From a1207c104a86a363112872834ad1f76b7206f22a Mon Sep 17 00:00:00 2001 From: Jesse Keating Date: Tue, 29 Sep 2009 07:00:33 +0000 Subject: [PATCH 01/10] Initialize branch F-12 for systemtap --- branch | 1 + 1 file changed, 1 insertion(+) create mode 100644 branch diff --git a/branch b/branch new file mode 100644 index 0000000..06de2d2 --- /dev/null +++ b/branch @@ -0,0 +1 @@ +F-12 From 2396d5ccc645ff1cc66e4c876225e88ee544bb7a Mon Sep 17 00:00:00 2001 From: Josh Stone Date: Wed, 21 Oct 2009 15:51:01 +0000 Subject: [PATCH 02/10] Fixes for CVE-2009-2911 --- ....0-limit-dwarf-expression-stack-size.patch | 123 ++++++++++++ SystemTap-1.0-limit-printf-arguments.patch | 62 ++++++ SystemTap-1.0-unwind-table-size-checks.patch | 180 ++++++++++++++++++ systemtap.spec | 15 +- 4 files changed, 379 insertions(+), 1 deletion(-) create mode 100644 SystemTap-1.0-limit-dwarf-expression-stack-size.patch create mode 100644 SystemTap-1.0-limit-printf-arguments.patch create mode 100644 SystemTap-1.0-unwind-table-size-checks.patch diff --git a/SystemTap-1.0-limit-dwarf-expression-stack-size.patch b/SystemTap-1.0-limit-dwarf-expression-stack-size.patch new file mode 100644 index 0000000..c6d1ea9 --- /dev/null +++ b/SystemTap-1.0-limit-dwarf-expression-stack-size.patch @@ -0,0 +1,123 @@ +diff --git a/dwflpp.cxx b/dwflpp.cxx +index 636cd38..c31548d 100644 +--- a/dwflpp.cxx ++++ b/dwflpp.cxx +@@ -2272,7 +2272,15 @@ dwflpp::express_as_string (string prelude, + + fprintf(memstream, "{\n"); + fprintf(memstream, "%s", prelude.c_str()); +- bool deref = c_emit_location (memstream, head, 1); ++ ++ unsigned int stack_depth; ++ bool deref = c_emit_location (memstream, head, 1, &stack_depth); ++ ++ // Ensure that DWARF keeps loc2c to a "reasonable" stack size ++ // 32 intptr_t leads to max 256 bytes on the stack ++ if (stack_depth > 32) ++ throw semantic_error("oversized DWARF stack"); ++ + fprintf(memstream, "%s", postlude.c_str()); + fprintf(memstream, " goto out;\n"); + +diff --git a/loc2c-test.c b/loc2c-test.c +index 495a95f..ed7aa4b 100644 +--- a/loc2c-test.c ++++ b/loc2c-test.c +@@ -329,11 +329,14 @@ handle_variable (Dwarf_Die *lscopes, int lnscopes, int out, + "{\n" + " intptr_t value;"); + +- bool deref = c_emit_location (stdout, head, 1); ++ unsigned int stack_depth; ++ bool deref = c_emit_location (stdout, head, 1, &stack_depth); + + obstack_free (&pool, NULL); + +- puts (store ? " return;" : ++ printf (" /* max expression stack depth %u */\n", stack_depth); ++ ++ puts (store ? " return;" : + " printk (\" ---> %ld\\n\", (unsigned long) value);\n" + " return;"); + +diff --git a/loc2c.c b/loc2c.c +index 5d6b549..0716c7d 100644 +--- a/loc2c.c ++++ b/loc2c.c +@@ -2071,7 +2071,8 @@ emit_loc_address (FILE *out, struct location *loc, unsigned int indent, + assign it to an address-sized value. */ + static void + emit_loc_value (FILE *out, struct location *loc, unsigned int indent, +- const char *target, bool declare) ++ const char *target, bool declare, ++ bool *used_deref, unsigned int *max_stack) + { + if (declare) + emit ("%*s%s %s;\n", indent * 2, "", STACK_TYPE, target); +@@ -2091,6 +2092,9 @@ emit_loc_value (FILE *out, struct location *loc, unsigned int indent, + case loc_address: + case loc_value: + emit_loc_address (out, loc, indent, target); ++ *used_deref = *used_deref || loc->address.used_deref; ++ if (loc->address.stack_depth > *max_stack) ++ *max_stack = loc->address.stack_depth; + break; + } + +@@ -2098,7 +2102,8 @@ emit_loc_value (FILE *out, struct location *loc, unsigned int indent, + } + + bool +-c_emit_location (FILE *out, struct location *loc, int indent) ++c_emit_location (FILE *out, struct location *loc, int indent, ++ unsigned int *max_stack) + { + emit ("%*s{\n", indent * 2, ""); + +@@ -2134,9 +2139,11 @@ c_emit_location (FILE *out, struct location *loc, int indent) + } + + bool deref = false; ++ *max_stack = 0; + + if (loc->frame_base != NULL) +- emit_loc_value (out, loc->frame_base, indent, "frame_base", true); ++ emit_loc_value (out, loc->frame_base, indent, "frame_base", true, ++ &deref, max_stack); + + for (; loc->next != NULL; loc = loc->next) + switch (loc->type) +@@ -2144,8 +2151,7 @@ c_emit_location (FILE *out, struct location *loc, int indent) + case loc_address: + case loc_value: + /* Emit the program fragment to calculate the address. */ +- emit_loc_value (out, loc, indent + 1, "addr", false); +- deref = deref || loc->address.used_deref; ++ emit_loc_value (out, loc, indent + 1, "addr", false, &deref, max_stack); + break; + + case loc_fragment: +@@ -2172,6 +2178,9 @@ c_emit_location (FILE *out, struct location *loc, int indent) + + emit ("%s%*s}\n", loc->address.program, indent * 2, ""); + ++ if (loc->address.stack_depth > *max_stack) ++ *max_stack = loc->address.stack_depth; ++ + return deref || loc->address.used_deref; + } + +diff --git a/loc2c.h b/loc2c.h +index becf2d8..45d9382 100644 +--- a/loc2c.h ++++ b/loc2c.h +@@ -112,6 +112,7 @@ struct location *c_translate_argument (struct obstack *, + + Writes complete lines of C99, code forming a complete C block, to STREAM. + Return value is true iff that code uses the `deref' runtime macros. */ +-bool c_emit_location (FILE *stream, struct location *loc, int indent); ++bool c_emit_location (FILE *stream, struct location *loc, int indent, ++ unsigned int *max_stack); + + /* vim: set sw=2 ts=8 cino=>4,n-2,{2,^-2,t0,(0,u0,w1,M1 : */ + diff --git a/SystemTap-1.0-limit-printf-arguments.patch b/SystemTap-1.0-limit-printf-arguments.patch new file mode 100644 index 0000000..85c1ad4 --- /dev/null +++ b/SystemTap-1.0-limit-printf-arguments.patch @@ -0,0 +1,62 @@ +diff --git a/buildrun.cxx b/buildrun.cxx +index 100cbc4..c86a442 100644 +--- a/buildrun.cxx ++++ b/buildrun.cxx +@@ -200,6 +200,9 @@ compile_pass (systemtap_session& s) + + // o << "CFLAGS += -fno-unit-at-a-time" << endl; + ++ // 600 bytes should be enough for anybody ++ o << "EXTRA_CFLAGS += $(call cc-option,-Wframe-larger-than=600)" << endl; ++ + // Assumes linux 2.6 kbuild + o << "EXTRA_CFLAGS += -Wno-unused -Werror" << endl; + #if CHECK_POINTER_ARITH_PR5947 +diff --git a/testsuite/transko/varargs.stp b/testsuite/transko/varargs.stp +new file mode 100755 +index 0000000..f38309a +--- /dev/null ++++ b/testsuite/transko/varargs.stp +@@ -0,0 +1,10 @@ ++#! stap -p3 ++ ++probe begin { ++ // PR10750 enforces at most 32 print args ++ println(1, 2, 3, 4, 5, 6, 7, 8, ++ 9, 10, 11, 12, 13, 14, 15, 16, ++ 17, 18, 19, 20, 21, 22, 23, 24, ++ 25, 26, 27, 28, 29, 30, 31, 32, ++ 33) ++} +diff --git a/testsuite/transok/varargs.stp b/testsuite/transok/varargs.stp +new file mode 100755 +index 0000000..216166f +--- /dev/null ++++ b/testsuite/transok/varargs.stp +@@ -0,0 +1,9 @@ ++#! stap -p3 ++ ++probe begin { ++ // PR10750 enforces at most 32 print args ++ println(1, 2, 3, 4, 5, 6, 7, 8, ++ 9, 10, 11, 12, 13, 14, 15, 16, ++ 17, 18, 19, 20, 21, 22, 23, 24, ++ 25, 26, 27, 28, 29, 30, 31, 32) ++} +diff --git a/translate.cxx b/translate.cxx +index 04a9247..c73a5bd 100644 +--- a/translate.cxx ++++ b/translate.cxx +@@ -4151,6 +4151,11 @@ c_unparser::visit_print_format (print_format* e) + { + stmt_expr block(*this); + ++ // PR10750: Enforce a reasonable limit on # of varargs ++ // 32 varargs leads to max 256 bytes on the stack ++ if (e->args.size() > 32) ++ throw semantic_error("too many arguments to print", e->tok); ++ + // Compute actual arguments + vector tmp; + + diff --git a/SystemTap-1.0-unwind-table-size-checks.patch b/SystemTap-1.0-unwind-table-size-checks.patch new file mode 100644 index 0000000..4ff1ad9 --- /dev/null +++ b/SystemTap-1.0-unwind-table-size-checks.patch @@ -0,0 +1,180 @@ +diff --git a/runtime/unwind.c b/runtime/unwind.c +index 00108a3..7607770 100644 +--- a/runtime/unwind.c ++++ b/runtime/unwind.c +@@ -88,7 +88,7 @@ static sleb128_t get_sleb128(const u8 **pcur, const u8 *end) + + /* given an FDE, find its CIE */ + static const u32 *cie_for_fde(const u32 *fde, void *unwind_data, +- int is_ehframe) ++ uint32_t table_len, int is_ehframe) + { + const u32 *cie; + +@@ -118,6 +118,11 @@ static const u32 *cie_for_fde(const u32 *fde, void *unwind_data, + else + cie = unwind_data + fde[1]; + ++ /* Make sure address falls in the table */ ++ if (((void *)cie) < ((void*)unwind_data) ++ || ((void*)cie) > ((void*)(unwind_data + table_len))) ++ return NULL; ++ + if (*cie <= sizeof(*cie) + 4 || *cie >= fde[1] - sizeof(*fde) + || (*cie & (sizeof(*cie) - 1)) + || (cie[1] != 0xffffffff && cie[1] != 0)) { +@@ -200,7 +205,8 @@ static unsigned long read_pointer(const u8 **pLoc, const void *end, signed ptrTy + return value; + } + +-static signed fde_pointer_type(const u32 *cie) ++static signed fde_pointer_type(const u32 *cie, void *unwind_data, ++ uint32_t table_len) + { + const u8 *ptr = (const u8 *)(cie + 2); + unsigned version = *ptr; +@@ -212,11 +218,16 @@ static signed fde_pointer_type(const u32 *cie) + const u8 *end = (const u8 *)(cie + 1) + *cie; + uleb128_t len; + ++ /* end of cie should fall within unwind table. */ ++ if (((void*)end) < ((void *)unwind_data) ++ || ((void *)end) > ((void *)(unwind_data + table_len))) ++ return -1; ++ + /* check if augmentation size is first (and thus present) */ + if (*ptr != 'z') + return -1; + /* check if augmentation string is nul-terminated */ +- if ((ptr = memchr(aug = (const void *)ptr, 0, end - ptr)) == NULL) ++ if ((ptr = memchr(aug = (const void *)ptr, 0, end - ptr)) == NULL) + return -1; + ++ptr; /* skip terminator */ + get_uleb128(&ptr, end); /* skip code alignment */ +@@ -267,6 +278,10 @@ static void set_rule(uleb128_t reg, enum item_location where, uleb128_t value, s + } + } + ++/* Limit the number of instructions we process. Arbitrary limit. ++ 512 should be enough for anybody... */ ++#define MAX_CFI 512 ++ + static int processCFI(const u8 *start, const u8 *end, unsigned long targetLoc, signed ptrType, struct unwind_state *state) + { + union { +@@ -276,6 +291,9 @@ static int processCFI(const u8 *start, const u8 *end, unsigned long targetLoc, s + } ptr; + int result = 1; + ++ if (end - start > MAX_CFI) ++ return 0; ++ + dbug_unwind(1, "targetLoc=%lx state->loc=%lx\n", targetLoc, state->loc); + if (start != state->cieStart) { + state->loc = state->org; +@@ -606,10 +624,10 @@ static int unwind_frame(struct unwind_frame_info *frame, + + /* found the fde, now set startLoc and endLoc */ + if (fde != NULL) { +- cie = cie_for_fde(fde, table, is_ehframe); ++ cie = cie_for_fde(fde, table, table_len, is_ehframe); + if (likely(cie != NULL && cie != &bad_cie && cie != ¬_fde)) { + ptr = (const u8 *)(fde + 2); +- ptrType = fde_pointer_type(cie); ++ ptrType = fde_pointer_type(cie, table, table_len); + startLoc = read_pointer(&ptr, (const u8 *)(fde + 1) + *fde, ptrType); + startLoc = adjustStartLoc(startLoc, m, s, ptrType, is_ehframe); + +@@ -632,12 +650,12 @@ static int unwind_frame(struct unwind_frame_info *frame, + for (fde = table, tableSize = table_len; cie = NULL, tableSize > sizeof(*fde) + && tableSize - sizeof(*fde) >= *fde; tableSize -= sizeof(*fde) + *fde, fde += 1 + *fde / sizeof(*fde)) { + dbug_unwind(3, "fde=%lx tableSize=%d\n", (long)*fde, (int)tableSize); +- cie = cie_for_fde(fde, table, is_ehframe); ++ cie = cie_for_fde(fde, table, table_len, is_ehframe); + if (cie == &bad_cie) { + cie = NULL; + break; + } +- if (cie == NULL || cie == ¬_fde || (ptrType = fde_pointer_type(cie)) < 0) ++ if (cie == NULL || cie == ¬_fde || (ptrType = fde_pointer_type(cie, table, table_len)) < 0) + continue; + + ptr = (const u8 *)(fde + 2); +@@ -666,6 +684,12 @@ static int unwind_frame(struct unwind_frame_info *frame, + state.cieEnd = ptr; /* keep here temporarily */ + ptr = (const u8 *)(cie + 2); + end = (const u8 *)(cie + 1) + *cie; ++ ++ /* end should fall within unwind table. */ ++ if (((void *)end) < table ++ || ((void *)end) > ((void *)(table + table_len))) ++ goto err; ++ + frame->call_frame = 1; + if ((state.version = *ptr) != 1) { + dbug_unwind(1, "CIE version number is %d. 1 is supported.