Linux 3.19 added the execveat syscall, adding tapset supportrelease-2.7

tapset/linux/nd_syscalls.stp - no debuginfo tapset tapset/linux/syscalls.stp - regular tapset testsuite/buildok/nd_syscalls-detailed.stp - update no debuginfo testcase testsuite/buildok/syscalls-detailed.stp - update testcase testsuite/systemtap.syscall/execveat.c - new syscall testcase 

5 files changed, 136 insertions, 0 deletions

diff --git a/tapset/linux/nd_syscalls.stp b/tapset/linux/nd_syscalls.stp
index 307242150..6c1d452d1 100644
--- a/tapset/linux/nd_syscalls.stp
+++ b/tapset/linux/nd_syscalls.stp
@@ -1164,6 +1164,30 @@ probe nd_syscall.execve.return = kprobe.function("do_execve").return
 }
 %)
 
+# execveat ______________________________________________
+# SYSCALL_DEFINE5(execveat,
+# int, fd, const char __user *, filename,
+# const char __user *const __user *, argv,
+# const char __user *const __user *, envp,
+# int, flags)
+#
+probe nd_syscall.execveat = kprobe.function("do_execveat").call ?
+{
+ name = "execveat"
+ fd = __int32(1)
+ fd_str = _dfd_str(fd)
+ filename = user_string_quoted(pointer_arg(2))
+ args = __get_argv(pointer_arg(3), 0)
+ flags = int_arg(5)
+ flags_str = _at_flag_str(flags)
+ argstr = sprintf("%s %s %s %s", fd_str, filename, args, flags_str)
+}
+probe nd_syscall.execveat.return = kprobe.function("do_execveat").return ?
+{
+ name = "execveat"
+ retstr = returnstr(1)
+}
+
 %( kernel_v >= "3.7" %?
 # In kernels >= 3.7, compat_sys_execve() has been moved to generic
 # code, so we can use it with confidence.
@@ -1210,6 +1234,24 @@ probe nd_syscall.compat_execve.return =
 }
 %)
 
+probe nd_syscall.compat_execveat = kprobe.function("compat_do_execveat").call ?
+{
+ name = "compat_execveat"
+ fd = __int32(1)
+ fd_str = _dfd_str(fd) 
+ filename = user_string_quoted(pointer_arg(2))
+ args = __get_argv(pointer_arg(3), 0)
+ flags = int32_arg(5)
+ flags_str = _at_flag_str(flags)
+ argstr = sprintf("%s %s %s %s", fd_str, filename, args, flags_str)
+
+}
+probe nd_syscall.compat_execveat.return = kprobe.function("compat_do_execveat").return ?
+{
+ name = "compat_execveat"
+ retstr = returnstr(1)
+}
+
 # exit _______________________________________________________
 # long sys_exit(int error_code)
 probe nd_syscall.exit = kprobe.function("sys_exit").call
diff --git a/tapset/linux/syscalls.stp b/tapset/linux/syscalls.stp
index c06c96f40..ca3168222 100644
--- a/tapset/linux/syscalls.stp
+++ b/tapset/linux/syscalls.stp
@@ -1069,6 +1069,32 @@ probe syscall.execve.return = kernel.function("do_execve").return
 }
 %)
 
+# execveat ______________________________________________
+# SYSCALL_DEFINE5(execveat,
+# int, fd, const char __user *, filename,
+# const char __user *const __user *, argv,
+# const char __user *const __user *, envp,
+# int, flags)
+#
+probe syscall.execveat = kernel.function("sys_execveat").call ?
+{
+ name = "execveat"
+ fd = __int32($fd)
+ fd_str = _dfd_str(__int32($fd))
+ filename = user_string_quoted(@__pointer($filename))
+ flags = int_arg($flags)
+ flags_str = _at_flag_str(__int32($flags))
+ __argv = @choose_defined($__argv, $argv)
+ args = __get_argv(__argv, 0)
+ argstr = sprintf("%s %s %s %s", fd_str, filename, __get_argv(__argv, 1), flags_str)
+}
+
+probe syscall.execveat.return = kernel.function("sys_execveat").return ?
+{
+ name = "execveat"
+ retstr = return_str(1, $return)
+}
+
 %( kernel_v >= "3.7" %?
 # In kernels >= 3.7, compat_sys_execve() has been moved to generic
 # code, so we can use it with confidence.
@@ -1116,6 +1142,24 @@ probe syscall.compat_execve.return =
  retstr = return_str(1, $return)
 }
 %)
+probe syscall.compat_execveat = kernel.function("compat_sys_execveat").call ?
+{
+ name = "compat_execveat"
+ fd = __int32($fd)
+ fd_str = _dfd_str(__int32($fd))
+ filename = user_string_quoted(@__pointer($filename))
+ flags = int_arg($flags)
+ flags_str = _at_flag_str(__int32($flags))
+ __argv = @choose_defined($__argv, $argv)
+ args = __get_argv(__argv, 0)
+ argstr = sprintf("%s %s %s %s", fd_str, filename, __get_argv(__argv, 1), flags_str)
+}
+
+probe syscall.compat_execveat.return = kernel.function("compat_sys_execveat").return ?
+{
+ name = "compat_execveat"
+ retstr = return_str(1, $return)
+}
 
