This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
[PATCH 4/5] Fix nd_syscalls.stp for architectures using SYSCALL_WRAPPERS.
- From: Przemyslaw Pawelczyk <przemyslaw at pawelczyk dot it>
- To: systemtap at sourceware dot org
- Date: Fri, 22 May 2009 17:25:37 +0200
- Subject: [PATCH 4/5] Fix nd_syscalls.stp for architectures using SYSCALL_WRAPPERS.
- Mail-from: 72d4f4598a084b38403cf0683e67911c466aa031 Mon Sep 17 00:00:00 2001
Add kprobe.function("SyS_*") probe points to nd_syscall.* probe aliases.
Analogue of commit 132c337c.
---
tapset/nd_syscalls.stp | 865 +++++++++++++++++++++++++++++++-----------------
1 files changed, 564 insertions(+), 301 deletions(-)
diff --git a/tapset/nd_syscalls.stp b/tapset/nd_syscalls.stp
index 0313b4f..a0f88fc 100644
--- a/tapset/nd_syscalls.stp
+++ b/tapset/nd_syscalls.stp
@@ -34,7 +34,8 @@
# accept _____________________________________________________
# long sys_accept(int fd, struct sockaddr __user *upeer_sockaddr,
# int __user *upeer_addrlen)
-probe nd_syscall.accept = kprobe.function("sys_accept") ?
+probe nd_syscall.accept = kprobe.function("SyS_accept") !,
+ kprobe.function("sys_accept") ?
{
name = "accept"
// sockfd = $fd
@@ -47,7 +48,8 @@ probe nd_syscall.accept = kprobe.function("sys_accept") ?
addrlen_uaddr = pointer_arg(3)
argstr = sprintf("%d, %p, %p", sockfd, addr_uaddr, addrlen_uaddr)
}
-probe nd_syscall.accept.return = kprobe.function("sys_accept").return ?
+probe nd_syscall.accept.return = kprobe.function("SyS_accept").return !,
+ kprobe.function("sys_accept").return ?
{
name = "accept"
retstr = returnstr(1)
@@ -55,7 +57,8 @@ probe nd_syscall.accept.return = kprobe.function("sys_accept").return ?
# access _____________________________________________________
# long sys_access(const char __user * filename, int mode)
-probe nd_syscall.access = kprobe.function("sys_access")
+probe nd_syscall.access = kprobe.function("SyS_access") !,
+ kprobe.function("sys_access")
{
name = "access"
// pathname = user_string($filename)
@@ -68,7 +71,8 @@ probe nd_syscall.access = kprobe.function("sys_access")
mode_str = _access_mode_str(mode)
argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), mode_str)
}
-probe nd_syscall.access.return = kprobe.function("sys_access").return
+probe nd_syscall.access.return = kprobe.function("SyS_access").return !,
+ kprobe.function("sys_access").return
{
name = "access"
retstr = returnstr(1)
@@ -98,7 +102,8 @@ probe nd_syscall.acct.return = kprobe.function("sys_acct").return ?
# size_t plen,
# key_serial_t ringid)
#
-probe nd_syscall.add_key = kprobe.function("sys_add_key") ?
+probe nd_syscall.add_key = kprobe.function("SyS_add_key") !,
+ kprobe.function("sys_add_key") ?
{
name = "add_key"
// type_uaddr = $_type
@@ -123,7 +128,8 @@ probe nd_syscall.add_key = kprobe.function("sys_add_key") ?
text_strn(user_string(payload_uaddr), syscall_string_trunc, 1),
plen, ringid)
}
-probe nd_syscall.add_key.return = kprobe.function("sys_add_key").return ?
+probe nd_syscall.add_key.return = kprobe.function("SyS_add_key").return !,
+ kprobe.function("sys_add_key").return ?
{
name = "add_key"
retstr = returnstr(1)
@@ -131,7 +137,8 @@ probe nd_syscall.add_key.return = kprobe.function("sys_add_key").return ?
# adjtimex ___________________________________________________
# long sys_adjtimex(struct timex __user *txc_p)
-probe nd_syscall.adjtimex = kprobe.function("sys_adjtimex")
+probe nd_syscall.adjtimex = kprobe.function("SyS_adjtimex") !,
+ kprobe.function("sys_adjtimex")
{
name = "adjtimex"
@@ -152,7 +159,8 @@ probe nd_syscall.adjtimex = kprobe.function("sys_adjtimex")
asmlinkage()
argstr = sprintf("%p", pointer_arg(1))
}
-probe nd_syscall.adjtimex.return = kprobe.function("sys_adjtimex").return
+probe nd_syscall.adjtimex.return = kprobe.function("SyS_adjtimex").return !,
+ kprobe.function("sys_adjtimex").return
{
name = "adjtimex"
// retstr = _adjtimex_return_str($return)
@@ -176,8 +184,9 @@ probe nd_syscall.compat_adjtimex.return = kprobe.function("compat_sys_adjtimex")
# unsigned long sys_alarm (unsigned int seconds)
# long sys32_alarm(unsigned int seconds)
#
-probe nd_syscall.alarm = kprobe.function("sys_alarm") ?,
- kprobe.function("sys32_alarm") ?
+probe nd_syscall.alarm = kprobe.function("sys32_alarm") ?,
+ kprobe.function("SyS_alarm") !,
+ kprobe.function("sys_alarm") ?
{
name = "alarm"
// seconds = $seconds
@@ -186,8 +195,9 @@ probe nd_syscall.alarm = kprobe.function("sys_alarm") ?,
seconds = uint_arg(1)
argstr = sprint(seconds)
}
-probe nd_syscall.alarm.return = kprobe.function("sys_alarm").return ?,
- kprobe.function("sys32_alarm").return ?
+probe nd_syscall.alarm.return = kprobe.function("sys32_alarm").return ?,
+ kprobe.function("SyS_alarm").return !,
+ kprobe.function("sys_alarm").return ?
{
name = "alarm"
retstr = returnstr(1)
@@ -195,7 +205,8 @@ probe nd_syscall.alarm.return = kprobe.function("sys_alarm").return ?,
# bdflush ____________________________________________________
# long sys_bdflush(int func, long data)
-probe nd_syscall.bdflush = kprobe.function("sys_bdflush") ?
+probe nd_syscall.bdflush = kprobe.function("SyS_bdflush") !,
+ kprobe.function("sys_bdflush") ?
{
name = "bdflush"
// func = $func
@@ -213,7 +224,8 @@ probe nd_syscall.bdflush = kprobe.function("sys_bdflush") ?
data_str = sprintf("%d", data)
argstr = sprintf("%d, %s", func, data_str)
}
-probe nd_syscall.bdflush.return = kprobe.function("sys_bdflush").return ?
+probe nd_syscall.bdflush.return = kprobe.function("SyS_bdflush").return !,
+ kprobe.function("sys_bdflush").return ?
{
name = "bdflush"
retstr = returnstr(1)
@@ -221,7 +233,8 @@ probe nd_syscall.bdflush.return = kprobe.function("sys_bdflush").return ?
# bind _______________________________________________________
# long sys_bind(int fd, struct sockaddr __user *umyaddr, int addrlen)
-probe nd_syscall.bind = kprobe.function("sys_bind") ?
+probe nd_syscall.bind = kprobe.function("SyS_bind") !,
+ kprobe.function("sys_bind") ?
{
name = "bind"
// sockfd = $fd
@@ -234,7 +247,8 @@ probe nd_syscall.bind = kprobe.function("sys_bind") ?
addrlen = int_arg(3)
argstr = sprintf("%d, %s, %d", sockfd, _struct_sockaddr_u(my_addr_uaddr, addrlen), addrlen)
}
-probe nd_syscall.bind.return = kprobe.function("sys_bind").return ?
+probe nd_syscall.bind.return = kprobe.function("SyS_bind").return !,
+ kprobe.function("sys_bind").return ?
{
name = "bind"
retstr = returnstr(1)
@@ -242,8 +256,9 @@ probe nd_syscall.bind.return = kprobe.function("sys_bind").return ?
# brk ________________________________________________________
# unsigned long sys_brk(unsigned long brk)
-probe nd_syscall.brk = kprobe.function("sys_brk"),
- kprobe.function("ia64_brk") ?
+probe nd_syscall.brk = kprobe.function("ia64_brk") ?,
+ kprobe.function("SyS_brk") !,
+ kprobe.function("sys_brk")
{
name = "brk"
// brk = $brk
@@ -251,8 +266,9 @@ probe nd_syscall.brk = kprobe.function("sys_brk"),
brk = ulong_arg(1)
argstr = sprintf("%p", brk)
}
-probe nd_syscall.brk.return = kprobe.function("sys_brk").return,
- kprobe.function("ia64_brk").return ?
+probe nd_syscall.brk.return = kprobe.function("ia64_brk").return ?,
+ kprobe.function("SyS_brk").return !,
+ kprobe.function("sys_brk").return
{
name = "brk"
retstr = returnstr(1)
@@ -271,7 +287,8 @@ probe nd_syscall.brk.return = kprobe.function("sys_brk").return,
* functions to export.
*/
# long sys_capget(cap_user_header_t header, cap_user_data_t dataptr)
-probe nd_syscall.capget = kprobe.function("sys_capget")
+probe nd_syscall.capget = kprobe.function("SyS_capget") !,
+ kprobe.function("sys_capget")
{
name = "capget"
// header_uaddr = $header
@@ -282,7 +299,8 @@ probe nd_syscall.capget = kprobe.function("sys_capget")
data_uaddr = pointer_arg(2)
argstr = sprintf("%p, %p", header_uaddr, data_uaddr)
}
-probe nd_syscall.capget.return = kprobe.function("sys_capget").return
+probe nd_syscall.capget.return = kprobe.function("SyS_capget").return !,
+ kprobe.function("sys_capget").return
{
name = "capget"
retstr = returnstr(1)
@@ -300,7 +318,8 @@ probe nd_syscall.capget.return = kprobe.function("sys_capget").return
* functions to export.
*/
# long sys_capset(cap_user_header_t header, const cap_user_data_t data)
-probe nd_syscall.capset = kprobe.function("sys_capset")
+probe nd_syscall.capset = kprobe.function("SyS_capset") !,
+ kprobe.function("sys_capset")
{
name = "capset"
// header_uaddr = $header
@@ -311,7 +330,8 @@ probe nd_syscall.capset = kprobe.function("sys_capset")
data_uaddr = pointer_arg(2)
argstr = sprintf("%p, %p", header_uaddr, data_uaddr)
}
-probe nd_syscall.capset.return = kprobe.function("sys_capset").return
+probe nd_syscall.capset.return = kprobe.function("SyS_capset").return !,
+ kprobe.function("sys_capset").return
{
name = "capset"
retstr = returnstr(1)
@@ -319,7 +339,8 @@ probe nd_syscall.capset.return = kprobe.function("sys_capset").return
# chdir ______________________________________________________
# long sys_chdir(const char __user * filename)
-probe nd_syscall.chdir = kprobe.function("sys_chdir")
+probe nd_syscall.chdir = kprobe.function("SyS_chdir") !,
+ kprobe.function("sys_chdir")
{
name = "chdir"
// path = user_string($filename)
@@ -328,7 +349,8 @@ probe nd_syscall.chdir = kprobe.function("sys_chdir")
path = user_string(pointer_arg(1))
argstr = user_string_quoted(pointer_arg(1))
}
-probe nd_syscall.chdir.return = kprobe.function("sys_chdir").return
+probe nd_syscall.chdir.return = kprobe.function("SyS_chdir").return !,
+ kprobe.function("sys_chdir").return
{
name = "chdir"
retstr = returnstr(1)
@@ -336,7 +358,8 @@ probe nd_syscall.chdir.return = kprobe.function("sys_chdir").return
# chmod ______________________________________________________
# long sys_chmod(const char __user * filename, mode_t mode)
-probe nd_syscall.chmod = kprobe.function("sys_chmod")
+probe nd_syscall.chmod = kprobe.function("SyS_chmod") !,
+ kprobe.function("sys_chmod")
{
name = "chmod"
// path = user_string($filename)
@@ -347,7 +370,8 @@ probe nd_syscall.chmod = kprobe.function("sys_chmod")
mode = uint_arg(2)
argstr = sprintf("%s, %#o", user_string_quoted(pointer_arg(1)), mode)
}
-probe nd_syscall.chmod.return = kprobe.function("sys_chmod").return
+probe nd_syscall.chmod.return = kprobe.function("SyS_chmod").return !,
+ kprobe.function("sys_chmod").return
{
name = "chmod"
retstr = returnstr(1)
@@ -355,7 +379,8 @@ probe nd_syscall.chmod.return = kprobe.function("sys_chmod").return
# chown ______________________________________________________
# long sys_chown(const char __user * filename, uid_t user, gid_t group)
-probe nd_syscall.chown = kprobe.function("sys_chown")
+probe nd_syscall.chown = kprobe.function("SyS_chown") !,
+ kprobe.function("sys_chown")
{
name = "chown"
// path = user_string($filename)
@@ -368,7 +393,8 @@ probe nd_syscall.chown = kprobe.function("sys_chown")
group = __int32(uint_arg(3))
argstr = sprintf("%s, %d, %d", user_string_quoted(pointer_arg(1)), owner, group)
}
-probe nd_syscall.chown.return = kprobe.function("sys_chown").return
+probe nd_syscall.chown.return = kprobe.function("SyS_chown").return !,
+ kprobe.function("sys_chown").return
{
name = "chown"
retstr = returnstr(1)
@@ -398,7 +424,8 @@ probe nd_syscall.chown16.return = kprobe.function("sys_chown16").return ?
# chroot _____________________________________________________
# long sys_chroot(const char __user * filename)
-probe nd_syscall.chroot = kprobe.function("sys_chroot")
+probe nd_syscall.chroot = kprobe.function("SyS_chroot") !,
+ kprobe.function("sys_chroot")
{
name = "chroot"
// path = user_string($filename)
@@ -407,7 +434,8 @@ probe nd_syscall.chroot = kprobe.function("sys_chroot")
path = user_string(pointer_arg(1))
argstr = user_string_quoted(pointer_arg(1))
}
-probe nd_syscall.chroot.return = kprobe.function("sys_chroot").return
+probe nd_syscall.chroot.return = kprobe.function("SyS_chroot").return !,
+ kprobe.function("sys_chroot").return
{
name = "chroot"
retstr = returnstr(1)
@@ -417,8 +445,9 @@ probe nd_syscall.chroot.return = kprobe.function("sys_chroot").return
# long sys_clock_getres(clockid_t which_clock, struct timespec __user *tp)
# long compat_clock_getres(clockid_t which_clock, struct compat_timespec __user *tp)
#
-probe nd_syscall.clock_getres = kprobe.function("sys_clock_getres"),
- kprobe.function("compat_clock_getres") ?
+probe nd_syscall.clock_getres = kprobe.function("compat_clock_getres") ?,
+ kprobe.function("SyS_clock_getres") !,
+ kprobe.function("sys_clock_getres")
{
name = "clock_getres"
// clk_id = $which_clock
@@ -431,8 +460,9 @@ probe nd_syscall.clock_getres = kprobe.function("sys_clock_getres"),
res_uaddr = pointer_arg(2)
argstr = sprintf("%s, %p", clk_id_str, res_uaddr)
}
-probe nd_syscall.clock_getres.return = kprobe.function("sys_clock_getres").return,
- kprobe.function("compat_clock_getres").return ?
