|
Server : Apache/2.2.2 (Fedora) System : Linux App1.pathumtani.go.th 2.6.20-1.2320.fc5smp #1 SMP Tue Jun 12 19:40:16 EDT 2007 i686 User : apache ( 48) PHP Version : 5.2.9 Disable Function : NONE Directory : /usr/share/systemtap/tapset/ |
Upload File : |
// syscalls tapset part 2 [N-Z]
// Copyright (C) 2005 IBM Corp.
// Copyright (C) 2005, 2006 Red Hat Inc.
//
// This file is part of systemtap, and is free software. You can
// redistribute it and/or modify it under the terms of the GNU General
// Public License (GPL); either version 2, or (at your option) any
// later version.
/* Each syscall returns the calls parameters. In addition, the following
* variables are set:
*
* name - generally the syscall name minus the "sys_".
*
* argstr - a string containing the decoded args in an easy-to-read format.
* It doesn't need to contain everything, but should have all the
* important args. Set in entry probes only.
*
* retstr - a string containing the return value in an easy-to-read format.
* Set in return probes only.
*/
# nanosleep __________________________________________________
#
# long sys_nanosleep(struct timespec __user *rqtp,
# struct timespec __user *rmtp)
# long compat_sys_nanosleep(struct compat_timespec __user *rqtp,
# struct compat_timespec __user *rmtp)
#
probe syscall.nanosleep = kernel.function("sys_nanosleep") {
name = "nanosleep"
req_uaddr = $rqtp
rem_uaddr = $rmtp
argstr = sprintf("%s, %p", _struct_timespec_u($rqtp), $rmtp)
}
probe syscall.nanosleep.return = kernel.function("sys_nanosleep").return {
name = "nanosleep"
retstr = returnstr(1)
}
probe syscall.compat_nanosleep = kernel.function("compat_sys_nanosleep") ? {
name = "nanosleep"
req_uaddr = $rqtp
rem_uaddr = $rmtp
argstr = sprintf("%s, %p", _struct_compat_timespec_u($rqtp), $rmtp)
}
probe syscall.compat_nanosleep.return = kernel.function("compat_sys_nanosleep").return ? {
name = "nanosleep"
retstr = returnstr(1)
}
# nfsservctl _________________________________________________
#
# long asmlinkage
# sys_nfsservctl(int cmd,
# struct nfsctl_arg __user *arg,
# void __user *res)
#
probe syscall.nfsservctl = kernel.function("sys_nfsservctl") {
name = "nfsservctl"
cmd = $cmd
argp_uaddr = $arg
resp_uaddr = $res
argstr = sprintf("%p, %p, %p", cmd, argp_uaddr, resp_uaddr)
}
probe syscall.nfsservctl.return = kernel.function("sys_nfsservctl").return {
name = "nfsservctl"
retstr = returnstr(1)
}
# nice _______________________________________________________
# long sys_nice(int increment)
#
probe syscall.nice = kernel.function("sys_nice") {
name = "nice"
inc = $increment
argstr = sprintf("%d", $increment)
}
probe syscall.nice.return = kernel.function("sys_nice").return {
name = "nice"
retstr = returnstr(1)
}
# ni_syscall _________________________________________________
#
# long sys_ni_syscall(void)
#
probe syscall.ni_syscall = kernel.function("sys_ni_syscall") {
name = "ni_syscall"
argstr = ""
}
probe syscall.ni_syscall.return = kernel.function("sys_ni_syscall").return {
name = "ni_syscall"
retstr = returnstr(1)
}
# old_getrlimit ______________________________________________
#
# asmlinkage long
# sys_old_getrlimit(unsigned int resource,
# struct rlimit __user *rlim)
#
probe syscall.old_getrlimit = kernel.function("sys_old_getrlimit") {
name = "old_getrlimit"
resource = $resource
resource_str = _rlimit_resource_str($resource)
rlim_uaddr = $rlim
argstr = sprintf("%s, %p", resource_str, rlim_uaddr)
}
probe syscall.old_getrlimit.return = kernel.function("sys_old_getrlimit").return {
name = "old_getrlimit"
retstr = returnstr(1)
}
# open _______________________________________________________
# long sys_open(const char __user * filename, int flags, int mode)
probe syscall.open =
kernel.function("sys_open") ?,
kernel.function("sys32_open") ?
{
name = "open"
filename = user_string($filename)
flags = $flags
mode = $mode
if (flags & 64)
argstr = sprintf("%s, %s, %#o", user_string_quoted($filename),
_sys_open_flag_str(flags), $mode)
else
argstr = sprintf("%s, %s", user_string_quoted($filename),
_sys_open_flag_str(flags))
}
probe syscall.open.return =
kernel.function("sys_open").return ?,
kernel.function("sys32_open").return ?
{
name = "open"
retstr = returnstr(1)
}
# pause ______________________________________________________
#
# sys_pause(void)
#
probe syscall.pause = kernel.function("sys_pause") {
name = "pause"
argstr = ""
}
probe syscall.pause.return = kernel.function("sys_pause").return {
name = "pause"
retstr = returnstr(1)
}
# pciconfig_iobase ___________________________________________
#
# asmlinkage long
# sys_pciconfig_iobase(long which,
# unsigned long bus,
# unsigned long dfn)
#
#
#probe syscall.pciconfig_iobase = kernel.function("sys_pciconfig_iobase") {
# name = "pciconfig_iobase"
# which = $which
# bus = $bus
# dfn = $dfn
# argstr = sprintf("%p, %p, %p", which, bus, dfn)
#}
#probe syscall.pciconfig_iobase.return = kernel.function("sys_pciconfig_iobase").return {
# name = "pciconfig_iobase"
# retstr = returnstr(1)
#}
# pciconfig_read _____________________________________________
#
# asmlinkage int
# sys_pciconfig_read(unsigned long bus,
# unsigned long dfn,
# unsigned long off,
# unsigned long len,
# unsigned char *buf)
# { return 0; }
#
#
#probe syscall.pciconfig_read = kernel.function("sys_pciconfig_read") {
# name = "pciconfig_read"
# bus = $bus
# dfn = $dfn
# off = $off
# len = $len
# buf_uaddr = $buf
# argstr = sprintf("%p, %p, %p, %d, %p", bus, dfn, off,
# len, buf_uaddr)
#}
#probe syscall.pciconfig_read.return =
# kernel.function("sys_pciconfig_read").return {
# name = "pciconfig_read"
# retstr = returnstr(1)
#}
# pciconfig_write ____________________________________________
#
# asmlinkage int
# sys_pciconfig_write(unsigned long bus,
# unsigned long dfn,
# unsigned long off,
# unsigned long len,
# unsigned char *buf)
#
#
#probe syscall.pciconfig_write = kernel.function("sys_pciconfig_write") {
# name = "pciconfig_write"
# bus = $bus
# dfn = $dfn
# off = $off
# len = $len
# buf_uaddr = $buf
# argstr = sprintf("%p, %p, %p, %d, %p", bus, dfn, off,
# len, buf_uaddr)
#}
#probe syscall.pciconfig_write.return =
# kernel.function("sys_pciconfig_write").return {
# name = "pciconfig_write"
# retstr = returnstr(1)
#}
# personality ________________________________________________
#
# asmlinkage long
# sys_personality(u_long personality)
#
probe syscall.personality = kernel.function("sys_personality") {
name = "personality"
persona = $personality
argstr = sprintf("%p", persona);
}
probe syscall.personality.return = kernel.function("sys_personality").return {
name = "personality"
retstr = returnstr(1)
}
# pipe _______________________________________________________
#
# asmlinkage int
# sys_pipe(unsigned long __user * fildes)
#
%(arch == "x86_64" %?
# x86_64 gcc 4.1 problem
probe syscall.pipe = kernel.function("sys_pipe") {
name = "pipe"
argstr = ""
}
%:
probe syscall.pipe = kernel.function("sys_pipe") {
name = "pipe"
fildes_uaddr = $fildes
argstr = _fildes_u($fildes)
}
%)
probe syscall.pipe.return = kernel.function("sys_pipe").return {
name = "pipe"
retstr = returnstr(1)
}
# pivot_root _________________________________________________
#
# asmlinkage long
# sys_pivot_root(const char __user *new_root,
# const char __user *put_old)
#
probe syscall.pivot_root = kernel.function("sys_pivot_root") {
name = "pivot_root"
new_root_str = user_string($new_root)
old_root_str = user_string($put_old)
argstr = sprintf("%s, %s", user_string_quoted($new_root),
user_string_quoted($put_old))
}
probe syscall.pivot_root.return = kernel.function("sys_pivot_root").return {
name = "pivot_root"
retstr = returnstr(1)
}
# poll _______________________________________________________
#
# asmlinkage long
# sys_poll(struct pollfd __user * ufds,
# unsigned int nfds,
# long timeout)
#
probe syscall.poll = kernel.function("sys_poll") {
name = "poll"
ufds_uaddr = $ufds
nfds = $nfds
%( kernel_vr > "2.6.15-1.1831" %?
