# fcntl64 ____________________________________________________ /* * asmlinkage long * sys_fcntl64(unsigned int fd, * unsigned int cmd, * unsigned long arg) */ probe kernel.syscall.fcntl64 = kernel.function("sys_fcntl64") { name = "fcntl64" fd = $fd cmd = $cmd cmd_str = _fcntl_cmd_str($cmd) arg = $arg } probe kernel.syscall.fcntl64.return = kernel.function("sys_fcntl64").return { name = "fcntl64.return" } # fstat64 ____________________________________________________ /* * asmlinkage long * sys_fstat64(unsigned long fd, * struct stat64 __user * statbuf) */ probe kernel.syscall.fstat64 = kernel.function("sys_fstat64") { name = "fstat64" fd = $fd buf_uaddr = $statbuf } probe kernel.syscall.fstat64.return = kernel.function("sys_fstat64").return { name = "fstat64.return" } # get_thread_area ____________________________________________ /* * asmlinkage int * sys_get_thread_area(struct user_desc __user *u_info) */ probe kernel.syscall.get_thread_area = kernel.function("sys_get_thread_area") { name = "get_thread_area" u_info_uaddr = $u_info } probe kernel.syscall.get_thread_area.return = kernel.function("sys_get_thread_area").return { name = "get_thread_area.return" } # inotify_add_watch __________________________________________ /* * asmlinkage long * sys_inotify_add_watch(int fd, * const char __user *path, * u32 mask) */ probe kernel.syscall.inotify_add_watch = kernel.function("sys_inotify_add_watch") { name = "inotify_add_watch" fd = $fd path_uaddr = $path mask = $mask } probe kernel.syscall.inotify_add_watch.return = kernel.function("sys_inotify_add_watch").return { name = "inotify_add_watch.return" } # inotify_init _______________________________________________ /* * asmlinkage long * sys_inotify_init(void) * */ probe kernel.syscall.inotify_init = kernel.function("sys_inotify_init") { name = "inotify_init" } probe kernel.syscall.inotify_init.return = kernel.function("sys_inotify_init").return { name = "inotify_init.return" } # inotify_rm_watch ___________________________________________ /* * asmlinkage long * sys_inotify_rm_watch(int fd, * u32 wd) */ probe kernel.syscall.inotify_rm_watch = kernel.function("sys_inotify_rm_watch") { name = "inotify_rm_watch" fd = $fd wd = $wd } probe kernel.syscall.inotify_rm_watch.return = kernel.function("sys_inotify_rm_watch").return { name = "inotify_rm_watch.return" } # iopl _______________________________________________________ /* * asmlinkage long * sys_iopl(unsigned long unused) */ probe kernel.syscall.iopl = kernel.function("sys_iopl") { name = "iopl" level = $unused } probe kernel.syscall.iopl.return = kernel.function("sys_iopl").return { name = "iopl.return" } # ioprio_get _________________________________________________ /* * asmlinkage long * sys_ioprio_get(int which, * int who) */ probe kernel.syscall.ioprio_get = kernel.function("sys_ioprio_get") { name = "ioprio_get" which = $which who = $who } probe kernel.syscall.ioprio_get.return = kernel.function("sys_ioprio_get").return { name = "ioprio_get.return" } # ioprio_set _________________________________________________ /* * asmlinkage long * sys_ioprio_set(int which, * int who, * int ioprio) */ probe kernel.syscall.ioprio_set = kernel.function("sys_ioprio_set") { name = "ioprio_set" which = $which who = $who ioprio = $ioprio } probe kernel.syscall.ioprio_set.return = kernel.function("sys_ioprio_set").return { name = "ioprio_set.return" } # ipc ________________________________________________________ /* * asmlinkage int * sys_ipc(uint call, * int first, * int second, * int third, * void __user *ptr, * long fifth) */ probe kernel.syscall.ipc = kernel.function("sys_ipc") { name = "ipc" call = $call first = $first second = $second third = $third ptr_uaddr = $ptr fifth = $fifth } probe kernel.syscall.ipc.return = kernel.function("sys_ipc").return { name = "ipc.return" } # lstat64 ____________________________________________________ /* * asmlinkage long * sys_lstat64(char __user * filename, * struct stat64 __user * statbuf) */ probe kernel.syscall.lstat64 = kernel.function("sys_lstat64") { name = "lstat64" filename_uaddr = $filename buf_uaddr = $statbuf } probe kernel.syscall.lstat64.return = kernel.function("sys_lstat64").return { name = "lstat64.return" } # mmap2 ______________________________________________________ /* * unsigned long * sys_mmap2(unsigned long addr, * size_t len, * unsigned long prot, * unsigned long flags, * unsigned long fd, * unsigned long pgoff) */ probe kernel.syscall.mmap2 = kernel.function("sys_mmap2") { name = "mmap2" addr = $addr len = $len prot = $prot flags = $flags fd = $fd pgoff = $pgoff } probe kernel.syscall.mmap2.return = kernel.function("sys_mmap2").return { name = "mmap2.return" } # olduname ___________________________________________________ /* * asmlinkage long * sys_olduname(struct new_utsname __user * name) */ probe kernel.syscall.olduname = kernel.function("sys_olduname") { name = "olduname" name_uaddr = $name } probe kernel.syscall.olduname.return = kernel.function("sys_olduname").return { name = "olduname.return" } # rt_sigreturn _______________________________________________ /* * asmlinkage int * sys_rt_sigreturn(unsigned long __unused) */ probe kernel.syscall.rt_sigreturn = kernel.function("sys_rt_sigreturn") { name = "rt_sigreturn" unused = $__unused } probe kernel.syscall.rt_sigreturn.return = kernel.function("sys_rt_sigreturn").return { name = "rt_sigreturn.return" } # sched_setaffinity __________________________________________ /* * asmlinkage long * sys_sched_setaffinity(pid_t pid, * unsigned int len, * unsigned long __user *user_mask_ptr) */ probe kernel.syscall.sched_setaffinity = kernel.function("sys_sched_setaffinity") { name = "sched_setaffinity" pid = $pid /* * doesnt like $len on x86_64 ???? */ len = $len mask_uaddr = $user_mask_ptr } probe kernel.syscall.sched_setaffinity.return = kernel.function("sys_sched_setaffinity").return { name = "sched_setaffinity.return" } # sched_setparam _____________________________________________ /* * asmlinkage long * sys_sched_setparam(pid_t pid, * struct sched_param __user *param) */ probe kernel.syscall.sched_setparam = kernel.function("do_sched_setscheduler") { name = "sched_setparam" pid = $pid p_uaddr = $param } probe kernel.syscall.sched_setparam.return = kernel.function("do_sched_setscheduler").return { name = "sched_setparam.return" } # sched_setscheduler _________________________________________ /* * asmlinkage long * sys_sched_setscheduler(pid_t pid, * int policy, * struct sched_param __user *param) */ probe kernel.syscall.sched_setscheduler = kernel.function("do_sched_setscheduler") { name = "sched_setscheduler" pid = $pid policy = $policy policy_str = _sched_policy_str($policy) p_uaddr = $param } probe kernel.syscall.sched_setscheduler.return = kernel.function("do_sched_setscheduler").return { name = "sched_setscheduler.return" } # set_thread_area ____________________________________________ /* * asmlinkage int * sys_set_thread_area(struct user_desc __user *u_info) */ probe kernel.syscall.set_thread_area = kernel.function("sys_set_thread_area") { name = "set_thread_area" u_info_uaddr = $u_info } probe kernel.syscall.set_thread_area.return = kernel.function("sys_set_thread_area").return { name = "set_thread_area.return" } # set_zone_reclaim ___________________________________________ /* * asmlinkage long * sys_set_zone_reclaim(unsigned int node, * unsigned int