#systemtap on 2019-04-15 — irc logs at freenode.irclog.whitequark.org

2015-11-12 23:18 fche changed the topic of #systemtap to: http://sourceware.org/systemtap; email systemtap@sourceware.org if answers here not timely, conversations may be logged

00:54 orivej has quit [Ping timeout: 255 seconds]

02:09 hpt has joined #systemtap

02:17 Amy1 has joined #systemtap

06:15 khaled has joined #systemtap

07:30 khaled has quit [Quit: Konversation terminated!]

07:44 khaled has joined #systemtap

07:52 slowfranklin has joined #systemtap

07:54 mjw has joined #systemtap

08:20 orivej has joined #systemtap

08:41 yog_ has joined #systemtap

09:04 hpt has quit [Ping timeout: 268 seconds]

10:13 sscox has quit [Ping timeout: 252 seconds]

10:22 khaled has quit [Remote host closed the connection]

10:29 khaled has joined #systemtap

10:41 khaled has quit [Remote host closed the connection]

12:25 slowfranklin has quit [Quit: slowfranklin]

12:30 yog_ has quit [Ping timeout: 250 seconds]

12:32 slowfranklin has joined #systemtap

12:33 orivej has quit [Ping timeout: 255 seconds]

12:33 wcohen has quit [Ping timeout: 255 seconds]

12:45 yog_ has joined #systemtap

12:53 sscox has joined #systemtap

13:28 wcohen has joined #systemtap

13:41 LeoB has joined #systemtap

13:41 LeoB has quit [Changing host]

13:41 LeoB has joined #systemtap

13:56 khaled has joined #systemtap

14:04 LeoB has quit [Remote host closed the connection]

14:07 khaled has quit [Remote host closed the connection]

14:14 khaled has joined #systemtap

14:17 khaled has quit [Remote host closed the connection]

14:30 khaled has joined #systemtap

14:44 yog_ has quit [Ping timeout: 250 seconds]

14:49 yog_ has joined #systemtap

15:07 orivej has joined #systemtap

15:19 khaled has quit [Quit: Konversation terminated!]

15:28 khaled has joined #systemtap

16:06 changcheng has joined #systemtap

16:07 <changcheng> I'm using systemstap on ubuntu 18.04.1, the kernel is 4.18.0-15-generic

16:07 <changcheng> I hit below problem on the system:

16:08 <changcheng> [ 67.133574] mod1: loading out-of-tree module taints kernel.

16:08 <changcheng> [ 67.135012] Lockdown: staprun: debugfs is restricted; see man kernel_lockdown.7

16:08 <changcheng> Does anyone know how to solve it?

16:09 <changcheng> mod1.ko is generated by:

16:09 <changcheng> 1) stap -p4 -m mod1 -e 'global var1="foo"; probe begin{printf("%s\n", var1); exit()}'

16:09 <changcheng> 2) sign mod1.ko with self generated key

16:12 <fche> changcheng, https://bugzilla.redhat.com/show_bug.cgi?id=1638874 <-- see also this

16:13 <fche> setenv SYSTEMTAP_SIGN=1

16:14 <fche> that way stap will treat the machine like the secureboot-type configuration it is, and can arrange to use a compilation server to build & sign modules via a MOK key

16:16 <fche> that patch (commit b371843bc) went into stap 4.0

16:17 <changcheng> @fche: My system use UEFI Secure boot mode

16:17 <changcheng> I generated the key and imported into MOK key list.

16:18 <changcheng> Then I use stap -p4 to generate the module and sign the moduel with the private key.

16:18 <fche> yes, you can do it by hand

16:18 <fche> but stap can automate this for you

16:19 <changcheng> The compilation server and client is same for me (I use my own machine to build the driver and install the ko. The ubuntu is the offical relaese)

16:20 <changcheng> Is there any guide how to setup the server and what's scripts could be used to sign with key automatically?

16:20 <fche> https://sourceware.org/systemtap/wiki/SecureBoot

16:21 <fche> the only extra bit is triggering this secureboot logic with that $SYSTEMTAP_SIGN=1 env variable

16:22 <changcheng> Currently, I've already signed the genreated driver module. So I only need do "export SYSTEMTAP_SIGN=1; stap mod1.ko", right?

16:22 <fche> if it's already signed, then you're done

16:22 <fche> this SYSTEMTAP_SIGN business is to get stap foo.stp to run through the compilation-server / signing dance for you

16:23 <changcheng> However, staprun mod1.ko still hit the problem.

16:23 <fche> hm .... if that mok key is enrolled, I thought it should not

16:23 <changcheng> strings mod1.ko | grep -i append

16:24 <changcheng> ~Module signature appended~

16:24 <changcheng> The mok key has been enrolled yet.

16:26 <changcheng> For ubuntu 18.04.1, the kernel version is 4.18.0-15

16:30 <fche> hm interesting

16:30 <fche> if you had the time, it'd be great to record your observations into sourceware.org/bugzilla

16:33 <changcheng> Thanks for your suggestion. I'll put the bug link here once being filed (I'm in UTC+8 TZ, sleep now.). Have a good day.

16:34 changcheng has quit [Quit: WeeChat 1.9.1]

16:34 changcheng has joined #systemtap

16:37 <fche> thanks a lot

16:38 <fche> what an unfortunate problem

16:38 <fche> these well-intentioned security patches and their unintended consequences

16:51 slowfranklin has left #systemtap [#systemtap]

18:06 yog_ has quit [Ping timeout: 246 seconds]

20:36 slowfranklin has joined #systemtap

21:04 mjw has quit [Quit: Leaving]

21:11 slowfranklin has quit [Quit: slowfranklin]

21:14 khaled has quit [Quit: Konversation terminated!]

21:41 wcohen has quit [Ping timeout: 264 seconds]

21:56 orivej has quit [Read error: Connection reset by peer]

21:57 orivej has joined #systemtap

21:57 sscox has quit [Ping timeout: 250 seconds]

22:25 wcohen has joined #systemtap