This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
[PATCH v4] Fix nd_syscalls.stp for architectures using SYSCALL_WRAPPERS.
Add kprobe.function("SyS_*") probe points to nd_syscall.* probe aliases.
Analogue of commit 132c337c with two exceptions:
- remove sufficiency of these new probe points (use '?' instead of '!'),
because translator always considers them resolved,
- make non-SyS probe points optional in probe aliases affected by
syscall wrappers, because otherwise they will fail on such
architectures.
---
tapset/nd_syscalls.stp | 873 +++++++++++++++++++++++++++++++-----------------
1 files changed, 568 insertions(+), 305 deletions(-)
diff --git a/tapset/nd_syscalls.stp b/tapset/nd_syscalls.stp
index af14539..221e680 100644
--- a/tapset/nd_syscalls.stp
+++ b/tapset/nd_syscalls.stp
@@ -34,7 +34,8 @@
# accept _____________________________________________________
# long sys_accept(int fd, struct sockaddr __user *upeer_sockaddr,
# int __user *upeer_addrlen)
-probe nd_syscall.accept = kprobe.function("sys_accept") ?
+probe nd_syscall.accept = kprobe.function("SyS_accept") ?,
+ kprobe.function("sys_accept") ?
{
name = "accept"
// sockfd = $fd
@@ -47,7 +48,8 @@ probe nd_syscall.accept = kprobe.function("sys_accept") ?
addrlen_uaddr = pointer_arg(3)
argstr = sprintf("%d, %p, %p", sockfd, addr_uaddr, addrlen_uaddr)
}
-probe nd_syscall.accept.return = kprobe.function("sys_accept").return ?
+probe nd_syscall.accept.return = kprobe.function("SyS_accept").return ?,
+ kprobe.function("sys_accept").return ?
{
name = "accept"
retstr = returnstr(1)
@@ -55,7 +57,8 @@ probe nd_syscall.accept.return = kprobe.function("sys_accept").return ?
# access _____________________________________________________
# long sys_access(const char __user * filename, int mode)
-probe nd_syscall.access = kprobe.function("sys_access")
+probe nd_syscall.access = kprobe.function("SyS_access") ?,
+ kprobe.function("sys_access") ?
{
name = "access"
// pathname = user_string($filename)
@@ -68,7 +71,8 @@ probe nd_syscall.access = kprobe.function("sys_access")
mode_str = _access_mode_str(mode)
argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), mode_str)
}
-probe nd_syscall.access.return = kprobe.function("sys_access").return
+probe nd_syscall.access.return = kprobe.function("SyS_access").return ?,
+ kprobe.function("sys_access").return ?
{
name = "access"
retstr = returnstr(1)
@@ -98,7 +102,8 @@ probe nd_syscall.acct.return = kprobe.function("sys_acct").return ?
# size_t plen,
# key_serial_t ringid)
#
-probe nd_syscall.add_key = kprobe.function("sys_add_key") ?
+probe nd_syscall.add_key = kprobe.function("SyS_add_key") ?,
+ kprobe.function("sys_add_key") ?
{
name = "add_key"
// type_uaddr = $_type
@@ -123,7 +128,8 @@ probe nd_syscall.add_key = kprobe.function("sys_add_key") ?
text_strn(user_string(payload_uaddr), syscall_string_trunc, 1),
plen, ringid)
}
-probe nd_syscall.add_key.return = kprobe.function("sys_add_key").return ?
+probe nd_syscall.add_key.return = kprobe.function("SyS_add_key").return ?,
+ kprobe.function("sys_add_key").return ?
{
name = "add_key"
retstr = returnstr(1)
@@ -131,7 +137,8 @@ probe nd_syscall.add_key.return = kprobe.function("sys_add_key").return ?
# adjtimex ___________________________________________________
# long sys_adjtimex(struct timex __user *txc_p)
-probe nd_syscall.adjtimex = kprobe.function("sys_adjtimex")
+probe nd_syscall.adjtimex = kprobe.function("SyS_adjtimex") ?,
+ kprobe.function("sys_adjtimex") ?
{
name = "adjtimex"
@@ -152,7 +159,8 @@ probe nd_syscall.adjtimex = kprobe.function("sys_adjtimex")
asmlinkage()
argstr = sprintf("%p", pointer_arg(1))
}
-probe nd_syscall.adjtimex.return = kprobe.function("sys_adjtimex").return
+probe nd_syscall.adjtimex.return = kprobe.function("SyS_adjtimex").return ?,
+ kprobe.function("sys_adjtimex").return ?
{
name = "adjtimex"
// retstr = _adjtimex_return_str($return)
@@ -176,8 +184,9 @@ probe nd_syscall.compat_adjtimex.return = kprobe.function("compat_sys_adjtimex")
# unsigned long sys_alarm (unsigned int seconds)
# long sys32_alarm(unsigned int seconds)
#
-probe nd_syscall.alarm = kprobe.function("sys_alarm") ?,
- kprobe.function("sys32_alarm") ?
+probe nd_syscall.alarm = kprobe.function("sys32_alarm") ?,
+ kprobe.function("SyS_alarm") ?,
+ kprobe.function("sys_alarm") ?
{
name = "alarm"
// seconds = $seconds
@@ -186,8 +195,9 @@ probe nd_syscall.alarm = kprobe.function("sys_alarm") ?,
seconds = uint_arg(1)
argstr = sprint(seconds)
}
-probe nd_syscall.alarm.return = kprobe.function("sys_alarm").return ?,
- kprobe.function("sys32_alarm").return ?
+probe nd_syscall.alarm.return = kprobe.function("sys32_alarm").return ?,
+ kprobe.function("SyS_alarm").return ?,
+ kprobe.function("sys_alarm").return ?
{
name = "alarm"
retstr = returnstr(1)
@@ -195,7 +205,8 @@ probe nd_syscall.alarm.return = kprobe.function("sys_alarm").return ?,
# bdflush ____________________________________________________
# long sys_bdflush(int func, long data)
-probe nd_syscall.bdflush = kprobe.function("sys_bdflush") ?
+probe nd_syscall.bdflush = kprobe.function("SyS_bdflush") ?,
+ kprobe.function("sys_bdflush") ?
{
name = "bdflush"
// func = $func
@@ -213,7 +224,8 @@ probe nd_syscall.bdflush = kprobe.function("sys_bdflush") ?
data_str = sprintf("%d", data)
argstr = sprintf("%d, %s", func, data_str)
}
-probe nd_syscall.bdflush.return = kprobe.function("sys_bdflush").return ?
+probe nd_syscall.bdflush.return = kprobe.function("SyS_bdflush").return ?,
+ kprobe.function("sys_bdflush").return ?
{
name = "bdflush"
retstr = returnstr(1)
@@ -221,7 +233,8 @@ probe nd_syscall.bdflush.return = kprobe.function("sys_bdflush").return ?
# bind _______________________________________________________
# long sys_bind(int fd, struct sockaddr __user *umyaddr, int addrlen)
-probe nd_syscall.bind = kprobe.function("sys_bind") ?
+probe nd_syscall.bind = kprobe.function("SyS_bind") ?,
+ kprobe.function("sys_bind") ?
{
name = "bind"
// sockfd = $fd
@@ -234,7 +247,8 @@ probe nd_syscall.bind = kprobe.function("sys_bind") ?
addrlen = int_arg(3)
argstr = sprintf("%d, %s, %d", sockfd, _struct_sockaddr_u(my_addr_uaddr, addrlen), addrlen)
}
-probe nd_syscall.bind.return = kprobe.function("sys_bind").return ?
+probe nd_syscall.bind.return = kprobe.function("SyS_bind").return ?,
+ kprobe.function("sys_bind").return ?
{
name = "bind"
retstr = returnstr(1)
@@ -242,8 +256,9 @@ probe nd_syscall.bind.return = kprobe.function("sys_bind").return ?
# brk ________________________________________________________
# unsigned long sys_brk(unsigned long brk)
-probe nd_syscall.brk = kprobe.function("sys_brk"),
- kprobe.function("ia64_brk") ?
+probe nd_syscall.brk = kprobe.function("ia64_brk") ?,
+ kprobe.function("SyS_brk") ?,
+ kprobe.function("sys_brk") ?
{
name = "brk"
// brk = $brk
@@ -251,8 +266,9 @@ probe nd_syscall.brk = kprobe.function("sys_brk"),
brk = ulong_arg(1)
argstr = sprintf("%p", brk)
}
-probe nd_syscall.brk.return = kprobe.function("sys_brk").return,
- kprobe.function("ia64_brk").return ?
+probe nd_syscall.brk.return = kprobe.function("ia64_brk").return ?,
+ kprobe.function("SyS_brk").return ?,
+ kprobe.function("sys_brk").return ?
{
name = "brk"
retstr = returnstr(1)
@@ -271,7 +287,8 @@ probe nd_syscall.brk.return = kprobe.function("sys_brk").return,
* functions to export.
*/
# long sys_capget(cap_user_header_t header, cap_user_data_t dataptr)
-probe nd_syscall.capget = kprobe.function("sys_capget")
+probe nd_syscall.capget = kprobe.function("SyS_capget") ?,
+ kprobe.function("sys_capget") ?
{
name = "capget"
// header_uaddr = $header
@@ -282,7 +299,8 @@ probe nd_syscall.capget = kprobe.function("sys_capget")
data_uaddr = pointer_arg(2)
argstr = sprintf("%p, %p", header_uaddr, data_uaddr)
}
-probe nd_syscall.capget.return = kprobe.function("sys_capget").return
+probe nd_syscall.capget.return = kprobe.function("SyS_capget").return ?,
+ kprobe.function("sys_capget").return ?
{
name = "capget"
retstr = returnstr(1)
@@ -300,7 +318,8 @@ probe nd_syscall.capget.return = kprobe.function("sys_capget").return
* functions to export.
*/
# long sys_capset(cap_user_header_t header, const cap_user_data_t data)
-probe nd_syscall.capset = kprobe.function("sys_capset")
+probe nd_syscall.capset = kprobe.function("SyS_capset") ?,
+ kprobe.function("sys_capset") ?
{
name = "capset"
// header_uaddr = $header
@@ -311,7 +330,8 @@ probe nd_syscall.capset = kprobe.function("sys_capset")
data_uaddr = pointer_arg(2)
argstr = sprintf("%p, %p", header_uaddr, data_uaddr)
}
-probe nd_syscall.capset.return = kprobe.function("sys_capset").return
+probe nd_syscall.capset.return = kprobe.function("SyS_capset").return ?,
+ kprobe.function("sys_capset").return ?
{
name = "capset"
retstr = returnstr(1)
@@ -319,7 +339,8 @@ probe nd_syscall.capset.return = kprobe.function("sys_capset").return
# chdir ______________________________________________________
# long sys_chdir(const char __user * filename)
-probe nd_syscall.chdir = kprobe.function("sys_chdir")
+probe nd_syscall.chdir = kprobe.function("SyS_chdir") ?,
+ kprobe.function("sys_chdir") ?
{
name = "chdir"
// path = user_string($filename)
@@ -328,7 +349,8 @@ probe nd_syscall.chdir = kprobe.function("sys_chdir")
path = user_string(pointer_arg(1))
argstr = user_string_quoted(pointer_arg(1))
}
-probe nd_syscall.chdir.return = kprobe.function("sys_chdir").return
+probe nd_syscall.chdir.return = kprobe.function("SyS_chdir").return ?,
+ kprobe.function("sys_chdir").return ?
{
name = "chdir"
retstr = returnstr(1)
@@ -336,7 +358,8 @@ probe nd_syscall.chdir.return = kprobe.function("sys_chdir").return
# chmod ______________________________________________________
# long sys_chmod(const char __user * filename, mode_t mode)
-probe nd_syscall.chmod = kprobe.function("sys_chmod")
+probe nd_syscall.chmod = kprobe.function("SyS_chmod") ?,
+ kprobe.function("sys_chmod") ?
{
name = "chmod"
// path = user_string($filename)
@@ -347,7 +370,8 @@ probe nd_syscall.chmod = kprobe.function("sys_chmod")
mode = uint_arg(2)
argstr = sprintf("%s, %#o", user_string_quoted(pointer_arg(1)), mode)
}
-probe nd_syscall.chmod.return = kprobe.function("sys_chmod").return
+probe nd_syscall.chmod.return = kprobe.function("SyS_chmod").return ?,
+ kprobe.function("sys_chmod").return ?
{
name = "chmod"
retstr = returnstr(1)
@@ -355,7 +379,8 @@ probe nd_syscall.chmod.return = kprobe.function("sys_chmod").return
# chown ______________________________________________________
# long sys_chown(const char __user * filename, uid_t user, gid_t group)
-probe nd_syscall.chown = kprobe.function("sys_chown")
+probe nd_syscall.chown = kprobe.function("SyS_chown") ?,
+ kprobe.function("sys_chown") ?
{
name = "chown"
// path = user_string($filename)
@@ -368,7 +393,8 @@ probe nd_syscall.chown = kprobe.function("sys_chown")
group = __int32(uint_arg(3))
argstr = sprintf("%s, %d, %d", user_string_quoted(pointer_arg(1)), owner, group)
}
-probe nd_syscall.chown.return = kprobe.function("sys_chown").return
+probe nd_syscall.chown.return = kprobe.function("SyS_chown").return ?,
+ kprobe.function("sys_chown").return ?
{
name = "chown"
retstr = returnstr(1)
@@ -398,7 +424,8 @@ probe nd_syscall.chown16.return = kprobe.function("sys_chown16").return ?
# chroot _____________________________________________________
# long sys_chroot(const char __user * filename)
-probe nd_syscall.chroot = kprobe.function("sys_chroot")
+probe nd_syscall.chroot = kprobe.function("SyS_chroot") ?,
+ kprobe.function("sys_chroot") ?
{
name = "chroot"
// path = user_string($filename)
@@ -407,7 +434,8 @@ probe nd_syscall.chroot = kprobe.function("sys_chroot")
path = user_string(pointer_arg(1))
argstr = user_string_quoted(pointer_arg(1))
}
-probe nd_syscall.chroot.return = kprobe.function("sys_chroot").return
+probe nd_syscall.chroot.return = kprobe.function("SyS_chroot").return ?,
+ kprobe.function("sys_chroot").return ?
{
name = "chroot"
retstr = returnstr(1)
@@ -417,8 +445,9 @@ probe nd_syscall.chroot.return = kprobe.function("sys_chroot").return
# long sys_clock_getres(clockid_t which_clock, struct timespec __user *tp)
# long compat_clock_getres(clockid_t which_clock, struct compat_timespec __user *tp)
#
-probe nd_syscall.clock_getres = kprobe.function("sys_clock_getres"),
- kprobe.function("compat_clock_getres") ?
+probe nd_syscall.clock_getres = kprobe.function("compat_clock_getres") ?,
+ kprobe.function("SyS_clock_getres") ?,
+ kprobe.function("sys_clock_getres") ?
{
name = "clock_getres"
// clk_id = $which_clock
@@ -431,8 +460,9 @@ probe nd_syscall.clock_getres = kprobe.function("sys_clock_getres"),
res_uaddr = pointer_arg(2)
argstr = sprintf("%s, %p", clk_id_str, res_uaddr)
}
-probe nd_syscall.clock_getres.return = kprobe.function("sys_clock_getres").return,
- kprobe.function("compat_clock_getres").return ?
+probe nd_syscall.clock_getres.return = kprobe.function("compat_clock_getres").return ?,
+ kprobe.function("SyS_clock_getres").return ?,
+ kprobe.function("sys_clock_getres").return ?
{
name = "clock_getres"
retstr = returnstr(1)
@@ -441,7 +471,8 @@ probe nd_syscall.clock_getres.return = kprobe.function("sys_clock_getres").retur
# clock_gettime ______________________________________________
# long sys_clock_gettime(clockid_t which_clock, struct timespec __user *tp)
#
-probe nd_syscall.clock_gettime = kprobe.function("sys_clock_gettime")
+probe nd_syscall.clock_gettime = kprobe.function("SyS_clock_gettime") ?,
+ kprobe.function("sys_clock_gettime") ?
{
name = "clock_gettime"
// clk_id = $which_clock
@@ -452,7 +483,8 @@ probe nd_syscall.clock_gettime = kprobe.function("sys_clock_gettime")
clk_id_str = _get_wc_str(clk_id)
argstr = sprintf("%s, %p", clk_id_str, pointer_arg(2))
}
-probe nd_syscall.clock_gettime.return = kprobe.function("sys_clock_gettime").return
+probe nd_syscall.clock_gettime.return = kprobe.function("SyS_clock_gettime").return ?,
+ kprobe.function("sys_clock_gettime").return ?
{
name = "clock_gettime"
retstr = returnstr(1)
@@ -464,7 +496,8 @@ probe nd_syscall.clock_gettime.return = kprobe.function("sys_clock_gettime").ret
# const struct timespec __user *rqtp,
# struct timespec __user *rmtp)
#
-probe nd_syscall.clock_nanosleep = kprobe.function("sys_clock_nanosleep")
+probe nd_syscall.clock_nanosleep = kprobe.function("SyS_clock_nanosleep") ?,
+ kprobe.function("sys_clock_nanosleep") ?
