David Smith [Thu, 2 Dec 2010 20:05:39 +0000 (14:05 -0600)]
Fixed possible string buffer overruns in several embedded-C functions.
* tapset/socket.stp (sock_flags_num2str): Use strlcat() instead of
strcat() to guard against buffer overruns. Instead of creating the
string in a temporary variable and then copying it to THIS->__retvalue,
just create the string in THIS->__retvalue.
(msg_flags_num2str): Ditto.
* tapset/inet_sock.stp (daddr_to_string): Use snprintf() instead of
sprintf() to guard against buffer overruns.
* tapset/signal.stp (sigset_mask_str): Ditto.
* tapset/s390/nd_syscalls.stp (get_32mmap_args): Use strlcat()/snprintf()
instead of strcat()/sprintf() to guard against buffer overruns.
* tapset/s390/syscalls.stp: Removed unused function get_32mmap_args().
* tapset/aux_syscalls.stp: Minor string-related fixes.
* tapset/string.stp: Ditto.
David Smith [Tue, 30 Nov 2010 20:18:22 +0000 (14:18 -0600)]
Fixed BZ624657 by fixing timing issues in the initscript.
* initscript/systemtap.in (start_script): Make sure we wait until the pid
file has been written before trying to use it.
(stop_script): Check to see if the module has been really unloaded
before declaring success.
Josh Stone [Tue, 30 Nov 2010 00:16:22 +0000 (16:16 -0800)]
Add configure --disable-sdt-probes
This new option turns off SDT markers in our own binaries. This doesn't
change the ability to probe SDT in other applications.
* configure.ac: Add --disable-sdt-probes.
* runtime/staprun/configure.ac: Ditto.
* includes/stap-probe.h: Define PROBE[N] depending on ENABLE_SDT_PROBES.
* *.cxx, runtime/staprun/*.[ch]: Use the indirect PROBE macros instead
of STAP_PROBE, so SDT can be disabled.
* (everything else): Regenerated with autoreconf.
(The change is bigger due to my newer autotools on F14 -- sorry...)
Frank Ch. Eigler [Sat, 27 Nov 2010 23:48:52 +0000 (18:48 -0500)]
PR10651 / RHBZ653286: mod_timer vs. del_timer_sync races
It appears possible for del_timer_sync (from outside) and mod_timer
(from within a timer callback) to race. Defeat this race by ensuring
that the timer callback checks an atomic_t flag before rescheduling
itself with mod_timer.
* runtime/transport/relay_v2.c (transport_state): Turn into an atomic_t.
Update users.
(__stp_relay_wakeup_timer): Observe flag.
(_stp_transport_data_fs_{start,stop}): Update flag before timer manipulations.
* runtime/transport/ring_buffer.c: Ditto for corresponding functions.
Dave Brolley [Thu, 25 Nov 2010 16:11:36 +0000 (11:11 -0500)]
Improved handling of uprobes.ko by compile-server and client.
- Server now returns uprobes.ko to client when required.
- New optional argument to staprun's -u option to specify the location
of uprobes module.
- Client uses new argument of -u to specify uprobes.ko returned by
the server.
- staprun still prefers already-loaded uprobes, built-in uprobes and
kernel-built uprobes over the one returned by the server.
- staprun verifies the signature of the uprobes module for unprivileged
users.
Josh Stone [Wed, 24 Nov 2010 00:13:55 +0000 (16:13 -0800)]
PR12138: Convert the user_int functions to kread
This uses our more-centralized mechanism for reading uncertain memory,
which also has the ability to read 8-byte values on i386 (not atomically).
* tapset/uconversions.stp: New, move the user_* functions here. The new
STP_GET_USER[_WARN] standardize all integer accesses through kread.
* tapset/conversions.stp: This is only for kernel functions now.
* doc/SystemTap_Tapset_Reference/tapsets.tmpl: Include uconversions.
* testsuite/buildok/conversions.stp: Build the user_intNN too.
* testsuite/buildok/conversions-embedded.stp: Ditto.
Roland McGrath [Tue, 23 Nov 2010 02:33:35 +0000 (18:33 -0800)]
PR12139: test case for pointer to an incomplete type in probe argument
* testsuite/systemtap.base/sdt_types.c: Test a pointer to an incomplete type.
* testsuite/systemtap.base/sdt_types.stp: Use that new probe.
* testsuite/systemtap.base/sdt_misc.exp: Expect that.
Stan Cox [Mon, 22 Nov 2010 22:34:01 +0000 (17:34 -0500)]
Test sdt_types.c with c++.
sdt_misc.exp (type_language,type_language_mssgs,extra_type_mssgs) New.
Loop over for c++ testing. Improve error messages.
sdt_types.stp: Improve error messages.
