William Cohen [Wed, 20 Jun 2018 20:35:03 +0000 (16:35 -0400)]
Use equivalent non-dwarf probe points for example scripts
The dwarf-based kernel.function probes require the installation of
kernel-debuginfo. The examples can be just as easily implemented with
the non-dwarf kprobe.function probes and eliminate the need to install
kernel-debuginfo.
Frank Ch. Eigler [Wed, 20 Jun 2018 18:00:15 +0000 (14:00 -0400)]
tapset: introduce tapset/linux/aux2_syscalls.stp for leaf embedded-c functions
The _stp_syscall_nr embedded-C function may well be needed from the
tracepoint-flavoured syscall probe aliases. For this, it would be
undesirable to necessarily drag in all of the material in
aux_syscalls.stp. So split out a new little aux2_syscall.stp with
just the basics that minimal nd2_syscall or tp_syscall jobs might
need.
Frank Ch. Eigler [Mon, 18 Jun 2018 18:57:21 +0000 (14:57 -0400)]
PR23160,PR14690: uregs setter macro for use from kernel context
When a syscall interjection mechanism gives us a pt_regs*
structure for the syscall parameters/context, we can pretend
as though it were a user-space probe.
Frank Ch. Eigler [Sat, 16 Jun 2018 08:36:00 +0000 (04:36 -0400)]
pass2 elaboration: tweak diagnostics
While debugging 4.17-style syscalls, it was tricky to figure out the
probe derivation process while it was underway, with nested aliases
and optional/sufficient probe points. Tweak verbosity numbers and
messages to give a good overview at the --vp 02 level.
While in the vicinity, introduced a session
suppress_costly_diagnostics counter, which is used to suppress
levenshtein suggestions for optional/sufficient probe points.
These probe points are expected to fail, and no messages will
be printed for them anyway, so the levenshtein stuff was a pure
waste. stap -p2 run time time for scripts like
David Smith [Thu, 14 Jun 2018 18:18:24 +0000 (13:18 -0500)]
No longer run the http server as 'root'.
* httpd/backends.cxx (container_backend::generate_module): Handle python
versions correctly. Add "sudo" to all "buildah" command lines.
* httpd/main.cxx (main): Make sure we're not running as root.
* testsuite/lib/systemtap.exp (systemtap_check_users): Check for the
'stap-server' user.
* testsuite/lib/http_server.exp: Start the http server as the
'stap-server' user, not root.
* configure.ac: Add defines to determine if python 2 and python 3 exist on
the system.
* httpd/Makefile.am: Installs sudoers rule file.
* configure: Regenerated.
* config.in: Ditto.
* httpd/Makefile.in: Ditto.
* util.cxx (get_distro_info): Fixed bug where the version number and
release number got combined.
* httpd/stap-server.sudoers: New file.
Martin Cermak [Thu, 14 Jun 2018 12:35:26 +0000 (14:35 +0200)]
Improve the foreach_limit(2).exp test results.
Without this update, one can observe following issue with rhel7
powerpc kernels:
=======
# stap -p4 testsuite/systemtap.maps/foreach_limit.stp
...
/usr/local/share/systemtap/runtime/map.c:275:26: error: ‘a’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
struct mlist_head *c, *a, *last, *tmp;
^
/usr/local/share/systemtap/runtime/map.c:275:26: error: ‘a’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
cc1: all warnings being treated as errors
=======
This problem turns out to start happening after the powerpc kernel
build system started using -O3 instead of -O2 as one can see in
http://vault.centos.org/7.5.1804/os/Source/SPackages/kernel-3.10.0-862.el7.src.rpm
=======
# powerpc is compiled with -O3, via specfile rpmbuild -- see rhbz1051067.
# we need to keep consistency here, however, for out of tree kmod builds --
# see rhbz1431029 for reference
ifeq ($(SRCARCH), powerpc)
KBUILD_CFLAGS += -O3
else
KBUILD_CFLAGS += -O2
endif
=======
Reverting this change (using -O2 instead of -O3) works the problem around
as well as this systemtap-side update. For more details, see rhbz1591267.