{
name = "clock_nanosleep"
// if ($flags == 1)
@@ -482,7 +515,8 @@ probe nd_syscall.clock_nanosleep = kprobe.function("sys_clock_nanosleep")
argstr = sprintf("%s, %s, %s, %p", _get_wc_str(int_arg(1)), flag_str,
_struct_timespec_u(pointer_arg(3), 1), pointer_arg(4))
}
-probe nd_syscall.clock_nanosleep.return = kprobe.function("sys_clock_nanosleep").return
+probe nd_syscall.clock_nanosleep.return = kprobe.function("SyS_clock_nanosleep").return ?,
+ kprobe.function("sys_clock_nanosleep").return ?
{
name = "clock_nanosleep"
retstr = returnstr(1)
@@ -524,7 +558,8 @@ probe nd_syscall.compat_clock_nanosleep.return = kprobe.function("compat_clock_n
# long sys_clock_settime(clockid_t which_clock,
# const struct timespec __user *tp)
#
-probe nd_syscall.clock_settime = kprobe.function("sys_clock_settime")
+probe nd_syscall.clock_settime = kprobe.function("SyS_clock_settime") ?,
+ kprobe.function("sys_clock_settime") ?
{
name = "clock_settime"
// clk_id = $which_clock
@@ -537,7 +572,8 @@ probe nd_syscall.clock_settime = kprobe.function("sys_clock_settime")
tp_uaddr = pointer_arg(2)
argstr = sprintf("%s, %s", clk_id_str, _struct_timespec_u(tp_uaddr, 1))
}
-probe nd_syscall.clock_settime.return = kprobe.function("sys_clock_settime").return
+probe nd_syscall.clock_settime.return = kprobe.function("SyS_clock_settime").return ?,
+ kprobe.function("sys_clock_settime").return ?
{
name = "clock_settime"
retstr = returnstr(1)
@@ -545,7 +581,8 @@ probe nd_syscall.clock_settime.return = kprobe.function("sys_clock_settime").ret
# close ______________________________________________________
# long sys_close(unsigned int fd)
-probe nd_syscall.close = kprobe.function("sys_close")
+probe nd_syscall.close = kprobe.function("SyS_close") ?,
+ kprobe.function("sys_close") ?
{
name = "close"
// fd = $fd
@@ -553,14 +590,16 @@ probe nd_syscall.close = kprobe.function("sys_close")
fd = int_arg(1)
argstr = sprint(fd)
}
-probe nd_syscall.close.return = kprobe.function("sys_close").return
+probe nd_syscall.close.return = kprobe.function("SyS_close").return ?,
+ kprobe.function("sys_close").return ?
{
name = "close"
retstr = returnstr(1)
}
# connect ____________________________________________________
# long sys_connect(int fd, struct sockaddr __user *uservaddr, int addrlen)
-probe nd_syscall.connect = kprobe.function("sys_connect") ?
+probe nd_syscall.connect = kprobe.function("SyS_connect") ?,
+ kprobe.function("sys_connect") ?
{
name = "connect"
// sockfd = $fd
@@ -573,7 +612,8 @@ probe nd_syscall.connect = kprobe.function("sys_connect") ?
addrlen = int_arg(3)
argstr = sprintf("%d, %s, %d", sockfd, _struct_sockaddr_u(serv_addr_uaddr, addrlen), addrlen)
}
-probe nd_syscall.connect.return = kprobe.function("sys_connect").return ?
+probe nd_syscall.connect.return = kprobe.function("SyS_connect").return ?,
+ kprobe.function("sys_connect").return ?
{
name = "connect"
retstr = returnstr(1)
@@ -581,7 +621,8 @@ probe nd_syscall.connect.return = kprobe.function("sys_connect").return ?
# creat
# long sys_creat(const char __user * pathname, int mode)
-probe nd_syscall.creat = kprobe.function("sys_creat") ?
+probe nd_syscall.creat = kprobe.function("SyS_creat") ?,
+ kprobe.function("sys_creat") ?
{
name = "creat"
// mode = $mode
@@ -592,7 +633,8 @@ probe nd_syscall.creat = kprobe.function("sys_creat") ?
pathname = user_string(pointer_arg(1))
argstr = sprintf("%s, %#o", user_string_quoted(pointer_arg(1)), mode)
}
-probe nd_syscall.creat.return = kprobe.function("sys_creat").return ?
+probe nd_syscall.creat.return = kprobe.function("SyS_creat").return ?,
+ kprobe.function("sys_creat").return ?
{
name = "creat"
retstr = returnstr(1)
@@ -600,7 +642,8 @@ probe nd_syscall.creat.return = kprobe.function("sys_creat").return ?
# delete_module ______________________________________________
# long sys_delete_module(const char __user *name_user, unsigned int flags)
-probe nd_syscall.delete_module = kprobe.function("sys_delete_module") ?
+probe nd_syscall.delete_module = kprobe.function("SyS_delete_module") ?,
+ kprobe.function("sys_delete_module") ?
{
name = "delete_module"
// name_user = user_string($name_user)
@@ -611,7 +654,8 @@ probe nd_syscall.delete_module = kprobe.function("sys_delete_module") ?
flags = uint_arg(2)
argstr = sprintf("%s, %s", user_string_quoted(pointer_arg(1)), _module_flags_str(uint_arg(2)))
}
-probe nd_syscall.delete_module.return = kprobe.function("sys_delete_module").return ?
+probe nd_syscall.delete_module.return = kprobe.function("SyS_delete_module").return ?,
+ kprobe.function("sys_delete_module").return ?
{
name = "delete_module"
retstr = returnstr(1)
@@ -619,7 +663,8 @@ probe nd_syscall.delete_module.return = kprobe.function("sys_delete_module").ret
# dup ________________________________________________________
# long sys_dup(unsigned int fildes)
-probe nd_syscall.dup = kprobe.function("sys_dup")
+probe nd_syscall.dup = kprobe.function("SyS_dup") ?,
+ kprobe.function("sys_dup") ?
{
name = "dup"
// oldfd = $fildes
@@ -628,7 +673,8 @@ probe nd_syscall.dup = kprobe.function("sys_dup")
old_fd = int_arg(1)
argstr = sprint(old_fd)
}
-probe nd_syscall.dup.return = kprobe.function("sys_dup").return
+probe nd_syscall.dup.return = kprobe.function("SyS_dup").return ?,
+ kprobe.function("sys_dup").return ?
{
name = "dup"
retstr = returnstr(1)
@@ -636,7 +682,8 @@ probe nd_syscall.dup.return = kprobe.function("sys_dup").return
# dup2 _______________________________________________________
# long sys_dup2(unsigned int oldfd, unsigned int newfd)
-probe nd_syscall.dup2 = kprobe.function("sys_dup2")
+probe nd_syscall.dup2 = kprobe.function("SyS_dup2") ?,
+ kprobe.function("sys_dup2") ?
{
name = "dup2"
// oldfd = $oldfd
@@ -647,7 +694,8 @@ probe nd_syscall.dup2 = kprobe.function("sys_dup2")
newfd = int_arg(2)
argstr = sprintf("%d, %d", oldfd, newfd)
}
-probe nd_syscall.dup2.return = kprobe.function("sys_dup2").return
+probe nd_syscall.dup2.return = kprobe.function("SyS_dup2").return ?,
+ kprobe.function("sys_dup2").return ?
{
name = "dup2"
retstr = returnstr(1)
@@ -655,7 +703,8 @@ probe nd_syscall.dup2.return = kprobe.function("sys_dup2").return
# epoll_create _______________________________________________
# long sys_epoll_create(int size)
-probe nd_syscall.epoll_create = kprobe.function("sys_epoll_create") ?
+probe nd_syscall.epoll_create = kprobe.function("SyS_epoll_create") ?,
+ kprobe.function("sys_epoll_create") ?
{
name = "epoll_create"
// size = $size
@@ -664,7 +713,8 @@ probe nd_syscall.epoll_create = kprobe.function("sys_epoll_create") ?
size = int_arg(1)
argstr = sprint(size)
}
-probe nd_syscall.epoll_create.return = kprobe.function("sys_epoll_create").return ?
+probe nd_syscall.epoll_create.return = kprobe.function("SyS_epoll_create").return ?,
+ kprobe.function("sys_epoll_create").return ?
{
name = "epoll_create"
retstr = returnstr(1)
@@ -676,8 +726,9 @@ probe nd_syscall.epoll_create.return = kprobe.function("sys_epoll_create").retur
# long compat_sys_epoll_ctl(int epfd, int op, int fd,
# struct compat_epoll_event __user *event)
#
-probe nd_syscall.epoll_ctl = kprobe.function("sys_epoll_ctl") ?,
- kprobe.function("compat_sys_epoll_ctl") ?
+probe nd_syscall.epoll_ctl = kprobe.function("compat_sys_epoll_ctl") ?,
+ kprobe.function("SyS_epoll_ctl") ?,
+ kprobe.function("sys_epoll_ctl") ?
{
name = "epoll_ctl"
// epfd = $epfd
@@ -694,8 +745,9 @@ probe nd_syscall.epoll_ctl = kprobe.function("sys_epoll_ctl") ?,
event_uaddr = pointer_arg(4)
argstr = sprintf("%d, %s, %d, %p", epfd, op_str, fd, event_uaddr)
}
-probe nd_syscall.epoll_ctl.return = kprobe.function("sys_epoll_ctl").return ?,
- kprobe.function("compat_sys_epoll_ctl").return ?
+probe nd_syscall.epoll_ctl.return = kprobe.function("compat_sys_epoll_ctl").return ?,
+ kprobe.function("SyS_epoll_ctl").return ?,
+ kprobe.function("sys_epoll_ctl").return ?
{
name = "epoll_ctl"
retstr = returnstr(1)
@@ -712,8 +764,9 @@ probe nd_syscall.epoll_ctl.return = kprobe.function("sys_epoll_ctl").return ?,
# const compat_sigset_t __user *sigmask,
# compat_size_t sigsetsize)
#
-probe nd_syscall.epoll_pwait = kprobe.function("sys_epoll_pwait") ?,
- kprobe.function("compat_sys_epoll_pwait") ?
+probe nd_syscall.epoll_pwait = kprobe.function("compat_sys_epoll_pwait") ?,
+ kprobe.function("SyS_epoll_pwait") ?,
+ kprobe.function("sys_epoll_pwait") ?
{
name = "epoll_pwait"
asmlinkage()
@@ -721,8 +774,9 @@ probe nd_syscall.epoll_pwait = kprobe.function("sys_epoll_pwait") ?,
// $epfd, $events, $maxevents, $timeout, $sigmask, $sigsetsize)
int_arg(1), pointer_arg(2), int_arg(3), int_arg(4), pointer_arg(5), ulong_arg(6))
}
-probe nd_syscall.epoll_pwait.return = kprobe.function("sys_epoll_pwait").return ?,
- kprobe.function("compat_sys_epoll_pwait").return ?
+probe nd_syscall.epoll_pwait.return = kprobe.function("compat_sys_epoll_pwait").return ?,
+ kprobe.function("SyS_epoll_pwait").return ?,
+ kprobe.function("sys_epoll_pwait").return ?
{
name = "epoll_pwait"
retstr = returnstr(1)
@@ -736,8 +790,9 @@ probe nd_syscall.epoll_pwait.return = kprobe.function("sys_epoll_pwait").return
# struct compat_epoll_event __user *events,
# int maxevents, int timeout)
#
-probe nd_syscall.epoll_wait = kprobe.function("sys_epoll_wait") ?,
- kprobe.function("compat_sys_epoll_wait") ?
+probe nd_syscall.epoll_wait = kprobe.function("compat_sys_epoll_wait") ?,
+ kprobe.function("SyS_epoll_wait") ?,
+ kprobe.function("sys_epoll_wait") ?
{
name = "epoll_wait"
// epfd = $epfd
@@ -752,8 +807,9 @@ probe nd_syscall.epoll_wait = kprobe.function("sys_epoll_wait") ?,
timeout = int_arg(4)
argstr = sprintf("%d, %p, %d, %d", epfd, events_uaddr, maxevents, timeout)
}
-probe nd_syscall.epoll_wait.return = kprobe.function("sys_epoll_wait").return ?,
- kprobe.function("compat_sys_epoll_wait").return ?
+probe nd_syscall.epoll_wait.return = kprobe.function("compat_sys_epoll_wait").return ?,
+ kprobe.function("SyS_epoll_wait").return ?,
+ kprobe.function("sys_epoll_wait").return ?
{
name = "epoll_wait"
retstr = returnstr(1)
@@ -762,14 +818,16 @@ probe nd_syscall.epoll_wait.return = kprobe.function("sys_epoll_wait").return ?,
# eventfd _____________________________________________________
# long sys_eventfd(unsigned int count)
#
-probe nd_syscall.eventfd = kprobe.function("sys_eventfd") ?
+probe nd_syscall.eventfd = kprobe.function("SyS_eventfd") ?,
+ kprobe.function("sys_eventfd") ?
{
name = "eventfd"
// argstr = sprint($count)
asmlinkage()
argstr = sprint(uint_arg(1))
}
-probe nd_syscall.eventfd.return = kprobe.function("sys_eventfd").return ?
+probe nd_syscall.eventfd.return = kprobe.function("SyS_eventfd").return ?,
+ kprobe.function("sys_eventfd").return ?
{
name = "eventfd"
retstr = returnstr(1)
@@ -838,7 +896,8 @@ probe nd_syscall.exit = kprobe.function("do_exit")
# exit_group _________________________________________________
# void sys_exit_group(int error_code)
#
-probe nd_syscall.exit_group = kprobe.function("sys_exit_group")
+probe nd_syscall.exit_group = kprobe.function("SyS_exit_group") ?,
+ kprobe.function("sys_exit_group") ?
{
name = "exit_group"
// status = $error_code
@@ -853,7 +912,8 @@ probe nd_syscall.exit_group = kprobe.function("sys_exit_group")
# faccessat __________________________________________________
# new function with 2.6.16
# long sys_faccessat(int dfd, const char __user *filename, int mode)
-probe nd_syscall.faccessat = kprobe.function("sys_faccessat") ?
+probe nd_syscall.faccessat = kprobe.function("SyS_faccessat") ?,
+ kprobe.function("sys_faccessat") ?
{
name = "faccessat"
// dirfd = $dfd
@@ -870,7 +930,8 @@ probe nd_syscall.faccessat = kprobe.function("sys_faccessat") ?
mode_str = _access_mode_str(mode)
argstr = sprintf("%s, %s, %s", dirfd_str, user_string_quoted(pointer_arg(2)), mode_str)
}
-probe nd_syscall.faccessat.return = kprobe.function("sys_faccessat").return ?
+probe nd_syscall.faccessat.return = kprobe.function("SyS_faccessat").return ?,
+ kprobe.function("sys_faccessat").return ?
{
name = "faccessat"
retstr = returnstr(1)
@@ -880,7 +941,8 @@ probe nd_syscall.faccessat.return = kprobe.function("sys_faccessat").return ?
# fadvise64 __________________________________________________
# long sys_fadvise64(int fd, loff_t offset, size_t len, int advice)
#
-probe nd_syscall.fadvise64 = kprobe.function("sys_fadvise64") ?
+probe nd_syscall.fadvise64 = kprobe.function("SyS_fadvise64") ?,
+ kprobe.function("sys_fadvise64") ?
{
name = "fadvise64"
// fd = $fd
@@ -895,7 +957,8 @@ probe nd_syscall.fadvise64 = kprobe.function("sys_fadvise64") ?
advice = int_arg(4)
argstr = sprintf("%d, %d, %d, %s", fd, offset, len, _fadvice_advice_str(advice))
}
-probe nd_syscall.fadvise64.return = kprobe.function("sys_fadvise64").return ?
+probe nd_syscall.fadvise64.return = kprobe.function("SyS_fadvise64").return ?,
+ kprobe.function("sys_fadvise64").return ?
{
name = "fadvise64"
retstr = returnstr(1)
@@ -904,7 +967,8 @@ probe nd_syscall.fadvise64.return = kprobe.function("sys_fadvise64").return ?
# fadvise64_64 _______________________________________________
# long sys_fadvise64_64(int fd, loff_t offset, loff_t len, int advice)
#
-probe nd_syscall.fadvise64_64 = kprobe.function("sys_fadvise64_64")
+probe nd_syscall.fadvise64_64 = kprobe.function("SyS_fadvise64_64") ?,
+ kprobe.function("sys_fadvise64_64") ?
{
name = "fadvise64_64"
// fd = $fd
@@ -919,7 +983,8 @@ probe nd_syscall.fadvise64_64 = kprobe.function("sys_fadvise64_64")
advice = int_arg(4)
argstr = sprintf("%d, %d, %d, %s", fd, offset, len, _fadvice_advice_str(advice))
}
-probe nd_syscall.fadvise64_64.return = kprobe.function("sys_fadvise64_64").return
+probe nd_syscall.fadvise64_64.return = kprobe.function("SyS_fadvise64_64").return ?,
+ kprobe.function("sys_fadvise64_64").return ?
{
name = "fadvise64_64"
retstr = returnstr(1)
@@ -930,7 +995,8 @@ probe nd_syscall.fadvise64_64.return = kprobe.function("sys_fadvise64_64").retur
# fadvise64 __________________________________________________
# long sys_fadvise64(int fd, loff_t offset, size_t len, int advice)
#
-probe nd_syscall.fadvise64 = kprobe.function("sys_fadvise64")
+probe nd_syscall.fadvise64 = kprobe.function("SyS_fadvise64") ?,
+ kprobe.function("sys_fadvise64") ?
