set_mempolicy") ?, +probe syscall.set_mempolicy = kernel.function("compat_sys_set_mempolicy") ?, kernel.function("SyS_set_mempolicy") !, kernel.function("sys_set_mempolicy") ? { @@ -1819,8 +1911,7 @@ probe syscall.set_mempolicy = maxnode = $maxnode argstr = sprintf("%d, %p, %d", $mode, $nmask, $maxnode) } -probe syscall.set_mempolicy.return = - kernel.function("compat_sys_set_mempolicy").return ?, +probe syscall.set_mempolicy.return = kernel.function("compat_sys_set_mempolicy").return ?, kernel.function("SyS_set_mempolicy").return !, kernel.function("sys_set_mempolicy").return ? { @@ -1835,14 +1926,16 @@ probe syscall.set_mempolicy.return = # pid_t pgid) # probe syscall.setpgid = kernel.function("SyS_setpgid") !, - kernel.function("sys_setpgid") { + kernel.function("sys_setpgid") +{ name = "setpgid" pid = $pid pgid = $pgid argstr = sprintf("%d, %d", $pid, $pgid) } probe syscall.setpgid.return = kernel.function("SyS_setpgid").return !, - kernel.function("sys_setpgid").return { + kernel.function("sys_setpgid").return +{ name = "setpgid" retstr = returnstr(1) } @@ -1854,7 +1947,8 @@ probe syscall.setpgid.return = kernel.function("SyS_setpgid").return !, # int niceval) # probe syscall.setpriority = kernel.function("SyS_setpriority") !, - kernel.function("sys_setpriority") { + kernel.function("sys_setpriority") +{ name = "setpriority" which = $which which_str = _priority_which_str($which) @@ -1863,7 +1957,8 @@ probe syscall.setpriority = kernel.function("SyS_setpriority") !, argstr = sprintf("%s, %d, %d", which_str, $who, $niceval) } probe syscall.setpriority.return = kernel.function("SyS_setpriority").return !, - kernel.function("sys_setpriority").return { + kernel.function("sys_setpriority").return +{ name = "setpriority" retstr = returnstr(1) } @@ -1872,27 +1967,31 @@ probe syscall.setpriority.return = kernel.function("SyS_setpriority").return !, # long sys_setregid(gid_t rgid, gid_t egid) # probe syscall.setregid = kernel.function("SyS_setregid") !, - kernel.function("sys_setregid") { + kernel.function("sys_setregid") +{ name = "setregid" rgid = __int32($rgid) egid = __int32($egid) argstr = sprintf("%d, %d", rgid, egid) } probe syscall.setregid.return = kernel.function("SyS_setregid").return !, - kernel.function("sys_setregid").return { + kernel.function("sys_setregid").return +{ name = "setregid" retstr = returnstr(1) } # setregid16 _________________________________________________ # long sys_setregid16(old_gid_t rgid, old_gid_t egid) # -probe syscall.setregid16 = kernel.function("sys_setregid16") ? { +probe syscall.setregid16 = kernel.function("sys_setregid16") ? +{ name = "setregid" rgid = __short($rgid) egid = __short($egid) - argstr = sprintf("%d, %d",rgid, egid) + argstr = sprintf("%d, %d", rgid, egid) } -probe syscall.setregid16.return = kernel.function("sys_setregid16").return ? { +probe syscall.setregid16.return = kernel.function("sys_setregid16").return ? +{ name = "setregid" retstr = returnstr(1) } @@ -1900,7 +1999,8 @@ probe syscall.setregid16.return = kernel.function("sys_setregid16").return ? { # long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid) # probe syscall.setresgid = kernel.function("SyS_setresgid") !, - kernel.function("sys_setresgid") { + kernel.function("sys_setresgid") +{ name = "setresgid" rgid = __int32($rgid) egid = __int32($egid) @@ -1908,7 +2008,8 @@ probe syscall.setresgid = kernel.function("SyS_setresgid") !, argstr = sprintf("%d, %d, %d", rgid, egid, sgid) } probe syscall.setresgid.return = kernel.function("SyS_setresgid").return !, - kernel.function("sys_setresgid").return { + kernel.function("sys_setresgid").return +{ name = "setresgid" retstr = returnstr(1) } @@ -1918,14 +2019,16 @@ probe syscall.setresgid.return = kernel.function("SyS_setresgid").return !, # old_gid_t egid, # old_gid_t sgid) # -probe syscall.setresgid16 = kernel.function("sys_setresgid16") ? { +probe syscall.setresgid16 = kernel.function("sys_setresgid16") ? +{ name = "setresgid" rgid = __short($rgid) egid = __short($egid) sgid = __short($sgid) argstr = sprintf("%d, %d, %d", rgid, egid, sgid) } -probe syscall.setresgid16.return = kernel.function("sys_setresgid16").return ? { +probe syscall.setresgid16.return = kernel.function("sys_setresgid16").return ? +{ name = "setresgid16" retstr = returnstr(1) } @@ -1935,7 +2038,8 @@ probe syscall.setresgid16.return = kernel.function("sys_setresgid16").return ? { # long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid) # probe syscall.setresuid = kernel.function("SyS_setresuid") !, - kernel.function("sys_setresuid") { + kernel.function("sys_setresuid") +{ name = "setresuid" ruid = __int32($ruid) euid = __int32($euid) @@ -1943,7 +2047,8 @@ probe syscall.setresuid = kernel.function("SyS_setresuid") !, argstr = sprintf("%d, %d, %d", ruid, euid, suid) } probe syscall.setresuid.return = kernel.function("SyS_setresuid").return !, - kernel.function("sys_setresuid").return { + kernel.function("sys_setresuid").return +{ name = "setresuid" retstr = returnstr(1) } @@ -1952,14 +2057,16 @@ probe syscall.setresuid.return = kernel.function("SyS_setresuid").return !, # # long sys_setresuid16(old_uid_t ruid, old_uid_t euid, old_uid_t suid) # -probe syscall.setresuid16 = kernel.function("sys_setresuid16") ? { +probe syscall.setresuid16 = kernel.function("sys_setresuid16") ? +{ name = "setresuid" ruid = __short($ruid) euid = __short($euid) suid = __short($suid) argstr = sprintf("%d, %d, %d", ruid, euid, suid) } -probe syscall.setresuid16.return = kernel.function("sys_setresuid16").return ? { +probe syscall.setresuid16.return = kernel.function("sys_setresuid16").return ? +{ name = "setresuid" retstr = returnstr(1) } @@ -1968,27 +2075,31 @@ probe syscall.setresuid16.return = kernel.function("sys_setresuid16").return ? { # long sys_setreuid(uid_t ruid, uid_t euid) # probe syscall.setreuid = kernel.function("SyS_setreuid") !, - kernel.function("sys_setreuid") { + kernel.function("sys_setreuid") +{ name = "setreuid" ruid = __int32($ruid) euid = __int32($euid) argstr = sprintf("%d, %d", ruid, euid) } probe syscall.setreuid.return = kernel.function("SyS_setreuid").return !, - kernel.function("sys_setreuid").return { + kernel.function("sys_setreuid").return +{ name = "setreuid" retstr = returnstr(1) } # setreuid16 _________________________________________________ # long sys_setreuid16(old_uid_t ruid, old_uid_t euid) # -probe syscall.setreuid16 = kernel.function("sys_setreuid16") ? { +probe syscall.setreuid16 = kernel.function("sys_setreuid16") ? +{ name = "setreuid" ruid = __short($ruid) euid = __short($euid) argstr = sprintf("%d, %d", ruid, euid) } -probe syscall.setreuid16.return = kernel.function("sys_setreuid16").return ? { +probe syscall.setreuid16.return = kernel.function("sys_setreuid16").return ? +{ name = "setreuid" retstr = returnstr(1) } @@ -1999,15 +2110,17 @@ probe syscall.setreuid16.return = kernel.function("sys_setreuid16").return ? { # struct rlimit __user *rlim) # probe syscall.setrlimit = kernel.function("SyS_setrlimit") !, - kernel.function("sys_setrlimit") { + kernel.function("sys_setrlimit") +{ name = "setrlimit" resource = $resource rlim_uaddr = $rlim argstr = sprintf("%s, %s", _rlimit_resource_str($resource), - _struct_rlimit_u($rlim)) + _struct_rlimit_u($rlim)) } probe syscall.setrlimit.return = kernel.function("SyS_setrlimit").return !, - kernel.function("sys_setrlimit").return { + kernel.function("sys_setrlimit").return +{ name = "setrlimit" retstr = returnstr(1) } @@ -2015,11 +2128,13 @@ probe syscall.setrlimit.return = kernel.function("SyS_setrlimit").return !, # # long sys_setsid(void) # -probe syscall.setsid = kernel.function("sys_setsid") { +probe syscall.setsid = kernel.function("sys_setsid") +{ name = "setsid" argstr = "" } -probe syscall.setsid.return = kernel.function("sys_setsid").return { +probe syscall.setsid.return = kernel.function("sys_setsid").return +{ name = "setsid" retstr = returnstr(1) } @@ -2032,8 +2147,7 @@ probe syscall.setsid.return = kernel.function("sys_setsid").return { # char __user *optval, # int optlen) # -probe syscall.setsockopt = - kernel.function("compat_sys_setsockopt") ?, +probe syscall.setsockopt = kernel.function("compat_sys_setsockopt") ?, kernel.function("SyS_setsockopt") !, kernel.function("sys_setsockopt") ? { @@ -2046,10 +2160,9 @@ probe syscall.setsockopt = optval_uaddr = $optval optlen = $optlen argstr = sprintf("%d, %s, %s, %p, %d", $fd, level_str, - optname_str, $optval, $optlen) + optname_str, $optval, $optlen) } -probe syscall.setsockopt.return = - kernel.function("compat_sys_setsockopt").return ?, +probe syscall.setsockopt.return = kernel.function("compat_sys_setsockopt").return ?, kernel.function("SyS_setsockopt").return !, kernel.function("sys_setsockopt").return ? { @@ -2063,14 +2176,15 @@ probe syscall.setsockopt.return = # sys_set_tid_address(int __user *tidptr) # probe syscall.set_tid_address = kernel.function("SyS_set_tid_address") !, - kernel.function("sys_set_tid_address") { + kernel.function("sys_set_tid_address") +{ name = "set_tid_address" tidptr_uaddr = $tidptr argstr = sprintf("%p", tidptr_uaddr) } -probe syscall.set_tid_address.return = - kernel.function("SyS_set_tid_address").return !, - kernel.function("sys_set_tid_address").return { +probe syscall.set_tid_address.return = kernel.function("SyS_set_tid_address").return !, + kernel.function("sys_set_tid_address").return +{ name = "set_tid_address" retstr = returnstr(1) } @@ -2080,14 +2194,16 @@ probe syscall.set_tid_address.return = # struct timezone __user *tz) # probe syscall.settimeofday = kernel.function("SyS_settimeofday") !, - kernel.function("sys_settimeofday") { + kernel.function("sys_settimeofday") +{ name = "settimeofday" tv_uaddr = $tv tz_uaddr = $tz argstr = sprintf("%s, %s", _struct_timeval_u($tv, 1), _struct_timezone_u($tz)) } probe syscall.settimeofday.return = kernel.function("SyS_settimeofday").return !, - kernel.function("sys_settimeofday").return { + kernel.function("sys_settimeofday").return +{ name = "settimeofday" retstr = returnstr(1) } @@ -2095,17 +2211,15 @@ probe syscall.settimeofday.return = kernel.function("SyS_settimeofday").return ! # long sys32_settimeofday(struct compat_timeval __user *tv, struct timezone __user *tz) # long compat_sys_settimeofday(struct compat_timeval __user *tv, struct timezone __user *tz) # -probe syscall.settimeofday32 = - kernel.function("sys32_settimeofday") ?, +probe syscall.settimeofday32 = kernel.function("sys32_settimeofday") ?, kernel.function("compat_sys_settimeofday") ? { name = "settimeofday" tv_uaddr = $tv tz_uaddr = $tz - argstr = sprintf("%s, %s", _struct_compat_timeval_u($tv, 1),_struct_timezone_u($tz)) + argstr = sprintf("%s, %s", _struct_compat_timeval_u($tv, 1), _struct_timezone_u($tz)) } -probe syscall.settimeofday32.return = - kernel.function("sys32_settimeofday").return ?, +probe syscall.settimeofday32.return = kernel.function("sys32_settimeofday").return ?, kernel.function("compat_sys_settimeofday").return ? { name = "settimeofday" @@ -2117,8 +2231,7 @@ probe syscall.settimeofday32.return = # long sys_setuid(uid_t uid) # long sys_setuid16(old_uid_t uid) # -probe syscall.setuid = - kernel.function("sys_setuid16") ?, +probe syscall.setuid = kernel.function("sys_setuid16") ?, kernel.function("SyS_setuid") !, kernel.function("sys_setuid") { @@ -2126,8 +2239,7 @@ probe syscall.setuid = uid = $uid argstr = sprint($uid) } -probe syscall.setuid.return = - kernel.function("sys_setuid16").return ?, +probe syscall.setuid.return = kernel.function("sys_setuid16").return ?, kernel.function("SyS_setuid").return !, kernel.function("sys_setuid").return { @@ -2143,7 +2255,8 @@ probe syscall.setuid.return = # int flags) # probe syscall.setxattr = kernel.function("SyS_setxattr") !, - kernel.function("sys_setxattr") { + kernel.function("sys_setxattr") +{ name = "setxattr" %( kernel_v >= "2.6.27" %? path_uaddr = $pathname @@ -2157,17 +2270,18 @@ probe syscall.setxattr = kernel.function("SyS_setxattr") !, value_uaddr = $value size = $size flags = $flags - argstr = sprintf("%s, %s, %p, %d, %d", + argstr = sprintf("%s, %s, %p, %d, %d", %( kernel_v >= "2.6.27" %? - user_string_quoted($pathname), + user_string_quoted($pathname), %: - user_string_quoted($path), + user_string_quoted($path), %) user_string_quoted($name), value_uaddr, $size, $flags) } probe syscall.setxattr.return = kernel.function("SyS_setxattr").return !, - kernel.function("sys_setxattr").return { + kernel.function("sys_setxattr").return +{ name = "setxattr" retstr = returnstr(1) } @@ -2175,11 +2289,13 @@ probe syscall.setxattr.return = kernel.function("SyS_setxattr").return !, # # sys_sgetmask(void) # -probe syscall.sgetmask = kernel.function("sys_sgetmask")? { +probe syscall.sgetmask = kernel.function("sys_sgetmask") ? +{ name = "sgetmask" argstr = "" } -probe syscall.sgetmask.return = kernel.function("sys_sgetmask").return ? { +probe syscall.sgetmask.return = kernel.function("sys_sgetmask").return ? +{ name = "sgetmask" retstr = returnstr(1) } @@ -2189,15 +2305,17 @@ probe syscall.sgetmask.return = kernel.function("sys_sgetmask").return ? { # long sys_shmat(int shmid, char __user *shmaddr, int shmflg) # probe syscall.shmat = kernel.function("SyS_shmat") !, - kernel.function("sys_shmat") ? { - name = "shmat" + kernel.function("sys_shmat") ? +{ + name = "shmat" shmid = $shmid shmaddr_uaddr = $shmaddr shmflg = $shmflg argstr = sprintf("%d, %p, %s", $shmid, $shmaddr, _shmat_flags_str($shmflg)) } probe syscall.shmat.return = kernel.function("SyS_shmat").return !, - kernel.function("sys_shmat").return ? { + kernel.function("sys_shmat").return ? +{ name = "shmat" retstr = returnstr(1) } @@ -2206,7 +2324,8 @@ probe syscall.shmat.return = kernel.function("SyS_shmat").return !, # long compat_sys_shmat(int first, int second, compat_uptr_t third, # int version, void __user *uptr) # -probe syscall.compat_sys_shmat = kernel.function("compat_sys_shmat") ? { +probe syscall.compat_sys_shmat = kernel.function("compat_sys_shmat") ? +{ name = "compat_sys_shmat" first = $first second = $second @@ -2214,7 +2333,8 @@ probe syscall.compat_sys_shmat = kernel.function("compat_sys_shmat") ? { uptr_uaddr = $uptr argstr = sprintf("%d, %d, %d, %d, %p", $first, $second, $third, $version, $uptr) } -probe syscall.compat_sys_shmat.return = kernel.function("compat_sys_shmat").return ? { +probe syscall.compat_sys_shmat.return = kernel.function("compat_sys_shmat").return ? +{ name = "compat_sys_shmat" retstr = returnstr(1) } @@ -2226,7 +2346,8 @@ probe syscall.compat_sys_shmat.return = kernel.function("compat_sys_shmat").retu # struct shmid_ds __user *buf) # probe syscall.shmctl = kernel.function("SyS_shmctl") !, - kernel.function("sys_shmctl") ? { + kernel.function("sys_shmctl") ? +{ name = "shmctl" shmid = $shmid cmd = $cmd @@ -2234,7 +2355,8 @@ probe syscall.shmctl = kernel.function("SyS_shmctl") !, argstr = sprintf("%d, %s, %p", $shmid, _semctl_cmd($cmd), $buf) } probe syscall.shmctl.return = kernel.function("SyS_shmctl").return !, - kernel.function("sys_shmctl").return ? { + kernel.function("sys_shmctl").return ? +{ name = "shmctl" retstr = returnstr(1) } @@ -2242,14 +2364,16 @@ probe syscall.shmctl.return = kernel.function("SyS_shmctl").return !, # # long compat_sys_shmctl(int first, int second, void __user *uptr) # -probe syscall.compat_sys_shmctl = kernel.function("compat_sys_shmctl") ? { +probe syscall.compat_sys_shmctl = kernel.function("compat_sys_shmctl") ? +{ name = "compat_sys_shmctl" first = $first second = $second uptr_uaddr = $uptr argstr = sprintf("%d, %d, %p", $first, $second, $uptr) } -probe syscall.compat_sys_shmctl.return = kernel.function("compat_sys_shmctl").return ? { +probe syscall.compat_sys_shmctl.return = kernel.function("compat_sys_shmctl").return ? +{ name = "compat_sys_shmctl" retstr = returnstr(1) } @@ -2259,13 +2383,15 @@ probe syscall.compat_sys_shmctl.return = kernel.function("compat_sys_shmctl").re # long sys_shmdt(char __user *shmaddr) # probe syscall.shmdt = kernel.function("SyS_shmdt") !, - kernel.function("sys_shmdt") ? { + kernel.function("sys_shmdt") ? +{ name = "shmdt" shmaddr_uaddr = $shmaddr argstr = sprintf("%p", $shmaddr) } probe syscall.shmdt.return = kernel.function("SyS_shmdt").return !, - kernel.function("sys_shmdt").return ? { + kernel.function("sys_shmdt").return ? +{ name = "shmdt" retstr = returnstr(1) } @@ -2277,7 +2403,8 @@ probe syscall.shmdt.return = kernel.function("SyS_shmdt").return !, # int shmflg) # probe syscall.shmget = kernel.function("SyS_shmget") !, - kernel.function("sys_shmget") ? { + kernel.function("sys_shmget") ? +{ name = "shmget" key = $key size = $size @@ -2285,7 +2412,8 @@ probe syscall.shmget = kernel.function("SyS_shmget") !, argstr = sprintf("%d, %d, %d", $key, $size, $shmflg) } probe syscall.shmget.return = kernel.function("SyS_shmget").return !, - kernel.function("sys_shmget").return ? { + kernel.function("sys_shmget").return ? +{ name = "shmget" retstr = returnstr(1) } @@ -2295,7 +2423,8 @@ probe syscall.shmget.return = kernel.function("SyS_shmget").return !, # long sys_shutdown(int fd, int how) # probe syscall.shutdown = kernel.function("SyS_shutdown") !, - kernel.function("sys_shutdown") ? { + kernel.function("sys_shutdown") ? +{ name = "shutdown" s = $fd how = $how @@ -2303,7 +2432,8 @@ probe syscall.shutdown = kernel.function("SyS_shutdown") !, argstr = sprintf("%d, %s", $fd, how_str) } probe syscall.shutdown.return = kernel.function("SyS_shutdown").return !, - kernel.function("sys_shutdown").return ? { + kernel.function("sys_shutdown").return ? +{ name = "shutdown" retstr = returnstr(1) } @@ -2312,25 +2442,29 @@ probe syscall.shutdown.return = kernel.function("SyS_shutdown").return !, # sys_sigaction(int sig, const struct old_sigaction __user *act, struct old_sigaction __user *oact) # sys32_sigaction(int sig, struct old_sigaction32 __user *act, struct old_sigaction32 __user *oact) # -probe syscall.sigaction = kernel.function("sys_sigaction") ? { +probe syscall.sigaction = kernel.function("sys_sigaction") ? +{ name = "sigaction" sig = $sig act_uaddr = $act oact_uaddr = $oact argstr = sprintf("%s, {%s}, %p", _signal_name($sig), _struct_sigaction_u($act), $oact) } -probe syscall.sigaction.return = kernel.function("sys_sigaction").return ? { +probe syscall.sigaction.return = kernel.function("sys_sigaction").return ? +{ name = "sigaction" retstr = returnstr(1) } -probe syscall.sigaction32 = kernel.function("sys32_sigaction") ? { +probe syscall.sigaction32 = kernel.function("sys32_sigaction") ? +{ name = "sigaction" sig = $sig act_uaddr = $act oact_uaddr = $oact argstr = sprintf("%s, %p, %p", _signal_name($sig), $act, $oact) } -probe syscall.sigaction32.return = kernel.function("sys32_sigaction").return ? { +probe syscall.sigaction32.return = kernel.function("sys32_sigaction").return ? +{ name = "sigaction" retstr = returnstr(1) } @@ -2339,14 +2473,16 @@ probe syscall.sigaction32.return = kernel.function("sys32_sigaction").return ? { # unsigned long sys_signal(int sig, __sighandler_t handler) # probe syscall.signal = kernel.function("SyS_signal") !, - kernel.function("sys_signal") ? { + kernel.function("sys_signal") ? +{ name = "signal" sig = $sig handler = $handler argstr = sprintf("%s, %s", _signal_name($sig), _sighandler_str($handler)) } probe syscall.signal.return = kernel.function("SyS_signal").return !, - kernel.function("sys_signal").return ? { + kernel.function("sys_signal").return ? +{ name = "signal" retstr = returnstr(1) } @@ -2358,20 +2494,24 @@ probe syscall.signal.return = kernel.function("SyS_signal").return !, # compat_size_t sigsetsize) # probe syscall.signalfd = kernel.function("SyS_signalfd") !, - kernel.function("sys_signalfd") ? { + kernel.function("sys_signalfd") ? +{ name = "signalfd" argstr = sprintf("%d, %p, %d", $ufd, $user_mask, $sizemask) } probe syscall.signalfd.return = kernel.function("SyS_signalfd").return !, - kernel.function("sys_signalfd").return ? { + kernel.function("sys_signalfd").return ? +{ name = "signalfd" retstr = returnstr(1) } -probe syscall.compat_signalfd = kernel.function("compat_sys_signalfd") ? { +probe syscall.compat_signalfd = kernel.function("compat_sys_signalfd") ? +{ name = "compat_signalfd" argstr = sprintf("%d, %p, %d", $ufd, $sigmask, $sigsetsize) } -probe syscall.compat_signalfd.return = kernel.function("compat_sys_signalfd").return ? { +probe syscall.compat_signalfd.return = kernel.function("compat_sys_signalfd").return ? +{ name = "compat_signalfd" retstr = returnstr(1) } @@ -2380,12 +2520,14 @@ probe syscall.compat_signalfd.return = kernel.function("compat_sys_signalfd").re # long sys_sigpending(old_sigset_t __user *set) # probe syscall.sigpending = kernel.function("SyS_sigpending") !, - kernel.function("sys_sigpending") ? { + kernel.function("sys_sigpending") ? +{ name = "sigpending" argstr = sprintf("%p", $set) } probe syscall.sigpending.return = kernel.function("SyS_sigpending").return !, - kernel.function("sys_sigpending").return ? { + kernel.function("sys_sigpending").return ? +{ name = "sigpending" retstr = returnstr(1) } @@ -2413,15 +2555,13 @@ probe syscall.sigprocmask.return = kernel.function("SyS_sigprocmask").return !, # sigreturn __________________________________________________ # int sys_sigreturn(unsigned long __unused) # -probe syscall.sigreturn = - kernel.function("sys_sigreturn") ?, +probe syscall.sigreturn = kernel.function("sys_sigreturn") ?, kernel.function("sys32_sigreturn") ? { name = "sigreturn" argstr = "" } -probe syscall.sigreturn.return = - kernel.function("sys_sigreturn").return ?, +probe syscall.sigreturn.return = kernel.function("sys_sigreturn").return ?, kernel.function("sys32_sigreturn").return ? { name = "sigreturn" @@ -2429,16 +2569,14 @@ probe syscall.sigreturn.return = } # sigsuspend _________________________________________________ -# -probe syscall.sigsuspend = - kernel.function("sys_sigsuspend") ?, - kernel.function("sys32_sigsuspend") ? +# +probe syscall.sigsuspend = kernel.function("sys_sigsuspend") ?, + kernel.function("sys32_sigsuspend") ? { name = "sigsuspend" argstr = "" } -probe syscall.sigsuspend.return = - kernel.function("sys_sigsuspend").return ?, +probe syscall.sigsuspend.return = kernel.function("sys_sigsuspend").return ?, kernel.function("sys32_sigsuspend").return ? { name = "sigsuspend" @@ -2449,17 +2587,19 @@ probe syscall.sigsuspend.return = # long sys_socket(int family, int type, int protocol) # probe syscall.socket = kernel.function("SyS_socket") !, - kernel.function("sys_socket") ? { + kernel.function("sys_socket") ? +{ name = "socket" family = $family type = $type protocol = $protocol argstr = sprintf("%s, %s, %d", _sock_family_str($family), - _sock_type_str($type), - $protocol) + _sock_type_str($type), + $protocol) } probe syscall.socket.return = kernel.function("SyS_socket").return !, - kernel.function("sys_socket").return ? { + kernel.function("sys_socket").return ? +{ name = "socket" retstr = returnstr(1) } @@ -2469,13 +2609,15 @@ probe syscall.socket.return = kernel.function("SyS_socket").return !, # # long sys_socketcall(int call, unsigned long __user *args) # -#probe syscall.socketcall = kernel.function("sys_socketcall") ? { +#probe syscall.socketcall = kernel.function("sys_socketcall") ? +#{ # name = "socketcall" # call = $call # args_uaddr = $args # argstr = sprintf("%d, %p", $call, args_uaddr) #} -#probe syscall.socketcall.return = kernel.function("sys_socketcall").return ? { +#probe syscall.socketcall.return = kernel.function("sys_socketcall").return ? +#{ # name = "socketcall" # retstr = returnstr(1) #} @@ -2487,19 +2629,21 @@ probe syscall.socket.return = kernel.function("SyS_socket").return !, # int __user *usockvec) # probe syscall.socketpair = kernel.function("SyS_socketpair") !, - kernel.function("sys_socketpair") ? { + kernel.function("sys_socketpair") ? +{ name = "socketpair" family = $family type = $type protocol = $protocol sv_uaddr = $usockvec - argstr = sprintf("%s, %s, %d, %p", - _sock_family_str($family), - _sock_type_str($type), - $protocol, sv_uaddr) + argstr = sprintf("%s, %s, %d, %p", + _sock_family_str($family), + _sock_type_str($type), + $protocol, sv_uaddr) } probe syscall.socketpair.return = kernel.function("SyS_socketpair").return !, - kernel.function("sys_socketpair").return ? { + kernel.function("sys_socketpair").return ? +{ name = "socketpair" retstr = returnstr(1) } @@ -2511,13 +2655,15 @@ probe syscall.socketpair.return = kernel.function("SyS_socketpair").return !, # size_t len, unsigned int flags) # probe syscall.splice = kernel.function("SyS_splice") !, - kernel.function("sys_splice") ? { + kernel.function("sys_splice") ? +{ name = "splice" argstr = sprintf("%d, %p, %d, %p, %d, 0x%x", $fd_in, $off_in, $fd_out, $off_out, $len, $flags) } probe syscall.splice.return = kernel.function("SyS_splice").return !, - kernel.function("sys_splice").return ? { + kernel.function("sys_splice").return ? +{ name = "splice" retstr = returnstr(1) } @@ -2527,13 +2673,15 @@ probe syscall.splice.return = kernel.function("SyS_splice").return !, # long sys_ssetmask(int newmask) # probe syscall.ssetmask = kernel.function("SyS_ssetmask") !, - kernel.function("sys_ssetmask") ? { + kernel.function("sys_ssetmask") ? +{ name = "ssetmask" newmask = $newmask argstr = sprint($newmask) } probe syscall.ssetmask.return = kernel.function("SyS_ssetmask").return !, - kernel.function("sys_ssetmask").return ? { + kernel.function("sys_ssetmask").return ? +{ name = "ssetmask" retstr = returnstr(1) } @@ -2544,8 +2692,7 @@ probe syscall.ssetmask.return = kernel.function("SyS_ssetmask").return !, # long sys_stat64(char __user * filename, struct stat64 __user * statbuf) # long sys_oabi_stat64(char __user * filename, struct oldabi_stat64 __user * statbuf) # long compat_sys_newstat(char __user * filename, struct compat_stat __user *statbuf) -probe syscall.stat = - kernel.function("sys_stat") ?, +probe syscall.stat = kernel.function("sys_stat") ?, kernel.function("SyS_newstat") ?, kernel.function("sys_newstat") ?, kernel.function("sys32_stat64") ?, @@ -2560,15 +2707,14 @@ probe syscall.stat = buf_uaddr = $statbuf argstr = sprintf("%s, %p", user_string_quoted($filename), buf_uaddr) } -probe syscall.stat.return = - kernel.function("sys_stat").return ?, +probe syscall.stat.return = kernel.function("sys_stat").return ?, kernel.function("SyS_newstat").return ?, kernel.function("sys_newstat").return ?, kernel.function("sys32_stat64").return ?, kernel.function("SyS_stat64").return ?, kernel.function("sys_stat64").return ?, kernel.function("sys_oabi_stat64").return ?, - kernel.function("compat_sys_newstat").return ? + kernel.function("compat_sys_newstat").return ? { name = "stat" retstr = returnstr(1) @@ -2578,8 +2724,7 @@ probe syscall.stat.return = # long sys_statfs(const char __user * path, struct statfs __user * buf) # long compat_sys_statfs(const char __user *path, struct compat_statfs __user *buf) # -probe syscall.statfs = - kernel.function("compat_sys_statfs") ?, +probe syscall.statfs = kernel.function("compat_sys_statfs") ?, kernel.function("SyS_statfs") !, kernel.function("sys_statfs") ? { @@ -2594,8 +2739,7 @@ probe syscall.statfs = %) } -probe syscall.statfs.return = - kernel.function("compat_sys_statfs").return ?, +probe syscall.statfs.return = kernel.function("compat_sys_statfs").return ?, kernel.function("SyS_statfs").return !, kernel.function("sys_statfs").return ? { @@ -2608,8 +2752,7 @@ probe syscall.statfs.return = # long sys_statfs64(const char __user *path, size_t sz, struct statfs64 __user *buf) # long compat_sys_statfs64(const char __user *path, compat_size_t sz, struct compat_statfs64 __user *buf) # -probe syscall.statfs64 = - kernel.function("compat_sys_statfs64") ?, +probe syscall.statfs64 = kernel.function("compat_sys_statfs64") ?, kernel.function("SyS_statfs64") !, kernel.function("sys_statfs64") ? { @@ -2618,15 +2761,14 @@ probe syscall.statfs64 = buf_uaddr = $buf %( kernel_v >= "2.6.27" %? path = user_string($pathname) - argstr = sprintf("%s, %d, %p", user_string_quoted($pathname), $sz, $buf) + argstr = sprintf("%s, %d, %p", user_string_quoted($pathname), $sz, $buf) %: path = user_string($path) - argstr = sprintf("%s, %d, %p", user_string_quoted($path), $sz, $buf) + argstr = sprintf("%s, %d, %p", user_string_quoted($path), $sz, $buf) %) } -probe syscall.statfs64.return = - kernel.function("compat_sys_statfs64").return ?, +probe syscall.statfs64.return = kernel.function("compat_sys_statfs64").return ?, kernel.function("SyS_statfs64").return !, kernel.function("sys_statfs64").return ? { @@ -2639,18 +2781,16 @@ probe syscall.statfs64.return = # long sys_stime(time_t __user *tptr) # long compat_sys_stime(compat_time_t __user *tptr) # -probe syscall.stime = - kernel.function("compat_sys_stime") ?, +probe syscall.stime = kernel.function("compat_sys_stime") ?, kernel.function("SyS_stime") !, kernel.function("sys_stime") ? { name = "stime" t_uaddr = $tptr - /* FIXME. Decode time */ + /* FIXME. Decode time */ argstr = sprintf("%p", $tptr) } -probe syscall.stime.return = - kernel.function("compat_sys_stime").return ?, +probe syscall.stime.return = kernel.function("compat_sys_stime").return ?, kernel.function("SyS_stime").return !, kernel.function("sys_stime").return ? { @@ -2664,13 +2804,15 @@ probe syscall.stime.return = # sys_swapoff(const char __user * specialfile) # probe syscall.swapoff = kernel.function("SyS_swapoff") !, - kernel.function("sys_swapoff") ? { + kernel.function("sys_swapoff") ? +{ name = "swapoff" path = user_string($specialfile) argstr = user_string_quoted($specialfile) } probe syscall.swapoff.return = kernel.function("SyS_swapoff").return !, - kernel.function("sys_swapoff").return ? { + kernel.function("sys_swapoff").return ? +{ name = "swapoff" retstr = returnstr(1) } @@ -2681,14 +2823,16 @@ probe syscall.swapoff.return = kernel.function("SyS_swapoff").return !, # int swap_flags) # probe syscall.swapon = kernel.function("SyS_swapon") !, - kernel.function("sys_swapon") ? { + kernel.function("sys_swapon") ? +{ name = "swapon" path = user_string($specialfile) swapflags = $swap_flags argstr = sprintf("%s, %d", user_string_quoted($specialfile), swapflags) } probe syscall.swapon.return = kernel.function("SyS_swapon").return !, - kernel.function("sys_swapon").return ? { + kernel.function("sys_swapon").return ? +{ name = "swapon" retstr = returnstr(1) } @@ -2697,15 +2841,17 @@ probe syscall.swapon.return = kernel.function("SyS_swapon").return !, # long sys_symlink(const char __user * oldname, # const char __user * newname) probe syscall.symlink = kernel.function("SyS_symlink") !, - kernel.function("sys_symlink") { + kernel.function("sys_symlink") +{ name = "symlink" oldpath = user_string($oldname) newpath = user_string($newname) argstr = sprintf("%s, %s", user_string_quoted($oldname), - user_string_quoted($newname)) + user_string_quoted($newname)) } probe syscall.symlink.return = kernel.function("SyS_symlink").return !, - kernel.function("sys_symlink").return { + kernel.function("sys_symlink").return +{ name = "symlink" retstr = returnstr(1) } @@ -2715,7 +2861,8 @@ probe syscall.symlink.return = kernel.function("SyS_symlink").return !, # long sys_symlinkat(const char __user *oldname, int newdfd, # const char __user *newname) probe syscall.symlinkat = kernel.function("SyS_symlinkat") !, - kernel.function("sys_symlinkat") ? { + kernel.function("sys_symlinkat") ? +{ name = "symlinkat" oldname = $oldname oldname_str = user_string($oldname) @@ -2727,7 +2874,8 @@ probe syscall.symlinkat = kernel.function("SyS_symlinkat") !, newdfd_str, user_string_quoted($newname)) } probe syscall.symlinkat.return = kernel.function("SyS_symlinkat").return !, - kernel.function("sys_symlinkat").return ? { + kernel.function("sys_symlinkat").return ? +{ name = "symlinkat" retstr = returnstr(1) } @@ -2736,11 +2884,13 @@ probe syscall.symlinkat.return = kernel.function("SyS_symlinkat").return !, # # sys_sync(void) # -probe syscall.sync = kernel.function("sys_sync") { +probe syscall.sync = kernel.function("sys_sync") +{ name = "sync" argstr = "" } -probe syscall.sync.return = kernel.function("sys_sync").return { +probe syscall.sync.return = kernel.function("sys_sync").return +{ name = "sync" retstr = returnstr(1) } @@ -2749,16 +2899,14 @@ probe syscall.sync.return = kernel.function("sys_sync").return { # # long sys_sysctl(struct __sysctl_args __user *args) # -probe syscall.sysctl = - kernel.function("compat_sys_sysctl") ?, +probe syscall.sysctl = kernel.function("compat_sys_sysctl") ?, kernel.function("SyS_sysctl") !, kernel.function("sys_sysctl") ? { name = "sysctl" argstr = sprintf("%p", $args) } -probe syscall.sysctl.return = - kernel.function("compat_sys_sysctl").return ?, +probe syscall.sysctl.return = kernel.function("compat_sys_sysctl").return ?, kernel.function("SyS_sysctl").return !, kernel.function("sys_sysctl").return ? { @@ -2774,7 +2922,8 @@ probe syscall.sysctl.return = # unsigned long arg2) # probe syscall.sysfs = kernel.function("SyS_sysfs") !, - kernel.function("sys_sysfs") { + kernel.function("sys_sysfs") +{ name = "sysfs" option = $option arg1 = $arg1 @@ -2789,7 +2938,8 @@ probe syscall.sysfs = kernel.function("SyS_sysfs") !, argstr = sprintf("%d, %d, %d", $option, $arg1, $arg2) } probe syscall.sysfs.return = kernel.function("SyS_sysfs").return !, - kernel.function("sys_sysfs").return { + kernel.function("sys_sysfs").return +{ name = "sysfs" retstr = returnstr(1) } @@ -2797,8 +2947,7 @@ probe syscall.sysfs.return = kernel.function("SyS_sysfs").return !, # # long sys_sysinfo(struct sysinfo __user *info) # long compat_sys_sysinfo(struct compat_sysinfo __user *info) -probe syscall.sysinfo = - kernel.function("compat_sys_sysinfo") ?, +probe syscall.sysinfo = kernel.function("compat_sys_sysinfo") ?, kernel.function("SyS_sysinfo") !, kernel.function("sys_sysinfo") { @@ -2806,8 +2955,7 @@ probe syscall.sysinfo = info_uaddr = $info argstr = sprintf("%p", $info) } -probe syscall.sysinfo.return = - kernel.function("compat_sys_sysinfo").return ?, +probe syscall.sysinfo.return = kernel.function("compat_sys_sysinfo").return ?, kernel.function("SyS_sysinfo").return !, kernel.function("sys_sysinfo").return { @@ -2820,7 +2968,8 @@ probe syscall.sysinfo.return = # long sys_syslog(int type, char __user * buf, int len) # probe syscall.syslog = kernel.function("SyS_syslog") !, - kernel.function("sys_syslog") { + kernel.function("sys_syslog") +{ name = "syslog" type = $type bufp_uaddr = $buf @@ -2828,7 +2977,8 @@ probe syscall.syslog = kernel.function("SyS_syslog") !, argstr = sprintf("%d, %p, %d", $type, $buf, $len) } probe syscall.syslog.return = kernel.function("SyS_syslog").return !, - kernel.function("sys_syslog").return { + kernel.function("sys_syslog").return +{ name = "syslog" retstr = returnstr(1) } @@ -2838,12 +2988,14 @@ probe syscall.syslog.return = kernel.function("SyS_syslog").return !, # long sys_tee(int fdin, int fdout, size_t len, unsigned int flags) # probe syscall.tee = kernel.function("SyS_tee") !, - kernel.function("sys_tee") ? { + kernel.function("sys_tee") ? +{ name = "tee" - argstr = sprintf("%d, %d, %d, 0x%x", $fdin, $fdout, $len, $flags) + argstr = sprintf("%d, %d, %d, 0x%x", $fdin, $fdout, $len, $flags) } probe syscall.tee.return = kernel.function("SyS_tee").return !, - kernel.function("sys_tee").return ? { + kernel.function("sys_tee").return ? +{ name = "tee" retstr = returnstr(1) } @@ -2856,7 +3008,8 @@ probe syscall.tee.return = kernel.function("SyS_tee").return !, # int sig) # probe syscall.tgkill = kernel.function("SyS_tgkill") !, - kernel.function("sys_tgkill") { + kernel.function("sys_tgkill") +{ name = "tgkill" tgid = $tgid pid = $pid @@ -2864,7 +3017,8 @@ probe syscall.tgkill = kernel.function("SyS_tgkill") !, argstr = sprintf("%d, %d, %s", $tgid, $pid, _signal_name($sig)) } probe syscall.tgkill.return = kernel.function("SyS_tgkill").return !, - kernel.function("sys_tgkill").return { + kernel.function("sys_tgkill").return +{ name = "tgkill" retstr = returnstr(1) } @@ -2875,8 +3029,7 @@ probe syscall.tgkill.return = kernel.function("SyS_tgkill").return !, # long sys32_time(compat_time_t __user * tloc) # long compat_sys_time(compat_time_t __user * tloc) # -probe syscall.time = - kernel.function("sys32_time") ?, +probe syscall.time = kernel.function("sys32_time") ?, kernel.function("sys_time64") ?, kernel.function("compat_sys_time") ?, kernel.function("SyS_time") !, @@ -2886,8 +3039,7 @@ probe syscall.time = t_uaddr = $tloc argstr = sprintf("%p", $tloc) } -probe syscall.time.return = - kernel.function("sys32_time").return ?, +probe syscall.time.return = kernel.function("sys32_time").return ?, kernel.function("sys_time64").return ?, kernel.function("compat_sys_time").return ?, kernel.function("SyS_time").return !, @@ -2904,7 +3056,8 @@ probe syscall.time.return = # timer_t __user * created_timer_id) # probe syscall.timer_create = kernel.function("SyS_timer_create") !, - kernel.function("sys_timer_create") { + kernel.function("sys_timer_create") +{ name = "timer_create" clockid = $which_clock clockid_str = _get_wc_str($which_clock) @@ -2912,9 +3065,9 @@ probe syscall.timer_create = kernel.function("SyS_timer_create") !, timerid_uaddr = $created_timer_id argstr = sprintf("%s, %p, %p", clockid_str, $timer_event_spec, $created_timer_id) } -probe syscall.timer_create.return = - kernel.function("SyS_timer_create").return !, - kernel.function("sys_timer_create").return { +probe syscall.timer_create.return = kernel.function("SyS_timer_create").return !, + kernel.function("sys_timer_create").return +{ name = "timer_create" retstr = returnstr(1) } @@ -2924,13 +3077,15 @@ probe syscall.timer_create.return = # long sys_timer_delete(timer_t timer_id) # probe syscall.timer_delete = kernel.function("SyS_timer_delete") !, - kernel.function("sys_timer_delete") { + kernel.function("sys_timer_delete") +{ name = "timer_delete" timerid = $timer_id argstr = sprint($timer_id) } probe syscall.timer_delete.return = kernel.function("SyS_timer_delete").return !, - kernel.function("sys_timer_delete").return { + kernel.function("sys_timer_delete").return +{ name = "timer_delete" retstr = returnstr(1) } @@ -2940,14 +3095,15 @@ probe syscall.timer_delete.return = kernel.function("SyS_timer_delete").return ! # long sys_timer_getoverrun(timer_t timer_id) # probe syscall.timer_getoverrun = kernel.function("SyS_timer_getoverrun") !, - kernel.function("sys_timer_getoverrun") { + kernel.function("sys_timer_getoverrun") +{ name = "timer_getoverrun" timerid = $timer_id argstr = sprint($timer_id) } -probe syscall.timer_getoverrun.return = - kernel.function("SyS_timer_getoverrun").return !, - kernel.function("sys_timer_getoverrun").return { +probe syscall.timer_getoverrun.return = kernel.function("SyS_timer_getoverrun").return !, + kernel.function("sys_timer_getoverrun").return +{ name = "timer_getoverrun" retstr = returnstr(1) } @@ -2958,15 +3114,16 @@ probe syscall.timer_getoverrun.return = # struct itimerspec __user *setting) # probe syscall.timer_gettime = kernel.function("SyS_timer_gettime") !, - kernel.function("sys_timer_gettime") { + kernel.function("sys_timer_gettime") +{ name = "timer_gettime" timerid = $timer_id value_uaddr = $setting argstr = sprintf("%d, %p", $timer_id, $setting) } -probe syscall.timer_gettime.return = - kernel.function("SyS_timer_gettime").return !, - kernel.function("sys_timer_gettime").return { +probe syscall.timer_gettime.return = kernel.function("SyS_timer_gettime").return !, + kernel.function("sys_timer_gettime").return +{ name = "timer_gettime" retstr = returnstr(1) } @@ -2979,19 +3136,20 @@ probe syscall.timer_gettime.return = # struct itimerspec __user *old_setting) # probe syscall.timer_settime = kernel.function("SyS_timer_settime") !, - kernel.function("sys_timer_settime") { + kernel.function("sys_timer_settime") +{ name = "timer_settime" timerid = $timer_id flags = $flags value_uaddr = $new_setting ovalue_uaddr = $old_setting argstr = sprintf("%d, %d, %s, %p", $timer_id, $flags, - _struct_itimerspec_u($new_setting), - $old_setting) + _struct_itimerspec_u($new_setting), + $old_setting) } -probe syscall.timer_settime.return = - kernel.function("SyS_timer_settime").return !, - kernel.function("sys_timer_settime").return { +probe syscall.timer_settime.return = kernel.function("SyS_timer_settime").return !, + kernel.function("sys_timer_settime").return +{ name = "timer_settime" retstr = returnstr(1) } @@ -3003,15 +3161,13 @@ probe syscall.timer_settime.return = # long compat_sys_timerfd(int ufd, int clockid, int flags, # const struct compat_itimerspec __user *utmr) # -probe syscall.timerfd = - kernel.function("sys_timerfd") ?, +probe syscall.timerfd = kernel.function("sys_timerfd") ?, kernel.function("compat_sys_timerfd") ? { name = "timerfd" argstr = sprintf("%d, %d, 0x%x", $ufd, $clockid, $flags) } -probe syscall.timerfd.return = - kernel.function("sys_timerfd").return ?, +probe syscall.timerfd.return = kernel.function("sys_timerfd").return ?, kernel.function("compat_sys_timerfd").return ? { name = "timerfd" @@ -3022,16 +3178,14 @@ probe syscall.timerfd.return = # # long sys_times(struct tms __user * tbuf) # long compat_sys_times(struct compat_tms __user *tbuf) -probe syscall.times = - kernel.function("compat_sys_times") ?, +probe syscall.times = kernel.function("compat_sys_times") ?, kernel.function("SyS_times") !, kernel.function("sys_times") ? { name = "times" - argstr = sprintf("%p", $tbuf) + argstr = sprintf("%p", $tbuf) } -probe syscall.times.return = - kernel.function("compat_sys_times").return ?, +probe syscall.times.return = kernel.function("compat_sys_times").return ?, kernel.function("SyS_times").return !, kernel.function("sys_times").return ? { @@ -3046,14 +3200,16 @@ probe syscall.times.return = # int sig) # probe syscall.tkill = kernel.function("SyS_tkill") !, - kernel.function("sys_tkill") { + kernel.function("sys_tkill") +{ name = "tkill" pid = $pid sig = $sig argstr = sprintf("%d, %s", $pid, _signal_name($sig)) } probe syscall.tkill.return = kernel.function("SyS_tkill").return !, - kernel.function("sys_tkill").return { + kernel.function("sys_tkill").return +{ name = "tkill" retstr = returnstr(1) } @@ -3065,7 +3221,8 @@ probe syscall.tkill.return = kernel.function("SyS_tkill").return !, # probe syscall.truncate = kernel.function("SyS_truncate") !, kernel.function("sys_truncate") ?, - kernel.function("sys_truncate64") ? { + kernel.function("sys_truncate64") ? +{ name = "truncate" path_uaddr = $path path = user_string($path) @@ -3074,7 +3231,8 @@ probe syscall.truncate = kernel.function("SyS_truncate") !, } probe syscall.truncate.return = kernel.function("SyS_truncate").return !, kernel.function("sys_truncate").return ?, - kernel.function("sys_truncate64").return ? { + kernel.function("sys_truncate64").return ? +{ name = "truncate" retstr = returnstr(1) } @@ -3082,13 +3240,15 @@ probe syscall.truncate.return = kernel.function("SyS_truncate").return !, # tux ________________________________________________________ # long sys_tux (unsigned int action, user_req_t *u_info) # -probe syscall.tux = kernel.function("sys_tux") ? { +probe syscall.tux = kernel.function("sys_tux") ? +{ name = "tux" action = $action u_info_uaddr = $u_info argstr = sprintf("%d, %p", $action, $u_info) } -probe syscall.tux.return = kernel.function("sys_tux").return ? { +probe syscall.tux.return = kernel.function("sys_tux").return ? +{ name = "tux" retstr = returnstr(1) } @@ -3097,13 +3257,15 @@ probe syscall.tux.return = kernel.function("sys_tux").return ? { # long sys_umask(int mask) # probe syscall.umask = kernel.function("SyS_umask") !, - kernel.function("sys_umask") { + kernel.function("sys_umask") +{ name = "umask" mask = $mask argstr = sprintf("%#o", $mask) } probe syscall.umask.return = kernel.function("SyS_umask").return !, - kernel.function("sys_umask").return { + kernel.function("sys_umask").return +{ name = "umask" retstr = returnstr(3) } @@ -3112,7 +3274,8 @@ probe syscall.umask.return = kernel.function("SyS_umask").return !, # long sys_umount(char __user * name, int flags) # probe syscall.umount = kernel.function("SyS_umount") !, - kernel.function("sys_umount") { + kernel.function("sys_umount") +{ name = "umount" target = user_string($name) flags = $flags @@ -3120,7 +3283,8 @@ probe syscall.umount = kernel.function("SyS_umount") !, argstr = sprintf("%s, %s", user_string_quoted($name), flags_str) } probe syscall.umount.return = kernel.function("SyS_umount").return !, - kernel.function("sys_umount").return { + kernel.function("sys_umount").return +{ name = "umount" retstr = returnstr(1) } @@ -3132,8 +3296,7 @@ probe syscall.umount.return = kernel.function("SyS_umount").return !, # int sys32_olduname(struct oldold_utsname __user * name) # long sys32_uname(struct old_utsname __user * name) # -probe syscall.uname = - kernel.function("sys_uname") ?, +probe syscall.uname = kernel.function("sys_uname") ?, kernel.function("sys_olduname") ?, kernel.function("sys32_olduname") ?, kernel.function("sys32_uname") ?, @@ -3144,8 +3307,7 @@ probe syscall.uname = argstr = sprintf("%p", $name) } -probe syscall.uname.return = - kernel.function("sys_uname").return ?, +probe syscall.uname.return = kernel.function("sys_uname").return ?, kernel.function("sys_olduname").return ?, kernel.function("sys32_olduname").return ?, kernel.function("sys32_uname").return ?, @@ -3160,14 +3322,16 @@ probe syscall.uname.return = # long sys_unlink(const char __user * pathname) # probe syscall.unlink = kernel.function("SyS_unlink") !, - kernel.function("sys_unlink") { + kernel.function("sys_unlink") +{ name = "unlink" pathname_uaddr = $pathname pathname = user_string($pathname) argstr = user_string_quoted($pathname) } probe syscall.unlink.return = kernel.function("SyS_unlink").return !, - kernel.function("sys_unlink").return { + kernel.function("sys_unlink").return +{ name = "unlink" retstr = returnstr(1) } @@ -3177,7 +3341,8 @@ probe syscall.unlink.return = kernel.function("SyS_unlink").return !, # long sys_unlinkat(int dfd, const char __user *pathname, # int flag) probe syscall.unlinkat = kernel.function("SyS_unlinkat") !, - kernel.function("sys_unlinkat") ? { + kernel.function("sys_unlinkat") ? +{ name = "unlinkat" dfd = $dfd dfd_str = _dfd_str($dfd) @@ -3188,7 +3353,8 @@ probe syscall.unlinkat = kernel.function("SyS_unlinkat") !, argstr = sprintf("%s, %s, %s", dfd_str, user_string_quoted($pathname), flag_str) } probe syscall.unlinkat.return = kernel.function("SyS_unlinkat").return !, - kernel.function("sys_unlinkat").return ? { + kernel.function("sys_unlinkat").return ? +{ name = "unlinkat" retstr = returnstr(1) } @@ -3197,13 +3363,15 @@ probe syscall.unlinkat.return = kernel.function("SyS_unlinkat").return !, # new function with 2.6.16 # long sys_unshare(unsigned long unshare_flags) probe syscall.unshare = kernel.function("SyS_unshare") !, - kernel.function("sys_unshare") ? { + kernel.function("sys_unshare") ? +{ name = "unshare" unshare_flags = $unshare_flags argstr = __fork_flags(unshare_flags) } probe syscall.unshare.return = kernel.function("SyS_unshare").return !, - kernel.function("sys_unshare").return ? { + kernel.function("sys_unshare").return ? +{ name = "unshare" retstr = returnstr(1) } @@ -3214,14 +3382,16 @@ probe syscall.unshare.return = kernel.function("SyS_unshare").return !, # sys_uselib(const char __user * library) # probe syscall.uselib = kernel.function("SyS_uselib") !, - kernel.function("sys_uselib") { + kernel.function("sys_uselib") +{ name = "uselib" library_uaddr = $library library = user_string($library) argstr = user_string_quoted($library) } probe syscall.uselib.return = kernel.function("SyS_uselib").return !, - kernel.function("sys_uselib").return { + kernel.function("sys_uselib").return +{ name = "uselib" retstr = returnstr(1) } @@ -3229,7 +3399,8 @@ probe syscall.uselib.return = kernel.function("SyS_uselib").return !, # long sys_ustat(unsigned dev, struct ustat __user * ubuf) # probe syscall.ustat = kernel.function("SyS_ustat") !, - kernel.function("sys_ustat") { + kernel.function("sys_ustat") +{ name = "ustat" dev = $dev ubuf_uaddr = $ubuf @@ -3237,16 +3408,16 @@ probe syscall.ustat = kernel.function("SyS_ustat") !, } #long sys32_ustat(unsigned dev, struct ustat32 __user *u32p) -probe syscall.ustat32 = kernel.function("sys32_ustat") ? { +probe syscall.ustat32 = kernel.function("sys32_ustat") ? +{ name = "ustat" dev = $dev argstr = sprintf("%d, %p", $dev, $u32p) } -probe syscall.ustat.return = - kernel.function("SyS_ustat").return ?, - kernel.function("sys_ustat").return?, - kernel.function("sys32_ustat").return ? +probe syscall.ustat.return = kernel.function("SyS_ustat").return ?, + kernel.function("sys_ustat").return ?, + kernel.function("sys32_ustat").return ? { name = "ustat" retstr = returnstr(1) @@ -3255,7 +3426,8 @@ probe syscall.ustat.return = # utime ______________________________________________________ # long sys_utime(char __user * filename, struct utimbuf __user * times) probe syscall.utime = kernel.function("SyS_utime") !, - kernel.function("sys_utime") ? { + kernel.function("sys_utime") ? +{ name = "utime" filename_uaddr = $filename filename = user_string($filename) @@ -3263,16 +3435,18 @@ probe syscall.utime = kernel.function("SyS_utime") !, actime = _struct_utimbuf_actime(buf_uaddr) modtime = _struct_utimbuf_modtime(buf_uaddr) argstr = sprintf("%s, [%s, %s]", user_string_quoted($filename), - ctime(actime), ctime(modtime)) + ctime(actime), ctime(modtime)) } probe syscall.utime.return = kernel.function("SyS_utime").return !, - kernel.function("sys_utime").return ? { + kernel.function("sys_utime").return ? +{ name = "utime" retstr = returnstr(1) } # long compat_sys_utime(char __user *filename, struct compat_utimbuf __user *t) -probe syscall.compat_utime = kernel.function("compat_sys_utime") ? { +probe syscall.compat_utime = kernel.function("compat_sys_utime") ? +{ name = "utime" filename_uaddr = $filename filename = user_string($filename) @@ -3280,9 +3454,10 @@ probe syscall.compat_utime = kernel.function("compat_sys_utime") ? { actime = _struct_compat_utimbuf_actime(buf_uaddr) modtime = _struct_compat_utimbuf_modtime(buf_uaddr) argstr = sprintf("%s, [%s, %s]", user_string_quoted($filename), - ctime(actime), ctime(modtime)) + ctime(actime), ctime(modtime)) } -probe syscall.compat_utime.return = kernel.function("compat_sys_utime").return ? { +probe syscall.compat_utime.return = kernel.function("compat_sys_utime").return ? +{ name = "utime" retstr = returnstr(1) } @@ -3292,16 +3467,18 @@ probe syscall.compat_utime.return = kernel.function("compat_sys_utime").return ? # long sys_utimes(char __user * filename, struct timeval __user * utimes) # probe syscall.utimes = kernel.function("SyS_utimes") !, - kernel.function("sys_utimes") { + kernel.function("sys_utimes") +{ name = "utimes" filename_uaddr = $filename filename = user_string($filename) tvp_uaddr = $utimes - argstr = sprintf("%s, %s", user_string_quoted($filename), + argstr = sprintf("%s, %s", user_string_quoted($filename), _struct_timeval_u($utimes, 2)) } probe syscall.utimes.return = kernel.function("SyS_utimes").return !, - kernel.function("sys_utimes").return { + kernel.function("sys_utimes").return +{ name = "utimes" retstr = returnstr(1) } @@ -3309,13 +3486,15 @@ probe syscall.utimes.return = kernel.function("SyS_utimes").return !, # # long compat_sys_utimes(char __user *filename, struct compat_timeval __user *t) # -probe syscall.compat_sys_utimes = kernel.function("compat_sys_utimes") ? { +probe syscall.compat_sys_utimes = kernel.function("compat_sys_utimes") ? +{ name = "utimes" filename = user_string($filename) argstr = sprintf("%s, %s", user_string_quoted($filename), - _struct_compat_timeval_u($t, 2)) + _struct_compat_timeval_u($t, 2)) } -probe syscall.compat_sys_utimes.return = kernel.function("compat_sys_utimes").return ? { +probe syscall.compat_sys_utimes.return = kernel.function("compat_sys_utimes").return ? +{ name = "utimes" retstr = returnstr(1) } @@ -3323,24 +3502,28 @@ probe syscall.compat_sys_utimes.return = kernel.function("compat_sys_utimes").re # utimensat ____________________________________________________ # long sys_utimensat(int dfd, char __user *filename, struct timespec __user *utimes, int flags) # long compat_sys_utimensat(unsigned int dfd, char __user *filename, struct compat_timespec __user *t, int flags) -# +# probe syscall.utimensat = kernel.function("SyS_utimensat") !, - kernel.function("sys_utimensat") ? { + kernel.function("sys_utimensat") ? +{ name = "utimensat" - argstr = sprintf("%s, %s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), _struct_timespec_u($utimes,2), + argstr = sprintf("%s, %s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), _struct_timespec_u($utimes, 2), _at_flag_str($flags)) } -probe syscall.compat_utimensat = kernel.function("compat_sys_utimensat") ? { +probe syscall.compat_utimensat = kernel.function("compat_sys_utimensat") ? +{ name = "utimensat" - argstr = sprintf("%s, %s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), _struct_compat_timespec_u($t,2), + argstr = sprintf("%s, %s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), _struct_compat_timespec_u($t, 2), _at_flag_str($flags)) } probe syscall.utimensat.return = kernel.function("SyS_utimensat").return !, - kernel.function("sys_utimensat").return ? { + kernel.function("sys_utimensat").return ? +{ name = "utimensat" retstr = returnstr(1) } -probe syscall.compat_utimensat.return = kernel.function("compat_sys_utimensat").return ? { +probe syscall.compat_utimensat.return = kernel.function("compat_sys_utimensat").return ? +{ name = "utimensat" retstr = returnstr(1) } @@ -3350,11 +3533,13 @@ probe syscall.compat_utimensat.return = kernel.function("compat_sys_utimensat") # asmlinkage long # sys_vhangup(void) # -probe syscall.vhangup = kernel.function("sys_vhangup") { +probe syscall.vhangup = kernel.function("sys_vhangup") +{ name = "vhangup" argstr = "" } -probe syscall.vhangup.return = kernel.function("sys_vhangup").return { +probe syscall.vhangup.return = kernel.function("sys_vhangup").return +{ name = "vhangup" retstr = returnstr(1) } @@ -3367,20 +3552,24 @@ probe syscall.vhangup.return = kernel.function("sys_vhangup").return { # unsigned int nr_segs, unsigned int flags) # probe syscall.vmsplice = kernel.function("SyS_vmsplice") !, - kernel.function("sys_vmsplice") ? { + kernel.function("sys_vmsplice") ? +{ name = "vmsplice" argstr = sprintf("%d, %p, %d, 0x%x", $fd, $iov, $nr_segs, $flags) } -probe syscall.compat_vmsplice = kernel.function("compat_sys_vmsplice") ? { +probe syscall.compat_vmsplice = kernel.function("compat_sys_vmsplice") ? +{ name = "vmsplice" argstr = sprintf("%d, %p, %d, 0x%x", $fd, $iov32, $nr_segs, $flags) } probe syscall.vmsplice.return = kernel.function("SyS_vmsplice").return !, - kernel.function("sys_vmsplice").return ? { + kernel.function("sys_vmsplice").return ? +{ name = "vmsplice" retstr = returnstr(1) } -probe syscall.compat_vmsplice.return = kernel.function("compat_sys_vmsplice").return ? { +probe syscall.compat_vmsplice.return = kernel.function("compat_sys_vmsplice").return ? +{ name = "vmsplice" retstr = returnstr(1) } @@ -3393,7 +3582,8 @@ probe syscall.compat_vmsplice.return = kernel.function("compat_sys_vmsplice").re # struct rusage __user *ru) # probe syscall.wait4 = kernel.function("SyS_wait4") !, - kernel.function("sys_wait4") { + kernel.function("sys_wait4") +{ name = "wait4" pid = %( kernel_vr >= "2.6.25" %? $upid %: $pid%) status_uaddr = $stat_addr @@ -3401,11 +3591,12 @@ probe syscall.wait4 = kernel.function("SyS_wait4") !, options_str = _wait4_opt_str($options) rusage_uaddr = $ru argstr = sprintf("%d, %p, %s, %p", - %( kernel_vr >= "2.6.25" %? $upid %: $pid%), - $stat_addr,_wait4_opt_str($options), $ru) + %( kernel_vr >= "2.6.25" %? $upid %: $pid%), + $stat_addr, _wait4_opt_str($options), $ru) } probe syscall.wait4.return = kernel.function("SyS_wait4").return !, - kernel.function("sys_wait4").return { + kernel.function("sys_wait4").return +{ name = "wait4" retstr = returnstr(1) } @@ -3418,7 +3609,8 @@ probe syscall.wait4.return = kernel.function("SyS_wait4").return !, # struct rusage __user *ru) # probe syscall.waitid = kernel.function("SyS_waitid") !, - kernel.function("sys_waitid") { + kernel.function("sys_waitid") +{ name = "waitid" pid = %( kernel_vr >= "2.6.25" %? $upid %: $pid%) which = $which @@ -3428,11 +3620,12 @@ probe syscall.waitid = kernel.function("SyS_waitid") !, options_str = _waitid_opt_str($options) rusage_uaddr = $ru argstr = sprintf("%d, %d, %p, %s, %p", $which, - %( kernel_vr >= "2.6.25" %? $upid %: $pid%), $infop, - _waitid_opt_str($options), $ru) + %( kernel_vr >= "2.6.25" %? $upid %: $pid%), $infop, + _waitid_opt_str($options), $ru) } probe syscall.waitid.return = kernel.function("SyS_waitid").return !, - kernel.function("sys_waitid").return { + kernel.function("sys_waitid").return +{ name = "waitid" retstr = returnstr(1) } @@ -3445,7 +3638,8 @@ probe syscall.waitid.return = kernel.function("SyS_waitid").return !, # struct rusage __user *ru) # probe syscall.waitpid = kernel.function("SyS_wait4") !, - kernel.function("sys_wait4") { + kernel.function("sys_wait4") +{ name = "waitpid" pid = $pid status_uaddr = $stat_addr @@ -3453,10 +3647,11 @@ probe syscall.waitpid = kernel.function("SyS_wait4") !, options_str = _wait4_opt_str($options) rusage_uaddr = $ru argstr = sprintf("%d, %p, %s, %p", $pid, $stat_addr, - options_str, $ru) + options_str, $ru) } probe syscall.waitpid.return = kernel.function("SyS_wait4").return !, - kernel.function("sys_wait4").return { + kernel.function("sys_wait4").return +{ name = "waitpid" retstr = returnstr(1) } @@ -3469,15 +3664,17 @@ probe syscall.waitpid.return = kernel.function("SyS_wait4").return !, # size_t count) # probe syscall.write = kernel.function("SyS_write") !, - kernel.function("sys_write") { + kernel.function("sys_write") +{ name = "write" fd = $fd buf_uaddr = $buf count = $count - argstr = sprintf("%d, %s, %d", $fd, text_strn(user_string($buf),syscall_string_trunc,1), $count) + argstr = sprintf("%d, %s, %d", $fd, text_strn(user_string($buf), syscall_string_trunc, 1), $count) } probe syscall.write.return = kernel.function("SyS_write").return !, - kernel.function("sys_write").return { + kernel.function("sys_write").return +{ name = "write" retstr = returnstr(1) } @@ -3487,19 +3684,18 @@ probe syscall.write.return = kernel.function("SyS_write").return !, # ssize_t sys_writev(unsigned long fd, # const struct iovec __user *vec, # unsigned long vlen) -# ssize_t compat_sys_writev(unsigned long fd, -# const struct compat_iovec __user *vec, +# ssize_t compat_sys_writev(unsigned long fd, +# const struct compat_iovec __user *vec, # unsigned long vlen) # -probe syscall.writev = - kernel.function("compat_sys_writev") ?, +probe syscall.writev = kernel.function("compat_sys_writev") ?, kernel.function("SyS_writev") !, kernel.function("sys_writev") { name = "writev" vector_uaddr = $vec count = $vlen -/* FIXME: RHEL4 U3 ppc64 can't resolve $fd */ +/* FIXME: RHEL4 U3 ppc64 can't resolve $fd */ %( arch != "ppc64" %? fd = $fd argstr = sprintf("%d, %p, %d", $fd, $vec, $vlen) @@ -3507,8 +3703,7 @@ probe syscall.writev = argstr = sprintf("unknown fd, %p, %d", $vec, $vlen) %) } -probe syscall.writev.return = - kernel.function("compat_sys_writev").return ?, +probe syscall.writev.return = kernel.function("compat_sys_writev").return ?, kernel.function("SyS_writev").return !, kernel.function("sys_writev").return { -- cgit From d404c11425538c0af84a6ddecaa6652d0fe88085 Mon Sep 17 00:00:00 2001 From: Przemyslaw Pawelczyk Date: Tue, 19 May 2009 13:22:20 +0200 Subject: Fix alignment of probe aliases in syscalls(|2).stp. Align probe points in probe aliases to equal sign using spaces as it's already done in nd_syscalls.stp. Signed-off-by: Josh Stone --- tapset/syscalls.stp | 762 +++++++++++++++++++++++++-------------------------- tapset/syscalls2.stp | 710 +++++++++++++++++++++++------------------------ 2 files changed, 736 insertions(+), 736 deletions(-) (limited to 'tapset') diff --git a/tapset/syscalls.stp b/tapset/syscalls.stp index 6d7075d5..3a34c91b 100644 --- a/tapset/syscalls.stp +++ b/tapset/syscalls.stp @@ -29,7 +29,7 @@ # long sys_accept(int fd, struct sockaddr __user *upeer_sockaddr, # int __user *upeer_addrlen) probe syscall.accept = kernel.function("SyS_accept") !, - kernel.function("sys_accept") ? + kernel.function("sys_accept") ? { name = "accept" sockfd = $fd @@ -38,7 +38,7 @@ probe syscall.accept = kernel.function("SyS_accept") !, argstr = sprintf("%d, %p, %p", $fd, $upeer_sockaddr, $upeer_addrlen) } probe syscall.accept.return = kernel.function("SyS_accept").return !, - kernel.function("sys_accept").return ? + kernel.function("sys_accept").return ? { name = "accept" retstr = returnstr(1) @@ -47,7 +47,7 @@ probe syscall.accept.return = kernel.function("SyS_accept").return !, # access _____________________________________________________ # long sys_access(const char __user * filename, int mode) probe syscall.access = kernel.function("SyS_access") !, - kernel.function("sys_access") + kernel.function("sys_access") { name = "access" pathname = user_string($filename) @@ -56,7 +56,7 @@ probe syscall.access = kernel.function("SyS_access") !, argstr = sprintf("%s, %s", user_string_quoted($filename), mode_str) } probe syscall.access.return = kernel.function("SyS_access").return !, - kernel.function("sys_access").return + kernel.function("sys_access").return { name = "access" retstr = returnstr(1) @@ -84,7 +84,7 @@ probe syscall.acct.return = kernel.function("sys_acct").return ? # key_serial_t ringid) # probe syscall.add_key = kernel.function("SyS_add_key") !, - kernel.function("sys_add_key") ? + kernel.function("sys_add_key") ? { name = "add_key" type_uaddr = $_type @@ -99,7 +99,7 @@ probe syscall.add_key = kernel.function("SyS_add_key") !, $plen, $ringid) } probe syscall.add_key.return = kernel.function("SyS_add_key").return !, - kernel.function("sys_add_key").return ? + kernel.function("sys_add_key").return ? { name = "add_key" retstr = returnstr(1) @@ -108,7 +108,7 @@ probe syscall.add_key.return = kernel.function("SyS_add_key").return !, # adjtimex ___________________________________________________ # long sys_adjtimex(struct timex __user *txc_p) probe syscall.adjtimex = kernel.function("SyS_adjtimex") !, - kernel.function("sys_adjtimex") + kernel.function("sys_adjtimex") { name = "adjtimex" @@ -128,7 +128,7 @@ probe syscall.adjtimex = kernel.function("SyS_adjtimex") !, argstr = sprintf("%p", $txc_p) } probe syscall.adjtimex.return = kernel.function("SyS_adjtimex").return !, - kernel.function("sys_adjtimex").return + kernel.function("sys_adjtimex").return { name = "adjtimex" retstr = _adjtimex_return_str($return) @@ -150,16 +150,16 @@ probe syscall.compat_adjtimex.return = kernel.function("compat_sys_adjtimex").re # long sys32_alarm(unsigned int seconds) # probe syscall.alarm = kernel.function("sys32_alarm") ?, - kernel.function("SyS_alarm") !, - kernel.function("sys_alarm") ? + kernel.function("SyS_alarm") !, + kernel.function("sys_alarm") ? { name = "alarm" seconds = $seconds argstr = sprint($seconds) } probe syscall.alarm.return = kernel.function("sys32_alarm").return ?, - kernel.function("SyS_alarm").return !, - kernel.function("sys_alarm").return ? + kernel.function("SyS_alarm").return !, + kernel.function("sys_alarm").return ? { name = "alarm" retstr = returnstr(1) @@ -168,7 +168,7 @@ probe syscall.alarm.return = kernel.function("sys32_alarm").return ?, # bdflush ____________________________________________________ # long sys_bdflush(int func, long data) probe syscall.bdflush = kernel.function("SyS_bdflush") !, - kernel.function("sys_bdflush") ? + kernel.function("sys_bdflush") ? { name = "bdflush" func = $func @@ -180,7 +180,7 @@ probe syscall.bdflush = kernel.function("SyS_bdflush") !, argstr = sprintf("%d, %s", func, data_str) } probe syscall.bdflush.return = kernel.function("SyS_bdflush").return !, - kernel.function("sys_bdflush").return ? + kernel.function("sys_bdflush").return ? { name = "bdflush" retstr = returnstr(1) @@ -189,7 +189,7 @@ probe syscall.bdflush.return = kernel.function("SyS_bdflush").return !, # bind _______________________________________________________ # long sys_bind(int fd, struct sockaddr __user *umyaddr, int addrlen) probe syscall.bind = kernel.function("SyS_bind") !, - kernel.function("sys_bind") ? + kernel.function("sys_bind") ? { name = "bind" sockfd = $fd @@ -198,7 +198,7 @@ probe syscall.bind = kernel.function("SyS_bind") !, argstr = sprintf("%d, %s, %d", $fd, _struct_sockaddr_u($umyaddr, $addrlen), $addrlen) } probe syscall.bind.return = kernel.function("SyS_bind").return !, - kernel.function("sys_bind").return ? + kernel.function("sys_bind").return ? { name = "bind" retstr = returnstr(1) @@ -207,16 +207,16 @@ probe syscall.bind.return = kernel.function("SyS_bind").return !, # brk ________________________________________________________ # unsigned long sys_brk(unsigned long brk) probe syscall.brk = kernel.function("ia64_brk") ?, - kernel.function("SyS_brk") !, - kernel.function("sys_brk") + kernel.function("SyS_brk") !, + kernel.function("sys_brk") { name = "brk" brk = $brk argstr = sprintf("%p", brk) } probe syscall.brk.return = kernel.function("ia64_brk").return ?, - kernel.function("SyS_brk").return !, - kernel.function("sys_brk").return + kernel.function("SyS_brk").return !, + kernel.function("sys_brk").return { name = "brk" retstr = returnstr(1) @@ -236,7 +236,7 @@ probe syscall.brk.return = kernel.function("ia64_brk").return ?, */ # long sys_capget(cap_user_header_t header, cap_user_data_t dataptr) probe syscall.capget = kernel.function("SyS_capget") !, - kernel.function("sys_capget") + kernel.function("sys_capget") { name = "capget" header_uaddr = $header @@ -244,7 +244,7 @@ probe syscall.capget = kernel.function("SyS_capget") !, argstr = sprintf("%p, %p", $header, $dataptr) } probe syscall.capget.return = kernel.function("SyS_capget").return !, - kernel.function("sys_capget").return + kernel.function("sys_capget").return { name = "capget" retstr = returnstr(1) @@ -263,7 +263,7 @@ probe syscall.capget.return = kernel.function("SyS_capget").return !, */ # long sys_capset(cap_user_header_t header, const cap_user_data_t data) probe syscall.capset = kernel.function("SyS_capset") !, - kernel.function("sys_capset") + kernel.function("sys_capset") { name = "capset" header_uaddr = $header @@ -271,7 +271,7 @@ probe syscall.capset = kernel.function("SyS_capset") !, argstr = sprintf("%p, %p", $header, $data) } probe syscall.capset.return = kernel.function("SyS_capset").return !, - kernel.function("sys_capset").return + kernel.function("sys_capset").return { name = "capset" retstr = returnstr(1) @@ -280,14 +280,14 @@ probe syscall.capset.return = kernel.function("SyS_capset").return !, # chdir ______________________________________________________ # long sys_chdir(const char __user * filename) probe syscall.chdir = kernel.function("SyS_chdir") !, - kernel.function("sys_chdir") + kernel.function("sys_chdir") { name = "chdir" path = user_string($filename) argstr = user_string_quoted($filename) } probe syscall.chdir.return = kernel.function("SyS_chdir").return !, - kernel.function("sys_chdir").return + kernel.function("sys_chdir").return { name = "chdir" retstr = returnstr(1) @@ -296,7 +296,7 @@ probe syscall.chdir.return = kernel.function("SyS_chdir").return !, # chmod ______________________________________________________ # long sys_chmod(const char __user * filename, mode_t mode) probe syscall.chmod = kernel.function("SyS_chmod") !, - kernel.function("sys_chmod") + kernel.function("sys_chmod") { name = "chmod" path = user_string($filename) @@ -304,7 +304,7 @@ probe syscall.chmod = kernel.function("SyS_chmod") !, argstr = sprintf("%s, %#o", user_string_quoted($filename), mode) } probe syscall.chmod.return = kernel.function("SyS_chmod").return !, - kernel.function("sys_chmod").return + kernel.function("sys_chmod").return { name = "chmod" retstr = returnstr(1) @@ -313,7 +313,7 @@ probe syscall.chmod.return = kernel.function("SyS_chmod").return !, # chown ______________________________________________________ # long sys_chown(const char __user * filename, uid_t user, gid_t group) probe syscall.chown = kernel.function("SyS_chown") !, - kernel.function("sys_chown") + kernel.function("sys_chown") { name = "chown" path = user_string($filename) @@ -322,7 +322,7 @@ probe syscall.chown = kernel.function("SyS_chown") !, argstr = sprintf("%s, %d, %d", user_string_quoted($filename), owner, group) } probe syscall.chown.return = kernel.function("SyS_chown").return !, - kernel.function("sys_chown").return + kernel.function("sys_chown").return { name = "chown" retstr = returnstr(1) @@ -348,14 +348,14 @@ probe syscall.chown16.return = kernel.function("sys_chown16").return ? # chroot _____________________________________________________ # long sys_chroot(const char __user * filename) probe syscall.chroot = kernel.function("SyS_chroot") !, - kernel.function("sys_chroot") + kernel.function("sys_chroot") { name = "chroot" path = user_string($filename) argstr = user_string_quoted($filename) } probe syscall.chroot.return = kernel.function("SyS_chroot").return !, - kernel.function("sys_chroot").return + kernel.function("sys_chroot").return { name = "chroot" retstr = returnstr(1) @@ -366,8 +366,8 @@ probe syscall.chroot.return = kernel.function("SyS_chroot").return !, # long compat_clock_getres(clockid_t which_clock, struct compat_timespec __user *tp) # probe syscall.clock_getres = kernel.function("compat_clock_getres") ?, - kernel.function("SyS_clock_getres") !, - kernel.function("sys_clock_getres") + kernel.function("SyS_clock_getres") !, + kernel.function("sys_clock_getres") { name = "clock_getres" clk_id = $which_clock @@ -376,8 +376,8 @@ probe syscall.clock_getres = kernel.function("compat_clock_getres") ?, argstr = sprintf("%s, %p", _get_wc_str($which_clock), $tp) } probe syscall.clock_getres.return = kernel.function("compat_clock_getres").return ?, - kernel.function("SyS_clock_getres").return !, - kernel.function("sys_clock_getres").return + kernel.function("SyS_clock_getres").return !, + kernel.function("sys_clock_getres").return { name = "clock_getres" retstr = returnstr(1) @@ -387,7 +387,7 @@ probe syscall.clock_getres.return = kernel.function("compat_clock_getres").retur # long sys_clock_gettime(clockid_t which_clock, struct timespec __user *tp) # probe syscall.clock_gettime = kernel.function("SyS_clock_gettime") !, - kernel.function("sys_clock_gettime") + kernel.function("sys_clock_gettime") { name = "clock_gettime" clk_id = $which_clock @@ -395,7 +395,7 @@ probe syscall.clock_gettime = kernel.function("SyS_clock_gettime") !, argstr = sprintf("%s, %p", _get_wc_str($which_clock), $tp) } probe syscall.clock_gettime.return = kernel.function("SyS_clock_gettime").return !, - kernel.function("sys_clock_gettime").return + kernel.function("sys_clock_gettime").return { name = "clock_gettime" retstr = returnstr(1) @@ -408,7 +408,7 @@ probe syscall.clock_gettime.return = kernel.function("SyS_clock_gettime").return # struct timespec __user *rmtp) # probe syscall.clock_nanosleep = kernel.function("SyS_clock_nanosleep") !, - kernel.function("sys_clock_nanosleep") + kernel.function("sys_clock_nanosleep") { name = "clock_nanosleep" if ($flags == 1) @@ -419,7 +419,7 @@ probe syscall.clock_nanosleep = kernel.function("SyS_clock_nanosleep") !, _struct_timespec_u($rqtp, 1), $rmtp) } probe syscall.clock_nanosleep.return = kernel.function("SyS_clock_nanosleep").return !, - kernel.function("sys_clock_nanosleep").return + kernel.function("sys_clock_nanosleep").return { name = "clock_nanosleep" retstr = returnstr(1) @@ -431,7 +431,7 @@ probe syscall.clock_nanosleep.return = kernel.function("SyS_clock_nanosleep").re # struct compat_timespec __user *rmtp) # probe syscall.compat_clock_nanosleep = kernel.function("compat_clock_nanosleep") ?, - kernel.function("compat_sys_clock_nanosleep") ? + kernel.function("compat_sys_clock_nanosleep") ? { name = "compat_clock_nanosleep" if ($flags == 1) @@ -442,7 +442,7 @@ probe syscall.compat_clock_nanosleep = kernel.function("compat_clock_nanosleep") _struct_compat_timespec_u($rqtp, 1), $rmtp) } probe syscall.compat_clock_nanosleep.return = kernel.function("compat_clock_nanosleep").return ?, - kernel.function("compat_sys_clock_nanosleep").return ? + kernel.function("compat_sys_clock_nanosleep").return ? { name = "compat_clock_nanosleep" retstr = returnstr(1) @@ -453,7 +453,7 @@ probe syscall.compat_clock_nanosleep.return = kernel.function("compat_clock_nano # const struct timespec __user *tp) # probe syscall.clock_settime = kernel.function("SyS_clock_settime") !, - kernel.function("sys_clock_settime") + kernel.function("sys_clock_settime") { name = "clock_settime" clk_id = $which_clock @@ -462,7 +462,7 @@ probe syscall.clock_settime = kernel.function("SyS_clock_settime") !, argstr = sprintf("%s, %s", clk_id_str, _struct_timespec_u($tp, 1)) } probe syscall.clock_settime.return = kernel.function("SyS_clock_settime").return !, - kernel.function("sys_clock_settime").return + kernel.function("sys_clock_settime").return { name = "clock_settime" retstr = returnstr(1) @@ -471,14 +471,14 @@ probe syscall.clock_settime.return = kernel.function("SyS_clock_settime").return # close ______________________________________________________ # long sys_close(unsigned int fd) probe syscall.close = kernel.function("SyS_close") !, - kernel.function("sys_close") + kernel.function("sys_close") { name = "close" fd = $fd argstr = sprint(fd) } probe syscall.close.return = kernel.function("SyS_close").return !, - kernel.function("sys_close").return + kernel.function("sys_close").return { name = "close" retstr = returnstr(1) @@ -486,7 +486,7 @@ probe syscall.close.return = kernel.function("SyS_close").return !, # connect ____________________________________________________ # long sys_connect(int fd, struct sockaddr __user *uservaddr, int addrlen) probe syscall.connect = kernel.function("SyS_connect") !, - kernel.function("sys_connect") ? + kernel.function("sys_connect") ? { name = "connect" sockfd = $fd @@ -495,7 +495,7 @@ probe syscall.connect = kernel.function("SyS_connect") !, argstr = sprintf("%d, %s, %d", $fd, _struct_sockaddr_u($uservaddr, $addrlen), $addrlen) } probe syscall.connect.return = kernel.function("SyS_connect").return !, - kernel.function("sys_connect").return ? + kernel.function("sys_connect").return ? { name = "connect" retstr = returnstr(1) @@ -504,7 +504,7 @@ probe syscall.connect.return = kernel.function("SyS_connect").return !, # creat # long sys_creat(const char __user * pathname, int mode) probe syscall.creat = kernel.function("SyS_creat") !, - kernel.function("sys_creat") ? + kernel.function("sys_creat") ? { name = "creat" mode = $mode @@ -512,7 +512,7 @@ probe syscall.creat = kernel.function("SyS_creat") !, argstr = sprintf("%s, %#o", user_string_quoted($pathname), $mode) } probe syscall.creat.return = kernel.function("SyS_creat").return !, - kernel.function("sys_creat").return ? + kernel.function("sys_creat").return ? { name = "creat" retstr = returnstr(1) @@ -521,7 +521,7 @@ probe syscall.creat.return = kernel.function("SyS_creat").return !, # delete_module ______________________________________________ # long sys_delete_module(const char __user *name_user, unsigned int flags) probe syscall.delete_module = kernel.function("SyS_delete_module") !, - kernel.function("sys_delete_module") ? + kernel.function("sys_delete_module") ? { name = "delete_module" name_user = user_string($name_user) @@ -529,7 +529,7 @@ probe syscall.delete_module = kernel.function("SyS_delete_module") !, argstr = sprintf("%s, %s", user_string_quoted($name_user), _module_flags_str($flags)) } probe syscall.delete_module.return = kernel.function("SyS_delete_module").return !, - kernel.function("sys_delete_module").return ? + kernel.function("sys_delete_module").return ? { name = "delete_module" retstr = returnstr(1) @@ -538,14 +538,14 @@ probe syscall.delete_module.return = kernel.function("SyS_delete_module").return # dup ________________________________________________________ # long sys_dup(unsigned int fildes) probe syscall.dup = kernel.function("SyS_dup") !, - kernel.function("sys_dup") + kernel.function("sys_dup") { name = "dup" oldfd = $fildes argstr = sprint($fildes) } probe syscall.dup.return = kernel.function("SyS_dup").return !, - kernel.function("sys_dup").return + kernel.function("sys_dup").return { name = "dup" retstr = returnstr(1) @@ -554,7 +554,7 @@ probe syscall.dup.return = kernel.function("SyS_dup").return !, # dup2 _______________________________________________________ # long sys_dup2(unsigned int oldfd, unsigned int newfd) probe syscall.dup2 = kernel.function("SyS_dup2") !, - kernel.function("sys_dup2") + kernel.function("sys_dup2") { name = "dup2" oldfd = $oldfd @@ -562,7 +562,7 @@ probe syscall.dup2 = kernel.function("SyS_dup2") !, argstr = sprintf("%d, %d", $oldfd, $newfd) } probe syscall.dup2.return = kernel.function("SyS_dup2").return !, - kernel.function("sys_dup2").return + kernel.function("sys_dup2").return { name = "dup2" retstr = returnstr(1) @@ -571,14 +571,14 @@ probe syscall.dup2.return = kernel.function("SyS_dup2").return !, # epoll_create _______________________________________________ # long sys_epoll_create(int size) probe syscall.epoll_create = kernel.function("SyS_epoll_create") !, - kernel.function("sys_epoll_create") ? + kernel.function("sys_epoll_create") ? { name = "epoll_create" size = $size argstr = sprint($size) } probe syscall.epoll_create.return = kernel.function("SyS_epoll_create").return !, - kernel.function("sys_epoll_create").return ? + kernel.function("sys_epoll_create").return ? { name = "epoll_create" retstr = returnstr(1) @@ -591,8 +591,8 @@ probe syscall.epoll_create.return = kernel.function("SyS_epoll_create").return ! # struct compat_epoll_event __user *event) # probe syscall.epoll_ctl = kernel.function("compat_sys_epoll_ctl") ?, - kernel.function("SyS_epoll_ctl") !, - kernel.function("sys_epoll_ctl") ? + kernel.function("SyS_epoll_ctl") !, + kernel.function("sys_epoll_ctl") ? { name = "epoll_ctl" epfd = $epfd @@ -603,8 +603,8 @@ probe syscall.epoll_ctl = kernel.function("compat_sys_epoll_ctl") ?, argstr = sprintf("%d, %s, %d, %p", $epfd, _opoll_op_str($op), $fd, $event) } probe syscall.epoll_ctl.return = kernel.function("compat_sys_epoll_ctl").return ?, - kernel.function("SyS_epoll_ctl").return !, - kernel.function("sys_epoll_ctl").return ? + kernel.function("SyS_epoll_ctl").return !, + kernel.function("sys_epoll_ctl").return ? { name = "epoll_ctl" retstr = returnstr(1) @@ -622,16 +622,16 @@ probe syscall.epoll_ctl.return = kernel.function("compat_sys_epoll_ctl").return # compat_size_t sigsetsize) # probe syscall.epoll_pwait = kernel.function("compat_sys_epoll_pwait") ?, - kernel.function("SyS_epoll_pwait") !, - kernel.function("sys_epoll_pwait") ? + kernel.function("SyS_epoll_pwait") !, + kernel.function("sys_epoll_pwait") ? { name = "epoll_pwait" argstr = sprintf("%d, %p, %d, %d, %p, %d", $epfd, $events, $maxevents, $timeout, $sigmask, $sigsetsize) } probe syscall.epoll_pwait.return = kernel.function("compat_sys_epoll_pwait").return ?, - kernel.function("SyS_epoll_pwait").return !, - kernel.function("sys_epoll_pwait").return ? + kernel.function("SyS_epoll_pwait").return !, + kernel.function("sys_epoll_pwait").return ? { name = "epoll_pwait" retstr = returnstr(1) @@ -646,8 +646,8 @@ probe syscall.epoll_pwait.return = kernel.function("compat_sys_epoll_pwait").ret # int maxevents, int timeout) # probe syscall.epoll_wait = kernel.function("compat_sys_epoll_wait") ?, - kernel.function("SyS_epoll_wait") !, - kernel.function("sys_epoll_wait") ? + kernel.function("SyS_epoll_wait") !, + kernel.function("sys_epoll_wait") ? { name = "epoll_wait" epfd = $epfd @@ -657,8 +657,8 @@ probe syscall.epoll_wait = kernel.function("compat_sys_epoll_wait") ?, argstr = sprintf("%d, %p, %d, %d", $epfd, $events, $maxevents, $timeout) } probe syscall.epoll_wait.return = kernel.function("compat_sys_epoll_wait").return ?, - kernel.function("SyS_epoll_wait").return !, - kernel.function("sys_epoll_wait").return ? + kernel.function("SyS_epoll_wait").return !, + kernel.function("sys_epoll_wait").return ? { name = "epoll_wait" retstr = returnstr(1) @@ -668,13 +668,13 @@ probe syscall.epoll_wait.return = kernel.function("compat_sys_epoll_wait").retur # long sys_eventfd(unsigned int count) # probe syscall.eventfd = kernel.function("SyS_eventfd") !, - kernel.function("sys_eventfd") ? + kernel.function("sys_eventfd") ? { name = "eventfd" argstr = sprint($count) } probe syscall.eventfd.return = kernel.function("SyS_eventfd").return !, - kernel.function("sys_eventfd").return ? + kernel.function("sys_eventfd").return ? { name = "eventfd" retstr = returnstr(1) @@ -733,7 +733,7 @@ probe syscall.exit = kernel.function("do_exit") # void sys_exit_group(int error_code) # probe syscall.exit_group = kernel.function("SyS_exit_group") !, - kernel.function("sys_exit_group") + kernel.function("sys_exit_group") { name = "exit_group" status = $error_code @@ -746,7 +746,7 @@ probe syscall.exit_group = kernel.function("SyS_exit_group") !, # new function with 2.6.16 # long sys_faccessat(int dfd, const char __user *filename, int mode) probe syscall.faccessat = kernel.function("SyS_faccessat") !, - kernel.function("sys_faccessat") ? + kernel.function("sys_faccessat") ? { name = "faccessat" dirfd = $dfd @@ -757,7 +757,7 @@ probe syscall.faccessat = kernel.function("SyS_faccessat") !, argstr = sprintf("%s, %s, %s", dirfd_str, user_string_quoted($filename), mode_str) } probe syscall.faccessat.return = kernel.function("SyS_faccessat").return !, - kernel.function("sys_faccessat").return ? + kernel.function("sys_faccessat").return ? { name = "faccessat" retstr = returnstr(1) @@ -768,7 +768,7 @@ probe syscall.faccessat.return = kernel.function("SyS_faccessat").return !, # long sys_fadvise64(int fd, loff_t offset, size_t len, int advice) # probe syscall.fadvise64 = kernel.function("SyS_fadvise64") !, - kernel.function("sys_fadvise64") ? + kernel.function("sys_fadvise64") ? { name = "fadvise64" fd = $fd @@ -778,7 +778,7 @@ probe syscall.fadvise64 = kernel.function("SyS_fadvise64") !, argstr = sprintf("%d, %d, %d, %s", $fd, $offset, $len, _fadvice_advice_str($advice)) } probe syscall.fadvise64.return = kernel.function("SyS_fadvise64").return !, - kernel.function("sys_fadvise64").return ? + kernel.function("sys_fadvise64").return ? { name = "fadvise64" retstr = returnstr(1) @@ -788,7 +788,7 @@ probe syscall.fadvise64.return = kernel.function("SyS_fadvise64").return !, # long sys_fadvise64_64(int fd, loff_t offset, loff_t len, int advice) # probe syscall.fadvise64_64 = kernel.function("SyS_fadvise64_64") !, - kernel.function("sys_fadvise64_64") ? + kernel.function("sys_fadvise64_64") ? { name = "fadvise64_64" fd = $fd @@ -798,7 +798,7 @@ probe syscall.fadvise64_64 = kernel.function("SyS_fadvise64_64") !, argstr = sprintf("%d, %d, %d, %s", $fd, $offset, $len, _fadvice_advice_str($advice)) } probe syscall.fadvise64_64.return = kernel.function("SyS_fadvise64_64").return !, - kernel.function("sys_fadvise64_64").return ? + kernel.function("sys_fadvise64_64").return ? { name = "fadvise64_64" retstr = returnstr(1) @@ -810,7 +810,7 @@ probe syscall.fadvise64_64.return = kernel.function("SyS_fadvise64_64").return ! # long sys_fadvise64(int fd, loff_t offset, size_t len, int advice) # probe syscall.fadvise64 = kernel.function("SyS_fadvise64") !, - kernel.function("sys_fadvise64") + kernel.function("sys_fadvise64") { name = "fadvise64" fd = 0 @@ -820,7 +820,7 @@ probe syscall.fadvise64 = kernel.function("SyS_fadvise64") !, argstr = "" } probe syscall.fadvise64.return = kernel.function("SyS_fadvise64").return !, - kernel.function("sys_fadvise64").return + kernel.function("sys_fadvise64").return { name = "fadvise64" retstr = returnstr(1) @@ -830,7 +830,7 @@ probe syscall.fadvise64.return = kernel.function("SyS_fadvise64").return !, # long sys_fadvise64_64(int fd, loff_t offset, loff_t len, int advice) # probe syscall.fadvise64_64 = kernel.function("SyS_fadvise64_64") !, - kernel.function("sys_fadvise64_64") + kernel.function("sys_fadvise64_64") { name = "fadvise64_64" fd = 0 @@ -840,7 +840,7 @@ probe syscall.fadvise64_64 = kernel.function("SyS_fadvise64_64") !, argstr = "" } probe syscall.fadvise64_64.return = kernel.function("SyS_fadvise64_64").return !, - kernel.function("sys_fadvise64_64").return + kernel.function("sys_fadvise64_64").return { name = "fadvise64_64" retstr = returnstr(1) @@ -850,14 +850,14 @@ probe syscall.fadvise64_64.return = kernel.function("SyS_fadvise64_64").return ! # fchdir _____________________________________________________ # long sys_fchdir(unsigned int fd) probe syscall.fchdir = kernel.function("SyS_fchdir") !, - kernel.function("sys_fchdir") + kernel.function("sys_fchdir") { name = "fchdir" fd = $fd argstr = sprint($fd) } probe syscall.fchdir.return = kernel.function("SyS_fchdir").return !, - kernel.function("sys_fchdir").return + kernel.function("sys_fchdir").return { name = "fchdir" retstr = returnstr(1) @@ -866,7 +866,7 @@ probe syscall.fchdir.return = kernel.function("SyS_fchdir").return !, # fchmod _____________________________________________________ # long sys_fchmod(unsigned int fd, mode_t mode) probe syscall.fchmod = kernel.function("SyS_fchmod") !, - kernel.function("sys_fchmod") + kernel.function("sys_fchmod") { name = "fchmod" fildes = $fd @@ -874,7 +874,7 @@ probe syscall.fchmod = kernel.function("SyS_fchmod") !, argstr = sprintf("%d, %#o", $fd, $mode) } probe syscall.fchmod.return = kernel.function("SyS_fchmod").return !, - kernel.function("sys_fchmod").return + kernel.function("sys_fchmod").return { name = "fchmod" retstr = returnstr(1) @@ -885,7 +885,7 @@ probe syscall.fchmod.return = kernel.function("SyS_fchmod").return !, # long sys_fchmodat(int dfd, const char __user *filename, # mode_t mode) probe syscall.fchmodat = kernel.function("SyS_fchmodat") !, - kernel.function("sys_fchmodat") ? + kernel.function("sys_fchmodat") ? { name = "fchmodat" dirfd = $dfd @@ -895,7 +895,7 @@ probe syscall.fchmodat = kernel.function("SyS_fchmodat") !, argstr = sprintf("%s, %s, %#o", dirfd_str, user_string_quoted($filename), $mode) } probe syscall.fchmodat.return = kernel.function("SyS_fchmodat").return !, - kernel.function("sys_fchmodat").return ? + kernel.function("sys_fchmodat").return ? { name = "fchmodat" retstr = returnstr(1) @@ -904,7 +904,7 @@ probe syscall.fchmodat.return = kernel.function("SyS_fchmodat").return !, # fchown _____________________________________________________ # long sys_fchown(unsigned int fd, uid_t user, gid_t group) probe syscall.fchown = kernel.function("SyS_fchown") !, - kernel.function("sys_fchown") + kernel.function("sys_fchown") { name = "fchown" fd = $fd @@ -913,7 +913,7 @@ probe syscall.fchown = kernel.function("SyS_fchown") !, argstr = sprintf("%d, %d, %d", $fd, owner, group) } probe syscall.fchown.return = kernel.function("SyS_fchown").return !, - kernel.function("sys_fchown").return + kernel.function("sys_fchown").return { name = "fchown" retstr = returnstr(1) @@ -940,7 +940,7 @@ probe syscall.fchown16.return = kernel.function("sys_fchown16").return ? # long sys_fchownat(int dfd, const char __user *filename, # uid_t user, gid_t group, int flag) probe syscall.fchownat = kernel.function("SyS_fchownat") !, - kernel.function("sys_fchownat") ? + kernel.function("sys_fchownat") ? { name = "fchownat" dirfd = $dfd @@ -954,7 +954,7 @@ probe syscall.fchownat = kernel.function("SyS_fchownat") !, dirfd_str, user_string_quoted($filename), owner, group, flags_str) } probe syscall.fchownat.return = kernel.function("SyS_fchownat").return !, - kernel.function("sys_fchownat").return ? + kernel.function("sys_fchownat").return ? { name = "fchownat" retstr = returnstr(1) @@ -967,10 +967,10 @@ probe syscall.fchownat.return = kernel.function("SyS_fchownat").return !, # long compat_sys_fcntl(unsigned int fd, unsigned int cmd, unsigned long arg) # probe syscall.fcntl = kernel.function("compat_sys_fcntl") ?, - kernel.function("compat_sys_fcntl64") ?, - kernel.function("sys_fcntl64") ?, - kernel.function("SyS_fcntl") !, - kernel.function("sys_fcntl") ? + kernel.function("compat_sys_fcntl64") ?, + kernel.function("sys_fcntl64") ?, + kernel.function("SyS_fcntl") !, + kernel.function("sys_fcntl") ? { name = "fcntl" fd = $fd @@ -980,10 +980,10 @@ probe syscall.fcntl = kernel.function("compat_sys_fcntl") ?, argstr = sprintf("%d, %s, %p", $fd, _fcntl_cmd_str($cmd), $arg) } probe syscall.fcntl.return = kernel.function("compat_sys_fcntl").return ?, - kernel.function("compat_sys_fcntl64").return ?, - kernel.function("sys_fcntl64").return ?, - kernel.function("SyS_fcntl").return !, - kernel.function("sys_fcntl").return ? + kernel.function("compat_sys_fcntl64").return ?, + kernel.function("sys_fcntl64").return ?, + kernel.function("SyS_fcntl").return !, + kernel.function("sys_fcntl").return ? { name = "fcntl" retstr = returnstr(1) @@ -992,14 +992,14 @@ probe syscall.fcntl.return = kernel.function("compat_sys_fcntl").return ?, # fdatasync __________________________________________________ # long sys_fdatasync(unsigned int fd) probe syscall.fdatasync = kernel.function("SyS_fdatasync") !, - kernel.function("sys_fdatasync") + kernel.function("sys_fdatasync") { name = "fdatasync" fd = $fd argstr = sprint(fd) } probe syscall.fdatasync.return = kernel.function("SyS_fdatasync").return !, - kernel.function("sys_fdatasync").return + kernel.function("sys_fdatasync").return { name = "fdatasync" retstr = returnstr(1) @@ -1009,7 +1009,7 @@ probe syscall.fdatasync.return = kernel.function("SyS_fdatasync").return !, # ssize_t sys_fgetxattr(int fd, char __user *name, # void __user *value, size_t size) probe syscall.fgetxattr = kernel.function("SyS_fgetxattr") !, - kernel.function("sys_fgetxattr") + kernel.function("sys_fgetxattr") { name = "fgetxattr" filedes = $fd @@ -1020,7 +1020,7 @@ probe syscall.fgetxattr = kernel.function("SyS_fgetxattr") !, argstr = sprintf("%d, %s, %p, %d", filedes, user_string_quoted($name), value_uaddr, size) } probe syscall.fgetxattr.return = kernel.function("SyS_fgetxattr").return !, - kernel.function("sys_fgetxattr").return + kernel.function("sys_fgetxattr").return { name = "fgetxattr" retstr = returnstr(1) @@ -1028,7 +1028,7 @@ probe syscall.fgetxattr.return = kernel.function("SyS_fgetxattr").return !, # flistxattr _________________________________________________ # ssize_t sys_flistxattr(int fd, char __user *list, size_t size) probe syscall.flistxattr = kernel.function("SyS_flistxattr") !, - kernel.function("sys_flistxattr") + kernel.function("sys_flistxattr") { name = "flistxattr" filedes = $fd @@ -1037,7 +1037,7 @@ probe syscall.flistxattr = kernel.function("SyS_flistxattr") !, argstr = sprintf("%d, %p, %d", filedes, list_uaddr, size) } probe syscall.flistxattr.return = kernel.function("SyS_flistxattr").return !, - kernel.function("sys_flistxattr").return + kernel.function("sys_flistxattr").return { name = "flistxattr" retstr = returnstr(1) @@ -1046,7 +1046,7 @@ probe syscall.flistxattr.return = kernel.function("SyS_flistxattr").return !, # flock ______________________________________________________ # long sys_flock(unsigned int fd, unsigned int cmd) probe syscall.flock = kernel.function("SyS_flock") !, - kernel.function("sys_flock") + kernel.function("sys_flock") { name = "flock" fd = $fd @@ -1054,7 +1054,7 @@ probe syscall.flock = kernel.function("SyS_flock") !, argstr = sprintf("%d, %s", fd, _flock_cmd_str(operation)) } probe syscall.flock.return = kernel.function("SyS_flock").return !, - kernel.function("sys_flock").return + kernel.function("sys_flock").return { name = "flock" retstr = returnstr(1) @@ -1128,7 +1128,7 @@ probe syscall.fork.return = kernel.function("do_fork").return # fremovexattr _______________________________________________ # long sys_fremovexattr(int fd, char __user *name) probe syscall.fremovexattr = kernel.function("SyS_fremovexattr") !, - kernel.function("sys_fremovexattr") + kernel.function("sys_fremovexattr") { name = "fremovexattr" filedes = $fd @@ -1136,7 +1136,7 @@ probe syscall.fremovexattr = kernel.function("SyS_fremovexattr") !, argstr = sprintf("FIXME PLEASE") } probe syscall.fremovexattr.return = kernel.function("SyS_fremovexattr").return !, - kernel.function("sys_fremovexattr").return + kernel.function("sys_fremovexattr").return { name = "fremovexattr" retstr = returnstr(1) @@ -1152,7 +1152,7 @@ probe syscall.fremovexattr.return = kernel.function("SyS_fremovexattr").return ! * int flags) */ probe syscall.fsetxattr = kernel.function("SyS_fsetxattr") !, - kernel.function("sys_fsetxattr") + kernel.function("sys_fsetxattr") { name = "fsetxattr" filedes = $fd @@ -1164,7 +1164,7 @@ probe syscall.fsetxattr = kernel.function("SyS_fsetxattr") !, argstr = sprintf("%d, %s, %p, %d, %p", filedes, user_string_quoted($name), value_uaddr, size, flags) } probe syscall.fsetxattr.return = kernel.function("SyS_fsetxattr").return !, - kernel.function("sys_fsetxattr").return + kernel.function("sys_fsetxattr").return { name = "fsetxattr" retstr = returnstr(1) @@ -1180,13 +1180,13 @@ probe syscall.fsetxattr.return = kernel.function("SyS_fsetxattr").return !, # long compat_sys_newfstat(unsigned int fd, struct compat_stat __user * statbuf) # probe syscall.fstat = kernel.function("sys_fstat") ?, - kernel.function("SyS_fstat64") ?, - kernel.function("sys_fstat64") ?, - kernel.function("sys32_fstat64") ?, - kernel.function("SyS_newfstat") ?, - kernel.function("sys_newfstat") ?, - kernel.function("sys_oabi_fstat64") ?, - kernel.function("compat_sys_newfstat") ? + kernel.function("SyS_fstat64") ?, + kernel.function("sys_fstat64") ?, + kernel.function("sys32_fstat64") ?, + kernel.function("SyS_newfstat") ?, + kernel.function("sys_newfstat") ?, + kernel.function("sys_oabi_fstat64") ?, + kernel.function("compat_sys_newfstat") ? { name = "fstat" filedes = $fd @@ -1194,13 +1194,13 @@ probe syscall.fstat = kernel.function("sys_fstat") ?, argstr = sprintf("%d, %p", $fd, $statbuf) } probe syscall.fstat.return = kernel.function("sys_fstat").return ?, - kernel.function("SyS_fstat64").return ?, - kernel.function("sys_fstat64").return ?, - kernel.function("sys32_fstat64").return ?, - kernel.function("SyS_newfstat").return ?, - kernel.function("sys_newfstat").return ?, - kernel.function("sys_oabi_fstat64").return ?, - kernel.function("compat_sys_newfstat").return ? + kernel.function("SyS_fstat64").return ?, + kernel.function("sys_fstat64").return ?, + kernel.function("sys32_fstat64").return ?, + kernel.function("SyS_newfstat").return ?, + kernel.function("sys_newfstat").return ?, + kernel.function("sys_oabi_fstat64").return ?, + kernel.function("compat_sys_newfstat").return ? { name = "fstat" retstr = returnstr(1) @@ -1212,11 +1212,11 @@ probe syscall.fstat.return = kernel.function("sys_fstat").return ?, # long sys_fstatat64(int dfd, char __user *filename, struct stat64 __user *statbuf, int flag) # long compat_sys_newfstatat(unsigned int dfd, char __user *filename, struct compat_stat __user *statbuf, int flag) probe syscall.fstatat = kernel.function("SyS_fstatat64") ?, - kernel.function("sys_fstatat64") ?, - kernel.function("SyS_newfstatat") ?, - kernel.function("sys_newfstatat") ?, - kernel.function("compat_sys_newfstatat") ?, - kernel.function("sys32_fstatat64") ? + kernel.function("sys_fstatat64") ?, + kernel.function("SyS_newfstatat") ?, + kernel.function("sys_newfstatat") ?, + kernel.function("compat_sys_newfstatat") ?, + kernel.function("sys32_fstatat64") ? { name = "fstatat" dirfd = $dfd @@ -1225,11 +1225,11 @@ probe syscall.fstatat = kernel.function("SyS_fstatat64") ?, argstr = sprintf("%s, %s, %p, %s", _dfd_str($dfd), user_string_quoted($filename), $statbuf, _at_flag_str($flag)) } probe syscall.fstatat.return = kernel.function("SyS_fstatat64").return ?, - kernel.function("sys_fstatat64").return ?, - kernel.function("SyS_newfstatat").return ?, - kernel.function("sys_newfstatat").return ?, - kernel.function("compat_sys_newfstatat").return ?, - kernel.function("sys32_fstatat64").return ? + kernel.function("sys_fstatat64").return ?, + kernel.function("SyS_newfstatat").return ?, + kernel.function("sys_newfstatat").return ?, + kernel.function("compat_sys_newfstatat").return ?, + kernel.function("sys32_fstatat64").return ? { name = "fstatat" retstr = returnstr(1) @@ -1240,8 +1240,8 @@ probe syscall.fstatat.return = kernel.function("SyS_fstatat64").return ?, # long compat_sys_fstatfs(unsigned int fd, struct compat_statfs __user *buf) # probe syscall.fstatfs = kernel.function("compat_sys_fstatfs") ?, - kernel.function("SyS_fstatfs") !, - kernel.function("sys_fstatfs") + kernel.function("SyS_fstatfs") !, + kernel.function("sys_fstatfs") { name = "fstatfs" fd = $fd @@ -1249,8 +1249,8 @@ probe syscall.fstatfs = kernel.function("compat_sys_fstatfs") ?, argstr = sprintf("%d, %p", $fd, $buf) } probe syscall.fstatfs.return = kernel.function("compat_sys_fstatfs").return ?, - kernel.function("SyS_fstatfs").return !, - kernel.function("sys_fstatfs").return + kernel.function("SyS_fstatfs").return !, + kernel.function("sys_fstatfs").return { name = "fstatfs" retstr = returnstr(1) @@ -1261,8 +1261,8 @@ probe syscall.fstatfs.return = kernel.function("compat_sys_fstatfs").return ?, # long compat_sys_fstatfs64(unsigned int fd, compat_size_t sz, struct compat_statfs64 __user *buf) # probe syscall.fstatfs64 = kernel.function("compat_sys_fstatfs64") ?, - kernel.function("SyS_fstatfs64") !, - kernel.function("sys_fstatfs64") ? + kernel.function("SyS_fstatfs64") !, + kernel.function("sys_fstatfs64") ? { name = "fstatfs" fd = $fd @@ -1271,8 +1271,8 @@ probe syscall.fstatfs64 = kernel.function("compat_sys_fstatfs64") ?, argstr = sprintf("%d, %d, %p", $fd, $sz, $buf) } probe syscall.fstatfs64.return = kernel.function("compat_sys_fstatfs64").return ?, - kernel.function("SyS_fstatfs64").return !, - kernel.function("sys_fstatfs64").return ? + kernel.function("SyS_fstatfs64").return !, + kernel.function("sys_fstatfs64").return ? { name = "fstatfs" retstr = returnstr(1) @@ -1281,14 +1281,14 @@ probe syscall.fstatfs64.return = kernel.function("compat_sys_fstatfs64").return # fsync ______________________________________________________ # long sys_fsync(unsigned int fd) probe syscall.fsync = kernel.function("SyS_fsync") !, - kernel.function("sys_fsync") + kernel.function("sys_fsync") { name = "fsync" fd = $fd argstr = sprint(fd) } probe syscall.fsync.return = kernel.function("SyS_fsync").return !, - kernel.function("sys_fsync").return + kernel.function("sys_fsync").return { name = "fsync" retstr = returnstr(1) @@ -1296,7 +1296,7 @@ probe syscall.fsync.return = kernel.function("SyS_fsync").return !, # ftruncate __________________________________________________ # long sys_ftruncate(unsigned int fd, unsigned long length) probe syscall.ftruncate = kernel.function("SyS_ftruncate") !, - kernel.function("sys_ftruncate") + kernel.function("sys_ftruncate") { name = "ftruncate" fd = $fd @@ -1304,7 +1304,7 @@ probe syscall.ftruncate = kernel.function("SyS_ftruncate") !, argstr = sprintf("%d, %d", fd, length) } probe syscall.ftruncate.return = kernel.function("SyS_ftruncate").return !, - kernel.function("sys_ftruncate").return + kernel.function("sys_ftruncate").return { name = "ftruncate" retstr = returnstr(1) @@ -1337,7 +1337,7 @@ probe syscall.ftruncate64.return = kernel.function("sys_ftruncate64").return ? # u32 val3) # probe syscall.futex = kernel.function("SyS_futex") !, - kernel.function("sys_futex") ? + kernel.function("sys_futex") ? { name = "futex" futex_uaddr = $uaddr @@ -1354,7 +1354,7 @@ probe syscall.futex = kernel.function("SyS_futex") !, $val) } probe syscall.futex.return = kernel.function("SyS_futex").return !, - kernel.function("sys_futex").return ? + kernel.function("sys_futex").return ? { name = "futex" retstr = returnstr(1) @@ -1388,7 +1388,7 @@ probe syscall.compat_futex.return = kernel.function("compat_sys_futex").return ? # probe syscall.futimesat = kernel.function("SyS_futimesat") !, - kernel.function("sys_futimesat") ? + kernel.function("sys_futimesat") ? { name = "futimesat" dirfd = $dfd @@ -1409,7 +1409,7 @@ probe syscall.compat_futimesat = kernel.function("compat_sys_futimesat") ? _struct_compat_timeval_u($t, 2)) } probe syscall.futimesat.return = kernel.function("SyS_futimesat").return !, - kernel.function("sys_futimesat").return ? + kernel.function("sys_futimesat").return ? { name = "futimesat" retstr = returnstr(1) @@ -1423,7 +1423,7 @@ probe syscall.compat_futimesat.return = kernel.function("compat_sys_futimesat"). # getcwd _____________________________________________________ # long sys_getcwd(char __user *buf, unsigned long size) probe syscall.getcwd = kernel.function("SyS_getcwd") !, - kernel.function("sys_getcwd") + kernel.function("sys_getcwd") { name = "getcwd" buf_uaddr = $buf @@ -1431,7 +1431,7 @@ probe syscall.getcwd = kernel.function("SyS_getcwd") !, argstr = sprintf("%p, %d", buf_uaddr, size) } probe syscall.getcwd.return = kernel.function("SyS_getcwd").return !, - kernel.function("sys_getcwd").return + kernel.function("sys_getcwd").return { name = "getcwd" retstr = returnstr(1) @@ -1444,11 +1444,11 @@ probe syscall.getcwd.return = kernel.function("SyS_getcwd").return !, # long compat_sys_getdents64(unsigned int fd, struct linux_dirent64 __user * dirent, unsigned int count) # probe syscall.getdents = kernel.function("SyS_getdents") ?, - kernel.function("sys_getdents") ?, - kernel.function("SyS_getdents64") ?, - kernel.function("sys_getdents64") ?, - kernel.function("compat_sys_getdents") ?, - kernel.function("compat_sys_getdents64") ? + kernel.function("sys_getdents") ?, + kernel.function("SyS_getdents64") ?, + kernel.function("sys_getdents64") ?, + kernel.function("compat_sys_getdents") ?, + kernel.function("compat_sys_getdents64") ? { name = "getdents" fd = $fd @@ -1457,11 +1457,11 @@ probe syscall.getdents = kernel.function("SyS_getdents") ?, argstr = sprintf("%d, %p, %d", $fd, $dirent, $count) } probe syscall.getdents.return = kernel.function("SyS_getdents").return ?, - kernel.function("sys_getdents").return ?, - kernel.function("SyS_getdents64").return ?, - kernel.function("sys_getdents64").return ?, - kernel.function("compat_sys_getdents").return ?, - kernel.function("compat_sys_getdents64").return ? + kernel.function("sys_getdents").return ?, + kernel.function("SyS_getdents64").return ?, + kernel.function("sys_getdents64").return ?, + kernel.function("compat_sys_getdents").return ?, + kernel.function("compat_sys_getdents64").return ? { name = "getdents" retstr = returnstr(1) @@ -1473,15 +1473,15 @@ probe syscall.getdents.return = kernel.function("SyS_getdents").return ?, # long sys32_getegid16(void) # probe syscall.getegid = kernel.function("sys_getegid16") ?, - kernel.function("sys32_getegid16") ?, - kernel.function("sys_getegid") + kernel.function("sys32_getegid16") ?, + kernel.function("sys_getegid") { name = "getegid" argstr = "" } probe syscall.getegid.return = kernel.function("sys_getegid16").return ?, - kernel.function("sys32_getegid16").return ?, - kernel.function("sys_getegid").return + kernel.function("sys32_getegid16").return ?, + kernel.function("sys_getegid").return { name = "getegid" retstr = returnstr(1) @@ -1492,15 +1492,15 @@ probe syscall.getegid.return = kernel.function("sys_getegid16").return ?, # long sys32_geteuid16(void) # probe syscall.geteuid = kernel.function("sys_geteuid16") ?, - kernel.function("sys32_geteuid16") ?, - kernel.function("sys_geteuid") + kernel.function("sys32_geteuid16") ?, + kernel.function("sys_geteuid") { name = "geteuid" argstr = "" } probe syscall.geteuid.return = kernel.function("sys_geteuid16").return ?, - kernel.function("sys32_geteuid16").return ?, - kernel.function("sys_geteuid").return + kernel.function("sys32_geteuid16").return ?, + kernel.function("sys_geteuid").return { name = "geteuid" retstr = returnstr(1) @@ -1511,15 +1511,15 @@ probe syscall.geteuid.return = kernel.function("sys_geteuid16").return ?, # long sys32_getgid16(void) # probe syscall.getgid = kernel.function("sys_getgid16") ?, - kernel.function("sys32_getgid16") ?, - kernel.function("sys_getgid") + kernel.function("sys32_getgid16") ?, + kernel.function("sys_getgid") { name = "getgid" argstr = "" } probe syscall.getgid.return = kernel.function("sys_getgid16").return ?, - kernel.function("sys32_getgid16").return ?, - kernel.function("sys_getgid").return + kernel.function("sys32_getgid16").return ?, + kernel.function("sys_getgid").return { name = "getgid" retstr = returnstr(1) @@ -1531,9 +1531,9 @@ probe syscall.getgid.return = kernel.function("sys_getgid16").return ?, # long sys32_getgroups16(int gidsetsize, u16 __user *grouplist) # probe syscall.getgroups = kernel.function("sys_getgroups16") ?, - kernel.function("sys32_getgroups16") ?, - kernel.function("SyS_getgroups") !, - kernel.function("sys_getgroups") ? + kernel.function("sys32_getgroups16") ?, + kernel.function("SyS_getgroups") !, + kernel.function("sys_getgroups") ? { name = "getgroups" size = $gidsetsize @@ -1541,9 +1541,9 @@ probe syscall.getgroups = kernel.function("sys_getgroups16") ?, argstr = sprintf("%d, %p", $gidsetsize, $grouplist) } probe syscall.getgroups.return = kernel.function("sys_getgroups16").return ?, - kernel.function("sys32_getgroups16").return ?, - kernel.function("SyS_getgroups").return !, - kernel.function("sys_getgroups").return ? + kernel.function("sys32_getgroups16").return ?, + kernel.function("SyS_getgroups").return !, + kernel.function("sys_getgroups").return ? { name = "getgroups" retstr = returnstr(1) @@ -1552,7 +1552,7 @@ probe syscall.getgroups.return = kernel.function("sys_getgroups16").return ?, # gethostname ________________________________________________ # long sys_gethostname(char __user *name, int len) probe syscall.gethostname = kernel.function("SyS_gethostname") !, - kernel.function("sys_gethostname") ? + kernel.function("sys_gethostname") ? { name = "gethostname" name_uaddr = $name @@ -1560,7 +1560,7 @@ probe syscall.gethostname = kernel.function("SyS_gethostname") !, argstr = sprintf ("%p, %d", name_uaddr, len) } probe syscall.gethostname.return = kernel.function("SyS_gethostname").return !, - kernel.function("sys_gethostname").return ? + kernel.function("sys_gethostname").return ? { name = "gethostname" retstr = returnstr(1) @@ -1570,7 +1570,7 @@ probe syscall.gethostname.return = kernel.function("SyS_gethostname").return !, # sys_getitimer(int which, struct itimerval __user *value) # probe syscall.getitimer = kernel.function("SyS_getitimer") !, - kernel.function("sys_getitimer") + kernel.function("sys_getitimer") { name = "getitimer" which = $which @@ -1578,7 +1578,7 @@ probe syscall.getitimer = kernel.function("SyS_getitimer") !, argstr = sprintf("%s, %p", _itimer_which_str($which), $value) } probe syscall.getitimer.return = kernel.function("SyS_getitimer").return !, - kernel.function("sys_getitimer").return + kernel.function("sys_getitimer").return { name = "getitimer" retstr = returnstr(1) @@ -1609,8 +1609,8 @@ probe syscall.compat_getitimer.return = kernel.function("compat_sys_getitimer"). # compat_ulong_t addr, compat_ulong_t flags) # probe syscall.get_mempolicy = kernel.function("compat_sys_get_mempolicy") ?, - kernel.function("SyS_get_mempolicy") !, - kernel.function("sys_get_mempolicy") ? + kernel.function("SyS_get_mempolicy") !, + kernel.function("sys_get_mempolicy") ? { name = "get_mempolicy" policy_uaddr = $policy @@ -1622,8 +1622,8 @@ probe syscall.get_mempolicy = kernel.function("compat_sys_get_mempolicy") ?, $nmask, $maxnode, $addr, $flags) } probe syscall.get_mempolicy.return = kernel.function("compat_sys_get_mempolicy").return ?, - kernel.function("SyS_get_mempolicy").return !, - kernel.function("sys_get_mempolicy").return ? + kernel.function("SyS_get_mempolicy").return !, + kernel.function("sys_get_mempolicy").return ? { name = "get_mempolicy" retstr = returnstr(1) @@ -1633,7 +1633,7 @@ probe syscall.get_mempolicy.return = kernel.function("compat_sys_get_mempolicy") # long sys_getpeername(int fd, struct sockaddr __user *usockaddr, int __user *usockaddr_len) # probe syscall.getpeername = kernel.function("SyS_getpeername") !, - kernel.function("sys_getpeername") ? + kernel.function("sys_getpeername") ? { name = "getpeername" s = $fd @@ -1642,7 +1642,7 @@ probe syscall.getpeername = kernel.function("SyS_getpeername") !, argstr = sprintf("%d, %p, %p", $fd, $usockaddr, $usockaddr_len) } probe syscall.getpeername.return = kernel.function("SyS_getpeername").return !, - kernel.function("sys_getpeername").return ? + kernel.function("sys_getpeername").return ? { name = "getpeername" retstr = returnstr(1) @@ -1651,14 +1651,14 @@ probe syscall.getpeername.return = kernel.function("SyS_getpeername").return !, # getpgid ____________________________________________________ # long sys_getpgid(pid_t pid) probe syscall.getpgid = kernel.function("SyS_getpgid") !, - kernel.function("sys_getpgid") + kernel.function("sys_getpgid") { name = "getpgid" pid = $pid argstr = sprintf("%d", $pid) } probe syscall.getpgid.return = kernel.function("SyS_getpgid").return !, - kernel.function("sys_getpgid").return + kernel.function("sys_getpgid").return { name = "getpgid" retstr = returnstr(1) @@ -1706,7 +1706,7 @@ probe syscall.getppid.return = kernel.function("sys_getppid").return # getpriority ________________________________________________ # long sys_getpriority(int which, int who) probe syscall.getpriority = kernel.function("SyS_getpriority") !, - kernel.function("sys_getpriority") + kernel.function("sys_getpriority") { name = "getpriority" which = $which @@ -1714,7 +1714,7 @@ probe syscall.getpriority = kernel.function("SyS_getpriority") !, argstr = sprintf("%s, %d", _priority_which_str(which), who) } probe syscall.getpriority.return = kernel.function("SyS_getpriority").return !, - kernel.function("sys_getpriority").return + kernel.function("sys_getpriority").return { name = "getpriority" retstr = returnstr(1) @@ -1728,8 +1728,8 @@ probe syscall.getpriority.return = kernel.function("SyS_getpriority").return !, # old_uid_t __user *egid, # old_uid_t __user *sgid) probe syscall.getresgid = kernel.function("sys_getresgid16") ?, - kernel.function("SyS_getresgid") !, - kernel.function("sys_getresgid") + kernel.function("SyS_getresgid") !, + kernel.function("sys_getresgid") { name = "getresgid" rgid_uaddr = $rgid @@ -1738,8 +1738,8 @@ probe syscall.getresgid = kernel.function("sys_getresgid16") ?, argstr = sprintf("%p, %p, %p", $rgid, $egid, $sgid) } probe syscall.getresgid.return = kernel.function("sys_getresgid16").return ?, - kernel.function("SyS_getresgid").return !, - kernel.function("sys_getresgid").return + kernel.function("SyS_getresgid").return !, + kernel.function("sys_getresgid").return { name = "getresgid" retstr = returnstr(1) @@ -1750,8 +1750,8 @@ probe syscall.getresgid.return = kernel.function("sys_getresgid16").return ?, # uid_t __user *euid, # uid_t __user *suid) probe syscall.getresuid = kernel.function("sys_getresuid16") ?, - kernel.function("SyS_getresuid") !, - kernel.function("sys_getresuid") + kernel.function("SyS_getresuid") !, + kernel.function("sys_getresuid") { name = "getresuid" ruid_uaddr = $ruid @@ -1760,8 +1760,8 @@ probe syscall.getresuid = kernel.function("sys_getresuid16") ?, argstr = sprintf("%p, %p, %p", $ruid, $euid, $suid) } probe syscall.getresuid.return = kernel.function("sys_getresuid16").return ?, - kernel.function("SyS_getresuid").return !, - kernel.function("sys_getresuid").return + kernel.function("SyS_getresuid").return !, + kernel.function("sys_getresuid").return { name = "getresuid" retstr = returnstr(1) @@ -1772,10 +1772,10 @@ probe syscall.getresuid.return = kernel.function("sys_getresuid16").return ?, # long sys_old_getrlimit(unsigned int resource, struct rlimit __user *rlim) # long compat_sys_getrlimit (unsigned int resource, struct compat_rlimit __user *rlim) probe syscall.getrlimit = kernel.function("SyS_getrlimit") ?, - kernel.function("sys_getrlimit") ?, - kernel.function("SyS_old_getrlimit") ?, - kernel.function("sys_old_getrlimit") ?, - kernel.function("compat_sys_getrlimit") ? + kernel.function("sys_getrlimit") ?, + kernel.function("SyS_old_getrlimit") ?, + kernel.function("sys_old_getrlimit") ?, + kernel.function("compat_sys_getrlimit") ? { name = "getrlimit" resource = $resource @@ -1783,10 +1783,10 @@ probe syscall.getrlimit = kernel.function("SyS_getrlimit") ?, argstr = sprintf("%s, %p", _rlimit_resource_str($resource), $rlim) } probe syscall.getrlimit.return = kernel.function("SyS_getrlimit").return ?, - kernel.function("sys_getrlimit").return ?, - kernel.function("SyS_old_getrlimit").return ?, - kernel.function("sys_old_getrlimit").return ?, - kernel.function("compat_sys_getrlimit").return ? + kernel.function("sys_getrlimit").return ?, + kernel.function("SyS_old_getrlimit").return ?, + kernel.function("sys_old_getrlimit").return ?, + kernel.function("compat_sys_getrlimit").return ? { name = "getrlimit" retstr = returnstr(1) @@ -1795,7 +1795,7 @@ probe syscall.getrlimit.return = kernel.function("SyS_getrlimit").return ?, # getrusage __________________________________________________ # long sys_getrusage(int who, struct rusage __user *ru) probe syscall.getrusage = kernel.function("SyS_getrusage") !, - kernel.function("sys_getrusage") + kernel.function("sys_getrusage") { name = "getrusage" who = $who @@ -1808,7 +1808,7 @@ probe syscall.getrusage = kernel.function("SyS_getrusage") !, argstr = sprintf("%s, %p", who_str, usage_uaddr) } probe syscall.getrusage.return = kernel.function("SyS_getrusage").return !, - kernel.function("sys_getrusage").return + kernel.function("sys_getrusage").return { name = "getrusage" retstr = returnstr(1) @@ -1817,14 +1817,14 @@ probe syscall.getrusage.return = kernel.function("SyS_getrusage").return !, # getsid _____________________________________________________ # long sys_getsid(pid_t pid) probe syscall.getsid = kernel.function("SyS_getsid") !, - kernel.function("sys_getsid") + kernel.function("sys_getsid") { name = "getsid" pid = $pid argstr = sprint(pid) } probe syscall.getsid.return = kernel.function("SyS_getsid").return !, - kernel.function("sys_getsid").return + kernel.function("sys_getsid").return { name = "getsid" retstr = returnstr(1) @@ -1835,7 +1835,7 @@ probe syscall.getsid.return = kernel.function("SyS_getsid").return !, # struct sockaddr __user *usockaddr, # int __user *usockaddr_len) probe syscall.getsockname = kernel.function("SyS_getsockname") !, - kernel.function("sys_getsockname") ? + kernel.function("sys_getsockname") ? { name = "getsockname" s = $fd @@ -1844,7 +1844,7 @@ probe syscall.getsockname = kernel.function("SyS_getsockname") !, argstr = sprintf("%d, %p, %p", $fd, $usockaddr, $usockaddr_len) } probe syscall.getsockname.return = kernel.function("SyS_getsockname").return !, - kernel.function("sys_getsockname").return ? + kernel.function("sys_getsockname").return ? { name = "getsockname" retstr = returnstr(1) @@ -1858,8 +1858,8 @@ probe syscall.getsockname.return = kernel.function("SyS_getsockname").return !, # int __user *optlen) # probe syscall.getsockopt = kernel.function("compat_sys_getsockopt") ?, - kernel.function("SyS_getsockopt") !, - kernel.function("sys_getsockopt") ? + kernel.function("SyS_getsockopt") !, + kernel.function("sys_getsockopt") ? { name = "getsockopt" fd = $fd @@ -1873,8 +1873,8 @@ probe syscall.getsockopt = kernel.function("compat_sys_getsockopt") ?, _sockopt_optname_str($optname), $optval, $optlen) } probe syscall.getsockopt.return = kernel.function("compat_sys_getsockopt").return ?, - kernel.function("SyS_getsockopt").return !, - kernel.function("sys_getsockopt").return ? + kernel.function("SyS_getsockopt").return !, + kernel.function("sys_getsockopt").return ? { name = "getsockopt" retstr = returnstr(1) @@ -1901,9 +1901,9 @@ probe syscall.gettid.return = kernel.function("sys_gettid").return # long compat_sys_gettimeofday(struct compat_timeval __user *tv, # struct timezone __user *tz) probe syscall.gettimeofday = kernel.function("compat_sys_gettimeofday") ?, - kernel.function("sys32_gettimeofday") ?, - kernel.function("SyS_gettimeofday") !, - kernel.function("sys_gettimeofday") + kernel.function("sys32_gettimeofday") ?, + kernel.function("SyS_gettimeofday") !, + kernel.function("sys_gettimeofday") { name = "gettimeofday" tv_uaddr = $tv @@ -1912,9 +1912,9 @@ probe syscall.gettimeofday = kernel.function("compat_sys_gettimeofday") ?, } probe syscall.gettimeofday.return = kernel.function("compat_sys_gettimeofday").return ?, - kernel.function("sys32_gettimeofday").return ?, - kernel.function("SyS_gettimeofday").return !, - kernel.function("sys_gettimeofday").return + kernel.function("sys32_gettimeofday").return ?, + kernel.function("SyS_gettimeofday").return !, + kernel.function("sys_gettimeofday").return { name = "gettimeofday" retstr = returnstr(1) @@ -1926,15 +1926,15 @@ probe syscall.gettimeofday.return = kernel.function("compat_sys_gettimeofday").r # long sys32_getuid16(void) # probe syscall.getuid = kernel.function("sys_getuid16") ?, - kernel.function("sys32_getuid16") ?, - kernel.function("sys_getuid") + kernel.function("sys32_getuid16") ?, + kernel.function("sys_getuid") { name = "getuid" argstr = "" } probe syscall.getuid.return = kernel.function("sys_getuid16").return ?, - kernel.function("sys32_getuid16").return ?, - kernel.function("sys_getuid").return + kernel.function("sys32_getuid16").return ?, + kernel.function("sys_getuid").return { name = "getuid" retstr = returnstr(1) @@ -1944,7 +1944,7 @@ probe syscall.getuid.return = kernel.function("sys_getuid16").return ?, # ssize_t sys_getxattr(char __user *path, char __user *name, # void __user *value, size_t size) probe syscall.getxattr = kernel.function("SyS_getxattr") !, - kernel.function("sys_getxattr") + kernel.function("sys_getxattr") { name = "getxattr" %( kernel_v >= "2.6.27" %? @@ -1966,7 +1966,7 @@ probe syscall.getxattr = kernel.function("SyS_getxattr") !, value_uaddr, size) } probe syscall.getxattr.return = kernel.function("SyS_getxattr").return !, - kernel.function("sys_getxattr").return + kernel.function("sys_getxattr").return { name = "getxattr" retstr = returnstr(1) @@ -1978,7 +1978,7 @@ probe syscall.getxattr.return = kernel.function("SyS_getxattr").return !, # const char __user *uargs) # probe syscall.init_module = kernel.function("SyS_init_module") !, - kernel.function("sys_init_module") ? + kernel.function("sys_init_module") ? { name = "init_module" umod_uaddr = $umod @@ -1987,7 +1987,7 @@ probe syscall.init_module = kernel.function("SyS_init_module") !, argstr = sprintf("%p, %d, %s", $umod, $len, user_string_quoted($uargs)) } probe syscall.init_module.return = kernel.function("SyS_init_module").return !, - kernel.function("sys_init_module").return ? + kernel.function("sys_init_module").return ? { name = "init_module" retstr = returnstr(1) @@ -1998,7 +1998,7 @@ probe syscall.init_module.return = kernel.function("SyS_init_module").return !, # long sys_inotify_add_watch(int fd, const char __user *path, u32 mask) # probe syscall.inotify_add_watch = kernel.function("SyS_inotify_add_watch") !, - kernel.function("sys_inotify_add_watch") ? + kernel.function("sys_inotify_add_watch") ? { name = "inotify_add_watch" fd = $fd @@ -2015,7 +2015,7 @@ probe syscall.inotify_add_watch = kernel.function("SyS_inotify_add_watch") !, } probe syscall.inotify_add_watch.return = kernel.function("SyS_inotify_add_watch").return !, - kernel.function("sys_inotify_add_watch").return ? + kernel.function("sys_inotify_add_watch").return ? { name = "inotify_add_watch" retstr = returnstr(1) @@ -2041,7 +2041,7 @@ probe syscall.inotify_init.return = kernel.function("sys_inotify_init").return ? # long sys_inotify_rm_watch(int fd, u32 wd) # probe syscall.inotify_rm_watch = kernel.function("SyS_inotify_rm_watch") !, - kernel.function("sys_inotify_rm_watch") ? + kernel.function("sys_inotify_rm_watch") ? { name = "inotify_rm_watch" fd = $fd @@ -2049,7 +2049,7 @@ probe syscall.inotify_rm_watch = kernel.function("SyS_inotify_rm_watch") !, argstr = sprintf("%d, %d", $fd, $wd) } probe syscall.inotify_rm_watch.return = kernel.function("SyS_inotify_rm_watch").return !, - kernel.function("sys_inotify_rm_watch").return ? + kernel.function("sys_inotify_rm_watch").return ? { name = "inotify_rm_watch" retstr = returnstr(1) @@ -2060,7 +2060,7 @@ probe syscall.inotify_rm_watch.return = kernel.function("SyS_inotify_rm_watch"). # struct iocb __user *iocb, # struct io_event __user *result) probe syscall.io_cancel = kernel.function("SyS_io_cancel") !, - kernel.function("sys_io_cancel") + kernel.function("sys_io_cancel") { name = "io_cancel" ctx_id = $ctx_id @@ -2069,7 +2069,7 @@ probe syscall.io_cancel = kernel.function("SyS_io_cancel") !, argstr = sprintf("%d, %p, %p", ctx_id, iocb_uaddr, result_uaddr) } probe syscall.io_cancel.return = kernel.function("SyS_io_cancel").return !, - kernel.function("sys_io_cancel").return + kernel.function("sys_io_cancel").return { name = "io_cancel" retstr = returnstr(1) @@ -2080,8 +2080,8 @@ probe syscall.io_cancel.return = kernel.function("SyS_io_cancel").return !, # long compat_sys_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg) # probe syscall.ioctl = kernel.function("compat_sys_ioctl") ?, - kernel.function("SyS_ioctl") !, - kernel.function("sys_ioctl") ? + kernel.function("SyS_ioctl") !, + kernel.function("sys_ioctl") ? { name = "ioctl" fd = $fd @@ -2090,8 +2090,8 @@ probe syscall.ioctl = kernel.function("compat_sys_ioctl") ?, argstr = sprintf("%d, %d, %p", $fd, $cmd, $arg) } probe syscall.ioctl.return = kernel.function("compat_sys_ioctl").return ?, - kernel.function("SyS_ioctl").return !, - kernel.function("sys_ioctl").return ? + kernel.function("SyS_ioctl").return !, + kernel.function("sys_ioctl").return ? { name = "ioctl" retstr = returnstr(1) @@ -2100,14 +2100,14 @@ probe syscall.ioctl.return = kernel.function("compat_sys_ioctl").return ?, # io_destroy _________________________________________________ # long sys_io_destroy(aio_context_t ctx) probe syscall.io_destroy = kernel.function("SyS_io_destroy") !, - kernel.function("sys_io_destroy") + kernel.function("sys_io_destroy") { name = "io_destroy" ctx = $ctx argstr = sprintf("%d", ctx) } probe syscall.io_destroy.return = kernel.function("SyS_io_destroy").return !, - kernel.function("sys_io_destroy").return + kernel.function("sys_io_destroy").return { name = "io_destroy" retstr = returnstr(1) @@ -2126,8 +2126,8 @@ probe syscall.io_destroy.return = kernel.function("SyS_io_destroy").return !, # struct compat_timespec __user *timeout) # probe syscall.io_getevents = kernel.function("compat_sys_io_getevents") ?, - kernel.function("SyS_io_getevents") !, - kernel.function("sys_io_getevents") ? + kernel.function("SyS_io_getevents") !, + kernel.function("sys_io_getevents") ? { name = "io_getevents" ctx_id = $ctx_id @@ -2140,8 +2140,8 @@ probe syscall.io_getevents = kernel.function("compat_sys_io_getevents") ?, $nr, $events, $timeout, timestr) } probe syscall.io_getevents.return = kernel.function("compat_sys_io_getevents").return ?, - kernel.function("SyS_io_getevents").return !, - kernel.function("sys_io_getevents").return ? + kernel.function("SyS_io_getevents").return !, + kernel.function("sys_io_getevents").return ? { name = "io_getevents" retstr = returnstr(1) @@ -2168,7 +2168,7 @@ probe syscall.ioperm.return = kernel.function("sys_ioperm").return ? # long sys_io_setup(unsigned nr_events, aio_context_t __user *ctxp) # probe syscall.io_setup = kernel.function("SyS_io_setup") !, - kernel.function("sys_io_setup") + kernel.function("sys_io_setup") { name = "io_setup" maxevents = $nr_events @@ -2177,7 +2177,7 @@ probe syscall.io_setup = kernel.function("SyS_io_setup") !, } probe syscall.io_setup.return = kernel.function("SyS_io_setup").return !, - kernel.function("sys_io_setup").return + kernel.function("sys_io_setup").return { name = "io_setup" retstr = returnstr(1) @@ -2202,7 +2202,7 @@ probe syscall.compat_io_setup.return = kernel.function("compat_sys_io_setup").re # long sys_io_submit(aio_context_t ctx_id, long nr, struct iocb __user * __user *iocbpp) # probe syscall.io_submit = kernel.function("SyS_io_submit") !, - kernel.function("sys_io_submit") + kernel.function("sys_io_submit") { name = "io_submit" ctx_id = $ctx_id @@ -2211,7 +2211,7 @@ probe syscall.io_submit = kernel.function("SyS_io_submit") !, argstr = sprintf("%d, %d, %p", $ctx_id, $nr, $iocbpp) } probe syscall.io_submit.return = kernel.function("SyS_io_submit").return !, - kernel.function("sys_io_submit").return + kernel.function("sys_io_submit").return { name = "io_submit" retstr = returnstr(1) @@ -2236,7 +2236,7 @@ probe syscall.compat_io_submit.return = kernel.function("compat_sys_io_submit"). # long sys_ioprio_get(int which, int who) # probe syscall.ioprio_get = kernel.function("SyS_ioprio_get") !, - kernel.function("sys_ioprio_get") ? + kernel.function("sys_ioprio_get") ? { name = "ioprio_get" which = $which @@ -2244,7 +2244,7 @@ probe syscall.ioprio_get = kernel.function("SyS_ioprio_get") !, argstr = sprintf("%d, %d", $which, $who) } probe syscall.ioprio_get.return = kernel.function("SyS_ioprio_get").return !, - kernel.function("sys_ioprio_get").return ? + kernel.function("sys_ioprio_get").return ? { name = "ioprio_get" retstr = returnstr(1) @@ -2254,7 +2254,7 @@ probe syscall.ioprio_get.return = kernel.function("SyS_ioprio_get").return !, # long sys_ioprio_set(int which, int who, int ioprio) # probe syscall.ioprio_set = kernel.function("SyS_ioprio_set") !, - kernel.function("sys_ioprio_set") ? + kernel.function("sys_ioprio_set") ? { name = "ioprio_set" which = $which @@ -2263,7 +2263,7 @@ probe syscall.ioprio_set = kernel.function("SyS_ioprio_set") !, argstr = sprintf("%d, %d, %d", $which, $who, $ioprio) } probe syscall.ioprio_set.return = kernel.function("SyS_ioprio_set").return !, - kernel.function("sys_ioprio_set").return ? + kernel.function("sys_ioprio_set").return ? { name = "ioprio_set" retstr = returnstr(1) @@ -2280,8 +2280,8 @@ probe syscall.ioprio_set.return = kernel.function("SyS_ioprio_set").return !, # unsigned long flags) # probe syscall.kexec_load = kernel.function("compat_sys_kexec_load") ?, - kernel.function("SyS_kexec_load") !, - kernel.function("sys_kexec_load") ? + kernel.function("SyS_kexec_load") !, + kernel.function("sys_kexec_load") ? { name = "kexec_load" entry = $entry @@ -2291,8 +2291,8 @@ probe syscall.kexec_load = kernel.function("compat_sys_kexec_load") ?, argstr = sprintf("%p, %d, %p, %d", $entry, $nr_segments, $segments, $flags) } probe syscall.kexec_load.return = kernel.function("compat_sys_kexec_load").return ?, - kernel.function("SyS_kexec_load").return !, - kernel.function("sys_kexec_load").return ? + kernel.function("SyS_kexec_load").return !, + kernel.function("sys_kexec_load").return ? { name = "kexec_load" retstr = returnstr(1) @@ -2307,16 +2307,16 @@ probe syscall.kexec_load.return = kernel.function("compat_sys_kexec_load").retur # long compat_sys_keyctl(u32 option, u32 arg2, u32 arg3, u32 arg4, u32 arg5) # probe syscall.keyctl = kernel.function("compat_sys_keyctl") ?, - kernel.function("SyS_keyctl") !, - kernel.function("sys_keyctl") ? + kernel.function("SyS_keyctl") !, + kernel.function("sys_keyctl") ? { name = "keyctl" argstr = sprintf("%d, ...", $option) } probe syscall.keyctl.return = kernel.function("compat_sys_keyctl").return ?, - kernel.function("SyS_keyctl").return !, - kernel.function("sys_keyctl").return ? + kernel.function("SyS_keyctl").return !, + kernel.function("sys_keyctl").return ? { name = "keyctl" retstr = returnstr(1) @@ -2325,7 +2325,7 @@ probe syscall.keyctl.return = kernel.function("compat_sys_keyctl").return ?, # kill _______________________________________________________ # long sys_kill(int pid, int sig) probe syscall.kill = kernel.function("SyS_kill") !, - kernel.function("sys_kill") + kernel.function("sys_kill") { name = "kill" pid = $pid @@ -2333,7 +2333,7 @@ probe syscall.kill = kernel.function("SyS_kill") !, argstr = sprintf("%d, %s", $pid, _signal_name($sig)) } probe syscall.kill.return = kernel.function("SyS_kill").return !, - kernel.function("sys_kill").return + kernel.function("sys_kill").return { name = "kill" retstr = returnstr(1) @@ -2343,7 +2343,7 @@ probe syscall.kill.return = kernel.function("SyS_kill").return !, # long sys_lchown(const char __user * filename, uid_t user, gid_t group) # probe syscall.lchown = kernel.function("SyS_lchown") !, - kernel.function("sys_lchown") + kernel.function("sys_lchown") { name = "lchown" path = user_string($filename) @@ -2352,7 +2352,7 @@ probe syscall.lchown = kernel.function("SyS_lchown") !, argstr = sprintf("%s, %d, %d", user_string_quoted($filename), owner, group) } probe syscall.lchown.return = kernel.function("SyS_lchown").return !, - kernel.function("sys_lchown").return + kernel.function("sys_lchown").return { name = "lchown" retstr = returnstr(1) @@ -2383,7 +2383,7 @@ probe syscall.lchown16.return = kernel.function("sys_lchown16").return ? # size_t size) # probe syscall.lgetxattr = kernel.function("SyS_lgetxattr") !, - kernel.function("sys_lgetxattr") + kernel.function("sys_lgetxattr") { name = "lgetxattr" %( kernel_v >= "2.6.27" %? @@ -2405,7 +2405,7 @@ probe syscall.lgetxattr = kernel.function("SyS_lgetxattr") !, value_uaddr, size) } probe syscall.lgetxattr.return = kernel.function("SyS_lgetxattr").return !, - kernel.function("sys_lgetxattr").return + kernel.function("sys_lgetxattr").return { name = "lgetxattr" retstr = returnstr(1) @@ -2415,7 +2415,7 @@ probe syscall.lgetxattr.return = kernel.function("SyS_lgetxattr").return !, # long sys_link(const char __user * oldname, # const char __user * newname) probe syscall.link = kernel.function("SyS_link") !, - kernel.function("sys_link") + kernel.function("sys_link") { name = "link" oldpath = user_string($oldname) @@ -2425,7 +2425,7 @@ probe syscall.link = kernel.function("SyS_link") !, user_string_quoted($newname)) } probe syscall.link.return = kernel.function("SyS_link").return !, - kernel.function("sys_link").return + kernel.function("sys_link").return { name = "link" retstr = returnstr(1) @@ -2436,7 +2436,7 @@ probe syscall.link.return = kernel.function("SyS_link").return !, # long sys_linkat(int olddfd, const char __user *oldname, # int newdfd, const char __user *newname, int flags) probe syscall.linkat = kernel.function("SyS_linkat") !, - kernel.function("sys_linkat") ? + kernel.function("sys_linkat") ? { name = "linkat" olddirfd = $olddfd @@ -2453,7 +2453,7 @@ probe syscall.linkat = kernel.function("SyS_linkat") !, flags_str) } probe syscall.linkat.return = kernel.function("SyS_linkat").return !, - kernel.function("sys_linkat").return ? + kernel.function("sys_linkat").return ? { name = "linkat" retstr = returnstr(1) @@ -2462,7 +2462,7 @@ probe syscall.linkat.return = kernel.function("SyS_linkat").return !, # listen _____________________________________________________ # long sys_listen(int fd, int backlog) probe syscall.listen = kernel.function("SyS_listen") !, - kernel.function("sys_listen") ? + kernel.function("sys_listen") ? { name = "listen" sockfd = $fd @@ -2470,7 +2470,7 @@ probe syscall.listen = kernel.function("SyS_listen") !, argstr = sprintf("%d, %d", $fd, $backlog) } probe syscall.listen.return = kernel.function("SyS_listen").return !, - kernel.function("sys_listen").return ? + kernel.function("sys_listen").return ? { name = "listen" retstr = returnstr(1) @@ -2480,7 +2480,7 @@ probe syscall.listen.return = kernel.function("SyS_listen").return !, # ssize_t sys_listxattr(char __user *path, char __user *list, size_t size) # probe syscall.listxattr = kernel.function("SyS_listxattr") !, - kernel.function("sys_listxattr") + kernel.function("sys_listxattr") { name = "listxattr" list_uaddr = $list @@ -2496,7 +2496,7 @@ probe syscall.listxattr = kernel.function("SyS_listxattr") !, %) } probe syscall.listxattr.return = kernel.function("SyS_listxattr").return !, - kernel.function("sys_listxattr").return + kernel.function("sys_listxattr").return { name = "listxattr" retstr = returnstr(1) @@ -2506,7 +2506,7 @@ probe syscall.listxattr.return = kernel.function("SyS_listxattr").return !, # ssize_t sys_llistxattr(char __user *path, char __user *list, size_t size) # probe syscall.llistxattr = kernel.function("SyS_llistxattr") !, - kernel.function("sys_llistxattr") + kernel.function("sys_llistxattr") { name = "llistxattr" list_uaddr = $list @@ -2522,7 +2522,7 @@ probe syscall.llistxattr = kernel.function("SyS_llistxattr") !, %) } probe syscall.llistxattr.return = kernel.function("SyS_llistxattr").return !, - kernel.function("sys_llistxattr").return + kernel.function("sys_llistxattr").return { name = "llistxattr" retstr = returnstr(1) @@ -2535,7 +2535,7 @@ probe syscall.llistxattr.return = kernel.function("SyS_llistxattr").return !, # loff_t __user * result, # unsigned int origin) probe syscall.llseek = kernel.function("SyS_llseek") !, - kernel.function("sys_llseek") ? + kernel.function("sys_llseek") ? { name = "llseek" fd = $fd @@ -2548,7 +2548,7 @@ probe syscall.llseek = kernel.function("SyS_llseek") !, $offset_low, $result, whence_str) } probe syscall.llseek.return = kernel.function("SyS_llseek").return !, - kernel.function("sys_llseek").return ? + kernel.function("sys_llseek").return ? { name = "llseek" retstr = returnstr(1) @@ -2558,7 +2558,7 @@ probe syscall.llseek.return = kernel.function("SyS_llseek").return !, # long sys_lookup_dcookie(u64 cookie64, char __user * buf, size_t len) # probe syscall.lookup_dcookie = kernel.function("SyS_lookup_dcookie") !, - kernel.function("sys_lookup_dcookie") ? + kernel.function("sys_lookup_dcookie") ? { name = "lookup_dcookie" cookie = $cookie64 @@ -2567,7 +2567,7 @@ probe syscall.lookup_dcookie = kernel.function("SyS_lookup_dcookie") !, argstr = sprintf("%d, %p, %d", $cookie64, $buf, $len) } probe syscall.lookup_dcookie.return = kernel.function("SyS_lookup_dcookie").return !, - kernel.function("sys_lookup_dcookie").return ? + kernel.function("sys_lookup_dcookie").return ? { name = "lookup_dcookie" retstr = returnstr(1) @@ -2577,7 +2577,7 @@ probe syscall.lookup_dcookie.return = kernel.function("SyS_lookup_dcookie").retu # long sys_lremovexattr(char __user *path, char __user *name) # probe syscall.lremovexattr = kernel.function("SyS_lremovexattr") !, - kernel.function("sys_lremovexattr") + kernel.function("sys_lremovexattr") { name = "lremovexattr" name_uaddr = $name @@ -2593,7 +2593,7 @@ probe syscall.lremovexattr = kernel.function("SyS_lremovexattr") !, %) } probe syscall.lremovexattr.return = kernel.function("SyS_lremovexattr").return !, - kernel.function("sys_lremovexattr").return + kernel.function("sys_lremovexattr").return { name = "lremovexattr" retstr = returnstr(1) @@ -2602,7 +2602,7 @@ probe syscall.lremovexattr.return = kernel.function("SyS_lremovexattr").return ! # lseek ______________________________________________________ # off_t sys_lseek(unsigned int fd, off_t offset, unsigned int origin) probe syscall.lseek = kernel.function("SyS_lseek") !, - kernel.function("sys_lseek") + kernel.function("sys_lseek") { name = "lseek" fildes = $fd @@ -2613,7 +2613,7 @@ probe syscall.lseek = kernel.function("SyS_lseek") !, argstr = sprintf("%d, %d, %s", $fd, offset, whence_str) } probe syscall.lseek.return = kernel.function("SyS_lseek").return !, - kernel.function("sys_lseek").return + kernel.function("sys_lseek").return { name = "lseek" retstr = returnstr(1) @@ -2627,7 +2627,7 @@ probe syscall.lseek.return = kernel.function("SyS_lseek").return !, # int flags) # probe syscall.lsetxattr = kernel.function("SyS_lsetxattr") !, - kernel.function("sys_lsetxattr") + kernel.function("sys_lsetxattr") { name = "lsetxattr" %( kernel_v >= "2.6.27" %? @@ -2652,7 +2652,7 @@ probe syscall.lsetxattr = kernel.function("SyS_lsetxattr") !, value_uaddr, $size, $flags) } probe syscall.lsetxattr.return = kernel.function("SyS_lsetxattr").return !, - kernel.function("sys_lsetxattr").return + kernel.function("sys_lsetxattr").return { name = "lsetxattr" retstr = returnstr(1) @@ -2668,13 +2668,13 @@ probe syscall.lsetxattr.return = kernel.function("SyS_lsetxattr").return !, # struct oldabi_stat64 __user * statbuf) # probe syscall.lstat = kernel.function("sys_lstat") ?, - kernel.function("SyS_newlstat") ?, - kernel.function("sys_newlstat") ?, - kernel.function("compat_sys_newlstat") ?, - kernel.function("sys32_lstat64") ?, - kernel.function("SyS_lstat64") ?, - kernel.function("sys_lstat64") ?, - kernel.function("sys_oabi_lstat64") ? + kernel.function("SyS_newlstat") ?, + kernel.function("sys_newlstat") ?, + kernel.function("compat_sys_newlstat") ?, + kernel.function("sys32_lstat64") ?, + kernel.function("SyS_lstat64") ?, + kernel.function("sys_lstat64") ?, + kernel.function("sys_oabi_lstat64") ? { name = "lstat" path = user_string($filename) @@ -2682,13 +2682,13 @@ probe syscall.lstat = kernel.function("sys_lstat") ?, argstr = sprintf("%s, %p", user_string_quoted($filename), $statbuf) } probe syscall.lstat.return = kernel.function("sys_lstat").return ?, - kernel.function("SyS_newlstat").return ?, - kernel.function("sys_newlstat").return ?, - kernel.function("compat_sys_newlstat").return ?, - kernel.function("sys32_lstat64").return ?, - kernel.function("SyS_lstat64").return ?, - kernel.function("sys_lstat64").return ?, - kernel.function("sys_oabi_lstat64").return ? + kernel.function("SyS_newlstat").return ?, + kernel.function("sys_newlstat").return ?, + kernel.function("compat_sys_newlstat").return ?, + kernel.function("sys32_lstat64").return ?, + kernel.function("SyS_lstat64").return ?, + kernel.function("sys_lstat64").return ?, + kernel.function("sys_oabi_lstat64").return ? { name = "lstat" retstr = returnstr(1) @@ -2698,7 +2698,7 @@ probe syscall.lstat.return = kernel.function("sys_lstat").return ?, # long sys_madvise(unsigned long start, size_t len_in, int behavior) # probe syscall.madvise = kernel.function("SyS_madvise") !, - kernel.function("sys_madvise") ? + kernel.function("sys_madvise") ? { name = "madvise" start = $start @@ -2708,7 +2708,7 @@ probe syscall.madvise = kernel.function("SyS_madvise") !, argstr = sprintf("%p, %d, %s", $start, $len_in, _madvice_advice_str($behavior)) } probe syscall.madvise.return = kernel.function("SyS_madvise").return !, - kernel.function("sys_madvise").return ? + kernel.function("sys_madvise").return ? { name = "madvise" retstr = returnstr(1) @@ -2730,8 +2730,8 @@ probe syscall.madvise.return = kernel.function("SyS_madvise").return !, # compat_ulong_t flags) # probe syscall.mbind = kernel.function("compat_sys_mbind") ?, - kernel.function("SyS_mbind") !, - kernel.function("sys_mbind") ? + kernel.function("SyS_mbind") !, + kernel.function("sys_mbind") ? { name = "mbind" start = $start @@ -2744,8 +2744,8 @@ probe syscall.mbind = kernel.function("compat_sys_mbind") ?, $nmask, $maxnode, $flags) } probe syscall.mbind.return = kernel.function("compat_sys_mbind").return ?, - kernel.function("SyS_mbind").return !, - kernel.function("sys_mbind").return ? + kernel.function("SyS_mbind").return !, + kernel.function("sys_mbind").return ? { name = "mbind" retstr = returnstr(1) @@ -2756,13 +2756,13 @@ probe syscall.mbind.return = kernel.function("compat_sys_mbind").return ?, # const unsigned long __user *old_nodes, # const unsigned long __user *new_nodes) probe syscall.migrate_pages = kernel.function("SyS_migrate_pages") !, - kernel.function("sys_migrate_pages") ? + kernel.function("sys_migrate_pages") ? { name = "migrate_pages" argstr = sprintf("%d, %d, %p, %p", $pid, $maxnode, $old_nodes, $new_nodes) } probe syscall.migrate_pages.return = kernel.function("SyS_migrate_pages").return !, - kernel.function("sys_migrate_pages").return ? + kernel.function("sys_migrate_pages").return ? { name = "migrate_pages" retstr = returnstr(1) @@ -2772,7 +2772,7 @@ probe syscall.migrate_pages.return = kernel.function("SyS_migrate_pages").return # long sys_mincore(unsigned long start, size_t len, unsigned char __user * vec) # probe syscall.mincore = kernel.function("SyS_mincore") !, - kernel.function("sys_mincore") ? + kernel.function("sys_mincore") ? { name = "mincore" start = $start @@ -2781,7 +2781,7 @@ probe syscall.mincore = kernel.function("SyS_mincore") !, argstr = sprintf("%p, %d, %p", $start, $len, $vec) } probe syscall.mincore.return = kernel.function("SyS_mincore").return !, - kernel.function("sys_mincore").return ? + kernel.function("sys_mincore").return ? { name = "mincore" retstr = returnstr(1) @@ -2790,7 +2790,7 @@ probe syscall.mincore.return = kernel.function("SyS_mincore").return !, # mkdir ______________________________________________________ # long sys_mkdir(const char __user * pathname, int mode) probe syscall.mkdir = kernel.function("SyS_mkdir") !, - kernel.function("sys_mkdir") + kernel.function("sys_mkdir") { name = "mkdir" pathname_uaddr = $pathname @@ -2799,7 +2799,7 @@ probe syscall.mkdir = kernel.function("SyS_mkdir") !, argstr = sprintf("%s, %#o", user_string_quoted($pathname), $mode) } probe syscall.mkdir.return = kernel.function("SyS_mkdir").return !, - kernel.function("sys_mkdir").return + kernel.function("sys_mkdir").return { name = "mkdir" retstr = returnstr(1) @@ -2809,7 +2809,7 @@ probe syscall.mkdir.return = kernel.function("SyS_mkdir").return !, # new function with 2.6.16 # long sys_mkdirat(int dfd, const char __user *pathname, int mode) probe syscall.mkdirat = kernel.function("SyS_mkdirat") !, - kernel.function("sys_mkdirat") ? + kernel.function("sys_mkdirat") ? { name = "mkdirat" dirfd = $dfd @@ -2818,7 +2818,7 @@ probe syscall.mkdirat = kernel.function("SyS_mkdirat") !, argstr = sprintf("%s, %s, %#o", _dfd_str($dfd), user_string_quoted($pathname), $mode) } probe syscall.mkdirat.return = kernel.function("SyS_mkdirat").return !, - kernel.function("sys_mkdirat").return ? + kernel.function("sys_mkdirat").return ? { name = "mkdirat" retstr = returnstr(1) @@ -2827,7 +2827,7 @@ probe syscall.mkdirat.return = kernel.function("SyS_mkdirat").return !, # mknod # long sys_mknod(const char __user * filename, int mode, unsigned dev) probe syscall.mknod = kernel.function("SyS_mknod") !, - kernel.function("sys_mknod") + kernel.function("sys_mknod") { name = "mknod" pathname = user_string($filename) @@ -2837,7 +2837,7 @@ probe syscall.mknod = kernel.function("SyS_mknod") !, } probe syscall.mknod.return = kernel.function("SyS_mknod").return !, - kernel.function("sys_mknod").return + kernel.function("sys_mknod").return { name = "mknod" retstr = returnstr(1) @@ -2848,7 +2848,7 @@ probe syscall.mknod.return = kernel.function("SyS_mknod").return !, # long sys_mknodat(int dfd, const char __user *filename, # int mode, unsigned dev) probe syscall.mknodat = kernel.function("SyS_mknodat") !, - kernel.function("sys_mknodat") ? + kernel.function("sys_mknodat") ? { name = "mknodat" dirfd = $dfd @@ -2861,7 +2861,7 @@ probe syscall.mknodat = kernel.function("SyS_mknodat") !, dirfd_str, user_string_quoted($filename), mode_str, $dev) } probe syscall.mknodat.return = kernel.function("SyS_mknodat").return !, - kernel.function("sys_mknodat").return ? + kernel.function("sys_mknodat").return ? { name = "mknodat" retstr = returnstr(1) @@ -2872,7 +2872,7 @@ probe syscall.mknodat.return = kernel.function("SyS_mknodat").return !, # long sys_mlock(unsigned long start, size_t len) # probe syscall.mlock = kernel.function("SyS_mlock") !, - kernel.function("sys_mlock") ? + kernel.function("sys_mlock") ? { name = "mlock" addr = $start @@ -2880,7 +2880,7 @@ probe syscall.mlock = kernel.function("SyS_mlock") !, argstr = sprintf("%p, %d", $start, $len) } probe syscall.mlock.return = kernel.function("SyS_mlock").return !, - kernel.function("sys_mlock").return ? + kernel.function("sys_mlock").return ? { name = "mlock" retstr = returnstr(1) @@ -2890,14 +2890,14 @@ probe syscall.mlock.return = kernel.function("SyS_mlock").return !, # long sys_mlockall(int flags) # probe syscall.mlockall = kernel.function("SyS_mlockall") !, - kernel.function("sys_mlockall") ? + kernel.function("sys_mlockall") ? { name = "mlockall" flags = $flags argstr = _mlockall_flags_str($flags) } probe syscall.mlockall.return = kernel.function("SyS_mlockall").return !, - kernel.function("sys_mlockall").return ? + kernel.function("sys_mlockall").return ? { name = "mlockall" retstr = returnstr(1) @@ -2934,15 +2934,15 @@ probe syscall.modify_ldt.return = kernel.function("sys_modify_ldt").return ? # int flags) # probe syscall.move_pages = kernel.function("compat_sys_move_pages") ?, - kernel.function("SyS_move_pages") !, - kernel.function("sys_move_pages") ? + kernel.function("SyS_move_pages") !, + kernel.function("sys_move_pages") ? { name = "move_pages" argstr = sprintf("%d, %d, %p, %p, 0x%x", $pid, $nr_pages, $nodes, $status, $flags) } probe syscall.move_pages.return = kernel.function("compat_sys_move_pages").return ?, - kernel.function("SyS_move_pages").return !, - kernel.function("sys_move_pages").return ? + kernel.function("SyS_move_pages").return !, + kernel.function("sys_move_pages").return ? { name = "move_pages" retstr = returnstr(1) @@ -2960,8 +2960,8 @@ probe syscall.move_pages.return = kernel.function("compat_sys_move_pages").retur # unsigned long flags, # void __user * data) probe syscall.mount = kernel.function("compat_sys_mount") ?, - kernel.function("SyS_mount") !, - kernel.function("sys_mount") + kernel.function("SyS_mount") !, + kernel.function("sys_mount") { name = "mount" source = user_string($dev_name) @@ -2977,8 +2977,8 @@ probe syscall.mount = kernel.function("compat_sys_mount") ?, mountflags_str, data) } probe syscall.mount.return = kernel.function("compat_sys_mount").return ?, - kernel.function("SyS_mount").return !, - kernel.function("sys_mount").return + kernel.function("SyS_mount").return !, + kernel.function("sys_mount").return { name = "mount" retstr = returnstr(1) @@ -2988,7 +2988,7 @@ probe syscall.mount.return = kernel.function("compat_sys_mount").return ?, # long sys_mprotect(unsigned long start, size_t len, unsigned long prot) # probe syscall.mprotect = kernel.function("SyS_mprotect") !, - kernel.function("sys_mprotect") ? + kernel.function("sys_mprotect") ? { name = "mprotect" addr = $start @@ -2998,7 +2998,7 @@ probe syscall.mprotect = kernel.function("SyS_mprotect") !, argstr = sprintf("%p, %d, %s", $start, $len, _mprotect_prot_str($prot)) } probe syscall.mprotect.return = kernel.function("SyS_mprotect").return !, - kernel.function("sys_mprotect").return ? + kernel.function("sys_mprotect").return ? { name = "mprotect" retstr = returnstr(1) @@ -3013,8 +3013,8 @@ probe syscall.mprotect.return = kernel.function("SyS_mprotect").return !, # struct compat_mq_attr __user *u_omqstat) # probe syscall.mq_getsetattr = kernel.function("compat_sys_mq_getsetattr") ?, - kernel.function("SyS_mq_getsetattr") !, - kernel.function("sys_mq_getsetattr") ? + kernel.function("SyS_mq_getsetattr") !, + kernel.function("sys_mq_getsetattr") ? { name = "mq_getsetattr" mqdes = $mqdes @@ -3023,8 +3023,8 @@ probe syscall.mq_getsetattr = kernel.function("compat_sys_mq_getsetattr") ?, argstr = sprintf("%d, %p, %p", $mqdes, $u_mqstat, $u_omqstat) } probe syscall.mq_getsetattr.return = kernel.function("compat_sys_mq_getsetattr").return ?, - kernel.function("SyS_mq_getsetattr").return !, - kernel.function("sys_mq_getsetattr").return ? + kernel.function("SyS_mq_getsetattr").return !, + kernel.function("sys_mq_getsetattr").return ? { name = "mq_getsetattr" retstr = returnstr(1) @@ -3035,8 +3035,8 @@ probe syscall.mq_getsetattr.return = kernel.function("compat_sys_mq_getsetattr") # long compat_sys_mq_notify(mqd_t mqdes, const struct compat_sigevent __user *u_notification) # probe syscall.mq_notify = kernel.function("compat_sys_mq_notify") ?, - kernel.function("SyS_mq_notify") !, - kernel.function("sys_mq_notify") ? + kernel.function("SyS_mq_notify") !, + kernel.function("sys_mq_notify") ? { name = "mq_notify" mqdes = $mqdes @@ -3044,8 +3044,8 @@ probe syscall.mq_notify = kernel.function("compat_sys_mq_notify") ?, argstr = sprintf("%d, %p", $mqdes, $u_notification) } probe syscall.mq_notify.return = kernel.function("compat_sys_mq_notify").return ?, - kernel.function("SyS_mq_notify").return !, - kernel.function("sys_mq_notify").return ? + kernel.function("SyS_mq_notify").return !, + kernel.function("sys_mq_notify").return ? { name = "mq_notify" retstr = returnstr(1) @@ -3061,8 +3061,8 @@ probe syscall.mq_notify.return = kernel.function("compat_sys_mq_notify").return # struct compat_mq_attr __user *u_attr) # probe syscall.mq_open = kernel.function("compat_sys_mq_open") ?, - kernel.function("SyS_mq_open") !, - kernel.function("sys_mq_open") ? + kernel.function("SyS_mq_open") !, + kernel.function("sys_mq_open") ? { name = "mq_open" name_uaddr = $u_name @@ -3077,8 +3077,8 @@ probe syscall.mq_open = kernel.function("compat_sys_mq_open") ?, argstr = sprintf("%s, %s", user_string_quoted($u_name), _sys_open_flag_str($oflag)) } probe syscall.mq_open.return = kernel.function("compat_sys_mq_open").return ?, - kernel.function("SyS_mq_open").return !, - kernel.function("sys_mq_open").return ? + kernel.function("SyS_mq_open").return !, + kernel.function("sys_mq_open").return ? { name = "mq_open" retstr = returnstr(1) @@ -3096,8 +3096,8 @@ probe syscall.mq_open.return = kernel.function("compat_sys_mq_open").return ?, # const struct compat_timespec __user *u_abs_timeout) # probe syscall.mq_timedreceive = kernel.function("compat_sys_mq_timedreceive") ?, - kernel.function("SyS_mq_timedreceive") !, - kernel.function("sys_mq_timedreceive") ? + kernel.function("SyS_mq_timedreceive") !, + kernel.function("sys_mq_timedreceive") ? { name = "mq_timedreceive" mqdes = $mqdes @@ -3109,8 +3109,8 @@ probe syscall.mq_timedreceive = kernel.function("compat_sys_mq_timedreceive") ?, $u_msg_prio, $u_abs_timeout) } probe syscall.mq_timedreceive.return = kernel.function("compat_sys_mq_timedreceive").return ?, - kernel.function("SyS_mq_timedreceive").return !, - kernel.function("sys_mq_timedreceive").return ? + kernel.function("SyS_mq_timedreceive").return !, + kernel.function("sys_mq_timedreceive").return ? { name = "mq_timedreceive" retstr = returnstr(1) @@ -3128,8 +3128,8 @@ probe syscall.mq_timedreceive.return = kernel.function("compat_sys_mq_timedrecei # const struct compat_timespec __user *u_abs_timeout) # probe syscall.mq_timedsend = kernel.function("compat_sys_mq_timedsend") ?, - kernel.function("SyS_mq_timedsend") !, - kernel.function("sys_mq_timedsend") ? + kernel.function("SyS_mq_timedsend") !, + kernel.function("sys_mq_timedsend") ? { name = "mq_timedsend" mqdes = $mqdes @@ -3141,8 +3141,8 @@ probe syscall.mq_timedsend = kernel.function("compat_sys_mq_timedsend") ?, $msg_prio, $u_abs_timeout) } probe syscall.mq_timedsend.return = kernel.function("compat_sys_mq_timedsend").return ?, - kernel.function("SyS_mq_timedsend").return !, - kernel.function("sys_mq_timedsend").return ? + kernel.function("SyS_mq_timedsend").return !, + kernel.function("sys_mq_timedsend").return ? { name = "mq_timedsend" retstr = returnstr(1) @@ -3152,7 +3152,7 @@ probe syscall.mq_timedsend.return = kernel.function("compat_sys_mq_timedsend").r # long sys_mq_unlink(const char __user *u_name) # probe syscall.mq_unlink = kernel.function("SyS_mq_unlink") !, - kernel.function("sys_mq_unlink") ? + kernel.function("sys_mq_unlink") ? { name = "mq_unlink" u_name_uaddr = $u_name @@ -3160,7 +3160,7 @@ probe syscall.mq_unlink = kernel.function("SyS_mq_unlink") !, argstr = user_string_quoted($u_name) } probe syscall.mq_unlink.return = kernel.function("SyS_mq_unlink").return !, - kernel.function("sys_mq_unlink").return ? + kernel.function("sys_mq_unlink").return ? { name = "mq_unlink" retstr = returnstr(1) @@ -3174,8 +3174,8 @@ probe syscall.mq_unlink.return = kernel.function("SyS_mq_unlink").return !, # unsigned long new_addr) # probe syscall.mremap = kernel.function("ia64_mremap") ?, - kernel.function("SyS_mremap") !, - kernel.function("sys_mremap") ? + kernel.function("SyS_mremap") !, + kernel.function("sys_mremap") ? { name = "mremap" old_address = $addr @@ -3187,8 +3187,8 @@ probe syscall.mremap = kernel.function("ia64_mremap") ?, _mremap_flags($flags), $new_addr) } probe syscall.mremap.return = kernel.function("ia64_mremap").return ?, - kernel.function("SyS_mremap").return !, - kernel.function("sys_mremap").return ? + kernel.function("SyS_mremap").return !, + kernel.function("sys_mremap").return ? { name = "mremap" retstr = returnstr(2) @@ -3198,7 +3198,7 @@ probe syscall.mremap.return = kernel.function("ia64_mremap").return ?, # long sys_msgctl (int msqid, int cmd, struct msqid_ds __user *buf) # probe syscall.msgctl = kernel.function("SyS_msgctl") !, - kernel.function("sys_msgctl") ? + kernel.function("sys_msgctl") ? { name = "msgctl" msqid = $msqid @@ -3207,7 +3207,7 @@ probe syscall.msgctl = kernel.function("SyS_msgctl") !, argstr = sprintf("%d, %d, %p", $msqid, $cmd, $buf) } probe syscall.msgctl.return = kernel.function("SyS_msgctl").return !, - kernel.function("sys_msgctl").return ? + kernel.function("sys_msgctl").return ? { name = "msgctl" retstr = returnstr(1) @@ -3231,7 +3231,7 @@ probe syscall.compat_sys_msgctl.return = kernel.function("compat_sys_msgctl").re # long sys_msgget (key_t key, int msgflg) # probe syscall.msgget = kernel.function("SyS_msgget") !, - kernel.function("sys_msgget") ? + kernel.function("sys_msgget") ? { name = "msgget" key = $key @@ -3240,7 +3240,7 @@ probe syscall.msgget = kernel.function("SyS_msgget") !, argstr = sprintf("%d, %s", $key, _sys_open_flag_str($msgflg)) } probe syscall.msgget.return = kernel.function("SyS_msgget").return !, - kernel.function("sys_msgget").return ? + kernel.function("sys_msgget").return ? { name = "msgget" retstr = returnstr(1) @@ -3254,7 +3254,7 @@ probe syscall.msgget.return = kernel.function("SyS_msgget").return !, # int msgflg) # probe syscall.msgrcv = kernel.function("SyS_msgrcv") !, - kernel.function("sys_msgrcv") ? + kernel.function("sys_msgrcv") ? { name = "msgrcv" msqid = $msqid @@ -3265,7 +3265,7 @@ probe syscall.msgrcv = kernel.function("SyS_msgrcv") !, argstr = sprintf("%d, %p, %d, %d, %d", $msqid, $msgp, $msgsz, $msgtyp, $msgflg) } probe syscall.msgrcv.return = kernel.function("SyS_msgrcv").return !, - kernel.function("sys_msgrcv").return ? + kernel.function("sys_msgrcv").return ? { name = "msgrcv" retstr = returnstr(1) @@ -3293,7 +3293,7 @@ probe syscall.compat_sys_msgrcv.return = kernel.function("compat_sys_msgrcv").re # int msgflg) # probe syscall.msgsnd = kernel.function("SyS_msgsnd") !, - kernel.function("sys_msgsnd") ? + kernel.function("sys_msgsnd") ? { name = "msgsnd" msqid = $msqid @@ -3303,7 +3303,7 @@ probe syscall.msgsnd = kernel.function("SyS_msgsnd") !, argstr = sprintf("%d, %p, %d, %d", $msqid, $msgp, $msgsz, $msgflg) } probe syscall.msgsnd.return = kernel.function("SyS_msgsnd").return !, - kernel.function("sys_msgsnd").return ? + kernel.function("sys_msgsnd").return ? { name = "msgsnd" retstr = returnstr(1) @@ -3326,7 +3326,7 @@ probe syscall.compat_sys_msgsnd.return = kernel.function("compat_sys_msgsnd").re # msync ______________________________________________________ # long sys_msync(unsigned long start, size_t len, int flags) probe syscall.msync = kernel.function("SyS_msync") !, - kernel.function("sys_msync") ? + kernel.function("sys_msync") ? { name = "msync" start = $start @@ -3335,7 +3335,7 @@ probe syscall.msync = kernel.function("SyS_msync") !, argstr = sprintf("%p, %d, %s", start, length, _msync_flag_str(flags)) } probe syscall.msync.return = kernel.function("SyS_msync").return !, - kernel.function("sys_msync").return ? + kernel.function("sys_msync").return ? { name = "msync" retstr = returnstr(1) @@ -3344,7 +3344,7 @@ probe syscall.msync.return = kernel.function("SyS_msync").return !, # munlock ____________________________________________________ # long sys_munlock(unsigned long start, size_t len) probe syscall.munlock = kernel.function("SyS_munlock") !, - kernel.function("sys_munlock") ? + kernel.function("sys_munlock") ? { name = "munlock" addr = $start @@ -3352,7 +3352,7 @@ probe syscall.munlock = kernel.function("SyS_munlock") !, argstr = sprintf("%p, %d", addr, len) } probe syscall.munlock.return = kernel.function("SyS_munlock").return !, - kernel.function("sys_munlock").return ? + kernel.function("sys_munlock").return ? { name = "munlock" retstr = returnstr(1) @@ -3374,7 +3374,7 @@ probe syscall.munlockall.return = kernel.function("sys_munlockall").return ? # munmap _____________________________________________________ # long sys_munmap(unsigned long addr, size_t len) probe syscall.munmap = kernel.function("SyS_munmap") !, - kernel.function("sys_munmap") + kernel.function("sys_munmap") { name = "munmap" start = $addr @@ -3382,7 +3382,7 @@ probe syscall.munmap = kernel.function("SyS_munmap") !, argstr = sprintf("%p, %d", start, length) } probe syscall.munmap.return = kernel.function("SyS_munmap").return !, - kernel.function("sys_munmap").return + kernel.function("sys_munmap").return { name = "munmap" retstr = returnstr(1) diff --git a/tapset/syscalls2.stp b/tapset/syscalls2.stp index ade1496c..e97082c7 100644 --- a/tapset/syscalls2.stp +++ b/tapset/syscalls2.stp @@ -29,7 +29,7 @@ # struct compat_timespec __user *rmtp) # probe syscall.nanosleep = kernel.function("SyS_nanosleep") !, - kernel.function("sys_nanosleep") + kernel.function("sys_nanosleep") { name = "nanosleep" req_uaddr = $rqtp @@ -37,7 +37,7 @@ probe syscall.nanosleep = kernel.function("SyS_nanosleep") !, argstr = sprintf("%s, %p", _struct_timespec_u($rqtp, 1), $rmtp) } probe syscall.nanosleep.return = kernel.function("SyS_nanosleep").return !, - kernel.function("sys_nanosleep").return + kernel.function("sys_nanosleep").return { name = "nanosleep" retstr = returnstr(1) @@ -62,7 +62,7 @@ probe syscall.compat_nanosleep.return = kernel.function("compat_sys_nanosleep"). # union compat_nfsctl_res __user *res) # probe syscall.nfsservctl = kernel.function("sys_nfsservctl") ?, - kernel.function("compat_sys_nfsservctl") ? + kernel.function("compat_sys_nfsservctl") ? { name = "nfsservctl" cmd = $cmd @@ -71,7 +71,7 @@ probe syscall.nfsservctl = kernel.function("sys_nfsservctl") ?, argstr = sprintf("%s, %p, %p", _nfsctl_cmd_str($cmd), $arg, $res) } probe syscall.nfsservctl.return = kernel.function("sys_nfsservctl").return ?, - kernel.function("compat_sys_nfsservctl").return ? + kernel.function("compat_sys_nfsservctl").return ? { name = "nfsservctl" retstr = returnstr(1) @@ -81,14 +81,14 @@ probe syscall.nfsservctl.return = kernel.function("sys_nfsservctl").return ?, # long sys_nice(int increment) # probe syscall.nice = kernel.function("SyS_nice") !, - kernel.function("sys_nice") ? + kernel.function("sys_nice") ? { name = "nice" inc = $increment argstr = sprintf("%d", $increment) } probe syscall.nice.return = kernel.function("SyS_nice").return !, - kernel.function("sys_nice").return ? + kernel.function("sys_nice").return ? { name = "nice" retstr = returnstr(1) @@ -114,9 +114,9 @@ probe syscall.ni_syscall.return = kernel.function("sys_ni_syscall").return # (obsolete) long sys32_open(const char * filename, int flags, int mode) # probe syscall.open = kernel.function("compat_sys_open") ?, - kernel.function("sys32_open") ?, - kernel.function("SyS_open") !, - kernel.function("sys_open") ? + kernel.function("sys32_open") ?, + kernel.function("SyS_open") !, + kernel.function("sys_open") ? { name = "open" filename = user_string($filename) @@ -130,9 +130,9 @@ probe syscall.open = kernel.function("compat_sys_open") ?, _sys_open_flag_str($flags)) } probe syscall.open.return = kernel.function("compat_sys_open").return ?, - kernel.function("sys32_open").return ?, - kernel.function("SyS_open").return !, - kernel.function("sys_open").return ? + kernel.function("sys32_open").return ?, + kernel.function("SyS_open").return !, + kernel.function("sys_open").return ? { name = "open" retstr = returnstr(1) @@ -143,8 +143,8 @@ probe syscall.open.return = kernel.function("compat_sys_open").return ?, # long compat_sys_openat(unsigned int dfd, const char __user *filename, int flags, int mode) # probe syscall.openat = kernel.function("compat_sys_openat") ?, - kernel.function("SyS_openat") !, - kernel.function("sys_openat") ? + kernel.function("SyS_openat") !, + kernel.function("sys_openat") ? { name = "openat" filename = user_string($filename) @@ -160,8 +160,8 @@ probe syscall.openat = kernel.function("compat_sys_openat") ?, _sys_open_flag_str($flags)) } probe syscall.openat.return = kernel.function("compat_sys_openat").return ?, - kernel.function("SyS_openat").return !, - kernel.function("sys_openat").return ? + kernel.function("SyS_openat").return !, + kernel.function("sys_openat").return ? { name = "openat" retstr = returnstr(1) @@ -172,15 +172,15 @@ probe syscall.openat.return = kernel.function("compat_sys_openat").return ?, # sys_pause(void) # probe syscall.pause = kernel.function("sys_pause") ?, - kernel.function("sys32_pause") ?, - kernel.function("compat_sys_pause") ? + kernel.function("sys32_pause") ?, + kernel.function("compat_sys_pause") ? { name = "pause" argstr = "" } probe syscall.pause.return = kernel.function("sys_pause").return ?, - kernel.function("sys32_pause").return ?, - kernel.function("compat_sys_pause").return ? + kernel.function("sys32_pause").return ?, + kernel.function("compat_sys_pause").return ? { name = "pause" retstr = returnstr(1) @@ -266,14 +266,14 @@ probe syscall.pause.return = kernel.function("sys_pause").return ?, # sys_personality(u_long personality) # probe syscall.personality = kernel.function("SyS_personality") !, - kernel.function("sys_personality") + kernel.function("sys_personality") { name = "personality" persona = $personality argstr = sprintf("%p", persona); } probe syscall.personality.return = kernel.function("SyS_personality").return !, - kernel.function("sys_personality").return + kernel.function("sys_personality").return { name = "personality" retstr = returnstr(1) @@ -286,14 +286,14 @@ probe syscall.personality.return = kernel.function("SyS_personality").return !, %(arch == "x86_64" %? # x86_64 gcc 4.1 problem probe syscall.pipe = kernel.function("SyS_pipe") !, - kernel.function("sys_pipe") + kernel.function("sys_pipe") { name = "pipe" argstr = "" } %: probe syscall.pipe = kernel.function("SyS_pipe") !, - kernel.function("sys_pipe") + kernel.function("sys_pipe") { name = "pipe" %( arch == "ia64" %? @@ -306,7 +306,7 @@ probe syscall.pipe = kernel.function("SyS_pipe") !, } %) probe syscall.pipe.return = kernel.function("SyS_pipe").return !, - kernel.function("sys_pipe").return + kernel.function("sys_pipe").return { name = "pipe" retstr = returnstr(1) @@ -317,7 +317,7 @@ probe syscall.pipe.return = kernel.function("SyS_pipe").return !, # long sys_pivot_root(const char __user *new_root, const char __user *put_old) # probe syscall.pivot_root = kernel.function("SyS_pivot_root") !, - kernel.function("sys_pivot_root") + kernel.function("sys_pivot_root") { name = "pivot_root" new_root_str = user_string($new_root) @@ -326,7 +326,7 @@ probe syscall.pivot_root = kernel.function("SyS_pivot_root") !, user_string_quoted($put_old)) } probe syscall.pivot_root.return = kernel.function("SyS_pivot_root").return !, - kernel.function("sys_pivot_root").return + kernel.function("sys_pivot_root").return { name = "pivot_root" retstr = returnstr(1) @@ -337,7 +337,7 @@ probe syscall.pivot_root.return = kernel.function("SyS_pivot_root").return !, # long sys_poll(struct pollfd __user * ufds, unsigned int nfds, long timeout) # probe syscall.poll = kernel.function("SyS_poll") !, - kernel.function("sys_poll") + kernel.function("sys_poll") { name = "poll" ufds_uaddr = $ufds @@ -350,7 +350,7 @@ probe syscall.poll = kernel.function("SyS_poll") !, argstr = sprintf("%p, %d, %d", $ufds, $nfds, timeout) } probe syscall.poll.return = kernel.function("SyS_poll").return !, - kernel.function("sys_poll").return + kernel.function("sys_poll").return { name = "poll" retstr = returnstr(1) @@ -363,7 +363,7 @@ probe syscall.poll.return = kernel.function("SyS_poll").return !, # size_t sigsetsize) # probe syscall.ppoll = kernel.function("SyS_ppoll") !, - kernel.function("sys_ppoll") ? + kernel.function("sys_ppoll") ? { name = "ppoll" argstr = sprintf("%p, %d, %s, %p, %d", @@ -374,7 +374,7 @@ probe syscall.ppoll = kernel.function("SyS_ppoll") !, $sigsetsize) } probe syscall.ppoll.return = kernel.function("SyS_ppoll").return !, - kernel.function("sys_ppoll").return ? + kernel.function("sys_ppoll").return ? { name = "ppoll" retstr = returnstr(1) @@ -409,7 +409,7 @@ probe syscall.compat_ppoll.return = kernel.function("compat_sys_ppoll").return ? # unsigned long arg5) # probe syscall.prctl = kernel.function("SyS_prctl") !, - kernel.function("sys_prctl") + kernel.function("sys_prctl") { name = "prctl" option = $option @@ -421,7 +421,7 @@ probe syscall.prctl = kernel.function("SyS_prctl") !, arg4, arg5) } probe syscall.prctl.return = kernel.function("SyS_prctl").return !, - kernel.function("sys_prctl").return + kernel.function("sys_prctl").return { name = "prctl" retstr = returnstr(1) @@ -434,7 +434,7 @@ probe syscall.prctl.return = kernel.function("SyS_prctl").return !, # loff_t pos) # probe syscall.pread = kernel.function("SyS_pread64") !, - kernel.function("sys_pread64") + kernel.function("sys_pread64") { name = "pread" fd = $fd @@ -444,7 +444,7 @@ probe syscall.pread = kernel.function("SyS_pread64") !, argstr = sprintf("%d, %p, %d, %d", $fd, $buf, $count, $pos) } probe syscall.pread.return = kernel.function("SyS_pread64").return !, - kernel.function("sys_pread64").return + kernel.function("sys_pread64").return { name = "pread" retstr = returnstr(1) @@ -456,14 +456,14 @@ probe syscall.pread.return = kernel.function("SyS_pread64").return !, # fd_set __user *exp, struct timespec __user *tsp, void __user *sig) # probe syscall.pselect6 = kernel.function("SyS_pselect6") !, - kernel.function("sys_pselect6") ? + kernel.function("sys_pselect6") ? { name = "pselect6" argstr = sprintf("%d, %p, %p, %p, %s, %p", $n, $inp, $outp, $exp, _struct_timespec_u($tsp, 1), $sig) } probe syscall.pselect6.return = kernel.function("SyS_pselect6").return !, - kernel.function("sys_pselect6").return ? + kernel.function("sys_pselect6").return ? { name = "pselect6" retstr = returnstr(1) @@ -517,7 +517,7 @@ probe syscall.compat_pselect7.return = kernel.function("compat_sys_pselect7").re # long data) # probe syscall.ptrace = kernel.function("SyS_ptrace") !, - kernel.function("sys_ptrace") ? + kernel.function("sys_ptrace") ? { name = "ptrace" request = $request @@ -527,7 +527,7 @@ probe syscall.ptrace = kernel.function("SyS_ptrace") !, argstr = sprintf("%d, %d, %p, %p", request, pid, addr, data) } probe syscall.ptrace.return = kernel.function("SyS_ptrace").return !, - kernel.function("sys_ptrace").return ? + kernel.function("sys_ptrace").return ? { name = "ptrace" retstr = returnstr(1) @@ -541,7 +541,7 @@ probe syscall.ptrace.return = kernel.function("SyS_ptrace").return !, # loff_t pos) # probe syscall.pwrite = kernel.function("SyS_pwrite64") !, - kernel.function("sys_pwrite64") + kernel.function("sys_pwrite64") { name = "pwrite" fd = $fd @@ -553,7 +553,7 @@ probe syscall.pwrite = kernel.function("SyS_pwrite64") !, $count, $pos) } probe syscall.pwrite.return = kernel.function("SyS_pwrite64").return !, - kernel.function("sys_pwrite64").return + kernel.function("sys_pwrite64").return { name = "pwrite" retstr = returnstr(1) @@ -593,7 +593,7 @@ probe syscall.pwrite32.return = kernel.function("sys32_pwrite64").return ? # void __user *addr) # probe syscall.quotactl = kernel.function("SyS_quotactl") !, - kernel.function("sys_quotactl") ? + kernel.function("sys_quotactl") ? { name = "quotactl" cmd = $cmd @@ -605,7 +605,7 @@ probe syscall.quotactl = kernel.function("SyS_quotactl") !, argstr = sprintf("%s, %s, %d, %p", cmd_str, special_str, $id, $addr) } probe syscall.quotactl.return = kernel.function("SyS_quotactl").return !, - kernel.function("sys_quotactl").return ? + kernel.function("sys_quotactl").return ? { name = "quotactl" retstr = returnstr(1) @@ -615,7 +615,7 @@ probe syscall.quotactl.return = kernel.function("SyS_quotactl").return !, # read _______________________________________________________ # ssize_t sys_read(unsigned int fd, char __user * buf, size_t count) probe syscall.read = kernel.function("SyS_read") !, - kernel.function("sys_read") + kernel.function("sys_read") { name = "read" fd = $fd @@ -624,7 +624,7 @@ probe syscall.read = kernel.function("SyS_read") !, argstr = sprintf("%d, %p, %d", $fd, $buf, $count) } probe syscall.read.return = kernel.function("SyS_read").return !, - kernel.function("sys_read").return + kernel.function("sys_read").return { name = "read" retstr = returnstr(1) @@ -638,7 +638,7 @@ probe syscall.read.return = kernel.function("SyS_read").return !, # size_t count) # probe syscall.readahead = kernel.function("SyS_readahead") !, - kernel.function("sys_readahead") + kernel.function("sys_readahead") { name = "readahead" fd = $fd @@ -647,7 +647,7 @@ probe syscall.readahead = kernel.function("SyS_readahead") !, argstr = sprintf("%d, %p, %p", fd, offset, count) } probe syscall.readahead.return = kernel.function("SyS_readahead").return !, - kernel.function("sys_readahead").return + kernel.function("sys_readahead").return { name = "readahead" retstr = returnstr(1) @@ -659,13 +659,13 @@ probe syscall.readahead.return = kernel.function("SyS_readahead").return !, # int old32_readdir(unsigned int fd, struct old_linux_dirent32 *dirent, unsigned int count) # probe syscall.readdir = kernel.function("compat_sys_old_readdir") ?, - kernel.function("old32_readdir") ? + kernel.function("old32_readdir") ? { name = "readdir" argstr = sprintf("%d, %p, %d", $fd, $dirent, $count) } probe syscall.readdir.return = kernel.function("compat_sys_old_readdir").return ?, - kernel.function("old32_readdir").return ? + kernel.function("old32_readdir").return ? { name = "readdir" retstr = returnstr(1) @@ -678,7 +678,7 @@ probe syscall.readdir.return = kernel.function("compat_sys_old_readdir").return # int bufsiz) # probe syscall.readlink = kernel.function("SyS_readlink") !, - kernel.function("sys_readlink") + kernel.function("sys_readlink") { name = "readlink" path = user_string($path) @@ -688,7 +688,7 @@ probe syscall.readlink = kernel.function("SyS_readlink") !, $buf, $bufsiz) } probe syscall.readlink.return = kernel.function("SyS_readlink").return !, - kernel.function("sys_readlink").return + kernel.function("sys_readlink").return { name = "readlink" retstr = returnstr(1) @@ -701,7 +701,7 @@ probe syscall.readlink.return = kernel.function("SyS_readlink").return !, # int bufsiz) # probe syscall.readlinkat = kernel.function("SyS_readlinkat") !, - kernel.function("sys_readlinkat") ? + kernel.function("sys_readlinkat") ? { name = "readlinkat" dfd = $dfd @@ -717,7 +717,7 @@ probe syscall.readlinkat = kernel.function("SyS_readlinkat") !, } probe syscall.readlinkat.return = kernel.function("SyS_readlinkat").return !, - kernel.function("sys_readlinkat").return ? + kernel.function("sys_readlinkat").return ? { name = "readlinkat" retstr = returnstr(1) @@ -733,8 +733,8 @@ probe syscall.readlinkat.return = kernel.function("SyS_readlinkat").return !, # unsigned long vlen) # probe syscall.readv = kernel.function("compat_sys_readv") ?, - kernel.function("SyS_readv") !, - kernel.function("sys_readv") + kernel.function("SyS_readv") !, + kernel.function("sys_readv") { name = "readv" vector_uaddr = $vec @@ -748,8 +748,8 @@ probe syscall.readv = kernel.function("compat_sys_readv") ?, %) } probe syscall.readv.return = kernel.function("compat_sys_readv").return ?, - kernel.function("SyS_readv").return !, - kernel.function("sys_readv").return + kernel.function("SyS_readv").return !, + kernel.function("sys_readv").return { name = "readv" retstr = returnstr(1) @@ -763,7 +763,7 @@ probe syscall.readv.return = kernel.function("compat_sys_readv").return ?, # void __user * arg) # probe syscall.reboot = kernel.function("SyS_reboot") !, - kernel.function("sys_reboot") + kernel.function("sys_reboot") { name = "reboot" magic = $magic1 @@ -777,7 +777,7 @@ probe syscall.reboot = kernel.function("SyS_reboot") !, flag_str, $arg) } probe syscall.reboot.return = kernel.function("SyS_reboot").return !, - kernel.function("sys_reboot").return + kernel.function("sys_reboot").return { name = "reboot" retstr = returnstr(1) @@ -813,7 +813,7 @@ probe syscall.recv.return = kernel.function("sys_recv").return ? # int __user *addr_len) # probe syscall.recvfrom = kernel.function("SyS_recvfrom") !, - kernel.function("sys_recvfrom") ? + kernel.function("sys_recvfrom") ? { name = "recvfrom" s = $fd @@ -827,7 +827,7 @@ probe syscall.recvfrom = kernel.function("SyS_recvfrom") !, $fd, $ubuf, $size, _recvflags_str($flags), $addr, $addr_len) } probe syscall.recvfrom.return = kernel.function("SyS_recvfrom").return !, - kernel.function("sys_recvfrom").return ? + kernel.function("sys_recvfrom").return ? { name = "recvfrom" retstr = returnstr(1) @@ -840,7 +840,7 @@ probe syscall.recvfrom.return = kernel.function("SyS_recvfrom").return !, # unsigned int flags) # probe syscall.recvmsg = kernel.function("SyS_recvmsg") !, - kernel.function("sys_recvmsg") ? + kernel.function("sys_recvmsg") ? { name = "recvmsg" s = $fd @@ -850,7 +850,7 @@ probe syscall.recvmsg = kernel.function("SyS_recvmsg") !, argstr = sprintf("%d, %p, %s", $fd, $msg, _recvflags_str($flags)) } probe syscall.recvmsg.return = kernel.function("SyS_recvmsg").return !, - kernel.function("sys_recvmsg").return ? + kernel.function("sys_recvmsg").return ? { name = "recvmsg" retstr = returnstr(1) @@ -884,7 +884,7 @@ probe syscall.compat_sys_recvmsg.return = kernel.function("compat_sys_recvmsg"). # unsigned long flags) # probe syscall.remap_file_pages = kernel.function("SyS_remap_file_pages") !, - kernel.function("sys_remap_file_pages") ? + kernel.function("sys_remap_file_pages") ? { name = "remap_file_pages" start = $start @@ -900,7 +900,7 @@ probe syscall.remap_file_pages = kernel.function("SyS_remap_file_pages") !, pgoff, flags) } probe syscall.remap_file_pages.return = kernel.function("SyS_remap_file_pages").return !, - kernel.function("sys_remap_file_pages").return ? + kernel.function("sys_remap_file_pages").return ? { name = "remap_file_pages" retstr = returnstr(1) @@ -913,7 +913,7 @@ probe syscall.remap_file_pages.return = kernel.function("SyS_remap_file_pages"). # char __user *name) # probe syscall.removexattr = kernel.function("SyS_removexattr") !, - kernel.function("sys_removexattr") + kernel.function("sys_removexattr") { name = "removexattr" name_str = user_string($name) @@ -929,7 +929,7 @@ probe syscall.removexattr = kernel.function("SyS_removexattr") !, } probe syscall.removexattr.return = kernel.function("SyS_removexattr").return !, - kernel.function("sys_removexattr").return + kernel.function("sys_removexattr").return { name = "removexattr" retstr = returnstr(1) @@ -941,7 +941,7 @@ probe syscall.removexattr.return = kernel.function("SyS_removexattr").return !, # const char __user * newname) # probe syscall.rename = kernel.function("SyS_rename") !, - kernel.function("sys_rename") + kernel.function("sys_rename") { name = "rename" oldpath = user_string($oldname) @@ -950,7 +950,7 @@ probe syscall.rename = kernel.function("SyS_rename") !, user_string_quoted($newname)) } probe syscall.rename.return = kernel.function("SyS_rename").return !, - kernel.function("sys_rename").return + kernel.function("sys_rename").return { name = "rename" retstr = returnstr(1) @@ -961,7 +961,7 @@ probe syscall.rename.return = kernel.function("SyS_rename").return !, # long sys_renameat(int olddfd, const char __user *oldname, # int newdfd, const char __user *newname) probe syscall.renameat = kernel.function("SyS_renameat") !, - kernel.function("sys_renameat") ? + kernel.function("sys_renameat") ? { name = "renameat" olddfd = $olddfd @@ -977,7 +977,7 @@ probe syscall.renameat = kernel.function("SyS_renameat") !, newdfd_str, user_string_quoted($newname)) } probe syscall.renameat.return = kernel.function("SyS_renameat").return !, - kernel.function("sys_renameat").return ? + kernel.function("sys_renameat").return ? { name = "renameat" retstr = returnstr(1) @@ -992,7 +992,7 @@ probe syscall.renameat.return = kernel.function("SyS_renameat").return !, # compat_sys_request_key() calls sys_request_key, so don't need probe there. # probe syscall.request_key = kernel.function("SyS_request_key") !, - kernel.function("sys_request_key") ? + kernel.function("sys_request_key") ? { name = "request_key" type_uaddr = $_type @@ -1002,7 +1002,7 @@ probe syscall.request_key = kernel.function("SyS_request_key") !, argstr = sprintf("%p, %p, %p, %p", $_type, $_description, $_callout_info, $destringid) } probe syscall.request_key.return = kernel.function("SyS_request_key").return !, - kernel.function("sys_request_key").return ? + kernel.function("sys_request_key").return ? { name = "request_key" retstr = returnstr(1) @@ -1029,14 +1029,14 @@ probe syscall.restart_syscall.return = kernel.function("sys_restart_syscall").re # sys_rmdir(const char __user * pathname) # probe syscall.rmdir = kernel.function("SyS_rmdir") !, - kernel.function("sys_rmdir") + kernel.function("sys_rmdir") { name = "rmdir" pathname = user_string($pathname) argstr = user_string_quoted($pathname) } probe syscall.rmdir.return = kernel.function("SyS_rmdir").return !, - kernel.function("sys_rmdir").return + kernel.function("sys_rmdir").return { name = "rmdir" retstr = returnstr(1) @@ -1050,7 +1050,7 @@ probe syscall.rmdir.return = kernel.function("SyS_rmdir").return !, # size_t sigsetsize) # probe syscall.rt_sigaction = kernel.function("SyS_rt_sigaction") !, - kernel.function("sys_rt_sigaction") ? + kernel.function("sys_rt_sigaction") ? { name = "rt_sigaction" sig = $sig @@ -1061,7 +1061,7 @@ probe syscall.rt_sigaction = kernel.function("SyS_rt_sigaction") !, _struct_sigaction_u($act), $oact, $sigsetsize) } probe syscall.rt_sigaction.return = kernel.function("SyS_rt_sigaction").return !, - kernel.function("sys_rt_sigaction").return ? + kernel.function("sys_rt_sigaction").return ? { name = "rt_sigaction" retstr = returnstr(1) @@ -1079,7 +1079,7 @@ probe syscall.rt_sigaction.return = kernel.function("SyS_rt_sigaction").return ! # size_t sigsetsize) probe syscall.rt_sigaction32 = kernel.function("sys32_rt_sigaction") ?, - kernel.function("compat_sys_rt_sigaction") ? + kernel.function("compat_sys_rt_sigaction") ? { name = "rt_sigaction" sig = $sig @@ -1090,7 +1090,7 @@ probe syscall.rt_sigaction32 = kernel.function("sys32_rt_sigaction") ?, _struct_sigaction32_u($act), $oact, $sigsetsize) } probe syscall.rt_sigaction32.return = kernel.function("sys32_rt_sigaction").return ?, - kernel.function("compat_sys_rt_sigaction").return ? + kernel.function("compat_sys_rt_sigaction").return ? { name = "rt_sigaction" retstr = returnstr(1) @@ -1101,7 +1101,7 @@ probe syscall.rt_sigaction32.return = kernel.function("sys32_rt_sigaction").retu # long sys_rt_sigpending(sigset_t __user *set, size_t sigsetsize) # probe syscall.rt_sigpending = kernel.function("SyS_rt_sigpending") !, - kernel.function("sys_rt_sigpending") ? + kernel.function("sys_rt_sigpending") ? { name = "rt_sigpending" set_uaddr = $set @@ -1109,7 +1109,7 @@ probe syscall.rt_sigpending = kernel.function("SyS_rt_sigpending") !, argstr = sprintf("%p, %d", $set, $sigsetsize) } probe syscall.rt_sigpending.return = kernel.function("SyS_rt_sigpending").return !, - kernel.function("sys_rt_sigpending").return ? + kernel.function("sys_rt_sigpending").return ? { name = "rt_sigpending" retstr = returnstr(1) @@ -1121,9 +1121,9 @@ probe syscall.rt_sigpending.return = kernel.function("SyS_rt_sigpending").return # long sys_rt_sigprocmask(int how, sigset_t __user *set, sigset_t __user *oset, size_t sigsetsize) # probe syscall.rt_sigprocmask = kernel.function("sys32_rt_sigprocmask") ?, - kernel.function("compat_sys_rt_sigprocmask") ?, - kernel.function("SyS_rt_sigprocmask") !, - kernel.function("sys_rt_sigprocmask") ? + kernel.function("compat_sys_rt_sigprocmask") ?, + kernel.function("SyS_rt_sigprocmask") !, + kernel.function("sys_rt_sigprocmask") ? { name = "rt_sigprocmask" how = $how @@ -1134,9 +1134,9 @@ probe syscall.rt_sigprocmask = kernel.function("sys32_rt_sigprocmask") ?, $oset, $sigsetsize) } probe syscall.rt_sigprocmask.return = kernel.function("sys32_rt_sigprocmask").return ?, - kernel.function("compat_sys_rt_sigprocmask").return ?, - kernel.function("SyS_rt_sigprocmask").return !, - kernel.function("sys_rt_sigprocmask").return ? + kernel.function("compat_sys_rt_sigprocmask").return ?, + kernel.function("SyS_rt_sigprocmask").return !, + kernel.function("sys_rt_sigprocmask").return ? { name = "rt_sigprocmask" retstr = returnstr(1) @@ -1147,7 +1147,7 @@ probe syscall.rt_sigprocmask.return = kernel.function("sys32_rt_sigprocmask").re # long sys_rt_sigqueueinfo(int pid, int sig, siginfo_t __user *uinfo) # probe syscall.rt_sigqueueinfo = kernel.function("SyS_rt_sigqueueinfo") !, - kernel.function("sys_rt_sigqueueinfo") + kernel.function("sys_rt_sigqueueinfo") { name = "rt_sigqueueinfo" pid = $pid @@ -1156,7 +1156,7 @@ probe syscall.rt_sigqueueinfo = kernel.function("SyS_rt_sigqueueinfo") !, argstr = sprintf("%d, %s, %p", $pid, _signal_name($sig), $uinfo) } probe syscall.rt_sigqueueinfo.return = kernel.function("SyS_rt_sigqueueinfo").return !, - kernel.function("sys_rt_sigqueueinfo").return + kernel.function("sys_rt_sigqueueinfo").return { name = "rt_sigqueueinfo" retstr = returnstr(1) @@ -1166,13 +1166,13 @@ probe syscall.rt_sigqueueinfo.return = kernel.function("SyS_rt_sigqueueinfo").re # int sys_rt_sigreturn(unsigned long __unused) # probe syscall.rt_sigreturn = kernel.function("sys_rt_sigreturn") ?, - kernel.function("sys32_rt_sigreturn") ? + kernel.function("sys32_rt_sigreturn") ? { name = "rt_sigreturn" argstr = "" } probe syscall.rt_sigreturn.return = kernel.function("sys_rt_sigreturn").return ?, - kernel.function("sys32_rt_sigreturn").return ? + kernel.function("sys32_rt_sigreturn").return ? { name = "rt_sigreturn" retstr = returnstr(1) @@ -1183,17 +1183,17 @@ probe syscall.rt_sigreturn.return = kernel.function("sys_rt_sigreturn").return ? # sys_rt_sigsuspend(struct pt_regs regs) # probe syscall.rt_sigsuspend = kernel.function("compat_sys_rt_sigsuspend") ?, - kernel.function("ia64_rt_sigsuspend") ?, - kernel.function("SyS_rt_sigsuspend") !, - kernel.function("sys_rt_sigsuspend") ? + kernel.function("ia64_rt_sigsuspend") ?, + kernel.function("SyS_rt_sigsuspend") !, + kernel.function("sys_rt_sigsuspend") ? { name = "rt_sigsuspend" argstr = "" } probe syscall.rt_sigsuspend.return = kernel.function("compat_sys_rt_sigsuspend").return ?, - kernel.function("ia64_rt_sigsuspend").return ?, - kernel.function("SyS_rt_sigsuspend").return !, - kernel.function("sys_rt_sigsuspend").return ? + kernel.function("ia64_rt_sigsuspend").return ?, + kernel.function("SyS_rt_sigsuspend").return !, + kernel.function("sys_rt_sigsuspend").return ? { name = "rt_sigsuspend" retstr = returnstr(1) @@ -1210,8 +1210,8 @@ probe syscall.rt_sigsuspend.return = kernel.function("compat_sys_rt_sigsuspend") # struct compat_timespec __user *uts, compat_size_t sigsetsize) # probe syscall.rt_sigtimedwait = kernel.function("compat_sys_rt_sigtimedwait") ?, - kernel.function("SyS_rt_sigtimedwait") !, - kernel.function("sys_rt_sigtimedwait") + kernel.function("SyS_rt_sigtimedwait") !, + kernel.function("sys_rt_sigtimedwait") { name = "rt_sigtimedwait" uthese_uaddr = $uthese @@ -1221,8 +1221,8 @@ probe syscall.rt_sigtimedwait = kernel.function("compat_sys_rt_sigtimedwait") ?, argstr = sprintf("%p, %p, %p, %d", $uthese, $uinfo, $uts, $sigsetsize) } probe syscall.rt_sigtimedwait.return = kernel.function("compat_sys_rt_sigtimedwait").return ?, - kernel.function("SyS_rt_sigtimedwait").return !, - kernel.function("sys_rt_sigtimedwait").return + kernel.function("SyS_rt_sigtimedwait").return !, + kernel.function("sys_rt_sigtimedwait").return { name = "rt_sigtimedwait" retstr = returnstr(1) @@ -1236,7 +1236,7 @@ probe syscall.rt_sigtimedwait.return = kernel.function("compat_sys_rt_sigtimedwa # unsigned long __user *user_mask_ptr) # probe syscall.sched_getaffinity = kernel.function("SyS_sched_getaffinity") !, - kernel.function("sys_sched_getaffinity") + kernel.function("sys_sched_getaffinity") { name = "sched_getaffinity" pid = $pid @@ -1245,7 +1245,7 @@ probe syscall.sched_getaffinity = kernel.function("SyS_sched_getaffinity") !, argstr = sprintf("%d, %p, %p", pid, len, mask_uaddr) } probe syscall.sched_getaffinity.return = kernel.function("SyS_sched_getaffinity").return !, - kernel.function("sys_sched_getaffinity").return + kernel.function("sys_sched_getaffinity").return { name = "sched_getaffinity" retstr = returnstr(1) @@ -1257,7 +1257,7 @@ probe syscall.sched_getaffinity.return = kernel.function("SyS_sched_getaffinity" # struct sched_param __user *param) # probe syscall.sched_getparam = kernel.function("SyS_sched_getparam") !, - kernel.function("sys_sched_getparam") + kernel.function("sys_sched_getparam") { name = "sched_getparam" pid = $pid @@ -1265,7 +1265,7 @@ probe syscall.sched_getparam = kernel.function("SyS_sched_getparam") !, argstr = sprintf("%d, %p", pid, p_uaddr) } probe syscall.sched_getparam.return = kernel.function("SyS_sched_getparam").return !, - kernel.function("sys_sched_getparam").return + kernel.function("sys_sched_getparam").return { name = "sched_getparam" retstr = returnstr(1) @@ -1276,14 +1276,14 @@ probe syscall.sched_getparam.return = kernel.function("SyS_sched_getparam").retu # sys_sched_get_priority_max(int policy) # probe syscall.sched_get_priority_max = kernel.function("SyS_sched_get_priority_max") !, - kernel.function("sys_sched_get_priority_max") + kernel.function("sys_sched_get_priority_max") { name = "sched_get_priority_max" policy = $policy argstr = sprint(policy) } probe syscall.sched_get_priority_max.return = kernel.function("SyS_sched_get_priority_max").return !, - kernel.function("sys_sched_get_priority_max").return + kernel.function("sys_sched_get_priority_max").return { name = "sched_get_priority_max" retstr = returnstr(1) @@ -1294,14 +1294,14 @@ probe syscall.sched_get_priority_max.return = kernel.function("SyS_sched_get_pri # sys_sched_get_priority_min(int policy) # probe syscall.sched_get_priority_min = kernel.function("SyS_sched_get_priority_min") !, - kernel.function("sys_sched_get_priority_min") + kernel.function("sys_sched_get_priority_min") { name = "sched_get_priority_min" policy = $policy argstr = sprint(policy) } probe syscall.sched_get_priority_min.return = kernel.function("SyS_sched_get_priority_min").return !, - kernel.function("sys_sched_get_priority_min").return + kernel.function("sys_sched_get_priority_min").return { name = "sched_get_priority_min" retstr = returnstr(1) @@ -1311,14 +1311,14 @@ probe syscall.sched_get_priority_min.return = kernel.function("SyS_sched_get_pri # long sys_sched_getscheduler(pid_t pid) # probe syscall.sched_getscheduler = kernel.function("SyS_sched_getscheduler") !, - kernel.function("sys_sched_getscheduler") + kernel.function("sys_sched_getscheduler") { name = "sched_getscheduler" pid = $pid argstr = sprint($pid) } probe syscall.sched_getscheduler.return = kernel.function("SyS_sched_getscheduler").return !, - kernel.function("sys_sched_getscheduler").return + kernel.function("sys_sched_getscheduler").return { name = "sched_getscheduler" retstr = returnstr(1) @@ -1328,7 +1328,7 @@ probe syscall.sched_getscheduler.return = kernel.function("SyS_sched_getschedule # long sys_sched_rr_get_interval(pid_t pid, struct timespec __user *interval) # probe syscall.sched_rr_get_interval = kernel.function("SyS_sched_rr_get_interval") !, - kernel.function("sys_sched_rr_get_interval") + kernel.function("sys_sched_rr_get_interval") { name = "sched_rr_get_interval" pid = $pid @@ -1336,7 +1336,7 @@ probe syscall.sched_rr_get_interval = kernel.function("SyS_sched_rr_get_interval argstr = sprintf("%d, %s", $pid, _struct_timespec_u($interval, 1)) } probe syscall.sched_rr_get_interval.return = kernel.function("SyS_sched_rr_get_interval").return !, - kernel.function("sys_sched_rr_get_interval").return + kernel.function("sys_sched_rr_get_interval").return { name = "sched_rr_get_interval" retstr = returnstr(1) @@ -1350,7 +1350,7 @@ probe syscall.sched_rr_get_interval.return = kernel.function("SyS_sched_rr_get_i # %( arch != "x86_64" %? probe syscall.sched_setaffinity = kernel.function("SyS_sched_setaffinity") !, - kernel.function("sys_sched_setaffinity") + kernel.function("sys_sched_setaffinity") { name = "sched_setaffinity" pid = $pid @@ -1360,7 +1360,7 @@ probe syscall.sched_setaffinity = kernel.function("SyS_sched_setaffinity") !, } %: probe syscall.sched_setaffinity = kernel.function("SyS_sched_setaffinity") !, - kernel.function("sys_sched_setaffinity") + kernel.function("sys_sched_setaffinity") { name = "sched_setaffinity" pid = $pid @@ -1370,7 +1370,7 @@ probe syscall.sched_setaffinity = kernel.function("SyS_sched_setaffinity") !, } %) probe syscall.sched_setaffinity.return = kernel.function("SyS_sched_setaffinity").return !, - kernel.function("sys_sched_setaffinity").return + kernel.function("sys_sched_setaffinity").return { name = "sched_setaffinity" retstr = returnstr(1) @@ -1381,7 +1381,7 @@ probe syscall.sched_setaffinity.return = kernel.function("SyS_sched_setaffinity" # long sys_sched_setparam(pid_t pid, struct sched_param __user *param) # probe syscall.sched_setparam = kernel.function("SyS_sched_setparam") !, - kernel.function("sys_sched_setparam") ? + kernel.function("sys_sched_setparam") ? { name = "sched_setparam" pid = $pid @@ -1389,7 +1389,7 @@ probe syscall.sched_setparam = kernel.function("SyS_sched_setparam") !, argstr = sprintf("%d, %p", $pid, $param) } probe syscall.sched_setparam.return = kernel.function("SyS_sched_setparam").return !, - kernel.function("sys_sched_setparam").return ? + kernel.function("sys_sched_setparam").return ? { name = "sched_setparam" retstr = returnstr(1) @@ -1400,7 +1400,7 @@ probe syscall.sched_setparam.return = kernel.function("SyS_sched_setparam").retu # long sys_sched_setscheduler(pid_t pid, int policy, struct sched_param __user *param) # probe syscall.sched_setscheduler = kernel.function("SyS_sched_setscheduler") !, - kernel.function("sys_sched_setscheduler") ? + kernel.function("sys_sched_setscheduler") ? { name = "sched_setscheduler" pid = $pid @@ -1410,7 +1410,7 @@ probe syscall.sched_setscheduler = kernel.function("SyS_sched_setscheduler") !, argstr = sprintf("%d, %s, %p", $pid, policy_str, $param) } probe syscall.sched_setscheduler.return = kernel.function("SyS_sched_setscheduler").return !, - kernel.function("sys_sched_setscheduler").return ? + kernel.function("sys_sched_setscheduler").return ? { name = "sched_setscheduler" retstr = returnstr(1) @@ -1438,7 +1438,7 @@ probe syscall.sched_yield.return = kernel.function("sys_sched_yield").return # struct timeval __user *tvp) # probe syscall.select = kernel.function("SyS_select") !, - kernel.function("sys_select") + kernel.function("sys_select") { name = "select" n = $n @@ -1450,7 +1450,7 @@ probe syscall.select = kernel.function("SyS_select") !, _struct_timeval_u($tvp, 1)) } probe syscall.select.return = kernel.function("SyS_select").return !, - kernel.function("sys_select").return + kernel.function("sys_select").return { name = "select" retstr = returnstr(1) @@ -1485,7 +1485,7 @@ probe syscall.compat_select.return = kernel.function("compat_sys_select").return # union semun arg) # probe syscall.semctl = kernel.function("SyS_semctl") !, - kernel.function("sys_semctl") ? + kernel.function("sys_semctl") ? { name = "semctl" semid = $semid @@ -1498,7 +1498,7 @@ probe syscall.semctl = kernel.function("SyS_semctl") !, argstr = sprintf("%d, %d, %s", $semid, $semnum, _semctl_cmd($cmd)) } probe syscall.semctl.return = kernel.function("SyS_semctl").return !, - kernel.function("sys_semctl").return ? + kernel.function("sys_semctl").return ? { name = "semctl" retstr = returnstr(1) @@ -1522,7 +1522,7 @@ probe syscall.compat_sys_semctl.return = kernel.function("compat_sys_semctl").re # long sys_semget (key_t key, int nsems, int semflg) # probe syscall.semget = kernel.function("SyS_semget") !, - kernel.function("sys_semget") ? + kernel.function("sys_semget") ? { name = "semget" key = $key @@ -1531,7 +1531,7 @@ probe syscall.semget = kernel.function("SyS_semget") !, argstr = sprintf("%d, %d, %s", $key, $nsems, __sem_flags($semflg)) } probe syscall.semget.return = kernel.function("SyS_semget").return !, - kernel.function("sys_semget").return ? + kernel.function("sys_semget").return ? { name = "semget" retstr = returnstr(1) @@ -1544,7 +1544,7 @@ probe syscall.semget.return = kernel.function("SyS_semget").return !, # unsigned nsops) # probe syscall.semop = kernel.function("SyS_semtimedop") !, - kernel.function("sys_semtimedop") ? + kernel.function("sys_semtimedop") ? { name = "semop" semid = $semid @@ -1553,7 +1553,7 @@ probe syscall.semop = kernel.function("SyS_semtimedop") !, argstr = sprintf("%d, %p, %d", $semid, $tsops, $nsops) } probe syscall.semop.return = kernel.function("SyS_semtimedop").return !, - kernel.function("sys_semtimedop").return ? + kernel.function("sys_semtimedop").return ? { name = "semop" retstr = returnstr(1) @@ -1567,7 +1567,7 @@ probe syscall.semop.return = kernel.function("SyS_semtimedop").return !, # const struct timespec __user *timeout) # probe syscall.semtimedop = kernel.function("SyS_semtimedop") !, - kernel.function("sys_semtimedop") ? + kernel.function("sys_semtimedop") ? { name = "semtimedop" semid = $semid @@ -1578,7 +1578,7 @@ probe syscall.semtimedop = kernel.function("SyS_semtimedop") !, _struct_timespec_u($timeout, 1)) } probe syscall.semtimedop.return = kernel.function("SyS_semtimedop").return !, - kernel.function("sys_semtimedop").return ? + kernel.function("sys_semtimedop").return ? { name = "semtimedop" retstr = returnstr(1) @@ -1612,7 +1612,7 @@ probe syscall.compat_sys_semtimedop.return = kernel.function("compat_sys_semtime # unsigned flags) # probe syscall.send = kernel.function("SyS_send") !, - kernel.function("sys_send") ? + kernel.function("sys_send") ? { name = "send" s = $fd @@ -1623,7 +1623,7 @@ probe syscall.send = kernel.function("SyS_send") !, argstr = sprintf("%d, %p, %d, %s", $fd, $buff, $len, flags_str) } probe syscall.send.return = kernel.function("SyS_send").return !, - kernel.function("sys_send").return ? + kernel.function("sys_send").return ? { name = "send" retstr = returnstr(1) @@ -1637,9 +1637,9 @@ probe syscall.send.return = kernel.function("SyS_send").return !, # size_t count) # probe syscall.sendfile = kernel.function("SyS_sendfile") ?, - kernel.function("sys_sendfile") ?, - kernel.function("SyS_sendfile64") ?, - kernel.function("sys_sendfile64") ? + kernel.function("sys_sendfile") ?, + kernel.function("SyS_sendfile64") ?, + kernel.function("sys_sendfile64") ? { name = "sendfile" out_fd = $out_fd @@ -1650,9 +1650,9 @@ probe syscall.sendfile = kernel.function("SyS_sendfile") ?, $count) } probe syscall.sendfile.return = kernel.function("SyS_sendfile").return ?, - kernel.function("sys_sendfile").return ?, - kernel.function("SyS_sendfile64").return ?, - kernel.function("sys_sendfile64").return ? + kernel.function("sys_sendfile").return ?, + kernel.function("SyS_sendfile64").return ?, + kernel.function("sys_sendfile64").return ? { name = "sendfile" retstr = returnstr(1) @@ -1663,7 +1663,7 @@ probe syscall.sendfile.return = kernel.function("SyS_sendfile").return ?, # long sys_sendmsg(int fd, struct msghdr __user *msg, unsigned flags) # probe syscall.sendmsg = kernel.function("SyS_sendmsg") !, - kernel.function("sys_sendmsg") ? + kernel.function("sys_sendmsg") ? { name = "sendmsg" s = $fd @@ -1673,7 +1673,7 @@ probe syscall.sendmsg = kernel.function("SyS_sendmsg") !, argstr = sprintf("%d, %p, %s", $fd, $msg, _sendflags_str($flags)) } probe syscall.sendmsg.return = kernel.function("SyS_sendmsg").return !, - kernel.function("sys_sendmsg").return ? + kernel.function("sys_sendmsg").return ? { name = "sendmsg" retstr = returnstr(1) @@ -1706,7 +1706,7 @@ probe syscall.compat_sys_sendmsg.return = kernel.function("compat_sys_sendmsg"). # int addr_len) # probe syscall.sendto = kernel.function("SyS_sendto") !, - kernel.function("sys_sendto") ? + kernel.function("sys_sendto") ? { name = "sendto" s = $fd @@ -1720,7 +1720,7 @@ probe syscall.sendto = kernel.function("SyS_sendto") !, $len, flags_str, _struct_sockaddr_u($addr, $addr_len), $addr_len) } probe syscall.sendto.return = kernel.function("SyS_sendto").return !, - kernel.function("sys_sendto").return ? + kernel.function("sys_sendto").return ? { name = "sendto" retstr = returnstr(1) @@ -1733,7 +1733,7 @@ probe syscall.sendto.return = kernel.function("SyS_sendto").return !, # int len) # probe syscall.setdomainname = kernel.function("SyS_setdomainname") !, - kernel.function("sys_setdomainname") + kernel.function("sys_setdomainname") { name = "setdomainname" hostname_uaddr = $name @@ -1741,7 +1741,7 @@ probe syscall.setdomainname = kernel.function("SyS_setdomainname") !, argstr = sprintf("%p, %d", $name, $len) } probe syscall.setdomainname.return = kernel.function("SyS_setdomainname").return !, - kernel.function("sys_setdomainname").return + kernel.function("sys_setdomainname").return { name = "setdomainname" retstr = returnstr(1) @@ -1752,16 +1752,16 @@ probe syscall.setdomainname.return = kernel.function("SyS_setdomainname").return # long sys_setfsgid16(old_gid_t gid) # probe syscall.setfsgid = kernel.function("sys_setfsgid16") ?, - kernel.function("SyS_setfsgid") !, - kernel.function("sys_setfsgid") ? + kernel.function("SyS_setfsgid") !, + kernel.function("sys_setfsgid") ? { name = "setfsgid" fsgid = $gid argstr = sprint($gid) } probe syscall.setfsgid.return = kernel.function("sys_setfsgid16").return ?, - kernel.function("SyS_setfsgid").return !, - kernel.function("sys_setfsgid").return ? + kernel.function("SyS_setfsgid").return !, + kernel.function("sys_setfsgid").return ? { name = "setfsgid" retstr = returnstr(1) @@ -1772,16 +1772,16 @@ probe syscall.setfsgid.return = kernel.function("sys_setfsgid16").return ?, # long sys_setfsuid16(old_uid_t uid) # probe syscall.setfsuid = kernel.function("sys_setfsuid16") ?, - kernel.function("SyS_setfsuid") !, - kernel.function("sys_setfsuid") ? + kernel.function("SyS_setfsuid") !, + kernel.function("sys_setfsuid") ? { name = "setfsuid" fsuid = $uid argstr = sprint($uid) } probe syscall.setfsuid.return = kernel.function("sys_setfsuid16").return ?, - kernel.function("SyS_setfsuid").return !, - kernel.function("sys_setfsuid").return ? + kernel.function("SyS_setfsuid").return !, + kernel.function("sys_setfsuid").return ? { name = "setfsuid" retstr = returnstr(1) @@ -1793,16 +1793,16 @@ probe syscall.setfsuid.return = kernel.function("sys_setfsuid16").return ?, # long sys_setgid16(old_gid_t gid) # probe syscall.setgid = kernel.function("sys_setgid16") ?, - kernel.function("SyS_setgid") !, - kernel.function("sys_setgid") ? + kernel.function("SyS_setgid") !, + kernel.function("sys_setgid") ? { name = "setgid" gid = $gid argstr = sprint($gid) } probe syscall.setgid.return = kernel.function("sys_setgid16").return ?, - kernel.function("SyS_setgid").return !, - kernel.function("sys_setgid").return ? + kernel.function("SyS_setgid").return !, + kernel.function("sys_setgid").return ? { name = "setgid" retstr = returnstr(1) @@ -1815,9 +1815,9 @@ probe syscall.setgid.return = kernel.function("sys_setgid16").return ?, # long sys32_setgroups16(int gidsetsize, u16 __user *grouplist) # probe syscall.setgroups = kernel.function("sys_setgroups16") ?, - kernel.function("sys32_setgroups16") ?, - kernel.function("SyS_setgroups") !, - kernel.function("sys_setgroups") ? + kernel.function("sys32_setgroups16") ?, + kernel.function("SyS_setgroups") !, + kernel.function("sys_setgroups") ? { name = "setgroups" size = $gidsetsize @@ -1825,9 +1825,9 @@ probe syscall.setgroups = kernel.function("sys_setgroups16") ?, argstr = sprintf("%d, %p", $gidsetsize, $grouplist) } probe syscall.setgroups.return = kernel.function("sys_setgroups16").return ?, - kernel.function("sys32_setgroups16").return ?, - kernel.function("SyS_setgroups").return !, - kernel.function("sys_setgroups").return ? + kernel.function("sys32_setgroups16").return ?, + kernel.function("SyS_setgroups").return !, + kernel.function("sys_setgroups").return ? { name = "setgroups" retstr = returnstr(1) @@ -1840,7 +1840,7 @@ probe syscall.setgroups.return = kernel.function("sys_setgroups16").return ?, # int len) # probe syscall.sethostname = kernel.function("SyS_sethostname") !, - kernel.function("sys_sethostname") + kernel.function("sys_sethostname") { name = "sethostname" hostname_uaddr = $name @@ -1849,7 +1849,7 @@ probe syscall.sethostname = kernel.function("SyS_sethostname") !, argstr = sprintf("%s, %d", user_string_quoted($name), $len) } probe syscall.sethostname.return = kernel.function("SyS_sethostname").return !, - kernel.function("sys_sethostname").return + kernel.function("sys_sethostname").return { name = "sethostname" retstr = returnstr(1) @@ -1861,7 +1861,7 @@ probe syscall.sethostname.return = kernel.function("SyS_sethostname").return !, # struct itimerval __user *ovalue) # probe syscall.setitimer = kernel.function("SyS_setitimer") !, - kernel.function("sys_setitimer") + kernel.function("sys_setitimer") { name = "setitimer" which = $which @@ -1871,7 +1871,7 @@ probe syscall.setitimer = kernel.function("SyS_setitimer") !, _struct_itimerval_u($value), $ovalue) } probe syscall.setitimer.return = kernel.function("SyS_setitimer").return !, - kernel.function("sys_setitimer").return + kernel.function("sys_setitimer").return { name = "setitimer" retstr = returnstr(1) @@ -1902,8 +1902,8 @@ probe syscall.compat_setitimer.return = kernel.function("compat_sys_setitimer"). # unsigned long maxnode) # probe syscall.set_mempolicy = kernel.function("compat_sys_set_mempolicy") ?, - kernel.function("SyS_set_mempolicy") !, - kernel.function("sys_set_mempolicy") ? + kernel.function("SyS_set_mempolicy") !, + kernel.function("sys_set_mempolicy") ? { name = "set_mempolicy" mode = $mode @@ -1912,8 +1912,8 @@ probe syscall.set_mempolicy = kernel.function("compat_sys_set_mempolicy") ?, argstr = sprintf("%d, %p, %d", $mode, $nmask, $maxnode) } probe syscall.set_mempolicy.return = kernel.function("compat_sys_set_mempolicy").return ?, - kernel.function("SyS_set_mempolicy").return !, - kernel.function("sys_set_mempolicy").return ? + kernel.function("SyS_set_mempolicy").return !, + kernel.function("sys_set_mempolicy").return ? { name = "set_mempolicy" retstr = returnstr(1) @@ -1926,7 +1926,7 @@ probe syscall.set_mempolicy.return = kernel.function("compat_sys_set_mempolicy") # pid_t pgid) # probe syscall.setpgid = kernel.function("SyS_setpgid") !, - kernel.function("sys_setpgid") + kernel.function("sys_setpgid") { name = "setpgid" pid = $pid @@ -1934,7 +1934,7 @@ probe syscall.setpgid = kernel.function("SyS_setpgid") !, argstr = sprintf("%d, %d", $pid, $pgid) } probe syscall.setpgid.return = kernel.function("SyS_setpgid").return !, - kernel.function("sys_setpgid").return + kernel.function("sys_setpgid").return { name = "setpgid" retstr = returnstr(1) @@ -1947,7 +1947,7 @@ probe syscall.setpgid.return = kernel.function("SyS_setpgid").return !, # int niceval) # probe syscall.setpriority = kernel.function("SyS_setpriority") !, - kernel.function("sys_setpriority") + kernel.function("sys_setpriority") { name = "setpriority" which = $which @@ -1957,7 +1957,7 @@ probe syscall.setpriority = kernel.function("SyS_setpriority") !, argstr = sprintf("%s, %d, %d", which_str, $who, $niceval) } probe syscall.setpriority.return = kernel.function("SyS_setpriority").return !, - kernel.function("sys_setpriority").return + kernel.function("sys_setpriority").return { name = "setpriority" retstr = returnstr(1) @@ -1967,7 +1967,7 @@ probe syscall.setpriority.return = kernel.function("SyS_setpriority").return !, # long sys_setregid(gid_t rgid, gid_t egid) # probe syscall.setregid = kernel.function("SyS_setregid") !, - kernel.function("sys_setregid") + kernel.function("sys_setregid") { name = "setregid" rgid = __int32($rgid) @@ -1975,7 +1975,7 @@ probe syscall.setregid = kernel.function("SyS_setregid") !, argstr = sprintf("%d, %d", rgid, egid) } probe syscall.setregid.return = kernel.function("SyS_setregid").return !, - kernel.function("sys_setregid").return + kernel.function("sys_setregid").return { name = "setregid" retstr = returnstr(1) @@ -1999,7 +1999,7 @@ probe syscall.setregid16.return = kernel.function("sys_setregid16").return ? # long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid) # probe syscall.setresgid = kernel.function("SyS_setresgid") !, - kernel.function("sys_setresgid") + kernel.function("sys_setresgid") { name = "setresgid" rgid = __int32($rgid) @@ -2008,7 +2008,7 @@ probe syscall.setresgid = kernel.function("SyS_setresgid") !, argstr = sprintf("%d, %d, %d", rgid, egid, sgid) } probe syscall.setresgid.return = kernel.function("SyS_setresgid").return !, - kernel.function("sys_setresgid").return + kernel.function("sys_setresgid").return { name = "setresgid" retstr = returnstr(1) @@ -2038,7 +2038,7 @@ probe syscall.setresgid16.return = kernel.function("sys_setresgid16").return ? # long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid) # probe syscall.setresuid = kernel.function("SyS_setresuid") !, - kernel.function("sys_setresuid") + kernel.function("sys_setresuid") { name = "setresuid" ruid = __int32($ruid) @@ -2047,7 +2047,7 @@ probe syscall.setresuid = kernel.function("SyS_setresuid") !, argstr = sprintf("%d, %d, %d", ruid, euid, suid) } probe syscall.setresuid.return = kernel.function("SyS_setresuid").return !, - kernel.function("sys_setresuid").return + kernel.function("sys_setresuid").return { name = "setresuid" retstr = returnstr(1) @@ -2075,7 +2075,7 @@ probe syscall.setresuid16.return = kernel.function("sys_setresuid16").return ? # long sys_setreuid(uid_t ruid, uid_t euid) # probe syscall.setreuid = kernel.function("SyS_setreuid") !, - kernel.function("sys_setreuid") + kernel.function("sys_setreuid") { name = "setreuid" ruid = __int32($ruid) @@ -2083,7 +2083,7 @@ probe syscall.setreuid = kernel.function("SyS_setreuid") !, argstr = sprintf("%d, %d", ruid, euid) } probe syscall.setreuid.return = kernel.function("SyS_setreuid").return !, - kernel.function("sys_setreuid").return + kernel.function("sys_setreuid").return { name = "setreuid" retstr = returnstr(1) @@ -2110,7 +2110,7 @@ probe syscall.setreuid16.return = kernel.function("sys_setreuid16").return ? # struct rlimit __user *rlim) # probe syscall.setrlimit = kernel.function("SyS_setrlimit") !, - kernel.function("sys_setrlimit") + kernel.function("sys_setrlimit") { name = "setrlimit" resource = $resource @@ -2119,7 +2119,7 @@ probe syscall.setrlimit = kernel.function("SyS_setrlimit") !, _struct_rlimit_u($rlim)) } probe syscall.setrlimit.return = kernel.function("SyS_setrlimit").return !, - kernel.function("sys_setrlimit").return + kernel.function("sys_setrlimit").return { name = "setrlimit" retstr = returnstr(1) @@ -2148,8 +2148,8 @@ probe syscall.setsid.return = kernel.function("sys_setsid").return # int optlen) # probe syscall.setsockopt = kernel.function("compat_sys_setsockopt") ?, - kernel.function("SyS_setsockopt") !, - kernel.function("sys_setsockopt") ? + kernel.function("SyS_setsockopt") !, + kernel.function("sys_setsockopt") ? { name = "setsockopt" fd = $fd @@ -2163,8 +2163,8 @@ probe syscall.setsockopt = kernel.function("compat_sys_setsockopt") ?, optname_str, $optval, $optlen) } probe syscall.setsockopt.return = kernel.function("compat_sys_setsockopt").return ?, - kernel.function("SyS_setsockopt").return !, - kernel.function("sys_setsockopt").return ? + kernel.function("SyS_setsockopt").return !, + kernel.function("sys_setsockopt").return ? { name = "setsockopt" retstr = returnstr(1) @@ -2176,14 +2176,14 @@ probe syscall.setsockopt.return = kernel.function("compat_sys_setsockopt").retur # sys_set_tid_address(int __user *tidptr) # probe syscall.set_tid_address = kernel.function("SyS_set_tid_address") !, - kernel.function("sys_set_tid_address") + kernel.function("sys_set_tid_address") { name = "set_tid_address" tidptr_uaddr = $tidptr argstr = sprintf("%p", tidptr_uaddr) } probe syscall.set_tid_address.return = kernel.function("SyS_set_tid_address").return !, - kernel.function("sys_set_tid_address").return + kernel.function("sys_set_tid_address").return { name = "set_tid_address" retstr = returnstr(1) @@ -2194,7 +2194,7 @@ probe syscall.set_tid_address.return = kernel.function("SyS_set_tid_address").re # struct timezone __user *tz) # probe syscall.settimeofday = kernel.function("SyS_settimeofday") !, - kernel.function("sys_settimeofday") + kernel.function("sys_settimeofday") { name = "settimeofday" tv_uaddr = $tv @@ -2202,7 +2202,7 @@ probe syscall.settimeofday = kernel.function("SyS_settimeofday") !, argstr = sprintf("%s, %s", _struct_timeval_u($tv, 1), _struct_timezone_u($tz)) } probe syscall.settimeofday.return = kernel.function("SyS_settimeofday").return !, - kernel.function("sys_settimeofday").return + kernel.function("sys_settimeofday").return { name = "settimeofday" retstr = returnstr(1) @@ -2212,7 +2212,7 @@ probe syscall.settimeofday.return = kernel.function("SyS_settimeofday").return ! # long compat_sys_settimeofday(struct compat_timeval __user *tv, struct timezone __user *tz) # probe syscall.settimeofday32 = kernel.function("sys32_settimeofday") ?, - kernel.function("compat_sys_settimeofday") ? + kernel.function("compat_sys_settimeofday") ? { name = "settimeofday" tv_uaddr = $tv @@ -2220,7 +2220,7 @@ probe syscall.settimeofday32 = kernel.function("sys32_settimeofday") ?, argstr = sprintf("%s, %s", _struct_compat_timeval_u($tv, 1), _struct_timezone_u($tz)) } probe syscall.settimeofday32.return = kernel.function("sys32_settimeofday").return ?, - kernel.function("compat_sys_settimeofday").return ? + kernel.function("compat_sys_settimeofday").return ? { name = "settimeofday" retstr = returnstr(1) @@ -2232,16 +2232,16 @@ probe syscall.settimeofday32.return = kernel.function("sys32_settimeofday").retu # long sys_setuid16(old_uid_t uid) # probe syscall.setuid = kernel.function("sys_setuid16") ?, - kernel.function("SyS_setuid") !, - kernel.function("sys_setuid") + kernel.function("SyS_setuid") !, + kernel.function("sys_setuid") { name = "setuid" uid = $uid argstr = sprint($uid) } probe syscall.setuid.return = kernel.function("sys_setuid16").return ?, - kernel.function("SyS_setuid").return !, - kernel.function("sys_setuid").return + kernel.function("SyS_setuid").return !, + kernel.function("sys_setuid").return { name = "setuid" retstr = returnstr(1) @@ -2255,7 +2255,7 @@ probe syscall.setuid.return = kernel.function("sys_setuid16").return ?, # int flags) # probe syscall.setxattr = kernel.function("SyS_setxattr") !, - kernel.function("sys_setxattr") + kernel.function("sys_setxattr") { name = "setxattr" %( kernel_v >= "2.6.27" %? @@ -2280,7 +2280,7 @@ probe syscall.setxattr = kernel.function("SyS_setxattr") !, value_uaddr, $size, $flags) } probe syscall.setxattr.return = kernel.function("SyS_setxattr").return !, - kernel.function("sys_setxattr").return + kernel.function("sys_setxattr").return { name = "setxattr" retstr = returnstr(1) @@ -2305,7 +2305,7 @@ probe syscall.sgetmask.return = kernel.function("sys_sgetmask").return ? # long sys_shmat(int shmid, char __user *shmaddr, int shmflg) # probe syscall.shmat = kernel.function("SyS_shmat") !, - kernel.function("sys_shmat") ? + kernel.function("sys_shmat") ? { name = "shmat" shmid = $shmid @@ -2314,7 +2314,7 @@ probe syscall.shmat = kernel.function("SyS_shmat") !, argstr = sprintf("%d, %p, %s", $shmid, $shmaddr, _shmat_flags_str($shmflg)) } probe syscall.shmat.return = kernel.function("SyS_shmat").return !, - kernel.function("sys_shmat").return ? + kernel.function("sys_shmat").return ? { name = "shmat" retstr = returnstr(1) @@ -2346,7 +2346,7 @@ probe syscall.compat_sys_shmat.return = kernel.function("compat_sys_shmat").retu # struct shmid_ds __user *buf) # probe syscall.shmctl = kernel.function("SyS_shmctl") !, - kernel.function("sys_shmctl") ? + kernel.function("sys_shmctl") ? { name = "shmctl" shmid = $shmid @@ -2355,7 +2355,7 @@ probe syscall.shmctl = kernel.function("SyS_shmctl") !, argstr = sprintf("%d, %s, %p", $shmid, _semctl_cmd($cmd), $buf) } probe syscall.shmctl.return = kernel.function("SyS_shmctl").return !, - kernel.function("sys_shmctl").return ? + kernel.function("sys_shmctl").return ? { name = "shmctl" retstr = returnstr(1) @@ -2383,14 +2383,14 @@ probe syscall.compat_sys_shmctl.return = kernel.function("compat_sys_shmctl").re # long sys_shmdt(char __user *shmaddr) # probe syscall.shmdt = kernel.function("SyS_shmdt") !, - kernel.function("sys_shmdt") ? + kernel.function("sys_shmdt") ? { name = "shmdt" shmaddr_uaddr = $shmaddr argstr = sprintf("%p", $shmaddr) } probe syscall.shmdt.return = kernel.function("SyS_shmdt").return !, - kernel.function("sys_shmdt").return ? + kernel.function("sys_shmdt").return ? { name = "shmdt" retstr = returnstr(1) @@ -2403,7 +2403,7 @@ probe syscall.shmdt.return = kernel.function("SyS_shmdt").return !, # int shmflg) # probe syscall.shmget = kernel.function("SyS_shmget") !, - kernel.function("sys_shmget") ? + kernel.function("sys_shmget") ? { name = "shmget" key = $key @@ -2412,7 +2412,7 @@ probe syscall.shmget = kernel.function("SyS_shmget") !, argstr = sprintf("%d, %d, %d", $key, $size, $shmflg) } probe syscall.shmget.return = kernel.function("SyS_shmget").return !, - kernel.function("sys_shmget").return ? + kernel.function("sys_shmget").return ? { name = "shmget" retstr = returnstr(1) @@ -2423,7 +2423,7 @@ probe syscall.shmget.return = kernel.function("SyS_shmget").return !, # long sys_shutdown(int fd, int how) # probe syscall.shutdown = kernel.function("SyS_shutdown") !, - kernel.function("sys_shutdown") ? + kernel.function("sys_shutdown") ? { name = "shutdown" s = $fd @@ -2432,7 +2432,7 @@ probe syscall.shutdown = kernel.function("SyS_shutdown") !, argstr = sprintf("%d, %s", $fd, how_str) } probe syscall.shutdown.return = kernel.function("SyS_shutdown").return !, - kernel.function("sys_shutdown").return ? + kernel.function("sys_shutdown").return ? { name = "shutdown" retstr = returnstr(1) @@ -2473,7 +2473,7 @@ probe syscall.sigaction32.return = kernel.function("sys32_sigaction").return ? # unsigned long sys_signal(int sig, __sighandler_t handler) # probe syscall.signal = kernel.function("SyS_signal") !, - kernel.function("sys_signal") ? + kernel.function("sys_signal") ? { name = "signal" sig = $sig @@ -2481,7 +2481,7 @@ probe syscall.signal = kernel.function("SyS_signal") !, argstr = sprintf("%s, %s", _signal_name($sig), _sighandler_str($handler)) } probe syscall.signal.return = kernel.function("SyS_signal").return !, - kernel.function("sys_signal").return ? + kernel.function("sys_signal").return ? { name = "signal" retstr = returnstr(1) @@ -2494,13 +2494,13 @@ probe syscall.signal.return = kernel.function("SyS_signal").return !, # compat_size_t sigsetsize) # probe syscall.signalfd = kernel.function("SyS_signalfd") !, - kernel.function("sys_signalfd") ? + kernel.function("sys_signalfd") ? { name = "signalfd" argstr = sprintf("%d, %p, %d", $ufd, $user_mask, $sizemask) } probe syscall.signalfd.return = kernel.function("SyS_signalfd").return !, - kernel.function("sys_signalfd").return ? + kernel.function("sys_signalfd").return ? { name = "signalfd" retstr = returnstr(1) @@ -2520,13 +2520,13 @@ probe syscall.compat_signalfd.return = kernel.function("compat_sys_signalfd").re # long sys_sigpending(old_sigset_t __user *set) # probe syscall.sigpending = kernel.function("SyS_sigpending") !, - kernel.function("sys_sigpending") ? + kernel.function("sys_sigpending") ? { name = "sigpending" argstr = sprintf("%p", $set) } probe syscall.sigpending.return = kernel.function("SyS_sigpending").return !, - kernel.function("sys_sigpending").return ? + kernel.function("sys_sigpending").return ? { name = "sigpending" retstr = returnstr(1) @@ -2536,7 +2536,7 @@ probe syscall.sigpending.return = kernel.function("SyS_sigpending").return !, # long sys_sigprocmask(int how, old_sigset_t __user *set, old_sigset_t __user *oset) # probe syscall.sigprocmask = kernel.function("SyS_sigprocmask") !, - kernel.function("sys_sigprocmask") ? + kernel.function("sys_sigprocmask") ? { name = "sigprocmask" how = $how @@ -2546,7 +2546,7 @@ probe syscall.sigprocmask = kernel.function("SyS_sigprocmask") !, argstr = sprintf("%s, %p, %p", how_str, $set, $oset) } probe syscall.sigprocmask.return = kernel.function("SyS_sigprocmask").return !, - kernel.function("sys_sigprocmask").return ? + kernel.function("sys_sigprocmask").return ? { name = "sigprocmask" retstr = returnstr(1) @@ -2556,13 +2556,13 @@ probe syscall.sigprocmask.return = kernel.function("SyS_sigprocmask").return !, # int sys_sigreturn(unsigned long __unused) # probe syscall.sigreturn = kernel.function("sys_sigreturn") ?, - kernel.function("sys32_sigreturn") ? + kernel.function("sys32_sigreturn") ? { name = "sigreturn" argstr = "" } probe syscall.sigreturn.return = kernel.function("sys_sigreturn").return ?, - kernel.function("sys32_sigreturn").return ? + kernel.function("sys32_sigreturn").return ? { name = "sigreturn" retstr = returnstr(1) @@ -2571,13 +2571,13 @@ probe syscall.sigreturn.return = kernel.function("sys_sigreturn").return ?, # sigsuspend _________________________________________________ # probe syscall.sigsuspend = kernel.function("sys_sigsuspend") ?, - kernel.function("sys32_sigsuspend") ? + kernel.function("sys32_sigsuspend") ? { name = "sigsuspend" argstr = "" } probe syscall.sigsuspend.return = kernel.function("sys_sigsuspend").return ?, - kernel.function("sys32_sigsuspend").return ? + kernel.function("sys32_sigsuspend").return ? { name = "sigsuspend" retstr = returnstr(1) @@ -2587,7 +2587,7 @@ probe syscall.sigsuspend.return = kernel.function("sys_sigsuspend").return ?, # long sys_socket(int family, int type, int protocol) # probe syscall.socket = kernel.function("SyS_socket") !, - kernel.function("sys_socket") ? + kernel.function("sys_socket") ? { name = "socket" family = $family @@ -2598,7 +2598,7 @@ probe syscall.socket = kernel.function("SyS_socket") !, $protocol) } probe syscall.socket.return = kernel.function("SyS_socket").return !, - kernel.function("sys_socket").return ? + kernel.function("sys_socket").return ? { name = "socket" retstr = returnstr(1) @@ -2629,7 +2629,7 @@ probe syscall.socket.return = kernel.function("SyS_socket").return !, # int __user *usockvec) # probe syscall.socketpair = kernel.function("SyS_socketpair") !, - kernel.function("sys_socketpair") ? + kernel.function("sys_socketpair") ? { name = "socketpair" family = $family @@ -2642,7 +2642,7 @@ probe syscall.socketpair = kernel.function("SyS_socketpair") !, $protocol, sv_uaddr) } probe syscall.socketpair.return = kernel.function("SyS_socketpair").return !, - kernel.function("sys_socketpair").return ? + kernel.function("sys_socketpair").return ? { name = "socketpair" retstr = returnstr(1) @@ -2655,14 +2655,14 @@ probe syscall.socketpair.return = kernel.function("SyS_socketpair").return !, # size_t len, unsigned int flags) # probe syscall.splice = kernel.function("SyS_splice") !, - kernel.function("sys_splice") ? + kernel.function("sys_splice") ? { name = "splice" argstr = sprintf("%d, %p, %d, %p, %d, 0x%x", $fd_in, $off_in, $fd_out, $off_out, $len, $flags) } probe syscall.splice.return = kernel.function("SyS_splice").return !, - kernel.function("sys_splice").return ? + kernel.function("sys_splice").return ? { name = "splice" retstr = returnstr(1) @@ -2673,14 +2673,14 @@ probe syscall.splice.return = kernel.function("SyS_splice").return !, # long sys_ssetmask(int newmask) # probe syscall.ssetmask = kernel.function("SyS_ssetmask") !, - kernel.function("sys_ssetmask") ? + kernel.function("sys_ssetmask") ? { name = "ssetmask" newmask = $newmask argstr = sprint($newmask) } probe syscall.ssetmask.return = kernel.function("SyS_ssetmask").return !, - kernel.function("sys_ssetmask").return ? + kernel.function("sys_ssetmask").return ? { name = "ssetmask" retstr = returnstr(1) @@ -2693,13 +2693,13 @@ probe syscall.ssetmask.return = kernel.function("SyS_ssetmask").return !, # long sys_oabi_stat64(char __user * filename, struct oldabi_stat64 __user * statbuf) # long compat_sys_newstat(char __user * filename, struct compat_stat __user *statbuf) probe syscall.stat = kernel.function("sys_stat") ?, - kernel.function("SyS_newstat") ?, - kernel.function("sys_newstat") ?, - kernel.function("sys32_stat64") ?, - kernel.function("SyS_stat64") ?, - kernel.function("sys_stat64") ?, - kernel.function("sys_oabi_stat64") ?, - kernel.function("compat_sys_newstat") ? + kernel.function("SyS_newstat") ?, + kernel.function("sys_newstat") ?, + kernel.function("sys32_stat64") ?, + kernel.function("SyS_stat64") ?, + kernel.function("sys_stat64") ?, + kernel.function("sys_oabi_stat64") ?, + kernel.function("compat_sys_newstat") ? { name = "stat" filename_uaddr = $filename @@ -2708,13 +2708,13 @@ probe syscall.stat = kernel.function("sys_stat") ?, argstr = sprintf("%s, %p", user_string_quoted($filename), buf_uaddr) } probe syscall.stat.return = kernel.function("sys_stat").return ?, - kernel.function("SyS_newstat").return ?, - kernel.function("sys_newstat").return ?, - kernel.function("sys32_stat64").return ?, - kernel.function("SyS_stat64").return ?, - kernel.function("sys_stat64").return ?, - kernel.function("sys_oabi_stat64").return ?, - kernel.function("compat_sys_newstat").return ? + kernel.function("SyS_newstat").return ?, + kernel.function("sys_newstat").return ?, + kernel.function("sys32_stat64").return ?, + kernel.function("SyS_stat64").return ?, + kernel.function("sys_stat64").return ?, + kernel.function("sys_oabi_stat64").return ?, + kernel.function("compat_sys_newstat").return ? { name = "stat" retstr = returnstr(1) @@ -2725,8 +2725,8 @@ probe syscall.stat.return = kernel.function("sys_stat").return ?, # long compat_sys_statfs(const char __user *path, struct compat_statfs __user *buf) # probe syscall.statfs = kernel.function("compat_sys_statfs") ?, - kernel.function("SyS_statfs") !, - kernel.function("sys_statfs") ? + kernel.function("SyS_statfs") !, + kernel.function("sys_statfs") ? { name = "statfs" buf_uaddr = $buf @@ -2740,8 +2740,8 @@ probe syscall.statfs = kernel.function("compat_sys_statfs") ?, } probe syscall.statfs.return = kernel.function("compat_sys_statfs").return ?, - kernel.function("SyS_statfs").return !, - kernel.function("sys_statfs").return ? + kernel.function("SyS_statfs").return !, + kernel.function("sys_statfs").return ? { name = "statfs" retstr = returnstr(1) @@ -2753,8 +2753,8 @@ probe syscall.statfs.return = kernel.function("compat_sys_statfs").return ?, # long compat_sys_statfs64(const char __user *path, compat_size_t sz, struct compat_statfs64 __user *buf) # probe syscall.statfs64 = kernel.function("compat_sys_statfs64") ?, - kernel.function("SyS_statfs64") !, - kernel.function("sys_statfs64") ? + kernel.function("SyS_statfs64") !, + kernel.function("sys_statfs64") ? { name = "statfs" sz = $sz @@ -2769,8 +2769,8 @@ probe syscall.statfs64 = kernel.function("compat_sys_statfs64") ?, } probe syscall.statfs64.return = kernel.function("compat_sys_statfs64").return ?, - kernel.function("SyS_statfs64").return !, - kernel.function("sys_statfs64").return ? + kernel.function("SyS_statfs64").return !, + kernel.function("sys_statfs64").return ? { name = "statfs" retstr = returnstr(1) @@ -2782,8 +2782,8 @@ probe syscall.statfs64.return = kernel.function("compat_sys_statfs64").return ?, # long compat_sys_stime(compat_time_t __user *tptr) # probe syscall.stime = kernel.function("compat_sys_stime") ?, - kernel.function("SyS_stime") !, - kernel.function("sys_stime") ? + kernel.function("SyS_stime") !, + kernel.function("sys_stime") ? { name = "stime" t_uaddr = $tptr @@ -2791,8 +2791,8 @@ probe syscall.stime = kernel.function("compat_sys_stime") ?, argstr = sprintf("%p", $tptr) } probe syscall.stime.return = kernel.function("compat_sys_stime").return ?, - kernel.function("SyS_stime").return !, - kernel.function("sys_stime").return ? + kernel.function("SyS_stime").return !, + kernel.function("sys_stime").return ? { name = "stime" retstr = returnstr(1) @@ -2804,14 +2804,14 @@ probe syscall.stime.return = kernel.function("compat_sys_stime").return ?, # sys_swapoff(const char __user * specialfile) # probe syscall.swapoff = kernel.function("SyS_swapoff") !, - kernel.function("sys_swapoff") ? + kernel.function("sys_swapoff") ? { name = "swapoff" path = user_string($specialfile) argstr = user_string_quoted($specialfile) } probe syscall.swapoff.return = kernel.function("SyS_swapoff").return !, - kernel.function("sys_swapoff").return ? + kernel.function("sys_swapoff").return ? { name = "swapoff" retstr = returnstr(1) @@ -2823,7 +2823,7 @@ probe syscall.swapoff.return = kernel.function("SyS_swapoff").return !, # int swap_flags) # probe syscall.swapon = kernel.function("SyS_swapon") !, - kernel.function("sys_swapon") ? + kernel.function("sys_swapon") ? { name = "swapon" path = user_string($specialfile) @@ -2831,7 +2831,7 @@ probe syscall.swapon = kernel.function("SyS_swapon") !, argstr = sprintf("%s, %d", user_string_quoted($specialfile), swapflags) } probe syscall.swapon.return = kernel.function("SyS_swapon").return !, - kernel.function("sys_swapon").return ? + kernel.function("sys_swapon").return ? { name = "swapon" retstr = returnstr(1) @@ -2841,7 +2841,7 @@ probe syscall.swapon.return = kernel.function("SyS_swapon").return !, # long sys_symlink(const char __user * oldname, # const char __user * newname) probe syscall.symlink = kernel.function("SyS_symlink") !, - kernel.function("sys_symlink") + kernel.function("sys_symlink") { name = "symlink" oldpath = user_string($oldname) @@ -2850,7 +2850,7 @@ probe syscall.symlink = kernel.function("SyS_symlink") !, user_string_quoted($newname)) } probe syscall.symlink.return = kernel.function("SyS_symlink").return !, - kernel.function("sys_symlink").return + kernel.function("sys_symlink").return { name = "symlink" retstr = returnstr(1) @@ -2861,7 +2861,7 @@ probe syscall.symlink.return = kernel.function("SyS_symlink").return !, # long sys_symlinkat(const char __user *oldname, int newdfd, # const char __user *newname) probe syscall.symlinkat = kernel.function("SyS_symlinkat") !, - kernel.function("sys_symlinkat") ? + kernel.function("sys_symlinkat") ? { name = "symlinkat" oldname = $oldname @@ -2874,7 +2874,7 @@ probe syscall.symlinkat = kernel.function("SyS_symlinkat") !, newdfd_str, user_string_quoted($newname)) } probe syscall.symlinkat.return = kernel.function("SyS_symlinkat").return !, - kernel.function("sys_symlinkat").return ? + kernel.function("sys_symlinkat").return ? { name = "symlinkat" retstr = returnstr(1) @@ -2900,15 +2900,15 @@ probe syscall.sync.return = kernel.function("sys_sync").return # long sys_sysctl(struct __sysctl_args __user *args) # probe syscall.sysctl = kernel.function("compat_sys_sysctl") ?, - kernel.function("SyS_sysctl") !, - kernel.function("sys_sysctl") ? + kernel.function("SyS_sysctl") !, + kernel.function("sys_sysctl") ? { name = "sysctl" argstr = sprintf("%p", $args) } probe syscall.sysctl.return = kernel.function("compat_sys_sysctl").return ?, - kernel.function("SyS_sysctl").return !, - kernel.function("sys_sysctl").return ? + kernel.function("SyS_sysctl").return !, + kernel.function("sys_sysctl").return ? { name = "sysctl" retstr = returnstr(1) @@ -2922,7 +2922,7 @@ probe syscall.sysctl.return = kernel.function("compat_sys_sysctl").return ?, # unsigned long arg2) # probe syscall.sysfs = kernel.function("SyS_sysfs") !, - kernel.function("sys_sysfs") + kernel.function("sys_sysfs") { name = "sysfs" option = $option @@ -2938,7 +2938,7 @@ probe syscall.sysfs = kernel.function("SyS_sysfs") !, argstr = sprintf("%d, %d, %d", $option, $arg1, $arg2) } probe syscall.sysfs.return = kernel.function("SyS_sysfs").return !, - kernel.function("sys_sysfs").return + kernel.function("sys_sysfs").return { name = "sysfs" retstr = returnstr(1) @@ -2948,16 +2948,16 @@ probe syscall.sysfs.return = kernel.function("SyS_sysfs").return !, # long sys_sysinfo(struct sysinfo __user *info) # long compat_sys_sysinfo(struct compat_sysinfo __user *info) probe syscall.sysinfo = kernel.function("compat_sys_sysinfo") ?, - kernel.function("SyS_sysinfo") !, - kernel.function("sys_sysinfo") + kernel.function("SyS_sysinfo") !, + kernel.function("sys_sysinfo") { name = "sysinfo" info_uaddr = $info argstr = sprintf("%p", $info) } probe syscall.sysinfo.return = kernel.function("compat_sys_sysinfo").return ?, - kernel.function("SyS_sysinfo").return !, - kernel.function("sys_sysinfo").return + kernel.function("SyS_sysinfo").return !, + kernel.function("sys_sysinfo").return { name = "sysinfo" retstr = returnstr(1) @@ -2968,7 +2968,7 @@ probe syscall.sysinfo.return = kernel.function("compat_sys_sysinfo").return ?, # long sys_syslog(int type, char __user * buf, int len) # probe syscall.syslog = kernel.function("SyS_syslog") !, - kernel.function("sys_syslog") + kernel.function("sys_syslog") { name = "syslog" type = $type @@ -2977,7 +2977,7 @@ probe syscall.syslog = kernel.function("SyS_syslog") !, argstr = sprintf("%d, %p, %d", $type, $buf, $len) } probe syscall.syslog.return = kernel.function("SyS_syslog").return !, - kernel.function("sys_syslog").return + kernel.function("sys_syslog").return { name = "syslog" retstr = returnstr(1) @@ -2988,13 +2988,13 @@ probe syscall.syslog.return = kernel.function("SyS_syslog").return !, # long sys_tee(int fdin, int fdout, size_t len, unsigned int flags) # probe syscall.tee = kernel.function("SyS_tee") !, - kernel.function("sys_tee") ? + kernel.function("sys_tee") ? { name = "tee" argstr = sprintf("%d, %d, %d, 0x%x", $fdin, $fdout, $len, $flags) } probe syscall.tee.return = kernel.function("SyS_tee").return !, - kernel.function("sys_tee").return ? + kernel.function("sys_tee").return ? { name = "tee" retstr = returnstr(1) @@ -3008,7 +3008,7 @@ probe syscall.tee.return = kernel.function("SyS_tee").return !, # int sig) # probe syscall.tgkill = kernel.function("SyS_tgkill") !, - kernel.function("sys_tgkill") + kernel.function("sys_tgkill") { name = "tgkill" tgid = $tgid @@ -3017,7 +3017,7 @@ probe syscall.tgkill = kernel.function("SyS_tgkill") !, argstr = sprintf("%d, %d, %s", $tgid, $pid, _signal_name($sig)) } probe syscall.tgkill.return = kernel.function("SyS_tgkill").return !, - kernel.function("sys_tgkill").return + kernel.function("sys_tgkill").return { name = "tgkill" retstr = returnstr(1) @@ -3030,20 +3030,20 @@ probe syscall.tgkill.return = kernel.function("SyS_tgkill").return !, # long compat_sys_time(compat_time_t __user * tloc) # probe syscall.time = kernel.function("sys32_time") ?, - kernel.function("sys_time64") ?, - kernel.function("compat_sys_time") ?, - kernel.function("SyS_time") !, - kernel.function("sys_time") ? + kernel.function("sys_time64") ?, + kernel.function("compat_sys_time") ?, + kernel.function("SyS_time") !, + kernel.function("sys_time") ? { name = "time" t_uaddr = $tloc argstr = sprintf("%p", $tloc) } probe syscall.time.return = kernel.function("sys32_time").return ?, - kernel.function("sys_time64").return ?, - kernel.function("compat_sys_time").return ?, - kernel.function("SyS_time").return !, - kernel.function("sys_time").return ? + kernel.function("sys_time64").return ?, + kernel.function("compat_sys_time").return ?, + kernel.function("SyS_time").return !, + kernel.function("sys_time").return ? { name = "time" retstr = returnstr(1) @@ -3056,7 +3056,7 @@ probe syscall.time.return = kernel.function("sys32_time").return ?, # timer_t __user * created_timer_id) # probe syscall.timer_create = kernel.function("SyS_timer_create") !, - kernel.function("sys_timer_create") + kernel.function("sys_timer_create") { name = "timer_create" clockid = $which_clock @@ -3066,7 +3066,7 @@ probe syscall.timer_create = kernel.function("SyS_timer_create") !, argstr = sprintf("%s, %p, %p", clockid_str, $timer_event_spec, $created_timer_id) } probe syscall.timer_create.return = kernel.function("SyS_timer_create").return !, - kernel.function("sys_timer_create").return + kernel.function("sys_timer_create").return { name = "timer_create" retstr = returnstr(1) @@ -3077,14 +3077,14 @@ probe syscall.timer_create.return = kernel.function("SyS_timer_create").return ! # long sys_timer_delete(timer_t timer_id) # probe syscall.timer_delete = kernel.function("SyS_timer_delete") !, - kernel.function("sys_timer_delete") + kernel.function("sys_timer_delete") { name = "timer_delete" timerid = $timer_id argstr = sprint($timer_id) } probe syscall.timer_delete.return = kernel.function("SyS_timer_delete").return !, - kernel.function("sys_timer_delete").return + kernel.function("sys_timer_delete").return { name = "timer_delete" retstr = returnstr(1) @@ -3095,14 +3095,14 @@ probe syscall.timer_delete.return = kernel.function("SyS_timer_delete").return ! # long sys_timer_getoverrun(timer_t timer_id) # probe syscall.timer_getoverrun = kernel.function("SyS_timer_getoverrun") !, - kernel.function("sys_timer_getoverrun") + kernel.function("sys_timer_getoverrun") { name = "timer_getoverrun" timerid = $timer_id argstr = sprint($timer_id) } probe syscall.timer_getoverrun.return = kernel.function("SyS_timer_getoverrun").return !, - kernel.function("sys_timer_getoverrun").return + kernel.function("sys_timer_getoverrun").return { name = "timer_getoverrun" retstr = returnstr(1) @@ -3114,7 +3114,7 @@ probe syscall.timer_getoverrun.return = kernel.function("SyS_timer_getoverrun"). # struct itimerspec __user *setting) # probe syscall.timer_gettime = kernel.function("SyS_timer_gettime") !, - kernel.function("sys_timer_gettime") + kernel.function("sys_timer_gettime") { name = "timer_gettime" timerid = $timer_id @@ -3122,7 +3122,7 @@ probe syscall.timer_gettime = kernel.function("SyS_timer_gettime") !, argstr = sprintf("%d, %p", $timer_id, $setting) } probe syscall.timer_gettime.return = kernel.function("SyS_timer_gettime").return !, - kernel.function("sys_timer_gettime").return + kernel.function("sys_timer_gettime").return { name = "timer_gettime" retstr = returnstr(1) @@ -3136,7 +3136,7 @@ probe syscall.timer_gettime.return = kernel.function("SyS_timer_gettime").return # struct itimerspec __user *old_setting) # probe syscall.timer_settime = kernel.function("SyS_timer_settime") !, - kernel.function("sys_timer_settime") + kernel.function("sys_timer_settime") { name = "timer_settime" timerid = $timer_id @@ -3148,7 +3148,7 @@ probe syscall.timer_settime = kernel.function("SyS_timer_settime") !, $old_setting) } probe syscall.timer_settime.return = kernel.function("SyS_timer_settime").return !, - kernel.function("sys_timer_settime").return + kernel.function("sys_timer_settime").return { name = "timer_settime" retstr = returnstr(1) @@ -3162,13 +3162,13 @@ probe syscall.timer_settime.return = kernel.function("SyS_timer_settime").return # const struct compat_itimerspec __user *utmr) # probe syscall.timerfd = kernel.function("sys_timerfd") ?, - kernel.function("compat_sys_timerfd") ? + kernel.function("compat_sys_timerfd") ? { name = "timerfd" argstr = sprintf("%d, %d, 0x%x", $ufd, $clockid, $flags) } probe syscall.timerfd.return = kernel.function("sys_timerfd").return ?, - kernel.function("compat_sys_timerfd").return ? + kernel.function("compat_sys_timerfd").return ? { name = "timerfd" retstr = returnstr(1) @@ -3179,15 +3179,15 @@ probe syscall.timerfd.return = kernel.function("sys_timerfd").return ?, # long sys_times(struct tms __user * tbuf) # long compat_sys_times(struct compat_tms __user *tbuf) probe syscall.times = kernel.function("compat_sys_times") ?, - kernel.function("SyS_times") !, - kernel.function("sys_times") ? + kernel.function("SyS_times") !, + kernel.function("sys_times") ? { name = "times" argstr = sprintf("%p", $tbuf) } probe syscall.times.return = kernel.function("compat_sys_times").return ?, - kernel.function("SyS_times").return !, - kernel.function("sys_times").return ? + kernel.function("SyS_times").return !, + kernel.function("sys_times").return ? { name = "times" retstr = returnstr(1) @@ -3200,7 +3200,7 @@ probe syscall.times.return = kernel.function("compat_sys_times").return ?, # int sig) # probe syscall.tkill = kernel.function("SyS_tkill") !, - kernel.function("sys_tkill") + kernel.function("sys_tkill") { name = "tkill" pid = $pid @@ -3208,7 +3208,7 @@ probe syscall.tkill = kernel.function("SyS_tkill") !, argstr = sprintf("%d, %s", $pid, _signal_name($sig)) } probe syscall.tkill.return = kernel.function("SyS_tkill").return !, - kernel.function("sys_tkill").return + kernel.function("sys_tkill").return { name = "tkill" retstr = returnstr(1) @@ -3220,8 +3220,8 @@ probe syscall.tkill.return = kernel.function("SyS_tkill").return !, # sys_truncate64(const char __user * path, loff_t length) # probe syscall.truncate = kernel.function("SyS_truncate") !, - kernel.function("sys_truncate") ?, - kernel.function("sys_truncate64") ? + kernel.function("sys_truncate") ?, + kernel.function("sys_truncate64") ? { name = "truncate" path_uaddr = $path @@ -3230,8 +3230,8 @@ probe syscall.truncate = kernel.function("SyS_truncate") !, argstr = sprintf("%s, %d", user_string_quoted($path), $length) } probe syscall.truncate.return = kernel.function("SyS_truncate").return !, - kernel.function("sys_truncate").return ?, - kernel.function("sys_truncate64").return ? + kernel.function("sys_truncate").return ?, + kernel.function("sys_truncate64").return ? { name = "truncate" retstr = returnstr(1) @@ -3257,14 +3257,14 @@ probe syscall.tux.return = kernel.function("sys_tux").return ? # long sys_umask(int mask) # probe syscall.umask = kernel.function("SyS_umask") !, - kernel.function("sys_umask") + kernel.function("sys_umask") { name = "umask" mask = $mask argstr = sprintf("%#o", $mask) } probe syscall.umask.return = kernel.function("SyS_umask").return !, - kernel.function("sys_umask").return + kernel.function("sys_umask").return { name = "umask" retstr = returnstr(3) @@ -3274,7 +3274,7 @@ probe syscall.umask.return = kernel.function("SyS_umask").return !, # long sys_umount(char __user * name, int flags) # probe syscall.umount = kernel.function("SyS_umount") !, - kernel.function("sys_umount") + kernel.function("sys_umount") { name = "umount" target = user_string($name) @@ -3283,7 +3283,7 @@ probe syscall.umount = kernel.function("SyS_umount") !, argstr = sprintf("%s, %s", user_string_quoted($name), flags_str) } probe syscall.umount.return = kernel.function("SyS_umount").return !, - kernel.function("sys_umount").return + kernel.function("sys_umount").return { name = "umount" retstr = returnstr(1) @@ -3297,22 +3297,22 @@ probe syscall.umount.return = kernel.function("SyS_umount").return !, # long sys32_uname(struct old_utsname __user * name) # probe syscall.uname = kernel.function("sys_uname") ?, - kernel.function("sys_olduname") ?, - kernel.function("sys32_olduname") ?, - kernel.function("sys32_uname") ?, - kernel.function("SyS_newuname") !, - kernel.function("sys_newuname") ? + kernel.function("sys_olduname") ?, + kernel.function("sys32_olduname") ?, + kernel.function("sys32_uname") ?, + kernel.function("SyS_newuname") !, + kernel.function("sys_newuname") ? { name = "uname" argstr = sprintf("%p", $name) } probe syscall.uname.return = kernel.function("sys_uname").return ?, - kernel.function("sys_olduname").return ?, - kernel.function("sys32_olduname").return ?, - kernel.function("sys32_uname").return ?, - kernel.function("SyS_newuname").return !, - kernel.function("sys_newuname").return ? + kernel.function("sys_olduname").return ?, + kernel.function("sys32_olduname").return ?, + kernel.function("sys32_uname").return ?, + kernel.function("SyS_newuname").return !, + kernel.function("sys_newuname").return ? { name = "uname" retstr = returnstr(1) @@ -3322,7 +3322,7 @@ probe syscall.uname.return = kernel.function("sys_uname").return ?, # long sys_unlink(const char __user * pathname) # probe syscall.unlink = kernel.function("SyS_unlink") !, - kernel.function("sys_unlink") + kernel.function("sys_unlink") { name = "unlink" pathname_uaddr = $pathname @@ -3330,7 +3330,7 @@ probe syscall.unlink = kernel.function("SyS_unlink") !, argstr = user_string_quoted($pathname) } probe syscall.unlink.return = kernel.function("SyS_unlink").return !, - kernel.function("sys_unlink").return + kernel.function("sys_unlink").return { name = "unlink" retstr = returnstr(1) @@ -3341,7 +3341,7 @@ probe syscall.unlink.return = kernel.function("SyS_unlink").return !, # long sys_unlinkat(int dfd, const char __user *pathname, # int flag) probe syscall.unlinkat = kernel.function("SyS_unlinkat") !, - kernel.function("sys_unlinkat") ? + kernel.function("sys_unlinkat") ? { name = "unlinkat" dfd = $dfd @@ -3353,7 +3353,7 @@ probe syscall.unlinkat = kernel.function("SyS_unlinkat") !, argstr = sprintf("%s, %s, %s", dfd_str, user_string_quoted($pathname), flag_str) } probe syscall.unlinkat.return = kernel.function("SyS_unlinkat").return !, - kernel.function("sys_unlinkat").return ? + kernel.function("sys_unlinkat").return ? { name = "unlinkat" retstr = returnstr(1) @@ -3363,14 +3363,14 @@ probe syscall.unlinkat.return = kernel.function("SyS_unlinkat").return !, # new function with 2.6.16 # long sys_unshare(unsigned long unshare_flags) probe syscall.unshare = kernel.function("SyS_unshare") !, - kernel.function("sys_unshare") ? + kernel.function("sys_unshare") ? { name = "unshare" unshare_flags = $unshare_flags argstr = __fork_flags(unshare_flags) } probe syscall.unshare.return = kernel.function("SyS_unshare").return !, - kernel.function("sys_unshare").return ? + kernel.function("sys_unshare").return ? { name = "unshare" retstr = returnstr(1) @@ -3382,7 +3382,7 @@ probe syscall.unshare.return = kernel.function("SyS_unshare").return !, # sys_uselib(const char __user * library) # probe syscall.uselib = kernel.function("SyS_uselib") !, - kernel.function("sys_uselib") + kernel.function("sys_uselib") { name = "uselib" library_uaddr = $library @@ -3390,7 +3390,7 @@ probe syscall.uselib = kernel.function("SyS_uselib") !, argstr = user_string_quoted($library) } probe syscall.uselib.return = kernel.function("SyS_uselib").return !, - kernel.function("sys_uselib").return + kernel.function("sys_uselib").return { name = "uselib" retstr = returnstr(1) @@ -3399,7 +3399,7 @@ probe syscall.uselib.return = kernel.function("SyS_uselib").return !, # long sys_ustat(unsigned dev, struct ustat __user * ubuf) # probe syscall.ustat = kernel.function("SyS_ustat") !, - kernel.function("sys_ustat") + kernel.function("sys_ustat") { name = "ustat" dev = $dev @@ -3416,8 +3416,8 @@ probe syscall.ustat32 = kernel.function("sys32_ustat") ? } probe syscall.ustat.return = kernel.function("SyS_ustat").return ?, - kernel.function("sys_ustat").return ?, - kernel.function("sys32_ustat").return ? + kernel.function("sys_ustat").return ?, + kernel.function("sys32_ustat").return ? { name = "ustat" retstr = returnstr(1) @@ -3426,7 +3426,7 @@ probe syscall.ustat.return = kernel.function("SyS_ustat").return ?, # utime ______________________________________________________ # long sys_utime(char __user * filename, struct utimbuf __user * times) probe syscall.utime = kernel.function("SyS_utime") !, - kernel.function("sys_utime") ? + kernel.function("sys_utime") ? { name = "utime" filename_uaddr = $filename @@ -3438,7 +3438,7 @@ probe syscall.utime = kernel.function("SyS_utime") !, ctime(actime), ctime(modtime)) } probe syscall.utime.return = kernel.function("SyS_utime").return !, - kernel.function("sys_utime").return ? + kernel.function("sys_utime").return ? { name = "utime" retstr = returnstr(1) @@ -3467,7 +3467,7 @@ probe syscall.compat_utime.return = kernel.function("compat_sys_utime").return ? # long sys_utimes(char __user * filename, struct timeval __user * utimes) # probe syscall.utimes = kernel.function("SyS_utimes") !, - kernel.function("sys_utimes") + kernel.function("sys_utimes") { name = "utimes" filename_uaddr = $filename @@ -3477,7 +3477,7 @@ probe syscall.utimes = kernel.function("SyS_utimes") !, _struct_timeval_u($utimes, 2)) } probe syscall.utimes.return = kernel.function("SyS_utimes").return !, - kernel.function("sys_utimes").return + kernel.function("sys_utimes").return { name = "utimes" retstr = returnstr(1) @@ -3504,7 +3504,7 @@ probe syscall.compat_sys_utimes.return = kernel.function("compat_sys_utimes").re # long compat_sys_utimensat(unsigned int dfd, char __user *filename, struct compat_timespec __user *t, int flags) # probe syscall.utimensat = kernel.function("SyS_utimensat") !, - kernel.function("sys_utimensat") ? + kernel.function("sys_utimensat") ? { name = "utimensat" argstr = sprintf("%s, %s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), _struct_timespec_u($utimes, 2), @@ -3517,7 +3517,7 @@ probe syscall.compat_utimensat = kernel.function("compat_sys_utimensat") ? _at_flag_str($flags)) } probe syscall.utimensat.return = kernel.function("SyS_utimensat").return !, - kernel.function("sys_utimensat").return ? + kernel.function("sys_utimensat").return ? { name = "utimensat" retstr = returnstr(1) @@ -3552,7 +3552,7 @@ probe syscall.vhangup.return = kernel.function("sys_vhangup").return # unsigned int nr_segs, unsigned int flags) # probe syscall.vmsplice = kernel.function("SyS_vmsplice") !, - kernel.function("sys_vmsplice") ? + kernel.function("sys_vmsplice") ? { name = "vmsplice" argstr = sprintf("%d, %p, %d, 0x%x", $fd, $iov, $nr_segs, $flags) @@ -3563,7 +3563,7 @@ probe syscall.compat_vmsplice = kernel.function("compat_sys_vmsplice") ? argstr = sprintf("%d, %p, %d, 0x%x", $fd, $iov32, $nr_segs, $flags) } probe syscall.vmsplice.return = kernel.function("SyS_vmsplice").return !, - kernel.function("sys_vmsplice").return ? + kernel.function("sys_vmsplice").return ? { name = "vmsplice" retstr = returnstr(1) @@ -3582,7 +3582,7 @@ probe syscall.compat_vmsplice.return = kernel.function("compat_sys_vmsplice").re # struct rusage __user *ru) # probe syscall.wait4 = kernel.function("SyS_wait4") !, - kernel.function("sys_wait4") + kernel.function("sys_wait4") { name = "wait4" pid = %( kernel_vr >= "2.6.25" %? $upid %: $pid%) @@ -3595,7 +3595,7 @@ probe syscall.wait4 = kernel.function("SyS_wait4") !, $stat_addr, _wait4_opt_str($options), $ru) } probe syscall.wait4.return = kernel.function("SyS_wait4").return !, - kernel.function("sys_wait4").return + kernel.function("sys_wait4").return { name = "wait4" retstr = returnstr(1) @@ -3609,7 +3609,7 @@ probe syscall.wait4.return = kernel.function("SyS_wait4").return !, # struct rusage __user *ru) # probe syscall.waitid = kernel.function("SyS_waitid") !, - kernel.function("sys_waitid") + kernel.function("sys_waitid") { name = "waitid" pid = %( kernel_vr >= "2.6.25" %? $upid %: $pid%) @@ -3624,7 +3624,7 @@ probe syscall.waitid = kernel.function("SyS_waitid") !, _waitid_opt_str($options), $ru) } probe syscall.waitid.return = kernel.function("SyS_waitid").return !, - kernel.function("sys_waitid").return + kernel.function("sys_waitid").return { name = "waitid" retstr = returnstr(1) @@ -3638,7 +3638,7 @@ probe syscall.waitid.return = kernel.function("SyS_waitid").return !, # struct rusage __user *ru) # probe syscall.waitpid = kernel.function("SyS_wait4") !, - kernel.function("sys_wait4") + kernel.function("sys_wait4") { name = "waitpid" pid = $pid @@ -3650,7 +3650,7 @@ probe syscall.waitpid = kernel.function("SyS_wait4") !, options_str, $ru) } probe syscall.waitpid.return = kernel.function("SyS_wait4").return !, - kernel.function("sys_wait4").return + kernel.function("sys_wait4").return { name = "waitpid" retstr = returnstr(1) @@ -3664,7 +3664,7 @@ probe syscall.waitpid.return = kernel.function("SyS_wait4").return !, # size_t count) # probe syscall.write = kernel.function("SyS_write") !, - kernel.function("sys_write") + kernel.function("sys_write") { name = "write" fd = $fd @@ -3673,7 +3673,7 @@ probe syscall.write = kernel.function("SyS_write") !, argstr = sprintf("%d, %s, %d", $fd, text_strn(user_string($buf), syscall_string_trunc, 1), $count) } probe syscall.write.return = kernel.function("SyS_write").return !, - kernel.function("sys_write").return + kernel.function("sys_write").return { name = "write" retstr = returnstr(1) @@ -3689,8 +3689,8 @@ probe syscall.write.return = kernel.function("SyS_write").return !, # unsigned long vlen) # probe syscall.writev = kernel.function("compat_sys_writev") ?, - kernel.function("SyS_writev") !, - kernel.function("sys_writev") + kernel.function("SyS_writev") !, + kernel.function("sys_writev") { name = "writev" vector_uaddr = $vec @@ -3704,8 +3704,8 @@ probe syscall.writev = kernel.function("compat_sys_writev") ?, %) } probe syscall.writev.return = kernel.function("compat_sys_writev").return ?, - kernel.function("SyS_writev").return !, - kernel.function("sys_writev").return + kernel.function("SyS_writev").return !, + kernel.function("sys_writev").return { name = "writev" retstr = returnstr(1) -- cgit From 1ecd17fe89c67b491ed9f61ed16410b425eca99e Mon Sep 17 00:00:00 2001 From: Wenji Huang Date: Tue, 19 May 2009 19:39:43 -0400 Subject: Adapt sid to latest kernel --- tapset/context.stp | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'tapset') diff --git a/tapset/context.stp b/tapset/context.stp index 5d855f80..468421ae 100644 --- a/tapset/context.stp +++ b/tapset/context.stp @@ -70,9 +70,13 @@ function ppid:long () %{ /* pure */ * leader. Session ID is stored in the signal_struct since Kernel 2.6.0. */ function sid:long () %{ /* pure */ +#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 24) struct signal_struct *ss = kread( &(current->signal) ); THIS->__retvalue = kread ( &(ss->session) ); CATCH_DEREF_FAULT(); +#else + THIS->__retvalue = task_session_nr_ns(current, &init_pid_ns); +#endif %} /** -- cgit From 29e2616aeeb82605a6efe1dbc574b499781eafbe Mon Sep 17 00:00:00 2001 From: Josh Stone Date: Wed, 20 May 2009 14:46:25 -0700 Subject: PR10177: init/kill time in sleepy context only Previously, _stp_init_time and _stp_kill_time were being called from begin/end/error probes, which will run with preemption disabled. The BUG reported on RT kernels showed that cpufreq_unregister_notifier can end up sleeping, which violates our preemption block. This patch moves the init/kill into systemtap_module_init/exit, where it is safe to sleep. The code maintains a new predicate with the define STAP_NEED_GETTIMEOFDAY, so we don't still incur any timer overhead if it's not used. --- tapset/timestamp_gtod.stp | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) (limited to 'tapset') diff --git a/tapset/timestamp_gtod.stp b/tapset/timestamp_gtod.stp index 43b127dc..b916a3b1 100644 --- a/tapset/timestamp_gtod.stp +++ b/tapset/timestamp_gtod.stp @@ -7,23 +7,10 @@ // Public License (GPL); either version 2, or (at your option) any // later version. -function _gettimeofday_init:long() %{ - THIS->__retvalue = _stp_init_time(); /* Kick off the Big Bang. */ +%{ +#define STAP_NEED_GETTIMEOFDAY 1 %} -probe begin(-0x8000000000000000) { - if (_gettimeofday_init() != 0) - error("couldn't initialize gettimeofday") -} - -function _gettimeofday_kill() %{ - _stp_kill_time(); /* Go to a beach. Drink a beer. */ -%} - -probe end(0x7FFFFFFFFFFFFFFF), error(0x7FFFFFFFFFFFFFFF) { - _gettimeofday_kill() -} - /** * sfunction gettimeofday_ns - Number of nanoseconds since UNIX epoch. -- cgit From bf4b8ae2b55776433785ee77c5a3985b63364a87 Mon Sep 17 00:00:00 2001 From: Przemyslaw Pawelczyk Date: Fri, 22 May 2009 13:58:27 +0200 Subject: Unify formatting of nd_syscalls.stp. Rules were already specified in commit c0c1ccc6. Signed-off-by: Josh Stone --- tapset/nd_syscalls.stp | 213 ++++++++++++++++++++++++------------------------- 1 file changed, 103 insertions(+), 110 deletions(-) (limited to 'tapset') diff --git a/tapset/nd_syscalls.stp b/tapset/nd_syscalls.stp index 32c3640e..b7172c0c 100644 --- a/tapset/nd_syscalls.stp +++ b/tapset/nd_syscalls.stp @@ -27,7 +27,7 @@ * braces are decoded structs. * * retstr - a string containing the return value in an easy-to-read format. -* Set in return probes only. +* Set in return probes only. */ @@ -106,7 +106,7 @@ probe nd_syscall.add_key = kprobe.function("sys_add_key") ? // payload_uaddr = $_payload // plen = $plen // ringid = $ringid - // argstr = sprintf("%s, %s, %s, %d, %d", + // argstr = sprintf("%s, %s, %s, %d, %d", // user_string_quoted($_type), // user_string_quoted($_description), // text_strn(user_string($_payload), syscall_string_trunc, 1), @@ -117,11 +117,11 @@ probe nd_syscall.add_key = kprobe.function("sys_add_key") ? payload_uaddr = pointer_arg(3) plen = ulong_arg(4) ringid = int_arg(5) - argstr = sprintf("%s, %s, %s, %d, %d", - user_string_quoted(type_uaddr), - user_string_quoted(description_uaddr), - text_strn(user_string(payload_uaddr), syscall_string_trunc, 1), - plen, ringid) + argstr = sprintf("%s, %s, %s, %d, %d", + user_string_quoted(type_uaddr), + user_string_quoted(description_uaddr), + text_strn(user_string(payload_uaddr), syscall_string_trunc, 1), + plen, ringid) } probe nd_syscall.add_key.return = kprobe.function("sys_add_key").return ? { @@ -200,14 +200,14 @@ probe nd_syscall.bdflush = kprobe.function("sys_bdflush") ? name = "bdflush" // func = $func // data = $data - // if (($func>=2)&&($func%2==0)) + // if (($func >= 2) && ($func % 2 == 0)) // data_str = sprintf("%p", $data) // else // data_str = sprintf("%d", $data) asmlinkage() func = int_arg(1) data = long_arg(2) - if ((func>=2)&&(func%2==0)) + if ((func >= 2) && (func % 2 == 0)) data_str = sprintf("%p", data) else data_str = sprintf("%d", data) @@ -361,12 +361,12 @@ probe nd_syscall.chown = kprobe.function("sys_chown") // path = user_string($filename) // owner = __int32($user) // group = __int32($group) - // argstr = sprintf("%s, %d, %d", user_string_quoted($filename), owner, group) + // argstr = sprintf("%s, %d, %d", user_string_quoted($filename), owner, group) asmlinkage() path = user_string(pointer_arg(1)) owner = __int32(uint_arg(2)) group = __int32(uint_arg(3)) - argstr = sprintf("%s, %d, %d", user_string_quoted(pointer_arg(1)), owner, group) + argstr = sprintf("%s, %d, %d", user_string_quoted(pointer_arg(1)), owner, group) } probe nd_syscall.chown.return = kprobe.function("sys_chown").return { @@ -374,7 +374,7 @@ probe nd_syscall.chown.return = kprobe.function("sys_chown").return retstr = returnstr(1) } # chown16 ___________________________________________________ -# long sys_chown16(const char __user * filename, old_uid_t user, +# long sys_chown16(const char __user * filename, old_uid_t user, # old_gid_t group) # probe nd_syscall.chown16 = kprobe.function("sys_chown16") ? @@ -416,7 +416,7 @@ probe nd_syscall.chroot.return = kprobe.function("sys_chroot").return # clock_getres _______________________________________________ # long sys_clock_getres(clockid_t which_clock, struct timespec __user *tp) # long compat_clock_getres(clockid_t which_clock, struct compat_timespec __user *tp) -# +# probe nd_syscall.clock_getres = kprobe.function("sys_clock_getres"), kprobe.function("compat_clock_getres") ? { @@ -480,7 +480,7 @@ probe nd_syscall.clock_nanosleep = kprobe.function("sys_clock_nanosleep") else flag_str = sprintf("0x%x", flags) argstr = sprintf("%s, %s, %s, %p", _get_wc_str(int_arg(1)), flag_str, - _struct_timespec_u(pointer_arg(3), 1), pointer_arg(4)) + _struct_timespec_u(pointer_arg(3), 1), pointer_arg(4)) } probe nd_syscall.clock_nanosleep.return = kprobe.function("sys_clock_nanosleep").return { @@ -510,8 +510,8 @@ probe nd_syscall.compat_clock_nanosleep = kprobe.function("compat_clock_nanoslee else flag_str = sprintf("0x%x", flags) argstr = sprintf("%s, %s, %s, %p", _get_wc_str(int_arg(1)), flag_str, - _struct_compat_timespec_u(pointer_arg(3), 1), - pointer_arg(4)) + _struct_compat_timespec_u(pointer_arg(3), 1), + pointer_arg(4)) } probe nd_syscall.compat_clock_nanosleep.return = kprobe.function("compat_clock_nanosleep").return ?, kprobe.function("compat_sys_clock_nanosleep").return ? @@ -892,7 +892,7 @@ probe nd_syscall.fadvise64_64 = kprobe.function("sys_fadvise64_64") advice = int_arg(4) argstr = sprintf("%d, %d, %d, %s", fd, offset, len, _fadvice_advice_str(advice)) } -probe nd_syscall.fadvise64_64.return = kprobe.function("sys_fadvise64_64").return +probe nd_syscall.fadvise64_64.return = kprobe.function("sys_fadvise64_64").return { name = "fadvise64_64" retstr = returnstr(1) @@ -930,7 +930,7 @@ probe nd_syscall.fadvise64_64 = kprobe.function("sys_fadvise64_64") advice = 0 argstr = "" } -probe nd_syscall.fadvise64_64.return = kprobe.function("sys_fadvise64_64").return +probe nd_syscall.fadvise64_64.return = kprobe.function("sys_fadvise64_64").return { name = "fadvise64_64" retstr = returnstr(1) @@ -980,12 +980,12 @@ probe nd_syscall.fchown = kprobe.function("sys_fchown") // fd = $fd // owner = __int32($user) // group = __int32($group) - // argstr = sprintf("%d, %d, %d", $fd, owner, group) + // argstr = sprintf("%d, %d, %d", $fd, owner, group) asmlinkage() fd = int_arg(1) owner = __int32(uint_arg(2)) group = __int32(uint_arg(3)) - argstr = sprintf("%d, %d, %d", fd, owner, group) + argstr = sprintf("%d, %d, %d", fd, owner, group) } probe nd_syscall.fchown.return = kprobe.function("sys_fchown").return { @@ -1125,7 +1125,8 @@ probe nd_syscall.flock.return = kprobe.function("sys_flock").return retstr = returnstr(1) } -function __is_user_regs:long (regs:long) %{ /* pure */ +function __is_user_regs:long (regs:long) /* pure */ +%{ struct pt_regs * regs = (void *)((unsigned long)THIS->regs); /* copied from asm/ptrace.h */ #if defined(__i386__) @@ -1181,7 +1182,7 @@ probe nd_syscall.fork = kprobe.function("do_fork") if (!