timeout = $timeout_msecs
%:
timeout = $timeout
%)
argstr = sprintf("%p, %d, %d", ufds_uaddr, nfds, timeout)
}
probe syscall.poll.return = kernel.function("sys_poll").return {
name = "poll"
retstr = returnstr(1)
}
# prctl ______________________________________________________
#
# asmlinkage long
# sys_prctl(int option,
# unsigned long arg2,
# unsigned long arg3,
# unsigned long arg4,
# unsigned long arg5)
#
probe syscall.prctl = kernel.function("sys_prctl") {
name = "prctl"
option = $option
arg2 = $arg2
arg3 = $arg3
arg4 = $arg4
arg5 = $arg5
argstr = sprintf("%p, %p, %p, %p, %p", option, arg2, arg3,
arg4, arg5)
}
probe syscall.prctl.return = kernel.function("sys_prctl").return {
name = "prctl"
retstr = returnstr(1)
}
# pread64 ____________________________________________________
#
# asmlinkage ssize_t
# sys_pread64(unsigned int fd,
# char __user *buf,
# size_t count,
# loff_t pos)
#
probe syscall.pread64 = kernel.function("sys_pread64") {
name = "pread64"
fd = $fd
buf_uaddr = $buf
count = $count
offset = $pos
argstr = sprintf("%d, %p, %p, %p", fd, buf_uaddr,
count, offset)
}
probe syscall.pread64.return = kernel.function("sys_pread64").return {
name = "pread64"
retstr = returnstr(1)
}
# ptrace _____________________________________________________
#
# asmlinkage int
# sys_ptrace(long request,
# long pid,
# long addr,
# long data)
#
probe syscall.ptrace = kernel.function("sys_ptrace") {
name = "ptrace"
request = $request
pid = $pid
addr = $addr
data = $data
argstr = sprintf("%p, %p, %p, %p", request, pid,
addr, data)
}
probe syscall.ptrace.return = kernel.function("sys_ptrace").return {
name = "ptrace"
retstr = returnstr(1)
}
# pwrite64 ___________________________________________________
#
# asmlinkage ssize_t
# sys_pwrite64(unsigned int fd,
# const char __user *buf,
# size_t count,
# loff_t pos)
#
probe syscall.pwrite64 = kernel.function("sys_pwrite64") {
name = "pwrite64"
fd = $fd
buf_uaddr = $buf
count = $count
offset = $pos
argstr = sprintf("%d, %p, %p, %p", fd, buf_uaddr,
count, offset)
}
probe syscall.pwrite64.return = kernel.function("sys_pwrite64").return {
name = "pwrite64"
retstr = returnstr(1)
}
# read _______________________________________________________
# ssize_t sys_read(unsigned int fd, char __user * buf, size_t count)
probe syscall.read = kernel.function("sys_read") {
name = "read"
fd = $fd
buf_uaddr = $buf
count = $count
argstr = sprintf("%d, %p, %d", $fd, $buf, $count)
}
probe syscall.read.return = kernel.function("sys_read").return {
name = "read"
retstr = returnstr(1)
}
# readahead __________________________________________________
#
# asmlinkage ssize_t
# sys_readahead(int fd,
# loff_t offset,
# size_t count)
#
probe syscall.readahead = kernel.function("sys_readahead") {
name = "readahead"
fd = $fd
offset = $offset
count = $count
argstr = sprintf("%d, %p, %p", fd, offset, count)
}
probe syscall.readahead.return = kernel.function("sys_readahead").return {
name = "readahead"
retstr = returnstr(1)
}
# readlink ___________________________________________________
#
# long sys_readlink(const char __user * path,
# char __user * buf,
# int bufsiz)
#
probe syscall.readlink = kernel.function("sys_readlink") {
name = "readlink"
path = user_string($path)
buf_uaddr = $buf
bufsiz = $bufsiz
argstr = sprintf("%s, %p, %d", user_string_quoted($path),
buf_uaddr, bufsiz)
}
probe syscall.readlink.return = kernel.function("sys_readlink").return {
name = "readlink"
retstr = returnstr(1)
}
# readv ______________________________________________________
#
# ssize_t sys_readv(unsigned long fd,
# const struct iovec __user *vec,
# unsigned long vlen)
# ssize_t compat_sys_readv(unsigned long fd,
# const struct compat_iovec __user *vec,
# unsigned long vlen)
#
probe syscall.readv =
kernel.function("sys_readv"),
kernel.function("compat_sys_readv") ?
{
name = "readv"
vector_uaddr = $vec
count = $vlen
/* FIXME: RHEL4 U3 ppc64 can't resolve $fd */
%( arch != "ppc64" %?
fd = $fd
argstr = sprintf("%d, %p, %d", $fd, $vec, $vlen)
%:
argstr = sprintf("unknown fd, %p, %d", $vec, $vlen)
%)
}
probe syscall.readv.return =
kernel.function("sys_readv").return,
kernel.function("compat_sys_readv").return ?
{
name = "readv"
retstr = returnstr(1)
}
# reboot _____________________________________________________
#
# asmlinkage long
# sys_reboot(int magic1,
# int magic2,
# unsigned int cmd,
# void __user * arg)
#
probe syscall.reboot = kernel.function("sys_reboot") {
name = "reboot"
magic = $magic1
magic_str = _reboot_magic_str($magic1)
magic2 = $magic2
magic2_str =_reboot_magic_str($magic2)
flag = $cmd
flag_str = _reboot_flag_str(flag)
arg_uaddr = $arg
argstr = sprintf("%s, %s, %s, %p", magic_str, magic2_str,
flag_str, arg_uaddr)
}
probe syscall.reboot.return = kernel.function("sys_reboot").return {
name = "reboot"
retstr = returnstr(1)
}
# recv _______________________________________________________
#
# asmlinkage long
# sys_recvfrom(int fd,
# void __user * ubuf,
# size_t size,
# unsigned flags,
# struct sockaddr __user *addr,
# int __user *addr_len)
#
probe syscall.recv = kernel.function("sys_recvfrom") {
name = "recv"
s = $fd
buf_uaddr = $ubuf
len = $size
flags = $flags
flags_str = _recvflags_str($flags)
addr_uaddr = $addr
addrlen_uaddr = $addr_len
argstr = sprintf("%d, %p, %p, %s, %p, %p",
s, buf_uaddr, len, flags_str, addr_uaddr,
addrlen_uaddr)
}
probe syscall.recv.return = kernel.function("sys_recvfrom").return {
name = "recv"
retstr = returnstr(1)
}
# recvfrom ___________________________________________________
#
# asmlinkage long
# sys_recvfrom(int fd,
# void __user * ubuf,
# size_t size,
# unsigned flags,
# struct sockaddr __user *addr,
# int __user *addr_len)
#
probe syscall.recvfrom = kernel.function("sys_recvfrom") {
name = "recvfrom"
s = $fd
buf_uaddr = $ubuf
len = $size
flags = $flags
flags_str = _recvflags_str($flags)
addr_uaddr = $addr
addrlen_uaddr = $addr_len
argstr = sprintf("%d, %p, %p, %s, %p, %p",
s, buf_uaddr, len, flags_str,
addr_uaddr, addrlen_uaddr)
}
probe syscall.recvfrom.return = kernel.function("sys_recvfrom").return {
name = "recvfrom"
retstr = returnstr(1)
}
# recvmsg ____________________________________________________
#
# asmlinkage long
# sys_recvmsg(int fd,
# struct msghdr __user *msg,
# unsigned int flags)
#
probe syscall.recvmsg = kernel.function("sys_recvmsg") {
name = "recvmsg"
s = $fd
msg_uaddr = $msg
flags = $flags
flags_str = _recvflags_str($flags)
argstr = sprintf("%d, %p, %s", s, msg_uaddr, flags_str)
}
probe syscall.recvmsg.return = kernel.function("sys_recvmsg").return {
name = "recvmsg"
retstr = returnstr(1)
}
# remap_file_pages ___________________________________________
#
# asmlinkage long
# sys_remap_file_pages(unsigned long start,
# unsigned long size,
# unsigned long __prot,
# unsigned long pgoff,
# unsigned long flags)
#
probe syscall.remap_file_pages = kernel.function("sys_remap_file_pages") {
name = "remap_file_pages"
start = $start
size = $size
prot = $__prot
pgoff = $pgoff
flags = $flags
argstr = sprintf("%p, %p, %p, %p, %p", start, size, prot,
pgoff, flags)
}
probe syscall.remap_file_pages.return =
kernel.function("sys_remap_file_pages").return {
name = "remap_file_pages"
retstr = returnstr(1)
}
# removexattr ________________________________________________
#
# asmlinkage long
# sys_removexattr(char __user *path,
# char __user *name)
#
probe syscall.removexattr = kernel.function("sys_removexattr") {
name = "removexattr"
path = user_string($path)
name_str = user_string($name)
argstr = sprintf("%s, %s", user_string_quoted($path),
user_string_quoted($name))
}
probe syscall.removexattr.return = kernel.function("sys_removexattr").return {
name = "removexattr"
retstr = returnstr(1)
}
# rename _____________________________________________________
#
# asmlinkage long
# sys_rename(const char __user * oldname,
# const char __user * newname)
#
probe syscall.rename = kernel.function("sys_rename") {
name = "rename"
oldpath = user_string($oldname)
newpath = user_string($newname)