{
name = "fadvise64"
fd = 0
@@ -939,7 +1005,8 @@ probe nd_syscall.fadvise64 = kprobe.function("sys_fadvise64")
advice = 0
argstr = ""
}
-probe nd_syscall.fadvise64.return = kprobe.function("sys_fadvise64").return
+probe nd_syscall.fadvise64.return = kprobe.function("SyS_fadvise64").return ?,
+ kprobe.function("sys_fadvise64").return ?
{
name = "fadvise64"
retstr = returnstr(1)
@@ -948,7 +1015,8 @@ probe nd_syscall.fadvise64.return = kprobe.function("sys_fadvise64").return
# fadvise64_64 _______________________________________________
# long sys_fadvise64_64(int fd, loff_t offset, loff_t len, int advice)
#
-probe nd_syscall.fadvise64_64 = kprobe.function("sys_fadvise64_64")
+probe nd_syscall.fadvise64_64 = kprobe.function("SyS_fadvise64_64") ?,
+ kprobe.function("sys_fadvise64_64") ?
{
name = "fadvise64_64"
fd = 0
@@ -957,7 +1025,8 @@ probe nd_syscall.fadvise64_64 = kprobe.function("sys_fadvise64_64")
advice = 0
argstr = ""
}
-probe nd_syscall.fadvise64_64.return = kprobe.function("sys_fadvise64_64").return
+probe nd_syscall.fadvise64_64.return = kprobe.function("SyS_fadvise64_64").return ?,
+ kprobe.function("sys_fadvise64_64").return ?
{
name = "fadvise64_64"
retstr = returnstr(1)
@@ -966,7 +1035,8 @@ probe nd_syscall.fadvise64_64.return = kprobe.function("sys_fadvise64_64").retur
# fchdir _____________________________________________________
# long sys_fchdir(unsigned int fd)
-probe nd_syscall.fchdir = kprobe.function("sys_fchdir")
+probe nd_syscall.fchdir = kprobe.function("SyS_fchdir") ?,
+ kprobe.function("sys_fchdir") ?
{
name = "fchdir"
// fd = $fd
@@ -975,7 +1045,8 @@ probe nd_syscall.fchdir = kprobe.function("sys_fchdir")
fd = int_arg(1)
argstr = sprint(fd)
}
-probe nd_syscall.fchdir.return = kprobe.function("sys_fchdir").return
+probe nd_syscall.fchdir.return = kprobe.function("SyS_fchdir").return ?,
+ kprobe.function("sys_fchdir").return ?
{
name = "fchdir"
retstr = returnstr(1)
@@ -983,7 +1054,8 @@ probe nd_syscall.fchdir.return = kprobe.function("sys_fchdir").return
# fchmod _____________________________________________________
# long sys_fchmod(unsigned int fd, mode_t mode)
-probe nd_syscall.fchmod = kprobe.function("sys_fchmod")
+probe nd_syscall.fchmod = kprobe.function("SyS_fchmod") ?,
+ kprobe.function("sys_fchmod") ?
{
name = "fchmod"
// fildes = $fd
@@ -993,7 +1065,8 @@ probe nd_syscall.fchmod = kprobe.function("sys_fchmod")
mode = uint_arg(2) # SAFE?
argstr = sprintf("%d, %#o", fildes, mode)
}
-probe nd_syscall.fchmod.return = kprobe.function("sys_fchmod").return
+probe nd_syscall.fchmod.return = kprobe.function("SyS_fchmod").return ?,
+ kprobe.function("sys_fchmod").return ?
{
name = "fchmod"
retstr = returnstr(1)
@@ -1003,7 +1076,8 @@ probe nd_syscall.fchmod.return = kprobe.function("sys_fchmod").return
# new function with 2.6.16
# long sys_fchmodat(int dfd, const char __user *filename,
# mode_t mode)
-probe nd_syscall.fchmodat = kprobe.function("sys_fchmodat") ?
+probe nd_syscall.fchmodat = kprobe.function("SyS_fchmodat") ?,
+ kprobe.function("sys_fchmodat") ?
{
name = "fchmodat"
// dirfd = $dfd
@@ -1018,7 +1092,8 @@ probe nd_syscall.fchmodat = kprobe.function("sys_fchmodat") ?
mode = uint_arg(3)
argstr = sprintf("%s, %s, %#o", dirfd_str, user_string_quoted(pointer_arg(2)), mode)
}
-probe nd_syscall.fchmodat.return = kprobe.function("sys_fchmodat").return ?
+probe nd_syscall.fchmodat.return = kprobe.function("SyS_fchmodat").return ?,
+ kprobe.function("sys_fchmodat").return ?
{
name = "fchmodat"
retstr = returnstr(1)
@@ -1026,7 +1101,8 @@ probe nd_syscall.fchmodat.return = kprobe.function("sys_fchmodat").return ?
# fchown _____________________________________________________
# long sys_fchown(unsigned int fd, uid_t user, gid_t group)
-probe nd_syscall.fchown = kprobe.function("sys_fchown")
+probe nd_syscall.fchown = kprobe.function("SyS_fchown") ?,
+ kprobe.function("sys_fchown") ?
{
name = "fchown"
// fd = $fd
@@ -1039,7 +1115,8 @@ probe nd_syscall.fchown = kprobe.function("sys_fchown")
group = __int32(uint_arg(3))
argstr = sprintf("%d, %d, %d", fd, owner, group)
}
-probe nd_syscall.fchown.return = kprobe.function("sys_fchown").return
+probe nd_syscall.fchown.return = kprobe.function("SyS_fchown").return ?,
+ kprobe.function("sys_fchown").return ?
{
name = "fchown"
retstr = returnstr(1)
@@ -1070,7 +1147,8 @@ probe nd_syscall.fchown16.return = kprobe.function("sys_fchown16").return ?
# new function with 2.6.16
# long sys_fchownat(int dfd, const char __user *filename,
# uid_t user, gid_t group, int flag)
-probe nd_syscall.fchownat = kprobe.function("sys_fchownat") ?
+probe nd_syscall.fchownat = kprobe.function("SyS_fchownat") ?,
+ kprobe.function("sys_fchownat") ?
{
name = "fchownat"
// dirfd = $dfd
@@ -1093,7 +1171,8 @@ probe nd_syscall.fchownat = kprobe.function("sys_fchownat") ?
argstr = sprintf("%s, %s, %d, %d, %s",
dirfd_str, user_string_quoted(pointer_arg(2)), owner, group, flags_str)
}
-probe nd_syscall.fchownat.return = kprobe.function("sys_fchownat").return ?
+probe nd_syscall.fchownat.return = kprobe.function("SyS_fchownat").return ?,
+ kprobe.function("sys_fchownat").return ?
{
name = "fchownat"
retstr = returnstr(1)
@@ -1105,10 +1184,11 @@ probe nd_syscall.fchownat.return = kprobe.function("sys_fchownat").return ?
# long compat_sys_fcntl64(unsigned int fd, unsigned int cmd, unsigned long arg)
# long compat_sys_fcntl(unsigned int fd, unsigned int cmd, unsigned long arg)
#
-probe nd_syscall.fcntl = kprobe.function("sys_fcntl") ?,
+probe nd_syscall.fcntl = kprobe.function("compat_sys_fcntl") ?,
+ kprobe.function("compat_sys_fcntl64") ?,
kprobe.function("sys_fcntl64") ?,
- kprobe.function("compat_sys_fcntl") ?,
- kprobe.function("compat_sys_fcntl64") ?
+ kprobe.function("SyS_fcntl") ?,
+ kprobe.function("sys_fcntl") ?
{
name = "fcntl"
// fd = $fd
@@ -1123,10 +1203,11 @@ probe nd_syscall.fcntl = kprobe.function("sys_fcntl") ?,
arg = long_arg(3)
argstr = sprintf("%d, %s, %p", fd, cmd_str, arg)
}
-probe nd_syscall.fcntl.return = kprobe.function("sys_fcntl").return ?,
+probe nd_syscall.fcntl.return = kprobe.function("compat_sys_fcntl").return ?,
+ kprobe.function("compat_sys_fcntl64").return ?,
kprobe.function("sys_fcntl64").return ?,
- kprobe.function("compat_sys_fcntl").return ?,
- kprobe.function("compat_sys_fcntl64").return ?
+ kprobe.function("SyS_fcntl").return ?,
+ kprobe.function("sys_fcntl").return ?
{
name = "fcntl"
retstr = returnstr(1)
@@ -1134,7 +1215,8 @@ probe nd_syscall.fcntl.return = kprobe.function("sys_fcntl").return ?,
# fdatasync __________________________________________________
# long sys_fdatasync(unsigned int fd)
-probe nd_syscall.fdatasync = kprobe.function("sys_fdatasync")
+probe nd_syscall.fdatasync = kprobe.function("SyS_fdatasync") ?,
+ kprobe.function("sys_fdatasync") ?
{
name = "fdatasync"
// fd = $fd
@@ -1142,7 +1224,8 @@ probe nd_syscall.fdatasync = kprobe.function("sys_fdatasync")
fd = int_arg(1)
argstr = sprint(fd)
}
-probe nd_syscall.fdatasync.return = kprobe.function("sys_fdatasync").return
+probe nd_syscall.fdatasync.return = kprobe.function("SyS_fdatasync").return ?,
+ kprobe.function("sys_fdatasync").return ?
{
name = "fdatasync"
retstr = returnstr(1)
@@ -1151,7 +1234,8 @@ probe nd_syscall.fdatasync.return = kprobe.function("sys_fdatasync").return
# fgetxattr __________________________________________________
# ssize_t sys_fgetxattr(int fd, char __user *name,
# void __user *value, size_t size)
-probe nd_syscall.fgetxattr = kprobe.function("sys_fgetxattr")
+probe nd_syscall.fgetxattr = kprobe.function("SyS_fgetxattr") ?,
+ kprobe.function("sys_fgetxattr") ?
{
name = "fgetxattr"
// filedes = $fd
@@ -1167,14 +1251,16 @@ probe nd_syscall.fgetxattr = kprobe.function("sys_fgetxattr")
size = ulong_arg(4)
argstr = sprintf("%d, %s, %p, %d", filedes, user_string_quoted(pointer_arg(2)), value_uaddr, size)
}
-probe nd_syscall.fgetxattr.return = kprobe.function("sys_fgetxattr").return
+probe nd_syscall.fgetxattr.return = kprobe.function("SyS_fgetxattr").return ?,
+ kprobe.function("sys_fgetxattr").return ?
{
name = "fgetxattr"
retstr = returnstr(1)
}
# flistxattr _________________________________________________
# ssize_t sys_flistxattr(int fd, char __user *list, size_t size)
-probe nd_syscall.flistxattr = kprobe.function("sys_flistxattr")
+probe nd_syscall.flistxattr = kprobe.function("SyS_flistxattr") ?,
+ kprobe.function("sys_flistxattr") ?
{
name = "flistxattr"
// filedes = $fd
@@ -1186,7 +1272,8 @@ probe nd_syscall.flistxattr = kprobe.function("sys_flistxattr")
size = ulong_arg(3)
argstr = sprintf("%d, %p, %d", filedes, list_uaddr, size)
}
-probe nd_syscall.flistxattr.return = kprobe.function("sys_flistxattr").return
+probe nd_syscall.flistxattr.return = kprobe.function("SyS_flistxattr").return ?,
+ kprobe.function("sys_flistxattr").return ?
{
name = "flistxattr"
retstr = returnstr(1)
@@ -1194,7 +1281,8 @@ probe nd_syscall.flistxattr.return = kprobe.function("sys_flistxattr").return
# flock ______________________________________________________
# long sys_flock(unsigned int fd, unsigned int cmd)
-probe nd_syscall.flock = kprobe.function("sys_flock")
+probe nd_syscall.flock = kprobe.function("SyS_flock") ?,
+ kprobe.function("sys_flock") ?
{
name = "flock"
// fd = $fd
@@ -1204,7 +1292,8 @@ probe nd_syscall.flock = kprobe.function("sys_flock")
operation = int_arg(2)
argstr = sprintf("%d, %s", fd, _flock_cmd_str(operation))
}
-probe nd_syscall.flock.return = kprobe.function("sys_flock").return
+probe nd_syscall.flock.return = kprobe.function("SyS_flock").return ?,
+ kprobe.function("sys_flock").return ?
{
name = "flock"
retstr = returnstr(1)
@@ -1285,7 +1374,8 @@ probe nd_syscall.fork.return = kprobe.function("do_fork").return
}
# fremovexattr _______________________________________________
# long sys_fremovexattr(int fd, char __user *name)
-probe nd_syscall.fremovexattr = kprobe.function("sys_fremovexattr")
+probe nd_syscall.fremovexattr = kprobe.function("SyS_fremovexattr") ?,
+ kprobe.function("sys_fremovexattr") ?
{
name = "fremovexattr"
// filedes = $fd
@@ -1297,7 +1387,8 @@ probe nd_syscall.fremovexattr = kprobe.function("sys_fremovexattr")
name2 = user_string(pointer_arg(2))
argstr = sprintf("%d, %s", filedes, user_string_quoted(pointer_arg(2)))
}
-probe nd_syscall.fremovexattr.return = kprobe.function("sys_fremovexattr").return
+probe nd_syscall.fremovexattr.return = kprobe.function("SyS_fremovexattr").return ?,
+ kprobe.function("sys_fremovexattr").return ?
{
name = "fremovexattr"
retstr = returnstr(1)
@@ -1312,7 +1403,8 @@ probe nd_syscall.fremovexattr.return = kprobe.function("sys_fremovexattr").retur
* size_t size,
* int flags)
*/
-probe nd_syscall.fsetxattr = kprobe.function("sys_fsetxattr")
+probe nd_syscall.fsetxattr = kprobe.function("SyS_fsetxattr") ?,
+ kprobe.function("sys_fsetxattr") ?
{
name = "fsetxattr"
// filedes = $fd
@@ -1330,7 +1422,8 @@ probe nd_syscall.fsetxattr = kprobe.function("sys_fsetxattr")
flags = int_arg(5)
argstr = sprintf("%d, %s, %p, %d, %p", filedes, user_string_quoted(pointer_arg(2)), value_uaddr, size, flags)
}
-probe nd_syscall.fsetxattr.return = kprobe.function("sys_fsetxattr").return
+probe nd_syscall.fsetxattr.return = kprobe.function("SyS_fsetxattr").return ?,
+ kprobe.function("sys_fsetxattr").return ?
{
name = "fsetxattr"
retstr = returnstr(1)
@@ -1346,8 +1439,10 @@ probe nd_syscall.fsetxattr.return = kprobe.function("sys_fsetxattr").return
# long compat_sys_newfstat(unsigned int fd, struct compat_stat __user * statbuf)
#
probe nd_syscall.fstat = kprobe.function("sys_fstat") ?,
+ kprobe.function("SyS_fstat64") ?,
kprobe.function("sys_fstat64") ?,
kprobe.function("sys32_fstat64") ?,
+ kprobe.function("SyS_newfstat") ?,
kprobe.function("sys_newfstat") ?,
kprobe.function("sys_oabi_fstat64") ?,
kprobe.function("compat_sys_newfstat") ?
@@ -1362,8 +1457,10 @@ probe nd_syscall.fstat = kprobe.function("sys_fstat") ?,
argstr = sprintf("%d, %p", filedes, buf_uaddr)
}
probe nd_syscall.fstat.return = kprobe.function("sys_fstat").return ?,
+ kprobe.function("SyS_fstat64").return ?,
kprobe.function("sys_fstat64").return ?,
kprobe.function("sys32_fstat64").return ?,
+ kprobe.function("SyS_newfstat").return ?,
kprobe.function("sys_newfstat").return ?,
kprobe.function("sys_oabi_fstat64").return ?,
kprobe.function("compat_sys_newfstat").return ?
@@ -1377,7 +1474,9 @@ probe nd_syscall.fstat.return = kprobe.function("sys_fstat").return ?,
# long sys_newfstatat(int dfd, char __user *filename, struct stat __user *statbuf, int flag)
# long sys_fstatat64(int dfd, char __user *filename, struct stat64 __user *statbuf, int flag)
# long compat_sys_newfstatat(unsigned int dfd, char __user *filename, struct compat_stat __user *statbuf, int flag)
-probe nd_syscall.fstatat = kprobe.function("sys_fstatat64") ?,
+probe nd_syscall.fstatat = kprobe.function("SyS_fstatat64") ?,
+ kprobe.function("sys_fstatat64") ?,
+ kprobe.function("SyS_newfstatat") ?,
kprobe.function("sys_newfstatat") ?,
kprobe.function("compat_sys_newfstatat") ?,
kprobe.function("sys32_fstatat64") ?
@@ -1393,7 +1492,9 @@ probe nd_syscall.fstatat = kprobe.function("sys_fstatat64") ?,
buf_uaddr = pointer_arg(3)
argstr = sprintf("%s, %s, %p, %s", _dfd_str(dirfd), user_string_quoted(pointer_arg(2)), buf_uaddr, _at_flag_str(int_arg(4)))
}
-probe nd_syscall.fstatat.return = kprobe.function("sys_fstatat64").return ?,
+probe nd_syscall.fstatat.return = kprobe.function("SyS_fstatat64").return ?,
+ kprobe.function("sys_fstatat64").return ?,
+ kprobe.function("SyS_newfstatat").return ?,
kprobe.function("sys_newfstatat").return ?,
kprobe.function("compat_sys_newfstatat").return ?,
kprobe.function("sys32_fstatat64").return ?