__is_user_regs(regs)) { name = "fork_kernel_thread" - argstr = __fork_flags(clone_flags) + argstr = __fork_flags(clone_flags) } else if (clone_flags & 17) name = "fork" else if (clone_flags & 0x4000) @@ -1258,7 +1259,7 @@ probe nd_syscall.fsetxattr.return = kprobe.function("sys_fsetxattr").return # struct oldabi_stat64 __user * statbuf) # long compat_sys_newfstat(unsigned int fd, struct compat_stat __user * statbuf) # -probe nd_syscall.fstat = kprobe.function("sys_fstat") ?, +probe nd_syscall.fstat = kprobe.function("sys_fstat") ?, kprobe.function("sys_fstat64") ?, kprobe.function("sys32_fstat64") ?, kprobe.function("sys_newfstat") ?, @@ -1290,7 +1291,7 @@ probe nd_syscall.fstat.return = kprobe.function("sys_fstat").return ?, # long sys_newfstatat(int dfd, char __user *filename, struct stat __user *statbuf, int flag) # long sys_fstatat64(int dfd, char __user *filename, struct stat64 __user *statbuf, int flag) # long compat_sys_newfstatat(unsigned int dfd, char __user *filename, struct compat_stat __user *statbuf, int flag) -probe nd_syscall.fstatat = kprobe.function("sys_fstatat64") ?, +probe nd_syscall.fstatat = kprobe.function("sys_fstatat64") ?, kprobe.function("sys_newfstatat") ?, kprobe.function("compat_sys_newfstatat") ?, kprobe.function("sys32_fstatat64") ? @@ -1306,7 +1307,7 @@ probe nd_syscall.fstatat = kprobe.function("sys_fstatat64") ?, buf_uaddr = pointer_arg(3) argstr = sprintf("%s, %s, %p, %s", _dfd_str(dirfd), user_string_quoted(pointer_arg(2)), buf_uaddr, _at_flag_str(int_arg(4))) } -probe nd_syscall.fstatat.return = kprobe.function("sys_fstatat64").return ?, +probe nd_syscall.fstatat.return = kprobe.function("sys_fstatat64").return ?, kprobe.function("sys_newfstatat").return ?, kprobe.function("compat_sys_newfstatat").return ?, kprobe.function("sys32_fstatat64").return ? @@ -1435,11 +1436,11 @@ probe nd_syscall.futex = kprobe.function("sys_futex") ? // uaddr2_uaddr = $uaddr2 // val3 = $val3 // if (op == 0) - // argstr = sprintf("%p, %s, %d, %s", $uaddr, _futex_op_str($op), - // $val, _struct_timespec_u($utime, 1)) + // argstr = sprintf("%p, %s, %d, %s", $uaddr, _futex_op_str($op), + // $val, _struct_timespec_u($utime, 1)) // else - // argstr = sprintf("%p, %s, %d", $uaddr, _futex_op_str($op), - // $val) + // argstr = sprintf("%p, %s, %d", $uaddr, _futex_op_str($op), + // $val) asmlinkage() futex_uaddr = pointer_arg(1) op = int_arg(2) @@ -1450,10 +1451,10 @@ probe nd_syscall.futex = kprobe.function("sys_futex") ? if (op == 0) argstr = sprintf("%p, %s, %d, %s", futex_uaddr, _futex_op_str(op), val, - _struct_timespec_u(utime_uaddr, 1)) + _struct_timespec_u(utime_uaddr, 1)) else argstr = sprintf("%p, %s, %d", futex_uaddr, - _futex_op_str(op), val) + _futex_op_str(op), val) } probe nd_syscall.futex.return = kprobe.function("sys_futex").return ? { @@ -1470,11 +1471,11 @@ probe nd_syscall.compat_futex = kprobe.function("compat_sys_futex") ? // uaddr2_uaddr = $uaddr2 // val3 = $val3 // if (op == 0) - // argstr = sprintf("%p, %s, %d, %s", $uaddr, _futex_op_str($op), - // $val, _struct_compat_timespec_u($utime, 1)) + // argstr = sprintf("%p, %s, %d, %s", $uaddr, _futex_op_str($op), + // $val, _struct_compat_timespec_u($utime, 1)) // else - // argstr = sprintf("%p, %s, %d", $uaddr, _futex_op_str($op), - // $val) + // argstr = sprintf("%p, %s, %d", $uaddr, _futex_op_str($op), + // $val) asmlinkage() futex_uaddr = pointer_arg(1) op = int_arg(2) @@ -1485,10 +1486,10 @@ probe nd_syscall.compat_futex = kprobe.function("compat_sys_futex") ? if (op == 0) argstr = sprintf("%p, %s, %d, %s", futex_uaddr, _futex_op_str(op), val, - _struct_compat_timespec_u(utime_uaddr, 1)) + _struct_compat_timespec_u(utime_uaddr, 1)) else argstr = sprintf("%p, %s, %d", futex_uaddr, - _futex_op_str(op), val) + _futex_op_str(op), val) } probe nd_syscall.compat_futex.return = kprobe.function("compat_sys_futex").return ? { @@ -1509,14 +1510,14 @@ probe nd_syscall.futimesat = kprobe.function("sys_futimesat") ? // filename_uaddr = $filename // filename = user_string($filename) // tvp_uaddr = $utimes - // argstr = sprintf("%s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), + // argstr = sprintf("%s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), // _struct_timeval_u($utimes, 2)) asmlinkage() dirfd = int_arg(1) filename_uaddr = pointer_arg(2) filename = user_string(filename_uaddr) tvp_uaddr = pointer_arg(3) - argstr = sprintf("%s, %s, %s", _dfd_str(dirfd), user_string_quoted(filename_uaddr), + argstr = sprintf("%s, %s, %s", _dfd_str(dirfd), user_string_quoted(filename_uaddr), _struct_timeval_u(tvp_uaddr, 2)) } probe nd_syscall.compat_futimesat = kprobe.function("compat_sys_futimesat") ? @@ -1526,14 +1527,14 @@ probe nd_syscall.compat_futimesat = kprobe.function("compat_sys_futimesat") ? // filename_uaddr = $filename // filename = user_string($filename) // tvp_uaddr = $utimes - // argstr = sprintf("%s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), + // argstr = sprintf("%s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), // _struct_timeval_u($utimes, 2)) asmlinkage() dirfd = uint_arg(1) filename_uaddr = pointer_arg(2) filename = user_string(pointer_arg(2)) tvp_uaddr = pointer_arg(3) - argstr = sprintf("%s, %s, %s", _dfd_str(uint_arg(1)), user_string_quoted(pointer_arg(2)), + argstr = sprintf("%s, %s, %s", _dfd_str(uint_arg(1)), user_string_quoted(pointer_arg(2)), _struct_compat_timeval_u(pointer_arg(3), 2)) } probe nd_syscall.futimesat.return = kprobe.function("sys_futimesat").return ? @@ -1641,7 +1642,7 @@ probe nd_syscall.geteuid.return = kprobe.function("sys_geteuid16").return ?, # probe nd_syscall.getgid = kprobe.function("sys_getgid16") ?, kprobe.function("sys32_getgid16") ?, - kprobe.function("sys_getgid") + kprobe.function("sys_getgid") { name = "getgid" argstr = "" @@ -1706,11 +1707,11 @@ probe nd_syscall.getitimer = kprobe.function("sys_getitimer") name = "getitimer" // which = $which // value_uaddr = $value - // argstr = sprintf("%s, %p", _itimer_which_str($which), $value) + // argstr = sprintf("%s, %p", _itimer_which_str($which), $value) asmlinkage() which = int_arg(1) value_uaddr = pointer_arg(2) - argstr = sprintf("%s, %p", _itimer_which_str(which), value_uaddr ) + argstr = sprintf("%s, %p", _itimer_which_str(which), value_uaddr) } probe nd_syscall.getitimer.return = kprobe.function("sys_getitimer").return { @@ -1723,11 +1724,11 @@ probe nd_syscall.compat_getitimer = kprobe.function("compat_sys_getitimer") ? name = "getitimer" // which = $which // value_uaddr = $it - // argstr = sprintf("%s, %p", _itimer_which_str($which), $it) + // argstr = sprintf("%s, %p", _itimer_which_str($which), $it) asmlinkage() which = int_arg(1) value_uaddr = pointer_arg(2) - argstr = sprintf("%s, %p", _itimer_which_str(which), value_uaddr) + argstr = sprintf("%s, %p", _itimer_which_str(which), value_uaddr) } probe nd_syscall.compat_getitimer.return = kprobe.function("compat_sys_getitimer").return ? { @@ -1764,7 +1765,7 @@ probe nd_syscall.get_mempolicy = kprobe.function("sys_get_mempolicy") ?, addr = ulong_arg(4) flags = ulong_arg(5) argstr = sprintf("%p, %p, %d, %p, 0x%x", policy_uaddr, - nmask_uaddr, maxnode, addr, flags) + nmask_uaddr, maxnode, addr, flags) } probe nd_syscall.get_mempolicy.return = kprobe.function("sys_get_mempolicy").return ?, kprobe.function("compat_sys_get_mempolicy").return ? @@ -1877,7 +1878,7 @@ probe nd_syscall.getpriority.return = kprobe.function("sys_getpriority").return # old_uid_t __user *egid, # old_uid_t __user *sgid) probe nd_syscall.getresgid = kprobe.function("sys_getresgid16") ?, - kprobe.function("sys_getresgid") + kprobe.function("sys_getresgid") { name = "getresgid" // rgid_uaddr = $rgid @@ -1898,7 +1899,7 @@ probe nd_syscall.getresgid.return = kprobe.function("sys_getresgid16").return ?, } # getresuid __________________________________________________ -# long sys_getresuid(uid_t __user *ruid, +# long sys_getresuid(uid_t __user *ruid, # uid_t __user *euid, # uid_t __user *suid) probe nd_syscall.getresuid = kprobe.function("sys_getresuid16") ?, @@ -1916,7 +1917,7 @@ probe nd_syscall.getresuid = kprobe.function("sys_getresuid16") ?, argstr = sprintf("%p, %p, %p", ruid_uaddr, euid_uaddr, suid_uaddr) } probe nd_syscall.getresuid.return = kprobe.function("sys_getresuid16").return ?, - kprobe.function("sys_getresuid").return + kprobe.function("sys_getresuid").return { name = "getresuid" retstr = returnstr(1) @@ -1953,27 +1954,19 @@ probe nd_syscall.getrusage = kprobe.function("sys_getrusage") { name = "getrusage" // who = $who - // if($who==-2) - // { + // if ($who == -2) { // # RUSAGE_BOTH is not valid argument for sys_getrusage // who_str = sprintf("UNKNOWN VALUE: %d", $who) - // } - // else - // { + // } else // who_str = _rusage_who_str($who) - // } // usage_uaddr = $ru asmlinkage() who = int_arg(1) - if(who==-2) - { + if (who == -2) { # RUSAGE_BOTH is not valid argument for sys_getrusage who_str = sprintf("UNKNOWN VALUE: %d", who) - } - else - { + } else who_str = _rusage_who_str(who) - } usage_uaddr = pointer_arg(2) argstr = sprintf("%s, %p", who_str, usage_uaddr) } @@ -2051,10 +2044,10 @@ probe nd_syscall.getsockopt = kprobe.function("sys_getsockopt") ?, optval_uaddr = pointer_arg(4) optlen_uaddr = pointer_arg(5) argstr = sprintf("%d, %s, %s, %p, %p", fd, _sockopt_level_str(level), - _sockopt_optname_str(optname), optval_uaddr, optlen_uaddr) + _sockopt_optname_str(optname), optval_uaddr, optlen_uaddr) } probe nd_syscall.getsockopt.return = kprobe.function("sys_getsockopt").return ?, - kprobe.function("compat_sys_getsockopt").return ? + kprobe.function("compat_sys_getsockopt").return ? { name = "getsockopt" retstr = returnstr(1) @@ -2076,7 +2069,7 @@ probe nd_syscall.gettid.return = kprobe.function("sys_gettid").return # gettimeofday _______________________________________________ # long sys_gettimeofday(struct timeval __user *tv, # struct timezone __user *tz) -# long sys32_gettimeofday(struct compat_timeval __user *tv, +# long sys32_gettimeofday(struct compat_timeval __user *tv, # struct timezone __user *tz) # long compat_sys_gettimeofday(struct compat_timeval __user *tv, # struct timezone __user *tz) @@ -2136,11 +2129,11 @@ probe nd_syscall.getxattr = kprobe.function("sys_getxattr") // name2 = user_string($name) // value_uaddr = $value // size = $size - // argstr = sprintf("%s, %s, %p, %d", + // argstr = sprintf("%s, %s, %p, %d", // %( kernel_v >= "2.6.27" %? - // user_string_quoted($pathname), + // user_string_quoted($pathname), // %: - // user_string_quoted($path), + // user_string_quoted($path), // %) // user_string_quoted($name), // value_uaddr, size) @@ -2150,8 +2143,8 @@ probe nd_syscall.getxattr = kprobe.function("sys_getxattr") name2 = user_string(pointer_arg(2)) value_uaddr = pointer_arg(3) size = ulong_arg(4) - argstr = sprintf("%s, %s, %p, %d", - user_string_quoted(path), + argstr = sprintf("%s, %s, %p, %d", + user_string_quoted(path), user_string_quoted(pointer_arg(2)), value_uaddr, size) } @@ -2380,7 +2373,7 @@ probe nd_syscall.ioperm.return = kprobe.function("sys_ioperm").return ? # io_setup ___________________________________________________ # long sys_io_setup(unsigned nr_events, aio_context_t __user *ctxp) -# +# probe nd_syscall.io_setup = kprobe.function("sys_io_setup") { name = "io_setup" @@ -2601,7 +2594,7 @@ probe nd_syscall.lchown.return = kprobe.function("sys_lchown").return } # lchown16 ___________________________________________________ -# long sys_lchown16(const char __user * filename, old_uid_t user, +# long sys_lchown16(const char __user * filename, old_uid_t user, # old_gid_t group) # probe nd_syscall.lchown16 = kprobe.function("sys_lchown16") ? @@ -2640,11 +2633,11 @@ probe nd_syscall.lgetxattr = kprobe.function("sys_lgetxattr") // name2 = user_string($name) // value_uaddr = $value // size = $size - // argstr = sprintf("%s, %s, %p, %d", + // argstr = sprintf("%s, %s, %p, %d", // %( kernel_v >= "2.6.27" %? - // user_string_quoted($pathname), + // user_string_quoted($pathname), // %: - // user_string_quoted($path), + // user_string_quoted($path), // %) // user_string_quoted($name), // value_uaddr, size) @@ -2654,8 +2647,8 @@ probe nd_syscall.lgetxattr = kprobe.function("sys_lgetxattr") name2 = user_string(pointer_arg(2)) value_uaddr = pointer_arg(3) size = ulong_arg(4) - argstr = sprintf("%s, %s, %p, %d", - user_string_quoted(pointer_arg(1)), + argstr = sprintf("%s, %s, %p, %d", + user_string_quoted(pointer_arg(1)), user_string_quoted(pointer_arg(2)), value_uaddr, size) } @@ -2672,14 +2665,14 @@ probe nd_syscall.link = kprobe.function("sys_link") name = "link" // oldpath = user_string($oldname) // newpath = user_string($newname) - // argstr = sprintf("%s, %s", - // user_string_quoted($oldname), + // argstr = sprintf("%s, %s", + // user_string_quoted($oldname), // user_string_quoted($newname)) asmlinkage() oldpath = user_string(pointer_arg(1)) newpath = user_string(pointer_arg(2)) - argstr = sprintf("%s, %s", - user_string_quoted(pointer_arg(1)), + argstr = sprintf("%s, %s", + user_string_quoted(pointer_arg(1)), user_string_quoted(pointer_arg(2))) } probe nd_syscall.link.return = kprobe.function("sys_link").return @@ -2695,11 +2688,11 @@ probe nd_syscall.listen = kprobe.function("sys_listen") ? name = "listen" // sockfd = $fd // backlog = $backlog - // argstr = sprintf("%d, %d", $fd, $backlog) + // argstr = sprintf("%d, %d", $fd, $backlog) asmlinkage() sockfd = int_arg(1) backlog = int_arg(2) - argstr = sprintf("%d, %d", sockfd, backlog) + argstr = sprintf("%d, %d", sockfd, backlog) } probe nd_syscall.listen.return = kprobe.function("sys_listen").return ? { @@ -2833,11 +2826,11 @@ probe nd_syscall.lremovexattr = kprobe.function("sys_lremovexattr") // %( kernel_v >= "2.6.27" %? // path_uaddr = $pathname // path = user_string($pathname) - // argstr = sprintf("%s, %s", user_string_quoted($pathname), user_string_quoted($name)) + // argstr = sprintf("%s, %s", user_string_quoted($pathname), user_string_quoted($name)) // %: // path_uaddr = $path // path = user_string($path) - // argstr = sprintf("%s, %s", user_string_quoted($path), user_string_quoted($name)) + // argstr = sprintf("%s, %s", user_string_quoted($path), user_string_quoted($name)) // %) asmlinkage() path_uaddr = pointer_arg(1) @@ -2898,11 +2891,11 @@ probe nd_syscall.lsetxattr = kprobe.function("sys_lsetxattr") // value_uaddr = $value // size = $size // flags = $flags - // argstr = sprintf("%s, %s, %p, %d, %d", + // argstr = sprintf("%s, %s, %p, %d, %d", // %( kernel_v >= "2.6.27" %? - // user_string_quoted($pathname), + // user_string_quoted($pathname), // %: - // user_string_quoted($path), + // user_string_quoted($path), // %) // user_string_quoted($name), // value_uaddr, $size, $flags) @@ -2914,10 +2907,10 @@ probe nd_syscall.lsetxattr = kprobe.function("sys_lsetxattr") value_uaddr = pointer_arg(3) size = ulong_arg(4) flags = int_arg(5) - argstr = sprintf("%s, %s, %p, %d, %d", - user_string_quoted(path_uaddr), - user_string_quoted(name_uaddr), - value_uaddr, size, flags) + argstr = sprintf("%s, %s, %p, %d, %d", + user_string_quoted(path_uaddr), + user_string_quoted(name_uaddr), + value_uaddr, size, flags) } probe nd_syscall.lsetxattr.return = kprobe.function("sys_lsetxattr").return { @@ -2944,11 +2937,11 @@ probe nd_syscall.lstat = kprobe.function("sys_lstat") ?, name = "lstat" // path = user_string($filename) // buf_uaddr = $statbuf - // argstr = sprintf("%s, %p", user_string_quoted($filename), $statbuf) + // argstr = sprintf("%s, %p", user_string_quoted($filename), $statbuf) asmlinkage() path = user_string(pointer_arg(1)) buf_uaddr = pointer_arg(2) - argstr = sprintf("%s, %p", user_string_quoted(pointer_arg(1)), buf_uaddr) + argstr = sprintf("%s, %p", user_string_quoted(pointer_arg(1)), buf_uaddr) } probe nd_syscall.lstat.return = kprobe.function("sys_lstat").return ?, kprobe.function("sys_newlstat").return ?, @@ -2956,7 +2949,7 @@ probe nd_syscall.lstat.return = kprobe.function("sys_lstat").return ?, kprobe.function("sys32_lstat64").return ?, kprobe.function("sys_lstat64").return ?, kprobe.function("sys_oabi_lstat64").return ? -{ +{ name = "lstat" retstr = returnstr(1) } @@ -3020,7 +3013,7 @@ probe nd_syscall.mbind = kprobe.function("sys_mbind") ?, maxnode = ulong_arg(5) flags = uint_arg(6) argstr = sprintf("%d, %d, %d, %p, %d, 0x%x", start, len, mode, - nmask_uaddr, maxnode, flags) + nmask_uaddr, maxnode, flags) } probe nd_syscall.mbind.return = kprobe.function("sys_mbind").return ?, kprobe.function("compat_sys_mbind").return ? @@ -3228,10 +3221,10 @@ probe nd_syscall.move_pages.return = kprobe.function("sys_move_pages").return ?, # char __user * type, # unsigned long flags, # void __user * data) -# long compat_sys_mount(char __user * dev_name, +# long compat_sys_mount(char __user * dev_name, # char __user * dir_name, -# char __user * type, -# unsigned long flags, +# char __user * type, +# unsigned long flags, # void __user * data) probe nd_syscall.mount = kprobe.function("sys_mount"), kprobe.function("compat_sys_mount") ? @@ -3243,10 +3236,10 @@ probe nd_syscall.mount = kprobe.function("sys_mount"), // mountflags = $flags // mountflags_str = _mountflags_str($flags) // data = text_strn(user_string($data), syscall_string_trunc, 1) - // argstr = sprintf("%s, %s, %s, %s, %s", - // user_string_quoted($dev_name), - // user_string_quoted($dir_name), - // user_string_quoted($type), + // argstr = sprintf("%s, %s, %s, %s, %s", + // user_string_quoted($dev_name), + // user_string_quoted($dir_name), + // user_string_quoted($type), // mountflags_str, data) asmlinkage() source = user_string(pointer_arg(1)) @@ -3255,13 +3248,13 @@ probe nd_syscall.mount = kprobe.function("sys_mount"), mountflags = ulong_arg(4) mountflags_str = _mountflags_str(mountflags) data = text_strn(user_string(pointer_arg(5)), syscall_string_trunc, 1) - argstr = sprintf("%s, %s, %s, %s, %s", - user_string_quoted(pointer_arg(1)), - user_string_quoted(pointer_arg(2)), - user_string_quoted(pointer_arg(3)), + argstr = sprintf("%s, %s, %s, %s, %s", + user_string_quoted(pointer_arg(1)), + user_string_quoted(pointer_arg(2)), + user_string_quoted(pointer_arg(3)), mountflags_str, data) } -probe nd_syscall.mount.return = kprobe.function("sys_mount").return, +probe nd_syscall.mount.return = kprobe.function("sys_mount").return, kprobe.function("compat_sys_mount").return ? { name = "mount" @@ -3416,7 +3409,7 @@ probe nd_syscall.mq_timedreceive = kprobe.function("sys_mq_timedreceive") ?, msg_prio_uaddr = pointer_arg(4) abs_timeout_uaddr = pointer_arg(5) argstr = sprintf("%d, %p, %d, %p, %p", mqdes, msg_ptr_uaddr, msg_len, - msg_prio_uaddr, abs_timeout_uaddr) + msg_prio_uaddr, abs_timeout_uaddr) } probe nd_syscall.mq_timedreceive.return = kprobe.function("sys_mq_timedreceive").return ?, kprobe.function("compat_sys_mq_timedreceive").return ? @@ -3454,7 +3447,7 @@ probe nd_syscall.mq_timedsend = kprobe.function("sys_mq_timedsend") ?, msg_prio = uint_arg(4) abs_timeout_uaddr = pointer_arg(5) argstr = sprintf("%d, %p, %d, %d, %p", mqdes, msg_ptr_uaddr, msg_len, - msg_prio, abs_timeout_uaddr) + msg_prio, abs_timeout_uaddr) } probe nd_syscall.mq_timedsend.return = kprobe.function("sys_mq_timedsend").return ?, kprobe.function("compat_sys_mq_timedsend").return ? -- cgit From 8b09a1a4620cd8eac7d6df65bda799f5d4bcfe2b Mon Sep 17 00:00:00 2001 From: Przemyslaw Pawelczyk Date: Fri, 22 May 2009 16:31:15 +0200 Subject: Remove return probes for exit[_group] in nd_syscalls.stp. Analogue of commit 39a8b0bc. Signed-off-by: Josh Stone --- tapset/nd_syscalls.stp | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'tapset') diff --git a/tapset/nd_syscalls.stp b/tapset/nd_syscalls.stp index b7172c0c..aa6ad694 100644 --- a/tapset/nd_syscalls.stp +++ b/tapset/nd_syscalls.stp @@ -832,7 +832,8 @@ probe nd_syscall.exit = kprobe.function("do_exit") status = int_arg(1) argstr = sprint(status) } -probe nd_syscall.exit.return = end {} +# sys_exit() never returns, and is blacklisted for return probes, +# so no alias here. See bz6588. # exit_group _________________________________________________ # void sys_exit_group(int error_code) @@ -846,8 +847,8 @@ probe nd_syscall.exit_group = kprobe.function("sys_exit_group") status = int_arg(1) argstr = sprint(status) } - -probe nd_syscall.exit_group.return = end {} +# sys_exit_group() never returns, and is blacklisted for return probes, +# so no alias here. See bz6588. %(arch != "x86_64" %? # fadvise64 __________________________________________________ -- cgit From edd119a6daa564ffc7ba8db9bc2927929ea7e25e Mon Sep 17 00:00:00 2001 From: Przemyslaw Pawelczyk Date: Fri, 22 May 2009 17:15:21 +0200 Subject: Add missing probe points in nd_syscalls.stp. Add probe points for faccessat, fchmodat, fchownat, linkat and mknodat. Analogue of commits: a3d153e5, 335972be, 46e2c2c1, c815c982, dac6e242 and bad69f1d. Signed-off-by: Josh Stone --- tapset/nd_syscalls.stp | 154 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 154 insertions(+) (limited to 'tapset') diff --git a/tapset/nd_syscalls.stp b/tapset/nd_syscalls.stp index aa6ad694..fef79a0c 100644 --- a/tapset/nd_syscalls.stp +++ b/tapset/nd_syscalls.stp @@ -850,6 +850,32 @@ probe nd_syscall.exit_group = kprobe.function("sys_exit_group") # sys_exit_group() never returns, and is blacklisted for return probes, # so no alias here. See bz6588. +# faccessat __________________________________________________ +# new function with 2.6.16 +# long sys_faccessat(int dfd, const char __user *filename, int mode) +probe nd_syscall.faccessat = kprobe.function("sys_faccessat") ? +{ + name = "faccessat" + // dirfd = $dfd + // dirfd_str = _dfd_str($dfd) + // pathname = user_string($filename) + // mode = $mode + // mode_str = _access_mode_str($mode) + // argstr = sprintf("%s, %s, %s", dirfd_str, user_string_quoted($filename), mode_str) + asmlinkage() + dirfd = int_arg(1) + dirfd_str = _dfd_str(dirfd) + pathname = user_string(pointer_arg(2)) + mode = int_arg(3) + mode_str = _access_mode_str(mode) + argstr = sprintf("%s, %s, %s", dirfd_str, user_string_quoted(pointer_arg(2)), mode_str) +} +probe nd_syscall.faccessat.return = kprobe.function("sys_faccessat").return ? +{ + name = "faccessat" + retstr = returnstr(1) +} + %(arch != "x86_64" %? # fadvise64 __________________________________________________ # long sys_fadvise64(int fd, loff_t offset, size_t len, int advice) @@ -973,6 +999,31 @@ probe nd_syscall.fchmod.return = kprobe.function("sys_fchmod").return retstr = returnstr(1) } +# fchmodat ___________________________________________________ +# new function with 2.6.16 +# long sys_fchmodat(int dfd, const char __user *filename, +# mode_t mode) +probe nd_syscall.fchmodat = kprobe.function("sys_fchmodat") ? +{ + name = "fchmodat" + // dirfd = $dfd + // dirfd_str = _dfd_str($dfd) + // pathname = user_string($filename) + // mode = $mode + // argstr = sprintf("%s, %s, %#o", dirfd_str, user_string_quoted($filename), $mode) + asmlinkage() + dirfd = int_arg(1) + dirfd_str = _dfd_str(dirfd) + pathname = user_string(pointer_arg(2)) + mode = uint_arg(3) + argstr = sprintf("%s, %s, %#o", dirfd_str, user_string_quoted(pointer_arg(2)), mode) +} +probe nd_syscall.fchmodat.return = kprobe.function("sys_fchmodat").return ? +{ + name = "fchmodat" + retstr = returnstr(1) +} + # fchown _____________________________________________________ # long sys_fchown(unsigned int fd, uid_t user, gid_t group) probe nd_syscall.fchown = kprobe.function("sys_fchown") @@ -1015,6 +1066,39 @@ probe nd_syscall.fchown16.return = kprobe.function("sys_fchown16").return ? retstr = returnstr(1) } +# fchownat ___________________________________________________ +# new function with 2.6.16 +# long sys_fchownat(int dfd, const char __user *filename, +# uid_t user, gid_t group, int flag) +probe nd_syscall.fchownat = kprobe.function("sys_fchownat") ? +{ + name = "fchownat" + // dirfd = $dfd + // dirfd_str = _dfd_str($dfd) + // pathname = user_string($filename) + // owner = __int32($user) + // group = __int32($group) + // flags = $flag + // flags_str = _at_flag_str($flag) + // argstr = sprintf("%s, %s, %d, %d, %s", + // dirfd_str, user_string_quoted($filename), owner, group, flags_str) + asmlinkage() + dirfd = int_arg(1) + dirfd_str = _dfd_str(dirfd) + pathname = user_string(pointer_arg(2)) + owner = __int32(uint_arg(3)) + group = __int32(uint_arg(4)) + flags = int_arg(5) + flags_str = _at_flag_str(flags) + argstr = sprintf("%s, %s, %d, %d, %s", + dirfd_str, user_string_quoted(pointer_arg(2)), owner, group, flags_str) +} +probe nd_syscall.fchownat.return = kprobe.function("sys_fchownat").return ? +{ + name = "fchownat" + retstr = returnstr(1) +} + # fcntl ______________________________________________________ # long sys_fcntl(int fd, unsigned int cmd, unsigned long arg) # long sys_fcntl64(unsigned int fd, unsigned int cmd, unsigned long arg) @@ -2682,6 +2766,45 @@ probe nd_syscall.link.return = kprobe.function("sys_link").return retstr = returnstr(1) } +# linkat _____________________________________________________ +# new function with 2.6.16 +# long sys_linkat(int olddfd, const char __user *oldname, +# int newdfd, const char __user *newname, int flags) +probe nd_syscall.linkat = kprobe.function("sys_linkat") ? +{ + name = "linkat" + // olddirfd = $olddfd + // olddirfd_str = _dfd_str($olddfd) + // oldpath = user_string($oldname) + // newdirfd = $newdfd + // newdirfd_str = _dfd_str($newdfd) + // newpath = user_string($newname) + // flags = $flags + // flags_str = _at_flag_str($flags) + // argstr = sprintf("%s, %s, %s, %s, %s", + // olddirfd_str, user_string_quoted($oldname), + // newdirfd_str, user_string_quoted($newname), + // flags_str) + asmlinkage() + olddirfd = int_arg(1) + olddirfd_str = _dfd_str(olddirfd) + oldpath = user_string(pointer_arg(2)) + newdirfd = int_arg(3) + newdirfd_str = _dfd_str(newdirfd) + newpath = user_string(pointer_arg(4)) + flags = int_arg(5) + flags_str = _at_flag_str(flags) + argstr = sprintf("%s, %s, %s, %s, %s", + olddirfd_str, user_string_quoted(pointer_arg(2)), + newdirfd_str, user_string_quoted(pointer_arg(4)), + flags_str) +} +probe nd_syscall.linkat.return = kprobe.function("sys_linkat").return ? +{ + name = "linkat" + retstr = returnstr(1) +} + # listen _____________________________________________________ # long sys_listen(int fd, int backlog) probe nd_syscall.listen = kprobe.function("sys_listen") ? @@ -3127,6 +3250,37 @@ probe nd_syscall.mknod.return = kprobe.function("sys_mknod").return retstr = returnstr(1) } +# mknodat ____________________________________________________ +# new function with 2.6.16 +# long sys_mknodat(int dfd, const char __user *filename, +# int mode, unsigned dev) +probe nd_syscall.mknodat = kprobe.function("sys_mknodat") ? +{ + name = "mknodat" + // dirfd = $dfd + // dirfd_str = _dfd_str($dfd) + // pathname = user_string($filename) + // mode = $mode + // mode_str = _mknod_mode_str($mode) + // dev = $dev + // argstr = sprintf("%s, %s, %s, %p", + // dirfd_str, user_string_quoted($filename), mode_str, $dev) + asmlinkage() + dirfd = int_arg(1) + dirfd_str = _dfd_str(dirfd) + pathname = user_string(pointer_arg(2)) + mode = int_arg(3) + mode_str = _mknod_mode_str(mode) + dev = uint_arg(4) + argstr = sprintf("%s, %s, %s, %p", + dirfd_str, user_string_quoted(pointer_arg(2)), mode_str, dev) +} +probe nd_syscall.mknodat.return = kprobe.function("sys_mknodat").return ? +{ + name = "mknodat" + retstr = returnstr(1) +} + # mlock ______________________________________________________ # # long sys_mlock(unsigned long start, size_t len) -- cgit From efd032a83a3e5254988a49ed52cdab85c19ce762 Mon Sep 17 00:00:00 2001 From: Przemyslaw Pawelczyk Date: Fri, 22 May 2009 20:05:43 +0200 Subject: Uncomment 'name' variable in nd_syscall.lseek probe point. Signed-off-by: Josh Stone --- tapset/nd_syscalls.stp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tapset') diff --git a/tapset/nd_syscalls.stp b/tapset/nd_syscalls.stp index fef79a0c..97374d9f 100644 --- a/tapset/nd_syscalls.stp +++ b/tapset/nd_syscalls.stp @@ -2973,7 +2973,7 @@ probe nd_syscall.lremovexattr.return = kprobe.function("sys_lremovexattr").retur # off_t sys_lseek(unsigned int fd, off_t offset, unsigned int origin) probe nd_syscall.lseek = kprobe.function("sys_lseek") { - // name = "lseek" + name = "lseek" // fildes = $fd // # offset = __int32($offset) // offset = $offset -- cgit From 29d0edebd429185b88ff9c476eb4fba4396b5f63 Mon Sep 17 00:00:00 2001 From: Josh Stone Date: Fri, 22 May 2009 14:57:33 -0700 Subject: Use embedded-C for empty functions The functions asmlinkage() and fastcall() are used to help access syscall parameters on i686. All other archs don't need this, but they still define empty functions to shield the callers from arch details. However, stap issues warnings for empty script-level functions. This patch changes them to "%{ /* pure */ %}" so there's no complaint, and they will still get optimized away. --- tapset/ppc64/registers.stp | 6 ++---- tapset/s390x/registers.stp | 6 ++---- tapset/x86_64/registers.stp | 6 ++---- 3 files changed, 6 insertions(+), 12 deletions(-) (limited to 'tapset') diff --git a/tapset/ppc64/registers.stp b/tapset/ppc64/registers.stp index e5decd81..c8713e5a 100644 --- a/tapset/ppc64/registers.stp +++ b/tapset/ppc64/registers.stp @@ -210,11 +210,9 @@ function u64_arg:long (argnum:long) { return ulonglong_arg(argnum) } -function asmlinkage() { -} +function asmlinkage() %{ /* pure */ %} -function fastcall() { -} +function fastcall() %{ /* pure */ %} function regparm() %{ snprintf(CONTEXT->error_buffer, sizeof(CONTEXT->error_buffer), diff --git a/tapset/s390x/registers.stp b/tapset/s390x/registers.stp index 37218d14..79482b73 100644 --- a/tapset/s390x/registers.stp +++ b/tapset/s390x/registers.stp @@ -210,11 +210,9 @@ function u64_arg:long (argnum:long) { return ulonglong_arg(argnum) } -function asmlinkage() { -} +function asmlinkage() %{ /* pure */ %} -function fastcall() { -} +function fastcall() %{ /* pure */ %} function regparm() %{ snprintf(CONTEXT->error_buffer, sizeof(CONTEXT->error_buffer), diff --git a/tapset/x86_64/registers.stp b/tapset/x86_64/registers.stp index 2e21f3eb..48ba3119 100644 --- a/tapset/x86_64/registers.stp +++ b/tapset/x86_64/registers.stp @@ -235,11 +235,9 @@ function u64_arg:long (argnum:long) { return ulonglong_arg(argnum) } -function asmlinkage() { -} +function asmlinkage() %{ /* pure */ %} -function fastcall() { -} +function fastcall() %{ /* pure */ %} function regparm(n:long) %{ if (_stp_probing_32bit_app(CONTEXT->regs) && -- cgit From dec6cf8fd4da55ac0fd4c711b3eebc48ee9eda75 Mon Sep 17 00:00:00 2001 From: Josh Stone Date: Fri, 22 May 2009 15:27:56 -0700 Subject: Move the "pure" tag into the body of __is_user_regs The "/* pure */" tag has no effect unless it is within the embedded-C body of a function. In this instance, they were accidentally moved out during the syscall cleanups. --- tapset/nd_syscalls.stp | 3 ++- tapset/syscalls.stp | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'tapset') diff --git a/tapset/nd_syscalls.stp b/tapset/nd_syscalls.stp index 97374d9f..af145394 100644 --- a/tapset/nd_syscalls.stp +++ b/tapset/nd_syscalls.stp @@ -1210,8 +1210,9 @@ probe nd_syscall.flock.return = kprobe.function("sys_flock").return retstr = returnstr(1) } -function __is_user_regs:long (regs:long) /* pure */ +function __is_user_regs:long (regs:long) %{ + /* pure */ struct pt_regs * regs = (void *)((unsigned long)THIS->regs); /* copied from asm/ptrace.h */ #if defined(__i386__) diff --git a/tapset/syscalls.stp b/tapset/syscalls.stp index 3a34c91b..0886deeb 100644 --- a/tapset/syscalls.stp +++ b/tapset/syscalls.stp @@ -1060,8 +1060,9 @@ probe syscall.flock.return = kernel.function("SyS_flock").return !, retstr = returnstr(1) } -function __is_user_regs:long (regs:long) /* pure */ +function __is_user_regs:long (regs:long) %{ + /* pure */ struct pt_regs * regs = (void *)((unsigned long)THIS->regs); /* copied from asm/ptrace.h */ #if defined(__i386__) -- cgit From eee30f40ac28c7090a269611fb1baea5c050c612 Mon Sep 17 00:00:00 2001 From: Przemyslaw Pawelczyk Date: Sat, 23 May 2009 10:30:40 +0200 Subject: Fix nd_syscalls.stp for architectures using SYSCALL_WRAPPERS. Add kprobe.function("SyS_*") probe points to nd_syscall.* probe aliases. Analogue of commit 132c337c with two exceptions: - remove sufficiency of these new probe points (use '?' instead of '!'), because translator always considers them resolved, - make non-SyS probe points optional in probe aliases affected by syscall wrappers, because otherwise they will fail on such architectures. Signed-off-by: Josh Stone --- tapset/nd_syscalls.stp | 873 ++++++++++++++++++++++++++++++++----------------- 1 file changed, 568 insertions(+), 305 deletions(-) (limited to 'tapset') diff --git a/tapset/nd_syscalls.stp b/tapset/nd_syscalls.stp index af145394..221e680a 100644 --- a/tapset/nd_syscalls.stp +++ b/tapset/nd_syscalls.stp @@ -34,7 +34,8 @@ # accept _____________________________________________________ # long sys_accept(int fd, struct sockaddr __user *upeer_sockaddr, # int __user *upeer_addrlen) -probe nd_syscall.accept = kprobe.function("sys_accept") ? +probe nd_syscall.accept = kprobe.function("SyS_accept") ?, + kprobe.function("sys_accept") ? { name = "accept" // sockfd = $fd @@ -47,7 +48,8 @@ probe nd_syscall.accept = kprobe.function("sys_accept") ? addrlen_uaddr = pointer_arg(3) argstr = sprintf("%d, %p, %p", sockfd, addr_uaddr, addrlen_uaddr) } -probe nd_syscall.accept.return = kprobe.function("sys_accept").return ? +probe nd_syscall.accept.return = kprobe.function("SyS_accept").return ?, + kprobe.function("sys_accept").return ? { name = "accept" retstr = returnstr(1) @@ -55,7 +57,8 @@ probe nd_syscall.accept.return = kprobe.function("sys_accept").return ? # access _____________________________________________________ # long sys_access(const char __user * filename, int mode) -probe nd_syscall.access = kprobe.function("sys_access") +probe nd_syscall.access = kprobe.function("SyS_access") ?, + kprobe.function("sys_access") ? { name = "access" // pathname = user_string($filename) @@ -68,7 +71,8 @@ probe nd_syscall.access = kprobe.function("sys_access") mode_str = _access_mode_str(mode) argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), mode_str) } -probe nd_syscall.access.return = kprobe.function("sys_access").return +probe nd_syscall.access.return = kprobe.function("SyS_access").return ?, + kprobe.function("sys_access").return ? { name = "access" retstr = returnstr(1) @@ -98,7 +102,8 @@ probe nd_syscall.acct.return = kprobe.function("sys_acct").return ? # size_t plen, # key_serial_t ringid) # -probe nd_syscall.add_key = kprobe.function("sys_add_key") ? +probe nd_syscall.add_key = kprobe.function("SyS_add_key") ?, + kprobe.function("sys_add_key") ? { name = "add_key" // type_uaddr = $_type @@ -123,7 +128,8 @@ probe nd_syscall.add_key = kprobe.function("sys_add_key") ? text_strn(user_string(payload_uaddr), syscall_string_trunc, 1), plen, ringid) } -probe nd_syscall.add_key.return = kprobe.function("sys_add_key").return ? +probe nd_syscall.add_key.return = kprobe.function("SyS_add_key").return ?, + kprobe.function("sys_add_key").return ? { name = "add_key" retstr = returnstr(1) @@ -131,7 +137,8 @@ probe nd_syscall.add_key.return = kprobe.function("sys_add_key").return ? # adjtimex ___________________________________________________ # long sys_adjtimex(struct timex __user *txc_p) -probe nd_syscall.adjtimex = kprobe.function("sys_adjtimex") +probe nd_syscall.adjtimex = kprobe.function("SyS_adjtimex") ?, + kprobe.function("sys_adjtimex") ? { name = "adjtimex" @@ -152,7 +159,8 @@ probe nd_syscall.adjtimex = kprobe.function("sys_adjtimex") asmlinkage() argstr = sprintf("%p", pointer_arg(1)) } -probe nd_syscall.adjtimex.return = kprobe.function("sys_adjtimex").return +probe nd_syscall.adjtimex.return = kprobe.function("SyS_adjtimex").return ?, + kprobe.function("sys_adjtimex").return ? { name = "adjtimex" // retstr = _adjtimex_return_str($return) @@ -176,8 +184,9 @@ probe nd_syscall.compat_adjtimex.return = kprobe.function("compat_sys_adjtimex") # unsigned long sys_alarm (unsigned int seconds) # long sys32_alarm(unsigned int seconds) # -probe nd_syscall.alarm = kprobe.function("sys_alarm") ?, - kprobe.function("sys32_alarm") ? +probe nd_syscall.alarm = kprobe.function("sys32_alarm") ?, + kprobe.function("SyS_alarm") ?, + kprobe.function("sys_alarm") ? { name = "alarm" // seconds = $seconds @@ -186,8 +195,9 @@ probe nd_syscall.alarm = kprobe.function("sys_alarm") ?, seconds = uint_arg(1) argstr = sprint(seconds) } -probe nd_syscall.alarm.return = kprobe.function("sys_alarm").return ?, - kprobe.function("sys32_alarm").return ? +probe nd_syscall.alarm.return = kprobe.function("sys32_alarm").return ?, + kprobe.function("SyS_alarm").return ?, + kprobe.function("sys_alarm").return ? { name = "alarm" retstr = returnstr(1) @@ -195,7 +205,8 @@ probe nd_syscall.alarm.return = kprobe.function("sys_alarm").return ?, # bdflush ____________________________________________________ # long sys_bdflush(int func, long data) -probe nd_syscall.bdflush = kprobe.function("sys_bdflush") ? +probe nd_syscall.bdflush = kprobe.function("SyS_bdflush") ?, + kprobe.function("sys_bdflush") ? { name = "bdflush" // func = $func @@ -213,7 +224,8 @@ probe nd_syscall.bdflush = kprobe.function("sys_bdflush") ? data_str = sprintf("%d", data) argstr = sprintf("%d, %s", func, data_str) } -probe nd_syscall.bdflush.return = kprobe.function("sys_bdflush").return ? +probe nd_syscall.bdflush.return = kprobe.function("SyS_bdflush").return ?, + kprobe.function("sys_bdflush").return ? { name = "bdflush" retstr = returnstr(1) @@ -221,7 +233,8 @@ probe nd_syscall.bdflush.return = kprobe.function("sys_bdflush").return ? # bind _______________________________________________________ # long sys_bind(int fd, struct sockaddr __user *umyaddr, int addrlen) -probe nd_syscall.bind = kprobe.function("sys_bind") ? +probe nd_syscall.bind = kprobe.function("SyS_bind") ?, + kprobe.function("sys_bind") ? { name = "bind" // sockfd = $fd @@ -234,7 +247,8 @@ probe nd_syscall.bind = kprobe.function("sys_bind") ? addrlen = int_arg(3) argstr = sprintf("%d, %s, %d", sockfd, _struct_sockaddr_u(my_addr_uaddr, addrlen), addrlen) } -probe nd_syscall.bind.return = kprobe.function("sys_bind").return ? +probe nd_syscall.bind.return = kprobe.function("SyS_bind").return ?, + kprobe.function("sys_bind").return ? { name = "bind" retstr = returnstr(1) @@ -242,8 +256,9 @@ probe nd_syscall.bind.return = kprobe.function("sys_bind").return ? # brk ________________________________________________________ # unsigned long sys_brk(unsigned long brk) -probe nd_syscall.brk = kprobe.function("sys_brk"), - kprobe.function("ia64_brk") ? +probe nd_syscall.brk = kprobe.function("ia64_brk") ?, + kprobe.function("SyS_brk") ?, + kprobe.function("sys_brk") ? { name = "brk" // brk = $brk @@ -251,8 +266,9 @@ probe nd_syscall.brk = kprobe.function("sys_brk"), brk = ulong_arg(1) argstr = sprintf("%p", brk) } -probe nd_syscall.brk.return = kprobe.function("sys_brk").return, - kprobe.function("ia64_brk").return ? +probe nd_syscall.brk.return = kprobe.function("ia64_brk").return ?, + kprobe.function("SyS_brk").return ?, + kprobe.function("sys_brk").return ? { name = "brk" retstr = returnstr(1) @@ -271,7 +287,8 @@ probe nd_syscall.brk.return = kprobe.function("sys_brk").return, * functions to export. */ # long sys_capget(cap_user_header_t header, cap_user_data_t dataptr) -probe nd_syscall.capget = kprobe.function("sys_capget") +probe nd_syscall.capget = kprobe.function("SyS_capget") ?, + kprobe.function("sys_capget") ? { name = "capget" // header_uaddr = $header @@ -282,7 +299,8 @@ probe nd_syscall.capget = kprobe.function("sys_capget") data_uaddr = pointer_arg(2) argstr = sprintf("%p, %p", header_uaddr, data_uaddr) } -probe nd_syscall.capget.return = kprobe.function("sys_capget").return +probe nd_syscall.capget.return = kprobe.function("SyS_capget").return ?, + kprobe.function("sys_capget").return ? { name = "capget" retstr = returnstr(1) @@ -300,7 +318,8 @@ probe nd_syscall.capget.return = kprobe.function("sys_capget").return * functions to export. */ # long sys_capset(cap_user_header_t header, const cap_user_data_t data) -probe nd_syscall.capset = kprobe.function("sys_capset") +probe nd_syscall.capset = kprobe.function("SyS_capset") ?, + kprobe.function("sys_capset") ? { name = "capset" // header_uaddr = $header @@ -311,7 +330,8 @@ probe nd_syscall.capset = kprobe.function("sys_capset") data_uaddr = pointer_arg(2) argstr = sprintf("%p, %p", header_uaddr, data_uaddr) } -probe nd_syscall.capset.return = kprobe.function("sys_capset").return +probe nd_syscall.capset.return = kprobe.function("SyS_capset").return ?, + kprobe.function("sys_capset").return ? { name = "capset" retstr = returnstr(1) @@ -319,7 +339,8 @@ probe nd_syscall.capset.return = kprobe.function("sys_capset").return # chdir ______________________________________________________ # long sys_chdir(const char __user * filename) -probe nd_syscall.chdir = kprobe.function("sys_chdir") +probe nd_syscall.chdir = kprobe.function("SyS_chdir") ?, + kprobe.function("sys_chdir") ? { name = "chdir" // path = user_string($filename) @@ -328,7 +349,8 @@ probe nd_syscall.chdir = kprobe.function("sys_chdir") path = user_string(pointer_arg(1)) argstr = user_string_quoted(pointer_arg(1)) } -probe nd_syscall.chdir.return = kprobe.function("sys_chdir").return +probe nd_syscall.chdir.return = kprobe.function("SyS_chdir").return ?, + kprobe.function("sys_chdir").return ? { name = "chdir" retstr = returnstr(1) @@ -336,7 +358,8 @@ probe nd_syscall.chdir.return = kprobe.function("sys_chdir").return # chmod ______________________________________________________ # long sys_chmod(const char __user * filename, mode_t mode) -probe nd_syscall.chmod = kprobe.function("sys_chmod") +probe nd_syscall.chmod = kprobe.function("SyS_chmod") ?, + kprobe.function("sys_chmod") ? { name = "chmod" // path = user_string($filename) @@ -347,7 +370,8 @@ probe nd_syscall.chmod = kprobe.function("sys_chmod") mode = uint_arg(2) argstr = sprintf("%s, %#o", user_string_quoted(pointer_arg(1)), mode) } -probe nd_syscall.chmod.return = kprobe.function("sys_chmod").return +probe nd_syscall.chmod.return = kprobe.function("SyS_chmod").return ?, + kprobe.function("sys_chmod").return ? { name = "chmod" retstr = returnstr(1) @@ -355,7 +379,8 @@ probe nd_syscall.chmod.return = kprobe.function("sys_chmod").return # chown ______________________________________________________ # long sys_chown(const char __user * filename, uid_t user, gid_t group) -probe nd_syscall.chown = kprobe.function("sys_chown") +probe nd_syscall.chown = kprobe.function("SyS_chown") ?, + kprobe.function("sys_chown") ? { name = "chown" // path = user_string($filename) @@ -368,7 +393,8 @@ probe nd_syscall.chown = kprobe.function("sys_chown") group = __int32(uint_arg(3)) argstr = sprintf("%s, %d, %d", user_string_quoted(pointer_arg(1)), owner, group) } -probe nd_syscall.chown.return = kprobe.function("sys_chown").return +probe nd_syscall.chown.return = kprobe.function("SyS_chown").return ?, + kprobe.function("sys_chown").return ? { name = "chown" retstr = returnstr(1) @@ -398,7 +424,8 @@ probe nd_syscall.chown16.return = kprobe.function("sys_chown16").return ? # chroot _____________________________________________________ # long sys_chroot(const char __user * filename) -probe nd_syscall.chroot = kprobe.function("sys_chroot") +probe nd_syscall.chroot = kprobe.function("SyS_chroot") ?, + kprobe.function("sys_chroot") ? { name = "chroot" // path = user_string($filename) @@ -407,7 +434,8 @@ probe nd_syscall.chroot = kprobe.function("sys_chroot") path = user_string(pointer_arg(1)) argstr = user_string_quoted(pointer_arg(1)) } -probe nd_syscall.chroot.return = kprobe.function("sys_chroot").return +probe nd_syscall.chroot.return = kprobe.function("SyS_chroot").return ?, + kprobe.function("sys_chroot").return ? { name = "chroot" retstr = returnstr(1) @@ -417,8 +445,9 @@ probe nd_syscall.chroot.return = kprobe.function("sys_chroot").return # long sys_clock_getres(clockid_t which_clock, struct timespec __user *tp) # long compat_clock_getres(clockid_t which_clock, struct compat_timespec __user *tp) # -probe nd_syscall.clock_getres = kprobe.function("sys_clock_getres"), - kprobe.function("compat_clock_getres") ? +probe nd_syscall.clock_getres = kprobe.function("compat_clock_getres") ?, + kprobe.function("SyS_clock_getres") ?, + kprobe.function("sys_clock_getres") ? { name = "clock_getres" // clk_id = $which_clock @@ -431,8 +460,9 @@ probe nd_syscall.clock_getres = kprobe.function("sys_clock_getres"), res_uaddr = pointer_arg(2) argstr = sprintf("%s, %p", clk_id_str, res_uaddr) } -probe nd_syscall.clock_getres.return = kprobe.function("sys_clock_getres").return, - kprobe.function("compat_clock_getres").return ? +probe nd_syscall.clock_getres.return = kprobe.function("compat_clock_getres").return ?, + kprobe.function("SyS_clock_getres").return ?, + kprobe.function("sys_clock_getres").return ? { name = "clock_getres" retstr = returnstr(1) @@ -441,7 +471,8 @@ probe nd_syscall.clock_getres.return = kprobe.function("sys_clock_getres").retur # clock_gettime ______________________________________________ # long sys_clock_gettime(clockid_t which_clock, struct timespec __user *tp) # -probe nd_syscall.clock_gettime = kprobe.function("sys_clock_gettime") +probe nd_syscall.clock_gettime = kprobe.function("SyS_clock_gettime") ?, + kprobe.function("sys_clock_gettime") ? { name = "clock_gettime" // clk_id = $which_clock @@ -452,7 +483,8 @@ probe nd_syscall.clock_gettime = kprobe.function("sys_clock_gettime") clk_id_str = _get_wc_str(clk_id) argstr = sprintf("%s, %p", clk_id_str, pointer_arg(2)) } -probe nd_syscall.clock_gettime.return = kprobe.function("sys_clock_gettime").return +probe nd_syscall.clock_gettime.return = kprobe.function("SyS_clock_gettime").return ?, + kprobe.function("sys_clock_gettime").return ? { name = "clock_gettime" retstr = returnstr(1) @@ -464,7 +496,8 @@ probe nd_syscall.clock_gettime.return = kprobe.function("sys_clock_gettime").ret # const struct timespec __user *rqtp, # struct timespec __user *rmtp) # -probe nd_syscall.clock_nanosleep = kprobe.function("sys_clock_nanosleep") +probe nd_syscall.clock_nanosleep = kprobe.function("SyS_clock_nanosleep") ?, + kprobe.function("sys_clock_nanosleep") ? { name = "clock_nanosleep" // if ($flags == 1) @@ -482,7 +515,8 @@ probe nd_syscall.clock_nanosleep = kprobe.function("sys_clock_nanosleep") argstr = sprintf("%s, %s, %s, %p", _get_wc_str(int_arg(1)), flag_str, _struct_timespec_u(pointer_arg(3), 1), pointer_arg(4)) } -probe nd_syscall.clock_nanosleep.return = kprobe.function("sys_clock_nanosleep").return +probe nd_syscall.clock_nanosleep.return = kprobe.function("SyS_clock_nanosleep").return ?, + kprobe.function("sys_clock_nanosleep").return ? { name = "clock_nanosleep" retstr = returnstr(1) @@ -524,7 +558,8 @@ probe nd_syscall.compat_clock_nanosleep.return = kprobe.function("compat_clock_n # long sys_clock_settime(clockid_t which_clock, # const struct timespec __user *tp) # -probe nd_syscall.clock_settime = kprobe.function("sys_clock_settime") +probe nd_syscall.clock_settime = kprobe.function("SyS_clock_settime") ?, + kprobe.function("sys_clock_settime") ? { name = "clock_settime" // clk_id = $which_clock @@ -537,7 +572,8 @@ probe nd_syscall.clock_settime = kprobe.function("sys_clock_settime") tp_uaddr = pointer_arg(2) argstr = sprintf("%s, %s", clk_id_str, _struct_timespec_u(tp_uaddr, 1)) } -probe nd_syscall.clock_settime.return = kprobe.function("sys_clock_settime").return +probe nd_syscall.clock_settime.return = kprobe.function("SyS_clock_settime").return ?, + kprobe.function("sys_clock_settime").return ? { name = "clock_settime" retstr = returnstr(1) @@ -545,7 +581,8 @@ probe nd_syscall.clock_settime.return = kprobe.function("sys_clock_settime").ret # close ______________________________________________________ # long sys_close(unsigned int fd) -probe nd_syscall.close = kprobe.function("sys_close") +probe nd_syscall.close = kprobe.function("SyS_close") ?, + kprobe.function("sys_close") ? { name = "close" // fd = $fd @@ -553,14 +590,16 @@ probe nd_syscall.close = kprobe.function("sys_close") fd = int_arg(1) argstr = sprint(fd) } -probe nd_syscall.close.return = kprobe.function("sys_close").return +probe nd_syscall.close.return = kprobe.function("SyS_close").return ?, + kprobe.function("sys_close").return ? { name = "close" retstr = returnstr(1) } # connect ____________________________________________________ # long sys_connect(int fd, struct sockaddr __user *uservaddr, int addrlen) -probe nd_syscall.connect = kprobe.function("sys_connect") ? +probe nd_syscall.connect = kprobe.function("SyS_connect") ?, + kprobe.function("sys_connect") ? { name = "connect" // sockfd = $fd @@ -573,7 +612,8 @@ probe nd_syscall.connect = kprobe.function("sys_connect") ? addrlen = int_arg(3) argstr = sprintf("%d, %s, %d", sockfd, _struct_sockaddr_u(serv_addr_uaddr, addrlen), addrlen) } -probe nd_syscall.connect.return = kprobe.function("sys_connect").return ? +probe nd_syscall.connect.return = kprobe.function("SyS_connect").return ?, + kprobe.function("sys_connect").return ? { name = "connect" retstr = returnstr(1) @@ -581,7 +621,8 @@ probe nd_syscall.connect.return = kprobe.function("sys_connect").return ? # creat # long sys_creat(const char __user * pathname, int mode) -probe nd_syscall.creat = kprobe.function("sys_creat") ? +probe nd_syscall.creat = kprobe.function("SyS_creat") ?, + kprobe.function("sys_creat") ? { name = "creat" // mode = $mode @@ -592,7 +633,8 @@ probe nd_syscall.creat = kprobe.function("sys_creat") ? pathname = user_string(pointer_arg(1)) argstr = sprintf("%s, %#o", user_string_quoted(pointer_arg(1)), mode) } -probe nd_syscall.creat.return = kprobe.function("sys_creat").return ? +probe nd_syscall.creat.return = kprobe.function("SyS_creat").return ?, + kprobe.function("sys_creat").return ? { name = "creat" retstr = returnstr(1) @@ -600,7 +642,8 @@ probe nd_syscall.creat.return = kprobe.function("sys_creat").return ? # delete_module ______________________________________________ # long sys_delete_module(const char __user *name_user, unsigned int flags) -probe nd_syscall.delete_module = kprobe.function("sys_delete_module") ? +probe nd_syscall.delete_module = kprobe.function("SyS_delete_module") ?, + kprobe.function("sys_delete_module") ? { name = "delete_module" // name_user = user_string($name_user) @@ -611,7 +654,8 @@ probe nd_syscall.delete_module = kprobe.function("sys_delete_module") ? flags = uint_arg(2) argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), _module_flags_str(uint_arg(2))) } -probe nd_syscall.delete_module.return = kprobe.function("sys_delete_module").return ? +probe nd_syscall.delete_module.return = kprobe.function("SyS_delete_module").return ?, + kprobe.function("sys_delete_module").return ? { name = "delete_module" retstr = returnstr(1) @@ -619,7 +663,8 @@ probe nd_syscall.delete_module.return = kprobe.function("sys_delete_module").ret # dup ________________________________________________________ # long sys_dup(unsigned int fildes) -probe nd_syscall.dup = kprobe.function("sys_dup") +probe nd_syscall.dup = kprobe.function("SyS_dup") ?, + kprobe.function("sys_dup") ? { name = "dup" // oldfd = $fildes @@ -628,7 +673,8 @@ probe nd_syscall.dup = kprobe.function("sys_dup") old_fd = int_arg(1) argstr = sprint(old_fd) } -probe nd_syscall.dup.return = kprobe.function("sys_dup").return +probe nd_syscall.dup.return = kprobe.function("SyS_dup").return ?, + kprobe.function("sys_dup").return ? { name = "dup" retstr = returnstr(1) @@ -636,7 +682,8 @@ probe nd_syscall.dup.return = kprobe.function("sys_dup").return # dup2 _______________________________________________________ # long sys_dup2(unsigned int oldfd, unsigned int newfd) -probe nd_syscall.dup2 = kprobe.function("sys_dup2") +probe nd_syscall.dup2 = kprobe.function("SyS_dup2") ?, + kprobe.function("sys_dup2") ? { name = "dup2" // oldfd = $oldfd @@ -647,7 +694,8 @@ probe nd_syscall.dup2 = kprobe.function("sys_dup2") newfd = int_arg(2) argstr = sprintf("%d, %d", oldfd, newfd) } -probe nd_syscall.dup2.return = kprobe.function("sys_dup2").return +probe nd_syscall.dup2.return = kprobe.function("SyS_dup2").return ?, + kprobe.function("sys_dup2").return ? { name = "dup2" retstr = returnstr(1) @@ -655,7 +703,8 @@ probe nd_syscall.dup2.return = kprobe.function("sys_dup2").return # epoll_create _______________________________________________ # long sys_epoll_create(int size) -probe nd_syscall.epoll_create = kprobe.function("sys_epoll_create") ? +probe nd_syscall.epoll_create = kprobe.function("SyS_epoll_create") ?, + kprobe.function("sys_epoll_create") ? { name = "epoll_create" // size = $size @@ -664,7 +713,8 @@ probe nd_syscall.epoll_create = kprobe.function("sys_epoll_create") ? size = int_arg(1) argstr = sprint(size) } -probe nd_syscall.epoll_create.return = kprobe.function("sys_epoll_create").return ? +probe nd_syscall.epoll_create.return = kprobe.function("SyS_epoll_create").return ?, + kprobe.function("sys_epoll_create").return ? { name = "epoll_create" retstr = returnstr(1) @@ -676,8 +726,9 @@ probe nd_syscall.epoll_create.return = kprobe.function("sys_epoll_create").retur # long compat_sys_epoll_ctl(int epfd, int op, int fd, # struct compat_epoll_event __user *event) # -probe nd_syscall.epoll_ctl = kprobe.function("sys_epoll_ctl") ?, - kprobe.function("compat_sys_epoll_ctl") ? +probe nd_syscall.epoll_ctl = kprobe.function("compat_sys_epoll_ctl") ?, + kprobe.function("SyS_epoll_ctl") ?, + kprobe.function("sys_epoll_ctl") ? { name = "epoll_ctl" // epfd = $epfd @@ -694,8 +745,9 @@ probe nd_syscall.epoll_ctl = kprobe.function("sys_epoll_ctl") ?, event_uaddr = pointer_arg(4) argstr = sprintf("%d, %s, %d, %p", epfd, op_str, fd, event_uaddr) } -probe nd_syscall.epoll_ctl.return = kprobe.function("sys_epoll_ctl").return ?, - kprobe.function("compat_sys_epoll_ctl").return ? +probe nd_syscall.epoll_ctl.return = kprobe.function("compat_sys_epoll_ctl").return ?, + kprobe.function("SyS_epoll_ctl").return ?, + kprobe.function("sys_epoll_ctl").return ? { name = "epoll_ctl" retstr = returnstr(1) @@ -712,8 +764,9 @@ probe nd_syscall.epoll_ctl.return = kprobe.function("sys_epoll_ctl").return ?, # const compat_sigset_t __user *sigmask, # compat_size_t sigsetsize) # -probe nd_syscall.epoll_pwait = kprobe.function("sys_epoll_pwait") ?, - kprobe.function("compat_sys_epoll_pwait") ? +probe nd_syscall.epoll_pwait = kprobe.function("compat_sys_epoll_pwait") ?, + kprobe.function("SyS_epoll_pwait") ?, + kprobe.function("sys_epoll_pwait") ? { name = "epoll_pwait" asmlinkage() @@ -721,8 +774,9 @@ probe nd_syscall.epoll_pwait = kprobe.function("sys_epoll_pwait") ?, // $epfd, $events, $maxevents, $timeout, $sigmask, $sigsetsize) int_arg(1), pointer_arg(2), int_arg(3), int_arg(4), pointer_arg(5), ulong_arg(6)) } -probe nd_syscall.epoll_pwait.return = kprobe.function("sys_epoll_pwait").return ?, - kprobe.function("compat_sys_epoll_pwait").return ? +probe nd_syscall.epoll_pwait.return = kprobe.function("compat_sys_epoll_pwait").return ?, + kprobe.function("SyS_epoll_pwait").return ?, + kprobe.function("sys_epoll_pwait").return ? { name = "epoll_pwait" retstr = returnstr(1) @@ -736,8 +790,9 @@ probe nd_syscall.epoll_pwait.return = kprobe.function("sys_epoll_pwait").return # struct compat_epoll_event __user *events, # int maxevents, int timeout) # -probe nd_syscall.epoll_wait = kprobe.function("sys_epoll_wait") ?, - kprobe.function("compat_sys_epoll_wait") ? +probe nd_syscall.epoll_wait = kprobe.function("compat_sys_epoll_wait") ?, + kprobe.function("SyS_epoll_wait") ?, + kprobe.function("sys_epoll_wait") ? { name = "epoll_wait" // epfd = $epfd @@ -752,8 +807,9 @@ probe nd_syscall.epoll_wait = kprobe.function("sys_epoll_wait") ?, timeout = int_arg(4) argstr = sprintf("%d, %p, %d, %d", epfd, events_uaddr, maxevents, timeout) } -probe nd_syscall.epoll_wait.return = kprobe.function("sys_epoll_wait").return ?, - kprobe.function("compat_sys_epoll_wait").return ? +probe nd_syscall.epoll_wait.return = kprobe.function("compat_sys_epoll_wait").return ?, + kprobe.function("SyS_epoll_wait").return ?, + kprobe.function("sys_epoll_wait").return ? { name = "epoll_wait" retstr = returnstr(1) @@ -762,14 +818,16 @@ probe nd_syscall.epoll_wait.return = kprobe.function("sys_epoll_wait").return ?, # eventfd _____________________________________________________ # long sys_eventfd(unsigned int count) # -probe nd_syscall.eventfd = kprobe.function("sys_eventfd") ? +probe nd_syscall.eventfd = kprobe.function("SyS_eventfd") ?, + kprobe.function("sys_eventfd") ? { name = "eventfd" // argstr = sprint($count) asmlinkage() argstr = sprint(uint_arg(1)) } -probe nd_syscall.eventfd.return = kprobe.function("sys_eventfd").return ? +probe nd_syscall.eventfd.return = kprobe.function("SyS_eventfd").return ?, + kprobe.function("sys_eventfd").return ? { name = "eventfd" retstr = returnstr(1) @@ -838,7 +896,8 @@ probe nd_syscall.exit = kprobe.function("do_exit") # exit_group _________________________________________________ # void sys_exit_group(int error_code) # -probe nd_syscall.exit_group = kprobe.function("sys_exit_group") +probe nd_syscall.exit_group = kprobe.function("SyS_exit_group") ?, + kprobe.function("sys_exit_group") ? { name = "exit_group" // status = $error_code @@ -853,7 +912,8 @@ probe nd_syscall.exit_group = kprobe.function("sys_exit_group") # faccessat __________________________________________________ # new function with 2.6.16 # long sys_faccessat(int dfd, const char __user *filename, int mode) -probe nd_syscall.faccessat = kprobe.function("sys_faccessat") ? +probe nd_syscall.faccessat = kprobe.function("SyS_faccessat") ?, + kprobe.function("sys_faccessat") ? { name = "faccessat" // dirfd = $dfd @@ -870,7 +930,8 @@ probe nd_syscall.faccessat = kprobe.function("sys_faccessat") ? mode_str = _access_mode_str(mode) argstr = sprintf("%s, %s, %s", dirfd_str, user_string_quoted(pointer_arg(2)), mode_str) } -probe nd_syscall.faccessat.return = kprobe.function("sys_faccessat").return ? +probe nd_syscall.faccessat.return = kprobe.function("SyS_faccessat").return ?, + kprobe.function("sys_faccessat").return ? { name = "faccessat" retstr = returnstr(1) @@ -880,7 +941,8 @@ probe nd_syscall.faccessat.return = kprobe.function("sys_faccessat").return ? # fadvise64 __________________________________________________ # long sys_fadvise64(int fd, loff_t offset, size_t len, int advice) # -probe nd_syscall.fadvise64 = kprobe.function("sys_fadvise64") ? +probe nd_syscall.fadvise64 = kprobe.function("SyS_fadvise64") ?, + kprobe.function("sys_fadvise64") ? { name = "fadvise64" // fd = $fd @@ -895,7 +957,8 @@ probe nd_syscall.fadvise64 = kprobe.function("sys_fadvise64") ? advice = int_arg(4) argstr = sprintf("%d, %d, %d, %s", fd, offset, len, _fadvice_advice_str(advice)) } -probe nd_syscall.fadvise64.return = kprobe.function("sys_fadvise64").return ? +probe nd_syscall.fadvise64.return = kprobe.function("SyS_fadvise64").return ?, + kprobe.function("sys_fadvise64").return ? { name = "fadvise64" retstr = returnstr(1) @@ -904,7 +967,8 @@ probe nd_syscall.fadvise64.return = kprobe.function("sys_fadvise64").return ? # fadvise64_64 _______________________________________________ # long sys_fadvise64_64(int fd, loff_t offset, loff_t len, int advice) # -probe nd_syscall.fadvise64_64 = kprobe.function("sys_fadvise64_64") +probe nd_syscall.fadvise64_64 = kprobe.function("SyS_fadvise64_64") ?, + kprobe.function("sys_fadvise64_64") ? { name = "fadvise64_64" // fd = $fd @@ -919,7 +983,8 @@ probe nd_syscall.fadvise64_64 = kprobe.function("sys_fadvise64_64") advice = int_arg(4) argstr = sprintf("%d, %d, %d, %s", fd, offset, len, _fadvice_advice_str(advice)) } -probe nd_syscall.fadvise64_64.return = kprobe.function("sys_fadvise64_64").return +probe nd_syscall.fadvise64_64.return = kprobe.function("SyS_fadvise64_64").return ?, + kprobe.function("sys_fadvise64_64").return ? { name = "fadvise64_64" retstr = returnstr(1) @@ -930,7 +995,8 @@ probe nd_syscall.fadvise64_64.return = kprobe.function("sys_fadvise64_64").retur # fadvise64 __________________________________________________ # long sys_fadvise64(int fd, loff_t offset, size_t len, int advice) # -probe nd_syscall.fadvise64 = kprobe.function("sys_fadvise64") +probe nd_syscall.fadvise64 = kprobe.function("SyS_fadvise64") ?, + kprobe.function("sys_fadvise64") ? { name = "fadvise64" fd = 0 @@ -939,7 +1005,8 @@ probe nd_syscall.fadvise64 = kprobe.function("sys_fadvise64") advice = 0 argstr = "" } -probe nd_syscall.fadvise64.return = kprobe.function("sys_fadvise64").return +probe nd_syscall.fadvise64.return = kprobe.function("SyS_fadvise64").return ?, + kprobe.function("sys_fadvise64").return ? { name = "fadvise64" retstr = returnstr(1) @@ -948,7 +1015,8 @@ probe nd_syscall.fadvise64.return = kprobe.function("sys_fadvise64").return # fadvise64_64 _______________________________________________ # long sys_fadvise64_64(int fd, loff_t offset, loff_t len, int advice) # -probe nd_syscall.fadvise64_64 = kprobe.function("sys_fadvise64_64") +probe nd_syscall.fadvise64_64 = kprobe.function("SyS_fadvise64_64") ?, + kprobe.function("sys_fadvise64_64") ? { name = "fadvise64_64" fd = 0 @@ -957,7 +1025,8 @@ probe nd_syscall.fadvise64_64 = kprobe.function("sys_fadvise64_64") advice = 0 argstr = "" } -probe nd_syscall.fadvise64_64.return = kprobe.function("sys_fadvise64_64").return +probe nd_syscall.fadvise64_64.return = kprobe.function("SyS_fadvise64_64").return ?, + kprobe.function("sys_fadvise64_64").return ? { name = "fadvise64_64" retstr = returnstr(1) @@ -966,7 +1035,8 @@ probe nd_syscall.fadvise64_64.return = kprobe.function("sys_fadvise64_64").retur # fchdir _____________________________________________________ # long sys_fchdir(unsigned int fd) -probe nd_syscall.fchdir = kprobe.function("sys_fchdir") +probe nd_syscall.fchdir = kprobe.function("SyS_fchdir") ?, + kprobe.function("sys_fchdir") ? { name = "fchdir" // fd = $fd @@ -975,7 +1045,8 @@ probe nd_syscall.fchdir = kprobe.function("sys_fchdir") fd = int_arg(1) argstr = sprint(fd) } -probe nd_syscall.fchdir.return = kprobe.function("sys_fchdir").return +probe nd_syscall.fchdir.return = kprobe.function("SyS_fchdir").return ?, + kprobe.function("sys_fchdir").return ? { name = "fchdir" retstr = returnstr(1) @@ -983,7 +1054,8 @@ probe nd_syscall.fchdir.return = kprobe.function("sys_fchdir").return # fchmod _____________________________________________________ # long sys_fchmod(unsigned int fd, mode_t mode) -probe nd_syscall.fchmod = kprobe.function("sys_fchmod") +probe nd_syscall.fchmod = kprobe.function("SyS_fchmod") ?, + kprobe.function("sys_fchmod") ? { name = "fchmod" // fildes = $fd @@ -993,7 +1065,8 @@ probe nd_syscall.fchmod = kprobe.function("sys_fchmod") mode = uint_arg(2) # SAFE? argstr = sprintf("%d, %#o", fildes, mode) } -probe nd_syscall.fchmod.return = kprobe.function("sys_fchmod").return +probe nd_syscall.fchmod.return = kprobe.function("SyS_fchmod").return ?, + kprobe.function("sys_fchmod").return ? { name = "fchmod" retstr = returnstr(1) @@ -1003,7 +1076,8 @@ probe nd_syscall.fchmod.return = kprobe.function("sys_fchmod").return # new function with 2.6.16 # long sys_fchmodat(int dfd, const char __user *filename, # mode_t mode) -probe nd_syscall.fchmodat = kprobe.function("sys_fchmodat") ? +probe nd_syscall.fchmodat = kprobe.function("SyS_fchmodat") ?, + kprobe.function("sys_fchmodat") ? { name = "fchmodat" // dirfd = $dfd @@ -1018,7 +1092,8 @@ probe nd_syscall.fchmodat = kprobe.function("sys_fchmodat") ? mode = uint_arg(3) argstr = sprintf("%s, %s, %#o", dirfd_str, user_string_quoted(pointer_arg(2)), mode) } -probe nd_syscall.fchmodat.return = kprobe.function("sys_fchmodat").return ? +probe nd_syscall.fchmodat.return = kprobe.function("SyS_fchmodat").return ?, + kprobe.function("sys_fchmodat").return ? { name = "fchmodat" retstr = returnstr(1) @@ -1026,7 +1101,8 @@ probe nd_syscall.fchmodat.return = kprobe.function("sys_fchmodat").return ? # fchown _____________________________________________________ # long sys_fchown(unsigned int fd, uid_t user, gid_t group) -probe nd_syscall.fchown = kprobe.function("sys_fchown") +probe nd_syscall.fchown = kprobe.function("SyS_fchown") ?, + kprobe.function("sys_fchown") ? { name = "fchown" // fd = $fd @@ -1039,7 +1115,8 @@ probe nd_syscall.fchown = kprobe.function("sys_fchown") group = __int32(uint_arg(3)) argstr = sprintf("%d, %d, %d", fd, owner, group) } -probe nd_syscall.fchown.return = kprobe.function("sys_fchown").return +probe nd_syscall.fchown.return = kprobe.function("SyS_fchown").return ?, + kprobe.function("sys_fchown").return ? { name = "fchown" retstr = returnstr(1) @@ -1070,7 +1147,8 @@ probe nd_syscall.fchown16.return = kprobe.function("sys_fchown16").return ? # new function with 2.6.16 # long sys_fchownat(int dfd, const char __user *filename, # uid_t user, gid_t group, int flag) -probe nd_syscall.fchownat = kprobe.function("sys_fchownat") ? +probe nd_syscall.fchownat = kprobe.function("SyS_fchownat") ?, + kprobe.function("sys_fchownat") ? { name = "fchownat" // dirfd = $dfd @@ -1093,7 +1171,8 @@ probe nd_syscall.fchownat = kprobe.function("sys_fchownat") ? argstr = sprintf("%s, %s, %d, %d, %s", dirfd_str, user_string_quoted(pointer_arg(2)), owner, group, flags_str) } -probe nd_syscall.fchownat.return = kprobe.function("sys_fchownat").return ? +probe nd_syscall.fchownat.return = kprobe.function("SyS_fchownat").return ?, + kprobe.function("sys_fchownat").return ? { name = "fchownat" retstr = returnstr(1) @@ -1105,10 +1184,11 @@ probe nd_syscall.fchownat.return = kprobe.function("sys_fchownat").return ? # long compat_sys_fcntl64(unsigned int fd, unsigned int cmd, unsigned long arg) # long compat_sys_fcntl(unsigned int fd, unsigned int cmd, unsigned long arg) # -probe nd_syscall.fcntl = kprobe.function("sys_fcntl") ?, +probe nd_syscall.fcntl = kprobe.function("compat_sys_fcntl") ?, + kprobe.function("compat_sys_fcntl64") ?, kprobe.function("sys_fcntl64") ?, - kprobe.function("compat_sys_fcntl") ?, - kprobe.function("compat_sys_fcntl64") ? + kprobe.function("SyS_fcntl") ?, + kprobe.function("sys_fcntl") ? { name = "fcntl" // fd = $fd @@ -1123,10 +1203,11 @@ probe nd_syscall.fcntl = kprobe.function("sys_fcntl") ?, arg = long_arg(3) argstr = sprintf("%d, %s, %p", fd, cmd_str, arg) } -probe nd_syscall.fcntl.return = kprobe.function("sys_fcntl").return ?, +probe nd_syscall.fcntl.return = kprobe.function("compat_sys_fcntl").return ?, + kprobe.function("compat_sys_fcntl64").return ?, kprobe.function("sys_fcntl64").return ?, - kprobe.function("compat_sys_fcntl").return ?, - kprobe.function("compat_sys_fcntl64").return ? + kprobe.function("SyS_fcntl").return ?, + kprobe.function("sys_fcntl").return ? { name = "fcntl" retstr = returnstr(1) @@ -1134,7 +1215,8 @@ probe nd_syscall.fcntl.return = kprobe.function("sys_fcntl").return ?, # fdatasync __________________________________________________ # long sys_fdatasync(unsigned int fd) -probe nd_syscall.fdatasync = kprobe.function("sys_fdatasync") +probe nd_syscall.fdatasync = kprobe.function("SyS_fdatasync") ?, + kprobe.function("sys_fdatasync") ? { name = "fdatasync" // fd = $fd @@ -1142,7 +1224,8 @@ probe nd_syscall.fdatasync = kprobe.function("sys_fdatasync") fd = int_arg(1) argstr = sprint(fd) } -probe nd_syscall.fdatasync.return = kprobe.function("sys_fdatasync").return +probe nd_syscall.fdatasync.return = kprobe.function("SyS_fdatasync").return ?, + kprobe.function("sys_fdatasync").return ? { name = "fdatasync" retstr = returnstr(1) @@ -1151,7 +1234,8 @@ probe nd_syscall.fdatasync.return = kprobe.function("sys_fdatasync").return # fgetxattr __________________________________________________ # ssize_t sys_fgetxattr(int fd, char __user *name, # void __user *value, size_t size) -probe nd_syscall.fgetxattr = kprobe.function("sys_fgetxattr") +probe nd_syscall.fgetxattr = kprobe.function("SyS_fgetxattr") ?, + kprobe.function("sys_fgetxattr") ? { name = "fgetxattr" // filedes = $fd @@ -1167,14 +1251,16 @@ probe nd_syscall.fgetxattr = kprobe.function("sys_fgetxattr") size = ulong_arg(4) argstr = sprintf("%d, %s, %p, %d", filedes, user_string_quoted(pointer_arg(2)), value_uaddr, size) } -probe nd_syscall.fgetxattr.return = kprobe.function("sys_fgetxattr").return +probe nd_syscall.fgetxattr.return = kprobe.function("SyS_fgetxattr").return ?, + kprobe.function("sys_fgetxattr").return ? { name = "fgetxattr" retstr = returnstr(1) } # flistxattr _________________________________________________ # ssize_t sys_flistxattr(int fd, char __user *list, size_t size) -probe nd_syscall.flistxattr = kprobe.function("sys_flistxattr") +probe nd_syscall.flistxattr = kprobe.function("SyS_flistxattr") ?, + kprobe.function("sys_flistxattr") ? { name = "flistxattr" // filedes = $fd @@ -1186,7 +1272,8 @@ probe nd_syscall.flistxattr = kprobe.function("sys_flistxattr") size = ulong_arg(3) argstr = sprintf("%d, %p, %d", filedes, list_uaddr, size) } -probe nd_syscall.flistxattr.return = kprobe.function("sys_flistxattr").return +probe nd_syscall.flistxattr.return = kprobe.function("SyS_flistxattr").return ?, + kprobe.function("sys_flistxattr").return ? { name = "flistxattr" retstr = returnstr(1) @@ -1194,7 +1281,8 @@ probe nd_syscall.flistxattr.return = kprobe.function("sys_flistxattr").return # flock ______________________________________________________ # long sys_flock(unsigned int fd, unsigned int cmd) -probe nd_syscall.flock = kprobe.function("sys_flock") +probe nd_syscall.flock = kprobe.function("SyS_flock") ?, + kprobe.function("sys_flock") ? { name = "flock" // fd = $fd @@ -1204,7 +1292,8 @@ probe nd_syscall.flock = kprobe.function("sys_flock") operation = int_arg(2) argstr = sprintf("%d, %s", fd, _flock_cmd_str(operation)) } -probe nd_syscall.flock.return = kprobe.function("sys_flock").return +probe nd_syscall.flock.return = kprobe.function("SyS_flock").return ?, + kprobe.function("sys_flock").return ? { name = "flock" retstr = returnstr(1) @@ -1285,7 +1374,8 @@ probe nd_syscall.fork.return = kprobe.function("do_fork").return } # fremovexattr _______________________________________________ # long sys_fremovexattr(int fd, char __user *name) -probe nd_syscall.fremovexattr = kprobe.function("sys_fremovexattr") +probe nd_syscall.fremovexattr = kprobe.function("SyS_fremovexattr") ?, + kprobe.function("sys_fremovexattr") ? { name = "fremovexattr" // filedes = $fd @@ -1297,7 +1387,8 @@ probe nd_syscall.fremovexattr = kprobe.function("sys_fremovexattr") name2 = user_string(pointer_arg(2)) argstr = sprintf("%d, %s", filedes, user_string_quoted(pointer_arg(2))) } -probe nd_syscall.fremovexattr.return = kprobe.function("sys_fremovexattr").return +probe nd_syscall.fremovexattr.return = kprobe.function("SyS_fremovexattr").return ?, + kprobe.function("sys_fremovexattr").return ? { name = "fremovexattr" retstr = returnstr(1) @@ -1312,7 +1403,8 @@ probe nd_syscall.fremovexattr.return = kprobe.function("sys_fremovexattr").retur * size_t size, * int flags) */ -probe nd_syscall.fsetxattr = kprobe.function("sys_fsetxattr") +probe nd_syscall.fsetxattr = kprobe.function("SyS_fsetxattr") ?, + kprobe.function("sys_fsetxattr") ? { name = "fsetxattr" // filedes = $fd @@ -1330,7 +1422,8 @@ probe nd_syscall.fsetxattr = kprobe.function("sys_fsetxattr") flags = int_arg(5) argstr = sprintf("%d, %s, %p, %d, %p", filedes, user_string_quoted(pointer_arg(2)), value_uaddr, size, flags) } -probe nd_syscall.fsetxattr.return = kprobe.function("sys_fsetxattr").return +probe nd_syscall.fsetxattr.return = kprobe.function("SyS_fsetxattr").return ?, + kprobe.function("sys_fsetxattr").return ? { name = "fsetxattr" retstr = returnstr(1) @@ -1346,8 +1439,10 @@ probe nd_syscall.fsetxattr.return = kprobe.function("sys_fsetxattr").return # long compat_sys_newfstat(unsigned int fd, struct compat_stat __user * statbuf) # probe nd_syscall.fstat = kprobe.function("sys_fstat") ?, + kprobe.function("SyS_fstat64") ?, kprobe.function("sys_fstat64") ?, kprobe.function("sys32_fstat64") ?, + kprobe.function("SyS_newfstat") ?, kprobe.function("sys_newfstat") ?, kprobe.function("sys_oabi_fstat64") ?, kprobe.function("compat_sys_newfstat") ? @@ -1362,8 +1457,10 @@ probe nd_syscall.fstat = kprobe.function("sys_fstat") ?, argstr = sprintf("%d, %p", filedes, buf_uaddr) } probe nd_syscall.fstat.return = kprobe.function("sys_fstat").return ?, + kprobe.function("SyS_fstat64").return ?, kprobe.function("sys_fstat64").return ?, kprobe.function("sys32_fstat64").return ?, + kprobe.function("SyS_newfstat").return ?, kprobe.function("sys_newfstat").return ?, kprobe.function("sys_oabi_fstat64").return ?, kprobe.function("compat_sys_newfstat").return ? @@ -1377,7 +1474,9 @@ probe nd_syscall.fstat.return = kprobe.function("sys_fstat").return ?, # long sys_newfstatat(int dfd, char __user *filename, struct stat __user *statbuf, int flag) # long sys_fstatat64(int dfd, char __user *filename, struct stat64 __user *statbuf, int flag) # long compat_sys_newfstatat(unsigned int dfd, char __user *filename, struct compat_stat __user *statbuf, int flag) -probe nd_syscall.fstatat = kprobe.function("sys_fstatat64") ?, +probe nd_syscall.fstatat = kprobe.function("SyS_fstatat64") ?, + kprobe.function("sys_fstatat64") ?, + kprobe.function("SyS_newfstatat") ?, kprobe.function("sys_newfstatat") ?, kprobe.function("compat_sys_newfstatat") ?, kprobe.function("sys32_fstatat64") ? @@ -1393,7 +1492,9 @@ probe nd_syscall.fstatat = kprobe.function("sys_fstatat64") ?, buf_uaddr = pointer_arg(3) argstr = sprintf("%s, %s, %p, %s", _dfd_str(dirfd), user_string_quoted(pointer_arg(2)), buf_uaddr, _at_flag_str(int_arg(4))) } -probe nd_syscall.fstatat.return = kprobe.function("sys_fstatat64").return ?, +probe nd_syscall.fstatat.return = kprobe.function("SyS_fstatat64").return ?, + kprobe.function("sys_fstatat64").return ?, + kprobe.function("SyS_newfstatat").return ?, kprobe.function("sys_newfstatat").return ?, kprobe.function("compat_sys_newfstatat").return ?, kprobe.function("sys32_fstatat64").return ? @@ -1406,8 +1507,9 @@ probe nd_syscall.fstatat.return = kprobe.function("sys_fstatat64").return ?, # long sys_fstatfs(unsigned int fd, struct statfs __user * buf) # long compat_sys_fstatfs(unsigned int fd, struct compat_statfs __user *buf) # -probe nd_syscall.fstatfs = kprobe.function("sys_fstatfs"), - kprobe.function("compat_sys_fstatfs") ? +probe nd_syscall.fstatfs = kprobe.function("compat_sys_fstatfs") ?, + kprobe.function("SyS_fstatfs") ?, + kprobe.function("sys_fstatfs") ? { name = "fstatfs" // fd = $fd @@ -1418,8 +1520,9 @@ probe nd_syscall.fstatfs = kprobe.function("sys_fstatfs"), buf_uaddr = pointer_arg(2) argstr = sprintf("%d, %p", fd, buf_uaddr) } -probe nd_syscall.fstatfs.return = kprobe.function("sys_fstatfs").return, - kprobe.function("compat_sys_fstatfs").return ? +probe nd_syscall.fstatfs.return = kprobe.function("compat_sys_fstatfs").return ?, + kprobe.function("SyS_fstatfs").return ?, + kprobe.function("sys_fstatfs").return ? { name = "fstatfs" retstr = returnstr(1) @@ -1429,8 +1532,9 @@ probe nd_syscall.fstatfs.return = kprobe.function("sys_fstatfs").return, # long sys_fstatfs64(unsigned int fd, size_t sz, struct statfs64 __user *buf) # long compat_sys_fstatfs64(unsigned int fd, compat_size_t sz, struct compat_statfs64 __user *buf) # -probe nd_syscall.fstatfs64 = kprobe.function("sys_fstatfs64") ?, - kprobe.function("compat_sys_fstatfs64") ? +probe nd_syscall.fstatfs64 = kprobe.function("compat_sys_fstatfs64") ?, + kprobe.function("SyS_fstatfs64") ?, + kprobe.function("sys_fstatfs64") ? { name = "fstatfs" // fd = $fd @@ -1443,8 +1547,9 @@ probe nd_syscall.fstatfs64 = kprobe.function("sys_fstatfs64") ?, buf_uaddr = pointer_arg(3) argstr = sprintf("%d, %d, %p", fd, sz, buf_uaddr) } -probe nd_syscall.fstatfs64.return = kprobe.function("sys_fstatfs64").return ?, - kprobe.function("compat_sys_fstatfs64").return ? +probe nd_syscall.fstatfs64.return = kprobe.function("compat_sys_fstatfs64").return ?, + kprobe.function("SyS_fstatfs64").return ?, + kprobe.function("sys_fstatfs64").return ? { name = "fstatfs" retstr = returnstr(1) @@ -1452,7 +1557,8 @@ probe nd_syscall.fstatfs64.return = kprobe.function("sys_fstatfs64").return ?, # fsync ______________________________________________________ # long sys_fsync(unsigned int fd) -probe nd_syscall.fsync = kprobe.function("sys_fsync") +probe nd_syscall.fsync = kprobe.function("SyS_fsync") ?, + kprobe.function("sys_fsync") ? { name = "fsync" // fd = $fd @@ -1460,14 +1566,16 @@ probe nd_syscall.fsync = kprobe.function("sys_fsync") fd = int_arg(1) argstr = sprint(fd) } -probe nd_syscall.fsync.return = kprobe.function("sys_fsync").return +probe nd_syscall.fsync.return = kprobe.function("SyS_fsync").return ?, + kprobe.function("sys_fsync").return ? { name = "fsync" retstr = returnstr(1) } # ftruncate __________________________________________________ # long sys_ftruncate(unsigned int fd, unsigned long length) -probe nd_syscall.ftruncate = kprobe.function("sys_ftruncate") +probe nd_syscall.ftruncate = kprobe.function("SyS_ftruncate") ?, + kprobe.function("sys_ftruncate") ? { name = "ftruncate" // fd = $fd @@ -1477,7 +1585,8 @@ probe nd_syscall.ftruncate = kprobe.function("sys_ftruncate") length = ulong_arg(2) argstr = sprintf("%d, %d", fd, length) } -probe nd_syscall.ftruncate.return = kprobe.function("sys_ftruncate").return +probe nd_syscall.ftruncate.return = kprobe.function("SyS_ftruncate").return ?, + kprobe.function("sys_ftruncate").return ? { name = "ftruncate" retstr = returnstr(1) @@ -1512,7 +1621,8 @@ probe nd_syscall.ftruncate64.return = kprobe.function("sys_ftruncate64").return # struct compat_timespec __user *utime, u32 __user *uaddr2, # u32 val3) # -probe nd_syscall.futex = kprobe.function("sys_futex") ? +probe nd_syscall.futex = kprobe.function("SyS_futex") ?, + kprobe.function("sys_futex") ? { name = "futex" // futex_uaddr = $uaddr @@ -1542,7 +1652,8 @@ probe nd_syscall.futex = kprobe.function("sys_futex") ? argstr = sprintf("%p, %s, %d", futex_uaddr, _futex_op_str(op), val) } -probe nd_syscall.futex.return = kprobe.function("sys_futex").return ? +probe nd_syscall.futex.return = kprobe.function("SyS_futex").return ?, + kprobe.function("sys_futex").return ? { name = "futex" retstr = returnstr(1) @@ -1589,7 +1700,8 @@ probe nd_syscall.compat_futex.return = kprobe.function("compat_sys_futex").retur # long compat_sys_futimesat(unsigned int dfd, char __user *filename, struct compat_timeval __user *t) # -probe nd_syscall.futimesat = kprobe.function("sys_futimesat") ? +probe nd_syscall.futimesat = kprobe.function("SyS_futimesat") ?, + kprobe.function("sys_futimesat") ? { name = "futimesat" // dirfd = $dfd @@ -1623,7 +1735,8 @@ probe nd_syscall.compat_futimesat = kprobe.function("compat_sys_futimesat") ? argstr = sprintf("%s, %s, %s", _dfd_str(uint_arg(1)), user_string_quoted(pointer_arg(2)), _struct_compat_timeval_u(pointer_arg(3), 2)) } -probe nd_syscall.futimesat.return = kprobe.function("sys_futimesat").return ? +probe nd_syscall.futimesat.return = kprobe.function("SyS_futimesat").return ?, + kprobe.function("sys_futimesat").return ? { name = "futimesat" retstr = returnstr(1) @@ -1636,7 +1749,8 @@ probe nd_syscall.compat_futimesat.return = kprobe.function("compat_sys_futimesat # getcwd _____________________________________________________ # long sys_getcwd(char __user *buf, unsigned long size) -probe nd_syscall.getcwd = kprobe.function("sys_getcwd") +probe nd_syscall.getcwd = kprobe.function("SyS_getcwd") ?, + kprobe.function("sys_getcwd") ? { name = "getcwd" // buf_uaddr = $buf @@ -1646,7 +1760,8 @@ probe nd_syscall.getcwd = kprobe.function("sys_getcwd") size = ulong_arg(2) argstr = sprintf("%p, %d", buf_uaddr, size) } -probe nd_syscall.getcwd.return = kprobe.function("sys_getcwd").return +probe nd_syscall.getcwd.return = kprobe.function("SyS_getcwd").return ?, + kprobe.function("sys_getcwd").return ? { name = "getcwd" retstr = returnstr(1) @@ -1658,7 +1773,9 @@ probe nd_syscall.getcwd.return = kprobe.function("sys_getcwd").return # long sys_getdents64(unsigned int fd, struct linux_dirent64 __user * dirent, unsigned int count) # long compat_sys_getdents64(unsigned int fd, struct linux_dirent64 __user * dirent, unsigned int count) # -probe nd_syscall.getdents = kprobe.function("sys_getdents") ?, +probe nd_syscall.getdents = kprobe.function("SyS_getdents") ?, + kprobe.function("sys_getdents") ?, + kprobe.function("SyS_getdents64") ?, kprobe.function("sys_getdents64") ?, kprobe.function("compat_sys_getdents") ?, kprobe.function("compat_sys_getdents64") ? @@ -1674,7 +1791,9 @@ probe nd_syscall.getdents = kprobe.function("sys_getdents") ?, count = uint_arg(3) argstr = sprintf("%d, %p, %d", fd, dirp_uaddr, count) } -probe nd_syscall.getdents.return = kprobe.function("sys_getdents").return ?, +probe nd_syscall.getdents.return = kprobe.function("SyS_getdents").return ?, + kprobe.function("sys_getdents").return ?, + kprobe.function("SyS_getdents64").return ?, kprobe.function("sys_getdents64").return ?, kprobe.function("compat_sys_getdents").return ?, kprobe.function("compat_sys_getdents64").return ? @@ -1746,9 +1865,10 @@ probe nd_syscall.getgid.return = kprobe.function("sys_getgid16").return ?, # long sys_getgroups16(int gidsetsize, old_gid_t __user *grouplist) # long sys32_getgroups16(int gidsetsize, u16 __user *grouplist) # -probe nd_syscall.getgroups = kprobe.function("sys_getgroups") ?, - kprobe.function("sys_getgroups16") ?, - kprobe.function("sys32_getgroups16") ? +probe nd_syscall.getgroups = kprobe.function("sys_getgroups16") ?, + kprobe.function("sys32_getgroups16") ?, + kprobe.function("SyS_getgroups") ?, + kprobe.function("sys_getgroups") ? { name = "getgroups" // size = $gidsetsize @@ -1759,9 +1879,10 @@ probe nd_syscall.getgroups = kprobe.function("sys_getgroups") ?, list_uaddr = pointer_arg(2) argstr = sprintf("%d, %p", size, list_uaddr) } -probe nd_syscall.getgroups.return = kprobe.function("sys_getgroups").return ?, - kprobe.function("sys_getgroups16").return ?, - kprobe.function("sys32_getgroups16").return ? +probe nd_syscall.getgroups.return = kprobe.function("sys_getgroups16").return ?, + kprobe.function("sys32_getgroups16").return ?, + kprobe.function("SyS_getgroups").return ?, + kprobe.function("sys_getgroups").return ? { name = "getgroups" retstr = returnstr(1) @@ -1769,7 +1890,8 @@ probe nd_syscall.getgroups.return = kprobe.function("sys_getgroups").return ?, # gethostname ________________________________________________ # long sys_gethostname(char __user *name, int len) -probe nd_syscall.gethostname = kprobe.function("sys_gethostname") ? +probe nd_syscall.gethostname = kprobe.function("SyS_gethostname") ?, + kprobe.function("sys_gethostname") ? { name = "gethostname" // name_uaddr = $name @@ -1779,7 +1901,8 @@ probe nd_syscall.gethostname = kprobe.function("sys_gethostname") ? len = int_arg(2) argstr = sprintf ("%p, %d", name_uaddr, len) } -probe nd_syscall.gethostname.return = kprobe.function("sys_gethostname").return ? +probe nd_syscall.gethostname.return = kprobe.function("SyS_gethostname").return ?, + kprobe.function("sys_gethostname").return ? { name = "gethostname" retstr = returnstr(1) @@ -1788,7 +1911,8 @@ probe nd_syscall.gethostname.return = kprobe.function("sys_gethostname").return # getitimer __________________________________________________ # sys_getitimer(int which, struct itimerval __user *value) # -probe nd_syscall.getitimer = kprobe.function("sys_getitimer") +probe nd_syscall.getitimer = kprobe.function("SyS_getitimer") ?, + kprobe.function("sys_getitimer") ? { name = "getitimer" // which = $which @@ -1799,7 +1923,8 @@ probe nd_syscall.getitimer = kprobe.function("sys_getitimer") value_uaddr = pointer_arg(2) argstr = sprintf("%s, %p", _itimer_which_str(which), value_uaddr) } -probe nd_syscall.getitimer.return = kprobe.function("sys_getitimer").return +probe nd_syscall.getitimer.return = kprobe.function("SyS_getitimer").return ?, + kprobe.function("sys_getitimer").return ? { name = "getitimer" retstr = returnstr(1) @@ -1833,8 +1958,9 @@ probe nd_syscall.compat_getitimer.return = kprobe.function("compat_sys_getitimer # compat_ulong_t maxnode, # compat_ulong_t addr, compat_ulong_t flags) # -probe nd_syscall.get_mempolicy = kprobe.function("sys_get_mempolicy") ?, - kprobe.function("compat_sys_get_mempolicy") ? +probe nd_syscall.get_mempolicy = kprobe.function("compat_sys_get_mempolicy") ?, + kprobe.function("SyS_get_mempolicy") ?, + kprobe.function("sys_get_mempolicy") ? { name = "get_mempolicy" // policy_uaddr = $policy @@ -1853,8 +1979,9 @@ probe nd_syscall.get_mempolicy = kprobe.function("sys_get_mempolicy") ?, argstr = sprintf("%p, %p, %d, %p, 0x%x", policy_uaddr, nmask_uaddr, maxnode, addr, flags) } -probe nd_syscall.get_mempolicy.return = kprobe.function("sys_get_mempolicy").return ?, - kprobe.function("compat_sys_get_mempolicy").return ? +probe nd_syscall.get_mempolicy.return = kprobe.function("compat_sys_get_mempolicy").return ?, + kprobe.function("SyS_get_mempolicy").return ?, + kprobe.function("sys_get_mempolicy").return ? { name = "get_mempolicy" retstr = returnstr(1) @@ -1863,7 +1990,8 @@ probe nd_syscall.get_mempolicy.return = kprobe.function("sys_get_mempolicy").ret # getpeername ________________________________________________ # long sys_getpeername(int fd, struct sockaddr __user *usockaddr, int __user *usockaddr_len) # -probe nd_syscall.getpeername = kprobe.function("sys_getpeername") ? +probe nd_syscall.getpeername = kprobe.function("SyS_getpeername") ?, + kprobe.function("sys_getpeername") ? { name = "getpeername" // s = $fd @@ -1876,7 +2004,8 @@ probe nd_syscall.getpeername = kprobe.function("sys_getpeername") ? namelen_uaddr = pointer_arg(3) argstr = sprintf("%d, %p, %p", s, name_uaddr, namelen_uaddr) } -probe nd_syscall.getpeername.return = kprobe.function("sys_getpeername").return ? +probe nd_syscall.getpeername.return = kprobe.function("SyS_getpeername").return ?, + kprobe.function("sys_getpeername").return ? { name = "getpeername" retstr = returnstr(1) @@ -1884,7 +2013,8 @@ probe nd_syscall.getpeername.return = kprobe.function("sys_getpeername").return # getpgid ____________________________________________________ # long sys_getpgid(pid_t pid) -probe nd_syscall.getpgid = kprobe.function("sys_getpgid") +probe nd_syscall.getpgid = kprobe.function("SyS_getpgid") ?, + kprobe.function("sys_getpgid") ? { name = "getpgid" // pid = $pid @@ -1893,7 +2023,8 @@ probe nd_syscall.getpgid = kprobe.function("sys_getpgid") pid = int_arg(1) argstr = sprintf("%d", pid) } -probe nd_syscall.getpgid.return = kprobe.function("sys_getpgid").return +probe nd_syscall.getpgid.return = kprobe.function("SyS_getpgid").return ?, + kprobe.function("sys_getpgid").return ? { name = "getpgid" retstr = returnstr(1) @@ -1940,7 +2071,8 @@ probe nd_syscall.getppid.return = kprobe.function("sys_getppid").return # getpriority ________________________________________________ # long sys_getpriority(int which, int who) -probe nd_syscall.getpriority = kprobe.function("sys_getpriority") +probe nd_syscall.getpriority = kprobe.function("SyS_getpriority") ?, + kprobe.function("sys_getpriority") ? { name = "getpriority" // which = $which @@ -1950,7 +2082,8 @@ probe nd_syscall.getpriority = kprobe.function("sys_getpriority") who = int_arg(2) argstr = sprintf("%s, %d", _priority_which_str(which), who) } -probe nd_syscall.getpriority.return = kprobe.function("sys_getpriority").return +probe nd_syscall.getpriority.return = kprobe.function("SyS_getpriority").return ?, + kprobe.function("sys_getpriority").return ? { name = "getpriority" retstr = returnstr(1) @@ -1964,7 +2097,8 @@ probe nd_syscall.getpriority.return = kprobe.function("sys_getpriority").return # old_uid_t __user *egid, # old_uid_t __user *sgid) probe nd_syscall.getresgid = kprobe.function("sys_getresgid16") ?, - kprobe.function("sys_getresgid") + kprobe.function("SyS_getresgid") ?, + kprobe.function("sys_getresgid") ? { name = "getresgid" // rgid_uaddr = $rgid @@ -1978,7 +2112,8 @@ probe nd_syscall.getresgid = kprobe.function("sys_getresgid16") ?, argstr = sprintf("%p, %p, %p", rgid_uaddr, egid_uaddr, sgid_uaddr) } probe nd_syscall.getresgid.return = kprobe.function("sys_getresgid16").return ?, - kprobe.function("sys_getresgid").return + kprobe.function("SyS_getresgid").return ?, + kprobe.function("sys_getresgid").return ? { name = "getresgid" retstr = returnstr(1) @@ -1989,7 +2124,8 @@ probe nd_syscall.getresgid.return = kprobe.function("sys_getresgid16").return ?, # uid_t __user *euid, # uid_t __user *suid) probe nd_syscall.getresuid = kprobe.function("sys_getresuid16") ?, - kprobe.function("sys_getresuid") + kprobe.function("SyS_getresuid") ?, + kprobe.function("sys_getresuid") ? { name = "getresuid" // ruid_uaddr = $ruid @@ -2003,7 +2139,8 @@ probe nd_syscall.getresuid = kprobe.function("sys_getresuid16") ?, argstr = sprintf("%p, %p, %p", ruid_uaddr, euid_uaddr, suid_uaddr) } probe nd_syscall.getresuid.return = kprobe.function("sys_getresuid16").return ?, - kprobe.function("sys_getresuid").return + kprobe.function("SyS_getresuid").return ?, + kprobe.function("sys_getresuid").return ? { name = "getresuid" retstr = returnstr(1) @@ -2013,7 +2150,9 @@ probe nd_syscall.getresuid.return = kprobe.function("sys_getresuid16").return ?, # long sys_getrlimit(unsigned int resource, struct rlimit __user *rlim) # long sys_old_getrlimit(unsigned int resource, struct rlimit __user *rlim) # long compat_sys_getrlimit (unsigned int resource, struct compat_rlimit __user *rlim) -probe nd_syscall.getrlimit = kprobe.function("sys_getrlimit"), +probe nd_syscall.getrlimit = kprobe.function("SyS_getrlimit") ?, + kprobe.function("sys_getrlimit") ?, + kprobe.function("SyS_old_getrlimit") ?, kprobe.function("sys_old_getrlimit") ?, kprobe.function("compat_sys_getrlimit") ? { @@ -2026,7 +2165,9 @@ probe nd_syscall.getrlimit = kprobe.function("sys_getrlimit"), rlim_uaddr = pointer_arg(2) argstr = sprintf("%s, %p", _rlimit_resource_str(resource), rlim_uaddr) } -probe nd_syscall.getrlimit.return = kprobe.function("sys_getrlimit").return, +probe nd_syscall.getrlimit.return = kprobe.function("SyS_getrlimit").return ?, + kprobe.function("sys_getrlimit").return ?, + kprobe.function("SyS_old_getrlimit").return ?, kprobe.function("sys_old_getrlimit").return ?, kprobe.function("compat_sys_getrlimit").return ? { @@ -2036,7 +2177,8 @@ probe nd_syscall.getrlimit.return = kprobe.function("sys_getrlimit").return, # getrusage __________________________________________________ # long sys_getrusage(int who, struct rusage __user *ru) -probe nd_syscall.getrusage = kprobe.function("sys_getrusage") +probe nd_syscall.getrusage = kprobe.function("SyS_getrusage") ?, + kprobe.function("sys_getrusage") ? { name = "getrusage" // who = $who @@ -2056,7 +2198,8 @@ probe nd_syscall.getrusage = kprobe.function("sys_getrusage") usage_uaddr = pointer_arg(2) argstr = sprintf("%s, %p", who_str, usage_uaddr) } -probe nd_syscall.getrusage.return = kprobe.function("sys_getrusage").return +probe nd_syscall.getrusage.return = kprobe.function("SyS_getrusage").return ?, + kprobe.function("sys_getrusage").return ? { name = "getrusage" retstr = returnstr(1) @@ -2064,7 +2207,8 @@ probe nd_syscall.getrusage.return = kprobe.function("sys_getrusage").return # getsid _____________________________________________________ # long sys_getsid(pid_t pid) -probe nd_syscall.getsid = kprobe.function("sys_getsid") +probe nd_syscall.getsid = kprobe.function("SyS_getsid") ?, + kprobe.function("sys_getsid") ? { name = "getsid" // pid = $pid @@ -2072,7 +2216,8 @@ probe nd_syscall.getsid = kprobe.function("sys_getsid") pid = int_arg(1) argstr = sprint(pid) } -probe nd_syscall.getsid.return = kprobe.function("sys_getsid").return +probe nd_syscall.getsid.return = kprobe.function("SyS_getsid").return ?, + kprobe.function("sys_getsid").return ? { name = "getsid" retstr = returnstr(1) @@ -2082,7 +2227,8 @@ probe nd_syscall.getsid.return = kprobe.function("sys_getsid").return # long sys_getsockname(int fd, # struct sockaddr __user *usockaddr, # int __user *usockaddr_len) -probe nd_syscall.getsockname = kprobe.function("sys_getsockname") ? +probe nd_syscall.getsockname = kprobe.function("SyS_getsockname") ?, + kprobe.function("sys_getsockname") ? { name = "getsockname" // s = $fd @@ -2095,7 +2241,8 @@ probe nd_syscall.getsockname = kprobe.function("sys_getsockname") ? namelen_uaddr = pointer_arg(3) argstr = sprintf("%d, %p, %p", s, name_uaddr, namelen_uaddr) } -probe nd_syscall.getsockname.return = kprobe.function("sys_getsockname").return ? +probe nd_syscall.getsockname.return = kprobe.function("SyS_getsockname").return ?, + kprobe.function("sys_getsockname").return ? { name = "getsockname" retstr = returnstr(1) @@ -2108,8 +2255,9 @@ probe nd_syscall.getsockname.return = kprobe.function("sys_getsockname").return # char __user *optval, # int __user *optlen) # -probe nd_syscall.getsockopt = kprobe.function("sys_getsockopt") ?, - kprobe.function("compat_sys_getsockopt") ? +probe nd_syscall.getsockopt = kprobe.function("compat_sys_getsockopt") ?, + kprobe.function("SyS_getsockopt") ?, + kprobe.function("sys_getsockopt") ? { name = "getsockopt" // fd = $fd @@ -2132,8 +2280,9 @@ probe nd_syscall.getsockopt = kprobe.function("sys_getsockopt") ?, argstr = sprintf("%d, %s, %s, %p, %p", fd, _sockopt_level_str(level), _sockopt_optname_str(optname), optval_uaddr, optlen_uaddr) } -probe nd_syscall.getsockopt.return = kprobe.function("sys_getsockopt").return ?, - kprobe.function("compat_sys_getsockopt").return ? +probe nd_syscall.getsockopt.return = kprobe.function("compat_sys_getsockopt").return ?, + kprobe.function("SyS_getsockopt").return ?, + kprobe.function("sys_getsockopt").return ? { name = "getsockopt" retstr = returnstr(1) @@ -2159,9 +2308,10 @@ probe nd_syscall.gettid.return = kprobe.function("sys_gettid").return # struct timezone __user *tz) # long compat_sys_gettimeofday(struct compat_timeval __user *tv, # struct timezone __user *tz) -probe nd_syscall.gettimeofday = kprobe.function("sys_gettimeofday"), +probe nd_syscall.gettimeofday = kprobe.function("compat_sys_gettimeofday") ?, kprobe.function("sys32_gettimeofday") ?, - kprobe.function("compat_sys_gettimeofday") ? + kprobe.function("SyS_gettimeofday") ?, + kprobe.function("sys_gettimeofday") ? { name = "gettimeofday" // tv_uaddr = $tv @@ -2173,9 +2323,10 @@ probe nd_syscall.gettimeofday = kprobe.function("sys_gettimeofday"), argstr = sprintf("%p, %p", tv_uaddr, tz_uaddr) } -probe nd_syscall.gettimeofday.return = kprobe.function("sys_gettimeofday").return, +probe nd_syscall.gettimeofday.return = kprobe.function("compat_sys_gettimeofday").return ?, kprobe.function("sys32_gettimeofday").return ?, - kprobe.function("compat_sys_gettimeofday").return ? + kprobe.function("SyS_gettimeofday").return ?, + kprobe.function("sys_gettimeofday").return ? { name = "gettimeofday" retstr = returnstr(1) @@ -2204,7 +2355,8 @@ probe nd_syscall.getuid.return = kprobe.function("sys_getuid16").return ?, # getxattr ___________________________________________________ # ssize_t sys_getxattr(char __user *path, char __user *name, # void __user *value, size_t size) -probe nd_syscall.getxattr = kprobe.function("sys_getxattr") +probe nd_syscall.getxattr = kprobe.function("SyS_getxattr") ?, + kprobe.function("sys_getxattr") ? { name = "getxattr" // %( kernel_v >= "2.6.27" %? @@ -2234,7 +2386,8 @@ probe nd_syscall.getxattr = kprobe.function("sys_getxattr") user_string_quoted(pointer_arg(2)), value_uaddr, size) } -probe nd_syscall.getxattr.return = kprobe.function("sys_getxattr").return +probe nd_syscall.getxattr.return = kprobe.function("SyS_getxattr").return ?, + kprobe.function("sys_getxattr").return ? { name = "getxattr" retstr = returnstr(1) @@ -2245,7 +2398,8 @@ probe nd_syscall.getxattr.return = kprobe.function("sys_getxattr").return # unsigned long len, # const char __user *uargs) # -probe nd_syscall.init_module = kprobe.function("sys_init_module") ? +probe nd_syscall.init_module = kprobe.function("SyS_init_module") ?, + kprobe.function("sys_init_module") ? { name = "init_module" // umod_uaddr = $umod @@ -2258,7 +2412,8 @@ probe nd_syscall.init_module = kprobe.function("sys_init_module") ? uargs = user_string(pointer_arg(3)) argstr = sprintf("%p, %d, %s", umod_uaddr, len, user_string_quoted(pointer_arg(4))) } -probe nd_syscall.init_module.return = kprobe.function("sys_init_module").return ? +probe nd_syscall.init_module.return = kprobe.function("SyS_init_module").return ?, + kprobe.function("sys_init_module").return ? { name = "init_module" retstr = returnstr(1) @@ -2268,7 +2423,8 @@ probe nd_syscall.init_module.return = kprobe.function("sys_init_module").return # # long sys_inotify_add_watch(int fd, const char __user *path, u32 mask) # -probe nd_syscall.inotify_add_watch = kprobe.function("sys_inotify_add_watch") ? +probe nd_syscall.inotify_add_watch = kprobe.function("SyS_inotify_add_watch") ?, + kprobe.function("sys_inotify_add_watch") ? { name = "inotify_add_watch" // fd = $fd @@ -2289,7 +2445,8 @@ probe nd_syscall.inotify_add_watch = kprobe.function("sys_inotify_add_watch") ? mask = uint_arg(3) argstr = sprintf("%d, %s, %d", fd, user_string_quoted(path_uaddr), mask) } -probe nd_syscall.inotify_add_watch.return = kprobe.function("sys_inotify_add_watch").return ? +probe nd_syscall.inotify_add_watch.return = kprobe.function("SyS_inotify_add_watch").return ?, + kprobe.function("sys_inotify_add_watch").return ? { name = "inotify_add_watch" retstr = returnstr(1) @@ -2314,7 +2471,8 @@ probe nd_syscall.inotify_init.return = kprobe.function("sys_inotify_init").retur # # long sys_inotify_rm_watch(int fd, u32 wd) # -probe nd_syscall.inotify_rm_watch = kprobe.function("sys_inotify_rm_watch") ? +probe nd_syscall.inotify_rm_watch = kprobe.function("SyS_inotify_rm_watch") ?, + kprobe.function("sys_inotify_rm_watch") ? { name = "inotify_rm_watch" // fd = $fd @@ -2325,7 +2483,8 @@ probe nd_syscall.inotify_rm_watch = kprobe.function("sys_inotify_rm_watch") ? wd = uint_arg(2) argstr = sprintf("%d, %d", fd, wd) } -probe nd_syscall.inotify_rm_watch.return = kprobe.function("sys_inotify_rm_watch").return ? +probe nd_syscall.inotify_rm_watch.return = kprobe.function("SyS_inotify_rm_watch").return ?, + kprobe.function("sys_inotify_rm_watch").return ? { name = "inotify_rm_watch" retstr = returnstr(1) @@ -2335,7 +2494,8 @@ probe nd_syscall.inotify_rm_watch.return = kprobe.function("sys_inotify_rm_watch # long sys_io_cancel(aio_context_t ctx_id, # struct iocb __user *iocb, # struct io_event __user *result) -probe nd_syscall.io_cancel = kprobe.function("sys_io_cancel") +probe nd_syscall.io_cancel = kprobe.function("SyS_io_cancel") ?, + kprobe.function("sys_io_cancel") ? { name = "io_cancel" // ctx_id = $ctx_id @@ -2347,7 +2507,8 @@ probe nd_syscall.io_cancel = kprobe.function("sys_io_cancel") result_uaddr = pointer_arg(3) argstr = sprintf("%d, %p, %p", ctx_id, iocb_uaddr, result_uaddr) } -probe nd_syscall.io_cancel.return = kprobe.function("sys_io_cancel").return +probe nd_syscall.io_cancel.return = kprobe.function("SyS_io_cancel").return ?, + kprobe.function("sys_io_cancel").return ? { name = "io_cancel" retstr = returnstr(1) @@ -2357,8 +2518,9 @@ probe nd_syscall.io_cancel.return = kprobe.function("sys_io_cancel").return # long sys_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg) # long compat_sys_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg) # -probe nd_syscall.ioctl = kprobe.function("sys_ioctl") ?, - kprobe.function("compat_sys_ioctl") ? +probe nd_syscall.ioctl = kprobe.function("compat_sys_ioctl") ?, + kprobe.function("SyS_ioctl") ?, + kprobe.function("sys_ioctl") ? { name = "ioctl" // fd = $fd @@ -2371,8 +2533,9 @@ probe nd_syscall.ioctl = kprobe.function("sys_ioctl") ?, argp = ulong_arg(3) argstr = sprintf("%d, %d, %p", fd, request, argp) } -probe nd_syscall.ioctl.return = kprobe.function("sys_ioctl").return ?, - kprobe.function("compat_sys_ioctl").return ? +probe nd_syscall.ioctl.return = kprobe.function("compat_sys_ioctl").return ?, + kprobe.function("SyS_ioctl").return ?, + kprobe.function("sys_ioctl").return ? { name = "ioctl" retstr = returnstr(1) @@ -2380,7 +2543,8 @@ probe nd_syscall.ioctl.return = kprobe.function("sys_ioctl").return ?, # io_destroy _________________________________________________ # long sys_io_destroy(aio_context_t ctx) -probe nd_syscall.io_destroy = kprobe.function("sys_io_destroy") +probe nd_syscall.io_destroy = kprobe.function("SyS_io_destroy") ?, + kprobe.function("sys_io_destroy") ? { name = "io_destroy" // ctx = $ctx @@ -2388,7 +2552,8 @@ probe nd_syscall.io_destroy = kprobe.function("sys_io_destroy") ctx = ulong_arg(1) argstr = sprintf("%d", ctx) } -probe nd_syscall.io_destroy.return = kprobe.function("sys_io_destroy").return +probe nd_syscall.io_destroy.return = kprobe.function("SyS_io_destroy").return ?, + kprobe.function("sys_io_destroy").return ? { name = "io_destroy" retstr = returnstr(1) @@ -2406,8 +2571,9 @@ probe nd_syscall.io_destroy.return = kprobe.function("sys_io_destroy").return # struct io_event __user *events, # struct compat_timespec __user *timeout) # -probe nd_syscall.io_getevents = kprobe.function("sys_io_getevents") ?, - kprobe.function("compat_sys_io_getevents") ? +probe nd_syscall.io_getevents = kprobe.function("compat_sys_io_getevents") ?, + kprobe.function("SyS_io_getevents") ?, + kprobe.function("sys_io_getevents") ? { name = "io_getevents" // ctx_id = $ctx_id @@ -2428,8 +2594,9 @@ probe nd_syscall.io_getevents = kprobe.function("sys_io_getevents") ?, argstr = sprintf("%d, %d, %d, %p, %p, %s", ctx_id, min_nr, nr, events_uaddr, timeout_uaddr, timestr) } -probe nd_syscall.io_getevents.return = kprobe.function("sys_io_getevents").return ?, - kprobe.function("compat_sys_io_getevents").return ? +probe nd_syscall.io_getevents.return = kprobe.function("compat_sys_io_getevents").return ?, + kprobe.function("SyS_io_getevents").return ?, + kprobe.function("sys_io_getevents").return ? { name = "io_getevents" retstr = returnstr(1) @@ -2460,7 +2627,8 @@ probe nd_syscall.ioperm.return = kprobe.function("sys_ioperm").return ? # io_setup ___________________________________________________ # long sys_io_setup(unsigned nr_events, aio_context_t __user *ctxp) # -probe nd_syscall.io_setup = kprobe.function("sys_io_setup") +probe nd_syscall.io_setup = kprobe.function("SyS_io_setup") ?, + kprobe.function("sys_io_setup") ? { name = "io_setup" // maxevents = $nr_events @@ -2472,7 +2640,8 @@ probe nd_syscall.io_setup = kprobe.function("sys_io_setup") argstr = sprintf("%d, %p", maxevents, ctxp_uaddr) } -probe nd_syscall.io_setup.return = kprobe.function("sys_io_setup").return +probe nd_syscall.io_setup.return = kprobe.function("SyS_io_setup").return ?, + kprobe.function("sys_io_setup").return ? { name = "io_setup" retstr = returnstr(1) @@ -2500,7 +2669,8 @@ probe nd_syscall.compat_io_setup.return = kprobe.function("compat_sys_io_setup") # io_submit __________________________________________________ # long sys_io_submit(aio_context_t ctx_id, long nr, struct iocb __user * __user *iocbpp) # -probe nd_syscall.io_submit = kprobe.function("sys_io_submit") +probe nd_syscall.io_submit = kprobe.function("SyS_io_submit") ?, + kprobe.function("sys_io_submit") ? { name = "io_submit" // ctx_id = $ctx_id @@ -2513,7 +2683,8 @@ probe nd_syscall.io_submit = kprobe.function("sys_io_submit") iocbpp_uaddr = pointer_arg(3) argstr = sprintf("%d, %d, %p", ctx_id, nr, iocbpp_uaddr) } -probe nd_syscall.io_submit.return = kprobe.function("sys_io_submit").return +probe nd_syscall.io_submit.return = kprobe.function("SyS_io_submit").return ?, + kprobe.function("sys_io_submit").return ? { name = "io_submit" retstr = returnstr(1) @@ -2542,7 +2713,8 @@ probe nd_syscall.compat_io_submit.return = kprobe.function("compat_sys_io_submit # ioprio_get _________________________________________________ # long sys_ioprio_get(int which, int who) # -probe nd_syscall.ioprio_get = kprobe.function("sys_ioprio_get") ? +probe nd_syscall.ioprio_get = kprobe.function("SyS_ioprio_get") ?, + kprobe.function("sys_ioprio_get") ? { name = "ioprio_get" // which = $which @@ -2553,7 +2725,8 @@ probe nd_syscall.ioprio_get = kprobe.function("sys_ioprio_get") ? who = int_arg(2) argstr = sprintf("%d, %d", which, who) } -probe nd_syscall.ioprio_get.return = kprobe.function("sys_ioprio_get").return ? +probe nd_syscall.ioprio_get.return = kprobe.function("SyS_ioprio_get").return ?, + kprobe.function("sys_ioprio_get").return ? { name = "ioprio_get" retstr = returnstr(1) @@ -2562,7 +2735,8 @@ probe nd_syscall.ioprio_get.return = kprobe.function("sys_ioprio_get").return ? # ioprio_set _________________________________________________ # long sys_ioprio_set(int which, int who, int ioprio) # -probe nd_syscall.ioprio_set = kprobe.function("sys_ioprio_set") ? +probe nd_syscall.ioprio_set = kprobe.function("SyS_ioprio_set") ?, + kprobe.function("sys_ioprio_set") ? { name = "ioprio_set" // which = $which @@ -2575,7 +2749,8 @@ probe nd_syscall.ioprio_set = kprobe.function("sys_ioprio_set") ? ioprio = int_arg(3) argstr = sprintf("%d, %d, %d", which, who, ioprio) } -probe nd_syscall.ioprio_set.return = kprobe.function("sys_ioprio_set").return ? +probe nd_syscall.ioprio_set.return = kprobe.function("SyS_ioprio_set").return ?, + kprobe.function("sys_ioprio_set").return ? { name = "ioprio_set" retstr = returnstr(1) @@ -2591,8 +2766,9 @@ probe nd_syscall.ioprio_set.return = kprobe.function("sys_ioprio_set").return ? # struct compat_kexec_segment __user *segments, # unsigned long flags) # -probe nd_syscall.kexec_load = kprobe.function("sys_kexec_load") ?, - kprobe.function("compat_sys_kexec_load") ? +probe nd_syscall.kexec_load = kprobe.function("compat_sys_kexec_load") ?, + kprobe.function("SyS_kexec_load") ?, + kprobe.function("sys_kexec_load") ? { name = "kexec_load" // entry = $entry @@ -2607,8 +2783,9 @@ probe nd_syscall.kexec_load = kprobe.function("sys_kexec_load") ?, flags = ulong_arg(4) argstr = sprintf("%p, %d, %p, %d", entry, nr_segments, segments_uaddr, flags) } -probe nd_syscall.kexec_load.return = kprobe.function("sys_kexec_load").return ?, - kprobe.function("compat_sys_kexec_load").return ? +probe nd_syscall.kexec_load.return = kprobe.function("compat_sys_kexec_load").return ?, + kprobe.function("SyS_kexec_load").return ?, + kprobe.function("sys_kexec_load").return ? { name = "kexec_load" retstr = returnstr(1) @@ -2622,8 +2799,9 @@ probe nd_syscall.kexec_load.return = kprobe.function("sys_kexec_load").return ?, # unsigned long arg5) # long compat_sys_keyctl(u32 option, u32 arg2, u32 arg3, u32 arg4, u32 arg5) # -probe nd_syscall.keyctl = kprobe.function("sys_keyctl") ?, - kprobe.function("compat_sys_keyctl") ? +probe nd_syscall.keyctl = kprobe.function("compat_sys_keyctl") ?, + kprobe.function("SyS_keyctl") ?, + kprobe.function("sys_keyctl") ? { name = "keyctl" // argstr = sprintf("%d, ...", $option) @@ -2631,8 +2809,9 @@ probe nd_syscall.keyctl = kprobe.function("sys_keyctl") ?, argstr = sprintf("%d, ...", uint_arg(1)) } -probe nd_syscall.keyctl.return = kprobe.function("sys_keyctl").return ?, - kprobe.function("compat_sys_keyctl").return ? +probe nd_syscall.keyctl.return = kprobe.function("compat_sys_keyctl").return ?, + kprobe.function("SyS_keyctl").return ?, + kprobe.function("sys_keyctl").return ? { name = "keyctl" retstr = returnstr(1) @@ -2640,7 +2819,8 @@ probe nd_syscall.keyctl.return = kprobe.function("sys_keyctl").return ?, # kill _______________________________________________________ # long sys_kill(int pid, int sig) -probe nd_syscall.kill = kprobe.function("sys_kill") +probe nd_syscall.kill = kprobe.function("SyS_kill") ?, + kprobe.function("sys_kill") ? { name = "kill" // pid = $pid @@ -2651,7 +2831,8 @@ probe nd_syscall.kill = kprobe.function("sys_kill") sig = int_arg(2) argstr = sprintf("%d, %s", pid, _signal_name(sig)) } -probe nd_syscall.kill.return = kprobe.function("sys_kill").return +probe nd_syscall.kill.return = kprobe.function("SyS_kill").return ?, + kprobe.function("sys_kill").return ? { name = "kill" retstr = returnstr(1) @@ -2660,7 +2841,8 @@ probe nd_syscall.kill.return = kprobe.function("sys_kill").return # lchown _____________________________________________________ # long sys_lchown(const char __user * filename, uid_t user, gid_t group) # -probe nd_syscall.lchown = kprobe.function("sys_lchown") +probe nd_syscall.lchown = kprobe.function("SyS_lchown") ?, + kprobe.function("sys_lchown") ? { name = "lchown" // path = user_string($filename) @@ -2673,7 +2855,8 @@ probe nd_syscall.lchown = kprobe.function("sys_lchown") group = __int32(uint_arg(3)) argstr = sprintf("%s, %d, %d", user_string_quoted(pointer_arg(1)), owner, group) } -probe nd_syscall.lchown.return = kprobe.function("sys_lchown").return +probe nd_syscall.lchown.return = kprobe.function("SyS_lchown").return ?, + kprobe.function("sys_lchown").return ? { name = "lchown" retstr = returnstr(1) @@ -2707,7 +2890,8 @@ probe nd_syscall.lchown16.return = kprobe.function("sys_lchown16").return ? # void __user *value, # size_t size) # -probe nd_syscall.lgetxattr = kprobe.function("sys_lgetxattr") +probe nd_syscall.lgetxattr = kprobe.function("SyS_lgetxattr") ?, + kprobe.function("sys_lgetxattr") ? { name = "lgetxattr" // %( kernel_v >= "2.6.27" %? @@ -2738,7 +2922,8 @@ probe nd_syscall.lgetxattr = kprobe.function("sys_lgetxattr") user_string_quoted(pointer_arg(2)), value_uaddr, size) } -probe nd_syscall.lgetxattr.return = kprobe.function("sys_lgetxattr").return +probe nd_syscall.lgetxattr.return = kprobe.function("SyS_lgetxattr").return ?, + kprobe.function("sys_lgetxattr").return ? { name = "lgetxattr" retstr = returnstr(1) @@ -2746,7 +2931,8 @@ probe nd_syscall.lgetxattr.return = kprobe.function("sys_lgetxattr").return # link _______________________________________________________ # long sys_link(const char __user * oldname, # const char __user * newname) -probe nd_syscall.link = kprobe.function("sys_link") +probe nd_syscall.link = kprobe.function("SyS_link") ?, + kprobe.function("sys_link") ? { name = "link" // oldpath = user_string($oldname) @@ -2761,7 +2947,8 @@ probe nd_syscall.link = kprobe.function("sys_link") user_string_quoted(pointer_arg(1)), user_string_quoted(pointer_arg(2))) } -probe nd_syscall.link.return = kprobe.function("sys_link").return +probe nd_syscall.link.return = kprobe.function("SyS_link").return ?, + kprobe.function("sys_link").return ? { name = "link" retstr = returnstr(1) @@ -2771,7 +2958,8 @@ probe nd_syscall.link.return = kprobe.function("sys_link").return # new function with 2.6.16 # long sys_linkat(int olddfd, const char __user *oldname, # int newdfd, const char __user *newname, int flags) -probe nd_syscall.linkat = kprobe.function("sys_linkat") ? +probe nd_syscall.linkat = kprobe.function("SyS_linkat") ?, + kprobe.function("sys_linkat") ? { name = "linkat" // olddirfd = $olddfd @@ -2800,7 +2988,8 @@ probe nd_syscall.linkat = kprobe.function("sys_linkat") ? newdirfd_str, user_string_quoted(pointer_arg(4)), flags_str) } -probe nd_syscall.linkat.return = kprobe.function("sys_linkat").return ? +probe nd_syscall.linkat.return = kprobe.function("SyS_linkat").return ?, + kprobe.function("sys_linkat").return ? { name = "linkat" retstr = returnstr(1) @@ -2808,7 +2997,8 @@ probe nd_syscall.linkat.return = kprobe.function("sys_linkat").return ? # listen _____________________________________________________ # long sys_listen(int fd, int backlog) -probe nd_syscall.listen = kprobe.function("sys_listen") ? +probe nd_syscall.listen = kprobe.function("SyS_listen") ?, + kprobe.function("sys_listen") ? { name = "listen" // sockfd = $fd @@ -2819,7 +3009,8 @@ probe nd_syscall.listen = kprobe.function("sys_listen") ? backlog = int_arg(2) argstr = sprintf("%d, %d", sockfd, backlog) } -probe nd_syscall.listen.return = kprobe.function("sys_listen").return ? +probe nd_syscall.listen.return = kprobe.function("SyS_listen").return ?, + kprobe.function("sys_listen").return ? { name = "listen" retstr = returnstr(1) @@ -2828,7 +3019,8 @@ probe nd_syscall.listen.return = kprobe.function("sys_listen").return ? # listxattr __________________________________________________ # ssize_t sys_listxattr(char __user *path, char __user *list, size_t size) # -probe nd_syscall.listxattr = kprobe.function("sys_listxattr") +probe nd_syscall.listxattr = kprobe.function("SyS_listxattr") ?, + kprobe.function("sys_listxattr") ? { name = "listxattr" // list_uaddr = $list @@ -2849,7 +3041,8 @@ probe nd_syscall.listxattr = kprobe.function("sys_listxattr") size = ulong_arg(3) argstr = sprintf("%s, %p, %d", user_string_quoted(path_uaddr), list_uaddr, size) } -probe nd_syscall.listxattr.return = kprobe.function("sys_listxattr").return +probe nd_syscall.listxattr.return = kprobe.function("SyS_listxattr").return ?, + kprobe.function("sys_listxattr").return ? { name = "listxattr" retstr = returnstr(1) @@ -2858,7 +3051,8 @@ probe nd_syscall.listxattr.return = kprobe.function("sys_listxattr").return # llistxattr _________________________________________________ # ssize_t sys_llistxattr(char __user *path, char __user *list, size_t size) # -probe nd_syscall.llistxattr = kprobe.function("sys_llistxattr") +probe nd_syscall.llistxattr = kprobe.function("SyS_llistxattr") ?, + kprobe.function("sys_llistxattr") ? { name = "llistxattr" // list_uaddr = $list @@ -2879,7 +3073,8 @@ probe nd_syscall.llistxattr = kprobe.function("sys_llistxattr") size = ulong_arg(3) argstr = sprintf("%s, %p, %d", user_string_quoted(path_uaddr), list_uaddr, size) } -probe nd_syscall.llistxattr.return = kprobe.function("sys_llistxattr").return +probe nd_syscall.llistxattr.return = kprobe.function("SyS_llistxattr").return ?, + kprobe.function("sys_llistxattr").return ? { name = "llistxattr" retstr = returnstr(1) @@ -2891,7 +3086,8 @@ probe nd_syscall.llistxattr.return = kprobe.function("sys_llistxattr").return # unsigned long offset_low, # loff_t __user * result, # unsigned int origin) -probe nd_syscall.llseek = kprobe.function("sys_llseek") ? +probe nd_syscall.llseek = kprobe.function("SyS_llseek") ?, + kprobe.function("sys_llseek") ? { name = "llseek" // fd = $fd @@ -2912,7 +3108,8 @@ probe nd_syscall.llseek = kprobe.function("sys_llseek") ? argstr = sprintf("%d, 0x%x, 0x%x, %p, %s", fd, offset_high, offset_low, result_uaddr, whence_str) } -probe nd_syscall.llseek.return = kprobe.function("sys_llseek").return ? +probe nd_syscall.llseek.return = kprobe.function("SyS_llseek").return ?, + kprobe.function("sys_llseek").return ? { name = "llseek" retstr = returnstr(1) @@ -2921,7 +3118,8 @@ probe nd_syscall.llseek.return = kprobe.function("sys_llseek").return ? # lookup_dcookie _____________________________________________ # long sys_lookup_dcookie(u64 cookie64, char __user * buf, size_t len) # -probe nd_syscall.lookup_dcookie = kprobe.function("sys_lookup_dcookie") ? +probe nd_syscall.lookup_dcookie = kprobe.function("SyS_lookup_dcookie") ?, + kprobe.function("sys_lookup_dcookie") ? { name = "lookup_dcookie" // cookie = $cookie64 @@ -2934,7 +3132,8 @@ probe nd_syscall.lookup_dcookie = kprobe.function("sys_lookup_dcookie") ? len = ulong_arg(3) argstr = sprintf("%d, %p, %d", cookie, buffer_uaddr, len) } -probe nd_syscall.lookup_dcookie.return = kprobe.function("sys_lookup_dcookie").return ? +probe nd_syscall.lookup_dcookie.return = kprobe.function("SyS_lookup_dcookie").return ?, + kprobe.function("sys_lookup_dcookie").return ? { name = "lookup_dcookie" retstr = returnstr(1) @@ -2943,7 +3142,8 @@ probe nd_syscall.lookup_dcookie.return = kprobe.function("sys_lookup_dcookie").r # lremovexattr _______________________________________________ # long sys_lremovexattr(char __user *path, char __user *name) # -probe nd_syscall.lremovexattr = kprobe.function("sys_lremovexattr") +probe nd_syscall.lremovexattr = kprobe.function("SyS_lremovexattr") ?, + kprobe.function("sys_lremovexattr") ? { name = "lremovexattr" // name_uaddr = $name @@ -2964,7 +3164,8 @@ probe nd_syscall.lremovexattr = kprobe.function("sys_lremovexattr") name2 = user_string(name_uaddr) argstr = sprintf("%s, %s", user_string_quoted(path_uaddr), user_string_quoted(name_uaddr)) } -probe nd_syscall.lremovexattr.return = kprobe.function("sys_lremovexattr").return +probe nd_syscall.lremovexattr.return = kprobe.function("SyS_lremovexattr").return ?, + kprobe.function("sys_lremovexattr").return ? { name = "lremovexattr" retstr = returnstr(1) @@ -2972,7 +3173,8 @@ probe nd_syscall.lremovexattr.return = kprobe.function("sys_lremovexattr").retur # lseek ______________________________________________________ # off_t sys_lseek(unsigned int fd, off_t offset, unsigned int origin) -probe nd_syscall.lseek = kprobe.function("sys_lseek") +probe nd_syscall.lseek = kprobe.function("SyS_lseek") ?, + kprobe.function("sys_lseek") ? { name = "lseek" // fildes = $fd @@ -2988,7 +3190,8 @@ probe nd_syscall.lseek = kprobe.function("sys_lseek") whence_str = _seek_whence_str(whence) argstr = sprintf("%d, %d, %s", fildes, offset, whence_str) } -probe nd_syscall.lseek.return = kprobe.function("sys_lseek").return +probe nd_syscall.lseek.return = kprobe.function("SyS_lseek").return ?, + kprobe.function("sys_lseek").return ? { name = "lseek" retstr = returnstr(1) @@ -3001,7 +3204,8 @@ probe nd_syscall.lseek.return = kprobe.function("sys_lseek").return # size_t size, # int flags) # -probe nd_syscall.lsetxattr = kprobe.function("sys_lsetxattr") +probe nd_syscall.lsetxattr = kprobe.function("SyS_lsetxattr") ?, + kprobe.function("sys_lsetxattr") ? { name = "lsetxattr" // %( kernel_v >= "2.6.27" %? @@ -3037,7 +3241,8 @@ probe nd_syscall.lsetxattr = kprobe.function("sys_lsetxattr") user_string_quoted(name_uaddr), value_uaddr, size, flags) } -probe nd_syscall.lsetxattr.return = kprobe.function("sys_lsetxattr").return +probe nd_syscall.lsetxattr.return = kprobe.function("SyS_lsetxattr").return ?, + kprobe.function("sys_lsetxattr").return ? { name = "lsetxattr" retstr = returnstr(1) @@ -3053,9 +3258,11 @@ probe nd_syscall.lsetxattr.return = kprobe.function("sys_lsetxattr").return # struct oldabi_stat64 __user * statbuf) # probe nd_syscall.lstat = kprobe.function("sys_lstat") ?, + kprobe.function("SyS_newlstat") ?, kprobe.function("sys_newlstat") ?, kprobe.function("compat_sys_newlstat") ?, kprobe.function("sys32_lstat64") ?, + kprobe.function("SyS_lstat64") ?, kprobe.function("sys_lstat64") ?, kprobe.function("sys_oabi_lstat64") ? { @@ -3069,9 +3276,11 @@ probe nd_syscall.lstat = kprobe.function("sys_lstat") ?, argstr = sprintf("%s, %p", user_string_quoted(pointer_arg(1)), buf_uaddr) } probe nd_syscall.lstat.return = kprobe.function("sys_lstat").return ?, + kprobe.function("SyS_newlstat").return ?, kprobe.function("sys_newlstat").return ?, kprobe.function("compat_sys_newlstat").return ?, kprobe.function("sys32_lstat64").return ?, + kprobe.function("SyS_lstat64").return ?, kprobe.function("sys_lstat64").return ?, kprobe.function("sys_oabi_lstat64").return ? { @@ -3082,7 +3291,8 @@ probe nd_syscall.lstat.return = kprobe.function("sys_lstat").return ?, # madvise ____________________________________________________ # long sys_madvise(unsigned long start, size_t len_in, int behavior) # -probe nd_syscall.madvise = kprobe.function("sys_madvise") ? +probe nd_syscall.madvise = kprobe.function("SyS_madvise") ?, + kprobe.function("sys_madvise") ? { name = "madvise" // start = $start @@ -3097,7 +3307,8 @@ probe nd_syscall.madvise = kprobe.function("sys_madvise") ? advice_str = _madvice_advice_str(advice) argstr = sprintf("%p, %d, %s", start, length, _madvice_advice_str(advice)) } -probe nd_syscall.madvise.return = kprobe.function("sys_madvise").return ? +probe nd_syscall.madvise.return = kprobe.function("SyS_madvise").return ?, + kprobe.function("sys_madvise").return ? { name = "madvise" retstr = returnstr(1) @@ -3118,8 +3329,9 @@ probe nd_syscall.madvise.return = kprobe.function("sys_madvise").return ? # compat_ulong_t maxnode, # compat_ulong_t flags) # -probe nd_syscall.mbind = kprobe.function("sys_mbind") ?, - kprobe.function("compat_sys_mbind") ? +probe nd_syscall.mbind = kprobe.function("compat_sys_mbind") ?, + kprobe.function("SyS_mbind") ?, + kprobe.function("sys_mbind") ? { name = "mbind" // start = $start @@ -3140,8 +3352,9 @@ probe nd_syscall.mbind = kprobe.function("sys_mbind") ?, argstr = sprintf("%d, %d, %d, %p, %d, 0x%x", start, len, mode, nmask_uaddr, maxnode, flags) } -probe nd_syscall.mbind.return = kprobe.function("sys_mbind").return ?, - kprobe.function("compat_sys_mbind").return ? +probe nd_syscall.mbind.return = kprobe.function("compat_sys_mbind").return ?, + kprobe.function("SyS_mbind").return ?, + kprobe.function("sys_mbind").return ? { name = "mbind" retstr = returnstr(1) @@ -3151,14 +3364,16 @@ probe nd_syscall.mbind.return = kprobe.function("sys_mbind").return ?, # long sys_migrate_pages(pid_t pid, unsigned long maxnode, # const unsigned long __user *old_nodes, # const unsigned long __user *new_nodes) -probe nd_syscall.migrate_pages = kprobe.function("sys_migrate_pages") ? +probe nd_syscall.migrate_pages = kprobe.function("SyS_migrate_pages") ?, + kprobe.function("sys_migrate_pages") ? { name = "migrate_pages" // argstr = sprintf("%d, %d, %p, %p", $pid, $maxnode, $old_nodes, $new_nodes) asmlinkage() argstr = sprintf("%d, %d, %p, %p", int_arg(1), ulong_arg(2), pointer_arg(3), pointer_arg(4)) } -probe nd_syscall.migrate_pages.return = kprobe.function("sys_migrate_pages").return ? +probe nd_syscall.migrate_pages.return = kprobe.function("SyS_migrate_pages").return ?, + kprobe.function("sys_migrate_pages").return ? { name = "migrate_pages" retstr = returnstr(1) @@ -3167,7 +3382,8 @@ probe nd_syscall.migrate_pages.return = kprobe.function("sys_migrate_pages").ret # mincore ____________________________________________________ # long sys_mincore(unsigned long start, size_t len, unsigned char __user * vec) # -probe nd_syscall.mincore = kprobe.function("sys_mincore") ? +probe nd_syscall.mincore = kprobe.function("SyS_mincore") ?, + kprobe.function("sys_mincore") ? { name = "mincore" // start = $start @@ -3180,7 +3396,8 @@ probe nd_syscall.mincore = kprobe.function("sys_mincore") ? vec_uaddr = pointer_arg(3) argstr = sprintf("%p, %d, %p", start, length, vec_uaddr) } -probe nd_syscall.mincore.return = kprobe.function("sys_mincore").return ? +probe nd_syscall.mincore.return = kprobe.function("SyS_mincore").return ?, + kprobe.function("sys_mincore").return ? { name = "mincore" retstr = returnstr(1) @@ -3188,7 +3405,8 @@ probe nd_syscall.mincore.return = kprobe.function("sys_mincore").return ? # mkdir ______________________________________________________ # long sys_mkdir(const char __user * pathname, int mode) -probe nd_syscall.mkdir = kprobe.function("sys_mkdir") +probe nd_syscall.mkdir = kprobe.function("SyS_mkdir") ?, + kprobe.function("sys_mkdir") ? { name = "mkdir" // pathname_uaddr = $pathname @@ -3201,7 +3419,8 @@ probe nd_syscall.mkdir = kprobe.function("sys_mkdir") mode = int_arg(2) argstr = sprintf("%s, %#o", user_string_quoted(pathname_uaddr), mode) } -probe nd_syscall.mkdir.return = kprobe.function("sys_mkdir").return +probe nd_syscall.mkdir.return = kprobe.function("SyS_mkdir").return ?, + kprobe.function("sys_mkdir").return ? { name = "mkdir" retstr = returnstr(1) @@ -3210,7 +3429,8 @@ probe nd_syscall.mkdir.return = kprobe.function("sys_mkdir").return # mkdirat ____________________________________________________ # new function with 2.6.16 # long sys_mkdirat(int dfd, const char __user *pathname, int mode) -probe nd_syscall.mkdirat = kprobe.function("sys_mkdirat") ? +probe nd_syscall.mkdirat = kprobe.function("SyS_mkdirat") ?, + kprobe.function("sys_mkdirat") ? { name = "mkdirat" // dirfd = $dfd @@ -3223,7 +3443,8 @@ probe nd_syscall.mkdirat = kprobe.function("sys_mkdirat") ? mode = int_arg(3) argstr = sprintf("%d, %s, %#o", dirfd, user_string_quoted(pointer_arg(2)), mode) } -probe nd_syscall.mkdirat.return = kprobe.function("sys_mkdirat").return ? +probe nd_syscall.mkdirat.return = kprobe.function("SyS_mkdirat").return ?, + kprobe.function("sys_mkdirat").return ? { name = "mkdirat" retstr = returnstr(1) @@ -3231,7 +3452,8 @@ probe nd_syscall.mkdirat.return = kprobe.function("sys_mkdirat").return ? # mknod # long sys_mknod(const char __user * filename, int mode, unsigned dev) -probe nd_syscall.mknod = kprobe.function("sys_mknod") +probe nd_syscall.mknod = kprobe.function("SyS_mknod") ?, + kprobe.function("sys_mknod") ? { name = "mknod" // pathname = user_string($filename) @@ -3245,7 +3467,8 @@ probe nd_syscall.mknod = kprobe.function("sys_mknod") argstr = sprintf("%s, %s, %p", user_string_quoted(pointer_arg(1)), _mknod_mode_str(mode), dev) } -probe nd_syscall.mknod.return = kprobe.function("sys_mknod").return +probe nd_syscall.mknod.return = kprobe.function("SyS_mknod").return ?, + kprobe.function("sys_mknod").return ? { name = "mknod" retstr = returnstr(1) @@ -3255,7 +3478,8 @@ probe nd_syscall.mknod.return = kprobe.function("sys_mknod").return # new function with 2.6.16 # long sys_mknodat(int dfd, const char __user *filename, # int mode, unsigned dev) -probe nd_syscall.mknodat = kprobe.function("sys_mknodat") ? +probe nd_syscall.mknodat = kprobe.function("SyS_mknodat") ?, + kprobe.function("sys_mknodat") ? { name = "mknodat" // dirfd = $dfd @@ -3276,7 +3500,8 @@ probe nd_syscall.mknodat = kprobe.function("sys_mknodat") ? argstr = sprintf("%s, %s, %s, %p", dirfd_str, user_string_quoted(pointer_arg(2)), mode_str, dev) } -probe nd_syscall.mknodat.return = kprobe.function("sys_mknodat").return ? +probe nd_syscall.mknodat.return = kprobe.function("SyS_mknodat").return ?, + kprobe.function("sys_mknodat").return ? { name = "mknodat" retstr = returnstr(1) @@ -3286,7 +3511,8 @@ probe nd_syscall.mknodat.return = kprobe.function("sys_mknodat").return ? # # long sys_mlock(unsigned long start, size_t len) # -probe nd_syscall.mlock = kprobe.function("sys_mlock") ? +probe nd_syscall.mlock = kprobe.function("SyS_mlock") ?, + kprobe.function("sys_mlock") ? { name = "mlock" // addr = $start @@ -3297,7 +3523,8 @@ probe nd_syscall.mlock = kprobe.function("sys_mlock") ? len = ulong_arg(2) argstr = sprintf("%p, %d", addr, len) } -probe nd_syscall.mlock.return = kprobe.function("sys_mlock").return ? +probe nd_syscall.mlock.return = kprobe.function("SyS_mlock").return ?, + kprobe.function("sys_mlock").return ? { name = "mlock" retstr = returnstr(1) @@ -3306,7 +3533,8 @@ probe nd_syscall.mlock.return = kprobe.function("sys_mlock").return ? # # long sys_mlockall(int flags) # -probe nd_syscall.mlockall = kprobe.function("sys_mlockall") ? +probe nd_syscall.mlockall = kprobe.function("SyS_mlockall") ?, + kprobe.function("sys_mlockall") ? { name = "mlockall" // flags = $flags @@ -3315,7 +3543,8 @@ probe nd_syscall.mlockall = kprobe.function("sys_mlockall") ? flags = int_arg(1) argstr = _mlockall_flags_str(flags) } -probe nd_syscall.mlockall.return = kprobe.function("sys_mlockall").return ? +probe nd_syscall.mlockall.return = kprobe.function("SyS_mlockall").return ?, + kprobe.function("sys_mlockall").return ? { name = "mlockall" retstr = returnstr(1) @@ -3356,16 +3585,18 @@ probe nd_syscall.modify_ldt.return = kprobe.function("sys_modify_ldt").return ? # int __user *status, # int flags) # -probe nd_syscall.move_pages = kprobe.function("sys_move_pages") ?, - kprobe.function("compat_sys_move_pages") ? +probe nd_syscall.move_pages = kprobe.function("compat_sys_move_pages") ?, + kprobe.function("SyS_move_pages") ?, + kprobe.function("sys_move_pages") ? { name = "move_pages" // argstr = sprintf("%d, %d, %p, %p, 0x%x", $pid, $nr_pages, $nodes, $status, $flags) asmlinkage() argstr = sprintf("%d, %d, %p, %p, 0x%x", int_arg(1), ulong_arg(2), pointer_arg(4), pointer_arg(5), int_arg(6)) } -probe nd_syscall.move_pages.return = kprobe.function("sys_move_pages").return ?, - kprobe.function("compat_sys_move_pages").return ? +probe nd_syscall.move_pages.return = kprobe.function("compat_sys_move_pages").return ?, + kprobe.function("SyS_move_pages").return ?, + kprobe.function("sys_move_pages").return ? { name = "move_pages" retstr = returnstr(1) @@ -3382,8 +3613,9 @@ probe nd_syscall.move_pages.return = kprobe.function("sys_move_pages").return ?, # char __user * type, # unsigned long flags, # void __user * data) -probe nd_syscall.mount = kprobe.function("sys_mount"), - kprobe.function("compat_sys_mount") ? +probe nd_syscall.mount = kprobe.function("compat_sys_mount") ?, + kprobe.function("SyS_mount") ?, + kprobe.function("sys_mount") ? { name = "mount" // source = user_string($dev_name) @@ -3410,8 +3642,9 @@ probe nd_syscall.mount = kprobe.function("sys_mount"), user_string_quoted(pointer_arg(3)), mountflags_str, data) } -probe nd_syscall.mount.return = kprobe.function("sys_mount").return, - kprobe.function("compat_sys_mount").return ? +probe nd_syscall.mount.return = kprobe.function("compat_sys_mount").return ?, + kprobe.function("SyS_mount").return ?, + kprobe.function("sys_mount").return ? { name = "mount" retstr = returnstr(1) @@ -3420,7 +3653,8 @@ probe nd_syscall.mount.return = kprobe.function("sys_mount").return, # mprotect ___________________________________________________ # long sys_mprotect(unsigned long start, size_t len, unsigned long prot) # -probe nd_syscall.mprotect = kprobe.function("sys_mprotect") ? +probe nd_syscall.mprotect = kprobe.function("SyS_mprotect") ?, + kprobe.function("sys_mprotect") ? { name = "mprotect" // addr = $start @@ -3435,7 +3669,8 @@ probe nd_syscall.mprotect = kprobe.function("sys_mprotect") ? prot_str = _mprotect_prot_str(prot) argstr = sprintf("%p, %d, %s", addr, len, _mprotect_prot_str(prot)) } -probe nd_syscall.mprotect.return = kprobe.function("sys_mprotect").return ? +probe nd_syscall.mprotect.return = kprobe.function("SyS_mprotect").return ?, + kprobe.function("sys_mprotect").return ? { name = "mprotect" retstr = returnstr(1) @@ -3449,8 +3684,9 @@ probe nd_syscall.mprotect.return = kprobe.function("sys_mprotect").return ? # const struct compat_mq_attr __user *u_mqstat, # struct compat_mq_attr __user *u_omqstat) # -probe nd_syscall.mq_getsetattr = kprobe.function("sys_mq_getsetattr") ?, - kprobe.function("compat_sys_mq_getsetattr") ? +probe nd_syscall.mq_getsetattr = kprobe.function("compat_sys_mq_getsetattr") ?, + kprobe.function("SyS_mq_getsetattr") ?, + kprobe.function("sys_mq_getsetattr") ? { name = "mq_getsetattr" // mqdes = $mqdes @@ -3463,8 +3699,9 @@ probe nd_syscall.mq_getsetattr = kprobe.function("sys_mq_getsetattr") ?, u_omqstat_uaddr = pointer_arg(3) argstr = sprintf("%d, %p, %p", mqdes, u_mqstat_uaddr, u_omqstat_uaddr) } -probe nd_syscall.mq_getsetattr.return = kprobe.function("sys_mq_getsetattr").return ?, - kprobe.function("compat_sys_mq_getsetattr").return ? +probe nd_syscall.mq_getsetattr.return = kprobe.function("compat_sys_mq_getsetattr").return ?, + kprobe.function("SyS_mq_getsetattr").return ?, + kprobe.function("sys_mq_getsetattr").return ? { name = "mq_getsetattr" retstr = returnstr(1) @@ -3474,8 +3711,9 @@ probe nd_syscall.mq_getsetattr.return = kprobe.function("sys_mq_getsetattr").ret # long sys_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification) # long compat_sys_mq_notify(mqd_t mqdes, const struct compat_sigevent __user *u_notification) # -probe nd_syscall.mq_notify = kprobe.function("sys_mq_notify") ?, - kprobe.function("compat_sys_mq_notify") ? +probe nd_syscall.mq_notify = kprobe.function("compat_sys_mq_notify") ?, + kprobe.function("SyS_mq_notify") ?, + kprobe.function("sys_mq_notify") ? { name = "mq_notify" // mqdes = $mqdes @@ -3486,8 +3724,9 @@ probe nd_syscall.mq_notify = kprobe.function("sys_mq_notify") ?, notification_uaddr = pointer_arg(2) argstr = sprintf("%d, %p", mqdes, notification_uaddr) } -probe nd_syscall.mq_notify.return = kprobe.function("sys_mq_notify").return ?, - kprobe.function("compat_sys_mq_notify").return ? +probe nd_syscall.mq_notify.return = kprobe.function("compat_sys_mq_notify").return ?, + kprobe.function("SyS_mq_notify").return ?, + kprobe.function("sys_mq_notify").return ? { name = "mq_notify" retstr = returnstr(1) @@ -3502,8 +3741,9 @@ probe nd_syscall.mq_notify.return = kprobe.function("sys_mq_notify").return ?, # int oflag, compat_mode_t mode, # struct compat_mq_attr __user *u_attr) # -probe nd_syscall.mq_open = kprobe.function("sys_mq_open") ?, - kprobe.function("compat_sys_mq_open") ? +probe nd_syscall.mq_open = kprobe.function("compat_sys_mq_open") ?, + kprobe.function("SyS_mq_open") ?, + kprobe.function("sys_mq_open") ? { name = "mq_open" // name_uaddr = $u_name @@ -3529,8 +3769,9 @@ probe nd_syscall.mq_open = kprobe.function("sys_mq_open") ?, else argstr = sprintf("%s, %s", user_string_quoted(name_uaddr), _sys_open_flag_str(oflag)) } -probe nd_syscall.mq_open.return = kprobe.function("sys_mq_open").return ?, - kprobe.function("compat_sys_mq_open").return ? +probe nd_syscall.mq_open.return = kprobe.function("compat_sys_mq_open").return ?, + kprobe.function("SyS_mq_open").return ?, + kprobe.function("sys_mq_open").return ? { name = "mq_open" retstr = returnstr(1) @@ -3547,8 +3788,9 @@ probe nd_syscall.mq_open.return = kprobe.function("sys_mq_open").return ?, # size_t msg_len, unsigned int __user *u_msg_prio, # const struct compat_timespec __user *u_abs_timeout) # -probe nd_syscall.mq_timedreceive = kprobe.function("sys_mq_timedreceive") ?, - kprobe.function("compat_sys_mq_timedreceive") ? +probe nd_syscall.mq_timedreceive = kprobe.function("compat_sys_mq_timedreceive") ?, + kprobe.function("SyS_mq_timedreceive") ?, + kprobe.function("sys_mq_timedreceive") ? { name = "mq_timedreceive" // mqdes = $mqdes @@ -3567,8 +3809,9 @@ probe nd_syscall.mq_timedreceive = kprobe.function("sys_mq_timedreceive") ?, argstr = sprintf("%d, %p, %d, %p, %p", mqdes, msg_ptr_uaddr, msg_len, msg_prio_uaddr, abs_timeout_uaddr) } -probe nd_syscall.mq_timedreceive.return = kprobe.function("sys_mq_timedreceive").return ?, - kprobe.function("compat_sys_mq_timedreceive").return ? +probe nd_syscall.mq_timedreceive.return = kprobe.function("compat_sys_mq_timedreceive").return ?, + kprobe.function("SyS_mq_timedreceive").return ?, + kprobe.function("sys_mq_timedreceive").return ? { name = "mq_timedreceive" retstr = returnstr(1) @@ -3585,8 +3828,9 @@ probe nd_syscall.mq_timedreceive.return = kprobe.function("sys_mq_timedreceive") # size_t msg_len, unsigned int msg_prio, # const struct compat_timespec __user *u_abs_timeout) # -probe nd_syscall.mq_timedsend = kprobe.function("sys_mq_timedsend") ?, - kprobe.function("compat_sys_mq_timedsend") ? +probe nd_syscall.mq_timedsend = kprobe.function("compat_sys_mq_timedsend") ?, + kprobe.function("SyS_mq_timedsend") ?, + kprobe.function("sys_mq_timedsend") ? { name = "mq_timedsend" // mqdes = $mqdes @@ -3605,8 +3849,9 @@ probe nd_syscall.mq_timedsend = kprobe.function("sys_mq_timedsend") ?, argstr = sprintf("%d, %p, %d, %d, %p", mqdes, msg_ptr_uaddr, msg_len, msg_prio, abs_timeout_uaddr) } -probe nd_syscall.mq_timedsend.return = kprobe.function("sys_mq_timedsend").return ?, - kprobe.function("compat_sys_mq_timedsend").return ? +probe nd_syscall.mq_timedsend.return = kprobe.function("compat_sys_mq_timedsend").return ?, + kprobe.function("SyS_mq_timedsend").return ?, + kprobe.function("sys_mq_timedsend").return ? { name = "mq_timedsend" retstr = returnstr(1) @@ -3615,7 +3860,8 @@ probe nd_syscall.mq_timedsend.return = kprobe.function("sys_mq_timedsend").retur # mq_unlink __________________________________________________ # long sys_mq_unlink(const char __user *u_name) # -probe nd_syscall.mq_unlink = kprobe.function("sys_mq_unlink") ? +probe nd_syscall.mq_unlink = kprobe.function("SyS_mq_unlink") ?, + kprobe.function("sys_mq_unlink") ? { name = "mq_unlink" // u_name_uaddr = $u_name @@ -3626,7 +3872,8 @@ probe nd_syscall.mq_unlink = kprobe.function("sys_mq_unlink") ? u_name = user_string(u_name_uaddr) argstr = user_string_quoted(u_name_uaddr) } -probe nd_syscall.mq_unlink.return = kprobe.function("sys_mq_unlink").return ? +probe nd_syscall.mq_unlink.return = kprobe.function("SyS_mq_unlink").return ?, + kprobe.function("sys_mq_unlink").return ? { name = "mq_unlink" retstr = returnstr(1) @@ -3639,8 +3886,9 @@ probe nd_syscall.mq_unlink.return = kprobe.function("sys_mq_unlink").return ? # unsigned long flags, # unsigned long new_addr) # -probe nd_syscall.mremap = kprobe.function("sys_mremap") ?, - kprobe.function("ia64_mremap") ? +probe nd_syscall.mremap = kprobe.function("ia64_mremap") ?, + kprobe.function("SyS_mremap") ?, + kprobe.function("sys_mremap") ? { name = "mremap" // old_address = $addr @@ -3659,8 +3907,9 @@ probe nd_syscall.mremap = kprobe.function("sys_mremap") ?, argstr = sprintf("%p, %d, %d, %s, %p", old_address, old_size, new_size, _mremap_flags(flags), new_address) } -probe nd_syscall.mremap.return = kprobe.function("sys_mremap").return ?, - kprobe.function("ia64_mremap").return ? +probe nd_syscall.mremap.return = kprobe.function("ia64_mremap").return ?, + kprobe.function("SyS_mremap").return ?, + kprobe.function("sys_mremap").return ? { name = "mremap" retstr = returnstr(2) @@ -3669,7 +3918,8 @@ probe nd_syscall.mremap.return = kprobe.function("sys_mremap").return ?, # msgctl _____________________________________________________ # long sys_msgctl (int msqid, int cmd, struct msqid_ds __user *buf) # -probe nd_syscall.msgctl = kprobe.function("sys_msgctl") ? +probe nd_syscall.msgctl = kprobe.function("SyS_msgctl") ?, + kprobe.function("sys_msgctl") ? { name = "msgctl" // msqid = $msqid @@ -3682,7 +3932,8 @@ probe nd_syscall.msgctl = kprobe.function("sys_msgctl") ? buf_uaddr = pointer_arg(3) argstr = sprintf("%d, %d, %p", msqid, cmd, buf_uaddr) } -probe nd_syscall.msgctl.return = kprobe.function("sys_msgctl").return ? +probe nd_syscall.msgctl.return = kprobe.function("SyS_msgctl").return ?, + kprobe.function("sys_msgctl").return ? { name = "msgctl" retstr = returnstr(1) @@ -3707,7 +3958,8 @@ probe nd_syscall.compat_sys_msgctl.return = kprobe.function("compat_sys_msgctl") # msgget _____________________________________________________ # long sys_msgget (key_t key, int msgflg) # -probe nd_syscall.msgget = kprobe.function("sys_msgget") ? +probe nd_syscall.msgget = kprobe.function("SyS_msgget") ?, + kprobe.function("sys_msgget") ? { name = "msgget" // key = $key @@ -3720,7 +3972,8 @@ probe nd_syscall.msgget = kprobe.function("sys_msgget") ? msgflg_str = _sys_open_flag_str(msgflg) argstr = sprintf("%d, %s", key, _sys_open_flag_str(msgflg)) } -probe nd_syscall.msgget.return = kprobe.function("sys_msgget").return ? +probe nd_syscall.msgget.return = kprobe.function("SyS_msgget").return ?, + kprobe.function("sys_msgget").return ? { name = "msgget" retstr = returnstr(1) @@ -3733,7 +3986,8 @@ probe nd_syscall.msgget.return = kprobe.function("sys_msgget").return ? # long msgtyp, # int msgflg) # -probe nd_syscall.msgrcv = kprobe.function("sys_msgrcv") ? +probe nd_syscall.msgrcv = kprobe.function("SyS_msgrcv") ?, + kprobe.function("sys_msgrcv") ? { name = "msgrcv" // msqid = $msqid @@ -3750,7 +4004,8 @@ probe nd_syscall.msgrcv = kprobe.function("sys_msgrcv") ? msgflg = int_arg(5) argstr = sprintf("%d, %p, %d, %d, %d", msqid, msgp_uaddr, msgsz, msgtyp, msgflg) } -probe nd_syscall.msgrcv.return = kprobe.function("sys_msgrcv").return ? +probe nd_syscall.msgrcv.return = kprobe.function("SyS_msgrcv").return ?, + kprobe.function("sys_msgrcv").return ? { name = "msgrcv" retstr = returnstr(1) @@ -3779,7 +4034,8 @@ probe nd_syscall.compat_sys_msgrcv.return = kprobe.function("compat_sys_msgrcv") # size_t msgsz, # int msgflg) # -probe nd_syscall.msgsnd = kprobe.function("sys_msgsnd") ? +probe nd_syscall.msgsnd = kprobe.function("SyS_msgsnd") ?, + kprobe.function("sys_msgsnd") ? { name = "msgsnd" // msqid = $msqid @@ -3794,7 +4050,8 @@ probe nd_syscall.msgsnd = kprobe.function("sys_msgsnd") ? msgflg = int_arg(4) argstr = sprintf("%d, %p, %d, %d", msqid, msgp_uaddr, msgsz, msgflg) } -probe nd_syscall.msgsnd.return = kprobe.function("sys_msgsnd").return ? +probe nd_syscall.msgsnd.return = kprobe.function("SyS_msgsnd").return ?, + kprobe.function("sys_msgsnd").return ? { name = "msgsnd" retstr = returnstr(1) @@ -3818,7 +4075,8 @@ probe nd_syscall.compat_sys_msgsnd.return = kprobe.function("compat_sys_msgsnd") # msync ______________________________________________________ # long sys_msync(unsigned long start, size_t len, int flags) -probe nd_syscall.msync = kprobe.function("sys_msync") ? +probe nd_syscall.msync = kprobe.function("SyS_msync") ?, + kprobe.function("sys_msync") ? { name = "msync" // start = $start @@ -3830,7 +4088,8 @@ probe nd_syscall.msync = kprobe.function("sys_msync") ? flags = int_arg(3) argstr = sprintf("%p, %d, %s", start, length, _msync_flag_str(flags)) } -probe nd_syscall.msync.return = kprobe.function("sys_msync").return ? +probe nd_syscall.msync.return = kprobe.function("SyS_msync").return ?, + kprobe.function("sys_msync").return ? { name = "msync" retstr = returnstr(1) @@ -3838,7 +4097,8 @@ probe nd_syscall.msync.return = kprobe.function("sys_msync").return ? # munlock ____________________________________________________ # long sys_munlock(unsigned long start, size_t len) -probe nd_syscall.munlock = kprobe.function("sys_munlock") ? +probe nd_syscall.munlock = kprobe.function("SyS_munlock") ?, + kprobe.function("sys_munlock") ? { name = "munlock" // addr = $start @@ -3848,7 +4108,8 @@ probe nd_syscall.munlock = kprobe.function("sys_munlock") ? len = ulong_arg(2) argstr = sprintf("%p, %d", addr, len) } -probe nd_syscall.munlock.return = kprobe.function("sys_munlock").return ? +probe nd_syscall.munlock.return = kprobe.function("SyS_munlock").return ?, + kprobe.function("sys_munlock").return ? { name = "munlock" retstr = returnstr(1) @@ -3869,7 +4130,8 @@ probe nd_syscall.munlockall.return = kprobe.function("sys_munlockall").return ? # munmap _____________________________________________________ # long sys_munmap(unsigned long addr, size_t len) -probe nd_syscall.munmap = kprobe.function("sys_munmap") +probe nd_syscall.munmap = kprobe.function("SyS_munmap") ?, + kprobe.function("sys_munmap") ? { name = "munmap" // start = $addr @@ -3879,7 +4141,8 @@ probe nd_syscall.munmap = kprobe.function("sys_munmap") length = ulong_arg(2) argstr = sprintf("%p, %d", start, length) } -probe nd_syscall.munmap.return = kprobe.function("sys_munmap").return +probe nd_syscall.munmap.return = kprobe.function("SyS_munmap").return ?, + kprobe.function("sys_munmap").return ? { name = "munmap" retstr = returnstr(1) -- cgit From cdb804af87c00bb27c871e1deb3763279de0b7e5 Mon Sep 17 00:00:00 2001 From: Mark Wielaard Date: Thu, 28 May 2009 13:31:31 +0200 Subject: Add ucontext-symbols and ucontext-unwind tapset functions to the manual. * tapset/ucontext-unwind.stp (ubacktrace): Remove empty line before function triggering parse errors for doc scanner. * doc/SystemTap_Tapset_Reference/tapsets.tmpl (chapter context_stp): Add tapset/ucontext-symbols.stp and tapset/ucontext-unwind.stp. --- tapset/ucontext-unwind.stp | 1 - 1 file changed, 1 deletion(-) (limited to 'tapset') diff --git a/tapset/ucontext-unwind.stp b/tapset/ucontext-unwind.stp index 0801f1c9..df275d4b 100644 --- a/tapset/ucontext-unwind.stp +++ b/tapset/ucontext-unwind.stp @@ -41,7 +41,6 @@ function print_ubacktrace () %{ * string length. Returns empty string when current probe point cannot * determine user backtrace. */ - function ubacktrace:string () %{ /* pure */ if (CONTEXT->regs) _stp_stack_snprint (THIS->__retvalue, MAXSTRINGLEN, -- cgit From 4a815b7d94bd4a0d5baab25333fb21e595966388 Mon Sep 17 00:00:00 2001 From: JoeLynn Keniston Date: Fri, 29 May 2009 11:46:41 -0700 Subject: Create nd_syscalls2.stp This contains an initial transformation of syscalls2.stp to start using numbered parameter access instead of relying on dwarf. Signed-off-by: Josh Stone --- tapset/nd_syscalls2.stp | 3916 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 3916 insertions(+) create mode 100644 tapset/nd_syscalls2.stp (limited to 'tapset') diff --git a/tapset/nd_syscalls2.stp b/tapset/nd_syscalls2.stp new file mode 100644 index 00000000..a67ebd22 --- /dev/null +++ b/tapset/nd_syscalls2.stp @@ -0,0 +1,3916 @@ +// syscalls tapset part 2 [N-Z] +// Copyright (C) 2005 IBM Corp. +// Copyright (C) 2005, 2006, 2007 Red Hat Inc. +// Copyright (C) 2007 Quentin Barnes. +// +// This file is part of systemtap, and is free software. You can +// redistribute it and/or modify it under the terms of the GNU General +// Public License (GPL); either version 2, or (at your option) any +// later version. + +/* Each syscall returns the calls parameters. In addition, the following +* variables are set: +* +* name - generally the syscall name minus the "sys_". +* +* argstr - a string containing the decoded args in an easy-to-read format. +* It doesn't need to contain everything, but should have all the +* important args. Set in entry probes only. +* +* retstr - a string containing the return value in an easy-to-read format. +* Set in return probes only. +*/ + +# nanosleep __________________________________________________ +# +# long sys_nanosleep(struct timespec __user *rqtp, +# struct timespec __user *rmtp) +# long compat_sys_nanosleep(struct compat_timespec __user *rqtp, +# struct compat_timespec __user *rmtp) +# +probe nd_syscall.nanosleep = kernel.function("sys_nanosleep") { + name = "nanosleep" + // req_uaddr = $rqtp + // rem_uaddr = $rmtp + // argstr = sprintf("%s, %p", _struct_timespec_u($rqtp,1), $rmtp) + asmlinkage() + req_uaddr = pointer_arg(1) + rem_uaddr = pointer_arg(2) + argstr = sprintf("%s, %p", _struct_timespec_u(req_uaddr,1), rem_uaddr) +} +probe nd_syscall.nanosleep.return = kernel.function("sys_nanosleep").return { + name = "nanosleep" + retstr = returnstr(1) +} +probe nd_syscall.compat_nanosleep = kernel.function("compat_sys_nanosleep") ? { + name = "nanosleep" + // req_uaddr = $rqtp + // rem_uaddr = $rmtp + // argstr = sprintf("%s, %p", _struct_compat_timespec_u($rqtp,1), $rmtp) + asmlinkage() + req_uaddr = pointer_arg(1) + rem_uaddr = pointer_arg(2) + argstr = sprintf("%s, %p", _struct_compat_timespec_u(req_uaddr,1), rem_uaddr) +} +probe nd_syscall.compat_nanosleep.return = kernel.function("compat_sys_nanosleep").return ? { + name = "nanosleep" + retstr = returnstr(1) +} + +# nfsservctl _________________________________________________ +# +# long sys_nfsservctl(int cmd, struct nfsctl_arg __user *arg, void __user *res) +# long compat_sys_nfsservctl(int cmd, struct compat_nfsctl_arg __user *arg, +# union compat_nfsctl_res __user *res) +# +probe nd_syscall.nfsservctl = + kernel.function("sys_nfsservctl") ?, + kernel.function("compat_sys_nfsservctl") ? +{ + name = "nfsservctl" + // cmd = $cmd + // argp_uaddr = $arg + // resp_uaddr = $res + // argstr = sprintf("%s, %p, %p", _nfsctl_cmd_str($cmd), $arg, $res) + asmlinkage() + cmd = int_arg(1) + argp_uaddr = pointer_arg(2) + resp_uaddr = pointer_arg(3) + argstr = sprintf("%s, %p, %p", _nfsctl_cmd_str(cmd), argp_uaddr, resp_uaddr) +} +probe nd_syscall.nfsservctl.return = + kernel.function("sys_nfsservctl").return ?, + kernel.function("compat_sys_nfsservctl").return ? +{ + name = "nfsservctl" + retstr = returnstr(1) +} + +# nice _______________________________________________________ +# long sys_nice(int increment) +# +probe nd_syscall.nice = kernel.function("sys_nice") ? { + name = "nice" + // inc = $increment + // argstr = sprintf("%d", $increment) + asmlinkage() + inc = int_arg(1) + argstr = sprintf("%d", inc) +} +probe nd_syscall.nice.return = kernel.function("sys_nice").return ? { + name = "nice" + retstr = returnstr(1) +} + +# ni_syscall _________________________________________________ +# +# long sys_ni_syscall(void) +# +probe nd_syscall.ni_syscall = kernel.function("sys_ni_syscall") { + name = "ni_syscall" + argstr = "" +} +probe nd_syscall.ni_syscall.return = kernel.function("sys_ni_syscall").return { + name = "ni_syscall" + retstr = returnstr(1) +} + +# open _______________________________________________________ +# long sys_open(const char __user * filename, int flags, int mode) +# (obsolete) long sys32_open(const char * filename, int flags, int mode) +# +probe nd_syscall.open = + kernel.function("sys_open") ?, + kernel.function("compat_sys_open") ?, + kernel.function("sys32_open") ? +{ + name = "open" + // filename = user_string($filename) + // flags = $flags + // mode = $mode + // if (flags & 64) + // argstr = sprintf("%s, %s, %#o", user_string_quoted($filename), + // _sys_open_flag_str($flags), $mode) + // else + // argstr = sprintf("%s, %s", user_string_quoted($filename), + // _sys_open_flag_str($flags)) + asmlinkage() + filename = user_string(pointer_arg(1)) + flags = int_arg(2) + mode = int_arg(3) + if (flags & 64) + argstr = sprintf("%s, %s, %#o", user_string_quoted(pointer_arg(1)), + _sys_open_flag_str(flags), mode) + else + argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), + _sys_open_flag_str(flags)) +} +probe nd_syscall.open.return = + kernel.function("sys_open").return ?, + kernel.function("compat_sys_open").return ?, + kernel.function("sys32_open").return ? +{ + name = "open" + retstr = returnstr(1) +} + +# openat _______________________________________________________ +# long sys_openat(int dfd, const char __user *filename, int flags, int mode) +# long compat_sys_openat(unsigned int dfd, const char __user *filename, int flags, int mode) +# +probe nd_syscall.openat = + kernel.function("sys_openat") ?, + kernel.function("compat_sys_openat") ? +{ + name = "openat" + // filename = user_string($filename) + // flags = $flags + // mode = $mode + // if ($flags & 64) + // argstr = sprintf("%s, %s, %s, %#o", _dfd_str($dfd), + // user_string_quoted($filename), + // _sys_open_flag_str($flags), $mode) + // else + // argstr = sprintf("%s, %s, %s", _dfd_str($dfd), + // user_string_quoted($filename), + // _sys_open_flag_str($flags)) + asmlinkage() + filename = user_string(pointer_arg(2)) + flags = int_arg(3) + mode = int_arg(4) + if (flags & 64) + argstr = sprintf("%s, %s, %s, %#o", _dfd_str(int_arg(1)), + user_string_quoted(pointer_arg(2)), + _sys_open_flag_str(flags), mode) + else + argstr = sprintf("%s, %s, %s", _dfd_str(int_arg(1)), + user_string_quoted(pointer_arg(2)), + _sys_open_flag_str(flags)) +} +probe nd_syscall.openat.return = + kernel.function("sys_openat").return ?, + kernel.function("compat_sys_openat").return ? +{ + name = "openat" + retstr = returnstr(1) +} + +# pause ______________________________________________________ +# +# sys_pause(void) +# +probe nd_syscall.pause = kernel.function("sys_pause") ?, + kernel.function("sys32_pause") ?, + kernel.function("compat_sys_pause") ? +{ + name = "pause" + argstr = "" +} +probe nd_syscall.pause.return = kernel.function("sys_pause").return ?, + kernel.function("sys32_pause").return ?, + kernel.function("compat_sys_pause").return ? +{ + name = "pause" + retstr = returnstr(1) +} + +# pciconfig_iobase ___________________________________________ +# +# asmlinkage long +# sys_pciconfig_iobase(long which, +# unsigned long bus, +# unsigned long dfn) +# +# +#probe nd_syscall.pciconfig_iobase = kernel.function("sys_pciconfig_iobase") { +# name = "pciconfig_iobase" +# which = $which +# bus = $bus +# dfn = $dfn +# argstr = sprintf("%p, %p, %p", which, bus, dfn) +#} +#probe nd_syscall.pciconfig_iobase.return = kernel.function("sys_pciconfig_iobase").return { +# name = "pciconfig_iobase" +# retstr = returnstr(1) +#} +# pciconfig_read _____________________________________________ +# +# asmlinkage int +# sys_pciconfig_read(unsigned long bus, +# unsigned long dfn, +# unsigned long off, +# unsigned long len, +# unsigned char *buf) +# { return 0; } +# +# +#probe nd_syscall.pciconfig_read = kernel.function("sys_pciconfig_read") { +# name = "pciconfig_read" +# bus = $bus +# dfn = $dfn +# off = $off +# len = $len +# buf_uaddr = $buf +# argstr = sprintf("%p, %p, %p, %d, %p", bus, dfn, off, +# len, buf_uaddr) +#} +#probe nd_syscall.pciconfig_read.return = +# kernel.function("sys_pciconfig_read").return { +# name = "pciconfig_read" +# retstr = returnstr(1) +#} +# pciconfig_write ____________________________________________ +# +# asmlinkage int +# sys_pciconfig_write(unsigned long bus, +# unsigned long dfn, +# unsigned long off, +# unsigned long len, +# unsigned char *buf) +# +# +#probe nd_syscall.pciconfig_write = kernel.function("sys_pciconfig_write") { +# name = "pciconfig_write" +# bus = $bus +# dfn = $dfn +# off = $off +# len = $len +# buf_uaddr = $buf +# argstr = sprintf("%p, %p, %p, %d, %p", bus, dfn, off, +# len, buf_uaddr) +#} +#probe nd_syscall.pciconfig_write.return = +# kernel.function("sys_pciconfig_write").return { +# name = "pciconfig_write" +# retstr = returnstr(1) +#} +# personality ________________________________________________ +# +# asmlinkage long +# sys_personality(u_long personality) +# +probe nd_syscall.personality = kernel.function("sys_personality") { + name = "personality" + // persona = $personality + asmlinkage() + persona = ulong_arg(1) + argstr = sprintf("%p", persona); +} +probe nd_syscall.personality.return = kernel.function("sys_personality").return { + name = "personality" + retstr = returnstr(1) +} +# pipe _______________________________________________________ +# +# asmlinkage int +# sys_pipe(unsigned long __user * fildes) +# +probe nd_syscall.pipe = kernel.function("sys_pipe") { + name = "pipe" +%( arch == "ia64" %? +# ia64 just returns value directly, no fildes argument + argstr = "" +%: + // fildes_uaddr = $fildes + // argstr = _fildes_u($fildes) + %( arch != "ppc64" %? asmlinkage() %) + fildes_uaddr = pointer_arg(1) + argstr = _fildes_u(fildes_uaddr) +%) +} + +probe nd_syscall.pipe.return = kernel.function("sys_pipe").return { + name = "pipe" + retstr = returnstr(1) +} + +# pivot_root _________________________________________________ +# +# long sys_pivot_root(const char __user *new_root, const char __user *put_old) +# +probe nd_syscall.pivot_root = kernel.function("sys_pivot_root") { + name = "pivot_root" + // new_root_str = user_string($new_root) + // old_root_str = user_string($put_old) + // argstr = sprintf("%s, %s", user_string_quoted($new_root), + // user_string_quoted($put_old)) + asmlinkage() + new_root_str = user_string(pointer_arg(1)) + old_root_str = user_string(pointer_arg(2)) + argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), + user_string_quoted(pointer_arg(2))) +} +probe nd_syscall.pivot_root.return = kernel.function("sys_pivot_root").return { + name = "pivot_root" + retstr = returnstr(1) +} + +# poll _______________________________________________________ +# +# long sys_poll(struct pollfd __user * ufds, unsigned int nfds, long timeout) +# +probe nd_syscall.poll = kernel.function("sys_poll") { + name = "poll" + // ufds_uaddr = $ufds + // nfds = $nfds + // timeout = $timeout + // argstr = sprintf("%p, %d, %d", $ufds, $nfds, timeout) + asmlinkage() + ufds_uaddr = pointer_arg(1) + nfds = uint_arg(2) + timeout = long_arg(3) + argstr = sprintf("%p, %d, %d", ufds_uaddr, nfds, timeout) +} +probe nd_syscall.poll.return = kernel.function("sys_poll").return { + name = "poll" + retstr = returnstr(1) +} + +# ppoll _______________________________________________________ +# +# long sys_ppoll(struct pollfd __user *ufds, unsigned int nfds, +# struct timespec __user *tsp, const sigset_t __user *sigmask, +# size_t sigsetsize) +# +probe nd_syscall.ppoll = kernel.function("sys_ppoll") ? { + name = "ppoll" + // argstr = sprintf("%p, %d, %s, %p, %d", + // $ufds, + // $nfds, + // _struct_timespec_u($tsp,1), + // $sigmask, + // $sigsetsize) + asmlinkage() + argstr = sprintf("%p, %d, %s, %p, %d", + pointer_arg(1), + uint_arg(2), + _struct_timespec_u(pointer_arg(3),1), + pointer_arg(4), + ulong_arg(5)) +} +probe nd_syscall.ppoll.return = kernel.function("sys_ppoll").return ? { + name = "ppoll" + retstr = returnstr(1) +} +# long compat_sys_ppoll(struct pollfd __user *ufds, +# unsigned int nfds, struct compat_timespec __user *tsp, +# const compat_sigset_t __user *sigmask, compat_size_t sigsetsize) +# +probe nd_syscall.compat_ppoll = kernel.function("compat_sys_ppoll") ? { + name = "ppoll" + // argstr = sprintf("%p, %d, %s, %p, %d", + // $ufds, + // $nfds, + // _struct_compat_timespec_u($tsp,1), + // $sigmask, + // $sigsetsize) + asmlinkage() + argstr = sprintf("%p, %d, %s, %p, %d", + pointer_arg(1), + uint_arg(2), + _struct_compat_timespec_u(pointer_arg(3),1), + pointer_arg(4), + u32_arg(5)) +} +probe nd_syscall.compat_ppoll.return = kernel.function("compat_sys_ppoll").return ? { + name = "ppoll" + retstr = returnstr(1) +} + +# prctl ______________________________________________________ +# +# asmlinkage long +# sys_prctl(int option, +# unsigned long arg2, +# unsigned long arg3, +# unsigned long arg4, +# unsigned long arg5) +# +probe nd_syscall.prctl = kernel.function("sys_prctl") { + name = "prctl" + // option = $option + // arg2 = $arg2 + // arg3 = $arg3 + // arg4 = $arg4 + // arg5 = $arg5 + asmlinkage() + option = int_arg(1) + arg2 = ulong_arg(2) + arg3 = ulong_arg(3) + arg4 = ulong_arg(4) + arg5 = ulong_arg(5) + argstr = sprintf("%p, %p, %p, %p, %p", option, arg2, arg3, + arg4, arg5) +} +probe nd_syscall.prctl.return = kernel.function("sys_prctl").return { + name = "prctl" + retstr = returnstr(1) +} +# pread64 ____________________________________________________ +# +# ssize_t sys_pread64(unsigned int fd, +# char __user *buf, +# size_t count, +# loff_t pos) +# +probe nd_syscall.pread = kernel.function("sys_pread64") { + name = "pread" + // fd = $fd + // buf_uaddr = $buf + // count = $count + // offset = $pos + // argstr = sprintf("%d, %p, %d, %d", $fd, $buf, $count, $pos) + asmlinkage() + fd = uint_arg(1) + buf_uaddr = pointer_arg(2) + count = ulong_arg(3) + offset = longlong_arg(4) + argstr = sprintf("%d, %p, %d, %d", fd, buf_uaddr, count, offset) +} +probe nd_syscall.pread.return = kernel.function("sys_pread64").return { + name = "pread" + retstr = returnstr(1) +} + +# pselect6 _____________________________________________________ +# +# long sys_pselect6(int n, fd_set __user *inp, fd_set __user *outp, +# fd_set __user *exp, struct timespec __user *tsp, void __user *sig) +# +probe nd_syscall.pselect6 = kernel.function("sys_pselect6") ? { + name = "pselect6" + // argstr = sprintf("%d, %p, %p, %p, %s, %p", $n, $inp, $outp, $exp, + // _struct_timespec_u($tsp,1), $sig) + asmlinkage() + argstr = sprintf("%d, %p, %p, %p, %s, %p", int_arg(1) , pointer_arg(2), pointer_arg(3), pointer_arg(4), + _struct_timespec_u(pointer_arg(5),1), pointer_arg(6)) +} +probe nd_syscall.pselect6.return = kernel.function("sys_pselect6").return ? { + name = "pselect6" + retstr = returnstr(1) +} +probe nd_syscall.compat_pselect6 = kernel.function("compat_sys_pselect6") ? { + name = "pselect6" + // argstr = sprintf("%d, %p, %p, %p, %s, %p", $n, $inp, $outp, $exp, + // _struct_compat_timespec_u($tsp,1), $sig) + asmlinkage() + argstr = sprintf("%d, %p, %p, %p, %s, %p", int_arg(1), pointer_arg(2), pointer_arg(3), pointer_arg(4), + _struct_compat_timespec_u(pointer_arg(5),1), pointer_arg(6)) +} +probe nd_syscall.compat_pselect6.return = kernel.function("compat_sys_pselect6").return ? { + name = "pselect6" + retstr = returnstr(1) +} + +# pselect7 _____________________________________________________ +# +# long sys_pselect7(int n, fd_set __user *inp, fd_set __user *outp, +# fd_set __user *exp, struct timespec __user *tsp, +# const sigset_t __user *sigmask, size_t sigsetsize) +# +probe nd_syscall.pselect7 = kernel.function("sys_pselect7") ? { + name = "pselect7" + // argstr = sprintf("%d, %p, %p, %p, %s, %p, %d", $n, $inp, $outp, $exp, + // _struct_timespec_u($tsp,1), $sigmask, $sigsetsize) + asmlinkage() + argstr = sprintf("%d, %p, %p, %p, %s, %p, %d", int_arg(1) , pointer_arg(2), pointer_arg(3), pointer_arg(4), + _struct_timespec_u(pointer_arg(5),1), pointer_arg(6), ulong_arg(7)) +} +probe nd_syscall.pselect7.return = kernel.function("sys_pselect7").return ? { + name = "pselect7" + retstr = returnstr(1) +} +probe nd_syscall.compat_pselect7a = kernel.function("compat_sys_pselect7") ? { + name = "pselect7" + //argstr = sprintf("%d, %p, %p, %p, %s, %p, %d", $n, $inp, $outp, $exp, + // _struct_compat_timespec_u($tsp,1), $sigmask, $sigsetsize) + asmlinkage() + argstr = sprintf("%d, %p, %p, %p, %s, %p, %d", int_arg(1) , pointer_arg(2), pointer_arg(3), pointer_arg(4), + _struct_timespec_u(pointer_arg(5),1), pointer_arg(6), ulong_arg(7)) +} +probe nd_syscall.compat_pselect7.return = kernel.function("compat_sys_pselect7").return ? { + name = "pselect7" + retstr = returnstr(1) +} + +# ptrace _____________________________________________________ +# +# int sys_ptrace(long request, +# long pid, +# long addr, +# long data) +# +probe nd_syscall.ptrace = kernel.function("sys_ptrace") ? { + name = "ptrace" + // request = $request + // pid = $pid + // addr = $addr + // data = $data + asmlinkage() + request = long_arg(1) + pid = long_arg(2) + addr = long_arg(3) + data = long_arg(4) + argstr = sprintf("%d, %d, %p, %p", request, pid, addr, data) +} +probe nd_syscall.ptrace.return = kernel.function("sys_ptrace").return ? { + name = "ptrace" + retstr = returnstr(1) +} + +# pwrite64 ___________________________________________________ +# +# ssize_t sys_pwrite64(unsigned int fd, +# const char __user *buf, +# size_t count, +# loff_t pos) +# +probe nd_syscall.pwrite = kernel.function("sys_pwrite64") { + name = "pwrite" + // fd = $fd + // buf_uaddr = $buf + // count = $count + // offset = $pos + // argstr = sprintf("%d, %s, %d, %d", $fd, + // text_strn(user_string($buf),syscall_string_trunc,1), + // $count, $pos) + asmlinkage() + fd = uint_arg(1) + buf_uaddr = pointer_arg(2) + count = ulong_arg(3) + offset = longlong_arg(4) + argstr = sprintf("%d, %s, %d, %d", fd, + text_strn(user_string(buf_uaddr),syscall_string_trunc,1), + count, offset) +} +probe nd_syscall.pwrite.return = kernel.function("sys_pwrite64").return { + name = "pwrite" + retstr = returnstr(1) +} +# long sys32_pwrite64(unsigned int fd, const char __user *ubuf, +# size_t count, u32 poshi, u32 poslo) +probe nd_syscall.pwrite32 = kernel.function("sys32_pwrite64") ? { + name = "pwrite" + // fd = $fd + // buf_uaddr = $buf + // count = $count + // offset = ($poshi << 32) + $poslo +// %( arch == "s390x" %? + // buf_uaddr = $ubuf + // argstr = sprintf("%d, %s, %d, %d", $fd, + // text_strn(user_string($ubuf),syscall_string_trunc,1), + // $count, ($poshi << 32) + $poslo) +// %: + // buf_uaddr = $buf + // argstr = sprintf("%d, %s, %d, %d", $fd, + // text_strn(user_string($buf),syscall_string_trunc,1), + // $count, ($poshi << 32) + $poslo) +// %) + asmlinkage() + fd = uint_arg(1) + buf_uaddr = pointer_arg(2) + count = ulong_arg(3) + offset = (u32_arg(4) << 32) + u32_arg(5) + argstr = sprintf("%d, %s, %d, %d", fd, + text_strn(user_string(buf_uaddr),syscall_string_trunc,1), + count, offset) +} +probe nd_syscall.pwrite32.return = kernel.function("sys32_pwrite64").return ? { + name = "pwrite" + retstr = returnstr(1) +} + +# quotactl ___________________________________________________ +# +# long sys_quotactl(unsigned int cmd, +# const char __user *special, +# qid_t id, +# void __user *addr) +# +probe nd_syscall.quotactl = kernel.function("sys_quotactl") ? { + name = "quotactl" + // cmd = $cmd + // cmd_str = _quotactl_cmd_str($cmd) + // special = $special + // special_str = user_string($special) + // id = $id + // addr_uaddr = $addr + // argstr = sprintf("%s, %s, %d, %p", cmd_str, special_str, $id, $addr) + asmlinkage() + cmd = uint_arg(1) + cmd_str = _quotactl_cmd_str(cmd) + special = pointer_arg(2) + special_str = user_string(special) + id = uint_arg(3) + addr_uaddr = pointer_arg(4) + argstr = sprintf("%s, %s, %d, %p", cmd_str, special_str, id, addr_uaddr) +} +probe nd_syscall.quotactl.return = kernel.function("sys_quotactl").return ? { + name = "quotactl" + retstr = returnstr(1) +} + + +# read _______________________________________________________ +# ssize_t sys_read(unsigned int fd, char __user * buf, size_t count) +probe nd_syscall.read = kernel.function("sys_read") { + name = "read" + // fd = $fd + // buf_uaddr = $buf + // count = $count + // argstr = sprintf("%d, %p, %d", $fd, $buf, $count) + asmlinkage() + fd = uint_arg(1) + buf_uaddr = pointer_arg(2) + count = ulong_arg(3) + argstr = sprintf("%d, %p, %d", fd, buf_uaddr, count) +} +probe nd_syscall.read.return = kernel.function("sys_read").return { + name = "read" + retstr = returnstr(1) +} + +# readahead __________________________________________________ +# +# asmlinkage ssize_t +# sys_readahead(int fd, +# loff_t offset, +# size_t count) +# +probe nd_syscall.readahead = kernel.function("sys_readahead") { + name = "readahead" + // fd = $fd + // offset = $offset + // count = $count + asmlinkage() + fd = int_arg(1) + offset = longlong_arg(2) + count = ulong_arg(3) + argstr = sprintf("%d, %p, %p", fd, offset, count) +} +probe nd_syscall.readahead.return = kernel.function("sys_readahead").return { + name = "readahead" + retstr = returnstr(1) +} + +# readdir ___________________________________________________ +# +# long compat_sys_old_readdir(unsigned int fd, struct compat_old_linux_dirent __user *dirent, unsigned int count) +# int old32_readdir(unsigned int fd, struct old_linux_dirent32 *dirent, unsigned int count) +# +probe nd_syscall.readdir = + kernel.function("compat_sys_old_readdir") ?, + kernel.function("old32_readdir") ? +{ + name = "readdir" + // argstr = sprintf("%d, %p, %d", $fd, $dirent, $count) + asmlinkage() + argstr = sprintf("%d, %p, %d", uint_arg(1), pointer_arg(2), uint_arg(3)) +} +probe nd_syscall.readdir.return = + kernel.function("compat_sys_old_readdir").return ?, + kernel.function("old32_readdir").return ? +{ + name = "readdir" + retstr = returnstr(1) +} + +# readlink ___________________________________________________ +# +# long sys_readlink(const char __user * path, +# char __user * buf, +# int bufsiz) +# +probe nd_syscall.readlink = kernel.function("sys_readlink") { + name = "readlink" + // path = user_string($path) + // buf_uaddr = $buf + // bufsiz = $bufsiz + // argstr = sprintf("%s, %p, %d", user_string_quoted($path), + // $buf, $bufsiz) + asmlinkage() + path = user_string(pointer_arg(1)) + buf_uaddr = pointer_arg(2) + bufsiz = int_arg(3) + argstr = sprintf("%s, %p, %d", user_string_quoted(pointer_arg(1)), + buf_uaddr, bufsiz) +} +probe nd_syscall.readlink.return = kernel.function("sys_readlink").return { + name = "readlink" + retstr = returnstr(1) +} + +# readlinkat ___________________________________________________ +# +# long sys_readlinkat(int dfd, const char __user * path, +# char __user * buf, +# int bufsiz) +# +probe nd_syscall.readlinkat = kernel.function("sys_readlinkat") ? { + name = "readlinkat" + //dfd = $dfd + // path = user_string($path) + // buf_uaddr = $buf + // bufsiz = $bufsiz + // argstr = sprintf("%s, %s, %p, %d", _dfd_str($dfd), user_string_quoted($path), + // $buf, $bufsiz) + asmlinkage() + dfd = int_arg(1) + path = user_string(pointer_arg(2)) + buf_uaddr = pointer_arg(3) + bufsiz = int_arg(4) + argstr = sprintf("%s, %s, %p, %d", _dfd_str(dfd), user_string_quoted(pointer_arg(2)), + buf_uaddr, bufsiz) +} +probe nd_syscall.readlinkat.return = kernel.function("sys_readlinkat").return ? { + name = "readlinkat" + retstr = returnstr(1) +} + +# readv ______________________________________________________ +# +# ssize_t sys_readv(unsigned long fd, +# const struct iovec __user *vec, +# unsigned long vlen) +# ssize_t compat_sys_readv(unsigned long fd, +# const struct compat_iovec __user *vec, +# unsigned long vlen) +# +probe nd_syscall.readv = + kernel.function("sys_readv"), + kernel.function("compat_sys_readv") ? +{ + name = "readv" + // vector_uaddr = $vec + // count = $vlen +/* FIXME: RHEL4 U3 ppc64 can't resolve $fd */ +// %( arch != "ppc64" %? + // fd = $fd + // argstr = sprintf("%d, %p, %d", $fd, $vec, $vlen) +// %: + // argstr = sprintf("unknown fd, %p, %d", $vec, $vlen) +// %) + asmlinkage() + vector_uaddr = pointer_arg(2) + count = ulong_arg(3) + fd = ulong_arg(1) + argstr = sprintf("%d, %p, %d", fd, vector_uaddr, count) +} +probe nd_syscall.readv.return = + kernel.function("sys_readv").return, + kernel.function("compat_sys_readv").return ? +{ + name = "readv" + retstr = returnstr(1) +} + +# reboot _____________________________________________________ +# +# long sys_reboot(int magic1, +# int magic2, +# unsigned int cmd, +# void __user * arg) +# +probe nd_syscall.reboot = kernel.function("sys_reboot") { + name = "reboot" + // magic = $magic1 + // magic_str = _reboot_magic_str($magic1) + // magic2 = $magic2 + // magic2_str =_reboot_magic_str($magic2) + // flag = $cmd + // flag_str = _reboot_flag_str($cmd) + // arg_uaddr = $arg + // argstr = sprintf("%s, %s, %s, %p", magic_str, magic2_str, + // flag_str, $arg) + asmlinkage() + magic = int_arg(1) + magic_str = _reboot_magic_str(magic) + magic2 = int_arg(2) + magic2_str =_reboot_magic_str(magic2) + flag = uint_arg(3) + flag_str = _reboot_flag_str(flag) + arg_uaddr = pointer_arg(4) + argstr = sprintf("%s, %s, %s, %p", magic_str, magic2_str, + flag_str, arg_uaddr) +} +probe nd_syscall.reboot.return = kernel.function("sys_reboot").return { + name = "reboot" + retstr = returnstr(1) +} + +# recv _______________________________________________________ +# +# long sys_recv(int fd, void __user *ubuf, size_t size, unsigned flags) +# +probe nd_syscall.recv = kernel.function("sys_recv") ? { + name = "recv" + // s = $fd + // buf_uaddr = $ubuf + // len = $size + // flags = $flags + // flags_str = _recvflags_str($flags) + // argstr = sprintf("%d, %p, %d, %s", $fd, $ubuf, $size, _recvflags_str($flags)) + asmlinkage() + s = int_arg(1) + buf_uaddr = pointer_arg(2) + len = ulong_arg(3) + flags = uint_arg(4) + flags_str = _recvflags_str(flags) + argstr = sprintf("%d, %p, %d, %s", s, buf_uaddr, len, flags_str) +} +probe nd_syscall.recv.return = kernel.function("sys_recv").return ? { + name = "recv" + retstr = returnstr(1) +} + +# recvfrom ___________________________________________________ +# +# long sys_recvfrom(int fd, +# void __user * ubuf, +# size_t size, +# unsigned flags, +# struct sockaddr __user *addr, +# int __user *addr_len) +# +probe nd_syscall.recvfrom = kernel.function("sys_recvfrom") ? { + name = "recvfrom" + // s = $fd + // buf_uaddr = $ubuf + // len = $size + // flags = $flags + // flags_str = _recvflags_str($flags) + // addr_uaddr = $addr + // addrlen_uaddr = $addr_len + // argstr = sprintf("%d, %p, %d, %s, %p, %p", + // $fd, $ubuf, $size, _recvflags_str($flags), $addr, $addr_len) + asmlinkage() + s = int_arg(1) + buf_uaddr = pointer_arg(2) + len = ulong_arg(3) + flags = uint_arg(4) + flags_str = _recvflags_str(flags) + addr_uaddr = pointer_arg(5) + addrlen_uaddr = pointer_arg(6) + argstr = sprintf("%d, %p, %d, %s, %p, %p", + s, buf_uaddr, len, flags_str, addr_uaddr, addrlen_uaddr) +} +probe nd_syscall.recvfrom.return = kernel.function("sys_recvfrom").return ? { + name = "recvfrom" + retstr = returnstr(1) +} + +# recvmsg ____________________________________________________ +# +# long sys_recvmsg(int fd, +# struct msghdr __user *msg, +# unsigned int flags) +# +probe nd_syscall.recvmsg = kernel.function("sys_recvmsg") ? { + name = "recvmsg" + // s = $fd + // msg_uaddr = $msg + // flags = $flags + // flags_str = _recvflags_str($flags) + // argstr = sprintf("%d, %p, %s", $fd, $msg, _recvflags_str($flags)) + asmlinkage() + s = int_arg(1) + msg_uaddr = pointer_arg(2) + flags = uint_arg(3) + flags_str = _recvflags_str(flags) + argstr = sprintf("%d, %p, %s", s, msg_uaddr, flags_str) +} +probe nd_syscall.recvmsg.return = kernel.function("sys_recvmsg").return ? { + name = "recvmsg" + retstr = returnstr(1) +} +# compat_sys_recvmsg ________________________________________ +# +# long compat_sys_recvmsg(int fd, +# struct compat_msghdr __user *msg, +# unsigned int flags) +# +probe nd_syscall.compat_sys_recvmsg = kernel.function("compat_sys_recvmsg") ? { + name = "compat_sys_recvmsg" + // s = $fd + // msg_uaddr = $msg + // flags = $flags + // argstr = sprintf("%d, %p, %s", $fd, $msg, _recvflags_str($flags)) + asmlinkage() + s = int_arg(1) + msg_uaddr = pointer_arg(2) + flags = uint_arg(3) + argstr = sprintf("%d, %p, %s", s, msg_uaddr, _recvflags_str(flags)) +} +probe nd_syscall.compat_sys_recvmsg.return = kernel.function("compat_sys_recvmsg").return ? { + name = "compat_sys_recvmsg" + retstr = returnstr(1) +} + +# remap_file_pages ___________________________________________ +# +# long sys_remap_file_pages(unsigned long start, +# unsigned long size, +# unsigned long __prot, +# unsigned long pgoff, +# unsigned long flags) +# +probe nd_syscall.remap_file_pages = kernel.function("sys_remap_file_pages") ? { + name = "remap_file_pages" + // start = $start + // size = $size +// %( kernel_vr >= "2.6.24" %? + // prot = $prot +// %: + // prot = $__prot +// %) + // pgoff = $pgoff + // flags = $flags + asmlinkage() + start = ulong_arg(1) + size = ulong_arg(2) + prot = ulong_arg(3) + pgoff = ulong_arg(4) + flags = ulong_arg(5) + argstr = sprintf("%p, %p, %p, %p, %p", start, size, prot, + pgoff, flags) +} +probe nd_syscall.remap_file_pages.return = + kernel.function("sys_remap_file_pages").return ? { + name = "remap_file_pages" + retstr = returnstr(1) +} + +# removexattr ________________________________________________ +# +# asmlinkage long +# sys_removexattr(char __user *path, +# char __user *name) +# +probe nd_syscall.removexattr = kernel.function("sys_removexattr") { + name = "removexattr" + // path = user_string($path) + // name_str = user_string($name) + // argstr = sprintf("%s, %s", user_string_quoted($path), + // user_string_quoted($name)) + asmlinkage() + path = user_string(pointer_arg(1)) + name_str = user_string(pointer_arg(2)) + argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), + user_string_quoted(pointer_arg(2))) +} +probe nd_syscall.removexattr.return = kernel.function("sys_removexattr").return { + name = "removexattr" + retstr = returnstr(1) +} +# rename _____________________________________________________ +# +# asmlinkage long +# sys_rename(const char __user * oldname, +# const char __user * newname) +# +probe nd_syscall.rename = kernel.function("sys_rename") { + name = "rename" + // oldpath = user_string($oldname) + // newpath = user_string($newname) + // argstr = sprintf("%s, %s", user_string_quoted($oldname), + // user_string_quoted($newname)) + asmlinkage() + oldpath = user_string(pointer_arg(1)) + newpath = user_string(pointer_arg(2)) + argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), + user_string_quoted(pointer_arg(2))) +} +probe nd_syscall.rename.return = kernel.function("sys_rename").return { + name = "rename" + retstr = returnstr(1) +} + +# request_key ________________________________________________ +# +# long sys_request_key(const char __user *_type, +# const char __user *_description, +# const char __user *_callout_info, +# key_serial_t destringid) +# compat_sys_request_key() calls sys_request_key, so don't need probe there. +# +probe nd_syscall.request_key = kernel.function("sys_request_key") ? { + name = "request_key" + // type_uaddr = $_type + // description_uaddr = $_description + // callout_info_uaddr = $_callout_info + // destringid = $destringid + // argstr = sprintf("%p, %p, %p, %p", $_type, $_description, $_callout_info, $destringid) + asmlinkage() + type_uaddr = pointer_arg(1) + description_uaddr = pointer_arg(2) + callout_info_uaddr = pointer_arg(3) + destringid = u32_arg(4) + argstr = sprintf("%p, %p, %p, %p", type_uaddr,description_uaddr, callout_info_uaddr, destringid) +} +probe nd_syscall.request_key.return = kernel.function("sys_request_key").return ? { + name = "request_key" + retstr = returnstr(1) +} + +# restart_syscall ____________________________________________ +# +# asmlinkage long +# sys_restart_syscall(void) +# +probe nd_syscall.restart_syscall = kernel.function("sys_restart_syscall") { + name = "restart_syscall" + argstr = "" +} +probe nd_syscall.restart_syscall.return = + kernel.function("sys_restart_syscall").return { + name = "restart_syscall" + retstr = returnstr(1) +} +# rmdir ______________________________________________________ +# +# asmlinkage long +# sys_rmdir(const char __user * pathname) +# +probe nd_syscall.rmdir = kernel.function("sys_rmdir") { + name = "rmdir" + // pathname = user_string($pathname) + // argstr = user_string_quoted($pathname) + asmlinkage() + pathname = user_string(pointer_arg(1)) + argstr = user_string_quoted(pointer_arg(1)) +} +probe nd_syscall.rmdir.return = kernel.function("sys_rmdir").return { + name = "rmdir" + retstr = returnstr(1) +} + +# rt_sigaction _______________________________________________ +# +# sys_rt_sigaction(int sig, +# const struct sigaction __user *act, +# struct sigaction __user *oact, +# size_t sigsetsize) +# +probe nd_syscall.rt_sigaction = kernel.function("sys_rt_sigaction") ? { + name = "rt_sigaction" + // sig = $sig + // act_uaddr = $act + // oact_uaddr = $oact + // sigsetsize = $sigsetsize + // argstr = sprintf("%s, {%s}, %p, %d", _signal_name($sig), + // _struct_sigaction_u($act), $oact, $sigsetsize) + asmlinkage() + sig = int_arg(1) + act_uaddr = pointer_arg(2) + oact_uaddr = pointer_arg(3) + sigsetsize = ulong_arg(4) + argstr = sprintf("%s, {%s}, %p, %d", _signal_name(sig), + _struct_sigaction_u(act_uaddr), oact_uaddr, sigsetsize) +} +probe nd_syscall.rt_sigaction.return = kernel.function("sys_rt_sigaction").return ? { + name = "rt_sigaction" + retstr = returnstr(1) +} + +# +# long sys32_rt_sigaction(int sig, +# struct sigaction32 __user *act, +# struct sigaction32 __user *oact, +# unsigned int sigsetsize) +# ppc only +# compat_sys_rt_sigaction(int sig, +# const struct sigaction32 __user *act, +# struct sigaction32 __user *oact, +# size_t sigsetsize) + +probe nd_syscall.rt_sigaction32 = kernel.function("sys32_rt_sigaction") ?, + kernel.function("compat_sys_rt_sigaction") ? +{ + name = "rt_sigaction" + // sig = $sig + // act_uaddr = $act + // oact_uaddr = $oact + // sigsetsize = $sigsetsize + // argstr = sprintf("%s, %p, %p, %d", _signal_name($sig), $act, $oact, $sigsetsize) + asmlinkage() + sig = int_arg(1) + act_uaddr = pointer_arg(2) + oact_uaddr = pointer_arg(3) + sigsetsize = uint_arg(4) + argstr = sprintf("%s, %p, %p, %d", _signal_name(sig), act_uadd, oact_uaddr, sigsetsize) +} +probe nd_syscall.rt_sigaction32.return = kernel.function("sys32_rt_sigaction").return ?, + kernel.function("compat_sys_rt_sigaction").return ? +{ + name = "rt_sigaction" + retstr = returnstr(1) +} + +# rt_sigpending ______________________________________________ +# +# long sys_rt_sigpending(sigset_t __user *set, size_t sigsetsize) +# +probe nd_syscall.rt_sigpending = kernel.function("sys_rt_sigpending") ? { + name = "rt_sigpending" + // set_uaddr = $set + // sigsetsize = $sigsetsize + // argstr = sprintf("%p, %d", $set, $sigsetsize) + asmlinkage() + set_uaddr = pointer_arg(1) + sigsetsize = ulong_arg(2) + argstr = sprintf("%p, %d", set_uaddr, sigsetsize) +} +probe nd_syscall.rt_sigpending.return = kernel.function("sys_rt_sigpending").return ? { + name = "rt_sigpending" + retstr = returnstr(1) +} + +# rt_sigprocmask _____________________________________________ +# long sys32_rt_sigprocmask(u32 how, compat_sigset_t __user *set, compat_sigset_t __user *oset, size_t sigsetsize) +# long compat_sys_rt_sigprocmask(int how, compat_sigset_t __user *set, compat_sigset_t __user *oset, compat_size_t sigsetsize) +# long sys_rt_sigprocmask(int how, sigset_t __user *set, sigset_t __user *oset, size_t sigsetsize) +# +probe nd_syscall.rt_sigprocmask = + kernel.function("sys32_rt_sigprocmask") ?, + kernel.function("compat_sys_rt_sigprocmask") ?, + kernel.function("sys_rt_sigprocmask") ? +{ + name = "rt_sigprocmask" + // how = $how + // how_str = _sigprocmask_how_str($how) + // set_uaddr = $set + // oldset_uaddr = $oset + // argstr = sprintf("%s, [%s], %p, %d", how_str, _stp_sigset_u($set), + // $oset, $sigsetsize) + if (probefunc() != "compat_sys_rt_sigprocmask") + asmlinkage() + how = int_arg(1) + how_str = _sigprocmask_how_str(how) + set_uaddr = pointer_arg(2) + oldset_uaddr = pointer_arg(3) + argstr = sprintf("%s, [%s], %p, %d", how_str, _stp_sigset_u(set_uaddr), + oldset_uaddr, uint_arg(4)) +} +probe nd_syscall.rt_sigprocmask.return = + kernel.function("sys32_rt_sigprocmask").return ?, + kernel.function("compat_sys_rt_sigprocmask").return ?, + kernel.function("sys_rt_sigprocmask").return ? +{ + name = "rt_sigprocmask" + retstr = returnstr(1) +} + +# rt_sigqueueinfo ____________________________________________ +# +# long sys_rt_sigqueueinfo(int pid, int sig,siginfo_t __user *uinfo) +# +probe nd_syscall.rt_sigqueueinfo = kernel.function("sys_rt_sigqueueinfo") { + name = "rt_sigqueueinfo" + // pid = $pid + // sig = $sig + // uinfo_uaddr = $uinfo + // argstr = sprintf("%d, %s, %p", $pid, _signal_name($sig), $uinfo) + asmlinkage() + pid = int_arg(1) + sig = int_arg(2) + uinfo_uaddr = pointer_arg(3) + argstr = sprintf("%d, %s, %p", pid, _signal_name(sig), uinfo_uaddr) +} +probe nd_syscall.rt_sigqueueinfo.return = + kernel.function("sys_rt_sigqueueinfo").return { + name = "rt_sigqueueinfo" + retstr = returnstr(1) +} + +# rt_sigreturn _______________________________________________ +# int sys_rt_sigreturn(unsigned long __unused) +# +probe nd_syscall.rt_sigreturn = + kernel.function("sys_rt_sigreturn") ?, + kernel.function("sys32_rt_sigreturn") ? +{ + name = "rt_sigreturn" + argstr = "" +} +probe nd_syscall.rt_sigreturn.return = + kernel.function("sys_rt_sigreturn").return ?, + kernel.function("sys32_rt_sigreturn").return ? +{ + name = "rt_sigreturn" + retstr = returnstr(1) +} + +# rt_sigsuspend ______________________________________________ +# +# sys_rt_sigsuspend(struct pt_regs regs) +# +probe nd_syscall.rt_sigsuspend = + kernel.function("sys_rt_sigsuspend") ?, + kernel.function("compat_sys_rt_sigsuspend") ?, + kernel.function("ia64_rt_sigsuspend") ? +{ + name = "rt_sigsuspend" + argstr = "" +} +probe nd_syscall.rt_sigsuspend.return = + kernel.function("sys_rt_sigsuspend").return ?, + kernel.function("compat_sys_rt_sigsuspend").return ?, + kernel.function("ia64_rt_sigsuspend").return ? +{ + name = "rt_sigsuspend" + retstr = returnstr(1) +} + +# rt_sigtimedwait ____________________________________________ +# +# long sys_rt_sigtimedwait(const sigset_t __user *uthese, +# siginfo_t __user *uinfo, +# const struct timespec __user *uts, +# size_t sigsetsize) +# long compat_sys_rt_sigtimedwait (compat_sigset_t __user *uthese, +# struct compat_siginfo __user *uinfo, +# struct compat_timespec __user *uts, compat_size_t sigsetsize) +# +probe nd_syscall.rt_sigtimedwait = + kernel.function("sys_rt_sigtimedwait"), + kernel.function("compat_sys_rt_sigtimedwait") ? +{ + name = "rt_sigtimedwait" + // uthese_uaddr = $uthese + // uinfo_uaddr = $uinfo + // uts_uaddr = $uts + // sigsetsize = $sigsetsize + // argstr = sprintf("%p, %p, %p, %d", $uthese, $uinfo, $uts, $sigsetsize) + asmlinkage() + uthese_uaddr = pointer_arg(1) + uinfo_uaddr = pointer_arg(2) + uts_uaddr = pointer_arg(3) + if (probefunc() == "sys_rt_sigtimedwait") + sigsetsize = ulong_arg(4) + else + sigsetsize = u32_arg(4) + argstr = sprintf("%p, %p, %p, %d", uthese_uaddr, uinfo_uaddr, uts_uaddr, sigsetsize) +} +probe nd_syscall.rt_sigtimedwait.return = + kernel.function("sys_rt_sigtimedwait").return, + kernel.function("compat_sys_rt_sigtimedwait").return ? +{ + name = "rt_sigtimedwait" + retstr = returnstr(1) +} + +# sched_getaffinity __________________________________________ +# +# asmlinkage long +# sys_sched_getaffinity(pid_t pid, +# unsigned int len, +# unsigned long __user *user_mask_ptr) +# +probe nd_syscall.sched_getaffinity = kernel.function("sys_sched_getaffinity") { + name = "sched_getaffinity" + // pid = $pid + // len = $len + // mask_uaddr = $user_mask_ptr + asmlinkage() + pid = int_arg(1) + len = uint_arg(2) + mask_uaddr = pointer_arg(3) + argstr = sprintf("%d, %p, %p", pid, len, mask_uaddr) +} +probe nd_syscall.sched_getaffinity.return = + kernel.function("sys_sched_getaffinity").return { + name = "sched_getaffinity" + retstr = returnstr(1) +} +# sched_getparam _____________________________________________ +# +# asmlinkage long +# sys_sched_getparam(pid_t pid, +# struct sched_param __user *param) +# +probe nd_syscall.sched_getparam = kernel.function("sys_sched_getparam") { + name = "sched_getparam" + // pid = $pid + // p_uaddr = $param + asmlinkage() + pid = int_arg(1) + p_uaddr = pointer_arg(2) + argstr = sprintf("%d, %p", pid, p_uaddr) +} +probe nd_syscall.sched_getparam.return = + kernel.function("sys_sched_getparam").return { + name = "sched_getparam" + retstr = returnstr(1) +} +# sched_get_priority_max _____________________________________ +# +# asmlinkage long +# sys_sched_get_priority_max(int policy) +# +probe nd_syscall.sched_get_priority_max = + kernel.function("sys_sched_get_priority_max") { + name = "sched_get_priority_max" + // policy = $policy + asmlinkage() + policy = int_arg(1) + argstr = sprint(policy) +} +probe nd_syscall.sched_get_priority_max.return = + kernel.function("sys_sched_get_priority_max").return { + name = "sched_get_priority_max" + retstr = returnstr(1) +} +# sched_get_priority_min _____________________________________ +# +# asmlinkage long +# sys_sched_get_priority_min(int policy) +# +probe nd_syscall.sched_get_priority_min = + kernel.function("sys_sched_get_priority_min") { + name = "sched_get_priority_min" + // policy = $policy + asmlinkage() + policy = int_arg(1) + argstr = sprint(policy) +} +probe nd_syscall.sched_get_priority_min.return = + kernel.function("sys_sched_get_priority_min").return { + name = "sched_get_priority_min" + retstr = returnstr(1) +} +# sched_getscheduler _________________________________________ +# +# long sys_sched_getscheduler(pid_t pid) +# +probe nd_syscall.sched_getscheduler = kernel.function("sys_sched_getscheduler") { + name = "sched_getscheduler" + // pid = $pid + // argstr = sprint($pid) + asmlinkage() + pid = int_arg(1) + argstr = sprint(pid) +} +probe nd_syscall.sched_getscheduler.return = kernel.function("sys_sched_getscheduler").return { + name = "sched_getscheduler" + retstr = returnstr(1) +} +# sched_rr_get_interval ______________________________________ +# +# long sys_sched_rr_get_interval(pid_t pid, struct timespec __user *interval) +# +probe nd_syscall.sched_rr_get_interval = kernel.function("sys_sched_rr_get_interval") { + name = "sched_rr_get_interval" + // pid = $pid + // tp_uaddr = $interval + // argstr = sprintf("%d, %s", $pid, _struct_timespec_u($interval,1)) + asmlinkage() + pid = int_arg(1) + tp_uaddr = pointer_arg(2) + argstr = sprintf("%d, %s", pid, _struct_timespec_u(tp_uaddr,1)) +} +probe nd_syscall.sched_rr_get_interval.return = kernel.function("sys_sched_rr_get_interval").return { + name = "sched_rr_get_interval" + retstr = returnstr(1) +} + +# sched_setaffinity __________________________________________ +# long sys_sched_setaffinity(pid_t pid, +# unsigned int len, +# unsigned long __user *user_mask_ptr) +# FIXME: why the problem with x86_64? +# +%( arch != "x86_64" %? +probe nd_syscall.sched_setaffinity = kernel.function("sys_sched_setaffinity") { + name = "sched_setaffinity" + // pid = $pid + // len = $len + // mask_uaddr = $user_mask_ptr + // argstr = sprintf("%d, %d, %p", $pid, $len, $user_mask_ptr) + asmlinkage() + pid = int_arg(1) + len = uint_arg(2) + mask_uaddr = pointer_arg(3) + argstr = sprintf("%d, %d, %p", pid, len, mask_uaddr) +} +%: +probe nd_syscall.sched_setaffinity = kernel.function("sys_sched_setaffinity") { + name = "sched_setaffinity" + // pid = $pid + // len = 0 + // mask_uaddr = $user_mask_ptr + // argstr = sprintf("%d, , %p", $pid, $user_mask_ptr) + asmlinkage() + pid = int_arg(1) + len = 0 + mask_uaddr = pointer_arg(3) + argstr = sprintf("%d, , %p", pid, mask_uaddr) +} +%) +probe nd_syscall.sched_setaffinity.return = kernel.function("sys_sched_setaffinity").return { + name = "sched_setaffinity" + retstr = returnstr(1) +} + +# sched_setparam _____________________________________________ +# +# long sys_sched_setparam(pid_t pid, struct sched_param __user *param) +# +probe nd_syscall.sched_setparam = kernel.function("sys_sched_setparam") ? { + name = "sched_setparam" + // pid = $pid + // p_uaddr = $param + // argstr = sprintf("%d, %p", $pid, $param) + asmlinkage() + pid = int_arg(1) + p_uaddr = pointer_arg(2) + argstr = sprintf("%d, %p", pid, p_uaddr) +} +probe nd_syscall.sched_setparam.return = kernel.function("sys_sched_setparam").return ? { + name = "sched_setparam" + retstr = returnstr(1) +} + +# sched_setscheduler _________________________________________ +# +# long sys_sched_setscheduler(pid_t pid, int policy, struct sched_param __user *param) +# +probe nd_syscall.sched_setscheduler = kernel.function("sys_sched_setscheduler") ? { + name = "sched_setscheduler" + // pid = $pid + // policy = $policy + // policy_str = _sched_policy_str($policy) + // p_uaddr = $param + // argstr = sprintf("%d, %s, %p", $pid, policy_str, $param) + asmlinkage() + pid = int_arg(1) + policy = int_arg(2) + policy_str = _sched_policy_str(policy) + p_uaddr = pointer_arg(3) + argstr = sprintf("%d, %s, %p", pid, policy_str, p_uaddr) +} +probe nd_syscall.sched_setscheduler.return = kernel.function("sys_sched_setscheduler").return ? { + name = "sched_setscheduler" + retstr = returnstr(1) +} + +# sched_yield ________________________________________________ +# long sys_sched_yield(void) +# +probe nd_syscall.sched_yield = kernel.function("sys_sched_yield") { + name = "sched_yield" + argstr = "" +} +probe nd_syscall.sched_yield.return = kernel.function("sys_sched_yield").return { + name = "sched_yield" + retstr = returnstr(1) +} + +# select _____________________________________________________ +# long sys_select(int n, +# fd_set __user *inp, +# fd_set __user *outp, +# fd_set __user *exp, +# struct timeval __user *tvp) +# +probe nd_syscall.select = kernel.function("sys_select") { + name = "select" + // n = $n + // readfds_uaddr = $inp + // writefds_uaddr = $outp + // exceptfds_uaddr = $exp + // timeout_uaddr = $tvp + // argstr = sprintf("%d, %p, %p, %p, %s", $n, $inp, $outp, $exp, + // _struct_timeval_u($tvp, 1)) + asmlinkage() + n = int_arg(1) + readfds_uaddr = pointer_arg(2) + writefds_uaddr = pointer_arg(3) + exceptfds_uaddr = pointer_arg(4) + timeout_uaddr = pointer_arg(5) + argstr = sprintf("%d, %p, %p, %p, %s", n, readfds_uaddr, writefds_uaddr, + exceptfds_uaddr, _struct_timeval_u(timeout_uaddr, 1)) +} +probe nd_syscall.select.return = kernel.function("sys_select").return { + name = "select" + retstr = returnstr(1) +} +# long compat_sys_select(int n, +# compat_ulong_t __user *inp, +# compat_ulong_t __user *outp, +# compat_ulong_t __user *exp, +# struct compat_timeval __user *tvp) +# +probe nd_syscall.compat_select = kernel.function("compat_sys_select") ? { + name = "select" + // n = $n + // readfds_uaddr = $inp + // writefds_uaddr = $outp + // exceptfds_uaddr = $exp + // timeout_uaddr = $tvp + // argstr = sprintf("%d, %p, %p, %p, %s", $n, $inp, $outp, $exp, + // _struct_compat_timeval_u($tvp, 1)) + asmlinkage() + n = int_arg(1) + readfds_uaddr = pointer_arg(2) + writefds_uaddr = pointer_arg(3) + exceptfds_uaddr = pointer_arg(4) + timeout_uaddr = pointer_arg(5) + argstr = sprintf("%d, %p, %p, %p, %s", n, readfds_uaddr, writefds_uaddr, + exceptfds_uaddr, _struct_timeval_u(timeout_uaddr, 1)) +} +probe nd_syscall.compat_select.return = kernel.function("compat_sys_select").return ? { + name = "select" + retstr = returnstr(1) +} + +# semctl _____________________________________________________ +# long sys_semctl (int semid, +# int semnum, +# int cmd, +# union semun arg) +# +probe nd_syscall.semctl = kernel.function("sys_semctl") ? { + name = "semctl" + // semid = $semid + // semnum = $semnum + // cmd = $cmd + /* + * unsupported type tag identifier '$arg' + * arg = $arg + */ + // argstr = sprintf("%d, %d, %s", $semid, $semnum, _semctl_cmd($cmd)) + asmlinkage() + semid = int_arg(1) + semnum = int_arg(2) + cmd = int_arg(3) + argstr = sprintf("%d, %d, %s", semid, semnum, _semctl_cmd(cmd)) // ** jk done +} +probe nd_syscall.semctl.return = kernel.function("sys_semctl").return ? { + name = "semctl" + retstr = returnstr(1) +} +# compat_sys_semctl ________________________________________ +# +# long compat_sys_semctl(int first, int second, int third, void __user *uptr) +# +probe nd_syscall.compat_sys_semctl = kernel.function("compat_sys_semctl") ? { + name = "compat_sys_semctl" + argstr = sprintf("%d, %d, %d, %p", $first, $second, $third, $uptr) // ** not asmlinkage +} +probe nd_syscall.compat_sys_semctl.return = kernel.function("compat_sys_semctl").return ? { + name = "compat_sys_semctl" + retstr = returnstr(1) +} + +# semget _____________________________________________________ +# long sys_semget (key_t key, int nsems, int semflg) +# +probe nd_syscall.semget = kernel.function("sys_semget") ? { + name = "semget" + // key = $key + // nsems = $nsems + // semflg = $semflg + // argstr = sprintf("%d, %d, %s", $key, $nsems, __sem_flags($semflg)) + asmlinkage() + key = int_arg(1) + nsems = int_arg(2) + semflg = int_arg(3) + argstr = sprintf("%d, %d, %s", key, nsems, __sem_flags(semflg)) +} +probe nd_syscall.semget.return = kernel.function("sys_semget").return ? { + name = "semget" + retstr = returnstr(1) +} + +# semop ______________________________________________________ +# +# long sys_semop (int semid, +# struct sembuf __user *tsops, +# unsigned nsops) +# +probe nd_syscall.semop = kernel.function("sys_semtimedop") ? { + name = "semop" + // semid = $semid + // tsops_uaddr = $tsops + // nsops = $nsops + // argstr = sprintf("%d, %p, %d", $semid, $tsops, $nsops) + asmlinkage() + semid = int_arg(1) + tsops_uaddr = pointer_arg(2) + nsops = uint_arg(3) + argstr = sprintf("%d, %p, %d", semid, tsops_uaddr, nsops) +} +probe nd_syscall.semop.return = kernel.function("sys_semtimedop").return ? { + name = "semop" + retstr = returnstr(1) +} + +# semtimedop _________________________________________________ +# +# long sys_semtimedop(int semid, +# struct sembuf __user *tsops, +# unsigned nsops, +# const struct timespec __user *timeout) +# +probe nd_syscall.semtimedop = kernel.function("sys_semtimedop") ? { + name = "semtimedop" + // semid = $semid + // sops_uaddr = $tsops + // nsops = $nsops + // timeout_uaddr = $timeout + // argstr = sprintf("%d, %p, %d, %s", $semid, $tsops, $nsops, + // _struct_timespec_u($timeout,1)) + asmlinkage() + semid = int_arg(1) + sops_uaddr = pointer_arg(2) + nsops = uint_arg(3) + timeout_uaddr = pointer_arg(4) + argstr = sprintf("%d, %p, %d, %s", semid, sops_uaddr, nsops, + _struct_timespec_u(timeout_uaddr,1)) +} +probe nd_syscall.semtimedop.return = kernel.function("sys_semtimedop").return ? { + name = "semtimedop" + retstr = returnstr(1) +} +# compat_sys_semtimedop ________________________________________ +# +# long compat_sys_semtimedop(int semid, struct sembuf __user *tsems, +# unsigned nsops, const struct compat_timespec __user *timeout) +# +probe nd_syscall.compat_sys_semtimedop = kernel.function("compat_sys_semtimedop") ? { + name = "compat_sys_semtimedop" + // semid = $semid + // sops_uaddr = $tsems + // nsops = $nsops + // timeout_uaddr = $timeout + // argstr = sprintf("%d, %p, %d, %s", $semid, $tsems, $nsops, + // _struct_compat_timespec_u($timeout,1)) + // no asmlinkage + semid = int_arg(1) + sops_uaddr = pointer_arg(2) + nsops = uint_arg(3) + timeout_uaddr = pointer_arg(4) + argstr = sprintf("%d, %p, %d, %s", semid, sops_uaddr, nsops, + _struct_compat_timespec_u(timeout_uaddr,1)) +} +probe nd_syscall.compat_sys_semtimedop.return = kernel.function("compat_sys_semtimedop").return ? { + name = "compat_sys_semtimedop" + retstr = returnstr(1) +} + +# send _______________________________________________________ +# +# long sys_send(int fd, +# void __user * buff, +# size_t len, +# unsigned flags) +# +probe nd_syscall.send = kernel.function("sys_send") ? { + name = "send" + // s = $fd + // buf_uaddr = $buff + // len = $len + // flags = $flags + // flags_str = _sendflags_str($flags) + // argstr = sprintf("%d, %p, %d, %s", $fd, $buff, $len, flags_str) + asmlinkage() + s = int_arg(1) + buf_uaddr = pointer_arg(2) + len = ulong_arg(3) + flags = uint_arg(4) + flags_str = _sendflags_str(flags) + argstr = sprintf("%d, %p, %d, %s", s, buf_uaddr, len, flags_str) +} +probe nd_syscall.send.return = kernel.function("sys_send").return ? { + name = "send" + retstr = returnstr(1) +} + +# sendfile ___________________________________________________ +# +# ssize_t sys_sendfile[64](int out_fd, +# int in_fd, +# off_t __user *offset, +# size_t count) +# +probe nd_syscall.sendfile = + kernel.function("sys_sendfile") ?, + kernel.function("sys_sendfile64") ? +{ + name = "sendfile" + // out_fd = $out_fd + // in_fd = $in_fd + // offset_uaddr = $offset + // count = $count + // argstr = sprintf("%d, %d, %p, %d", $out_fd, $in_fd, $offset, + // $count) + asmlinkage() + out_fd = int_arg(1) + in_fd = int_arg(2) + offset_uaddr = pointer_arg(3) + count = ulong_arg(4) + argstr = sprintf("%d, %d, %p, %d", out_fd, in_fd, offset_uaddr, + count) +} +probe nd_syscall.sendfile.return = + kernel.function("sys_sendfile").return ?, + kernel.function("sys_sendfile64").return ? +{ + name = "sendfile" + retstr = returnstr(1) +} + +# sendmsg ____________________________________________________ +# +# long sys_sendmsg(int fd, struct msghdr __user *msg, unsigned flags) +# +probe nd_syscall.sendmsg = kernel.function("sys_sendmsg") ? { + name = "sendmsg" + // s = $fd + // msg_uaddr = $msg + // flags = $flags + // flags_str = _sendflags_str($flags) + // argstr = sprintf("%d, %p, %s", $fd, $msg, _sendflags_str($flags)) + asmlinkage() + s = int_arg(1) + msg_uaddr = pointer_arg(2) + flags = uint_arg(3) + flags_str = _sendflags_str(flags) + argstr = sprintf("%d, %p, %s", s, msg_uaddr, _sendflags_str(flags)) +} +probe nd_syscall.sendmsg.return = kernel.function("sys_sendmsg").return ? { + name = "sendmsg" + retstr = returnstr(1) +} +# compat_sys_sendmsg ________________________________________ +# +# long compat_sys_sendmsg(int fd, struct compat_msghdr __user *msg, unsigned flags) +# +probe nd_syscall.compat_sys_sendmsg = kernel.function("compat_sys_sendmsg") ? { + name = "compat_sys_sendmsg" + // s = $fd + // msg_uaddr = $msg + // flags = $flags + // argstr = sprintf("%d, %p, %s", $fd, $msg, _sendflags_str($flags)) + asmlinkage() + s = int_arg(1) + msg_uaddr = pointer_arg(2) + flags = uint_arg(3) + argstr = sprintf("%d, %p, %s", s, msg_uaddr, _sendflags_str(flags)) +} +probe nd_syscall.compat_sys_sendmsg.return = kernel.function("compat_sys_sendmsg").return ? { + name = "compat_sys_sendmsg" + retstr = returnstr(1) +} + +# sendto _____________________________________________________ +# +# long sys_sendto(int fd, +# void __user * buff, +# size_t len, +# unsigned flags, +# struct sockaddr __user *addr, +# int addr_len) +# +probe nd_syscall.sendto = kernel.function("sys_sendto") ? { + name = "sendto" + // s = $fd + // buf_uaddr = $buff + // len = $len + // flags = $flags + // flags_str = _sendflags_str($flags) + // to_uaddr = $addr + // tolen = $addr_len + // argstr = sprintf("%d, %p, %d, %s, %s, %d", $fd, $buff, + // $len, flags_str, _struct_sockaddr_u($addr,$addr_len), $addr_len) + asmlinkage() + s = int_arg(1) + buf_uaddr = pointer_arg(2) + len = ulong_arg(3) + flags = uint_arg(4) + flags_str = _sendflags_str(flags) + to_uaddr = pointer_arg(5) + tolen = int_arg(6) + argstr = sprintf("%d, %p, %d, %s, %s, %d", s, buf_uaddr, + len, flags_str, _struct_sockaddr_u(to_uaddr,tolen), tolen) +} +probe nd_syscall.sendto.return = kernel.function("sys_sendto").return ? { + name = "sendto" + retstr = returnstr(1) +} + +# setdomainname ______________________________________________ +# +# asmlinkage long +# sys_setdomainname(char __user *name, +# int len) +# +probe nd_syscall.setdomainname = kernel.function("sys_setdomainname") { + name = "setdomainname" + // hostname_uaddr = $name + // len = $len + // argstr = sprintf("%p, %d", $name, $len) + asmlinkage() + hostname_uaddr = pointer_arg(1) + len = int_arg(2) + argstr = sprintf("%p, %d", hostname_uaddr, len) +} +probe nd_syscall.setdomainname.return = + kernel.function("sys_setdomainname").return { + name = "setdomainname" + retstr = returnstr(1) +} + +# setfsgid ___________________________________________________ +# long sys_setfsgid(gid_t gid) +# long sys_setfsgid16(old_gid_t gid) +# +probe nd_syscall.setfsgid = + kernel.function("sys_setfsgid") ?, + kernel.function("sys_setfsgid16") ? +{ + name = "setfsgid" + // fsgid = $gid + // argstr = sprint($gid) + asmlinkage() + fsgid = uint_arg(1) + argstr = sprint(fsgid) +} +probe nd_syscall.setfsgid.return = + kernel.function("sys_setfsgid").return ?, + kernel.function("sys_setfsgid16").return ? +{ + name = "setfsgid" + retstr = returnstr(1) +} + +# setfsuid ___________________________________________________ +# long sys_setfsuid(uid_t uid) +# long sys_setfsuid16(old_uid_t uid) +# +probe nd_syscall.setfsuid = + kernel.function("sys_setfsuid") ?, + kernel.function("sys_setfsuid16") ? +{ + name = "setfsuid" + // fsuid = $uid + // argstr = sprint($uid) + asmlinkage() + fsuid = uint_arg(1) + argstr = sprint(fsuid) +} +probe nd_syscall.setfsuid.return = + kernel.function("sys_setfsuid").return ?, + kernel.function("sys_setfsuid16").return ? +{ + name = "setfsuid" + retstr = returnstr(1) +} + +# setgid _____________________________________________________ +# +# long sys_setgid(gid_t gid) +# long sys_setgid16(old_gid_t gid) +# +probe nd_syscall.setgid = + kernel.function("sys_setgid") ?, + kernel.function("sys_setgid16") ? +{ + name = "setgid" + // gid = $gid + // argstr = sprint($gid) + asmlinkage() + gid = uint_arg(1) + argstr = sprint(gid) +} +probe nd_syscall.setgid.return = + kernel.function("sys_setgid").return ?, + kernel.function("sys_setgid16").return ? +{ + name = "setgid" + retstr = returnstr(1) +} + +# setgroups __________________________________________________ +# +# long sys_setgroups(int gidsetsize, gid_t __user *grouplist) +# long sys_setgroups16(int gidsetsize, old_gid_t __user *grouplist) +# long sys32_setgroups16(int gidsetsize, u16 __user *grouplist) +# +probe nd_syscall.setgroups = + kernel.function("sys_setgroups") ?, + kernel.function("sys_setgroups16") ?, + kernel.function("sys32_setgroups16") ? +{ + name = "setgroups" + // size = $gidsetsize + // list_uaddr = $grouplist + // argstr = sprintf("%d, %p", $gidsetsize, $grouplist) + asmlinkage() + size = int_arg(1) + list_uaddr = pointer_arg(2) + argstr = sprintf("%d, %p", size, list_uaddr) +} +probe nd_syscall.setgroups.return = + kernel.function("sys_setgroups").return ?, + kernel.function("sys_setgroups16").return ?, + kernel.function("sys32_setgroups16").return ? +{ + name = "setgroups" + retstr = returnstr(1) +} + +# sethostname ________________________________________________ +# +# asmlinkage long +# sys_sethostname(char __user *name, +# int len) +# +probe nd_syscall.sethostname = kernel.function("sys_sethostname") { + name = "sethostname" + // hostname_uaddr = $name + // name_str = user_string($name) + // len = $len + // argstr = sprintf("%s, %d", user_string_quoted($name), $len) + asmlinkage() + hostname_uaddr = pointer_arg(1) + name_str = user_string(hostname_uaddr) + len = int_arg(2) + argstr = sprintf("%s, %d", user_string_quoted(hostname_uaddr), len) +} +probe nd_syscall.sethostname.return = kernel.function("sys_sethostname").return { + name = "sethostname" + retstr = returnstr(1) +} +# setitimer __________________________________________________ +# +# long sys_setitimer(int which, +# struct itimerval __user *value, +# struct itimerval __user *ovalue) +# +probe nd_syscall.setitimer = kernel.function("sys_setitimer") { + name = "setitimer" + // which = $which + // value_uaddr = $value + // ovalue_uaddr = $ovalue + // argstr = sprintf("%s, %s, %p", _itimer_which_str($which), + // _struct_itimerval_u($value), $ovalue) + asmlinkage() + which = int_arg(1) + value_uaddr = pointer_arg(2) + ovalue_uaddr = pointer_arg(3) + argstr = sprintf("%s, %s, %p", _itimer_which_str(which), + _struct_itimerval_u(value_uaddr), ovalue_uaddr) +} +probe nd_syscall.setitimer.return = kernel.function("sys_setitimer").return { + name = "setitimer" + retstr = returnstr(1) +} +# +# long compat_sys_setitimer(int which, +# struct compat_itimerval __user *in, +# struct compat_itimerval __user *out) +# +probe nd_syscall.compat_setitimer = kernel.function("compat_sys_setitimer") ? { + name = "setitimer" + // which = $which + // value_uaddr = $in + // ovalue_uaddr = $out + // argstr = sprintf("%s, %s, %p", _itimer_which_str($which), + // _struct_compat_itimerval_u($in), $out) + asmlinkage() + which = int_arg(1) + value_uaddr = pointer_arg(2) + ovalue_uaddr = pointer_arg(3) + argstr = sprintf("%s, %s, %p", _itimer_which_str(which), + _struct_compat_itimerval_u(value_uaddr), ovalue_uaddr) +} +probe nd_syscall.compat_setitimer.return = kernel.function("compat_sys_setitimer").return ? { + name = "setitimer" + retstr = returnstr(1) +} + +# set_mempolicy ______________________________________________ +# long sys_set_mempolicy(int mode, +# unsigned long __user *nmask, +# unsigned long maxnode) +# +probe nd_syscall.set_mempolicy = + kernel.function("sys_set_mempolicy") ?, + kernel.function("compat_sys_set_mempolicy") ? +{ + name = "set_mempolicy" + // mode = $mode + // nmask_uaddr = $nmask + // maxnode = $maxnode + // argstr = sprintf("%d, %p, %d", $mode, $nmask, $maxnode) + asmlinkage() + mode = int_arg(1) + nmask_uaddr = pointer_arg(2) + maxnode = ulong_arg(3) + argstr = sprintf("%d, %p, %d", mode, nmask_uaddr, maxnode) +} +probe nd_syscall.set_mempolicy.return = + kernel.function("sys_set_mempolicy").return ?, + kernel.function("compat_sys_set_mempolicy").return ? +{ + name = "set_mempolicy" + retstr = returnstr(1) +} + +# setpgid ____________________________________________________ +# +# asmlinkage long +# sys_setpgid(pid_t pid, +# pid_t pgid) +# +probe nd_syscall.setpgid = kernel.function("sys_setpgid") { + name = "setpgid" + // pid = $pid + // pgid = $pgid + // argstr = sprintf("%d, %d", $pid, $pgid) + asmlinkage() + pid = int_arg(1) + pgid = int_arg(2) + argstr = sprintf("%d, %d", pid, pgid) +} +probe nd_syscall.setpgid.return = kernel.function("sys_setpgid").return { + name = "setpgid" + retstr = returnstr(1) +} +# setpriority ________________________________________________ +# +# asmlinkage long +# sys_setpriority(int which, +# int who, +# int niceval) +# +probe nd_syscall.setpriority = kernel.function("sys_setpriority") { + name = "setpriority" + // which = $which + // which_str = _priority_which_str($which) + // who = $who + // prio = $niceval + // argstr = sprintf("%s, %d, %d", which_str, $who, $niceval) + asmlinkage() + which = int_arg(1) + which_str = _priority_which_str(which) + who = int_arg(2) + prio = int_arg(3) + argstr = sprintf("%s, %d, %d", which_str, who, prio) +} +probe nd_syscall.setpriority.return = kernel.function("sys_setpriority").return { + name = "setpriority" + retstr = returnstr(1) +} + +# setregid ___________________________________________________ +# long sys_setregid(gid_t rgid, gid_t egid) +# +probe nd_syscall.setregid = kernel.function("sys_setregid") { + name = "setregid" + // rgid = __int32($rgid) + // egid = __int32($egid) + asmlinkage() + rgid = __int32(uint_arg(1)) + egid = __int32(uint_arg(2)) + argstr = sprintf("%d, %d", rgid, egid) +} +probe nd_syscall.setregid.return = kernel.function("sys_setregid").return { + name = "setregid" + retstr = returnstr(1) +} +# setregid16 _________________________________________________ +# long sys_setregid16(old_gid_t rgid, old_gid_t egid) +# +probe nd_syscall.setregid16 = kernel.function("sys_setregid16") ? { + name = "setregid" + // rgid = __short($rgid) + // egid = __short($egid) + asmlinkage() + rgid = __short(uint_arg(1)) + egid = __short(uint_arg(2)) + argstr = sprintf("%d, %d",rgid, egid) +} +probe nd_syscall.setregid16.return = kernel.function("sys_setregid16").return ? { + name = "setregid" + retstr = returnstr(1) +} +# setresgid __________________________________________________ +# long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid) +# +probe nd_syscall.setresgid = kernel.function("sys_setresgid") { + name = "setresgid" + // rgid = __int32($rgid) + // egid = __int32($egid) + // sgid = __int32($sgid) + asmlinkage() + rgid = __int32(uint_arg(1)) + egid = __int32(uint_arg(2)) + sgid = __int32(uint_arg(3)) + argstr = sprintf("%d, %d, %d", rgid, egid, sgid) +} +probe nd_syscall.setresgid.return = kernel.function("sys_setresgid").return { + name = "setresgid" + retstr = returnstr(1) +} +# setresgid16 ________________________________________________ +# +# long sys_setresgid16(old_gid_t rgid, +# old_gid_t egid, +# old_gid_t sgid) +# +probe nd_syscall.setresgid16 = kernel.function("sys_setresgid16") ? { + name = "setresgid" + // rgid = __short($rgid) + // egid = __short($egid) + // sgid = __short($sgid) + asmlinkage() + rgid = __short(uint_arg(1)) + egid = __short(uint_arg(2)) + sgid = __short(uint_arg(3)) + argstr = sprintf("%d, %d, %d", rgid, egid, sgid) +} +probe nd_syscall.setresgid16.return = kernel.function("sys_setresgid16").return ? { + name = "setresgid16" + retstr = returnstr(1) +} + +# setresuid __________________________________________________ +# +# long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid) +# +probe nd_syscall.setresuid = kernel.function("sys_setresuid") { + name = "setresuid" + // ruid = __int32($ruid) + // euid = __int32($euid) + // suid = __int32($suid) + asmlinkage() + ruid = __int32(uint_arg(1)) + euid = __int32(uint_arg(2)) + suid = __int32(uint_arg(3)) + argstr = sprintf("%d, %d, %d", ruid, euid, suid) +} +probe nd_syscall.setresuid.return = kernel.function("sys_setresuid").return { + name = "setresuid" + retstr = returnstr(1) +} + +# setresuid16 ________________________________________________ +# +# long sys_setresuid16(old_uid_t ruid, old_uid_t euid, old_uid_t suid) +# +probe nd_syscall.setresuid16 = kernel.function("sys_setresuid16") ? { + name = "setresuid" + // ruid = __short($ruid) + // reuid = __short($euid) + // rsuid = __short($suid) + asmlinkage() + ruid = __short(uint_arg(1)) + euid = __short(uint_arg(2)) + suid = __short(uint_arg(3)) + argstr = sprintf("%d, %d, %d", ruid, euid, suid) +} +probe nd_syscall.setresuid16.return = kernel.function("sys_setresuid16").return ? { + name = "setresuid" + retstr = returnstr(1) +} + +# setreuid ___________________________________________________ +# long sys_setreuid(uid_t ruid, uid_t euid) +# +probe nd_syscall.setreuid = kernel.function("sys_setreuid") { + name = "setreuid" + // ruid = __int32($ruid) + // euid = __int32($euid) + asmlinkage() + ruid = __int32(uint_arg(1)) + euid = __int32(uint_arg(2)) + argstr = sprintf("%d, %d", ruid, euid) +} +probe nd_syscall.setreuid.return = kernel.function("sys_setreuid").return { + name = "setreuid" + retstr = returnstr(1) +} +# setreuid16 _________________________________________________ +# long sys_setreuid16(old_uid_t ruid, old_uid_t euid) +# +probe nd_syscall.setreuid16 = kernel.function("sys_setreuid16") ? { + name = "setreuid" + // ruid = __short($ruid) + // euid = __short($euid) + asmlinkage() + ruid = __short(uint_arg(1)) + euid = __short(uint_arg(2)) + argstr = sprintf("%d, %d", ruid, euid) +} +probe nd_syscall.setreuid16.return = kernel.function("sys_setreuid16").return ? { + name = "setreuid" + retstr = returnstr(1) +} +# setrlimit __________________________________________________ +# +# asmlinkage long +# sys_setrlimit(unsigned int resource, +# struct rlimit __user *rlim) +# +probe nd_syscall.setrlimit = kernel.function("sys_setrlimit") { + name = "setrlimit" + // resource = $resource + // rlim_uaddr = $rlim + // argstr = sprintf("%s, %s", _rlimit_resource_str($resource), + // _struct_rlimit_u($rlim)) + asmlinkage() + resource = uint_arg(1) + rlim_uaddr = pointer_arg(2) + argstr = sprintf("%s, %s", _rlimit_resource_str(resource), + _struct_rlimit_u(rlim_uaddr)) +} +probe nd_syscall.setrlimit.return = kernel.function("sys_setrlimit").return { + name = "setrlimit" + retstr = returnstr(1) +} +# setsid _____________________________________________________ +# +# long sys_setsid(void) +# +probe nd_syscall.setsid = kernel.function("sys_setsid") { + name = "setsid" + argstr = "" +} +probe nd_syscall.setsid.return = kernel.function("sys_setsid").return { + name = "setsid" + retstr = returnstr(1) +} + +# setsockopt _________________________________________________ +# +# long sys_setsockopt(int fd, +# int level, +# int optname, +# char __user *optval, +# int optlen) +# +probe nd_syscall.setsockopt = + kernel.function("sys_setsockopt") ?, + kernel.function("compat_sys_setsockopt") ? +{ + name = "setsockopt" + // fd = $fd + // level = $level + // level_str = _sockopt_level_str($level) + // optname = $optname + // optname_str = _sockopt_optname_str($optname) + // optval_uaddr = $optval + // optlen = $optlen + // argstr = sprintf("%d, %s, %s, %p, %d", $fd, level_str, + // optname_str, $optval, $optlen) + asmlinkage() + fd = int_arg(1) + level = int_arg(2) + level_str = _sockopt_level_str(level) + optname = int_arg(3) + optname_str = _sockopt_optname_str(optname) + optval_uaddr = pointer_arg(4) + optlen = int_arg(5) + argstr = sprintf("%d, %s, %s, %p, %d", fd, level_str, + optname_str, optval_uaddr, optlen) +} +probe nd_syscall.setsockopt.return = + kernel.function("sys_setsockopt").return ?, + kernel.function("compat_sys_setsockopt").return ? +{ + name = "setsockopt" + retstr = returnstr(1) +} + +# set_tid_address ____________________________________________ +# +# asmlinkage long +# sys_set_tid_address(int __user *tidptr) +# +probe nd_syscall.set_tid_address = kernel.function("sys_set_tid_address") { + name = "set_tid_address" + // tidptr_uaddr = $tidptr + asmlinkage() + tidptr_uaddr = pointer_arg(1) + argstr = sprintf("%p", tidptr_uaddr) +} +probe nd_syscall.set_tid_address.return = + kernel.function("sys_set_tid_address").return { + name = "set_tid_address" + retstr = returnstr(1) +} +# settimeofday _______________________________________________ +# +# long sys_settimeofday(struct timeval __user *tv, +# struct timezone __user *tz) +# +probe nd_syscall.settimeofday = kernel.function("sys_settimeofday") { + name = "settimeofday" + // ttv_uaddr = $tv + // ttz_uaddr = $tz + // targstr = sprintf("%s, %s", _struct_timeval_u($tv, 1), _struct_timezone_u($tz)) + asmlinkage() + tv_uaddr = pointer_arg(1) + tz_uaddr = pointer_arg(2) + argstr = sprintf("%s, %s", _struct_timeval_u(tv_uaddr, 1), _struct_timezone_u(tz_uaddr)) +} +probe nd_syscall.settimeofday.return = kernel.function("sys_settimeofday").return { + name = "settimeofday" + retstr = returnstr(1) +} +# +# long sys32_settimeofday(struct compat_timeval __user *tv, struct timezone __user *tz) +# long compat_sys_settimeofday(struct compat_timeval __user *tv, struct timezone __user *tz) +# +probe nd_syscall.settimeofday32 = + kernel.function("sys32_settimeofday") ?, + kernel.function("compat_sys_settimeofday") ? +{ + name = "settimeofday" + // tv_uaddr = $tv + // tz_uaddr = $tz + // argstr = sprintf("%s, %s", _struct_compat_timeval_u($tv, 1),_struct_timezone_u($tz)) + asmlinkage() + tv_uaddr = pointer_arg(1) + tz_uaddr = pointer_arg(2) + argstr = sprintf("%s, %s", _struct_compat_timeval_u(tv_uaddr, 1),_struct_timezone_u(tz_uaddr)) +} +probe nd_syscall.settimeofday32.return = + kernel.function("sys32_settimeofday").return ?, + kernel.function("compat_sys_settimeofday").return ? +{ + name = "settimeofday" + retstr = returnstr(1) +} + +# setuid _____________________________________________________ +# +# long sys_setuid(uid_t uid) +# long sys_setuid16(old_uid_t uid) +# +probe nd_syscall.setuid = + kernel.function("sys_setuid16") ?, + kernel.function("sys_setuid") +{ + name = "setuid" + // uid = $uid + // argstr = sprint($uid) + asmlinkage() + uid = uint_arg(1) + argstr = sprint(uid) +} +probe nd_syscall.setuid.return = + kernel.function("sys_setuid16").return ?, + kernel.function("sys_setuid").return +{ + name = "setuid" + retstr = returnstr(1) +} + +# setxattr ___________________________________________________ +# long sys_setxattr(char __user *path, +# char __user *name, +# void __user *value, +# size_t size, +# int flags) +# +probe nd_syscall.setxattr = kernel.function("sys_setxattr") { + name = "setxattr" + // path_uaddr = $path + // path = user_string($path) + // name_uaddr = $name + // name_str = user_string($name) + // value_uaddr = $value + // size = $size + // flags = $flags + // argstr = sprintf("%s, %s, %p, %d, %d", + // user_string_quoted($path), + // user_string_quoted($name), + // value_uaddr, $size, $flags) + asmlinkage() + path_uaddr = pointer_arg(1) + path = user_string(path_uaddr) + name_uaddr = pointer_arg(2) + name_str = user_string(name_uaddr) + value_uaddr = pointer_arg(3) + size = ulong_arg(4) + flags = int_arg(5) + argstr = sprintf("%s, %s, %p, %d, %d", + user_string_quoted(path_uaddr), + user_string_quoted(name_uaddr), + value_uaddr, size, flags) +} +probe nd_syscall.setxattr.return = kernel.function("sys_setxattr").return { + name = "setxattr" + retstr = returnstr(1) +} +# sgetmask ___________________________________________________ +# +# sys_sgetmask(void) +# +probe nd_syscall.sgetmask = kernel.function("sys_sgetmask")? { + name = "sgetmask" + argstr = "" +} +probe nd_syscall.sgetmask.return = kernel.function("sys_sgetmask").return ? { + name = "sgetmask" + retstr = returnstr(1) +} + +# shmat ______________________________________________________ +# +# long sys_shmat(int shmid, char __user *shmaddr, int shmflg) +# +probe nd_syscall.shmat = kernel.function("sys_shmat") ? { + name = "shmat" + // shmid = $shmid + // shmaddr_uaddr = $shmaddr + // shmflg = $shmflg + // argstr = sprintf("%d, %p, %s", $shmid, $shmaddr, _shmat_flags_str($shmflg)) + asmlinkage() + shmid = int_arg(1) + shmaddr_uaddr = pointer_arg(2) + shmflg = int_arg(3) + argstr = sprintf("%d, %p, %s", shmid, shmaddr_uaddr, _shmat_flags_str(shmflg)) +} +probe nd_syscall.shmat.return = kernel.function("sys_shmat").return ? { + name = "shmat" + retstr = returnstr(1) +} +# compat_sys_shmat ________________________________________ +# +# long compat_sys_shmat(int first, int second, compat_uptr_t third, +# int version, void __user *uptr) +# +probe nd_syscall.compat_sys_shmat = kernel.function("compat_sys_shmat") ? { + name = "compat_sys_shmat" + // first = $first + // second = $second + // third = $third + // uptr_uaddr = $uptr + // argstr = sprintf("%d, %d, %d, %d, %p", $first, $second, $third, $version, $uptr) + // no asmlinkage + first = int_arg(1) + second = int_arg(2) + third = u32_arg(3) + uptr_uaddr = pointer_arg(5) + argstr = sprintf("%d, %d, %d, %d, %p", first, second, third, int_arg(4), uptr_uaddr) +} +probe nd_syscall.compat_sys_shmat.return = kernel.function("compat_sys_shmat").return ? { + name = "compat_sys_shmat" + retstr = returnstr(1) +} + +# shmctl _____________________________________________________ +# +# long sys_shmctl (int shmid, +# int cmd, +# struct shmid_ds __user *buf) +# +probe nd_syscall.shmctl = kernel.function("sys_shmctl") ? { + name = "shmctl" + // shmid = $shmid + // cmd = $cmd + // buf_uaddr = $buf + // argstr = sprintf("%d, %s, %p", $shmid, _semctl_cmd($cmd), $buf) + asmlinkage() + shmid = int_arg(1) + cmd = int_arg(2) + buf_uaddr = pointer_arg(3) + argstr = sprintf("%d, %s, %p", shmid, _semctl_cmd(cmd), buf_uaddr) +} +probe nd_syscall.shmctl.return = kernel.function("sys_shmctl").return ? { + name = "shmctl" + retstr = returnstr(1) +} +# compat_sys_shmctl ________________________________________ +# +# long compat_sys_shmctl(int first, int second, void __user *uptr) +# +probe nd_syscall.compat_sys_shmctl = kernel.function("compat_sys_shmctl") ? { + name = "compat_sys_shmctl" + // first = $first + // second = $second + // uptr_uaddr = $uptr + // argstr = sprintf("%d, %d, %p", $first, $second, $uptr) + // no asmlinkages + first = int_arg(1) + second = int_arg(2) + uptr_uaddr = pointer_arg(3) + argstr = sprintf("%d, %d, %p", first, second, uptr_uaddr) +} +probe nd_syscall.compat_sys_shmctl.return = kernel.function("compat_sys_shmctl").return ? { + name = "compat_sys_shmctl" + retstr = returnstr(1) +} + +# shmdt ______________________________________________________ +# +# long sys_shmdt(char __user *shmaddr) +# +probe nd_syscall.shmdt = kernel.function("sys_shmdt") ? { + name = "shmdt" + // shmaddr_uaddr = $shmaddr + // argstr = sprintf("%p", $shmaddr) + asmlinkage() + shmaddr_uaddr = pointer_arg(1) + argstr = sprintf("%p", shmaddr_uaddr) +} +probe nd_syscall.shmdt.return = kernel.function("sys_shmdt").return ? { + name = "shmdt" + retstr = returnstr(1) +} + +# shmget _____________________________________________________ +# +# long sys_shmget (key_t key, +# size_t size, +# int shmflg) +# +probe nd_syscall.shmget = kernel.function("sys_shmget") ? { + name = "shmget" + // key = $key + // size = $size + // shmflg = $shmflg + // argstr = sprintf("%d, %d, %d", $key, $size, $shmflg) + asmlinkage() + key = int_arg(1) + size = ulong_arg(2) + shmflg = int_arg(3) + argstr = sprintf("%d, %d, %d", key, size, shmflg) +} +probe nd_syscall.shmget.return = kernel.function("sys_shmget").return ? { + name = "shmget" + retstr = returnstr(1) +} + +# shutdown ___________________________________________________ +# +# long sys_shutdown(int fd, int how) +# +probe nd_syscall.shutdown = kernel.function("sys_shutdown") ? { + name = "shutdown" + // s = $fd + // how = $how + // how_str = _shutdown_how_str($how) + // argstr = sprintf("%d, %s", $fd, how_str) + asmlinkage() + s = int_arg(1) + how = int_arg(2) + how_str = _shutdown_how_str(how) + argstr = sprintf("%d, %s", s, how_str) +} +probe nd_syscall.shutdown.return = kernel.function("sys_shutdown").return ? { + name = "shutdown" + retstr = returnstr(1) +} + +# sigaction __________________________________________________ +# sys_sigaction(int sig, const struct old_sigaction __user *act, struct old_sigaction __user *oact) +# sys32_sigaction(int sig, struct old_sigaction32 __user *act, struct old_sigaction32 __user *oact) +# +probe nd_syscall.sigaction = kernel.function("sys_sigaction") ? { + name = "sigaction" + // sig = $sig + // act_uaddr = $act + // oact_uaddr = $oact + // argstr = sprintf("%s, {%s}, %p", _signal_name($sig), _struct_sigaction_u($act), $oact) + %( arch != "ppc64" %? asmlinkage() %) + sig = int_arg(1) + act_uaddr = pointer_arg(2) + oact_uaddr = pointer_arg(3) + argstr = sprintf("%s, {%s}, %p", _signal_name(sig), _struct_sigaction_u(act_uaddr), oact_uaddr) +} +probe nd_syscall.sigaction.return = kernel.function("sys_sigaction").return ? { + name = "sigaction" + retstr = returnstr(1) +} +probe nd_syscall.sigaction32 = kernel.function("sys32_sigaction") ? { + name = "sigaction" + // sig = $sig + // sact_uaddr = $act + // soact_uaddr = $oact + // sargstr = sprintf("%s, %p, %p", _signal_name($sig), $act, $oact) + asmlinkage() + sig = int_arg(1) + act_uaddr = pointer_arg(2) + oact_uaddr = pointer_arg(3) + argstr = sprintf("%s, %p, %p", _signal_name(sig), sact_uaddr, soact_uaddr) +} +probe nd_syscall.sigaction32.return = kernel.function("sys32_sigaction").return ? { + name = "sigaction" + retstr = returnstr(1) +} + +# signal _____________________________________________________ +# unsigned long sys_signal(int sig, __sighandler_t handler) +# +probe nd_syscall.signal = kernel.function("sys_signal") ? { + name = "signal" + // sig = $sig + // handler = $handler + // argstr = sprintf("%s, %s", _signal_name($sig), _sighandler_str($handler)) + asmlinkage() + sig = int_arg(1) + handler = pointer_arg(2) + argstr = sprintf("%s, %s", _signal_name(sig), _sighandler_str(handler)) +} +probe nd_syscall.signal.return = kernel.function("sys_signal").return ? { + name = "signal" + retstr = returnstr(1) +} + +# signalfd _____________________________________________________ +# +# long sys_signalfd(int ufd, sigset_t __user *user_mask, size_t sizemask) +# long compat_sys_signalfd(int ufd, const compat_sigset_t __user *sigmask, +# compat_size_t sigsetsize) +# +probe nd_syscall.signalfd = kernel.function("sys_signalfd") ? { + name = "signalfd" + // argstr = sprintf("%d, %p, %d", $ufd, $user_mask, $sizemask) + asmlinkage() + argstr = sprintf("%d, %p, %d", int_arg(1), pointer_arg(2), ulong_arg(3)) +} +probe nd_syscall.signalfd.return = kernel.function("sys_signalfd").return ? { + name = "signalfd" + retstr = returnstr(1) +} +probe nd_syscall.compat_signalfd = kernel.function("compat_sys_signalfd") ? { + name = "compat_signalfd" + // argstr = sprintf("%d, %p, %d", $ufd, $sigmask, $sigsetsize) + asmlinkage() + argstr = sprintf("%d, %p, %d", int_arg(1), pointer_arg(2), u32_arg(3)) +} +probe nd_syscall.compat_signalfd.return = kernel.function("compat_sys_signalfd").return ? { + name = "compat_signalfd" + retstr = returnstr(1) +} + +# sigpending _________________________________________________ +# long sys_sigpending(old_sigset_t __user *set) +# +probe nd_syscall.sigpending = kernel.function("sys_sigpending") ? { + name = "sigpending" + // argstr = sprintf("%p", $set) + asmlinkage() + argstr = sprintf("%p", pointer_arg(1)) +} +probe nd_syscall.sigpending.return = kernel.function("sys_sigpending").return ? { + name = "sigpending" + retstr = returnstr(1) +} + +# sigprocmask ________________________________________________ +# long sys_sigprocmask(int how, old_sigset_t __user *set, old_sigset_t __user *oset) +# +probe nd_syscall.sigprocmask = kernel.function("sys_sigprocmask") ? +{ + name = "sigprocmask" + // how = $how + // how_str = _sigprocmask_how_str($how) + // set_uaddr = $set + // oldset_uaddr = $oset + // argstr = sprintf("%s, %p, %p", how_str, $set, $oset) + asmlinkage() + how = int_arg(1) + how_str = _sigprocmask_how_str(how) + set_uaddr = pointer_arg(2) + oldset_uaddr = pointer_arg(3) + argstr = sprintf("%s, %p, %p", how_str, set_uaddr, oldset_uaddr) +} +probe nd_syscall.sigprocmask.return = kernel.function("sys_sigprocmask").return ? +{ + name = "sigprocmask" + retstr = returnstr(1) +} + +# sigreturn __________________________________________________ +# int sys_sigreturn(unsigned long __unused) +# +probe nd_syscall.sigreturn = + kernel.function("sys_sigreturn") ?, + kernel.function("sys32_sigreturn") ? +{ + name = "sigreturn" + argstr = "" +} +probe nd_syscall.sigreturn.return = + kernel.function("sys_sigreturn").return ?, + kernel.function("sys32_sigreturn").return ? +{ + name = "sigreturn" + retstr = returnstr(1) +} + +# sigsuspend _________________________________________________ +# +probe nd_syscall.sigsuspend = + kernel.function("sys_sigsuspend") ?, + kernel.function("sys32_sigsuspend") ? +{ + name = "sigsuspend" + argstr = "" +} +probe nd_syscall.sigsuspend.return = + kernel.function("sys_sigsuspend").return ?, + kernel.function("sys32_sigsuspend").return ? +{ + name = "sigsuspend" + retstr = returnstr(1) +} + +# socket _____________________________________________________ +# long sys_socket(int family, int type, int protocol) +# +probe nd_syscall.socket = kernel.function("sys_socket") ? { + name = "socket" + // family = $family + // type = $type + // protocol = $protocol + // argstr = sprintf("%s, %s, %d", _sock_family_str($family), + // _sock_type_str($type), + // $protocol) + asmlinkage() + family = int_arg(1) + type = int_arg(2) + protocol = int_arg(3) + argstr = sprintf("%s, %s, %d", _sock_family_str(family), + _sock_type_str(type), + protocol) +} +probe nd_syscall.socket.return = kernel.function("sys_socket").return ? { + name = "socket" + retstr = returnstr(1) +} + +# commented out because this seems redundant +# socketcall _________________________________________________ +# +# long sys_socketcall(int call, unsigned long __user *args) +# +#probe nd_syscall.socketcall = kernel.function("sys_socketcall") ? { +# name = "socketcall" +# call = $call +# args_uaddr = $args +# argstr = sprintf("%d, %p", $call, args_uaddr) +#} +#probe nd_syscall.socketcall.return = kernel.function("sys_socketcall").return ? { +# name = "socketcall" +# retstr = returnstr(1) +#} + +# socketpair _________________________________________________ +# long sys_socketpair(int family, +# int type, +# int protocol, +# int __user *usockvec) +# +probe nd_syscall.socketpair = kernel.function("sys_socketpair") ? { + name = "socketpair" + // family = $family + // type = $type + // protocol = $protocol + // sv_uaddr = $usockvec + // argstr = sprintf("%s, %s, %d, %p", + // _sock_family_str($family), + // _sock_type_str($type), + // $protocol, sv_uaddr) + asmlinkage() + family = int_arg(1) + type = int_arg(2) + protocol = int_arg(3) + sv_uaddr = pointer_arg(4) + argstr = sprintf("%s, %s, %d, %p", + _sock_family_str(family), + _sock_type_str(type), + protocol, sv_uaddr) +} +probe nd_syscall.socketpair.return = kernel.function("sys_socketpair").return ? { + name = "socketpair" + retstr = returnstr(1) +} + +# splice ___________________________________________________ +# +# long sys_splice(int fd_in, loff_t __user *off_in, +# int fd_out, loff_t __user *off_out, +# size_t len, unsigned int flags) +# +probe nd_syscall.splice = kernel.function("sys_splice") ? { + name = "splice" + // argstr = sprintf("%d, %p, %d, %p, %d, 0x%x", + // $fd_in, $off_in, $fd_out, $off_out, $len, $flags) + asmlinkage() + argstr = sprintf("%d, %p, %d, %p, %d, 0x%x", + int_arg(1), pointer_arg(2), int_arg(3), pointer_arg(4), ulong_arg(5), uint_arg(6)) +} +probe nd_syscall.splice.return = kernel.function("sys_splice").return ? { + name = "splice" + retstr = returnstr(1) +} + +# ssetmask ___________________________________________________ +# +# long sys_ssetmask(int newmask) +# +probe nd_syscall.ssetmask = kernel.function("sys_ssetmask") ? { + name = "ssetmask" + // newmask = $newmask + // argstr = sprint($newmask) + asmlinkage() + newmask = int_arg(1) + argstr = sprint(newmask) +} +probe nd_syscall.ssetmask.return = kernel.function("sys_ssetmask").return ? { + name = "ssetmask" + retstr = returnstr(1) +} + +# stat _______________________________________________________ +# long sys_stat(char __user * filename, struct __old_stat __user * statbuf) +# long sys32_stat64(char __user * filename, struct stat64 __user *statbuf) +# long sys_stat64(char __user * filename, struct stat64 __user * statbuf) +# long sys_oabi_stat64(char __user * filename, struct oldabi_stat64 __user * statbuf) +# long compat_sys_newstat(char __user * filename, struct compat_stat __user *statbuf) +probe nd_syscall.stat = + kernel.function("sys_stat") ?, + kernel.function("sys_newstat") ?, + kernel.function("sys32_stat64") ?, + kernel.function("sys_stat64") ?, + kernel.function("sys_oabi_stat64") ?, + kernel.function("compat_sys_newstat") ? +{ + name = "stat" + // filename_uaddr = $filename + // filename = user_string($filename) + // buf_uaddr = $statbuf + // argstr = sprintf("%s, %p", user_string_quoted($filename), buf_uaddr) + asmlinkage() + filename_uaddr = pointer_arg(1) + filename = user_string(filename_uaddr) + buf_uaddr = pointer_arg(2) + argstr = sprintf("%s, %p", user_string_quoted(filename_uaddr), buf_uaddr) +} +probe nd_syscall.stat.return = + kernel.function("sys_stat").return ?, + kernel.function("sys_newstat").return ?, + kernel.function("sys32_stat64").return ?, + kernel.function("sys_stat64").return ?, + kernel.function("sys_oabi_stat64").return ?, + kernel.function("compat_sys_newstat").return ? +{ + name = "stat" + retstr = returnstr(1) +} + +# statfs _____________________________________________________ +# long sys_statfs(const char __user * path, struct statfs __user * buf) +# long compat_sys_statfs(const char __user *path, struct compat_statfs __user *buf) +# +probe nd_syscall.statfs = + kernel.function("sys_statfs"), + kernel.function("compat_sys_statfs") ? +{ + name = "statfs" + // path = user_string($path) + // buf_uaddr = $buf + // argstr = sprintf("%s, %p", user_string_quoted($path), $buf) + asmlinkage() + path = user_string(pointer_arg(1)) + buf_uaddr = pointer_arg(2) + argstr = sprintf("%s, %p", user_string_quoted(pointer_arg(1)), buf_uaddr) +} +probe nd_syscall.statfs.return = + kernel.function("sys_statfs").return, + kernel.function("compat_sys_statfs").return ? +{ + name = "statfs" + retstr = returnstr(1) +} + +# statfs64 ___________________________________________________ +# +# long sys_statfs64(const char __user *path, size_t sz, struct statfs64 __user *buf) +# long compat_sys_statfs64(const char __user *path, compat_size_t sz, struct compat_statfs64 __user *buf) +# +probe nd_syscall.statfs64 = + kernel.function("sys_statfs64") ?, + kernel.function("compat_sys_statfs64") ? +{ + name = "statfs" + // path = user_string($path) + // sz = $sz + // buf_uaddr = $buf + // argstr = sprintf("%s, %d, %p", user_string_quoted($path), $sz, $buf) + asmlinkage() + path = user_string(pointer_arg(1)) + sz = ulong_arg(2) + buf_uaddr = pointer_arg(3) + argstr = sprintf("%s, %d, %p", user_string_quoted(pointer_arg(1)), sz, buf_uaddr) +} +probe nd_syscall.statfs64.return = + kernel.function("sys_statfs64").return ?, + kernel.function("compat_sys_statfs64").return ? +{ + name = "statfs" + retstr = returnstr(1) +} + +# stime ______________________________________________________ +# +# long sys_stime(time_t __user *tptr) +# long compat_sys_stime(compat_time_t __user *tptr) +# +probe nd_syscall.stime = + kernel.function("sys_stime") ?, + kernel.function("compat_sys_stime") ? +{ + name = "stime" + // t_uaddr = $tptr + /* FIXME. Decode time */ + // argstr = sprintf("%p", $tptr) + asmlinkage() + t_uaddr = pointer_arg(1) + argstr = sprintf("%p", t_uaddr) +} +probe nd_syscall.stime.return = + kernel.function("sys_stime").return ?, + kernel.function("compat_sys_stime").return ? +{ + name = "stime" + retstr = returnstr(1) +} + +# swapoff ____________________________________________________ +# +# asmlinkage long +# sys_swapoff(const char __user * specialfile) +# +probe nd_syscall.swapoff = kernel.function("sys_swapoff")? { + name = "swapoff" + // path = user_string($specialfile) + // argstr = user_string_quoted($specialfile) + asmlinkage() + path = user_string(pointer_arg(1)) + argstr = user_string_quoted(pointer_arg(1)) +} +probe nd_syscall.swapoff.return = kernel.function("sys_swapoff").return ? { + name = "swapoff" + retstr = returnstr(1) +} +# swapon _____________________________________________________ +# +# asmlinkage long +# sys_swapon(const char __user * specialfile, +# int swap_flags) +# +probe nd_syscall.swapon = kernel.function("sys_swapon") ? { + name = "swapon" + // path = user_string($specialfile) + // swapflags = $swap_flags + // argstr = sprintf("%s, %d", user_string_quoted($specialfile), swapflags) + asmlinkage() + path = user_string(pointer_arg(1)) + swapflags = int_arg(2) + argstr = sprintf("%s, %d", user_string_quoted(pointer_arg(1)), swapflags) +} +probe nd_syscall.swapon.return = kernel.function("sys_swapon").return ? { + name = "swapon" + retstr = returnstr(1) +} +# symlink ____________________________________________________ +# long sys_symlink(const char __user * oldname, +# const char __user * newname) +probe nd_syscall.symlink = kernel.function("sys_symlink") { + name = "symlink" + // oldpath = user_string($oldname) + // newpath = user_string($newname) + // argstr = sprintf("%s, %s", user_string_quoted($oldname), + // user_string_quoted($newname)) + asmlinkage() + oldpath = user_string(pointer_arg(1)) + newpath = user_string(pointer_arg(2)) + argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), + user_string_quoted(pointer_arg(2))) +} +probe nd_syscall.symlink.return = kernel.function("sys_symlink").return { + name = "symlink" + retstr = returnstr(1) +} + + +# symlinkat __________________________________________________ +# new function with 2.6.16 +# long sys_symlinkat(const char __user *oldname, int newdfd, +# const char __user *newname) +probe nd_syscall.symlinkat = kernel.function("sys_symlinkat") ? { + name = "symlinkat" +// oldname = $oldname +// oldname_str = user_string($oldname) +// newdfd = $newdfd +// newdfd_str = _dfd_str($newdfd) +// newname = $newname +// newname_str = user_string($newname) +// argstr = sprintf("%s, %s, %s", user_string_quoted($oldname), +// newdfd_str, user_string_quoted($newname)) + asmlinkage() + oldname = pointer_arg(1) + oldname_str = user_string(oldname) + newdfd = int_arg(2) + newdfd_str = _dfd_str(newdfd) + newname = pointer_arg(3) + newname_str = user_string(newname) + argstr = sprintf("%s, %s, %s", user_string_quoted(oldname), + newdfd_str, user_string_quoted(newname)) +} +probe nd_syscall.symlinkat.return = kernel.function("sys_symlinkat").return ? { + name = "symlinkat" + retstr = returnstr(1) +} + + +# sync _______________________________________________________ +# +# sys_sync(void) +# +probe nd_syscall.sync = kernel.function("sys_sync") { + name = "sync" + argstr = "" +} +probe nd_syscall.sync.return = kernel.function("sys_sync").return { + name = "sync" + retstr = returnstr(1) +} + +# sysctl _____________________________________________________ +# +# long sys_sysctl(struct __sysctl_args __user *args) +# +probe nd_syscall.sysctl = + kernel.function("sys_sysctl") ?, + kernel.function("compat_sys_sysctl") ? +{ + name = "sysctl" + // argstr = sprintf("%p", $args) + asmlinkage() + argstr = sprintf("%p", pointer_arg(1)) +} +probe nd_syscall.sysctl.return = + kernel.function("sys_sysctl").return ?, + kernel.function("compat_sys_sysctl").return ? +{ + name = "sysctl" + retstr = returnstr(1) +} + +# sysfs ______________________________________________________ +# +# asmlinkage long +# sys_sysfs(int option, +# unsigned long arg1, +# unsigned long arg2) +# +probe nd_syscall.sysfs = kernel.function("sys_sysfs") { + name = "sysfs" + // option = $option + // arg1 = $arg1 + // arg2 = $arg2 + // if (option == 1) + // argstr = sprintf("%d, %s, %d", $option, user_string_quoted($arg1), $arg2) + // else if (option == 2) + // argstr = sprintf("%d, %d, %p", $option, $arg1, $arg2) + // else if (option == 3) + // argstr = sprintf("%d, %d, %d", $option, $arg1, $arg2) + // else + // argstr = sprintf("%d, %d, %d", $option, $arg1, $arg2) + asmlinkage() + option = int_arg(1) + arg1 = ulong_arg(2) + arg2 = ulong_arg(3) + if (option == 1) + argstr = sprintf("%d, %s, %d", option, user_string_quoted(arg1), arg2) + else if (option == 2) + argstr = sprintf("%d, %d, %p", option, arg1, arg2) + else + argstr = sprintf("%d, %d, %d", option, arg1, arg2) +} +probe nd_syscall.sysfs.return = kernel.function("sys_sysfs").return { + name = "sysfs" + retstr = returnstr(1) +} +# sysinfo ____________________________________________________ +# +# long sys_sysinfo(struct sysinfo __user *info) +# long compat_sys_sysinfo(struct compat_sysinfo __user *info) +probe nd_syscall.sysinfo = + kernel.function("sys_sysinfo"), + kernel.function("compat_sys_sysinfo") ? +{ + name = "sysinfo" + // info_uaddr = $info + // argstr = sprintf("%p", $info) + asmlinkage() + info_uaddr = pointer_arg(1) + argstr = sprintf("%p", info_uaddr) +} +probe nd_syscall.sysinfo.return = + kernel.function("sys_sysinfo").return, + kernel.function("compat_sys_sysinfo").return ? +{ + name = "sysinfo" + retstr = returnstr(1) +} + +# syslog _____________________________________________________ +# +# long sys_syslog(int type, char __user * buf, int len) +# +probe nd_syscall.syslog = kernel.function("sys_syslog") { + name = "syslog" + // type = $type + // bufp_uaddr = $buf + // len = $len + // argstr = sprintf("%d, %p, %d", $type, $buf, $len) + asmlinkage() + type = int_arg(1) + bufp_uaddr = pointer_arg(2) + len = int_arg(3) + argstr = sprintf("%d, %p, %d", type, bufp_uaddr, len) +} +probe nd_syscall.syslog.return = kernel.function("sys_syslog").return { + name = "syslog" + retstr = returnstr(1) +} + +# tee _____________________________________________________ +# +# long sys_tee(int fdin, int fdout, size_t len, unsigned int flags) +# +probe nd_syscall.tee = kernel.function("sys_tee") ? { + name = "tee" + // argstr = sprintf("%d, %d, %d, 0x%x", $fdin, $fdout, $len, $flags) + asmlinkage() + argstr = sprintf("%d, %d, %d, 0x%x", int_arg(1), int_arg(2), ulong_arg(3), uint_arg(4)) +} +probe nd_syscall.tee.return = kernel.function("sys_tee").return ? { + name = "tee" + retstr = returnstr(1) +} + +# tgkill _____________________________________________________ +# +# asmlinkage long +# sys_tgkill(int tgid, +# int pid, +# int sig) +# +probe nd_syscall.tgkill = kernel.function("sys_tgkill") { + name = "tgkill" + // tgid = $tgid + // pid = $pid + // sig = $sig + // argstr = sprintf("%d, %d, %s", $tgid, $pid, _signal_name($sig)) + asmlinkage() + tgid = int_arg(1) + pid = int_arg(2) + sig = int_arg(3) + argstr = sprintf("%d, %d, %s", tgid, pid, _signal_name(sig)) +} +probe nd_syscall.tgkill.return = kernel.function("sys_tgkill").return { + name = "tgkill" + retstr = returnstr(1) +} +# time _______________________________________________________ +# +# long sys_time(time_t __user * tloc) +# long sys_time64(long __user * tloc) +# long sys32_time(compat_time_t __user * tloc) +# long compat_sys_time(compat_time_t __user * tloc) +# +probe nd_syscall.time = + kernel.function("sys_time")?, + kernel.function("sys32_time") ?, + kernel.function("sys_time64") ?, + kernel.function("compat_sys_time") ? +{ + name = "time" + // t_uaddr = $tloc + // argstr = sprintf("%p", $tloc) + asmlinkage() + t_uaddr = pointer_arg(1) + argstr = sprintf("%p", t_uaddr) +} +probe nd_syscall.time.return = + kernel.function("sys_time").return?, + kernel.function("sys32_time").return ?, + kernel.function("sys_time64").return ?, + kernel.function("compat_sys_time").return ? +{ + name = "time" + retstr = returnstr(1) +} + +# timer_create _______________________________________________ +# +# long sys_timer_create(clockid_t which_clock, +# struct sigevent __user *timer_event_spec, +# timer_t __user * created_timer_id) +# +probe nd_syscall.timer_create = kernel.function("sys_timer_create") { + name = "timer_create" + // clockid = $which_clock + // clockid_str = _get_wc_str($which_clock) + // evp_uaddr = $timer_event_spec + // timerid_uaddr = $created_timer_id + // argstr = sprintf("%s, %p, %p", clockid_str, $timer_event_spec, $created_timer_id) + asmlinkage() + clockid = int_arg(1) + clockid_str = _get_wc_str(clockid) + evp_uaddr = pointer_arg(2) + timerid_uaddr = pointer_arg(3) + argstr = sprintf("%s, %p, %p", clockid_str, evp_uaddr, timerid_uaddr) +} +probe nd_syscall.timer_create.return = + kernel.function("sys_timer_create").return { + name = "timer_create" + retstr = returnstr(1) +} + +# timer_delete _______________________________________________ +# +# long sys_timer_delete(timer_t timer_id) +# +probe nd_syscall.timer_delete = kernel.function("sys_timer_delete") { + name = "timer_delete" + // timerid = $timer_id + // argstr = sprint($timer_id) + asmlinkage() + timerid = int_arg(1) + argstr = sprint(timerid) +} +probe nd_syscall.timer_delete.return = kernel.function("sys_timer_delete").return { + name = "timer_delete" + retstr = returnstr(1) +} + +# timer_getoverrun ___________________________________________ +# +# long sys_timer_getoverrun(timer_t timer_id) +# +probe nd_syscall.timer_getoverrun = kernel.function("sys_timer_getoverrun") { + name = "timer_getoverrun" + // timerid = $timer_id + // argstr = sprint($timer_id) + asmlinkage() + timerid = int_arg(1) + argstr = sprint(timerid) +} +probe nd_syscall.timer_getoverrun.return = + kernel.function("sys_timer_getoverrun").return { + name = "timer_getoverrun" + retstr = returnstr(1) +} + +# timer_gettime ______________________________________________ +# +# long sys_timer_gettime(timer_t timer_id, +# struct itimerspec __user *setting) +# +probe nd_syscall.timer_gettime = kernel.function("sys_timer_gettime") { + name = "timer_gettime" + // timerid = $timer_id + // value_uaddr = $setting + // argstr = sprintf("%d, %p", $timer_id, $setting) + asmlinkage() + timerid = int_arg(1) + value_uaddr = pointer_arg(2) + argstr = sprintf("%d, %p", timerid, value_uaddr) +} +probe nd_syscall.timer_gettime.return = + kernel.function("sys_timer_gettime").return { + name = "timer_gettime" + retstr = returnstr(1) +} + +# timer_settime ______________________________________________ +# +# long sys_timer_settime(timer_t timer_id, +# int flags, +# const struct itimerspec __user *new_setting, +# struct itimerspec __user *old_setting) +# +probe nd_syscall.timer_settime = kernel.function("sys_timer_settime") { + name = "timer_settime" + // timerid = $timer_id + // flags = $flags + // value_uaddr = $new_setting + // ovalue_uaddr = $old_setting + // argstr = sprintf("%d, %d, %s, %p", $timer_id, $flags, + // _struct_itimerspec_u($new_setting), + // $old_setting) + asmlinkage() + timerid = int_arg(1) + flags = int_arg(2) + value_uaddr = pointer_arg(3) + ovalue_uaddr = pointer_arg(4) + argstr = sprintf("%d, %d, %s, %p", timerid, flags, + _struct_itimerspec_u(value_uaddr), + ovalue_uaddr) +} +probe nd_syscall.timer_settime.return = + kernel.function("sys_timer_settime").return { + name = "timer_settime" + retstr = returnstr(1) +} + +# timerfd ______________________________________________ +# +# long sys_timerfd(int ufd, int clockid, int flags, +# const struct itimerspec __user *utmr) +# long compat_sys_timerfd(int ufd, int clockid, int flags, +# const struct compat_itimerspec __user *utmr) +# +probe nd_syscall.timerfd = + kernel.function("sys_timerfd") ?, + kernel.function("compat_sys_timerfd") ? +{ + name = "timerfd" + // argstr = sprintf("%d, %d, 0x%x", $ufd, $clockid, $flags) + asmlinkage() + argstr = sprintf("%d, %d, 0x%x", int_arg(1), int_arg(2), int_arg(3)) +} +probe nd_syscall.timerfd.return = + kernel.function("sys_timerfd").return ?, + kernel.function("compat_sys_timerfd").return ? +{ + name = "timerfd" + retstr = returnstr(1) +} + +# times ______________________________________________________ +# +# long sys_times(struct tms __user * tbuf) +# long compat_sys_times(struct compat_tms __user *tbuf) +probe nd_syscall.times = + kernel.function("sys_times") ?, + kernel.function("compat_sys_times") ? +{ + name = "times" + // argstr = sprintf("%p", $tbuf) + asmlinkage() + argstr = sprintf("%p", pointer_arg(1)) +} +probe nd_syscall.times.return = + kernel.function("sys_times").return ?, + kernel.function("compat_sys_times").return ? +{ + name = "times" + retstr = returnstr(1) +} + +# tkill ______________________________________________________ +# +# asmlinkage long +# sys_tkill(int pid, +# int sig) +# +probe nd_syscall.tkill = kernel.function("sys_tkill") { + name = "tkill" + // pid = $pid + // sig = $sig + // argstr = sprintf("%d, %s", $pid, _signal_name($sig)) + asmlinkage() + pid = int_arg(1) + sig = int_arg(2) + argstr = sprintf("%d, %s", pid, _signal_name(sig)) +} +probe nd_syscall.tkill.return = kernel.function("sys_tkill").return { + name = "tkill" + retstr = returnstr(1) +} + +# truncate ___________________________________________________ +# +# sys_truncate(const char __user * path, unsigned long length) +# sys_truncate64(const char __user * path, loff_t length) +# +probe nd_syscall.truncate = kernel.function("sys_truncate")?, kernel.function("sys_truncate64") ? { + name = "truncate" + // path_uaddr = $path + // path = user_string($path) + // length = $length + // argstr = sprintf("%s, %d", user_string_quoted($path), $length) + asmlinkage() + path_uaddr = pointer_arg(1) + path = user_string(path_uaddr) + if (probefunc() == "sys_truncate") + length = ulong_arg(2) + else + length = longlong_arg(2) + argstr = sprintf("%s, %d", user_string_quoted(path_uaddr), length) +} +probe nd_syscall.truncate.return = kernel.function("sys_truncate").return ?, kernel.function("sys_truncate64").return ? { + name = "truncate" + retstr = returnstr(1) +} + +# tux ________________________________________________________ +# long sys_tux (unsigned int action, user_req_t *u_info) +# +probe nd_syscall.tux = kernel.function("sys_tux") ? { + name = "tux" + // action = $action + // u_info_uaddr = $u_info + // argstr = sprintf("%d, %p", $action, $u_info) + // no sys_tux in recent kernels; guessing asmlinkage + asmlinkage() + action = uint_arg(1) + u_info_uaddr = pointer_arg(2) + argstr = sprintf("%d, %p", action, u_info_uaddr) +} +probe nd_syscall.tux.return = kernel.function("sys_tux").return ? { + name = "tux" + retstr = returnstr(1) +} + +# umask ______________________________________________________ +# long sys_umask(int mask) +# +probe nd_syscall.umask = kernel.function("sys_umask") { + name = "umask" + // mask = $mask + // argstr = sprintf("%#o", $mask) + asmlinkage() + mask = int_arg(1) + argstr = sprintf("%#o", mask) +} +probe nd_syscall.umask.return = kernel.function("sys_umask").return { + name = "umask" + retstr = returnstr(3) +} + +# umount _____________________________________________________ +# long sys_umount(char __user * name, int flags) +# +probe nd_syscall.umount = kernel.function("sys_umount") { + name = "umount" + // target = user_string($name) + // flags = $flags + // flags_str = _umountflags_str($flags) + // argstr = sprintf("%s, %s", user_string_quoted($name), flags_str) + asmlinkage() + target = user_string(pointer_arg(1)) + flags = int_arg(2) + flags_str = _umountflags_str(flags) + argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), flags_str) +} +probe nd_syscall.umount.return = kernel.function("sys_umount").return { + name = "umount" + retstr = returnstr(1) +} +# uname ______________________________________________________ +# +# int sys_uname(struct old_utsname __user *name) +# long sys_newuname(struct new_utsname __user * name) +# int sys_olduname(struct oldold_utsname __user * name) +# int sys32_olduname(struct oldold_utsname __user * name) +# long sys32_uname(struct old_utsname __user * name) +# +probe nd_syscall.uname = + kernel.function("sys_uname") ?, + kernel.function("sys_olduname") ?, + kernel.function("sys32_olduname") ?, + kernel.function("sys32_uname") ?, + kernel.function("sys_newuname") ? +{ + name = "uname" + // argstr = sprintf("%p", $name) + _func_name = probefunc() + if (_func_name != "sys32_uname") { + if (_func_name == "sys_uname" || _func_name == "sys_olduname") { + %( arch != "ppc64" %? asmlinkage() %) + } else + asmlinkage() + } + argstr = sprintf("%p", pointer_arg(1)) +} + +probe nd_syscall.uname.return = + kernel.function("sys_uname").return ?, + kernel.function("sys_olduname").return ?, + kernel.function("sys32_olduname").return ?, + kernel.function("sys32_uname").return ?, + kernel.function("sys_newuname").return ? +{ + name = "uname" + retstr = returnstr(1) +} + +# unlink _____________________________________________________ +# long sys_unlink(const char __user * pathname) +# +probe nd_syscall.unlink = kernel.function("sys_unlink") { + name = "unlink" + // pathname_uaddr = $pathname + // pathname = user_string($pathname) + // argstr = user_string_quoted($pathname) + asmlinkage() + pathname_uaddr = pointer_arg(1) + pathname = user_string(pathname_uaddr) + argstr = user_string_quoted(pathname_uaddr) +} +probe nd_syscall.unlink.return = kernel.function("sys_unlink").return { + name = "unlink" + retstr = returnstr(1) +} +# uselib _____________________________________________________ +# +# asmlinkage long +# sys_uselib(const char __user * library) +# +probe nd_syscall.uselib = kernel.function("sys_uselib") { + name = "uselib" + // library_uaddr = $library + // library = user_string($library) + // argstr = user_string_quoted($library) + asmlinkage() + library_uaddr = pointer_arg(1) + library = user_string(library_uaddr) + argstr = user_string_quoted(library_uaddr) +} +probe nd_syscall.uselib.return = kernel.function("sys_uselib").return { + name = "uselib" + retstr = returnstr(1) +} +# ustat ______________________________________________________ +# long sys_ustat(unsigned dev, struct ustat __user * ubuf) +# +probe nd_syscall.ustat = kernel.function("sys_ustat") { + name = "ustat" + // dev = $dev + // ubuf_uaddr = $ubuf + // argstr = sprintf("%d, %p", $dev, $ubuf) + asmlinkage() + dev = uint_arg(1) + ubuf_uaddr = pointer_arg(2) + argstr = sprintf("%d, %p", dev, ubuf_uaddr) +} + +#long sys32_ustat(unsigned dev, struct ustat32 __user *u32p) +probe nd_syscall.ustat32 = kernel.function("sys32_ustat") ? { + name = "ustat" + // dev = $dev + // argstr = sprintf("%d, %p", $dev, $u32p) + // no asmlinkage + dev = uint_arg(1) + argstr = sprintf("%d, %p", dev, pointer_arg(2)) +} + +probe nd_syscall.ustat.return = + kernel.function("sys_ustat").return, + kernel.function("sys32_ustat").return ? +{ + name = "ustat" + retstr = returnstr(1) +} + +# utime ______________________________________________________ +# long sys_utime(char __user * filename, struct utimbuf __user * times) +probe nd_syscall.utime = kernel.function("sys_utime") ? { + name = "utime" + asmlinkage() + filename_uaddr = pointer_arg(1) + filename = user_string_quoted(filename_uaddr) + buf_uaddr = pointer_arg(2) + actime = _struct_utimbuf_actime(buf_uaddr) + modtime = _struct_utimbuf_modtime(buf_uaddr) + argstr = sprintf("%s, [%s, %s]", filename, + ctime(actime), ctime(modtime)) +} +probe nd_syscall.utime.return = kernel.function("sys_utime").return ? { + name = "utime" + retstr = returnstr(1) +} + +# long compat_sys_utime(char __user *filename, struct compat_utimbuf __user *t) +probe nd_syscall.compat_utime = kernel.function("compat_sys_utime") ? { + name = "utime" + asmlinkage() + filename_uaddr = pointer_arg(1) + filename = user_string_quoted(filename_uaddr) + buf_uaddr = pointer_arg(2) + actime = _struct_compat_utimbuf_actime(buf_uaddr) + modtime = _struct_compat_utimbuf_modtime(buf_uaddr) + argstr = sprintf("%s, [%s, %s]", filename, + ctime(actime), ctime(modtime)) +} +probe nd_syscall.compat_utime.return = kernel.function("compat_sys_utime").return ? { + name = "utime" + retstr = returnstr(1) +} + +# utimes _____________________________________________________ +# +# long sys_utimes(char __user * filename, struct timeval __user * utimes) +# +probe nd_syscall.utimes = kernel.function("sys_utimes") { + name = "utimes" + // filename_uaddr = $filename + // filename = user_string($filename) + // tvp_uaddr = $utimes + // argstr = sprintf("%s, %s", user_string_quoted($filename), + // _struct_timeval_u($utimes, 2)) + asmlinkage() + filename_uaddr = pointer_arg(1) + filename = user_string(filename_uaddr) + tvp_uaddr = pointer_arg(2) + argstr = sprintf("%s, %s", user_string_quoted(filename_uaddr), + _struct_timeval_u(tvp_uaddr, 2)) +} +probe nd_syscall.utimes.return = kernel.function("sys_utimes").return { + name = "utimes" + retstr = returnstr(1) +} +# compat_sys_utimes ________________________________________ +# +# long compat_sys_utimes(char __user *filename, struct compat_timeval __user *t) +# +probe nd_syscall.compat_sys_utimes = kernel.function("compat_sys_utimes") ? { + name = "utimes" + // filename = user_string($filename) + // argstr = sprintf("%s, %s", user_string_quoted($filename), + // _struct_compat_timeval_u($t, 2)) + asmlinkage() + filename = user_string(pointer_arg(1)) + argstr = sprintf("%s, %s", user_string_quoted(filename), + _struct_compat_timeval_u(pointer_arg(2), 2)) +} +probe nd_syscall.compat_sys_utimes.return = kernel.function("compat_sys_utimes").return ? { + name = "utimes" + retstr = returnstr(1) +} + +# utimensat ____________________________________________________ +# long sys_utimensat(int dfd, char __user *filename, struct timespec __user *utimes, int flags) +# long compat_sys_utimensat(unsigned int dfd, char __user *filename, struct compat_timespec __user *t, int flags) +# +probe nd_syscall.utimensat = kernel.function("sys_utimensat") ? { + name = "utimensat" + // argstr = sprintf("%s, %s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), _struct_timespec_u($utimes,2), + // _at_flag_str($flags)) + asmlinkage() + argstr = sprintf("%s, %s, %s, %s", _dfd_str(int_arg(1)), user_string_quoted(pointer_arg(2)), + _struct_timespec_u(pointer_arg(3),2), _at_flag_str(int_arg(4))) +} +probe nd_syscall.compat_utimensat = kernel.function("compat_sys_utimensat") ? { + name = "utimensat" + // argstr = sprintf("%s, %s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), _struct_compat_timespec_u($t,2), + // _at_flag_str($flags)) + asmlinkage() + argstr = sprintf("%s, %s, %s, %s", _dfd_str(uint_arg(1)), user_string_quoted(pointer_arg(2)), + _struct_compat_timespec_u(pointer_arg(3),2), _at_flag_str(int_arg(4))) +} +probe nd_syscall.utimensat.return = kernel.function("sys_utimensat").return ? { + name = "utimensat" + retstr = returnstr(1) +} +probe nd_syscall.compat_utimensat.return = kernel.function("compat_sys_utimensat").return ? { + name = "utimensat" + retstr = returnstr(1) +} + +# vhangup ____________________________________________________ +# +# asmlinkage long +# sys_vhangup(void) +# +probe nd_syscall.vhangup = kernel.function("sys_vhangup") { + name = "vhangup" + argstr = "" +} +probe nd_syscall.vhangup.return = kernel.function("sys_vhangup").return { + name = "vhangup" + retstr = returnstr(1) +} + +# vmsplice ___________________________________________________ +# +# long sys_vmsplice(int fd, const struct iovec __user *iov, +# unsigned long nr_segs, unsigned int flags) +# long compat_sys_vmsplice(int fd, const struct compat_iovec __user *iov32, +# unsigned int nr_segs, unsigned int flags) +# +probe nd_syscall.vmsplice = kernel.function("sys_vmsplice") ? { + name = "vmsplice" + // argstr = sprintf("%d, %p, %d, 0x%x", $fd, $iov, $nr_segs, $flags) + asmlinkage() + argstr = sprintf("%d, %p, %d, 0x%x", int_arg(1), pointer_arg(2), ulong_arg(3), uint_arg(4)) +} +probe nd_syscall.compat_vmsplice = kernel.function("compat_sys_vmsplice") ? { + name = "vmsplice" + // argstr = sprintf("%d, %p, %d, 0x%x", $fd, $iov32, $nr_segs, $flags) + asmlinkage() + argstr = sprintf("%d, %p, %d, 0x%x", int_arg(1), pointer_arg(2), uint_arg(3), uint_arg(4)) +} +probe nd_syscall.vmsplice.return = kernel.function("sys_vmsplice").return ? { + name = "vmsplice" + retstr = returnstr(1) +} +probe nd_syscall.compat_vmsplice.return = kernel.function("compat_sys_vmsplice").return ? { + name = "vmsplice" + retstr = returnstr(1) +} + +# wait4 ______________________________________________________ +# +# long sys_wait4(pid_t pid, +# int __user *stat_addr, +# int options, +# struct rusage __user *ru) +# +probe nd_syscall.wait4 = kernel.function("sys_wait4") { + name = "wait4" + // pid = %( kernel_vr >= "2.6.25" %? $upid %: $pid%) + // status_uaddr = $stat_addr + // options = $options + // options_str = _wait4_opt_str($options) + // rusage_uaddr = $ru + // argstr = sprintf("%d, %p, %s, %p", + // %( kernel_vr >= "2.6.25" %? $upid %: $pid%), + // $stat_addr,_wait4_opt_str($options), $ru) + asmlinkage() + pid = int_arg(1) + status_uaddr = pointer_arg(2) + options = int_arg(3) + options_str = _wait4_opt_str(options) + rusage_uaddr = pointer_arg(4) + argstr = sprintf("%d, %p, %s, %p", pid, status_uaddr,_wait4_opt_str(options), rusage_uaddr) + +} +probe nd_syscall.wait4.return = kernel.function("sys_wait4").return { + name = "wait4" + retstr = returnstr(1) +} +# waitid _____________________________________________________ +# +# long sys_waitid(int which, +# pid_t pid, +# struct siginfo __user *infop, +# int options, +# struct rusage __user *ru) +# +probe nd_syscall.waitid = kernel.function("sys_waitid") { + name = "waitid" + // pid = %( kernel_vr >= "2.6.25" %? $upid %: $pid%) + // which = $which + // which_str = _waitid_which_str($which) + // infop_uaddr = $infop + // options = $options + // options_str = _waitid_opt_str($options) + // rusage_uaddr = $ru + // argstr = sprintf("%d, %d, %p, %s, %p", $which, + // %( kernel_vr >= "2.6.25" %? $upid %: $pid%), $infop, + // _waitid_opt_str($options), $ru) + asmlinkage() + pid = int_arg(1) + which = int_arg(2) + which_str = _waitid_which_str(which) + infop_uaddr = pointer_arg(3) + options = int_arg(4) + options_str = _waitid_opt_str(options) + rusage_uaddr = pointer_arg(5) + argstr = sprintf("%d, %d, %p, %s, %p", which, + pid, infop_uaddr, _waitid_opt_str(options), rusage_uaddr) +} +probe nd_syscall.waitid.return = kernel.function("sys_waitid").return { + name = "waitid" + retstr = returnstr(1) +} +/* FIXME: +# waitpid ____________________________________________________ +# +# long sys_wait4(pid_t pid, +# int __user *stat_addr, +# int options, +# struct rusage __user *ru) +# +probe nd_syscall.waitpid = kernel.function("sys_wait4") { + name = "waitpid" + pid = $pid + status_uaddr = $stat_addr + options = $options + options_str = _wait4_opt_str($options) + rusage_uaddr = $ru + argstr = sprintf("%d, %p, %s, %p", $pid, $stat_addr, + options_str, $ru) +} +probe nd_syscall.waitpid.return = kernel.function("sys_wait4").return { + name = "waitpid" + retstr = returnstr(1) +} +*/ + +# write ______________________________________________________ +# +# ssize_t sys_write(unsigned int fd, +# const char __user * buf, +# size_t count) +# +probe nd_syscall.write = kernel.function("sys_write") { + name = "write" + // fd = $fd + // buf_uaddr = $buf + // count = $count + // argstr = sprintf("%d, %s, %d", $fd, text_strn(user_string($buf),syscall_string_trunc,1), $count) + asmlinkage() + fd = uint_arg(1) + buf_uaddr = pointer_arg(2) + count = ulong_arg(3) + argstr = sprintf("%d, %s, %d", fd, text_strn(user_string(buf_uaddr),syscall_string_trunc,1), count) + +} +probe nd_syscall.write.return = kernel.function("sys_write").return { + name = "write" + retstr = returnstr(1) +} + +# writev _____________________________________________________ +# +# ssize_t sys_writev(unsigned long fd, +# const struct iovec __user *vec, +# unsigned long vlen) +# ssize_t compat_sys_writev(unsigned long fd, +# const struct compat_iovec __user *vec, +# unsigned long vlen) +# +probe nd_syscall.writev = + kernel.function("sys_writev"), + kernel.function("compat_sys_writev") ? +{ + name = "writev" + // vector_uaddr = $vec + // count = $vlen +/* FIXME: RHEL4 U3 ppc64 can't resolve $fd */ +// %( arch != "ppc64" %? + // fd = $fd + // argstr = sprintf("%d, %p, %d", $fd, $vec, $vlen) +// %: + // argstr = sprintf("unknown fd, %p, %d", $vec, $vlen) +// %) + asmlinkage() + vector_uaddr = pointer_arg(2) + count = ulong_arg(3) + fd = ulong_arg(1) + argstr = sprintf("%d, %p, %d", fd, vector_uaddr, count) +} + +probe nd_syscall.writev.return = + kernel.function("sys_writev").return, + kernel.function("compat_sys_writev").return ? +{ + name = "writev" + retstr = returnstr(1) +} -- cgit From fd177173fc6547dc17767470308b9bd24e76df7b Mon Sep 17 00:00:00 2001 From: Josh Stone Date: Fri, 29 May 2009 14:38:23 -0700 Subject: Convert nd_syscalls2 to kprobe.function --- tapset/nd_syscalls2.stp | 874 ++++++++++++++++++++++++------------------------ 1 file changed, 437 insertions(+), 437 deletions(-) (limited to 'tapset') diff --git a/tapset/nd_syscalls2.stp b/tapset/nd_syscalls2.stp index a67ebd22..f3a2c14f 100644 --- a/tapset/nd_syscalls2.stp +++ b/tapset/nd_syscalls2.stp @@ -28,7 +28,7 @@ # long compat_sys_nanosleep(struct compat_timespec __user *rqtp, # struct compat_timespec __user *rmtp) # -probe nd_syscall.nanosleep = kernel.function("sys_nanosleep") { +probe nd_syscall.nanosleep = kprobe.function("sys_nanosleep") { name = "nanosleep" // req_uaddr = $rqtp // rem_uaddr = $rmtp @@ -38,11 +38,11 @@ probe nd_syscall.nanosleep = kernel.function("sys_nanosleep") { rem_uaddr = pointer_arg(2) argstr = sprintf("%s, %p", _struct_timespec_u(req_uaddr,1), rem_uaddr) } -probe nd_syscall.nanosleep.return = kernel.function("sys_nanosleep").return { +probe nd_syscall.nanosleep.return = kprobe.function("sys_nanosleep").return { name = "nanosleep" retstr = returnstr(1) } -probe nd_syscall.compat_nanosleep = kernel.function("compat_sys_nanosleep") ? { +probe nd_syscall.compat_nanosleep = kprobe.function("compat_sys_nanosleep") ? { name = "nanosleep" // req_uaddr = $rqtp // rem_uaddr = $rmtp @@ -52,7 +52,7 @@ probe nd_syscall.compat_nanosleep = kernel.function("compat_sys_nanosleep") ? { rem_uaddr = pointer_arg(2) argstr = sprintf("%s, %p", _struct_compat_timespec_u(req_uaddr,1), rem_uaddr) } -probe nd_syscall.compat_nanosleep.return = kernel.function("compat_sys_nanosleep").return ? { +probe nd_syscall.compat_nanosleep.return = kprobe.function("compat_sys_nanosleep").return ? { name = "nanosleep" retstr = returnstr(1) } @@ -64,8 +64,8 @@ probe nd_syscall.compat_nanosleep.return = kernel.function("compat_sys_nanosleep # union compat_nfsctl_res __user *res) # probe nd_syscall.nfsservctl = - kernel.function("sys_nfsservctl") ?, - kernel.function("compat_sys_nfsservctl") ? + kprobe.function("sys_nfsservctl") ?, + kprobe.function("compat_sys_nfsservctl") ? { name = "nfsservctl" // cmd = $cmd @@ -79,8 +79,8 @@ probe nd_syscall.nfsservctl = argstr = sprintf("%s, %p, %p", _nfsctl_cmd_str(cmd), argp_uaddr, resp_uaddr) } probe nd_syscall.nfsservctl.return = - kernel.function("sys_nfsservctl").return ?, - kernel.function("compat_sys_nfsservctl").return ? + kprobe.function("sys_nfsservctl").return ?, + kprobe.function("compat_sys_nfsservctl").return ? { name = "nfsservctl" retstr = returnstr(1) @@ -89,7 +89,7 @@ probe nd_syscall.nfsservctl.return = # nice _______________________________________________________ # long sys_nice(int increment) # -probe nd_syscall.nice = kernel.function("sys_nice") ? { +probe nd_syscall.nice = kprobe.function("sys_nice") ? { name = "nice" // inc = $increment // argstr = sprintf("%d", $increment) @@ -97,7 +97,7 @@ probe nd_syscall.nice = kernel.function("sys_nice") ? { inc = int_arg(1) argstr = sprintf("%d", inc) } -probe nd_syscall.nice.return = kernel.function("sys_nice").return ? { +probe nd_syscall.nice.return = kprobe.function("sys_nice").return ? { name = "nice" retstr = returnstr(1) } @@ -106,11 +106,11 @@ probe nd_syscall.nice.return = kernel.function("sys_nice").return ? { # # long sys_ni_syscall(void) # -probe nd_syscall.ni_syscall = kernel.function("sys_ni_syscall") { +probe nd_syscall.ni_syscall = kprobe.function("sys_ni_syscall") { name = "ni_syscall" argstr = "" } -probe nd_syscall.ni_syscall.return = kernel.function("sys_ni_syscall").return { +probe nd_syscall.ni_syscall.return = kprobe.function("sys_ni_syscall").return { name = "ni_syscall" retstr = returnstr(1) } @@ -120,9 +120,9 @@ probe nd_syscall.ni_syscall.return = kernel.function("sys_ni_syscall").return { # (obsolete) long sys32_open(const char * filename, int flags, int mode) # probe nd_syscall.open = - kernel.function("sys_open") ?, - kernel.function("compat_sys_open") ?, - kernel.function("sys32_open") ? + kprobe.function("sys_open") ?, + kprobe.function("compat_sys_open") ?, + kprobe.function("sys32_open") ? { name = "open" // filename = user_string($filename) @@ -146,9 +146,9 @@ probe nd_syscall.open = _sys_open_flag_str(flags)) } probe nd_syscall.open.return = - kernel.function("sys_open").return ?, - kernel.function("compat_sys_open").return ?, - kernel.function("sys32_open").return ? + kprobe.function("sys_open").return ?, + kprobe.function("compat_sys_open").return ?, + kprobe.function("sys32_open").return ? { name = "open" retstr = returnstr(1) @@ -159,8 +159,8 @@ probe nd_syscall.open.return = # long compat_sys_openat(unsigned int dfd, const char __user *filename, int flags, int mode) # probe nd_syscall.openat = - kernel.function("sys_openat") ?, - kernel.function("compat_sys_openat") ? + kprobe.function("sys_openat") ?, + kprobe.function("compat_sys_openat") ? { name = "openat" // filename = user_string($filename) @@ -188,8 +188,8 @@ probe nd_syscall.openat = _sys_open_flag_str(flags)) } probe nd_syscall.openat.return = - kernel.function("sys_openat").return ?, - kernel.function("compat_sys_openat").return ? + kprobe.function("sys_openat").return ?, + kprobe.function("compat_sys_openat").return ? { name = "openat" retstr = returnstr(1) @@ -199,16 +199,16 @@ probe nd_syscall.openat.return = # # sys_pause(void) # -probe nd_syscall.pause = kernel.function("sys_pause") ?, - kernel.function("sys32_pause") ?, - kernel.function("compat_sys_pause") ? +probe nd_syscall.pause = kprobe.function("sys_pause") ?, + kprobe.function("sys32_pause") ?, + kprobe.function("compat_sys_pause") ? { name = "pause" argstr = "" } -probe nd_syscall.pause.return = kernel.function("sys_pause").return ?, - kernel.function("sys32_pause").return ?, - kernel.function("compat_sys_pause").return ? +probe nd_syscall.pause.return = kprobe.function("sys_pause").return ?, + kprobe.function("sys32_pause").return ?, + kprobe.function("compat_sys_pause").return ? { name = "pause" retstr = returnstr(1) @@ -222,14 +222,14 @@ probe nd_syscall.pause.return = kernel.function("sys_pause").return ?, # unsigned long dfn) # # -#probe nd_syscall.pciconfig_iobase = kernel.function("sys_pciconfig_iobase") { +#probe nd_syscall.pciconfig_iobase = kprobe.function("sys_pciconfig_iobase") { # name = "pciconfig_iobase" # which = $which # bus = $bus # dfn = $dfn # argstr = sprintf("%p, %p, %p", which, bus, dfn) #} -#probe nd_syscall.pciconfig_iobase.return = kernel.function("sys_pciconfig_iobase").return { +#probe nd_syscall.pciconfig_iobase.return = kprobe.function("sys_pciconfig_iobase").return { # name = "pciconfig_iobase" # retstr = returnstr(1) #} @@ -244,7 +244,7 @@ probe nd_syscall.pause.return = kernel.function("sys_pause").return ?, # { return 0; } # # -#probe nd_syscall.pciconfig_read = kernel.function("sys_pciconfig_read") { +#probe nd_syscall.pciconfig_read = kprobe.function("sys_pciconfig_read") { # name = "pciconfig_read" # bus = $bus # dfn = $dfn @@ -255,7 +255,7 @@ probe nd_syscall.pause.return = kernel.function("sys_pause").return ?, # len, buf_uaddr) #} #probe nd_syscall.pciconfig_read.return = -# kernel.function("sys_pciconfig_read").return { +# kprobe.function("sys_pciconfig_read").return { # name = "pciconfig_read" # retstr = returnstr(1) #} @@ -269,7 +269,7 @@ probe nd_syscall.pause.return = kernel.function("sys_pause").return ?, # unsigned char *buf) # # -#probe nd_syscall.pciconfig_write = kernel.function("sys_pciconfig_write") { +#probe nd_syscall.pciconfig_write = kprobe.function("sys_pciconfig_write") { # name = "pciconfig_write" # bus = $bus # dfn = $dfn @@ -280,7 +280,7 @@ probe nd_syscall.pause.return = kernel.function("sys_pause").return ?, # len, buf_uaddr) #} #probe nd_syscall.pciconfig_write.return = -# kernel.function("sys_pciconfig_write").return { +# kprobe.function("sys_pciconfig_write").return { # name = "pciconfig_write" # retstr = returnstr(1) #} @@ -289,14 +289,14 @@ probe nd_syscall.pause.return = kernel.function("sys_pause").return ?, # asmlinkage long # sys_personality(u_long personality) # -probe nd_syscall.personality = kernel.function("sys_personality") { +probe nd_syscall.personality = kprobe.function("sys_personality") { name = "personality" // persona = $personality asmlinkage() persona = ulong_arg(1) argstr = sprintf("%p", persona); } -probe nd_syscall.personality.return = kernel.function("sys_personality").return { +probe nd_syscall.personality.return = kprobe.function("sys_personality").return { name = "personality" retstr = returnstr(1) } @@ -305,7 +305,7 @@ probe nd_syscall.personality.return = kernel.function("sys_personality").return # asmlinkage int # sys_pipe(unsigned long __user * fildes) # -probe nd_syscall.pipe = kernel.function("sys_pipe") { +probe nd_syscall.pipe = kprobe.function("sys_pipe") { name = "pipe" %( arch == "ia64" %? # ia64 just returns value directly, no fildes argument @@ -319,7 +319,7 @@ probe nd_syscall.pipe = kernel.function("sys_pipe") { %) } -probe nd_syscall.pipe.return = kernel.function("sys_pipe").return { +probe nd_syscall.pipe.return = kprobe.function("sys_pipe").return { name = "pipe" retstr = returnstr(1) } @@ -328,7 +328,7 @@ probe nd_syscall.pipe.return = kernel.function("sys_pipe").return { # # long sys_pivot_root(const char __user *new_root, const char __user *put_old) # -probe nd_syscall.pivot_root = kernel.function("sys_pivot_root") { +probe nd_syscall.pivot_root = kprobe.function("sys_pivot_root") { name = "pivot_root" // new_root_str = user_string($new_root) // old_root_str = user_string($put_old) @@ -340,7 +340,7 @@ probe nd_syscall.pivot_root = kernel.function("sys_pivot_root") { argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), user_string_quoted(pointer_arg(2))) } -probe nd_syscall.pivot_root.return = kernel.function("sys_pivot_root").return { +probe nd_syscall.pivot_root.return = kprobe.function("sys_pivot_root").return { name = "pivot_root" retstr = returnstr(1) } @@ -349,7 +349,7 @@ probe nd_syscall.pivot_root.return = kernel.function("sys_pivot_root").return { # # long sys_poll(struct pollfd __user * ufds, unsigned int nfds, long timeout) # -probe nd_syscall.poll = kernel.function("sys_poll") { +probe nd_syscall.poll = kprobe.function("sys_poll") { name = "poll" // ufds_uaddr = $ufds // nfds = $nfds @@ -361,7 +361,7 @@ probe nd_syscall.poll = kernel.function("sys_poll") { timeout = long_arg(3) argstr = sprintf("%p, %d, %d", ufds_uaddr, nfds, timeout) } -probe nd_syscall.poll.return = kernel.function("sys_poll").return { +probe nd_syscall.poll.return = kprobe.function("sys_poll").return { name = "poll" retstr = returnstr(1) } @@ -372,7 +372,7 @@ probe nd_syscall.poll.return = kernel.function("sys_poll").return { # struct timespec __user *tsp, const sigset_t __user *sigmask, # size_t sigsetsize) # -probe nd_syscall.ppoll = kernel.function("sys_ppoll") ? { +probe nd_syscall.ppoll = kprobe.function("sys_ppoll") ? { name = "ppoll" // argstr = sprintf("%p, %d, %s, %p, %d", // $ufds, @@ -388,7 +388,7 @@ probe nd_syscall.ppoll = kernel.function("sys_ppoll") ? { pointer_arg(4), ulong_arg(5)) } -probe nd_syscall.ppoll.return = kernel.function("sys_ppoll").return ? { +probe nd_syscall.ppoll.return = kprobe.function("sys_ppoll").return ? { name = "ppoll" retstr = returnstr(1) } @@ -396,7 +396,7 @@ probe nd_syscall.ppoll.return = kernel.function("sys_ppoll").return ? { # unsigned int nfds, struct compat_timespec __user *tsp, # const compat_sigset_t __user *sigmask, compat_size_t sigsetsize) # -probe nd_syscall.compat_ppoll = kernel.function("compat_sys_ppoll") ? { +probe nd_syscall.compat_ppoll = kprobe.function("compat_sys_ppoll") ? { name = "ppoll" // argstr = sprintf("%p, %d, %s, %p, %d", // $ufds, @@ -412,7 +412,7 @@ probe nd_syscall.compat_ppoll = kernel.function("compat_sys_ppoll") ? { pointer_arg(4), u32_arg(5)) } -probe nd_syscall.compat_ppoll.return = kernel.function("compat_sys_ppoll").return ? { +probe nd_syscall.compat_ppoll.return = kprobe.function("compat_sys_ppoll").return ? { name = "ppoll" retstr = returnstr(1) } @@ -426,7 +426,7 @@ probe nd_syscall.compat_ppoll.return = kernel.function("compat_sys_ppoll").retur # unsigned long arg4, # unsigned long arg5) # -probe nd_syscall.prctl = kernel.function("sys_prctl") { +probe nd_syscall.prctl = kprobe.function("sys_prctl") { name = "prctl" // option = $option // arg2 = $arg2 @@ -442,7 +442,7 @@ probe nd_syscall.prctl = kernel.function("sys_prctl") { argstr = sprintf("%p, %p, %p, %p, %p", option, arg2, arg3, arg4, arg5) } -probe nd_syscall.prctl.return = kernel.function("sys_prctl").return { +probe nd_syscall.prctl.return = kprobe.function("sys_prctl").return { name = "prctl" retstr = returnstr(1) } @@ -453,7 +453,7 @@ probe nd_syscall.prctl.return = kernel.function("sys_prctl").return { # size_t count, # loff_t pos) # -probe nd_syscall.pread = kernel.function("sys_pread64") { +probe nd_syscall.pread = kprobe.function("sys_pread64") { name = "pread" // fd = $fd // buf_uaddr = $buf @@ -467,7 +467,7 @@ probe nd_syscall.pread = kernel.function("sys_pread64") { offset = longlong_arg(4) argstr = sprintf("%d, %p, %d, %d", fd, buf_uaddr, count, offset) } -probe nd_syscall.pread.return = kernel.function("sys_pread64").return { +probe nd_syscall.pread.return = kprobe.function("sys_pread64").return { name = "pread" retstr = returnstr(1) } @@ -477,7 +477,7 @@ probe nd_syscall.pread.return = kernel.function("sys_pread64").return { # long sys_pselect6(int n, fd_set __user *inp, fd_set __user *outp, # fd_set __user *exp, struct timespec __user *tsp, void __user *sig) # -probe nd_syscall.pselect6 = kernel.function("sys_pselect6") ? { +probe nd_syscall.pselect6 = kprobe.function("sys_pselect6") ? { name = "pselect6" // argstr = sprintf("%d, %p, %p, %p, %s, %p", $n, $inp, $outp, $exp, // _struct_timespec_u($tsp,1), $sig) @@ -485,11 +485,11 @@ probe nd_syscall.pselect6 = kernel.function("sys_pselect6") ? { argstr = sprintf("%d, %p, %p, %p, %s, %p", int_arg(1) , pointer_arg(2), pointer_arg(3), pointer_arg(4), _struct_timespec_u(pointer_arg(5),1), pointer_arg(6)) } -probe nd_syscall.pselect6.return = kernel.function("sys_pselect6").return ? { +probe nd_syscall.pselect6.return = kprobe.function("sys_pselect6").return ? { name = "pselect6" retstr = returnstr(1) } -probe nd_syscall.compat_pselect6 = kernel.function("compat_sys_pselect6") ? { +probe nd_syscall.compat_pselect6 = kprobe.function("compat_sys_pselect6") ? { name = "pselect6" // argstr = sprintf("%d, %p, %p, %p, %s, %p", $n, $inp, $outp, $exp, // _struct_compat_timespec_u($tsp,1), $sig) @@ -497,7 +497,7 @@ probe nd_syscall.compat_pselect6 = kernel.function("compat_sys_pselect6") ? { argstr = sprintf("%d, %p, %p, %p, %s, %p", int_arg(1), pointer_arg(2), pointer_arg(3), pointer_arg(4), _struct_compat_timespec_u(pointer_arg(5),1), pointer_arg(6)) } -probe nd_syscall.compat_pselect6.return = kernel.function("compat_sys_pselect6").return ? { +probe nd_syscall.compat_pselect6.return = kprobe.function("compat_sys_pselect6").return ? { name = "pselect6" retstr = returnstr(1) } @@ -508,7 +508,7 @@ probe nd_syscall.compat_pselect6.return = kernel.function("compat_sys_pselect6") # fd_set __user *exp, struct timespec __user *tsp, # const sigset_t __user *sigmask, size_t sigsetsize) # -probe nd_syscall.pselect7 = kernel.function("sys_pselect7") ? { +probe nd_syscall.pselect7 = kprobe.function("sys_pselect7") ? { name = "pselect7" // argstr = sprintf("%d, %p, %p, %p, %s, %p, %d", $n, $inp, $outp, $exp, // _struct_timespec_u($tsp,1), $sigmask, $sigsetsize) @@ -516,11 +516,11 @@ probe nd_syscall.pselect7 = kernel.function("sys_pselect7") ? { argstr = sprintf("%d, %p, %p, %p, %s, %p, %d", int_arg(1) , pointer_arg(2), pointer_arg(3), pointer_arg(4), _struct_timespec_u(pointer_arg(5),1), pointer_arg(6), ulong_arg(7)) } -probe nd_syscall.pselect7.return = kernel.function("sys_pselect7").return ? { +probe nd_syscall.pselect7.return = kprobe.function("sys_pselect7").return ? { name = "pselect7" retstr = returnstr(1) } -probe nd_syscall.compat_pselect7a = kernel.function("compat_sys_pselect7") ? { +probe nd_syscall.compat_pselect7a = kprobe.function("compat_sys_pselect7") ? { name = "pselect7" //argstr = sprintf("%d, %p, %p, %p, %s, %p, %d", $n, $inp, $outp, $exp, // _struct_compat_timespec_u($tsp,1), $sigmask, $sigsetsize) @@ -528,7 +528,7 @@ probe nd_syscall.compat_pselect7a = kernel.function("compat_sys_pselect7") ? { argstr = sprintf("%d, %p, %p, %p, %s, %p, %d", int_arg(1) , pointer_arg(2), pointer_arg(3), pointer_arg(4), _struct_timespec_u(pointer_arg(5),1), pointer_arg(6), ulong_arg(7)) } -probe nd_syscall.compat_pselect7.return = kernel.function("compat_sys_pselect7").return ? { +probe nd_syscall.compat_pselect7.return = kprobe.function("compat_sys_pselect7").return ? { name = "pselect7" retstr = returnstr(1) } @@ -540,7 +540,7 @@ probe nd_syscall.compat_pselect7.return = kernel.function("compat_sys_pselect7") # long addr, # long data) # -probe nd_syscall.ptrace = kernel.function("sys_ptrace") ? { +probe nd_syscall.ptrace = kprobe.function("sys_ptrace") ? { name = "ptrace" // request = $request // pid = $pid @@ -553,7 +553,7 @@ probe nd_syscall.ptrace = kernel.function("sys_ptrace") ? { data = long_arg(4) argstr = sprintf("%d, %d, %p, %p", request, pid, addr, data) } -probe nd_syscall.ptrace.return = kernel.function("sys_ptrace").return ? { +probe nd_syscall.ptrace.return = kprobe.function("sys_ptrace").return ? { name = "ptrace" retstr = returnstr(1) } @@ -565,7 +565,7 @@ probe nd_syscall.ptrace.return = kernel.function("sys_ptrace").return ? { # size_t count, # loff_t pos) # -probe nd_syscall.pwrite = kernel.function("sys_pwrite64") { +probe nd_syscall.pwrite = kprobe.function("sys_pwrite64") { name = "pwrite" // fd = $fd // buf_uaddr = $buf @@ -583,13 +583,13 @@ probe nd_syscall.pwrite = kernel.function("sys_pwrite64") { text_strn(user_string(buf_uaddr),syscall_string_trunc,1), count, offset) } -probe nd_syscall.pwrite.return = kernel.function("sys_pwrite64").return { +probe nd_syscall.pwrite.return = kprobe.function("sys_pwrite64").return { name = "pwrite" retstr = returnstr(1) } # long sys32_pwrite64(unsigned int fd, const char __user *ubuf, # size_t count, u32 poshi, u32 poslo) -probe nd_syscall.pwrite32 = kernel.function("sys32_pwrite64") ? { +probe nd_syscall.pwrite32 = kprobe.function("sys32_pwrite64") ? { name = "pwrite" // fd = $fd // buf_uaddr = $buf @@ -615,7 +615,7 @@ probe nd_syscall.pwrite32 = kernel.function("sys32_pwrite64") ? { text_strn(user_string(buf_uaddr),syscall_string_trunc,1), count, offset) } -probe nd_syscall.pwrite32.return = kernel.function("sys32_pwrite64").return ? { +probe nd_syscall.pwrite32.return = kprobe.function("sys32_pwrite64").return ? { name = "pwrite" retstr = returnstr(1) } @@ -627,7 +627,7 @@ probe nd_syscall.pwrite32.return = kernel.function("sys32_pwrite64").return ? { # qid_t id, # void __user *addr) # -probe nd_syscall.quotactl = kernel.function("sys_quotactl") ? { +probe nd_syscall.quotactl = kprobe.function("sys_quotactl") ? { name = "quotactl" // cmd = $cmd // cmd_str = _quotactl_cmd_str($cmd) @@ -645,7 +645,7 @@ probe nd_syscall.quotactl = kernel.function("sys_quotactl") ? { addr_uaddr = pointer_arg(4) argstr = sprintf("%s, %s, %d, %p", cmd_str, special_str, id, addr_uaddr) } -probe nd_syscall.quotactl.return = kernel.function("sys_quotactl").return ? { +probe nd_syscall.quotactl.return = kprobe.function("sys_quotactl").return ? { name = "quotactl" retstr = returnstr(1) } @@ -653,7 +653,7 @@ probe nd_syscall.quotactl.return = kernel.function("sys_quotactl").return ? { # read _______________________________________________________ # ssize_t sys_read(unsigned int fd, char __user * buf, size_t count) -probe nd_syscall.read = kernel.function("sys_read") { +probe nd_syscall.read = kprobe.function("sys_read") { name = "read" // fd = $fd // buf_uaddr = $buf @@ -665,7 +665,7 @@ probe nd_syscall.read = kernel.function("sys_read") { count = ulong_arg(3) argstr = sprintf("%d, %p, %d", fd, buf_uaddr, count) } -probe nd_syscall.read.return = kernel.function("sys_read").return { +probe nd_syscall.read.return = kprobe.function("sys_read").return { name = "read" retstr = returnstr(1) } @@ -677,7 +677,7 @@ probe nd_syscall.read.return = kernel.function("sys_read").return { # loff_t offset, # size_t count) # -probe nd_syscall.readahead = kernel.function("sys_readahead") { +probe nd_syscall.readahead = kprobe.function("sys_readahead") { name = "readahead" // fd = $fd // offset = $offset @@ -688,7 +688,7 @@ probe nd_syscall.readahead = kernel.function("sys_readahead") { count = ulong_arg(3) argstr = sprintf("%d, %p, %p", fd, offset, count) } -probe nd_syscall.readahead.return = kernel.function("sys_readahead").return { +probe nd_syscall.readahead.return = kprobe.function("sys_readahead").return { name = "readahead" retstr = returnstr(1) } @@ -699,8 +699,8 @@ probe nd_syscall.readahead.return = kernel.function("sys_readahead").return { # int old32_readdir(unsigned int fd, struct old_linux_dirent32 *dirent, unsigned int count) # probe nd_syscall.readdir = - kernel.function("compat_sys_old_readdir") ?, - kernel.function("old32_readdir") ? + kprobe.function("compat_sys_old_readdir") ?, + kprobe.function("old32_readdir") ? { name = "readdir" // argstr = sprintf("%d, %p, %d", $fd, $dirent, $count) @@ -708,8 +708,8 @@ probe nd_syscall.readdir = argstr = sprintf("%d, %p, %d", uint_arg(1), pointer_arg(2), uint_arg(3)) } probe nd_syscall.readdir.return = - kernel.function("compat_sys_old_readdir").return ?, - kernel.function("old32_readdir").return ? + kprobe.function("compat_sys_old_readdir").return ?, + kprobe.function("old32_readdir").return ? { name = "readdir" retstr = returnstr(1) @@ -721,7 +721,7 @@ probe nd_syscall.readdir.return = # char __user * buf, # int bufsiz) # -probe nd_syscall.readlink = kernel.function("sys_readlink") { +probe nd_syscall.readlink = kprobe.function("sys_readlink") { name = "readlink" // path = user_string($path) // buf_uaddr = $buf @@ -735,7 +735,7 @@ probe nd_syscall.readlink = kernel.function("sys_readlink") { argstr = sprintf("%s, %p, %d", user_string_quoted(pointer_arg(1)), buf_uaddr, bufsiz) } -probe nd_syscall.readlink.return = kernel.function("sys_readlink").return { +probe nd_syscall.readlink.return = kprobe.function("sys_readlink").return { name = "readlink" retstr = returnstr(1) } @@ -746,7 +746,7 @@ probe nd_syscall.readlink.return = kernel.function("sys_readlink").return { # char __user * buf, # int bufsiz) # -probe nd_syscall.readlinkat = kernel.function("sys_readlinkat") ? { +probe nd_syscall.readlinkat = kprobe.function("sys_readlinkat") ? { name = "readlinkat" //dfd = $dfd // path = user_string($path) @@ -762,7 +762,7 @@ probe nd_syscall.readlinkat = kernel.function("sys_readlinkat") ? { argstr = sprintf("%s, %s, %p, %d", _dfd_str(dfd), user_string_quoted(pointer_arg(2)), buf_uaddr, bufsiz) } -probe nd_syscall.readlinkat.return = kernel.function("sys_readlinkat").return ? { +probe nd_syscall.readlinkat.return = kprobe.function("sys_readlinkat").return ? { name = "readlinkat" retstr = returnstr(1) } @@ -777,8 +777,8 @@ probe nd_syscall.readlinkat.return = kernel.function("sys_readlinkat").return ? # unsigned long vlen) # probe nd_syscall.readv = - kernel.function("sys_readv"), - kernel.function("compat_sys_readv") ? + kprobe.function("sys_readv"), + kprobe.function("compat_sys_readv") ? { name = "readv" // vector_uaddr = $vec @@ -797,8 +797,8 @@ probe nd_syscall.readv = argstr = sprintf("%d, %p, %d", fd, vector_uaddr, count) } probe nd_syscall.readv.return = - kernel.function("sys_readv").return, - kernel.function("compat_sys_readv").return ? + kprobe.function("sys_readv").return, + kprobe.function("compat_sys_readv").return ? { name = "readv" retstr = returnstr(1) @@ -811,7 +811,7 @@ probe nd_syscall.readv.return = # unsigned int cmd, # void __user * arg) # -probe nd_syscall.reboot = kernel.function("sys_reboot") { +probe nd_syscall.reboot = kprobe.function("sys_reboot") { name = "reboot" // magic = $magic1 // magic_str = _reboot_magic_str($magic1) @@ -833,7 +833,7 @@ probe nd_syscall.reboot = kernel.function("sys_reboot") { argstr = sprintf("%s, %s, %s, %p", magic_str, magic2_str, flag_str, arg_uaddr) } -probe nd_syscall.reboot.return = kernel.function("sys_reboot").return { +probe nd_syscall.reboot.return = kprobe.function("sys_reboot").return { name = "reboot" retstr = returnstr(1) } @@ -842,7 +842,7 @@ probe nd_syscall.reboot.return = kernel.function("sys_reboot").return { # # long sys_recv(int fd, void __user *ubuf, size_t size, unsigned flags) # -probe nd_syscall.recv = kernel.function("sys_recv") ? { +probe nd_syscall.recv = kprobe.function("sys_recv") ? { name = "recv" // s = $fd // buf_uaddr = $ubuf @@ -858,7 +858,7 @@ probe nd_syscall.recv = kernel.function("sys_recv") ? { flags_str = _recvflags_str(flags) argstr = sprintf("%d, %p, %d, %s", s, buf_uaddr, len, flags_str) } -probe nd_syscall.recv.return = kernel.function("sys_recv").return ? { +probe nd_syscall.recv.return = kprobe.function("sys_recv").return ? { name = "recv" retstr = returnstr(1) } @@ -872,7 +872,7 @@ probe nd_syscall.recv.return = kernel.function("sys_recv").return ? { # struct sockaddr __user *addr, # int __user *addr_len) # -probe nd_syscall.recvfrom = kernel.function("sys_recvfrom") ? { +probe nd_syscall.recvfrom = kprobe.function("sys_recvfrom") ? { name = "recvfrom" // s = $fd // buf_uaddr = $ubuf @@ -894,7 +894,7 @@ probe nd_syscall.recvfrom = kernel.function("sys_recvfrom") ? { argstr = sprintf("%d, %p, %d, %s, %p, %p", s, buf_uaddr, len, flags_str, addr_uaddr, addrlen_uaddr) } -probe nd_syscall.recvfrom.return = kernel.function("sys_recvfrom").return ? { +probe nd_syscall.recvfrom.return = kprobe.function("sys_recvfrom").return ? { name = "recvfrom" retstr = returnstr(1) } @@ -905,7 +905,7 @@ probe nd_syscall.recvfrom.return = kernel.function("sys_recvfrom").return ? { # struct msghdr __user *msg, # unsigned int flags) # -probe nd_syscall.recvmsg = kernel.function("sys_recvmsg") ? { +probe nd_syscall.recvmsg = kprobe.function("sys_recvmsg") ? { name = "recvmsg" // s = $fd // msg_uaddr = $msg @@ -919,7 +919,7 @@ probe nd_syscall.recvmsg = kernel.function("sys_recvmsg") ? { flags_str = _recvflags_str(flags) argstr = sprintf("%d, %p, %s", s, msg_uaddr, flags_str) } -probe nd_syscall.recvmsg.return = kernel.function("sys_recvmsg").return ? { +probe nd_syscall.recvmsg.return = kprobe.function("sys_recvmsg").return ? { name = "recvmsg" retstr = returnstr(1) } @@ -929,7 +929,7 @@ probe nd_syscall.recvmsg.return = kernel.function("sys_recvmsg").return ? { # struct compat_msghdr __user *msg, # unsigned int flags) # -probe nd_syscall.compat_sys_recvmsg = kernel.function("compat_sys_recvmsg") ? { +probe nd_syscall.compat_sys_recvmsg = kprobe.function("compat_sys_recvmsg") ? { name = "compat_sys_recvmsg" // s = $fd // msg_uaddr = $msg @@ -941,7 +941,7 @@ probe nd_syscall.compat_sys_recvmsg = kernel.function("compat_sys_recvmsg") ? { flags = uint_arg(3) argstr = sprintf("%d, %p, %s", s, msg_uaddr, _recvflags_str(flags)) } -probe nd_syscall.compat_sys_recvmsg.return = kernel.function("compat_sys_recvmsg").return ? { +probe nd_syscall.compat_sys_recvmsg.return = kprobe.function("compat_sys_recvmsg").return ? { name = "compat_sys_recvmsg" retstr = returnstr(1) } @@ -954,7 +954,7 @@ probe nd_syscall.compat_sys_recvmsg.return = kernel.function("compat_sys_recvmsg # unsigned long pgoff, # unsigned long flags) # -probe nd_syscall.remap_file_pages = kernel.function("sys_remap_file_pages") ? { +probe nd_syscall.remap_file_pages = kprobe.function("sys_remap_file_pages") ? { name = "remap_file_pages" // start = $start // size = $size @@ -975,7 +975,7 @@ probe nd_syscall.remap_file_pages = kernel.function("sys_remap_file_pages") ? { pgoff, flags) } probe nd_syscall.remap_file_pages.return = - kernel.function("sys_remap_file_pages").return ? { + kprobe.function("sys_remap_file_pages").return ? { name = "remap_file_pages" retstr = returnstr(1) } @@ -986,7 +986,7 @@ probe nd_syscall.remap_file_pages.return = # sys_removexattr(char __user *path, # char __user *name) # -probe nd_syscall.removexattr = kernel.function("sys_removexattr") { +probe nd_syscall.removexattr = kprobe.function("sys_removexattr") { name = "removexattr" // path = user_string($path) // name_str = user_string($name) @@ -998,7 +998,7 @@ probe nd_syscall.removexattr = kernel.function("sys_removexattr") { argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), user_string_quoted(pointer_arg(2))) } -probe nd_syscall.removexattr.return = kernel.function("sys_removexattr").return { +probe nd_syscall.removexattr.return = kprobe.function("sys_removexattr").return { name = "removexattr" retstr = returnstr(1) } @@ -1008,7 +1008,7 @@ probe nd_syscall.removexattr.return = kernel.function("sys_removexattr").return # sys_rename(const char __user * oldname, # const char __user * newname) # -probe nd_syscall.rename = kernel.function("sys_rename") { +probe nd_syscall.rename = kprobe.function("sys_rename") { name = "rename" // oldpath = user_string($oldname) // newpath = user_string($newname) @@ -1020,7 +1020,7 @@ probe nd_syscall.rename = kernel.function("sys_rename") { argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), user_string_quoted(pointer_arg(2))) } -probe nd_syscall.rename.return = kernel.function("sys_rename").return { +probe nd_syscall.rename.return = kprobe.function("sys_rename").return { name = "rename" retstr = returnstr(1) } @@ -1033,7 +1033,7 @@ probe nd_syscall.rename.return = kernel.function("sys_rename").return { # key_serial_t destringid) # compat_sys_request_key() calls sys_request_key, so don't need probe there. # -probe nd_syscall.request_key = kernel.function("sys_request_key") ? { +probe nd_syscall.request_key = kprobe.function("sys_request_key") ? { name = "request_key" // type_uaddr = $_type // description_uaddr = $_description @@ -1047,7 +1047,7 @@ probe nd_syscall.request_key = kernel.function("sys_request_key") ? { destringid = u32_arg(4) argstr = sprintf("%p, %p, %p, %p", type_uaddr,description_uaddr, callout_info_uaddr, destringid) } -probe nd_syscall.request_key.return = kernel.function("sys_request_key").return ? { +probe nd_syscall.request_key.return = kprobe.function("sys_request_key").return ? { name = "request_key" retstr = returnstr(1) } @@ -1057,12 +1057,12 @@ probe nd_syscall.request_key.return = kernel.function("sys_request_key").return # asmlinkage long # sys_restart_syscall(void) # -probe nd_syscall.restart_syscall = kernel.function("sys_restart_syscall") { +probe nd_syscall.restart_syscall = kprobe.function("sys_restart_syscall") { name = "restart_syscall" argstr = "" } probe nd_syscall.restart_syscall.return = - kernel.function("sys_restart_syscall").return { + kprobe.function("sys_restart_syscall").return { name = "restart_syscall" retstr = returnstr(1) } @@ -1071,7 +1071,7 @@ probe nd_syscall.restart_syscall.return = # asmlinkage long # sys_rmdir(const char __user * pathname) # -probe nd_syscall.rmdir = kernel.function("sys_rmdir") { +probe nd_syscall.rmdir = kprobe.function("sys_rmdir") { name = "rmdir" // pathname = user_string($pathname) // argstr = user_string_quoted($pathname) @@ -1079,7 +1079,7 @@ probe nd_syscall.rmdir = kernel.function("sys_rmdir") { pathname = user_string(pointer_arg(1)) argstr = user_string_quoted(pointer_arg(1)) } -probe nd_syscall.rmdir.return = kernel.function("sys_rmdir").return { +probe nd_syscall.rmdir.return = kprobe.function("sys_rmdir").return { name = "rmdir" retstr = returnstr(1) } @@ -1091,7 +1091,7 @@ probe nd_syscall.rmdir.return = kernel.function("sys_rmdir").return { # struct sigaction __user *oact, # size_t sigsetsize) # -probe nd_syscall.rt_sigaction = kernel.function("sys_rt_sigaction") ? { +probe nd_syscall.rt_sigaction = kprobe.function("sys_rt_sigaction") ? { name = "rt_sigaction" // sig = $sig // act_uaddr = $act @@ -1107,7 +1107,7 @@ probe nd_syscall.rt_sigaction = kernel.function("sys_rt_sigaction") ? { argstr = sprintf("%s, {%s}, %p, %d", _signal_name(sig), _struct_sigaction_u(act_uaddr), oact_uaddr, sigsetsize) } -probe nd_syscall.rt_sigaction.return = kernel.function("sys_rt_sigaction").return ? { +probe nd_syscall.rt_sigaction.return = kprobe.function("sys_rt_sigaction").return ? { name = "rt_sigaction" retstr = returnstr(1) } @@ -1123,8 +1123,8 @@ probe nd_syscall.rt_sigaction.return = kernel.function("sys_rt_sigaction").retur # struct sigaction32 __user *oact, # size_t sigsetsize) -probe nd_syscall.rt_sigaction32 = kernel.function("sys32_rt_sigaction") ?, - kernel.function("compat_sys_rt_sigaction") ? +probe nd_syscall.rt_sigaction32 = kprobe.function("sys32_rt_sigaction") ?, + kprobe.function("compat_sys_rt_sigaction") ? { name = "rt_sigaction" // sig = $sig @@ -1139,8 +1139,8 @@ probe nd_syscall.rt_sigaction32 = kernel.function("sys32_rt_sigaction") ?, sigsetsize = uint_arg(4) argstr = sprintf("%s, %p, %p, %d", _signal_name(sig), act_uadd, oact_uaddr, sigsetsize) } -probe nd_syscall.rt_sigaction32.return = kernel.function("sys32_rt_sigaction").return ?, - kernel.function("compat_sys_rt_sigaction").return ? +probe nd_syscall.rt_sigaction32.return = kprobe.function("sys32_rt_sigaction").return ?, + kprobe.function("compat_sys_rt_sigaction").return ? { name = "rt_sigaction" retstr = returnstr(1) @@ -1150,7 +1150,7 @@ probe nd_syscall.rt_sigaction32.return = kernel.function("sys32_rt_sigaction").r # # long sys_rt_sigpending(sigset_t __user *set, size_t sigsetsize) # -probe nd_syscall.rt_sigpending = kernel.function("sys_rt_sigpending") ? { +probe nd_syscall.rt_sigpending = kprobe.function("sys_rt_sigpending") ? { name = "rt_sigpending" // set_uaddr = $set // sigsetsize = $sigsetsize @@ -1160,7 +1160,7 @@ probe nd_syscall.rt_sigpending = kernel.function("sys_rt_sigpending") ? { sigsetsize = ulong_arg(2) argstr = sprintf("%p, %d", set_uaddr, sigsetsize) } -probe nd_syscall.rt_sigpending.return = kernel.function("sys_rt_sigpending").return ? { +probe nd_syscall.rt_sigpending.return = kprobe.function("sys_rt_sigpending").return ? { name = "rt_sigpending" retstr = returnstr(1) } @@ -1171,9 +1171,9 @@ probe nd_syscall.rt_sigpending.return = kernel.function("sys_rt_sigpending").ret # long sys_rt_sigprocmask(int how, sigset_t __user *set, sigset_t __user *oset, size_t sigsetsize) # probe nd_syscall.rt_sigprocmask = - kernel.function("sys32_rt_sigprocmask") ?, - kernel.function("compat_sys_rt_sigprocmask") ?, - kernel.function("sys_rt_sigprocmask") ? + kprobe.function("sys32_rt_sigprocmask") ?, + kprobe.function("compat_sys_rt_sigprocmask") ?, + kprobe.function("sys_rt_sigprocmask") ? { name = "rt_sigprocmask" // how = $how @@ -1192,9 +1192,9 @@ probe nd_syscall.rt_sigprocmask = oldset_uaddr, uint_arg(4)) } probe nd_syscall.rt_sigprocmask.return = - kernel.function("sys32_rt_sigprocmask").return ?, - kernel.function("compat_sys_rt_sigprocmask").return ?, - kernel.function("sys_rt_sigprocmask").return ? + kprobe.function("sys32_rt_sigprocmask").return ?, + kprobe.function("compat_sys_rt_sigprocmask").return ?, + kprobe.function("sys_rt_sigprocmask").return ? { name = "rt_sigprocmask" retstr = returnstr(1) @@ -1204,7 +1204,7 @@ probe nd_syscall.rt_sigprocmask.return = # # long sys_rt_sigqueueinfo(int pid, int sig,siginfo_t __user *uinfo) # -probe nd_syscall.rt_sigqueueinfo = kernel.function("sys_rt_sigqueueinfo") { +probe nd_syscall.rt_sigqueueinfo = kprobe.function("sys_rt_sigqueueinfo") { name = "rt_sigqueueinfo" // pid = $pid // sig = $sig @@ -1217,7 +1217,7 @@ probe nd_syscall.rt_sigqueueinfo = kernel.function("sys_rt_sigqueueinfo") { argstr = sprintf("%d, %s, %p", pid, _signal_name(sig), uinfo_uaddr) } probe nd_syscall.rt_sigqueueinfo.return = - kernel.function("sys_rt_sigqueueinfo").return { + kprobe.function("sys_rt_sigqueueinfo").return { name = "rt_sigqueueinfo" retstr = returnstr(1) } @@ -1226,15 +1226,15 @@ probe nd_syscall.rt_sigqueueinfo.return = # int sys_rt_sigreturn(unsigned long __unused) # probe nd_syscall.rt_sigreturn = - kernel.function("sys_rt_sigreturn") ?, - kernel.function("sys32_rt_sigreturn") ? + kprobe.function("sys_rt_sigreturn") ?, + kprobe.function("sys32_rt_sigreturn") ? { name = "rt_sigreturn" argstr = "" } probe nd_syscall.rt_sigreturn.return = - kernel.function("sys_rt_sigreturn").return ?, - kernel.function("sys32_rt_sigreturn").return ? + kprobe.function("sys_rt_sigreturn").return ?, + kprobe.function("sys32_rt_sigreturn").return ? { name = "rt_sigreturn" retstr = returnstr(1) @@ -1245,17 +1245,17 @@ probe nd_syscall.rt_sigreturn.return = # sys_rt_sigsuspend(struct pt_regs regs) # probe nd_syscall.rt_sigsuspend = - kernel.function("sys_rt_sigsuspend") ?, - kernel.function("compat_sys_rt_sigsuspend") ?, - kernel.function("ia64_rt_sigsuspend") ? + kprobe.function("sys_rt_sigsuspend") ?, + kprobe.function("compat_sys_rt_sigsuspend") ?, + kprobe.function("ia64_rt_sigsuspend") ? { name = "rt_sigsuspend" argstr = "" } probe nd_syscall.rt_sigsuspend.return = - kernel.function("sys_rt_sigsuspend").return ?, - kernel.function("compat_sys_rt_sigsuspend").return ?, - kernel.function("ia64_rt_sigsuspend").return ? + kprobe.function("sys_rt_sigsuspend").return ?, + kprobe.function("compat_sys_rt_sigsuspend").return ?, + kprobe.function("ia64_rt_sigsuspend").return ? { name = "rt_sigsuspend" retstr = returnstr(1) @@ -1272,8 +1272,8 @@ probe nd_syscall.rt_sigsuspend.return = # struct compat_timespec __user *uts, compat_size_t sigsetsize) # probe nd_syscall.rt_sigtimedwait = - kernel.function("sys_rt_sigtimedwait"), - kernel.function("compat_sys_rt_sigtimedwait") ? + kprobe.function("sys_rt_sigtimedwait"), + kprobe.function("compat_sys_rt_sigtimedwait") ? { name = "rt_sigtimedwait" // uthese_uaddr = $uthese @@ -1292,8 +1292,8 @@ probe nd_syscall.rt_sigtimedwait = argstr = sprintf("%p, %p, %p, %d", uthese_uaddr, uinfo_uaddr, uts_uaddr, sigsetsize) } probe nd_syscall.rt_sigtimedwait.return = - kernel.function("sys_rt_sigtimedwait").return, - kernel.function("compat_sys_rt_sigtimedwait").return ? + kprobe.function("sys_rt_sigtimedwait").return, + kprobe.function("compat_sys_rt_sigtimedwait").return ? { name = "rt_sigtimedwait" retstr = returnstr(1) @@ -1306,7 +1306,7 @@ probe nd_syscall.rt_sigtimedwait.return = # unsigned int len, # unsigned long __user *user_mask_ptr) # -probe nd_syscall.sched_getaffinity = kernel.function("sys_sched_getaffinity") { +probe nd_syscall.sched_getaffinity = kprobe.function("sys_sched_getaffinity") { name = "sched_getaffinity" // pid = $pid // len = $len @@ -1318,7 +1318,7 @@ probe nd_syscall.sched_getaffinity = kernel.function("sys_sched_getaffinity") { argstr = sprintf("%d, %p, %p", pid, len, mask_uaddr) } probe nd_syscall.sched_getaffinity.return = - kernel.function("sys_sched_getaffinity").return { + kprobe.function("sys_sched_getaffinity").return { name = "sched_getaffinity" retstr = returnstr(1) } @@ -1328,7 +1328,7 @@ probe nd_syscall.sched_getaffinity.return = # sys_sched_getparam(pid_t pid, # struct sched_param __user *param) # -probe nd_syscall.sched_getparam = kernel.function("sys_sched_getparam") { +probe nd_syscall.sched_getparam = kprobe.function("sys_sched_getparam") { name = "sched_getparam" // pid = $pid // p_uaddr = $param @@ -1338,7 +1338,7 @@ probe nd_syscall.sched_getparam = kernel.function("sys_sched_getparam") { argstr = sprintf("%d, %p", pid, p_uaddr) } probe nd_syscall.sched_getparam.return = - kernel.function("sys_sched_getparam").return { + kprobe.function("sys_sched_getparam").return { name = "sched_getparam" retstr = returnstr(1) } @@ -1348,7 +1348,7 @@ probe nd_syscall.sched_getparam.return = # sys_sched_get_priority_max(int policy) # probe nd_syscall.sched_get_priority_max = - kernel.function("sys_sched_get_priority_max") { + kprobe.function("sys_sched_get_priority_max") { name = "sched_get_priority_max" // policy = $policy asmlinkage() @@ -1356,7 +1356,7 @@ probe nd_syscall.sched_get_priority_max = argstr = sprint(policy) } probe nd_syscall.sched_get_priority_max.return = - kernel.function("sys_sched_get_priority_max").return { + kprobe.function("sys_sched_get_priority_max").return { name = "sched_get_priority_max" retstr = returnstr(1) } @@ -1366,7 +1366,7 @@ probe nd_syscall.sched_get_priority_max.return = # sys_sched_get_priority_min(int policy) # probe nd_syscall.sched_get_priority_min = - kernel.function("sys_sched_get_priority_min") { + kprobe.function("sys_sched_get_priority_min") { name = "sched_get_priority_min" // policy = $policy asmlinkage() @@ -1374,7 +1374,7 @@ probe nd_syscall.sched_get_priority_min = argstr = sprint(policy) } probe nd_syscall.sched_get_priority_min.return = - kernel.function("sys_sched_get_priority_min").return { + kprobe.function("sys_sched_get_priority_min").return { name = "sched_get_priority_min" retstr = returnstr(1) } @@ -1382,7 +1382,7 @@ probe nd_syscall.sched_get_priority_min.return = # # long sys_sched_getscheduler(pid_t pid) # -probe nd_syscall.sched_getscheduler = kernel.function("sys_sched_getscheduler") { +probe nd_syscall.sched_getscheduler = kprobe.function("sys_sched_getscheduler") { name = "sched_getscheduler" // pid = $pid // argstr = sprint($pid) @@ -1390,7 +1390,7 @@ probe nd_syscall.sched_getscheduler = kernel.function("sys_sched_getscheduler") pid = int_arg(1) argstr = sprint(pid) } -probe nd_syscall.sched_getscheduler.return = kernel.function("sys_sched_getscheduler").return { +probe nd_syscall.sched_getscheduler.return = kprobe.function("sys_sched_getscheduler").return { name = "sched_getscheduler" retstr = returnstr(1) } @@ -1398,7 +1398,7 @@ probe nd_syscall.sched_getscheduler.return = kernel.function("sys_sched_getsched # # long sys_sched_rr_get_interval(pid_t pid, struct timespec __user *interval) # -probe nd_syscall.sched_rr_get_interval = kernel.function("sys_sched_rr_get_interval") { +probe nd_syscall.sched_rr_get_interval = kprobe.function("sys_sched_rr_get_interval") { name = "sched_rr_get_interval" // pid = $pid // tp_uaddr = $interval @@ -1408,7 +1408,7 @@ probe nd_syscall.sched_rr_get_interval = kernel.function("sys_sched_rr_get_inter tp_uaddr = pointer_arg(2) argstr = sprintf("%d, %s", pid, _struct_timespec_u(tp_uaddr,1)) } -probe nd_syscall.sched_rr_get_interval.return = kernel.function("sys_sched_rr_get_interval").return { +probe nd_syscall.sched_rr_get_interval.return = kprobe.function("sys_sched_rr_get_interval").return { name = "sched_rr_get_interval" retstr = returnstr(1) } @@ -1420,7 +1420,7 @@ probe nd_syscall.sched_rr_get_interval.return = kernel.function("sys_sched_rr_ge # FIXME: why the problem with x86_64? # %( arch != "x86_64" %? -probe nd_syscall.sched_setaffinity = kernel.function("sys_sched_setaffinity") { +probe nd_syscall.sched_setaffinity = kprobe.function("sys_sched_setaffinity") { name = "sched_setaffinity" // pid = $pid // len = $len @@ -1433,7 +1433,7 @@ probe nd_syscall.sched_setaffinity = kernel.function("sys_sched_setaffinity") { argstr = sprintf("%d, %d, %p", pid, len, mask_uaddr) } %: -probe nd_syscall.sched_setaffinity = kernel.function("sys_sched_setaffinity") { +probe nd_syscall.sched_setaffinity = kprobe.function("sys_sched_setaffinity") { name = "sched_setaffinity" // pid = $pid // len = 0 @@ -1446,7 +1446,7 @@ probe nd_syscall.sched_setaffinity = kernel.function("sys_sched_setaffinity") { argstr = sprintf("%d, , %p", pid, mask_uaddr) } %) -probe nd_syscall.sched_setaffinity.return = kernel.function("sys_sched_setaffinity").return { +probe nd_syscall.sched_setaffinity.return = kprobe.function("sys_sched_setaffinity").return { name = "sched_setaffinity" retstr = returnstr(1) } @@ -1455,7 +1455,7 @@ probe nd_syscall.sched_setaffinity.return = kernel.function("sys_sched_setaffini # # long sys_sched_setparam(pid_t pid, struct sched_param __user *param) # -probe nd_syscall.sched_setparam = kernel.function("sys_sched_setparam") ? { +probe nd_syscall.sched_setparam = kprobe.function("sys_sched_setparam") ? { name = "sched_setparam" // pid = $pid // p_uaddr = $param @@ -1465,7 +1465,7 @@ probe nd_syscall.sched_setparam = kernel.function("sys_sched_setparam") ? { p_uaddr = pointer_arg(2) argstr = sprintf("%d, %p", pid, p_uaddr) } -probe nd_syscall.sched_setparam.return = kernel.function("sys_sched_setparam").return ? { +probe nd_syscall.sched_setparam.return = kprobe.function("sys_sched_setparam").return ? { name = "sched_setparam" retstr = returnstr(1) } @@ -1474,7 +1474,7 @@ probe nd_syscall.sched_setparam.return = kernel.function("sys_sched_setparam").r # # long sys_sched_setscheduler(pid_t pid, int policy, struct sched_param __user *param) # -probe nd_syscall.sched_setscheduler = kernel.function("sys_sched_setscheduler") ? { +probe nd_syscall.sched_setscheduler = kprobe.function("sys_sched_setscheduler") ? { name = "sched_setscheduler" // pid = $pid // policy = $policy @@ -1488,7 +1488,7 @@ probe nd_syscall.sched_setscheduler = kernel.function("sys_sched_setscheduler") p_uaddr = pointer_arg(3) argstr = sprintf("%d, %s, %p", pid, policy_str, p_uaddr) } -probe nd_syscall.sched_setscheduler.return = kernel.function("sys_sched_setscheduler").return ? { +probe nd_syscall.sched_setscheduler.return = kprobe.function("sys_sched_setscheduler").return ? { name = "sched_setscheduler" retstr = returnstr(1) } @@ -1496,11 +1496,11 @@ probe nd_syscall.sched_setscheduler.return = kernel.function("sys_sched_setsched # sched_yield ________________________________________________ # long sys_sched_yield(void) # -probe nd_syscall.sched_yield = kernel.function("sys_sched_yield") { +probe nd_syscall.sched_yield = kprobe.function("sys_sched_yield") { name = "sched_yield" argstr = "" } -probe nd_syscall.sched_yield.return = kernel.function("sys_sched_yield").return { +probe nd_syscall.sched_yield.return = kprobe.function("sys_sched_yield").return { name = "sched_yield" retstr = returnstr(1) } @@ -1512,7 +1512,7 @@ probe nd_syscall.sched_yield.return = kernel.function("sys_sched_yield").return # fd_set __user *exp, # struct timeval __user *tvp) # -probe nd_syscall.select = kernel.function("sys_select") { +probe nd_syscall.select = kprobe.function("sys_select") { name = "select" // n = $n // readfds_uaddr = $inp @@ -1530,7 +1530,7 @@ probe nd_syscall.select = kernel.function("sys_select") { argstr = sprintf("%d, %p, %p, %p, %s", n, readfds_uaddr, writefds_uaddr, exceptfds_uaddr, _struct_timeval_u(timeout_uaddr, 1)) } -probe nd_syscall.select.return = kernel.function("sys_select").return { +probe nd_syscall.select.return = kprobe.function("sys_select").return { name = "select" retstr = returnstr(1) } @@ -1540,7 +1540,7 @@ probe nd_syscall.select.return = kernel.function("sys_select").return { # compat_ulong_t __user *exp, # struct compat_timeval __user *tvp) # -probe nd_syscall.compat_select = kernel.function("compat_sys_select") ? { +probe nd_syscall.compat_select = kprobe.function("compat_sys_select") ? { name = "select" // n = $n // readfds_uaddr = $inp @@ -1558,7 +1558,7 @@ probe nd_syscall.compat_select = kernel.function("compat_sys_select") ? { argstr = sprintf("%d, %p, %p, %p, %s", n, readfds_uaddr, writefds_uaddr, exceptfds_uaddr, _struct_timeval_u(timeout_uaddr, 1)) } -probe nd_syscall.compat_select.return = kernel.function("compat_sys_select").return ? { +probe nd_syscall.compat_select.return = kprobe.function("compat_sys_select").return ? { name = "select" retstr = returnstr(1) } @@ -1569,7 +1569,7 @@ probe nd_syscall.compat_select.return = kernel.function("compat_sys_select").ret # int cmd, # union semun arg) # -probe nd_syscall.semctl = kernel.function("sys_semctl") ? { +probe nd_syscall.semctl = kprobe.function("sys_semctl") ? { name = "semctl" // semid = $semid // semnum = $semnum @@ -1585,7 +1585,7 @@ probe nd_syscall.semctl = kernel.function("sys_semctl") ? { cmd = int_arg(3) argstr = sprintf("%d, %d, %s", semid, semnum, _semctl_cmd(cmd)) // ** jk done } -probe nd_syscall.semctl.return = kernel.function("sys_semctl").return ? { +probe nd_syscall.semctl.return = kprobe.function("sys_semctl").return ? { name = "semctl" retstr = returnstr(1) } @@ -1593,11 +1593,11 @@ probe nd_syscall.semctl.return = kernel.function("sys_semctl").return ? { # # long compat_sys_semctl(int first, int second, int third, void __user *uptr) # -probe nd_syscall.compat_sys_semctl = kernel.function("compat_sys_semctl") ? { +probe nd_syscall.compat_sys_semctl = kprobe.function("compat_sys_semctl") ? { name = "compat_sys_semctl" argstr = sprintf("%d, %d, %d, %p", $first, $second, $third, $uptr) // ** not asmlinkage } -probe nd_syscall.compat_sys_semctl.return = kernel.function("compat_sys_semctl").return ? { +probe nd_syscall.compat_sys_semctl.return = kprobe.function("compat_sys_semctl").return ? { name = "compat_sys_semctl" retstr = returnstr(1) } @@ -1605,7 +1605,7 @@ probe nd_syscall.compat_sys_semctl.return = kernel.function("compat_sys_semctl") # semget _____________________________________________________ # long sys_semget (key_t key, int nsems, int semflg) # -probe nd_syscall.semget = kernel.function("sys_semget") ? { +probe nd_syscall.semget = kprobe.function("sys_semget") ? { name = "semget" // key = $key // nsems = $nsems @@ -1617,7 +1617,7 @@ probe nd_syscall.semget = kernel.function("sys_semget") ? { semflg = int_arg(3) argstr = sprintf("%d, %d, %s", key, nsems, __sem_flags(semflg)) } -probe nd_syscall.semget.return = kernel.function("sys_semget").return ? { +probe nd_syscall.semget.return = kprobe.function("sys_semget").return ? { name = "semget" retstr = returnstr(1) } @@ -1628,7 +1628,7 @@ probe nd_syscall.semget.return = kernel.function("sys_semget").return ? { # struct sembuf __user *tsops, # unsigned nsops) # -probe nd_syscall.semop = kernel.function("sys_semtimedop") ? { +probe nd_syscall.semop = kprobe.function("sys_semtimedop") ? { name = "semop" // semid = $semid // tsops_uaddr = $tsops @@ -1640,7 +1640,7 @@ probe nd_syscall.semop = kernel.function("sys_semtimedop") ? { nsops = uint_arg(3) argstr = sprintf("%d, %p, %d", semid, tsops_uaddr, nsops) } -probe nd_syscall.semop.return = kernel.function("sys_semtimedop").return ? { +probe nd_syscall.semop.return = kprobe.function("sys_semtimedop").return ? { name = "semop" retstr = returnstr(1) } @@ -1652,7 +1652,7 @@ probe nd_syscall.semop.return = kernel.function("sys_semtimedop").return ? { # unsigned nsops, # const struct timespec __user *timeout) # -probe nd_syscall.semtimedop = kernel.function("sys_semtimedop") ? { +probe nd_syscall.semtimedop = kprobe.function("sys_semtimedop") ? { name = "semtimedop" // semid = $semid // sops_uaddr = $tsops @@ -1668,7 +1668,7 @@ probe nd_syscall.semtimedop = kernel.function("sys_semtimedop") ? { argstr = sprintf("%d, %p, %d, %s", semid, sops_uaddr, nsops, _struct_timespec_u(timeout_uaddr,1)) } -probe nd_syscall.semtimedop.return = kernel.function("sys_semtimedop").return ? { +probe nd_syscall.semtimedop.return = kprobe.function("sys_semtimedop").return ? { name = "semtimedop" retstr = returnstr(1) } @@ -1677,7 +1677,7 @@ probe nd_syscall.semtimedop.return = kernel.function("sys_semtimedop").return ? # long compat_sys_semtimedop(int semid, struct sembuf __user *tsems, # unsigned nsops, const struct compat_timespec __user *timeout) # -probe nd_syscall.compat_sys_semtimedop = kernel.function("compat_sys_semtimedop") ? { +probe nd_syscall.compat_sys_semtimedop = kprobe.function("compat_sys_semtimedop") ? { name = "compat_sys_semtimedop" // semid = $semid // sops_uaddr = $tsems @@ -1693,7 +1693,7 @@ probe nd_syscall.compat_sys_semtimedop = kernel.function("compat_sys_semtimedop" argstr = sprintf("%d, %p, %d, %s", semid, sops_uaddr, nsops, _struct_compat_timespec_u(timeout_uaddr,1)) } -probe nd_syscall.compat_sys_semtimedop.return = kernel.function("compat_sys_semtimedop").return ? { +probe nd_syscall.compat_sys_semtimedop.return = kprobe.function("compat_sys_semtimedop").return ? { name = "compat_sys_semtimedop" retstr = returnstr(1) } @@ -1705,7 +1705,7 @@ probe nd_syscall.compat_sys_semtimedop.return = kernel.function("compat_sys_semt # size_t len, # unsigned flags) # -probe nd_syscall.send = kernel.function("sys_send") ? { +probe nd_syscall.send = kprobe.function("sys_send") ? { name = "send" // s = $fd // buf_uaddr = $buff @@ -1721,7 +1721,7 @@ probe nd_syscall.send = kernel.function("sys_send") ? { flags_str = _sendflags_str(flags) argstr = sprintf("%d, %p, %d, %s", s, buf_uaddr, len, flags_str) } -probe nd_syscall.send.return = kernel.function("sys_send").return ? { +probe nd_syscall.send.return = kprobe.function("sys_send").return ? { name = "send" retstr = returnstr(1) } @@ -1734,8 +1734,8 @@ probe nd_syscall.send.return = kernel.function("sys_send").return ? { # size_t count) # probe nd_syscall.sendfile = - kernel.function("sys_sendfile") ?, - kernel.function("sys_sendfile64") ? + kprobe.function("sys_sendfile") ?, + kprobe.function("sys_sendfile64") ? { name = "sendfile" // out_fd = $out_fd @@ -1753,8 +1753,8 @@ probe nd_syscall.sendfile = count) } probe nd_syscall.sendfile.return = - kernel.function("sys_sendfile").return ?, - kernel.function("sys_sendfile64").return ? + kprobe.function("sys_sendfile").return ?, + kprobe.function("sys_sendfile64").return ? { name = "sendfile" retstr = returnstr(1) @@ -1764,7 +1764,7 @@ probe nd_syscall.sendfile.return = # # long sys_sendmsg(int fd, struct msghdr __user *msg, unsigned flags) # -probe nd_syscall.sendmsg = kernel.function("sys_sendmsg") ? { +probe nd_syscall.sendmsg = kprobe.function("sys_sendmsg") ? { name = "sendmsg" // s = $fd // msg_uaddr = $msg @@ -1778,7 +1778,7 @@ probe nd_syscall.sendmsg = kernel.function("sys_sendmsg") ? { flags_str = _sendflags_str(flags) argstr = sprintf("%d, %p, %s", s, msg_uaddr, _sendflags_str(flags)) } -probe nd_syscall.sendmsg.return = kernel.function("sys_sendmsg").return ? { +probe nd_syscall.sendmsg.return = kprobe.function("sys_sendmsg").return ? { name = "sendmsg" retstr = returnstr(1) } @@ -1786,7 +1786,7 @@ probe nd_syscall.sendmsg.return = kernel.function("sys_sendmsg").return ? { # # long compat_sys_sendmsg(int fd, struct compat_msghdr __user *msg, unsigned flags) # -probe nd_syscall.compat_sys_sendmsg = kernel.function("compat_sys_sendmsg") ? { +probe nd_syscall.compat_sys_sendmsg = kprobe.function("compat_sys_sendmsg") ? { name = "compat_sys_sendmsg" // s = $fd // msg_uaddr = $msg @@ -1798,7 +1798,7 @@ probe nd_syscall.compat_sys_sendmsg = kernel.function("compat_sys_sendmsg") ? { flags = uint_arg(3) argstr = sprintf("%d, %p, %s", s, msg_uaddr, _sendflags_str(flags)) } -probe nd_syscall.compat_sys_sendmsg.return = kernel.function("compat_sys_sendmsg").return ? { +probe nd_syscall.compat_sys_sendmsg.return = kprobe.function("compat_sys_sendmsg").return ? { name = "compat_sys_sendmsg" retstr = returnstr(1) } @@ -1812,7 +1812,7 @@ probe nd_syscall.compat_sys_sendmsg.return = kernel.function("compat_sys_sendmsg # struct sockaddr __user *addr, # int addr_len) # -probe nd_syscall.sendto = kernel.function("sys_sendto") ? { +probe nd_syscall.sendto = kprobe.function("sys_sendto") ? { name = "sendto" // s = $fd // buf_uaddr = $buff @@ -1834,7 +1834,7 @@ probe nd_syscall.sendto = kernel.function("sys_sendto") ? { argstr = sprintf("%d, %p, %d, %s, %s, %d", s, buf_uaddr, len, flags_str, _struct_sockaddr_u(to_uaddr,tolen), tolen) } -probe nd_syscall.sendto.return = kernel.function("sys_sendto").return ? { +probe nd_syscall.sendto.return = kprobe.function("sys_sendto").return ? { name = "sendto" retstr = returnstr(1) } @@ -1845,7 +1845,7 @@ probe nd_syscall.sendto.return = kernel.function("sys_sendto").return ? { # sys_setdomainname(char __user *name, # int len) # -probe nd_syscall.setdomainname = kernel.function("sys_setdomainname") { +probe nd_syscall.setdomainname = kprobe.function("sys_setdomainname") { name = "setdomainname" // hostname_uaddr = $name // len = $len @@ -1856,7 +1856,7 @@ probe nd_syscall.setdomainname = kernel.function("sys_setdomainname") { argstr = sprintf("%p, %d", hostname_uaddr, len) } probe nd_syscall.setdomainname.return = - kernel.function("sys_setdomainname").return { + kprobe.function("sys_setdomainname").return { name = "setdomainname" retstr = returnstr(1) } @@ -1866,8 +1866,8 @@ probe nd_syscall.setdomainname.return = # long sys_setfsgid16(old_gid_t gid) # probe nd_syscall.setfsgid = - kernel.function("sys_setfsgid") ?, - kernel.function("sys_setfsgid16") ? + kprobe.function("sys_setfsgid") ?, + kprobe.function("sys_setfsgid16") ? { name = "setfsgid" // fsgid = $gid @@ -1877,8 +1877,8 @@ probe nd_syscall.setfsgid = argstr = sprint(fsgid) } probe nd_syscall.setfsgid.return = - kernel.function("sys_setfsgid").return ?, - kernel.function("sys_setfsgid16").return ? + kprobe.function("sys_setfsgid").return ?, + kprobe.function("sys_setfsgid16").return ? { name = "setfsgid" retstr = returnstr(1) @@ -1889,8 +1889,8 @@ probe nd_syscall.setfsgid.return = # long sys_setfsuid16(old_uid_t uid) # probe nd_syscall.setfsuid = - kernel.function("sys_setfsuid") ?, - kernel.function("sys_setfsuid16") ? + kprobe.function("sys_setfsuid") ?, + kprobe.function("sys_setfsuid16") ? { name = "setfsuid" // fsuid = $uid @@ -1900,8 +1900,8 @@ probe nd_syscall.setfsuid = argstr = sprint(fsuid) } probe nd_syscall.setfsuid.return = - kernel.function("sys_setfsuid").return ?, - kernel.function("sys_setfsuid16").return ? + kprobe.function("sys_setfsuid").return ?, + kprobe.function("sys_setfsuid16").return ? { name = "setfsuid" retstr = returnstr(1) @@ -1913,8 +1913,8 @@ probe nd_syscall.setfsuid.return = # long sys_setgid16(old_gid_t gid) # probe nd_syscall.setgid = - kernel.function("sys_setgid") ?, - kernel.function("sys_setgid16") ? + kprobe.function("sys_setgid") ?, + kprobe.function("sys_setgid16") ? { name = "setgid" // gid = $gid @@ -1924,8 +1924,8 @@ probe nd_syscall.setgid = argstr = sprint(gid) } probe nd_syscall.setgid.return = - kernel.function("sys_setgid").return ?, - kernel.function("sys_setgid16").return ? + kprobe.function("sys_setgid").return ?, + kprobe.function("sys_setgid16").return ? { name = "setgid" retstr = returnstr(1) @@ -1938,9 +1938,9 @@ probe nd_syscall.setgid.return = # long sys32_setgroups16(int gidsetsize, u16 __user *grouplist) # probe nd_syscall.setgroups = - kernel.function("sys_setgroups") ?, - kernel.function("sys_setgroups16") ?, - kernel.function("sys32_setgroups16") ? + kprobe.function("sys_setgroups") ?, + kprobe.function("sys_setgroups16") ?, + kprobe.function("sys32_setgroups16") ? { name = "setgroups" // size = $gidsetsize @@ -1952,9 +1952,9 @@ probe nd_syscall.setgroups = argstr = sprintf("%d, %p", size, list_uaddr) } probe nd_syscall.setgroups.return = - kernel.function("sys_setgroups").return ?, - kernel.function("sys_setgroups16").return ?, - kernel.function("sys32_setgroups16").return ? + kprobe.function("sys_setgroups").return ?, + kprobe.function("sys_setgroups16").return ?, + kprobe.function("sys32_setgroups16").return ? { name = "setgroups" retstr = returnstr(1) @@ -1966,7 +1966,7 @@ probe nd_syscall.setgroups.return = # sys_sethostname(char __user *name, # int len) # -probe nd_syscall.sethostname = kernel.function("sys_sethostname") { +probe nd_syscall.sethostname = kprobe.function("sys_sethostname") { name = "sethostname" // hostname_uaddr = $name // name_str = user_string($name) @@ -1978,7 +1978,7 @@ probe nd_syscall.sethostname = kernel.function("sys_sethostname") { len = int_arg(2) argstr = sprintf("%s, %d", user_string_quoted(hostname_uaddr), len) } -probe nd_syscall.sethostname.return = kernel.function("sys_sethostname").return { +probe nd_syscall.sethostname.return = kprobe.function("sys_sethostname").return { name = "sethostname" retstr = returnstr(1) } @@ -1988,7 +1988,7 @@ probe nd_syscall.sethostname.return = kernel.function("sys_sethostname").return # struct itimerval __user *value, # struct itimerval __user *ovalue) # -probe nd_syscall.setitimer = kernel.function("sys_setitimer") { +probe nd_syscall.setitimer = kprobe.function("sys_setitimer") { name = "setitimer" // which = $which // value_uaddr = $value @@ -2002,7 +2002,7 @@ probe nd_syscall.setitimer = kernel.function("sys_setitimer") { argstr = sprintf("%s, %s, %p", _itimer_which_str(which), _struct_itimerval_u(value_uaddr), ovalue_uaddr) } -probe nd_syscall.setitimer.return = kernel.function("sys_setitimer").return { +probe nd_syscall.setitimer.return = kprobe.function("sys_setitimer").return { name = "setitimer" retstr = returnstr(1) } @@ -2011,7 +2011,7 @@ probe nd_syscall.setitimer.return = kernel.function("sys_setitimer").return { # struct compat_itimerval __user *in, # struct compat_itimerval __user *out) # -probe nd_syscall.compat_setitimer = kernel.function("compat_sys_setitimer") ? { +probe nd_syscall.compat_setitimer = kprobe.function("compat_sys_setitimer") ? { name = "setitimer" // which = $which // value_uaddr = $in @@ -2025,7 +2025,7 @@ probe nd_syscall.compat_setitimer = kernel.function("compat_sys_setitimer") ? { argstr = sprintf("%s, %s, %p", _itimer_which_str(which), _struct_compat_itimerval_u(value_uaddr), ovalue_uaddr) } -probe nd_syscall.compat_setitimer.return = kernel.function("compat_sys_setitimer").return ? { +probe nd_syscall.compat_setitimer.return = kprobe.function("compat_sys_setitimer").return ? { name = "setitimer" retstr = returnstr(1) } @@ -2036,8 +2036,8 @@ probe nd_syscall.compat_setitimer.return = kernel.function("compat_sys_setitimer # unsigned long maxnode) # probe nd_syscall.set_mempolicy = - kernel.function("sys_set_mempolicy") ?, - kernel.function("compat_sys_set_mempolicy") ? + kprobe.function("sys_set_mempolicy") ?, + kprobe.function("compat_sys_set_mempolicy") ? { name = "set_mempolicy" // mode = $mode @@ -2051,8 +2051,8 @@ probe nd_syscall.set_mempolicy = argstr = sprintf("%d, %p, %d", mode, nmask_uaddr, maxnode) } probe nd_syscall.set_mempolicy.return = - kernel.function("sys_set_mempolicy").return ?, - kernel.function("compat_sys_set_mempolicy").return ? + kprobe.function("sys_set_mempolicy").return ?, + kprobe.function("compat_sys_set_mempolicy").return ? { name = "set_mempolicy" retstr = returnstr(1) @@ -2064,7 +2064,7 @@ probe nd_syscall.set_mempolicy.return = # sys_setpgid(pid_t pid, # pid_t pgid) # -probe nd_syscall.setpgid = kernel.function("sys_setpgid") { +probe nd_syscall.setpgid = kprobe.function("sys_setpgid") { name = "setpgid" // pid = $pid // pgid = $pgid @@ -2074,7 +2074,7 @@ probe nd_syscall.setpgid = kernel.function("sys_setpgid") { pgid = int_arg(2) argstr = sprintf("%d, %d", pid, pgid) } -probe nd_syscall.setpgid.return = kernel.function("sys_setpgid").return { +probe nd_syscall.setpgid.return = kprobe.function("sys_setpgid").return { name = "setpgid" retstr = returnstr(1) } @@ -2085,7 +2085,7 @@ probe nd_syscall.setpgid.return = kernel.function("sys_setpgid").return { # int who, # int niceval) # -probe nd_syscall.setpriority = kernel.function("sys_setpriority") { +probe nd_syscall.setpriority = kprobe.function("sys_setpriority") { name = "setpriority" // which = $which // which_str = _priority_which_str($which) @@ -2099,7 +2099,7 @@ probe nd_syscall.setpriority = kernel.function("sys_setpriority") { prio = int_arg(3) argstr = sprintf("%s, %d, %d", which_str, who, prio) } -probe nd_syscall.setpriority.return = kernel.function("sys_setpriority").return { +probe nd_syscall.setpriority.return = kprobe.function("sys_setpriority").return { name = "setpriority" retstr = returnstr(1) } @@ -2107,7 +2107,7 @@ probe nd_syscall.setpriority.return = kernel.function("sys_setpriority").return # setregid ___________________________________________________ # long sys_setregid(gid_t rgid, gid_t egid) # -probe nd_syscall.setregid = kernel.function("sys_setregid") { +probe nd_syscall.setregid = kprobe.function("sys_setregid") { name = "setregid" // rgid = __int32($rgid) // egid = __int32($egid) @@ -2116,14 +2116,14 @@ probe nd_syscall.setregid = kernel.function("sys_setregid") { egid = __int32(uint_arg(2)) argstr = sprintf("%d, %d", rgid, egid) } -probe nd_syscall.setregid.return = kernel.function("sys_setregid").return { +probe nd_syscall.setregid.return = kprobe.function("sys_setregid").return { name = "setregid" retstr = returnstr(1) } # setregid16 _________________________________________________ # long sys_setregid16(old_gid_t rgid, old_gid_t egid) # -probe nd_syscall.setregid16 = kernel.function("sys_setregid16") ? { +probe nd_syscall.setregid16 = kprobe.function("sys_setregid16") ? { name = "setregid" // rgid = __short($rgid) // egid = __short($egid) @@ -2132,14 +2132,14 @@ probe nd_syscall.setregid16 = kernel.function("sys_setregid16") ? { egid = __short(uint_arg(2)) argstr = sprintf("%d, %d",rgid, egid) } -probe nd_syscall.setregid16.return = kernel.function("sys_setregid16").return ? { +probe nd_syscall.setregid16.return = kprobe.function("sys_setregid16").return ? { name = "setregid" retstr = returnstr(1) } # setresgid __________________________________________________ # long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid) # -probe nd_syscall.setresgid = kernel.function("sys_setresgid") { +probe nd_syscall.setresgid = kprobe.function("sys_setresgid") { name = "setresgid" // rgid = __int32($rgid) // egid = __int32($egid) @@ -2150,7 +2150,7 @@ probe nd_syscall.setresgid = kernel.function("sys_setresgid") { sgid = __int32(uint_arg(3)) argstr = sprintf("%d, %d, %d", rgid, egid, sgid) } -probe nd_syscall.setresgid.return = kernel.function("sys_setresgid").return { +probe nd_syscall.setresgid.return = kprobe.function("sys_setresgid").return { name = "setresgid" retstr = returnstr(1) } @@ -2160,7 +2160,7 @@ probe nd_syscall.setresgid.return = kernel.function("sys_setresgid").return { # old_gid_t egid, # old_gid_t sgid) # -probe nd_syscall.setresgid16 = kernel.function("sys_setresgid16") ? { +probe nd_syscall.setresgid16 = kprobe.function("sys_setresgid16") ? { name = "setresgid" // rgid = __short($rgid) // egid = __short($egid) @@ -2171,7 +2171,7 @@ probe nd_syscall.setresgid16 = kernel.function("sys_setresgid16") ? { sgid = __short(uint_arg(3)) argstr = sprintf("%d, %d, %d", rgid, egid, sgid) } -probe nd_syscall.setresgid16.return = kernel.function("sys_setresgid16").return ? { +probe nd_syscall.setresgid16.return = kprobe.function("sys_setresgid16").return ? { name = "setresgid16" retstr = returnstr(1) } @@ -2180,7 +2180,7 @@ probe nd_syscall.setresgid16.return = kernel.function("sys_setresgid16").return # # long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid) # -probe nd_syscall.setresuid = kernel.function("sys_setresuid") { +probe nd_syscall.setresuid = kprobe.function("sys_setresuid") { name = "setresuid" // ruid = __int32($ruid) // euid = __int32($euid) @@ -2191,7 +2191,7 @@ probe nd_syscall.setresuid = kernel.function("sys_setresuid") { suid = __int32(uint_arg(3)) argstr = sprintf("%d, %d, %d", ruid, euid, suid) } -probe nd_syscall.setresuid.return = kernel.function("sys_setresuid").return { +probe nd_syscall.setresuid.return = kprobe.function("sys_setresuid").return { name = "setresuid" retstr = returnstr(1) } @@ -2200,7 +2200,7 @@ probe nd_syscall.setresuid.return = kernel.function("sys_setresuid").return { # # long sys_setresuid16(old_uid_t ruid, old_uid_t euid, old_uid_t suid) # -probe nd_syscall.setresuid16 = kernel.function("sys_setresuid16") ? { +probe nd_syscall.setresuid16 = kprobe.function("sys_setresuid16") ? { name = "setresuid" // ruid = __short($ruid) // reuid = __short($euid) @@ -2211,7 +2211,7 @@ probe nd_syscall.setresuid16 = kernel.function("sys_setresuid16") ? { suid = __short(uint_arg(3)) argstr = sprintf("%d, %d, %d", ruid, euid, suid) } -probe nd_syscall.setresuid16.return = kernel.function("sys_setresuid16").return ? { +probe nd_syscall.setresuid16.return = kprobe.function("sys_setresuid16").return ? { name = "setresuid" retstr = returnstr(1) } @@ -2219,7 +2219,7 @@ probe nd_syscall.setresuid16.return = kernel.function("sys_setresuid16").return # setreuid ___________________________________________________ # long sys_setreuid(uid_t ruid, uid_t euid) # -probe nd_syscall.setreuid = kernel.function("sys_setreuid") { +probe nd_syscall.setreuid = kprobe.function("sys_setreuid") { name = "setreuid" // ruid = __int32($ruid) // euid = __int32($euid) @@ -2228,14 +2228,14 @@ probe nd_syscall.setreuid = kernel.function("sys_setreuid") { euid = __int32(uint_arg(2)) argstr = sprintf("%d, %d", ruid, euid) } -probe nd_syscall.setreuid.return = kernel.function("sys_setreuid").return { +probe nd_syscall.setreuid.return = kprobe.function("sys_setreuid").return { name = "setreuid" retstr = returnstr(1) } # setreuid16 _________________________________________________ # long sys_setreuid16(old_uid_t ruid, old_uid_t euid) # -probe nd_syscall.setreuid16 = kernel.function("sys_setreuid16") ? { +probe nd_syscall.setreuid16 = kprobe.function("sys_setreuid16") ? { name = "setreuid" // ruid = __short($ruid) // euid = __short($euid) @@ -2244,7 +2244,7 @@ probe nd_syscall.setreuid16 = kernel.function("sys_setreuid16") ? { euid = __short(uint_arg(2)) argstr = sprintf("%d, %d", ruid, euid) } -probe nd_syscall.setreuid16.return = kernel.function("sys_setreuid16").return ? { +probe nd_syscall.setreuid16.return = kprobe.function("sys_setreuid16").return ? { name = "setreuid" retstr = returnstr(1) } @@ -2254,7 +2254,7 @@ probe nd_syscall.setreuid16.return = kernel.function("sys_setreuid16").return ? # sys_setrlimit(unsigned int resource, # struct rlimit __user *rlim) # -probe nd_syscall.setrlimit = kernel.function("sys_setrlimit") { +probe nd_syscall.setrlimit = kprobe.function("sys_setrlimit") { name = "setrlimit" // resource = $resource // rlim_uaddr = $rlim @@ -2266,7 +2266,7 @@ probe nd_syscall.setrlimit = kernel.function("sys_setrlimit") { argstr = sprintf("%s, %s", _rlimit_resource_str(resource), _struct_rlimit_u(rlim_uaddr)) } -probe nd_syscall.setrlimit.return = kernel.function("sys_setrlimit").return { +probe nd_syscall.setrlimit.return = kprobe.function("sys_setrlimit").return { name = "setrlimit" retstr = returnstr(1) } @@ -2274,11 +2274,11 @@ probe nd_syscall.setrlimit.return = kernel.function("sys_setrlimit").return { # # long sys_setsid(void) # -probe nd_syscall.setsid = kernel.function("sys_setsid") { +probe nd_syscall.setsid = kprobe.function("sys_setsid") { name = "setsid" argstr = "" } -probe nd_syscall.setsid.return = kernel.function("sys_setsid").return { +probe nd_syscall.setsid.return = kprobe.function("sys_setsid").return { name = "setsid" retstr = returnstr(1) } @@ -2292,8 +2292,8 @@ probe nd_syscall.setsid.return = kernel.function("sys_setsid").return { # int optlen) # probe nd_syscall.setsockopt = - kernel.function("sys_setsockopt") ?, - kernel.function("compat_sys_setsockopt") ? + kprobe.function("sys_setsockopt") ?, + kprobe.function("compat_sys_setsockopt") ? { name = "setsockopt" // fd = $fd @@ -2317,8 +2317,8 @@ probe nd_syscall.setsockopt = optname_str, optval_uaddr, optlen) } probe nd_syscall.setsockopt.return = - kernel.function("sys_setsockopt").return ?, - kernel.function("compat_sys_setsockopt").return ? + kprobe.function("sys_setsockopt").return ?, + kprobe.function("compat_sys_setsockopt").return ? { name = "setsockopt" retstr = returnstr(1) @@ -2329,7 +2329,7 @@ probe nd_syscall.setsockopt.return = # asmlinkage long # sys_set_tid_address(int __user *tidptr) # -probe nd_syscall.set_tid_address = kernel.function("sys_set_tid_address") { +probe nd_syscall.set_tid_address = kprobe.function("sys_set_tid_address") { name = "set_tid_address" // tidptr_uaddr = $tidptr asmlinkage() @@ -2337,7 +2337,7 @@ probe nd_syscall.set_tid_address = kernel.function("sys_set_tid_address") { argstr = sprintf("%p", tidptr_uaddr) } probe nd_syscall.set_tid_address.return = - kernel.function("sys_set_tid_address").return { + kprobe.function("sys_set_tid_address").return { name = "set_tid_address" retstr = returnstr(1) } @@ -2346,7 +2346,7 @@ probe nd_syscall.set_tid_address.return = # long sys_settimeofday(struct timeval __user *tv, # struct timezone __user *tz) # -probe nd_syscall.settimeofday = kernel.function("sys_settimeofday") { +probe nd_syscall.settimeofday = kprobe.function("sys_settimeofday") { name = "settimeofday" // ttv_uaddr = $tv // ttz_uaddr = $tz @@ -2356,7 +2356,7 @@ probe nd_syscall.settimeofday = kernel.function("sys_settimeofday") { tz_uaddr = pointer_arg(2) argstr = sprintf("%s, %s", _struct_timeval_u(tv_uaddr, 1), _struct_timezone_u(tz_uaddr)) } -probe nd_syscall.settimeofday.return = kernel.function("sys_settimeofday").return { +probe nd_syscall.settimeofday.return = kprobe.function("sys_settimeofday").return { name = "settimeofday" retstr = returnstr(1) } @@ -2365,8 +2365,8 @@ probe nd_syscall.settimeofday.return = kernel.function("sys_settimeofday").retur # long compat_sys_settimeofday(struct compat_timeval __user *tv, struct timezone __user *tz) # probe nd_syscall.settimeofday32 = - kernel.function("sys32_settimeofday") ?, - kernel.function("compat_sys_settimeofday") ? + kprobe.function("sys32_settimeofday") ?, + kprobe.function("compat_sys_settimeofday") ? { name = "settimeofday" // tv_uaddr = $tv @@ -2378,8 +2378,8 @@ probe nd_syscall.settimeofday32 = argstr = sprintf("%s, %s", _struct_compat_timeval_u(tv_uaddr, 1),_struct_timezone_u(tz_uaddr)) } probe nd_syscall.settimeofday32.return = - kernel.function("sys32_settimeofday").return ?, - kernel.function("compat_sys_settimeofday").return ? + kprobe.function("sys32_settimeofday").return ?, + kprobe.function("compat_sys_settimeofday").return ? { name = "settimeofday" retstr = returnstr(1) @@ -2391,8 +2391,8 @@ probe nd_syscall.settimeofday32.return = # long sys_setuid16(old_uid_t uid) # probe nd_syscall.setuid = - kernel.function("sys_setuid16") ?, - kernel.function("sys_setuid") + kprobe.function("sys_setuid16") ?, + kprobe.function("sys_setuid") { name = "setuid" // uid = $uid @@ -2402,8 +2402,8 @@ probe nd_syscall.setuid = argstr = sprint(uid) } probe nd_syscall.setuid.return = - kernel.function("sys_setuid16").return ?, - kernel.function("sys_setuid").return + kprobe.function("sys_setuid16").return ?, + kprobe.function("sys_setuid").return { name = "setuid" retstr = returnstr(1) @@ -2416,7 +2416,7 @@ probe nd_syscall.setuid.return = # size_t size, # int flags) # -probe nd_syscall.setxattr = kernel.function("sys_setxattr") { +probe nd_syscall.setxattr = kprobe.function("sys_setxattr") { name = "setxattr" // path_uaddr = $path // path = user_string($path) @@ -2442,7 +2442,7 @@ probe nd_syscall.setxattr = kernel.function("sys_setxattr") { user_string_quoted(name_uaddr), value_uaddr, size, flags) } -probe nd_syscall.setxattr.return = kernel.function("sys_setxattr").return { +probe nd_syscall.setxattr.return = kprobe.function("sys_setxattr").return { name = "setxattr" retstr = returnstr(1) } @@ -2450,11 +2450,11 @@ probe nd_syscall.setxattr.return = kernel.function("sys_setxattr").return { # # sys_sgetmask(void) # -probe nd_syscall.sgetmask = kernel.function("sys_sgetmask")? { +probe nd_syscall.sgetmask = kprobe.function("sys_sgetmask")? { name = "sgetmask" argstr = "" } -probe nd_syscall.sgetmask.return = kernel.function("sys_sgetmask").return ? { +probe nd_syscall.sgetmask.return = kprobe.function("sys_sgetmask").return ? { name = "sgetmask" retstr = returnstr(1) } @@ -2463,7 +2463,7 @@ probe nd_syscall.sgetmask.return = kernel.function("sys_sgetmask").return ? { # # long sys_shmat(int shmid, char __user *shmaddr, int shmflg) # -probe nd_syscall.shmat = kernel.function("sys_shmat") ? { +probe nd_syscall.shmat = kprobe.function("sys_shmat") ? { name = "shmat" // shmid = $shmid // shmaddr_uaddr = $shmaddr @@ -2475,7 +2475,7 @@ probe nd_syscall.shmat = kernel.function("sys_shmat") ? { shmflg = int_arg(3) argstr = sprintf("%d, %p, %s", shmid, shmaddr_uaddr, _shmat_flags_str(shmflg)) } -probe nd_syscall.shmat.return = kernel.function("sys_shmat").return ? { +probe nd_syscall.shmat.return = kprobe.function("sys_shmat").return ? { name = "shmat" retstr = returnstr(1) } @@ -2484,7 +2484,7 @@ probe nd_syscall.shmat.return = kernel.function("sys_shmat").return ? { # long compat_sys_shmat(int first, int second, compat_uptr_t third, # int version, void __user *uptr) # -probe nd_syscall.compat_sys_shmat = kernel.function("compat_sys_shmat") ? { +probe nd_syscall.compat_sys_shmat = kprobe.function("compat_sys_shmat") ? { name = "compat_sys_shmat" // first = $first // second = $second @@ -2498,7 +2498,7 @@ probe nd_syscall.compat_sys_shmat = kernel.function("compat_sys_shmat") ? { uptr_uaddr = pointer_arg(5) argstr = sprintf("%d, %d, %d, %d, %p", first, second, third, int_arg(4), uptr_uaddr) } -probe nd_syscall.compat_sys_shmat.return = kernel.function("compat_sys_shmat").return ? { +probe nd_syscall.compat_sys_shmat.return = kprobe.function("compat_sys_shmat").return ? { name = "compat_sys_shmat" retstr = returnstr(1) } @@ -2509,7 +2509,7 @@ probe nd_syscall.compat_sys_shmat.return = kernel.function("compat_sys_shmat").r # int cmd, # struct shmid_ds __user *buf) # -probe nd_syscall.shmctl = kernel.function("sys_shmctl") ? { +probe nd_syscall.shmctl = kprobe.function("sys_shmctl") ? { name = "shmctl" // shmid = $shmid // cmd = $cmd @@ -2521,7 +2521,7 @@ probe nd_syscall.shmctl = kernel.function("sys_shmctl") ? { buf_uaddr = pointer_arg(3) argstr = sprintf("%d, %s, %p", shmid, _semctl_cmd(cmd), buf_uaddr) } -probe nd_syscall.shmctl.return = kernel.function("sys_shmctl").return ? { +probe nd_syscall.shmctl.return = kprobe.function("sys_shmctl").return ? { name = "shmctl" retstr = returnstr(1) } @@ -2529,7 +2529,7 @@ probe nd_syscall.shmctl.return = kernel.function("sys_shmctl").return ? { # # long compat_sys_shmctl(int first, int second, void __user *uptr) # -probe nd_syscall.compat_sys_shmctl = kernel.function("compat_sys_shmctl") ? { +probe nd_syscall.compat_sys_shmctl = kprobe.function("compat_sys_shmctl") ? { name = "compat_sys_shmctl" // first = $first // second = $second @@ -2541,7 +2541,7 @@ probe nd_syscall.compat_sys_shmctl = kernel.function("compat_sys_shmctl") ? { uptr_uaddr = pointer_arg(3) argstr = sprintf("%d, %d, %p", first, second, uptr_uaddr) } -probe nd_syscall.compat_sys_shmctl.return = kernel.function("compat_sys_shmctl").return ? { +probe nd_syscall.compat_sys_shmctl.return = kprobe.function("compat_sys_shmctl").return ? { name = "compat_sys_shmctl" retstr = returnstr(1) } @@ -2550,7 +2550,7 @@ probe nd_syscall.compat_sys_shmctl.return = kernel.function("compat_sys_shmctl") # # long sys_shmdt(char __user *shmaddr) # -probe nd_syscall.shmdt = kernel.function("sys_shmdt") ? { +probe nd_syscall.shmdt = kprobe.function("sys_shmdt") ? { name = "shmdt" // shmaddr_uaddr = $shmaddr // argstr = sprintf("%p", $shmaddr) @@ -2558,7 +2558,7 @@ probe nd_syscall.shmdt = kernel.function("sys_shmdt") ? { shmaddr_uaddr = pointer_arg(1) argstr = sprintf("%p", shmaddr_uaddr) } -probe nd_syscall.shmdt.return = kernel.function("sys_shmdt").return ? { +probe nd_syscall.shmdt.return = kprobe.function("sys_shmdt").return ? { name = "shmdt" retstr = returnstr(1) } @@ -2569,7 +2569,7 @@ probe nd_syscall.shmdt.return = kernel.function("sys_shmdt").return ? { # size_t size, # int shmflg) # -probe nd_syscall.shmget = kernel.function("sys_shmget") ? { +probe nd_syscall.shmget = kprobe.function("sys_shmget") ? { name = "shmget" // key = $key // size = $size @@ -2581,7 +2581,7 @@ probe nd_syscall.shmget = kernel.function("sys_shmget") ? { shmflg = int_arg(3) argstr = sprintf("%d, %d, %d", key, size, shmflg) } -probe nd_syscall.shmget.return = kernel.function("sys_shmget").return ? { +probe nd_syscall.shmget.return = kprobe.function("sys_shmget").return ? { name = "shmget" retstr = returnstr(1) } @@ -2590,7 +2590,7 @@ probe nd_syscall.shmget.return = kernel.function("sys_shmget").return ? { # # long sys_shutdown(int fd, int how) # -probe nd_syscall.shutdown = kernel.function("sys_shutdown") ? { +probe nd_syscall.shutdown = kprobe.function("sys_shutdown") ? { name = "shutdown" // s = $fd // how = $how @@ -2602,7 +2602,7 @@ probe nd_syscall.shutdown = kernel.function("sys_shutdown") ? { how_str = _shutdown_how_str(how) argstr = sprintf("%d, %s", s, how_str) } -probe nd_syscall.shutdown.return = kernel.function("sys_shutdown").return ? { +probe nd_syscall.shutdown.return = kprobe.function("sys_shutdown").return ? { name = "shutdown" retstr = returnstr(1) } @@ -2611,7 +2611,7 @@ probe nd_syscall.shutdown.return = kernel.function("sys_shutdown").return ? { # sys_sigaction(int sig, const struct old_sigaction __user *act, struct old_sigaction __user *oact) # sys32_sigaction(int sig, struct old_sigaction32 __user *act, struct old_sigaction32 __user *oact) # -probe nd_syscall.sigaction = kernel.function("sys_sigaction") ? { +probe nd_syscall.sigaction = kprobe.function("sys_sigaction") ? { name = "sigaction" // sig = $sig // act_uaddr = $act @@ -2623,11 +2623,11 @@ probe nd_syscall.sigaction = kernel.function("sys_sigaction") ? { oact_uaddr = pointer_arg(3) argstr = sprintf("%s, {%s}, %p", _signal_name(sig), _struct_sigaction_u(act_uaddr), oact_uaddr) } -probe nd_syscall.sigaction.return = kernel.function("sys_sigaction").return ? { +probe nd_syscall.sigaction.return = kprobe.function("sys_sigaction").return ? { name = "sigaction" retstr = returnstr(1) } -probe nd_syscall.sigaction32 = kernel.function("sys32_sigaction") ? { +probe nd_syscall.sigaction32 = kprobe.function("sys32_sigaction") ? { name = "sigaction" // sig = $sig // sact_uaddr = $act @@ -2639,7 +2639,7 @@ probe nd_syscall.sigaction32 = kernel.function("sys32_sigaction") ? { oact_uaddr = pointer_arg(3) argstr = sprintf("%s, %p, %p", _signal_name(sig), sact_uaddr, soact_uaddr) } -probe nd_syscall.sigaction32.return = kernel.function("sys32_sigaction").return ? { +probe nd_syscall.sigaction32.return = kprobe.function("sys32_sigaction").return ? { name = "sigaction" retstr = returnstr(1) } @@ -2647,7 +2647,7 @@ probe nd_syscall.sigaction32.return = kernel.function("sys32_sigaction").return # signal _____________________________________________________ # unsigned long sys_signal(int sig, __sighandler_t handler) # -probe nd_syscall.signal = kernel.function("sys_signal") ? { +probe nd_syscall.signal = kprobe.function("sys_signal") ? { name = "signal" // sig = $sig // handler = $handler @@ -2657,7 +2657,7 @@ probe nd_syscall.signal = kernel.function("sys_signal") ? { handler = pointer_arg(2) argstr = sprintf("%s, %s", _signal_name(sig), _sighandler_str(handler)) } -probe nd_syscall.signal.return = kernel.function("sys_signal").return ? { +probe nd_syscall.signal.return = kprobe.function("sys_signal").return ? { name = "signal" retstr = returnstr(1) } @@ -2668,23 +2668,23 @@ probe nd_syscall.signal.return = kernel.function("sys_signal").return ? { # long compat_sys_signalfd(int ufd, const compat_sigset_t __user *sigmask, # compat_size_t sigsetsize) # -probe nd_syscall.signalfd = kernel.function("sys_signalfd") ? { +probe nd_syscall.signalfd = kprobe.function("sys_signalfd") ? { name = "signalfd" // argstr = sprintf("%d, %p, %d", $ufd, $user_mask, $sizemask) asmlinkage() argstr = sprintf("%d, %p, %d", int_arg(1), pointer_arg(2), ulong_arg(3)) } -probe nd_syscall.signalfd.return = kernel.function("sys_signalfd").return ? { +probe nd_syscall.signalfd.return = kprobe.function("sys_signalfd").return ? { name = "signalfd" retstr = returnstr(1) } -probe nd_syscall.compat_signalfd = kernel.function("compat_sys_signalfd") ? { +probe nd_syscall.compat_signalfd = kprobe.function("compat_sys_signalfd") ? { name = "compat_signalfd" // argstr = sprintf("%d, %p, %d", $ufd, $sigmask, $sigsetsize) asmlinkage() argstr = sprintf("%d, %p, %d", int_arg(1), pointer_arg(2), u32_arg(3)) } -probe nd_syscall.compat_signalfd.return = kernel.function("compat_sys_signalfd").return ? { +probe nd_syscall.compat_signalfd.return = kprobe.function("compat_sys_signalfd").return ? { name = "compat_signalfd" retstr = returnstr(1) } @@ -2692,13 +2692,13 @@ probe nd_syscall.compat_signalfd.return = kernel.function("compat_sys_signalfd") # sigpending _________________________________________________ # long sys_sigpending(old_sigset_t __user *set) # -probe nd_syscall.sigpending = kernel.function("sys_sigpending") ? { +probe nd_syscall.sigpending = kprobe.function("sys_sigpending") ? { name = "sigpending" // argstr = sprintf("%p", $set) asmlinkage() argstr = sprintf("%p", pointer_arg(1)) } -probe nd_syscall.sigpending.return = kernel.function("sys_sigpending").return ? { +probe nd_syscall.sigpending.return = kprobe.function("sys_sigpending").return ? { name = "sigpending" retstr = returnstr(1) } @@ -2706,7 +2706,7 @@ probe nd_syscall.sigpending.return = kernel.function("sys_sigpending").return ? # sigprocmask ________________________________________________ # long sys_sigprocmask(int how, old_sigset_t __user *set, old_sigset_t __user *oset) # -probe nd_syscall.sigprocmask = kernel.function("sys_sigprocmask") ? +probe nd_syscall.sigprocmask = kprobe.function("sys_sigprocmask") ? { name = "sigprocmask" // how = $how @@ -2721,7 +2721,7 @@ probe nd_syscall.sigprocmask = kernel.function("sys_sigprocmask") ? oldset_uaddr = pointer_arg(3) argstr = sprintf("%s, %p, %p", how_str, set_uaddr, oldset_uaddr) } -probe nd_syscall.sigprocmask.return = kernel.function("sys_sigprocmask").return ? +probe nd_syscall.sigprocmask.return = kprobe.function("sys_sigprocmask").return ? { name = "sigprocmask" retstr = returnstr(1) @@ -2731,15 +2731,15 @@ probe nd_syscall.sigprocmask.return = kernel.function("sys_sigprocmask").return # int sys_sigreturn(unsigned long __unused) # probe nd_syscall.sigreturn = - kernel.function("sys_sigreturn") ?, - kernel.function("sys32_sigreturn") ? + kprobe.function("sys_sigreturn") ?, + kprobe.function("sys32_sigreturn") ? { name = "sigreturn" argstr = "" } probe nd_syscall.sigreturn.return = - kernel.function("sys_sigreturn").return ?, - kernel.function("sys32_sigreturn").return ? + kprobe.function("sys_sigreturn").return ?, + kprobe.function("sys32_sigreturn").return ? { name = "sigreturn" retstr = returnstr(1) @@ -2748,15 +2748,15 @@ probe nd_syscall.sigreturn.return = # sigsuspend _________________________________________________ # probe nd_syscall.sigsuspend = - kernel.function("sys_sigsuspend") ?, - kernel.function("sys32_sigsuspend") ? + kprobe.function("sys_sigsuspend") ?, + kprobe.function("sys32_sigsuspend") ? { name = "sigsuspend" argstr = "" } probe nd_syscall.sigsuspend.return = - kernel.function("sys_sigsuspend").return ?, - kernel.function("sys32_sigsuspend").return ? + kprobe.function("sys_sigsuspend").return ?, + kprobe.function("sys32_sigsuspend").return ? { name = "sigsuspend" retstr = returnstr(1) @@ -2765,7 +2765,7 @@ probe nd_syscall.sigsuspend.return = # socket _____________________________________________________ # long sys_socket(int family, int type, int protocol) # -probe nd_syscall.socket = kernel.function("sys_socket") ? { +probe nd_syscall.socket = kprobe.function("sys_socket") ? { name = "socket" // family = $family // type = $type @@ -2781,7 +2781,7 @@ probe nd_syscall.socket = kernel.function("sys_socket") ? { _sock_type_str(type), protocol) } -probe nd_syscall.socket.return = kernel.function("sys_socket").return ? { +probe nd_syscall.socket.return = kprobe.function("sys_socket").return ? { name = "socket" retstr = returnstr(1) } @@ -2791,13 +2791,13 @@ probe nd_syscall.socket.return = kernel.function("sys_socket").return ? { # # long sys_socketcall(int call, unsigned long __user *args) # -#probe nd_syscall.socketcall = kernel.function("sys_socketcall") ? { +#probe nd_syscall.socketcall = kprobe.function("sys_socketcall") ? { # name = "socketcall" # call = $call # args_uaddr = $args # argstr = sprintf("%d, %p", $call, args_uaddr) #} -#probe nd_syscall.socketcall.return = kernel.function("sys_socketcall").return ? { +#probe nd_syscall.socketcall.return = kprobe.function("sys_socketcall").return ? { # name = "socketcall" # retstr = returnstr(1) #} @@ -2808,7 +2808,7 @@ probe nd_syscall.socket.return = kernel.function("sys_socket").return ? { # int protocol, # int __user *usockvec) # -probe nd_syscall.socketpair = kernel.function("sys_socketpair") ? { +probe nd_syscall.socketpair = kprobe.function("sys_socketpair") ? { name = "socketpair" // family = $family // type = $type @@ -2828,7 +2828,7 @@ probe nd_syscall.socketpair = kernel.function("sys_socketpair") ? { _sock_type_str(type), protocol, sv_uaddr) } -probe nd_syscall.socketpair.return = kernel.function("sys_socketpair").return ? { +probe nd_syscall.socketpair.return = kprobe.function("sys_socketpair").return ? { name = "socketpair" retstr = returnstr(1) } @@ -2839,7 +2839,7 @@ probe nd_syscall.socketpair.return = kernel.function("sys_socketpair").return ? # int fd_out, loff_t __user *off_out, # size_t len, unsigned int flags) # -probe nd_syscall.splice = kernel.function("sys_splice") ? { +probe nd_syscall.splice = kprobe.function("sys_splice") ? { name = "splice" // argstr = sprintf("%d, %p, %d, %p, %d, 0x%x", // $fd_in, $off_in, $fd_out, $off_out, $len, $flags) @@ -2847,7 +2847,7 @@ probe nd_syscall.splice = kernel.function("sys_splice") ? { argstr = sprintf("%d, %p, %d, %p, %d, 0x%x", int_arg(1), pointer_arg(2), int_arg(3), pointer_arg(4), ulong_arg(5), uint_arg(6)) } -probe nd_syscall.splice.return = kernel.function("sys_splice").return ? { +probe nd_syscall.splice.return = kprobe.function("sys_splice").return ? { name = "splice" retstr = returnstr(1) } @@ -2856,7 +2856,7 @@ probe nd_syscall.splice.return = kernel.function("sys_splice").return ? { # # long sys_ssetmask(int newmask) # -probe nd_syscall.ssetmask = kernel.function("sys_ssetmask") ? { +probe nd_syscall.ssetmask = kprobe.function("sys_ssetmask") ? { name = "ssetmask" // newmask = $newmask // argstr = sprint($newmask) @@ -2864,7 +2864,7 @@ probe nd_syscall.ssetmask = kernel.function("sys_ssetmask") ? { newmask = int_arg(1) argstr = sprint(newmask) } -probe nd_syscall.ssetmask.return = kernel.function("sys_ssetmask").return ? { +probe nd_syscall.ssetmask.return = kprobe.function("sys_ssetmask").return ? { name = "ssetmask" retstr = returnstr(1) } @@ -2876,12 +2876,12 @@ probe nd_syscall.ssetmask.return = kernel.function("sys_ssetmask").return ? { # long sys_oabi_stat64(char __user * filename, struct oldabi_stat64 __user * statbuf) # long compat_sys_newstat(char __user * filename, struct compat_stat __user *statbuf) probe nd_syscall.stat = - kernel.function("sys_stat") ?, - kernel.function("sys_newstat") ?, - kernel.function("sys32_stat64") ?, - kernel.function("sys_stat64") ?, - kernel.function("sys_oabi_stat64") ?, - kernel.function("compat_sys_newstat") ? + kprobe.function("sys_stat") ?, + kprobe.function("sys_newstat") ?, + kprobe.function("sys32_stat64") ?, + kprobe.function("sys_stat64") ?, + kprobe.function("sys_oabi_stat64") ?, + kprobe.function("compat_sys_newstat") ? { name = "stat" // filename_uaddr = $filename @@ -2895,12 +2895,12 @@ probe nd_syscall.stat = argstr = sprintf("%s, %p", user_string_quoted(filename_uaddr), buf_uaddr) } probe nd_syscall.stat.return = - kernel.function("sys_stat").return ?, - kernel.function("sys_newstat").return ?, - kernel.function("sys32_stat64").return ?, - kernel.function("sys_stat64").return ?, - kernel.function("sys_oabi_stat64").return ?, - kernel.function("compat_sys_newstat").return ? + kprobe.function("sys_stat").return ?, + kprobe.function("sys_newstat").return ?, + kprobe.function("sys32_stat64").return ?, + kprobe.function("sys_stat64").return ?, + kprobe.function("sys_oabi_stat64").return ?, + kprobe.function("compat_sys_newstat").return ? { name = "stat" retstr = returnstr(1) @@ -2911,8 +2911,8 @@ probe nd_syscall.stat.return = # long compat_sys_statfs(const char __user *path, struct compat_statfs __user *buf) # probe nd_syscall.statfs = - kernel.function("sys_statfs"), - kernel.function("compat_sys_statfs") ? + kprobe.function("sys_statfs"), + kprobe.function("compat_sys_statfs") ? { name = "statfs" // path = user_string($path) @@ -2924,8 +2924,8 @@ probe nd_syscall.statfs = argstr = sprintf("%s, %p", user_string_quoted(pointer_arg(1)), buf_uaddr) } probe nd_syscall.statfs.return = - kernel.function("sys_statfs").return, - kernel.function("compat_sys_statfs").return ? + kprobe.function("sys_statfs").return, + kprobe.function("compat_sys_statfs").return ? { name = "statfs" retstr = returnstr(1) @@ -2937,8 +2937,8 @@ probe nd_syscall.statfs.return = # long compat_sys_statfs64(const char __user *path, compat_size_t sz, struct compat_statfs64 __user *buf) # probe nd_syscall.statfs64 = - kernel.function("sys_statfs64") ?, - kernel.function("compat_sys_statfs64") ? + kprobe.function("sys_statfs64") ?, + kprobe.function("compat_sys_statfs64") ? { name = "statfs" // path = user_string($path) @@ -2952,8 +2952,8 @@ probe nd_syscall.statfs64 = argstr = sprintf("%s, %d, %p", user_string_quoted(pointer_arg(1)), sz, buf_uaddr) } probe nd_syscall.statfs64.return = - kernel.function("sys_statfs64").return ?, - kernel.function("compat_sys_statfs64").return ? + kprobe.function("sys_statfs64").return ?, + kprobe.function("compat_sys_statfs64").return ? { name = "statfs" retstr = returnstr(1) @@ -2965,8 +2965,8 @@ probe nd_syscall.statfs64.return = # long compat_sys_stime(compat_time_t __user *tptr) # probe nd_syscall.stime = - kernel.function("sys_stime") ?, - kernel.function("compat_sys_stime") ? + kprobe.function("sys_stime") ?, + kprobe.function("compat_sys_stime") ? { name = "stime" // t_uaddr = $tptr @@ -2977,8 +2977,8 @@ probe nd_syscall.stime = argstr = sprintf("%p", t_uaddr) } probe nd_syscall.stime.return = - kernel.function("sys_stime").return ?, - kernel.function("compat_sys_stime").return ? + kprobe.function("sys_stime").return ?, + kprobe.function("compat_sys_stime").return ? { name = "stime" retstr = returnstr(1) @@ -2989,7 +2989,7 @@ probe nd_syscall.stime.return = # asmlinkage long # sys_swapoff(const char __user * specialfile) # -probe nd_syscall.swapoff = kernel.function("sys_swapoff")? { +probe nd_syscall.swapoff = kprobe.function("sys_swapoff")? { name = "swapoff" // path = user_string($specialfile) // argstr = user_string_quoted($specialfile) @@ -2997,7 +2997,7 @@ probe nd_syscall.swapoff = kernel.function("sys_swapoff")? { path = user_string(pointer_arg(1)) argstr = user_string_quoted(pointer_arg(1)) } -probe nd_syscall.swapoff.return = kernel.function("sys_swapoff").return ? { +probe nd_syscall.swapoff.return = kprobe.function("sys_swapoff").return ? { name = "swapoff" retstr = returnstr(1) } @@ -3007,7 +3007,7 @@ probe nd_syscall.swapoff.return = kernel.function("sys_swapoff").return ? { # sys_swapon(const char __user * specialfile, # int swap_flags) # -probe nd_syscall.swapon = kernel.function("sys_swapon") ? { +probe nd_syscall.swapon = kprobe.function("sys_swapon") ? { name = "swapon" // path = user_string($specialfile) // swapflags = $swap_flags @@ -3017,14 +3017,14 @@ probe nd_syscall.swapon = kernel.function("sys_swapon") ? { swapflags = int_arg(2) argstr = sprintf("%s, %d", user_string_quoted(pointer_arg(1)), swapflags) } -probe nd_syscall.swapon.return = kernel.function("sys_swapon").return ? { +probe nd_syscall.swapon.return = kprobe.function("sys_swapon").return ? { name = "swapon" retstr = returnstr(1) } # symlink ____________________________________________________ # long sys_symlink(const char __user * oldname, # const char __user * newname) -probe nd_syscall.symlink = kernel.function("sys_symlink") { +probe nd_syscall.symlink = kprobe.function("sys_symlink") { name = "symlink" // oldpath = user_string($oldname) // newpath = user_string($newname) @@ -3036,7 +3036,7 @@ probe nd_syscall.symlink = kernel.function("sys_symlink") { argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), user_string_quoted(pointer_arg(2))) } -probe nd_syscall.symlink.return = kernel.function("sys_symlink").return { +probe nd_syscall.symlink.return = kprobe.function("sys_symlink").return { name = "symlink" retstr = returnstr(1) } @@ -3046,7 +3046,7 @@ probe nd_syscall.symlink.return = kernel.function("sys_symlink").return { # new function with 2.6.16 # long sys_symlinkat(const char __user *oldname, int newdfd, # const char __user *newname) -probe nd_syscall.symlinkat = kernel.function("sys_symlinkat") ? { +probe nd_syscall.symlinkat = kprobe.function("sys_symlinkat") ? { name = "symlinkat" // oldname = $oldname // oldname_str = user_string($oldname) @@ -3066,7 +3066,7 @@ probe nd_syscall.symlinkat = kernel.function("sys_symlinkat") ? { argstr = sprintf("%s, %s, %s", user_string_quoted(oldname), newdfd_str, user_string_quoted(newname)) } -probe nd_syscall.symlinkat.return = kernel.function("sys_symlinkat").return ? { +probe nd_syscall.symlinkat.return = kprobe.function("sys_symlinkat").return ? { name = "symlinkat" retstr = returnstr(1) } @@ -3076,11 +3076,11 @@ probe nd_syscall.symlinkat.return = kernel.function("sys_symlinkat").return ? { # # sys_sync(void) # -probe nd_syscall.sync = kernel.function("sys_sync") { +probe nd_syscall.sync = kprobe.function("sys_sync") { name = "sync" argstr = "" } -probe nd_syscall.sync.return = kernel.function("sys_sync").return { +probe nd_syscall.sync.return = kprobe.function("sys_sync").return { name = "sync" retstr = returnstr(1) } @@ -3090,8 +3090,8 @@ probe nd_syscall.sync.return = kernel.function("sys_sync").return { # long sys_sysctl(struct __sysctl_args __user *args) # probe nd_syscall.sysctl = - kernel.function("sys_sysctl") ?, - kernel.function("compat_sys_sysctl") ? + kprobe.function("sys_sysctl") ?, + kprobe.function("compat_sys_sysctl") ? { name = "sysctl" // argstr = sprintf("%p", $args) @@ -3099,8 +3099,8 @@ probe nd_syscall.sysctl = argstr = sprintf("%p", pointer_arg(1)) } probe nd_syscall.sysctl.return = - kernel.function("sys_sysctl").return ?, - kernel.function("compat_sys_sysctl").return ? + kprobe.function("sys_sysctl").return ?, + kprobe.function("compat_sys_sysctl").return ? { name = "sysctl" retstr = returnstr(1) @@ -3113,7 +3113,7 @@ probe nd_syscall.sysctl.return = # unsigned long arg1, # unsigned long arg2) # -probe nd_syscall.sysfs = kernel.function("sys_sysfs") { +probe nd_syscall.sysfs = kprobe.function("sys_sysfs") { name = "sysfs" // option = $option // arg1 = $arg1 @@ -3137,7 +3137,7 @@ probe nd_syscall.sysfs = kernel.function("sys_sysfs") { else argstr = sprintf("%d, %d, %d", option, arg1, arg2) } -probe nd_syscall.sysfs.return = kernel.function("sys_sysfs").return { +probe nd_syscall.sysfs.return = kprobe.function("sys_sysfs").return { name = "sysfs" retstr = returnstr(1) } @@ -3146,8 +3146,8 @@ probe nd_syscall.sysfs.return = kernel.function("sys_sysfs").return { # long sys_sysinfo(struct sysinfo __user *info) # long compat_sys_sysinfo(struct compat_sysinfo __user *info) probe nd_syscall.sysinfo = - kernel.function("sys_sysinfo"), - kernel.function("compat_sys_sysinfo") ? + kprobe.function("sys_sysinfo"), + kprobe.function("compat_sys_sysinfo") ? { name = "sysinfo" // info_uaddr = $info @@ -3157,8 +3157,8 @@ probe nd_syscall.sysinfo = argstr = sprintf("%p", info_uaddr) } probe nd_syscall.sysinfo.return = - kernel.function("sys_sysinfo").return, - kernel.function("compat_sys_sysinfo").return ? + kprobe.function("sys_sysinfo").return, + kprobe.function("compat_sys_sysinfo").return ? { name = "sysinfo" retstr = returnstr(1) @@ -3168,7 +3168,7 @@ probe nd_syscall.sysinfo.return = # # long sys_syslog(int type, char __user * buf, int len) # -probe nd_syscall.syslog = kernel.function("sys_syslog") { +probe nd_syscall.syslog = kprobe.function("sys_syslog") { name = "syslog" // type = $type // bufp_uaddr = $buf @@ -3180,7 +3180,7 @@ probe nd_syscall.syslog = kernel.function("sys_syslog") { len = int_arg(3) argstr = sprintf("%d, %p, %d", type, bufp_uaddr, len) } -probe nd_syscall.syslog.return = kernel.function("sys_syslog").return { +probe nd_syscall.syslog.return = kprobe.function("sys_syslog").return { name = "syslog" retstr = returnstr(1) } @@ -3189,13 +3189,13 @@ probe nd_syscall.syslog.return = kernel.function("sys_syslog").return { # # long sys_tee(int fdin, int fdout, size_t len, unsigned int flags) # -probe nd_syscall.tee = kernel.function("sys_tee") ? { +probe nd_syscall.tee = kprobe.function("sys_tee") ? { name = "tee" // argstr = sprintf("%d, %d, %d, 0x%x", $fdin, $fdout, $len, $flags) asmlinkage() argstr = sprintf("%d, %d, %d, 0x%x", int_arg(1), int_arg(2), ulong_arg(3), uint_arg(4)) } -probe nd_syscall.tee.return = kernel.function("sys_tee").return ? { +probe nd_syscall.tee.return = kprobe.function("sys_tee").return ? { name = "tee" retstr = returnstr(1) } @@ -3207,7 +3207,7 @@ probe nd_syscall.tee.return = kernel.function("sys_tee").return ? { # int pid, # int sig) # -probe nd_syscall.tgkill = kernel.function("sys_tgkill") { +probe nd_syscall.tgkill = kprobe.function("sys_tgkill") { name = "tgkill" // tgid = $tgid // pid = $pid @@ -3219,7 +3219,7 @@ probe nd_syscall.tgkill = kernel.function("sys_tgkill") { sig = int_arg(3) argstr = sprintf("%d, %d, %s", tgid, pid, _signal_name(sig)) } -probe nd_syscall.tgkill.return = kernel.function("sys_tgkill").return { +probe nd_syscall.tgkill.return = kprobe.function("sys_tgkill").return { name = "tgkill" retstr = returnstr(1) } @@ -3231,10 +3231,10 @@ probe nd_syscall.tgkill.return = kernel.function("sys_tgkill").return { # long compat_sys_time(compat_time_t __user * tloc) # probe nd_syscall.time = - kernel.function("sys_time")?, - kernel.function("sys32_time") ?, - kernel.function("sys_time64") ?, - kernel.function("compat_sys_time") ? + kprobe.function("sys_time")?, + kprobe.function("sys32_time") ?, + kprobe.function("sys_time64") ?, + kprobe.function("compat_sys_time") ? { name = "time" // t_uaddr = $tloc @@ -3244,10 +3244,10 @@ probe nd_syscall.time = argstr = sprintf("%p", t_uaddr) } probe nd_syscall.time.return = - kernel.function("sys_time").return?, - kernel.function("sys32_time").return ?, - kernel.function("sys_time64").return ?, - kernel.function("compat_sys_time").return ? + kprobe.function("sys_time").return?, + kprobe.function("sys32_time").return ?, + kprobe.function("sys_time64").return ?, + kprobe.function("compat_sys_time").return ? { name = "time" retstr = returnstr(1) @@ -3259,7 +3259,7 @@ probe nd_syscall.time.return = # struct sigevent __user *timer_event_spec, # timer_t __user * created_timer_id) # -probe nd_syscall.timer_create = kernel.function("sys_timer_create") { +probe nd_syscall.timer_create = kprobe.function("sys_timer_create") { name = "timer_create" // clockid = $which_clock // clockid_str = _get_wc_str($which_clock) @@ -3274,7 +3274,7 @@ probe nd_syscall.timer_create = kernel.function("sys_timer_create") { argstr = sprintf("%s, %p, %p", clockid_str, evp_uaddr, timerid_uaddr) } probe nd_syscall.timer_create.return = - kernel.function("sys_timer_create").return { + kprobe.function("sys_timer_create").return { name = "timer_create" retstr = returnstr(1) } @@ -3283,7 +3283,7 @@ probe nd_syscall.timer_create.return = # # long sys_timer_delete(timer_t timer_id) # -probe nd_syscall.timer_delete = kernel.function("sys_timer_delete") { +probe nd_syscall.timer_delete = kprobe.function("sys_timer_delete") { name = "timer_delete" // timerid = $timer_id // argstr = sprint($timer_id) @@ -3291,7 +3291,7 @@ probe nd_syscall.timer_delete = kernel.function("sys_timer_delete") { timerid = int_arg(1) argstr = sprint(timerid) } -probe nd_syscall.timer_delete.return = kernel.function("sys_timer_delete").return { +probe nd_syscall.timer_delete.return = kprobe.function("sys_timer_delete").return { name = "timer_delete" retstr = returnstr(1) } @@ -3300,7 +3300,7 @@ probe nd_syscall.timer_delete.return = kernel.function("sys_timer_delete").retur # # long sys_timer_getoverrun(timer_t timer_id) # -probe nd_syscall.timer_getoverrun = kernel.function("sys_timer_getoverrun") { +probe nd_syscall.timer_getoverrun = kprobe.function("sys_timer_getoverrun") { name = "timer_getoverrun" // timerid = $timer_id // argstr = sprint($timer_id) @@ -3309,7 +3309,7 @@ probe nd_syscall.timer_getoverrun = kernel.function("sys_timer_getoverrun") { argstr = sprint(timerid) } probe nd_syscall.timer_getoverrun.return = - kernel.function("sys_timer_getoverrun").return { + kprobe.function("sys_timer_getoverrun").return { name = "timer_getoverrun" retstr = returnstr(1) } @@ -3319,7 +3319,7 @@ probe nd_syscall.timer_getoverrun.return = # long sys_timer_gettime(timer_t timer_id, # struct itimerspec __user *setting) # -probe nd_syscall.timer_gettime = kernel.function("sys_timer_gettime") { +probe nd_syscall.timer_gettime = kprobe.function("sys_timer_gettime") { name = "timer_gettime" // timerid = $timer_id // value_uaddr = $setting @@ -3330,7 +3330,7 @@ probe nd_syscall.timer_gettime = kernel.function("sys_timer_gettime") { argstr = sprintf("%d, %p", timerid, value_uaddr) } probe nd_syscall.timer_gettime.return = - kernel.function("sys_timer_gettime").return { + kprobe.function("sys_timer_gettime").return { name = "timer_gettime" retstr = returnstr(1) } @@ -3342,7 +3342,7 @@ probe nd_syscall.timer_gettime.return = # const struct itimerspec __user *new_setting, # struct itimerspec __user *old_setting) # -probe nd_syscall.timer_settime = kernel.function("sys_timer_settime") { +probe nd_syscall.timer_settime = kprobe.function("sys_timer_settime") { name = "timer_settime" // timerid = $timer_id // flags = $flags @@ -3361,7 +3361,7 @@ probe nd_syscall.timer_settime = kernel.function("sys_timer_settime") { ovalue_uaddr) } probe nd_syscall.timer_settime.return = - kernel.function("sys_timer_settime").return { + kprobe.function("sys_timer_settime").return { name = "timer_settime" retstr = returnstr(1) } @@ -3374,8 +3374,8 @@ probe nd_syscall.timer_settime.return = # const struct compat_itimerspec __user *utmr) # probe nd_syscall.timerfd = - kernel.function("sys_timerfd") ?, - kernel.function("compat_sys_timerfd") ? + kprobe.function("sys_timerfd") ?, + kprobe.function("compat_sys_timerfd") ? { name = "timerfd" // argstr = sprintf("%d, %d, 0x%x", $ufd, $clockid, $flags) @@ -3383,8 +3383,8 @@ probe nd_syscall.timerfd = argstr = sprintf("%d, %d, 0x%x", int_arg(1), int_arg(2), int_arg(3)) } probe nd_syscall.timerfd.return = - kernel.function("sys_timerfd").return ?, - kernel.function("compat_sys_timerfd").return ? + kprobe.function("sys_timerfd").return ?, + kprobe.function("compat_sys_timerfd").return ? { name = "timerfd" retstr = returnstr(1) @@ -3395,8 +3395,8 @@ probe nd_syscall.timerfd.return = # long sys_times(struct tms __user * tbuf) # long compat_sys_times(struct compat_tms __user *tbuf) probe nd_syscall.times = - kernel.function("sys_times") ?, - kernel.function("compat_sys_times") ? + kprobe.function("sys_times") ?, + kprobe.function("compat_sys_times") ? { name = "times" // argstr = sprintf("%p", $tbuf) @@ -3404,8 +3404,8 @@ probe nd_syscall.times = argstr = sprintf("%p", pointer_arg(1)) } probe nd_syscall.times.return = - kernel.function("sys_times").return ?, - kernel.function("compat_sys_times").return ? + kprobe.function("sys_times").return ?, + kprobe.function("compat_sys_times").return ? { name = "times" retstr = returnstr(1) @@ -3417,7 +3417,7 @@ probe nd_syscall.times.return = # sys_tkill(int pid, # int sig) # -probe nd_syscall.tkill = kernel.function("sys_tkill") { +probe nd_syscall.tkill = kprobe.function("sys_tkill") { name = "tkill" // pid = $pid // sig = $sig @@ -3427,7 +3427,7 @@ probe nd_syscall.tkill = kernel.function("sys_tkill") { sig = int_arg(2) argstr = sprintf("%d, %s", pid, _signal_name(sig)) } -probe nd_syscall.tkill.return = kernel.function("sys_tkill").return { +probe nd_syscall.tkill.return = kprobe.function("sys_tkill").return { name = "tkill" retstr = returnstr(1) } @@ -3437,7 +3437,7 @@ probe nd_syscall.tkill.return = kernel.function("sys_tkill").return { # sys_truncate(const char __user * path, unsigned long length) # sys_truncate64(const char __user * path, loff_t length) # -probe nd_syscall.truncate = kernel.function("sys_truncate")?, kernel.function("sys_truncate64") ? { +probe nd_syscall.truncate = kprobe.function("sys_truncate")?, kprobe.function("sys_truncate64") ? { name = "truncate" // path_uaddr = $path // path = user_string($path) @@ -3452,7 +3452,7 @@ probe nd_syscall.truncate = kernel.function("sys_truncate")?, kernel.function("s length = longlong_arg(2) argstr = sprintf("%s, %d", user_string_quoted(path_uaddr), length) } -probe nd_syscall.truncate.return = kernel.function("sys_truncate").return ?, kernel.function("sys_truncate64").return ? { +probe nd_syscall.truncate.return = kprobe.function("sys_truncate").return ?, kprobe.function("sys_truncate64").return ? { name = "truncate" retstr = returnstr(1) } @@ -3460,7 +3460,7 @@ probe nd_syscall.truncate.return = kernel.function("sys_truncate").return ?, ker # tux ________________________________________________________ # long sys_tux (unsigned int action, user_req_t *u_info) # -probe nd_syscall.tux = kernel.function("sys_tux") ? { +probe nd_syscall.tux = kprobe.function("sys_tux") ? { name = "tux" // action = $action // u_info_uaddr = $u_info @@ -3471,7 +3471,7 @@ probe nd_syscall.tux = kernel.function("sys_tux") ? { u_info_uaddr = pointer_arg(2) argstr = sprintf("%d, %p", action, u_info_uaddr) } -probe nd_syscall.tux.return = kernel.function("sys_tux").return ? { +probe nd_syscall.tux.return = kprobe.function("sys_tux").return ? { name = "tux" retstr = returnstr(1) } @@ -3479,7 +3479,7 @@ probe nd_syscall.tux.return = kernel.function("sys_tux").return ? { # umask ______________________________________________________ # long sys_umask(int mask) # -probe nd_syscall.umask = kernel.function("sys_umask") { +probe nd_syscall.umask = kprobe.function("sys_umask") { name = "umask" // mask = $mask // argstr = sprintf("%#o", $mask) @@ -3487,7 +3487,7 @@ probe nd_syscall.umask = kernel.function("sys_umask") { mask = int_arg(1) argstr = sprintf("%#o", mask) } -probe nd_syscall.umask.return = kernel.function("sys_umask").return { +probe nd_syscall.umask.return = kprobe.function("sys_umask").return { name = "umask" retstr = returnstr(3) } @@ -3495,7 +3495,7 @@ probe nd_syscall.umask.return = kernel.function("sys_umask").return { # umount _____________________________________________________ # long sys_umount(char __user * name, int flags) # -probe nd_syscall.umount = kernel.function("sys_umount") { +probe nd_syscall.umount = kprobe.function("sys_umount") { name = "umount" // target = user_string($name) // flags = $flags @@ -3507,7 +3507,7 @@ probe nd_syscall.umount = kernel.function("sys_umount") { flags_str = _umountflags_str(flags) argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), flags_str) } -probe nd_syscall.umount.return = kernel.function("sys_umount").return { +probe nd_syscall.umount.return = kprobe.function("sys_umount").return { name = "umount" retstr = returnstr(1) } @@ -3520,11 +3520,11 @@ probe nd_syscall.umount.return = kernel.function("sys_umount").return { # long sys32_uname(struct old_utsname __user * name) # probe nd_syscall.uname = - kernel.function("sys_uname") ?, - kernel.function("sys_olduname") ?, - kernel.function("sys32_olduname") ?, - kernel.function("sys32_uname") ?, - kernel.function("sys_newuname") ? + kprobe.function("sys_uname") ?, + kprobe.function("sys_olduname") ?, + kprobe.function("sys32_olduname") ?, + kprobe.function("sys32_uname") ?, + kprobe.function("sys_newuname") ? { name = "uname" // argstr = sprintf("%p", $name) @@ -3539,11 +3539,11 @@ probe nd_syscall.uname = } probe nd_syscall.uname.return = - kernel.function("sys_uname").return ?, - kernel.function("sys_olduname").return ?, - kernel.function("sys32_olduname").return ?, - kernel.function("sys32_uname").return ?, - kernel.function("sys_newuname").return ? + kprobe.function("sys_uname").return ?, + kprobe.function("sys_olduname").return ?, + kprobe.function("sys32_olduname").return ?, + kprobe.function("sys32_uname").return ?, + kprobe.function("sys_newuname").return ? { name = "uname" retstr = returnstr(1) @@ -3552,7 +3552,7 @@ probe nd_syscall.uname.return = # unlink _____________________________________________________ # long sys_unlink(const char __user * pathname) # -probe nd_syscall.unlink = kernel.function("sys_unlink") { +probe nd_syscall.unlink = kprobe.function("sys_unlink") { name = "unlink" // pathname_uaddr = $pathname // pathname = user_string($pathname) @@ -3562,7 +3562,7 @@ probe nd_syscall.unlink = kernel.function("sys_unlink") { pathname = user_string(pathname_uaddr) argstr = user_string_quoted(pathname_uaddr) } -probe nd_syscall.unlink.return = kernel.function("sys_unlink").return { +probe nd_syscall.unlink.return = kprobe.function("sys_unlink").return { name = "unlink" retstr = returnstr(1) } @@ -3571,7 +3571,7 @@ probe nd_syscall.unlink.return = kernel.function("sys_unlink").return { # asmlinkage long # sys_uselib(const char __user * library) # -probe nd_syscall.uselib = kernel.function("sys_uselib") { +probe nd_syscall.uselib = kprobe.function("sys_uselib") { name = "uselib" // library_uaddr = $library // library = user_string($library) @@ -3581,14 +3581,14 @@ probe nd_syscall.uselib = kernel.function("sys_uselib") { library = user_string(library_uaddr) argstr = user_string_quoted(library_uaddr) } -probe nd_syscall.uselib.return = kernel.function("sys_uselib").return { +probe nd_syscall.uselib.return = kprobe.function("sys_uselib").return { name = "uselib" retstr = returnstr(1) } # ustat ______________________________________________________ # long sys_ustat(unsigned dev, struct ustat __user * ubuf) # -probe nd_syscall.ustat = kernel.function("sys_ustat") { +probe nd_syscall.ustat = kprobe.function("sys_ustat") { name = "ustat" // dev = $dev // ubuf_uaddr = $ubuf @@ -3600,7 +3600,7 @@ probe nd_syscall.ustat = kernel.function("sys_ustat") { } #long sys32_ustat(unsigned dev, struct ustat32 __user *u32p) -probe nd_syscall.ustat32 = kernel.function("sys32_ustat") ? { +probe nd_syscall.ustat32 = kprobe.function("sys32_ustat") ? { name = "ustat" // dev = $dev // argstr = sprintf("%d, %p", $dev, $u32p) @@ -3610,8 +3610,8 @@ probe nd_syscall.ustat32 = kernel.function("sys32_ustat") ? { } probe nd_syscall.ustat.return = - kernel.function("sys_ustat").return, - kernel.function("sys32_ustat").return ? + kprobe.function("sys_ustat").return, + kprobe.function("sys32_ustat").return ? { name = "ustat" retstr = returnstr(1) @@ -3619,7 +3619,7 @@ probe nd_syscall.ustat.return = # utime ______________________________________________________ # long sys_utime(char __user * filename, struct utimbuf __user * times) -probe nd_syscall.utime = kernel.function("sys_utime") ? { +probe nd_syscall.utime = kprobe.function("sys_utime") ? { name = "utime" asmlinkage() filename_uaddr = pointer_arg(1) @@ -3630,13 +3630,13 @@ probe nd_syscall.utime = kernel.function("sys_utime") ? { argstr = sprintf("%s, [%s, %s]", filename, ctime(actime), ctime(modtime)) } -probe nd_syscall.utime.return = kernel.function("sys_utime").return ? { +probe nd_syscall.utime.return = kprobe.function("sys_utime").return ? { name = "utime" retstr = returnstr(1) } # long compat_sys_utime(char __user *filename, struct compat_utimbuf __user *t) -probe nd_syscall.compat_utime = kernel.function("compat_sys_utime") ? { +probe nd_syscall.compat_utime = kprobe.function("compat_sys_utime") ? { name = "utime" asmlinkage() filename_uaddr = pointer_arg(1) @@ -3647,7 +3647,7 @@ probe nd_syscall.compat_utime = kernel.function("compat_sys_utime") ? { argstr = sprintf("%s, [%s, %s]", filename, ctime(actime), ctime(modtime)) } -probe nd_syscall.compat_utime.return = kernel.function("compat_sys_utime").return ? { +probe nd_syscall.compat_utime.return = kprobe.function("compat_sys_utime").return ? { name = "utime" retstr = returnstr(1) } @@ -3656,7 +3656,7 @@ probe nd_syscall.compat_utime.return = kernel.function("compat_sys_utime").retur # # long sys_utimes(char __user * filename, struct timeval __user * utimes) # -probe nd_syscall.utimes = kernel.function("sys_utimes") { +probe nd_syscall.utimes = kprobe.function("sys_utimes") { name = "utimes" // filename_uaddr = $filename // filename = user_string($filename) @@ -3670,7 +3670,7 @@ probe nd_syscall.utimes = kernel.function("sys_utimes") { argstr = sprintf("%s, %s", user_string_quoted(filename_uaddr), _struct_timeval_u(tvp_uaddr, 2)) } -probe nd_syscall.utimes.return = kernel.function("sys_utimes").return { +probe nd_syscall.utimes.return = kprobe.function("sys_utimes").return { name = "utimes" retstr = returnstr(1) } @@ -3678,7 +3678,7 @@ probe nd_syscall.utimes.return = kernel.function("sys_utimes").return { # # long compat_sys_utimes(char __user *filename, struct compat_timeval __user *t) # -probe nd_syscall.compat_sys_utimes = kernel.function("compat_sys_utimes") ? { +probe nd_syscall.compat_sys_utimes = kprobe.function("compat_sys_utimes") ? { name = "utimes" // filename = user_string($filename) // argstr = sprintf("%s, %s", user_string_quoted($filename), @@ -3688,7 +3688,7 @@ probe nd_syscall.compat_sys_utimes = kernel.function("compat_sys_utimes") ? { argstr = sprintf("%s, %s", user_string_quoted(filename), _struct_compat_timeval_u(pointer_arg(2), 2)) } -probe nd_syscall.compat_sys_utimes.return = kernel.function("compat_sys_utimes").return ? { +probe nd_syscall.compat_sys_utimes.return = kprobe.function("compat_sys_utimes").return ? { name = "utimes" retstr = returnstr(1) } @@ -3697,7 +3697,7 @@ probe nd_syscall.compat_sys_utimes.return = kernel.function("compat_sys_utimes") # long sys_utimensat(int dfd, char __user *filename, struct timespec __user *utimes, int flags) # long compat_sys_utimensat(unsigned int dfd, char __user *filename, struct compat_timespec __user *t, int flags) # -probe nd_syscall.utimensat = kernel.function("sys_utimensat") ? { +probe nd_syscall.utimensat = kprobe.function("sys_utimensat") ? { name = "utimensat" // argstr = sprintf("%s, %s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), _struct_timespec_u($utimes,2), // _at_flag_str($flags)) @@ -3705,7 +3705,7 @@ probe nd_syscall.utimensat = kernel.function("sys_utimensat") ? { argstr = sprintf("%s, %s, %s, %s", _dfd_str(int_arg(1)), user_string_quoted(pointer_arg(2)), _struct_timespec_u(pointer_arg(3),2), _at_flag_str(int_arg(4))) } -probe nd_syscall.compat_utimensat = kernel.function("compat_sys_utimensat") ? { +probe nd_syscall.compat_utimensat = kprobe.function("compat_sys_utimensat") ? { name = "utimensat" // argstr = sprintf("%s, %s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), _struct_compat_timespec_u($t,2), // _at_flag_str($flags)) @@ -3713,11 +3713,11 @@ probe nd_syscall.compat_utimensat = kernel.function("compat_sys_utimensat") ? { argstr = sprintf("%s, %s, %s, %s", _dfd_str(uint_arg(1)), user_string_quoted(pointer_arg(2)), _struct_compat_timespec_u(pointer_arg(3),2), _at_flag_str(int_arg(4))) } -probe nd_syscall.utimensat.return = kernel.function("sys_utimensat").return ? { +probe nd_syscall.utimensat.return = kprobe.function("sys_utimensat").return ? { name = "utimensat" retstr = returnstr(1) } -probe nd_syscall.compat_utimensat.return = kernel.function("compat_sys_utimensat").return ? { +probe nd_syscall.compat_utimensat.return = kprobe.function("compat_sys_utimensat").return ? { name = "utimensat" retstr = returnstr(1) } @@ -3727,11 +3727,11 @@ probe nd_syscall.compat_utimensat.return = kernel.function("compat_sys_utimensa # asmlinkage long # sys_vhangup(void) # -probe nd_syscall.vhangup = kernel.function("sys_vhangup") { +probe nd_syscall.vhangup = kprobe.function("sys_vhangup") { name = "vhangup" argstr = "" } -probe nd_syscall.vhangup.return = kernel.function("sys_vhangup").return { +probe nd_syscall.vhangup.return = kprobe.function("sys_vhangup").return { name = "vhangup" retstr = returnstr(1) } @@ -3743,23 +3743,23 @@ probe nd_syscall.vhangup.return = kernel.function("sys_vhangup").return { # long compat_sys_vmsplice(int fd, const struct compat_iovec __user *iov32, # unsigned int nr_segs, unsigned int flags) # -probe nd_syscall.vmsplice = kernel.function("sys_vmsplice") ? { +probe nd_syscall.vmsplice = kprobe.function("sys_vmsplice") ? { name = "vmsplice" // argstr = sprintf("%d, %p, %d, 0x%x", $fd, $iov, $nr_segs, $flags) asmlinkage() argstr = sprintf("%d, %p, %d, 0x%x", int_arg(1), pointer_arg(2), ulong_arg(3), uint_arg(4)) } -probe nd_syscall.compat_vmsplice = kernel.function("compat_sys_vmsplice") ? { +probe nd_syscall.compat_vmsplice = kprobe.function("compat_sys_vmsplice") ? { name = "vmsplice" // argstr = sprintf("%d, %p, %d, 0x%x", $fd, $iov32, $nr_segs, $flags) asmlinkage() argstr = sprintf("%d, %p, %d, 0x%x", int_arg(1), pointer_arg(2), uint_arg(3), uint_arg(4)) } -probe nd_syscall.vmsplice.return = kernel.function("sys_vmsplice").return ? { +probe nd_syscall.vmsplice.return = kprobe.function("sys_vmsplice").return ? { name = "vmsplice" retstr = returnstr(1) } -probe nd_syscall.compat_vmsplice.return = kernel.function("compat_sys_vmsplice").return ? { +probe nd_syscall.compat_vmsplice.return = kprobe.function("compat_sys_vmsplice").return ? { name = "vmsplice" retstr = returnstr(1) } @@ -3771,7 +3771,7 @@ probe nd_syscall.compat_vmsplice.return = kernel.function("compat_sys_vmsplice") # int options, # struct rusage __user *ru) # -probe nd_syscall.wait4 = kernel.function("sys_wait4") { +probe nd_syscall.wait4 = kprobe.function("sys_wait4") { name = "wait4" // pid = %( kernel_vr >= "2.6.25" %? $upid %: $pid%) // status_uaddr = $stat_addr @@ -3790,7 +3790,7 @@ probe nd_syscall.wait4 = kernel.function("sys_wait4") { argstr = sprintf("%d, %p, %s, %p", pid, status_uaddr,_wait4_opt_str(options), rusage_uaddr) } -probe nd_syscall.wait4.return = kernel.function("sys_wait4").return { +probe nd_syscall.wait4.return = kprobe.function("sys_wait4").return { name = "wait4" retstr = returnstr(1) } @@ -3802,7 +3802,7 @@ probe nd_syscall.wait4.return = kernel.function("sys_wait4").return { # int options, # struct rusage __user *ru) # -probe nd_syscall.waitid = kernel.function("sys_waitid") { +probe nd_syscall.waitid = kprobe.function("sys_waitid") { name = "waitid" // pid = %( kernel_vr >= "2.6.25" %? $upid %: $pid%) // which = $which @@ -3825,7 +3825,7 @@ probe nd_syscall.waitid = kernel.function("sys_waitid") { argstr = sprintf("%d, %d, %p, %s, %p", which, pid, infop_uaddr, _waitid_opt_str(options), rusage_uaddr) } -probe nd_syscall.waitid.return = kernel.function("sys_waitid").return { +probe nd_syscall.waitid.return = kprobe.function("sys_waitid").return { name = "waitid" retstr = returnstr(1) } @@ -3837,7 +3837,7 @@ probe nd_syscall.waitid.return = kernel.function("sys_waitid").return { # int options, # struct rusage __user *ru) # -probe nd_syscall.waitpid = kernel.function("sys_wait4") { +probe nd_syscall.waitpid = kprobe.function("sys_wait4") { name = "waitpid" pid = $pid status_uaddr = $stat_addr @@ -3847,7 +3847,7 @@ probe nd_syscall.waitpid = kernel.function("sys_wait4") { argstr = sprintf("%d, %p, %s, %p", $pid, $stat_addr, options_str, $ru) } -probe nd_syscall.waitpid.return = kernel.function("sys_wait4").return { +probe nd_syscall.waitpid.return = kprobe.function("sys_wait4").return { name = "waitpid" retstr = returnstr(1) } @@ -3859,7 +3859,7 @@ probe nd_syscall.waitpid.return = kernel.function("sys_wait4").return { # const char __user * buf, # size_t count) # -probe nd_syscall.write = kernel.function("sys_write") { +probe nd_syscall.write = kprobe.function("sys_write") { name = "write" // fd = $fd // buf_uaddr = $buf @@ -3872,7 +3872,7 @@ probe nd_syscall.write = kernel.function("sys_write") { argstr = sprintf("%d, %s, %d", fd, text_strn(user_string(buf_uaddr),syscall_string_trunc,1), count) } -probe nd_syscall.write.return = kernel.function("sys_write").return { +probe nd_syscall.write.return = kprobe.function("sys_write").return { name = "write" retstr = returnstr(1) } @@ -3887,8 +3887,8 @@ probe nd_syscall.write.return = kernel.function("sys_write").return { # unsigned long vlen) # probe nd_syscall.writev = - kernel.function("sys_writev"), - kernel.function("compat_sys_writev") ? + kprobe.function("sys_writev"), + kprobe.function("compat_sys_writev") ? { name = "writev" // vector_uaddr = $vec @@ -3908,8 +3908,8 @@ probe nd_syscall.writev = } probe nd_syscall.writev.return = - kernel.function("sys_writev").return, - kernel.function("compat_sys_writev").return ? + kprobe.function("sys_writev").return, + kprobe.function("compat_sys_writev").return ? { name = "writev" retstr = returnstr(1) -- cgit From 2dcaa5344939c8a708224d0830cfb728b2afcacb Mon Sep 17 00:00:00 2001 From: Josh Stone Date: Fri, 29 May 2009 15:24:53 -0700 Subject: Kill trailing whitespace in nd_syscalls[2] --- tapset/nd_syscalls.stp | 18 ++-- tapset/nd_syscalls2.stp | 270 ++++++++++++++++++++++++------------------------ 2 files changed, 144 insertions(+), 144 deletions(-) (limited to 'tapset') diff --git a/tapset/nd_syscalls.stp b/tapset/nd_syscalls.stp index 221e680a..f9a6ffce 100644 --- a/tapset/nd_syscalls.stp +++ b/tapset/nd_syscalls.stp @@ -141,7 +141,7 @@ probe nd_syscall.adjtimex = kprobe.function("SyS_adjtimex") ?, kprobe.function("sys_adjtimex") ? { name = "adjtimex" - + /* * buf_offset = __uget_timex_m($txc_p, 1) * buf_freq = __uget_timex_m($txc_p, 2) @@ -1354,7 +1354,7 @@ probe nd_syscall.fork = kprobe.function("do_fork") stack_size = ulong_arg(4) parent_tid_uaddr = pointer_arg(5) child_tid_uaddr = pointer_arg(6) - + if (!