 # exit _______________________________________________________
 # long sys_exit(int error_code)
diff --git a/testsuite/buildok/nd_syscalls-detailed.stp b/testsuite/buildok/nd_syscalls-detailed.stp
index cd39032ff..e759d1d5f 100755
--- a/testsuite/buildok/nd_syscalls-detailed.stp
+++ b/testsuite/buildok/nd_syscalls-detailed.stp
@@ -342,6 +342,17 @@ probe nd_syscall.execve.return, nd_syscall.compat_execve.return ?
  printf("%s, %s\n", name, retstr)
 }
 
+probe nd_syscall.execveat, nd_syscall.compat_execveat ?
+{
+ printf("%s, %s\n", name, argstr)
+ printf("%d, %s, %s, %d(%s), %s\n", fd, fd_str, filename, flags, flags_str, args)
+}
+
+probe nd_syscall.execveat.return, nd_syscall.compat_execveat.return ?
+{
+ printf("%s, %s\n", name, retstr)
+}
+
 probe nd_syscall.exit
 {
  printf("%s, %s\n", name, argstr)
diff --git a/testsuite/buildok/syscalls-detailed.stp b/testsuite/buildok/syscalls-detailed.stp
index 85635e417..f3f3ddcee 100755
--- a/testsuite/buildok/syscalls-detailed.stp
+++ b/testsuite/buildok/syscalls-detailed.stp
@@ -342,6 +342,16 @@ probe syscall.execve.return, syscall.compat_execve.return ?
  printf("%s, %s\n", name, retstr)
 }
 
+probe syscall.execveat, syscall.compat_execveat ?
+{
+ printf("%s, %s\n", name, argstr)
+ printf("%d, %s, %s, %d(%s), %s\n", fd, fd_str, filename, flags, flags_str, args)
+}
+
+probe syscall.execveat.return, syscall.compat_execveat.return ?
+{
+ printf("%s, %s\n", name, retstr)
+}
 probe syscall.exit
 {
  printf("%s, %s\n", name, argstr)
diff --git a/testsuite/systemtap.syscall/execveat.c b/testsuite/systemtap.syscall/execveat.c
new file mode 100644
index 000000000..fa8c63038
--- /dev/null
+++ b/testsuite/systemtap.syscall/execveat.c
@@ -0,0 +1,29 @@
+#include <sys/syscall.h>
+#include <fcntl.h>
+#include <unistd.h>
+#if !defined(SYS_execveat) && defined(__NR_execveat)
+#define SYS_execveat __NR_execveat
+#endif
+
+int main() {
+#ifdef SYS_execveat
+ syscall(SYS_execveat, -1, "/bin/true", -1L, NULL, NULL);
+ //staptest// execveat (-1 "/bin/true" 0x0) = -NNNN (EFAULT)
+ syscall(SYS_execveat, -1, "/bin/true", NULL, -1L, NULL);
+ //staptest// execveat (-1 "/bin/true" 0x0) = -NNNN (EFAULT)
+ syscall(SYS_execveat, -1, "/bin/true", NULL, NULL, -1);
+ //staptest// execveat (-1 "/bin/true" AT_SYMLINK_NOFOLLOW|AT_REMOVEDIR|AT_SYMLINK_FOLLOW|AT_NO_AUTOMOUNT|AT_EMPTY_PATH|XXXX) = -NNNN
+ syscall(SYS_execveat, AT_FDCWD, "", NULL, NULL, NULL);
+ //staptest// execveat (AT_FDCWD "" 0x0) = -NNNN (ENOENT)
+ syscall(SYS_execveat, -1, -1L, NULL, NULL, NULL);
+#if __WORDSIZE == 64
+ //staptest// execveat (-1 [16]?[f]+ 0x0) = -NNNN (EFAULT)
+#else
+ //staptest// execveat (-1 [8]?[f]+ 0x0) = -NNNN (EFAULT)
+#endif
+ syscall(SYS_execveat, -1, "/bin/true", NULL, NULL, NULL);
+ //staptest// execveat (-1 "/bin/true" 0x0) = NNNN
+#endif
+ return 0;
+}
+