Functions
int	syscall_get_nr (struct task_struct task, struct pt_regs regs)

void	syscall_rollback (struct task_struct task, struct pt_regs regs)

long	syscall_get_error (struct task_struct task, struct pt_regs regs)

long	syscall_get_return_value (struct task_struct task, struct pt_regs regs)

void	syscall_set_return_value (struct task_struct task, struct pt_regs regs, int error, long val)

void	syscall_get_arguments (struct task_struct task, struct pt_regs regs, unsigned int i, unsigned int n, unsigned long *args)

void	syscall_set_arguments (struct task_struct task, struct pt_regs regs, unsigned int i, unsigned int n, const unsigned long *args)

int	syscall_get_arch (struct task_struct task, struct pt_regs regs)

Function Documentation

int syscall_get_arch	(	struct task_struct *	task,
		struct pt_regs *	regs
	)

syscall_get_arch - return the AUDIT_ARCH for the current system call : task of interest, must be in system call entry tracing : task_pt_regs() of

Returns the AUDIT_ARCH_* based on the system call convention in use.

It's only valid to call this when is stopped on entry to a system call, due to TIF_SYSCALL_TRACE, TIF_SYSCALL_AUDIT, or TIF_SECCOMP.

Architectures which permit CONFIG_HAVE_ARCH_SECCOMP_FILTER must provide an implementation of this.

void syscall_get_arguments	(	struct task_struct *	task,
		struct pt_regs *	regs,
		unsigned int	i,
		unsigned int	n,
		unsigned long *	args
	)

syscall_get_arguments - extract system call parameter values : task of interest, must be blocked : task_pt_regs() of : argument index [0,5]
: number of arguments; n+i must be [1,6]. : array filled with argument values

Fetches
arguments to the system call starting with the 'th argument (from 0 through 5). Argument is stored in [0], and so on. An arch inline version is probably optimal when and
are constants.

It's only valid to call this when is stopped for tracing on entry to a system call, due to TIF_SYSCALL_TRACE or TIF_SYSCALL_AUDIT. It's invalid to call this with +
> 6; we only support system calls taking up to 6 arguments.

long syscall_get_error	(	struct task_struct *	task,
		struct pt_regs *	regs
	)

syscall_get_error - check result of traced system call : task of interest, must be blocked : task_pt_regs() of

Returns 0 if the system call succeeded, or -ERRORCODE if it failed.

It's only valid to call this when is stopped for tracing on exit from a system call, due to TIF_SYSCALL_TRACE or TIF_SYSCALL_AUDIT.

int syscall_get_nr	(	struct task_struct *	task,
		struct pt_regs *	regs
	)

syscall_get_nr - find what system call a task is executing : task of interest, must be blocked : task_pt_regs() of

If is executing a system call or is at system call tracing about to attempt one, returns the system call number. If is not executing a system call, i.e. it's blocked inside the kernel for a fault or signal, returns -1.

Note this returns int even on 64-bit machines. Only 32 bits of system call number can be meaningful. If the actual arch value is 64 bits, this truncates to 32 bits so 0xffffffff means -1.

It's only valid to call this when is known to be blocked.

long syscall_get_return_value	(	struct task_struct *	task,
		struct pt_regs *	regs
	)

syscall_get_return_value - get the return value of a traced system call : task of interest, must be blocked : task_pt_regs() of

Returns the return value of the successful system call. This value is meaningless if syscall_get_error() returned nonzero.

It's only valid to call this when is stopped for tracing on exit from a system call, due to TIF_SYSCALL_TRACE or TIF_SYSCALL_AUDIT.

void syscall_rollback	(	struct task_struct *	task,
		struct pt_regs *	regs
	)

syscall_rollback - roll back registers after an aborted system call : task of interest, must be in system call exit tracing : task_pt_regs() of

It's only valid to call this when is stopped for system call exit tracing (due to TIF_SYSCALL_TRACE or TIF_SYSCALL_AUDIT), after tracehook_report_syscall_entry() returned nonzero to prevent the system call from taking place.

This rolls back the register state in so it's as if the system call instruction was a no-op. The registers containing the system call number and arguments are as they were before the system call instruction. This may not be the same as what the register state looked like at system call entry tracing.

void syscall_set_arguments	(	struct task_struct *	task,
		struct pt_regs *	regs,
		unsigned int	i,
		unsigned int	n,
		const unsigned long *	args
	)

syscall_set_arguments - change system call parameter value : task of interest, must be in system call entry tracing : task_pt_regs() of : argument index [0,5]
: number of arguments; n+i must be [1,6]. : array of argument values to store

Changes
arguments to the system call starting with the 'th argument. Argument gets value [0], and so on. An arch inline version is probably optimal when and
are constants.

It's only valid to call this when is stopped for tracing on entry to a system call, due to TIF_SYSCALL_TRACE or TIF_SYSCALL_AUDIT. It's invalid to call this with +
> 6; we only support system calls taking up to 6 arguments.

void syscall_set_return_value	(	struct task_struct *	task,
		struct pt_regs *	regs,
		int	error,
		long	val
	)

syscall_set_return_value - change the return value of a traced system call : task of interest, must be blocked : task_pt_regs() of : negative error code, or zero to indicate success : user return value if is zero

This changes the results of the system call that user mode will see. If is zero, the user sees a successful system call with a return value of . If is nonzero, it's a negated errno code; the user sees a failed system call with this errno code.

It's only valid to call this when is stopped for tracing on exit from a system call, due to TIF_SYSCALL_TRACE or TIF_SYSCALL_AUDIT.

Functions

Function Documentation