// syscalls tapset // Copyright (C) 2005 IBM Corp. // Copyright (C) 2005 Red Hat Inc. // // This file is part of systemtap, and is free software. You can // redistribute it and/or modify it under the terms of the GNU General // Public License (GPL); either version 2, or (at your option) any // later version. # time_____________________________________________ /* * asmlinkage long * sys_time(time_t __user * tloc) */ probe kernel.syscall.time = kernel.function("sys_time") { name = "time" t_uaddr = $tloc t = __uget_num($tloc) } probe kernel.syscall.time.return = kernel.function("sys_time").return { name = "time.return" } # stime____________________________________________ /* * asmlinkage long * sys_stime(time_t __user *tptr) */ probe kernel.syscall.stime = kernel.function("sys_stime") { name = "stime" t_uaddr = $tptr t = __uget_num($tptr) } probe kernel.syscall.stime.return = kernel.function("sys_stime").return { name = "stime.return" } # gettimeofday_____________________________________ /* * asmlinkage long * sys_gettimeofday(struct timeval __user *tv, * struct timezone __user *tz) */ probe kernel.syscall.gettimeofday = kernel.function("sys_gettimeofday") { name = "gettimeofday" tv_uaddr = $tv tz_uaddr = $tz tv_tv_sec = __uget_tv_m($tv,0) tv_tv_usec = __uget_tv_m($tv,1) tz_tz_minuteswest = __uget_tz_m($tz,0) tz_tz_dsttime = __uget_tz_m($tz,1) } probe kernel.syscall.gettimeofday.return = kernel.function("sys_gettimeofday").return { name = "gettimeofday.return" } # settimeofday_____________________________________ /* * asmlinkage long * sys_settimeofday(struct timeval __user *tv, * struct timezone __user *tz) */ probe kernel.syscall.settimeofday = kernel.function("sys_settimeofday") { name = "settimeofday" tv_uaddr = $tv tz_uaddr = $tz tv_tv_sec = __uget_tv_m($tv,0) tv_tv_usec = __uget_tv_m($tv,1) tz_tz_minuteswest = __uget_tz_m($tz,0) tz_tz_dsttime = __uget_tz_m($tz,1) } probe kernel.syscall.settimeofday.return = kernel.function("sys_settimeofday").return { name = "settimeofday.return" } # adjtimex_________________________________________ /* * asmlinkage long * sys_adjtimex(struct timex __user *txc_p) */ probe kernel.syscall.adjtimex = kernel.function("sys_adjtimex") { name = "adjtimex" buf_uaddr = $txc_p buf_modes = __uget_timex_m($txc_p,0) buf_modes_str = _adjtx_mode_str(buf_modes) buf_offset = __uget_timex_m($txc_p,1) buf_freq = __uget_timex_m($txc_p,2) buf_maxerror = __uget_timex_m($txc_p,3) buf_esterror = __uget_timex_m($txc_p,4) buf_status = __uget_timex_m($txc_p,5) buf_constant = __uget_timex_m($txc_p,6) buf_precision = __uget_timex_m($txc_p,7) buf_tolerance = __uget_timex_m($txc_p,8) buf_time_tv_sec = __uget_timex_m($txc_p,9) buf_time_tv_usec = __uget_timex_m($txc_p,10) buf_tick = __uget_timex_m($txc_p,11) } probe kernel.syscall.adjtimex.return = kernel.function("sys_adjtimex").return { name = "adjtimex.return" } # times____________________________________________ /* * asmlinkage long * sys_times(struct tms __user * tbuf) */ probe kernel.syscall.times = kernel.function("sys_times") { name = "times" buf_uaddr = $tbuf buf_tms_utime = __uget_tms_m($tbuf,0) buf_tms_stime = __uget_tms_m($tbuf,1) buf_tms_cutime = __uget_tms_m($tbuf,2) buf_tms_cstime = __uget_tms_m($tbuf,3) } probe kernel.syscall.times.return = kernel.function("sys_times").return { name = "times.return" } # gettid___________________________________________ /* * asmlinkage long * sys_gettid(void) */ probe kernel.syscall.gettid = kernel.function("sys_gettid") { name = "gettid" } probe kernel.syscall.gettid.return = kernel.function("sys_gettid").return { name = "gettid.return" } # nanosleep________________________________________ /* * asmlinkage long * sys_nanosleep(struct timespec __user *rqtp, * struct timespec __user *rmtp) */ probe kernel.syscall.nanosleep = kernel.function("sys_nanosleep") { name = "nanosleep" req_uaddr = $rqtp rem_uaddr = $rmtp req_tv_sec = __uget_ts_m($rqtp,0) req_tv_nsec = __uget_ts_m($rqtp,1) rem_tv_sec = __uget_ts_m($rmtp,0) rem_tv_nsec = __uget_ts_m($rmtp,1) } probe kernel.syscall.nanosleep.return = kernel.function("sys_nanosleep").return { name = "nanosleep.return" } # alarm____________________________________________ /* * asmlinkage unsigned long * sys_alarm(unsigned int seconds) */ probe kernel.syscall.alarm = kernel.function("sys_alarm") { name = "alarm" seconds = $seconds } probe kernel.syscall.alarm.return = kernel.function("sys_alarm").return { name = "alarm.return" /* seconds = $seconds */ } # getpid___________________________________________ /* * asmlinkage long * sys_getpid(void) */ probe kernel.syscall.getpid = kernel.function("sys_getpid") { name = "getpid" } probe kernel.syscall.getpid.return = kernel.function("sys_getpid").return { name = "getpid.return" } # getppid__________________________________________ /* * asmlinkage long * sys_getppid(void) */ probe kernel.syscall.getppid = kernel.function("sys_getppid") { name = "getppid" } probe kernel.syscall.getppid.return = kernel.function("sys_getppid").return { name = "getppid.return" } # getuid___________________________________________ /* * asmlinkage long * sys_getuid(void) */ probe kernel.syscall.getuid = kernel.function("sys_getuid") { name = "getuid" } probe kernel.syscall.getuid.return = kernel.function("sys_getuid").return { name = "getuid.return" } # geteuid__________________________________________ /* * asmlinkage long * sys_geteuid(void) */ probe kernel.syscall.geteuid = kernel.function("sys_geteuid") { name = "geteuid" } probe kernel.syscall.geteuid.return = kernel.function("sys_geteuid").return { name = "geteuid.return" } # getgid___________________________________________ /* * asmlinkage long * sys_getgid(void) */ probe kernel.syscall.getgid = kernel.function("sys_getgid") { name = "getgid" } probe kernel.syscall.getgid.return = kernel.function("sys_getgid").return { name = "getgid.return" } # getegid__________________________________________ /* * asmlinkage long * sys_getegid(void) */ probe kernel.syscall.getegid = kernel.function("sys_getegid") { name = "getegid" } probe kernel.syscall.getegid.return = kernel.function("sys_getegid").return { name = "getegid.return" } # getresuid________________________________________ /* * asmlinkage long * sys_getresuid(uid_t __user *ruid, * uid_t __user *euid, * uid_t __user *suid) */ probe kernel.syscall.getresuid = kernel.function("sys_getresuid") { name = "getresuid" ruid_uaddr = $ruid euid_uaddr = $euid suid_uaddr = $suid ruid = __uget_num($ruid) euid = __uget_num($euid) suid = __uget_num($suid) } probe kernel.syscall.getresuid.return = kernel.function("sys_getresuid").return { name = "getresuid.return" } # getresgid________________________________________ /* * asmlinkage * long sys_getresgid(gid_t __user *rgid, * gid_t __user *egid, * gid_t __user *sgid) */ probe kernel.syscall.getresgid = kernel.function("sys_getresgid") { name = "getresgid" rgid_uaddr = $rgid egid_uaddr = $egid sgid_uaddr = $sgid rgid = __uget_num($rgid) egid = __uget_num($egid) sgid = __uget_num($sgid) } probe kernel.syscall.getresgid.return = kernel.function("sys_getresgid").return { name = "getresgid.return" } # getpgid__________________________________________ /* * asmlinkage long * sys_getpgid(void) */ probe kernel.syscall.getpgid = kernel.function("sys_getpgid") { name = "getpgid" } probe kernel.syscall.getpgid.return = kernel.function("sys_getpgid").return { name = "getpgid.return" } # getpgrp__________________________________________ /* * asmlinkage long * sys_getpgrp(void) */ probe kernel.syscall.getpgrp = kernel.function("sys_getpgrp") { name = "getpgrp" } probe kernel.syscall.getpgrp.return = kernel.function("sys_getpgrp").return { name = "getpgrp.return" } # getsid___________________________________________ /* * asmlinkage long * sys_getsid(pid_t pid) */ probe kernel.syscall.getsid = kernel.function("sys_getsid") { name = "getsid" pid = $pid } probe kernel.syscall.getsid.return = kernel.function("sys_getsid").return { name = "getsid.return" /* pid = $pid */ } # getgroups________________________________________ /* * asmlinkage long * sys_getgroups(int gidsetsize, * gid_t __user *grouplist) */ probe kernel.syscall.getgroups = kernel.function("sys_getgroups") { name = "getgroups" size = $gidsetsize /* NOTE list defined as "gid_t list[]" there is no practical way to export these values. Therefore just export addr, let the user take care of it with embedded C if need be. */ list_uaddr = $grouplist } probe kernel.syscall.getgroups.return = kernel.function("sys_getgroups").return { name = "getgroups.return" } # setregid_________________________________________ /* * asmlinkage long * sys_setregid(gid_t rgid, * gid_t egid) */ probe kernel.syscall.setregid = kernel.function("sys_setregid") { name = "setregid" rgid = $rgid egid = $egid } probe kernel.syscall.setregid.return = kernel.function("sys_setregid").return { name = "setregid.return" } # setgid___________________________________________ /* * asmlinkage long * sys_setgid(gid_t gid) */ probe kernel.syscall.setgid = kernel.function("sys_setgid") { name = "setgid" gid = $gid } probe kernel.syscall.setgid.return = kernel.function("sys_setgid").return { name = "setgid.return" } # setreuid_________________________________________ /* * asmlinkage long * sys_setreuid(uid_t ruid, * uid_t euid) */ probe kernel.syscall.setreuid = kernel.function("sys_setreuid") { name = "setreuid" ruid = $ruid euid = $euid } probe kernel.syscall.setreuid.return = kernel.function("sys_setreuid").return { name = "setreuid.return" } # setuid___________________________________________ /* * asmlinkage long * sys_setuid(uid_t uid) */ probe kernel.syscall.setuid = kernel.function("sys_setuid") { name = "setuid" uid = $uid } probe kernel.syscall.setuid.return = kernel.function("sys_setuid").return { name = "setuid.return" } # setresuid________________________________________ /* * asmlinkage long * sys_setresuid(uid_t ruid, * uid_t euid, * uid_t suid) */ probe kernel.syscall.setresuid = kernel.function("sys_setresuid") { name = "setresuid" ruid = $ruid euid = $euid suid = $suid } probe kernel.syscall.setresuid.return = kernel.function("sys_setresuid").return { name = "setresuid.return" } # setresgid________________________________________ /* * asmlinkage long * sys_setresgid(gid_t rgid, * gid_t egid, * gid_t sgid) */ probe kernel.syscall.setresgid = kernel.function("sys_setresgid") { name = "setresgid" rgid = $rgid egid = $egid sgid = $sgid } probe kernel.syscall.setresgid.return = kernel.function("sys_setresgid").return { name = "setresgid.return" } # setfsuid_________________________________________ /* * asmlinkage long * sys_setfsuid(uid_t uid) */ probe kernel.syscall.setfsuid = kernel.function("sys_setfsuid") { name = "setfsuid" fsuid = $uid } probe kernel.syscall.setfsuid.return = kernel.function("sys_setfsuid").return { name = "setfsuid.return" } # setfsgid_________________________________________ /* * asmlinkage long * sys_setfsgid(gid_t gid) */ probe kernel.syscall.setfsgid = kernel.function("sys_setfsgid") { name = "setfsgid" fsgid = $gid } probe kernel.syscall.setfsgid.return = kernel.function("sys_setfsgid").return { name = "setfsgid.return" } # setpgid__________________________________________ /* * asmlinkage long * sys_setpgid(pid_t pid, * pid_t pgid) */ probe kernel.syscall.setpgid = kernel.function("sys_setpgid") { name = "setpgid" pid = $pid pgid = $pgid } probe kernel.syscall.setpgid.return = kernel.function("sys_setpgid").return { name = "setpgid.return" } # setsid___________________________________________ /* * asmlinkage long * sys_setsid(void) */ probe kernel.syscall.setsid = kernel.function("sys_setsid") { name = "setsid" } probe kernel.syscall.setsid.return = kernel.function("sys_setsid").return { name = "setsid.return" } # setgroups________________________________________ /* * asmlinkage long * sys_setgroups(int gidsetsize, * gid_t __user *grouplist) */ probe kernel.syscall.setgroups = kernel.function("sys_setgroups") { name = "setgroups" size = $gidsetsize /* NOTE list defined as "gid_t list[]" there is no practical way to export these values. Therefore just export addr, let the user take care of it with embedded C if need be. */ list_uaddr = $grouplist } probe kernel.syscall.setgroups.return = kernel.function("sys_setgroups").return { name = "setgroups.return" } # acct_____________________________________________ /* * asmlinkage long * sys_acct(const char __user *name) */ probe kernel.syscall.acct = kernel.function("sys_acct") { name = "acct" filename_uaddr = $name filename = user_string($name) } probe kernel.syscall.acct.return = kernel.function("sys_acct").return { name = "acct.return" } # capget___________________________________________ /* NOTE this is probably not a good function to probe. The structures are always changing. It also seems like it is not really used. Cscope produced no reference of this function in the kernel (returned no callers). Perhaps cap_get_proc / cap_set_proc are better functions to export. */ /* * asmlinkage long * sys_capget(cap_user_header_t header, * cap_user_data_t dataptr) */ probe kernel.syscall.capget = kernel.function("sys_capget") { name = "capget" header_uaddr = $header data_uaddr = $dataptr /* NOTE These two functions are the raw kernel interface for getting and setting capabilities. The kernel API is likely to change and use of these functions (in particular the format of the cap_user_*_t types) is subject to change with each kernel revision. */ } probe kernel.syscall.capget.return = kernel.function("sys_capget").return { name = "capget.return" } # capset___________________________________________ /* NOTE this is probably not a good function to probe. The structures are always changing. It also seems like it is not really used. Cscope produced no reference of this function in the kernel (returned no callers). Perhaps cap_get_proc / cap_set_proc are better functions to export. */ /* * asmlinkage long * sys_capset(cap_user_header_t header, * const cap_user_data_t data) */ probe kernel.syscall.capset = kernel.function("sys_capset") { name = "capset" header_uaddr = $header data_uaddr = $data /* NOTE These two functions are the raw kernel interface for getting and setting capabilities. The kernel API is likely to