Josh Stone [Fri, 19 Nov 2010 22:00:38 +0000 (14:00 -0800)]
Make lex_cast work numerically with [u]int8_t
These were getting treated by istream like char types, which would
always fail our generic template since eof isn't reached. There's not
much point to using lex_cast<char> anyway, since str[0] will do the
same, so I've specialized lex_cast with [u]int8_t to read numerically.
The only place we use this so far is in SDT V3 parsing constants. SDT
doesn't yet emit 1-byte arguments, but it may in the future.
* util.h (lex_cast<int8_t>): Read via int16_t to stay numeric.
(lex_cast<uint8_t>): Same, with uint16_t.
Josh Stone [Fri, 19 Nov 2010 04:42:33 +0000 (20:42 -0800)]
sdt_types: remove manual type-casting
For now, remove the int() and short() typecasting, as it seems to be
working without. We should try as much as possible to fix these issues
in the translator and/or sdt.h before masking it in the test.
Josh Stone [Fri, 19 Nov 2010 04:06:52 +0000 (20:06 -0800)]
Cast the proper sign and size of SDT constant args
* tapsets.cxx (sdt_uprobe_var_expanding_visitor::visit_target_symbol):
For the constant case, we still need to do some typecasting, as gcc
doesn't necessarily match the sign of the constant to the type.
Josh Stone [Fri, 19 Nov 2010 03:32:56 +0000 (19:32 -0800)]
Cast the proper sign and size of SDT register args
* tapsets.cxx (sdt_uprobe_var_expanding_visitor::visit_target_symbol):
For the REGISTER case, insert a typecast to deal with truncation and
sign-extension of the argument as needed.
Stan Cox [Wed, 17 Nov 2010 16:57:04 +0000 (11:57 -0500)]
Add user_{int8,int16,uint16,int32,uint32,int64}.
* conversions.stp (STP_GET_USER): New. Use it to define...
(user_{int{8,16,32,64},uint{16,32}}) New. Names derive from types.h.
(user_char,user_short,user_int): Use STP_GET_USER.
* tapsets.cxx (uprobe_var_expanding_visitor::visit_target_symbol):
Use user_intN tapsets.
* sdt_types.c (unsigned_short_int_var,unsigned_int_var): New
* sdt_types.stp (unsigned_short_int_var,unsigned_int_var): New
We would like to thank Tavis Ormandy for reporting this issue.
* runtime/staprun/staprun.c (enable_uprobes): Don't run /sbin/modprobe
directly, since it takes more inputs than we have tried to sanitize.
(remove_module): Call init_ctl_channel on putative stap module name,
to check that it's our own stap module.
(init_staprun): Do remove/retry via remove_module rather than
underchecked delete_module(2).
* runtime/staprun/ctl.c (init_ctl_channel): Check ownership of
.ctl files, to preclude manipulation of some other stapusr member's modules.
* runtime/staprun/Makefile.am, systemtap.spec: Install staprun as
mode 04110, group stapusr.
* README.security, runtime/staprun/staprun.8: Note new stapdev/stapusr
joint requirements.
Josh Stone [Tue, 16 Nov 2010 21:20:53 +0000 (13:20 -0800)]
Add a fallback for kernels not exporting add_timer_on
Commit 3fd1c49 regressed for kernels which don't EXPORT add_timer_on.
* buildrun.cxx (compile_pass): Test for add_timer_on's export.
* runtime/time.c (_stp_init_time, __stp_init_time): Restore the
IPI-add_timer as a fallback.
Josh Stone [Tue, 16 Nov 2010 02:08:58 +0000 (18:08 -0800)]
PR11735: Hash ldd/vdso unwindsym_modules too
* translate.cxx (prepare_symbol_data): Do add_unwindsym_ldd/vdso here.
(prepare_translate_pass): Call above, and placeholder for the future.
* main.cxx (passes_0_4): Call prepare_translate_pass before checking the
cache, so we have more complete unwindsym_modules.
Josh Stone [Sat, 13 Nov 2010 01:14:52 +0000 (17:14 -0800)]
uprobes: Clean up after vfork-exec
When a vfork'ed thread execs, we don't want to remove the probes from
the vfork parent, but we still need to clean up the thread associations.
Otherwise, the newly-execed process won't have the right accounting for
its SSOL area.
* runtime/uprobes2/uprobes.c (uprobe_report_exec): Clean up thread info
when a vfork'ed task execs.
* runtime/uprobes/uprobes.c (uprobe_report_exec): Ditto.
Josh Stone [Thu, 11 Nov 2010 21:11:50 +0000 (13:11 -0800)]
PR12164: Emit kprobes-sdt goo only when needed
This stuff is only used for apps compiled with EXPERIMENTAL_KPROBE_SDT,
so we don't need it most of the time.
