// syscalls tapset part 1 [A-M] // Copyright (C) 2005 IBM Corp. // Copyright (C) 2005, 2006 Red Hat Inc. // // This file is part of systemtap, and is free software. You can // redistribute it and/or modify it under the terms of the GNU General // Public License (GPL); either version 2, or (at your option) any // later version. /* Each syscall returns the calls parameters. In addition, the following * variables are set: * * name - generally the syscall name minus the "sys_". * * argstr - a string containing the decoded args in an easy-to-read format. * It doesn't need to contain everything, but should have all the * important args. Set in entry probes only. * * retstr - a string containing the return value in an easy-to-read format. * Set in return probes only. */ # accept _____________________________________________________ # long sys_accept(int fd, struct sockaddr __user *upeer_sockaddr, # int __user *upeer_addrlen) probe syscall.accept = kernel.function("sys_accept") { name = "accept" s = $fd addr_uaddr = $upeer_sockaddr addrlen_uaddr = $upeer_addrlen argstr = sprint(s) } probe syscall.accept.return = kernel.function("sys_accept").return { name = "accept" retstr = returnstr(1) } # access _____________________________________________________ # long sys_access(const char __user * filename, int mode) probe syscall.access = kernel.function("sys_access") { name = "access" pathname = user_string($filename) mode = $mode mode_str = _access_mode_str($mode) argstr = sprintf("\"%s\", %s", pathname, mode_str) } probe syscall.access.return = kernel.function("sys_access").return { name = "access" retstr = returnstr(1) } # adjtimex ___________________________________________________ # long sys_adjtimex(struct timex __user *txc_p) probe syscall.adjtimex = kernel.function("sys_adjtimex") { name = "adjtimex" buf_uaddr = $txc_p /* * buf_modes = __uget_timex_m($txc_p,0) */ buf_modes_str = _adjtx_mode_str(buf_modes) /* * buf_offset = __uget_timex_m($txc_p,1) * buf_freq = __uget_timex_m($txc_p,2) * buf_maxerror = __uget_timex_m($txc_p,3) * buf_esterror = __uget_timex_m($txc_p,4) * buf_status = __uget_timex_m($txc_p,5) * buf_constant = __uget_timex_m($txc_p,6) * buf_precision = __uget_timex_m($txc_p,7) * buf_tolerance = __uget_timex_m($txc_p,8) * buf_time_tv_sec = __uget_timex_m($txc_p,9) * buf_time_tv_usec = __uget_timex_m($txc_p,10) * buf_tick = __uget_timex_m($txc_p,11) */ argstr = buf_modes_str } probe syscall.adjtimex.return = kernel.function("sys_adjtimex").return { name = "adjtimex" retstr = returnstr(1) } # alarm ______________________________________________________ # unsigned long sys_alarm (unsigned int seconds) probe syscall.alarm = kernel.function("sys_alarm") { name = "alarm" seconds = $seconds argstr = sprint($seconds) } probe syscall.alarm.return = kernel.function("sys_alarm").return { name = "alarm" retstr = returnstr(1) } # bdflush ____________________________________________________ # long sys_bdflush(int func,long data) probe syscall.bdflush = kernel.function("sys_bdflush") { name = "bdflush" func = $func data = $data argstr = sprintf("%d 0x%p",func, data) } probe syscall.bdflush.return = kernel.function("sys_bdflush").return { name = "bdflush" retstr = returnstr(1) } # bind _______________________________________________________ # long sys_bind(int fd, struct sockaddr __user *umyaddr, int addrlen) probe syscall.bind = kernel.function("sys_bind") { name = "bind" sockfd = $fd my_addr_uaddr = $umyaddr addrlen = $addrlen argstr = sprintf("%d, %s, %d", $fd, _struct_sockaddr_u($umyaddr,$addrlen),$addrlen) } probe syscall.bind.return = kernel.function("sys_bind").return { name = "bind" retstr = returnstr(1) } # brk ________________________________________________________ # unsigned long sys_brk(unsigned long brk) probe syscall.brk = kernel.function("sys_brk") { name = "brk" brk = $brk argstr = sprintf("0x%p", brk) } probe syscall.brk.return = kernel.function("sys_brk").return { name = "brk" retstr = returnstr(1) } # capget _____________________________________________________ /* * NOTE * this is probably not a good function * to probe. The structures are always * changing. It also seems like it is * not really used. Cscope produced no * reference of this function in the * kernel (returned no callers). Perhaps * cap_get_proc / cap_set_proc are better * functions to export. */ # long sys_capget(cap_user_header_t header, cap_user_data_t dataptr) probe syscall.capget = kernel.function("sys_capget") { name = "capget" header_uaddr = $header data_uaddr = $dataptr argstr = sprintf("0x%p, 0x%p", $header, $dataptr) } probe syscall.capget.return = kernel.function("sys_capget").return { name = "capget" retstr = returnstr(1) } # capset _____________________________________________________ /* * NOTE * this is probably not a good function * to probe. The structures are always * changing. It also seems like it is * not really used. Cscope produced no * reference of this function in the * kernel (returned no callers). Perhaps * cap_get_proc / cap_set_proc are better * functions to export. */ # long sys_capset(cap_user_header_t header, const cap_user_data_t data) probe syscall.capset = kernel.function("sys_capset") { name = "capset" header_uaddr = $header data_uaddr = $data argstr = sprintf("0x%p, 0x%p", $header, $data) } probe syscall.capset.return = kernel.function("sys_capset").return { name = "capset" retstr = returnstr(1) } # chdir ______________________________________________________ # long sys_chdir(const char __user * filename) probe syscall.chdir = kernel.function("sys_chdir") { name = "chdir" path = user_string($filename) argstr = path } probe syscall.chdir.return = kernel.function("sys_chdir").return { name = "chdir" retstr = returnstr(1) } # chmod ______________________________________________________ # long sys_chmod(const char __user * filename, mode_t mode) probe syscall.chmod = kernel.function("sys_chmod") { name = "chmod" path = user_string($filename) mode = $mode argstr = sprintf("%s, 0%o", path, mode) } probe syscall.chmod.return = kernel.function("sys_chmod").return { name = "chmod" retstr = returnstr(1) } # chown ______________________________________________________ # long sys_chown(const char __user * filename, uid_t user, gid_t group) probe syscall.chown = kernel.function("sys_chown") { name = "chown" path = user_string($filename) owner = $user group = $group argstr = sprintf("%s, %d, %d",path, owner, group) } probe syscall.chown.return = kernel.function("sys_chown").return { name = "chown" retstr = returnstr(1) } # chroot _____________________________________________________ # long sys_chroot(const char __user * filename) probe syscall.chroot = kernel.function("sys_chroot") { name = "chroot" path = user_string($filename) argstr = path } probe syscall.chroot.return = kernel.function("sys_chroot").return { name = "chroot" retstr = returnstr(1) } # clock_getres _______________________________________________ # long sys_clock_getres(clockid_t which_clock, struct timespec __user *tp) probe syscall.clock_getres = kernel.function("sys_clock_getres") { name = "clock_getres" clk_id = $which_clock clk_id_str = _get_wc_str($which_clock) res_uaddr = $tp #fixme argstr } probe syscall.clock_getres.return = kernel.function("sys_clock_getres").return { name = "clock_getres" retstr = returnstr(1) } # clock_gettime ______________________________________________ # long sys_clock_gettime(clockid_t which_clock, struct timespec __user *tp) probe syscall.clock_gettime = kernel.function("sys_clock_gettime") { name = "clock_gettime" clk_id = $which_clock clk_id_str = _get_wc_str($which_clock) tp_uaddr = $tp #fixme argstr } probe syscall.clock_gettime.return = kernel.function("sys_clock_gettime").return { name = "clock_gettime" retstr = returnstr(1) } # clock_nanosleep ____________________________________________ /* * asmlinkage long * sys_clock_nanosleep(clockid_t which_clock, * int flags, * const struct timespec __user *rqtp, * struct timespec __user *rmtp) */ probe kernel.syscall.clock_nanosleep = kernel.function("sys_clock_nanosleep") { name = "clock_nanosleep" clock_id = $which_clock clock_id_str = _get_wc_str($which_clock) flags = $flags flag_str = "TIMER_ABSTIME" rqtp_uaddr = $rqtp rmtp_uaddr = $rmtp } probe kernel.syscall.clock_nanosleep.return = kernel.function("sys_clock_nanosleep").return { name = "clock_nanosleep.return" } # clock_settime ______________________________________________ /* * asmlinkage long * sys_clock_settime(clockid_t which_clock, * const struct timespec __user *tp) */ probe kernel.syscall.clock_settime = kernel.function("sys_clock_settime") { name = "clock_settime" clk_id = $which_clock clk_id_str = _get_wc_str($which_clock) tp_uaddr = $tp } probe kernel.syscall.clock_settime.return = kernel.function("sys_clock_settime").return { name = "clock_settime.return" } # close ______________________________________________________ # long sys_close(unsigned int fd) probe syscall.close = kernel.function("sys_close") { name = "close" fd = $fd argstr = sprint(fd) } probe syscall.close.return = kernel.function("sys_close").return { name = "close" retstr = returnstr(1) } # connect ____________________________________________________ # long sys_connect(int fd, struct sockaddr __user *uservaddr, int addrlen) probe syscall.connect = kernel.function("sys_connect") { name = "connect" sockfd = $fd serv_addr_uaddr = $uservaddr addrlen = $addrlen argstr = sprintf("%d, %s, %d", $fd, _struct_sockaddr_u($uservaddr,$addrlen),$addrlen) } probe syscall.connect.return = kernel.function("sys_connect").return { name = "connect" retstr = returnstr(1) } # delete_module ______________________________________________ # long sys_delete_module(const char __user *name_user, unsigned int flags) probe syscall.delete_module = kernel.function("sys_delete_module") { name = "delete_module" name_user = user_string($name_user) flags = $flags argstr = sprintf("%s, %s", name_user, _module_flags_str(flags)) } probe syscall.delete_module.return = kernel.function("sys_delete_module").return { name = "delete_module" retstr = returnstr(1) } # dup ________________________________________________________ # long sys_dup(unsigned int fildes) probe syscall.dup = kernel.function("sys_dup") { name = "dup" oldfd = $fildes argstr = sprint($fildes) } probe syscall.dup.return = kernel.function("sys_dup").return { name = "dup" retstr = returnstr(1) } # dup2 _______________________________________________________ # long sys_dup2(unsigned int oldfd, unsigned int newfd) probe syscall.dup2 = kernel.function("sys_dup2") { name = "dup2" oldfd = $oldfd newfd = $newfd argstr = sprintf("%d, %d", $oldfd, $newfd) } probe syscall.dup2.return = kernel.function("sys_dup2").return { name = "dup2" retstr = returnstr(1) } # epoll_create _______________________________________________ # long sys_epoll_create(int size) probe syscall.epoll_create = kernel.function("sys_epoll_create") { name = "epoll_create" size = $size argstr = sprint($size) } probe syscall.epoll_create.return = kernel.function("sys_epoll_create").return { name = "epoll_create" retstr = returnstr(1) } # epoll_ctl __________________________________________________ /* * asmlinkage long * sys_epoll_ctl(int epfd, * int op, * int fd, * struct epoll_event __user *event) */ probe kernel.syscall.epoll_ctl = kernel.function("sys_epoll_ctl") { name = "epoll_ctl" epfd = $epfd op = $op op_str = _opoll_op_str($op) fd = $fd event_uaddr = $event } probe kernel.syscall.epoll_ctl.return = kernel.function("sys_epoll_ctl").return { name = "epoll_ctl.return" } # epoll_wait _________________________________________________ /* * asmlinkage long * sys_epoll_wait(int epfd, * struct epoll_event __user *events, * int maxevents, * int timeout) */ probe kernel.syscall.epoll_wait = kernel.function("sys_epoll_wait") { name = "epoll_wait" epfd = $epfd events_uaddr = $events maxevents = $maxevents timeout = $timeout } probe kernel.syscall.epoll_wait.return = kernel.function("sys_epoll_wait").return { name = "epoll_wait.return" } # execve _____________________________________________________ # int sys_execve(struct pt_regs regs) # which breaks out the args and immediately calls # int do_execve(char * filename, # char __user *__user *argv, # char __user *__user *envp, # struct pt_regs * regs) probe syscall.execve = kernel.function("do_execve") { name = "execve" filename = __string($filename) args = __get_argv($argv) argstr = sprintf("%s %s", filename, args) } # v2.6.15-rc2 or earlier has problems with sys_execve return probes # another reason to probe on do_execve probe syscall.execve.return = kernel.function("do_execve").return { name = "execve" retstr = returnstr(1) } # exit _______________________________________________________ # long sys_exit(int error_code) probe syscall.exit = kernel.function("do_exit") { name = "exit" status = $code argstr = sprint($code) } probe syscall.exit.return = end {} # exit_group _________________________________________________ /* * asmlinkage void * sys_exit_group(int error_code) */ probe kernel.syscall.exit_group = kernel.function("sys_exit_group") { name = "exit_group" status = $error_code } probe kernel.syscall.exit_group.return = end {} # fadvise64 __________________________________________________ /* * asmlinkage long * sys_fadvise64_64(int fd, * loff_t offset, * loff_t len, * int advice) */ probe kernel.syscall.fadvise64 = kernel.function("sys_fadvise64_64") { name = "fadvise64" fd = $fd offset = $offset len = $len advice = $advice } probe kernel.syscall.fadvise64.return = kernel.function("sys_fadvise64_64").return { name = "fadvise64.return" } # fadvise64_64 _______________________________________________ /* * asmlinkage long * sys_fadvise64_64(int fd, * loff_t offset, * loff_t len, * int advice) */ probe kernel.syscall.fadvise64_64 = kernel.function("sys_fadvise64_64") { name = "fadvise64_64" fs = $fd offset = $offset len = $len advice = $advice } probe kernel.syscall.fadvise64_64.return = kernel.function("sys_fadvise64_64").return { name = "fadvise64_64.return" } # fchdir _____________________________________________________ # long sys_fchdir(unsigned int fd) probe syscall.fchdir = kernel.function("sys_fchdir") { name = "fchdir" fd = $fd argstr = sprint($fd) } probe syscall.fchdir.return = kernel.function("sys_fchdir").return { name = "fchdir" retstr = returnstr(1) } # fchmod _____________________________________________________ # long sys_fchmod(unsigned int fd, mode_t mode) probe syscall.fchmod = kernel.function("sys_fchmod") { name = "fchmod" fildes = $fd mode = $mode argstr = sprintf("%d, 0%o", $fd, $mode) } probe syscall.fchmod.return = kernel.function("sys_fchmod").return { name = "fchmod" retstr = returnstr(1) } # fchown _____________________________________________________ # long sys_fchown(unsigned int fd, uid_t user, gid_t group) probe syscall.fchown = kernel.function("sys_fchown") { name = "fchown" fd = $fd owner = $user group = $group argstr = sprintf("%d, %d, %d", $fd, $user, $group) } probe syscall.fchown.return = kernel.function("sys_fchown").return { name = "fchown" retstr = returnstr(1) } # fchown16 ___________________________________________________ # long sys_fchown16(unsigned int fd, old_uid_t user, old_gid_t group) probe syscall.fchown16 = kernel.function("sys_fchown") { name = "fchown16" fd = $fd owner = $user group = $group argstr = sprintf("%d, %d, %d", $fd, $user, $group) } probe syscall.fchown16.return = kernel.function("sys_fchown").return { name = "fchown16" retstr = returnstr(1) } # fcntl ______________________________________________________ /* * asmlinkage long * sys_fcntl(int fd, * unsigned int cmd, * unsigned long arg) */ probe kernel.syscall.fcntl = kernel.function("sys_fcntl") { name = "fcntl" fd = $fd cmd = $cmd cmd_str = _fcntl_cmd_str($cmd) arg = $arg } probe kernel.syscall.fcntl.return = kernel.function("sys_fcntl").return { name = "fcntl.return" } # fdatasync __________________________________________________ # long sys_fdatasync(unsigned int fd) probe syscall.fdatasync = kernel.function("sys_fdatasync") { name = "fdatasync" fd = $fd argstr = sprint(fd) } probe syscall.fdatasync.return = kernel.function("sys_fdatasync").return { name = "fdatasync" retstr = returnstr(1) } # fgetxattr __________________________________________________ # ssize_t sys_fgetxattr(int fd, char __user *name, # void __user *value, size_t size) probe syscall.fgetxattr = kernel.function("sys_fgetxattr") { name = "fgetxattr" filedes = $fd #FIXME name2 = user_string($name) value_uaddr = $value size = $size argstr = sprintf("%d, %s, [0x%p], %d", filedes, name2, value_uaddr, size) } probe syscall.fgetxattr.return = kernel.function("sys_fgetxattr").return { name = "fgetxattr" retstr = returnstr(1) } # flistxattr _________________________________________________ # ssize_t sys_flistxattr(int fd, char __user *list, size_t size) probe syscall.flistxattr = kernel.function("sys_flistxattr") { name = "flistxattr" filedes = $fd list_uaddr = $list size = $size argstr = sprintf("%d, [0x%p], %d", filedes, list_uaddr, size) } probe syscall.flistxattr.return = kernel.function("sys_flistxattr").return { name = "flistxattr" retstr = returnstr(1) } # flock ______________________________________________________ # long sys_flock(unsigned int fd, unsigned int cmd) probe syscall.flock = kernel.function("sys_flock") { name = "flock" fd = $fd operation = $cmd argstr = sprintf("%d, %s", fd, _flock_cmd_str(operation)) } probe syscall.flock.return = kernel.function("sys_flock").return { name = "flock" retstr = returnstr(1) } # fork _______________________________________________________ # long do_fork(unsigned long clone_flags, # unsigned long stack_start, # struct pt_regs *regs, # unsigned long stack_size, # int __user *parent_tidptr, # int __user *child_tidptr) probe syscall.fork = kernel.function("do_fork") { clone_flags = $clone_flags stack_start = $stack_start regs = $regs stack_size = $stack_size parent_tid_uaddr = $parent_tidptr child_tid_uaddr = $child_tidptr if (stack_start == 0) { name = "fork_kernel_thread" argstr = __fork_flags(clone_flags) } else if (clone_flags == 17) name = "fork" else if (clone_flags & 0x4000) name = "vfork" else { name = "clone" argstr = __fork_flags(clone_flags) } } probe syscall.fork.return = kernel.function("do_fork").return { name = "fork" retstr = returnstr(1) } # fremovexattr _______________________________________________ # long sys_fremovexattr(int fd, char __user *name) probe syscall.fremovexattr = kernel.function("sys_fremovexattr") { name = "fremovexattr" filedes = $fd name_uaddr = $name argstr = sprintf("FIXME PLEASE") } probe syscall.fremovexattr.return = kernel.function("sys_fremovexattr").return { name = "fremovexattr" retstr = returnstr(1) } # fsetxattr __________________________________________________ /* * asmlinkage long * sys_fsetxattr(int fd, * char __user *name, * void __user *value, * size_t size, * int flags) */ probe syscall.fsetxattr = kernel.function("sys_fsetxattr") { name = "fsetxattr" filedes = $fd # FIXME name2 = user_string($name) value_uaddr = $value size = $size flags = $flags argstr = sprintf("%d, %s, [0x%p], %d, 0x%p", filedes, name2, value_uaddr, size, flags) } probe syscall.fsetxattr.return = kernel.function("sys_fsetxattr").return { name = "fsetxattr" retstr = returnstr(1) } # fstatfs ____________________________________________________ # long sys_fstatfs(unsigned int fd, struct statfs __user * buf) probe syscall.fstatfs = kernel.function("sys_fstatfs") { name = "fstatfs" fd = $fd buf_uaddr = $buf argstr = sprintf("%d, [0x%p]", fd, buf_uaddr) } probe syscall.fstatfs.return = kernel.function("sys_fstatfs").return { name = "fstatfs" } # fstatfs64 __________________________________________________ # long sys_fstatfs64(unsigned int fd, size_t sz, struct statfs64 __user *buf) probe syscall.fstatfs64 = kernel.function("sys_fstatfs64") { name = "fstatfs64" fd = $fd sz = $sz buf_uaddr = $buf argstr = sprintf("%d, %d, [0x%p]", fd, sz, buf_uaddr) } probe syscall.fstatfs64.return = kernel.function("sys_fstatfs64").return { name = "fstatfs64.return" retstr = returnstr(1) } # fsync ______________________________________________________ # long sys_fsync(unsigned int fd) probe syscall.fsync = kernel.function("sys_fsync") { name = "fsync" fd = $fd argstr = sprint(fd) } probe syscall.fsync.return = kernel.function("sys_fsync").return { name = "fsync.return" retstr = returnstr(1) } # ftruncate __________________________________________________ # long sys_ftruncate(unsigned int fd, unsigned long length) probe syscall.ftruncate = kernel.function("sys_ftruncate") { name = "ftruncate" fd = $fd length = $length argstr = sprintf("%d, %d", fd, length) } probe syscall.ftruncate.return = kernel.function("sys_ftruncate").return { name = "ftruncate" retstr = returnstr(1) } # ftruncate64 ________________________________________________ # long sys_ftruncate64(unsigned int fd, loff_t length) probe syscall.ftruncate64 = kernel.function("sys_ftruncate") { name = "ftruncate64" fd = $fd length = $length argstr = sprintf("%d, %d", fd, length) } probe syscall.ftruncate64.return = kernel.function("sys_ftruncate").return { name = "ftruncate64" retstr = returnstr(1) } # futex ______________________________________________________ # long sys_futex(u32 __user *uaddr, # int op, # int val, # struct timespec __user *utime, # u32 __user *uaddr2, # int val3) # probe syscall.futex = kernel.function("sys_futex") { name = "futex" futex_uaddr = $uaddr op = $op val = $val utime_uaddr = $utime uaddr2_uaddr = $uaddr2 val3 = $val3 if (op == 0) argstr = sprintf("0x%p, %s, %d, %s", $uaddr, _futex_op_str($op), $val, _struct_timespec_u($utime)) else argstr = sprintf("0x%p, %s, %d", $uaddr, _futex_op_str($op), $val) } probe syscall.futex.return = kernel.function("sys_futex").return { name = "futex.return" retstr = returnstr(1) } # getcwd _____________________________________________________ # long sys_getcwd(char __user *buf, unsigned long size) probe syscall.getcwd = kernel.function("sys_getcwd") { name = "getcwd" buf_uaddr = $buf size = $size argstr = sprintf("[0x%p], %d", buf_uaddr, size) } probe syscall.getcwd.return = kernel.function("sys_getcwd").return { name = "getcwd" retstr = returnstr(1) } # getdents ___________________________________________________ # long sys_getdents(unsigned int fd, # struct linux_dirent __user * dirent, # unsigned int count) probe syscall.getdents = kernel.function("sys_getdents") { name = "getdents" fd = $fd dirp_uaddr = $dirent count = $count argstr = sprintf("%d, [0x%p], %d", fd, dirp_uaddr, count) } probe syscall.getdents.return = kernel.function("sys_getdents").return { name = "getdents" retstr = returnstr(1) } # getdents64 _________________________________________________ # long sys_getdents64(unsigned int fd, # struct linux_dirent64 __user * dirent, # unsigned int count) probe syscall.getdents64 = kernel.function("sys_getdents64") { name = "getdents64" fd = $fd dirp_uaddr = $dirent count = $count argstr = sprintf("%d, [0x%p], %d", fd, dirp_uaddr, count) } probe syscall.getdents64.return = kernel.function("sys_getdents64").return { name = "getdents64" retstr = returnstr(1) } # getegid ____________________________________________________ # long sys_getegid(void) probe syscall.getegid = kernel.function("sys_getegid") { name = "getegid" } probe syscall.getegid.return = kernel.function("sys_getegid").return { name = "getegid" retstr = returnstr(1) } # geteuid ____________________________________________________ # long sys_geteuid(void) probe syscall.geteuid = kernel.function("sys_geteuid") { name = "geteuid" } probe syscall.geteuid.return = kernel.function("sys_geteuid").return { name = "geteuid" retstr = returnstr(1) } # getgid _____________________________________________________ # long sys_getgid(void) probe syscall.getgid =kernel.function("sys_getgid") { name = "getgid" } probe syscall.getgid.return = kernel.function("sys_getgid").return { name = "getgid" retstr = returnstr(1) } # getgroups __________________________________________________ # long sys_getgroups(int gidsetsize, gid_t __user *grouplist) probe syscall.getgroups = kernel.function("sys_getgroups") { name = "getgroups" size = $gidsetsize list_uaddr = $grouplist argstr = sprintf("%d, [0x%p]", size, list_uaddr) } probe syscall.getgroups.return = kernel.function("sys_getgroups").return { name = "getgroups" retstr = returnstr(1) } # gethostname ________________________________________________ # long sys_gethostname(char __user *name, int len) probe syscall.gethostname = kernel.function("sys_gethostname") { name = "gethostname" name_uaddr = $name len = $len argstr = sprintf ("[0x%p], %d", name_uaddr, len) } probe syscall.gethostname.return = kernel.function("sys_gethostname").return { name = "gethostname" retstr = returnstr(1) } # getitimer __________________________________________________ # long sys_getitimer(int which, struct itimerval __user *value) probe syscall.getitimer = kernel.function("sys_getitimer") { name = "getitimer" which = $which value_uaddr = $value argstr = sprintf("%s, [0x%p]", _itimer_which_str(which), value_uaddr) } probe syscall.getitimer.return = kernel.function("sys_getitimer").return { name = "getitimer" retstr = returnstr(1) } # getpeername ________________________________________________ /* * asmlinkage long * sys_getpeername(int fd, * struct sockaddr __user *usockaddr, * int __user *usockaddr_len) */ probe kernel.syscall.getpeername = kernel.function("sys_getpeername") { name = "getpeername" s = $fd name_uaddr = $usockaddr namelen_uaddr = $usockaddr_len } probe kernel.syscall.getpeername.return = kernel.function("sys_getpeername").return { name = "getpeername.return" } # getpgid ____________________________________________________ # long sys_getpgid(void) probe syscall.getpgid = kernel.function("sys_getpgid") { name = "getpgid" } probe syscall.getpgid.return = kernel.function("sys_getpgid").return { name = "getpgid" retstr = returnstr(1) } # getpgrp ____________________________________________________ # long sys_getpgrp(void) probe syscall.getpgrp = kernel.function("sys_getpgrp") { name = "getpgrp" } probe syscall.getpgrp.return = kernel.function("sys_getpgrp").return { name = "getpgrp" retstr = returnstr(1) } # getpid _____________________________________________________ # long sys_getpid(void) probe syscall.getpid = kernel.function("sys_getpid") { name = "getpid" } probe