+probe nd_syscall.clock_getres.return = kprobe.function("compat_clock_getres").return ?,
+ kprobe.function("SyS_clock_getres").return !,
+ kprobe.function("sys_clock_getres").return
{
name = "clock_getres"
retstr = returnstr(1)
@@ -441,7 +471,8 @@ probe nd_syscall.clock_getres.return = kprobe.function("sys_clock_getres").retur
# clock_gettime ______________________________________________
# long sys_clock_gettime(clockid_t which_clock, struct timespec __user *tp)
#
-probe nd_syscall.clock_gettime = kprobe.function("sys_clock_gettime")
+probe nd_syscall.clock_gettime = kprobe.function("SyS_clock_gettime") !,
+ kprobe.function("sys_clock_gettime")
{
name = "clock_gettime"
// clk_id = $which_clock
@@ -452,7 +483,8 @@ probe nd_syscall.clock_gettime = kprobe.function("sys_clock_gettime")
clk_id_str = _get_wc_str(clk_id)
argstr = sprintf("%s, %p", clk_id_str, pointer_arg(2))
}
-probe nd_syscall.clock_gettime.return = kprobe.function("sys_clock_gettime").return
+probe nd_syscall.clock_gettime.return = kprobe.function("SyS_clock_gettime").return !,
+ kprobe.function("sys_clock_gettime").return
{
name = "clock_gettime"
retstr = returnstr(1)
@@ -464,7 +496,8 @@ probe nd_syscall.clock_gettime.return = kprobe.function("sys_clock_gettime").ret
# const struct timespec __user *rqtp,
# struct timespec __user *rmtp)
#
-probe nd_syscall.clock_nanosleep = kprobe.function("sys_clock_nanosleep")
+probe nd_syscall.clock_nanosleep = kprobe.function("SyS_clock_nanosleep") !,
+ kprobe.function("sys_clock_nanosleep")
{
name = "clock_nanosleep"
// if ($flags == 1)
@@ -482,7 +515,8 @@ probe nd_syscall.clock_nanosleep = kprobe.function("sys_clock_nanosleep")
argstr = sprintf("%s, %s, %s, %p", _get_wc_str(int_arg(1)), flag_str,
_struct_timespec_u(pointer_arg(3), 1), pointer_arg(4))
}
-probe nd_syscall.clock_nanosleep.return = kprobe.function("sys_clock_nanosleep").return
+probe nd_syscall.clock_nanosleep.return = kprobe.function("SyS_clock_nanosleep").return !,
+ kprobe.function("sys_clock_nanosleep").return
{
name = "clock_nanosleep"
retstr = returnstr(1)
@@ -524,7 +558,8 @@ probe nd_syscall.compat_clock_nanosleep.return = kprobe.function("compat_clock_n
# long sys_clock_settime(clockid_t which_clock,
# const struct timespec __user *tp)
#
-probe nd_syscall.clock_settime = kprobe.function("sys_clock_settime")
+probe nd_syscall.clock_settime = kprobe.function("SyS_clock_settime") !,
+ kprobe.function("sys_clock_settime")
{
name = "clock_settime"
// clk_id = $which_clock
@@ -537,7 +572,8 @@ probe nd_syscall.clock_settime = kprobe.function("sys_clock_settime")
tp_uaddr = pointer_arg(2)
argstr = sprintf("%s, %s", clk_id_str, _struct_timespec_u(tp_uaddr, 1))
}
-probe nd_syscall.clock_settime.return = kprobe.function("sys_clock_settime").return
+probe nd_syscall.clock_settime.return = kprobe.function("SyS_clock_settime").return !,
+ kprobe.function("sys_clock_settime").return
{
name = "clock_settime"
retstr = returnstr(1)
@@ -545,7 +581,8 @@ probe nd_syscall.clock_settime.return = kprobe.function("sys_clock_settime").ret
# close ______________________________________________________
# long sys_close(unsigned int fd)
-probe nd_syscall.close = kprobe.function("sys_close")
+probe nd_syscall.close = kprobe.function("SyS_close") !,
+ kprobe.function("sys_close")
{
name = "close"
// fd = $fd
@@ -553,14 +590,16 @@ probe nd_syscall.close = kprobe.function("sys_close")
fd = int_arg(1)
argstr = sprint(fd)
}
-probe nd_syscall.close.return = kprobe.function("sys_close").return
+probe nd_syscall.close.return = kprobe.function("SyS_close").return !,
+ kprobe.function("sys_close").return
{
name = "close"
retstr = returnstr(1)
}
# connect ____________________________________________________
# long sys_connect(int fd, struct sockaddr __user *uservaddr, int addrlen)
-probe nd_syscall.connect = kprobe.function("sys_connect") ?
+probe nd_syscall.connect = kprobe.function("SyS_connect") !,
+ kprobe.function("sys_connect") ?
{
name = "connect"
// sockfd = $fd
@@ -573,7 +612,8 @@ probe nd_syscall.connect = kprobe.function("sys_connect") ?
addrlen = int_arg(3)
argstr = sprintf("%d, %s, %d", sockfd, _struct_sockaddr_u(serv_addr_uaddr, addrlen), addrlen)
}
-probe nd_syscall.connect.return = kprobe.function("sys_connect").return ?
+probe nd_syscall.connect.return = kprobe.function("SyS_connect").return !,
+ kprobe.function("sys_connect").return ?
{
name = "connect"
retstr = returnstr(1)
@@ -581,7 +621,8 @@ probe nd_syscall.connect.return = kprobe.function("sys_connect").return ?
# creat
# long sys_creat(const char __user * pathname, int mode)
-probe nd_syscall.creat = kprobe.function("sys_creat") ?
+probe nd_syscall.creat = kprobe.function("SyS_creat") !,
+ kprobe.function("sys_creat") ?
{
name = "creat"
// mode = $mode
@@ -592,7 +633,8 @@ probe nd_syscall.creat = kprobe.function("sys_creat") ?
pathname = user_string(pointer_arg(1))
argstr = sprintf("%s, %#o", user_string_quoted(pointer_arg(1)), mode)
}
-probe nd_syscall.creat.return = kprobe.function("sys_creat").return ?
+probe nd_syscall.creat.return = kprobe.function("SyS_creat").return !,
+ kprobe.function("sys_creat").return ?
{
name = "creat"
retstr = returnstr(1)
@@ -600,7 +642,8 @@ probe nd_syscall.creat.return = kprobe.function("sys_creat").return ?
# delete_module ______________________________________________
# long sys_delete_module(const char __user *name_user, unsigned int flags)
-probe nd_syscall.delete_module = kprobe.function("sys_delete_module") ?
+probe nd_syscall.delete_module = kprobe.function("SyS_delete_module") !,
+ kprobe.function("sys_delete_module") ?
{
name = "delete_module"
// name_user = user_string($name_user)
@@ -611,7 +654,8 @@ probe nd_syscall.delete_module = kprobe.function("sys_delete_module") ?
flags = uint_arg(2)
argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), _module_flags_str(uint_arg(2)))
}
-probe nd_syscall.delete_module.return = kprobe.function("sys_delete_module").return ?
+probe nd_syscall.delete_module.return = kprobe.function("SyS_delete_module").return !,
+ kprobe.function("sys_delete_module").return ?
{
name = "delete_module"
retstr = returnstr(1)
@@ -619,7 +663,8 @@ probe nd_syscall.delete_module.return = kprobe.function("sys_delete_module").ret
# dup ________________________________________________________
# long sys_dup(unsigned int fildes)
-probe nd_syscall.dup = kprobe.function("sys_dup")
+probe nd_syscall.dup = kprobe.function("SyS_dup") !,
+ kprobe.function("sys_dup")
{
name = "dup"
// oldfd = $fildes
@@ -628,7 +673,8 @@ probe nd_syscall.dup = kprobe.function("sys_dup")
old_fd = int_arg(1)
argstr = sprint(old_fd)
}
-probe nd_syscall.dup.return = kprobe.function("sys_dup").return
+probe nd_syscall.dup.return = kprobe.function("SyS_dup").return !,
+ kprobe.function("sys_dup").return
{
name = "dup"
retstr = returnstr(1)
@@ -636,7 +682,8 @@ probe nd_syscall.dup.return = kprobe.function("sys_dup").return
# dup2 _______________________________________________________
# long sys_dup2(unsigned int oldfd, unsigned int newfd)
-probe nd_syscall.dup2 = kprobe.function("sys_dup2")
+probe nd_syscall.dup2 = kprobe.function("SyS_dup2") !,
+ kprobe.function("sys_dup2")
{
name = "dup2"
// oldfd = $oldfd
@@ -647,7 +694,8 @@ probe nd_syscall.dup2 = kprobe.function("sys_dup2")
newfd = int_arg(2)
argstr = sprintf("%d, %d", oldfd, newfd)
}
-probe nd_syscall.dup2.return = kprobe.function("sys_dup2").return
+probe nd_syscall.dup2.return = kprobe.function("SyS_dup2").return !,
+ kprobe.function("sys_dup2").return
{
name = "dup2"
retstr = returnstr(1)
@@ -655,7 +703,8 @@ probe nd_syscall.dup2.return = kprobe.function("sys_dup2").return
# epoll_create _______________________________________________
# long sys_epoll_create(int size)
-probe nd_syscall.epoll_create = kprobe.function("sys_epoll_create") ?
+probe nd_syscall.epoll_create = kprobe.function("SyS_epoll_create") !,
+ kprobe.function("sys_epoll_create") ?
{
name = "epoll_create"
// size = $size
@@ -664,7 +713,8 @@ probe nd_syscall.epoll_create = kprobe.function("sys_epoll_create") ?
size = int_arg(1)
argstr = sprint(size)
}
-probe nd_syscall.epoll_create.return = kprobe.function("sys_epoll_create").return ?
+probe nd_syscall.epoll_create.return = kprobe.function("SyS_epoll_create").return !,
+ kprobe.function("sys_epoll_create").return ?
{
name = "epoll_create"
retstr = returnstr(1)
@@ -676,8 +726,9 @@ probe nd_syscall.epoll_create.return = kprobe.function("sys_epoll_create").retur
# long compat_sys_epoll_ctl(int epfd, int op, int fd,
# struct compat_epoll_event __user *event)
#
-probe nd_syscall.epoll_ctl = kprobe.function("sys_epoll_ctl") ?,
- kprobe.function("compat_sys_epoll_ctl") ?
+probe nd_syscall.epoll_ctl = kprobe.function("compat_sys_epoll_ctl") ?,
+ kprobe.function("SyS_epoll_ctl") !,
+ kprobe.function("sys_epoll_ctl") ?
{
name = "epoll_ctl"
// epfd = $epfd
@@ -694,8 +745,9 @@ probe nd_syscall.epoll_ctl = kprobe.function("sys_epoll_ctl") ?,
event_uaddr = pointer_arg(4)
argstr = sprintf("%d, %s, %d, %p", epfd, op_str, fd, event_uaddr)
}
-probe nd_syscall.epoll_ctl.return = kprobe.function("sys_epoll_ctl").return ?,
- kprobe.function("compat_sys_epoll_ctl").return ?
+probe nd_syscall.epoll_ctl.return = kprobe.function("compat_sys_epoll_ctl").return ?,
+ kprobe.function("SyS_epoll_ctl").return !,
+ kprobe.function("sys_epoll_ctl").return ?
{
name = "epoll_ctl"
retstr = returnstr(1)
@@ -712,8 +764,9 @@ probe nd_syscall.epoll_ctl.return = kprobe.function("sys_epoll_ctl").return ?,
# const compat_sigset_t __user *sigmask,
# compat_size_t sigsetsize)
#
-probe nd_syscall.epoll_pwait = kprobe.function("sys_epoll_pwait") ?,
- kprobe.function("compat_sys_epoll_pwait") ?
+probe nd_syscall.epoll_pwait = kprobe.function("compat_sys_epoll_pwait") ?,
+ kprobe.function("SyS_epoll_pwait") !,
+ kprobe.function("sys_epoll_pwait") ?
{
name = "epoll_pwait"
asmlinkage()
@@ -721,8 +774,9 @@ probe nd_syscall.epoll_pwait = kprobe.function("sys_epoll_pwait") ?,
// $epfd, $events, $maxevents, $timeout, $sigmask, $sigsetsize)
int_arg(1), pointer_arg(2), int_arg(3), int_arg(4), pointer_arg(5), ulong_arg(6))
}
-probe nd_syscall.epoll_pwait.return = kprobe.function("sys_epoll_pwait").return ?,
- kprobe.function("compat_sys_epoll_pwait").return ?
+probe nd_syscall.epoll_pwait.return = kprobe.function("compat_sys_epoll_pwait").return ?,
+ kprobe.function("SyS_epoll_pwait").return !,
+ kprobe.function("sys_epoll_pwait").return ?
{
name = "epoll_pwait"
retstr = returnstr(1)
@@ -736,8 +790,9 @@ probe nd_syscall.epoll_pwait.return = kprobe.function("sys_epoll_pwait").return
# struct compat_epoll_event __user *events,
# int maxevents, int timeout)
#
-probe nd_syscall.epoll_wait = kprobe.function("sys_epoll_wait") ?,
- kprobe.function("compat_sys_epoll_wait") ?
+probe nd_syscall.epoll_wait = kprobe.function("compat_sys_epoll_wait") ?,
+ kprobe.function("SyS_epoll_wait") !,
+ kprobe.function("sys_epoll_wait") ?
{
name = "epoll_wait"
// epfd = $epfd
@@ -752,8 +807,9 @@ probe nd_syscall.epoll_wait = kprobe.function("sys_epoll_wait") ?,
timeout = int_arg(4)
argstr = sprintf("%d, %p, %d, %d", epfd, events_uaddr, maxevents, timeout)
}
-probe nd_syscall.epoll_wait.return = kprobe.function("sys_epoll_wait").return ?,
- kprobe.function("compat_sys_epoll_wait").return ?
+probe nd_syscall.epoll_wait.return = kprobe.function("compat_sys_epoll_wait").return ?,
+ kprobe.function("SyS_epoll_wait").return !,
+ kprobe.function("sys_epoll_wait").return ?
{
name = "epoll_wait"
retstr = returnstr(1)
@@ -762,14 +818,16 @@ probe nd_syscall.epoll_wait.return = kprobe.function("sys_epoll_wait").return ?,
# eventfd _____________________________________________________
# long sys_eventfd(unsigned int count)
#
-probe nd_syscall.eventfd = kprobe.function("sys_eventfd") ?
+probe nd_syscall.eventfd = kprobe.function("SyS_eventfd") !,
+ kprobe.function("sys_eventfd") ?
{
name = "eventfd"
// argstr = sprint($count)
asmlinkage()
argstr = sprint(uint_arg(1))
}
-probe nd_syscall.eventfd.return = kprobe.function("sys_eventfd").return ?
+probe nd_syscall.eventfd.return = kprobe.function("SyS_eventfd").return !,
+ kprobe.function("sys_eventfd").return ?
{
name = "eventfd"
retstr = returnstr(1)
@@ -838,7 +896,8 @@ probe nd_syscall.exit = kprobe.function("do_exit")
# exit_group _________________________________________________
# void sys_exit_group(int error_code)
#
-probe nd_syscall.exit_group = kprobe.function("sys_exit_group")
+probe nd_syscall.exit_group = kprobe.function("SyS_exit_group") !,
+ kprobe.function("sys_exit_group")
{
name = "exit_group"
// status = $error_code
@@ -853,7 +912,8 @@ probe nd_syscall.exit_group = kprobe.function("sys_exit_group")
# faccessat __________________________________________________
# new function with 2.6.16
# long sys_faccessat(int dfd, const char __user *filename, int mode)
-probe nd_syscall.faccessat = kprobe.function("sys_faccessat") ?
+probe nd_syscall.faccessat = kprobe.function("SyS_faccessat") !,
+ kprobe.function("sys_faccessat") ?
{
name = "faccessat"
// dirfd = $dfd
@@ -870,7 +930,8 @@ probe nd_syscall.faccessat = kprobe.function("sys_faccessat") ?
mode_str = _access_mode_str(mode)
argstr = sprintf("%s, %s, %s", dirfd_str, user_string_quoted(pointer_arg(2)), mode_str)
}
-probe nd_syscall.faccessat.return = kprobe.function("sys_faccessat").return ?
+probe nd_syscall.faccessat.return = kprobe.function("SyS_faccessat").return !,
+ kprobe.function("sys_faccessat").return ?
{
name = "faccessat"
retstr = returnstr(1)
@@ -880,7 +941,8 @@ probe nd_syscall.faccessat.return = kprobe.function("sys_faccessat").return ?
# fadvise64 __________________________________________________
# long sys_fadvise64(int fd, loff_t offset, size_t len, int advice)
#
-probe nd_syscall.fadvise64 = kprobe.function("sys_fadvise64") ?
+probe nd_syscall.fadvise64 = kprobe.function("SyS_fadvise64") !,
+ kprobe.function("sys_fadvise64") ?
{
name = "fadvise64"
// fd = $fd
@@ -895,7 +957,8 @@ probe nd_syscall.fadvise64 = kprobe.function("sys_fadvise64") ?
advice = int_arg(4)
argstr = sprintf("%d, %d, %d, %s", fd, offset, len, _fadvice_advice_str(advice))
}
-probe nd_syscall.fadvise64.return = kprobe.function("sys_fadvise64").return ?
+probe nd_syscall.fadvise64.return = kprobe.function("SyS_fadvise64").return !,
+ kprobe.function("sys_fadvise64").return ?
{
name = "fadvise64"
retstr = returnstr(1)
@@ -904,7 +967,8 @@ probe nd_syscall.fadvise64.return = kprobe.function("sys_fadvise64").return ?
# fadvise64_64 _______________________________________________
# long sys_fadvise64_64(int fd, loff_t offset, loff_t len, int advice)
#
-probe nd_syscall.fadvise64_64 = kprobe.function("sys_fadvise64_64")
+probe nd_syscall.fadvise64_64 = kprobe.function("SyS_fadvise64_64") !,
+ kprobe.function("sys_fadvise64_64") ?
{
name = "fadvise64_64"
// fd = $fd
@@ -919,7 +983,8 @@ probe nd_syscall.fadvise64_64 = kprobe.function("sys_fadvise64_64")
advice = int_arg(4)
argstr = sprintf("%d, %d, %d, %s", fd, offset, len, _fadvice_advice_str(advice))
}
-probe nd_syscall.fadvise64_64.return = kprobe.function("sys_fadvise64_64").return
+probe nd_syscall.fadvise64_64.return = kprobe.function("SyS_fadvise64_64").return !,
+ kprobe.function("sys_fadvise64_64").return ?
