Merge branch 'master' of ssh://kenistoj@sources.redhat.com/git/systemtap

17 files changed, 480 insertions, 59 deletions

diff --git a/ChangeLog b/ChangeLog
index 0ee737c9..f9596d0a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,23 @@
+2008-09-26  Frank Ch. Eigler  <fche@elastic.org>
+
+	BZ 6829: avoid calling unregister_uprobe() when responding
+	to a task-finder exec/exit callback, as uprobes likes to
+	clean such things up by itself.
+
+2008-09-12  Prerna Saxena  <prerna@linux.vnet.ibm.com>
+
+	BZ 3016 : Handling members of anonymous structs/unions
+	* tapsets.cxx (translate_components, print_members) : enable
+	translator to identify members of anonymous structs / unions.
+	* testsuite/semok/thirtythree.stp : New test-case.
+	* NEWS : Modify translator code to identify members of anonymous
+	structs/unions.
+
+2008-09-24  Mark Wielaard  <mjw@redhat.com>
+
+	* dwarf_wrappers.cxx (dwfl_assert(string,bool)): Call
+	dwfl_assert(string,int), not dwarf_assert().
+
 2008-09-12  Dave Brolley  <brolley@redhat.com>
 
 	* stap-client (staprun_PATH): Ensure that $first_stap is not empty.
diff --git a/NEWS b/NEWS
index 824f3ded..7e737d47 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,9 @@
 * What's new
 
+- The translator can resolve members of anonymous structs / unions:
+    given            struct { int foo; struct { int bar; }; } *p;
+    this now works:  $p->bar
+
 - The stap "-F" flag activates "flight recorder" mode, which consists of
   translating the given script as usual, but implicitly launching it into
   the background with staprun's existing "-L" (launch) option.  A user
diff --git a/dwarf_wrappers.cxx b/dwarf_wrappers.cxx
index 93cb36a2..4fd074ed 100644
--- a/dwarf_wrappers.cxx
+++ b/dwarf_wrappers.cxx
@@ -42,5 +42,5 @@ void dwarf_assert(const string& desc, int rc)
 void dwfl_assert(const std::string& desc, bool condition)
 {
     if (!condition)
-        dwarf_assert(desc, -1);
+        dwfl_assert(desc, -1);
 }
diff --git a/runtime/ChangeLog b/runtime/ChangeLog
index 6ad7e51f..6672dbb5 100644
--- a/runtime/ChangeLog
+++ b/runtime/ChangeLog
@@ -1,3 +1,28 @@
+2008-09-26  David Smith  <dsmith@redhat.com>
+
+	* task_finder.c (__STP_ATTACHED_TASK_EVENTS): Removed UTRACE_STOP,
+	which isn't needed anymore.
+
+2008-09-25  David Smith  <dsmith@redhat.com>
+
+	* task_finder.c (__stp_utrace_attach): Added action flag to know
+	to request the thread to be stopped or not.
+	(stap_utrace_attach): Now just calls __stp_utrace_attach().
+	(__stp_utrace_task_finder_target_quiesce): Handles
+	utrace_set_events() errors properly.
+	
+	* utrace_compatibility.h (enum utrace_resume_action): Added
+	utrace_resume_action enum.
+	(utrace_control): Added UTRACE_STOP support.
+	(utrace_engine_put): New.
+	(utrace_barrier): New.
+
+2008-09-17  Frank Ch. Eigler  <fche@elastic.org>
+
+	PR 6487, 6504.
+	From Masami Hiramatsu <mhiramat@redhat.com>
+	* print_new.c (stp_print_flush): Use new utt_reserve().
+
 2008-09-12  Masami Hiramatsu <mhiramat@redhat.com>
 
 	BZ 6028
diff --git a/runtime/print_new.c b/runtime/print_new.c
index 07af2e33..4136ecbe 100644
--- a/runtime/print_new.c
+++ b/runtime/print_new.c
@@ -34,13 +34,13 @@ void EXPORT_FN(stp_print_flush) (_stp_pbuf *pb)
 #ifdef STP_BULKMODE
 	{
 #ifdef NO_PERCPU_HEADERS
-		void *buf = relay_reserve(_stp_utt->rchan, len);		
+		void *buf = utt_reserve(_stp_utt, len);
 		if (likely(buf))
 			memcpy(buf, pb->buf, len);
 		else
 			atomic_inc (&_stp_transport_failures);
 #else
-		void *buf = relay_reserve(_stp_utt->rchan,
+		void *buf = utt_reserve(_stp_utt,
 					sizeof(struct _stp_trace) + len);
 		if (likely(buf)) {
 			struct _stp_trace t = {	.sequence = _stp_seq_inc(),
@@ -56,7 +56,7 @@ void EXPORT_FN(stp_print_flush) (_stp_pbuf *pb)
 		void *buf;
 		unsigned long flags;
 		spin_lock_irqsave(&_stp_print_lock, flags);
-		buf = relay_reserve(_stp_utt->rchan, len);		
+		buf = utt_reserve(_stp_utt, len);
 		if (likely(buf))
 			memcpy(buf, pb->buf, len);
 		else
diff --git a/runtime/staprun/ChangeLog b/runtime/staprun/ChangeLog
index 21e02e47..c6d75106 100644
--- a/runtime/staprun/ChangeLog
+++ b/runtime/staprun/ChangeLog
@@ -1,3 +1,9 @@
+2008-09-18  David Smith  <dsmith@redhat.com>
+
+	PR 6903.
+	* staprun_funcs.c (check_permissions): Instead of checking the
+	effective uid, check the real uid for root permissions.
+
 2008-09-06  Frank Ch. Eigler  <fche@elastic.org>
 
