// syscalls tapset part 2 [N-Z] // Copyright (C) 2005 IBM Corp. // Copyright (C) 2005, 2006 Red Hat Inc. // // This file is part of systemtap, and is free software. You can // redistribute it and/or modify it under the terms of the GNU General // Public License (GPL); either version 2, or (at your option) any // later version. /* Each syscall returns the calls parameters. In addition, the following * variables are set: * * name - generally the syscall name minus the "sys_". * * argstr - a string containing the decoded args in an easy-to-read format. * It doesn't need to contain everything, but should have all the * important args. * * returnp - set to 1 if return probe */ # open _______________________________________________________ # asmlinkage long sys_open(const char __user * filename, int flags, int mode) probe syscall.open = kernel.function("sys_open") { name = "open" filename = user_string($filename) flags = $flags mode = $mode if (f & 64) argstr = sprintf("\"%s\", %s, 0x%x", filename, _sys_open_flag_str(flags), mode) else argstr = sprintf("\"%s\", %s", filename, _sys_open_flag_str(flags)) } probe syscall.open.return = kernel.function("sys_open").return { name = "open" returnp = 1 } # read _______________________________________________________ # ssize_t sys_read(unsigned int fd, char __user * buf, size_t count) probe syscall.read = kernel.function("sys_read") { name = "read" fd = $fd buf_uaddr = $buf count = $count argstr = sprintf("%d, ..., %d", fd, count) } probe syscall.read.return = kernel.function("sys_read").return { name = "read" returnp = 1 } ####################################################################### ################# OLD STUFF rewrite everything below here############## ####################################################################### # nanosleep __________________________________________________ /* * asmlinkage long * sys_nanosleep(struct timespec __user *rqtp, * struct timespec __user *rmtp) */ probe kernel.syscall.nanosleep = kernel.function("sys_nanosleep") { name = "nanosleep" req_uaddr = $rqtp rem_uaddr = $rmtp /* * XXX NOT SAFE -- might sleep * req_tv_sec = __uget_ts_m($rqtp,0) * req_tv_nsec = __uget_ts_m($rqtp,1) * rem_tv_sec = __uget_ts_m($rmtp,0) * rem_tv_nsec = __uget_ts_m($rmtp,1) */ } probe kernel.syscall.nanosleep.return = kernel.function("sys_nanosleep").return { name = "nanosleep.return" } # newfstat ___________________________________________________ /* * asmlinkage long * sys_newfstat(unsigned int fd, * struct stat __user * statbuf) */ probe kernel.syscall.newfstat = kernel.function("sys_newfstat") { name = "newfstat" fd = $fd buf_uaddr = $statbuf } probe kernel.syscall.newfstat.return = kernel.function("sys_newfstat").return { name = "newfstat.return" } # newlstat ___________________________________________________ /* * asmlinkage long * sys_newlstat(char __user * filename, * struct stat __user * statbuf) */ probe kernel.syscall.newlstat = kernel.function("sys_newlstat") { name = "newlstat" filename_uaddr = $filename buf_uaddr = $statbuf } probe kernel.syscall.newlstat.return = kernel.function("sys_newlstat").return { name = "newlstat.return" } # newstat ____________________________________________________ /* * asmlinkage long * sys_newstat(char __user * filename, * struct stat __user * statbuf) */ probe kernel.syscall.newstat = kernel.function("sys_newstat") { name = "newstat" filename_uaddr = $filename buf_uaddr = $statbuf } probe kernel.syscall.newstat.return = kernel.function("sys_newstat").return { name = "newstat.return" } # newuname ___________________________________________________ /* * asmlinkage long * sys_newuname(struct new_utsname __user * name) */ probe kernel.syscall.newuname = kernel.function("sys_newuname") { name = "newuname" name_uaddr = $name } probe kernel.syscall.newuname.return = kernel.function("sys_newuname").return { name = "newuname.return" } # nfsservctl _________________________________________________ /* * long asmlinkage * sys_nfsservctl(int cmd, * struct nfsctl_arg __user *arg, * void __user *res) */ probe kernel.syscall.nfsservctl = kernel.function("sys_nfsservctl") { name = "nfsservctl" cmd = $cmd argp_uaddr = $arg resp_uaddr = $res } probe kernel.syscall.nfsservctl.return = kernel.function("sys_nfsservctl").return { name = "nfsservctl.return" } # nice _______________________________________________________ /* * asmlinkage long * sys_nice(int increment) */ probe kernel.syscall.nice = kernel.function("sys_nice") { name = "nice" inc = $increment } probe kernel.syscall.nice.return = kernel.function("sys_nice").return { name = "nice.return" } # ni_syscall _________________________________________________ /* * asmlinkage long * sys_ni_syscall(void) */ probe kernel.syscall.ni_syscall = kernel.function("sys_ni_syscall") { name = "ni_syscall" } probe kernel.syscall.ni_syscall.return = kernel.function("sys_ni_syscall").return { name = "ni_syscall.return" } # old_getrlimit ______________________________________________ /* * asmlinkage long * sys_old_getrlimit(unsigned int resource, * struct rlimit __user *rlim) */ probe kernel.syscall.old_getrlimit = kernel.function("sys_old_getrlimit") { name = "old_getrlimit" resource = $resource resource_str = _rlimit_resource_str($resource) rlim_uaddr = $rlim } probe kernel.syscall.old_getrlimit.return = kernel.function("sys_old_getrlimit").return { name = "old_getrlimit.return" } # oldumount __________________________________________________ /* * asmlinkage long * sys_oldumount(char __user * name) */ probe kernel.syscall.oldumount = kernel.function("sys_umount") { name = "oldumount" target_uaddr = $name } probe kernel.syscall.oldumount.return = kernel.function("sys_umount").return { name = "oldumount.return" } # pause ______________________________________________________ /* * sys_pause(void) */ probe kernel.syscall.pause = kernel.function("sys_pause") { name = "pause" } probe kernel.syscall.pause.return = kernel.function("sys_pause").return { name = "pause.return" } # pciconfig_iobase ___________________________________________ /* * asmlinkage long * sys_pciconfig_iobase(long which, * unsigned long bus, * unsigned long dfn) */ /* probe kernel.syscall.pciconfig_iobase = kernel.function("sys_pciconfig_iobase") { name = "pciconfig_iobase" which = $which bus = $bus dfn = $dfn } probe kernel.syscall.pciconfig_iobase.return = kernel.function("sys_pciconfig_iobase").return { name = "pciconfig_iobase.return" } */ # pciconfig_read _____________________________________________ /* * asmlinkage int * sys_pciconfig_read(unsigned long bus, * unsigned long dfn, * unsigned long off, * unsigned long len, * unsigned char *buf) * { return 0; } */ /* probe kernel.syscall.pciconfig_read = kernel.function("sys_pciconfig_read") { name = "pciconfig_read" bus = $bus dfn = $dfn off = $off len = $len buf_uaddr = $buf } probe kernel.syscall.pciconfig_read.return = kernel.function("sys_pciconfig_read").return { name = "pciconfig_read.return" } */ # pciconfig_write ____________________________________________ /* * asmlinkage int * sys_pciconfig_write(unsigned long bus, * unsigned long dfn, * unsigned long off, * unsigned long len, * unsigned char *buf) */ /* probe kernel.syscall.pciconfig_write = kernel.function("sys_pciconfig_write") { name = "pciconfig_write" bus = $bus dfn = $dfn off = $off len = $len buf_uaddr = $buf } probe