* runtime/kprobes-common.c (stap_kprobe_process_found,
stap_kprobe_mmap_found): Only create #ifdef KPROBES_TASK_FINDER.
* tapsets.cxx (dwarf_derived_probe::join_group): Only enable_task_finder
in the session if a semaphore is present.
(dwarf_derived_probe_group::enroll): Remember if any has_semaphores.
(dwarf_derived_probe_group::emit_module_decls): Predicate sdt and
task_finder code on has_semaphores.
(dwarf_derived_probe_group::emit_module_init): Ditto.
(dwarf_derived_probe_group::emit_module_exit): Ditto.
* runtime/staprun/staprun.c (send_a_relocation): Don't
complain about overlong names, except if very verbose.
Triple-check null termination of surviving strings.
PR11811: warn on missing unwind info with 'stap -d FOO'
* unwind.c (unwind_frame): Demote common warnings to dbug_unwind messages.
(unwind): Print a warning for unwind operations foiled by modules that
did not have pre-uploaded unwind data.
* buildrun.cxx (compile_pass): Check for exported __module_text_address.
Extend the print_*backtrace symbol names with the full path
of the user-space ELF module, not just the basename. This
requires saving a char[] copy in the __stp_tf_vma_entry
structure instead of a char* pointing into a dentry.d_name.
-DTASK_FINDER_VMA_ENTRY_PATHLEN governs copy length.
* runtime/task_finder_vma.c (__stp_tf_vma_entry): Change
char*name -> char[]path field. Update manipulating
functions accordingly.
* runtime/vma.c (_stp_vma_mmap_cb): Pass mmpath to tf-vma table
if available.
* testsuite/systemtap.context/usymbols.exp: Update for expected
full path in output string.
* NEWS: Mention change.
* runtime/sym.h (_STP_SYM_MODULE_BASENAME): New flag.
(_STP_SYM_SIMPLE): Include it.
* runtime/sym.c (_stp_snprint_addr): Process it.
Stan Cox [Sat, 6 Nov 2010 03:02:39 +0000 (23:02 -0400)]
Add build id support for user modules.
* sym.c (_stp_build_id_check): New. Moved the build id check code from
_stp_module_check and changed...
(_stp_module_check): to use it.
(_stp_usermodule_check): New. This is called from the
task manager callback stap_uprobe_change_plus for the process found and
mmap found cases.
* translate.cxx (dump_unwindsyms): Don't stop if it isn't a kernel module.
Set build_id_vaddr for user modules. Output module->build_id_offset as an
absolute address.
PR12195: pass user-space timezone at script startup
* runtime/transport/transpot_msgs.h: Declare STP_TZINFO message type.
* runtime/staprun/staprun.c (send_tzinfo): New function to send time zone
at startup.
* runtime/transport/control.c (_stp_ctl_write_cmd): Allow this message.
* runtime/transport/transport.c (_stp_handle_tzinfo): New function to
process this message and declare various globals.
* tapset/tzinfo.stp: New tapset to access those globals.
* testsuite/buildok/timestamp-embedded.stp: Extend test.
* NEWS: Mention tz_ctime().
* doc/SystemTap_Tapset_Reference/tapsets.tmpl: Extract docs from new tapset.
Josh Stone [Fri, 5 Nov 2010 21:45:59 +0000 (14:45 -0700)]
Make pfiles kneel before the frame-size overlord
In socket_optname, there's an optname_entries mapping array. On 64-bit,
each item is 24 bytes, so with 14 entries that's 336 bytes. That
doesn't need to be on the stack -- static const it is.
Josh Stone [Fri, 5 Nov 2010 19:16:22 +0000 (12:16 -0700)]
PR10821: Remove large stack variables from the unwinder
We tend to use the percpu CONTEXT as a pre-allocated stack, so add the
large unwinder variable there too.
* runtime/unwind.c (unwind, unwind_frame): Use an unwind_context
parameter for the larger data needed.
* runtime/stack-$arch.c (__stp_stack_print): Add the unwind_context
parameter, and use it for the x86 versions with a dwarf unwinder.
* runtime/stack.c (_stp_stack_print, _stp_stack_sprint): Add the
unwind_context parameter and pass it along.
* translate.cxx (c_unparser::emit_common_header): Add unwind_context the
the global CONTEXT when we NEED_UNWIND_DATA.
* tapset/context-unwind.stp (*backtrace): Use CONTEXT->uwcontext.
* tapset/ucontext-unwind.stp (*backtrace): Use CONTEXT->uwcontext.
* buildrun.cxx (compile_pass): Tighten the frame warning to 256 bytes.
David Smith [Thu, 4 Nov 2010 21:30:09 +0000 (16:30 -0500)]
Updated memory.stp, rpc.stp, task.stp, and vfs.stp for 2.6.36.
* tapset/memory.stp (vm.oom_kill): Added oom_kill_process().