@@ -1406,8 +1507,9 @@ probe nd_syscall.fstatat.return = kprobe.function("sys_fstatat64").return ?,
# long sys_fstatfs(unsigned int fd, struct statfs __user * buf)
# long compat_sys_fstatfs(unsigned int fd, struct compat_statfs __user *buf)
#
-probe nd_syscall.fstatfs = kprobe.function("sys_fstatfs"),
- kprobe.function("compat_sys_fstatfs") ?
+probe nd_syscall.fstatfs = kprobe.function("compat_sys_fstatfs") ?,
+ kprobe.function("SyS_fstatfs") ?,
+ kprobe.function("sys_fstatfs") ?
{
name = "fstatfs"
// fd = $fd
@@ -1418,8 +1520,9 @@ probe nd_syscall.fstatfs = kprobe.function("sys_fstatfs"),
buf_uaddr = pointer_arg(2)
argstr = sprintf("%d, %p", fd, buf_uaddr)
}
-probe nd_syscall.fstatfs.return = kprobe.function("sys_fstatfs").return,
- kprobe.function("compat_sys_fstatfs").return ?
+probe nd_syscall.fstatfs.return = kprobe.function("compat_sys_fstatfs").return ?,
+ kprobe.function("SyS_fstatfs").return ?,
+ kprobe.function("sys_fstatfs").return ?
{
name = "fstatfs"
retstr = returnstr(1)
@@ -1429,8 +1532,9 @@ probe nd_syscall.fstatfs.return = kprobe.function("sys_fstatfs").return,
# long sys_fstatfs64(unsigned int fd, size_t sz, struct statfs64 __user *buf)
# long compat_sys_fstatfs64(unsigned int fd, compat_size_t sz, struct compat_statfs64 __user *buf)
#
-probe nd_syscall.fstatfs64 = kprobe.function("sys_fstatfs64") ?,
- kprobe.function("compat_sys_fstatfs64") ?
+probe nd_syscall.fstatfs64 = kprobe.function("compat_sys_fstatfs64") ?,
+ kprobe.function("SyS_fstatfs64") ?,
+ kprobe.function("sys_fstatfs64") ?
{
name = "fstatfs"
// fd = $fd
@@ -1443,8 +1547,9 @@ probe nd_syscall.fstatfs64 = kprobe.function("sys_fstatfs64") ?,
buf_uaddr = pointer_arg(3)
argstr = sprintf("%d, %d, %p", fd, sz, buf_uaddr)
}
-probe nd_syscall.fstatfs64.return = kprobe.function("sys_fstatfs64").return ?,
- kprobe.function("compat_sys_fstatfs64").return ?
+probe nd_syscall.fstatfs64.return = kprobe.function("compat_sys_fstatfs64").return ?,
+ kprobe.function("SyS_fstatfs64").return ?,
+ kprobe.function("sys_fstatfs64").return ?
{
name = "fstatfs"
retstr = returnstr(1)
@@ -1452,7 +1557,8 @@ probe nd_syscall.fstatfs64.return = kprobe.function("sys_fstatfs64").return ?,
# fsync ______________________________________________________
# long sys_fsync(unsigned int fd)
-probe nd_syscall.fsync = kprobe.function("sys_fsync")
+probe nd_syscall.fsync = kprobe.function("SyS_fsync") ?,
+ kprobe.function("sys_fsync") ?
{
name = "fsync"
// fd = $fd
@@ -1460,14 +1566,16 @@ probe nd_syscall.fsync = kprobe.function("sys_fsync")
fd = int_arg(1)
argstr = sprint(fd)
}
-probe nd_syscall.fsync.return = kprobe.function("sys_fsync").return
+probe nd_syscall.fsync.return = kprobe.function("SyS_fsync").return ?,
+ kprobe.function("sys_fsync").return ?
{
name = "fsync"
retstr = returnstr(1)
}
# ftruncate __________________________________________________
# long sys_ftruncate(unsigned int fd, unsigned long length)
-probe nd_syscall.ftruncate = kprobe.function("sys_ftruncate")
+probe nd_syscall.ftruncate = kprobe.function("SyS_ftruncate") ?,
+ kprobe.function("sys_ftruncate") ?
{
name = "ftruncate"
// fd = $fd
@@ -1477,7 +1585,8 @@ probe nd_syscall.ftruncate = kprobe.function("sys_ftruncate")
length = ulong_arg(2)
argstr = sprintf("%d, %d", fd, length)
}
-probe nd_syscall.ftruncate.return = kprobe.function("sys_ftruncate").return
+probe nd_syscall.ftruncate.return = kprobe.function("SyS_ftruncate").return ?,
+ kprobe.function("sys_ftruncate").return ?
{
name = "ftruncate"
retstr = returnstr(1)
@@ -1512,7 +1621,8 @@ probe nd_syscall.ftruncate64.return = kprobe.function("sys_ftruncate64").return
# struct compat_timespec __user *utime, u32 __user *uaddr2,
# u32 val3)
#
-probe nd_syscall.futex = kprobe.function("sys_futex") ?
+probe nd_syscall.futex = kprobe.function("SyS_futex") ?,
+ kprobe.function("sys_futex") ?
{
name = "futex"
// futex_uaddr = $uaddr
@@ -1542,7 +1652,8 @@ probe nd_syscall.futex = kprobe.function("sys_futex") ?
argstr = sprintf("%p, %s, %d", futex_uaddr,
_futex_op_str(op), val)
}
-probe nd_syscall.futex.return = kprobe.function("sys_futex").return ?
+probe nd_syscall.futex.return = kprobe.function("SyS_futex").return ?,
+ kprobe.function("sys_futex").return ?
{
name = "futex"
retstr = returnstr(1)
@@ -1589,7 +1700,8 @@ probe nd_syscall.compat_futex.return = kprobe.function("compat_sys_futex").retur
# long compat_sys_futimesat(unsigned int dfd, char __user *filename, struct compat_timeval __user *t)
#
-probe nd_syscall.futimesat = kprobe.function("sys_futimesat") ?
+probe nd_syscall.futimesat = kprobe.function("SyS_futimesat") ?,
+ kprobe.function("sys_futimesat") ?
{
name = "futimesat"
// dirfd = $dfd
@@ -1623,7 +1735,8 @@ probe nd_syscall.compat_futimesat = kprobe.function("compat_sys_futimesat") ?
argstr = sprintf("%s, %s, %s", _dfd_str(uint_arg(1)), user_string_quoted(pointer_arg(2)),
_struct_compat_timeval_u(pointer_arg(3), 2))
}
-probe nd_syscall.futimesat.return = kprobe.function("sys_futimesat").return ?
+probe nd_syscall.futimesat.return = kprobe.function("SyS_futimesat").return ?,
+ kprobe.function("sys_futimesat").return ?
{
name = "futimesat"
retstr = returnstr(1)
@@ -1636,7 +1749,8 @@ probe nd_syscall.compat_futimesat.return = kprobe.function("compat_sys_futimesat
# getcwd _____________________________________________________
# long sys_getcwd(char __user *buf, unsigned long size)
-probe nd_syscall.getcwd = kprobe.function("sys_getcwd")
+probe nd_syscall.getcwd = kprobe.function("SyS_getcwd") ?,
+ kprobe.function("sys_getcwd") ?
{
name = "getcwd"
// buf_uaddr = $buf
@@ -1646,7 +1760,8 @@ probe nd_syscall.getcwd = kprobe.function("sys_getcwd")
size = ulong_arg(2)
argstr = sprintf("%p, %d", buf_uaddr, size)
}
-probe nd_syscall.getcwd.return = kprobe.function("sys_getcwd").return
+probe nd_syscall.getcwd.return = kprobe.function("SyS_getcwd").return ?,
+ kprobe.function("sys_getcwd").return ?
{
name = "getcwd"
retstr = returnstr(1)
@@ -1658,7 +1773,9 @@ probe nd_syscall.getcwd.return = kprobe.function("sys_getcwd").return
# long sys_getdents64(unsigned int fd, struct linux_dirent64 __user * dirent, unsigned int count)
# long compat_sys_getdents64(unsigned int fd, struct linux_dirent64 __user * dirent, unsigned int count)
#
-probe nd_syscall.getdents = kprobe.function("sys_getdents") ?,
+probe nd_syscall.getdents = kprobe.function("SyS_getdents") ?,
+ kprobe.function("sys_getdents") ?,
+ kprobe.function("SyS_getdents64") ?,
kprobe.function("sys_getdents64") ?,
kprobe.function("compat_sys_getdents") ?,
kprobe.function("compat_sys_getdents64") ?
@@ -1674,7 +1791,9 @@ probe nd_syscall.getdents = kprobe.function("sys_getdents") ?,
count = uint_arg(3)
argstr = sprintf("%d, %p, %d", fd, dirp_uaddr, count)
}
-probe nd_syscall.getdents.return = kprobe.function("sys_getdents").return ?,
+probe nd_syscall.getdents.return = kprobe.function("SyS_getdents").return ?,
+ kprobe.function("sys_getdents").return ?,
+ kprobe.function("SyS_getdents64").return ?,
kprobe.function("sys_getdents64").return ?,
kprobe.function("compat_sys_getdents").return ?,
kprobe.function("compat_sys_getdents64").return ?
@@ -1746,9 +1865,10 @@ probe nd_syscall.getgid.return = kprobe.function("sys_getgid16").return ?,
# long sys_getgroups16(int gidsetsize, old_gid_t __user *grouplist)
# long sys32_getgroups16(int gidsetsize, u16 __user *grouplist)
#
-probe nd_syscall.getgroups = kprobe.function("sys_getgroups") ?,
- kprobe.function("sys_getgroups16") ?,
- kprobe.function("sys32_getgroups16") ?
+probe nd_syscall.getgroups = kprobe.function("sys_getgroups16") ?,
+ kprobe.function("sys32_getgroups16") ?,
+ kprobe.function("SyS_getgroups") ?,
+ kprobe.function("sys_getgroups") ?
{
name = "getgroups"
// size = $gidsetsize
@@ -1759,9 +1879,10 @@ probe nd_syscall.getgroups = kprobe.function("sys_getgroups") ?,
list_uaddr = pointer_arg(2)
argstr = sprintf("%d, %p", size, list_uaddr)
}
-probe nd_syscall.getgroups.return = kprobe.function("sys_getgroups").return ?,
- kprobe.function("sys_getgroups16").return ?,
- kprobe.function("sys32_getgroups16").return ?
+probe nd_syscall.getgroups.return = kprobe.function("sys_getgroups16").return ?,
+ kprobe.function("sys32_getgroups16").return ?,
+ kprobe.function("SyS_getgroups").return ?,
+ kprobe.function("sys_getgroups").return ?
{
name = "getgroups"
retstr = returnstr(1)
@@ -1769,7 +1890,8 @@ probe nd_syscall.getgroups.return = kprobe.function("sys_getgroups").return ?,
# gethostname ________________________________________________
# long sys_gethostname(char __user *name, int len)
-probe nd_syscall.gethostname = kprobe.function("sys_gethostname") ?
+probe nd_syscall.gethostname = kprobe.function("SyS_gethostname") ?,
+ kprobe.function("sys_gethostname") ?
{
name = "gethostname"
// name_uaddr = $name
@@ -1779,7 +1901,8 @@ probe nd_syscall.gethostname = kprobe.function("sys_gethostname") ?
len = int_arg(2)
argstr = sprintf ("%p, %d", name_uaddr, len)
}
-probe nd_syscall.gethostname.return = kprobe.function("sys_gethostname").return ?
+probe nd_syscall.gethostname.return = kprobe.function("SyS_gethostname").return ?,
+ kprobe.function("sys_gethostname").return ?
{
name = "gethostname"
retstr = returnstr(1)
@@ -1788,7 +1911,8 @@ probe nd_syscall.gethostname.return = kprobe.function("sys_gethostname").return
# getitimer __________________________________________________
# sys_getitimer(int which, struct itimerval __user *value)
#
-probe nd_syscall.getitimer = kprobe.function("sys_getitimer")
+probe nd_syscall.getitimer = kprobe.function("SyS_getitimer") ?,
+ kprobe.function("sys_getitimer") ?
{
name = "getitimer"
// which = $which
@@ -1799,7 +1923,8 @@ probe nd_syscall.getitimer = kprobe.function("sys_getitimer")
value_uaddr = pointer_arg(2)
argstr = sprintf("%s, %p", _itimer_which_str(which), value_uaddr)
}
-probe nd_syscall.getitimer.return = kprobe.function("sys_getitimer").return
+probe nd_syscall.getitimer.return = kprobe.function("SyS_getitimer").return ?,
+ kprobe.function("sys_getitimer").return ?
{
name = "getitimer"
retstr = returnstr(1)
@@ -1833,8 +1958,9 @@ probe nd_syscall.compat_getitimer.return = kprobe.function("compat_sys_getitimer
# compat_ulong_t maxnode,
# compat_ulong_t addr, compat_ulong_t flags)
#
-probe nd_syscall.get_mempolicy = kprobe.function("sys_get_mempolicy") ?,
- kprobe.function("compat_sys_get_mempolicy") ?
+probe nd_syscall.get_mempolicy = kprobe.function("compat_sys_get_mempolicy") ?,
+ kprobe.function("SyS_get_mempolicy") ?,
+ kprobe.function("sys_get_mempolicy") ?
{
name = "get_mempolicy"
// policy_uaddr = $policy
@@ -1853,8 +1979,9 @@ probe nd_syscall.get_mempolicy = kprobe.function("sys_get_mempolicy") ?,
argstr = sprintf("%p, %p, %d, %p, 0x%x", policy_uaddr,
nmask_uaddr, maxnode, addr, flags)
}
-probe nd_syscall.get_mempolicy.return = kprobe.function("sys_get_mempolicy").return ?,
- kprobe.function("compat_sys_get_mempolicy").return ?
+probe nd_syscall.get_mempolicy.return = kprobe.function("compat_sys_get_mempolicy").return ?,
+ kprobe.function("SyS_get_mempolicy").return ?,
+ kprobe.function("sys_get_mempolicy").return ?
{
name = "get_mempolicy"
retstr = returnstr(1)
@@ -1863,7 +1990,8 @@ probe nd_syscall.get_mempolicy.return = kprobe.function("sys_get_mempolicy").ret
# getpeername ________________________________________________
# long sys_getpeername(int fd, struct sockaddr __user *usockaddr, int __user *usockaddr_len)
#
-probe nd_syscall.getpeername = kprobe.function("sys_getpeername") ?
+probe nd_syscall.getpeername = kprobe.function("SyS_getpeername") ?,
+ kprobe.function("sys_getpeername") ?
{
name = "getpeername"
// s = $fd
@@ -1876,7 +2004,8 @@ probe nd_syscall.getpeername = kprobe.function("sys_getpeername") ?
namelen_uaddr = pointer_arg(3)
argstr = sprintf("%d, %p, %p", s, name_uaddr, namelen_uaddr)
}
-probe nd_syscall.getpeername.return = kprobe.function("sys_getpeername").return ?
+probe nd_syscall.getpeername.return = kprobe.function("SyS_getpeername").return ?,
+ kprobe.function("sys_getpeername").return ?
{
name = "getpeername"
retstr = returnstr(1)
@@ -1884,7 +2013,8 @@ probe nd_syscall.getpeername.return = kprobe.function("sys_getpeername").return
# getpgid ____________________________________________________
# long sys_getpgid(pid_t pid)
-probe nd_syscall.getpgid = kprobe.function("sys_getpgid")
+probe nd_syscall.getpgid = kprobe.function("SyS_getpgid") ?,
+ kprobe.function("sys_getpgid") ?
{
name = "getpgid"
// pid = $pid
@@ -1893,7 +2023,8 @@ probe nd_syscall.getpgid = kprobe.function("sys_getpgid")
pid = int_arg(1)
argstr = sprintf("%d", pid)
}
-probe nd_syscall.getpgid.return = kprobe.function("sys_getpgid").return
+probe nd_syscall.getpgid.return = kprobe.function("SyS_getpgid").return ?,
+ kprobe.function("sys_getpgid").return ?
{
name = "getpgid"
retstr = returnstr(1)
@@ -1940,7 +2071,8 @@ probe nd_syscall.getppid.return = kprobe.function("sys_getppid").return
# getpriority ________________________________________________
# long sys_getpriority(int which, int who)
-probe nd_syscall.getpriority = kprobe.function("sys_getpriority")
+probe nd_syscall.getpriority = kprobe.function("SyS_getpriority") ?,
+ kprobe.function("sys_getpriority") ?
{
name = "getpriority"
// which = $which
@@ -1950,7 +2082,8 @@ probe nd_syscall.getpriority = kprobe.function("sys_getpriority")
who = int_arg(2)
argstr = sprintf("%s, %d", _priority_which_str(which), who)
}
-probe nd_syscall.getpriority.return = kprobe.function("sys_getpriority").return
+probe nd_syscall.getpriority.return = kprobe.function("SyS_getpriority").return ?,
+ kprobe.function("sys_getpriority").return ?
