/************************************************************************** * * * Copyright (c) International Business Machines Corp., 2005 * * * * This program is free software; you can redistribute it and/or modify * * it under the terms of the GNU General Public License as published by * * the Free Software Foundation; either version 2 of the License, or * * (at your option) any later version. * * * * This program is distributed in the hope that it will be useful, but * * WITHOUT ANY WARRANTY; without even the implied warranty of * * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * * GNU General Public License for more details. * * * * You should have received a copy of the GNU General Public License * * along with this program; if not, write to the Free Software * * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * * * Author: Guanglei Li (guanglei@cn.ibm.com) * **************************************************************************/ /******************************************************** * We choose to probe both 64-bit and 32-bit application * * on PPC64 platform. And by making use of conditional * * preprocessing, now the syscall probe could support * * ppc64 and i686 platform * * * * the syscall lists for PPC64 that I listed below need * * further modifications. Efforts are needed to address * * different kernel versions, expecially the RH shipped * * kernel(e.g. 2.6.9-24EL). * ********************************************************/ probe addevent.syscall = addevent.syscall.entry, addevent.syscall.return { } probe addevent.syscall.entry = %( arch == "ppc64" %? %( kernel_v == "2.6.9" %? /* in fact, this refer to RH shipped kernel */ kernel.function("sys_*"), kernel.function("compat_sys_*"), kernel.function("sys32_execve"), kernel.function("sys32_time"), kernel.function("ppc64_sys32_stime"), kernel.function("sys32_ptrace"), kernel.function("sys32_pause"), kernel.function("sys32_olduname"), kernel.function("sys32_sigaction"), kernel.function("sys32_sigsuspend"), kernel.function("sys32_gettimeofday"), kernel.function("sys32_settimeofday"), kernel.function("old32_readdir"), kernel.function("sys32_sysinfo"), kernel.function("sys32_ipc"), kernel.function("sys32_sigreturn"), kernel.function("sys32_adjtimex"), kernel.function("ppc64_personality"), kernel.function("sys32_getdents"), kernel.function("sys32_sysctl"), kernel.function("sys32_sched_setparam"), kernel.function("sys32_sched_rr_get_interval"), kernel.function("sys32_rt_sigreturn"), kernel.function("sys32_rt_sigaction"), kernel.function("sys32_rt_sigprocmask"), kernel.function("sys32_rt_sigpending"), kernel.function("sys32_rt_sigtimedwait"), kernel.function("sys32_rt_sigqueueinfo"), kernel.function("sys32_sigaltstack"), kernel.function("sys32_sendfile64"), kernel.function("ppc32_timer_create"), kernel.function("compat_timer_settime"), kernel.function("compat_timer_gettime"), kernel.function("compat_clock_settime"), kernel.function("compat_clock_gettime"), kernel.function("compat_clock_getres"), kernel.function("compat_clock_nanosleep"), kernel.function("sys32_swapcontext"), kernel.function("sys32_utimes"), kernel.function("compat_statfs64"), kernel.function("compat_fstatfs64"), kernel.function("ppc_rtas"), kernel.function("compat_mbind"), kernel.function("compat_get_mempolicy"), kernel.function("compat_set_mempolicy"), kernel.function("sys64_time"), kernel.function("ppc64_sys_stime"), kernel.function("ppc64_newuname"), kernel.function("ppc64_personality"), kernel.function("ppc_rtas") %: /*this is a TBD */ kernel.function("sys_*"), kernel.function("compat_sys_*"), kernel.function("sys32_getdents"), kernel.function("sys32_adjtimex"), kernel.function("sys32_pause"), kernel.function("sys32_gettimeofday"), kernel.function("sys32_settimeofday"), kernel.function("sys32_ipc"), kernel.function("sys32_execve"), kernel.function("sys32_sysctl"), kernel.function("sys32_olduname"), kernel.function("sys32_utimes"), kernel.function("ppc_rtas"), kernel.function("sys64_time"), kernel.function("ppc64_newuname") %) %: %( arch == "i686" %? kernel.function("sys_*") %: **ERROR** %) %) { if(filter_by_pid() == 1 ) { log_tracedata_common(HOOKID_SYSCALL_ENTRY) log_syscall_tracedata_extra() } } probe addevent.syscall.return = %( arch == "ppc64" %? %( kernel_v == "2.6.9" %? /* in fact, this refer to RH shipped kernel */ kernel.function("sys_*").return, kernel.function("compat_sys_*").return, kernel.function("sys32_execve").return, kernel.function("sys32_time").return, kernel.function("ppc64_sys32_stime").return, kernel.function("sys32_ptrace").return, kernel.function("sys32_pause").return, kernel.function("sys32_olduname").return, kernel.function("sys32_sigaction").return, kernel.function("sys32_sigsuspend").return, kernel.function("sys32_gettimeofday").return, kernel.function("sys32_settimeofday").return, kernel.function("old32_readdir").return, kernel.function("sys32_sysinfo").return, kernel.function("sys32_ipc").return, kernel.function("sys32_sigreturn").return, kernel.function("sys32_adjtimex").return, kernel.function("ppc64_personality").return, kernel.function("sys32_getdents").return, kernel.function("sys32_sysctl").return, kernel.function("sys32_sched_setparam").return, kernel.function("sys32_sched_rr_get_interval").return, kernel.function("sys32_rt_sigreturn").return, kernel.function("sys32_rt_sigaction").return, kernel.function("sys32_rt_sigprocmask").return, kernel.function("sys32_rt_sigpending").return, kernel.function("sys32_rt_sigtimedwait").return, kernel.function("sys32_rt_sigqueueinfo").return, kernel.function("sys32_sigaltstack").return, kernel.function("sys32_sendfile64").return, kernel.function("ppc32_timer_create").return, kernel.function("compat_timer_settime").return, kernel.function("compat_timer_gettime").return, kernel.function("compat_clock_settime").return, kernel.function("compat_clock_gettime").return, kernel.function("compat_clock_getres").return, kernel.function("compat_clock_nanosleep").return, kernel.function("sys32_swapcontext").return, kernel.function("sys32_utimes").return, kernel.function("compat_statfs64").return, kernel.function("compat_fstatfs64").return, kernel.function("ppc_rtas").return, kernel.function("compat_mbind").return, kernel.function("compat_get_mempolicy").return, kernel.function("compat_set_mempolicy").return, kernel.function("sys64_time").return, kernel.function("ppc64_sys_stime").return, kernel.function("ppc64_newuname").return, kernel.function("ppc64_personality").return, kernel.function("ppc_rtas").return %: /*this is a TBD */ kernel.function("sys_*").return, kernel.function("compat_sys_*").return, kernel.function("sys32_getdents").return, kernel.function("sys32_adjtimex").return, kernel.function("sys32_pause").return, kernel.function("sys32_gettimeofday").return, kernel.function("sys32_settimeofday").return, kernel.function("sys32_ipc").return, kernel.function("sys32_execve").return, kernel.function("sys32_sysctl").return, kernel.function("sys32_olduname").return, kernel.function("sys32_utimes").return, kernel.function("ppc_rtas").return, kernel.function("sys64_time").return, kernel.function("ppc64_newuname").return %) %: %( arch == "i686" %? kernel.function("sys_*").return %: **ERROR** %) %) { if(filter_by_pid() == 1 ) { log_tracedata_common(HOOKID_SYSCALL_RETURN) log_syscall_tracedata_extra() } } /* log the system call name */ function log_syscall_tracedata_extra() %{ char *tok, *ptr; char buffer[MAXSTRINGLEN]; ptr=buffer; strlcpy (buffer, CONTEXT->probe_point, MAXSTRINGLEN); tok = strsep(&ptr, "\""); tok = strsep(&ptr, "@"); _stp_printf("%s|", tok); %}