 	* mainloop.c (start_cmd): Rewrite to use wordexp/execvp/ptrace.
diff --git a/runtime/staprun/staprun_funcs.c b/runtime/staprun/staprun_funcs.c
index 8fa95e45..5e7fa102 100644
--- a/runtime/staprun/staprun_funcs.c
+++ b/runtime/staprun/staprun_funcs.c
@@ -307,7 +307,7 @@ int check_permissions(void)
 	int path_check = 0;
 
 	/* If we're root, we can do anything. */
-	if (geteuid() == 0)
+	if (getuid() == 0)
 		return 1;
 
 	/* Lookup the gid for group "stapdev" */
diff --git a/runtime/task_finder.c b/runtime/task_finder.c
index 493ca6f7..db7a8f38 100644
--- a/runtime/task_finder.c
+++ b/runtime/task_finder.c
@@ -89,7 +89,7 @@ struct stap_task_finder_target {
 	size_t pathlen;
 
 /* public: */
-    	const char *pathname;
+	const char *pathname;
 	pid_t pid;
 	stap_task_finder_callback callback;
 	stap_task_finder_vm_callback vm_callback;
@@ -148,8 +148,8 @@ static int
 stap_register_task_finder_target(struct stap_task_finder_target *new_tgt)
 {
 	// Since this __stp_task_finder_list is (currently) only
-        // written to in one big setup operation before the task
-        // finder process is started, we don't need to lock it.
+	// written to in one big setup operation before the task
+	// finder process is started, we don't need to lock it.
 	struct list_head *node;
 	struct stap_task_finder_target *tgt = NULL;
 	int found_node = 0;
@@ -258,6 +258,7 @@ stap_utrace_detach(struct task_struct *tsk,
 				   rc, tsk->pid);
 			break;
 		}
+		utrace_engine_put(engine);
 	}
 	return rc;
 }
@@ -386,7 +387,6 @@ __stp_get_mm_path(struct mm_struct *mm, char *buf, int buflen)
  * events.
  */
 #define __STP_ATTACHED_TASK_EVENTS (__STP_TASK_BASE_EVENTS	\
-				    | UTRACE_STOP		\
 				    | UTRACE_EVENT(QUIESCE))
 
 #define __STP_ATTACHED_TASK_BASE_EVENTS(tgt) \
@@ -394,9 +394,10 @@ __stp_get_mm_path(struct mm_struct *mm, char *buf, int buflen)
 	 : __STP_TASK_VM_BASE_EVENTS)
 
 static int
-stap_utrace_attach(struct task_struct *tsk,
-		   const struct utrace_engine_ops *ops, void *data,
-		   unsigned long event_flags)
+__stp_utrace_attach(struct task_struct *tsk,
+		    const struct utrace_engine_ops *ops, void *data,
+		    unsigned long event_flags,
+		    enum utrace_resume_action action)
 {
 	struct utrace_attached_engine *engine;
 	struct mm_struct *mm;
@@ -428,15 +429,51 @@ stap_utrace_attach(struct task_struct *tsk,
 	}
 	else {
 		rc = utrace_set_events(tsk, engine, event_flags);
-		if (rc == 0)
+		if (rc == -EINPROGRESS) {
+			/*
+			 * It's running our callback, so we have to
+			 * synchronize.  We can't keep rcu_read_lock,
+			 * so the task pointer might die.  But it's
+			 * safe to call utrace_barrier() even with a
+			 * stale task pointer, if we have an engine
+			 * ref.
+			 */
+			rc = utrace_barrier(tsk, engine);
+			if (rc != 0)
+				_stp_error("utrace_barrier returned error %d on pid %d",
+					   rc, (int)tsk->pid);
+		}
+		if (rc == 0) {
 			debug_task_finder_attach();
+
+			if (action != UTRACE_RESUME) {
+				rc = utrace_control(tsk, engine, UTRACE_STOP);
+				/* EINPROGRESS means we must wait for
+				 * a callback, which is what we want. */
+				if (rc != 0 && rc != -EINPROGRESS)
+					_stp_error("utrace_control returned error %d on pid %d",
+						   rc, (int)tsk->pid);
+				else
+					rc = 0;
+			}
+
+		}
 		else
-			_stp_error("utrace_set_events returned error %d on pid %d",
+			_stp_error("utrace_set_events2 returned error %d on pid %d",
 				   rc, (int)tsk->pid);
+		utrace_engine_put(engine);
 	}
 	return rc;
 }
 
