// Copyright (C) 2005, 2006 IBM Corp.
//
// This file is part of systemtap, and is free software.  You can
// redistribute it and/or modify it under the terms of the GNU General
// Public License (GPL); either version 2, or (at your option) any
// later version.

/* record the newly created process name */
function log_execve_tracedata(var_id:long, var:long)
%{
	long tmp=(long)THIS->var;
	_lket_trace(_GROUP_PROCESS, THIS->var_id, "%4b%0s", 
		(_FMT_)current->tgid, (char *)tmp); 
%}


/* record the newly forked process id */
function log_fork_tracedata(var_id:long, task:long)
%{
	/*
	pid_t pid = (pid_t)THIS->var;	
	_lket_trace(_GROUP_PROCESS, THIS->var_id, "%4b", (_FMT_)pid); 
	*/
	struct task_struct *task = (struct task_struct *)((long)THIS->task);
	_lket_trace(_GROUP_PROCESS, THIS->var_id, "%4b%4b%4b", (_FMT_)task->pid, 
		(_FMT_)task->tgid, (_FMT_)task->parent->tgid); 
%}


/************************************************************
* This function could be used to take a snapshot of all the *
* processes. It's not a probe, so the data format doesn't   *
* follow the format used by probe handlers                  *
************************************************************/
function process_snapshot()
%{
	struct task_struct *tsk;
	struct list_head *cur, *head;
	_stp_pbuf *pb;
	int cpu = smp_processor_id();
	char *total_length;
	head = &(current->tasks);

	/* iterate all the processes, and record the pid and process
	name for each entry */
	list_for_each(cur, head) {
		tsk = (struct task_struct *)(list_entry(cur, struct task_struct, tasks));
		_lket_trace(_GROUP_PROCESS, _HOOKID_PROCESS_SNAPSHOT, "%4b%4b%4b%0s", 
			(_FMT_)tsk->pid, (_FMT_)tsk->tgid, (_FMT_)tsk->parent->tgid, tsk->comm);
#if !defined(ASCII_TRACE)
		pb = per_cpu_ptr(Stp_pbuf, smp_processor_id());
		total_length = &(pb->buf[0]);
		*(int16_t *)total_length = pb->len - 4;
#endif
		_stp_print_flush();
	}
%}

probe addevent.process
	= addevent.process.execve,
	addevent.process.fork
{}

/* 
  we should capture both do_execve for 64-bit app
  and compat_do_execve for 32-bit app           
*/
probe addevent.process.execve
	+= _addevent.process.execve
{
	update_record()
}

probe _addevent.process.execve
	=  process.exec
{
	log_execve_tracedata(HOOKID_PROCESS_EXECVE, $filename)
}

probe addevent.process.fork
	+= _addevent.process.fork
{
	update_record()
}

probe _addevent.process.fork
	= process.create
{
	log_fork_tracedata(HOOKID_PROCESS_FORK, $return)
}