2007-02-06 Josh Stone <joshua.i.stone@intel.com>

	* aux_syscalls.stp, inet_sock.stp, ioblock.stp, ioscheduler.stp,
	nfs.stp, nfs_proc.stp, nfsd.stp, rpc.stp, scsi.stp, signal.stp,
	socket.stp, task.stp, tcp.stp, vfs.stp: Protect pointer dereferences
	with kread wherever possible.  Some places still have hazards, as
	marked with FIXMEs.

	* errno.stp (returnstr): Don't use return in tapset C functions.
	* aux_syscalls.stp (__uget_timex_m): Ditto.
	* nfsd.stp (__get_fh): Ditto.
	* nfs.stp, vfs.stp (<many functions>): Ditto.
	* string.stp (substr): Ditto. Also make sure start index is valid.

	* syscalls.stp (syscall.execve): Change __string to kernel_string.

LKET/
	* nfs.stp, nfs_proc.stp, nfsd.stp, process.stp, tskdispatch.stp:
	Protect pointer dereferences with kread wherever possible.  Some
	places still have hazards, as marked with FIXMEs.

	* aio.stp (log_io_getevents): Don't use return in tapset C functions.
	* timestamp.stp (set_timing_method): Ditto.
	* utils.stp (filter_by_pid): Ditto.

9 files changed, 173 insertions, 93 deletions

diff --git a/tapset/LKET/Changelog b/tapset/LKET/Changelog
index 96bfadc0..9f267636 100644
--- a/tapset/LKET/Changelog
+++ b/tapset/LKET/Changelog
@@ -1,3 +1,13 @@
+2007-02-06  Josh Stone  <joshua.i.stone@intel.com>
+
+	* nfs.stp, nfs_proc.stp, nfsd.stp, process.stp, tskdispatch.stp:
+	Protect pointer dereferences with kread wherever possible.  Some
+	places still have hazards, as marked with FIXMEs.
+
+	* aio.stp (log_io_getevents): Don't use return in tapset C functions.
+	* timestamp.stp (set_timing_method): Ditto.
+	* utils.stp (filter_by_pid): Ditto.
+
 2006-12-29  Li Guanglei <guanglei@cn.ibm.com>
 
 	From Gui Jian <guij@cn.ibm.com>
diff --git a/tapset/LKET/aio.stp b/tapset/LKET/aio.stp
index ea81d024..09b3a3b8 100755
--- a/tapset/LKET/aio.stp
+++ b/tapset/LKET/aio.stp
@@ -237,13 +237,11 @@ function log_io_getevents(ctx_id:long, min_nr:long, nr:long,
 	struct timespec __user *timeout = (struct timespec *)((long)THIS->timeout);
 	struct timespec ts;
 
-	if (unlikely(copy_from_user(&ts, timeout, sizeof(ts))))
-		return;
-
-	_lket_trace(_GROUP_AIO, _HOOKID_AIO_IO_GETEVENTS_ENTRY,
-		"%8b%4b%4b%8b%4b%4b", THIS->ctx_id, THIS->min_nr,
-		THIS->nr, THIS->events_uaddr, (_FMT_)ts.tv_sec, 
-		(_FMT_)ts.tv_nsec);
+	if (likely(0 == copy_from_user(&ts, timeout, sizeof(ts))))
+		_lket_trace(_GROUP_AIO, _HOOKID_AIO_IO_GETEVENTS_ENTRY,
+				"%8b%4b%4b%8b%4b%4b", THIS->ctx_id, THIS->min_nr,
+				THIS->nr, THIS->events_uaddr, (_FMT_)ts.tv_sec, 
+				(_FMT_)ts.tv_nsec);
 %}
 
 probe addevent.aio.io_getevents.return
diff --git a/tapset/LKET/nfs.stp b/tapset/LKET/nfs.stp
index 3e4c1e53..7267da74 100755
--- a/tapset/LKET/nfs.stp
+++ b/tapset/LKET/nfs.stp
@@ -1,13 +1,17 @@
 /* Helper functions */
 function __file_fsname:string (file:long) %{ /* pure */
 	struct file *file = (struct file *)(long)THIS->file;
-	if ((file == NULL) 
-		|| (file->f_dentry == NULL) 
-		|| (file->f_dentry->d_inode == NULL))
+	struct dentry *f_dentry = file? kread(&(file->f_dentry)) : NULL;
+	struct inode *d_inode = f_dentry? kread(&(f_dentry->d_inode)) : NULL;
+	if (d_inode == NULL)
 		strlcpy(THIS->__retvalue, "NULL", MAXSTRINGLEN);
 	else {
-		strlcpy(THIS->__retvalue, file->f_dentry->d_inode->i_sb->s_type->name, MAXSTRINGLEN);
+		struct super_block *i_sb = kread(&(d_inode->i_sb));
+		struct file_system_type *s_type = kread(&(i_sb->s_type));
+		const char *name = kread(&(s_type->name));
+		deref_string(THIS->__retvalue, name, MAXSTRINGLEN);
 	}
+	CATCH_DEREF_FAULT();
 %}
 
 probe never
diff --git a/tapset/LKET/nfs_proc.stp b/tapset/LKET/nfs_proc.stp
index 08a08152..418f6c21 100755
--- a/tapset/LKET/nfs_proc.stp
+++ b/tapset/LKET/nfs_proc.stp
@@ -10,6 +10,7 @@
 
