This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
[PATCH] Unify formatting of syscalls.stp and syscalls2.stp.
- From: Przemyslaw Pawelczyk <przemyslaw at pawelczyk dot it>
- To: systemtap at sourceware dot org
- Date: Tue, 19 May 2009 13:04:29 +0200
- Subject: [PATCH] Unify formatting of syscalls.stp and syscalls2.stp.
- Mail-from: 5b310b0c51710c2841ec757400bb90f09d9e28ba Mon Sep 17 00:00:00 2001
Rules:
- Specify probe points for aliases starting from the alias declaration
line and with one probe point per line.
- Use K&R indent style -- probe alias/point/function opening brace goes
to the line following the declaration, other opening braces are kept
on the same line as the control statements.
- Indent using tabs.
- Surround operators with spaces.
- Put spaces after commas.
- Avoid trailing whitespaces.
---
tapset/syscalls.stp | 1153 +++++++++++++++++++++++++-------------------
tapset/syscalls2.stp | 1313 +++++++++++++++++++++++++++++---------------------
2 files changed, 1407 insertions(+), 1059 deletions(-)
diff --git a/tapset/syscalls.stp b/tapset/syscalls.stp
index 1b04269..6d7075d 100644
--- a/tapset/syscalls.stp
+++ b/tapset/syscalls.stp
@@ -21,7 +21,7 @@
* braces are decoded structs.
*
* retstr - a string containing the return value in an easy-to-read format.
-* Set in return probes only.
+* Set in return probes only.
*/
@@ -29,7 +29,8 @@
# long sys_accept(int fd, struct sockaddr __user *upeer_sockaddr,
# int __user *upeer_addrlen)
probe syscall.accept = kernel.function("SyS_accept") !,
- kernel.function("sys_accept") ? {
+ kernel.function("sys_accept") ?
+{
name = "accept"
sockfd = $fd
addr_uaddr = $upeer_sockaddr
@@ -37,7 +38,8 @@ probe syscall.accept = kernel.function("SyS_accept") !,
argstr = sprintf("%d, %p, %p", $fd, $upeer_sockaddr, $upeer_addrlen)
}
probe syscall.accept.return = kernel.function("SyS_accept").return !,
- kernel.function("sys_accept").return ? {
+ kernel.function("sys_accept").return ?
+{
name = "accept"
retstr = returnstr(1)
}
@@ -45,7 +47,8 @@ probe syscall.accept.return = kernel.function("SyS_accept").return !,
# access _____________________________________________________
# long sys_access(const char __user * filename, int mode)
probe syscall.access = kernel.function("SyS_access") !,
- kernel.function("sys_access") {
+ kernel.function("sys_access")
+{
name = "access"
pathname = user_string($filename)
mode = $mode
@@ -53,19 +56,22 @@ probe syscall.access = kernel.function("SyS_access") !,
argstr = sprintf("%s, %s", user_string_quoted($filename), mode_str)
}
probe syscall.access.return = kernel.function("SyS_access").return !,
- kernel.function("sys_access").return {
+ kernel.function("sys_access").return
+{
name = "access"
retstr = returnstr(1)
}
# acct _______________________________________________________
# long sys_acct(const char __user *name)
-probe syscall.acct = kernel.function("sys_acct") ? {
+probe syscall.acct = kernel.function("sys_acct") ?
+{
name = "acct"
- filename = user_string($name)
+ filename = user_string($name)
argstr = user_string_quoted($name)
}
-probe syscall.acct.return = kernel.function("sys_acct").return ? {
+probe syscall.acct.return = kernel.function("sys_acct").return ?
+{
name = "acct"
retstr = returnstr(1)
}
@@ -78,21 +84,23 @@ probe syscall.acct.return = kernel.function("sys_acct").return ? {
# key_serial_t ringid)
#
probe syscall.add_key = kernel.function("SyS_add_key") !,
- kernel.function("sys_add_key") ? {
+ kernel.function("sys_add_key") ?
+{
name = "add_key"
type_uaddr = $_type
description_auddr = $_description
payload_uaddr = $_payload
plen = $plen
ringid = $ringid
- argstr = sprintf("%s, %s, %s, %d, %d",
- user_string_quoted($_type),
- user_string_quoted($_description),
- text_strn(user_string($_payload),syscall_string_trunc,1),
- $plen, $ringid)
+ argstr = sprintf("%s, %s, %s, %d, %d",
+ user_string_quoted($_type),
+ user_string_quoted($_description),
+ text_strn(user_string($_payload), syscall_string_trunc, 1),
+ $plen, $ringid)
}
probe syscall.add_key.return = kernel.function("SyS_add_key").return !,
- kernel.function("sys_add_key").return ? {
+ kernel.function("sys_add_key").return ?
+{
name = "add_key"
retstr = returnstr(1)
}
@@ -100,35 +108,39 @@ probe syscall.add_key.return = kernel.function("SyS_add_key").return !,
# adjtimex ___________________________________________________
# long sys_adjtimex(struct timex __user *txc_p)
probe syscall.adjtimex = kernel.function("SyS_adjtimex") !,
- kernel.function("sys_adjtimex") {
+ kernel.function("sys_adjtimex")
+{
name = "adjtimex"
-
+
/*
- * buf_offset = __uget_timex_m($txc_p,1)
- * buf_freq = __uget_timex_m($txc_p,2)
- * buf_maxerror = __uget_timex_m($txc_p,3)
- * buf_esterror = __uget_timex_m($txc_p,4)
- * buf_status = __uget_timex_m($txc_p,5)
- * buf_constant = __uget_timex_m($txc_p,6)
- * buf_precision = __uget_timex_m($txc_p,7)
- * buf_tolerance = __uget_timex_m($txc_p,8)
- * buf_time_tv_sec = __uget_timex_m($txc_p,9)
- * buf_time_tv_usec = __uget_timex_m($txc_p,10)
- * buf_tick = __uget_timex_m($txc_p,11)
+ * buf_offset = __uget_timex_m($txc_p, 1)
+ * buf_freq = __uget_timex_m($txc_p, 2)
+ * buf_maxerror = __uget_timex_m($txc_p, 3)
+ * buf_esterror = __uget_timex_m($txc_p, 4)
+ * buf_status = __uget_timex_m($txc_p, 5)
+ * buf_constant = __uget_timex_m($txc_p, 6)
+ * buf_precision = __uget_timex_m($txc_p, 7)
+ * buf_tolerance = __uget_timex_m($txc_p, 8)
+ * buf_time_tv_sec = __uget_timex_m($txc_p, 9)
+ * buf_time_tv_usec = __uget_timex_m($txc_p, 10)
+ * buf_tick = __uget_timex_m($txc_p, 11)
*/
argstr = sprintf("%p", $txc_p)
}
probe syscall.adjtimex.return = kernel.function("SyS_adjtimex").return !,
- kernel.function("sys_adjtimex").return {
+ kernel.function("sys_adjtimex").return
+{
name = "adjtimex"
retstr = _adjtimex_return_str($return)
}
# long compat_sys_adjtimex(struct compat_timex __user *utp)
-probe syscall.compat_adjtimex = kernel.function("compat_sys_adjtimex") ? {
+probe syscall.compat_adjtimex = kernel.function("compat_sys_adjtimex") ?
+{
name = "compat_adjtimex"
argstr = sprintf("%p", $utp)
}
-probe syscall.compat_adjtimex.return = kernel.function("compat_sys_adjtimex").return ? {
+probe syscall.compat_adjtimex.return = kernel.function("compat_sys_adjtimex").return ?
+{
name = "compat_adjtimex"
retstr = returnstr(1)
}
@@ -137,8 +149,7 @@ probe syscall.compat_adjtimex.return = kernel.function("compat_sys_adjtimex").re
# unsigned long sys_alarm (unsigned int seconds)
# long sys32_alarm(unsigned int seconds)
#
-probe syscall.alarm =
- kernel.function("sys32_alarm") ?,
+probe syscall.alarm = kernel.function("sys32_alarm") ?,
kernel.function("SyS_alarm") !,
kernel.function("sys_alarm") ?
{
@@ -146,8 +157,7 @@ probe syscall.alarm =
seconds = $seconds
argstr = sprint($seconds)
}
-probe syscall.alarm.return =
- kernel.function("sys32_alarm").return ?,
+probe syscall.alarm.return = kernel.function("sys32_alarm").return ?,
kernel.function("SyS_alarm").return !,
kernel.function("sys_alarm").return ?
{
@@ -156,20 +166,22 @@ probe syscall.alarm.return =
}
# bdflush ____________________________________________________
-# long sys_bdflush(int func,long data)
+# long sys_bdflush(int func, long data)
probe syscall.bdflush = kernel.function("SyS_bdflush") !,
- kernel.function("sys_bdflush") ? {
+ kernel.function("sys_bdflush") ?
+{
name = "bdflush"
func = $func
data = $data
- if (($func>=2)&&($func%2==0))
- data_str = sprintf("%p", $data)
- else
- data_str = sprintf("%d", $data)
- argstr = sprintf("%d, %s",func, data_str)
+ if (($func >= 2) && ($func % 2 == 0))
+ data_str = sprintf("%p", $data)
+ else
+ data_str = sprintf("%d", $data)
+ argstr = sprintf("%d, %s", func, data_str)
}
probe syscall.bdflush.return = kernel.function("SyS_bdflush").return !,
- kernel.function("sys_bdflush").return ? {
+ kernel.function("sys_bdflush").return ?
+{
name = "bdflush"
retstr = returnstr(1)
}
@@ -177,23 +189,24 @@ probe syscall.bdflush.return = kernel.function("SyS_bdflush").return !,
# bind _______________________________________________________
# long sys_bind(int fd, struct sockaddr __user *umyaddr, int addrlen)
probe syscall.bind = kernel.function("SyS_bind") !,
- kernel.function("sys_bind") ? {
+ kernel.function("sys_bind") ?
+{
name = "bind"
sockfd = $fd
my_addr_uaddr = $umyaddr
addrlen = $addrlen
- argstr = sprintf("%d, %s, %d", $fd, _struct_sockaddr_u($umyaddr,$addrlen),$addrlen)
+ argstr = sprintf("%d, %s, %d", $fd, _struct_sockaddr_u($umyaddr, $addrlen), $addrlen)
}
probe syscall.bind.return = kernel.function("SyS_bind").return !,
- kernel.function("sys_bind").return ? {
+ kernel.function("sys_bind").return ?
+{
name = "bind"
retstr = returnstr(1)
}
# brk ________________________________________________________
# unsigned long sys_brk(unsigned long brk)
-probe syscall.brk =
- kernel.function("ia64_brk") ?,
+probe syscall.brk = kernel.function("ia64_brk") ?,
kernel.function("SyS_brk") !,
kernel.function("sys_brk")
{
@@ -201,8 +214,7 @@ probe syscall.brk =
brk = $brk
argstr = sprintf("%p", brk)
}
-probe syscall.brk.return =
- kernel.function("ia64_brk").return ?,
+probe syscall.brk.return = kernel.function("ia64_brk").return ?,
kernel.function("SyS_brk").return !,
kernel.function("sys_brk").return
{
@@ -224,14 +236,16 @@ probe syscall.brk.return =
*/
# long sys_capget(cap_user_header_t header, cap_user_data_t dataptr)
probe syscall.capget = kernel.function("SyS_capget") !,
- kernel.function("sys_capget") {
+ kernel.function("sys_capget")
+{
name = "capget"
header_uaddr = $header
data_uaddr = $dataptr
argstr = sprintf("%p, %p", $header, $dataptr)
}
probe syscall.capget.return = kernel.function("SyS_capget").return !,
- kernel.function("sys_capget").return {
+ kernel.function("sys_capget").return
+{
name = "capget"
retstr = returnstr(1)
}
@@ -249,14 +263,16 @@ probe syscall.capget.return = kernel.function("SyS_capget").return !,
*/
# long sys_capset(cap_user_header_t header, const cap_user_data_t data)
probe syscall.capset = kernel.function("SyS_capset") !,
- kernel.function("sys_capset") {
+ kernel.function("sys_capset")
+{
name = "capset"
header_uaddr = $header
data_uaddr = $data
argstr = sprintf("%p, %p", $header, $data)
}
probe syscall.capset.return = kernel.function("SyS_capset").return !,
- kernel.function("sys_capset").return {
+ kernel.function("sys_capset").return
+{
name = "capset"
retstr = returnstr(1)
}
@@ -264,13 +280,15 @@ probe syscall.capset.return = kernel.function("SyS_capset").return !,
# chdir ______________________________________________________
# long sys_chdir(const char __user * filename)
probe syscall.chdir = kernel.function("SyS_chdir") !,
- kernel.function("sys_chdir") {
+ kernel.function("sys_chdir")
+{
name = "chdir"
path = user_string($filename)
argstr = user_string_quoted($filename)
}
probe syscall.chdir.return = kernel.function("SyS_chdir").return !,
- kernel.function("sys_chdir").return {
+ kernel.function("sys_chdir").return
+{
name = "chdir"
retstr = returnstr(1)
}
@@ -278,14 +296,16 @@ probe syscall.chdir.return = kernel.function("SyS_chdir").return !,
# chmod ______________________________________________________
# long sys_chmod(const char __user * filename, mode_t mode)
probe syscall.chmod = kernel.function("SyS_chmod") !,
- kernel.function("sys_chmod") {
+ kernel.function("sys_chmod")
+{
name = "chmod"
path = user_string($filename)
mode = $mode
argstr = sprintf("%s, %#o", user_string_quoted($filename), mode)
}
probe syscall.chmod.return = kernel.function("SyS_chmod").return !,
- kernel.function("sys_chmod").return {
+ kernel.function("sys_chmod").return
+{
name = "chmod"
retstr = returnstr(1)
}
@@ -293,30 +313,34 @@ probe syscall.chmod.return = kernel.function("SyS_chmod").return !,
# chown ______________________________________________________
# long sys_chown(const char __user * filename, uid_t user, gid_t group)
probe syscall.chown = kernel.function("SyS_chown") !,
- kernel.function("sys_chown") {
+ kernel.function("sys_chown")
+{
name = "chown"
path = user_string($filename)
owner = __int32($user)
group = __int32($group)
- argstr = sprintf("%s, %d, %d",user_string_quoted($filename), owner, group)
+ argstr = sprintf("%s, %d, %d", user_string_quoted($filename), owner, group)
}
probe syscall.chown.return = kernel.function("SyS_chown").return !,
- kernel.function("sys_chown").return {
+ kernel.function("sys_chown").return
+{
name = "chown"
retstr = returnstr(1)
}
# chown16 ___________________________________________________
-# long sys_chown16(const char __user * filename, old_uid_t user,
+# long sys_chown16(const char __user * filename, old_uid_t user,
# old_gid_t group)
#
-probe syscall.chown16 = kernel.function("sys_chown16") ? {
+probe syscall.chown16 = kernel.function("sys_chown16") ?
+{
name = "chown16"
path = user_string($filename)
owner = __short($user)
group = __short($group)
argstr = sprintf("%s, %d, %d", user_string_quoted($filename), owner, group)
}
-probe syscall.chown16.return = kernel.function("sys_chown16").return ? {
+probe syscall.chown16.return = kernel.function("sys_chown16").return ?
+{
name = "chown16"
retstr = returnstr(1)
}
@@ -324,13 +348,15 @@ probe syscall.chown16.return = kernel.function("sys_chown16").return ? {
# chroot _____________________________________________________
# long sys_chroot(const char __user * filename)
probe syscall.chroot = kernel.function("SyS_chroot") !,
- kernel.function("sys_chroot") {
+ kernel.function("sys_chroot")
+{
name = "chroot"
path = user_string($filename)
argstr = user_string_quoted($filename)
}
probe syscall.chroot.return = kernel.function("SyS_chroot").return !,
- kernel.function("sys_chroot").return {
+ kernel.function("sys_chroot").return
+{
name = "chroot"
retstr = returnstr(1)
}
@@ -338,9 +364,8 @@ probe syscall.chroot.return = kernel.function("SyS_chroot").return !,
# clock_getres _______________________________________________
# long sys_clock_getres(clockid_t which_clock, struct timespec __user *tp)
# long compat_clock_getres(clockid_t which_clock, struct compat_timespec __user *tp)
-#
-probe syscall.clock_getres =
- kernel.function("compat_clock_getres") ?,
+#
+probe syscall.clock_getres = kernel.function("compat_clock_getres") ?,
kernel.function("SyS_clock_getres") !,
kernel.function("sys_clock_getres")
{
@@ -350,8 +375,7 @@ probe syscall.clock_getres =
res_uaddr = $tp
argstr = sprintf("%s, %p", _get_wc_str($which_clock), $tp)
}
-probe syscall.clock_getres.return =
- kernel.function("compat_clock_getres").return ?,
+probe syscall.clock_getres.return = kernel.function("compat_clock_getres").return ?,
kernel.function("SyS_clock_getres").return !,
kernel.function("sys_clock_getres").return
{
@@ -362,8 +386,7 @@ probe syscall.clock_getres.return =
# clock_gettime ______________________________________________
# long sys_clock_gettime(clockid_t which_clock, struct timespec __user *tp)
#
-probe syscall.clock_gettime =
- kernel.function("SyS_clock_gettime") !,
+probe syscall.clock_gettime = kernel.function("SyS_clock_gettime") !,
kernel.function("sys_clock_gettime")
{
name = "clock_gettime"
@@ -371,8 +394,7 @@ probe syscall.clock_gettime =
clk_id_str = _get_wc_str($which_clock)
argstr = sprintf("%s, %p", _get_wc_str($which_clock), $tp)
}
-probe syscall.clock_gettime.return =
- kernel.function("SyS_clock_gettime").return !,
+probe syscall.clock_gettime.return = kernel.function("SyS_clock_gettime").return !,
kernel.function("sys_clock_gettime").return
{
name = "clock_gettime"
@@ -386,18 +408,19 @@ probe syscall.clock_gettime.return =
# struct timespec __user *rmtp)
#
probe syscall.clock_nanosleep = kernel.function("SyS_clock_nanosleep") !,
- kernel.function("sys_clock_nanosleep") {
+ kernel.function("sys_clock_nanosleep")
+{
name = "clock_nanosleep"
if ($flags == 1)
flag_str = "TIMER_ABSTIME"
else
flag_str = sprintf("0x%x", $flags)
argstr = sprintf("%s, %s, %s, %p", _get_wc_str($which_clock), flag_str,
- _struct_timespec_u($rqtp,1), $rmtp)
+ _struct_timespec_u($rqtp, 1), $rmtp)
}
-probe syscall.clock_nanosleep.return =
- kernel.function("SyS_clock_nanosleep").return !,
- kernel.function("sys_clock_nanosleep").return {
+probe syscall.clock_nanosleep.return = kernel.function("SyS_clock_nanosleep").return !,
+ kernel.function("sys_clock_nanosleep").return
+{
name = "clock_nanosleep"
retstr = returnstr(1)
}
@@ -407,8 +430,7 @@ probe syscall.clock_nanosleep.return =
# struct compat_timespec __user *rqtp,
# struct compat_timespec __user *rmtp)
#
-probe syscall.compat_clock_nanosleep =
- kernel.function("compat_clock_nanosleep") ?,
+probe syscall.compat_clock_nanosleep = kernel.function("compat_clock_nanosleep") ?,
kernel.function("compat_sys_clock_nanosleep") ?
{
name = "compat_clock_nanosleep"
@@ -417,10 +439,9 @@ probe syscall.compat_clock_nanosleep =
else
flag_str = sprintf("0x%x", $flags)
argstr = sprintf("%s, %s, %s, %p", _get_wc_str($which_clock), flag_str,
- _struct_compat_timespec_u($rqtp,1), $rmtp)
+ _struct_compat_timespec_u($rqtp, 1), $rmtp)
}
-probe syscall.compat_clock_nanosleep.return =
- kernel.function("compat_clock_nanosleep").return ?,
+probe syscall.compat_clock_nanosleep.return = kernel.function("compat_clock_nanosleep").return ?,
kernel.function("compat_sys_clock_nanosleep").return ?
{
name = "compat_clock_nanosleep"
@@ -432,15 +453,17 @@ probe syscall.compat_clock_nanosleep.return =
# const struct timespec __user *tp)
#
probe syscall.clock_settime = kernel.function("SyS_clock_settime") !,
- kernel.function("sys_clock_settime") {
+ kernel.function("sys_clock_settime")
+{
name = "clock_settime"
clk_id = $which_clock
clk_id_str = _get_wc_str($which_clock)
tp_uaddr = $tp
- argstr = sprintf("%s, %s", clk_id_str, _struct_timespec_u($tp,1))
+ argstr = sprintf("%s, %s", clk_id_str, _struct_timespec_u($tp, 1))
}
probe syscall.clock_settime.return = kernel.function("SyS_clock_settime").return !,
- kernel.function("sys_clock_settime").return {
+ kernel.function("sys_clock_settime").return
+{
name = "clock_settime"
retstr = returnstr(1)
}
@@ -448,28 +471,32 @@ probe syscall.clock_settime.return = kernel.function("SyS_clock_settime").return
# close ______________________________________________________
# long sys_close(unsigned int fd)
probe syscall.close = kernel.function("SyS_close") !,
- kernel.function("sys_close") {
+ kernel.function("sys_close")
+{
name = "close"
fd = $fd
argstr = sprint(fd)
}
probe syscall.close.return = kernel.function("SyS_close").return !,
- kernel.function("sys_close").return {
+ kernel.function("sys_close").return
+{
name = "close"
retstr = returnstr(1)
}
# connect ____________________________________________________
# long sys_connect(int fd, struct sockaddr __user *uservaddr, int addrlen)
probe syscall.connect = kernel.function("SyS_connect") !,
- kernel.function("sys_connect") ? {
+ kernel.function("sys_connect") ?
+{
name = "connect"
sockfd = $fd
serv_addr_uaddr = $uservaddr
addrlen = $addrlen
- argstr = sprintf("%d, %s, %d", $fd, _struct_sockaddr_u($uservaddr,$addrlen),$addrlen)
+ argstr = sprintf("%d, %s, %d", $fd, _struct_sockaddr_u($uservaddr, $addrlen), $addrlen)
}
probe syscall.connect.return = kernel.function("SyS_connect").return !,
- kernel.function("sys_connect").return ? {
+ kernel.function("sys_connect").return ?
+{
name = "connect"
retstr = returnstr(1)
}
@@ -494,14 +521,16 @@ probe syscall.creat.return = kernel.function("SyS_creat").return !,
# delete_module ______________________________________________
# long sys_delete_module(const char __user *name_user, unsigned int flags)
probe syscall.delete_module = kernel.function("SyS_delete_module") !,
- kernel.function("sys_delete_module") ? {
+ kernel.function("sys_delete_module") ?
+{
name = "delete_module"
name_user = user_string($name_user)
flags = $flags
argstr = sprintf("%s, %s", user_string_quoted($name_user), _module_flags_str($flags))
}
probe syscall.delete_module.return = kernel.function("SyS_delete_module").return !,
- kernel.function("sys_delete_module").return ? {
+ kernel.function("sys_delete_module").return ?
+{
name = "delete_module"
retstr = returnstr(1)
}
@@ -509,13 +538,15 @@ probe syscall.delete_module.return = kernel.function("SyS_delete_module").return
# dup ________________________________________________________
# long sys_dup(unsigned int fildes)
probe syscall.dup = kernel.function("SyS_dup") !,
- kernel.function("sys_dup") {
+ kernel.function("sys_dup")
+{
name = "dup"
oldfd = $fildes
argstr = sprint($fildes)
}
probe syscall.dup.return = kernel.function("SyS_dup").return !,
- kernel.function("sys_dup").return {
+ kernel.function("sys_dup").return
+{
name = "dup"
retstr = returnstr(1)
}
@@ -523,14 +554,16 @@ probe syscall.dup.return = kernel.function("SyS_dup").return !,
# dup2 _______________________________________________________
# long sys_dup2(unsigned int oldfd, unsigned int newfd)
probe syscall.dup2 = kernel.function("SyS_dup2") !,
- kernel.function("sys_dup2") {
+ kernel.function("sys_dup2")
+{
name = "dup2"
oldfd = $oldfd
newfd = $newfd
argstr = sprintf("%d, %d", $oldfd, $newfd)
}
probe syscall.dup2.return = kernel.function("SyS_dup2").return !,
- kernel.function("sys_dup2").return {
+ kernel.function("sys_dup2").return
+{
name = "dup2"
retstr = returnstr(1)
}
@@ -538,14 +571,15 @@ probe syscall.dup2.return = kernel.function("SyS_dup2").return !,
# epoll_create _______________________________________________
# long sys_epoll_create(int size)
probe syscall.epoll_create = kernel.function("SyS_epoll_create") !,
- kernel.function("sys_epoll_create") ? {
+ kernel.function("sys_epoll_create") ?
+{
name = "epoll_create"
size = $size
argstr = sprint($size)
}
-probe syscall.epoll_create.return =
- kernel.function("SyS_epoll_create").return !,
- kernel.function("sys_epoll_create").return ? {
+probe syscall.epoll_create.return = kernel.function("SyS_epoll_create").return !,
+ kernel.function("sys_epoll_create").return ?
+{
name = "epoll_create"
retstr = returnstr(1)
}
@@ -556,8 +590,7 @@ probe syscall.epoll_create.return =
# long compat_sys_epoll_ctl(int epfd, int op, int fd,
# struct compat_epoll_event __user *event)
#
-probe syscall.epoll_ctl =
- kernel.function("compat_sys_epoll_ctl") ?,
+probe syscall.epoll_ctl = kernel.function("compat_sys_epoll_ctl") ?,
kernel.function("SyS_epoll_ctl") !,
kernel.function("sys_epoll_ctl") ?
{
@@ -569,8 +602,7 @@ probe syscall.epoll_ctl =
event_uaddr = $event
argstr = sprintf("%d, %s, %d, %p", $epfd, _opoll_op_str($op), $fd, $event)
}
-probe syscall.epoll_ctl.return =
- kernel.function("compat_sys_epoll_ctl").return ?,
+probe syscall.epoll_ctl.return = kernel.function("compat_sys_epoll_ctl").return ?,
kernel.function("SyS_epoll_ctl").return !,
kernel.function("sys_epoll_ctl").return ?
{
@@ -589,8 +621,7 @@ probe syscall.epoll_ctl.return =
# const compat_sigset_t __user *sigmask,
# compat_size_t sigsetsize)
#
-probe syscall.epoll_pwait =
- kernel.function("compat_sys_epoll_pwait") ?,
+probe syscall.epoll_pwait = kernel.function("compat_sys_epoll_pwait") ?,
kernel.function("SyS_epoll_pwait") !,
kernel.function("sys_epoll_pwait") ?
{
@@ -598,8 +629,7 @@ probe syscall.epoll_pwait =
argstr = sprintf("%d, %p, %d, %d, %p, %d",
$epfd, $events, $maxevents, $timeout, $sigmask, $sigsetsize)
}
-probe syscall.epoll_pwait.return =
- kernel.function("compat_sys_epoll_pwait").return ?,
+probe syscall.epoll_pwait.return = kernel.function("compat_sys_epoll_pwait").return ?,
kernel.function("SyS_epoll_pwait").return !,
kernel.function("sys_epoll_pwait").return ?
{
@@ -615,8 +645,7 @@ probe syscall.epoll_pwait.return =
# struct compat_epoll_event __user *events,
# int maxevents, int timeout)
#
-probe syscall.epoll_wait =
- kernel.function("compat_sys_epoll_wait") ?,
+probe syscall.epoll_wait = kernel.function("compat_sys_epoll_wait") ?,
kernel.function("SyS_epoll_wait") !,
kernel.function("sys_epoll_wait") ?
{
@@ -627,8 +656,7 @@ probe syscall.epoll_wait =
timeout = $timeout
argstr = sprintf("%d, %p, %d, %d", $epfd, $events, $maxevents, $timeout)
}
-probe syscall.epoll_wait.return =
- kernel.function("compat_sys_epoll_wait").return ?,
+probe syscall.epoll_wait.return = kernel.function("compat_sys_epoll_wait").return ?,
kernel.function("SyS_epoll_wait").return !,
kernel.function("sys_epoll_wait").return ?
{
@@ -640,12 +668,14 @@ probe syscall.epoll_wait.return =
# long sys_eventfd(unsigned int count)
#
probe syscall.eventfd = kernel.function("SyS_eventfd") !,
- kernel.function("sys_eventfd") ? {
+ kernel.function("sys_eventfd") ?
+{
name = "eventfd"
argstr = sprint($count)
}
probe syscall.eventfd.return = kernel.function("SyS_eventfd").return !,
- kernel.function("sys_eventfd").return ? {
+ kernel.function("sys_eventfd").return ?
+{
name = "eventfd"
retstr = returnstr(1)
}
@@ -657,7 +687,8 @@ probe syscall.eventfd.return = kernel.function("SyS_eventfd").return !,
# char __user *__user *argv,
# char __user *__user *envp,
# struct pt_regs * regs)
-probe syscall.execve = kernel.function("do_execve") {
+probe syscall.execve = kernel.function("do_execve")
+{
name = "execve"
filename = kernel_string($filename)
args = __get_argv($argv, 0)
@@ -665,7 +696,8 @@ probe syscall.execve = kernel.function("do_execve") {
}
# v2.6.15-rc2 or earlier has problems with sys_execve return probes
# another reason to probe on do_execve
-probe syscall.execve.return = kernel.function("do_execve").return {
+probe syscall.execve.return = kernel.function("do_execve").return
+{
name = "execve"
retstr = returnstr(1)
}
@@ -673,20 +705,23 @@ probe syscall.execve.return = kernel.function("do_execve").return {
# compat_uptr_t __user *argv,
# compat_uptr_t __user *envp,
# struct pt_regs * regs)
-probe syscall.compat_execve = kernel.function("compat_do_execve") ? {
+probe syscall.compat_execve = kernel.function("compat_do_execve") ?
+{
name = "compat_execve"
filename = kernel_string($filename)
args = __get_compat_argv($argv, 0)
argstr = sprintf("%s %s", filename, __get_compat_argv($argv, 1))
}
-probe syscall.compat_execve.return = kernel.function("compat_do_execve").return ? {
+probe syscall.compat_execve.return = kernel.function("compat_do_execve").return ?
+{
name = "compat_execve"
retstr = returnstr(1)
}
# exit _______________________________________________________
# long sys_exit(int error_code)
-probe syscall.exit = kernel.function("do_exit") {
+probe syscall.exit = kernel.function("do_exit")
+{
name = "exit"
status = $code
argstr = sprint($code)
@@ -698,7 +733,8 @@ probe syscall.exit = kernel.function("do_exit") {
# void sys_exit_group(int error_code)
#
probe syscall.exit_group = kernel.function("SyS_exit_group") !,
- kernel.function("sys_exit_group") {
+ kernel.function("sys_exit_group")
+{
name = "exit_group"
status = $error_code
argstr = sprint($error_code)
@@ -710,7 +746,8 @@ probe syscall.exit_group = kernel.function("SyS_exit_group") !,
# new function with 2.6.16
# long sys_faccessat(int dfd, const char __user *filename, int mode)
probe syscall.faccessat = kernel.function("SyS_faccessat") !,
- kernel.function("sys_faccessat") ? {
+ kernel.function("sys_faccessat") ?
+{
name = "faccessat"
dirfd = $dfd
dirfd_str = _dfd_str($dfd)
@@ -720,7 +757,8 @@ probe syscall.faccessat = kernel.function("SyS_faccessat") !,
argstr = sprintf("%s, %s, %s", dirfd_str, user_string_quoted($filename), mode_str)
}
probe syscall.faccessat.return = kernel.function("SyS_faccessat").return !,
- kernel.function("sys_faccessat").return ? {
+ kernel.function("sys_faccessat").return ?
+{
name = "faccessat"
retstr = returnstr(1)
}
@@ -730,7 +768,8 @@ probe syscall.faccessat.return = kernel.function("SyS_faccessat").return !,
# long sys_fadvise64(int fd, loff_t offset, size_t len, int advice)
#
probe syscall.fadvise64 = kernel.function("SyS_fadvise64") !,
- kernel.function("sys_fadvise64") ? {
+ kernel.function("sys_fadvise64") ?
+{
name = "fadvise64"
fd = $fd
offset = $offset
@@ -739,7 +778,8 @@ probe syscall.fadvise64 = kernel.function("SyS_fadvise64") !,
argstr = sprintf("%d, %d, %d, %s", $fd, $offset, $len, _fadvice_advice_str($advice))
}
probe syscall.fadvise64.return = kernel.function("SyS_fadvise64").return !,
- kernel.function("sys_fadvise64").return ? {
+ kernel.function("sys_fadvise64").return ?
+{
name = "fadvise64"
retstr = returnstr(1)
}
@@ -748,7 +788,8 @@ probe syscall.fadvise64.return = kernel.function("SyS_fadvise64").return !,
# long sys_fadvise64_64(int fd, loff_t offset, loff_t len, int advice)
#
probe syscall.fadvise64_64 = kernel.function("SyS_fadvise64_64") !,
- kernel.function("sys_fadvise64_64") ? {
+ kernel.function("sys_fadvise64_64") ?
+{
name = "fadvise64_64"
fd = $fd
offset = $offset
@@ -757,7 +798,8 @@ probe syscall.fadvise64_64 = kernel.function("SyS_fadvise64_64") !,
argstr = sprintf("%d, %d, %d, %s", $fd, $offset, $len, _fadvice_advice_str($advice))
}
probe syscall.fadvise64_64.return = kernel.function("SyS_fadvise64_64").return !,
- kernel.function("sys_fadvise64_64").return ? {
+ kernel.function("sys_fadvise64_64").return ?
+{
name = "fadvise64_64"
retstr = returnstr(1)
}
@@ -768,7 +810,8 @@ probe syscall.fadvise64_64.return = kernel.function("SyS_fadvise64_64").return !
# long sys_fadvise64(int fd, loff_t offset, size_t len, int advice)
#
probe syscall.fadvise64 = kernel.function("SyS_fadvise64") !,
- kernel.function("sys_fadvise64") {
+ kernel.function("sys_fadvise64")
+{
name = "fadvise64"
fd = 0
offset = 0
@@ -777,7 +820,8 @@ probe syscall.fadvise64 = kernel.function("SyS_fadvise64") !,
argstr = ""
}
probe syscall.fadvise64.return = kernel.function("SyS_fadvise64").return !,
- kernel.function("sys_fadvise64").return {
+ kernel.function("sys_fadvise64").return
+{
name = "fadvise64"
retstr = returnstr(1)
}
@@ -786,7 +830,8 @@ probe syscall.fadvise64.return = kernel.function("SyS_fadvise64").return !,
# long sys_fadvise64_64(int fd, loff_t offset, loff_t len, int advice)
#
probe syscall.fadvise64_64 = kernel.function("SyS_fadvise64_64") !,
- kernel.function("sys_fadvise64_64") {
+ kernel.function("sys_fadvise64_64")
+{
name = "fadvise64_64"
fd = 0
offset = 0
@@ -795,7 +840,8 @@ probe syscall.fadvise64_64 = kernel.function("SyS_fadvise64_64") !,
argstr = ""
}
probe syscall.fadvise64_64.return = kernel.function("SyS_fadvise64_64").return !,
- kernel.function("sys_fadvise64_64").return {
+ kernel.function("sys_fadvise64_64").return
+{
name = "fadvise64_64"
retstr = returnstr(1)
}
@@ -804,13 +850,15 @@ probe syscall.fadvise64_64.return = kernel.function("SyS_fadvise64_64").return !