\n", state.version); +@@ -723,6 +747,11 @@ static int unwind_frame(struct unwind_frame_info *frame, + state.cieEnd = end; + end = (const u8 *)(fde + 1) + *fde; + ++ /* end should fall within unwind table. */ ++ if (((void*)end) < table ++ || ((void *)end) > ((void *)(table + table_len))) ++ goto err; ++ + /* skip augmentation */ + if (((const char *)(cie + 2))[1] == 'z') { + uleb128_t augSize = get_uleb128(&ptr, end); +diff --git a/runtime/unwind/unwind.h b/runtime/unwind/unwind.h +index 285a3a3..023ea60 100644 +--- a/runtime/unwind/unwind.h ++++ b/runtime/unwind/unwind.h +@@ -143,8 +143,10 @@ static unsigned long read_pointer(const u8 **pLoc, + const void *end, + signed ptrType); + static const u32 bad_cie, not_fde; +-static const u32 *cie_for_fde(const u32 *fde, void *table, int is_ehframe); +-static signed fde_pointer_type(const u32 *cie); ++static const u32 *cie_for_fde(const u32 *fde, void *table, ++ uint32_t table_len, int is_ehframe); ++static signed fde_pointer_type(const u32 *cie, ++ void *table, uint32_t table_len); + + + #endif /* STP_USE_DWARF_UNWINDER */ +diff --git a/translate.cxx b/translate.cxx +index bc5d615..9d456bc 100644 +--- a/translate.cxx ++++ b/translate.cxx +@@ -29,6 +29,11 @@ extern "C" { + #include + } + ++// Max unwind table size (debug or eh) per module. Somewhat arbitrary ++// limit (a bit more than twice the .debug_frame size of my local ++// vmlinux for 2.6.31.4-83.fc12.x86_64) ++#define MAX_UNWIND_TABLE_SIZE (3 * 1024 * 1024) ++ + using namespace std; + + struct var; +@@ -4785,6 +4790,9 @@ dump_unwindsyms (Dwfl_Module *m, + get_unwind_data (m, &debug_frame, &eh_frame, &debug_len, &eh_len, &eh_addr); + if (debug_frame != NULL && debug_len > 0) + { ++ if (debug_len > MAX_UNWIND_TABLE_SIZE) ++ throw semantic_error ("module debug unwind table size too big"); ++ + c->output << "#if defined(STP_USE_DWARF_UNWINDER) && defined(STP_NEED_UNWIND_DATA)\n"; + c->output << "static uint8_t _stp_module_" << stpmod_idx + << "_debug_frame[] = \n"; +@@ -4802,6 +4810,9 @@ dump_unwindsyms (Dwfl_Module *m, + + if (eh_frame != NULL && eh_len > 0) + { ++ if (eh_len > MAX_UNWIND_TABLE_SIZE) ++ throw semantic_error ("module eh unwind table size too big"); ++ + c->output << "#if defined(STP_USE_DWARF_UNWINDER) && defined(STP_NEED_UNWIND_DATA)\n"; + c->output << "static uint8_t _stp_module_" << stpmod_idx + << "_eh_frame[] = \n"; diff --git a/systemtap.spec b/systemtap.spec index 960d2e1..557e7f1 100644 --- a/systemtap.spec +++ b/systemtap.spec @@ -9,7 +9,7 @@ Name: systemtap Version: 1.0 -Release: 1%{?dist} +Release: 2%{?dist} # for version, see also configure.ac Summary: Instrumentation System Group: Development/System @@ -61,6 +61,11 @@ BuildRequires: xmlto /usr/share/xmlto/format/fo/pdf BuildRequires: gtkmm24-devel >= 2.8 %endif +# Fix three --unprivileged DOS issues (CVE-2009-2911) +Patch10: SystemTap-1.0-limit-printf-arguments.patch +Patch11: SystemTap-1.0-limit-dwarf-expression-stack-size.patch +Patch12: SystemTap-1.0-unwind-table-size-checks.patch + %description SystemTap is an instrumentation system for systems running Linux 2.6. Developers can write instrumentation to collect data on the operation @@ -164,6 +169,11 @@ find . \( -name configure -o -name config.h.in \) -print | xargs touch cd .. %endif +# Fix three --unprivileged DOS issues (CVE-2009-2911) +%patch10 -p1 +%patch11 -p1 +%patch12 -p1 + %build %if %{with_bundled_elfutils} @@ -387,6 +397,9 @@ exit 0 %changelog +* Wed Oct 21 2009 Josh Stone - 1.0-2 +- Fix three --unprivileged DOS issues (CVE-2009-2911) + * Tue Sep 22 2009 Josh Stone - 1.0-1 - Upstream release. From 2fb7820ee4b0a07d6c6c738f11aba9ef08d335ab Mon Sep 17 00:00:00 2001 From: Bill Nottingham Date: Thu, 26 Nov 2009 01:47:46 +0000 Subject: [PATCH 03/10] Fix typo that causes a failure to update the common directory. (releng #2781) --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index b4e41c2..f13fb3c 100644 --- a/Makefile +++ b/Makefile @@ -1,10 +1,10 @@ # Makefile for source rpm: systemtap -# $Id: Makefile,v 1.2 2006/07/19 22:31:35 roland Exp $ +# $Id: Makefile,v 1.3 2007/10/15 19:26:53 notting Exp $ NAME := systemtap SPECFILE = $(firstword $(wildcard *.spec)) define find-makefile-common -for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done +for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done endef MAKEFILE_COMMON := $(shell $(find-makefile-common)) From fbc37f47a127df9b8dfec4cf86c69060648dbbb1 Mon Sep 17 00:00:00 2001 From: drsmith2 Date: Fri, 15 Jan 2010 22:36:55 +0000 Subject: [PATCH 04/10] upstream release 1.1 --- .cvsignore | 2 +- ....0-limit-dwarf-expression-stack-size.patch | 123 --------- SystemTap-1.0-limit-printf-arguments.patch | 62 ----- SystemTap-1.0-unwind-table-size-checks.patch | 180 ------------- sources | 2 +- systemtap.spec | 241 ++++++++++++------ 6 files changed, 170 insertions(+), 440 deletions(-) delete mode 100644 SystemTap-1.0-limit-dwarf-expression-stack-size.patch delete mode 100644 SystemTap-1.0-limit-printf-arguments.patch delete mode 100644 SystemTap-1.0-unwind-table-size-checks.patch diff --git a/.cvsignore b/.cvsignore index 5e9d38a..9726faa 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -systemtap-1.0.tar.gz +systemtap-1.1.tar.gz diff --git a/SystemTap-1.0-limit-dwarf-expression-stack-size.patch b/SystemTap-1.0-limit-dwarf-expression-stack-size.patch deleted file mode 100644 index c6d1ea9..0000000 --- a/SystemTap-1.0-limit-dwarf-expression-stack-size.patch +++ /dev/null @@ -1,123 +0,0 @@ -diff --git a/dwflpp.cxx b/dwflpp.cxx -index 636cd38..c31548d 100644 ---- a/dwflpp.cxx -+++ b/dwflpp.cxx -@@ -2272,7 +2272,15 @@ dwflpp::express_as_string (string prelude, - - fprintf(memstream, "{\n"); - fprintf(memstream, "%s", prelude.c_str()); -- bool deref = c_emit_location (memstream, head, 1); -+ -+ unsigned int stack_depth; -+ bool deref = c_emit_location (memstream, head, 1, &stack_depth); -+ -+ // Ensure that DWARF keeps loc2c to a "reasonable" stack size -+ // 32 intptr_t leads to max 256 bytes on the stack -+ if (stack_depth > 32) -+ throw semantic_error("oversized DWARF stack"); -+ - fprintf(memstream, "%s", postlude.c_str()); - fprintf(memstream, " goto out;\n"); - -diff --git a/loc2c-test.c b/loc2c-test.c -index 495a95f..ed7aa4b 100644 ---- a/loc2c-test.c -+++ b/loc2c-test.c -@@ -329,11 +329,14 @@ handle_variable (Dwarf_Die *lscopes, int lnscopes, int out, - "{\n" - " intptr_t value;"); - -- bool deref = c_emit_location (stdout, head, 1); -+ unsigned int stack_depth; -+ bool deref = c_emit_location (stdout, head, 1, &stack_depth); - - obstack_free (&pool, NULL); - -- puts (store ? " return;" : -+ printf (" /* max expression stack depth %u */\n", stack_depth); -+ -+ puts (store ? " return;" : - " printk (\" ---> %ld\\n\", (unsigned long) value);\n" - " return;"); - -diff --git a/loc2c.c b/loc2c.c -index 5d6b549..0716c7d 100644 ---- a/loc2c.c -+++ b/loc2c.c -@@ -2071,7 +2071,8 @@ emit_loc_address (FILE *out, struct location *loc, unsigned int indent, - assign it to an address-sized value. */ - static void - emit_loc_value (FILE *out, struct location *loc, unsigned int indent, -- const char *target, bool declare) -+ const char *target, bool declare, -+ bool *used_deref, unsigned int *max_stack) - { - if (declare) - emit ("%*s%s %s;\n", indent * 2, "", STACK_TYPE, target); -@@ -2091,6 +2092,9 @@ emit_loc_value (FILE *out, struct location *loc, unsigned int indent, - case loc_address: - case loc_value: - emit_loc_address (out, loc, indent, target); -+ *used_deref = *used_deref || loc->address.used_deref; -+ if (loc->address.stack_depth > *max_stack) -+ *max_stack = loc->address.stack_depth; - break; - } - -@@ -2098,7 +2102,8 @@ emit_loc_value (FILE *out, struct location *loc, unsigned int indent, - } - - bool --c_emit_location (FILE *out, struct location *loc, int indent) -+c_emit_location (FILE *out, struct location *loc, int indent, -+ unsigned int *max_stack) - { - emit ("%*s{\n", indent * 2, ""); - -@@ -2134,9 +2139,11 @@ c_emit_location (FILE *out, struct location *loc, int indent) - } - - bool deref = false; -+ *max_stack = 0; - - if (loc->frame_base != NULL) -- emit_loc_value (out, loc->frame_base, indent, "frame_base", true); -+ emit_loc_value (out, loc->frame_base, indent, "frame_base", true, -+ &deref, max_stack); - - for (; loc->next != NULL; loc = loc->next) - switch (loc->type) -@@ -2144,8 +2151,7 @@ c_emit_location (FILE *out, struct location *loc, int indent) - case loc_address: - case loc_value: - /* Emit the program fragment to calculate the address. */ -- emit_loc_value (out, loc, indent + 1, "addr", false); -- deref = deref || loc->address.used_deref; -+ emit_loc_value (out, loc, indent + 1, "addr", false, &deref, max_stack); - break; - - case loc_fragment: -@@ -2172,6 +2178,9 @@ c_emit_location (FILE *out, struct location *loc, int indent) - - emit ("%s%*s}\n", loc->address.program, indent * 2, ""); - -+ if (loc->address.stack_depth > *max_stack) -+ *max_stack = loc->address.stack_depth; -+ - return deref || loc->address.used_deref; - } - -diff --git a/loc2c.h b/loc2c.h -index becf2d8..45d9382 100644 ---- a/loc2c.h -+++ b/loc2c.h -@@ -112,6 +112,7 @@ struct location *c_translate_argument (struct obstack *, - - Writes complete lines of C99, code forming a complete C block, to STREAM. - Return value is true iff that code uses the `deref' runtime macros. */ --bool c_emit_location (FILE *stream, struct location *loc, int indent); -+bool c_emit_location (FILE *stream, struct location *loc, int indent, -+ unsigned int *max_stack); - - /* vim: set sw=2 ts=8 cino=>4,n-2,{2,^-2,t0,(0,u0,w1,M1 : */ - diff --git a/SystemTap-1.0-limit-printf-arguments.patch b/SystemTap-1.0-limit-printf-arguments.patch deleted file mode 100644 index 85c1ad4..0000000 --- a/SystemTap-1.0-limit-printf-arguments.patch +++ /dev/null @@ -1,62 +0,0 @@ -diff --git a/buildrun.cxx b/buildrun.cxx -index 100cbc4..c86a442 100644 ---- a/buildrun.cxx -+++ b/buildrun.cxx -@@ -200,6 +200,9 @@ compile_pass (systemtap_session& s) - - // o << "CFLAGS += -fno-unit-at-a-time" << endl; - -+ // 600 bytes should be enough for anybody -+ o << "EXTRA_CFLAGS += $(call cc-option,-Wframe-larger-than=600)" << endl; -+ - // Assumes linux 2.6 kbuild - o << "EXTRA_CFLAGS += -Wno-unused -Werror" << endl; - #if CHECK_POINTER_ARITH_PR5947 -diff --git a/testsuite/transko/varargs.stp b/testsuite/transko/varargs.stp -new file mode 100755 -index 0000000..f38309a ---- /dev/null -+++ b/testsuite/transko/varargs.stp -@@ -0,0 +1,10 @@ -+#! stap -p3 -+ -+probe begin { -+ // PR10750 enforces at most 32 print args -+ println(1, 2, 3, 4, 5, 6, 7, 8, -+ 9, 10, 11, 12, 13, 14, 15, 16, -+ 17, 18, 19, 20, 21, 22, 23, 24, -+ 25, 26, 27, 28, 29, 30, 31, 32, -+ 33) -+} -diff --git a/testsuite/transok/varargs.stp b/testsuite/transok/varargs.stp -new file mode 100755 -index 0000000..216166f ---- /dev/null -+++ b/testsuite/transok/varargs.stp -@@ -0,0 +1,9 @@ -+#! stap -p3 -+ -+probe begin { -+ // PR10750 enforces at most 32 print args -+ println(1, 2, 3, 4, 5, 6, 7, 8, -+ 9, 10, 11, 12, 13, 14, 15, 16, -+ 17, 18, 19, 20, 21, 22, 23, 24, -+ 25, 26, 27, 28, 29, 30, 31, 32) -+} -diff --git a/translate.cxx b/translate.cxx -index 04a9247..c73a5bd 100644 ---- a/translate.cxx -+++ b/translate.cxx -@@ -4151,6 +4151,11 @@ c_unparser::visit_print_format (print_format* e) - { - stmt_expr block(*this); - -+ // PR10750: Enforce a reasonable limit on # of varargs -+ // 32 varargs leads to max 256 bytes on the stack -+ if (e->args.size() > 32) -+ throw semantic_error("too many arguments to print", e->tok); -+ - // Compute actual arguments - vector tmp; - - diff --git a/SystemTap-1.0-unwind-table-size-checks.patch b/SystemTap-1.0-unwind-table-size-checks.patch deleted file mode 100644 index 4ff1ad9..0000000 --- a/SystemTap-1.0-unwind-table-size-checks.patch +++ /dev/null @@ -1,180 +0,0 @@ -diff --git a/runtime/unwind.c b/runtime/unwind.c -index 00108a3..7607770 100644 ---- a/runtime/unwind.c -+++ b/runtime/unwind.c -@@ -88,7 +88,7 @@ static sleb128_t get_sleb128(const u8 **pcur, const u8 *end) - - /* given an FDE, find its CIE */ - static const u32 *cie_for_fde(const u32 *fde, void *unwind_data, -- int is_ehframe) -+ uint32_t table_len, int is_ehframe) - { - const u32 *cie; - -@@ -118,6 +118,11 @@ static const u32 *cie_for_fde(const u32 *fde, void *unwind_data, - else - cie = unwind_data + fde[1]; - -+ /* Make sure address falls in the table */ -+ if (((void *)cie) < ((void*)unwind_data) -+ || ((void*)cie) > ((void*)(unwind_data + table_len))) -+ return NULL; -+ - if (*cie <= sizeof(*cie) + 4 || *cie >= fde[1] - sizeof(*fde) - || (*cie & (sizeof(*cie) - 1)) - || (cie[1] != 0xffffffff && cie[1] != 0)) { -@@ -200,7 +205,8 @@ static unsigned long read_pointer(const u8 **pLoc, const void *end, signed ptrTy - return value; - } - --static signed fde_pointer_type(const u32 *cie) -+static signed fde_pointer_type(const u32 *cie, void *unwind_data, -+ uint32_t table_len) - { - const u8 *ptr = (const u8 *)(cie + 2); - unsigned version = *ptr; -@@ -212,11 +218,16 @@ static signed fde_pointer_type(const u32 *cie) - const u8 *end = (const u8 *)(cie + 1) + *cie; - uleb128_t len; - -+ /* end of cie should fall within unwind table. */ -+ if (((void*)end) < ((void *)unwind_data) -+ || ((void *)end) > ((void *)(unwind_data + table_len))) -+ return -1; -+ - /* check if augmentation size is first (and thus present) */ - if (*ptr != 'z') - return -1; - /* check if augmentation string is nul-terminated */ -- if ((ptr = memchr(aug = (const void *)ptr, 0, end - ptr)) == NULL) -+ if ((ptr = memchr(aug = (const void *)ptr, 0, end - ptr)) == NULL) - return -1; - ++ptr; /* skip terminator */ - get_uleb128(&ptr, end); /* skip code alignment */ -@@ -267,6 +278,10 @@ static void set_rule(uleb128_t reg, enum item_location where, uleb128_t value, s - } - } - -+/* Limit the number of instructions we process. Arbitrary limit. -+ 512 should be enough for anybody... */ -+#define MAX_CFI 512 -+ - static int processCFI(const u8 *start, const u8 *end, unsigned long targetLoc, signed ptrType, struct unwind_state *state) - { - union { -@@ -276,6 +291,9 @@ static int processCFI(const u8 *start, const u8 *end, unsigned long targetLoc, s - } ptr; - int result = 1; - -+ if (end - start > MAX_CFI) -+ return 0; -+ - dbug_unwind(1, "targetLoc=%lx state->loc=%lx\n", targetLoc, state->loc); - if (start != state->cieStart) { - state->loc = state->org; -@@ -606,10 +624,10 @@ static int unwind_frame(struct unwind_frame_info *frame, - - /* found the fde, now set startLoc and endLoc */ - if (fde != NULL) { -- cie = cie_for_fde(fde, table, is_ehframe); -+ cie = cie_for_fde(fde, table, table_len, is_ehframe); - if (likely(cie != NULL && cie != &bad_cie && cie != ¬_fde)) { - ptr = (const u8 *)(fde + 2); -- ptrType = fde_pointer_type(cie); -+ ptrType = fde_pointer_type(cie, table, table_len); - startLoc = read_pointer(&ptr, (const u8 *)(fde + 1) + *fde, ptrType); - startLoc = adjustStartLoc(startLoc, m, s, ptrType, is_ehframe); - -@@ -632,12 +650,12 @@ static int unwind_frame(struct unwind_frame_info *frame, - for (fde = table, tableSize = table_len; cie = NULL, tableSize > sizeof(*fde) - && tableSize - sizeof(*fde) >= *fde; tableSize -= sizeof(*fde) + *fde, fde += 1 + *fde / sizeof(*fde)) { - dbug_unwind(3, "fde=%lx tableSize=%d\n", (long)*fde, (int)tableSize); -- cie = cie_for_fde(fde, table, is_ehframe); -+ cie = cie_for_fde(fde, table, table_len, is_ehframe); - if (cie == &bad_cie) { - cie = NULL; - break; - } -- if (cie == NULL || cie == ¬_fde || (ptrType = fde_pointer_type(cie)) < 0) -+ if (cie == NULL || cie == ¬_fde || (ptrType = fde_pointer_type(cie, table, table_len)) < 0) - continue; - - ptr = (const u8 *)(fde + 2); -@@ -666,6 +684,12 @@ static int unwind_frame(struct unwind_frame_info *frame, - state.cieEnd = ptr; /* keep here temporarily */ - ptr = (const u8 *)(cie + 2); - end = (const u8 *)(cie + 1) + *cie; -+ -+ /* end should fall within unwind table. */ -+ if (((void *)end) < table -+ || ((void *)end) > ((void *)(table + table_len))) -+ goto err; -+ - frame->call_frame = 1; - if ((state.version = *ptr) != 1) { - dbug_unwind(1, "CIE version number is %d. 1 is supported.