HAND-MODIFIED commit 18b9b5e7be0a0d4e7aa0c235e95286eaf894fa6a
Author: Jonathan Lebon <jlebon@redhat.com>
Date:   Tue Jan 14 11:15:17 2014 -0500

    kprocess.exec: rely on syscall.execve
    
    By relying on syscall.execve, we get the benefits of compatibility
    across different kernel versions, as well as access to the arguments.

    [fche] allow stap version 2.4 (rhel7.0.*) to use the modified aliases too.

diff --git a/tapset/linux/kprocess.stp b/tapset/linux/kprocess.stp
index f30a66b..848c53e 100644
--- a/tapset/linux/kprocess.stp
+++ b/tapset/linux/kprocess.stp
@@ -1,5 +1,6 @@
 // kernel process tapset
 // Copyright (C) 2006 Intel Corporation.
+// Copyright (C) 2014 Red Hat Inc.
 //
 // This file is part of systemtap, and is free software.  You can
 // redistribute it and/or modify it under the terms of the GNU General
@@ -47,38 +48,70 @@ probe kprocess.start = kernel.function("schedule_tail") { }
 
 /**
  * probe kprocess.exec - Attempt to exec to a new program
+ *
  * @filename: The path to the new executable
+ * @name: Name of the system call ("execve") (SystemTap v2.5+)
+ * @args: The arguments to pass to the new executable, including
+ * the 0th arg (SystemTap v2.5+)
+ * @argstr: A string containing the filename followed by the
+ * arguments to pass, excluding 0th arg (SystemTap v2.5+)
  *
  * Context:
  *  The caller of exec.
  *
- *  Fires whenever a process attempts to exec to a new program.
+ *  Fires whenever a process attempts to exec to a new program. Aliased
+ *  to the syscall.execve probe in SystemTap v2.5+.
  */
+%(systemtap_v <= "2.3" %?
 probe kprocess.exec = 
     kernel.function("do_execve"),
     kernel.function("compat_do_execve") ?
 {
     filename = kernel_string($filename)
 }
+%:
+probe kprocess.exec = syscall.execve
+{
+   /*
+   name = "execve"
+   filename = user_string_quoted(@choose_defined($filename, $name))
+   # kernel 3.0 changed the pointer's name to __argv
+   __argv = @choose_defined($__argv, $argv)
+   args = __get_argv(__argv, 0)
+   argstr = sprintf("%s %s", filename, __get_argv(__argv, 1))
+   */
+}
+%)
 
 
 /**
  * probe kprocess.exec_complete - Return from exec to a new program
  * @errno: The error number resulting from the exec
  * @success: A boolean indicating whether the exec was successful
+ * @name: Name of the system call ("execve") (SystemTap v2.5+)
+ * @retstr: A string representation of errno (SystemTap v2.5+)
  *
  * Context:
  *  On success, the context of the new executable.
  *  On failure, remains in the context of the caller.
  *
- *  Fires at the completion of an exec call.
+ *  Fires at the completion of an exec call. Aliased to the
+ *  syscall.execve.return probe in SystemTap v2.5+.
  */
+%(systemtap_v <= "2.3" %?
 probe kprocess.exec_complete =
     kernel.function("do_execve").return,
     kernel.function("compat_do_execve").return ?
+%:
+probe kprocess.exec_complete = syscall.execve.return
+%)
 {
     errno = $return
     success = (errno >= 0)
+    /*
+    name = "execve"
+    retstr = return_str(1, $return)
+    */
 }
 
 
diff --git a/tapset/linux/syscalls.stp b/tapset/linux/syscalls.stp
index 613640d..f33923b 100644
--- a/tapset/linux/syscalls.stp
+++ b/tapset/linux/syscalls.stp
@@ -716,6 +716,7 @@ probe syscall.eventfd.return = kernel.function("sys_eventfd2").return !,
 }
 
 # execve _____________________________________________________
+# NB: kprocess.exec[_complete] is aliased to syscall.execve[.return]
 %( kernel_v >= "3.7" %?
 # In kernels >= 3.7, sys_execve() has been moved to generic code, so we
 # can use it with confidence.