{
name = "fadvise64_64"
retstr = returnstr(1)
@@ -930,7 +995,8 @@ probe nd_syscall.fadvise64_64.return = kprobe.function("sys_fadvise64_64").retur
# fadvise64 __________________________________________________
# long sys_fadvise64(int fd, loff_t offset, size_t len, int advice)
#
-probe nd_syscall.fadvise64 = kprobe.function("sys_fadvise64")
+probe nd_syscall.fadvise64 = kprobe.function("SyS_fadvise64") !,
+ kprobe.function("sys_fadvise64")
{
name = "fadvise64"
fd = 0
@@ -939,7 +1005,8 @@ probe nd_syscall.fadvise64 = kprobe.function("sys_fadvise64")
advice = 0
argstr = ""
}
-probe nd_syscall.fadvise64.return = kprobe.function("sys_fadvise64").return
+probe nd_syscall.fadvise64.return = kprobe.function("SyS_fadvise64").return !,
+ kprobe.function("sys_fadvise64").return
{
name = "fadvise64"
retstr = returnstr(1)
@@ -948,7 +1015,8 @@ probe nd_syscall.fadvise64.return = kprobe.function("sys_fadvise64").return
# fadvise64_64 _______________________________________________
# long sys_fadvise64_64(int fd, loff_t offset, loff_t len, int advice)
#
-probe nd_syscall.fadvise64_64 = kprobe.function("sys_fadvise64_64")
+probe nd_syscall.fadvise64_64 = kprobe.function("SyS_fadvise64_64") !,
+ kprobe.function("sys_fadvise64_64")
{
name = "fadvise64_64"
fd = 0
@@ -957,7 +1025,8 @@ probe nd_syscall.fadvise64_64 = kprobe.function("sys_fadvise64_64")
advice = 0
argstr = ""
}
-probe nd_syscall.fadvise64_64.return = kprobe.function("sys_fadvise64_64").return
+probe nd_syscall.fadvise64_64.return = kprobe.function("SyS_fadvise64_64").return !,
+ kprobe.function("sys_fadvise64_64").return
{
name = "fadvise64_64"
retstr = returnstr(1)
@@ -966,7 +1035,8 @@ probe nd_syscall.fadvise64_64.return = kprobe.function("sys_fadvise64_64").retur
# fchdir _____________________________________________________
# long sys_fchdir(unsigned int fd)
-probe nd_syscall.fchdir = kprobe.function("sys_fchdir")
+probe nd_syscall.fchdir = kprobe.function("SyS_fchdir") !,
+ kprobe.function("sys_fchdir")
{
name = "fchdir"
// fd = $fd
@@ -975,7 +1045,8 @@ probe nd_syscall.fchdir = kprobe.function("sys_fchdir")
fd = int_arg(1)
argstr = sprint(fd)
}
-probe nd_syscall.fchdir.return = kprobe.function("sys_fchdir").return
+probe nd_syscall.fchdir.return = kprobe.function("SyS_fchdir").return !,
+ kprobe.function("sys_fchdir").return
{
name = "fchdir"
retstr = returnstr(1)
@@ -983,7 +1054,8 @@ probe nd_syscall.fchdir.return = kprobe.function("sys_fchdir").return
# fchmod _____________________________________________________
# long sys_fchmod(unsigned int fd, mode_t mode)
-probe nd_syscall.fchmod = kprobe.function("sys_fchmod")
+probe nd_syscall.fchmod = kprobe.function("SyS_fchmod") !,
+ kprobe.function("sys_fchmod")
{
name = "fchmod"
// fildes = $fd
@@ -993,7 +1065,8 @@ probe nd_syscall.fchmod = kprobe.function("sys_fchmod")
mode = uint_arg(2) # SAFE?
argstr = sprintf("%d, %#o", fildes, mode)
}
-probe nd_syscall.fchmod.return = kprobe.function("sys_fchmod").return
+probe nd_syscall.fchmod.return = kprobe.function("SyS_fchmod").return !,
+ kprobe.function("sys_fchmod").return
{
name = "fchmod"
retstr = returnstr(1)
@@ -1003,7 +1076,8 @@ probe nd_syscall.fchmod.return = kprobe.function("sys_fchmod").return
# new function with 2.6.16
# long sys_fchmodat(int dfd, const char __user *filename,
# mode_t mode)
-probe nd_syscall.fchmodat = kprobe.function("sys_fchmodat") ?
+probe nd_syscall.fchmodat = kprobe.function("SyS_fchmodat") !,
+ kprobe.function("sys_fchmodat") ?
{
name = "fchmodat"
// dirfd = $dfd
@@ -1018,7 +1092,8 @@ probe nd_syscall.fchmodat = kprobe.function("sys_fchmodat") ?
mode = uint_arg(3)
argstr = sprintf("%s, %s, %#o", dirfd_str, user_string_quoted(pointer_arg(2)), mode)
}
-probe nd_syscall.fchmodat.return = kprobe.function("sys_fchmodat").return ?
+probe nd_syscall.fchmodat.return = kprobe.function("SyS_fchmodat").return !,
+ kprobe.function("sys_fchmodat").return ?
{
name = "fchmodat"
retstr = returnstr(1)
@@ -1026,7 +1101,8 @@ probe nd_syscall.fchmodat.return = kprobe.function("sys_fchmodat").return ?
# fchown _____________________________________________________
# long sys_fchown(unsigned int fd, uid_t user, gid_t group)
-probe nd_syscall.fchown = kprobe.function("sys_fchown")
+probe nd_syscall.fchown = kprobe.function("SyS_fchown") !,
+ kprobe.function("sys_fchown")
{
name = "fchown"
// fd = $fd
@@ -1039,7 +1115,8 @@ probe nd_syscall.fchown = kprobe.function("sys_fchown")
group = __int32(uint_arg(3))
argstr = sprintf("%d, %d, %d", fd, owner, group)
}
-probe nd_syscall.fchown.return = kprobe.function("sys_fchown").return
+probe nd_syscall.fchown.return = kprobe.function("SyS_fchown").return !,
+ kprobe.function("sys_fchown").return
{
name = "fchown"
retstr = returnstr(1)
@@ -1070,7 +1147,8 @@ probe nd_syscall.fchown16.return = kprobe.function("sys_fchown16").return ?
# new function with 2.6.16
# long sys_fchownat(int dfd, const char __user *filename,
# uid_t user, gid_t group, int flag)
-probe nd_syscall.fchownat = kprobe.function("sys_fchownat") ?
+probe nd_syscall.fchownat = kprobe.function("SyS_fchownat") !,
+ kprobe.function("sys_fchownat") ?
{
name = "fchownat"
// dirfd = $dfd
@@ -1093,7 +1171,8 @@ probe nd_syscall.fchownat = kprobe.function("sys_fchownat") ?
argstr = sprintf("%s, %s, %d, %d, %s",
dirfd_str, user_string_quoted(pointer_arg(2)), owner, group, flags_str)
}
-probe nd_syscall.fchownat.return = kprobe.function("sys_fchownat").return ?
+probe nd_syscall.fchownat.return = kprobe.function("SyS_fchownat").return !,
+ kprobe.function("sys_fchownat").return ?
{
name = "fchownat"
retstr = returnstr(1)
@@ -1105,10 +1184,11 @@ probe nd_syscall.fchownat.return = kprobe.function("sys_fchownat").return ?
# long compat_sys_fcntl64(unsigned int fd, unsigned int cmd, unsigned long arg)
# long compat_sys_fcntl(unsigned int fd, unsigned int cmd, unsigned long arg)
#
-probe nd_syscall.fcntl = kprobe.function("sys_fcntl") ?,
+probe nd_syscall.fcntl = kprobe.function("compat_sys_fcntl") ?,
+ kprobe.function("compat_sys_fcntl64") ?,
kprobe.function("sys_fcntl64") ?,
- kprobe.function("compat_sys_fcntl") ?,
- kprobe.function("compat_sys_fcntl64") ?
+ kprobe.function("SyS_fcntl") !,
+ kprobe.function("sys_fcntl") ?
{
name = "fcntl"
// fd = $fd
@@ -1123,10 +1203,11 @@ probe nd_syscall.fcntl = kprobe.function("sys_fcntl") ?,
arg = long_arg(3)
argstr = sprintf("%d, %s, %p", fd, cmd_str, arg)
}
-probe nd_syscall.fcntl.return = kprobe.function("sys_fcntl").return ?,
+probe nd_syscall.fcntl.return = kprobe.function("compat_sys_fcntl").return ?,
+ kprobe.function("compat_sys_fcntl64").return ?,
kprobe.function("sys_fcntl64").return ?,
- kprobe.function("compat_sys_fcntl").return ?,
- kprobe.function("compat_sys_fcntl64").return ?
+ kprobe.function("SyS_fcntl").return !,
+ kprobe.function("sys_fcntl").return ?
{
name = "fcntl"
retstr = returnstr(1)
@@ -1134,7 +1215,8 @@ probe nd_syscall.fcntl.return = kprobe.function("sys_fcntl").return ?,
# fdatasync __________________________________________________
# long sys_fdatasync(unsigned int fd)
-probe nd_syscall.fdatasync = kprobe.function("sys_fdatasync")
+probe nd_syscall.fdatasync = kprobe.function("SyS_fdatasync") !,
+ kprobe.function("sys_fdatasync")
{
name = "fdatasync"
// fd = $fd
@@ -1142,7 +1224,8 @@ probe nd_syscall.fdatasync = kprobe.function("sys_fdatasync")
fd = int_arg(1)
argstr = sprint(fd)
}
-probe nd_syscall.fdatasync.return = kprobe.function("sys_fdatasync").return
+probe nd_syscall.fdatasync.return = kprobe.function("SyS_fdatasync").return !,
+ kprobe.function("sys_fdatasync").return
{
name = "fdatasync"
retstr = returnstr(1)
@@ -1151,7 +1234,8 @@ probe nd_syscall.fdatasync.return = kprobe.function("sys_fdatasync").return
# fgetxattr __________________________________________________
# ssize_t sys_fgetxattr(int fd, char __user *name,
# void __user *value, size_t size)
-probe nd_syscall.fgetxattr = kprobe.function("sys_fgetxattr")
+probe nd_syscall.fgetxattr = kprobe.function("SyS_fgetxattr") !,
+ kprobe.function("sys_fgetxattr")
{
name = "fgetxattr"
// filedes = $fd
@@ -1167,14 +1251,16 @@ probe nd_syscall.fgetxattr = kprobe.function("sys_fgetxattr")
size = ulong_arg(4)
argstr = sprintf("%d, %s, %p, %d", filedes, user_string_quoted(pointer_arg(2)), value_uaddr, size)
}
-probe nd_syscall.fgetxattr.return = kprobe.function("sys_fgetxattr").return
+probe nd_syscall.fgetxattr.return = kprobe.function("SyS_fgetxattr").return !,
+ kprobe.function("sys_fgetxattr").return
{
name = "fgetxattr"
retstr = returnstr(1)
}
# flistxattr _________________________________________________
# ssize_t sys_flistxattr(int fd, char __user *list, size_t size)
-probe nd_syscall.flistxattr = kprobe.function("sys_flistxattr")
+probe nd_syscall.flistxattr = kprobe.function("SyS_flistxattr") !,
+ kprobe.function("sys_flistxattr")
{
name = "flistxattr"
// filedes = $fd
@@ -1186,7 +1272,8 @@ probe nd_syscall.flistxattr = kprobe.function("sys_flistxattr")
size = ulong_arg(3)
argstr = sprintf("%d, %p, %d", filedes, list_uaddr, size)
}
-probe nd_syscall.flistxattr.return = kprobe.function("sys_flistxattr").return
+probe nd_syscall.flistxattr.return = kprobe.function("SyS_flistxattr").return !,
+ kprobe.function("sys_flistxattr").return
{
name = "flistxattr"
retstr = returnstr(1)
@@ -1194,7 +1281,8 @@ probe nd_syscall.flistxattr.return = kprobe.function("sys_flistxattr").return
# flock ______________________________________________________
# long sys_flock(unsigned int fd, unsigned int cmd)
-probe nd_syscall.flock = kprobe.function("sys_flock")
+probe nd_syscall.flock = kprobe.function("SyS_flock") !,
+ kprobe.function("sys_flock")
{
name = "flock"
// fd = $fd
@@ -1204,7 +1292,8 @@ probe nd_syscall.flock = kprobe.function("sys_flock")
operation = int_arg(2)
argstr = sprintf("%d, %s", fd, _flock_cmd_str(operation))
}
-probe nd_syscall.flock.return = kprobe.function("sys_flock").return
+probe nd_syscall.flock.return = kprobe.function("SyS_flock").return !,
+ kprobe.function("sys_flock").return
{
name = "flock"
retstr = returnstr(1)
@@ -1284,7 +1373,8 @@ probe nd_syscall.fork.return = kprobe.function("do_fork").return
}
# fremovexattr _______________________________________________
# long sys_fremovexattr(int fd, char __user *name)
-probe nd_syscall.fremovexattr = kprobe.function("sys_fremovexattr")
+probe nd_syscall.fremovexattr = kprobe.function("SyS_fremovexattr") !,
+ kprobe.function("sys_fremovexattr")
{
name = "fremovexattr"
// filedes = $fd
@@ -1296,7 +1386,8 @@ probe nd_syscall.fremovexattr = kprobe.function("sys_fremovexattr")
name2 = user_string(pointer_arg(2))
argstr = sprintf("%d, %s", filedes, user_string_quoted(pointer_arg(2)))
}
-probe nd_syscall.fremovexattr.return = kprobe.function("sys_fremovexattr").return
+probe nd_syscall.fremovexattr.return = kprobe.function("SyS_fremovexattr").return !,
+ kprobe.function("sys_fremovexattr").return
{
name = "fremovexattr"
retstr = returnstr(1)
@@ -1311,7 +1402,8 @@ probe nd_syscall.fremovexattr.return = kprobe.function("sys_fremovexattr").retur
* size_t size,
* int flags)
*/
-probe nd_syscall.fsetxattr = kprobe.function("sys_fsetxattr")
+probe nd_syscall.fsetxattr = kprobe.function("SyS_fsetxattr") !,
+ kprobe.function("sys_fsetxattr")
{
name = "fsetxattr"
// filedes = $fd
@@ -1329,7 +1421,8 @@ probe nd_syscall.fsetxattr = kprobe.function("sys_fsetxattr")
flags = int_arg(5)
argstr = sprintf("%d, %s, %p, %d, %p", filedes, user_string_quoted(pointer_arg(2)), value_uaddr, size, flags)
}
-probe nd_syscall.fsetxattr.return = kprobe.function("sys_fsetxattr").return
+probe nd_syscall.fsetxattr.return = kprobe.function("SyS_fsetxattr").return !,
+ kprobe.function("sys_fsetxattr").return
{
name = "fsetxattr"
retstr = returnstr(1)
@@ -1345,8 +1438,10 @@ probe nd_syscall.fsetxattr.return = kprobe.function("sys_fsetxattr").return
# long compat_sys_newfstat(unsigned int fd, struct compat_stat __user * statbuf)
#
probe nd_syscall.fstat = kprobe.function("sys_fstat") ?,
+ kprobe.function("SyS_fstat64") ?,
kprobe.function("sys_fstat64") ?,
kprobe.function("sys32_fstat64") ?,
+ kprobe.function("SyS_newfstat") ?,
kprobe.function("sys_newfstat") ?,
kprobe.function("sys_oabi_fstat64") ?,
kprobe.function("compat_sys_newfstat") ?
@@ -1361,8 +1456,10 @@ probe nd_syscall.fstat = kprobe.function("sys_fstat") ?,
argstr = sprintf("%d, %p", filedes, buf_uaddr)
}
probe nd_syscall.fstat.return = kprobe.function("sys_fstat").return ?,
+ kprobe.function("SyS_fstat64").return ?,
kprobe.function("sys_fstat64").return ?,
kprobe.function("sys32_fstat64").return ?,
+ kprobe.function("SyS_newfstat").return ?,
kprobe.function("sys_newfstat").return ?,
kprobe.function("sys_oabi_fstat64").return ?,
kprobe.function("compat_sys_newfstat").return ?
@@ -1376,7 +1473,9 @@ probe nd_syscall.fstat.return = kprobe.function("sys_fstat").return ?,
# long sys_newfstatat(int dfd, char __user *filename, struct stat __user *statbuf, int flag)
# long sys_fstatat64(int dfd, char __user *filename, struct stat64 __user *statbuf, int flag)
# long compat_sys_newfstatat(unsigned int dfd, char __user *filename, struct compat_stat __user *statbuf, int flag)
-probe nd_syscall.fstatat = kprobe.function("sys_fstatat64") ?,
+probe nd_syscall.fstatat = kprobe.function("SyS_fstatat64") ?,
+ kprobe.function("sys_fstatat64") ?,
+ kprobe.function("SyS_newfstatat") ?,
kprobe.function("sys_newfstatat") ?,
kprobe.function("compat_sys_newfstatat") ?,
kprobe.function("sys32_fstatat64") ?
@@ -1392,7 +1491,9 @@ probe nd_syscall.fstatat = kprobe.function("sys_fstatat64") ?,
buf_uaddr = pointer_arg(3)
argstr = sprintf("%s, %s, %p, %s", _dfd_str(dirfd), user_string_quoted(pointer_arg(2)), buf_uaddr, _at_flag_str(int_arg(4)))
}
-probe nd_syscall.fstatat.return = kprobe.function("sys_fstatat64").return ?,
+probe nd_syscall.fstatat.return = kprobe.function("SyS_fstatat64").return ?,
+ kprobe.function("sys_fstatat64").return ?,
+ kprobe.function("SyS_newfstatat").return ?,
kprobe.function("sys_newfstatat").return ?,
kprobe.function("compat_sys_newfstatat").return ?,
kprobe.function("sys32_fstatat64").return ?
