This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
[Bug tapsets/15731] New: syscall.execve probe alias broken on rawhide
- From: "dsmith at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: systemtap at sourceware dot org
- Date: Thu, 11 Jul 2013 21:14:34 +0000
- Subject: [Bug tapsets/15731] New: syscall.execve probe alias broken on rawhide
- Auto-submitted: auto-generated
http://sourceware.org/bugzilla/show_bug.cgi?id=15731
Bug ID: 15731
Summary: syscall.execve probe alias broken on rawhide
Product: systemtap
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: tapsets
Assignee: systemtap at sourceware dot org
Reporter: dsmith at redhat dot com
The syscall.execve probe alias is broken on rawhide
(3.11.0-0.rc0.git2.1.fc20.x86_64), pointed out by
testsuite/systemtap.base/pointer_array.exp:
====
# stap -e 'probe syscall.execve { if (pid() == target()) { printf("exec\n") }
}' -c /usr/bin/true
====
Here's the problem. In the syscall tapset, syscall.execve is defined like this:
====
# execve _____________________________________________________
# int sys_execve(struct pt_regs regs)
# which breaks out the args and immediately calls
# int do_execve(char * filename,
# char __user *__user *argv,
# char __user *__user *envp,
# struct pt_regs * regs)
probe syscall.execve = kernel.function("do_execve").call
{
name = "execve"
filename = kernel_string($filename)
# kernel 3.0 changed the pointer's name to __argv
__argv = @choose_defined($__argv, $argv)
args = __get_argv(__argv, 0)
argstr = sprintf("%s %s", filename, __get_argv(__argv, 1))
}
====
In current kernel sources, sys_execve is defined like this:
====
SYSCALL_DEFINE3(execve,
const char __user *, filename,
const char __user *const __user *, argv,
const char __user *const __user *, envp)
{
struct filename *path = getname(filename);
int error = PTR_ERR(path);
if (!IS_ERR(path)) {
error = do_execve(path->name, argv, envp);
putname(path);
}
return error;
}
====
The problem is that do_execve() is (evidently) inlined in sys_execve, so we're
missing it:
====
# stap -l 'kernel.function("do_execve").*'
kernel.function("do_execve@fs/exec.c:1584").call
kernel.function("do_execve@fs/exec.c:1584").exported
kernel.function("do_execve@fs/exec.c:1584").inline
kernel.function("do_execve@fs/exec.c:1584").return
====
We'll need to re-examine the need for using 'do_execve' instead of
'sys_execve'.
Also note that nd_syscall.execve is probably also broken.
--
You are receiving this mail because:
You are the assignee for the bug.