* exporter.conf: lets user specify which scripts the server can run and
options such as automatic session timeouts and whether sessions are
launched at startup.
* exporter.py: parse config file, periodically check for sessions that
need to be terminated due to timeout.
Paulo Andrade [Tue, 12 Jun 2018 22:48:26 +0000 (18:48 -0400)]
rhbz1547238: adapt vfs.add_to_page_cache probes
The add_to_page_cache_lru variant should also be probed, along with
kernel.function("add_to_page_cache_locked"), but if present, not the
add_to_page_cache variant. This backward compatibility needed a
little bit of tapset probe point operator jiujitsu to go beyond
Paulo's initial patch.
David Smith [Tue, 12 Jun 2018 19:19:01 +0000 (14:19 -0500)]
Fix (and centralize) temporary directory creation in the http server.
* httpd/api.cxx (build_collection_rh::POST): Always ensure there is a
server temporary directory (otherwise files are attempted to be written
to the root directory). Use make_temp_directory() to create the client
temporary directory.
* httpd/utils.cxx (make_temp_dir): New function.
* httpd/utils.h: Added make_temp_dir() prototype.
* httpd/server.cxx (connection_info::postdataiterator): Use
make_temp_directory().
David Smith [Mon, 11 Jun 2018 16:13:11 +0000 (11:13 -0500)]
Simplify temporary directory creation in the http container backend.
* httpd/backends.cxx (container_backend::generate_module): Instead of
creating a new temporary directory for the docker file, just create a
subdirectory of the server temporary directory.
David Smith [Thu, 7 Jun 2018 19:51:55 +0000 (14:51 -0500)]
Implement caching for the http container backend.
* httpd/backends.cxx (class container_image_cache): New class.
(container_backend::generate_module): Implement a caching scheme for
"buildah". If the hash for a docker file matches an existing image,
reuse the image.
Jafeer Uddin [Thu, 7 Jun 2018 17:41:11 +0000 (13:41 -0400)]
PR23226: Added ability to run sample scripts with typing whole path
* cmdline.h: Added new command line option '--example'
* cmdline.cxx: Added new command line option '--example'
* session.h: Added new flag 'run_example' to track example option
* session.cxx: Updated constructors to initialize new flag and added
logic to set run_example flag in parse_cmdline()
* main.cxx: If '--example' is specified then search for script within
example directory and run it if one hit is found
* man/stap.1.in: Added new entry for '--example' option
* testsuite/buildko/example.stp: New file to test new option
* testsuite/buildok/example.stp: New file to test new option
David Smith [Tue, 5 Jun 2018 16:32:42 +0000 (11:32 -0500)]
Add the docker file hash to the container image name.
* httpd/backends.cxx (container_backend::generate_module): Add the docker
file hash to the container image name.
* httpd/utils.cxx (get_file_hash): New function.
* httpd/utils.h: Add get_file_hash() prototype.
* httpd/Makefile.am: Add ../mdfour.c to the list of sources.
* httpd/Makefile.in: Regenerated.
David Smith [Fri, 1 Jun 2018 20:09:23 +0000 (15:09 -0500)]
Started switching the http container backend to use 'buildah'.
* httpd/backends.cxx (container_backend): Initial steps of switching from
'docker' to 'buildah'.
* httpd/backends.h (backend_base): Updated prototype.
* httpd/api.cxx (build_info): Remove the 'tmp_dir' member.
(build_info::~build_info): No longer remove the temporary directory.
(response build_collection_rh::POST): Create the 'client_dir' temporary
directory.
* httpd/api.h (client_request_data): Rename the 'base_dir' member to
'server_dir' and add a 'client_dir' member.
(build_info::module_build): Unzip the 'client.zip' file in the client
directory, not the server directory. Be sure to look for the module in
the client directory.
(client_request_data::~client_request_data): Remove both the client
directory and the server directory.
(client_request_data::get_json_object): Update output.
* httpd/docker/centos.json: Tweaked to not run "yum/dnf clean all" after
the first RUN command.
* httpd/docker/fedora.json: Ditto.
