import systemtap-4.4-9.el8
This commit is contained in:
parent
31cc523fef
commit
4b2cc2694b
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/systemtap-4.3.tar.gz
|
SOURCES/systemtap-4.4.tar.gz
|
||||||
|
@ -1 +1 @@
|
|||||||
14769266f6591b85895a5f40e516f8228e83476e SOURCES/systemtap-4.3.tar.gz
|
f126888adda90a0ec57f43f9db20fde68c8ef356 SOURCES/systemtap-4.4.tar.gz
|
||||||
|
55
SOURCES/rhbz1650594.patch
Normal file
55
SOURCES/rhbz1650594.patch
Normal file
@ -0,0 +1,55 @@
|
|||||||
|
commit 734f5acf6c568c02254a33730c6f0fff016bdd09
|
||||||
|
Author: Martin Cermak <mcermak@redhat.com>
|
||||||
|
Date: Wed Jan 20 22:09:49 2021 +0100
|
||||||
|
|
||||||
|
systemtap-service onboot: Skip updating the bootloader
|
||||||
|
|
||||||
|
It shows up that just modifying the default initrd is good enough,
|
||||||
|
no need to call kernel-install or new-kernel-pkg. This speeds up
|
||||||
|
the systemtap-service onboot operation.
|
||||||
|
|
||||||
|
diff --git a/initscript/systemtap.in b/initscript/systemtap.in
|
||||||
|
index 713f7a680..b1621ae2f 100755
|
||||||
|
--- a/initscript/systemtap.in
|
||||||
|
+++ b/initscript/systemtap.in
|
||||||
|
@@ -46,8 +46,6 @@ STAPRUN=@bindir@/staprun
|
||||||
|
UNAME=/bin/uname
|
||||||
|
LSMOD=/sbin/lsmod
|
||||||
|
DRACUT=`which dracut`
|
||||||
|
-NEWKERNELPKG=/sbin/new-kernel-pkg
|
||||||
|
-KERNELINSTALL=/usr/bin/kernel-install
|
||||||
|
|
||||||
|
# Not actually used directly, but needed by
|
||||||
|
# stap dracut module for inclusion in initramfs
|
||||||
|
@@ -839,10 +837,6 @@ backup_initramfs() {
|
||||||
|
|
||||||
|
onboot () {
|
||||||
|
local s ret ss
|
||||||
|
- if [ ! -f "$NEWKERNELPKG" -a ! -f "$KERNELINSTALL" ]; then
|
||||||
|
- do_failure "Could not find $NEWKERNELPKG nor $KERNELINSTALL"
|
||||||
|
- return 1
|
||||||
|
- fi
|
||||||
|
if [ ! -f "$DRACUT" ]; then
|
||||||
|
do_failure "$DRACUT not found"
|
||||||
|
return 1
|
||||||
|
@@ -940,20 +934,6 @@ onboot () {
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
clog "done"
|
||||||
|
- # We're installing the initramfs in the default location, so user
|
||||||
|
- # expects the next boot to use it. Let's also update the bootloader.
|
||||||
|
- clog " Updating bootloader ... " -n
|
||||||
|
- if [ -x "$NEWKERNELPKG" ]; then
|
||||||
|
- logex $NEWKERNELPKG --initrdfile="$INITRAMFS" \
|
||||||
|
- --update $KRELEASE
|
||||||
|
- else
|
||||||
|
- logex $KERNELINSTALL add $KRELEASE /boot/vmlinuz-$KRELEASE
|
||||||
|
- fi
|
||||||
|
- if [ $? -ne 0 ]; then
|
||||||
|
- do_failure "bootloader update exited with nonzero status"
|
||||||
|
- return 1
|
||||||
|
- fi
|
||||||
|
- might_success "initramfs created and bootloader updated"
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
108
SOURCES/rhbz1873492.patch
Normal file
108
SOURCES/rhbz1873492.patch
Normal file
@ -0,0 +1,108 @@
|
|||||||
|
commit ea5f10ba55fce68d1ed614ca33afdb38816f0830
|
||||||
|
Author: Frank Ch. Eigler <fche@redhat.com>
|
||||||
|
Date: Mon Nov 16 18:54:11 2020 -0500
|
||||||
|
|
||||||
|
PR26665: mokutil output parsing tweaks
|
||||||
|
|
||||||
|
We encountered secureboot keys in the wild that didn't live up
|
||||||
|
to the expectations of the current little state machine. Tweaked
|
||||||
|
regexps to accept Issuer: O= as well as Issuer: CN= lines. With
|
||||||
|
more verbosity, produces output on parsing process.
|
||||||
|
|
||||||
|
diff --git a/session.cxx b/session.cxx
|
||||||
|
index b5a8044..0437ca4 100644
|
||||||
|
--- a/session.cxx
|
||||||
|
+++ b/session.cxx
|
||||||
|
@@ -2859,6 +2859,9 @@ systemtap_session::get_mok_info()
|
||||||
|
// PR26665: but only Systemtap MOK keys; there may be others.