# fchdir _____________________________________________________
# long sys_fchdir(unsigned int fd)
probe syscall.fchdir = kernel.function("SyS_fchdir") !,
- kernel.function("sys_fchdir") {
+ kernel.function("sys_fchdir")
+{
name = "fchdir"
fd = $fd
argstr = sprint($fd)
}
probe syscall.fchdir.return = kernel.function("SyS_fchdir").return !,
- kernel.function("sys_fchdir").return {
+ kernel.function("sys_fchdir").return
+{
name = "fchdir"
retstr = returnstr(1)
}
@@ -818,14 +866,16 @@ probe syscall.fchdir.return = kernel.function("SyS_fchdir").return !,
# fchmod _____________________________________________________
# long sys_fchmod(unsigned int fd, mode_t mode)
probe syscall.fchmod = kernel.function("SyS_fchmod") !,
- kernel.function("sys_fchmod") {
+ kernel.function("sys_fchmod")
+{
name = "fchmod"
fildes = $fd
mode = $mode
argstr = sprintf("%d, %#o", $fd, $mode)
}
probe syscall.fchmod.return = kernel.function("SyS_fchmod").return !,
- kernel.function("sys_fchmod").return {
+ kernel.function("sys_fchmod").return
+{
name = "fchmod"
retstr = returnstr(1)
}
@@ -835,7 +885,8 @@ probe syscall.fchmod.return = kernel.function("SyS_fchmod").return !,
# long sys_fchmodat(int dfd, const char __user *filename,
# mode_t mode)
probe syscall.fchmodat = kernel.function("SyS_fchmodat") !,
- kernel.function("sys_fchmodat") ? {
+ kernel.function("sys_fchmodat") ?
+{
name = "fchmodat"
dirfd = $dfd
dirfd_str = _dfd_str($dfd)
@@ -844,7 +895,8 @@ probe syscall.fchmodat = kernel.function("SyS_fchmodat") !,
argstr = sprintf("%s, %s, %#o", dirfd_str, user_string_quoted($filename), $mode)
}
probe syscall.fchmodat.return = kernel.function("SyS_fchmodat").return !,
- kernel.function("sys_fchmodat").return ? {
+ kernel.function("sys_fchmodat").return ?
+{
name = "fchmodat"
retstr = returnstr(1)
}
@@ -852,29 +904,33 @@ probe syscall.fchmodat.return = kernel.function("SyS_fchmodat").return !,
# fchown _____________________________________________________
# long sys_fchown(unsigned int fd, uid_t user, gid_t group)
probe syscall.fchown = kernel.function("SyS_fchown") !,
- kernel.function("sys_fchown") {
+ kernel.function("sys_fchown")
+{
name = "fchown"
fd = $fd
owner = __int32($user)
group = __int32($group)
- argstr = sprintf("%d, %d, %d", $fd, owner, group)
+ argstr = sprintf("%d, %d, %d", $fd, owner, group)
}
probe syscall.fchown.return = kernel.function("SyS_fchown").return !,
- kernel.function("sys_fchown").return {
+ kernel.function("sys_fchown").return
+{
name = "fchown"
retstr = returnstr(1)
}
# fchown16 ___________________________________________________
# long sys_fchown16(unsigned int fd, old_uid_t user, old_gid_t group)
-probe syscall.fchown16 = kernel.function("sys_fchown16") ? {
+probe syscall.fchown16 = kernel.function("sys_fchown16") ?
+{
name = "fchown16"
fd = $fd
owner = __short($user)
group = __short($group)
argstr = sprintf("%d, %d, %d", $fd, owner, group)
}
-probe syscall.fchown16.return = kernel.function("sys_fchown16").return ? {
+probe syscall.fchown16.return = kernel.function("sys_fchown16").return ?
+{
name = "fchown16"
retstr = returnstr(1)
}
@@ -884,7 +940,8 @@ probe syscall.fchown16.return = kernel.function("sys_fchown16").return ? {
# long sys_fchownat(int dfd, const char __user *filename,
# uid_t user, gid_t group, int flag)
probe syscall.fchownat = kernel.function("SyS_fchownat") !,
- kernel.function("sys_fchownat") ? {
+ kernel.function("sys_fchownat") ?
+{
name = "fchownat"
dirfd = $dfd
dirfd_str = _dfd_str($dfd)
@@ -897,7 +954,8 @@ probe syscall.fchownat = kernel.function("SyS_fchownat") !,
dirfd_str, user_string_quoted($filename), owner, group, flags_str)
}
probe syscall.fchownat.return = kernel.function("SyS_fchownat").return !,
- kernel.function("sys_fchownat").return ? {
+ kernel.function("sys_fchownat").return ?
+{
name = "fchownat"
retstr = returnstr(1)
}
@@ -908,8 +966,7 @@ probe syscall.fchownat.return = kernel.function("SyS_fchownat").return !,
# long compat_sys_fcntl64(unsigned int fd, unsigned int cmd, unsigned long arg)
# long compat_sys_fcntl(unsigned int fd, unsigned int cmd, unsigned long arg)
#
-probe syscall.fcntl =
- kernel.function("compat_sys_fcntl") ?,
+probe syscall.fcntl = kernel.function("compat_sys_fcntl") ?,
kernel.function("compat_sys_fcntl64") ?,
kernel.function("sys_fcntl64") ?,
kernel.function("SyS_fcntl") !,
@@ -919,11 +976,10 @@ probe syscall.fcntl =
fd = $fd
cmd = $cmd
cmd_str = _fcntl_cmd_str($cmd)
- arg = $arg
+ arg = $arg
argstr = sprintf("%d, %s, %p", $fd, _fcntl_cmd_str($cmd), $arg)
}
-probe syscall.fcntl.return =
- kernel.function("compat_sys_fcntl").return ?,
+probe syscall.fcntl.return = kernel.function("compat_sys_fcntl").return ?,
kernel.function("compat_sys_fcntl64").return ?,
kernel.function("sys_fcntl64").return ?,
kernel.function("SyS_fcntl").return !,
@@ -936,13 +992,15 @@ probe syscall.fcntl.return =
# fdatasync __________________________________________________
# long sys_fdatasync(unsigned int fd)
probe syscall.fdatasync = kernel.function("SyS_fdatasync") !,
- kernel.function("sys_fdatasync") {
+ kernel.function("sys_fdatasync")
+{
name = "fdatasync"
fd = $fd
argstr = sprint(fd)
}
probe syscall.fdatasync.return = kernel.function("SyS_fdatasync").return !,
- kernel.function("sys_fdatasync").return {
+ kernel.function("sys_fdatasync").return
+{
name = "fdatasync"
retstr = returnstr(1)
}
@@ -951,7 +1009,8 @@ probe syscall.fdatasync.return = kernel.function("SyS_fdatasync").return !,
# ssize_t sys_fgetxattr(int fd, char __user *name,
# void __user *value, size_t size)
probe syscall.fgetxattr = kernel.function("SyS_fgetxattr") !,
- kernel.function("sys_fgetxattr") {
+ kernel.function("sys_fgetxattr")
+{
name = "fgetxattr"
filedes = $fd
#FIXME
@@ -961,14 +1020,16 @@ probe syscall.fgetxattr = kernel.function("SyS_fgetxattr") !,
argstr = sprintf("%d, %s, %p, %d", filedes, user_string_quoted($name), value_uaddr, size)
}
probe syscall.fgetxattr.return = kernel.function("SyS_fgetxattr").return !,
- kernel.function("sys_fgetxattr").return {
+ kernel.function("sys_fgetxattr").return
+{
name = "fgetxattr"
retstr = returnstr(1)
}
# flistxattr _________________________________________________
# ssize_t sys_flistxattr(int fd, char __user *list, size_t size)
probe syscall.flistxattr = kernel.function("SyS_flistxattr") !,
- kernel.function("sys_flistxattr") {
+ kernel.function("sys_flistxattr")
+{
name = "flistxattr"
filedes = $fd
list_uaddr = $list
@@ -976,7 +1037,8 @@ probe syscall.flistxattr = kernel.function("SyS_flistxattr") !,
argstr = sprintf("%d, %p, %d", filedes, list_uaddr, size)
}
probe syscall.flistxattr.return = kernel.function("SyS_flistxattr").return !,
- kernel.function("sys_flistxattr").return {
+ kernel.function("sys_flistxattr").return
+{
name = "flistxattr"
retstr = returnstr(1)
}
@@ -984,19 +1046,22 @@ probe syscall.flistxattr.return = kernel.function("SyS_flistxattr").return !,
# flock ______________________________________________________
# long sys_flock(unsigned int fd, unsigned int cmd)
probe syscall.flock = kernel.function("SyS_flock") !,
- kernel.function("sys_flock") {
+ kernel.function("sys_flock")
+{
name = "flock"
fd = $fd
operation = $cmd
argstr = sprintf("%d, %s", fd, _flock_cmd_str(operation))
}
probe syscall.flock.return = kernel.function("SyS_flock").return !,
- kernel.function("sys_flock").return {
+ kernel.function("sys_flock").return
+{
name = "flock"
retstr = returnstr(1)
}
-function __is_user_regs:long (regs:long) %{ /* pure */
+function __is_user_regs:long (regs:long) /* pure */
+%{
struct pt_regs * regs = (void *)((unsigned long)THIS->regs);
/* copied from asm/ptrace.h */
#if defined(__i386__)
@@ -1034,17 +1099,18 @@ CATCH_DEREF_FAULT();
# unsigned long stack_size,
# int __user *parent_tidptr,
# int __user *child_tidptr)
-probe syscall.fork = kernel.function("do_fork") {
+probe syscall.fork = kernel.function("do_fork")
+{
clone_flags = $clone_flags
stack_start = $stack_start
regs = $regs
stack_size = $stack_size
parent_tid_uaddr = $parent_tidptr
child_tid_uaddr = $child_tidptr
-
+
if (!__is_user_regs(regs)) {
name = "fork_kernel_thread"
- argstr = __fork_flags(clone_flags)
+ argstr = __fork_flags(clone_flags)
} else if (clone_flags & 17)
name = "fork"
else if (clone_flags & 0x4000)
@@ -1054,21 +1120,24 @@ probe syscall.fork = kernel.function("do_fork") {
argstr = __fork_flags(clone_flags)
}
}
-probe syscall.fork.return = kernel.function("do_fork").return {
+probe syscall.fork.return = kernel.function("do_fork").return
+{
name = "fork"
retstr = returnstr(1)
}
# fremovexattr _______________________________________________
# long sys_fremovexattr(int fd, char __user *name)
probe syscall.fremovexattr = kernel.function("SyS_fremovexattr") !,
- kernel.function("sys_fremovexattr") {
+ kernel.function("sys_fremovexattr")
+{
name = "fremovexattr"
filedes = $fd
name_uaddr = $name
argstr = sprintf("FIXME PLEASE")
}
probe syscall.fremovexattr.return = kernel.function("SyS_fremovexattr").return !,
- kernel.function("sys_fremovexattr").return {
+ kernel.function("sys_fremovexattr").return
+{
name = "fremovexattr"
retstr = returnstr(1)
}
@@ -1083,7 +1152,8 @@ probe syscall.fremovexattr.return = kernel.function("SyS_fremovexattr").return !
* int flags)
*/
probe syscall.fsetxattr = kernel.function("SyS_fsetxattr") !,
- kernel.function("sys_fsetxattr") {
+ kernel.function("sys_fsetxattr")
+{
name = "fsetxattr"
filedes = $fd
# FIXME
@@ -1094,7 +1164,8 @@ probe syscall.fsetxattr = kernel.function("SyS_fsetxattr") !,
argstr = sprintf("%d, %s, %p, %d, %p", filedes, user_string_quoted($name), value_uaddr, size, flags)
}
probe syscall.fsetxattr.return = kernel.function("SyS_fsetxattr").return !,
- kernel.function("sys_fsetxattr").return {
+ kernel.function("sys_fsetxattr").return
+{
name = "fsetxattr"
retstr = returnstr(1)
}
@@ -1108,8 +1179,7 @@ probe syscall.fsetxattr.return = kernel.function("SyS_fsetxattr").return !,
# struct oldabi_stat64 __user * statbuf)
# long compat_sys_newfstat(unsigned int fd, struct compat_stat __user * statbuf)
#
-probe syscall.fstat =
- kernel.function("sys_fstat") ?,
+probe syscall.fstat = kernel.function("sys_fstat") ?,
kernel.function("SyS_fstat64") ?,
kernel.function("sys_fstat64") ?,
kernel.function("sys32_fstat64") ?,
@@ -1123,8 +1193,7 @@ probe syscall.fstat =
buf_uaddr = $statbuf
argstr = sprintf("%d, %p", $fd, $statbuf)
}
-probe syscall.fstat.return =
- kernel.function("sys_fstat").return ?,
+probe syscall.fstat.return = kernel.function("sys_fstat").return ?,
kernel.function("SyS_fstat64").return ?,
kernel.function("sys_fstat64").return ?,
kernel.function("sys32_fstat64").return ?,
@@ -1142,9 +1211,8 @@ probe syscall.fstat.return =
# long sys_newfstatat(int dfd, char __user *filename, struct stat __user *statbuf, int flag)
# long sys_fstatat64(int dfd, char __user *filename, struct stat64 __user *statbuf, int flag)
# long compat_sys_newfstatat(unsigned int dfd, char __user *filename, struct compat_stat __user *statbuf, int flag)
-probe syscall.fstatat =
- kernel.function("SyS_fstatat64") ?,
- kernel.function("sys_fstatat64") ?,
+probe syscall.fstatat = kernel.function("SyS_fstatat64") ?,
+ kernel.function("sys_fstatat64") ?,
kernel.function("SyS_newfstatat") ?,
kernel.function("sys_newfstatat") ?,
kernel.function("compat_sys_newfstatat") ?,
@@ -1156,9 +1224,8 @@ probe syscall.fstatat =
buf_uaddr = $statbuf
argstr = sprintf("%s, %s, %p, %s", _dfd_str($dfd), user_string_quoted($filename), $statbuf, _at_flag_str($flag))
}
-probe syscall.fstatat.return =
- kernel.function("SyS_fstatat64").return ?,
- kernel.function("sys_fstatat64").return ?,
+probe syscall.fstatat.return = kernel.function("SyS_fstatat64").return ?,
+ kernel.function("sys_fstatat64").return ?,
kernel.function("SyS_newfstatat").return ?,
kernel.function("sys_newfstatat").return ?,
kernel.function("compat_sys_newfstatat").return ?,
@@ -1172,8 +1239,7 @@ probe syscall.fstatat.return =
# long sys_fstatfs(unsigned int fd, struct statfs __user * buf)
# long compat_sys_fstatfs(unsigned int fd, struct compat_statfs __user *buf)
#
-probe syscall.fstatfs =
- kernel.function("compat_sys_fstatfs") ?,
+probe syscall.fstatfs = kernel.function("compat_sys_fstatfs") ?,
kernel.function("SyS_fstatfs") !,
kernel.function("sys_fstatfs")
{
@@ -1182,8 +1248,7 @@ probe syscall.fstatfs =
buf_uaddr = $buf
argstr = sprintf("%d, %p", $fd, $buf)
}
-probe syscall.fstatfs.return =
- kernel.function("compat_sys_fstatfs").return ?,
+probe syscall.fstatfs.return = kernel.function("compat_sys_fstatfs").return ?,
kernel.function("SyS_fstatfs").return !,
kernel.function("sys_fstatfs").return
{
@@ -1195,8 +1260,7 @@ probe syscall.fstatfs.return =
# long sys_fstatfs64(unsigned int fd, size_t sz, struct statfs64 __user *buf)
# long compat_sys_fstatfs64(unsigned int fd, compat_size_t sz, struct compat_statfs64 __user *buf)
#
-probe syscall.fstatfs64 =
- kernel.function("compat_sys_fstatfs64") ?,
+probe syscall.fstatfs64 = kernel.function("compat_sys_fstatfs64") ?,
kernel.function("SyS_fstatfs64") !,
kernel.function("sys_fstatfs64") ?
{
@@ -1206,8 +1270,7 @@ probe syscall.fstatfs64 =
buf_uaddr = $buf
argstr = sprintf("%d, %d, %p", $fd, $sz, $buf)
}
-probe syscall.fstatfs64.return =
- kernel.function("compat_sys_fstatfs64").return ?,
+probe syscall.fstatfs64.return = kernel.function("compat_sys_fstatfs64").return ?,
kernel.function("SyS_fstatfs64").return !,
kernel.function("sys_fstatfs64").return ?
{
@@ -1218,40 +1281,46 @@ probe syscall.fstatfs64.return =
# fsync ______________________________________________________
# long sys_fsync(unsigned int fd)
probe syscall.fsync = kernel.function("SyS_fsync") !,
- kernel.function("sys_fsync") {
+ kernel.function("sys_fsync")
+{
name = "fsync"
fd = $fd
argstr = sprint(fd)
}
probe syscall.fsync.return = kernel.function("SyS_fsync").return !,
- kernel.function("sys_fsync").return {
+ kernel.function("sys_fsync").return
+{
name = "fsync"
retstr = returnstr(1)
}
# ftruncate __________________________________________________
# long sys_ftruncate(unsigned int fd, unsigned long length)
probe syscall.ftruncate = kernel.function("SyS_ftruncate") !,
- kernel.function("sys_ftruncate") {
+ kernel.function("sys_ftruncate")
+{
name = "ftruncate"
fd = $fd
length = $length
argstr = sprintf("%d, %d", fd, length)
}
probe syscall.ftruncate.return = kernel.function("SyS_ftruncate").return !,
- kernel.function("sys_ftruncate").return {
+ kernel.function("sys_ftruncate").return
+{
name = "ftruncate"
retstr = returnstr(1)
}
# ftruncate64 ________________________________________________
# long sys_ftruncate64(unsigned int fd, loff_t length)
-probe syscall.ftruncate64 = kernel.function("sys_ftruncate64") ? {
+probe syscall.ftruncate64 = kernel.function("sys_ftruncate64") ?
+{
name = "ftruncate"
fd = $fd
length = $length
argstr = sprintf("%d, %d", fd, length)
}
-probe syscall.ftruncate64.return = kernel.function("sys_ftruncate64").return ? {
+probe syscall.ftruncate64.return = kernel.function("sys_ftruncate64").return ?
+{
name = "ftruncate"
retstr = returnstr(1)
}
@@ -1268,7 +1337,8 @@ probe syscall.ftruncate64.return = kernel.function("sys_ftruncate64").return ? {
# u32 val3)
#
probe syscall.futex = kernel.function("SyS_futex") !,
- kernel.function("sys_futex") ? {
+ kernel.function("sys_futex") ?
+{
name = "futex"
futex_uaddr = $uaddr
op = $op
@@ -1277,18 +1347,20 @@ probe syscall.futex = kernel.function("SyS_futex") !,
uaddr2_uaddr = $uaddr2
val3 = $val3
if (op == 0)
- argstr = sprintf("%p, %s, %d, %s", $uaddr, _futex_op_str($op),
- $val, _struct_timespec_u($utime,1))
+ argstr = sprintf("%p, %s, %d, %s", $uaddr, _futex_op_str($op),
+ $val, _struct_timespec_u($utime, 1))
else
- argstr = sprintf("%p, %s, %d", $uaddr, _futex_op_str($op),
- $val)
+ argstr = sprintf("%p, %s, %d", $uaddr, _futex_op_str($op),
+ $val)
}
probe syscall.futex.return = kernel.function("SyS_futex").return !,
- kernel.function("sys_futex").return ? {
+ kernel.function("sys_futex").return ?
+{
name = "futex"
retstr = returnstr(1)
}
-probe syscall.compat_futex = kernel.function("compat_sys_futex") ? {
+probe syscall.compat_futex = kernel.function("compat_sys_futex") ?
+{
name = "futex"
futex_uaddr = $uaddr
op = $op
@@ -1297,13 +1369,14 @@ probe syscall.compat_futex = kernel.function("compat_sys_futex") ? {
uaddr2_uaddr = $uaddr2
val3 = $val3
if (op == 0)
- argstr = sprintf("%p, %s, %d, %s", $uaddr, _futex_op_str($op),
- $val, _struct_compat_timespec_u($utime,1))
+ argstr = sprintf("%p, %s, %d, %s", $uaddr, _futex_op_str($op),
+ $val, _struct_compat_timespec_u($utime, 1))
else
- argstr = sprintf("%p, %s, %d", $uaddr, _futex_op_str($op),
- $val)
+ argstr = sprintf("%p, %s, %d", $uaddr, _futex_op_str($op),
+ $val)
}
-probe syscall.compat_futex.return = kernel.function("compat_sys_futex").return ? {
+probe syscall.compat_futex.return = kernel.function("compat_sys_futex").return ?
+{
name = "futex"
retstr = returnstr(1)
}
@@ -1315,30 +1388,34 @@ probe syscall.compat_futex.return = kernel.function("compat_sys_futex").return ?
#
probe syscall.futimesat = kernel.function("SyS_futimesat") !,
- kernel.function("sys_futimesat") ? {
+ kernel.function("sys_futimesat") ?
+{
name = "futimesat"
dirfd = $dfd
filename_uaddr = $filename
filename = user_string($filename)
tvp_uaddr = $utimes
- argstr = sprintf("%s, %s, %s", _dfd_str($dfd), user_string_quoted($filename),
+ argstr = sprintf("%s, %s, %s", _dfd_str($dfd), user_string_quoted($filename),
_struct_timeval_u($utimes, 2))
}
-probe syscall.compat_futimesat = kernel.function("compat_sys_futimesat") ? {
+probe syscall.compat_futimesat = kernel.function("compat_sys_futimesat") ?
+{
name = "futimesat"
dirfd = $dfd
filename_uaddr = $filename
filename = user_string($filename)
tvp_uaddr = $t
- argstr = sprintf("%s, %s, %s", _dfd_str($dfd), user_string_quoted($filename),
+ argstr = sprintf("%s, %s, %s", _dfd_str($dfd), user_string_quoted($filename),
_struct_compat_timeval_u($t, 2))
}
probe syscall.futimesat.return = kernel.function("SyS_futimesat").return !,
- kernel.function("sys_futimesat").return ? {
+ kernel.function("sys_futimesat").return ?
+{
name = "futimesat"
retstr = returnstr(1)
}
-probe syscall.compat_futimesat.return = kernel.function("compat_sys_futimesat").return ? {
+probe syscall.compat_futimesat.return = kernel.function("compat_sys_futimesat").return ?
+{
name = "futimesat"
retstr = returnstr(1)
}
@@ -1346,26 +1423,27 @@ probe syscall.compat_futimesat.return = kernel.function("compat_sys_futimesat").
# getcwd _____________________________________________________
# long sys_getcwd(char __user *buf, unsigned long size)
probe syscall.getcwd = kernel.function("SyS_getcwd") !,
- kernel.function("sys_getcwd") {
+ kernel.function("sys_getcwd")
+{
name = "getcwd"
buf_uaddr = $buf
size = $size
argstr = sprintf("%p, %d", buf_uaddr, size)
}
probe syscall.getcwd.return = kernel.function("SyS_getcwd").return !,
- kernel.function("sys_getcwd").return {
+ kernel.function("sys_getcwd").return
+{
name = "getcwd"
retstr = returnstr(1)
}
# getdents ___________________________________________________
# long sys_getdents(unsigned int fd, struct linux_dirent __user * dirent, unsigned int count)
-# long compat_sys_getdents(unsigned int fd,struct compat_linux_dirent __user *dirent, unsigned int count)
+# long compat_sys_getdents(unsigned int fd, struct compat_linux_dirent __user *dirent, unsigned int count)
# long sys_getdents64(unsigned int fd, struct linux_dirent64 __user * dirent, unsigned int count)
# long compat_sys_getdents64(unsigned int fd, struct linux_dirent64 __user * dirent, unsigned int count)
#
-probe syscall.getdents =
- kernel.function("SyS_getdents") ?,
+probe syscall.getdents = kernel.function("SyS_getdents") ?,
kernel.function("sys_getdents") ?,
kernel.function("SyS_getdents64") ?,
kernel.function("sys_getdents64") ?,
@@ -1378,8 +1456,7 @@ probe syscall.getdents =
count = $count
argstr = sprintf("%d, %p, %d", $fd, $dirent, $count)
}
-probe syscall.getdents.return =
- kernel.function("SyS_getdents").return ?,
+probe syscall.getdents.return = kernel.function("SyS_getdents").return ?,
kernel.function("sys_getdents").return ?,
kernel.function("SyS_getdents64").return ?,
kernel.function("sys_getdents64").return ?,
@@ -1395,16 +1472,14 @@ probe syscall.getdents.return =
# long sys_getegid16(void)
# long sys32_getegid16(void)
#
-probe syscall.getegid =
- kernel.function("sys_getegid16") ?,
+probe syscall.getegid = kernel.function("sys_getegid16") ?,
kernel.function("sys32_getegid16") ?,
kernel.function("sys_getegid")
{
name = "getegid"
argstr = ""
}
-probe syscall.getegid.return =
- kernel.function("sys_getegid16").return ?,
+probe syscall.getegid.return = kernel.function("sys_getegid16").return ?,
kernel.function("sys32_getegid16").return ?,
kernel.function("sys_getegid").return
{
@@ -1416,16 +1491,14 @@ probe syscall.getegid.return =
# long sys_geteuid(void)
# long sys32_geteuid16(void)
#
-probe syscall.geteuid =
- kernel.function("sys_geteuid16") ?,
+probe syscall.geteuid = kernel.function("sys_geteuid16") ?,
kernel.function("sys32_geteuid16") ?,
kernel.function("sys_geteuid")
{
name = "geteuid"
argstr = ""
}
-probe syscall.geteuid.return =
- kernel.function("sys_geteuid16").return ?,
+probe syscall.geteuid.return = kernel.function("sys_geteuid16").return ?,
kernel.function("sys32_geteuid16").return ?,
kernel.function("sys_geteuid").return
{
@@ -1437,16 +1510,14 @@ probe syscall.geteuid.return =
# long sys_getgid(void)
# long sys32_getgid16(void)
#
-probe syscall.getgid =
- kernel.function("sys_getgid16") ?,
+probe syscall.getgid = kernel.function("sys_getgid16") ?,
kernel.function("sys32_getgid16") ?,
- kernel.function("sys_getgid")
+ kernel.function("sys_getgid")
{
name = "getgid"
argstr = ""
}
-probe syscall.getgid.return =
- kernel.function("sys_getgid16").return ?,
+probe syscall.getgid.return = kernel.function("sys_getgid16").return ?,
kernel.function("sys32_getgid16").return ?,
kernel.function("sys_getgid").return
{
@@ -1459,8 +1530,7 @@ probe syscall.getgid.return =
# long sys_getgroups16(int gidsetsize, old_gid_t __user *grouplist)
# long sys32_getgroups16(int gidsetsize, u16 __user *grouplist)
#
-probe syscall.getgroups =
- kernel.function("sys_getgroups16") ?,
+probe syscall.getgroups = kernel.function("sys_getgroups16") ?,
kernel.function("sys32_getgroups16") ?,
kernel.function("SyS_getgroups") !,
kernel.function("sys_getgroups") ?
@@ -1470,8 +1540,7 @@ probe syscall.getgroups =
list_uaddr = $grouplist
argstr = sprintf("%d, %p", $gidsetsize, $grouplist)
}
-probe syscall.getgroups.return =
- kernel.function("sys_getgroups16").return ?,
+probe syscall.getgroups.return = kernel.function("sys_getgroups16").return ?,
kernel.function("sys32_getgroups16").return ?,
kernel.function("SyS_getgroups").return !,
kernel.function("sys_getgroups").return ?
@@ -1483,14 +1552,16 @@ probe syscall.getgroups.return =
# gethostname ________________________________________________
# long sys_gethostname(char __user *name, int len)
probe syscall.gethostname = kernel.function("SyS_gethostname") !,
- kernel.function("sys_gethostname") ? {
+ kernel.function("sys_gethostname") ?
+{
name = "gethostname"
name_uaddr = $name
len = $len
argstr = sprintf ("%p, %d", name_uaddr, len)
}
probe syscall.gethostname.return = kernel.function("SyS_gethostname").return !,
- kernel.function("sys_gethostname").return ? {
+ kernel.function("sys_gethostname").return ?
+{
name = "gethostname"
retstr = returnstr(1)
}
@@ -1499,25 +1570,29 @@ probe syscall.gethostname.return = kernel.function("SyS_gethostname").return !,
# sys_getitimer(int which, struct itimerval __user *value)
#
probe syscall.getitimer = kernel.function("SyS_getitimer") !,
- kernel.function("sys_getitimer") {
+ kernel.function("sys_getitimer")
+{
name = "getitimer"
which = $which
value_uaddr = $value
- argstr = sprintf("%s, %p", _itimer_which_str($which), $value)
+ argstr = sprintf("%s, %p", _itimer_which_str($which), $value)
}
probe syscall.getitimer.return = kernel.function("SyS_getitimer").return !,
- kernel.function("sys_getitimer").return {
+ kernel.function("sys_getitimer").return
+{
name = "getitimer"
retstr = returnstr(1)
}
# long compat_sys_getitimer(int which, struct compat_itimerval __user *it
-probe syscall.compat_getitimer = kernel.function("compat_sys_getitimer") ? {
+probe syscall.compat_getitimer = kernel.function("compat_sys_getitimer") ?
+{
name = "getitimer"
which = $which
value_uaddr = $it
- argstr = sprintf("%s, %p", _itimer_which_str($which), $it)
+ argstr = sprintf("%s, %p", _itimer_which_str($which), $it)
}
-probe syscall.compat_getitimer.return = kernel.function("compat_sys_getitimer").return ? {
+probe syscall.compat_getitimer.return = kernel.function("compat_sys_getitimer").return ?
+{
name = "getitimer"
retstr = returnstr(1)
}
@@ -1533,8 +1608,7 @@ probe syscall.compat_getitimer.return = kernel.function("compat_sys_getitimer").
# compat_ulong_t maxnode,
# compat_ulong_t addr, compat_ulong_t flags)
#
-probe syscall.get_mempolicy =
- kernel.function("compat_sys_get_mempolicy") ?,
+probe syscall.get_mempolicy = kernel.function("compat_sys_get_mempolicy") ?,
kernel.function("SyS_get_mempolicy") !,
kernel.function("sys_get_mempolicy") ?
{
@@ -1545,10 +1619,9 @@ probe syscall.get_mempolicy =
addr = $addr
flags = $flags
argstr = sprintf("%p, %p, %d, %p, 0x%x", $policy,
- $nmask, $maxnode, $addr, $flags)
+ $nmask, $maxnode, $addr, $flags)
}
-probe syscall.get_mempolicy.return =
- kernel.function("compat_sys_get_mempolicy").return ?,
+probe syscall.get_mempolicy.return = kernel.function("compat_sys_get_mempolicy").return ?,
kernel.function("SyS_get_mempolicy").return !,
kernel.function("sys_get_mempolicy").return ?
{
@@ -1560,7 +1633,8 @@ probe syscall.get_mempolicy.return =
# long sys_getpeername(int fd, struct sockaddr __user *usockaddr, int __user *usockaddr_len)
#
probe syscall.getpeername = kernel.function("SyS_getpeername") !,
- kernel.function("sys_getpeername") ? {
+ kernel.function("sys_getpeername") ?
+{
name = "getpeername"
s = $fd
name_uaddr = $usockaddr
@@ -1568,7 +1642,8 @@ probe syscall.getpeername = kernel.function("SyS_getpeername") !,
argstr = sprintf("%d, %p, %p", $fd, $usockaddr, $usockaddr_len)
}
probe syscall.getpeername.return = kernel.function("SyS_getpeername").return !,
- kernel.function("sys_getpeername").return ? {
+ kernel.function("sys_getpeername").return ?
+{
name = "getpeername"
retstr = returnstr(1)
}
@@ -1576,46 +1651,54 @@ probe syscall.getpeername.return = kernel.function("SyS_getpeername").return !,
# getpgid ____________________________________________________
# long sys_getpgid(pid_t pid)
probe syscall.getpgid = kernel.function("SyS_getpgid") !,
- kernel.function("sys_getpgid") {
+ kernel.function("sys_getpgid")
+{
name = "getpgid"
pid = $pid
argstr = sprintf("%d", $pid)
}
probe syscall.getpgid.return = kernel.function("SyS_getpgid").return !,
- kernel.function("sys_getpgid").return {
+ kernel.function("sys_getpgid").return
+{
name = "getpgid"
retstr = returnstr(1)
}
# getpgrp ____________________________________________________
# long sys_getpgrp(void)
-probe syscall.getpgrp = kernel.function("sys_getpgrp") ? {
+probe syscall.getpgrp = kernel.function("sys_getpgrp") ?
+{
name = "getpgrp"
argstr = ""
}
-probe syscall.getpgrp.return = kernel.function("sys_getpgrp").return ? {
+probe syscall.getpgrp.return = kernel.function("sys_getpgrp").return ?
+{
name = "getpgrp"
retstr = returnstr(1)
}
# getpid _____________________________________________________
# long sys_getpid(void)
-probe syscall.getpid = kernel.function("sys_getpid") {
+probe syscall.getpid = kernel.function("sys_getpid")
+{
name = "getpid"
argstr = ""
}
-probe syscall.getpid.return = kernel.function("sys_getpid").return {
+probe syscall.getpid.return = kernel.function("sys_getpid").return
+{
name = "getpid"
retstr = returnstr(1)
}
# getppid ____________________________________________________
# long sys_getppid(void)
-probe syscall.getppid = kernel.function("sys_getppid") {
+probe syscall.getppid = kernel.function("sys_getppid")
+{
name = "getppid"
argstr = ""
}
-probe syscall.getppid.return = kernel.function("sys_getppid").return {
+probe syscall.getppid.return = kernel.function("sys_getppid").return
+{
name = "getppid"
retstr = returnstr(1)
}
@@ -1623,14 +1706,16 @@ probe syscall.getppid.return = kernel.function("sys_getppid").return {
# getpriority ________________________________________________
# long sys_getpriority(int which, int who)
probe syscall.getpriority = kernel.function("SyS_getpriority") !,
- kernel.function("sys_getpriority") {
+ kernel.function("sys_getpriority")
+{
name = "getpriority"
which = $which
who = $who
argstr = sprintf("%s, %d", _priority_which_str(which), who)
}
probe syscall.getpriority.return = kernel.function("SyS_getpriority").return !,
- kernel.function("sys_getpriority").return {
+ kernel.function("sys_getpriority").return
+{
name = "getpriority"
retstr = returnstr(1)
}
@@ -1642,8 +1727,7 @@ probe syscall.getpriority.return = kernel.function("SyS_getpriority").return !,
# long sys_getresgid16(old_uid_t __user *rgid,
# old_uid_t __user *egid,
# old_uid_t __user *sgid)
-probe syscall.getresgid =
- kernel.function("sys_getresgid16") ?,
+probe syscall.getresgid = kernel.function("sys_getresgid16") ?,
kernel.function("SyS_getresgid") !,
kernel.function("sys_getresgid")
{
@@ -1653,8 +1737,7 @@ probe syscall.getresgid =
sgid_uaddr = $sgid
argstr = sprintf("%p, %p, %p", $rgid, $egid, $sgid)
}
-probe syscall.getresgid.return =
- kernel.function("sys_getresgid16").return ?,
+probe syscall.getresgid.return = kernel.function("sys_getresgid16").return ?,
kernel.function("SyS_getresgid").return !,
kernel.function("sys_getresgid").return
{
@@ -1663,11 +1746,10 @@ probe syscall.getresgid.return =
}
# getresuid __________________________________________________
-# long sys_getresuid(uid_t __user *ruid,
+# long sys_getresuid(uid_t __user *ruid,
# uid_t __user *euid,
# uid_t __user *suid)
-probe syscall.getresuid =
- kernel.function("sys_getresuid16") ?,
+probe syscall.getresuid = kernel.function("sys_getresuid16") ?,
kernel.function("SyS_getresuid") !,
kernel.function("sys_getresuid")
{
@@ -1677,8 +1759,7 @@ probe syscall.getresuid =
suid_uaddr = $suid
argstr = sprintf("%p, %p, %p", $ruid, $euid, $suid)
}
-probe syscall.getresuid.return =
- kernel.function("sys_getresuid16").return ?,
+probe syscall.getresuid.return = kernel.function("sys_getresuid16").return ?,
kernel.function("SyS_getresuid").return !,
kernel.function("sys_getresuid").return
{
@@ -1693,8 +1774,8 @@ probe syscall.getresuid.return =
probe syscall.getrlimit = kernel.function("SyS_getrlimit") ?,
kernel.function("sys_getrlimit") ?,
kernel.function("SyS_old_getrlimit") ?,
- kernel.function("sys_old_getrlimit") ?,
- kernel.function("compat_sys_getrlimit") ?
