commit aacee6563b7fd835b9a21e4ae5a0b4f7f743c7ef
Author: Martin Cermak <mcermak@redhat.com>
Date:   Thu Dec 6 13:52:20 2018 +0100

    Make sysc_bdflush.stp compatible with 4.17+ kernels.
    
    The bdflush syscall itself appears to be obsolete since 2.6,
    but this way we at least won't end up with pass 1 "resolution
    failed in alias expansion builder" when randomly probing for it.
    There is an old customer rh bz 544960 related to bdflush.

diff --git a/tapset/linux/sysc_bdflush.stp b/tapset/linux/sysc_bdflush.stp
index 0798964..48a04b9 100644
--- a/tapset/linux/sysc_bdflush.stp
+++ b/tapset/linux/sysc_bdflush.stp
@@ -11,6 +11,12 @@
 	argstr = sprintf("%d, %s", func, data_str)
 %)
 
+@define _SYSCALL_BDFLUSH_REGARGS
+%(
+	func = int_arg(1)
+	data = long_arg(2)
+%)
+
 probe syscall.bdflush = dw_syscall.bdflush !, nd_syscall.bdflush ? {}
 probe syscall.bdflush.return = dw_syscall.bdflush.return !, nd_syscall.bdflush.return ? {}
 
@@ -35,20 +41,72 @@ probe dw_syscall.bdflush.return = kernel.function("sys_bdflush").return ?
 
 # nd_bdflush _____________________________________________________
 
-probe nd_syscall.bdflush = kprobe.function("sys_bdflush") ?
+
+probe nd_syscall.bdflush = nd1_syscall.bdflush!, nd2_syscall.bdflush!, tp_syscall.bdflush
+{
+}
+
+probe nd1_syscall.bdflush = kprobe.function("sys_bdflush") ?
 {
 	@_SYSCALL_BDFLUSH_NAME
 	asmlinkage()
-	func = int_arg(1)
-	data = long_arg(2)
+	@_SYSCALL_BDFLUSH_REGARGS
 	if ((func >= 2) && (func % 2 == 0))
 		data_str = sprintf("%p", data)
 	else
 		data_str = sprintf("%d", data)
 	@_SYSCALL_BDFLUSH_ARGSTR
 }
-probe nd_syscall.bdflush.return = kprobe.function("sys_bdflush").return ?
+
+/* kernel 4.17+ */
+probe nd2_syscall.bdflush = kprobe.function(@arch_syscall_prefix "sys_bdflush") ?
+{
+	@_SYSCALL_BDFLUSH_NAME
+	asmlinkage()
+	@_SYSCALL_BDFLUSH_REGARGS
+	if ((func >= 2) && (func % 2 == 0))
+		data_str = sprintf("%p", data)
+	else
+		data_str = sprintf("%d", data)
+	@_SYSCALL_BDFLUSH_ARGSTR
+}
+
+/* kernel 3.5+, but undesirable because it affects all syscalls */
+probe tp_syscall.bdflush = kernel.trace("sys_enter")
+{
+	__set_syscall_pt_regs($regs)
+	@__syscall_compat_gate(@const("__NR_bdflush"), @const("__NR_compat_bdflush"))
+	@_SYSCALL_BDFLUSH_NAME
+	@_SYSCALL_BDFLUSH_REGARGS
+	if ((func >= 2) && (func % 2 == 0))
+		data_str = sprintf("%p", data)
+	else
+		data_str = sprintf("%d", data)
+	@_SYSCALL_BDFLUSH_ARGSTR
+}
+
+probe nd_syscall.bdflush.return = nd1_syscall.bdflush.return!, nd2_syscall.bdflush.return!, tp_syscall.bdflush.return
+{
+}
+
+probe nd1_syscall.bdflush.return = kprobe.function("sys_bdflush").return ?
+{
+	@_SYSCALL_BDFLUSH_NAME
+	@SYSC_RETVALSTR(returnval())
+}
+
+/* kernel 4.17+ */
+probe nd2_syscall.bdflush.return = kprobe.function(@arch_syscall_prefix "sys_bdflush").return ?
 {
 	@_SYSCALL_BDFLUSH_NAME
 	@SYSC_RETVALSTR(returnval())
 }
+
+/* kernel 3.5+, but undesirable because it affects all syscalls */
+probe tp_syscall.bdflush.return = kernel.trace("sys_exit")
+{
+	__set_syscall_pt_regs($regs)
+	@__syscall_compat_gate(@const("__NR_bdflush"), @const("__NR_compat_bdflush"))
+	@_SYSCALL_BDFLUSH_NAME
+	@SYSC_RETVALSTR($ret)
+}