David Smith [Thu, 31 May 2018 15:24:04 +0000 (10:24 -0500)]
Change the http container backend to do all the image building itself.
* httpd/backends.cxx (container_backend::generate_module): Just use the
python script to build the docker file, then build the docker image.
* httpd/docker/stap_build_docker_file.py: Renamed from
'stap_build_docker_image.py' and only builds the docker file, not the
docker image.
* httpd/docker/Makefile.am: Rename 'stap_build_docker_image.py' to
'stap_build_docker_file.py'.
* httpd/docker/Makefile.in: Regenerated.
David Smith [Wed, 30 May 2018 16:32:59 +0000 (11:32 -0500)]
Rename the http docker backend to the http container backend.
* httpd/backends.cxx: No real code change, but in preparation for the
switch from using "docker" to "buildah", rename the docker backend to
the container backend.
Serhei Makarov [Tue, 29 May 2018 17:33:49 +0000 (13:33 -0400)]
Merge branch 'serhei/rt-fixes-clean'
Initial round of fixes for RHBZ1272304 to make systemtap work better on the
realtime (CONFIG_PREEMPT_RT_FULL) kernel. These fixes do not solve all of the
rule violations that occur (and get reported to dmesg on kernel-rt-debug) but
they do make it possible for SystemTap to get through the entire testsuite on
kernel-rt without locking up the system.
Merging rather than rebasing since only the final commit of the branch is 'safe'.
Jafeer Uddin [Tue, 29 May 2018 13:28:17 +0000 (09:28 -0400)]
Added ability to send test results via http to a url
* testsuite/Makefile.am: Expanded check for DEJAZILLA to distinguish
between email address and url, and send test results to the corresponding
destination.
* testsuite/Makefile.in: Regenerated.
* testsuite/configure.ac: Updated messages to reflect the added feature.
* testsuite/configure: Regenerated.
Jeff Moyer [Fri, 11 May 2018 19:25:52 +0000 (15:25 -0400)]
io_submit.stp: let the user know when the script is loaded
I often find myself checking lsmod to see when the script is finally
ready to collect data. Just print a message from the begin probe to
make it obvious when the script is ready.
Jeff Moyer [Fri, 11 May 2018 19:25:51 +0000 (15:25 -0400)]
io_submit.stp: use an accumulator for traces
On very large systems, we get a lot of skipped probes due to lock
contention on the traces array. The end result is that we don't
get any data for such systems. Simply converting the traces array
to an accumulator resolves this issue in testing (on a highly-
loaded 288 cpu system).
probe syscall.io_submit.return {
/* this assumes a given proc will do lots of io_submit calls, and
* so doesn't do the more expensive "delete in_iosubmit[p]". If
* there are lots of procs doing small number of io_submit calls,
* the hash may grow pretty big, so using delete may be better
*/
in_iosubmit[tid()] = 0
}
However, the test to see if a thread is currently executing in io_submit
is performed using the membership operator 'in':
if (tid() in in_iosubmit)
This is obviously wrong. We can do one of two things:
1) change the test to if (in_iosubmit[tid()] == 1) or
2) just perform the delete in the return probe
While I agree that we typically have a small number of threads performing
io_submit, I don't believe there is substance to the performance claims
for the delete operator. So, I've opted for solution 2.
David Smith [Wed, 23 May 2018 17:37:07 +0000 (12:37 -0500)]
Change the http docker backend to run systemtap in the container image.
* httpd/backends.cxx (docker_backend::generate_module): Switch back to
running systemtap inside the container. Trying to use the container
image as a sysroot didn't work well. Trying to run systemtap on the
sysroot worked fine, but running gcc 8 (f28) against a centos 7
sysroot's kernel source failed. Trying to run the centos 7 gcc from f28
kept crashing. So, we're back to running systemtap in the container
image.
Martin Cermak [Thu, 17 May 2018 08:51:18 +0000 (10:51 +0200)]
Fix testcase systemtap.string/text_str.exp
PR22991 (Invalid truncation of quoted strings) was fixed in
commit fa4f499d8c92600702853d763ae3ea45002c07e3, but respective
change hasn't been applied to systemtap.string/text_str.exp.