argstr = sprintf("%s, %s", user_string_quoted($oldname),
user_string_quoted($newname))
}
probe syscall.rename.return = kernel.function("sys_rename").return {
name = "rename"
retstr = returnstr(1)
}
# restart_syscall ____________________________________________
#
# asmlinkage long
# sys_restart_syscall(void)
#
probe syscall.restart_syscall = kernel.function("sys_restart_syscall") {
name = "restart_syscall"
argstr = ""
}
probe syscall.restart_syscall.return =
kernel.function("sys_restart_syscall").return {
name = "restart_syscall"
retstr = returnstr(1)
}
# rmdir ______________________________________________________
#
# asmlinkage long
# sys_rmdir(const char __user * pathname)
#
probe syscall.rmdir = kernel.function("sys_rmdir") {
name = "rmdir"
pathname = user_string($pathname)
argstr = user_string_quoted($pathname)
}
probe syscall.rmdir.return = kernel.function("sys_rmdir").return {
name = "rmdir"
retstr = returnstr(1)
}
# rt_sigaction _______________________________________________
#
# long sys_rt_sigaction(int sig,
# const struct sigaction __user *act,
# struct sigaction __user *oact,
# size_t sigsetsize)
#
probe syscall.rt_sigaction = kernel.function("sys_rt_sigaction") {
name = "rt_sigaction"
sig = $sig
act_uaddr = $act
oact_uaddr = $oact
sigsetsize = $sigsetsize
//FIXME - decode $act
argstr = sprintf("%s, %p, %p, %d", _signal_name($sig),
$act, $oact, $sigsetsize)
}
probe syscall.rt_sigaction.return = kernel.function("sys_rt_sigaction").return {
name = "rt_sigaction"
retstr = returnstr(1)
}
#
# long sys32_rt_sigaction(int sig,
# struct sigaction32 __user *act,
# struct sigaction32 __user *oact,
# unsigned int sigsetsize)
probe syscall.rt_sigaction32 = kernel.function("sys32_rt_sigaction") ? {
name = "rt_sigaction"
sig = $sig
act_uaddr = $act
oact_uaddr = $oact
sigsetsize = $sigsetsize
//FIXME - decode $act
argstr = sprintf("%s, %p, %p, %d", _signal_name($sig),
$act, $oact, $sigsetsize)
}
probe syscall.rt_sigaction32.return = kernel.function("sys32_rt_sigaction").return ? {
name = "rt_sigaction"
retstr = returnstr(1)
}
# rt_sigpending ______________________________________________
#
# long sys_rt_sigpending(sigset_t __user *set, size_t sigsetsize)
#
probe syscall.rt_sigpending = kernel.function("do_sigpending") {
name = "rt_sigpending"
set_uaddr = $set
sigsetsize = $sigsetsize
argstr = sprintf("%p, %d", $set, $sigsetsize)
}
probe syscall.rt_sigpending.return = kernel.function("do_sigpending").return {
name = "rt_sigpending"
retstr = returnstr(1)
}
# rt_sigprocmask _____________________________________________
#
# long sys_rt_sigprocmask(int how,
# sigset_t __user *set,
# sigset_t __user *oset,
# size_t sigsetsize)
#
probe syscall.rt_sigprocmask = kernel.function("sys_rt_sigprocmask") {
name = "rt_sigprocmask"
how = $how
how_str = _sigprocmask_how_str($how)
set_uaddr = $set
# FIXME - need to decode $set
oset_uaddr = $oset
sigsetsize = $sigsetsize
argstr = sprintf("%s, %p, %p, %d", how_str, $set, $oset, $sigsetsize)
}
probe syscall.rt_sigprocmask.return =
kernel.function("sys_rt_sigprocmask").return {
name = "rt_sigprocmask"
retstr = returnstr(1)
}
# rt_sigqueueinfo ____________________________________________
#
# asmlinkage long
# sys_rt_sigqueueinfo(int pid,
# int sig,
# siginfo_t __user *uinfo)
#
probe syscall.rt_sigqueueinfo = kernel.function("sys_rt_sigqueueinfo") {
name = "rt_sigqueueinfo"
pid = $pid
sig = $sig
uinfo_uaddr = $uinfo
argstr = sprintf("%p, %s, %p", $pid, _signal_name($sig), $uinfo)
}
probe syscall.rt_sigqueueinfo.return =
kernel.function("sys_rt_sigqueueinfo").return {
name = "rt_sigqueueinfo"
retstr = returnstr(1)
}
# rt_sigreturn _______________________________________________
# int sys_rt_sigreturn(unsigned long __unused)
#
probe syscall.rt_sigreturn = kernel.function("sys_rt_sigreturn") {
name = "rt_sigreturn"
argstr = ""
}
probe syscall.rt_sigreturn.return = kernel.function("sys_rt_sigreturn").return {
name = "rt_sigreturn"
retstr = returnstr(1)
}
# rt_sigsuspend ______________________________________________
#
# asmlinkage int
# sys_rt_sigsuspend(struct pt_regs regs)
#
probe syscall.rt_sigsuspend = kernel.function("sys_rt_sigsuspend") {
name = "rt_sigsuspend"
/* FIXME : i386 can't resolve regs for this function */
#regs = $regs
argstr = ""
}
probe syscall.rt_sigsuspend.return = kernel.function("sys_rt_sigsuspend").return {
name = "rt_sigsuspend"
retstr = returnstr(1)
}
# rt_sigtimedwait ____________________________________________
#
# asmlinkage long
# sys_rt_sigtimedwait(const sigset_t __user *uthese,
# siginfo_t __user *uinfo,
# const struct timespec __user *uts,
# size_t sigsetsize)
#
probe syscall.rt_sigtimedwait = kernel.function("sys_rt_sigtimedwait") {
name = "rt_sigtimedwait"
uthese_uaddr = $uthese
uinfo_uaddr = $uinfo
uts_uaddr = $uts
sigsetsize = $sigsetsize
argstr = sprintf("%p, %p, %p, %d", $uthese, $uinfo, $uts, $sigsetsize)
}
probe syscall.rt_sigtimedwait.return =
kernel.function("sys_rt_sigtimedwait").return {
name = "rt_sigtimedwait"
retstr = returnstr(1)
}
# sched_getaffinity __________________________________________
#
# asmlinkage long
# sys_sched_getaffinity(pid_t pid,
# unsigned int len,
# unsigned long __user *user_mask_ptr)
#
probe syscall.sched_getaffinity = kernel.function("sys_sched_getaffinity") {
name = "sched_getaffinity"
pid = $pid
len = $len
mask_uaddr = $user_mask_ptr
argstr = sprintf("%d, %p, %p", pid, len, mask_uaddr)
}
probe syscall.sched_getaffinity.return =
kernel.function("sys_sched_getaffinity").return {
name = "sched_getaffinity"
retstr = returnstr(1)
}
# sched_getparam _____________________________________________
#
# asmlinkage long
# sys_sched_getparam(pid_t pid,
# struct sched_param __user *param)
#
probe syscall.sched_getparam = kernel.function("sys_sched_getparam") {
name = "sched_getparam"
pid = $pid
p_uaddr = $param
argstr = sprintf("%d, %p", pid, p_uaddr)
}
probe syscall.sched_getparam.return =
kernel.function("sys_sched_getparam").return {
name = "sched_getparam"
retstr = returnstr(1)
}
# sched_get_priority_max _____________________________________
#
# asmlinkage long
# sys_sched_get_priority_max(int policy)
#
probe syscall.sched_get_priority_max =
kernel.function("sys_sched_get_priority_max") {
name = "sched_get_priority_max"
policy = $policy
argstr = sprint(policy)
}
probe syscall.sched_get_priority_max.return =
kernel.function("sys_sched_get_priority_max").return {
name = "sched_get_priority_max"
retstr = returnstr(1)
}
# sched_get_priority_min _____________________________________
#
# asmlinkage long
# sys_sched_get_priority_min(int policy)
#
probe syscall.sched_get_priority_min =
kernel.function("sys_sched_get_priority_min") {
name = "sched_get_priority_min"
policy = $policy
argstr = sprint(policy)
}
probe syscall.sched_get_priority_min.return =
kernel.function("sys_sched_get_priority_min").return {
name = "sched_get_priority_min"
retstr = returnstr(1)
}
# sched_getscheduler _________________________________________
#
# asmlinkage long
# sys_sched_getscheduler(pid_t pid)
#
probe syscall.sched_getscheduler = kernel.function("sys_sched_getscheduler") {
name = "sched_getscheduler"
pid = $pid
argstr = sprint(pid)
}
probe syscall.sched_getscheduler.return =
kernel.function("sys_sched_getscheduler").return {
name = "sched_getscheduler"
retstr = returnstr(1)
}
# sched_rr_get_interval ______________________________________
#
# asmlinkage long
# sys_sched_rr_get_interval(pid_t pid,
# struct timespec __user *interval)
#
probe syscall.sched_rr_get_interval =
kernel.function("sys_sched_rr_get_interval") {
name = "sched_rr_get_interval"
pid = $pid
tp_uaddr = $interval
argstr = sprintf("%d, %s", pid, _struct_timespec_u(tp_uaddr))
}
probe syscall.sched_rr_get_interval.return =
kernel.function("sys_sched_rr_get_interval").return {
name = "sched_rr_get_interval"
retstr = returnstr(1)
}
# sched_setaffinity __________________________________________
# long sys_sched_setaffinity(pid_t pid,
# unsigned int len,
# unsigned long __user *user_mask_ptr)
#
%( arch != "x86_64" %?