{
name = "getpriority"
retstr = returnstr(1)
@@ -1964,7 +2097,8 @@ probe nd_syscall.getpriority.return = kprobe.function("sys_getpriority").return
# old_uid_t __user *egid,
# old_uid_t __user *sgid)
probe nd_syscall.getresgid = kprobe.function("sys_getresgid16") ?,
- kprobe.function("sys_getresgid")
+ kprobe.function("SyS_getresgid") ?,
+ kprobe.function("sys_getresgid") ?
{
name = "getresgid"
// rgid_uaddr = $rgid
@@ -1978,7 +2112,8 @@ probe nd_syscall.getresgid = kprobe.function("sys_getresgid16") ?,
argstr = sprintf("%p, %p, %p", rgid_uaddr, egid_uaddr, sgid_uaddr)
}
probe nd_syscall.getresgid.return = kprobe.function("sys_getresgid16").return ?,
- kprobe.function("sys_getresgid").return
+ kprobe.function("SyS_getresgid").return ?,
+ kprobe.function("sys_getresgid").return ?
{
name = "getresgid"
retstr = returnstr(1)
@@ -1989,7 +2124,8 @@ probe nd_syscall.getresgid.return = kprobe.function("sys_getresgid16").return ?,
# uid_t __user *euid,
# uid_t __user *suid)
probe nd_syscall.getresuid = kprobe.function("sys_getresuid16") ?,
- kprobe.function("sys_getresuid")
+ kprobe.function("SyS_getresuid") ?,
+ kprobe.function("sys_getresuid") ?
{
name = "getresuid"
// ruid_uaddr = $ruid
@@ -2003,7 +2139,8 @@ probe nd_syscall.getresuid = kprobe.function("sys_getresuid16") ?,
argstr = sprintf("%p, %p, %p", ruid_uaddr, euid_uaddr, suid_uaddr)
}
probe nd_syscall.getresuid.return = kprobe.function("sys_getresuid16").return ?,
- kprobe.function("sys_getresuid").return
+ kprobe.function("SyS_getresuid").return ?,
+ kprobe.function("sys_getresuid").return ?
{
name = "getresuid"
retstr = returnstr(1)
@@ -2013,7 +2150,9 @@ probe nd_syscall.getresuid.return = kprobe.function("sys_getresuid16").return ?,
# long sys_getrlimit(unsigned int resource, struct rlimit __user *rlim)
# long sys_old_getrlimit(unsigned int resource, struct rlimit __user *rlim)
# long compat_sys_getrlimit (unsigned int resource, struct compat_rlimit __user *rlim)
-probe nd_syscall.getrlimit = kprobe.function("sys_getrlimit"),
+probe nd_syscall.getrlimit = kprobe.function("SyS_getrlimit") ?,
+ kprobe.function("sys_getrlimit") ?,
+ kprobe.function("SyS_old_getrlimit") ?,
kprobe.function("sys_old_getrlimit") ?,
kprobe.function("compat_sys_getrlimit") ?
{
@@ -2026,7 +2165,9 @@ probe nd_syscall.getrlimit = kprobe.function("sys_getrlimit"),
rlim_uaddr = pointer_arg(2)
argstr = sprintf("%s, %p", _rlimit_resource_str(resource), rlim_uaddr)
}
-probe nd_syscall.getrlimit.return = kprobe.function("sys_getrlimit").return,
+probe nd_syscall.getrlimit.return = kprobe.function("SyS_getrlimit").return ?,
+ kprobe.function("sys_getrlimit").return ?,
+ kprobe.function("SyS_old_getrlimit").return ?,
kprobe.function("sys_old_getrlimit").return ?,
kprobe.function("compat_sys_getrlimit").return ?
{
@@ -2036,7 +2177,8 @@ probe nd_syscall.getrlimit.return = kprobe.function("sys_getrlimit").return,
# getrusage __________________________________________________
# long sys_getrusage(int who, struct rusage __user *ru)
-probe nd_syscall.getrusage = kprobe.function("sys_getrusage")
+probe nd_syscall.getrusage = kprobe.function("SyS_getrusage") ?,
+ kprobe.function("sys_getrusage") ?
{
name = "getrusage"
// who = $who
@@ -2056,7 +2198,8 @@ probe nd_syscall.getrusage = kprobe.function("sys_getrusage")
usage_uaddr = pointer_arg(2)
argstr = sprintf("%s, %p", who_str, usage_uaddr)
}
-probe nd_syscall.getrusage.return = kprobe.function("sys_getrusage").return
+probe nd_syscall.getrusage.return = kprobe.function("SyS_getrusage").return ?,
+ kprobe.function("sys_getrusage").return ?
{
name = "getrusage"
retstr = returnstr(1)
@@ -2064,7 +2207,8 @@ probe nd_syscall.getrusage.return = kprobe.function("sys_getrusage").return
# getsid _____________________________________________________
# long sys_getsid(pid_t pid)
-probe nd_syscall.getsid = kprobe.function("sys_getsid")
+probe nd_syscall.getsid = kprobe.function("SyS_getsid") ?,
+ kprobe.function("sys_getsid") ?
{
name = "getsid"
// pid = $pid
@@ -2072,7 +2216,8 @@ probe nd_syscall.getsid = kprobe.function("sys_getsid")
pid = int_arg(1)
argstr = sprint(pid)
}
-probe nd_syscall.getsid.return = kprobe.function("sys_getsid").return
+probe nd_syscall.getsid.return = kprobe.function("SyS_getsid").return ?,
+ kprobe.function("sys_getsid").return ?
{
name = "getsid"
retstr = returnstr(1)
@@ -2082,7 +2227,8 @@ probe nd_syscall.getsid.return = kprobe.function("sys_getsid").return
# long sys_getsockname(int fd,
# struct sockaddr __user *usockaddr,
# int __user *usockaddr_len)
-probe nd_syscall.getsockname = kprobe.function("sys_getsockname") ?
+probe nd_syscall.getsockname = kprobe.function("SyS_getsockname") ?,
+ kprobe.function("sys_getsockname") ?
{
name = "getsockname"
// s = $fd
@@ -2095,7 +2241,8 @@ probe nd_syscall.getsockname = kprobe.function("sys_getsockname") ?
namelen_uaddr = pointer_arg(3)
argstr = sprintf("%d, %p, %p", s, name_uaddr, namelen_uaddr)
}
-probe nd_syscall.getsockname.return = kprobe.function("sys_getsockname").return ?
+probe nd_syscall.getsockname.return = kprobe.function("SyS_getsockname").return ?,
+ kprobe.function("sys_getsockname").return ?
{
name = "getsockname"
retstr = returnstr(1)
@@ -2108,8 +2255,9 @@ probe nd_syscall.getsockname.return = kprobe.function("sys_getsockname").return
# char __user *optval,
# int __user *optlen)
#
-probe nd_syscall.getsockopt = kprobe.function("sys_getsockopt") ?,
- kprobe.function("compat_sys_getsockopt") ?
+probe nd_syscall.getsockopt = kprobe.function("compat_sys_getsockopt") ?,
+ kprobe.function("SyS_getsockopt") ?,
+ kprobe.function("sys_getsockopt") ?
{
name = "getsockopt"
// fd = $fd
@@ -2132,8 +2280,9 @@ probe nd_syscall.getsockopt = kprobe.function("sys_getsockopt") ?,
argstr = sprintf("%d, %s, %s, %p, %p", fd, _sockopt_level_str(level),
_sockopt_optname_str(optname), optval_uaddr, optlen_uaddr)
}
-probe nd_syscall.getsockopt.return = kprobe.function("sys_getsockopt").return ?,
- kprobe.function("compat_sys_getsockopt").return ?
+probe nd_syscall.getsockopt.return = kprobe.function("compat_sys_getsockopt").return ?,
+ kprobe.function("SyS_getsockopt").return ?,
+ kprobe.function("sys_getsockopt").return ?
{
name = "getsockopt"
retstr = returnstr(1)
@@ -2159,9 +2308,10 @@ probe nd_syscall.gettid.return = kprobe.function("sys_gettid").return
# struct timezone __user *tz)
# long compat_sys_gettimeofday(struct compat_timeval __user *tv,
# struct timezone __user *tz)
-probe nd_syscall.gettimeofday = kprobe.function("sys_gettimeofday"),
+probe nd_syscall.gettimeofday = kprobe.function("compat_sys_gettimeofday") ?,
kprobe.function("sys32_gettimeofday") ?,
- kprobe.function("compat_sys_gettimeofday") ?
+ kprobe.function("SyS_gettimeofday") ?,
+ kprobe.function("sys_gettimeofday") ?
{
name = "gettimeofday"
// tv_uaddr = $tv
@@ -2173,9 +2323,10 @@ probe nd_syscall.gettimeofday = kprobe.function("sys_gettimeofday"),
argstr = sprintf("%p, %p", tv_uaddr, tz_uaddr)
}
-probe nd_syscall.gettimeofday.return = kprobe.function("sys_gettimeofday").return,
+probe nd_syscall.gettimeofday.return = kprobe.function("compat_sys_gettimeofday").return ?,
kprobe.function("sys32_gettimeofday").return ?,
- kprobe.function("compat_sys_gettimeofday").return ?
+ kprobe.function("SyS_gettimeofday").return ?,
+ kprobe.function("sys_gettimeofday").return ?
{
name = "gettimeofday"
retstr = returnstr(1)
@@ -2204,7 +2355,8 @@ probe nd_syscall.getuid.return = kprobe.function("sys_getuid16").return ?,
# getxattr ___________________________________________________
# ssize_t sys_getxattr(char __user *path, char __user *name,
# void __user *value, size_t size)
-probe nd_syscall.getxattr = kprobe.function("sys_getxattr")
+probe nd_syscall.getxattr = kprobe.function("SyS_getxattr") ?,
+ kprobe.function("sys_getxattr") ?
{
name = "getxattr"
// %( kernel_v >= "2.6.27" %?
@@ -2234,7 +2386,8 @@ probe nd_syscall.getxattr = kprobe.function("sys_getxattr")
user_string_quoted(pointer_arg(2)),
value_uaddr, size)
}
-probe nd_syscall.getxattr.return = kprobe.function("sys_getxattr").return
+probe nd_syscall.getxattr.return = kprobe.function("SyS_getxattr").return ?,
+ kprobe.function("sys_getxattr").return ?
{
name = "getxattr"
retstr = returnstr(1)
@@ -2245,7 +2398,8 @@ probe nd_syscall.getxattr.return = kprobe.function("sys_getxattr").return
# unsigned long len,
# const char __user *uargs)
#
-probe nd_syscall.init_module = kprobe.function("sys_init_module") ?
+probe nd_syscall.init_module = kprobe.function("SyS_init_module") ?,
+ kprobe.function("sys_init_module") ?
{
name = "init_module"
// umod_uaddr = $umod
@@ -2258,7 +2412,8 @@ probe nd_syscall.init_module = kprobe.function("sys_init_module") ?
uargs = user_string(pointer_arg(3))
argstr = sprintf("%p, %d, %s", umod_uaddr, len, user_string_quoted(pointer_arg(4)))
}
-probe nd_syscall.init_module.return = kprobe.function("sys_init_module").return ?
+probe nd_syscall.init_module.return = kprobe.function("SyS_init_module").return ?,
+ kprobe.function("sys_init_module").return ?
{
name = "init_module"
retstr = returnstr(1)
@@ -2268,7 +2423,8 @@ probe nd_syscall.init_module.return = kprobe.function("sys_init_module").return
#
# long sys_inotify_add_watch(int fd, const char __user *path, u32 mask)
#
-probe nd_syscall.inotify_add_watch = kprobe.function("sys_inotify_add_watch") ?
+probe nd_syscall.inotify_add_watch = kprobe.function("SyS_inotify_add_watch") ?,
+ kprobe.function("sys_inotify_add_watch") ?
{
name = "inotify_add_watch"
// fd = $fd
@@ -2289,7 +2445,8 @@ probe nd_syscall.inotify_add_watch = kprobe.function("sys_inotify_add_watch") ?
mask = uint_arg(3)
argstr = sprintf("%d, %s, %d", fd, user_string_quoted(path_uaddr), mask)
}
-probe nd_syscall.inotify_add_watch.return = kprobe.function("sys_inotify_add_watch").return ?
+probe nd_syscall.inotify_add_watch.return = kprobe.function("SyS_inotify_add_watch").return ?,
+ kprobe.function("sys_inotify_add_watch").return ?
{
name = "inotify_add_watch"
retstr = returnstr(1)
@@ -2314,7 +2471,8 @@ probe nd_syscall.inotify_init.return = kprobe.function("sys_inotify_init").retur
#
# long sys_inotify_rm_watch(int fd, u32 wd)
#
-probe nd_syscall.inotify_rm_watch = kprobe.function("sys_inotify_rm_watch") ?
+probe nd_syscall.inotify_rm_watch = kprobe.function("SyS_inotify_rm_watch") ?,
+ kprobe.function("sys_inotify_rm_watch") ?
{
name = "inotify_rm_watch"
// fd = $fd
@@ -2325,7 +2483,8 @@ probe nd_syscall.inotify_rm_watch = kprobe.function("sys_inotify_rm_watch") ?
wd = uint_arg(2)
argstr = sprintf("%d, %d", fd, wd)
}
-probe nd_syscall.inotify_rm_watch.return = kprobe.function("sys_inotify_rm_watch").return ?
+probe nd_syscall.inotify_rm_watch.return = kprobe.function("SyS_inotify_rm_watch").return ?,
+ kprobe.function("sys_inotify_rm_watch").return ?
{
name = "inotify_rm_watch"
retstr = returnstr(1)
@@ -2335,7 +2494,8 @@ probe nd_syscall.inotify_rm_watch.return = kprobe.function("sys_inotify_rm_watch
# long sys_io_cancel(aio_context_t ctx_id,
# struct iocb __user *iocb,
# struct io_event __user *result)
-probe nd_syscall.io_cancel = kprobe.function("sys_io_cancel")
+probe nd_syscall.io_cancel = kprobe.function("SyS_io_cancel") ?,
+ kprobe.function("sys_io_cancel") ?
{
name = "io_cancel"
// ctx_id = $ctx_id
@@ -2347,7 +2507,8 @@ probe nd_syscall.io_cancel = kprobe.function("sys_io_cancel")
result_uaddr = pointer_arg(3)
argstr = sprintf("%d, %p, %p", ctx_id, iocb_uaddr, result_uaddr)
}
-probe nd_syscall.io_cancel.return = kprobe.function("sys_io_cancel").return
+probe nd_syscall.io_cancel.return = kprobe.function("SyS_io_cancel").return ?,
+ kprobe.function("sys_io_cancel").return ?
{
name = "io_cancel"
retstr = returnstr(1)
@@ -2357,8 +2518,9 @@ probe nd_syscall.io_cancel.return = kprobe.function("sys_io_cancel").return
# long sys_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg)
# long compat_sys_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg)
#
-probe nd_syscall.ioctl = kprobe.function("sys_ioctl") ?,
- kprobe.function("compat_sys_ioctl") ?
+probe nd_syscall.ioctl = kprobe.function("compat_sys_ioctl") ?,
+ kprobe.function("SyS_ioctl") ?,
+ kprobe.function("sys_ioctl") ?
{
name = "ioctl"
// fd = $fd
@@ -2371,8 +2533,9 @@ probe nd_syscall.ioctl = kprobe.function("sys_ioctl") ?,
argp = ulong_arg(3)
argstr = sprintf("%d, %d, %p", fd, request, argp)
}
-probe nd_syscall.ioctl.return = kprobe.function("sys_ioctl").return ?,
- kprobe.function("compat_sys_ioctl").return ?
+probe nd_syscall.ioctl.return = kprobe.function("compat_sys_ioctl").return ?,
+ kprobe.function("SyS_ioctl").return ?,
+ kprobe.function("sys_ioctl").return ?
{
name = "ioctl"
retstr = returnstr(1)
@@ -2380,7 +2543,8 @@ probe nd_syscall.ioctl.return = kprobe.function("sys_ioctl").return ?,
# io_destroy _________________________________________________
# long sys_io_destroy(aio_context_t ctx)
-probe nd_syscall.io_destroy = kprobe.function("sys_io_destroy")
+probe nd_syscall.io_destroy = kprobe.function("SyS_io_destroy") ?,
+ kprobe.function("sys_io_destroy") ?
{
name = "io_destroy"
// ctx = $ctx
@@ -2388,7 +2552,8 @@ probe nd_syscall.io_destroy = kprobe.function("sys_io_destroy")
ctx = ulong_arg(1)
argstr = sprintf("%d", ctx)
}
-probe nd_syscall.io_destroy.return = kprobe.function("sys_io_destroy").return
+probe nd_syscall.io_destroy.return = kprobe.function("SyS_io_destroy").return ?,
+ kprobe.function("sys_io_destroy").return ?
{
name = "io_destroy"
retstr = returnstr(1)
@@ -2406,8 +2571,9 @@ probe nd_syscall.io_destroy.return = kprobe.function("sys_io_destroy").return
# struct io_event __user *events,
# struct compat_timespec __user *timeout)
#
-probe nd_syscall.io_getevents = kprobe.function("sys_io_getevents") ?,
- kprobe.function("compat_sys_io_getevents") ?
+probe nd_syscall.io_getevents = kprobe.function("compat_sys_io_getevents") ?,
+ kprobe.function("SyS_io_getevents") ?,
+ kprobe.function("sys_io_getevents") ?