__is_user_regs(regs)) { name = "fork_kernel_thread" argstr = __fork_flags(clone_flags) @@ -2505,7 +2505,7 @@ probe nd_syscall.io_cancel = kprobe.function("SyS_io_cancel") ?, ctx_id = ulong_arg(1) iocb_uaddr = pointer_arg(2) result_uaddr = pointer_arg(3) - argstr = sprintf("%d, %p, %p", ctx_id, iocb_uaddr, result_uaddr) + argstr = sprintf("%d, %p, %p", ctx_id, iocb_uaddr, result_uaddr) } probe nd_syscall.io_cancel.return = kprobe.function("SyS_io_cancel").return ?, kprobe.function("sys_io_cancel").return ? @@ -2788,7 +2788,7 @@ probe nd_syscall.kexec_load.return = kprobe.function("compat_sys_kexec_load").re kprobe.function("sys_kexec_load").return ? { name = "kexec_load" - retstr = returnstr(1) + retstr = returnstr(1) } # keyctl _____________________________________________________ @@ -2854,7 +2854,7 @@ probe nd_syscall.lchown = kprobe.function("SyS_lchown") ?, owner = __int32(uint_arg(2)) group = __int32(uint_arg(3)) argstr = sprintf("%s, %d, %d", user_string_quoted(pointer_arg(1)), owner, group) -} +} probe nd_syscall.lchown.return = kprobe.function("SyS_lchown").return ?, kprobe.function("sys_lchown").return ? { @@ -2951,7 +2951,7 @@ probe nd_syscall.link.return = kprobe.function("SyS_link").return ?, kprobe.function("sys_link").return ? { name = "link" - retstr = returnstr(1) + retstr = returnstr(1) } # linkat _____________________________________________________ @@ -3008,7 +3008,7 @@ probe nd_syscall.listen = kprobe.function("SyS_listen") ?, sockfd = int_arg(1) backlog = int_arg(2) argstr = sprintf("%d, %d", sockfd, backlog) -} +} probe nd_syscall.listen.return = kprobe.function("SyS_listen").return ?, kprobe.function("sys_listen").return ? { @@ -3400,7 +3400,7 @@ probe nd_syscall.mincore.return = kprobe.function("SyS_mincore").return ?, kprobe.function("sys_mincore").return ? { name = "mincore" - retstr = returnstr(1) + retstr = returnstr(1) } # mkdir ______________________________________________________ @@ -3423,7 +3423,7 @@ probe nd_syscall.mkdir.return = kprobe.function("SyS_mkdir").return ?, kprobe.function("sys_mkdir").return ? { name = "mkdir" - retstr = returnstr(1) + retstr = returnstr(1) } # mkdirat ____________________________________________________ diff --git a/tapset/nd_syscalls2.stp b/tapset/nd_syscalls2.stp index f3a2c14f..33ffe11d 100644 --- a/tapset/nd_syscalls2.stp +++ b/tapset/nd_syscalls2.stp @@ -78,7 +78,7 @@ probe nd_syscall.nfsservctl = resp_uaddr = pointer_arg(3) argstr = sprintf("%s, %p, %p", _nfsctl_cmd_str(cmd), argp_uaddr, resp_uaddr) } -probe nd_syscall.nfsservctl.return = +probe nd_syscall.nfsservctl.return = kprobe.function("sys_nfsservctl").return ?, kprobe.function("compat_sys_nfsservctl").return ? { @@ -119,7 +119,7 @@ probe nd_syscall.ni_syscall.return = kprobe.function("sys_ni_syscall").return { # long sys_open(const char __user * filename, int flags, int mode) # (obsolete) long sys32_open(const char * filename, int flags, int mode) # -probe nd_syscall.open = +probe nd_syscall.open = kprobe.function("sys_open") ?, kprobe.function("compat_sys_open") ?, kprobe.function("sys32_open") ? @@ -129,25 +129,25 @@ probe nd_syscall.open = // flags = $flags // mode = $mode // if (flags & 64) - // argstr = sprintf("%s, %s, %#o", user_string_quoted($filename), + // argstr = sprintf("%s, %s, %#o", user_string_quoted($filename), // _sys_open_flag_str($flags), $mode) // else - // argstr = sprintf("%s, %s", user_string_quoted($filename), + // argstr = sprintf("%s, %s", user_string_quoted($filename), // _sys_open_flag_str($flags)) asmlinkage() filename = user_string(pointer_arg(1)) flags = int_arg(2) mode = int_arg(3) if (flags & 64) - argstr = sprintf("%s, %s, %#o", user_string_quoted(pointer_arg(1)), + argstr = sprintf("%s, %s, %#o", user_string_quoted(pointer_arg(1)), _sys_open_flag_str(flags), mode) else - argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), + argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), _sys_open_flag_str(flags)) } -probe nd_syscall.open.return = - kprobe.function("sys_open").return ?, - kprobe.function("compat_sys_open").return ?, +probe nd_syscall.open.return = + kprobe.function("sys_open").return ?, + kprobe.function("compat_sys_open").return ?, kprobe.function("sys32_open").return ? { name = "open" @@ -158,7 +158,7 @@ probe nd_syscall.open.return = # long sys_openat(int dfd, const char __user *filename, int flags, int mode) # long compat_sys_openat(unsigned int dfd, const char __user *filename, int flags, int mode) # -probe nd_syscall.openat = +probe nd_syscall.openat = kprobe.function("sys_openat") ?, kprobe.function("compat_sys_openat") ? { @@ -168,11 +168,11 @@ probe nd_syscall.openat = // mode = $mode // if ($flags & 64) // argstr = sprintf("%s, %s, %s, %#o", _dfd_str($dfd), - // user_string_quoted($filename), + // user_string_quoted($filename), // _sys_open_flag_str($flags), $mode) // else // argstr = sprintf("%s, %s, %s", _dfd_str($dfd), - // user_string_quoted($filename), + // user_string_quoted($filename), // _sys_open_flag_str($flags)) asmlinkage() filename = user_string(pointer_arg(2)) @@ -180,14 +180,14 @@ probe nd_syscall.openat = mode = int_arg(4) if (flags & 64) argstr = sprintf("%s, %s, %s, %#o", _dfd_str(int_arg(1)), - user_string_quoted(pointer_arg(2)), + user_string_quoted(pointer_arg(2)), _sys_open_flag_str(flags), mode) else argstr = sprintf("%s, %s, %s", _dfd_str(int_arg(1)), - user_string_quoted(pointer_arg(2)), + user_string_quoted(pointer_arg(2)), _sys_open_flag_str(flags)) } -probe nd_syscall.openat.return = +probe nd_syscall.openat.return = kprobe.function("sys_openat").return ?, kprobe.function("compat_sys_openat").return ? { @@ -202,11 +202,11 @@ probe nd_syscall.openat.return = probe nd_syscall.pause = kprobe.function("sys_pause") ?, kprobe.function("sys32_pause") ?, kprobe.function("compat_sys_pause") ? -{ +{ name = "pause" argstr = "" } -probe nd_syscall.pause.return = kprobe.function("sys_pause").return ?, +probe nd_syscall.pause.return = kprobe.function("sys_pause").return ?, kprobe.function("sys32_pause").return ?, kprobe.function("compat_sys_pause").return ? { @@ -333,12 +333,12 @@ probe nd_syscall.pivot_root = kprobe.function("sys_pivot_root") { // new_root_str = user_string($new_root) // old_root_str = user_string($put_old) // argstr = sprintf("%s, %s", user_string_quoted($new_root), - // user_string_quoted($put_old)) + // user_string_quoted($put_old)) asmlinkage() new_root_str = user_string(pointer_arg(1)) old_root_str = user_string(pointer_arg(2)) argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), - user_string_quoted(pointer_arg(2))) + user_string_quoted(pointer_arg(2))) } probe nd_syscall.pivot_root.return = kprobe.function("sys_pivot_root").return { name = "pivot_root" @@ -374,17 +374,17 @@ probe nd_syscall.poll.return = kprobe.function("sys_poll").return { # probe nd_syscall.ppoll = kprobe.function("sys_ppoll") ? { name = "ppoll" - // argstr = sprintf("%p, %d, %s, %p, %d", + // argstr = sprintf("%p, %d, %s, %p, %d", // $ufds, // $nfds, - // _struct_timespec_u($tsp,1), + // _struct_timespec_u($tsp,1), // $sigmask, // $sigsetsize) asmlinkage() - argstr = sprintf("%p, %d, %s, %p, %d", + argstr = sprintf("%p, %d, %s, %p, %d", pointer_arg(1), uint_arg(2), - _struct_timespec_u(pointer_arg(3),1), + _struct_timespec_u(pointer_arg(3),1), pointer_arg(4), ulong_arg(5)) } @@ -398,17 +398,17 @@ probe nd_syscall.ppoll.return = kprobe.function("sys_ppoll").return ? { # probe nd_syscall.compat_ppoll = kprobe.function("compat_sys_ppoll") ? { name = "ppoll" - // argstr = sprintf("%p, %d, %s, %p, %d", + // argstr = sprintf("%p, %d, %s, %p, %d", // $ufds, // $nfds, - // _struct_compat_timespec_u($tsp,1), + // _struct_compat_timespec_u($tsp,1), // $sigmask, // $sigsetsize) asmlinkage() - argstr = sprintf("%p, %d, %s, %p, %d", + argstr = sprintf("%p, %d, %s, %p, %d", pointer_arg(1), uint_arg(2), - _struct_compat_timespec_u(pointer_arg(3),1), + _struct_compat_timespec_u(pointer_arg(3),1), pointer_arg(4), u32_arg(5)) } @@ -461,7 +461,7 @@ probe nd_syscall.pread = kprobe.function("sys_pread64") { // offset = $pos // argstr = sprintf("%d, %p, %d, %d", $fd, $buf, $count, $pos) asmlinkage() - fd = uint_arg(1) + fd = uint_arg(1) buf_uaddr = pointer_arg(2) count = ulong_arg(3) offset = longlong_arg(4) @@ -505,7 +505,7 @@ probe nd_syscall.compat_pselect6.return = kprobe.function("compat_sys_pselect6") # pselect7 _____________________________________________________ # # long sys_pselect7(int n, fd_set __user *inp, fd_set __user *outp, -# fd_set __user *exp, struct timespec __user *tsp, +# fd_set __user *exp, struct timespec __user *tsp, # const sigset_t __user *sigmask, size_t sigsetsize) # probe nd_syscall.pselect7 = kprobe.function("sys_pselect7") ? { @@ -541,7 +541,7 @@ probe nd_syscall.compat_pselect7.return = kprobe.function("compat_sys_pselect7") # long data) # probe nd_syscall.ptrace = kprobe.function("sys_ptrace") ? { - name = "ptrace" + name = "ptrace" // request = $request // pid = $pid // addr = $addr @@ -571,7 +571,7 @@ probe nd_syscall.pwrite = kprobe.function("sys_pwrite64") { // buf_uaddr = $buf // count = $count // offset = $pos - // argstr = sprintf("%d, %s, %d, %d", $fd, + // argstr = sprintf("%d, %s, %d, %d", $fd, // text_strn(user_string($buf),syscall_string_trunc,1), // $count, $pos) asmlinkage() @@ -579,7 +579,7 @@ probe nd_syscall.pwrite = kprobe.function("sys_pwrite64") { buf_uaddr = pointer_arg(2) count = ulong_arg(3) offset = longlong_arg(4) - argstr = sprintf("%d, %s, %d, %d", fd, + argstr = sprintf("%d, %s, %d, %d", fd, text_strn(user_string(buf_uaddr),syscall_string_trunc,1), count, offset) } @@ -602,7 +602,7 @@ probe nd_syscall.pwrite32 = kprobe.function("sys32_pwrite64") ? { // $count, ($poshi << 32) + $poslo) // %: // buf_uaddr = $buf - // argstr = sprintf("%d, %s, %d, %d", $fd, + // argstr = sprintf("%d, %s, %d, %d", $fd, // text_strn(user_string($buf),syscall_string_trunc,1), // $count, ($poshi << 32) + $poslo) // %) @@ -611,7 +611,7 @@ probe nd_syscall.pwrite32 = kprobe.function("sys32_pwrite64") ? { buf_uaddr = pointer_arg(2) count = ulong_arg(3) offset = (u32_arg(4) << 32) + u32_arg(5) - argstr = sprintf("%d, %s, %d, %d", fd, + argstr = sprintf("%d, %s, %d, %d", fd, text_strn(user_string(buf_uaddr),syscall_string_trunc,1), count, offset) } @@ -697,7 +697,7 @@ probe nd_syscall.readahead.return = kprobe.function("sys_readahead").return { # # long compat_sys_old_readdir(unsigned int fd, struct compat_old_linux_dirent __user *dirent, unsigned int count) # int old32_readdir(unsigned int fd, struct old_linux_dirent32 *dirent, unsigned int count) -# +# probe nd_syscall.readdir = kprobe.function("compat_sys_old_readdir") ?, kprobe.function("old32_readdir") ? @@ -726,13 +726,13 @@ probe nd_syscall.readlink = kprobe.function("sys_readlink") { // path = user_string($path) // buf_uaddr = $buf // bufsiz = $bufsiz - // argstr = sprintf("%s, %p, %d", user_string_quoted($path), + // argstr = sprintf("%s, %p, %d", user_string_quoted($path), // $buf, $bufsiz) asmlinkage() path = user_string(pointer_arg(1)) buf_uaddr = pointer_arg(2) bufsiz = int_arg(3) - argstr = sprintf("%s, %p, %d", user_string_quoted(pointer_arg(1)), + argstr = sprintf("%s, %p, %d", user_string_quoted(pointer_arg(1)), buf_uaddr, bufsiz) } probe nd_syscall.readlink.return = kprobe.function("sys_readlink").return { @@ -752,14 +752,14 @@ probe nd_syscall.readlinkat = kprobe.function("sys_readlinkat") ? { // path = user_string($path) // buf_uaddr = $buf // bufsiz = $bufsiz - // argstr = sprintf("%s, %s, %p, %d", _dfd_str($dfd), user_string_quoted($path), + // argstr = sprintf("%s, %s, %p, %d", _dfd_str($dfd), user_string_quoted($path), // $buf, $bufsiz) asmlinkage() dfd = int_arg(1) path = user_string(pointer_arg(2)) buf_uaddr = pointer_arg(3) bufsiz = int_arg(4) - argstr = sprintf("%s, %s, %p, %d", _dfd_str(dfd), user_string_quoted(pointer_arg(2)), + argstr = sprintf("%s, %s, %p, %d", _dfd_str(dfd), user_string_quoted(pointer_arg(2)), buf_uaddr, bufsiz) } probe nd_syscall.readlinkat.return = kprobe.function("sys_readlinkat").return ? { @@ -772,11 +772,11 @@ probe nd_syscall.readlinkat.return = kprobe.function("sys_readlinkat").return ? # ssize_t sys_readv(unsigned long fd, # const struct iovec __user *vec, # unsigned long vlen) -# ssize_t compat_sys_readv(unsigned long fd, -# const struct compat_iovec __user *vec, +# ssize_t compat_sys_readv(unsigned long fd, +# const struct compat_iovec __user *vec, # unsigned long vlen) # -probe nd_syscall.readv = +probe nd_syscall.readv = kprobe.function("sys_readv"), kprobe.function("compat_sys_readv") ? { @@ -796,7 +796,7 @@ probe nd_syscall.readv = fd = ulong_arg(1) argstr = sprintf("%d, %p, %d", fd, vector_uaddr, count) } -probe nd_syscall.readv.return = +probe nd_syscall.readv.return = kprobe.function("sys_readv").return, kprobe.function("compat_sys_readv").return ? { @@ -851,7 +851,7 @@ probe nd_syscall.recv = kprobe.function("sys_recv") ? { // flags_str = _recvflags_str($flags) // argstr = sprintf("%d, %p, %d, %s", $fd, $ubuf, $size, _recvflags_str($flags)) asmlinkage() - s = int_arg(1) + s = int_arg(1) buf_uaddr = pointer_arg(2) len = ulong_arg(3) flags = uint_arg(4) @@ -990,12 +990,12 @@ probe nd_syscall.removexattr = kprobe.function("sys_removexattr") { name = "removexattr" // path = user_string($path) // name_str = user_string($name) - // argstr = sprintf("%s, %s", user_string_quoted($path), + // argstr = sprintf("%s, %s", user_string_quoted($path), // user_string_quoted($name)) asmlinkage() path = user_string(pointer_arg(1)) name_str = user_string(pointer_arg(2)) - argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), + argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), user_string_quoted(pointer_arg(2))) } probe nd_syscall.removexattr.return = kprobe.function("sys_removexattr").return { @@ -1012,12 +1012,12 @@ probe nd_syscall.rename = kprobe.function("sys_rename") { name = "rename" // oldpath = user_string($oldname) // newpath = user_string($newname) - // argstr = sprintf("%s, %s", user_string_quoted($oldname), + // argstr = sprintf("%s, %s", user_string_quoted($oldname), // user_string_quoted($newname)) asmlinkage() oldpath = user_string(pointer_arg(1)) newpath = user_string(pointer_arg(2)) - argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), + argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), user_string_quoted(pointer_arg(2))) } probe nd_syscall.rename.return = kprobe.function("sys_rename").return { @@ -1113,14 +1113,14 @@ probe nd_syscall.rt_sigaction.return = kprobe.function("sys_rt_sigaction").retur } # -# long sys32_rt_sigaction(int sig, +# long sys32_rt_sigaction(int sig, # struct sigaction32 __user *act, -# struct sigaction32 __user *oact, +# struct sigaction32 __user *oact, # unsigned int sigsetsize) # ppc only -# compat_sys_rt_sigaction(int sig, +# compat_sys_rt_sigaction(int sig, # const struct sigaction32 __user *act, -# struct sigaction32 __user *oact, +# struct sigaction32 __user *oact, # size_t sigsetsize) probe nd_syscall.rt_sigaction32 = kprobe.function("sys32_rt_sigaction") ?, @@ -1133,7 +1133,7 @@ probe nd_syscall.rt_sigaction32 = kprobe.function("sys32_rt_sigaction") ?, // sigsetsize = $sigsetsize // argstr = sprintf("%s, %p, %p, %d", _signal_name($sig), $act, $oact, $sigsetsize) asmlinkage() - sig = int_arg(1) + sig = int_arg(1) act_uaddr = pointer_arg(2) oact_uaddr = pointer_arg(3) sigsetsize = uint_arg(4) @@ -1170,7 +1170,7 @@ probe nd_syscall.rt_sigpending.return = kprobe.function("sys_rt_sigpending").ret # long compat_sys_rt_sigprocmask(int how, compat_sigset_t __user *set, compat_sigset_t __user *oset, compat_size_t sigsetsize) # long sys_rt_sigprocmask(int how, sigset_t __user *set, sigset_t __user *oset, size_t sigsetsize) # -probe nd_syscall.rt_sigprocmask = +probe nd_syscall.rt_sigprocmask = kprobe.function("sys32_rt_sigprocmask") ?, kprobe.function("compat_sys_rt_sigprocmask") ?, kprobe.function("sys_rt_sigprocmask") ? @@ -1184,14 +1184,14 @@ probe nd_syscall.rt_sigprocmask = // $oset, $sigsetsize) if (probefunc() != "compat_sys_rt_sigprocmask") asmlinkage() - how = int_arg(1) + how = int_arg(1) how_str = _sigprocmask_how_str(how) set_uaddr = pointer_arg(2) oldset_uaddr = pointer_arg(3) argstr = sprintf("%s, [%s], %p, %d", how_str, _stp_sigset_u(set_uaddr), oldset_uaddr, uint_arg(4)) } -probe nd_syscall.rt_sigprocmask.return = +probe nd_syscall.rt_sigprocmask.return = kprobe.function("sys32_rt_sigprocmask").return ?, kprobe.function("compat_sys_rt_sigprocmask").return ?, kprobe.function("sys_rt_sigprocmask").return ? @@ -1225,16 +1225,16 @@ probe nd_syscall.rt_sigqueueinfo.return = # rt_sigreturn _______________________________________________ # int sys_rt_sigreturn(unsigned long __unused) # -probe nd_syscall.rt_sigreturn = +probe nd_syscall.rt_sigreturn = kprobe.function("sys_rt_sigreturn") ?, - kprobe.function("sys32_rt_sigreturn") ? + kprobe.function("sys32_rt_sigreturn") ? { name = "rt_sigreturn" argstr = "" } -probe nd_syscall.rt_sigreturn.return = +probe nd_syscall.rt_sigreturn.return = kprobe.function("sys_rt_sigreturn").return ?, - kprobe.function("sys32_rt_sigreturn").return ? + kprobe.function("sys32_rt_sigreturn").return ? { name = "rt_sigreturn" retstr = returnstr(1) @@ -1244,7 +1244,7 @@ probe nd_syscall.rt_sigreturn.return = # # sys_rt_sigsuspend(struct pt_regs regs) # -probe nd_syscall.rt_sigsuspend = +probe nd_syscall.rt_sigsuspend = kprobe.function("sys_rt_sigsuspend") ?, kprobe.function("compat_sys_rt_sigsuspend") ?, kprobe.function("ia64_rt_sigsuspend") ? @@ -1252,7 +1252,7 @@ probe nd_syscall.rt_sigsuspend = name = "rt_sigsuspend" argstr = "" } -probe nd_syscall.rt_sigsuspend.return = +probe nd_syscall.rt_sigsuspend.return = kprobe.function("sys_rt_sigsuspend").return ?, kprobe.function("compat_sys_rt_sigsuspend").return ?, kprobe.function("ia64_rt_sigsuspend").return ? @@ -1313,7 +1313,7 @@ probe nd_syscall.sched_getaffinity = kprobe.function("sys_sched_getaffinity") { // mask_uaddr = $user_mask_ptr asmlinkage() pid = int_arg(1) - len = uint_arg(2) + len = uint_arg(2) mask_uaddr = pointer_arg(3) argstr = sprintf("%d, %p, %p", pid, len, mask_uaddr) } @@ -1527,16 +1527,16 @@ probe nd_syscall.select = kprobe.function("sys_select") { writefds_uaddr = pointer_arg(3) exceptfds_uaddr = pointer_arg(4) timeout_uaddr = pointer_arg(5) - argstr = sprintf("%d, %p, %p, %p, %s", n, readfds_uaddr, writefds_uaddr, + argstr = sprintf("%d, %p, %p, %p, %s", n, readfds_uaddr, writefds_uaddr, exceptfds_uaddr, _struct_timeval_u(timeout_uaddr, 1)) } probe nd_syscall.select.return = kprobe.function("sys_select").return { name = "select" retstr = returnstr(1) } -# long compat_sys_select(int n, +# long compat_sys_select(int n, # compat_ulong_t __user *inp, -# compat_ulong_t __user *outp, +# compat_ulong_t __user *outp, # compat_ulong_t __user *exp, # struct compat_timeval __user *tvp) # @@ -1555,7 +1555,7 @@ probe nd_syscall.compat_select = kprobe.function("compat_sys_select") ? { writefds_uaddr = pointer_arg(3) exceptfds_uaddr = pointer_arg(4) timeout_uaddr = pointer_arg(5) - argstr = sprintf("%d, %p, %p, %p, %s", n, readfds_uaddr, writefds_uaddr, + argstr = sprintf("%d, %p, %p, %p, %s", n, readfds_uaddr, writefds_uaddr, exceptfds_uaddr, _struct_timeval_u(timeout_uaddr, 1)) } probe nd_syscall.compat_select.return = kprobe.function("compat_sys_select").return ? { @@ -1685,8 +1685,8 @@ probe nd_syscall.compat_sys_semtimedop = kprobe.function("compat_sys_semtimedop" // timeout_uaddr = $timeout // argstr = sprintf("%d, %p, %d, %s", $semid, $tsems, $nsops, // _struct_compat_timespec_u($timeout,1)) - // no asmlinkage - semid = int_arg(1) + // no asmlinkage + semid = int_arg(1) sops_uaddr = pointer_arg(2) nsops = uint_arg(3) timeout_uaddr = pointer_arg(4) @@ -1865,7 +1865,7 @@ probe nd_syscall.setdomainname.return = # long sys_setfsgid(gid_t gid) # long sys_setfsgid16(old_gid_t gid) # -probe nd_syscall.setfsgid = +probe nd_syscall.setfsgid = kprobe.function("sys_setfsgid") ?, kprobe.function("sys_setfsgid16") ? { @@ -1876,7 +1876,7 @@ probe nd_syscall.setfsgid = fsgid = uint_arg(1) argstr = sprint(fsgid) } -probe nd_syscall.setfsgid.return = +probe nd_syscall.setfsgid.return = kprobe.function("sys_setfsgid").return ?, kprobe.function("sys_setfsgid16").return ? { @@ -1888,7 +1888,7 @@ probe nd_syscall.setfsgid.return = # long sys_setfsuid(uid_t uid) # long sys_setfsuid16(old_uid_t uid) # -probe nd_syscall.setfsuid = +probe nd_syscall.setfsuid = kprobe.function("sys_setfsuid") ?, kprobe.function("sys_setfsuid16") ? { @@ -1899,7 +1899,7 @@ probe nd_syscall.setfsuid = fsuid = uint_arg(1) argstr = sprint(fsuid) } -probe nd_syscall.setfsuid.return = +probe nd_syscall.setfsuid.return = kprobe.function("sys_setfsuid").return ?, kprobe.function("sys_setfsuid16").return ? { @@ -1912,8 +1912,8 @@ probe nd_syscall.setfsuid.return = # long sys_setgid(gid_t gid) # long sys_setgid16(old_gid_t gid) # -probe nd_syscall.setgid = - kprobe.function("sys_setgid") ?, +probe nd_syscall.setgid = + kprobe.function("sys_setgid") ?, kprobe.function("sys_setgid16") ? { name = "setgid" @@ -1923,7 +1923,7 @@ probe nd_syscall.setgid = gid = uint_arg(1) argstr = sprint(gid) } -probe nd_syscall.setgid.return = +probe nd_syscall.setgid.return = kprobe.function("sys_setgid").return ?, kprobe.function("sys_setgid16").return ? { @@ -1937,7 +1937,7 @@ probe nd_syscall.setgid.return = # long sys_setgroups16(int gidsetsize, old_gid_t __user *grouplist) # long sys32_setgroups16(int gidsetsize, u16 __user *grouplist) # -probe nd_syscall.setgroups = +probe nd_syscall.setgroups = kprobe.function("sys_setgroups") ?, kprobe.function("sys_setgroups16") ?, kprobe.function("sys32_setgroups16") ? @@ -1947,11 +1947,11 @@ probe nd_syscall.setgroups = // list_uaddr = $grouplist // argstr = sprintf("%d, %p", $gidsetsize, $grouplist) asmlinkage() - size = int_arg(1) + size = int_arg(1) list_uaddr = pointer_arg(2) argstr = sprintf("%d, %p", size, list_uaddr) } -probe nd_syscall.setgroups.return = +probe nd_syscall.setgroups.return = kprobe.function("sys_setgroups").return ?, kprobe.function("sys_setgroups16").return ?, kprobe.function("sys32_setgroups16").return ? @@ -1993,13 +1993,13 @@ probe nd_syscall.setitimer = kprobe.function("sys_setitimer") { // which = $which // value_uaddr = $value // ovalue_uaddr = $ovalue - // argstr = sprintf("%s, %s, %p", _itimer_which_str($which), + // argstr = sprintf("%s, %s, %p", _itimer_which_str($which), // _struct_itimerval_u($value), $ovalue) asmlinkage() which = int_arg(1) value_uaddr = pointer_arg(2) ovalue_uaddr = pointer_arg(3) - argstr = sprintf("%s, %s, %p", _itimer_which_str(which), + argstr = sprintf("%s, %s, %p", _itimer_which_str(which), _struct_itimerval_u(value_uaddr), ovalue_uaddr) } probe nd_syscall.setitimer.return = kprobe.function("sys_setitimer").return { @@ -2016,13 +2016,13 @@ probe nd_syscall.compat_setitimer = kprobe.function("compat_sys_setitimer") ? { // which = $which // value_uaddr = $in // ovalue_uaddr = $out - // argstr = sprintf("%s, %s, %p", _itimer_which_str($which), + // argstr = sprintf("%s, %s, %p", _itimer_which_str($which), // _struct_compat_itimerval_u($in), $out) asmlinkage() which = int_arg(1) value_uaddr = pointer_arg(2) ovalue_uaddr = pointer_arg(3) - argstr = sprintf("%s, %s, %p", _itimer_which_str(which), + argstr = sprintf("%s, %s, %p", _itimer_which_str(which), _struct_compat_itimerval_u(value_uaddr), ovalue_uaddr) } probe nd_syscall.compat_setitimer.return = kprobe.function("compat_sys_setitimer").return ? { @@ -2291,7 +2291,7 @@ probe nd_syscall.setsid.return = kprobe.function("sys_setsid").return { # char __user *optval, # int optlen) # -probe nd_syscall.setsockopt = +probe nd_syscall.setsockopt = kprobe.function("sys_setsockopt") ?, kprobe.function("compat_sys_setsockopt") ? { @@ -2364,7 +2364,7 @@ probe nd_syscall.settimeofday.return = kprobe.function("sys_settimeofday").retur # long sys32_settimeofday(struct compat_timeval __user *tv, struct timezone __user *tz) # long compat_sys_settimeofday(struct compat_timeval __user *tv, struct timezone __user *tz) # -probe nd_syscall.settimeofday32 = +probe nd_syscall.settimeofday32 = kprobe.function("sys32_settimeofday") ?, kprobe.function("compat_sys_settimeofday") ? { @@ -2377,8 +2377,8 @@ probe nd_syscall.settimeofday32 = tz_uaddr = pointer_arg(2) argstr = sprintf("%s, %s", _struct_compat_timeval_u(tv_uaddr, 1),_struct_timezone_u(tz_uaddr)) } -probe nd_syscall.settimeofday32.return = - kprobe.function("sys32_settimeofday").return ?, +probe nd_syscall.settimeofday32.return = + kprobe.function("sys32_settimeofday").return ?, kprobe.function("compat_sys_settimeofday").return ? { name = "settimeofday" @@ -2425,8 +2425,8 @@ probe nd_syscall.setxattr = kprobe.function("sys_setxattr") { // value_uaddr = $value // size = $size // flags = $flags - // argstr = sprintf("%s, %s, %p, %d, %d", - // user_string_quoted($path), + // argstr = sprintf("%s, %s, %p, %d, %d", + // user_string_quoted($path), // user_string_quoted($name), // value_uaddr, $size, $flags) asmlinkage() @@ -2437,8 +2437,8 @@ probe nd_syscall.setxattr = kprobe.function("sys_setxattr") { value_uaddr = pointer_arg(3) size = ulong_arg(4) flags = int_arg(5) - argstr = sprintf("%s, %s, %p, %d, %d", - user_string_quoted(path_uaddr), + argstr = sprintf("%s, %s, %p, %d, %d", + user_string_quoted(path_uaddr), user_string_quoted(name_uaddr), value_uaddr, size, flags) } @@ -2464,7 +2464,7 @@ probe nd_syscall.sgetmask.return = kprobe.function("sys_sgetmask").return ? { # long sys_shmat(int shmid, char __user *shmaddr, int shmflg) # probe nd_syscall.shmat = kprobe.function("sys_shmat") ? { - name = "shmat" + name = "shmat" // shmid = $shmid // shmaddr_uaddr = $shmaddr // shmflg = $shmflg @@ -2730,14 +2730,14 @@ probe nd_syscall.sigprocmask.return = kprobe.function("sys_sigprocmask").return # sigreturn __________________________________________________ # int sys_sigreturn(unsigned long __unused) # -probe nd_syscall.sigreturn = +probe nd_syscall.sigreturn = kprobe.function("sys_sigreturn") ?, kprobe.function("sys32_sigreturn") ? { name = "sigreturn" argstr = "" } -probe nd_syscall.sigreturn.return = +probe nd_syscall.sigreturn.return = kprobe.function("sys_sigreturn").return ?, kprobe.function("sys32_sigreturn").return ? { @@ -2746,7 +2746,7 @@ probe nd_syscall.sigreturn.return = } # sigsuspend _________________________________________________ -# +# probe nd_syscall.sigsuspend = kprobe.function("sys_sigsuspend") ?, kprobe.function("sys32_sigsuspend") ? @@ -2814,7 +2814,7 @@ probe nd_syscall.socketpair = kprobe.function("sys_socketpair") ? { // type = $type // protocol = $protocol // sv_uaddr = $usockvec - // argstr = sprintf("%s, %s, %d, %p", + // argstr = sprintf("%s, %s, %d, %p", // _sock_family_str($family), // _sock_type_str($type), // $protocol, sv_uaddr) @@ -2823,7 +2823,7 @@ probe nd_syscall.socketpair = kprobe.function("sys_socketpair") ? { type = int_arg(2) protocol = int_arg(3) sv_uaddr = pointer_arg(4) - argstr = sprintf("%s, %s, %d, %p", + argstr = sprintf("%s, %s, %d, %p", _sock_family_str(family), _sock_type_str(type), protocol, sv_uaddr) @@ -2875,8 +2875,8 @@ probe nd_syscall.ssetmask.return = kprobe.function("sys_ssetmask").return ? { # long sys_stat64(char __user * filename, struct stat64 __user * statbuf) # long sys_oabi_stat64(char __user * filename, struct oldabi_stat64 __user * statbuf) # long compat_sys_newstat(char __user * filename, struct compat_stat __user *statbuf) -probe nd_syscall.stat = - kprobe.function("sys_stat") ?, +probe nd_syscall.stat = + kprobe.function("sys_stat") ?, kprobe.function("sys_newstat") ?, kprobe.function("sys32_stat64") ?, kprobe.function("sys_stat64") ?, @@ -2894,13 +2894,13 @@ probe nd_syscall.stat = buf_uaddr = pointer_arg(2) argstr = sprintf("%s, %p", user_string_quoted(filename_uaddr), buf_uaddr) } -probe nd_syscall.stat.return = - kprobe.function("sys_stat").return ?, +probe nd_syscall.stat.return = + kprobe.function("sys_stat").return ?, kprobe.function("sys_newstat").return ?, kprobe.function("sys32_stat64").return ?, kprobe.function("sys_stat64").return ?, kprobe.function("sys_oabi_stat64").return ?, - kprobe.function("compat_sys_newstat").return ? + kprobe.function("compat_sys_newstat").return ? { name = "stat" retstr = returnstr(1) @@ -2910,7 +2910,7 @@ probe nd_syscall.stat.return = # long sys_statfs(const char __user * path, struct statfs __user * buf) # long compat_sys_statfs(const char __user *path, struct compat_statfs __user *buf) # -probe nd_syscall.statfs = +probe nd_syscall.statfs = kprobe.function("sys_statfs"), kprobe.function("compat_sys_statfs") ? { @@ -2923,7 +2923,7 @@ probe nd_syscall.statfs = buf_uaddr = pointer_arg(2) argstr = sprintf("%s, %p", user_string_quoted(pointer_arg(1)), buf_uaddr) } -probe nd_syscall.statfs.return = +probe nd_syscall.statfs.return = kprobe.function("sys_statfs").return, kprobe.function("compat_sys_statfs").return ? { @@ -2964,19 +2964,19 @@ probe nd_syscall.statfs64.return = # long sys_stime(time_t __user *tptr) # long compat_sys_stime(compat_time_t __user *tptr) # -probe nd_syscall.stime = +probe nd_syscall.stime = kprobe.function("sys_stime") ?, kprobe.function("compat_sys_stime") ? { name = "stime" // t_uaddr = $tptr - /* FIXME. Decode time */ + /* FIXME. Decode time */ // argstr = sprintf("%p", $tptr) asmlinkage() - t_uaddr = pointer_arg(1) + t_uaddr = pointer_arg(1) argstr = sprintf("%p", t_uaddr) } -probe nd_syscall.stime.return = +probe nd_syscall.stime.return = kprobe.function("sys_stime").return ?, kprobe.function("compat_sys_stime").return ? { @@ -3127,7 +3127,7 @@ probe nd_syscall.sysfs = kprobe.function("sys_sysfs") { // else // argstr = sprintf("%d, %d, %d", $option, $arg1, $arg2) asmlinkage() - option = int_arg(1) + option = int_arg(1) arg1 = ulong_arg(2) arg2 = ulong_arg(3) if (option == 1) @@ -3145,7 +3145,7 @@ probe nd_syscall.sysfs.return = kprobe.function("sys_sysfs").return { # # long sys_sysinfo(struct sysinfo __user *info) # long compat_sys_sysinfo(struct compat_sysinfo __user *info) -probe nd_syscall.sysinfo = +probe nd_syscall.sysinfo = kprobe.function("sys_sysinfo"), kprobe.function("compat_sys_sysinfo") ? { @@ -3156,7 +3156,7 @@ probe nd_syscall.sysinfo = info_uaddr = pointer_arg(1) argstr = sprintf("%p", info_uaddr) } -probe nd_syscall.sysinfo.return = +probe nd_syscall.sysinfo.return = kprobe.function("sys_sysinfo").return, kprobe.function("compat_sys_sysinfo").return ? { @@ -3230,7 +3230,7 @@ probe nd_syscall.tgkill.return = kprobe.function("sys_tgkill").return { # long sys32_time(compat_time_t __user * tloc) # long compat_sys_time(compat_time_t __user * tloc) # -probe nd_syscall.time = +probe nd_syscall.time = kprobe.function("sys_time")?, kprobe.function("sys32_time") ?, kprobe.function("sys_time64") ?, @@ -3243,7 +3243,7 @@ probe nd_syscall.time = t_uaddr = pointer_arg(1) argstr = sprintf("%p", t_uaddr) } -probe nd_syscall.time.return = +probe nd_syscall.time.return = kprobe.function("sys_time").return?, kprobe.function("sys32_time").return ?, kprobe.function("sys_time64").return ?, @@ -3394,16 +3394,16 @@ probe nd_syscall.timerfd.return = # # long sys_times(struct tms __user * tbuf) # long compat_sys_times(struct compat_tms __user *tbuf) -probe nd_syscall.times = +probe nd_syscall.times = kprobe.function("sys_times") ?, kprobe.function("compat_sys_times") ? { name = "times" - // argstr = sprintf("%p", $tbuf) - asmlinkage() - argstr = sprintf("%p", pointer_arg(1)) + // argstr = sprintf("%p", $tbuf) + asmlinkage() + argstr = sprintf("%p", pointer_arg(1)) } -probe nd_syscall.times.return = +probe nd_syscall.times.return = kprobe.function("sys_times").return ?, kprobe.function("compat_sys_times").return ? { @@ -3519,7 +3519,7 @@ probe nd_syscall.umount.return = kprobe.function("sys_umount").return { # int sys32_olduname(struct oldold_utsname __user * name) # long sys32_uname(struct old_utsname __user * name) # -probe nd_syscall.uname = +probe nd_syscall.uname = kprobe.function("sys_uname") ?, kprobe.function("sys_olduname") ?, kprobe.function("sys32_olduname") ?, @@ -3534,11 +3534,11 @@ probe nd_syscall.uname = %( arch != "ppc64" %? asmlinkage() %) } else asmlinkage() - } + } argstr = sprintf("%p", pointer_arg(1)) } -probe nd_syscall.uname.return = +probe nd_syscall.uname.return = kprobe.function("sys_uname").return ?, kprobe.function("sys_olduname").return ?, kprobe.function("sys32_olduname").return ?, @@ -3604,14 +3604,14 @@ probe nd_syscall.ustat32 = kprobe.function("sys32_ustat") ? { name = "ustat" // dev = $dev // argstr = sprintf("%d, %p", $dev, $u32p) - // no asmlinkage + // no asmlinkage dev = uint_arg(1) argstr = sprintf("%d, %p", dev, pointer_arg(2)) } -probe nd_syscall.ustat.return = +probe nd_syscall.ustat.return = kprobe.function("sys_ustat").return, - kprobe.function("sys32_ustat").return ? + kprobe.function("sys32_ustat").return ? { name = "ustat" retstr = returnstr(1) @@ -3661,13 +3661,13 @@ probe nd_syscall.utimes = kprobe.function("sys_utimes") { // filename_uaddr = $filename // filename = user_string($filename) // tvp_uaddr = $utimes - // argstr = sprintf("%s, %s", user_string_quoted($filename), + // argstr = sprintf("%s, %s", user_string_quoted($filename), // _struct_timeval_u($utimes, 2)) asmlinkage() filename_uaddr = pointer_arg(1) filename = user_string(filename_uaddr) tvp_uaddr = pointer_arg(2) - argstr = sprintf("%s, %s", user_string_quoted(filename_uaddr), + argstr = sprintf("%s, %s", user_string_quoted(filename_uaddr), _struct_timeval_u(tvp_uaddr, 2)) } probe nd_syscall.utimes.return = kprobe.function("sys_utimes").return { @@ -3696,13 +3696,13 @@ probe nd_syscall.compat_sys_utimes.return = kprobe.function("compat_sys_utimes") # utimensat ____________________________________________________ # long sys_utimensat(int dfd, char __user *filename, struct timespec __user *utimes, int flags) # long compat_sys_utimensat(unsigned int dfd, char __user *filename, struct compat_timespec __user *t, int flags) -# +# probe nd_syscall.utimensat = kprobe.function("sys_utimensat") ? { name = "utimensat" // argstr = sprintf("%s, %s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), _struct_timespec_u($utimes,2), // _at_flag_str($flags)) asmlinkage() - argstr = sprintf("%s, %s, %s, %s", _dfd_str(int_arg(1)), user_string_quoted(pointer_arg(2)), + argstr = sprintf("%s, %s, %s, %s", _dfd_str(int_arg(1)), user_string_quoted(pointer_arg(2)), _struct_timespec_u(pointer_arg(3),2), _at_flag_str(int_arg(4))) } probe nd_syscall.compat_utimensat = kprobe.function("compat_sys_utimensat") ? { @@ -3782,7 +3782,7 @@ probe nd_syscall.wait4 = kprobe.function("sys_wait4") { // %( kernel_vr >= "2.6.25" %? $upid %: $pid%), // $stat_addr,_wait4_opt_str($options), $ru) asmlinkage() - pid = int_arg(1) + pid = int_arg(1) status_uaddr = pointer_arg(2) options = int_arg(3) options_str = _wait4_opt_str(options) @@ -3882,18 +3882,18 @@ probe nd_syscall.write.return = kprobe.function("sys_write").return { # ssize_t sys_writev(unsigned long fd, # const struct iovec __user *vec, # unsigned long vlen) -# ssize_t compat_sys_writev(unsigned long fd, -# const struct compat_iovec __user *vec, +# ssize_t compat_sys_writev(unsigned long fd, +# const struct compat_iovec __user *vec, # unsigned long vlen) # -probe nd_syscall.writev = +probe nd_syscall.writev = kprobe.function("sys_writev"), kprobe.function("compat_sys_writev") ? { name = "writev" // vector_uaddr = $vec // count = $vlen -/* FIXME: RHEL4 U3 ppc64 can't resolve $fd */ +/* FIXME: RHEL4 U3 ppc64 can't resolve $fd */ // %( arch != "ppc64" %? // fd = $fd // argstr = sprintf("%d, %p, %d", $fd, $vec, $vlen) @@ -3907,8 +3907,8 @@ probe nd_syscall.writev = argstr = sprintf("%d, %p, %d", fd, vector_uaddr, count) } -probe nd_syscall.writev.return = - kprobe.function("sys_writev").return, +probe nd_syscall.writev.return = + kprobe.function("sys_writev").return, kprobe.function("compat_sys_writev").return ? { name = "writev" -- cgit From 441f742ff94d79f638d52354475bf934e230d88a Mon Sep 17 00:00:00 2001 From: Josh Stone Date: Fri, 29 May 2009 16:25:19 -0700 Subject: Clean up nd_syscalls2 formatting This applies some of the formatting rules specified in c0c1ccc. --- tapset/nd_syscalls2.stp | 1342 +++++++++++++++++++++++++++-------------------- 1 file changed, 786 insertions(+), 556 deletions(-) (limited to 'tapset') diff --git a/tapset/nd_syscalls2.stp b/tapset/nd_syscalls2.stp index 33ffe11d..33722d0e 100644 --- a/tapset/nd_syscalls2.stp +++ b/tapset/nd_syscalls2.stp @@ -28,31 +28,35 @@ # long compat_sys_nanosleep(struct compat_timespec __user *rqtp, # struct compat_timespec __user *rmtp) # -probe nd_syscall.nanosleep = kprobe.function("sys_nanosleep") { +probe nd_syscall.nanosleep = kprobe.function("sys_nanosleep") +{ name = "nanosleep" // req_uaddr = $rqtp // rem_uaddr = $rmtp - // argstr = sprintf("%s, %p", _struct_timespec_u($rqtp,1), $rmtp) + // argstr = sprintf("%s, %p", _struct_timespec_u($rqtp, 1), $rmtp) asmlinkage() req_uaddr = pointer_arg(1) rem_uaddr = pointer_arg(2) - argstr = sprintf("%s, %p", _struct_timespec_u(req_uaddr,1), rem_uaddr) + argstr = sprintf("%s, %p", _struct_timespec_u(req_uaddr, 1), rem_uaddr) } -probe nd_syscall.nanosleep.return = kprobe.function("sys_nanosleep").return { +probe nd_syscall.nanosleep.return = kprobe.function("sys_nanosleep").return +{ name = "nanosleep" retstr = returnstr(1) } -probe nd_syscall.compat_nanosleep = kprobe.function("compat_sys_nanosleep") ? { +probe nd_syscall.compat_nanosleep = kprobe.function("compat_sys_nanosleep") ? +{ name = "nanosleep" // req_uaddr = $rqtp // rem_uaddr = $rmtp - // argstr = sprintf("%s, %p", _struct_compat_timespec_u($rqtp,1), $rmtp) + // argstr = sprintf("%s, %p", _struct_compat_timespec_u($rqtp, 1), $rmtp) asmlinkage() req_uaddr = pointer_arg(1) rem_uaddr = pointer_arg(2) - argstr = sprintf("%s, %p", _struct_compat_timespec_u(req_uaddr,1), rem_uaddr) + argstr = sprintf("%s, %p", _struct_compat_timespec_u(req_uaddr, 1), rem_uaddr) } -probe nd_syscall.compat_nanosleep.return = kprobe.function("compat_sys_nanosleep").return ? { +probe nd_syscall.compat_nanosleep.return = kprobe.function("compat_sys_nanosleep").return ? +{ name = "nanosleep" retstr = returnstr(1) } @@ -63,9 +67,8 @@ probe nd_syscall.compat_nanosleep.return = kprobe.function("compat_sys_nanosleep # long compat_sys_nfsservctl(int cmd, struct compat_nfsctl_arg __user *arg, # union compat_nfsctl_res __user *res) # -probe nd_syscall.nfsservctl = - kprobe.function("sys_nfsservctl") ?, - kprobe.function("compat_sys_nfsservctl") ? +probe nd_syscall.nfsservctl = kprobe.function("sys_nfsservctl") ?, + kprobe.function("compat_sys_nfsservctl") ? { name = "nfsservctl" // cmd = $cmd @@ -78,9 +81,8 @@ probe nd_syscall.nfsservctl = resp_uaddr = pointer_arg(3) argstr = sprintf("%s, %p, %p", _nfsctl_cmd_str(cmd), argp_uaddr, resp_uaddr) } -probe nd_syscall.nfsservctl.return = - kprobe.function("sys_nfsservctl").return ?, - kprobe.function("compat_sys_nfsservctl").return ? +probe nd_syscall.nfsservctl.return = kprobe.function("sys_nfsservctl").return ?, + kprobe.function("compat_sys_nfsservctl").return ? { name = "nfsservctl" retstr = returnstr(1) @@ -89,7 +91,8 @@ probe nd_syscall.nfsservctl.return = # nice _______________________________________________________ # long sys_nice(int increment) # -probe nd_syscall.nice = kprobe.function("sys_nice") ? { +probe nd_syscall.nice = kprobe.function("sys_nice") ? +{ name = "nice" // inc = $increment // argstr = sprintf("%d", $increment) @@ -97,7 +100,8 @@ probe nd_syscall.nice = kprobe.function("sys_nice") ? { inc = int_arg(1) argstr = sprintf("%d", inc) } -probe nd_syscall.nice.return = kprobe.function("sys_nice").return ? { +probe nd_syscall.nice.return = kprobe.function("sys_nice").return ? +{ name = "nice" retstr = returnstr(1) } @@ -106,11 +110,13 @@ probe nd_syscall.nice.return = kprobe.function("sys_nice").return ? { # # long sys_ni_syscall(void) # -probe nd_syscall.ni_syscall = kprobe.function("sys_ni_syscall") { +probe nd_syscall.ni_syscall = kprobe.function("sys_ni_syscall") +{ name = "ni_syscall" argstr = "" } -probe nd_syscall.ni_syscall.return = kprobe.function("sys_ni_syscall").return { +probe nd_syscall.ni_syscall.return = kprobe.function("sys_ni_syscall").return +{ name = "ni_syscall" retstr = returnstr(1) } @@ -119,10 +125,9 @@ probe nd_syscall.ni_syscall.return = kprobe.function("sys_ni_syscall").return { # long sys_open(const char __user * filename, int flags, int mode) # (obsolete) long sys32_open(const char * filename, int flags, int mode) # -probe nd_syscall.open = - kprobe.function("sys_open") ?, - kprobe.function("compat_sys_open") ?, - kprobe.function("sys32_open") ? +probe nd_syscall.open = kprobe.function("sys_open") ?, + kprobe.function("compat_sys_open") ?, + kprobe.function("sys32_open") ? { name = "open" // filename = user_string($filename) @@ -145,10 +150,9 @@ probe nd_syscall.open = argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), _sys_open_flag_str(flags)) } -probe nd_syscall.open.return = - kprobe.function("sys_open").return ?, - kprobe.function("compat_sys_open").return ?, - kprobe.function("sys32_open").return ? +probe nd_syscall.open.return = kprobe.function("sys_open").return ?, + kprobe.function("compat_sys_open").return ?, + kprobe.function("sys32_open").return ? { name = "open" retstr = returnstr(1) @@ -158,9 +162,8 @@ probe nd_syscall.open.return = # long sys_openat(int dfd, const char __user *filename, int flags, int mode) # long compat_sys_openat(unsigned int dfd, const char __user *filename, int flags, int mode) # -probe nd_syscall.openat = - kprobe.function("sys_openat") ?, - kprobe.function("compat_sys_openat") ? +probe nd_syscall.openat = kprobe.function("sys_openat") ?, + kprobe.function("compat_sys_openat") ? { name = "openat" // filename = user_string($filename) @@ -187,9 +190,8 @@ probe nd_syscall.openat = user_string_quoted(pointer_arg(2)), _sys_open_flag_str(flags)) } -probe nd_syscall.openat.return = - kprobe.function("sys_openat").return ?, - kprobe.function("compat_sys_openat").return ? +probe nd_syscall.openat.return = kprobe.function("sys_openat").return ?, + kprobe.function("compat_sys_openat").return ? { name = "openat" retstr = returnstr(1) @@ -200,15 +202,15 @@ probe nd_syscall.openat.return = # sys_pause(void) # probe nd_syscall.pause = kprobe.function("sys_pause") ?, - kprobe.function("sys32_pause") ?, - kprobe.function("compat_sys_pause") ? + kprobe.function("sys32_pause") ?, + kprobe.function("compat_sys_pause") ? { name = "pause" argstr = "" } probe nd_syscall.pause.return = kprobe.function("sys_pause").return ?, - kprobe.function("sys32_pause").return ?, - kprobe.function("compat_sys_pause").return ? + kprobe.function("sys32_pause").return ?, + kprobe.function("compat_sys_pause").return ? { name = "pause" retstr = returnstr(1) @@ -222,17 +224,20 @@ probe nd_syscall.pause.return = kprobe.function("sys_pause").return ?, # unsigned long dfn) # # -#probe nd_syscall.pciconfig_iobase = kprobe.function("sys_pciconfig_iobase") { +#probe nd_syscall.pciconfig_iobase = kprobe.function("sys_pciconfig_iobase") +#{ # name = "pciconfig_iobase" # which = $which # bus = $bus # dfn = $dfn # argstr = sprintf("%p, %p, %p", which, bus, dfn) #} -#probe nd_syscall.pciconfig_iobase.return = kprobe.function("sys_pciconfig_iobase").return { +#probe nd_syscall.pciconfig_iobase.return = kprobe.function("sys_pciconfig_iobase").return +#{ # name = "pciconfig_iobase" # retstr = returnstr(1) #} + # pciconfig_read _____________________________________________ # # asmlinkage int @@ -244,7 +249,8 @@ probe nd_syscall.pause.return = kprobe.function("sys_pause").return ?, # { return 0; } # # -#probe nd_syscall.pciconfig_read = kprobe.function("sys_pciconfig_read") { +#probe nd_syscall.pciconfig_read = kprobe.function("sys_pciconfig_read") +#{ # name = "pciconfig_read" # bus = $bus # dfn = $dfn @@ -254,11 +260,12 @@ probe nd_syscall.pause.return = kprobe.function("sys_pause").return ?, # argstr = sprintf("%p, %p, %p, %d, %p", bus, dfn, off, # len, buf_uaddr) #} -#probe nd_syscall.pciconfig_read.return = -# kprobe.function("sys_pciconfig_read").return { +#probe nd_syscall.pciconfig_read.return = # kprobe.function("sys_pciconfig_read").return +#{ # name = "pciconfig_read" # retstr = returnstr(1) #} + # pciconfig_write ____________________________________________ # # asmlinkage int @@ -269,7 +276,8 @@ probe nd_syscall.pause.return = kprobe.function("sys_pause").return ?, # unsigned char *buf) # # -#probe nd_syscall.pciconfig_write = kprobe.function("sys_pciconfig_write") { +#probe nd_syscall.pciconfig_write = kprobe.function("sys_pciconfig_write") +#{ # name = "pciconfig_write" # bus = $bus # dfn = $dfn @@ -279,33 +287,38 @@ probe nd_syscall.pause.return = kprobe.function("sys_pause").return ?, # argstr = sprintf("%p, %p, %p, %d, %p", bus, dfn, off, # len, buf_uaddr) #} -#probe nd_syscall.pciconfig_write.return = -# kprobe.function("sys_pciconfig_write").return { +#probe nd_syscall.pciconfig_write.return = # kprobe.function("sys_pciconfig_write").return +#{ # name = "pciconfig_write" # retstr = returnstr(1) #} + # personality ________________________________________________ # # asmlinkage long # sys_personality(u_long personality) # -probe nd_syscall.personality = kprobe.function("sys_personality") { +probe nd_syscall.personality = kprobe.function("sys_personality") +{ name = "personality" // persona = $personality asmlinkage() persona = ulong_arg(1) argstr = sprintf("%p", persona); } -probe nd_syscall.personality.return = kprobe.function("sys_personality").return { +probe nd_syscall.personality.return = kprobe.function("sys_personality").return +{ name = "personality" retstr = returnstr(1) } + # pipe _______________________________________________________ # # asmlinkage int # sys_pipe(unsigned long __user * fildes) # -probe nd_syscall.pipe = kprobe.function("sys_pipe") { +probe nd_syscall.pipe = kprobe.function("sys_pipe") +{ name = "pipe" %( arch == "ia64" %? # ia64 just returns value directly, no fildes argument @@ -319,7 +332,8 @@ probe nd_syscall.pipe = kprobe.function("sys_pipe") { %) } -probe nd_syscall.pipe.return = kprobe.function("sys_pipe").return { +probe nd_syscall.pipe.return = kprobe.function("sys_pipe").return +{ name = "pipe" retstr = returnstr(1) } @@ -328,7 +342,8 @@ probe nd_syscall.pipe.return = kprobe.function("sys_pipe").return { # # long sys_pivot_root(const char __user *new_root, const char __user *put_old) # -probe nd_syscall.pivot_root = kprobe.function("sys_pivot_root") { +probe nd_syscall.pivot_root = kprobe.function("sys_pivot_root") +{ name = "pivot_root" // new_root_str = user_string($new_root) // old_root_str = user_string($put_old) @@ -340,7 +355,8 @@ probe nd_syscall.pivot_root = kprobe.function("sys_pivot_root") { argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), user_string_quoted(pointer_arg(2))) } -probe nd_syscall.pivot_root.return = kprobe.function("sys_pivot_root").return { +probe nd_syscall.pivot_root.return = kprobe.function("sys_pivot_root").return +{ name = "pivot_root" retstr = returnstr(1) } @@ -349,7 +365,8 @@ probe nd_syscall.pivot_root.return = kprobe.function("sys_pivot_root").return { # # long sys_poll(struct pollfd __user * ufds, unsigned int nfds, long timeout) # -probe nd_syscall.poll = kprobe.function("sys_poll") { +probe nd_syscall.poll = kprobe.function("sys_poll") +{ name = "poll" // ufds_uaddr = $ufds // nfds = $nfds @@ -361,7 +378,8 @@ probe nd_syscall.poll = kprobe.function("sys_poll") { timeout = long_arg(3) argstr = sprintf("%p, %d, %d", ufds_uaddr, nfds, timeout) } -probe nd_syscall.poll.return = kprobe.function("sys_poll").return { +probe nd_syscall.poll.return = kprobe.function("sys_poll").return +{ name = "poll" retstr = returnstr(1) } @@ -372,23 +390,25 @@ probe nd_syscall.poll.return = kprobe.function("sys_poll").return { # struct timespec __user *tsp, const sigset_t __user *sigmask, # size_t sigsetsize) # -probe nd_syscall.ppoll = kprobe.function("sys_ppoll") ? { +probe nd_syscall.ppoll = kprobe.function("sys_ppoll") ? +{ name = "ppoll" // argstr = sprintf("%p, %d, %s, %p, %d", // $ufds, // $nfds, - // _struct_timespec_u($tsp,1), + // _struct_timespec_u($tsp, 1), // $sigmask, // $sigsetsize) asmlinkage() argstr = sprintf("%p, %d, %s, %p, %d", pointer_arg(1), uint_arg(2), - _struct_timespec_u(pointer_arg(3),1), + _struct_timespec_u(pointer_arg(3), 1), pointer_arg(4), ulong_arg(5)) } -probe nd_syscall.ppoll.return = kprobe.function("sys_ppoll").return ? { +probe nd_syscall.ppoll.return = kprobe.function("sys_ppoll").return ? +{ name = "ppoll" retstr = returnstr(1) } @@ -396,23 +416,25 @@ probe nd_syscall.ppoll.return = kprobe.function("sys_ppoll").return ? { # unsigned int nfds, struct compat_timespec __user *tsp, # const compat_sigset_t __user *sigmask, compat_size_t sigsetsize) # -probe nd_syscall.compat_ppoll = kprobe.function("compat_sys_ppoll") ? { +probe nd_syscall.compat_ppoll = kprobe.function("compat_sys_ppoll") ? +{ name = "ppoll" // argstr = sprintf("%p, %d, %s, %p, %d", // $ufds, // $nfds, - // _struct_compat_timespec_u($tsp,1), + // _struct_compat_timespec_u($tsp, 1), // $sigmask, // $sigsetsize) asmlinkage() argstr = sprintf("%p, %d, %s, %p, %d", pointer_arg(1), uint_arg(2), - _struct_compat_timespec_u(pointer_arg(3),1), + _struct_compat_timespec_u(pointer_arg(3), 1), pointer_arg(4), u32_arg(5)) } -probe nd_syscall.compat_ppoll.return = kprobe.function("compat_sys_ppoll").return ? { +probe nd_syscall.compat_ppoll.return = kprobe.function("compat_sys_ppoll").return ? +{ name = "ppoll" retstr = returnstr(1) } @@ -426,7 +448,8 @@ probe nd_syscall.compat_ppoll.return = kprobe.function("compat_sys_ppoll").retur # unsigned long arg4, # unsigned long arg5) # -probe nd_syscall.prctl = kprobe.function("sys_prctl") { +probe nd_syscall.prctl = kprobe.function("sys_prctl") +{ name = "prctl" // option = $option // arg2 = $arg2 @@ -442,10 +465,12 @@ probe nd_syscall.prctl = kprobe.function("sys_prctl") { argstr = sprintf("%p, %p, %p, %p, %p", option, arg2, arg3, arg4, arg5) } -probe nd_syscall.prctl.return = kprobe.function("sys_prctl").return { +probe nd_syscall.prctl.return = kprobe.function("sys_prctl").return +{ name = "prctl" retstr = returnstr(1) } + # pread64 ____________________________________________________ # # ssize_t sys_pread64(unsigned int fd, @@ -453,7 +478,8 @@ probe nd_syscall.prctl.return = kprobe.function("sys_prctl").return { # size_t count, # loff_t pos) # -probe nd_syscall.pread = kprobe.function("sys_pread64") { +probe nd_syscall.pread = kprobe.function("sys_pread64") +{ name = "pread" // fd = $fd // buf_uaddr = $buf @@ -467,7 +493,8 @@ probe nd_syscall.pread = kprobe.function("sys_pread64") { offset = longlong_arg(4) argstr = sprintf("%d, %p, %d, %d", fd, buf_uaddr, count, offset) } -probe nd_syscall.pread.return = kprobe.function("sys_pread64").return { +probe nd_syscall.pread.return = kprobe.function("sys_pread64").return +{ name = "pread" retstr = returnstr(1) } @@ -477,27 +504,31 @@ probe nd_syscall.pread.return = kprobe.function("sys_pread64").return { # long sys_pselect6(int n, fd_set __user *inp, fd_set __user *outp, # fd_set __user *exp, struct timespec __user *tsp, void __user *sig) # -probe nd_syscall.pselect6 = kprobe.function("sys_pselect6") ? { +probe nd_syscall.pselect6 = kprobe.function("sys_pselect6") ? +{ name = "pselect6" // argstr = sprintf("%d, %p, %p, %p, %s, %p", $n, $inp, $outp, $exp, - // _struct_timespec_u($tsp,1), $sig) + // _struct_timespec_u($tsp, 1), $sig) asmlinkage() argstr = sprintf("%d, %p, %p, %p, %s, %p", int_arg(1) , pointer_arg(2), pointer_arg(3), pointer_arg(4), - _struct_timespec_u(pointer_arg(5),1), pointer_arg(6)) + _struct_timespec_u(pointer_arg(5), 1), pointer_arg(6)) } -probe nd_syscall.pselect6.return = kprobe.function("sys_pselect6").return ? { +probe nd_syscall.pselect6.return = kprobe.function("sys_pselect6").return ? +{ name = "pselect6" retstr = returnstr(1) } -probe nd_syscall.compat_pselect6 = kprobe.function("compat_sys_pselect6") ? { +probe nd_syscall.compat_pselect6 = kprobe.function("compat_sys_pselect6") ? +{ name = "pselect6" // argstr = sprintf("%d, %p, %p, %p, %s, %p", $n, $inp, $outp, $exp, - // _struct_compat_timespec_u($tsp,1), $sig) + // _struct_compat_timespec_u($tsp, 1), $sig) asmlinkage() argstr = sprintf("%d, %p, %p, %p, %s, %p", int_arg(1), pointer_arg(2), pointer_arg(3), pointer_arg(4), - _struct_compat_timespec_u(pointer_arg(5),1), pointer_arg(6)) + _struct_compat_timespec_u(pointer_arg(5), 1), pointer_arg(6)) } -probe nd_syscall.compat_pselect6.return = kprobe.function("compat_sys_pselect6").return ? { +probe nd_syscall.compat_pselect6.return = kprobe.function("compat_sys_pselect6").return ? +{ name = "pselect6" retstr = returnstr(1) } @@ -508,27 +539,31 @@ probe nd_syscall.compat_pselect6.return = kprobe.function("compat_sys_pselect6") # fd_set __user *exp, struct timespec __user *tsp, # const sigset_t __user *sigmask, size_t sigsetsize) # -probe nd_syscall.pselect7 = kprobe.function("sys_pselect7") ? { +probe nd_syscall.pselect7 = kprobe.function("sys_pselect7") ? +{ name = "pselect7" // argstr = sprintf("%d, %p, %p, %p, %s, %p, %d", $n, $inp, $outp, $exp, - // _struct_timespec_u($tsp,1), $sigmask, $sigsetsize) + // _struct_timespec_u($tsp, 1), $sigmask, $sigsetsize) asmlinkage() argstr = sprintf("%d, %p, %p, %p, %s, %p, %d", int_arg(1) , pointer_arg(2), pointer_arg(3), pointer_arg(4), - _struct_timespec_u(pointer_arg(5),1), pointer_arg(6), ulong_arg(7)) + _struct_timespec_u(pointer_arg(5), 1), pointer_arg(6), ulong_arg(7)) } -probe nd_syscall.pselect7.return = kprobe.function("sys_pselect7").return ? { +probe nd_syscall.pselect7.return = kprobe.function("sys_pselect7").return ? +{ name = "pselect7" retstr = returnstr(1) } -probe nd_syscall.compat_pselect7a = kprobe.function("compat_sys_pselect7") ? { +probe nd_syscall.compat_pselect7a = kprobe.function("compat_sys_pselect7") ? +{ name = "pselect7" //argstr = sprintf("%d, %p, %p, %p, %s, %p, %d", $n, $inp, $outp, $exp, - // _struct_compat_timespec_u($tsp,1), $sigmask, $sigsetsize) + // _struct_compat_timespec_u($tsp, 1), $sigmask, $sigsetsize) asmlinkage() argstr = sprintf("%d, %p, %p, %p, %s, %p, %d", int_arg(1) , pointer_arg(2), pointer_arg(3), pointer_arg(4), - _struct_timespec_u(pointer_arg(5),1), pointer_arg(6), ulong_arg(7)) + _struct_timespec_u(pointer_arg(5), 1), pointer_arg(6), ulong_arg(7)) } -probe nd_syscall.compat_pselect7.return = kprobe.function("compat_sys_pselect7").return ? { +probe nd_syscall.compat_pselect7.return = kprobe.function("compat_sys_pselect7").return ? +{ name = "pselect7" retstr = returnstr(1) } @@ -540,7 +575,8 @@ probe nd_syscall.compat_pselect7.return = kprobe.function("compat_sys_pselect7") # long addr, # long data) # -probe nd_syscall.ptrace = kprobe.function("sys_ptrace") ? { +probe nd_syscall.ptrace = kprobe.function("sys_ptrace") ? +{ name = "ptrace" // request = $request // pid = $pid @@ -553,7 +589,8 @@ probe nd_syscall.ptrace = kprobe.function("sys_ptrace") ? { data = long_arg(4) argstr = sprintf("%d, %d, %p, %p", request, pid, addr, data) } -probe nd_syscall.ptrace.return = kprobe.function("sys_ptrace").return ? { +probe nd_syscall.ptrace.return = kprobe.function("sys_ptrace").return ? +{ name = "ptrace" retstr = returnstr(1) } @@ -565,14 +602,15 @@ probe nd_syscall.ptrace.return = kprobe.function("sys_ptrace").return ? { # size_t count, # loff_t pos) # -probe nd_syscall.pwrite = kprobe.function("sys_pwrite64") { +probe nd_syscall.pwrite = kprobe.function("sys_pwrite64") +{ name = "pwrite" // fd = $fd // buf_uaddr = $buf // count = $count // offset = $pos // argstr = sprintf("%d, %s, %d, %d", $fd, - // text_strn(user_string($buf),syscall_string_trunc,1), + // text_strn(user_string($buf), syscall_string_trunc, 1), // $count, $pos) asmlinkage() fd = uint_arg(1) @@ -580,16 +618,18 @@ probe nd_syscall.pwrite = kprobe.function("sys_pwrite64") { count = ulong_arg(3) offset = longlong_arg(4) argstr = sprintf("%d, %s, %d, %d", fd, - text_strn(user_string(buf_uaddr),syscall_string_trunc,1), + text_strn(user_string(buf_uaddr), syscall_string_trunc, 1), count, offset) } -probe nd_syscall.pwrite.return = kprobe.function("sys_pwrite64").return { +probe nd_syscall.pwrite.return = kprobe.function("sys_pwrite64").return +{ name = "pwrite" retstr = returnstr(1) } # long sys32_pwrite64(unsigned int fd, const char __user *ubuf, # size_t count, u32 poshi, u32 poslo) -probe nd_syscall.pwrite32 = kprobe.function("sys32_pwrite64") ? { +probe nd_syscall.pwrite32 = kprobe.function("sys32_pwrite64") ? +{ name = "pwrite" // fd = $fd // buf_uaddr = $buf @@ -598,12 +638,12 @@ probe nd_syscall.pwrite32 = kprobe.function("sys32_pwrite64") ? { // %( arch == "s390x" %? // buf_uaddr = $ubuf // argstr = sprintf("%d, %s, %d, %d", $fd, - // text_strn(user_string($ubuf),syscall_string_trunc,1), + // text_strn(user_string($ubuf), syscall_string_trunc, 1), // $count, ($poshi << 32) + $poslo) // %: // buf_uaddr = $buf // argstr = sprintf("%d, %s, %d, %d", $fd, - // text_strn(user_string($buf),syscall_string_trunc,1), + // text_strn(user_string($buf), syscall_string_trunc, 1), // $count, ($poshi << 32) + $poslo) // %) asmlinkage() @@ -612,10 +652,11 @@ probe nd_syscall.pwrite32 = kprobe.function("sys32_pwrite64") ? { count = ulong_arg(3) offset = (u32_arg(4) << 32) + u32_arg(5) argstr = sprintf("%d, %s, %d, %d", fd, - text_strn(user_string(buf_uaddr),syscall_string_trunc,1), + text_strn(user_string(buf_uaddr), syscall_string_trunc, 1), count, offset) } -probe nd_syscall.pwrite32.return = kprobe.function("sys32_pwrite64").return ? { +probe nd_syscall.pwrite32.return = kprobe.function("sys32_pwrite64").return ? +{ name = "pwrite" retstr = returnstr(1) } @@ -627,7 +668,8 @@ probe nd_syscall.pwrite32.return = kprobe.function("sys32_pwrite64").return ? { # qid_t id, # void __user *addr) # -probe nd_syscall.quotactl = kprobe.function("sys_quotactl") ? { +probe nd_syscall.quotactl = kprobe.function("sys_quotactl") ? +{ name = "quotactl" // cmd = $cmd // cmd_str = _quotactl_cmd_str($cmd) @@ -645,15 +687,16 @@ probe nd_syscall.quotactl = kprobe.function("sys_quotactl") ? { addr_uaddr = pointer_arg(4) argstr = sprintf("%s, %s, %d, %p", cmd_str, special_str, id, addr_uaddr) } -probe nd_syscall.quotactl.return = kprobe.function("sys_quotactl").return ? { +probe nd_syscall.quotactl.return = kprobe.function("sys_quotactl").return ? +{ name = "quotactl" retstr = returnstr(1) } - # read _______________________________________________________ # ssize_t sys_read(unsigned int fd, char __user * buf, size_t count) -probe nd_syscall.read = kprobe.function("sys_read") { +probe nd_syscall.read = kprobe.function("sys_read") +{ name = "read" // fd = $fd // buf_uaddr = $buf @@ -665,7 +708,8 @@ probe nd_syscall.read = kprobe.function("sys_read") { count = ulong_arg(3) argstr = sprintf("%d, %p, %d", fd, buf_uaddr, count) } -probe nd_syscall.read.return = kprobe.function("sys_read").return { +probe nd_syscall.read.return = kprobe.function("sys_read").return +{ name = "read" retstr = returnstr(1) } @@ -677,7 +721,8 @@ probe nd_syscall.read.return = kprobe.function("sys_read").return { # loff_t offset, # size_t count) # -probe nd_syscall.readahead = kprobe.function("sys_readahead") { +probe nd_syscall.readahead = kprobe.function("sys_readahead") +{ name = "readahead" // fd = $fd // offset = $offset @@ -688,7 +733,8 @@ probe nd_syscall.readahead = kprobe.function("sys_readahead") { count = ulong_arg(3) argstr = sprintf("%d, %p, %p", fd, offset, count) } -probe nd_syscall.readahead.return = kprobe.function("sys_readahead").return { +probe nd_syscall.readahead.return = kprobe.function("sys_readahead").return +{ name = "readahead" retstr = returnstr(1) } @@ -698,18 +744,16 @@ probe nd_syscall.readahead.return = kprobe.function("sys_readahead").return { # long compat_sys_old_readdir(unsigned int fd, struct compat_old_linux_dirent __user *dirent, unsigned int count) # int old32_readdir(unsigned int fd, struct old_linux_dirent32 *dirent, unsigned int count) # -probe nd_syscall.readdir = - kprobe.function("compat_sys_old_readdir") ?, - kprobe.function("old32_readdir") ? +probe nd_syscall.readdir = kprobe.function("compat_sys_old_readdir") ?, + kprobe.function("old32_readdir") ? { name = "readdir" // argstr = sprintf("%d, %p, %d", $fd, $dirent, $count) asmlinkage() argstr = sprintf("%d, %p, %d", uint_arg(1), pointer_arg(2), uint_arg(3)) } -probe nd_syscall.readdir.return = - kprobe.function("compat_sys_old_readdir").return ?, - kprobe.function("old32_readdir").return ? +probe nd_syscall.readdir.return = kprobe.function("compat_sys_old_readdir").return ?, + kprobe.function("old32_readdir").return ? { name = "readdir" retstr = returnstr(1) @@ -721,7 +765,8 @@ probe nd_syscall.readdir.return = # char __user * buf, # int bufsiz) # -probe nd_syscall.readlink = kprobe.function("sys_readlink") { +probe nd_syscall.readlink = kprobe.function("sys_readlink") +{ name = "readlink" // path = user_string($path) // buf_uaddr = $buf @@ -735,7 +780,8 @@ probe nd_syscall.readlink = kprobe.function("sys_readlink") { argstr = sprintf("%s, %p, %d", user_string_quoted(pointer_arg(1)), buf_uaddr, bufsiz) } -probe nd_syscall.readlink.return = kprobe.function("sys_readlink").return { +probe nd_syscall.readlink.return = kprobe.function("sys_readlink").return +{ name = "readlink" retstr = returnstr(1) } @@ -746,7 +792,8 @@ probe nd_syscall.readlink.return = kprobe.function("sys_readlink").return { # char __user * buf, # int bufsiz) # -probe nd_syscall.readlinkat = kprobe.function("sys_readlinkat") ? { +probe nd_syscall.readlinkat = kprobe.function("sys_readlinkat") ? +{ name = "readlinkat" //dfd = $dfd // path = user_string($path) @@ -762,7 +809,8 @@ probe nd_syscall.readlinkat = kprobe.function("sys_readlinkat") ? { argstr = sprintf("%s, %s, %p, %d", _dfd_str(dfd), user_string_quoted(pointer_arg(2)), buf_uaddr, bufsiz) } -probe nd_syscall.readlinkat.return = kprobe.function("sys_readlinkat").return ? { +probe nd_syscall.readlinkat.return = kprobe.function("sys_readlinkat").return ? +{ name = "readlinkat" retstr = returnstr(1) } @@ -776,9 +824,8 @@ probe nd_syscall.readlinkat.return = kprobe.function("sys_readlinkat").return ? # const struct compat_iovec __user *vec, # unsigned long vlen) # -probe nd_syscall.readv = - kprobe.function("sys_readv"), - kprobe.function("compat_sys_readv") ? +probe nd_syscall.readv = kprobe.function("sys_readv"), + kprobe.function("compat_sys_readv") ? { name = "readv" // vector_uaddr = $vec @@ -796,9 +843,8 @@ probe nd_syscall.readv = fd = ulong_arg(1) argstr = sprintf("%d, %p, %d", fd, vector_uaddr, count) } -probe nd_syscall.readv.return = - kprobe.function("sys_readv").return, - kprobe.function("compat_sys_readv").return ? +probe nd_syscall.readv.return = kprobe.function("sys_readv").return, + kprobe.function("compat_sys_readv").return ? { name = "readv" retstr = returnstr(1) @@ -811,7 +857,8 @@ probe nd_syscall.readv.return = # unsigned int cmd, # void __user * arg) # -probe nd_syscall.reboot = kprobe.function("sys_reboot") { +probe nd_syscall.reboot = kprobe.function("sys_reboot") +{ name = "reboot" // magic = $magic1 // magic_str = _reboot_magic_str($magic1) @@ -833,7 +880,8 @@ probe nd_syscall.reboot = kprobe.function("sys_reboot") { argstr = sprintf("%s, %s, %s, %p", magic_str, magic2_str, flag_str, arg_uaddr) } -probe nd_syscall.reboot.return = kprobe.function("sys_reboot").return { +probe nd_syscall.reboot.return = kprobe.function("sys_reboot").return +{ name = "reboot" retstr = returnstr(1) } @@ -842,7 +890,8 @@ probe nd_syscall.reboot.return = kprobe.function("sys_reboot").return { # # long sys_recv(int fd, void __user *ubuf, size_t size, unsigned flags) # -probe nd_syscall.recv = kprobe.function("sys_recv") ? { +probe nd_syscall.recv = kprobe.function("sys_recv") ? +{ name = "recv" // s = $fd // buf_uaddr = $ubuf @@ -858,7 +907,8 @@ probe nd_syscall.recv = kprobe.function("sys_recv") ? { flags_str = _recvflags_str(flags) argstr = sprintf("%d, %p, %d, %s", s, buf_uaddr, len, flags_str) } -probe nd_syscall.recv.return = kprobe.function("sys_recv").return ? { +probe nd_syscall.recv.return = kprobe.function("sys_recv").return ? +{ name = "recv" retstr = returnstr(1) } @@ -872,7 +922,8 @@ probe nd_syscall.recv.return = kprobe.function("sys_recv").return ? { # struct sockaddr __user *addr, # int __user *addr_len) # -probe nd_syscall.recvfrom = kprobe.function("sys_recvfrom") ? { +probe nd_syscall.recvfrom = kprobe.function("sys_recvfrom") ? +{ name = "recvfrom" // s = $fd // buf_uaddr = $ubuf @@ -894,7 +945,8 @@ probe nd_syscall.recvfrom = kprobe.function("sys_recvfrom") ? { argstr = sprintf("%d, %p, %d, %s, %p, %p", s, buf_uaddr, len, flags_str, addr_uaddr, addrlen_uaddr) } -probe nd_syscall.recvfrom.return = kprobe.function("sys_recvfrom").return ? { +probe nd_syscall.recvfrom.return = kprobe.function("sys_recvfrom").return ? +{ name = "recvfrom" retstr = returnstr(1) } @@ -905,7 +957,8 @@ probe nd_syscall.recvfrom.return = kprobe.function("sys_recvfrom").return ? { # struct msghdr __user *msg, # unsigned int flags) # -probe nd_syscall.recvmsg = kprobe.function("sys_recvmsg") ? { +probe nd_syscall.recvmsg = kprobe.function("sys_recvmsg") ? +{ name = "recvmsg" // s = $fd // msg_uaddr = $msg @@ -919,17 +972,20 @@ probe nd_syscall.recvmsg = kprobe.function("sys_recvmsg") ? { flags_str = _recvflags_str(flags) argstr = sprintf("%d, %p, %s", s, msg_uaddr, flags_str) } -probe nd_syscall.recvmsg.return = kprobe.function("sys_recvmsg").return ? { +probe nd_syscall.recvmsg.return = kprobe.function("sys_recvmsg").return ? +{ name = "recvmsg" retstr = returnstr(1) } + # compat_sys_recvmsg ________________________________________ # # long compat_sys_recvmsg(int fd, # struct compat_msghdr __user *msg, # unsigned int flags) # -probe nd_syscall.compat_sys_recvmsg = kprobe.function("compat_sys_recvmsg") ? { +probe nd_syscall.compat_sys_recvmsg = kprobe.function("compat_sys_recvmsg") ? +{ name = "compat_sys_recvmsg" // s = $fd // msg_uaddr = $msg @@ -941,7 +997,8 @@ probe nd_syscall.compat_sys_recvmsg = kprobe.function("compat_sys_recvmsg") ? { flags = uint_arg(3) argstr = sprintf("%d, %p, %s", s, msg_uaddr, _recvflags_str(flags)) } -probe nd_syscall.compat_sys_recvmsg.return = kprobe.function("compat_sys_recvmsg").return ? { +probe nd_syscall.compat_sys_recvmsg.return = kprobe.function("compat_sys_recvmsg").return ? +{ name = "compat_sys_recvmsg" retstr = returnstr(1) } @@ -954,7 +1011,8 @@ probe nd_syscall.compat_sys_recvmsg.return = kprobe.function("compat_sys_recvmsg # unsigned long pgoff, # unsigned long flags) # -probe nd_syscall.remap_file_pages = kprobe.function("sys_remap_file_pages") ? { +probe nd_syscall.remap_file_pages = kprobe.function("sys_remap_file_pages") ? +{ name = "remap_file_pages" // start = $start // size = $size @@ -974,8 +1032,8 @@ probe nd_syscall.remap_file_pages = kprobe.function("sys_remap_file_pages") ? { argstr = sprintf("%p, %p, %p, %p, %p", start, size, prot, pgoff, flags) } -probe nd_syscall.remap_file_pages.return = - kprobe.function("sys_remap_file_pages").return ? { +probe nd_syscall.remap_file_pages.return = kprobe.function("sys_remap_file_pages").return ? +{ name = "remap_file_pages" retstr = returnstr(1) } @@ -986,7 +1044,8 @@ probe nd_syscall.remap_file_pages.return = # sys_removexattr(char __user *path, # char __user *name) # -probe nd_syscall.removexattr = kprobe.function("sys_removexattr") { +probe nd_syscall.removexattr = kprobe.function("sys_removexattr") +{ name = "removexattr" // path = user_string($path) // name_str = user_string($name) @@ -998,17 +1057,20 @@ probe nd_syscall.removexattr = kprobe.function("sys_removexattr") { argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), user_string_quoted(pointer_arg(2))) } -probe nd_syscall.removexattr.return = kprobe.function("sys_removexattr").return { +probe nd_syscall.removexattr.return = kprobe.function("sys_removexattr").return +{ name = "removexattr" retstr = returnstr(1) } + # rename _____________________________________________________ # # asmlinkage long # sys_rename(const char __user * oldname, # const char __user * newname) # -probe nd_syscall.rename = kprobe.function("sys_rename") { +probe nd_syscall.rename = kprobe.function("sys_rename") +{ name = "rename" // oldpath = user_string($oldname) // newpath = user_string($newname) @@ -1020,7 +1082,8 @@ probe nd_syscall.rename = kprobe.function("sys_rename") { argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), user_string_quoted(pointer_arg(2))) } -probe nd_syscall.rename.return = kprobe.function("sys_rename").return { +probe nd_syscall.rename.return = kprobe.function("sys_rename").return +{ name = "rename" retstr = returnstr(1) } @@ -1033,7 +1096,8 @@ probe nd_syscall.rename.return = kprobe.function("sys_rename").return { # key_serial_t destringid) # compat_sys_request_key() calls sys_request_key, so don't need probe there. # -probe nd_syscall.request_key = kprobe.function("sys_request_key") ? { +probe nd_syscall.request_key = kprobe.function("sys_request_key") ? +{ name = "request_key" // type_uaddr = $_type // description_uaddr = $_description @@ -1045,9 +1109,10 @@ probe nd_syscall.request_key = kprobe.function("sys_request_key") ? { description_uaddr = pointer_arg(2) callout_info_uaddr = pointer_arg(3) destringid = u32_arg(4) - argstr = sprintf("%p, %p, %p, %p", type_uaddr,description_uaddr, callout_info_uaddr, destringid) + argstr = sprintf("%p, %p, %p, %p", type_uaddr, description_uaddr, callout_info_uaddr, destringid) } -probe nd_syscall.request_key.return = kprobe.function("sys_request_key").return ? { +probe nd_syscall.request_key.return = kprobe.function("sys_request_key").return ? +{ name = "request_key" retstr = returnstr(1) } @@ -1057,21 +1122,24 @@ probe nd_syscall.request_key.return = kprobe.function("sys_request_key").return # asmlinkage long # sys_restart_syscall(void) # -probe nd_syscall.restart_syscall = kprobe.function("sys_restart_syscall") { +probe nd_syscall.restart_syscall = kprobe.function("sys_restart_syscall") +{ name = "restart_syscall" argstr = "" } -probe nd_syscall.restart_syscall.return = - kprobe.function("sys_restart_syscall").return { +probe nd_syscall.restart_syscall.return = kprobe.function("sys_restart_syscall").return +{ name = "restart_syscall" retstr = returnstr(1) } + # rmdir ______________________________________________________ # # asmlinkage long # sys_rmdir(const char __user * pathname) # -probe nd_syscall.rmdir = kprobe.function("sys_rmdir") { +probe nd_syscall.rmdir = kprobe.function("sys_rmdir") +{ name = "rmdir" // pathname = user_string($pathname) // argstr = user_string_quoted($pathname) @@ -1079,7 +1147,8 @@ probe nd_syscall.rmdir = kprobe.function("sys_rmdir") { pathname = user_string(pointer_arg(1)) argstr = user_string_quoted(pointer_arg(1)) } -probe nd_syscall.rmdir.return = kprobe.function("sys_rmdir").return { +probe nd_syscall.rmdir.return = kprobe.function("sys_rmdir").return +{ name = "rmdir" retstr = returnstr(1) } @@ -1091,7 +1160,8 @@ probe nd_syscall.rmdir.return = kprobe.function("sys_rmdir").return { # struct sigaction __user *oact, # size_t sigsetsize) # -probe nd_syscall.rt_sigaction = kprobe.function("sys_rt_sigaction") ? { +probe nd_syscall.rt_sigaction = kprobe.function("sys_rt_sigaction") ? +{ name = "rt_sigaction" // sig = $sig // act_uaddr = $act @@ -1107,7 +1177,8 @@ probe nd_syscall.rt_sigaction = kprobe.function("sys_rt_sigaction") ? { argstr = sprintf("%s, {%s}, %p, %d", _signal_name(sig), _struct_sigaction_u(act_uaddr), oact_uaddr, sigsetsize) } -probe nd_syscall.rt_sigaction.return = kprobe.function("sys_rt_sigaction").return ? { +probe nd_syscall.rt_sigaction.return = kprobe.function("sys_rt_sigaction").return ? +{ name = "rt_sigaction" retstr = returnstr(1) } @@ -1124,7 +1195,7 @@ probe nd_syscall.rt_sigaction.return = kprobe.function("sys_rt_sigaction").retur # size_t sigsetsize) probe nd_syscall.rt_sigaction32 = kprobe.function("sys32_rt_sigaction") ?, - kprobe.function("compat_sys_rt_sigaction") ? + kprobe.function("compat_sys_rt_sigaction") ? { name = "rt_sigaction" // sig = $sig @@ -1140,7 +1211,7 @@ probe nd_syscall.rt_sigaction32 = kprobe.function("sys32_rt_sigaction") ?, argstr = sprintf("%s, %p, %p, %d", _signal_name(sig), act_uadd, oact_uaddr, sigsetsize) } probe nd_syscall.rt_sigaction32.return = kprobe.function("sys32_rt_sigaction").return ?, - kprobe.function("compat_sys_rt_sigaction").return ? + kprobe.function("compat_sys_rt_sigaction").return ? { name = "rt_sigaction" retstr = returnstr(1) @@ -1150,7 +1221,8 @@ probe nd_syscall.rt_sigaction32.return = kprobe.function("sys32_rt_sigaction").r # # long sys_rt_sigpending(sigset_t __user *set, size_t sigsetsize) # -probe nd_syscall.rt_sigpending = kprobe.function("sys_rt_sigpending") ? { +probe nd_syscall.rt_sigpending = kprobe.function("sys_rt_sigpending") ? +{ name = "rt_sigpending" // set_uaddr = $set // sigsetsize = $sigsetsize @@ -1160,7 +1232,8 @@ probe nd_syscall.rt_sigpending = kprobe.function("sys_rt_sigpending") ? { sigsetsize = ulong_arg(2) argstr = sprintf("%p, %d", set_uaddr, sigsetsize) } -probe nd_syscall.rt_sigpending.return = kprobe.function("sys_rt_sigpending").return ? { +probe nd_syscall.rt_sigpending.return = kprobe.function("sys_rt_sigpending").return ? +{ name = "rt_sigpending" retstr = returnstr(1) } @@ -1170,10 +1243,9 @@ probe nd_syscall.rt_sigpending.return = kprobe.function("sys_rt_sigpending").ret # long compat_sys_rt_sigprocmask(int how, compat_sigset_t __user *set, compat_sigset_t __user *oset, compat_size_t sigsetsize) # long sys_rt_sigprocmask(int how, sigset_t __user *set, sigset_t __user *oset, size_t sigsetsize) # -probe nd_syscall.rt_sigprocmask = - kprobe.function("sys32_rt_sigprocmask") ?, - kprobe.function("compat_sys_rt_sigprocmask") ?, - kprobe.function("sys_rt_sigprocmask") ? +probe nd_syscall.rt_sigprocmask = kprobe.function("sys32_rt_sigprocmask") ?, + kprobe.function("compat_sys_rt_sigprocmask") ?, + kprobe.function("sys_rt_sigprocmask") ? { name = "rt_sigprocmask" // how = $how @@ -1191,10 +1263,9 @@ probe nd_syscall.rt_sigprocmask = argstr = sprintf("%s, [%s], %p, %d", how_str, _stp_sigset_u(set_uaddr), oldset_uaddr, uint_arg(4)) } -probe nd_syscall.rt_sigprocmask.return = - kprobe.function("sys32_rt_sigprocmask").return ?, - kprobe.function("compat_sys_rt_sigprocmask").return ?, - kprobe.function("sys_rt_sigprocmask").return ? +probe nd_syscall.rt_sigprocmask.return = kprobe.function("sys32_rt_sigprocmask").return ?, + kprobe.function("compat_sys_rt_sigprocmask").return ?, + kprobe.function("sys_rt_sigprocmask").return ? { name = "rt_sigprocmask" retstr = returnstr(1) @@ -1202,9 +1273,10 @@ probe nd_syscall.rt_sigprocmask.return = # rt_sigqueueinfo ____________________________________________ # -# long sys_rt_sigqueueinfo(int pid, int sig,siginfo_t __user *uinfo) +# long sys_rt_sigqueueinfo(int pid, int sig, siginfo_t __user *uinfo) # -probe nd_syscall.rt_sigqueueinfo = kprobe.function("sys_rt_sigqueueinfo") { +probe nd_syscall.rt_sigqueueinfo = kprobe.function("sys_rt_sigqueueinfo") +{ name = "rt_sigqueueinfo" // pid = $pid // sig = $sig @@ -1216,8 +1288,8 @@ probe nd_syscall.rt_sigqueueinfo = kprobe.function("sys_rt_sigqueueinfo") { uinfo_uaddr = pointer_arg(3) argstr = sprintf("%d, %s, %p", pid, _signal_name(sig), uinfo_uaddr) } -probe nd_syscall.rt_sigqueueinfo.return = - kprobe.function("sys_rt_sigqueueinfo").return { +probe nd_syscall.rt_sigqueueinfo.return = kprobe.function("sys_rt_sigqueueinfo").return +{ name = "rt_sigqueueinfo" retstr = returnstr(1) } @@ -1225,16 +1297,14 @@ probe nd_syscall.rt_sigqueueinfo.return = # rt_sigreturn _______________________________________________ # int sys_rt_sigreturn(unsigned long __unused) # -probe nd_syscall.rt_sigreturn = - kprobe.function("sys_rt_sigreturn") ?, - kprobe.function("sys32_rt_sigreturn") ? +probe nd_syscall.rt_sigreturn = kprobe.function("sys_rt_sigreturn") ?, + kprobe.function("sys32_rt_sigreturn") ? { name = "rt_sigreturn" argstr = "" } -probe nd_syscall.rt_sigreturn.return = - kprobe.function("sys_rt_sigreturn").return ?, - kprobe.function("sys32_rt_sigreturn").return ? +probe nd_syscall.rt_sigreturn.return = kprobe.function("sys_rt_sigreturn").return ?, + kprobe.function("sys32_rt_sigreturn").return ? { name = "rt_sigreturn" retstr = returnstr(1) @@ -1244,18 +1314,16 @@ probe nd_syscall.rt_sigreturn.return = # # sys_rt_sigsuspend(struct pt_regs regs) # -probe nd_syscall.rt_sigsuspend = - kprobe.function("sys_rt_sigsuspend") ?, - kprobe.function("compat_sys_rt_sigsuspend") ?, - kprobe.function("ia64_rt_sigsuspend") ? +probe nd_syscall.rt_sigsuspend = kprobe.function("sys_rt_sigsuspend") ?, + kprobe.function("compat_sys_rt_sigsuspend") ?, + kprobe.function("ia64_rt_sigsuspend") ? { name = "rt_sigsuspend" argstr = "" } -probe nd_syscall.rt_sigsuspend.return = - kprobe.function("sys_rt_sigsuspend").return ?, - kprobe.function("compat_sys_rt_sigsuspend").return ?, - kprobe.function("ia64_rt_sigsuspend").return ? +probe nd_syscall.rt_sigsuspend.return = kprobe.function("sys_rt_sigsuspend").return ?, + kprobe.function("compat_sys_rt_sigsuspend").return ?, + kprobe.function("ia64_rt_sigsuspend").return ? { name = "rt_sigsuspend" retstr = returnstr(1) @@ -1271,9 +1339,8 @@ probe nd_syscall.rt_sigsuspend.return = # struct compat_siginfo __user *uinfo, # struct compat_timespec __user *uts, compat_size_t sigsetsize) # -probe nd_syscall.rt_sigtimedwait = - kprobe.function("sys_rt_sigtimedwait"), - kprobe.function("compat_sys_rt_sigtimedwait") ? +probe nd_syscall.rt_sigtimedwait = kprobe.function("sys_rt_sigtimedwait"), + kprobe.function("compat_sys_rt_sigtimedwait") ? { name = "rt_sigtimedwait" // uthese_uaddr = $uthese @@ -1291,9 +1358,8 @@ probe nd_syscall.rt_sigtimedwait = sigsetsize = u32_arg(4) argstr = sprintf("%p, %p, %p, %d", uthese_uaddr, uinfo_uaddr, uts_uaddr, sigsetsize) } -probe nd_syscall.rt_sigtimedwait.return = - kprobe.function("sys_rt_sigtimedwait").return, - kprobe.function("compat_sys_rt_sigtimedwait").return ? +probe nd_syscall.rt_sigtimedwait.return = kprobe.function("sys_rt_sigtimedwait").return, + kprobe.function("compat_sys_rt_sigtimedwait").return ? { name = "rt_sigtimedwait" retstr = returnstr(1) @@ -1306,7 +1372,8 @@ probe nd_syscall.rt_sigtimedwait.return = # unsigned int len, # unsigned long __user *user_mask_ptr) # -probe nd_syscall.sched_getaffinity = kprobe.function("sys_sched_getaffinity") { +probe nd_syscall.sched_getaffinity = kprobe.function("sys_sched_getaffinity") +{ name = "sched_getaffinity" // pid = $pid // len = $len @@ -1317,18 +1384,20 @@ probe nd_syscall.sched_getaffinity = kprobe.function("sys_sched_getaffinity") { mask_uaddr = pointer_arg(3) argstr = sprintf("%d, %p, %p", pid, len, mask_uaddr) } -probe nd_syscall.sched_getaffinity.return = - kprobe.function("sys_sched_getaffinity").return { +probe nd_syscall.sched_getaffinity.return = kprobe.function("sys_sched_getaffinity").return +{ name = "sched_getaffinity" retstr = returnstr(1) } + # sched_getparam _____________________________________________ # # asmlinkage long # sys_sched_getparam(pid_t pid, # struct sched_param __user *param) # -probe nd_syscall.sched_getparam = kprobe.function("sys_sched_getparam") { +probe nd_syscall.sched_getparam = kprobe.function("sys_sched_getparam") +{ name = "sched_getparam" // pid = $pid // p_uaddr = $param @@ -1337,52 +1406,56 @@ probe nd_syscall.sched_getparam = kprobe.function("sys_sched_getparam") { p_uaddr = pointer_arg(2) argstr = sprintf("%d, %p", pid, p_uaddr) } -probe nd_syscall.sched_getparam.return = - kprobe.function("sys_sched_getparam").return { +probe nd_syscall.sched_getparam.return = kprobe.function("sys_sched_getparam").return +{ name = "sched_getparam" retstr = returnstr(1) } + # sched_get_priority_max _____________________________________ # # asmlinkage long # sys_sched_get_priority_max(int policy) # -probe nd_syscall.sched_get_priority_max = - kprobe.function("sys_sched_get_priority_max") { +probe nd_syscall.sched_get_priority_max = kprobe.function("sys_sched_get_priority_max") +{ name = "sched_get_priority_max" // policy = $policy asmlinkage() policy = int_arg(1) argstr = sprint(policy) } -probe nd_syscall.sched_get_priority_max.return = - kprobe.function("sys_sched_get_priority_max").return { +probe nd_syscall.sched_get_priority_max.return = kprobe.function("sys_sched_get_priority_max").return +{ name = "sched_get_priority_max" retstr = returnstr(1) } + # sched_get_priority_min _____________________________________ # # asmlinkage long # sys_sched_get_priority_min(int policy) # -probe nd_syscall.sched_get_priority_min = - kprobe.function("sys_sched_get_priority_min") { +probe nd_syscall.sched_get_priority_min = kprobe.function("sys_sched_get_priority_min") +{ name = "sched_get_priority_min" // policy = $policy asmlinkage() policy = int_arg(1) argstr = sprint(policy) } -probe nd_syscall.sched_get_priority_min.return = - kprobe.function("sys_sched_get_priority_min").return { +probe nd_syscall.sched_get_priority_min.return = kprobe.function("sys_sched_get_priority_min").return +{ name = "sched_get_priority_min" retstr = returnstr(1) } + # sched_getscheduler _________________________________________ # # long sys_sched_getscheduler(pid_t pid) # -probe nd_syscall.sched_getscheduler = kprobe.function("sys_sched_getscheduler") { +probe nd_syscall.sched_getscheduler = kprobe.function("sys_sched_getscheduler") +{ name = "sched_getscheduler" // pid = $pid // argstr = sprint($pid) @@ -1390,25 +1463,29 @@ probe nd_syscall.sched_getscheduler = kprobe.function("sys_sched_getscheduler") pid = int_arg(1) argstr = sprint(pid) } -probe nd_syscall.sched_getscheduler.return = kprobe.function("sys_sched_getscheduler").return { +probe nd_syscall.sched_getscheduler.return = kprobe.function("sys_sched_getscheduler").return +{ name = "sched_getscheduler" retstr = returnstr(1) } + # sched_rr_get_interval ______________________________________ # # long sys_sched_rr_get_interval(pid_t pid, struct timespec __user *interval) # -probe nd_syscall.sched_rr_get_interval = kprobe.function("sys_sched_rr_get_interval") { +probe nd_syscall.sched_rr_get_interval = kprobe.function("sys_sched_rr_get_interval") +{ name = "sched_rr_get_interval" // pid = $pid // tp_uaddr = $interval - // argstr = sprintf("%d, %s", $pid, _struct_timespec_u($interval,1)) + // argstr = sprintf("%d, %s", $pid, _struct_timespec_u($interval, 1)) asmlinkage() pid = int_arg(1) tp_uaddr = pointer_arg(2) - argstr = sprintf("%d, %s", pid, _struct_timespec_u(tp_uaddr,1)) + argstr = sprintf("%d, %s", pid, _struct_timespec_u(tp_uaddr, 1)) } -probe nd_syscall.sched_rr_get_interval.return = kprobe.function("sys_sched_rr_get_interval").return { +probe nd_syscall.sched_rr_get_interval.return = kprobe.function("sys_sched_rr_get_interval").return +{ name = "sched_rr_get_interval" retstr = returnstr(1) } @@ -1420,7 +1497,8 @@ probe nd_syscall.sched_rr_get_interval.return = kprobe.function("sys_sched_rr_ge # FIXME: why the problem with x86_64? # %( arch != "x86_64" %? -probe nd_syscall.sched_setaffinity = kprobe.function("sys_sched_setaffinity") { +probe nd_syscall.sched_setaffinity = kprobe.function("sys_sched_setaffinity") +{ name = "sched_setaffinity" // pid = $pid // len = $len @@ -1433,7 +1511,8 @@ probe nd_syscall.sched_setaffinity = kprobe.function("sys_sched_setaffinity") { argstr = sprintf("%d, %d, %p", pid, len, mask_uaddr) } %: -probe nd_syscall.sched_setaffinity = kprobe.function("sys_sched_setaffinity") { +probe nd_syscall.sched_setaffinity = kprobe.function("sys_sched_setaffinity") +{ name = "sched_setaffinity" // pid = $pid // len = 0 @@ -1446,7 +1525,8 @@ probe nd_syscall.sched_setaffinity = kprobe.function("sys_sched_setaffinity") { argstr = sprintf("%d, , %p", pid, mask_uaddr) } %) -probe nd_syscall.sched_setaffinity.return = kprobe.function("sys_sched_setaffinity").return { +probe nd_syscall.sched_setaffinity.return = kprobe.function("sys_sched_setaffinity").return +{ name = "sched_setaffinity" retstr = returnstr(1) } @@ -1455,7 +1535,8 @@ probe nd_syscall.sched_setaffinity.return = kprobe.function("sys_sched_setaffini # # long sys_sched_setparam(pid_t pid, struct sched_param __user *param) # -probe nd_syscall.sched_setparam = kprobe.function("sys_sched_setparam") ? { +probe nd_syscall.sched_setparam = kprobe.function("sys_sched_setparam") ? +{ name = "sched_setparam" // pid = $pid // p_uaddr = $param @@ -1465,7 +1546,8 @@ probe nd_syscall.sched_setparam = kprobe.function("sys_sched_setparam") ? { p_uaddr = pointer_arg(2) argstr = sprintf("%d, %p", pid, p_uaddr) } -probe nd_syscall.sched_setparam.return = kprobe.function("sys_sched_setparam").return ? { +probe nd_syscall.sched_setparam.return = kprobe.function("sys_sched_setparam").return ? +{ name = "sched_setparam" retstr = returnstr(1) } @@ -1474,7 +1556,8 @@ probe nd_syscall.sched_setparam.return = kprobe.function("sys_sched_setparam").r # # long sys_sched_setscheduler(pid_t pid, int policy, struct sched_param __user *param) # -probe nd_syscall.sched_setscheduler = kprobe.function("sys_sched_setscheduler") ? { +probe nd_syscall.sched_setscheduler = kprobe.function("sys_sched_setscheduler") ? +{ name = "sched_setscheduler" // pid = $pid // policy = $policy @@ -1488,7 +1571,8 @@ probe nd_syscall.sched_setscheduler = kprobe.function("sys_sched_setscheduler") p_uaddr = pointer_arg(3) argstr = sprintf("%d, %s, %p", pid, policy_str, p_uaddr) } -probe nd_syscall.sched_setscheduler.return = kprobe.function("sys_sched_setscheduler").return ? { +probe nd_syscall.sched_setscheduler.return = kprobe.function("sys_sched_setscheduler").return ? +{ name = "sched_setscheduler" retstr = returnstr(1) } @@ -1496,11 +1580,13 @@ probe nd_syscall.sched_setscheduler.return = kprobe.function("sys_sched_setsched # sched_yield ________________________________________________ # long sys_sched_yield(void) # -probe nd_syscall.sched_yield = kprobe.function("sys_sched_yield") { +probe nd_syscall.sched_yield = kprobe.function("sys_sched_yield") +{ name = "sched_yield" argstr = "" } -probe nd_syscall.sched_yield.return = kprobe.function("sys_sched_yield").return { +probe nd_syscall.sched_yield.return = kprobe.function("sys_sched_yield").return +{ name = "sched_yield" retstr = returnstr(1) } @@ -1512,7 +1598,8 @@ probe nd_syscall.sched_yield.return = kprobe.function("sys_sched_yield").return # fd_set __user *exp, # struct timeval __user *tvp) # -probe nd_syscall.select = kprobe.function("sys_select") { +probe nd_syscall.select = kprobe.function("sys_select") +{ name = "select" // n = $n // readfds_uaddr = $inp @@ -1530,7 +1617,8 @@ probe nd_syscall.select = kprobe.function("sys_select") { argstr = sprintf("%d, %p, %p, %p, %s", n, readfds_uaddr, writefds_uaddr, exceptfds_uaddr, _struct_timeval_u(timeout_uaddr, 1)) } -probe nd_syscall.select.return = kprobe.function("sys_select").return { +probe nd_syscall.select.return = kprobe.function("sys_select").return +{ name = "select" retstr = returnstr(1) } @@ -1540,7 +1628,8 @@ probe nd_syscall.select.return = kprobe.function("sys_select").return { # compat_ulong_t __user *exp, # struct compat_timeval __user *tvp) # -probe nd_syscall.compat_select = kprobe.function("compat_sys_select") ? { +probe nd_syscall.compat_select = kprobe.function("compat_sys_select") ? +{ name = "select" // n = $n // readfds_uaddr = $inp @@ -1558,7 +1647,8 @@ probe nd_syscall.compat_select = kprobe.function("compat_sys_select") ? { argstr = sprintf("%d, %p, %p, %p, %s", n, readfds_uaddr, writefds_uaddr, exceptfds_uaddr, _struct_timeval_u(timeout_uaddr, 1)) } -probe nd_syscall.compat_select.return = kprobe.function("compat_sys_select").return ? { +probe nd_syscall.compat_select.return = kprobe.function("compat_sys_select").return ? +{ name = "select" retstr = returnstr(1) } @@ -1569,7 +1659,8 @@ probe nd_syscall.compat_select.return = kprobe.function("compat_sys_select").ret # int cmd, # union semun arg) # -probe nd_syscall.semctl = kprobe.function("sys_semctl") ? { +probe nd_syscall.semctl = kprobe.function("sys_semctl") ? +{ name = "semctl" // semid = $semid // semnum = $semnum @@ -1585,19 +1676,23 @@ probe nd_syscall.semctl = kprobe.function("sys_semctl") ? { cmd = int_arg(3) argstr = sprintf("%d, %d, %s", semid, semnum, _semctl_cmd(cmd)) // ** jk done } -probe nd_syscall.semctl.return = kprobe.function("sys_semctl").return ? { +probe nd_syscall.semctl.return = kprobe.function("sys_semctl").return ? +{ name = "semctl" retstr = returnstr(1) } + # compat_sys_semctl ________________________________________ # # long compat_sys_semctl(int first, int second, int third, void __user *uptr) # -probe nd_syscall.compat_sys_semctl = kprobe.function("compat_sys_semctl") ? { +probe nd_syscall.compat_sys_semctl = kprobe.function("compat_sys_semctl") ? +{ name = "compat_sys_semctl" argstr = sprintf("%d, %d, %d, %p", $first, $second, $third, $uptr) // ** not asmlinkage } -probe nd_syscall.compat_sys_semctl.return = kprobe.function("compat_sys_semctl").return ? { +probe nd_syscall.compat_sys_semctl.return = kprobe.function("compat_sys_semctl").return ? +{ name = "compat_sys_semctl" retstr = returnstr(1) } @@ -1605,7 +1700,8 @@ probe nd_syscall.compat_sys_semctl.return = kprobe.function("compat_sys_semctl") # semget _____________________________________________________ # long sys_semget (key_t key, int nsems, int semflg) # -probe nd_syscall.semget = kprobe.function("sys_semget") ? { +probe nd_syscall.semget = kprobe.function("sys_semget") ? +{ name = "semget" // key = $key // nsems = $nsems @@ -1617,7 +1713,8 @@ probe nd_syscall.semget = kprobe.function("sys_semget") ? { semflg = int_arg(3) argstr = sprintf("%d, %d, %s", key, nsems, __sem_flags(semflg)) } -probe nd_syscall.semget.return = kprobe.function("sys_semget").return ? { +probe nd_syscall.semget.return = kprobe.function("sys_semget").return ? +{ name = "semget" retstr = returnstr(1) } @@ -1628,7 +1725,8 @@ probe nd_syscall.semget.return = kprobe.function("sys_semget").return ? { # struct sembuf __user *tsops, # unsigned nsops) # -probe nd_syscall.semop = kprobe.function("sys_semtimedop") ? { +probe nd_syscall.semop = kprobe.function("sys_semtimedop") ? +{ name = "semop" // semid = $semid // tsops_uaddr = $tsops @@ -1640,7 +1738,8 @@ probe nd_syscall.semop = kprobe.function("sys_semtimedop") ? { nsops = uint_arg(3) argstr = sprintf("%d, %p, %d", semid, tsops_uaddr, nsops) } -probe nd_syscall.semop.return = kprobe.function("sys_semtimedop").return ? { +probe nd_syscall.semop.return = kprobe.function("sys_semtimedop").return ? +{ name = "semop" retstr = returnstr(1) } @@ -1652,48 +1751,53 @@ probe nd_syscall.semop.return = kprobe.function("sys_semtimedop").return ? { # unsigned nsops, # const struct timespec __user *timeout) # -probe nd_syscall.semtimedop = kprobe.function("sys_semtimedop") ? { +probe nd_syscall.semtimedop = kprobe.function("sys_semtimedop") ? +{ name = "semtimedop" // semid = $semid // sops_uaddr = $tsops // nsops = $nsops // timeout_uaddr = $timeout // argstr = sprintf("%d, %p, %d, %s", $semid, $tsops, $nsops, - // _struct_timespec_u($timeout,1)) + // _struct_timespec_u($timeout, 1)) asmlinkage() semid = int_arg(1) sops_uaddr = pointer_arg(2) nsops = uint_arg(3) timeout_uaddr = pointer_arg(4) argstr = sprintf("%d, %p, %d, %s", semid, sops_uaddr, nsops, - _struct_timespec_u(timeout_uaddr,1)) + _struct_timespec_u(timeout_uaddr, 1)) } -probe nd_syscall.semtimedop.return = kprobe.function("sys_semtimedop").return ? { +probe nd_syscall.semtimedop.return = kprobe.function("sys_semtimedop").return ? +{ name = "semtimedop" retstr = returnstr(1) } + # compat_sys_semtimedop ________________________________________ # # long compat_sys_semtimedop(int semid, struct sembuf __user *tsems, # unsigned nsops, const struct compat_timespec __user *timeout) # -probe nd_syscall.compat_sys_semtimedop = kprobe.function("compat_sys_semtimedop") ? { +probe nd_syscall.compat_sys_semtimedop = kprobe.function("compat_sys_semtimedop") ? +{ name = "compat_sys_semtimedop" // semid = $semid // sops_uaddr = $tsems // nsops = $nsops // timeout_uaddr = $timeout // argstr = sprintf("%d, %p, %d, %s", $semid, $tsems, $nsops, - // _struct_compat_timespec_u($timeout,1)) + // _struct_compat_timespec_u($timeout, 1)) // no asmlinkage semid = int_arg(1) sops_uaddr = pointer_arg(2) nsops = uint_arg(3) timeout_uaddr = pointer_arg(4) argstr = sprintf("%d, %p, %d, %s", semid, sops_uaddr, nsops, - _struct_compat_timespec_u(timeout_uaddr,1)) + _struct_compat_timespec_u(timeout_uaddr, 1)) } -probe nd_syscall.compat_sys_semtimedop.return = kprobe.function("compat_sys_semtimedop").return ? { +probe nd_syscall.compat_sys_semtimedop.return = kprobe.function("compat_sys_semtimedop").return ? +{ name = "compat_sys_semtimedop" retstr = returnstr(1) } @@ -1705,7 +1809,8 @@ probe nd_syscall.compat_sys_semtimedop.return = kprobe.function("compat_sys_semt # size_t len, # unsigned flags) # -probe nd_syscall.send = kprobe.function("sys_send") ? { +probe nd_syscall.send = kprobe.function("sys_send") ? +{ name = "send" // s = $fd // buf_uaddr = $buff @@ -1721,7 +1826,8 @@ probe nd_syscall.send = kprobe.function("sys_send") ? { flags_str = _sendflags_str(flags) argstr = sprintf("%d, %p, %d, %s", s, buf_uaddr, len, flags_str) } -probe nd_syscall.send.return = kprobe.function("sys_send").return ? { +probe nd_syscall.send.return = kprobe.function("sys_send").return ? +{ name = "send" retstr = returnstr(1) } @@ -1733,9 +1839,8 @@ probe nd_syscall.send.return = kprobe.function("sys_send").return ? { # off_t __user *offset, # size_t count) # -probe nd_syscall.sendfile = - kprobe.function("sys_sendfile") ?, - kprobe.function("sys_sendfile64") ? +probe nd_syscall.sendfile = kprobe.function("sys_sendfile") ?, + kprobe.function("sys_sendfile64") ? { name = "sendfile" // out_fd = $out_fd @@ -1752,9 +1857,8 @@ probe nd_syscall.sendfile = argstr = sprintf("%d, %d, %p, %d", out_fd, in_fd, offset_uaddr, count) } -probe nd_syscall.sendfile.return = - kprobe.function("sys_sendfile").return ?, - kprobe.function("sys_sendfile64").return ? +probe nd_syscall.sendfile.return = kprobe.function("sys_sendfile").return ?, + kprobe.function("sys_sendfile64").return ? { name = "sendfile" retstr = returnstr(1) @@ -1764,7 +1868,8 @@ probe nd_syscall.sendfile.return = # # long sys_sendmsg(int fd, struct msghdr __user *msg, unsigned flags) # -probe nd_syscall.sendmsg = kprobe.function("sys_sendmsg") ? { +probe nd_syscall.sendmsg = kprobe.function("sys_sendmsg") ? +{ name = "sendmsg" // s = $fd // msg_uaddr = $msg @@ -1778,15 +1883,18 @@ probe nd_syscall.sendmsg = kprobe.function("sys_sendmsg") ? { flags_str = _sendflags_str(flags) argstr = sprintf("%d, %p, %s", s, msg_uaddr, _sendflags_str(flags)) } -probe nd_syscall.sendmsg.return = kprobe.function("sys_sendmsg").return ? { +probe nd_syscall.sendmsg.return = kprobe.function("sys_sendmsg").return ? +{ name = "sendmsg" retstr = returnstr(1) } + # compat_sys_sendmsg ________________________________________ # # long compat_sys_sendmsg(int fd, struct compat_msghdr __user *msg, unsigned flags) # -probe nd_syscall.compat_sys_sendmsg = kprobe.function("compat_sys_sendmsg") ? { +probe nd_syscall.compat_sys_sendmsg = kprobe.function("compat_sys_sendmsg") ? +{ name = "compat_sys_sendmsg" // s = $fd // msg_uaddr = $msg @@ -1798,7 +1906,8 @@ probe nd_syscall.compat_sys_sendmsg = kprobe.function("compat_sys_sendmsg") ? { flags = uint_arg(3) argstr = sprintf("%d, %p, %s", s, msg_uaddr, _sendflags_str(flags)) } -probe nd_syscall.compat_sys_sendmsg.return = kprobe.function("compat_sys_sendmsg").return ? { +probe nd_syscall.compat_sys_sendmsg.return = kprobe.function("compat_sys_sendmsg").return ? +{ name = "compat_sys_sendmsg" retstr = returnstr(1) } @@ -1812,7 +1921,8 @@ probe nd_syscall.compat_sys_sendmsg.return = kprobe.function("compat_sys_sendmsg # struct sockaddr __user *addr, # int addr_len) # -probe nd_syscall.sendto = kprobe.function("sys_sendto") ? { +probe nd_syscall.sendto = kprobe.function("sys_sendto") ? +{ name = "sendto" // s = $fd // buf_uaddr = $buff @@ -1822,7 +1932,7 @@ probe nd_syscall.sendto = kprobe.function("sys_sendto") ? { // to_uaddr = $addr // tolen = $addr_len // argstr = sprintf("%d, %p, %d, %s, %s, %d", $fd, $buff, - // $len, flags_str, _struct_sockaddr_u($addr,$addr_len), $addr_len) + // $len, flags_str, _struct_sockaddr_u($addr, $addr_len), $addr_len) asmlinkage() s = int_arg(1) buf_uaddr = pointer_arg(2) @@ -1832,9 +1942,10 @@ probe nd_syscall.sendto = kprobe.function("sys_sendto") ? { to_uaddr = pointer_arg(5) tolen = int_arg(6) argstr = sprintf("%d, %p, %d, %s, %s, %d", s, buf_uaddr, - len, flags_str, _struct_sockaddr_u(to_uaddr,tolen), tolen) + len, flags_str, _struct_sockaddr_u(to_uaddr, tolen), tolen) } -probe nd_syscall.sendto.return = kprobe.function("sys_sendto").return ? { +probe nd_syscall.sendto.return = kprobe.function("sys_sendto").return ? +{ name = "sendto" retstr = returnstr(1) } @@ -1845,7 +1956,8 @@ probe nd_syscall.sendto.return = kprobe.function("sys_sendto").return ? { # sys_setdomainname(char __user *name, # int len) # -probe nd_syscall.setdomainname = kprobe.function("sys_setdomainname") { +probe nd_syscall.setdomainname = kprobe.function("sys_setdomainname") +{ name = "setdomainname" // hostname_uaddr = $name // len = $len @@ -1855,8 +1967,8 @@ probe nd_syscall.setdomainname = kprobe.function("sys_setdomainname") { len = int_arg(2) argstr = sprintf("%p, %d", hostname_uaddr, len) } -probe nd_syscall.setdomainname.return = - kprobe.function("sys_setdomainname").return { +probe nd_syscall.setdomainname.return = kprobe.function("sys_setdomainname").return +{ name = "setdomainname" retstr = returnstr(1) } @@ -1865,9 +1977,8 @@ probe nd_syscall.setdomainname.return = # long sys_setfsgid(gid_t gid) # long sys_setfsgid16(old_gid_t gid) # -probe nd_syscall.setfsgid = - kprobe.function("sys_setfsgid") ?, - kprobe.function("sys_setfsgid16") ? +probe nd_syscall.setfsgid = kprobe.function("sys_setfsgid") ?, + kprobe.function("sys_setfsgid16") ? { name = "setfsgid" // fsgid = $gid @@ -1876,9 +1987,8 @@ probe nd_syscall.setfsgid = fsgid = uint_arg(1) argstr = sprint(fsgid) } -probe nd_syscall.setfsgid.return = - kprobe.function("sys_setfsgid").return ?, - kprobe.function("sys_setfsgid16").return ? +probe nd_syscall.setfsgid.return = kprobe.function("sys_setfsgid").return ?, + kprobe.function("sys_setfsgid16").return ? { name = "setfsgid" retstr = returnstr(1) @@ -1888,9 +1998,8 @@ probe nd_syscall.setfsgid.return = # long sys_setfsuid(uid_t uid) # long sys_setfsuid16(old_uid_t uid) # -probe nd_syscall.setfsuid = - kprobe.function("sys_setfsuid") ?, - kprobe.function("sys_setfsuid16") ? +probe nd_syscall.setfsuid = kprobe.function("sys_setfsuid") ?, + kprobe.function("sys_setfsuid16") ? { name = "setfsuid" // fsuid = $uid @@ -1899,9 +2008,8 @@ probe nd_syscall.setfsuid = fsuid = uint_arg(1) argstr = sprint(fsuid) } -probe nd_syscall.setfsuid.return = - kprobe.function("sys_setfsuid").return ?, - kprobe.function("sys_setfsuid16").return ? +probe nd_syscall.setfsuid.return = kprobe.function("sys_setfsuid").return ?, + kprobe.function("sys_setfsuid16").return ? { name = "setfsuid" retstr = returnstr(1) @@ -1912,9 +2020,8 @@ probe nd_syscall.setfsuid.return = # long sys_setgid(gid_t gid) # long sys_setgid16(old_gid_t gid) # -probe nd_syscall.setgid = - kprobe.function("sys_setgid") ?, - kprobe.function("sys_setgid16") ? +probe nd_syscall.setgid = kprobe.function("sys_setgid") ?, + kprobe.function("sys_setgid16") ? { name = "setgid" // gid = $gid @@ -1923,9 +2030,8 @@ probe nd_syscall.setgid = gid = uint_arg(1) argstr = sprint(gid) } -probe nd_syscall.setgid.return = - kprobe.function("sys_setgid").return ?, - kprobe.function("sys_setgid16").return ? +probe nd_syscall.setgid.return = kprobe.function("sys_setgid").return ?, + kprobe.function("sys_setgid16").return ? { name = "setgid" retstr = returnstr(1) @@ -1937,10 +2043,9 @@ probe nd_syscall.setgid.return = # long sys_setgroups16(int gidsetsize, old_gid_t __user *grouplist) # long sys32_setgroups16(int gidsetsize, u16 __user *grouplist) # -probe nd_syscall.setgroups = - kprobe.function("sys_setgroups") ?, - kprobe.function("sys_setgroups16") ?, - kprobe.function("sys32_setgroups16") ? +probe nd_syscall.setgroups = kprobe.function("sys_setgroups") ?, + kprobe.function("sys_setgroups16") ?, + kprobe.function("sys32_setgroups16") ? { name = "setgroups" // size = $gidsetsize @@ -1951,10 +2056,9 @@ probe nd_syscall.setgroups = list_uaddr = pointer_arg(2) argstr = sprintf("%d, %p", size, list_uaddr) } -probe nd_syscall.setgroups.return = - kprobe.function("sys_setgroups").return ?, - kprobe.function("sys_setgroups16").return ?, - kprobe.function("sys32_setgroups16").return ? +probe nd_syscall.setgroups.return = kprobe.function("sys_setgroups").return ?, + kprobe.function("sys_setgroups16").return ?, + kprobe.function("sys32_setgroups16").return ? { name = "setgroups" retstr = returnstr(1) @@ -1966,7 +2070,8 @@ probe nd_syscall.setgroups.return = # sys_sethostname(char __user *name, # int len) # -probe nd_syscall.sethostname = kprobe.function("sys_sethostname") { +probe nd_syscall.sethostname = kprobe.function("sys_sethostname") +{ name = "sethostname" // hostname_uaddr = $name // name_str = user_string($name) @@ -1978,17 +2083,20 @@ probe nd_syscall.sethostname = kprobe.function("sys_sethostname") { len = int_arg(2) argstr = sprintf("%s, %d", user_string_quoted(hostname_uaddr), len) } -probe nd_syscall.sethostname.return = kprobe.function("sys_sethostname").return { +probe nd_syscall.sethostname.return = kprobe.function("sys_sethostname").return +{ name = "sethostname" retstr = returnstr(1) } + # setitimer __________________________________________________ # # long sys_setitimer(int which, # struct itimerval __user *value, # struct itimerval __user *ovalue) # -probe nd_syscall.setitimer = kprobe.function("sys_setitimer") { +probe nd_syscall.setitimer = kprobe.function("sys_setitimer") +{ name = "setitimer" // which = $which // value_uaddr = $value @@ -2002,7 +2110,8 @@ probe nd_syscall.setitimer = kprobe.function("sys_setitimer") { argstr = sprintf("%s, %s, %p", _itimer_which_str(which), _struct_itimerval_u(value_uaddr), ovalue_uaddr) } -probe nd_syscall.setitimer.return = kprobe.function("sys_setitimer").return { +probe nd_syscall.setitimer.return = kprobe.function("sys_setitimer").return +{ name = "setitimer" retstr = returnstr(1) } @@ -2011,7 +2120,8 @@ probe nd_syscall.setitimer.return = kprobe.function("sys_setitimer").return { # struct compat_itimerval __user *in, # struct compat_itimerval __user *out) # -probe nd_syscall.compat_setitimer = kprobe.function("compat_sys_setitimer") ? { +probe nd_syscall.compat_setitimer = kprobe.function("compat_sys_setitimer") ? +{ name = "setitimer" // which = $which // value_uaddr = $in @@ -2025,7 +2135,8 @@ probe nd_syscall.compat_setitimer = kprobe.function("compat_sys_setitimer") ? { argstr = sprintf("%s, %s, %p", _itimer_which_str(which), _struct_compat_itimerval_u(value_uaddr), ovalue_uaddr) } -probe nd_syscall.compat_setitimer.return = kprobe.function("compat_sys_setitimer").return ? { +probe nd_syscall.compat_setitimer.return = kprobe.function("compat_sys_setitimer").return ? +{ name = "setitimer" retstr = returnstr(1) } @@ -2035,9 +2146,8 @@ probe nd_syscall.compat_setitimer.return = kprobe.function("compat_sys_setitimer # unsigned long __user *nmask, # unsigned long maxnode) # -probe nd_syscall.set_mempolicy = - kprobe.function("sys_set_mempolicy") ?, - kprobe.function("compat_sys_set_mempolicy") ? +probe nd_syscall.set_mempolicy = kprobe.function("sys_set_mempolicy") ?, + kprobe.function("compat_sys_set_mempolicy") ? { name = "set_mempolicy" // mode = $mode @@ -2050,9 +2160,8 @@ probe nd_syscall.set_mempolicy = maxnode = ulong_arg(3) argstr = sprintf("%d, %p, %d", mode, nmask_uaddr, maxnode) } -probe nd_syscall.set_mempolicy.return = - kprobe.function("sys_set_mempolicy").return ?, - kprobe.function("compat_sys_set_mempolicy").return ? +probe nd_syscall.set_mempolicy.return = kprobe.function("sys_set_mempolicy").return ?, + kprobe.function("compat_sys_set_mempolicy").return ? { name = "set_mempolicy" retstr = returnstr(1) @@ -2064,7 +2173,8 @@ probe nd_syscall.set_mempolicy.return = # sys_setpgid(pid_t pid, # pid_t pgid) # -probe nd_syscall.setpgid = kprobe.function("sys_setpgid") { +probe nd_syscall.setpgid = kprobe.function("sys_setpgid") +{ name = "setpgid" // pid = $pid // pgid = $pgid @@ -2074,10 +2184,12 @@ probe nd_syscall.setpgid = kprobe.function("sys_setpgid") { pgid = int_arg(2) argstr = sprintf("%d, %d", pid, pgid) } -probe nd_syscall.setpgid.return = kprobe.function("sys_setpgid").return { +probe nd_syscall.setpgid.return = kprobe.function("sys_setpgid").return +{ name = "setpgid" retstr = returnstr(1) } + # setpriority ________________________________________________ # # asmlinkage long @@ -2085,7 +2197,8 @@ probe nd_syscall.setpgid.return = kprobe.function("sys_setpgid").return { # int who, # int niceval) # -probe nd_syscall.setpriority = kprobe.function("sys_setpriority") { +probe nd_syscall.setpriority = kprobe.function("sys_setpriority") +{ name = "setpriority" // which = $which // which_str = _priority_which_str($which) @@ -2099,7 +2212,8 @@ probe nd_syscall.setpriority = kprobe.function("sys_setpriority") { prio = int_arg(3) argstr = sprintf("%s, %d, %d", which_str, who, prio) } -probe nd_syscall.setpriority.return = kprobe.function("sys_setpriority").return { +probe nd_syscall.setpriority.return = kprobe.function("sys_setpriority").return +{ name = "setpriority" retstr = returnstr(1) } @@ -2107,7 +2221,8 @@ probe nd_syscall.setpriority.return = kprobe.function("sys_setpriority").return # setregid ___________________________________________________ # long sys_setregid(gid_t rgid, gid_t egid) # -probe nd_syscall.setregid = kprobe.function("sys_setregid") { +probe nd_syscall.setregid = kprobe.function("sys_setregid") +{ name = "setregid" // rgid = __int32($rgid) // egid = __int32($egid) @@ -2116,30 +2231,36 @@ probe nd_syscall.setregid = kprobe.function("sys_setregid") { egid = __int32(uint_arg(2)) argstr = sprintf("%d, %d", rgid, egid) } -probe nd_syscall.setregid.return = kprobe.function("sys_setregid").return { +probe nd_syscall.setregid.return = kprobe.function("sys_setregid").return +{ name = "setregid" retstr = returnstr(1) } + # setregid16 _________________________________________________ # long sys_setregid16(old_gid_t rgid, old_gid_t egid) # -probe nd_syscall.setregid16 = kprobe.function("sys_setregid16") ? { +probe nd_syscall.setregid16 = kprobe.function("sys_setregid16") ? +{ name = "setregid" // rgid = __short($rgid) // egid = __short($egid) asmlinkage() rgid = __short(uint_arg(1)) egid = __short(uint_arg(2)) - argstr = sprintf("%d, %d",rgid, egid) + argstr = sprintf("%d, %d", rgid, egid) } -probe nd_syscall.setregid16.return = kprobe.function("sys_setregid16").return ? { +probe nd_syscall.setregid16.return = kprobe.function("sys_setregid16").return ? +{ name = "setregid" retstr = returnstr(1) } + # setresgid __________________________________________________ # long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid) # -probe nd_syscall.setresgid = kprobe.function("sys_setresgid") { +probe nd_syscall.setresgid = kprobe.function("sys_setresgid") +{ name = "setresgid" // rgid = __int32($rgid) // egid = __int32($egid) @@ -2150,17 +2271,20 @@ probe nd_syscall.setresgid = kprobe.function("sys_setresgid") { sgid = __int32(uint_arg(3)) argstr = sprintf("%d, %d, %d", rgid, egid, sgid) } -probe nd_syscall.setresgid.return = kprobe.function("sys_setresgid").return { +probe nd_syscall.setresgid.return = kprobe.function("sys_setresgid").return +{ name = "setresgid" retstr = returnstr(1) } + # setresgid16 ________________________________________________ # # long sys_setresgid16(old_gid_t rgid, # old_gid_t egid, # old_gid_t sgid) # -probe nd_syscall.setresgid16 = kprobe.function("sys_setresgid16") ? { +probe nd_syscall.setresgid16 = kprobe.function("sys_setresgid16") ? +{ name = "setresgid" // rgid = __short($rgid) // egid = __short($egid) @@ -2171,7 +2295,8 @@ probe nd_syscall.setresgid16 = kprobe.function("sys_setresgid16") ? { sgid = __short(uint_arg(3)) argstr = sprintf("%d, %d, %d", rgid, egid, sgid) } -probe nd_syscall.setresgid16.return = kprobe.function("sys_setresgid16").return ? { +probe nd_syscall.setresgid16.return = kprobe.function("sys_setresgid16").return ? +{ name = "setresgid16" retstr = returnstr(1) } @@ -2180,7 +2305,8 @@ probe nd_syscall.setresgid16.return = kprobe.function("sys_setresgid16").return # # long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid) # -probe nd_syscall.setresuid = kprobe.function("sys_setresuid") { +probe nd_syscall.setresuid = kprobe.function("sys_setresuid") +{ name = "setresuid" // ruid = __int32($ruid) // euid = __int32($euid) @@ -2191,7 +2317,8 @@ probe nd_syscall.setresuid = kprobe.function("sys_setresuid") { suid = __int32(uint_arg(3)) argstr = sprintf("%d, %d, %d", ruid, euid, suid) } -probe nd_syscall.setresuid.return = kprobe.function("sys_setresuid").return { +probe nd_syscall.setresuid.return = kprobe.function("sys_setresuid").return +{ name = "setresuid" retstr = returnstr(1) } @@ -2200,7 +2327,8 @@ probe nd_syscall.setresuid.return = kprobe.function("sys_setresuid").return { # # long