From 4075cd8e82821000151fb80b456f68b21ad1e39a Mon Sep 17 00:00:00 2001 From: Martin Cermak Date: Thu, 22 Dec 2016 14:21:27 +0100 Subject: [PATCH] PR20333/capget --- tapset/linux/nd_syscalls.stp | 27 ----------------- tapset/linux/sysc_capget.stp | 57 ++++++++++++++++++++++++++++++++++++ tapset/linux/syscalls.stp | 26 ---------------- 3 files changed, 57 insertions(+), 53 deletions(-) create mode 100644 tapset/linux/sysc_capget.stp diff --git a/tapset/linux/nd_syscalls.stp b/tapset/linux/nd_syscalls.stp index e07a547c4..383f43e20 100644 --- a/tapset/linux/nd_syscalls.stp +++ b/tapset/linux/nd_syscalls.stp @@ -1,30 +1,3 @@ - -# capget _____________________________________________________ -/* - * NOTE - * this is probably not a good function - * to probe. The structures are always - * changing. It also seems like it is - * not really used. Cscope produced no - * reference of this function in the - * kernel (returned no callers). Perhaps - * cap_get_proc / cap_set_proc are better - * functions to export. - */ -# long sys_capget(cap_user_header_t header, cap_user_data_t dataptr) -probe nd_syscall.capget = kprobe.function("sys_capget") ? -{ - name = "capget" - asmlinkage() - header_uaddr = pointer_arg(1) - data_uaddr = pointer_arg(2) - argstr = sprintf("%p, %p", header_uaddr, data_uaddr) -} -probe nd_syscall.capget.return = kprobe.function("sys_capget").return ? -{ - name = "capget" - retstr = returnstr(1) -} # capset _____________________________________________________ /* * NOTE diff --git a/tapset/linux/sysc_capget.stp b/tapset/linux/sysc_capget.stp new file mode 100644 index 000000000..c009586b2 --- /dev/null +++ b/tapset/linux/sysc_capget.stp @@ -0,0 +1,57 @@ +# capget _____________________________________________________ +/* + * NOTE + * this is probably not a good function + * to probe. The structures are always + * changing. It also seems like it is + * not really used. Cscope produced no + * reference of this function in the + * kernel (returned no callers). Perhaps + * cap_get_proc / cap_set_proc are better + * functions to export. + */ +# long sys_capget(cap_user_header_t header, cap_user_data_t dataptr) + +@define _SYSCALL_CAPGET_NAME +%( + name = "capget" +%) + +@define _SYSCALL_CAPGET_ARGSTR +%( + argstr = sprintf("%p, %p", header_uaddr, data_uaddr) +%) + +probe syscall.capget = dw_syscall.capget !, nd_syscall.capget {} +probe syscall.capget.return = dw_syscall.capget.return !, nd_syscall.capget.return {} + +# dw_capget _____________________________________________________ + +probe dw_syscall.capget = kernel.function("sys_capget").call +{ + @_SYSCALL_CAPGET_NAME + header_uaddr = $header + data_uaddr = $dataptr + @_SYSCALL_CAPGET_ARGSTR +} +probe dw_syscall.capget.return = kernel.function("sys_capget").return +{ + @_SYSCALL_CAPGET_NAME + retstr = return_str(1, $return) +} + +# nd_capget _____________________________________________________ + +probe nd_syscall.capget = kprobe.function("sys_capget") ? +{ + @_SYSCALL_CAPGET_NAME + asmlinkage() + header_uaddr = pointer_arg(1) + data_uaddr = pointer_arg(2) + @_SYSCALL_CAPGET_ARGSTR +} +probe nd_syscall.capget.return = kprobe.function("sys_capget").return ? +{ + @_SYSCALL_CAPGET_NAME + retstr = returnstr(1) +} diff --git a/tapset/linux/syscalls.stp b/tapset/linux/syscalls.stp index fcbb82c12..5f2fc278f 100644 --- a/tapset/linux/syscalls.stp +++ b/tapset/linux/syscalls.stp @@ -1,29 +1,3 @@ - -# capget _____________________________________________________ -/* - * NOTE - * this is probably not a good function - * to probe. The structures are always - * changing. It also seems like it is - * not really used. Cscope produced no - * reference of this function in the - * kernel (returned no callers). Perhaps - * cap_get_proc / cap_set_proc are better - * functions to export. - */ -# long sys_capget(cap_user_header_t header, cap_user_data_t dataptr) -probe syscall.capget = kernel.function("sys_capget").call -{ - name = "capget" - header_uaddr = $header - data_uaddr = $dataptr - argstr = sprintf("%p, %p", $header, $dataptr) -} -probe syscall.capget.return = kernel.function("sys_capget").return -{ - name = "capget" - retstr = return_str(1, $return) -} # capset _____________________________________________________ /* * NOTE -- 2.43.5