Adding the missing bit.
Commit 2f6fcfc6 (Fix BZ1546179 by being careful when accessing
sk_buff structures) made the "unprivileged_embedded_C.exp"
testcase unhappy. It started to report false positives.
Thing is that embeddedc.awk can't correctly parse two block
boundaries at a line, which is exactly what the commit introduces
by adding "} catch { }", or "try { ... } catch { }". Here is the
failure as observed with git stap 0e051c5:
* bpf-internal.h (BPF_FUNC_map_get_next_key): add id for map_get_next_key.
* bpfinterp.cxx (bpf_interpret): call map_get_next_key when function id equals
BPF_FUNC_map_get_next_key. (map_get_next_key): wrapper for bpf_get_next_key
that includes support for limiting number of iterations and iterating in
ascending/descending order.
David Smith [Mon, 7 May 2018 19:14:12 +0000 (14:14 -0500)]
Send the target executable over to the http server.
* httpd/backends.cxx (docker_backend::generate_module): Add the date and
time to the docker image name, to make them easier to remove. Copy any
target files from the zip file into the docker image.
* client-http.cxx (http_client::get_rpmname): If an rpm doesn't contain
the file we're searching for, just return the empty string.
(http_client_backend::include_file_or_directory): Only include the file
or directory in the command line arguments if the callers asks.
(http_client_backend::package_request): Move code from
http_client_backend::find_and_connect_to_server(). If get_rpmname()
returns the empty string, add the file so that it will get transferred
over to the server.
(http_client_backend::find_and_connect_to_server): Move code to
http_client_backend::package_request().
* client-http.h (http_client_backend::include_file_or_directory): Updated
prototype.
* client-nss.cxx (nss_client_backend::include_file_or_directory): Only
include the file or directory in the command line arguments if the
callers asks.
* client-nss.h (nss_client_backend::include_file_or_directory): Updated
prototype.
* csclient.h: Updated client_backend::include_file_or_directory()
prototype.
add DEBUG_MEMALLOC_MIGHT_SLEEP option to check for memory allocations in RT-atomic
If DEBUG_MEMALLOC_MIGHT_SLEEP is defined (stap -DDEBUG_MEMALLOC_MIGHT_SLEEP ...)
then all memory allocation operations are assumed to sleep. This
can be used to check whether any memory allocations occur in atomic
context, which is discouraged on realtime kernels.
* runtime/linux/alloc.c (DEBUG_MEMALLOC_MIGHT_SLEEP): new optional define.
(_stp_kmalloc_gfp, _stp_kmalloc_node_gfp, _stp_kzalloc_node_gfp, _stp_kfree,
_stp_vfree, _stp_free_percpu): trigger might_sleep() on DEBUG_MEMALLOC_MIGHT_SLEEP.
kernel-rt fix: delay cleanup of utrace struct after removal from task_utrace_table
Since utrace->lock is now an ordinary spinlock, we cannot grab it in a
(raw) task_utrace_lock section, nor can we do memory management on kernel-rt
in a raw_spinlock section. Thus, in utrace_exit(), we dump utrace structures
to a separate hlist (guarded by a separate, non-raw utrace_cleanup_lock) before
calling utrace_cleanup() to free them.
* runtime/stp_utrace.c (utrace_cleanup_list, utrace_cleanup_lock): new data structures.
(utrace_exit): dump utrace structures to utrace_cleanup_list before releasing
task_utrace_lock and then actually cleaning up.
(utrace_cleanup): now requires utrace_cleanup_lock instead of task_utrace_lock.
kernel-rt fix: use task_work to defer reporting of stp_utrace events
Since utrace->lock is now a regular spinlock, it cannot be taken in tracepoint context.
This patch introduces a queue of task_work structures that the reporting functions
in stp_utrace.c can use to delay reporting work that requires taking utrace->lock.
* stp_utrace.c (STP_UTRACE_USE_TASK_WORK_QUEUE): new define.