+ kernel.function("sys_old_getrlimit") ?,
+ kernel.function("compat_sys_getrlimit") ?
{
name = "getrlimit"
resource = $resource
@@ -1704,8 +1785,8 @@ probe syscall.getrlimit = kernel.function("SyS_getrlimit") ?,
probe syscall.getrlimit.return = kernel.function("SyS_getrlimit").return ?,
kernel.function("sys_getrlimit").return ?,
kernel.function("SyS_old_getrlimit").return ?,
- kernel.function("sys_old_getrlimit").return ?,
- kernel.function("compat_sys_getrlimit").return ?
+ kernel.function("sys_old_getrlimit").return ?,
+ kernel.function("compat_sys_getrlimit").return ?
{
name = "getrlimit"
retstr = returnstr(1)
@@ -1714,23 +1795,21 @@ probe syscall.getrlimit.return = kernel.function("SyS_getrlimit").return ?,
# getrusage __________________________________________________
# long sys_getrusage(int who, struct rusage __user *ru)
probe syscall.getrusage = kernel.function("SyS_getrusage") !,
- kernel.function("sys_getrusage") {
+ kernel.function("sys_getrusage")
+{
name = "getrusage"
who = $who
- if($who==-2)
- {
+ if ($who == -2) {
# RUSAGE_BOTH is not valid argument for sys_getrusage
who_str = sprintf("UNKNOWN VALUE: %d", $who)
- }
- else
- {
+ } else
who_str = _rusage_who_str($who)
- }
usage_uaddr = $ru
argstr = sprintf("%s, %p", who_str, usage_uaddr)
}
probe syscall.getrusage.return = kernel.function("SyS_getrusage").return !,
- kernel.function("sys_getrusage").return {
+ kernel.function("sys_getrusage").return
+{
name = "getrusage"
retstr = returnstr(1)
}
@@ -1738,13 +1817,15 @@ probe syscall.getrusage.return = kernel.function("SyS_getrusage").return !,
# getsid _____________________________________________________
# long sys_getsid(pid_t pid)
probe syscall.getsid = kernel.function("SyS_getsid") !,
- kernel.function("sys_getsid") {
+ kernel.function("sys_getsid")
+{
name = "getsid"
pid = $pid
argstr = sprint(pid)
}
probe syscall.getsid.return = kernel.function("SyS_getsid").return !,
- kernel.function("sys_getsid").return {
+ kernel.function("sys_getsid").return
+{
name = "getsid"
retstr = returnstr(1)
}
@@ -1754,7 +1835,8 @@ probe syscall.getsid.return = kernel.function("SyS_getsid").return !,
# struct sockaddr __user *usockaddr,
# int __user *usockaddr_len)
probe syscall.getsockname = kernel.function("SyS_getsockname") !,
- kernel.function("sys_getsockname") ? {
+ kernel.function("sys_getsockname") ?
+{
name = "getsockname"
s = $fd
name_uaddr = $usockaddr
@@ -1762,7 +1844,8 @@ probe syscall.getsockname = kernel.function("SyS_getsockname") !,
argstr = sprintf("%d, %p, %p", $fd, $usockaddr, $usockaddr_len)
}
probe syscall.getsockname.return = kernel.function("SyS_getsockname").return !,
- kernel.function("sys_getsockname").return ? {
+ kernel.function("sys_getsockname").return ?
+{
name = "getsockname"
retstr = returnstr(1)
}
@@ -1774,8 +1857,7 @@ probe syscall.getsockname.return = kernel.function("SyS_getsockname").return !,
# char __user *optval,
# int __user *optlen)
#
-probe syscall.getsockopt =
- kernel.function("compat_sys_getsockopt") ?,
+probe syscall.getsockopt = kernel.function("compat_sys_getsockopt") ?,
kernel.function("SyS_getsockopt") !,
kernel.function("sys_getsockopt") ?
{
@@ -1788,10 +1870,9 @@ probe syscall.getsockopt =
optval_uaddr = $optval
optlen_uaddr = $optlen
argstr = sprintf("%d, %s, %s, %p, %p", $fd, _sockopt_level_str($level),
- _sockopt_optname_str($optname), $optval, $optlen)
+ _sockopt_optname_str($optname), $optval, $optlen)
}
-probe syscall.getsockopt.return =
- kernel.function("compat_sys_getsockopt").return ?,
+probe syscall.getsockopt.return = kernel.function("compat_sys_getsockopt").return ?,
kernel.function("SyS_getsockopt").return !,
kernel.function("sys_getsockopt").return ?
{
@@ -1801,11 +1882,13 @@ probe syscall.getsockopt.return =
# gettid _____________________________________________________
# long sys_gettid(void)
-probe syscall.gettid = kernel.function("sys_gettid") {
+probe syscall.gettid = kernel.function("sys_gettid")
+{
name = "gettid"
argstr = ""
}
-probe syscall.gettid.return = kernel.function("sys_gettid").return {
+probe syscall.gettid.return = kernel.function("sys_gettid").return
+{
name = "gettid"
retstr = returnstr(1)
}
@@ -1813,12 +1896,11 @@ probe syscall.gettid.return = kernel.function("sys_gettid").return {
# gettimeofday _______________________________________________
# long sys_gettimeofday(struct timeval __user *tv,
# struct timezone __user *tz)
-# long sys32_gettimeofday(struct compat_timeval __user *tv,
+# long sys32_gettimeofday(struct compat_timeval __user *tv,
# struct timezone __user *tz)
# long compat_sys_gettimeofday(struct compat_timeval __user *tv,
# struct timezone __user *tz)
-probe syscall.gettimeofday =
- kernel.function("compat_sys_gettimeofday") ?,
+probe syscall.gettimeofday = kernel.function("compat_sys_gettimeofday") ?,
kernel.function("sys32_gettimeofday") ?,
kernel.function("SyS_gettimeofday") !,
kernel.function("sys_gettimeofday")
@@ -1829,8 +1911,7 @@ probe syscall.gettimeofday =
argstr = sprintf("%p, %p", $tv, $tz)
}
-probe syscall.gettimeofday.return =
- kernel.function("compat_sys_gettimeofday").return ?,
+probe syscall.gettimeofday.return = kernel.function("compat_sys_gettimeofday").return ?,
kernel.function("sys32_gettimeofday").return ?,
kernel.function("SyS_gettimeofday").return !,
kernel.function("sys_gettimeofday").return
@@ -1844,16 +1925,14 @@ probe syscall.gettimeofday.return =
# long sys_getuid16(void)
# long sys32_getuid16(void)
#
-probe syscall.getuid =
- kernel.function("sys_getuid16") ?,
+probe syscall.getuid = kernel.function("sys_getuid16") ?,
kernel.function("sys32_getuid16") ?,
kernel.function("sys_getuid")
{
name = "getuid"
argstr = ""
}
-probe syscall.getuid.return =
- kernel.function("sys_getuid16").return ?,
+probe syscall.getuid.return = kernel.function("sys_getuid16").return ?,
kernel.function("sys32_getuid16").return ?,
kernel.function("sys_getuid").return
{
@@ -1865,7 +1944,8 @@ probe syscall.getuid.return =
# ssize_t sys_getxattr(char __user *path, char __user *name,
# void __user *value, size_t size)
probe syscall.getxattr = kernel.function("SyS_getxattr") !,
- kernel.function("sys_getxattr") {
+ kernel.function("sys_getxattr")
+{
name = "getxattr"
%( kernel_v >= "2.6.27" %?
path = user_string($pathname)
@@ -1876,17 +1956,18 @@ probe syscall.getxattr = kernel.function("SyS_getxattr") !,
name2 = user_string($name)
value_uaddr = $value
size = $size
- argstr = sprintf("%s, %s, %p, %d",
+ argstr = sprintf("%s, %s, %p, %d",
%( kernel_v >= "2.6.27" %?
- user_string_quoted($pathname),
+ user_string_quoted($pathname),
%:
- user_string_quoted($path),
+ user_string_quoted($path),
%)
user_string_quoted($name),
value_uaddr, size)
}
probe syscall.getxattr.return = kernel.function("SyS_getxattr").return !,
- kernel.function("sys_getxattr").return {
+ kernel.function("sys_getxattr").return
+{
name = "getxattr"
retstr = returnstr(1)
}
@@ -1897,7 +1978,8 @@ probe syscall.getxattr.return = kernel.function("SyS_getxattr").return !,
# const char __user *uargs)
#
probe syscall.init_module = kernel.function("SyS_init_module") !,
- kernel.function("sys_init_module") ? {
+ kernel.function("sys_init_module") ?
+{
name = "init_module"
umod_uaddr = $umod
len = $len
@@ -1905,7 +1987,8 @@ probe syscall.init_module = kernel.function("SyS_init_module") !,
argstr = sprintf("%p, %d, %s", $umod, $len, user_string_quoted($uargs))
}
probe syscall.init_module.return = kernel.function("SyS_init_module").return !,
- kernel.function("sys_init_module").return ? {
+ kernel.function("sys_init_module").return ?
+{
name = "init_module"
retstr = returnstr(1)
}
@@ -1915,7 +1998,8 @@ probe syscall.init_module.return = kernel.function("SyS_init_module").return !,
# long sys_inotify_add_watch(int fd, const char __user *path, u32 mask)
#
probe syscall.inotify_add_watch = kernel.function("SyS_inotify_add_watch") !,
- kernel.function("sys_inotify_add_watch") ? {
+ kernel.function("sys_inotify_add_watch") ?
+{
name = "inotify_add_watch"
fd = $fd
mask = $mask
@@ -1931,7 +2015,8 @@ probe syscall.inotify_add_watch = kernel.function("SyS_inotify_add_watch") !,
}
probe syscall.inotify_add_watch.return = kernel.function("SyS_inotify_add_watch").return !,
- kernel.function("sys_inotify_add_watch").return ? {
+ kernel.function("sys_inotify_add_watch").return ?
+{
name = "inotify_add_watch"
retstr = returnstr(1)
}
@@ -1940,11 +2025,13 @@ probe syscall.inotify_add_watch.return = kernel.function("SyS_inotify_add_watch"
#
# long sys_inotify_init(void)
#
-probe syscall.inotify_init = kernel.function("sys_inotify_init") ? {
+probe syscall.inotify_init = kernel.function("sys_inotify_init") ?
+{
name = "inotify_init"
argstr = ""
}
-probe syscall.inotify_init.return = kernel.function("sys_inotify_init").return ? {
+probe syscall.inotify_init.return = kernel.function("sys_inotify_init").return ?
+{
name = "inotify_init"
retstr = returnstr(1)
}
@@ -1954,14 +2041,16 @@ probe syscall.inotify_init.return = kernel.function("sys_inotify_init").return ?
# long sys_inotify_rm_watch(int fd, u32 wd)
#
probe syscall.inotify_rm_watch = kernel.function("SyS_inotify_rm_watch") !,
- kernel.function("sys_inotify_rm_watch") ? {
+ kernel.function("sys_inotify_rm_watch") ?
+{
name = "inotify_rm_watch"
fd = $fd
wd = $wd
argstr = sprintf("%d, %d", $fd, $wd)
}
probe syscall.inotify_rm_watch.return = kernel.function("SyS_inotify_rm_watch").return !,
- kernel.function("sys_inotify_rm_watch").return ? {
+ kernel.function("sys_inotify_rm_watch").return ?
+{
name = "inotify_rm_watch"
retstr = returnstr(1)
}
@@ -1971,15 +2060,17 @@ probe syscall.inotify_rm_watch.return = kernel.function("SyS_inotify_rm_watch").
# struct iocb __user *iocb,
# struct io_event __user *result)
probe syscall.io_cancel = kernel.function("SyS_io_cancel") !,
- kernel.function("sys_io_cancel") {
+ kernel.function("sys_io_cancel")
+{
name = "io_cancel"
ctx_id = $ctx_id
iocb_uaddr = $iocb
result_uaddr = $result
- argstr = sprintf("%d, %p, %p", ctx_id, iocb_uaddr, result_uaddr)
+ argstr = sprintf("%d, %p, %p", ctx_id, iocb_uaddr, result_uaddr)
}
probe syscall.io_cancel.return = kernel.function("SyS_io_cancel").return !,
- kernel.function("sys_io_cancel").return {
+ kernel.function("sys_io_cancel").return
+{
name = "io_cancel"
retstr = returnstr(1)
}
@@ -1988,8 +2079,7 @@ probe syscall.io_cancel.return = kernel.function("SyS_io_cancel").return !,
# long sys_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg)
# long compat_sys_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg)
#
-probe syscall.ioctl =
- kernel.function("compat_sys_ioctl") ?,
+probe syscall.ioctl = kernel.function("compat_sys_ioctl") ?,
kernel.function("SyS_ioctl") !,
kernel.function("sys_ioctl") ?
{
@@ -1999,8 +2089,7 @@ probe syscall.ioctl =
argp = $arg
argstr = sprintf("%d, %d, %p", $fd, $cmd, $arg)
}
-probe syscall.ioctl.return =
- kernel.function("compat_sys_ioctl").return ?,
+probe syscall.ioctl.return = kernel.function("compat_sys_ioctl").return ?,
kernel.function("SyS_ioctl").return !,
kernel.function("sys_ioctl").return ?
{
@@ -2011,13 +2100,15 @@ probe syscall.ioctl.return =
# io_destroy _________________________________________________
# long sys_io_destroy(aio_context_t ctx)
probe syscall.io_destroy = kernel.function("SyS_io_destroy") !,
- kernel.function("sys_io_destroy") {
+ kernel.function("sys_io_destroy")
+{
name = "io_destroy"
ctx = $ctx
argstr = sprintf("%d", ctx)
}
probe syscall.io_destroy.return = kernel.function("SyS_io_destroy").return !,
- kernel.function("sys_io_destroy").return {
+ kernel.function("sys_io_destroy").return
+{
name = "io_destroy"
retstr = returnstr(1)
}
@@ -2034,8 +2125,7 @@ probe syscall.io_destroy.return = kernel.function("SyS_io_destroy").return !,
# struct io_event __user *events,
# struct compat_timespec __user *timeout)
#
-probe syscall.io_getevents =
- kernel.function("compat_sys_io_getevents") ?,
+probe syscall.io_getevents = kernel.function("compat_sys_io_getevents") ?,
kernel.function("SyS_io_getevents") !,
kernel.function("sys_io_getevents") ?
{
@@ -2045,12 +2135,11 @@ probe syscall.io_getevents =
nr = $nr
events_uaddr = $events
timeout_uaddr = $timeout
- timestr = _struct_timespec_u($timeout,1)
+ timestr = _struct_timespec_u($timeout, 1)
argstr = sprintf("%d, %d, %d, %p, %p, %s", $ctx_id, $min_nr,
$nr, $events, $timeout, timestr)
}
-probe syscall.io_getevents.return =
- kernel.function("compat_sys_io_getevents").return ?,
+probe syscall.io_getevents.return = kernel.function("compat_sys_io_getevents").return ?,
kernel.function("SyS_io_getevents").return !,
kernel.function("sys_io_getevents").return ?
{
@@ -2061,23 +2150,26 @@ probe syscall.io_getevents.return =
# ioperm _____________________________________________________
# long sys_ioperm(unsigned long from, unsigned long num, int turn_on)
#
-probe syscall.ioperm = kernel.function("sys_ioperm") ? {
+probe syscall.ioperm = kernel.function("sys_ioperm") ?
+{
name = "ioperm"
from = $from
num = $num
turn_on = $turn_on
argstr = sprintf("%d, %d, %d", $from, $num, $turn_on)
}
-probe syscall.ioperm.return = kernel.function("sys_ioperm").return ? {
+probe syscall.ioperm.return = kernel.function("sys_ioperm").return ?
+{
name = "ioperm"
retstr = returnstr(1)
}
# io_setup ___________________________________________________
# long sys_io_setup(unsigned nr_events, aio_context_t __user *ctxp)
-#
+#
probe syscall.io_setup = kernel.function("SyS_io_setup") !,
- kernel.function("sys_io_setup") {
+ kernel.function("sys_io_setup")
+{
name = "io_setup"
maxevents = $nr_events
ctxp_uaddr = $ctxp
@@ -2085,20 +2177,23 @@ probe syscall.io_setup = kernel.function("SyS_io_setup") !,
}
probe syscall.io_setup.return = kernel.function("SyS_io_setup").return !,
- kernel.function("sys_io_setup").return {
+ kernel.function("sys_io_setup").return
+{
name = "io_setup"
retstr = returnstr(1)
}
# long compat_sys_io_setup(unsigned nr_reqs, u32 __user *ctx32p)
#
-probe syscall.compat_io_setup = kernel.function("compat_sys_io_setup") ? {
+probe syscall.compat_io_setup = kernel.function("compat_sys_io_setup") ?
+{
name = "io_setup"
maxevents = $nr_reqs
ctxp_uaddr = $ctx32p
argstr = sprintf("%d, %p", $nr_reqs, $ctx32p)
}
-probe syscall.compat_io_setup.return = kernel.function("compat_sys_io_setup").return ? {
+probe syscall.compat_io_setup.return = kernel.function("compat_sys_io_setup").return ?
+{
name = "io_setup"
retstr = returnstr(1)
}
@@ -2107,7 +2202,8 @@ probe syscall.compat_io_setup.return = kernel.function("compat_sys_io_setup").re
# long sys_io_submit(aio_context_t ctx_id, long nr, struct iocb __user * __user *iocbpp)
#
probe syscall.io_submit = kernel.function("SyS_io_submit") !,
- kernel.function("sys_io_submit") {
+ kernel.function("sys_io_submit")
+{
name = "io_submit"
ctx_id = $ctx_id
nr = $nr
@@ -2115,20 +2211,23 @@ probe syscall.io_submit = kernel.function("SyS_io_submit") !,
argstr = sprintf("%d, %d, %p", $ctx_id, $nr, $iocbpp)
}
probe syscall.io_submit.return = kernel.function("SyS_io_submit").return !,
- kernel.function("sys_io_submit").return {
+ kernel.function("sys_io_submit").return
+{
name = "io_submit"
retstr = returnstr(1)
}
# long compat_sys_io_submit(aio_context_t ctx_id, int nr, u32 __user *iocb)
#
-probe syscall.compat_io_submit = kernel.function("compat_sys_io_submit") ? {
+probe syscall.compat_io_submit = kernel.function("compat_sys_io_submit") ?
+{
name = "io_submit"
ctx_id = $ctx_id
nr = $nr
iocbpp_uaddr = $iocb
argstr = sprintf("%d, %d, %p", $ctx_id, $nr, $iocb)
}
-probe syscall.compat_io_submit.return = kernel.function("compat_sys_io_submit").return ? {
+probe syscall.compat_io_submit.return = kernel.function("compat_sys_io_submit").return ?
+{
name = "io_submit"
retstr = returnstr(1)
}
@@ -2137,14 +2236,16 @@ probe syscall.compat_io_submit.return = kernel.function("compat_sys_io_submit").
# long sys_ioprio_get(int which, int who)
#
probe syscall.ioprio_get = kernel.function("SyS_ioprio_get") !,
- kernel.function("sys_ioprio_get") ? {
+ kernel.function("sys_ioprio_get") ?
+{
name = "ioprio_get"
which = $which
who = $who
argstr = sprintf("%d, %d", $which, $who)
}
probe syscall.ioprio_get.return = kernel.function("SyS_ioprio_get").return !,
- kernel.function("sys_ioprio_get").return ? {
+ kernel.function("sys_ioprio_get").return ?
+{
name = "ioprio_get"
retstr = returnstr(1)
}
@@ -2153,7 +2254,8 @@ probe syscall.ioprio_get.return = kernel.function("SyS_ioprio_get").return !,
# long sys_ioprio_set(int which, int who, int ioprio)
#
probe syscall.ioprio_set = kernel.function("SyS_ioprio_set") !,
- kernel.function("sys_ioprio_set") ? {
+ kernel.function("sys_ioprio_set") ?
+{
name = "ioprio_set"
which = $which
who = $who
@@ -2161,7 +2263,8 @@ probe syscall.ioprio_set = kernel.function("SyS_ioprio_set") !,
argstr = sprintf("%d, %d, %d", $which, $who, $ioprio)
}
probe syscall.ioprio_set.return = kernel.function("SyS_ioprio_set").return !,
- kernel.function("sys_ioprio_set").return ? {
+ kernel.function("sys_ioprio_set").return ?
+{
name = "ioprio_set"
retstr = returnstr(1)
}
@@ -2176,8 +2279,7 @@ probe syscall.ioprio_set.return = kernel.function("SyS_ioprio_set").return !,
# struct compat_kexec_segment __user *segments,
# unsigned long flags)
#
-probe syscall.kexec_load =
- kernel.function("compat_sys_kexec_load") ?,
+probe syscall.kexec_load = kernel.function("compat_sys_kexec_load") ?,
kernel.function("SyS_kexec_load") !,
kernel.function("sys_kexec_load") ?
{
@@ -2188,13 +2290,12 @@ probe syscall.kexec_load =
flags = $flags
argstr = sprintf("%p, %d, %p, %d", $entry, $nr_segments, $segments, $flags)
}
-probe syscall.kexec_load.return =
- kernel.function("compat_sys_kexec_load").return ?,
+probe syscall.kexec_load.return = kernel.function("compat_sys_kexec_load").return ?,
kernel.function("SyS_kexec_load").return !,
kernel.function("sys_kexec_load").return ?
{
name = "kexec_load"
- retstr = returnstr(1)
+ retstr = returnstr(1)
}
# keyctl _____________________________________________________
@@ -2205,8 +2306,7 @@ probe syscall.kexec_load.return =
# unsigned long arg5)
# long compat_sys_keyctl(u32 option, u32 arg2, u32 arg3, u32 arg4, u32 arg5)
#
-probe syscall.keyctl =
- kernel.function("compat_sys_keyctl") ?,
+probe syscall.keyctl = kernel.function("compat_sys_keyctl") ?,
kernel.function("SyS_keyctl") !,
kernel.function("sys_keyctl") ?
{
@@ -2214,8 +2314,7 @@ probe syscall.keyctl =
argstr = sprintf("%d, ...", $option)
}
-probe syscall.keyctl.return =
- kernel.function("compat_sys_keyctl").return ?,
+probe syscall.keyctl.return = kernel.function("compat_sys_keyctl").return ?,
kernel.function("SyS_keyctl").return !,
kernel.function("sys_keyctl").return ?
{
@@ -2226,14 +2325,16 @@ probe syscall.keyctl.return =
# kill _______________________________________________________
# long sys_kill(int pid, int sig)
probe syscall.kill = kernel.function("SyS_kill") !,
- kernel.function("sys_kill") {
+ kernel.function("sys_kill")
+{
name = "kill"
pid = $pid
sig = $sig
argstr = sprintf("%d, %s", $pid, _signal_name($sig))
}
probe syscall.kill.return = kernel.function("SyS_kill").return !,
- kernel.function("sys_kill").return {
+ kernel.function("sys_kill").return
+{
name = "kill"
retstr = returnstr(1)
}
@@ -2242,31 +2343,35 @@ probe syscall.kill.return = kernel.function("SyS_kill").return !,
# long sys_lchown(const char __user * filename, uid_t user, gid_t group)
#
probe syscall.lchown = kernel.function("SyS_lchown") !,
- kernel.function("sys_lchown") {
+ kernel.function("sys_lchown")
+{
name = "lchown"
path = user_string($filename)
owner = __int32($user)
group = __int32($group)
- argstr = sprintf("%s, %d, %d",user_string_quoted($filename), owner, group)
-}
+ argstr = sprintf("%s, %d, %d", user_string_quoted($filename), owner, group)
+}
probe syscall.lchown.return = kernel.function("SyS_lchown").return !,
- kernel.function("sys_lchown").return {
+ kernel.function("sys_lchown").return
+{
name = "lchown"
retstr = returnstr(1)
}
# lchown16 ___________________________________________________
-# long sys_lchown16(const char __user * filename, old_uid_t user,
+# long sys_lchown16(const char __user * filename, old_uid_t user,
# old_gid_t group)
#
-probe syscall.lchown16 = kernel.function("sys_lchown16") ? {
+probe syscall.lchown16 = kernel.function("sys_lchown16") ?
+{
name = "lchown16"
path = user_string($filename)
owner = __short($user)
group = __short($group)
argstr = sprintf("%s, %d, %d", user_string_quoted($filename), owner, group)
}
-probe syscall.lchown16.return = kernel.function("sys_lchown16").return ? {
+probe syscall.lchown16.return = kernel.function("sys_lchown16").return ?
+{
name = "lchown16"
retstr = returnstr(1)
}
@@ -2278,7 +2383,8 @@ probe syscall.lchown16.return = kernel.function("sys_lchown16").return ? {
# size_t size)
#
probe syscall.lgetxattr = kernel.function("SyS_lgetxattr") !,
- kernel.function("sys_lgetxattr") {
+ kernel.function("sys_lgetxattr")
+{
name = "lgetxattr"
%( kernel_v >= "2.6.27" %?
path = user_string($pathname)
@@ -2289,17 +2395,18 @@ probe syscall.lgetxattr = kernel.function("SyS_lgetxattr") !,
name2 = user_string($name)
value_uaddr = $value
size = $size
- argstr = sprintf("%s, %s, %p, %d",
+ argstr = sprintf("%s, %s, %p, %d",
%( kernel_v >= "2.6.27" %?
- user_string_quoted($pathname),
+ user_string_quoted($pathname),
%:
- user_string_quoted($path),
+ user_string_quoted($path),
%)
user_string_quoted($name),
value_uaddr, size)
}
probe syscall.lgetxattr.return = kernel.function("SyS_lgetxattr").return !,
- kernel.function("sys_lgetxattr").return {
+ kernel.function("sys_lgetxattr").return
+{
name = "lgetxattr"
retstr = returnstr(1)
}
@@ -2308,18 +2415,20 @@ probe syscall.lgetxattr.return = kernel.function("SyS_lgetxattr").return !,
# long sys_link(const char __user * oldname,
# const char __user * newname)
probe syscall.link = kernel.function("SyS_link") !,
- kernel.function("sys_link") {
+ kernel.function("sys_link")
+{
name = "link"
oldpath = user_string($oldname)
newpath = user_string($newname)
- argstr = sprintf("%s, %s",
- user_string_quoted($oldname),
+ argstr = sprintf("%s, %s",
+ user_string_quoted($oldname),
user_string_quoted($newname))
}
probe syscall.link.return = kernel.function("SyS_link").return !,
- kernel.function("sys_link").return {
+ kernel.function("sys_link").return
+{
name = "link"
- retstr = returnstr(1)
+ retstr = returnstr(1)
}
# linkat _____________________________________________________
@@ -2327,7 +2436,8 @@ probe syscall.link.return = kernel.function("SyS_link").return !,
# long sys_linkat(int olddfd, const char __user *oldname,
# int newdfd, const char __user *newname, int flags)
probe syscall.linkat = kernel.function("SyS_linkat") !,
- kernel.function("sys_linkat") ? {
+ kernel.function("sys_linkat") ?
+{
name = "linkat"
olddirfd = $olddfd
olddirfd_str = _dfd_str($olddfd)
@@ -2343,7 +2453,8 @@ probe syscall.linkat = kernel.function("SyS_linkat") !,
flags_str)
}
probe syscall.linkat.return = kernel.function("SyS_linkat").return !,
- kernel.function("sys_linkat").return ? {
+ kernel.function("sys_linkat").return ?
+{
name = "linkat"
retstr = returnstr(1)
}
@@ -2351,14 +2462,16 @@ probe syscall.linkat.return = kernel.function("SyS_linkat").return !,
# listen _____________________________________________________
# long sys_listen(int fd, int backlog)
probe syscall.listen = kernel.function("SyS_listen") !,
- kernel.function("sys_listen") ? {
+ kernel.function("sys_listen") ?
+{
name = "listen"
sockfd = $fd
- backlog = $backlog
- argstr = sprintf("%d, %d", $fd, $backlog)
-}
+ backlog = $backlog
+ argstr = sprintf("%d, %d", $fd, $backlog)
+}
probe syscall.listen.return = kernel.function("SyS_listen").return !,
- kernel.function("sys_listen").return ? {
+ kernel.function("sys_listen").return ?
+{
name = "listen"
retstr = returnstr(1)
}
@@ -2367,7 +2480,8 @@ probe syscall.listen.return = kernel.function("SyS_listen").return !,
# ssize_t sys_listxattr(char __user *path, char __user *list, size_t size)
#
probe syscall.listxattr = kernel.function("SyS_listxattr") !,
- kernel.function("sys_listxattr") {
+ kernel.function("sys_listxattr")
+{
name = "listxattr"
list_uaddr = $list
size = $size
@@ -2382,7 +2496,8 @@ probe syscall.listxattr = kernel.function("SyS_listxattr") !,
%)
}
probe syscall.listxattr.return = kernel.function("SyS_listxattr").return !,
- kernel.function("sys_listxattr").return {
+ kernel.function("sys_listxattr").return
+{
name = "listxattr"
retstr = returnstr(1)
}
@@ -2391,7 +2506,8 @@ probe syscall.listxattr.return = kernel.function("SyS_listxattr").return !,
# ssize_t sys_llistxattr(char __user *path, char __user *list, size_t size)
#
probe syscall.llistxattr = kernel.function("SyS_llistxattr") !,
- kernel.function("sys_llistxattr") {
+ kernel.function("sys_llistxattr")
+{
name = "llistxattr"
list_uaddr = $list
size = $size
@@ -2406,7 +2522,8 @@ probe syscall.llistxattr = kernel.function("SyS_llistxattr") !,
%)
}
probe syscall.llistxattr.return = kernel.function("SyS_llistxattr").return !,
- kernel.function("sys_llistxattr").return {
+ kernel.function("sys_llistxattr").return
+{
name = "llistxattr"
retstr = returnstr(1)
}
@@ -2418,7 +2535,8 @@ probe syscall.llistxattr.return = kernel.function("SyS_llistxattr").return !,
# loff_t __user * result,
# unsigned int origin)
probe syscall.llseek = kernel.function("SyS_llseek") !,
- kernel.function("sys_llseek") ? {
+ kernel.function("sys_llseek") ?
+{
name = "llseek"
fd = $fd
offset_high = $offset_high
@@ -2430,7 +2548,8 @@ probe syscall.llseek = kernel.function("SyS_llseek") !,
$offset_low, $result, whence_str)
}
probe syscall.llseek.return = kernel.function("SyS_llseek").return !,
- kernel.function("sys_llseek").return ? {
+ kernel.function("sys_llseek").return ?
+{
name = "llseek"
retstr = returnstr(1)
}
@@ -2439,7 +2558,8 @@ probe syscall.llseek.return = kernel.function("SyS_llseek").return !,
# long sys_lookup_dcookie(u64 cookie64, char __user * buf, size_t len)
#
probe syscall.lookup_dcookie = kernel.function("SyS_lookup_dcookie") !,
- kernel.function("sys_lookup_dcookie") ? {
+ kernel.function("sys_lookup_dcookie") ?
+{
name = "lookup_dcookie"
cookie = $cookie64
buffer_uaddr = $buf
@@ -2447,7 +2567,8 @@ probe syscall.lookup_dcookie = kernel.function("SyS_lookup_dcookie") !,
argstr = sprintf("%d, %p, %d", $cookie64, $buf, $len)
}
probe syscall.lookup_dcookie.return = kernel.function("SyS_lookup_dcookie").return !,
- kernel.function("sys_lookup_dcookie").return ? {
+ kernel.function("sys_lookup_dcookie").return ?
+{
name = "lookup_dcookie"
retstr = returnstr(1)
}
@@ -2456,22 +2577,24 @@ probe syscall.lookup_dcookie.return = kernel.function("SyS_lookup_dcookie").retu
# long sys_lremovexattr(char __user *path, char __user *name)
#
probe syscall.lremovexattr = kernel.function("SyS_lremovexattr") !,
- kernel.function("sys_lremovexattr") {
+ kernel.function("sys_lremovexattr")
+{
name = "lremovexattr"
name_uaddr = $name
name2 = user_string($name)
%( kernel_v >= "2.6.27" %?
path_uaddr = $pathname
path = user_string($pathname)
- argstr = sprintf("%s, %s", user_string_quoted($pathname), user_string_quoted($name))
+ argstr = sprintf("%s, %s", user_string_quoted($pathname), user_string_quoted($name))
%:
path_uaddr = $path
path = user_string($path)
- argstr = sprintf("%s, %s", user_string_quoted($path), user_string_quoted($name))
+ argstr = sprintf("%s, %s", user_string_quoted($path), user_string_quoted($name))
%)
}
probe syscall.lremovexattr.return = kernel.function("SyS_lremovexattr").return !,
- kernel.function("sys_lremovexattr").return {
+ kernel.function("sys_lremovexattr").return
+{
name = "lremovexattr"
retstr = returnstr(1)
}
@@ -2479,7 +2602,8 @@ probe syscall.lremovexattr.return = kernel.function("SyS_lremovexattr").return !
# lseek ______________________________________________________
# off_t sys_lseek(unsigned int fd, off_t offset, unsigned int origin)
probe syscall.lseek = kernel.function("SyS_lseek") !,
- kernel.function("sys_lseek") {
+ kernel.function("sys_lseek")
+{
name = "lseek"
fildes = $fd
# offset = __int32($offset)
@@ -2489,7 +2613,8 @@ probe syscall.lseek = kernel.function("SyS_lseek") !,
argstr = sprintf("%d, %d, %s", $fd, offset, whence_str)
}
probe syscall.lseek.return = kernel.function("SyS_lseek").return !,
- kernel.function("sys_lseek").return {
+ kernel.function("sys_lseek").return
+{
name = "lseek"
retstr = returnstr(1)
}
@@ -2502,7 +2627,8 @@ probe syscall.lseek.return = kernel.function("SyS_lseek").return !,
# int flags)
#
probe syscall.lsetxattr = kernel.function("SyS_lsetxattr") !,
- kernel.function("sys_lsetxattr") {
+ kernel.function("sys_lsetxattr")
+{
name = "lsetxattr"
%( kernel_v >= "2.6.27" %?
path_uaddr = $pathname
@@ -2516,17 +2642,18 @@ probe syscall.lsetxattr = kernel.function("SyS_lsetxattr") !,
value_uaddr = $value
size = $size
flags = $flags
- argstr = sprintf("%s, %s, %p, %d, %d",
+ argstr = sprintf("%s, %s, %p, %d, %d",
%( kernel_v >= "2.6.27" %?