 void getdevice(char *sid,int * major,int* min)
 {
+	/* FIXME: deref hazard! */
 	char c;
 	char * minor, *p;
 	int i = 0;
@@ -105,13 +106,15 @@ probe _addevent.nfs.proc.lookup.entry
 function log_proc_lookup(version:long,dir:long,filename:string)
 %{
 	struct inode * dir =  (struct inode * )((long)THIS->dir);
-	struct super_block * sb = dir->i_sb;
+	struct super_block *sb = kread(&(dir->i_sb));
 	int major_device,minor_device;
 
 	getdevice(sb->s_id,&major_device,&minor_device);
 	_lket_trace(_GROUP_NFS,_HOOKID_NFS_PROC_LOOKUP_ENTRY,"%1b%1b%8b%1b%0s",
 		(_FMT_)major_device,(_FMT_)minor_device,
-		NFS_FILEID(dir),THIS->version,THIS->filename);
+		NFS_FILEID(dir) /* FIXME: deref hazard! */,
+		THIS->version,THIS->filename);
+	CATCH_DEREF_FAULT();
 %}
 
 probe addevent.nfs.proc.lookup.return
@@ -141,14 +144,16 @@ probe _addevent.nfs.proc.read.entry
 function log_proc_read(version:long,rdata:long,count:long,offset:long)
 %{
 	struct nfs_read_data* rdata =  (struct nfs_read_data* )((long)THIS->rdata);
-	struct inode *inode = rdata->inode;
-	struct super_block * sb = inode->i_sb;
+	struct inode *inode = kread(&(rdata->inode));
+	struct super_block * sb = kread(&(inode->i_sb));
 	int major_device,minor_device;
 
 	getdevice(sb->s_id,&major_device,&minor_device);
 	_lket_trace(_GROUP_NFS,_HOOKID_NFS_PROC_READ_ENTRY,"%1b%1b%8b%1b%4b%8b",
 		(_FMT_)major_device,(_FMT_)minor_device,
-		NFS_FILEID(inode),THIS->version,THIS->count,THIS->offset);
+		NFS_FILEID(inode) /* FIXME: deref hazard! */,
+		THIS->version,THIS->count,THIS->offset);
+	CATCH_DEREF_FAULT();
 %}
 
 probe addevent.nfs.proc.read.return
@@ -178,14 +183,16 @@ probe _addevent.nfs.proc.write.entry
 function log_proc_write(version:long,wdata:long,count:long,offset:long)
 %{
 	struct nfs_write_data* wdata =  (struct nfs_write_data* )((long)THIS->wdata);
-	struct inode *inode = wdata->inode;
-	struct super_block * sb = inode->i_sb;
+	struct inode *inode = kread(&(wdata->inode));
+	struct super_block * sb = kread(&(inode->i_sb));
 	int major_device,minor_device;
 
 	getdevice(sb->s_id,&major_device,&minor_device);
 	_lket_trace(_GROUP_NFS,_HOOKID_NFS_PROC_WRITE_ENTRY,"%1b%1b%8b%1b%4b%8b",
 		(_FMT_)major_device,(_FMT_)minor_device,
-		NFS_FILEID(inode),THIS->version,THIS->count,THIS->offset);
+		NFS_FILEID(inode) /* FIXME: deref hazard! */,
+		THIS->version,THIS->count,THIS->offset);
+	CATCH_DEREF_FAULT();
 %}
 
 probe addevent.nfs.proc.write.return
@@ -215,15 +222,17 @@ probe _addevent.nfs.proc.commit.entry
 function log_proc_commit(version:long,cdata:long,count:long,offset:long)
 %{
 	struct nfs_write_data* cdata =  (struct nfs_write_data* )((long)THIS->cdata);
-	struct inode *inode = cdata->inode;
-	struct super_block * sb = inode->i_sb;
+	struct inode *inode = kread(&(cdata->inode));
+	struct super_block * sb = kread(&(inode->i_sb));
 	int major_device,minor_device;
 
 	getdevice(sb->s_id,&major_device,&minor_device);
 	
 	_lket_trace(_GROUP_NFS,_HOOKID_NFS_PROC_COMMIT_ENTRY,"%1b%1b%8b%1b%4b%8b",
 		(_FMT_)major_device,(_FMT_)minor_device,
-		NFS_FILEID(inode),THIS->version,THIS->count,THIS->offset);
+		NFS_FILEID(inode) /* FIXME: deref hazard! */,
+		THIS->version,THIS->count,THIS->offset);
+	CATCH_DEREF_FAULT();
 %}
 
 probe addevent.nfs.proc.commit.return
@@ -253,15 +262,17 @@ probe _addevent.nfs.proc.read_setup.entry
 function log_proc_read_setup(version:long,data:long,count:long,offset:long)
 %{
 	struct nfs_read_data* data =  (struct nfs_read_data* )((long)THIS->data);
-	struct inode *inode = data->inode;
-	struct super_block * sb = inode->i_sb;
+	struct inode *inode = kread(&(data->inode));
+	struct super_block * sb = kread(&(inode->i_sb));
 	int major_device,minor_device;
 
 	getdevice(sb->s_id,&major_device,&minor_device);
 	