@@ -1405,8 +1506,9 @@ probe nd_syscall.fstatat.return = kprobe.function("sys_fstatat64").return ?,
# long sys_fstatfs(unsigned int fd, struct statfs __user * buf)
# long compat_sys_fstatfs(unsigned int fd, struct compat_statfs __user *buf)
#
-probe nd_syscall.fstatfs = kprobe.function("sys_fstatfs"),
- kprobe.function("compat_sys_fstatfs") ?
+probe nd_syscall.fstatfs = kprobe.function("compat_sys_fstatfs") ?,
+ kprobe.function("SyS_fstatfs") !,
+ kprobe.function("sys_fstatfs")
{
name = "fstatfs"
// fd = $fd
@@ -1417,8 +1519,9 @@ probe nd_syscall.fstatfs = kprobe.function("sys_fstatfs"),
buf_uaddr = pointer_arg(2)
argstr = sprintf("%d, %p", fd, buf_uaddr)
}
-probe nd_syscall.fstatfs.return = kprobe.function("sys_fstatfs").return,
- kprobe.function("compat_sys_fstatfs").return ?
+probe nd_syscall.fstatfs.return = kprobe.function("compat_sys_fstatfs").return ?,
+ kprobe.function("SyS_fstatfs").return !,
+ kprobe.function("sys_fstatfs").return
{
name = "fstatfs"
retstr = returnstr(1)
@@ -1428,8 +1531,9 @@ probe nd_syscall.fstatfs.return = kprobe.function("sys_fstatfs").return,
# long sys_fstatfs64(unsigned int fd, size_t sz, struct statfs64 __user *buf)
# long compat_sys_fstatfs64(unsigned int fd, compat_size_t sz, struct compat_statfs64 __user *buf)
#
-probe nd_syscall.fstatfs64 = kprobe.function("sys_fstatfs64") ?,
- kprobe.function("compat_sys_fstatfs64") ?
+probe nd_syscall.fstatfs64 = kprobe.function("compat_sys_fstatfs64") ?,
+ kprobe.function("SyS_fstatfs64") !,
+ kprobe.function("sys_fstatfs64") ?
{
name = "fstatfs"
// fd = $fd
@@ -1442,8 +1546,9 @@ probe nd_syscall.fstatfs64 = kprobe.function("sys_fstatfs64") ?,
buf_uaddr = pointer_arg(3)
argstr = sprintf("%d, %d, %p", fd, sz, buf_uaddr)
}
-probe nd_syscall.fstatfs64.return = kprobe.function("sys_fstatfs64").return ?,
- kprobe.function("compat_sys_fstatfs64").return ?
+probe nd_syscall.fstatfs64.return = kprobe.function("compat_sys_fstatfs64").return ?,
+ kprobe.function("SyS_fstatfs64").return !,
+ kprobe.function("sys_fstatfs64").return ?
{
name = "fstatfs"
retstr = returnstr(1)
@@ -1451,7 +1556,8 @@ probe nd_syscall.fstatfs64.return = kprobe.function("sys_fstatfs64").return ?,
# fsync ______________________________________________________
# long sys_fsync(unsigned int fd)
-probe nd_syscall.fsync = kprobe.function("sys_fsync")
+probe nd_syscall.fsync = kprobe.function("SyS_fsync") !,
+ kprobe.function("sys_fsync")
{
name = "fsync"
// fd = $fd
@@ -1459,14 +1565,16 @@ probe nd_syscall.fsync = kprobe.function("sys_fsync")
fd = int_arg(1)
argstr = sprint(fd)
}
-probe nd_syscall.fsync.return = kprobe.function("sys_fsync").return
+probe nd_syscall.fsync.return = kprobe.function("SyS_fsync").return !,
+ kprobe.function("sys_fsync").return
{
name = "fsync"
retstr = returnstr(1)
}
# ftruncate __________________________________________________
# long sys_ftruncate(unsigned int fd, unsigned long length)
-probe nd_syscall.ftruncate = kprobe.function("sys_ftruncate")
+probe nd_syscall.ftruncate = kprobe.function("SyS_ftruncate") !,
+ kprobe.function("sys_ftruncate")
{
name = "ftruncate"
// fd = $fd
@@ -1476,7 +1584,8 @@ probe nd_syscall.ftruncate = kprobe.function("sys_ftruncate")
length = ulong_arg(2)
argstr = sprintf("%d, %d", fd, length)
}
-probe nd_syscall.ftruncate.return = kprobe.function("sys_ftruncate").return
+probe nd_syscall.ftruncate.return = kprobe.function("SyS_ftruncate").return !,
+ kprobe.function("sys_ftruncate").return
{
name = "ftruncate"
retstr = returnstr(1)
@@ -1511,7 +1620,8 @@ probe nd_syscall.ftruncate64.return = kprobe.function("sys_ftruncate64").return
# struct compat_timespec __user *utime, u32 __user *uaddr2,
# u32 val3)
#
-probe nd_syscall.futex = kprobe.function("sys_futex") ?
+probe nd_syscall.futex = kprobe.function("SyS_futex") !,
+ kprobe.function("sys_futex") ?
{
name = "futex"
// futex_uaddr = $uaddr
@@ -1541,7 +1651,8 @@ probe nd_syscall.futex = kprobe.function("sys_futex") ?
argstr = sprintf("%p, %s, %d", futex_uaddr,
_futex_op_str(op), val)
}
-probe nd_syscall.futex.return = kprobe.function("sys_futex").return ?
+probe nd_syscall.futex.return = kprobe.function("SyS_futex").return !,
+ kprobe.function("sys_futex").return ?
{
name = "futex"
retstr = returnstr(1)
@@ -1588,7 +1699,8 @@ probe nd_syscall.compat_futex.return = kprobe.function("compat_sys_futex").retur
# long compat_sys_futimesat(unsigned int dfd, char __user *filename, struct compat_timeval __user *t)
#
-probe nd_syscall.futimesat = kprobe.function("sys_futimesat") ?
+probe nd_syscall.futimesat = kprobe.function("SyS_futimesat") !,
+ kprobe.function("sys_futimesat") ?
{
name = "futimesat"
// dirfd = $dfd
@@ -1622,7 +1734,8 @@ probe nd_syscall.compat_futimesat = kprobe.function("compat_sys_futimesat") ?
argstr = sprintf("%s, %s, %s", _dfd_str(uint_arg(1)), user_string_quoted(pointer_arg(2)),
_struct_compat_timeval_u(pointer_arg(3), 2))
}
-probe nd_syscall.futimesat.return = kprobe.function("sys_futimesat").return ?
+probe nd_syscall.futimesat.return = kprobe.function("SyS_futimesat").return !,
+ kprobe.function("sys_futimesat").return ?
{
name = "futimesat"
retstr = returnstr(1)
@@ -1635,7 +1748,8 @@ probe nd_syscall.compat_futimesat.return = kprobe.function("compat_sys_futimesat
# getcwd _____________________________________________________
# long sys_getcwd(char __user *buf, unsigned long size)
-probe nd_syscall.getcwd = kprobe.function("sys_getcwd")
+probe nd_syscall.getcwd = kprobe.function("SyS_getcwd") !,
+ kprobe.function("sys_getcwd")
{
name = "getcwd"
// buf_uaddr = $buf
@@ -1645,7 +1759,8 @@ probe nd_syscall.getcwd = kprobe.function("sys_getcwd")
size = ulong_arg(2)
argstr = sprintf("%p, %d", buf_uaddr, size)
}
-probe nd_syscall.getcwd.return = kprobe.function("sys_getcwd").return
+probe nd_syscall.getcwd.return = kprobe.function("SyS_getcwd").return !,
+ kprobe.function("sys_getcwd").return
{
name = "getcwd"
retstr = returnstr(1)
@@ -1657,7 +1772,9 @@ probe nd_syscall.getcwd.return = kprobe.function("sys_getcwd").return
# long sys_getdents64(unsigned int fd, struct linux_dirent64 __user * dirent, unsigned int count)
# long compat_sys_getdents64(unsigned int fd, struct linux_dirent64 __user * dirent, unsigned int count)
#
-probe nd_syscall.getdents = kprobe.function("sys_getdents") ?,
+probe nd_syscall.getdents = kprobe.function("SyS_getdents") ?,
+ kprobe.function("sys_getdents") ?,
+ kprobe.function("SyS_getdents64") ?,
kprobe.function("sys_getdents64") ?,
kprobe.function("compat_sys_getdents") ?,
kprobe.function("compat_sys_getdents64") ?
@@ -1673,7 +1790,9 @@ probe nd_syscall.getdents = kprobe.function("sys_getdents") ?,
count = uint_arg(3)
argstr = sprintf("%d, %p, %d", fd, dirp_uaddr, count)
}
-probe nd_syscall.getdents.return = kprobe.function("sys_getdents").return ?,
+probe nd_syscall.getdents.return = kprobe.function("SyS_getdents").return ?,
+ kprobe.function("sys_getdents").return ?,
+ kprobe.function("SyS_getdents64").return ?,
kprobe.function("sys_getdents64").return ?,
kprobe.function("compat_sys_getdents").return ?,
kprobe.function("compat_sys_getdents64").return ?
@@ -1745,9 +1864,10 @@ probe nd_syscall.getgid.return = kprobe.function("sys_getgid16").return ?,
# long sys_getgroups16(int gidsetsize, old_gid_t __user *grouplist)
# long sys32_getgroups16(int gidsetsize, u16 __user *grouplist)
#
-probe nd_syscall.getgroups = kprobe.function("sys_getgroups") ?,
- kprobe.function("sys_getgroups16") ?,
- kprobe.function("sys32_getgroups16") ?
+probe nd_syscall.getgroups = kprobe.function("sys_getgroups16") ?,
+ kprobe.function("sys32_getgroups16") ?,
+ kprobe.function("SyS_getgroups") !,
+ kprobe.function("sys_getgroups") ?
{
name = "getgroups"
// size = $gidsetsize
@@ -1758,9 +1878,10 @@ probe nd_syscall.getgroups = kprobe.function("sys_getgroups") ?,
list_uaddr = pointer_arg(2)
argstr = sprintf("%d, %p", size, list_uaddr)
}
-probe nd_syscall.getgroups.return = kprobe.function("sys_getgroups").return ?,
- kprobe.function("sys_getgroups16").return ?,
- kprobe.function("sys32_getgroups16").return ?
+probe nd_syscall.getgroups.return = kprobe.function("sys_getgroups16").return ?,
+ kprobe.function("sys32_getgroups16").return ?,
+ kprobe.function("SyS_getgroups").return !,
+ kprobe.function("sys_getgroups").return ?
{
name = "getgroups"
retstr = returnstr(1)
@@ -1768,7 +1889,8 @@ probe nd_syscall.getgroups.return = kprobe.function("sys_getgroups").return ?,
# gethostname ________________________________________________
# long sys_gethostname(char __user *name, int len)
-probe nd_syscall.gethostname = kprobe.function("sys_gethostname") ?
+probe nd_syscall.gethostname = kprobe.function("SyS_gethostname") !,
+ kprobe.function("sys_gethostname") ?
{
name = "gethostname"
// name_uaddr = $name
@@ -1778,7 +1900,8 @@ probe nd_syscall.gethostname = kprobe.function("sys_gethostname") ?
len = int_arg(2)
argstr = sprintf ("%p, %d", name_uaddr, len)
}
-probe nd_syscall.gethostname.return = kprobe.function("sys_gethostname").return ?
+probe nd_syscall.gethostname.return = kprobe.function("SyS_gethostname").return !,
+ kprobe.function("sys_gethostname").return ?
{
name = "gethostname"
retstr = returnstr(1)
@@ -1787,7 +1910,8 @@ probe nd_syscall.gethostname.return = kprobe.function("sys_gethostname").return
# getitimer __________________________________________________
# sys_getitimer(int which, struct itimerval __user *value)
#
-probe nd_syscall.getitimer = kprobe.function("sys_getitimer")
+probe nd_syscall.getitimer = kprobe.function("SyS_getitimer") !,
+ kprobe.function("sys_getitimer")
{
name = "getitimer"
// which = $which
@@ -1798,7 +1922,8 @@ probe nd_syscall.getitimer = kprobe.function("sys_getitimer")
value_uaddr = pointer_arg(2)
argstr = sprintf("%s, %p", _itimer_which_str(which), value_uaddr)
}
-probe nd_syscall.getitimer.return = kprobe.function("sys_getitimer").return
+probe nd_syscall.getitimer.return = kprobe.function("SyS_getitimer").return !,
+ kprobe.function("sys_getitimer").return
{
name = "getitimer"
retstr = returnstr(1)
@@ -1832,8 +1957,9 @@ probe nd_syscall.compat_getitimer.return = kprobe.function("compat_sys_getitimer
# compat_ulong_t maxnode,
# compat_ulong_t addr, compat_ulong_t flags)
#
-probe nd_syscall.get_mempolicy = kprobe.function("sys_get_mempolicy") ?,
- kprobe.function("compat_sys_get_mempolicy") ?
+probe nd_syscall.get_mempolicy = kprobe.function("compat_sys_get_mempolicy") ?,
+ kprobe.function("SyS_get_mempolicy") !,
+ kprobe.function("sys_get_mempolicy") ?
{
name = "get_mempolicy"
// policy_uaddr = $policy
@@ -1852,8 +1978,9 @@ probe nd_syscall.get_mempolicy = kprobe.function("sys_get_mempolicy") ?,
argstr = sprintf("%p, %p, %d, %p, 0x%x", policy_uaddr,
nmask_uaddr, maxnode, addr, flags)
}
-probe nd_syscall.get_mempolicy.return = kprobe.function("sys_get_mempolicy").return ?,
- kprobe.function("compat_sys_get_mempolicy").return ?
+probe nd_syscall.get_mempolicy.return = kprobe.function("compat_sys_get_mempolicy").return ?,
+ kprobe.function("SyS_get_mempolicy").return !,
+ kprobe.function("sys_get_mempolicy").return ?
{
name = "get_mempolicy"
retstr = returnstr(1)
@@ -1862,7 +1989,8 @@ probe nd_syscall.get_mempolicy.return = kprobe.function("sys_get_mempolicy").ret
# getpeername ________________________________________________
# long sys_getpeername(int fd, struct sockaddr __user *usockaddr, int __user *usockaddr_len)
#
-probe nd_syscall.getpeername = kprobe.function("sys_getpeername") ?
+probe nd_syscall.getpeername = kprobe.function("SyS_getpeername") !,
+ kprobe.function("sys_getpeername") ?
{
name = "getpeername"
// s = $fd
@@ -1875,7 +2003,8 @@ probe nd_syscall.getpeername = kprobe.function("sys_getpeername") ?
namelen_uaddr = pointer_arg(3)
argstr = sprintf("%d, %p, %p", s, name_uaddr, namelen_uaddr)
}
-probe nd_syscall.getpeername.return = kprobe.function("sys_getpeername").return ?
+probe nd_syscall.getpeername.return = kprobe.function("SyS_getpeername").return !,
+ kprobe.function("sys_getpeername").return ?