{
name = "io_getevents"
// ctx_id = $ctx_id
@@ -2428,8 +2594,9 @@ probe nd_syscall.io_getevents = kprobe.function("sys_io_getevents") ?,
argstr = sprintf("%d, %d, %d, %p, %p, %s", ctx_id, min_nr,
nr, events_uaddr, timeout_uaddr, timestr)
}
-probe nd_syscall.io_getevents.return = kprobe.function("sys_io_getevents").return ?,
- kprobe.function("compat_sys_io_getevents").return ?
+probe nd_syscall.io_getevents.return = kprobe.function("compat_sys_io_getevents").return ?,
+ kprobe.function("SyS_io_getevents").return ?,
+ kprobe.function("sys_io_getevents").return ?
{
name = "io_getevents"
retstr = returnstr(1)
@@ -2460,7 +2627,8 @@ probe nd_syscall.ioperm.return = kprobe.function("sys_ioperm").return ?
# io_setup ___________________________________________________
# long sys_io_setup(unsigned nr_events, aio_context_t __user *ctxp)
#
-probe nd_syscall.io_setup = kprobe.function("sys_io_setup")
+probe nd_syscall.io_setup = kprobe.function("SyS_io_setup") ?,
+ kprobe.function("sys_io_setup") ?
{
name = "io_setup"
// maxevents = $nr_events
@@ -2472,7 +2640,8 @@ probe nd_syscall.io_setup = kprobe.function("sys_io_setup")
argstr = sprintf("%d, %p", maxevents, ctxp_uaddr)
}
-probe nd_syscall.io_setup.return = kprobe.function("sys_io_setup").return
+probe nd_syscall.io_setup.return = kprobe.function("SyS_io_setup").return ?,
+ kprobe.function("sys_io_setup").return ?
{
name = "io_setup"
retstr = returnstr(1)
@@ -2500,7 +2669,8 @@ probe nd_syscall.compat_io_setup.return = kprobe.function("compat_sys_io_setup")
# io_submit __________________________________________________
# long sys_io_submit(aio_context_t ctx_id, long nr, struct iocb __user * __user *iocbpp)
#
-probe nd_syscall.io_submit = kprobe.function("sys_io_submit")
+probe nd_syscall.io_submit = kprobe.function("SyS_io_submit") ?,
+ kprobe.function("sys_io_submit") ?
{
name = "io_submit"
// ctx_id = $ctx_id
@@ -2513,7 +2683,8 @@ probe nd_syscall.io_submit = kprobe.function("sys_io_submit")
iocbpp_uaddr = pointer_arg(3)
argstr = sprintf("%d, %d, %p", ctx_id, nr, iocbpp_uaddr)
}
-probe nd_syscall.io_submit.return = kprobe.function("sys_io_submit").return
+probe nd_syscall.io_submit.return = kprobe.function("SyS_io_submit").return ?,
+ kprobe.function("sys_io_submit").return ?
{
name = "io_submit"
retstr = returnstr(1)
@@ -2542,7 +2713,8 @@ probe nd_syscall.compat_io_submit.return = kprobe.function("compat_sys_io_submit
# ioprio_get _________________________________________________
# long sys_ioprio_get(int which, int who)
#
-probe nd_syscall.ioprio_get = kprobe.function("sys_ioprio_get") ?
+probe nd_syscall.ioprio_get = kprobe.function("SyS_ioprio_get") ?,
+ kprobe.function("sys_ioprio_get") ?
{
name = "ioprio_get"
// which = $which
@@ -2553,7 +2725,8 @@ probe nd_syscall.ioprio_get = kprobe.function("sys_ioprio_get") ?
who = int_arg(2)
argstr = sprintf("%d, %d", which, who)
}
-probe nd_syscall.ioprio_get.return = kprobe.function("sys_ioprio_get").return ?
+probe nd_syscall.ioprio_get.return = kprobe.function("SyS_ioprio_get").return ?,
+ kprobe.function("sys_ioprio_get").return ?
{
name = "ioprio_get"
retstr = returnstr(1)
@@ -2562,7 +2735,8 @@ probe nd_syscall.ioprio_get.return = kprobe.function("sys_ioprio_get").return ?
# ioprio_set _________________________________________________
# long sys_ioprio_set(int which, int who, int ioprio)
#
-probe nd_syscall.ioprio_set = kprobe.function("sys_ioprio_set") ?
+probe nd_syscall.ioprio_set = kprobe.function("SyS_ioprio_set") ?,
+ kprobe.function("sys_ioprio_set") ?
{
name = "ioprio_set"
// which = $which
@@ -2575,7 +2749,8 @@ probe nd_syscall.ioprio_set = kprobe.function("sys_ioprio_set") ?
ioprio = int_arg(3)
argstr = sprintf("%d, %d, %d", which, who, ioprio)
}
-probe nd_syscall.ioprio_set.return = kprobe.function("sys_ioprio_set").return ?
+probe nd_syscall.ioprio_set.return = kprobe.function("SyS_ioprio_set").return ?,
+ kprobe.function("sys_ioprio_set").return ?
{
name = "ioprio_set"
retstr = returnstr(1)
@@ -2591,8 +2766,9 @@ probe nd_syscall.ioprio_set.return = kprobe.function("sys_ioprio_set").return ?
# struct compat_kexec_segment __user *segments,
# unsigned long flags)
#
-probe nd_syscall.kexec_load = kprobe.function("sys_kexec_load") ?,
- kprobe.function("compat_sys_kexec_load") ?
+probe nd_syscall.kexec_load = kprobe.function("compat_sys_kexec_load") ?,
+ kprobe.function("SyS_kexec_load") ?,
+ kprobe.function("sys_kexec_load") ?
{
name = "kexec_load"
// entry = $entry
@@ -2607,8 +2783,9 @@ probe nd_syscall.kexec_load = kprobe.function("sys_kexec_load") ?,
flags = ulong_arg(4)
argstr = sprintf("%p, %d, %p, %d", entry, nr_segments, segments_uaddr, flags)
}
-probe nd_syscall.kexec_load.return = kprobe.function("sys_kexec_load").return ?,
- kprobe.function("compat_sys_kexec_load").return ?
+probe nd_syscall.kexec_load.return = kprobe.function("compat_sys_kexec_load").return ?,
+ kprobe.function("SyS_kexec_load").return ?,
+ kprobe.function("sys_kexec_load").return ?
{
name = "kexec_load"
retstr = returnstr(1)
@@ -2622,8 +2799,9 @@ probe nd_syscall.kexec_load.return = kprobe.function("sys_kexec_load").return ?,
# unsigned long arg5)
# long compat_sys_keyctl(u32 option, u32 arg2, u32 arg3, u32 arg4, u32 arg5)
#
-probe nd_syscall.keyctl = kprobe.function("sys_keyctl") ?,
- kprobe.function("compat_sys_keyctl") ?
+probe nd_syscall.keyctl = kprobe.function("compat_sys_keyctl") ?,
+ kprobe.function("SyS_keyctl") ?,
+ kprobe.function("sys_keyctl") ?
{
name = "keyctl"
// argstr = sprintf("%d, ...", $option)
@@ -2631,8 +2809,9 @@ probe nd_syscall.keyctl = kprobe.function("sys_keyctl") ?,
argstr = sprintf("%d, ...", uint_arg(1))
}
-probe nd_syscall.keyctl.return = kprobe.function("sys_keyctl").return ?,
- kprobe.function("compat_sys_keyctl").return ?
+probe nd_syscall.keyctl.return = kprobe.function("compat_sys_keyctl").return ?,
+ kprobe.function("SyS_keyctl").return ?,
+ kprobe.function("sys_keyctl").return ?
{
name = "keyctl"
retstr = returnstr(1)
@@ -2640,7 +2819,8 @@ probe nd_syscall.keyctl.return = kprobe.function("sys_keyctl").return ?,
# kill _______________________________________________________
# long sys_kill(int pid, int sig)
-probe nd_syscall.kill = kprobe.function("sys_kill")
+probe nd_syscall.kill = kprobe.function("SyS_kill") ?,
+ kprobe.function("sys_kill") ?
{
name = "kill"
// pid = $pid
@@ -2651,7 +2831,8 @@ probe nd_syscall.kill = kprobe.function("sys_kill")
sig = int_arg(2)
argstr = sprintf("%d, %s", pid, _signal_name(sig))
}
-probe nd_syscall.kill.return = kprobe.function("sys_kill").return
+probe nd_syscall.kill.return = kprobe.function("SyS_kill").return ?,
+ kprobe.function("sys_kill").return ?
{
name = "kill"
retstr = returnstr(1)
@@ -2660,7 +2841,8 @@ probe nd_syscall.kill.return = kprobe.function("sys_kill").return
# lchown _____________________________________________________
# long sys_lchown(const char __user * filename, uid_t user, gid_t group)
#
-probe nd_syscall.lchown = kprobe.function("sys_lchown")
+probe nd_syscall.lchown = kprobe.function("SyS_lchown") ?,
+ kprobe.function("sys_lchown") ?
{
name = "lchown"
// path = user_string($filename)
@@ -2673,7 +2855,8 @@ probe nd_syscall.lchown = kprobe.function("sys_lchown")
group = __int32(uint_arg(3))
argstr = sprintf("%s, %d, %d", user_string_quoted(pointer_arg(1)), owner, group)
}
-probe nd_syscall.lchown.return = kprobe.function("sys_lchown").return
+probe nd_syscall.lchown.return = kprobe.function("SyS_lchown").return ?,
+ kprobe.function("sys_lchown").return ?
{
name = "lchown"
retstr = returnstr(1)
@@ -2707,7 +2890,8 @@ probe nd_syscall.lchown16.return = kprobe.function("sys_lchown16").return ?
# void __user *value,
# size_t size)
#
-probe nd_syscall.lgetxattr = kprobe.function("sys_lgetxattr")
+probe nd_syscall.lgetxattr = kprobe.function("SyS_lgetxattr") ?,
+ kprobe.function("sys_lgetxattr") ?
{
name = "lgetxattr"
// %( kernel_v >= "2.6.27" %?
@@ -2738,7 +2922,8 @@ probe nd_syscall.lgetxattr = kprobe.function("sys_lgetxattr")
user_string_quoted(pointer_arg(2)),
value_uaddr, size)
}
-probe nd_syscall.lgetxattr.return = kprobe.function("sys_lgetxattr").return
+probe nd_syscall.lgetxattr.return = kprobe.function("SyS_lgetxattr").return ?,
+ kprobe.function("sys_lgetxattr").return ?
{
name = "lgetxattr"
retstr = returnstr(1)
@@ -2746,7 +2931,8 @@ probe nd_syscall.lgetxattr.return = kprobe.function("sys_lgetxattr").return
# link _______________________________________________________
# long sys_link(const char __user * oldname,
# const char __user * newname)
-probe nd_syscall.link = kprobe.function("sys_link")
+probe nd_syscall.link = kprobe.function("SyS_link") ?,
+ kprobe.function("sys_link") ?
{
name = "link"
// oldpath = user_string($oldname)
@@ -2761,7 +2947,8 @@ probe nd_syscall.link = kprobe.function("sys_link")
user_string_quoted(pointer_arg(1)),
user_string_quoted(pointer_arg(2)))
}
-probe nd_syscall.link.return = kprobe.function("sys_link").return
+probe nd_syscall.link.return = kprobe.function("SyS_link").return ?,
+ kprobe.function("sys_link").return ?
{
name = "link"
retstr = returnstr(1)
@@ -2771,7 +2958,8 @@ probe nd_syscall.link.return = kprobe.function("sys_link").return
# new function with 2.6.16
# long sys_linkat(int olddfd, const char __user *oldname,
# int newdfd, const char __user *newname, int flags)
-probe nd_syscall.linkat = kprobe.function("sys_linkat") ?
+probe nd_syscall.linkat = kprobe.function("SyS_linkat") ?,
+ kprobe.function("sys_linkat") ?
{
name = "linkat"
// olddirfd = $olddfd
@@ -2800,7 +2988,8 @@ probe nd_syscall.linkat = kprobe.function("sys_linkat") ?
newdirfd_str, user_string_quoted(pointer_arg(4)),
flags_str)
}
-probe nd_syscall.linkat.return = kprobe.function("sys_linkat").return ?
+probe nd_syscall.linkat.return = kprobe.function("SyS_linkat").return ?,
+ kprobe.function("sys_linkat").return ?
{
name = "linkat"
retstr = returnstr(1)
@@ -2808,7 +2997,8 @@ probe nd_syscall.linkat.return = kprobe.function("sys_linkat").return ?
# listen _____________________________________________________
# long sys_listen(int fd, int backlog)
-probe nd_syscall.listen = kprobe.function("sys_listen") ?
+probe nd_syscall.listen = kprobe.function("SyS_listen") ?,
+ kprobe.function("sys_listen") ?
{
name = "listen"
// sockfd = $fd
@@ -2819,7 +3009,8 @@ probe nd_syscall.listen = kprobe.function("sys_listen") ?
backlog = int_arg(2)
argstr = sprintf("%d, %d", sockfd, backlog)
}
-probe nd_syscall.listen.return = kprobe.function("sys_listen").return ?
+probe nd_syscall.listen.return = kprobe.function("SyS_listen").return ?,
+ kprobe.function("sys_listen").return ?
{
name = "listen"
retstr = returnstr(1)
@@ -2828,7 +3019,8 @@ probe nd_syscall.listen.return = kprobe.function("sys_listen").return ?
# listxattr __________________________________________________
# ssize_t sys_listxattr(char __user *path, char __user *list, size_t size)
#
-probe nd_syscall.listxattr = kprobe.function("sys_listxattr")
+probe nd_syscall.listxattr = kprobe.function("SyS_listxattr") ?,
+ kprobe.function("sys_listxattr") ?
{
name = "listxattr"
// list_uaddr = $list
@@ -2849,7 +3041,8 @@ probe nd_syscall.listxattr = kprobe.function("sys_listxattr")
size = ulong_arg(3)
argstr = sprintf("%s, %p, %d", user_string_quoted(path_uaddr), list_uaddr, size)
}
-probe nd_syscall.listxattr.return = kprobe.function("sys_listxattr").return
+probe nd_syscall.listxattr.return = kprobe.function("SyS_listxattr").return ?,
+ kprobe.function("sys_listxattr").return ?
{
name = "listxattr"
retstr = returnstr(1)
@@ -2858,7 +3051,8 @@ probe nd_syscall.listxattr.return = kprobe.function("sys_listxattr").return
# llistxattr _________________________________________________
# ssize_t sys_llistxattr(char __user *path, char __user *list, size_t size)
#
-probe nd_syscall.llistxattr = kprobe.function("sys_llistxattr")
+probe nd_syscall.llistxattr = kprobe.function("SyS_llistxattr") ?,
+ kprobe.function("sys_llistxattr") ?
{
name = "llistxattr"
// list_uaddr = $list
@@ -2879,7 +3073,8 @@ probe nd_syscall.llistxattr = kprobe.function("sys_llistxattr")
size = ulong_arg(3)
argstr = sprintf("%s, %p, %d", user_string_quoted(path_uaddr), list_uaddr, size)
}
-probe nd_syscall.llistxattr.return = kprobe.function("sys_llistxattr").return
+probe nd_syscall.llistxattr.return = kprobe.function("SyS_llistxattr").return ?,
+ kprobe.function("sys_llistxattr").return ?
{
name = "llistxattr"
retstr = returnstr(1)
@@ -2891,7 +3086,8 @@ probe nd_syscall.llistxattr.return = kprobe.function("sys_llistxattr").return
# unsigned long offset_low,
# loff_t __user * result,
# unsigned int origin)
-probe nd_syscall.llseek = kprobe.function("sys_llseek") ?
+probe nd_syscall.llseek = kprobe.function("SyS_llseek") ?,
+ kprobe.function("sys_llseek") ?
{
name = "llseek"
// fd = $fd
@@ -2912,7 +3108,8 @@ probe nd_syscall.llseek = kprobe.function("sys_llseek") ?
argstr = sprintf("%d, 0x%x, 0x%x, %p, %s", fd, offset_high,
offset_low, result_uaddr, whence_str)
}
-probe nd_syscall.llseek.return = kprobe.function("sys_llseek").return ?
+probe nd_syscall.llseek.return = kprobe.function("SyS_llseek").return ?,
+ kprobe.function("sys_llseek").return ?
{
name = "llseek"
retstr = returnstr(1)
@@ -2921,7 +3118,8 @@ probe nd_syscall.llseek.return = kprobe.function("sys_llseek").return ?
# lookup_dcookie _____________________________________________
# long sys_lookup_dcookie(u64 cookie64, char __user * buf, size_t len)
#
-probe nd_syscall.lookup_dcookie = kprobe.function("sys_lookup_dcookie") ?
+probe nd_syscall.lookup_dcookie = kprobe.function("SyS_lookup_dcookie") ?,
+ kprobe.function("sys_lookup_dcookie") ?
{
name = "lookup_dcookie"
// cookie = $cookie64
@@ -2934,7 +3132,8 @@ probe nd_syscall.lookup_dcookie = kprobe.function("sys_lookup_dcookie") ?
len = ulong_arg(3)
argstr = sprintf("%d, %p, %d", cookie, buffer_uaddr, len)
}
-probe nd_syscall.lookup_dcookie.return = kprobe.function("sys_lookup_dcookie").return ?
+probe nd_syscall.lookup_dcookie.return = kprobe.function("SyS_lookup_dcookie").return ?,
+ kprobe.function("sys_lookup_dcookie").return ?