|
||||||
|
getline(out, line);
|
||||||
|
|
||||||
|
+ if (verbose > 3)
|
||||||
|
+ clog << "MOK parse state: " << state << " line: " << line << endl;
|
||||||
|
+
|
||||||
|
if (state == "SHA1") { // look for a new key fingerprint
|
||||||
|
if (! regexp_match(line, "^SHA1 Fingerprint: ([0-9a-f:]+)$", matches))
|
||||||
|
{
|
||||||
|
@@ -2871,11 +2874,14 @@ systemtap_session::get_mok_info()
|
||||||
|
}
|
||||||
|
// else stay in SHA1 state
|
||||||
|
} else if (state == "Issuer") { // validate issuer
|
||||||
|
- if (! regexp_match(line, "^[ \t]*Issuer: O=(.*)$", matches)) {
|
||||||
|
+ if (! regexp_match(line, "^[ \t]*Issuer: [A-Z]*=(.*)$", matches)) {
|
||||||
|
if (verbose > 2)
|
||||||
|
clog << "Issuer found: " << matches[1] << endl;
|
||||||
|
- if (! regexp_match(matches[1], "Systemtap", matches))
|
||||||
|
+ if (! regexp_match(matches[1], "Systemtap", matches)) {
|
||||||
|
+ if (verbose > 2)
|
||||||
|
+ clog << "Recognized Systemtap MOK fingerprint: " << fingerprint << endl;
|
||||||
|
mok_fingerprints.push_back(fingerprint);
|
||||||
|
+ }
|
||||||
|
state = "SHA1"; // start looking for another key
|
||||||
|
}
|
||||||
|
} else { // some other line in mokutil output ... there are plenty
|
||||||
|
commit 532eb9a1502026300a7f0b4bd287499101dd5803
|
||||||
|
Author: Frank Ch. Eigler <fche@redhat.com>
|
||||||
|
Date: Tue Nov 17 16:34:59 2020 -0500
|
||||||
|
|
||||||
|
PR26665 detect rhel8 (4.18) era kernel_is_locked_down() as procfs trigger
|
||||||
|
|
||||||
|
A different older kernel API needs to be probed for rhel8 era detection
|
||||||
|
of lockdown in effect. Added an (undocumented) $SYSTEMTAP_NOSIGN env
|
||||||
|
var to override automatic --use-server on lockdown, so that one can
|
||||||
|
inspect runtime/autoconf* operation locally, without stap-server.
|
||||||
|
|
||||||
|
diff --git a/buildrun.cxx b/buildrun.cxx
|
||||||
|
index 9b4066d..9c8e648 100644
|
||||||
|
--- a/buildrun.cxx
|
||||||
|
+++ b/buildrun.cxx
|
||||||
|
@@ -517,6 +517,7 @@ compile_pass (systemtap_session& s)
|
||||||
|
output_autoconf(s, o, cs, "autoconf-atomic_fetch_add_unless.c",
|
||||||
|
"STAPCONF_ATOMIC_FETCH_ADD_UNLESS", NULL);
|
||||||
|
output_autoconf(s, o, cs, "autoconf-lockdown-debugfs.c", "STAPCONF_LOCKDOWN_DEBUGFS", NULL);
|
||||||
|
+ output_autoconf(s, o, cs, "autoconf-lockdown-kernel.c", "STAPCONF_LOCKDOWN_KERNEL", NULL);
|
||||||
|
|
||||||
|
// used by runtime/linux/netfilter.c
|
||||||
|
output_exportconf(s, o2, "nf_register_hook", "STAPCONF_NF_REGISTER_HOOK");
|
||||||
|
diff --git a/runtime/linux/autoconf-lockdown-kernel.c b/runtime/linux/autoconf-lockdown-kernel.c
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000..90c2414
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/runtime/linux/autoconf-lockdown-kernel.c
|
||||||
|
@@ -0,0 +1,5 @@
|
||||||
|
+#include <linux/kernel.h>
|
||||||
|
+
|
||||||
|
+int foo(void) {
|
||||||
|
+ return kernel_is_locked_down("something");
|
||||||
|
+}
|
||||||
|
diff --git a/runtime/transport/transport.c b/runtime/transport/transport.c
|
||||||
|
index bb4a98b..5795533 100644
|
||||||
|
--- a/runtime/transport/transport.c
|
||||||
|
+++ b/runtime/transport/transport.c
|
||||||
|
@@ -123,6 +123,12 @@ static int _stp_transport_fs_init(const char *module_name)
|
||||||
|
dbug_trans(1, "choosing procfs_p=1\n");
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