 	_lket_trace(_GROUP_NFS,_HOOKID_NFS_PROC_READSETUP_ENTRY,"%1b%1b%8b%1b%4b%8b",
 		(_FMT_)major_device,(_FMT_)minor_device,
-		NFS_FILEID(inode),THIS->version,THIS->count,THIS->offset);
+		NFS_FILEID(inode) /* FIXME: deref hazard! */,
+		THIS->version,THIS->count,THIS->offset);
+	CATCH_DEREF_FAULT();
 %}
 
 probe addevent.nfs.proc.write_setup.entry
@@ -279,15 +290,17 @@ probe _addevent.nfs.proc.write_setup.entry
 function log_proc_write_setup(version:long,data:long,count:long,offset:long,how:long)
 %{
 	struct nfs_write_data* data =  (struct nfs_write_data* )((long)THIS->data);
-	struct inode *inode = data->inode;
-	struct super_block * sb = inode->i_sb;
+	struct inode *inode = kread(&(data->inode));
+	struct super_block * sb = kread(&(inode->i_sb));
 	int major_device,minor_device;
 
 	getdevice(sb->s_id,&major_device,&minor_device);
 	
 	_lket_trace(_GROUP_NFS,_HOOKID_NFS_PROC_WRITESETUP_ENTRY,"%1b%1b%8b%1b%1b%4b%8b",
 		(_FMT_)major_device,(_FMT_)minor_device,
-		NFS_FILEID(inode),THIS->version,THIS->how,THIS->count,THIS->offset);
+		NFS_FILEID(inode) /* FIXME: deref hazard! */,
+		THIS->version,THIS->how,THIS->count,THIS->offset);
+	CATCH_DEREF_FAULT();
 %}
 
 
@@ -306,15 +319,17 @@ probe _addevent.nfs.proc.commit_setup.entry
 function log_proc_commit_setup(version:long,data:long,count:long,offset:long)
 %{
 	struct nfs_write_data* data =  (struct nfs_write_data* )((long)THIS->data);
-	struct inode *inode = data->inode;
-	struct super_block * sb = inode->i_sb;
+	struct inode *inode = kread(&(data->inode));
+	struct super_block * sb = kread(&(inode->i_sb));
 	int major_device,minor_device;
 
 	getdevice(sb->s_id,&major_device,&minor_device);
 	
 	_lket_trace(_GROUP_NFS,_HOOKID_NFS_PROC_COMMITSETUP_ENTRY,"%1b%1b%8b%1b%4b%8b",
 		(_FMT_)major_device,(_FMT_)minor_device,
-		NFS_FILEID(inode),THIS->version,THIS->count,THIS->offset);
+		NFS_FILEID(inode) /* FIXME: deref hazard! */,
+		THIS->version,THIS->count,THIS->offset);
+	CATCH_DEREF_FAULT();
 %}
 
 
@@ -337,15 +352,17 @@ probe _addevent.nfs.proc.read_done.entry
 function log_proc_read_done(version:long,data:long,count:long,status:long)
 %{
 	struct nfs_read_data* data =  (struct nfs_read_data* )((long)THIS->data);
-	struct inode *inode = data->inode;
-	struct super_block * sb = inode->i_sb;
+	struct inode *inode = kread(&(data->inode));
+	struct super_block * sb = kread(&(inode->i_sb));
 	int major_device,minor_device;
 
 	getdevice(sb->s_id,&major_device,&minor_device);
 	
 	_lket_trace(_GROUP_NFS,_HOOKID_NFS_PROC_READDONE_ENTRY,"%1b%1b%8b%1b%4b%4b",
 		(_FMT_)major_device,(_FMT_)minor_device,
-		NFS_FILEID(inode),THIS->version,THIS->status,THIS->count);
+		NFS_FILEID(inode) /* FIXME: deref hazard! */,
+		THIS->version,THIS->status,THIS->count);
+	CATCH_DEREF_FAULT();
 %}
 
 probe addevent.nfs.proc.read_done.return
@@ -383,15 +400,17 @@ probe _addevent.nfs.proc.write_done.entry
 function log_proc_write_done(version:long,data:long,count:long,status:long)
 %{
 	struct nfs_write_data* data =  (struct nfs_write_data* )((long)THIS->data);
-	struct inode *inode = data->inode;
-	struct super_block * sb = inode->i_sb;
+	struct inode *inode = kread(&(data->inode));
+	struct super_block * sb = kread(&(inode->i_sb));
 	int major_device,minor_device;
 
 	getdevice(sb->s_id,&major_device,&minor_device);
 	
 	_lket_trace(_GROUP_NFS,_HOOKID_NFS_PROC_WRITEDONE_ENTRY,"%1b%1b%8b%1b%4b%4b",
 		(_FMT_)major_device,(_FMT_)minor_device,
-		NFS_FILEID(inode),THIS->version,THIS->status,THIS->count);
+		NFS_FILEID(inode) /* FIXME: deref hazard! */,
+		THIS->version,THIS->status,THIS->count);
+	CATCH_DEREF_FAULT();
 %}
 
 probe addevent.nfs.proc.write_done.return
@@ -429,15 +448,17 @@ probe _addevent.nfs.proc.commit_done.entry
 function log_proc_commit_done(version:long,data:long,count:long,status:long)
 %{
 	struct nfs_write_data* data =  (struct nfs_write_data* )((long)THIS->data);
-	struct inode *inode = data->inode;
-	struct super_block * sb = inode->i_sb;
+	struct inode *inode = kread(&(data->inode));
+	struct super_block * sb = kread(&(inode->i_sb));
 	int major_device,minor_device;
 
 	getdevice(sb->s_id,&major_device,&minor_device);
 	