- user_string_quoted($pathname),
+ user_string_quoted($pathname),
%:
- user_string_quoted($path),
+ user_string_quoted($path),
%)
user_string_quoted($name),
value_uaddr, $size, $flags)
}
probe syscall.lsetxattr.return = kernel.function("SyS_lsetxattr").return !,
- kernel.function("sys_lsetxattr").return {
+ kernel.function("sys_lsetxattr").return
+{
name = "lsetxattr"
retstr = returnstr(1)
}
@@ -2540,8 +2667,7 @@ probe syscall.lsetxattr.return = kernel.function("SyS_lsetxattr").return !,
# long sys_oabi_lstat64(char __user * filename,
# struct oldabi_stat64 __user * statbuf)
#
-probe syscall.lstat =
- kernel.function("sys_lstat") ?,
+probe syscall.lstat = kernel.function("sys_lstat") ?,
kernel.function("SyS_newlstat") ?,
kernel.function("sys_newlstat") ?,
kernel.function("compat_sys_newlstat") ?,
@@ -2553,10 +2679,9 @@ probe syscall.lstat =
name = "lstat"
path = user_string($filename)
buf_uaddr = $statbuf
- argstr = sprintf("%s, %p", user_string_quoted($filename), $statbuf)
+ argstr = sprintf("%s, %p", user_string_quoted($filename), $statbuf)
}
-probe syscall.lstat.return =
- kernel.function("sys_lstat").return ?,
+probe syscall.lstat.return = kernel.function("sys_lstat").return ?,
kernel.function("SyS_newlstat").return ?,
kernel.function("sys_newlstat").return ?,
kernel.function("compat_sys_newlstat").return ?,
@@ -2564,7 +2689,7 @@ probe syscall.lstat.return =
kernel.function("SyS_lstat64").return ?,
kernel.function("sys_lstat64").return ?,
kernel.function("sys_oabi_lstat64").return ?
-{
+{
name = "lstat"
retstr = returnstr(1)
}
@@ -2573,7 +2698,8 @@ probe syscall.lstat.return =
# long sys_madvise(unsigned long start, size_t len_in, int behavior)
#
probe syscall.madvise = kernel.function("SyS_madvise") !,
- kernel.function("sys_madvise") ? {
+ kernel.function("sys_madvise") ?
+{
name = "madvise"
start = $start
length = $len_in
@@ -2582,7 +2708,8 @@ probe syscall.madvise = kernel.function("SyS_madvise") !,
argstr = sprintf("%p, %d, %s", $start, $len_in, _madvice_advice_str($behavior))
}
probe syscall.madvise.return = kernel.function("SyS_madvise").return !,
- kernel.function("sys_madvise").return ? {
+ kernel.function("sys_madvise").return ?
+{
name = "madvise"
retstr = returnstr(1)
}
@@ -2602,8 +2729,7 @@ probe syscall.madvise.return = kernel.function("SyS_madvise").return !,
# compat_ulong_t maxnode,
# compat_ulong_t flags)
#
-probe syscall.mbind =
- kernel.function("compat_sys_mbind") ?,
+probe syscall.mbind = kernel.function("compat_sys_mbind") ?,
kernel.function("SyS_mbind") !,
kernel.function("sys_mbind") ?
{
@@ -2615,10 +2741,9 @@ probe syscall.mbind =
maxnode = $maxnode
flags = $flags
argstr = sprintf("%d, %d, %d, %p, %d, 0x%x", $start, $len, $mode,
- $nmask, $maxnode, $flags)
+ $nmask, $maxnode, $flags)
}
-probe syscall.mbind.return =
- kernel.function("compat_sys_mbind").return ?,
+probe syscall.mbind.return = kernel.function("compat_sys_mbind").return ?,
kernel.function("SyS_mbind").return !,
kernel.function("sys_mbind").return ?
{
@@ -2631,12 +2756,14 @@ probe syscall.mbind.return =
# const unsigned long __user *old_nodes,
# const unsigned long __user *new_nodes)
probe syscall.migrate_pages = kernel.function("SyS_migrate_pages") !,
- kernel.function("sys_migrate_pages") ? {
+ kernel.function("sys_migrate_pages") ?
+{
name = "migrate_pages"
argstr = sprintf("%d, %d, %p, %p", $pid, $maxnode, $old_nodes, $new_nodes)
}
probe syscall.migrate_pages.return = kernel.function("SyS_migrate_pages").return !,
- kernel.function("sys_migrate_pages").return ? {
+ kernel.function("sys_migrate_pages").return ?
+{
name = "migrate_pages"
retstr = returnstr(1)
}
@@ -2645,7 +2772,8 @@ probe syscall.migrate_pages.return = kernel.function("SyS_migrate_pages").return
# long sys_mincore(unsigned long start, size_t len, unsigned char __user * vec)
#
probe syscall.mincore = kernel.function("SyS_mincore") !,
- kernel.function("sys_mincore") ? {
+ kernel.function("sys_mincore") ?
+{
name = "mincore"
start = $start
length = $len
@@ -2653,15 +2781,17 @@ probe syscall.mincore = kernel.function("SyS_mincore") !,
argstr = sprintf("%p, %d, %p", $start, $len, $vec)
}
probe syscall.mincore.return = kernel.function("SyS_mincore").return !,
- kernel.function("sys_mincore").return ? {
+ kernel.function("sys_mincore").return ?
+{
name = "mincore"
- retstr = returnstr(1)
+ retstr = returnstr(1)
}
# mkdir ______________________________________________________
# long sys_mkdir(const char __user * pathname, int mode)
probe syscall.mkdir = kernel.function("SyS_mkdir") !,
- kernel.function("sys_mkdir") {
+ kernel.function("sys_mkdir")
+{
name = "mkdir"
pathname_uaddr = $pathname
pathname = user_string($pathname)
@@ -2669,16 +2799,18 @@ probe syscall.mkdir = kernel.function("SyS_mkdir") !,
argstr = sprintf("%s, %#o", user_string_quoted($pathname), $mode)
}
probe syscall.mkdir.return = kernel.function("SyS_mkdir").return !,
- kernel.function("sys_mkdir").return {
+ kernel.function("sys_mkdir").return
+{
name = "mkdir"
- retstr = returnstr(1)
+ retstr = returnstr(1)
}
# mkdirat ____________________________________________________
# new function with 2.6.16
# long sys_mkdirat(int dfd, const char __user *pathname, int mode)
probe syscall.mkdirat = kernel.function("SyS_mkdirat") !,
- kernel.function("sys_mkdirat") ? {
+ kernel.function("sys_mkdirat") ?
+{
name = "mkdirat"
dirfd = $dfd
pathname = user_string($pathname)
@@ -2686,7 +2818,8 @@ probe syscall.mkdirat = kernel.function("SyS_mkdirat") !,
argstr = sprintf("%s, %s, %#o", _dfd_str($dfd), user_string_quoted($pathname), $mode)
}
probe syscall.mkdirat.return = kernel.function("SyS_mkdirat").return !,
- kernel.function("sys_mkdirat").return ? {
+ kernel.function("sys_mkdirat").return ?
+{
name = "mkdirat"
retstr = returnstr(1)
}
@@ -2694,16 +2827,18 @@ probe syscall.mkdirat.return = kernel.function("SyS_mkdirat").return !,
# mknod
# long sys_mknod(const char __user * filename, int mode, unsigned dev)
probe syscall.mknod = kernel.function("SyS_mknod") !,
- kernel.function("sys_mknod") {
+ kernel.function("sys_mknod")
+{
name = "mknod"
- pathname = user_string($filename)
+ pathname = user_string($filename)
mode = $mode
dev = $dev
argstr = sprintf("%s, %s, %p", user_string_quoted($filename), _mknod_mode_str($mode), dev)
}
probe syscall.mknod.return = kernel.function("SyS_mknod").return !,
- kernel.function("sys_mknod").return {
+ kernel.function("sys_mknod").return
+{
name = "mknod"
retstr = returnstr(1)
}
@@ -2713,7 +2848,8 @@ probe syscall.mknod.return = kernel.function("SyS_mknod").return !,
# long sys_mknodat(int dfd, const char __user *filename,
# int mode, unsigned dev)
probe syscall.mknodat = kernel.function("SyS_mknodat") !,
- kernel.function("sys_mknodat") ? {
+ kernel.function("sys_mknodat") ?
+{
name = "mknodat"
dirfd = $dfd
dirfd_str = _dfd_str($dfd)
@@ -2725,7 +2861,8 @@ probe syscall.mknodat = kernel.function("SyS_mknodat") !,
dirfd_str, user_string_quoted($filename), mode_str, $dev)
}
probe syscall.mknodat.return = kernel.function("SyS_mknodat").return !,
- kernel.function("sys_mknodat").return ? {
+ kernel.function("sys_mknodat").return ?
+{
name = "mknodat"
retstr = returnstr(1)
}
@@ -2735,14 +2872,16 @@ probe syscall.mknodat.return = kernel.function("SyS_mknodat").return !,
# long sys_mlock(unsigned long start, size_t len)
#
probe syscall.mlock = kernel.function("SyS_mlock") !,
- kernel.function("sys_mlock") ? {
+ kernel.function("sys_mlock") ?
+{
name = "mlock"
addr = $start
len = $len
argstr = sprintf("%p, %d", $start, $len)
}
probe syscall.mlock.return = kernel.function("SyS_mlock").return !,
- kernel.function("sys_mlock").return ? {
+ kernel.function("sys_mlock").return ?
+{
name = "mlock"
retstr = returnstr(1)
}
@@ -2751,13 +2890,15 @@ probe syscall.mlock.return = kernel.function("SyS_mlock").return !,
# long sys_mlockall(int flags)
#
probe syscall.mlockall = kernel.function("SyS_mlockall") !,
- kernel.function("sys_mlockall") ? {
+ kernel.function("sys_mlockall") ?
+{
name = "mlockall"
flags = $flags
argstr = _mlockall_flags_str($flags)
}
probe syscall.mlockall.return = kernel.function("SyS_mlockall").return !,
- kernel.function("sys_mlockall").return ? {
+ kernel.function("sys_mlockall").return ?
+{
name = "mlockall"
retstr = returnstr(1)
}
@@ -2765,14 +2906,16 @@ probe syscall.mlockall.return = kernel.function("SyS_mlockall").return !,
# modify_ldt _________________________________________________
# int sys_modify_ldt(int func, void __user *ptr, unsigned long bytecount)
#
-probe syscall.modify_ldt = kernel.function("sys_modify_ldt") ? {
+probe syscall.modify_ldt = kernel.function("sys_modify_ldt") ?
+{
name = "modify_ldt"
func = $func
ptr_uaddr = $ptr
bytecount = $bytecount
argstr = sprintf("%d, %p, %d", $func, $ptr, $bytecount)
}
-probe syscall.modify_ldt.return = kernel.function("sys_modify_ldt").return ? {
+probe syscall.modify_ldt.return = kernel.function("sys_modify_ldt").return ?
+{
name = "modify_ldt"
retstr = returnstr(1)
}
@@ -2790,16 +2933,14 @@ probe syscall.modify_ldt.return = kernel.function("sys_modify_ldt").return ? {
# int __user *status,
# int flags)
#
-probe syscall.move_pages =
- kernel.function("compat_sys_move_pages") ?,
+probe syscall.move_pages = kernel.function("compat_sys_move_pages") ?,
kernel.function("SyS_move_pages") !,
kernel.function("sys_move_pages") ?
{
name = "move_pages"
argstr = sprintf("%d, %d, %p, %p, 0x%x", $pid, $nr_pages, $nodes, $status, $flags)
}
-probe syscall.move_pages.return =
- kernel.function("compat_sys_move_pages").return ?,
+probe syscall.move_pages.return = kernel.function("compat_sys_move_pages").return ?,
kernel.function("SyS_move_pages").return !,
kernel.function("sys_move_pages").return ?
{
@@ -2813,13 +2954,12 @@ probe syscall.move_pages.return =
# char __user * type,
# unsigned long flags,
# void __user * data)
-# long compat_sys_mount(char __user * dev_name,
+# long compat_sys_mount(char __user * dev_name,
# char __user * dir_name,
-# char __user * type,
-# unsigned long flags,
+# char __user * type,
+# unsigned long flags,
# void __user * data)
-probe syscall.mount =
- kernel.function("compat_sys_mount") ?,
+probe syscall.mount = kernel.function("compat_sys_mount") ?,
kernel.function("SyS_mount") !,
kernel.function("sys_mount")
{
@@ -2829,15 +2969,14 @@ probe syscall.mount =
filesystemtype = user_string($type)
mountflags = $flags
mountflags_str = _mountflags_str($flags)
- data = text_strn(user_string($data),syscall_string_trunc,1)
- argstr = sprintf("%s, %s, %s, %s, %s",
- user_string_quoted($dev_name),
- user_string_quoted($dir_name),
- user_string_quoted($type),
+ data = text_strn(user_string($data), syscall_string_trunc, 1)
+ argstr = sprintf("%s, %s, %s, %s, %s",
+ user_string_quoted($dev_name),
+ user_string_quoted($dir_name),
+ user_string_quoted($type),
mountflags_str, data)
}
-probe syscall.mount.return =
- kernel.function("compat_sys_mount").return ?,
+probe syscall.mount.return = kernel.function("compat_sys_mount").return ?,
kernel.function("SyS_mount").return !,
kernel.function("sys_mount").return
{
@@ -2849,7 +2988,8 @@ probe syscall.mount.return =
# long sys_mprotect(unsigned long start, size_t len, unsigned long prot)
#
probe syscall.mprotect = kernel.function("SyS_mprotect") !,
- kernel.function("sys_mprotect") ? {
+ kernel.function("sys_mprotect") ?
+{
name = "mprotect"
addr = $start
len = $len
@@ -2858,7 +2998,8 @@ probe syscall.mprotect = kernel.function("SyS_mprotect") !,
argstr = sprintf("%p, %d, %s", $start, $len, _mprotect_prot_str($prot))
}
probe syscall.mprotect.return = kernel.function("SyS_mprotect").return !,
- kernel.function("sys_mprotect").return ? {
+ kernel.function("sys_mprotect").return ?
+{
name = "mprotect"
retstr = returnstr(1)
}
@@ -2871,8 +3012,7 @@ probe syscall.mprotect.return = kernel.function("SyS_mprotect").return !,
# const struct compat_mq_attr __user *u_mqstat,
# struct compat_mq_attr __user *u_omqstat)
#
-probe syscall.mq_getsetattr =
- kernel.function("compat_sys_mq_getsetattr") ?,
+probe syscall.mq_getsetattr = kernel.function("compat_sys_mq_getsetattr") ?,
kernel.function("SyS_mq_getsetattr") !,
kernel.function("sys_mq_getsetattr") ?
{
@@ -2882,8 +3022,7 @@ probe syscall.mq_getsetattr =
u_omqstat_uaddr = $u_omqstat
argstr = sprintf("%d, %p, %p", $mqdes, $u_mqstat, $u_omqstat)
}
-probe syscall.mq_getsetattr.return =
- kernel.function("compat_sys_mq_getsetattr").return ?,
+probe syscall.mq_getsetattr.return = kernel.function("compat_sys_mq_getsetattr").return ?,
kernel.function("SyS_mq_getsetattr").return !,
kernel.function("sys_mq_getsetattr").return ?
{
@@ -2895,8 +3034,7 @@ probe syscall.mq_getsetattr.return =
# long sys_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification)
# long compat_sys_mq_notify(mqd_t mqdes, const struct compat_sigevent __user *u_notification)
#
-probe syscall.mq_notify =
- kernel.function("compat_sys_mq_notify") ?,
+probe syscall.mq_notify = kernel.function("compat_sys_mq_notify") ?,
kernel.function("SyS_mq_notify") !,
kernel.function("sys_mq_notify") ?
{
@@ -2905,8 +3043,7 @@ probe syscall.mq_notify =
notification_uaddr = $u_notification
argstr = sprintf("%d, %p", $mqdes, $u_notification)
}
-probe syscall.mq_notify.return =
- kernel.function("compat_sys_mq_notify").return ?,
+probe syscall.mq_notify.return = kernel.function("compat_sys_mq_notify").return ?,
kernel.function("SyS_mq_notify").return !,
kernel.function("sys_mq_notify").return ?
{
@@ -2923,8 +3060,7 @@ probe syscall.mq_notify.return =
# int oflag, compat_mode_t mode,
# struct compat_mq_attr __user *u_attr)
#
-probe syscall.mq_open =
- kernel.function("compat_sys_mq_open") ?,
+probe syscall.mq_open = kernel.function("compat_sys_mq_open") ?,
kernel.function("SyS_mq_open") !,
kernel.function("sys_mq_open") ?
{
@@ -2935,13 +3071,12 @@ probe syscall.mq_open =
u_attr_uaddr = $u_attr
oflag = $oflag
if (oflag & 64)
- argstr = sprintf("%s, %s, %#o, %p", user_string_quoted($u_name),
+ argstr = sprintf("%s, %s, %#o, %p", user_string_quoted($u_name),
_sys_open_flag_str($oflag), $mode, $u_attr)
else
argstr = sprintf("%s, %s", user_string_quoted($u_name), _sys_open_flag_str($oflag))
}
-probe syscall.mq_open.return =
- kernel.function("compat_sys_mq_open").return ?,
+probe syscall.mq_open.return = kernel.function("compat_sys_mq_open").return ?,
kernel.function("SyS_mq_open").return !,
kernel.function("sys_mq_open").return ?
{
@@ -2960,8 +3095,7 @@ probe syscall.mq_open.return =
# size_t msg_len, unsigned int __user *u_msg_prio,
# const struct compat_timespec __user *u_abs_timeout)
#
-probe syscall.mq_timedreceive =
- kernel.function("compat_sys_mq_timedreceive") ?,
+probe syscall.mq_timedreceive = kernel.function("compat_sys_mq_timedreceive") ?,
kernel.function("SyS_mq_timedreceive") !,
kernel.function("sys_mq_timedreceive") ?
{
@@ -2972,10 +3106,9 @@ probe syscall.mq_timedreceive =
msg_prio_uaddr = $u_msg_prio
abs_timeout_uaddr = $u_abs_timeout
argstr = sprintf("%d, %p, %d, %p, %p", $mqdes, $u_msg_ptr, $msg_len,
- $u_msg_prio, $u_abs_timeout)
+ $u_msg_prio, $u_abs_timeout)
}
-probe syscall.mq_timedreceive.return =
- kernel.function("compat_sys_mq_timedreceive").return ?,
+probe syscall.mq_timedreceive.return = kernel.function("compat_sys_mq_timedreceive").return ?,
kernel.function("SyS_mq_timedreceive").return !,
kernel.function("sys_mq_timedreceive").return ?
{
@@ -2994,8 +3127,7 @@ probe syscall.mq_timedreceive.return =
# size_t msg_len, unsigned int msg_prio,
# const struct compat_timespec __user *u_abs_timeout)
#
-probe syscall.mq_timedsend =
- kernel.function("compat_sys_mq_timedsend") ?,
+probe syscall.mq_timedsend = kernel.function("compat_sys_mq_timedsend") ?,
kernel.function("SyS_mq_timedsend") !,
kernel.function("sys_mq_timedsend") ?
{
@@ -3006,10 +3138,9 @@ probe syscall.mq_timedsend =
msg_prio = $msg_prio
abs_timeout_uaddr = $u_abs_timeout
argstr = sprintf("%d, %p, %d, %d, %p", $mqdes, $u_msg_ptr, $msg_len,
- $msg_prio, $u_abs_timeout)
+ $msg_prio, $u_abs_timeout)
}
-probe syscall.mq_timedsend.return =
- kernel.function("compat_sys_mq_timedsend").return ?,
+probe syscall.mq_timedsend.return = kernel.function("compat_sys_mq_timedsend").return ?,
kernel.function("SyS_mq_timedsend").return !,
kernel.function("sys_mq_timedsend").return ?
{
@@ -3021,14 +3152,16 @@ probe syscall.mq_timedsend.return =
# long sys_mq_unlink(const char __user *u_name)
#
probe syscall.mq_unlink = kernel.function("SyS_mq_unlink") !,
- kernel.function("sys_mq_unlink") ? {
+ kernel.function("sys_mq_unlink") ?
+{
name = "mq_unlink"
u_name_uaddr = $u_name
u_name = user_string($u_name)
argstr = user_string_quoted($u_name)
}
probe syscall.mq_unlink.return = kernel.function("SyS_mq_unlink").return !,
- kernel.function("sys_mq_unlink").return ? {
+ kernel.function("sys_mq_unlink").return ?
+{
name = "mq_unlink"
retstr = returnstr(1)
}
@@ -3040,8 +3173,7 @@ probe syscall.mq_unlink.return = kernel.function("SyS_mq_unlink").return !,
# unsigned long flags,
# unsigned long new_addr)
#
-probe syscall.mremap =
- kernel.function("ia64_mremap") ?,
+probe syscall.mremap = kernel.function("ia64_mremap") ?,
kernel.function("SyS_mremap") !,
kernel.function("sys_mremap") ?
{
@@ -3054,8 +3186,7 @@ probe syscall.mremap =
argstr = sprintf("%p, %d, %d, %s, %p", $addr, $old_len, $new_len,
_mremap_flags($flags), $new_addr)
}
-probe syscall.mremap.return =
- kernel.function("ia64_mremap").return ?,
+probe syscall.mremap.return = kernel.function("ia64_mremap").return ?,
kernel.function("SyS_mremap").return !,
kernel.function("sys_mremap").return ?
{
@@ -3067,7 +3198,8 @@ probe syscall.mremap.return =
# long sys_msgctl (int msqid, int cmd, struct msqid_ds __user *buf)
#
probe syscall.msgctl = kernel.function("SyS_msgctl") !,
- kernel.function("sys_msgctl") ? {
+ kernel.function("sys_msgctl") ?
+{
name = "msgctl"
msqid = $msqid
cmd = $cmd
@@ -3075,7 +3207,8 @@ probe syscall.msgctl = kernel.function("SyS_msgctl") !,
argstr = sprintf("%d, %d, %p", $msqid, $cmd, $buf)
}
probe syscall.msgctl.return = kernel.function("SyS_msgctl").return !,
- kernel.function("sys_msgctl").return ? {
+ kernel.function("sys_msgctl").return ?
+{
name = "msgctl"
retstr = returnstr(1)
}
@@ -3083,11 +3216,13 @@ probe syscall.msgctl.return = kernel.function("SyS_msgctl").return !,
#
# long compat_sys_msgctl(int first, int second, void __user *uptr)
#
-probe syscall.compat_sys_msgctl = kernel.function("compat_sys_msgctl") ? {
+probe syscall.compat_sys_msgctl = kernel.function("compat_sys_msgctl") ?
+{
name = "compat_sys_msgctl"
argstr = sprintf("%d, %d, %p", $first, $second, $uptr)
}
-probe syscall.compat_sys_msgctl.return = kernel.function("compat_sys_msgctl").return ? {
+probe syscall.compat_sys_msgctl.return = kernel.function("compat_sys_msgctl").return ?
+{
name = "compat_sys_msgctl"
retstr = returnstr(1)
}
@@ -3096,7 +3231,8 @@ probe syscall.compat_sys_msgctl.return = kernel.function("compat_sys_msgctl").re
# long sys_msgget (key_t key, int msgflg)
#
probe syscall.msgget = kernel.function("SyS_msgget") !,
- kernel.function("sys_msgget") ? {
+ kernel.function("sys_msgget") ?
+{
name = "msgget"
key = $key
msgflg = $msgflg
@@ -3104,7 +3240,8 @@ probe syscall.msgget = kernel.function("SyS_msgget") !,
argstr = sprintf("%d, %s", $key, _sys_open_flag_str($msgflg))
}
probe syscall.msgget.return = kernel.function("SyS_msgget").return !,
- kernel.function("sys_msgget").return ? {
+ kernel.function("sys_msgget").return ?
+{
name = "msgget"
retstr = returnstr(1)
}
@@ -3117,7 +3254,8 @@ probe syscall.msgget.return = kernel.function("SyS_msgget").return !,
# int msgflg)
#
probe syscall.msgrcv = kernel.function("SyS_msgrcv") !,
- kernel.function("sys_msgrcv") ? {
+ kernel.function("sys_msgrcv") ?
+{
name = "msgrcv"
msqid = $msqid
msgp_uaddr = $msgp
@@ -3127,7 +3265,8 @@ probe syscall.msgrcv = kernel.function("SyS_msgrcv") !,
argstr = sprintf("%d, %p, %d, %d, %d", $msqid, $msgp, $msgsz, $msgtyp, $msgflg)
}
probe syscall.msgrcv.return = kernel.function("SyS_msgrcv").return !,
- kernel.function("sys_msgrcv").return ? {
+ kernel.function("sys_msgrcv").return ?
+{
name = "msgrcv"
retstr = returnstr(1)
}
@@ -3136,11 +3275,13 @@ probe syscall.msgrcv.return = kernel.function("SyS_msgrcv").return !,
# long compat_sys_msgrcv(int first, int second, int msgtyp, int third,
# int version, void __user *uptr)
#
-probe syscall.compat_sys_msgrcv = kernel.function("compat_sys_msgrcv") ? {
+probe syscall.compat_sys_msgrcv = kernel.function("compat_sys_msgrcv") ?
+{
name = "compat_sys_msgrcv"
argstr = sprintf("%d, %d, %d, %p", $first, $second, $third, $uptr)
}
-probe syscall.compat_sys_msgrcv.return = kernel.function("compat_sys_msgrcv").return ? {
+probe syscall.compat_sys_msgrcv.return = kernel.function("compat_sys_msgrcv").return ?
+{
name = "compat_sys_msgrcv"
retstr = returnstr(1)
}
@@ -3152,7 +3293,8 @@ probe syscall.compat_sys_msgrcv.return = kernel.function("compat_sys_msgrcv").re
# int msgflg)
#
probe syscall.msgsnd = kernel.function("SyS_msgsnd") !,
- kernel.function("sys_msgsnd") ? {
+ kernel.function("sys_msgsnd") ?
+{
name = "msgsnd"
msqid = $msqid
msgp_uaddr = $msgp
@@ -3161,7 +3303,8 @@ probe syscall.msgsnd = kernel.function("SyS_msgsnd") !,
argstr = sprintf("%d, %p, %d, %d", $msqid, $msgp, $msgsz, $msgflg)
}
probe syscall.msgsnd.return = kernel.function("SyS_msgsnd").return !,
- kernel.function("sys_msgsnd").return ? {
+ kernel.function("sys_msgsnd").return ?
+{
name = "msgsnd"
retstr = returnstr(1)
}
@@ -3169,11 +3312,13 @@ probe syscall.msgsnd.return = kernel.function("SyS_msgsnd").return !,
#
# long compat_sys_msgsnd(int first, int second, int third, void __user *uptr)
#
-probe syscall.compat_sys_msgsnd = kernel.function("compat_sys_msgsnd") ? {
+probe syscall.compat_sys_msgsnd = kernel.function("compat_sys_msgsnd") ?
+{
name = "compat_sys_msgsnd"
argstr = sprintf("%d, %d, %d, %p", $first, $second, $third, $uptr)
}
-probe syscall.compat_sys_msgsnd.return = kernel.function("compat_sys_msgsnd").return ? {
+probe syscall.compat_sys_msgsnd.return = kernel.function("compat_sys_msgsnd").return ?
+{
name = "compat_sys_msgsnd"
retstr = returnstr(1)
}
@@ -3181,15 +3326,17 @@ probe syscall.compat_sys_msgsnd.return = kernel.function("compat_sys_msgsnd").re
# msync ______________________________________________________
# long sys_msync(unsigned long start, size_t len, int flags)
probe syscall.msync = kernel.function("SyS_msync") !,
- kernel.function("sys_msync") ? {
+ kernel.function("sys_msync") ?
+{
name = "msync"
start = $start
length = $len
flags = $flags
- argstr = sprintf("%p, %d, %s",start, length, _msync_flag_str(flags))
+ argstr = sprintf("%p, %d, %s", start, length, _msync_flag_str(flags))
}
probe syscall.msync.return = kernel.function("SyS_msync").return !,
- kernel.function("sys_msync").return ? {
+ kernel.function("sys_msync").return ?
+{
name = "msync"
retstr = returnstr(1)
}
@@ -3197,25 +3344,29 @@ probe syscall.msync.return = kernel.function("SyS_msync").return !,
# munlock ____________________________________________________
# long sys_munlock(unsigned long start, size_t len)
probe syscall.munlock = kernel.function("SyS_munlock") !,
- kernel.function("sys_munlock") ? {
+ kernel.function("sys_munlock") ?
+{
name = "munlock"
addr = $start
len = $len
argstr = sprintf("%p, %d", addr, len)
}
probe syscall.munlock.return = kernel.function("SyS_munlock").return !,
- kernel.function("sys_munlock").return ? {
+ kernel.function("sys_munlock").return ?
+{
name = "munlock"
retstr = returnstr(1)
}
# munlockall _________________________________________________
# long sys_munlockall(void)
-probe syscall.munlockall = kernel.function("sys_munlockall") ? {
+probe syscall.munlockall = kernel.function("sys_munlockall") ?
+{
name = "munlockall"
argstr = ""
}
-probe syscall.munlockall.return = kernel.function("sys_munlockall").return ? {
+probe syscall.munlockall.return = kernel.function("sys_munlockall").return ?
+{
name = "munlockall"
retstr = returnstr(1)
}
@@ -3223,14 +3374,16 @@ probe syscall.munlockall.return = kernel.function("sys_munlockall").return ? {
# munmap _____________________________________________________
# long sys_munmap(unsigned long addr, size_t len)
probe syscall.munmap = kernel.function("SyS_munmap") !,
- kernel.function("sys_munmap") {
+ kernel.function("sys_munmap")
+{
name = "munmap"
start = $addr
length = $len
argstr = sprintf("%p, %d", start, length)
}
probe syscall.munmap.return = kernel.function("SyS_munmap").return !,
- kernel.function("sys_munmap").return {
+ kernel.function("sys_munmap").return
+{
name = "munmap"
retstr = returnstr(1)
}
diff --git a/tapset/syscalls2.stp b/tapset/syscalls2.stp
index 65bcf9b..ade1496 100644
--- a/tapset/syscalls2.stp
+++ b/tapset/syscalls2.stp
@@ -29,24 +29,28 @@
# struct compat_timespec __user *rmtp)
#
probe syscall.nanosleep = kernel.function("SyS_nanosleep") !,
- kernel.function("sys_nanosleep") {
+ kernel.function("sys_nanosleep")
+{
name = "nanosleep"
req_uaddr = $rqtp
rem_uaddr = $rmtp
- argstr = sprintf("%s, %p", _struct_timespec_u($rqtp,1), $rmtp)
+ argstr = sprintf("%s, %p", _struct_timespec_u($rqtp, 1), $rmtp)
}
probe syscall.nanosleep.return = kernel.function("SyS_nanosleep").return !,
- kernel.function("sys_nanosleep").return {
+ kernel.function("sys_nanosleep").return
+{
name = "nanosleep"
retstr = returnstr(1)
}
-probe syscall.compat_nanosleep = kernel.function("compat_sys_nanosleep") ? {
+probe syscall.compat_nanosleep = kernel.function("compat_sys_nanosleep") ?
+{
name = "nanosleep"
req_uaddr = $rqtp
rem_uaddr = $rmtp
- argstr = sprintf("%s, %p", _struct_compat_timespec_u($rqtp,1), $rmtp)
+ argstr = sprintf("%s, %p", _struct_compat_timespec_u($rqtp, 1), $rmtp)
}
-probe syscall.compat_nanosleep.return = kernel.function("compat_sys_nanosleep").return ? {
+probe syscall.compat_nanosleep.return = kernel.function("compat_sys_nanosleep").return ?
+{
name = "nanosleep"
retstr = returnstr(1)
}
@@ -57,8 +61,7 @@ probe syscall.compat_nanosleep.return = kernel.function("compat_sys_nanosleep").
# long compat_sys_nfsservctl(int cmd, struct compat_nfsctl_arg __user *arg,
# union compat_nfsctl_res __user *res)
#
-probe syscall.nfsservctl =
- kernel.function("sys_nfsservctl") ?,
+probe syscall.nfsservctl = kernel.function("sys_nfsservctl") ?,
kernel.function("compat_sys_nfsservctl") ?
{
name = "nfsservctl"
@@ -67,8 +70,7 @@ probe syscall.nfsservctl =
resp_uaddr = $res
argstr = sprintf("%s, %p, %p", _nfsctl_cmd_str($cmd), $arg, $res)
}
-probe syscall.nfsservctl.return =
- kernel.function("sys_nfsservctl").return ?,
+probe syscall.nfsservctl.return = kernel.function("sys_nfsservctl").return ?,
kernel.function("compat_sys_nfsservctl").return ?
{
name = "nfsservctl"
@@ -79,13 +81,15 @@ probe syscall.nfsservctl.return =
# long sys_nice(int increment)
#
probe syscall.nice = kernel.function("SyS_nice") !,
- kernel.function("sys_nice") ? {
+ kernel.function("sys_nice") ?
+{
name = "nice"
inc = $increment
argstr = sprintf("%d", $increment)
}
probe syscall.nice.return = kernel.function("SyS_nice").return !,
- kernel.function("sys_nice").return ? {
+ kernel.function("sys_nice").return ?
+{
name = "nice"
retstr = returnstr(1)
}
@@ -94,11 +98,13 @@ probe syscall.nice.return = kernel.function("SyS_nice").return !,
#
# long sys_ni_syscall(void)
#
-probe syscall.ni_syscall = kernel.function("sys_ni_syscall") {
+probe syscall.ni_syscall = kernel.function("sys_ni_syscall")
+{
name = "ni_syscall"
argstr = ""
}
-probe syscall.ni_syscall.return = kernel.function("sys_ni_syscall").return {
+probe syscall.ni_syscall.return = kernel.function("sys_ni_syscall").return
+{
name = "ni_syscall"
retstr = returnstr(1)
}
@@ -107,8 +113,7 @@ probe syscall.ni_syscall.return = kernel.function("sys_ni_syscall").return {
# long sys_open(const char __user * filename, int flags, int mode)
# (obsolete) long sys32_open(const char * filename, int flags, int mode)
#
-probe syscall.open =
- kernel.function("compat_sys_open") ?,
+probe syscall.open = kernel.function("compat_sys_open") ?,
kernel.function("sys32_open") ?,
kernel.function("SyS_open") !,
kernel.function("sys_open") ?
@@ -118,14 +123,13 @@ probe syscall.open =
flags = $flags
mode = $mode
if (flags & 64)
- argstr = sprintf("%s, %s, %#o", user_string_quoted($filename),
- _sys_open_flag_str($flags), $mode)
+ argstr = sprintf("%s, %s, %#o", user_string_quoted($filename),
+ _sys_open_flag_str($flags), $mode)
else
- argstr = sprintf("%s, %s", user_string_quoted($filename),
+ argstr = sprintf("%s, %s", user_string_quoted($filename),
_sys_open_flag_str($flags))
}
-probe syscall.open.return =
- kernel.function("compat_sys_open").return ?,
+probe syscall.open.return = kernel.function("compat_sys_open").return ?,
kernel.function("sys32_open").return ?,
kernel.function("SyS_open").return !,
kernel.function("sys_open").return ?
@@ -138,8 +142,7 @@ probe syscall.open.return =
# long sys_openat(int dfd, const char __user *filename, int flags, int mode)
# long compat_sys_openat(unsigned int dfd, const char __user *filename, int flags, int mode)
#
-probe syscall.openat =
- kernel.function("compat_sys_openat") ?,
+probe syscall.openat = kernel.function("compat_sys_openat") ?,
kernel.function("SyS_openat") !,
kernel.function("sys_openat") ?