+#ifdef STAPCONF_LOCKDOWN_KERNEL
|
||||||
|
+ if (!debugfs_p && kernel_is_locked_down ("debugfs")) {
|
||||||
|
+ procfs_p = 1;
|
||||||
|
+ dbug_trans(1, "choosing procfs_p=1\n");
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
if (!procfs_p) {
|
||||||
|
debugfs_p = 1;
|
||||||
|
dbug_trans(1, "choosing debugfs_p=1\n");
|
||||||
|
diff --git a/session.cxx b/session.cxx
|
||||||
|
index 0437ca4..36a4053 100644
|
||||||
|
--- a/session.cxx
|
||||||
|
+++ b/session.cxx
|
||||||
|
@@ -2804,7 +2804,9 @@ systemtap_session::modules_must_be_signed()
|
||||||
|
|
||||||
|
if (getenv("SYSTEMTAP_SIGN"))
|
||||||
|
return true;
|
||||||
|
-
|
||||||
|
+ if (getenv("SYSTEMTAP_NOSIGN"))
|
||||||
|
+ return false;
|
||||||
|
+
|
||||||
|
statm >> status;
|
||||||
|
if (status == 'Y')
|
||||||
|
return true;
|
63
SOURCES/rhbz1898288.patch
Normal file
63
SOURCES/rhbz1898288.patch
Normal file
@ -0,0 +1,63 @@
|
|||||||
|
commit 34e62f15da5adf06361ac66489936d0ffa1cc430
|
||||||
|
Author: Frank Ch. Eigler <fche@redhat.com>
|
||||||
|
Date: Tue Nov 10 22:13:53 2020 -0500
|
||||||
|
|
||||||
|
RHBZ1892179: handle exhausted stp_task_work structs
|
||||||
|
|
||||||
|
In utrace_report_syscall_entry and _exit, there is a possibility of
|
||||||
|
dereferencing a NULL pointer, in case __stp_utrace_alloc_task_work
|
||||||
|
exhausts UTRACE_TASK_WORK_POOL_SIZE live elements. While OOM is
|
||||||
|
still a possibility, this patch handles it more gracefully.
|
||||||
|
|
||||||
|
diff --git a/runtime/stp_utrace.c b/runtime/stp_utrace.c
|
||||||
|
index 47355de..e2880f1 100644
|
||||||
|
--- a/runtime/stp_utrace.c
|
||||||
|
+++ b/runtime/stp_utrace.c
|
||||||
|
@@ -2337,11 +2337,11 @@ static void utrace_report_syscall_entry(void *cb_data __attribute__ ((unused)),
|
||||||
|
|
||||||
|
/* Defer the report_syscall_entry work so it doesn't happen in atomic context: */
|
||||||
|
work = __stp_utrace_alloc_task_work(utrace, NULL);
|
||||||
|
- __stp_utrace_save_regs(work, regs);
|
||||||
|
if (work == NULL) {
|
||||||
|
_stp_error("Unable to allocate space for task_work");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
+ __stp_utrace_save_regs(work, regs);
|
||||||
|
stp_init_task_work(work, &utrace_syscall_entry_work);
|
||||||
|
rc = stp_task_work_add(task, work);
|
||||||
|
// stp_task_work_add() returns -ESRCH if the task has already
|
||||||
|
@@ -2444,11 +2444,11 @@ static void utrace_report_syscall_exit(void *cb_data __attribute__ ((unused)),
|
||||||
|
|
||||||
|
/* Defer the report_syscall_exit work so it doesn't happen in atomic context: */
|
||||||
|
work = __stp_utrace_alloc_task_work(utrace, NULL);
|
||||||
|
- __stp_utrace_save_regs(work, regs);
|
||||||
|
if (work == NULL) {
|
||||||
|
_stp_error("Unable to allocate space for task_work");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
+ __stp_utrace_save_regs(work, regs);
|
||||||
|
stp_init_task_work(work, &utrace_syscall_exit_work);
|
||||||
|
rc = stp_task_work_add(task, work);
|
||||||
|
// stp_task_work_add() returns -ESRCH if the task has already
|
||||||
|
|
||||||
|
commit 83cb271b390a1b36abd4c3aa69f89c466e99e253
|
||||||
|
Author: Frank Ch. Eigler <fche@redhat.com>
|
||||||
|
Date: Fri Nov 13 12:36:07 2020 -0500
|
||||||
|
|
||||||
|
RHBZ1892179: double default UTRACE_TASK_WORKPOOL
|
||||||
|
|
||||||
|
Some workloads were observed to exhaust the previous limit of 288.