(__stp_utrace_task_work_list, __stp_utrace_task_work_list_lock,
__stp_utrace_task_work): new data structures.
(UTRACE_TASK_WORK_POOL_SIZE): new define, configure with -DUTRACE_TASK_WORK_POOL_SIZE
(__stp_utrace_task_work_pool_bitmap, __stp_utrace_task_work_pool,
__stp_utrace_task_work_pool_lock): new data structures.
(__stp_utrace_alloc_task_work): new function.
(__stp_utrace_save_regs): new function.
(__stp_utrace_free_task_work_from_pool): new function.
(__stp_utrace_free_task_work): new function.
(utrace_exit): free task_work_list items on exit.
(utrace_cancel_all_task_work): clean up code, also cancel task_work_list items.
(utrace_free): clean up code.
(utrace_report_exec): defer reporting to utrace_exec_work().
(utrace_exec_work): new function.
(utrace_report_syscall_entry): defer reporting to utrace_syscall_entry_work().
(utrace_syscall_entry_work): new function.
(utrace_report_syscall_exit): defer reporting to utrace_syscall_exit_work().
(utrace_syscall_exit_work): new function.
(utrace_report_clone): defer reporting to utrace_clone_work().
(utrace_clone_work): new function.
Serhei Makarov [Mon, 26 Mar 2018 20:30:59 +0000 (16:30 -0400)]
kernel-rt fix: change utrace->lock to a regular spinlock
In utrace_control(), stp_lock_task_sighand() cannot be invoked in a raw-spinlock
section on kernel-RT. Therefore, we must change utrace->lock to a regular,
non-raw spinlock. (This change introduces additional issues to be fixed in subsequent
commits.)
Serhei Makarov [Thu, 15 Mar 2018 20:26:55 +0000 (16:26 -0400)]
kernel-rt fix: avoid locking in __stp_time_init()
* runtime/time.c (stp_init_time): avoid invoking seqlock inside
an interrupts-disabled section.
The problem is that __stp_init_time() is invoked in an interrupts-disabled
section created by on_each_cpu(). This prevents it from being able to safely
grab seqlock.
My reasoning is that because __stp_time_init() is initializing the
seqlock, it is safe to assume no one else will be trying to grab it until
we return. So we can dispense with locking at this point.
Serhei Makarov [Wed, 14 Mar 2018 19:42:08 +0000 (15:42 -0400)]
kernel-rt fix: use stp_spinlock for _stp_ctl_ready_q
_stp_ctl_ready_lock and _stp_ctl_special_msg_lock are locked within an atomic
context created by _stp_runtime_entryfn_get_context()/_put_context().
This is only legal on kernel-rt if the locks are raw stp_spinlocks.
* stapbpf.cxx (collect_uprobes, register_uprobes, unregister_uprobes): read uprobe
information from the .bo file, register/unregister uprobes via debugfs.
* tapsets.cxx (sort_for_bpf): create section names for each uprobe.
* tapsets.h: add necessary declarations.
* bpf_tests/uprobes.stp: smoke test for stapbpf uprobe support.
* bpf.exp: when running bpf_tests/uprobes.stp, spawn a process that triggers the test's probes.
Mark Wielaard [Sun, 22 Apr 2018 20:50:55 +0000 (22:50 +0200)]
dwflpp::resolve_prologue_endings should use dwarf_haspc, not highpc.
A function can have multiple non-consecutive ranges (for example when
a function is split into a hot and cold part, that are put in separate
sections). resolve_prologue_endings would use the highpc attribute of
a function DIE to see if an address was "beyond" the function (and so
also beyond the prologue). That could cause unexpected errors when
the DIE didn't have a highpc, but only a lowpc and ranges attribute.
Use dwarf_haspc () instead to test whether an address is inside a
function.
See also https://sourceware.org/ml/systemtap/2018-q2/msg00029.html
RHBZ1552745: staprun to set /proc/sys/kernel/kptr_restrict=1 on linux >= v4.15
Kernels >= 4.15 obscure /sys/module/$MODULE/section/$SECTION pointers
even to root users, unless kptr_restrict is set to 1. Since we need
this information unobscured for module section-address configuration
at module startup, set that flag, unless $STAP_BZ1552745_OVERRIDE
exists.