{
@@ -149,15 +152,14 @@ probe syscall.openat =
mode = $mode
if ($flags & 64)
argstr = sprintf("%s, %s, %s, %#o", _dfd_str($dfd),
- user_string_quoted($filename),
- _sys_open_flag_str($flags), $mode)
+ user_string_quoted($filename),
+ _sys_open_flag_str($flags), $mode)
else
argstr = sprintf("%s, %s, %s", _dfd_str($dfd),
- user_string_quoted($filename),
+ user_string_quoted($filename),
_sys_open_flag_str($flags))
}
-probe syscall.openat.return =
- kernel.function("compat_sys_openat").return ?,
+probe syscall.openat.return = kernel.function("compat_sys_openat").return ?,
kernel.function("SyS_openat").return !,
kernel.function("sys_openat").return ?
{
@@ -170,15 +172,15 @@ probe syscall.openat.return =
# sys_pause(void)
#
probe syscall.pause = kernel.function("sys_pause") ?,
- kernel.function("sys32_pause") ?,
- kernel.function("compat_sys_pause") ?
-{
+ kernel.function("sys32_pause") ?,
+ kernel.function("compat_sys_pause") ?
+{
name = "pause"
argstr = ""
}
-probe syscall.pause.return = kernel.function("sys_pause").return ?,
- kernel.function("sys32_pause").return ?,
- kernel.function("compat_sys_pause").return ?
+probe syscall.pause.return = kernel.function("sys_pause").return ?,
+ kernel.function("sys32_pause").return ?,
+ kernel.function("compat_sys_pause").return ?
{
name = "pause"
retstr = returnstr(1)
@@ -192,14 +194,16 @@ probe syscall.pause.return = kernel.function("sys_pause").return ?,
# unsigned long dfn)
#
#
-#probe syscall.pciconfig_iobase = kernel.function("sys_pciconfig_iobase") {
+#probe syscall.pciconfig_iobase = kernel.function("sys_pciconfig_iobase")
+#{
# name = "pciconfig_iobase"
# which = $which
# bus = $bus
# dfn = $dfn
# argstr = sprintf("%p, %p, %p", which, bus, dfn)
#}
-#probe syscall.pciconfig_iobase.return = kernel.function("sys_pciconfig_iobase").return {
+#probe syscall.pciconfig_iobase.return = kernel.function("sys_pciconfig_iobase").return
+#{
# name = "pciconfig_iobase"
# retstr = returnstr(1)
#}
@@ -214,7 +218,8 @@ probe syscall.pause.return = kernel.function("sys_pause").return ?,
# { return 0; }
#
#
-#probe syscall.pciconfig_read = kernel.function("sys_pciconfig_read") {
+#probe syscall.pciconfig_read = kernel.function("sys_pciconfig_read")
+#{
# name = "pciconfig_read"
# bus = $bus
# dfn = $dfn
@@ -224,8 +229,8 @@ probe syscall.pause.return = kernel.function("sys_pause").return ?,
# argstr = sprintf("%p, %p, %p, %d, %p", bus, dfn, off,
# len, buf_uaddr)
#}
-#probe syscall.pciconfig_read.return =
-# kernel.function("sys_pciconfig_read").return {
+#probe syscall.pciconfig_read.return = kernel.function("sys_pciconfig_read").return
+#{
# name = "pciconfig_read"
# retstr = returnstr(1)
#}
@@ -239,7 +244,8 @@ probe syscall.pause.return = kernel.function("sys_pause").return ?,
# unsigned char *buf)
#
#
-#probe syscall.pciconfig_write = kernel.function("sys_pciconfig_write") {
+#probe syscall.pciconfig_write = kernel.function("sys_pciconfig_write")
+#{
# name = "pciconfig_write"
# bus = $bus
# dfn = $dfn
@@ -249,8 +255,8 @@ probe syscall.pause.return = kernel.function("sys_pause").return ?,
# argstr = sprintf("%p, %p, %p, %d, %p", bus, dfn, off,
# len, buf_uaddr)
#}
-#probe syscall.pciconfig_write.return =
-# kernel.function("sys_pciconfig_write").return {
+#probe syscall.pciconfig_write.return = kernel.function("sys_pciconfig_write").return
+#{
# name = "pciconfig_write"
# retstr = returnstr(1)
#}
@@ -260,13 +266,15 @@ probe syscall.pause.return = kernel.function("sys_pause").return ?,
# sys_personality(u_long personality)
#
probe syscall.personality = kernel.function("SyS_personality") !,
- kernel.function("sys_personality") {
+ kernel.function("sys_personality")
+{
name = "personality"
persona = $personality
argstr = sprintf("%p", persona);
}
probe syscall.personality.return = kernel.function("SyS_personality").return !,
- kernel.function("sys_personality").return {
+ kernel.function("sys_personality").return
+{
name = "personality"
retstr = returnstr(1)
}
@@ -278,13 +286,15 @@ probe syscall.personality.return = kernel.function("SyS_personality").return !,
%(arch == "x86_64" %?
# x86_64 gcc 4.1 problem
probe syscall.pipe = kernel.function("SyS_pipe") !,
- kernel.function("sys_pipe") {
+ kernel.function("sys_pipe")
+{
name = "pipe"
argstr = ""
}
%:
probe syscall.pipe = kernel.function("SyS_pipe") !,
- kernel.function("sys_pipe") {
+ kernel.function("sys_pipe")
+{
name = "pipe"
%( arch == "ia64" %?
# ia64 just returns value directly, no fildes argument
@@ -296,7 +306,8 @@ probe syscall.pipe = kernel.function("SyS_pipe") !,
}
%)
probe syscall.pipe.return = kernel.function("SyS_pipe").return !,
- kernel.function("sys_pipe").return {
+ kernel.function("sys_pipe").return
+{
name = "pipe"
retstr = returnstr(1)
}
@@ -306,15 +317,17 @@ probe syscall.pipe.return = kernel.function("SyS_pipe").return !,
# long sys_pivot_root(const char __user *new_root, const char __user *put_old)
#
probe syscall.pivot_root = kernel.function("SyS_pivot_root") !,
- kernel.function("sys_pivot_root") {
+ kernel.function("sys_pivot_root")
+{
name = "pivot_root"
new_root_str = user_string($new_root)
old_root_str = user_string($put_old)
argstr = sprintf("%s, %s", user_string_quoted($new_root),
- user_string_quoted($put_old))
+ user_string_quoted($put_old))
}
probe syscall.pivot_root.return = kernel.function("SyS_pivot_root").return !,
- kernel.function("sys_pivot_root").return {
+ kernel.function("sys_pivot_root").return
+{
name = "pivot_root"
retstr = returnstr(1)
}
@@ -324,7 +337,8 @@ probe syscall.pivot_root.return = kernel.function("SyS_pivot_root").return !,
# long sys_poll(struct pollfd __user * ufds, unsigned int nfds, long timeout)
#
probe syscall.poll = kernel.function("SyS_poll") !,
- kernel.function("sys_poll") {
+ kernel.function("sys_poll")
+{
name = "poll"
ufds_uaddr = $ufds
nfds = $nfds
@@ -336,7 +350,8 @@ probe syscall.poll = kernel.function("SyS_poll") !,
argstr = sprintf("%p, %d, %d", $ufds, $nfds, timeout)
}
probe syscall.poll.return = kernel.function("SyS_poll").return !,
- kernel.function("sys_poll").return {
+ kernel.function("sys_poll").return
+{
name = "poll"
retstr = returnstr(1)
}
@@ -348,17 +363,19 @@ probe syscall.poll.return = kernel.function("SyS_poll").return !,
# size_t sigsetsize)
#
probe syscall.ppoll = kernel.function("SyS_ppoll") !,
- kernel.function("sys_ppoll") ? {
+ kernel.function("sys_ppoll") ?
+{
name = "ppoll"
- argstr = sprintf("%p, %d, %s, %p, %d",
+ argstr = sprintf("%p, %d, %s, %p, %d",
$ufds,
$nfds,
- _struct_timespec_u($tsp,1),
+ _struct_timespec_u($tsp, 1),
$sigmask,
$sigsetsize)
}
probe syscall.ppoll.return = kernel.function("SyS_ppoll").return !,
- kernel.function("sys_ppoll").return ? {
+ kernel.function("sys_ppoll").return ?
+{
name = "ppoll"
retstr = returnstr(1)
}
@@ -366,16 +383,18 @@ probe syscall.ppoll.return = kernel.function("SyS_ppoll").return !,
# unsigned int nfds, struct compat_timespec __user *tsp,
# const compat_sigset_t __user *sigmask, compat_size_t sigsetsize)
#
-probe syscall.compat_ppoll = kernel.function("compat_sys_ppoll") ? {
+probe syscall.compat_ppoll = kernel.function("compat_sys_ppoll") ?
+{
name = "ppoll"
- argstr = sprintf("%p, %d, %s, %p, %d",
+ argstr = sprintf("%p, %d, %s, %p, %d",
$ufds,
$nfds,
- _struct_compat_timespec_u($tsp,1),
+ _struct_compat_timespec_u($tsp, 1),
$sigmask,
$sigsetsize)
}
-probe syscall.compat_ppoll.return = kernel.function("compat_sys_ppoll").return ? {
+probe syscall.compat_ppoll.return = kernel.function("compat_sys_ppoll").return ?
+{
name = "ppoll"
retstr = returnstr(1)
}
@@ -390,7 +409,8 @@ probe syscall.compat_ppoll.return = kernel.function("compat_sys_ppoll").return ?
# unsigned long arg5)
#
probe syscall.prctl = kernel.function("SyS_prctl") !,
- kernel.function("sys_prctl") {
+ kernel.function("sys_prctl")
+{
name = "prctl"
option = $option
arg2 = $arg2
@@ -398,10 +418,11 @@ probe syscall.prctl = kernel.function("SyS_prctl") !,
arg4 = $arg4
arg5 = $arg5
argstr = sprintf("%p, %p, %p, %p, %p", option, arg2, arg3,
- arg4, arg5)
+ arg4, arg5)
}
probe syscall.prctl.return = kernel.function("SyS_prctl").return !,
- kernel.function("sys_prctl").return {
+ kernel.function("sys_prctl").return
+{
name = "prctl"
retstr = returnstr(1)
}
@@ -413,7 +434,8 @@ probe syscall.prctl.return = kernel.function("SyS_prctl").return !,
# loff_t pos)
#
probe syscall.pread = kernel.function("SyS_pread64") !,
- kernel.function("sys_pread64") {
+ kernel.function("sys_pread64")
+{
name = "pread"
fd = $fd
buf_uaddr = $buf
@@ -422,7 +444,8 @@ probe syscall.pread = kernel.function("SyS_pread64") !,
argstr = sprintf("%d, %p, %d, %d", $fd, $buf, $count, $pos)
}
probe syscall.pread.return = kernel.function("SyS_pread64").return !,
- kernel.function("sys_pread64").return {
+ kernel.function("sys_pread64").return
+{
name = "pread"
retstr = returnstr(1)
}
@@ -433,22 +456,26 @@ probe syscall.pread.return = kernel.function("SyS_pread64").return !,
# fd_set __user *exp, struct timespec __user *tsp, void __user *sig)
#
probe syscall.pselect6 = kernel.function("SyS_pselect6") !,
- kernel.function("sys_pselect6") ? {
+ kernel.function("sys_pselect6") ?
+{
name = "pselect6"
argstr = sprintf("%d, %p, %p, %p, %s, %p", $n, $inp, $outp, $exp,
- _struct_timespec_u($tsp,1), $sig)
+ _struct_timespec_u($tsp, 1), $sig)
}
probe syscall.pselect6.return = kernel.function("SyS_pselect6").return !,
- kernel.function("sys_pselect6").return ? {
+ kernel.function("sys_pselect6").return ?
+{
name = "pselect6"
retstr = returnstr(1)
}
-probe syscall.compat_pselect6 = kernel.function("compat_sys_pselect6") ? {
+probe syscall.compat_pselect6 = kernel.function("compat_sys_pselect6") ?
+{
name = "pselect6"
argstr = sprintf("%d, %p, %p, %p, %s, %p", $n, $inp, $outp, $exp,
- _struct_compat_timespec_u($tsp,1), $sig)
+ _struct_compat_timespec_u($tsp, 1), $sig)
}
-probe syscall.compat_pselect6.return = kernel.function("compat_sys_pselect6").return ? {
+probe syscall.compat_pselect6.return = kernel.function("compat_sys_pselect6").return ?
+{
name = "pselect6"
retstr = returnstr(1)
}
@@ -456,24 +483,28 @@ probe syscall.compat_pselect6.return = kernel.function("compat_sys_pselect6").re
# pselect7 _____________________________________________________
#
# long sys_pselect7(int n, fd_set __user *inp, fd_set __user *outp,
-# fd_set __user *exp, struct timespec __user *tsp,
+# fd_set __user *exp, struct timespec __user *tsp,
# const sigset_t __user *sigmask, size_t sigsetsize)
#
-probe syscall.pselect7 = kernel.function("sys_pselect7") ? {
+probe syscall.pselect7 = kernel.function("sys_pselect7") ?
+{
name = "pselect7"
argstr = sprintf("%d, %p, %p, %p, %s, %p, %d", $n, $inp, $outp, $exp,
- _struct_timespec_u($tsp,1), $sigmask, $sigsetsize)
+ _struct_timespec_u($tsp, 1), $sigmask, $sigsetsize)
}
-probe syscall.pselect7.return = kernel.function("sys_pselect7").return ? {
+probe syscall.pselect7.return = kernel.function("sys_pselect7").return ?
+{
name = "pselect7"
retstr = returnstr(1)
}
-probe syscall.compat_pselect7a = kernel.function("compat_sys_pselect7") ? {
+probe syscall.compat_pselect7a = kernel.function("compat_sys_pselect7") ?
+{
name = "pselect7"
argstr = sprintf("%d, %p, %p, %p, %s, %p, %d", $n, $inp, $outp, $exp,
- _struct_compat_timespec_u($tsp,1), $sigmask, $sigsetsize)
+ _struct_compat_timespec_u($tsp, 1), $sigmask, $sigsetsize)
}
-probe syscall.compat_pselect7.return = kernel.function("compat_sys_pselect7").return ? {
+probe syscall.compat_pselect7.return = kernel.function("compat_sys_pselect7").return ?
+{
name = "pselect7"
retstr = returnstr(1)
}
@@ -486,8 +517,9 @@ probe syscall.compat_pselect7.return = kernel.function("compat_sys_pselect7").re
# long data)
#
probe syscall.ptrace = kernel.function("SyS_ptrace") !,
- kernel.function("sys_ptrace") ? {
- name = "ptrace"
+ kernel.function("sys_ptrace") ?
+{
+ name = "ptrace"
request = $request
pid = $pid
addr = $addr
@@ -495,7 +527,8 @@ probe syscall.ptrace = kernel.function("SyS_ptrace") !,
argstr = sprintf("%d, %d, %p, %p", request, pid, addr, data)
}
probe syscall.ptrace.return = kernel.function("SyS_ptrace").return !,
- kernel.function("sys_ptrace").return ? {
+ kernel.function("sys_ptrace").return ?
+{
name = "ptrace"
retstr = returnstr(1)
}
@@ -508,42 +541,46 @@ probe syscall.ptrace.return = kernel.function("SyS_ptrace").return !,
# loff_t pos)
#
probe syscall.pwrite = kernel.function("SyS_pwrite64") !,
- kernel.function("sys_pwrite64") {
+ kernel.function("sys_pwrite64")
+{
name = "pwrite"
fd = $fd
buf_uaddr = $buf
count = $count
offset = $pos
- argstr = sprintf("%d, %s, %d, %d", $fd,
- text_strn(user_string($buf),syscall_string_trunc,1),
- $count, $pos)
+ argstr = sprintf("%d, %s, %d, %d", $fd,
+ text_strn(user_string($buf), syscall_string_trunc, 1),
+ $count, $pos)
}
probe syscall.pwrite.return = kernel.function("SyS_pwrite64").return !,
- kernel.function("sys_pwrite64").return {
+ kernel.function("sys_pwrite64").return
+{
name = "pwrite"
retstr = returnstr(1)
}
# long sys32_pwrite64(unsigned int fd, const char __user *ubuf,
# size_t count, u32 poshi, u32 poslo)
-probe syscall.pwrite32 = kernel.function("sys32_pwrite64") ? {
+probe syscall.pwrite32 = kernel.function("sys32_pwrite64") ?
+{
name = "pwrite"
fd = $fd
buf_uaddr = $buf
count = $count
offset = ($poshi << 32) + $poslo
%( arch == "s390x" %?
- buf_uaddr = $ubuf
- argstr = sprintf("%d, %s, %d, %d", $fd,
- text_strn(user_string($ubuf),syscall_string_trunc,1),
- $count, ($poshi << 32) + $poslo)
+ buf_uaddr = $ubuf
+ argstr = sprintf("%d, %s, %d, %d", $fd,
+ text_strn(user_string($ubuf), syscall_string_trunc, 1),
+ $count, ($poshi << 32) + $poslo)
%:
buf_uaddr = $buf
- argstr = sprintf("%d, %s, %d, %d", $fd,
- text_strn(user_string($buf),syscall_string_trunc,1),
- $count, ($poshi << 32) + $poslo)
+ argstr = sprintf("%d, %s, %d, %d", $fd,
+ text_strn(user_string($buf), syscall_string_trunc, 1),
+ $count, ($poshi << 32) + $poslo)
%)
}
-probe syscall.pwrite32.return = kernel.function("sys32_pwrite64").return ? {
+probe syscall.pwrite32.return = kernel.function("sys32_pwrite64").return ?
+{
name = "pwrite"
retstr = returnstr(1)
}
@@ -556,7 +593,8 @@ probe syscall.pwrite32.return = kernel.function("sys32_pwrite64").return ? {
# void __user *addr)
#
probe syscall.quotactl = kernel.function("SyS_quotactl") !,
- kernel.function("sys_quotactl") ? {
+ kernel.function("sys_quotactl") ?
+{
name = "quotactl"
cmd = $cmd
cmd_str = _quotactl_cmd_str($cmd)
@@ -567,7 +605,8 @@ probe syscall.quotactl = kernel.function("SyS_quotactl") !,
argstr = sprintf("%s, %s, %d, %p", cmd_str, special_str, $id, $addr)
}
probe syscall.quotactl.return = kernel.function("SyS_quotactl").return !,
- kernel.function("sys_quotactl").return ? {
+ kernel.function("sys_quotactl").return ?
+{
name = "quotactl"
retstr = returnstr(1)
}
@@ -576,7 +615,8 @@ probe syscall.quotactl.return = kernel.function("SyS_quotactl").return !,
# read _______________________________________________________
# ssize_t sys_read(unsigned int fd, char __user * buf, size_t count)
probe syscall.read = kernel.function("SyS_read") !,
- kernel.function("sys_read") {
+ kernel.function("sys_read")
+{
name = "read"
fd = $fd
buf_uaddr = $buf
@@ -584,7 +624,8 @@ probe syscall.read = kernel.function("SyS_read") !,
argstr = sprintf("%d, %p, %d", $fd, $buf, $count)
}
probe syscall.read.return = kernel.function("SyS_read").return !,
- kernel.function("sys_read").return {
+ kernel.function("sys_read").return
+{
name = "read"
retstr = returnstr(1)
}
@@ -597,7 +638,8 @@ probe syscall.read.return = kernel.function("SyS_read").return !,
# size_t count)
#
probe syscall.readahead = kernel.function("SyS_readahead") !,
- kernel.function("sys_readahead") {
+ kernel.function("sys_readahead")
+{
name = "readahead"
fd = $fd
offset = $offset
@@ -605,7 +647,8 @@ probe syscall.readahead = kernel.function("SyS_readahead") !,
argstr = sprintf("%d, %p, %p", fd, offset, count)
}
probe syscall.readahead.return = kernel.function("SyS_readahead").return !,
- kernel.function("sys_readahead").return {
+ kernel.function("sys_readahead").return
+{
name = "readahead"
retstr = returnstr(1)
}
@@ -614,16 +657,14 @@ probe syscall.readahead.return = kernel.function("SyS_readahead").return !,
#
# long compat_sys_old_readdir(unsigned int fd, struct compat_old_linux_dirent __user *dirent, unsigned int count)
# int old32_readdir(unsigned int fd, struct old_linux_dirent32 *dirent, unsigned int count)
-#
-probe syscall.readdir =
- kernel.function("compat_sys_old_readdir") ?,
+#
+probe syscall.readdir = kernel.function("compat_sys_old_readdir") ?,
kernel.function("old32_readdir") ?
{
name = "readdir"
argstr = sprintf("%d, %p, %d", $fd, $dirent, $count)
}
-probe syscall.readdir.return =
- kernel.function("compat_sys_old_readdir").return ?,
+probe syscall.readdir.return = kernel.function("compat_sys_old_readdir").return ?,
kernel.function("old32_readdir").return ?
{
name = "readdir"
@@ -637,16 +678,18 @@ probe syscall.readdir.return =
# int bufsiz)
#
probe syscall.readlink = kernel.function("SyS_readlink") !,
- kernel.function("sys_readlink") {
+ kernel.function("sys_readlink")
+{
name = "readlink"
path = user_string($path)
buf_uaddr = $buf
bufsiz = $bufsiz
- argstr = sprintf("%s, %p, %d", user_string_quoted($path),
- $buf, $bufsiz)
+ argstr = sprintf("%s, %p, %d", user_string_quoted($path),
+ $buf, $bufsiz)
}
probe syscall.readlink.return = kernel.function("SyS_readlink").return !,
- kernel.function("sys_readlink").return {
+ kernel.function("sys_readlink").return
+{
name = "readlink"
retstr = returnstr(1)
}
@@ -658,7 +701,8 @@ probe syscall.readlink.return = kernel.function("SyS_readlink").return !,
# int bufsiz)
#
probe syscall.readlinkat = kernel.function("SyS_readlinkat") !,
- kernel.function("sys_readlinkat") ? {
+ kernel.function("sys_readlinkat") ?
+{
name = "readlinkat"
dfd = $dfd
buf_uaddr = $buf
@@ -673,7 +717,8 @@ probe syscall.readlinkat = kernel.function("SyS_readlinkat") !,
}
probe syscall.readlinkat.return = kernel.function("SyS_readlinkat").return !,
- kernel.function("sys_readlinkat").return ? {
+ kernel.function("sys_readlinkat").return ?
+{
name = "readlinkat"
retstr = returnstr(1)
}
@@ -683,12 +728,11 @@ probe syscall.readlinkat.return = kernel.function("SyS_readlinkat").return !,
# ssize_t sys_readv(unsigned long fd,
# const struct iovec __user *vec,
# unsigned long vlen)
-# ssize_t compat_sys_readv(unsigned long fd,
-# const struct compat_iovec __user *vec,
+# ssize_t compat_sys_readv(unsigned long fd,
+# const struct compat_iovec __user *vec,
# unsigned long vlen)
#
-probe syscall.readv =
- kernel.function("compat_sys_readv") ?,
+probe syscall.readv = kernel.function("compat_sys_readv") ?,
kernel.function("SyS_readv") !,
kernel.function("sys_readv")
{
@@ -703,8 +747,7 @@ probe syscall.readv =
argstr = sprintf("unknown fd, %p, %d", $vec, $vlen)
%)
}
-probe syscall.readv.return =
- kernel.function("compat_sys_readv").return ?,
+probe syscall.readv.return = kernel.function("compat_sys_readv").return ?,
kernel.function("SyS_readv").return !,
kernel.function("sys_readv").return
{
@@ -720,7 +763,8 @@ probe syscall.readv.return =
# void __user * arg)
#
probe syscall.reboot = kernel.function("SyS_reboot") !,
- kernel.function("sys_reboot") {
+ kernel.function("sys_reboot")
+{
name = "reboot"
magic = $magic1
magic_str = _reboot_magic_str($magic1)
@@ -730,10 +774,11 @@ probe syscall.reboot = kernel.function("SyS_reboot") !,
flag_str = _reboot_flag_str($cmd)
arg_uaddr = $arg
argstr = sprintf("%s, %s, %s, %p", magic_str, magic2_str,
- flag_str, $arg)
+ flag_str, $arg)
}
probe syscall.reboot.return = kernel.function("SyS_reboot").return !,
- kernel.function("sys_reboot").return {
+ kernel.function("sys_reboot").return
+{
name = "reboot"
retstr = returnstr(1)
}
@@ -742,7 +787,8 @@ probe syscall.reboot.return = kernel.function("SyS_reboot").return !,
#
# long sys_recv(int fd, void __user *ubuf, size_t size, unsigned flags)
#
-probe syscall.recv = kernel.function("sys_recv") ? {
+probe syscall.recv = kernel.function("sys_recv") ?
+{
name = "recv"
s = $fd
buf_uaddr = $ubuf
@@ -751,7 +797,8 @@ probe syscall.recv = kernel.function("sys_recv") ? {
flags_str = _recvflags_str($flags)
argstr = sprintf("%d, %p, %d, %s", $fd, $ubuf, $size, _recvflags_str($flags))
}
-probe syscall.recv.return = kernel.function("sys_recv").return ? {
+probe syscall.recv.return = kernel.function("sys_recv").return ?
+{
name = "recv"
retstr = returnstr(1)
}
@@ -766,7 +813,8 @@ probe syscall.recv.return = kernel.function("sys_recv").return ? {
# int __user *addr_len)
#
probe syscall.recvfrom = kernel.function("SyS_recvfrom") !,
- kernel.function("sys_recvfrom") ? {
+ kernel.function("sys_recvfrom") ?
+{
name = "recvfrom"
s = $fd
buf_uaddr = $ubuf
@@ -779,7 +827,8 @@ probe syscall.recvfrom = kernel.function("SyS_recvfrom") !,
$fd, $ubuf, $size, _recvflags_str($flags), $addr, $addr_len)
}
probe syscall.recvfrom.return = kernel.function("SyS_recvfrom").return !,
- kernel.function("sys_recvfrom").return ? {
+ kernel.function("sys_recvfrom").return ?
+{
name = "recvfrom"
retstr = returnstr(1)
}
@@ -791,7 +840,8 @@ probe syscall.recvfrom.return = kernel.function("SyS_recvfrom").return !,
# unsigned int flags)
#
probe syscall.recvmsg = kernel.function("SyS_recvmsg") !,
- kernel.function("sys_recvmsg") ? {
+ kernel.function("sys_recvmsg") ?
+{
name = "recvmsg"
s = $fd
msg_uaddr = $msg
@@ -800,7 +850,8 @@ probe syscall.recvmsg = kernel.function("SyS_recvmsg") !,
argstr = sprintf("%d, %p, %s", $fd, $msg, _recvflags_str($flags))
}
probe syscall.recvmsg.return = kernel.function("SyS_recvmsg").return !,
- kernel.function("sys_recvmsg").return ? {
+ kernel.function("sys_recvmsg").return ?
+{
name = "recvmsg"
retstr = returnstr(1)
}
@@ -810,14 +861,16 @@ probe syscall.recvmsg.return = kernel.function("SyS_recvmsg").return !,
# struct compat_msghdr __user *msg,
# unsigned int flags)
#
-probe syscall.compat_sys_recvmsg = kernel.function("compat_sys_recvmsg") ? {
+probe syscall.compat_sys_recvmsg = kernel.function("compat_sys_recvmsg") ?
+{
name = "compat_sys_recvmsg"
s = $fd
msg_uaddr = $msg
flags = $flags
argstr = sprintf("%d, %p, %s", $fd, $msg, _recvflags_str($flags))
}
-probe syscall.compat_sys_recvmsg.return = kernel.function("compat_sys_recvmsg").return ? {
+probe syscall.compat_sys_recvmsg.return = kernel.function("compat_sys_recvmsg").return ?
+{
name = "compat_sys_recvmsg"
retstr = returnstr(1)
}
@@ -831,7 +884,8 @@ probe syscall.compat_sys_recvmsg.return = kernel.function("compat_sys_recvmsg").
# unsigned long flags)
#
probe syscall.remap_file_pages = kernel.function("SyS_remap_file_pages") !,
- kernel.function("sys_remap_file_pages") ? {
+ kernel.function("sys_remap_file_pages") ?
+{
name = "remap_file_pages"
start = $start
size = $size
@@ -843,11 +897,11 @@ probe syscall.remap_file_pages = kernel.function("SyS_remap_file_pages") !,
pgoff = $pgoff
flags = $flags
argstr = sprintf("%p, %p, %p, %p, %p", start, size, prot,
- pgoff, flags)
+ pgoff, flags)
}
-probe syscall.remap_file_pages.return =
- kernel.function("SyS_remap_file_pages").return !,
- kernel.function("sys_remap_file_pages").return ? {
+probe syscall.remap_file_pages.return = kernel.function("SyS_remap_file_pages").return !,
+ kernel.function("sys_remap_file_pages").return ?
+{
name = "remap_file_pages"
retstr = returnstr(1)
}
@@ -859,22 +913,24 @@ probe syscall.remap_file_pages.return =
# char __user *name)
#
probe syscall.removexattr = kernel.function("SyS_removexattr") !,
- kernel.function("sys_removexattr") {
+ kernel.function("sys_removexattr")
+{
name = "removexattr"
name_str = user_string($name)
%( kernel_v >= "2.6.27" %?
path = user_string($pathname)
- argstr = sprintf("%s, %s", user_string_quoted($pathname),
+ argstr = sprintf("%s, %s", user_string_quoted($pathname),
user_string_quoted($name))
%:
path = user_string($path)
- argstr = sprintf("%s, %s", user_string_quoted($path),
+ argstr = sprintf("%s, %s", user_string_quoted($path),
user_string_quoted($name))
%)
}
probe syscall.removexattr.return = kernel.function("SyS_removexattr").return !,
- kernel.function("sys_removexattr").return {
+ kernel.function("sys_removexattr").return
+{
name = "removexattr"
retstr = returnstr(1)
}
@@ -885,15 +941,17 @@ probe syscall.removexattr.return = kernel.function("SyS_removexattr").return !,
# const char __user * newname)
#
probe syscall.rename = kernel.function("SyS_rename") !,
- kernel.function("sys_rename") {
+ kernel.function("sys_rename")
+{
name = "rename"
oldpath = user_string($oldname)
newpath = user_string($newname)
- argstr = sprintf("%s, %s", user_string_quoted($oldname),
- user_string_quoted($newname))
+ argstr = sprintf("%s, %s", user_string_quoted($oldname),
+ user_string_quoted($newname))
}
probe syscall.rename.return = kernel.function("SyS_rename").return !,
- kernel.function("sys_rename").return {
+ kernel.function("sys_rename").return
+{
name = "rename"
retstr = returnstr(1)
}
@@ -903,7 +961,8 @@ probe syscall.rename.return = kernel.function("SyS_rename").return !,
# long sys_renameat(int olddfd, const char __user *oldname,
# int newdfd, const char __user *newname)
probe syscall.renameat = kernel.function("SyS_renameat") !,
- kernel.function("sys_renameat") ? {
+ kernel.function("sys_renameat") ?
+{
name = "renameat"
olddfd = $olddfd
olddfd_str = _dfd_str($olddfd)
@@ -918,7 +977,8 @@ probe syscall.renameat = kernel.function("SyS_renameat") !,
newdfd_str, user_string_quoted($newname))
}
probe syscall.renameat.return = kernel.function("SyS_renameat").return !,
- kernel.function("sys_renameat").return ? {
+ kernel.function("sys_renameat").return ?
+{
name = "renameat"
retstr = returnstr(1)
}
@@ -932,7 +992,8 @@ probe syscall.renameat.return = kernel.function("SyS_renameat").return !,
# compat_sys_request_key() calls sys_request_key, so don't need probe there.
#
probe syscall.request_key = kernel.function("SyS_request_key") !,
- kernel.function("sys_request_key") ? {
+ kernel.function("sys_request_key") ?
+{
name = "request_key"
type_uaddr = $_type
description_uaddr = $_description
@@ -941,7 +1002,8 @@ probe syscall.request_key = kernel.function("SyS_request_key") !,
argstr = sprintf("%p, %p, %p, %p", $_type, $_description, $_callout_info, $destringid)
}
probe syscall.request_key.return = kernel.function("SyS_request_key").return !,
- kernel.function("sys_request_key").return ? {
+ kernel.function("sys_request_key").return ?
+{
name = "request_key"
retstr = returnstr(1)
}
@@ -951,12 +1013,13 @@ probe syscall.request_key.return = kernel.function("SyS_request_key").return !,
# asmlinkage long
# sys_restart_syscall(void)
#
-probe syscall.restart_syscall = kernel.function("sys_restart_syscall") {
+probe syscall.restart_syscall = kernel.function("sys_restart_syscall")
+{
name = "restart_syscall"
argstr = ""
}
-probe syscall.restart_syscall.return =
- kernel.function("sys_restart_syscall").return {
+probe syscall.restart_syscall.return = kernel.function("sys_restart_syscall").return
+{
name = "restart_syscall"
retstr = returnstr(1)
}
@@ -966,13 +1029,15 @@ probe syscall.restart_syscall.return =
# sys_rmdir(const char __user * pathname)
#
probe syscall.rmdir = kernel.function("SyS_rmdir") !,
- kernel.function("sys_rmdir") {
+ kernel.function("sys_rmdir")
+{
name = "rmdir"
pathname = user_string($pathname)
argstr = user_string_quoted($pathname)
}
probe syscall.rmdir.return = kernel.function("SyS_rmdir").return !,
- kernel.function("sys_rmdir").return {
+ kernel.function("sys_rmdir").return
+{
name = "rmdir"
retstr = returnstr(1)
}
@@ -985,31 +1050,32 @@ probe syscall.rmdir.return = kernel.function("SyS_rmdir").return !,
# size_t sigsetsize)
#
probe syscall.rt_sigaction = kernel.function("SyS_rt_sigaction") !,
- kernel.function("sys_rt_sigaction") ? {
+ kernel.function("sys_rt_sigaction") ?
+{
name = "rt_sigaction"
sig = $sig
act_uaddr = $act
oact_uaddr = $oact
sigsetsize = $sigsetsize
argstr = sprintf("%s, {%s}, %p, %d", _signal_name($sig),
- _struct_sigaction_u($act), $oact, $sigsetsize)
+ _struct_sigaction_u($act), $oact, $sigsetsize)
}
-probe syscall.rt_sigaction.return =
- kernel.function("SyS_rt_sigaction").return !,
- kernel.function("sys_rt_sigaction").return ? {
+probe syscall.rt_sigaction.return = kernel.function("SyS_rt_sigaction").return !,
+ kernel.function("sys_rt_sigaction").return ?
+{
name = "rt_sigaction"
retstr = returnstr(1)
}
#
-# long sys32_rt_sigaction(int sig,
+# long sys32_rt_sigaction(int sig,
# struct sigaction32 __user *act,
-# struct sigaction32 __user *oact,
+# struct sigaction32 __user *oact,
# unsigned int sigsetsize)
# ppc only
-# compat_sys_rt_sigaction(int sig,
+# compat_sys_rt_sigaction(int sig,
# const struct sigaction32 __user *act,
-# struct sigaction32 __user *oact,
+# struct sigaction32 __user *oact,
# size_t sigsetsize)
probe syscall.rt_sigaction32 = kernel.function("sys32_rt_sigaction") ?,
@@ -1021,7 +1087,7 @@ probe syscall.rt_sigaction32 = kernel.function("sys32_rt_sigaction") ?,
oact_uaddr = $oact
sigsetsize = $sigsetsize
argstr = sprintf("%s, {%s}, %p, %d", _signal_name($sig),
- _struct_sigaction32_u($act), $oact, $sigsetsize)
+ _struct_sigaction32_u($act), $oact, $sigsetsize)
}
probe syscall.rt_sigaction32.return = kernel.function("sys32_rt_sigaction").return ?,
kernel.function("compat_sys_rt_sigaction").return ?