\n", state.version); -@@ -723,6 +747,11 @@ static int unwind_frame(struct unwind_frame_info *frame, - state.cieEnd = end; - end = (const u8 *)(fde + 1) + *fde; - -+ /* end should fall within unwind table. */ -+ if (((void*)end) < table -+ || ((void *)end) > ((void *)(table + table_len))) -+ goto err; -+ - /* skip augmentation */ - if (((const char *)(cie + 2))[1] == 'z') { - uleb128_t augSize = get_uleb128(&ptr, end); -diff --git a/runtime/unwind/unwind.h b/runtime/unwind/unwind.h -index 285a3a3..023ea60 100644 ---- a/runtime/unwind/unwind.h -+++ b/runtime/unwind/unwind.h -@@ -143,8 +143,10 @@ static unsigned long read_pointer(const u8 **pLoc, - const void *end, - signed ptrType); - static const u32 bad_cie, not_fde; --static const u32 *cie_for_fde(const u32 *fde, void *table, int is_ehframe); --static signed fde_pointer_type(const u32 *cie); -+static const u32 *cie_for_fde(const u32 *fde, void *table, -+ uint32_t table_len, int is_ehframe); -+static signed fde_pointer_type(const u32 *cie, -+ void *table, uint32_t table_len); - - - #endif /* STP_USE_DWARF_UNWINDER */ -diff --git a/translate.cxx b/translate.cxx -index bc5d615..9d456bc 100644 ---- a/translate.cxx -+++ b/translate.cxx -@@ -29,6 +29,11 @@ extern "C" { - #include - } - -+// Max unwind table size (debug or eh) per module. Somewhat arbitrary -+// limit (a bit more than twice the .debug_frame size of my local -+// vmlinux for 2.6.31.4-83.fc12.x86_64) -+#define MAX_UNWIND_TABLE_SIZE (3 * 1024 * 1024) -+ - using namespace std; - - struct var; -@@ -4785,6 +4790,9 @@ dump_unwindsyms (Dwfl_Module *m, - get_unwind_data (m, &debug_frame, &eh_frame, &debug_len, &eh_len, &eh_addr); - if (debug_frame != NULL && debug_len > 0) - { -+ if (debug_len > MAX_UNWIND_TABLE_SIZE) -+ throw semantic_error ("module debug unwind table size too big"); -+ - c->output << "#if defined(STP_USE_DWARF_UNWINDER) && defined(STP_NEED_UNWIND_DATA)\n"; - c->output << "static uint8_t _stp_module_" << stpmod_idx - << "_debug_frame[] = \n"; -@@ -4802,6 +4810,9 @@ dump_unwindsyms (Dwfl_Module *m, - - if (eh_frame != NULL && eh_len > 0) - { -+ if (eh_len > MAX_UNWIND_TABLE_SIZE) -+ throw semantic_error ("module eh unwind table size too big"); -+ - c->output << "#if defined(STP_USE_DWARF_UNWINDER) && defined(STP_NEED_UNWIND_DATA)\n"; - c->output << "static uint8_t _stp_module_" << stpmod_idx - << "_eh_frame[] = \n"; diff --git a/sources b/sources index c9f92fb..4a5d6e0 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -e11c9ec18f3b269b846054e9ca33011a systemtap-1.0.tar.gz +bb760f76ecc400ed4d44a1399a06ca33 systemtap-1.1.tar.gz diff --git a/systemtap.spec b/systemtap.spec index 557e7f1..3a0a120 100644 --- a/systemtap.spec +++ b/systemtap.spec @@ -1,15 +1,18 @@ -%{!?with_sqlite: %define with_sqlite 1} -%{!?with_docs: %define with_docs 1} -%{!?with_crash: %define with_crash 0} -%{!?with_rpm: %define with_rpm 1} -%{!?with_bundled_elfutils: %define with_bundled_elfutils 0} -%{!?elfutils_version: %define elfutils_version 0.127} -%{!?pie_supported: %define pie_supported 1} -%{!?with_grapher: %define with_grapher 1} +%{!?with_sqlite: %global with_sqlite 1} +%{!?with_docs: %global with_docs 1} +%{!?with_crash: %global with_crash 0} +%{!?with_rpm: %global with_rpm 1} +%{!?with_bundled_elfutils: %global with_bundled_elfutils 0} +%{!?elfutils_version: %global elfutils_version 0.127} +%{!?pie_supported: %global pie_supported 1} +%{!?with_grapher: %global with_grapher 1} +%{!?with_boost: %global with_boost 0} +%{!?with_publican: %global with_publican 1} +%{!?publican_brand: %global publican_brand fedora} Name: systemtap -Version: 1.0 -Release: 2%{?dist} +Version: 1.1 +Release: 1%{?dist} # for version, see also configure.ac Summary: Instrumentation System Group: Development/System @@ -23,6 +26,10 @@ Requires: kernel >= 2.6.9-11 %if %{with_sqlite} BuildRequires: sqlite-devel %endif +# Needed for libstd++ < 4.0, without +%if %{with_boost} +BuildRequires: boost-devel +%endif %if %{with_crash} BuildRequires: crash-devel zlib-devel %endif @@ -41,7 +48,7 @@ BuildRequires: nss-devel nss-tools pkgconfig Source1: elfutils-%{elfutils_version}.tar.gz Patch1: elfutils-portability.patch BuildRequires: m4 -%define setup_elfutils -a1 +%global setup_elfutils -a1 %else BuildRequires: elfutils-devel >= %{elfutils_version} %endif @@ -55,16 +62,21 @@ BuildRequires: /usr/bin/latex /usr/bin/dvips /usr/bin/ps2pdf latex2html # called 'xmlto-tex'. To avoid a specific F10 BuildReq, we'll do a # file-based buildreq on '/usr/share/xmlto/format/fo/pdf'. BuildRequires: xmlto /usr/share/xmlto/format/fo/pdf +%if %{with_publican} +BuildRequires: publican +BuildRequires: publican-%{publican_brand} +%endif %endif %if %{with_grapher} BuildRequires: gtkmm24-devel >= 2.8 +BuildRequires: libglademm24-devel >= 2.6.7 +# If 'with_boost' isn't set, the boost-devel build requirement hasn't +# been specified yet. +%if ! %{with_boost} +BuildRequires: boost-devel +%endif %endif - -# Fix three --unprivileged DOS issues (CVE-2009-2911) -Patch10: SystemTap-1.0-limit-printf-arguments.patch -Patch11: SystemTap-1.0-limit-dwarf-expression-stack-size.patch -Patch12: SystemTap-1.0-unwind-table-size-checks.patch %description SystemTap is an instrumentation system for systems running Linux 2.6. @@ -118,6 +130,10 @@ URL: http://sourceware.org/systemtap/ Requires: systemtap Requires: avahi avahi-tools nss nss-tools mktemp Requires: zip unzip +Requires(post): chkconfig +Requires(preun): chkconfig +Requires(preun): initscripts +Requires(postun): initscripts %description server This is the remote script compilation server component of systemtap. @@ -134,14 +150,18 @@ URL: http://sourceware.org/systemtap/ Support tools to allow applications to use static probes. %package initscript -Summary: Systemtap Initscript +Summary: Systemtap Initscripts Group: Development/System License: GPLv2+ URL: http://sourceware.org/systemtap/ -Requires: systemtap-runtime, initscripts +Requires: systemtap-runtime +Requires(post): chkconfig +Requires(preun): chkconfig +Requires(preun): initscripts +Requires(postun): initscripts %description initscript -Initscript for Systemtap scripts. +Initscript for Systemtap scripts %if %{with_grapher} %package grapher @@ -169,70 +189,71 @@ find . \( -name configure -o -name config.h.in \) -print | xargs touch cd .. %endif -# Fix three --unprivileged DOS issues (CVE-2009-2911) -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 - %build %if %{with_bundled_elfutils} # Build our own copy of elfutils. -%define elfutils_config --with-elfutils=elfutils-%{elfutils_version} +%global elfutils_config --with-elfutils=elfutils-%{elfutils_version} # We have to prevent the standard dependency generation from identifying # our private elfutils libraries in our provides and requires. -%define _use_internal_dependency_generator 0 -%define filter_eulibs() /bin/sh -c "%{1} | sed '/libelf/d;/libdw/d;/libebl/d'" -%define __find_provides %{filter_eulibs /usr/lib/rpm/find-provides} -%define __find_requires %{filter_eulibs /usr/lib/rpm/find-requires} +%global _use_internal_dependency_generator 0 +%global filter_eulibs() /bin/sh -c "%{1} | sed '/libelf/d;/libdw/d;/libebl/d'" +%global __find_provides %{filter_eulibs /usr/lib/rpm/find-provides} +%global __find_requires %{filter_eulibs /usr/lib/rpm/find-requires} # This will be needed for running stap when not installed, for the test suite. -%define elfutils_mflags LD_LIBRARY_PATH=`pwd`/lib-elfutils +%global elfutils_mflags LD_LIBRARY_PATH=`pwd`/lib-elfutils %endif # Enable/disable the sqlite coverage testing support %if %{with_sqlite} -%define sqlite_config --enable-sqlite +%global sqlite_config --enable-sqlite %else -%define sqlite_config --disable-sqlite +%global sqlite_config --disable-sqlite %endif # Enable/disable the crash extension %if %{with_crash} -%define crash_config --enable-crash +%global crash_config --enable-crash %else -%define crash_config --disable-crash +%global crash_config --disable-crash %endif # Enable/disable the code to find and suggest needed rpms %if %{with_rpm} -%define rpm_config --with-rpm +%global rpm_config --with-rpm %else -%define rpm_config --without-rpm +%global rpm_config --without-rpm %endif %if %{with_docs} -%define docs_config --enable-docs +%global docs_config --enable-docs %else -%define docs_config --disable-docs +%global docs_config --disable-docs %endif # Enable pie as configure defaults to disabling it %if %{pie_supported} -%define pie_config --enable-pie +%global pie_config --enable-pie %else -%define pie_config --disable-pie +%global pie_config --disable-pie %endif %if %{with_grapher} -%define grapher_config --enable-grapher +%global grapher_config --enable-grapher %else -%define grapher_config --disable-grapher +%global grapher_config --disable-grapher +%endif + +%if %{with_publican} +%global publican_config --enable-publican --with-publican-brand=%{publican_brand} +%else +%global publican_config --disable-publican %endif -%configure %{?elfutils_config} %{sqlite_config} %{crash_config} %{docs_config} %{pie_config} %{grapher_config} %{rpm_config} +%configure %{?elfutils_config} %{sqlite_config} %{crash_config} %{docs_config} %{pie_config} %{grapher_config} %{publican_config} %{rpm_config} --disable-silent-rules make %{?_smp_mflags} %install @@ -265,17 +286,28 @@ cp -rp testsuite $RPM_BUILD_ROOT%{_datadir}/systemtap mkdir docs.installed mv $RPM_BUILD_ROOT%{_datadir}/doc/systemtap/*.pdf docs.installed/ mv $RPM_BUILD_ROOT%{_datadir}/doc/systemtap/tapsets docs.installed/ +%if %{with_publican} +mv $RPM_BUILD_ROOT%{_datadir}/doc/systemtap/SystemTap_Beginners_Guide docs.installed/ +%endif %endif -mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/init.d/ -install -m 755 initscript/systemtap $RPM_BUILD_ROOT%{_sysconfdir}/init.d/ +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/ +install -m 755 initscript/systemtap $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/ mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemtap mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemtap/conf.d mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemtap/script.d -install -m 644 initscript/config $RPM_BUILD_ROOT%{_sysconfdir}/systemtap +install -m 644 initscript/config.systemtap $RPM_BUILD_ROOT%{_sysconfdir}/systemtap/config mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/systemtap mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/run/systemtap +install -m 755 initscript/stap-server $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/ +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/stap-server +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/stap-server/conf.d +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig +install -m 644 initscript/config.stap-server $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/stap-server +mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log +touch $RPM_BUILD_ROOT%{_localstatedir}/log/stap-server.log + %clean rm -rf ${RPM_BUILD_ROOT} @@ -284,12 +316,67 @@ getent group stapdev >/dev/null || groupadd -r stapdev getent group stapusr >/dev/null || groupadd -r stapusr exit 0 +%pre server +getent group stap-server >/dev/null || groupadd -r stap-server +getent passwd stap-server >/dev/null || useradd -c "Systemtap Compile Server" -g stap-server -d %{_localstatedir}/lib/stap-server -m -r -s /sbin/nologin stap-server +chmod 755 %{_localstatedir}/lib/stap-server +exit 0 + +%post server +chmod 664 %{_localstatedir}/log/stap-server.log +chown stap-server %{_localstatedir}/log/stap-server.log +chgrp stap-server %{_localstatedir}/log/stap-server.log +# Make sure that the uprobes module can be built by the server +test -e /usr/share/systemtap/runtime/uprobes || mkdir -p /usr/share/systemtap/runtime/uprobes +chgrp stap-server /usr/share/systemtap/runtime/uprobes +chmod 775 /usr/share/systemtap/runtime/uprobes +# As stap-server, generate the certificate used for signing and for ssl. +runuser -s /bin/sh - stap-server -c %{_libexecdir}/%{name}/stap-gen-cert >/dev/null +# Authorize the certificate as a trusted ssl peer and as a trusted signer +# local host. +%{_bindir}/stap-authorize-server-cert %{_localstatedir}/lib/stap-server/.systemtap/ssl/server/stap.cert +%{_bindir}/stap-authorize-signing-cert %{_localstatedir}/lib/stap-server/.systemtap/ssl/server/stap.cert + +# Activate the service +/sbin/chkconfig --add stap-server +exit 0 + +%preun server +# Check that this is the actual deinstallation of the package, as opposed to +# just removing the old package on upgrade. +if [ $1 = 0 ] ; then + /sbin/service stap-server stop >/dev/null 2>&1 + /sbin/chkconfig --del stap-server +fi +exit 0 + +%postun server +# Check whether this is an upgrade of the package. +# If so, restart the service if it's running +if [ "$1" -ge "1" ] ; then + /sbin/service stap-server condrestart >/dev/null 2>&1 || : +fi +exit 0 + %post initscript -chkconfig --add systemtap +/sbin/chkconfig --add systemtap exit 0 %preun initscript -chkconfig --del systemtap +# Check that this is the actual deinstallation of the package, as opposed to +# just removing the old package on upgrade. +if [ $1 = 0 ] ; then + /sbin/service systemtap stop >/dev/null 2>&1 + /sbin/chkconfig --del systemtap +fi +exit 0 + +%postun initscript +# Check whether this is an upgrade of the package. +# If so, restart the service if it's running +if [ "$1" -ge "1" ] ; then + /sbin/service systemtap condrestart >/dev/null 2>&1 || : +fi exit 0 %post @@ -309,14 +396,13 @@ exit 0 %if %{with_docs} %doc docs.installed/*.pdf %doc docs.installed/tapsets +%if %{with_publican} +%doc