From 6ed93e502ec2845f4e1f76cd33e917d613c66863 Mon Sep 17 00:00:00 2001 From: kevinrs Date: Thu, 10 Nov 2005 21:23:27 +0000 Subject: [PATCH] * system_calls.stp Polished entry point aliases, no more pointer-deref faults (instead the user-space address is given for pointer arguments). Return probe aliases still dont do much. Tested on vanilla 2.6.13 and 2.6.14. * aux_syscalls.stp Any helpers for the syscall tapset are now in this file. More to come. --- tapset/aux_syscalls.stp | 880 +++- tapset/system_calls.stp | 10139 +++++++++++++++----------------------- 2 files changed, 4821 insertions(+), 6198 deletions(-) diff --git a/tapset/aux_syscalls.stp b/tapset/aux_syscalls.stp index 71e479f0a..cdce603f3 100644 --- a/tapset/aux_syscalls.stp +++ b/tapset/aux_syscalls.stp @@ -7,13 +7,13 @@ */ function __uget_num:long(u_addr:long) %{ - long long val = 0; - if(get_user(val, - (unsigned long *)(unsigned long)THIS->u_addr)) - { - THIS->__retvalue = -EFAULT; - } else - THIS->__retvalue = val; + long long val = 0; + if(get_user(val, + (unsigned long *)(unsigned long)THIS->u_addr)) + { + THIS->__retvalue = -EFAULT; + } else + THIS->__retvalue = val; %} /* @@ -25,16 +25,47 @@ function __uget_num:long(u_addr:long) */ function __uget_tv_m:long(u_addr:long,member:long) %{ - struct timeval tv; - char *ptr = (char *)(unsigned long)THIS->u_addr; - size_t sz = sizeof(struct timeval); - - if(copy_from_user(&tv,ptr,sz)) - THIS->__retvalue = -EFAULT; - else if(THIS->member == 0) - THIS->__retvalue = tv.tv_sec; - else - THIS->__retvalue = tv.tv_usec; + struct timeval tv; + char *ptr = (char *)(unsigned long)THIS->u_addr; + size_t sz = sizeof(struct timeval); + + if(copy_from_user(&tv,ptr,sz)) + THIS->__retvalue = -EFAULT; + else if(THIS->member == 0) + THIS->__retvalue = tv.tv_sec; + else + THIS->__retvalue = tv.tv_usec; +%} + +/* + * Return a time_t / subseconds_t member value of + * one of the struct timevals in the struct itimerval + * user space pointer parameter + * CALLERS: + * kernel.syscall.getitimer + * kernel.syscall.setitimer + */ +function __uget_itimerval_tv_m:long(u_addr:long,member:long) +%{ + struct itimerval itv; + char *ptr = (char *)(unsigned long)THIS->u_addr; + size_t sz = sizeof(struct itimerval); + + if(copy_from_user(&itv,ptr,sz)) { + THIS->__retvalue = -EFAULT; + return; + } + switch(THIS->member) { + case 0: THIS->__retvalue = itv.it_interval.tv_sec; + break; + case 1: THIS->__retvalue = itv.it_interval.tv_usec; + break; + case 2: THIS->__retvalue = itv.it_value.tv_sec; + break; + case 3: THIS->__retvalue = itv.it_value.tv_usec; + break; + default: THIS->__retvalue = -1; + } %} /* @@ -46,16 +77,16 @@ function __uget_tv_m:long(u_addr:long,member:long) */ function __uget_tz_m:long(u_addr:long,member:long) %{ - struct timezone tz; - char *ptr = (char *)(unsigned long)THIS->u_addr; - size_t sz = sizeof(struct timezone); - - if(copy_from_user(&tz,ptr,sz)) - THIS->__retvalue = -EFAULT; - else if(THIS->member == 0) - THIS->__retvalue = tz.tz_minuteswest; - else - THIS->__retvalue = tz.tz_dsttime; + struct timezone tz; + char *ptr = (char *)(unsigned long)THIS->u_addr; + size_t sz = sizeof(struct timezone); + + if(copy_from_user(&tz,ptr,sz)) + THIS->__retvalue = -EFAULT; + else if(THIS->member == 0) + THIS->__retvalue = tz.tz_minuteswest; + else + THIS->__retvalue = tz.tz_dsttime; %} /* @@ -66,42 +97,122 @@ function __uget_tz_m:long(u_addr:long,member:long) */ function __uget_timex_m:long(u_addr:long,member:long) %{ - struct timex tx; - char *ptr = (char *)(unsigned long)THIS->u_addr; - size_t sz = sizeof(struct timex); - - if(copy_from_user(&tx,ptr,sz)) - THIS->__retvalue = -EFAULT; - switch(THIS->member) { - case 0: THIS->__retvalue = tx.modes; - break; - case 1: THIS->__retvalue = tx.offset; - break; - case 2: THIS->__retvalue = tx.freq; - break; - case 3: THIS->__retvalue = tx.maxerror; - break; - case 4: THIS->__retvalue = tx.esterror; - break; - case 5: THIS->__retvalue = tx.status; - break; - case 6: THIS->__retvalue = tx.constant; - break; - case 7: THIS->__retvalue = tx.precision; - break; - case 8: THIS->__retvalue = tx.tolerance; - break; - case 9: THIS->__retvalue = tx.time.tv_sec; - break; - case 10: THIS->__retvalue = tx.time.tv_usec; - break; - case 11: THIS->__retvalue = tx.tick; - break; - default: THIS->__retvalue = -1; - } + struct timex tx; + char *ptr = (char *)(unsigned long)THIS->u_addr; + size_t sz = sizeof(struct timex); + + if(copy_from_user(&tx,ptr,sz)) { + THIS->__retvalue = -EFAULT; + return; + } + switch(THIS->member) { + case 0: THIS->__retvalue = tx.modes; + break; + case 1: THIS->__retvalue = tx.offset; + break; + case 2: THIS->__retvalue = tx.freq; + break; + case 3: THIS->__retvalue = tx.maxerror; + break; + case 4: THIS->__retvalue = tx.esterror; + break; + case 5: THIS->__retvalue = tx.status; + break; + case 6: THIS->__retvalue = tx.constant; + break; + case 7: THIS->__retvalue = tx.precision; + break; + case 8: THIS->__retvalue = tx.tolerance; + break; + case 9: THIS->__retvalue = tx.time.tv_sec; + break; + case 10: THIS->__retvalue = tx.time.tv_usec; + break; + case 11: THIS->__retvalue = tx.tick; + break; + default: THIS->__retvalue = -1; + } +%} + +/* + * Return the clock_t member value of the + * struct tms user space pointer parameter + * CALLERS: + * kernel.syscall.times + */ +%{ #include %} +function __uget_tms_m:long(u_addr:long,member:long) +%{ + struct tms tms; + char *ptr = (char *)(unsigned long)THIS->u_addr; + size_t sz = sizeof(struct tms); + + if(copy_from_user(&tms,ptr,sz)) + THIS->__retvalue = -EFAULT; + switch(THIS->member) { + case 0: THIS->__retvalue = tms.tms_utime; + break; + case 1: THIS->__retvalue = tms.tms_stime; + break; + case 2: THIS->__retvalue = tms.tms_cutime; + break; + case 3: THIS->__retvalue = tms.tms_cstime; + break; + default: THIS->__retvalue = -1; + } +%} + +/* + * Return a time_t / long member value of the + * struct timespec user space pointer parameter + * CALLERS: + * kernel.syscall.nanosleep + */ +function __uget_ts_m:long(u_addr:long,member:long) +%{ + struct timespec ts; + char *ptr = (char *)(unsigned long)THIS->u_addr; + size_t sz = sizeof(struct timespec); + + if(copy_from_user(&ts,ptr,sz)) + THIS->__retvalue = -EFAULT; + else if(THIS->member == 0) + THIS->__retvalue = ts.tv_sec; + else + THIS->__retvalue = ts.tv_nsec; %} -/* +/* + * Return a time_t / long member value of the + * struct timespecs in struct itimerspec user + * space pointer parameter + * CALLERS: + * kernel.syscall.timer_gettime + */ +function __uget_itimerspec_ts_m:long(u_addr:long,member:long) +%{ + struct itimerspec its; + char *ptr = (char *)(unsigned long)THIS->u_addr; + size_t sz = sizeof(struct itimerspec); + + if(copy_from_user(&its,ptr,sz)) { + THIS->__retvalue = -EFAULT; + return; + } + switch(THIS->member) { + case 0: THIS->__retvalue = its.it_interval.tv_sec; + break; + case 1: THIS->__retvalue = its.it_interval.tv_nsec; + break; + case 2: THIS->__retvalue = its.it_value.tv_sec; + break; + case 3: THIS->__retvalue = its.it_value.tv_nsec; + break; + default: THIS->__retvalue = -1; + } +%} + +/* * Return the symbolic string representation * of the struct timex.mode member of adjtimex * consult `man adjtimex` for more information @@ -121,49 +232,616 @@ function _adjtx_mode_str(f) { } /* - * Return the clock_t member value of the - * struct tms user space pointer parameter + * Return the symbolic string representation + * of the how argument given in *sigprocmask + * consult `man sigprocmask` for more info * CALLERS: - * kernel.syscall.times + * kernel.syscall.sigprocmask + * kernel.syscall.rt_sigprocmask */ -%{ #include %} -function __uget_tms_m:long(u_addr:long,member:long) -%{ - struct tms tms; - char *ptr = (char *)(unsigned long)THIS->u_addr; - size_t sz = sizeof(struct tms); - - if(copy_from_user(&tms,ptr,sz)) - THIS->__retvalue = -EFAULT; - switch(THIS->member) { - case 0: THIS->__retvalue = tms.tms_utime; - break; - case 1: THIS->__retvalue = tms.tms_stime; - break; - case 2: THIS->__retvalue = tms.tms_cutime; - break; - case 3: THIS->__retvalue = tms.tms_cstime; - break; - default: THIS->__retvalue = -1; - } -%} +function _sigprocmask_how_str(how) { + if(how==0) return "SIG_BLOCK" + if(how==1) return "SIG_UNBLOCK" + if(how==2) return "SIG_SETMASK" + return "" +} /* - * Return a time_t / long member value of the - * struct timespec user space pointer parameter + * Return the symbolic string representation + * of the which argument given to setitimer + * consult `man setitimer` for more info * CALLERS: - * kernel.syscall.nanosleep + * kernel.syscall.getitimer + * kernel.syscall.setitimer */ -function __uget_ts_m:long(u_addr:long,member:long) -%{ - struct timespec ts; - char *ptr = (char *)(unsigned long)THIS->u_addr; - size_t sz = sizeof(struct timespec); - - if(copy_from_user(&ts,ptr,sz)) - THIS->__retvalue = -EFAULT; - else if(THIS->member == 0) - THIS->__retvalue = ts.tv_sec; - else - THIS->__retvalue = ts.tv_nsec; -%} +function _itimer_which_str(which) { + if(which==0) return "ITIMER_REAL" + if(which==1) return "ITIMER_VIRTUAL" + if(which==2) return "ITIMER_PROF" + return "" +} + +/* + * Return the symbolic string representation + * of the clockid argument given to create_timer + * consult `man create_timer` for more info + * CALLERS: + * kernel.syscall.timer_create + * kernel.syscall.clock_settime + * kernel.syscall.clock_gettime + * kernel.syscall.clock_getres + * kernel.syscall.clock_nanosleep + */ +function _get_wc_str(wc) { + if(wc==0) return "CLOCK_REALTIME" + if(wc==1) return "CLOCK_MONOTONIC" + if(wc==2) return "CLOCK_PROCESS_CPUTIME_ID" + if(wc==3) return "CLOCK_THREAD_CPUTIME_ID" + if(wc==4) return "CLOCK_REALTIME_HR" + if(wc==5) return "CLOCK_MONOTONIC_HR" + return "" +} + +function _flock_cmd_str(c) { + if(c & 1) bs="LOCK_SH|".bs + if(c & 2) bs="LOCK_EX|".bs + if(c & 8) bs="LOCK_UN|".bs + if(c & 4) bs="LOCK_NB|".bs + return substr(bs,0,strlen(bs)-1) +} + +/* `man 2 open` for more information */ +function _sys_open_flag_str(f) { + if(f & 8192) bs="O_ASYNC|".bs + if(f & 4096) bs="O_SYNC|".bs + if(f & 2048) bs="O_NONBLOCK|".bs + if(f & 1024) bs="O_APPEND|".bs + if(f & 512) bs="O_TRUNC|".bs + if(f & 256) bs="O_NDCTTY|".bs + if(f & 128) bs="O_EXCL|".bs + if(f & 64) bs="O_CREAT|".bs + if((f & 3) == 2) bs="O_RDWR|".bs + else if((f & 3) == 1) bs="O_WRONLY|".bs + else if((f & 3) == 0) bs="O_RDONLY|".bs + return substr(bs,0,strlen(bs)-1) +} + +/* `man 2 open` for more information */ +function _access_mode_str(m) { + if(m & 4) bs="R_OK|".bs + if(m & 2) bs="W_OK|".bs + if(m & 1) bs="X_OK|".bs + if((m & 3) == 0) bs="F_OK|".bs + return substr(bs,0,strlen(bs)-1) +} + +/* `man 2 open` for more information */ +function _sys_open_mode_str(f) { + if((f & 448) == 448) bs="S_IRWXU|".bs + else { + if(f & 256) bs="S_IRUSR|".bs + if(f & 128) bs="S_IWUSR|".bs + if(f & 64) bs="S_IXUSR|".bs + } + if((f & 56) == 56) bs="S_IRWXG|".bs + else { + if(f & 32) bs="S_IRGRP|".bs + if(f & 16) bs="S_IWGRP|".bs + if(f & 8) bs="S_IXGRP|".bs + } + if((f & 7) == 7) bs="S_IRWXO|".bs + else { + if(f & 4) bs="S_IROTH|".bs + if(f & 2) bs="S_IWOTH|".bs + if(f & 1) bs="S_IXOTH|".bs + } + return substr(bs,0,strlen(bs)-1) +} + +/* `man 2 mknod` for more information */ +function _mknod_mode_str(mode) { + if((mode & 0x8000)==0x8000) + return "S_IFREG|"._sys_open_mode_str(mode) + if((mode & 0x2000)==0x2000) + return "S_IFCHR|"._sys_open_mode_str(mode) + if((mode & 0x6000)==0x6000) + return "S_IFBLK|"._sys_open_mode_str(mode) + if((mode & 0x1000)==0x1000) + return "S_IFIFO|"._sys_open_mode_str(mode) + if((mode & 0xC000)==0xC000) + return "S_IFSOCK|"._sys_open_mode_str(mode) + return "" +} + +/* `man msync` for more information */ +function _wait4_opt_str(f) { + if(f & 4) bs="MS_SYNC|".bs + if(f & 2) bs="MS_INVALIDATE|".bs + if(f & 1) bs="MS_ASYNC|".bs + return substr(bs,0,strlen(bs)-1) +} + +/* `man wait4` for more information */ +function _msync_flag_str(f) { + if(f & 0x01000000) bs="WNOWAIT|".bs + if(f & 8) bs="WCONTINUED|".bs + if(f & 4) bs="WEXITED|".bs + if(f & 2) bs="WSTOPPED|".bs + if(f & 1) bs="WNOHANG|".bs + return substr(bs,0,strlen(bs)-1) +} + +/* `man sendmsg` for more information */ +function _send_flags_str(f) { + if(f & 0x0001) bs="MSG_OOB|".bs + if(f & 0x0080) bs="MSG_EOR|".bs + if(f & 0x0004) bs="MSG_DONTROUTE|".bs + if(f & 0x0040) bs="MSG_DONTWAIT|".bs + if(f & 0x4000) bs="MSG_NOSIGNAL|".bs + if(f & 0x0800) bs="MSG_CONFIRM|".bs + return substr(bs,0,strlen(bs)-1) +} + +/* `man recv` for more information */ +function _recvflags_str(f) { + if(f & 1) bs="MSG_OOB|".bs + if(f & 2) bs="MSG_PEEK|".bs + if(f & 32) bs="MSG_WAITALL|".bs + if(f & 256) bs="MSG_TRUNC|".bs + if(f & 8192) bs="MSG_ERRQUEUE|".bs + return substr(bs,0,strlen(bs)-1) +} + +/* `man mlockall` for more information */ +function _mlockall_flags_str(f) { + if(f & 2) bs="MCL_CURRENT|".bs + if(f & 1) bs="MCL_FUTURE|".bs + return substr(bs,0,strlen(bs)-1) +} + +/* + * The following functions return the symbolic string + * representation of the flag. If the argument doesnt + * map to string, an empty string ("") is returned. + */ + +function _module_flags_str(f) { + if(f==8192) return "O_ASYNC" + if(f==4096) return "O_SYNC" + if(f==2048) return "O_NONBLOCK" + if(f==1024) return "O_APPEND" + if(f==512) return "O_TRUNC" + if(f==256) return "O_NDCTTY" + if(f==128) return "O_EXCL" + if(f==64) return "O_CREAT" + if(f==2) return "O_RDWR" + if(f==1) return "O_WRONLY" + if(f==0) return "O_RDONLY" + return "" +} + +function _sched_policy_str(policy) { + if(policy==0) return "SCHED_OTHER" + if(policy==1) return "SCHED_FIFO" + if(policy==2) return "SCHED_RR" + return "" +} + +function _priority_which_str(which) { + if(which==0) return "PRIO_PROCESS" + if(which==1) return "PRIO_PGRP" + if(which==2) return "PRIO_USER" + return "" +} + +function _shutdown_how_str(how) { + if(how==0) return "SHUT_RD" + if(how==1) return "SHUT_WR" + if(how==2) return "SHUT_RDWR" + return "" +} + +function _reboot_magic_str(magic) { + if(magic==0xFEE1DEAD) return "LINUX_REBOOT_MAGIC1" + if(magic==672274793) return "LINUX_REBOOT_MAGIC2" + if(magic==85072278) return "LINUX_REBOOT_MAGIC2A" + if(magic==369367448) return "LINUX_REBOOT_MAGIC2B" + if(magic==537993216) return "LINUX_REBOOT_MAGIC2C" + return "" +} + +function _reboot_flag_str(flag) { + if(flag==0x01234567) return "LINUX_REBOOT_CMD_RESTART" + if(flag==0xCDEF0123) return "LINUX_REBOOT_CMD_HALT" + if(flag==0x4321FEDC) return "LINUX_REBOOT_CMD_POWER_OFF" + if(flag==0xA1B2C3D4) return "LINUX_REBOOT_CMD_RESTART2" + if(flag==0x89ABCDEF) return "LINUX_REBOOT_CMD_CAD_ON" + if(flag==0x00000000) return "LINUX_REBOOT_CMD_CAD_OFF" + return "" +} + +function _waitid_which_str(flag) { + if(flag==0) return "P_ALL" + if(flag==1) return "P_PID" + if(flag==2) return "P_PGID" + return "" +} + +function _futex_op_str(op) { + if(op==0) return "FUTEX_WAIT" + if(op==1) return "FUTEX_WAKE" + if(op==2) return "FUTEX_FD" + if(op==3) return "FUTEX_REQUEUE" + if(op==4) return "FUTEX_CMP_REQUEUE" + return "" +} + +function _mountflags_str(op) { + if(op==1) return "MS_RDONLY" + if(op==2) return "MS_NOSUID" + if(op==4) return "MS_NODEV" + if(op==8) return "MS_NOEXEC" + if(op==16) return "MS_SYNCHRONOUS" + if(op==32) return "MS_REMOUNT" + if(op==64) return "MS_MANDLOCK" + if(op==128) return "S_WRITE" + if(op==256) return "S_APPEND" + if(op==512) return "S_IMMUTABLE" + if(op==1024) return "MS_NOATIME" + if(op==2048) return "MS_NODIRATIME" + if(op==4096) return "MS_BIND" + return "" +} + +function _statfs_f_type_str(f) { + if(f==0xadf5) return "ADFS_SUPER_MAGIC" + if(f==0xADFF) return "AFFS_SUPER_MAGIC" + if(f==0x42465331) return "BEFS_SUPER_MAGIC" + if(f==0x1BADFACE) return "BFS_MAGIC" + if(f==0xFF534D42) return "CIFS_MAGIC_NUMBER" + if(f==0x73757245) return "CODA_SUPER_MAGIC" + if(f==0x012FF7B7) return "COH_SUPER_MAGIC" + if(f==0x28cd3d45) return "CRAMFS_MAGIC" + if(f==0x1373) return "DEVFS_SUPER_MAGIC" + if(f==0x00414A53) return "EFS_SUPER_MAGIC" + if(f==0x137D) return "EXT_SUPER_MAGIC" + if(f==0xEF51) return "EXT2_OLD_SUPER_MAGIC" + if(f==0xEF53) return "EXT2_SUPER_MAGIC" + if(f==0xEF53) return "EXT3_SUPER_MAGIC" + if(f==0x4244) return "HFS_SUPER_MAGIC" + if(f==0xF995E849) return "HPFS_SUPER_MAGIC" + if(f==0x958458f6) return "HUGETLBFS_MAGIC" + if(f==0x9660) return "ISOFS_SUPER_MAGIC" + if(f==0x72b6) return "JFFS2_SUPER_MAGIC" + if(f==0x3153464a) return "JFS_SUPER_MAGIC" + if(f==0x137F) return "MINIX_SUPER_MAGIC" + if(f==0x138F) return "MINIX_SUPER_MAGIC2" + if(f==0x2468) return "MINIX2_SUPER_MAGIC" + if(f==0x2478) return "MINIX2_SUPER_MAGIC2" + if(f==0x4d44) return "MSDOS_SUPER_MAGIC" + if(f==0x564c) return "NCP_SUPER_MAGIC" + if(f==0x6969) return "NFS_SUPER_MAGIC" + if(f==0x5346544e) return "NTFS_SB_MAGIC" + if(f==0x9fa1) return "OPENPROM_SUPER_MAGIC" + if(f==0x9fa0) return "PROC_SUPER_MAGIC" + if(f==0x002f) return "QNX4_SUPER_MAGIC" + if(f==0x52654973) return "REISERFS_SUPER_MAGIC" + if(f==0x7275) return "ROMFS_MAGIC" + if(f==0x517B) return "SMB_SUPER_MAGIC" + if(f==0x012FF7B6) return "SYSV2_SUPER_MAGIC" + if(f==0x012FF7B5) return "SYSV4_SUPER_MAGIC" + if(f==0x01021994) return "TMPFS_MAGIC" + if(f==0x15013346) return "UDF_SUPER_MAGIC" + if(f==0x00011954) return "UFS_MAGIC" + if(f==0x9fa2) return "USBDEVICE_SUPER_MAGIC" + if(f==0xa501FCF5) return "VXFS_SUPER_MAGIC" + if(f==0x012FF7B4) return "XENIX_SUPER_MAGIC" + if(f==0x58465342) return "XFS_SUPER_MAGIC" + if(f==0x012FD16D) return "_XIAFS_SUPER_MAGIC" + return "" +} + +function _mprotect_prot_str(prot) { + if(prot==0x00000000) return "PROT_NONE" + if(prot==0x00000001) return "PROT_READ" + if(prot==0x00000002) return "PROT_WRITE" + if(prot==0x00000004) return "PROT_EXEC" + return "" +} + +function _madvice_advice_str(behavior) { + if(behavior==0x00000000) return "MADV_NORMAL" + if(behavior==0x00000001) return "MADV_RANDOM" + if(behavior==0x00000002) return "MADV_SEQUENTIAL" + if(behavior==0x00000003) return "MADV_WILLNEED" + if(behavior==0x00000004) return "MADV_DONTNEED" + return "" +} + +function _fcntl_cmd_str(cmd) { + if(cmd==0x00000000) return "F_DUPFD" + if(cmd==0x00000001) return "F_GETFD" + if(cmd==0x00000002) return "F_SETFD" + if(cmd==0x00000003) return "F_GETFL" + if(cmd==0x00000004) return "F_SETFL" + if(cmd==0x00000005) return "F_GETLK" + if(cmd==0x00000006) return "F_SETLK" + if(cmd==0x00000007) return "F_SETLKW" + if(cmd==0x00000008) return "F_SETOWN" + if(cmd==0x00000009) return "F_GETOWN" + if(cmd==0x0000000A) return "F_SETSIG" + if(cmd==0x0000000B) return "F_GETLK64" + if(cmd==0x0000000C) return "F_SETLK64" + if(cmd==0x0000000D) return "F_SETLKW64" + return "" +} + +function _seek_whence_str(w) { + if(w==0x00000000) return "SEEK_SET" + if(w==0x00000001) return "SEEK_CUR" + if(w==0x00000002) return "SEEK_END" + return "" +} + +function _quotactl_cmd_str(cmd) { + if(cmd==0x800002) return "Q_QUOTAON" + if(cmd==0x800003) return "Q_QUOTAOFF" + if(cmd==0x800007) return "Q_GETQUOTA" + if(cmd==0x800008) return "Q_SETQUOTA" + if(cmd==0x800005) return "Q_GETINFO" + if(cmd==0x800006) return "Q_SETINFO" + if(cmd==0x800004) return "Q_GETFMT" + if(cmd==0x800001) return "Q_SYNC" + /* XFS Quota Manager (XQM) Codes */ + if(cmd==0x5801) return "Q_XQUOTAON" + if(cmd==0x5802) return "Q_XQUOTAOFF" + if(cmd==0x5803) return "Q_XGETQUOTA" + if(cmd==0x5804) return "Q_XSETQLIM" + if(cmd==0x5805) return "Q_XGETQSTAT" + if(cmd==0x5806) return "Q_XQUOTARM" + return "" +} + +/* see sys/socket.h (for setsockopt) */ +function _sockopt_optname_str(opt) { + if(opt==1) return "SO_DEBUG" + if(opt==2) return "SO_REUSEADDR" + if(opt==3) return "SO_TYPE" + if(opt==4) return "SO_ERROR" + if(opt==5) return "SO_DONTROUTE" + if(opt==6) return "SO_BROADCAST" + if(opt==7) return "SO_SNDBUF" + if(opt==8) return "SO_RCVBUF" + if(opt==9) return "SO_KEEPALIVE" + if(opt==10) return "SO_OOBINLINE" + if(opt==11) return "SO_NO_CHECK" + if(opt==12) return "SO_PRIORITY" + if(opt==13) return "SO_LINGER" + if(opt==14) return "SO_BSDCOMPAT" + + if(opt==16) return "SO_PASSCRED" + if(opt==17) return "SO_PEERCRED" + if(opt==18) return "SO_RCVLOWAT" + if(opt==19) return "SO_SNDLOWAT" + if(opt==20) return "SO_RCVTIMEO" + if(opt==21) return "SO_SNDTIMEO" + return "" +} + +/* `man 2 setsockopt` for more information */ +function _sockopt_level_str(l) { + if(l==0) return "IP" + if(l==1) return "ICMP" + if(l==2) return "IGMP" + if(l==3) return "GGP" + if(l==4) return "IP-ENCAP" + if(l==5) return "ST" + if(l==6) return "TCP" + if(l==7) return "CBT" + if(l==8) return "EGP" + if(l==9) return "IGP" + if(l==10) return "BBN-RCC-MON" + if(l==11) return "NVP-II" + if(l==12) return "PUP" + if(l==13) return "ARGUS" + if(l==14) return "EMCON" + if(l==15) return "XNET" + if(l==16) return "CHAOS" + if(l==17) return "UDP" + if(l==18) return "MUX" + if(l==19) return "DCN-MEAS" + if(l==20) return "HMP" + if(l==21) return "PRM" + if(l==22) return "XNS-IDP" + if(l==23) return "TRUNK-1" + if(l==24) return "TRUNK-2" + if(l==25) return "LEAF-1" + if(l==26) return "LEAF-2" + if(l==27) return "RDP" + if(l==28) return "IRTP" + if(l==29) return "ISO-TP4" + if(l==30) return "NETBLT" + if(l==31) return "MFE-NSP" + if(l==32) return "MERIT-INP" + if(l==33) return "SEP" + if(l==34) return "3PC" + if(l==35) return "IDPR" + if(l==36) return "XTP" + if(l==37) return "DDP" + if(l==38) return "IDPR-CMTP" + if(l==39) return "TP++" + if(l==40) return "IL" + if(l==41) return "IPv6" + if(l==42) return "SDRP" + if(l==43) return "IPv6-Route" + if(l==44) return "IPv6-Frag" + if(l==45) return "IDRP" + if(l==46) return "RSVP" + if(l==47) return "GRE" + if(l==48) return "MHRP" + if(l==49) return "BNA" + if(l==50) return "IPv6-Crypt" + if(l==51) return "IPv6-Auth" + if(l==52) return "I-NLSP" + if(l==53) return "SWIPE" + if(l==54) return "NARP" + if(l==55) return "MOBILE" + if(l==56) return "TLSP" + if(l==57) return "SKIP" + if(l==58) return "IPv6-ICMP" + if(l==59) return "IPv6-NoNxt" + if(l==60) return "IPv6-Opts" + if(l==62) return "CFTP" + if(l==64) return "SAT-EXPAK" + if(l==65) return "KRYPTOLAN" + if(l==66) return "RVD" + if(l==67) return "IPPC" + if(l==69) return "SAT-MON" + if(l==70) return "VISA" + if(l==71) return "IPCV" + if(l==72) return "CPNX" + if(l==73) return "CPHB" + if(l==74) return "WSN" + if(l==75) return "PVP" + if(l==76) return "BR-SAT-MON" + if(l==77) return "SUN-ND" + if(l==78) return "WB-MON" + if(l==79) return "WB-EXPAK" + if(l==80) return "ISO-IP" + if(l==81) return "VMTP" + if(l==82) return "SECURE-VMTP" + if(l==83) return "VINES" + if(l==84) return "TTP" + if(l==85) return "NSFNET-IGP" + if(l==86) return "DGP" + if(l==87) return "TCF" + if(l==88) return "EIGRP" + if(l==89) return "OSPFIGP" + if(l==90) return "Sprite-RPC" + if(l==91) return "LARP" + if(l==92) return "MTP" + if(l==93) return "AX.25" + if(l==94) return "IPIP" + if(l==95) return "MICP" + if(l==96) return "SCC-SP" + if(l==97) return "ETHERIP" + if(l==98) return "ENCAP" + if(l==100) return "GMTP" + if(l==101) return "IFMP" + if(l==102) return "PNNI" + if(l==103) return "PIM" + if(l==104) return "ARIS" + if(l==105) return "SCPS" + if(l==106) return "QNX" + if(l==107) return "A/N" + if(l==108) return "IPComp" + if(l==109) return "SNP" + if(l==110) return "Compaq-Peer" + if(l==111) return "IPX-in-IP" + if(l==112) return "VRRP" + if(l==113) return "PGM" + if(l==115) return "L2TP" + if(l==116) return "DDX" + if(l==117) return "IATP" + if(l==118) return "STP" + if(l==119) return "SRP" + if(l==120) return "UTI" + if(l==121) return "SMP" + if(l==122) return "SM" + if(l==123) return "PTP" + if(l==124) return "ISIS" + if(l==125) return "FIRE" + if(l==126) return "CRTP" + if(l==127) return "CRUDP" + if(l==128) return "SSCOPMCE" + if(l==129) return "IPLT" + if(l==130) return "SPS" + if(l==131) return "PIPE" + if(l==132) return "SCTP" + if(l==133) return "FC" + return "" +} + +function _sock_family_str(f) { + if(f==0) return "PF_UNSPEC" + if(f==1) return "PF_UNIX" + if(f==1) return "PF_LOCAL" + if(f==2) return "PF_INET" + if(f==3) return "PF_AX25" + if(f==4) return "PF_IPX" + if(f==5) return "PF_APPLETALK" + if(f==6) return "PF_NETROM" + if(f==7) return "PF_BRIDGE" + if(f==8) return "PF_ATMPVC" + if(f==9) return "PF_X25" + if(f==10) return "PF_INET6" + if(f==11) return "PF_ROSE" + if(f==12) return "PF_DECnet" + if(f==13) return "PF_NETBEUI" + if(f==14) return "PF_SECURITY" + if(f==15) return "PF_KEY" + if(f==16) return "PF_NETLINK" + if(f==17) return "PF_PACKET" + if(f==18) return "PF_ASH" + if(f==19) return "PF_ECONET" + if(f==20) return "PF_ATMSVC" + if(f==22) return "PF_SNA" + if(f==23) return "PF_IRDA" + if(f==24) return "PF_PPPOX" + if(f==25) return "PF_WANPIPE" + if(f==26) return "PF_LLC" + if(f==31) return "PF_BLUETOOTH" + if(f==32) return "PF_MAX" + return "" +} + +function _sock_type_str(t) { + if(t==1) return "SOCK_STREAM" + if(t==2) return "SOCK_DGRAM" + if(t==5) return "SOCK_SEQPACKET" + if(t==3) return "SOCK_RAW" + if(t==4) return "SOCK_RDM" + if(t==10) return "SOCK_PACKET" + return "" +} + +function _opoll_op_str(o) { + if(o==1) return "EPOLL_CTL_ADD" + if(o==3) return "EPOLL_CTL_MOD" + if(o==2) return "EPOLL_CTL_DEL" + return "" +} + +function _epoll_events_str(e) { + if(e==1) return "EPOLLIN" + if(e==4) return "EPOLLOUT" + if(e==2) return "EPOLLPRI" + if(e==8) return "EPOLLERR" + if(e==16) return "EPOLLHUP" + if(e==-2147483648) return "EPOLLET" + if(e==1073741824) return "EPOLLONESHOT" + return "" +} + +function _rlimit_resource_str(r) { + if(r==-1) return "RLIM_INFINITY" + if(r==9) return "RLIMIT_AS" + if(r==4) return "RLIMIT_CORE" + if(r==0) return "RLIMIT_CPU" + if(r==2) return "RLIMIT_DATA" + if(r==1) return "RLIMIT_FSIZE" + if(r==10) return "RLIMIT_LOCKS" + if(r==8) return "RLIMIT_MEMLOCK" + if(r==7) return "RLIMIT_NOFILE" + if(r==6) return "RLIMIT_NPROC" + if(r==5) return "RLIMIT_RSS" + if(r==3) return "RLIMIT_STACK" + return "" +} + +function _rusage_who_str(w) { + if(w==0) return "RUSAGE_SELF" + if(w==-1) return "RUSAGE_CHILDREN" + return "" +} + diff --git a/tapset/system_calls.stp b/tapset/system_calls.stp index b56f4e890..462c25e6b 100644 --- a/tapset/system_calls.stp +++ b/tapset/system_calls.stp @@ -15,14 +15,12 @@ probe kernel.syscall.time = kernel.function("sys_time") { name = "time" + t_uaddr = $tloc t = __uget_num($tloc) } probe kernel.syscall.time.return = kernel.function("sys_time").return { name = "time.return" - /* - t = __uget_num($tloc) - */ } # stime____________________________________________ /* @@ -31,15 +29,13 @@ probe kernel.syscall.time.return = */ probe kernel.syscall.stime = kernel.function("sys_stime") { - name = "stime" + name = "stime" + t_uaddr = $tptr t = __uget_num($tptr) } probe kernel.syscall.stime.return = kernel.function("sys_stime").return { name = "stime.return" - /* - t = __uget_num($tptr) - */ } # gettimeofday_____________________________________ /* @@ -50,6 +46,8 @@ probe kernel.syscall.stime.return = probe kernel.syscall.gettimeofday = kernel.function("sys_gettimeofday") { name = "gettimeofday" + tv_uaddr = $tv + tz_uaddr = $tz tv_tv_sec = __uget_tv_m($tv,0) tv_tv_usec = __uget_tv_m($tv,1) tz_tz_minuteswest = __uget_tz_m($tz,0) @@ -58,12 +56,6 @@ probe kernel.syscall.gettimeofday = probe kernel.syscall.gettimeofday.return = kernel.function("sys_gettimeofday").return { name = "gettimeofday.return" - /* - tv_tv_sec = __uget_tv_m($tv,0) - tv_tv_usec = __uget_tv_m($tv,1) - tz_tz_minuteswest = __uget_tz_m($tz,0) - tz_tz_dsttime = __uget_tz_m($tz,1) - */ } # settimeofday_____________________________________ /* @@ -74,6 +66,8 @@ probe kernel.syscall.gettimeofday.return = probe kernel.syscall.settimeofday = kernel.function("sys_settimeofday") { name = "settimeofday" + tv_uaddr = $tv + tz_uaddr = $tz tv_tv_sec = __uget_tv_m($tv,0) tv_tv_usec = __uget_tv_m($tv,1) tz_tz_minuteswest = __uget_tz_m($tz,0) @@ -82,12 +76,6 @@ probe kernel.syscall.settimeofday = probe kernel.syscall.settimeofday.return = kernel.function("sys_settimeofday").return { name = "settimeofday.return" - /* - tv_tv_sec = __uget_tv_m($tv,0) - tv_tv_usec = __uget_tv_m($tv,1) - tz_tz_minuteswest = __uget_tz_m($tz,0) - tz_tz_dsttime = __uget_tz_m($tz,1) - */ } # adjtimex_________________________________________ /* @@ -97,6 +85,7 @@ probe kernel.syscall.settimeofday.return = probe kernel.syscall.adjtimex = kernel.function("sys_adjtimex") { name = "adjtimex" + buf_uaddr = $txc_p buf_modes = __uget_timex_m($txc_p,0) buf_modes_str = _adjtx_mode_str(buf_modes) buf_offset = __uget_timex_m($txc_p,1) @@ -114,37 +103,6 @@ probe kernel.syscall.adjtimex = probe kernel.syscall.adjtimex.return = kernel.function("sys_adjtimex").return { name = "adjtimex.return" - /* - buf_modes = __uget_timex_m($txc_p,0) - buf_modes_str = _adjtx_mode_str(buf_modes) - buf_offset = __uget_timex_m($txc_p,1) - buf_freq = __uget_timex_m($txc_p,2) - buf_maxerror = __uget_timex_m($txc_p,3) - buf_esterror = __uget_timex_m($txc_p,4) - buf_status = __uget_timex_m($txc_p,5) - buf_constant = __uget_timex_m($txc_p,6) - buf_precision = __uget_timex_m($txc_p,7) - buf_tolerance = __uget_timex_m($txc_p,8) - buf_time_tv_sec = __uget_timex_m($txc_p,9) - buf_time_tv_usec = __uget_timex_m($txc_p,10) - buf_tick = __uget_timex_m($txc_p,11) - - TODO+++++++++++++++++++++++++++++++++++++++++ - RETURN VALUE - On success, adjtimex returns the clock state: - - #define TIME_OK 0 clock synchronized - #define TIME_INS 1 insert leap second - #define TIME_DEL 2 delete leap second - #define TIME_OOP 3 leap second in progress - #define TIME_WAIT 4 leap second has occurred - #define TIME_BAD 5 clock not synchronized - - NOTE: Once $retval built-in is working it would - be nice to export a symbolic name string - corresponding to the return value. - i.e. clockstate = get_clock_state($retval) - */ } # times____________________________________________ /* @@ -154,6 +112,7 @@ probe kernel.syscall.adjtimex.return = probe kernel.syscall.times = kernel.function("sys_times") { name = "times" + buf_uaddr = $tbuf buf_tms_utime = __uget_tms_m($tbuf,0) buf_tms_stime = __uget_tms_m($tbuf,1) buf_tms_cutime = __uget_tms_m($tbuf,2) @@ -162,12 +121,6 @@ probe kernel.syscall.times = probe kernel.syscall.times.return = kernel.function("sys_times").return { name = "times.return" - /* - buf_tms_utime = __uget_tms_m($tbuf,0) - buf_tms_stime = __uget_tms_m($tbuf,1) - buf_tms_cutime = __uget_tms_m($tbuf,2) - buf_tms_cstime = __uget_tms_m($tbuf,3) - */ } # gettid___________________________________________ /* @@ -191,6 +144,8 @@ probe kernel.syscall.gettid.return = probe kernel.syscall.nanosleep = kernel.function("sys_nanosleep") { name = "nanosleep" + req_uaddr = $rqtp + rem_uaddr = $rmtp req_tv_sec = __uget_ts_m($rqtp,0) req_tv_nsec = __uget_ts_m($rqtp,1) rem_tv_sec = __uget_ts_m($rmtp,0) @@ -199,12 +154,6 @@ probe kernel.syscall.nanosleep = probe kernel.syscall.nanosleep.return = kernel.function("sys_nanosleep").return { name = "nanosleep.return" - /* - req_tv_sec = __uget_ts_m($rqtp,0) - req_tv_nsec = __uget_ts_m($rqtp,1) - rem_tv_sec = __uget_ts_m($rmtp,0) - rem_tv_nsec = __uget_ts_m($rmtp,1) - */ } # alarm____________________________________________ /* @@ -281,11 +230,11 @@ probe kernel.syscall.geteuid.return = * sys_getgid(void) */ probe kernel.syscall.getgid = - kernel.function("sys_gid") { + kernel.function("sys_getgid") { name = "getgid" } probe kernel.syscall.getgid.return = - kernel.function("sys_gid").return { + kernel.function("sys_getgid").return { name = "getgid.return" } # getegid__________________________________________ @@ -302,6829 +251,4825 @@ probe kernel.syscall.getegid.return = name = "getegid.return" } # getresuid________________________________________ -/* asmlinkage long sys_getresuid(uid_t __user *ruid, - uid_t __user *euid, - uid_t __user *suid) */ +/* + * asmlinkage long + * sys_getresuid(uid_t __user *ruid, + * uid_t __user *euid, + * uid_t __user *suid) + */ probe kernel.syscall.getresuid = - kernel.function("sys_getresuid") { - name = "getresuid" - } - + kernel.function("sys_getresuid") { + name = "getresuid" + ruid_uaddr = $ruid + euid_uaddr = $euid + suid_uaddr = $suid + ruid = __uget_num($ruid) + euid = __uget_num($euid) + suid = __uget_num($suid) + } probe kernel.syscall.getresuid.return = - kernel.function("sys_getresuid").return { - name = "getresuid.return" - /* - ruid = $ruid - euid = $euid - suid = $suid - */ - } + kernel.function("sys_getresuid").return { + name = "getresuid.return" + } # getresgid________________________________________ -/* asmlinkage long sys_getresgid(gid_t __user *rgid, - gid_t __user *egid, - gid_t __user *sgid) */ +/* + * asmlinkage + * long sys_getresgid(gid_t __user *rgid, + * gid_t __user *egid, + * gid_t __user *sgid) + */ probe kernel.syscall.getresgid = - kernel.function("sys_retresgid") { - name = "getresgid" - } - + kernel.function("sys_getresgid") { + name = "getresgid" + rgid_uaddr = $rgid + egid_uaddr = $egid + sgid_uaddr = $sgid + rgid = __uget_num($rgid) + egid = __uget_num($egid) + sgid = __uget_num($sgid) + } probe kernel.syscall.getresgid.return = - kernel.function("sys_retresgid").return { - name = "getresgid.return" - /* - rgid = $rgid - egid = $egid - sgid = $sgid - */ - } + kernel.function("sys_getresgid").return { + name = "getresgid.return" + } # getpgid__________________________________________ -/* asmlinkage long sys_getpid(void) */ +/* + * asmlinkage long + * sys_getpgid(void) + */ probe kernel.syscall.getpgid = - kernel.function("sys_getpgid") { - name = "getpgid" - } - + kernel.function("sys_getpgid") { + name = "getpgid" + } probe kernel.syscall.getpgid.return = - kernel.function("sys_getpgid").return { - name = "getpgid.return" - } + kernel.function("sys_getpgid").return { + name = "getpgid.return" + } # getpgrp__________________________________________ -/* asmlinkage long sys_getpgrp(void) */ +/* + * asmlinkage long + * sys_getpgrp(void) + */ probe kernel.syscall.getpgrp = - kernel.function("sys_getpgrp") { - name = "getpgrp" - } - + kernel.function("sys_getpgrp") { + name = "getpgrp" + } probe kernel.syscall.getpgrp.return = - kernel.function("sys_getpgrp").return { - name = "getpgrp.return" - } + kernel.function("sys_getpgrp").return { + name = "getpgrp.return" + } # getsid___________________________________________ -/* asmlinkage long sys_getsid(pid_t pid) */ +/* + * asmlinkage long + * sys_getsid(pid_t pid) + */ probe kernel.syscall.getsid = - kernel.function("sys_getsid") { - name = "getsid" - pid = $pid - } - + kernel.function("sys_getsid") { + name = "getsid" + pid = $pid + } probe kernel.syscall.getsid.return = - kernel.function("sys_getsid").return { - name = "getsid.return" - pid = $pid - } + kernel.function("sys_getsid").return { + name = "getsid.return" + /* + pid = $pid + */ + } # getgroups________________________________________ -/* asmlinkage long sys_getgroups(int gidsetsize, - gid_t __user *grouplist) */ +/* + * asmlinkage long + * sys_getgroups(int gidsetsize, + * gid_t __user *grouplist) + */ probe kernel.syscall.getgroups = - kernel.function("sys_getgroups") { - name = "getgroups" - } - + kernel.function("sys_getgroups") { + name = "getgroups" + size = $gidsetsize + /* + NOTE + list defined as "gid_t list[]" there + is no practical way to export these + values. Therefore just export addr, + let the user take care of it with + embedded C if need be. + */ + list_uaddr = $grouplist + } probe kernel.syscall.getgroups.return = - kernel.function("sys_getgroups").return { - name = "getgroups.return" - /* - SUMMARY - int getgroups(int size, gid_t list[]); - - Up to size supplementary group IDs are returned - in list. It is unspecified whether the effective - group ID of the calling process