 	_lket_trace(_GROUP_NFS,_HOOKID_NFS_PROC_COMMITDONE_ENTRY,"%1b%1b%8b%1b%4b%4b",
 		(_FMT_)major_device,(_FMT_)minor_device,
-		NFS_FILEID(inode),THIS->version,THIS->status,THIS->count);
+		NFS_FILEID(inode) /* FIXME: deref hazard! */,
+		THIS->version,THIS->status,THIS->count);
+	CATCH_DEREF_FAULT();
 %}
 
 probe addevent.nfs.proc.commit_done.return
@@ -472,14 +493,16 @@ function log_proc_open(version:long,inode:long,
                         filename:string,flag:long,mode:long)
 %{
 	struct inode *inode = (struct inode *)((long)THIS->inode);
-	struct super_block * sb = inode->i_sb;
+	struct super_block * sb = kread(&(inode->i_sb));
 	int major_device,minor_device;
 
 	getdevice(sb->s_id,&major_device,&minor_device);
 	
 	_lket_trace(_GROUP_NFS,_HOOKID_NFS_PROC_OPEN_ENTRY,"%1b%1b%8b%1b%0s%4b%4b",
 		(_FMT_)major_device,(_FMT_)minor_device,
-		NFS_FILEID(inode),THIS->version,THIS->filename,THIS->flag,THIS->mode);
+		NFS_FILEID(inode) /* FIXME: deref hazard! */,
+		THIS->version,THIS->filename,THIS->flag,THIS->mode);
+	CATCH_DEREF_FAULT();
 %}
 
 probe addevent.nfs.proc.open.return
@@ -510,14 +533,16 @@ function log_proc_release(version:long,inode:long,
                            filename:string,flag:long,mode:long)
 %{
 	struct inode *inode = (struct inode *)((long)THIS->inode);
-	struct super_block * sb = inode->i_sb;
+	struct super_block * sb = kread(&(inode->i_sb));
 	int major_device,minor_device;
 
 	getdevice(sb->s_id,&major_device,&minor_device);
 	
 	_lket_trace(_GROUP_NFS,_HOOKID_NFS_PROC_RELEASE_ENTRY,"%1b%1b%8b%1b%0s%4b%4b",
 		(_FMT_)major_device,(_FMT_)minor_device,
-		NFS_FILEID(inode),THIS->version,THIS->filename,THIS->flag,THIS->mode);
+		NFS_FILEID(inode) /* FIXME: deref hazard! */,
+		THIS->version,THIS->filename,THIS->flag,THIS->mode);
+	CATCH_DEREF_FAULT();
 %}
 
 probe addevent.nfs.proc.release.return
@@ -547,13 +572,15 @@ probe _addevent.nfs.proc.create.entry
 function log_proc_create(version:long,inode:long,filename:string,mode:long)
 %{
 	struct inode *inode = (struct inode *)((long)THIS->inode);
-       	struct super_block * sb = inode->i_sb;
+	struct super_block * sb = kread(&(inode->i_sb));
 	int major_device,minor_device;
 
 	getdevice(sb->s_id,&major_device,&minor_device);
 	_lket_trace(_GROUP_NFS,_HOOKID_NFS_PROC_CREATE_ENTRY,"%1b%1b%8b%1b%0s%4b",
 		(_FMT_)major_device,(_FMT_)minor_device,
-		NFS_FILEID(inode),THIS->version,THIS->filename,THIS->mode);
+		NFS_FILEID(inode) /* FIXME: deref hazard! */,
+		THIS->version,THIS->filename,THIS->mode);
+	CATCH_DEREF_FAULT();
 %}
 
 probe addevent.nfs.proc.create.return
@@ -584,13 +611,15 @@ function log_proc_remove(version:long,inode:long,
                         filename:string)
 %{
 	struct inode *inode = (struct inode *)((long)THIS->inode);
-       	struct super_block * sb = inode->i_sb;
+	struct super_block * sb = kread(&(inode->i_sb));
 	int major_device,minor_device;
 
 	getdevice(sb->s_id,&major_device,&minor_device);
 	_lket_trace(_GROUP_NFS,_HOOKID_NFS_PROC_REMOVE_ENTRY,"%1b%1b%8b%1b%0s",
 		(_FMT_)major_device,(_FMT_)minor_device,
-		NFS_FILEID(inode),THIS->version,THIS->filename);
+		NFS_FILEID(inode) /* FIXME: deref hazard! */,
+		THIS->version,THIS->filename);
+	CATCH_DEREF_FAULT();
 %}
 
 probe addevent.nfs.proc.remove.return
@@ -622,17 +651,20 @@ function log_proc_rename(version:long,old_dir:long,old_name:string,
 %{
 	struct inode *old_dir= (struct inode *)((long)THIS->old_dir);
 	struct inode *new_dir= (struct inode *)((long)THIS->new_dir);
-       	struct super_block * old_sb = old_dir->i_sb;
-       	struct super_block * new_sb = new_dir->i_sb;
+	struct super_block * old_sb = kread(&(old_dir->i_sb));
+	struct super_block * new_sb = kread(&(new_dir->i_sb));
 	int major_old,minor_old,major_new,minor_new;
 
 	getdevice(old_sb->s_id,&major_old,&minor_old);
 	getdevice(new_sb->s_id,&major_new,&minor_new);
 	
