* [Bug tapsets/15731] New: syscall.execve probe alias broken on rawhide
@ 2013-07-11 21:14 dsmith at redhat dot com
2013-07-12 19:41 ` [Bug tapsets/15731] " dsmith at redhat dot com
0 siblings, 1 reply; 2+ messages in thread
From: dsmith at redhat dot com @ 2013-07-11 21:14 UTC (permalink / raw)
To: systemtap
http://sourceware.org/bugzilla/show_bug.cgi?id=15731
Bug ID: 15731
Summary: syscall.execve probe alias broken on rawhide
Product: systemtap
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: tapsets
Assignee: systemtap at sourceware dot org
Reporter: dsmith at redhat dot com
The syscall.execve probe alias is broken on rawhide
(3.11.0-0.rc0.git2.1.fc20.x86_64), pointed out by
testsuite/systemtap.base/pointer_array.exp:
====
# stap -e 'probe syscall.execve { if (pid() == target()) { printf("exec\n") }
}' -c /usr/bin/true
====
Here's the problem. In the syscall tapset, syscall.execve is defined like this:
====
# execve _____________________________________________________
# int sys_execve(struct pt_regs regs)
# which breaks out the args and immediately calls
# int do_execve(char * filename,
# char __user *__user *argv,
# char __user *__user *envp,
# struct pt_regs * regs)
probe syscall.execve = kernel.function("do_execve").call
{
name = "execve"
filename = kernel_string($filename)
# kernel 3.0 changed the pointer's name to __argv
__argv = @choose_defined($__argv, $argv)
args = __get_argv(__argv, 0)
argstr = sprintf("%s %s", filename, __get_argv(__argv, 1))
}
====
In current kernel sources, sys_execve is defined like this:
====
SYSCALL_DEFINE3(execve,
const char __user *, filename,
const char __user *const __user *, argv,
const char __user *const __user *, envp)
{
struct filename *path = getname(filename);
int error = PTR_ERR(path);
if (!IS_ERR(path)) {
error = do_execve(path->name, argv, envp);
putname(path);
}
return error;
}
====
The problem is that do_execve() is (evidently) inlined in sys_execve, so we're
missing it:
====
# stap -l 'kernel.function("do_execve").*'
kernel.function("do_execve@fs/exec.c:1584").call
kernel.function("do_execve@fs/exec.c:1584").exported
kernel.function("do_execve@fs/exec.c:1584").inline
kernel.function("do_execve@fs/exec.c:1584").return
====
We'll need to re-examine the need for using 'do_execve' instead of
'sys_execve'.
Also note that nd_syscall.execve is probably also broken.
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Bug tapsets/15731] syscall.execve probe alias broken on rawhide
2013-07-11 21:14 [Bug tapsets/15731] New: syscall.execve probe alias broken on rawhide dsmith at redhat dot com
@ 2013-07-12 19:41 ` dsmith at redhat dot com
0 siblings, 0 replies; 2+ messages in thread
From: dsmith at redhat dot com @ 2013-07-12 19:41 UTC (permalink / raw)
To: systemtap
http://sourceware.org/bugzilla/show_bug.cgi?id=15731
David Smith <dsmith at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #1 from David Smith <dsmith at redhat dot com> ---
Fixed in commit 774a227. Fixed syscall.execve, syscall.compat_execve (and the
nd_syscall variants). Added a new test, systemtap.base/execve.exp.
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-07-12 19:41 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-07-11 21:14 [Bug tapsets/15731] New: syscall.execve probe alias broken on rawhide dsmith at redhat dot com
2013-07-12 19:41 ` [Bug tapsets/15731] " dsmith at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).