syscall.getpid.return = kernel.function("sys_getpid").return { name = "getpid" retstr = returnstr(1) } # getppid ____________________________________________________ # long sys_getppid(void) probe syscall.getppid = kernel.function("sys_getppid") { name = "getppid" } probe syscall.getppid.return = kernel.function("sys_getppid").return { name = "getppid" } # getpriority ________________________________________________ # long sys_getpriority(int which, int who) probe syscall.getpriority = kernel.function("sys_getpriority") { name = "getpriority" which = $which who = $who argstr = sprintf("%s, %d", _priority_which_str(which), who) } probe syscall.getpriority.return = kernel.function("sys_getpriority").return { name = "getpriority" retstr = returnstr(1) } # getresgid __________________________________________________ # long sys_getresgid(gid_t __user *rgid, # gid_t __user *egid, # gid_t __user *sgid) probe syscall.getresgid = kernel.function("sys_getresgid") { name = "getresgid" rgid_uaddr = $rgid egid_uaddr = $egid sgid_uaddr = $sgid argstr = sprintf("[0x%p], [0x%p], [0x%p]", rgid_uaddr, egid_uaddr, sgid_uaddr) } probe syscall.getresgid.return = kernel.function("sys_getresgid").return { name = "getresgid" retstr = returnstr(1) } # getresgid16 ________________________________________________ # long sys_getresgid16(old_uid_t __user *rgid, # old_uid_t __user *egid, # old_uid_t __user *sgid) probe syscall.getresgid16 = kernel.function("sys_getresgid") { name = "getresgid16" rgid_uaddr = $rgid egid_uaddr = $egid sgid_uaddr = $sgid argstr = sprintf("[0x%p], [0x%p], [0x%p]", rgid_uaddr, egid_uaddr, sgid_uaddr) } probe syscall.getresgid16.return = kernel.function("sys_getresgid").return { name = "getresgid16" retstr = returnstr(1) } # getresuid __________________________________________________ # long sys_getresuid(uid_t __user *ruid, # uid_t __user *euid, # uid_t __user *suid) probe syscall.getresuid = kernel.function("sys_getresuid") { name = "getresuid" ruid_uaddr = $ruid euid_uaddr = $euid suid_uaddr = $suid argstr = sprintf("[0x%p], [0x%p], [0x%p]", ruid_uaddr, euid_uaddr, suid_uaddr) } probe syscall.getresuid.return = kernel.function("sys_getresuid").return { name = "getresuid" retstr = returnstr(1) } # getresuid16 ________________________________________________ # long sys_getresuid16(old_uid_t __user *ruid, # old_uid_t __user *euid, # old_uid_t __user *suid) probe syscall.getresuid16 = kernel.function("sys_getresuid") { name = "getresuid16" ruid_uaddr = $ruid euid_uaddr = $euid suid_uaddr = $suid argstr = sprintf("[0x%p], [0x%p], [0x%p]", ruid_uaddr, euid_uaddr, suid_uaddr) } probe syscall.getresuid16.return = kernel.function("sys_getresuid").return { name = "getresuid16" retstr = returnstr(1) } # getrlimit __________________________________________________ # long sys_getrlimit(unsigned int resource, struct rlimit __user *rlim) probe syscall.getrlimit = kernel.function("sys_getrlimit") { name = "getrlimit" resource = $resource rlim_uaddr = $rlim argstr = sprintf("%s, [0x%p]", _rlimit_resource_str($resource), rlim_uaddr) } probe syscall.getrlimit.return = kernel.function("sys_getrlimit").return { name = "getrlimit" retstr = returnstr(1) } # getrusage __________________________________________________ # long sys_getrusage(int who, struct rusage __user *ru) probe syscall.getrusage = kernel.function("sys_getrusage") { name = "getrusage" who = $who usage_uaddr = $ru argstr = sprintf("%s, [0x%p]",_rusage_who_str($who), usage_uaddr) } probe syscall.getrusage.return = kernel.function("sys_getrusage").return { name = "getrusage" retstr = returnstr(1) } # getsid _____________________________________________________ # long sys_getsid(pid_t pid) probe syscall.getsid = kernel.function("sys_getsid") { name = "getsid" pid = $pid argstr = sprint(pid) } probe syscall.getsid.return = kernel.function("sys_getsid").return { name = "getsid" retstr = returnstr(1) } # getsockname ________________________________________________ # long sys_getsockname(int fd, # struct sockaddr __user *usockaddr, # int __user *usockaddr_len) probe kernel.syscall.getsockname = kernel.function("sys_getsockname") { name = "getsockname" s = $fd name_uaddr = $usockaddr namelen_uaddr = $usockaddr_len } probe kernel.syscall.getsockname.return = kernel.function("sys_getsockname").return { name = "getsockname.return" } # getsockopt _________________________________________________ /* * asmlinkage long * sys_getsockopt(int fd, * int level, * int optname, * char __user *optval, * int __user *optlen) */ probe kernel.syscall.getsockopt = kernel.function("sys_getsockopt") { name = "getsockopt" fd = $fd level = $level level_str = _sockopt_level_str($level) optname = $optname optname_str = _sockopt_optname_str($optname) optval_uaddr = $optval optlen_uaddr = $optlen } probe kernel.syscall.getsockopt.return = kernel.function("sys_getsockopt").return { name = "getsockopt.return" } # gettid _____________________________________________________ # long sys_gettid(void) probe syscall.gettid = kernel.function("sys_gettid") { name = "gettid" } probe syscall.gettid.return = kernel.function("sys_gettid").return { name = "gettid" retstr = returnstr(1) } # gettimeofday _______________________________________________ # long sys_gettimeofday(struct timeval __user *tv, # struct timezone __user *tz) probe syscall.gettimeofday = kernel.function("sys_gettimeofday") { name = "gettimeofday" tv_uaddr = $tv tz_uaddr = $tz argstr = sprintf("[0x%p], [0x%p]", tv_uaddr, tz_uaddr) } probe syscall.gettimeofday.return = kernel.function("sys_gettimeofday").return { name = "gettimeofday" retstr = returnstr(1) } # getuid _____________________________________________________ # long sys_getuid(void) probe syscall.getuid = kernel.function("sys_getuid") { name = "getuid" } probe syscall.getuid.return = kernel.function("sys_getuid").return { name = "getuid" retstr = returnstr(1) } # getxattr ___________________________________________________ # ssize_t sys_getxattr(char __user *path, char __user *name, # void __user *value, size_t size) probe syscall.getxattr = kernel.function("sys_getxattr") { name = "getxattr" path = user_string($path) # FIXME name2 = user_string($name) value_uaddr = $value size = $size argstr = sprintf("%s, %s, [0x%p], %d", path, name2, value_uaddr, size) } probe syscall.getxattr.return = kernel.function("sys_getxattr").return { name = "getxattr" retstr = returnstr(1) } # init_module ________________________________________________ # long sys_init_module(void __user *umod, # unsigned long len, # const char __user *uargs) probe syscall.init_module = kernel.function("sys_init_module") { name = "init_module" umod_uaddr = $umod len = $len uargs = user_string($uargs) argstr = sprintf("[0x%p], %d, %s", umod_uaddr, len, uargs) } probe syscall.init_module.return = kernel.function("sys_init_module").return { name = "init_module" retstr = returnstr(1) } # io_cancel __________________________________________________ # long sys_io_cancel(aio_context_t ctx_id, # struct iocb __user *iocb, # struct io_event __user *result) probe syscall.io_cancel = kernel.function("sys_io_cancel") { name = "io_cancel" ctx_id = $ctx_id iocb_uaddr = $iocb result_uaddr = $result argstr = sprintf("%d, [0x%p], [0x%p]", ctx_id, iocb_uaddr, result_uaddr) } probe syscall.io_cancel.return = kernel.function("sys_io_cancel").return { name = "io_cancel" retstr = returnstr(1) } # ioctl ______________________________________________________ # long sys_ioctl(unsigned int fd, unsigned int cmd, # unsigned long arg) probe syscall.ioctl = kernel.function("sys_ioctl") { name = "ioctl" fd = $fd request = $cmd argp = $arg argstr = sprintf("%d, %d, [0x%p]", fd, request, argp) } probe syscall.ioctl.return = kernel.function("sys_ioctl").return { name = "ioctl" retstr = returnstr(1) } # io_destroy _________________________________________________ # long sys_io_destroy(aio_context_t ctx) probe syscall.io_destroy = kernel.function("sys_io_destroy") { name = "io_destroy" ctx = $ctx argstr = sprintf("%d", ctx) } probe syscall.io_destroy.return = kernel.function("sys_io_destroy").return { name = "io_destroy" retstr = returnstr(1) } # io_getevents _______________________________________________ # long sys_io_getevents(aio_context_t ctx_id, # long min_nr, # long nr, # struct io_event __user *events, # struct timespec __user *timeout) probe syscall.io_getevents = kernel.function("sys_io_getevents") { name = "io_getevents" ctx_id = $ctx_id min_nr = $min_nr nr = $nr events_uaddr = $events timeout_uaddr = $timeout # argstr = sprintf("%d, %d, %d, [0x%p],") } probe syscall.io_getevents.return = kernel.function("sys_io_getevents").return { name = "io_getevents" retstr = returnstr(1) } # ioperm _____________________________________________________ /* * asmlinkage long * sys_ioperm(unsigned long from, * unsigned long num, * int turn_on) */ probe kernel.syscall.ioperm = kernel.function("sys_ioperm") { name = "ioperm" from = $from num = $num turn_on = $turn_on } probe kernel.syscall.ioperm.return = kernel.function("sys_ioperm").return { name = "ioperm.return" } # io_setup ___________________________________________________ /* * asmlinkage long * sys_io_setup(unsigned nr_events, * aio_context_t __user *ctxp) */ probe kernel.syscall.io_setup = kernel.function("sys_io_setup") { name = "io_setup" maxevents = $nr_events ctxp_uaddr = $ctxp } probe kernel.syscall.io_setup.return = kernel.function("sys_io_setup").return { name = "io_setup.return" } # io_submit __________________________________________________ /* * asmlinkage long * sys_io_submit(aio_context_t ctx_id, * long nr, * struct iocb __user * __user *iocbpp) */ probe kernel.syscall.io_submit = kernel.function("sys_io_submit") { name = "io_submit" ctx_id = $ctx_id nr = $nr iocbpp_uaddr = $iocbpp } probe kernel.syscall.io_submit.return = kernel.function("sys_io_submit").return { name = "io_submit.return" } # kexec_load _________________________________________________ /* * asmlinkage long * sys_kexec_load(unsigned long entry, * unsigned long nr_segments, * struct kexec_segment __user *segments, * unsigned long flags) */ /* probe kernel.syscall.kexec_load = kernel.function("sys_kexec_load") { name = "kexec_load" entry = $entry nr_segments = $nr_segments segments_uaddr = $segments_uaddr flags = $flags } probe kernel.syscall.kexec_load.return = kernel.function("sys_kexec_load").return { name = "kexec_load.return" } */ # keyctl _____________________________________________________ /* * asmlinkage long * sys_keyctl(int option, * unsigned long arg2, * unsigned long arg3, * unsigned long arg4, * unsigned long arg5) */ probe kernel.syscall.keyctl = kernel.function("sys_keyctl") { name = "keyctl" option = $option arg2 = $arg2 arg3 = $arg3 arg4 = $arg4 arg5 = $arg5 } probe kernel.syscall.keyctl.return = kernel.function("sys_keyctl").return { name = "keyctl.return" } # kill _______________________________________________________ # long sys_kill(int pid, int sig) probe syscall.kill = kernel.function("sys_kill") { name = "kill" pid = $pid sig = $sig argstr = sprintf("%d, %s", $pid, _signal_name($sig)) } probe syscall.kill.return = kernel.function("sys_kill").return { name = "kill" retstr = returnstr(1) } # lchown _____________________________________________________ /* * asmlinkage long * sys_lchown(const char __user * filename, * uid_t user, * gid_t group) */ probe kernel.syscall.lchown = kernel.function("sys_lchown") { name = "lchown" path_uaddr = $filename owner = $user group = $group } probe kernel.syscall.lchown.return = kernel.function("sys_lchown").return { name = "lchown.return" } # lchown16 ___________________________________________________ /* * asmlinkage long * sys_lchown16(const char __user * filename, * old_uid_t user, * old_gid_t group) */ probe kernel.syscall.lchown16 = kernel.function("sys_lchown") { name = "lchown16" path_uaddr = $filename owner = $user group = $group } probe kernel.syscall.lchown16.return = kernel.function("sys_lchown").return { name = "lchown16.return" } # lgetxattr __________________________________________________ /* * asmlinkage ssize_t * sys_lgetxattr(char __user *path, * char __user *name, * void __user *value, * size_t size) */ probe kernel.syscall.lgetxattr = kernel.function("sys_lgetxattr") { name = "lgetxattr" path_uaddr = $path name_uaddr = $name value_uaddr = $value size = $size } probe kernel.syscall.lgetxattr.return = kernel.function("sys_lgetxattr").return { name = "lgetxattr.return" } # link _______________________________________________________ /* * asmlinkage long * sys_link(const char __user * oldname, * const char __user * newname) */ probe kernel.syscall.link = kernel.function("sys_link") { name = "link" oldpath_uaddr = $oldname newpath_uaddr = $newname } probe kernel.syscall.link.return = kernel.function("sys_link").return { name = "link.return" } # listen _____________________________________________________ /* * asmlinkage long * sys_listen(int fd, * int backlog) */ probe kernel.syscall.listen = kernel.function("sys_listen") { name = "listen" s = $fd backlog = $backlog } probe kernel.syscall.listen.return = kernel.function("sys_listen").return { name = "listen.return" } # listxattr __________________________________________________ /* * asmlinkage ssize_t * sys_listxattr(char __user *path, * char __user *list, * size_t size) */ probe kernel.syscall.listxattr = kernel.function("sys_listxattr") { name = "listxattr" path_uaddr = $path list_uaddr = $list size = $size } probe kernel.syscall.listxattr.return = kernel.function("sys_listxattr").return { name = "listxattr.return" } # llistxattr _________________________________________________ /* * asmlinkage ssize_t * sys_llistxattr(char __user *path, * char __user *list, * size_t size) */ probe kernel.syscall.llistxattr = kernel.function("sys_llistxattr") { name = "llistxattr" path_uaddr = $path list_uaddr = $list size = $size } probe kernel.syscall.llistxattr.return = kernel.function("sys_llistxattr").return { name = "llistxattr.return" } # llseek _____________________________________________________ /* * asmlinkage long * sys_llseek(unsigned int fd, * unsigned long offset_high, * unsigned long offset_low, * loff_t __user * result, * unsigned int origin) */ probe kernel.syscall.llseek = kernel.function("sys_llseek") { name = "llseek" fd = $fd offset_high = $offset_high offset_low = $offset_low result_uaddr = $result whence = $origin whence_str = _seek_whence_str($origin) } probe kernel.syscall.llseek.return = kernel.function("sys_llseek").return { name = "llseek.return" } # lookup_dcookie _____________________________________________ /* * asmlinkage long * sys_lookup_dcookie(u64 cookie64, * char __user * buf, * size_t len) */ probe kernel.syscall.lookup_dcookie = kernel.function("sys_lookup_dcookie") { name = "lookup_dcookie" cookie = $cookie64 buffer_uaddr = $buf len = $len } probe kernel.syscall.lookup_dcookie.return = kernel.function("sys_lookup_dcookie").return { name = "lookup_dcookie.return" } # lremovexattr _______________________________________________ /* * asmlinkage long * sys_lremovexattr(char __user *path, * char __user *name) */ probe kernel.syscall.lremovexattr = kernel.function("sys_lremovexattr") { name = "lremovexattr" path_uaddr = $path name_uaddr = $name } probe kernel.syscall.lremovexattr.return = kernel.function("sys_lremovexattr").return { name = "lremovexattr.return" } # lseek ______________________________________________________ /* * asmlinkage off_t * sys_lseek(unsigned int fd, * off_t offset, * unsigned int origin) */ probe kernel.syscall.lseek = kernel.function("sys_lseek") { name = "lseek" fildes = $fd offset = $offset whence = $origin whence_str = _seek_whence_str($origin) } probe kernel.syscall.lseek.return = kernel.function("sys_lseek").return { name = "lseek.return" } # lsetxattr __________________________________________________ /* * asmlinkage long * sys_lsetxattr(char __user *path, * char __user *name, * void __user *value, * size_t size, * int flags) */ probe kernel.syscall.lsetxattr = kernel.function("sys_lsetxattr") { name = "lsetxattr" path_uaddr = $path name_uaddr = $name value_uaddr = $value size = $size flags = $flags } probe kernel.syscall.lsetxattr.return = kernel.function("sys_lsetxattr").return { name = "lsetxattr.return" } # madvise ____________________________________________________ /* * asmlinkage long * sys_madvise(unsigned long start, * size_t len_in, * int behavior) */ probe kernel.syscall.madvise = kernel.function("sys_madvise") { name = "madvise" start = $start length = $len_in advice = $behavior advice_str = _madvice_advice_str($behavior) } probe kernel.syscall.madvise.return = kernel.function("sys_madvise").return { name = "madvise.return" } # mincore ____________________________________________________ /* * asmlinkage long * sys_mincore(unsigned long start, * size_t len, * unsigned char __user * vec) */ probe kernel.syscall.mincore = kernel.function("sys_mincore") { name = "mincore" start = $start length = $len vec_uaddr = $vec } probe kernel.syscall.mincore.return = kernel.function("sys_mincore").return { name = "mincore.return" } # mkdir ______________________________________________________ /* * asmlinkage long * sys_mkdir(const char __user * pathname, * int mode) */ probe kernel.syscall.mkdir = kernel.function("sys_mkdir") { name = "mkdir" pathname_uaddr = $pathname mode = $mode } probe kernel.syscall.mkdir.return = kernel.function("sys_mkdir").return { name = "mkdir.return" } # mknod # long sys_mknod(const char __user * filename, int mode, unsigned dev) probe syscall.mknod = kernel.function("sys_mknod") { name = "mknod" pathname = user_string($filename) mode = $mode dev = $dev argstr = sprintf("%s, %s, 0x%p", pathname, _mknod_mode_str($mode), dev) } probe syscall.mknod.return = kernel.function("sys_mknod").return { name = "mknod" retstr = returnstr(1) } # mlock ______________________________________________________ /* * asmlinkage long * sys_mlock(unsigned long start, * size_t len) */ probe kernel.syscall.mlock = kernel.function("sys_mlock") { name = "mlock" addr = $start len = $len } probe kernel.syscall.mlock.return = kernel.function("sys_mlock").return { name = "mlock.return" } # mlockall ___________________________________________________ /* * asmlinkage long * sys_mlockall(int flags) */ probe kernel.syscall.mlockall = kernel.function("sys_mlockall") { name = "mlockall" flags = $flags flags_str = _mlockall_flags_str($flags) } probe kernel.syscall.mlockall.return = kernel.function("sys_mlockall").return { name = "mlockall.return" } # modify_ldt _________________________________________________ /* * asmlinkage int * sys_modify_ldt(int func, * void __user *ptr, * unsigned long bytecount) */ probe kernel.syscall.modify_ldt = kernel.function("sys_modify_ldt") { name = "modify_ldt" func = $func ptr_uaddr = $ptr bytecount = $bytecount } probe kernel.syscall.modify_ldt.return = kernel.function("sys_modify_ldt").return { name = "modify_ldt.return" } # mount ______________________________________________________ /* * asmlinkage long * sys_mount(char __user * dev_name, * char __user * dir_name, * char __user * type, * unsigned long flags, * void __user * data) */ probe kernel.syscall.mount = kernel.function("sys_mount") { name = "mount" source_uaddr = $dev_name target_uaddr = $dir_name filesystemtype_uaddr = $type mountflags = $flags mountflags_str = _mountflags_str($flags) data_uaddr = $data } probe kernel.syscall.mount.return = kernel.function("sys_mount").return { name = "mount.return" } # mprotect ___________________________________________________ /* * asmlinkage long * sys_mprotect(unsigned long start, * size_t len, * unsigned long prot) */ probe kernel.syscall.mprotect = kernel.function("sys_mprotect") { name = "mprotect" addr = $start len = $len prot = $prot prot_str = _mprotect_prot_str($prot) } probe kernel.syscall.mprotect.return = kernel.function("sys_mprotect").return { name = "mprotect.return" } # mq_getsetattr ______________________________________________ /* * asmlinkage long * sys_mq_getsetattr(mqd_t mqdes, * const struct mq_attr __user *u_mqstat, * struct mq_attr __user *u_omqstat) */ probe kernel.syscall.mq_getsetattr = kernel.function("sys_mq_getsetattr") { name = "mq_getsetattr" mqdes = $mqdes u_mqstat_uaddr = $u_mqstat u_omqstat_uaddr = $u_omqstat } probe kernel.syscall.mq_getsetattr.return = kernel.function("sys_mq_getsetattr").return { name = "mq_getsetattr.return" } # mq_notify __________________________________________________ /* * asmlinkage long * sys_mq_notify(mqd_t mqdes, * const struct sigevent __user *u_notification) */ probe kernel.syscall.mq_notify = kernel.function("sys_mq_notify") { name = "mq_notify" mqdes = $mqdes notification_uaddr = $u_notification } probe kernel.syscall.mq_notify.return = kernel.function("sys_mq_notify").return { name = "mq_notify.return" } # mq_open ____________________________________________________ /* * asmlinkage long * sys_mq_open(const char __user *u_name, * int oflag, * mode_t mode, * struct mq_attr __user *u_attr) */ probe kernel.syscall.mq_open = kernel.function("sys_mq_open") { name = "mq_open" name_uaddr = $u_name oflag = $oflag mode = $mode u_attr_uaddr = $u_attr } probe kernel.syscall.mq_open.return = kernel.function("sys_mq_open").return { name = "mq_open.return" } # mq_timedreceive ____________________________________________ /* * asmlinkage ssize_t * sys_mq_timedreceive(mqd_t mqdes, * char __user *u_msg_ptr, * size_t msg_len, * unsigned int __user *u_msg_prio, * const struct timespec __user *u_abs_timeout) */ probe kernel.syscall.mq_timedreceive = kernel.function("sys_mq_timedreceive") { name = "mq_timedreceive" mqdes = $mqdes msg_ptr_uaddr = $u_msg_ptr msg_len = $msg_len msg_prio_uaddr = $u_msg_prio abs_timout_uaddr = $u_abs_timeout } probe kernel.syscall.mq_timedreceive.return = kernel.function("sys_mq_timedreceive").return { name = "mq_timedreceive.return" } # mq_timedsend _______________________________________________ /* * asmlinkage long * sys_mq_timedsend(mqd_t mqdes, * const char __user *u_msg_ptr, * size_t msg_len, * unsigned int msg_prio, * const struct timespec __user *u_abs_timeout) */ probe kernel.syscall.mq_timedsend = kernel.function("sys_mq_timedsend") { name = "mq_timedsend" mqdes = $mqdes msg_ptr_uaddr = $u_msg_ptr msg_len = $msg_len msg_prio = $msg_prio abs_timeout_uaddr = $u_abs_timeout } probe kernel.syscall.mq_timedsend.return = kernel.function("sys_mq_timedsend").return { name = "mq_timedsend.return" } # mq_unlink __________________________________________________ /* * asmlinkage long * sys_mq_unlink(const char __user *u_name) */ probe kernel.syscall.mq_unlink = kernel.function("sys_mq_unlink") { name = "mq_unlink" u_name_uaddr = $u_name } probe kernel.syscall.mq_unlink.return = kernel.function("sys_mq_unlink").return { name = "mq_unlink.return" } # mremap _____________________________________________________ /* * asmlinkage unsigned long * sys_mremap(unsigned long addr, * unsigned long old_len, * unsigned long new_len, * unsigned long flags, * unsigned long new_addr) */ probe kernel.syscall.mremap = kernel.function("sys_mremap") { name = "mremap" old_address = $addr old_size = $old_len new_size = $new_len flags = $flags new_address = $new_addr } probe kernel.syscall.mremap.return = kernel.function("sys_mremap").return { name = "mremap.return" } # msgctl _____________________________________________________ /* * asmlinkage long * sys_msgctl (int msqid, * int cmd, * struct msqid_ds __user *buf) */ probe kernel.syscall.msgctl = kernel.function("sys_msgctl") { name = "msgctl" msqid = $msqid cmd = $cmd buf_uaddr = $buf } probe kernel.syscall.msgctl.return = kernel.function("sys_msgctl").return { name = "msgctl.return" } # msgget _____________________________________________________ /* * asmlinkage long * sys_msgget (key_t key, * int msgflg) */ probe kernel.syscall.msgget = kernel.function("sys_msgget") { name = "msgget" key = $key msgflg = $msgflg msgflg_str = _sys_open_flag_str($msgflg) } probe kernel.syscall.msgget.return = kernel.function("sys_msgget").return { name = "msgget.return" } # msgrcv _____________________________________________________ /* * asmlinkage long * sys_msgrcv (int msqid, * struct msgbuf __user *msgp, * size_t msgsz, * long msgtyp, * int msgflg) */ probe kernel.syscall.msgrcv = kernel.function("sys_msgrcv") { name = "msgrcv" msqid = $msqid msgp_uaddr = $msgp msgsz = $msgsz msgtyp = $msgtyp msgflg = $msgflg } probe kernel.syscall.msgrcv.return = kernel.function("sys_msgrcv").return { name = "msgrcv.return" } # msgsnd _____________________________________________________ /* * asmlinkage long * sys_msgsnd (int msqid, * struct msgbuf __user *msgp, * size_t msgsz, * int msgflg) */ probe kernel.syscall.msgsnd = kernel.function("sys_msgsnd") { name = "msgsnd" msqid = $msqid msgp_uaddr = $msgp msgsz = $msgsz msgflg = $msgflg } probe kernel.syscall.msgsnd.return = kernel.function("sys_msgsnd").return { name = "msgsnd.return" } # msync ______________________________________________________ # long sys_msync(unsigned long start, size_t len, int flags) probe syscall.msync = kernel.function("sys_msync") { name = "msync" start = $start length = $len flags = $flags argstr = sprintf("0x%p, %d, %s",start, length, _msync_flag_str(flags)) } probe syscall.msync.return = kernel.function("sys_msync").return { name = "msync.return" retstr = returnstr(1) } # munlock ____________________________________________________ # long sys_munlock(unsigned long start, size_t len) probe syscall.munlock = kernel.function("sys_munlock") { name = "munlock" addr = $start len = $len argstr = sprintf("0x%p, %d", addr, len) } probe syscall.munlock.return = kernel.function("sys_munlock").return { name = "munlock" retstr = returnstr(1) } # munlockall _________________________________________________ # long sys_munlockall(void) probe syscall.munlockall = kernel.function("sys_munlockall") { name = "munlockall" } probe syscall.munlockall.return = kernel.function("sys_munlockall").return { name = "munlockall" retstr = returnstr(1) } # munmap _____________________________________________________ # long sys_munmap(unsigned long addr, size_t len) probe syscall.munmap = kernel.function("sys_munmap") { name = "munmap" start = $addr length = $len argstr = sprintf("0x%p, %d", start, length) } probe syscall.munmap.return = kernel.function("sys_munmap").return { name = "munmap" retstr = returnstr(1) }