From 3744e36621b39f330a63ba71800bcf47f33485a7 Mon Sep 17 00:00:00 2001 From: Martin Cermak Date: Thu, 22 Dec 2016 17:55:03 +0100 Subject: [PATCH] PR20333/finit_module --- tapset/linux/nd_syscalls.stp | 22 ------------- tapset/linux/sysc_finit_module.stp | 53 ++++++++++++++++++++++++++++++ tapset/linux/syscalls.stp | 21 ------------ 3 files changed, 53 insertions(+), 43 deletions(-) create mode 100644 tapset/linux/sysc_finit_module.stp diff --git a/tapset/linux/nd_syscalls.stp b/tapset/linux/nd_syscalls.stp index 37f19e5f9..d10b3a0b1 100644 --- a/tapset/linux/nd_syscalls.stp +++ b/tapset/linux/nd_syscalls.stp @@ -1,26 +1,4 @@ -# finit_module ________________________________________________ -# SYSCALL_DEFINE3(finit_module, int, fd, const char __user *, uargs, -# int, flags) -# -probe nd_syscall.finit_module = kprobe.function("sys_finit_module").call ? -{ - name = "finit_module" - asmlinkage() - fd = int_arg(1) - uargs = user_string_quoted(pointer_arg(2)) - flags = int_arg(3) - flags_str = _finit_module_flags_str(flags) - argstr = sprintf("%d, %s, %s", fd, uargs, - _finit_module_flags_str(flags)) -} -probe nd_syscall.finit_module.return = - kprobe.function("sys_finit_module").return ? -{ - name = "finit_module" - retstr = returnstr(1) -} - # flistxattr _________________________________________________ # ssize_t sys_flistxattr(int fd, char __user *list, size_t size) diff --git a/tapset/linux/sysc_finit_module.stp b/tapset/linux/sysc_finit_module.stp new file mode 100644 index 000000000..a323c115a --- /dev/null +++ b/tapset/linux/sysc_finit_module.stp @@ -0,0 +1,53 @@ +# finit_module ________________________________________________ +# SYSCALL_DEFINE3(finit_module, int, fd, const char __user *, uargs, +# int, flags) +# + +@define _SYSCALL_FINIT_MODULE_NAME +%( + name = "finit_module" +%) + +@define _SYSCALL_FINIT_MODULE_ARGSTR +%( + argstr = sprintf("%d, %s, %s", fd, uargs, flags_str) +%) + +probe syscall.finit_module = dw_syscall.finit_module !, nd_syscall.finit_module {} +probe syscall.finit_module.return = dw_syscall.finit_module.return !, nd_syscall.finit_module.return {} + +# dw_finit_module _____________________________________________________ + +probe dw_syscall.finit_module = kernel.function("sys_finit_module").call ? +{ + @_SYSCALL_FINIT_MODULE_NAME + fd = __int32($fd) + uargs = user_string_quoted($uargs) + flags = __int32($flags) + flags_str = _finit_module_flags_str(__int32($flags)) + @_SYSCALL_FINIT_MODULE_ARGSTR +} +probe dw_syscall.finit_module.return = kernel.function("sys_finit_module").return ? +{ + @_SYSCALL_FINIT_MODULE_NAME + retstr = return_str(1, $return) +} + +# nd_finit_module _____________________________________________________ + +probe nd_syscall.finit_module = kprobe.function("sys_finit_module").call ? +{ + @_SYSCALL_FINIT_MODULE_NAME + asmlinkage() + fd = int_arg(1) + uargs = user_string_quoted(pointer_arg(2)) + flags = int_arg(3) + flags_str = _finit_module_flags_str(flags) + @_SYSCALL_FINIT_MODULE_ARGSTR +} +probe nd_syscall.finit_module.return = + kprobe.function("sys_finit_module").return ? +{ + @_SYSCALL_FINIT_MODULE_NAME + retstr = returnstr(1) +} diff --git a/tapset/linux/syscalls.stp b/tapset/linux/syscalls.stp index 40fc48375..a3549235b 100644 --- a/tapset/linux/syscalls.stp +++ b/tapset/linux/syscalls.stp @@ -1,25 +1,4 @@ -# finit_module ________________________________________________ -# SYSCALL_DEFINE3(finit_module, int, fd, const char __user *, uargs, -# int, flags) -# -probe syscall.finit_module = kernel.function("sys_finit_module").call ? -{ - name = "finit_module" - fd = __int32($fd) - uargs = user_string_quoted($uargs) - flags = __int32($flags) - flags_str = _finit_module_flags_str(__int32($flags)) - argstr = sprintf("%d, %s, %s", __int32($fd), - user_string_quoted($uargs), - _finit_module_flags_str(__int32($flags))) -} -probe syscall.finit_module.return = kernel.function("sys_finit_module").return ? -{ - name = "finit_module" - retstr = return_str(1, $return) -} - # flistxattr _________________________________________________ # ssize_t sys_flistxattr(int fd, char __user *list, size_t size) probe syscall.flistxattr = kernel.function("sys_flistxattr").call -- 2.43.5