From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 28879 invoked by alias); 5 Dec 2011 13:36:28 -0000 Received: (qmail 28564 invoked by uid 22791); 5 Dec 2011 13:36:27 -0000 X-SWARE-Spam-Status: No, hits=-2.2 required=5.0 tests=AWL,BAYES_00,LOTS_OF_MONEY,RP_MATCHES_RCVD X-Spam-Check-By: sourceware.org Received: from arroyo.ext.ti.com (HELO arroyo.ext.ti.com) (192.94.94.40) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Mon, 05 Dec 2011 13:36:04 +0000 Received: from dlep36.itg.ti.com ([157.170.170.91]) by arroyo.ext.ti.com (8.13.7/8.13.7) with ESMTP id pB5Da3s8030310 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 5 Dec 2011 07:36:03 -0600 Received: from dlep26.itg.ti.com (smtp-le.itg.ti.com [157.170.170.27]) by dlep36.itg.ti.com (8.13.8/8.13.8) with ESMTP id pB5Da3NN011338 for ; Mon, 5 Dec 2011 07:36:03 -0600 (CST) Received: from DNCE73.ent.ti.com (localhost [127.0.0.1]) by dlep26.itg.ti.com (8.13.8/8.13.8) with ESMTP id pB5Da2Wc002589 for ; Mon, 5 Dec 2011 07:36:02 -0600 (CST) Received: from DNCE03.ent.ti.com ([fe80::19cb:d761:16a6:9b51]) by DNCE73.ent.ti.com ([fe80::a454:462:d009:b2c%21]) with mapi id 14.01.0323.003; Mon, 5 Dec 2011 14:36:02 +0100 From: "Turgis, Frederic" To: SystemTap Subject: "module privilege check" breaks (cross-)compilation due to libelf dependency Date: Mon, 05 Dec 2011 13:58:00 -0000 Message-ID: <28BE1A38672C8B4481BB423D0FD1F22E01BC1426@DNCE03.ent.ti.com> x-exclaimer-md-config: f9c360f5-3d1e-4c3c-8703-f45bf52eff6b Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-IsSubscribed: yes Mailing-List: contact systemtap-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: systemtap-owner@sourceware.org X-SW-Source: 2011-q4/txt/msg00290.txt.bz2 Hi, Commit "bb4470cacb3f7ce5161f9e8a1b7c37a87516a6c3 PR 13128: Implement module= privilege check in staprun." has broken my cross-compilation environment t= o build "staprun" tool for ARM android (I do 4 first steps on host, staprun= step on target), see end of mail. Having a deeper look, there is in fact code in staprun_funcs.c that require= s libelf like find_section_in_module() and get_module_required_credentials(= ) (Elf_Scn for example) and that is not surrounded by HAVE_LIBELF_H or HAVE= _ELF_GETSHDRSTRNDX I never had libelf in my ARM filesystem, I am using --with-elfutils but con= figure.ac in runtime/staprun states that "We link only against the system e= lfutils. Connecting to a bundled elfutils build (stap/configure --with-elf= utils=3DPATH) is too tricky to bother with" I have then removed some code in a very hackish way to make it work (see be= low, basically the analysis of section STAP_PRIVILEGE_SECTION of module) bu= t I am not sure if this is aligned with the goal of the author. Script executes fine on target but I am "root" so this can hide some other = issue BUILD FAILURE: CC staprun-staprun_funcs.o staprun_funcs.c:237: error: expected '=3D', ',', ';', 'asm' or '__attribute= __' before '*' token staprun_funcs.c: In function 'get_module_required_credentials': staprun_funcs.c:587: error: 'Elf_Scn' undeclared (first use in this functio= n) staprun_funcs.c:587: error: (Each undeclared identifier is reported only on= ce staprun_funcs.c:587: error: for each function it appears in.) staprun_funcs.c:587: error: 'scn' undeclared (first use in this function) staprun_funcs.c:588: error: 'Elf_Data' undeclared (first use in this functi= on) staprun_funcs.c:588: error: 'data' undeclared (first use in this function) staprun_funcs.c:589: error: 'GElf_Shdr' undeclared (first use in this funct= ion) staprun_funcs.c:589: error: expected ';' before 'shdr' Hackish patch: diff --git a/runtime/staprun/staprun_funcs.c b/runtime/staprun/staprun_func= s.c index 163a0ce..17265f3 100644 --- a/runtime/staprun/staprun_funcs.c +++ b/runtime/staprun/staprun_funcs.c @@ -233,14 +233,14 @@ find_section_in_module(const void* module_file, const= __off_t st_size, const cha } return scn; } -#else /* no elf */ -static Elf_Scn * -find_section_in_module(const void* v __attribute__((unused)), - const __off_t o __attribute__((unused)), - const char *c __attribute__((unused))) -{ - return NULL; -} +//#else /* no elf */ +//static Elf_Scn * +//find_section_in_module(const void* v __attribute__((unused)), +// const __off_t o __attribute__((unused)), +// const char *c __attribute__((unused))) +//{ +// return NULL; +//} #endif int @@ -582,6 +582,7 @@ check_uprobes_module_path ( * Returns the required credentials if they can be determined or the defau= lt safe required * credentials otherwise. */ +#if 0 static privilege_t get_module_required_credentials (const void* module_fil= e, const __off_t st_size) { Elf_Scn *scn =3D 0; @@ -645,7 +646,7 @@ static privilege_t get_module_required_credentials (con= st void* module_file, con /* ALl is ok. Return the extrated privilege data. */ return privilege; } - +#endif /* * Check the user's group membership. * @@ -668,8 +669,9 @@ check_groups ( off_t module_size ) { - privilege_t user_credentials, module_required_credentials; - + privilege_t user_credentials;//, module_required_credentials; +module_data =3D NULL; +module_size =3D 0; /* Lookup the user's privilege credentials. */ user_credentials =3D get_privilege_credentials (); @@ -684,6 +686,7 @@ check_groups ( if (pr_contains (user_credentials, pr_stapsys)) return 1; +#ifdef HAVE_LIBELF_H /* For stapusr users, we must verify that the module was compiled for = that privilege level. */ module_required_credentials =3D get_module_required_credentials (modul= e_data, module_size); if (pr_contains (user_credentials, pr_stapusr)) { @@ -700,8 +703,8 @@ check_groups ( if (user_credentials =3D=3D pr_none) return -2; - return 0; +#endif } /* Not fatal. The module could still be on a blessed path. */ Regards Fred Frederic Turgis OMAP Platform Business Unit - OMAP System Engineering - Platform Enablement= - System Multimedia Texas Instruments France SA, 821 Avenue Jack Kilby, 06270 Villeneuve Loubet= . 036 420 040 R.C.S Antibes. Capital de EUR 753.920