docs.installed/SystemTap_Beginners_Guide +%endif %endif %{_bindir}/stap %{_bindir}/stap-report -%{_bindir}/stap-env -%{_bindir}/stap-gen-cert -%{_bindir}/stap-authorize-cert -%{_bindir}/stap-authorize-signing-cert %{_mandir}/man1/* %{_mandir}/man3/* @@ -338,8 +424,12 @@ exit 0 %defattr(-,root,root) %attr(4111,root,root) %{_bindir}/staprun %{_bindir}/stap-report -%{_libexecdir}/%{name} +%{_bindir}/stap-authorize-signing-cert +%{_libexecdir}/%{name}/stapio +%{_libexecdir}/%{name}/stap-env +%{_libexecdir}/%{name}/stap-authorize-cert %{_mandir}/man8/staprun.8* +%{_mandir}/man8/stap-authorize-signing-cert.8* %doc README AUTHORS NEWS COPYING @@ -350,28 +440,32 @@ exit 0 %files client %defattr(-,root,root) %{_bindir}/stap-client -%{_bindir}/stap-env -%{_bindir}/stap-find-servers -%{_bindir}/stap-authorize-cert %{_bindir}/stap-authorize-server-cert -%{_bindir}/stap-client-connect -%{_mandir}/man8/stap-server.8* +%{_libexecdir}/%{name}/stap-find-servers +%{_libexecdir}/%{name}/stap-client-connect +%{_mandir}/man8/stap-client.8* +%{_mandir}/man8/stap-authorize-server-cert.8* %files server %defattr(-,root,root) -%{_bindir}/stap-server -%{_bindir}/stap-serverd -%{_bindir}/stap-env -%{_bindir}/stap-start-server -%{_bindir}/stap-find-servers -%{_bindir}/stap-find-or-start-server -%{_bindir}/stap-stop-server -%{_bindir}/stap-gen-cert -%{_bindir}/stap-authorize-cert %{_bindir}/stap-authorize-server-cert -%{_bindir}/stap-server-connect -%{_bindir}/stap-sign-module +%{_bindir}/stap-server +%{_libexecdir}/%{name}/stap-serverd +%{_libexecdir}/%{name}/stap-start-server +%{_libexecdir}/%{name}/stap-find-servers +%{_libexecdir}/%{name}/stap-find-or-start-server +%{_libexecdir}/%{name}/stap-stop-server +%{_libexecdir}/%{name}/stap-gen-cert +%{_libexecdir}/%{name}/stap-server-connect +%{_libexecdir}/%{name}/stap-sign-module %{_mandir}/man8/stap-server.8* +%{_mandir}/man8/stap-authorize-server-cert.8* +%{_sysconfdir}/rc.d/init.d/stap-server +%dir %{_sysconfdir}/stap-server +%dir %{_sysconfdir}/stap-server/conf.d +%config(noreplace) %{_sysconfdir}/sysconfig/stap-server +%{_localstatedir}/log/stap-server.log +%doc initscript/README.stap-server %files sdt-devel %defattr(-,root,root) @@ -380,25 +474,26 @@ exit 0 %files initscript %defattr(-,root,root) -%{_sysconfdir}/init.d/systemtap +%{_sysconfdir}/rc.d/init.d/systemtap %dir %{_sysconfdir}/systemtap %dir %{_sysconfdir}/systemtap/conf.d %dir %{_sysconfdir}/systemtap/script.d %config(noreplace) %{_sysconfdir}/systemtap/config %dir %{_localstatedir}/cache/systemtap %dir %{_localstatedir}/run/systemtap -%doc initscript/README.initscript +%doc initscript/README.systemtap %if %{with_grapher} %files grapher %defattr(-,root,root) %{_bindir}/stapgraph +%{_datadir}/%{name}/*.glade %endif %changelog -* Wed Oct 21 2009 Josh Stone - 1.0-2 -- Fix three --unprivileged DOS issues (CVE-2009-2911) +* Mon Dec 21 2009 David Smith - 1.1-1 +- Upstream release. * Tue Sep 22 2009 Josh Stone - 1.0-1 - Upstream release. From 42cafcb7a1bc781caf9d107343e1ba2d4445f319 Mon Sep 17 00:00:00 2001 From: Mark Wielaard Date: Mon, 15 Feb 2010 16:15:27 +0000 Subject: [PATCH 05/10] - Add systemtap-1.1-cfi-cfa_ops-fixes.patch - Resolves RHBZ #564429 - Add systemtap-1.1-get_argv.patch - Resolves CVE-2010-0411 - Add systemtap-1.1-tighten-server-params.patch (excluding testsuite) - Resolves CVE-2010-0412, CVE-2009-4273 --- systemtap-1.1-cfi-cfa_ops-fixes.patch | 283 ++++++++++++++++++++++ systemtap-1.1-get_argv.patch | 183 ++++++++++++++ systemtap-1.1-tighten-server-params.patch | 262 ++++++++++++++++++++ systemtap.spec | 18 +- 4 files changed, 745 insertions(+), 1 deletion(-) create mode 100644 systemtap-1.1-cfi-cfa_ops-fixes.patch create mode 100644 systemtap-1.1-get_argv.patch create mode 100644 systemtap-1.1-tighten-server-params.patch diff --git a/systemtap-1.1-cfi-cfa_ops-fixes.patch b/systemtap-1.1-cfi-cfa_ops-fixes.patch new file mode 100644 index 0000000..ed22ea0 --- /dev/null +++ b/systemtap-1.1-cfi-cfa_ops-fixes.patch @@ -0,0 +1,283 @@ +commit 08d1d520616557f6ff7dd023e260ad6577e9e0e8 +Author: Mark Wielaard +Date: Mon Jan 18 09:13:30 2010 +0100 + + PR11173 Markers get a bad address in prelinked libraries. + + Our literal_addr_to_sym_addr() function was just wrong. To compensate for + raw addresses read from elf (either given by the user or through a mark + transformation) we need to know what the elf_bias is (as returned by + dwfl_module_getelf) before feeding them to any libdwfl functions. + + * tapsets.cxx (query_module_dwarf): Always add elf_bias to raw function or + statement addresses before calling query_addr(). + (query_addr): Don't call literal_addr_to_sym_addr(). + * dwflpp.h (literal_addr_to_sym_addr): Removed. + * dwflpp.cxx (literal_addr_to_sym_addr): Likewise. + +diff --git a/dwflpp.cxx b/dwflpp.cxx +index 7dd31d0..e6fe017 100644 +--- a/dwflpp.cxx ++++ b/dwflpp.cxx +@@ -2771,45 +2771,6 @@ dwflpp::relocate_address(Dwarf_Addr dw_addr, string& reloc_section) + return reloc_addr; + } + +-/* Converts a "global" literal address to the module symbol address +- * space. If necessary (not for kernel and executables using absolute +- * addresses), this adjust the address for the current module symbol +- * bias. Literal addresses are provided by the user (or contained on +- * the .probes section) based on the "on disk" layout of the module. +- */ +-Dwarf_Addr +-dwflpp::literal_addr_to_sym_addr(Dwarf_Addr lit_addr) +-{ +- if (sess.verbose > 2) +- clog << "literal_addr_to_sym_addr 0x" << hex << lit_addr << dec << endl; +- +- // Assume the address came from the symbol list. +- // If we cannot get the symbol bias fall back on the dw bias. +- // The kernel (and other absolute executable modules) is special though. +- if (module_name != TOK_KERNEL +- && dwfl_module_relocations (module) > 0) +- { +- Dwarf_Addr symbias = ~0; +- if (dwfl_module_getsymtab (module) != -1) +- dwfl_module_info (module, NULL, NULL, NULL, NULL, +- &symbias, NULL, NULL); +- +- if (sess.verbose > 3) +- clog << "symbias 0x" << hex << symbias << dec +- << ", dwbias 0x" << hex << module_bias << dec << endl; +- +- if (symbias == (Dwarf_Addr) ~0) +- symbias = module_bias; +- +- lit_addr += symbias; +- } +- +- if (sess.verbose > 2) +- clog << "literal_addr_to_sym_addr ret 0x" << hex << lit_addr << dec << endl; +- +- return lit_addr; +-} +- + /* Returns the call frame address operations for the given program counter + * in the libdw address space. + */ +diff --git a/dwflpp.h b/dwflpp.h +index cdc6ad9..523dd88 100644 +--- a/dwflpp.h ++++ b/dwflpp.h +@@ -284,8 +284,6 @@ struct dwflpp + + Dwarf_Addr relocate_address(Dwarf_Addr addr, std::string& reloc_section); + +- Dwarf_Addr literal_addr_to_sym_addr(Dwarf_Addr lit_addr); +- + + private: + DwflPtr dwfl_ptr; +diff --git a/tapsets.cxx b/tapsets.cxx +index 071f92d..d5c6b25 100644 +--- a/tapsets.cxx ++++ b/tapsets.cxx +@@ -761,6 +761,13 @@ dwarf_query::query_module_dwarf() + // number plus the module's bias. + Dwarf_Addr addr = has_function_num ? + function_num_val : statement_num_val; ++ ++ // These are raw addresses, we need to know what the elf_bias ++ // is to feed it to libdwfl based functions. ++ Dwarf_Addr elf_bias; ++ Elf *elf = dwfl_module_getelf (dw.module, &elf_bias); ++ assert(elf); ++ addr += elf_bias; + query_addr(addr, this); + } + else +@@ -1168,8 +1175,8 @@ query_addr(Dwarf_Addr addr, dwarf_query *q) + { + dwflpp &dw = q->dw; + +- // Translate to and actual sumbol address. +- addr = dw.literal_addr_to_sym_addr(addr); ++ if (q->sess.verbose > 2) ++ clog << "query_addr 0x" << hex << addr << dec << endl; + + // First pick which CU contains this address + Dwarf_Die* cudie = dw.query_cu_containing_address(addr); + +commit 87748e2b87e574d3c83866ccd0d83678c3c68d93 +Author: Mark Wielaard +Date: Tue Feb 2 13:47:19 2010 +0100 + + Make sure cfa_ops are always retrieved through dwfl global address. + + dwflpp::translate_location() works on the dw address space, but + get_cfa_ops() starts out with dwfl calls (only dwarf_cfi_addrframe() + needs to be adjusted for bias). + + * dwflpp.cxx (translate_location): Pass pc plus module bias through to + get_cfa_ops. + (get_cfa_ops): Adjust for bias when calling dwarf_cfi_addrframe(), + add frame start/end address when found if verbose logging. + * testsuite/systemtap.exelib/lib.stp: Add $foo and $bar variables to + process.function probes. + * testsuite/systemtap.exelib/libmarkunamestack.stp: Likewise. + * testsuite/systemtap.exelib/lib.tcl: Expect correct values for + process.function probe variables. + * testsuite/systemtap.exelib/libmarkunamestack.tcl: Likewise. + +diff --git a/dwflpp.cxx b/dwflpp.cxx +index e6fe017..d16411c 100644 +--- a/dwflpp.cxx ++++ b/dwflpp.cxx +@@ -1726,9 +1726,10 @@ dwflpp::translate_location(struct obstack *pool, + e->tok); + } + +- // pc is relative to current module, which is what get_cfa_ops +- // and c_translate_location expects. +- Dwarf_Op *cfa_ops = get_cfa_ops (pc); ++ // pc is in the dw address space of the current module, which is what ++ // c_translate_location expects. get_cfa_ops wants the global dwfl address. ++ Dwarf_Addr addr = pc + module_bias; ++ Dwarf_Op *cfa_ops = get_cfa_ops (addr); + return c_translate_location (pool, &loc2c_error, this, + &loc2c_emit_address, + 1, 0 /* PR9768 */, +@@ -2783,17 +2784,17 @@ dwflpp::get_cfa_ops (Dwarf_Addr pc) + clog << "get_cfa_ops @0x" << hex << pc << dec + << ", module_start @0x" << hex << module_start << dec << endl; + +-#if _ELFUTILS_PREREQ(0,142) + // Try debug_frame first, then fall back on eh_frame. +- size_t cfa_nops; +- Dwarf_Addr bias; ++ size_t cfa_nops = 0; ++ Dwarf_Addr bias = 0; ++ Dwarf_Frame *frame = NULL; ++#if _ELFUTILS_PREREQ(0,142) + Dwarf_CFI *cfi = dwfl_module_dwarf_cfi (module, &bias); + if (cfi != NULL) + { + if (sess.verbose > 3) + clog << "got dwarf cfi bias: 0x" << hex << bias << dec << endl; +- Dwarf_Frame *frame = NULL; +- if (dwarf_cfi_addrframe (cfi, pc, &frame) == 0) ++ if (dwarf_cfi_addrframe (cfi, pc - bias, &frame) == 0) + dwarf_frame_cfa (frame, &cfa_ops, &cfa_nops); + else if (sess.verbose > 3) + clog << "dwarf_cfi_addrframe failed: " << dwarf_errmsg(-1) << endl; +@@ -2809,7 +2810,7 @@ dwflpp::get_cfa_ops (Dwarf_Addr pc) + if (sess.verbose > 3) + clog << "got eh cfi bias: 0x" << hex << bias << dec << endl; + Dwarf_Frame *frame = NULL; +- if (dwarf_cfi_addrframe (cfi, pc, &frame) == 0) ++ if (dwarf_cfi_addrframe (cfi, pc - bias, &frame) == 0) + dwarf_frame_cfa (frame, &cfa_ops, &cfa_nops); + else if (sess.verbose > 3) + clog << "dwarf_cfi_addrframe failed: " << dwarf_errmsg(-1) << endl; +@@ -2821,7 +2822,20 @@ dwflpp::get_cfa_ops (Dwarf_Addr pc) + #endif + + if (sess.verbose > 2) +- clog << (cfa_ops == NULL ? "not " : " ") << "found cfa" << endl; ++ { ++ if (cfa_ops == NULL) ++ clog << "not found cfa" << endl; ++ else ++ { ++ Dwarf_Addr frame_start, frame_end; ++ bool frame_signalp; ++ int info = dwarf_frame_info (frame, &frame_start, &frame_end, ++ &frame_signalp); ++ clog << "found cfa, info:" << info << " [start: 0x" << hex ++ << frame_start << dec << ", end: 0x" << hex << frame_end ++ << dec << "), nops: " << cfa_nops << endl; ++ } ++ } + + return cfa_ops; + } +diff --git a/testsuite/systemtap.exelib/lib.stp b/testsuite/systemtap.exelib/lib.stp +index 0151282..3fdc6db 100644 +--- a/testsuite/systemtap.exelib/lib.stp ++++ b/testsuite/systemtap.exelib/lib.stp +@@ -6,7 +6,7 @@ probe process(@1).function("main") { + } + + probe process(@1).function("main_func") { +- printf("main_func\n"); ++ printf("main_func %d\n", $foo); + } + + probe process(@2).function("lib_main") { +@@ -14,5 +14,5 @@ probe process(@2).function("lib_main") { + } + + probe process(@2).function("lib_func") { +- printf("lib_func\n"); ++ printf("lib_func %d\n", $bar); + } +diff --git a/testsuite/systemtap.exelib/lib.tcl b/testsuite/systemtap.exelib/lib.tcl +index c5b7402..a33290b 100644 +--- a/testsuite/systemtap.exelib/lib.tcl ++++ b/testsuite/systemtap.exelib/lib.tcl +@@ -1,11 +1,11 @@ + set ::result_string {main +-main_func +-main_func +-main_func ++main_func 3 ++main_func 2 ++main_func 1 + lib_main +-lib_func +-lib_func +-lib_func} ++lib_func 3 ++lib_func 2 ++lib_func 1} + + # Only run on make installcheck + if {! [installtest_p]} { untested "lib-$testname"; return } +diff --git a/testsuite/systemtap.exelib/libmarkunamestack.stp b/testsuite/systemtap.exelib/libmarkunamestack.stp +index 0efbae0..5ee229d 100644 +--- a/testsuite/systemtap.exelib/libmarkunamestack.stp ++++ b/testsuite/systemtap.exelib/libmarkunamestack.stp +@@ -7,7 +7,7 @@ probe process(@1).function("main") { + } + + probe process(@1).function("main_func") { +- printf("main_func\n"); ++ printf("main_func: %d\n", $foo); + } + + probe process(@2).function("lib_main") { +@@ -15,7 +15,7 @@ probe process(@2).function("lib_main") { + } + + probe process(@2).function("lib_func") { +- printf("lib_func\n"); ++ printf("lib_func: %d\n", $bar); + } + + #mark +diff --git a/testsuite/systemtap.exelib/libmarkunamestack.tcl b/testsuite/systemtap.exelib/libmarkunamestack.tcl +index 55dc10e..20111b3 100644 +--- a/testsuite/systemtap.exelib/libmarkunamestack.tcl ++++ b/testsuite/systemtap.exelib/libmarkunamestack.tcl +@@ -47,9 +47,9 @@ expect { + + # lib + -re {^main\r\n} {incr lib; exp_continue} +- -re {^main_func\r\n} {incr lib; exp_continue} ++ -re {^main_func: [1-3]\r\n} {incr lib; exp_continue} + -re {^lib_main\r\n} {incr lib; exp_continue} +- -re {^lib_func\r\n} {incr lib; exp_continue} ++ -re {^lib_func: [1-3]\r\n} {incr lib; exp_continue} + + # mark + -re {^main_count: [1-3]\r\n} {incr mark; exp_continue} diff --git a/systemtap-1.1-get_argv.patch b/systemtap-1.1-get_argv.patch new file mode 100644 index 0000000..2f755b0 --- /dev/null +++ b/systemtap-1.1-get_argv.patch @@ -0,0 +1,183 @@ +commit a2d399c87a642190f08ede63dc6fc434a5a8363a +Author: Josh Stone +Date: Thu Feb 4 17:47:31 2010 -0800 + + PR11234: Rewrite __get_argv without embedded-C + + We now implement __get_argv's string building in pure stap script. + Also, every argument is now quoted, which is different than before, but + it's much more robust about handling special characters. + +diff --git a/tapset/aux_syscalls.stp b/tapset/aux_syscalls.stp +index bab0f64..e762b37 100644 +--- a/tapset/aux_syscalls.stp ++++ b/tapset/aux_syscalls.stp +@@ -399,124 +399,53 @@ function __sem_flags:string(semflg:long) + + + /* This function copies an argv from userspace. */ +-function __get_argv:string(a:long, first:long) +-%{ /* pure */ +- char __user *__user *argv = (char __user *__user *)(long)THIS->a; +- char __user *vstr; +- int space, rc, len = MAXSTRINGLEN; +- char *str = THIS->__retvalue; +- char buf[80]; +- char *ptr = buf; +- +- +- if (THIS->first && argv) +- argv++; +- +- while (argv != NULL) { +- if (__stp_get_user (vstr, argv)) +- break; +- +- if (vstr == NULL) +- break; +- +- rc = _stp_strncpy_from_user(buf, vstr, 79); +- if (rc <= 0) +- break; +- +- /* check for whitespace in string */ +- buf[rc] = 0; +- ptr = buf; +- space = 0; +- while (*ptr && rc--) { +- if (isspace(*ptr++)) { +- space = 1; +- break; +- } +- } +- +- if (len != MAXSTRINGLEN && len) { +- *str++=' '; +- len--; +- } +- +- if (space && len) { +- *str++='\"'; +- len--; +- } +- +- rc = strlcpy (str, buf, len); +- str += rc; +- len -= rc; +- +- if (space && len) { +- *str++='\"'; +- len--; +- } +- +- argv++; ++function __get_argv:string(argv:long, first:long) ++{ ++%( CONFIG_64BIT == "y" %? ++ if (first && argv) ++ argv += 8 ++ while (argv) { ++ vstr = user_long(argv) ++ if (!vstr) ++ break ++ if (len) ++ str .