@@ -1035,15 +1101,16 @@ probe syscall.rt_sigaction32.return = kernel.function("sys32_rt_sigaction").retu
# long sys_rt_sigpending(sigset_t __user *set, size_t sigsetsize)
#
probe syscall.rt_sigpending = kernel.function("SyS_rt_sigpending") !,
- kernel.function("sys_rt_sigpending") ? {
+ kernel.function("sys_rt_sigpending") ?
+{
name = "rt_sigpending"
set_uaddr = $set
sigsetsize = $sigsetsize
argstr = sprintf("%p, %d", $set, $sigsetsize)
}
-probe syscall.rt_sigpending.return =
- kernel.function("SyS_rt_sigpending").return !,
- kernel.function("sys_rt_sigpending").return ? {
+probe syscall.rt_sigpending.return = kernel.function("SyS_rt_sigpending").return !,
+ kernel.function("sys_rt_sigpending").return ?
+{
name = "rt_sigpending"
retstr = returnstr(1)
}
@@ -1053,8 +1120,7 @@ probe syscall.rt_sigpending.return =
# long compat_sys_rt_sigprocmask(int how, compat_sigset_t __user *set, compat_sigset_t __user *oset, compat_size_t sigsetsize)
# long sys_rt_sigprocmask(int how, sigset_t __user *set, sigset_t __user *oset, size_t sigsetsize)
#
-probe syscall.rt_sigprocmask =
- kernel.function("sys32_rt_sigprocmask") ?,
+probe syscall.rt_sigprocmask = kernel.function("sys32_rt_sigprocmask") ?,
kernel.function("compat_sys_rt_sigprocmask") ?,
kernel.function("SyS_rt_sigprocmask") !,
kernel.function("sys_rt_sigprocmask") ?
@@ -1065,10 +1131,9 @@ probe syscall.rt_sigprocmask =
set_uaddr = $set
oldset_uaddr = $oset
argstr = sprintf("%s, [%s], %p, %d", how_str, _stp_sigset_u($set),
- $oset, $sigsetsize)
+ $oset, $sigsetsize)
}
-probe syscall.rt_sigprocmask.return =
- kernel.function("sys32_rt_sigprocmask").return ?,
+probe syscall.rt_sigprocmask.return = kernel.function("sys32_rt_sigprocmask").return ?,
kernel.function("compat_sys_rt_sigprocmask").return ?,
kernel.function("SyS_rt_sigprocmask").return !,
kernel.function("sys_rt_sigprocmask").return ?
@@ -1079,19 +1144,20 @@ probe syscall.rt_sigprocmask.return =
# rt_sigqueueinfo ____________________________________________
#
-# long sys_rt_sigqueueinfo(int pid, int sig,siginfo_t __user *uinfo)
+# long sys_rt_sigqueueinfo(int pid, int sig, siginfo_t __user *uinfo)
#
probe syscall.rt_sigqueueinfo = kernel.function("SyS_rt_sigqueueinfo") !,
- kernel.function("sys_rt_sigqueueinfo") {
+ kernel.function("sys_rt_sigqueueinfo")
+{
name = "rt_sigqueueinfo"
pid = $pid
sig = $sig
uinfo_uaddr = $uinfo
argstr = sprintf("%d, %s, %p", $pid, _signal_name($sig), $uinfo)
}
-probe syscall.rt_sigqueueinfo.return =
- kernel.function("SyS_rt_sigqueueinfo").return !,
- kernel.function("sys_rt_sigqueueinfo").return {
+probe syscall.rt_sigqueueinfo.return = kernel.function("SyS_rt_sigqueueinfo").return !,
+ kernel.function("sys_rt_sigqueueinfo").return
+{
name = "rt_sigqueueinfo"
retstr = returnstr(1)
}
@@ -1099,16 +1165,14 @@ probe syscall.rt_sigqueueinfo.return =
# rt_sigreturn _______________________________________________
# int sys_rt_sigreturn(unsigned long __unused)
#
-probe syscall.rt_sigreturn =
- kernel.function("sys_rt_sigreturn") ?,
- kernel.function("sys32_rt_sigreturn") ?
+probe syscall.rt_sigreturn = kernel.function("sys_rt_sigreturn") ?,
+ kernel.function("sys32_rt_sigreturn") ?
{
name = "rt_sigreturn"
argstr = ""
}
-probe syscall.rt_sigreturn.return =
- kernel.function("sys_rt_sigreturn").return ?,
- kernel.function("sys32_rt_sigreturn").return ?
+probe syscall.rt_sigreturn.return = kernel.function("sys_rt_sigreturn").return ?,
+ kernel.function("sys32_rt_sigreturn").return ?
{
name = "rt_sigreturn"
retstr = returnstr(1)
@@ -1118,8 +1182,7 @@ probe syscall.rt_sigreturn.return =
#
# sys_rt_sigsuspend(struct pt_regs regs)
#
-probe syscall.rt_sigsuspend =
- kernel.function("compat_sys_rt_sigsuspend") ?,
+probe syscall.rt_sigsuspend = kernel.function("compat_sys_rt_sigsuspend") ?,
kernel.function("ia64_rt_sigsuspend") ?,
kernel.function("SyS_rt_sigsuspend") !,
kernel.function("sys_rt_sigsuspend") ?
@@ -1127,8 +1190,7 @@ probe syscall.rt_sigsuspend =
name = "rt_sigsuspend"
argstr = ""
}
-probe syscall.rt_sigsuspend.return =
- kernel.function("compat_sys_rt_sigsuspend").return ?,
+probe syscall.rt_sigsuspend.return = kernel.function("compat_sys_rt_sigsuspend").return ?,
kernel.function("ia64_rt_sigsuspend").return ?,
kernel.function("SyS_rt_sigsuspend").return !,
kernel.function("sys_rt_sigsuspend").return ?
@@ -1147,8 +1209,7 @@ probe syscall.rt_sigsuspend.return =
# struct compat_siginfo __user *uinfo,
# struct compat_timespec __user *uts, compat_size_t sigsetsize)
#
-probe syscall.rt_sigtimedwait =
- kernel.function("compat_sys_rt_sigtimedwait") ?,
+probe syscall.rt_sigtimedwait = kernel.function("compat_sys_rt_sigtimedwait") ?,
kernel.function("SyS_rt_sigtimedwait") !,
kernel.function("sys_rt_sigtimedwait")
{
@@ -1159,8 +1220,7 @@ probe syscall.rt_sigtimedwait =
sigsetsize = $sigsetsize
argstr = sprintf("%p, %p, %p, %d", $uthese, $uinfo, $uts, $sigsetsize)
}
-probe syscall.rt_sigtimedwait.return =
- kernel.function("compat_sys_rt_sigtimedwait").return ?,
+probe syscall.rt_sigtimedwait.return = kernel.function("compat_sys_rt_sigtimedwait").return ?,
kernel.function("SyS_rt_sigtimedwait").return !,
kernel.function("sys_rt_sigtimedwait").return
{
@@ -1176,16 +1236,17 @@ probe syscall.rt_sigtimedwait.return =
# unsigned long __user *user_mask_ptr)
#
probe syscall.sched_getaffinity = kernel.function("SyS_sched_getaffinity") !,
- kernel.function("sys_sched_getaffinity") {
+ kernel.function("sys_sched_getaffinity")
+{
name = "sched_getaffinity"
pid = $pid
len = $len
mask_uaddr = $user_mask_ptr
argstr = sprintf("%d, %p, %p", pid, len, mask_uaddr)
}
-probe syscall.sched_getaffinity.return =
- kernel.function("SyS_sched_getaffinity").return !,
- kernel.function("sys_sched_getaffinity").return {
+probe syscall.sched_getaffinity.return = kernel.function("SyS_sched_getaffinity").return !,
+ kernel.function("sys_sched_getaffinity").return
+{
name = "sched_getaffinity"
retstr = returnstr(1)
}
@@ -1196,15 +1257,16 @@ probe syscall.sched_getaffinity.return =
# struct sched_param __user *param)
#
probe syscall.sched_getparam = kernel.function("SyS_sched_getparam") !,
- kernel.function("sys_sched_getparam") {
+ kernel.function("sys_sched_getparam")
+{
name = "sched_getparam"
pid = $pid
p_uaddr = $param
argstr = sprintf("%d, %p", pid, p_uaddr)
}
-probe syscall.sched_getparam.return =
- kernel.function("SyS_sched_getparam").return !,
- kernel.function("sys_sched_getparam").return {
+probe syscall.sched_getparam.return = kernel.function("SyS_sched_getparam").return !,
+ kernel.function("sys_sched_getparam").return
+{
name = "sched_getparam"
retstr = returnstr(1)
}
@@ -1213,16 +1275,16 @@ probe syscall.sched_getparam.return =
# asmlinkage long
# sys_sched_get_priority_max(int policy)
#
-probe syscall.sched_get_priority_max =
- kernel.function("SyS_sched_get_priority_max") !,
- kernel.function("sys_sched_get_priority_max") {
+probe syscall.sched_get_priority_max = kernel.function("SyS_sched_get_priority_max") !,
+ kernel.function("sys_sched_get_priority_max")
+{
name = "sched_get_priority_max"
policy = $policy
argstr = sprint(policy)
}
-probe syscall.sched_get_priority_max.return =
- kernel.function("SyS_sched_get_priority_max").return !,
- kernel.function("sys_sched_get_priority_max").return {
+probe syscall.sched_get_priority_max.return = kernel.function("SyS_sched_get_priority_max").return !,
+ kernel.function("sys_sched_get_priority_max").return
+{
name = "sched_get_priority_max"
retstr = returnstr(1)
}
@@ -1231,16 +1293,16 @@ probe syscall.sched_get_priority_max.return =
# asmlinkage long
# sys_sched_get_priority_min(int policy)
#
-probe syscall.sched_get_priority_min =
- kernel.function("SyS_sched_get_priority_min") !,
- kernel.function("sys_sched_get_priority_min") {
+probe syscall.sched_get_priority_min = kernel.function("SyS_sched_get_priority_min") !,
+ kernel.function("sys_sched_get_priority_min")
+{
name = "sched_get_priority_min"
policy = $policy
argstr = sprint(policy)
}
-probe syscall.sched_get_priority_min.return =
- kernel.function("SyS_sched_get_priority_min").return !,
- kernel.function("sys_sched_get_priority_min").return {
+probe syscall.sched_get_priority_min.return = kernel.function("SyS_sched_get_priority_min").return !,
+ kernel.function("sys_sched_get_priority_min").return
+{
name = "sched_get_priority_min"
retstr = returnstr(1)
}
@@ -1249,13 +1311,15 @@ probe syscall.sched_get_priority_min.return =
# long sys_sched_getscheduler(pid_t pid)
#
probe syscall.sched_getscheduler = kernel.function("SyS_sched_getscheduler") !,
- kernel.function("sys_sched_getscheduler") {
+ kernel.function("sys_sched_getscheduler")
+{
name = "sched_getscheduler"
pid = $pid
argstr = sprint($pid)
}
probe syscall.sched_getscheduler.return = kernel.function("SyS_sched_getscheduler").return !,
- kernel.function("sys_sched_getscheduler").return {
+ kernel.function("sys_sched_getscheduler").return
+{
name = "sched_getscheduler"
retstr = returnstr(1)
}
@@ -1264,14 +1328,16 @@ probe syscall.sched_getscheduler.return = kernel.function("SyS_sched_getschedule
# long sys_sched_rr_get_interval(pid_t pid, struct timespec __user *interval)
#
probe syscall.sched_rr_get_interval = kernel.function("SyS_sched_rr_get_interval") !,
- kernel.function("sys_sched_rr_get_interval") {
+ kernel.function("sys_sched_rr_get_interval")
+{
name = "sched_rr_get_interval"
pid = $pid
tp_uaddr = $interval
- argstr = sprintf("%d, %s", $pid, _struct_timespec_u($interval,1))
+ argstr = sprintf("%d, %s", $pid, _struct_timespec_u($interval, 1))
}
probe syscall.sched_rr_get_interval.return = kernel.function("SyS_sched_rr_get_interval").return !,
- kernel.function("sys_sched_rr_get_interval").return {
+ kernel.function("sys_sched_rr_get_interval").return
+{
name = "sched_rr_get_interval"
retstr = returnstr(1)
}
@@ -1284,7 +1350,8 @@ probe syscall.sched_rr_get_interval.return = kernel.function("SyS_sched_rr_get_i
#
%( arch != "x86_64" %?
probe syscall.sched_setaffinity = kernel.function("SyS_sched_setaffinity") !,
- kernel.function("sys_sched_setaffinity") {
+ kernel.function("sys_sched_setaffinity")
+{
name = "sched_setaffinity"
pid = $pid
len = $len
@@ -1293,7 +1360,8 @@ probe syscall.sched_setaffinity = kernel.function("SyS_sched_setaffinity") !,
}
%:
probe syscall.sched_setaffinity = kernel.function("SyS_sched_setaffinity") !,
- kernel.function("sys_sched_setaffinity") {
+ kernel.function("sys_sched_setaffinity")
+{
name = "sched_setaffinity"
pid = $pid
len = 0
@@ -1302,7 +1370,8 @@ probe syscall.sched_setaffinity = kernel.function("SyS_sched_setaffinity") !,
}
%)
probe syscall.sched_setaffinity.return = kernel.function("SyS_sched_setaffinity").return !,
- kernel.function("sys_sched_setaffinity").return {
+ kernel.function("sys_sched_setaffinity").return
+{
name = "sched_setaffinity"
retstr = returnstr(1)
}
@@ -1312,15 +1381,16 @@ probe syscall.sched_setaffinity.return = kernel.function("SyS_sched_setaffinity"
# long sys_sched_setparam(pid_t pid, struct sched_param __user *param)
#
probe syscall.sched_setparam = kernel.function("SyS_sched_setparam") !,
- kernel.function("sys_sched_setparam") ? {
+ kernel.function("sys_sched_setparam") ?
+{
name = "sched_setparam"
pid = $pid
p_uaddr = $param
argstr = sprintf("%d, %p", $pid, $param)
}
-probe syscall.sched_setparam.return =
- kernel.function("SyS_sched_setparam").return !,
- kernel.function("sys_sched_setparam").return ? {
+probe syscall.sched_setparam.return = kernel.function("SyS_sched_setparam").return !,
+ kernel.function("sys_sched_setparam").return ?
+{
name = "sched_setparam"
retstr = returnstr(1)
}
@@ -1329,9 +1399,9 @@ probe syscall.sched_setparam.return =
#
# long sys_sched_setscheduler(pid_t pid, int policy, struct sched_param __user *param)
#
-probe syscall.sched_setscheduler =
- kernel.function("SyS_sched_setscheduler") !,
- kernel.function("sys_sched_setscheduler") ? {
+probe syscall.sched_setscheduler = kernel.function("SyS_sched_setscheduler") !,
+ kernel.function("sys_sched_setscheduler") ?
+{
name = "sched_setscheduler"
pid = $pid
policy = $policy
@@ -1339,9 +1409,9 @@ probe syscall.sched_setscheduler =
p_uaddr = $param
argstr = sprintf("%d, %s, %p", $pid, policy_str, $param)
}
-probe syscall.sched_setscheduler.return =
- kernel.function("SyS_sched_setscheduler").return !,
- kernel.function("sys_sched_setscheduler").return ? {
+probe syscall.sched_setscheduler.return = kernel.function("SyS_sched_setscheduler").return !,
+ kernel.function("sys_sched_setscheduler").return ?
+{
name = "sched_setscheduler"
retstr = returnstr(1)
}
@@ -1349,11 +1419,13 @@ probe syscall.sched_setscheduler.return =
# sched_yield ________________________________________________
# long sys_sched_yield(void)
#
-probe syscall.sched_yield = kernel.function("sys_sched_yield") {
+probe syscall.sched_yield = kernel.function("sys_sched_yield")
+{
name = "sched_yield"
argstr = ""
}
-probe syscall.sched_yield.return = kernel.function("sys_sched_yield").return {
+probe syscall.sched_yield.return = kernel.function("sys_sched_yield").return
+{
name = "sched_yield"
retstr = returnstr(1)
}
@@ -1366,7 +1438,8 @@ probe syscall.sched_yield.return = kernel.function("sys_sched_yield").return {
# struct timeval __user *tvp)
#
probe syscall.select = kernel.function("SyS_select") !,
- kernel.function("sys_select") {
+ kernel.function("sys_select")
+{
name = "select"
n = $n
readfds_uaddr = $inp
@@ -1374,20 +1447,22 @@ probe syscall.select = kernel.function("SyS_select") !,
exceptfds_uaddr = $exp
timeout_uaddr = $tvp
argstr = sprintf("%d, %p, %p, %p, %s", $n, $inp, $outp, $exp,
- _struct_timeval_u($tvp, 1))
+ _struct_timeval_u($tvp, 1))
}
probe syscall.select.return = kernel.function("SyS_select").return !,
- kernel.function("sys_select").return {
+ kernel.function("sys_select").return
+{
name = "select"
retstr = returnstr(1)
}
-# long compat_sys_select(int n,
+# long compat_sys_select(int n,
# compat_ulong_t __user *inp,
-# compat_ulong_t __user *outp,
+# compat_ulong_t __user *outp,
# compat_ulong_t __user *exp,
# struct compat_timeval __user *tvp)
#
-probe syscall.compat_select = kernel.function("compat_sys_select") ? {
+probe syscall.compat_select = kernel.function("compat_sys_select") ?
+{
name = "select"
n = $n
readfds_uaddr = $inp
@@ -1395,9 +1470,10 @@ probe syscall.compat_select = kernel.function("compat_sys_select") ? {
exceptfds_uaddr = $exp
timeout_uaddr = $tvp
argstr = sprintf("%d, %p, %p, %p, %s", $n, $inp, $outp, $exp,
- _struct_compat_timeval_u($tvp, 1))
+ _struct_compat_timeval_u($tvp, 1))
}
-probe syscall.compat_select.return = kernel.function("compat_sys_select").return ? {
+probe syscall.compat_select.return = kernel.function("compat_sys_select").return ?
+{
name = "select"
retstr = returnstr(1)
}
@@ -1409,7 +1485,8 @@ probe syscall.compat_select.return = kernel.function("compat_sys_select").return
# union semun arg)
#
probe syscall.semctl = kernel.function("SyS_semctl") !,
- kernel.function("sys_semctl") ? {
+ kernel.function("sys_semctl") ?
+{
name = "semctl"
semid = $semid
semnum = $semnum
@@ -1421,7 +1498,8 @@ probe syscall.semctl = kernel.function("SyS_semctl") !,
argstr = sprintf("%d, %d, %s", $semid, $semnum, _semctl_cmd($cmd))
}
probe syscall.semctl.return = kernel.function("SyS_semctl").return !,
- kernel.function("sys_semctl").return ? {
+ kernel.function("sys_semctl").return ?
+{
name = "semctl"
retstr = returnstr(1)
}
@@ -1429,11 +1507,13 @@ probe syscall.semctl.return = kernel.function("SyS_semctl").return !,
#
# long compat_sys_semctl(int first, int second, int third, void __user *uptr)
#
-probe syscall.compat_sys_semctl = kernel.function("compat_sys_semctl") ? {
+probe syscall.compat_sys_semctl = kernel.function("compat_sys_semctl") ?
+{
name = "compat_sys_semctl"
- argstr = sprintf("%d, %d, %d, %p", $first, $second, $third, $uptr)
+ argstr = sprintf("%d, %d, %d, %p", $first, $second, $third, $uptr)
}
-probe syscall.compat_sys_semctl.return = kernel.function("compat_sys_semctl").return ? {
+probe syscall.compat_sys_semctl.return = kernel.function("compat_sys_semctl").return ?
+{
name = "compat_sys_semctl"
retstr = returnstr(1)
}
@@ -1442,7 +1522,8 @@ probe syscall.compat_sys_semctl.return = kernel.function("compat_sys_semctl").re
# long sys_semget (key_t key, int nsems, int semflg)
#
probe syscall.semget = kernel.function("SyS_semget") !,
- kernel.function("sys_semget") ? {
+ kernel.function("sys_semget") ?
+{
name = "semget"
key = $key
nsems = $nsems
@@ -1450,7 +1531,8 @@ probe syscall.semget = kernel.function("SyS_semget") !,
argstr = sprintf("%d, %d, %s", $key, $nsems, __sem_flags($semflg))
}
probe syscall.semget.return = kernel.function("SyS_semget").return !,
- kernel.function("sys_semget").return ? {
+ kernel.function("sys_semget").return ?
+{
name = "semget"
retstr = returnstr(1)
}
@@ -1462,7 +1544,8 @@ probe syscall.semget.return = kernel.function("SyS_semget").return !,
# unsigned nsops)
#
probe syscall.semop = kernel.function("SyS_semtimedop") !,
- kernel.function("sys_semtimedop") ? {
+ kernel.function("sys_semtimedop") ?
+{
name = "semop"
semid = $semid
tsops_uaddr = $tsops
@@ -1470,7 +1553,8 @@ probe syscall.semop = kernel.function("SyS_semtimedop") !,
argstr = sprintf("%d, %p, %d", $semid, $tsops, $nsops)
}
probe syscall.semop.return = kernel.function("SyS_semtimedop").return !,
- kernel.function("sys_semtimedop").return ? {
+ kernel.function("sys_semtimedop").return ?
+{
name = "semop"
retstr = returnstr(1)
}
@@ -1483,17 +1567,19 @@ probe syscall.semop.return = kernel.function("SyS_semtimedop").return !,
# const struct timespec __user *timeout)
#
probe syscall.semtimedop = kernel.function("SyS_semtimedop") !,
- kernel.function("sys_semtimedop") ? {
+ kernel.function("sys_semtimedop") ?
+{
name = "semtimedop"
semid = $semid
sops_uaddr = $tsops
nsops = $nsops
timeout_uaddr = $timeout
argstr = sprintf("%d, %p, %d, %s", $semid, $tsops, $nsops,
- _struct_timespec_u($timeout,1))
+ _struct_timespec_u($timeout, 1))
}
probe syscall.semtimedop.return = kernel.function("SyS_semtimedop").return !,
- kernel.function("sys_semtimedop").return ? {
+ kernel.function("sys_semtimedop").return ?
+{
name = "semtimedop"
retstr = returnstr(1)
}
@@ -1502,16 +1588,18 @@ probe syscall.semtimedop.return = kernel.function("SyS_semtimedop").return !,
# long compat_sys_semtimedop(int semid, struct sembuf __user *tsems,
# unsigned nsops, const struct compat_timespec __user *timeout)
#
-probe syscall.compat_sys_semtimedop = kernel.function("compat_sys_semtimedop") ? {
+probe syscall.compat_sys_semtimedop = kernel.function("compat_sys_semtimedop") ?
+{
name = "compat_sys_semtimedop"
semid = $semid
sops_uaddr = $tsems
nsops = $nsops
timeout_uaddr = $timeout
argstr = sprintf("%d, %p, %d, %s", $semid, $tsems, $nsops,
- _struct_compat_timespec_u($timeout,1))
+ _struct_compat_timespec_u($timeout, 1))
}
-probe syscall.compat_sys_semtimedop.return = kernel.function("compat_sys_semtimedop").return ? {
+probe syscall.compat_sys_semtimedop.return = kernel.function("compat_sys_semtimedop").return ?
+{
name = "compat_sys_semtimedop"
retstr = returnstr(1)
}
@@ -1524,7 +1612,8 @@ probe syscall.compat_sys_semtimedop.return = kernel.function("compat_sys_semtime
# unsigned flags)
#
probe syscall.send = kernel.function("SyS_send") !,
- kernel.function("sys_send") ? {
+ kernel.function("sys_send") ?
+{
name = "send"
s = $fd
buf_uaddr = $buff
@@ -1534,7 +1623,8 @@ probe syscall.send = kernel.function("SyS_send") !,
argstr = sprintf("%d, %p, %d, %s", $fd, $buff, $len, flags_str)
}
probe syscall.send.return = kernel.function("SyS_send").return !,
- kernel.function("sys_send").return ? {
+ kernel.function("sys_send").return ?
+{
name = "send"
retstr = returnstr(1)
}
@@ -1546,8 +1636,7 @@ probe syscall.send.return = kernel.function("SyS_send").return !,
# off_t __user *offset,
# size_t count)
#
-probe syscall.sendfile =
- kernel.function("SyS_sendfile") ?,
+probe syscall.sendfile = kernel.function("SyS_sendfile") ?,
kernel.function("sys_sendfile") ?,
kernel.function("SyS_sendfile64") ?,
kernel.function("sys_sendfile64") ?
@@ -1558,10 +1647,9 @@ probe syscall.sendfile =
offset_uaddr = $offset
count = $count
argstr = sprintf("%d, %d, %p, %d", $out_fd, $in_fd, $offset,
- $count)
+ $count)
}
-probe syscall.sendfile.return =
- kernel.function("SyS_sendfile").return ?,
+probe syscall.sendfile.return = kernel.function("SyS_sendfile").return ?,
kernel.function("sys_sendfile").return ?,
kernel.function("SyS_sendfile64").return ?,
kernel.function("sys_sendfile64").return ?
@@ -1575,7 +1663,8 @@ probe syscall.sendfile.return =
# long sys_sendmsg(int fd, struct msghdr __user *msg, unsigned flags)
#
probe syscall.sendmsg = kernel.function("SyS_sendmsg") !,
- kernel.function("sys_sendmsg") ? {
+ kernel.function("sys_sendmsg") ?
+{
name = "sendmsg"
s = $fd
msg_uaddr = $msg
@@ -1584,7 +1673,8 @@ probe syscall.sendmsg = kernel.function("SyS_sendmsg") !,
argstr = sprintf("%d, %p, %s", $fd, $msg, _sendflags_str($flags))
}
probe syscall.sendmsg.return = kernel.function("SyS_sendmsg").return !,
- kernel.function("sys_sendmsg").return ? {
+ kernel.function("sys_sendmsg").return ?
+{
name = "sendmsg"
retstr = returnstr(1)
}
@@ -1592,14 +1682,16 @@ probe syscall.sendmsg.return = kernel.function("SyS_sendmsg").return !,
#
# long compat_sys_sendmsg(int fd, struct compat_msghdr __user *msg, unsigned flags)
#
-probe syscall.compat_sys_sendmsg = kernel.function("compat_sys_sendmsg") ? {
+probe syscall.compat_sys_sendmsg = kernel.function("compat_sys_sendmsg") ?
+{
name = "compat_sys_sendmsg"
s = $fd
msg_uaddr = $msg
flags = $flags
argstr = sprintf("%d, %p, %s", $fd, $msg, _sendflags_str($flags))
}
-probe syscall.compat_sys_sendmsg.return = kernel.function("compat_sys_sendmsg").return ? {
+probe syscall.compat_sys_sendmsg.return = kernel.function("compat_sys_sendmsg").return ?
+{
name = "compat_sys_sendmsg"
retstr = returnstr(1)
}
@@ -1614,7 +1706,8 @@ probe syscall.compat_sys_sendmsg.return = kernel.function("compat_sys_sendmsg").
# int addr_len)
#
probe syscall.sendto = kernel.function("SyS_sendto") !,
- kernel.function("sys_sendto") ? {
+ kernel.function("sys_sendto") ?
+{
name = "sendto"
s = $fd
buf_uaddr = $buff
@@ -1624,10 +1717,11 @@ probe syscall.sendto = kernel.function("SyS_sendto") !,
to_uaddr = $addr
tolen = $addr_len
argstr = sprintf("%d, %p, %d, %s, %s, %d", $fd, $buff,
- $len, flags_str, _struct_sockaddr_u($addr,$addr_len), $addr_len)
+ $len, flags_str, _struct_sockaddr_u($addr, $addr_len), $addr_len)
}
probe syscall.sendto.return = kernel.function("SyS_sendto").return !,
- kernel.function("sys_sendto").return ? {
+ kernel.function("sys_sendto").return ?
+{
name = "sendto"
retstr = returnstr(1)
}
@@ -1639,15 +1733,16 @@ probe syscall.sendto.return = kernel.function("SyS_sendto").return !,
# int len)
#
probe syscall.setdomainname = kernel.function("SyS_setdomainname") !,
- kernel.function("sys_setdomainname") {
+ kernel.function("sys_setdomainname")
+{
name = "setdomainname"
hostname_uaddr = $name
len = $len
argstr = sprintf("%p, %d", $name, $len)
}
-probe syscall.setdomainname.return =
- kernel.function("SyS_setdomainname").return !,
- kernel.function("sys_setdomainname").return {
+probe syscall.setdomainname.return = kernel.function("SyS_setdomainname").return !,
+ kernel.function("sys_setdomainname").return
+{
name = "setdomainname"
retstr = returnstr(1)
}
@@ -1656,8 +1751,7 @@ probe syscall.setdomainname.return =
# long sys_setfsgid(gid_t gid)
# long sys_setfsgid16(old_gid_t gid)
#
-probe syscall.setfsgid =
- kernel.function("sys_setfsgid16") ?,
+probe syscall.setfsgid = kernel.function("sys_setfsgid16") ?,
kernel.function("SyS_setfsgid") !,
kernel.function("sys_setfsgid") ?
{
@@ -1665,8 +1759,7 @@ probe syscall.setfsgid =
fsgid = $gid
argstr = sprint($gid)
}
-probe syscall.setfsgid.return =
- kernel.function("sys_setfsgid16").return ?,
+probe syscall.setfsgid.return = kernel.function("sys_setfsgid16").return ?,
kernel.function("SyS_setfsgid").return !,
kernel.function("sys_setfsgid").return ?
{
@@ -1678,8 +1771,7 @@ probe syscall.setfsgid.return =
# long sys_setfsuid(uid_t uid)
# long sys_setfsuid16(old_uid_t uid)
#
-probe syscall.setfsuid =
- kernel.function("sys_setfsuid16") ?,
+probe syscall.setfsuid = kernel.function("sys_setfsuid16") ?,
kernel.function("SyS_setfsuid") !,
kernel.function("sys_setfsuid") ?
{
@@ -1687,8 +1779,7 @@ probe syscall.setfsuid =
fsuid = $uid
argstr = sprint($uid)
}
-probe syscall.setfsuid.return =
- kernel.function("sys_setfsuid16").return ?,
+probe syscall.setfsuid.return = kernel.function("sys_setfsuid16").return ?,
kernel.function("SyS_setfsuid").return !,
kernel.function("sys_setfsuid").return ?
{
@@ -1701,8 +1792,7 @@ probe syscall.setfsuid.return =
# long sys_setgid(gid_t gid)
# long sys_setgid16(old_gid_t gid)
#
-probe syscall.setgid =
- kernel.function("sys_setgid16") ?,
+probe syscall.setgid = kernel.function("sys_setgid16") ?,
kernel.function("SyS_setgid") !,
kernel.function("sys_setgid") ?
{
@@ -1710,8 +1800,7 @@ probe syscall.setgid =
gid = $gid
argstr = sprint($gid)
}
-probe syscall.setgid.return =
- kernel.function("sys_setgid16").return ?,
+probe syscall.setgid.return = kernel.function("sys_setgid16").return ?,
kernel.function("SyS_setgid").return !,
kernel.function("sys_setgid").return ?
{
@@ -1725,8 +1814,7 @@ probe syscall.setgid.return =
# long sys_setgroups16(int gidsetsize, old_gid_t __user *grouplist)
# long sys32_setgroups16(int gidsetsize, u16 __user *grouplist)
#
-probe syscall.setgroups =
- kernel.function("sys_setgroups16") ?,
+probe syscall.setgroups = kernel.function("sys_setgroups16") ?,
kernel.function("sys32_setgroups16") ?,
kernel.function("SyS_setgroups") !,
kernel.function("sys_setgroups") ?
@@ -1736,8 +1824,7 @@ probe syscall.setgroups =
list_uaddr = $grouplist
argstr = sprintf("%d, %p", $gidsetsize, $grouplist)
}
-probe syscall.setgroups.return =
- kernel.function("sys_setgroups16").return ?,
+probe syscall.setgroups.return = kernel.function("sys_setgroups16").return ?,
kernel.function("sys32_setgroups16").return ?,
kernel.function("SyS_setgroups").return !,
kernel.function("sys_setgroups").return ?
@@ -1753,7 +1840,8 @@ probe syscall.setgroups.return =
# int len)
#
probe syscall.sethostname = kernel.function("SyS_sethostname") !,
- kernel.function("sys_sethostname") {
+ kernel.function("sys_sethostname")
+{
name = "sethostname"
hostname_uaddr = $name
name_str = user_string($name)
@@ -1761,7 +1849,8 @@ probe syscall.sethostname = kernel.function("SyS_sethostname") !,
argstr = sprintf("%s, %d", user_string_quoted($name), $len)
}
probe syscall.sethostname.return = kernel.function("SyS_sethostname").return !,
- kernel.function("sys_sethostname").return {
+ kernel.function("sys_sethostname").return
+{
name = "sethostname"
retstr = returnstr(1)
}
@@ -1772,16 +1861,18 @@ probe syscall.sethostname.return = kernel.function("SyS_sethostname").return !,
# struct itimerval __user *ovalue)
#
probe syscall.setitimer = kernel.function("SyS_setitimer") !,
- kernel.function("sys_setitimer") {
+ kernel.function("sys_setitimer")
+{
name = "setitimer"
which = $which
value_uaddr = $value
ovalue_uaddr = $ovalue
- argstr = sprintf("%s, %s, %p", _itimer_which_str($which),
+ argstr = sprintf("%s, %s, %p", _itimer_which_str($which),
_struct_itimerval_u($value), $ovalue)
}
probe syscall.setitimer.return = kernel.function("SyS_setitimer").return !,
- kernel.function("sys_setitimer").return {
+ kernel.function("sys_setitimer").return
+{
name = "setitimer"
retstr = returnstr(1)
}
@@ -1790,15 +1881,17 @@ probe syscall.setitimer.return = kernel.function("SyS_setitimer").return !,
# struct compat_itimerval __user *in,
# struct compat_itimerval __user *out)
#
-probe syscall.compat_setitimer = kernel.function("compat_sys_setitimer") ? {
+probe syscall.compat_setitimer = kernel.function("compat_sys_setitimer") ?
+{
name = "setitimer"
which = $which
value_uaddr = $in
ovalue_uaddr = $out
- argstr = sprintf("%s, %s, %p", _itimer_which_str($which),
+ argstr = sprintf("%s, %s, %p", _itimer_which_str($which),
_struct_compat_itimerval_u($in), $out)
}
-probe syscall.compat_setitimer.return = kernel.function("compat_sys_setitimer").return ? {
+probe syscall.compat_setitimer.return = kernel.function("compat_sys_setitimer").return ?
+{
name = "setitimer"
retstr = returnstr(1)
}
@@ -1808,8 +1901,7 @@ probe syscall.compat_setitimer.return = kernel.function("compat_sys_setitimer").
# unsigned long __user *nmask,
# unsigned long maxnode)
#
-probe syscall.set_mempolicy =
- kernel.function("compat_sys_set_mempolicy") ?,
+probe syscall.set_mempolicy = kernel.function("compat_sys_set_mempolicy") ?,
kernel.function("SyS_set_mempolicy") !,
kernel.function("sys_set_mempolicy") ?