kernel.syscall.pciconfig_write.return = kernel.function("sys_pciconfig_write").return { name = "pciconfig_write.return" } */ # personality ________________________________________________ /* * asmlinkage long * sys_personality(u_long personality) */ probe kernel.syscall.personality = kernel.function("sys_personality") { name = "personality" persona = $personality } probe kernel.syscall.personality.return = kernel.function("sys_personality").return { name = "personality.return" } # pipe _______________________________________________________ /* * asmlinkage int * sys_pipe(unsigned long __user * fildes) */ probe kernel.syscall.pipe = kernel.function("sys_pipe") { name = "pipe" fildes_uaddr = $fildes } probe kernel.syscall.pipe.return = kernel.function("sys_pipe").return { name = "pipe.return" } # pivot_root _________________________________________________ /* * asmlinkage long * sys_pivot_root(const char __user *new_root, * const char __user *put_old) */ probe kernel.syscall.pivot_root = kernel.function("sys_pivot_root") { name = "pivot_root" new_root_uaddr = $new_root old_root_uaddr = $put_old } probe kernel.syscall.pivot_root.return = kernel.function("sys_pivot_root").return { name = "pivot_root.return" } # poll _______________________________________________________ /* * asmlinkage long * sys_poll(struct pollfd __user * ufds, * unsigned int nfds, * long timeout) */ probe kernel.syscall.poll = kernel.function("sys_poll") { name = "poll" ufds_uaddr = $ufds nfds = $nfds timeout = $timeout } probe kernel.syscall.poll.return = kernel.function("sys_poll").return { name = "poll.return" } # prctl ______________________________________________________ /* * asmlinkage long * sys_prctl(int option, * unsigned long arg2, * unsigned long arg3, * unsigned long arg4, * unsigned long arg5) */ probe kernel.syscall.prctl = kernel.function("sys_prctl") { name = "prctl" option = $option arg2 = $arg2 arg3 = $arg3 arg4 = $arg4 arg5 = $arg5 } probe kernel.syscall.prctl.return = kernel.function("sys_prctl").return { name = "prctl.return" } # pread64 ____________________________________________________ /* * asmlinkage ssize_t * sys_pread64(unsigned int fd, * char __user *buf, * size_t count, * loff_t pos) */ probe kernel.syscall.pread64 = kernel.function("sys_pread64") { name = "pread64" fd = $fd buf_uaddr = $buf count = $count offset = $pos } probe kernel.syscall.pread64.return = kernel.function("sys_pread64").return { name = "pread64.return" } # ptrace _____________________________________________________ /* * asmlinkage int * sys_ptrace(long request, * long pid, * long addr, * long data) */ probe kernel.syscall.ptrace = kernel.function("sys_ptrace") { name = "ptrace" request = $request pid = $pid addr = $addr data = $data } probe kernel.syscall.ptrace.return = kernel.function("sys_ptrace").return { name = "ptrace.return" } # pwrite64 ___________________________________________________ /* * asmlinkage ssize_t * sys_pwrite64(unsigned int fd, * const char __user *buf, * size_t count, * loff_t pos) */ probe kernel.syscall.pwrite64 = kernel.function("sys_pwrite64") { name = "pwrite64" fd = $fd buf_uaddr = $buf count = $count offset = $pos } probe kernel.syscall.pwrite64.return = kernel.function("sys_pwrite64").return { name = "pwrite64.return" } # quotactl ___________________________________________________ /* * asmlinkage long * sys_quotactl(unsigned int cmd, * const char __user *special, * qid_t id, * void __user *addr) */ probe kernel.syscall.quotactl = kernel.function("sys_quotactl") { name = "quotactl" cmd = $cmd cmd_str = _quotactl_cmd_str($cmd) special_uaddr = $special id = $id addr_uaddr = $addr } probe kernel.syscall.quotactl.return = kernel.function("sys_quotactl").return { name = "quotactl.return" } # readahead __________________________________________________ /* * asmlinkage ssize_t * sys_readahead(int fd, * loff_t offset, * size_t count) */ probe kernel.syscall.readahead = kernel.function("sys_readahead") { name = "readahead" fd = $fd offset = $offset count = $count } probe kernel.syscall.readahead.return = kernel.function("sys_readahead").return { name = "readahead.return" } # readlink ___________________________________________________ /* * asmlinkage long * sys_readlink(const char __user * path, * char __user * buf, * int bufsiz) */ probe kernel.syscall.readlink = kernel.function("sys_readlink") { name = "readlink" path_uaddr = $path buf_uaddr = $buf bufsiz = $bufsiz } probe kernel.syscall.readlink.return = kernel.function("sys_readlink").return { name = "readlink.return" } # readv ______________________________________________________ /* * asmlinkage ssize_t * sys_readv(unsigned long fd, * const struct iovec __user *vec, * unsigned long vlen) */ probe kernel.syscall.readv = kernel.function("sys_readv") { name = "readv" fd = $fd vector_uaddr = $vec count = $vlen } probe kernel.syscall.readv.return = kernel.function("sys_readv").return { name = "readv.return" } # reboot _____________________________________________________ /* * asmlinkage long * sys_reboot(int magic1, * int magic2, * unsigned int cmd, * void __user * arg) */ probe kernel.syscall.reboot = kernel.function("sys_reboot") { name = "reboot" magic = $magic1 magic_str = _reboot_magic_str($magic1) magic2 = $magic2 magic2_str =_reboot_magic_str($magic2) flag = $cmd flag_str = _reboot_flag_str(flag) arg_uaddr = $arg } probe kernel.syscall.reboot.return = kernel.function("sys_reboot").return { name = "reboot.return" } # recv _______________________________________________________ /* * asmlinkage long * sys_recvfrom(int fd, * void __user * ubuf, * size_t size, * unsigned flags, * struct sockaddr __user *addr, * int __user *addr_len) */ probe kernel.syscall.recv = kernel.function("sys_recvfrom") { name = "recv" s = $fd buf_uaddr = $ubuf len = $size flags = $flags flags_str = _recvflags_str($flags) from_uaddr = $addr fromlen_uaddr = $addr_len } probe kernel.syscall.recv.return = kernel.function("sys_recvfrom").return { name = "recv.return" } # recvfrom ___________________________________________________ /* * asmlinkage long * sys_recvfrom(int fd, * void __user * ubuf, * size_t size, * unsigned flags, * struct sockaddr __user *addr, * int __user *addr_len) */ probe kernel.syscall.recvfrom = kernel.function("sys_recvfrom") { name = "recvfrom" s = $fd buf_uaddr = $ubuf len = $size flags = $flags flags_str = _recvflags_str($flags) from_uaddr = $addr fromlen = $addr_len } probe kernel.syscall.recvfrom.return = kernel.function("sys_recvfrom").return { name = "recvfrom.return" } # recvmsg ____________________________________________________ /* * asmlinkage long * sys_recvmsg(int fd, * struct msghdr __user *msg, * unsigned int flags) */ probe kernel.syscall.recvmsg = kernel.function("sys_recvmsg") { name = "recvmsg" s = $fd msg_uaddr = $msg flags = $flags flags_str = _recvflags_str($flags) } probe kernel.syscall.recvmsg.return = kernel.function("sys_recvmsg").return { name = "recvmsg.return" } # remap_file_pages ___________________________________________ /* * asmlinkage long * sys_remap_file_pages(unsigned long start, * unsigned long size, * unsigned long __prot, * unsigned long pgoff, * unsigned long flags) */ probe kernel.syscall.remap_file_pages = kernel.function("sys_remap_file_pages") { name = "remap_file_pages" start = $start size = $size prot = $__prot pgoff = $pgoff flags = $flags } probe kernel.syscall.remap_file_pages.return = kernel.function("sys_remap_file_pages").return { name = "remap_file_pages.return" } # removexattr ________________________________________________ /* * asmlinkage long * sys_removexattr(char __user *path, * char __user *name) */ probe kernel.syscall.removexattr = kernel.function("sys_removexattr") { name = "removexattr" path_uaddr = $path name_uaddr = $name } probe kernel.syscall.removexattr.return = kernel.function("sys_removexattr").return { name = "removexattr.return" } # rename _____________________________________________________ /* * asmlinkage long * sys_rename(const char __user * oldname, * const char __user * newname) */ probe kernel.syscall.rename = kernel.function("sys_rename") { name = "rename" oldpath_uaddr = $oldname newpath_uaddr = $newname } probe kernel.syscall.rename.return = kernel.function("sys_rename").return { name = "rename.return" } # request_key ________________________________________________ /* * asmlinkage long * sys_request_key(const char __user *_type, * const char __user *_description, * const char __user *_callout_info, * key_serial_t destringid) */ probe kernel.syscall.request_key = kernel.function("sys_request_key") { name = "request_key" type_uaddr = $_type description_uaddr = $_description callout_info_uaddr = $_callout_info destringid = $destringid } probe kernel.syscall.request_key.return = kernel.function("sys_request_key").return { name = "request_key.return" } # restart_syscall ____________________________________________ /* * asmlinkage long * sys_restart_syscall(void) */ probe kernel.syscall.restart_syscall = kernel.function("sys_restart_syscall") { name = "restart_syscall" } probe kernel.syscall.restart_syscall.return = kernel.function("sys_restart_syscall").return { name = "restart_syscall.return" } # rmdir ______________________________________________________ /* * asmlinkage long * sys_rmdir(const char __user * pathname) */ probe kernel.syscall.rmdir = kernel.function("sys_rmdir") { name = "rmdir" pathname_uaddr = $pathname } probe kernel.syscall.rmdir.return = kernel.function("sys_rmdir").return { name = "rmdir.return" } # rt_sigaction _______________________________________________ /* * asmlinkage long * sys_rt_sigaction(int sig, * const struct sigaction __user *act, * struct sigaction __user *oact, * size_t sigsetsize, * void __user *restorer) */ probe kernel.syscall.rt_sigaction = kernel.function("sys_rt_sigaction") { name = "rt_sigaction" sig = $sig act_uaddr = $act oact_uaddr = $oact sigsetsize = $sigsetsize /* * unable to find local 'restorer' (maybe i386 specific) * restorer_uaddr = $restorer */ } probe kernel.syscall.rt_sigaction.return = kernel.function("sys_rt_sigaction").return { name = "rt_sigaction.return" } # rt_sigpending ______________________________________________ /* * asmlinkage long * sys_rt_sigpending(sigset_t __user *set, * size_t sigsetsize) */ probe kernel.syscall.rt_sigpending = kernel.function("do_sigpending") { name = "rt_sigpending" set_uaddr = $set sigsetsize = $sigsetsize } probe kernel.syscall.rt_sigpending.return = kernel.function("do_sigpending").return { name = "rt_sigpending.return" } # rt_sigprocmask _____________________________________________ /* * asmlinkage long * sys_rt_sigprocmask(int how, * sigset_t __user *set, * sigset_t __user *oset, * size_t sigsetsize) */ probe kernel.syscall.rt_sigprocmask = kernel.function("sys_rt_sigprocmask") { name = "rt_sigprocmask" how = $how how_str = _sigprocmask_how_str($how) set_uaddr = $set oset_uaddr = $oset sigsetsize = $sigsetsize } probe kernel.syscall.rt_sigprocmask.return = kernel.function("sys_rt_sigprocmask").return { name = "rt_sigprocmask.return" } # rt_sigqueueinfo ____________________________________________ /* * asmlinkage long * sys_rt_sigqueueinfo(int pid, * int sig, * siginfo_t __user *uinfo) */ probe kernel.syscall.rt_sigqueueinfo = kernel.function("sys_rt_sigqueueinfo") { name = "rt_sigqueueinfo" pid = $pid sig = $sig uinfo_uaddr = $uinfo } probe kernel.syscall.rt_sigqueueinfo.return = kernel.function("sys_rt_sigqueueinfo").return { name = "rt_sigqueueinfo.return" } # rt_sigsuspend ______________________________________________ /* * asmlinkage int * sys_rt_sigsuspend(struct pt_regs regs) */ probe kernel.syscall.rt_sigsuspend = kernel.function("sys_rt_sigsuspend") { name = "rt_sigsuspend" /* * unsupported type identifier '$regs' * regs = $regs */ } probe kernel.syscall.rt_sigsuspend.return = kernel.function("sys_rt_sigsuspend").return { name = "rt_sigsuspend.return" } # rt_sigtimedwait ____________________________________________ /* * asmlinkage long * sys_rt_sigtimedwait(const sigset_t __user *uthese, * siginfo_t __user *uinfo, * const struct timespec __user *uts, * size_t sigsetsize) */ probe kernel.syscall.rt_sigtimedwait = kernel.function("sys_rt_sigtimedwait") { name = "rt_sigtimedwait" uthese_uaddr = $uthese uinfo_uaddr = $uinfo uts_uaddr = $uts sigsetsize = $sigsetsize } probe kernel.syscall.rt_sigtimedwait.return = kernel.function("sys_rt_sigtimedwait").return { name = "rt_sigtimedwait.return" } # sched_getaffinity __________________________________________ /* * asmlinkage long * sys_sched_getaffinity(pid_t pid, * unsigned int len, * unsigned long __user *user_mask_ptr) */ probe kernel.syscall.sched_getaffinity = kernel.function("sys_sched_getaffinity") { name = "sched_getaffinity" pid = $pid len = $len mask_uaddr = $user_mask_ptr } probe kernel.syscall.sched_getaffinity.return = kernel.function("sys_sched_getaffinity").return { name = "sched_getaffinity.return" } # sched_getparam _____________________________________________ /* * asmlinkage long * sys_sched_getparam(pid_t pid, * struct sched_param __user *param) */ probe kernel.syscall.sched_getparam = kernel.function("sys_sched_getparam") { name = "sched_getparam" pid = $pid p_uaddr = $param } probe kernel.syscall.sched_getparam.return = kernel.function("sys_sched_getparam").return { name = "sched_getparam.return" } # sched_get_priority_max _____________________________________ /* * asmlinkage long * sys_sched_get_priority_max(int policy) */ probe kernel.syscall.sched_get_priority_max = kernel.function("sys_sched_get_priority_max") { name = "sched_get_priority_max" policy = $policy } probe kernel.syscall.sched_get_priority_max.return = kernel.function("sys_sched_get_priority_max").return { name = "sched_get_priority_max.return" } # sched_get_priority_min _____________________________________ /* * asmlinkage long * sys_sched_get_priority_min(int policy) */ probe kernel.syscall.sched_get_priority_min = kernel.function("sys_sched_get_priority_min") { name = "sched_get_priority_min" policy = $policy } probe kernel.syscall.sched_get_priority_min.return = kernel.function("sys_sched_get_priority_min").return { name = "sched_get_priority_min.return" } # sched_getscheduler _________________________________________ /* * asmlinkage long * sys_sched_getscheduler(pid_t pid) */ probe kernel.syscall.sched_getscheduler = kernel.function("sys_sched_getscheduler") { name = "sched_getscheduler" pid = $pid } probe kernel.syscall.sched_getscheduler.return = kernel.function("sys_sched_getscheduler").return { name = "sched_getscheduler.return" } # sched_rr_get_interval ______________________________________ /* * asmlinkage long * sys_sched_rr_get_interval(pid_t pid, * struct timespec __user *interval) */ probe kernel.syscall.sched_rr_get_interval = kernel.function("sys_sched_rr_get_interval") { name = "sched_rr_get_interval" pid = $pid tp_uaddr = $interval } probe kernel.syscall.sched_rr_get_interval.return = kernel.function("sys_sched_rr_get_interval").return { name = "sched_rr_get_interval.return" } # sched_yield ________________________________________________ /* * asmlinkage long * sys_sched_yield(void) */ probe kernel.syscall.sched_yield = kernel.function("sys_sched_yield") { name = "sched_yield" } probe kernel.syscall.sched_yield.return = kernel.function("sys_sched_yield").return { name = "sched_yield.return" } # select _____________________________________________________ /* * asmlinkage long * sys_select(int n, * fd_set __user *inp, * fd_set __user *outp, * fd_set __user *exp, * struct timeval __user *tvp) */ probe kernel.syscall.select = kernel.function("sys_select") { name = "select" n = $n readfds_uaddr = $inp writefds_uaddr = $outp exceptfds_uaddr = $exp timeout_uaddr = $tvp } probe kernel.syscall.select.return = kernel.function("sys_select").return { name = "select.return" } # semctl _____________________________________________________ /* * asmlinkage long * sys_semctl (int semid, * int semnum, * int cmd, * union semun arg) */ probe kernel.syscall.semctl = kernel.function("sys_semctl") { name = "semctl" semid = $semid semnum = $semnum cmd = $cmd /* * unsupported type tag identifier '$arg' * arg = $arg */ } probe kernel.syscall.semctl.return = kernel.function("sys_semctl").return { name = "semctl.return" } # semget _____________________________________________________ /* * asmlinkage long * sys_semget (key_t key, * int nsems, * int semflg) */ probe kernel.syscall.semget = kernel.function("sys_semget") { name = "semget" key = $key nsems = $nsems semflg = $semflg } probe kernel.syscall.semget.return = kernel.function("sys_semget").return { name = "semget.return" } # semop ______________________________________________________ /* * asmlinkage long * sys_semop (int semid, * struct sembuf __user *tsops, * unsigned nsops) */ probe kernel.syscall.semop = kernel.function("sys_semtimedop") { name = "semop" semid = $semid tsops_uaddr = $tsops nsops = $nsops } probe kernel.syscall.semop.return = kernel.function("sys_semtimedop").return { name = "semop.return" } # semtimedop _________________________________________________ /* * asmlinkage long * sys_semtimedop(int semid, * struct sembuf __user *tsops, * unsigned nsops, * const struct timespec __user *timeout) */ probe kernel.syscall.semtimedop = kernel.function("sys_semtimedop") { name = "semtimedop" semid = $semid sops_uaddr = $tsops nsops = $nsops timeout_uaddr = $timeout } probe kernel.syscall.semtimedop.return = kernel.function("sys_semtimedop").return { name = "semtimedop.return" } # send _______________________________________________________ /* * asmlinkage long * sys_sendto(int fd, * void __user * buff, * size_t len, * unsigned flags, * struct sockaddr __user *addr, * int addr_len) */ probe kernel.syscall.send = kernel.function("sys_sendto") { name = "send" s = $fd buf_uaddr = $buff len = $len flags = $flags flags_str = _send_flags_str($flags) to_uaddr = $addr tolen = $addr_len } probe kernel.syscall.send.return = kernel.function("sys_sendto").return { name = "send.return" } # sendfile ___________________________________________________ /* * asmlinkage ssize_t * sys_sendfile(int out_fd, * int in_fd, * off_t __user *offset, * size_t count) */ probe kernel.syscall.sendfile = kernel.function("sys_sendfile") { name = "sendfile" out_fd = $out_fd in_fd = $in_fd offset_uaddr = $offset count = $count } probe kernel.syscall.sendfile.return = kernel.function("sys_sendfile").return { name = "sendfile.return" } # sendfile64 _________________________________________________ /* * asmlinkage ssize_t * sys_sendfile64(int out_fd, * int in_fd, * loff_t __user *offset, * size_t count) */ probe kernel.syscall.sendfile64 = kernel.function("sys_sendfile64") { name = "sendfile64" out_fd = $out_fd in_fd = $in_fd offset_uaddr = $offset count = $count } probe kernel.syscall.sendfile64.return = kernel.function("sys_sendfile64").return { name = "sendfile64.return" } # sendmsg ____________________________________________________ /* * asmlinkage long * sys_sendmsg(int fd, * struct msghdr __user *msg, * unsigned flags) */ probe kernel.syscall.sendmsg = kernel.function("sys_sendmsg") { name = "sendmsg" s = $fd msg_uaddr = $msg flags = $flags flags_str = _send_flags_str($flags) } probe kernel.syscall.sendmsg.return = kernel.function("sys_sendmsg").return { name = "sendmsg.return" } # sendto _____________________________________________________ /* * asmlinkage long * sys_sendto(int fd, * void __user * buff, * size_t len, * unsigned flags, * struct sockaddr __user *addr, * int addr_len) */ probe kernel.syscall.sendto = kernel.function("sys_sendto") { name = "sendto" s = $fd buf_uaddr = $buff len = $len flags = $flags flags_str = _send_flags_str($flags) to_uaddr = $addr tolen = $addr_len } probe kernel.syscall.sendto.return = kernel.function("sys_sendto").return { name = "sendto.return" } # setdomainname ______________________________________________ /* * asmlinkage long * sys_setdomainname(char __user *name, * int len) */ probe kernel.syscall.setdomainname = kernel.function("sys_setdomainname") { name = "setdomainname" hostname_uaddr = $name len = $len } probe kernel.syscall.setdomainname.return = kernel.function("sys_setdomainname").return { name = "setdomainname.return" } # setfsgid ___________________________________________________ /* * asmlinkage long * sys_setfsgid(gid_t gid) */ probe kernel.syscall.setfsgid = kernel.function("sys_setfsgid") { name = "setfsgid" fsgid = $gid } probe kernel.syscall.setfsgid.return = kernel.function("sys_setfsgid").return { name = "setfsgid.return" } # setfsgid16 _________________________________________________ /* * asmlinkage long * sys_setfsgid16(old_gid_t gid) */ probe kernel.syscall.setfsgid16 = kernel.function("sys_setfsgid") { name = "setfsgid16" gid = $gid } probe kernel.syscall.setfsgid16.return = kernel.function("sys_setfsgid").return { name = "setfsgid16.return" } # setfsuid ___________________________________________________ /* * asmlinkage long * sys_setfsuid(uid_t uid) */ probe kernel.syscall.setfsuid = kernel.function("sys_setfsuid") { name = "setfsuid" fsuid = $uid } probe kernel.syscall.setfsuid.return = kernel.function("sys_setfsuid").return { name = "setfsuid.return" } # setfsuid16 _________________________________________________ /* * asmlinkage long * sys_setfsuid16(old_uid_t uid) */ probe kernel.syscall.setfsuid16 = kernel.function("sys_setfsuid") { name = "setfsuid16" uid = $uid } probe kernel.syscall.setfsuid16.return = kernel.function("sys_setfsuid").return { name = "setfsuid16.return" } # setgid _____________________________________________________ /* * asmlinkage long * sys_setgid(gid_t gid) */ probe kernel.syscall.setgid = kernel.function("sys_setgid") { name = "setgid" gid = $gid } probe kernel.syscall.setgid.return = kernel.function("sys_setgid").return { name = "setgid.return" } # setgid16 ___________________________________________________ /* * asmlinkage long * sys_setgid16(old_gid_t gid) */ probe kernel.syscall.setgid16 = kernel.function("sys_setgid") { name = "setgid16" gid = $gid } probe kernel.syscall.setgid16.return = kernel.function("sys_setgid").return { name = "setgid16.return" } # setgroups __________________________________________________ /* * asmlinkage long * sys_setgroups(int gidsetsize, * gid_t __user *grouplist) */ probe kernel.syscall.setgroups = kernel.function("sys_setgroups") { name = "setgroups" size = $gidsetsize /* * NOTE * list defined as "gid_t list[]" there * is no practical way to export these * values. Therefore just export addr, * let the user take care of it with * embedded C if need be. */ list_uaddr = $grouplist } probe kernel.syscall.setgroups.return = kernel.function("sys_setgroups").return { name = "setgroups.return" } # setgroups16 ________________________________________________ /* * asmlinkage long * sys_setgroups16(int gidsetsize, * old_gid_t __user *grouplist) */ probe kernel.syscall.setgroups16 = kernel.function("sys_setgroups16") { name = "setgroups16" size = $gidsetsize list_uaddr = $grouplist } probe kernel.syscall.setgroups16.return = kernel.function("sys_setgroups16").return { name = "setgroups16.return" } # sethostname ________________________________________________ /* * asmlinkage long * sys_sethostname(char __user *name, * int len) */ probe kernel.syscall.sethostname = kernel.function("sys_sethostname") { name = "sethostname" hostname_uaddr = $name len = $len } probe kernel.syscall.sethostname.return = kernel.function("sys_sethostname").return { name = "sethostname.return" } # setitimer __________________________________________________ /* * asmlinkage long * sys_setitimer(int which, * struct itimerval __user *value, * struct itimerval __user *ovalue) */ probe kernel.syscall.setitimer = kernel.function("sys_setitimer") { name = "setitimer" which = $which which_str = _itimer_which_str($which) value_uaddr = $value ovalue_uaddr = $ovalue /* * XXX NOT SAFE -- might sleep * value_it_interval_tv_sec = __uget_itimerval_tv_m($value,0) * value_it_interval_tv_usec = __uget_itimerval_tv_m($value,1) * value_it_value_tv_sec = __uget_itimerval_tv_m($value,2) * value_it_value_tv_usec = __uget_itimerval_tv_m($value,3) * ovalue_it_interval_tv_sec = __uget_itimerval_tv_m($ovalue,0) * ovalue_it_interval_tv_usec =__uget_itimerval_tv_m($ovalue,1) * ovalue_it_value_tv_sec = __uget_itimerval_tv_m($ovalue,2) * ovalue_it_value_tv_usec = __uget_itimerval_tv_m($ovalue,3) */ } probe kernel.syscall.setitimer.return = kernel.function("sys_setitimer").return { name = "setitimer.return" } # setpgid ____________________________________________________ /* * asmlinkage long * sys_setpgid(pid_t pid, * pid_t pgid) */ probe kernel.syscall.setpgid = kernel.function("sys_setpgid") { name = "setpgid" pid = $pid pgid = $pgid } probe kernel.syscall.setpgid.return = kernel.function("sys_setpgid").return { name = "setpgid.return" } # setpriority ________________________________________________ /* * asmlinkage long * sys_setpriority(int which, * int who, * int niceval) */ probe kernel.syscall.setpriority = kernel.function("sys_setpriority") { name = "setpriority" which = $which which_str = _priority_which_str($which) who = $who prio = $niceval } probe kernel.syscall.setpriority.return = kernel.function("sys_setpriority").return { name = "setpriority.return" } # setregid ___________________________________________________ /* * asmlinkage long * sys_setregid(gid_t rgid, * gid_t egid) */ probe kernel.syscall.setregid = kernel.function("sys_setregid") { name = "setregid" rgid = $rgid egid = $egid } probe kernel.syscall.setregid.return = kernel.function("sys_setregid").return { name = "setregid.return" } # setregid16 _________________________________________________ /* * asmlinkage long * sys_setregid16(old_gid_t rgid, * old_gid_t egid) */ probe kernel.syscall.setregid16 = kernel.function("sys_setregid") { name = "setregid16" rgid = $rgid egid = $egid } probe kernel.syscall.setregid16.return = kernel.function("sys_setregid").return { name = "setregid16.return" } # setresgid __________________________________________________ /* * asmlinkage long * sys_setresgid(gid_t rgid, * gid_t egid, * gid_t sgid) */ probe kernel.syscall.setresgid = kernel.function("sys_setresgid") { name = "setresgid" rgid = $rgid egid = $egid sgid = $sgid } probe kernel.syscall.setresgid.return = kernel.function("sys_setresgid").return { name = "setresgid.return" } # setresgid16 ________________________________________________ /* * asmlinkage long * sys_setresgid16(old_gid_t rgid, * old_gid_t egid, * old_gid_t sgid) */ probe kernel.syscall.setresgid16 = kernel.function("sys_setresgid") { name = "setresgid16" rgid = $rgid egid = $egid sgid = $sgid } probe kernel.syscall.setresgid16.return = kernel.function("sys_setresgid").return { name = "setresgid16.return" } # setresuid __________________________________________________ /* * asmlinkage long * sys_setresuid(uid_t ruid, * uid_t euid, * uid_t suid) */ probe kernel.syscall.setresuid = kernel.function("sys_setresuid") { name = "setresuid" ruid = $ruid euid = $euid suid = $suid } probe kernel.syscall.setresuid.return = kernel.function("sys_setresuid").return { name = "setresuid.return" } # setresuid16 ________________________________________________ /* * asmlinkage long * sys_setresuid16(old_uid_t ruid, * old_uid_t euid, * old_uid_t suid) */ probe kernel.syscall.setresuid16 = kernel.function("sys_setresuid") { name = "setresuid16" ruid = $ruid euid = $euid suid = $suid } probe kernel.syscall.setresuid16.return = kernel.function("sys_setresuid").return { name = "setresuid16.return" } # setreuid ___________________________________________________ /* * asmlinkage long * sys_setreuid(uid_t ruid, * uid_t euid) */ probe kernel.syscall.setreuid = kernel.function("sys_setreuid") { name = "setreuid" ruid = $ruid euid = $euid } probe kernel.syscall.setreuid.return = kernel.function("sys_setreuid").return { name = "setreuid.return" } # setreuid16 _________________________________________________ /* * asmlinkage long * sys_setreuid16(old_uid_t ruid, * old_uid_t euid) */ probe kernel.syscall.setreuid16 = kernel.function("sys_setreuid") { name = "setreuid16" ruid = $ruid euid = $euid } probe kernel.syscall.setreuid16.return = kernel.function("sys_setreuid").return { name = "setreuid16.return" } # setrlimit __________________________________________________ /* * asmlinkage long * sys_setrlimit(unsigned int resource, * struct rlimit __user *rlim) */ probe kernel.syscall.setrlimit = kernel.function("sys_setrlimit") { name = "setrlimit" resource = $resource resource_str = _rlimit_resource_str($resource) rlim_uaddr = $rlim } probe kernel.syscall.setrlimit.return = kernel.function("sys_setrlimit").return { name = "setrlimit.return" } # setsid _____________________________________________________ /* * asmlinkage long * sys_setsid(void) */ probe kernel.syscall.setsid = kernel.function("sys_setsid") { name = "setsid" } probe kernel.syscall.setsid.return = kernel.function("sys_setsid").return { name = "setsid.return" } # setsockopt _________________________________________________ /* * asmlinkage long * sys_setsockopt(int fd, * int level, * int optname, * char __user *optval, * int optlen) */ probe kernel.syscall.setsockopt = kernel.function("sys_setsockopt") { name = "setsockopt" fd = $fd level = $level level_str = _sockopt_level_str($level) optname = $optname optname_str = _sockopt_optname_str($optname) optval_uaddr = $optval optlen = $optlen } probe kernel.syscall.setsockopt.return = kernel.function("sys_setsockopt").return { name = "setsockopt.return" } # set_tid_address ____________________________________________ /* * asmlinkage long * sys_set_tid_address(int __user *tidptr) */ probe kernel.syscall.set_tid_address = kernel.function("sys_set_tid_address") { name = "set_tid_address" tidptr_uaddr = $tidptr } probe kernel.syscall.set_tid_address.return = kernel.function("sys_set_tid_address").return { name = "set_tid_address.return" } # settimeofday _______________________________________________ /* * asmlinkage long * sys_settimeofday(struct timeval __user *tv, * struct timezone __user *tz) */ probe kernel.syscall.settimeofday = kernel.function("sys_settimeofday") { name = "settimeofday" tv_uaddr = $tv tz_uaddr = $tz /* * XXX NOT SAFE -- might sleep * tv_tv_sec = __uget_tv_m($tv,0) * tv_tv_usec = __uget_tv_m($tv,1) * tz_tz_minuteswest = __uget_tz_m($tz,0) * tz_tz_dsttime = __uget_tz_m($tz,1) */ } probe kernel.syscall.settimeofday.return = kernel.function("sys_settimeofday").return { name = "settimeofday.return" } # setuid _____________________________________________________ /* * asmlinkage long * sys_setuid(uid_t uid) */ probe kernel.syscall.setuid = kernel.function("sys_setuid") { name = "setuid" uid = $uid } probe kernel.syscall.setuid.return = kernel.function("sys_setuid").return { name = "setuid.return" } # setuid16 ___________________________________________________ /* * asmlinkage long * sys_setuid16(old_uid_t uid) */ probe kernel.syscall.setuid16 = kernel.function("sys_setuid") { name = "setuid16" uid = $uid } probe kernel.syscall.setuid16.return = kernel.function("sys_setuid").return { name = "setuid16.return" } # setxattr ___________________________________________________ /* * asmlinkage long * sys_setxattr(char __user *path, * char __user *name, * void __user *value, * size_t size, * int flags) */ probe kernel.syscall.setxattr = kernel.function("sys_setxattr") { name = "setxattr" path_uaddr = $path name_uaddr = $name value_uaddr = $value size = $size flags = $flags } probe kernel.syscall.setxattr.return = kernel.function("sys_setxattr").return { name = "setxattr.return" } # sgetmask ___________________________________________________ /* * sys_sgetmask(void) */ probe kernel.syscall.sgetmask = kernel.function("sys_sgetmask") { name = "sgetmask" } probe kernel.syscall.sgetmask.return = kernel.function("sys_sgetmask").return { name = "sgetmask.return" } # shmctl _____________________________________________________ /* * asmlinkage long * sys_shmctl (int shmid, * int cmd, * struct shmid_ds __user *buf) */ probe kernel.syscall.shmctl = kernel.function("sys_shmctl") { name = "shmctl" shmid = $shmid cmd = $cmd buf_uaddr = $buf } probe kernel.syscall.shmctl.return = kernel.function("sys_shmctl").return { name = "shmctl.return" } # shmdt ______________________________________________________ /* * asmlinkage long * sys_shmdt(char __user *shmaddr) */ probe kernel.syscall.shmdt = kernel.function("sys_shmdt") { name = "shmdt" shmaddr_uaddr = $shmaddr } probe kernel.syscall.shmdt.return = kernel.function("sys_shmdt").return { name = "shmdt.return" } # shmget _____________________________________________________ /* * asmlinkage long * sys_shmget (key_t key, * size_t size, * int shmflg) */ probe kernel.syscall.shmget = kernel.function("sys_shmget") { name = "shmget" key = $key size = $size shmflg = $shmflg } probe kernel.syscall.shmget.return = kernel.function("sys_shmget").return { name = "shmget.return" } # shutdown ___________________________________________________ /* * asmlinkage long * sys_shutdown(int fd, * int how) */ probe kernel.syscall.shutdown = kernel.function("sys_shutdown") { name = "shutdown" s = $fd how = $how how_str = _shutdown_how_str($how) } probe kernel.syscall.shutdown.return = kernel.function("sys_shutdown").return { name = "shutdown.return" } # signal _____________________________________________________ /* * asmlinkage unsigned long * sys_signal(int sig, * __sighandler_t handler) */ probe kernel.syscall.signal = kernel.function("sys_signal") { name = "signal" sig = $sig handler = $handler } probe kernel.syscall.signal.return = kernel.function("sys_signal").return { name = "signal.return" } # sigpending _________________________________________________ /* * long do_sigpending(void __user *set, * unsigned long sigsetsize) */ probe kernel.syscall.sigpending = kernel.function("do_sigpending") { name = "sigpending" /* * NOTE * set is defined as * struct { * unsigned long int __val[128]; * } * theres is no practical way to export * these values. Therefore just export * addr, let the user take care of it * with embedded C if need be. */ set_uaddr = $set } probe kernel.syscall.sigpending.return = kernel.function("do_sigpending").return { name = "sigpending.return" } # sigprocmask ________________________________________________ /* * asmlinkage long * sys_sigprocmask(int how, * old_sigset_t __user *set, * old_sigset_t __user *oset) */ probe kernel.syscall.sigprocmask = kernel.function("sys_sigprocmask") { name = "sigprocmask" how = $how how_str = _sigprocmask_how_str($how) /* * NOTE * set and oset are defined as * struct { * unsigned long int __val[128]; * } * theres is no practical way to export * these values. Therefore just export * addr, let the user take care of it * with embedded C if need be. */ set_uaddr = $set oldset_uaddr = $oset } probe kernel.syscall.sigprocmask.return = kernel.function("sigprocmask").return { name = "sigprocmask.return" } # socket _____________________________________________________ /* * asmlinkage long * sys_socket(int family, * int type, * int protocol) */ probe kernel.syscall.socket = kernel.function("sys_socket") { name = "socket" family = $family family_str = _sock_family_str($family) type = $type type_str = _sock_type_str($type) protocol = $protocol } probe kernel.syscall.socket.return = kernel.function("sys_socket").return { name = "socket.return" } # socketcall _________________________________________________ /* * asmlinkage long * sys_socketcall(int call, * unsigned long __user *args) */ probe kernel.syscall.socketcall = kernel.function("sys_socketcall") { name = "socketcall" call = $call args_uaddr = $args } probe kernel.syscall.socketcall.return = kernel.function("sys_socketcall").return { name = "socketcall.return" } # socketpair _________________________________________________ /* * asmlinkage long * sys_socketpair(int family, * int type, * int protocol, * int __user *usockvec) */ probe kernel.syscall.socketpair = kernel.function("sys_socketpair") { name = "socketpair" family = $family family_str = _sock_family_str($family) type = $type type_str = _sock_type_str($type) protocol = $protocol sv_uaddr = $usockvec } probe kernel.syscall.socketpair.return = kernel.function("sys_socketpair").return { name = "socketpair.return" } # ssetmask ___________________________________________________ /* * asmlinkage long * sys_ssetmask(int newmask) */ probe kernel.syscall.ssetmask = kernel.function("sys_ssetmask") { name = "ssetmask" newmask = $newmask } probe kernel.syscall.ssetmask.return = kernel.function("sys_ssetmask").return { name = "ssetmask.return" } # stat _______________________________________________________ /* * asmlinkage long * sys_stat(char __user * filename, * struct __old_kernel_stat __user * statbuf) */ probe kernel.syscall.stat = kernel.function("sys_stat") { name = "stat" filename_uaddr = $filename buf_uaddr = $statbuf } probe kernel.syscall.stat.return = kernel.function("sys_stat").return { name = "stat.return" } # statfs _____________________________________________________ /* * asmlinkage long * sys_statfs(const char __user * path, * struct statfs __user * buf) */ probe kernel.syscall.statfs = kernel.function("sys_statfs") { name = "statfs" path_uaddr = $path buf_uaddr = $buf } probe kernel.syscall.statfs.return = kernel.function("sys_statfs").return { name = "statfs.return" } # statfs64 ___________________________________________________ /* * asmlinkage long * sys_statfs64(const char __user *path, * size_t sz, * struct statfs64 __user *buf) */ probe kernel.syscall.statfs64 = kernel.function("sys_statfs64") { name = "statfs64" path_uaddr = $path sz = $sz buf_uaddr = $buf } probe kernel.syscall.statfs64.return = kernel.function("sys_statfs64").return { name = "statfs64.return" } # stime ______________________________________________________ /* * asmlinkage long * sys_stime(time_t __user *tptr) */ probe kernel.syscall.stime = kernel.function("sys_stime") { name = "stime" t_uaddr = $tptr /* * XXX NOT SAFE -- might sleep * t = __uget_num($tptr) */ } probe kernel.syscall.stime.return = kernel.function("sys_stime").return { name = "stime.return" } # swapoff ____________________________________________________ /* * asmlinkage long * sys_swapoff(const char __user * specialfile) */ probe kernel.syscall.swapoff = kernel.function("sys_swapoff") { name = "swapoff" path_uaddr = $specialfile } probe kernel.syscall.swapoff.return = kernel.function("sys_swapoff").return { name = "swapoff.return" } # swapon _____________________________________________________ /* * asmlinkage long * sys_swapon(const char __user * specialfile, * int swap_flags) */ probe kernel.syscall.swapon = kernel.function("sys_swapon") { name = "swapon" path_uaddr = $specialfile swapflags = $swap_flags } probe kernel.syscall.swapon.return = kernel.function("sys_swapon").return { name = "swapon.return" } # symlink ____________________________________________________ /* * asmlinkage long * sys_symlink(const char __user * oldname, * const char __user * newname) */ probe kernel.syscall.symlink = kernel.function("sys_symlink") { name = "symlink" oldpath_uaddr = $oldname newpath_uaddr = $newname } probe kernel.syscall.symlink.return = kernel.function("sys_symlink").return { name = "symlink.return" } # sync _______________________________________________________ /* * asmlinkage long * sys_sync(void) */ probe kernel.syscall.sync = kernel.function("do_sync") { name = "sync" wait = $wait } probe kernel.syscall.sync.return = kernel.function("do_sync").return { name = "sync.return" } # sysctl _____________________________________________________ /* * asmlinkage long * sys_sysctl(struct __sysctl_args __user *args) */ probe kernel.syscall.sysctl = kernel.function("sys_sysctl") { name = "sysctl" args_uaddr = $args } probe kernel.syscall.sysctl.return = kernel.function("sys_sysctl").return { name = "sysctl.return" } # sysfs ______________________________________________________ /* * asmlinkage long * sys_sysfs(int option, * unsigned long arg1, * unsigned long arg2) */ probe kernel.syscall.sysfs = kernel.function("sys_sysfs") { name = "sysfs" option = $option arg1 = $arg1 arg2 = $arg2 } probe kernel.syscall.sysfs.return = kernel.function("sys_sysfs").return { name = "sysfs.return" } # sysinfo ____________________________________________________ /* * asmlinkage long * sys_sysinfo(struct sysinfo __user *info) */ probe kernel.syscall.sysinfo = kernel.function("sys_sysinfo") { name = "sysinfo" info_uaddr = $info } probe kernel.syscall.sysinfo.return = kernel.function("sys_sysinfo").return { name = "sysinfo.return" } # syslog _____________________________________________________ /* * asmlinkage long * sys_syslog(int type, * char __user * buf, * int len) */ probe kernel.syscall.syslog = kernel.function("do_syslog") { name = "syslog" type = $type bufp_uaddr = $buf len = $len } probe kernel.syscall.syslog.return = kernel.function("do_syslog").return { name = "syslog.return" } # tgkill _____________________________________________________ /* * asmlinkage long * sys_tgkill(int tgid, * int pid, * int sig) */ probe kernel.syscall.tgkill = kernel.function("sys_tgkill") { name = "tgkill" tgid = $tgid pid = $pid sig = $sig } probe kernel.syscall.tgkill.return = kernel.function("sys_tgkill").return { name = "tgkill.return" } # time _______________________________________________________ /* * asmlinkage long * sys_time(time_t __user * tloc) */ probe kernel.syscall.time = kernel.function("sys_time") { name = "time" t_uaddr = $tloc /* * XXX NOT SAFE -- might sleep * t = __uget_num($tloc) */ } probe kernel.syscall.time.return = kernel.function("sys_time").return { name = "time.return" } # timer_create _______________________________________________ /* * asmlinkage long * sys_timer_create(clockid_t which_clock, * struct sigevent __user *timer_event_spec, * timer_t __user * created_timer_id) */ probe kernel.syscall.timer_create = kernel.function("sys_timer_create") { name = "timer_create" clockid = $which_clock clockid_str = _get_wc_str($which_clock) evp_uaddr = $timer_event_spec timerid_uaddr = $created_timer_id /* * XXX NOT SAFE -- might sleep * timerid = __uget_num($created_timer_id) */ } probe kernel.syscall.timer_create.return = kernel.function("sys_timer_create").return { name = "timer_create.return" } # timer_delete _______________________________________________ /* * asmlinkage long * sys_timer_delete(timer_t timer_id) */ probe kernel.syscall.timer_delete = kernel.function("sys_timer_delete") { name = "timer_delete" timerid = $timer_id } probe kernel.syscall.timer_delete.return = kernel.function("sys_timer_delete").return { name = "timer_delete.return" } # timer_getoverrun ___________________________________________ /* * asmlinkage long * sys_timer_getoverrun(timer_t timer_id) */ probe kernel.syscall.timer_getoverrun = kernel.function("sys_timer_getoverrun") { name = "timer_getoverrun" timerid = $timer_id } probe kernel.syscall.timer_getoverrun.return = kernel.function("sys_timer_getoverrun").return { name = "timer_getoverrun.return" } # timer_gettime ______________________________________________ /* * asmlinkage long * sys_timer_gettime(timer_t timer_id, * struct itimerspec __user *setting) */ probe kernel.syscall.timer_gettime = kernel.function("sys_timer_gettime") { name = "timer_gettime" timerid = $timer_id value_uaddr = $setting /* * XXX NOT SAFE -- might sleep * value_it_interval_tv_sec = __uget_itimerspec_ts_m($setting,0) * value_it_interval_tv_nsec =__uget_itimerspec_ts_m($setting,1) * value_it_value_tv_sec = __uget_itimerspec_ts_m($setting,2) * value_it_value_tv_nsec = __uget_itimerspec_ts_m($setting,3) */ } probe kernel.syscall.timer_gettime.return = kernel.function("sys_timer_gettime").return { name = "timer_gettime.return" } # timer_settime ______________________________________________ /* * asmlinkage long * sys_timer_settime(timer_t timer_id, * int flags, * const struct itimerspec __user *new_setting, * struct itimerspec __user *old_setting) */ probe kernel.syscall.timer_settime = kernel.function("sys_timer_settime") { name = "timer_settime" timerid = $timer_id flags = $flags value_uaddr = $new_setting ovalue_uaddr = $old_setting } probe kernel.syscall.timer_settime.return = kernel.function("sys_timer_settime").return { name = "timer_settime.return" } # times ______________________________________________________ /* * asmlinkage long * sys_times(struct tms __user * tbuf) */ probe kernel.syscall.times = kernel.function("sys_times") { name = "times" buf_uaddr = $tbuf /* * XXX NOT SAFE -- might sleep * buf_tms_utime = __uget_tms_m($tbuf,0) * buf_tms_stime = __uget_tms_m($tbuf,1) * buf_tms_cutime = __uget_tms_m($tbuf,2) * buf_tms_cstime = __uget_tms_m($tbuf,3) */ } probe kernel.syscall.times.return = kernel.function("sys_times").return { name = "times.return" } # tkill ______________________________________________________ /* * asmlinkage long * sys_tkill(int pid, * int sig) */ probe kernel.syscall.tkill = kernel.function("sys_tkill") { name = "tkill" pid = $pid sig = $sig } probe kernel.syscall.tkill.return = kernel.function("sys_tkill").return { name = "tkill.return" } # truncate ___________________________________________________ /* * asmlinkage long * sys_truncate(const char __user * path, * unsigned long length) */ probe kernel.syscall.truncate = kernel.function("sys_truncate") { name = "truncate" path_uaddr = $path length = $length } probe kernel.syscall.truncate.return = kernel.function("sys_truncate").return { name = "truncate.return" } # truncate64 _________________________________________________ /* * asmlinkage long * sys_truncate64(const char __user * path, * loff_t length) */ probe kernel.syscall.truncate64 = kernel.function("sys_truncate") { name = "truncate64" path_uaddr = $path length = $length } probe kernel.syscall.truncate64.return = kernel.function("sys_truncate").return { name = "truncate64.return" } # umount _____________________________________________________ /* * asmlinkage long * sys_umount(char __user * name, * int flags) */ probe kernel.syscall.umount = kernel.function("sys_umount") { name = "umount" target_uaddr = $name flags = $flags flags_str = _mountflags_str($flags) } probe kernel.syscall.umount.return = kernel.function("sys_umount").return { name = "umount.return" } # uname ______________________________________________________ /* * asmlinkage int * int sys_uname(struct old_utsname __user *name) */ probe kernel.syscall.uname = kernel.function("sys_uname") { name = "uname" name_uaddr = $name } probe kernel.syscall.uname.return = kernel.function("sys_uname").return { name = "uname.return" } # unlink _____________________________________________________ /* * asmlinkage long * sys_unlink(const char __user * pathname) */ probe kernel.syscall.unlink = kernel.function("sys_unlink") { name = "unlink" pathname_uaddr = $pathname } probe kernel.syscall.unlink.return = kernel.function("sys_unlink").return { name = "unlink.return" } # uselib _____________________________________________________ /* * asmlinkage long * sys_uselib(const char __user * library) */ probe kernel.syscall.uselib = kernel.function("sys_uselib") { name = "uselib" library_uaddr = $library } probe kernel.syscall.uselib.return = kernel.function("sys_uselib").return { name = "uselib.return" } # ustat ______________________________________________________ /* * asmlinkage long * sys_ustat(unsigned dev, * struct ustat __user * ubuf) */ probe kernel.syscall.ustat = kernel.function("sys_ustat") { name = "ustat" dev = $dev ubuf_uaddr = $ubuf } probe kernel.syscall.ustat.return = kernel.function("sys_ustat").return { name = "ustat.return" } # utime ______________________________________________________ /* * asmlinkage long * sys_utime(char __user * filename, * struct utimbuf __user * times) */ probe kernel.syscall.utime = kernel.function("sys_utime") { name = "utime" filename_uaddr = $filename buf_uaddr = $times } probe kernel.syscall.utime.return = kernel.function("sys_utime").return { name = "utime.return" } # utimes _____________________________________________________ /* * asmlinkage long * sys_utimes(char __user * filename, * struct timeval __user * utimes) */ probe kernel.syscall.utimes = kernel.function("sys_utimes") { name = "utimes" filename_uaddr = $filename tvp_uaddr = $utimes } probe kernel.syscall.utimes.return = kernel.function("sys_utimes").return { name = "utimes.return" } # vfork ______________________________________________________ /* * asmlinkage long * do_fork(unsigned long clone_flags, * unsigned long stack_start, * struct pt_regs *regs, * unsigned long stack_size, * int __user *parent_tidptr, * int __user *child_tidptr) */ probe kernel.syscall.vfork = kernel.function("do_fork") { name = "vfork" clone_flags = $clone_flags /* * unable to find local 'start_stack' (maybe i386 specific) * start_stack = $start_stack */ regs_uaddr = $regs stack_size = $stack_size parent_tid_uaddr = $parent_tidptr child_tid_uaddr = $child_tidptr } probe kernel.syscall.vfork.return = kernel.function("do_fork").return { name = "vfork.return" } # vhangup ____________________________________________________ /* * asmlinkage long * sys_vhangup(void) */ probe kernel.syscall.vhangup = kernel.function("sys_vhangup") { name = "vhangup" } probe kernel.syscall.vhangup.return = kernel.function("sys_vhangup").return { name = "vhangup.return" } # wait4 ______________________________________________________ /* * asmlinkage long * sys_wait4(pid_t pid, * int __user *stat_addr, * int options, * struct rusage __user *ru) */ probe kernel.syscall.wait4 = kernel.function("sys_wait4") { name = "wait4" pid = $pid status_uaddr = $stat_addr options = $options options_str = _wait4_opt_str($options) rusage_uaddr = $ru } probe kernel.syscall.wait4.return = kernel.function("sys_wait4").return { name = "wait4.return" } # waitid _____________________________________________________ /* * asmlinkage long * sys_waitid(int which, * pid_t pid, * struct siginfo __user *infop, * int options, * struct rusage __user *ru) */ probe kernel.syscall.waitid = kernel.function("sys_waitid") { name = "waitid" which = $which which_str = _waitid_which_str($which) pid = $pid infop_uaddr = $infop options = $options options_str = _wait4_opt_str($options) } probe kernel.syscall.waitid.return = kernel.function("sys_waitid").return { name = "waitid.return" } # waitpid ____________________________________________________ /* * asmlinkage long * sys_wait4(pid_t pid, * int __user *stat_addr, * int options, * struct rusage __user *ru) */ probe kernel.syscall.waitpid = kernel.function("sys_wait4") { name = "waitpid" pid = $pid status_uaddr = $stat_addr options = $options options_str = _wait4_opt_str($options) rusage_uaddr = $ru } probe kernel.syscall.waitpid.return = kernel.function("sys_wait4").return { name = "waitpid.return" } # write ______________________________________________________ /* * asmlinkage ssize_t * sys_write(unsigned int fd, * const char __user * buf, * size_t count) */ probe kernel.syscall.write = kernel.function("sys_write") { name = "write" fd = $fd buf_uaddr = $buf count = $count } probe kernel.syscall.write.return = kernel.function("sys_write").return { name = "write.return" } # writev _____________________________________________________ /* * asmlinkage ssize_t * sys_writev(unsigned long fd, * const struct iovec __user *vec, * unsigned long vlen) */ probe kernel.syscall.writev = kernel.function("sys_writev") { name = "writev" fd = $fd vector_uaddr = $vec count = $vlen } probe kernel.syscall.writev.return = kernel.function("sys_writev").return { name = "writev.return" }