fche changed the topic of #systemtap to: http://sourceware.org/systemtap; email systemtap@sourceware.org if answers here not timely, conversations may be logged
drsmith has joined #systemtap
drsmith has left #systemtap [#systemtap]
hpt has joined #systemtap
p53ud0nym has quit [Ping timeout: 276 seconds]
p53ud0nym has joined #systemtap
ravi_ has joined #systemtap
ego has joined #systemtap
hkshaw has joined #systemtap
srikar_away is now known as srikar
naveen1 has joined #systemtap
ego has quit [Ping timeout: 276 seconds]
hkshaw has quit [Ping timeout: 250 seconds]
hkshaw has joined #systemtap
naveen2 has joined #systemtap
naveen1 has quit [Ping timeout: 246 seconds]
ego has joined #systemtap
hpt has quit [Ping timeout: 252 seconds]
hpt has joined #systemtap
hkshaw has quit [Quit: Leaving.]
hkshaw has joined #systemtap
naveen1 has joined #systemtap
naveen2 has quit [Ping timeout: 240 seconds]
hpt has quit [Ping timeout: 258 seconds]
naveen1 has quit [Quit: Leaving.]
naveen1 has joined #systemtap
naveen1 has quit [Quit: Leaving.]
naveen1 has joined #systemtap
lorddoskias1 has joined #systemtap
wcohen has quit [Ping timeout: 244 seconds]
<lorddoskias1> is vmlinux + source the only files required when using systemtap? I'm getting the following error when using stap -L emantic error: while resolving probe point: identifier 'kernel' at <input>:1:7. Running with increased verbosity showed that System.map is not found, and also vmlinux.id, however
<lorddoskias1> /sys/kernel/notes is there
ph7 has joined #systemtap
naveen has joined #systemtap
naveen1 has quit [Ping timeout: 240 seconds]
hkshaw1 has joined #systemtap
hkshaw has quit [Quit: Leaving.]
hkshaw1 has quit [Read error: Connection reset by peer]
hkshaw has joined #systemtap
naveen1 has joined #systemtap
naveen has quit [Ping timeout: 258 seconds]
ego has quit [Ping timeout: 246 seconds]
ego has joined #systemtap
hkshaw has quit [Ping timeout: 246 seconds]
ego has quit [Ping timeout: 244 seconds]
naveen1 has quit [Quit: Leaving.]
naveen has joined #systemtap
naveen has quit [Client Quit]
naveen1 has joined #systemtap
naveen2 has joined #systemtap
naveen1 has quit [Ping timeout: 260 seconds]
srikar is now known as srikar_away
mjw has joined #systemtap
naveen2 has quit [Quit: Leaving.]
ravi_ has quit [Ping timeout: 260 seconds]
<lorddoskias1> fche: hey, if i use 'return' in a probe, would that cause the probed functino to be short circuited and exit early?
<fche> in a probe { } you use 'next' to leave early
<fche> in a function { } you use 'return' (or 'next' to retry another alternative function - that's a very recent addition)
<lorddoskias1> i'm using stap 3.0
<lorddoskias1> also, when i run stap -g -m - r why does systemtap run the script and not just compile the instrumentation module?
<lorddoskias1> i have to also use -k to actually get the .ko file
<lorddoskias1> AND kill stap :)
<lorddoskias1> and then get thef ile
<lorddoskias1> also, if i want to access a define, which is located in a file.h for example i first do the %{ #include <linux/file.h %} and then refer to the define inside the problem or should i also
<lorddoskias1> put the code which is referring to the define in %{ %}
hkshaw has joined #systemtap
mbenitez has joined #systemtap
<fche> stap -p4
<fche> to just compile
<lorddoskias1> yes, indeed, just saw that in the documentation of staprun, btw you might want to add this information to this page: https://www.sourceware.org/systemtap/SystemTap_Beginners_Guide/cross-compiling.html
<lorddoskias1> e.g. make it a bit more explicit :)
drsmith has joined #systemtap
hpt has joined #systemtap
<lorddoskias1> fche: what do the following mean, when i try to run staprun: ERROR: Cannot attach to module iptables_cve_fix_4_4_10_clouder3 control channel; not running?
<lorddoskias1> ERROR: Cannot attach to module iptables_cve_fix_4_4_10_clouder3 control channel; not running?
<lorddoskias1> ERROR: 'iptables_cve_fix_4_4_10_clouder3' is not a zombie systemtap module.
<fche> how are you running staprun ?
<lorddoskias1> just staprun
<lorddoskias1> presumably i need to use just -l?
<fche> hm, and how did you make that iptables* .ko file exactly?
<lorddoskias1> stap -p4 -g -k -m iptables_cve_fix -r /home/projects/kernel-releases/linux-4.4.10-clouder3/linux-4.4.10-clouder3 ipt_so_replace.stp
<fche> so you renamed that .ko with the _4_4_10_.... suffix?
<fche> have you tried without that?
<lorddoskias1> yep, it works
<lorddoskias1> i'm feeling a bit dumb now :d
<fche> np
<fche> not sure off the top of my head why that matters
<lorddoskias1> btw, regarding my previous question about short circuiting a probe
<lorddoskias1> what if i want to short circuit a functino i'm probing?