{
@@ -1819,8 +1911,7 @@ probe syscall.set_mempolicy =
maxnode = $maxnode
argstr = sprintf("%d, %p, %d", $mode, $nmask, $maxnode)
}
-probe syscall.set_mempolicy.return =
- kernel.function("compat_sys_set_mempolicy").return ?,
+probe syscall.set_mempolicy.return = kernel.function("compat_sys_set_mempolicy").return ?,
kernel.function("SyS_set_mempolicy").return !,
kernel.function("sys_set_mempolicy").return ?
{
@@ -1835,14 +1926,16 @@ probe syscall.set_mempolicy.return =
# pid_t pgid)
#
probe syscall.setpgid = kernel.function("SyS_setpgid") !,
- kernel.function("sys_setpgid") {
+ kernel.function("sys_setpgid")
+{
name = "setpgid"
pid = $pid
pgid = $pgid
argstr = sprintf("%d, %d", $pid, $pgid)
}
probe syscall.setpgid.return = kernel.function("SyS_setpgid").return !,
- kernel.function("sys_setpgid").return {
+ kernel.function("sys_setpgid").return
+{
name = "setpgid"
retstr = returnstr(1)
}
@@ -1854,7 +1947,8 @@ probe syscall.setpgid.return = kernel.function("SyS_setpgid").return !,
# int niceval)
#
probe syscall.setpriority = kernel.function("SyS_setpriority") !,
- kernel.function("sys_setpriority") {
+ kernel.function("sys_setpriority")
+{
name = "setpriority"
which = $which
which_str = _priority_which_str($which)
@@ -1863,7 +1957,8 @@ probe syscall.setpriority = kernel.function("SyS_setpriority") !,
argstr = sprintf("%s, %d, %d", which_str, $who, $niceval)
}
probe syscall.setpriority.return = kernel.function("SyS_setpriority").return !,
- kernel.function("sys_setpriority").return {
+ kernel.function("sys_setpriority").return
+{
name = "setpriority"
retstr = returnstr(1)
}
@@ -1872,27 +1967,31 @@ probe syscall.setpriority.return = kernel.function("SyS_setpriority").return !,
# long sys_setregid(gid_t rgid, gid_t egid)
#
probe syscall.setregid = kernel.function("SyS_setregid") !,
- kernel.function("sys_setregid") {
+ kernel.function("sys_setregid")
+{
name = "setregid"
rgid = __int32($rgid)
egid = __int32($egid)
argstr = sprintf("%d, %d", rgid, egid)
}
probe syscall.setregid.return = kernel.function("SyS_setregid").return !,
- kernel.function("sys_setregid").return {
+ kernel.function("sys_setregid").return
+{
name = "setregid"
retstr = returnstr(1)
}
# setregid16 _________________________________________________
# long sys_setregid16(old_gid_t rgid, old_gid_t egid)
#
-probe syscall.setregid16 = kernel.function("sys_setregid16") ? {
+probe syscall.setregid16 = kernel.function("sys_setregid16") ?
+{
name = "setregid"
rgid = __short($rgid)
egid = __short($egid)
- argstr = sprintf("%d, %d",rgid, egid)
+ argstr = sprintf("%d, %d", rgid, egid)
}
-probe syscall.setregid16.return = kernel.function("sys_setregid16").return ? {
+probe syscall.setregid16.return = kernel.function("sys_setregid16").return ?
+{
name = "setregid"
retstr = returnstr(1)
}
@@ -1900,7 +1999,8 @@ probe syscall.setregid16.return = kernel.function("sys_setregid16").return ? {
# long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid)
#
probe syscall.setresgid = kernel.function("SyS_setresgid") !,
- kernel.function("sys_setresgid") {
+ kernel.function("sys_setresgid")
+{
name = "setresgid"
rgid = __int32($rgid)
egid = __int32($egid)
@@ -1908,7 +2008,8 @@ probe syscall.setresgid = kernel.function("SyS_setresgid") !,
argstr = sprintf("%d, %d, %d", rgid, egid, sgid)
}
probe syscall.setresgid.return = kernel.function("SyS_setresgid").return !,
- kernel.function("sys_setresgid").return {
+ kernel.function("sys_setresgid").return
+{
name = "setresgid"
retstr = returnstr(1)
}
@@ -1918,14 +2019,16 @@ probe syscall.setresgid.return = kernel.function("SyS_setresgid").return !,
# old_gid_t egid,
# old_gid_t sgid)
#
-probe syscall.setresgid16 = kernel.function("sys_setresgid16") ? {
+probe syscall.setresgid16 = kernel.function("sys_setresgid16") ?
+{
name = "setresgid"
rgid = __short($rgid)
egid = __short($egid)
sgid = __short($sgid)
argstr = sprintf("%d, %d, %d", rgid, egid, sgid)
}
-probe syscall.setresgid16.return = kernel.function("sys_setresgid16").return ? {
+probe syscall.setresgid16.return = kernel.function("sys_setresgid16").return ?
+{
name = "setresgid16"
retstr = returnstr(1)
}
@@ -1935,7 +2038,8 @@ probe syscall.setresgid16.return = kernel.function("sys_setresgid16").return ? {
# long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid)
#
probe syscall.setresuid = kernel.function("SyS_setresuid") !,
- kernel.function("sys_setresuid") {
+ kernel.function("sys_setresuid")
+{
name = "setresuid"
ruid = __int32($ruid)
euid = __int32($euid)
@@ -1943,7 +2047,8 @@ probe syscall.setresuid = kernel.function("SyS_setresuid") !,
argstr = sprintf("%d, %d, %d", ruid, euid, suid)
}
probe syscall.setresuid.return = kernel.function("SyS_setresuid").return !,
- kernel.function("sys_setresuid").return {
+ kernel.function("sys_setresuid").return
+{
name = "setresuid"
retstr = returnstr(1)
}
@@ -1952,14 +2057,16 @@ probe syscall.setresuid.return = kernel.function("SyS_setresuid").return !,
#
# long sys_setresuid16(old_uid_t ruid, old_uid_t euid, old_uid_t suid)
#
-probe syscall.setresuid16 = kernel.function("sys_setresuid16") ? {
+probe syscall.setresuid16 = kernel.function("sys_setresuid16") ?
+{
name = "setresuid"
ruid = __short($ruid)
euid = __short($euid)
suid = __short($suid)
argstr = sprintf("%d, %d, %d", ruid, euid, suid)
}
-probe syscall.setresuid16.return = kernel.function("sys_setresuid16").return ? {
+probe syscall.setresuid16.return = kernel.function("sys_setresuid16").return ?
+{
name = "setresuid"
retstr = returnstr(1)
}
@@ -1968,27 +2075,31 @@ probe syscall.setresuid16.return = kernel.function("sys_setresuid16").return ? {
# long sys_setreuid(uid_t ruid, uid_t euid)
#
probe syscall.setreuid = kernel.function("SyS_setreuid") !,
- kernel.function("sys_setreuid") {
+ kernel.function("sys_setreuid")
+{
name = "setreuid"
ruid = __int32($ruid)
euid = __int32($euid)
argstr = sprintf("%d, %d", ruid, euid)
}
probe syscall.setreuid.return = kernel.function("SyS_setreuid").return !,
- kernel.function("sys_setreuid").return {
+ kernel.function("sys_setreuid").return
+{
name = "setreuid"
retstr = returnstr(1)
}
# setreuid16 _________________________________________________
# long sys_setreuid16(old_uid_t ruid, old_uid_t euid)
#
-probe syscall.setreuid16 = kernel.function("sys_setreuid16") ? {
+probe syscall.setreuid16 = kernel.function("sys_setreuid16") ?
+{
name = "setreuid"
ruid = __short($ruid)
euid = __short($euid)
argstr = sprintf("%d, %d", ruid, euid)
}
-probe syscall.setreuid16.return = kernel.function("sys_setreuid16").return ? {
+probe syscall.setreuid16.return = kernel.function("sys_setreuid16").return ?
+{
name = "setreuid"
retstr = returnstr(1)
}
@@ -1999,15 +2110,17 @@ probe syscall.setreuid16.return = kernel.function("sys_setreuid16").return ? {
# struct rlimit __user *rlim)
#
probe syscall.setrlimit = kernel.function("SyS_setrlimit") !,
- kernel.function("sys_setrlimit") {
+ kernel.function("sys_setrlimit")
+{
name = "setrlimit"
resource = $resource
rlim_uaddr = $rlim
argstr = sprintf("%s, %s", _rlimit_resource_str($resource),
- _struct_rlimit_u($rlim))
+ _struct_rlimit_u($rlim))
}
probe syscall.setrlimit.return = kernel.function("SyS_setrlimit").return !,
- kernel.function("sys_setrlimit").return {
+ kernel.function("sys_setrlimit").return
+{
name = "setrlimit"
retstr = returnstr(1)
}
@@ -2015,11 +2128,13 @@ probe syscall.setrlimit.return = kernel.function("SyS_setrlimit").return !,
#
# long sys_setsid(void)
#
-probe syscall.setsid = kernel.function("sys_setsid") {
+probe syscall.setsid = kernel.function("sys_setsid")
+{
name = "setsid"
argstr = ""
}
-probe syscall.setsid.return = kernel.function("sys_setsid").return {
+probe syscall.setsid.return = kernel.function("sys_setsid").return
+{
name = "setsid"
retstr = returnstr(1)
}
@@ -2032,8 +2147,7 @@ probe syscall.setsid.return = kernel.function("sys_setsid").return {
# char __user *optval,
# int optlen)
#
-probe syscall.setsockopt =
- kernel.function("compat_sys_setsockopt") ?,
+probe syscall.setsockopt = kernel.function("compat_sys_setsockopt") ?,
kernel.function("SyS_setsockopt") !,
kernel.function("sys_setsockopt") ?
{
@@ -2046,10 +2160,9 @@ probe syscall.setsockopt =
optval_uaddr = $optval
optlen = $optlen
argstr = sprintf("%d, %s, %s, %p, %d", $fd, level_str,
- optname_str, $optval, $optlen)
+ optname_str, $optval, $optlen)
}
-probe syscall.setsockopt.return =
- kernel.function("compat_sys_setsockopt").return ?,
+probe syscall.setsockopt.return = kernel.function("compat_sys_setsockopt").return ?,
kernel.function("SyS_setsockopt").return !,
kernel.function("sys_setsockopt").return ?
{
@@ -2063,14 +2176,15 @@ probe syscall.setsockopt.return =
# sys_set_tid_address(int __user *tidptr)
#
probe syscall.set_tid_address = kernel.function("SyS_set_tid_address") !,
- kernel.function("sys_set_tid_address") {
+ kernel.function("sys_set_tid_address")
+{
name = "set_tid_address"
tidptr_uaddr = $tidptr
argstr = sprintf("%p", tidptr_uaddr)
}
-probe syscall.set_tid_address.return =
- kernel.function("SyS_set_tid_address").return !,
- kernel.function("sys_set_tid_address").return {
+probe syscall.set_tid_address.return = kernel.function("SyS_set_tid_address").return !,
+ kernel.function("sys_set_tid_address").return
+{
name = "set_tid_address"
retstr = returnstr(1)
}
@@ -2080,14 +2194,16 @@ probe syscall.set_tid_address.return =
# struct timezone __user *tz)
#
probe syscall.settimeofday = kernel.function("SyS_settimeofday") !,
- kernel.function("sys_settimeofday") {
+ kernel.function("sys_settimeofday")
+{
name = "settimeofday"
tv_uaddr = $tv
tz_uaddr = $tz
argstr = sprintf("%s, %s", _struct_timeval_u($tv, 1), _struct_timezone_u($tz))
}
probe syscall.settimeofday.return = kernel.function("SyS_settimeofday").return !,
- kernel.function("sys_settimeofday").return {
+ kernel.function("sys_settimeofday").return
+{
name = "settimeofday"
retstr = returnstr(1)
}
@@ -2095,17 +2211,15 @@ probe syscall.settimeofday.return = kernel.function("SyS_settimeofday").return !
# long sys32_settimeofday(struct compat_timeval __user *tv, struct timezone __user *tz)
# long compat_sys_settimeofday(struct compat_timeval __user *tv, struct timezone __user *tz)
#
-probe syscall.settimeofday32 =
- kernel.function("sys32_settimeofday") ?,
+probe syscall.settimeofday32 = kernel.function("sys32_settimeofday") ?,
kernel.function("compat_sys_settimeofday") ?
{
name = "settimeofday"
tv_uaddr = $tv
tz_uaddr = $tz
- argstr = sprintf("%s, %s", _struct_compat_timeval_u($tv, 1),_struct_timezone_u($tz))
+ argstr = sprintf("%s, %s", _struct_compat_timeval_u($tv, 1), _struct_timezone_u($tz))
}
-probe syscall.settimeofday32.return =
- kernel.function("sys32_settimeofday").return ?,
+probe syscall.settimeofday32.return = kernel.function("sys32_settimeofday").return ?,
kernel.function("compat_sys_settimeofday").return ?
{
name = "settimeofday"
@@ -2117,8 +2231,7 @@ probe syscall.settimeofday32.return =
# long sys_setuid(uid_t uid)
# long sys_setuid16(old_uid_t uid)
#
-probe syscall.setuid =
- kernel.function("sys_setuid16") ?,
+probe syscall.setuid = kernel.function("sys_setuid16") ?,
kernel.function("SyS_setuid") !,
kernel.function("sys_setuid")
{
@@ -2126,8 +2239,7 @@ probe syscall.setuid =
uid = $uid
argstr = sprint($uid)
}
-probe syscall.setuid.return =
- kernel.function("sys_setuid16").return ?,
+probe syscall.setuid.return = kernel.function("sys_setuid16").return ?,
kernel.function("SyS_setuid").return !,
kernel.function("sys_setuid").return
{
@@ -2143,7 +2255,8 @@ probe syscall.setuid.return =
# int flags)
#
probe syscall.setxattr = kernel.function("SyS_setxattr") !,
- kernel.function("sys_setxattr") {
+ kernel.function("sys_setxattr")
+{
name = "setxattr"
%( kernel_v >= "2.6.27" %?
path_uaddr = $pathname
@@ -2157,17 +2270,18 @@ probe syscall.setxattr = kernel.function("SyS_setxattr") !,
value_uaddr = $value
size = $size
flags = $flags
- argstr = sprintf("%s, %s, %p, %d, %d",
+ argstr = sprintf("%s, %s, %p, %d, %d",
%( kernel_v >= "2.6.27" %?
- user_string_quoted($pathname),
+ user_string_quoted($pathname),
%:
- user_string_quoted($path),
+ user_string_quoted($path),
%)
user_string_quoted($name),
value_uaddr, $size, $flags)
}
probe syscall.setxattr.return = kernel.function("SyS_setxattr").return !,
- kernel.function("sys_setxattr").return {
+ kernel.function("sys_setxattr").return
+{
name = "setxattr"
retstr = returnstr(1)
}
@@ -2175,11 +2289,13 @@ probe syscall.setxattr.return = kernel.function("SyS_setxattr").return !,
#
# sys_sgetmask(void)
#
-probe syscall.sgetmask = kernel.function("sys_sgetmask")? {
+probe syscall.sgetmask = kernel.function("sys_sgetmask") ?
+{
name = "sgetmask"
argstr = ""
}
-probe syscall.sgetmask.return = kernel.function("sys_sgetmask").return ? {
+probe syscall.sgetmask.return = kernel.function("sys_sgetmask").return ?
+{
name = "sgetmask"
retstr = returnstr(1)
}
@@ -2189,15 +2305,17 @@ probe syscall.sgetmask.return = kernel.function("sys_sgetmask").return ? {
# long sys_shmat(int shmid, char __user *shmaddr, int shmflg)
#
probe syscall.shmat = kernel.function("SyS_shmat") !,
- kernel.function("sys_shmat") ? {
- name = "shmat"
+ kernel.function("sys_shmat") ?
+{
+ name = "shmat"
shmid = $shmid
shmaddr_uaddr = $shmaddr
shmflg = $shmflg
argstr = sprintf("%d, %p, %s", $shmid, $shmaddr, _shmat_flags_str($shmflg))
}
probe syscall.shmat.return = kernel.function("SyS_shmat").return !,
- kernel.function("sys_shmat").return ? {
+ kernel.function("sys_shmat").return ?
+{
name = "shmat"
retstr = returnstr(1)
}
@@ -2206,7 +2324,8 @@ probe syscall.shmat.return = kernel.function("SyS_shmat").return !,
# long compat_sys_shmat(int first, int second, compat_uptr_t third,
# int version, void __user *uptr)
#
-probe syscall.compat_sys_shmat = kernel.function("compat_sys_shmat") ? {
+probe syscall.compat_sys_shmat = kernel.function("compat_sys_shmat") ?
+{
name = "compat_sys_shmat"
first = $first
second = $second
@@ -2214,7 +2333,8 @@ probe syscall.compat_sys_shmat = kernel.function("compat_sys_shmat") ? {
uptr_uaddr = $uptr
argstr = sprintf("%d, %d, %d, %d, %p", $first, $second, $third, $version, $uptr)
}
-probe syscall.compat_sys_shmat.return = kernel.function("compat_sys_shmat").return ? {
+probe syscall.compat_sys_shmat.return = kernel.function("compat_sys_shmat").return ?
+{
name = "compat_sys_shmat"
retstr = returnstr(1)
}
@@ -2226,7 +2346,8 @@ probe syscall.compat_sys_shmat.return = kernel.function("compat_sys_shmat").retu
# struct shmid_ds __user *buf)
#
probe syscall.shmctl = kernel.function("SyS_shmctl") !,
- kernel.function("sys_shmctl") ? {
+ kernel.function("sys_shmctl") ?
+{
name = "shmctl"
shmid = $shmid
cmd = $cmd
@@ -2234,7 +2355,8 @@ probe syscall.shmctl = kernel.function("SyS_shmctl") !,
argstr = sprintf("%d, %s, %p", $shmid, _semctl_cmd($cmd), $buf)
}
probe syscall.shmctl.return = kernel.function("SyS_shmctl").return !,
- kernel.function("sys_shmctl").return ? {
+ kernel.function("sys_shmctl").return ?
+{
name = "shmctl"
retstr = returnstr(1)
}
@@ -2242,14 +2364,16 @@ probe syscall.shmctl.return = kernel.function("SyS_shmctl").return !,
#
# long compat_sys_shmctl(int first, int second, void __user *uptr)
#
-probe syscall.compat_sys_shmctl = kernel.function("compat_sys_shmctl") ? {
+probe syscall.compat_sys_shmctl = kernel.function("compat_sys_shmctl") ?
+{
name = "compat_sys_shmctl"
first = $first
second = $second
uptr_uaddr = $uptr
argstr = sprintf("%d, %d, %p", $first, $second, $uptr)
}
-probe syscall.compat_sys_shmctl.return = kernel.function("compat_sys_shmctl").return ? {
+probe syscall.compat_sys_shmctl.return = kernel.function("compat_sys_shmctl").return ?
+{
name = "compat_sys_shmctl"
retstr = returnstr(1)
}
@@ -2259,13 +2383,15 @@ probe syscall.compat_sys_shmctl.return = kernel.function("compat_sys_shmctl").re
# long sys_shmdt(char __user *shmaddr)
#
probe syscall.shmdt = kernel.function("SyS_shmdt") !,
- kernel.function("sys_shmdt") ? {
+ kernel.function("sys_shmdt") ?
+{
name = "shmdt"
shmaddr_uaddr = $shmaddr
argstr = sprintf("%p", $shmaddr)
}
probe syscall.shmdt.return = kernel.function("SyS_shmdt").return !,
- kernel.function("sys_shmdt").return ? {
+ kernel.function("sys_shmdt").return ?
+{
name = "shmdt"
retstr = returnstr(1)
}
@@ -2277,7 +2403,8 @@ probe syscall.shmdt.return = kernel.function("SyS_shmdt").return !,
# int shmflg)
#
probe syscall.shmget = kernel.function("SyS_shmget") !,
- kernel.function("sys_shmget") ? {
+ kernel.function("sys_shmget") ?
+{
name = "shmget"
key = $key
size = $size
@@ -2285,7 +2412,8 @@ probe syscall.shmget = kernel.function("SyS_shmget") !,
argstr = sprintf("%d, %d, %d", $key, $size, $shmflg)
}
probe syscall.shmget.return = kernel.function("SyS_shmget").return !,
- kernel.function("sys_shmget").return ? {
+ kernel.function("sys_shmget").return ?
+{
name = "shmget"
retstr = returnstr(1)
}
@@ -2295,7 +2423,8 @@ probe syscall.shmget.return = kernel.function("SyS_shmget").return !,
# long sys_shutdown(int fd, int how)
#
probe syscall.shutdown = kernel.function("SyS_shutdown") !,
- kernel.function("sys_shutdown") ? {
+ kernel.function("sys_shutdown") ?
+{
name = "shutdown"
s = $fd
how = $how
@@ -2303,7 +2432,8 @@ probe syscall.shutdown = kernel.function("SyS_shutdown") !,
argstr = sprintf("%d, %s", $fd, how_str)
}
probe syscall.shutdown.return = kernel.function("SyS_shutdown").return !,
- kernel.function("sys_shutdown").return ? {
+ kernel.function("sys_shutdown").return ?
+{
name = "shutdown"
retstr = returnstr(1)
}
@@ -2312,25 +2442,29 @@ probe syscall.shutdown.return = kernel.function("SyS_shutdown").return !,
# sys_sigaction(int sig, const struct old_sigaction __user *act, struct old_sigaction __user *oact)
# sys32_sigaction(int sig, struct old_sigaction32 __user *act, struct old_sigaction32 __user *oact)
#
-probe syscall.sigaction = kernel.function("sys_sigaction") ? {
+probe syscall.sigaction = kernel.function("sys_sigaction") ?
+{
name = "sigaction"
sig = $sig
act_uaddr = $act
oact_uaddr = $oact
argstr = sprintf("%s, {%s}, %p", _signal_name($sig), _struct_sigaction_u($act), $oact)
}
-probe syscall.sigaction.return = kernel.function("sys_sigaction").return ? {
+probe syscall.sigaction.return = kernel.function("sys_sigaction").return ?
+{
name = "sigaction"
retstr = returnstr(1)
}
-probe syscall.sigaction32 = kernel.function("sys32_sigaction") ? {
+probe syscall.sigaction32 = kernel.function("sys32_sigaction") ?
+{
name = "sigaction"
sig = $sig
act_uaddr = $act
oact_uaddr = $oact
argstr = sprintf("%s, %p, %p", _signal_name($sig), $act, $oact)
}
-probe syscall.sigaction32.return = kernel.function("sys32_sigaction").return ? {
+probe syscall.sigaction32.return = kernel.function("sys32_sigaction").return ?
+{
name = "sigaction"
retstr = returnstr(1)
}
@@ -2339,14 +2473,16 @@ probe syscall.sigaction32.return = kernel.function("sys32_sigaction").return ? {
# unsigned long sys_signal(int sig, __sighandler_t handler)
#
probe syscall.signal = kernel.function("SyS_signal") !,
- kernel.function("sys_signal") ? {
+ kernel.function("sys_signal") ?
+{
name = "signal"
sig = $sig
handler = $handler
argstr = sprintf("%s, %s", _signal_name($sig), _sighandler_str($handler))
}
probe syscall.signal.return = kernel.function("SyS_signal").return !,
- kernel.function("sys_signal").return ? {
+ kernel.function("sys_signal").return ?
+{
name = "signal"
retstr = returnstr(1)
}
@@ -2358,20 +2494,24 @@ probe syscall.signal.return = kernel.function("SyS_signal").return !,
# compat_size_t sigsetsize)
#
probe syscall.signalfd = kernel.function("SyS_signalfd") !,
- kernel.function("sys_signalfd") ? {
+ kernel.function("sys_signalfd") ?
+{
name = "signalfd"
argstr = sprintf("%d, %p, %d", $ufd, $user_mask, $sizemask)
}
probe syscall.signalfd.return = kernel.function("SyS_signalfd").return !,
- kernel.function("sys_signalfd").return ? {
+ kernel.function("sys_signalfd").return ?
+{
name = "signalfd"
retstr = returnstr(1)
}
-probe syscall.compat_signalfd = kernel.function("compat_sys_signalfd") ? {
+probe syscall.compat_signalfd = kernel.function("compat_sys_signalfd") ?
+{
name = "compat_signalfd"
argstr = sprintf("%d, %p, %d", $ufd, $sigmask, $sigsetsize)
}
-probe syscall.compat_signalfd.return = kernel.function("compat_sys_signalfd").return ? {
+probe syscall.compat_signalfd.return = kernel.function("compat_sys_signalfd").return ?
+{
name = "compat_signalfd"
retstr = returnstr(1)
}
@@ -2380,12 +2520,14 @@ probe syscall.compat_signalfd.return = kernel.function("compat_sys_signalfd").re
# long sys_sigpending(old_sigset_t __user *set)
#
probe syscall.sigpending = kernel.function("SyS_sigpending") !,
- kernel.function("sys_sigpending") ? {
+ kernel.function("sys_sigpending") ?
+{
name = "sigpending"
argstr = sprintf("%p", $set)
}
probe syscall.sigpending.return = kernel.function("SyS_sigpending").return !,
- kernel.function("sys_sigpending").return ? {
+ kernel.function("sys_sigpending").return ?
+{
name = "sigpending"
retstr = returnstr(1)
}
@@ -2413,15 +2555,13 @@ probe syscall.sigprocmask.return = kernel.function("SyS_sigprocmask").return !,
# sigreturn __________________________________________________
# int sys_sigreturn(unsigned long __unused)
#
-probe syscall.sigreturn =
- kernel.function("sys_sigreturn") ?,
+probe syscall.sigreturn = kernel.function("sys_sigreturn") ?,
kernel.function("sys32_sigreturn") ?
{
name = "sigreturn"
argstr = ""
}
-probe syscall.sigreturn.return =
- kernel.function("sys_sigreturn").return ?,
+probe syscall.sigreturn.return = kernel.function("sys_sigreturn").return ?,
kernel.function("sys32_sigreturn").return ?
{
name = "sigreturn"
@@ -2429,16 +2569,14 @@ probe syscall.sigreturn.return =
}
# sigsuspend _________________________________________________
-#
-probe syscall.sigsuspend =
- kernel.function("sys_sigsuspend") ?,
- kernel.function("sys32_sigsuspend") ?
+#
+probe syscall.sigsuspend = kernel.function("sys_sigsuspend") ?,
+ kernel.function("sys32_sigsuspend") ?
{
name = "sigsuspend"
argstr = ""
}
-probe syscall.sigsuspend.return =
- kernel.function("sys_sigsuspend").return ?,
+probe syscall.sigsuspend.return = kernel.function("sys_sigsuspend").return ?,
kernel.function("sys32_sigsuspend").return ?
{
name = "sigsuspend"
@@ -2449,17 +2587,19 @@ probe syscall.sigsuspend.return =
# long sys_socket(int family, int type, int protocol)
#
probe syscall.socket = kernel.function("SyS_socket") !,
- kernel.function("sys_socket") ? {
+ kernel.function("sys_socket") ?
+{
name = "socket"
family = $family
type = $type
protocol = $protocol
argstr = sprintf("%s, %s, %d", _sock_family_str($family),
- _sock_type_str($type),
- $protocol)
+ _sock_type_str($type),
+ $protocol)
}
probe syscall.socket.return = kernel.function("SyS_socket").return !,
- kernel.function("sys_socket").return ? {
+ kernel.function("sys_socket").return ?
+{
name = "socket"
retstr = returnstr(1)
}
@@ -2469,13 +2609,15 @@ probe syscall.socket.return = kernel.function("SyS_socket").return !,
#
# long sys_socketcall(int call, unsigned long __user *args)
#
-#probe syscall.socketcall = kernel.function("sys_socketcall") ? {
+#probe syscall.socketcall = kernel.function("sys_socketcall") ?
+#{
# name = "socketcall"
# call = $call
# args_uaddr = $args
# argstr = sprintf("%d, %p", $call, args_uaddr)
#}
-#probe syscall.socketcall.return = kernel.function("sys_socketcall").return ? {
+#probe syscall.socketcall.return = kernel.function("sys_socketcall").return ?
+#{
# name = "socketcall"
# retstr = returnstr(1)
#}
@@ -2487,19 +2629,21 @@ probe syscall.socket.return = kernel.function("SyS_socket").return !,
# int __user *usockvec)
#
probe syscall.socketpair = kernel.function("SyS_socketpair") !,
- kernel.function("sys_socketpair") ? {
+ kernel.function("sys_socketpair") ?
+{
name = "socketpair"
family = $family
type = $type
protocol = $protocol
sv_uaddr = $usockvec
- argstr = sprintf("%s, %s, %d, %p",
- _sock_family_str($family),
- _sock_type_str($type),
- $protocol, sv_uaddr)
+ argstr = sprintf("%s, %s, %d, %p",
+ _sock_family_str($family),
+ _sock_type_str($type),
+ $protocol, sv_uaddr)
}
probe syscall.socketpair.return = kernel.function("SyS_socketpair").return !,
- kernel.function("sys_socketpair").return ? {
+ kernel.function("sys_socketpair").return ?
+{
name = "socketpair"
retstr = returnstr(1)
}
@@ -2511,13 +2655,15 @@ probe syscall.socketpair.return = kernel.function("SyS_socketpair").return !,
# size_t len, unsigned int flags)
#
probe syscall.splice = kernel.function("SyS_splice") !,
- kernel.function("sys_splice") ? {
+ kernel.function("sys_splice") ?
+{
name = "splice"
argstr = sprintf("%d, %p, %d, %p, %d, 0x%x",
$fd_in, $off_in, $fd_out, $off_out, $len, $flags)
}
probe syscall.splice.return = kernel.function("SyS_splice").return !,
- kernel.function("sys_splice").return ? {
+ kernel.function("sys_splice").return ?
+{
name = "splice"
retstr = returnstr(1)
}
@@ -2527,13 +2673,15 @@ probe syscall.splice.return = kernel.function("SyS_splice").return !,
# long sys_ssetmask(int newmask)
#
probe syscall.ssetmask = kernel.function("SyS_ssetmask") !,
- kernel.function("sys_ssetmask") ? {
+ kernel.function("sys_ssetmask") ?
+{
name = "ssetmask"
newmask = $newmask
argstr = sprint($newmask)
}
probe syscall.ssetmask.return = kernel.function("SyS_ssetmask").return !,
- kernel.function("sys_ssetmask").return ? {
+ kernel.function("sys_ssetmask").return ?
+{
name = "ssetmask"
retstr = returnstr(1)
}
@@ -2544,8 +2692,7 @@ probe syscall.ssetmask.return = kernel.function("SyS_ssetmask").return !,
# long sys_stat64(char __user * filename, struct stat64 __user * statbuf)
# long sys_oabi_stat64(char __user * filename, struct oldabi_stat64 __user * statbuf)
# long compat_sys_newstat(char __user * filename, struct compat_stat __user *statbuf)
-probe syscall.stat =
- kernel.function("sys_stat") ?,
+probe syscall.stat = kernel.function("sys_stat") ?,
kernel.function("SyS_newstat") ?,
kernel.function("sys_newstat") ?,
kernel.function("sys32_stat64") ?,
@@ -2560,15 +2707,14 @@ probe syscall.stat =
buf_uaddr = $statbuf
argstr = sprintf("%s, %p", user_string_quoted($filename), buf_uaddr)
}
-probe syscall.stat.return =
- kernel.function("sys_stat").return ?,
+probe syscall.stat.return = kernel.function("sys_stat").return ?,
kernel.function("SyS_newstat").return ?,
kernel.function("sys_newstat").return ?,
kernel.function("sys32_stat64").return ?,
kernel.function("SyS_stat64").return ?,
kernel.function("sys_stat64").return ?,
kernel.function("sys_oabi_stat64").return ?,
- kernel.function("compat_sys_newstat").return ?
+ kernel.function("compat_sys_newstat").return ?
{
name = "stat"
retstr = returnstr(1)
@@ -2578,8 +2724,7 @@ probe syscall.stat.return =
# long sys_statfs(const char __user * path, struct statfs __user * buf)
# long compat_sys_statfs(const char __user *path, struct compat_statfs __user *buf)
#
-probe syscall.statfs =
- kernel.function("compat_sys_statfs") ?,
+probe syscall.statfs = kernel.function("compat_sys_statfs") ?,
kernel.function("SyS_statfs") !,
kernel.function("sys_statfs") ?
{
@@ -2594,8 +2739,7 @@ probe syscall.statfs =
%)
}
-probe syscall.statfs.return =
- kernel.function("compat_sys_statfs").return ?,
+probe syscall.statfs.return = kernel.function("compat_sys_statfs").return ?,
kernel.function("SyS_statfs").return !,
kernel.function("sys_statfs").return ?
{
@@ -2608,8 +2752,7 @@ probe syscall.statfs.return =
# long sys_statfs64(const char __user *path, size_t sz, struct statfs64 __user *buf)
# long compat_sys_statfs64(const char __user *path, compat_size_t sz, struct compat_statfs64 __user *buf)
#
-probe syscall.statfs64 =
- kernel.function("compat_sys_statfs64") ?,
+probe syscall.statfs64 = kernel.function("compat_sys_statfs64") ?,
kernel.function("SyS_statfs64") !,
kernel.function("sys_statfs64") ?
{
@@ -2618,15 +2761,14 @@ probe syscall.statfs64 =
buf_uaddr = $buf
%( kernel_v >= "2.6.27" %?
path = user_string($pathname)
- argstr = sprintf("%s, %d, %p", user_string_quoted($pathname), $sz, $buf)
+ argstr = sprintf("%s, %d, %p", user_string_quoted($pathname), $sz, $buf)
%:
path = user_string($path)
- argstr = sprintf("%s, %d, %p", user_string_quoted($path), $sz, $buf)
+ argstr = sprintf("%s, %d, %p", user_string_quoted($path), $sz, $buf)
%)
}
-probe syscall.statfs64.return =
- kernel.function("compat_sys_statfs64").return ?,
+probe syscall.statfs64.return = kernel.function("compat_sys_statfs64").return ?,
kernel.function("SyS_statfs64").return !,
kernel.function("sys_statfs64").return ?
{
@@ -2639,18 +2781,16 @@ probe syscall.statfs64.return =
# long sys_stime(time_t __user *tptr)
# long compat_sys_stime(compat_time_t __user *tptr)
#
-probe syscall.stime =
- kernel.function("compat_sys_stime") ?,
+probe syscall.stime = kernel.function("compat_sys_stime") ?,
kernel.function("SyS_stime") !,
kernel.function("sys_stime") ?
{
name = "stime"
t_uaddr = $tptr
- /* FIXME. Decode time */
+ /* FIXME. Decode time */
argstr = sprintf("%p", $tptr)
}
-probe syscall.stime.return =
- kernel.function("compat_sys_stime").return ?,
+probe syscall.stime.return = kernel.function("compat_sys_stime").return ?,
kernel.function("SyS_stime").return !,
kernel.function("sys_stime").return ?
{
@@ -2664,13 +2804,15 @@ probe syscall.stime.return =
# sys_swapoff(const char __user * specialfile)
#
probe syscall.swapoff = kernel.function("SyS_swapoff") !,
- kernel.function("sys_swapoff") ? {
+ kernel.function("sys_swapoff") ?
+{
name = "swapoff"
path = user_string($specialfile)
argstr = user_string_quoted($specialfile)
}
probe syscall.swapoff.return = kernel.function("SyS_swapoff").return !,
- kernel.function("sys_swapoff").return ? {
+ kernel.function("sys_swapoff").return ?
