// syscalls tapset part 2 [N-Z] // Copyright (C) 2005 IBM Corp. // Copyright (C) 2005, 2006 Red Hat Inc. // // This file is part of systemtap, and is free software. You can // redistribute it and/or modify it under the terms of the GNU General // Public License (GPL); either version 2, or (at your option) any // later version. /* Each syscall returns the calls parameters. In addition, the following * variables are set: * * name - generally the syscall name minus the "sys_". * * argstr - a string containing the decoded args in an easy-to-read format. * It doesn't need to contain everything, but should have all the * important args. Set in entry probes only. * * retstr - a string containing the return value in an easy-to-read format. * Set in return probes only. */ # open _______________________________________________________ # asmlinkage long sys_open(const char __user * filename, int flags, int mode) probe syscall.open = kernel.function("sys_open") { name = "open" filename = user_string($filename) flags = $flags mode = $mode if (f & 64) argstr = sprintf("\"%s\", %s, 0x%p", filename, _sys_open_flag_str(flags), mode) else argstr = sprintf("\"%s\", %s", filename, _sys_open_flag_str(flags)) } probe syscall.open.return = kernel.function("sys_open").return { name = "open" retstr = returnstr(1) } # read _______________________________________________________ # ssize_t sys_read(unsigned int fd, char __user * buf, size_t count) probe syscall.read = kernel.function("sys_read") { name = "read" fd = $fd buf_uaddr = $buf count = $count argstr = sprintf("%d, [0x%p], %d", fd, buf_uaddr, count) } probe syscall.read.return = kernel.function("sys_read").return { name = "read" retstr = returnstr(1) } ####################################################################### ################# OLD STUFF rewrite everything below here############## ####################################################################### # nanosleep __________________________________________________ # # asmlinkage long # sys_nanosleep(struct timespec __user *rqtp, # struct timespec __user *rmtp) # probe syscall.nanosleep = kernel.function("sys_nanosleep") { name = "nanosleep" req_uaddr = $rqtp rem_uaddr = $rmtp argstr = _struct_timespec_u(req_uaddr) } probe syscall.nanosleep.return = kernel.function("sys_nanosleep").return { name = "nanosleep" retstr = returnstr(1) } # newfstat ___________________________________________________ # # asmlinkage long # sys_newfstat(unsigned int fd, # struct stat __user * statbuf) # probe syscall.newfstat = kernel.function("sys_newfstat") { name = "newfstat" fd = $fd buf_uaddr = $statbuf argstr = sprintf("%d, [0x%p]", fd, buf_uaddr) } probe syscall.newfstat.return = kernel.function("sys_newfstat").return { name = "newfstat" retstr = returnstr(1) } # newlstat ___________________________________________________ # # asmlinkage long # sys_newlstat(char __user * filename, # struct stat __user * statbuf) # probe syscall.newlstat = kernel.function("sys_newlstat") { name = "newlstat" pathname = user_string($filename) buf_uaddr = $statbuf argstr = sprintf("\"%s\", [0x%p]", pathname, buf_uaddr) } probe syscall.newlstat.return = kernel.function("sys_newlstat").return { name = "newlstat" retstr = returnstr(1) } # newstat ____________________________________________________ # # asmlinkage long # sys_newstat(char __user * filename, # struct stat __user * statbuf) # probe syscall.newstat = kernel.function("sys_newstat") { name = "newstat" pathname = user_string($filename) buf_uaddr = $statbuf argstr = sprintf("\"%s\", [0x%p]", pathname, buf_uaddr) } probe syscall.newstat.return = kernel.function("sys_newstat").return { name = "newstat" retstr = returnstr(1) } # newuname ___________________________________________________ # # asmlinkage long # sys_newuname(struct new_utsname __user * name) # probe syscall.newuname = kernel.function("sys_newuname") { name = "newuname" name_uaddr = $name argstr = sprintf("[0x%p]", name_uaddr) } probe syscall.newuname.return = kernel.function("sys_newuname").return { name = "newuname" retstr = returnstr(1) } # nfsservctl _________________________________________________ # # long asmlinkage # sys_nfsservctl(int cmd, # struct nfsctl_arg __user *arg, # void __user *res) # probe syscall.nfsservctl = kernel.function("sys_nfsservctl") { name = "nfsservctl" cmd = $cmd argp_uaddr = $arg resp_uaddr = $res argstr = sprintf("0x%p, [0x%p], [0x%p]", cmd, argp_uaddr, resp_uaddr) } probe syscall.nfsservctl.return = kernel.function("sys_nfsservctl").return { name = "nfsservctl" retstr = returnstr(1) } # nice _______________________________________________________ # # asmlinkage long # sys_nice(int increment) # probe syscall.nice = kernel.function("sys_nice") { name = "nice" inc = $increment argstr = sprintf("%d", inc) } probe syscall.nice.return = kernel.function("sys_nice").return { name = "nice" retstr = returnstr(1) } # ni_syscall _________________________________________________ # # asmlinkage long # sys_ni_syscall(void) # probe syscall.ni_syscall = kernel.function("sys_ni_syscall") { name = "ni_syscall" argstr = "" } probe syscall.ni_syscall.return = kernel.function("sys_ni_syscall").return { name = "ni_syscall" retstr = returnstr(1) } # old_getrlimit ______________________________________________ # # asmlinkage long # sys_old_getrlimit(unsigned int resource, # struct rlimit __user *rlim) # probe syscall.old_getrlimit = kernel.function("sys_old_getrlimit") { name = "old_getrlimit" resource = $resource resource_str = _rlimit_resource_str($resource) rlim_uaddr = $rlim argstr = sprintf("%s, [0x%p]", resource_str, rlim_uaddr) } probe syscall.old_getrlimit.return = kernel.function("sys_old_getrlimit").return { name = "old_getrlimit" retstr = returnstr(1) } # oldumount __________________________________________________ # # asmlinkage long # sys_oldumount(char __user * name) # probe syscall.oldumount = kernel.function("sys_umount") { name = "oldumount" name_str = user_string($name) /* man page 2 umount shows the argument name as "target" */ target = name_str argstr = name_str } probe syscall.oldumount.return = kernel.function("sys_umount").return { name = "oldumount" retstr = returnstr(1) } # pause ______________________________________________________ # # sys_pause(void) # probe syscall.pause = kernel.function("sys_pause") { name = "pause" argstr = "" } probe syscall.pause.return = kernel.function("sys_pause").return { name = "pause" retstr = returnstr(1) } # pciconfig_iobase ___________________________________________ # # asmlinkage long # sys_pciconfig_iobase(long which, # unsigned long bus, # unsigned long dfn) # # #probe syscall.pciconfig_iobase = kernel.function("sys_pciconfig_iobase") { # name = "pciconfig_iobase" # which = $which # bus = $bus # dfn = $dfn # argstr = sprintf("0x%p, 0x%p, 0x%p", which, bus, dfn) #} #probe syscall.pciconfig_iobase.return = kernel.function("sys_pciconfig_iobase").return { # name = "pciconfig_iobase" # retstr = returnstr(1) #} # pciconfig_read _____________________________________________ # # asmlinkage int # sys_pciconfig_read(unsigned long bus, # unsigned long dfn, # unsigned long off, # unsigned long len, # unsigned char *buf) # { return 0; } # # #probe syscall.pciconfig_read = kernel.function("sys_pciconfig_read") { # name = "pciconfig_read" # bus = $bus # dfn = $dfn # off = $off # len = $len # buf_uaddr = $buf # argstr = sprintf("0x%p, 0x%p, 0x%p, %d, [0x%p]", bus, dfn, off, # len, buf_uaddr) #} #probe syscall.pciconfig_read.return = # kernel.function("sys_pciconfig_read").return { # name = "pciconfig_read" # retstr = returnstr(1) #} # pciconfig_write ____________________________________________ # # asmlinkage int # sys_pciconfig_write(unsigned long bus, # unsigned long dfn, # unsigned long off, # unsigned long len, # unsigned char *buf) # # #probe syscall.pciconfig_write = kernel.function("sys_pciconfig_write") { # name = "pciconfig_write" # bus = $bus # dfn = $dfn # off = $off # len = $len # buf_uaddr = $buf # argstr = sprintf("0x%p, 0x%p, 0x%p, %d, [0x%p]", bus, dfn, off, # len, buf_uaddr) #} #probe syscall.pciconfig_write.return = # kernel.function("sys_pciconfig_write").return { # name = "pciconfig_write" # retstr = returnstr(1) #} # personality ________________________________________________ # # asmlinkage long # sys_personality(u_long personality) # probe syscall.personality = kernel.function("sys_personality") { name = "personality" persona = $personality argstr = sprintf("0x%p", persona); } probe syscall.personality.return = kernel.function("sys_personality").return { name = "personality" retstr = returnstr(1) } # pipe _______________________________________________________ # # asmlinkage int # sys_pipe(unsigned long __user * fildes) # probe syscall.pipe = kernel.function("sys_pipe") { name = "pipe" fildes_uaddr = $fildes argstr = _fildes_u(fildes_uaddr) } probe syscall.pipe.return = kernel.function("sys_pipe").return { name = "pipe" retstr = returnstr(1) } # pivot_root _________________________________________________ # # asmlinkage long # sys_pivot_root(const char __user *new_root, # const char __user *put_old) # probe syscall.pivot_root = kernel.function("sys_pivot_root") { name = "pivot_root" new_root_str = user_string($new_root) old_root_str = user_string($put_old) argstr = sprintf("%s, %s", new_root_str, old_root_str) } probe syscall.pivot_root.return = kernel.function("sys_pivot_root").return { name = "pivot_root" retstr = returnstr(1) } # poll _______________________________________________________ # # asmlinkage long # sys_poll(struct pollfd __user * ufds, # unsigned int nfds, # long timeout) # probe syscall.poll = kernel.function("sys_poll") { name = "poll" ufds_uaddr = $ufds nfds = $nfds %( kernel_vr > "2.6.15-1.1831" %? timeout = $timeout_msecs %: timeout = $timeout %) argstr = sprintf("[0x%p], %d, %d", ufds_uaddr, nfds, timeout) } probe syscall.poll.return = kernel.function("sys_poll").return { name = "poll" retstr = returnstr(1) } # prctl ______________________________________________________ # # asmlinkage long # sys_prctl(int option, # unsigned long arg2, # unsigned long arg3, # unsigned long arg4, # unsigned long arg5) # probe syscall.prctl = kernel.function("sys_prctl") { name = "prctl" option = $option arg2 = $arg2 arg3 = $arg3 arg4 = $arg4 arg5 = $arg5 argstr = sprintf("0x%p, 0x%p, 0x%p, 0x%p, 0x%p", option, arg2, arg3, arg4, arg5) } probe syscall.prctl.return = kernel.function("sys_prctl").return { name = "prctl" retstr = returnstr(1) } # pread64 ____________________________________________________ # # asmlinkage ssize_t # sys_pread64(unsigned int fd, # char __user *buf, # size_t count, # loff_t pos) # probe syscall.pread64 = kernel.function("sys_pread64") { name = "pread64" fd = $fd buf_uaddr = $buf count = $count offset = $pos argstr = sprintf("%d, [0x%p], 0x%p, 0x%p", fd, buf_uaddr, count, offset) } probe syscall.pread64.return = kernel.function("sys_pread64").return { name = "pread64" retstr = returnstr(1) } # ptrace _____________________________________________________ # # asmlinkage int # sys_ptrace(long request, # long pid, # long addr, # long data) # probe syscall.ptrace = kernel.function("sys_ptrace") { name = "ptrace" request = $request pid = $pid addr = $addr data = $data argstr = sprintf("0x%p, 0x%p, 0x%p, 0x%p", request, pid, addr, data) } probe syscall.ptrace.return = kernel.function("sys_ptrace").return { name = "ptrace" retstr = returnstr(1) } # pwrite64 ___________________________________________________ # # asmlinkage ssize_t # sys_pwrite64(unsigned int fd, # const char __user *buf, # size_t count, # loff_t pos) # probe syscall.pwrite64 = kernel.function("sys_pwrite64") { name = "pwrite64" fd = $fd buf_uaddr = $buf count = $count offset = $pos argstr = sprintf("%d, [0x%p], 0x%p, 0x%p", fd, buf_uaddr, count, offset) } probe syscall.pwrite64.return = kernel.function("sys_pwrite64").return { name = "pwrite64" retstr = returnstr(1) } # readahead __________________________________________________ # # asmlinkage ssize_t # sys_readahead(int fd, # loff_t offset, # size_t count) # probe syscall.readahead = kernel.function("sys_readahead") { name = "readahead" fd = $fd offset = $offset count = $count argstr = sprintf("%d, 0x%p, 0x%p", fd, offset, count) } probe syscall.readahead.return = kernel.function("sys_readahead").return { name = "readahead" retstr = returnstr(1) } # readlink ___________________________________________________ # # asmlinkage long # sys_readlink(const char __user * path, # char __user * buf, # int bufsiz) # probe syscall.readlink = kernel.function("sys_readlink") { name = "readlink" path_uaddr = $path path_str = user_string(path_uaddr) buf_uaddr = $buf bufsiz = $bufsiz argstr = sprintf("%s, [0x%p], 0x%p", path_str, buf_uaddr, bufsiz) } probe syscall.readlink.return = kernel.function("sys_readlink").return { name = "readlink" retstr = returnstr(1) } # readv ______________________________________________________ # # asmlinkage ssize_t # sys_readv(unsigned long fd, # const struct iovec __user *vec, # unsigned long vlen) # probe syscall.readv = kernel.function("sys_readv") { name = "readv" vector_uaddr = $vec count = $vlen /* FIXME: RHEL4 U3 ppc64 can't resolve $fd */ %( arch != "ppc64" %? fd = $fd argstr = sprintf("%d, [0x%p], 0x%p", fd, vector_uaddr, count) %: argstr = sprintf("unknown fd, [0x%p], 0x%p", vector_uaddr, count) %) } probe syscall.readv.return = kernel.function("sys_readv").return { name = "readv" retstr = returnstr(1) } # reboot _____________________________________________________ # # asmlinkage long # sys_reboot(int magic1, # int magic2, # unsigned int cmd, # void __user * arg) # probe syscall.reboot = kernel.function("sys_reboot") { name = "reboot" magic = $magic1 magic_str = _reboot_magic_str($magic1) magic2 = $magic2 magic2_str =_reboot_magic_str($magic2) flag = $cmd flag_str = _reboot_flag_str(flag) arg_uaddr = $arg argstr = sprintf("%s, %s, %s, [0x%p]", magic_str, magic2_str, flag_str, arg_uaddr) } probe syscall.reboot.return = kernel.function("sys_reboot").return { name = "reboot" retstr = returnstr(1) } # recv _______________________________________________________ # # asmlinkage long # sys_recvfrom(int fd, # void __user * ubuf, # size_t size, # unsigned flags, # struct sockaddr __user *addr, # int __user *addr_len) # probe syscall.recv = kernel.function("sys_recvfrom") { name = "recv" s = $fd buf_uaddr = $ubuf len = $size flags = $flags flags_str = _recvflags_str($flags) addr_uaddr = $addr addrlen_uaddr = $addr_len argstr = sprintf("%d, [0x%p], 0x%p, %s, [0x%p], 0x%p", s, buf_uaddr, len, flags_str, addr_uaddr, addrlen_uaddr) } probe syscall.recv.return = kernel.function("sys_recvfrom").return { name = "recv" retstr = returnstr(1) } # recvfrom ___________________________________________________ # # asmlinkage long # sys_recvfrom(int fd, # void __user * ubuf, # size_t size, # unsigned flags, # struct sockaddr __user *addr, # int __user *addr_len) # probe syscall.recvfrom = kernel.function("sys_recvfrom") { name = "recvfrom" s = $fd buf_uaddr = $ubuf len = $size flags = $flags flags_str = _recvflags_str($flags) addr_uaddr = $addr addrlen_uaddr = $addr_len argstr = sprintf("%d, [0x%p], 0x%p, %s, 0x%p, 0x%p", s, buf_uaddr, len, flags_str, addr_uaddr, addrlen_uaddr) } probe syscall.recvfrom.return = kernel.function("sys_recvfrom").return { name = "recvfrom" retstr = returnstr(1) } # recvmsg ____________________________________________________ # # asmlinkage long # sys_recvmsg(int fd, # struct msghdr __user *msg, # unsigned int flags) # probe syscall.recvmsg = kernel.function("sys_recvmsg") { name = "recvmsg" s = $fd msg_uaddr = $msg flags = $flags flags_str = _recvflags_str($flags) argstr = sprintf("%d, [0x%p], %s", s, msg_uaddr, flags_str) } probe syscall.recvmsg.return = kernel.function("sys_recvmsg").return { name = "recvmsg" retstr = returnstr(1) } # remap_file_pages ___________________________________________ # # asmlinkage long # sys_remap_file_pages(unsigned long start, # unsigned long size, # unsigned long __prot, # unsigned long pgoff, # unsigned long flags) # probe syscall.remap_file_pages = kernel.function("sys_remap_file_pages") { name = "remap_file_pages" start = $start size = $size prot = $__prot pgoff = $pgoff flags = $flags argstr = sprintf("0x%p, 0x%p, 0x%p, 0x%p, 0x%p", start, size, prot, pgoff, flags) } probe syscall.remap_file_pages.return = kernel.function("sys_remap_file_pages").return { name = "remap_file_pages" retstr = returnstr(1) } # removexattr ________________________________________________ # # asmlinkage long # sys_removexattr(char __user *path, # char __user *name) # probe syscall.removexattr = kernel.function("sys_removexattr") { name = "removexattr" path = user_string($path) name_str = user_string($name) argstr = sprintf("%s, %s", path, name_str) } probe syscall.removexattr.return = kernel.function("sys_removexattr").return { name = "removexattr" retstr = returnstr(1) } # rename _____________________________________________________ # # asmlinkage long # sys_rename(const char __user * oldname, # const char __user * newname) # probe syscall.rename = kernel.function("sys_rename") { name = "rename" oldpath = user_string($oldname) newpath = user_string($newname) argstr = sprintf("%s, %s", oldpath, newpath) } probe syscall.rename.return = kernel.function("sys_rename").return { name = "rename" retstr = returnstr(1) } # restart_syscall ____________________________________________ # # asmlinkage long # sys_restart_syscall(void) # probe syscall.restart_syscall = kernel.function("sys_restart_syscall") { name = "restart_syscall" argstr = "" } probe syscall.restart_syscall.return = kernel.function("sys_restart_syscall").return { name = "restart_syscall" retstr = returnstr(1) } # rmdir ______________________________________________________ # # asmlinkage long # sys_rmdir(const char __user * pathname) # probe syscall.rmdir = kernel.function("sys_rmdir") { name = "rmdir" pathname = user_string($pathname) argstr = pathname } probe syscall.rmdir.return = kernel.function("sys_rmdir").return { name = "rmdir" retstr = returnstr(1) } # rt_sigaction _______________________________________________ # # asmlinkage long # sys_rt_sigaction(int sig, # const struct sigaction __user *act, # struct sigaction __user *oact, # size_t sigsetsize) # probe syscall.rt_sigaction = kernel.function("sys_rt_sigaction") { name = "rt_sigaction" sig = $sig act_uaddr = $act oact_uaddr = $oact sigsetsize = $sigsetsize argstr = sprintf("%s, [0x%p], [0x%p], 0x%p", _signal_name($sig), act_uaddr, oact_uaddr, sigsetsize) } probe syscall.rt_sigaction.return = kernel.function("sys_rt_sigaction").return { name = "rt_sigaction" retstr = returnstr(1) } # rt_sigpending ______________________________________________ # # asmlinkage long # sys_rt_sigpending(sigset_t __user *set, # size_t sigsetsize) # probe syscall.rt_sigpending = kernel.function("do_sigpending") { name = "rt_sigpending" set_uaddr = $set sigsetsize = $sigsetsize argstr = sprintf("[0x%p], 0x%p", set_uaddr, sigsetsize) } probe syscall.rt_sigpending.return = kernel.function("do_sigpending").return { name = "rt_sigpending" retstr = returnstr(1) } # rt_sigprocmask _____________________________________________ # # asmlinkage long # sys_rt_sigprocmask(int how, # sigset_t __user *set, # sigset_t __user *oset, # size_t sigsetsize) # probe syscall.rt_sigprocmask = kernel.function("sys_rt_sigprocmask") { name = "rt_sigprocmask" how = $how how_str = _sigprocmask_how_str($how) set_uaddr = $set oset_uaddr = $oset sigsetsize = $sigsetsize argstr = sprintf("%s, [0x%p], [0x%p], 0x%p", how_str, set_uaddr, oset_uaddr, sigsetsize) } probe syscall.rt_sigprocmask.return = kernel.function("sys_rt_sigprocmask").return { name = "rt_sigprocmask" retstr = returnstr(1) } # rt_sigqueueinfo ____________________________________________ # # asmlinkage long # sys_rt_sigqueueinfo(int pid, # int sig, # siginfo_t __user *uinfo) # probe syscall.rt_sigqueueinfo = kernel.function("sys_rt_sigqueueinfo") { name = "rt_sigqueueinfo" pid = $pid sig = $sig uinfo_uaddr = $uinfo argstr = sprintf("0x%p, %s, [0x%p]", pid, _signal_name($sig), uinfo_uaddr) } probe syscall.rt_sigqueueinfo.return = kernel.function("sys_rt_sigqueueinfo").return { name = "rt_sigqueueinfo" retstr = returnstr(1) } # rt_sigsuspend ______________________________________________ # # asmlinkage int # sys_rt_sigsuspend(struct pt_regs regs) # probe syscall.rt_sigsuspend = kernel.function("sys_rt_sigsuspend") { name = "rt_sigsuspend" regs = $regs argstr = "" } probe syscall.rt_sigsuspend.return = kernel.function("sys_rt_sigsuspend").return { name = "rt_sigsuspend" retstr = returnstr(1) } # rt_sigtimedwait ____________________________________________ # # asmlinkage long # sys_rt_sigtimedwait(const sigset_t __user *uthese, # siginfo_t __user *uinfo, # const struct timespec __user *uts, # size_t sigsetsize) # probe syscall.rt_sigtimedwait = kernel.function("sys_rt_sigtimedwait") { name = "rt_sigtimedwait" uthese_uaddr = $uthese uinfo_uaddr = $uinfo uts_uaddr = $uts sigsetsize = $sigsetsize argstr = sprintf("[0x%p], [0x%p], [0x%p], 0x%p", uthese_uaddr, uinfo_uaddr, uts_uaddr, sigsetsize) } probe syscall.rt_sigtimedwait.return = kernel.function("sys_rt_sigtimedwait").return { name = "rt_sigtimedwait" retstr = returnstr(1) } # sched_getaffinity __________________________________________ # # asmlinkage long # sys_sched_getaffinity(pid_t pid, # unsigned int len, # unsigned long __user *user_mask_ptr) # probe syscall.sched_getaffinity = kernel.function("sys_sched_getaffinity") { name = "sched_getaffinity" pid = $pid len = $len mask_uaddr = $user_mask_ptr argstr = sprintf("%d, 0x%p, [0x%p]", pid, len, mask_uaddr) } probe syscall.sched_getaffinity.return = kernel.function("sys_sched_getaffinity").return { name = "sched_getaffinity" retstr = returnstr(1) } # sched_getparam _____________________________________________ # # asmlinkage long # sys_sched_getparam(pid_t pid, # struct sched_param __user *param) # probe syscall.sched_getparam = kernel.function("sys_sched_getparam") { name = "sched_getparam" pid = $pid p_uaddr = $param argstr = sprintf("%d, [0x%p]", pid, p_uaddr) } probe syscall.sched_getparam.return = kernel.function("sys_sched_getparam").return { name = "sched_getparam" retstr = returnstr(1) } # sched_get_priority_max _____________________________________ # # asmlinkage long # sys_sched_get_priority_max(int policy) # probe syscall.sched_get_priority_max = kernel.function("sys_sched_get_priority_max") { name = "sched_get_priority_max" policy = $policy argstr = sprint(policy) } probe syscall.sched_get_priority_max.return = kernel.function("sys_sched_get_priority_max").return { name = "sched_get_priority_max" retstr = returnstr(1) } # sched_get_priority_min _____________________________________ # # asmlinkage long # sys_sched_get_priority_min(int policy) # probe syscall.sched_get_priority_min = kernel.function("sys_sched_get_priority_min") { name = "sched_get_priority_min" policy = $policy argstr = sprint(policy) } probe syscall.sched_get_priority_min.return = kernel.function("sys_sched_get_priority_min").return { name = "sched_get_priority_min" retstr = returnstr(1) } # sched_getscheduler _________________________________________ # # asmlinkage long # sys_sched_getscheduler(pid_t pid) # probe syscall.sched_getscheduler = kernel.function("sys_sched_getscheduler") { name = "sched_getscheduler" pid = $pid argstr = sprint(pid) } probe syscall.sched_getscheduler.return = kernel.function("sys_sched_getscheduler").return { name = "sched_getscheduler" retstr = returnstr(1) } # sched_rr_get_interval ______________________________________ # # asmlinkage long # sys_sched_rr_get_interval(pid_t