* syscalls.stp: Latest.
* syscalls2.stp: Commented out pciconfig calls. Those
need to go in arch-specific directories.
* aux_syscalls.stp (_access_mode_str): Fix.
(_mmap_flags): New Function.
(_mprotect_prot_str): Fix.
(__string): New.
(__get_argv): New.
(__fork_flags): New.
+2006-02-07 Martin Hunt <hunt@redhat.com>
+
+ * syscalls.stp: Latest.
+ * syscalls2.stp: Commented out pciconfig calls. Those
+ need to go in arch-specific directories.
+
+ * aux_syscalls.stp (_access_mode_str): Fix.
+ (_mmap_flags): New Function.
+ (_mprotect_prot_str): Fix.
+ (__string): New.
+ (__get_argv): New.
+ (__fork_flags): New.
+
2006-02-01 Martin Hunt <hunt@redhat.com>
* syscalls.stp: New syscall file.
+function __fork_flags:string(flags:long)
+%{
+ long flags = THIS->flags;
+ char *str = THIS->__retvalue;
+ if (flags & CLONE_FS)
+ strlcat(str,"CLONE_FS|", MAXSTRINGLEN);
+ if (flags & CLONE_FILES)
+ strlcat(str, "CLONE_FILES|", MAXSTRINGLEN);
+ if (flags & CLONE_SIGHAND)
+ strlcat(str, "CLONE_SIGHAND|", MAXSTRINGLEN);
+ if (flags & CLONE_PTRACE)
+ strlcat(str, "CLONE_PTRACE|", MAXSTRINGLEN);
+ if (flags & CLONE_VFORK)
+ strlcat(str, "CLONE_VFORK|", MAXSTRINGLEN);
+ if (flags & CLONE_PARENT)
+ strlcat(str, "CLONE_PARENT|", MAXSTRINGLEN);
+ if (flags & CLONE_THREAD)
+ strlcat(str, "CLONE_THREAD|", MAXSTRINGLEN);
+ if (flags & CLONE_SYSVSEM)
+ strlcat(str, "CLONE_SYSVSEM|", MAXSTRINGLEN);
+ if (flags & CLONE_SETTLS)
+ strlcat(str, "CLONE_SETTLS|", MAXSTRINGLEN);
+ if (flags & CLONE_PARENT_SETTID)
+ strlcat(str, "CLONE_PARENT_SETTID|", MAXSTRINGLEN);
+ if (flags & CLONE_CHILD_CLEARTID)
+ strlcat(str, "CLONE_CHILD_CLEARTID|", MAXSTRINGLEN);
+ if (flags & CLONE_UNTRACED)
+ strlcat(str, "CLONE_UNTRACED|", MAXSTRINGLEN);
+ if (flags & CLONE_CHILD_SETTID)
+ strlcat(str, "CLONE_CHILD_SETTID|", MAXSTRINGLEN);
+ if (flags & CLONE_STOPPED)
+ strlcat(str, "CLONE_STOPPED", MAXSTRINGLEN);
+%}
+
+/* This function copies an argv from userspace. */
+function __get_argv:string(a:long)
+%{
+ char __user *__user *argv = (char __user *__user *)(long)THIS->a;
+ char __user *vstr;
+ int space, rc, len = MAXSTRINGLEN;
+ char *str = THIS->__retvalue;
+ char buf[80];
+ char *ptr = buf;
+
+ if (argv)
+ argv++;
+
+ while (argv != NULL) {
+ if (get_user (vstr, argv))
+ break;
+
+ if (vstr == NULL)
+ break;
+
+ rc = _stp_strncpy_from_user(buf, vstr, 80);
+ if (rc <= 0)
+ break;
+
+ /* check for whitespace in string */
+ buf[rc] = 0;
+ ptr = buf;
+ space = 0;
+ while (*ptr && rc--) {
+ if (isspace(*ptr++)) {
+ space = 1;
+ break;
+ }
+ }
+
+ if (len != MAXSTRINGLEN && len) {
+ *str++=' ';
+ len--;
+ }
+
+ if (space && len) {
+ *str++='\"';
+ len--;
+ }
+
+ rc = strlcpy (str, buf, len);
+ str += rc;
+ len -= rc;
+
+ if (space && len) {
+ *str++='\"';
+ len--;
+ }
+
+ argv++;
+ }
+ *str = 0;
+%}
+
+/*
+* This function is used when a long is really a pointer and we need
+* the string it points to. Should be rarely necessary.