probe syscall.sched_setaffinity = kernel.function("sys_sched_setaffinity") {
name = "sched_setaffinity"
pid = $pid
len = $len
mask_uaddr = $user_mask_ptr
argstr = sprintf("%d, %d, %p", $pid, $len, $user_mask_ptr)
}
%:
probe syscall.sched_setaffinity = kernel.function("sys_sched_setaffinity") {
name = "sched_setaffinity"
pid = $pid
len = 0
mask_uaddr = $user_mask_ptr
argstr = sprintf("%d, <unknown>, %p", $pid, $user_mask_ptr)
}
%)
probe syscall.sched_setaffinity.return = kernel.function("sys_sched_setaffinity").return {
name = "sched_setaffinity"
retstr = returnstr(1)
}
# sched_yield ________________________________________________
# long sys_sched_yield(void)
#
probe syscall.sched_yield = kernel.function("sys_sched_yield") {
name = "sched_yield"
argstr = ""
}
probe syscall.sched_yield.return = kernel.function("sys_sched_yield").return {
name = "sched_yield"
retstr = returnstr(1)
}
# select _____________________________________________________
# long sys_select(int n,
# fd_set __user *inp,
# fd_set __user *outp,
# fd_set __user *exp,
# struct timeval __user *tvp)
#
probe syscall.select = kernel.function("sys_select") {
name = "select"
n = $n
readfds_uaddr = $inp
writefds_uaddr = $outp
exceptfds_uaddr = $exp
timeout_uaddr = $tvp
argstr = sprintf("%d, %s, %s, %s, %s", n, _fd_set_u(readfds_uaddr),
_fd_set_u(writefds_uaddr),
_fd_set_u(exceptfds_uaddr),
_struct_timeval_u(timeout_uaddr))
}
probe syscall.select.return = kernel.function("sys_select").return {
name = "select"
retstr = returnstr(1)
}
# semctl _____________________________________________________
# long sys_semctl (int semid,
# int semnum,
# int cmd,
# union semun arg)
#
probe syscall.semctl = kernel.function("sys_semctl") {
name = "semctl"
semid = $semid
semnum = $semnum
cmd = $cmd
/*
* unsupported type tag identifier '$arg'
* arg = $arg
*/
argstr = sprintf("%d, %d, %s", semid, semnum, _semctl_cmd(cmd))
}
probe syscall.semctl.return = kernel.function("sys_semctl").return {
name = "semctl"
retstr = returnstr(1)
}
# semget _____________________________________________________
# long sys_semget (key_t key, int nsems, int semflg)
#
probe syscall.semget = kernel.function("sys_semget") {
name = "semget"
key = $key
nsems = $nsems
semflg = $semflg
argstr = sprintf("%d, %d, %s", key, nsems, __sem_flags(semflg))
}
probe syscall.semget.return = kernel.function("sys_semget").return {
name = "semget"
retstr = returnstr(1)
}
# semop ______________________________________________________
#
# asmlinkage long
# sys_semop (int semid,
# struct sembuf __user *tsops,
# unsigned nsops)
#
probe syscall.semop = kernel.function("sys_semtimedop") {
name = "semop"
semid = $semid
tsops_uaddr = $tsops
nsops = $nsops
argstr = sprintf("%d, %p, %d", semid, tsops_uaddr, nsops)
}
probe syscall.semop.return = kernel.function("sys_semtimedop").return {
name = "semop"
retstr = returnstr(1)
}
# semtimedop _________________________________________________
#
# asmlinkage long
# sys_semtimedop(int semid,
# struct sembuf __user *tsops,
# unsigned nsops,
# const struct timespec __user *timeout)
#
probe syscall.semtimedop = kernel.function("sys_semtimedop") {
name = "semtimedop"
semid = $semid
sops_uaddr = $tsops
nsops = $nsops
timeout_uaddr = $timeout
argstr = sprintf("%d, %p, %d, %s", semid, sops_uaddr, nsops,
_struct_timespec_u(timeout_uaddr))
}
probe syscall.semtimedop.return = kernel.function("sys_semtimedop").return {
name = "semtimedop"
retstr = returnstr(1)
}
# send _______________________________________________________
#
# asmlinkage long
# sys_sendto(int fd,
# void __user * buff,
# size_t len,
# unsigned flags,
# struct sockaddr __user *addr,
# int addr_len)
#
probe syscall.send = kernel.function("sys_sendto") {
name = "send"
s = $fd
buf_uaddr = $buff
len = $len
flags = $flags
flags_str = _send_flags_str($flags)
to_uaddr = $addr
tolen = $addr_len
argstr = sprintf("%d, %p, %s, %p, %d", $fd, buf_uaddr,
flags_str, to_uaddr, $addr_len)
}
probe syscall.send.return = kernel.function("sys_sendto").return {
name = "send"
retstr = returnstr(1)
}
# sendfile ___________________________________________________
#
# ssize_t sys_sendfile[64](int out_fd,
# int in_fd,
# off_t __user *offset,
# size_t count)
#
probe syscall.sendfile = kernel.function("sys_sendfile") ?, kernel.function("sys_sendfile64") ? {
name = "sendfile"
out_fd = $out_fd
in_fd = $in_fd
offset_uaddr = $offset
count = $count
argstr = sprintf("%d, %d, %p, %d", $out_fd, $in_fd, offset_uaddr,
$count)
}
probe syscall.sendfile.return = kernel.function("sys_sendfile").return ?, kernel.function("sys_sendfile64").return ? {
name = "sendfile"
retstr = returnstr(1)
}
# sendmsg ____________________________________________________
#
# asmlinkage long
# sys_sendmsg(int fd,
# struct msghdr __user *msg,
# unsigned flags)
#
probe syscall.sendmsg = kernel.function("sys_sendmsg") {
name = "sendmsg"
s = $fd
msg_uaddr = $msg
flags = $flags
flags_str = _send_flags_str($flags)
argstr = sprintf("%d, %p, %s", $fd, msg_uaddr, flags_str)
}
probe syscall.sendmsg.return = kernel.function("sys_sendmsg").return {
name = "sendmsg"
retstr = returnstr(1)
}
# sendto _____________________________________________________
#
# asmlinkage long
# sys_sendto(int fd,
# void __user * buff,
# size_t len,
# unsigned flags,
# struct sockaddr __user *addr,
# int addr_len)
#
probe syscall.sendto = kernel.function("sys_sendto") {
name = "sendto"
s = $fd
buf_uaddr = $buff
len = $len
flags = $flags
flags_str = _send_flags_str($flags)
to_uaddr = $addr
tolen = $addr_len
argstr = sprintf("%d, %p, %d, %s, %p, %d", $fd, buf_uaddr,
$len, flags_str, to_uaddr, $addr_len)
}
probe syscall.sendto.return = kernel.function("sys_sendto").return {
name = "sendto"
retstr = returnstr(1)
}
# setdomainname ______________________________________________
#
# asmlinkage long
# sys_setdomainname(char __user *name,
# int len)
#
probe syscall.setdomainname = kernel.function("sys_setdomainname") {
name = "setdomainname"
hostname_uaddr = $name
len = $len
argstr = ""
}
probe syscall.setdomainname.return =
kernel.function("sys_setdomainname").return {
name = "setdomainname"
retstr = returnstr(1)
}
# setfsgid ___________________________________________________
# long sys_setfsgid(gid_t gid)
#
probe syscall.setfsgid = kernel.function("sys_setfsgid") {
name = "setfsgid"
fsgid = $gid
argstr = sprint($gid)
}
probe syscall.setfsgid.return = kernel.function("sys_setfsgid").return {
name = "setfsgid"
retstr = returnstr(1)
}
# setfsgid16 _________________________________________________
# long sys_setfsgid16(old_gid_t gid)
#
probe syscall.setfsgid16 = kernel.function("sys_setfsgid16") ? {
name = "setfsgid16"
gid = $gid
argstr = sprint($gid)
}
probe syscall.setfsgid16.return = kernel.function("sys_setfsgid16").return ? {
name = "setfsgid16"
retstr = returnstr(1)
}
# setfsuid ___________________________________________________
# long sys_setfsuid(uid_t uid)
#
probe syscall.setfsuid = kernel.function("sys_setfsuid") {
name = "setfsuid"
fsuid = $uid
argstr = sprint($uid)
}
probe syscall.setfsuid.return = kernel.function("sys_setfsuid").return {
name = "setfsuid"
retstr = returnstr(1)
}
# setfsuid16 _________________________________________________
# long sys_setfsuid16(old_uid_t uid)
#
probe syscall.setfsuid16 = kernel.function("sys_setfsuid16") ? {
name = "setfsuid16"
uid = $uid
argstr = sprint($uid)
}
probe syscall.setfsuid16.return = kernel.function("sys_setfsuid16").return ? {
name = "setfsuid16"
retstr = returnstr(1)
}
# setgid _____________________________________________________
#
# long sys_setgid(gid_t gid)
#
probe syscall.setgid = kernel.function("sys_setgid") {
name = "setgid"
gid = $gid
argstr = sprint($gid)
}
probe syscall.setgid.return = kernel.function("sys_setgid").return {
name = "setgid"
retstr = returnstr(1)
}
# setgid16 ___________________________________________________
#
# long sys_setgid16(old_gid_t gid)
#
probe syscall.setgid16 = kernel.function("sys_setgid16") ? {
name = "setgid16"
gid = $gid
argstr = sprint($gid)
}
probe syscall.setgid16.return = kernel.function("sys_setgid16").return ? {
name = "setgid16"
retstr = returnstr(1)
}
# setgroups __________________________________________________
#
# long sys_setgroups(int gidsetsize, gid_t __user *grouplist)
#
probe syscall.setgroups = kernel.function("sys_setgroups") {
name = "setgroups"
size = $gidsetsize
/*
* NOTE
* list defined as "gid_t list[]" there
* is no practical way to export these
* values. Therefore just export addr,
* let the user take care of it with
* embedded C if need be.