{
name = "getpeername"
retstr = returnstr(1)
@@ -1883,7 +2012,8 @@ probe nd_syscall.getpeername.return = kprobe.function("sys_getpeername").return
# getpgid ____________________________________________________
# long sys_getpgid(pid_t pid)
-probe nd_syscall.getpgid = kprobe.function("sys_getpgid")
+probe nd_syscall.getpgid = kprobe.function("SyS_getpgid") !,
+ kprobe.function("sys_getpgid")
{
name = "getpgid"
// pid = $pid
@@ -1892,7 +2022,8 @@ probe nd_syscall.getpgid = kprobe.function("sys_getpgid")
pid = int_arg(1)
argstr = sprintf("%d", pid)
}
-probe nd_syscall.getpgid.return = kprobe.function("sys_getpgid").return
+probe nd_syscall.getpgid.return = kprobe.function("SyS_getpgid").return !,
+ kprobe.function("sys_getpgid").return
{
name = "getpgid"
retstr = returnstr(1)
@@ -1939,7 +2070,8 @@ probe nd_syscall.getppid.return = kprobe.function("sys_getppid").return
# getpriority ________________________________________________
# long sys_getpriority(int which, int who)
-probe nd_syscall.getpriority = kprobe.function("sys_getpriority")
+probe nd_syscall.getpriority = kprobe.function("SyS_getpriority") !,
+ kprobe.function("sys_getpriority")
{
name = "getpriority"
// which = $which
@@ -1949,7 +2081,8 @@ probe nd_syscall.getpriority = kprobe.function("sys_getpriority")
who = int_arg(2)
argstr = sprintf("%s, %d", _priority_which_str(which), who)
}
-probe nd_syscall.getpriority.return = kprobe.function("sys_getpriority").return
+probe nd_syscall.getpriority.return = kprobe.function("SyS_getpriority").return !,
+ kprobe.function("sys_getpriority").return
{
name = "getpriority"
retstr = returnstr(1)
@@ -1963,6 +2096,7 @@ probe nd_syscall.getpriority.return = kprobe.function("sys_getpriority").return
# old_uid_t __user *egid,
# old_uid_t __user *sgid)
probe nd_syscall.getresgid = kprobe.function("sys_getresgid16") ?,
+ kprobe.function("SyS_getresgid") !,
kprobe.function("sys_getresgid")
{
name = "getresgid"
@@ -1977,6 +2111,7 @@ probe nd_syscall.getresgid = kprobe.function("sys_getresgid16") ?,
argstr = sprintf("%p, %p, %p", rgid_uaddr, egid_uaddr, sgid_uaddr)
}
probe nd_syscall.getresgid.return = kprobe.function("sys_getresgid16").return ?,
+ kprobe.function("SyS_getresgid").return !,
kprobe.function("sys_getresgid").return
{
name = "getresgid"
@@ -1988,6 +2123,7 @@ probe nd_syscall.getresgid.return = kprobe.function("sys_getresgid16").return ?,
# uid_t __user *euid,
# uid_t __user *suid)
probe nd_syscall.getresuid = kprobe.function("sys_getresuid16") ?,
+ kprobe.function("SyS_getresuid") !,
kprobe.function("sys_getresuid")
{
name = "getresuid"
@@ -2002,6 +2138,7 @@ probe nd_syscall.getresuid = kprobe.function("sys_getresuid16") ?,
argstr = sprintf("%p, %p, %p", ruid_uaddr, euid_uaddr, suid_uaddr)
}
probe nd_syscall.getresuid.return = kprobe.function("sys_getresuid16").return ?,
+ kprobe.function("SyS_getresuid").return !,
kprobe.function("sys_getresuid").return
{
name = "getresuid"
@@ -2012,7 +2149,9 @@ probe nd_syscall.getresuid.return = kprobe.function("sys_getresuid16").return ?,
# long sys_getrlimit(unsigned int resource, struct rlimit __user *rlim)
# long sys_old_getrlimit(unsigned int resource, struct rlimit __user *rlim)
# long compat_sys_getrlimit (unsigned int resource, struct compat_rlimit __user *rlim)
-probe nd_syscall.getrlimit = kprobe.function("sys_getrlimit"),
+probe nd_syscall.getrlimit = kprobe.function("SyS_getrlimit") ?,
+ kprobe.function("sys_getrlimit") ?,
+ kprobe.function("SyS_old_getrlimit") ?,
kprobe.function("sys_old_getrlimit") ?,
kprobe.function("compat_sys_getrlimit") ?
{
@@ -2025,7 +2164,9 @@ probe nd_syscall.getrlimit = kprobe.function("sys_getrlimit"),
rlim_uaddr = pointer_arg(2)
argstr = sprintf("%s, %p", _rlimit_resource_str(resource), rlim_uaddr)
}
-probe nd_syscall.getrlimit.return = kprobe.function("sys_getrlimit").return,
+probe nd_syscall.getrlimit.return = kprobe.function("SyS_getrlimit").return ?,
+ kprobe.function("sys_getrlimit").return ?,
+ kprobe.function("SyS_old_getrlimit").return ?,
kprobe.function("sys_old_getrlimit").return ?,
kprobe.function("compat_sys_getrlimit").return ?
{
@@ -2035,7 +2176,8 @@ probe nd_syscall.getrlimit.return = kprobe.function("sys_getrlimit").return,
# getrusage __________________________________________________
# long sys_getrusage(int who, struct rusage __user *ru)
-probe nd_syscall.getrusage = kprobe.function("sys_getrusage")
+probe nd_syscall.getrusage = kprobe.function("SyS_getrusage") !,
+ kprobe.function("sys_getrusage")
{
name = "getrusage"
// who = $who
@@ -2055,7 +2197,8 @@ probe nd_syscall.getrusage = kprobe.function("sys_getrusage")
usage_uaddr = pointer_arg(2)
argstr = sprintf("%s, %p", who_str, usage_uaddr)
}
-probe nd_syscall.getrusage.return = kprobe.function("sys_getrusage").return
+probe nd_syscall.getrusage.return = kprobe.function("SyS_getrusage").return !,
+ kprobe.function("sys_getrusage").return
{
name = "getrusage"
retstr = returnstr(1)
@@ -2063,7 +2206,8 @@ probe nd_syscall.getrusage.return = kprobe.function("sys_getrusage").return
# getsid _____________________________________________________
# long sys_getsid(pid_t pid)
-probe nd_syscall.getsid = kprobe.function("sys_getsid")
+probe nd_syscall.getsid = kprobe.function("SyS_getsid") !,
+ kprobe.function("sys_getsid")
{
name = "getsid"
// pid = $pid
@@ -2071,7 +2215,8 @@ probe nd_syscall.getsid = kprobe.function("sys_getsid")
pid = int_arg(1)
argstr = sprint(pid)
}
-probe nd_syscall.getsid.return = kprobe.function("sys_getsid").return
+probe nd_syscall.getsid.return = kprobe.function("SyS_getsid").return !,
+ kprobe.function("sys_getsid").return
{
name = "getsid"
retstr = returnstr(1)
@@ -2081,7 +2226,8 @@ probe nd_syscall.getsid.return = kprobe.function("sys_getsid").return
# long sys_getsockname(int fd,
# struct sockaddr __user *usockaddr,
# int __user *usockaddr_len)
-probe nd_syscall.getsockname = kprobe.function("sys_getsockname") ?
+probe nd_syscall.getsockname = kprobe.function("SyS_getsockname") !,
+ kprobe.function("sys_getsockname") ?
{
name = "getsockname"
// s = $fd
@@ -2094,7 +2240,8 @@ probe nd_syscall.getsockname = kprobe.function("sys_getsockname") ?
namelen_uaddr = pointer_arg(3)
argstr = sprintf("%d, %p, %p", s, name_uaddr, namelen_uaddr)
}
-probe nd_syscall.getsockname.return = kprobe.function("sys_getsockname").return ?
+probe nd_syscall.getsockname.return = kprobe.function("SyS_getsockname").return !,
+ kprobe.function("sys_getsockname").return ?
{
name = "getsockname"
retstr = returnstr(1)
@@ -2107,8 +2254,9 @@ probe nd_syscall.getsockname.return = kprobe.function("sys_getsockname").return
# char __user *optval,
# int __user *optlen)
#
-probe nd_syscall.getsockopt = kprobe.function("sys_getsockopt") ?,
- kprobe.function("compat_sys_getsockopt") ?
+probe nd_syscall.getsockopt = kprobe.function("compat_sys_getsockopt") ?,
+ kprobe.function("SyS_getsockopt") !,
+ kprobe.function("sys_getsockopt") ?
{
name = "getsockopt"
// fd = $fd
@@ -2131,8 +2279,9 @@ probe nd_syscall.getsockopt = kprobe.function("sys_getsockopt") ?,
argstr = sprintf("%d, %s, %s, %p, %p", fd, _sockopt_level_str(level),
_sockopt_optname_str(optname), optval_uaddr, optlen_uaddr)
}
-probe nd_syscall.getsockopt.return = kprobe.function("sys_getsockopt").return ?,
- kprobe.function("compat_sys_getsockopt").return ?
+probe nd_syscall.getsockopt.return = kprobe.function("compat_sys_getsockopt").return ?,
+ kprobe.function("SyS_getsockopt").return !,
+ kprobe.function("sys_getsockopt").return ?
{
name = "getsockopt"
retstr = returnstr(1)
@@ -2158,9 +2307,10 @@ probe nd_syscall.gettid.return = kprobe.function("sys_gettid").return
# struct timezone __user *tz)
# long compat_sys_gettimeofday(struct compat_timeval __user *tv,
# struct timezone __user *tz)
-probe nd_syscall.gettimeofday = kprobe.function("sys_gettimeofday"),
+probe nd_syscall.gettimeofday = kprobe.function("compat_sys_gettimeofday") ?,
kprobe.function("sys32_gettimeofday") ?,
- kprobe.function("compat_sys_gettimeofday") ?
+ kprobe.function("SyS_gettimeofday") !,
+ kprobe.function("sys_gettimeofday")
{
name = "gettimeofday"
// tv_uaddr = $tv
@@ -2172,9 +2322,10 @@ probe nd_syscall.gettimeofday = kprobe.function("sys_gettimeofday"),
argstr = sprintf("%p, %p", tv_uaddr, tz_uaddr)
}
-probe nd_syscall.gettimeofday.return = kprobe.function("sys_gettimeofday").return,
+probe nd_syscall.gettimeofday.return = kprobe.function("compat_sys_gettimeofday").return ?,
kprobe.function("sys32_gettimeofday").return ?,
- kprobe.function("compat_sys_gettimeofday").return ?
+ kprobe.function("SyS_gettimeofday").return !,
+ kprobe.function("sys_gettimeofday").return
{
name = "gettimeofday"
retstr = returnstr(1)
@@ -2203,7 +2354,8 @@ probe nd_syscall.getuid.return = kprobe.function("sys_getuid16").return ?,
# getxattr ___________________________________________________
# ssize_t sys_getxattr(char __user *path, char __user *name,
# void __user *value, size_t size)
-probe nd_syscall.getxattr = kprobe.function("sys_getxattr")
+probe nd_syscall.getxattr = kprobe.function("SyS_getxattr") !,
+ kprobe.function("sys_getxattr")
{
name = "getxattr"
// %( kernel_v >= "2.6.27" %?
@@ -2233,7 +2385,8 @@ probe nd_syscall.getxattr = kprobe.function("sys_getxattr")
user_string_quoted(pointer_arg(2)),
value_uaddr, size)
}
-probe nd_syscall.getxattr.return = kprobe.function("sys_getxattr").return
+probe nd_syscall.getxattr.return = kprobe.function("SyS_getxattr").return !,
+ kprobe.function("sys_getxattr").return
{
name = "getxattr"
retstr = returnstr(1)
@@ -2244,7 +2397,8 @@ probe nd_syscall.getxattr.return = kprobe.function("sys_getxattr").return
# unsigned long len,
# const char __user *uargs)
#
-probe nd_syscall.init_module = kprobe.function("sys_init_module") ?
+probe nd_syscall.init_module = kprobe.function("SyS_init_module") !,
+ kprobe.function("sys_init_module") ?
{
name = "init_module"
// umod_uaddr = $umod
@@ -2257,7 +2411,8 @@ probe nd_syscall.init_module = kprobe.function("sys_init_module") ?
uargs = user_string(pointer_arg(3))
argstr = sprintf("%p, %d, %s", umod_uaddr, len, user_string_quoted(pointer_arg(4)))
}
-probe nd_syscall.init_module.return = kprobe.function("sys_init_module").return ?
+probe nd_syscall.init_module.return = kprobe.function("SyS_init_module").return !,
+ kprobe.function("sys_init_module").return ?
{
name = "init_module"
retstr = returnstr(1)
@@ -2267,7 +2422,8 @@ probe nd_syscall.init_module.return = kprobe.function("sys_init_module").return
#
# long sys_inotify_add_watch(int fd, const char __user *path, u32 mask)
#
-probe nd_syscall.inotify_add_watch = kprobe.function("sys_inotify_add_watch") ?
+probe nd_syscall.inotify_add_watch = kprobe.function("SyS_inotify_add_watch") !,
+ kprobe.function("sys_inotify_add_watch") ?
{
name = "inotify_add_watch"
// fd = $fd
@@ -2288,7 +2444,8 @@ probe nd_syscall.inotify_add_watch = kprobe.function("sys_inotify_add_watch") ?
mask = uint_arg(3)
argstr = sprintf("%d, %s, %d", fd, user_string_quoted(path_uaddr), mask)
}
-probe nd_syscall.inotify_add_watch.return = kprobe.function("sys_inotify_add_watch").return ?
+probe nd_syscall.inotify_add_watch.return = kprobe.function("SyS_inotify_add_watch").return !,
+ kprobe.function("sys_inotify_add_watch").return ?
{
name = "inotify_add_watch"
retstr = returnstr(1)
@@ -2313,7 +2470,8 @@ probe nd_syscall.inotify_init.return = kprobe.function("sys_inotify_init").retur
#
# long sys_inotify_rm_watch(int fd, u32 wd)
#
-probe nd_syscall.inotify_rm_watch = kprobe.function("sys_inotify_rm_watch") ?
+probe nd_syscall.inotify_rm_watch = kprobe.function("SyS_inotify_rm_watch") !,
+ kprobe.function("sys_inotify_rm_watch") ?
{
name = "inotify_rm_watch"
// fd = $fd
@@ -2324,7 +2482,8 @@ probe nd_syscall.inotify_rm_watch = kprobe.function("sys_inotify_rm_watch") ?
wd = uint_arg(2)
argstr = sprintf("%d, %d", fd, wd)
}
-probe nd_syscall.inotify_rm_watch.return = kprobe.function("sys_inotify_rm_watch").return ?
+probe nd_syscall.inotify_rm_watch.return = kprobe.function("SyS_inotify_rm_watch").return !,
+ kprobe.function("sys_inotify_rm_watch").return ?
{
name = "inotify_rm_watch"
retstr = returnstr(1)
@@ -2334,7 +2493,8 @@ probe nd_syscall.inotify_rm_watch.return = kprobe.function("sys_inotify_rm_watch
# long sys_io_cancel(aio_context_t ctx_id,
# struct iocb __user *iocb,
# struct io_event __user *result)
-probe nd_syscall.io_cancel = kprobe.function("sys_io_cancel")
+probe nd_syscall.io_cancel = kprobe.function("SyS_io_cancel") !,
+ kprobe.function("sys_io_cancel")
{
name = "io_cancel"
// ctx_id = $ctx_id
@@ -2346,7 +2506,8 @@ probe nd_syscall.io_cancel = kprobe.function("sys_io_cancel")
result_uaddr = pointer_arg(3)
argstr = sprintf("%d, %p, %p", ctx_id, iocb_uaddr, result_uaddr)
}
-probe nd_syscall.io_cancel.return = kprobe.function("sys_io_cancel").return
+probe nd_syscall.io_cancel.return = kprobe.function("SyS_io_cancel").return !,
+ kprobe.function("sys_io_cancel").return
{
name = "io_cancel"
retstr = returnstr(1)
@@ -2356,8 +2517,9 @@ probe nd_syscall.io_cancel.return = kprobe.function("sys_io_cancel").return
# long sys_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg)
# long compat_sys_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg)
#
-probe nd_syscall.ioctl = kprobe.function("sys_ioctl") ?,
- kprobe.function("compat_sys_ioctl") ?
+probe nd_syscall.ioctl = kprobe.function("compat_sys_ioctl") ?,
+ kprobe.function("SyS_ioctl") !,
+ kprobe.function("sys_ioctl") ?
{
name = "ioctl"
// fd = $fd
@@ -2370,8 +2532,9 @@ probe nd_syscall.ioctl = kprobe.function("sys_ioctl") ?,
argp = ulong_arg(3)
argstr = sprintf("%d, %d, %p", fd, request, argp)
}
-probe nd_syscall.ioctl.return = kprobe.function("sys_ioctl").return ?,
- kprobe.function("compat_sys_ioctl").return ?
+probe nd_syscall.ioctl.return = kprobe.function("compat_sys_ioctl").return ?,
+ kprobe.function("SyS_ioctl").return !,
+ kprobe.function("sys_ioctl").return ?
{
name = "ioctl"
retstr = returnstr(1)
@@ -2379,7 +2542,8 @@ probe nd_syscall.ioctl.return = kprobe.function("sys_ioctl").return ?,
# io_destroy _________________________________________________
# long sys_io_destroy(aio_context_t ctx)
-probe nd_syscall.io_destroy = kprobe.function("sys_io_destroy")
+probe nd_syscall.io_destroy = kprobe.function("SyS_io_destroy") !,
+ kprobe.function("sys_io_destroy")
{
name = "io_destroy"
// ctx = $ctx
@@ -2387,7 +2551,8 @@ probe nd_syscall.io_destroy = kprobe.function("sys_io_destroy")
ctx = ulong_arg(1)
argstr = sprintf("%d", ctx)
}
-probe nd_syscall.io_destroy.return = kprobe.function("sys_io_destroy").return
+probe nd_syscall.io_destroy.return = kprobe.function("SyS_io_destroy").return !,
+ kprobe.function("sys_io_destroy").return
{
name = "io_destroy"
retstr = returnstr(1)
@@ -2405,8 +2570,9 @@ probe nd_syscall.io_destroy.return = kprobe.function("sys_io_destroy").return
# struct io_event __user *events,
# struct compat_timespec __user *timeout)
#
-probe nd_syscall.io_getevents = kprobe.function("sys_io_getevents") ?,
- kprobe.function("compat_sys_io_getevents") ?
+probe nd_syscall.io_getevents = kprobe.function("compat_sys_io_getevents") ?,
+ kprobe.function("SyS_io_getevents") !,
+ kprobe.function("sys_io_getevents") ?
{
name = "io_getevents"
// ctx_id = $ctx_id
@@ -2427,8 +2593,9 @@ probe nd_syscall.io_getevents = kprobe.function("sys_io_getevents") ?,
argstr = sprintf("%d, %d, %d, %p, %p, %s", ctx_id, min_nr,
nr, events_uaddr, timeout_uaddr, timestr)
}
-probe nd_syscall.io_getevents.return = kprobe.function("sys_io_getevents").return ?,
- kprobe.function("compat_sys_io_getevents").return ?