{
name = "lookup_dcookie"
retstr = returnstr(1)
@@ -2943,7 +3142,8 @@ probe nd_syscall.lookup_dcookie.return = kprobe.function("sys_lookup_dcookie").r
# lremovexattr _______________________________________________
# long sys_lremovexattr(char __user *path, char __user *name)
#
-probe nd_syscall.lremovexattr = kprobe.function("sys_lremovexattr")
+probe nd_syscall.lremovexattr = kprobe.function("SyS_lremovexattr") ?,
+ kprobe.function("sys_lremovexattr") ?
{
name = "lremovexattr"
// name_uaddr = $name
@@ -2964,7 +3164,8 @@ probe nd_syscall.lremovexattr = kprobe.function("sys_lremovexattr")
name2 = user_string(name_uaddr)
argstr = sprintf("%s, %s", user_string_quoted(path_uaddr), user_string_quoted(name_uaddr))
}
-probe nd_syscall.lremovexattr.return = kprobe.function("sys_lremovexattr").return
+probe nd_syscall.lremovexattr.return = kprobe.function("SyS_lremovexattr").return ?,
+ kprobe.function("sys_lremovexattr").return ?
{
name = "lremovexattr"
retstr = returnstr(1)
@@ -2972,7 +3173,8 @@ probe nd_syscall.lremovexattr.return = kprobe.function("sys_lremovexattr").retur
# lseek ______________________________________________________
# off_t sys_lseek(unsigned int fd, off_t offset, unsigned int origin)
-probe nd_syscall.lseek = kprobe.function("sys_lseek")
+probe nd_syscall.lseek = kprobe.function("SyS_lseek") ?,
+ kprobe.function("sys_lseek") ?
{
name = "lseek"
// fildes = $fd
@@ -2988,7 +3190,8 @@ probe nd_syscall.lseek = kprobe.function("sys_lseek")
whence_str = _seek_whence_str(whence)
argstr = sprintf("%d, %d, %s", fildes, offset, whence_str)
}
-probe nd_syscall.lseek.return = kprobe.function("sys_lseek").return
+probe nd_syscall.lseek.return = kprobe.function("SyS_lseek").return ?,
+ kprobe.function("sys_lseek").return ?
{
name = "lseek"
retstr = returnstr(1)
@@ -3001,7 +3204,8 @@ probe nd_syscall.lseek.return = kprobe.function("sys_lseek").return
# size_t size,
# int flags)
#
-probe nd_syscall.lsetxattr = kprobe.function("sys_lsetxattr")
+probe nd_syscall.lsetxattr = kprobe.function("SyS_lsetxattr") ?,
+ kprobe.function("sys_lsetxattr") ?
{
name = "lsetxattr"
// %( kernel_v >= "2.6.27" %?
@@ -3037,7 +3241,8 @@ probe nd_syscall.lsetxattr = kprobe.function("sys_lsetxattr")
user_string_quoted(name_uaddr),
value_uaddr, size, flags)
}
-probe nd_syscall.lsetxattr.return = kprobe.function("sys_lsetxattr").return
+probe nd_syscall.lsetxattr.return = kprobe.function("SyS_lsetxattr").return ?,
+ kprobe.function("sys_lsetxattr").return ?
{
name = "lsetxattr"
retstr = returnstr(1)
@@ -3053,9 +3258,11 @@ probe nd_syscall.lsetxattr.return = kprobe.function("sys_lsetxattr").return
# struct oldabi_stat64 __user * statbuf)
#
probe nd_syscall.lstat = kprobe.function("sys_lstat") ?,
+ kprobe.function("SyS_newlstat") ?,
kprobe.function("sys_newlstat") ?,
kprobe.function("compat_sys_newlstat") ?,
kprobe.function("sys32_lstat64") ?,
+ kprobe.function("SyS_lstat64") ?,
kprobe.function("sys_lstat64") ?,
kprobe.function("sys_oabi_lstat64") ?
{
@@ -3069,9 +3276,11 @@ probe nd_syscall.lstat = kprobe.function("sys_lstat") ?,
argstr = sprintf("%s, %p", user_string_quoted(pointer_arg(1)), buf_uaddr)
}
probe nd_syscall.lstat.return = kprobe.function("sys_lstat").return ?,
+ kprobe.function("SyS_newlstat").return ?,
kprobe.function("sys_newlstat").return ?,
kprobe.function("compat_sys_newlstat").return ?,
kprobe.function("sys32_lstat64").return ?,
+ kprobe.function("SyS_lstat64").return ?,
kprobe.function("sys_lstat64").return ?,
kprobe.function("sys_oabi_lstat64").return ?
{
@@ -3082,7 +3291,8 @@ probe nd_syscall.lstat.return = kprobe.function("sys_lstat").return ?,
# madvise ____________________________________________________
# long sys_madvise(unsigned long start, size_t len_in, int behavior)
#
-probe nd_syscall.madvise = kprobe.function("sys_madvise") ?
+probe nd_syscall.madvise = kprobe.function("SyS_madvise") ?,
+ kprobe.function("sys_madvise") ?
{
name = "madvise"
// start = $start
@@ -3097,7 +3307,8 @@ probe nd_syscall.madvise = kprobe.function("sys_madvise") ?
advice_str = _madvice_advice_str(advice)
argstr = sprintf("%p, %d, %s", start, length, _madvice_advice_str(advice))
}
-probe nd_syscall.madvise.return = kprobe.function("sys_madvise").return ?
+probe nd_syscall.madvise.return = kprobe.function("SyS_madvise").return ?,
+ kprobe.function("sys_madvise").return ?
{
name = "madvise"
retstr = returnstr(1)
@@ -3118,8 +3329,9 @@ probe nd_syscall.madvise.return = kprobe.function("sys_madvise").return ?
# compat_ulong_t maxnode,
# compat_ulong_t flags)
#
-probe nd_syscall.mbind = kprobe.function("sys_mbind") ?,
- kprobe.function("compat_sys_mbind") ?
+probe nd_syscall.mbind = kprobe.function("compat_sys_mbind") ?,
+ kprobe.function("SyS_mbind") ?,
+ kprobe.function("sys_mbind") ?
{
name = "mbind"
// start = $start
@@ -3140,8 +3352,9 @@ probe nd_syscall.mbind = kprobe.function("sys_mbind") ?,
argstr = sprintf("%d, %d, %d, %p, %d, 0x%x", start, len, mode,
nmask_uaddr, maxnode, flags)
}
-probe nd_syscall.mbind.return = kprobe.function("sys_mbind").return ?,
- kprobe.function("compat_sys_mbind").return ?
+probe nd_syscall.mbind.return = kprobe.function("compat_sys_mbind").return ?,
+ kprobe.function("SyS_mbind").return ?,
+ kprobe.function("sys_mbind").return ?
{
name = "mbind"
retstr = returnstr(1)
@@ -3151,14 +3364,16 @@ probe nd_syscall.mbind.return = kprobe.function("sys_mbind").return ?,
# long sys_migrate_pages(pid_t pid, unsigned long maxnode,
# const unsigned long __user *old_nodes,
# const unsigned long __user *new_nodes)
-probe nd_syscall.migrate_pages = kprobe.function("sys_migrate_pages") ?
+probe nd_syscall.migrate_pages = kprobe.function("SyS_migrate_pages") ?,
+ kprobe.function("sys_migrate_pages") ?
{
name = "migrate_pages"
// argstr = sprintf("%d, %d, %p, %p", $pid, $maxnode, $old_nodes, $new_nodes)
asmlinkage()
argstr = sprintf("%d, %d, %p, %p", int_arg(1), ulong_arg(2), pointer_arg(3), pointer_arg(4))
}
-probe nd_syscall.migrate_pages.return = kprobe.function("sys_migrate_pages").return ?
+probe nd_syscall.migrate_pages.return = kprobe.function("SyS_migrate_pages").return ?,
+ kprobe.function("sys_migrate_pages").return ?
{
name = "migrate_pages"
retstr = returnstr(1)
@@ -3167,7 +3382,8 @@ probe nd_syscall.migrate_pages.return = kprobe.function("sys_migrate_pages").ret
# mincore ____________________________________________________
# long sys_mincore(unsigned long start, size_t len, unsigned char __user * vec)
#
-probe nd_syscall.mincore = kprobe.function("sys_mincore") ?
+probe nd_syscall.mincore = kprobe.function("SyS_mincore") ?,
+ kprobe.function("sys_mincore") ?
{
name = "mincore"
// start = $start
@@ -3180,7 +3396,8 @@ probe nd_syscall.mincore = kprobe.function("sys_mincore") ?
vec_uaddr = pointer_arg(3)
argstr = sprintf("%p, %d, %p", start, length, vec_uaddr)
}
-probe nd_syscall.mincore.return = kprobe.function("sys_mincore").return ?
+probe nd_syscall.mincore.return = kprobe.function("SyS_mincore").return ?,
+ kprobe.function("sys_mincore").return ?
{
name = "mincore"
retstr = returnstr(1)
@@ -3188,7 +3405,8 @@ probe nd_syscall.mincore.return = kprobe.function("sys_mincore").return ?
# mkdir ______________________________________________________
# long sys_mkdir(const char __user * pathname, int mode)
-probe nd_syscall.mkdir = kprobe.function("sys_mkdir")
+probe nd_syscall.mkdir = kprobe.function("SyS_mkdir") ?,
+ kprobe.function("sys_mkdir") ?
{
name = "mkdir"
// pathname_uaddr = $pathname
@@ -3201,7 +3419,8 @@ probe nd_syscall.mkdir = kprobe.function("sys_mkdir")
mode = int_arg(2)
argstr = sprintf("%s, %#o", user_string_quoted(pathname_uaddr), mode)
}
-probe nd_syscall.mkdir.return = kprobe.function("sys_mkdir").return
+probe nd_syscall.mkdir.return = kprobe.function("SyS_mkdir").return ?,
+ kprobe.function("sys_mkdir").return ?
{
name = "mkdir"
retstr = returnstr(1)
@@ -3210,7 +3429,8 @@ probe nd_syscall.mkdir.return = kprobe.function("sys_mkdir").return
# mkdirat ____________________________________________________
# new function with 2.6.16
# long sys_mkdirat(int dfd, const char __user *pathname, int mode)
-probe nd_syscall.mkdirat = kprobe.function("sys_mkdirat") ?
+probe nd_syscall.mkdirat = kprobe.function("SyS_mkdirat") ?,
+ kprobe.function("sys_mkdirat") ?
{
name = "mkdirat"
// dirfd = $dfd
@@ -3223,7 +3443,8 @@ probe nd_syscall.mkdirat = kprobe.function("sys_mkdirat") ?
mode = int_arg(3)
argstr = sprintf("%d, %s, %#o", dirfd, user_string_quoted(pointer_arg(2)), mode)
}
-probe nd_syscall.mkdirat.return = kprobe.function("sys_mkdirat").return ?
+probe nd_syscall.mkdirat.return = kprobe.function("SyS_mkdirat").return ?,
+ kprobe.function("sys_mkdirat").return ?
{
name = "mkdirat"
retstr = returnstr(1)
@@ -3231,7 +3452,8 @@ probe nd_syscall.mkdirat.return = kprobe.function("sys_mkdirat").return ?
# mknod
# long sys_mknod(const char __user * filename, int mode, unsigned dev)
-probe nd_syscall.mknod = kprobe.function("sys_mknod")
+probe nd_syscall.mknod = kprobe.function("SyS_mknod") ?,
+ kprobe.function("sys_mknod") ?
{
name = "mknod"
// pathname = user_string($filename)
@@ -3245,7 +3467,8 @@ probe nd_syscall.mknod = kprobe.function("sys_mknod")
argstr = sprintf("%s, %s, %p", user_string_quoted(pointer_arg(1)), _mknod_mode_str(mode), dev)
}
-probe nd_syscall.mknod.return = kprobe.function("sys_mknod").return
+probe nd_syscall.mknod.return = kprobe.function("SyS_mknod").return ?,
+ kprobe.function("sys_mknod").return ?
{
name = "mknod"
retstr = returnstr(1)
@@ -3255,7 +3478,8 @@ probe nd_syscall.mknod.return = kprobe.function("sys_mknod").return
# new function with 2.6.16
# long sys_mknodat(int dfd, const char __user *filename,
# int mode, unsigned dev)
-probe nd_syscall.mknodat = kprobe.function("sys_mknodat") ?
+probe nd_syscall.mknodat = kprobe.function("SyS_mknodat") ?,
+ kprobe.function("sys_mknodat") ?
{
name = "mknodat"
// dirfd = $dfd
@@ -3276,7 +3500,8 @@ probe nd_syscall.mknodat = kprobe.function("sys_mknodat") ?
argstr = sprintf("%s, %s, %s, %p",
dirfd_str, user_string_quoted(pointer_arg(2)), mode_str, dev)
}
-probe nd_syscall.mknodat.return = kprobe.function("sys_mknodat").return ?
+probe nd_syscall.mknodat.return = kprobe.function("SyS_mknodat").return ?,
+ kprobe.function("sys_mknodat").return ?
{
name = "mknodat"
retstr = returnstr(1)
@@ -3286,7 +3511,8 @@ probe nd_syscall.mknodat.return = kprobe.function("sys_mknodat").return ?
#
# long sys_mlock(unsigned long start, size_t len)
#
-probe nd_syscall.mlock = kprobe.function("sys_mlock") ?
+probe nd_syscall.mlock = kprobe.function("SyS_mlock") ?,
+ kprobe.function("sys_mlock") ?
{
name = "mlock"
// addr = $start
@@ -3297,7 +3523,8 @@ probe nd_syscall.mlock = kprobe.function("sys_mlock") ?
len = ulong_arg(2)
argstr = sprintf("%p, %d", addr, len)
}
-probe nd_syscall.mlock.return = kprobe.function("sys_mlock").return ?
+probe nd_syscall.mlock.return = kprobe.function("SyS_mlock").return ?,
+ kprobe.function("sys_mlock").return ?
{
name = "mlock"
retstr = returnstr(1)
@@ -3306,7 +3533,8 @@ probe nd_syscall.mlock.return = kprobe.function("sys_mlock").return ?
#
# long sys_mlockall(int flags)
#
-probe nd_syscall.mlockall = kprobe.function("sys_mlockall") ?
+probe nd_syscall.mlockall = kprobe.function("SyS_mlockall") ?,
+ kprobe.function("sys_mlockall") ?
{
name = "mlockall"
// flags = $flags
@@ -3315,7 +3543,8 @@ probe nd_syscall.mlockall = kprobe.function("sys_mlockall") ?
flags = int_arg(1)
argstr = _mlockall_flags_str(flags)
}
-probe nd_syscall.mlockall.return = kprobe.function("sys_mlockall").return ?
+probe nd_syscall.mlockall.return = kprobe.function("SyS_mlockall").return ?,
+ kprobe.function("sys_mlockall").return ?
{
name = "mlockall"
retstr = returnstr(1)
@@ -3356,16 +3585,18 @@ probe nd_syscall.modify_ldt.return = kprobe.function("sys_modify_ldt").return ?
# int __user *status,
# int flags)
#
-probe nd_syscall.move_pages = kprobe.function("sys_move_pages") ?,
- kprobe.function("compat_sys_move_pages") ?
+probe nd_syscall.move_pages = kprobe.function("compat_sys_move_pages") ?,
+ kprobe.function("SyS_move_pages") ?,
+ kprobe.function("sys_move_pages") ?
{
name = "move_pages"
// argstr = sprintf("%d, %d, %p, %p, 0x%x", $pid, $nr_pages, $nodes, $status, $flags)
asmlinkage()
argstr = sprintf("%d, %d, %p, %p, 0x%x", int_arg(1), ulong_arg(2), pointer_arg(4), pointer_arg(5), int_arg(6))
}
-probe nd_syscall.move_pages.return = kprobe.function("sys_move_pages").return ?,
- kprobe.function("compat_sys_move_pages").return ?
+probe nd_syscall.move_pages.return = kprobe.function("compat_sys_move_pages").return ?,
+ kprobe.function("SyS_move_pages").return ?,
+ kprobe.function("sys_move_pages").return ?
{
name = "move_pages"
retstr = returnstr(1)
@@ -3382,8 +3613,9 @@ probe nd_syscall.move_pages.return = kprobe.function("sys_move_pages").return ?,
# char __user * type,
# unsigned long flags,
# void __user * data)
-probe nd_syscall.mount = kprobe.function("sys_mount"),
- kprobe.function("compat_sys_mount") ?
+probe nd_syscall.mount = kprobe.function("compat_sys_mount") ?,
+ kprobe.function("SyS_mount") ?,
+ kprobe.function("sys_mount") ?
{
name = "mount"
// source = user_string($dev_name)
@@ -3410,8 +3642,9 @@ probe nd_syscall.mount = kprobe.function("sys_mount"),
user_string_quoted(pointer_arg(3)),
mountflags_str, data)
}
-probe nd_syscall.mount.return = kprobe.function("sys_mount").return,
- kprobe.function("compat_sys_mount").return ?
+probe nd_syscall.mount.return = kprobe.function("compat_sys_mount").return ?,
+ kprobe.function("SyS_mount").return ?,
+ kprobe.function("sys_mount").return ?