|
||||||
|
|
||||||
|
diff --git a/runtime/stp_utrace.c b/runtime/stp_utrace.c
|
||||||
|
index 46ba489..6022267 100644
|
||||||
|
--- a/runtime/stp_utrace.c
|
||||||
|
+++ b/runtime/stp_utrace.c
|
||||||
|
@@ -141,7 +141,7 @@ struct __stp_utrace_task_work { /* NB: about 216 bytes, 18 per page: */
|
||||||
|
TODO: UTRACE_TASK_WORK_POOL_SIZE can be specified on the Systemtap
|
||||||
|
command line. Experiment to find the best default value. */
|
||||||
|
#ifndef UTRACE_TASK_WORK_POOL_SIZE
|
||||||
|
-#define UTRACE_TASK_WORK_POOL_SIZE 288
|
||||||
|
+#define UTRACE_TASK_WORK_POOL_SIZE 576
|
||||||
|
#endif
|
||||||
|
static DECLARE_BITMAP(__stp_utrace_task_work_pool_bitmap, UTRACE_TASK_WORK_POOL_SIZE);
|
||||||
|
static struct __stp_utrace_task_work __stp_utrace_task_work_pool[UTRACE_TASK_WORK_POOL_SIZE];
|
217
SOURCES/rhbz1902696.patch
Normal file
217
SOURCES/rhbz1902696.patch
Normal file
@ -0,0 +1,217 @@
|
|||||||
|
commit e3d03db82853049f65f16dc40c03f3f7f617ffb5
|
||||||
|
Author: Frank Ch. Eigler <fche@redhat.com>
|
||||||
|
Date: Sun Dec 13 21:05:23 2020 -0500
|
||||||
|
|
||||||
|
PR23512: fix staprun/stapio operation via less-than-root privileges
|
||||||
|
|
||||||
|
Commit 7615cae790c899bc8a82841c75c8ea9c6fa54df3 for PR26665 introduced
|
||||||
|
a regression in handling stapusr/stapdev/stapsys gid invocation of
|
||||||
|
staprun/stapio. This patch simplifies the relevant code in
|
||||||
|
staprun/ctl.c, init_ctl_channel(), to rely on openat/etc. to populate
|
||||||
|
and use the relay_basedir_fd as much as possible. Also, we now avoid
|
||||||
|
unnecessary use of access(), which was checking against the wrong
|
||||||
|
(real rather than effective) uid/gid.
|
||||||
|
|
||||||
|
diff --git a/staprun/ctl.c b/staprun/ctl.c
|
||||||
|
index 4be68af..da3417b 100644
|
||||||
|
--- a/staprun/ctl.c
|
||||||
|
+++ b/staprun/ctl.c
|
||||||
|
@@ -14,111 +14,70 @@
|
||||||
|
|
||||||
|
#define CTL_CHANNEL_NAME ".cmd"
|
||||||
|
|
||||||
|
+
|
||||||
|
+#ifndef HAVE_OPENAT
|
||||||
|
+#error "need openat"
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+// This function does multiple things:
|
||||||
|
+//
|
||||||
|
+// 1) if needed, open the running module's directory (the one that
|
||||||
|
+// contains .ctl), stash fd in relay_basedir_fd; this will be
|
||||||
|
+// passed to stapio children via -F$fd for privilege passing
|
||||||
|
+//
|
||||||
|
+// 2) (re)open the running module's .ctl file, stash fd in the
|
||||||
|
+// control_channel global; this will be used all over the place.
|
||||||
|
+//
|
||||||
|
+// Return 0 on success.
|
||||||
|
+//
|
||||||
|
+// See also PR14245, PR26665, RHBZ1902696 = PR23512
|
||||||
|
+//
|
||||||
|
int init_ctl_channel(const char *name, int verb)
|
||||||
|
{
|
||||||
|
- char buf[PATH_MAX] = ""; // the .ctl file name
|
||||||
|
- char buf2[PATH_MAX] = ""; // other tmp stuff
|
||||||
|
- struct statfs st;
|
||||||
|
-
|
||||||
|
(void) verb;
|
||||||
|
- if (0) goto out; /* just to defeat gcc warnings */
|
||||||
|
|
||||||
|
- /* Before trying to open the control channel, make sure it
|
||||||
|
- * isn't already open. */
|
||||||
|
- close_ctl_channel();
|
||||||
|
+ // Already got them both?