= " " ++ str .= user_string_quoted(vstr) ++ ++ newlen = strlen(str) ++ if (newlen == len) ++ break ++ len = newlen ++ argv += 8 + } +- *str = 0; +-%} +-/* This function copies an argv from userspace. */ +-function __get_compat_argv:string(a:long, first:long) +-%{ /* pure */ +-#ifdef CONFIG_COMPAT +- compat_uptr_t __user *__user *argv = (compat_uptr_t __user *__user *)(long)THIS->a; +- compat_uptr_t __user *vstr; +- int space, rc, len = MAXSTRINGLEN; +- char *str = THIS->__retvalue; +- char buf[80]; +- char *ptr = buf; +- +- if (THIS->first && argv) +- argv++; +- +- while (argv != NULL) { +- if (__stp_get_user (vstr, argv)) +- break; +- +- if (vstr == NULL) +- break; +- +- rc = _stp_strncpy_from_user(buf, (char *)vstr, 79); +- if (rc <= 0) +- break; +- +- /* check for whitespace in string */ +- buf[rc] = 0; +- ptr = buf; +- space = 0; +- while (*ptr && rc--) { +- if (isspace(*ptr++)) { +- space = 1; +- break; +- } +- } +- +- if (len != MAXSTRINGLEN && len) { +- *str++=' '; +- len--; +- } +- +- if (space && len) { +- *str++='\"'; +- len--; +- } +- +- rc = strlcpy (str, buf, len); +- str += rc; +- len -= rc; +- +- if (space && len) { +- *str++='\"'; +- len--; +- } + +- argv++; ++ return str ++%: ++ return __get_compat_argv(argv, first) ++%) ++} ++/* This function copies an argv from userspace. */ ++function __get_compat_argv:string(argv:long, first:long) ++{ ++ if (first && argv) ++ argv += 4 ++ while (argv) { ++ vstr = user_int(argv) & 0xffffffff ++ if (!vstr) ++ break ++ if (len) ++ str .= " " ++ str .= user_string_quoted(vstr) ++ ++ newlen = strlen(str) ++ if (newlen == len) ++ break ++ len = newlen ++ argv += 4 + } +- *str = 0; +-#endif +-%} ++ ++ return str ++} + + /* + * Return the symbolic string representation diff --git a/systemtap-1.1-tighten-server-params.patch b/systemtap-1.1-tighten-server-params.patch new file mode 100644 index 0000000..ee0c286 --- /dev/null +++ b/systemtap-1.1-tighten-server-params.patch @@ -0,0 +1,262 @@ +Note: Not including testsuite part. + +commit c0d1b5a004b9949bb455b7dbe17b335b7cab9ead +Author: Frank Ch. Eigler +Date: Fri Feb 12 10:25:43 2010 -0500 + + PR11105 part 2: tighten constraints on stap-server parameters passed to make + + * util.h, util.cxx (assert_match_regexp): New function. + * main.cxx (main): Constrain -R, -r, -a, -D, -S, -q, -B flags. + * stap-serverd (listen): Harden stap-server-connect with ulimit/loop. + +diff --git a/main.cxx b/main.cxx +index 8f5ee72..2dba179 100644 +--- a/main.cxx ++++ b/main.cxx +@@ -57,7 +57,7 @@ version () + << "SystemTap translator/driver " + << "(version " << VERSION << "/" << dwfl_version (NULL) + << " " << GIT_MESSAGE << ")" << endl +- << "Copyright (C) 2005-2009 Red Hat, Inc. and others" << endl ++ << "Copyright (C) 2005-2010 Red Hat, Inc. and others" << endl + << "This is free software; see the source for copying conditions." << endl; + } + +@@ -708,12 +708,12 @@ main (int argc, char * const argv []) + break; + + case 'o': ++ // NB: client_options not a problem, since pass 1-4 does not use output_file. + s.output_file = string (optarg); + break; + + case 'R': +- if (client_options) +- client_options_disallowed += client_options_disallowed.empty () ? "-R" : ", -R"; ++ if (client_options) { cerr << "ERROR: -R invalid with --client-options" << endl; usage(s,1); } + s.runtime_path = string (optarg); + break; + +@@ -722,6 +722,7 @@ main (int argc, char * const argv []) + client_options_disallowed += client_options_disallowed.empty () ? "-m" : ", -m"; + s.module_name = string (optarg); + save_module = true; ++ // XXX: convert to assert_regexp_match() + { + string::size_type len = s.module_name.length(); + +@@ -766,15 +767,14 @@ main (int argc, char * const argv []) + break; + + case 'r': +- if (client_options) +- client_options_disallowed += client_options_disallowed.empty () ? "-r" : ", -r"; ++ if (client_options) // NB: no paths! ++ assert_regexp_match("-r parameter from client", optarg, "^[a-z0-9_\\.-]+$"); + setup_kernel_release(s, optarg); + break; + + case 'a': +- if (client_options) +- client_options_disallowed += client_options_disallowed.empty () ? "-a" : ", -a"; +- s.architecture = string(optarg); ++ assert_regexp_match("-a parameter", optarg, "^[a-z0-9_-]+$"); ++ s.architecture = string(optarg); + break; + + case 'k': +@@ -821,16 +821,19 @@ main (int argc, char * const argv []) + break; + + case 'D': ++ assert_regexp_match ("-D parameter", optarg, "^[a-z_][a-z_0-9]*(=[a-z_0-9]+)?$"); + if (client_options) + client_options_disallowed += client_options_disallowed.empty () ? "-D" : ", -D"; + s.macros.push_back (string (optarg)); + break; + + case 'S': ++ assert_regexp_match ("-S parameter", optarg, "^[0-9]+(,[0-9]+)?$"); + s.size_option = string (optarg); + break; + + case 'q': ++ if (client_options) { cerr << "ERROR: -q invalid with --client-options" << endl; usage(s,1); } + s.tapset_compile_coverage = true; + break; + +@@ -861,9 +864,8 @@ main (int argc, char * const argv []) + break; + + case 'B': +- if (client_options) +- client_options_disallowed += client_options_disallowed.empty () ? "-B" : ", -B"; +- s.kbuildflags.push_back (string (optarg)); ++ if (client_options) { cerr << "ERROR: -B invalid with --client-options" << endl; usage(s,1); } ++ s.kbuildflags.push_back (string (optarg)); + break; + + case 0: +diff --git a/stap-serverd b/stap-serverd +index eda9711..5820286 100755 +--- a/stap-serverd ++++ b/stap-serverd +@@ -360,11 +360,19 @@ function advertise_presence { + function listen { + # The stap-server-connect program will listen forever + # accepting requests. +- ${stap_pkglibexecdir}stap-server-connect \ +- -p $port -n $nss_cert -d $ssl_db -w $nss_pw \ +- -s "$stap_options" \ +- >> $logfile 2>&1 & +- wait '%${stap_pkglibexecdir}stap-server-connect' >> $logfile 2>&1 ++ # CVE-2009-4273 ... or at least, until resource limits fire ++ while true; do # NB: loop to avoid DoS by deliberate rlimit-induced halt ++ # NB: impose resource limits in case of mischevious data inducing ++ # too much / long computation ++ (ulimit -f 50000 -s 1000 -t 60 -u 20 -v 500000; ++ exec ${stap_pkglibexecdir}stap-server-connect \ ++ -p $port -n $nss_cert -d $ssl_db -w $nss_pw \ ++ -s "$stap_options") & ++ stap_server_connect_pid=$! ++ wait ++ # NB: avoid superfast spinning in case of a ulimit or other failure ++ sleep 1 ++ done >> $logfile 2>&1 + } + + # function: warning [ MESSAGE ] +@@ -396,8 +404,8 @@ function terminate { + wait '%avahi-publish-service' >> $logfile 2>&1 + + # Kill any running 'stap-server-connect' job. +- kill -s SIGTERM '%${stap_pkglibexecdir}stap-server-connect' >> $logfile 2>&1 +- wait '%${stap_pkglibexecdir}stap-server-connect' >> $logfile 2>&1 ++ kill -s SIGTERM $stap_server_connect_pid >> $logfile 2>&1 ++ wait $stap_server_connect_pid >> $logfile 2>&1 + + exit + } +diff --git a/util.cxx b/util.cxx +index 736e5a3..73ba167 100644 +--- a/util.cxx ++++ b/util.cxx +@@ -1,5 +1,5 @@ + // Copyright (C) Andrew Tridgell 2002 (original file) +-// Copyright (C) 2006, 2009 Red Hat Inc. (systemtap changes) ++// Copyright (C) 2006-2010 Red Hat Inc. (systemtap changes) + // + // This program is free software; you can redistribute it and/or + // modify it under the terms of the GNU General Public License as +@@ -19,6 +19,8 @@ + #include "sys/sdt.h" + #include + #include ++#include ++#include + + extern "C" { + #include +@@ -31,6 +33,7 @@ extern "C" { + #include + #include + #include ++#include + } + + using namespace std; +@@ -413,4 +416,35 @@ kill_stap_spawn(int sig) + return spawned_pid ? kill(spawned_pid, sig) : 0; + } + ++ ++void assert_regexp_match (const string& name, const string& value, const string& re) ++{ ++ typedef map cache; ++ static cache compiled; ++ cache::iterator it = compiled.find (re); ++ regex_t* r = 0; ++ if (it == compiled.end()) ++ { ++ r = new regex_t; ++ int rc = regcomp (r, re.c_str(), REG_ICASE|REG_NOSUB|REG_EXTENDED); ++ if (rc) { ++ cerr << "regcomp " << re << " (" << name << ") error rc=" << rc << endl; ++ exit(1); ++ } ++ compiled[re] = r; ++ } ++ else ++ r = it->second; ++ ++ // run regexec ++ int rc = regexec (r, value.c_str(), 0, 0, 0); ++ if (rc) ++ { ++ cerr << "ERROR: Safety pattern mismatch for " << name ++ << " ('" << value << "' vs. '" << re << "') rc=" << rc << endl; ++ exit(1); ++ } ++} ++ ++ + /* vim: set sw=2 ts=8 cino=>4,n-2,{2,^-2,t0,(0,u0,w1,M1 : */ +diff --git a/util.h b/util.h +index 8fc64cb..75e198c 100644 +--- a/util.h ++++ b/util.h +@@ -21,7 +21,7 @@ const std::string cmdstr_quoted(const std::string& cmd); + std::string git_revision(const std::string& path); + int stap_system(int verbose, const std::string& command); + int kill_stap_spawn(int sig); +- ++void assert_regexp_match (const std::string& name, const std::string& value, const std::string& re); + + // stringification generics + + +commit cc9e5488d82b728e568bca1f8d6094856fc8e641 +Author: Frank Ch. Eigler +Date: Fri Feb 12 10:39:58 2010 -0500 + + PR11105 part 2a, fix buggy \\. in -r option regexp + +diff --git a/main.cxx b/main.cxx +index 2dba179..b5fdbc0 100644 +--- a/main.cxx ++++ b/main.cxx +@@ -768,7 +768,7 @@ main (int argc, char * const argv []) + + case 'r': + if (client_options) // NB: no paths! +- assert_regexp_match("-r parameter from client", optarg, "^[a-z0-9_\\.-]+$"); ++ assert_regexp_match("-r parameter from client", optarg, "^[a-z0-9_.-]+$"); + setup_kernel_release(s, optarg); + break; + + +commit c8408b459b88a5aa5f4325e690aef95b5da7c2eb +Author: Mark Wielaard +Date: Sun Feb 14 21:42:06 2010 +0100 + + PR11281 Allow negative values for -D argument. + + Change regexp match to "^[a-z_][a-z_0-9]*(=-?[a-z_0-9]+)?$". + + * main.cxx (main): case 'D' allow optional single minus sign after equal + in assert_regexp_match(). + +diff --git a/main.cxx b/main.cxx +index b5fdbc0..faac7f8 100644 +--- a/main.cxx ++++ b/main.cxx +@@ -821,7 +821,7 @@ main (int argc, char * const argv []) + break; + + case 'D': +- assert_regexp_match ("-D parameter", optarg, "^[a-z_][a-z_0-9]*(=[a-z_0-9]+)?$"); ++ assert_regexp_match ("-D parameter", optarg, "^[a-z_][a-z_0-9]*(=-?[a-z_0-9]+)?$"); + if (client_options) + client_options_disallowed += client_options_disallowed.empty () ? "-D" : ", -D"; + s.macros.push_back (string (optarg)); diff --git a/systemtap.spec b/systemtap.spec index 3a0a120..9cd1926 100644 --- a/systemtap.spec +++ b/systemtap.spec @@ -12,7 +12,7 @@ Name: systemtap Version: 1.1 -Release: 1%{?dist} +Release: 2%{?dist} # for version, see also configure.ac Summary: Instrumentation System Group: Development/System @@ -56,6 +56,10 @@ BuildRequires: elfutils-devel >= %{elfutils_version} Requires: crash %endif +Patch10: systemtap-1.1-cfi-cfa_ops-fixes.patch +Patch11: systemtap-1.1-get_argv.patch +Patch12: systemtap-1.1-tighten-server-params.patch + %if %{with_docs} BuildRequires: /usr/bin/latex /usr/bin/dvips /usr/bin/ps2pdf latex2html # On F10, xmlto's pdf support was broken off into a sub-package, @@ -189,6 +193,10 @@ find . \( -name configure -o -name config.h.in \) -print | xargs touch cd .. %endif +%patch10 -p1 +%patch11 -p1 +%patch12 -p1 + %build %if %{with_bundled_elfutils} @@ -492,6 +500,14 @@ exit 0 %changelog +* Mon Feb 15 2010 Mark Wielaard - 1.1-2 +- Add systemtap-1.1-cfi-cfa_ops-fixes.patch + - Resolves RHBZ #564429 +- Add systemtap-1.1-get_argv.patch + - Resolves CVE-2010-0411 +- Add systemtap-1.1-tighten-server-params.patch (excluding testsuite) + - Resolves CVE-2010-0412, CVE-2009-4273 + * Mon Dec 21 2009 David Smith - 1.1-1 - Upstream release. From 58e9517596d8dd41fd041823f3179421201267a4 Mon Sep 17 00:00:00 2001 From: fche Date: Mon, 22 Mar 2010 22:34:39 +0000 Subject: [PATCH 06/10] upstream release --- .cvsignore | 2 +- sources | 2 +- systemtap-1.1-cfi-cfa_ops-fixes.patch | 283 ---------------------- systemtap-1.1-get_argv.patch | 183 -------------- systemtap-1.1-tighten-server-params.patch | 262 -------------------- systemtap.spec | 79 +++--- 6 files changed, 43 insertions(+), 768 deletions(-) delete mode 100644 systemtap-1.1-cfi-cfa_ops-fixes.patch delete mode 100644 systemtap-1.1-get_argv.patch delete mode 100644 systemtap-1.1-tighten-server-params.patch diff --git a/.cvsignore b/.cvsignore index 9726faa..9b23fe5 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -systemtap-1.1.tar.gz +systemtap-1.2.tar.gz