+static int
+stap_utrace_attach(struct task_struct *tsk,
+		   const struct utrace_engine_ops *ops, void *data,
+		   unsigned long event_flags)
+{
+	return __stp_utrace_attach(tsk, ops, data, event_flags, UTRACE_RESUME);
+}
+
 static inline void
 __stp_utrace_attach_match_filename(struct task_struct *tsk,
 				   const char * const filename,
@@ -485,9 +522,10 @@ __stp_utrace_attach_match_filename(struct task_struct *tsk,
 			// isn't set, we can go ahead and call the
 			// callback.
 			if (register_p) {
-				rc = stap_utrace_attach(tsk, &cb_tgt->ops,
-							cb_tgt,
-							__STP_ATTACHED_TASK_EVENTS);
+				rc = __stp_utrace_attach(tsk, &cb_tgt->ops,
+							 cb_tgt,
+							 __STP_ATTACHED_TASK_EVENTS,
+							 UTRACE_STOP);
 				if (rc != 0 && rc != EPERM)
 					break;
 				cb_tgt->engine_attached = 1;
@@ -601,8 +639,8 @@ __stp_utrace_task_finder_report_clone(enum utrace_resume_action action,
 	__stp_tf_handler_start();
 
 	// On clone, attach to the child.
-	rc = stap_utrace_attach(child, engine->ops, 0,
-				__STP_TASK_FINDER_EVENTS);
+	rc = __stp_utrace_attach(child, engine->ops, 0,
+				 __STP_TASK_FINDER_EVENTS, UTRACE_RESUME);
 	if (rc != 0 && rc != EPERM) {
 		__stp_tf_handler_end();
 		return UTRACE_RESUME;
@@ -757,6 +795,22 @@ __stp_utrace_task_finder_target_quiesce(enum utrace_resume_action action,
 	// Turn off quiesce handling
 	rc = utrace_set_events(tsk, engine,
 			       __STP_ATTACHED_TASK_BASE_EVENTS(tgt));
+
+	if (rc == -EINPROGRESS) {
+		/*
+		 * It's running our callback, so we have to
+		 * synchronize.  We can't keep rcu_read_lock,
+		 * so the task pointer might die.  But it's
+		 * safe to call utrace_barrier() even with
+		 * a stale task pointer, if we have an engine ref.
+		 */
+		rc = utrace_barrier(tsk, engine);
+		if (rc != 0)
+			_stp_error("utrace_barrier returned error %d on pid %d",
+				   rc, (int)tsk->pid);
+		rc = utrace_set_events(tsk, engine,
+				       __STP_ATTACHED_TASK_BASE_EVENTS(tgt));
+	}
 	if (rc != 0)
 		_stp_error("utrace_set_events returned error %d on pid %d",
 			   rc, (int)tsk->pid);
@@ -1173,13 +1227,14 @@ stap_start_task_finder(void)
 		size_t mmpathlen;
 		struct list_head *tgt_node;
 
-                /* Skip over processes other than that specified with
-                   stap -c or -x. */
-                if (_stp_target && tsk->tgid != _stp_target)
-                  continue;
+		/* Skip over processes other than that specified with
+		 * stap -c or -x. */
+		if (_stp_target && tsk->tgid != _stp_target)
+			continue;
 
-		rc = stap_utrace_attach(tsk, &__stp_utrace_task_finder_ops, 0,
-					__STP_TASK_FINDER_EVENTS);
+		rc = __stp_utrace_attach(tsk, &__stp_utrace_task_finder_ops, 0,
+					 __STP_TASK_FINDER_EVENTS,
+					 UTRACE_RESUME);
 		if (rc == EPERM) {
 			/* Ignore EPERM errors, which mean this wasn't
 			 * a thread we can attach to. */
@@ -1242,16 +1297,17 @@ stap_start_task_finder(void)
 					continue;
 
 				// Set up events we need for attached tasks.
-				rc = stap_utrace_attach(tsk, &cb_tgt->ops,
-							cb_tgt,
-							__STP_ATTACHED_TASK_EVENTS);
+				rc = __stp_utrace_attach(tsk, &cb_tgt->ops,
+							 cb_tgt,
+							 __STP_ATTACHED_TASK_EVENTS,
+							 UTRACE_STOP);
 				if (rc != 0 && rc != EPERM)
 					goto stf_err;
 				cb_tgt->engine_attached = 1;
 			}
 		}
 	} while_each_thread(grp, tsk);
- stf_err:
+stf_err:
 	rcu_read_unlock();
 
 	_stp_kfree(mmpath_buf);
diff --git a/runtime/transport/ChangeLog b/runtime/transport/ChangeLog
index 693f06d1..42c6fc2a 100644
--- a/runtime/transport/ChangeLog
+++ b/runtime/transport/ChangeLog
@@ -1,3 +1,9 @@
+2008-09-17  Frank Ch. Eigler  <fche@elastic.org>
+
+	PR 6487, 6504.
+	From Masami Hiramatsu <mhiramat@redhat.com>
+	* utt.c (utt_switch_subbof, _utt_wakeup*, utt_reserve): New.
+
 2008-07-17  Frank Ch. Eigler  <fche@elastic.org>
 