+*/
+function __string:string (a:long)
+%{
+ char *str =(char *)(long)THIS->a;
+ strlcpy(THIS->__retvalue, str, MAXSTRINGLEN);
+%}
+
/*
* Return the 64 bit long value of the
* scalar user space pointer parameter
/* `man 2 open` for more information */
function _access_mode_str(m) {
- if(m & 4) bs="R_OK|".bs
- if(m & 2) bs="W_OK|".bs
- if(m & 1) bs="X_OK|".bs
- if((m & 3) == 0) bs="F_OK|".bs
- return substr(bs,0,strlen(bs)-1)
+ if((m & 7) == 0) return "F_OK"
+ if(m & 4) bs="R_OK |".bs
+ if(m & 2) bs="W_OK |".bs
+ if(m & 1) bs="X_OK |".bs
+ return substr(bs,0,strlen(bs)-2)
}
/* `man 2 open` for more information */
return ""
}
+function _mmap_flags(flags) {
+ if (flags & 1) msg="MAP_SHARED|"
+ if (flags & 2) msg="MAP_PRIVATE|".msg
+ if (flags & 0x10) msg="MAP_FIXED|".msg
+ if (flags & 0x20) msg="MAP_ANONYMOUS|".msg
+ if (flags & 0x100) msg="MAP_GROWSDOWN|".msg
+ if (flags & 0x800) msg="MAP_DENYWRITE|".msg
+ if (flags & 0x1000) msg="MAP_EXECUTABLE|".msg
+ if (flags & 0x2000) msg="MAP_LOCKED|".msg
+ if (flags & 0x4000) msg="MAP_NORESERVE|".msg
+ if (flags & 0x8000) msg="MAP_POPULATE|".msg
+ if (flags & 0x10000) msg="MAP_NONBLOCK|".msg
+ return substr(msg,0,strlen(msg)-1)
+}
+
function _mprotect_prot_str(prot) {
- if(prot==0x00000000) return "PROT_NONE"
- if(prot==0x00000001) return "PROT_READ"
- if(prot==0x00000002) return "PROT_WRITE"
- if(prot==0x00000004) return "PROT_EXEC"
- return ""
+ if (prot) {
+ if(prot & 1) ps="PROT_READ|"
+ if(prot & 2) ps="PROT_WRITE|".ps
+ if(prot & 4) ps="PROT_EXEC|".ps
+ return substr(ps,0,strlen(ps)-1)
+ }
+ return "PROT_NONE"
}
function _madvice_advice_str(behavior) {
MAXSTRINGLEN);
if (rc < 0)
{
- static char errmsg[40];
- snprintf (errmsg, 40, "user string copy fault at 0x%p",
- (void *) (uintptr_t) THIS->addr);
- CONTEXT->last_error = errmsg;
+// static char errmsg[40];
+// snprintf (errmsg, 40, "user string copy fault at 0x%p",
+// (void *) (uintptr_t) THIS->addr);
+// CONTEXT->last_error = errmsg;
}
%}
name = "clone.return"
}
# close ______________________________________________________
-/*
- * asmlinkage long
- * sys_close(unsigned int fd)
- */
-probe kernel.syscall.close =
- kernel.function("sys_close") {
- name = "close"
- fd = $fd
+# long sys_close(unsigned int fd)
+probe syscall.close = kernel.function("sys_close") {
+ name = "close"
+ fd = $fd
+ argstr = string(fd)
+}
+probe syscall.close.return = kernel.function("sys_close").return {
+ name = "close"
+ returnp = 1
}
-probe kernel.syscall.close.return =
- kernel.function("sys_close").return {
- name = "close.return"
- }
# connect ____________________________________________________
/*
* asmlinkage long
# execve _____________________________________________________
# int sys_execve(struct pt_regs regs)
-probe syscall.execve = kernel.function("sys_execve") {
+# which breaks out the args and immediately calls
+# int do_execve(char * filename,
+# char __user *__user *argv,
+# char __user *__user *envp,
+# struct pt_regs * regs)
+probe syscall.execve = kernel.function("do_execve") {
name = "execve"
- /*
- * unsupported type identifier '$regs'
- * regs = $regs
- */
+ filename = __string($filename)
+ args = __get_argv($argv)
+ argstr = sprintf("%s %s", filename, args)
}
-# v2.6.15-rc2 or earlier has problems
-probe syscall.execve.return = kernel.function("sys_execve").return {
+# v2.6.15-rc2 or earlier has problems with sys_execve
+probe syscall.execve.return = kernel.function("do_execve").return {
name = "execve"
returnp = 1
}
kernel.function("sys_flock").return {
name = "flock.return"
}
+
+
# fork _______________________________________________________
# long do_fork(unsigned long clone_flags,
# unsigned long stack_start,
# int __user *parent_tidptr,
# int __user *child_tidptr)
probe syscall.fork = kernel.function("do_fork") {
- name = "fork"
clone_flags = $clone_flags
- /*
- * unable to find local 'start_stack' (maybe i386 specific)
- * start_stack = $start_stack
- */
- regs_uaddr = $regs
+ stack_start = $stack_start
+ regs = $regs
stack_size = $stack_size
parent_tid_uaddr = $parent_tidptr
child_tid_uaddr = $child_tidptr
+
+ if (stack_start == 0) {
+ name = "fork_kernel_thread"
+ argstr = __fork_flags(clone_flags)
+ } else if (clone_flags == 17)
+ name = "fork"
+ else if (clone_flags & 0x4000)