 	_lket_trace(_GROUP_NFS,_HOOKID_NFS_PROC_RENAME_ENTRY,"%1b%1b%1b%8b%0s%1b%1b%8b%0s",
-		THIS->version,(_FMT_)major_old,(_FMT_)minor_old,NFS_FILEID(old_dir),
-		THIS->old_name,(_FMT_)major_new,(_FMT_)minor_new,NFS_FILEID(new_dir),
+		THIS->version,(_FMT_)major_old,(_FMT_)minor_old,
+		NFS_FILEID(old_dir) /* FIXME: deref hazard! */,
+		THIS->old_name,(_FMT_)major_new,(_FMT_)minor_new,
+		NFS_FILEID(new_dir) /* FIXME: deref hazard! */,
 		THIS->new_name);
+	CATCH_DEREF_FAULT();
 %}
 
 probe addevent.nfs.proc.rename.return
diff --git a/tapset/LKET/nfsd.stp b/tapset/LKET/nfsd.stp
index b07063a3..2e42d194 100755
--- a/tapset/LKET/nfsd.stp
+++ b/tapset/LKET/nfsd.stp
@@ -5,6 +5,7 @@
 %{
 	void decode_fh(struct knfsd_fh *fh,__u64 * i_ino)
 	{
+		/* FIXME: deref hazard! */
 		int i;
 		
 		for(i = 0;i < 3;i++)
@@ -117,7 +118,9 @@ function log_nfsd_lookup(fhp:long,filename:string)%{ /*pure*/
 
 	decode_fh(&fhp->fh_handle,i_ino);		
 	_lket_trace(_GROUP_NFSD,_HOOKID_NFSD_LOOKUP_ENTRY,"%1b%8b%8b%8b%0s",
-		(_FMT_)fhp->fh_handle.fh_size,i_ino[0],i_ino[1],i_ino[2],THIS->filename);
+		(_FMT_)kread(&(fhp->fh_handle.fh_size)),
+		i_ino[0],i_ino[1],i_ino[2],THIS->filename);
+	CATCH_DEREF_FAULT();
 %}
 
 probe addevent.nfsd.lookup.return
@@ -153,8 +156,10 @@ function log_nfsd_create(fhp:long,filename:string,type:long,
 
 	decode_fh(&fhp->fh_handle,i_ino);		
 	_lket_trace(_GROUP_NFSD,_HOOKID_NFSD_CREATE_ENTRY,"%1b%8b%8b%8b%0s%4b%2b%4b",
-		(_FMT_)fhp->fh_handle.fh_size,i_ino[0],i_ino[1],i_ino[2],THIS->filename,
+		(_FMT_)kread(&(fhp->fh_handle.fh_size)),
+		i_ino[0],i_ino[1],i_ino[2],THIS->filename,
 		THIS->type,THIS->iap_valid,THIS->iap_mode);
+	CATCH_DEREF_FAULT();
 %}
 
 probe addevent.nfsd.create.return
@@ -191,8 +196,10 @@ function log_nfsd_createv3(fhp:long,filename:string,createmode:long,
 
 	decode_fh(&fhp->fh_handle,i_ino);		
 	_lket_trace(_GROUP_NFSD,_HOOKID_NFSD_CREATEV3_ENTRY,"%1b%8b%8b%8b%0s%1b%2b%4b",
-		(_FMT_)fhp->fh_handle.fh_size,i_ino[0],i_ino[1],i_ino[2],THIS->filename,
+		(_FMT_)kread(&(fhp->fh_handle.fh_size)),
+		i_ino[0],i_ino[1],i_ino[2],THIS->filename,
 		THIS->createmode,THIS->iap_valid,THIS->iap_mode);
+	CATCH_DEREF_FAULT();
 %}
 
 probe addevent.nfsd.createv3.return
@@ -227,8 +234,10 @@ function log_nfsd_unlink(fhp:long,filename:string,type:long)%{ /*pure*/
 
 	decode_fh(&fhp->fh_handle,i_ino);		
 	_lket_trace(_GROUP_NFSD,_HOOKID_NFSD_UNLINK_ENTRY,"%1b%8b%8b%8b%0s%4b",
-		(_FMT_)fhp->fh_handle.fh_size,i_ino[0],i_ino[1],i_ino[2],
+		(_FMT_)kread(&(fhp->fh_handle.fh_size)),
+		i_ino[0],i_ino[1],i_ino[2],
 		THIS->filename,THIS->type);
+	CATCH_DEREF_FAULT();
 %}
 