 	* symbols.c (_stp_do_relocation): Adapt to stp_module decl changes.
diff --git a/runtime/transport/utt.c b/runtime/transport/utt.c
index 182c1178..b8281bb4 100644
--- a/runtime/transport/utt.c
+++ b/runtime/transport/utt.c
@@ -31,6 +31,96 @@
 
 static int utt_overwrite_flag = 0;
 
+/*
+ *	utt_switch_subbuf - switch to a new sub-buffer
+ *
+ *	Most of this function is deadcopy of relay_switch_subbuf.
+ */
+size_t utt_switch_subbuf(struct utt_trace *utt, struct rchan_buf *buf,
+			 size_t length)
+{
+	void *old, *new;
+	size_t old_subbuf, new_subbuf;
+
+	if (unlikely(buf == NULL))
+		return 0;
+
+	if (unlikely(length > buf->chan->subbuf_size))
+		goto toobig;
+
+	if (buf->offset != buf->chan->subbuf_size + 1) {
+		buf->prev_padding = buf->chan->subbuf_size - buf->offset;
+		old_subbuf = buf->subbufs_produced % buf->chan->n_subbufs;
+		buf->padding[old_subbuf] = buf->prev_padding;
+		buf->subbufs_produced++;
+		buf->dentry->d_inode->i_size += buf->chan->subbuf_size -
+			buf->padding[old_subbuf];
+		smp_mb();
+		if (waitqueue_active(&buf->read_wait))
+			/*
+			 * Calling wake_up_interruptible() and __mod_timer()
+			 * from here will deadlock if we happen to be logging
+			 * from the scheduler and timer (trying to re-grab
+			 * rq->lock/timer->base->lock), so just set a flag.
+			 */
+			atomic_set(&utt->wakeup, 1);
+	}
+
+	old = buf->data;
+	new_subbuf = buf->subbufs_produced % buf->chan->n_subbufs;
+	new = buf->start + new_subbuf * buf->chan->subbuf_size;
+	buf->offset = 0;
+	if (!buf->chan->cb->subbuf_start(buf, new, old, buf->prev_padding)) {
+		buf->offset = buf->chan->subbuf_size + 1;
+		return 0;
+	}
+	buf->data = new;
+	buf->padding[new_subbuf] = 0;
+
+	if (unlikely(length + buf->offset > buf->chan->subbuf_size))
+		goto toobig;
+
+	return length;
+
+toobig:
+	buf->chan->last_toobig = length;
+	return 0;
+}
+
+static void __utt_wakeup_readers(struct rchan_buf *buf)
+{
+	if (buf && waitqueue_active(&buf->read_wait) &&
+	    buf->subbufs_produced != buf->subbufs_consumed)
+		wake_up_interruptible(&buf->read_wait);
+}
+
+static void __utt_wakeup_timer(unsigned long val)
+{
+	struct utt_trace *utt = (struct utt_trace *)val;
+	int i;
+
+	if (atomic_read(&utt->wakeup)) {
+		atomic_set(&utt->wakeup, 0);
+		if (utt->is_global)
+			__utt_wakeup_readers(utt->rchan->buf[0]);
+		else
+			for_each_possible_cpu(i)
+				__utt_wakeup_readers(utt->rchan->buf[i]);
+	}
+
+ 	mod_timer(&utt->timer, jiffies + UTT_TIMER_INTERVAL);
+}
+
+static void __utt_timer_init(struct utt_trace * utt)
+{
+	atomic_set(&utt->wakeup, 0);
+	init_timer(&utt->timer);
+	utt->timer.expires = jiffies + UTT_TIMER_INTERVAL;
+	utt->timer.function = __utt_wakeup_timer;
+	utt->timer.data = (unsigned long)utt;
+	add_timer(&utt->timer);
+}
+
 void utt_set_overwrite(int overwrite)
 {
 	utt_overwrite_flag = overwrite;
@@ -241,6 +331,8 @@ struct utt_trace *utt_trace_setup(struct utt_trace_setup *utts)
 		goto err;
 	utt->rchan->private_data = utt;
 
+	utt->is_global = utts->is_global;
+
 	utt->trace_state = Utt_trace_setup;
 
 	utts->err = 0;
@@ -274,6 +366,7 @@ int utt_trace_startstop(struct utt_trace *utt, int start,
 		    utt->trace_state == Utt_trace_stopped) {
 			if (trace_seq)
 				(*trace_seq)++;
+			__utt_timer_init(utt);
 			smp_mb();
 			utt->trace_state = Utt_trace_running;
 			ret = 0;
@@ -281,6 +374,7 @@ int utt_trace_startstop(struct utt_trace *utt, int start,
 	} else {
 		if (utt->trace_state == Utt_trace_running) {
 			utt->trace_state = Utt_trace_stopped;
+			del_timer_sync(&utt->timer);
 			relay_flush(utt->rchan);
 			ret = 0;
 		}
diff --git a/runtime/transport/utt.h b/runtime/transport/utt.h
index b2c9fa9f..fd704009 100644
--- a/runtime/transport/utt.h
+++ b/runtime/transport/utt.h
@@ -15,11 +15,18 @@ struct utt_trace {
 	atomic_t dropped;
 	struct dentry *utt_tree_root; /* systemtap */
 	void *private_data;
+	atomic_t wakeup;
+	struct timer_list timer;
+	int is_global;
 };
 