+probe nd_syscall.io_getevents.return = kprobe.function("compat_sys_io_getevents").return ?,
+ kprobe.function("SyS_io_getevents").return !,
+ kprobe.function("sys_io_getevents").return ?
{
name = "io_getevents"
retstr = returnstr(1)
@@ -2459,7 +2626,8 @@ probe nd_syscall.ioperm.return = kprobe.function("sys_ioperm").return ?
# io_setup ___________________________________________________
# long sys_io_setup(unsigned nr_events, aio_context_t __user *ctxp)
#
-probe nd_syscall.io_setup = kprobe.function("sys_io_setup")
+probe nd_syscall.io_setup = kprobe.function("SyS_io_setup") !,
+ kprobe.function("sys_io_setup")
{
name = "io_setup"
// maxevents = $nr_events
@@ -2471,7 +2639,8 @@ probe nd_syscall.io_setup = kprobe.function("sys_io_setup")
argstr = sprintf("%d, %p", maxevents, ctxp_uaddr)
}
-probe nd_syscall.io_setup.return = kprobe.function("sys_io_setup").return
+probe nd_syscall.io_setup.return = kprobe.function("SyS_io_setup").return !,
+ kprobe.function("sys_io_setup").return
{
name = "io_setup"
retstr = returnstr(1)
@@ -2499,7 +2668,8 @@ probe nd_syscall.compat_io_setup.return = kprobe.function("compat_sys_io_setup")
# io_submit __________________________________________________
# long sys_io_submit(aio_context_t ctx_id, long nr, struct iocb __user * __user *iocbpp)
#
-probe nd_syscall.io_submit = kprobe.function("sys_io_submit")
+probe nd_syscall.io_submit = kprobe.function("SyS_io_submit") !,
+ kprobe.function("sys_io_submit")
{
name = "io_submit"
// ctx_id = $ctx_id
@@ -2512,7 +2682,8 @@ probe nd_syscall.io_submit = kprobe.function("sys_io_submit")
iocbpp_uaddr = pointer_arg(3)
argstr = sprintf("%d, %d, %p", ctx_id, nr, iocbpp_uaddr)
}
-probe nd_syscall.io_submit.return = kprobe.function("sys_io_submit").return
+probe nd_syscall.io_submit.return = kprobe.function("SyS_io_submit").return !,
+ kprobe.function("sys_io_submit").return
{
name = "io_submit"
retstr = returnstr(1)
@@ -2541,7 +2712,8 @@ probe nd_syscall.compat_io_submit.return = kprobe.function("compat_sys_io_submit
# ioprio_get _________________________________________________
# long sys_ioprio_get(int which, int who)
#
-probe nd_syscall.ioprio_get = kprobe.function("sys_ioprio_get") ?
+probe nd_syscall.ioprio_get = kprobe.function("SyS_ioprio_get") !,
+ kprobe.function("sys_ioprio_get") ?
{
name = "ioprio_get"
// which = $which
@@ -2552,7 +2724,8 @@ probe nd_syscall.ioprio_get = kprobe.function("sys_ioprio_get") ?
who = int_arg(2)
argstr = sprintf("%d, %d", which, who)
}
-probe nd_syscall.ioprio_get.return = kprobe.function("sys_ioprio_get").return ?
+probe nd_syscall.ioprio_get.return = kprobe.function("SyS_ioprio_get").return !,
+ kprobe.function("sys_ioprio_get").return ?
{
name = "ioprio_get"
retstr = returnstr(1)
@@ -2561,7 +2734,8 @@ probe nd_syscall.ioprio_get.return = kprobe.function("sys_ioprio_get").return ?
# ioprio_set _________________________________________________
# long sys_ioprio_set(int which, int who, int ioprio)
#
-probe nd_syscall.ioprio_set = kprobe.function("sys_ioprio_set") ?
+probe nd_syscall.ioprio_set = kprobe.function("SyS_ioprio_set") !,
+ kprobe.function("sys_ioprio_set") ?
{
name = "ioprio_set"
// which = $which
@@ -2574,7 +2748,8 @@ probe nd_syscall.ioprio_set = kprobe.function("sys_ioprio_set") ?
ioprio = int_arg(3)
argstr = sprintf("%d, %d, %d", which, who, ioprio)
}
-probe nd_syscall.ioprio_set.return = kprobe.function("sys_ioprio_set").return ?
+probe nd_syscall.ioprio_set.return = kprobe.function("SyS_ioprio_set").return !,
+ kprobe.function("sys_ioprio_set").return ?
{
name = "ioprio_set"
retstr = returnstr(1)
@@ -2590,8 +2765,9 @@ probe nd_syscall.ioprio_set.return = kprobe.function("sys_ioprio_set").return ?
# struct compat_kexec_segment __user *segments,
# unsigned long flags)
#
-probe nd_syscall.kexec_load = kprobe.function("sys_kexec_load") ?,
- kprobe.function("compat_sys_kexec_load") ?
+probe nd_syscall.kexec_load = kprobe.function("compat_sys_kexec_load") ?,
+ kprobe.function("SyS_kexec_load") !,
+ kprobe.function("sys_kexec_load") ?
{
name = "kexec_load"
// entry = $entry
@@ -2606,8 +2782,9 @@ probe nd_syscall.kexec_load = kprobe.function("sys_kexec_load") ?,
flags = ulong_arg(4)
argstr = sprintf("%p, %d, %p, %d", entry, nr_segments, segments_uaddr, flags)
}
-probe nd_syscall.kexec_load.return = kprobe.function("sys_kexec_load").return ?,
- kprobe.function("compat_sys_kexec_load").return ?
+probe nd_syscall.kexec_load.return = kprobe.function("compat_sys_kexec_load").return ?,
+ kprobe.function("SyS_kexec_load").return !,
+ kprobe.function("sys_kexec_load").return ?
{
name = "kexec_load"
retstr = returnstr(1)
@@ -2621,8 +2798,9 @@ probe nd_syscall.kexec_load.return = kprobe.function("sys_kexec_load").return ?,
# unsigned long arg5)
# long compat_sys_keyctl(u32 option, u32 arg2, u32 arg3, u32 arg4, u32 arg5)
#
-probe nd_syscall.keyctl = kprobe.function("sys_keyctl") ?,
- kprobe.function("compat_sys_keyctl") ?
+probe nd_syscall.keyctl = kprobe.function("compat_sys_keyctl") ?,
+ kprobe.function("SyS_keyctl") !,
+ kprobe.function("sys_keyctl") ?
{
name = "keyctl"
// argstr = sprintf("%d, ...", $option)
@@ -2630,8 +2808,9 @@ probe nd_syscall.keyctl = kprobe.function("sys_keyctl") ?,
argstr = sprintf("%d, ...", uint_arg(1))
}
-probe nd_syscall.keyctl.return = kprobe.function("sys_keyctl").return ?,
- kprobe.function("compat_sys_keyctl").return ?
+probe nd_syscall.keyctl.return = kprobe.function("compat_sys_keyctl").return ?,
+ kprobe.function("SyS_keyctl").return !,
+ kprobe.function("sys_keyctl").return ?
{
name = "keyctl"
retstr = returnstr(1)
@@ -2639,7 +2818,8 @@ probe nd_syscall.keyctl.return = kprobe.function("sys_keyctl").return ?,
# kill _______________________________________________________
# long sys_kill(int pid, int sig)
-probe nd_syscall.kill = kprobe.function("sys_kill")
+probe nd_syscall.kill = kprobe.function("SyS_kill") !,
+ kprobe.function("sys_kill")
{
name = "kill"
// pid = $pid
@@ -2650,7 +2830,8 @@ probe nd_syscall.kill = kprobe.function("sys_kill")
sig = int_arg(2)
argstr = sprintf("%d, %s", pid, _signal_name(sig))
}
-probe nd_syscall.kill.return = kprobe.function("sys_kill").return
+probe nd_syscall.kill.return = kprobe.function("SyS_kill").return !,
+ kprobe.function("sys_kill").return
{
name = "kill"
retstr = returnstr(1)
@@ -2659,7 +2840,8 @@ probe nd_syscall.kill.return = kprobe.function("sys_kill").return
# lchown _____________________________________________________
# long sys_lchown(const char __user * filename, uid_t user, gid_t group)
#
-probe nd_syscall.lchown = kprobe.function("sys_lchown")
+probe nd_syscall.lchown = kprobe.function("SyS_lchown") !,
+ kprobe.function("sys_lchown")
{
name = "lchown"
// path = user_string($filename)
@@ -2672,7 +2854,8 @@ probe nd_syscall.lchown = kprobe.function("sys_lchown")
group = __int32(uint_arg(3))
argstr = sprintf("%s, %d, %d", user_string_quoted(pointer_arg(1)), owner, group)
}
-probe nd_syscall.lchown.return = kprobe.function("sys_lchown").return
+probe nd_syscall.lchown.return = kprobe.function("SyS_lchown").return !,
+ kprobe.function("sys_lchown").return
{
name = "lchown"
retstr = returnstr(1)
@@ -2706,7 +2889,8 @@ probe nd_syscall.lchown16.return = kprobe.function("sys_lchown16").return ?
# void __user *value,
# size_t size)
#
-probe nd_syscall.lgetxattr = kprobe.function("sys_lgetxattr")
+probe nd_syscall.lgetxattr = kprobe.function("SyS_lgetxattr") !,
+ kprobe.function("sys_lgetxattr")
{
name = "lgetxattr"
// %( kernel_v >= "2.6.27" %?
@@ -2737,7 +2921,8 @@ probe nd_syscall.lgetxattr = kprobe.function("sys_lgetxattr")
user_string_quoted(pointer_arg(2)),
value_uaddr, size)
}
-probe nd_syscall.lgetxattr.return = kprobe.function("sys_lgetxattr").return
+probe nd_syscall.lgetxattr.return = kprobe.function("SyS_lgetxattr").return !,
+ kprobe.function("sys_lgetxattr").return
{
name = "lgetxattr"
retstr = returnstr(1)
@@ -2745,7 +2930,8 @@ probe nd_syscall.lgetxattr.return = kprobe.function("sys_lgetxattr").return
# link _______________________________________________________
# long sys_link(const char __user * oldname,
# const char __user * newname)
-probe nd_syscall.link = kprobe.function("sys_link")
+probe nd_syscall.link = kprobe.function("SyS_link") !,
+ kprobe.function("sys_link")
{
name = "link"
// oldpath = user_string($oldname)
@@ -2760,7 +2946,8 @@ probe nd_syscall.link = kprobe.function("sys_link")
user_string_quoted(pointer_arg(1)),
user_string_quoted(pointer_arg(2)))
}
-probe nd_syscall.link.return = kprobe.function("sys_link").return
+probe nd_syscall.link.return = kprobe.function("SyS_link").return !,
+ kprobe.function("sys_link").return
{
name = "link"
retstr = returnstr(1)
@@ -2770,7 +2957,8 @@ probe nd_syscall.link.return = kprobe.function("sys_link").return
# new function with 2.6.16
# long sys_linkat(int olddfd, const char __user *oldname,
# int newdfd, const char __user *newname, int flags)
-probe nd_syscall.linkat = kprobe.function("sys_linkat") ?
+probe nd_syscall.linkat = kprobe.function("SyS_linkat") !,
+ kprobe.function("sys_linkat") ?
{
name = "linkat"
// olddirfd = $olddfd
@@ -2799,7 +2987,8 @@ probe nd_syscall.linkat = kprobe.function("sys_linkat") ?
newdirfd_str, user_string_quoted(pointer_arg(4)),
flags_str)
}
-probe nd_syscall.linkat.return = kprobe.function("sys_linkat").return ?
+probe nd_syscall.linkat.return = kprobe.function("SyS_linkat").return !,
+ kprobe.function("sys_linkat").return ?
{
name = "linkat"
retstr = returnstr(1)
@@ -2807,7 +2996,8 @@ probe nd_syscall.linkat.return = kprobe.function("sys_linkat").return ?
# listen _____________________________________________________
# long sys_listen(int fd, int backlog)
-probe nd_syscall.listen = kprobe.function("sys_listen") ?
+probe nd_syscall.listen = kprobe.function("SyS_listen") !,
+ kprobe.function("sys_listen") ?
{
name = "listen"
// sockfd = $fd
@@ -2818,7 +3008,8 @@ probe nd_syscall.listen = kprobe.function("sys_listen") ?
backlog = int_arg(2)
argstr = sprintf("%d, %d", sockfd, backlog)
}
-probe nd_syscall.listen.return = kprobe.function("sys_listen").return ?
+probe nd_syscall.listen.return = kprobe.function("SyS_listen").return !,
+ kprobe.function("sys_listen").return ?
{
name = "listen"
retstr = returnstr(1)
@@ -2827,7 +3018,8 @@ probe nd_syscall.listen.return = kprobe.function("sys_listen").return ?
# listxattr __________________________________________________
# ssize_t sys_listxattr(char __user *path, char __user *list, size_t size)
#
-probe nd_syscall.listxattr = kprobe.function("sys_listxattr")
+probe nd_syscall.listxattr = kprobe.function("SyS_listxattr") !,
+ kprobe.function("sys_listxattr")
{
name = "listxattr"
// list_uaddr = $list
@@ -2848,7 +3040,8 @@ probe nd_syscall.listxattr = kprobe.function("sys_listxattr")
size = ulong_arg(3)
argstr = sprintf("%s, %p, %d", user_string_quoted(path_uaddr), list_uaddr, size)
}
-probe nd_syscall.listxattr.return = kprobe.function("sys_listxattr").return
+probe nd_syscall.listxattr.return = kprobe.function("SyS_listxattr").return !,
+ kprobe.function("sys_listxattr").return
{
name = "listxattr"
retstr = returnstr(1)
@@ -2857,7 +3050,8 @@ probe nd_syscall.listxattr.return = kprobe.function("sys_listxattr").return
# llistxattr _________________________________________________
# ssize_t sys_llistxattr(char __user *path, char __user *list, size_t size)
#
-probe nd_syscall.llistxattr = kprobe.function("sys_llistxattr")
+probe nd_syscall.llistxattr = kprobe.function("SyS_llistxattr") !,
+ kprobe.function("sys_llistxattr")
{
name = "llistxattr"
// list_uaddr = $list
@@ -2878,7 +3072,8 @@ probe nd_syscall.llistxattr = kprobe.function("sys_llistxattr")
size = ulong_arg(3)
argstr = sprintf("%s, %p, %d", user_string_quoted(path_uaddr), list_uaddr, size)
}
-probe nd_syscall.llistxattr.return = kprobe.function("sys_llistxattr").return
+probe nd_syscall.llistxattr.return = kprobe.function("SyS_llistxattr").return !,
+ kprobe.function("sys_llistxattr").return
{
name = "llistxattr"
retstr = returnstr(1)
@@ -2890,7 +3085,8 @@ probe nd_syscall.llistxattr.return = kprobe.function("sys_llistxattr").return
# unsigned long offset_low,
# loff_t __user * result,
# unsigned int origin)
-probe nd_syscall.llseek = kprobe.function("sys_llseek") ?
+probe nd_syscall.llseek = kprobe.function("SyS_llseek") !,
+ kprobe.function("sys_llseek") ?
{
name = "llseek"
// fd = $fd
@@ -2911,7 +3107,8 @@ probe nd_syscall.llseek = kprobe.function("sys_llseek") ?
argstr = sprintf("%d, 0x%x, 0x%x, %p, %s", fd, offset_high,
offset_low, result_uaddr, whence_str)
}
-probe nd_syscall.llseek.return = kprobe.function("sys_llseek").return ?
+probe nd_syscall.llseek.return = kprobe.function("SyS_llseek").return !,
+ kprobe.function("sys_llseek").return ?
{
name = "llseek"
retstr = returnstr(1)
@@ -2920,7 +3117,8 @@ probe nd_syscall.llseek.return = kprobe.function("sys_llseek").return ?
# lookup_dcookie _____________________________________________
# long sys_lookup_dcookie(u64 cookie64, char __user * buf, size_t len)
#
-probe nd_syscall.lookup_dcookie = kprobe.function("sys_lookup_dcookie") ?
+probe nd_syscall.lookup_dcookie = kprobe.function("SyS_lookup_dcookie") !,
+ kprobe.function("sys_lookup_dcookie") ?
{
name = "lookup_dcookie"
// cookie = $cookie64
@@ -2933,7 +3131,8 @@ probe nd_syscall.lookup_dcookie = kprobe.function("sys_lookup_dcookie") ?
len = ulong_arg(3)
argstr = sprintf("%d, %p, %d", cookie, buffer_uaddr, len)
}
-probe nd_syscall.lookup_dcookie.return = kprobe.function("sys_lookup_dcookie").return ?
+probe nd_syscall.lookup_dcookie.return = kprobe.function("SyS_lookup_dcookie").return !,
+ kprobe.function("sys_lookup_dcookie").return ?