*/
list_uaddr = $grouplist
argstr = sprintf("%d, %p", $gidsetsize, list_uaddr)
}
probe syscall.setgroups.return = kernel.function("sys_setgroups").return {
name = "setgroups"
retstr = returnstr(1)
}
# sethostname ________________________________________________
#
# asmlinkage long
# sys_sethostname(char __user *name,
# int len)
#
probe syscall.sethostname = kernel.function("sys_sethostname") {
name = "sethostname"
hostname_uaddr = $name
name_str = user_string($name)
len = $len
argstr = sprintf("%s, %d", user_string_quoted($name), $len)
}
probe syscall.sethostname.return = kernel.function("sys_sethostname").return {
name = "sethostname"
retstr = returnstr(1)
}
# setitimer __________________________________________________
#
# long sys_setitimer(int which,
# struct itimerval __user *value,
# struct itimerval __user *ovalue)
#
probe syscall.setitimer = kernel.function("sys_setitimer") {
name = "setitimer"
which = $which
value_uaddr = $value
ovalue_uaddr = $ovalue
argstr = sprintf("%s, %s, %p", _itimer_which_str($which),
_struct_itimerval_u($value), $ovalue)
}
probe syscall.setitimer.return = kernel.function("sys_setitimer").return {
name = "setitimer"
retstr = returnstr(1)
}
#
# long compat_sys_setitimer(int which,
# struct compat_itimerval __user *in,
# struct compat_itimerval __user *out)
#
probe syscall.compat_setitimer = kernel.function("compat_sys_setitimer") ? {
name = "setitimer"
which = $which
value_uaddr = $in
ovalue_uaddr = $out
argstr = sprintf("%s, %s, %p", _itimer_which_str($which),
_struct_compat_itimerval_u($in), $out)
}
probe syscall.compat_setitimer.return = kernel.function("compat_sys_setitimer").return ? {
name = "setitimer"
retstr = returnstr(1)
}
# set_mempolicy ______________________________________________
# long sys_set_mempolicy(int mode,
# unsigned long __user *nmask,
# unsigned long maxnode)
#
probe syscall.set_mempolicy = kernel.function("sys_set_mempolicy") ? {
name = "set_mempolicy"
mode = $mode
nmask_uaddr = $nmask
maxnode = $maxnode
argstr = sprintf("%d, %p, %d", $mode, nmask_uaddr, $maxnode)
}
probe syscall.set_mempolicy.return = kernel.function("sys_set_mempolicy").return ? {
name = "set_mempolicy"
retstr = returnstr(1)
}
# setpgid ____________________________________________________
#
# asmlinkage long
# sys_setpgid(pid_t pid,
# pid_t pgid)
#
probe syscall.setpgid = kernel.function("sys_setpgid") {
name = "setpgid"
pid = $pid
pgid = $pgid
argstr = sprintf("%d, %d", $pid, $pgid)
}
probe syscall.setpgid.return = kernel.function("sys_setpgid").return {
name = "setpgid"
retstr = returnstr(1)
}
# setpriority ________________________________________________
#
# asmlinkage long
# sys_setpriority(int which,
# int who,
# int niceval)
#
probe syscall.setpriority = kernel.function("sys_setpriority") {
name = "setpriority"
which = $which
which_str = _priority_which_str($which)
who = $who
prio = $niceval
argstr = sprintf("%s, %d, %d", which_str, $who, $niceval)
}
probe syscall.setpriority.return = kernel.function("sys_setpriority").return {
name = "setpriority"
retstr = returnstr(1)
}
# setregid ___________________________________________________
# long sys_setregid(gid_t rgid, gid_t egid)
#
probe syscall.setregid = kernel.function("sys_setregid") {
name = "setregid"
rgid = __uid($rgid)
egid = __uid($egid)
argstr = sprintf("%d, %d", rgid, egid)
}
probe syscall.setregid.return = kernel.function("sys_setregid").return {
name = "setregid"
retstr = returnstr(1)
}
# setregid16 _________________________________________________
# long sys_setregid16(old_gid_t rgid, old_gid_t egid)
#
probe syscall.setregid16 = kernel.function("sys_setregid16") ? {
name = "setregid16"
rgid = __short($rgid)
egid = __short($egid)
argstr = sprintf("%d, %d",rgid, egid)
}
probe syscall.setregid16.return = kernel.function("sys_setregid16").return ? {
name = "setregid16"
retstr = returnstr(1)
}
# setresgid __________________________________________________
# long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid)
#
probe syscall.setresgid = kernel.function("sys_setresgid") {
name = "setresgid"
rgid = __uid($rgid)
egid = __uid($egid)
sgid = __uid($sgid)
argstr = sprintf("%d, %d, %d", rgid, egid, sgid)
}
probe syscall.setresgid.return = kernel.function("sys_setresgid").return {
name = "setresgid"
retstr = returnstr(1)
}
# setresgid16 ________________________________________________
#
# long sys_setresgid16(old_gid_t rgid,
# old_gid_t egid,
# old_gid_t sgid)
#
probe syscall.setresgid16 = kernel.function("sys_setresgid16") ? {
name = "setresgid16"
rgid = __short($rgid)
egid = __short($egid)
sgid = __short($sgid)
argstr = sprintf("%d, %d, %d", rgid, egid, sgid)
}
probe syscall.setresgid16.return = kernel.function("sys_setresgid16").return ? {
name = "setresgid16"
retstr = returnstr(1)
}
# setresuid __________________________________________________
#
# long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid)
#
probe syscall.setresuid = kernel.function("sys_setresuid") {
name = "setresuid"
ruid = __uid($ruid)
euid = __uid($euid)
suid = __uid($suid)
argstr = sprintf("%d, %d, %d", ruid, euid, suid)
}
probe syscall.setresuid.return = kernel.function("sys_setresuid").return {
name = "setresuid"
retstr = returnstr(1)
}
# setresuid16 ________________________________________________
#
# long sys_setresuid16(old_uid_t ruid, old_uid_t euid, old_uid_t suid)
#
probe syscall.setresuid16 = kernel.function("sys_setresuid16") ? {
name = "setresuid16"
ruid = __short($ruid)
euid = __short($euid)
suid = __short($suid)
argstr = sprintf("%d, %d, %d", ruid, euid, suid)
}
probe syscall.setresuid16.return = kernel.function("sys_setresuid16").return ? {
name = "setresuid16"
retstr = returnstr(1)
}
# setreuid ___________________________________________________
# long sys_setreuid(uid_t ruid, uid_t euid)
#
probe syscall.setreuid = kernel.function("sys_setreuid") {
name = "setreuid"
ruid = __uid($ruid)
euid = __uid($euid)
argstr = sprintf("%d, %d", ruid, euid)
}
probe syscall.setreuid.return = kernel.function("sys_setreuid").return {
name = "setreuid"
retstr = returnstr(1)
}
# setreuid16 _________________________________________________
# long sys_setreuid16(old_uid_t ruid, old_uid_t euid)
#
probe syscall.setreuid16 = kernel.function("sys_setreuid16") ? {
name = "setreuid16"
ruid = __short($ruid)
euid = __short($euid)
argstr = sprintf("%d, %d", ruid, euid)
}
probe syscall.setreuid16.return = kernel.function("sys_setreuid16").return ? {
name = "setreuid16"
retstr = returnstr(1)
}
# setrlimit __________________________________________________
#
# asmlinkage long
# sys_setrlimit(unsigned int resource,
# struct rlimit __user *rlim)
#
probe syscall.setrlimit = kernel.function("sys_setrlimit") {
name = "setrlimit"
resource = $resource
rlim_uaddr = $rlim
argstr = sprintf("%s, %s", _rlimit_resource_str($resource),
_struct_rlimit_u($rlim))
}
probe syscall.setrlimit.return = kernel.function("sys_setrlimit").return {
name = "setrlimit"
retstr = returnstr(1)
}
# setsid _____________________________________________________
#
# asmlinkage long
# sys_setsid(void)
#
probe syscall.setsid = kernel.function("sys_setsid") {
name = "setsid"
argstr = ""
}
probe syscall.setsid.return = kernel.function("sys_setsid").return {
name = "setsid"
retstr = returnstr(1)
}
# setsockopt _________________________________________________
#
# asmlinkage long
# sys_setsockopt(int fd,
# int level,
# int optname,
# char __user *optval,
# int optlen)
#
probe syscall.setsockopt = kernel.function("sys_setsockopt") {
name = "setsockopt"
fd = $fd
level = $level
level_str = _sockopt_level_str($level)
optname = $optname
optname_str = _sockopt_optname_str($optname)
optval_uaddr = $optval
optlen = $optlen
argstr = sprintf("%d, %s, %s, %p, %d", $fd, level_str,
optname_str, optval_uaddr, $optlen)
}
probe syscall.setsockopt.return = kernel.function("sys_setsockopt").return {
name = "setsockopt"
retstr = returnstr(1)
}
# set_tid_address ____________________________________________
#
# asmlinkage long
# sys_set_tid_address(int __user *tidptr)
#
probe syscall.set_tid_address = kernel.function("sys_set_tid_address") {
name = "set_tid_address"
tidptr_uaddr = $tidptr
argstr = sprintf("%p", tidptr_uaddr)
}
probe syscall.set_tid_address.return =
kernel.function("sys_set_tid_address").return {
name = "set_tid_address"
retstr = returnstr(1)
}
# settimeofday _______________________________________________
#
# long sys_settimeofday(struct timeval __user *tv,
# struct timezone __user *tz)
#
probe syscall.settimeofday = kernel.function("sys_settimeofday") {
name = "settimeofday"
tv_uaddr = $tv
tz_uaddr = $tz
argstr = sprintf("%s, %s", _struct_timeval_u($tv), _struct_timezone_u($tz))
}
