Linux 3.19 added the execveat syscall, adding tapset support

tapset/linux/nd_syscalls.stp - no debuginfo tapset
tapset/linux/syscalls.stp - regular tapset
testsuite/buildok/nd_syscalls-detailed.stp - update no debuginfo testcase
testsuite/buildok/syscalls-detailed.stp - update testcase
testsuite/systemtap.syscall/execveat.c - new syscall testcase

diff --git a/tapset/linux/nd_syscalls.stp b/tapset/linux/nd_syscalls.stp
index 3072421509db3cb6ccb0f83e913f2686d2e7bc75..6c1d452d1afa407c2f24cc10ddaf47bf0b6c1239 100644 (file)
--- a/tapset/linux/nd_syscalls.stp
+++ b/tapset/linux/nd_syscalls.stp
@@ -1164,6 +1164,30 @@ probe nd_syscall.execve.return = kprobe.function("do_execve").return
 }
 %)
 
+# execveat ______________________________________________
+# SYSCALL_DEFINE5(execveat,
+#              int, fd, const char __user *, filename,
+#              const char __user *const __user *, argv,
+#              const char __user *const __user *, envp,
+#              int, flags)
+#
+probe nd_syscall.execveat = kprobe.function("do_execveat").call ?
+{
+        name = "execveat"
+        fd = __int32(1)
+        fd_str = _dfd_str(fd)
+        filename = user_string_quoted(pointer_arg(2))
+        args = __get_argv(pointer_arg(3), 0)
+        flags = int_arg(5)
+        flags_str = _at_flag_str(flags)
+        argstr = sprintf("%s %s %s %s", fd_str, filename, args, flags_str)
+}
+probe nd_syscall.execveat.return = kprobe.function("do_execveat").return ?
+{
+        name = "execveat"
+        retstr = returnstr(1)
+}
+
 %( kernel_v >= "3.7" %?
 # In kernels >= 3.7, compat_sys_execve() has been moved to generic
 # code, so we can use it with confidence.
@@ -1210,6 +1234,24 @@ probe nd_syscall.compat_execve.return =
 }
 %)
 
+probe nd_syscall.compat_execveat = kprobe.function("compat_do_execveat").call ?
+{
+        name = "compat_execveat"
+        fd = __int32(1)
+        fd_str = _dfd_str(fd) 
+        filename = user_string_quoted(pointer_arg(2))
+        args = __get_argv(pointer_arg(3), 0)
+        flags = int32_arg(5)
+        flags_str = _at_flag_str(flags)
+        argstr = sprintf("%s %s %s %s", fd_str, filename, args, flags_str)
+
+}
+probe nd_syscall.compat_execveat.return = kprobe.function("compat_do_execveat").return ?
+{
+        name = "compat_execveat"
+        retstr = returnstr(1)
+}
+
 # exit _______________________________________________________
 # long sys_exit(int error_code)
 probe nd_syscall.exit = kprobe.function("sys_exit").call

diff --git a/tapset/linux/syscalls.stp b/tapset/linux/syscalls.stp
index c06c96f40d84d917f39fde5062bef8b90c3f96db..ca3168222e5a2f634f3f827ca98b91df609ac790 100644 (file)
--- a/tapset/linux/syscalls.stp
+++ b/tapset/linux/syscalls.stp
@@ -1069,6 +1069,32 @@ probe syscall.execve.return = kernel.function("do_execve").return
 }
 %)
 
+# execveat ______________________________________________
+# SYSCALL_DEFINE5(execveat,
+#              int, fd, const char __user *, filename,
+#              const char __user *const __user *, argv,
+#              const char __user *const __user *, envp,
+#              int, flags)
+#
+probe syscall.execveat = kernel.function("sys_execveat").call ?
+{
+        name = "execveat"
+        fd = __int32($fd)
+        fd_str = _dfd_str(__int32($fd))
+        filename = user_string_quoted(@__pointer($filename))
+        flags = int_arg($flags)
+        flags_str = _at_flag_str(__int32($flags))
+        __argv = @choose_defined($__argv, $argv)
+        args = __get_argv(__argv, 0)
+        argstr = sprintf("%s %s %s %s", fd_str, filename, __get_argv(__argv, 1), flags_str)
+}
+
+probe syscall.execveat.return = kernel.function("sys_execveat").return ?
+{
+        name = "execveat"
+        retstr = return_str(1, $return)
+}
+
 %( kernel_v >= "3.7" %?
 # In kernels >= 3.7, compat_sys_execve() has been moved to generic
 # code, so we can use it with confidence.
@@ -1116,6 +1142,24 @@ probe syscall.compat_execve.return =
        retstr = return_str(1, $return)
 }
 %)
+probe syscall.compat_execveat = kernel.function("compat_sys_execveat").call ?
+{
+        name = "compat_execveat"
+        fd = __int32($fd)
+        fd_str = _dfd_str(__int32($fd))
+        filename = user_string_quoted(@__pointer($filename))
+        flags = int_arg($flags)
+        flags_str = _at_flag_str(__int32($flags))
+        __argv = @choose_defined($__argv, $argv)
+        args = __get_argv(__argv, 0)
+        argstr = sprintf("%s %s %s %s", fd_str, filename, __get_argv(__argv, 1), flags_str)
+}
+
+probe syscall.compat_execveat.return = kernel.function("compat_sys_execveat").return ?
+{
+        name = "compat_execveat"
+        retstr = return_str(1, $return)
+}
 