 #define UTT_TRACE_ROOT_NAME_SIZE	64	/* Largest string for a root dir identifier */
 #define UTT_TRACE_NAME_SIZE		64	/* Largest string for a trace identifier */
 
+#ifndef UTT_TIMER_INTERVAL
+#define UTT_TIMER_INTERVAL		((HZ + 99) / 100)	/* Wakeup timer interval in jiffies (default 10 ms)*/
+#endif
+
 /*
  * User setup structure
  */
@@ -39,4 +46,33 @@ extern int utt_trace_startstop(struct utt_trace *utt, int start,
 extern void utt_trace_cleanup(struct utt_trace *utt);
 extern int utt_trace_remove(struct utt_trace *utt);
 
+#ifndef STP_OLD_TRANSPORT
+extern size_t utt_switch_subbuf(struct utt_trace *utt, struct rchan_buf *buf,
+				size_t length);
+/**
+ *      utt_reserve - reserve slot in channel buffer
+ *      @utt: utt channel
+ *      @length: number of bytes to reserve
+ *
+ *      Returns pointer to reserved slot, NULL if full.
+ *
+ *      This function is utt_switch_subbuf version of relay_reserve.
+ */
+static inline void *utt_reserve(struct utt_trace *utt, size_t length)
+{
+	void *reserved;
+	struct rchan_buf *buf = utt->rchan->buf[smp_processor_id()];
+
+	if (unlikely(buf->offset + length > buf->chan->subbuf_size)) {
+		length = utt_switch_subbuf(utt, buf, length);
+		if (!length)
+			return NULL;
+	}
+	reserved = buf->data + buf->offset;
+	buf->offset += length;
+
+	return reserved;
+}
+#endif
+
 #endif
diff --git a/runtime/utrace_compatibility.h b/runtime/utrace_compatibility.h
index 80037015..27fca250 100644
--- a/runtime/utrace_compatibility.h
+++ b/runtime/utrace_compatibility.h
@@ -24,9 +24,11 @@
 
 #define UTRACE_ORIG_VERSION
 
-#define UTRACE_RESUME	UTRACE_ACTION_RESUME
-#define UTRACE_DETACH	UTRACE_ACTION_DETACH
-#define UTRACE_STOP	UTRACE_ACTION_QUIESCE
+enum utrace_resume_action {
+	UTRACE_STOP = UTRACE_ACTION_QUIESCE,
+	UTRACE_RESUME = UTRACE_ACTION_RESUME,
+	UTRACE_DETACH = UTRACE_ACTION_DETACH,
+};
 
 static inline struct utrace_attached_engine *
 utrace_attach_task(struct task_struct *target, int flags,
@@ -38,11 +40,17 @@ utrace_attach_task(struct task_struct *target, int flags,
 static inline int __must_check
 utrace_control(struct task_struct *target,
 	       struct utrace_attached_engine *engine,
-	       unsigned long action)
+	       enum utrace_resume_action action)
 {
-	if (action == UTRACE_DETACH)
+	switch (action) {
+	case UTRACE_DETACH:
 		return utrace_detach(target, engine);
-	return -EINVAL;
+	case UTRACE_STOP:
+		return utrace_set_flags(target, engine,
+					(engine->flags | UTRACE_ACTION_QUIESCE));
+	default:
+		return -EINVAL;
+	}
 }
 
 static inline int __must_check
@@ -52,6 +60,19 @@ utrace_set_events(struct task_struct *target,
 {
 	return utrace_set_flags(target, engine, eventmask);
 }
+
+static inline void
+utrace_engine_put(struct utrace_attached_engine *engine)
+{
+	return;
+}
+
+static inline int __must_check
+utrace_barrier(struct task_struct *target,
+	       struct utrace_attached_engine *engine)
+{
+	return 0;
+}
 #endif
 
 #endif	/* _UTRACE_COMPATIBILITY_H_ */
diff --git a/tapset/ChangeLog b/tapset/ChangeLog
index 46e15fd6..b3f09767 100644
--- a/tapset/ChangeLog
+++ b/tapset/ChangeLog
@@ -1,3 +1,16 @@
+2008-09-23  Zhaolei  <zhaolei@cn.fujitsu.com>
+
+	* socket.stp (socket.aio_read/write): Fix version-checking method.
+
+2008-09-22  Zhaolei  <zhaolei@cn.fujitsu.com>
+
+	* socket.stp (socket.aio_read/write): Fix the semantic error
+	caused by the difference of kernel versions.
+
+2008-09-18  Mark Wielaard  <mjw@redhat.com>
+
+	* aux_syscalls.stp (_reboot_magic_str): Moved reboot.h include out.
+
 2008-09-17  Mark Wielaard  <mjw@redhat.com>
 
