# umount _____________________________________________________
# long sys_umount(char __user * name, int flags)
+# SYSCALL_DEFINE1(oldumount, char __user *, name)
#
-probe nd_syscall.umount = kprobe.function("sys_umount") ?
+probe nd_syscall.umount = __nd_syscall.umount, __nd_syscall.oldumount ?
{
name = "umount"
+}
+probe __nd_syscall.umount = kprobe.function("sys_umount")
+{
+ @__syscall_compat_gate(%{ __NR_umount2 %}, %{ __NR_compat_umount2 %})
// target = user_string($name)
// flags = $flags
// flags_str = _umountflags_str($flags)
flags_str = _umountflags_str(flags)
argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), flags_str)
}
-probe nd_syscall.umount.return = kprobe.function("sys_umount").return ?
+probe __nd_syscall.oldumount = kprobe.function("sys_oldumount") ?
+{
+ // target = user_string_quoted($name)
+ // flags = 0
+ // flags_str = "0"
+ // argstr = sprintf("%s, 0", user_string_quoted($name))
+ asmlinkage()
+ target = user_string_quoted(pointer_arg(1))
+ flags = 0
+ flags_str = "0"
+ argstr = sprintf("%s, 0", user_string_quoted(pointer_arg(1)))
+}
+probe nd_syscall.umount.return = __nd_syscall.umount.return,
+ kprobe.function("sys_oldumount").return ?
{
name = "umount"
retstr = returnstr(1)
}
+probe __nd_syscall.umount.return = kprobe.function("sys_umount").return
+{
+ @__syscall_compat_gate(%{ __NR_umount2 %}, %{ __NR_compat_umount2 %})
+}
# uname ______________________________________________________
#
# umount _____________________________________________________
# long sys_umount(char __user * name, int flags)
+# SYSCALL_DEFINE1(oldumount, char __user *, name)
#
-probe syscall.umount = kernel.function("sys_umount").call
+probe syscall.umount = __syscall.umount, __syscall.oldumount ?
{
name = "umount"
+}
+probe __syscall.umount = kernel.function("sys_umount").call
+{
+ @__syscall_compat_gate(%{ __NR_umount2 %}, %{ __NR_compat_umount2 %})
target = user_string_quoted($name)
flags = $flags
flags_str = _umountflags_str($flags)
argstr = sprintf("%s, %s", user_string_quoted($name), flags_str)
}
-probe syscall.umount.return = kernel.function("sys_umount").return
+probe __syscall.oldumount = kernel.function("sys_oldumount").call ?
+{
+ target = user_string_quoted($name)
+ flags = 0
+ flags_str = "0"
+ argstr = sprintf("%s, 0", user_string_quoted($name))
+}
+probe syscall.umount.return = __syscall.umount.return,
+ kernel.function("sys_oldumount").return ?
{
name = "umount"
retstr = return_str(1, $return)
}
+probe __syscall.umount.return = kernel.function("sys_umount").return
+{
+ @__syscall_compat_gate(%{ __NR_umount2 %}, %{ __NR_compat_umount2 %})
+}
+
# uname ______________________________________________________
#
# int sys_uname(struct old_utsname __user *name)