+{
name = "swapoff"
retstr = returnstr(1)
}
@@ -2681,14 +2823,16 @@ probe syscall.swapoff.return = kernel.function("SyS_swapoff").return !,
# int swap_flags)
#
probe syscall.swapon = kernel.function("SyS_swapon") !,
- kernel.function("sys_swapon") ? {
+ kernel.function("sys_swapon") ?
+{
name = "swapon"
path = user_string($specialfile)
swapflags = $swap_flags
argstr = sprintf("%s, %d", user_string_quoted($specialfile), swapflags)
}
probe syscall.swapon.return = kernel.function("SyS_swapon").return !,
- kernel.function("sys_swapon").return ? {
+ kernel.function("sys_swapon").return ?
+{
name = "swapon"
retstr = returnstr(1)
}
@@ -2697,15 +2841,17 @@ probe syscall.swapon.return = kernel.function("SyS_swapon").return !,
# long sys_symlink(const char __user * oldname,
# const char __user * newname)
probe syscall.symlink = kernel.function("SyS_symlink") !,
- kernel.function("sys_symlink") {
+ kernel.function("sys_symlink")
+{
name = "symlink"
oldpath = user_string($oldname)
newpath = user_string($newname)
argstr = sprintf("%s, %s", user_string_quoted($oldname),
- user_string_quoted($newname))
+ user_string_quoted($newname))
}
probe syscall.symlink.return = kernel.function("SyS_symlink").return !,
- kernel.function("sys_symlink").return {
+ kernel.function("sys_symlink").return
+{
name = "symlink"
retstr = returnstr(1)
}
@@ -2715,7 +2861,8 @@ probe syscall.symlink.return = kernel.function("SyS_symlink").return !,
# long sys_symlinkat(const char __user *oldname, int newdfd,
# const char __user *newname)
probe syscall.symlinkat = kernel.function("SyS_symlinkat") !,
- kernel.function("sys_symlinkat") ? {
+ kernel.function("sys_symlinkat") ?
+{
name = "symlinkat"
oldname = $oldname
oldname_str = user_string($oldname)
@@ -2727,7 +2874,8 @@ probe syscall.symlinkat = kernel.function("SyS_symlinkat") !,
newdfd_str, user_string_quoted($newname))
}
probe syscall.symlinkat.return = kernel.function("SyS_symlinkat").return !,
- kernel.function("sys_symlinkat").return ? {
+ kernel.function("sys_symlinkat").return ?
+{
name = "symlinkat"
retstr = returnstr(1)
}
@@ -2736,11 +2884,13 @@ probe syscall.symlinkat.return = kernel.function("SyS_symlinkat").return !,
#
# sys_sync(void)
#
-probe syscall.sync = kernel.function("sys_sync") {
+probe syscall.sync = kernel.function("sys_sync")
+{
name = "sync"
argstr = ""
}
-probe syscall.sync.return = kernel.function("sys_sync").return {
+probe syscall.sync.return = kernel.function("sys_sync").return
+{
name = "sync"
retstr = returnstr(1)
}
@@ -2749,16 +2899,14 @@ probe syscall.sync.return = kernel.function("sys_sync").return {
#
# long sys_sysctl(struct __sysctl_args __user *args)
#
-probe syscall.sysctl =
- kernel.function("compat_sys_sysctl") ?,
+probe syscall.sysctl = kernel.function("compat_sys_sysctl") ?,
kernel.function("SyS_sysctl") !,
kernel.function("sys_sysctl") ?
{
name = "sysctl"
argstr = sprintf("%p", $args)
}
-probe syscall.sysctl.return =
- kernel.function("compat_sys_sysctl").return ?,
+probe syscall.sysctl.return = kernel.function("compat_sys_sysctl").return ?,
kernel.function("SyS_sysctl").return !,
kernel.function("sys_sysctl").return ?
{
@@ -2774,7 +2922,8 @@ probe syscall.sysctl.return =
# unsigned long arg2)
#
probe syscall.sysfs = kernel.function("SyS_sysfs") !,
- kernel.function("sys_sysfs") {
+ kernel.function("sys_sysfs")
+{
name = "sysfs"
option = $option
arg1 = $arg1
@@ -2789,7 +2938,8 @@ probe syscall.sysfs = kernel.function("SyS_sysfs") !,
argstr = sprintf("%d, %d, %d", $option, $arg1, $arg2)
}
probe syscall.sysfs.return = kernel.function("SyS_sysfs").return !,
- kernel.function("sys_sysfs").return {
+ kernel.function("sys_sysfs").return
+{
name = "sysfs"
retstr = returnstr(1)
}
@@ -2797,8 +2947,7 @@ probe syscall.sysfs.return = kernel.function("SyS_sysfs").return !,
#
# long sys_sysinfo(struct sysinfo __user *info)
# long compat_sys_sysinfo(struct compat_sysinfo __user *info)
-probe syscall.sysinfo =
- kernel.function("compat_sys_sysinfo") ?,
+probe syscall.sysinfo = kernel.function("compat_sys_sysinfo") ?,
kernel.function("SyS_sysinfo") !,
kernel.function("sys_sysinfo")
{
@@ -2806,8 +2955,7 @@ probe syscall.sysinfo =
info_uaddr = $info
argstr = sprintf("%p", $info)
}
-probe syscall.sysinfo.return =
- kernel.function("compat_sys_sysinfo").return ?,
+probe syscall.sysinfo.return = kernel.function("compat_sys_sysinfo").return ?,
kernel.function("SyS_sysinfo").return !,
kernel.function("sys_sysinfo").return
{
@@ -2820,7 +2968,8 @@ probe syscall.sysinfo.return =
# long sys_syslog(int type, char __user * buf, int len)
#
probe syscall.syslog = kernel.function("SyS_syslog") !,
- kernel.function("sys_syslog") {
+ kernel.function("sys_syslog")
+{
name = "syslog"
type = $type
bufp_uaddr = $buf
@@ -2828,7 +2977,8 @@ probe syscall.syslog = kernel.function("SyS_syslog") !,
argstr = sprintf("%d, %p, %d", $type, $buf, $len)
}
probe syscall.syslog.return = kernel.function("SyS_syslog").return !,
- kernel.function("sys_syslog").return {
+ kernel.function("sys_syslog").return
+{
name = "syslog"
retstr = returnstr(1)
}
@@ -2838,12 +2988,14 @@ probe syscall.syslog.return = kernel.function("SyS_syslog").return !,
# long sys_tee(int fdin, int fdout, size_t len, unsigned int flags)
#
probe syscall.tee = kernel.function("SyS_tee") !,
- kernel.function("sys_tee") ? {
+ kernel.function("sys_tee") ?
+{
name = "tee"
- argstr = sprintf("%d, %d, %d, 0x%x", $fdin, $fdout, $len, $flags)
+ argstr = sprintf("%d, %d, %d, 0x%x", $fdin, $fdout, $len, $flags)
}
probe syscall.tee.return = kernel.function("SyS_tee").return !,
- kernel.function("sys_tee").return ? {
+ kernel.function("sys_tee").return ?
+{
name = "tee"
retstr = returnstr(1)
}
@@ -2856,7 +3008,8 @@ probe syscall.tee.return = kernel.function("SyS_tee").return !,
# int sig)
#
probe syscall.tgkill = kernel.function("SyS_tgkill") !,
- kernel.function("sys_tgkill") {
+ kernel.function("sys_tgkill")
+{
name = "tgkill"
tgid = $tgid
pid = $pid
@@ -2864,7 +3017,8 @@ probe syscall.tgkill = kernel.function("SyS_tgkill") !,
argstr = sprintf("%d, %d, %s", $tgid, $pid, _signal_name($sig))
}
probe syscall.tgkill.return = kernel.function("SyS_tgkill").return !,
- kernel.function("sys_tgkill").return {
+ kernel.function("sys_tgkill").return
+{
name = "tgkill"
retstr = returnstr(1)
}
@@ -2875,8 +3029,7 @@ probe syscall.tgkill.return = kernel.function("SyS_tgkill").return !,
# long sys32_time(compat_time_t __user * tloc)
# long compat_sys_time(compat_time_t __user * tloc)
#
-probe syscall.time =
- kernel.function("sys32_time") ?,
+probe syscall.time = kernel.function("sys32_time") ?,
kernel.function("sys_time64") ?,
kernel.function("compat_sys_time") ?,
kernel.function("SyS_time") !,
@@ -2886,8 +3039,7 @@ probe syscall.time =
t_uaddr = $tloc
argstr = sprintf("%p", $tloc)
}
-probe syscall.time.return =
- kernel.function("sys32_time").return ?,
+probe syscall.time.return = kernel.function("sys32_time").return ?,
kernel.function("sys_time64").return ?,
kernel.function("compat_sys_time").return ?,
kernel.function("SyS_time").return !,
@@ -2904,7 +3056,8 @@ probe syscall.time.return =
# timer_t __user * created_timer_id)
#
probe syscall.timer_create = kernel.function("SyS_timer_create") !,
- kernel.function("sys_timer_create") {
+ kernel.function("sys_timer_create")
+{
name = "timer_create"
clockid = $which_clock
clockid_str = _get_wc_str($which_clock)
@@ -2912,9 +3065,9 @@ probe syscall.timer_create = kernel.function("SyS_timer_create") !,
timerid_uaddr = $created_timer_id
argstr = sprintf("%s, %p, %p", clockid_str, $timer_event_spec, $created_timer_id)
}
-probe syscall.timer_create.return =
- kernel.function("SyS_timer_create").return !,
- kernel.function("sys_timer_create").return {
+probe syscall.timer_create.return = kernel.function("SyS_timer_create").return !,
+ kernel.function("sys_timer_create").return
+{
name = "timer_create"
retstr = returnstr(1)
}
@@ -2924,13 +3077,15 @@ probe syscall.timer_create.return =
# long sys_timer_delete(timer_t timer_id)
#
probe syscall.timer_delete = kernel.function("SyS_timer_delete") !,
- kernel.function("sys_timer_delete") {
+ kernel.function("sys_timer_delete")
+{
name = "timer_delete"
timerid = $timer_id
argstr = sprint($timer_id)
}
probe syscall.timer_delete.return = kernel.function("SyS_timer_delete").return !,
- kernel.function("sys_timer_delete").return {
+ kernel.function("sys_timer_delete").return
+{
name = "timer_delete"
retstr = returnstr(1)
}
@@ -2940,14 +3095,15 @@ probe syscall.timer_delete.return = kernel.function("SyS_timer_delete").return !
# long sys_timer_getoverrun(timer_t timer_id)
#
probe syscall.timer_getoverrun = kernel.function("SyS_timer_getoverrun") !,
- kernel.function("sys_timer_getoverrun") {
+ kernel.function("sys_timer_getoverrun")
+{
name = "timer_getoverrun"
timerid = $timer_id
argstr = sprint($timer_id)
}
-probe syscall.timer_getoverrun.return =
- kernel.function("SyS_timer_getoverrun").return !,
- kernel.function("sys_timer_getoverrun").return {
+probe syscall.timer_getoverrun.return = kernel.function("SyS_timer_getoverrun").return !,
+ kernel.function("sys_timer_getoverrun").return
+{
name = "timer_getoverrun"
retstr = returnstr(1)
}
@@ -2958,15 +3114,16 @@ probe syscall.timer_getoverrun.return =
# struct itimerspec __user *setting)
#
probe syscall.timer_gettime = kernel.function("SyS_timer_gettime") !,
- kernel.function("sys_timer_gettime") {
+ kernel.function("sys_timer_gettime")
+{
name = "timer_gettime"
timerid = $timer_id
value_uaddr = $setting
argstr = sprintf("%d, %p", $timer_id, $setting)
}
-probe syscall.timer_gettime.return =
- kernel.function("SyS_timer_gettime").return !,
- kernel.function("sys_timer_gettime").return {
+probe syscall.timer_gettime.return = kernel.function("SyS_timer_gettime").return !,
+ kernel.function("sys_timer_gettime").return
+{
name = "timer_gettime"
retstr = returnstr(1)
}
@@ -2979,19 +3136,20 @@ probe syscall.timer_gettime.return =
# struct itimerspec __user *old_setting)
#
probe syscall.timer_settime = kernel.function("SyS_timer_settime") !,
- kernel.function("sys_timer_settime") {
+ kernel.function("sys_timer_settime")
+{
name = "timer_settime"
timerid = $timer_id
flags = $flags
value_uaddr = $new_setting
ovalue_uaddr = $old_setting
argstr = sprintf("%d, %d, %s, %p", $timer_id, $flags,
- _struct_itimerspec_u($new_setting),
- $old_setting)
+ _struct_itimerspec_u($new_setting),
+ $old_setting)
}
-probe syscall.timer_settime.return =
- kernel.function("SyS_timer_settime").return !,
- kernel.function("sys_timer_settime").return {
+probe syscall.timer_settime.return = kernel.function("SyS_timer_settime").return !,
+ kernel.function("sys_timer_settime").return
+{
name = "timer_settime"
retstr = returnstr(1)
}
@@ -3003,15 +3161,13 @@ probe syscall.timer_settime.return =
# long compat_sys_timerfd(int ufd, int clockid, int flags,
# const struct compat_itimerspec __user *utmr)
#
-probe syscall.timerfd =
- kernel.function("sys_timerfd") ?,
+probe syscall.timerfd = kernel.function("sys_timerfd") ?,
kernel.function("compat_sys_timerfd") ?
{
name = "timerfd"
argstr = sprintf("%d, %d, 0x%x", $ufd, $clockid, $flags)
}
-probe syscall.timerfd.return =
- kernel.function("sys_timerfd").return ?,
+probe syscall.timerfd.return = kernel.function("sys_timerfd").return ?,
kernel.function("compat_sys_timerfd").return ?
{
name = "timerfd"
@@ -3022,16 +3178,14 @@ probe syscall.timerfd.return =
#
# long sys_times(struct tms __user * tbuf)
# long compat_sys_times(struct compat_tms __user *tbuf)
-probe syscall.times =
- kernel.function("compat_sys_times") ?,
+probe syscall.times = kernel.function("compat_sys_times") ?,
kernel.function("SyS_times") !,
kernel.function("sys_times") ?
{
name = "times"
- argstr = sprintf("%p", $tbuf)
+ argstr = sprintf("%p", $tbuf)
}
-probe syscall.times.return =
- kernel.function("compat_sys_times").return ?,
+probe syscall.times.return = kernel.function("compat_sys_times").return ?,
kernel.function("SyS_times").return !,
kernel.function("sys_times").return ?
{
@@ -3046,14 +3200,16 @@ probe syscall.times.return =
# int sig)
#
probe syscall.tkill = kernel.function("SyS_tkill") !,
- kernel.function("sys_tkill") {
+ kernel.function("sys_tkill")
+{
name = "tkill"
pid = $pid
sig = $sig
argstr = sprintf("%d, %s", $pid, _signal_name($sig))
}
probe syscall.tkill.return = kernel.function("SyS_tkill").return !,
- kernel.function("sys_tkill").return {
+ kernel.function("sys_tkill").return
+{
name = "tkill"
retstr = returnstr(1)
}
@@ -3065,7 +3221,8 @@ probe syscall.tkill.return = kernel.function("SyS_tkill").return !,
#
probe syscall.truncate = kernel.function("SyS_truncate") !,
kernel.function("sys_truncate") ?,
- kernel.function("sys_truncate64") ? {
+ kernel.function("sys_truncate64") ?
+{
name = "truncate"
path_uaddr = $path
path = user_string($path)
@@ -3074,7 +3231,8 @@ probe syscall.truncate = kernel.function("SyS_truncate") !,
}
probe syscall.truncate.return = kernel.function("SyS_truncate").return !,
kernel.function("sys_truncate").return ?,
- kernel.function("sys_truncate64").return ? {
+ kernel.function("sys_truncate64").return ?
+{
name = "truncate"
retstr = returnstr(1)
}
@@ -3082,13 +3240,15 @@ probe syscall.truncate.return = kernel.function("SyS_truncate").return !,
# tux ________________________________________________________
# long sys_tux (unsigned int action, user_req_t *u_info)
#
-probe syscall.tux = kernel.function("sys_tux") ? {
+probe syscall.tux = kernel.function("sys_tux") ?
+{
name = "tux"
action = $action
u_info_uaddr = $u_info
argstr = sprintf("%d, %p", $action, $u_info)
}
-probe syscall.tux.return = kernel.function("sys_tux").return ? {
+probe syscall.tux.return = kernel.function("sys_tux").return ?
+{
name = "tux"
retstr = returnstr(1)
}
@@ -3097,13 +3257,15 @@ probe syscall.tux.return = kernel.function("sys_tux").return ? {
# long sys_umask(int mask)
#
probe syscall.umask = kernel.function("SyS_umask") !,
- kernel.function("sys_umask") {
+ kernel.function("sys_umask")
+{
name = "umask"
mask = $mask
argstr = sprintf("%#o", $mask)
}
probe syscall.umask.return = kernel.function("SyS_umask").return !,
- kernel.function("sys_umask").return {
+ kernel.function("sys_umask").return
+{
name = "umask"
retstr = returnstr(3)
}
@@ -3112,7 +3274,8 @@ probe syscall.umask.return = kernel.function("SyS_umask").return !,
# long sys_umount(char __user * name, int flags)
#
probe syscall.umount = kernel.function("SyS_umount") !,
- kernel.function("sys_umount") {
+ kernel.function("sys_umount")
+{
name = "umount"
target = user_string($name)
flags = $flags
@@ -3120,7 +3283,8 @@ probe syscall.umount = kernel.function("SyS_umount") !,
argstr = sprintf("%s, %s", user_string_quoted($name), flags_str)
}
probe syscall.umount.return = kernel.function("SyS_umount").return !,
- kernel.function("sys_umount").return {
+ kernel.function("sys_umount").return
+{
name = "umount"
retstr = returnstr(1)
}
@@ -3132,8 +3296,7 @@ probe syscall.umount.return = kernel.function("SyS_umount").return !,
# int sys32_olduname(struct oldold_utsname __user * name)
# long sys32_uname(struct old_utsname __user * name)
#
-probe syscall.uname =
- kernel.function("sys_uname") ?,
+probe syscall.uname = kernel.function("sys_uname") ?,
kernel.function("sys_olduname") ?,
kernel.function("sys32_olduname") ?,
kernel.function("sys32_uname") ?,
@@ -3144,8 +3307,7 @@ probe syscall.uname =
argstr = sprintf("%p", $name)
}
-probe syscall.uname.return =
- kernel.function("sys_uname").return ?,
+probe syscall.uname.return = kernel.function("sys_uname").return ?,
kernel.function("sys_olduname").return ?,
kernel.function("sys32_olduname").return ?,
kernel.function("sys32_uname").return ?,
@@ -3160,14 +3322,16 @@ probe syscall.uname.return =
# long sys_unlink(const char __user * pathname)
#
probe syscall.unlink = kernel.function("SyS_unlink") !,
- kernel.function("sys_unlink") {
+ kernel.function("sys_unlink")
+{
name = "unlink"
pathname_uaddr = $pathname
pathname = user_string($pathname)
argstr = user_string_quoted($pathname)
}
probe syscall.unlink.return = kernel.function("SyS_unlink").return !,
- kernel.function("sys_unlink").return {
+ kernel.function("sys_unlink").return
+{
name = "unlink"
retstr = returnstr(1)
}
@@ -3177,7 +3341,8 @@ probe syscall.unlink.return = kernel.function("SyS_unlink").return !,
# long sys_unlinkat(int dfd, const char __user *pathname,
# int flag)
probe syscall.unlinkat = kernel.function("SyS_unlinkat") !,
- kernel.function("sys_unlinkat") ? {
+ kernel.function("sys_unlinkat") ?
+{
name = "unlinkat"
dfd = $dfd
dfd_str = _dfd_str($dfd)
@@ -3188,7 +3353,8 @@ probe syscall.unlinkat = kernel.function("SyS_unlinkat") !,
argstr = sprintf("%s, %s, %s", dfd_str, user_string_quoted($pathname), flag_str)
}
probe syscall.unlinkat.return = kernel.function("SyS_unlinkat").return !,
- kernel.function("sys_unlinkat").return ? {
+ kernel.function("sys_unlinkat").return ?
+{
name = "unlinkat"
retstr = returnstr(1)
}
@@ -3197,13 +3363,15 @@ probe syscall.unlinkat.return = kernel.function("SyS_unlinkat").return !,
# new function with 2.6.16
# long sys_unshare(unsigned long unshare_flags)
probe syscall.unshare = kernel.function("SyS_unshare") !,
- kernel.function("sys_unshare") ? {
+ kernel.function("sys_unshare") ?
+{
name = "unshare"
unshare_flags = $unshare_flags
argstr = __fork_flags(unshare_flags)
}
probe syscall.unshare.return = kernel.function("SyS_unshare").return !,
- kernel.function("sys_unshare").return ? {
+ kernel.function("sys_unshare").return ?
+{
name = "unshare"
retstr = returnstr(1)
}
@@ -3214,14 +3382,16 @@ probe syscall.unshare.return = kernel.function("SyS_unshare").return !,
# sys_uselib(const char __user * library)
#
probe syscall.uselib = kernel.function("SyS_uselib") !,
- kernel.function("sys_uselib") {
+ kernel.function("sys_uselib")
+{
name = "uselib"
library_uaddr = $library
library = user_string($library)
argstr = user_string_quoted($library)
}
probe syscall.uselib.return = kernel.function("SyS_uselib").return !,
- kernel.function("sys_uselib").return {
+ kernel.function("sys_uselib").return
+{
name = "uselib"
retstr = returnstr(1)
}
@@ -3229,7 +3399,8 @@ probe syscall.uselib.return = kernel.function("SyS_uselib").return !,
# long sys_ustat(unsigned dev, struct ustat __user * ubuf)
#
probe syscall.ustat = kernel.function("SyS_ustat") !,
- kernel.function("sys_ustat") {
+ kernel.function("sys_ustat")
+{
name = "ustat"
dev = $dev
ubuf_uaddr = $ubuf
@@ -3237,16 +3408,16 @@ probe syscall.ustat = kernel.function("SyS_ustat") !,
}
#long sys32_ustat(unsigned dev, struct ustat32 __user *u32p)
-probe syscall.ustat32 = kernel.function("sys32_ustat") ? {
+probe syscall.ustat32 = kernel.function("sys32_ustat") ?
+{
name = "ustat"
dev = $dev
argstr = sprintf("%d, %p", $dev, $u32p)
}
-probe syscall.ustat.return =
- kernel.function("SyS_ustat").return ?,
- kernel.function("sys_ustat").return?,
- kernel.function("sys32_ustat").return ?
+probe syscall.ustat.return = kernel.function("SyS_ustat").return ?,
+ kernel.function("sys_ustat").return ?,
+ kernel.function("sys32_ustat").return ?
{
name = "ustat"
retstr = returnstr(1)
@@ -3255,7 +3426,8 @@ probe syscall.ustat.return =
# utime ______________________________________________________
# long sys_utime(char __user * filename, struct utimbuf __user * times)
probe syscall.utime = kernel.function("SyS_utime") !,
- kernel.function("sys_utime") ? {
+ kernel.function("sys_utime") ?
+{
name = "utime"
filename_uaddr = $filename
filename = user_string($filename)
@@ -3263,16 +3435,18 @@ probe syscall.utime = kernel.function("SyS_utime") !,
actime = _struct_utimbuf_actime(buf_uaddr)
modtime = _struct_utimbuf_modtime(buf_uaddr)
argstr = sprintf("%s, [%s, %s]", user_string_quoted($filename),
- ctime(actime), ctime(modtime))
+ ctime(actime), ctime(modtime))
}
probe syscall.utime.return = kernel.function("SyS_utime").return !,
- kernel.function("sys_utime").return ? {
+ kernel.function("sys_utime").return ?
+{
name = "utime"
retstr = returnstr(1)
}
# long compat_sys_utime(char __user *filename, struct compat_utimbuf __user *t)
-probe syscall.compat_utime = kernel.function("compat_sys_utime") ? {
+probe syscall.compat_utime = kernel.function("compat_sys_utime") ?
+{
name = "utime"
filename_uaddr = $filename
filename = user_string($filename)
@@ -3280,9 +3454,10 @@ probe syscall.compat_utime = kernel.function("compat_sys_utime") ? {
actime = _struct_compat_utimbuf_actime(buf_uaddr)
modtime = _struct_compat_utimbuf_modtime(buf_uaddr)
argstr = sprintf("%s, [%s, %s]", user_string_quoted($filename),
- ctime(actime), ctime(modtime))
+ ctime(actime), ctime(modtime))
}
-probe syscall.compat_utime.return = kernel.function("compat_sys_utime").return ? {
+probe syscall.compat_utime.return = kernel.function("compat_sys_utime").return ?
+{
name = "utime"
retstr = returnstr(1)
}
@@ -3292,16 +3467,18 @@ probe syscall.compat_utime.return = kernel.function("compat_sys_utime").return ?
# long sys_utimes(char __user * filename, struct timeval __user * utimes)
#
probe syscall.utimes = kernel.function("SyS_utimes") !,
- kernel.function("sys_utimes") {
+ kernel.function("sys_utimes")
+{
name = "utimes"
filename_uaddr = $filename
filename = user_string($filename)
tvp_uaddr = $utimes
- argstr = sprintf("%s, %s", user_string_quoted($filename),
+ argstr = sprintf("%s, %s", user_string_quoted($filename),
_struct_timeval_u($utimes, 2))
}
probe syscall.utimes.return = kernel.function("SyS_utimes").return !,
- kernel.function("sys_utimes").return {
+ kernel.function("sys_utimes").return
+{
name = "utimes"
retstr = returnstr(1)
}
@@ -3309,13 +3486,15 @@ probe syscall.utimes.return = kernel.function("SyS_utimes").return !,
#
# long compat_sys_utimes(char __user *filename, struct compat_timeval __user *t)
#
-probe syscall.compat_sys_utimes = kernel.function("compat_sys_utimes") ? {
+probe syscall.compat_sys_utimes = kernel.function("compat_sys_utimes") ?
+{
name = "utimes"
filename = user_string($filename)
argstr = sprintf("%s, %s", user_string_quoted($filename),
- _struct_compat_timeval_u($t, 2))
+ _struct_compat_timeval_u($t, 2))
}
-probe syscall.compat_sys_utimes.return = kernel.function("compat_sys_utimes").return ? {
+probe syscall.compat_sys_utimes.return = kernel.function("compat_sys_utimes").return ?
+{
name = "utimes"
retstr = returnstr(1)
}
@@ -3323,24 +3502,28 @@ probe syscall.compat_sys_utimes.return = kernel.function("compat_sys_utimes").re
# utimensat ____________________________________________________
# long sys_utimensat(int dfd, char __user *filename, struct timespec __user *utimes, int flags)
# long compat_sys_utimensat(unsigned int dfd, char __user *filename, struct compat_timespec __user *t, int flags)
-#
+#
probe syscall.utimensat = kernel.function("SyS_utimensat") !,
- kernel.function("sys_utimensat") ? {
+ kernel.function("sys_utimensat") ?
+{
name = "utimensat"
- argstr = sprintf("%s, %s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), _struct_timespec_u($utimes,2),
+ argstr = sprintf("%s, %s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), _struct_timespec_u($utimes, 2),
_at_flag_str($flags))
}
-probe syscall.compat_utimensat = kernel.function("compat_sys_utimensat") ? {
+probe syscall.compat_utimensat = kernel.function("compat_sys_utimensat") ?
+{
name = "utimensat"
- argstr = sprintf("%s, %s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), _struct_compat_timespec_u($t,2),
+ argstr = sprintf("%s, %s, %s, %s", _dfd_str($dfd), user_string_quoted($filename), _struct_compat_timespec_u($t, 2),
_at_flag_str($flags))
}
probe syscall.utimensat.return = kernel.function("SyS_utimensat").return !,
- kernel.function("sys_utimensat").return ? {
+ kernel.function("sys_utimensat").return ?
+{
name = "utimensat"
retstr = returnstr(1)
}
-probe syscall.compat_utimensat.return = kernel.function("compat_sys_utimensat").return ? {
+probe syscall.compat_utimensat.return = kernel.function("compat_sys_utimensat").return ?
+{
name = "utimensat"
retstr = returnstr(1)
}
@@ -3350,11 +3533,13 @@ probe syscall.compat_utimensat.return = kernel.function("compat_sys_utimensat")
# asmlinkage long
# sys_vhangup(void)
#
-probe syscall.vhangup = kernel.function("sys_vhangup") {
+probe syscall.vhangup = kernel.function("sys_vhangup")
+{
name = "vhangup"
argstr = ""
}
-probe syscall.vhangup.return = kernel.function("sys_vhangup").return {
+probe syscall.vhangup.return = kernel.function("sys_vhangup").return
+{
name = "vhangup"
retstr = returnstr(1)
}
@@ -3367,20 +3552,24 @@ probe syscall.vhangup.return = kernel.function("sys_vhangup").return {
# unsigned int nr_segs, unsigned int flags)
#
probe syscall.vmsplice = kernel.function("SyS_vmsplice") !,
- kernel.function("sys_vmsplice") ? {
+ kernel.function("sys_vmsplice") ?
+{
name = "vmsplice"
argstr = sprintf("%d, %p, %d, 0x%x", $fd, $iov, $nr_segs, $flags)
}
-probe syscall.compat_vmsplice = kernel.function("compat_sys_vmsplice") ? {
+probe syscall.compat_vmsplice = kernel.function("compat_sys_vmsplice") ?
+{
name = "vmsplice"
argstr = sprintf("%d, %p, %d, 0x%x", $fd, $iov32, $nr_segs, $flags)
}
probe syscall.vmsplice.return = kernel.function("SyS_vmsplice").return !,
- kernel.function("sys_vmsplice").return ? {
+ kernel.function("sys_vmsplice").return ?
+{
name = "vmsplice"
retstr = returnstr(1)
}
-probe syscall.compat_vmsplice.return = kernel.function("compat_sys_vmsplice").return ? {
+probe syscall.compat_vmsplice.return = kernel.function("compat_sys_vmsplice").return ?
+{
name = "vmsplice"
retstr = returnstr(1)
}
@@ -3393,7 +3582,8 @@ probe syscall.compat_vmsplice.return = kernel.function("compat_sys_vmsplice").re
# struct rusage __user *ru)
#
probe syscall.wait4 = kernel.function("SyS_wait4") !,
- kernel.function("sys_wait4") {
+ kernel.function("sys_wait4")
+{
name = "wait4"
pid = %( kernel_vr >= "2.6.25" %? $upid %: $pid%)
status_uaddr = $stat_addr
@@ -3401,11 +3591,12 @@ probe syscall.wait4 = kernel.function("SyS_wait4") !,
options_str = _wait4_opt_str($options)
rusage_uaddr = $ru
argstr = sprintf("%d, %p, %s, %p",
- %( kernel_vr >= "2.6.25" %? $upid %: $pid%),
- $stat_addr,_wait4_opt_str($options), $ru)
+ %( kernel_vr >= "2.6.25" %? $upid %: $pid%),
+ $stat_addr, _wait4_opt_str($options), $ru)
}
probe syscall.wait4.return = kernel.function("SyS_wait4").return !,
- kernel.function("sys_wait4").return {
+ kernel.function("sys_wait4").return
+{
name = "wait4"
retstr = returnstr(1)
}
@@ -3418,7 +3609,8 @@ probe syscall.wait4.return = kernel.function("SyS_wait4").return !,
# struct rusage __user *ru)
#
probe syscall.waitid = kernel.function("SyS_waitid") !,
- kernel.function("sys_waitid") {
+ kernel.function("sys_waitid")
+{
name = "waitid"
pid = %( kernel_vr >= "2.6.25" %? $upid %: $pid%)
which = $which
@@ -3428,11 +3620,12 @@ probe syscall.waitid = kernel.function("SyS_waitid") !,
options_str = _waitid_opt_str($options)
rusage_uaddr = $ru
argstr = sprintf("%d, %d, %p, %s, %p", $which,
- %( kernel_vr >= "2.6.25" %? $upid %: $pid%), $infop,
- _waitid_opt_str($options), $ru)
+ %( kernel_vr >= "2.6.25" %? $upid %: $pid%), $infop,
+ _waitid_opt_str($options), $ru)
}
probe syscall.waitid.return = kernel.function("SyS_waitid").return !,
- kernel.function("sys_waitid").return {
+ kernel.function("sys_waitid").return
+{
name = "waitid"
retstr = returnstr(1)
}
@@ -3445,7 +3638,8 @@ probe syscall.waitid.return = kernel.function("SyS_waitid").return !,
# struct rusage __user *ru)
#
probe syscall.waitpid = kernel.function("SyS_wait4") !,
- kernel.function("sys_wait4") {
+ kernel.function("sys_wait4")
+{
name = "waitpid"
pid = $pid
status_uaddr = $stat_addr
@@ -3453,10 +3647,11 @@ probe syscall.waitpid = kernel.function("SyS_wait4") !,
options_str = _wait4_opt_str($options)
rusage_uaddr = $ru
argstr = sprintf("%d, %p, %s, %p", $pid, $stat_addr,
- options_str, $ru)
+ options_str, $ru)
}
probe syscall.waitpid.return = kernel.function("SyS_wait4").return !,
- kernel.function("sys_wait4").return {
+ kernel.function("sys_wait4").return
+{
name = "waitpid"
retstr = returnstr(1)
}
@@ -3469,15 +3664,17 @@ probe syscall.waitpid.return = kernel.function("SyS_wait4").return !,
# size_t count)
#
probe syscall.write = kernel.function("SyS_write") !,
- kernel.function("sys_write") {
+ kernel.function("sys_write")
+{
name = "write"
fd = $fd
buf_uaddr = $buf
count = $count
- argstr = sprintf("%d, %s, %d", $fd, text_strn(user_string($buf),syscall_string_trunc,1), $count)
+ argstr = sprintf("%d, %s, %d", $fd, text_strn(user_string($buf), syscall_string_trunc, 1), $count)
}
probe syscall.write.return = kernel.function("SyS_write").return !,
- kernel.function("sys_write").return {
+ kernel.function("sys_write").return
+{
name = "write"
retstr = returnstr(1)
}
@@ -3487,19 +3684,18 @@ probe syscall.write.return = kernel.function("SyS_write").return !,
# ssize_t sys_writev(unsigned long fd,
# const struct iovec __user *vec,
# unsigned long vlen)
-# ssize_t compat_sys_writev(unsigned long fd,
-# const struct compat_iovec __user *vec,
+# ssize_t compat_sys_writev(unsigned long fd,
+# const struct compat_iovec __user *vec,
# unsigned long vlen)
#
-probe syscall.writev =
- kernel.function("compat_sys_writev") ?,
+probe syscall.writev = kernel.function("compat_sys_writev") ?,
kernel.function("SyS_writev") !,
kernel.function("sys_writev")
{
name = "writev"
vector_uaddr = $vec
count = $vlen
-/* FIXME: RHEL4 U3 ppc64 can't resolve $fd */
+/* FIXME: RHEL4 U3 ppc64 can't resolve $fd */
%( arch != "ppc64" %?
fd = $fd
argstr = sprintf("%d, %p, %d", $fd, $vec, $vlen)
@@ -3507,8 +3703,7 @@ probe syscall.writev =
argstr = sprintf("unknown fd, %p, %d", $vec, $vlen)
%)
}
-probe syscall.writev.return =
- kernel.function("compat_sys_writev").return ?,
+probe syscall.writev.return = kernel.function("compat_sys_writev").return ?,
kernel.function("SyS_writev").return !,
kernel.function("sys_writev").return
{
--
1.5.6.5