PR22991: Store escape sequence pointer before early break
runtime/stp_string.c (_stp_text_str): Capture the escape sequence
pointer before a possible while loop break instead of after. Needed
for correct truncation of UTF-8 literals. Also rename variable 'len'
to 'esc_len' for better clarity.
Mark Wielaard [Wed, 18 Apr 2018 13:00:24 +0000 (15:00 +0200)]
Make kernel DWARF unwinder work with ksalr.
The .debug_frame loaded from disk is already relocated against the
expected load offset of the kernel, but the actual static (load)
address might be different (with kaslr). So adjust the startLoc
for that difference when reading any address from the unwind table.
David Smith [Tue, 17 Apr 2018 16:04:30 +0000 (11:04 -0500)]
Change the http docker backend to use the docker image as a sysroot.
* httpd/backends.cxx (docker_backend::generate_module): Switch from
running systemtap in the docker container to mounting the container and
using it as a sysroot.
* httpd/docker/fedora.json: Update the docker container to run
"symlinks".
* httpd/docker/centos.json: Ditto.
Code for newer kernels did not clear the address of the notes-section
when a probed module was unloaded. This caused spurious Build-id mismatch
when the module was reinserted as new addresses are not computed for
dynamically loaded modules (see also: PR23068) and the Build-id check
was trying to read the notes section at the no-longer-valid old address.
* runtime/sym.c (_stp_module_notifier): clear addresses on
MODULE_STATE_GOING in newer kernels (>=3.10) too.
* runtime/transport/symbols.c (_stp_kmodule_update_address): fix logic
error and clear notes section addr when reloc=NULL (aka. 'all').
David Smith [Tue, 17 Apr 2018 15:26:48 +0000 (10:26 -0500)]
Fix httpd/docker/fedora_install_package.py to correctly handle file paths.
* httpd/docker/fedora_install_package.py (PkgSystem.build_id_is_valid):
Handle 'UsrMove' feature by just comparing file basenames, instead of
full paths.
Mark Wielaard [Tue, 17 Apr 2018 12:36:13 +0000 (14:36 +0200)]
linux runtime: Add support for new kernel unwind fallback.
In newer kernels dump_trace got replaced by a new unwind infrastructure.
Add a new autoconf-unwind-stack-trace.c to detect whether we can use it.
Extend the runtime/stack.c _stp_stack_print_fallback with a new pt_regs*
argument. Update all callers and add dbug_unwind output to show which
fallback unwinder we are selecting (or if we are just giving up).
Rename the struct unwind_state in unwind.c and unwind.h to uw_state
because the old name now conflicts with the one used in the kernel.
David Smith [Mon, 16 Apr 2018 21:27:00 +0000 (16:27 -0500)]
Redirect all 'clog' output from the http server to the log file.
* httpd/main.cxx (parse_cmdline): Also send 'clog' output to the log file.
* nsscommon.cxx (start_log): Added an option to redirect 'clog' output to
the log file.
* nsscommon.h: Update start_log() prototype.
David Smith [Fri, 13 Apr 2018 13:15:29 +0000 (08:15 -0500)]
Clean up some http server memory leaks found by valgrind.
* httpd/api.cxx (resource::~result_info): New function.
(build_info::~build_info): Be sure to erase the result from the results
list.
(result_infos_erase): New function.
* httpd/backends.cxx (backends_atexit_handler): New function.
(get_backends): Run backends_atexit_handler() at exit.
* httpd/backends.h: Add virtual backend_base destructor.
* httpd/server.cxx (get_key_values): Call json_object_put() to free the
created json object.
David Smith [Wed, 11 Apr 2018 13:11:16 +0000 (08:11 -0500)]
The http server code now cleans up environment variables.
* httpd/api.cxx (response build_collection_rh::POST): Clean up the
environment variable list the client sends the server.
* httpd/main.cxx (main): Clean up the environment variables.