kprocess.exec: rely on syscall.execve

By relying on syscall.execve, we get the benefits of compatibility
across different kernel versions, as well as access to the arguments.

diff --git a/tapset/linux/kprocess.stp b/tapset/linux/kprocess.stp
index f30a66b25a29cb33f3a1507b83dc1635b6697c2b..848c53ef86acf303688af4d223a622e699e5bad8 100644 (file)
--- a/tapset/linux/kprocess.stp
+++ b/tapset/linux/kprocess.stp
@@ -1,5 +1,6 @@
 // kernel process tapset
 // Copyright (C) 2006 Intel Corporation.
+// Copyright (C) 2014 Red Hat Inc.
 //
 // This file is part of systemtap, and is free software.  You can
 // redistribute it and/or modify it under the terms of the GNU General
@@ -47,38 +48,70 @@ probe kprocess.start = kernel.function("schedule_tail") { }
 
 /**
  * probe kprocess.exec - Attempt to exec to a new program
+ *
  * @filename: The path to the new executable
+ * @name: Name of the system call ("execve") (SystemTap v2.5+)
+ * @args: The arguments to pass to the new executable, including
+ * the 0th arg (SystemTap v2.5+)
+ * @argstr: A string containing the filename followed by the
+ * arguments to pass, excluding 0th arg (SystemTap v2.5+)
  *
  * Context:
  *  The caller of exec.
  *
- *  Fires whenever a process attempts to exec to a new program.
+ *  Fires whenever a process attempts to exec to a new program. Aliased
+ *  to the syscall.execve probe in SystemTap v2.5+.
  */
+%(systemtap_v <= "2.4" %?
 probe kprocess.exec = 
     kernel.function("do_execve"),
     kernel.function("compat_do_execve") ?
 {
     filename = kernel_string($filename)
 }
+%:
+probe kprocess.exec = syscall.execve
+{
+   /*
+   name = "execve"
+   filename = user_string_quoted(@choose_defined($filename, $name))
+   # kernel 3.0 changed the pointer's name to __argv
+   __argv = @choose_defined($__argv, $argv)
+   args = __get_argv(__argv, 0)
+   argstr = sprintf("%s %s", filename, __get_argv(__argv, 1))
+   */
+}
+%)
 
 
 /**
  * probe kprocess.exec_complete - Return from exec to a new program
  * @errno: The error number resulting from the exec
  * @success: A boolean indicating whether the exec was successful
+ * @name: Name of the system call ("execve") (SystemTap v2.5+)
+ * @retstr: A string representation of errno (SystemTap v2.5+)
  *
  * Context:
  *  On success, the context of the new executable.
  *  On failure, remains in the context of the caller.
  *
- *  Fires at the completion of an exec call.
+ *  Fires at the completion of an exec call. Aliased to the
+ *  syscall.execve.return probe in SystemTap v2.5+.
  */
+%(systemtap_v <= "2.4" %?
 probe kprocess.exec_complete =
     kernel.function("do_execve").return,
     kernel.function("compat_do_execve").return ?
+%:
+probe kprocess.exec_complete = syscall.execve.return
+%)
 {
     errno = $return
     success = (errno >= 0)
+    /*
+    name = "execve"
+    retstr = return_str(1, $return)
+    */
 }
 
 

diff --git a/tapset/linux/syscalls.stp b/tapset/linux/syscalls.stp
index 613640d05e32502c7a6948a8ceac27229be4f7b0..f33923b2099ecebc20c97977edaf4a191635b984 100644 (file)
--- a/tapset/linux/syscalls.stp
+++ b/tapset/linux/syscalls.stp
@@ -716,6 +716,7 @@ probe syscall.eventfd.return = kernel.function("sys_eventfd2").return !,
 }
 
 # execve _____________________________________________________
+# NB: kprocess.exec[_complete] is aliased to syscall.execve[.return]
 %( kernel_v >= "3.7" %?
 # In kernels >= 3.7, sys_execve() has been moved to generic code, so we
 # can use it with confidence.