{
name = "lookup_dcookie"
retstr = returnstr(1)
@@ -2942,7 +3141,8 @@ probe nd_syscall.lookup_dcookie.return = kprobe.function("sys_lookup_dcookie").r
# lremovexattr _______________________________________________
# long sys_lremovexattr(char __user *path, char __user *name)
#
-probe nd_syscall.lremovexattr = kprobe.function("sys_lremovexattr")
+probe nd_syscall.lremovexattr = kprobe.function("SyS_lremovexattr") !,
+ kprobe.function("sys_lremovexattr")
{
name = "lremovexattr"
// name_uaddr = $name
@@ -2963,7 +3163,8 @@ probe nd_syscall.lremovexattr = kprobe.function("sys_lremovexattr")
name2 = user_string(name_uaddr)
argstr = sprintf("%s, %s", user_string_quoted(path_uaddr), user_string_quoted(name_uaddr))
}
-probe nd_syscall.lremovexattr.return = kprobe.function("sys_lremovexattr").return
+probe nd_syscall.lremovexattr.return = kprobe.function("SyS_lremovexattr").return !,
+ kprobe.function("sys_lremovexattr").return
{
name = "lremovexattr"
retstr = returnstr(1)
@@ -2971,7 +3172,8 @@ probe nd_syscall.lremovexattr.return = kprobe.function("sys_lremovexattr").retur
# lseek ______________________________________________________
# off_t sys_lseek(unsigned int fd, off_t offset, unsigned int origin)
-probe nd_syscall.lseek = kprobe.function("sys_lseek")
+probe nd_syscall.lseek = kprobe.function("SyS_lseek") !,
+ kprobe.function("sys_lseek")
{
// name = "lseek"
// fildes = $fd
@@ -2987,7 +3189,8 @@ probe nd_syscall.lseek = kprobe.function("sys_lseek")
whence_str = _seek_whence_str(whence)
argstr = sprintf("%d, %d, %s", fildes, offset, whence_str)
}
-probe nd_syscall.lseek.return = kprobe.function("sys_lseek").return
+probe nd_syscall.lseek.return = kprobe.function("SyS_lseek").return !,
+ kprobe.function("sys_lseek").return
{
name = "lseek"
retstr = returnstr(1)
@@ -3000,7 +3203,8 @@ probe nd_syscall.lseek.return = kprobe.function("sys_lseek").return
# size_t size,
# int flags)
#
-probe nd_syscall.lsetxattr = kprobe.function("sys_lsetxattr")
+probe nd_syscall.lsetxattr = kprobe.function("SyS_lsetxattr") !,
+ kprobe.function("sys_lsetxattr")
{
name = "lsetxattr"
// %( kernel_v >= "2.6.27" %?
@@ -3036,7 +3240,8 @@ probe nd_syscall.lsetxattr = kprobe.function("sys_lsetxattr")
user_string_quoted(name_uaddr),
value_uaddr, size, flags)
}
-probe nd_syscall.lsetxattr.return = kprobe.function("sys_lsetxattr").return
+probe nd_syscall.lsetxattr.return = kprobe.function("SyS_lsetxattr").return !,
+ kprobe.function("sys_lsetxattr").return
{
name = "lsetxattr"
retstr = returnstr(1)
@@ -3052,9 +3257,11 @@ probe nd_syscall.lsetxattr.return = kprobe.function("sys_lsetxattr").return
# struct oldabi_stat64 __user * statbuf)
#
probe nd_syscall.lstat = kprobe.function("sys_lstat") ?,
+ kprobe.function("SyS_newlstat") ?,
kprobe.function("sys_newlstat") ?,
kprobe.function("compat_sys_newlstat") ?,
kprobe.function("sys32_lstat64") ?,
+ kprobe.function("SyS_lstat64") ?,
kprobe.function("sys_lstat64") ?,
kprobe.function("sys_oabi_lstat64") ?
{
@@ -3068,9 +3275,11 @@ probe nd_syscall.lstat = kprobe.function("sys_lstat") ?,
argstr = sprintf("%s, %p", user_string_quoted(pointer_arg(1)), buf_uaddr)
}
probe nd_syscall.lstat.return = kprobe.function("sys_lstat").return ?,
+ kprobe.function("SyS_newlstat").return ?,
kprobe.function("sys_newlstat").return ?,
kprobe.function("compat_sys_newlstat").return ?,
kprobe.function("sys32_lstat64").return ?,
+ kprobe.function("SyS_lstat64").return ?,
kprobe.function("sys_lstat64").return ?,
kprobe.function("sys_oabi_lstat64").return ?
{
@@ -3081,7 +3290,8 @@ probe nd_syscall.lstat.return = kprobe.function("sys_lstat").return ?,
# madvise ____________________________________________________
# long sys_madvise(unsigned long start, size_t len_in, int behavior)
#
-probe nd_syscall.madvise = kprobe.function("sys_madvise") ?
+probe nd_syscall.madvise = kprobe.function("SyS_madvise") !,
+ kprobe.function("sys_madvise") ?
{
name = "madvise"
// start = $start
@@ -3096,7 +3306,8 @@ probe nd_syscall.madvise = kprobe.function("sys_madvise") ?
advice_str = _madvice_advice_str(advice)
argstr = sprintf("%p, %d, %s", start, length, _madvice_advice_str(advice))
}
-probe nd_syscall.madvise.return = kprobe.function("sys_madvise").return ?
+probe nd_syscall.madvise.return = kprobe.function("SyS_madvise").return !,
+ kprobe.function("sys_madvise").return ?
{
name = "madvise"
retstr = returnstr(1)
@@ -3117,8 +3328,9 @@ probe nd_syscall.madvise.return = kprobe.function("sys_madvise").return ?
# compat_ulong_t maxnode,
# compat_ulong_t flags)
#
-probe nd_syscall.mbind = kprobe.function("sys_mbind") ?,
- kprobe.function("compat_sys_mbind") ?
+probe nd_syscall.mbind = kprobe.function("compat_sys_mbind") ?,
+ kprobe.function("SyS_mbind") !,
+ kprobe.function("sys_mbind") ?
{
name = "mbind"
// start = $start
@@ -3139,8 +3351,9 @@ probe nd_syscall.mbind = kprobe.function("sys_mbind") ?,
argstr = sprintf("%d, %d, %d, %p, %d, 0x%x", start, len, mode,
nmask_uaddr, maxnode, flags)
}
-probe nd_syscall.mbind.return = kprobe.function("sys_mbind").return ?,
- kprobe.function("compat_sys_mbind").return ?
+probe nd_syscall.mbind.return = kprobe.function("compat_sys_mbind").return ?,
+ kprobe.function("SyS_mbind").return !,
+ kprobe.function("sys_mbind").return ?
{
name = "mbind"
retstr = returnstr(1)
@@ -3150,14 +3363,16 @@ probe nd_syscall.mbind.return = kprobe.function("sys_mbind").return ?,
# long sys_migrate_pages(pid_t pid, unsigned long maxnode,
# const unsigned long __user *old_nodes,
# const unsigned long __user *new_nodes)
-probe nd_syscall.migrate_pages = kprobe.function("sys_migrate_pages") ?
+probe nd_syscall.migrate_pages = kprobe.function("SyS_migrate_pages") !,
+ kprobe.function("sys_migrate_pages") ?
{
name = "migrate_pages"
// argstr = sprintf("%d, %d, %p, %p", $pid, $maxnode, $old_nodes, $new_nodes)
asmlinkage()
argstr = sprintf("%d, %d, %p, %p", int_arg(1), ulong_arg(2), pointer_arg(3), pointer_arg(4))
}
-probe nd_syscall.migrate_pages.return = kprobe.function("sys_migrate_pages").return ?
+probe nd_syscall.migrate_pages.return = kprobe.function("SyS_migrate_pages").return !,
+ kprobe.function("sys_migrate_pages").return ?
{
name = "migrate_pages"
retstr = returnstr(1)
@@ -3166,7 +3381,8 @@ probe nd_syscall.migrate_pages.return = kprobe.function("sys_migrate_pages").ret
# mincore ____________________________________________________
# long sys_mincore(unsigned long start, size_t len, unsigned char __user * vec)
#
-probe nd_syscall.mincore = kprobe.function("sys_mincore") ?
+probe nd_syscall.mincore = kprobe.function("SyS_mincore") !,
+ kprobe.function("sys_mincore") ?
{
name = "mincore"
// start = $start
@@ -3179,7 +3395,8 @@ probe nd_syscall.mincore = kprobe.function("sys_mincore") ?
vec_uaddr = pointer_arg(3)
argstr = sprintf("%p, %d, %p", start, length, vec_uaddr)
}
-probe nd_syscall.mincore.return = kprobe.function("sys_mincore").return ?
+probe nd_syscall.mincore.return = kprobe.function("SyS_mincore").return !,
+ kprobe.function("sys_mincore").return ?
{
name = "mincore"
retstr = returnstr(1)
@@ -3187,7 +3404,8 @@ probe nd_syscall.mincore.return = kprobe.function("sys_mincore").return ?
# mkdir ______________________________________________________
# long sys_mkdir(const char __user * pathname, int mode)
-probe nd_syscall.mkdir = kprobe.function("sys_mkdir")
+probe nd_syscall.mkdir = kprobe.function("SyS_mkdir") !,
+ kprobe.function("sys_mkdir")
{
name = "mkdir"
// pathname_uaddr = $pathname
@@ -3200,7 +3418,8 @@ probe nd_syscall.mkdir = kprobe.function("sys_mkdir")
mode = int_arg(2)
argstr = sprintf("%s, %#o", user_string_quoted(pathname_uaddr), mode)
}
-probe nd_syscall.mkdir.return = kprobe.function("sys_mkdir").return
+probe nd_syscall.mkdir.return = kprobe.function("SyS_mkdir").return !,
+ kprobe.function("sys_mkdir").return
{
name = "mkdir"
retstr = returnstr(1)
@@ -3209,7 +3428,8 @@ probe nd_syscall.mkdir.return = kprobe.function("sys_mkdir").return
# mkdirat ____________________________________________________
# new function with 2.6.16
# long sys_mkdirat(int dfd, const char __user *pathname, int mode)
-probe nd_syscall.mkdirat = kprobe.function("sys_mkdirat") ?
+probe nd_syscall.mkdirat = kprobe.function("SyS_mkdirat") !,
+ kprobe.function("sys_mkdirat") ?
{
name = "mkdirat"
// dirfd = $dfd
@@ -3222,7 +3442,8 @@ probe nd_syscall.mkdirat = kprobe.function("sys_mkdirat") ?
mode = int_arg(3)
argstr = sprintf("%d, %s, %#o", dirfd, user_string_quoted(pointer_arg(2)), mode)
}
-probe nd_syscall.mkdirat.return = kprobe.function("sys_mkdirat").return ?
+probe nd_syscall.mkdirat.return = kprobe.function("SyS_mkdirat").return !,
+ kprobe.function("sys_mkdirat").return ?
{
name = "mkdirat"
retstr = returnstr(1)
@@ -3230,7 +3451,8 @@ probe nd_syscall.mkdirat.return = kprobe.function("sys_mkdirat").return ?
# mknod
# long sys_mknod(const char __user * filename, int mode, unsigned dev)
-probe nd_syscall.mknod = kprobe.function("sys_mknod")
+probe nd_syscall.mknod = kprobe.function("SyS_mknod") !,
+ kprobe.function("sys_mknod")
{
name = "mknod"
// pathname = user_string($filename)
@@ -3244,7 +3466,8 @@ probe nd_syscall.mknod = kprobe.function("sys_mknod")
argstr = sprintf("%s, %s, %p", user_string_quoted(pointer_arg(1)), _mknod_mode_str(mode), dev)
}
-probe nd_syscall.mknod.return = kprobe.function("sys_mknod").return
+probe nd_syscall.mknod.return = kprobe.function("SyS_mknod").return !,
+ kprobe.function("sys_mknod").return
{
name = "mknod"
retstr = returnstr(1)
@@ -3254,7 +3477,8 @@ probe nd_syscall.mknod.return = kprobe.function("sys_mknod").return
# new function with 2.6.16
# long sys_mknodat(int dfd, const char __user *filename,
# int mode, unsigned dev)
-probe nd_syscall.mknodat = kprobe.function("sys_mknodat") ?
+probe nd_syscall.mknodat = kprobe.function("SyS_mknodat") !,
+ kprobe.function("sys_mknodat") ?
{
name = "mknodat"
// dirfd = $dfd
@@ -3275,7 +3499,8 @@ probe nd_syscall.mknodat = kprobe.function("sys_mknodat") ?
argstr = sprintf("%s, %s, %s, %p",
dirfd_str, user_string_quoted(pointer_arg(2)), mode_str, dev)
}
-probe nd_syscall.mknodat.return = kprobe.function("sys_mknodat").return ?
+probe nd_syscall.mknodat.return = kprobe.function("SyS_mknodat").return !,
+ kprobe.function("sys_mknodat").return ?
{
name = "mknodat"
retstr = returnstr(1)
@@ -3285,7 +3510,8 @@ probe nd_syscall.mknodat.return = kprobe.function("sys_mknodat").return ?
#
# long sys_mlock(unsigned long start, size_t len)
#
-probe nd_syscall.mlock = kprobe.function("sys_mlock") ?
+probe nd_syscall.mlock = kprobe.function("SyS_mlock") !,
+ kprobe.function("sys_mlock") ?
{
name = "mlock"
// addr = $start
@@ -3296,7 +3522,8 @@ probe nd_syscall.mlock = kprobe.function("sys_mlock") ?
len = ulong_arg(2)
argstr = sprintf("%p, %d", addr, len)
}
-probe nd_syscall.mlock.return = kprobe.function("sys_mlock").return ?
+probe nd_syscall.mlock.return = kprobe.function("SyS_mlock").return !,
+ kprobe.function("sys_mlock").return ?
{
name = "mlock"
retstr = returnstr(1)
@@ -3305,7 +3532,8 @@ probe nd_syscall.mlock.return = kprobe.function("sys_mlock").return ?
#
# long sys_mlockall(int flags)
#
-probe nd_syscall.mlockall = kprobe.function("sys_mlockall") ?
+probe nd_syscall.mlockall = kprobe.function("SyS_mlockall") !,
+ kprobe.function("sys_mlockall") ?
{
name = "mlockall"
// flags = $flags
@@ -3314,7 +3542,8 @@ probe nd_syscall.mlockall = kprobe.function("sys_mlockall") ?
flags = int_arg(1)
argstr = _mlockall_flags_str(flags)
}
-probe nd_syscall.mlockall.return = kprobe.function("sys_mlockall").return ?
+probe nd_syscall.mlockall.return = kprobe.function("SyS_mlockall").return !,
+ kprobe.function("sys_mlockall").return ?
{
name = "mlockall"
retstr = returnstr(1)
@@ -3355,16 +3584,18 @@ probe nd_syscall.modify_ldt.return = kprobe.function("sys_modify_ldt").return ?
# int __user *status,
# int flags)
#
-probe nd_syscall.move_pages = kprobe.function("sys_move_pages") ?,
- kprobe.function("compat_sys_move_pages") ?
+probe nd_syscall.move_pages = kprobe.function("compat_sys_move_pages") ?,
+ kprobe.function("SyS_move_pages") !,
+ kprobe.function("sys_move_pages") ?
{
name = "move_pages"
// argstr = sprintf("%d, %d, %p, %p, 0x%x", $pid, $nr_pages, $nodes, $status, $flags)
asmlinkage()
argstr = sprintf("%d, %d, %p, %p, 0x%x", int_arg(1), ulong_arg(2), pointer_arg(4), pointer_arg(5), int_arg(6))
}
-probe nd_syscall.move_pages.return = kprobe.function("sys_move_pages").return ?,
- kprobe.function("compat_sys_move_pages").return ?
+probe nd_syscall.move_pages.return = kprobe.function("compat_sys_move_pages").return ?,
+ kprobe.function("SyS_move_pages").return !,
+ kprobe.function("sys_move_pages").return ?
{
name = "move_pages"
retstr = returnstr(1)
@@ -3381,8 +3612,9 @@ probe nd_syscall.move_pages.return = kprobe.function("sys_move_pages").return ?,
# char __user * type,
# unsigned long flags,
# void __user * data)
-probe nd_syscall.mount = kprobe.function("sys_mount"),
- kprobe.function("compat_sys_mount") ?
+probe nd_syscall.mount = kprobe.function("compat_sys_mount") ?,
+ kprobe.function("SyS_mount") !,
+ kprobe.function("sys_mount")
{
name = "mount"
// source = user_string($dev_name)
@@ -3409,8 +3641,9 @@ probe nd_syscall.mount = kprobe.function("sys_mount"),
user_string_quoted(pointer_arg(3)),
mountflags_str, data)
}
-probe nd_syscall.mount.return = kprobe.function("sys_mount").return,
- kprobe.function("compat_sys_mount").return ?
+probe nd_syscall.mount.return = kprobe.function("compat_sys_mount").return ?,
+ kprobe.function("SyS_mount").return !,
+ kprobe.function("sys_mount").return
{
name = "mount"
retstr = returnstr(1)
@@ -3419,7 +3652,8 @@ probe nd_syscall.mount.return = kprobe.function("sys_mount").return,
# mprotect ___________________________________________________
# long sys_mprotect(unsigned long start, size_t len, unsigned long prot)
#
-probe nd_syscall.mprotect = kprobe.function("sys_mprotect") ?
