From afd5f082091ffe79d886fa43325345ea2792be94 Mon Sep 17 00:00:00 2001
From: Martin Cermak <mcermak@redhat.com>
Date: Mon, 2 Jan 2017 09:27:16 +0100
Subject: [PATCH] PR20333/pivot_root

---
 tapset/linux/nd_syscalls2.stp    | 19 -------------
 tapset/linux/sysc_pivot_root.stp | 48 ++++++++++++++++++++++++++++++++
 tapset/linux/syscalls2.stp       | 18 ------------
 3 files changed, 48 insertions(+), 37 deletions(-)
 create mode 100644 tapset/linux/sysc_pivot_root.stp

diff --git a/tapset/linux/nd_syscalls2.stp b/tapset/linux/nd_syscalls2.stp
index ce1d9fb6a..fd34d506a 100644
--- a/tapset/linux/nd_syscalls2.stp
+++ b/tapset/linux/nd_syscalls2.stp
@@ -1,23 +1,4 @@
 
-# pivot_root _________________________________________________
-#
-# long sys_pivot_root(const char __user *new_root, const char __user *put_old)
-#
-probe nd_syscall.pivot_root = kprobe.function("sys_pivot_root") ?
-{
-	name = "pivot_root"
-	asmlinkage()
-	new_root_str = user_string_quoted(pointer_arg(1))
-	old_root_str = user_string_quoted(pointer_arg(2))
-	argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)),
-		user_string_quoted(pointer_arg(2)))
-}
-probe nd_syscall.pivot_root.return = kprobe.function("sys_pivot_root").return ?
-{
-	name = "pivot_root"
-	retstr = returnstr(1)
-}
-
 # poll _______________________________________________________
 #
 # long sys_poll(struct pollfd __user * ufds, unsigned int nfds, int timeout)
diff --git a/tapset/linux/sysc_pivot_root.stp b/tapset/linux/sysc_pivot_root.stp
new file mode 100644
index 000000000..73a0927b5
--- /dev/null
+++ b/tapset/linux/sysc_pivot_root.stp
@@ -0,0 +1,48 @@
+# pivot_root _________________________________________________
+#
+# long sys_pivot_root(const char __user *new_root, const char __user *put_old)
+#
+
+@define _SYSCALL_PIVOT_ROOT_NAME
+%(
+	name = "pivot_root"
+%)
+
+@define _SYSCALL_PIVOT_ROOT_ARGSTR
+%(
+	argstr = sprintf("%s, %s", new_root_str, old_root_str)
+%)
+
+probe syscall.pivot_root = dw_syscall.pivot_root !, nd_syscall.pivot_root {}
+probe syscall.pivot_root.return = dw_syscall.pivot_root.return !, nd_syscall.pivot_root.return {}
+
+# dw_pivot_root _____________________________________________________
+
+probe dw_syscall.pivot_root = kernel.function("sys_pivot_root").call
+{
+	@_SYSCALL_PIVOT_ROOT_NAME
+	new_root_str = user_string_quoted($new_root)
+	old_root_str = user_string_quoted($put_old)
+	@_SYSCALL_PIVOT_ROOT_ARGSTR
+}
+probe dw_syscall.pivot_root.return = kernel.function("sys_pivot_root").return
+{
+	@_SYSCALL_PIVOT_ROOT_NAME
+	retstr = return_str(1, $return)
+}
+
+# nd_pivot_root _____________________________________________________
+
+probe nd_syscall.pivot_root = kprobe.function("sys_pivot_root") ?
+{
+	@_SYSCALL_PIVOT_ROOT_NAME
+	asmlinkage()
+	new_root_str = user_string_quoted(pointer_arg(1))
+	old_root_str = user_string_quoted(pointer_arg(2))
+	@_SYSCALL_PIVOT_ROOT_ARGSTR
+}
+probe nd_syscall.pivot_root.return = kprobe.function("sys_pivot_root").return ?
+{
+	@_SYSCALL_PIVOT_ROOT_NAME
+	retstr = returnstr(1)
+}
diff --git a/tapset/linux/syscalls2.stp b/tapset/linux/syscalls2.stp
index c3962a8e0..e28628c71 100644
--- a/tapset/linux/syscalls2.stp
+++ b/tapset/linux/syscalls2.stp
@@ -1,22 +1,4 @@
 
-# pivot_root _________________________________________________
-#
-# long sys_pivot_root(const char __user *new_root, const char __user *put_old)
-#
-probe syscall.pivot_root = kernel.function("sys_pivot_root").call
-{
-	name = "pivot_root"
-	new_root_str = user_string_quoted($new_root)
-	old_root_str = user_string_quoted($put_old)
-	argstr = sprintf("%s, %s", user_string_quoted($new_root),
-		user_string_quoted($put_old))
-}
-probe syscall.pivot_root.return = kernel.function("sys_pivot_root").return
-{
-	name = "pivot_root"
-	retstr = return_str(1, $return)
-}
-
 # poll _______________________________________________________
 #
 # long sys_poll(struct pollfd __user * ufds, unsigned int nfds, int timeout)
-- 
2.43.5