there's a fairly significant problem with this implementation. you're only catching callers who use end up going through sy_call() and that's not the majority. mostly they're called directly from MD code. so to fix that, you have to update every platform syscall handler.
it also slows down normal operation adding branches and data access to the call path of every system call. and bloats struct lwp and more. i don't think it's worth paying that for what feature that isn't really useful to anyone. (sure, it's useful for you when you're modifying the calls perhaps, but that comes down to the case of don't shoot yourself in the foot and unload something you're still using/testing.) however, it looks like this *should* already be handled by platforms that do use sy_call() directly, and could be fixed on everywhere else by simply setting l_sysent the same way. that's what the setting of l_sysent does -- "this is the system call i'm currently actively running" -- and syscall_disestablish() checks this correctly already. .mrg.