|
||||||
|
+ if (control_channel >= 0 && relay_basedir_fd >= 0)
|
||||||
|
+ return 0;
|
||||||
|
|
||||||
|
-#ifdef HAVE_OPENAT
|
||||||
|
- if (relay_basedir_fd >= 0) {
|
||||||
|
- strncpy(buf, CTL_CHANNEL_NAME, PATH_MAX - 1);
|
||||||
|
- control_channel = openat_cloexec(relay_basedir_fd,
|
||||||
|
- CTL_CHANNEL_NAME, O_RDWR, 0);
|
||||||
|
- dbug(2, "Opened %s (%d)\n", CTL_CHANNEL_NAME, control_channel);
|
||||||
|
+ // Need relay_basedir_fd .... ok try /sys/kernel/debug/systemtap/
|
||||||
|
+ if (relay_basedir_fd < 0) {
|
||||||
|
+ char buf[PATH_MAX] = "";
|
||||||
|
+ struct statfs st;
|
||||||
|
|
||||||
|
- /* NB: Extra real-id access check as below */
|
||||||
|
- if (faccessat(relay_basedir_fd, CTL_CHANNEL_NAME, R_OK|W_OK, 0) != 0){
|
||||||
|
- close(control_channel);
|
||||||
|
- return -5;
|
||||||
|
- }
|
||||||
|
- if (control_channel >= 0)
|
||||||
|
- goto out; /* It's OK to bypass the [f]access[at] check below,
|
||||||
|
- since this would only occur the *second* time
|
||||||
|
- staprun tries this gig, or within unprivileged stapio. */
|
||||||
|
+ if (sprintf_chk(buf, "/sys/kernel/debug/systemtap/%s", name))
|
||||||
|
+ return -EINVAL;
|
||||||
|
+
|
||||||
|
+ if (statfs("/sys/kernel/debug", &st) == 0 && (int)st.f_type == (int)DEBUGFS_MAGIC)
|
||||||
|
+ relay_basedir_fd = open (buf, O_DIRECTORY | O_RDONLY);
|
||||||
|
}
|
||||||
|
- /* PR14245, NB: we fall through to /sys ... /proc searching,
|
||||||
|
- in case the relay_basedir_fd option wasn't given (i.e., for
|
||||||
|
- early in staprun), or if errors out for some reason. */
|
||||||
|
-#endif
|
||||||
|
-
|
||||||
|
|
||||||
|
- // See if we have the .ctl file in debugfs
|
||||||
|
- if (sprintf_chk(buf2, "/sys/kernel/debug/systemtap/%s/%s",
|
||||||
|
- name, CTL_CHANNEL_NAME))
|
||||||
|
- return -1;
|
||||||
|
- if (statfs("/sys/kernel/debug", &st) == 0 && (int)st.f_type == (int)DEBUGFS_MAGIC &&
|
||||||
|
- (access (buf2, W_OK)==0)) {
|
||||||
|
- /* PR14245: allow subsequent operations, and if
|
||||||
|
- necessary, staprun->stapio forks, to reuse an fd for
|
||||||
|
- directory lookups (even if some parent directories have
|
||||||
|
- perms 0700. */
|
||||||
|
- strcpy(buf, buf2); // committed
|
||||||
|
+ // Still need relay_basedir_fd ... ok try /proc/systemtap/
|
||||||
|
+ if (relay_basedir_fd < 0) {
|
||||||
|
+ char buf[PATH_MAX] = "";
|
||||||
|
|
||||||
|
-#ifdef HAVE_OPENAT
|
||||||
|
- if (! sprintf_chk(buf2, "/sys/kernel/debug/systemtap/%s", name)) {
|
||||||
|
- relay_basedir_fd = open (buf2, O_DIRECTORY | O_RDONLY);
|
||||||
|
- }
|
||||||
|
-#endif
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- // PR26665: try /proc/systemtap/... also
|
||||||
|
- // (STP_TRANSPORT_1 used to use this for other purposes.)
|
||||||
|
- if (sprintf_chk(buf2, "/proc/systemtap/%s/%s",
|
||||||
|
- name, CTL_CHANNEL_NAME))
|
||||||
|
- return -1;
|
||||||
|
- if (relay_basedir_fd < 0 && (access(buf2, W_OK)==0)) {
|
||||||
|
- strcpy(buf, buf2); // committed
|
||||||
|
+ if (sprintf_chk(buf, "/proc/systemtap/%s", name))
|
||||||
|
+ return -EINVAL;
|
||||||
|
|
||||||
|
-#ifdef HAVE_OPENAT
|
||||||
|
- if (! sprintf_chk(buf2, "/proc/systemtap/%s", name)) {
|
||||||
|
- relay_basedir_fd = open (buf2, O_DIRECTORY | O_RDONLY);
|
||||||
|
- }
|
||||||
|
-#endif
|
||||||
|
+ relay_basedir_fd = open (buf, O_DIRECTORY | O_RDONLY);
|
||||||
|
}
|
||||||
|
|
||||||
|
- /* At this point, we have buf, which is the full path to the .ctl file,
|
||||||
|
- and we may have a relay_basedir_fd, which is useful to pass across
|
||||||
|
- staprun->stapio fork/execs. */
|
||||||
|
-
|
||||||
|
- control_channel = open_cloexec(buf, O_RDWR, 0);
|
||||||
|
- dbug(2, "Opened %s (%d)\n", buf, control_channel);
|
||||||
|
-
|
||||||
|
- /* NB: Even if open() succeeded with effective-UID permissions, we
|
||||||
|
- * need the access() check to make sure real-UID permissions are also
|
||||||
|
- * sufficient. When we run under the setuid staprun, effective and
|
||||||
|
- * real UID may not be the same. Specifically, we want to prevent
|
||||||
|
- * a local stapusr from trying to attach to a different stapusr's module.
|
||||||
|
- *
|
||||||
|
- * The access() is done *after* open() to avoid any TOCTOU-style race
|
||||||
|
- * condition. We believe it's probably safe either way, as the file
|
||||||
|
- * we're trying to access connot be modified by a typical user, but
|
||||||
|
- * better safe than sorry.