pid, # struct timespec __user *interval) # probe syscall.sched_rr_get_interval = kernel.function("sys_sched_rr_get_interval") { name = "sched_rr_get_interval" pid = $pid tp_uaddr = $interval argstr = sprintf("%d, %s", pid, _struct_timespec_u(tp_uaddr)) } probe syscall.sched_rr_get_interval.return = kernel.function("sys_sched_rr_get_interval").return { name = "sched_rr_get_interval" retstr = returnstr(1) } # sched_yield ________________________________________________ # # asmlinkage long # sys_sched_yield(void) # probe syscall.sched_yield = kernel.function("sys_sched_yield") { name = "sched_yield" argstr = "" } probe syscall.sched_yield.return = kernel.function("sys_sched_yield").return { name = "sched_yield" retstr = returnstr(1) } # select _____________________________________________________ # # asmlinkage long # sys_select(int n, # fd_set __user *inp, # fd_set __user *outp, # fd_set __user *exp, # struct timeval __user *tvp) # probe syscall.select = kernel.function("sys_select") { name = "select" n = $n readfds_uaddr = $inp writefds_uaddr = $outp exceptfds_uaddr = $exp timeout_uaddr = $tvp argstr = sprintf("%d, %s, %s, %s, %s", n, _fd_set_u(readfds_uaddr), _fd_set_u(writefds_uaddr), _fd_set_u(exceptfds_uaddr), _struct_timeval_u(timeout_uaddr)) } probe syscall.select.return = kernel.function("sys_select").return { name = "select" retstr = returnstr(1) } # semctl _____________________________________________________ # # asmlinkage long # sys_semctl (int semid, # int semnum, # int cmd, # union semun arg) # probe syscall.semctl = kernel.function("sys_semctl") { name = "semctl" semid = $semid semnum = $semnum cmd = $cmd /* * unsupported type tag identifier '$arg' * arg = $arg */ argstr = sprintf("%d, %d, %s", semid, semnum, _semctl_cmd(cmd)) } probe syscall.semctl.return = kernel.function("sys_semctl").return { name = "semctl" retstr = returnstr(1) } # semget _____________________________________________________ # # asmlinkage long # sys_semget (key_t key, # int nsems, # int semflg) # probe syscall.semget = kernel.function("sys_semget") { name = "semget" key = $key nsems = $nsems semflg = $semflg argstr = sprintf("%d, %d, %s", key, nsems, __sem_flags(semflg)) } probe syscall.semget.return = kernel.function("sys_semget").return { name = "semget" retstr = returnstr(1) } # semop ______________________________________________________ # # asmlinkage long # sys_semop (int semid, # struct sembuf __user *tsops, # unsigned nsops) # probe syscall.semop = kernel.function("sys_semtimedop") { name = "semop" semid = $semid tsops_uaddr = $tsops nsops = $nsops argstr = sprintf("%d, [0x%p], %d", semid, tsops_uaddr, nsops) } probe syscall.semop.return = kernel.function("sys_semtimedop").return { name = "semop" retstr = returnstr(1) } # semtimedop _________________________________________________ # # asmlinkage long # sys_semtimedop(int semid, # struct sembuf __user *tsops, # unsigned nsops, # const struct timespec __user *timeout) # probe syscall.semtimedop = kernel.function("sys_semtimedop") { name = "semtimedop" semid = $semid sops_uaddr = $tsops nsops = $nsops timeout_uaddr = $timeout argstr = sprintf("%d, [0x%p], %d, %s", semid, sops_uaddr, nsops, _struct_timespec_u(timeout_uaddr)) } probe syscall.semtimedop.return = kernel.function("sys_semtimedop").return { name = "semtimedop" retstr = returnstr(1) } # send _______________________________________________________ # # asmlinkage long # sys_sendto(int fd, # void __user * buff, # size_t len, # unsigned flags, # struct sockaddr __user *addr, # int addr_len) # probe syscall.send = kernel.function("sys_sendto") { name = "send" s = $fd buf_uaddr = $buff len = $len flags = $flags flags_str = _send_flags_str($flags) to_uaddr = $addr tolen = $addr_len argstr = sprintf("%d, [0x%p], %s, [0x%p], %d", $fd, buf_uaddr, flags_str, to_uaddr, $addr_len) } probe syscall.send.return = kernel.function("sys_sendto").return { name = "send" retstr = returnstr(1) } # sendfile ___________________________________________________ # # asmlinkage ssize_t # sys_sendfile(int out_fd, # int in_fd, # off_t __user *offset, # size_t count) # probe syscall.sendfile = kernel.function("sys_sendfile") { name = "sendfile" out_fd = $out_fd in_fd = $in_fd offset_uaddr = $offset count = $count argstr = sprintf("%d, %d, [0x%p], %d", $out_fd, $in_fd, offset_uaddr, $count) } probe syscall.sendfile.return = kernel.function("sys_sendfile").return { name = "sendfile" retstr = returnstr(1) } # sendfile64 _________________________________________________ # # asmlinkage ssize_t # sys_sendfile64(int out_fd, # int in_fd, # loff_t __user *offset, # size_t count) # probe syscall.sendfile64 = kernel.function("sys_sendfile64") { name = "sendfile64" out_fd = $out_fd in_fd = $in_fd offset_uaddr = $offset count = $count argstr = sprintf("%d, %d, [0x%p], %d", $out_fd, $in_fd, offset_uaddr, $count) } probe syscall.sendfile64.return = kernel.function("sys_sendfile64").return { name = "sendfile64" retstr = returnstr(1) } # sendmsg ____________________________________________________ # # asmlinkage long # sys_sendmsg(int fd, # struct msghdr __user *msg, # unsigned flags) # probe syscall.sendmsg = kernel.function("sys_sendmsg") { name = "sendmsg" s = $fd msg_uaddr = $msg flags = $flags flags_str = _send_flags_str($flags) argstr = sprintf("%d, [0x%p], %s", $fd, msg_uaddr, flags_str) } probe syscall.sendmsg.return = kernel.function("sys_sendmsg").return { name = "sendmsg" retstr = returnstr(1) } # sendto _____________________________________________________ # # asmlinkage long # sys_sendto(int fd, # void __user * buff, # size_t len, # unsigned flags, # struct sockaddr __user *addr, # int addr_len) # probe syscall.sendto = kernel.function("sys_sendto") { name = "sendto" s = $fd buf_uaddr = $buff len = $len flags = $flags flags_str = _send_flags_str($flags) to_uaddr = $addr tolen = $addr_len argstr = sprintf("%d, [0x%p], %d, %s, [0x%p], %d", $fd, buf_uaddr, $len, flags_str, to_uaddr, $addr_len) } probe syscall.sendto.return = kernel.function("sys_sendto").return { name = "sendto" retstr = returnstr(1) } # setdomainname ______________________________________________ # # asmlinkage long # sys_setdomainname(char __user *name, # int len) # probe syscall.setdomainname = kernel.function("sys_setdomainname") { name = "setdomainname" hostname_uaddr = $name len = $len argstr = "" } probe syscall.setdomainname.return = kernel.function("sys_setdomainname").return { name = "setdomainname" retstr = returnstr(1) } # setfsgid ___________________________________________________ # # asmlinkage long # sys_setfsgid(gid_t gid) # probe syscall.setfsgid = kernel.function("sys_setfsgid") { name = "setfsgid" fsgid = $gid argstr = sprint($gid) } probe syscall.setfsgid.return = kernel.function("sys_setfsgid").return { name = "setfsgid" retstr = returnstr(1) } # setfsgid16 _________________________________________________ # # asmlinkage long # sys_setfsgid16(old_gid_t gid) # probe syscall.setfsgid16 = kernel.function("sys_setfsgid") { name = "setfsgid16" gid = $gid argstr = sprint($gid) } probe syscall.setfsgid16.return = kernel.function("sys_setfsgid").return { name = "setfsgid16" retstr = returnstr(1) } # setfsuid ___________________________________________________ # # asmlinkage long # sys_setfsuid(uid_t uid) # probe syscall.setfsuid = kernel.function("sys_setfsuid") { name = "setfsuid" fsuid = $uid argstr = sprint($uid) } probe syscall.setfsuid.return = kernel.function("sys_setfsuid").return { name = "setfsuid" retstr = returnstr(1) } # setfsuid16 _________________________________________________ # # asmlinkage long # sys_setfsuid16(old_uid_t uid) # probe syscall.setfsuid16 = kernel.function("sys_setfsuid") { name = "setfsuid16" uid = $uid argstr = sprint($uid) } probe syscall.setfsuid16.return = kernel.function("sys_setfsuid").return { name = "setfsuid16" retstr = returnstr(1) } # setgid _____________________________________________________ # # asmlinkage long # sys_setgid(gid_t gid) # probe syscall.setgid = kernel.function("sys_setgid") { name = "setgid" gid = $gid argstr = sprint($gid) } probe syscall.setgid.return = kernel.function("sys_setgid").return { name = "setgid" retstr = returnstr(1) } # setgid16 ___________________________________________________ # # asmlinkage long # sys_setgid16(old_gid_t gid) # probe syscall.setgid16 = kernel.function("sys_setgid") { name = "setgid16" gid = $gid argstr = sprint($gid) } probe syscall.setgid16.return = kernel.function("sys_setgid").return { name = "setgid16" retstr = returnstr(1) } # setgroups __________________________________________________ # # asmlinkage long # sys_setgroups(int gidsetsize, # gid_t __user *grouplist) # probe syscall.setgroups = kernel.function("sys_setgroups") { name = "setgroups" size = $gidsetsize /* * NOTE * list defined as "gid_t list[]" there * is no practical way to export these * values. Therefore just export addr, * let the user take care of it with * embedded C if need be. */ list_uaddr = $grouplist argstr = sprintf("%d, [0x%p]", $gidsetsize, list_uaddr) } probe syscall.setgroups.return = kernel.function("sys_setgroups").return { name = "setgroups" retstr = returnstr(1) } # sethostname ________________________________________________ # # asmlinkage long # sys_sethostname(char __user *name, # int len) # probe syscall.sethostname = kernel.function("sys_sethostname") { name = "sethostname" hostname_uaddr = $name name_str = user_string($name) len = $len argstr = sprintf("%s, %d", name_str, $len) } probe syscall.sethostname.return = kernel.function("sys_sethostname").return { name = "sethostname" retstr = returnstr(1) } # setitimer __________________________________________________ # # asmlinkage long # sys_setitimer(int which, # struct itimerval __user *value, # struct itimerval __user *ovalue) # probe syscall.setitimer = kernel.function("sys_setitimer") { name = "setitimer" which = $which value_uaddr = $value ovalue_uaddr = $ovalue argstr = sprintf("%s, %s, 0x%p", _itimer_which_str($which), _struct_itimerval_u($value), $ovalue) } probe syscall.setitimer.return = kernel.function("sys_setitimer").return { name = "setitimer" retstr = returnstr(1) } # setpgid ____________________________________________________ # # asmlinkage long # sys_setpgid(pid_t pid, # pid_t pgid) # probe syscall.setpgid = kernel.function("sys_setpgid") { name = "setpgid" pid = $pid pgid = $pgid argstr = sprintf("%d, %d", $pid, $pgid) } probe syscall.setpgid.return = kernel.function("sys_setpgid").return { name = "setpgid" retstr = returnstr(1) } # setpriority ________________________________________________ # # asmlinkage long # sys_setpriority(int which, # int who, # int niceval) # probe syscall.setpriority = kernel.function("sys_setpriority") { name = "setpriority" which = $which which_str = _priority_which_str($which) who = $who prio = $niceval argstr = sprintf("%s, %d, %d", which_str, $who, $niceval) } probe syscall.setpriority.return = kernel.function("sys_setpriority").return { name = "setpriority" retstr = returnstr(1) } # setregid ___________________________________________________ # # asmlinkage long # sys_setregid(gid_t rgid, # gid_t egid) # probe syscall.setregid = kernel.function("sys_setregid") { name = "setregid" rgid = $rgid egid = $egid argstr = sprintf("%d, %d", $rgid, $egid) } probe syscall.setregid.return = kernel.function("sys_setregid").return { name = "setregid" retstr = returnstr(1) } # setregid16 _________________________________________________ # # asmlinkage long # sys_setregid16(old_gid_t rgid, # old_gid_t egid) # probe syscall.setregid16 = kernel.function("sys_setregid") { name = "setregid16" rgid = $rgid egid = $egid argstr = sprintf("%d, %d", $rgid, $egid) } probe syscall.setregid16.return = kernel.function("sys_setregid").return { name = "setregid16" retstr = returnstr(1) } # setresgid __________________________________________________ # # asmlinkage long # sys_setresgid(gid_t rgid, # gid_t egid, # gid_t sgid) # probe syscall.setresgid = kernel.function("sys_setresgid") { name = "setresgid" rgid = $rgid egid = $egid sgid = $sgid argstr = sprintf("%d, %d, %d", $rgid, $egid, $sgid) } probe syscall.setresgid.return = kernel.function("sys_setresgid").return { name = "setresgid" retstr = returnstr(1) } # setresgid16 ________________________________________________ # # asmlinkage long # sys_setresgid16(old_gid_t rgid, # old_gid_t egid, # old_gid_t sgid) # probe syscall.setresgid16 = kernel.function("sys_setresgid") { name = "setresgid16" rgid = $rgid egid = $egid sgid = $sgid argstr = sprintf("%d, %d, %d", $rgid, $egid, $sgid) } probe syscall.setresgid16.return = kernel.function("sys_setresgid").return { name = "setresgid16" retstr = returnstr(1) } # setresuid __________________________________________________ # # asmlinkage long # sys_setresuid(uid_t ruid, # uid_t euid, # uid_t suid) # probe syscall.setresuid = kernel.function("sys_setresuid") { name = "setresuid" ruid = $ruid euid = $euid suid = $suid argstr = sprintf("%d, %d, %d", $ruid, $euid, $suid) } probe syscall.setresuid.return = kernel.function("sys_setresuid").return { name = "setresuid" retstr = returnstr(1) } # setresuid16 ________________________________________________ # # asmlinkage long # sys_setresuid16(old_uid_t ruid, # old_uid_t euid, # old_uid_t suid) # probe syscall.setresuid16 = kernel.function("sys_setresuid") { name = "setresuid16" ruid = $ruid euid = $euid suid = $suid argstr = sprintf("%d, %d, %d", $ruid, $euid, $suid) } probe syscall.setresuid16.return = kernel.function("sys_setresuid").return { name = "setresuid16" retstr = returnstr(1) } # setreuid ___________________________________________________ # # asmlinkage long # sys_setreuid(uid_t ruid, # uid_t euid) # probe syscall.setreuid = kernel.function("sys_setreuid") { name = "setreuid" ruid = $ruid euid = $euid argstr = sprintf("%d, %d", $ruid, $euid) } probe syscall.setreuid.return = kernel.function("sys_setreuid").return { name = "setreuid" retstr = returnstr(1) } # setreuid16 _________________________________________________ # # asmlinkage long # sys_setreuid16(old_uid_t ruid, # old_uid_t euid) # probe syscall.setreuid16 = kernel.function("sys_setreuid") { name = "setreuid16" ruid = $ruid euid = $euid argstr = sprintf("%d, %d", $ruid, $euid) } probe syscall.setreuid16.return = kernel.function("sys_setreuid").return { name = "setreuid16" retstr = returnstr(1) } # setrlimit __________________________________________________ # # asmlinkage long # sys_setrlimit(unsigned int resource, # struct rlimit __user *rlim) # probe syscall.setrlimit = kernel.function("sys_setrlimit") { name = "setrlimit" resource = $resource rlim_uaddr = $rlim argstr = sprintf("%s, %s", _rlimit_resource_str($resource), _struct_rlimit_u($rlim)) } probe syscall.setrlimit.return = kernel.function("sys_setrlimit").return { name = "setrlimit" retstr = returnstr(1) } # setsid _____________________________________________________ # # asmlinkage long # sys_setsid(void) # probe syscall.setsid = kernel.function("sys_setsid") { name = "setsid" argstr = "" } probe syscall.setsid.return = kernel.function("sys_setsid").return { name = "setsid" retstr = returnstr(1) } # setsockopt _________________________________________________ # # asmlinkage long # sys_setsockopt(int fd, # int level, # int optname, # char __user *optval, # int optlen) # probe syscall.setsockopt = kernel.function("sys_setsockopt") { name = "setsockopt" fd = $fd level = $level level_str = _sockopt_level_str($level) optname = $optname optname_str = _sockopt_optname_str($optname) optval_uaddr = $optval optlen = $optlen argstr = sprintf("%d, %s, %s, [0x%p], %d", $fd, level_str, optname_str, optval_uaddr, $optlen) } probe syscall.setsockopt.return = kernel.function("sys_setsockopt").return { name = "setsockopt" retstr = returnstr(1) } # set_tid_address ____________________________________________ # # asmlinkage long # sys_set_tid_address(int __user *tidptr) # probe syscall.set_tid_address = kernel.function("sys_set_tid_address") { name = "set_tid_address" tidptr_uaddr = $tidptr argstr = sprintf("[0x%p]", tidptr_uaddr) } probe syscall.set_tid_address.return = kernel.function("sys_set_tid_address").return { name = "set_tid_address" retstr = returnstr(1) } # settimeofday _______________________________________________ # # asmlinkage long # sys_settimeofday(struct timeval __user *tv, # struct timezone __user *tz) # probe syscall.settimeofday = kernel.function("sys_settimeofday") { name = "settimeofday" tv_uaddr = $tv tz_uaddr = $tz /* * XXX NOT SAFE -- might sleep * tv_tv_sec = __uget_tv_m($tv,0) * tv_tv_usec = __uget_tv_m($tv,1) * tz_tz_minuteswest = __uget_tz_m($tz,0) * tz_tz_dsttime = __uget_tz_m($tz,1) */ argstr = sprintf("%s, %s", _struct_timeval_u($tv), _struct_timezone_u($tz)) } probe syscall.settimeofday.return = kernel.function("sys_settimeofday").return { name = "settimeofday" retstr = returnstr(1) } # setuid _____________________________________________________ # # asmlinkage long # sys_setuid(uid_t uid) # probe syscall.setuid = kernel.function("sys_setuid") { name = "setuid" uid = $uid argstr = sprint($uid) } probe syscall.setuid.return = kernel.function("sys_setuid").return { name = "setuid" retstr = returnstr(1) } # setuid16 ___________________________________________________ # # asmlinkage long # sys_setuid16(old_uid_t uid) # probe syscall.setuid16 = kernel.function("sys_setuid") { name = "setuid16" uid = $uid argstr = sprint($uid) } probe syscall.setuid16.return = kernel.function("sys_setuid").return { name = "setuid16" retstr = returnstr(1) } # setxattr ___________________________________________________ # # asmlinkage long # sys_setxattr(char __user *path, # char __user *name, # void __user *value, # size_t size, # int flags) # probe syscall.setxattr = kernel.function("sys_setxattr") { name = "setxattr" path_uaddr = $path path = user_string($path) name_uaddr = $name name_str = user_string($name) value_uaddr = $value size = $size flags = $flags argstr = sprintf("%s, %s, [0x%p], %d, %d", path, name_str, value_uaddr, $size, $flags) } probe syscall.setxattr.return = kernel.function("sys_setxattr").return { name = "setxattr" retstr = returnstr(1) } # sgetmask ___________________________________________________ # # sys_sgetmask(void) # probe syscall.sgetmask = kernel.function("sys_sgetmask") { name = "sgetmask" argstr = "" } probe syscall.sgetmask.return = kernel.function("sys_sgetmask").return { name = "sgetmask" retstr = returnstr(1) } # shmctl _____________________________________________________ # # asmlinkage long # sys_shmctl (int shmid, # int cmd, # struct shmid_ds __user *buf) # probe syscall.shmctl = kernel.function("sys_shmctl") { name = "shmctl" shmid = $shmid cmd = $cmd buf_uaddr = $buf argstr = sprintf("%d, %s, [0x%p]", $shmid, _semctl_cmd($cmd), buf_uaddr) } probe syscall.shmctl.return = kernel.function("sys_shmctl").return { name = "shmctl" retstr = returnstr(1) } # shmdt ______________________________________________________ # # asmlinkage long # sys_shmdt(char __user *shmaddr) # probe syscall.shmdt = kernel.function("sys_shmdt") { name = "shmdt" shmaddr_uaddr = $shmaddr argstr = sprintf("[0x%p]", shmaddr_uaddr) } probe syscall.shmdt.return = kernel.function("sys_shmdt").return { name = "shmdt" retstr = returnstr(1) } # shmget _____________________________________________________ # # asmlinkage long # sys_shmget (key_t key, # size_t size, # int shmflg) # probe syscall.shmget = kernel.function("sys_shmget") { name = "shmget" key = $key size = $size shmflg = $shmflg argstr = sprintf("%d, %d, %d", $key, $size, $shmflg) } probe syscall.shmget.return = kernel.function("sys_shmget").return { name = "shmget" retstr = returnstr(1) } # shutdown ___________________________________________________ # # asmlinkage long # sys_shutdown(int fd, # int how) # probe syscall.shutdown = kernel.function("sys_shutdown") { name = "shutdown" s = $fd how = $how how_str = _shutdown_how_str($how) argstr = sprintf("%d, %s", s, how_str) } probe syscall.shutdown.return = kernel.function("sys_shutdown").return { name = "shutdown" retstr = returnstr(1) } # signal _____________________________________________________ # # asmlinkage unsigned long # sys_signal(int sig, # __sighandler_t handler) # probe syscall.signal = kernel.function("sys_signal") { name = "signal" sig = $sig handler = $handler argstr = sprintf("%s, [0x%p]", _signal_name($sig), $handler) } probe syscall.signal.return = kernel.function("sys_signal").return { name = "signal" retstr = returnstr(1) } # sigpending _________________________________________________ # # long do_sigpending(void __user *set, # unsigned long sigsetsize) # probe syscall.sigpending = kernel.function("do_sigpending") { name = "sigpending" /* * NOTE * set is defined as * struct { * unsigned long int __val[128]; * } * theres is no practical way to export * these values. Therefore just export * addr, let the user take care of it * with embedded C if need be. */ set_uaddr = $set sigsetsize = $sigsetsize argstr = sprintf("[0x%p], %d", set_uaddr, $sigsetsize) } probe syscall.sigpending.return = kernel.function("do_sigpending").return { name = "sigpending" retstr = returnstr(1) } # sigprocmask ________________________________________________ # # asmlinkage long # sys_sigprocmask(int how, # old_sigset_t __user *set, # old_sigset_t __user *oset) # probe syscall.sigprocmask = kernel.function("sys_sigprocmask") { name = "sigprocmask" how = $how how_str = _sigprocmask_how_str($how) /* * NOTE * set and oset are defined as * struct { * unsigned long int __val[128]; * } * theres is no practical way to export * these values. Therefore just export * addr, let the user take care of it * with embedded C if need be. */ set_uaddr = $set oldset_uaddr = $oset argstr = sprintf("%s, [0x%p], [0x%p]", how_str, set_uaddr, oldset_uaddr) } probe syscall.sigprocmask.return = kernel.function("sys_sigprocmask").return { name = "sigprocmask" retstr = returnstr(1) } # socket _____________________________________________________ # # asmlinkage long # sys_socket(int family, # int type, # int protocol) # probe syscall.socket = kernel.function("sys_socket") { name = "socket" family = $family type = $type protocol = $protocol argstr = sprintf("%s, %s, %d", _sock_family_str($family), _sock_type_str($type), $protocol) } probe syscall.socket.return = kernel.function("sys_socket").return { name = "socket" retstr = returnstr(1) } # socketcall _________________________________________________ # # asmlinkage long # sys_socketcall(int call, # unsigned long __user *args) # probe syscall.socketcall = kernel.function("sys_socketcall") { name = "socketcall" call = $call args_uaddr = $args argstr = sprintf("%d, [0x%p]", $call, args_uaddr) } probe syscall.socketcall.return = kernel.function("sys_socketcall").return { name = "socketcall" retstr = returnstr(1) } # socketpair _________________________________________________ # # asmlinkage long # sys_socketpair(int family, # int type, # int protocol, # int __user *usockvec) # probe syscall.socketpair = kernel.function("sys_socketpair") { name = "socketpair" family = $family type = $type protocol = $protocol sv_uaddr = $usockvec argstr = sprintf("%s, %s, %d, [0x%p]", _sock_family_str($family), _sock_type_str($type), $protocol, sv_uaddr) } probe syscall.socketpair.return = kernel.function("sys_socketpair").return { name = "socketpair" retstr = returnstr(1) } # ssetmask ___________________________________________________ # # asmlinkage long # sys_ssetmask(int newmask) # probe syscall.ssetmask = kernel.function("sys_ssetmask") { name = "ssetmask" newmask = $newmask argstr = sprint($newmask) } probe syscall.ssetmask.return = kernel.function("sys_ssetmask").return { name = "ssetmask" retstr = returnstr(1) } # statfs _____________________________________________________ # # asmlinkage long # sys_statfs(const char __user * path, # struct statfs __user * buf) # probe syscall.statfs = kernel.function("sys_statfs") { name = "statfs" path_uaddr = $path path = user_string($path) buf_uaddr = $buf argstr = sprintf("%s, [0x%p]", path, buf_uaddr) } probe syscall.statfs.return = kernel.function("sys_statfs").return { name = "statfs" retstr = returnstr(1) } # statfs64 ___________________________________________________ # # asmlinkage long # sys_statfs64(const char __user *path, # size_t sz, # struct statfs64 __user *buf) # probe syscall.statfs64 = kernel.function("sys_statfs64") { name = "statfs64" path_uaddr = $path path = user_string($path) sz = $sz buf_uaddr = $buf argstr = sprintf("%s, %d, [0x%p]", path, $sz, buf_uaddr) } probe syscall.statfs64.return = kernel.function("sys_statfs64").return { name = "statfs64" retstr = returnstr(1) } # stime ______________________________________________________ # # asmlinkage long # sys_stime(time_t __user *tptr) # probe syscall.stime = kernel.function("sys_stime") { name = "stime" t_uaddr = $tptr /* Fixme, should just use get_user? */ argstr = sprintf("[0x%p]", t_uaddr) } probe syscall.stime.return = kernel.function("sys_stime").return { name = "stime" retstr = returnstr(1) } # swapoff ____________________________________________________ # # asmlinkage long # sys_swapoff(const char __user * specialfile) # probe syscall.swapoff = kernel.function("sys_swapoff") { name = "swapoff" path = user_string($specialfile) argstr = sprintf("%s", path) } probe syscall.swapoff.return = kernel.function("sys_swapoff").return { name = "swapoff" retstr = returnstr(1) } # swapon _____________________________________________________ # # asmlinkage long # sys_swapon(const char __user * specialfile, # int swap_flags) # probe syscall.swapon = kernel.function("sys_swapon") { name = "swapon" path = user_string($specialfile) swapflags = $swap_flags argstr = sprintf("%s, %d", path, swapflags) } probe syscall.swapon.return = kernel.function("sys_swapon").return { name = "swapon" retstr = returnstr(1) } # symlink ____________________________________________________ # # asmlinkage long # sys_symlink(const char __user * oldname, # const char __user * newname) # probe syscall.symlink = kernel.function("sys_symlink") { name = "symlink" oldpath = user_string($oldname) newpath = user_string($newname) argstr = sprintf("%s, %s", oldpath, newpath) } probe syscall.symlink.return = kernel.function("sys_symlink").return { name = "symlink" retstr = returnstr(1) } # sync _______________________________________________________ # # asmlinkage long # sys_sync(void) # probe syscall.sync = kernel.function("do_sync") { name = "sync" wait = $wait argstr = "" } probe syscall.sync.return = kernel.function("do_sync").return { name = "sync" retstr = returnstr(1) } # sysctl _____________________________________________________ # # asmlinkage long # sys_sysctl(struct __sysctl_args __user *args) # probe syscall.sysctl = kernel.function("sys_sysctl") { name = "sysctl" args_uaddr = $args argstr = sprintf("[0x%p]", args_uaddr) } probe syscall.sysctl.return = kernel.function("sys_sysctl").return { name = "sysctl" retstr = returnstr(1) } # sysfs ______________________________________________________ # # asmlinkage long # sys_sysfs(int option, # unsigned long arg1, # unsigned long arg2) # probe syscall.sysfs = kernel.function("sys_sysfs") { name = "sysfs" option = $option arg1 = $arg1 arg2 = $arg2 argstr = sprintf("%d, %d, %d", $option, $arg1, $arg2) } probe syscall.sysfs.return = kernel.function("sys_sysfs").return { name = "sysfs" retstr = returnstr(1) } # sysinfo ____________________________________________________ # # asmlinkage long # sys_sysinfo(struct sysinfo __user *info) # probe syscall.sysinfo = kernel.function("sys_sysinfo") { name = "sysinfo" info_uaddr = $info argstr = sprintf("[0x%p]", info_uaddr) } probe syscall.sysinfo.return = kernel.function("sys_sysinfo").return { name = "sysinfo" retstr = returnstr(1) } # syslog _____________________________________________________ # # asmlinkage long # sys_syslog(int type, # char __user * buf, # int len) # probe syscall.syslog = kernel.function("do_syslog") { name = "syslog" type = $type bufp_uaddr = $buf len = $len argstr = sprintf("%d, [0x%p], %d", $type, bufp_uaddr, $len) } probe syscall.syslog.return = kernel.function("do_syslog").return { name = "syslog" retstr = returnstr(1) } # tgkill _____________________________________________________ # # asmlinkage long # sys_tgkill(int tgid, # int pid, # int sig) # probe syscall.tgkill = kernel.function("sys_tgkill") { name = "tgkill" tgid = $tgid pid = $pid sig = $sig argstr = sprintf("%d, %d, %s", $tgid, $pid, _signal_name($sig)) } probe syscall.tgkill.return = kernel.function("sys_tgkill").return { name = "tgkill" retstr = returnstr(1) } # time _______________________________________________________ # # asmlinkage long # sys_time(time_t __user * tloc) # probe syscall.time = kernel.function("sys_time") { name = "time" t_uaddr = $tloc /* FIXME */ argstr = sprintf("[0x%p]", t_uaddr) } probe syscall.time.return = kernel.function("sys_time").return { name = "time" retstr = returnstr(1) } # timer_create _______________________________________________ # # asmlinkage long # sys_timer_create(clockid_t which_clock, # struct sigevent __user *timer_event_spec, # timer_t __user * created_timer_id) # probe syscall.timer_create = kernel.function("sys_timer_create") { name = "timer_create" clockid = $which_clock clockid_str = _get_wc_str($which_clock) evp_uaddr = $timer_event_spec timerid_uaddr = $created_timer_id /* * XXX NOT SAFE -- might sleep * timerid = __uget_num($created_timer_id) */ argstr = sprintf("%d, [0x%p], [0x%p]", $which_clock, evp_uaddr, timerid_uaddr) } probe syscall.timer_create.return = kernel.function("sys_timer_create").return { name = "timer_create" retstr = returnstr(1) } # timer_delete _______________________________________________ # # asmlinkage long # sys_timer_delete(timer_t timer_id) # probe syscall.timer_delete = kernel.function("sys_timer_delete") { name = "timer_delete" timerid = $timer_id argstr = sprint($timer_id) } probe syscall.timer_delete.return = kernel.function("sys_timer_delete").return { name = "timer_delete" retstr = returnstr(1) } # timer_getoverrun ___________________________________________ # # asmlinkage long # sys_timer_getoverrun(timer_t timer_id) # probe syscall.timer_getoverrun = kernel.function("sys_timer_getoverrun") { name = "timer_getoverrun" timerid = $timer_id argstr = sprint($timer_id) } probe syscall.timer_getoverrun.return = kernel.function("sys_timer_getoverrun").return { name = "timer_getoverrun" retstr = returnstr(1) } # timer_gettime ______________________________________________ # # asmlinkage long # sys_timer_gettime(timer_t timer_id, # struct itimerspec __user *setting) # probe syscall.timer_gettime = kernel.function("sys_timer_gettime") { name = "timer_gettime" timerid = $timer_id value_uaddr = $setting argstr = sprintf("%d, %s", $timer_id, _struct_timespec_u($setting)) } probe syscall.timer_gettime.return = kernel.function("sys_timer_gettime").return { name = "timer_gettime" retstr = returnstr(1) } # timer_settime ______________________________________________ # # asmlinkage long # sys_timer_settime(timer_t timer_id, # int flags, # const struct itimerspec __user *new_setting, # struct itimerspec __user *old_setting) # probe syscall.timer_settime = kernel.function("sys_timer_settime") { name = "timer_settime" timerid = $timer_id flags = $flags value_uaddr = $new_setting ovalue_uaddr = $old_setting argstr = sprintf("%d, %d, %s, %s", $timer_id, $flags, _struct_itimerspec_u($new_setting), _struct_itimerspec_u($old_setting)) } probe syscall.timer_settime.return = kernel.function("sys_timer_settime").return { name = "timer_settime" retstr = returnstr(1) } # times ______________________________________________________ # # asmlinkage long # sys_times(struct tms __user * tbuf) # probe syscall.times = kernel.function("sys_times") { name = "times" buf_uaddr = $tbuf /* * FIXME - * buf_tms_utime = __uget_tms_m($tbuf,0) * buf_tms_stime = __uget_tms_m($tbuf,1) * buf_tms_cutime = __uget_tms_m($tbuf,2) * buf_tms_cstime = __uget_tms_m($tbuf,3) */ argstr = sprintf("[0x%p]", buf_uaddr) } probe syscall.times.return = kernel.function("sys_times").return { name = "times" retstr = returnstr(1) } # tkill ______________________________________________________ # # asmlinkage long # sys_tkill(int pid, # int sig) # probe syscall.tkill = kernel.function("sys_tkill") { name = "tkill" pid = $pid sig = $sig argstr = sprintf("%d, %s", $pid, _signal_name($sig)) } probe syscall.tkill.return = kernel.function("sys_tkill").return { name = "tkill" retstr = returnstr(1) } # truncate ___________________________________________________ # # asmlinkage long # sys_truncate(const char __user * path, # unsigned long length) # probe syscall.truncate = kernel.function("sys_truncate") { name = "truncate" path_uaddr = $path path = user_string($path) length = $length argstr = sprintf("%s, %d", path, $length) } probe syscall.truncate.return = kernel.function("sys_truncate").return { name = "truncate" retstr = returnstr(1) } # truncate64 _________________________________________________ # # asmlinkage long # sys_truncate64(const char __user * path, # loff_t length) # probe syscall.truncate64 = kernel.function("sys_truncate") { name = "truncate64" path_uaddr = $path path = user_string($path) length = $length argstr = sprintf("%s, %d", path, $length) } probe syscall.truncate64.return = kernel.function("sys_truncate").return { name = "truncate64" retstr = returnstr(1) } # umount _____________________________________________________ # # asmlinkage long # sys_umount(char __user * name, # int flags) # probe syscall.umount = kernel.function("sys_umount") { name = "umount" target_uaddr = $name name_str = user_string($name) flags = $flags flags_str = _mountflags_str($flags) argstr = sprintf("%s, %s", name_str, flags_str) } probe syscall.umount.return = kernel.function("sys_umount").return { name = "umount" retstr = returnstr(1) } # uname ______________________________________________________ # # asmlinkage int # int sys_uname(struct old_utsname __user *name) # probe syscall.uname = kernel.function("sys_uname") { name = "uname" name_uaddr = $name name_str = user_string($name) argstr = name_str } probe syscall.uname.return = kernel.function("sys_uname").return { name = "uname" retstr = returnstr(1) } # unlink _____________________________________________________ # # asmlinkage long # sys_unlink(const char __user * pathname) # probe syscall.unlink = kernel.function("sys_unlink") { name = "unlink" pathname_uaddr = $pathname pathname = user_string($pathname) argstr = pathname } probe syscall.unlink.return = kernel.function("sys_unlink").return { name = "unlink" retstr = returnstr(1) } # uselib _____________________________________________________ # # asmlinkage long # sys_uselib(const char __user * library) # probe syscall.uselib = kernel.function("sys_uselib") { name = "uselib" library_uaddr = $library library = user_string($library) argstr = library } probe syscall.uselib.return = kernel.function("sys_uselib").return { name = "uselib" retstr = returnstr(1) } # ustat ______________________________________________________ # # asmlinkage long # sys_ustat(unsigned dev, # struct ustat __user * ubuf) # probe syscall.ustat = kernel.function("sys_ustat") { name = "ustat" dev = $dev ubuf_uaddr = $ubuf argstr = sprintf("%d, [0x%p]", $dev, ubuf_uaddr) } probe syscall.ustat.return = kernel.function("sys_ustat").return { name = "ustat" retstr = returnstr(1) } # utime ______________________________________________________ # # asmlinkage long # sys_utime(char __user * filename, # struct utimbuf __user * times) # probe syscall.utime = kernel.function("sys_utime") { name = "utime" filename_uaddr = $filename filename = user_string($filename) buf_uaddr = $times argstr = sprintf("%s, [0x%p]", filename, buf_uaddr) } probe syscall.utime.return = kernel.function("sys_utime").return { name = "utime" retstr = returnstr(1) } # utimes _____________________________________________________ # # asmlinkage long # sys_utimes(char __user * filename, # struct timeval __user * utimes) # probe syscall.utimes = kernel.function("sys_utimes") { name = "utimes" filename_uaddr = $filename filename = user_string($filename) tvp_uaddr = $utimes argstr = sprintf("%s, %s", filename, _struct_timeval_u($utimes)) } probe syscall.utimes.return = kernel.function("sys_utimes").return { name = "utimes" retstr = returnstr(1) } # vhangup ____________________________________________________ # # asmlinkage long # sys_vhangup(void) # probe syscall.vhangup = kernel.function("sys_vhangup") { name = "vhangup" argstr = "" } probe syscall.vhangup.return = kernel.function("sys_vhangup").return { name = "vhangup" retstr = returnstr(1) } # wait4 ______________________________________________________ # # asmlinkage long # sys_wait4(pid_t pid, # int __user *stat_addr, # int options, # struct rusage __user *ru) # probe syscall.wait4 = kernel.function("sys_wait4") { name = "wait4" pid = $pid status_uaddr = $stat_addr options = $options options_str = _wait4_opt_str($options) rusage_uaddr = $ru argstr = sprintf("%d, [0x%p], %s, [0x%p]", $pid, status_uaddr, option_str, rusage_uaddr) } probe syscall.wait4.return = kernel.function("sys_wait4").return { name = "wait4" retstr = returnstr(1) } # waitid _____________________________________________________ # # asmlinkage long # sys_waitid(int which, # pid_t pid, # struct siginfo __user *infop, # int options, # struct rusage __user *ru) # probe syscall.waitid = kernel.function("sys_waitid") { name = "waitid" which = $which which_str = _waitid_which_str($which) pid = $pid infop_uaddr = $infop options = $options options_str = _wait4_opt_str($options) rusage_uaddr = $ru argstr = sprintf("%d, %d, [0x%p], %s, [0x%p]", $which, $pid, infop_uaddr, options_str, rusage_uaddr) } probe syscall.waitid.return = kernel.function("sys_waitid").return { name = "waitid" retstr = returnstr(1) } # waitpid ____________________________________________________ # # asmlinkage long # sys_wait4(pid_t pid, # int __user *stat_addr, # int options, # struct rusage __user *ru) # probe syscall.waitpid = kernel.function("sys_wait4") { name = "waitpid" pid = $pid status_uaddr = $stat_addr options = $options options_str = _wait4_opt_str($options) rusage_uaddr = $ru argstr = sprintf("%d, [0x%p], %s, [0x%p]", $pid, status_uaddr, options_str, rusage_uaddr) } probe syscall.waitpid.return = kernel.function("sys_wait4").return { name = "waitpid" retstr = returnstr(1) } # write ______________________________________________________ # # asmlinkage ssize_t # sys_write(unsigned int fd, # const char __user * buf, # size_t count) # probe syscall.write = kernel.function("sys_write") { name = "write" fd = $fd buf_uaddr = $buf count = $count argstr = sprintf("%d, [0x%p], %d", $fd, buf_uaddr, $count) } probe syscall.write.return = kernel.function("sys_write").return { name = "write" retstr = returnstr(1) } # writev _____________________________________________________ # # asmlinkage ssize_t # sys_writev(unsigned long fd, # const struct iovec __user *vec, # unsigned long vlen) # probe syscall.writev = kernel.function("sys_writev") { name = "writev" vector_uaddr = $vec count = $vlen /* FIXME: RHEL4 U3 ppc64 can't resolve $fd */ %( arch != "ppc64" %? fd = $fd argstr = sprintf("%d, [0x%p], %d", $fd, vector_uaddr, $vlen) %: argstr = sprintf("unknown fd, [0x%p], %d", vector_uaddr, $vlen) %) } probe syscall.writev.return = kernel.function("sys_writev").return { name = "writev" retstr = returnstr(1) }