* tapset/rpc.stp (sunrpc.clnt.call_sync): Updated for 2.6.36.
(sunrpc.clnt.call_async): Ditto.
* tapset/task.stp (task_gid): Updated for 2.6.36 by defining and using
task_gid().
(task_egid): Updated for 2.6.36 by defining and using task_egid().
* tapset/vfs.stp (_vfs.block_prepare_write): Update for 2.6.36 by using
__block_write_begin() as an alternative to __block_prepare_write().
(_vfs.block_write_begin): Updated for 2.6.36.
Josh Stone [Thu, 4 Nov 2010 02:27:54 +0000 (19:27 -0700)]
Test that uprobes supports "rep ret"
We've made a special case in uprobes to support this sequence, since it
does occur in normal gcc output, so make sure of that. At the same
time, test that we reject other prefixes like "repnz ret", even though
we might be able to support them after more analysis.
Josh Stone [Wed, 3 Nov 2010 17:34:39 +0000 (10:34 -0700)]
uprobes: Fix post_ssout handling of "rep ret" on x86
That odd sequence is apparently used to coerce better behavior from the
branch predictor on AMD K8. GCC does this, so we need to be prepared to
deal with it.
In uprobe_post_ssout, most instructions just need a relative %ip fixup
after single-stepping out-of-line. A few are special though, either
because their new %ip is not relative, or because their return address
on the stack needs that relative SSOL adjustment, or even both. This
oddball "rep ret" is such a case, but we were missing the proper fixup
due to the unexpected prefix.
This patch moves that ip-fixup decoding to the validation phase in
setup_uprobe_post_ssout, saving the flags UPFIX_RETURN and UPFIX_ABS_IP
as needed. In this same step, we reject probing these instructions if
they have a prefix, as we haven't determined the correct behavior for
them. For "rep ret" we make an explicit exception, since we know that
behaves just like a bare "ret".
Josh Stone [Tue, 2 Nov 2010 21:01:23 +0000 (14:01 -0700)]
Improve gettimeofday stability
These are a few tweaks to improve the stability of our gettimeofday
startup and shutdown. Hopefully this helps with PR10651 and PR12182,
but that's not been confirmed yet.
* runtime/runtime.h: Don't include time.c here.
* translate.cxx (c_unparser::emit_common_header): Include time.c here,
only if NEEDed (so we also ensure init/kill_time will be called).
(c_unparser::emit_module_init): Change to STAP_SESSION_STOPPED for the
final cleanup efforts, especially for time.c to wrap up.
(c_unparser::emit_module_exit): Ditto.
* runtime/time.c (__stp_time_timer_callback): Use the session_state
instead of stp_timer_reregister, and continue until STOPPED.
(__stp_init_time): Don't add_timer from the IPI.
(_stp_init_time): Instead, add_timer_on each cpu here.
The kmodule.stp test case could evoke a double-free of module-info
structs, since these were shared pointers, and not managed by GC.
Oh yeah, what GC, in the year 2010.
* dwflpp.cxx (dwflpp dtor): Don't delete shared mod_info ptr.
(module_cache dtor): New function.
* dwflpp.h: Declare.
* tapsets.cxx (delete_session_module_cache): New function.
(several::build_no_more): Call it.
(dwarf_build_no_more): Use delete_map<> template.
David Smith [Mon, 1 Nov 2010 20:37:23 +0000 (15:37 -0500)]
Improved fork/vfork tests for RHEL5.
* testsuite/systemtap.clone/dtrace_fork_exec.exp: Improve output string to
handle parent/child execution order differences.
* testsuite/systemtap.clone/dtrace_vfork_parent.c: Added include files to
avoid compile error on RHEL5.
* testsuite/systemtap.clone/dtrace_vfork_parent.c: Ditto.
David Smith [Mon, 1 Nov 2010 20:32:57 +0000 (15:32 -0500)]
Improve handling of vfork'ed processes for uprobes version 1.
* runtime/uprobes/uprobes.c (insert_bkpt): Don't log EEXIST errors (since
systemtap inserts duplicate probes).
(uprobe_report_exec): Only cleanup if this is the last thread. Without
this change, vfork'ed processes doing an exec weren't handled correctly.
Frank Ch. Eigler [Thu, 28 Oct 2010 22:42:35 +0000 (18:42 -0400)]
PR12169: fix tokenize()
* tapset/tokenize.stp: New file for tokenize(). Use per-context statics.
* doc/SystemTap_Tapset_Reference/tapsets.tmpl: Pull it into new docs.
* tapset/string.stp: Remove old tokenize() code.
* translate.cxx (emit_common_header): Add STAP_NEED_CONTEXT_TOKENIZE bits.
(translate_pass): Emit global %{ %} embeds before context definition.