|
||||||
|
- */
|
||||||
|
-#ifdef HAVE_OPENAT
|
||||||
|
- if (control_channel >= 0 && relay_basedir_fd >= 0) {
|
||||||
|
- if (faccessat (relay_basedir_fd, CTL_CHANNEL_NAME, R_OK|W_OK, 0) == 0)
|
||||||
|
- goto out;
|
||||||
|
- /* else fall through */
|
||||||
|
+ // Got relay_basedir_fd, need .ctl
|
||||||
|
+ if (relay_basedir_fd >= 0) {
|
||||||
|
+ // verify that the ctl file is accessible to our real uid/gid
|
||||||
|
+ if (faccessat(relay_basedir_fd, CTL_CHANNEL_NAME, R_OK|W_OK, 0) != 0)
|
||||||
|
+ return -EPERM;
|
||||||
|
+
|
||||||
|
+ control_channel = openat_cloexec(relay_basedir_fd,
|
||||||
|
+ CTL_CHANNEL_NAME, O_RDWR, 0);
|
||||||
|
}
|
||||||
|
-#endif
|
||||||
|
- if (control_channel >= 0 && access(buf, R_OK|W_OK) != 0) {
|
||||||
|
- close(control_channel);
|
||||||
|
- return -5;
|
||||||
|
- }
|
||||||
|
|
||||||
|
-out:
|
||||||
|
- if (control_channel < 0) {
|
||||||
|
+ // Fell through
|
||||||
|
+ if (relay_basedir_fd < 0 || control_channel < 0) {
|
||||||
|
err(_("Cannot attach to module %s control channel; not running?\n"),
|
||||||
|
name);
|
||||||
|
- return -3;
|
||||||
|
+ return -EINVAL;
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
commit 1120422c2822be9e00d8d11cab3fb381d2ce0cce
|
||||||
|
Author: Frank Ch. Eigler <fche@redhat.com>
|
||||||
|
Date: Sun Dec 13 21:19:15 2020 -0500
|
||||||
|
|
||||||
|
PR27067 <<< corrected bug# for previous commit
|
||||||
|
commit cd5b72a538a404011d27d86ff958355ac2c45b8d
|
||||||
|
Author: Frank Ch. Eigler <fche@redhat.com>
|
||||||
|
Date: Sun Jan 24 14:45:54 2021 -0500
|
||||||
|
|
||||||
|
PR27067: set procfs traceNN files' uid/gid too
|
||||||
|
|
||||||
|
commit e3d03db828 neglected to include the proper calls to set the
|
||||||
|
procfs traceNN files to the correct uid/gid ownership. With those
|
||||||
|
files left as uid/gid=0/0, stapio running with a user with
|
||||||
|
stapusr/stapdev privileges couldn't fopenat() those files. Now they
|
||||||
|
can again. This problem became obvious after commit 4706ab3ca5c0,
|
||||||
|
which makes STAP_TRANS_PROCFS the default.
|
||||||
|
|
||||||
|
diff --git a/runtime/transport/procfs.c b/runtime/transport/procfs.c
|
||||||
|
index 97a6e123a..69591a235 100644
|
||||||
|
--- a/runtime/transport/procfs.c
|
||||||
|
+++ b/runtime/transport/procfs.c
|
||||||
|
@@ -336,12 +336,14 @@ __stp_procfs_relay_create_buf_file_callback(const char *filename,
|
||||||
|
if (parent != _stp_procfs_module_dir_path.dentry)
|
||||||
|
goto out;
|
||||||
|
|
||||||
|
- pde = proc_create (filename, 0600,
|
||||||
|
+ pde = proc_create (filename, 0400,
|
||||||
|
_stp_procfs_module_dir,
|
||||||
|
& relay_procfs_operations);
|
||||||
|
if (pde == NULL)
|
||||||
|
goto out;
|
||||||
|
|
||||||
|
+ proc_set_user(pde, KUIDT_INIT(_stp_uid), KGIDT_INIT(_stp_gid));
|
||||||
|
+
|
||||||
|
rc = snprintf(fullpath, sizeof(fullpath), "/proc/systemtap/%s/%s",
|
||||||
|
THIS_MODULE->name, filename);
|
||||||
|
|
2831
SOURCES/rhbz1906662.patch
Normal file
2831
SOURCES/rhbz1906662.patch
Normal file
File diff suppressed because it is too large
Load Diff
44
SOURCES/rhbz1908904.patch
Normal file
44
SOURCES/rhbz1908904.patch
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
commit e3287bddcdc51705bb206479daa82e97fb28071f
|
||||||
|
Author: Frank Ch. Eigler <fche@redhat.com>
|
||||||
|
Date: Wed Dec 9 22:29:43 2020 -0500
|
||||||
|
|
||||||
|
PR27044: fix lock loop for conditional probes
|
||||||
|
|
||||||
|
Emit a nested block carefully so that the "goto out;" from a failed
|
||||||
|
stp_lock_probe() call in that spot near the epilogue of a
|
||||||
|
probe-handler goes downward, not upward.