 # exit _______________________________________________________
 # long sys_exit(int error_code)

diff --git a/testsuite/buildok/nd_syscalls-detailed.stp b/testsuite/buildok/nd_syscalls-detailed.stp
index cd39032ff71d4df2643ff93e76707951066bea59..e759d1d5fec973e83c31bff25d7d230e80f95454 100755 (executable)
--- a/testsuite/buildok/nd_syscalls-detailed.stp
+++ b/testsuite/buildok/nd_syscalls-detailed.stp
@@ -342,6 +342,17 @@ probe nd_syscall.execve.return, nd_syscall.compat_execve.return ?
        printf("%s, %s\n", name, retstr)
 }
 
+probe nd_syscall.execveat, nd_syscall.compat_execveat ?
+{
+        printf("%s, %s\n", name, argstr)
+        printf("%d, %s, %s, %d(%s), %s\n", fd, fd_str, filename, flags, flags_str, args)
+}
+
+probe nd_syscall.execveat.return, nd_syscall.compat_execveat.return ?
+{
+        printf("%s, %s\n", name, retstr)
+}
+
 probe nd_syscall.exit
 {
        printf("%s, %s\n", name, argstr)

diff --git a/testsuite/buildok/syscalls-detailed.stp b/testsuite/buildok/syscalls-detailed.stp
index 85635e417d1b35a46fe613f06f8b318f15b8fc78..f3f3ddcee1500e16ca4bf382d92e8e8e502b89de 100755 (executable)
--- a/testsuite/buildok/syscalls-detailed.stp
+++ b/testsuite/buildok/syscalls-detailed.stp
@@ -342,6 +342,16 @@ probe syscall.execve.return, syscall.compat_execve.return ?
        printf("%s, %s\n", name, retstr)
 }
 
+probe syscall.execveat, syscall.compat_execveat ?
+{
+        printf("%s, %s\n", name, argstr)
+        printf("%d, %s, %s, %d(%s), %s\n", fd, fd_str, filename, flags, flags_str, args)
+}
+
+probe syscall.execveat.return, syscall.compat_execveat.return ?
+{
+        printf("%s, %s\n", name, retstr)
+}
 probe syscall.exit
 {
        printf("%s, %s\n", name, argstr)

diff --git a/testsuite/systemtap.syscall/execveat.c b/testsuite/systemtap.syscall/execveat.c
new file mode 100644 (file)
index 0000000..fa8c630
--- /dev/null
+++ b/testsuite/systemtap.syscall/execveat.c
@@ -0,0 +1,29 @@
+#include <sys/syscall.h>
+#include <fcntl.h>
+#include <unistd.h>
+#if !defined(SYS_execveat) && defined(__NR_execveat)
+#define SYS_execveat __NR_execveat
+#endif
+
+int main() {
+#ifdef SYS_execveat
+  syscall(SYS_execveat, -1, "/bin/true", -1L, NULL, NULL);
+  //staptest// execveat (-1 "/bin/true"  0x0) = -NNNN (EFAULT)
+  syscall(SYS_execveat, -1, "/bin/true", NULL, -1L, NULL);
+  //staptest// execveat (-1 "/bin/true"  0x0) = -NNNN (EFAULT)
+  syscall(SYS_execveat, -1, "/bin/true", NULL, NULL, -1);
+  //staptest// execveat (-1 "/bin/true"  AT_SYMLINK_NOFOLLOW|AT_REMOVEDIR|AT_SYMLINK_FOLLOW|AT_NO_AUTOMOUNT|AT_EMPTY_PATH|XXXX) = -NNNN
+  syscall(SYS_execveat, AT_FDCWD, "", NULL, NULL, NULL);
+  //staptest// execveat (AT_FDCWD ""  0x0) = -NNNN (ENOENT)
+  syscall(SYS_execveat, -1, -1L, NULL, NULL, NULL);
+#if __WORDSIZE == 64
+  //staptest// execveat (-1 [16]?[f]+  0x0) = -NNNN (EFAULT)
+#else
+  //staptest// execveat (-1 [8]?[f]+  0x0) = -NNNN (EFAULT)
+#endif
+  syscall(SYS_execveat, -1, "/bin/true", NULL, NULL, NULL);
+  //staptest// execveat (-1 "/bin/true"  0x0) = NNNN
+#endif
+  return 0;
+}
+