probe syscall.settimeofday.return = kernel.function("sys_settimeofday").return {
name = "settimeofday"
retstr = returnstr(1)
}
#
# long sys32_settimeofday(struct compat_timeval __user *tv, struct timezone __user *tz)
#
probe syscall.settimeofday32 = kernel.function("sys32_settimeofday") ? {
name = "settimeofday"
tv_uaddr = $tv
tz_uaddr = $tz
argstr = sprintf("%s, %s", _struct_compat_timeval_u($tv),_struct_timezone_u($tz))
}
probe syscall.settimeofday32.return = kernel.function("sys32_settimeofday").return ? {
name = "settimeofday"
retstr = returnstr(1)
}
# setuid _____________________________________________________
#
# asmlinkage long
# sys_setuid(uid_t uid)
#
probe syscall.setuid = kernel.function("sys_setuid") {
name = "setuid"
uid = $uid
argstr = sprint($uid)
}
probe syscall.setuid.return = kernel.function("sys_setuid").return {
name = "setuid"
retstr = returnstr(1)
}
# setuid16 ___________________________________________________
#
# asmlinkage long
# sys_setuid16(old_uid_t uid)
#
probe syscall.setuid16 = kernel.function("sys_setuid16") ? {
name = "setuid16"
uid = $uid
argstr = sprint($uid)
}
probe syscall.setuid16.return = kernel.function("sys_setuid16").return ? {
name = "setuid16"
retstr = returnstr(1)
}
# setxattr ___________________________________________________
# long sys_setxattr(char __user *path,
# char __user *name,
# void __user *value,
# size_t size,
# int flags)
#
probe syscall.setxattr = kernel.function("sys_setxattr") {
name = "setxattr"
path_uaddr = $path
path = user_string($path)
name_uaddr = $name
name_str = user_string($name)
value_uaddr = $value
size = $size
flags = $flags
argstr = sprintf("%s, %s, %p, %d, %d",
user_string_quoted($path),
user_string_quoted($name),
value_uaddr, $size, $flags)
}
probe syscall.setxattr.return = kernel.function("sys_setxattr").return {
name = "setxattr"
retstr = returnstr(1)
}
# sgetmask ___________________________________________________
#
# sys_sgetmask(void)
#
probe syscall.sgetmask = kernel.function("sys_sgetmask") {
name = "sgetmask"
argstr = ""
}
probe syscall.sgetmask.return = kernel.function("sys_sgetmask").return {
name = "sgetmask"
retstr = returnstr(1)
}
# shmctl _____________________________________________________
#
# asmlinkage long
# sys_shmctl (int shmid,
# int cmd,
# struct shmid_ds __user *buf)
#
probe syscall.shmctl = kernel.function("sys_shmctl") {
name = "shmctl"
shmid = $shmid
cmd = $cmd
buf_uaddr = $buf
argstr = sprintf("%d, %s, %p", $shmid, _semctl_cmd($cmd),
buf_uaddr)
}
probe syscall.shmctl.return = kernel.function("sys_shmctl").return {
name = "shmctl"
retstr = returnstr(1)
}
# shmdt ______________________________________________________
#
# asmlinkage long
# sys_shmdt(char __user *shmaddr)
#
probe syscall.shmdt = kernel.function("sys_shmdt") {
name = "shmdt"
shmaddr_uaddr = $shmaddr
argstr = sprintf("%p", shmaddr_uaddr)
}
probe syscall.shmdt.return = kernel.function("sys_shmdt").return {
name = "shmdt"
retstr = returnstr(1)
}
# shmget _____________________________________________________
#
# asmlinkage long
# sys_shmget (key_t key,
# size_t size,
# int shmflg)
#
probe syscall.shmget = kernel.function("sys_shmget") {
name = "shmget"
key = $key
size = $size
shmflg = $shmflg
argstr = sprintf("%d, %d, %d", $key, $size, $shmflg)
}
probe syscall.shmget.return = kernel.function("sys_shmget").return {
name = "shmget"
retstr = returnstr(1)
}
# shutdown ___________________________________________________
#
# asmlinkage long
# sys_shutdown(int fd,
# int how)
#
probe syscall.shutdown = kernel.function("sys_shutdown") {
name = "shutdown"
s = $fd
how = $how
how_str = _shutdown_how_str($how)
argstr = sprintf("%d, %s", s, how_str)
}
probe syscall.shutdown.return = kernel.function("sys_shutdown").return {
name = "shutdown"
retstr = returnstr(1)
}
# signal _____________________________________________________
# unsigned long sys_signal(int sig, __sighandler_t handler)
#
probe syscall.signal = kernel.function("sys_signal") {
name = "signal"
sig = $sig
handler = $handler
argstr = sprintf("%s, %p", _signal_name($sig), $handler)
}
probe syscall.signal.return = kernel.function("sys_signal").return {
name = "signal"
retstr = returnstr(1)
}
# sigpending _________________________________________________
# long do_sigpending(void __user *set, unsigned long sigsetsize)
#
probe syscall.sigpending = kernel.function("do_sigpending") {
name = "sigpending"
/*
* FIXME
* set is defined as
* struct {
* unsigned long int __val[128];
* }
* theres is no practical way to export
* these values. Therefore just export
* addr, let the user take care of it
* with embedded C if need be.
*/
set_uaddr = $set
sigsetsize = $sigsetsize
argstr = sprintf("%p, %d", $set, $sigsetsize)
}
probe syscall.sigpending.return = kernel.function("do_sigpending").return {
name = "sigpending"
retstr = returnstr(1)
}
# sigprocmask ________________________________________________
# long sys_sigprocmask(int how,
# old_sigset_t __user *set,
# old_sigset_t __user *oset)
#
probe syscall.sigprocmask = kernel.function("sys_sigprocmask") {
name = "sigprocmask"
how = $how
how_str = _sigprocmask_how_str($how)
/*
* FIXME
* set and oset are defined as
* struct {
* unsigned long int __val[128];
* }
* theres is no practical way to export
* these values. Therefore just export
* addr, let the user take care of it
* with embedded C if need be.
*/
set_uaddr = $set
oldset_uaddr = $oset
argstr = sprintf("%s, %p, %p", how_str, $set, $oset)
}
probe syscall.sigprocmask.return = kernel.function("sys_sigprocmask").return {
name = "sigprocmask"
retstr = returnstr(1)
}
# socket _____________________________________________________
# long sys_socket(int family, int type, int protocol)
#
probe syscall.socket = kernel.function("sys_socket") {
name = "socket"
family = $family
type = $type
protocol = $protocol
argstr = sprintf("%s, %s, %d", _sock_family_str($family),
_sock_type_str($type),
$protocol)
}
probe syscall.socket.return = kernel.function("sys_socket").return {
name = "socket"
retstr = returnstr(1)
}
# commented out because this seems redundant
# socketcall _________________________________________________
#
# asmlinkage long
# sys_socketcall(int call,
# unsigned long __user *args)
#
#probe syscall.socketcall = kernel.function("sys_socketcall") {
# name = "socketcall"
# call = $call
# args_uaddr = $args
# argstr = sprintf("%d, %p", $call, args_uaddr)
#}
#probe syscall.socketcall.return = kernel.function("sys_socketcall").return {
# name = "socketcall"
# retstr = returnstr(1)
#}
# socketpair _________________________________________________
# long sys_socketpair(int family,
# int type,
# int protocol,
# int __user *usockvec)
#
probe syscall.socketpair = kernel.function("sys_socketpair") {
name = "socketpair"
family = $family
type = $type
protocol = $protocol
sv_uaddr = $usockvec
argstr = sprintf("%s, %s, %d, %p",
_sock_family_str($family),
_sock_type_str($type),
$protocol, sv_uaddr)
}
probe syscall.socketpair.return = kernel.function("sys_socketpair").return {
name = "socketpair"
retstr = returnstr(1)
}
# ssetmask ___________________________________________________
#
# asmlinkage long
# sys_ssetmask(int newmask)
#
probe syscall.ssetmask = kernel.function("sys_ssetmask") {
name = "ssetmask"
newmask = $newmask
argstr = sprint($newmask)
}
probe syscall.ssetmask.return = kernel.function("sys_ssetmask").return {
name = "ssetmask"
retstr = returnstr(1)
}
# stat _______________________________________________________
# long sys_stat(char __user * filename, struct __old_stat __user * statbuf)
# long sys32_stat64(char __user * filename, struct stat64 __user *statbuf)
# long sys_stat64(char __user * filename, struct stat64 __user * statbuf)
# long compat_sys_newstat(char __user * filename, struct compat_stat __user *statbuf)
probe syscall.stat =
kernel.function("sys_stat") ?,
kernel.function("sys_newstat") ?,
kernel.function("sys32_stat64") ?,
kernel.function("sys_stat64") ?,
kernel.function("compat_sys_newstat") ?
{
name = "stat"
filename_uaddr = $filename
filename = user_string($filename)
buf_uaddr = $statbuf
argstr = sprintf("%s, %p", user_string_quoted($filename), buf_uaddr)
}
probe syscall.stat.return =
kernel.function("sys_stat").return ?,
kernel.function("sys_newstat").return ?,
kernel.function("sys32_stat64").return ?,
kernel.function("sys_stat64").return ?,
kernel.function("compat_sys_newstat").return ?
{
name = "stat"
retstr = returnstr(1)
}
# statfs _____________________________________________________
# long sys_statfs(const char __user * path, struct statfs __user * buf)
# long compat_sys_statfs(const char __user *path, struct compat_statfs __user *buf)
#
probe syscall.statfs =
kernel.function("sys_statfs"),
kernel.function("compat_sys_statfs") ?