|
||||||
|
|
||||||
|
diff --git a/translate.cxx b/translate.cxx
|
||||||
|
index f0195486c..d7fe1e3b2 100644
|
||||||
|
--- a/translate.cxx
|
||||||
|
+++ b/translate.cxx
|
||||||
|
@@ -2969,21 +2969,21 @@ c_unparser::emit_probe (derived_probe* v)
|
||||||
|
{
|
||||||
|
// PR26296
|
||||||
|
// emit all read/write locks for global variables ... if somehow still not done by now
|
||||||
|
+ // emit a local out: label, for error catching in these condition exprs
|
||||||
|
+ o->newline() << "{";
|
||||||
|
+ o->newline(1) << "__label__ out, deref_fault;";
|
||||||
|
if (v->needs_global_locks ())
|
||||||
|
emit_lock ();
|
||||||
|
|
||||||
|
for (set<derived_probe*>::const_iterator
|
||||||
|
- it = v->probes_with_affected_conditions.begin();
|
||||||
|
- it != v->probes_with_affected_conditions.end(); ++it)
|
||||||
|
+ it = v->probes_with_affected_conditions.begin();
|
||||||
|
+ it != v->probes_with_affected_conditions.end(); ++it)
|
||||||
|
{
|
||||||
|
- // emit a local out: label, for error catching in these condition exprs
|
||||||
|
- o->newline() << "{";
|
||||||
|
- o->newline(1) << "__label__ out, deref_fault;";
|
||||||
|
emit_probe_condition_update(*it);
|
||||||
|
- o->newline(-1) << "deref_fault: __attribute__((unused));";
|
||||||
|
- o->newline() << "out: __attribute__((unused));";
|
||||||
|
- o->newline() << "}";
|
||||||
|
}
|
||||||
|
+ o->newline(-1) << "deref_fault: __attribute__((unused));";
|
||||||
|
+ o->newline() << "out: __attribute__((unused));";
|
||||||
|
+ o->newline() << "}";
|
||||||
|
}
|
||||||
|
|
||||||
|
// PR26296
|
@ -48,7 +48,8 @@
|
|||||||
|
|
||||||
%if 0%{?fedora} >= 18 || 0%{?rhel} >= 6
|
%if 0%{?fedora} >= 18 || 0%{?rhel} >= 6
|
||||||
%define initdir %{_initddir}
|
%define initdir %{_initddir}
|
||||||
%else # RHEL5 doesn't know _initddir
|
%else
|
||||||
|
# RHEL5 doesn't know _initddir
|
||||||
%define initdir %{_initrddir}
|
%define initdir %{_initrddir}
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
@ -58,7 +59,8 @@
|
|||||||
%else
|
%else
|
||||||
%if 0%{?rhel} >= 6
|
%if 0%{?rhel} >= 6
|
||||||
%define udevrulesdir /lib/udev/rules.d
|
%define udevrulesdir /lib/udev/rules.d
|
||||||
%else # RHEL5
|
%else
|
||||||
|
# RHEL5
|
||||||
%define udevrulesdir /etc/udev/rules.d
|
%define udevrulesdir /etc/udev/rules.d
|
||||||
%endif
|
%endif
|
||||||
%endif
|
%endif
|
||||||
@ -86,8 +88,8 @@
|
|||||||
%define __brp_mangle_shebangs_exclude_from .stp$
|
%define __brp_mangle_shebangs_exclude_from .stp$
|
||||||
|
|
||||||
Name: systemtap
|
Name: systemtap
|
||||||
Version: 4.3
|
Version: 4.4
|
||||||
Release: 1%{?release_override}%{?dist}
|
Release: 9%{?release_override}%{?dist}
|
||||||
# for version, see also configure.ac
|
# for version, see also configure.ac
|
||||||
|
|
||||||
|
|
||||||
@ -123,12 +125,20 @@ License: GPLv2+
|
|||||||
URL: http://sourceware.org/systemtap/
|
URL: http://sourceware.org/systemtap/
|
||||||
Source: ftp://sourceware.org/pub/systemtap/releases/systemtap-%{version}.tar.gz
|
Source: ftp://sourceware.org/pub/systemtap/releases/systemtap-%{version}.tar.gz
|
||||||
|
|
||||||
|
Patch1: rhbz1873492.patch
|
||||||
|
Patch2: rhbz1898288.patch
|
||||||
|
Patch3: rhbz1902696.patch
|
||||||
|
Patch4: rhbz1908904.patch
|
||||||
|
Patch5: rhbz1906662.patch
|
||||||
|
Patch6: rhbz1650594.patch
|
||||||
|
|
||||||
# Build*
|
# Build*
|
||||||
BuildRequires: gcc-c++
|
BuildRequires: gcc-c++
|
||||||
BuildRequires: cpio
|
BuildRequires: cpio
|
||||||
BuildRequires: gettext-devel
|
BuildRequires: gettext-devel
|
||||||
BuildRequires: pkgconfig(nss)
|
BuildRequires: pkgconfig(nss)