sys_setresuid16(old_uid_t ruid, old_uid_t euid, old_uid_t suid) # -probe nd_syscall.setresuid16 = kprobe.function("sys_setresuid16") ? { +probe nd_syscall.setresuid16 = kprobe.function("sys_setresuid16") ? +{ name = "setresuid" // ruid = __short($ruid) // reuid = __short($euid) @@ -2211,7 +2339,8 @@ probe nd_syscall.setresuid16 = kprobe.function("sys_setresuid16") ? { suid = __short(uint_arg(3)) argstr = sprintf("%d, %d, %d", ruid, euid, suid) } -probe nd_syscall.setresuid16.return = kprobe.function("sys_setresuid16").return ? { +probe nd_syscall.setresuid16.return = kprobe.function("sys_setresuid16").return ? +{ name = "setresuid" retstr = returnstr(1) } @@ -2219,7 +2348,8 @@ probe nd_syscall.setresuid16.return = kprobe.function("sys_setresuid16").return # setreuid ___________________________________________________ # long sys_setreuid(uid_t ruid, uid_t euid) # -probe nd_syscall.setreuid = kprobe.function("sys_setreuid") { +probe nd_syscall.setreuid = kprobe.function("sys_setreuid") +{ name = "setreuid" // ruid = __int32($ruid) // euid = __int32($euid) @@ -2228,14 +2358,17 @@ probe nd_syscall.setreuid = kprobe.function("sys_setreuid") { euid = __int32(uint_arg(2)) argstr = sprintf("%d, %d", ruid, euid) } -probe nd_syscall.setreuid.return = kprobe.function("sys_setreuid").return { +probe nd_syscall.setreuid.return = kprobe.function("sys_setreuid").return +{ name = "setreuid" retstr = returnstr(1) } + # setreuid16 _________________________________________________ # long sys_setreuid16(old_uid_t ruid, old_uid_t euid) # -probe nd_syscall.setreuid16 = kprobe.function("sys_setreuid16") ? { +probe nd_syscall.setreuid16 = kprobe.function("sys_setreuid16") ? +{ name = "setreuid" // ruid = __short($ruid) // euid = __short($euid) @@ -2244,17 +2377,20 @@ probe nd_syscall.setreuid16 = kprobe.function("sys_setreuid16") ? { euid = __short(uint_arg(2)) argstr = sprintf("%d, %d", ruid, euid) } -probe nd_syscall.setreuid16.return = kprobe.function("sys_setreuid16").return ? { +probe nd_syscall.setreuid16.return = kprobe.function("sys_setreuid16").return ? +{ name = "setreuid" retstr = returnstr(1) } + # setrlimit __________________________________________________ # # asmlinkage long # sys_setrlimit(unsigned int resource, # struct rlimit __user *rlim) # -probe nd_syscall.setrlimit = kprobe.function("sys_setrlimit") { +probe nd_syscall.setrlimit = kprobe.function("sys_setrlimit") +{ name = "setrlimit" // resource = $resource // rlim_uaddr = $rlim @@ -2266,19 +2402,23 @@ probe nd_syscall.setrlimit = kprobe.function("sys_setrlimit") { argstr = sprintf("%s, %s", _rlimit_resource_str(resource), _struct_rlimit_u(rlim_uaddr)) } -probe nd_syscall.setrlimit.return = kprobe.function("sys_setrlimit").return { +probe nd_syscall.setrlimit.return = kprobe.function("sys_setrlimit").return +{ name = "setrlimit" retstr = returnstr(1) } + # setsid _____________________________________________________ # # long sys_setsid(void) # -probe nd_syscall.setsid = kprobe.function("sys_setsid") { +probe nd_syscall.setsid = kprobe.function("sys_setsid") +{ name = "setsid" argstr = "" } -probe nd_syscall.setsid.return = kprobe.function("sys_setsid").return { +probe nd_syscall.setsid.return = kprobe.function("sys_setsid").return +{ name = "setsid" retstr = returnstr(1) } @@ -2291,9 +2431,8 @@ probe nd_syscall.setsid.return = kprobe.function("sys_setsid").return { # char __user *optval, # int optlen) # -probe nd_syscall.setsockopt = - kprobe.function("sys_setsockopt") ?, - kprobe.function("compat_sys_setsockopt") ? +probe nd_syscall.setsockopt = kprobe.function("sys_setsockopt") ?, + kprobe.function("compat_sys_setsockopt") ? { name = "setsockopt" // fd = $fd @@ -2316,9 +2455,8 @@ probe nd_syscall.setsockopt = argstr = sprintf("%d, %s, %s, %p, %d", fd, level_str, optname_str, optval_uaddr, optlen) } -probe nd_syscall.setsockopt.return = - kprobe.function("sys_setsockopt").return ?, - kprobe.function("compat_sys_setsockopt").return ? +probe nd_syscall.setsockopt.return = kprobe.function("sys_setsockopt").return ?, + kprobe.function("compat_sys_setsockopt").return ? { name = "setsockopt" retstr = returnstr(1) @@ -2329,24 +2467,27 @@ probe nd_syscall.setsockopt.return = # asmlinkage long # sys_set_tid_address(int __user *tidptr) # -probe nd_syscall.set_tid_address = kprobe.function("sys_set_tid_address") { +probe nd_syscall.set_tid_address = kprobe.function("sys_set_tid_address") +{ name = "set_tid_address" // tidptr_uaddr = $tidptr asmlinkage() tidptr_uaddr = pointer_arg(1) argstr = sprintf("%p", tidptr_uaddr) } -probe nd_syscall.set_tid_address.return = - kprobe.function("sys_set_tid_address").return { +probe nd_syscall.set_tid_address.return = kprobe.function("sys_set_tid_address").return +{ name = "set_tid_address" retstr = returnstr(1) } + # settimeofday _______________________________________________ # # long sys_settimeofday(struct timeval __user *tv, # struct timezone __user *tz) # -probe nd_syscall.settimeofday = kprobe.function("sys_settimeofday") { +probe nd_syscall.settimeofday = kprobe.function("sys_settimeofday") +{ name = "settimeofday" // ttv_uaddr = $tv // ttz_uaddr = $tz @@ -2356,7 +2497,8 @@ probe nd_syscall.settimeofday = kprobe.function("sys_settimeofday") { tz_uaddr = pointer_arg(2) argstr = sprintf("%s, %s", _struct_timeval_u(tv_uaddr, 1), _struct_timezone_u(tz_uaddr)) } -probe nd_syscall.settimeofday.return = kprobe.function("sys_settimeofday").return { +probe nd_syscall.settimeofday.return = kprobe.function("sys_settimeofday").return +{ name = "settimeofday" retstr = returnstr(1) } @@ -2364,22 +2506,20 @@ probe nd_syscall.settimeofday.return = kprobe.function("sys_settimeofday").retur # long sys32_settimeofday(struct compat_timeval __user *tv, struct timezone __user *tz) # long compat_sys_settimeofday(struct compat_timeval __user *tv, struct timezone __user *tz) # -probe nd_syscall.settimeofday32 = - kprobe.function("sys32_settimeofday") ?, - kprobe.function("compat_sys_settimeofday") ? +probe nd_syscall.settimeofday32 = kprobe.function("sys32_settimeofday") ?, + kprobe.function("compat_sys_settimeofday") ? { name = "settimeofday" // tv_uaddr = $tv // tz_uaddr = $tz - // argstr = sprintf("%s, %s", _struct_compat_timeval_u($tv, 1),_struct_timezone_u($tz)) + // argstr = sprintf("%s, %s", _struct_compat_timeval_u($tv, 1), _struct_timezone_u($tz)) asmlinkage() tv_uaddr = pointer_arg(1) tz_uaddr = pointer_arg(2) - argstr = sprintf("%s, %s", _struct_compat_timeval_u(tv_uaddr, 1),_struct_timezone_u(tz_uaddr)) + argstr = sprintf("%s, %s", _struct_compat_timeval_u(tv_uaddr, 1), _struct_timezone_u(tz_uaddr)) } -probe nd_syscall.settimeofday32.return = - kprobe.function("sys32_settimeofday").return ?, - kprobe.function("compat_sys_settimeofday").return ? +probe nd_syscall.settimeofday32.return = kprobe.function("sys32_settimeofday").return ?, + kprobe.function("compat_sys_settimeofday").return ? { name = "settimeofday" retstr = returnstr(1) @@ -2390,9 +2530,8 @@ probe nd_syscall.settimeofday32.return = # long sys_setuid(uid_t uid) # long sys_setuid16(old_uid_t uid) # -probe nd_syscall.setuid = - kprobe.function("sys_setuid16") ?, - kprobe.function("sys_setuid") +probe nd_syscall.setuid = kprobe.function("sys_setuid16") ?, + kprobe.function("sys_setuid") { name = "setuid" // uid = $uid @@ -2401,9 +2540,8 @@ probe nd_syscall.setuid = uid = uint_arg(1) argstr = sprint(uid) } -probe nd_syscall.setuid.return = - kprobe.function("sys_setuid16").return ?, - kprobe.function("sys_setuid").return +probe nd_syscall.setuid.return = kprobe.function("sys_setuid16").return ?, + kprobe.function("sys_setuid").return { name = "setuid" retstr = returnstr(1) @@ -2416,7 +2554,8 @@ probe nd_syscall.setuid.return = # size_t size, # int flags) # -probe nd_syscall.setxattr = kprobe.function("sys_setxattr") { +probe nd_syscall.setxattr = kprobe.function("sys_setxattr") +{ name = "setxattr" // path_uaddr = $path // path = user_string($path) @@ -2442,19 +2581,23 @@ probe nd_syscall.setxattr = kprobe.function("sys_setxattr") { user_string_quoted(name_uaddr), value_uaddr, size, flags) } -probe nd_syscall.setxattr.return = kprobe.function("sys_setxattr").return { +probe nd_syscall.setxattr.return = kprobe.function("sys_setxattr").return +{ name = "setxattr" retstr = returnstr(1) } + # sgetmask ___________________________________________________ # # sys_sgetmask(void) # -probe nd_syscall.sgetmask = kprobe.function("sys_sgetmask")? { +probe nd_syscall.sgetmask = kprobe.function("sys_sgetmask")? +{ name = "sgetmask" argstr = "" } -probe nd_syscall.sgetmask.return = kprobe.function("sys_sgetmask").return ? { +probe nd_syscall.sgetmask.return = kprobe.function("sys_sgetmask").return ? +{ name = "sgetmask" retstr = returnstr(1) } @@ -2463,7 +2606,8 @@ probe nd_syscall.sgetmask.return = kprobe.function("sys_sgetmask").return ? { # # long sys_shmat(int shmid, char __user *shmaddr, int shmflg) # -probe nd_syscall.shmat = kprobe.function("sys_shmat") ? { +probe nd_syscall.shmat = kprobe.function("sys_shmat") ? +{ name = "shmat" // shmid = $shmid // shmaddr_uaddr = $shmaddr @@ -2475,16 +2619,19 @@ probe nd_syscall.shmat = kprobe.function("sys_shmat") ? { shmflg = int_arg(3) argstr = sprintf("%d, %p, %s", shmid, shmaddr_uaddr, _shmat_flags_str(shmflg)) } -probe nd_syscall.shmat.return = kprobe.function("sys_shmat").return ? { +probe nd_syscall.shmat.return = kprobe.function("sys_shmat").return ? +{ name = "shmat" retstr = returnstr(1) } + # compat_sys_shmat ________________________________________ # # long compat_sys_shmat(int first, int second, compat_uptr_t third, # int version, void __user *uptr) # -probe nd_syscall.compat_sys_shmat = kprobe.function("compat_sys_shmat") ? { +probe nd_syscall.compat_sys_shmat = kprobe.function("compat_sys_shmat") ? +{ name = "compat_sys_shmat" // first = $first // second = $second @@ -2498,7 +2645,8 @@ probe nd_syscall.compat_sys_shmat = kprobe.function("compat_sys_shmat") ? { uptr_uaddr = pointer_arg(5) argstr = sprintf("%d, %d, %d, %d, %p", first, second, third, int_arg(4), uptr_uaddr) } -probe nd_syscall.compat_sys_shmat.return = kprobe.function("compat_sys_shmat").return ? { +probe nd_syscall.compat_sys_shmat.return = kprobe.function("compat_sys_shmat").return ? +{ name = "compat_sys_shmat" retstr = returnstr(1) } @@ -2509,7 +2657,8 @@ probe nd_syscall.compat_sys_shmat.return = kprobe.function("compat_sys_shmat").r # int cmd, # struct shmid_ds __user *buf) # -probe nd_syscall.shmctl = kprobe.function("sys_shmctl") ? { +probe nd_syscall.shmctl = kprobe.function("sys_shmctl") ? +{ name = "shmctl" // shmid = $shmid // cmd = $cmd @@ -2521,15 +2670,18 @@ probe nd_syscall.shmctl = kprobe.function("sys_shmctl") ? { buf_uaddr = pointer_arg(3) argstr = sprintf("%d, %s, %p", shmid, _semctl_cmd(cmd), buf_uaddr) } -probe nd_syscall.shmctl.return = kprobe.function("sys_shmctl").return ? { +probe nd_syscall.shmctl.return = kprobe.function("sys_shmctl").return ? +{ name = "shmctl" retstr = returnstr(1) } + # compat_sys_shmctl ________________________________________ # # long compat_sys_shmctl(int first, int second, void __user *uptr) # -probe nd_syscall.compat_sys_shmctl = kprobe.function("compat_sys_shmctl") ? { +probe nd_syscall.compat_sys_shmctl = kprobe.function("compat_sys_shmctl") ? +{ name = "compat_sys_shmctl" // first = $first // second = $second @@ -2541,7 +2693,8 @@ probe nd_syscall.compat_sys_shmctl = kprobe.function("compat_sys_shmctl") ? { uptr_uaddr = pointer_arg(3) argstr = sprintf("%d, %d, %p", first, second, uptr_uaddr) } -probe nd_syscall.compat_sys_shmctl.return = kprobe.function("compat_sys_shmctl").return ? { +probe nd_syscall.compat_sys_shmctl.return = kprobe.function("compat_sys_shmctl").return ? +{ name = "compat_sys_shmctl" retstr = returnstr(1) } @@ -2550,7 +2703,8 @@ probe nd_syscall.compat_sys_shmctl.return = kprobe.function("compat_sys_shmctl") # # long sys_shmdt(char __user *shmaddr) # -probe nd_syscall.shmdt = kprobe.function("sys_shmdt") ? { +probe nd_syscall.shmdt = kprobe.function("sys_shmdt") ? +{ name = "shmdt" // shmaddr_uaddr = $shmaddr // argstr = sprintf("%p", $shmaddr) @@ -2558,7 +2712,8 @@ probe nd_syscall.shmdt = kprobe.function("sys_shmdt") ? { shmaddr_uaddr = pointer_arg(1) argstr = sprintf("%p", shmaddr_uaddr) } -probe nd_syscall.shmdt.return = kprobe.function("sys_shmdt").return ? { +probe nd_syscall.shmdt.return = kprobe.function("sys_shmdt").return ? +{ name = "shmdt" retstr = returnstr(1) } @@ -2569,7 +2724,8 @@ probe nd_syscall.shmdt.return = kprobe.function("sys_shmdt").return ? { # size_t size, # int shmflg) # -probe nd_syscall.shmget = kprobe.function("sys_shmget") ? { +probe nd_syscall.shmget = kprobe.function("sys_shmget") ? +{ name = "shmget" // key = $key // size = $size @@ -2581,7 +2737,8 @@ probe nd_syscall.shmget = kprobe.function("sys_shmget") ? { shmflg = int_arg(3) argstr = sprintf("%d, %d, %d", key, size, shmflg) } -probe nd_syscall.shmget.return = kprobe.function("sys_shmget").return ? { +probe nd_syscall.shmget.return = kprobe.function("sys_shmget").return ? +{ name = "shmget" retstr = returnstr(1) } @@ -2590,7 +2747,8 @@ probe nd_syscall.shmget.return = kprobe.function("sys_shmget").return ? { # # long sys_shutdown(int fd, int how) # -probe nd_syscall.shutdown = kprobe.function("sys_shutdown") ? { +probe nd_syscall.shutdown = kprobe.function("sys_shutdown") ? +{ name = "shutdown" // s = $fd // how = $how @@ -2602,7 +2760,8 @@ probe nd_syscall.shutdown = kprobe.function("sys_shutdown") ? { how_str = _shutdown_how_str(how) argstr = sprintf("%d, %s", s, how_str) } -probe nd_syscall.shutdown.return = kprobe.function("sys_shutdown").return ? { +probe nd_syscall.shutdown.return = kprobe.function("sys_shutdown").return ? +{ name = "shutdown" retstr = returnstr(1) } @@ -2611,7 +2770,8 @@ probe nd_syscall.shutdown.return = kprobe.function("sys_shutdown").return ? { # sys_sigaction(int sig, const struct old_sigaction __user *act, struct old_sigaction __user *oact) # sys32_sigaction(int sig, struct old_sigaction32 __user *act, struct old_sigaction32 __user *oact) # -probe nd_syscall.sigaction = kprobe.function("sys_sigaction") ? { +probe nd_syscall.sigaction = kprobe.function("sys_sigaction") ? +{ name = "sigaction" // sig = $sig // act_uaddr = $act @@ -2623,11 +2783,13 @@ probe nd_syscall.sigaction = kprobe.function("sys_sigaction") ? { oact_uaddr = pointer_arg(3) argstr = sprintf("%s, {%s}, %p", _signal_name(sig), _struct_sigaction_u(act_uaddr), oact_uaddr) } -probe nd_syscall.sigaction.return = kprobe.function("sys_sigaction").return ? { +probe nd_syscall.sigaction.return = kprobe.function("sys_sigaction").return ? +{ name = "sigaction" retstr = returnstr(1) } -probe nd_syscall.sigaction32 = kprobe.function("sys32_sigaction") ? { +probe nd_syscall.sigaction32 = kprobe.function("sys32_sigaction") ? +{ name = "sigaction" // sig = $sig // sact_uaddr = $act @@ -2639,7 +2801,8 @@ probe nd_syscall.sigaction32 = kprobe.function("sys32_sigaction") ? { oact_uaddr = pointer_arg(3) argstr = sprintf("%s, %p, %p", _signal_name(sig), sact_uaddr, soact_uaddr) } -probe nd_syscall.sigaction32.return = kprobe.function("sys32_sigaction").return ? { +probe nd_syscall.sigaction32.return = kprobe.function("sys32_sigaction").return ? +{ name = "sigaction" retstr = returnstr(1) } @@ -2647,7 +2810,8 @@ probe nd_syscall.sigaction32.return = kprobe.function("sys32_sigaction").return # signal _____________________________________________________ # unsigned long sys_signal(int sig, __sighandler_t handler) # -probe nd_syscall.signal = kprobe.function("sys_signal") ? { +probe nd_syscall.signal = kprobe.function("sys_signal") ? +{ name = "signal" // sig = $sig // handler = $handler @@ -2657,7 +2821,8 @@ probe nd_syscall.signal = kprobe.function("sys_signal") ? { handler = pointer_arg(2) argstr = sprintf("%s, %s", _signal_name(sig), _sighandler_str(handler)) } -probe nd_syscall.signal.return = kprobe.function("sys_signal").return ? { +probe nd_syscall.signal.return = kprobe.function("sys_signal").return ? +{ name = "signal" retstr = returnstr(1) } @@ -2668,23 +2833,27 @@ probe nd_syscall.signal.return = kprobe.function("sys_signal").return ? { # long compat_sys_signalfd(int ufd, const compat_sigset_t __user *sigmask, # compat_size_t sigsetsize) # -probe nd_syscall.signalfd = kprobe.function("sys_signalfd") ? { +probe nd_syscall.signalfd = kprobe.function("sys_signalfd") ? +{ name = "signalfd" // argstr = sprintf("%d, %p, %d", $ufd, $user_mask, $sizemask) asmlinkage() argstr = sprintf("%d, %p, %d", int_arg(1), pointer_arg(2), ulong_arg(3)) } -probe nd_syscall.signalfd.return = kprobe.function("sys_signalfd").return ? { +probe nd_syscall.signalfd.return = kprobe.function("sys_signalfd").return ? +{ name = "signalfd" retstr = returnstr(1) } -probe nd_syscall.compat_signalfd = kprobe.function("compat_sys_signalfd") ? { +probe nd_syscall.compat_signalfd = kprobe.function("compat_sys_signalfd") ? +{ name = "compat_signalfd" // argstr = sprintf("%d, %p, %d", $ufd, $sigmask, $sigsetsize) asmlinkage() argstr = sprintf("%d, %p, %d", int_arg(1), pointer_arg(2), u32_arg(3)) } -probe nd_syscall.compat_signalfd.return = kprobe.function("compat_sys_signalfd").return ? { +probe nd_syscall.compat_signalfd.return = kprobe.function("compat_sys_signalfd").return ? +{ name = "compat_signalfd" retstr = returnstr(1) } @@ -2692,13 +2861,15 @@ probe nd_syscall.compat_signalfd.return = kprobe.function("compat_sys_signalfd") # sigpending _________________________________________________ # long sys_sigpending(old_sigset_t __user *set) # -probe nd_syscall.sigpending = kprobe.function("sys_sigpending") ? { +probe nd_syscall.sigpending = kprobe.function("sys_sigpending") ? +{ name = "sigpending" // argstr = sprintf("%p", $set) asmlinkage() argstr = sprintf("%p", pointer_arg(1)) } -probe nd_syscall.sigpending.return = kprobe.function("sys_sigpending").return ? { +probe nd_syscall.sigpending.return = kprobe.function("sys_sigpending").return ? +{ name = "sigpending" retstr = returnstr(1) } @@ -2730,16 +2901,14 @@ probe nd_syscall.sigprocmask.return = kprobe.function("sys_sigprocmask").return # sigreturn __________________________________________________ # int sys_sigreturn(unsigned long __unused) # -probe nd_syscall.sigreturn = - kprobe.function("sys_sigreturn") ?, - kprobe.function("sys32_sigreturn") ? +probe nd_syscall.sigreturn = kprobe.function("sys_sigreturn") ?, + kprobe.function("sys32_sigreturn") ? { name = "sigreturn" argstr = "" } -probe nd_syscall.sigreturn.return = - kprobe.function("sys_sigreturn").return ?, - kprobe.function("sys32_sigreturn").return ? +probe nd_syscall.sigreturn.return = kprobe.function("sys_sigreturn").return ?, + kprobe.function("sys32_sigreturn").return ? { name = "sigreturn" retstr = returnstr(1) @@ -2747,16 +2916,14 @@ probe nd_syscall.sigreturn.return = # sigsuspend _________________________________________________ # -probe nd_syscall.sigsuspend = - kprobe.function("sys_sigsuspend") ?, - kprobe.function("sys32_sigsuspend") ? +probe nd_syscall.sigsuspend = kprobe.function("sys_sigsuspend") ?, + kprobe.function("sys32_sigsuspend") ? { name = "sigsuspend" argstr = "" } -probe nd_syscall.sigsuspend.return = - kprobe.function("sys_sigsuspend").return ?, - kprobe.function("sys32_sigsuspend").return ? +probe nd_syscall.sigsuspend.return = kprobe.function("sys_sigsuspend").return ?, + kprobe.function("sys32_sigsuspend").return ? { name = "sigsuspend" retstr = returnstr(1) @@ -2765,7 +2932,8 @@ probe nd_syscall.sigsuspend.return = # socket _____________________________________________________ # long sys_socket(int family, int type, int protocol) # -probe nd_syscall.socket = kprobe.function("sys_socket") ? { +probe nd_syscall.socket = kprobe.function("sys_socket") ? +{ name = "socket" // family = $family // type = $type @@ -2781,7 +2949,8 @@ probe nd_syscall.socket = kprobe.function("sys_socket") ? { _sock_type_str(type), protocol) } -probe nd_syscall.socket.return = kprobe.function("sys_socket").return ? { +probe nd_syscall.socket.return = kprobe.function("sys_socket").return ? +{ name = "socket" retstr = returnstr(1) } @@ -2791,13 +2960,15 @@ probe nd_syscall.socket.return = kprobe.function("sys_socket").return ? { # # long sys_socketcall(int call, unsigned long __user *args) # -#probe nd_syscall.socketcall = kprobe.function("sys_socketcall") ? { +#probe nd_syscall.socketcall = kprobe.function("sys_socketcall") ? +#{ # name = "socketcall" # call = $call # args_uaddr = $args # argstr = sprintf("%d, %p", $call, args_uaddr) #} -#probe nd_syscall.socketcall.return = kprobe.function("sys_socketcall").return ? { +#probe nd_syscall.socketcall.return = kprobe.function("sys_socketcall").return ? +#{ # name = "socketcall" # retstr = returnstr(1) #} @@ -2808,7 +2979,8 @@ probe nd_syscall.socket.return = kprobe.function("sys_socket").return ? { # int protocol, # int __user *usockvec) # -probe nd_syscall.socketpair = kprobe.function("sys_socketpair") ? { +probe nd_syscall.socketpair = kprobe.function("sys_socketpair") ? +{ name = "socketpair" // family = $family // type = $type @@ -2828,7 +3000,8 @@ probe nd_syscall.socketpair = kprobe.function("sys_socketpair") ? { _sock_type_str(type), protocol, sv_uaddr) } -probe nd_syscall.socketpair.return = kprobe.function("sys_socketpair").return ? { +probe nd_syscall.socketpair.return = kprobe.function("sys_socketpair").return ? +{ name = "socketpair" retstr = returnstr(1) } @@ -2839,7 +3012,8 @@ probe nd_syscall.socketpair.return = kprobe.function("sys_socketpair").return ? # int fd_out, loff_t __user *off_out, # size_t len, unsigned int flags) # -probe nd_syscall.splice = kprobe.function("sys_splice") ? { +probe nd_syscall.splice = kprobe.function("sys_splice") ? +{ name = "splice" // argstr = sprintf("%d, %p, %d, %p, %d, 0x%x", // $fd_in, $off_in, $fd_out, $off_out, $len, $flags) @@ -2847,7 +3021,8 @@ probe nd_syscall.splice = kprobe.function("sys_splice") ? { argstr = sprintf("%d, %p, %d, %p, %d, 0x%x", int_arg(1), pointer_arg(2), int_arg(3), pointer_arg(4), ulong_arg(5), uint_arg(6)) } -probe nd_syscall.splice.return = kprobe.function("sys_splice").return ? { +probe nd_syscall.splice.return = kprobe.function("sys_splice").return ? +{ name = "splice" retstr = returnstr(1) } @@ -2856,7 +3031,8 @@ probe nd_syscall.splice.return = kprobe.function("sys_splice").return ? { # # long sys_ssetmask(int newmask) # -probe nd_syscall.ssetmask = kprobe.function("sys_ssetmask") ? { +probe nd_syscall.ssetmask = kprobe.function("sys_ssetmask") ? +{ name = "ssetmask" // newmask = $newmask // argstr = sprint($newmask) @@ -2864,7 +3040,8 @@ probe nd_syscall.ssetmask = kprobe.function("sys_ssetmask") ? { newmask = int_arg(1) argstr = sprint(newmask) } -probe nd_syscall.ssetmask.return = kprobe.function("sys_ssetmask").return ? { +probe nd_syscall.ssetmask.return = kprobe.function("sys_ssetmask").return ? +{ name = "ssetmask" retstr = returnstr(1) } @@ -2875,13 +3052,12 @@ probe nd_syscall.ssetmask.return = kprobe.function("sys_ssetmask").return ? { # long sys_stat64(char __user * filename, struct stat64 __user * statbuf) # long sys_oabi_stat64(char __user * filename, struct oldabi_stat64 __user * statbuf) # long compat_sys_newstat(char __user * filename, struct compat_stat __user *statbuf) -probe nd_syscall.stat = - kprobe.function("sys_stat") ?, - kprobe.function("sys_newstat") ?, - kprobe.function("sys32_stat64") ?, - kprobe.function("sys_stat64") ?, - kprobe.function("sys_oabi_stat64") ?, - kprobe.function("compat_sys_newstat") ? +probe nd_syscall.stat = kprobe.function("sys_stat") ?, + kprobe.function("sys_newstat") ?, + kprobe.function("sys32_stat64") ?, + kprobe.function("sys_stat64") ?, + kprobe.function("sys_oabi_stat64") ?, + kprobe.function("compat_sys_newstat") ? { name = "stat" // filename_uaddr = $filename @@ -2894,13 +3070,12 @@ probe nd_syscall.stat = buf_uaddr = pointer_arg(2) argstr = sprintf("%s, %p", user_string_quoted(filename_uaddr), buf_uaddr) } -probe nd_syscall.stat.return = - kprobe.function("sys_stat").return ?, - kprobe.function("sys_newstat").return ?, - kprobe.function("sys32_stat64").return ?, - kprobe.function("sys_stat64").return ?, - kprobe.function("sys_oabi_stat64").return ?, - kprobe.function("compat_sys_newstat").return ? +probe nd_syscall.stat.return = kprobe.function("sys_stat").return ?, + kprobe.function("sys_newstat").return ?, + kprobe.function("sys32_stat64").return ?, + kprobe.function("sys_stat64").return ?, + kprobe.function("sys_oabi_stat64").return ?, + kprobe.function("compat_sys_newstat").return ? { name = "stat" retstr = returnstr(1) @@ -2910,9 +3085,8 @@ probe nd_syscall.stat.return = # long sys_statfs(const char __user * path, struct statfs __user * buf) # long compat_sys_statfs(const char __user *path, struct compat_statfs __user *buf) # -probe nd_syscall.statfs = - kprobe.function("sys_statfs"), - kprobe.function("compat_sys_statfs") ? +probe nd_syscall.statfs = kprobe.function("sys_statfs"), + kprobe.function("compat_sys_statfs") ? { name = "statfs" // path = user_string($path) @@ -2923,9 +3097,8 @@ probe nd_syscall.statfs = buf_uaddr = pointer_arg(2) argstr = sprintf("%s, %p", user_string_quoted(pointer_arg(1)), buf_uaddr) } -probe nd_syscall.statfs.return = - kprobe.function("sys_statfs").return, - kprobe.function("compat_sys_statfs").return ? +probe nd_syscall.statfs.return = kprobe.function("sys_statfs").return, + kprobe.function("compat_sys_statfs").return ? { name = "statfs" retstr = returnstr(1) @@ -2936,9 +3109,8 @@ probe nd_syscall.statfs.return = # long sys_statfs64(const char __user *path, size_t sz, struct statfs64 __user *buf) # long compat_sys_statfs64(const char __user *path, compat_size_t sz, struct compat_statfs64 __user *buf) # -probe nd_syscall.statfs64 = - kprobe.function("sys_statfs64") ?, - kprobe.function("compat_sys_statfs64") ? +probe nd_syscall.statfs64 = kprobe.function("sys_statfs64") ?, + kprobe.function("compat_sys_statfs64") ? { name = "statfs" // path = user_string($path) @@ -2951,9 +3123,8 @@ probe nd_syscall.statfs64 = buf_uaddr = pointer_arg(3) argstr = sprintf("%s, %d, %p", user_string_quoted(pointer_arg(1)), sz, buf_uaddr) } -probe nd_syscall.statfs64.return = - kprobe.function("sys_statfs64").return ?, - kprobe.function("compat_sys_statfs64").return ? +probe nd_syscall.statfs64.return = kprobe.function("sys_statfs64").return ?, + kprobe.function("compat_sys_statfs64").return ? { name = "statfs" retstr = returnstr(1) @@ -2964,9 +3135,8 @@ probe nd_syscall.statfs64.return = # long sys_stime(time_t __user *tptr) # long compat_sys_stime(compat_time_t __user *tptr) # -probe nd_syscall.stime = - kprobe.function("sys_stime") ?, - kprobe.function("compat_sys_stime") ? +probe nd_syscall.stime = kprobe.function("sys_stime") ?, + kprobe.function("compat_sys_stime") ? { name = "stime" // t_uaddr = $tptr @@ -2976,9 +3146,8 @@ probe nd_syscall.stime = t_uaddr = pointer_arg(1) argstr = sprintf("%p", t_uaddr) } -probe nd_syscall.stime.return = - kprobe.function("sys_stime").return ?, - kprobe.function("compat_sys_stime").return ? +probe nd_syscall.stime.return = kprobe.function("sys_stime").return ?, + kprobe.function("compat_sys_stime").return ? { name = "stime" retstr = returnstr(1) @@ -2989,7 +3158,8 @@ probe nd_syscall.stime.return = # asmlinkage long # sys_swapoff(const char __user * specialfile) # -probe nd_syscall.swapoff = kprobe.function("sys_swapoff")? { +probe nd_syscall.swapoff = kprobe.function("sys_swapoff")? +{ name = "swapoff" // path = user_string($specialfile) // argstr = user_string_quoted($specialfile) @@ -2997,17 +3167,20 @@ probe nd_syscall.swapoff = kprobe.function("sys_swapoff")? { path = user_string(pointer_arg(1)) argstr = user_string_quoted(pointer_arg(1)) } -probe nd_syscall.swapoff.return = kprobe.function("sys_swapoff").return ? { +probe nd_syscall.swapoff.return = kprobe.function("sys_swapoff").return ? +{ name = "swapoff" retstr = returnstr(1) } + # swapon _____________________________________________________ # # asmlinkage long # sys_swapon(const char __user * specialfile, # int swap_flags) # -probe nd_syscall.swapon = kprobe.function("sys_swapon") ? { +probe nd_syscall.swapon = kprobe.function("sys_swapon") ? +{ name = "swapon" // path = user_string($specialfile) // swapflags = $swap_flags @@ -3017,14 +3190,17 @@ probe nd_syscall.swapon = kprobe.function("sys_swapon") ? { swapflags = int_arg(2) argstr = sprintf("%s, %d", user_string_quoted(pointer_arg(1)), swapflags) } -probe nd_syscall.swapon.return = kprobe.function("sys_swapon").return ? { +probe nd_syscall.swapon.return = kprobe.function("sys_swapon").return ? +{ name = "swapon" retstr = returnstr(1) } + # symlink ____________________________________________________ # long sys_symlink(const char __user * oldname, # const char __user * newname) -probe nd_syscall.symlink = kprobe.function("sys_symlink") { +probe nd_syscall.symlink = kprobe.function("sys_symlink") +{ name = "symlink" // oldpath = user_string($oldname) // newpath = user_string($newname) @@ -3036,17 +3212,18 @@ probe nd_syscall.symlink = kprobe.function("sys_symlink") { argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), user_string_quoted(pointer_arg(2))) } -probe nd_syscall.symlink.return = kprobe.function("sys_symlink").return { +probe nd_syscall.symlink.return = kprobe.function("sys_symlink").return +{ name = "symlink" retstr = returnstr(1) } - # symlinkat __________________________________________________ # new function with 2.6.16 # long sys_symlinkat(const char __user *oldname, int newdfd, # const char __user *newname) -probe nd_syscall.symlinkat = kprobe.function("sys_symlinkat") ? { +probe nd_syscall.symlinkat = kprobe.function("sys_symlinkat") ? +{ name = "symlinkat" // oldname = $oldname // oldname_str = user_string($oldname) @@ -3066,21 +3243,23 @@ probe nd_syscall.symlinkat = kprobe.function("sys_symlinkat") ? { argstr = sprintf("%s, %s, %s", user_string_quoted(oldname), newdfd_str, user_string_quoted(newname)) } -probe nd_syscall.symlinkat.return = kprobe.function("sys_symlinkat").return ? { +probe nd_syscall.symlinkat.return = kprobe.function("sys_symlinkat").return ? +{ name = "symlinkat" retstr = returnstr(1) } - # sync _______________________________________________________ # # sys_sync(void) # -probe nd_syscall.sync = kprobe.function("sys_sync") { +probe nd_syscall.sync = kprobe.function("sys_sync") +{ name = "sync" argstr = "" } -probe nd_syscall.sync.return = kprobe.function("sys_sync").return { +probe nd_syscall.sync.return = kprobe.function("sys_sync").return +{ name = "sync" retstr = returnstr(1) } @@ -3089,18 +3268,16 @@ probe nd_syscall.sync.return = kprobe.function("sys_sync").return { # # long sys_sysctl(struct __sysctl_args __user *args) # -probe nd_syscall.sysctl = - kprobe.function("sys_sysctl") ?, - kprobe.function("compat_sys_sysctl") ? +probe nd_syscall.sysctl = kprobe.function("sys_sysctl") ?, + kprobe.function("compat_sys_sysctl") ? { name = "sysctl" // argstr = sprintf("%p", $args) asmlinkage() argstr = sprintf("%p", pointer_arg(1)) } -probe nd_syscall.sysctl.return = - kprobe.function("sys_sysctl").return ?, - kprobe.function("compat_sys_sysctl").return ? +probe nd_syscall.sysctl.return = kprobe.function("sys_sysctl").return ?, + kprobe.function("compat_sys_sysctl").return ? { name = "sysctl" retstr = returnstr(1) @@ -3113,7 +3290,8 @@ probe nd_syscall.sysctl.return = # unsigned long arg1, # unsigned long arg2) # -probe nd_syscall.sysfs = kprobe.function("sys_sysfs") { +probe nd_syscall.sysfs = kprobe.function("sys_sysfs") +{ name = "sysfs" // option = $option // arg1 = $arg1 @@ -3137,17 +3315,18 @@ probe nd_syscall.sysfs = kprobe.function("sys_sysfs") { else argstr = sprintf("%d, %d, %d", option, arg1, arg2) } -probe nd_syscall.sysfs.return = kprobe.function("sys_sysfs").return { +probe nd_syscall.sysfs.return = kprobe.function("sys_sysfs").return +{ name = "sysfs" retstr = returnstr(1) } + # sysinfo ____________________________________________________ # # long sys_sysinfo(struct sysinfo __user *info) # long compat_sys_sysinfo(struct compat_sysinfo __user *info) -probe nd_syscall.sysinfo = - kprobe.function("sys_sysinfo"), - kprobe.function("compat_sys_sysinfo") ? +probe nd_syscall.sysinfo = kprobe.function("sys_sysinfo"), + kprobe.function("compat_sys_sysinfo") ? { name = "sysinfo" // info_uaddr = $info @@ -3156,9 +3335,8 @@ probe nd_syscall.sysinfo = info_uaddr = pointer_arg(1) argstr = sprintf("%p", info_uaddr) } -probe nd_syscall.sysinfo.return = - kprobe.function("sys_sysinfo").return, - kprobe.function("compat_sys_sysinfo").return ? +probe nd_syscall.sysinfo.return = kprobe.function("sys_sysinfo").return, + kprobe.function("compat_sys_sysinfo").return ? { name = "sysinfo" retstr = returnstr(1) @@ -3168,7 +3346,8 @@ probe nd_syscall.sysinfo.return = # # long sys_syslog(int type, char __user * buf, int len) # -probe nd_syscall.syslog = kprobe.function("sys_syslog") { +probe nd_syscall.syslog = kprobe.function("sys_syslog") +{ name = "syslog" // type = $type // bufp_uaddr = $buf @@ -3180,7 +3359,8 @@ probe nd_syscall.syslog = kprobe.function("sys_syslog") { len = int_arg(3) argstr = sprintf("%d, %p, %d", type, bufp_uaddr, len) } -probe nd_syscall.syslog.return = kprobe.function("sys_syslog").return { +probe nd_syscall.syslog.return = kprobe.function("sys_syslog").return +{ name = "syslog" retstr = returnstr(1) } @@ -3189,13 +3369,15 @@ probe nd_syscall.syslog.return = kprobe.function("sys_syslog").return { # # long sys_tee(int fdin, int fdout, size_t len, unsigned int flags) # -probe nd_syscall.tee = kprobe.function("sys_tee") ? { +probe nd_syscall.tee = kprobe.function("sys_tee") ? +{ name = "tee" // argstr = sprintf("%d, %d, %d, 0x%x", $fdin, $fdout, $len, $flags) asmlinkage() argstr = sprintf("%d, %d, %d, 0x%x", int_arg(1), int_arg(2), ulong_arg(3), uint_arg(4)) } -probe nd_syscall.tee.return = kprobe.function("sys_tee").return ? { +probe nd_syscall.tee.return = kprobe.function("sys_tee").return ? +{ name = "tee" retstr = returnstr(1) } @@ -3207,7 +3389,8 @@ probe nd_syscall.tee.return = kprobe.function("sys_tee").return ? { # int pid, # int sig) # -probe nd_syscall.tgkill = kprobe.function("sys_tgkill") { +probe nd_syscall.tgkill = kprobe.function("sys_tgkill") +{ name = "tgkill" // tgid = $tgid // pid = $pid @@ -3219,10 +3402,12 @@ probe nd_syscall.tgkill = kprobe.function("sys_tgkill") { sig = int_arg(3) argstr = sprintf("%d, %d, %s", tgid, pid, _signal_name(sig)) } -probe nd_syscall.tgkill.return = kprobe.function("sys_tgkill").return { +probe nd_syscall.tgkill.return = kprobe.function("sys_tgkill").return +{ name = "tgkill" retstr = returnstr(1) } + # time _______________________________________________________ # # long sys_time(time_t __user * tloc) @@ -3230,11 +3415,10 @@ probe nd_syscall.tgkill.return = kprobe.function("sys_tgkill").return { # long sys32_time(compat_time_t __user * tloc) # long compat_sys_time(compat_time_t __user * tloc) # -probe nd_syscall.time = - kprobe.function("sys_time")?, - kprobe.function("sys32_time") ?, - kprobe.function("sys_time64") ?, - kprobe.function("compat_sys_time") ? +probe nd_syscall.time = kprobe.function("sys_time")?, + kprobe.function("sys32_time") ?, + kprobe.function("sys_time64") ?, + kprobe.function("compat_sys_time") ? { name = "time" // t_uaddr = $tloc @@ -3243,11 +3427,10 @@ probe nd_syscall.time = t_uaddr = pointer_arg(1) argstr = sprintf("%p", t_uaddr) } -probe nd_syscall.time.return = - kprobe.function("sys_time").return?, - kprobe.function("sys32_time").return ?, - kprobe.function("sys_time64").return ?, - kprobe.function("compat_sys_time").return ? +probe nd_syscall.time.return = kprobe.function("sys_time").return?, + kprobe.function("sys32_time").return ?, + kprobe.function("sys_time64").return ?, + kprobe.function("compat_sys_time").return ? { name = "time" retstr = returnstr(1) @@ -3259,7 +3442,8 @@ probe nd_syscall.time.return = # struct sigevent __user *timer_event_spec, # timer_t __user * created_timer_id) # -probe nd_syscall.timer_create = kprobe.function("sys_timer_create") { +probe nd_syscall.timer_create = kprobe.function("sys_timer_create") +{ name = "timer_create" // clockid = $which_clock // clockid_str = _get_wc_str($which_clock) @@ -3273,8 +3457,8 @@ probe nd_syscall.timer_create = kprobe.function("sys_timer_create") { timerid_uaddr = pointer_arg(3) argstr = sprintf("%s, %p, %p", clockid_str, evp_uaddr, timerid_uaddr) } -probe nd_syscall.timer_create.return = - kprobe.function("sys_timer_create").return { +probe nd_syscall.timer_create.return = kprobe.function("sys_timer_create").return +{ name = "timer_create" retstr = returnstr(1) } @@ -3283,7 +3467,8 @@ probe nd_syscall.timer_create.return = # # long sys_timer_delete(timer_t timer_id) # -probe nd_syscall.timer_delete = kprobe.function("sys_timer_delete") { +probe nd_syscall.timer_delete = kprobe.function("sys_timer_delete") +{ name = "timer_delete" // timerid = $timer_id // argstr = sprint($timer_id) @@ -3291,7 +3476,8 @@ probe nd_syscall.timer_delete = kprobe.function("sys_timer_delete") { timerid = int_arg(1) argstr = sprint(timerid) } -probe nd_syscall.timer_delete.return = kprobe.function("sys_timer_delete").return { +probe nd_syscall.timer_delete.return = kprobe.function("sys_timer_delete").return +{ name = "timer_delete" retstr = returnstr(1) } @@ -3300,7 +3486,8 @@ probe nd_syscall.timer_delete.return = kprobe.function("sys_timer_delete").retur # # long sys_timer_getoverrun(timer_t timer_id) # -probe nd_syscall.timer_getoverrun = kprobe.function("sys_timer_getoverrun") { +probe nd_syscall.timer_getoverrun = kprobe.function("sys_timer_getoverrun") +{ name = "timer_getoverrun" // timerid = $timer_id // argstr = sprint($timer_id) @@ -3308,8 +3495,8 @@ probe nd_syscall.timer_getoverrun = kprobe.function("sys_timer_getoverrun") { timerid = int_arg(1) argstr = sprint(timerid) } -probe nd_syscall.timer_getoverrun.return = - kprobe.function("sys_timer_getoverrun").return { +probe nd_syscall.timer_getoverrun.return = kprobe.function("sys_timer_getoverrun").return +{ name = "timer_getoverrun" retstr = returnstr(1) } @@ -3319,7 +3506,8 @@ probe nd_syscall.timer_getoverrun.return = # long sys_timer_gettime(timer_t timer_id, # struct itimerspec __user *setting) # -probe nd_syscall.timer_gettime = kprobe.function("sys_timer_gettime") { +probe nd_syscall.timer_gettime = kprobe.function("sys_timer_gettime") +{ name = "timer_gettime" // timerid = $timer_id // value_uaddr = $setting @@ -3329,8 +3517,8 @@ probe nd_syscall.timer_gettime = kprobe.function("sys_timer_gettime") { value_uaddr = pointer_arg(2) argstr = sprintf("%d, %p", timerid, value_uaddr) } -probe nd_syscall.timer_gettime.return = - kprobe.function("sys_timer_gettime").return { +probe nd_syscall.timer_gettime.return = kprobe.function("sys_timer_gettime").return +{ name = "timer_gettime" retstr = returnstr(1) } @@ -3342,7 +3530,8 @@ probe nd_syscall.timer_gettime.return = # const struct itimerspec __user *new_setting, # struct itimerspec __user *old_setting) # -probe nd_syscall.timer_settime = kprobe.function("sys_timer_settime") { +probe nd_syscall.timer_settime = kprobe.function("sys_timer_settime") +{ name = "timer_settime" // timerid = $timer_id // flags = $flags @@ -3360,8 +3549,8 @@ probe nd_syscall.timer_settime = kprobe.function("sys_timer_settime") { _struct_itimerspec_u(value_uaddr), ovalue_uaddr) } -probe nd_syscall.timer_settime.return = - kprobe.function("sys_timer_settime").return { +probe nd_syscall.timer_settime.return = kprobe.function("sys_timer_settime").return +{ name = "timer_settime" retstr = returnstr(1) } @@ -3373,18 +3562,16 @@ probe nd_syscall.timer_settime.return = # long compat_sys_timerfd(int ufd, int clockid, int flags, # const struct compat_itimerspec __user *utmr) # -probe nd_syscall.timerfd = - kprobe.function("sys_timerfd") ?, - kprobe.function("compat_sys_timerfd") ? +probe nd_syscall.timerfd = kprobe.function("sys_timerfd") ?, + kprobe.function("compat_sys_timerfd") ? { name = "timerfd" // argstr = sprintf("%d, %d, 0x%x", $ufd, $clockid, $flags) asmlinkage() argstr = sprintf("%d, %d, 0x%x", int_arg(1), int_arg(2), int_arg(3)) } -probe nd_syscall.timerfd.return = - kprobe.function("sys_timerfd").return ?, - kprobe.function("compat_sys_timerfd").return ? +probe nd_syscall.timerfd.return = kprobe.function("sys_timerfd").return ?, + kprobe.function("compat_sys_timerfd").return ? { name = "timerfd" retstr = returnstr(1) @@ -3394,18 +3581,16 @@ probe nd_syscall.timerfd.return = # # long sys_times(struct tms __user * tbuf) # long compat_sys_times(struct compat_tms __user *tbuf) -probe nd_syscall.times = - kprobe.function("sys_times") ?, - kprobe.function("compat_sys_times") ? +probe nd_syscall.times = kprobe.function("sys_times") ?, + kprobe.function("compat_sys_times") ? { name = "times" // argstr = sprintf("%p", $tbuf) asmlinkage() argstr = sprintf("%p", pointer_arg(1)) } -probe nd_syscall.times.return = - kprobe.function("sys_times").return ?, - kprobe.function("compat_sys_times").return ? +probe nd_syscall.times.return = kprobe.function("sys_times").return ?, + kprobe.function("compat_sys_times").return ? { name = "times" retstr = returnstr(1) @@ -3417,7 +3602,8 @@ probe nd_syscall.times.return = # sys_tkill(int pid, # int sig) # -probe nd_syscall.tkill = kprobe.function("sys_tkill") { +probe nd_syscall.tkill = kprobe.function("sys_tkill") +{ name = "tkill" // pid = $pid // sig = $sig @@ -3427,7 +3613,8 @@ probe nd_syscall.tkill = kprobe.function("sys_tkill") { sig = int_arg(2) argstr = sprintf("%d, %s", pid, _signal_name(sig)) } -probe nd_syscall.tkill.return = kprobe.function("sys_tkill").return { +probe nd_syscall.tkill.return = kprobe.function("sys_tkill").return +{ name = "tkill" retstr = returnstr(1) } @@ -3437,7 +3624,9 @@ probe nd_syscall.tkill.return = kprobe.function("sys_tkill").return { # sys_truncate(const char __user * path, unsigned long length) # sys_truncate64(const char __user * path, loff_t length) # -probe nd_syscall.truncate = kprobe.function("sys_truncate")?, kprobe.function("sys_truncate64") ? { +probe nd_syscall.truncate = kprobe.function("sys_truncate")?, + kprobe.function("sys_truncate64") ? +{ name = "truncate" // path_uaddr = $path // path = user_string($path) @@ -3452,7 +3641,9 @@ probe nd_syscall.truncate = kprobe.function("sys_truncate")?, kprobe.function("s length = longlong_arg(2) argstr = sprintf("%s, %d", user_string_quoted(path_uaddr), length) } -probe nd_syscall.truncate.return = kprobe.function("sys_truncate").return ?, kprobe.function("sys_truncate64").return ? { +probe nd_syscall.truncate.return = kprobe.function("sys_truncate").return ?, + kprobe.function("sys_truncate64").return ? +{ name = "truncate" retstr = returnstr(1) } @@ -3460,7 +3651,8 @@ probe nd_syscall.truncate.return = kprobe.function("sys_truncate").return ?, kpr # tux ________________________________________________________ # long sys_tux (unsigned int action, user_req_t *u_info) # -probe nd_syscall.tux = kprobe.function("sys_tux") ? { +probe nd_syscall.tux = kprobe.function("sys_tux") ? +{ name = "tux" // action = $action // u_info_uaddr = $u_info @@ -3471,7 +3663,8 @@ probe nd_syscall.tux = kprobe.function("sys_tux") ? { u_info_uaddr = pointer_arg(2) argstr = sprintf("%d, %p", action, u_info_uaddr) } -probe nd_syscall.tux.return = kprobe.function("sys_tux").return ? { +probe nd_syscall.tux.return = kprobe.function("sys_tux").return ? +{ name = "tux" retstr = returnstr(1) } @@ -3479,7 +3672,8 @@ probe nd_syscall.tux.return = kprobe.function("sys_tux").return ? { # umask ______________________________________________________ # long sys_umask(int mask) # -probe nd_syscall.umask = kprobe.function("sys_umask") { +probe nd_syscall.umask = kprobe.function("sys_umask") +{ name = "umask" // mask = $mask // argstr = sprintf("%#o", $mask) @@ -3487,7 +3681,8 @@ probe nd_syscall.umask = kprobe.function("sys_umask") { mask = int_arg(1) argstr = sprintf("%#o", mask) } -probe nd_syscall.umask.return = kprobe.function("sys_umask").return { +probe nd_syscall.umask.return = kprobe.function("sys_umask").return +{ name = "umask" retstr = returnstr(3) } @@ -3495,7 +3690,8 @@ probe nd_syscall.umask.return = kprobe.function("sys_umask").return { # umount _____________________________________________________ # long sys_umount(char __user * name, int flags) # -probe nd_syscall.umount = kprobe.function("sys_umount") { +probe nd_syscall.umount = kprobe.function("sys_umount") +{ name = "umount" // target = user_string($name) // flags = $flags @@ -3507,10 +3703,12 @@ probe nd_syscall.umount = kprobe.function("sys_umount") { flags_str = _umountflags_str(flags) argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), flags_str) } -probe nd_syscall.umount.return = kprobe.function("sys_umount").return { +probe nd_syscall.umount.return = kprobe.function("sys_umount").return +{ name = "umount" retstr = returnstr(1) } + # uname ______________________________________________________ # # int sys_uname(struct old_utsname __user *name) @@ -3519,12 +3717,11 @@ probe nd_syscall.umount.return = kprobe.function("sys_umount").return { # int sys32_olduname(struct oldold_utsname __user * name) # long sys32_uname(struct old_utsname __user * name) # -probe nd_syscall.uname = - kprobe.function("sys_uname") ?, - kprobe.function("sys_olduname") ?, - kprobe.function("sys32_olduname") ?, - kprobe.function("sys32_uname") ?, - kprobe.function("sys_newuname") ? +probe nd_syscall.uname = kprobe.function("sys_uname") ?, + kprobe.function("sys_olduname") ?, + kprobe.function("sys32_olduname") ?, + kprobe.function("sys32_uname") ?, + kprobe.function("sys_newuname") ? { name = "uname" // argstr = sprintf("%p", $name) @@ -3538,12 +3735,11 @@ probe nd_syscall.uname = argstr = sprintf("%p", pointer_arg(1)) } -probe nd_syscall.uname.return = - kprobe.function("sys_uname").return ?, - kprobe.function("sys_olduname").return ?, - kprobe.function("sys32_olduname").return ?, - kprobe.function("sys32_uname").return ?, - kprobe.function("sys_newuname").return ? +probe nd_syscall.uname.return = kprobe.function("sys_uname").return ?, + kprobe.function("sys_olduname").return ?, + kprobe.function("sys32_olduname").return ?, + kprobe.function("sys32_uname").return ?, + kprobe.function("sys_newuname").return ? { name = "uname" retstr = returnstr(1) @@ -3552,7 +3748,8 @@ probe nd_syscall.uname.return = # unlink _____________________________________________________ # long sys_unlink(const char __user * pathname) # -probe nd_syscall.unlink = kprobe.function("sys_unlink") { +probe nd_syscall.unlink = kprobe.function("sys_unlink") +{ name = "unlink" // pathname_uaddr = $pathname // pathname = user_string($pathname) @@ -3562,16 +3759,19 @@ probe nd_syscall.unlink = kprobe.function("sys_unlink") { pathname = user_string(pathname_uaddr) argstr = user_string_quoted(pathname_uaddr) } -probe nd_syscall.unlink.return = kprobe.function("sys_unlink").return { +probe nd_syscall.unlink.return = kprobe.function("sys_unlink").return +{ name = "unlink" retstr = returnstr(1) } + # uselib _____________________________________________________ # # asmlinkage long # sys_uselib(const char __user * library) # -probe nd_syscall.uselib = kprobe.function("sys_uselib") { +probe nd_syscall.uselib = kprobe.function("sys_uselib") +{ name = "uselib" // library_uaddr = $library // library = user_string($library) @@ -3581,14 +3781,17 @@ probe nd_syscall.uselib = kprobe.function("sys_uselib") { library = user_string(library_uaddr) argstr = user_string_quoted(library_uaddr) } -probe nd_syscall.uselib.return = kprobe.function("sys_uselib").return { +probe nd_syscall.uselib.return = kprobe.function("sys_uselib").return +{ name = "uselib" retstr = returnstr(1) } + # ustat ______________________________________________________ # long sys_ustat(unsigned dev, struct ustat __user * ubuf) # -probe nd_syscall.ustat = kprobe.function("sys_ustat") { +probe nd_syscall.ustat = kprobe.function("sys_ustat") +{ name = "ustat" // dev = $dev // ubuf_uaddr = $ubuf @@ -3600,7 +3803,8 @@ probe nd_syscall.ustat = kprobe.function("sys_ustat") { } #long sys32_ustat(unsigned dev, struct ustat32 __user *u32p) -probe nd_syscall.ustat32 = kprobe.function("sys32_ustat") ? { +probe nd_syscall.ustat32 = kprobe.function("sys32_ustat") ? +{ name = "ustat" // dev = $dev // argstr = sprintf("%d, %p", $dev, $u32p) @@ -3609,9 +3813,8 @@ probe nd_syscall.ustat32 = kprobe.function("sys32_ustat") ? { argstr = sprintf("%d, %p", dev, pointer_arg(2)) } -probe nd_syscall.ustat.return = - kprobe.function("sys_ustat").return, - kprobe.function("sys32_ustat").return ? +probe nd_syscall.ustat.return = kprobe.function("sys_ustat").return, + kprobe.function("sys32_ustat").return ? { name = "ustat" retstr = returnstr(1) @@ -3619,7 +3822,8 @@ probe nd_syscall.ustat.return = # utime ______________________________________________________ # long sys_utime(char __user * filename, struct utimbuf __user * times) -probe nd_syscall.utime = kprobe.function("sys_utime") ? { +probe nd_syscall.utime = kprobe.function("sys_utime") ? +{ name = "utime" asmlinkage() filename_uaddr = pointer_arg(1) @@ -3630,13 +3834,15 @@ probe nd_syscall.utime = kprobe.function("sys_utime") ? { argstr = sprintf("%s, [%s, %s]", filename, ctime(actime), ctime(modtime)) } -probe nd_syscall.utime.return = kprobe.function("sys_utime").return ? { +probe nd_syscall.utime.return = kprobe.function("sys_utime").return ? +{ name = "utime" retstr = returnstr(1) } # long compat_sys_utime(char __user *filename, struct compat_utimbuf __user *t) -probe nd_syscall.compat_utime = kprobe.function("compat_sys_utime") ? { +probe nd_syscall.compat_utime = kprobe.function("compat_sys_utime") ? +{ name = "utime" asmlinkage() filename_uaddr = pointer_arg(1) @@ -3647,7 +3853,8 @@ probe nd_syscall.compat_utime = kprobe.function("compat_sys_utime") ? { argstr = sprintf("%s, [%s, %s]", filename, ctime(actime), ctime(modtime)) } -probe nd_syscall.compat_utime.return = kprobe.function("compat_sys_utime").return ? { +probe nd_syscall.compat_utime.return = kprobe.function("compat_sys_utime").return ? +{ name = "utime" retstr = returnstr(1) } @@ -3656,7 +3863,8 @@ probe nd_syscall.compat_utime.return = kprobe.function("compat_sys_utime").retur # # long sys_utimes(char __user * filename, struct timeval __user * utimes) # -probe nd_syscall.utimes = kprobe.function("sys_utimes") { +probe nd_syscall.utimes = kprobe.function("sys_utimes") +{ name = "utimes" // filename_uaddr = $filename // filename = user_string($filename) @@ -3670,15 +3878,18 @@ probe nd_syscall.utimes = kprobe.function("sys_utimes") { argstr = sprintf("%s, %s", user_string_quoted(filename_uaddr), _struct_timeval_u(tvp_uaddr, 2)) } -probe nd_syscall.utimes.return = kprobe.function("sys_utimes").return { +probe nd_syscall.utimes.return = kprobe.function("sys_utimes").return +{ name = "utimes" retstr = returnstr(1) } + # compat_sys_utimes ________________________________________ # # long compat_sys_utimes(char __user *filename, struct compat_timeval __user *t) # -probe nd_syscall.compat_sys_utimes = kprobe.function("compat_sys_utimes") ? { +probe nd_syscall.compat_sys_utimes = kprobe.function("compat_sys_utimes") ? +{ name = "utimes" // filename = user_string($filename) // argstr = sprintf("%s, %s", user_string_quoted($filename), @@ -3688,7 +3899,8 @@ probe nd_syscall.compat_sys_utimes = kprobe.function("compat_sys_utimes") ? { argstr = sprintf("%s, %s", user_string_quoted(filename), _struct_compat_timeval_u(pointer_arg(2), 2)) } -probe nd_syscall.compat_sys_utimes.return = kprobe.function("compat_sys_utimes").return ? { +probe nd_syscall.compat_sys_utimes.return = kprobe.function("compat_sys_utimes").return ? +{ name = "utimes" retstr = returnstr(1) } @@ -3697,27 +3909,31 @@ probe nd_syscall.compat_sys_utimes.return = kprobe.function("compat_sys_utimes") # long sys_utimensat(int dfd, char __user *filename, struct timespec __user *utimes, int flags) # long compat_sys_utimensat(unsigned int dfd, char __user *filename, struct compat_timespec __user *t, int flags) # -probe nd_syscall.utimensat = kprobe.function("sys_utimensat") ? { +probe nd_syscall.utimensat = kprobe.function("sys_utimensat") ? +{ name = "utimensat" - // argstr = sprintf("%s, %s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), _struct_timespec_u($utimes,2), + // argstr = sprintf("%s, %s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), _struct_timespec_u($utimes, 2), // _at_flag_str($flags)) asmlinkage() argstr = sprintf("%s, %s, %s, %s", _dfd_str(int_arg(1)), user_string_quoted(pointer_arg(2)), - _struct_timespec_u(pointer_arg(3),2), _at_flag_str(int_arg(4))) + _struct_timespec_u(pointer_arg(3), 2), _at_flag_str(int_arg(4))) } -probe nd_syscall.compat_utimensat = kprobe.function("compat_sys_utimensat") ? { +probe nd_syscall.compat_utimensat = kprobe.function("compat_sys_utimensat") ? +{ name = "utimensat" - // argstr = sprintf("%s, %s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), _struct_compat_timespec_u($t,2), + // argstr = sprintf("%s, %s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), _struct_compat_timespec_u($t, 2), // _at_flag_str($flags)) asmlinkage() argstr = sprintf("%s, %s, %s, %s", _dfd_str(uint_arg(1)), user_string_quoted(pointer_arg(2)), - _struct_compat_timespec_u(pointer_arg(3),2), _at_flag_str(int_arg(4))) + _struct_compat_timespec_u(pointer_arg(3), 2), _at_flag_str(int_arg(4))) } -probe nd_syscall.utimensat.return = kprobe.function("sys_utimensat").return ? { +probe nd_syscall.utimensat.return = kprobe.function("sys_utimensat").return ? +{ name = "utimensat" retstr = returnstr(1) } -probe nd_syscall.compat_utimensat.return = kprobe.function("compat_sys_utimensat").return ? { +probe nd_syscall.compat_utimensat.return = kprobe.function("compat_sys_utimensat").return ? +{ name = "utimensat" retstr = returnstr(1) } @@ -3727,11 +3943,13 @@ probe nd_syscall.compat_utimensat.return = kprobe.function("compat_sys_utimensa # asmlinkage long # sys_vhangup(void) # -probe nd_syscall.vhangup = kprobe.function("sys_vhangup") { +probe nd_syscall.vhangup = kprobe.function("sys_vhangup") +{ name = "vhangup" argstr = "" } -probe nd_syscall.vhangup.return = kprobe.function("sys_vhangup").return { +probe nd_syscall.vhangup.return = kprobe.function("sys_vhangup").return +{ name = "vhangup" retstr = returnstr(1) } @@ -3743,23 +3961,27 @@ probe nd_syscall.vhangup.return = kprobe.function("sys_vhangup").return { # long compat_sys_vmsplice(int fd, const struct compat_iovec __user *iov32, # unsigned int nr_segs, unsigned int flags) # -probe nd_syscall.vmsplice = kprobe.function("sys_vmsplice") ? { +probe nd_syscall.vmsplice = kprobe.function("sys_vmsplice") ? +{ name = "vmsplice" // argstr = sprintf("%d, %p, %d, 0x%x", $fd, $iov, $nr_segs, $flags) asmlinkage() argstr = sprintf("%d, %p, %d, 0x%x", int_arg(1), pointer_arg(2), ulong_arg(3), uint_arg(4)) } -probe nd_syscall.compat_vmsplice = kprobe.function("compat_sys_vmsplice") ? { +probe nd_syscall.compat_vmsplice = kprobe.function("compat_sys_vmsplice") ? +{ name = "vmsplice" // argstr = sprintf("%d, %p, %d, 0x%x", $fd, $iov32, $nr_segs, $flags) asmlinkage() argstr = sprintf("%d, %p, %d, 0x%x", int_arg(1), pointer_arg(2), uint_arg(3), uint_arg(4)) } -probe nd_syscall.vmsplice.return = kprobe.function("sys_vmsplice").return ? { +probe nd_syscall.vmsplice.return = kprobe.function("sys_vmsplice").return ? +{ name = "vmsplice" retstr = returnstr(1) } -probe nd_syscall.compat_vmsplice.return = kprobe.function("compat_sys_vmsplice").return ? { +probe nd_syscall.compat_vmsplice.return = kprobe.function("compat_sys_vmsplice").return ? +{ name = "vmsplice" retstr = returnstr(1) } @@ -3771,7 +3993,8 @@ probe nd_syscall.compat_vmsplice.return = kprobe.function("compat_sys_vmsplice") # int options, # struct rusage __user *ru) # -probe nd_syscall.wait4 = kprobe.function("sys_wait4") { +probe nd_syscall.wait4 = kprobe.function("sys_wait4") +{ name = "wait4" // pid = %( kernel_vr >= "2.6.25" %? $upid %: $pid%) // status_uaddr = $stat_addr @@ -3780,20 +4003,22 @@ probe nd_syscall.wait4 = kprobe.function("sys_wait4") { // rusage_uaddr = $ru // argstr = sprintf("%d, %p, %s, %p", // %( kernel_vr >= "2.6.25" %? $upid %: $pid%), - // $stat_addr,_wait4_opt_str($options), $ru) + // $stat_addr, _wait4_opt_str($options), $ru) asmlinkage() pid = int_arg(1) status_uaddr = pointer_arg(2) options = int_arg(3) options_str = _wait4_opt_str(options) rusage_uaddr = pointer_arg(4) - argstr = sprintf("%d, %p, %s, %p", pid, status_uaddr,_wait4_opt_str(options), rusage_uaddr) + argstr = sprintf("%d, %p, %s, %p", pid, status_uaddr, _wait4_opt_str(options), rusage_uaddr) } -probe nd_syscall.wait4.return = kprobe.function("sys_wait4").return { +probe nd_syscall.wait4.return = kprobe.function("sys_wait4").return +{ name = "wait4" retstr = returnstr(1) } + # waitid _____________________________________________________ # # long sys_waitid(int which, @@ -3802,7 +4027,8 @@ probe nd_syscall.wait4.return = kprobe.function("sys_wait4").return { # int options, # struct rusage __user *ru) # -probe nd_syscall.waitid = kprobe.function("sys_waitid") { +probe nd_syscall.waitid = kprobe.function("sys_waitid") +{ name = "waitid" // pid = %( kernel_vr >= "2.6.25" %? $upid %: $pid%) // which = $which @@ -3825,10 +4051,12 @@ probe nd_syscall.waitid = kprobe.function("sys_waitid") { argstr = sprintf("%d, %d, %p, %s, %p", which, pid, infop_uaddr, _waitid_opt_str(options), rusage_uaddr) } -probe nd_syscall.waitid.return = kprobe.function("sys_waitid").return { +probe nd_syscall.waitid.return = kprobe.function("sys_waitid").return +{ name = "waitid" retstr = returnstr(1) } + /* FIXME: # waitpid ____________________________________________________ # @@ -3837,7 +4065,8 @@ probe nd_syscall.waitid.return = kprobe.function("sys_waitid").return { # int options, # struct rusage __user *ru) # -probe nd_syscall.waitpid = kprobe.function("sys_wait4") { +probe nd_syscall.waitpid = kprobe.function("sys_wait4") +{ name = "waitpid" pid = $pid status_uaddr = $stat_addr @@ -3847,7 +4076,8 @@ probe nd_syscall.waitpid = kprobe.function("sys_wait4") { argstr = sprintf("%d, %p, %s, %p", $pid, $stat_addr, options_str, $ru) } -probe nd_syscall.waitpid.return = kprobe.function("sys_wait4").return { +probe nd_syscall.waitpid.return = kprobe.function("sys_wait4").return +{ name = "waitpid" retstr = returnstr(1) } @@ -3859,20 +4089,22 @@ probe nd_syscall.waitpid.return = kprobe.function("sys_wait4").return { # const char __user * buf, # size_t count) # -probe nd_syscall.write = kprobe.function("sys_write") { +probe nd_syscall.write = kprobe.function("sys_write") +{ name = "write" // fd = $fd // buf_uaddr = $buf // count = $count - // argstr = sprintf("%d, %s, %d", $fd, text_strn(user_string($buf),syscall_string_trunc,1), $count) + // argstr = sprintf("%d, %s, %d", $fd, text_strn(user_string($buf), syscall_string_trunc, 1), $count) asmlinkage() fd = uint_arg(1) buf_uaddr = pointer_arg(2) count = ulong_arg(3) - argstr = sprintf("%d, %s, %d", fd, text_strn(user_string(buf_uaddr),syscall_string_trunc,1), count) + argstr = sprintf("%d, %s, %d", fd, text_strn(user_string(buf_uaddr), syscall_string_trunc, 1), count) } -probe nd_syscall.write.return = kprobe.function("sys_write").return { +probe nd_syscall.write.return = kprobe.function("sys_write").return +{ name = "write" retstr = returnstr(1) } @@ -3886,9 +4118,8 @@ probe nd_syscall.write.return = kprobe.function("sys_write").return { # const struct compat_iovec __user *vec, # unsigned long vlen) # -probe nd_syscall.writev = - kprobe.function("sys_writev"), - kprobe.function("compat_sys_writev") ? +probe nd_syscall.writev = kprobe.function("sys_writev"), + kprobe.function("compat_sys_writev") ? { name = "writev" // vector_uaddr = $vec @@ -3907,9 +4138,8 @@ probe nd_syscall.writev = argstr = sprintf("%d, %p, %d", fd, vector_uaddr, count) } -probe nd_syscall.writev.return = - kprobe.function("sys_writev").return, - kprobe.function("compat_sys_writev").return ? +probe nd_syscall.writev.return = kprobe.function("sys_writev").return, + kprobe.function("compat_sys_writev").return ? { name = "writev" retstr = returnstr(1) -- cgit From 0fa400f2b00ade1b3cb9ef4fb59cdd63f4fb9986 Mon Sep 17 00:00:00 2001 From: Josh Stone Date: Fri, 29 May 2009 16:50:24 -0700 Subject: Fix a few variables in nd_syscalls2 --- tapset/nd_syscalls2.stp | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'tapset') diff --git a/tapset/nd_syscalls2.stp b/tapset/nd_syscalls2.stp index 33722d0e..53c40453 100644 --- a/tapset/nd_syscalls2.stp +++ b/tapset/nd_syscalls2.stp @@ -1208,7 +1208,7 @@ probe nd_syscall.rt_sigaction32 = kprobe.function("sys32_rt_sigaction") ?, act_uaddr = pointer_arg(2) oact_uaddr = pointer_arg(3) sigsetsize = uint_arg(4) - argstr = sprintf("%s, %p, %p, %d", _signal_name(sig), act_uadd, oact_uaddr, sigsetsize) + argstr = sprintf("%s, %p, %p, %d", _signal_name(sig), act_uaddr, oact_uaddr, sigsetsize) } probe nd_syscall.rt_sigaction32.return = kprobe.function("sys32_rt_sigaction").return ?, kprobe.function("compat_sys_rt_sigaction").return ? @@ -1686,16 +1686,16 @@ probe nd_syscall.semctl.return = kprobe.function("sys_semctl").return ? # # long compat_sys_semctl(int first, int second, int third, void __user *uptr) # -probe nd_syscall.compat_sys_semctl = kprobe.function("compat_sys_semctl") ? -{ - name = "compat_sys_semctl" - argstr = sprintf("%d, %d, %d, %p", $first, $second, $third, $uptr) // ** not asmlinkage -} -probe nd_syscall.compat_sys_semctl.return = kprobe.function("compat_sys_semctl").return ? -{ - name = "compat_sys_semctl" - retstr = returnstr(1) -} +#probe nd_syscall.compat_sys_semctl = kprobe.function("compat_sys_semctl") ? +#{ +# name = "compat_sys_semctl" +# argstr = sprintf("%d, %d, %d, %p", $first, $second, $third, $uptr) // ** not asmlinkage +#} +#probe nd_syscall.compat_sys_semctl.return = kprobe.function("compat_sys_semctl").return ? +#{ +# name = "compat_sys_semctl" +# retstr = returnstr(1) +#} # semget _____________________________________________________ # long sys_semget (key_t key, int nsems, int semflg) @@ -2799,7 +2799,7 @@ probe nd_syscall.sigaction32 = kprobe.function("sys32_sigaction") ? sig = int_arg(1) act_uaddr = pointer_arg(2) oact_uaddr = pointer_arg(3) - argstr = sprintf("%s, %p, %p", _signal_name(sig), sact_uaddr, soact_uaddr) + argstr = sprintf("%s, %p, %p", _signal_name(sig), act_uaddr, oact_uaddr) } probe nd_syscall.sigaction32.return = kprobe.function("sys32_sigaction").return ? { @@ -3896,7 +3896,7 @@ probe nd_syscall.compat_sys_utimes = kprobe.function("compat_sys_utimes") ? // _struct_compat_timeval_u($t, 2)) asmlinkage() filename = user_string(pointer_arg(1)) - argstr = sprintf("%s, %s", user_string_quoted(filename), + argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), _struct_compat_timeval_u(pointer_arg(2), 2)) } probe nd_syscall.compat_sys_utimes.return = kprobe.function("compat_sys_utimes").return ? -- cgit From 8224f4bed15ec757d8f0146d6c56b374374b6bc0 Mon Sep 17 00:00:00 2001 From: Josh Stone Date: Tue, 2 Jun 2009 01:28:00 -0700 Subject: More nd_syscalls2 cleanup, and add SYSCALL_WRAPPERS MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Fix a few more formatting issues - Add SYSCALL_WRAPPERS analogous to 132c33 tapset/syscalls2.stp Thanks to Przemysław Pawełczyk for the helpful translation scripts. --- tapset/nd_syscalls2.stp | 866 ++++++++++++++++++++++++++++++++---------------- 1 file changed, 575 insertions(+), 291 deletions(-) (limited to 'tapset') diff --git a/tapset/nd_syscalls2.stp b/tapset/nd_syscalls2.stp index 53c40453..49210012 100644 --- a/tapset/nd_syscalls2.stp +++ b/tapset/nd_syscalls2.stp @@ -28,7 +28,8 @@ # long compat_sys_nanosleep(struct compat_timespec __user *rqtp, # struct compat_timespec __user *rmtp) # -probe nd_syscall.nanosleep = kprobe.function("sys_nanosleep") +probe nd_syscall.nanosleep = kprobe.function("SyS_nanosleep") ?, + kprobe.function("sys_nanosleep") ? { name = "nanosleep" // req_uaddr = $rqtp @@ -39,7 +40,8 @@ probe nd_syscall.nanosleep = kprobe.function("sys_nanosleep") rem_uaddr = pointer_arg(2) argstr = sprintf("%s, %p", _struct_timespec_u(req_uaddr, 1), rem_uaddr) } -probe nd_syscall.nanosleep.return = kprobe.function("sys_nanosleep").return +probe nd_syscall.nanosleep.return = kprobe.function("SyS_nanosleep").return ?, + kprobe.function("sys_nanosleep").return ? { name = "nanosleep" retstr = returnstr(1) @@ -91,7 +93,8 @@ probe nd_syscall.nfsservctl.return = kprobe.function("sys_nfsservctl").return ?, # nice _______________________________________________________ # long sys_nice(int increment) # -probe nd_syscall.nice = kprobe.function("sys_nice") ? +probe nd_syscall.nice = kprobe.function("SyS_nice") ?, + kprobe.function("sys_nice") ? { name = "nice" // inc = $increment @@ -100,7 +103,8 @@ probe nd_syscall.nice = kprobe.function("sys_nice") ? inc = int_arg(1) argstr = sprintf("%d", inc) } -probe nd_syscall.nice.return = kprobe.function("sys_nice").return ? +probe nd_syscall.nice.return = kprobe.function("SyS_nice").return ?, + kprobe.function("sys_nice").return ? { name = "nice" retstr = returnstr(1) @@ -125,9 +129,10 @@ probe nd_syscall.ni_syscall.return = kprobe.function("sys_ni_syscall").return # long sys_open(const char __user * filename, int flags, int mode) # (obsolete) long sys32_open(const char * filename, int flags, int mode) # -probe nd_syscall.open = kprobe.function("sys_open") ?, - kprobe.function("compat_sys_open") ?, - kprobe.function("sys32_open") ? +probe nd_syscall.open = kprobe.function("compat_sys_open") ?, + kprobe.function("sys32_open") ?, + kprobe.function("SyS_open") ?, + kprobe.function("sys_open") ? { name = "open" // filename = user_string($filename) @@ -150,9 +155,10 @@ probe nd_syscall.open = kprobe.function("sys_open") ?, argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), _sys_open_flag_str(flags)) } -probe nd_syscall.open.return = kprobe.function("sys_open").return ?, - kprobe.function("compat_sys_open").return ?, +probe nd_syscall.open.return = kprobe.function("compat_sys_open").return ?, kprobe.function("sys32_open").return ? + kprobe.function("SyS_open").return ? + kprobe.function("sys_open").return ? { name = "open" retstr = returnstr(1) @@ -162,8 +168,9 @@ probe nd_syscall.open.return = kprobe.function("sys_open").return ?, # long sys_openat(int dfd, const char __user *filename, int flags, int mode) # long compat_sys_openat(unsigned int dfd, const char __user *filename, int flags, int mode) # -probe nd_syscall.openat = kprobe.function("sys_openat") ?, - kprobe.function("compat_sys_openat") ? +probe nd_syscall.openat = kprobe.function("compat_sys_openat") ?, + kprobe.function("SyS_openat") ?, + kprobe.function("sys_openat") ? { name = "openat" // filename = user_string($filename) @@ -190,8 +197,9 @@ probe nd_syscall.openat = kprobe.function("sys_openat") ?, user_string_quoted(pointer_arg(2)), _sys_open_flag_str(flags)) } -probe nd_syscall.openat.return = kprobe.function("sys_openat").return ?, - kprobe.function("compat_sys_openat").return ? +probe nd_syscall.openat.return = kprobe.function("compat_sys_openat").return ?, + kprobe.function("SyS_openat").return ?, + kprobe.function("sys_openat").return ? { name = "openat" retstr = returnstr(1) @@ -260,7 +268,7 @@ probe nd_syscall.pause.return = kprobe.function("sys_pause").return ?, # argstr = sprintf("%p, %p, %p, %d, %p", bus, dfn, off, # len, buf_uaddr) #} -#probe nd_syscall.pciconfig_read.return = # kprobe.function("sys_pciconfig_read").return +#probe nd_syscall.pciconfig_read.return = kprobe.function("sys_pciconfig_read").return #{ # name = "pciconfig_read" # retstr = returnstr(1) @@ -287,7 +295,7 @@ probe nd_syscall.pause.return = kprobe.function("sys_pause").return ?, # argstr = sprintf("%p, %p, %p, %d, %p", bus, dfn, off, # len, buf_uaddr) #} -#probe nd_syscall.pciconfig_write.return = # kprobe.function("sys_pciconfig_write").return +#probe nd_syscall.pciconfig_write.return = kprobe.function("sys_pciconfig_write").return #{ # name = "pciconfig_write" # retstr = returnstr(1) @@ -298,7 +306,8 @@ probe nd_syscall.pause.return = kprobe.function("sys_pause").return ?, # asmlinkage long # sys_personality(u_long personality) # -probe nd_syscall.personality = kprobe.function("sys_personality") +probe nd_syscall.personality = kprobe.function("SyS_personality") ?, + kprobe.function("sys_personality") ? { name = "personality" // persona = $personality @@ -306,7 +315,8 @@ probe nd_syscall.personality = kprobe.function("sys_personality") persona = ulong_arg(1) argstr = sprintf("%p", persona); } -probe nd_syscall.personality.return = kprobe.function("sys_personality").return +probe nd_syscall.personality.return = kprobe.function("SyS_personality").return ?, + kprobe.function("sys_personality").return ? { name = "personality" retstr = returnstr(1) @@ -317,7 +327,8 @@ probe nd_syscall.personality.return = kprobe.function("sys_personality").return # asmlinkage int # sys_pipe(unsigned long __user * fildes) # -probe nd_syscall.pipe = kprobe.function("sys_pipe") +probe nd_syscall.pipe = kprobe.function("SyS_pipe") ?, + kprobe.function("sys_pipe") ? { name = "pipe" %( arch == "ia64" %? @@ -332,7 +343,8 @@ probe nd_syscall.pipe = kprobe.function("sys_pipe") %) } -probe nd_syscall.pipe.return = kprobe.function("sys_pipe").return +probe nd_syscall.pipe.return = kprobe.function("SyS_pipe").return ?, + kprobe.function("sys_pipe").return ? { name = "pipe" retstr = returnstr(1) @@ -342,7 +354,8 @@ probe nd_syscall.pipe.return = kprobe.function("sys_pipe").return # # long sys_pivot_root(const char __user *new_root, const char __user *put_old) # -probe nd_syscall.pivot_root = kprobe.function("sys_pivot_root") +probe nd_syscall.pivot_root = kprobe.function("SyS_pivot_root") ?, + kprobe.function("sys_pivot_root") ? { name = "pivot_root" // new_root_str = user_string($new_root) @@ -355,7 +368,8 @@ probe nd_syscall.pivot_root = kprobe.function("sys_pivot_root") argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), user_string_quoted(pointer_arg(2))) } -probe nd_syscall.pivot_root.return = kprobe.function("sys_pivot_root").return +probe nd_syscall.pivot_root.return = kprobe.function("SyS_pivot_root").return ?, + kprobe.function("sys_pivot_root").return ? { name = "pivot_root" retstr = returnstr(1) @@ -365,7 +379,8 @@ probe nd_syscall.pivot_root.return = kprobe.function("sys_pivot_root").return # # long sys_poll(struct pollfd __user * ufds, unsigned int nfds, long timeout) # -probe nd_syscall.poll = kprobe.function("sys_poll") +probe nd_syscall.poll = kprobe.function("SyS_poll") ?, + kprobe.function("sys_poll") ? { name = "poll" // ufds_uaddr = $ufds @@ -378,7 +393,8 @@ probe nd_syscall.poll = kprobe.function("sys_poll") timeout = long_arg(3) argstr = sprintf("%p, %d, %d", ufds_uaddr, nfds, timeout) } -probe nd_syscall.poll.return = kprobe.function("sys_poll").return +probe nd_syscall.poll.return = kprobe.function("SyS_poll").return ?, + kprobe.function("sys_poll").return ? { name = "poll" retstr = returnstr(1) @@ -390,7 +406,8 @@ probe nd_syscall.poll.return = kprobe.function("sys_poll").return # struct timespec __user *tsp, const sigset_t __user *sigmask, # size_t sigsetsize) # -probe nd_syscall.ppoll = kprobe.function("sys_ppoll") ? +probe nd_syscall.ppoll = kprobe.function("SyS_ppoll") ?, + kprobe.function("sys_ppoll") ? { name = "ppoll" // argstr = sprintf("%p, %d, %s, %p, %d", @@ -407,7 +424,8 @@ probe nd_syscall.ppoll = kprobe.function("sys_ppoll") ? pointer_arg(4), ulong_arg(5)) } -probe nd_syscall.ppoll.return = kprobe.function("sys_ppoll").return ? +probe nd_syscall.ppoll.return = kprobe.function("SyS_ppoll").return ?, + kprobe.function("sys_ppoll").return ? { name = "ppoll" retstr = returnstr(1) @@ -448,7 +466,8 @@ probe nd_syscall.compat_ppoll.return = kprobe.function("compat_sys_ppoll").retur # unsigned long arg4, # unsigned long arg5) # -probe nd_syscall.prctl = kprobe.function("sys_prctl") +probe nd_syscall.prctl = kprobe.function("SyS_prctl") ?, + kprobe.function("sys_prctl") ? { name = "prctl" // option = $option @@ -465,7 +484,8 @@ probe nd_syscall.prctl = kprobe.function("sys_prctl") argstr = sprintf("%p, %p, %p, %p, %p", option, arg2, arg3, arg4, arg5) } -probe nd_syscall.prctl.return = kprobe.function("sys_prctl").return +probe nd_syscall.prctl.return = kprobe.function("SyS_prctl").return ?, + kprobe.function("sys_prctl").return ? { name = "prctl" retstr = returnstr(1) @@ -478,7 +498,8 @@ probe nd_syscall.prctl.return = kprobe.function("sys_prctl").return # size_t count, # loff_t pos) # -probe nd_syscall.pread = kprobe.function("sys_pread64") +probe nd_syscall.pread = kprobe.function("SyS_pread64") ?, + kprobe.function("sys_pread64") ? { name = "pread" // fd = $fd @@ -493,7 +514,8 @@ probe nd_syscall.pread = kprobe.function("sys_pread64") offset = longlong_arg(4) argstr = sprintf("%d, %p, %d, %d", fd, buf_uaddr, count, offset) } -probe nd_syscall.pread.return = kprobe.function("sys_pread64").return +probe nd_syscall.pread.return = kprobe.function("SyS_pread64").return ?, + kprobe.function("sys_pread64").return ? { name = "pread" retstr = returnstr(1) @@ -504,7 +526,8 @@ probe nd_syscall.pread.return = kprobe.function("sys_pread64").return # long sys_pselect6(int n, fd_set __user *inp, fd_set __user *outp, # fd_set __user *exp, struct timespec __user *tsp, void __user *sig) # -probe nd_syscall.pselect6 = kprobe.function("sys_pselect6") ? +probe nd_syscall.pselect6 = kprobe.function("SyS_pselect6") ?, + kprobe.function("sys_pselect6") ? { name = "pselect6" // argstr = sprintf("%d, %p, %p, %p, %s, %p", $n, $inp, $outp, $exp, @@ -513,7 +536,8 @@ probe nd_syscall.pselect6 = kprobe.function("sys_pselect6") ? argstr = sprintf("%d, %p, %p, %p, %s, %p", int_arg(1) , pointer_arg(2), pointer_arg(3), pointer_arg(4), _struct_timespec_u(pointer_arg(5), 1), pointer_arg(6)) } -probe nd_syscall.pselect6.return = kprobe.function("sys_pselect6").return ? +probe nd_syscall.pselect6.return = kprobe.function("SyS_pselect6").return ?, + kprobe.function("sys_pselect6").return ? { name = "pselect6" retstr = returnstr(1) @@ -575,7 +599,8 @@ probe nd_syscall.compat_pselect7.return = kprobe.function("compat_sys_pselect7") # long addr, # long data) # -probe nd_syscall.ptrace = kprobe.function("sys_ptrace") ? +probe nd_syscall.ptrace = kprobe.function("SyS_ptrace") ?, + kprobe.function("sys_ptrace") ? { name = "ptrace" // request = $request @@ -589,7 +614,8 @@ probe nd_syscall.ptrace = kprobe.function("sys_ptrace") ? data = long_arg(4) argstr = sprintf("%d, %d, %p, %p", request, pid, addr, data) } -probe nd_syscall.ptrace.return = kprobe.function("sys_ptrace").return ? +probe nd_syscall.ptrace.return = kprobe.function("SyS_ptrace").return ?, + kprobe.function("sys_ptrace").return ? { name = "ptrace" retstr = returnstr(1) @@ -602,7 +628,8 @@ probe nd_syscall.ptrace.return = kprobe.function("sys_ptrace").return ? # size_t count, # loff_t pos) # -probe nd_syscall.pwrite = kprobe.function("sys_pwrite64") +probe nd_syscall.pwrite = kprobe.function("SyS_pwrite64") ?, + kprobe.function("sys_pwrite64") ? { name = "pwrite" // fd = $fd @@ -621,7 +648,8 @@ probe nd_syscall.pwrite = kprobe.function("sys_pwrite64") text_strn(user_string(buf_uaddr), syscall_string_trunc, 1), count, offset) } -probe nd_syscall.pwrite.return = kprobe.function("sys_pwrite64").return +probe nd_syscall.pwrite.return = kprobe.function("SyS_pwrite64").return ?, + kprobe.function("sys_pwrite64").return ? { name = "pwrite" retstr = returnstr(1) @@ -668,7 +696,8 @@ probe nd_syscall.pwrite32.return = kprobe.function("sys32_pwrite64").return ? # qid_t id, # void __user *addr) # -probe nd_syscall.quotactl = kprobe.function("sys_quotactl") ? +probe nd_syscall.quotactl = kprobe.function("SyS_quotactl") ?, + kprobe.function("sys_quotactl") ? { name = "quotactl" // cmd = $cmd @@ -687,7 +716,8 @@ probe nd_syscall.quotactl = kprobe.function("sys_quotactl") ? addr_uaddr = pointer_arg(4) argstr = sprintf("%s, %s, %d, %p", cmd_str, special_str, id, addr_uaddr) } -probe nd_syscall.quotactl.return = kprobe.function("sys_quotactl").return ? +probe nd_syscall.quotactl.return = kprobe.function("SyS_quotactl").return ?, + kprobe.function("sys_quotactl").return ? { name = "quotactl" retstr = returnstr(1) @@ -695,7 +725,8 @@ probe nd_syscall.quotactl.return = kprobe.function("sys_quotactl").return ? # read _______________________________________________________ # ssize_t sys_read(unsigned int fd, char __user * buf, size_t count) -probe nd_syscall.read = kprobe.function("sys_read") +probe nd_syscall.read = kprobe.function("SyS_read") ?, + kprobe.function("sys_read") ? { name = "read" // fd = $fd @@ -708,7 +739,8 @@ probe nd_syscall.read = kprobe.function("sys_read") count = ulong_arg(3) argstr = sprintf("%d, %p, %d", fd, buf_uaddr, count) } -probe nd_syscall.read.return = kprobe.function("sys_read").return +probe nd_syscall.read.return = kprobe.function("SyS_read").return ?, + kprobe.function("sys_read").return ? { name = "read" retstr = returnstr(1) @@ -721,7 +753,8 @@ probe nd_syscall.read.return = kprobe.function("sys_read").return # loff_t offset, # size_t count) # -probe nd_syscall.readahead = kprobe.function("sys_readahead") +probe nd_syscall.readahead = kprobe.function("SyS_readahead") ?, + kprobe.function("sys_readahead") ? { name = "readahead" // fd = $fd @@ -733,7 +766,8 @@ probe nd_syscall.readahead = kprobe.function("sys_readahead") count = ulong_arg(3) argstr = sprintf("%d, %p, %p", fd, offset, count) } -probe nd_syscall.readahead.return = kprobe.function("sys_readahead").return +probe nd_syscall.readahead.return = kprobe.function("SyS_readahead").return ?, + kprobe.function("sys_readahead").return ? { name = "readahead" retstr = returnstr(1) @@ -765,7 +799,8 @@ probe nd_syscall.readdir.return = kprobe.function("compat_sys_old_readdir").retu # char __user * buf, # int bufsiz) # -probe nd_syscall.readlink = kprobe.function("sys_readlink") +probe nd_syscall.readlink = kprobe.function("SyS_readlink") ?, + kprobe.function("sys_readlink") ? { name = "readlink" // path = user_string($path) @@ -780,7 +815,8 @@ probe nd_syscall.readlink = kprobe.function("sys_readlink") argstr = sprintf("%s, %p, %d", user_string_quoted(pointer_arg(1)), buf_uaddr, bufsiz) } -probe nd_syscall.readlink.return = kprobe.function("sys_readlink").return +probe nd_syscall.readlink.return = kprobe.function("SyS_readlink").return ?, + kprobe.function("sys_readlink").return ? { name = "readlink" retstr = returnstr(1) @@ -792,7 +828,8 @@ probe nd_syscall.readlink.return = kprobe.function("sys_readlink").return # char __user * buf, # int bufsiz) # -probe nd_syscall.readlinkat = kprobe.function("sys_readlinkat") ? +probe nd_syscall.readlinkat = kprobe.function("SyS_readlinkat") ?, + kprobe.function("sys_readlinkat") ? { name = "readlinkat" //dfd = $dfd @@ -809,7 +846,8 @@ probe nd_syscall.readlinkat = kprobe.function("sys_readlinkat") ? argstr = sprintf("%s, %s, %p, %d", _dfd_str(dfd), user_string_quoted(pointer_arg(2)), buf_uaddr, bufsiz) } -probe nd_syscall.readlinkat.return = kprobe.function("sys_readlinkat").return ? +probe nd_syscall.readlinkat.return = kprobe.function("SyS_readlinkat").return ?, + kprobe.function("sys_readlinkat").return ? { name = "readlinkat" retstr = returnstr(1) @@ -824,8 +862,9 @@ probe nd_syscall.readlinkat.return = kprobe.function("sys_readlinkat").return ? # const struct compat_iovec __user *vec, # unsigned long vlen) # -probe nd_syscall.readv = kprobe.function("sys_readv"), - kprobe.function("compat_sys_readv") ? +probe nd_syscall.readv = kprobe.function("compat_sys_readv") ?, + kprobe.function("SyS_readv") ?, + kprobe.function("sys_readv") ? { name = "readv" // vector_uaddr = $vec @@ -843,8 +882,9 @@ probe nd_syscall.readv = kprobe.function("sys_readv"), fd = ulong_arg(1) argstr = sprintf("%d, %p, %d", fd, vector_uaddr, count) } -probe nd_syscall.readv.return = kprobe.function("sys_readv").return, - kprobe.function("compat_sys_readv").return ? +probe nd_syscall.readv.return = kprobe.function("compat_sys_readv").return ?, + kprobe.function("SyS_readv").return ?, + kprobe.function("sys_readv").return ? { name = "readv" retstr = returnstr(1) @@ -857,7 +897,8 @@ probe nd_syscall.readv.return = kprobe.function("sys_readv").return, # unsigned int cmd, # void __user * arg) # -probe nd_syscall.reboot = kprobe.function("sys_reboot") +probe nd_syscall.reboot = kprobe.function("SyS_reboot") ?, + kprobe.function("sys_reboot") ? { name = "reboot" // magic = $magic1 @@ -880,7 +921,8 @@ probe nd_syscall.reboot = kprobe.function("sys_reboot") argstr = sprintf("%s, %s, %s, %p", magic_str, magic2_str, flag_str, arg_uaddr) } -probe nd_syscall.reboot.return = kprobe.function("sys_reboot").return +probe nd_syscall.reboot.return = kprobe.function("SyS_reboot").return ?, + kprobe.function("sys_reboot").return ? { name = "reboot" retstr = returnstr(1) @@ -922,7 +964,8 @@ probe nd_syscall.recv.return = kprobe.function("sys_recv").return ? # struct sockaddr __user *addr, # int __user *addr_len) # -probe nd_syscall.recvfrom = kprobe.function("sys_recvfrom") ? +probe nd_syscall.recvfrom = kprobe.function("SyS_recvfrom") ?, + kprobe.function("sys_recvfrom") ? { name = "recvfrom" // s = $fd @@ -945,7 +988,8 @@ probe nd_syscall.recvfrom = kprobe.function("sys_recvfrom") ? argstr = sprintf("%d, %p, %d, %s, %p, %p", s, buf_uaddr, len, flags_str, addr_uaddr, addrlen_uaddr) } -probe nd_syscall.recvfrom.return = kprobe.function("sys_recvfrom").return ? +probe nd_syscall.recvfrom.return = kprobe.function("SyS_recvfrom").return ?, + kprobe.function("sys_recvfrom").return ? { name = "recvfrom" retstr = returnstr(1) @@ -957,7 +1001,8 @@ probe nd_syscall.recvfrom.return = kprobe.function("sys_recvfrom").return ? # struct msghdr __user *msg, # unsigned int flags) # -probe nd_syscall.recvmsg = kprobe.function("sys_recvmsg") ? +probe nd_syscall.recvmsg = kprobe.function("SyS_recvmsg") ?, + kprobe.function("sys_recvmsg") ? { name = "recvmsg" // s = $fd @@ -972,7 +1017,8 @@ probe nd_syscall.recvmsg = kprobe.function("sys_recvmsg") ? flags_str = _recvflags_str(flags) argstr = sprintf("%d, %p, %s", s, msg_uaddr, flags_str) } -probe nd_syscall.recvmsg.return = kprobe.function("sys_recvmsg").return ? +probe nd_syscall.recvmsg.return = kprobe.function("SyS_recvmsg").return ?, + kprobe.function("sys_recvmsg").return ? { name = "recvmsg" retstr = returnstr(1) @@ -1011,7 +1057,8 @@ probe nd_syscall.compat_sys_recvmsg.return = kprobe.function("compat_sys_recvmsg # unsigned long pgoff, # unsigned long flags) # -probe nd_syscall.remap_file_pages = kprobe.function("sys_remap_file_pages") ? +probe nd_syscall.remap_file_pages = kprobe.function("SyS_remap_file_pages") ?, + kprobe.function("sys_remap_file_pages") ? { name = "remap_file_pages" // start = $start @@ -1032,7 +1079,8 @@ probe nd_syscall.remap_file_pages = kprobe.function("sys_remap_file_pages") ? argstr = sprintf("%p, %p, %p, %p, %p", start, size, prot, pgoff, flags) } -probe nd_syscall.remap_file_pages.return = kprobe.function("sys_remap_file_pages").return ? +probe nd_syscall.remap_file_pages.return = kprobe.function("SyS_remap_file_pages").return ?, + kprobe.function("sys_remap_file_pages").return ? { name = "remap_file_pages" retstr = returnstr(1) @@ -1044,7 +1092,8 @@ probe nd_syscall.remap_file_pages.return = kprobe.function("sys_remap_file_pages # sys_removexattr(char __user *path, # char __user *name) # -probe nd_syscall.removexattr = kprobe.function("sys_removexattr") +probe nd_syscall.removexattr = kprobe.function("SyS_removexattr") ?, + kprobe.function("sys_removexattr") ? { name = "removexattr" // path = user_string($path) @@ -1057,7 +1106,8 @@ probe nd_syscall.removexattr = kprobe.function("sys_removexattr") argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), user_string_quoted(pointer_arg(2))) } -probe nd_syscall.removexattr.return = kprobe.function("sys_removexattr").return +probe nd_syscall.removexattr.return = kprobe.function("SyS_removexattr").return ?, + kprobe.function("sys_removexattr").return ? { name = "removexattr" retstr = returnstr(1) @@ -1069,7 +1119,8 @@ probe nd_syscall.removexattr.return = kprobe.function("sys_removexattr").return # sys_rename(const char __user * oldname, # const char __user * newname) # -probe nd_syscall.rename = kprobe.function("sys_rename") +probe nd_syscall.rename = kprobe.function("SyS_rename") ?, + kprobe.function("sys_rename") ? { name = "rename" // oldpath = user_string($oldname) @@ -1082,12 +1133,24 @@ probe nd_syscall.rename = kprobe.function("sys_rename") argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), user_string_quoted(pointer_arg(2))) } -probe nd_syscall.rename.return = kprobe.function("sys_rename").return +probe nd_syscall.rename.return = kprobe.function("SyS_rename").return ?, + kprobe.function("sys_rename").return ? { name = "rename" retstr = returnstr(1) } +# renameat ___________________________________________________ +# TODO +#probe nd_syscall.renameat = kprobe.function("SyS_renameat") ?, +# kprobe.function("sys_renameat") ? +#{ +#} +#probe nd_syscall.renameat.return = kprobe.function("SyS_renameat").return ?, +# kprobe.function("sys_renameat").return ? +#{ +#} + # request_key ________________________________________________ # # long sys_request_key(const char __user *_type, @@ -1096,7 +1159,8 @@ probe nd_syscall.rename.return = kprobe.function("sys_rename").return # key_serial_t destringid) # compat_sys_request_key() calls sys_request_key, so don't need probe there. # -probe nd_syscall.request_key = kprobe.function("sys_request_key") ? +probe nd_syscall.request_key = kprobe.function("SyS_request_key") ?, + kprobe.function("sys_request_key") ? { name = "request_key" // type_uaddr = $_type @@ -1111,7 +1175,8 @@ probe nd_syscall.request_key = kprobe.function("sys_request_key") ? destringid = u32_arg(4) argstr = sprintf("%p, %p, %p, %p", type_uaddr, description_uaddr, callout_info_uaddr, destringid) } -probe nd_syscall.request_key.return = kprobe.function("sys_request_key").return ? +probe nd_syscall.request_key.return = kprobe.function("SyS_request_key").return ?, + kprobe.function("sys_request_key").return ? { name = "request_key" retstr = returnstr(1) @@ -1138,7 +1203,8 @@ probe nd_syscall.restart_syscall.return = kprobe.function("sys_restart_syscall") # asmlinkage long # sys_rmdir(const char __user * pathname) # -probe nd_syscall.rmdir = kprobe.function("sys_rmdir") +probe nd_syscall.rmdir = kprobe.function("SyS_rmdir") ?, + kprobe.function("sys_rmdir") ? { name = "rmdir" // pathname = user_string($pathname) @@ -1147,7 +1213,8 @@ probe nd_syscall.rmdir = kprobe.function("sys_rmdir") pathname = user_string(pointer_arg(1)) argstr = user_string_quoted(pointer_arg(1)) } -probe nd_syscall.rmdir.return = kprobe.function("sys_rmdir").return +probe nd_syscall.rmdir.return = kprobe.function("SyS_rmdir").return ?, + kprobe.function("sys_rmdir").return ? { name = "rmdir" retstr = returnstr(1) @@ -1160,7 +1227,8 @@ probe nd_syscall.rmdir.return = kprobe.function("sys_rmdir").return # struct sigaction __user *oact, # size_t sigsetsize) # -probe nd_syscall.rt_sigaction = kprobe.function("sys_rt_sigaction") ? +probe nd_syscall.rt_sigaction = kprobe.function("SyS_rt_sigaction") ?, + kprobe.function("sys_rt_sigaction") ? { name = "rt_sigaction" // sig = $sig @@ -1177,7 +1245,8 @@ probe nd_syscall.rt_sigaction = kprobe.function("sys_rt_sigaction") ? argstr = sprintf("%s, {%s}, %p, %d", _signal_name(sig), _struct_sigaction_u(act_uaddr), oact_uaddr, sigsetsize) } -probe nd_syscall.rt_sigaction.return = kprobe.function("sys_rt_sigaction").return ? +probe nd_syscall.rt_sigaction.return = kprobe.function("SyS_rt_sigaction").return ?, + kprobe.function("sys_rt_sigaction").return ? { name = "rt_sigaction" retstr = returnstr(1) @@ -1221,7 +1290,8 @@ probe nd_syscall.rt_sigaction32.return = kprobe.function("sys32_rt_sigaction").r # # long sys_rt_sigpending(sigset_t __user *set, size_t sigsetsize) # -probe nd_syscall.rt_sigpending = kprobe.function("sys_rt_sigpending") ? +probe nd_syscall.rt_sigpending = kprobe.function("SyS_rt_sigpending") ?, + kprobe.function("sys_rt_sigpending") ? { name = "rt_sigpending" // set_uaddr = $set @@ -1232,7 +1302,8 @@ probe nd_syscall.rt_sigpending = kprobe.function("sys_rt_sigpending") ? sigsetsize = ulong_arg(2) argstr = sprintf("%p, %d", set_uaddr, sigsetsize) } -probe nd_syscall.rt_sigpending.return = kprobe.function("sys_rt_sigpending").return ? +probe nd_syscall.rt_sigpending.return = kprobe.function("SyS_rt_sigpending").return ?, + kprobe.function("sys_rt_sigpending").return ? { name = "rt_sigpending" retstr = returnstr(1) @@ -1245,6 +1316,7 @@ probe nd_syscall.rt_sigpending.return = kprobe.function("sys_rt_sigpending").ret # probe nd_syscall.rt_sigprocmask = kprobe.function("sys32_rt_sigprocmask") ?, kprobe.function("compat_sys_rt_sigprocmask") ?, + kprobe.function("SyS_rt_sigprocmask") ?, kprobe.function("sys_rt_sigprocmask") ? { name = "rt_sigprocmask" @@ -1265,6 +1337,7 @@ probe nd_syscall.rt_sigprocmask = kprobe.function("sys32_rt_sigprocmask") ?, } probe nd_syscall.rt_sigprocmask.return = kprobe.function("sys32_rt_sigprocmask").return ?, kprobe.function("compat_sys_rt_sigprocmask").return ?, + kprobe.function("SyS_rt_sigprocmask").return ?, kprobe.function("sys_rt_sigprocmask").return ? { name = "rt_sigprocmask" @@ -1275,7 +1348,8 @@ probe nd_syscall.rt_sigprocmask.return = kprobe.function("sys32_rt_sigprocmask") # # long sys_rt_sigqueueinfo(int pid, int sig, siginfo_t __user *uinfo) # -probe nd_syscall.rt_sigqueueinfo = kprobe.function("sys_rt_sigqueueinfo") +probe nd_syscall.rt_sigqueueinfo = kprobe.function("SyS_rt_sigqueueinfo") ?, + kprobe.function("sys_rt_sigqueueinfo") ? { name = "rt_sigqueueinfo" // pid = $pid @@ -1288,7 +1362,8 @@ probe nd_syscall.rt_sigqueueinfo = kprobe.function("sys_rt_sigqueueinfo") uinfo_uaddr = pointer_arg(3) argstr = sprintf("%d, %s, %p", pid, _signal_name(sig), uinfo_uaddr) } -probe nd_syscall.rt_sigqueueinfo.return = kprobe.function("sys_rt_sigqueueinfo").return +probe nd_syscall.rt_sigqueueinfo.return = kprobe.function("SyS_rt_sigqueueinfo").return ?, + kprobe.function("sys_rt_sigqueueinfo").return ? { name = "rt_sigqueueinfo" retstr = returnstr(1) @@ -1314,16 +1389,18 @@ probe nd_syscall.rt_sigreturn.return = kprobe.function("sys_rt_sigreturn").retur # # sys_rt_sigsuspend(struct pt_regs regs) # -probe nd_syscall.rt_sigsuspend = kprobe.function("sys_rt_sigsuspend") ?, - kprobe.function("compat_sys_rt_sigsuspend") ?, - kprobe.function("ia64_rt_sigsuspend") ? +probe nd_syscall.rt_sigsuspend = kprobe.function("compat_sys_rt_sigsuspend") ?, + kprobe.function("ia64_rt_sigsuspend") ?, + kprobe.function("SyS_rt_sigsuspend") ?, + kprobe.function("sys_rt_sigsuspend") ? { name = "rt_sigsuspend" argstr = "" } -probe nd_syscall.rt_sigsuspend.return = kprobe.function("sys_rt_sigsuspend").return ?, - kprobe.function("compat_sys_rt_sigsuspend").return ?, - kprobe.function("ia64_rt_sigsuspend").return ? +probe nd_syscall.rt_sigsuspend.return = kprobe.function("compat_sys_rt_sigsuspend").return ?, + kprobe.function("ia64_rt_sigsuspend").return ?, + kprobe.function("SyS_rt_sigsuspend").return ?, + kprobe.function("sys_rt_sigsuspend").return ? { name = "rt_sigsuspend" retstr = returnstr(1) @@ -1339,8 +1416,9 @@ probe nd_syscall.rt_sigsuspend.return = kprobe.function("sys_rt_sigsuspend").ret # struct compat_siginfo __user *uinfo, # struct compat_timespec __user *uts, compat_size_t sigsetsize) # -probe nd_syscall.rt_sigtimedwait = kprobe.function("sys_rt_sigtimedwait"), - kprobe.function("compat_sys_rt_sigtimedwait") ? +probe nd_syscall.rt_sigtimedwait = kprobe.function("compat_sys_rt_sigtimedwait") ?, + kprobe.function("SyS_rt_sigtimedwait") ?, + kprobe.function("sys_rt_sigtimedwait") ? { name = "rt_sigtimedwait" // uthese_uaddr = $uthese @@ -1358,8 +1436,9 @@ probe nd_syscall.rt_sigtimedwait = kprobe.function("sys_rt_sigtimedwait"), sigsetsize = u32_arg(4) argstr = sprintf("%p, %p, %p, %d", uthese_uaddr, uinfo_uaddr, uts_uaddr, sigsetsize) } -probe nd_syscall.rt_sigtimedwait.return = kprobe.function("sys_rt_sigtimedwait").return, - kprobe.function("compat_sys_rt_sigtimedwait").return ? +probe nd_syscall.rt_sigtimedwait.return = kprobe.function("compat_sys_rt_sigtimedwait").return ?, + kprobe.function("SyS_rt_sigtimedwait").return ?, + kprobe.function("sys_rt_sigtimedwait").return ? { name = "rt_sigtimedwait" retstr = returnstr(1) @@ -1372,7 +1451,8 @@ probe nd_syscall.rt_sigtimedwait.return = kprobe.function("sys_rt_sigtimedwait") # unsigned int len, # unsigned long __user *user_mask_ptr) # -probe nd_syscall.sched_getaffinity = kprobe.function("sys_sched_getaffinity") +probe nd_syscall.sched_getaffinity = kprobe.function("SyS_sched_getaffinity") ?, + kprobe.function("sys_sched_getaffinity") ? { name = "sched_getaffinity" // pid = $pid @@ -1384,7 +1464,8 @@ probe nd_syscall.sched_getaffinity = kprobe.function("sys_sched_getaffinity") mask_uaddr = pointer_arg(3) argstr = sprintf("%d, %p, %p", pid, len, mask_uaddr) } -probe nd_syscall.sched_getaffinity.return = kprobe.function("sys_sched_getaffinity").return +probe nd_syscall.sched_getaffinity.return = kprobe.function("SyS_sched_getaffinity").return ?, + kprobe.function("sys_sched_getaffinity").return ? { name = "sched_getaffinity" retstr = returnstr(1) @@ -1396,7 +1477,8 @@ probe nd_syscall.sched_getaffinity.return = kprobe.function("sys_sched_getaffini # sys_sched_getparam(pid_t pid, # struct sched_param __user *param) # -probe nd_syscall.sched_getparam = kprobe.function("sys_sched_getparam") +probe nd_syscall.sched_getparam = kprobe.function("SyS_sched_getparam") ?, + kprobe.function("sys_sched_getparam") ? { name = "sched_getparam" // pid = $pid @@ -1406,7 +1488,8 @@ probe nd_syscall.sched_getparam = kprobe.function("sys_sched_getparam") p_uaddr = pointer_arg(2) argstr = sprintf("%d, %p", pid, p_uaddr) } -probe nd_syscall.sched_getparam.return = kprobe.function("sys_sched_getparam").return +probe nd_syscall.sched_getparam.return = kprobe.function("SyS_sched_getparam").return ?, + kprobe.function("sys_sched_getparam").return ? { name = "sched_getparam" retstr = returnstr(1) @@ -1417,7 +1500,8 @@ probe nd_syscall.sched_getparam.return = kprobe.function("sys_sched_getparam").r # asmlinkage long # sys_sched_get_priority_max(int policy) # -probe nd_syscall.sched_get_priority_max = kprobe.function("sys_sched_get_priority_max") +probe nd_syscall.sched_get_priority_max = kprobe.function("SyS_sched_get_priority_max") ?, + kprobe.function("sys_sched_get_priority_max") ? { name = "sched_get_priority_max" // policy = $policy @@ -1425,7 +1509,8 @@ probe nd_syscall.sched_get_priority_max = kprobe.function("sys_sched_get_priorit policy = int_arg(1) argstr = sprint(policy) } -probe nd_syscall.sched_get_priority_max.return = kprobe.function("sys_sched_get_priority_max").return +probe nd_syscall.sched_get_priority_max.return = kprobe.function("SyS_sched_get_priority_max").return ?, + kprobe.function("sys_sched_get_priority_max").return ? { name = "sched_get_priority_max" retstr = returnstr(1) @@ -1436,7 +1521,8 @@ probe nd_syscall.sched_get_priority_max.return = kprobe.function("sys_sched_get_ # asmlinkage long # sys_sched_get_priority_min(int policy) # -probe nd_syscall.sched_get_priority_min = kprobe.function("sys_sched_get_priority_min") +probe nd_syscall.sched_get_priority_min = kprobe.function("SyS_sched_get_priority_min") ?, + kprobe.function("sys_sched_get_priority_min") ? { name = "sched_get_priority_min" // policy = $policy @@ -1444,7 +1530,8 @@ probe nd_syscall.sched_get_priority_min = kprobe.function("sys_sched_get_priorit policy = int_arg(1) argstr = sprint(policy) } -probe nd_syscall.sched_get_priority_min.return = kprobe.function("sys_sched_get_priority_min").return +probe nd_syscall.sched_get_priority_min.return = kprobe.function("SyS_sched_get_priority_min").return ?, + kprobe.function("sys_sched_get_priority_min").return ? { name = "sched_get_priority_min" retstr = returnstr(1) @@ -1454,7 +1541,8 @@ probe nd_syscall.sched_get_priority_min.return = kprobe.function("sys_sched_get_ # # long sys_sched_getscheduler(pid_t pid) # -probe nd_syscall.sched_getscheduler = kprobe.function("sys_sched_getscheduler") +probe nd_syscall.sched_getscheduler = kprobe.function("SyS_sched_getscheduler") ?, + kprobe.function("sys_sched_getscheduler") ? { name = "sched_getscheduler" // pid = $pid @@ -1463,7 +1551,8 @@ probe nd_syscall.sched_getscheduler = kprobe.function("sys_sched_getscheduler") pid = int_arg(1) argstr = sprint(pid) } -probe nd_syscall.sched_getscheduler.return = kprobe.function("sys_sched_getscheduler").return +probe nd_syscall.sched_getscheduler.return = kprobe.function("SyS_sched_getscheduler").return ?, + kprobe.function("sys_sched_getscheduler").return ? { name = "sched_getscheduler" retstr = returnstr(1) @@ -1473,7 +1562,8 @@ probe nd_syscall.sched_getscheduler.return = kprobe.function("sys_sched_getsched # # long sys_sched_rr_get_interval(pid_t pid, struct timespec __user *interval) # -probe nd_syscall.sched_rr_get_interval = kprobe.function("sys_sched_rr_get_interval") +probe nd_syscall.sched_rr_get_interval = kprobe.function("SyS_sched_rr_get_interval") ?, + kprobe.function("sys_sched_rr_get_interval") ? { name = "sched_rr_get_interval" // pid = $pid @@ -1484,7 +1574,8 @@ probe nd_syscall.sched_rr_get_interval = kprobe.function("sys_sched_rr_get_inter tp_uaddr = pointer_arg(2) argstr = sprintf("%d, %s", pid, _struct_timespec_u(tp_uaddr, 1)) } -probe nd_syscall.sched_rr_get_interval.return = kprobe.function("sys_sched_rr_get_interval").return +probe nd_syscall.sched_rr_get_interval.return = kprobe.function("SyS_sched_rr_get_interval").return ?, + kprobe.function("sys_sched_rr_get_interval").return ? { name = "sched_rr_get_interval" retstr = returnstr(1) @@ -1497,7 +1588,8 @@ probe nd_syscall.sched_rr_get_interval.return = kprobe.function("sys_sched_rr_ge # FIXME: why the problem with x86_64? # %( arch != "x86_64" %? -probe nd_syscall.sched_setaffinity = kprobe.function("sys_sched_setaffinity") +probe nd_syscall.sched_setaffinity = kprobe.function("SyS_sched_setaffinity") ?, + kprobe.function("sys_sched_setaffinity") ? { name = "sched_setaffinity" // pid = $pid @@ -1511,7 +1603,8 @@ probe nd_syscall.sched_setaffinity = kprobe.function("sys_sched_setaffinity") argstr = sprintf("%d, %d, %p", pid, len, mask_uaddr) } %: -probe nd_syscall.sched_setaffinity = kprobe.function("sys_sched_setaffinity") +probe nd_syscall.sched_setaffinity = kprobe.function("SyS_sched_setaffinity") ?, + kprobe.function("sys_sched_setaffinity") ? { name = "sched_setaffinity" // pid = $pid @@ -1525,7 +1618,8 @@ probe nd_syscall.sched_setaffinity = kprobe.function("sys_sched_setaffinity") argstr = sprintf("%d, , %p", pid, mask_uaddr) } %) -probe nd_syscall.sched_setaffinity.return = kprobe.function("sys_sched_setaffinity").return +probe nd_syscall.sched_setaffinity.return = kprobe.function("SyS_sched_setaffinity").return ?, + kprobe.function("sys_sched_setaffinity").return ? { name = "sched_setaffinity" retstr = returnstr(1) @@ -1535,7 +1629,8 @@ probe nd_syscall.sched_setaffinity.return = kprobe.function("sys_sched_setaffini # # long sys_sched_setparam(pid_t pid, struct sched_param __user *param) # -probe nd_syscall.sched_setparam = kprobe.function("sys_sched_setparam") ? +probe nd_syscall.sched_setparam = kprobe.function("SyS_sched_setparam") ?, + kprobe.function("sys_sched_setparam") ? { name = "sched_setparam" // pid = $pid @@ -1546,7 +1641,8 @@ probe nd_syscall.sched_setparam = kprobe.function("sys_sched_setparam") ? p_uaddr = pointer_arg(2) argstr = sprintf("%d, %p", pid, p_uaddr) } -probe nd_syscall.sched_setparam.return = kprobe.function("sys_sched_setparam").return ? +probe nd_syscall.sched_setparam.return = kprobe.function("SyS_sched_setparam").return ?, + kprobe.function("sys_sched_setparam").return ? { name = "sched_setparam" retstr = returnstr(1) @@ -1556,7 +1652,8 @@ probe nd_syscall.sched_setparam.return = kprobe.function("sys_sched_setparam").r # # long sys_sched_setscheduler(pid_t pid, int policy, struct sched_param __user *param) # -probe nd_syscall.sched_setscheduler = kprobe.function("sys_sched_setscheduler") ? +probe nd_syscall.sched_setscheduler = kprobe.function("SyS_sched_setscheduler") ?, + kprobe.function("sys_sched_setscheduler") ? { name = "sched_setscheduler" // pid = $pid @@ -1571,7 +1668,8 @@ probe nd_syscall.sched_setscheduler = kprobe.function("sys_sched_setscheduler") p_uaddr = pointer_arg(3) argstr = sprintf("%d, %s, %p", pid, policy_str, p_uaddr) } -probe nd_syscall.sched_setscheduler.return = kprobe.function("sys_sched_setscheduler").return ? +probe nd_syscall.sched_setscheduler.return = kprobe.function("SyS_sched_setscheduler").return ?, + kprobe.function("sys_sched_setscheduler").return ? { name = "sched_setscheduler" retstr = returnstr(1) @@ -1598,7 +1696,8 @@ probe nd_syscall.sched_yield.return = kprobe.function("sys_sched_yield").return # fd_set __user *exp, # struct timeval __user *tvp) # -probe nd_syscall.select = kprobe.function("sys_select") +probe nd_syscall.select = kprobe.function("SyS_select") ?, + kprobe.function("sys_select") ? { name = "select" // n = $n @@ -1617,7 +1716,8 @@ probe nd_syscall.select = kprobe.function("sys_select") argstr = sprintf("%d, %p, %p, %p, %s", n, readfds_uaddr, writefds_uaddr, exceptfds_uaddr, _struct_timeval_u(timeout_uaddr, 1)) } -probe nd_syscall.select.return = kprobe.function("sys_select").return +probe nd_syscall.select.return = kprobe.function("SyS_select").return ?, + kprobe.function("sys_select").return ? { name = "select" retstr = returnstr(1) @@ -1659,7 +1759,8 @@ probe nd_syscall.compat_select.return = kprobe.function("compat_sys_select").ret # int cmd, # union semun arg) # -probe nd_syscall.semctl = kprobe.function("sys_semctl") ? +probe nd_syscall.semctl = kprobe.function("SyS_semctl") ?, + kprobe.function("sys_semctl") ? { name = "semctl" // semid = $semid @@ -1676,7 +1777,8 @@ probe nd_syscall.semctl = kprobe.function("sys_semctl") ? cmd = int_arg(3) argstr = sprintf("%d, %d, %s", semid, semnum, _semctl_cmd(cmd)) // ** jk done } -probe nd_syscall.semctl.return = kprobe.function("sys_semctl").return ? +probe nd_syscall.semctl.return = kprobe.function("SyS_semctl").return ?, + kprobe.function("sys_semctl").return ? { name = "semctl" retstr = returnstr(1) @@ -1700,7 +1802,8 @@ probe nd_syscall.semctl.return = kprobe.function("sys_semctl").return ? # semget _____________________________________________________ # long sys_semget (key_t key, int nsems, int semflg) # -probe nd_syscall.semget = kprobe.function("sys_semget") ? +probe nd_syscall.semget = kprobe.function("SyS_semget") ?, + kprobe.function("sys_semget") ? { name = "semget" // key = $key @@ -1713,7 +1816,8 @@ probe nd_syscall.semget = kprobe.function("sys_semget") ? semflg = int_arg(3) argstr = sprintf("%d, %d, %s", key, nsems, __sem_flags(semflg)) } -probe nd_syscall.semget.return = kprobe.function("sys_semget").return ? +probe nd_syscall.semget.return = kprobe.function("SyS_semget").return ?, + kprobe.function("sys_semget").return ? { name = "semget" retstr = returnstr(1) @@ -1725,7 +1829,8 @@ probe nd_syscall.semget.return = kprobe.function("sys_semget").return ? # struct sembuf __user *tsops, # unsigned nsops) # -probe nd_syscall.semop = kprobe.function("sys_semtimedop") ? +probe nd_syscall.semop = kprobe.function("SyS_semtimedop") ?, + kprobe.function("sys_semtimedop") ? { name = "semop" // semid = $semid @@ -1738,7 +1843,8 @@ probe nd_syscall.semop = kprobe.function("sys_semtimedop") ? nsops = uint_arg(3) argstr = sprintf("%d, %p, %d", semid, tsops_uaddr, nsops) } -probe nd_syscall.semop.return = kprobe.function("sys_semtimedop").return ? +probe nd_syscall.semop.return = kprobe.function("SyS_semtimedop").return ?, + kprobe.function("sys_semtimedop").return ? { name = "semop" retstr = returnstr(1) @@ -1751,7 +1857,8 @@ probe nd_syscall.semop.return = kprobe.function("sys_semtimedop").return ? # unsigned nsops, # const struct timespec __user *timeout) # -probe nd_syscall.semtimedop = kprobe.function("sys_semtimedop") ? +probe nd_syscall.semtimedop = kprobe.function("SyS_semtimedop") ?, + kprobe.function("sys_semtimedop") ? { name = "semtimedop" // semid = $semid @@ -1768,7 +1875,8 @@ probe nd_syscall.semtimedop = kprobe.function("sys_semtimedop") ? argstr = sprintf("%d, %p, %d, %s", semid, sops_uaddr, nsops, _struct_timespec_u(timeout_uaddr, 1)) } -probe nd_syscall.semtimedop.return = kprobe.function("sys_semtimedop").return ? +probe nd_syscall.semtimedop.return = kprobe.function("SyS_semtimedop").return ?, + kprobe.function("sys_semtimedop").return ? { name = "semtimedop" retstr = returnstr(1) @@ -1809,7 +1917,8 @@ probe nd_syscall.compat_sys_semtimedop.return = kprobe.function("compat_sys_semt # size_t len, # unsigned flags) # -probe nd_syscall.send = kprobe.function("sys_send") ? +probe nd_syscall.send = kprobe.function("SyS_send") ?, + kprobe.function("sys_send") ? { name = "send" // s = $fd @@ -1826,7 +1935,8 @@ probe nd_syscall.send = kprobe.function("sys_send") ? flags_str = _sendflags_str(flags) argstr = sprintf("%d, %p, %d, %s", s, buf_uaddr, len, flags_str) } -probe nd_syscall.send.return = kprobe.function("sys_send").return ? +probe nd_syscall.send.return = kprobe.function("SyS_send").return ?, + kprobe.function("sys_send").return ? { name = "send" retstr = returnstr(1) @@ -1839,7 +1949,9 @@ probe nd_syscall.send.return = kprobe.function("sys_send").return ? # off_t __user *offset, # size_t count) # -probe nd_syscall.sendfile = kprobe.function("sys_sendfile") ?, +probe nd_syscall.sendfile = kprobe.function("SyS_sendfile") ?, + kprobe.function("sys_sendfile") ?, + kprobe.function("SyS_sendfile64") ?, kprobe.function("sys_sendfile64") ? { name = "sendfile" @@ -1857,7 +1969,9 @@ probe nd_syscall.sendfile = kprobe.function("sys_sendfile") ?, argstr = sprintf("%d, %d, %p, %d", out_fd, in_fd, offset_uaddr, count) } -probe nd_syscall.sendfile.return = kprobe.function("sys_sendfile").return ?, +probe nd_syscall.sendfile.return = kprobe.function("SyS_sendfile").return ?, + kprobe.function("sys_sendfile").return ?, + kprobe.function("SyS_sendfile64").return ?, kprobe.function("sys_sendfile64").return ? { name = "sendfile" @@ -1868,7 +1982,8 @@ probe nd_syscall.sendfile.return = kprobe.function("sys_sendfile").return ?, # # long sys_sendmsg(int fd, struct msghdr __user *msg, unsigned flags) # -probe nd_syscall.sendmsg = kprobe.function("sys_sendmsg") ? +probe nd_syscall.sendmsg = kprobe.function("SyS_sendmsg") ?, + kprobe.function("sys_sendmsg") ? { name = "sendmsg" // s = $fd @@ -1883,7 +1998,8 @@ probe nd_syscall.sendmsg = kprobe.function("sys_sendmsg") ? flags_str = _sendflags_str(flags) argstr = sprintf("%d, %p, %s", s, msg_uaddr, _sendflags_str(flags)) } -probe nd_syscall.sendmsg.return = kprobe.function("sys_sendmsg").return ? +probe nd_syscall.sendmsg.return = kprobe.function("SyS_sendmsg").return ?, + kprobe.function("sys_sendmsg").return ? { name = "sendmsg" retstr = returnstr(1) @@ -1921,7 +2037,8 @@ probe nd_syscall.compat_sys_sendmsg.return = kprobe.function("compat_sys_sendmsg # struct sockaddr __user *addr, # int addr_len) # -probe nd_syscall.sendto = kprobe.function("sys_sendto") ? +probe nd_syscall.sendto = kprobe.function("SyS_sendto") ?, + kprobe.function("sys_sendto") ? { name = "sendto" // s = $fd @@ -1944,7 +2061,8 @@ probe nd_syscall.sendto = kprobe.function("sys_sendto") ? argstr = sprintf("%d, %p, %d, %s, %s, %d", s, buf_uaddr, len, flags_str, _struct_sockaddr_u(to_uaddr, tolen), tolen) } -probe nd_syscall.sendto.return = kprobe.function("sys_sendto").return ? +probe nd_syscall.sendto.return = kprobe.function("SyS_sendto").return ?, + kprobe.function("sys_sendto").return ? { name = "sendto" retstr = returnstr(1) @@ -1956,7 +2074,8 @@ probe nd_syscall.sendto.return = kprobe.function("sys_sendto").return ? # sys_setdomainname(char __user *name, # int len) # -probe nd_syscall.setdomainname = kprobe.function("sys_setdomainname") +probe nd_syscall.setdomainname = kprobe.function("SyS_setdomainname") ?, + kprobe.function("sys_setdomainname") ? { name = "setdomainname" // hostname_uaddr = $name @@ -1967,7 +2086,8 @@ probe nd_syscall.setdomainname = kprobe.function("sys_setdomainname") len = int_arg(2) argstr = sprintf("%p, %d", hostname_uaddr, len) } -probe nd_syscall.setdomainname.return = kprobe.function("sys_setdomainname").return +probe nd_syscall.setdomainname.return = kprobe.function("SyS_setdomainname").return ?, + kprobe.function("sys_setdomainname").return ? { name = "setdomainname" retstr = returnstr(1) @@ -1977,8 +2097,9 @@ probe nd_syscall.setdomainname.return = kprobe.function("sys_setdomainname").ret # long sys_setfsgid(gid_t gid) # long sys_setfsgid16(old_gid_t gid) # -probe nd_syscall.setfsgid = kprobe.function("sys_setfsgid") ?, - kprobe.function("sys_setfsgid16") ? +probe nd_syscall.setfsgid = kprobe.function("sys_setfsgid16") ?, + kprobe.function("SyS_setfsgid") ?, + kprobe.function("sys_setfsgid") ? { name = "setfsgid" // fsgid = $gid @@ -1987,8 +2108,9 @@ probe nd_syscall.setfsgid = kprobe.function("sys_setfsgid") ?, fsgid = uint_arg(1) argstr = sprint(fsgid) } -probe nd_syscall.setfsgid.return = kprobe.function("sys_setfsgid").return ?, - kprobe.function("sys_setfsgid16").return ? +probe nd_syscall.setfsgid.return = kprobe.function("sys_setfsgid16").return ?, + kprobe.function("SyS_setfsgid").return ?, + kprobe.function("sys_setfsgid").return ? { name = "setfsgid" retstr = returnstr(1) @@ -1998,8 +2120,9 @@ probe nd_syscall.setfsgid.return = kprobe.function("sys_setfsgid").return ?, # long sys_setfsuid(uid_t uid) # long sys_setfsuid16(old_uid_t uid) # -probe nd_syscall.setfsuid = kprobe.function("sys_setfsuid") ?, - kprobe.function("sys_setfsuid16") ? +probe nd_syscall.setfsuid = kprobe.function("sys_setfsuid16") ?, + kprobe.function("SyS_setfsuid") ?, + kprobe.function("sys_setfsuid") ? { name = "setfsuid" // fsuid = $uid @@ -2008,8 +2131,9 @@ probe nd_syscall.setfsuid = kprobe.function("sys_setfsuid") ?, fsuid = uint_arg(1) argstr = sprint(fsuid) } -probe nd_syscall.setfsuid.return = kprobe.function("sys_setfsuid").return ?, - kprobe.function("sys_setfsuid16").return ? +probe nd_syscall.setfsuid.return = kprobe.function("sys_setfsuid16").return ?, + kprobe.function("SyS_setfsuid").return ?, + kprobe.function("sys_setfsuid").return ? { name = "setfsuid" retstr = returnstr(1) @@ -2020,8 +2144,9 @@ probe nd_syscall.setfsuid.return = kprobe.function("sys_setfsuid").return ?, # long sys_setgid(gid_t gid) # long sys_setgid16(old_gid_t gid) # -probe nd_syscall.setgid = kprobe.function("sys_setgid") ?, - kprobe.function("sys_setgid16") ? +probe nd_syscall.setgid = kprobe.function("sys_setgid16") ?, + kprobe.function("SyS_setgid") ?, + kprobe.function("sys_setgid") ? { name = "setgid" // gid = $gid @@ -2030,8 +2155,9 @@ probe nd_syscall.setgid = kprobe.function("sys_setgid") ?, gid = uint_arg(1) argstr = sprint(gid) } -probe nd_syscall.setgid.return = kprobe.function("sys_setgid").return ?, - kprobe.function("sys_setgid16").return ? +probe nd_syscall.setgid.return = kprobe.function("sys_setgid16").return ?, + kprobe.function("SyS_setgid").return ?, + kprobe.function("sys_setgid").return ? { name = "setgid" retstr = returnstr(1) @@ -2043,9 +2169,10 @@ probe nd_syscall.setgid.return = kprobe.function("sys_setgid").return ?, # long sys_setgroups16(int gidsetsize, old_gid_t __user *grouplist) # long sys32_setgroups16(int gidsetsize, u16 __user *grouplist) # -probe nd_syscall.setgroups = kprobe.function("sys_setgroups") ?, - kprobe.function("sys_setgroups16") ?, - kprobe.function("sys32_setgroups16") ? +probe nd_syscall.setgroups = kprobe.function("sys_setgroups16") ?, + kprobe.function("sys32_setgroups16") ?, + kprobe.function("SyS_setgroups") ?, + kprobe.function("sys_setgroups") ? { name = "setgroups" // size = $gidsetsize @@ -2056,9 +2183,10 @@ probe nd_syscall.setgroups = kprobe.function("sys_setgroups") ?, list_uaddr = pointer_arg(2) argstr = sprintf("%d, %p", size, list_uaddr) } -probe nd_syscall.setgroups.return = kprobe.function("sys_setgroups").return ?, - kprobe.function("sys_setgroups16").return ?, - kprobe.function("sys32_setgroups16").return ? +probe nd_syscall.setgroups.return = kprobe.function("sys_setgroups16").return ?, + kprobe.function("sys32_setgroups16").return ?, + kprobe.function("SyS_setgroups").return ?, + kprobe.function("sys_setgroups").return ? { name = "setgroups" retstr = returnstr(1) @@ -2070,7 +2198,8 @@ probe nd_syscall.setgroups.return = kprobe.function("sys_setgroups").return ?, # sys_sethostname(char __user *name, # int len) # -probe nd_syscall.sethostname = kprobe.function("sys_sethostname") +probe nd_syscall.sethostname = kprobe.function("SyS_sethostname") ?, + kprobe.function("sys_sethostname") ? { name = "sethostname" // hostname_uaddr = $name @@ -2083,7 +2212,8 @@ probe nd_syscall.sethostname = kprobe.function("sys_sethostname") len = int_arg(2) argstr = sprintf("%s, %d", user_string_quoted(hostname_uaddr), len) } -probe nd_syscall.sethostname.return = kprobe.function("sys_sethostname").return +probe nd_syscall.sethostname.return = kprobe.function("SyS_sethostname").return ?, + kprobe.function("sys_sethostname").return ? { name = "sethostname" retstr = returnstr(1) @@ -2095,7 +2225,8 @@ probe nd_syscall.sethostname.return = kprobe.function("sys_sethostname").return # struct itimerval __user *value, # struct itimerval __user *ovalue) # -probe nd_syscall.setitimer = kprobe.function("sys_setitimer") +probe nd_syscall.setitimer = kprobe.function("SyS_setitimer") ?, + kprobe.function("sys_setitimer") ? { name = "setitimer" // which = $which @@ -2110,7 +2241,8 @@ probe nd_syscall.setitimer = kprobe.function("sys_setitimer") argstr = sprintf("%s, %s, %p", _itimer_which_str(which), _struct_itimerval_u(value_uaddr), ovalue_uaddr) } -probe nd_syscall.setitimer.return = kprobe.function("sys_setitimer").return +probe nd_syscall.setitimer.return = kprobe.function("SyS_setitimer").return ?, + kprobe.function("sys_setitimer").return ? { name = "setitimer" retstr = returnstr(1) @@ -2146,8 +2278,9 @@ probe nd_syscall.compat_setitimer.return = kprobe.function("compat_sys_setitimer # unsigned long __user *nmask, # unsigned long maxnode) # -probe nd_syscall.set_mempolicy = kprobe.function("sys_set_mempolicy") ?, - kprobe.function("compat_sys_set_mempolicy") ? +probe nd_syscall.set_mempolicy = kprobe.function("compat_sys_set_mempolicy") ?, + kprobe.function("SyS_set_mempolicy") ?, + kprobe.function("sys_set_mempolicy") ? { name = "set_mempolicy" // mode = $mode @@ -2160,8 +2293,9 @@ probe nd_syscall.set_mempolicy = kprobe.function("sys_set_mempolicy") ?, maxnode = ulong_arg(3) argstr = sprintf("%d, %p, %d", mode, nmask_uaddr, maxnode) } -probe nd_syscall.set_mempolicy.return = kprobe.function("sys_set_mempolicy").return ?, - kprobe.function("compat_sys_set_mempolicy").return ? +probe nd_syscall.set_mempolicy.return = kprobe.function("compat_sys_set_mempolicy").return ?, + kprobe.function("SyS_set_mempolicy").return ?, + kprobe.function("sys_set_mempolicy").return ? { name = "set_mempolicy" retstr = returnstr(1) @@ -2173,7 +2307,8 @@ probe nd_syscall.set_mempolicy.return = kprobe.function("sys_set_mempolicy").ret # sys_setpgid(pid_t pid, # pid_t pgid) # -probe nd_syscall.setpgid = kprobe.function("sys_setpgid") +probe nd_syscall.setpgid = kprobe.function("SyS_setpgid") ?, + kprobe.function("sys_setpgid") ? { name = "setpgid" // pid = $pid @@ -2184,7 +2319,8 @@ probe nd_syscall.setpgid = kprobe.function("sys_setpgid") pgid = int_arg(2) argstr = sprintf("%d, %d", pid, pgid) } -probe nd_syscall.setpgid.return = kprobe.function("sys_setpgid").return +probe nd_syscall.setpgid.return = kprobe.function("SyS_setpgid").return ?, + kprobe.function("sys_setpgid").return ? { name = "setpgid" retstr = returnstr(1) @@ -2197,7 +2333,8 @@ probe nd_syscall.setpgid.return = kprobe.function("sys_setpgid").return # int who, # int niceval) # -probe nd_syscall.setpriority = kprobe.function("sys_setpriority") +probe nd_syscall.setpriority = kprobe.function("SyS_setpriority") ?, + kprobe.function("sys_setpriority") ? { name = "setpriority" // which = $which @@ -2212,7 +2349,8 @@ probe nd_syscall.setpriority = kprobe.function("sys_setpriority") prio = int_arg(3) argstr = sprintf("%s, %d, %d", which_str, who, prio) } -probe nd_syscall.setpriority.return = kprobe.function("sys_setpriority").return +probe nd_syscall.setpriority.return = kprobe.function("SyS_setpriority").return ?, + kprobe.function("sys_setpriority").return ? { name = "setpriority" retstr = returnstr(1) @@ -2221,7 +2359,8 @@ probe nd_syscall.setpriority.return = kprobe.function("sys_setpriority").return # setregid ___________________________________________________ # long sys_setregid(gid_t rgid, gid_t egid) # -probe nd_syscall.setregid = kprobe.function("sys_setregid") +probe nd_syscall.setregid = kprobe.function("SyS_setregid") ?, + kprobe.function("sys_setregid") ? { name = "setregid" // rgid = __int32($rgid) @@ -2231,7 +2370,8 @@ probe nd_syscall.setregid = kprobe.function("sys_setregid") egid = __int32(uint_arg(2)) argstr = sprintf("%d, %d", rgid, egid) } -probe nd_syscall.setregid.return = kprobe.function("sys_setregid").return +probe nd_syscall.setregid.return = kprobe.function("SyS_setregid").return ?, + kprobe.function("sys_setregid").return ? { name = "setregid" retstr = returnstr(1) @@ -2259,7 +2399,8 @@ probe nd_syscall.setregid16.return = kprobe.function("sys_setregid16").return ? # setresgid __________________________________________________ # long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid) # -probe nd_syscall.setresgid = kprobe.function("sys_setresgid") +probe nd_syscall.setresgid = kprobe.function("SyS_setresgid") ?, + kprobe.function("sys_setresgid") ? { name = "setresgid" // rgid = __int32($rgid) @@ -2271,7 +2412,8 @@ probe nd_syscall.setresgid = kprobe.function("sys_setresgid") sgid = __int32(uint_arg(3)) argstr = sprintf("%d, %d, %d", rgid, egid, sgid) } -probe nd_syscall.setresgid.return = kprobe.function("sys_setresgid").return +probe nd_syscall.setresgid.return = kprobe.function("SyS_setresgid").return ?, + kprobe.function("sys_setresgid").return ? { name = "setresgid" retstr = returnstr(1) @@ -2305,7 +2447,8 @@ probe nd_syscall.setresgid16.return = kprobe.function("sys_setresgid16").return # # long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid) # -probe nd_syscall.setresuid = kprobe.function("sys_setresuid") +probe nd_syscall.setresuid = kprobe.function("SyS_setresuid") ?, + kprobe.function("sys_setresuid") ? { name = "setresuid" // ruid = __int32($ruid) @@ -2317,7 +2460,8 @@ probe nd_syscall.setresuid = kprobe.function("sys_setresuid") suid = __int32(uint_arg(3)) argstr = sprintf("%d, %d, %d", ruid, euid, suid) } -probe nd_syscall.setresuid.return = kprobe.function("sys_setresuid").return +probe nd_syscall.setresuid.return = kprobe.function("SyS_setresuid").return ?, + kprobe.function("sys_setresuid").return ? { name = "setresuid" retstr = returnstr(1) @@ -2348,7 +2492,8 @@ probe nd_syscall.setresuid16.return = kprobe.function("sys_setresuid16").return # setreuid ___________________________________________________ # long sys_setreuid(uid_t ruid, uid_t euid) # -probe nd_syscall.setreuid = kprobe.function("sys_setreuid") +probe nd_syscall.setreuid = kprobe.function("SyS_setreuid") ?, + kprobe.function("sys_setreuid") ? { name = "setreuid" // ruid = __int32($ruid) @@ -2358,7 +2503,8 @@ probe nd_syscall.setreuid = kprobe.function("sys_setreuid") euid = __int32(uint_arg(2)) argstr = sprintf("%d, %d", ruid, euid) } -probe nd_syscall.setreuid.return = kprobe.function("sys_setreuid").return +probe nd_syscall.setreuid.return = kprobe.function("SyS_setreuid").return ?, + kprobe.function("sys_setreuid").return ? { name = "setreuid" retstr = returnstr(1) @@ -2389,7 +2535,8 @@ probe nd_syscall.setreuid16.return = kprobe.function("sys_setreuid16").return ? # sys_setrlimit(unsigned int resource, # struct rlimit __user *rlim) # -probe nd_syscall.setrlimit = kprobe.function("sys_setrlimit") +probe nd_syscall.setrlimit = kprobe.function("SyS_setrlimit") ?, + kprobe.function("sys_setrlimit") ? { name = "setrlimit" // resource = $resource @@ -2402,7 +2549,8 @@ probe nd_syscall.setrlimit = kprobe.function("sys_setrlimit") argstr = sprintf("%s, %s", _rlimit_resource_str(resource), _struct_rlimit_u(rlim_uaddr)) } -probe nd_syscall.setrlimit.return = kprobe.function("sys_setrlimit").return +probe nd_syscall.setrlimit.return = kprobe.function("SyS_setrlimit").return ?, + kprobe.function("sys_setrlimit").return ? { name = "setrlimit" retstr = returnstr(1) @@ -2431,8 +2579,9 @@ probe nd_syscall.setsid.return = kprobe.function("sys_setsid").return # char __user *optval, # int optlen) # -probe nd_syscall.setsockopt = kprobe.function("sys_setsockopt") ?, - kprobe.function("compat_sys_setsockopt") ? +probe nd_syscall.setsockopt = kprobe.function("compat_sys_setsockopt") ?, + kprobe.function("SyS_setsockopt") ?, + kprobe.function("sys_setsockopt") ? { name = "setsockopt" // fd = $fd @@ -2455,8 +2604,9 @@ probe nd_syscall.setsockopt = kprobe.function("sys_setsockopt") ?, argstr = sprintf("%d, %s, %s, %p, %d", fd, level_str, optname_str, optval_uaddr, optlen) } -probe nd_syscall.setsockopt.return = kprobe.function("sys_setsockopt").return ?, - kprobe.function("compat_sys_setsockopt").return ? +probe nd_syscall.setsockopt.return = kprobe.function("compat_sys_setsockopt").return ?, + kprobe.function("SyS_setsockopt").return ?, + kprobe.function("sys_setsockopt").return ? { name = "setsockopt" retstr = returnstr(1) @@ -2467,7 +2617,8 @@ probe nd_syscall.setsockopt.return = kprobe.function("sys_setsockopt").return ?, # asmlinkage long # sys_set_tid_address(int __user *tidptr) # -probe nd_syscall.set_tid_address = kprobe.function("sys_set_tid_address") +probe nd_syscall.set_tid_address = kprobe.function("SyS_set_tid_address") ?, + kprobe.function("sys_set_tid_address") ? { name = "set_tid_address" // tidptr_uaddr = $tidptr @@ -2475,7 +2626,8 @@ probe nd_syscall.set_tid_address = kprobe.function("sys_set_tid_address") tidptr_uaddr = pointer_arg(1) argstr = sprintf("%p", tidptr_uaddr) } -probe nd_syscall.set_tid_address.return = kprobe.function("sys_set_tid_address").return +probe nd_syscall.set_tid_address.return = kprobe.function("SyS_set_tid_address").return ?, + kprobe.function("sys_set_tid_address").return ? { name = "set_tid_address" retstr = returnstr(1) @@ -2486,7 +2638,8 @@ probe nd_syscall.set_tid_address.return = kprobe.function("sys_set_tid_address") # long sys_settimeofday(struct timeval __user *tv, # struct timezone __user *tz) # -probe nd_syscall.settimeofday = kprobe.function("sys_settimeofday") +probe nd_syscall.settimeofday = kprobe.function("SyS_settimeofday") ?, + kprobe.function("sys_settimeofday") ? { name = "settimeofday" // ttv_uaddr = $tv @@ -2497,7 +2650,8 @@ probe nd_syscall.settimeofday = kprobe.function("sys_settimeofday") tz_uaddr = pointer_arg(2) argstr = sprintf("%s, %s", _struct_timeval_u(tv_uaddr, 1), _struct_timezone_u(tz_uaddr)) } -probe nd_syscall.settimeofday.return = kprobe.function("sys_settimeofday").return +probe nd_syscall.settimeofday.return = kprobe.function("SyS_settimeofday").return ?, + kprobe.function("sys_settimeofday").return ? { name = "settimeofday" retstr = returnstr(1) @@ -2531,7 +2685,8 @@ probe nd_syscall.settimeofday32.return = kprobe.function("sys32_settimeofday").r # long sys_setuid16(old_uid_t uid) # probe nd_syscall.setuid = kprobe.function("sys_setuid16") ?, - kprobe.function("sys_setuid") + kprobe.function("SyS_setuid") ?, + kprobe.function("sys_setuid") ? { name = "setuid" // uid = $uid @@ -2541,7 +2696,8 @@ probe nd_syscall.setuid = kprobe.function("sys_setuid16") ?, argstr = sprint(uid) } probe nd_syscall.setuid.return = kprobe.function("sys_setuid16").return ?, - kprobe.function("sys_setuid").return + kprobe.function("SyS_setuid").return ?, + kprobe.function("sys_setuid").return ? { name = "setuid" retstr = returnstr(1) @@ -2554,7 +2710,8 @@ probe nd_syscall.setuid.return = kprobe.function("sys_setuid16").return ?, # size_t size, # int flags) # -probe nd_syscall.setxattr = kprobe.function("sys_setxattr") +probe nd_syscall.setxattr = kprobe.function("SyS_setxattr") ?, + kprobe.function("sys_setxattr") ? { name = "setxattr" // path_uaddr = $path @@ -2581,7 +2738,8 @@ probe nd_syscall.setxattr = kprobe.function("sys_setxattr") user_string_quoted(name_uaddr), value_uaddr, size, flags) } -probe nd_syscall.setxattr.return = kprobe.function("sys_setxattr").return +probe nd_syscall.setxattr.return = kprobe.function("SyS_setxattr").return ?, + kprobe.function("sys_setxattr").return ? { name = "setxattr" retstr = returnstr(1) @@ -2591,7 +2749,7 @@ probe nd_syscall.setxattr.return = kprobe.function("sys_setxattr").return # # sys_sgetmask(void) # -probe nd_syscall.sgetmask = kprobe.function("sys_sgetmask")? +probe nd_syscall.sgetmask = kprobe.function("sys_sgetmask") ? { name = "sgetmask" argstr = "" @@ -2606,7 +2764,8 @@ probe nd_syscall.sgetmask.return = kprobe.function("sys_sgetmask").return ? # # long sys_shmat(int shmid, char __user *shmaddr, int shmflg) # -probe nd_syscall.shmat = kprobe.function("sys_shmat") ? +probe nd_syscall.shmat = kprobe.function("SyS_shmat") ?, + kprobe.function("sys_shmat") ? { name = "shmat" // shmid = $shmid @@ -2619,7 +2778,8 @@ probe nd_syscall.shmat = kprobe.function("sys_shmat") ? shmflg = int_arg(3) argstr = sprintf("%d, %p, %s", shmid, shmaddr_uaddr, _shmat_flags_str(shmflg)) } -probe nd_syscall.shmat.return = kprobe.function("sys_shmat").return ? +probe nd_syscall.shmat.return = kprobe.function("SyS_shmat").return ?, + kprobe.function("sys_shmat").return ? { name = "shmat" retstr = returnstr(1) @@ -2645,7 +2805,7 @@ probe