{
name = "statfs"
path = user_string($path)
buf_uaddr = $buf
argstr = sprintf("%s, %p", user_string_quoted($path), $buf)
}
probe syscall.statfs.return =
kernel.function("sys_statfs").return,
kernel.function("compat_sys_statfs").return ?
{
name = "statfs"
retstr = returnstr(1)
}
# statfs64 ___________________________________________________
#
# long sys_statfs64(const char __user *path,
# size_t sz,
# struct statfs64 __user *buf)
#
probe syscall.statfs64 = kernel.function("sys_statfs64") {
name = "statfs64"
path = user_string($path)
sz = $sz
buf_uaddr = $buf
argstr = sprintf("%s, %d, %p", user_string_quoted($path), $sz, $buf)
}
probe syscall.statfs64.return = kernel.function("sys_statfs64").return {
name = "statfs64"
retstr = returnstr(1)
}
# stime ______________________________________________________
#
# long sys_stime(time_t __user *tptr)
#
probe syscall.stime = kernel.function("sys_stime") {
name = "stime"
t_uaddr = $tptr
/* Fixme, should just use get_user? */
argstr = sprintf("%p", t_uaddr)
}
probe syscall.stime.return = kernel.function("sys_stime").return {
name = "stime"
retstr = returnstr(1)
}
# swapoff ____________________________________________________
#
# asmlinkage long
# sys_swapoff(const char __user * specialfile)
#
probe syscall.swapoff = kernel.function("sys_swapoff") {
name = "swapoff"
path = user_string($specialfile)
argstr = user_string_quoted($specialfile)
}
probe syscall.swapoff.return = kernel.function("sys_swapoff").return {
name = "swapoff"
retstr = returnstr(1)
}
# swapon _____________________________________________________
#
# asmlinkage long
# sys_swapon(const char __user * specialfile,
# int swap_flags)
#
probe syscall.swapon = kernel.function("sys_swapon") {
name = "swapon"
path = user_string($specialfile)
swapflags = $swap_flags
argstr = sprintf("%s, %d", user_string_quoted($specialfile), swapflags)
}
probe syscall.swapon.return = kernel.function("sys_swapon").return {
name = "swapon"
retstr = returnstr(1)
}
# symlink ____________________________________________________
# long sys_symlink(const char __user * oldname,
# const char __user * newname)
probe syscall.symlink = kernel.function("sys_symlink") {
name = "symlink"
oldpath = user_string($oldname)
newpath = user_string($newname)
argstr = sprintf("%s, %s", user_string_quoted($oldname),
user_string_quoted($newname))
}
probe syscall.symlink.return = kernel.function("sys_symlink").return {
name = "symlink"
retstr = returnstr(1)
}
# sync _______________________________________________________
#
# asmlinkage long
# sys_sync(void)
#
probe syscall.sync = kernel.function("sys_sync") {
name = "sync"
argstr = ""
}
probe syscall.sync.return = kernel.function("sys_sync").return {
name = "sync"
retstr = returnstr(1)
}
# sysctl _____________________________________________________
#
# asmlinkage long
# sys_sysctl(struct __sysctl_args __user *args)
#
probe syscall.sysctl = kernel.function("sys_sysctl") {
name = "sysctl"
args_uaddr = $args
argstr = sprintf("%p", args_uaddr)
}
probe syscall.sysctl.return = kernel.function("sys_sysctl").return {
name = "sysctl"
retstr = returnstr(1)
}
# sysfs ______________________________________________________
#
# asmlinkage long
# sys_sysfs(int option,
# unsigned long arg1,
# unsigned long arg2)
#
probe syscall.sysfs = kernel.function("sys_sysfs") {
name = "sysfs"
option = $option
arg1 = $arg1
arg2 = $arg2
argstr = sprintf("%d, %d, %d", $option, $arg1, $arg2)
}
probe syscall.sysfs.return = kernel.function("sys_sysfs").return {
name = "sysfs"
retstr = returnstr(1)
}
# sysinfo ____________________________________________________
#
# asmlinkage long
# sys_sysinfo(struct sysinfo __user *info)
#
probe syscall.sysinfo = kernel.function("sys_sysinfo") {
name = "sysinfo"
info_uaddr = $info
argstr = sprintf("%p", info_uaddr)
}
probe syscall.sysinfo.return = kernel.function("sys_sysinfo").return {
name = "sysinfo"
retstr = returnstr(1)
}
# syslog _____________________________________________________
#
# asmlinkage long
# sys_syslog(int type,
# char __user * buf,
# int len)
#
probe syscall.syslog = kernel.function("do_syslog") {
name = "syslog"
type = $type
bufp_uaddr = $buf
len = $len
argstr = sprintf("%d, %p, %d", $type, bufp_uaddr, $len)
}
probe syscall.syslog.return = kernel.function("do_syslog").return {
name = "syslog"
retstr = returnstr(1)
}
# tgkill _____________________________________________________
#
# asmlinkage long
# sys_tgkill(int tgid,
# int pid,
# int sig)
#
probe syscall.tgkill = kernel.function("sys_tgkill") {
name = "tgkill"
tgid = $tgid
pid = $pid
sig = $sig
argstr = sprintf("%d, %d, %s", $tgid, $pid, _signal_name($sig))
}
probe syscall.tgkill.return = kernel.function("sys_tgkill").return {
name = "tgkill"
retstr = returnstr(1)
}
# time _______________________________________________________
#
# long sys_time(time_t __user * tloc)
# long sys_time64(long __user * tloc)
# long sys32_time(compat_time_t __user * tloc)
# long compat_sys_time(compat_time_t __user * tloc)
#
probe syscall.time =
kernel.function("sys_time"),
kernel.function("sys32_time") ?,
kernel.function("sys_time64") ?,
kernel.function("compat_sys_time") ?
{
name = "time"
t_uaddr = $tloc
argstr = sprintf("%p", $tloc)
}
probe syscall.time.return =
kernel.function("sys_time").return,
kernel.function("sys32_time").return ?,
kernel.function("sys_time64").return ?,
kernel.function("compat_sys_time").return ?
{
name = "time"
retstr = returnstr(1)
}
# timer_create _______________________________________________
#
# long sys_timer_create(clockid_t which_clock,
# struct sigevent __user *timer_event_spec,
# timer_t __user * created_timer_id)
#
probe syscall.timer_create = kernel.function("sys_timer_create") {
name = "timer_create"
clockid = $which_clock
clockid_str = _get_wc_str($which_clock)
evp_uaddr = $timer_event_spec
timerid_uaddr = $created_timer_id
argstr = sprintf("%s, %p, %p", clockid_str, $timer_event_spec, $created_timer_id)
}
probe syscall.timer_create.return =
kernel.function("sys_timer_create").return {
name = "timer_create"
retstr = returnstr(1)
}
# timer_delete _______________________________________________
#
# long sys_timer_delete(timer_t timer_id)
#
probe syscall.timer_delete = kernel.function("sys_timer_delete") {
name = "timer_delete"
timerid = $timer_id
argstr = sprint($timer_id)
}
probe syscall.timer_delete.return = kernel.function("sys_timer_delete").return {
name = "timer_delete"
retstr = returnstr(1)
}
# timer_getoverrun ___________________________________________
#
# long sys_timer_getoverrun(timer_t timer_id)
#
probe syscall.timer_getoverrun = kernel.function("sys_timer_getoverrun") {
name = "timer_getoverrun"
timerid = $timer_id
argstr = sprint($timer_id)
}
probe syscall.timer_getoverrun.return =
kernel.function("sys_timer_getoverrun").return {
name = "timer_getoverrun"
retstr = returnstr(1)
}
# timer_gettime ______________________________________________
#
# long sys_timer_gettime(timer_t timer_id,
# struct itimerspec __user *setting)
#
probe syscall.timer_gettime = kernel.function("sys_timer_gettime") {
name = "timer_gettime"
timerid = $timer_id
value_uaddr = $setting
argstr = sprintf("%d, %p", $timer_id, $setting)
}
probe syscall.timer_gettime.return =
kernel.function("sys_timer_gettime").return {
name = "timer_gettime"
retstr = returnstr(1)
}
# timer_settime ______________________________________________
#
# long sys_timer_settime(timer_t timer_id,
# int flags,
# const struct itimerspec __user *new_setting,
# struct itimerspec __user *old_setting)
#
probe syscall.timer_settime = kernel.function("sys_timer_settime") {
name = "timer_settime"
timerid = $timer_id
flags = $flags
value_uaddr = $new_setting
ovalue_uaddr = $old_setting
argstr = sprintf("%d, %d, %s, %p", $timer_id, $flags,
_struct_itimerspec_u($new_setting),
$old_setting)
}
probe syscall.timer_settime.return =
kernel.function("sys_timer_settime").return {
name = "timer_settime"
retstr = returnstr(1)
}
# times ______________________________________________________
#
# long sys_times(struct tms __user * tbuf)
#
probe syscall.times = kernel.function("sys_times") {
name = "times"
buf_uaddr = $tbuf
/*
* FIXME -
* buf_tms_utime = __uget_tms_m($tbuf,0)
* buf_tms_stime = __uget_tms_m($tbuf,1)
* buf_tms_cutime = __uget_tms_m($tbuf,2)
* buf_tms_cstime = __uget_tms_m($tbuf,3)
*/
argstr = sprintf("%p", buf_uaddr)
}
probe syscall.times.return = kernel.function("sys_times").return {
name = "times"
retstr = returnstr(1)
}
# tkill ______________________________________________________
#
# asmlinkage long
# sys_tkill(int pid,
# int sig)
#
probe syscall.tkill = kernel.function("sys_tkill") {
name = "tkill"
pid = $pid
sig = $sig
argstr = sprintf("%d, %s", $pid, _signal_name($sig))
}
probe syscall.tkill.return = kernel.function("sys_tkill").return {
name = "tkill"
retstr = returnstr(1)
}
# truncate ___________________________________________________
#
# asmlinkage long
# sys_truncate(const char __user * path, unsigned long length)
# sys_truncate64(const char __user * path, loff_t length)
#
probe syscall.truncate = kernel.function("sys_truncate")?, kernel.function("sys_truncate64") ? {
name = "truncate"
path_uaddr = $path
path = user_string($path)
length = $length
argstr = sprintf("%s, %d", user_string_quoted($path), $length)
}
probe syscall.truncate.return = kernel.function("sys_truncate").return ?, kernel.function("sys_truncate64").return ? {
name = "truncate"
retstr = returnstr(1)
}
# tux ________________________________________________________
# long sys_tux (unsigned int action, user_req_t *u_info)
#
probe syscall.tux = kernel.function("sys_tux") ? {
name = "tux"
action = $action
u_info_uaddr = $u_info
argstr = sprintf("%d, %p", $action, $u_info)
}
probe syscall.tux.return = kernel.function("sys_tux").return ? {
name = "tux"
retstr = returnstr(1)
}
# umask ______________________________________________________
# long sys_umask(int mask)
#
probe syscall.umask = kernel.function("sys_umask") {
name = "umask"
mask = $mask
argstr = sprintf("%#o", $mask)
}
probe syscall.umask.return = kernel.function("sys_umask").return {
name = "umask"
retstr = returnstr(3)
}
# umount _____________________________________________________
# long sys_umount(char __user * name, int flags)
#
probe syscall.umount = kernel.function("sys_umount") {
name = "umount"
target = user_string($name)
flags = $flags
flags_str = _umountflags_str($flags)
argstr = sprintf("%s, %s", user_string_quoted($name), flags_str)
}
probe syscall.umount.return = kernel.function("sys_umount").return {
name = "umount"
retstr = returnstr(1)
}
# uname ______________________________________________________
#
# int sys_uname(struct old_utsname __user *name)
# long sys_newuname(struct new_utsname __user * name)
#
probe syscall.uname =
kernel.function("sys_uname") ?,
kernel.function("sys_newuname") ?