+probe nd_syscall.mprotect = kprobe.function("SyS_mprotect") !,
+ kprobe.function("sys_mprotect") ?
{
name = "mprotect"
// addr = $start
@@ -3434,7 +3668,8 @@ probe nd_syscall.mprotect = kprobe.function("sys_mprotect") ?
prot_str = _mprotect_prot_str(prot)
argstr = sprintf("%p, %d, %s", addr, len, _mprotect_prot_str(prot))
}
-probe nd_syscall.mprotect.return = kprobe.function("sys_mprotect").return ?
+probe nd_syscall.mprotect.return = kprobe.function("SyS_mprotect").return !,
+ kprobe.function("sys_mprotect").return ?
{
name = "mprotect"
retstr = returnstr(1)
@@ -3448,8 +3683,9 @@ probe nd_syscall.mprotect.return = kprobe.function("sys_mprotect").return ?
# const struct compat_mq_attr __user *u_mqstat,
# struct compat_mq_attr __user *u_omqstat)
#
-probe nd_syscall.mq_getsetattr = kprobe.function("sys_mq_getsetattr") ?,
- kprobe.function("compat_sys_mq_getsetattr") ?
+probe nd_syscall.mq_getsetattr = kprobe.function("compat_sys_mq_getsetattr") ?,
+ kprobe.function("SyS_mq_getsetattr") !,
+ kprobe.function("sys_mq_getsetattr") ?
{
name = "mq_getsetattr"
// mqdes = $mqdes
@@ -3462,8 +3698,9 @@ probe nd_syscall.mq_getsetattr = kprobe.function("sys_mq_getsetattr") ?,
u_omqstat_uaddr = pointer_arg(3)
argstr = sprintf("%d, %p, %p", mqdes, u_mqstat_uaddr, u_omqstat_uaddr)
}
-probe nd_syscall.mq_getsetattr.return = kprobe.function("sys_mq_getsetattr").return ?,
- kprobe.function("compat_sys_mq_getsetattr").return ?
+probe nd_syscall.mq_getsetattr.return = kprobe.function("compat_sys_mq_getsetattr").return ?,
+ kprobe.function("SyS_mq_getsetattr").return !,
+ kprobe.function("sys_mq_getsetattr").return ?
{
name = "mq_getsetattr"
retstr = returnstr(1)
@@ -3473,8 +3710,9 @@ probe nd_syscall.mq_getsetattr.return = kprobe.function("sys_mq_getsetattr").ret
# long sys_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification)
# long compat_sys_mq_notify(mqd_t mqdes, const struct compat_sigevent __user *u_notification)
#
-probe nd_syscall.mq_notify = kprobe.function("sys_mq_notify") ?,
- kprobe.function("compat_sys_mq_notify") ?
+probe nd_syscall.mq_notify = kprobe.function("compat_sys_mq_notify") ?,
+ kprobe.function("SyS_mq_notify") !,
+ kprobe.function("sys_mq_notify") ?
{
name = "mq_notify"
// mqdes = $mqdes
@@ -3485,8 +3723,9 @@ probe nd_syscall.mq_notify = kprobe.function("sys_mq_notify") ?,
notification_uaddr = pointer_arg(2)
argstr = sprintf("%d, %p", mqdes, notification_uaddr)
}
-probe nd_syscall.mq_notify.return = kprobe.function("sys_mq_notify").return ?,
- kprobe.function("compat_sys_mq_notify").return ?
+probe nd_syscall.mq_notify.return = kprobe.function("compat_sys_mq_notify").return ?,
+ kprobe.function("SyS_mq_notify").return !,
+ kprobe.function("sys_mq_notify").return ?
{
name = "mq_notify"
retstr = returnstr(1)
@@ -3501,8 +3740,9 @@ probe nd_syscall.mq_notify.return = kprobe.function("sys_mq_notify").return ?,
# int oflag, compat_mode_t mode,
# struct compat_mq_attr __user *u_attr)
#
-probe nd_syscall.mq_open = kprobe.function("sys_mq_open") ?,
- kprobe.function("compat_sys_mq_open") ?
+probe nd_syscall.mq_open = kprobe.function("compat_sys_mq_open") ?,
+ kprobe.function("SyS_mq_open") !,
+ kprobe.function("sys_mq_open") ?
{
name = "mq_open"
// name_uaddr = $u_name
@@ -3528,8 +3768,9 @@ probe nd_syscall.mq_open = kprobe.function("sys_mq_open") ?,
else
argstr = sprintf("%s, %s", user_string_quoted(name_uaddr), _sys_open_flag_str(oflag))
}
-probe nd_syscall.mq_open.return = kprobe.function("sys_mq_open").return ?,
- kprobe.function("compat_sys_mq_open").return ?
+probe nd_syscall.mq_open.return = kprobe.function("compat_sys_mq_open").return ?,
+ kprobe.function("SyS_mq_open").return !,
+ kprobe.function("sys_mq_open").return ?
{
name = "mq_open"
retstr = returnstr(1)
@@ -3546,8 +3787,9 @@ probe nd_syscall.mq_open.return = kprobe.function("sys_mq_open").return ?,
# size_t msg_len, unsigned int __user *u_msg_prio,
# const struct compat_timespec __user *u_abs_timeout)
#
-probe nd_syscall.mq_timedreceive = kprobe.function("sys_mq_timedreceive") ?,
- kprobe.function("compat_sys_mq_timedreceive") ?
+probe nd_syscall.mq_timedreceive = kprobe.function("compat_sys_mq_timedreceive") ?,
+ kprobe.function("SyS_mq_timedreceive") !,
+ kprobe.function("sys_mq_timedreceive") ?
{
name = "mq_timedreceive"
// mqdes = $mqdes
@@ -3566,8 +3808,9 @@ probe nd_syscall.mq_timedreceive = kprobe.function("sys_mq_timedreceive") ?,
argstr = sprintf("%d, %p, %d, %p, %p", mqdes, msg_ptr_uaddr, msg_len,
msg_prio_uaddr, abs_timeout_uaddr)
}
-probe nd_syscall.mq_timedreceive.return = kprobe.function("sys_mq_timedreceive").return ?,
- kprobe.function("compat_sys_mq_timedreceive").return ?
+probe nd_syscall.mq_timedreceive.return = kprobe.function("compat_sys_mq_timedreceive").return ?,
+ kprobe.function("SyS_mq_timedreceive").return !,
+ kprobe.function("sys_mq_timedreceive").return ?
{
name = "mq_timedreceive"
retstr = returnstr(1)
@@ -3584,8 +3827,9 @@ probe nd_syscall.mq_timedreceive.return = kprobe.function("sys_mq_timedreceive")
# size_t msg_len, unsigned int msg_prio,
# const struct compat_timespec __user *u_abs_timeout)
#
-probe nd_syscall.mq_timedsend = kprobe.function("sys_mq_timedsend") ?,
- kprobe.function("compat_sys_mq_timedsend") ?
+probe nd_syscall.mq_timedsend = kprobe.function("compat_sys_mq_timedsend") ?,
+ kprobe.function("SyS_mq_timedsend") !,
+ kprobe.function("sys_mq_timedsend") ?
{
name = "mq_timedsend"
// mqdes = $mqdes
@@ -3604,8 +3848,9 @@ probe nd_syscall.mq_timedsend = kprobe.function("sys_mq_timedsend") ?,
argstr = sprintf("%d, %p, %d, %d, %p", mqdes, msg_ptr_uaddr, msg_len,
msg_prio, abs_timeout_uaddr)
}
-probe nd_syscall.mq_timedsend.return = kprobe.function("sys_mq_timedsend").return ?,
- kprobe.function("compat_sys_mq_timedsend").return ?
+probe nd_syscall.mq_timedsend.return = kprobe.function("compat_sys_mq_timedsend").return ?,
+ kprobe.function("SyS_mq_timedsend").return !,
+ kprobe.function("sys_mq_timedsend").return ?
{
name = "mq_timedsend"
retstr = returnstr(1)
@@ -3614,7 +3859,8 @@ probe nd_syscall.mq_timedsend.return = kprobe.function("sys_mq_timedsend").retur
# mq_unlink __________________________________________________
# long sys_mq_unlink(const char __user *u_name)
#
-probe nd_syscall.mq_unlink = kprobe.function("sys_mq_unlink") ?
+probe nd_syscall.mq_unlink = kprobe.function("SyS_mq_unlink") !,
+ kprobe.function("sys_mq_unlink") ?
{
name = "mq_unlink"
// u_name_uaddr = $u_name
@@ -3625,7 +3871,8 @@ probe nd_syscall.mq_unlink = kprobe.function("sys_mq_unlink") ?
u_name = user_string(u_name_uaddr)
argstr = user_string_quoted(u_name_uaddr)
}
-probe nd_syscall.mq_unlink.return = kprobe.function("sys_mq_unlink").return ?
+probe nd_syscall.mq_unlink.return = kprobe.function("SyS_mq_unlink").return !,
+ kprobe.function("sys_mq_unlink").return ?
{
name = "mq_unlink"
retstr = returnstr(1)
@@ -3638,8 +3885,9 @@ probe nd_syscall.mq_unlink.return = kprobe.function("sys_mq_unlink").return ?
# unsigned long flags,
# unsigned long new_addr)
#
-probe nd_syscall.mremap = kprobe.function("sys_mremap") ?,
- kprobe.function("ia64_mremap") ?
+probe nd_syscall.mremap = kprobe.function("ia64_mremap") ?,
+ kprobe.function("SyS_mremap") !,
+ kprobe.function("sys_mremap") ?
{
name = "mremap"
// old_address = $addr
@@ -3658,8 +3906,9 @@ probe nd_syscall.mremap = kprobe.function("sys_mremap") ?,
argstr = sprintf("%p, %d, %d, %s, %p", old_address, old_size, new_size,
_mremap_flags(flags), new_address)
}
-probe nd_syscall.mremap.return = kprobe.function("sys_mremap").return ?,
- kprobe.function("ia64_mremap").return ?
+probe nd_syscall.mremap.return = kprobe.function("ia64_mremap").return ?,
+ kprobe.function("SyS_mremap").return !,
+ kprobe.function("sys_mremap").return ?
{
name = "mremap"
retstr = returnstr(2)
@@ -3668,7 +3917,8 @@ probe nd_syscall.mremap.return = kprobe.function("sys_mremap").return ?,
# msgctl _____________________________________________________
# long sys_msgctl (int msqid, int cmd, struct msqid_ds __user *buf)
#
-probe nd_syscall.msgctl = kprobe.function("sys_msgctl") ?
+probe nd_syscall.msgctl = kprobe.function("SyS_msgctl") !,
+ kprobe.function("sys_msgctl") ?
{
name = "msgctl"
// msqid = $msqid
@@ -3681,7 +3931,8 @@ probe nd_syscall.msgctl = kprobe.function("sys_msgctl") ?
buf_uaddr = pointer_arg(3)
argstr = sprintf("%d, %d, %p", msqid, cmd, buf_uaddr)
}
-probe nd_syscall.msgctl.return = kprobe.function("sys_msgctl").return ?
+probe nd_syscall.msgctl.return = kprobe.function("SyS_msgctl").return !,
+ kprobe.function("sys_msgctl").return ?
{
name = "msgctl"
retstr = returnstr(1)
@@ -3706,7 +3957,8 @@ probe nd_syscall.compat_sys_msgctl.return = kprobe.function("compat_sys_msgctl")
# msgget _____________________________________________________
# long sys_msgget (key_t key, int msgflg)
#
-probe nd_syscall.msgget = kprobe.function("sys_msgget") ?
+probe nd_syscall.msgget = kprobe.function("SyS_msgget") !,
+ kprobe.function("sys_msgget") ?
{
name = "msgget"
// key = $key
@@ -3719,7 +3971,8 @@ probe nd_syscall.msgget = kprobe.function("sys_msgget") ?
msgflg_str = _sys_open_flag_str(msgflg)
argstr = sprintf("%d, %s", key, _sys_open_flag_str(msgflg))
}
-probe nd_syscall.msgget.return = kprobe.function("sys_msgget").return ?
+probe nd_syscall.msgget.return = kprobe.function("SyS_msgget").return !,
+ kprobe.function("sys_msgget").return ?
{
name = "msgget"
retstr = returnstr(1)
@@ -3732,7 +3985,8 @@ probe nd_syscall.msgget.return = kprobe.function("sys_msgget").return ?
# long msgtyp,
# int msgflg)
#
-probe nd_syscall.msgrcv = kprobe.function("sys_msgrcv") ?
+probe nd_syscall.msgrcv = kprobe.function("SyS_msgrcv") !,
+ kprobe.function("sys_msgrcv") ?
{
name = "msgrcv"
// msqid = $msqid
@@ -3749,7 +4003,8 @@ probe nd_syscall.msgrcv = kprobe.function("sys_msgrcv") ?
msgflg = int_arg(5)
argstr = sprintf("%d, %p, %d, %d, %d", msqid, msgp_uaddr, msgsz, msgtyp, msgflg)
}
-probe nd_syscall.msgrcv.return = kprobe.function("sys_msgrcv").return ?
+probe nd_syscall.msgrcv.return = kprobe.function("SyS_msgrcv").return !,
+ kprobe.function("sys_msgrcv").return ?
{
name = "msgrcv"
retstr = returnstr(1)
@@ -3778,7 +4033,8 @@ probe nd_syscall.compat_sys_msgrcv.return = kprobe.function("compat_sys_msgrcv")
# size_t msgsz,
# int msgflg)
#
-probe nd_syscall.msgsnd = kprobe.function("sys_msgsnd") ?
+probe nd_syscall.msgsnd = kprobe.function("SyS_msgsnd") !,
+ kprobe.function("sys_msgsnd") ?
{
name = "msgsnd"
// msqid = $msqid
@@ -3793,7 +4049,8 @@ probe nd_syscall.msgsnd = kprobe.function("sys_msgsnd") ?
msgflg = int_arg(4)
argstr = sprintf("%d, %p, %d, %d", msqid, msgp_uaddr, msgsz, msgflg)
}
-probe nd_syscall.msgsnd.return = kprobe.function("sys_msgsnd").return ?
+probe nd_syscall.msgsnd.return = kprobe.function("SyS_msgsnd").return !,
+ kprobe.function("sys_msgsnd").return ?
{
name = "msgsnd"
retstr = returnstr(1)
@@ -3817,7 +4074,8 @@ probe nd_syscall.compat_sys_msgsnd.return = kprobe.function("compat_sys_msgsnd")
# msync ______________________________________________________
# long sys_msync(unsigned long start, size_t len, int flags)
-probe nd_syscall.msync = kprobe.function("sys_msync") ?
+probe nd_syscall.msync = kprobe.function("SyS_msync") !,
+ kprobe.function("sys_msync") ?
{
name = "msync"
// start = $start
@@ -3829,7 +4087,8 @@ probe nd_syscall.msync = kprobe.function("sys_msync") ?
flags = int_arg(3)
argstr = sprintf("%p, %d, %s", start, length, _msync_flag_str(flags))
}
-probe nd_syscall.msync.return = kprobe.function("sys_msync").return ?
+probe nd_syscall.msync.return = kprobe.function("SyS_msync").return !,
+ kprobe.function("sys_msync").return ?
{
name = "msync"
retstr = returnstr(1)
@@ -3837,7 +4096,8 @@ probe nd_syscall.msync.return = kprobe.function("sys_msync").return ?
# munlock ____________________________________________________
# long sys_munlock(unsigned long start, size_t len)
-probe nd_syscall.munlock = kprobe.function("sys_munlock") ?
+probe nd_syscall.munlock = kprobe.function("SyS_munlock") !,
+ kprobe.function("sys_munlock") ?
{
name = "munlock"
// addr = $start
@@ -3847,7 +4107,8 @@ probe nd_syscall.munlock = kprobe.function("sys_munlock") ?
len = ulong_arg(2)
argstr = sprintf("%p, %d", addr, len)
}
-probe nd_syscall.munlock.return = kprobe.function("sys_munlock").return ?
+probe nd_syscall.munlock.return = kprobe.function("SyS_munlock").return !,
+ kprobe.function("sys_munlock").return ?
{
name = "munlock"
retstr = returnstr(1)
@@ -3868,7 +4129,8 @@ probe nd_syscall.munlockall.return = kprobe.function("sys_munlockall").return ?
# munmap _____________________________________________________
# long sys_munmap(unsigned long addr, size_t len)
-probe nd_syscall.munmap = kprobe.function("sys_munmap")
+probe nd_syscall.munmap = kprobe.function("SyS_munmap") !,
+ kprobe.function("sys_munmap")
{
name = "munmap"
// start = $addr
@@ -3878,7 +4140,8 @@ probe nd_syscall.munmap = kprobe.function("sys_munmap")
length = ulong_arg(2)
argstr = sprintf("%p, %d", start, length)
}
-probe nd_syscall.munmap.return = kprobe.function("sys_munmap").return
+probe nd_syscall.munmap.return = kprobe.function("SyS_munmap").return !,
+ kprobe.function("sys_munmap").return
{
name = "munmap"
retstr = returnstr(1)
--
1.5.6.5