zone, * unsigned int state) */ probe kernel.syscall.set_zone_reclaim = kernel.function("sys_set_zone_reclaim") { name = "set_zone_reclaim" node = $node zone = $zone state = $state } probe kernel.syscall.set_zone_reclaim.return = kernel.function("sys_set_zone_reclaim").return { name = "set_zone_reclaim.return" } # shmat ______________________________________________________ /* * asmlinkage long * sys_shmat(int shmid, * char __user *shmaddr, * int shmflg, * unsigned long *addr) */ probe kernel.syscall.shmat = kernel.function("sys_shmat") { name = "shmat" shmid = $shmid shmaddr_uaddr = $shmaddr shmflg = $shmflg } probe kernel.syscall.shmat.return = kernel.function("sys_shmat").return { name = "shmat.return" } # sigaction __________________________________________________ /* * asmlinkage int * sys_sigaction(int sig, * const struct old_sigaction __user *act, * struct old_sigaction __user *oact) */ probe kernel.syscall.sigaction = kernel.function("sys_sigaction") { name = "sigaction" sig = $sig act_uaddr = $act oact_uaddr = $oact } probe kernel.syscall.sigaction.return = kernel.function("sys_sigaction").return { name = "sigaction.return" } # sigaltstack ________________________________________________ /* * asmlinkage int * sys_sigaltstack(unsigned long ebx) */ probe kernel.syscall.sigaltstack = kernel.function("sys_sigaltstack") { name = "sigaltstack" ebx = $ebx } probe kernel.syscall.sigaltstack.return = kernel.function("sys_sigaltstack").return { name = "sigaltstack.return" } # sigreturn __________________________________________________ /* * asmlinkage int * sys_sigreturn(unsigned long __unused) */ probe kernel.syscall.sigreturn = kernel.function("sys_sigreturn") { name = "sigreturn" unused = $__unused } probe kernel.syscall.sigreturn.return = kernel.function("sys_sigreturn").return { name = "sigreturn.return" } # sigsuspend _________________________________________________ /* * asmlinkage int * sys_sigsuspend(int history0, * int history1, * old_sigset_t mask) */ probe kernel.syscall.sigsuspend = kernel.function("sys_sigsuspend") { name = "sigsuspend" history0 = $history0 history1 = $history1 mask = $mask } probe kernel.syscall.sigsuspend.return = kernel.function("sys_sigsuspend").return { name = "sigsuspend.return" } # stat64 _____________________________________________________ /* * asmlinkage long * sys_stat64(char __user * filename, * struct stat64 __user * statbuf) */ probe kernel.syscall.stat64 = kernel.function("sys_stat64") { name = "stat64" filename_uaddr = $filename buf_uaddr = $statbuf } probe kernel.syscall.stat64.return = kernel.function("sys_stat64").return { name = "stat64.return" } # umask ______________________________________________________ /* * asmlinkage long * sys_umask(int mask) */ probe kernel.syscall.umask = kernel.function("sys_umask") { name = "umask" /* * doesnt like $mask on x86_64 ???? */ mask = $mask } probe kernel.syscall.umask.return = kernel.function("sys_umask").return { name = "umask.return" } # vm86 _______________________________________________________ /* * asmlinkage int * sys_vm86(struct pt_regs regs) */ probe kernel.syscall.vm86 = kernel.function("sys_vm86") { name = "vm86" /* * unsupported type identifier '$regs' * regs = $regs */ } probe kernel.syscall.vm86.return = kernel.function("sys_vm86").return { name = "vm86.return" } # vm86old ____________________________________________________ /* * asmlinkage int * sys_vm86old(struct pt_regs regs) */ probe kernel.syscall.vm86old = kernel.function("sys_vm86old") { name = "vm86old" /* * unsupported type identifier '$regs' * regs = $regs */ } probe kernel.syscall.vm86old.return = kernel.function("sys_vm86old").return { name = "vm86old.return" }