diff --git a/sources b/sources index 4a5d6e0..6b527aa 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -bb760f76ecc400ed4d44a1399a06ca33 systemtap-1.1.tar.gz +8761f9a55f9de6fa4020f52f15ece39b systemtap-1.2.tar.gz diff --git a/systemtap-1.1-cfi-cfa_ops-fixes.patch b/systemtap-1.1-cfi-cfa_ops-fixes.patch deleted file mode 100644 index ed22ea0..0000000 --- a/systemtap-1.1-cfi-cfa_ops-fixes.patch +++ /dev/null @@ -1,283 +0,0 @@ -commit 08d1d520616557f6ff7dd023e260ad6577e9e0e8 -Author: Mark Wielaard -Date: Mon Jan 18 09:13:30 2010 +0100 - - PR11173 Markers get a bad address in prelinked libraries. - - Our literal_addr_to_sym_addr() function was just wrong. To compensate for - raw addresses read from elf (either given by the user or through a mark - transformation) we need to know what the elf_bias is (as returned by - dwfl_module_getelf) before feeding them to any libdwfl functions. - - * tapsets.cxx (query_module_dwarf): Always add elf_bias to raw function or - statement addresses before calling query_addr(). - (query_addr): Don't call literal_addr_to_sym_addr(). - * dwflpp.h (literal_addr_to_sym_addr): Removed. - * dwflpp.cxx (literal_addr_to_sym_addr): Likewise. - -diff --git a/dwflpp.cxx b/dwflpp.cxx -index 7dd31d0..e6fe017 100644 ---- a/dwflpp.cxx -+++ b/dwflpp.cxx -@@ -2771,45 +2771,6 @@ dwflpp::relocate_address(Dwarf_Addr dw_addr, string& reloc_section) - return reloc_addr; - } - --/* Converts a "global" literal address to the module symbol address -- * space. If necessary (not for kernel and executables using absolute -- * addresses), this adjust the address for the current module symbol -- * bias. Literal addresses are provided by the user (or contained on -- * the .probes section) based on the "on disk" layout of the module. -- */ --Dwarf_Addr --dwflpp::literal_addr_to_sym_addr(Dwarf_Addr lit_addr) --{ -- if (sess.verbose > 2) -- clog << "literal_addr_to_sym_addr 0x" << hex << lit_addr << dec << endl; -- -- // Assume the address came from the symbol list. -- // If we cannot get the symbol bias fall back on the dw bias. -- // The kernel (and other absolute executable modules) is special though. -- if (module_name != TOK_KERNEL -- && dwfl_module_relocations (module) > 0) -- { -- Dwarf_Addr symbias = ~0; -- if (dwfl_module_getsymtab (module) != -1) -- dwfl_module_info (module, NULL, NULL, NULL, NULL, -- &symbias, NULL, NULL); -- -- if (sess.verbose > 3) -- clog << "symbias 0x" << hex << symbias << dec -- << ", dwbias 0x" << hex << module_bias << dec << endl; -- -- if (symbias == (Dwarf_Addr) ~0) -- symbias = module_bias; -- -- lit_addr += symbias; -- } -- -- if (sess.verbose > 2) -- clog << "literal_addr_to_sym_addr ret 0x" << hex << lit_addr << dec << endl; -- -- return lit_addr; --} -- - /* Returns the call frame address operations for the given program counter - * in the libdw address space. - */ -diff --git a/dwflpp.h b/dwflpp.h -index cdc6ad9..523dd88 100644 ---- a/dwflpp.h -+++ b/dwflpp.h -@@ -284,8 +284,6 @@ struct dwflpp - - Dwarf_Addr relocate_address(Dwarf_Addr addr, std::string& reloc_section); - -- Dwarf_Addr literal_addr_to_sym_addr(Dwarf_Addr lit_addr); -- - - private: - DwflPtr dwfl_ptr; -diff --git a/tapsets.cxx b/tapsets.cxx -index 071f92d..d5c6b25 100644 ---- a/tapsets.cxx -+++ b/tapsets.cxx -@@ -761,6 +761,13 @@ dwarf_query::query_module_dwarf() - // number plus the module's bias. - Dwarf_Addr addr = has_function_num ? - function_num_val : statement_num_val; -+ -+ // These are raw addresses, we need to know what the elf_bias -+ // is to feed it to libdwfl based functions. -+ Dwarf_Addr elf_bias; -+ Elf *elf = dwfl_module_getelf (dw.module, &elf_bias); -+ assert(elf); -+ addr += elf_bias; - query_addr(addr, this); - } - else -@@ -1168,8 +1175,8 @@ query_addr(Dwarf_Addr addr, dwarf_query *q) - { - dwflpp &dw = q->dw; - -- // Translate to and actual sumbol address. -- addr = dw.literal_addr_to_sym_addr(addr); -+ if (q->sess.verbose > 2) -+ clog << "query_addr 0x" << hex << addr << dec << endl; - - // First pick which CU contains this address - Dwarf_Die* cudie = dw.query_cu_containing_address(addr); - -commit 87748e2b87e574d3c83866ccd0d83678c3c68d93 -Author: Mark Wielaard -Date: Tue Feb 2 13:47:19 2010 +0100 - - Make sure cfa_ops are always retrieved through dwfl global address. - - dwflpp::translate_location() works on the dw address space, but - get_cfa_ops() starts out with dwfl calls (only dwarf_cfi_addrframe() - needs to be adjusted for bias). - - * dwflpp.cxx (translate_location): Pass pc plus module bias through to - get_cfa_ops. - (get_cfa_ops): Adjust for bias when calling dwarf_cfi_addrframe(), - add frame start/end address when found if verbose logging. - * testsuite/systemtap.exelib/lib.stp: Add $foo and $bar variables to - process.function probes. - * testsuite/systemtap.exelib/libmarkunamestack.stp: Likewise. - * testsuite/systemtap.exelib/lib.tcl: Expect correct values for - process.function probe variables. - * testsuite/systemtap.exelib/libmarkunamestack.tcl: Likewise. - -diff --git a/dwflpp.cxx b/dwflpp.cxx -index e6fe017..d16411c 100644 ---- a/dwflpp.cxx -+++ b/dwflpp.cxx -@@ -1726,9 +1726,10 @@ dwflpp::translate_location(struct obstack *pool, - e->tok); - } - -- // pc is relative to current module, which is what get_cfa_ops -- // and c_translate_location expects. -- Dwarf_Op *cfa_ops = get_cfa_ops (pc); -+ // pc is in the dw address space of the current module, which is what -+ // c_translate_location expects. get_cfa_ops wants the global dwfl address. -+ Dwarf_Addr addr = pc + module_bias; -+ Dwarf_Op *cfa_ops = get_cfa_ops (addr); - return c_translate_location (pool, &loc2c_error, this, - &loc2c_emit_address, - 1, 0 /* PR9768 */, -@@ -2783,17 +2784,17 @@ dwflpp::get_cfa_ops (Dwarf_Addr pc) - clog << "get_cfa_ops @0x" << hex << pc << dec - << ", module_start @0x" << hex << module_start << dec << endl; - --#if _ELFUTILS_PREREQ(0,142) - // Try debug_frame first, then fall back on eh_frame. -- size_t cfa_nops; -- Dwarf_Addr bias; -+ size_t cfa_nops = 0; -+ Dwarf_Addr bias = 0; -+ Dwarf_Frame *frame = NULL; -+#if _ELFUTILS_PREREQ(0,142) - Dwarf_CFI *cfi = dwfl_module_dwarf_cfi (module, &bias); - if (cfi != NULL) - { - if (sess.verbose > 3) - clog << "got dwarf cfi bias: 0x" << hex << bias << dec << endl; -- Dwarf_Frame *frame = NULL; -- if (dwarf_cfi_addrframe (cfi, pc, &frame) == 0) -+ if (dwarf_cfi_addrframe (cfi, pc - bias, &frame) == 0) - dwarf_frame_cfa (frame, &cfa_ops, &cfa_nops); - else if (sess.verbose > 3) - clog << "dwarf_cfi_addrframe failed: " << dwarf_errmsg(-1) << endl; -@@ -2809,7 +2810,7 @@ dwflpp::get_cfa_ops (Dwarf_Addr pc) - if (sess.verbose > 3) - clog << "got eh cfi bias: 0x" << hex << bias << dec << endl; - Dwarf_Frame *frame = NULL; -- if (dwarf_cfi_addrframe (cfi, pc, &frame) == 0) -+ if (dwarf_cfi_addrframe (cfi, pc - bias, &frame) == 0) - dwarf_frame_cfa (frame, &cfa_ops, &cfa_nops); - else if (sess.verbose > 3) - clog << "dwarf_cfi_addrframe failed: " << dwarf_errmsg(-1) << endl; -@@ -2821,7 +2822,20 @@ dwflpp::get_cfa_ops (Dwarf_Addr pc) - #endif - - if (sess.verbose > 2) -- clog << (cfa_ops == NULL ? "not " : " ") << "found cfa" << endl; -+ { -+ if (cfa_ops == NULL) -+ clog << "not found cfa" << endl; -+ else -+ { -+ Dwarf_Addr frame_start, frame_end; -+ bool frame_signalp; -+ int info = dwarf_frame_info (frame, &frame_start, &frame_end, -+ &frame_signalp); -+ clog << "found cfa, info:" << info << " [start: 0x" << hex -+ << frame_start << dec << ", end: 0x" << hex << frame_end -+ << dec << "), nops: " << cfa_nops << endl; -+ } -+ } - - return cfa_ops; - } -diff --git a/testsuite/systemtap.exelib/lib.stp b/testsuite/systemtap.exelib/lib.stp -index 0151282..3fdc6db 100644 ---- a/testsuite/systemtap.exelib/lib.stp -+++ b/testsuite/systemtap.exelib/lib.stp -@@ -6,7 +6,7 @@ probe process(@1).function("main") { - } - - probe process(@1).function("main_func") { -- printf("main_func\n"); -+ printf("main_func %d\n", $foo); - } - - probe process(@2).function("lib_main") { -@@ -14,5 +14,5 @@ probe process(@2).function("lib_main") { - } - - probe process(@2).function("lib_func") { -- printf("lib_func\n"); -+ printf("lib_func %d\n", $bar); - } -diff --git a/testsuite/systemtap.exelib/lib.tcl b/testsuite/systemtap.exelib/lib.tcl -index c5b7402..a33290b 100644 ---- a/testsuite/systemtap.exelib/lib.tcl -+++ b/testsuite/systemtap.exelib/lib.tcl -@@ -1,11 +1,11 @@ - set ::result_string {main --main_func --main_func --main_func -+main_func 3 -+main_func 2 -+main_func 1 - lib_main --lib_func --lib_func --lib_func} -+lib_func 3 -+lib_func 2 -+lib_func 1} - - # Only run on make installcheck - if {! [installtest_p]} { untested "lib-$testname"; return } -diff --git a/testsuite/systemtap.exelib/libmarkunamestack.stp b/testsuite/systemtap.exelib/libmarkunamestack.stp -index 0efbae0..5ee229d 100644 ---- a/testsuite/systemtap.exelib/libmarkunamestack.stp -+++ b/testsuite/systemtap.exelib/libmarkunamestack.stp -@@ -7,7 +7,7 @@ probe process(@1).function("main") { - } - - probe process(@1).function("main_func") { -- printf("main_func\n"); -+ printf("main_func: %d\n", $foo); - } - - probe process(@2).function("lib_main") { -@@ -15,7 +15,7 @@ probe process(@2).function("lib_main") { - } - - probe process(@2).function("lib_func") { -- printf("lib_func\n"); -+ printf("lib_func: %d\n", $bar); - } - - #mark -diff --git a/testsuite/systemtap.exelib/libmarkunamestack.tcl b/testsuite/systemtap.exelib/libmarkunamestack.tcl -index 55dc10e..20111b3 100644 ---- a/testsuite/systemtap.exelib/libmarkunamestack.tcl -+++ b/testsuite/systemtap.exelib/libmarkunamestack.tcl -@@ -47,9 +47,9 @@ expect { - - # lib - -re {^main\r\n} {incr lib; exp_continue} -- -re {^main_func\r\n} {incr lib; exp_continue} -+ -re {^main_func: [1-3]\r\n} {incr lib; exp_continue} - -re {^lib_main\r\n} {incr lib; exp_continue} -- -re {^lib_func\r\n} {incr lib; exp_continue} -+ -re {^lib_func: [1-3]\r\n} {incr lib; exp_continue} - - # mark - -re {^main_count: [1-3]\r\n} {incr mark; exp_continue} diff --git a/systemtap-1.1-get_argv.patch b/systemtap-1.1-get_argv.patch deleted file mode 100644 index 2f755b0..0000000 --- a/systemtap-1.1-get_argv.patch +++ /dev/null @@ -1,183 +0,0 @@ -commit a2d399c87a642190f08ede63dc6fc434a5a8363a -Author: Josh Stone -Date: Thu Feb 4 17:47:31 2010 -0800 - - PR11234: Rewrite __get_argv without embedded-C - - We now implement __get_argv's string building in pure stap script. - Also, every argument is now quoted, which is different than before, but - it's much more robust about handling special characters. - -diff --git a/tapset/aux_syscalls.stp b/tapset/aux_syscalls.stp -index bab0f64..e762b37 100644 ---- a/tapset/aux_syscalls.stp -+++ b/tapset/aux_syscalls.stp -@@ -399,124 +399,53 @@ function __sem_flags:string(semflg:long) - - - /* This function copies an argv from userspace. */ --function __get_argv:string(a:long, first:long) --%{ /* pure */ -- char __user *__user *argv = (char __user *__user *)(long)THIS->a; -- char __user *vstr; -- int space, rc, len = MAXSTRINGLEN; -- char *str = THIS->__retvalue; -- char buf[80]; -- char *ptr = buf; -- -- -- if (THIS->first && argv) -- argv++; -- -- while (argv != NULL) { -- if (__stp_get_user (vstr, argv)) -- break; -- -- if (vstr == NULL) -- break; -- -- rc = _stp_strncpy_from_user(buf, vstr, 79); -- if (rc <= 0) -- break; -- -- /* check for whitespace in string */ -- buf[rc] = 0; -- ptr = buf; -- space = 0; -- while (*ptr && rc--) { -- if (isspace(*ptr++)) { -- space = 1; -- break; -- } -- } -- -- if (len != MAXSTRINGLEN && len) { -- *str++=' '; -- len--; -- } -- -- if (space && len) { -- *str++='\"'; -- len--; -- } -- -- rc = strlcpy (str, buf, len); -- str += rc; -- len -= rc; -- -- if (space && len) { -- *str++='\"'; -- len--; -- } -- -- argv++; -+function __get_argv:string(argv:long, first:long) -+{ -+%( CONFIG_64BIT == "y" %? -+ if (first && argv) -+ argv += 8 -+ while (argv) { -+ vstr = user_long(argv) -+ if (!vstr) -+ break -+ if (len) -+ str .= " " -+ str .= user_string_quoted(vstr) -+ -+ newlen = strlen(str) -+ if (newlen == len) -+ break -+ len = newlen -+ argv += 8 - } -- *str = 0; --%} --/* This function copies an argv from userspace. */ --function __get_compat_argv:string(a:long, first:long) --%{ /* pure */ --#ifdef CONFIG_COMPAT -- compat_uptr_t __user *__user *argv = (compat_uptr_t __user *__user *)(long)THIS->a; -- compat_uptr_t __user *vstr; -- int space, rc, len = MAXSTRINGLEN; -- char *str = THIS->__retvalue; -- char buf[80]; -- char *ptr = buf; -- -- if (THIS->first && argv) -- argv++; -- -- while (argv != NULL) { -- if (__stp_get_user (vstr, argv)) -- break; -- -- if (vstr == NULL) -- break; -- -- rc = _stp_strncpy_from_user(buf, (char *)vstr, 79); -- if (rc <= 0) -- break; -- -- /* check for whitespace in string */ -- buf[rc] = 0; -- ptr = buf; -- space = 0; -- while (*ptr && rc--) { -- if (isspace(*ptr++)) { -- space = 1; -- break; -- } -- } -- -- if (len != MAXSTRINGLEN && len) { -- *str++=' '; -- len--; -- } -- -- if (space && len) { -- *str++='\"'; -- len--; -- } -- -- rc = strlcpy (str, buf, len); -- str += rc; -- len -= rc; -- -- if (space && len) { -- *str++='\"'; -- len--; -- } - -- argv++; -+ return str -+%: -+ return __get_compat_argv(argv, first) -+%) -+} -+/* This function copies an argv from userspace. */ -+function __get_compat_argv:string(argv:long, first:long) -+{ -+ if (first && argv) -+ argv += 4 -+ while (argv) { -+ vstr = user_int(argv) & 0xffffffff -+ if (!vstr) -+ break -+ if (len) -+ str .= " " -+ str .