 	* aux_syscalls.stp: Removed commented out code. Removed unneeded
diff --git a/tapset/aux_syscalls.stp b/tapset/aux_syscalls.stp
index 6ef9ed1e..a748a132 100644
--- a/tapset/aux_syscalls.stp
+++ b/tapset/aux_syscalls.stp
@@ -855,9 +855,15 @@ function _shutdown_how_str(how) {
    return sprintf("UNKNOWN VALUE: %d", how)
 }
 
+%{
+// Needed for function __reboot_magic_str:string. Unfortunately cannot
+// be inlined into the function since these header file defines static
+// functions on some architectures.
+#include <linux/reboot.h>
+%}
+
 function _reboot_magic_str:string(magic:long)
 %{ /* pure */
-	#include <linux/reboot.h>
 	int magic = (int)THIS->magic;
 	switch (magic) {
 	case LINUX_REBOOT_MAGIC1:
diff --git a/tapset/socket.stp b/tapset/socket.stp
index 3197a0e2..5c521a33 100644
--- a/tapset/socket.stp
+++ b/tapset/socket.stp
@@ -214,15 +214,26 @@ probe socket.recvmsg.return = kernel.function ("sock_recvmsg").return
  *  state     Socket state value
  *  flags     Socket flags value
  *  type      Socket type value
+ *
+ * 2.6.9~2.6.15:
+ *     static ssize_t sock_aio_write(struct kiocb *iocb, const char __user *ubuf, size_t size, loff_t pos);
+ * 2.6.16~2.6.18:
+ *     static ssize_t sock_aio_write(struct kiocb *iocb, const char __user *ubuf, size_t count, loff_t pos);
+ * 2.6.19~2.6.26:
+ *     static ssize_t sock_aio_write(struct kiocb *iocb, const struct iovec *iov, unsigned long nr_segs, loff_t pos);
  */
 probe socket.aio_write = kernel.function ("sock_aio_write")
 {
 	name = "socket.aio_write"
 	_sock = _get_sock_addr ($iocb->ki_filp)
-%( kernel_v < "2.6.19" %?
-	size = $count
+%( kernel_v < "2.6.16" %?
+	size = $size
 %:
-	size = _get_sock_size ($iov, $nr_segs)
+	%( kernel_v < "2.6.19" %?
+		size = $count
+	%:
+		size = _get_sock_size ($iov, $nr_segs)
+	%)
 %)
 	protocol = _sock_prot_num (_sock)
 	family = _sock_fam_num (_sock)
@@ -281,15 +292,26 @@ probe socket.aio_write.return = kernel.function ("sock_aio_write").return
  *  state     Socket state value
  *  flags     Socket flags value
  *  type      Socket type value
+ *
+ * 2.6.9~2.6.15:
+ *     static ssize_t sock_aio_read(struct kiocb *iocb, char __user *ubuf, size_t size, loff_t pos);
+ * 2.6.16~2.6.18:
+ *     static ssize_t sock_aio_read(struct kiocb *iocb, char __user *ubuf, size_t count, loff_t pos);
+ * 2.6.19~2.6.26:
+ *     static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov, unsigned long nr_segs, loff_t pos);
  */
 probe socket.aio_read = kernel.function ("sock_aio_read")
 {
 	name = "socket.aio_read"
 	_sock = _get_sock_addr ($iocb->ki_filp)
-%( kernel_v < "2.6.19" %?
-        size = $count
+%( kernel_v < "2.6.16" %?
+	size = $size
 %:
-        size = _get_sock_size ($iov, $nr_segs)
+	%( kernel_v < "2.6.19" %?
+		size = $count
+	%:
+		size = _get_sock_size ($iov, $nr_segs)
+	%)
 %)
 	protocol = _sock_prot_num (_sock)
 	family = _sock_fam_num (_sock)
diff --git a/tapsets.cxx b/tapsets.cxx
index 85505084..ab8f6c94 100644
--- a/tapsets.cxx
+++ b/tapsets.cxx
@@ -1776,9 +1776,33 @@ struct dwflpp
     // Output each sibling's name to 'o'.
     while (dwarf_tag (die) == DW_TAG_member)
       {
-	const char *member = (dwarf_diename_integrate (die) ?: "<anonymous>");
+	const char *member = dwarf_diename_integrate (die) ;
+	
+	if ( member != NULL )
 