is included in - the returned list. (Thus, an application should - also call getegid(2) and add or remove the resulting - value.) If size is zero, list is not modified, but - the total number of supplementary group IDs for the - process is returned. - - Note: I do not think SystemTap has support for arrays, - this may be able to be delegated to an embedded - aux function.... - */ - } + kernel.function("sys_getgroups").return { + name = "getgroups.return" + } # setregid_________________________________________ -/* asmlinkage long sys_setregid(gid_t rgid, gid_t egid) */ +/* + * asmlinkage long + * sys_setregid(gid_t rgid, + * gid_t egid) + */ probe kernel.syscall.setregid = - kernel.function("sys_setregid") { - name = "setregid" - rgid = $rgid - egid = $egid - } - + kernel.function("sys_setregid") { + name = "setregid" + rgid = $rgid + egid = $egid + } probe kernel.syscall.setregid.return = - kernel.function("sys_setregid").return { - name = "setregid.return" - rgid = $rgid - egid = $egid - } + kernel.function("sys_setregid").return { + name = "setregid.return" + } # setgid___________________________________________ -/* asmlinkage long sys_setgid(gid_t gid) */ +/* + * asmlinkage long + * sys_setgid(gid_t gid) + */ probe kernel.syscall.setgid = - kernel.function("sys_setgid") { - name = "setgid" - gid = $gid - } - + kernel.function("sys_setgid") { + name = "setgid" + gid = $gid + } probe kernel.syscall.setgid.return = - kernel.function("sys_setgid").return { - name = "setgid.return" - gid = $gid - } + kernel.function("sys_setgid").return { + name = "setgid.return" + } # setreuid_________________________________________ -/* asmlinkage long sys_setreuid(uid_t ruid, uid_t euid) */ +/* + * asmlinkage long + * sys_setreuid(uid_t ruid, + * uid_t euid) + */ probe kernel.syscall.setreuid = - kernel.function("sys_setreuid") { - name = "setreuid" - ruid = $ruid - euid = $euid - } - + kernel.function("sys_setreuid") { + name = "setreuid" + ruid = $ruid + euid = $euid + } probe kernel.syscall.setreuid.return = - kernel.function("sys_setreuid").return { - name = "setreuid.return" - ruid = $ruid - euid = $euid - } + kernel.function("sys_setreuid").return { + name = "setreuid.return" + } # setuid___________________________________________ -/* asmlinkage long sys_setuid(uid_t uid) */ +/* + * asmlinkage long + * sys_setuid(uid_t uid) + */ probe kernel.syscall.setuid = - kernel.function("sys_setuid") { - name = "setuid" - uid = $uid - } - + kernel.function("sys_setuid") { + name = "setuid" + uid = $uid + } probe kernel.syscall.setuid.return = - kernel.function("sys_setuid").return { - name = "setuid.return" - uid = $uid - } + kernel.function("sys_setuid").return { + name = "setuid.return" + } # setresuid________________________________________ -/* asmlinkage long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid) */ +/* + * asmlinkage long + * sys_setresuid(uid_t ruid, + * uid_t euid, + * uid_t suid) + */ probe kernel.syscall.setresuid = - kernel.function("sys_setresuid") { - name = "setresuid" - ruid = $ruid - euid = $euid - suid = $suid - } - + kernel.function("sys_setresuid") { + name = "setresuid" + ruid = $ruid + euid = $euid + suid = $suid + } probe kernel.syscall.setresuid.return = - kernel.function("sys_setresuid").return { - name = "setresuid.return" - ruid = $ruid - euid = $euid - suid = $suid - } + kernel.function("sys_setresuid").return { + name = "setresuid.return" + } # setresgid________________________________________ -/* asmlinkage long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid) */ +/* + * asmlinkage long + * sys_setresgid(gid_t rgid, + * gid_t egid, + * gid_t sgid) + */ probe kernel.syscall.setresgid = - kernel.function("sys_setresgid") { - name = "setresgid" - rgid = $rgid - egid = $egid - sgid = $sgid - } - + kernel.function("sys_setresgid") { + name = "setresgid" + rgid = $rgid + egid = $egid + sgid = $sgid +} probe kernel.syscall.setresgid.return = - kernel.function("sys_setresgid").return { - name = "setresgid.return" - rgid = $rgid - egid = $egid - sgid = $sgid - } + kernel.function("sys_setresgid").return { + name = "setresgid.return" + } # setfsuid_________________________________________ -/* asmlinkage long sys_setfsuid(uid_t uid) */ +/* + * asmlinkage long + * sys_setfsuid(uid_t uid) + */ probe kernel.syscall.setfsuid = - kernel.function("sys_setfsuid") { - name = "setfsuid" - fsuid = $uid - } - + kernel.function("sys_setfsuid") { + name = "setfsuid" + fsuid = $uid + } probe kernel.syscall.setfsuid.return = - kernel.function("sys_setfsuid").return { - name = "setfsuid.return" - fsuid = $uid - } + kernel.function("sys_setfsuid").return { + name = "setfsuid.return" + } # setfsgid_________________________________________ -/* asmlinkage long sys_setfsgid(gid_t gid) */ +/* + * asmlinkage long + * sys_setfsgid(gid_t gid) + */ probe kernel.syscall.setfsgid = - kernel.function("sys_setfsgid") { - name = "setfsgid" - fsgid = $gid - } - + kernel.function("sys_setfsgid") { + name = "setfsgid" + fsgid = $gid + } probe kernel.syscall.setfsgid.return = - kernel.function("sys_setfsgid").return { - name = "setfsgid.return" - fsgid = $gid - } + kernel.function("sys_setfsgid").return { + name = "setfsgid.return" + } # setpgid__________________________________________ -/* asmlinkage long sys_setpgid(pid_t pid, pid_t pgid) */ +/* + * asmlinkage long + * sys_setpgid(pid_t pid, + * pid_t pgid) + */ probe kernel.syscall.setpgid = - kernel.function("sys_setpgid") { - name = "setpgid" - pid = $pid - pgid = $pgid - } - + kernel.function("sys_setpgid") { + name = "setpgid" + pid = $pid + pgid = $pgid + } probe kernel.syscall.setpgid.return = - kernel.function("sys_setpgid").return { - name = "setpgid.return" - pid = $pid - pgid = $pgid - } + kernel.function("sys_setpgid").return { + name = "setpgid.return" + } # setsid___________________________________________ -/* asmlinkage long sys_setsid(void) */ +/* + * asmlinkage long + * sys_setsid(void) + */ probe kernel.syscall.setsid = - kernel.function("sys_setsid") { - name = "setsid" - } - + kernel.function("sys_setsid") { + name = "setsid" + } probe kernel.syscall.setsid.return = - kernel.function("sys_setsid").return { - name = "setsid.return" - } + kernel.function("sys_setsid").return { + name = "setsid.return" + } # setgroups________________________________________ -/* asmlinkage long sys_setgroups(int gidsetsize, - gid_t __user *grouplist) */ +/* + * asmlinkage long + * sys_setgroups(int gidsetsize, + * gid_t __user *grouplist) + */ probe kernel.syscall.setgroups = - kernel.function("sys_setgroups") { - name = "setgroups" - /* - SUMMARY (see getgroups for same issue) - int setgroups(size_t size, const gid_t *list); - - Sets the supplementary group IDs for the process. - Only the super-user may use this function. - - Note: I do not think SystemTap has support for arrays, - this may be able to be delegated to an embedded - aux function.... - */ - } - + kernel.function("sys_setgroups") { + name = "setgroups" + size = $gidsetsize + /* + NOTE + list defined as "gid_t list[]" there + is no practical way to export these + values. Therefore just export addr, + let the user take care of it with + embedded C if need be. + */ + list_uaddr = $grouplist + } probe kernel.syscall.setgroups.return = - kernel.function("sys_setgroups").return { - name = "setgroups.return" - /* - SUMMARY (see getgroups for same issue) - int setgroups(size_t size, const gid_t *list); - - Sets the supplementary group IDs for the process. - Only the super-user may use this function. - - Note: I do not think SystemTap has support for arrays, this may be able to be delegated to an embedded - aux function.... - */ - } + kernel.function("sys_setgroups").return { + name = "setgroups.return" + } # acct_____________________________________________ -/* asmlinkage long sys_acct(const char __user *name) */ +/* + * asmlinkage long + * sys_acct(const char __user *name) + */ probe kernel.syscall.acct = - kernel.function("sys_acct") { - name = "acct" - /* - filename = $name - */ - } - + kernel.function("sys_acct") { + name = "acct" + filename_uaddr = $name + filename = user_string($name) + } probe kernel.syscall.acct.return = - kernel.function("sys_acct").return { - name = "acct.return" - /* - filename = $name - */ - } + kernel.function("sys_acct").return { + name = "acct.return" + } # capget___________________________________________ -/* asmlinkage long sys_capget(cap_user_header_t header, - cap_user_data_t dataptr) */ -probe kernel.syscall.capget = - kernel.function("sys_capget") { - name = "capget" - version = $header->version - target_pid = $header->pid - effective = $dataptr->effective - permitted = $dataptr->permitted - inheritable = $dataptr->inheritable - /* - DESCRIPTION - These two functions are the raw kernel interface - for getting and setting capabilities. The kernel API - is likely to change and use of these functions (in - particular the format of the cap_user_*_t types) is - subject to change with each kernel revision. - - These system calls are specific to Linux. - The portable interfaces are cap_set_proc(3) and - cap_get_proc(3). - */ - } +/* + NOTE + this is probably not a good function + to probe. The structures are always + changing. It also seems like it is + not really used. Cscope produced no + reference of this function in the + kernel (returned no callers). Perhaps + cap_get_proc / cap_set_proc are better + functions to export. +*/ +/* + * asmlinkage long + * sys_capget(cap_user_header_t header, + * cap_user_data_t dataptr) + */ +probe kernel.syscall.capget = + kernel.function("sys_capget") { + name = "capget" + header_uaddr = $header + data_uaddr = $dataptr + /* + NOTE + These two functions are the raw kernel + interface for getting and setting + capabilities. The kernel API is likely + to change and use of these functions (in + particular the format of the cap_user_*_t + types) is subject to change with each + kernel revision. + */ + } probe kernel.syscall.capget.return = - kernel.function("sys_capget").return { - name = "capget.return" - version = $header->version - target_pid = $header->pid - effective = $dataptr->effective - permitted = $dataptr->permitted - inheritable = $dataptr->inheritable - /* - DESCRIPTION - These two functions are the raw kernel interface - for getting and setting capabilities. The kernel API - is likely to change and use of these functions (in - particular the format of the cap_user_*_t types) is - subject to change with each kernel revision. - - These system calls are specific to Linux. - The portable interfaces are cap_set_proc(3) and - cap_get_proc(3). - */ - } + kernel.function("sys_capget").return { + name = "capget.return" + } # capset___________________________________________ -/* asmlinkage long sys_capset(cap_user_header_t header, - const cap_user_data_t data) */ -probe kernel.syscall.capset = - kernel.function("sys_capset") { - name = "capset" - version = $header->version - target_pid = $header->pid - effective = $data->effective - permitted = $data->permitted - inheritable = $data->inheritable - /* - DESCRIPTION - These two functions are the raw kernel interface - for getting and setting capabilities. The kernel API - is likely to change and use of these functions (in - particular the format of the cap_user_*_t types) is - subject to change with each kernel revision. - - These system calls are specific to Linux. - The portable interfaces are cap_set_proc(3) and - cap_get_proc(3). - */ - } +/* + NOTE + this is probably not a good function + to probe. The structures are always + changing. It also seems like it is + not really used. Cscope produced no + reference of this function in the + kernel (returned no callers). Perhaps + cap_get_proc / cap_set_proc are better + functions to export. +*/ +/* + * asmlinkage long + * sys_capset(cap_user_header_t header, + * const cap_user_data_t data) + */ +probe kernel.syscall.capset = + kernel.function("sys_capset") { + name = "capset" + header_uaddr = $header + data_uaddr = $data + /* + NOTE + These two functions are the raw kernel + interface for getting and setting + capabilities. The kernel API is likely + to change and use of these functions (in + particular the format of the cap_user_*_t + types) is subject to change with each + kernel revision. + + These system calls are specific to Linux. + The portable interfaces are cap_set_proc + and cap_get_proc. + */ + } probe kernel.syscall.capset.return = - kernel.function("sys_capset").return { - name = "capset.return" - version = $header->version - target_pid = $header->pid - effective = $data->effective - permitted = $data->permitted - inheritable = $data->inheritable - /* - DESCRIPTION - These two functions are the raw kernel interface - for getting and setting capabilities. The kernel API - is likely to change and use of these functions (in - particular the format of the cap_user_*_t types) is - subject to change with each kernel revision. - - These system calls are specific to Linux. - The portable interfaces are cap_set_proc(3) and - cap_get_proc(3). - */ - } + kernel.function("sys_capset").return { + name = "capset.return" + } # personality______________________________________ -/* asmlinkage long sys_personality(u_long personality) */ +/* + * asmlinkage long + * sys_personality(u_long personality) + */ probe kernel.syscall.personality = - kernel.function("sys_personality") { - name = "personality" - persona = $personality - } - + kernel.function("sys_personality") { + name = "personality" + persona = $personality + } probe kernel.syscall.personality.return = - kernel.function("sys_personality").return { - name = "personality.return" - persona = $personality - } + kernel.function("sys_personality").return { + name = "personality.return" + } # sigpending_______________________________________ -/* asmlinkage long sys_sigpending(old_sigset_t __user *set) */ +/* + * long do_sigpending(void __user *set, + * unsigned long sigsetsize) + */ probe kernel.syscall.sigpending = - kernel.function("do_sigpending") { - name = "sigpending" - } + kernel.function("do_sigpending") { + name = "sigpending" + /* + NOTE + set is defined as + struct { + unsigned long int __val[128]; + } + theres is no practical way to export + these values. Therefore just export + addr, let the user take care of it + with embedded C if need be. + */ + /* + XXX Cannot deal w void pointers yet + set_uaddr = $set + */ + } probe kernel.syscall.sigpending.return = - kernel.function("do_sigpending").return { - name = "sigpending.return" - /* - set = $set - */ - } + kernel.function("do_sigpending").return { + name = "sigpending.return" + } # sigprocmask______________________________________ -/* asmlinkage long - sys_sigprocmask(int how, - old_sigset_t __user *set, - old_sigset_t __user *oset) */ +/* + * asmlinkage long + * sys_sigprocmask(int how, + * old_sigset_t __user *set, + * old_sigset_t __user *oset) + */ probe kernel.syscall.sigprocmask = - kernel.function("sys_sigprocmask") { - name = "sigprocmask" - how = $how - how_str = _sigprocmask_how_str($how) - /* - set = $set - oldset = $oset - */ - } - + kernel.function("sys_sigprocmask") { + name = "sigprocmask" + how = $how + how_str = _sigprocmask_how_str($how) + /* + NOTE + set and oset are defined as + struct { + unsigned long int __val[128]; + } + theres is no practical way to export + these values. Therefore just export + addr, let the user take care of it + with embedded C if need be. + */ + set_uaddr = $set + oldset_uaddr = $oset + } probe kernel.syscall.sigprocmask.return = - kernel.function("sys_sigprocmask").return { - name = "sigprocmask.return" - how = $how - how_str = _sigprocmask_how_str($how) - /* - set = $set - oldset = $oset - */ - } + kernel.function("sigprocmask").return { + name = "sigprocmask.return" + } # getitimer________________________________________ -/* asmlinkage long - sys_getitimer(int which, - struct itimerval __user *value) */ +/* + * asmlinkage long + * sys_getitimer(int which, + * struct itimerval __user *value) + */ probe kernel.syscall.getitimer = - kernel.function("sys_getitimer") { - name = "getitimer" - which = $which - which_str = _itimer_which_str($which) - /* - value_it_interval_tv_sec = $value->it_interval->tv_sec - value_it_interval_tv_usec = $value->it_interval->tv_usec - value_it_value_tv_sec = $value->it_value->tv_sec - value_it_value_tv_usec = $value->it_value->tv_usec - */ - } - + kernel.function("sys_getitimer") { + name = "getitimer" + which = $which + which_str = _itimer_which_str($which) + value_uaddr = $value + value_it_interval_tv_sec = + __uget_itimerval_tv_m($value,0) + value_it_interval_tv_usec = + __uget_itimerval_tv_m($value,1) + value_it_value_tv_sec = + __uget_itimerval_tv_m($value,2) + value_it_value_tv_usec = + __uget_itimerval_tv_m($value,3) + } probe kernel.syscall.getitimer.return = - kernel.function("sys_getitimer").return { - name = "getitimer.return" - which = $which - which_str = _itimer_which_str($which) - /* - value_it_interval_tv_sec = $value->it_interval->tv_sec - value_it_interval_tv_usec = $value->it_interval->tv_usec - value_it_value_tv_sec = $value->it_value->tv_sec - value_it_value_tv_usec = $value->it_value->tv_usec - */ - } + kernel.function("sys_getitimer").return { + name = "getitimer.return" + } # setitimer________________________________________ -/* asmlinkage long - sys_setitimer(int which, - struct itimerval __user *value, - struct itimerval __user *ovalue) */ +/* + * asmlinkage long + * sys_setitimer(int which, + * struct itimerval __user *value, + * struct itimerval __user *ovalue) + */ probe kernel.syscall.setitimer = - kernel.function("sys_setitimer") { - name = "setitimer" - which = $which - which_str = _itimer_which_str($which) - /* - value_it_interval_tv_sec = $value->it_interval->tv_sec - value_it_interval_tv_usec = $value->it_interval->tv_usec - value_it_value_tv_sec = $value->it_value->tv_sec - value_it_value_tv_usec = $value->it_value->tv_usec - */ - } - + kernel.function("sys_setitimer") { + name = "setitimer" + which = $which + which_str = _itimer_which_str($which) + value_uaddr = $value + ovalue_uaddr = $ovalue + value_it_interval_tv_sec = + __uget_itimerval_tv_m($value,0) + value_it_interval_tv_usec = + __uget_itimerval_tv_m($value,1) + value_it_value_tv_sec = + __uget_itimerval_tv_m($value,2) + value_it_value_tv_usec = + __uget_itimerval_tv_m($value,3) + ovalue_it_interval_tv_sec = + __uget_itimerval_tv_m($ovalue,0) + ovalue_it_interval_tv_usec = + __uget_itimerval_tv_m($ovalue,1) + ovalue_it_value_tv_sec = + __uget_itimerval_tv_m($ovalue,2) + ovalue_it_value_tv_usec = + __uget_itimerval_tv_m($ovalue,3) + } probe kernel.syscall.setitimer.return = - kernel.function("sys_setitimer").return { - name = "setitimer.return" - which = $which - which_str = _itimer_which_str($which) - /* - value_it_interval_tv_sec = $value->it_interval->tv_sec - value_it_interval_tv_usec = $value->it_interval->tv_usec - value_it_value_tv_sec = $value->it_value->tv_sec - value_it_value_tv_usec = $value->it_value->tv_usec - - ovalue_it_interval_tv_sec = $ovalue->it_interval->tv_sec - ovalue_it_interval_tv_usec = $ovalue->it_interval->tv_usec - ovalue_it_value_tv_sec = $ovalue->it_value->tv_sec - ovalue_it_value_tv_usec = $ovalue->it_value->tv_usec - */ - } + kernel.function("sys_setitimer").return { + name = "setitimer.return" + } # timer_create_____________________________________ -/* asmlinkage long - sys_timer_create(clockid_t which_clock, - struct sigevent __user *timer_event_spec, - timer_t __user * created_timer_id) */ +/* + * asmlinkage long + * sys_timer_create(clockid_t which_clock, + * struct sigevent __user *timer_event_spec, + * timer_t __user * created_timer_id) + */ probe kernel.syscall.timer_create = - kernel.function("sys_timer_create") { - name = "timer_create" - which_clock = $which_clock - which_clock_str = _get_wc_str($which_clock) - /* ...a little unsure about this... - - typedef struct sigevent { - sigval_t sigev_value; - int sigev_signo; - int sigev_notify; - union { - int _pad[SIGEV_PAD_SIZE]; - int _tid; - - struct { - void (*_function)(sigval_t); - void *_attribute; - // really pthread_attr_t - } _sigev_thread; - } _sigev_un; - } sigevent_t; - - */ - } + kernel.function("sys_timer_create") { + name = "timer_create" + clockid = $which_clock + clockid_str = _get_wc_str($which_clock) + evp_uaddr = $timer_event_spec + /* ...a little unsure about this... + + typedef struct sigevent { + sigval_t sigev_value; + int sigev_signo; + int sigev_notify; + union { + int _pad[SIGEV_PAD_SIZE]; + int _tid; + struct { + void (*_function)(sigval_t); + void *_attribute; + // really pthread_attr_t + } _sigev_thread; + } _sigev_un; + } sigevent_t; + */ + timerid_uaddr = $created_timer_id + timerid = __uget_num($created_timer_id) + } probe kernel.syscall.timer_create.return = - kernel.function("sys_timer_create").return { - name = "timer_create.return" - which_clock = $which_clock - which_clock_str = _get_wc_str($which_clock) - /* ...a little unsure about this... - - typedef struct sigevent { - sigval_t sigev_value; - int sigev_signo; - int sigev_notify; - union { - int _pad[SIGEV_PAD_SIZE]; - int _tid; - - struct { - void (*_function)(sigval_t); - void *_attribute; - // really pthread_attr_t - } _sigev_thread; - } _sigev_un; - } sigevent_t; - +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - created_timer_id = $created_timer_id - */ - } + kernel.function("sys_timer_create").return { + name = "timer_create.return" + } # timer_gettime____________________________________ -/* asmlinkage long - sys_timer_gettime(timer_t timer_id, - struct itimerspec __user *setting) */ +/* + * asmlinkage long + * sys_timer_gettime(timer_t timer_id, + * struct itimerspec __user *setting) + */ probe kernel.syscall.timer_gettime = - kernel.function("sys_timer_gettime") { - name = "timer_gettime" - timer_id = $timer_id - } - + kernel.function("sys_timer_gettime") { + name = "timer_gettime" + timerid = $timer_id + value_uaddr = $setting + value_it_interval_tv_sec = + __uget_itimerspec_ts_m($setting,0) + value_it_interval_tv_nsec = + __uget_itimerspec_ts_m($setting,1) + value_it_value_tv_sec = + __uget_itimerspec_ts_m($setting,2) + value_it_value_tv_nsec = + __uget_itimerspec_ts_m($setting,3) + } probe kernel.syscall.timer_gettime.return = - kernel.function("sys_timer_gettime").return { - name = "timer_gettime.return" - timer_id = $timer_id - /* - setting_it_interval_tv_sec = - $setting->it_interval->tv_sec - setting_it_interval_tv_usec = - $setting->it_interval->tv_usec - setting_it_value_tv_sec = - $setting->it_value->tv_sec - setting_it_value_tv_usec = - $setting->it_value->tv_usec - */ - } + kernel.function("sys_timer_gettime").return { + name = "timer_gettime.return" + } # timer_getoverrun_________________________________ -/* asmlinkage long sys_timer_getoverrun(timer_t timer_id) */ +/* + * asmlinkage long + * sys_timer_getoverrun(timer_t timer_id) + */ probe kernel.syscall.timer_getoverrun = - kernel.function("sys_timer_getoverrun") { - name = "timer_getoverrun" - timer_id = $timer_id - } - + kernel.function("sys_timer_getoverrun") { + name = "timer_getoverrun" + timerid = $timer_id + } probe kernel.syscall.timer_getoverrun.return = - kernel.function("sys_timer_getoverrun").return { - name = "timer_getoverrun.return" - timer_id = $timer_id - } + kernel.function("sys_timer_getoverrun").return { + name = "timer_getoverrun.return" + } # timer_settime____________________________________ -/* asmlinkage long - sys_timer_settime(timer_t timer_id, int flags, - const struct itimerspec __user *new_setting, - struct itimerspec __user *old_setting) */ +/* + * asmlinkage long + * sys_timer_settime(timer_t timer_id, + * int flags, + * const struct itimerspec __user *new_setting, + * struct itimerspec __user *old_setting) + */ probe kernel.syscall.timer_settime = - kernel.function("sys_timer_settime") { - name = "timer_settime" - timer_id = $timer_id - flags = $flags - /* - new_setting_it_interval_tv_sec = - $new_setting->it_interval->tv_sec - new_setting_it_interval_tv_usec = - $new_setting->it_interval->tv_usec - */ - } - + kernel.function("sys_timer_settime") { + name = "timer_settime" + timerid = $timer_id + flags = $flags + value_uaddr = $new_setting + ovalue_uaddr = $old_setting + } probe kernel.syscall.timer_settime.return = - kernel.function("sys_timer_settime").return { - name = "timer_settime.return" - name = "timer_settime" - timer_id = $timer_id - flags = $flags - /* - new_setting_it_interval_tv_sec = - $new_setting->it_interval->tv_sec - new_setting_it_interval_tv_usec = - $new_setting->it_interval->tv_usec - old_setting_it_interval_tv_sec = - $old_setting->it_interval->tv_sec - old_setting_it_interval_tv_usec = - $old_setting->it_interval->tv_usec - */ - } + kernel.function("sys_timer_settime").return { + name = "timer_settime.return" + } # timer_delete_____________________________________ -/* asmlinkage long sys_timer_delete(timer_t timer_id) */ +/* + * asmlinkage long + * sys_timer_delete(timer_t timer_id) + */ probe kernel.syscall.timer_delete = - kernel.function("sys_timer_delete") { - name = "timer_delete" - timer_id = $timer_id - } - + kernel.function("sys_timer_delete") { + name = "timer_delete" + timerid = $timer_id +} probe kernel.syscall.timer_delete.return = - kernel.function("sys_timer_delete").return { - name = "timer_delete.return" - timer_id = $timer_id - } + kernel.function("sys_timer_delete").return { + name = "timer_delete.return" + } # clock_settime____________________________________ -/* asmlinkage long - sys_clock_settime(clockid_t which_clock, - const struct timespec __user *tp) */ -probe kernel.syscall.clock_settime = - kernel.function("sys_clock_settime") { - name = "clock_settime" - which_clock = $which_clock - which_clock_str = _get_wc_str($which_clock) - /* - tp_tv_sec = $tp->tv_sec - tp_tv_usec = $tp->tv_usec - */ - } - +/* + * asmlinkage long + * sys_clock_settime(clockid_t which_clock, + * const struct timespec __user *tp) + */ +probe kernel.syscall.clock_settime = + kernel.function("sys_clock_settime") { + name = "clock_settime" + clk_id = $which_clock + clk_id_str = _get_wc_str($which_clock) + tp_uaddr = $tp + } probe kernel.syscall.clock_settime.return = - kernel.function("sys_clock_settime").return { - name = "clock_settime.return" - which_clock = $which_clock - which_clock_str = _get_wc_str($which_clock) - /* - tp_tv_sec = $tp->tv_sec - tp_tv_usec = $tp->tv_usec - */ - } + kernel.function("sys_clock_settime").return { + name = "clock_settime.return" + } # clock_gettime____________________________________ -/* asmlinkage long - sys_clock_gettime(clockid_t which_clock, - struct timespec __user *tp) */ -probe kernel.syscall.clock_gettime = - kernel.function("sys_clock_gettime") { - name = "clock_gettime" - which_clock = $which_clock - which_clock_str = _get_wc_str($which_clock) - } - +/* + * asmlinkage long + * sys_clock_gettime(clockid_t which_clock, + * struct timespec __user *tp) + */ +probe kernel.syscall.clock_gettime = + kernel.function("sys_clock_gettime") { + name = "clock_gettime" + clk_id = $which_clock + clk_id_str = _get_wc_str($which_clock) + tp_uaddr = $tp +} probe kernel.syscall.clock_gettime.return = - kernel.function("sys_clock_gettime").return { - name = "clock_gettime.return" - which_clock = $which_clock - which_clock_str = _get_wc_str($which_clock) - /* - tp_tv_sec = $tp->tv_sec - tp_tv_usec = $tp->tv_usec - */ - } + kernel.function("sys_clock_gettime").return { + name = "clock_gettime.return" + } # clock_getres_____________________________________ -/* asmlinkage long - sys_clock_getres(clockid_t which_clock, - struct timespec __user *tp) */ +/* + * asmlinkage long + * sys_clock_getres(clockid_t which_clock, + * struct timespec __user *tp) + */ probe kernel.syscall.clock_getres = - kernel.function("sys_clock_getres") { - name = "clock_getres" - which_clock = $which_clock - which_clock_str = _get_wc_str($which_clock) - } - + kernel.function("sys_clock_getres") { + name = "clock_getres" + clk_id = $which_clock + clk_id_str = _get_wc_str($which_clock) + res_uaddr = $tp + } probe kernel.syscall.clock_getres.return = - kernel.function("sys_clock_getres").return { - name = "clock_getres.return" - which_clock = $which_clock - which_clock_str = _get_wc_str($which_clock) - /* - tp_tv_sec = $tp->tv_sec - tp_tv_usec = $tp->tv_usec - */ - } + kernel.function("sys_clock_getres").return { + name = "clock_getres.return" + } # clock_nanosleep__________________________________ -/* asmlinkage long - sys_clock_nanosleep(clockid_t which_clock, - int flags, - const struct timespec __user *rqtp, - struct timespec __user *rmtp) */ +/* + * asmlinkage long + * sys_clock_nanosleep(clockid_t which_clock, + * int flags, + * const struct timespec __user *rqtp, + * struct timespec __user *rmtp) + */ probe kernel.syscall.clock_nanosleep = - kernel.function("sys_clock_nanosleep") { - name = "clock_nanosleep" - which_clock = $which_clock - which_clock_str = _get_wc_str($which_clock) - flags = $flags - flag_str = "TIMER_ABSTIME" - /* - rqtp_tv_sec = $rqtp->tv_sec - rqtp_tv_usec = $rqtp->tv_usec - */ - } - + kernel.function("sys_clock_nanosleep") { + name = "clock_nanosleep" + clock_id = $which_clock + clock_id_str = _get_wc_str($which_clock) + flags = $flags + flag_str = "TIMER_ABSTIME" + rqtp_uaddr = $rqtp + rmtp_uaddr = $rmtp + } probe kernel.syscall.clock_nanosleep.return = - kernel.function("sys_clock_nanosleep").return { - name = "clock_nanosleep.return" - which_clock = $which_clock - which_clock_str = _get_wc_str($which_clock) - flags = $flags - flag_str = "TIMER_ABSTIME" - /* - rqtp_tv_sec = $rqtp->tv_sec - rqtp_tv_usec = $rqtp->tv_usec - rmtp_tv_sec = $rmtp->tv_sec - rmtp_tv_usec = $rmtp->tv_usec - */ - } + kernel.function("sys_clock_nanosleep").return { + name = "clock_nanosleep.return" + } # nice_____________________________________________ -/* asmlinkage long sys_nice(int increment) */ +/* + * asmlinkage long + * sys_nice(int increment) + */ probe kernel.syscall.nice = - kernel.function("sys_nice") { - name = "nice" - inc = $increment - } - + kernel.function("sys_nice") { + name = "nice" + inc = $increment + } probe kernel.syscall.nice.return = - kernel.function("sys_nice").return { - name = "nice.return" - inc = $increment - } + kernel.function("sys_nice").return { + name = "nice.return" + } # sched_setscheduler_______________________________ -/* asmlinkage long - sys_sched_setscheduler(pid_t pid, int policy, - struct sched_param __user *param) */ +/* + * asmlinkage long + * sys_sched_setscheduler(pid_t pid, + * int policy, + * struct sched_param __user *param) + */ probe kernel.syscall.sched_setscheduler = - kernel.function("do_sched_setscheduler") { - name = "sched_setscheduler" - pid = $pid - policy = $policy - policy_str = _sched_policy_str($policy) - /* - p_sched_priority = param->sched_parameter - */ - } - + kernel.function("do_sched_setscheduler") { + name = "sched_setscheduler" + pid = $pid + policy = $policy + policy_str = _sched_policy_str($policy) + p_uaddr = $param + } probe kernel.syscall.sched_setscheduler.return = - kernel.function("do_sched_setscheduler").return { - name = "sched_setscheduler.return" - pid = $pid - policy = $policy - policy_str = _sched_policy_str($policy) - /* - p_sched_priority = param->sched_parameter - */ - } + kernel.function("do_sched_setscheduler").return { + name = "sched_setscheduler.return" + } # sched_setparam___________________________________ -/* asmlinkage long - sys_sched_setparam(pid_t pid, - struct sched_param __user *param) */ +/* + * asmlinkage long + * sys_sched_setparam(pid_t pid, + * struct sched_param __user *param) + */ probe kernel.syscall.sched_setparam = - kernel.function("do_sched_setscheduler") { - name = "sched_setparam" - pid = $pid - /* - p_sched_priority = param->sched_parameter - */ - } - + kernel.function("do_sched_setscheduler") { + name = "sched_setparam" + pid = $pid + p_uaddr = $param + } probe kernel.syscall.sched_setparam.return = - kernel.function("do_sched_setscheduler").return { - name = "sched_setparam.return" - pid = $pid - /* - p_sched_priority = param->sched_parameter - */ - } + kernel.function("do_sched_setscheduler").return { + name = "sched_setparam.return" + } # sched_getscheduler_______________________________ -/* asmlinkage long sys_sched_getscheduler(pid_t pid) */ +/* + * asmlinkage long + * sys_sched_getscheduler(pid_t pid) + */ probe kernel.syscall.sched_getscheduler = - kernel.function("sys_sched_getscheduler") { - name = "sched_getscheduler" - pid = $pid - } - + kernel.function("sys_sched_getscheduler") { + name = "sched_getscheduler" + pid = $pid + } probe kernel.syscall.sched_getscheduler.return = - kernel.function("sys_sched_getscheduler").return { - name = "sched_getscheduler.return" - pid = $pid - } + kernel.function("sys_sched_getscheduler").return { + name = "sched_getscheduler.return" + } # sched_getparam___________________________________ -/* asmlinkage long - sys_sched_getparam(pid_t pid, - struct sched_param __user *param) */ +/* + * asmlinkage long + * sys_sched_getparam(pid_t pid, + * struct sched_param __user *param) + */ probe kernel.syscall.sched_getparam = - kernel.function("sys_sched_getparam") { - name = "sched_getparam" - pid = $pid - } - + kernel.function("sys_sched_getparam") { + name = "sched_getparam" + pid = $pid + p_uaddr = $param + } probe kernel.syscall.sched_getparam.return = - kernel.function("sys_sched_getparam").return { - name = "sched_getparam.return" - pid = $pid - /* - p_sched_priority = param->sched_parameter - */ - } + kernel.function("sys_sched_getparam").return { + name = "sched_getparam.return" + } # sched_setaffinity________________________________ -/* long sched_setaffinity(pid_t pid, cpumask_t new_mask) */ +/* + * asmlinkage long + * sys_sched_setaffinity(pid_t pid, + * unsigned int len, + * unsigned long __user *user_mask_ptr) + */ probe kernel.syscall.sched_setaffinity = - kernel.function("sys_sched_setaffinity") { - name = "sched_setaffinity" - pid = $pid - mask = $new_mask - } - + kernel.function("sys_sched_setaffinity") { + name = "sched_setaffinity" + pid = $pid + len = $len + mask_uaddr = $user_mask_ptr + } probe kernel.syscall.sched_setaffinity.return = - kernel.function("sys_sched_setaffinity").return { - name = "sched_setaffinity.return" - pid = $pid - mask = $new_mask - } + kernel.function("sys_sched_setaffinity").return { + name = "sched_setaffinity.return" + } # sched_getaffinity________________________________ -/* asmlinkage long - sys_sched_getaffinity(pid_t pid, unsigned int len, - unsigned long __user *user_mask_ptr) */ +/* + * asmlinkage long + * sys_sched_getaffinity(pid_t pid, + * unsigned int len, + * unsigned long __user *user_mask_ptr) + */ probe kernel.syscall.sched_getaffinity = - kernel.function("sys_sched_getaffinity") { - name = "sched_getaffinity" - pid = $pid - len = $len - } - + kernel.function("sys_sched_getaffinity") { + name = "sched_getaffinity" + pid = $pid + len = $len + mask_uaddr = $user_mask_ptr + } probe kernel.syscall.sched_getaffinity.return = - kernel.function("sys_sched_getaffinity").return { - name = "sched_getaffinity.return" - pid = $pid - len = $len - /* - mask = $user_mask_ptr - */ - } + kernel.function("sys_sched_getaffinity").return { + name = "sched_getaffinity.return" + } # sched_yield______________________________________ -/* asmlinkage long sys_sched_yield(void) */ +/* + * asmlinkage long + * sys_sched_yield(void) + */ probe kernel.syscall.sched_yield = - kernel.function("sys_sched_yield") { - name = "sched_yield" - } - + kernel.function("sys_sched_yield") { + name = "sched_yield" + } probe kernel.syscall.sched_yield.return = - kernel.function("sys_sched_yield").return { - name = "sched_yield.return" - } + kernel.function("sys_sched_yield").return { + name = "sched_yield.return" + } # sched_get_priority_max___________________________ -/* asmlinkage long sys_sched_get_priority_max(int policy) */ +/* + * asmlinkage long + * sys_sched_get_priority_max(int policy) + */ probe kernel.syscall.sched_get_priority_max = - kernel.function("sys_sched_get_priority_max") { - name = "sched_get_priority_max" - policy = $policy - } - + kernel.function("sys_sched_get_priority_max") { + name = "sched_get_priority_max" + policy = $policy + } probe kernel.syscall.sched_get_priority_max.return = - kernel.function("sys_sched_get_priority_max").return { - name = "sched_get_priority_max.return" - policy = $policy - } + kernel.function("sys_sched_get_priority_max").return { + name = "sched_get_priority_max.return" + } # sched_get_priority_min___________________________ -/* asmlinkage long sys_sched_get_priority_min(int policy) */ +/* + * asmlinkage long + * sys_sched_get_priority_min(int policy) + */ probe kernel.syscall.sched_get_priority_min = - kernel.function("sys_sched_get_priority_min") { - name = "sched_get_priority_min" - policy = $policy - } - + kernel.function("sys_sched_get_priority_min") { + name = "sched_get_priority_min" + policy = $policy + } probe kernel.syscall.sched_get_priority_min.return = - kernel.function("sys_sched_get_priority_min").return { - name = "sched_get_priority_min.return" - policy = $policy - } + kernel.function("sys_sched_get_priority_min").return { + name = "sched_get_priority_min.return" + } # sched_rr_get_interval____________________________ -/* asmlinkage long - sys_sched_rr_get_interval(pid_t pid, - struct timespec __user *interval) */ -probe kernel.syscall.sched_rr_get_interval = - kernel.function("sys_sched_rr_get_interval") { - name = "sched_rr_get_interval" - pid = $pid - } - +/* + * asmlinkage long + * sys_sched_rr_get_interval(pid_t pid, + * struct timespec __user *interval) + */ +probe kernel.syscall.sched_rr_get_interval = + kernel.function("sys_sched_rr_get_interval") { + name = "sched_rr_get_interval" + pid = $pid + tp_uaddr = $interval + } probe kernel.syscall.sched_rr_get_interval.return = - kernel.function("sys_sched_rr_get_interval").return { - name = "sched_rr_get_interval.return" - pid = $pid - /* - tp_tv_sec = $tp->tv_sec - tp_tv_usec = $tp->tv_usec - */ - } + kernel.function("sys_sched_rr_get_interval").return { + name = "sched_rr_get_interval.return" + } # setpriority______________________________________ -/* asmlinkage long - sys_setpriority(int which, int who, int niceval) */ +/* + * asmlinkage long + * sys_setpriority(int which, + * int who, + * int niceval) + */ probe kernel.syscall.setpriority = - kernel.function("sys_setpriority") { - name = "setpriority" - which = $which - which_str = - _priority_which_str($which) - who = $who - prio = $niceval - } - + kernel.function("sys_setpriority") { + name = "setpriority" + which = $which + which_str = + _priority_which_str($which) + who = $who + prio = $niceval + } probe kernel.syscall.setpriority.return = - kernel.function("sys_setpriority").return { - name = "setpriority.return" - which = $which - which_str = - _priority_which_str($which) - who = $who - prio = $niceval - } + kernel.function("sys_setpriority").return { + name = "setpriority.return" + } # getpriority______________________________________ -/* asmlinkage long sys_getpriority(int which, int who) */ +/* + * asmlinkage long + * sys_getpriority(int which, + * int who) + */ probe kernel.syscall.getpriority = - kernel.function("sys_getpriority") { - name = "getpriority" - which = $which - which_str = - _priority_which_str($which) - who = $who - } - + kernel.function("sys_getpriority") { + name = "getpriority" + which = $which + which_str = + _priority_which_str($which) + who = $who + } probe kernel.syscall.getpriority.return = - kernel.function("sys_getpriority").return { - name = "getpriority.return" - which = $which - which_str = - _priority_which_str($which) - who = $who - } + kernel.function("sys_getpriority").return { + name = "getpriority.return" + } # shutdown_________________________________________ -/* asmlinkage long sys_shutdown(int fd, int how) */ +/* + * asmlinkage long + * sys_shutdown(int fd, + * int how) + */ probe kernel.syscall.shutdown = - kernel.function("sys_shutdown") { - name = "shutdown" - s = $fd - how = $how - how_str = _shutdown_how_str($how) - } - + kernel.function("sys_shutdown") { + name = "shutdown" + s = $fd + how = $how + how_str = _shutdown_how_str($how) + } probe kernel.syscall.shutdown.return = - kernel.function("sys_shutdown").return { - name = "shutdown.return" - s = $fd - how = $how - how_str = _shutdown_how_str($how) - } + kernel.function("sys_shutdown").return { + name = "shutdown.return" + } # reboot___________________________________________ -/* asmlinkage long - sys_reboot(int magic1, int magic2, - unsigned int cmd, void __user * arg) */ +/* + * asmlinkage long + * sys_reboot(int magic1, + * int magic2, + * unsigned int cmd, + * void __user * arg) + */ probe kernel.syscall.reboot = - kernel.function("sys_reboot") { - name = "reboot" - magic = $magic1 - magic_str = - _reboot_magic_str($magic1) - magic2 = $magic2 - magic2_str = - _reboot_magic_str($magic2) - flag = $cmd - flag_str = - _reboot_flag_str(flag) - /* - void __user * arg - */ - } - + kernel.function("sys_reboot") { + name = "reboot" + magic = $magic1 + magic_str = + _reboot_magic_str($magic1) + magic2 = $magic2 + magic2_str = + _reboot_magic_str($magic2) + flag = $cmd + flag_str = + _reboot_flag_str(flag) + /* + void __user * arg + */ + } probe kernel.syscall.reboot.return = - kernel.function("sys_reboot").return { - name = "reboot.return" - magic = $magic1 - magic_str = - _reboot_magic_str($magic1) - magic2 = $magic2 - magic2_str = - _reboot_magic_str($magic2) - flag = $cmd - flag_str = - _reboot_flag_str(flag) - /* - void __user * arg - */ - } + kernel.function("sys_reboot").return { + name = "reboot.return" + } # restart_syscall__________________________________ -/* asmlinkage long sys_restart_syscall(void) */ +/* + * asmlinkage long + * sys_restart_syscall(void) + */ probe kernel.syscall.restart_syscall = - kernel.function("sys_restart_syscall") { - name = "restart_syscall" - } - + kernel.function("sys_restart_syscall") { + name = "restart_syscall" + } probe kernel.syscall.restart_syscall.return = - kernel.function("sys_restart_syscall").return { - name = "restart_syscall.return" - } + kernel.function("sys_restart_syscall").return { + name = "restart_syscall.return" + } # exit_____________________________________________ -/* asmlinkage long sys_exit(int error_code) */ +/* + * asmlinkage long + * sys_exit(int error_code) + */ probe kernel.syscall.exit = - kernel.function("do_exit") { - name = "exit" - %( kernel_v > "2.6.9" %? status = $error_code %) - } - + kernel.function("do_exit") { + name = "exit" + status = $code + } probe kernel.syscall.exit.return = - kernel.function("do_exit").return { - name = "exit.return" - status = $error_code - } + kernel.function("do_exit").return { + name = "exit.return" + } # exit_group_______________________________________ -/* smlinkage void sys_exit_group(int error_code) */ +/* + * asmlinkage void + * sys_exit_group(int error_code) + */ probe kernel.syscall.exit_group = - kernel.function("do_group_exit") { - name = "exit_group" - %( kernel_v > "2.6.9" %? status = $error_code %) - } - + kernel.function("sys_exit_group") { + name = "exit_group" + status = $error_code + } probe kernel.syscall.exit_group.return = - kernel.function("do_group_exit").return { - name = "exit_group.return" - %( kernel_v > "2.6.9" %? status = $error_code %) - } + kernel.function("do_group_exit").return { + name = "exit_group.return" + } # wait4____________________________________________ -/* asmlinkage long - sys_wait4(pid_t pid, int __user *stat_addr, - int options, struct rusage __user *ru) */ +/* + * asmlinkage long + * sys_wait4(pid_t pid, + * int __user *stat_addr, + * int options, + * struct rusage __user *ru) + */ probe kernel.syscall.wait4 = - kernel.function("sys_wait4") { - name = "wait4" - pid = $pid - /* - status = $stat_addr - */ - options = $options - options_str = - _wait4_opt_str($options) - } - + kernel.function("sys_wait4") { + name = "wait4" + pid = $pid + status_uaddr = $stat_addr + options = $options + options_str = + _wait4_opt_str($options) + rusage_uaddr = $ru + } probe kernel.syscall.wait4.return = - kernel.function("sys_wait4").return { - name = "wait4.return" - pid = $pid - /* - status = $stat_addr - */ - options = $options - options_str = - _wait4_opt_str($options) - } + kernel.function("sys_wait4").return { + name = "wait4.return" + } # waitid___________________________________________ -/* asmlinkage long - sys_waitid(int which, pid_t pid, - struct siginfo __user *infop, int options, - struct rusage __user *ru) */ +/* + * asmlinkage long + * sys_waitid(int which, + * pid_t pid, + * struct siginfo __user *infop, + * int options, + * struct rusage __user *ru) + */ probe kernel.syscall.waitid = - kernel.function("sys_waitid") { - name = "waitid" - which = $which - which_str = - _waitid_which_str($which) - pid = $pid - options = $options - options_str = - _wait4_opt_str($options) - } - + kernel.function("sys_waitid") { + name = "waitid" + which = $which + which_str = + _waitid_which_str($which) + pid = $pid + infop_uaddr = $infop + options = $options + options_str = + _wait4_opt_str($options) + } probe kernel.syscall.waitid.return = - kernel.function("sys_waitid").return { - name = "waitid.return" - which = $which - which_str = - _waitid_which_str($which) - pid = $pid - options = $options - options_str = - _wait4_opt_str($options) - /* -typedef struct siginfo { - int si_signo; - int si_errno; - int si_code; - - union { - int _pad[SI_PAD_SIZE]; - - // kill() - struct { - pid_t _pid; // sender's pid - __ARCH_SI_UID_T _uid; // sender's uid - } _kill; - - // POSIX.1b timers - struct { - timer_t _tid; // timer id - int _overrun; // overrun count - char _pad[sizeof( __ARCH_SI_UID_T) - sizeof(int)]; - sigval_t _sigval; // same as below - int _sys_private; // not to be passed to user - } _timer; - - // POSIX.1b signals - struct { - pid_t _pid; // sender's pid - __ARCH_SI_UID_T _uid; // sender's uid - sigval_t _sigval; - } _rt; - - // SIGCHLD - struct { - pid_t _pid; // which child - __ARCH_SI_UID_T _uid; // sender's uid - int _status; // exit code - clock_t _utime; - clock_t _stime; - } _sigchld; - - // SIGILL, SIGFPE, SIGSEGV, SIGBUS - struct { - void __user *_addr; // faulting insn/memory ref. -#ifdef __ARCH_SI_TRAPNO - int _trapno; // TRAP # which caused the signal -#endif - } _sigfault; - - // SIGPOLL - struct { - __ARCH_SI_BAND_T _band; // POLL_IN, POLL_OUT, POLL_MSG - int _fd; - } _sigpoll; - } _sifields; -} siginfo_t; - - */ - } + kernel.function("sys_waitid").return { + name = "waitid.return" + } # waitpid__________________________________________ -/* asmlinkage long - sys_wait4(pid_t pid, int __user *stat_addr, - int options, struct rusage __user *ru) */ +/* + * asmlinkage long + * sys_wait4(pid_t pid, + * int __user *stat_addr, + * int options, + * struct rusage __user *ru) + */ probe kernel.syscall.waitpid = - kernel.function("sys_wait4") { - name = "waitpid" - pid = $pid - /* - status = $stat_addr - */ - options = $options - options_str = - _wait4_opt_str($options) - } - + kernel.function("sys_wait4") { + name = "waitpid" + pid = $pid + status_uaddr = $stat_addr + options = $options + options_str = + _wait4_opt_str($options) + rusage_uaddr = $ru + } probe kernel.syscall.waitpid.return = - kernel.function("sys_wait4").return { - name = "waitpid.return" - pid = $pid - /* - status = $stat_addr - */ - options = $options - options_str = - _wait4_opt_str($options) - } + kernel.function("sys_wait4").return { + name = "waitpid.return" + } # set_tid_address__________________________________ -/* asmlinkage long sys_set_tid_address(int __user *tidptr) */ +/* + * asmlinkage long + * sys_set_tid_address(int __user *tidptr) + */ probe kernel.syscall.set_tid_address = - kernel.function("sys_set_tid_address") { - name = "set_tid_address" - /* - tidptr = $tidptr - */ - } - + kernel.function("sys_set_tid_address") { + name = "set_tid_address" + tidptr_uaddr = $tidptr + } probe kernel.syscall.set_tid_address.return = - kernel.function("sys_set_tid_address").return { - name = "set_tid_address.return" - /* - tidptr = $tidptr - */ - - } + kernel.function("sys_set_tid_address").return { + name = "set_tid_address.return" + } # futex____________________________________________ -/* asmlinkage long sys_futex(u32 __user *uaddr, - int op, int val, - struct timespec __user *utime, - u32 __user *uaddr2, - int val3) */ +/* + * asmlinkage long + * sys_futex(u32 __user *uaddr, + * int op, + * int val, + * struct timespec __user *utime, + * u32 __user *uaddr2, + * int val3) + */ probe kernel.syscall.futex = - kernel.function("sys_futex") { - name = "futex" - /* - uaddr = $uaddr - */ - op = $op - op_str = _futex_op_str($op) - val = $val - /* - utime_tv_sec = $utime->tv_sec - utime_tv_usec = $utime->tv_usec - uaddr2 = $uaddr2 - val3 = $val3 - */ - } - + kernel.function("sys_futex") { + name = "futex" + futex_uaddr = $uaddr + op = $op + op_str = _futex_op_str($op) + val = $val + timeout_uaddr = $utime + uaddr2_uaddr = $uaddr2 + val3 = $val3 + } probe kernel.syscall.futex.return = - kernel.function("sys_futex").return { - name = "futex.return" - /* - uaddr = $uaddr - */ - op = $op - op_str = _futex_op_str($op) - val = $val - /* - utime_tv_sec = $utime->tv_sec - utime_tv_usec = $utime->tv_usec - uaddr2 = $uaddr2 - val3 = $val3 - */ - } + kernel.function("sys_futex").return { + name = "futex.return" + } # init_module______________________________________ -/*sys_init_module(void __user *umod, - unsigned long len, - const char __user *uargs) */ +/* + * sys_init_module(void __user *umod, + * unsigned long len, + * const char __user *uargs) + */ probe kernel.syscall.init_module = - kernel.function("sys_init_module") { - name = "init_module" - /* - void __user *umod - */ - len = $len - /* - uargs = $uargs - */ - } - + kernel.function("sys_init_module") { + name = "init_module" + /* + umod_uaddr = $umod + */ + len = $len + uargs_uaddr = $uargs + } probe kernel.syscall.init_module.return = - kernel.function("sys_init_module").return { - name = "init_module.return" - /* - void __user *umod - */ - len = $len - /* - uargs = $uargs - */ - } + kernel.function("sys_init_module").return { + name = "init_module.return" + } # delete_module____________________________________ -/* asmlinkage long - sys_delete_module(const char __user *name_user, - unsigned int flags) */ +/* + * asmlinkage long + * sys_delete_module(const char __user *name_user, + * unsigned int flags) + */ probe kernel.syscall.delete_module = - kernel.function("sys_delete_module") { - /* - name = "delete_module" - name_user = $name_user - */ - flags = $flags - flags_str = _module_flags_str($flags) - } - + kernel.function("sys_delete_module") { + name = "delete_module" + name_user_uaddr = $name_user + flags = $flags + flags_str = _module_flags_str($flags) + } probe kernel.syscall.delete_module.return = - kernel.function("sys_delete_module").return { - name = "delete_module.return" - /* - name = "delete_module" - name_user = $name_user - */ - flags = $flags - flags_str = _module_flags_str($flags) - } + kernel.function("sys_delete_module").return { + name = "delete_module.return" + } # rt_sigprocmask___________________________________ -/* asmlinkage long sys_rt_sigprocmask(int how, - sigset_t __user *set, - sigset_t __user *oset, - size_t sigsetsize) */ +/* + * asmlinkage long + * sys_rt_sigprocmask(int how, + * sigset_t __user *set, + * sigset_t __user *oset, + * size_t sigsetsize) + */ probe kernel.syscall.rt_sigprocmask = - kernel.function("sys_rt_sigprocmask") { - name = "rt_sigprocmask" - how = $how - how_str = _sigprocmask_how_str($how) - /* - set = $set - oset = $oset - */ - sigsetsize = $sigsetsize - } - + kernel.function("sys_rt_sigprocmask") { + name = "rt_sigprocmask" + how = $how + how_str = _sigprocmask_how_str($how) + set_uaddr = $set + oset_uaddr = $oset + sigsetsize = $sigsetsize + } probe kernel.syscall.rt_sigprocmask.return = - kernel.function("sys_rt_sigprocmask").return { - name = "rt_sigprocmask.return" - how = $how - how_str = _sigprocmask_how_str($how) - /* - set = $set - oset = $oset - */ - sigsetsize = $sigsetsize - } + kernel.function("sys_rt_sigprocmask").return { + name = "rt_sigprocmask.return" + } # rt_sigpending____________________________________ -/* asmlinkage long - sys_rt_sigpending(sigset_t __user *set, size_t sigsetsize) */ +/* + * asmlinkage long + * sys_rt_sigpending(sigset_t __user *set, + * size_t sigsetsize) + */ probe kernel.syscall.rt_sigpending = - kernel.function("do_sigpending") { - name = "rt_sigpending" - sigsetsize = $sigsetsize - } - + kernel.function("do_sigpending") { + name = "rt_sigpending" + //set_uaddr = $set + sigsetsize = $sigsetsize + } probe kernel.syscall.rt_sigpending.return = - kernel.function("do_sigpending").return { - name = "rt_sigpending.return" - /* - set = $set - */ - } + kernel.function("do_sigpending").return { + name = "rt_sigpending.return" + } # rt_sigtimedwait__________________________________ -/* asmlinkage long - sys_rt_sigtimedwait(const sigset_t __user *uthese, - siginfo_t __user *uinfo, - const struct timespec __user *uts, - size_t sigsetsize) */ +/* + * asmlinkage long + * sys_rt_sigtimedwait(const sigset_t __user *uthese, + * siginfo_t __user *uinfo, + * const struct timespec __user *uts, + * size_t sigsetsize) + */ probe kernel.syscall.rt_sigtimedwait = - kernel.function("sys_rt_sigtimedwait") { - name = "rt_sigtimedwait" - /* - set = $uthese - uts_tv_sec = $uts->tv_sec - uts_tv_usec = $uts->tv_usec - */ - sigsetsize = $sigsetsize - } - + kernel.function("sys_rt_sigtimedwait") { + name = "rt_sigtimedwait" + uthese_uaddr = $uthese + uinfo_uaddr = $uinfo + uts_uaddr = $uts + sigsetsize = $sigsetsize + } probe kernel.syscall.rt_sigtimedwait.return = - kernel.function("sys_rt_sigtimedwait").return { - name = "rt_sigtimedwait.return" - /* - set = $uthese - info = $uinfo - uts_tv_sec = $uts->tv_sec - uts_tv_usec = $uts->tv_usec - */ - sigsetsize = $sigsetsize - } + kernel.function("sys_rt_sigtimedwait").return { + name = "rt_sigtimedwait.return" + } # kill_____________________________________________ -/* asmlinkage long sys_kill(int pid, int sig) */ +/* + * asmlinkage long + * sys_kill(int pid, int sig) + */ probe kernel.syscall.kill = - kernel.function("sys_kill") { - name = "kill" - pid = $pid - sig = $sig - } - + kernel.function("sys_kill") { + name = "kill" + pid = $pid + sig = $sig + } probe kernel.syscall.kill.return = - kernel.function("sys_kill").return { - name = "kill.return" - pid = $pid - sig = $sig - } + kernel.function("sys_kill").return { + name = "kill.return" + } # tgkill___________________________________________ -/* asmlinkage long sys_tgkill(int tgid, int pid, int sig) */ +/* + * asmlinkage long + * sys_tgkill(int tgid, + * int pid, + * int sig) + */ probe kernel.syscall.tgkill = - kernel.function("sys_tgkill") { - name = "tgkill" - tgid = $tgid - pid = $pid - sig = $sig - } - + kernel.function("sys_tgkill") { + name = "tgkill" + tgid = $tgid + pid = $pid + sig = $sig + } probe kernel.syscall.tgkill.return = - kernel.function("sys_tgkill").return { - name = "tgkill.return" - tgid = $tgid - pid = $pid - sig = $sig - } + kernel.function("sys_tgkill").return { + name = "tgkill.return" + } # tkill____________________________________________ -/* asmlinkage long sys_tkill(int pid, int sig) */ +/* + * asmlinkage long + * sys_tkill(int pid, + * int sig) + */ probe kernel.syscall.tkill = - kernel.function("sys_tkill") { - name = "tkill" - pid = $pid - sig = $sig - } - + kernel.function("sys_tkill") { + name = "tkill" + pid = $pid + sig = $sig + } probe kernel.syscall.tkill.return = - kernel.function("sys_tkill").return { - name = "tkill.return" - pid = $pid - sig = $sig - } + kernel.function("sys_tkill").return { + name = "tkill.return" + } # rt_sigqueueinfo__________________________________ -/* smlinkage long - sys_rt_sigqueueinfo(int pid, int sig, - siginfo_t __user *uinfo) */ +/* + * asmlinkage long + * sys_rt_sigqueueinfo(int pid, + * int sig, + * siginfo_t __user *uinfo) + */ probe kernel.syscall.rt_sigqueueinfo = - kernel.function("sys_rt_sigqueueinfo") { - name = "rt_sigqueueinfo" - pid = $pid - sig = $sig - /* - uinfo = $uinfo - */ - } - + kernel.function("sys_rt_sigqueueinfo") { + name = "rt_sigqueueinfo" + pid = $pid + sig = $sig + uinfo_uaddr = $uinfo + } probe kernel.syscall.rt_sigqueueinfo.return = - kernel.function("sys_rt_sigqueueinfo").return { - name = "rt_sigqueueinfo.return" - pid = $pid - sig = $sig - /* - uinfo = $uinfo - */ - } + kernel.function("sys_rt_sigqueueinfo").return { + name = "rt_sigqueueinfo.return" + } # sgetmask_________________________________________ -/* sys_sgetmask(void) */ +/* + * sys_sgetmask(void) + */ probe kernel.syscall.sgetmask = - kernel.function("sys_sgetmask") { - name = "sgetmask" - } - + kernel.function("sys_sgetmask") { + name = "sgetmask" + } probe kernel.syscall.sgetmask.return = - kernel.function("sys_sgetmask").return { - name = "sgetmask.return" - } + kernel.function("sys_sgetmask").return { + name = "sgetmask.return" + } # ssetmask_________________________________________ -/* asmlinkage long sys_ssetmask(int newmask) */ +/* + * asmlinkage long + * sys_ssetmask(int newmask) + */ probe kernel.syscall.ssetmask = - kernel.function("sys_ssetmask") { - name = "ssetmask" - newmask = $newmask - } - + kernel.function("sys_ssetmask") { + name = "ssetmask" + newmask = $newmask + } probe kernel.syscall.ssetmask.return = - kernel.function("sys_ssetmask").return { - name = "ssetmask.return" - newmask = $newmask - } + kernel.function("sys_ssetmask").return { + name = "ssetmask.return" + } # signal___________________________________________ -/* asmlinkage unsigned long - sys_signal(int sig, __sighandler_t handler) -*/ +/* + * asmlinkage unsigned long + * sys_signal(int sig, + * __sighandler_t handler) + */ probe kernel.syscall.signal = - kernel.function("sys_signal") { - name = "signal" - sig = $sig - /* - I do not think that there is any - reason to export this... - handler = $handler - */ - } - + kernel.function("sys_signal") { + name = "signal" + sig = $sig + /* + handler = $handler + */ + } probe kernel.syscall.signal.return = - kernel.function("sys_signal").return { - name = "signal.return" - sig = $sig - /* - I do not think that there is any - reason to export this... - handler = $handler - */ - } + kernel.function("sys_signal").return { + name = "signal.return" + } # pause____________________________________________ -/* sys_pause(void) */ +/* + * sys_pause(void) + */ probe kernel.syscall.pause = - kernel.function("sys_pause") { - name = "pause" - } - + kernel.function("sys_pause") { + name = "pause" + } probe kernel.syscall.pause.return = - kernel.function("sys_pause").return { - name = "pause.return" - } + kernel.function("sys_pause").return { + name = "pause.return" + } # sync_____________________________________________ -/* asmlinkage long sys_sync(void) */ +/* + * asmlinkage long + * sys_sync(void) + */ probe kernel.syscall.sync = - kernel.function("do_sync") { - name = "sync" - } - + kernel.function("do_sync") { + name = "sync" + } probe kernel.syscall.sync.return = - kernel.function("do_sync").return { - name = "sync.return" - } + kernel.function("do_sync").return { + name = "sync.return" + } # fsync____________________________________________ -/* asmlinkage long sys_fsync(unsigned int fd) */ +/* + * asmlinkage long + * sys_fsync(unsigned int fd) + */ probe kernel.syscall.fsync = - kernel.function("sys_fsync") { - name = "fsync" - fd = $fd - } - + kernel.function("sys_fsync") { + name = "fsync" + fd = $fd + } probe kernel.syscall.fsync.return = - kernel.function("sys_fsync").return { - name = "fsync.return" - fd = $fd - } + kernel.function("sys_fsync").return { + name = "fsync.return" + fd = $fd + } # fdatasync________________________________________ -/* asmlinkage long sys_fdatasync(unsigned int fd) */ +/* + * asmlinkage long + * sys_fdatasync(unsigned int fd) + */ probe kernel.syscall.fdatasync = - kernel.function("sys_fdatasync") { - name = "fdatasync" - fd = $fd - } - + kernel.function("sys_fdatasync") { + name = "fdatasync" + fd = $fd + } probe kernel.syscall.fdatasync.return = - kernel.function("sys_fdatasync").return { - name = "fdatasync.return" - fd = $fd - } + kernel.function("sys_fdatasync").return { + name = "fdatasync.return" + } # bdflush__________________________________________ -/* asmlinkage long sys_bdflush(int func, long data) */ +/* + * asmlinkage long + * sys_bdflush(int func, + * long data) + */ probe kernel.syscall.bdflush = - kernel.function("sys_bdflush") { - name = "bdflush" - func = $func - data = $data - } - + kernel.function("sys_bdflush") { + name = "bdflush" + func = $func + data = $data + } probe kernel.syscall.bdflush.return = - kernel.function("sys_bdflush").return { - name = "bdflush.return" - func = $func - data = $data - } + kernel.function("sys_bdflush").return { + name = "bdflush.return" + } # mount____________________________________________ -/* asmlinkage long sys_mount(char __user * dev_name, - char __user * dir_name, - char __user * type, - unsigned long flags, - void __user * data) */ +/* + * asmlinkage long + * sys_mount(char __user * dev_name, + * char __user * dir_name, + * char __user * type, + * unsigned long flags, + * void __user * data) + */ probe kernel.syscall.mount = - kernel.function("sys_mount") { - name = "mount" - /* - source = $dev_name - target = $dir_name - filesystemtype = $type - - void pointers are still being worked out - void __user * data - */ - mountflags = $flags - mountflags_str = - _mountflags_str($flags) - } - + kernel.function("sys_mount") { + name = "mount" + source_uaddr = $dev_name + target_uaddr = $dir_name + filesystemtype_uaddr = $type + mountflags = $flags + mountflags_str = + _mountflags_str($flags) + /* + data_uaddr = $data + */ + } probe kernel.syscall.mount.return = - kernel.function("sys_mount").return { - name = "mount.return" - /* - source = $dev_name - target = $dir_name - filesystemtype = $type - - void pointers are still being worked out - void __user * data - */ - mountflags = $flags - mountflags_str = - _mountflags_str($flags) - } + kernel.function("sys_mount").return { + name = "mount.return" + } # umount___________________________________________ -/* asmlinkage long sys_umount(char __user * name, int flags) */ +/* + * asmlinkage long + * sys_umount(char __user * name, + * int flags) + */ probe kernel.syscall.umount = - kernel.function("sys_umount") { - name = "umount" - /* - target = $name - */ - flags = $flags - flags_str = _mountflags_str($flags) - } - + kernel.function("sys_umount") { + name = "umount" + target_uaddr = $name + flags = $flags + flags_str = _mountflags_str($flags) + } probe kernel.syscall.umount.return = - kernel.function("sys_umount").return { - name = "umount.return" - /* - target = $name - */ - flags = $flags - flags_str = _mountflags_str($flags) - } + kernel.function("sys_umount").return { + name = "umount.return" + } # oldumount________________________________________ -/* smlinkage long sys_oldumount(char __user * name) */ +/* + * asmlinkage long + * sys_oldumount(char __user * name) + */ probe kernel.syscall.oldumount = - kernel.function("sys_umount") { - name = "oldumount" - /* - target = $name - */ - } - + kernel.function("sys_umount") { + name = "oldumount" + target_uaddr = $name + } probe kernel.syscall.oldumount.return = - kernel.function("sys_umount").return { - name = "oldumount.return" - /* - target = $name - */ - } + kernel.function("sys_umount").return { + name = "oldumount.return" + } # truncate_________________________________________ -/* asmlinkage long sys_truncate(const char __user * path, - unsigned long length) */ +/* + * asmlinkage long + * sys_truncate(const char __user * path, + * unsigned long length) + */ probe kernel.syscall.truncate = - kernel.function("do_sys_truncate") { - name = "truncate" - /* - path = $path - */ - length = $length - } - + kernel.function("sys_truncate") { + name = "truncate" + path_uaddr = $path + length = $length + } probe kernel.syscall.truncate.return = - kernel.function("do_sys_truncate").return { - name = "truncate.return" - /* - path = $path - */ - length = $length - } + kernel.function("sys_truncate").return { + name = "truncate.return" + } # ftruncate________________________________________ -/* static inline long do_sys_ftruncate(unsigned int fd, - loff_t length, - int small) */ +/* + * static inline long + * do_sys_ftruncate(unsigned int fd, + * loff_t length, + * int small) + */ probe kernel.syscall.ftruncate = - kernel.function("do_sys_ftrancate") { - name = "ftruncate" - fd = $fd - length = $length - small = $small - } - + kernel.function("sys_ftruncate") { + name = "ftruncate" + fd = $fd + length = $length + } probe kernel.syscall.ftruncate.return = - kernel.function("do_sys_ftrancate").return { - name = "ftruncate.return" - fd = $fd - length = $length - small = $small - } + kernel.function("sys_ftrancate").return { + name = "ftruncate.return" + } # stat_____________________________________________ -/* asmlinkage long sys_stat(char __user * filename, - struct __old_kernel_stat __user * statbuf) */ +/* + * asmlinkage long + * sys_stat(char __user * filename, + * struct __old_kernel_stat __user * statbuf) + */ probe kernel.syscall.stat = - kernel.function("sys_stat") { - name = "stat" - /* - filename = $filename - */ - } - + kernel.function("sys_stat") { + name = "stat" + filename_uaddr = $filename + buf_uaddr = $statbuf + } probe kernel.syscall.stat.return = - kernel.function("sys_stat").return { - name = "stat.return" - /* - filename = $filename - buf_st_dev = $statbuf->st_dev - buf_st_ino = $statbuf->st_ino - buf_st_mode = $statbuf->st_mode - buf_st_nlink = $statbuf->st_nlink - buf_st_uid = $statbuf->st_uid - buf_st_gid = $statbuf->st_gid - buf_st_rdev = $statbuf->st_rdev - buf_st_size = $statbuf->st_size - buf_st_atime = $statbuf->st_atime - buf_st_mtime = $statbuf->st_mtime - buf_st_ctime = $statbuf->st_ctime - */ - } + kernel.function("sys_stat").return { + name = "stat.return" + } # statfs___________________________________________ -/* asmlinkage long sys_statfs(const char __user * path, - struct statfs __user * buf) */ +/* + * asmlinkage long + * sys_statfs(const char __user * path, + * struct statfs __user * buf) + */ probe kernel.syscall.statfs = - kernel.function("sys_statfs") { - name = "statfs" - /* - path = $path - */ - } - + kernel.function("sys_statfs") { + name = "statfs" + path_uaddr = $path + buf_uaddr + } probe kernel.syscall.statfs.return = - kernel.function("sys_statfs").return { - name = "statfs.return" - /* - path = $path - buf_f_type = $buf->f_type - buf_f_bsize = $buf->f_bsize - buf_f_blocks = $buf->f_blocks - buf_f_bfree = $buf->f_bfree - buf_f_bavail = $buf->f_bavail - buf_f_files = $buf->f_files - buf_f_ffree = $buf->f_ffree - buf_f_fsid = $buf->f_fsid - buf_f_namelen = $buf->f_namelen - buf_f_frsize = $buf->f_frsize - buf_f_spare == __u32 f_spare[5]; - buf_f_type_str = - _statfs_f_type_str($buf->f_type) - */ - } + kernel.function("sys_statfs").return { + name = "statfs.return" + } # statfs64_________________________________________ -/* asmlinkage long sys_statfs64(const char __user *path, - size_t sz, - struct statfs64 __user *buf) */ +/* + * asmlinkage long + * sys_statfs64(const char __user *path, + * size_t sz, + * struct statfs64 __user *buf) + */ probe kernel.syscall.statfs64 = - kernel.function("sys_statfs64") { - name = "statfs64" - /* - path = $path - */ - sz = $sz - } - + kernel.function("sys_statfs64") { + name = "statfs64" + path_uaddr = $path + sz = $sz + buf_uaddr = $buf + } probe kernel.syscall.statfs64.return = - kernel.function("sys_statfs64").return { - name = "statfs64.return" - /* - path = $path - */ - sz = $sz - /* - buf_f_type = $buf->f_type - buf_f_bsize = $buf->f_bsize - buf_f_blocks = $buf->f_blocks - buf_f_bfree = $buf->f_bfree - buf_f_bavail = $buf->f_bavail - buf_f_files = $buf->f_files - buf_f_ffree = $buf->f_ffree - buf_f_fsid = $buf->f_fsid - buf_f_namelen = $buf->f_namelen - buf_f_frsize = $buf->f_frsize - buf_f_spare == __u32 f_spare[5]; - buf_f_type_str = - _statfs_f_type_str($buf->f_type) - */ - } + kernel.function("sys_statfs64").return { + name = "statfs64.return" + } # fstatfs__________________________________________ -/* asmlinkage long sys_fstatfs(unsigned int fd, - struct statfs __user * buf) */ +/* + * asmlinkage long + * sys_fstatfs(unsigned int fd, + * struct statfs __user * buf) + */ probe kernel.syscall.fstatfs = - kernel.function("sys_fstatfs") { - name = "fstatfs" - fd = $fd - } - + kernel.function("sys_fstatfs") { + name = "fstatfs" + fd = $fd + buf_uaddr = $buf + } probe kernel.syscall.fstatfs.return = - kernel.function("sys_fstatfs").return { - name = "fstatfs.return" - fd = $fd - /* - path = $path - buf_f_type = $buf->f_type - buf_f_bsize = $buf->f_bsize - buf_f_blocks = $buf->f_blocks - buf_f_bfree = $buf->f_bfree - buf_f_bavail = $buf->f_bavail - buf_f_files = $buf->f_files - buf_f_ffree = $buf->f_ffree - buf_f_fsid = $buf->f_fsid - buf_f_namelen = $buf->f_namelen - buf_f_frsize = $buf->f_frsize - buf_f_spare == __u32 f_spare[5]; - buf_f_type_str = - _statfs_f_type_str($buf->f_type) - */ - } + kernel.function("sys_fstatfs").return { + name = "fstatfs.return" + } # fstatfs64________________________________________ -/* asmlinkage long sys_fstatfs64(unsigned int fd, - size_t sz, - struct statfs64 __user *buf) */ +/* + * asmlinkage long + * sys_fstatfs64(unsigned int fd, + * size_t sz, + * struct statfs64 __user *buf) + */ probe kernel.syscall.fstatfs64 = - kernel.function("sys_fstatfs64") { - name = "fstatfs64" - fd = $fd - sz = $sz - } - + kernel.function("sys_fstatfs64") { + name = "fstatfs64" + fd = $fd + sz = $sz + buf_uaddr = $buf + } probe kernel.syscall.fstatfs64.return = - kernel.function("sys_fstatfs64").return { - name = "fstatfs64.return" - fd = $fd - sz = $sz - /* - path = $path - buf_f_type = $buf->f_type - buf_f_bsize = $buf->f_bsize - buf_f_blocks = $buf->f_blocks - buf_f_bfree = $buf->f_bfree - buf_f_bavail = $buf->f_bavail - buf_f_files = $buf->f_files - buf_f_ffree = $buf->f_ffree - buf_f_fsid = $buf->f_fsid - buf_f_namelen = $buf->f_namelen - buf_f_frsize = $buf->f_frsize - buf_f_spare == __u32 f_spare[5]; - buf_f_type_str = - _statfs_f_type_str($buf->f_type) - */ - } + kernel.function("sys_fstatfs64").return { + name = "fstatfs64.return" + } # lstat____________________________________________ -/* asmlinkage long sys_lstat(char __user * filename, - struct __old_kernel_stat __user * statbuf) */ +/* + * asmlinkage long + * sys_lstat(char __user * filename, + * struct __old_kernel_stat __user * statbuf) + */ probe kernel.syscall.lstat = - kernel.function("sys_lstat") { - name = "lstat" - /* - file_name = $file_name - */ - } - + kernel.function("sys_lstat") { + name = "lstat" + filename_uaddr = $filename + buf_uaddr = $statbuf + } probe kernel.syscall.lstat.return = - kernel.function("sys_lstat").return { - name = "lstat.return" - /* - file_name = $filename - buf_f_type = $statbuf->f_type - buf_f_bsize = $statbuf->f_bsize - buf_f_blocks = $statbuf->f_blocks - buf_f_bfree = $statbuf->f_bfree - buf_f_bavail = $statbuf->f_bavail - buf_f_files = $statbuf->f_files - buf_f_ffree = $statbuf->f_ffree - buf_f_fsid = $statbuf->f_fsid - buf_f_namelen = $statbuf->f_namelen - buf_f_frsize = $statbuf->f_frsize - buf_f_spare == __u32 f_spare[5]; - buf_f_type_str = - _statfs_f_type_str($statbuf->f_type) - */ - } + kernel.function("sys_lstat").return { + name = "lstat.return" + } # fstat____________________________________________ -/* asmlinkage long sys_fstat(unsigned int fd, - struct __old_kernel_stat __user * statbuf) */ +/* + * asmlinkage long + * sys_fstat(unsigned int fd, + * struct __old_kernel_stat __user * statbuf) + */ probe kernel.syscall.fstat = - kernel.function("sys_fstat") { - name = "fstat" - fd = $fd - } - + kernel.function("sys_fstat") { + name = "fstat" + fd = $fd + buf_uaddr = $statbuf +} probe kernel.syscall.fstat.return = - kernel.function("sys_fstat").return { - name = "fstat.return" - fd = $fd - /* - buf_f_type = $statbuf->f_type - buf_f_bsize = $statbuf->f_bsize - buf_f_blocks = $statbuf->f_blocks - buf_f_bfree = $statbuf->f_bfree - buf_f_bavail = $statbuf->f_bavail - buf_f_files = $statbuf->f_files - buf_f_ffree = $statbuf->f_ffree - buf_f_fsid = $statbuf->f_fsid - buf_f_namelen = $statbuf->f_namelen - buf_f_frsize = $statbuf->f_frsize - buf_f_spare == __u32 f_spare[5]; - buf_f_type_str = - _statfs_f_type_str($statbuf->f_type) - */ - } + kernel.function("sys_fstat").return { + name = "fstat.return" + } # newstat__________________________________________ -/* asmlinkage long sys_newstat(char __user * filename, - struct stat __user * statbuf) */ +/* + * asmlinkage long + * sys_newstat(char __user * filename, + * struct stat __user * statbuf) + */ +/* probe kernel.syscall.newstat = - kernel.function("sys_newstat") { - name = "newstat" - /* - filename = $filename - */ - } - + kernel.function("sys_newstat") { + name = "newstat" + filename_uaddr = $filename + buf_uaddr = $statbuf + } probe kernel.syscall.newstat.return = - kernel.function("sys_newstat").return { - name = "newstat.return" - /* - filename = $filename - buf_f_type = $statbuf->f_type - buf_f_bsize = $statbuf->f_bsize - buf_f_blocks = $statbuf->f_blocks - buf_f_bfree = $statbuf->f_bfree - buf_f_bavail = $statbuf->f_bavail - buf_f_files = $statbuf->f_files - buf_f_ffree = $statbuf->f_ffree - buf_f_fsid = $statbuf->f_fsid - buf_f_namelen = $statbuf->f_namelen - buf_f_frsize = $statbuf->f_frsize - buf_f_spare == __u32 f_spare[5]; - buf_f_type_str = - _statfs_f_type_str($statbuf->f_type) - */ - } + kernel.function("sys_newstat").return { + name = "newstat.return" + } +*/ # newlstat_________________________________________ -/* asmlinkage long sys_newlstat(char __user * filename, - struct stat __user * statbuf) */ +/* + * asmlinkage long + * sys_newlstat(char __user * filename, + * struct stat __user * statbuf) + */ +/* probe kernel.syscall.newlstat = - kernel.function("sys_newlstat") { - name = "newlstat" - /* - filename = $filename - */ - } - + kernel.function("sys_newlstat") { + name = "newlstat" + filename_uaddr = $filename + buf_uaddr = $statbuf + } probe kernel.syscall.newlstat.return = - kernel.function("sys_newlstat").return { - name = "newlstat.return" - /* - filename = $filename - buf_f_type = $statbuf->f_type - buf_f_bsize = $statbuf->f_bsize - buf_f_blocks = $statbuf->f_blocks - buf_f_bfree = $statbuf->f_bfree - buf_f_bavail = $statbuf->f_bavail - buf_f_files = $statbuf->f_files - buf_f_ffree = $statbuf->f_ffree - buf_f_fsid = $statbuf->f_fsid - buf_f_namelen = $statbuf->f_namelen - buf_f_frsize = $statbuf->f_frsize - buf_f_spare == __u32 f_spare[5]; - buf_f_type_str = - _statfs_f_type_str($statbuf->f_type) - */ - } + kernel.function("sys_newlstat").return { + name = "newlstat.return" + } +*/ # newfstat_________________________________________ -/* asmlinkage long sys_newfstat(unsigned int fd, - struct stat __user * statbuf) */ +/* + * asmlinkage long + * sys_newfstat(unsigned int fd, + * struct stat __user * statbuf) + */ +/* probe kernel.syscall.newfstat = - kernel.function("sys_newfstat") { - name = "newfstat" - fd = $fd - } - + kernel.function("sys_newfstat") { + name = "newfstat" + fd = $fd + buf_uaddr = $statbuf + } probe kernel.syscall.newfstat.return = - kernel.function("sys_newfstat").return { - name = "newfstat.return" - fd = $fd - /* - buf_f_type = $statbuf->f_type - buf_f_bsize = $statbuf->f_bsize - buf_f_blocks = $statbuf->f_blocks - buf_f_bfree = $statbuf->f_bfree - buf_f_bavail = $statbuf->f_bavail - buf_f_files = $statbuf->f_files - buf_f_ffree = $statbuf->f_ffree - buf_f_fsid = $statbuf->f_fsid - buf_f_namelen = $statbuf->f_namelen - buf_f_frsize = $statbuf->f_frsize - buf_f_spare == __u32 f_spare[5]; - buf_f_type_str = - _statfs_f_type_str($statbuf->f_type) - */ - } + kernel.function("sys_newfstat").return { + name = "newfstat.return" + } +*/ # ustat____________________________________________ -/* asmlinkage long sys_ustat(unsigned dev, struct ustat __user * ubuf) */ +/* + * asmlinkage long + * sys_ustat(unsigned dev, + * struct ustat __user * ubuf) + */ probe kernel.syscall.ustat = - kernel.function("sys_ustat") { - name = "ustat" - dev = $dev - } - + kernel.function("sys_ustat") { + name = "ustat" + dev = $dev + ubuf_uaddr = $ubuf + } probe kernel.syscall.ustat.return = - kernel.function("sys_ustat").return { - name = "ustat.return" - dev = $dev - /* - ubuf_f_tfree = $ubuf->f_tfree - ubuf_f_tinode = $ubuf->f_tinode - */ - } + kernel.function("sys_ustat").return { + name = "ustat.return" + } # stat64___________________________________________ -/* asmlinkage long sys_stat64(char __user * filename, - struct stat64 __user * statbuf) */ +/* + * asmlinkage long + * sys_stat64(char __user * filename, + * struct stat64 __user * statbuf) + */ probe kernel.syscall.stat64 = - kernel.function("sys_stat64") { - name = "stat64" - /* - filename = $filename - */ - } - + kernel.function("sys_stat64") { + name = "stat64" + filename_uaddr = $filename + buf_uaddr = $statbuf + } probe kernel.syscall.stat64.return = - kernel.function("sys_stat64").return { - name = "stat64.return" - /* - filename = $filename - buf_f_type = $statbuf->f_type - buf_f_bsize = $statbuf->f_bsize - buf_f_blocks = $statbuf->f_blocks - buf_f_bfree = $statbuf->f_bfree - buf_f_bavail = $statbuf->f_bavail - buf_f_files = $statbuf->f_files - buf_f_ffree = $statbuf->f_ffree - buf_f_fsid = $statbuf->f_fsid - buf_f_namelen = $statbuf->f_namelen - buf_f_frsize = $statbuf->f_frsize - buf_f_spare == __u32 f_spare[5]; - buf_f_type_str = - _statfs_f_type_str($statbuf->f_type) - */ - } + kernel.function("sys_stat64").return { + name = "stat64.return" + } # fstat64__________________________________________ -/* asmlinkage long sys_fstat64(unsigned long fd, - struct stat64 __user * statbuf) */ +/* + * asmlinkage long + * sys_fstat64(unsigned long fd, + * struct stat64 __user * statbuf) + */ probe kernel.syscall.fstat64 = - kernel.function("sys_fstat64") { - name = "fstat64" - fd = $fd - } - + kernel.function("sys_fstat64") { + name = "fstat64" + fd = $fd + buf_uaddr = $statbuf + } probe kernel.syscall.fstat64.return = - kernel.function("sys_fstat64").return { - name = "fstat64.return" - fd = $fd - /* - buf_f_type = $statbuf->f_type - buf_f_bsize = $statbuf->f_bsize - buf_f_blocks = $statbuf->f_blocks - buf_f_bfree = $statbuf->f_bfree - buf_f_bavail = $statbuf->f_bavail - buf_f_files = $statbuf->f_files - buf_f_ffree = $statbuf->f_ffree - buf_f_fsid = $statbuf->f_fsid - buf_f_namelen = $statbuf->f_namelen - buf_f_frsize = $statbuf->f_frsize - buf_f_spare == __u32 f_spare[5]; - buf_f_type_str = - _statfs_f_type_str($statbuf->f_type) - */ - } + kernel.function("sys_fstat64").return { + name = "fstat64.return" + } # lstat64__________________________________________ -/* asmlinkage long sys_lstat64(char __user * filename, - struct stat64 __user * statbuf) */ -probe kernel.syscall.lstat64 = - kernel.function("sys_lstat64") { - name = "lstat64" - /* - filename = $filename - */ - } - +/* + * asmlinkage long + * sys_lstat64(char __user * filename, + * struct stat64 __user * statbuf) + */ +probe kernel.syscall.lstat64 = + kernel.function("sys_lstat64") { + name = "lstat64" + filename_uaddr = $filename + buf_uaddr = $statbuf + } probe kernel.syscall.lstat64.return = - kernel.function("sys_lstat64").return { - name = "lstat64.return" - /* - filename = $filename - buf_f_type = $statbuf->f_type - buf_f_bsize = $statbuf->f_bsize - buf_f_blocks = $statbuf->f_blocks - buf_f_bfree = $statbuf->f_bfree - buf_f_bavail = $statbuf->f_bavail - buf_f_files = $statbuf->f_files - buf_f_ffree = $statbuf->f_ffree - buf_f_fsid = $statbuf->f_fsid - buf_f_namelen = $statbuf->f_namelen - buf_f_frsize = $statbuf->f_frsize - buf_f_spare == __u32 f_spare[5]; - buf_f_type_str = - _statfs_f_type_str($statbuf->f_type) - */ - } + kernel.function("sys_lstat64").return { + name = "lstat64.return" + } # truncate64_______________________________________ -/* asmlinkage long sys_truncate64(const char __user * path, - loff_t length) */ +/* + * asmlinkage long + * sys_truncate64(const char __user * path, + * loff_t length) + */ probe kernel.syscall.truncate64 = - kernel.function("do_sys_truncate") { - name = "truncate64" - /* - path = $path - */ - length = $length - } - + kernel.function("sys_truncate") { + name = "truncate64" + path_uaddr = $path + length = $length + } probe kernel.syscall.truncate64.return = - kernel.function("do_sys_truncate").return { - name = "truncate64.return" - /* - path = $path - */ - length = $length - } + kernel.function("sys_truncate").return { + name = "truncate64.return" + } # ftruncate64______________________________________ -/* asmlinkage long sys_ftruncate64(unsigned int fd, - loff_t length) */ +/* + * asmlinkage long + * sys_ftruncate64(unsigned int fd, + * loff_t length) + */ probe kernel.syscall.ftruncate64 = - kernel.function("do_sys_ftruncate") { - name = "ftruncate64" - fd = $fd - length = $length - } - + kernel.function("sys_ftruncate") { + name = "ftruncate64" + fd = $fd + length = $length + } probe kernel.syscall.ftruncate64.return = - kernel.function("do_sys_ftruncate").return { - name = "ftruncate64.return" - fd = $fd - length = $length - } + kernel.function("sys_ftruncate").return { + name = "ftruncate64.return" + } # setxattr_________________________________________ -/* asmlinkage long - sys_setxattr(char __user *path, char __user *name, - void __user *value, size_t size, int flags)*/ +/* + * asmlinkage long + * sys_setxattr(char __user *path, + * char __user *name, + * void __user *value, + * size_t size, + * int flags) + */ probe kernel.syscall.setxattr = - kernel.function("sys_setxattr") { - name = "setxattr" - /* - path = $path - name = $name - void __user *value - */ - size = $size - flags = $flags - } - + kernel.function("sys_setxattr") { + name = "setxattr" + path_uaddr = $path + name_uaddr = $name + /* + void __user *value + */ + size = $size + flags = $flags + } probe kernel.syscall.setxattr.return = - kernel.function("sys_setxattr").return { - name = "setxattr.return" - /* - path = $path - name = $name - void __user *value - */ - size = $size - flags = $flags - } + kernel.function("sys_setxattr").return { + name = "setxattr.return" + } # lsetxattr________________________________________ -/* asmlinkage long - sys_lsetxattr(char __user *path, char __user *name, - void __user *value, size_t size, int flags) */ +/* + * asmlinkage long + * sys_lsetxattr(char __user *path, + * char __user *name, + * void __user *value, + * size_t size, + * int flags) + */ probe kernel.syscall.lsetxattr = - kernel.function("sys_lsetxattr") { - name = "lsetxattr" - /* - path = $path - name = $name - void __user *value - */ - size = $size - flags = $flags - } - + kernel.function("sys_lsetxattr") { + name = "lsetxattr" + path_uaddr = $path + name_uaddr = $name + /* + void __user *value + */ + size = $size + flags = $flags + } probe kernel.syscall.lsetxattr.return = - kernel.function("sys_lsetxattr").return { - name = "lsetxattr.return" - /* - path = $path - name = $name - void __user *value - */ - size = $size - flags = $flags - } + kernel.function("sys_lsetxattr").return { + name = "lsetxattr.return" + } # fsetxattr________________________________________ -/* asmlinkage long sys_fsetxattr(int fd, char __user *name, - void __user *value, - size_t size, int flags) */ +/* + * asmlinkage long + * sys_fsetxattr(int fd, + * char __user *name, + * void __user *value, + * size_t size, + * int flags) + */ probe kernel.syscall.fsetxattr = - kernel.function("sys_fsetxattr") { - name = "fsetxattr" - fildes = $fd - /* - name = $name - void __user *value - */ - size = $size - flags = $flags - } - + kernel.function("sys_fsetxattr") { + name = "fsetxattr" + fildes = $fd + name_uaddr = $name + /* + void __user *value + */ + size = $size + flags = $flags + } probe kernel.syscall.fsetxattr.return = - kernel.function("sys_fsetxattr").return { - name = "fsetxattr.return" - fildes = $fd - /* - name = $name - void __user *value - */ - size = $size - flags = $flags - } + kernel.function("sys_fsetxattr").return { + name = "fsetxattr.return" + } # getxattr_________________________________________ -/* asmlinkage ssize_t sys_getxattr(char __user *path, - char __user *name, - void __user *value, - size_t size) */ +/* + * asmlinkage ssize_t + * sys_getxattr(char __user *path, + * char __user *name, + * void __user *value, + * size_t size) + */ probe kernel.syscall.getxattr = - kernel.function("sys_getxattr") { - name = "getxattr" - /* - path = $path - name = $name - void __user *value - */ - size = $size - } - + kernel.function("sys_getxattr") { + name = "getxattr" + path_uaddr = $path + name_uaddr = $name + /* + void __user *value + */ + size = $size + } probe kernel.syscall.getxattr.return = - kernel.function("sys_getxattr").return { - name = "getxattr.return" - } + kernel.function("sys_getxattr").return { + name = "getxattr.return" + } # lgetxattr________________________________________ -/* asmlinkage ssize_t sys_lgetxattr(char __user *path, - char __user *name, - void __user *value, - size_t size) */ +/* + * asmlinkage ssize_t + * sys_lgetxattr(char __user *path, + * char __user *name, + * void __user *value, + * size_t size) + */ probe kernel.syscall.lgetxattr = - kernel.function("sys_lgetxattr") { - name = "lgetxattr" - /* - path = $path - name = $name - void __user *value - */ - size = $size - } - + kernel.function("sys_lgetxattr") { + name = "lgetxattr" + path_uaddr = $path + name_uaddr = $name + /* + void __user *value + */ + size = $size + } probe kernel.syscall.lgetxattr.return = - kernel.function("sys_lgetxattr").return { - name = "lgetxattr.return" - /* - path = $path - name = $name - void __user *value - */ - size = $size - } + kernel.function("sys_lgetxattr").return { + name = "lgetxattr.return" + } # fgetxattr________________________________________ -/* asmlinkage ssize_t - sys_fgetxattr(int fd, char __user *name, - void __user *value, size_t size) */ +/* + * asmlinkage ssize_t + * sys_fgetxattr(int fd, + * char __user *name, + * void __user *value, + * size_t size) + */ probe kernel.syscall.fgetxattr = - kernel.function("sys_fgetxattr") { - name = "fgetxattr" - fildes = $fd - /* - path = $name - void __user *value - */ - size = $size - } - + kernel.function("sys_fgetxattr") { + name = "fgetxattr" + fildes = $fd + path_uaddr = $name + /* + void __user *value + */ + size = $size + } probe kernel.syscall.fgetxattr.return = - kernel.function("sys_fgetxattr").return { - name = "fgetxattr.return" - name = "fgetxattr" - fildes = $fd - /* - path = $name - void __user *value - */ - size = $size - } + kernel.function("sys_fgetxattr").return { + name = "fgetxattr.return" + } # listxattr________________________________________ -/* asmlinkage ssize_t - sys_listxattr(char __user *path, char __user *list, - size_t size) */ +/* + * asmlinkage ssize_t + * sys_listxattr(char __user *path, + * char __user *list, + * size_t size) + */ probe kernel.syscall.listxattr = - kernel.function("sys_listxattr") { - name = "listxattr" - /* - path = $path - */ - size = $size - } - + kernel.function("sys_listxattr") { + name = "listxattr" + path_uaddr = $path + list_uaddr = $list + size = $size + } probe kernel.syscall.listxattr.return = - kernel.function("sys_listxattr").return { - name = "listxattr.return" - /* - path = $path - char __user *list - */ - size = $size - } + kernel.function("sys_listxattr").return { + name = "listxattr.return" + } # llistxattr_______________________________________ -/* asmlinkage ssize_t - sys_llistxattr(char __user *path, char __user *list, - size_t size) */ +/* + * asmlinkage ssize_t + * sys_llistxattr(char __user *path, + * char __user *list, + * size_t size) + */ probe kernel.syscall.llistxattr = - kernel.function("sys_llistxattr") { - name = "llistxattr" - /* - path = $path - */ - size = $size - } - + kernel.function("sys_llistxattr") { + name = "llistxattr" + path_uaddr = $path + list_uaddr = $list + size = $size + } probe kernel.syscall.llistxattr.return = - kernel.function("sys_llistxattr").return { - name = "llistxattr.return" - /* - path = $path - char __user *list - */ - size = $size - } + kernel.function("sys_llistxattr").return { + name = "llistxattr.return" + } # flistxattr_______________________________________ -/* asmlinkage ssize_t - sys_flistxattr(int fd, char __user *list, size_t size) */ +/* + * asmlinkage ssize_t + * sys_flistxattr(int fd, + * char __user *list, + * size_t size) + */ probe kernel.syscall.flistxattr = - kernel.function("sys_flistxattr") { - name = "flistxattr" - fildes = $fd - size = $size - } - + kernel.function("sys_flistxattr") { + name = "flistxattr" + fildes = $fd + list_uaddr = $list + size = $size + } probe kernel.syscall.flistxattr.return = - kernel.function("sys_flistxattr").return { - name = "flistxattr.return" - fildes = $fd - /* - char __user *list - */ - size = $size - } + kernel.function("sys_flistxattr").return { + name = "flistxattr.return" + } # removexattr______________________________________ -/* asmlinkage long - sys_removexattr(char __user *path, char __user *name) */ +/* + * asmlinkage long + * sys_removexattr(char __user *path, + * char __user *name) + */ probe kernel.syscall.removexattr = - kernel.function("sys_removexattr") { - name = "removexattr" - /* - path = $path - name = $name - */ - } - + kernel.function("sys_removexattr") { + name = "removexattr" + path_uaddr = $path + name_uaddr = $name + } probe kernel.syscall.removexattr.return = - kernel.function("sys_removexattr").return { - name = "removexattr.return" - /* - path = $path - name = $name - */ - } + kernel.function("sys_removexattr").return { + name = "removexattr.return" + } # lremovexattr_____________________________________ -/* asmlinkage long - sys_lremovexattr(char __user *path, char __user *name) */ +/* + * asmlinkage long + * sys_lremovexattr(char __user *path, + * char __user *name) + */ probe kernel.syscall.lremovexattr = - kernel.function("sys_lremovexattr") { - name = "lremovexattr" - /* - path = $path - name = $name - */ - } - + kernel.function("sys_lremovexattr") { + name = "lremovexattr" + path_uaddr = $path + name_uaddr = $name + } probe kernel.syscall.lremovexattr.return = - kernel.function("sys_lremovexattr").return { - name = "lremovexattr.return" - /* - path = $path - name = $name - */ - } + kernel.function("sys_lremovexattr").return { + name = "lremovexattr.return" + } # fremovexattr_____________________________________ -/* asmlinkage long sys_fremovexattr(int fd, - char __user *name) */ +/* + * asmlinkage long + * sys_fremovexattr(int fd, + * char __user *name) + */ probe kernel.syscall.fremovexattr = - kernel.function("sys_fremovexattr") { - name = "fremovexattr" - filedes = $fd - /* - name = $name - */ - } - + kernel.function("sys_fremovexattr") { + name = "fremovexattr" + filedes = $fd + name_uaddr = $name + } probe kernel.syscall.fremovexattr.return = - kernel.function("sys_fremovexattr").return { - name = "fremovexattr.return" - filedes = $fd - /* - name = $name - */ - } + kernel.function("sys_fremovexattr").return { + name = "fremovexattr.return" + } # brk______________________________________________ -/* asmlinkage unsigned long sys_brk(unsigned long brk) */ +/* + * asmlinkage unsigned long + * sys_brk(unsigned long brk) + */ probe kernel.syscall.brk = - kernel.function("sys_brk") { - name = "brk" - brk = $brk - } - + kernel.function("sys_brk") { + name = "brk" + brk = $brk + } probe kernel.syscall.brk.return = - kernel.function("sys_brk").return { - name = "brk.return" - brk = $brk - } + kernel.function("sys_brk").return { + name = "brk.return" + } # mprotect_________________________________________ -/* asmlinkage long sys_mprotect(unsigned long start, - size_t len, - unsigned long prot) */ +/* + * asmlinkage long + * sys_mprotect(unsigned long start, + * size_t len, + * unsigned long prot) + */ probe kernel.syscall.mprotect = - kernel.function("sys_mprotect") { - name = "mprotect" - addr = $start - len = $len - prot = $prot - prot_str = - _mprotect_prot_str($prot) - } - + kernel.function("sys_mprotect") { + name = "mprotect" + addr = $start + len = $len + prot = $prot + prot_str = _mprotect_prot_str($prot) + } probe kernel.syscall.mprotect.return = - kernel.function("sys_mprotect").return { - name = "mprotect.return" - addr = $start - len = $len - prot = $prot - prot_str = - _mprotect_prot_str($prot) - } + kernel.function("sys_mprotect").return { + name = "mprotect.return" + } # mremap___________________________________________ -/* asmlinkage unsigned long sys_mremap(unsigned long addr, - unsigned long old_len, unsigned long new_len, - unsigned long flags, unsigned long new_addr) */ +/* + * asmlinkage unsigned long + * sys_mremap(unsigned long addr, + * unsigned long old_len, + * unsigned long new_len, + * unsigned long flags, + * unsigned long new_addr) + */ probe kernel.syscall.mremap = - kernel.function("sys_mremap") { - name = "mremap" - old_address = $addr - old_size = $old_len - new_size = $new_len - flags = $flags - new_address = $new_addr - } - + kernel.function("sys_mremap") { + name = "mremap" + old_address = $addr + old_size = $old_len + new_size = $new_len + flags = $flags + new_address = $new_addr + } probe kernel.syscall.mremap.return = - kernel.function("sys_mremap").return { - name = "mremap.return" - old_address = $addr - old_size = $old_len - new_size = $new_len - flags = $flags - new_address = $new_addr - } + kernel.function("sys_mremap").return { + name = "mremap.return" + } # remap_file_pages_________________________________ -/* asmlinkage long sys_remap_file_pages(unsigned long start, - unsigned long size, - unsigned long __prot, - unsigned long pgoff, - unsigned long flags)*/ +/* + * asmlinkage long + * sys_remap_file_pages(unsigned long start, + * unsigned long size, + * unsigned long __prot, + * unsigned long pgoff, + * unsigned long flags) + */ probe kernel.syscall.remap_file_pages = - kernel.function("sys_remap_file_pages") { - name = "remap_file_pages" - start = $start - size = $size - prot = $__prot - pgoff = $pgoff - flags = $flags - } - + kernel.function("sys_remap_file_pages") { + name = "remap_file_pages" + start = $start + size = $size + prot = $__prot + pgoff = $pgoff + flags = $flags + } probe kernel.syscall.remap_file_pages.return = - kernel.function("sys_remap_file_pages").return { - name = "remap_file_pages.return" - start = $start - size = $size - prot = $__prot - pgoff = $pgoff - flags = $flags - } + kernel.function("sys_remap_file_pages").return { + name = "remap_file_pages.return" + } # msync____________________________________________ -/* asmlinkage long sys_msync(unsigned long start, - size_t len, - int flags)*/ +/* + * asmlinkage long + * sys_msync(unsigned long start, + * size_t len, + * int flags) + */ probe kernel.syscall.msync = - kernel.function("sys_msync") { - name = "msync" - start = $start - length = $len - flags = $flags - flags_str = _msync_flag_str($flags) - } - + kernel.function("sys_msync") { + name = "msync" + start = $start + length = $len + flags = $flags + flags_str = _msync_flag_str($flags) + } probe kernel.syscall.msync.return = - kernel.function("sys_msync").return { - name = "msync.return" - start = $start - length = $len - flags = $flags - flags_str = _msync_flag_str($flags) - } + kernel.function("sys_msync").return { + name = "msync.return" + } # fadvise64________________________________________ -/* asmlinkage long sys_fadvise64_64(int fd, - loff_t offset, - loff_t len, - int advice) */ +/* + * asmlinkage long + * sys_fadvise64_64(int fd, + * loff_t offset, + * loff_t len, + * int advice) + */ probe kernel.syscall.fadvise64 = - kernel.function("sys_fadvise64_64") { - name = "fadvise64" - fs = $fd - offset = $offset - len = $len - advice = $advice - /* - advice_str = - _advise_advice_str($advice) - */ - } - + kernel.function("sys_fadvise64_64") { + name = "fadvise64" + fd = $fd + offset = $offset + len = $len + advice = $advice + } probe kernel.syscall.fadvise64.return = - kernel.function("sys_fadvise64_64").return { - name = "fadvise64.return" - fs = $fd - offset = $offset - len = $len - advice = $advice - /* - advice_str = - _advise_advice_str($advice) - */ - } + kernel.function("sys_fadvise64_64").return { + name = "fadvise64.return" + } # fadvise64_64_____________________________________ -/* asmlinkage long sys_fadvise64_64(int fd, - loff_t offset, - loff_t len, - int advice) */ +/* + * asmlinkage long + * sys_fadvise64_64(int fd, + * loff_t offset, + * loff_t len, + * int advice) + */ probe kernel.syscall.fadvise64_64 = - kernel.function("sys_fadvise64_64") { - name = "fadvise64_64" - fs = $fd - offset = $offset - len = $len - advice = $advice - /* - advice_str = - _advise_advice_str($advice) - */ - } - + kernel.function("sys_fadvise64_64") { + name = "fadvise64_64" + fs = $fd + offset = $offset + len = $len + advice = $advice + } probe kernel.syscall.fadvise64_64.return = - kernel.function("sys_fadvise64_64").return { - name = "fadvise64_64.return" - fs = $fd - offset = $offset - len = $len - advice = $advice - /* - advice_str = - _advise_advice_str($advice) - */ - } + kernel.function("sys_fadvise64_64").return { + name = "fadvise64_64.return" + } # munmap___________________________________________ -/* asmlinkage long sys_munmap(unsigned long addr, size_t len) */ +/* + * asmlinkage long + * sys_munmap(unsigned long addr, + * size_t len) + */ probe kernel.syscall.munmap = - kernel.function("sys_munmap") { - name = "munmap" - start = $addr - length = $len - } - + kernel.function("sys_munmap") { + name = "munmap" + start = $addr + length = $len + } probe kernel.syscall.munmap.return = - kernel.function("sys_munmap").return { - name = "munmap.return" - start = $addr - length = $len - } + kernel.function("sys_munmap").return { + name = "munmap.return" + } # mlock____________________________________________ -/* asmlinkage long sys_mlock(unsigned long start, size_t len) */ +/* + * asmlinkage long + * sys_mlock(unsigned long start, + * size_t len) + */ probe kernel.syscall.mlock = - kernel.function("sys_mlock") { - name = "mlock" - addr = $start - len = $len - } - + kernel.function("sys_mlock") { + name = "mlock" + addr = $start + len = $len + } probe kernel.syscall.mlock.return = - kernel.function("sys_mlock").return { - name = "mlock.return" - addr = $start - len = $len - } + kernel.function("sys_mlock").return { + name = "mlock.return" + } # munlock__________________________________________ -/* asmlinkage long sys_munlock(unsigned long start, size_t len) */ -probe kernel.syscall.munlock = - kernel.function("sys_munlock") { - name = "munlock" - addr = $start - len = $len - } - +/* + * asmlinkage long + * sys_munlock(unsigned long start, + * size_t len) + */ +probe kernel.syscall.munlock = + kernel.function("sys_munlock") { + name = "munlock" + addr = $start + len = $len + } probe kernel.syscall.munlock.return = - kernel.function("sys_munlock").return { - name = "munlock.return" - addr = $start - len = $len - } + kernel.function("sys_munlock").return { + name = "munlock.return" + } # mlockall_________________________________________ -/* asmlinkage long sys_mlockall(int flags) */ +/* + * asmlinkage long + * sys_mlockall(int flags) + */ probe kernel.syscall.mlockall = - kernel.function("sys_mlockall") { - name = "mlockall" - flags = $flags - flags_str = - _mlockall_flags_str($flags) - } - + kernel.function("sys_mlockall") { + name = "mlockall" + flags = $flags + flags_str = _mlockall_flags_str($flags) + } probe kernel.syscall.mlockall.return = - kernel.function("sys_mlockall").return { - name = "mlockall.return" - flags = $flags - flags_str = - _mlockall_flags_str($flags) - } + kernel.function("sys_mlockall").return { + name = "mlockall.return" + } # munlockall_______________________________________ -/* smlinkage long sys_mlockall(int flags) */ +/* + * asmlinkage long + * sys_munlockall(void) + */ probe kernel.syscall.munlockall = - kernel.function("sys_munlockall") { - name = "munlockall" - flags = $flags - flags_str = - _mlockall_flags_str($flags) - } - + kernel.function("sys_munlockall") { + name = "munlockall" + } probe kernel.syscall.munlockall.return = - kernel.function("sys_munlockall").return { - name = "munlockall.return" - flags = $flags - flags_str = - _mlockall_flags_str($flags) - } + kernel.function("sys_munlockall").return { + name = "munlockall.return" + } # madvise__________________________________________ -/* asmlinkage long sys_madvise(unsigned long start, - size_t len_in, - int behavior) */ +/* + * asmlinkage long + * sys_madvise(unsigned long start, + * size_t len_in, + * int behavior) + */ probe kernel.syscall.madvise = - kernel.function("sys_madvise") { - name = "madvise" - start = $start - length = $len_in - advice = $behavior - advice_str = - _madvice_advice_str($behavior) - } - + kernel.function("sys_madvise") { + name = "madvise" + start = $start + length = $len_in + advice = $behavior + advice_str = _madvice_advice_str($behavior) + } probe kernel.syscall.madvise.return = - kernel.function("sys_madvise").return { - name = "madvise.return" - start = $start - length = $len_in - advice = $behavior - advice_str = - _madvice_advice_str($behavior) - } + kernel.function("sys_madvise").return { + name = "madvise.return" + } # mincore__________________________________________ -/* asmlinkage long sys_mincore(unsigned long start, - size_t len, - unsigned char __user * vec) */ +/* + * asmlinkage long + * sys_mincore(unsigned long start, + * size_t len, + * unsigned char __user * vec) + */ probe kernel.syscall.mincore = - kernel.function("sys_mincore") { - name = "mincore" - start = $start - length = $len - } - + kernel.function("sys_mincore") { + name = "mincore" + start = $start + length = $len + vec_uaddr = $vec + } probe kernel.syscall.mincore.return = - kernel.function("sys_mincore").return { - name = "mincore.return" - start = $start - length = $len - /* - vec = $vec - */ - } + kernel.function("sys_mincore").return { + name = "mincore.return" + } # pivot_root_______________________________________ -/* asmlinkage long sys_pivot_root(const char __user *new_root, - const char __user *put_old) */ +/* + * asmlinkage long + * sys_pivot_root(const char __user *new_root, + * const char __user *put_old) + */ probe kernel.syscall.pivot_root = - kernel.function("sys_pivot_root") { - name = "pivot_root" - /* - new_root = $new_root - old_root = $old_root - */ - } - + kernel.function("sys_pivot_root") { + name = "pivot_root" + new_root_uaddr = $new_root + old_root_uaddr = $put_old + } probe kernel.syscall.pivot_root.return = - kernel.function("sys_pivot_root").return { - name = "pivot_root.return" - /* - new_root = $new_root - old_root = $old_root - */ - } + kernel.function("sys_pivot_root").return { + name = "pivot_root.return" + } # chroot___________________________________________ -/* asmlinkage long sys_chroot(const char __user * filename) */ +/* + * asmlinkage long + * sys_chroot(const char __user * filename) + */ probe kernel.syscall.chroot = - kernel.function("sys_chroot") { - name = "chroot" - /* - path = $filename - */ - } - + kernel.function("sys_chroot") { + name = "chroot" + path_uaddr = $filename + } probe kernel.syscall.chroot.return = - kernel.function("sys_chroot").return { - name = "chroot.return" - /* - path = $filename - */ - } + kernel.function("sys_chroot").return { + name = "chroot.return" + } # mknod____________________________________________ -/* asmlinkage long sys_mknod(const char __user * filename, - int mode, unsigned dev) */ +/* + * asmlinkage long + * sys_mknod(const char __user * filename, + * int mode, + * unsigned dev) + */ probe kernel.syscall.mknod = - kernel.function("sys_mknod") { - name = "mknod" - /* - pathname = $filename - */ - mode = $mode - mode_str = - _mknod_mode_str($mode) - dev = $dev - } - + kernel.function("sys_mknod") { + name = "mknod" + pathname_uaddr = $filename + mode = $mode + mode_str = _mknod_mode_str($mode) + dev = $dev + } probe kernel.syscall.mknod.return = - kernel.function("sys_mknod").return { - name = "mknod.return" - /* - pathname = $filename - */ - mode = $mode - mode_str = - _mknod_mode_str($mode) - dev = $dev - } + kernel.function("sys_mknod").return { + name = "mknod.return" + } # link_____________________________________________ -/* asmlinkage long sys_link(const char __user * oldname, - const char __user * newname) */ +/* + * asmlinkage long + * sys_link(const char __user * oldname, + * const char __user * newname) + */ probe kernel.syscall.link = - kernel.function("sys_link") { - name = "link" - /* - oldpath = $oldname - newpath = $newpath - */ - } - + kernel.function("sys_link") { + name = "link" + oldpath_uaddr = $oldname + newpath_uaddr = $newname + } probe kernel.syscall.link.return = - kernel.function("sys_link").return { - name = "link.return" - /* - oldpath = $oldname - newpath = $newpath - */ - } + kernel.function("sys_link").return { + name = "link.return" + } # symlink__________________________________________ -/* asmlinkage long sys_symlink(const char __user * oldname, - const char __user * newname) */ +/* + * asmlinkage long + * sys_symlink(const char __user * oldname, + * const char __user * newname) + */ probe kernel.syscall.symlink = - kernel.function("sys_symlink") { - name = "symlink" - /* - oldpath = $oldname - newpath = $newpath - */ - } - + kernel.function("sys_symlink") { + name = "symlink" + oldpath_uaddr = $oldname + newpath_uaddr = $newname + } probe kernel.syscall.symlink.return = - kernel.function("sys_symlink").return { - name = "symlink.return" - /* - oldpath = $oldname - newpath = $newpath - */ - } + kernel.function("sys_symlink").return { + name = "symlink.return" + } # unlink___________________________________________ -/* asmlinkage long sys_unlink(const char __user * pathname) */ +/* + * asmlinkage long + * sys_unlink(const char __user * pathname) + */ probe kernel.syscall.unlink = - kernel.function("sys_unlink") { - name = "unlink" - /* - pathname = $pathname - */ - } - + kernel.function("sys_unlink") { + name = "unlink" + pathname_uaddr = $pathname + } probe kernel.syscall.unlink.return = - kernel.function("sys_unlink").return { - name = "unlink.return" - /* - pathname = $pathname - */ - } + kernel.function("sys_unlink").return { + name = "unlink.return" + } # rename___________________________________________ -/* asmlinkage long sys_rename(const