{
name = "mount"
retstr = returnstr(1)
@@ -3420,7 +3653,8 @@ probe nd_syscall.mount.return = kprobe.function("sys_mount").return,
# mprotect ___________________________________________________
# long sys_mprotect(unsigned long start, size_t len, unsigned long prot)
#
-probe nd_syscall.mprotect = kprobe.function("sys_mprotect") ?
+probe nd_syscall.mprotect = kprobe.function("SyS_mprotect") ?,
+ kprobe.function("sys_mprotect") ?
{
name = "mprotect"
// addr = $start
@@ -3435,7 +3669,8 @@ probe nd_syscall.mprotect = kprobe.function("sys_mprotect") ?
prot_str = _mprotect_prot_str(prot)
argstr = sprintf("%p, %d, %s", addr, len, _mprotect_prot_str(prot))
}
-probe nd_syscall.mprotect.return = kprobe.function("sys_mprotect").return ?
+probe nd_syscall.mprotect.return = kprobe.function("SyS_mprotect").return ?,
+ kprobe.function("sys_mprotect").return ?
{
name = "mprotect"
retstr = returnstr(1)
@@ -3449,8 +3684,9 @@ probe nd_syscall.mprotect.return = kprobe.function("sys_mprotect").return ?
# const struct compat_mq_attr __user *u_mqstat,
# struct compat_mq_attr __user *u_omqstat)
#
-probe nd_syscall.mq_getsetattr = kprobe.function("sys_mq_getsetattr") ?,
- kprobe.function("compat_sys_mq_getsetattr") ?
+probe nd_syscall.mq_getsetattr = kprobe.function("compat_sys_mq_getsetattr") ?,
+ kprobe.function("SyS_mq_getsetattr") ?,
+ kprobe.function("sys_mq_getsetattr") ?
{
name = "mq_getsetattr"
// mqdes = $mqdes
@@ -3463,8 +3699,9 @@ probe nd_syscall.mq_getsetattr = kprobe.function("sys_mq_getsetattr") ?,
u_omqstat_uaddr = pointer_arg(3)
argstr = sprintf("%d, %p, %p", mqdes, u_mqstat_uaddr, u_omqstat_uaddr)
}
-probe nd_syscall.mq_getsetattr.return = kprobe.function("sys_mq_getsetattr").return ?,
- kprobe.function("compat_sys_mq_getsetattr").return ?
+probe nd_syscall.mq_getsetattr.return = kprobe.function("compat_sys_mq_getsetattr").return ?,
+ kprobe.function("SyS_mq_getsetattr").return ?,
+ kprobe.function("sys_mq_getsetattr").return ?
{
name = "mq_getsetattr"
retstr = returnstr(1)
@@ -3474,8 +3711,9 @@ probe nd_syscall.mq_getsetattr.return = kprobe.function("sys_mq_getsetattr").ret
# long sys_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification)
# long compat_sys_mq_notify(mqd_t mqdes, const struct compat_sigevent __user *u_notification)
#
-probe nd_syscall.mq_notify = kprobe.function("sys_mq_notify") ?,
- kprobe.function("compat_sys_mq_notify") ?
+probe nd_syscall.mq_notify = kprobe.function("compat_sys_mq_notify") ?,
+ kprobe.function("SyS_mq_notify") ?,
+ kprobe.function("sys_mq_notify") ?
{
name = "mq_notify"
// mqdes = $mqdes
@@ -3486,8 +3724,9 @@ probe nd_syscall.mq_notify = kprobe.function("sys_mq_notify") ?,
notification_uaddr = pointer_arg(2)
argstr = sprintf("%d, %p", mqdes, notification_uaddr)
}
-probe nd_syscall.mq_notify.return = kprobe.function("sys_mq_notify").return ?,
- kprobe.function("compat_sys_mq_notify").return ?
+probe nd_syscall.mq_notify.return = kprobe.function("compat_sys_mq_notify").return ?,
+ kprobe.function("SyS_mq_notify").return ?,
+ kprobe.function("sys_mq_notify").return ?
{
name = "mq_notify"
retstr = returnstr(1)
@@ -3502,8 +3741,9 @@ probe nd_syscall.mq_notify.return = kprobe.function("sys_mq_notify").return ?,
# int oflag, compat_mode_t mode,
# struct compat_mq_attr __user *u_attr)
#
-probe nd_syscall.mq_open = kprobe.function("sys_mq_open") ?,
- kprobe.function("compat_sys_mq_open") ?
+probe nd_syscall.mq_open = kprobe.function("compat_sys_mq_open") ?,
+ kprobe.function("SyS_mq_open") ?,
+ kprobe.function("sys_mq_open") ?
{
name = "mq_open"
// name_uaddr = $u_name
@@ -3529,8 +3769,9 @@ probe nd_syscall.mq_open = kprobe.function("sys_mq_open") ?,
else
argstr = sprintf("%s, %s", user_string_quoted(name_uaddr), _sys_open_flag_str(oflag))
}
-probe nd_syscall.mq_open.return = kprobe.function("sys_mq_open").return ?,
- kprobe.function("compat_sys_mq_open").return ?
+probe nd_syscall.mq_open.return = kprobe.function("compat_sys_mq_open").return ?,
+ kprobe.function("SyS_mq_open").return ?,
+ kprobe.function("sys_mq_open").return ?
{
name = "mq_open"
retstr = returnstr(1)
@@ -3547,8 +3788,9 @@ probe nd_syscall.mq_open.return = kprobe.function("sys_mq_open").return ?,
# size_t msg_len, unsigned int __user *u_msg_prio,
# const struct compat_timespec __user *u_abs_timeout)
#
-probe nd_syscall.mq_timedreceive = kprobe.function("sys_mq_timedreceive") ?,
- kprobe.function("compat_sys_mq_timedreceive") ?
+probe nd_syscall.mq_timedreceive = kprobe.function("compat_sys_mq_timedreceive") ?,
+ kprobe.function("SyS_mq_timedreceive") ?,
+ kprobe.function("sys_mq_timedreceive") ?
{
name = "mq_timedreceive"
// mqdes = $mqdes
@@ -3567,8 +3809,9 @@ probe nd_syscall.mq_timedreceive = kprobe.function("sys_mq_timedreceive") ?,
argstr = sprintf("%d, %p, %d, %p, %p", mqdes, msg_ptr_uaddr, msg_len,
msg_prio_uaddr, abs_timeout_uaddr)
}
-probe nd_syscall.mq_timedreceive.return = kprobe.function("sys_mq_timedreceive").return ?,
- kprobe.function("compat_sys_mq_timedreceive").return ?
+probe nd_syscall.mq_timedreceive.return = kprobe.function("compat_sys_mq_timedreceive").return ?,
+ kprobe.function("SyS_mq_timedreceive").return ?,
+ kprobe.function("sys_mq_timedreceive").return ?
{
name = "mq_timedreceive"
retstr = returnstr(1)
@@ -3585,8 +3828,9 @@ probe nd_syscall.mq_timedreceive.return = kprobe.function("sys_mq_timedreceive")
# size_t msg_len, unsigned int msg_prio,
# const struct compat_timespec __user *u_abs_timeout)
#
-probe nd_syscall.mq_timedsend = kprobe.function("sys_mq_timedsend") ?,
- kprobe.function("compat_sys_mq_timedsend") ?
+probe nd_syscall.mq_timedsend = kprobe.function("compat_sys_mq_timedsend") ?,
+ kprobe.function("SyS_mq_timedsend") ?,
+ kprobe.function("sys_mq_timedsend") ?
{
name = "mq_timedsend"
// mqdes = $mqdes
@@ -3605,8 +3849,9 @@ probe nd_syscall.mq_timedsend = kprobe.function("sys_mq_timedsend") ?,
argstr = sprintf("%d, %p, %d, %d, %p", mqdes, msg_ptr_uaddr, msg_len,
msg_prio, abs_timeout_uaddr)
}
-probe nd_syscall.mq_timedsend.return = kprobe.function("sys_mq_timedsend").return ?,
- kprobe.function("compat_sys_mq_timedsend").return ?
+probe nd_syscall.mq_timedsend.return = kprobe.function("compat_sys_mq_timedsend").return ?,
+ kprobe.function("SyS_mq_timedsend").return ?,
+ kprobe.function("sys_mq_timedsend").return ?
{
name = "mq_timedsend"
retstr = returnstr(1)
@@ -3615,7 +3860,8 @@ probe nd_syscall.mq_timedsend.return = kprobe.function("sys_mq_timedsend").retur
# mq_unlink __________________________________________________
# long sys_mq_unlink(const char __user *u_name)
#
-probe nd_syscall.mq_unlink = kprobe.function("sys_mq_unlink") ?
+probe nd_syscall.mq_unlink = kprobe.function("SyS_mq_unlink") ?,
+ kprobe.function("sys_mq_unlink") ?
{
name = "mq_unlink"
// u_name_uaddr = $u_name
@@ -3626,7 +3872,8 @@ probe nd_syscall.mq_unlink = kprobe.function("sys_mq_unlink") ?
u_name = user_string(u_name_uaddr)
argstr = user_string_quoted(u_name_uaddr)
}
-probe nd_syscall.mq_unlink.return = kprobe.function("sys_mq_unlink").return ?
+probe nd_syscall.mq_unlink.return = kprobe.function("SyS_mq_unlink").return ?,
+ kprobe.function("sys_mq_unlink").return ?
{
name = "mq_unlink"
retstr = returnstr(1)
@@ -3639,8 +3886,9 @@ probe nd_syscall.mq_unlink.return = kprobe.function("sys_mq_unlink").return ?
# unsigned long flags,
# unsigned long new_addr)
#
-probe nd_syscall.mremap = kprobe.function("sys_mremap") ?,
- kprobe.function("ia64_mremap") ?
+probe nd_syscall.mremap = kprobe.function("ia64_mremap") ?,
+ kprobe.function("SyS_mremap") ?,
+ kprobe.function("sys_mremap") ?
{
name = "mremap"
// old_address = $addr
@@ -3659,8 +3907,9 @@ probe nd_syscall.mremap = kprobe.function("sys_mremap") ?,
argstr = sprintf("%p, %d, %d, %s, %p", old_address, old_size, new_size,
_mremap_flags(flags), new_address)
}
-probe nd_syscall.mremap.return = kprobe.function("sys_mremap").return ?,
- kprobe.function("ia64_mremap").return ?
+probe nd_syscall.mremap.return = kprobe.function("ia64_mremap").return ?,
+ kprobe.function("SyS_mremap").return ?,
+ kprobe.function("sys_mremap").return ?
{
name = "mremap"
retstr = returnstr(2)
@@ -3669,7 +3918,8 @@ probe nd_syscall.mremap.return = kprobe.function("sys_mremap").return ?,
# msgctl _____________________________________________________
# long sys_msgctl (int msqid, int cmd, struct msqid_ds __user *buf)
#
-probe nd_syscall.msgctl = kprobe.function("sys_msgctl") ?
+probe nd_syscall.msgctl = kprobe.function("SyS_msgctl") ?,
+ kprobe.function("sys_msgctl") ?
{
name = "msgctl"
// msqid = $msqid
@@ -3682,7 +3932,8 @@ probe nd_syscall.msgctl = kprobe.function("sys_msgctl") ?
buf_uaddr = pointer_arg(3)
argstr = sprintf("%d, %d, %p", msqid, cmd, buf_uaddr)
}
-probe nd_syscall.msgctl.return = kprobe.function("sys_msgctl").return ?
+probe nd_syscall.msgctl.return = kprobe.function("SyS_msgctl").return ?,
+ kprobe.function("sys_msgctl").return ?
{
name = "msgctl"
retstr = returnstr(1)
@@ -3707,7 +3958,8 @@ probe nd_syscall.compat_sys_msgctl.return = kprobe.function("compat_sys_msgctl")
# msgget _____________________________________________________
# long sys_msgget (key_t key, int msgflg)
#
-probe nd_syscall.msgget = kprobe.function("sys_msgget") ?
+probe nd_syscall.msgget = kprobe.function("SyS_msgget") ?,
+ kprobe.function("sys_msgget") ?
{
name = "msgget"
// key = $key
@@ -3720,7 +3972,8 @@ probe nd_syscall.msgget = kprobe.function("sys_msgget") ?
msgflg_str = _sys_open_flag_str(msgflg)
argstr = sprintf("%d, %s", key, _sys_open_flag_str(msgflg))
}
-probe nd_syscall.msgget.return = kprobe.function("sys_msgget").return ?
+probe nd_syscall.msgget.return = kprobe.function("SyS_msgget").return ?,
+ kprobe.function("sys_msgget").return ?
{
name = "msgget"
retstr = returnstr(1)
@@ -3733,7 +3986,8 @@ probe nd_syscall.msgget.return = kprobe.function("sys_msgget").return ?
# long msgtyp,
# int msgflg)
#
-probe nd_syscall.msgrcv = kprobe.function("sys_msgrcv") ?
+probe nd_syscall.msgrcv = kprobe.function("SyS_msgrcv") ?,
+ kprobe.function("sys_msgrcv") ?
{
name = "msgrcv"
// msqid = $msqid
@@ -3750,7 +4004,8 @@ probe nd_syscall.msgrcv = kprobe.function("sys_msgrcv") ?
msgflg = int_arg(5)
argstr = sprintf("%d, %p, %d, %d, %d", msqid, msgp_uaddr, msgsz, msgtyp, msgflg)
}
-probe nd_syscall.msgrcv.return = kprobe.function("sys_msgrcv").return ?
+probe nd_syscall.msgrcv.return = kprobe.function("SyS_msgrcv").return ?,
+ kprobe.function("sys_msgrcv").return ?
{
name = "msgrcv"
retstr = returnstr(1)
@@ -3779,7 +4034,8 @@ probe nd_syscall.compat_sys_msgrcv.return = kprobe.function("compat_sys_msgrcv")
# size_t msgsz,
# int msgflg)
#
-probe nd_syscall.msgsnd = kprobe.function("sys_msgsnd") ?
+probe nd_syscall.msgsnd = kprobe.function("SyS_msgsnd") ?,
+ kprobe.function("sys_msgsnd") ?
{
name = "msgsnd"
// msqid = $msqid
@@ -3794,7 +4050,8 @@ probe nd_syscall.msgsnd = kprobe.function("sys_msgsnd") ?
msgflg = int_arg(4)
argstr = sprintf("%d, %p, %d, %d", msqid, msgp_uaddr, msgsz, msgflg)
}
-probe nd_syscall.msgsnd.return = kprobe.function("sys_msgsnd").return ?
+probe nd_syscall.msgsnd.return = kprobe.function("SyS_msgsnd").return ?,
+ kprobe.function("sys_msgsnd").return ?
{
name = "msgsnd"
retstr = returnstr(1)
@@ -3818,7 +4075,8 @@ probe nd_syscall.compat_sys_msgsnd.return = kprobe.function("compat_sys_msgsnd")
# msync ______________________________________________________
# long sys_msync(unsigned long start, size_t len, int flags)
-probe nd_syscall.msync = kprobe.function("sys_msync") ?
+probe nd_syscall.msync = kprobe.function("SyS_msync") ?,
+ kprobe.function("sys_msync") ?
{
name = "msync"
// start = $start
@@ -3830,7 +4088,8 @@ probe nd_syscall.msync = kprobe.function("sys_msync") ?
flags = int_arg(3)
argstr = sprintf("%p, %d, %s", start, length, _msync_flag_str(flags))
}
-probe nd_syscall.msync.return = kprobe.function("sys_msync").return ?
+probe nd_syscall.msync.return = kprobe.function("SyS_msync").return ?,
+ kprobe.function("sys_msync").return ?
{
name = "msync"
retstr = returnstr(1)
@@ -3838,7 +4097,8 @@ probe nd_syscall.msync.return = kprobe.function("sys_msync").return ?
# munlock ____________________________________________________
# long sys_munlock(unsigned long start, size_t len)
-probe nd_syscall.munlock = kprobe.function("sys_munlock") ?
+probe nd_syscall.munlock = kprobe.function("SyS_munlock") ?,
+ kprobe.function("sys_munlock") ?
{
name = "munlock"
// addr = $start
@@ -3848,7 +4108,8 @@ probe nd_syscall.munlock = kprobe.function("sys_munlock") ?
len = ulong_arg(2)
argstr = sprintf("%p, %d", addr, len)
}
-probe nd_syscall.munlock.return = kprobe.function("sys_munlock").return ?
+probe nd_syscall.munlock.return = kprobe.function("SyS_munlock").return ?,
+ kprobe.function("sys_munlock").return ?
{
name = "munlock"
retstr = returnstr(1)
@@ -3869,7 +4130,8 @@ probe nd_syscall.munlockall.return = kprobe.function("sys_munlockall").return ?
# munmap _____________________________________________________
# long sys_munmap(unsigned long addr, size_t len)
-probe nd_syscall.munmap = kprobe.function("sys_munmap")
+probe nd_syscall.munmap = kprobe.function("SyS_munmap") ?,
+ kprobe.function("sys_munmap") ?
{
name = "munmap"
// start = $addr
@@ -3879,7 +4141,8 @@ probe nd_syscall.munmap = kprobe.function("sys_munmap")
length = ulong_arg(2)
argstr = sprintf("%p, %d", start, length)
}
-probe nd_syscall.munmap.return = kprobe.function("sys_munmap").return
+probe nd_syscall.munmap.return = kprobe.function("SyS_munmap").return ?,
+ kprobe.function("sys_munmap").return ?
{
name = "munmap"
retstr = returnstr(1)
--
1.5.6.5