 probe addevent.nfsd.unlink.return
@@ -264,9 +273,11 @@ function log_nfsd_rename(fhp:long,filename:string,tfhp:long,tname:string)%{ /*pu
 	decode_fh(&fhp->fh_handle,old_ino);		
 	decode_fh(&tfhp->fh_handle,i_ino);		
 	_lket_trace(_GROUP_NFSD,_HOOKID_NFSD_RENAME_ENTRY,"%1b%8b%8b%8b%0s%1b%8b%8b%8b%0s",
-		(_FMT_)fhp->fh_handle.fh_size,old_ino[0],old_ino[1],old_ino[2],
-		THIS->filename, (_FMT_)tfhp->fh_handle.fh_size,i_ino[0],i_ino[1],i_ino[2],
-		THIS->tname);
+		(_FMT_)kread(&(fhp->fh_handle.fh_size)),
+		old_ino[0],old_ino[1],old_ino[2], THIS->filename,
+		(_FMT_)kread(&(tfhp->fh_handle.fh_size)),
+		i_ino[0],i_ino[1],i_ino[2], THIS->tname);
+	CATCH_DEREF_FAULT();
 %}
 
 probe addevent.nfsd.rename.return
@@ -301,8 +312,10 @@ function log_nfsd_open(fhp:long,type:long,access:long)%{ /*pure*/
 
 	decode_fh(&fhp->fh_handle,i_ino);		
 	_lket_trace(_GROUP_NFSD,_HOOKID_NFSD_OPEN_ENTRY,"%1b%8b%8b%8b%4b%1b",
-		(_FMT_)fhp->fh_handle.fh_size,i_ino[0],i_ino[1],i_ino[2],
+		(_FMT_)kread(&(fhp->fh_handle.fh_size)),
+		i_ino[0],i_ino[1],i_ino[2],
 		THIS->type,THIS->access);
+	CATCH_DEREF_FAULT();
 %}
 
 probe addevent.nfsd.open.return
@@ -366,8 +379,10 @@ function log_nfsd_read(fhp:long,count:long,offset:long,
 
 	decode_fh(&fhp->fh_handle,i_ino);		
 	_lket_trace(_GROUP_NFSD,_HOOKID_NFSD_READ_ENTRY,"%1b%8b%8b%8b%8b%8b%8b%8b",
-		(_FMT_)fhp->fh_handle.fh_size,i_ino[0],i_ino[1],i_ino[2],
-		THIS->count,THIS->offset,(_FMT_)vec->iov_len,THIS->vlen);
+		(_FMT_)kread(&(fhp->fh_handle.fh_size)),
+		i_ino[0],i_ino[1],i_ino[2], THIS->count,THIS->offset,
+		(_FMT_)kread(&(vec->iov_len)), THIS->vlen);
+	CATCH_DEREF_FAULT();
 %}
 
 probe addevent.nfsd.read.return
@@ -403,8 +418,10 @@ function log_nfsd_write(fhp:long,count:long,offset:long,
 
 	decode_fh(&fhp->fh_handle,i_ino);		
 	_lket_trace(_GROUP_NFSD,_HOOKID_NFSD_WRITE_ENTRY,"%1b%8b%8b%8b%8b%8b%8b%8b",
-		(_FMT_)fhp->fh_handle.fh_size,i_ino[0],i_ino[1],i_ino[2],
-		THIS->count,THIS->offset,(_FMT_)vec->iov_len,THIS->vlen);
+		(_FMT_)kread(&(fhp->fh_handle.fh_size)),
+		i_ino[0],i_ino[1],i_ino[2], THIS->count,THIS->offset,
+		(_FMT_)kread(&(vec->iov_len)), THIS->vlen);
+	CATCH_DEREF_FAULT();
 %}
 
 probe addevent.nfsd.write.return
@@ -438,8 +455,9 @@ function log_nfsd_commit(fhp:long,count:long,offset:long)%{ /*pure*/
 
 	decode_fh(&fhp->fh_handle,i_ino);		
 	_lket_trace(_GROUP_NFSD,_HOOKID_NFSD_COMMIT_ENTRY,"%1b%8b%8b%8b%8b%8b",
-		(_FMT_)fhp->fh_handle.fh_size,i_ino[0],i_ino[1],i_ino[2],
-		THIS->count,THIS->offset);
+		(_FMT_)kread(&(fhp->fh_handle.fh_size)),
+		i_ino[0],i_ino[1],i_ino[2], THIS->count,THIS->offset);
+	CATCH_DEREF_FAULT();
 %}
 
 probe addevent.nfsd.commit.return
@@ -499,8 +517,9 @@ function log_nfsd_proc_lookup(fh:long,version:long,filename:string)%{ /*pure*/
 
 	decode_fh(&fhp->fh_handle,i_ino);		
 	_lket_trace(_GROUP_NFSD,_HOOKID_NFSD_PROC_LOOKUP_ENTRY,"%1b%8b%8b%8b%1b%0s",
-		(_FMT_)fhp->fh_handle.fh_size,i_ino[0],i_ino[1],i_ino[2],
-		THIS->version,THIS->filename);
+		(_FMT_)kread(&(fhp->fh_handle.fh_size)),
+		i_ino[0],i_ino[1],i_ino[2], THIS->version,THIS->filename);
+	CATCH_DEREF_FAULT();
 %}
 
 probe addevent.nfsd.proc.lookup.return
@@ -536,8 +555,10 @@ function log_nfsd_proc_read(fhp:long,version:long,count:long,offset:long,
 