char __user * oldname, - const char __user * newname) */ +/* + * asmlinkage long + * sys_rename(const char __user * oldname, + * const char __user * newname) + */ probe kernel.syscall.rename = - kernel.function("sys_rename") { - name = "rename" - /* - oldpath = $oldname - newpath = $newname - */ - } - + kernel.function("sys_rename") { + name = "rename" + oldpath_uaddr = $oldname + newpath_uaddr = $newname + } probe kernel.syscall.rename.return = - kernel.function("sys_rename").return { - name = "rename.return" - /* - oldpath = $oldname - newpath = $newname - */ - } + kernel.function("sys_rename").return { + name = "rename.return" + } # chmod____________________________________________ -/* asmlinkage long sys_chmod(const char __user * filename, - mode_t mode) */ +/* + * asmlinkage long + * sys_chmod(const char __user * filename, + * mode_t mode) + */ probe kernel.syscall.chmod = - kernel.function("sys_chmod") { - name = "chmod" - /* - path = $filename - */ - mode = $mode - mode_str = _sys_open_mode_str($mode) - } - + kernel.function("sys_chmod") { + name = "chmod" + path_uaddr = $filename + mode = $mode + mode_str = _sys_open_mode_str($mode) + } probe kernel.syscall.chmod.return = - kernel.function("sys_chmod").return { - name = "chmod.return" - /* - path = $filename - */ - mode = $mode - mode_str = _sys_open_mode_str($mode) - } + kernel.function("sys_chmod").return { + name = "chmod.return" + } # fchmod___________________________________________ -/* asmlinkage long sys_fchmod(unsigned int fd, mode_t mode) */ +/* + * asmlinkage long + * sys_fchmod(unsigned int fd, + * mode_t mode) + */ probe kernel.syscall.fchmod = - kernel.function("sys_fchmod") { - name = "fchmod" - fildes = $fd - mode = $mode - mode_str = _sys_open_mode_str($mode) - } - + kernel.function("sys_fchmod") { + name = "fchmod" + fildes = $fd + mode = $mode + mode_str = _sys_open_mode_str($mode) + } probe kernel.syscall.fchmod.return = - kernel.function("sys_fchmod").return { - name = "fchmod.return" - fildes = $fd - mode = $mode - mode_str = _sys_open_mode_str($mode) - } + kernel.function("sys_fchmod").return { + name = "fchmod.return" + } # fcntl____________________________________________ -/* asmlinkage long sys_fcntl(int fd, unsigned int cmd, unsigned long arg) */ +/* + * asmlinkage long + * sys_fcntl(int fd, + * unsigned int cmd, + * unsigned long arg) + */ probe kernel.syscall.fcntl = - kernel.function("sys_fcntl") { - name = "fcntl" - fd = $fd - cmd = $cmd - cmd_str = _fcntl_cmd_str($cmd) - arg = $arg - } - + kernel.function("sys_fcntl") { + name = "fcntl" + fd = $fd + cmd = $cmd + cmd_str = _fcntl_cmd_str($cmd) + arg = $arg + } probe kernel.syscall.fcntl.return = - kernel.function("sys_fcntl").return { - name = "fcntl.return" - fd = $fd - cmd = $cmd - cmd_str = _fcntl_cmd_str($cmd) - arg = $arg - } + kernel.function("sys_fcntl").return { + name = "fcntl.return" + } # fcntl64__________________________________________ -/* asmlinkage long sys_fcntl64(unsigned int fd, - unsigned int cmd, - unsigned long arg) */ +/* + * asmlinkage long + * sys_fcntl64(unsigned int fd, + * unsigned int cmd, + * unsigned long arg) + */ probe kernel.syscall.fcntl64 = - kernel.function("sys_fcntl64") { - name = "fcntl64" - fd = $fd - cmd = $cmd - cmd_str = _fcntl_cmd_str($cmd) - arg = $arg - } - + kernel.function("sys_fcntl64") { + name = "fcntl64" + fd = $fd + cmd = $cmd + cmd_str = _fcntl_cmd_str($cmd) + arg = $arg + } probe kernel.syscall.fcntl64.return = - kernel.function("sys_fcntl64").return { - name = "fcntl64.return" - fd = $fd - cmd = $cmd - cmd_str = _fcntl_cmd_str($cmd) - arg = $arg - } + kernel.function("sys_fcntl64").return { + name = "fcntl64.return" + fd = $fd + } # dup______________________________________________ -/* asmlinkage long sys_dup(unsigned int fildes) */ +/* + * asmlinkage long + * sys_dup(unsigned int fildes) + */ probe kernel.syscall.dup = - kernel.function("sys_dup") { - name = "dup" - oldfd = $fildes - } - + kernel.function("sys_dup") { + name = "dup" + oldfd = $fildes + } probe kernel.syscall.dup.return = - kernel.function("sys_dup").return { - name = "dup.return" - oldfd = $fildes - } + kernel.function("sys_dup").return { + name = "dup.return" + } # dup2_____________________________________________ -/* asmlinkage long sys_dup2(unsigned int oldfd, - unsigned int newfd) */ +/* + * asmlinkage long + * sys_dup2(unsigned int oldfd, + * unsigned int newfd) + */ probe kernel.syscall.dup2 = - kernel.function("sys_dup2") { - name = "dup2" - oldfd = $oldfd - newfd = $newfd - } - + kernel.function("sys_dup2") { + name = "dup2" + oldfd = $oldfd + newfd = $newfd + } probe kernel.syscall.dup2.return = - kernel.function("sys_dup2").return { - name = "dup2.return" - oldfd = $oldfd - newfd = $newfd - } + kernel.function("sys_dup2").return { + name = "dup2.return" + } # ioperm___________________________________________ -/* asmlinkage long sys_ioperm(unsigned long from, - unsigned long num, - int turn_on) */ +/* + * asmlinkage long + * sys_ioperm(unsigned long from, + * unsigned long num, + * int turn_on) + */ probe kernel.syscall.ioperm = - kernel.function("sys_ioperm") { - name = "ioperm" - from = $from - num = $num - turn_on = $turn_on - } - + kernel.function("sys_ioperm") { + name = "ioperm" + from = $from + num = $num + turn_on = $turn_on + } probe kernel.syscall.ioperm.return = - kernel.function("sys_ioperm").return { - name = "ioperm.return" - from = $from - num = $num - turn_on = $turn_on - } + kernel.function("sys_ioperm").return { + name = "ioperm.return" + } # ioctl____________________________________________ -/* asmlinkage long sys_ioctl(unsigned int fd, - unsigned int cmd, - unsigned long arg) */ +/* + * asmlinkage long + * sys_ioctl(unsigned int fd, + * unsigned int cmd, + * unsigned long arg) + */ probe kernel.syscall.ioctl = - kernel.function("sys_ioctl") { - name = "ioctl" - /* - d = $fd - request = $cmd - argp = $arg - */ - } - + kernel.function("sys_ioctl") { + name = "ioctl" + fd = $fd + request = $cmd + argp = $arg + } probe kernel.syscall.ioctl.return = - kernel.function("sys_ioctl").return { - name = "ioctl.return" - /* - d = $fd - request = $cmd - argp = $arg - */ - } + kernel.function("sys_ioctl").return { + name = "ioctl.return" + } # flock____________________________________________ -/* asmlinkage long sys_flock(unsigned int fd, - unsigned int cmd) */ +/* + * asmlinkage long + * sys_flock(unsigned int fd, + * unsigned int cmd) + */ probe kernel.syscall.flock = - kernel.function("sys_flock") { - name = "flock" - fd = $fd - operation = $cmd - operation_str = - _flock_cmd_str($cmd) - } - + kernel.function("sys_flock") { + name = "flock" + fd = $fd + operation = $cmd + } probe kernel.syscall.flock.return = - kernel.function("sys_flock").return { - name = "flock.return" - fd = $fd - operation = $cmd - operation_str = - _flock_cmd_str($cmd) - } + kernel.function("sys_flock").return { + name = "flock.return" + } # io_setup_________________________________________ -/* asmlinkage long sys_io_setup(unsigned nr_events, - aio_context_t __user *ctxp) */ +/* + * asmlinkage long + * sys_io_setup(unsigned nr_events, + * aio_context_t __user *ctxp) + */ probe kernel.syscall.io_setup = - kernel.function("sys_io_setup") { - name = "io_setup" - maxevents = $nr_events - } - + kernel.function("sys_io_setup") { + name = "io_setup" + maxevents = $nr_events + ctxp_uaddr = $ctxp + } probe kernel.syscall.io_setup.return = - kernel.function("sys_io_setup").return { - name = "io_setup.return" - maxevents = $nr_events - /* - ctxp = $ctxp - */ - } + kernel.function("sys_io_setup").return { + name = "io_setup.return" + } # io_destroy_______________________________________ -/* asmlinkage long sys_io_destroy(aio_context_t ctx) */ +/* + * asmlinkage long + * sys_io_destroy(aio_context_t ctx) + */ probe kernel.syscall.io_destroy = - kernel.function("sys_io_destroy") { - name = "io_destroy" - ctx = $ctx - } - + kernel.function("sys_io_destroy") { + name = "io_destroy" + ctx = $ctx + } probe kernel.syscall.io_destroy.return = - kernel.function("sys_io_destroy").return { - name = "io_destroy.return" - ctx = $ctx - } + kernel.function("sys_io_destroy").return { + name = "io_destroy.return" + } # io_getevents_____________________________________ -/* asmlinkage long sys_io_getevents(aio_context_t ctx_id, - long min_nr, - long nr, - struct io_event __user *events, - struct timespec __user *timeout) */ +/* + * asmlinkage long + * sys_io_getevents(aio_context_t ctx_id, + * long min_nr, + * long nr, + * struct io_event __user *events, + * struct timespec __user *timeout) + */ probe kernel.syscall.io_getevents = - kernel.function("sys_io_getevents") { - name = "io_getevents" - ctx_id = $ctx_id - min_nr = $min_nr - nr = $nr - /* - timeout_tv_sec = $timeout->tv_sec - timeout_tv_usec = $timeout->tv_usec - */ - } - + kernel.function("sys_io_getevents") { + name = "io_getevents" + ctx_id = $ctx_id + min_nr = $min_nr + nr = $nr + events_uaddr = $events + timeout_uaddr = $timeout + } probe kernel.syscall.io_getevents.return = - kernel.function("sys_io_getevents").return { - name = "io_getevents.return" - ctx_id = $ctx_id - min_nr = $min_nr - nr = $nr - /* - events_data = $events->data - events_obj = $events->obj - events_res = $events->res - events_res2 = $events->res2 - - timeout_tv_sec = $timeout->tv_sec - timeout_tv_usec = $timeout->tv_usec - */ - } + kernel.function("sys_io_getevents").return { + name = "io_getevents.return" + } # io_submit________________________________________ -/* asmlinkage long sys_io_submit(aio_context_t ctx_id, long nr, - struct iocb __user * __user *iocbpp) */ +/* + * asmlinkage long + * sys_io_submit(aio_context_t ctx_id, + * long nr, + * struct iocb __user * __user *iocbpp) + */ probe kernel.syscall.io_submit = - kernel.function("sys_io_submit") { - name = "io_submit" - ctx_id = $ctx_id - nr = $nr - /* - struct iocb __user * __user *iocbpp - iocbpp should be an array of nr AIO request blocks - */ - } - + kernel.function("sys_io_submit") { + name = "io_submit" + ctx_id = $ctx_id + nr = $nr + iocbpp_uaddr = $iocbpp +} probe kernel.syscall.io_submit.return = - kernel.function("sys_io_submit").return { - name = "io_submit.return" - ctx_id = $ctx_id - nr = $nr - /* - struct iocb __user * __user *iocbpp - iocbpp should be an array of nr AIO request blocks - */ - } + kernel.function("sys_io_submit").return { + name = "io_submit.return" + } # io_cancel________________________________________ -/* asmlinkage long sys_io_cancel(aio_context_t ctx_id, - struct iocb __user *iocb, - struct io_event __user *result) */ +/* + * asmlinkage long + * sys_io_cancel(aio_context_t ctx_id, + * struct iocb __user *iocb, + * struct io_event __user *result) + */ probe kernel.syscall.io_cancel = - kernel.function("sys_io_cancel") { - name = "io_cancel" - ctx_id = $ctx_id - /* - iocb_aio_data = $iocb->aio_data - iocb_aio_key = $iocb->aio_key - iocb_aio_reserved1 = $iocb->aio_reserved1 - iocb_aio_lio_opcode = $iocb->aio_lio_opcode - iocb_aio_reqprio = $iocb->aio_reqprio - iocb_aio_fildes = $iocb->aio_fildes - iocb_aio_buf = $iocb->aio_buf - iocb_aio_nbytes = $iocb->aio_nbytes - iocb_aio_offset = $iocb->aio_offset - iocb_aio_reserved2 = $iocb->aio_reserved2 - iocb_aio_reserved3 = $iocb->aio_reserved3 - */ - } - + kernel.function("sys_io_cancel") { + name = "io_cancel" + ctx_id = $ctx_id + iocb_uaddr = $iocb + result_uaddr = $result + } probe kernel.syscall.io_cancel.return = - kernel.function("sys_io_cancel").return { - name = "io_cancel.return" - ctx_id = $ctx_id - /* - iocb_aio_data = $iocb->aio_data - iocb_aio_key = $iocb->aio_key - iocb_aio_reserved1 = $iocb->aio_reserved1 - iocb_aio_lio_opcode = $iocb->aio_lio_opcode - iocb_aio_reqprio = $iocb->aio_reqprio - iocb_aio_fildes = $iocb->aio_fildes - iocb_aio_buf = $iocb->aio_buf - iocb_aio_nbytes = $iocb->aio_nbytes - iocb_aio_offset = $iocb->aio_offset - iocb_aio_reserved2 = $iocb->aio_reserved2 - iocb_aio_reserved3 = $iocb->aio_reserved3 - - result_data = $result->data - result_obj = $result->obj - result_res = $result->res - result_res2 = $result->res2 - */ - } + kernel.function("sys_io_cancel").return { + name = "io_cancel.return" + } # sendfile_________________________________________ -/* asmlinkage ssize_t sys_sendfile(int out_fd, int in_fd, - off_t __user *offset, - size_t count) */ +/* + * asmlinkage ssize_t + * sys_sendfile(int out_fd, + * int in_fd, + * off_t __user *offset, + * size_t count) + */ probe kernel.syscall.sendfile = - kernel.function("sys_sendfile") { - name = "sendfile" - out_fd = $out_fd - in_fd = $in_fd - /* - offset = $offset - */ - count = $count - } - + kernel.function("sys_sendfile") { + name = "sendfile" + out_fd = $out_fd + in_fd = $in_fd + offset_uaddr = $offset + count = $count + } probe kernel.syscall.sendfile.return = - kernel.function("sys_sendfile").return { - name = "sendfile.return" - out_fd = $out_fd - in_fd = $in_fd - /* - offset = $offset - */ - count = $count - } + kernel.function("sys_sendfile").return { + name = "sendfile.return" + } # sendfile64_______________________________________ -/* asmlinkage ssize_t sys_sendfile64(int out_fd, - int in_fd, - loff_t __user *offset, - size_t count) */ +/* + * asmlinkage ssize_t + * sys_sendfile64(int out_fd, + * int in_fd, + * loff_t __user *offset, + * size_t count) + */ probe kernel.syscall.sendfile64 = - kernel.function("sys_sendfile64") { - name = "sendfile64" - out_fd = $out_fd - in_fd = $in_fd - /* - offset = $offset - */ - count = $count - } - + kernel.function("sys_sendfile64") { + name = "sendfile64" + out_fd = $out_fd + in_fd = $in_fd + offset_uaddr = $offset + count = $count + } probe kernel.syscall.sendfile64.return = - kernel.function("sys_sendfile64").return { - name = "sendfile64.return" - out_fd = $out_fd - in_fd = $in_fd - /* - offset = $offset - */ - count = $count - } + kernel.function("sys_sendfile64").return { + name = "sendfile64.return" + } # readlink_________________________________________ -/* asmlinkage long sys_readlink(const char __user * path, - char __user * buf, int bufsiz) */ +/* + * asmlinkage long + * sys_readlink(const char __user * path, + * char __user * buf, + * int bufsiz) + */ probe kernel.syscall.readlink = - kernel.function("sys_readlink") { - name = "readlink" - /* - path = $path - */ - bufsiz = $bufsiz - } - + kernel.function("sys_readlink") { + name = "readlink" + path_uaddr = $path + buf_uaddr = $buf + bufsiz = $bufsiz + } probe kernel.syscall.readlink.return = - kernel.function("sys_readlink").return { - name = "readlink.return" - /* - path = $path - buf = $buf - */ - bufsiz = $bufsiz - } + kernel.function("sys_readlink").return { + name = "readlink.return" + } # creat____________________________________________ -/* asmlinkage long sys_creat(const char __user * pathname, int mode) */ +/* + * asmlinkage long + * sys_creat(const char __user * pathname, + * int mode) + */ probe kernel.syscall.creat = - kernel.function("sys_open") { - name = "creat" - /* - pathname = $pathname - */ - mode = $mode - mode_str = - _sys_open_mode_str($mode) - } - + kernel.function("sys_open") { + name = "creat" + pathname_uaddr = $filename + mode = $mode + mode_str = _sys_open_mode_str($mode) + } probe kernel.syscall.creat.return = - kernel.function("sys_open").return { - name = "creat.return" - /* - pathname = $pathname - */ - mode = $mode - mode_str = - _sys_open_mode_str($mode) - } + kernel.function("sys_open").return { + name = "creat.return" + } # open_____________________________________________ -/* asmlinkage long sys_open(const char __user * filename, - int flags, int mode) */ +/* + * asmlinkage long + * sys_open(const char __user * filename, + * int flags, + * int mode) + */ probe kernel.syscall.open = - kernel.function("sys_open") { - name = "open" - /* - pathname = $pathname - */ - mode = $mode - mode_str = - _sys_open_mode_str($mode) - } - + kernel.function("sys_open") { + name = "open" + filename_uaddr = $filename + flags = $flags + mode = $mode + mode_str = _sys_open_mode_str($mode) + } probe kernel.syscall.open.return = - kernel.function("sys_open").return { - name = "open.return" - /* - pathname = $pathname - */ - mode = $mode - mode_str = - _sys_open_mode_str($mode) - } + kernel.function("sys_open").return { + name = "open.return" + } # close____________________________________________ -/* asmlinkage long sys_close(unsigned int fd) */ +/* + * asmlinkage long + * sys_close(unsigned int fd) + */ probe kernel.syscall.close = - kernel.function("sys_close") { - name = "close" - fd = $fd - /* - TODO: write _get_fname_from_fd() - */ - } - + kernel.function("sys_close") { + name = "close" + fd = $fd +} probe kernel.syscall.close.return = - kernel.function("sys_close").return { - name = "close.return" - fd = $fd - /* - TODO: write _get_fname_from_fd() - */ - } + kernel.function("sys_close").return { + name = "close.return" + } # access___________________________________________ -/* asmlinkage long sys_access(const char __user * filename, - int mode) */ +/* + * asmlinkage long + * sys_access(const char __user * filename, + * int mode) + */ probe kernel.syscall.access = - kernel.function("sys_access") { - name = "access" - /* - pathname = $filename - */ - mode = $mode - mode_str = _access_mode_str($mode) - } - + kernel.function("sys_access") { + name = "access" + pathname_uaddr = $filename + mode = $mode + mode_str = _access_mode_str($mode) + } probe kernel.syscall.access.return = - kernel.function("sys_access").return { - name = "access.return" - /* - pathname = $filename - */ - mode = $mode - mode_str = _access_mode_str($mode) - } + kernel.function("sys_access").return { + name = "access.return" + } # vhangup__________________________________________ -/* asmlinkage long sys_vhangup(void) */ +/* + * asmlinkage long + * sys_vhangup(void) + */ probe kernel.syscall.vhangup = - kernel.function("sys_vhangup") { - name = "vhangup" - } - + kernel.function("sys_vhangup") { + name = "vhangup" + } probe kernel.syscall.vhangup.return = - kernel.function("sys_vhangup").return { - name = "vhangup.return" - } + kernel.function("sys_vhangup").return { + name = "vhangup.return" + } # chown____________________________________________ -/* asmlinkage long sys_chown(const char __user * filename, - uid_t user, - gid_t group) */ +/* + * asmlinkage long + * sys_chown(const char __user * filename, + * uid_t user, + * gid_t group) + */ probe kernel.syscall.chown = - kernel.function("sys_chown") { - name = "chown" - /* - path = $filename - */ - owner = $user - group = $group - } - + kernel.function("sys_chown") { + name = "chown" + path_uaddr = $filename + owner = $user + group = $group + } probe kernel.syscall.chown.return = - kernel.function("sys_chown").return { - name = "chown.return" - /* - path = $filename - */ - owner = $user - group = $group - } + kernel.function("sys_chown").return { + name = "chown.return" + } # lchown___________________________________________ -/* asmlinkage long sys_lchown(const char __user * filename, - uid_t user, - gid_t group) */ +/* + * asmlinkage long + * sys_lchown(const char __user * filename, + * uid_t user, + * gid_t group) + */ probe kernel.syscall.lchown = - kernel.function("sys_lchown") { - name = "lchown" - /* - path = $filename - */ - owner = $user - group = $group - } - + kernel.function("sys_lchown") { + name = "lchown" + path_uaddr = $filename + owner = $user + group = $group + } probe kernel.syscall.lchown.return = - kernel.function("sys_lchown").return { - name = "lchown.return" - /* - path = $filename - */ - owner = $user - group = $group - } + kernel.function("sys_lchown").return { + name = "lchown.return" + } # fchown___________________________________________ -/* asmlinkage long sys_fchown(unsigned int fd, - uid_t user, - gid_t group) */ +/* + * asmlinkage long + * sys_fchown(unsigned int fd, + * uid_t user, + * gid_t group) + */ probe kernel.syscall.fchown = - kernel.function("sys_fchown") { - name = "fchown" - fd = $fd - owner = $user - group = $group - } - + kernel.function("sys_fchown") { + name = "fchown" + fd = $fd + owner = $user + group = $group + } probe kernel.syscall.fchown.return = - kernel.function("sys_fchown").return { - name = "fchown.return" - fd = $fd - owner = $user - group = $group - } + kernel.function("sys_fchown").return { + name = "fchown.return" + } # chown16__________________________________________ -/* asmlinkage long sys_chown16(const char __user * filename, - old_uid_t user, - old_gid_t group) */ +/* + * asmlinkage long + * sys_chown16(const char __user * filename, + * old_uid_t user, + * old_gid_t group) + */ probe kernel.syscall.chown16 = - kernel.function("sys_chown") { - name = "chown16" - /* - path = $filename - */ - owner = $user - group = $group - } - + kernel.function("sys_chown") { + name = "chown16" + path_uaddr = $filename + owner = $user + group = $group + } probe kernel.syscall.chown16.return = - kernel.function("sys_chown").return { - name = "chown16.return" - /* - path = $filename - */ - owner = $user - group = $group - } + kernel.function("sys_chown").return { + name = "chown16.return" + } # lchown16_________________________________________ -/* asmlinkage long sys_lchown16(const char __user * filename, - old_uid_t user, - old_gid_t group) */ +/* + * asmlinkage long + * sys_lchown16(const char __user * filename, + * old_uid_t user, + * old_gid_t group) + */ probe kernel.syscall.lchown16 = - kernel.function("sys_lchown") { - name = "lchown16" - /* - path = $filename - */ - owner = $user - group = $group - } - + kernel.function("sys_lchown") { + name = "lchown16" + path_uaddr = $filename + owner = $user + group = $group + } probe kernel.syscall.lchown16.return = - kernel.function("sys_lchown").return { - name = "lchown16.return" - /* - path = $filename - */ - owner = $user - group = $group - } + kernel.function("sys_lchown").return { + name = "lchown16.return" + } # fchown16_________________________________________ -/* asmlinkage long sys_fchown16(unsigned int fd, - old_uid_t user, - old_gid_t group) */ +/* + * asmlinkage long + * sys_fchown16(unsigned int fd, + * old_uid_t user, + * old_gid_t group) + */ probe kernel.syscall.fchown16 = - kernel.function("sys_fchown") { - name = "fchown16" - fd = $fd - owner = $user - group = $group - } - + kernel.function("sys_fchown") { + name = "fchown16" + fd = $fd + owner = $user + group = $group + } probe kernel.syscall.fchown16.return = - kernel.function("sys_fchown").return { - name = "fchown16.return" - fd = $fd - owner = $user - group = $group - } + kernel.function("sys_fchown").return { + name = "fchown16.return" + } # setregid16_______________________________________ -/* asmlinkage long sys_setregid16(old_gid_t rgid, - old_gid_t egid) */ +/* + * asmlinkage long + * sys_setregid16(old_gid_t rgid, + * old_gid_t egid) + */ probe kernel.syscall.setregid16 = - kernel.function("sys_setregid") { - name = "setregid16" - } - + kernel.function("sys_setregid") { + name = "setregid16" + rgid = $rgid + egid = $egid + } probe kernel.syscall.setregid16.return = - kernel.function("sys_setregid").return { - name = "setregid16.return" - } + kernel.function("sys_setregid").return { + name = "setregid16.return" + } # setgid16_________________________________________ -/* asmlinkage long sys_setgid16(old_gid_t gid) */ +/* + * asmlinkage long + * sys_setgid16(old_gid_t gid) + */ probe kernel.syscall.setgid16 = - kernel.function("sys_setgid") { - name = "setgid16" - gid = $gid - } - + kernel.function("sys_setgid") { + name = "setgid16" + gid = $gid + } probe kernel.syscall.setgid16.return = - kernel.function("sys_setgid").return { - name = "setgid16.return" - gid = $gid - } + kernel.function("sys_setgid").return { + name = "setgid16.return" + } # setreuid16_______________________________________ -/* asmlinkage long sys_setreuid16(old_uid_t ruid, - old_uid_t euid) */ +/* + * asmlinkage long + * sys_setreuid16(old_uid_t ruid, + * old_uid_t euid) + */ probe kernel.syscall.setreuid16 = - kernel.function("sys_setreuid") { - name = "setreuid16" - ruid = $ruid - euid = $euid - } - + kernel.function("sys_setreuid") { + name = "setreuid16" + ruid = $ruid + euid = $euid + } probe kernel.syscall.setreuid16.return = - kernel.function("sys_setreuid").return { - name = "setreuid16.return" - ruid = $ruid - euid = $euid - } + kernel.function("sys_setreuid").return { + name = "setreuid16.return" + } # setuid16_________________________________________ -/* asmlinkage long sys_setuid16(old_uid_t uid) */ +/* + * asmlinkage long + * sys_setuid16(old_uid_t uid) + */ probe kernel.syscall.setuid16 = - kernel.function("sys_setuid") { - name = "setuid16" - uid = $uid - } - + kernel.function("sys_setuid") { + name = "setuid16" + uid = $uid + } probe kernel.syscall.setuid16.return = - kernel.function("sys_setuid").return { - name = "setuid16.return" - uid = $uid - } + kernel.function("sys_setuid").return { + name = "setuid16.return" + } # setresuid16______________________________________ -/* asmlinkage long sys_setresuid16(old_uid_t ruid, - old_uid_t euid, - old_uid_t suid) */ +/* + * asmlinkage long + * sys_setresuid16(old_uid_t ruid, + * old_uid_t euid, + * old_uid_t suid) + */ probe kernel.syscall.setresuid16 = - kernel.function("sys_setresuid") { - name = "setresuid16" - ruid = $ruid - euid = $euid - suid = $suid - } - + kernel.function("sys_setresuid") { + name = "setresuid16" + ruid = $ruid + euid = $euid + suid = $suid + } probe kernel.syscall.setresuid16.return = - kernel.function("sys_setresuid").return { - name = "setresuid16.return" - ruid = $ruid - euid = $euid - suid = $suid - } + kernel.function("sys_setresuid").return { + name = "setresuid16.return" + } # getresuid16______________________________________ -/* asmlinkage long sys_getresuid16(old_uid_t __user *ruid, - old_uid_t __user *euid, - old_uid_t __user *suid) */ +/* + * asmlinkage long + * sys_getresuid16(old_uid_t __user *ruid, + * old_uid_t __user *euid, + * old_uid_t __user *suid) + */ probe kernel.syscall.getresuid16 = - kernel.function("sys_getresuid") { - name = "getresuid16" - } - + kernel.function("sys_getresuid") { + name = "getresuid16" + ruid_uaddr = $ruid + euid_uaddr = $euid + suid_uaddr = $suid + } probe kernel.syscall.getresuid16.return = - kernel.function("sys_getresuid").return { - name = "getresuid16.return" - /* - ruid = $ruid - euid = $euid - suid = $suid - */ - } + kernel.function("sys_getresuid").return { + name = "getresuid16.return" + } # setresgid16______________________________________ -/* asmlinkage long sys_setresgid16(old_gid_t rgid, - old_gid_t egid, - old_gid_t sgid) */ +/* + * asmlinkage long + * sys_setresgid16(old_gid_t rgid, + * old_gid_t egid, + * old_gid_t sgid) + */ probe kernel.syscall.setresgid16 = - kernel.function("sys_setresgid") { - name = "setresgid16" - rgid = $rgid - egid = $egid - sgid = $sgid - } - + kernel.function("sys_setresgid") { + name = "setresgid16" + rgid = $rgid + egid = $egid + sgid = $sgid + } probe kernel.syscall.setresgid16.return = - kernel.function("sys_setresgid").return { - name = "setresgid16.return" - rgid = $rgid - egid = $egid - sgid = $sgid - } + kernel.function("sys_setresgid").return { + name = "setresgid16.return" + } # getresgid16______________________________________ -/* asmlinkage long sys_getresuid16(old_uid_t __user *ruid, - old_uid_t __user *euid, - old_uid_t __user *suid) */ +/* + * asmlinkage long + * sys_getresuid16(old_uid_t __user *ruid, + * old_uid_t __user *euid, + * old_uid_t __user *suid) + */ probe kernel.syscall.getresgid16 = - kernel.function("sys_getresgid") { - name = "getresgid16" - } - + kernel.function("sys_getresgid") { + name = "getresgid16" + ruid_uaddr = $ruid + euid_uaddr = $euid + suid_uaddr = $suid + } probe kernel.syscall.getresgid16.return = - kernel.function("sys_getresgid").return { - name = "getresgid16.return" - /* - ruid = $ruid - euid = $euid - suid = $suid - */ - } + kernel.function("sys_getresgid").return { + name = "getresgid16.return" + } # setfsuid16_______________________________________ -/* asmlinkage long sys_setfsuid16(old_uid_t uid) */ +/* + * asmlinkage long + * sys_setfsuid16(old_uid_t uid) + */ probe kernel.syscall.setfsuid16 = - kernel.function("sys_setfsuid") { - name = "setfsuid16" - uid = $uid - } - + kernel.function("sys_setfsuid") { + name = "setfsuid16" + uid = $uid + } probe kernel.syscall.setfsuid16.return = - kernel.function("sys_setfsuid").return { - name = "setfsuid16.return" - uid = $uid - } + kernel.function("sys_setfsuid").return { + name = "setfsuid16.return" + } # setfsgid16_______________________________________ -/* asmlinkage long sys_setfsgid16(old_gid_t gid) */ +/* + * asmlinkage long + * sys_setfsgid16(old_gid_t gid) + */ probe kernel.syscall.setfsgid16 = - kernel.function("sys_setfsgid") { - name = "setfsgid16" - gid = $gid - } - + kernel.function("sys_setfsgid") { + name = "setfsgid16" + gid = $gid + } probe kernel.syscall.setfsgid16.return = - kernel.function("sys_setfsgid").return { - name = "setfsgid16.return" - gid = $gid - } + kernel.function("sys_setfsgid").return { + name = "setfsgid16.return" + } # getgroups16______________________________________ -/* asmlinkage long sys_getgroups16(int gidsetsize, - old_gid_t __user *grouplist) */ +/* + * asmlinkage long + * sys_getgroups16(int gidsetsize, + * old_gid_t __user *grouplist) + */ probe kernel.syscall.getgroups16 = - kernel.function("sys_getgroups16") { - name = "getgroups16" - size = $gidsetsize - } - + kernel.function("sys_getgroups16") { + name = "getgroups16" + size = $gidsetsize + list_uaddr = $grouplist + } probe kernel.syscall.getgroups16.return = - kernel.function("sys_getgroups16").return { - name = "getgroups16.return" - /* - old_gid_t __user *grouplist - */ - } + kernel.function("sys_getgroups16").return { + name = "getgroups16.return" + } # setgroups16______________________________________ -/* asmlinkage long sys_setgroups16(int gidsetsize, - old_gid_t __user *grouplist) */ +/* + * asmlinkage long + * sys_setgroups16(int gidsetsize, + * old_gid_t __user *grouplist) + */ probe kernel.syscall.setgroups16 = - kernel.function("sys_setgroups16") { - name = "setgroups16" - size = $gidsetsize - /* - old_gid_t __user *grouplist - */ - } - + kernel.function("sys_setgroups16") { + name = "setgroups16" + size = $gidsetsize + list_uaddr = $grouplist + } probe kernel.syscall.setgroups16.return = - kernel.function("sys_setgroups16").return { - name = "setgroups16.return" - size = $gidsetsize - /* - old_gid_t __user *grouplist - */ - } + kernel.function("sys_setgroups16").return { + name = "setgroups16.return" + } # getuid16_________________________________________ -/* asmlinkage long sys_getuid16(void) */ +/* + * asmlinkage long + * sys_getuid16(void) + */ probe kernel.syscall.getuid16 = - kernel.function("sys_getuid16") { - name = "getuid16" - } - + kernel.function("sys_getuid16") { + name = "getuid16" + } probe kernel.syscall.getuid16.return = - kernel.function("sys_getuid16").return { - name = "getuid16.return" - } + kernel.function("sys_getuid16").return { + name = "getuid16.return" + } # geteuid16________________________________________ -/* asmlinkage long sys_geteuid16(void) */ +/* + * asmlinkage long + * sys_geteuid16(void) + */ probe kernel.syscall.geteuid16 = - kernel.function("sys_geteuid16") { - name = "geteuid16" - } - + kernel.function("sys_geteuid16") { + name = "geteuid16" + } probe kernel.syscall.geteuid16.return = - kernel.function("sys_geteuid16").return { - name = "geteuid16.return" - } + kernel.function("sys_geteuid16").return { + name = "geteuid16.return" + } # getgid16_________________________________________ -/* asmlinkage long sys_getgid16(void) */ +/* + * asmlinkage long + * sys_getgid16(void) + */ probe kernel.syscall.getgid16 = - kernel.function("sys_getgid16") { - name = "getgid16" - } - + kernel.function("sys_getgid16") { + name = "getgid16" + } probe kernel.syscall.getgid16.return = - kernel.function("sys_getgid16").return { - name = "getgid16.return" - } + kernel.function("sys_getgid16").return { + name = "getgid16.return" + } # getegid16________________________________________ -/* asmlinkage long sys_getegid16(void) */ +/* + * asmlinkage long + * sys_getegid16(void) + */ probe kernel.syscall.getegid16 = - kernel.function("sys_getegid16") { - name = "getegid16" - } - + kernel.function("sys_getegid16") { + name = "getegid16" + } probe kernel.syscall.getegid16.return = - kernel.function("sys_getegid16").return { - name = "getegid16.return" - } + kernel.function("sys_getegid16").return { + name = "getegid16.return" + } # utime____________________________________________ -/* asmlinkage long sys_utime(char __user * filename, - struct utimbuf __user * times) */ +/* + * asmlinkage long + * sys_utime(char __user * filename, + * struct utimbuf __user * times) + */ probe kernel.syscall.utime = - kernel.function("sys_utime") { - name = "utime" - /* - filename = $filename - times_actime = $times->actime - times_modtime = $times->modtime - */ - } - + kernel.function("sys_utime") { + name = "utime" + filename_uaddr = $filename + buf_uaddr = $times + } probe kernel.syscall.utime.return = - kernel.function("sys_utime").return { - name = "utime.return" - /* - filename = $filename - times_actime = $times->actime - times_modtime = $times->modtime - */ - } + kernel.function("sys_utime").return { + name = "utime.return" + } # utimes___________________________________________ -/* asmlinkage long sys_utimes(char __user * filename, - struct timeval __user * utimes) */ +/* + * asmlinkage long + * sys_utimes(char __user * filename, + * struct timeval __user * utimes) + */ probe kernel.syscall.utimes = - kernel.function("sys_utimes") { - name = "utimes" - /* - filename = $filename - tvp_tv_sec = $utimes->tv_sec - tvp_tv_usec = $utimes->tv_usec - */ - } - + kernel.function("sys_utimes") { + name = "utimes" + filename_uaddr = $filename + tvp_uaddr = $utimes + } probe kernel.syscall.utimes.return = - kernel.function("sys_utimes").return { - name = "utimes.return" - /* - filename = $filename - tvp_tv_sec = $utimes->tv_sec - tvp_tv_usec = $utimes->tv_usec - */ - } + kernel.function("sys_utimes").return { + name = "utimes.return" + } # lseek____________________________________________ -/* asmlinkage off_t sys_lseek(unsigned int fd, - off_t offset, - unsigned int origin) */ +/* + * asmlinkage off_t + * sys_lseek(unsigned int fd, + * off_t offset, + * unsigned int origin) + */ probe kernel.syscall.lseek = - kernel.function("sys_lseek") { - name = "lseek" - fildes = $fd - offset = $offset - whence = $origin - whence_str = - _seek_whence_str($origin) - } - + kernel.function("sys_lseek") { + name = "lseek" + fildes = $fd + offset = $offset + whence = $origin + whence_str = _seek_whence_str($origin) + } probe kernel.syscall.lseek.return = - kernel.function("sys_lseek").return { - name = "lseek.return" - fildes = $fd - offset = $offset - whence = $origin - whence_str = - _seek_whence_str($origin) - } + kernel.function("sys_lseek").return { + name = "lseek.return" + } # llseek___________________________________________ -/* asmlinkage long sys_llseek(unsigned int fd, - unsigned long offset_high, - unsigned long offset_low, - loff_t __user * result, - unsigned int origin) */ +/* + * asmlinkage long + * sys_llseek(unsigned int fd, + * unsigned long offset_high, + * unsigned long offset_low, + * loff_t __user * result, + * unsigned int origin) + */ probe kernel.syscall.llseek = - kernel.function("sys_llseek") { - name = "llseek" - fd = $fd - offset_high = $offset_high - offset_low = $offset_low - whence = $origin - whence_str = - _seek_whence_str($origin) - } - + kernel.function("sys_llseek") { + name = "llseek" + fd = $fd + offset_high = $offset_high + offset_low = $offset_low + result_uaddr = $result + whence = $origin + whence_str = _seek_whence_str($origin) + } probe kernel.syscall.llseek.return = - kernel.function("sys_llseek").return { - name = "llseek.return" - fd = $fd - offset_high = $offset_high - offset_low = $offset_low - /* - result = $result - */ - whence = $origin - whence_str = - _seek_whence_str($origin) - } + kernel.function("sys_llseek").return { + name = "llseek.return" + } # read_____________________________________________ -/* asmlinkage ssize_t sys_read(unsigned int fd, - char __user * buf, - size_t count) */ +/* + * asmlinkage ssize_t + * sys_read(unsigned int fd, + * char __user * buf, + * size_t count) + */ probe kernel.syscall.read = - kernel.function("sys_read") { - name = "read" - fd = $fd - count = $count - } - + kernel.function("sys_read") { + name = "read" + fd = $fd + buf_uaddr = $buf + count = $count + } probe kernel.syscall.read.return = - kernel.function("sys_read").return { - name = "read.return" - fd = $fd - /* - buf = $buf - */ - count = $count - } + kernel.function("sys_read").return { + name = "read.return" + } # readahead________________________________________ -/* asmlinkage ssize_t sys_readahead(int fd, - loff_t offset, - size_t count) */ +/* + * asmlinkage ssize_t + * sys_readahead(int fd, + * loff_t offset, + * size_t count) + */ probe kernel.syscall.readahead = - kernel.function("sys_readahead") { - name = "readahead" - fd = $fd - offset = $offset - count = $count - } - + kernel.function("sys_readahead") { + name = "readahead" + fd = $fd + offset = $offset + count = $count + } probe kernel.syscall.readahead.return = - kernel.function("sys_readahead").return { - name = "readahead.return" - fd = $fd - offset = $offset - count = $count - } + kernel.function("sys_readahead").return { + name = "readahead.return" + } # readv____________________________________________ -/* asmlinkage ssize_t sys_readv(unsigned long fd, - const struct iovec __user *vec, - unsigned long vlen) */ +/* + * asmlinkage ssize_t + * sys_readv(unsigned long fd, + * const struct iovec __user *vec, + * unsigned long vlen) + */ probe kernel.syscall.readv = - kernel.function("sys_readv") { - name = "readv" - fd = $fd - count = $vlen - } - + kernel.function("sys_readv") { + name = "readv" + fd = $fd + vector_uaddr = $vec + count = $vlen + } probe kernel.syscall.readv.return = - kernel.function("sys_readv").return { - name = "readv.return" - fd = $fd - /* - void *iov_base - vector_iov_base = $vec->iov_base - vector_iov_len = $ven->iov_len - */ - count = $vlen - } + kernel.function("sys_readv").return { + name = "readv.return" + } # write____________________________________________ -/* asmlinkage ssize_t sys_write(unsigned int fd, - const char __user * buf, - size_t count) */ +/* + * asmlinkage ssize_t + * sys_write(unsigned int fd, + * const char __user * buf, + * size_t count) + */ probe kernel.syscall.write = - kernel.function("sys_write") { - name = "write" - fd = $fd - /* - buf = $buf - */ - count = $count - } - + kernel.function("sys_write") { + name = "write" + fd = $fd + buf_uaddr = $buf + count = $count + } probe kernel.syscall.write.return = - kernel.function("sys_write").return { - name = "write.return" - fd = $fd - /* - buf = $buf - */ - count = $count - } + kernel.function("sys_write").return { + name = "write.return" + } # writev___________________________________________ -/* asmlinkage ssize_t sys_writev(unsigned long fd, - const struct iovec __user *vec, - unsigned long vlen) */ +/* + * asmlinkage ssize_t + * sys_writev(unsigned long fd, + * const struct iovec __user *vec, + * unsigned long vlen) + */ probe kernel.syscall.writev = - kernel.function("sys_writev") { - name = "writev" - fd = $fd - /* - void *iov_base - vector_iov_base = $vec->iov_base - vector_iov_len = $vec->iov_len - */ - count = $vlen - } - + kernel.function("sys_writev") { + name = "writev" + fd = $fd + vector_uaddr = $vec + count = $vlen + } probe kernel.syscall.writev.return = - kernel.function("sys_writev").return { - name = "writev.return" - fd = $fd - /* - void *iov_base - vector_iov_base = $vec->iov_base - vector_iov_len = $vec->iov_len - */ - count = $vlen - } + kernel.function("sys_writev").return { + name = "writev.return" + } # pread64__________________________________________ -/* asmlinkage ssize_t sys_pread64(unsigned int fd, char __user *buf, - size_t count, loff_t pos) */ +/* + * asmlinkage ssize_t + * sys_pread64(unsigned int fd, + * char __user *buf, + * size_t count, + * loff_t pos) + */ probe kernel.syscall.pread64 = - kernel.function("sys_pread64") { - name = "pread64" - fd = $fd - count = $count - offset = $pos - } - + kernel.function("sys_pread64") { + name = "pread64" + fd = $fd + buf_uaddr = $buf + count = $count + offset = $pos + } probe kernel.syscall.pread64.return = - kernel.function("sys_pread64").return { - name = "pread64.return" - fd = $fd - /* - void *buf - buf = $buf - */ - count = $count - offset = $pos - } + kernel.function("sys_pread64").return { + name = "pread64.return" + } # pwrite64_________________________________________ -/* asmlinkage ssize_t sys_pwrite64(unsigned int fd, - const char __user *buf, - size_t count, loff_t pos) */ +/* + * asmlinkage ssize_t + * sys_pwrite64(unsigned int fd, + * const char __user *buf, + * size_t count, + * loff_t pos) + */ probe kernel.syscall.pwrite64 = - kernel.function("sys_pwrite64") { - name = "pwrite64" - fd = $fd - /* - const void *buf - buf = $buf - */ - count = $count - offset = $pos - } - + kernel.function("sys_pwrite64") { + name = "pwrite64" + fd = $fd + buf_uaddr = $buf + count = $count + offset = $pos + } probe kernel.syscall.pwrite64.return = - kernel.function("sys_pwrite64").return { - name = "pwrite64.return" - fd = $fd - /* - const void *buf - buf = $buf - */ - count = $count - offset = $pos - } + kernel.function("sys_pwrite64").return { + name = "pwrite64.return" + } # getcwd___________________________________________ -/* asmlinkage long sys_getcwd(char __user *buf, unsigned long size) */ +/* + * asmlinkage long + * sys_getcwd(char __user *buf, + * unsigned long size) + */ probe kernel.syscall.getcwd = - kernel.function("sys_getcwd") { - name = "getcwd" - size = $size - } - + kernel.function("sys_getcwd") { + name = "getcwd" + buf_uaddr = $buf + size = $size + } probe kernel.syscall.getcwd.return = - kernel.function("sys_getcwd").return { - name = "getcwd.return" - /* - buf = $buf - */ - size = $size - } + kernel.function("sys_getcwd").return { + name = "getcwd.return" + } # mkdir____________________________________________ -/* asmlinkage long sys_mkdir(const char __user * pathname, int mode) */ +/* + * asmlinkage long + * sys_mkdir(const char __user * pathname, + * int mode) + */ probe kernel.syscall.mkdir = - kernel.function("sys_mkdir") { - name = "mkdir" - /* - pathname = $pathname - */ - mode = $mode - /* - mode_str = _mode_str($mode) - */ - } - + kernel.function("sys_mkdir") { + name = "mkdir" + pathname_uaddr = $pathname + mode = $mode + } probe kernel.syscall.mkdir.return = - kernel.function("sys_mkdir").return { - name = "mkdir.return" - /* - pathname = $pathname - */ - mode = $mode - /* - mode_str = _mode_str($mode) - */ - } + kernel.function("sys_mkdir").return { + name = "mkdir.return" + } # chdir____________________________________________ -/* asmlinkage long sys_chdir(const char __user * filename) */ +/* + * asmlinkage long + * sys_chdir(const char __user * filename) + */ probe kernel.syscall.chdir = - kernel.function("sys_chdir") { - name = "chdir" - /* - path = $filename - */ - } - + kernel.function("sys_chdir") { + name = "chdir" + path_uaddr = $filename + } probe kernel.syscall.chdir.return = - kernel.function("sys_chdir").return { - name = "chdir.return" - /* - path = $filename - */ - } + kernel.function("sys_chdir").return { + name = "chdir.return" + } # fchdir___________________________________________ -/* asmlinkage long sys_fchdir(unsigned int fd) */ +/* + * asmlinkage long + * sys_fchdir(unsigned int fd) + */ probe kernel.syscall.fchdir = - kernel.function("sys_fchdir") { - name = "fchdir" - fd = $fd - } - + kernel.function("sys_fchdir") { + name = "fchdir" + fd = $fd + } probe kernel.syscall.fchdir.return = - kernel.function("sys_fchdir").return { - name = "fchdir.return" - fd = $fd - } + kernel.function("sys_fchdir").return { + name = "fchdir.return" + } # rmdir____________________________________________ -/* asmlinkage long sys_rmdir(const char __user * pathname) */ +/* + * asmlinkage long + * sys_rmdir(const char __user * pathname) + */ probe kernel.syscall.rmdir = - kernel.function("sys_rmdir") { - name = "rmdir" - /* - pathname = $pathname - */ - } - + kernel.function("sys_rmdir") { + name = "rmdir" + pathname_uaddr = $pathname + } probe kernel.syscall.rmdir.return = - kernel.function("sys_rmdir").return { - name = "rmdir.return" - /* - pathname = $pathname - */ - } + kernel.function("sys_rmdir").return { + name = "rmdir.return" + } # lookup_dcookie___________________________________ -/* asmlinkage long sys_lookup_dcookie(u64 cookie64, - char __user * buf, - size_t len) */ +/* + * asmlinkage long + * sys_lookup_dcookie(u64 cookie64, + * char __user * buf, + * size_t len) + */ probe kernel.syscall.lookup_dcookie = - kernel.function("sys_lookup_dcookie") { - name = "lookup_dcookie" - cookie = $cookie64 - len = $len - } - + kernel.function("sys_lookup_dcookie") { + name = "lookup_dcookie" + cookie = $cookie64 + buffer_uaddr = $buf + len = $len + } probe kernel.syscall.lookup_dcookie.return = - kernel.function("sys_lookup_dcookie").return { - name = "lookup_dcookie.return" - cookie = $cookie64 - /* - buffer = $buf - */ - len = $len - } + kernel.function("sys_lookup_dcookie").return { + name = "lookup_dcookie.return" + } # quotactl_________________________________________ -/* asmlinkage long sys_quotactl(unsigned int cmd, - const char __user *special, - qid_t id, void __user *addr) */ +/* + * asmlinkage long + * sys_quotactl(unsigned int cmd, + * const char __user *special, + * qid_t id, + * void __user *addr) + */ probe kernel.syscall.quotactl = - kernel.function("sys_quotactl") { - name = "quotactl" - cmd = $cmd - cmd_str = _quotactl_cmd_str($cmd) - /* - special = $special - */ - id = $id - /* - addr = $addr - */ - } - + kernel.function("sys_quotactl") { + name = "quotactl" + cmd = $cmd + cmd_str = _quotactl_cmd_str($cmd) + special_uaddr = $special + id = $id + /* + addr = $addr + */ + } probe kernel.syscall.quotactl.return = - kernel.function("sys_quotactl").return { - name = "quotactl.return" - cmd = $cmd - cmd_str = _quotactl_cmd_str($cmd) - /* - special = $special - */ - id = $id - /* - addr = $addr - */ - } + kernel.function("sys_quotactl").return { + name = "quotactl.return" + } # getdents_________________________________________ -/* asmlinkage long sys_getdents(unsigned int fd, - struct linux_dirent __user * dirent, - unsigned int count) */ +/* + * asmlinkage long + * sys_getdents(unsigned int fd, + * struct linux_dirent __user * dirent, + * unsigned int count) + */ probe kernel.syscall.getdents = - kernel.function("sys_getdents") { - name = "getdents" - fd = $fd - count = $count - } - + kernel.function("sys_getdents") { + name = "getdents" + fd = $fd + dirp_uaddr = $dirent + count = $count + } probe kernel.syscall.getdents.return = - kernel.function("sys_getdents").return { - name = "getdents.return" - fd = $fd - /* - dirp_d_ino = $dirent->d_ino - dirp_d_off = $dirent->d_off - dirp_d_reclen = $dirent->d_reclen - dirp_d_name = $dirent->d_name - */ - count = $count - } + kernel.function("sys_getdents").return { + name = "getdents.return" + } # getdents64_______________________________________ -/* asmlinkage long sys_getdents64(unsigned int fd, - struct linux_dirent64 __user * dirent, - unsigned int count) */ +/* + * asmlinkage long + * sys_getdents64(unsigned int fd, + * struct linux_dirent64 __user * dirent, + * unsigned int count) + */ probe kernel.syscall.getdents64 = - kernel.function("sys_getdents64") { - name = "getdents64" - fd = $fd - count = $count - } - + kernel.function("sys_getdents64") { + name = "getdents64" + fd = $fd + dirp_uaddr = $dirent + count = $count + } probe kernel.syscall.getdents64.return = - kernel.function("sys_getdents64").return { - name = "getdents64.return" - fd = $fd - /* - dirp_d_ino = $dirent->d_ino - dirp_d_off = $dirent->d_off - dirp_d_reclen = $dirent->d_reclen - dirp_d_name = $dirent->d_name - */ - count = $count - } + kernel.function("sys_getdents64").return { + name = "getdents64.return" + } # setsockopt_______________________________________ -/* asmlinkage long sys_setsockopt(int fd, int level, - int optname, - char __user *optval, - int optlen) */ +/* + * asmlinkage long + * sys_setsockopt(int fd, + * int level, + * int optname, + * char __user *optval, + * int optlen) + */ probe kernel.syscall.setsockopt = - kernel.function("sys_setsockopt") { - name = "setsockopt" - fd = $fd - level = $level - level_str = - _sockopt_level_str($level) - optname = $optname - optname_str = - _sockopt_optname_str($optname) - /* - optval = $optval - */ - optlen = $optlen - } - + kernel.function("sys_setsockopt") { + name = "setsockopt" + fd = $fd + level = $level + level_str = _sockopt_level_str($level) + optname = $optname + optname_str = _sockopt_optname_str($optname) + optval_uaddr = $optval + optlen = $optlen + } probe kernel.syscall.setsockopt.return = - kernel.function("sys_setsockopt").return { - name = "setsockopt.return" - fd = $fd - level = $level - level_str = - _sockopt_level_str($level) - optname = $optname - optname_str = - _sockopt_optname_str($optname) - /* - optval = $optval - */ - optlen = $optlen - } + kernel.function("sys_setsockopt").return { + name = "setsockopt.return" + } # getsockopt_______________________________________ -/* asmlinkage long sys_getsockopt(int fd, int level, - int optname, - char __user *optval, - int __user *optlen) */ +/* + * asmlinkage long + * sys_getsockopt(int fd, + * int level, + * int optname, + * char __user *optval, + * int __user *optlen) + */ probe kernel.syscall.getsockopt = - kernel.function("sys_getsockopt") { - name = "getsockopt" - fd = $fd - level = $level - level_str = - _sockopt_level_str($level) - optname = $optname - optname_str = - _sockopt_optname_str($optname) - } - + kernel.function("sys_getsockopt") { + name = "getsockopt" + fd = $fd + level = $level + level_str = _sockopt_level_str($level) + optname = $optname + optname_str = _sockopt_optname_str($optname) + optval_uaddr = $optval + optlen_uaddr = $optlen + } probe kernel.syscall.getsockopt.return = - kernel.function("sys_getsockopt").return { - name = "getsockopt.return" - fd = $fd - level = $level - level_str = - _sockopt_level_str($level) - optname = $optname - optname_str = - _sockopt_optname_str($optname) - /* - optval = $optval - optlen = $optlen - */ - } + kernel.function("sys_getsockopt").return { + name = "getsockopt.return" + } # bind_____________________________________________ -/* asmlinkage long sys_bind(int fd, - struct sockaddr __user *umyaddr, - int addrlen) */ +/* + * asmlinkage long + * sys_bind(int fd, + * struct sockaddr __user *umyaddr, + * int addrlen) + */ probe kernel.syscall.bind = - kernel.function("sys_bind") { - name = "bind" - sockfd = $fd - /* - my_addr_sa_family = $umyaddr->sa_family - my_addr_sa_data = $umyaddr->sa_data - - This alias requires more extensive research before it - will be complete... - - The rules used in name binding vary between address families. - Consult the manual entries in Section 7 for detailed - information. For AF_INET see ip(7), for AF_UNIX see unix(7), - for AF_APPLETALK see ddp(7), for AF_PACKET see packet(7), - for AF_X25 see x25(7) and for AF_NETLINK see netlink(7). - */ - addrlen = $addrlen - } - + kernel.function("sys_bind") { + name = "bind" + sockfd = $fd + my_addr_uaddr = $umyaddr + addrlen = $addrlen + } probe kernel.syscall.bind.return = - kernel.function("sys_bind").return { - name = "bind.return" - sockfd = $fd - /* - my_addr_sa_family = $umyaddr->sa_family - my_addr_sa_data = $umyaddr->sa_data - - This alias requires more extensive research before it - will be complete... - - The rules used in name binding vary between address families. - Consult the manual entries in Section 7 for detailed - information. For AF_INET see ip(7), for AF_UNIX see unix(7), - for AF_APPLETALK see ddp(7), for AF_PACKET see packet(7), - for AF_X25 see x25(7) and for AF_NETLINK see netlink(7). - */ - } + kernel.function("sys_bind").return { + name = "bind.return" + } # connect__________________________________________ -/* asmlinkage long sys_socket(int family, int type, int protocol) */ +/* + * asmlinkage long + * sys_connect(int fd, + * struct sockaddr __user *uservaddr, + * int addrlen) + */ probe kernel.syscall.connect = - kernel.function("sys_connect") { - name = "connect" - /* - my_addr_sa_family = $umyaddr->sa_family - my_addr_sa_data = $umyaddr->sa_data - - This alias requires more extensive research before it - will be complete... - - The rules used in name binding vary between address families. - Consult the manual entries in Section 7 for detailed - information. For AF_INET see ip(7), for AF_UNIX see unix(7), - for AF_APPLETALK see ddp(7), for AF_PACKET see packet(7), - for AF_X25 see x25(7) and for AF_NETLINK see netlink(7). - */ - } - + kernel.function("sys_connect") { + name = "connect" + sockfd = $fd + serv_addr_uaddr = $uservaddr + addrlen = $addrlen +} probe kernel.syscall.connect.return = - kernel.function("sys_connect").return { - name = "connect.return" - /* - my_addr_sa_family = $umyaddr->sa_family - my_addr_sa_data = $umyaddr->sa_data - - This alias requires more extensive research before it - will be complete... - - The rules used in name binding vary between address families. - Consult the manual entries in Section 7 for detailed - information. For AF_INET see ip(7), for AF_UNIX see unix(7), - for AF_APPLETALK see ddp(7), for AF_PACKET see packet(7), - for AF_X25 see x25(7) and for AF_NETLINK see netlink(7). - */ - } + kernel.function("sys_connect").return { + name = "connect.return" + } # accept___________________________________________ -/* asmlinkage long sys_accept(int fd, - struct sockaddr __user *upeer_sockaddr, - int __user *upeer_addrlen) */ +/* + * asmlinkage long + * sys_accept(int fd, + * struct sockaddr __user *upeer_sockaddr, + * int __user *upeer_addrlen) + */ probe kernel.syscall.accept = - kernel.function("sys_accept") { - name = "accept" - s = $fd - /* - addr_sa_family = $upeer_sockaddr->sa_family - addr_sa_data = $upeer_sockaddr->sa_data - addrlen = $upeer_addrlen - - See above ... - */ - } - + kernel.function("sys_accept") { + name = "accept" + s = $fd + addr_uaddr = $upeer_sockaddr + addrlen_uaddr = $upeer_addrlen + } probe kernel.syscall.accept.return = - kernel.function("sys_accept").return { - name = "accept.return" - s = $fd - /* - addr_sa_family = $upeer_sockaddr->sa_family - addr_sa_data = $upeer_sockaddr->sa_data - addrlen = $upeer_addrlen - - See above ... - */ - } + kernel.function("sys_accept").return { + name = "accept.return" + } # getsockname______________________________________ -/* asmlinkage long sys_getsockname(int fd, - struct sockaddr __user *usockaddr, - int __user *usockaddr_len)*/ -probe kernel.syscall.getsockname = - kernel.function("sys_getsockname") { - name = "getsockname" - s = $fd - /* - name_sa_family = $usockaddr->sa_family - name_sa_data = $usockaddr->sa_data - namelen = $usockaddr_len - - See above ... - */ - } - +/* + * asmlinkage long + * sys_getsockname(int fd, + * struct sockaddr __user *usockaddr, + * int __user *usockaddr_len) + */ +probe kernel.syscall.getsockname = + kernel.function("sys_getsockname") { + name = "getsockname" + s = $fd + name_uaddr = $usockaddr + namelen_uaddr = $usockaddr_len + } probe kernel.syscall.getsockname.return = - kernel.function("sys_getsockname").return { - name = "getsockname.return" - s = $fd - /* - name_sa_family = $usockaddr->sa_family - name_sa_data = $usockaddr->sa_data - namelen = $usockaddr_len - - See above ... - */ - } + kernel.function("sys_getsockname").return { + name = "getsockname.return" + } # getpeername______________________________________ -/* asmlinkage long sys_getpeername(int fd, - struct sockaddr __user *usockaddr, - int __user *usockaddr_len) */ +/* + * asmlinkage long + * sys_getpeername(int fd, + * struct sockaddr __user *usockaddr, + * int __user *usockaddr_len) + */ probe kernel.syscall.getpeername = - kernel.function("sys_getpeername") { - name = "getpeername" - s = $fd - /* - name_sa_family = $usockaddr->sa_family - name_sa_data = $usockaddr->sa_data - namelen = $usockaddr_len - - See above ... - */ - } - + kernel.function("sys_getpeername") { + name = "getpeername" + s = $fd + name_uaddr = $usockaddr + namelen_uaddr = $usockaddr_len + } probe kernel.syscall.getpeername.return = - kernel.function("sys_getpeername").return { - name = "getpeername.return" - /* - name_sa_family = $usockaddr->sa_family - name_sa_data = $usockaddr->sa_data - namelen = $usockaddr_len - - See above ... - */ - } + kernel.function("sys_getpeername").return { + name = "getpeername.return" + } # send_____________________________________________ -/* asmlinkage long sys_sendto(int fd, void __user * buff, - size_t len, unsigned flags, - struct sockaddr __user *addr, - int addr_len) */ +/* + * asmlinkage long + * sys_sendto(int fd, + * void __user * buff, + * size_t len, + * unsigned flags, + * struct sockaddr __user *addr, + * int addr_len) + */ probe kernel.syscall.send = - kernel.function("sys_sendto") { - name = "send" - s = $fd - /* - buf = $buf - */ - len = $len - flags = $flags - flags_str = _send_flags_str($flags) - /* - to_sa_family = $addr->sa_family - to_sa_data = $addr->sa_data - tolen = $addr_len - */ - } - + kernel.function("sys_sendto") { + name = "send" + s = $fd + /* + buf = $buf + */ + len = $len + flags = $flags + flags_str = _send_flags_str($flags) + to_uaddr = $addr + tolen = $addr_len + } probe kernel.syscall.send.return = - kernel.function("sys_sendto").return { - name = "send.return" - s = $fd - /* - buf = $buf - */ - len = $len - flags = $flags - flags_str = _send_flags_str($flags) - /* - to_sa_family = $addr->sa_family - to_sa_data = $addr->sa_data - tolen = $addr_len - */ - } + kernel.function("sys_sendto").return { + name = "send.return" + } # sendto___________________________________________ -/* asmlinkage long sys_sendto(int fd, void __user * buff, - size_t len, unsigned flags, - struct sockaddr __user *addr, - int addr_len) */ +/* + * asmlinkage long + * sys_sendto(int fd, + * void __user * buff, + * size_t len, + * unsigned flags, + * struct sockaddr __user *addr, + * int addr_len) + */ probe kernel.syscall.sendto = - kernel.function("sys_sendto") { - name = "sendto" - s = $fd - /* - buf = $buf - */ - len = $len - flags = $flags - flags_str = _send_flags_str($flags) - /* - to_sa_family = $addr->sa_family - to_sa_data = $addr->sa_data - tolen = $addr_len - */ - } - + kernel.function("sys_sendto") { + name = "sendto" + s = $fd + /* + buf = $buf + */ + len = $len + flags = $flags + flags_str = _send_flags_str($flags) + to_uaddr = $addr + tolen = $addr_len + } probe kernel.syscall.sendto.return = - kernel.function("sys_sendto").return { - name = "sendto.return" - s = $fd - /* - buf = $buf - */ - len = $len - flags = $flags - flags_str = _send_flags_str($flags) - /* - to_sa_family = $addr->sa_family - to_sa_data = $addr->sa_data - tolen = $addr_len - */ - } + kernel.function("sys_sendto").return { + name = "sendto.return" + } # sendmsg__________________________________________ -/* asmlinkage long sys_sendmsg(int fd, - struct msghdr __user *msg, - unsigned flags) */ +/* + * asmlinkage long + * sys_sendmsg(int fd, + * struct msghdr __user *msg, + * unsigned flags) + */ probe kernel.syscall.sendmsg = - kernel.function("sys_sendmsg") { - name = "sendmsg" - s = $fd - /* - msg_msg_name = $msg->msg_name - msg_msg_namelen = $msg->msg_namelen - - msg_msg_iov_iov_base = $msg->msg_iov->iovbase - msg_msg_iov_iov_len = $msg->msg_iov->iov_len - - msg_msg_iovlen = $msg->msg_iovlen - msg_msg_control = $msg->msg_control - msg_msg_corntollen = $msg->msg_controllen - msg_msg_flags = $msg->msg_flags - */ - flags = $flags - flags_str = _send_flags_str($flags) - } - + kernel.function("sys_sendmsg") { + name = "sendmsg" + s = $fd + msg_uaddr = $msg + flags = $flags + flags_str = _send_flags_str($flags) + } probe kernel.syscall.sendmsg.return = - kernel.function("sys_sendmsg").return { - name = "sendmsg.return" - s = $fd - /* - msg_msg_name = $msg->msg_name - msg_msg_namelen = $msg->msg_namelen - - msg_msg_iov_iov_base = $msg->msg_iov->iovbase - msg_msg_iov_iov_len = $msg->msg_iov->iov_len - - msg_msg_iovlen = $msg->msg_iovlen - msg_msg_control = $msg->msg_control - msg_msg_corntollen = $msg->msg_controllen - msg_msg_flags = $msg->msg_flags - */ - flags = $flags - flags_str = _send_flags_str($flags) - } + kernel.function("sys_sendmsg").return { + name = "sendmsg.return" + } # recv_____________________________________________ -/* asmlinkage long sys_recvfrom(int fd, - void __user * ubuf, - size_t size, - unsigned flags, - struct sockaddr __user *addr, - int __user *addr_len) */ +/* + * asmlinkage long + * sys_recvfrom(int fd, + * void __user * ubuf, + * size_t size, + * unsigned flags, + * struct sockaddr __user *addr, + * int __user *addr_len) + */ probe kernel.syscall.recv = - kernel.function("sys_recvfrom") { - name = "recv" - s = $fd - len = $size - flags = $flags - flags_str = _recvflags_str($flags) - /* - fromlen = $addr_len - */ - } - + kernel.function("sys_recvfrom") { + name = "recv" + s = $fd + /* + buf = $buf + */ + len = $size + flags = $flags + flags_str = _recvflags_str($flags) + from_uaddr = $addr + fromlen_uaddr = $addr_len + } probe kernel.syscall.recv.return = - kernel.function("sys_recvfrom").return { - name = "recv.return" - s = $fd - /* - buf = $buf - */ - len = $size - flags = $flags - flags_str = _recvflags_str($flags) - /* - from_sa_family = $addr->sa_family - from_sa_data = $addr->sa_data - fromlen = $addr_len - */ - } + kernel.function("sys_recvfrom").return { + name = "recv.return" + } # recvfrom_________________________________________ -/* asmlinkage long sys_recvfrom(int fd, - void __user * ubuf, - size_t size, - unsigned flags, - struct sockaddr __user *addr, - int __user *addr_len) */ +/* + * asmlinkage long + * sys_recvfrom(int fd, + * void __user * ubuf, + * size_t size, + * unsigned flags, + * struct sockaddr __user *addr, + * int __user *addr_len) + */ probe kernel.syscall.recvfrom = - kernel.function("sys_recvfrom") { - name = "recvfrom" - s = $fd - len = $size - flags = $flags - flags_str = _recvflags_str($flags) - /* - fromlen = $addr_len - */ - } - + kernel.function("sys_recvfrom") { + name = "recvfrom" + s = $fd + /* + buf = $buf + */ + len = $size + flags = $flags + flags_str = _recvflags_str($flags) + from_uaddr = $addr + fromlen = $addr_len + } probe kernel.syscall.recvfrom.return = - kernel.function("sys_recvfrom").return { - name = "recvfrom.return" - s = $fd - /* - buf = $buf - */ - len = $size - flags = $flags - flags_str = _recvflags_str($flags) - /* - from_sa_family = $addr->sa_family - from_sa_data = $addr->sa_data - fromlen = $addr_len - */ - } + kernel.function("sys_recvfrom").return { + name = "recvfrom.return" + } # recvmsg__________________________________________ -/* asmlinkage long sys_recvmsg(int fd, - struct msghdr __user *msg, - unsigned int flags) */ +/* + * asmlinkage long + * sys_recvmsg(int fd, + * struct msghdr __user *msg, + * unsigned int flags) + */ probe kernel.syscall.recvmsg = - kernel.function("sys_recvmsg") { - name = "recvmsg" - s = $fd - flags = $flags - - msg_msg_corntollen = $msg->msg_controllen - msg_msg_flags = $msg->msg_flags - flags = _recvflags_str($flags) - } - + kernel.function("sys_recvmsg") { + name = "recvmsg" + s = $fd + msg_uaddr = $msg + flags = $flags + flags_str = _recvflags_str($flags) + } probe kernel.syscall.recvmsg.return = - kernel.function("sys_recvmsg").return { - name = "recvmsg.return" - s = $fd - flags = $flags - flags = _recvflags_str($flags) - /* - msg_msg_name = $msg->msg_name - msg_msg_namelen = $msg->msg_namelen - - msg_msg_iov_iov_base = $msg->msg_iov->iovbase - msg_msg_iov_iov_len = $msg->msg_iov->iov_len - - msg_msg_iovlen = $msg->msg_iovlen - msg_msg_control = $msg->msg_control - msg_msg_corntollen = $msg->msg_controllen - msg_msg_flags = $msg->msg_flags - */ - } + kernel.function("sys_recvmsg").return { + name = "recvmsg.return" + } # socket___________________________________________ -/* asmlinkage long sys_socket(int family, int type, int protocol) */ +/* + * asmlinkage long + * sys_socket(int family, + * int type, + * int protocol) + */ probe kernel.syscall.socket = - kernel.function("sys_socket") { - name = "socket" - family = $family - family_str = - _sock_family_str($family) - type = type - type_str = - _sock_type_str($type) - protocol = $protocol - } - + kernel.function("sys_socket") { + name = "socket" + family = $family + family_str = _sock_family_str($family) + type = $type + type_str = _sock_type_str($type) + protocol = $protocol + } probe kernel.syscall.socket.return = - kernel.function("sys_socket").return { - name = "socket.return" - family = $family - family_str = - _sock_family_str($family) - type = type - type_str = - _sock_type_str($type) - protocol = $protocol - } + kernel.function("sys_socket").return { + name = "socket.return" + } # socketpair_______________________________________ -/* asmlinkage long sys_socketpair(int family, int type, - int protocol, int __user *usockvec) */ +/* + * asmlinkage long + * sys_socketpair(int family, + * int type, + * int protocol, + * int __user *usockvec) + */ probe kernel.syscall.socketpair = - kernel.function("sys_socketpair") { - name = "socketpair" - family = $family - family_str = - _sock_family_str($family) - type = type - type_str = - _sock_type_str($type) - protocol = $protocol - } - + kernel.function("sys_socketpair") { + name = "socketpair" + family = $family + family_str = _sock_family_str($family) + type = $type + type_str = _sock_type_str($type) + protocol = $protocol + sv_uaddr = $usockvec + } probe kernel.syscall.socketpair.return = - kernel.function("sys_socketpair").return { - name = "socketpair.return" - family = $family - family_str = - _sock_family_str($family) - type = type - type_str = - _sock_type_str($type) - protocol = $protocol - /* - ..of course, accessing sv vector will - require some embedded C aux function. - sv_0 = $usockvec[0] - sv_1 = $usockvec[1] - */ - } + kernel.function("sys_socketpair").return { + name = "socketpair.return" + } # socketcall_______________________________________ -/* asmlinkage long sys_socketcall(int call, - unsigned long __user *args) */ +/* + * asmlinkage long + * sys_socketcall(int call, + * unsigned long __user *args) + */ probe kernel.syscall.socketcall = - kernel.function("sys_socketcall") { - name = "socketcall" - call = $call - /* - args = $args - */ - } - + kernel.function("sys_socketcall") { + name = "socketcall" + call = $call + args_uaddr = $args + } probe kernel.syscall.socketcall.return = - kernel.function("sys_socketcall").return { - name = "socketcall.return" - call = $call - /* - args = $args - */ - } + kernel.function("sys_socketcall").return { + name = "socketcall.return" + } # listen___________________________________________ -/* asmlinkage long sys_listen(int fd, int backlog) */ +/* + * asmlinkage long + * sys_listen(int fd, + * int backlog) + */ probe kernel.syscall.listen = - kernel.function("sys_listen") { - name = "listen" - s = $fd - backlog = $backlog - } - + kernel.function("sys_listen") { + name = "listen" + s = $fd + backlog = $backlog + } probe kernel.syscall.listen.return = - kernel.function("sys_listen").return { - name = "listen.return" - s = $fd - backlog = $backlog - } + kernel.function("sys_listen").return { + name = "listen.return" + } # poll_____________________________________________ -/* asmlinkage long sys_poll(struct pollfd __user * ufds, - unsigned int nfds, - long timeout) */ +/* + * asmlinkage long + * sys_poll(struct pollfd __user * ufds, + * unsigned int nfds, + * long timeout) + */ probe kernel.syscall.poll = - kernel.function("sys_poll") { - name = "poll" - nfds = $nfds - timeout = $timout - } - + kernel.function("sys_poll") { + name = "poll" + ufds_uaddr = $ufds + nfds = $nfds + timeout = $timeout + } probe kernel.syscall.poll.return = - kernel.function("sys_poll").return { - name = "poll.return" - /* - ufds = nfds size array of struct pollfd - struct pollfd { - int fd; - short events; - short revents; - }; - where revents = - #define POLLIN 0x0001 // There is data to read - #define POLLPRI 0x0002 // There is urgent data to read - #define POLLOUT 0x0004 // Writing now will not block - #define POLLERR 0x0008 // Error condition - #define POLLHUP 0x0010 // Hung up - #define POLLNVAL 0x0020 // Invalid request: fd not open - When compiling XPG4.2 source one also has - #ifdef _XOPEN_SOURCE - #define POLLRDNORM 0x0040 // Normal data may be read - #define POLLRDBAND 0x0080 // Priority data may be read - #define POLLWRNORM 0x0100 // Writing now will not block - #define POLLWRBAND 0x0200 // Priority data may be written - #endif - Finally, Linux knows about - #ifdef _GNU_SOURCE - #define POLLMSG 0x0400 - #endif - */ - nfds = $nfds - timeout = $timout - } + kernel.function("sys_poll").return { + name = "poll.return" + } # select___________________________________________ -/* asmlinkage long sys_select(int n, fd_set __user *inp, - fd_set __user *outp, - fd_set __user *exp, - struct timeval __user *tvp) */ +/* + * asmlinkage long + * sys_select(int n, + * fd_set __user *inp, + * fd_set __user *outp, + * fd_set __user *exp, + * struct timeval __user *tvp) + */ probe kernel.syscall.select = - kernel.function("sys_select") { - name = "select" - n = $n - /* - readfds = $inp - writefds = $outp - exceptfds = $exp - timeout_tv_sec = $tvp->tv_sec - timoute_tv_usec = $tvp->tv_usec - */ - } - + kernel.function("sys_select") { + name = "select" + n = $n + readfds_uaddr = $inp + writefds_uaddr = $outp + exceptfds_uaddr = $exp + timeout_uaddr = $tvp + } probe kernel.syscall.select.return = - kernel.function("sys_select").return { - name = "select.return" - n = $n - /* - readfds = $inp - writefds = $outp - exceptfds = $exp - timeout_tv_sec = $tvp->tv_sec - timoute_tv_usec = $tvp->tv_usec - */ - } + kernel.function("sys_select").return { + name = "select.return" + } # epoll_create_____________________________________ -/* asmlinkage long sys_epoll_create(int size) */ +/* + * asmlinkage long + * sys_epoll_create(int size) + */ probe kernel.syscall.epoll_create = - kernel.function("sys_epoll_create") { - name = "epoll_create" - size = $size - } - + kernel.function("sys_epoll_create") { + name = "epoll_create" + size = $size + } probe kernel.syscall.epoll_create.return = - kernel.function("sys_epoll_create").return { - name = "epoll_create.return" - size = $size - } + kernel.function("sys_epoll_create").return { + name = "epoll_create.return" + } # epoll_ctl________________________________________ -/* asmlinkage long sys_epoll_ctl(int epfd, int op, - int fd, - struct epoll_event __user *event) */ +/* + * asmlinkage long + * sys_epoll_ctl(int epfd, + * int op, + * int fd, + * struct epoll_event __user *event) + */ probe kernel.syscall.epoll_ctl = - kernel.function("sys_epoll_ctl") { - name = "epoll_ctl" - epfd = $epfd - op = $op - op_str = _opoll_op_str($op) - fd = $fd - /* - event_events = $event->events - event_events_str = - _epoll_events_str($event->events) - event_data_ptr = $event->data->ptr - event_data_fd = $event->data->fd - event_data_u32 = $event->data->u32 - event_data_u64 = $event->data->u64 - */ - } - + kernel.function("sys_epoll_ctl") { + name = "epoll_ctl" + epfd = $epfd + op = $op + op_str = _opoll_op_str($op) + fd = $fd + event_uaddr = $event + } probe kernel.syscall.epoll_ctl.return = - kernel.function("sys_epoll_ctl").return { - name = "epoll_ctl.return" - epfd = $epfd - op = $op - op_str = _opoll_op_str($op) - fd = $fd - /* - event_events = $event->events - event_events_str = - _epoll_events_str($event->events) - event_data_ptr = $event->data->ptr - event_data_fd = $event->data->fd - event_data_u32 = $event->data->u32 - event_data_u64 = $event->data->u64 - */ - } + kernel.function("sys_epoll_ctl").return { + name = "epoll_ctl.return" + } # epoll_wait_______________________________________ -/* asmlinkage long sys_epoll_wait(int epfd, - struct epoll_event __user *events, - int maxevents, int timeout) */ +/* + * asmlinkage long + * sys_epoll_wait(int epfd, + * struct epoll_event __user *events, + * int maxevents, + * int timeout) + */ probe kernel.syscall.epoll_wait = - kernel.function("sys_epoll_wait") { - name = "epoll_wait" - epfd = $epfd - /* - events_events = $events->events - events_events_str = - _epoll_events_str($events->events) - events_data_ptr = $events->data->ptr - events_data_fd = $events->data->fd - events_data_u32 = $events->data->u32 - events_data_u64 = $events->data->u64 - */ - maxevents = $maxevents - timeout = $timeout - } - + kernel.function("sys_epoll_wait") { + name = "epoll_wait" + epfd = $epfd + events_uaddr = $events + maxevents = $maxevents + timeout = $timeout + } probe kernel.syscall.epoll_wait.return = - kernel.function("sys_epoll_wait").return { - name = "epoll_wait.return" - epfd = $epfd - /* - events_events = $events->events - events_events_str = - _epoll_events_str($events->events) - events_data_ptr = $events->data->ptr - events_data_fd = $events->data->fd - events_data_u32 = $events->data->u32 - events_data_u64 = $events->data->u64 - */ - maxevents = $maxevents - timeout = $timeout - } + kernel.function("sys_epoll_wait").return { + name = "epoll_wait.return" + } # gethostname______________________________________ -/* asmlinkage long sys_gethostname(char __user *name, - int len) */ +/* + * asmlinkage long + * sys_gethostname(char __user *name, + * int len) + */ probe kernel.syscall.gethostname = - kernel.function("sys_gethostname") { - name = "gethostname" - len = $len - } - + kernel.function("sys_gethostname") { + name = "gethostname" + hostname_uaddr = $name + len = $len + } probe kernel.syscall.gethostname.return = - kernel.function("sys_gethostname").return { - name = "gethostname.return" - /* - hostname = $name - */ - len = $len - } + kernel.function("sys_gethostname").return { + name = "gethostname.return" + } # sethostname______________________________________ -/* asmlinkage long sys_sethostname(char __user *name, int len) */ +/* + * asmlinkage long + * sys_sethostname(char __user *name, + * int len) + */ probe kernel.syscall.sethostname = - kernel.function("sys_sethostname") { - name = "sethostname" - /* - hostname = $name - */ - len = $len - } - + kernel.function("sys_sethostname") { + name = "sethostname" + hostname_uaddr = $name + len = $len + } probe kernel.syscall.sethostname.return = - kernel.function("sys_sethostname").return { - name = "sethostname.return" - /* - hostname = $name - */ - len = $len - } + kernel.function("sys_sethostname").return { + name = "sethostname.return" + } # setdomainname____________________________________ -/* asmlinkage long sys_setdomainname(char __user *name, int len) */ +/* + * asmlinkage long + * sys_setdomainname(char __user *name, + * int len) + */ probe kernel.syscall.setdomainname = - kernel.function("sys_setdomainname") { - name = "setdomainname" - /* - hostname = $name - */ - len = $len - } - + kernel.function("sys_setdomainname") { + name = "setdomainname" + hostname_uaddr = $name + len = $len + } probe kernel.syscall.setdomainname.return = - kernel.function("sys_setdomainname").return { - name = "setdomainname.return" - /* - hostname = $name - */ - len = $len - } + kernel.function("sys_setdomainname").return { + name = "setdomainname.return" + } # newuname_________________________________________ -/* asmlinkage long sys_newuname(struct new_utsname __user * name) */ +/* + * asmlinkage long + * sys_newuname(struct new_utsname __user * name) + */ probe kernel.syscall.newuname = - kernel.function("sys_newuname") { - name = "newuname" - /* - name_sysname = $name->sysname - name_nodename = $name->nodename - name_release = $name->release - name_version = $name->version - name_machine = $name->machine - name_domainname = $name->domainname - */ - } - + kernel.function("sys_newuname") { + name = "newuname" + name_uaddr = $name + } probe kernel.syscall.newuname.return = - kernel.function("sys_newuname").return { - name = "newuname.return" - /* - name_sysname = $name->sysname - name_nodename = $name->nodename - name_release = $name->release - name_version = $name->version - name_machine = $name->machine - name_domainname = $name->domainname - */ - } + kernel.function("sys_newuname").return { + name = "newuname.return" + } # getrlimit________________________________________ -/* asmlinkage long sys_getrlimit(unsigned int resource, - struct rlimit __user *rlim) */ +/* + * asmlinkage long + * sys_getrlimit(unsigned int resource, + * struct rlimit __user *rlim) + */ probe kernel.syscall.getrlimit = - kernel.function("sys_getrlimit") { - name = "getrlimit" - resource = $resource - resource_str = - _rlimit_resource_str($resource) - } - + kernel.function("sys_getrlimit") { + name = "getrlimit" + resource = $resource + resource_str = _rlimit_resource_str($resource) + rlim_uaddr = $rlim + } probe kernel.syscall.getrlimit.return = - kernel.function("sys_getrlimit").return { - name = "getrlimit.return" - resource = $resource - resource_str = - _rlimit_resource_str($resource) - /* - rlim_rlim_cur = $rlim->rlim_cur - rlim_rlim_max = $rlim->rlim_max - */ - } + kernel.function("sys_getrlimit").return { + name = "getrlimit.return" + } # old_getrlimit____________________________________ -/* asmlinkage long sys_old_getrlimit(unsigned int resource, - struct rlimit __user *rlim) */ +/* + * asmlinkage long + * sys_old_getrlimit(unsigned int resource, + * struct rlimit __user *rlim) + */ probe kernel.syscall.old_getrlimit = - kernel.function("sys_old_getrlimit") { - name = "old_getrlimit" - resource = $resource - resource_str = - _rlimit_resource_str($resource) - } - + kernel.function("sys_old_getrlimit") { + name = "old_getrlimit" + resource = $resource + resource_str = _rlimit_resource_str($resource) + rlim_uaddr = $rlim + } probe kernel.syscall.old_getrlimit.return = - kernel.function("sys_old_getrlimit").return { - name = "old_getrlimit.return" - resource = $resource - resource_str = - _rlimit_resource_str($resource) - /* - rlim_rlim_cur = $rlim->rlim_cur - rlim_rlim_max = $rlim->rlim_max - */ - } + kernel.function("sys_old_getrlimit").return { + name = "old_getrlimit.return" + } # setrlimit________________________________________ -/* asmlinkage long sys_setrlimit(unsigned int resource, - struct rlimit __user *rlim) */ +/* + * asmlinkage long + * sys_setrlimit(unsigned int resource, + * struct rlimit __user *rlim) + */ probe kernel.syscall.setrlimit = - kernel.function("sys_setrlimit") { - name = "setrlimit" - resource = $resource - resource_str = - _rlimit_resource_str($resource) - /* - rlim_rlim_cur = $rlim->rlim_cur - rlim_rlim_max = $rlim->rlim_max - */ - } - + kernel.function("sys_setrlimit") { + name = "setrlimit" + resource = $resource + resource_str = _rlimit_resource_str($resource) + rlim_uaddr = $rlim + } probe kernel.syscall.setrlimit.return = - kernel.function("sys_setrlimit").return { - name = "setrlimit.return" - resource = $resource - resource_str = - _rlimit_resource_str($resource) - /* - rlim_rlim_cur = $rlim->rlim_cur - rlim_rlim_max = $rlim->rlim_max - */ - } + kernel.function("sys_setrlimit").return { + name = "setrlimit.return" + } # getrusage________________________________________ -/* asmlinkage long sys_getrusage(int who, struct rusage __user *ru) */ +/* + * asmlinkage long + * sys_getrusage(int who, + * struct rusage __user *ru) + */ probe kernel.syscall.getrusage = - kernel.function("sys_getrusage") { - name = "getrusage" - who = $who - who_str = - _rusage_who_str($who) - /* - usage_ru_utime_tv_sec = $ru->ru_utime->tv_sec - usage_ru_utime_tv_usec = $ru->ru_utime->tv_usec - usage_ru_stime_tv_sec = $ru->ru_stime->tv_sec - usage_ru_stime_tv_sec = $ru->ru_stime->tv_sec - usage_ru_maxrss = $ru->ru_maxrss - usage_ru_ixrss = $ru->ru_ixrss - usage_ru_idrss = $ru->ru_idrss - usage_ru_isrss = $ru->ru_isrss - usage_ru_minflt = $ru->ru_minflt - usage_ru_majflt = $ru->ru_majflt - usage_ru_nswap = $ru->ru_nswap - usage_ru_inblock = $ru->ru_inblock - usage_ru_oublock = $ru->ru_oublock - usage_ru_msgsnd = $ru->ru_msgsnd - usage_ru_msgrcv = $ru->ru_msgrcv - usage_ru_nsignals = $ru->ru_nsignals - usage_ru_nvcsw = $ru->ru_nvcsw - usage_ru_nivcsw = $ru->ru_nivcsw - */ - } - + kernel.function("sys_getrusage") { + name = "getrusage" + who = $who + who_str = _rusage_who_str($who) + usage_uaddr = $ru + } probe kernel.syscall.getrusage.return = - kernel.function("sys_getrusage").return { - name = "getrusage.return" - who = $who - who_str = - _rusage_who_str($who) - /* - usage_ru_utime_tv_sec = $ru->ru_utime->tv_sec - usage_ru_utime_tv_usec = $ru->ru_utime->tv_usec - usage_ru_stime_tv_sec = $ru->ru_stime->tv_sec - usage_ru_stime_tv_sec = $ru->ru_stime->tv_sec - usage_ru_maxrss = $ru->ru_maxrss - usage_ru_ixrss = $ru->ru_ixrss - usage_ru_idrss = $ru->ru_idrss - usage_ru_isrss = $ru->ru_isrss - usage_ru_minflt = $ru->ru_minflt - usage_ru_majflt = $ru->ru_majflt - usage_ru_nswap = $ru->ru_nswap - usage_ru_inblock = $ru->ru_inblock - usage_ru_oublock = $ru->ru_oublock - usage_ru_msgsnd = $ru->ru_msgsnd - usage_ru_msgrcv = $ru->ru_msgrcv - usage_ru_nsignals = $ru->ru_nsignals - usage_ru_nvcsw = $ru->ru_nvcsw - usage_ru_nivcsw = $ru->ru_nivcsw - */ - } + kernel.function("sys_getrusage").return { + name = "getrusage.return" + } # umask____________________________________________ -/* asmlinkage long sys_umask(int mask) */ +/* + * asmlinkage long + * sys_umask(int mask) + */ probe kernel.syscall.umask = - kernel.function("sys_umask") { - name = "umask" - mask = $mask - } - + kernel.function("sys_umask") { + name = "umask" + mask = $mask + } probe kernel.syscall.umask.return = - kernel.function("sys_umask").return { - name = "umask.return" - mask = $mask - } + kernel.function("sys_umask").return { + name = "umask.return" + } # msgget___________________________________________ -/* asmlinkage long sys_msgget (key_t key, int msgflg) */ +/* + * asmlinkage long + * sys_msgget (key_t key, + * int msgflg) + */ probe kernel.syscall.msgget = - kernel.function("sys_msgget") { - name = "msgget" - key = $key - msgflg = $msgflg - msgflg_str = _sys_open_flag_str($msgflg) - } - + kernel.function("sys_msgget") { + name = "msgget" + key = $key + msgflg = $msgflg + msgflg_str = _sys_open_flag_str($msgflg) + } probe kernel.syscall.msgget.return = - kernel.function("sys_msgget").return { - name = "msgget.return" - key = $key - msgflg = $msgflg - msgflg_str = _sys_open_flag_str($msgflg) - } + kernel.function("sys_msgget").return { + name = "msgget.return" + } # msgsnd___________________________________________ -/* asmlinkage long sys_msgsnd (int msqid, - struct msgbuf __user *msgp, - size_t msgsz, int msgflg) */ +/* + * asmlinkage long + * sys_msgsnd (int msqid, + * struct msgbuf __user *msgp, + * size_t msgsz, + * int msgflg) + */ probe kernel.syscall.msgsnd = - kernel.function("sys_msgsnd") { - name = "msgsnd" - msqid = $msqid - /* - msgp_mtype = $msgp->mtype - msgp_mtext = $msgp->mtext - */ - msgsz = $msgsz - msgflg = $msgflg - } - + kernel.function("sys_msgsnd") { + name = "msgsnd" + msqid = $msqid + msgp_uaddr = $msgp + msgsz = $msgsz + msgflg = $msgflg + } probe kernel.syscall.msgsnd.return = - kernel.function("sys_msgsnd").return { - name = "msgsnd.return" - msqid = $msqid - /* - msgp_mtype = $msgp->mtype - msgp_mtext = $msgp->mtext - */ - msgsz = $msgsz - msgflg = $msgflg - } + kernel.function("sys_msgsnd").return { + name = "msgsnd.return" + } # msgrcv___________________________________________ -/* asmlinkage long sys_msgrcv (int msqid, struct msgbuf __user *msgp, size_t msgsz, - long msgtyp, int msgflg) */ +/* + * asmlinkage long + * sys_msgrcv (int msqid, + * struct msgbuf __user *msgp, + * size_t msgsz, + * long msgtyp, + * int msgflg) + */ probe kernel.syscall.msgrcv = - kernel.function("sys_msgrcv") { - name = "msgrcv" - msqid = $msqid - msgsz = $msgsz - msgtyp = $msgtyp - msgflg = $msgflg - } - + kernel.function("sys_msgrcv") { + name = "msgrcv" + msqid = $msqid + msgp_uaddr = $msgp + msgsz = $msgsz + msgtyp = $msgtyp + msgflg = $msgflg + } probe kernel.syscall.msgrcv.return = - kernel.function("sys_msgrcv").return { - name = "msgrcv.return" - msqid = $msqid - /* - msgp_mtype = $msgp->mtype - msgp_mtext = $msgp->mtext - */ - msgsz = $msgsz - msgtyp = $msgtyp - msgflg = $msgflg - } + kernel.function("sys_msgrcv").return { + name = "msgrcv.return" + } # msgctl___________________________________________ -/* asmlinkage long sys_msgctl (int msqid, int cmd, - struct msqid_ds __user *buf) */ +/* + * asmlinkage long + * sys_msgctl (int msqid, + * int cmd, + * struct msqid_ds __user *buf) + */ probe kernel.syscall.msgctl = - kernel.function("sys_msgctl") { - name = "msgctl" - msqid = $msqid - cmd = $cmd - /* - buf_msg_perm_key = $buf->msg_perm->key - buf_msg_perm_uid = $buf->msg_perm->uid - buf_msg_perm_gid = $buf->msg_perm->gid - buf_msg_perm_cuid = $buf->msg_perm->cuid - buf_msg_perm_cgid = $buf->msg_perm->cgid - buf_msg_perm_mode = $buf->msg_perm->mode - buf_msg_perm_seq = $buf->msg_perm->seq - - buf_msg_stime = $buf->msg_stime - buf_msg_rtime = $buf->msg_rtime - buf_msg_ctime = $buf->msg_ctime - buf_msg_lcbytes = $buf->msg_lcbytes - buf_msg_lqbytes = $buf->msg_lqbytes - buf_msg_cbytes = $buf->msg_cbytes - buf_msg_qnum = $buf->msg_qnum - buf_msg_qbytes = $buf->msg_qbytes - buf_msg_lspid = $msg->msg_lspid - */ - } - + kernel.function("sys_msgctl") { + name = "msgctl" + msqid = $msqid + cmd = $cmd + buf_uaddr = $buf + } probe kernel.syscall.msgctl.return = - kernel.function("sys_msgctl").return { - name = "msgctl.return" - msqid = $msqid - cmd = $cmd - /* - buf_msg_perm_key = $buf->msg_perm->key - buf_msg_perm_uid = $buf->msg_perm->uid - buf_msg_perm_gid = $buf->msg_perm->gid - buf_msg_perm_cuid = $buf->msg_perm->cuid - buf_msg_perm_cgid = $buf->msg_perm->cgid - buf_msg_perm_mode = $buf->msg_perm->mode - buf_msg_perm_seq = $buf->msg_perm->seq - - buf_msg_stime = $buf->msg_stime - buf_msg_rtime = $buf->msg_rtime - buf_msg_ctime = $buf->msg_ctime - buf_msg_lcbytes = $buf->msg_lcbytes - buf_msg_lqbytes = $buf->msg_lqbytes - buf_msg_cbytes = $buf->msg_cbytes - buf_msg_qnum = $buf->msg_qnum - buf_msg_qbytes = $buf->msg_qbytes - buf_msg_lspid = $msg->msg_lspid - */ - } + kernel.function("sys_msgctl").return { + name = "msgctl.return" + } # semget___________________________________________ -/* asmlinkage long sys_semget (key_t key, - int nsems, - int semflg) */ +/* + * asmlinkage long + * sys_semget (key_t key, + * int nsems, + * int semflg) + */ probe kernel.syscall.semget = - kernel.function("sys_semget") { - name = "semget" - key = $key - nsems = $nsems - semflg = $semflg - } - + kernel.function("sys_semget") { + name = "semget" + key = $key + nsems = $nsems + semflg = $semflg + } probe kernel.syscall.semget.return = - kernel.function("sys_semget").return { - name = "semget.return" - key = $key - nsems = $nsems - semflg = $semflg - } + kernel.function("sys_semget").return { + name = "semget.return" + } # semop____________________________________________ -/* asmlinkage long sys_semop (int semid, - struct sembuf __user *tsops, - unsigned nsops) */ +/* + * asmlinkage long + * sys_semop (int semid, + * struct sembuf __user *tsops, + * unsigned nsops) + */ probe kernel.syscall.semop = - kernel.function("sys_semtimedop") { - name = "semop" - semid = $semid - /* - Each of the nsops elements in the array pointed to by sops - */ - nsops = $nsops - } - + kernel.function("sys_semtimedop") { + name = "semop" + semid = $semid + tsops_uaddr = $tsops + nsops = $nsops + } probe kernel.syscall.semop.return = - kernel.function("sys_semtimedop").return { - name = "semop.return" - semid = $semid - /* - Each of the nsops elements in the array pointed to by sops - */ - nsops = $nsops - } + kernel.function("sys_semtimedop").return { + name = "semop.return" + } # semctl___________________________________________ -/* asmlinkage long sys_semctl (int semid, int semnum, - int cmd, union semun arg) */ +/* + * asmlinkage long + * sys_semctl (int semid, + * int semnum, + * int cmd, + * union semun arg) + */ probe kernel.syscall.semctl = - kernel.function("sys_semctl") { - name = "semctl" - semid = $semid - semnum = $semnum - cmd = $cmd - /* - TODO Implement _semctl_cmd_str() - cmd_str = _semctl_cmd_str($cmd) - */ - } - + kernel.function("sys_semctl") { + name = "semctl" + semid = $semid + semnum = $semnum + cmd = $cmd + arg = $arg + } probe kernel.syscall.semctl.return = - kernel.function("sys_semctl").return { - name = "semctl.return" - semid = $semid - semnum = $semnum - cmd = $cmd - /* - TODO Implement _semctl_cmd_str() - cmd_str = _semctl_cmd_str($cmd) - */ - } + kernel.function("sys_semctl").return { + name = "semctl.return" + } # semtimedop_______________________________________ -/* asmlinkage long sys_semtimedop(int semid, struct sembuf __user *tsops, - unsigned nsops, const struct timespec __user *timeout) */ +/* + * asmlinkage long + * sys_semtimedop(int semid, + * struct sembuf __user *tsops, + * unsigned nsops, + * const struct timespec __user *timeout) + */ probe kernel.syscall.semtimedop = - kernel.function("sys_semtimedop") { - name = "semtimedop" - semid = $semid - /* - sops_sem_num = $tsops->sem_num - sops_sem_op = $tsops->sem_op - sops_sem_flg = $tsops->sem_flg - */ - nsops = $nsops - /* - timeout_tv_sec = $timeout->tv_sec - timeout_tv_nsec = $timeout->tv_nsec - */ - } - + kernel.function("sys_semtimedop") { + name = "semtimedop" + semid = $semid + sops_uaddr = $tsops + nsops = $nsops + timeout_uaddr = $timeout + } probe kernel.syscall.semtimedop.return = - kernel.function("sys_semtimedop").return { - name = "semtimedop.return" - /* - sops_sem_num = $tsops->sem_num - sops_sem_op = $tsops->sem_op - sops_sem_flg = $tsops->sem_flg - */ - nsops = $nsops - /* - timeout_tv_sec = $timeout->tv_sec - timeout_tv_nsec = $timeout->tv_nsec - */ - } + kernel.function("sys_semtimedop").return { + name = "semtimedop.return" + } # shmat____________________________________________ -/* asmlinkage long sys_shmat(int shmid, char __user *shmaddr, - int shmflg, unsigned long *addr) */ +/* + * asmlinkage long + * sys_shmat(int shmid, + * char __user *shmaddr, + * int shmflg, + * unsigned long *addr) + */ probe kernel.syscall.shmat = - kernel.function("sys_shmat") { - name = "shmat" - shmid = $shmid - /* - shmaddr = $shmaddr - */ - shmflg = $shmflg - /* - addr = $addr - */ - } - + kernel.function("sys_shmat") { + name = "shmat" + shmid = $shmid + shmaddr_uaddr = $shmaddr + shmflg = $shmflg + } probe kernel.syscall.shmat.return = - kernel.function("sys_shmat").return { - name = "shmat.return" - shmid = $shmid - /* - shmaddr = $shmaddr - */ - shmflg = $shmflg - /* - addr = $addr - */ - } + kernel.function("sys_shmat").return { + name = "shmat.return" + } # shmget___________________________________________ -/* asmlinkage long sys_shmget (key_t key, size_t size, int shmflg) */ +/* + * asmlinkage long + * sys_shmget (key_t key, + * size_t size, + * int shmflg) + */ probe kernel.syscall.shmget = - kernel.function("sys_shmget") { - name = "shmget" - key = $key - size = $size - shmflg = $shmflg - } - + kernel.function("sys_shmget") { + name = "shmget" + key = $key + size = $size + shmflg = $shmflg + } probe kernel.syscall.shmget.return = - kernel.function("sys_shmget").return { - name = "shmget.return" - key = $key - size = $size - shmflg = $shmflg - } + kernel.function("sys_shmget").return { + name = "shmget.return" + } # shmdt____________________________________________ -/* asmlinkage long sys_shmdt(char __user *shmaddr) */ +/* + * asmlinkage long + * sys_shmdt(char __user *shmaddr) + */ probe kernel.syscall.shmdt = - kernel.function("sys_shmdt") { - name = "shmdt" - /* - shmaddr = $shmaddr - */ - } - + kernel.function("sys_shmdt") { + name = "shmdt" + shmaddr_uaddr = $shmaddr + } probe kernel.syscall.shmdt.return = - kernel.function("sys_shmdt").return { - name = "shmdt.return" - /* - shmaddr = $shmaddr - */ - } + kernel.function("sys_shmdt").return { + name = "shmdt.return" + } # shmctl___________________________________________ -/* asmlinkage long sys_shmctl (int shmid, int cmd, - struct shmid_ds __user *buf) */ +/* + * asmlinkage long + * sys_shmctl (int shmid, + * int cmd, + * struct shmid_ds __user *buf) + */ probe kernel.syscall.shmctl = - kernel.function("sys_shmctl") { - name = "shmctl" - shmid = $shmid - cmd = $cmd - /* - buf_shm_perm_key = $buf->shm_perm->key - buf_shm_perm_uid = $buf->shm_perm->uid - buf_shm_perm_gid = $buf->shm_perm->gid - buf_shm_perm_cuid = $buf->shm_perm->cuid - buf_shm_perm_cgid = $buf->shm_perm->cgid - buf_shm_perm_mode = $buf->shm_perm->mode - buf_shm_perm_seq = $buf->shm_perm->seq - - buf_shm_segsz = $buf->shm_segsz - buf_shm_atime = $buf->shm_atime - buf_shm_dtime = $buf->shm_dtime - buf_shm_ctime = $buf->shm_ctime - buf_shm_cpid = $buf->shm_cpid - buf_shm_lpid = $buf->shm_lpid - buf_shm_nattch = $buf->shm_nattch - */ - } - + kernel.function("sys_shmctl") { + name = "shmctl" + shmid = $shmid + cmd = $cmd + buf_uaddr = $buf + } probe kernel.syscall.shmctl.return = - kernel.function("sys_shmctl").return { - name = "shmctl.return" - shmid = $shmid - cmd = $cmd - /* - buf_shm_perm_key = $buf->shm_perm->key - buf_shm_perm_uid = $buf->shm_perm->uid - buf_shm_perm_gid = $buf->shm_perm->gid - buf_shm_perm_cuid = $buf->shm_perm->cuid - buf_shm_perm_cgid = $buf->shm_perm->cgid - buf_shm_perm_mode = $buf->shm_perm->mode - buf_shm_perm_seq = $buf->shm_perm->seq - - buf_shm_segsz = $buf->shm_segsz - buf_shm_atime = $buf->shm_atime - buf_shm_dtime = $buf->shm_dtime - buf_shm_ctime = $buf->shm_ctime - buf_shm_cpid = $buf->shm_cpid - buf_shm_lpid = $buf->shm_lpid - buf_shm_nattch = $buf->shm_nattch - */ - } + kernel.function("sys_shmctl").return { + name = "shmctl.return" + } # mq_open__________________________________________ -/* asmlinkage long sys_mq_open(const char __user *u_name, int oflag, mode_t mode, - struct mq_attr __user *u_attr) */ +/* + * asmlinkage long + * sys_mq_open(const char __user *u_name, + * int oflag, + * mode_t mode, + * struct mq_attr __user *u_attr) + */ probe kernel.syscall.mq_open = - kernel.function("sys_mq_open") { - name = "mq_open" - /* - name = u_name - */ - oflag = $oflag - /* TODO implement _mq_open_oflg_str() */ - /* oflag_str = _mq_open_oflg_str() */ - /* - u_attr_mq_flags = $u_attr->mq_flags - u_attr_mq_maxmsg = $u_attr->mq_maxmsg - u_attr_mq_msgsize = $u_attr->mq_msgsize - u_attr_mq_curmsgs = $u_attr->mq_curmsgs - */ - } - + kernel.function("sys_mq_open") { + name = "mq_open" + name_uaddr = $u_name + oflag = $oflag + mode = $mode + u_attr_uaddr = $u_attr + } probe kernel.syscall.mq_open.return = - kernel.function("sys_mq_open").return { - name = "mq_open.return" - /* - name = u_name - */ - oflag = $oflag - /* TODO implement _mq_open_oflg_str() */ - /* oflag_str = _mq_open_oflg_str() */ - /* - u_attr_mq_flags = $u_attr->mq_flags - u_attr_mq_maxmsg = $u_attr->mq_maxmsg - u_attr_mq_msgsize = $u_attr->mq_msgsize - u_attr_mq_curmsgs = $u_attr->mq_curmsgs - */ - } + kernel.function("sys_mq_open").return { + name = "mq_open.return" + } # mq_unlink________________________________________ -/* asmlinkage long sys_mq_unlink(const char __user *u_name) */ +/* + * asmlinkage long + * sys_mq_unlink(const char __user *u_name) + */ probe kernel.syscall.mq_unlink = - kernel.function("sys_mq_unlink") { - name = "mq_unlink" - /* - u_name = $u_name - */ - } - + kernel.function("sys_mq_unlink") { + name = "mq_unlink" + u_name_uaddr = $u_name + } probe kernel.syscall.mq_unlink.return = - kernel.function("sys_mq_unlink").return { - name = "mq_unlink.return" - /* - u_name = $u_name - */ - } + kernel.function("sys_mq_unlink").return { + name = "mq_unlink.return" + } # mq_timedsend_____________________________________ -/* asmlinkage long sys_mq_timedsend(mqd_t mqdes, - const char __user *u_msg_ptr, - size_t msg_len, - unsigned int msg_prio, - const struct timespec __user *u_abs_timeout) */ +/* + * asmlinkage long + * sys_mq_timedsend(mqd_t mqdes, + * const char __user *u_msg_ptr, + * size_t msg_len, + * unsigned int msg_prio, + * const struct timespec __user *u_abs_timeout) + */ probe kernel.syscall.mq_timedsend = - kernel.function("sys_mq_timedsend") { - name = "mq_timedsend" - mqdes = $mqdes - /* - msg_ptr = $u_msg_ptr - */ - msg_len = $msg_len - msg_prio = $msg_prio - /* - abs_timeout_tv_sec = $u_abs_timeout->tv_sec - abs_timeout_tv_usec = $u_abs_timeout->tv_usec - */ - } - + kernel.function("sys_mq_timedsend") { + name = "mq_timedsend" + mqdes = $mqdes + msg_ptr_uaddr = $u_msg_ptr + msg_len = $msg_len + msg_prio = $msg_prio + abs_timeout_uaddr = $u_abs_timeout + } probe kernel.syscall.mq_timedsend.return = - kernel.function("sys_mq_timedsend").return { - name = "mq_timedsend.return" - mqdes = $mqdes - /* - msg_ptr = $u_msg_ptr - */ - msg_len = $msg_len - msg_prio = $msg_prio - /* - abs_timeout_tv_sec = $u_abs_timeout->tv_sec - abs_timeout_tv_usec = $u_abs_timeout->tv_usec - */ - } + kernel.function("sys_mq_timedsend").return { + name = "mq_timedsend.return" + } # mq_timedreceive__________________________________ -/* asmlinkage ssize_t sys_mq_timedreceive(mqd_t mqdes, - char __user *u_msg_ptr, - size_t msg_len, - unsigned int __user *u_msg_prio, - const struct timespec __user *u_abs_timeout) */ +/* + * asmlinkage ssize_t + * sys_mq_timedreceive(mqd_t mqdes, + * char __user *u_msg_ptr, + * size_t msg_len, + * unsigned int __user *u_msg_prio, + * const struct timespec __user *u_abs_timeout) + */ probe kernel.syscall.mq_timedreceive = - kernel.function("sys_mq_timedreceive") { - name = "mq_timedreceive" - mqdes = $mqdes - /* - msg_ptr = $u_msg_ptr - */ - msg_len = $msg_len - /* - msg_prio = $u_msg_prio - abs_timout_tv_sec = $u_abs_timeout->tv_sec - abs_timout_tv_usec = $u_abs_timeout->tv_usec - */ - } - + kernel.function("sys_mq_timedreceive") { + name = "mq_timedreceive" + mqdes = $mqdes + msg_ptr_uaddr = $u_msg_ptr + msg_len = $msg_len + msg_prio_uaddr = $u_msg_prio + abs_timout_uaddr = $u_abs_timeout + } probe kernel.syscall.mq_timedreceive.return = - kernel.function("sys_mq_timedreceive").return { - name = "mq_timedreceive.return" - mqdes = $mqdes - /* - msg_ptr = $u_msg_ptr - */ - msg_len = $msg_len - /* - msg_prio = $u_msg_prio - abs_timout_tv_sec = $u_abs_timeout->tv_sec - abs_timout_tv_usec = $u_abs_timeout->tv_usec - */ - } + kernel.function("sys_mq_timedreceive").return { + name = "mq_timedreceive.return" + } # mq_notify________________________________________ -/* asmlinkage long sys_mq_notify(mqd_t mqdes, - const struct sigevent __user *u_notification) */ +/* + * asmlinkage long + * sys_mq_notify(mqd_t mqdes, + * const struct sigevent __user *u_notification) + */ probe kernel.syscall.mq_notify = - kernel.function("sys_mq_notify") { - name = "mq_notify" - mqdes = $mqdes - /* - TODO requires embedded auxf to export - typedef struct sigevent { - sigval_t sigev_value; - int sigev_signo; - int sigev_notify; - union { - int _pad[SIGEV_PAD_SIZE]; - int _tid; - struct { - void (*_function)(sigval_t); - void *_attribute; // really pthread_attr_t - } _sigev_thread; - } _sigev_un; - } sigevent_t; - */ - } - + kernel.function("sys_mq_notify") { + name = "mq_notify" + mqdes = $mqdes + notification_uaddr = $u_notification + } probe kernel.syscall.mq_notify.return = - kernel.function("sys_mq_notify").return { - name = "mq_notify.return" - mqdes = $mqdes - /* - TODO requires embedded auxf to export - typedef struct sigevent { - sigval_t sigev_value; - int sigev_signo; - int sigev_notify; - union { - int _pad[SIGEV_PAD_SIZE]; - int _tid; - struct { - void (*_function)(sigval_t); - void *_attribute; // really pthread_attr_t - } _sigev_thread; - } _sigev_un; - } sigevent_t; - */ - } + kernel.function("sys_mq_notify").return { + name = "mq_notify.return" + } # mq_getsetattr____________________________________ -/* asmlinkage long sys_mq_getsetattr(mqd_t mqdes, - const struct mq_attr __user *u_mqstat, - struct mq_attr __user *u_omqstat) */ +/* + * asmlinkage long + * sys_mq_getsetattr(mqd_t mqdes, + * const struct mq_attr __user *u_mqstat, + * struct mq_attr __user *u_omqstat) + */ probe kernel.syscall.mq_getsetattr = - kernel.function("sys_mq_getsetattr") { - name = "mq_getsetattr" - mqdes = $mqdes - /* - u_mqstat_mq_flags = $u_mqstat->mq_flags - u_mqstat_mq_maxmsg = $u_mqstat->mq_maxmsg - u_mqstat_mq_msgsize = $u_mqstat->mq_msgsize - u_mqstat_mq_curmsgs = $u_mqstat->mq_curmsgs - - u_omqstat_mq_flags = $u_omqstat->mq_flags - u_omqstat_mq_maxmsg = $u_omqstat->mq_maxmsg - u_omqstat_mq_msgsize = $u_omqstat->mq_msgsize - u_omqstat_mq_curmsgs = $u_omqstat->mq_curmsgs - */ - } - + kernel.function("sys_mq_getsetattr") { + name = "mq_getsetattr" + mqdes = $mqdes + u_mqstat_uaddr = $u_mqstat + u_omqstat_uaddr = $u_omqstat + } probe kernel.syscall.mq_getsetattr.return = - kernel.function("sys_mq_getsetattr").return { - name = "mq_getsetattr.return" - mqdes = $mqdes - /* - u_mqstat_mq_flags = $u_mqstat->mq_flags - u_mqstat_mq_maxmsg = $u_mqstat->mq_maxmsg - u_mqstat_mq_msgsize = $u_mqstat->mq_msgsize - u_mqstat_mq_curmsgs = $u_mqstat->mq_curmsgs - - u_omqstat_mq_flags = $u_omqstat->mq_flags - u_omqstat_mq_maxmsg = $u_omqstat->mq_maxmsg - u_omqstat_mq_msgsize = $u_omqstat->mq_msgsize - u_omqstat_mq_curmsgs = $u_omqstat->mq_curmsgs - */ - } + kernel.function("sys_mq_getsetattr").return { + name = "mq_getsetattr.return" + } # pciconfig_iobase_________________________________ -/* asmlinkage long - sys_pciconfig_iobase(long which, unsigned long bus, - unsigned long dfn) */ +/* + * asmlinkage long + * sys_pciconfig_iobase(long which, + * unsigned long bus, + * unsigned long dfn) + */ probe kernel.syscall.pciconfig_iobase = - kernel.function("sys_pciconfig_iobase") { - name = "pciconfig_iobase" - which = $which - bus = $bus - dfn = $dfn - } - + kernel.function("sys_pciconfig_iobase") { + name = "pciconfig_iobase" + which = $which + bus = $bus + dfn = $dfn + } probe kernel.syscall.pciconfig_iobase.return = - kernel.function("sys_pciconfig_iobase").return { - name = "pciconfig_iobase.return" - which = $which - bus = $bus - dfn = $dfn - } + kernel.function("sys_pciconfig_iobase").return { + name = "pciconfig_iobase.return" + } # pciconfig_read___________________________________ -/* NOTE: This is a nop function: PCI interation is - handled at the kernel PCI layer. Not used. */ -/* asmlinkage int sys_pciconfig_read(unsigned long bus, unsigned long dfn, - unsigned long off, unsigned long len, - unsigned char *buf) { return 0; } */ +/* + * asmlinkage int + * sys_pciconfig_read(unsigned long bus, + * unsigned long dfn, + * unsigned long off, + * unsigned long len, + * unsigned char *buf) + * { return 0; } + */ probe kernel.syscall.pciconfig_read = - kernel.function("sys_pciconfig_read") { - name = "pciconfig_read" - bus = $bus - dfn = $dfn - off = $off - len = $len - /* - buf = $buf - */ - } - + kernel.function("sys_pciconfig_read") { + name = "pciconfig_read" + bus = $bus + dfn = $dfn + off = $off + len = $len + buf_uaddr = $buf + } probe kernel.syscall.pciconfig_read.return = - kernel.function("sys_pciconfig_read").return { - name = "pciconfig_read.return" - bus = $bus - dfn = $dfn - off = $off - len = $len - /* - buf = $buf - */ - } + kernel.function("sys_pciconfig_read").return { + name = "pciconfig_read.return" + } # pciconfig_write__________________________________ -/* NOTE: This is a nop function: PCI interation is - handled at the kernel PCI layer. Not used. */ -/* asmlinkage int sys_pciconfig_write(unsigned long bus, unsigned long dfn, - unsigned long off, unsigned long len, - unsigned char *buf) */ +/* + * asmlinkage int + * sys_pciconfig_write(unsigned long bus, + * unsigned long dfn, + * unsigned long off, + * unsigned long len, + * unsigned char *buf) + */ probe kernel.syscall.pciconfig_write = - kernel.function("sys_pciconfig_write") { - name = "pciconfig_write" - bus = $bus - dfn = $dfn - off = $off - len = $len - /* - buf = $buf - */ - } - + kernel.function("sys_pciconfig_write") { + name = "pciconfig_write" + bus = $bus + dfn = $dfn + off = $off + len = $len + buf_uaddr = $buf + } probe kernel.syscall.pciconfig_write.return = - kernel.function("sys_pciconfig_write").return { - name = "pciconfig_write.return" - bus = $bus - dfn = $dfn - off = $off - len = $len - /* - buf = $buf - */ - } + kernel.function("sys_pciconfig_write").return { + name = "pciconfig_write.return" + } # prctl____________________________________________ -/* asmlinkage long sys_prctl(int option, unsigned long arg2, unsigned long arg3, - unsigned long arg4, unsigned long arg5) */ +/* + * asmlinkage long + * sys_prctl(int option, + * unsigned long arg2, + * unsigned long arg3, + * unsigned long arg4, + * unsigned long arg5) + */ probe kernel.syscall.prctl = - kernel.function("sys_prctl") { - name = "prctl" - options = $options - arg2 = $arg2 - arg3 = $arg3 - arg4 = $arg4 - arg5 = $arg5 - } - + kernel.function("sys_prctl") { + name = "prctl" + option = $option + arg2 = $arg2 + arg3 = $arg3 + arg4 = $arg4 + arg5 = $arg5 + } probe kernel.syscall.prctl.return = - kernel.function("sys_prctl").return { - name = "prctl.return" - options = $options - arg2 = $arg2 - arg3 = $arg3 - arg4 = $arg4 - arg5 = $arg5 - } + kernel.function("sys_prctl").return { + name = "prctl.return" + } # swapon___________________________________________ -/* asmlinkage long sys_swapon(const char __user * specialfile, - int swap_flags) */ +/* + * asmlinkage long + * sys_swapon(const char __user * specialfile, + * int swap_flags) + */ probe kernel.syscall.swapon = - kernel.function("sys_swapon") { - name = "swapon" - /* - path = $specialfile - */ - swapflags = $swapflags - } - + kernel.function("sys_swapon") { + name = "swapon" + path_uaddr = $specialfile + swapflags = $swap_flags + } probe kernel.syscall.swapon.return = - kernel.function("sys_swapon").return { - name = "swapon.return" - /* - path = $specialfile - */ - swapflags = $swapflags - } + kernel.function("sys_swapon").return { + name = "swapon.return" + } # swapoff__________________________________________ -/* asmlinkage long sys_swapoff(const char __user * specialfile) */ +/* + * asmlinkage long + * sys_swapoff(const char __user * specialfile) + */ probe kernel.syscall.swapoff = - kernel.function("sys_swapoff") { - name = "swapoff" - /* - path = $specialfile - */ - } - + kernel.function("sys_swapoff") { + name = "swapoff" + path_uaddr = $specialfile + } probe kernel.syscall.swapoff.return = - kernel.function("sys_swapoff").return { - name = "swapoff.return" - /* - path = $specialfile - */ - } + kernel.function("sys_swapoff").return { + name = "swapoff.return" + } # sysctl___________________________________________ -/* asmlinkage long sys_sysctl(struct __sysctl_args __user *args) */ +/* + * asmlinkage long + * sys_sysctl(struct __sysctl_args __user *args) + */ probe kernel.syscall.sysctl = - kernel.function("sys_sysctl") { - name = "sysctl" - /* - args_name = $args->name - args_nlen = $args->nlen - args_oldval = $args->oldval - args_oldlenp = $args->oldlenp - args_newval = $args->newval - args_newlen = $args->newlen - */ - } - + kernel.function("sys_sysctl") { + name = "sysctl" + args_uaddr = $args + } probe kernel.syscall.sysctl.return = - kernel.function("sys_sysctl").return { - name = "sysctl.return" - /* - args_name = $args->name - args_nlen = $args->nlen - args_oldval = $args->oldval - args_oldlenp = $args->oldlenp - args_newval = $args->newval - args_newlen = $args->newlen - */ - } + kernel.function("sys_sysctl").return { + name = "sysctl.return" + } # sysinfo__________________________________________ -/* asmlinkage long sys_sysinfo(struct sysinfo __user *info) */ +/* + * asmlinkage long + * sys_sysinfo(struct sysinfo __user *info) + */ probe kernel.syscall.sysinfo = - kernel.function("sys_sysinfo") { - name = "sysinfo" - } - + kernel.function("sys_sysinfo") { + name = "sysinfo" + info_uaddr = $info + } probe kernel.syscall.sysinfo.return = - kernel.function("sys_sysinfo").return { - name = "sysinfo.return" - info_uptime = $info->uptime - /* - info_loads_1 = $info->loads[0] - info_loads_2 = $info->loads[1] - info_loads_3 = $info->loads[2] - */ - info_totalram = $info->totalram - info_freeram = $info->freeram - info_sharedram = $info->sharedram - info_bufferram = $info->bufferram - info_totalswap = $info->totalswap - info_freeswap = $info->freeswap - info_procs = $info->prcs - info_totalhigh = $info->totalhigh - info_freehigh = $info->freehigh - info_mem_unit = $info->mem_unit - } + kernel.function("sys_sysinfo").return { + name = "sysinfo.return" + } # sysfs____________________________________________ -/* asmlinkage long sys_sysfs(int option, - unsigned long arg1, - unsigned long arg2) */ +/* + * asmlinkage long + * sys_sysfs(int option, + * unsigned long arg1, + * unsigned long arg2) + */ probe kernel.syscall.sysfs = - kernel.function("sys_sysfs") { - name = "sysfs" - option = $option - arg1 = $arg1 - arg2 = $arg2 - } - + kernel.function("sys_sysfs") { + name = "sysfs" + option = $option + arg1 = $arg1 + arg2 = $arg2 + } probe kernel.syscall.sysfs.return = - kernel.function("sys_sysfs").return { - name = "sysfs.return" - option = $option - arg1 = $arg1 - arg2 = $arg2 - } + kernel.function("sys_sysfs").return { + name = "sysfs.return" + } # nfsservctl_______________________________________ -/* long asmlinkage sys_nfsservctl(int cmd, - struct nfsctl_arg __user *arg, - void __user *res) */ +/* + * long asmlinkage + * sys_nfsservctl(int cmd, + * struct nfsctl_arg __user *arg, + * void __user *res) + */ probe kernel.syscall.nfsservctl = - kernel.function("sys_nfsservctl") { - name = "nfsservctl" - cmd = $cmd - /* - TODO create embedded auxf to export this stuff - - ...from the man page...nfsservctl(int cmd, - struct nfsctl_arg *argp, - union nfsctl_res *resp); - struct nfsctl_arg { - int ca_version; // safeguard - union { - struct nfsctl_svc u_svc; - struct nfsctl_client u_client; - struct nfsctl_export u_export; - struct nfsctl_uidmap u_umap; - struct nfsctl_fhparm u_getfh; - unsigned int u_debug; - } u; - } - - union nfsctl_res { - struct knfs_fh cr_getfh; - unsigned int cr_debug; - }; - */ - } - + kernel.function("sys_nfsservctl") { + name = "nfsservctl" + cmd = $cmd + argp_uaddr = $arg + resp_uaddr = $res + } probe kernel.syscall.nfsservctl.return = - kernel.function("sys_nfsservctl").return { - name = "nfsservctl.return" - cmd = $cmd - /* - TODO create embedded auxf to export this stuff - - ...from the man page...nfsservctl(int cmd, - struct nfsctl_arg *argp, - union nfsctl_res *resp); - struct nfsctl_arg { - int ca_version; // safeguard - union { - struct nfsctl_svc u_svc; - struct nfsctl_client u_client; - struct nfsctl_export u_export; - struct nfsctl_uidmap u_umap; - struct nfsctl_fhparm u_getfh; - unsigned int u_debug; - } u; - } - - union nfsctl_res { - struct knfs_fh cr_getfh; - unsigned int cr_debug; - }; - */ - - } + kernel.function("sys_nfsservctl").return { + name = "nfsservctl.return" + } # syslog___________________________________________ -/* asmlinkage long sys_syslog(int type, char __user * buf, int len) */ +/* + * asmlinkage long + * sys_syslog(int type, + * char __user * buf, + * int len) + */ probe kernel.syscall.syslog = - kernel.function("do_syslog") { - name = "syslog" - type = $type - /* - bufp = $buf - */ - len = $len - } - + kernel.function("do_syslog") { + name = "syslog" + type = $type + bufp_uaddr = $buf + len = $len + } probe kernel.syscall.syslog.return = - kernel.function("do_syslog").return { - name = "syslog.return" - type = $type - /* - bufp = $buf - */ - len = $len - } + kernel.function("do_syslog").return { + name = "syslog.return" + } # uselib___________________________________________ -/* asmlinkage long sys_uselib(const char __user * library) */ +/* + * asmlinkage long + * sys_uselib(const char __user * library) + */ probe kernel.syscall.uselib = - kernel.function("sys_uselib") { - name = "uselib" - /* - library = $library - */ - } - + kernel.function("sys_uselib") { + name = "uselib" + library_uaddr = $library + } probe kernel.syscall.uselib.return = - kernel.function("sys_uselib").return { - name = "uselib.return" - /* - library = $library - */ - } + kernel.function("sys_uselib").return { + name = "uselib.return" + } # add_key__________________________________________ -/* asmlinkage long sys_add_key(const char __user *_type, - const char __user *_description, - const void __user *_payload, - size_t plen, - key_serial_t ringid) */ +/* + * asmlinkage long + * sys_add_key(const char __user *_type, + * const char __user *_description, + * const void __user *_payload, + * size_t plen, + * key_serial_t ringid) + */ probe kernel.syscall.add_key = - kernel.function("sys_add_key") { - name = "add_key" - /* - type = $_type - description = $_description - payload = $payload - */ - plen = $plen - ringid = $ringid - } - + kernel.function("sys_add_key") { + name = "add_key" + type_uaddr = $_type + description_auddr = $_description + payload_uaddr = $payload + plen = $plen + ringid = $ringid + } probe kernel.syscall.add_key.return = - kernel.function("sys_add_key").return { - name = "add_key.return" - /* - type = $_type - description = $_description - payload = $payload - */ - plen = $plen - ringid = $ringid - } + kernel.function("sys_add_key").return { + name = "add_key.return" + } # request_key______________________________________ -/* asmlinkage long sys_request_key(const char __user *_type, - const char __user *_description, - const char __user *_callout_info, - key_serial_t destringid) */ +/* + * asmlinkage long + * sys_request_key(const char __user *_type, + * const char __user *_description, + * const char __user *_callout_info, + * key_serial_t destringid) + */ probe kernel.syscall.request_key = - kernel.function("sys_request_key") { - name = "request_key" - /* - type = $_type - description = $_description - callout_info = $_callout_info - */ - destringid = $destringid - } - + kernel.function("sys_request_key") { + name = "request_key" + type_uaddr = $_type + description_uaddr = $_description + callout_info_uaddr = $_callout_info + destringid = $destringid + } probe kernel.syscall.request_key.return = - kernel.function("sys_request_key").return { - name = "request_key.return" - /* - type = $_type - description = $_description - callout_info = $_callout_info - */ - destringid = $destringid - } + kernel.function("sys_request_key").return { + name = "request_key.return" + } # keyctl___________________________________________ -/* asmlinkage long sys_keyctl(int option, unsigned long arg2, unsigned long arg3, - unsigned long arg4, unsigned long arg5) */ +/* + * asmlinkage long + * sys_keyctl(int option, + * unsigned long arg2, + * unsigned long arg3, + * unsigned long arg4, + * unsigned long arg5) + */ probe kernel.syscall.keyctl = - kernel.function("sys_keyctl") { - name = "keyctl" - option = $option - arg2 = $arg2 - arg3 = $arg3 - arg4 = $arg4 - arg5 = $arg5 - } - + kernel.function("sys_keyctl") { + name = "keyctl" + option = $option + arg2 = $arg2 + arg3 = $arg3 + arg4 = $arg4 + arg5 = $arg5 + } probe kernel.syscall.keyctl.return = - kernel.function("sys_keyctl").return { - name = "keyctl.return" - option = $option - arg2 = $arg2 - arg3 = $arg3 - arg4 = $arg4 - arg5 = $arg5 - } + kernel.function("sys_keyctl").return { + name = "keyctl.return" + } # modify_ldt_______________________________________ -/* asmlinkage int sys_modify_ldt(int func, - void __user *ptr, - unsigned long bytecount) */ +/* + * asmlinkage int + * sys_modify_ldt(int func, + * void __user *ptr, + * unsigned long bytecount) + */ probe kernel.syscall.modify_ldt = - kernel.function("sys_modify_ldt") { - name = "modify_ldt" - func = $func - bytecount = $bytecount - } - + kernel.function("sys_modify_ldt") { + name = "modify_ldt" + func = $func + /* + ptr = $ptr + */ + bytecount = $bytecount + } probe kernel.syscall.modify_ldt.return = - kernel.function("sys_modify_ldt").return { - name = "modify_ldt.return" - func = $func - /* - ptr points to a modify_ldt_ldt_s structure and - bytecount must equal the size of this structure - */ - bytecount = $bytecount - } + kernel.function("sys_modify_ldt").return { + name = "modify_ldt.return" + } # mmap2____________________________________________ -/* static inline unsigned long do_mmap2(unsigned long addr, - size_t len, - unsigned long prot, - unsigned long flags, - unsigned long fd, - unsigned long pgoff) */ +/* + * unsigned long sys_mmap2(unsigned long addr, + * size_t len, + * unsigned long prot, + * unsigned long flags, + * unsigned long fd, + * unsigned long pgoff) + */ probe kernel.syscall.mmap2 = - kernel.function("do_mmap2") { - name = "mmap2" - addr = $addr - len = $len - prot = $prot - flags = $flags - fd = $fd - pgoff = $pgoff - } - + kernel.function("sys_mmap2") { + name = "mmap2" + addr = $addr + len = $len + prot = $prot + flags = $flags + fd = $fd + pgoff = $pgoff + } probe kernel.syscall.mmap2.return = - kernel.function("do_mmap2").return { - name = "mmap2.return" - addr = $addr - len = $len - prot = $prot - flags = $flags - fd = $fd - pgoff = $pgoff - } + kernel.function("sys_mmap2").return { + name = "mmap2.return" + } # execve___________________________________________ -/* NOTE: arch specific */ -/* asmlinkage int sys_execve(struct pt_regs regs) */ +/* + * asmlinkage int + * sys_execve(struct pt_regs regs) + */ probe kernel.syscall.execve = - kernel.function("sys_execve") { - name = "execve" - /* - TODO figure this one out - filename = $regs->ebx - argv[] = $regs->ecx - envp[] = $regs->edx - */ - } - + kernel.function("sys_execve") { + name = "execve" + regs = $regs + } probe kernel.syscall.execve.return = - kernel.function("sys_execve").return { - name = "execve.return" - /* - ...hmm, if execve() succeedes were in trouble here... - - TODO figure this one out - filename = $regs->ebx - argv[] = $regs->ecx - envp[] = $regs->edx - */ - } + kernel.function("sys_execve").return { + name = "execve.return" + } # clone____________________________________________ -/* long do_fork(unsigned long clone_flags, - unsigned long stack_start, - struct pt_regs *regs, - unsigned long stack_size, - int __user *parent_tidptr, - int __user *child_tidptr) */ +/* + * long do_fork(unsigned long clone_flags, + * unsigned long stack_start, + * struct pt_regs *regs, + * unsigned long stack_size, + * int __user *parent_tidptr, + * int __user *child_tidptr) + */ probe kernel.syscall.clone = - kernel.function("do_fork") { - name = "clone" - clone_flags = $clone_flags - %( kernel_v > "2.6.9" %? start_stack = $start_stack %) - /* Export this??? - regs = $regs->... - */ - stack_size = $stack_size - /* - parent_tid = $parent_tidptr - child_tid = $child_tidptr - */ - } - + kernel.function("do_fork") { + name = "clone" + clone_flags = $clone_flags + start_stack = $start_stack + regs_uaddr = $regs + stack_size = $stack_size + parent_tid_uaddr = $parent_tidptr + child_tid_uaddr = $child_tidptr + } probe kernel.syscall.clone.return = - kernel.function("do_fork").return { - name = "clone.return" - clone_flags = $clone_flags - start_stack = $start_stack - /* Export this??? - regs = $regs->... - */ - stack_size = $stack_size - /* - parent_tid = $parent_tidptr - child_tid = $child_tidptr - */ - } + kernel.function("do_fork").return { + name = "clone.return" + } # fork_____________________________________________ +/* + * long do_fork(unsigned long clone_flags, + * unsigned long stack_start, + * struct pt_regs *regs, + * unsigned long stack_size, + * int __user *parent_tidptr, + * int __user *child_tidptr) + */ probe kernel.syscall.fork = - kernel.function("do_fork") { - name = "fork" - clone_flags = $clone_flags - start_stack = $start_stack - /* Export this??? - regs = $regs->... - */ - stack_size = $stack_size - /* - parent_tid = $parent_tidptr - child_tid = $child_tidptr - */ - } - + kernel.function("do_fork") { + name = "fork" + clone_flags = $clone_flags + start_stack = $start_stack + regs_uaddr = $regs + stack_size = $stack_size + parent_tid_uaddr = $parent_tidptr + child_tid_uaddr = $child_tidptr + } probe kernel.syscall.fork.return = - kernel.function("do_fork").return { - name = "fork.return" - clone_flags = $clone_flags - start_stack = $start_stack - /* Export this??? - regs = $regs->... - */ - stack_size = $stack_size - /* - parent_tid = $parent_tidptr - child_tid = $child_tidptr - */ - } + kernel.function("do_fork").return { + name = "fork.return" + } # vfork____________________________________________ +/* + * long do_fork(unsigned long clone_flags, + * unsigned long stack_start, + * struct pt_regs *regs, + * unsigned long stack_size, + * int __user *parent_tidptr, + * int __user *child_tidptr) + */ probe kernel.syscall.vfork = - kernel.function("do_fork") { - name = "vfork" - clone_flags = $clone_flags - start_stack = $start_stack - /* Export this??? - regs = $regs->... - */ - stack_size = $stack_size - /* - parent_tid = $parent_tidptr - child_tid = $child_tidptr - */ - } - + kernel.function("do_fork") { + name = "vfork" + clone_flags = $clone_flags + start_stack = $start_stack + regs_uaddr = $regs + stack_size = $stack_size + parent_tid_uaddr = $parent_tidptr + child_tid_uaddr = $child_tidptr + } probe kernel.syscall.vfork.return = - kernel.function("do_fork").return { - name = "vfork.return" - clone_flags = $clone_flags - start_stack = $start_stack - /* Export this??? - regs = $regs->... - */ - stack_size = $stack_size - /* - parent_tid = $parent_tidptr - child_tid = $child_tidptr - */ - } + kernel.function("do_fork").return { + name = "vfork.return" + } # pipe_____________________________________________ -/* asmlinkage int sys_pipe(unsigned long __user * fildes) */ +/* + * asmlinkage int + * sys_pipe(unsigned long __user * fildes) + */ probe kernel.syscall.pipe = - kernel.function("sys_pipe") { - name = "pipe" - } - + kernel.function("sys_pipe") { + name = "pipe" + fildes_uaddr = $fildes + } probe kernel.syscall.pipe.return = - kernel.function("sys_pipe").return { - name = "pipe.return" - /* - TODO implement embedded auxf to extract - these fildes - fildes_read = $fildes[0] - fildes_write = $fildes[1] - */ - } + kernel.function("sys_pipe").return { + name = "pipe.return" + } # ptrace___________________________________________ -/* asmlinkage int sys_ptrace(long request, - long pid, - long addr, - long data) */ +/* + * asmlinkage int + * sys_ptrace(long request, + * long pid, + * long addr, + * long data) + */ probe kernel.syscall.ptrace = - kernel.function("sys_ptrace") { - name = "ptrace" - pid = $pid - addr = $addr - data = $data - } - + kernel.function("sys_ptrace") { + name = "ptrace" + request = $request + pid = $pid + addr = $addr + data = $data + } probe kernel.syscall.ptrace.return = - kernel.function("sys_ptrace").return { - name = "ptrace.return" - pid = $pid - addr = $addr - data = $data - } + kernel.function("sys_ptrace").return { + name = "ptrace.return" + } # iopl_____________________________________________ -/* asmlinkage long sys_iopl(unsigned long unused) */ +/* + * asmlinkage long + * sys_iopl(unsigned long unused) + */ probe kernel.syscall.iopl = - kernel.function("sys_iopl") { - name = "iopl" - level = $unused - } - + kernel.function("sys_iopl") { + name = "iopl" + level = $unused + } probe kernel.syscall.iopl.return = - kernel.function("sys_iopl").return { - name = "iopl.return" - level = $unused - } + kernel.function("sys_iopl").return { + name = "iopl.return" + } # rt_sigaction_____________________________________ -/* asmlinkage long - sys_rt_sigaction(int sig, const struct sigaction __user *act, - struct sigaction __user *oact, - size_t sigsetsize, void __user *restorer) */ +/* + * asmlinkage long + * sys_rt_sigaction(int sig, + * const struct sigaction __user *act, + * struct sigaction __user *oact, + * size_t sigsetsize, + * void __user *restorer) + */ probe kernel.syscall.rt_sigaction = - kernel.function("sys_rt_sigaction") { - name = "rt_sigaction" - sig = $sig - /* - act_sa_handler = $act->sa_handler - act_sa_mask = $act->sa_mask - act_sa_flags = $act->sa_flags - act_sa_restorer = $act->sa_restorer - */ - sigsetsize = $sigsetsize - /* - restorer = $restorer - */ - } - + kernel.function("sys_rt_sigaction") { + name = "rt_sigaction" + sig = $sig + act_uaddr = $act + oact_uaddr = $oact + sigsetsize = $sigsetsize + /* + restorer = $restorer + */ + } probe kernel.syscall.rt_sigaction.return = - kernel.function("sys_rt_sigaction").return { - name = "rt_sigaction.return" - sig = $sig - /* - act_sa_handler = $act->sa_handler - act_sa_mask = $act->sa_mask - act_sa_flags = $act->sa_flags - act_sa_restorer = $act->sa_restorer - - oact_sa_handler = $oact->sa_handler - oact_sa_mask = $oact->sa_mask - oact_sa_flags = $oact->sa_flags - oact_sa_restorer = $oact->sa_restorer - */ - sigsetsize = $sigsetsize - /* - restorer = $restorer - */ - } - - -/* AUX HELPER FUNCTIONS AUX HELPER FUNCTIONS AUX HELPER FUNCTIONS */ - -/* - * These functions construct the bitwise-or'd symbolic string - * representation of the f param, based on the function arg. - */ - -/* `man 2 open` for more information */ -function _sys_open_flag_str(f) { - if(f & 8192) bs="O_ASYNC|".bs - if(f & 4096) bs="O_SYNC|".bs - if(f & 2048) bs="O_NONBLOCK|".bs - if(f & 1024) bs="O_APPEND|".bs - if(f & 512) bs="O_TRUNC|".bs - if(f & 256) bs="O_NDCTTY|".bs - if(f & 128) bs="O_EXCL|".bs - if(f & 64) bs="O_CREAT|".bs - if((f & 3) == 2) bs="O_RDWR|".bs - else if((f & 3) == 1) bs="O_WRONLY|".bs - else if((f & 3) == 0) bs="O_RDONLY|".bs - return substr(bs,0,strlen(bs)-1) -} - -/* `man 2 open` for more information */ -function _access_mode_str(m) { - if(m & 4) bs="R_OK|".bs - if(m & 2) bs="W_OK|".bs - if(m & 1) bs="X_OK|".bs - if((m & 3) == 0) bs="F_OK|".bs - return substr(bs,0,strlen(bs)-1) -} - -/* `man 2 open` for more information */ -function _sys_open_mode_str(f) { - if((f & 448) == 448) bs="S_IRWXU|".bs - else { - if(f & 256) bs="S_IRUSR|".bs - if(f & 128) bs="S_IWUSR|".bs - if(f & 64) bs="S_IXUSR|".bs - } - if((f & 56) == 56) bs="S_IRWXG|".bs - else { - if(f & 32) bs="S_IRGRP|".bs - if(f & 16) bs="S_IWGRP|".bs - if(f & 8) bs="S_IXGRP|".bs - } - if((f & 7) == 7) bs="S_IRWXO|".bs - else { - if(f & 4) bs="S_IROTH|".bs - if(f & 2) bs="S_IWOTH|".bs - if(f & 1) bs="S_IXOTH|".bs - } - return substr(bs,0,strlen(bs)-1) -} - -/* `man 2 mknod` for more information */ -function _mknod_mode_str(mode) { - if((mode & 0x8000)==0x8000) - return "S_IFREG|"._sys_open_mode_str(mode) - if((mode & 0x2000)==0x2000) - return "S_IFCHR|"._sys_open_mode_str(mode) - if((mode & 0x6000)==0x6000) - return "S_IFBLK|"._sys_open_mode_str(mode) - if((mode & 0x1000)==0x1000) - return "S_IFIFO|"._sys_open_mode_str(mode) - if((mode & 0xC000)==0xC000) - return "S_IFSOCK|"._sys_open_mode_str(mode) - return "" -} - -/* `man flock` for more information */ -function _flock_cmd_str(c) { - if(c & 1) bs="LOCK_SH|".bs - if(c & 2) bs="LOCK_EX|".bs - if(c & 8) bs="LOCK_UN|".bs - if(c & 4) bs="LOCK_NB|".bs - return substr(bs,0,strlen(bs)-1) -} - -/* `man msync` for more information */ -function _wait4_opt_str(f) { - if(f & 4) bs="MS_SYNC|".bs - if(f & 2) bs="MS_INVALIDATE|".bs - if(f & 1) bs="MS_ASYNC|".bs - return substr(bs,0,strlen(bs)-1) -} - -/* `man wait4` for more information */ -function _msync_flag_str(f) { - if(f & 0x01000000) bs="WNOWAIT|".bs - if(f & 8) bs="WCONTINUED|".bs - if(f & 4) bs="WEXITED|".bs - if(f & 2) bs="WSTOPPED|".bs - if(f & 1) bs="WNOHANG|".bs - return substr(bs,0,strlen(bs)-1) -} - -/* `man sendmsg` for more information */ -function _send_flags_str(f) { - if(f & 0x0001) bs="MSG_OOB|".bs - if(f & 0x0080) bs="MSG_EOR|".bs - if(f & 0x0004) bs="MSG_DONTROUTE|".bs - if(f & 0x0040) bs="MSG_DONTWAIT|".bs - if(f & 0x4000) bs="MSG_NOSIGNAL|".bs - if(f & 0x0800) bs="MSG_CONFIRM|".bs - return substr(bs,0,strlen(bs)-1) -} - -/* `man recv` for more information */ -function _recvflags_str(f) { - if(f & 1) bs="MSG_OOB|".bs - if(f & 2) bs="MSG_PEEK|".bs - if(f & 32) bs="MSG_WAITALL|".bs - if(f & 256) bs="MSG_TRUNC|".bs - if(f & 8192) bs="MSG_ERRQUEUE|".bs - return substr(bs,0,strlen(bs)-1) -} - -/* `man mlockall` for more information */ -function _mlockall_flags_str(f) { - if(f & 2) bs="MCL_CURRENT|".bs - if(f & 1) bs="MCL_FUTURE|".bs - return substr(bs,0,strlen(bs)-1) -} - -/* - * The following functions return the symbolic string - * representation of the flag. If the argument doesnt - * map to string, an empty string ("") is returned. - */ - -function _module_flags_str(f) { - if(f==8192) return "O_ASYNC" - if(f==4096) return "O_SYNC" - if(f==2048) return "O_NONBLOCK" - if(f==1024) return "O_APPEND" - if(f==512) return "O_TRUNC" - if(f==256) return "O_NDCTTY" - if(f==128) return "O_EXCL" - if(f==64) return "O_CREAT" - if(f==2) return "O_RDWR" - if(f==1) return "O_WRONLY" - if(f==0) return "O_RDONLY" - return "" -} - -function _get_wc_str(wc) { - if(wc==0) return "CLOCK_REALTIME" - if(wc==1) return "CLOCK_MONOTONIC" - if(wc==2) return "CLOCK_PROCESS_CPUTIME_ID" - if(wc==3) return "CLOCK_THREAD_CPUTIME_ID" - if(wc==4) return "CLOCK_REALTIME_HR" - if(wc==5) return "CLOCK_MONOTONIC_HR" - return "" -} - -function _sigprocmask_how_str(how) { - if(how==0) return "SIG_BLOCK" - if(how==1) return "SIG_UNBLOCK" - if(how==2) return "SIG_SETMASK" - return "" -} - -function _itimer_which_str(which) { - if(which==0) return "ITIMER_REAL" - if(which==1) return "ITIMER_VIRTUAL" - if(which==2) return "ITIMER_PROF" - return "" -} - -function _sched_policy_str(policy) { - if(policy==0) return "SCHED_OTHER" - if(policy==1) return "SCHED_FIFO" - if(policy==2) return "SCHED_RR" - return "" -} - -function _priority_which_str(which) { - if(which==0) return "PRIO_PROCESS" - if(which==1) return "PRIO_PGRP" - if(which==2) return "PRIO_USER" - return "" -} - -function _shutdown_how_str(how) { - if(how==0) return "SHUT_RD" - if(how==1) return "SHUT_WR" - if(how==2) return "SHUT_RDWR" - return "" -} - -function _reboot_magic_str(magic) { - if(magic==0xFEE1DEAD) return "LINUX_REBOOT_MAGIC1" - if(magic==672274793) return "LINUX_REBOOT_MAGIC2" - if(magic==85072278) return "LINUX_REBOOT_MAGIC2A" - if(magic==369367448) return "LINUX_REBOOT_MAGIC2B" - if(magic==537993216) return "LINUX_REBOOT_MAGIC2C" - return "" -} - -function _reboot_flag_str(flag) { - if(flag==0x01234567) return "LINUX_REBOOT_CMD_RESTART" - if(flag==0xCDEF0123) return "LINUX_REBOOT_CMD_HALT" - if(flag==0x4321FEDC) return "LINUX_REBOOT_CMD_POWER_OFF" - if(flag==0xA1B2C3D4) return "LINUX_REBOOT_CMD_RESTART2" - if(flag==0x89ABCDEF) return "LINUX_REBOOT_CMD_CAD_ON" - if(flag==0x00000000) return "LINUX_REBOOT_CMD_CAD_OFF" - return "" -} - -function _waitid_which_str(flag) { - if(flag==0) return "P_ALL" - if(flag==1) return "P_PID" - if(flag==2) return "P_PGID" - return "" -} - -function _futex_op_str(op) { - if(op==0) return "FUTEX_WAIT" - if(op==1) return "FUTEX_WAKE" - if(op==2) return "FUTEX_FD" - if(op==3) return "FUTEX_REQUEUE" - if(op==4) return "FUTEX_CMP_REQUEUE" - return "" -} - -function _mountflags_str(op) { - if(op==1) return "MS_RDONLY" - if(op==2) return "MS_NOSUID" - if(op==4) return "MS_NODEV" - if(op==8) return "MS_NOEXEC" - if(op==16) return "MS_SYNCHRONOUS" - if(op==32) return "MS_REMOUNT" - if(op==64) return "MS_MANDLOCK" - if(op==128) return "S_WRITE" - if(op==256) return "S_APPEND" - if(op==512) return "S_IMMUTABLE" - if(op==1024) return "MS_NOATIME" - if(op==2048) return "MS_NODIRATIME" - if(op==4096) return "MS_BIND" - return "" -} - -function _statfs_f_type_str(f) { - if(f==0xadf5) return "ADFS_SUPER_MAGIC" - if(f==0xADFF) return "AFFS_SUPER_MAGIC" - if(f==0x42465331) return "BEFS_SUPER_MAGIC" - if(f==0x1BADFACE) return "BFS_MAGIC" - if(f==0xFF534D42) return "CIFS_MAGIC_NUMBER" - if(f==0x73757245) return "CODA_SUPER_MAGIC" - if(f==0x012FF7B7) return "COH_SUPER_MAGIC" - if(f==0x28cd3d45) return "CRAMFS_MAGIC" - if(f==0x1373) return "DEVFS_SUPER_MAGIC" - if(f==0x00414A53) return "EFS_SUPER_MAGIC" - if(f==0x137D) return "EXT_SUPER_MAGIC" - if(f==0xEF51) return "EXT2_OLD_SUPER_MAGIC" - if(f==0xEF53) return "EXT2_SUPER_MAGIC" - if(f==0xEF53) return "EXT3_SUPER_MAGIC" - if(f==0x4244) return "HFS_SUPER_MAGIC" - if(f==0xF995E849) return "HPFS_SUPER_MAGIC" - if(f==0x958458f6) return "HUGETLBFS_MAGIC" - if(f==0x9660) return "ISOFS_SUPER_MAGIC" - if(f==0x72b6) return "JFFS2_SUPER_MAGIC" - if(f==0x3153464a) return "JFS_SUPER_MAGIC" - if(f==0x137F) return "MINIX_SUPER_MAGIC" - if(f==0x138F) return "MINIX_SUPER_MAGIC2" - if(f==0x2468) return "MINIX2_SUPER_MAGIC" - if(f==0x2478) return "MINIX2_SUPER_MAGIC2" - if(f==0x4d44) return "MSDOS_SUPER_MAGIC" - if(f==0x564c) return "NCP_SUPER_MAGIC" - if(f==0x6969) return "NFS_SUPER_MAGIC" - if(f==0x5346544e) return "NTFS_SB_MAGIC" - if(f==0x9fa1) return "OPENPROM_SUPER_MAGIC" - if(f==0x9fa0) return "PROC_SUPER_MAGIC" - if(f==0x002f) return "QNX4_SUPER_MAGIC" - if(f==0x52654973) return "REISERFS_SUPER_MAGIC" - if(f==0x7275) return "ROMFS_MAGIC" - if(f==0x517B) return "SMB_SUPER_MAGIC" - if(f==0x012FF7B6) return "SYSV2_SUPER_MAGIC" - if(f==0x012FF7B5) return "SYSV4_SUPER_MAGIC" - if(f==0x01021994) return "TMPFS_MAGIC" - if(f==0x15013346) return "UDF_SUPER_MAGIC" - if(f==0x00011954) return "UFS_MAGIC" - if(f==0x9fa2) return "USBDEVICE_SUPER_MAGIC" - if(f==0xa501FCF5) return "VXFS_SUPER_MAGIC" - if(f==0x012FF7B4) return "XENIX_SUPER_MAGIC" - if(f==0x58465342) return "XFS_SUPER_MAGIC" - if(f==0x012FD16D) return "_XIAFS_SUPER_MAGIC" - return "" -} - -function _mprotect_prot_str(prot) { - if(prot==0x00000000) return "PROT_NONE" - if(prot==0x00000001) return "PROT_READ" - if(prot==0x00000002) return "PROT_WRITE" - if(prot==0x00000004) return "PROT_EXEC" - return "" -} - -function _madvice_advice_str(behavior) { - if(behavior==0x00000000) return "MADV_NORMAL" - if(behavior==0x00000001) return "MADV_RANDOM" - if(behavior==0x00000002) return "MADV_SEQUENTIAL" - if(behavior==0x00000003) return "MADV_WILLNEED" - if(behavior==0x00000004) return "MADV_DONTNEED" - return "" -} - -function _fcntl_cmd_str(cmd) { - if(cmd==0x00000000) return "F_DUPFD" - if(cmd==0x00000001) return "F_GETFD" - if(cmd==0x00000002) return "F_SETFD" - if(cmd==0x00000003) return "F_GETFL" - if(cmd==0x00000004) return "F_SETFL" - if(cmd==0x00000005) return "F_GETLK" - if(cmd==0x00000006) return "F_SETLK" - if(cmd==0x00000007) return "F_SETLKW" - if(cmd==0x00000008) return "F_SETOWN" - if(cmd==0x00000009) return "F_GETOWN" - if(cmd==0x0000000A) return "F_SETSIG" - if(cmd==0x0000000B) return "F_GETLK64" - if(cmd==0x0000000C) return "F_SETLK64" - if(cmd==0x0000000D) return "F_SETLKW64" - return "" -} - -function _seek_whence_str(w) { - if(w==0x00000000) return "SEEK_SET" - if(w==0x00000001) return "SEEK_CUR" - if(w==0x00000002) return "SEEK_END" - return "" -} - -function _quotactl_cmd_str(cmd) { - if(cmd==0x800002) return "Q_QUOTAON" - if(cmd==0x800003) return "Q_QUOTAOFF" - if(cmd==0x800007) return "Q_GETQUOTA" - if(cmd==0x800008) return "Q_SETQUOTA" - if(cmd==0x800005) return "Q_GETINFO" - if(cmd==0x800006) return "Q_SETINFO" - if(cmd==0x800004) return "Q_GETFMT" - if(cmd==0x800001) return "Q_SYNC" - /* XFS Quota Manager (XQM) Codes */ - if(cmd==0x5801) return "Q_XQUOTAON" - if(cmd==0x5802) return "Q_XQUOTAOFF" - if(cmd==0x5803) return "Q_XGETQUOTA" - if(cmd==0x5804) return "Q_XSETQLIM" - if(cmd==0x5805) return "Q_XGETQSTAT" - if(cmd==0x5806) return "Q_XQUOTARM" - return "" -} - -/* see sys/socket.h (for setsockopt) */ -function _sockopt_optname_str(opt) { - if(opt==1) return "SO_DEBUG" - if(opt==2) return "SO_REUSEADDR" - if(opt==3) return "SO_TYPE" - if(opt==4) return "SO_ERROR" - if(opt==5) return "SO_DONTROUTE" - if(opt==6) return "SO_BROADCAST" - if(opt==7) return "SO_SNDBUF" - if(opt==8) return "SO_RCVBUF" - if(opt==9) return "SO_KEEPALIVE" - if(opt==10) return "SO_OOBINLINE" - if(opt==11) return "SO_NO_CHECK" - if(opt==12) return "SO_PRIORITY" - if(opt==13) return "SO_LINGER" - if(opt==14) return "SO_BSDCOMPAT" - - if(opt==16) return "SO_PASSCRED" - if(opt==17) return "SO_PEERCRED" - if(opt==18) return "SO_RCVLOWAT" - if(opt==19) return "SO_SNDLOWAT" - if(opt==20) return "SO_RCVTIMEO" - if(opt==21) return "SO_SNDTIMEO" - return "" -} - -/* `man 2 setsockopt` for more information */ -function _sockopt_level_str(l) { - if(l==0) return "IP" - if(l==1) return "ICMP" - if(l==2) return "IGMP" - if(l==3) return "GGP" - if(l==4) return "IP-ENCAP" - if(l==5) return "ST" - if(l==6) return "TCP" - if(l==7) return "CBT" - if(l==8) return "EGP" - if(l==9) return "IGP" - if(l==10) return "BBN-RCC-MON" - if(l==11) return "NVP-II" - if(l==12) return "PUP" - if(l==13) return "ARGUS" - if(l==14) return "EMCON" - if(l==15) return "XNET" - if(l==16) return "CHAOS" - if(l==17) return "UDP" - if(l==18) return "MUX" - if(l==19) return "DCN-MEAS" - if(l==20) return "HMP" - if(l==21) return "PRM" - if(l==22) return "XNS-IDP" - if(l==23) return "TRUNK-1" - if(l==24) return "TRUNK-2" - if(l==25) return "LEAF-1" - if(l==26) return "LEAF-2" - if(l==27) return "RDP" - if(l==28) return "IRTP" - if(l==29) return "ISO-TP4" - if(l==30) return "NETBLT" - if(l==31) return "MFE-NSP" - if(l==32) return "MERIT-INP" - if(l==33) return "SEP" - if(l==34) return "3PC" - if(l==35) return "IDPR" - if(l==36) return "XTP" - if(l==37) return "DDP" - if(l==38) return "IDPR-CMTP" - if(l==39) return "TP++" - if(l==40) return "IL" - if(l==41) return "IPv6" - if(l==42) return "SDRP" - if(l==43) return "IPv6-Route" - if(l==44) return "IPv6-Frag" - if(l==45) return "IDRP" - if(l==46) return "RSVP" - if(l==47) return "GRE" - if(l==48) return "MHRP" - if(l==49) return "BNA" - if(l==50) return "IPv6-Crypt" - if(l==51) return "IPv6-Auth" - if(l==52) return "I-NLSP" - if(l==53) return "SWIPE" - if(l==54) return "NARP" - if(l==55) return "MOBILE" - if(l==56) return "TLSP" - if(l==57) return "SKIP" - if(l==58) return "IPv6-ICMP" - if(l==59) return "IPv6-NoNxt" - if(l==60) return "IPv6-Opts" - if(l==62) return "CFTP" - if(l==64) return "SAT-EXPAK" - if(l==65) return "KRYPTOLAN" - if(l==66) return "RVD" - if(l==67) return "IPPC" - if(l==69) return "SAT-MON" - if(l==70) return "VISA" - if(l==71) return "IPCV" - if(l==72) return "CPNX" - if(l==73) return "CPHB" - if(l==74) return "WSN" - if(l==75) return "PVP" - if(l==76) return "BR-SAT-MON" - if(l==77) return "SUN-ND" - if(l==78) return "WB-MON" - if(l==79) return "WB-EXPAK" - if(l==80) return "ISO-IP" - if(l==81) return "VMTP" - if(l==82) return "SECURE-VMTP" - if(l==83) return "VINES" - if(l==84) return "TTP" - if(l==85) return "NSFNET-IGP" - if(l==86) return "DGP" - if(l==87) return "TCF" - if(l==88) return "EIGRP" - if(l==89) return "OSPFIGP" - if(l==90) return "Sprite-RPC" - if(l==91) return "LARP" - if(l==92) return "MTP" - if(l==93) return "AX.25" - if(l==94) return "IPIP" - if(l==95) return "MICP" - if(l==96) return "SCC-SP" - if(l==97) return "ETHERIP" - if(l==98) return "ENCAP" - if(l==100) return "GMTP" - if(l==101) return "IFMP" - if(l==102) return "PNNI" - if(l==103) return "PIM" - if(l==104) return "ARIS" - if(l==105) return "SCPS" - if(l==106) return "QNX" - if(l==107) return "A/N" - if(l==108) return "IPComp" - if(l==109) return "SNP" - if(l==110) return "Compaq-Peer" - if(l==111) return "IPX-in-IP" - if(l==112) return "VRRP" - if(l==113) return "PGM" - if(l==115) return "L2TP" - if(l==116) return "DDX" - if(l==117) return "IATP" - if(l==118) return "STP" - if(l==119) return "SRP" - if(l==120) return "UTI" - if(l==121) return "SMP" - if(l==122) return "SM" - if(l==123) return "PTP" - if(l==124) return "ISIS" - if(l==125) return "FIRE" - if(l==126) return "CRTP" - if(l==127) return "CRUDP" - if(l==128) return "SSCOPMCE" - if(l==129) return "IPLT" - if(l==130) return "SPS" - if(l==131) return "PIPE" - if(l==132) return "SCTP" - if(l==133) return "FC" - return "" -} - -function _sock_family_str(f) { - if(f==0) return "PF_UNSPEC" - if(f==1) return "PF_UNIX" - if(f==1) return "PF_LOCAL" - if(f==2) return "PF_INET" - if(f==3) return "PF_AX25" - if(f==4) return "PF_IPX" - if(f==5) return "PF_APPLETALK" - if(f==6) return "PF_NETROM" - if(f==7) return "PF_BRIDGE" - if(f==8) return "PF_ATMPVC" - if(f==9) return "PF_X25" - if(f==10) return "PF_INET6" - if(f==11) return "PF_ROSE" - if(f==12) return "PF_DECnet" - if(f==13) return "PF_NETBEUI" - if(f==14) return "PF_SECURITY" - if(f==15) return "PF_KEY" - if(f==16) return "PF_NETLINK" - if(f==17) return "PF_PACKET" - if(f==18) return "PF_ASH" - if(f==19) return "PF_ECONET" - if(f==20) return "PF_ATMSVC" - if(f==22) return "PF_SNA" - if(f==23) return "PF_IRDA" - if(f==24) return "PF_PPPOX" - if(f==25) return "PF_WANPIPE" - if(f==26) return "PF_LLC" - if(f==31) return "PF_BLUETOOTH" - if(f==32) return "PF_MAX" - return "" -} - -function _sock_type_str(t) { - if(t==1) return "SOCK_STREAM" - if(t==2) return "SOCK_DGRAM" - if(t==5) return "SOCK_SEQPACKET" - if(t==3) return "SOCK_RAW" - if(t==4) return "SOCK_RDM" - if(t==10) return "SOCK_PACKET" - return "" -} - -function _opoll_op_str(o) { - if(o==1) return "EPOLL_CTL_ADD" - if(o==3) return "EPOLL_CTL_MOD" - if(o==2) return "EPOLL_CTL_DEL" - return "" -} - -function _epoll_events_str(e) { - if(e==1) return "EPOLLIN" - if(e==4) return "EPOLLOUT" - if(e==2) return "EPOLLPRI" - if(e==8) return "EPOLLERR" - if(e==16) return "EPOLLHUP" - if(e==-2147483648) return "EPOLLET" - if(e==1073741824) return "EPOLLONESHOT" - return "" -} - -function _rlimit_resource_str(r) { - if(r==-1) return "RLIM_INFINITY" - if(r==9) return "RLIMIT_AS" - if(r==4) return "RLIMIT_CORE" - if(r==0) return "RLIMIT_CPU" - if(r==2) return "RLIMIT_DATA" - if(r==1) return "RLIMIT_FSIZE" - if(r==10) return "RLIMIT_LOCKS" - if(r==8) return "RLIMIT_MEMLOCK" - if(r==7) return "RLIMIT_NOFILE" - if(r==6) return "RLIMIT_NPROC" - if(r==5) return "RLIMIT_RSS" - if(r==3) return "RLIMIT_STACK" - return "" -} - -function _rusage_who_str(w) { - if(w==0) return "RUSAGE_SELF" - if(w==-1) return "RUSAGE_CHILDREN" - return "" -} + kernel.function("sys_rt_sigaction").return { + name = "rt_sigaction.return" + } -- 2.43.5