Linux run kernel probe systemtap script failed with semantic error: no match
tl;dr install kernel image debug symbols, e.g. package linux-image-$(uname -r)-dbgsym
.
Problem Background
I was having similar error
$ sudo stap -v udp_detect_exec.stp
...
semantic error: while resolving probe point: identifier 'kernel' at /usr/share/systemtap/tapset/linux/udp.stp:39:21
source: probe udp.sendmsg = kernel.function("udp_sendmsg") {
From a systemtap
script to track DNS requests
#! /usr/bin/env stap
probe udp.sendmsg (
if ( dport == 53 && ( daddr == "8.8.8.8" || daddr == "8.8.4.4" ) ) {
printf ("PID %5d (%s) sent UDP to %15s 53\n", pid(), execname(), daddr)
}
}
Following this blog.jeffli.me post, a hello world systemtap
script worked.
sudo stap -e 'probe kernel.function("sys_open") {log("hello world") exit()}'
Solution (install kernel debug symbols)
Following this wiki.ubuntu.com entry, my Ubuntu 16.04 system was missing the kernel debug symbols. I ran install steps:
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C8CAB6595FDFF622
codename=$(lsb_release -c | awk '{print $2}')
sudo tee /etc/apt/sources.list.d/ddebs.list << EOF
deb http://ddebs.ubuntu.com/ ${codename} main restricted universe multiverse
deb http://ddebs.ubuntu.com/ ${codename}-security main restricted universe multiverse
deb http://ddebs.ubuntu.com/ ${codename}-updates main restricted universe multiverse
deb http://ddebs.ubuntu.com/ ${codename}-proposed main restricted universe multiverse
EOF
sudo apt-get update
sudo apt-get install linux-image-$(uname -r)-dbgsym
The script udp_detect_exec.stp
successfully ran.
I recommended checking for updated apt-get install
steps at the wiki.ubuntu.com entry.
systemtap failed to probe the functions. Registration error
systemtap does not support overlays/union filesystems. The systemtap userspace code has to be changed to get the real inode of a file if it is in overlayfs. For this the systemtap need to be code changed and built. Download systemtap source code make changes in the file uprobes-inode.c
. The change is to use the d_backing_inode
to find inode
. Need to make changes in two places.
inode_1 = d_backing_inode(d_real((struct dentry *) dentry, NULL, 0, 0)); //use inode_1 in the following function.
if ((vm_flags & VM_EXEC) && !(vm_flags & VM_WRITE))
rc = stapiu_change_plus(target, task, addr, length,
offset, vm_flags, inode_1);
// offset, vm_flags, dentry->d_inode);
vm_file = stap_find_exe_file(mm);
if (vm_file) {
if (vm_file->f_path.dentry)
{
//inode = vm_file->f_path.dentry->d_inode;
inode = d_backing_inode(d_real((struct dentry *) vm_file->f_path.dentry, NULL, 0, 0));
}
fput(vm_file);
Systemtap libdwfl error on Linux
Found the problem!!!! It seemed that I was using the wrong version of the Linux Kernel. I was using the default kernel supplied by the version I wrote in the question. It seems that that version (the 2.6.32-5-686 one) has problems with the debug-info so all I did was try the same with another version (the Linux version 3.9.6 with gcc version 4.7.2 Debian 4.7.2-5) and it worked without trouble :)
Dirty CoW mitigation on CentOS 7.2 - semantic error: while resolving probe point
Yes, I have successfully implemented this temporary mitigation on CentOS 7.
As described in one of the comments on that bugzilla entry, you need to install the both systemtap and the debuginfo for the kernel in order for this mitigation to work.
The commands given are:
yum install systemtap yum-utils
debuginfo-install kernel-$(uname -r)
Based on what you posted, presumably you already have systemtap, but the error you're getting suggests you need the debuginfo packages. The second command above should install the right stuff; you could also get the RPMs by hand from http://debuginfo.centos.org/ (this is what I ended up doing)
By the way, this mitigation using systemtap is not a real fix, it just makes one of the proof of concept programs fail. It is worth doing, but no substitute for a real patched kernel.
I don't understand why Red Hat and CentOS haven't pushed out patched kernel packages yet, Ubuntu and others had their updates out days ago. What's the holdup?
systemtap probing by line number analysis failed
This would be the expected behaviour if your program lacks debuginfo but has a symbol table - i.e., if it was compiled without CFLAGS=-g
.
Related Topics
Renaming a Set of Files to 001, 002,
Tomcat 7 with Java 8 on Windows and Linux
Jenkins Path to Git Windows Master/Linux Slave
Finding Contents of One File in Another File
System Wide Keyboard Hook on X Under Linux
Syntax With Pound and Percent Sign After Shell Parameter Name
Clear a Terminal Screen For Real
See Socket Options on Existing Sockets Created by Other Apps
Executing Script on Receiving Incoming Connection with Xinetd
Return Code When Os Kills Your Process
How to Download PHP Script from a Web Page with Wget
How to Install Opencv on Amazon Linux
Replace String in a File with Value from Another File
Git Permission Denied (Publickey,Gssapi-Keyex,Gssapi-With-Mic)
Why Do I Have to 'Wait()' for Child Processes
Setting CPU Affinity of a Process from the Start on Linux