+ name = "vfork"
+ else {
+ name = "clone"
+ argstr = __fork_flags(clone_flags)
+ }
}
probe syscall.fork.return = kernel.function("do_fork").return {
name = "fork"
kernel.function("sys_fsetxattr").return {
name = "fsetxattr.return"
}
+
# fstat ______________________________________________________
# long sys_fstat(unsigned int fd,struct __old_kernel_stat __user * statbuf)
probe syscall.fstat = kernel.function("sys_fstat") {
name = "fstat"
fd = $fd
buf_uaddr = $statbuf
- argstr = string($fd)
+ argstr = sprintf("%d, [0x%x]", fd, buf_uaddr)
}
probe syscall.fstat.return = kernel.function("sys_fstat").return {
name = "fstat"
returnp = 1
}
+
# fstatfs ____________________________________________________
/*
* asmlinkage long
name = "fstatfs64.return"
}
# fsync ______________________________________________________
-/*
- * asmlinkage long
- * sys_fsync(unsigned int fd)
- */
-probe kernel.syscall.fsync =
- kernel.function("sys_fsync") {
- name = "fsync"
- fd = $fd
- }
-probe kernel.syscall.fsync.return =
- kernel.function("sys_fsync").return {
- name = "fsync.return"
- }
+# long sys_fsync(unsigned int fd)
+probe syscall.fsync = kernel.function("sys_fsync") {
+ name = "fsync"
+ fd = $fd
+ argstr = string(fd)
+}
+probe syscall.fsync.return = kernel.function("sys_fsync").return {
+ name = "fsync.return"
+ returnp = 1
+}
# ftruncate __________________________________________________
/*
* static inline long
kernel.function("sys_mlockall").return {
name = "mlockall.return"
}
+
+# mmap2
+# long sys_mmap2(unsigned long addr, unsigned long len,
+# unsigned long prot, unsigned long flags,
+# unsigned long fd, unsigned long pgoff)
+probe syscall.mmap2 = kernel.function("sys_mmap2") {
+ name = "mmap2"
+ start = $addr
+ length = $len
+ prot = $prot
+ flags = $flags
+ fd = $fd
+ pgoffset = $pgoff
+ argstr = sprintf("0x%x, %d, %s, %s, %d, 0x%x", start,
+ length, _mprotect_prot_str(prot), _mmap_flags(flags),
+ fd, pgoffset)
+}
+probe syscall.mmap2.return = kernel.function("sys_mmap2").return {
+ name = "mmap2"
+ returnp = 1
+}
+
# modify_ldt _________________________________________________
/*
* asmlinkage int
# unsigned long dfn)
#
#
-probe syscall.pciconfig_iobase = kernel.function("sys_pciconfig_iobase") {
- name = "pciconfig_iobase"
- which = $which
- bus = $bus
- dfn = $dfn
-}
-probe syscall.pciconfig_iobase.return = kernel.function("sys_pciconfig_iobase").return {
- name = "pciconfig_iobase"
- returnp = 1
-}
+#probe syscall.pciconfig_iobase = kernel.function("sys_pciconfig_iobase") {
+# name = "pciconfig_iobase"
+# which = $which
+# bus = $bus
+# dfn = $dfn
+#}
+#probe syscall.pciconfig_iobase.return = kernel.function("sys_pciconfig_iobase").return {
+# name = "pciconfig_iobase"
+# returnp = 1
+#}
# pciconfig_read _____________________________________________
#
# asmlinkage int
# { return 0; }
#
#
-probe syscall.pciconfig_read = kernel.function("sys_pciconfig_read") {
- name = "pciconfig_read"
- bus = $bus
- dfn = $dfn
- off = $off
- len = $len
- buf_uaddr = $buf
-}
-probe syscall.pciconfig_read.return =
- kernel.function("sys_pciconfig_read").return {
- name = "pciconfig_read"
- returnp = 1
-}
+#probe syscall.pciconfig_read = kernel.function("sys_pciconfig_read") {
+# name = "pciconfig_read"
+# bus = $bus
+# dfn = $dfn
+# off = $off
+# len = $len
+# buf_uaddr = $buf
+#}
+#probe syscall.pciconfig_read.return =
+# kernel.function("sys_pciconfig_read").return {
+# name = "pciconfig_read"
+# returnp = 1
+#}
# pciconfig_write ____________________________________________
#
# asmlinkage int
# unsigned char *buf)
#
#
-probe syscall.pciconfig_write = kernel.function("sys_pciconfig_write") {
- name = "pciconfig_write"
- bus = $bus
- dfn = $dfn
- off = $off
- len = $len
- buf_uaddr = $buf
-}
-probe syscall.pciconfig_write.return =
- kernel.function("sys_pciconfig_write").return {
- name = "pciconfig_write"
- returnp = 1
-}
+#probe syscall.pciconfig_write = kernel.function("sys_pciconfig_write") {
+# name = "pciconfig_write"
+# bus = $bus
+# dfn = $dfn
+# off = $off
+# len = $len
+# buf_uaddr = $buf
+#}
+#probe syscall.pciconfig_write.return =
+# kernel.function("sys_pciconfig_write").return {
+# name = "pciconfig_write"
+# returnp = 1
+#}
# personality ________________________________________________
#
# asmlinkage long