-	o << " " << member;
+		o << " " << member;
+
+	else
+	    { 
+		Dwarf_Die temp_die = *die; 
+		Dwarf_Attribute temp_attr ;
+		
+		 if (!dwarf_attr_integrate (&temp_die, DW_AT_type, &temp_attr))
+                        {
+                          clog<<"\n Error in obtaining type attribute for "
+			      <<(dwarf_diename(&temp_die)?:"<anonymous>");
+                          return ;
+                        }
+
+                   if ( ! dwarf_formref_die (&temp_attr,&temp_die))
+                        {
+                          clog<<"\n Error in decoding type attribute for "
+			      <<(dwarf_diename(&temp_die)?:"<anonymous>");
+                          return ;
+                        }
+		   print_members(&temp_die,o);
+
+	    }
 
 	if (dwarf_siblingof (die, &die_mem) != 0)
 	  break;
@@ -1797,7 +1821,15 @@ struct dwflpp
   {
     Dwarf_Die *die = vardie;
     Dwarf_Die struct_die;
+    Dwarf_Attribute temp_attr;
+
     unsigned i = 0;
+
+    static unsigned int func_call_level ;
+    static unsigned int dwarf_error_flag ; // indicates current error is dwarf error
+    static unsigned int dwarf_error_count ; // keeps track of no of dwarf errors
+    static semantic_error saved_dwarf_error("");
+
     while (i < components.size())
       {
         /* XXX: This would be desirable, but we don't get the target_symbol token,
@@ -1855,9 +1887,7 @@ struct dwflpp
 	    switch (dwarf_child (die, die_mem))
 	      {
 	      case 1:		/* No children.  */
-		throw semantic_error ("empty struct "
-				      + string (dwarf_diename_integrate (die) ?: "<anonymous>"));
-		break;
+		return NULL;
 	      case -1:		/* Error.  */
 	      default:		/* Shouldn't happen */
 		throw semantic_error (string (typetag == DW_TAG_union_type ? "union" : "struct")
@@ -1872,14 +1902,60 @@ struct dwflpp
 	    while (dwarf_tag (die) != DW_TAG_member
 		   || ({ const char *member = dwarf_diename_integrate (die);
 		       member == NULL || string(member) != components[i].second; }))
+	    {
+	      if ( dwarf_diename (die) == NULL )  // handling Anonymous structs/unions
+		{ 
+		   Dwarf_Die temp_die = *die;
+		   Dwarf_Die temp_die_2;
+
+		   try 
+		    {		   
+		      if (!dwarf_attr_integrate (&temp_die, DW_AT_type, &temp_attr))
+                       { 
+			  dwarf_error_flag ++ ;
+			  dwarf_error_count ++;
+			  throw semantic_error(" Error in obtaining type attribute for "+ string(dwarf_diename(&temp_die)?:"<anonymous>"));
+                	}
+
+	              if ( !dwarf_formref_die (&temp_attr, &temp_die))
+        	        { 
+			  dwarf_error_flag ++ ;
+			  dwarf_error_count ++;
+			  throw semantic_error(" Error in decoding DW_AT_type attribute for " + string(dwarf_diename(&temp_die)?:"<anonymous>")); 
+                	}
+
+		      func_call_level ++ ;
+
+                      Dwarf_Die *result_die = translate_components(pool, tail, pc, components, &temp_die, &temp_die_2, &temp_attr );
+
+		      func_call_level -- ;
+
+		      if (result_die != NULL)
+			{ 
+			  memcpy(die_mem, &temp_die_2, sizeof(Dwarf_Die));
+			  memcpy(attr_mem, &temp_attr, sizeof(Dwarf_Attribute));
+			  return die_mem;
+			}
+		     }
+		   catch (const semantic_error& e)
+		     { 
+			if ( !dwarf_error_flag ) //not a dwarf error
+				throw;
+			else
+				{
+				  dwarf_error_flag = 0 ;
+				  saved_dwarf_error = e ;
+				}
+		     }
+		}
 	      if (dwarf_siblingof (die, die_mem) != 0)
-	      {
-		  stringstream alternatives;
-		  print_members (&struct_die, alternatives);
-		  throw semantic_error ("field '" + components[i].second
-					+ "' not found (alternatives:"
-					+ alternatives.str () + ")");
-	      }
+		{ 
+		  if ( func_call_level == 0 && dwarf_error_count ) // this is parent call & a dwarf error has been reported in a branch somewhere
+			throw semantic_error( saved_dwarf_error );
+		  else	
+		  	 return NULL;
+		}
+	    }
 
 	    if (dwarf_attr_integrate (die, DW_AT_data_member_location,
 				      attr_mem) == NULL)
@@ -2161,6 +2237,13 @@ struct dwflpp
     Dwarf_Die die_mem, *die = NULL;
     die = translate_components (&pool, &tail, pc, components,
 				&vardie, &die_mem, &attr_mem);
+    if(!die)
+	{ 
+	  die = dwarf_formref_die (&attr_mem, &vardie);
+          stringstream alternatives;
+          print_members(die,alternatives); 
+	  throw semantic_error("Translation failure :  \n ALTERNATIVES [ " + alternatives.str() + " ] \n");
+	}
 
     /* Translate the assignment part, either
        x = $foo->bar->baz[NN]
@@ -2228,6 +2311,14 @@ struct dwflpp
     Dwarf_Die die_mem, *die = NULL;
     die = translate_components (&pool, &tail, pc, components,
 				vardie, &die_mem, &attr_mem);
+    if(!die)
+	{ 
+	  die = dwarf_formref_die (&attr_mem, vardie);
+          stringstream alternatives;
+          print_members(die,alternatives); 
+	  throw semantic_error("Translation failure : \n ALTERNATIVES [ " + alternatives.str() + " ] \n");
+	}
+
 
