This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug tapsets/15731] New: syscall.execve probe alias broken on rawhide


http://sourceware.org/bugzilla/show_bug.cgi?id=15731

            Bug ID: 15731
           Summary: syscall.execve probe alias broken on rawhide
           Product: systemtap
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: tapsets
          Assignee: systemtap at sourceware dot org
          Reporter: dsmith at redhat dot com

The syscall.execve probe alias is broken on rawhide
(3.11.0-0.rc0.git2.1.fc20.x86_64), pointed out by
testsuite/systemtap.base/pointer_array.exp:

====
# stap -e 'probe syscall.execve { if (pid() == target()) { printf("exec\n") }
}' -c /usr/bin/true
====

Here's the problem. In the syscall tapset, syscall.execve is defined like this:

====
# execve _____________________________________________________
# int sys_execve(struct pt_regs regs)
#   which breaks out the args and immediately calls
# int do_execve(char * filename,
#    char __user *__user *argv,
#    char __user *__user *envp,
#    struct pt_regs * regs)
probe syscall.execve = kernel.function("do_execve").call
{
    name = "execve"
    filename = kernel_string($filename)
    # kernel 3.0 changed the pointer's name to __argv
    __argv = @choose_defined($__argv, $argv)
    args = __get_argv(__argv, 0)
    argstr = sprintf("%s %s", filename, __get_argv(__argv, 1))
}
====

In current kernel sources, sys_execve is defined like this:

====
SYSCALL_DEFINE3(execve,
        const char __user *, filename,
        const char __user *const __user *, argv,
        const char __user *const __user *, envp)
{
    struct filename *path = getname(filename);
    int error = PTR_ERR(path);
    if (!IS_ERR(path)) {
        error = do_execve(path->name, argv, envp);
        putname(path);
    }
    return error;
}
====

The problem is that do_execve() is (evidently) inlined in sys_execve, so we're
missing it:

====
# stap -l 'kernel.function("do_execve").*'
kernel.function("do_execve@fs/exec.c:1584").call
kernel.function("do_execve@fs/exec.c:1584").exported
kernel.function("do_execve@fs/exec.c:1584").inline
kernel.function("do_execve@fs/exec.c:1584").return
====

We'll need to re-examine the need for using 'do_execve' instead of
'sys_execve'.

Also note that nd_syscall.execve is probably also broken.

-- 
You are receiving this mail because:
You are the assignee for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]