From 99b1466ba1240b0fa92c6e56ccaa77234507c0e8 Mon Sep 17 00:00:00 2001
From: Martin Cermak <mcermak@redhat.com>
Date: Mon, 2 Jan 2017 15:30:29 +0100
Subject: [PATCH] PR20333/ptrace

---
 tapset/linux/nd_syscalls2.stp | 28 ---------------
 tapset/linux/sysc_ptrace.stp  | 65 +++++++++++++++++++++++++++++++++++
 tapset/linux/syscalls2.stp    | 27 ---------------
 3 files changed, 65 insertions(+), 55 deletions(-)
 create mode 100644 tapset/linux/sysc_ptrace.stp

diff --git a/tapset/linux/nd_syscalls2.stp b/tapset/linux/nd_syscalls2.stp
index 991d7dd3b..0835d6d0a 100644
--- a/tapset/linux/nd_syscalls2.stp
+++ b/tapset/linux/nd_syscalls2.stp
@@ -1,32 +1,4 @@
 
-# ptrace _____________________________________________________
-#
-# int sys_ptrace(long request,
-#		long pid,
-#		long addr,
-#		long data)
-#
-probe nd_syscall.ptrace = kprobe.function("sys_ptrace") ?,
-	kprobe.function("compat_sys_ptrace") ?
-{
-	name = "ptrace"
-	asmlinkage()
-	request = long_arg(1)
-	pid = int_arg(2)
-	addr = ulong_arg(3)
-	data = ulong_arg(4)
-	argstr = _ptrace_argstr(request, pid, addr, data)
-}
-probe nd_syscall.ptrace.return = kprobe.function("sys_ptrace").return ?,
-	kprobe.function("compat_sys_ptrace").return ?
-{
-	name = "ptrace"
-	retstr = returnstr(1)
-
-	geteventmsg_data = 0
-	arch_prctl_addr = 0
-}
-
 # pwrite64 ___________________________________________________
 #
 # ssize_t sys_pwrite64(unsigned int fd,
diff --git a/tapset/linux/sysc_ptrace.stp b/tapset/linux/sysc_ptrace.stp
new file mode 100644
index 000000000..daf5d615e
--- /dev/null
+++ b/tapset/linux/sysc_ptrace.stp
@@ -0,0 +1,65 @@
+# ptrace _____________________________________________________
+#
+# int sys_ptrace(long request,
+#                long pid,
+#                long addr,
+#                long data)
+#
+
+@define _SYSCALL_PTRACE_NAME
+%(
+	name = "ptrace"
+%)
+
+@define _SYSCALL_PTRACE_ARGSTR
+%(
+	argstr = _ptrace_argstr(request, pid, addr, data)
+%)
+
+probe syscall.ptrace = dw_syscall.ptrace !, nd_syscall.ptrace {}
+probe syscall.ptrace.return = dw_syscall.ptrace.return !, nd_syscall.ptrace.return {}
+
+# dw_ptrace _____________________________________________________
+
+probe dw_syscall.ptrace = kernel.function("sys_ptrace").call ?,
+		kernel.function("compat_sys_ptrace").call ?
+{
+	@_SYSCALL_PTRACE_NAME
+	request = $request
+	pid = __int32($pid)
+	addr = @__compat_ulong($addr)
+	data = @__compat_ulong(@choose_defined($data, $cdata))
+	@_SYSCALL_PTRACE_ARGSTR
+}
+probe dw_syscall.ptrace.return = kernel.function("sys_ptrace").return ?,
+	kernel.function("compat_sys_ptrace").return ?
+{
+	@_SYSCALL_PTRACE_NAME
+	retstr = return_str(1, $return)
+
+	geteventmsg_data = _ptrace_return_geteventmsg_data(@entry($request), @entry($data))
+	arch_prctl_addr = _ptrace_return_arch_prctl_addr(@entry($request), @entry($addr), @entry($data))
+}
+
+# nd_ptrace _____________________________________________________
+
+probe nd_syscall.ptrace = kprobe.function("sys_ptrace") ?,
+	kprobe.function("compat_sys_ptrace") ?
+{
+	@_SYSCALL_PTRACE_NAME
+	asmlinkage()
+	request = long_arg(1)
+	pid = int_arg(2)
+	addr = ulong_arg(3)
+	data = ulong_arg(4)
+	@_SYSCALL_PTRACE_ARGSTR
+}
+probe nd_syscall.ptrace.return = kprobe.function("sys_ptrace").return ?,
+	kprobe.function("compat_sys_ptrace").return ?
+{
+	@_SYSCALL_PTRACE_NAME
+	retstr = returnstr(1)
+
+	geteventmsg_data = 0
+	arch_prctl_addr = 0
+}
diff --git a/tapset/linux/syscalls2.stp b/tapset/linux/syscalls2.stp
index fdb9b7359..ed5a52694 100644
--- a/tapset/linux/syscalls2.stp
+++ b/tapset/linux/syscalls2.stp
@@ -1,31 +1,4 @@
 
-# ptrace _____________________________________________________
-#
-# int sys_ptrace(long request,
-#		long pid,
-#		long addr,
-#		long data)
-#
-probe syscall.ptrace = kernel.function("sys_ptrace").call ?,
-		kernel.function("compat_sys_ptrace").call ? 
-{
-	name = "ptrace"
-	request = $request
-	pid = __int32($pid)
-	addr = @__compat_ulong($addr)
-	data = @__compat_ulong(@choose_defined($data, $cdata))
-	argstr = _ptrace_argstr($request, pid, addr, data)
-}
-probe syscall.ptrace.return = kernel.function("sys_ptrace").return ?,
-	kernel.function("compat_sys_ptrace").return ?
-{
-	name = "ptrace"
-	retstr = return_str(1, $return)
-
-	geteventmsg_data = _ptrace_return_geteventmsg_data(@entry($request), @entry($data))
-	arch_prctl_addr = _ptrace_return_arch_prctl_addr(@entry($request), @entry($addr), @entry($data))
-}
-
 # pwrite64 ___________________________________________________
 #
 # ssize_t sys_pwrite64(unsigned int fd,
-- 
2.43.5