     /* Translate the assignment part, either
        x = $return->bar->baz[NN]
@@ -6841,7 +6932,11 @@ uprobe_derived_probe_group::emit_module_decls (systemtap_session& s)
 
   // register new uprobe
   s.op->newline() << "if (register_p && sup->spec_index < 0) {";
-  s.op->newline(1) << "sup->spec_index = spec_index;";
+  // PR6829: we need to check that the sup we're about to reuse is really completely free.
+  // See PR6829 notes below.
+  s.op->newline(1) << "if (sup->spec_index == -1 && sup->up.kdata != NULL) continue;";
+  s.op->newline() << "else if (sup->spec_index == -2 && sup->urp.u.kdata != NULL) continue;";
+  s.op->newline() << "sup->spec_index = spec_index;";
   s.op->newline() << "if (sups->return_p) {";
   s.op->newline(1) << "sup->urp.u.pid = tsk->tgid;";
   s.op->newline() << "sup->urp.u.vaddr = relocation + sups->address;";
@@ -6877,15 +6972,22 @@ uprobe_derived_probe_group::emit_module_decls (systemtap_session& s)
   s.op->newline(1) << "#ifdef DEBUG_UPROBES";
   s.op->newline() << "printk (KERN_WARNING \"uretprobe unregister pid %d addr %p\\n\", sup->up.pid, (void*) sup->up.vaddr);";
   s.op->newline() << "#endif";
-  s.op->newline() << "unregister_uretprobe (& sup->urp);";
+  // NB: We must not actually uregister uprobes when a target process execs or exits;
+  // uprobes does that by itself asynchronously.  We can reuse the up/urp struct after
+  // uprobes clears the sup->urp->kdata pointer. PR6829
+  // s.op->newline() << "unregister_uretprobe (& sup->urp);";
+  s.op->newline() << "sup->spec_index = -2;";
   s.op->newline(-1) << "} else {";
   s.op->newline(1) << "#ifdef DEBUG_UPROBES";
   s.op->newline() << "printk (KERN_WARNING \"uprobe unregister pid %d addr %p\\n\", sup->urp.u.pid, (void*) sup->urp.u.vaddr);";
   s.op->newline() << "#endif";
-  s.op->newline() << "unregister_uprobe (& sup->up);";
+  // NB: We must not actually unregister uprobes ... same as above, except that
+  // here it's the sup->up->kdata field that will get cleared.  To tell the two
+  // cases apart, we use spec_index -2 vs -1.
+  // s.op->newline() << "unregister_uprobe (& sup->up);";
+  s.op->newline() << "sup->spec_index = -1;";
   s.op->newline(-1) << "}";
-  s.op->newline(1) << "sup->spec_index = -1;";
-  s.op->newline() << "handled_p = 1;";
+  s.op->newline(1) << "handled_p = 1;";
   s.op->newline() << "break;"; // exit to-free slot search
   s.op->newline(-1) << "}"; // if/else
 
@@ -6946,6 +7048,9 @@ uprobe_derived_probe_group::emit_module_init (systemtap_session& s)
   s.op->newline() << "for (j=0; j<NUMUPROBES; j++) {";
   s.op->newline(1) << "struct stap_uprobe *sup = & stap_uprobes[j];";
   s.op->newline() << "sup->spec_index = -1;"; // free slot
+  // NB: we assume the rest of the struct (specificaly, sup->up) is
+  // initialized to zero.  This is so that we can use
+  // sup->up->kdata = NULL for "really free!"  PR 6829.
   s.op->newline(-1) << "}";
   s.op->newline() << "mutex_init (& stap_uprobes_lock);";
 
@@ -6986,6 +7091,8 @@ uprobe_derived_probe_group::emit_module_exit (systemtap_session& s)
   s.op->newline(1) << "#ifdef DEBUG_UPROBES";
   s.op->newline() << "printk (KERN_WARNING \"uretprobe unregister2 index %d pid %d addr %p\\n\", sup->spec_index, sup->up.pid, (void*) sup->up.vaddr);";
   s.op->newline() << "#endif";
+  // NB: PR6829 does not change that we still need to unregister at
+  // *this* time -- when the script as a whole exits.
   s.op->newline() << "unregister_uretprobe (& sup->urp);";
   s.op->newline(-1) << "} else {";
   s.op->newline(1) << "#ifdef DEBUG_UPROBES";
diff --git a/testsuite/semok/thirtythree.stp b/testsuite/semok/thirtythree.stp
new file mode 100755
index 00000000..d5171f66
--- /dev/null
+++ b/testsuite/semok/thirtythree.stp
@@ -0,0 +1,5 @@
+#! stap -p2
+# Per bz3016, this should get through the semantic pass without warnings.
+probe kernel.function("do_mpage_readpage") {
+       printf("\n page ->inuse %u",$page->inuse)
+}