{
name = "uname"
name_uaddr = $name
argstr = sprintf("%p", $name)
}
probe syscall.uname.return =
kernel.function("sys_uname").return ?,
kernel.function("sys_newuname").return ?
{
name = "uname"
retstr = returnstr(1)
}
# unlink _____________________________________________________
# long sys_unlink(const char __user * pathname)
#
probe syscall.unlink = kernel.function("sys_unlink") {
name = "unlink"
pathname_uaddr = $pathname
pathname = user_string($pathname)
argstr = user_string_quoted($pathname)
}
probe syscall.unlink.return = kernel.function("sys_unlink").return {
name = "unlink"
retstr = returnstr(1)
}
# uselib _____________________________________________________
#
# asmlinkage long
# sys_uselib(const char __user * library)
#
probe syscall.uselib = kernel.function("sys_uselib") {
name = "uselib"
library_uaddr = $library
library = user_string($library)
argstr = user_string_quoted($library)
}
probe syscall.uselib.return = kernel.function("sys_uselib").return {
name = "uselib"
retstr = returnstr(1)
}
# ustat ______________________________________________________
# long sys_ustat(unsigned dev, struct ustat __user * ubuf)
#
probe syscall.ustat = kernel.function("sys_ustat") {
name = "ustat"
dev = $dev
ubuf_uaddr = $ubuf
argstr = sprintf("%d, %p", $dev, $ubuf)
}
probe syscall.ustat.return = kernel.function("sys_ustat").return {
name = "ustat"
retstr = returnstr(1)
}
# utime ______________________________________________________
# long sys_utime(char __user * filename, struct utimbuf __user * times)
probe syscall.utime = kernel.function("sys_utime") {
name = "utime"
filename_uaddr = $filename
filename = user_string($filename)
buf_uaddr = $times
buf_str = _struct_utimbuf_u($times)
argstr = sprintf("%s, [%s]", user_string_quoted($filename), buf_str)
}
probe syscall.utime.return = kernel.function("sys_utime").return {
name = "utime"
retstr = returnstr(1)
}
# long compat_sys_utime(char __user *filename, struct compat_utimbuf __user *t)
probe syscall.compat_utime = kernel.function("compat_sys_utime") ? {
name = "utime"
filename_uaddr = $filename
filename = user_string($filename)
buf_uaddr = $t
buf_str = _struct_compat_utimbuf_u($t)
argstr = sprintf("%s, [%s]", user_string_quoted($filename), _struct_compat_utimbuf_u($t))
}
probe syscall.compat_utime.return = kernel.function("compat_sys_utime").return ? {
name = "utime"
retstr = returnstr(1)
}
# utimes _____________________________________________________
#
# asmlinkage long
# sys_utimes(char __user * filename,
# struct timeval __user * utimes)
#
probe syscall.utimes = kernel.function("sys_utimes") {
name = "utimes"
filename_uaddr = $filename
filename = user_string($filename)
tvp_uaddr = $utimes
argstr = sprintf("%s, %s", user_string_quoted($filename),
_struct_timeval_u($utimes))
}
probe syscall.utimes.return = kernel.function("sys_utimes").return {
name = "utimes"
retstr = returnstr(1)
}
# vhangup ____________________________________________________
#
# asmlinkage long
# sys_vhangup(void)
#
probe syscall.vhangup = kernel.function("sys_vhangup") {
name = "vhangup"
argstr = ""
}
probe syscall.vhangup.return = kernel.function("sys_vhangup").return {
name = "vhangup"
retstr = returnstr(1)
}
# wait4 ______________________________________________________
#
# asmlinkage long
# sys_wait4(pid_t pid,
# int __user *stat_addr,
# int options,
# struct rusage __user *ru)
#
probe syscall.wait4 = kernel.function("sys_wait4") {
name = "wait4"
pid = $pid
status_uaddr = $stat_addr
options = $options
options_str = _wait4_opt_str($options)
rusage_uaddr = $ru
argstr = sprintf("%d, %p, %s, %p", $pid, status_uaddr,
options_str, rusage_uaddr)
}
probe syscall.wait4.return = kernel.function("sys_wait4").return {
name = "wait4"
retstr = returnstr(1)
}
# waitid _____________________________________________________
#
# asmlinkage long
# sys_waitid(int which,
# pid_t pid,
# struct siginfo __user *infop,
# int options,
# struct rusage __user *ru)
#
probe syscall.waitid = kernel.function("sys_waitid") {
name = "waitid"
which = $which
which_str = _waitid_which_str($which)
pid = $pid
infop_uaddr = $infop
options = $options
options_str = _wait4_opt_str($options)
rusage_uaddr = $ru
argstr = sprintf("%d, %d, %p, %s, %p", $which, $pid,
infop_uaddr, options_str, rusage_uaddr)
}
probe syscall.waitid.return = kernel.function("sys_waitid").return {
name = "waitid"
retstr = returnstr(1)
}
/* FIXME:
# waitpid ____________________________________________________
#
# asmlinkage long
# sys_wait4(pid_t pid,
# int __user *stat_addr,
# int options,
# struct rusage __user *ru)
#
probe syscall.waitpid = kernel.function("sys_wait4") {
name = "waitpid"
pid = $pid
status_uaddr = $stat_addr
options = $options
options_str = _wait4_opt_str($options)
rusage_uaddr = $ru
argstr = sprintf("%d, %p, %s, %p", $pid, status_uaddr,
options_str, rusage_uaddr)
}
probe syscall.waitpid.return = kernel.function("sys_wait4").return {
name = "waitpid"
retstr = returnstr(1)
}
*/
# write ______________________________________________________
#
# ssize_t sys_write(unsigned int fd,
# const char __user * buf,
# size_t count)
#
probe syscall.write = kernel.function("sys_write") {
name = "write"
fd = $fd
buf_uaddr = $buf
count = $count
argstr = sprintf("%d, %s, %d", $fd, text_strn(user_string($buf),20,1), $count)
}
probe syscall.write.return = kernel.function("sys_write").return {
name = "write"
retstr = returnstr(1)
}
# writev _____________________________________________________
#
# ssize_t sys_writev(unsigned long fd,
# const struct iovec __user *vec,
# unsigned long vlen)
# ssize_t compat_sys_writev(unsigned long fd,
# const struct compat_iovec __user *vec,
# unsigned long vlen)
#
probe syscall.writev =
kernel.function("sys_writev"),
kernel.function("compat_sys_writev") ?
{
name = "writev"
vector_uaddr = $vec
count = $vlen
/* FIXME: RHEL4 U3 ppc64 can't resolve $fd */
%( arch != "ppc64" %?
fd = $fd
argstr = sprintf("%d, %p, %d", $fd, $vec, $vlen)
%:
argstr = sprintf("unknown fd, %p, %d", $vec, $vlen)
%)
}
probe syscall.writev.return =
kernel.function("sys_writev").return,
kernel.function("compat_sys_writev").return ?
{
name = "writev"
retstr = returnstr(1)
}