 	decode_fh(&fhp->fh_handle,i_ino);		
 	_lket_trace(_GROUP_NFSD,_HOOKID_NFSD_PROC_READ_ENTRY,"%1b%8b%8b%8b%1b%8b%8b%8b%8b",
-		(_FMT_)fhp->fh_handle.fh_size,i_ino[0],i_ino[1],i_ino[2],THIS->version,
-		THIS->count,THIS->offset,(_FMT_)vec->iov_len,THIS->vlen);
+		(_FMT_)kread(&(fhp->fh_handle.fh_size)),
+		i_ino[0],i_ino[1],i_ino[2],THIS->version,
+		THIS->count,THIS->offset,(_FMT_)kread(&(vec->iov_len)), THIS->vlen);
+	CATCH_DEREF_FAULT();
 %}
 
 probe addevent.nfsd.proc.read.return
@@ -573,8 +594,10 @@ function log_nfsd_proc_write(fhp:long,version:long,count:long,offset:long,
 
 	decode_fh(&fhp->fh_handle,i_ino);		
 	_lket_trace(_GROUP_NFSD,_HOOKID_NFSD_PROC_WRITE_ENTRY,"%1b%8b%8b%8b%1b%8b%8b%8b%8b",
-		(_FMT_)fhp->fh_handle.fh_size,i_ino[0],i_ino[1],i_ino[2],THIS->version,
-		THIS->count,THIS->offset,(_FMT_)vec->iov_len,THIS->vlen);
+		(_FMT_)kread(&(fhp->fh_handle.fh_size)),
+		i_ino[0],i_ino[1],i_ino[2],THIS->version,
+		THIS->count,THIS->offset,(_FMT_)kread(&(vec->iov_len)), THIS->vlen);
+	CATCH_DEREF_FAULT();
 %}
 
 probe addevent.nfsd.proc.write.return
@@ -608,8 +631,10 @@ function log_nfsd_proc_commit(fhp:long,version:long,count:long,offset:long)%{ /*
 
 	decode_fh(&fhp->fh_handle,i_ino);		
 	_lket_trace(_GROUP_NFSD,_HOOKID_NFSD_PROC_COMMIT_ENTRY,"%1b%8b%8b%8b%1b%8b%8b",
-		(_FMT_)fhp->fh_handle.fh_size,i_ino[0],i_ino[1],i_ino[2],THIS->version,
+		(_FMT_)kread(&(fhp->fh_handle.fh_size)),
+		i_ino[0],i_ino[1],i_ino[2],THIS->version,
 		THIS->count,THIS->offset);
+	CATCH_DEREF_FAULT();
 %}
 
 probe addevent.nfsd.proc.commit.return
@@ -671,8 +696,10 @@ function log_nfsd_proc_remove(fhp:long,version:long,filename:string)%{ /*pure*/
 
 	decode_fh(&fhp->fh_handle,i_ino);		
 	_lket_trace(_GROUP_NFSD,_HOOKID_NFSD_PROC_REMOVE_ENTRY,"%1b%8b%8b%8b%1b%0s",
-		(_FMT_)fhp->fh_handle.fh_size,i_ino[0],i_ino[1],i_ino[2],THIS->version,
+		(_FMT_)kread(&(fhp->fh_handle.fh_size)),
+		i_ino[0],i_ino[1],i_ino[2],THIS->version,
 		THIS->filename);
+	CATCH_DEREF_FAULT();
 %}
 
 probe addevent.nfsd.proc.remove.return
@@ -708,9 +735,11 @@ function log_nfsd_proc_rename(fhp:long,version:long,filename:string,
 	decode_fh(&fhp->fh_handle,o_ino);	
 	decode_fh(&tfhp->fh_handle,i_ino);	
 	_lket_trace(_GROUP_NFSD,_HOOKID_NFSD_PROC_RENAME_ENTRY,"%1b%1b%8b%8b%8b%0s%1b%8b%8b%8b%0s",
-		THIS->version,(_FMT_)fhp->fh_handle.fh_size,o_ino[0],o_ino[1],o_ino[2],
-		THIS->filename, (_FMT_)tfhp->fh_handle.fh_size,i_ino[0],i_ino[1],i_ino[2],
-		THIS->tname);
+		THIS->version,(_FMT_)kread(&(fhp->fh_handle.fh_size)),
+		o_ino[0],o_ino[1],o_ino[2], THIS->filename,
+		(_FMT_)kread(&(tfhp->fh_handle.fh_size)),
+		i_ino[0],i_ino[1],i_ino[2], THIS->tname);
+	CATCH_DEREF_FAULT();
 %}
 
 probe addevent.nfsd.proc.rename.return
@@ -744,8 +773,10 @@ function log_nfsd_proc_create(fhp:long,version:long,filename:string)%{ /*pure*/
 
 	decode_fh(&fhp->fh_handle,i_ino);		
 	_lket_trace(_GROUP_NFSD,_HOOKID_NFSD_PROC_CREATE_ENTRY,"%1b%8b%8b%8b%1b%0s",
-		(_FMT_)fhp->fh_handle.fh_size,i_ino[0],i_ino[1],i_ino[2],
+		(_FMT_)kread(&(fhp->fh_handle.fh_size)),
+		i_ino[0],i_ino[1],i_ino[2],
 		THIS->version,THIS->filename);
+	CATCH_DEREF_FAULT();
 %}
 
