diff options
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 87 |
1 files changed, 49 insertions, 38 deletions
@@ -1,32 +1,5 @@ * What's new -- Memory consumption for scripts involving many uprobes has been - dramatically reduced. - -- The preprocessor now supports || and && in the conditions. - %( arch == "x86_64" || arch == "ia64" %: ... %) - -- It is now possible to cross-compile systemtap scripts for foreign - architectures, using the new '-a ARCH' and '-B OPT=VALUE' flags. - For example, put arm-linux-gcc etc. into your $PATH, and point - systemtap at the target kernel build tree with: - stap -a arm -B CROSS_COMPILE=arm-linux- -r /build/tree [...] - The -B option is passed to kbuild make. -r identifies the already - configured/built kernel tree and -a its architecture (kbuild ARCH=...). - Systemtap will infer -p4. - -- The systemtap notion of "architecture" now matches the kernel's, rather - than that of "uname -m". This means that 32-bit i386 family are all - known as "i386" rather than "i386" or "i686"; "ppc64" as "powerpc"; - "s390x" as "s390", and so on. This is consistent between the new - "-a ARCH" flag and the script-level %( arch ... %) conditional. - -- It is now possible to define multiple probe aliases with the same name. - A probe will expand to all matching aliases. - probe foo = bar { } - probe foo = baz { } - probe foo { } # expands twice, once to bar and once to baz - - Support for unprivileged users: ***************************************************************************** * WARNING!!!!!!!!!! @@ -42,18 +15,24 @@ - Using the --unprivileged option on stap enables translation-time checking for use by unprivileged users (see restrictions below). - All modules deemed suitable for use by unprivileged users will be signed - by stap (see module signing in release 0.9.8 below). - - Modules signed by trusted users and verified by staprun will be loaded by - staprun regardless of the user's privilege level. - - The system administrator asserts the trustworthiness of a user by running - stap-authorize-signing-cert <cert-file> as root, where <cert-file> can - be found in ~<user>/.systemtap/ssl/server/stap.cert. - - Restrictions are intentionally strict at this time and will be relaxed in + by stap-server when --unprivileged is specified on stap-client (see module + signing in release 0.9.8 and stap-server in release 0.9 below). + - Modules signed by trusted signers (servers) and verified by staprun will be + loaded by staprun regardless of the user's privilege level. + - The system administrator asserts the trustworthiness of a signer (server) by + running stap-authorize-signing-cert <cert-file> as root, where <cert-file> + can be found in ~<user>/.systemtap/ssl/server/stap.cert for servers started + by ordinary users and in $sysconfdir/systemtap/ssl/server/stap.cert for + servers started by root. + - Servers started by root are automatically authorized as trusted signers on + the local host. + - Restrictions are intentionally strict at this time and may be relaxed in the future: - probe points are restricted to: - begin, begin(n), end, end(n), error(n), never, - timer.{jiffies,s,sec,ms,msec,us,usec,ns,nsec}(n)*, timer.hz(n) - - embedded C code is not allowed. + begin, begin(n), end, end(n), error, error(n), never, + timer.{jiffies,s,sec,ms,msec,us,usec,ns,nsec}(n)*, timer.hz(n), + process.* (for processes owned by the user). + - use of embedded C code is not allowed. - use of tapset functions using embedded C code is restricted. - accessing the kernel memory space is not allowed. - The following command line options may not be used: @@ -65,6 +44,38 @@ SYSTEMTAP_RUNTIME, SYSTEMTAP_TAPSET, SYSTEMTAP_DEBUGINFO_PATH - nss and nss-tools are required to use this feature. +- Memory consumption for scripts involving many uprobes has been + dramatically reduced. + +- The preprocessor now supports || and && in the conditions. + %( arch == "x86_64" || arch == "ia64" %: ... %) + +- It is now possible to cross-compile systemtap scripts for foreign + architectures, using the new '-a ARCH' and '-B OPT=VALUE' flags. + For example, put arm-linux-gcc etc. into your $PATH, and point + systemtap at the target kernel build tree with: + stap -a arm -B CROSS_COMPILE=arm-linux- -r /build/tree [...] + The -B option is passed to kbuild make. -r identifies the already + configured/built kernel tree and -a its architecture (kbuild ARCH=...). + Systemtap will infer -p4. + +- The systemtap notion of "architecture" now matches the kernel's, rather + than that of "uname -m". This means that 32-bit i386 family are all + known as "i386" rather than "i386" or "i686"; "ppc64" as "powerpc"; + "s390x" as "s390", and so on. This is consistent between the new + "-a ARCH" flag and the script-level %( arch ... %) conditional. + +- It is now possible to define multiple probe aliases with the same name. + A probe will expand to all matching aliases. + probe foo = bar { } + probe foo = baz { } + probe foo { } # expands twice, once to bar and once to baz + +- A new experimental transport mechanism, using ftrace's ring_buffer, + has been added. This may become the default transport mechanism in + future versions of systemtap. To test this new transport mechanism, + define 'STP_USE_RING_BUFFER'. + * What's new in version 0.9.9 - Systemwide kernel .function.return (kretprobe) maxactive defaults may @@ -139,7 +150,7 @@ syscall arguments are also available by name in nd_syscalls. - Module signing: If the appropriate nss libraries are available on your - system, stap will sign each compiled module using a self-generated + system, stap-server will sign each compiled module using a self-generated certificate. This is the first step toward extending authority to load certain modules to unprivileged users. For now, if the system administrator adds a certificate to a database of trusted signers |