>> ktrace tends to be useless when dealing with sysctl calls.

And many others, such as connect() and various ioctls.

>>   108      1 sysctl   CALL  __sysctl(0xbfbfecb0,3,0xbfbfdad0, 0xbfbfdacc,0,0)
>>   108      1 sysctl   MIB   1.1118.1120

This is more generally symptomatic of a fairly pervasive problem with
ktrace: it shows just the arguments to syscalls, not what those
arguments point to.

There are workarounds for some of the most common calls, such as
open/readlink/etc (via NAMI entries) and write (via GIO entries); all
you're doing is adding one more special-case kludge onto the pile for
sysctl.

Wouldn't it be better to fix them all, by making ktracers find out
about data the kernel reads from places pointed to by syscalls?  Then
kdump can juggle the formatting however it thinks appropriate for the
call in question.  Yes, this means a bit more work (syscalls that chase
user-level pointers would have to use a routine that creates ktrace
entries as well as reading the data), but it's really the right fix.

No, this doesn't mean I'm volunteering.  Just that I want to make sure
people are aware that this is yet another kludge-around to make a
symptom go away, not a real fix to the underlying problem.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B