 probe addevent.nfsd.proc.create.return
diff --git a/tapset/LKET/process.stp b/tapset/LKET/process.stp
index fb02614b..41f6d3f1 100755
--- a/tapset/LKET/process.stp
+++ b/tapset/LKET/process.stp
@@ -14,7 +14,8 @@ function log_execve_tracedata(var:long)
 	long tmp=(long)THIS->var;
 	_lket_trace(_GROUP_PROCESS, _HOOKID_PROCESS_EXECVE, "%4b%4b%4b%0s", 
 		(_FMT_)current->pid, (_FMT_)current->tgid, 
-		(_FMT_)current->parent->tgid, (char *)tmp); 
+		(_FMT_)current->parent->tgid,
+		(char *)tmp /* FIXME: deref hazard! */); 
 %}
 
 
@@ -26,8 +27,12 @@ function log_fork_tracedata(task:long)
 	_lket_trace(_GROUP_PROCESS, THIS->var_id, "%4b", (_FMT_)pid); 
 	*/
 	struct task_struct *task = (struct task_struct *)((long)THIS->task);
-	_lket_trace(_GROUP_PROCESS, _HOOKID_PROCESS_FORK, "%4b%4b%4b", (_FMT_)task->pid, 
-		(_FMT_)task->tgid, (_FMT_)task->parent->tgid); 
+	struct task_struct *parent = kread(&(task->parent));
+	_lket_trace(_GROUP_PROCESS, _HOOKID_PROCESS_FORK, "%4b%4b%4b",
+		(_FMT_)kread(&(task->pid)),
+		(_FMT_)kread(&(task->tgid)),
+		(_FMT_)kread(&(parent->tgid))); 
+	CATCH_DEREF_FAULT();
 %}
 
 
@@ -47,6 +52,7 @@ function process_snapshot()
 
 	/* iterate all the processes, and record the pid and process
 	name for each entry */
+	/* FIXME: need some sort of lock before doing this! */
 	for_each_process(tsk)  {
 		_lket_trace(_GROUP_PROCESS, _HOOKID_PROCESS_SNAPSHOT, "%4b%4b%4b%0s", 
 			(_FMT_)tsk->pid, (_FMT_)tsk->tgid, (_FMT_)tsk->parent->tgid, tsk->comm);
diff --git a/tapset/LKET/timestamp.stp b/tapset/LKET/timestamp.stp
index 471177a9..b450bd67 100755
--- a/tapset/LKET/timestamp.stp
+++ b/tapset/LKET/timestamp.stp
@@ -37,12 +37,11 @@ function set_timing_method(method:long)
 %{
 	if(THIS->method == TIMING_SCHEDCLOCK) {
 		pfn_schedclock = (pfn_schedclock_type)kallsyms_lookup_name("sched_clock");
-		if(!pfn_schedclock) {
+		if(!pfn_schedclock)
 			_stp_warn("Failed to lookup specified timing method sched_clock()\n");
-			return;
-		}
-	}
-	if(THIS->method > 0 && THIS->method <= MAX_TIMING_METHOD)
+		else
+			timing_method = THIS->method;
+	} else if(THIS->method > 0 && THIS->method <= MAX_TIMING_METHOD)
 		timing_method = THIS->method;
 %}
 
diff --git a/tapset/LKET/tskdispatch.stp b/tapset/LKET/tskdispatch.stp
index eeca9f06..05103f96 100755
--- a/tapset/LKET/tskdispatch.stp
+++ b/tapset/LKET/tskdispatch.stp
@@ -63,8 +63,11 @@ function log_ctxswitch_tracedata(var_id:long, prev:long, next_pid:long)
 	prev_tsk = (struct task_struct *)((long)THIS->prev);
 	next_tsk = (struct task_struct *)((long)THIS->next_pid);
 
-	_lket_trace(_GROUP_TASK, THIS->var_id, "%4b%4b%1b", (_FMT_)prev_tsk->pid, 
-		(_FMT_)next_tsk->pid, (_FMT_)prev_tsk->state); 
+	_lket_trace(_GROUP_TASK, THIS->var_id, "%4b%4b%1b",
+		(_FMT_)kread(&(prev_tsk->pid)),
+		(_FMT_)kread(&(next_tsk->pid)),
+		(_FMT_)kread(&(prev_tsk->state))); 
+	CATCH_DEREF_FAULT();
 %}
 
 function log_cpuidle_tracedata(var_id:long)
diff --git a/tapset/LKET/utils.stp b/tapset/LKET/utils.stp
index 5bff6a9f..8edab81e 100755
--- a/tapset/LKET/utils.stp
+++ b/tapset/LKET/utils.stp
@@ -23,13 +23,10 @@ function filter_by_pid:long()
 		 */ 
 		if( _stp_target != 0 && cur->tgid != _stp_target) {
 			THIS->__retvalue = 0;
-			return;
-		}
-
-		THIS->__retvalue = 1;
+		} else
+			THIS->__retvalue = 1;
 	} else  /*skip the events generated by stap itself*/
 		THIS->__retvalue = 0;
-	return;
 %}
 
 function reset_maxaction()