nd_syscall.compat_sys_shmat = kprobe.function("compat_sys_shmat") ? uptr_uaddr = pointer_arg(5) argstr = sprintf("%d, %d, %d, %d, %p", first, second, third, int_arg(4), uptr_uaddr) } -probe nd_syscall.compat_sys_shmat.return = kprobe.function("compat_sys_shmat").return ? +probe nd_syscall.compat_sys_shmat.return = kprobe.function("compat_sys_shmat").return ? { name = "compat_sys_shmat" retstr = returnstr(1) @@ -2657,7 +2817,8 @@ probe nd_syscall.compat_sys_shmat.return = kprobe.function("compat_sys_shmat").r # int cmd, # struct shmid_ds __user *buf) # -probe nd_syscall.shmctl = kprobe.function("sys_shmctl") ? +probe nd_syscall.shmctl = kprobe.function("SyS_shmctl") ?, + kprobe.function("sys_shmctl") ? { name = "shmctl" // shmid = $shmid @@ -2670,7 +2831,8 @@ probe nd_syscall.shmctl = kprobe.function("sys_shmctl") ? buf_uaddr = pointer_arg(3) argstr = sprintf("%d, %s, %p", shmid, _semctl_cmd(cmd), buf_uaddr) } -probe nd_syscall.shmctl.return = kprobe.function("sys_shmctl").return ? +probe nd_syscall.shmctl.return = kprobe.function("SyS_shmctl").return ?, + kprobe.function("sys_shmctl").return ? { name = "shmctl" retstr = returnstr(1) @@ -2703,7 +2865,8 @@ probe nd_syscall.compat_sys_shmctl.return = kprobe.function("compat_sys_shmctl") # # long sys_shmdt(char __user *shmaddr) # -probe nd_syscall.shmdt = kprobe.function("sys_shmdt") ? +probe nd_syscall.shmdt = kprobe.function("SyS_shmdt") ?, + kprobe.function("sys_shmdt") ? { name = "shmdt" // shmaddr_uaddr = $shmaddr @@ -2712,7 +2875,8 @@ probe nd_syscall.shmdt = kprobe.function("sys_shmdt") ? shmaddr_uaddr = pointer_arg(1) argstr = sprintf("%p", shmaddr_uaddr) } -probe nd_syscall.shmdt.return = kprobe.function("sys_shmdt").return ? +probe nd_syscall.shmdt.return = kprobe.function("SyS_shmdt").return ?, + kprobe.function("sys_shmdt").return ? { name = "shmdt" retstr = returnstr(1) @@ -2724,7 +2888,8 @@ probe nd_syscall.shmdt.return = kprobe.function("sys_shmdt").return ? # size_t size, # int shmflg) # -probe nd_syscall.shmget = kprobe.function("sys_shmget") ? +probe nd_syscall.shmget = kprobe.function("SyS_shmget") ?, + kprobe.function("sys_shmget") ? { name = "shmget" // key = $key @@ -2737,7 +2902,8 @@ probe nd_syscall.shmget = kprobe.function("sys_shmget") ? shmflg = int_arg(3) argstr = sprintf("%d, %d, %d", key, size, shmflg) } -probe nd_syscall.shmget.return = kprobe.function("sys_shmget").return ? +probe nd_syscall.shmget.return = kprobe.function("SyS_shmget").return ?, + kprobe.function("sys_shmget").return ? { name = "shmget" retstr = returnstr(1) @@ -2747,7 +2913,8 @@ probe nd_syscall.shmget.return = kprobe.function("sys_shmget").return ? # # long sys_shutdown(int fd, int how) # -probe nd_syscall.shutdown = kprobe.function("sys_shutdown") ? +probe nd_syscall.shutdown = kprobe.function("SyS_shutdown") ?, + kprobe.function("sys_shutdown") ? { name = "shutdown" // s = $fd @@ -2760,7 +2927,8 @@ probe nd_syscall.shutdown = kprobe.function("sys_shutdown") ? how_str = _shutdown_how_str(how) argstr = sprintf("%d, %s", s, how_str) } -probe nd_syscall.shutdown.return = kprobe.function("sys_shutdown").return ? +probe nd_syscall.shutdown.return = kprobe.function("SyS_shutdown").return ?, + kprobe.function("sys_shutdown").return ? { name = "shutdown" retstr = returnstr(1) @@ -2810,7 +2978,8 @@ probe nd_syscall.sigaction32.return = kprobe.function("sys32_sigaction").return # signal _____________________________________________________ # unsigned long sys_signal(int sig, __sighandler_t handler) # -probe nd_syscall.signal = kprobe.function("sys_signal") ? +probe nd_syscall.signal = kprobe.function("SyS_signal") ?, + kprobe.function("sys_signal") ? { name = "signal" // sig = $sig @@ -2821,7 +2990,8 @@ probe nd_syscall.signal = kprobe.function("sys_signal") ? handler = pointer_arg(2) argstr = sprintf("%s, %s", _signal_name(sig), _sighandler_str(handler)) } -probe nd_syscall.signal.return = kprobe.function("sys_signal").return ? +probe nd_syscall.signal.return = kprobe.function("SyS_signal").return ?, + kprobe.function("sys_signal").return ? { name = "signal" retstr = returnstr(1) @@ -2833,14 +3003,16 @@ probe nd_syscall.signal.return = kprobe.function("sys_signal").return ? # long compat_sys_signalfd(int ufd, const compat_sigset_t __user *sigmask, # compat_size_t sigsetsize) # -probe nd_syscall.signalfd = kprobe.function("sys_signalfd") ? +probe nd_syscall.signalfd = kprobe.function("SyS_signalfd") ?, + kprobe.function("sys_signalfd") ? { name = "signalfd" // argstr = sprintf("%d, %p, %d", $ufd, $user_mask, $sizemask) asmlinkage() argstr = sprintf("%d, %p, %d", int_arg(1), pointer_arg(2), ulong_arg(3)) } -probe nd_syscall.signalfd.return = kprobe.function("sys_signalfd").return ? +probe nd_syscall.signalfd.return = kprobe.function("SyS_signalfd").return ?, + kprobe.function("sys_signalfd").return ? { name = "signalfd" retstr = returnstr(1) @@ -2861,14 +3033,16 @@ probe nd_syscall.compat_signalfd.return = kprobe.function("compat_sys_signalfd") # sigpending _________________________________________________ # long sys_sigpending(old_sigset_t __user *set) # -probe nd_syscall.sigpending = kprobe.function("sys_sigpending") ? +probe nd_syscall.sigpending = kprobe.function("SyS_sigpending") ?, + kprobe.function("sys_sigpending") ? { name = "sigpending" // argstr = sprintf("%p", $set) asmlinkage() argstr = sprintf("%p", pointer_arg(1)) } -probe nd_syscall.sigpending.return = kprobe.function("sys_sigpending").return ? +probe nd_syscall.sigpending.return = kprobe.function("SyS_sigpending").return ?, + kprobe.function("sys_sigpending").return ? { name = "sigpending" retstr = returnstr(1) @@ -2877,7 +3051,8 @@ probe nd_syscall.sigpending.return = kprobe.function("sys_sigpending").return ? # sigprocmask ________________________________________________ # long sys_sigprocmask(int how, old_sigset_t __user *set, old_sigset_t __user *oset) # -probe nd_syscall.sigprocmask = kprobe.function("sys_sigprocmask") ? +probe nd_syscall.sigprocmask = kprobe.function("SyS_sigprocmask") ?, + kprobe.function("sys_sigprocmask") ? { name = "sigprocmask" // how = $how @@ -2892,7 +3067,8 @@ probe nd_syscall.sigprocmask = kprobe.function("sys_sigprocmask") ? oldset_uaddr = pointer_arg(3) argstr = sprintf("%s, %p, %p", how_str, set_uaddr, oldset_uaddr) } -probe nd_syscall.sigprocmask.return = kprobe.function("sys_sigprocmask").return ? +probe nd_syscall.sigprocmask.return = kprobe.function("SyS_sigprocmask").return ?, + kprobe.function("sys_sigprocmask").return ? { name = "sigprocmask" retstr = returnstr(1) @@ -2932,7 +3108,8 @@ probe nd_syscall.sigsuspend.return = kprobe.function("sys_sigsuspend").return ?, # socket _____________________________________________________ # long sys_socket(int family, int type, int protocol) # -probe nd_syscall.socket = kprobe.function("sys_socket") ? +probe nd_syscall.socket = kprobe.function("SyS_socket") ?, + kprobe.function("sys_socket") ? { name = "socket" // family = $family @@ -2949,7 +3126,8 @@ probe nd_syscall.socket = kprobe.function("sys_socket") ? _sock_type_str(type), protocol) } -probe nd_syscall.socket.return = kprobe.function("sys_socket").return ? +probe nd_syscall.socket.return = kprobe.function("SyS_socket").return ?, + kprobe.function("sys_socket").return ? { name = "socket" retstr = returnstr(1) @@ -2979,7 +3157,8 @@ probe nd_syscall.socket.return = kprobe.function("sys_socket").return ? # int protocol, # int __user *usockvec) # -probe nd_syscall.socketpair = kprobe.function("sys_socketpair") ? +probe nd_syscall.socketpair = kprobe.function("SyS_socketpair") ?, + kprobe.function("sys_socketpair") ? { name = "socketpair" // family = $family @@ -3000,7 +3179,8 @@ probe nd_syscall.socketpair = kprobe.function("sys_socketpair") ? _sock_type_str(type), protocol, sv_uaddr) } -probe nd_syscall.socketpair.return = kprobe.function("sys_socketpair").return ? +probe nd_syscall.socketpair.return = kprobe.function("SyS_socketpair").return ?, + kprobe.function("sys_socketpair").return ? { name = "socketpair" retstr = returnstr(1) @@ -3012,7 +3192,8 @@ probe nd_syscall.socketpair.return = kprobe.function("sys_socketpair").return ? # int fd_out, loff_t __user *off_out, # size_t len, unsigned int flags) # -probe nd_syscall.splice = kprobe.function("sys_splice") ? +probe nd_syscall.splice = kprobe.function("SyS_splice") ?, + kprobe.function("sys_splice") ? { name = "splice" // argstr = sprintf("%d, %p, %d, %p, %d, 0x%x", @@ -3021,7 +3202,8 @@ probe nd_syscall.splice = kprobe.function("sys_splice") ? argstr = sprintf("%d, %p, %d, %p, %d, 0x%x", int_arg(1), pointer_arg(2), int_arg(3), pointer_arg(4), ulong_arg(5), uint_arg(6)) } -probe nd_syscall.splice.return = kprobe.function("sys_splice").return ? +probe nd_syscall.splice.return = kprobe.function("SyS_splice").return ?, + kprobe.function("sys_splice").return ? { name = "splice" retstr = returnstr(1) @@ -3031,7 +3213,8 @@ probe nd_syscall.splice.return = kprobe.function("sys_splice").return ? # # long sys_ssetmask(int newmask) # -probe nd_syscall.ssetmask = kprobe.function("sys_ssetmask") ? +probe nd_syscall.ssetmask = kprobe.function("SyS_ssetmask") ?, + kprobe.function("sys_ssetmask") ? { name = "ssetmask" // newmask = $newmask @@ -3040,7 +3223,8 @@ probe nd_syscall.ssetmask = kprobe.function("sys_ssetmask") ? newmask = int_arg(1) argstr = sprint(newmask) } -probe nd_syscall.ssetmask.return = kprobe.function("sys_ssetmask").return ? +probe nd_syscall.ssetmask.return = kprobe.function("SyS_ssetmask").return ?, + kprobe.function("sys_ssetmask").return ? { name = "ssetmask" retstr = returnstr(1) @@ -3053,8 +3237,10 @@ probe nd_syscall.ssetmask.return = kprobe.function("sys_ssetmask").return ? # long sys_oabi_stat64(char __user * filename, struct oldabi_stat64 __user * statbuf) # long compat_sys_newstat(char __user * filename, struct compat_stat __user *statbuf) probe nd_syscall.stat = kprobe.function("sys_stat") ?, + kprobe.function("SyS_newstat") ?, kprobe.function("sys_newstat") ?, kprobe.function("sys32_stat64") ?, + kprobe.function("SyS_stat64") ?, kprobe.function("sys_stat64") ?, kprobe.function("sys_oabi_stat64") ?, kprobe.function("compat_sys_newstat") ? @@ -3071,8 +3257,10 @@ probe nd_syscall.stat = kprobe.function("sys_stat") ?, argstr = sprintf("%s, %p", user_string_quoted(filename_uaddr), buf_uaddr) } probe nd_syscall.stat.return = kprobe.function("sys_stat").return ?, + kprobe.function("SyS_newstat").return ?, kprobe.function("sys_newstat").return ?, kprobe.function("sys32_stat64").return ?, + kprobe.function("SyS_stat64").return ?, kprobe.function("sys_stat64").return ?, kprobe.function("sys_oabi_stat64").return ?, kprobe.function("compat_sys_newstat").return ? @@ -3085,8 +3273,9 @@ probe nd_syscall.stat.return = kprobe.function("sys_stat").return ?, # long sys_statfs(const char __user * path, struct statfs __user * buf) # long compat_sys_statfs(const char __user *path, struct compat_statfs __user *buf) # -probe nd_syscall.statfs = kprobe.function("sys_statfs"), - kprobe.function("compat_sys_statfs") ? +probe nd_syscall.statfs = kprobe.function("compat_sys_statfs") ?, + kprobe.function("SyS_statfs") ?, + kprobe.function("sys_statfs") ? { name = "statfs" // path = user_string($path) @@ -3097,8 +3286,9 @@ probe nd_syscall.statfs = kprobe.function("sys_statfs"), buf_uaddr = pointer_arg(2) argstr = sprintf("%s, %p", user_string_quoted(pointer_arg(1)), buf_uaddr) } -probe nd_syscall.statfs.return = kprobe.function("sys_statfs").return, - kprobe.function("compat_sys_statfs").return ? +probe nd_syscall.statfs.return = kprobe.function("compat_sys_statfs").return ?, + kprobe.function("SyS_statfs").return ?, + kprobe.function("sys_statfs").return ? { name = "statfs" retstr = returnstr(1) @@ -3109,8 +3299,9 @@ probe nd_syscall.statfs.return = kprobe.function("sys_statfs").return, # long sys_statfs64(const char __user *path, size_t sz, struct statfs64 __user *buf) # long compat_sys_statfs64(const char __user *path, compat_size_t sz, struct compat_statfs64 __user *buf) # -probe nd_syscall.statfs64 = kprobe.function("sys_statfs64") ?, - kprobe.function("compat_sys_statfs64") ? +probe nd_syscall.statfs64 = kprobe.function("compat_sys_statfs64") ?, + kprobe.function("SyS_statfs64") ?, + kprobe.function("sys_statfs64") ? { name = "statfs" // path = user_string($path) @@ -3123,8 +3314,9 @@ probe nd_syscall.statfs64 = kprobe.function("sys_statfs64") ?, buf_uaddr = pointer_arg(3) argstr = sprintf("%s, %d, %p", user_string_quoted(pointer_arg(1)), sz, buf_uaddr) } -probe nd_syscall.statfs64.return = kprobe.function("sys_statfs64").return ?, - kprobe.function("compat_sys_statfs64").return ? +probe nd_syscall.statfs64.return = kprobe.function("compat_sys_statfs64").return ?, + kprobe.function("SyS_statfs64").return ?, + kprobe.function("sys_statfs64").return ? { name = "statfs" retstr = returnstr(1) @@ -3135,8 +3327,9 @@ probe nd_syscall.statfs64.return = kprobe.function("sys_statfs64").return ?, # long sys_stime(time_t __user *tptr) # long compat_sys_stime(compat_time_t __user *tptr) # -probe nd_syscall.stime = kprobe.function("sys_stime") ?, - kprobe.function("compat_sys_stime") ? +probe nd_syscall.stime = kprobe.function("compat_sys_stime") ?, + kprobe.function("SyS_stime") ?, + kprobe.function("sys_stime") ? { name = "stime" // t_uaddr = $tptr @@ -3146,8 +3339,9 @@ probe nd_syscall.stime = kprobe.function("sys_stime") ?, t_uaddr = pointer_arg(1) argstr = sprintf("%p", t_uaddr) } -probe nd_syscall.stime.return = kprobe.function("sys_stime").return ?, - kprobe.function("compat_sys_stime").return ? +probe nd_syscall.stime.return = kprobe.function("compat_sys_stime").return ?, + kprobe.function("SyS_stime").return ?, + kprobe.function("sys_stime").return ? { name = "stime" retstr = returnstr(1) @@ -3158,7 +3352,8 @@ probe nd_syscall.stime.return = kprobe.function("sys_stime").return ?, # asmlinkage long # sys_swapoff(const char __user * specialfile) # -probe nd_syscall.swapoff = kprobe.function("sys_swapoff")? +probe nd_syscall.swapoff = kprobe.function("SyS_swapoff") ?, + kprobe.function("sys_swapoff") ? { name = "swapoff" // path = user_string($specialfile) @@ -3167,7 +3362,8 @@ probe nd_syscall.swapoff = kprobe.function("sys_swapoff")? path = user_string(pointer_arg(1)) argstr = user_string_quoted(pointer_arg(1)) } -probe nd_syscall.swapoff.return = kprobe.function("sys_swapoff").return ? +probe nd_syscall.swapoff.return = kprobe.function("SyS_swapoff").return ?, + kprobe.function("sys_swapoff").return ? { name = "swapoff" retstr = returnstr(1) @@ -3179,7 +3375,8 @@ probe nd_syscall.swapoff.return = kprobe.function("sys_swapoff").return ? # sys_swapon(const char __user * specialfile, # int swap_flags) # -probe nd_syscall.swapon = kprobe.function("sys_swapon") ? +probe nd_syscall.swapon = kprobe.function("SyS_swapon") ?, + kprobe.function("sys_swapon") ? { name = "swapon" // path = user_string($specialfile) @@ -3190,7 +3387,8 @@ probe nd_syscall.swapon = kprobe.function("sys_swapon") ? swapflags = int_arg(2) argstr = sprintf("%s, %d", user_string_quoted(pointer_arg(1)), swapflags) } -probe nd_syscall.swapon.return = kprobe.function("sys_swapon").return ? +probe nd_syscall.swapon.return = kprobe.function("SyS_swapon").return ?, + kprobe.function("sys_swapon").return ? { name = "swapon" retstr = returnstr(1) @@ -3199,7 +3397,8 @@ probe nd_syscall.swapon.return = kprobe.function("sys_swapon").return ? # symlink ____________________________________________________ # long sys_symlink(const char __user * oldname, # const char __user * newname) -probe nd_syscall.symlink = kprobe.function("sys_symlink") +probe nd_syscall.symlink = kprobe.function("SyS_symlink") ?, + kprobe.function("sys_symlink") ? { name = "symlink" // oldpath = user_string($oldname) @@ -3212,7 +3411,8 @@ probe nd_syscall.symlink = kprobe.function("sys_symlink") argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), user_string_quoted(pointer_arg(2))) } -probe nd_syscall.symlink.return = kprobe.function("sys_symlink").return +probe nd_syscall.symlink.return = kprobe.function("SyS_symlink").return ?, + kprobe.function("sys_symlink").return ? { name = "symlink" retstr = returnstr(1) @@ -3222,7 +3422,8 @@ probe nd_syscall.symlink.return = kprobe.function("sys_symlink").return # new function with 2.6.16 # long sys_symlinkat(const char __user *oldname, int newdfd, # const char __user *newname) -probe nd_syscall.symlinkat = kprobe.function("sys_symlinkat") ? +probe nd_syscall.symlinkat = kprobe.function("SyS_symlinkat") ?, + kprobe.function("sys_symlinkat") ? { name = "symlinkat" // oldname = $oldname @@ -3243,7 +3444,8 @@ probe nd_syscall.symlinkat = kprobe.function("sys_symlinkat") ? argstr = sprintf("%s, %s, %s", user_string_quoted(oldname), newdfd_str, user_string_quoted(newname)) } -probe nd_syscall.symlinkat.return = kprobe.function("sys_symlinkat").return ? +probe nd_syscall.symlinkat.return = kprobe.function("SyS_symlinkat").return ?, + kprobe.function("sys_symlinkat").return ? { name = "symlinkat" retstr = returnstr(1) @@ -3268,16 +3470,18 @@ probe nd_syscall.sync.return = kprobe.function("sys_sync").return # # long sys_sysctl(struct __sysctl_args __user *args) # -probe nd_syscall.sysctl = kprobe.function("sys_sysctl") ?, - kprobe.function("compat_sys_sysctl") ? +probe nd_syscall.sysctl = kprobe.function("compat_sys_sysctl") ?, + kprobe.function("SyS_sysctl") ?, + kprobe.function("sys_sysctl") ? { name = "sysctl" // argstr = sprintf("%p", $args) asmlinkage() argstr = sprintf("%p", pointer_arg(1)) } -probe nd_syscall.sysctl.return = kprobe.function("sys_sysctl").return ?, - kprobe.function("compat_sys_sysctl").return ? +probe nd_syscall.sysctl.return = kprobe.function("compat_sys_sysctl").return ?, + kprobe.function("SyS_sysctl").return ?, + kprobe.function("sys_sysctl").return ? { name = "sysctl" retstr = returnstr(1) @@ -3290,7 +3494,8 @@ probe nd_syscall.sysctl.return = kprobe.function("sys_sysctl").return ?, # unsigned long arg1, # unsigned long arg2) # -probe nd_syscall.sysfs = kprobe.function("sys_sysfs") +probe nd_syscall.sysfs = kprobe.function("SyS_sysfs") ?, + kprobe.function("sys_sysfs") ? { name = "sysfs" // option = $option @@ -3315,7 +3520,8 @@ probe nd_syscall.sysfs = kprobe.function("sys_sysfs") else argstr = sprintf("%d, %d, %d", option, arg1, arg2) } -probe nd_syscall.sysfs.return = kprobe.function("sys_sysfs").return +probe nd_syscall.sysfs.return = kprobe.function("SyS_sysfs").return ?, + kprobe.function("sys_sysfs").return ? { name = "sysfs" retstr = returnstr(1) @@ -3325,8 +3531,9 @@ probe nd_syscall.sysfs.return = kprobe.function("sys_sysfs").return # # long sys_sysinfo(struct sysinfo __user *info) # long compat_sys_sysinfo(struct compat_sysinfo __user *info) -probe nd_syscall.sysinfo = kprobe.function("sys_sysinfo"), - kprobe.function("compat_sys_sysinfo") ? +probe nd_syscall.sysinfo = kprobe.function("compat_sys_sysinfo") ?, + kprobe.function("SyS_sysinfo") ?, + kprobe.function("sys_sysinfo") ? { name = "sysinfo" // info_uaddr = $info @@ -3335,8 +3542,9 @@ probe nd_syscall.sysinfo = kprobe.function("sys_sysinfo"), info_uaddr = pointer_arg(1) argstr = sprintf("%p", info_uaddr) } -probe nd_syscall.sysinfo.return = kprobe.function("sys_sysinfo").return, - kprobe.function("compat_sys_sysinfo").return ? +probe nd_syscall.sysinfo.return = kprobe.function("compat_sys_sysinfo").return ?, + kprobe.function("SyS_sysinfo").return ?, + kprobe.function("sys_sysinfo").return ? { name = "sysinfo" retstr = returnstr(1) @@ -3346,7 +3554,8 @@ probe nd_syscall.sysinfo.return = kprobe.function("sys_sysinfo").return, # # long sys_syslog(int type, char __user * buf, int len) # -probe nd_syscall.syslog = kprobe.function("sys_syslog") +probe nd_syscall.syslog = kprobe.function("SyS_syslog") ?, + kprobe.function("sys_syslog") ? { name = "syslog" // type = $type @@ -3359,7 +3568,8 @@ probe nd_syscall.syslog = kprobe.function("sys_syslog") len = int_arg(3) argstr = sprintf("%d, %p, %d", type, bufp_uaddr, len) } -probe nd_syscall.syslog.return = kprobe.function("sys_syslog").return +probe nd_syscall.syslog.return = kprobe.function("SyS_syslog").return ?, + kprobe.function("sys_syslog").return ? { name = "syslog" retstr = returnstr(1) @@ -3369,14 +3579,16 @@ probe nd_syscall.syslog.return = kprobe.function("sys_syslog").return # # long sys_tee(int fdin, int fdout, size_t len, unsigned int flags) # -probe nd_syscall.tee = kprobe.function("sys_tee") ? +probe nd_syscall.tee = kprobe.function("SyS_tee") ?, + kprobe.function("sys_tee") ? { name = "tee" // argstr = sprintf("%d, %d, %d, 0x%x", $fdin, $fdout, $len, $flags) asmlinkage() argstr = sprintf("%d, %d, %d, 0x%x", int_arg(1), int_arg(2), ulong_arg(3), uint_arg(4)) } -probe nd_syscall.tee.return = kprobe.function("sys_tee").return ? +probe nd_syscall.tee.return = kprobe.function("SyS_tee").return ?, + kprobe.function("sys_tee").return ? { name = "tee" retstr = returnstr(1) @@ -3389,7 +3601,8 @@ probe nd_syscall.tee.return = kprobe.function("sys_tee").return ? # int pid, # int sig) # -probe nd_syscall.tgkill = kprobe.function("sys_tgkill") +probe nd_syscall.tgkill = kprobe.function("SyS_tgkill") ?, + kprobe.function("sys_tgkill") ? { name = "tgkill" // tgid = $tgid @@ -3402,7 +3615,8 @@ probe nd_syscall.tgkill = kprobe.function("sys_tgkill") sig = int_arg(3) argstr = sprintf("%d, %d, %s", tgid, pid, _signal_name(sig)) } -probe nd_syscall.tgkill.return = kprobe.function("sys_tgkill").return +probe nd_syscall.tgkill.return = kprobe.function("SyS_tgkill").return ?, + kprobe.function("sys_tgkill").return ? { name = "tgkill" retstr = returnstr(1) @@ -3415,10 +3629,11 @@ probe nd_syscall.tgkill.return = kprobe.function("sys_tgkill").return # long sys32_time(compat_time_t __user * tloc) # long compat_sys_time(compat_time_t __user * tloc) # -probe nd_syscall.time = kprobe.function("sys_time")?, - kprobe.function("sys32_time") ?, +probe nd_syscall.time = kprobe.function("sys32_time") ?, kprobe.function("sys_time64") ?, - kprobe.function("compat_sys_time") ? + kprobe.function("compat_sys_time") ?, + kprobe.function("SyS_time") ?, + kprobe.function("sys_time") ? { name = "time" // t_uaddr = $tloc @@ -3427,10 +3642,11 @@ probe nd_syscall.time = kprobe.function("sys_time")?, t_uaddr = pointer_arg(1) argstr = sprintf("%p", t_uaddr) } -probe nd_syscall.time.return = kprobe.function("sys_time").return?, - kprobe.function("sys32_time").return ?, +probe nd_syscall.time.return = kprobe.function("sys32_time").return ?, kprobe.function("sys_time64").return ?, - kprobe.function("compat_sys_time").return ? + kprobe.function("compat_sys_time").return ?, + kprobe.function("SyS_time").return ?, + kprobe.function("sys_time").return ? { name = "time" retstr = returnstr(1) @@ -3442,7 +3658,8 @@ probe nd_syscall.time.return = kprobe.function("sys_time").return?, # struct sigevent __user *timer_event_spec, # timer_t __user * created_timer_id) # -probe nd_syscall.timer_create = kprobe.function("sys_timer_create") +probe nd_syscall.timer_create = kprobe.function("SyS_timer_create") ?, + kprobe.function("sys_timer_create") ? { name = "timer_create" // clockid = $which_clock @@ -3457,7 +3674,8 @@ probe nd_syscall.timer_create = kprobe.function("sys_timer_create") timerid_uaddr = pointer_arg(3) argstr = sprintf("%s, %p, %p", clockid_str, evp_uaddr, timerid_uaddr) } -probe nd_syscall.timer_create.return = kprobe.function("sys_timer_create").return +probe nd_syscall.timer_create.return = kprobe.function("SyS_timer_create").return ?, + kprobe.function("sys_timer_create").return ? { name = "timer_create" retstr = returnstr(1) @@ -3467,7 +3685,8 @@ probe nd_syscall.timer_create.return = kprobe.function("sys_timer_create").retur # # long sys_timer_delete(timer_t timer_id) # -probe nd_syscall.timer_delete = kprobe.function("sys_timer_delete") +probe nd_syscall.timer_delete = kprobe.function("SyS_timer_delete") ?, + kprobe.function("sys_timer_delete") ? { name = "timer_delete" // timerid = $timer_id @@ -3476,7 +3695,8 @@ probe nd_syscall.timer_delete = kprobe.function("sys_timer_delete") timerid = int_arg(1) argstr = sprint(timerid) } -probe nd_syscall.timer_delete.return = kprobe.function("sys_timer_delete").return +probe nd_syscall.timer_delete.return = kprobe.function("SyS_timer_delete").return ?, + kprobe.function("sys_timer_delete").return ? { name = "timer_delete" retstr = returnstr(1) @@ -3486,7 +3706,8 @@ probe nd_syscall.timer_delete.return = kprobe.function("sys_timer_delete").retur # # long sys_timer_getoverrun(timer_t timer_id) # -probe nd_syscall.timer_getoverrun = kprobe.function("sys_timer_getoverrun") +probe nd_syscall.timer_getoverrun = kprobe.function("SyS_timer_getoverrun") ?, + kprobe.function("sys_timer_getoverrun") ? { name = "timer_getoverrun" // timerid = $timer_id @@ -3495,7 +3716,8 @@ probe nd_syscall.timer_getoverrun = kprobe.function("sys_timer_getoverrun") timerid = int_arg(1) argstr = sprint(timerid) } -probe nd_syscall.timer_getoverrun.return = kprobe.function("sys_timer_getoverrun").return +probe nd_syscall.timer_getoverrun.return = kprobe.function("SyS_timer_getoverrun").return ?, + kprobe.function("sys_timer_getoverrun").return ? { name = "timer_getoverrun" retstr = returnstr(1) @@ -3506,7 +3728,8 @@ probe nd_syscall.timer_getoverrun.return = kprobe.function("sys_timer_getoverrun # long sys_timer_gettime(timer_t timer_id, # struct itimerspec __user *setting) # -probe nd_syscall.timer_gettime = kprobe.function("sys_timer_gettime") +probe nd_syscall.timer_gettime = kprobe.function("SyS_timer_gettime") ?, + kprobe.function("sys_timer_gettime") ? { name = "timer_gettime" // timerid = $timer_id @@ -3517,7 +3740,8 @@ probe nd_syscall.timer_gettime = kprobe.function("sys_timer_gettime") value_uaddr = pointer_arg(2) argstr = sprintf("%d, %p", timerid, value_uaddr) } -probe nd_syscall.timer_gettime.return = kprobe.function("sys_timer_gettime").return +probe nd_syscall.timer_gettime.return = kprobe.function("SyS_timer_gettime").return ?, + kprobe.function("sys_timer_gettime").return ? { name = "timer_gettime" retstr = returnstr(1) @@ -3530,7 +3754,8 @@ probe nd_syscall.timer_gettime.return = kprobe.function("sys_timer_gettime").ret # const struct itimerspec __user *new_setting, # struct itimerspec __user *old_setting) # -probe nd_syscall.timer_settime = kprobe.function("sys_timer_settime") +probe nd_syscall.timer_settime = kprobe.function("SyS_timer_settime") ?, + kprobe.function("sys_timer_settime") ? { name = "timer_settime" // timerid = $timer_id @@ -3549,7 +3774,8 @@ probe nd_syscall.timer_settime = kprobe.function("sys_timer_settime") _struct_itimerspec_u(value_uaddr), ovalue_uaddr) } -probe nd_syscall.timer_settime.return = kprobe.function("sys_timer_settime").return +probe nd_syscall.timer_settime.return = kprobe.function("SyS_timer_settime").return ?, + kprobe.function("sys_timer_settime").return ? { name = "timer_settime" retstr = returnstr(1) @@ -3581,16 +3807,18 @@ probe nd_syscall.timerfd.return = kprobe.function("sys_timerfd").return ?, # # long sys_times(struct tms __user * tbuf) # long compat_sys_times(struct compat_tms __user *tbuf) -probe nd_syscall.times = kprobe.function("sys_times") ?, - kprobe.function("compat_sys_times") ? +probe nd_syscall.times = kprobe.function("compat_sys_times") ?, + kprobe.function("SyS_times") ?, + kprobe.function("sys_times") ? { name = "times" // argstr = sprintf("%p", $tbuf) asmlinkage() argstr = sprintf("%p", pointer_arg(1)) } -probe nd_syscall.times.return = kprobe.function("sys_times").return ?, - kprobe.function("compat_sys_times").return ? +probe nd_syscall.times.return = kprobe.function("compat_sys_times").return ?, + kprobe.function("SyS_times").return ?, + kprobe.function("sys_times").return ? { name = "times" retstr = returnstr(1) @@ -3602,7 +3830,8 @@ probe nd_syscall.times.return = kprobe.function("sys_times").return ?, # sys_tkill(int pid, # int sig) # -probe nd_syscall.tkill = kprobe.function("sys_tkill") +probe nd_syscall.tkill = kprobe.function("SyS_tkill") ?, + kprobe.function("sys_tkill") ? { name = "tkill" // pid = $pid @@ -3613,7 +3842,8 @@ probe nd_syscall.tkill = kprobe.function("sys_tkill") sig = int_arg(2) argstr = sprintf("%d, %s", pid, _signal_name(sig)) } -probe nd_syscall.tkill.return = kprobe.function("sys_tkill").return +probe nd_syscall.tkill.return = kprobe.function("SyS_tkill").return ?, + kprobe.function("sys_tkill").return ? { name = "tkill" retstr = returnstr(1) @@ -3624,7 +3854,8 @@ probe nd_syscall.tkill.return = kprobe.function("sys_tkill").return # sys_truncate(const char __user * path, unsigned long length) # sys_truncate64(const char __user * path, loff_t length) # -probe nd_syscall.truncate = kprobe.function("sys_truncate")?, +probe nd_syscall.truncate = kprobe.function("SyS_truncate") ?, + kprobe.function("sys_truncate") ?, kprobe.function("sys_truncate64") ? { name = "truncate" @@ -3641,7 +3872,8 @@ probe nd_syscall.truncate = kprobe.function("sys_truncate")?, length = longlong_arg(2) argstr = sprintf("%s, %d", user_string_quoted(path_uaddr), length) } -probe nd_syscall.truncate.return = kprobe.function("sys_truncate").return ?, +probe nd_syscall.truncate.return = kprobe.function("SyS_truncate").return ?, + kprobe.function("sys_truncate").return ?, kprobe.function("sys_truncate64").return ? { name = "truncate" @@ -3672,7 +3904,8 @@ probe nd_syscall.tux.return = kprobe.function("sys_tux").return ? # umask ______________________________________________________ # long sys_umask(int mask) # -probe nd_syscall.umask = kprobe.function("sys_umask") +probe nd_syscall.umask = kprobe.function("SyS_umask") ?, + kprobe.function("sys_umask") ? { name = "umask" // mask = $mask @@ -3681,7 +3914,8 @@ probe nd_syscall.umask = kprobe.function("sys_umask") mask = int_arg(1) argstr = sprintf("%#o", mask) } -probe nd_syscall.umask.return = kprobe.function("sys_umask").return +probe nd_syscall.umask.return = kprobe.function("SyS_umask").return ?, + kprobe.function("sys_umask").return ? { name = "umask" retstr = returnstr(3) @@ -3690,7 +3924,8 @@ probe nd_syscall.umask.return = kprobe.function("sys_umask").return # umount _____________________________________________________ # long sys_umount(char __user * name, int flags) # -probe nd_syscall.umount = kprobe.function("sys_umount") +probe nd_syscall.umount = kprobe.function("SyS_umount") ?, + kprobe.function("sys_umount") ? { name = "umount" // target = user_string($name) @@ -3703,7 +3938,8 @@ probe nd_syscall.umount = kprobe.function("sys_umount") flags_str = _umountflags_str(flags) argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), flags_str) } -probe nd_syscall.umount.return = kprobe.function("sys_umount").return +probe nd_syscall.umount.return = kprobe.function("SyS_umount").return ?, + kprobe.function("sys_umount").return ? { name = "umount" retstr = returnstr(1) @@ -3721,6 +3957,7 @@ probe nd_syscall.uname = kprobe.function("sys_uname") ?, kprobe.function("sys_olduname") ?, kprobe.function("sys32_olduname") ?, kprobe.function("sys32_uname") ?, + kprobe.function("SyS_newuname") ?, kprobe.function("sys_newuname") ? { name = "uname" @@ -3739,6 +3976,7 @@ probe nd_syscall.uname.return = kprobe.function("sys_uname").return ?, kprobe.function("sys_olduname").return ?, kprobe.function("sys32_olduname").return ?, kprobe.function("sys32_uname").return ?, + kprobe.function("SyS_newuname").return ?, kprobe.function("sys_newuname").return ? { name = "uname" @@ -3748,7 +3986,8 @@ probe nd_syscall.uname.return = kprobe.function("sys_uname").return ?, # unlink _____________________________________________________ # long sys_unlink(const char __user * pathname) # -probe nd_syscall.unlink = kprobe.function("sys_unlink") +probe nd_syscall.unlink = kprobe.function("SyS_unlink") ?, + kprobe.function("sys_unlink") ? { name = "unlink" // pathname_uaddr = $pathname @@ -3759,18 +3998,42 @@ probe nd_syscall.unlink = kprobe.function("sys_unlink") pathname = user_string(pathname_uaddr) argstr = user_string_quoted(pathname_uaddr) } -probe nd_syscall.unlink.return = kprobe.function("sys_unlink").return +probe nd_syscall.unlink.return = kprobe.function("SyS_unlink").return ?, + kprobe.function("sys_unlink").return ? { name = "unlink" retstr = returnstr(1) } +# unlinkat ___________________________________________________ +# TODO +#probe nd_syscall.unlinkat = kprobe.function("SyS_unlinkat") ?, +# kprobe.function("sys_unlinkat") ? +#{ +#} +#probe nd_syscall.unlinkat.return = kprobe.function("SyS_unlinkat").return ?, +# kprobe.function("sys_unlinkat").return ? +#{ +#} + +# unshare ____________________________________________________ +# TODO +#probe nd_syscall.unshare = kprobe.function("SyS_unshare") ?, +# kprobe.function("sys_unshare") ? +#{ +#} +#probe nd_syscall.unshare.return = kprobe.function("SyS_unshare").return ?, +# kprobe.function("sys_unshare").return ? +#{ +#} + # uselib _____________________________________________________ # # asmlinkage long # sys_uselib(const char __user * library) # -probe nd_syscall.uselib = kprobe.function("sys_uselib") +probe nd_syscall.uselib = kprobe.function("SyS_uselib") ?, + kprobe.function("sys_uselib") ? { name = "uselib" // library_uaddr = $library @@ -3781,7 +4044,8 @@ probe nd_syscall.uselib = kprobe.function("sys_uselib") library = user_string(library_uaddr) argstr = user_string_quoted(library_uaddr) } -probe nd_syscall.uselib.return = kprobe.function("sys_uselib").return +probe nd_syscall.uselib.return = kprobe.function("SyS_uselib").return ?, + kprobe.function("sys_uselib").return ? { name = "uselib" retstr = returnstr(1) @@ -3790,7 +4054,8 @@ probe nd_syscall.uselib.return = kprobe.function("sys_uselib").return # ustat ______________________________________________________ # long sys_ustat(unsigned dev, struct ustat __user * ubuf) # -probe nd_syscall.ustat = kprobe.function("sys_ustat") +probe nd_syscall.ustat = kprobe.function("SyS_ustat") ?, + kprobe.function("sys_ustat") ? { name = "ustat" // dev = $dev @@ -3813,7 +4078,8 @@ probe nd_syscall.ustat32 = kprobe.function("sys32_ustat") ? argstr = sprintf("%d, %p", dev, pointer_arg(2)) } -probe nd_syscall.ustat.return = kprobe.function("sys_ustat").return, +probe nd_syscall.ustat.return = kprobe.function("SyS_ustat").return ?, + kprobe.function("sys_ustat").return ?, kprobe.function("sys32_ustat").return ? { name = "ustat" @@ -3822,7 +4088,8 @@ probe nd_syscall.ustat.return = kprobe.function("sys_ustat").return, # utime ______________________________________________________ # long sys_utime(char __user * filename, struct utimbuf __user * times) -probe nd_syscall.utime = kprobe.function("sys_utime") ? +probe nd_syscall.utime = kprobe.function("SyS_utime") ?, + kprobe.function("sys_utime") ? { name = "utime" asmlinkage() @@ -3834,7 +4101,8 @@ probe nd_syscall.utime = kprobe.function("sys_utime") ? argstr = sprintf("%s, [%s, %s]", filename, ctime(actime), ctime(modtime)) } -probe nd_syscall.utime.return = kprobe.function("sys_utime").return ? +probe nd_syscall.utime.return = kprobe.function("SyS_utime").return ?, + kprobe.function("sys_utime").return ? { name = "utime" retstr = returnstr(1) @@ -3863,7 +4131,8 @@ probe nd_syscall.compat_utime.return = kprobe.function("compat_sys_utime").retur # # long sys_utimes(char __user * filename, struct timeval __user * utimes) # -probe nd_syscall.utimes = kprobe.function("sys_utimes") +probe nd_syscall.utimes = kprobe.function("SyS_utimes") ?, + kprobe.function("sys_utimes") ? { name = "utimes" // filename_uaddr = $filename @@ -3878,7 +4147,8 @@ probe nd_syscall.utimes = kprobe.function("sys_utimes") argstr = sprintf("%s, %s", user_string_quoted(filename_uaddr), _struct_timeval_u(tvp_uaddr, 2)) } -probe nd_syscall.utimes.return = kprobe.function("sys_utimes").return +probe nd_syscall.utimes.return = kprobe.function("SyS_utimes").return ?, + kprobe.function("sys_utimes").return ? { name = "utimes" retstr = returnstr(1) @@ -3909,7 +4179,8 @@ probe nd_syscall.compat_sys_utimes.return = kprobe.function("compat_sys_utimes") # long sys_utimensat(int dfd, char __user *filename, struct timespec __user *utimes, int flags) # long compat_sys_utimensat(unsigned int dfd, char __user *filename, struct compat_timespec __user *t, int flags) # -probe nd_syscall.utimensat = kprobe.function("sys_utimensat") ? +probe nd_syscall.utimensat = kprobe.function("SyS_utimensat") ?, + kprobe.function("sys_utimensat") ? { name = "utimensat" // argstr = sprintf("%s, %s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), _struct_timespec_u($utimes, 2), @@ -3927,12 +4198,13 @@ probe nd_syscall.compat_utimensat = kprobe.function("compat_sys_utimensat") ? argstr = sprintf("%s, %s, %s, %s", _dfd_str(uint_arg(1)), user_string_quoted(pointer_arg(2)), _struct_compat_timespec_u(pointer_arg(3), 2), _at_flag_str(int_arg(4))) } -probe nd_syscall.utimensat.return = kprobe.function("sys_utimensat").return ? +probe nd_syscall.utimensat.return = kprobe.function("SyS_utimensat").return ?, + kprobe.function("sys_utimensat").return ? { name = "utimensat" retstr = returnstr(1) } -probe nd_syscall.compat_utimensat.return = kprobe.function("compat_sys_utimensat").return ? +probe nd_syscall.compat_utimensat.return = kprobe.function("compat_sys_utimensat").return ? { name = "utimensat" retstr = returnstr(1) @@ -3961,7 +4233,8 @@ probe nd_syscall.vhangup.return = kprobe.function("sys_vhangup").return # long compat_sys_vmsplice(int fd, const struct compat_iovec __user *iov32, # unsigned int nr_segs, unsigned int flags) # -probe nd_syscall.vmsplice = kprobe.function("sys_vmsplice") ? +probe nd_syscall.vmsplice = kprobe.function("SyS_vmsplice") ?, + kprobe.function("sys_vmsplice") ? { name = "vmsplice" // argstr = sprintf("%d, %p, %d, 0x%x", $fd, $iov, $nr_segs, $flags) @@ -3975,7 +4248,8 @@ probe nd_syscall.compat_vmsplice = kprobe.function("compat_sys_vmsplice") ? asmlinkage() argstr = sprintf("%d, %p, %d, 0x%x", int_arg(1), pointer_arg(2), uint_arg(3), uint_arg(4)) } -probe nd_syscall.vmsplice.return = kprobe.function("sys_vmsplice").return ? +probe nd_syscall.vmsplice.return = kprobe.function("SyS_vmsplice").return ?, + kprobe.function("sys_vmsplice").return ? { name = "vmsplice" retstr = returnstr(1) @@ -3993,7 +4267,8 @@ probe nd_syscall.compat_vmsplice.return = kprobe.function("compat_sys_vmsplice") # int options, # struct rusage __user *ru) # -probe nd_syscall.wait4 = kprobe.function("sys_wait4") +probe nd_syscall.wait4 = kprobe.function("SyS_wait4") ?, + kprobe.function("sys_wait4") ? { name = "wait4" // pid = %( kernel_vr >= "2.6.25" %? $upid %: $pid%) @@ -4013,7 +4288,8 @@ probe nd_syscall.wait4 = kprobe.function("sys_wait4") argstr = sprintf("%d, %p, %s, %p", pid, status_uaddr, _wait4_opt_str(options), rusage_uaddr) } -probe nd_syscall.wait4.return = kprobe.function("sys_wait4").return +probe nd_syscall.wait4.return = kprobe.function("SyS_wait4").return ?, + kprobe.function("sys_wait4").return ? { name = "wait4" retstr = returnstr(1) @@ -4027,7 +4303,8 @@ probe nd_syscall.wait4.return = kprobe.function("sys_wait4").return # int options, # struct rusage __user *ru) # -probe nd_syscall.waitid = kprobe.function("sys_waitid") +probe nd_syscall.waitid = kprobe.function("SyS_waitid") ?, + kprobe.function("sys_waitid") ? { name = "waitid" // pid = %( kernel_vr >= "2.6.25" %? $upid %: $pid%) @@ -4051,7 +4328,8 @@ probe nd_syscall.waitid = kprobe.function("sys_waitid") argstr = sprintf("%d, %d, %p, %s, %p", which, pid, infop_uaddr, _waitid_opt_str(options), rusage_uaddr) } -probe nd_syscall.waitid.return = kprobe.function("sys_waitid").return +probe nd_syscall.waitid.return = kprobe.function("SyS_waitid").return ?, + kprobe.function("sys_waitid").return ? { name = "waitid" retstr = returnstr(1) @@ -4065,7 +4343,8 @@ probe nd_syscall.waitid.return = kprobe.function("sys_waitid").return # int options, # struct rusage __user *ru) # -probe nd_syscall.waitpid = kprobe.function("sys_wait4") +probe nd_syscall.waitpid = kprobe.function("SyS_wait4") ?, + kprobe.function("sys_wait4") ? { name = "waitpid" pid = $pid @@ -4076,7 +4355,8 @@ probe nd_syscall.waitpid = kprobe.function("sys_wait4") argstr = sprintf("%d, %p, %s, %p", $pid, $stat_addr, options_str, $ru) } -probe nd_syscall.waitpid.return = kprobe.function("sys_wait4").return +probe nd_syscall.waitpid.return = kprobe.function("SyS_wait4").return ?, + kprobe.function("sys_wait4").return ? { name = "waitpid" retstr = returnstr(1) @@ -4089,7 +4369,8 @@ probe nd_syscall.waitpid.return = kprobe.function("sys_wait4").return # const char __user * buf, # size_t count) # -probe nd_syscall.write = kprobe.function("sys_write") +probe nd_syscall.write = kprobe.function("SyS_write") ?, + kprobe.function("sys_write") ? { name = "write" // fd = $fd @@ -4103,7 +4384,8 @@ probe nd_syscall.write = kprobe.function("sys_write") argstr = sprintf("%d, %s, %d", fd, text_strn(user_string(buf_uaddr), syscall_string_trunc, 1), count) } -probe nd_syscall.write.return = kprobe.function("sys_write").return +probe nd_syscall.write.return = kprobe.function("SyS_write").return ?, + kprobe.function("sys_write").return ? { name = "write" retstr = returnstr(1) @@ -4118,8 +4400,9 @@ probe nd_syscall.write.return = kprobe.function("sys_write").return # const struct compat_iovec __user *vec, # unsigned long vlen) # -probe nd_syscall.writev = kprobe.function("sys_writev"), - kprobe.function("compat_sys_writev") ? +probe nd_syscall.writev = kprobe.function("compat_sys_writev") ?, + kprobe.function("SyS_writev") ?, + kprobe.function("sys_writev") ? { name = "writev" // vector_uaddr = $vec @@ -4138,8 +4421,9 @@ probe nd_syscall.writev = kprobe.function("sys_writev"), argstr = sprintf("%d, %p, %d", fd, vector_uaddr, count) } -probe nd_syscall.writev.return = kprobe.function("sys_writev").return, - kprobe.function("compat_sys_writev").return ? +probe nd_syscall.writev.return = kprobe.function("compat_sys_writev").return ?, + kprobe.function("SyS_writev").return ?, + kprobe.function("sys_writev").return ? { name = "writev" retstr = returnstr(1) -- cgit From 874b38cf7d259179a2a455cd34ea5a5b9348604b Mon Sep 17 00:00:00 2001 From: Mark Wielaard Date: Tue, 2 Jun 2009 14:55:30 +0200 Subject: Fix nd_syscall2 open.return typo. * tapset/nd_syscalls2.stp (nd_syscall.open.return): Add commas after alternatives. --- tapset/nd_syscalls2.stp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'tapset') diff --git a/tapset/nd_syscalls2.stp b/tapset/nd_syscalls2.stp index 49210012..43b8307f 100644 --- a/tapset/nd_syscalls2.stp +++ b/tapset/nd_syscalls2.stp @@ -156,8 +156,8 @@ probe nd_syscall.open = kprobe.function("compat_sys_open") ?, _sys_open_flag_str(flags)) } probe nd_syscall.open.return = kprobe.function("compat_sys_open").return ?, - kprobe.function("sys32_open").return ? - kprobe.function("SyS_open").return ? + kprobe.function("sys32_open").return ?, + kprobe.function("SyS_open").return ?, kprobe.function("sys_open").return ? { name = "open" -- cgit From a5a4b7838ecaa89aee50bd96dadc7d0a7251ed43 Mon Sep 17 00:00:00 2001 From: Josh Stone Date: Tue, 2 Jun 2009 16:33:05 -0700 Subject: Complete a few TODO probe points in nd_syscalls2 This adds renameat, unlinkat, unshare, and compat_sys_semctl. --- tapset/nd_syscalls2.stp | 135 ++++++++++++++++++++++++++++++++++-------------- 1 file changed, 96 insertions(+), 39 deletions(-) (limited to 'tapset') diff --git a/tapset/nd_syscalls2.stp b/tapset/nd_syscalls2.stp index 43b8307f..c93bf9f7 100644 --- a/tapset/nd_syscalls2.stp +++ b/tapset/nd_syscalls2.stp @@ -1141,15 +1141,43 @@ probe nd_syscall.rename.return = kprobe.function("SyS_rename").return ?, } # renameat ___________________________________________________ -# TODO -#probe nd_syscall.renameat = kprobe.function("SyS_renameat") ?, -# kprobe.function("sys_renameat") ? -#{ -#} -#probe nd_syscall.renameat.return = kprobe.function("SyS_renameat").return ?, -# kprobe.function("sys_renameat").return ? -#{ -#} +# new function with 2.6.16 +# long sys_renameat(int olddfd, const char __user *oldname, +# int newdfd, const char __user *newname) +probe nd_syscall.renameat = kprobe.function("SyS_renameat") ?, + kprobe.function("sys_renameat") ? +{ + name = "renameat" + // olddfd = $olddfd + // olddfd_str = _dfd_str($olddfd) + // oldname = $oldname + // oldname_str = user_string($oldname) + // newdfd = $newdfd + // newdfd_str = _dfd_str($newdfd) + // newname = $newname + // newname_str = user_string($newname) + // argstr = sprintf("%s, %s, %s, %s", + // olddfd_str, user_string_quoted($oldname), + // newdfd_str, user_string_quoted($newname)) + asmlinkage() + olddfd = int_arg(1) + olddfd_str = _dfd_str(olddfd) + oldname = pointer_arg(2) + oldname_str = user_string(oldname) + newdfd = int_arg(3) + newdfd_str = _dfd_str(newdfd) + newname = pointer_arg(4) + newname_str = user_string(newname) + argstr = sprintf("%s, %s, %s, %s", + olddfd_str, user_string_quoted(oldname), + newdfd_str, user_string_quoted(newname)) +} +probe nd_syscall.renameat.return = kprobe.function("SyS_renameat").return ?, + kprobe.function("sys_renameat").return ? +{ + name = "renameat" + retstr = returnstr(1) +} # request_key ________________________________________________ # @@ -1775,7 +1803,7 @@ probe nd_syscall.semctl = kprobe.function("SyS_semctl") ?, semid = int_arg(1) semnum = int_arg(2) cmd = int_arg(3) - argstr = sprintf("%d, %d, %s", semid, semnum, _semctl_cmd(cmd)) // ** jk done + argstr = sprintf("%d, %d, %s", semid, semnum, _semctl_cmd(cmd)) } probe nd_syscall.semctl.return = kprobe.function("SyS_semctl").return ?, kprobe.function("sys_semctl").return ? @@ -1783,21 +1811,22 @@ probe nd_syscall.semctl.return = kprobe.function("SyS_semctl").return ?, name = "semctl" retstr = returnstr(1) } - # compat_sys_semctl ________________________________________ # # long compat_sys_semctl(int first, int second, int third, void __user *uptr) # -#probe nd_syscall.compat_sys_semctl = kprobe.function("compat_sys_semctl") ? -#{ -# name = "compat_sys_semctl" -# argstr = sprintf("%d, %d, %d, %p", $first, $second, $third, $uptr) // ** not asmlinkage -#} -#probe nd_syscall.compat_sys_semctl.return = kprobe.function("compat_sys_semctl").return ? -#{ -# name = "compat_sys_semctl" -# retstr = returnstr(1) -#} +probe nd_syscall.compat_sys_semctl = kprobe.function("compat_sys_semctl") ? +{ + name = "compat_sys_semctl" + // argstr = sprintf("%d, %d, %d, %p", $first, $second, $third, $uptr) + // NB: no asmlinkage() + argstr = sprintf("%d, %d, %d, %p", int_arg(1), int_arg(2), int_arg(3), pointer_arg(4)) +} +probe nd_syscall.compat_sys_semctl.return = kprobe.function("compat_sys_semctl").return ? +{ + name = "compat_sys_semctl" + retstr = returnstr(1) +} # semget _____________________________________________________ # long sys_semget (key_t key, int nsems, int semflg) @@ -4006,26 +4035,54 @@ probe nd_syscall.unlink.return = kprobe.function("SyS_unlink").return ?, } # unlinkat ___________________________________________________ -# TODO -#probe nd_syscall.unlinkat = kprobe.function("SyS_unlinkat") ?, -# kprobe.function("sys_unlinkat") ? -#{ -#} -#probe nd_syscall.unlinkat.return = kprobe.function("SyS_unlinkat").return ?, -# kprobe.function("sys_unlinkat").return ? -#{ -#} +# new function with 2.6.16 +# long sys_unlinkat(int dfd, const char __user *pathname, +# int flag) +probe nd_syscall.unlinkat = kprobe.function("SyS_unlinkat") ?, + kprobe.function("sys_unlinkat") ? +{ + name = "unlinkat" + // dfd = $dfd + // dfd_str = _dfd_str($dfd) + // pathname = $pathname + // pathname_str = user_string($pathname) + // flag = $flag + // flag_str = _at_flag_str($flag) + // argstr = sprintf("%s, %s, %s", dfd_str, user_string_quoted($pathname), flag_str) + asmlinkage() + dfd = int_arg(1) + dfd_str = _dfd_str(dfd) + pathname = pointer_arg(2) + pathname_str = user_string(pathname) + flag = int_arg(3) + flag_str = _at_flag_str(flag) + argstr = sprintf("%s, %s, %s", dfd_str, user_string_quoted(pathname), flag_str) +} +probe nd_syscall.unlinkat.return = kprobe.function("SyS_unlinkat").return ?, + kprobe.function("sys_unlinkat").return ? +{ + name = "unlinkat" + retstr = returnstr(1) +} # unshare ____________________________________________________ -# TODO -#probe nd_syscall.unshare = kprobe.function("SyS_unshare") ?, -# kprobe.function("sys_unshare") ? -#{ -#} -#probe nd_syscall.unshare.return = kprobe.function("SyS_unshare").return ?, -# kprobe.function("sys_unshare").return ? -#{ -#} +# new function with 2.6.16 +# long sys_unshare(unsigned long unshare_flags) +probe nd_syscall.unshare = kprobe.function("SyS_unshare") ?, + kprobe.function("sys_unshare") ? +{ + name = "unshare" + // unshare_flags = $unshare_flags + asmlinkage() + unshare_flags = ulong_arg(1) + argstr = __fork_flags(unshare_flags) +} +probe nd_syscall.unshare.return = kprobe.function("SyS_unshare").return ?, + kprobe.function("sys_unshare").return ? +{ + name = "unshare" + retstr = returnstr(1) +} # uselib _____________________________________________________ # -- cgit From cfcb2281723313124c39924c3c20a476844a0592 Mon Sep 17 00:00:00 2001 From: Josh Stone Date: Tue, 2 Jun 2009 16:59:59 -0700 Subject: Clean up the formatting of $arch/syscalls.stp --- tapset/i686/syscalls.stp | 59 +++++++----- tapset/ia64/syscalls.stp | 14 +-- tapset/ppc64/syscalls.stp | 218 ++++++++++++++++++++++++++------------------- tapset/s390x/syscalls.stp | 28 +++--- tapset/x86_64/syscalls.stp | 54 +++++++---- 5 files changed, 224 insertions(+), 149 deletions(-) (limited to 'tapset') diff --git a/tapset/i686/syscalls.stp b/tapset/i686/syscalls.stp index 2a89c19d..dec0aa97 100644 --- a/tapset/i686/syscalls.stp +++ b/tapset/i686/syscalls.stp @@ -7,13 +7,14 @@ * asmlinkage int * sys_get_thread_area(struct user_desc __user *u_info) */ -probe syscall.get_thread_area = kernel.function("sys_get_thread_area") { +probe syscall.get_thread_area = kernel.function("sys_get_thread_area") +{ name = "get_thread_area" u_info_uaddr = $u_info argstr = sprintf("%p", u_info_uaddr) } -probe syscall.get_thread_area.return = - kernel.function("sys_get_thread_area").return { +probe syscall.get_thread_area.return = kernel.function("sys_get_thread_area").return +{ name = "get_thread_area" retstr = returnstr(1) } @@ -22,11 +23,13 @@ probe syscall.get_thread_area.return = # NOTE. This function is only in i386 and x86_64 and its args vary # between those two archs. # -probe syscall.iopl = kernel.function("sys_iopl") { +probe syscall.iopl = kernel.function("sys_iopl") +{ name = "iopl" argstr = "" } -probe syscall.iopl.return = kernel.function("sys_iopl").return { +probe syscall.iopl.return = kernel.function("sys_iopl").return +{ name = "iopl" retstr = returnstr(1) } @@ -34,7 +37,8 @@ probe syscall.iopl.return = kernel.function("sys_iopl").return { # ipc ________________________________________________________ # int sys_ipc (uint call, int first, int second, int third, void __user *ptr, long fifth) # -probe syscall.ipc = kernel.function("sys_ipc") ? { +probe syscall.ipc = kernel.function("sys_ipc") ? +{ name = "ipc" call = $call first = $first @@ -45,7 +49,8 @@ probe syscall.ipc = kernel.function("sys_ipc") ? { argstr = sprintf("%d, %d, %d, %d, %p, %d", $call, $first, $second, $third, $ptr, $fifth) } -probe syscall.ipc.return = kernel.function("sys_ipc").return ? { +probe syscall.ipc.return = kernel.function("sys_ipc").return ? +{ name = "ipc" retstr = returnstr(1) } @@ -65,7 +70,7 @@ probe syscall.mmap2 = kernel.function("sys_mmap2") ? flags = $flags fd = $fd pgoffset = $pgoff - argstr = sprintf("%p, %d, %s, %s, %d, %d", $addr, + argstr = sprintf("%p, %d, %s, %s, %d, %d", $addr, $len, _mprotect_prot_str($prot), _mmap_flags($flags), $fd, $pgoff) } @@ -80,14 +85,14 @@ probe syscall.mmap2.return = kernel.function("sys_mmap2").return ? * asmlinkage int * sys_set_thread_area(struct user_desc __user *u_info) */ -probe syscall.set_thread_area = - kernel.function("sys_set_thread_area") { +probe syscall.set_thread_area = kernel.function("sys_set_thread_area") +{ name = "set_thread_area" u_info_uaddr = $u_info argstr = sprintf("%p", u_info_uaddr) } -probe syscall.set_thread_area.return = - kernel.function("sys_set_thread_area").return { +probe syscall.set_thread_area.return = kernel.function("sys_set_thread_area").return +{ name = "set_thread_area" retstr = returnstr(1) } @@ -98,16 +103,16 @@ probe syscall.set_thread_area.return = * unsigned int zone, * unsigned int state) */ -probe syscall.set_zone_reclaim = - kernel.function("sys_set_zone_reclaim") ? { +probe syscall.set_zone_reclaim = kernel.function("sys_set_zone_reclaim") ? +{ name = "set_zone_reclaim" node = $node zone = $zone state = $state argstr = sprintf("%d, %d, %d", $node, $zone, $state) } -probe syscall.set_zone_reclaim.return = - kernel.function("sys_set_zone_reclaim").return ? { +probe syscall.set_zone_reclaim.return = kernel.function("sys_set_zone_reclaim").return ? +{ name = "set_zone_reclaim" retstr = returnstr(1) } @@ -117,12 +122,14 @@ probe syscall.set_zone_reclaim.return = # # NOTE: args vary between archs. # -probe syscall.sigaltstack = kernel.function("sys_sigaltstack") { +probe syscall.sigaltstack = kernel.function("sys_sigaltstack") +{ name = "sigaltstack" ussp = %( kernel_vr < "2.6.25" %? $ebx %: %( kernel_vr < "2.6.29" %? $bx %: $regs->bx %) %) argstr = sprintf("%p", ussp) } -probe syscall.sigaltstack.return = kernel.function("sys_sigaltstack").return { +probe syscall.sigaltstack.return = kernel.function("sys_sigaltstack").return +{ name = "sigaltstack" retstr = returnstr(1) } @@ -131,7 +138,8 @@ probe syscall.sigaltstack.return = kernel.function("sys_sigaltstack").return { # # int sys_vm86(struct pt_regs regs) # -probe syscall.vm86 = kernel.function("sys_vm86") ? { +probe syscall.vm86 = kernel.function("sys_vm86") ? +{ name = "vm86" /* * unsupported type identifier '$regs' @@ -139,8 +147,9 @@ probe syscall.vm86 = kernel.function("sys_vm86") ? { */ argstr = "" } -probe syscall.vm86.return = kernel.function("sys_vm86").return ? { - name = "vm86" +probe syscall.vm86.return = kernel.function("sys_vm86").return ? +{ + name = "vm86" retstr = returnstr(1) } @@ -148,15 +157,17 @@ probe syscall.vm86.return = kernel.function("sys_vm86").return ? { # # int sys_vm86old(struct pt_regs regs) # -probe syscall.vm86old = kernel.function("sys_vm86old") ? { - name = "vm86old" +probe syscall.vm86old = kernel.function("sys_vm86old") ? +{ + name = "vm86old" /* * unsupported type identifier '$regs' * regs = $regs */ argstr = "" } -probe syscall.vm86old.return = kernel.function("sys_vm86old").return ? { +probe syscall.vm86old.return = kernel.function("sys_vm86old").return ? +{ name = "vm86old" retstr = returnstr(1) } diff --git a/tapset/ia64/syscalls.stp b/tapset/ia64/syscalls.stp index 7a508071..c57ab7e6 100644 --- a/tapset/ia64/syscalls.stp +++ b/tapset/ia64/syscalls.stp @@ -3,7 +3,8 @@ # mmap # sys_mmap (unsigned long addr, unsigned long len, int prot, int flags, int fd, long off) # -probe syscall.mmap = kernel.function("sys_mmap") ? { +probe syscall.mmap = kernel.function("sys_mmap") ? +{ name = "mmap" start = $addr len = $len @@ -15,7 +16,8 @@ probe syscall.mmap = kernel.function("sys_mmap") ? { _mprotect_prot_str($prot), _mmap_flags($flags), $fd, $off) } -probe syscall.mmap.return = kernel.function("sys_mmap").return ? { +probe syscall.mmap.return = kernel.function("sys_mmap").return ? +{ name = "mmap" retstr = returnstr(2) } @@ -31,7 +33,7 @@ probe syscall.mmap2 = kernel.function("sys_mmap2") ? flags = $flags fd = $fd pgoffset = $pgoff - argstr = sprintf("%p, %d, %s, %s, %d, %d", $addr, + argstr = sprintf("%p, %d, %s, %s, %d, %d", $addr, $len, _mprotect_prot_str($prot), _mmap_flags($flags), $fd, $pgoff) } @@ -64,11 +66,13 @@ probe syscall.sigaltstack.return = kernel.function("sys_sigaltstack").return # # long sys32_sysctl (struct sysctl32 __user *args) # -probe syscall.sysctl32 = kernel.function("sys32_sysctl") ? { +probe syscall.sysctl32 = kernel.function("sys32_sysctl") ? +{ name = "sysctl" argstr = sprintf("%p", $args) } -probe syscall.sysctl32.return = kernel.function("sys32_sysctl").return ? { +probe syscall.sysctl32.return = kernel.function("sys32_sysctl").return ? +{ name = "sysctl" retstr = returnstr(1) } diff --git a/tapset/ppc64/syscalls.stp b/tapset/ppc64/syscalls.stp index 09c715c9..0518d486 100644 --- a/tapset/ppc64/syscalls.stp +++ b/tapset/ppc64/syscalls.stp @@ -4,11 +4,13 @@ # # time_t sys64_time(time_t __user * tloc) # -probe syscall.sys64_time = kernel.function("sys64_time") ? { +probe syscall.sys64_time = kernel.function("sys64_time") ? +{ name = "sys64_time" argstr = sprintf("%p", $tloc) } -probe syscall.sys64_time.return = kernel.function("sys64_time").return ? { +probe syscall.sys64_time.return = kernel.function("sys64_time").return ? +{ name = "sys64_time" retstr = returnstr(1) } @@ -17,12 +19,14 @@ probe syscall.sys64_time.return = kernel.function("sys64_time").return ? { # # long ppc64_personality(unsigned long personality) # -probe syscall.ppc64_personality = kernel.function("ppc64_personality") { +probe syscall.ppc64_personality = kernel.function("ppc64_personality") +{ name = "ppc64_personality" persona = $personality argstr = sprint($personality) } -probe syscall.ppc64_personality.return = kernel.function("ppc64_personality").return { +probe syscall.ppc64_personality.return = kernel.function("ppc64_personality").return +{ name = "ppc64_personality" retstr = returnstr(1) } @@ -31,12 +35,14 @@ probe syscall.ppc64_personality.return = kernel.function("ppc64_personality").re # # int ppc_rtas(struct rtas_args __user *uargs) # -probe syscall.ppc_rtas = kernel.function("ppc_rtas") ? { +probe syscall.ppc_rtas = kernel.function("ppc_rtas") ? +{ name = "ppc_rtas" uargs_uaddr = $uargs argstr = sprintf("%p", $uargs) } -probe syscall.ppc_rtas.return = kernel.function("ppc_rtas").return ? { +probe syscall.ppc_rtas.return = kernel.function("ppc_rtas").return ? +{ name = "ppc_rtas" retstr = returnstr(1) } @@ -45,12 +51,14 @@ probe syscall.ppc_rtas.return = kernel.function("ppc_rtas").return ? { # # long ppc64_sys32_stime(int __user * tptr) # -probe syscall.ppc64_sys32_stime = kernel.function("ppc64_sys32_stime") ? { +probe syscall.ppc64_sys32_stime = kernel.function("ppc64_sys32_stime") ? +{ name = "ppc64_sys32_stime" t_uaddr = $tptr argstr = sprintf("%p", $tptr) } -probe syscall.ppc64_sys32_stime.return = kernel.function("ppc64_sys32_stime").return ? { +probe syscall.ppc64_sys32_stime.return = kernel.function("ppc64_sys32_stime").return ? +{ name = "ppc64_sys32_stime" retstr = returnstr(1) } @@ -60,7 +68,8 @@ probe syscall.ppc64_sys32_stime.return = kernel.function("ppc64_sys32_stime").re # int sys32_ptrace(long request, long pid, unsigned long addr, # unsigned long data) # -probe syscall.sys32_ptrace = kernel.function("sys32_ptrace") ? { +probe syscall.sys32_ptrace = kernel.function("sys32_ptrace") ? +{ name = "sys32_ptrace" request = $request pid = $pid @@ -68,7 +77,8 @@ probe syscall.sys32_ptrace = kernel.function("sys32_ptrace") ? { data = $data argstr = sprintf("%p, %p, %p, %p", $request, $pid, $addr, $data) } -probe syscall.sys32_ptrace.return = kernel.function("sys32_ptrace").return ? { +probe syscall.sys32_ptrace.return = kernel.function("sys32_ptrace").return ? +{ name = "sys32_ptrace" retstr = returnstr(1) } @@ -77,12 +87,14 @@ probe syscall.sys32_ptrace.return = kernel.function("sys32_ptrace").return ? { # # (obsolete) long sys32_sysinfo(struct sysinfo32 __user *info) # -probe syscall.sys32_sysinfo = kernel.function("sys32_sysinfo") ? { +probe syscall.sys32_sysinfo = kernel.function("sys32_sysinfo") ? +{ name = "sys32_sysinfo" info_uaddr = $info argstr = sprintf("%p", info_uaddr) } -probe syscall.sys32_sysinfo.return = kernel.function("sys32_sysinfo").return ? { +probe syscall.sys32_sysinfo.return = kernel.function("sys32_sysinfo").return ? +{ name = "sys32_sysinfo" retstr = returnstr(1) } @@ -92,12 +104,14 @@ probe syscall.sys32_sysinfo.return = kernel.function("sys32_sysinfo").return ? { # long sys32_ipc(u32 call, u32 first, u32 second, u32 third, # compat_uptr_t ptr, u32 fifth) # -probe syscall.ipc = kernel.function("sys32_ipc") ? { +probe syscall.ipc = kernel.function("sys32_ipc") ? +{ name = "ipc" argstr = sprintf("%d, %d, %d, %d, %p, %d", $call, $first, $second, - $third, $ptr, $fifth) + $third, $ptr, $fifth) } -probe syscall.ipc.return = kernel.function("sys32_ipc").return ? { +probe syscall.ipc.return = kernel.function("sys32_ipc").return ? +{ name = "sys_ipc" retstr = returnstr(1) } @@ -107,7 +121,8 @@ probe syscall.ipc.return = kernel.function("sys32_ipc").return ? { # long sys32_sigreturn(int r3, int r4, int r5, int r6, int r7, int r8, # struct pt_regs *regs) # -probe syscall.sys32_sigreturn = kernel.function("sys32_sigreturn") ? { +probe syscall.sys32_sigreturn = kernel.function("sys32_sigreturn") ? +{ name = "sys32_sigreturn" r3 = $r3 r4 = $r4 @@ -118,8 +133,8 @@ probe syscall.sys32_sigreturn = kernel.function("sys32_sigreturn") ? { argstr = sprintf("%p, %p, %p, %p, %p, %p", $r3, $r4, $r5, $r6, $r7, $r8) } -probe syscall.sys32_sigreturn.return = - kernel.function("sys32_sigreturn").return ? { +probe syscall.sys32_sigreturn.return = kernel.function("sys32_sigreturn").return ? +{ name = "sys32_sigreturn" retstr = returnstr(1) } @@ -127,11 +142,13 @@ probe syscall.sys32_sigreturn.return = # # long sys32_adjtimex(struct timex32 __user *utp) # -probe syscall.sys32_adjtimex = kernel.function("sys32_adjtimex") ? { +probe syscall.sys32_adjtimex = kernel.function("sys32_adjtimex") ? +{ name = "sys32_adjtimex" argstr = sprintf("%p", $utp) } -probe syscall.sys32_adjtimex.return = kernel.function("sys32_adjtimex").return ? { +probe syscall.sys32_adjtimex.return = kernel.function("sys32_adjtimex").return ? +{ name = "sys32_adjtimex" retstr = returnstr(1) } @@ -142,15 +159,16 @@ probe syscall.sys32_adjtimex.return = kernel.function("sys32_adjtimex").return ? # struct linux_dirent32 __user *dirent, # unsigned int count) # -probe syscall.sys32_getdents = kernel.function("sys32_getdents") ? { +probe syscall.sys32_getdents = kernel.function("sys32_getdents") ? +{ name = "sys32_getdents" fd = $fd dirp_uaddr = $dirent count = $count argstr = sprintf("%d, %p, %d", fd, dirp_uaddr, count) } -probe syscall.sys32_getdents.return = - kernel.function("sys32_getdents").return ? { +probe syscall.sys32_getdents.return = kernel.function("sys32_getdents").return ? +{ name = "sys32_getdents" retstr = returnstr(1) } @@ -159,11 +177,13 @@ probe syscall.sys32_getdents.return = # # long compat_sys_sysctl(struct __sysctl_args32 __user *args) # -probe syscall.compat_sysctl = kernel.function("compat_sys_sysctl") ? { +probe syscall.compat_sysctl = kernel.function("compat_sys_sysctl") ? +{ name = "sysctl" argstr = sprintf("%p", $args) } -probe syscall.compat_sysctl.return = kernel.function("compat_sys_sysctl").return ? { +probe syscall.compat_sysctl.return = kernel.function("compat_sys_sysctl").return ? +{ name = "sysctl" retstr = returnstr(1) } @@ -173,14 +193,15 @@ probe syscall.compat_sysctl.return = kernel.function("compat_sys_sysctl").return # asmlinkage long sys32_sched_setparam(u32 pid, # struct sched_param __user *param) # -probe syscall.sys32_sched_setparam = kernel.function("sys32_sched_setparam") ? { +probe syscall.sys32_sched_setparam = kernel.function("sys32_sched_setparam") ? +{ name = "sys32_sched_setparam" pid = $pid param_uaddr = $param argstr = sprintf("%d, %p", pid, param_uaddr) } -probe syscall.sys32_sched_setparam.return = - kernel.function("sys32_sched_setparam").return ? { +probe syscall.sys32_sched_setparam.return = kernel.function("sys32_sched_setparam").return ? +{ name = "sys32_sched_setparam" retstr = returnstr(1) } @@ -190,15 +211,15 @@ probe syscall.sys32_sched_setparam.return = # asmlinkage long sys32_sched_rr_get_interval(u32 pid, # struct compat_timespec __user *interval) # -probe syscall.sys32_sched_rr_get_interval = - kernel.function("sys32_sched_rr_get_interval") ? { +probe syscall.sys32_sched_rr_get_interval = kernel.function("sys32_sched_rr_get_interval") ? +{ name = "sys32_sched_rr_get_interval" pid = $pid interval_uaddr = $interval - argstr = sprintf("%d, %p", pid, interval_uaddr) + argstr = sprintf("%d, %p", pid, interval_uaddr) } -probe syscall.sys32_sched_rr_get_interval.return = - kernel.function("sys32_sched_rr_get_interval").return ? { +probe syscall.sys32_sched_rr_get_interval.return = kernel.function("sys32_sched_rr_get_interval").return ? +{ name = "sys32_sched_rr_get_interval" retstr = returnstr(1) } @@ -208,14 +229,15 @@ probe syscall.sys32_sched_rr_get_interval.return = # long sys32_rt_sigpending(compat_sigset_t __user *set, # compat_size_t sigsetsize) # -probe syscall.sys32_rt_sigpending = kernel.function("sys32_rt_sigpending") ? { +probe syscall.sys32_rt_sigpending = kernel.function("sys32_rt_sigpending") ? +{ name = "sys32_rt_sigpending" set_uaddr = $set sigsetsize = $sigsetsize argstr = sprintf("%p, %d", set_uaddr, $sigsetsize) } -probe syscall.sys32_rt_sigpending.return = - kernel.function("sys32_rt_sigpending").return ? { +probe syscall.sys32_rt_sigpending.return = kernel.function("sys32_rt_sigpending").return ? +{ name = "sys32_rt_sigpending" retstr = returnstr(1) } @@ -226,8 +248,8 @@ probe syscall.sys32_rt_sigpending.return = # struct compat_timespec __user *uts, # compat_size_t sigsetsize) # -probe syscall.sys32_rt_sigtimedwait = - kernel.function("sys32_rt_sigtimedwait") ? { +probe syscall.sys32_rt_sigtimedwait = kernel.function("sys32_rt_sigtimedwait") ? +{ name = "sys32_rt_sigtimedwait" uthese_uaddr = $uthese uinfo_uaddr = $uinfo @@ -236,8 +258,8 @@ probe syscall.sys32_rt_sigtimedwait = argstr = sprintf("%p, %p, %p, %p", uthese_uaddr, uinfo_uaddr, uts_uaddr, sigsetsize) } -probe syscall.sys32_rt_sigtimedwait.return = - kernel.function("sys32_rt_sigtimedwait").return ? { +probe syscall.sys32_rt_sigtimedwait.return = kernel.function("sys32_rt_sigtimedwait").return ? +{ name = "sys32_rt_sigtimedwait" retstr = returnstr(1) } @@ -245,8 +267,8 @@ probe syscall.sys32_rt_sigtimedwait.return = # # long sys32_rt_sigqueueinfo(u32 pid, u32 sig, compat_siginfo_t __user *uinfo) # -probe syscall.sys32_rt_sigqueueinfo = - kernel.function("sys32_rt_sigqueueinfo") ? { +probe syscall.sys32_rt_sigqueueinfo = kernel.function("sys32_rt_sigqueueinfo") ? +{ name = "sys32_rt_sigqueueinfo" pid = $pid sig = $sig @@ -254,8 +276,8 @@ probe syscall.sys32_rt_sigqueueinfo = argstr = sprintf("%p, %s, %p", pid, _signal_name($sig), uinfo_uaddr) } -probe syscall.sys32_rt_sigqueueinfo.return = - kernel.function("sys32_rt_sigqueueinfo").return ? { +probe syscall.sys32_rt_sigqueueinfo.return = kernel.function("sys32_rt_sigqueueinfo").return ? +{ name = "sys32_rt_sigqueueinfo" retstr = returnstr(1) } @@ -264,12 +286,13 @@ probe syscall.sys32_rt_sigqueueinfo.return = # int sys32_sigaltstack(u32 __new, u32 __old, int r5, # int r6, int r7, int r8, struct pt_regs *regs) # -probe syscall.sys32_sigaltstack = kernel.function("sys32_sigaltstack") ? { +probe syscall.sys32_sigaltstack = kernel.function("sys32_sigaltstack") ? +{ name = "sys32_sigaltstack" argstr = "FIXME" } -probe syscall.sys32_sigaltstack.return = - kernel.function("sys32_sigaltstack").return ? { +probe syscall.sys32_sigaltstack.return = kernel.function("sys32_sigaltstack").return ? +{ name = "sys32_sigaltstack" retstr = returnstr(1) } @@ -278,7 +301,8 @@ probe syscall.sys32_sigaltstack.return = # asmlinkage int sys32_sendfile64(int out_fd, int in_fd, # compat_loff_t __user *offset, s32 count) # -probe syscall.sys32_sendfile64 = kernel.function("sys32_sendfile64") ? { +probe syscall.sys32_sendfile64 = kernel.function("sys32_sendfile64") ? +{ name = "sys32_sendfile64" out_fd = $out_fd in_fd = $in_fd @@ -287,8 +311,8 @@ probe syscall.sys32_sendfile64 = kernel.function("sys32_sendfile64") ? { argstr = sprintf("%d, %d, %p, %d", $out_fd, $in_fd, offset_uaddr, $count) } -probe syscall.sys32_sendfile64.return = - kernel.function("sys32_sendfile64").return ? { +probe syscall.sys32_sendfile64.return = kernel.function("sys32_sendfile64").return ? +{ name = "sys32_sendfile64" retstr = returnstr(1) } @@ -298,7 +322,8 @@ probe syscall.sys32_sendfile64.return = # struct compat_sigevent __user *ev32, # timer_t __user *timer_id) # -probe syscall.ppc32_timer_create = kernel.function("ppc32_timer_create") ? { +probe syscall.ppc32_timer_create = kernel.function("ppc32_timer_create") ? +{ name = "ppc32_timer_create" which_clock = $clock timer_event_spec = $ev32 @@ -306,8 +331,8 @@ probe syscall.ppc32_timer_create = kernel.function("ppc32_timer_create") ? { argstr = sprintf("%d, %p, %p", which_clock, timer_event_spec, created_timer_id) } -probe syscall.ppc32_timer_create.return = - kernel.function("ppc32_timer_create").return ? { +probe syscall.ppc32_timer_create.return = kernel.function("ppc32_timer_create").return ? +{ name = "ppc32_timer_create" retstr = returnstr(1) } @@ -317,7 +342,8 @@ probe syscall.ppc32_timer_create.return = # struct compat_itimerspec __user *new, # struct compat_itimerspec __user *old) # -probe syscall.compat_timer_settime = kernel.function("compat_timer_settime") ? { +probe syscall.compat_timer_settime = kernel.function("compat_timer_settime") ? +{ name = "compat_timer_settime" timer_id = $timer_id flags = $flags @@ -326,8 +352,8 @@ probe syscall.compat_timer_settime = kernel.function("compat_timer_settime") ? { argstr = sprintf("%d, %d, %p, %p", timer_id, flags, new_setting_uaddr, old_setting_uaddr) } -probe syscall.compat_timer_settime.return = - kernel.function("compat_timer_settime").return ? { +probe syscall.compat_timer_settime.return = kernel.function("compat_timer_settime").return ? +{ name = "compat_timer_settime" retstr = returnstr(1) } @@ -336,14 +362,15 @@ probe syscall.compat_timer_settime.return = # long compat_timer_gettime(timer_t timer_id, # struct compat_itimerspec __user *setting) # -probe syscall.compat_timer_gettime = kernel.function("compat_timer_gettime") ? { +probe syscall.compat_timer_gettime = kernel.function("compat_timer_gettime") ? +{ name = "compat_timer_gettime" timer_id = $timer_id setting_uaddr = $setting argstr = sprintf("%d, %p", timer_id, setting_uaddr) } -probe syscall.compat_timer_gettime.return = - kernel.function("compat_timer_gettime").return ? { +probe syscall.compat_timer_gettime.return = kernel.function("compat_timer_gettime").return ? +{ name = "compat_timer_gettime" retstr = returnstr(1) } @@ -352,14 +379,15 @@ probe syscall.compat_timer_gettime.return = # long compat_clock_settime(clockid_t which_clock, # struct compat_timespec __user *tp) # -probe syscall.compat_clock_settime = kernel.function("compat_clock_settime") ? { +probe syscall.compat_clock_settime = kernel.function("compat_clock_settime") ? +{ name = "compat_clock_settime" which_clock = $which_clock tp_uaddr = $tp argstr = sprintf("%d, %p", which_clock, tp_uaddr) } -probe syscall.compat_clock_settime.return = - kernel.function("compat_clock_settime").return ? { +probe syscall.compat_clock_settime.return = kernel.function("compat_clock_settime").return ? +{ name = "compat_clock_settime" retstr = returnstr(1) } @@ -370,7 +398,8 @@ probe syscall.compat_clock_settime.return = # int ctx_size, int r6, int r7, int r8, # struct pt_regs *regs) # -probe syscall.sys32_swapcontext = kernel.function("sys32_swapcontext") ? { +probe syscall.sys32_swapcontext = kernel.function("sys32_swapcontext") ? +{ name = "sys32_swapcontext" old_ctx_uaddr = $old_ctx new_ctx_uaddr = $new_ctx @@ -382,8 +411,8 @@ probe syscall.sys32_swapcontext = kernel.function("sys32_swapcontext") ? { argstr = sprintf("%p, %p, %d, %d, %d, %d, %p", old_ctx_uaddr, new_ctx_uaddr, r5, r6, r7, r8, regs) } -probe syscall.sys32_swapcontext.return = - kernel.function("sys32_swapcontext").return ? { +probe syscall.sys32_swapcontext.return = kernel.function("sys32_swapcontext").return ? +{ name = "sys32_swapcontext" retstr = returnstr(1) } @@ -392,14 +421,16 @@ probe syscall.sys32_swapcontext.return = # asmlinkage long sys32_utimes(char __user *filename, # struct compat_timeval __user *tvs) # -probe syscall.sys32_utimes = kernel.function("sys32_utimes") ? { +probe syscall.sys32_utimes = kernel.function("sys32_utimes") ? +{ name = "sys32_utimes" filename_uaddr = $filename path = user_string($filename) tvp_uaddr = $tvs argstr = sprintf("%s, %p", user_string_quoted($filename), tvp_uaddr) } -probe syscall.sys32_utimes.return = kernel.function("sys32_utimes").return ? { +probe syscall.sys32_utimes.return = kernel.function("sys32_utimes").return ? +{ name = "sys32_utimes" retstr = returnstr(1) } @@ -409,7 +440,8 @@ probe syscall.sys32_utimes.return = kernel.function("sys32_utimes").return ? { # compat_ulong_t mode, compat_ulong_t __user *nmask, # compat_ulong_t maxnode, compat_ulong_t flags) # -probe syscall.compat_mbind = kernel.function("compat_mbind") ? { +probe syscall.compat_mbind = kernel.function("compat_mbind") ? +{ name = "compat_mbind" start_uaddr = $start len = $len @@ -420,7 +452,8 @@ probe syscall.compat_mbind = kernel.function("compat_mbind") ? { argstr = sprintf("%p, %d, %d, %p, %d, %d", start_uaddr, len, policy, nodemask_uaddr, maxnode, flags) } -probe syscall.compat_mbind.return = kernel.function("compat_mbind").return ? { +probe syscall.compat_mbind.return = kernel.function("compat_mbind").return ? +{ name = "compat_mbind" retstr = returnstr(1) } @@ -431,7 +464,8 @@ probe syscall.compat_mbind.return = kernel.function("compat_mbind").return ? { # compat_ulong_t maxnode, # compat_ulong_t addr, compat_ulong_t flags) # -probe syscall.compat_get_mempolicy = kernel.function("compat_get_mempolicy") ? { +probe syscall.compat_get_mempolicy = kernel.function("compat_get_mempolicy") ? +{ name = "compat_get_mempolicy" policy_uaddr = $policy nmask_uaddr = $nmask @@ -441,8 +475,8 @@ probe syscall.compat_get_mempolicy = kernel.function("compat_get_mempolicy") ? { argstr = sprintf("%p, %p, %d, %d", policy_uaddr, nmask_uaddr, maxnode, addr) } -probe syscall.compat_get_mempolicy.return = - kernel.function("compat_get_mempolicy").return ? { +probe syscall.compat_get_mempolicy.return = kernel.function("compat_get_mempolicy").return ? +{ name = "compat_get_mempolicy" retstr = returnstr(1) } @@ -451,15 +485,16 @@ probe syscall.compat_get_mempolicy.return = # asmlinkage long compat_set_mempolicy(int mode, compat_ulong_t __user *nmask, # compat_ulong_t maxnode) # -probe syscall.compat_set_mempolicy = kernel.function("compat_set_mempolicy") ? { +probe syscall.compat_set_mempolicy = kernel.function("compat_set_mempolicy") ? +{ name = "compat_set_mempolicy" policy = $mode nodemask_uaddr = $nmask maxnode = $maxnode argstr = sprintf("%d, %p, %d", policy, nodemask_uaddr, maxnode) } -probe syscall.compat_set_mempolicy.return = - kernel.function("compat_set_mempolicy").return ? { +probe syscall.compat_set_mempolicy.return = kernel.function("compat_set_mempolicy").return ? +{ name = "compat_set_mempolicy" retstr = returnstr(1) } @@ -469,7 +504,8 @@ probe syscall.compat_set_mempolicy.return = # unsigned long prot, unsigned long flags, # unsigned long fd, off_t offset) # -probe syscall.mmap = kernel.function("sys_mmap") ? { +probe syscall.mmap = kernel.function("sys_mmap") ? +{ name = "mmap" start = $addr len = $len @@ -481,7 +517,8 @@ probe syscall.mmap = kernel.function("sys_mmap") ? { _mprotect_prot_str($prot), _mmap_flags($flags), $fd, $offset) } -probe syscall.mmap.return = kernel.function("sys_mmap").return ? { +probe syscall.mmap.return = kernel.function("sys_mmap").return ? +{ name = "mmap" retstr = returnstr(2) } @@ -494,9 +531,8 @@ probe syscall.mmap.return = kernel.function("sys_mmap").return ? { # unsigned long prot, unsigned long flags, # unsigned long fd, unsigned long pgoff) # -probe syscall.mmap2 = - kernel.function("sys_mmap2") ?, - kernel.function("compat_sys_mmap2") ? +probe syscall.mmap2 = kernel.function("sys_mmap2") ?, + kernel.function("compat_sys_mmap2") ? { name = "mmap2" start = $addr @@ -505,13 +541,12 @@ probe syscall.mmap2 = flags = $flags fd = $fd pgoffset = $pgoff - argstr = sprintf("%p, %d, %s, %s, %d, %d", $addr, + argstr = sprintf("%p, %d, %s, %s, %d, %d", $addr, $len, _mprotect_prot_str($prot), _mmap_flags($flags), $fd, $pgoff) } -probe syscall.mmap2.return = - kernel.function("sys_mmap2").return ?, - kernel.function("compat_sys_mmap2").return ? +probe syscall.mmap2.return = kernel.function("sys_mmap2").return ?, + kernel.function("compat_sys_mmap2").return ? { name = "mmap2" retstr = returnstr(2) @@ -521,14 +556,15 @@ probe syscall.mmap2.return = # # long ppc64_sys_stime(long __user * tptr) # -probe syscall.ppc64_sys_stime = kernel.function("ppc64_sys_stime") ? { +probe syscall.ppc64_sys_stime = kernel.function("ppc64_sys_stime") ? +{ name = "ppc64_sys_stime" /* FIXME */ t_uaddr = $tptr argstr = sprintf("%p", t_uaddr) } -probe syscall.ppc64_sys_stime.return = - kernel.function("ppc64_sys_stime").return ? { +probe syscall.ppc64_sys_stime.return = kernel.function("ppc64_sys_stime").return ? +{ name = "ppc64_sys_stime" retstr = returnstr(1) } @@ -536,16 +572,18 @@ probe syscall.ppc64_sys_stime.return = # # asmlinkage int ppc64_newuname(struct new_utsname __user * name) # -probe syscall.ppc64_newuname = kernel.function("ppc64_newuname") ? { +probe syscall.ppc64_newuname = kernel.function("ppc64_newuname") ? +{ name = "ppc64_newuname" name_uaddr = $name argstr = sprintf("%p", name_uaddr) } -probe syscall.ppc64_newuname.return = kernel.function("ppc64_newuname").return ? { +probe syscall.ppc64_newuname.return = kernel.function("ppc64_newuname").return ? +{ name = "ppc64_newuname" retstr = returnstr(1) } # -# +# diff --git a/tapset/s390x/syscalls.stp b/tapset/s390x/syscalls.stp index 17988ace..94e07adf 100644 --- a/tapset/s390x/syscalls.stp +++ b/tapset/s390x/syscalls.stp @@ -32,11 +32,13 @@ probe syscall.getresuid16.return = kernel.function("sys32_getresuid16").return ? # ipc _________________________________________________ # long sys32_ipc(u32 call, int first, int second, int third, u32 ptr) # -probe syscall.ipc = kernel.function("sys32_ipc") ? { +probe syscall.ipc = kernel.function("sys32_ipc") ? +{ name = "ipc" argstr = sprintf("%d, %d, %d, %d, %p", $call, $first, $second, $third, $ptr) } -probe syscall.ipc.return = kernel.function("sys_ipc").return ? { +probe syscall.ipc.return = kernel.function("sys_ipc").return ? +{ name = "ipc" retstr = returnstr(1) } @@ -46,8 +48,8 @@ probe syscall.ipc.return = kernel.function("sys_ipc").return ? { # long old32_mmap(struct mmap_arg_struct_emu31 __user *arg) # probe syscall.mmap = kernel.function("old_mmap") ?, - kernel.function("old32_mmap") ?, - kernel.function("SyS_s390_old_mmap") ? + kernel.function("old32_mmap") ?, + kernel.function("SyS_s390_old_mmap") ? { name = "mmap" @@ -58,8 +60,8 @@ probe syscall.mmap = kernel.function("old_mmap") ?, } probe syscall.mmap.return = kernel.function("old_mmap").return ?, - kernel.function("old32_mmap").return ?, - kernel.function("SyS_s390_old_mmap").return ? + kernel.function("old32_mmap").return ?, + kernel.function("SyS_s390_old_mmap").return ? { name = "mmap" retstr = returnstr(2) @@ -72,8 +74,8 @@ probe syscall.mmap.return = kernel.function("old_mmap").return ?, # long sys32_mmap2(struct mmap_arg_struct_emu31 __user *arg) # probe syscall.mmap2 = kernel.function("sys_mmap2") ?, - kernel.function("sys32_mmap2") ?, - kernel.function("SyS_mmap2") ? + kernel.function("sys32_mmap2") ?, + kernel.function("SyS_mmap2") ? { name = "mmap2" @@ -84,8 +86,8 @@ probe syscall.mmap2 = kernel.function("sys_mmap2") ?, } probe syscall.mmap2.return = kernel.function("sys_mmap2").return ?, - kernel.function("sys32_mmap2").return ?, - kernel.function("SyS_mmap2").return ? + kernel.function("sys32_mmap2").return ?, + kernel.function("SyS_mmap2").return ? { name = "mmap2" retstr = returnstr(2) @@ -95,11 +97,13 @@ probe syscall.mmap2.return = kernel.function("sys_mmap2").return ?, # # long sys32_sysctl(struct __sysctl_args32 __user *args) # -probe syscall.sysctl32 = kernel.function("sys32_sysctl") ? { +probe syscall.sysctl32 = kernel.function("sys32_sysctl") ? +{ name = "sysctl" argstr = sprintf("%p", $args) } -probe syscall.sysctl32.return = kernel.function("sys32_sysctl").return ? { +probe syscall.sysctl32.return = kernel.function("sys32_sysctl").return ? +{ name = "sysctl" retstr = returnstr(1) } diff --git a/tapset/x86_64/syscalls.stp b/tapset/x86_64/syscalls.stp index ad16878f..c0cb8139 100644 --- a/tapset/x86_64/syscalls.stp +++ b/tapset/x86_64/syscalls.stp @@ -5,13 +5,15 @@ # # NOTE: x86_64 only. # -probe syscall.arch_prctl = kernel.function("sys_arch_prctl") { +probe syscall.arch_prctl = kernel.function("sys_arch_prctl") +{ name = "arch_prctl" code = $code addr = $addr argstr = sprintf("%d, %p", $code, $addr) } -probe syscall.arch_prctl.return = kernel.function("sys_arch_prctl").return { +probe syscall.arch_prctl.return = kernel.function("sys_arch_prctl").return +{ name = "arch_prctl" retstr = returnstr(1) } @@ -21,7 +23,8 @@ probe syscall.arch_prctl.return = kernel.function("sys_arch_prctl").return { # NOTE. This function is only in i386 and x86_64 and its args vary # between those two archs. # -probe syscall.iopl = kernel.function("sys_iopl") { +probe syscall.iopl = kernel.function("sys_iopl") +{ name = "iopl" %( kernel_vr == "*xen" %? level = $new_iopl @@ -30,7 +33,8 @@ probe syscall.iopl = kernel.function("sys_iopl") { %) argstr = sprint(level) } -probe syscall.iopl.return = kernel.function("sys_iopl").return { +probe syscall.iopl.return = kernel.function("sys_iopl").return +{ name = "iopl" retstr = returnstr(1) } @@ -41,14 +45,16 @@ probe syscall.iopl.return = kernel.function("sys_iopl").return { # # NOTE: args vary between archs. # -probe syscall.sigaltstack = kernel.function("sys_sigaltstack") { +probe syscall.sigaltstack = kernel.function("sys_sigaltstack") +{ name = "sigaltstack" uss_uaddr = $uss uoss_uaddr = $uoss regs_uaddr = $regs argstr = sprintf("%p, %p", $uss, $uoss) } -probe syscall.sigaltstack.return = kernel.function("sys_sigaltstack").return { +probe syscall.sigaltstack.return = kernel.function("sys_sigaltstack").return +{ name = "sigaltstack" retstr = returnstr(1) } @@ -57,11 +63,13 @@ probe syscall.sigaltstack.return = kernel.function("sys_sigaltstack").return { # # long sys32_sysctl(struct sysctl_ia32 __user *args32) # -probe syscall.sysctl32 = kernel.function("sys32_sysctl") ? { +probe syscall.sysctl32 = kernel.function("sys32_sysctl") ? +{ name = "sysctl" argstr = sprintf("%p", $args32) } -probe syscall.sysctl32.return = kernel.function("sys32_sysctl").return ? { +probe syscall.sysctl32.return = kernel.function("sys32_sysctl").return ? +{ name = "sysctl" retstr = returnstr(1) } @@ -70,7 +78,8 @@ probe syscall.sysctl32.return = kernel.function("sys32_sysctl").return ? { # long sys_mmap(unsigned long addr, unsigned long len, # unsigned long prot, unsigned long flags, # unsigned long fd, unsigned long off) -probe syscall.mmap = kernel.function("sys_mmap") ? { +probe syscall.mmap = kernel.function("sys_mmap") ? +{ name = "mmap" start = $addr len = $len @@ -82,19 +91,22 @@ probe syscall.mmap = kernel.function("sys_mmap") ? { _mprotect_prot_str($prot), _mmap_flags($flags), $fd, $off) } -probe syscall.mmap.return = kernel.function("sys_mmap").return ? { +probe syscall.mmap.return = kernel.function("sys_mmap").return ? +{ name = "mmap" retstr = returnstr(2) } # # sys32_mmap(struct mmap_arg_struct __user *arg) # -probe syscall.mmap32 = kernel.function("sys32_mmap") { +probe syscall.mmap32 = kernel.function("sys32_mmap") +{ name = "mmap" argstr = get_mmap_args($arg) } -probe syscall.mmap32.return = kernel.function("sys32_mmap").return { +probe syscall.mmap32.return = kernel.function("sys32_mmap").return +{ name = "mmap" retstr = returnstr(2) } @@ -103,13 +115,15 @@ probe syscall.mmap32.return = kernel.function("sys32_mmap").return { # unsigned long prot, unsigned long flags, # unsigned long fd, unsigned long pgoff) # -probe syscall.mmap2 = kernel.function("sys32_mmap2") { +probe syscall.mmap2 = kernel.function("sys32_mmap2") +{ name = "mmap2" argstr = sprintf("%p, %d, %s, %s, %d, %d", $addr, $len, _mprotect_prot_str($prot), _mmap_flags($flags), $fd, $pgoff) } -probe syscall.mmap2.return = kernel.function("sys32_mmap2").return { +probe syscall.mmap2.return = kernel.function("sys32_mmap2").return +{ name = "mmap2" retstr = returnstr(2) } @@ -118,11 +132,13 @@ probe syscall.mmap2.return = kernel.function("sys32_mmap2").return { # # long sys32_vm86_warning(void) # -probe syscall.vm86_warning = kernel.function("sys32_vm86_warning") { +probe syscall.vm86_warning = kernel.function("sys32_vm86_warning") +{ name = "vm86_warning" argstr = "" } -probe syscall.vm86_warning.return = kernel.function("sys32_vm86_warning").return { +probe syscall.vm86_warning.return = kernel.function("sys32_vm86_warning").return +{ name = "wm86_warning" retstr = returnstr(1) } @@ -130,11 +146,13 @@ probe syscall.vm86_warning.return = kernel.function("sys32_vm86_warning").return # # long sys32_pipe(int __user *fd) # -probe syscall.pipe32 = kernel.function("sys32_pipe") { +probe syscall.pipe32 = kernel.function("sys32_pipe") +{ name = "pipe" argstr = sprintf("%p", $fd) } -probe syscall.pipe32.return = kernel.function("sys32_pipe").return { +probe syscall.pipe32.return = kernel.function("sys32_pipe").return +{ name = "pipe" retstr = returnstr(1) } -- cgit From 987a37e77751d1a8aac0a0591c3b53fddf0de7cd Mon Sep 17 00:00:00 2001 From: Josh Stone Date: Tue, 2 Jun 2009 18:59:53 -0700 Subject: Add $arch/nd_syscalls.stp These are all the dwarfless analogs to $arch/syscalls.stp. (Only i686 and x86_64 have been tested...) --- tapset/i686/nd_syscalls.stp | 205 ++++++++++++ tapset/ia64/nd_syscalls.stp | 102 ++++++ tapset/ppc64/nd_syscalls.stp | 738 ++++++++++++++++++++++++++++++++++++++++++ tapset/s390x/nd_syscalls.stp | 187 +++++++++++ tapset/x86_64/nd_syscalls.stp | 187 +++++++++++ 5 files changed, 1419 insertions(+) create mode 100644 tapset/i686/nd_syscalls.stp create mode 100644 tapset/ia64/nd_syscalls.stp create mode 100644 tapset/ppc64/nd_syscalls.stp create mode 100644 tapset/s390x/nd_syscalls.stp create mode 100644 tapset/x86_64/nd_syscalls.stp (limited to 'tapset') diff --git a/tapset/i686/nd_syscalls.stp b/tapset/i686/nd_syscalls.stp new file mode 100644 index 00000000..f19e54a9 --- /dev/null +++ b/tapset/i686/nd_syscalls.stp @@ -0,0 +1,205 @@ +# 32-bit x86-specific system calls +# These are typically defined in arch/i386 +# + +# get_thread_area ____________________________________________ +/* + * asmlinkage int + * sys_get_thread_area(struct user_desc __user *u_info) + */ +probe nd_syscall.get_thread_area = kprobe.function("sys_get_thread_area") +{ + name = "get_thread_area" + // u_info_uaddr = $u_info + asmlinkage() + u_info_uaddr = pointer_arg(1) + argstr = sprintf("%p", u_info_uaddr) +} +probe nd_syscall.get_thread_area.return = kprobe.function("sys_get_thread_area").return +{ + name = "get_thread_area" + retstr = returnstr(1) +} + +# iopl _______________________________________________________ +# long sys_iopl(unsigned long unused) +# NOTE. This function is only in i386 and x86_64 and its args vary +# between those two archs. +# +probe nd_syscall.iopl = kprobe.function("sys_iopl") +{ + name = "iopl" + argstr = "" +} +probe nd_syscall.iopl.return = kprobe.function("sys_iopl").return +{ + name = "iopl" + retstr = returnstr(1) +} + +# ipc ________________________________________________________ +# int sys_ipc (uint call, int first, int second, int third, void __user *ptr, long fifth) +# +probe nd_syscall.ipc = kprobe.function("sys_ipc") ? +{ + name = "ipc" + // call = $call + // first = $first + // second = $second + // third = $third + // ptr_uaddr = $ptr + // fifth = $fifth + // argstr = sprintf("%d, %d, %d, %d, %p, %d", $call, $first, + // $second, $third, $ptr, $fifth) + asmlinkage() + call = uint_arg(1) + first = int_arg(2) + second = int_arg(3) + third = int_arg(4) + ptr_uaddr = pointer_arg(5) + fifth = long_arg(6) + argstr = sprintf("%d, %d, %d, %d, %p, %d", call, first, + second, third, ptr_uaddr, fifth) +} +probe nd_syscall.ipc.return = kprobe.function("sys_ipc").return ? +{ + name = "ipc" + retstr = returnstr(1) +} + +# mmap2 ____________________________________________ +# sys_mmap2(unsigned long addr, unsigned long len, +# unsigned long prot, unsigned long flags, +# unsigned long fd, unsigned long pgoff) +# +probe nd_syscall.mmap2 = kprobe.function("sys_mmap2") ? +{ + name = "mmap2" + // start = $addr + // length = $len + // prot = $prot + // flags = $flags + // fd = $fd + // pgoffset = $pgoff + // argstr = sprintf("%p, %d, %s, %s, %d, %d", $addr, + // $len, _mprotect_prot_str($prot), _mmap_flags($flags), + // $fd, $pgoff) + asmlinkage() + start = ulong_arg(1) + length = ulong_arg(2) + prot = ulong_arg(3) + flags = ulong_arg(4) + fd = ulong_arg(5) + pgoffset = ulong_arg(6) + argstr = sprintf("%p, %d, %s, %s, %d, %d", start, + length, _mprotect_prot_str(prot), _mmap_flags(flags), + fd, pgoffset) +} +probe nd_syscall.mmap2.return = kprobe.function("sys_mmap2").return ? +{ + name = "mmap2" + retstr = returnstr(2) +} + +# set_thread_area ____________________________________________ +/* + * asmlinkage int + * sys_set_thread_area(struct user_desc __user *u_info) + */ +probe nd_syscall.set_thread_area = kprobe.function("sys_set_thread_area") +{ + name = "set_thread_area" + // u_info_uaddr = $u_info + asmlinkage() + u_info_uaddr = pointer_arg(1) + argstr = sprintf("%p", u_info_uaddr) +} +probe nd_syscall.set_thread_area.return = kprobe.function("sys_set_thread_area").return +{ + name = "set_thread_area" + retstr = returnstr(1) +} + +# set_zone_reclaim ___________________________________________ +/* + * asmlinkage long + * sys_set_zone_reclaim(unsigned int node, + * unsigned int zone, + * unsigned int state) + */ +probe nd_syscall.set_zone_reclaim = kprobe.function("sys_set_zone_reclaim") ? +{ + name = "set_zone_reclaim" + // node = $node + // zone = $zone + // state = $state + // argstr = sprintf("%d, %d, %d", $node, $zone, $state) + asmlinkage() + node = uint_arg(1) + zone = uint_arg(2) + state = uint_arg(3) + argstr = sprintf("%d, %d, %d", node, zone, state) +} +probe nd_syscall.set_zone_reclaim.return = kprobe.function("sys_set_zone_reclaim").return ? +{ + name = "set_zone_reclaim" + retstr = returnstr(1) +} + +# sigaltstack ________________________________________________ +# int sys_sigaltstack(unsigned long ebx) +# +# NOTE: args vary between archs. +# +probe nd_syscall.sigaltstack = kprobe.function("sys_sigaltstack") +{ + name = "sigaltstack" + // ussp = %( kernel_vr < "2.6.25" %? $ebx %: %( kernel_vr < "2.6.29" %? $bx %: $regs->bx %) %) + // NB: no asmlinkage() + ussp = %( kernel_vr < "2.6.29" %? ulong_arg(1) %: @cast(ulong_arg(1), "pt_regs")->bx %) + argstr = sprintf("%p", ussp) +} +probe nd_syscall.sigaltstack.return = kprobe.function("sys_sigaltstack").return +{ + name = "sigaltstack" + retstr = returnstr(1) +} + +# vm86 _______________________________________________________ +# +# int sys_vm86(struct pt_regs regs) +# +probe nd_syscall.vm86 = kprobe.function("sys_vm86") ? +{ + name = "vm86" + /* + * unsupported type identifier '$regs' + * regs = $regs + */ + argstr = "" +} +probe nd_syscall.vm86.return = kprobe.function("sys_vm86").return ? +{ + name = "vm86" + retstr = returnstr(1) +} + +# vm86old ____________________________________________________ +# +# int sys_vm86old(struct pt_regs regs) +# +probe nd_syscall.vm86old = kprobe.function("sys_vm86old") ? +{ + name = "vm86old" + /* + * unsupported type identifier '$regs' + * regs = $regs + */ + argstr = "" +} +probe nd_syscall.vm86old.return = kprobe.function("sys_vm86old").return ? +{ + name = "vm86old" + retstr = returnstr(1) +} + diff --git a/tapset/ia64/nd_syscalls.stp b/tapset/ia64/nd_syscalls.stp new file mode 100644 index 00000000..d25423d1 --- /dev/null +++ b/tapset/ia64/nd_syscalls.stp @@ -0,0 +1,102 @@ +# IA64 system calls + +# mmap +# sys_mmap (unsigned long addr, unsigned long len, int prot, int flags, int fd, long off) +# +probe nd_syscall.mmap = kprobe.function("sys_mmap") ? +{ + name = "mmap" + // start = $addr + // len = $len + // prot = $prot + // flags = $flags + // fd = $fd + // offset = $off + // argstr = sprintf("%p, %d, %s, %s, %d, %d", $addr, $len, + // _mprotect_prot_str($prot), _mmap_flags($flags), $fd, $off) + asmlinkage() + start = ulong_arg(1) + len = ulong_arg(2) + prot = int_arg(3) + flags = int_arg(4) + fd = int_arg(5) + offset = long_arg(6) + argstr = sprintf("%p, %d, %s, %s, %d, %d", start, len, + _mprotect_prot_str(prot), _mmap_flags(flags), fd, offset) +} + +probe nd_syscall.mmap.return = kprobe.function("sys_mmap").return ? +{ + name = "mmap" + retstr = returnstr(2) +} + +# mmap2 +# sys_mmap2 (unsigned long addr, unsigned long len, int prot, int flags, int fd, long pgoff) +probe nd_syscall.mmap2 = kprobe.function("sys_mmap2") ? +{ + name = "mmap2" + // start = $addr + // length = $len + // prot = $prot + // flags = $flags + // fd = $fd + // pgoffset = $pgoff + // argstr = sprintf("%p, %d, %s, %s, %d, %d", $addr, + // $len, _mprotect_prot_str($prot), _mmap_flags($flags), + // $fd, $pgoff) + asmlinkage() + start = ulong_arg(1) + length = ulong_arg(2) + prot = int_arg(3) + flags = int_arg(4) + fd = int_arg(5) + pgoffset = long_arg(6) + argstr = sprintf("%p, %d, %s, %s, %d, %d", start, length, + _mprotect_prot_str(prot), _mmap_flags(flags), fd, pgoffset) +} +probe nd_syscall.mmap2.return = kprobe.function("sys_mmap2").return ? +{ + name = "mmap2" + retstr = returnstr(2) +} + +# sigaltstack _______________________________________________ +# asmlinkage long +# sys_sigaltstack (const stack_t __user *uss, stack_t __user *uoss, long arg2, +# long arg3, long arg4, long arg5, long arg6, long arg7, +# struct pt_regs regs) +# +probe nd_syscall.sigaltstack = kprobe.function("sys_sigaltstack") +{ + name = "sigaltstack"; + // ss_uaddr = $uss + // oss_uaddr = $uoss + // argstr = sprintf("%p, %p", $uss, $uoss) + asmlinkage() + ss_uaddr = pointer_arg(1) + oss_uaddr = pointer_arg(2) + argstr = sprintf("%p, %p", ss_uaddr, oss_uaddr) +} +probe nd_syscall.sigaltstack.return = kprobe.function("sys_sigaltstack").return +{ + name = "sigaltstack"; + retstr = returnstr(1) +} + +# sysctl _____________________________________________________ +# +# long sys32_sysctl (struct sysctl32 __user *args) +# +probe nd_syscall.sysctl32 = kprobe.function("sys32_sysctl") ? +{ + name = "sysctl" + // argstr = sprintf("%p", $args) + asmlinkage() + argstr = sprintf("%p", pointer_arg(1)) +} +probe nd_syscall.sysctl32.return = kprobe.function("sys32_sysctl").return ? +{ + name = "sysctl" + retstr = returnstr(1) +} diff --git a/tapset/ppc64/nd_syscalls.stp b/tapset/ppc64/nd_syscalls.stp new file mode 100644 index 00000000..46267507 --- /dev/null +++ b/tapset/ppc64/nd_syscalls.stp @@ -0,0 +1,738 @@ +# PPC64-specific system calls + +# sys64_time ________________________________________ +# +# time_t sys64_time(time_t __user * tloc) +# +probe nd_syscall.sys64_time = kprobe.function("sys64_time") ? +{ + name = "sys64_time" + // argstr = sprintf("%p", $tloc) + asmlinkage() + argstr = sprintf("%p", pointer_arg(1)) +} +probe nd_syscall.sys64_time.return = kprobe.function("sys64_time").return ? +{ + name = "sys64_time" + retstr = returnstr(1) +} + +# ppc64_personality ________________________________________ +# +# long ppc64_personality(unsigned long personality) +# +probe nd_syscall.ppc64_personality = kprobe.function("ppc64_personality") +{ + name = "ppc64_personality" + // persona = $personality + // argstr = sprint($personality) + asmlinkage() + persona = ulong_arg(1) + argstr = sprint(persona) +} +probe nd_syscall.ppc64_personality.return = kprobe.function("ppc64_personality").return +{ + name = "ppc64_personality" + retstr = returnstr(1) +} + +# ppc_rtas ________________________________________ +# +# int ppc_rtas(struct rtas_args __user *uargs) +# +probe nd_syscall.ppc_rtas = kprobe.function("ppc_rtas") ? +{ + name = "ppc_rtas" + // uargs_uaddr = $uargs + // argstr = sprintf("%p", $uargs) + asmlinkage() + uargs_uaddr = pointer_arg(1) + argstr = sprintf("%p", uargs_uaddr) +} +probe nd_syscall.ppc_rtas.return = kprobe.function("ppc_rtas").return ? +{ + name = "ppc_rtas" + retstr = returnstr(1) +} + +# ppc64_sys32_stime ________________________________________ +# +# long ppc64_sys32_stime(int __user * tptr) +# +probe nd_syscall.ppc64_sys32_stime = kprobe.function("ppc64_sys32_stime") ? +{ + name = "ppc64_sys32_stime" + // t_uaddr = $tptr + // argstr = sprintf("%p", $tptr) + asmlinkage() + t_uaddr = pointer_arg(1) + argstr = sprintf("%p", t_uaddr) +} +probe nd_syscall.ppc64_sys32_stime.return = kprobe.function("ppc64_sys32_stime").return ? +{ + name = "ppc64_sys32_stime" + retstr = returnstr(1) +} + +# sys32_ptrace ________________________________________ +# (obsolete) +# int sys32_ptrace(long request, long pid, unsigned long addr, +# unsigned long data) +# +probe nd_syscall.sys32_ptrace = kprobe.function("sys32_ptrace") ? +{ + name = "sys32_ptrace" + // request = $request + // pid = $pid + // addr = $addr + // data = $data + // argstr = sprintf("%p, %p, %p, %p", $request, $pid, $addr, $data) + asmlinkage() + request = long_arg(1) + pid = long_arg(2) + addr = ulong_arg(3) + data = ulong_arg(4) + argstr = sprintf("%p, %p, %p, %p", request, pid, addr, data) +} +probe nd_syscall.sys32_ptrace.return = kprobe.function("sys32_ptrace").return ? +{ + name = "sys32_ptrace" + retstr = returnstr(1) +} + +# sys32_sysinfo ________________________________________ +# +# (obsolete) long sys32_sysinfo(struct sysinfo32 __user *info) +# +probe nd_syscall.sys32_sysinfo = kprobe.function("sys32_sysinfo") ? +{ + name = "sys32_sysinfo" + // info_uaddr = $info + asmlinkage() + info_uaddr = pointer_arg(1) + argstr = sprintf("%p", info_uaddr) +} +probe nd_syscall.sys32_sysinfo.return = kprobe.function("sys32_sysinfo").return ? +{ + name = "sys32_sysinfo" + retstr = returnstr(1) +} + +# ipc ________________________________________ +# +# long sys32_ipc(u32 call, u32 first, u32 second, u32 third, +# compat_uptr_t ptr, u32 fifth) +# +probe nd_syscall.ipc = kprobe.function("sys32_ipc") ? +{ + name = "ipc" + // argstr = sprintf("%d, %d, %d, %d, %p, %d", $call, $first, $second, + // $third, $ptr, $fifth) + asmlinkage() + argstr = sprintf("%d, %d, %d, %d, %p, %d", uint_arg(1), uint_arg(2), uint_arg(3), + uint_arg(4), uint_arg(5), uint_arg(6)) +} +probe nd_syscall.ipc.return = kprobe.function("sys32_ipc").return ? +{ + name = "sys_ipc" + retstr = returnstr(1) +} + +# sys32_sigreturn ________________________________________ +# +# long sys32_sigreturn(int r3, int r4, int r5, int r6, int r7, int r8, +# struct pt_regs *regs) +# +probe nd_syscall.sys32_sigreturn = kprobe.function("sys32_sigreturn") ? +{ + name = "sys32_sigreturn" + // r3 = $r3 + // r4 = $r4 + // // r5 = $r5 + // r6 = $r6 + // r7 = $r7 + // r8 = $r8 + // argstr = sprintf("%p, %p, %p, %p, %p, %p", + // $r3, $r4, $r5, $r6, $r7, $r8) + asmlinkage() + r3 = int_arg(1) + r4 = int_arg(2) + r5 = int_arg(3) + r6 = int_arg(4) + r7 = int_arg(5) + r8 = int_arg(6) + argstr = sprintf("%p, %p, %p, %p, %p, %p", + r3, r4, r5, r6, r7, r8) +} +probe nd_syscall.sys32_sigreturn.return = kprobe.function("sys32_sigreturn").return ? +{ + name = "sys32_sigreturn" + retstr = returnstr(1) +} + +# sys32_adjtimex ________________________________________ +# +# long sys32_adjtimex(struct timex32 __user *utp) +# +probe nd_syscall.sys32_adjtimex = kprobe.function("sys32_adjtimex") ? +{ + name = "sys32_adjtimex" + // argstr = sprintf("%p", $utp) + asmlinkage() + argstr = sprintf("%p", pointer_arg(1)) +} +probe nd_syscall.sys32_adjtimex.return = kprobe.function("sys32_adjtimex").return ? +{ + name = "sys32_adjtimex" + retstr = returnstr(1) +} + +# sys32_getdents ________________________________________ +# +# asmlinkage long sys32_getdents(unsigned int fd, +# struct linux_dirent32 __user *dirent, +# unsigned int count) +# +probe nd_syscall.sys32_getdents = kprobe.function("sys32_getdents") ? +{ + name = "sys32_getdents" + // fd = $fd + // dirp_uaddr = $dirent + // count = $count + asmlinkage() + fd = uint_arg(1) + dirp_uaddr = pointer_arg(2) + count = uint_arg(3) + argstr = sprintf("%d, %p, %d", fd, dirp_uaddr, count) +} +probe nd_syscall.sys32_getdents.return = kprobe.function("sys32_getdents").return ? +{ + name = "sys32_getdents" + retstr = returnstr(1) +} + +# compat_sys_sysctl ________________________________________ +# +# long compat_sys_sysctl(struct __sysctl_args32 __user *args) +# +probe nd_syscall.compat_sysctl = kprobe.function("compat_sys_sysctl") ? +{ + name = "sysctl" + // argstr = sprintf("%p", $args) + asmlinkage() + argstr = sprintf("%p", pointer_arg(1)) +} +probe nd_syscall.compat_sysctl.return = kprobe.function("compat_sys_sysctl").return ? +{ + name = "sysctl" + retstr = returnstr(1) +} + +# sys32_sched_setparam ________________________________________ +# +# asmlinkage long sys32_sched_setparam(u32 pid, +# struct sched_param __user *param) +# +probe nd_syscall.sys32_sched_setparam = kprobe.function("sys32_sched_setparam") ? +{ + name = "sys32_sched_setparam" + // pid = $pid + // param_uaddr = $param + asmlinkage() + pid = uint_arg(1) + param_uaddr = pointer_arg(2) + argstr = sprintf("%d, %p", pid, param_uaddr) +} +probe nd_syscall.sys32_sched_setparam.return = kprobe.function("sys32_sched_setparam").return ? +{ + name = "sys32_sched_setparam" + retstr = returnstr(1) +} + +# sys32_sched_rr_get_interval ________________________________________ +# +# asmlinkage long sys32_sched_rr_get_interval(u32 pid, +# struct compat_timespec __user *interval) +# +probe nd_syscall.sys32_sched_rr_get_interval = kprobe.function("sys32_sched_rr_get_interval") ? +{ + name = "sys32_sched_rr_get_interval" + // pid = $pid + // interval_uaddr = $interval + asmlinkage() + pid = uint_arg(1) + interval_uaddr = pointer_arg(2) + argstr = sprintf("%d, %p", pid, interval_uaddr) +} +probe nd_syscall.sys32_sched_rr_get_interval.return = kprobe.function("sys32_sched_rr_get_interval").return ? +{ + name = "sys32_sched_rr_get_interval" + retstr = returnstr(1) +} + +# sys32_rt_sigpending ________________________________________ +# +# long sys32_rt_sigpending(compat_sigset_t __user *set, +# compat_size_t sigsetsize) +# +probe nd_syscall.sys32_rt_sigpending = kprobe.function("sys32_rt_sigpending") ? +{ + name = "sys32_rt_sigpending" + // set_uaddr = $set + // sigsetsize = $sigsetsize + // argstr = sprintf("%p, %d", set_uaddr, $sigsetsize) + asmlinkage() + set_uaddr = pointer_arg(1) + sigsetsize = uint_arg(2) + argstr = sprintf("%p, %d", set_uaddr, sigsetsize) +} +probe nd_syscall.sys32_rt_sigpending.return = kprobe.function("sys32_rt_sigpending").return ? +{ + name = "sys32_rt_sigpending" + retstr = returnstr(1) +} + +# sys32_rt_sigtimedwait ________________________________________ +# +# long sys32_rt_sigtimedwait(compat_sigset_t __user *uthese, +# compat_siginfo_t __user *uinfo, +# struct compat_timespec __user *uts, +# compat_size_t sigsetsize) +# +probe nd_syscall.sys32_rt_sigtimedwait = kprobe.function("sys32_rt_sigtimedwait") ? +{ + name = "sys32_rt_sigtimedwait" + // uthese_uaddr = $uthese + // uinfo_uaddr = $uinfo + // uts_uaddr = $uts + // sigsetsize = $sigsetsize + asmlinkage() + uthese_uaddr = pointer_arg(1) + uinfo_uaddr = pointer_arg(2) + uts_uaddr = pointer_arg(3) + sigsetsize = uint_arg(4) + argstr = sprintf("%p, %p, %p, %p", uthese_uaddr, + uinfo_uaddr, uts_uaddr, sigsetsize) +} +probe nd_syscall.sys32_rt_sigtimedwait.return = kprobe.function("sys32_rt_sigtimedwait").return ? +{ + name = "sys32_rt_sigtimedwait" + retstr = returnstr(1) +} + +# sys32_rt_sigqueueinfo ________________________________________ +# +# long sys32_rt_sigqueueinfo(u32 pid, u32 sig, compat_siginfo_t __user *uinfo) +# +probe nd_syscall.sys32_rt_sigqueueinfo = kprobe.function("sys32_rt_sigqueueinfo") ? +{ + name = "sys32_rt_sigqueueinfo" + // pid = $pid + // sig = $sig + // uinfo_uaddr = $uinfo + // argstr = sprintf("%p, %s, %p", pid, _signal_name($sig), + // uinfo_uaddr) + asmlinkage() + pid = uint_arg(1) + sig = uint_arg(2) + uinfo_uaddr = pointer_arg(3) + argstr = sprintf("%p, %s, %p", pid, _signal_name(sig), + uinfo_uaddr) +} +probe nd_syscall.sys32_rt_sigqueueinfo.return = kprobe.function("sys32_rt_sigqueueinfo").return ? +{ + name = "sys32_rt_sigqueueinfo" + retstr = returnstr(1) +} + +# sys32_sigaltstack ________________________________________ +# +# int sys32_sigaltstack(u32 __new, u32 __old, int r5, +# int r6, int r7, int r8, struct pt_regs *regs) +# +probe nd_syscall.sys32_sigaltstack = kprobe.function("sys32_sigaltstack") ? +{ + name = "sys32_sigaltstack" + argstr = "FIXME" +} +probe nd_syscall.sys32_sigaltstack.return = kprobe.function("sys32_sigaltstack").return ? +{ + name = "sys32_sigaltstack" + retstr = returnstr(1) +} + +# sys32_sendfile64 ________________________________________ +# +# asmlinkage int sys32_sendfile64(int out_fd, int in_fd, +# compat_loff_t __user *offset, s32 count) +# +probe nd_syscall.sys32_sendfile64 = kprobe.function("sys32_sendfile64") ? +{ + name = "sys32_sendfile64" + // out_fd = $out_fd + // in_fd = $in_fd + // offset_uaddr = $offset + // count = $count + // argstr = sprintf("%d, %d, %p, %d", $out_fd, $in_fd, offset_uaddr, + // $count) + asmlinkage() + out_fd = int_arg(1) + in_fd = int_arg(2) + offset_uaddr = long_arg(3) + count = int_arg(4) + argstr = sprintf("%d, %d, %p, %d", out_fd, in_fd, offset_uaddr, + count) +} +probe nd_syscall.sys32_sendfile64.return = kprobe.function("sys32_sendfile64").return ? +{ + name = "sys32_sendfile64" + retstr = returnstr(1) +} + +# ppc32_timer_create ________________________________________ +# +# long ppc32_timer_create(clockid_t clock, +# struct compat_sigevent __user *ev32, +# timer_t __user *timer_id) +# +probe nd_syscall.ppc32_timer_create = kprobe.function("ppc32_timer_create") ? +{ + name = "ppc32_timer_create" + // which_clock = $clock + // timer_event_spec = $ev32 + // created_timer_id = $timer_id + asmlinkage() + which_clock = int_arg(1) + timer_event_spec = pointer_arg(2) + created_timer_id = pointer_arg(3) + argstr = sprintf("%d, %p, %p", which_clock, timer_event_spec, + created_timer_id) +} +probe nd_syscall.ppc32_timer_create.return = kprobe.function("ppc32_timer_create").return ? +{ + name = "ppc32_timer_create" + retstr = returnstr(1) +} + +# compat_timer_settime ________________________________________ +# +# long compat_timer_settime(timer_t timer_id, int flags, +# struct compat_itimerspec __user *new, +# struct compat_itimerspec __user *old) +# +probe nd_syscall.compat_timer_settime = kprobe.function("compat_timer_settime") ? +{ + name = "compat_timer_settime" + // timer_id = $timer_id + // flags = $flags + // new_setting_uaddr = $new + // old_setting_uaddr = $old + asmlinkage() + timer_id = int_arg(1) + flags = int_arg(2) + new_setting_uaddr = pointer_arg(3) + old_setting_uaddr = pointer_arg(4) + argstr = sprintf("%d, %d, %p, %p", timer_id, flags, + new_setting_uaddr, old_setting_uaddr) +} +probe nd_syscall.compat_timer_settime.return = kprobe.function("compat_timer_settime").return ? +{ + name = "compat_timer_settime" + retstr = returnstr(1) +} + +# compat_timer_gettime ________________________________________ +# +# long compat_timer_gettime(timer_t timer_id, +# struct compat_itimerspec __user *setting) +# +probe nd_syscall.compat_timer_gettime = kprobe.function("compat_timer_gettime") ? +{ + name = "compat_timer_gettime" + // timer_id = $timer_id + // setting_uaddr = $setting + asmlinkage() + timer_id = int_arg(1) + setting_uaddr = pointer_arg(2) + argstr = sprintf("%d, %p", timer_id, setting_uaddr) +} +probe nd_syscall.compat_timer_gettime.return = kprobe.function("compat_timer_gettime").return ? +{ + name = "compat_timer_gettime" + retstr = returnstr(1) +} + +# compat_clock_settime ________________________________________ +# +# long compat_clock_settime(clockid_t which_clock, +# struct compat_timespec __user *tp) +# +probe nd_syscall.compat_clock_settime = kprobe.function("compat_clock_settime") ? +{ + name = "compat_clock_settime" + // which_clock = $which_clock + // tp_uaddr = $tp + asmlinkage() + which_clock = int_arg(1) + tp_uaddr = pointer_arg(2) + argstr = sprintf("%d, %p", which_clock, tp_uaddr) +} +probe nd_syscall.compat_clock_settime.return = kprobe.function("compat_clock_settime").return ? +{ + name = "compat_clock_settime" + retstr = returnstr(1) +} + +# sys32_swapcontext ________________________________________ +# +# long sys32_swapcontext(struct ucontext32 __user *old_ctx, +# struct ucontext32 __user *new_ctx, +# int ctx_size, int r6, int r7, int r8, +# struct pt_regs *regs) +# +probe nd_syscall.sys32_swapcontext = kprobe.function("sys32_swapcontext") ? +{ + name = "sys32_swapcontext" + // old_ctx_uaddr = $old_ctx + // new_ctx_uaddr = $new_ctx + // r5 = $ctx_size + // r6 = $r6 + // r7 = $r7 + // r8 = $r8 + // regs = $regs + asmlinkage() + old_ctx_uaddr = pointer_arg(1) + new_ctx_uaddr = pointer_arg(2) + r5 = int_arg(3) + r6 = int_arg(4) + r7 = int_arg(5) + r8 = int_arg(6) + regs = pointer_arg(7) + argstr = sprintf("%p, %p, %d, %d, %d, %d, %p", + old_ctx_uaddr, new_ctx_uaddr, r5, r6, r7, r8, regs) +} +probe nd_syscall.sys32_swapcontext.return = kprobe.function("sys32_swapcontext").return ? +{ + name = "sys32_swapcontext" + retstr = returnstr(1) +} + +# sys32_utimes ________________________________________ +# +# asmlinkage long sys32_utimes(char __user *filename, +# struct compat_timeval __user *tvs) +# +probe nd_syscall.sys32_utimes = kprobe.function("sys32_utimes") ? +{ + name = "sys32_utimes" + // filename_uaddr = $filename + // path = user_string($filename) + // tvp_uaddr = $tvs + // argstr = sprintf("%s, %p", user_string_quoted($filename), tvp_uaddr) + asmlinkage() + filename_uaddr = pointer_arg(1) + path = user_string(filename_uaddr) + tvp_uaddr = pointer_arg(2) + argstr = sprintf("%s, %p", user_string_quoted(filename_uaddr), tvp_uaddr) +} +probe nd_syscall.sys32_utimes.return = kprobe.function("sys32_utimes").return ? +{ + name = "sys32_utimes" + retstr = returnstr(1) +} + +# compat_mbind ________________________________________ +# +# asmlinkage long compat_mbind(compat_ulong_t start, compat_ulong_t len, +# compat_ulong_t mode, compat_ulong_t __user *nmask, +# compat_ulong_t maxnode, compat_ulong_t flags) +# +probe nd_syscall.compat_mbind = kprobe.function("compat_mbind") ? +{ + name = "compat_mbind" + // start_uaddr = $start + // len = $len + // policy = $mode + // nodemask_uaddr = $nmask + // maxnode = $maxnode + // flags = $flags + asmlinkage() + start_uaddr = uint_arg(1) + len = uint_arg(2) + policy = uint_arg(3) + nodemask_uaddr = uint_arg(4) + maxnode = uint_arg(5) + flags = uint_arg(6) + argstr = sprintf("%p, %d, %d, %p, %d, %d", start_uaddr, len, + policy, nodemask_uaddr, maxnode, flags) +} +probe nd_syscall.compat_mbind.return = kprobe.function("compat_mbind").return ? +{ + name = "compat_mbind" + retstr = returnstr(1) +} + +# compat_get_mempolicy ________________________________________ +# +# asmlinkage long compat_get_mempolicy(int __user *policy, +# compat_ulong_t __user *nmask, +# compat_ulong_t maxnode, +# compat_ulong_t addr, compat_ulong_t flags) +# +probe nd_syscall.compat_get_mempolicy = kprobe.function("compat_get_mempolicy") ? +{ + name = "compat_get_mempolicy" + // policy_uaddr = $policy + // nmask_uaddr = $nmask + // maxnode = $maxnode + // addr = $addr + // flags = $flags + asmlinkage() + policy_uaddr = int_arg(1) + nmask_uaddr = uint_arg(2) + maxnode = uint_arg(3) + addr = uint_arg(4) + flags = uint_arg(5) + argstr = sprintf("%p, %p, %d, %d", policy_uaddr, nmask_uaddr, + maxnode, addr) +} +probe nd_syscall.compat_get_mempolicy.return = kprobe.function("compat_get_mempolicy").return ? +{ + name = "compat_get_mempolicy" + retstr = returnstr(1) +} + +# compat_set_mempolicy ________________________________________ +# +# asmlinkage long compat_set_mempolicy(int mode, compat_ulong_t __user *nmask, +# compat_ulong_t maxnode) +# +probe nd_syscall.compat_set_mempolicy = kprobe.function("compat_set_mempolicy") ? +{ + name = "compat_set_mempolicy" + // policy = $mode + // nodemask_uaddr = $nmask + // maxnode = $maxnode + asmlinkage() + policy = int_arg(1) + nodemask_uaddr = uint_arg(2) + maxnode = uint_arg(3) + argstr = sprintf("%d, %p, %d", policy, nodemask_uaddr, maxnode) +} +probe nd_syscall.compat_set_mempolicy.return = kprobe.function("compat_set_mempolicy").return ? +{ + name = "compat_set_mempolicy" + retstr = returnstr(1) +} + +# mmap +# long sys_mmap(unsigned long addr, size_t len, +# unsigned long prot, unsigned long flags, +# unsigned long fd, off_t offset) +# +probe nd_syscall.mmap = kprobe.function("sys_mmap") ? +{ + name = "mmap" + // start = $addr + // len = $len + // prot = $prot + // flags = $flags + // fd = $fd + // offset = $offset + // argstr = sprintf("%p, %d, %s, %s, %d, %d", $addr, $len, + // _mprotect_prot_str($prot), _mmap_flags($flags), $fd, $offset) + asmlinkage() + start = ulong_arg(1) + len = ulong_arg(2) + prot = ulong_arg(3) + flags = ulong_arg(4) + fd = ulong_arg(5) + offset = ulong_arg(6) + argstr = sprintf("%p, %d, %s, %s, %d, %d", start, len, + _mprotect_prot_str(prot), _mmap_flags(flags), fd, offset) +} +probe nd_syscall.mmap.return = kprobe.function("sys_mmap").return ? +{ + name = "mmap" + retstr = returnstr(2) +} + +# mmap2 +# long sys_mmap2(unsigned long addr, size_t len, +# unsigned long prot, unsigned long flags, +# unsigned long fd, unsigned long pgoff) +# long compat_sys_mmap2(unsigned long addr, size_t len, +# unsigned long prot, unsigned long flags, +# unsigned long fd, unsigned long pgoff) +# +probe nd_syscall.mmap2 = kprobe.function("sys_mmap2") ?, + kprobe.function("compat_sys_mmap2") ? +{ + name = "mmap2" + // start = $addr + // length = $len + // prot = $prot + // flags = $flags + // fd = $fd + // pgoffset = $pgoff + // argstr = sprintf("%p, %d, %s, %s, %d, %d", $addr, + // $len, _mprotect_prot_str($prot), _mmap_flags($flags), + // $fd, $pgoff) + asmlinkage() + start = ulong_arg(1) + length = ulong_arg(2) + prot = ulong_arg(3) + flags = ulong_arg(4) + fd = ulong_arg(5) + pgoffset = ulong_arg(6) + argstr = sprintf("%p, %d, %s, %s, %d, %d", start, + length, _mprotect_prot_str(prot), _mmap_flags(flags), + fd, pgoffset) +} +probe nd_syscall.mmap2.return = kprobe.function("sys_mmap2").return ?, + kprobe.function("compat_sys_mmap2").return ? +{ + name = "mmap2" + retstr = returnstr(2) +} + +# ppc64_sys_stime ________________________________________ +# +# long ppc64_sys_stime(long __user * tptr) +# +probe nd_syscall.ppc64_sys_stime = kprobe.function("ppc64_sys_stime") ? +{ + name = "ppc64_sys_stime" + /* FIXME */ + // t_uaddr = $tptr + asmlinkage() + t_uaddr = pointer_arg(1) + argstr = sprintf("%p", t_uaddr) +} +probe nd_syscall.ppc64_sys_stime.return = kprobe.function("ppc64_sys_stime").return ? +{ + name = "ppc64_sys_stime" + retstr = returnstr(1) +} + +# ppc64_newuname ________________________________________ +# +# asmlinkage int ppc64_newuname(struct new_utsname __user * name) +# +probe nd_syscall.ppc64_newuname = kprobe.function("ppc64_newuname") ? +{ + name = "ppc64_newuname" + // name_uaddr = $name + asmlinkage() + name_uaddr = pointer_arg(1) + argstr = sprintf("%p", name_uaddr) +} +probe nd_syscall.ppc64_newuname.return = kprobe.function("ppc64_newuname").return ? +{ + name = "ppc64_newuname" + retstr = returnstr(1) +} + +# +# + diff --git a/tapset/s390x/nd_syscalls.stp b/tapset/s390x/nd_syscalls.stp new file mode 100644 index 00000000..63435265 --- /dev/null +++ b/tapset/s390x/nd_syscalls.stp @@ -0,0 +1,187 @@ +# S390-specific system calls + +%(arch == "s390x" %? + +# getresgid __________________________________________________ +# long sys32_getresgid16(u16 __user *rgid, u16 __user *egid, u16 __user *sgid) +# +probe nd_syscall.getresgid16 = kprobe.function("sys32_getresgid16") ? +{ + name = "getresgid" + // argstr = sprintf("%p, %p, %p", $rgid, $egid, $sgid) + asmlinkage() + argstr = sprintf("%p, %p, %p", pointer_arg(1), pointer_arg(2), pointer_arg(3)) +} +probe nd_syscall.getresgid16.return = kprobe.function("sys32_getresgid16").return ? +{ + name = "getresgid" + retstr = returnstr(1) +} + +# getresuid __________________________________________________ +# long sys32_getresuid16(u16 __user *ruid, u16 __user *euid, u16 __user *suid) +# +probe nd_syscall.getresuid16 = kprobe.function("sys32_getresuid16") ? +{ + name = "getresuid" + // argstr = sprintf("%p, %p, %p", $ruid, $euid, $suid) + asmlinkage() + argstr = sprintf("%p, %p, %p", pointer_arg(1), pointer_arg(2), pointer_arg(3)) +} +probe nd_syscall.getresuid16.return = kprobe.function("sys32_getresuid16").return ? +{ + name = "getresuid" + retstr = returnstr(1) +} + +# ipc _________________________________________________ +# long sys32_ipc(u32 call, int first, int second, int third, u32 ptr) +# +probe nd_syscall.ipc = kprobe.function("sys32_ipc") ? +{ + name = "ipc" + // argstr = sprintf("%d, %d, %d, %d, %p", $call, $first, $second, $third, $ptr) + asmlinkage() + argstr = sprintf("%d, %d, %d, %d, %p", uint_arg(1), int_arg(2), int_arg(3), int_arg(4), uint_arg(5)) +} +probe nd_syscall.ipc.return = kprobe.function("sys_ipc").return ? +{ + name = "ipc" + retstr = returnstr(1) +} + +# mmap _________________________________________________ +# long old_mmap(struct mmap_arg_struct __user *arg) +# long old32_mmap(struct mmap_arg_struct_emu31 __user *arg) +# +probe nd_syscall.mmap = kprobe.function("old_mmap") ?, + kprobe.function("old32_mmap") ?, + kprobe.function("SyS_s390_old_mmap") ? +{ + name = "mmap" + + // if ((probefunc() == "old_mmap") || (probefunc() == "SyS_s390_old_mmap")) + // argstr = get_mmap_args($arg) + // else + // argstr = get_32mmap_args($arg) + + asmlinkage() + if ((probefunc() == "old_mmap") || (probefunc() == "SyS_s390_old_mmap")) + argstr = get_mmap_args(pointer_arg(1)) + else + argstr = get_32mmap_args(pointer_arg(1)) +} +probe nd_syscall.mmap.return = kprobe.function("old_mmap").return ?, + kprobe.function("old32_mmap").return ?, + kprobe.function("SyS_s390_old_mmap").return ? +{ + name = "mmap" + retstr = returnstr(2) +} + +# mmap2 _________________________________________________ +# +# long sys_mmap2(struct mmap_arg_struct __user *arg) +# long sys32_mmap2(struct mmap_arg_struct_emu31 __user *arg) +# +probe nd_syscall.mmap2 = kprobe.function("sys_mmap2") ?, + kprobe.function("sys32_mmap2") ?, + kprobe.function("SyS_mmap2") ? +{ + name = "mmap2" + + // if ((probefunc() == "sys_mmap2") || (probefunc() == "SyS_mmap2")) + // argstr = get_mmap_args($arg) + // else + // argstr = get_32mmap_args($arg) + + asmlinkage() + if ((probefunc() == "sys_mmap2") || (probefunc() == "SyS_mmap2")) + argstr = get_mmap_args(pointer_arg(1)) + else + argstr = get_32mmap_args(pointer_arg(1)) +} + +probe nd_syscall.mmap2.return = kprobe.function("sys_mmap2").return ?, + kprobe.function("sys32_mmap2").return ?, + kprobe.function("SyS_mmap2").return ? +{ + name = "mmap2" + retstr = returnstr(2) +} + +# sysctl _____________________________________________________ +# +# long sys32_sysctl(struct __sysctl_args32 __user *args) +# +probe nd_syscall.sysctl32 = kprobe.function("sys32_sysctl") ? +{ + name = "sysctl" + // argstr = sprintf("%p", $args) + asmlinkage() + argstr = sprintf("%p", pointer_arg(1)) +} +probe nd_syscall.sysctl32.return = kprobe.function("sys32_sysctl").return ? +{ + name = "sysctl" + retstr = returnstr(1) +} + +/* compat */ +function get_32mmap_args:string (args:long) +%{ /* pure */ + struct mmap_arg_struct_emu31 { + u32 addr; + u32 len; + u32 prot; + u32 flags; + u32 fd; + u32 offset; + }a; + + + char proto[60]; + char flags[256]; + + if(_stp_copy_from_user((char *)&a, + (char *)THIS->args, sizeof(a))== 0){ + + /* _mprotect_prot_str */ + proto[0] = '\0'; + if(a.prot){ + if(a.prot & 1) strcat (proto, "PROT_READ|"); + if(a.prot & 2) strcat (proto, "PROT_WRITE|"); + if(a.prot & 4) strcat (proto, "PROT_EXEC|"); + } else { + strcat (proto, "PROT_NONE"); + } + if (proto[0] != '\0') proto[strlen(proto)-1] = '\0'; + + /* _mmap_flags */ + flags[0]='\0'; + if (a.flags & 1) strcat (flags, "MAP_SHARED|"); + if (a.flags & 2) strcat (flags, "MAP_PRIVATE|"); + if (a.flags & 0x10) strcat (flags, "MAP_FIXED|"); + if (a.flags & 0x20) strcat (flags, "MAP_ANONYMOUS|"); + if (a.flags & 0x100) strcat (flags, "MAP_GROWSDOWN|"); + if (a.flags & 0x800) strcat (flags, "MAP_DENYWRITE|"); + if (a.flags & 0x1000) strcat (flags, "MAP_EXECUTABLE|"); + if (a.flags & 0x2000) strcat (flags, "MAP_LOCKED|"); + if (a.flags & 0x4000) strcat (flags, "MAP_NORESERVE|"); + if (a.flags & 0x8000) strcat (flags, "MAP_POPULATE|"); + if (a.flags & 0x10000) strcat (flags, "MAP_NONBLOCK|"); + if (flags[0] != '\0') flags[strlen(flags)-1] = '\0'; + + sprintf(THIS->__retvalue,"0x%x, %d, %s, %s, %d, %d", + a.addr, + a.len, + proto, + flags, + a.fd, + a.offset); + }else{ + strlcpy (THIS->__retvalue, "UNKNOWN", MAXSTRINGLEN); + } +%} + +%) diff --git a/tapset/x86_64/nd_syscalls.stp b/tapset/x86_64/nd_syscalls.stp new file mode 100644 index 00000000..6a3a984b --- /dev/null +++ b/tapset/x86_64/nd_syscalls.stp @@ -0,0 +1,187 @@ +# x86_64-specific system calls + +# arch_prctl _________________________________________________ +# long sys_arch_prctl(int code, unsigned long addr) +# +# NOTE: x86_64 only. +# +probe nd_syscall.arch_prctl = kprobe.function("sys_arch_prctl") +{ + name = "arch_prctl" + // code = $code + // addr = $addr + // argstr = sprintf("%d, %p", $code, $addr) + // NB: no asmlinkage() + code = int_arg(1) + addr = ulong_arg(2) + argstr = sprintf("%d, %p", code, addr) +} +probe nd_syscall.arch_prctl.return = kprobe.function("sys_arch_prctl").return +{ + name = "arch_prctl" + retstr = returnstr(1) +} + +# iopl _______________________________________________________ +# long sys_iopl(unsigned int level, struct pt_regs *regs); +# NOTE. This function is only in i386 and x86_64 and its args vary +# between those two archs. +# +probe nd_syscall.iopl = kprobe.function("sys_iopl") +{ + name = "iopl" +// %( kernel_vr == "*xen" %? +// level = $new_iopl +// %: +// level = $level +// %) + asmlinkage() + level = int_arg(1) + argstr = sprint(level) +} +probe nd_syscall.iopl.return = kprobe.function("sys_iopl").return +{ + name = "iopl" + retstr = returnstr(1) +} + +# sigaltstack ________________________________________________ +# long sys_sigaltstack(const stack_t __user *uss, stack_t __user *uoss, +# struct pt_regs *regs) +# +# NOTE: args vary between archs. +# +probe nd_syscall.sigaltstack = kprobe.function("sys_sigaltstack") +{ + name = "sigaltstack" + // uss_uaddr = $uss + // uoss_uaddr = $uoss + // regs_uaddr = $regs + // argstr = sprintf("%p, %p", $uss, $uoss) + asmlinkage() + uss_uaddr = pointer_arg(1) + uoss_uaddr = pointer_arg(2) + regs_uaddr = pointer_arg(3) + argstr = sprintf("%p, %p", uss_uaddr, uoss_uaddr) +} +probe nd_syscall.sigaltstack.return = kprobe.function("sys_sigaltstack").return +{ + name = "sigaltstack" + retstr = returnstr(1) +} + +# sysctl _____________________________________________________ +# +# long sys32_sysctl(struct sysctl_ia32 __user *args32) +# +probe nd_syscall.sysctl32 = kprobe.function("sys32_sysctl") ? +{ + name = "sysctl" + // argstr = sprintf("%p", $args32) + asmlinkage() + argstr = sprintf("%p", pointer_arg(1)) +} +probe nd_syscall.sysctl32.return = kprobe.function("sys32_sysctl").return ? +{ + name = "sysctl" + retstr = returnstr(1) +} + +# mmap +# long sys_mmap(unsigned long addr, unsigned long len, +# unsigned long prot, unsigned long flags, +# unsigned long fd, unsigned long off) +probe nd_syscall.mmap = kprobe.function("sys_mmap") ? +{ + name = "mmap" + // start = $addr + // len = $len + // prot = $prot + // flags = $flags + // fd = $fd + // offset = $off + // argstr = sprintf("%p, %d, %s, %s, %d, %d", $addr, $len, + // _mprotect_prot_str($prot), _mmap_flags($flags), $fd, $off) + asmlinkage() + start = ulong_arg(1) + len = ulong_arg(2) + prot = ulong_arg(3) + flags = ulong_arg(4) + fd = ulong_arg(5) + offset = ulong_arg(6) + argstr = sprintf("%p, %d, %s, %s, %d, %d", start, len, + _mprotect_prot_str(prot), _mmap_flags(flags), fd, offset) +} +probe nd_syscall.mmap.return = kprobe.function("sys_mmap").return ? +{ + name = "mmap" + retstr = returnstr(2) +} + +# +# sys32_mmap(struct mmap_arg_struct __user *arg) +# +probe nd_syscall.mmap32 = kprobe.function("sys32_mmap") +{ + name = "mmap" + // argstr = get_mmap_args($arg) + asmlinkage() + argstr = get_mmap_args(pointer_arg(1)) +} +probe nd_syscall.mmap32.return = kprobe.function("sys32_mmap").return +{ + name = "mmap" + retstr = returnstr(2) +} + +# sys32_mmap2(unsigned long addr, unsigned long len, +# unsigned long prot, unsigned long flags, +# unsigned long fd, unsigned long pgoff) +# +probe nd_syscall.mmap2 = kprobe.function("sys32_mmap2") +{ + name = "mmap2" + // argstr = sprintf("%p, %d, %s, %s, %d, %d", $addr, $len, + // _mprotect_prot_str($prot), _mmap_flags($flags), $fd, $pgoff) + asmlinkage() + argstr = sprintf("%p, %d, %s, %s, %d, %d", ulong_arg(1), ulong_arg(2), + _mprotect_prot_str(ulong_arg(3)), _mmap_flags(ulong_arg(4)), + ulong_arg(5), ulong_arg(6)) +} +probe nd_syscall.mmap2.return = kprobe.function("sys32_mmap2").return +{ + name = "mmap2" + retstr = returnstr(2) +} + +# vm86_warning _____________________________________________________ +# +# long sys32_vm86_warning(void) +# +probe nd_syscall.vm86_warning = kprobe.function("sys32_vm86_warning") +{ + name = "vm86_warning" + argstr = "" +} +probe nd_syscall.vm86_warning.return = kprobe.function("sys32_vm86_warning").return +{ + name = "wm86_warning" + retstr = returnstr(1) +} + +# pipe _______________________________________________________ +# +# long sys32_pipe(int __user *fd) +# +probe nd_syscall.pipe32 = kprobe.function("sys32_pipe") +{ + name = "pipe" + // argstr = sprintf("%p", $fd) + asmlinkage() + argstr = sprintf("%p", pointer_arg(1)) +} +probe nd_syscall.pipe32.return = kprobe.function("sys32_pipe").return +{ + name = "pipe" + retstr = returnstr(1) +} -- cgit