|
||||||
BuildRequires: pkgconfig(avahi-client)
|
BuildRequires: pkgconfig(avahi-client)
|
||||||
|
BuildRequires: pkgconfig(libdebuginfod)
|
||||||
%if %{with_dyninst}
|
%if %{with_dyninst}
|
||||||
BuildRequires: dyninst-devel >= 10.0
|
BuildRequires: dyninst-devel >= 10.0
|
||||||
BuildRequires: pkgconfig(libselinux)
|
BuildRequires: pkgconfig(libselinux)
|
||||||
@ -363,6 +373,7 @@ Requires: systemtap = %{version}-%{release}
|
|||||||
Requires: systemtap-sdt-devel = %{version}-%{release}
|
Requires: systemtap-sdt-devel = %{version}-%{release}
|
||||||
Requires: systemtap-server = %{version}-%{release}
|
Requires: systemtap-server = %{version}-%{release}
|
||||||
Requires: dejagnu which elfutils grep nc
|
Requires: dejagnu which elfutils grep nc
|
||||||
|
Requires: elfutils-debuginfod
|
||||||
Requires: gcc gcc-c++ make glibc-devel
|
Requires: gcc gcc-c++ make glibc-devel
|
||||||
# testsuite/systemtap.base/ptrace.exp needs strace
|
# testsuite/systemtap.base/ptrace.exp needs strace
|
||||||
Requires: strace
|
Requires: strace
|
||||||
@ -507,6 +518,12 @@ systemtap-runtime-virthost machine to execute systemtap scripts.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
|
%patch1 -p1
|
||||||
|
%patch2 -p1
|
||||||
|
%patch3 -p1
|
||||||
|
%patch4 -p1
|
||||||
|
%patch5 -p1
|
||||||
|
%patch6 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
|
||||||
@ -1226,6 +1243,44 @@ done
|
|||||||
|
|
||||||
# PRERELEASE
|
# PRERELEASE
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jan 26 2021 Frank Ch. Eigler <fche@redhat.com> - 4.4-9
|
||||||
|
- rhbz1927497 enable debuginfod client for buildid probing
|
||||||
|
|
||||||
|
* Tue Jan 26 2021 Frank Ch. Eigler <fche@redhat.com> - 4.4-8
|
||||||
|
- rhbz1902696 fix invocation as stapusr with procfs/lockdown
|
||||||
|
|
||||||
|
* Wed Jan 20 2021 Martin Cermak <mcermak@redhat.com> - 4.4-7
|
||||||
|
- rhbz1650594 fix boot time probing feature
|
||||||
|
|
||||||
|
* Mon Jan 04 2021 Frank Ch. Eigler <fche@redhat.com> - 4.4-6
|
||||||
|
- rhbz1906662 backport transport/utrace/locking patches
|
||||||
|
|
||||||
|
* Thu Dec 17 2020 Frank Ch. Eigler <fche@redhat.com> - 4.4-5
|
||||||
|
- rhbz1908904 fix lock-pushdown codegen for conditional probes
|
||||||
|
|
||||||
|
* Tue Dec 15 2020 Frank Ch. Eigler <fche@redhat.com> - 4.4-4
|
||||||
|
- rhbz1902696 fix invocation as stapusr vs. root
|
||||||
|
|
||||||
|
* Tue Nov 17 2020 Frank Ch. Eigler <fche@redhat.com> - 4.4-3
|
||||||
|
- rhbz1873492 related: rhel8 kernel_is_locked_down detection
|
||||||
|
|
||||||
|
* Mon Nov 16 2020 Frank Ch. Eigler <fche@redhat.com> - 4.4-2
|
||||||
|
- rhbz1898288: stability for exhausted UTRACE_TASK_WORK_POOL
|
||||||
|
- rhbz1873492 related: mokutil parser robustness for RH keys
|
||||||
|
|
||||||
|
* Mon Nov 09 2020 Frank Ch. Eigler <fche@redhat.com> - 4.4-1
|
||||||
|
- Upstream release.
|
||||||
|
|
||||||
|
* Wed Aug 12 2020 Martin Cermak <mcermak@redhat.com> - 4.3-4
|
||||||
|
- rhbz1868095: Refix including PR26379.
|
||||||
|
|
||||||
|
* Wed Aug 12 2020 Martin Cermak <mcermak@redhat.com> - 4.3-3
|
||||||
|
- rhbz1868095: byteman-java-methods-probing
|
||||||
|
|
||||||
|
* Tue Jul 28 2020 Frank Ch. Eigler <fche@redhat.com> - 4.3-2
|
||||||
|
- rhbz1857749: uprobes-inode changes
|
||||||
|
- rhbz1855264: @cast adaptations
|
||||||
|
|
||||||
* Thu Jun 11 2020 Stan Cox <scox@redhat.com> - 4.3-1
|
* Thu Jun 11 2020 Stan Cox <scox@redhat.com> - 4.3-1
|
||||||
- rhbz1804319: Upstream release.
|
- rhbz1804319: Upstream release.
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user