= user_string_quoted(vstr) -+ -+ newlen = strlen(str) -+ if (newlen == len) -+ break -+ len = newlen -+ argv += 4 - } -- *str = 0; --#endif --%} -+ -+ return str -+} - - /* - * Return the symbolic string representation diff --git a/systemtap-1.1-tighten-server-params.patch b/systemtap-1.1-tighten-server-params.patch deleted file mode 100644 index ee0c286..0000000 --- a/systemtap-1.1-tighten-server-params.patch +++ /dev/null @@ -1,262 +0,0 @@ -Note: Not including testsuite part. - -commit c0d1b5a004b9949bb455b7dbe17b335b7cab9ead -Author: Frank Ch. Eigler -Date: Fri Feb 12 10:25:43 2010 -0500 - - PR11105 part 2: tighten constraints on stap-server parameters passed to make - - * util.h, util.cxx (assert_match_regexp): New function. - * main.cxx (main): Constrain -R, -r, -a, -D, -S, -q, -B flags. - * stap-serverd (listen): Harden stap-server-connect with ulimit/loop. - -diff --git a/main.cxx b/main.cxx -index 8f5ee72..2dba179 100644 ---- a/main.cxx -+++ b/main.cxx -@@ -57,7 +57,7 @@ version () - << "SystemTap translator/driver " - << "(version " << VERSION << "/" << dwfl_version (NULL) - << " " << GIT_MESSAGE << ")" << endl -- << "Copyright (C) 2005-2009 Red Hat, Inc. and others" << endl -+ << "Copyright (C) 2005-2010 Red Hat, Inc. and others" << endl - << "This is free software; see the source for copying conditions." << endl; - } - -@@ -708,12 +708,12 @@ main (int argc, char * const argv []) - break; - - case 'o': -+ // NB: client_options not a problem, since pass 1-4 does not use output_file. - s.output_file = string (optarg); - break; - - case 'R': -- if (client_options) -- client_options_disallowed += client_options_disallowed.empty () ? "-R" : ", -R"; -+ if (client_options) { cerr << "ERROR: -R invalid with --client-options" << endl; usage(s,1); } - s.runtime_path = string (optarg); - break; - -@@ -722,6 +722,7 @@ main (int argc, char * const argv []) - client_options_disallowed += client_options_disallowed.empty () ? "-m" : ", -m"; - s.module_name = string (optarg); - save_module = true; -+ // XXX: convert to assert_regexp_match() - { - string::size_type len = s.module_name.length(); - -@@ -766,15 +767,14 @@ main (int argc, char * const argv []) - break; - - case 'r': -- if (client_options) -- client_options_disallowed += client_options_disallowed.empty () ? "-r" : ", -r"; -+ if (client_options) // NB: no paths! -+ assert_regexp_match("-r parameter from client", optarg, "^[a-z0-9_\\.-]+$"); - setup_kernel_release(s, optarg); - break; - - case 'a': -- if (client_options) -- client_options_disallowed += client_options_disallowed.empty () ? "-a" : ", -a"; -- s.architecture = string(optarg); -+ assert_regexp_match("-a parameter", optarg, "^[a-z0-9_-]+$"); -+ s.architecture = string(optarg); - break; - - case 'k': -@@ -821,16 +821,19 @@ main (int argc, char * const argv []) - break; - - case 'D': -+ assert_regexp_match ("-D parameter", optarg, "^[a-z_][a-z_0-9]*(=[a-z_0-9]+)?$"); - if (client_options) - client_options_disallowed += client_options_disallowed.empty () ? "-D" : ", -D"; - s.macros.push_back (string (optarg)); - break; - - case 'S': -+ assert_regexp_match ("-S parameter", optarg, "^[0-9]+(,[0-9]+)?$"); - s.size_option = string (optarg); - break; - - case 'q': -+ if (client_options) { cerr << "ERROR: -q invalid with --client-options" << endl; usage(s,1); } - s.tapset_compile_coverage = true; - break; - -@@ -861,9 +864,8 @@ main (int argc, char * const argv []) - break; - - case 'B': -- if (client_options) -- client_options_disallowed += client_options_disallowed.empty () ? "-B" : ", -B"; -- s.kbuildflags.push_back (string (optarg)); -+ if (client_options) { cerr << "ERROR: -B invalid with --client-options" << endl; usage(s,1); } -+ s.kbuildflags.push_back (string (optarg)); - break; - - case 0: -diff --git a/stap-serverd b/stap-serverd -index eda9711..5820286 100755 ---- a/stap-serverd -+++ b/stap-serverd -@@ -360,11 +360,19 @@ function advertise_presence { - function listen { - # The stap-server-connect program will listen forever - # accepting requests. -- ${stap_pkglibexecdir}stap-server-connect \ -- -p $port -n $nss_cert -d $ssl_db -w $nss_pw \ -- -s "$stap_options" \ -- >> $logfile 2>&1 & -- wait '%${stap_pkglibexecdir}stap-server-connect' >> $logfile 2>&1 -+ # CVE-2009-4273 ... or at least, until resource limits fire -+ while true; do # NB: loop to avoid DoS by deliberate rlimit-induced halt -+ # NB: impose resource limits in case of mischevious data inducing -+ # too much / long computation -+ (ulimit -f 50000 -s 1000 -t 60 -u 20 -v 500000; -+ exec ${stap_pkglibexecdir}stap-server-connect \ -+ -p $port -n $nss_cert -d $ssl_db -w $nss_pw \ -+ -s "$stap_options") & -+ stap_server_connect_pid=$! -+ wait -+ # NB: avoid superfast spinning in case of a ulimit or other failure -+ sleep 1 -+ done >> $logfile 2>&1 - } - - # function: warning [ MESSAGE ] -@@ -396,8 +404,8 @@ function terminate { - wait '%avahi-publish-service' >> $logfile 2>&1 - - # Kill any running 'stap-server-connect' job. -- kill -s SIGTERM '%${stap_pkglibexecdir}stap-server-connect' >> $logfile 2>&1 -- wait '%${stap_pkglibexecdir}stap-server-connect' >> $logfile 2>&1 -+ kill -s SIGTERM $stap_server_connect_pid >> $logfile 2>&1 -+ wait $stap_server_connect_pid >> $logfile 2>&1 - - exit - } -diff --git a/util.cxx b/util.cxx -index 736e5a3..73ba167 100644 ---- a/util.cxx -+++ b/util.cxx -@@ -1,5 +1,5 @@ - // Copyright (C) Andrew Tridgell 2002 (original file) --// Copyright (C) 2006, 2009 Red Hat Inc. (systemtap changes) -+// Copyright (C) 2006-2010 Red Hat Inc. (systemtap changes) - // - // This program is free software; you can redistribute it and/or - // modify it under the terms of the GNU General Public License as -@@ -19,6 +19,8 @@ - #include "sys/sdt.h" - #include - #include -+#include -+#include - - extern "C" { - #include -@@ -31,6 +33,7 @@ extern "C" { - #include - #include - #include -+#include - } - - using namespace std; -@@ -413,4 +416,35 @@ kill_stap_spawn(int sig) - return spawned_pid ? kill(spawned_pid, sig) : 0; - } - -+ -+void assert_regexp_match (const string& name, const string& value, const string& re) -+{ -+ typedef map cache; -+ static cache compiled; -+ cache::iterator it = compiled.find (re); -+ regex_t* r = 0; -+ if (it == compiled.end()) -+ { -+ r = new regex_t; -+ int rc = regcomp (r, re.c_str(), REG_ICASE|REG_NOSUB|REG_EXTENDED); -+ if (rc) { -+ cerr << "regcomp " << re << " (" << name << ") error rc=" << rc << endl; -+ exit(1); -+ } -+ compiled[re] = r; -+ } -+ else -+ r = it->second; -+ -+ // run regexec -+ int rc = regexec (r, value.c_str(), 0, 0, 0); -+ if (rc) -+ { -+ cerr << "ERROR: Safety pattern mismatch for " << name -+ << " ('" << value << "' vs. '" << re << "') rc=" << rc << endl; -+ exit(1); -+ } -+} -+ -+ - /* vim: set sw=2 ts=8 cino=>4,n-2,{2,^-2,t0,(0,u0,w1,M1 : */ -diff --git a/util.h b/util.h -index 8fc64cb..75e198c 100644 ---- a/util.h -+++ b/util.h -@@ -21,7 +21,7 @@ const std::string cmdstr_quoted(const std::string& cmd); - std::string git_revision(const std::string& path); - int stap_system(int verbose, const std::string& command); - int kill_stap_spawn(int sig); -- -+void assert_regexp_match (const std::string& name, const std::string& value, const std::string& re); - - // stringification generics - - -commit cc9e5488d82b728e568bca1f8d6094856fc8e641 -Author: Frank Ch. Eigler -Date: Fri Feb 12 10:39:58 2010 -0500 - - PR11105 part 2a, fix buggy \\. in -r option regexp - -diff --git a/main.cxx b/main.cxx -index 2dba179..b5fdbc0 100644 ---- a/main.cxx -+++ b/main.cxx -@@ -768,7 +768,7 @@ main (int argc, char * const argv []) - - case 'r': - if (client_options) // NB: no paths! -- assert_regexp_match("-r parameter from client", optarg, "^[a-z0-9_\\.-]+$"); -+ assert_regexp_match("-r parameter from client", optarg, "^[a-z0-9_.-]+$"); - setup_kernel_release(s, optarg); - break; - - -commit c8408b459b88a5aa5f4325e690aef95b5da7c2eb -Author: Mark Wielaard -Date: Sun Feb 14 21:42:06 2010 +0100 - - PR11281 Allow negative values for -D argument. - - Change regexp match to "^[a-z_][a-z_0-9]*(=-?[a-z_0-9]+)?$". - - * main.cxx (main): case 'D' allow optional single minus sign after equal - in assert_regexp_match(). - -diff --git a/main.cxx b/main.cxx -index b5fdbc0..faac7f8 100644 ---- a/main.cxx -+++ b/main.cxx -@@ -821,7 +821,7 @@ main (int argc, char * const argv []) - break; - - case 'D': -- assert_regexp_match ("-D parameter", optarg, "^[a-z_][a-z_0-9]*(=[a-z_0-9]+)?$"); -+ assert_regexp_match ("-D parameter", optarg, "^[a-z_][a-z_0-9]*(=-?[a-z_0-9]+)?$"); - if (client_options) - client_options_disallowed += client_options_disallowed.empty () ? "-D" : ", -D"; - s.macros.push_back (string (optarg)); diff --git a/systemtap.spec b/systemtap.spec index 9cd1926..059a47b 100644 --- a/systemtap.spec +++ b/systemtap.spec @@ -11,8 +11,8 @@ %{!?publican_brand: %global publican_brand fedora} Name: systemtap -Version: 1.1 -Release: 2%{?dist} +Version: 1.2 +Release: 1%{?dist} # for version, see also configure.ac Summary: Instrumentation System Group: Development/System @@ -56,10 +56,6 @@ BuildRequires: elfutils-devel >= %{elfutils_version} Requires: crash %endif -Patch10: systemtap-1.1-cfi-cfa_ops-fixes.patch -Patch11: systemtap-1.1-get_argv.patch -Patch12: systemtap-1.1-tighten-server-params.patch - %if %{with_docs} BuildRequires: /usr/bin/latex /usr/bin/dvips /usr/bin/ps2pdf latex2html # On F10, xmlto's pdf support was broken off into a sub-package, @@ -193,10 +189,6 @@ find . \( -name configure -o -name config.h.in \) -print | xargs touch cd .. %endif -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 - %build %if %{with_bundled_elfutils} @@ -283,6 +275,9 @@ find examples testsuite -type f -name '*.stp' -print0 | xargs -0 sed -i -r -e '1 # permissions back to 04111 in the %files section below. chmod 755 $RPM_BUILD_ROOT%{_bindir}/staprun +#install the useful stap-prep script +install -c -m 755 stap-prep $RPM_BUILD_ROOT%{_bindir}/stap-prep + # Copy over the testsuite cp -rp testsuite $RPM_BUILD_ROOT%{_datadir}/systemtap @@ -313,37 +308,44 @@ mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/stap-server mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/stap-server/conf.d mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig install -m 644 initscript/config.stap-server $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/stap-server -mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log -touch $RPM_BUILD_ROOT%{_localstatedir}/log/stap-server.log +mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/stap-server +touch $RPM_BUILD_ROOT%{_localstatedir}/log/stap-server/log +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d +install -m 644 initscript/logrotate.stap-server $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/stap-server %clean rm -rf ${RPM_BUILD_ROOT} +%pre +getent group stap-server >/dev/null || groupadd -g 155 -r stap-server || groupadd -r stap-server + %pre runtime getent group stapdev >/dev/null || groupadd -r stapdev getent group stapusr >/dev/null || groupadd -r stapusr exit 0 %pre server -getent group stap-server >/dev/null || groupadd -r stap-server -getent passwd stap-server >/dev/null || useradd -c "Systemtap Compile Server" -g stap-server -d %{_localstatedir}/lib/stap-server -m -r -s /sbin/nologin stap-server -chmod 755 %{_localstatedir}/lib/stap-server +getent passwd stap-server >/dev/null || \ + useradd -c "Systemtap Compile Server" -u 155 -g stap-server -d %{_localstatedir}/lib/stap-server -m -r -s /sbin/nologin stap-server || \ + useradd -c "Systemtap Compile Server" -g stap-server -d %{_localstatedir}/lib/stap-server -m -r -s /sbin/nologin stap-server +test -e ~stap-server && chmod 755 ~stap-server exit 0 %post server -chmod 664 %{_localstatedir}/log/stap-server.log -chown stap-server %{_localstatedir}/log/stap-server.log -chgrp stap-server %{_localstatedir}/log/stap-server.log -# Make sure that the uprobes module can be built by the server -test -e /usr/share/systemtap/runtime/uprobes || mkdir -p /usr/share/systemtap/runtime/uprobes -chgrp stap-server /usr/share/systemtap/runtime/uprobes -chmod 775 /usr/share/systemtap/runtime/uprobes -# As stap-server, generate the certificate used for signing and for ssl. -runuser -s /bin/sh - stap-server -c %{_libexecdir}/%{name}/stap-gen-cert >/dev/null -# Authorize the certificate as a trusted ssl peer and as a trusted signer -# local host. -%{_bindir}/stap-authorize-server-cert %{_localstatedir}/lib/stap-server/.systemtap/ssl/server/stap.cert -%{_bindir}/stap-authorize-signing-cert %{_localstatedir}/lib/stap-server/.systemtap/ssl/server/stap.cert +test -e %{_localstatedir}/log/stap-server/log || { + touch %{_localstatedir}/log/stap-server/log + chmod 664 %{_localstatedir}/log/stap-server/log + chown stap-server:stap-server %{_localstatedir}/log/stap-server/log +} +# If it does not already exit, as stap-server, generate the certificate +# used for signing and for ssl. +if test ! -e ~stap-server/.systemtap/ssl/server/stap.cert; then + runuser -s /bin/sh - stap-server -c %{_libexecdir}/%{name}/stap-gen-cert >/dev/null + # Authorize the certificate as a trusted ssl peer and as a trusted signer + # on the local host. + %{_bindir}/stap-authorize-server-cert ~stap-server/.systemtap/ssl/server/stap.cert + %{_bindir}/stap-authorize-signing-cert ~stap-server/.systemtap/ssl/server/stap.cert +fi # Activate the service /sbin/chkconfig --add stap-server @@ -389,12 +391,12 @@ exit 0 %post # Remove any previously-built uprobes.ko materials -(make -C /usr/share/systemtap/runtime/uprobes clean) >/dev/null 2>&1 || true +(make -C %{_datadir}/%{name}/runtime/uprobes clean) >/dev/null 2>&1 || true (/sbin/rmmod uprobes) >/dev/null 2>&1 || true %preun # Ditto -(make -C /usr/share/systemtap/runtime/uprobes clean) >/dev/null 2>&1 || true +(make -C %{_datadir}/%{name}/runtime/uprobes clean) >/dev/null 2>&1 || true (/sbin/rmmod uprobes) >/dev/null 2>&1 || true %files @@ -410,6 +412,7 @@ exit 0 %endif %{_bindir}/stap +%{_bindir}/stap-prep %{_bindir}/stap-report %{_mandir}/man1/* %{_mandir}/man3/* @@ -428,6 +431,9 @@ exit 0 %{_libdir}/%{name}/staplog.so* %endif +# Make sure that the uprobes module can be built by root and by the server +%dir %attr(0775,root,stap-server) %{_datadir}/%{name}/runtime/uprobes + %files runtime %defattr(-,root,root) %attr(4111,root,root) %{_bindir}/staprun @@ -469,10 +475,12 @@ exit 0 %{_mandir}/man8/stap-server.8* %{_mandir}/man8/stap-authorize-server-cert.8* %{_sysconfdir}/rc.d/init.d/stap-server +%config(noreplace) %{_sysconfdir}/logrotate.d/stap-server %dir %{_sysconfdir}/stap-server %dir %{_sysconfdir}/stap-server/conf.d %config(noreplace) %{_sysconfdir}/sysconfig/stap-server -%{_localstatedir}/log/stap-server.log +%dir %attr(0755,stap-server,stap-server) %{_localstatedir}/log/stap-server +%ghost %config %attr(0644,stap-server,stap-server) %{_localstatedir}/log/stap-server/log %doc initscript/README.stap-server %files sdt-devel @@ -500,13 +508,8 @@ exit 0 %changelog -* Mon Feb 15 2010 Mark Wielaard - 1.1-2 -- Add systemtap-1.1-cfi-cfa_ops-fixes.patch - - Resolves RHBZ #564429 -- Add systemtap-1.1-get_argv.patch - - Resolves CVE-2010-0411 -- Add systemtap-1.1-tighten-server-params.patch (excluding testsuite) - - Resolves CVE-2010-0412, CVE-2009-4273 +* Mon Mar 22 2010 Frank Ch. Eigler - 1.2-1 +- Upstream release. * Mon Dec 21 2009 David Smith - 1.1-1 - Upstream release. From 4e9440b186cfdee8a62c740c3bedabd88d25b8a3 Mon Sep 17 00:00:00 2001 From: Tom Callaway Date: Wed, 24 Mar 2010 17:16:30 +0000 Subject: [PATCH 07/10] fix sparc --- systemtap-1.2-fix-sparc.patch | 12 ++++++++++++ systemtap.spec | 10 +++++++++- 2 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 systemtap-1.2-fix-sparc.patch diff --git a/systemtap-1.2-fix-sparc.patch b/systemtap-1.2-fix-sparc.patch new file mode 100644 index 0000000..2644873 --- /dev/null +++ b/systemtap-1.2-fix-sparc.patch @@ -0,0 +1,12 @@ +diff -up systemtap-1.2/includes/sys/sdt.h.BAD systemtap-1.2/includes/sys/sdt.h +--- systemtap-1.2/includes/sys/sdt.h.BAD 2010-03-24 11:30:50.694520827 -0400 ++++ systemtap-1.2/includes/sys/sdt.h 2010-03-24 11:44:29.062420646 -0400 +@@ -72,7 +72,7 @@ + #define STAP_UNINLINE + #endif + +-#if defined __x86_64__ || defined __i386__ || defined __powerpc__ || defined __arm__ ++#if defined __x86_64__ || defined __i386__ || defined __powerpc__ || defined __arm__ || defined __sparc__ + #define STAP_NOP "\tnop " + #else + #define STAP_NOP "\tnop 0 " diff --git a/systemtap.spec b/systemtap.spec index 059a47b..6f00f06 100644 --- a/systemtap.spec +++ b/systemtap.spec @@ -12,7 +12,7 @@ Name: systemtap Version: 1.2 -Release: 1%{?dist} +Release: 2%{?dist} # for version, see also configure.ac Summary: Instrumentation System Group: Development/System @@ -78,6 +78,9 @@ BuildRequires: boost-devel %endif %endif +# http://sources.redhat.com/bugzilla/show_bug.cgi?id=11427 +Patch2: systemtap-1.2-fix-sparc.patch + %description SystemTap is an instrumentation system for systems running Linux 2.6. Developers can write instrumentation to collect data on the operation @@ -189,6 +192,8 @@ find . \( -name configure -o -name config.h.in \) -print | xargs touch cd .. %endif +%patch2 -p1 -b .sparc + %build %if %{with_bundled_elfutils} @@ -508,6 +513,9 @@ exit 0 %changelog +* Wed Mar 24 2010 Tom "spot" Callaway - 1.2-2 +- fix compilation on sparc + * Mon Mar 22 2010 Frank Ch. Eigler - 1.2-1 - Upstream release. From a811d544039466b5212737db96258d6ffdc9347a Mon Sep 17 00:00:00 2001 From: Josh Stone Date: Wed, 21 Jul 2010 22:47:12 +0000 Subject: [PATCH 08/10] upstream release 1.3 --- .cvsignore | 2 +- sources | 2 +- systemtap-1.2-fix-sparc.patch | 12 ---------- systemtap.spec | 42 +++++++++++++++-------------------- 4 files changed, 20 insertions(+), 38 deletions(-) delete mode 100644 systemtap-1.2-fix-sparc.patch diff --git a/.cvsignore b/.cvsignore index 9b23fe5..43a6c77 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -systemtap-1.2.tar.gz +systemtap-1.3.tar.gz diff --git a/sources b/sources index 6b527aa..3afe7ee 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -8761f9a55f9de6fa4020f52f15ece39b systemtap-1.2.tar.gz +044a0d225de53498fb62d25724af3fd7 systemtap-1.3.tar.gz diff --git a/systemtap-1.2-fix-sparc.patch b/systemtap-1.2-fix-sparc.patch deleted file mode 100644 index 2644873..0000000 --- a/systemtap-1.2-fix-sparc.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up systemtap-1.2/includes/sys/sdt.h.BAD systemtap-1.2/includes/sys/sdt.h ---- systemtap-1.2/includes/sys/sdt.h.BAD 2010-03-24 11:30:50.694520827 -0400 -+++ systemtap-1.2/includes/sys/sdt.h 2010-03-24 11:44:29.062420646 -0400 -@@ -72,7 +72,7 @@ - #define STAP_UNINLINE - #endif - --#if defined __x86_64__ || defined __i386__ || defined __powerpc__ || defined __arm__ -+#if defined __x86_64__ || defined __i386__ || defined __powerpc__ || defined __arm__ || defined __sparc__ - #define STAP_NOP "\tnop " - #else - #define STAP_NOP "\tnop 0 " diff --git a/systemtap.spec b/systemtap.spec index 6f00f06..c34ebe5 100644 --- a/systemtap.spec +++ b/systemtap.spec @@ -1,6 +1,6 @@ %{!?with_sqlite: %global with_sqlite 1} %{!?with_docs: %global with_docs 1} -%{!?with_crash: %global with_crash 0} +%{!?with_crash: %global with_crash 1} %{!?with_rpm: %global with_rpm 1} %{!?with_bundled_elfutils: %global with_bundled_elfutils 0} %{!?elfutils_version: %global elfutils_version 0.127} @@ -11,8 +11,8 @@ %{!?publican_brand: %global publican_brand fedora} Name: systemtap -Version: 1.2 -Release: 2%{?dist} +Version: 1.3 +Release: 1%{?dist} # for version, see also configure.ac Summary: Instrumentation System Group: Development/System @@ -42,7 +42,7 @@ Requires: kernel-devel Requires: gcc make # Suggest: kernel-debuginfo Requires: systemtap-runtime = %{version}-%{release} -BuildRequires: nss-devel nss-tools pkgconfig +BuildRequires: nss-tools nss-devel avahi-devel pkgconfig %if %{with_bundled_elfutils} Source1: elfutils-%{elfutils_version}.tar.gz @@ -52,9 +52,6 @@ BuildRequires: m4 %else BuildRequires: elfutils-devel >= %{elfutils_version} %endif -%if %{with_crash} -Requires: crash -%endif %if %{with_docs} BuildRequires: /usr/bin/latex /usr/bin/dvips /usr/bin/ps2pdf latex2html @@ -64,7 +61,7 @@ BuildRequires: /usr/bin/latex /usr/bin/dvips /usr/bin/ps2pdf latex2html BuildRequires: xmlto /usr/share/xmlto/format/fo/pdf %if %{with_publican} BuildRequires: publican -BuildRequires: publican-%{publican_brand} +BuildRequires: /usr/share/publican/Common_Content/%{publican_brand}/defaults.cfg %endif %endif @@ -78,9 +75,6 @@ BuildRequires: boost-devel %endif %endif -# http://sources.redhat.com/bugzilla/show_bug.cgi?id=11427 -Patch2: systemtap-1.2-fix-sparc.patch - %description SystemTap is an instrumentation system for systems running Linux 2.6. Developers can write instrumentation to collect data on the operation @@ -104,7 +98,7 @@ Summary: Instrumentation System Testsuite Group: Development/System License: GPLv2+ URL: http://sourceware.org/systemtap/ -Requires: systemtap systemtap-sdt-devel dejagnu which +Requires: systemtap systemtap-sdt-devel dejagnu which prelink %description testsuite The testsuite allows testing of the entire SystemTap toolchain @@ -146,7 +140,7 @@ scripts to kernel objects on their demand. %package sdt-devel Summary: Static probe support tools Group: Development/System -License: GPLv2+ +License: GPLv2+, Public Domain URL: http://sourceware.org/systemtap/ %description sdt-devel @@ -192,8 +186,6 @@ find . \( -name configure -o -name config.h.in \) -print | xargs touch cd .. %endif -%patch2 -p1 -b .sparc - %build %if %{with_bundled_elfutils} @@ -342,7 +334,7 @@ test -e %{_localstatedir}/log/stap-server/log || { chmod 664 %{_localstatedir}/log/stap-server/log chown stap-server:stap-server %{_localstatedir}/log/stap-server/log } -# If it does not already exit, as stap-server, generate the certificate +# If it does not already exist, as stap-server, generate the certificate # used for signing and for ssl. if test ! -e ~stap-server/.systemtap/ssl/server/stap.cert; then runuser -s /bin/sh - stap-server -c %{_libexecdir}/%{name}/stap-gen-cert >/dev/null @@ -421,20 +413,15 @@ exit 0 %{_bindir}/stap-report %{_mandir}/man1/* %{_mandir}/man3/* +%{_mandir}/man7/stappaths.7* %dir %{_datadir}/%{name} %{_datadir}/%{name}/runtime %{_datadir}/%{name}/tapset -%if %{with_bundled_elfutils} || %{with_crash} -%dir %{_libdir}/%{name} -%endif %if %{with_bundled_elfutils} %{_libdir}/%{name}/lib*.so* %endif -%if %{with_crash} -%{_libdir}/%{name}/staplog.so* -%endif # Make sure that the uprobes module can be built by root and by the server %dir %attr(0775,root,stap-server) %{_datadir}/%{name}/runtime/uprobes @@ -447,6 +434,10 @@ exit 0 %{_libexecdir}/%{name}/stapio %{_libexecdir}/%{name}/stap-env %{_libexecdir}/%{name}/stap-authorize-cert +%if %{with_crash} +%{_libdir}/%{name}/staplog.so* +%endif +%{_mandir}/man7/stappaths.7* %{_mandir}/man8/staprun.8* %{_mandir}/man8/stap-authorize-signing-cert.8* @@ -462,6 +453,7 @@ exit 0 %{_bindir}/stap-authorize-server-cert %{_libexecdir}/%{name}/stap-find-servers %{_libexecdir}/%{name}/stap-client-connect +%{_mandir}/man7/stappaths.7* %{_mandir}/man8/stap-client.8* %{_mandir}/man8/stap-authorize-server-cert.8* @@ -477,6 +469,7 @@ exit 0 %{_libexecdir}/%{name}/stap-gen-cert %{_libexecdir}/%{name}/stap-server-connect %{_libexecdir}/%{name}/stap-sign-module +%{_mandir}/man7/stappaths.7* %{_mandir}/man8/stap-server.8* %{_mandir}/man8/stap-authorize-server-cert.8* %{_sysconfdir}/rc.d/init.d/stap-server @@ -492,6 +485,7 @@ exit 0 %defattr(-,root,root) %{_bindir}/dtrace %{_includedir}/sys/sdt.h +%doc README AUTHORS NEWS COPYING %files initscript %defattr(-,root,root) @@ -513,8 +507,8 @@ exit 0 %changelog -* Wed Mar 24 2010 Tom "spot" Callaway - 1.2-2 -- fix compilation on sparc +* Wed Jul 21 2010 Josh Stone - 1.3-1 +- Upstream release. * Mon Mar 22 2010 Frank Ch. Eigler - 1.2-1 - Upstream release. From d19c41ba155b25974854826e1b10c84ac37f36c2 Mon Sep 17 00:00:00 2001 From: Josh Stone Date: Wed, 21 Jul 2010 23:30:08 +0000 Subject: [PATCH 09/10] Disable crash for ppc --- systemtap.spec | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/systemtap.spec b/systemtap.spec index c34ebe5..972068a 100644 --- a/systemtap.spec +++ b/systemtap.spec @@ -1,6 +1,10 @@ %{!?with_sqlite: %global with_sqlite 1} %{!?with_docs: %global with_docs 1} +%ifarch ppc # crash is not available +%{!?with_crash: %global with_crash 0} +%else %{!?with_crash: %global with_crash 1} +%endif %{!?with_rpm: %global with_rpm 1} %{!?with_bundled_elfutils: %global with_bundled_elfutils 0} %{!?elfutils_version: %global elfutils_version 0.127} @@ -12,7 +16,7 @@ Name: systemtap Version: 1.3 -Release: 1%{?dist} +Release: 2%{?dist} # for version, see also configure.ac Summary: Instrumentation System Group: Development/System @@ -507,6 +511,9 @@ exit 0 %changelog +* Wed Jul 21 2010 Josh Stone - 1.3-2 +- Disable crash on ppc. + * Wed Jul 21 2010 Josh Stone - 1.3-1 - Upstream release. From cc1d8b059c1fbe8ebccafc2fd553cd6c9af0bc81 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 29 Jul 2010 13:46:30 +0000 Subject: [PATCH 10/10] dist-git conversion --- .cvsignore => .gitignore | 0 Makefile | 93 ---------------------------------------- branch | 1 - 3 files changed, 94 deletions(-) rename .cvsignore => .gitignore (100%) delete mode 100644 Makefile delete mode 100644 branch diff --git a/.cvsignore b/.gitignore similarity index 100% rename from .cvsignore rename to .gitignore diff --git a/Makefile b/Makefile deleted file mode 100644 index f13fb3c..0000000 --- a/Makefile +++ /dev/null @@ -1,93 +0,0 @@ -# Makefile for source rpm: systemtap -# $Id: Makefile,v 1.3 2007/10/15 19:26:53 notting Exp $ -NAME := systemtap -SPECFILE = $(firstword $(wildcard *.spec)) - -define find-makefile-common -for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done -endef - -MAKEFILE_COMMON := $(shell $(find-makefile-common)) - -ifeq ($(MAKEFILE_COMMON),) -# attempt a checkout -define checkout-makefile-common -test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2 -endef - -MAKEFILE_COMMON := $(shell $(checkout-makefile-common)) -endif - -include $(MAKEFILE_COMMON) - -tarball = systemtap-$(VERSION).tar.gz - -ifeq ($(clobber),t) -commit-check = : -else -commit-check = cvs -Q diff --brief > /dev/null 2>&1 -endif - -elfutils-version := $(shell awk '$$2 == "elfutils_version" { print $$3 }' \ - systemtap.spec) -eu-dir = ../../elfutils/devel -$(eu-dir)/elfutils.spec: FORCE - cd $(@D) && cvs -Q update && $(commit-check) -$(eu-dir)/%.tar.gz: $(eu-dir)/elfutils.spec - $(MAKE) -C $(@D) sources -$(eu-dir)/%.patch: $(eu-dir)/elfutils.spec ; - -import-systemtap: $(tarball) - $(commit-check) systemtap.spec - tar -zf $(tarball) -xO '*.spec' > systemtap.spec - $(MAKE) upload-systemtap - touch $@ - -upload-systemtap: $(tarball) \ - $(addprefix $(eu-dir)/,\ - elfutils-$(elfutils-version).tar.gz \ - elfutils-portability.patch) - ln -f $(filter $(eu-dir)/%.tar.gz,$^) . - ln -f $(filter $(eu-dir)/%.patch,$^) . - $(MAKE) new-source FILES='$(filter-out %.patch,$^)' - -copy-sources-%: import-systemtap - cd ../$* && $(commit-check) - cp -f sources elfutils-portability.patch ../$* - ln -f elfutils-*.tar.gz $(tarball) ../$* - -propagate-%: copy-sources-% - cp -f systemtap.spec ../$* - touch $@ - -# No automagic macros in beehive, only brew. -propagate-RHEL-4: copy-sources-RHEL-4 ../RHEL-4/systemtap.spec - touch $@ -propagate-FC-4: copy-sources-FC-4 ../FC-4/systemtap.spec - touch $@ - -../RHEL-4/systemtap.spec: systemtap.spec import-systemtap - @rm -f $@.new - (echo '%define dist .el4'; \ - echo '%define rhel 4'; \ - cat systemtap.spec) > $@.new - mv -f $@.new $@ -../FC-4/systemtap.spec: systemtap.spec import-systemtap - @rm -f $@.new - (echo '%define dist .fc4'; \ - echo '%define fedora 4'; \ - cat systemtap.spec) > $@.new - mv -f $@.new $@ - -.PRECIOUS: propagate-% tag-% - -commit-%: propagate-% - cd ../$* && cvs commit -m'Automatic update to $(VERSION)' - touch $@ - -tag-%: commit-% - cd ../$* && $(MAKE) tag - touch $@ - -build-%: tag-% - cd ../$* && $(MAKE) build diff --git a/branch b/branch deleted file mode 100644 index 06de2d2..0000000 --- a/branch +++ /dev/null @@ -1 +0,0 @@ -F-12