<fche> ah, that you cannot do directly
tromey has joined #systemtap
<fche> re. the beginner's guide -- the sources of that book are checked into git; would you consider adding the wording you think is missing?
<fche> (doc/SystemTap_Beginners_Guide/en-US ...)
<lorddoskias1> ok i can do that a bit later
<fche> that'd be great
<lorddoskias1> what i can do in my case
drsmith is now known as drsmith_away
<lorddoskias1> is actually modify an input paramter, which i'm currently doing, hence the -g flag
<lorddoskias1> that's the script
<fche> yeah, that's a more typical cve band-aid approach.
drsmith_away is now known as drsmith
<fche> (we'd love to include such in the testsuite/systemtap.examples btw)
<lorddoskias1> well, this one just disable the IPT_SO_SET_REPLACE in compat mode
<fche> that's just fine
<lorddoskias1> regarding the latest CVE which were fixed: http://www.openwall.com/lists/oss-security/2016/06/24/5
<fche> testsuite/systemtap.examples/security-band-aids has similar ones already
<lorddoskias1> i would have liked to make something along the lines "if () { <maybe inline c> return </maybe inline c> }
<lorddoskias1> is there something like that ?
<fche> not really; the kernel does not provide facilities for us to arbitrarily modify its code
<lorddoskias1> fair
<lorddoskias1> and do i need the target's kernel vmlinux on the target machine
<lorddoskias1> or it's enough if i have it on the host, building the module?
drsmith is now known as drsmith_away
ph7 has quit [Quit: Leaving.]
ph7 has joined #systemtap
<fche> you can cross-compile stap modules (stap -r ....) if necessary
scox has quit [Ping timeout: 240 seconds]
<lorddoskias1> yeah, that's what i'm doing
<lorddoskias1> my point was once the module is compiled it's a self-container entity and doesn't need anything external
<lorddoskias1> (apart form the kernel being compiled with kprobes support of course :) )
rth has joined #systemtap
brolley has joined #systemtap
<lorddoskias1> fche: and what would be the correct way to load the module to apply the bandaid staprun -L ?
<fche> sure
<lorddoskias1> what about direct modprobe?
<fche> not enough to start the thing
<fche> you need staprun to communicate with the module
<lorddoskias1> right, staprun -L it is :)
ego has joined #systemtap
drsmith_away is now known as drsmith
scox has joined #systemtap
srikar_away is now known as srikar
ravi_ has joined #systemtap
ravi_ has quit [Quit: Leaving]
ph71 has joined #systemtap
ph7 has quit [Ping timeout: 260 seconds]
hpt has quit [Quit: Lost terminal]
mjw has quit [Quit: Leaving]
irker483 has joined #systemtap
<irker483> systemtap: dsmith systemtap.git:refs/heads/master * release-3.0-134-gdeca8be / tapset/linux/ia64/aux_syscalls.stp tapset/linux/syscalls2.stp testsuite/systemtap.unprivileged/unprivileged_embedded_C.exp: Relocate ia64-specific _ia64_pipe[01] aux syscall functions. http://tinyurl.com/zfkac8w
ego has quit [Ping timeout: 246 seconds]
mbenitez has quit [Quit: To office]
detter has joined #systemtap
ph71 has quit [Quit: Leaving.]
mbenitez has joined #systemtap
cdleonard has quit [Remote host closed the connection]
<irker483> systemtap: n.borisov.lkml systemtap.git:refs/heads/master * release-3.0-135-g8a22062 / doc/SystemTap_Beginners_Guide/en-US/CrossInstrumenting.xml: Add the '-p4' options when exemplifying the module compilation http://tinyurl.com/h32vppc
naveen has joined #systemtap
hchiramm has quit [Remote host closed the connection]
naveen has quit [Quit: Leaving.]
scox has quit [Ping timeout: 276 seconds]
srikar is now known as srikar_away
<irker483> systemtap: dsmith systemtap.git:refs/heads/master * release-3.0-136-gec0920c / testsuite/systemtap.unprivileged/unprivileged_embedded_C.exp: Fix PR20298 by updating the unprivileged_embedded_C.exp test case. http://tinyurl.com/hef9f58
hchiramm has joined #systemtap
scox has joined #systemtap
<detter> How would I print out all of the system calls with only names and return values?
<detter> can I just do probe syscall?
<jistone> probe syscall.*.return { printf("%s = %s\n", name, retstr) }
<jistone> probably want some context too... pid(), tid(), execname(), ...
nkambo has quit [Ping timeout: 240 seconds]
<detter> jistone, thanks!!
<fche> nd_syscall.*.return may work almost as well, and without debuginfo
ton31337_ is now known as ton31337
nkambo has joined #systemtap
mjw has joined #systemtap
zodbot has quit [Quit: going away for a upgrade, back in a while]
wcohen has joined #systemtap
irker483 has quit [Quit: transmission timeout]
mbenitez has quit [Quit: Leaving]
zodbot has joined #systemtap
tromey has quit [Quit: ERC (IRC client for Emacs 25.0.95.1)]
hkshaw has quit [Quit: Leaving.]
brolley has left #systemtap [#systemtap]
drsmith is now known as drsmith_away
mjw has quit [Quit: Leaving]
detter has quit [Quit: Leaving]