change and use of these functions (in particular the format of the cap_user_*_t types) is subject to change with each kernel revision. These system calls are specific to Linux. The portable interfaces are cap_set_proc and cap_get_proc. */ } probe kernel.syscall.capset.return = kernel.function("sys_capset").return { name = "capset.return" } # personality______________________________________ /* * asmlinkage long * sys_personality(u_long personality) */ probe kernel.syscall.personality = kernel.function("sys_personality") { name = "personality" persona = $personality } probe kernel.syscall.personality.return = kernel.function("sys_personality").return { name = "personality.return" } # sigpending_______________________________________ /* * long do_sigpending(void __user *set, * unsigned long sigsetsize) */ probe kernel.syscall.sigpending = kernel.function("do_sigpending") { name = "sigpending" /* NOTE set is defined as struct { unsigned long int __val[128]; } theres is no practical way to export these values. Therefore just export addr, let the user take care of it with embedded C if need be. */ /* XXX Cannot deal w void pointers yet set_uaddr = $set */ } probe kernel.syscall.sigpending.return = kernel.function("do_sigpending").return { name = "sigpending.return" } # sigprocmask______________________________________ /* * asmlinkage long * sys_sigprocmask(int how, * old_sigset_t __user *set, * old_sigset_t __user *oset) */ probe kernel.syscall.sigprocmask = kernel.function("sys_sigprocmask") { name = "sigprocmask" how = $how how_str = _sigprocmask_how_str($how) /* NOTE set and oset are defined as struct { unsigned long int __val[128]; } theres is no practical way to export these values. Therefore just export addr, let the user take care of it with embedded C if need be. */ set_uaddr = $set oldset_uaddr = $oset } probe kernel.syscall.sigprocmask.return = kernel.function("sigprocmask").return { name = "sigprocmask.return" } # getitimer________________________________________ /* * asmlinkage long * sys_getitimer(int which, * struct itimerval __user *value) */ probe kernel.syscall.getitimer = kernel.function("sys_getitimer") { name = "getitimer" which = $which which_str = _itimer_which_str($which) value_uaddr = $value value_it_interval_tv_sec = __uget_itimerval_tv_m($value,0) value_it_interval_tv_usec = __uget_itimerval_tv_m($value,1) value_it_value_tv_sec = __uget_itimerval_tv_m($value,2) value_it_value_tv_usec = __uget_itimerval_tv_m($value,3) } probe kernel.syscall.getitimer.return = kernel.function("sys_getitimer").return { name = "getitimer.return" } # setitimer________________________________________ /* * asmlinkage long * sys_setitimer(int which, * struct itimerval __user *value, * struct itimerval __user *ovalue) */ probe kernel.syscall.setitimer = kernel.function("sys_setitimer") { name = "setitimer" which = $which which_str = _itimer_which_str($which) value_uaddr = $value ovalue_uaddr = $ovalue value_it_interval_tv_sec = __uget_itimerval_tv_m($value,0) value_it_interval_tv_usec = __uget_itimerval_tv_m($value,1) value_it_value_tv_sec = __uget_itimerval_tv_m($value,2) value_it_value_tv_usec = __uget_itimerval_tv_m($value,3) ovalue_it_interval_tv_sec = __uget_itimerval_tv_m($ovalue,0) ovalue_it_interval_tv_usec = __uget_itimerval_tv_m($ovalue,1) ovalue_it_value_tv_sec = __uget_itimerval_tv_m($ovalue,2) ovalue_it_value_tv_usec = __uget_itimerval_tv_m($ovalue,3) } probe kernel.syscall.setitimer.return = kernel.function("sys_setitimer").return { name = "setitimer.return" } # timer_create_____________________________________ /* * asmlinkage long * sys_timer_create(clockid_t which_clock, * struct sigevent __user *timer_event_spec, * timer_t __user * created_timer_id) */ probe kernel.syscall.timer_create = kernel.function("sys_timer_create") { name = "timer_create" clockid = $which_clock clockid_str = _get_wc_str($which_clock) evp_uaddr = $timer_event_spec /* ...a little unsure about this... typedef struct sigevent { sigval_t sigev_value; int sigev_signo; int sigev_notify; union { int _pad[SIGEV_PAD_SIZE]; int _tid; struct { void (*_function)(sigval_t); void *_attribute; // really pthread_attr_t } _sigev_thread; } _sigev_un; } sigevent_t; */ timerid_uaddr = $created_timer_id timerid = __uget_num($created_timer_id) } probe kernel.syscall.timer_create.return = kernel.function("sys_timer_create").return { name = "timer_create.return" } # timer_gettime____________________________________ /* * asmlinkage long * sys_timer_gettime(timer_t timer_id, * struct itimerspec __user *setting) */ probe kernel.syscall.timer_gettime = kernel.function("sys_timer_gettime") { name = "timer_gettime" timerid = $timer_id value_uaddr = $setting value_it_interval_tv_sec = __uget_itimerspec_ts_m($setting,0) value_it_interval_tv_nsec = __uget_itimerspec_ts_m($setting,1) value_it_value_tv_sec = __uget_itimerspec_ts_m($setting,2) value_it_value_tv_nsec = __uget_itimerspec_ts_m($setting,3) } probe kernel.syscall.timer_gettime.return = kernel.function("sys_timer_gettime").return { name = "timer_gettime.return" } # timer_getoverrun_________________________________ /* * asmlinkage long * sys_timer_getoverrun(timer_t timer_id) */ probe kernel.syscall.timer_getoverrun = kernel.function("sys_timer_getoverrun") { name = "timer_getoverrun" timerid = $timer_id } probe kernel.syscall.timer_getoverrun.return = kernel.function("sys_timer_getoverrun").return { name = "timer_getoverrun.return" } # timer_settime____________________________________ /* * asmlinkage long * sys_timer_settime(timer_t timer_id, * int flags, * const struct itimerspec __user *new_setting, * struct itimerspec __user *old_setting) */ probe kernel.syscall.timer_settime = kernel.function("sys_timer_settime") { name = "timer_settime" timerid = $timer_id flags = $flags value_uaddr = $new_setting ovalue_uaddr = $old_setting } probe kernel.syscall.timer_settime.return = kernel.function("sys_timer_settime").return { name = "timer_settime.return" } # timer_delete_____________________________________ /* * asmlinkage long * sys_timer_delete(timer_t timer_id) */ probe kernel.syscall.timer_delete = kernel.function("sys_timer_delete") { name = "timer_delete" timerid = $timer_id } probe kernel.syscall.timer_delete.return = kernel.function("sys_timer_delete").return { name = "timer_delete.return" } # clock_settime____________________________________ /* * asmlinkage long * sys_clock_settime(clockid_t which_clock, * const struct timespec __user *tp) */ probe kernel.syscall.clock_settime = kernel.function("sys_clock_settime") { name = "clock_settime" clk_id = $which_clock clk_id_str = _get_wc_str($which_clock) tp_uaddr = $tp } probe kernel.syscall.clock_settime.return = kernel.function("sys_clock_settime").return { name = "clock_settime.return" } # clock_gettime____________________________________ /* * asmlinkage long * sys_clock_gettime(clockid_t which_clock, * struct timespec __user *tp) */ probe kernel.syscall.clock_gettime = kernel.function("sys_clock_gettime") { name = "clock_gettime" clk_id = $which_clock clk_id_str = _get_wc_str($which_clock) tp_uaddr = $tp } probe kernel.syscall.clock_gettime.return = kernel.function("sys_clock_gettime").return { name = "clock_gettime.return" } # clock_getres_____________________________________ /* * asmlinkage long * sys_clock_getres(clockid_t which_clock, * struct timespec __user *tp) */ probe kernel.syscall.clock_getres = kernel.function("sys_clock_getres") { name = "clock_getres" clk_id = $which_clock clk_id_str = _get_wc_str($which_clock) res_uaddr = $tp } probe kernel.syscall.clock_getres.return = kernel.function("sys_clock_getres").return { name = "clock_getres.return" } # clock_nanosleep__________________________________ /* * asmlinkage long * sys_clock_nanosleep(clockid_t which_clock, * int flags, * const struct timespec __user *rqtp, * struct timespec __user *rmtp) */ probe kernel.syscall.clock_nanosleep = kernel.function("sys_clock_nanosleep") { name = "clock_nanosleep" clock_id = $which_clock clock_id_str = _get_wc_str($which_clock) flags = $flags flag_str = "TIMER_ABSTIME" rqtp_uaddr = $rqtp rmtp_uaddr = $rmtp } probe kernel.syscall.clock_nanosleep.return = kernel.function("sys_clock_nanosleep").return { name = "clock_nanosleep.return" } # nice_____________________________________________ /* * asmlinkage long * sys_nice(int increment) */ probe kernel.syscall.nice = kernel.function("sys_nice") { name = "nice" inc = $increment } probe kernel.syscall.nice.return = kernel.function("sys_nice").return { name = "nice.return" } # sched_setscheduler_______________________________ /* * asmlinkage long * sys_sched_setscheduler(pid_t pid, * int policy, * struct sched_param __user *param) */ probe kernel.syscall.sched_setscheduler = kernel.function("do_sched_setscheduler") { name = "sched_setscheduler" pid = $pid policy = $policy policy_str = _sched_policy_str($policy) p_uaddr = $param } probe kernel.syscall.sched_setscheduler.return = kernel.function("do_sched_setscheduler").return { name = "sched_setscheduler.return" } # sched_setparam___________________________________ /* * asmlinkage long * sys_sched_setparam(pid_t pid, * struct sched_param __user *param) */ probe kernel.syscall.sched_setparam = kernel.function("do_sched_setscheduler") { name = "sched_setparam" pid = $pid p_uaddr = $param } probe kernel.syscall.sched_setparam.return = kernel.function("do_sched_setscheduler").return { name = "sched_setparam.return" } # sched_getscheduler_______________________________ /* * asmlinkage long * sys_sched_getscheduler(pid_t pid) */ probe kernel.syscall.sched_getscheduler = kernel.function("sys_sched_getscheduler") { name = "sched_getscheduler" pid = $pid } probe kernel.syscall.sched_getscheduler.return = kernel.function("sys_sched_getscheduler").return { name = "sched_getscheduler.return" } # sched_getparam___________________________________ /* * asmlinkage long * sys_sched_getparam(pid_t pid, * struct sched_param __user *param) */ probe kernel.syscall.sched_getparam = kernel.function("sys_sched_getparam") { name = "sched_getparam" pid = $pid p_uaddr = $param } probe kernel.syscall.sched_getparam.return = kernel.function("sys_sched_getparam").return { name = "sched_getparam.return" } # sched_setaffinity________________________________ /* * asmlinkage long * sys_sched_setaffinity(pid_t pid, * unsigned int len, * unsigned long __user *user_mask_ptr) */ probe kernel.syscall.sched_setaffinity = kernel.function("sys_sched_setaffinity") { name = "sched_setaffinity" pid = $pid len = $len mask_uaddr = $user_mask_ptr } probe kernel.syscall.sched_setaffinity.return = kernel.function("sys_sched_setaffinity").return { name = "sched_setaffinity.return" } # sched_getaffinity________________________________ /* * asmlinkage long * sys_sched_getaffinity(pid_t pid, * unsigned int len, * unsigned long __user *user_mask_ptr) */ probe kernel.syscall.sched_getaffinity = kernel.function("sys_sched_getaffinity") { name = "sched_getaffinity" pid = $pid len = $len mask_uaddr = $user_mask_ptr } probe kernel.syscall.sched_getaffinity.return = kernel.function("sys_sched_getaffinity").return { name = "sched_getaffinity.return" } # sched_yield______________________________________ /* * asmlinkage long * sys_sched_yield(void) */ probe kernel.syscall.sched_yield = kernel.function("sys_sched_yield") { name = "sched_yield" } probe kernel.syscall.sched_yield.return = kernel.function("sys_sched_yield").return { name = "sched_yield.return" } # sched_get_priority_max___________________________ /* * asmlinkage long * sys_sched_get_priority_max(int policy) */ probe kernel.syscall.sched_get_priority_max = kernel.function("sys_sched_get_priority_max") { name = "sched_get_priority_max" policy = $policy } probe kernel.syscall.sched_get_priority_max.return = kernel.function("sys_sched_get_priority_max").return { name = "sched_get_priority_max.return" } # sched_get_priority_min___________________________ /* * asmlinkage long * sys_sched_get_priority_min(int policy) */ probe kernel.syscall.sched_get_priority_min = kernel.function("sys_sched_get_priority_min") { name = "sched_get_priority_min" policy = $policy } probe kernel.syscall.sched_get_priority_min.return = kernel.function("sys_sched_get_priority_min").return { name = "sched_get_priority_min.return" } # sched_rr_get_interval____________________________ /* * asmlinkage long * sys_sched_rr_get_interval(pid_t pid, * struct timespec __user *interval) */ probe kernel.syscall.sched_rr_get_interval = kernel.function("sys_sched_rr_get_interval") { name = "sched_rr_get_interval" pid = $pid tp_uaddr = $interval } probe kernel.syscall.sched_rr_get_interval.return = kernel.function("sys_sched_rr_get_interval").return { name = "sched_rr_get_interval.return" } # setpriority______________________________________ /* * asmlinkage long * sys_setpriority(int which, * int who, * int niceval) */ probe kernel.syscall.setpriority = kernel.function("sys_setpriority") { name = "setpriority" which = $which which_str = _priority_which_str($which) who = $who prio = $niceval } probe kernel.syscall.setpriority.return = kernel.function("sys_setpriority").return { name = "setpriority.return" } # getpriority______________________________________ /* * asmlinkage long * sys_getpriority(int which, * int who) */ probe kernel.syscall.getpriority = kernel.function("sys_getpriority") { name = "getpriority" which = $which which_str = _priority_which_str($which) who = $who } probe kernel.syscall.getpriority.return = kernel.function("sys_getpriority").return { name = "getpriority.return" } # shutdown_________________________________________ /* * asmlinkage long * sys_shutdown(int fd, * int how) */ probe kernel.syscall.shutdown = kernel.function("sys_shutdown") { name = "shutdown" s = $fd how = $how how_str = _shutdown_how_str($how) } probe kernel.syscall.shutdown.return = kernel.function("sys_shutdown").return { name = "shutdown.return" } # reboot___________________________________________ /* * asmlinkage long * sys_reboot(int magic1, * int magic2, * unsigned int cmd, * void __user * arg) */ probe kernel.syscall.reboot = kernel.function("sys_reboot") { name = "reboot" magic = $magic1 magic_str = _reboot_magic_str($magic1) magic2 = $magic2 magic2_str = _reboot_magic_str($magic2) flag = $cmd flag_str = _reboot_flag_str(flag) /* void __user * arg */ } probe kernel.syscall.reboot.return = kernel.function("sys_reboot").return { name = "reboot.return" } # restart_syscall__________________________________ /* * asmlinkage long * sys_restart_syscall(void) */ probe kernel.syscall.restart_syscall = kernel.function("sys_restart_syscall") { name = "restart_syscall" } probe kernel.syscall.restart_syscall.return = kernel.function("sys_restart_syscall").return { name = "restart_syscall.return" } # exit_____________________________________________ /* * asmlinkage long * sys_exit(int error_code) */ probe kernel.syscall.exit = kernel.function("do_exit") { name = "exit" status = $code } probe kernel.syscall.exit.return = kernel.function("do_exit").return { name = "exit.return" } # exit_group_______________________________________ /* * asmlinkage void * sys_exit_group(int error_code) */ probe kernel.syscall.exit_group = kernel.function("sys_exit_group") { name = "exit_group" status = $error_code } probe kernel.syscall.exit_group.return = kernel.function("do_group_exit").return { name = "exit_group.return" } # wait4____________________________________________ /* * asmlinkage long * sys_wait4(pid_t pid, * int __user *stat_addr, * int options, * struct rusage __user *ru) */ probe kernel.syscall.wait4 = kernel.function("sys_wait4") { name = "wait4" pid = $pid status_uaddr = $stat_addr options = $options options_str = _wait4_opt_str($options) rusage_uaddr = $ru } probe kernel.syscall.wait4.return = kernel.function("sys_wait4").return { name = "wait4.return" } # waitid___________________________________________ /* * asmlinkage long * sys_waitid(int which, * pid_t pid, * struct siginfo __user *infop, * int options, * struct rusage __user *ru) */ probe kernel.syscall.waitid = kernel.function("sys_waitid") { name = "waitid" which = $which which_str = _waitid_which_str($which) pid = $pid infop_uaddr = $infop options = $options options_str = _wait4_opt_str($options) } probe kernel.syscall.waitid.return = kernel.function("sys_waitid").return { name = "waitid.return" } # waitpid__________________________________________ /* * asmlinkage long * sys_wait4(pid_t pid, * int __user *stat_addr, * int options, * struct rusage __user *ru) */ probe kernel.syscall.waitpid = kernel.function("sys_wait4") { name = "waitpid" pid = $pid status_uaddr = $stat_addr options = $options options_str = _wait4_opt_str($options) rusage_uaddr = $ru } probe kernel.syscall.waitpid.return = kernel.function("sys_wait4").return { name = "waitpid.return" } # set_tid_address__________________________________ /* * asmlinkage long * sys_set_tid_address(int __user *tidptr) */ probe kernel.syscall.set_tid_address = kernel.function("sys_set_tid_address") { name = "set_tid_address" tidptr_uaddr = $tidptr } probe kernel.syscall.set_tid_address.return = kernel.function("sys_set_tid_address").return { name = "set_tid_address.return" } # futex____________________________________________ /* * asmlinkage long * sys_futex(u32 __user *uaddr, * int op, * int val, * struct timespec __user *utime, * u32 __user *uaddr2, * int val3) */ probe kernel.syscall.futex = kernel.function("sys_futex") { name = "futex" futex_uaddr = $uaddr op = $op op_str = _futex_op_str($op) val = $val timeout_uaddr = $utime uaddr2_uaddr = $uaddr2 val3 = $val3 } probe kernel.syscall.futex.return = kernel.function("sys_futex").return { name = "futex.return" } # init_module______________________________________ /* * sys_init_module(void __user *umod, * unsigned long len, * const char __user *uargs) */ probe kernel.syscall.init_module = kernel.function("sys_init_module") { name = "init_module" /* umod_uaddr = $umod */ len = $len uargs_uaddr = $uargs } probe kernel.syscall.init_module.return = kernel.function("sys_init_module").return { name = "init_module.return" } # delete_module____________________________________ /* * asmlinkage long * sys_delete_module(const char __user *name_user, * unsigned int flags) */ probe kernel.syscall.delete_module = kernel.function("sys_delete_module") { name = "delete_module" name_user_uaddr = $name_user flags = $flags flags_str = _module_flags_str($flags) } probe kernel.syscall.delete_module.return = kernel.function("sys_delete_module").return { name = "delete_module.return" } # rt_sigprocmask___________________________________ /* * asmlinkage long * sys_rt_sigprocmask(int how, * sigset_t __user *set, * sigset_t __user *oset, * size_t sigsetsize) */ probe kernel.syscall.rt_sigprocmask = kernel.function("sys_rt_sigprocmask") { name = "rt_sigprocmask" how = $how how_str = _sigprocmask_how_str($how) set_uaddr = $set oset_uaddr = $oset sigsetsize = $sigsetsize } probe kernel.syscall.rt_sigprocmask.return = kernel.function("sys_rt_sigprocmask").return { name = "rt_sigprocmask.return" } # rt_sigpending____________________________________ /* * asmlinkage long * sys_rt_sigpending(sigset_t __user *set, * size_t sigsetsize) */ probe kernel.syscall.rt_sigpending = kernel.function("do_sigpending") { name = "rt_sigpending" //set_uaddr = $set sigsetsize = $sigsetsize } probe kernel.syscall.rt_sigpending.return = kernel.function("do_sigpending").return { name = "rt_sigpending.return" } # rt_sigtimedwait__________________________________ /* * asmlinkage long * sys_rt_sigtimedwait(const sigset_t __user *uthese, * siginfo_t __user *uinfo, * const struct timespec __user *uts, * size_t sigsetsize) */ probe kernel.syscall.rt_sigtimedwait = kernel.function("sys_rt_sigtimedwait") { name = "rt_sigtimedwait" uthese_uaddr = $uthese uinfo_uaddr = $uinfo uts_uaddr = $uts sigsetsize = $sigsetsize } probe kernel.syscall.rt_sigtimedwait.return = kernel.function("sys_rt_sigtimedwait").return { name = "rt_sigtimedwait.return" } # kill_____________________________________________ /* * asmlinkage long * sys_kill(int pid, int sig) */ probe kernel.syscall.kill = kernel.function("sys_kill") { name = "kill" pid = $pid sig = $sig } probe kernel.syscall.kill.return = kernel.function("sys_kill").return { name = "kill.return" } # tgkill___________________________________________ /* * asmlinkage long * sys_tgkill(int tgid, * int pid, * int sig) */ probe kernel.syscall.tgkill = kernel.function("sys_tgkill") { name = "tgkill" tgid = $tgid pid = $pid sig = $sig } probe kernel.syscall.tgkill.return = kernel.function("sys_tgkill").return { name = "tgkill.return" } # tkill____________________________________________ /* * asmlinkage long * sys_tkill(int pid, * int sig) */ probe kernel.syscall.tkill = kernel.function("sys_tkill") { name = "tkill" pid = $pid sig = $sig } probe kernel.syscall.tkill.return = kernel.function("sys_tkill").return { name = "tkill.return" } # rt_sigqueueinfo__________________________________ /* * asmlinkage long * sys_rt_sigqueueinfo(int pid, * int sig, * siginfo_t __user *uinfo) */ probe kernel.syscall.rt_sigqueueinfo = kernel.function("sys_rt_sigqueueinfo") { name = "rt_sigqueueinfo" pid = $pid sig = $sig uinfo_uaddr = $uinfo } probe kernel.syscall.rt_sigqueueinfo.return = kernel.function("sys_rt_sigqueueinfo").return { name = "rt_sigqueueinfo.return" } # sgetmask_________________________________________ /* * sys_sgetmask(void) */ probe kernel.syscall.sgetmask = kernel.function("sys_sgetmask") { name = "sgetmask" } probe kernel.syscall.sgetmask.return = kernel.function("sys_sgetmask").return { name = "sgetmask.return" } # ssetmask_________________________________________ /* * asmlinkage long * sys_ssetmask(int newmask) */ probe kernel.syscall.ssetmask = kernel.function("sys_ssetmask") { name = "ssetmask" newmask = $newmask } probe kernel.syscall.ssetmask.return = kernel.function("sys_ssetmask").return { name = "ssetmask.return" } # signal___________________________________________ /* * asmlinkage unsigned long * sys_signal(int sig, * __sighandler_t handler) */ probe kernel.syscall.signal = kernel.function("sys_signal") { name = "signal" sig = $sig /* handler = $handler */ } probe kernel.syscall.signal.return = kernel.function("sys_signal").return { name = "signal.return" } # pause____________________________________________ /* * sys_pause(void) */ probe kernel.syscall.pause = kernel.function("sys_pause") { name = "pause" } probe kernel.syscall.pause.return = kernel.function("sys_pause").return { name = "pause.return" } # sync_____________________________________________ /* * asmlinkage long * sys_sync(void) */ probe kernel.syscall.sync = kernel.function("do_sync") { name = "sync" } probe kernel.syscall.sync.return = kernel.function("do_sync").return { name = "sync.return" } # fsync____________________________________________ /* * asmlinkage long * sys_fsync(unsigned int fd) */ probe kernel.syscall.fsync = kernel.function("sys_fsync") { name = "fsync" fd = $fd } probe kernel.syscall.fsync.return = kernel.function("sys_fsync").return { name = "fsync.return" fd = $fd } # fdatasync________________________________________ /* * asmlinkage long * sys_fdatasync(unsigned int fd) */ probe kernel.syscall.fdatasync = kernel.function("sys_fdatasync") { name = "fdatasync" fd = $fd } probe kernel.syscall.fdatasync.return = kernel.function("sys_fdatasync").return { name = "fdatasync.return" } # bdflush__________________________________________ /* * asmlinkage long * sys_bdflush(int func, * long data) */ probe kernel.syscall.bdflush = kernel.function("sys_bdflush") { name = "bdflush" func = $func data = $data } probe kernel.syscall.bdflush.return = kernel.function("sys_bdflush").return { name = "bdflush.return" } # mount____________________________________________ /* * asmlinkage long * sys_mount(char __user * dev_name, * char __user * dir_name, * char __user * type, * unsigned long flags, * void __user * data) */ probe kernel.syscall.mount = kernel.function("sys_mount") { name = "mount" source_uaddr = $dev_name target_uaddr = $dir_name filesystemtype_uaddr = $type mountflags = $flags mountflags_str = _mountflags_str($flags) /* data_uaddr = $data */ } probe kernel.syscall.mount.return = kernel.function("sys_mount").return { name = "mount.return" } # umount___________________________________________ /* * asmlinkage long * sys_umount(char __user * name, * int flags) */ probe kernel.syscall.umount = kernel.function("sys_umount") { name = "umount" target_uaddr = $name flags = $flags flags_str = _mountflags_str($flags) } probe kernel.syscall.umount.return = kernel.function("sys_umount").return { name = "umount.return" } # oldumount________________________________________ /* * asmlinkage long * sys_oldumount(char __user * name) */ probe kernel.syscall.oldumount = kernel.function("sys_umount") { name = "oldumount" target_uaddr = $name } probe kernel.syscall.oldumount.return = kernel.function("sys_umount").return { name = "oldumount.return" } # truncate_________________________________________ /* * asmlinkage long * sys_truncate(const char __user * path, * unsigned long length) */ probe kernel.syscall.truncate = kernel.function("sys_truncate") { name = "truncate" path_uaddr = $path length = $length } probe kernel.syscall.truncate.return = kernel.function("sys_truncate").return { name = "truncate.return" } # ftruncate________________________________________ /* * static inline long * do_sys_ftruncate(unsigned int fd, * loff_t length, * int small) */ probe kernel.syscall.ftruncate = kernel.function("sys_ftruncate") { name = "ftruncate" fd = $fd length = $length } probe kernel.syscall.ftruncate.return = kernel.function("sys_ftrancate").return { name = "ftruncate.return" } # stat_____________________________________________ /* * asmlinkage long * sys_stat(char __user * filename, * struct __old_kernel_stat __user * statbuf) */ probe kernel.syscall.stat = kernel.function("sys_stat") { name = "stat" filename_uaddr = $filename buf_uaddr = $statbuf } probe kernel.syscall.stat.return = kernel.function("sys_stat").return { name = "stat.return" } # statfs___________________________________________ /* * asmlinkage long * sys_statfs(const char __user * path, * struct statfs __user * buf) */ probe kernel.syscall.statfs = kernel.function("sys_statfs") { name = "statfs" path_uaddr = $path buf_uaddr } probe kernel.syscall.statfs.return = kernel.function("sys_statfs").return { name = "statfs.return" } # statfs64_________________________________________ /* * asmlinkage long * sys_statfs64(const char __user *path, * size_t sz, * struct statfs64 __user *buf) */ probe kernel.syscall.statfs64 = kernel.function("sys_statfs64") { name = "statfs64" path_uaddr = $path sz = $sz buf_uaddr = $buf } probe kernel.syscall.statfs64.return = kernel.function("sys_statfs64").return { name = "statfs64.return" } # fstatfs__________________________________________ /* * asmlinkage long * sys_fstatfs(unsigned int fd, * struct statfs __user * buf) */ probe kernel.syscall.fstatfs = kernel.function("sys_fstatfs") { name = "fstatfs" fd = $fd buf_uaddr = $buf } probe kernel.syscall.fstatfs.return = kernel.function("sys_fstatfs").return { name = "fstatfs.return" } # fstatfs64________________________________________ /* * asmlinkage long * sys_fstatfs64(unsigned int fd, * size_t sz, * struct statfs64 __user *buf) */ probe kernel.syscall.fstatfs64 = kernel.function("sys_fstatfs64") { name = "fstatfs64" fd = $fd sz = $sz buf_uaddr = $buf } probe kernel.syscall.fstatfs64.return = kernel.function("sys_fstatfs64").return { name = "fstatfs64.return" } # lstat____________________________________________ /* * asmlinkage long * sys_lstat(char __user * filename, * struct __old_kernel_stat __user * statbuf) */ probe kernel.syscall.lstat = kernel.function("sys_lstat") { name = "lstat" filename_uaddr = $filename buf_uaddr = $statbuf } probe kernel.syscall.lstat.return = kernel.function("sys_lstat").return { name = "lstat.return" } # fstat____________________________________________ /* * asmlinkage long * sys_fstat(unsigned int fd, * struct __old_kernel_stat __user * statbuf) */ probe kernel.syscall.fstat = kernel.function("sys_fstat") { name = "fstat" fd = $fd buf_uaddr = $statbuf } probe kernel.syscall.fstat.return = kernel.function("sys_fstat").return { name = "fstat.return" } # newstat__________________________________________ /* * asmlinkage long * sys_newstat(char __user * filename, * struct stat __user * statbuf) */ /* probe kernel.syscall.newstat = kernel.function("sys_newstat") { name = "newstat" filename_uaddr = $filename buf_uaddr = $statbuf } probe kernel.syscall.newstat.return = kernel.function("sys_newstat").return { name = "newstat.return" } */ # newlstat_________________________________________ /* * asmlinkage long * sys_newlstat(char __user * filename, * struct stat __user * statbuf) */ /* probe kernel.syscall.newlstat = kernel.function("sys_newlstat") { name = "newlstat" filename_uaddr = $filename buf_uaddr = $statbuf } probe kernel.syscall.newlstat.return = kernel.function("sys_newlstat").return { name = "newlstat.return" } */ # newfstat_________________________________________ /* * asmlinkage long * sys_newfstat(unsigned int fd, * struct stat __user * statbuf) */ /* probe kernel.syscall.newfstat = kernel.function("sys_newfstat") { name = "newfstat" fd = $fd buf_uaddr = $statbuf } probe kernel.syscall.newfstat.return = kernel.function("sys_newfstat").return { name = "newfstat.return" } */ # ustat____________________________________________ /* * asmlinkage long * sys_ustat(unsigned dev, * struct ustat __user * ubuf) */ probe kernel.syscall.ustat = kernel.function("sys_ustat") { name = "ustat" dev = $dev ubuf_uaddr = $ubuf } probe kernel.syscall.ustat.return = kernel.function("sys_ustat").return { name = "ustat.return" } # stat64___________________________________________ /* * asmlinkage long * sys_stat64(char __user * filename, * struct stat64 __user * statbuf) */ probe kernel.syscall.stat64 = kernel.function("sys_stat64") { name = "stat64" filename_uaddr = $filename buf_uaddr = $statbuf } probe kernel.syscall.stat64.return = kernel.function("sys_stat64").return { name = "stat64.return" } # fstat64__________________________________________ /* * asmlinkage long * sys_fstat64(unsigned long fd, * struct stat64 __user * statbuf) */ probe kernel.syscall.fstat64 = kernel.function("sys_fstat64") { name = "fstat64" fd = $fd buf_uaddr = $statbuf } probe kernel.syscall.fstat64.return = kernel.function("sys_fstat64").return { name = "fstat64.return" } # lstat64__________________________________________ /* * asmlinkage long * sys_lstat64(char __user * filename, * struct stat64 __user * statbuf) */ probe kernel.syscall.lstat64 = kernel.function("sys_lstat64") { name = "lstat64" filename_uaddr = $filename buf_uaddr = $statbuf } probe kernel.syscall.lstat64.return = kernel.function("sys_lstat64").return { name = "lstat64.return" } # truncate64_______________________________________ /* * asmlinkage long * sys_truncate64(const char __user * path, * loff_t length) */ probe kernel.syscall.truncate64 = kernel.function("sys_truncate") { name = "truncate64" path_uaddr = $path length = $length } probe kernel.syscall.truncate64.return = kernel.function("sys_truncate").return { name = "truncate64.return" } # ftruncate64______________________________________ /* * asmlinkage long * sys_ftruncate64(unsigned int fd, * loff_t length) */ probe kernel.syscall.ftruncate64 = kernel.function("sys_ftruncate") { name = "ftruncate64" fd = $fd length = $length } probe kernel.syscall.ftruncate64.return = kernel.function("sys_ftruncate").return { name = "ftruncate64.return" } # setxattr_________________________________________ /* * asmlinkage long * sys_setxattr(char __user *path, * char __user *name, * void __user *value, * size_t size, * int flags) */ probe kernel.syscall.setxattr = kernel.function("sys_setxattr") { name = "setxattr" path_uaddr = $path name_uaddr = $name /* void __user *value */ size = $size flags = $flags } probe kernel.syscall.setxattr.return = kernel.function("sys_setxattr").return { name = "setxattr.return" } # lsetxattr________________________________________ /* * asmlinkage long * sys_lsetxattr(char __user *path, * char __user *name, * void __user *value, * size_t size, * int flags) */ probe kernel.syscall.lsetxattr = kernel.function("sys_lsetxattr") { name = "lsetxattr" path_uaddr = $path name_uaddr = $name /* void __user *value */ size = $size flags = $flags } probe kernel.syscall.lsetxattr.return = kernel.function("sys_lsetxattr").return { name = "lsetxattr.return" } # fsetxattr________________________________________ /* * asmlinkage long * sys_fsetxattr(int fd, * char __user *name, * void __user *value, * size_t size, * int flags) */ probe kernel.syscall.fsetxattr = kernel.function("sys_fsetxattr") { name = "fsetxattr" fildes = $fd name_uaddr = $name /* void __user *value */ size = $size flags = $flags } probe kernel.syscall.fsetxattr.return = kernel.function("sys_fsetxattr").return { name = "fsetxattr.return" } # getxattr_________________________________________ /* * asmlinkage ssize_t * sys_getxattr(char __user *path, * char __user *name, * void __user *value, * size_t size) */ probe kernel.syscall.getxattr = kernel.function("sys_getxattr") { name = "getxattr" path_uaddr = $path name_uaddr = $name /* void __user *value */ size = $size } probe kernel.syscall.getxattr.return = kernel.function("sys_getxattr").return { name = "getxattr.return" } # lgetxattr________________________________________ /* * asmlinkage ssize_t * sys_lgetxattr(char __user *path, * char __user *name, * void __user *value, * size_t size) */ probe kernel.syscall.lgetxattr = kernel.function("sys_lgetxattr") { name = "lgetxattr" path_uaddr = $path name_uaddr = $name /* void __user *value */ size = $size } probe kernel.syscall.lgetxattr.return = kernel.function("sys_lgetxattr").return { name = "lgetxattr.return" } # fgetxattr________________________________________ /* * asmlinkage ssize_t * sys_fgetxattr(int fd, * char __user *name, * void __user *value, * size_t size) */ probe kernel.syscall.fgetxattr = kernel.function("sys_fgetxattr") { name = "fgetxattr" fildes = $fd path_uaddr = $name /* void __user *value */ size = $size } probe kernel.syscall.fgetxattr.return = kernel.function("sys_fgetxattr").return { name = "fgetxattr.return" } # listxattr________________________________________ /* * asmlinkage ssize_t * sys_listxattr(char __user *path, * char __user *list, * size_t size) */ probe kernel.syscall.listxattr = kernel.function("sys_listxattr") { name = "listxattr" path_uaddr = $path list_uaddr = $list size = $size } probe kernel.syscall.listxattr.return = kernel.function("sys_listxattr").return { name = "listxattr.return" } # llistxattr_______________________________________ /* * asmlinkage ssize_t * sys_llistxattr(char __user *path, * char __user *list, * size_t size) */ probe kernel.syscall.llistxattr = kernel.function("sys_llistxattr") { name = "llistxattr" path_uaddr = $path list_uaddr = $list size = $size } probe kernel.syscall.llistxattr.return = kernel.function("sys_llistxattr").return { name = "llistxattr.return" } # flistxattr_______________________________________ /* * asmlinkage ssize_t * sys_flistxattr(int fd, * char __user *list, * size_t size) */ probe kernel.syscall.flistxattr = kernel.function("sys_flistxattr") { name = "flistxattr" fildes = $fd list_uaddr = $list size = $size } probe kernel.syscall.flistxattr.return = kernel.function("sys_flistxattr").return { name = "flistxattr.return" } # removexattr______________________________________ /* * asmlinkage long * sys_removexattr(char __user *path, * char __user *name) */ probe kernel.syscall.removexattr = kernel.function("sys_removexattr") { name = "removexattr" path_uaddr = $path name_uaddr = $name } probe kernel.syscall.removexattr.return = kernel.function("sys_removexattr").return { name = "removexattr.return" } # lremovexattr_____________________________________ /* * asmlinkage long * sys_lremovexattr(char __user *path, * char __user *name) */ probe kernel.syscall.lremovexattr = kernel.function("sys_lremovexattr") { name = "lremovexattr" path_uaddr = $path name_uaddr = $name } probe kernel.syscall.lremovexattr.return = kernel.function("sys_lremovexattr").return { name = "lremovexattr.return" } # fremovexattr_____________________________________ /* * asmlinkage long * sys_fremovexattr(int fd, * char __user *name) */ probe kernel.syscall.fremovexattr = kernel.function("sys_fremovexattr") { name = "fremovexattr" filedes = $fd name_uaddr = $name } probe kernel.syscall.fremovexattr.return = kernel.function("sys_fremovexattr").return { name = "fremovexattr.return" } # brk______________________________________________ /* * asmlinkage unsigned long * sys_brk(unsigned long brk) */ probe kernel.syscall.brk = kernel.function("sys_brk") { name = "brk" brk = $brk } probe kernel.syscall.brk.return = kernel.function("sys_brk").return { name = "brk.return" } # mprotect_________________________________________ /* * asmlinkage long * sys_mprotect(unsigned long start, * size_t len, * unsigned long prot) */ probe kernel.syscall.mprotect = kernel.function("sys_mprotect") { name = "mprotect" addr = $start len = $len prot = $prot prot_str = _mprotect_prot_str($prot) } probe kernel.syscall.mprotect.return = kernel.function("sys_mprotect").return { name = "mprotect.return" } # mremap___________________________________________ /* * asmlinkage unsigned long * sys_mremap(unsigned long addr, * unsigned long old_len, * unsigned long new_len, * unsigned long flags, * unsigned long new_addr) */ probe kernel.syscall.mremap = kernel.function("sys_mremap") { name = "mremap" old_address = $addr old_size = $old_len new_size = $new_len flags = $flags new_address = $new_addr } probe kernel.syscall.mremap.return = kernel.function("sys_mremap").return { name = "mremap.return" } # remap_file_pages_________________________________ /* * asmlinkage long * sys_remap_file_pages(unsigned long start, * unsigned long size, * unsigned long __prot, * unsigned long pgoff, * unsigned long flags) */ probe kernel.syscall.remap_file_pages = kernel.function("sys_remap_file_pages") { name = "remap_file_pages" start = $start size = $size prot = $__prot pgoff = $pgoff flags = $flags } probe kernel.syscall.remap_file_pages.return = kernel.function("sys_remap_file_pages").return { name = "remap_file_pages.return" } # msync____________________________________________ /* * asmlinkage long * sys_msync(unsigned long start, * size_t len, * int flags) */ probe kernel.syscall.msync = kernel.function("sys_msync") { name = "msync" start = $start length = $len flags = $flags flags_str = _msync_flag_str($flags) } probe kernel.syscall.msync.return = kernel.function("sys_msync").return { name = "msync.return" } # fadvise64________________________________________ /* * asmlinkage long * sys_fadvise64_64(int fd, * loff_t offset, * loff_t len, * int advice) */ probe kernel.syscall.fadvise64 = kernel.function("sys_fadvise64_64") { name = "fadvise64" fd = $fd offset = $offset len = $len advice = $advice } probe kernel.syscall.fadvise64.return = kernel.function("sys_fadvise64_64").return { name = "fadvise64.return" } # fadvise64_64_____________________________________ /* * asmlinkage long * sys_fadvise64_64(int fd, * loff_t offset, * loff_t len, * int advice) */ probe kernel.syscall.fadvise64_64 = kernel.function("sys_fadvise64_64") { name = "fadvise64_64" fs = $fd offset = $offset len = $len advice = $advice } probe kernel.syscall.fadvise64_64.return = kernel.function("sys_fadvise64_64").return { name = "fadvise64_64.return" } # munmap___________________________________________ /* * asmlinkage long * sys_munmap(unsigned long addr, * size_t len) */ probe kernel.syscall.munmap = kernel.function("sys_munmap") { name = "munmap" start = $addr length = $len } probe kernel.syscall.munmap.return = kernel.function("sys_munmap").return { name = "munmap.return" } # mlock____________________________________________ /* * asmlinkage long * sys_mlock(unsigned long start, * size_t len) */ probe kernel.syscall.mlock = kernel.function("sys_mlock") { name = "mlock" addr = $start len = $len } probe kernel.syscall.mlock.return = kernel.function("sys_mlock").return { name = "mlock.return" } # munlock__________________________________________ /* * asmlinkage long * sys_munlock(unsigned long start, * size_t len) */ probe kernel.syscall.munlock = kernel.function("sys_munlock") { name = "munlock" addr = $start len = $len } probe kernel.syscall.munlock.return = kernel.function("sys_munlock").return { name = "munlock.return" } # mlockall_________________________________________ /* * asmlinkage long * sys_mlockall(int flags) */ probe kernel.syscall.mlockall = kernel.function("sys_mlockall") { name = "mlockall" flags = $flags flags_str = _mlockall_flags_str($flags) } probe kernel.syscall.mlockall.return = kernel.function("sys_mlockall").return { name = "mlockall.return" } # munlockall_______________________________________ /* * asmlinkage long * sys_munlockall(void) */ probe kernel.syscall.munlockall = kernel.function("sys_munlockall") { name = "munlockall" } probe kernel.syscall.munlockall.return = kernel.function("sys_munlockall").return { name = "munlockall.return" } # madvise__________________________________________ /* * asmlinkage long * sys_madvise(unsigned long start, * size_t len_in, * int behavior) */ probe kernel.syscall.madvise = kernel.function("sys_madvise") { name = "madvise" start = $start length = $len_in advice = $behavior advice_str = _madvice_advice_str($behavior) } probe kernel.syscall.madvise.return = kernel.function("sys_madvise").return { name = "madvise.return" } # mincore__________________________________________ /* * asmlinkage long * sys_mincore(unsigned long start, * size_t len, * unsigned char __user * vec) */ probe kernel.syscall.mincore = kernel.function("sys_mincore") { name = "mincore" start = $start length = $len vec_uaddr = $vec } probe kernel.syscall.mincore.return = kernel.function("sys_mincore").return { name = "mincore.return" } # pivot_root_______________________________________ /* * asmlinkage long * sys_pivot_root(const char __user *new_root, * const char __user *put_old) */ probe kernel.syscall.pivot_root = kernel.function("sys_pivot_root") { name = "pivot_root" new_root_uaddr = $new_root old_root_uaddr = $put_old } probe kernel.syscall.pivot_root.return = kernel.function("sys_pivot_root").return { name = "pivot_root.return" } # chroot___________________________________________ /* * asmlinkage long * sys_chroot(const char __user * filename) */ probe kernel.syscall.chroot = kernel.function("sys_chroot") { name = "chroot" path_uaddr = $filename } probe kernel.syscall.chroot.return = kernel.function("sys_chroot").return { name = "chroot.return" } # mknod____________________________________________ /* * asmlinkage long * sys_mknod(const char __user * filename, * int mode, * unsigned dev) */ probe kernel.syscall.mknod = kernel.function("sys_mknod") { name = "mknod" pathname_uaddr = $filename mode = $mode mode_str = _mknod_mode_str($mode) dev = $dev } probe kernel.syscall.mknod.return = kernel.function("sys_mknod").return { name = "mknod.return" } # link_____________________________________________ /* * asmlinkage long * sys_link(const char __user * oldname, * const char __user * newname) */ probe kernel.syscall.link = kernel.function("sys_link") { name = "link" oldpath_uaddr = $oldname newpath_uaddr = $newname } probe kernel.syscall.link.return = kernel.function("sys_link").return { name = "link.return" } # symlink__________________________________________ /* * asmlinkage long * sys_symlink(const char __user * oldname, * const char __user * newname) */ probe kernel.syscall.symlink = kernel.function("sys_symlink") { name = "symlink" oldpath_uaddr = $oldname newpath_uaddr = $newname } probe kernel.syscall.symlink.return = kernel.function("sys_symlink").return { name = "symlink.return" } # unlink___________________________________________ /* * asmlinkage long * sys_unlink(const char __user * pathname) */ probe kernel.syscall.unlink = kernel.function("sys_unlink") { name = "unlink" pathname_uaddr = $pathname } probe kernel.syscall.unlink.return = kernel.function("sys_unlink").return { name = "unlink.return" } # rename___________________________________________ /* * asmlinkage long * sys_rename(const char __user * oldname, * const char __user * newname) */ probe kernel.syscall.rename = kernel.function("sys_rename") { name = "rename" oldpath_uaddr = $oldname newpath_uaddr = $newname } probe kernel.syscall.rename.return = kernel.function("sys_rename").return { name = "rename.return" } # chmod____________________________________________ /* * asmlinkage long * sys_chmod(const char __user * filename, * mode_t mode) */ probe kernel.syscall.chmod = kernel.function("sys_chmod") { name = "chmod" path_uaddr = $filename mode = $mode mode_str = _sys_open_mode_str($mode) } probe kernel.syscall.chmod.return = kernel.function("sys_chmod").return { name = "chmod.return" } # fchmod___________________________________________ /* * asmlinkage long * sys_fchmod(unsigned int fd, * mode_t mode) */ probe kernel.syscall.fchmod = kernel.function("sys_fchmod") { name = "fchmod" fildes = $fd mode = $mode mode_str = _sys_open_mode_str($mode) } probe kernel.syscall.fchmod.return = kernel.function("sys_fchmod").return { name = "fchmod.return" } # fcntl____________________________________________ /* * asmlinkage long * sys_fcntl(int fd, * unsigned int cmd, * unsigned long arg) */ probe kernel.syscall.fcntl = kernel.function("sys_fcntl") { name = "fcntl" fd = $fd cmd = $cmd cmd_str = _fcntl_cmd_str($cmd) arg = $arg } probe kernel.syscall.fcntl.return = kernel.function("sys_fcntl").return { name = "fcntl.return" } # fcntl64__________________________________________ /* * asmlinkage long * sys_fcntl64(unsigned int fd, * unsigned int cmd, * unsigned long arg) */ probe kernel.syscall.fcntl64 = kernel.function("sys_fcntl64") { name = "fcntl64" fd = $fd cmd = $cmd cmd_str = _fcntl_cmd_str($cmd) arg = $arg } probe kernel.syscall.fcntl64.return = kernel.function("sys_fcntl64").return { name = "fcntl64.return" fd = $fd } # dup______________________________________________ /* * asmlinkage long * sys_dup(unsigned int fildes) */ probe kernel.syscall.dup = kernel.function("sys_dup") { name = "dup" oldfd = $fildes } probe kernel.syscall.dup.return = kernel.function("sys_dup").return { name = "dup.return" } # dup2_____________________________________________ /* * asmlinkage long * sys_dup2(unsigned int oldfd, * unsigned int newfd) */ probe kernel.syscall.dup2 = kernel.function("sys_dup2") { name = "dup2" oldfd = $oldfd newfd = $newfd } probe kernel.syscall.dup2.return = kernel.function("sys_dup2").return { name = "dup2.return" } # ioperm___________________________________________ /* * asmlinkage long * sys_ioperm(unsigned long from, * unsigned long num, * int turn_on) */ probe kernel.syscall.ioperm = kernel.function("sys_ioperm") { name = "ioperm" from = $from num = $num turn_on = $turn_on } probe kernel.syscall.ioperm.return = kernel.function("sys_ioperm").return { name = "ioperm.return" } # ioctl____________________________________________ /* * asmlinkage long * sys_ioctl(unsigned int fd, * unsigned int cmd, * unsigned long arg) */ probe kernel.syscall.ioctl = kernel.function("sys_ioctl") { name = "ioctl" fd = $fd request = $cmd argp = $arg } probe kernel.syscall.ioctl.return = kernel.function("sys_ioctl").return { name = "ioctl.return" } # flock____________________________________________ /* * asmlinkage long * sys_flock(unsigned int fd, * unsigned int cmd) */ probe kernel.syscall.flock = kernel.function("sys_flock") { name = "flock" fd = $fd operation = $cmd } probe kernel.syscall.flock.return = kernel.function("sys_flock").return { name = "flock.return" } # io_setup_________________________________________ /* * asmlinkage long * sys_io_setup(unsigned nr_events, * aio_context_t __user *ctxp) */ probe kernel.syscall.io_setup = kernel.function("sys_io_setup") { name = "io_setup" maxevents = $nr_events ctxp_uaddr = $ctxp } probe kernel.syscall.io_setup.return = kernel.function("sys_io_setup").return { name = "io_setup.return" } # io_destroy_______________________________________ /* * asmlinkage long * sys_io_destroy(aio_context_t ctx) */ probe kernel.syscall.io_destroy = kernel.function("sys_io_destroy") { name = "io_destroy" ctx = $ctx } probe kernel.syscall.io_destroy.return = kernel.function("sys_io_destroy").return { name = "io_destroy.return" } # io_getevents_____________________________________ /* * asmlinkage long * sys_io_getevents(aio_context_t ctx_id, * long min_nr, * long nr, * struct io_event __user *events, * struct timespec __user *timeout) */ probe kernel.syscall.io_getevents = kernel.function("sys_io_getevents") { name = "io_getevents" ctx_id = $ctx_id min_nr = $min_nr nr = $nr events_uaddr = $events timeout_uaddr = $timeout } probe kernel.syscall.io_getevents.return = kernel.function("sys_io_getevents").return { name = "io_getevents.return" } # io_submit________________________________________ /* * asmlinkage long * sys_io_submit(aio_context_t ctx_id, * long nr, * struct iocb __user * __user *iocbpp) */ probe kernel.syscall.io_submit = kernel.function("sys_io_submit") { name = "io_submit" ctx_id = $ctx_id nr = $nr iocbpp_uaddr = $iocbpp } probe kernel.syscall.io_submit.return = kernel.function("sys_io_submit").return { name = "io_submit.return" } # io_cancel________________________________________ /* * asmlinkage long * sys_io_cancel(aio_context_t ctx_id, * struct iocb __user *iocb, * struct io_event __user *result) */ probe kernel.syscall.io_cancel = kernel.function("sys_io_cancel") { name = "io_cancel" ctx_id = $ctx_id iocb_uaddr = $iocb result_uaddr = $result } probe kernel.syscall.io_cancel.return = kernel.function("sys_io_cancel").return { name = "io_cancel.return" } # sendfile_________________________________________ /* * asmlinkage ssize_t * sys_sendfile(int out_fd, * int in_fd, * off_t __user *offset, * size_t count) */ probe kernel.syscall.sendfile = kernel.function("sys_sendfile") { name = "sendfile" out_fd = $out_fd in_fd = $in_fd offset_uaddr = $offset count = $count } probe kernel.syscall.sendfile.return = kernel.function("sys_sendfile").return { name = "sendfile.return" } # sendfile64_______________________________________ /* * asmlinkage ssize_t * sys_sendfile64(int out_fd, * int in_fd, * loff_t __user *offset, * size_t count) */ probe kernel.syscall.sendfile64 = kernel.function("sys_sendfile64") { name = "sendfile64" out_fd = $out_fd in_fd = $in_fd offset_uaddr = $offset count = $count } probe kernel.syscall.sendfile64.return = kernel.function("sys_sendfile64").return { name = "sendfile64.return" } # readlink_________________________________________ /* * asmlinkage long * sys_readlink(const char __user * path, * char __user * buf, * int bufsiz) */ probe kernel.syscall.readlink = kernel.function("sys_readlink") { name = "readlink" path_uaddr = $path buf_uaddr = $buf bufsiz = $bufsiz } probe kernel.syscall.readlink.return = kernel.function("sys_readlink").return { name = "readlink.return" } # creat____________________________________________ /* * asmlinkage long * sys_creat(const char __user * pathname, * int mode) */ probe kernel.syscall.creat = kernel.function("sys_open") { name = "creat" pathname_uaddr = $filename mode = $mode mode_str = _sys_open_mode_str($mode) } probe kernel.syscall.creat.return = kernel.function("sys_open").return { name = "creat.return" } # open_____________________________________________ /* * asmlinkage long * sys_open(const char __user * filename, * int flags, * int mode) */ probe kernel.syscall.open = kernel.function("sys_open") { name = "open" filename_uaddr = $filename flags = $flags mode = $mode mode_str = _sys_open_mode_str($mode) } probe kernel.syscall.open.return = kernel.function("sys_open").return { name = "open.return" } # close____________________________________________ /* * asmlinkage long * sys_close(unsigned int fd) */ probe kernel.syscall.close = kernel.function("sys_close") { name = "close" fd = $fd } probe kernel.syscall.close.return = kernel.function("sys_close").return { name = "close.return" } # access___________________________________________ /* * asmlinkage long * sys_access(const char __user * filename, * int mode) */ probe kernel.syscall.access = kernel.function("sys_access") { name = "access" pathname_uaddr = $filename mode = $mode mode_str = _access_mode_str($mode) } probe kernel.syscall.access.return = kernel.function("sys_access").return { name = "access.return" } # vhangup__________________________________________ /* * asmlinkage long * sys_vhangup(void) */ probe kernel.syscall.vhangup = kernel.function("sys_vhangup") { name = "vhangup" } probe kernel.syscall.vhangup.return = kernel.function("sys_vhangup").return { name = "vhangup.return" } # chown____________________________________________ /* * asmlinkage long * sys_chown(const char __user * filename, * uid_t user, * gid_t group) */ probe kernel.syscall.chown = kernel.function("sys_chown") { name = "chown" path_uaddr = $filename owner = $user group = $group } probe kernel.syscall.chown.return = kernel.function("sys_chown").return { name = "chown.return" } # lchown___________________________________________ /* * asmlinkage long * sys_lchown(const char __user * filename, * uid_t user, * gid_t group) */ probe kernel.syscall.lchown = kernel.function("sys_lchown") { name = "lchown" path_uaddr = $filename owner = $user group = $group } probe kernel.syscall.lchown.return = kernel.function("sys_lchown").return { name = "lchown.return" } # fchown___________________________________________ /* * asmlinkage long * sys_fchown(unsigned int fd, * uid_t user, * gid_t group) */ probe kernel.syscall.fchown = kernel.function("sys_fchown") { name = "fchown" fd = $fd owner = $user group = $group } probe kernel.syscall.fchown.return = kernel.function("sys_fchown").return { name = "fchown.return" } # chown16__________________________________________ /* * asmlinkage long * sys_chown16(const char __user * filename, * old_uid_t user, * old_gid_t group) */ probe kernel.syscall.chown16 = kernel.function("sys_chown") { name = "chown16" path_uaddr = $filename owner = $user group = $group } probe kernel.syscall.chown16.return = kernel.function("sys_chown").return { name = "chown16.return" } # lchown16_________________________________________ /* * asmlinkage long * sys_lchown16(const char __user * filename, * old_uid_t user, * old_gid_t group) */ probe kernel.syscall.lchown16 = kernel.function("sys_lchown") { name = "lchown16" path_uaddr = $filename owner = $user group = $group } probe kernel.syscall.lchown16.return = kernel.function("sys_lchown").return { name = "lchown16.return" } # fchown16_________________________________________ /* * asmlinkage long * sys_fchown16(unsigned int fd, * old_uid_t user, * old_gid_t group) */ probe kernel.syscall.fchown16 = kernel.function("sys_fchown") { name = "fchown16" fd = $fd owner = $user group = $group } probe kernel.syscall.fchown16.return = kernel.function("sys_fchown").return { name = "fchown16.return" } # setregid16_______________________________________ /* * asmlinkage long * sys_setregid16(old_gid_t rgid, * old_gid_t egid) */ probe kernel.syscall.setregid16 = kernel.function("sys_setregid") { name = "setregid16" rgid = $rgid egid = $egid } probe kernel.syscall.setregid16.return = kernel.function("sys_setregid").return { name = "setregid16.return" } # setgid16_________________________________________ /* * asmlinkage long * sys_setgid16(old_gid_t gid) */ probe kernel.syscall.setgid16 = kernel.function("sys_setgid") { name = "setgid16" gid = $gid } probe kernel.syscall.setgid16.return = kernel.function("sys_setgid").return { name = "setgid16.return" } # setreuid16_______________________________________ /* * asmlinkage long * sys_setreuid16(old_uid_t ruid, * old_uid_t euid) */ probe kernel.syscall.setreuid16 = kernel.function("sys_setreuid") { name = "setreuid16" ruid = $ruid euid = $euid } probe kernel.syscall.setreuid16.return = kernel.function("sys_setreuid").return { name = "setreuid16.return" } # setuid16_________________________________________ /* * asmlinkage long * sys_setuid16(old_uid_t uid) */ probe kernel.syscall.setuid16 = kernel.function("sys_setuid") { name = "setuid16" uid = $uid } probe kernel.syscall.setuid16.return = kernel.function("sys_setuid").return { name = "setuid16.return" } # setresuid16______________________________________ /* * asmlinkage long * sys_setresuid16(old_uid_t ruid, * old_uid_t euid, * old_uid_t suid) */ probe kernel.syscall.setresuid16 = kernel.function("sys_setresuid") { name = "setresuid16" ruid = $ruid euid = $euid suid = $suid } probe kernel.syscall.setresuid16.return = kernel.function("sys_setresuid").return { name = "setresuid16.return" } # getresuid16______________________________________ /* * asmlinkage long * sys_getresuid16(old_uid_t __user *ruid, * old_uid_t __user *euid, * old_uid_t __user *suid) */ probe kernel.syscall.getresuid16 = kernel.function("sys_getresuid") { name = "getresuid16" ruid_uaddr = $ruid euid_uaddr = $euid suid_uaddr = $suid } probe kernel.syscall.getresuid16.return = kernel.function("sys_getresuid").return { name = "getresuid16.return" } # setresgid16______________________________________ /* * asmlinkage long * sys_setresgid16(old_gid_t rgid, * old_gid_t egid, * old_gid_t sgid) */ probe kernel.syscall.setresgid16 = kernel.function("sys_setresgid") { name = "setresgid16" rgid = $rgid egid = $egid sgid = $sgid } probe kernel.syscall.setresgid16.return = kernel.function("sys_setresgid").return { name = "setresgid16.return" } # getresgid16______________________________________ /* * asmlinkage long * sys_getresuid16(old_uid_t __user *ruid, * old_uid_t __user *euid, * old_uid_t __user *suid) */ probe kernel.syscall.getresgid16 = kernel.function("sys_getresgid") { name = "getresgid16" ruid_uaddr = $ruid euid_uaddr = $euid suid_uaddr = $suid } probe kernel.syscall.getresgid16.return = kernel.function("sys_getresgid").return { name = "getresgid16.return" } # setfsuid16_______________________________________ /* * asmlinkage long * sys_setfsuid16(old_uid_t uid) */ probe kernel.syscall.setfsuid16 = kernel.function("sys_setfsuid") { name = "setfsuid16" uid = $uid } probe kernel.syscall.setfsuid16.return = kernel.function("sys_setfsuid").return { name = "setfsuid16.return" } # setfsgid16_______________________________________ /* * asmlinkage long * sys_setfsgid16(old_gid_t gid) */ probe kernel.syscall.setfsgid16 = kernel.function("sys_setfsgid") { name = "setfsgid16" gid = $gid } probe kernel.syscall.setfsgid16.return = kernel.function("sys_setfsgid").return { name = "setfsgid16.return" } # getgroups16______________________________________ /* * asmlinkage long * sys_getgroups16(int gidsetsize, * old_gid_t __user *grouplist) */ probe kernel.syscall.getgroups16 = kernel.function("sys_getgroups16") { name = "getgroups16" size = $gidsetsize list_uaddr = $grouplist } probe kernel.syscall.getgroups16.return = kernel.function("sys_getgroups16").return { name = "getgroups16.return" } # setgroups16______________________________________ /* * asmlinkage long * sys_setgroups16(int gidsetsize, * old_gid_t __user *grouplist) */ probe kernel.syscall.setgroups16 = kernel.function("sys_setgroups16") { name = "setgroups16" size = $gidsetsize list_uaddr = $grouplist } probe kernel.syscall.setgroups16.return = kernel.function("sys_setgroups16").return { name = "setgroups16.return" } # getuid16_________________________________________ /* * asmlinkage long * sys_getuid16(void) */ probe kernel.syscall.getuid16 = kernel.function("sys_getuid16") { name = "getuid16" } probe kernel.syscall.getuid16.return = kernel.function("sys_getuid16").return { name = "getuid16.return" } # geteuid16________________________________________ /* * asmlinkage long * sys_geteuid16(void) */ probe kernel.syscall.geteuid16 = kernel.function("sys_geteuid16") { name = "geteuid16" } probe kernel.syscall.geteuid16.return = kernel.function("sys_geteuid16").return { name = "geteuid16.return" } # getgid16_________________________________________ /* * asmlinkage long * sys_getgid16(void) */ probe kernel.syscall.getgid16 = kernel.function("sys_getgid16") { name = "getgid16" } probe kernel.syscall.getgid16.return = kernel.function("sys_getgid16").return { name = "getgid16.return" } # getegid16________________________________________ /* * asmlinkage long * sys_getegid16(void) */ probe kernel.syscall.getegid16 = kernel.function("sys_getegid16") { name = "getegid16" } probe kernel.syscall.getegid16.return = kernel.function("sys_getegid16").return { name = "getegid16.return" } # utime____________________________________________ /* * asmlinkage long * sys_utime(char __user * filename, * struct utimbuf __user * times) */ probe kernel.syscall.utime = kernel.function("sys_utime") { name = "utime" filename_uaddr = $filename buf_uaddr = $times } probe kernel.syscall.utime.return = kernel.function("sys_utime").return { name = "utime.return" } # utimes___________________________________________ /* * asmlinkage long * sys_utimes(char __user * filename, * struct timeval __user * utimes) */ probe kernel.syscall.utimes = kernel.function("sys_utimes") { name = "utimes" filename_uaddr = $filename tvp_uaddr = $utimes } probe kernel.syscall.utimes.return = kernel.function("sys_utimes").return { name = "utimes.return" } # lseek____________________________________________ /* * asmlinkage off_t * sys_lseek(unsigned int fd, * off_t offset, * unsigned int origin) */ probe kernel.syscall.lseek = kernel.function("sys_lseek") { name = "lseek" fildes = $fd offset = $offset whence = $origin whence_str = _seek_whence_str($origin) } probe kernel.syscall.lseek.return = kernel.function("sys_lseek").return { name = "lseek.return" } # llseek___________________________________________ /* * asmlinkage long * sys_llseek(unsigned int fd, * unsigned long offset_high, * unsigned long offset_low, * loff_t __user * result, * unsigned int origin) */ probe kernel.syscall.llseek = kernel.function("sys_llseek") { name = "llseek" fd = $fd offset_high = $offset_high offset_low = $offset_low result_uaddr = $result whence = $origin whence_str = _seek_whence_str($origin) } probe kernel.syscall.llseek.return = kernel.function("sys_llseek").return { name = "llseek.return" } # read_____________________________________________ /* * asmlinkage ssize_t * sys_read(unsigned int fd, * char __user * buf, * size_t count) */ probe kernel.syscall.read = kernel.function("sys_read") { name = "read" fd = $fd buf_uaddr = $buf count = $count } probe kernel.syscall.read.return = kernel.function("sys_read").return { name = "read.return" } # readahead________________________________________ /* * asmlinkage ssize_t * sys_readahead(int fd, * loff_t offset, * size_t count) */ probe kernel.syscall.readahead = kernel.function("sys_readahead") { name = "readahead" fd = $fd offset = $offset count = $count } probe kernel.syscall.readahead.return = kernel.function("sys_readahead").return { name = "readahead.return" } # readv____________________________________________ /* * asmlinkage ssize_t * sys_readv(unsigned long fd, * const struct iovec __user *vec, * unsigned long vlen) */ probe kernel.syscall.readv = kernel.function("sys_readv") { name = "readv" fd = $fd vector_uaddr = $vec count = $vlen } probe kernel.syscall.readv.return = kernel.function("sys_readv").return { name = "readv.return" } # write____________________________________________ /* * asmlinkage ssize_t * sys_write(unsigned int fd, * const char __user * buf, * size_t count) */ probe kernel.syscall.write = kernel.function("sys_write") { name = "write" fd = $fd buf_uaddr = $buf count = $count } probe kernel.syscall.write.return = kernel.function("sys_write").return { name = "write.return" } # writev___________________________________________ /* * asmlinkage ssize_t * sys_writev(unsigned long fd, * const struct iovec __user *vec, * unsigned long vlen) */ probe kernel.syscall.writev = kernel.function("sys_writev") { name = "writev" fd = $fd vector_uaddr = $vec count = $vlen } probe kernel.syscall.writev.return = kernel.function("sys_writev").return { name = "writev.return" } # pread64__________________________________________ /* * asmlinkage ssize_t * sys_pread64(unsigned int fd, * char __user *buf, * size_t count, * loff_t pos) */ probe kernel.syscall.pread64 = kernel.function("sys_pread64") { name = "pread64" fd = $fd buf_uaddr = $buf count = $count offset = $pos } probe kernel.syscall.pread64.return = kernel.function("sys_pread64").return { name = "pread64.return" } # pwrite64_________________________________________ /* * asmlinkage ssize_t * sys_pwrite64(unsigned int fd, * const char __user *buf, * size_t count, * loff_t pos) */ probe kernel.syscall.pwrite64 = kernel.function("sys_pwrite64") { name = "pwrite64" fd = $fd buf_uaddr = $buf count = $count offset = $pos } probe kernel.syscall.pwrite64.return = kernel.function("sys_pwrite64").return { name = "pwrite64.return" } # getcwd___________________________________________ /* * asmlinkage long * sys_getcwd(char __user *buf, * unsigned long size) */ probe kernel.syscall.getcwd = kernel.function("sys_getcwd") { name = "getcwd" buf_uaddr = $buf size = $size } probe kernel.syscall.getcwd.return = kernel.function("sys_getcwd").return { name = "getcwd.return" } # mkdir____________________________________________ /* * asmlinkage long * sys_mkdir(const char __user * pathname, * int mode) */ probe kernel.syscall.mkdir = kernel.function("sys_mkdir") { name = "mkdir" pathname_uaddr = $pathname mode = $mode } probe kernel.syscall.mkdir.return = kernel.function("sys_mkdir").return { name = "mkdir.return" } # chdir____________________________________________ /* * asmlinkage long * sys_chdir(const char __user * filename) */ probe kernel.syscall.chdir = kernel.function("sys_chdir") { name = "chdir" path_uaddr = $filename } probe kernel.syscall.chdir.return = kernel.function("sys_chdir").return { name = "chdir.return" } # fchdir___________________________________________ /* * asmlinkage long * sys_fchdir(unsigned int fd) */ probe kernel.syscall.fchdir = kernel.function("sys_fchdir") { name = "fchdir" fd = $fd } probe kernel.syscall.fchdir.return = kernel.function("sys_fchdir").return { name = "fchdir.return" } # rmdir____________________________________________ /* * asmlinkage long * sys_rmdir(const char __user * pathname) */ probe kernel.syscall.rmdir = kernel.function("sys_rmdir") { name = "rmdir" pathname_uaddr = $pathname } probe kernel.syscall.rmdir.return = kernel.function("sys_rmdir").return { name = "rmdir.return" } # lookup_dcookie___________________________________ /* * asmlinkage long * sys_lookup_dcookie(u64 cookie64, * char __user * buf, * size_t len) */ probe kernel.syscall.lookup_dcookie = kernel.function("sys_lookup_dcookie") { name = "lookup_dcookie" cookie = $cookie64 buffer_uaddr = $buf len = $len } probe kernel.syscall.lookup_dcookie.return = kernel.function("sys_lookup_dcookie").return { name = "lookup_dcookie.return" } # quotactl_________________________________________ /* * asmlinkage long * sys_quotactl(unsigned int cmd, * const char __user *special, * qid_t id, * void __user *addr) */ probe kernel.syscall.quotactl = kernel.function("sys_quotactl") { name = "quotactl" cmd = $cmd cmd_str = _quotactl_cmd_str($cmd) special_uaddr = $special id = $id /* addr = $addr */ } probe kernel.syscall.quotactl.return = kernel.function("sys_quotactl").return { name = "quotactl.return" } # getdents_________________________________________ /* * asmlinkage long * sys_getdents(unsigned int fd, * struct linux_dirent __user * dirent, * unsigned int count) */ probe kernel.syscall.getdents = kernel.function("sys_getdents") { name = "getdents" fd = $fd dirp_uaddr = $dirent count = $count } probe kernel.syscall.getdents.return = kernel.function("sys_getdents").return { name = "getdents.return" } # getdents64_______________________________________ /* * asmlinkage long * sys_getdents64(unsigned int fd, * struct linux_dirent64 __user * dirent, * unsigned int count) */ probe kernel.syscall.getdents64 = kernel.function("sys_getdents64") { name = "getdents64" fd = $fd dirp_uaddr = $dirent count = $count } probe kernel.syscall.getdents64.return = kernel.function("sys_getdents64").return { name = "getdents64.return" } # setsockopt_______________________________________ /* * asmlinkage long * sys_setsockopt(int fd, * int level, * int optname, * char __user *optval, * int optlen) */ probe kernel.syscall.setsockopt = kernel.function("sys_setsockopt") { name = "setsockopt" fd = $fd level = $level level_str = _sockopt_level_str($level) optname = $optname optname_str = _sockopt_optname_str($optname) optval_uaddr = $optval optlen = $optlen } probe kernel.syscall.setsockopt.return = kernel.function("sys_setsockopt").return { name = "setsockopt.return" } # getsockopt_______________________________________ /* * asmlinkage long * sys_getsockopt(int fd, * int level, * int optname, * char __user *optval, * int __user *optlen) */ probe kernel.syscall.getsockopt = kernel.function("sys_getsockopt") { name = "getsockopt" fd = $fd level = $level level_str = _sockopt_level_str($level) optname = $optname optname_str = _sockopt_optname_str($optname) optval_uaddr = $optval optlen_uaddr = $optlen } probe kernel.syscall.getsockopt.return = kernel.function("sys_getsockopt").return { name = "getsockopt.return" } # bind_____________________________________________ /* * asmlinkage long * sys_bind(int fd, * struct sockaddr __user *umyaddr, * int addrlen) */ probe kernel.syscall.bind = kernel.function("sys_bind") { name = "bind" sockfd = $fd my_addr_uaddr = $umyaddr addrlen = $addrlen } probe kernel.syscall.bind.return = kernel.function("sys_bind").return { name = "bind.return" } # connect__________________________________________ /* * asmlinkage long * sys_connect(int fd, * struct sockaddr __user *uservaddr, * int addrlen) */ probe kernel.syscall.connect = kernel.function("sys_connect") { name = "connect" sockfd = $fd serv_addr_uaddr = $uservaddr addrlen = $addrlen } probe kernel.syscall.connect.return = kernel.function("sys_connect").return { name = "connect.return" } # accept___________________________________________ /* * asmlinkage long * sys_accept(int fd, * struct sockaddr __user *upeer_sockaddr, * int __user *upeer_addrlen) */ probe kernel.syscall.accept = kernel.function("sys_accept") { name = "accept" s = $fd addr_uaddr = $upeer_sockaddr addrlen_uaddr = $upeer_addrlen } probe kernel.syscall.accept.return = kernel.function("sys_accept").return { name = "accept.return" } # getsockname______________________________________ /* * asmlinkage long * sys_getsockname(int fd, * struct sockaddr __user *usockaddr, * int __user *usockaddr_len) */ probe kernel.syscall.getsockname = kernel.function("sys_getsockname") { name = "getsockname" s = $fd name_uaddr = $usockaddr namelen_uaddr = $usockaddr_len } probe kernel.syscall.getsockname.return = kernel.function("sys_getsockname").return { name = "getsockname.return" } # getpeername______________________________________ /* * asmlinkage long * sys_getpeername(int fd, * struct sockaddr __user *usockaddr, * int __user *usockaddr_len) */ probe kernel.syscall.getpeername = kernel.function("sys_getpeername") { name = "getpeername" s = $fd name_uaddr = $usockaddr namelen_uaddr = $usockaddr_len } probe kernel.syscall.getpeername.return = kernel.function("sys_getpeername").return { name = "getpeername.return" } # send_____________________________________________ /* * asmlinkage long * sys_sendto(int fd, * void __user * buff, * size_t len, * unsigned flags, * struct sockaddr __user *addr, * int addr_len) */ probe kernel.syscall.send = kernel.function("sys_sendto") { name = "send" s = $fd /* buf = $buf */ len = $len flags = $flags flags_str = _send_flags_str($flags) to_uaddr = $addr tolen = $addr_len } probe kernel.syscall.send.return = kernel.function("sys_sendto").return { name = "send.return" } # sendto___________________________________________ /* * asmlinkage long * sys_sendto(int fd, * void __user * buff, * size_t len, * unsigned flags, * struct sockaddr __user *addr, * int addr_len) */ probe kernel.syscall.sendto = kernel.function("sys_sendto") { name = "sendto" s = $fd /* buf = $buf */ len = $len flags = $flags flags_str = _send_flags_str($flags) to_uaddr = $addr tolen = $addr_len } probe kernel.syscall.sendto.return = kernel.function("sys_sendto").return { name = "sendto.return" } # sendmsg__________________________________________ /* * asmlinkage long * sys_sendmsg(int fd, * struct msghdr __user *msg, * unsigned flags) */ probe kernel.syscall.sendmsg = kernel.function("sys_sendmsg") { name = "sendmsg" s = $fd msg_uaddr = $msg flags = $flags flags_str = _send_flags_str($flags) } probe kernel.syscall.sendmsg.return = kernel.function("sys_sendmsg").return { name = "sendmsg.return" } # recv_____________________________________________ /* * asmlinkage long * sys_recvfrom(int fd, * void __user * ubuf, * size_t size, * unsigned flags, * struct sockaddr __user *addr, * int __user *addr_len) */ probe kernel.syscall.recv = kernel.function("sys_recvfrom") { name = "recv" s = $fd /* buf = $buf */ len = $size flags = $flags flags_str = _recvflags_str($flags) from_uaddr = $addr fromlen_uaddr = $addr_len } probe kernel.syscall.recv.return = kernel.function("sys_recvfrom").return { name = "recv.return" } # recvfrom_________________________________________ /* * asmlinkage long * sys_recvfrom(int fd, * void __user * ubuf, * size_t size, * unsigned flags, * struct sockaddr __user *addr, * int __user *addr_len) */ probe kernel.syscall.recvfrom = kernel.function("sys_recvfrom") { name = "recvfrom" s = $fd /* buf = $buf */ len = $size flags = $flags flags_str = _recvflags_str($flags) from_uaddr = $addr fromlen = $addr_len } probe kernel.syscall.recvfrom.return = kernel.function("sys_recvfrom").return { name = "recvfrom.return" } # recvmsg__________________________________________ /* * asmlinkage long * sys_recvmsg(int fd, * struct msghdr __user *msg, * unsigned int flags) */ probe kernel.syscall.recvmsg = kernel.function("sys_recvmsg") { name = "recvmsg" s = $fd msg_uaddr = $msg flags = $flags flags_str = _recvflags_str($flags) } probe kernel.syscall.recvmsg.return = kernel.function("sys_recvmsg").return { name = "recvmsg.return" } # socket___________________________________________ /* * asmlinkage long * sys_socket(int family, * int type, * int protocol) */ probe kernel.syscall.socket = kernel.function("sys_socket") { name = "socket" family = $family family_str = _sock_family_str($family) type = $type type_str = _sock_type_str($type) protocol = $protocol } probe kernel.syscall.socket.return = kernel.function("sys_socket").return { name = "socket.return" } # socketpair_______________________________________ /* * asmlinkage long * sys_socketpair(int family, * int type, * int protocol, * int __user *usockvec) */ probe kernel.syscall.socketpair = kernel.function("sys_socketpair") { name = "socketpair" family = $family family_str = _sock_family_str($family) type = $type type_str = _sock_type_str($type) protocol = $protocol sv_uaddr = $usockvec } probe kernel.syscall.socketpair.return = kernel.function("sys_socketpair").return { name = "socketpair.return" } # socketcall_______________________________________ /* * asmlinkage long * sys_socketcall(int call, * unsigned long __user *args) */ probe kernel.syscall.socketcall = kernel.function("sys_socketcall") { name = "socketcall" call = $call args_uaddr = $args } probe kernel.syscall.socketcall.return = kernel.function("sys_socketcall").return { name = "socketcall.return" } # listen___________________________________________ /* * asmlinkage long * sys_listen(int fd, * int backlog) */ probe kernel.syscall.listen = kernel.function("sys_listen") { name = "listen" s = $fd backlog = $backlog } probe kernel.syscall.listen.return = kernel.function("sys_listen").return { name = "listen.return" } # poll_____________________________________________ /* * asmlinkage long * sys_poll(struct pollfd __user * ufds, * unsigned int nfds, * long timeout) */ probe kernel.syscall.poll = kernel.function("sys_poll") { name = "poll" ufds_uaddr = $ufds nfds = $nfds timeout = $timeout } probe kernel.syscall.poll.return = kernel.function("sys_poll").return { name = "poll.return" } # select___________________________________________ /* * asmlinkage long * sys_select(int n, * fd_set __user *inp, * fd_set __user *outp, * fd_set __user *exp, * struct timeval __user *tvp) */ probe kernel.syscall.select = kernel.function("sys_select") { name = "select" n = $n readfds_uaddr = $inp writefds_uaddr = $outp exceptfds_uaddr = $exp timeout_uaddr = $tvp } probe kernel.syscall.select.return = kernel.function("sys_select").return { name = "select.return" } # epoll_create_____________________________________ /* * asmlinkage long * sys_epoll_create(int size) */ probe kernel.syscall.epoll_create = kernel.function("sys_epoll_create") { name = "epoll_create" size = $size } probe kernel.syscall.epoll_create.return = kernel.function("sys_epoll_create").return { name = "epoll_create.return" } # epoll_ctl________________________________________ /* * asmlinkage long * sys_epoll_ctl(int epfd, * int op, * int fd, * struct epoll_event __user *event) */ probe kernel.syscall.epoll_ctl = kernel.function("sys_epoll_ctl") { name = "epoll_ctl" epfd = $epfd op = $op op_str = _opoll_op_str($op) fd = $fd event_uaddr = $event } probe kernel.syscall.epoll_ctl.return = kernel.function("sys_epoll_ctl").return { name = "epoll_ctl.return" } # epoll_wait_______________________________________ /* * asmlinkage long * sys_epoll_wait(int epfd, * struct epoll_event __user *events, * int maxevents, * int timeout) */ probe kernel.syscall.epoll_wait = kernel.function("sys_epoll_wait") { name = "epoll_wait" epfd = $epfd events_uaddr = $events maxevents = $maxevents timeout = $timeout } probe kernel.syscall.epoll_wait.return = kernel.function("sys_epoll_wait").return { name = "epoll_wait.return" } # gethostname______________________________________ /* * asmlinkage long * sys_gethostname(char __user *name, * int len) */ probe kernel.syscall.gethostname = kernel.function("sys_gethostname") { name = "gethostname" hostname_uaddr = $name len = $len } probe kernel.syscall.gethostname.return = kernel.function("sys_gethostname").return { name = "gethostname.return" } # sethostname______________________________________ /* * asmlinkage long * sys_sethostname(char __user *name, * int len) */ probe kernel.syscall.sethostname = kernel.function("sys_sethostname") { name = "sethostname" hostname_uaddr = $name len = $len } probe kernel.syscall.sethostname.return = kernel.function("sys_sethostname").return { name = "sethostname.return" } # setdomainname____________________________________ /* * asmlinkage long * sys_setdomainname(char __user *name, * int len) */ probe kernel.syscall.setdomainname = kernel.function("sys_setdomainname") { name = "setdomainname" hostname_uaddr = $name len = $len } probe kernel.syscall.setdomainname.return = kernel.function("sys_setdomainname").return { name = "setdomainname.return" } # newuname_________________________________________ /* * asmlinkage long * sys_newuname(struct new_utsname __user * name) */ probe kernel.syscall.newuname = kernel.function("sys_newuname") { name = "newuname" name_uaddr = $name } probe kernel.syscall.newuname.return = kernel.function("sys_newuname").return { name = "newuname.return" } # getrlimit________________________________________ /* * asmlinkage long * sys_getrlimit(unsigned int resource, * struct rlimit __user *rlim) */ probe kernel.syscall.getrlimit = kernel.function("sys_getrlimit") { name = "getrlimit" resource = $resource resource_str = _rlimit_resource_str($resource) rlim_uaddr = $rlim } probe kernel.syscall.getrlimit.return = kernel.function("sys_getrlimit").return { name = "getrlimit.return" } # old_getrlimit____________________________________ /* * asmlinkage long * sys_old_getrlimit(unsigned int resource, * struct rlimit __user *rlim) */ probe kernel.syscall.old_getrlimit = kernel.function("sys_old_getrlimit") { name = "old_getrlimit" resource = $resource resource_str = _rlimit_resource_str($resource) rlim_uaddr = $rlim } probe kernel.syscall.old_getrlimit.return = kernel.function("sys_old_getrlimit").return { name = "old_getrlimit.return" } # setrlimit________________________________________ /* * asmlinkage long * sys_setrlimit(unsigned int resource, * struct rlimit __user *rlim) */ probe kernel.syscall.setrlimit = kernel.function("sys_setrlimit") { name = "setrlimit" resource = $resource resource_str = _rlimit_resource_str($resource) rlim_uaddr = $rlim } probe kernel.syscall.setrlimit.return = kernel.function("sys_setrlimit").return { name = "setrlimit.return" } # getrusage________________________________________ /* * asmlinkage long * sys_getrusage(int who, * struct rusage __user *ru) */ probe kernel.syscall.getrusage = kernel.function("sys_getrusage") { name = "getrusage" who = $who who_str = _rusage_who_str($who) usage_uaddr = $ru } probe kernel.syscall.getrusage.return = kernel.function("sys_getrusage").return { name = "getrusage.return" } # umask____________________________________________ /* * asmlinkage long * sys_umask(int mask) */ probe kernel.syscall.umask = kernel.function("sys_umask") { name = "umask" mask = $mask } probe kernel.syscall.umask.return = kernel.function("sys_umask").return { name = "umask.return" } # msgget___________________________________________ /* * asmlinkage long * sys_msgget (key_t key, * int msgflg) */ probe kernel.syscall.msgget = kernel.function("sys_msgget") { name = "msgget" key = $key msgflg = $msgflg msgflg_str = _sys_open_flag_str($msgflg) } probe kernel.syscall.msgget.return = kernel.function("sys_msgget").return { name = "msgget.return" } # msgsnd___________________________________________ /* * asmlinkage long * sys_msgsnd (int msqid, * struct msgbuf __user *msgp, * size_t msgsz, * int msgflg) */ probe kernel.syscall.msgsnd = kernel.function("sys_msgsnd") { name = "msgsnd" msqid = $msqid msgp_uaddr = $msgp msgsz = $msgsz msgflg = $msgflg } probe kernel.syscall.msgsnd.return = kernel.function("sys_msgsnd").return { name = "msgsnd.return" } # msgrcv___________________________________________ /* * asmlinkage long * sys_msgrcv (int msqid, * struct msgbuf __user *msgp, * size_t msgsz, * long msgtyp, * int msgflg) */ probe kernel.syscall.msgrcv = kernel.function("sys_msgrcv") { name = "msgrcv" msqid = $msqid msgp_uaddr = $msgp msgsz = $msgsz msgtyp = $msgtyp msgflg = $msgflg } probe kernel.syscall.msgrcv.return = kernel.function("sys_msgrcv").return { name = "msgrcv.return" } # msgctl___________________________________________ /* * asmlinkage long * sys_msgctl (int msqid, * int cmd, * struct msqid_ds __user *buf) */ probe kernel.syscall.msgctl = kernel.function("sys_msgctl") { name = "msgctl" msqid = $msqid cmd = $cmd buf_uaddr = $buf } probe kernel.syscall.msgctl.return = kernel.function("sys_msgctl").return { name = "msgctl.return" } # semget___________________________________________ /* * asmlinkage long * sys_semget (key_t key, * int nsems, * int semflg) */ probe kernel.syscall.semget = kernel.function("sys_semget") { name = "semget" key = $key nsems = $nsems semflg = $semflg } probe kernel.syscall.semget.return = kernel.function("sys_semget").return { name = "semget.return" } # semop____________________________________________ /* * asmlinkage long * sys_semop (int semid, * struct sembuf __user *tsops, * unsigned nsops) */ probe kernel.syscall.semop = kernel.function("sys_semtimedop") { name = "semop" semid = $semid tsops_uaddr = $tsops nsops = $nsops } probe kernel.syscall.semop.return = kernel.function("sys_semtimedop").return { name = "semop.return" } # semctl___________________________________________ /* * asmlinkage long * sys_semctl (int semid, * int semnum, * int cmd, * union semun arg) */ probe kernel.syscall.semctl = kernel.function("sys_semctl") { name = "semctl" semid = $semid semnum = $semnum cmd = $cmd arg = $arg } probe kernel.syscall.semctl.return = kernel.function("sys_semctl").return { name = "semctl.return" } # semtimedop_______________________________________ /* * asmlinkage long * sys_semtimedop(int semid, * struct sembuf __user *tsops, * unsigned nsops, * const struct timespec __user *timeout) */ probe kernel.syscall.semtimedop = kernel.function("sys_semtimedop") { name = "semtimedop" semid = $semid sops_uaddr = $tsops nsops = $nsops timeout_uaddr = $timeout } probe kernel.syscall.semtimedop.return = kernel.function("sys_semtimedop").return { name = "semtimedop.return" } # shmat____________________________________________ /* * asmlinkage long * sys_shmat(int shmid, * char __user *shmaddr, * int shmflg, * unsigned long *addr) */ probe kernel.syscall.shmat = kernel.function("sys_shmat") { name = "shmat" shmid = $shmid shmaddr_uaddr = $shmaddr shmflg = $shmflg } probe kernel.syscall.shmat.return = kernel.function("sys_shmat").return { name = "shmat.return" } # shmget___________________________________________ /* * asmlinkage long * sys_shmget (key_t key, * size_t size, * int shmflg) */ probe kernel.syscall.shmget = kernel.function("sys_shmget") { name = "shmget" key = $key size = $size shmflg = $shmflg } probe kernel.syscall.shmget.return = kernel.function("sys_shmget").return { name = "shmget.return" } # shmdt____________________________________________ /* * asmlinkage long * sys_shmdt(char __user *shmaddr) */ probe kernel.syscall.shmdt = kernel.function("sys_shmdt") { name = "shmdt" shmaddr_uaddr = $shmaddr } probe kernel.syscall.shmdt.return = kernel.function("sys_shmdt").return { name = "shmdt.return" } # shmctl___________________________________________ /* * asmlinkage long * sys_shmctl (int shmid, * int cmd, * struct shmid_ds __user *buf) */ probe kernel.syscall.shmctl = kernel.function("sys_shmctl") { name = "shmctl" shmid = $shmid cmd = $cmd buf_uaddr = $buf } probe kernel.syscall.shmctl.return = kernel.function("sys_shmctl").return { name = "shmctl.return" } # mq_open__________________________________________ /* * asmlinkage long * sys_mq_open(const char __user *u_name, * int oflag, * mode_t mode, * struct mq_attr __user *u_attr) */ probe kernel.syscall.mq_open = kernel.function("sys_mq_open") { name = "mq_open" name_uaddr = $u_name oflag = $oflag mode = $mode u_attr_uaddr = $u_attr } probe kernel.syscall.mq_open.return = kernel.function("sys_mq_open").return { name = "mq_open.return" } # mq_unlink________________________________________ /* * asmlinkage long * sys_mq_unlink(const char __user *u_name) */ probe kernel.syscall.mq_unlink = kernel.function("sys_mq_unlink") { name = "mq_unlink" u_name_uaddr = $u_name } probe kernel.syscall.mq_unlink.return = kernel.function("sys_mq_unlink").return { name = "mq_unlink.return" } # mq_timedsend_____________________________________ /* * asmlinkage long * sys_mq_timedsend(mqd_t mqdes, * const char __user *u_msg_ptr, * size_t msg_len, * unsigned int msg_prio, * const struct timespec __user *u_abs_timeout) */ probe kernel.syscall.mq_timedsend = kernel.function("sys_mq_timedsend") { name = "mq_timedsend" mqdes = $mqdes msg_ptr_uaddr = $u_msg_ptr msg_len = $msg_len msg_prio = $msg_prio abs_timeout_uaddr = $u_abs_timeout } probe kernel.syscall.mq_timedsend.return = kernel.function("sys_mq_timedsend").return { name = "mq_timedsend.return" } # mq_timedreceive__________________________________ /* * asmlinkage ssize_t * sys_mq_timedreceive(mqd_t mqdes, * char __user *u_msg_ptr, * size_t msg_len, * unsigned int __user *u_msg_prio, * const struct timespec __user *u_abs_timeout) */ probe kernel.syscall.mq_timedreceive = kernel.function("sys_mq_timedreceive") { name = "mq_timedreceive" mqdes = $mqdes msg_ptr_uaddr = $u_msg_ptr msg_len = $msg_len msg_prio_uaddr = $u_msg_prio abs_timout_uaddr = $u_abs_timeout } probe kernel.syscall.mq_timedreceive.return = kernel.function("sys_mq_timedreceive").return { name = "mq_timedreceive.return" } # mq_notify________________________________________ /* * asmlinkage long * sys_mq_notify(mqd_t mqdes, * const struct sigevent __user *u_notification) */ probe kernel.syscall.mq_notify = kernel.function("sys_mq_notify") { name = "mq_notify" mqdes = $mqdes notification_uaddr = $u_notification } probe kernel.syscall.mq_notify.return = kernel.function("sys_mq_notify").return { name = "mq_notify.return" } # mq_getsetattr____________________________________ /* * asmlinkage long * sys_mq_getsetattr(mqd_t mqdes, * const struct mq_attr __user *u_mqstat, * struct mq_attr __user *u_omqstat) */ probe kernel.syscall.mq_getsetattr = kernel.function("sys_mq_getsetattr") { name = "mq_getsetattr" mqdes = $mqdes u_mqstat_uaddr = $u_mqstat u_omqstat_uaddr = $u_omqstat } probe kernel.syscall.mq_getsetattr.return = kernel.function("sys_mq_getsetattr").return { name = "mq_getsetattr.return" } # pciconfig_iobase_________________________________ /* * asmlinkage long * sys_pciconfig_iobase(long which, * unsigned long bus, * unsigned long dfn) */ probe kernel.syscall.pciconfig_iobase = kernel.function("sys_pciconfig_iobase") { name = "pciconfig_iobase" which = $which bus = $bus dfn = $dfn } probe kernel.syscall.pciconfig_iobase.return = kernel.function("sys_pciconfig_iobase").return { name = "pciconfig_iobase.return" } # pciconfig_read___________________________________ /* * asmlinkage int * sys_pciconfig_read(unsigned long bus, * unsigned long dfn, * unsigned long off, * unsigned long len, * unsigned char *buf) * { return 0; } */ probe kernel.syscall.pciconfig_read = kernel.function("sys_pciconfig_read") { name = "pciconfig_read" bus = $bus dfn = $dfn off = $off len = $len buf_uaddr = $buf } probe kernel.syscall.pciconfig_read.return = kernel.function("sys_pciconfig_read").return { name = "pciconfig_read.return" } # pciconfig_write__________________________________ /* * asmlinkage int * sys_pciconfig_write(unsigned long bus, * unsigned long dfn, * unsigned long off, * unsigned long len, * unsigned char *buf) */ probe kernel.syscall.pciconfig_write = kernel.function("sys_pciconfig_write") { name = "pciconfig_write" bus = $bus dfn = $dfn off = $off len = $len buf_uaddr = $buf } probe kernel.syscall.pciconfig_write.return = kernel.function("sys_pciconfig_write").return { name = "pciconfig_write.return" } # prctl____________________________________________ /* * asmlinkage long * sys_prctl(int option, * unsigned long arg2, * unsigned long arg3, * unsigned long arg4, * unsigned long arg5) */ probe kernel.syscall.prctl = kernel.function("sys_prctl") { name = "prctl" option = $option arg2 = $arg2 arg3 = $arg3 arg4 = $arg4 arg5 = $arg5 } probe kernel.syscall.prctl.return = kernel.function("sys_prctl").return { name = "prctl.return" } # swapon___________________________________________ /* * asmlinkage long * sys_swapon(const char __user * specialfile, * int swap_flags) */ probe kernel.syscall.swapon = kernel.function("sys_swapon") { name = "swapon" path_uaddr = $specialfile swapflags = $swap_flags } probe kernel.syscall.swapon.return = kernel.function("sys_swapon").return { name = "swapon.return" } # swapoff__________________________________________ /* * asmlinkage long * sys_swapoff(const char __user * specialfile) */ probe kernel.syscall.swapoff = kernel.function("sys_swapoff") { name = "swapoff" path_uaddr = $specialfile } probe kernel.syscall.swapoff.return = kernel.function("sys_swapoff").return { name = "swapoff.return" } # sysctl___________________________________________ /* * asmlinkage long * sys_sysctl(struct __sysctl_args __user *args) */ probe kernel.syscall.sysctl = kernel.function("sys_sysctl") { name = "sysctl" args_uaddr = $args } probe kernel.syscall.sysctl.return = kernel.function("sys_sysctl").return { name = "sysctl.return" } # sysinfo__________________________________________ /* * asmlinkage long * sys_sysinfo(struct sysinfo __user *info) */ probe kernel.syscall.sysinfo = kernel.function("sys_sysinfo") { name = "sysinfo" info_uaddr = $info } probe kernel.syscall.sysinfo.return = kernel.function("sys_sysinfo").return { name = "sysinfo.return" } # sysfs____________________________________________ /* * asmlinkage long * sys_sysfs(int option, * unsigned long arg1, * unsigned long arg2) */ probe kernel.syscall.sysfs = kernel.function("sys_sysfs") { name = "sysfs" option = $option arg1 = $arg1 arg2 = $arg2 } probe kernel.syscall.sysfs.return = kernel.function("sys_sysfs").return { name = "sysfs.return" } # nfsservctl_______________________________________ /* * long asmlinkage * sys_nfsservctl(int cmd, * struct nfsctl_arg __user *arg, * void __user *res) */ probe kernel.syscall.nfsservctl = kernel.function("sys_nfsservctl") { name = "nfsservctl" cmd = $cmd argp_uaddr = $arg resp_uaddr = $res } probe kernel.syscall.nfsservctl.return = kernel.function("sys_nfsservctl").return { name = "nfsservctl.return" } # syslog___________________________________________ /* * asmlinkage long * sys_syslog(int type, * char __user * buf, * int len) */ probe kernel.syscall.syslog = kernel.function("do_syslog") { name = "syslog" type = $type bufp_uaddr = $buf len = $len } probe kernel.syscall.syslog.return = kernel.function("do_syslog").return { name = "syslog.return" } # uselib___________________________________________ /* * asmlinkage long * sys_uselib(const char __user * library) */ probe kernel.syscall.uselib = kernel.function("sys_uselib") { name = "uselib" library_uaddr = $library } probe kernel.syscall.uselib.return = kernel.function("sys_uselib").return { name = "uselib.return" } # add_key__________________________________________ /* * asmlinkage long * sys_add_key(const char __user *_type, * const char __user *_description, * const void __user *_payload, * size_t plen, * key_serial_t ringid) */ probe kernel.syscall.add_key = kernel.function("sys_add_key") { name = "add_key" type_uaddr = $_type description_auddr = $_description payload_uaddr = $payload plen = $plen ringid = $ringid } probe kernel.syscall.add_key.return = kernel.function("sys_add_key").return { name = "add_key.return" } # request_key______________________________________ /* * asmlinkage long * sys_request_key(const char __user *_type, * const char __user *_description, * const char __user *_callout_info, * key_serial_t destringid) */ probe kernel.syscall.request_key = kernel.function("sys_request_key") { name = "request_key" type_uaddr = $_type description_uaddr = $_description callout_info_uaddr = $_callout_info destringid = $destringid } probe kernel.syscall.request_key.return = kernel.function("sys_request_key").return { name = "request_key.return" } # keyctl___________________________________________ /* * asmlinkage long * sys_keyctl(int option, * unsigned long arg2, * unsigned long arg3, * unsigned long arg4, * unsigned long arg5) */ probe kernel.syscall.keyctl = kernel.function("sys_keyctl") { name = "keyctl" option = $option arg2 = $arg2 arg3 = $arg3 arg4 = $arg4 arg5 = $arg5 } probe kernel.syscall.keyctl.return = kernel.function("sys_keyctl").return { name = "keyctl.return" } # modify_ldt_______________________________________ /* * asmlinkage int * sys_modify_ldt(int func, * void __user *ptr, * unsigned long bytecount) */ probe kernel.syscall.modify_ldt = kernel.function("sys_modify_ldt") { name = "modify_ldt" func = $func /* ptr = $ptr */ bytecount = $bytecount } probe kernel.syscall.modify_ldt.return = kernel.function("sys_modify_ldt").return { name = "modify_ldt.return" } # mmap2____________________________________________ /* * unsigned long sys_mmap2(unsigned long addr, * size_t len, * unsigned long prot, * unsigned long flags, * unsigned long fd, * unsigned long pgoff) */ probe kernel.syscall.mmap2 = kernel.function("sys_mmap2") { name = "mmap2" addr = $addr len = $len prot = $prot flags = $flags fd = $fd pgoff = $pgoff } probe kernel.syscall.mmap2.return = kernel.function("sys_mmap2").return { name = "mmap2.return" } # execve___________________________________________ /* * asmlinkage int * sys_execve(struct pt_regs regs) */ probe kernel.syscall.execve = kernel.function("sys_execve") { name = "execve" regs = $regs } probe kernel.syscall.execve.return = kernel.function("sys_execve").return { name = "execve.return" } # clone____________________________________________ /* * long do_fork(unsigned long clone_flags, * unsigned long stack_start, * struct pt_regs *regs, * unsigned long stack_size, * int __user *parent_tidptr, * int __user *child_tidptr) */ probe kernel.syscall.clone = kernel.function("do_fork") { name = "clone" clone_flags = $clone_flags start_stack = $start_stack regs_uaddr = $regs stack_size = $stack_size parent_tid_uaddr = $parent_tidptr child_tid_uaddr = $child_tidptr } probe kernel.syscall.clone.return = kernel.function("do_fork").return { name = "clone.return" } # fork_____________________________________________ /* * long do_fork(unsigned long clone_flags, * unsigned long stack_start, * struct pt_regs *regs, * unsigned long stack_size, * int __user *parent_tidptr, * int __user *child_tidptr) */ probe kernel.syscall.fork = kernel.function("do_fork") { name = "fork" clone_flags = $clone_flags start_stack = $start_stack regs_uaddr = $regs stack_size = $stack_size parent_tid_uaddr = $parent_tidptr child_tid_uaddr = $child_tidptr } probe kernel.syscall.fork.return = kernel.function("do_fork").return { name = "fork.return" } # vfork____________________________________________ /* * long do_fork(unsigned long clone_flags, * unsigned long stack_start, * struct pt_regs *regs, * unsigned long stack_size, * int __user *parent_tidptr, * int __user *child_tidptr) */ probe kernel.syscall.vfork = kernel.function("do_fork") { name = "vfork" clone_flags = $clone_flags start_stack = $start_stack regs_uaddr = $regs stack_size = $stack_size parent_tid_uaddr = $parent_tidptr child_tid_uaddr = $child_tidptr } probe kernel.syscall.vfork.return = kernel.function("do_fork").return { name = "vfork.return" } # pipe_____________________________________________ /* * asmlinkage int * sys_pipe(unsigned long __user * fildes) */ probe kernel.syscall.pipe = kernel.function("sys_pipe") { name = "pipe" fildes_uaddr = $fildes } probe kernel.syscall.pipe.return = kernel.function("sys_pipe").return { name = "pipe.return" } # ptrace___________________________________________ /* * asmlinkage int * sys_ptrace(long request, * long pid, * long addr, * long data) */ probe kernel.syscall.ptrace = kernel.function("sys_ptrace") { name = "ptrace" request = $request pid = $pid addr = $addr data = $data } probe kernel.syscall.ptrace.return = kernel.function("sys_ptrace").return { name = "ptrace.return" } # iopl_____________________________________________ /* * asmlinkage long * sys_iopl(unsigned long unused) */ probe kernel.syscall.iopl = kernel.function("sys_iopl") { name = "iopl" level = $unused } probe kernel.syscall.iopl.return = kernel.function("sys_iopl").return { name = "iopl.return" } # rt_sigaction_____________________________________ /* * asmlinkage long * sys_rt_sigaction(int sig, * const struct sigaction __user *act, * struct sigaction __user *oact, * size_t sigsetsize, * void __user *restorer) */ probe kernel.syscall.rt_sigaction = kernel.function("sys_rt_sigaction") { name = "rt_sigaction" sig = $sig act_uaddr = $act oact_uaddr = $oact sigsetsize = $sigsetsize /* restorer = $restorer */ } probe kernel.syscall.rt_sigaction.return = kernel.function("sys_rt_sigaction").return { name = "rt_sigaction.return" }