| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
* runtime/staprun/relay_old.c (switch_oldoutfile): New function for file
switching.
(process_subbufs): Use switch_oldoutfile.
(reader_thread): Use ppoll() instead of poll() for receiving SIGUSR2
and switch output file when receiving a signal(SIGUSR2).
(switchfile_handler): Send SIGUSR2 signal to reader threads for file
switching.
(init_oldrelayfs): Assign switchfile_handler to SIGUSR2.
|
| |
|
|
|
|
|
|
|
|
| |
* runtime/staprun/relay.c (switch_outfile): New function for file switching.
(reader_thread): Don't assign empty_handler to SIGUSR2, and switch output
file when receiving signal(SIGUSR2) on ppoll.
(switchfile_handler): Send SIGUSR2 signal to reader threads for file
switching.
(init_relayfs): Assign switchfile_handler to SIGUSR2.
* staprun.1.in: Add FILE SWITCHING BY SIGNAL section.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
With old relayfs, out_fd is used only when non-bulk mode. However,
open_oldoutfile and open_relayfs_files open files with fopen and
set only percpu_tmpfile. This will cause a problem with -S option,
that out_fd will be closed when the file size reaches fsize_max
and new fd will be opened only on percpu_tmpfile.
So, out_fd should be synchronized with percpu_tmpfile.
* runtime/staprun/relay_old.c (open_oldoutfile): Set fd of output file
to out_fd[cpu].
(open_relayfs_files): Ditto.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
2009-09-03 Dave Brolley <brolley@redhat.com>
* tapsets.cxx (visit_cast_op): Don't disallow unprivileged users.
Annotate synthesized function with /* unprivileged */.
* tapset-utrace.cxx (register_tapset_utrace): Call allow_unprivileged
for process begin and end probes.
* translate.cxx (translate_pass): Generate '#define STP_PRIVILEGED 1'
unless --unprivileged was specified.
* runtime/transport/transport.c: Don't define _stp_unprivileged_user.
* runtime/task_finder.c (__stp_utrace_attach_match_filename): Check
that _stp_uid equals the task euid when STP_PRIVILEGED is not defined.
(stap_start_task_finder): Likewise.
* runtime/staprun/staprun.c (insert_stap_module): Don't generate
module option _stp_unprivileged_user.
|
| |
|
|
| |
check_permissions.
|
| |
|
|
| |
* runtime/staprun/staprun.c (enable_uprobes): insmod, not insert_module().
|
| |
|
|
| |
certificates does not exist. It just means that the signed module is untrusted.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* modverify.c (staprun.h): #include it.
(verify_it): Now accepts module data and signature data as arguments.
Don't open and read the signature here. Don't read the module here.
(verify_module): Now accepts module data as argument. Read the signature
once here.
* modverify.h (verify_module): Now accepts module data as argument.
* staprun.c (main): Don't call check_permissions here.
* staprun.h (check_permissions): Prototype removed.
* staprun_funcs.c (check_permissions): Now static. Accepts module data
as argument. Pass module data to check_signature.
(insert_module): Canonicalize the module path early here. Call
check_permissions here, passing it the mapped module data.
(check_signature): Now accepts module data as argument. Pass the module
data to verify_module.
(check_path): Use the already-canonicalized module path.
|
| |
|
|
|
|
|
| |
* runtime/staprun/staprun_funcs.c (check_permissions): Declare
check_signature_rc outside HAVE_NSS block.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |\
| |
| |
| |
| |
| | |
Conflicts:
cache.cxx
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* cache.cxx (add_to_cache,clean_cache): add static markers
* main.cxx (main): likewise
* runtime/staprun/common.c (send_request): likewise
* runtime/staprun/mainloop.c (stp_main_loop): likewise
* runtime/staprun/staprun.c (remove_module): likewise
* runtime/staprun/staprun.h: include sdt.h
* runtime/staprun/staprun_funcs.c (insert_module): likewise
* util.cxx (stap_system): likewise
* tapset/stap_staticmarkers.stp: new file
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* runtime/staprun/common.c (make_outfile_name): Moved from relay.c, fix not to
open /dev/null.XXX output files, and add 'bulk' argument for bulkmode.
* runtime/staprun/relay.c (make_outfile_name): Moved to common.c.
* runtime/staprun/relay_old.c (open_oldoutfile): Fix to use fopen() and store
FILE * to percpu_tmpfile[cpu].
|
| | |\ |
|
| | |\ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Conflicts:
runtime/print.c
runtime/transport/transport.c
runtime/transport/transport_msgs.h
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
2009-04-02 David Smith <dsmith@redhat.com>
* runtime.h: Defines STP_TRANSPORT_VERSION instead of STP_OLD_TRANSPORT.
* staprun/staprun.h (STP_OLD_TRANSPORT): Ditto.
* print.c: Changed STP_OLD_TRANSPORT to STP_TRANSPORT_VERSION.
* staprun/mainloop.c (stp_main_loop): Ditto.
* transport/transport.c: Ditto.
* transport/transport.h: Ditto.
* transport/transport_msgs.h: Ditto.
* transport/utt.h: Ditto.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Don't generate an error message for unsigned modules.
Make sure module signature exists before attempting to copy to the cache.
Allow timer p[robes for unprivileged users.
|
| |\ \ \ \
| | |_|/
| |/| | |
|
| | | |/
| |/|
| | |
| | |
| | | |
This is needed for run-stap so that stapio and all child processes can
run as the originally invoking user instead of root.
|
| |\| | |
|
| | | |
| | |
| | |
| | | |
HAVE_NSS related compile time warning.
|
| |\| | |
|
| | | | |
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
modsign.cxx
runtime/staprun/modverify.c
runtime/staprun/staprun_funcs.c
stap-authorize-server-cert
stap-authorize-signing-cert
stap-serverd
systemtap.spec
|
| | | | |
|
| |\| |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
Makefile.in
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Makefile.am: Add -fno-builtin-strftime to stapio_CFLAGS.
* Makefile.in: Ditto.
* runtime/staprun/common.c (stap_strfloctime): Use strftime(3).
(parse_args): Remove strftime format limitation message.
* main.cxx (usage): Ditto.
* stap.1.in: Ditto.
* staprun.8.in: Ditto.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* translate.cxx (c_unparser::emit_unprivileged_user_check): Generate
code to check _stp_unprivileged_user.
* testsuite/lib/systemtap.exp (setup_server): Copy stap-env to $net_path.
* runtime/transport/transport.c: Set up _stp_unprivileged_user.
* runtime/staprun/staprun_funcs.c (check_signature): Distiguish among
verification failure due to errors, tampering, untrusted signer.
(check_permissions): Likewise.
(check_groups): Set unprivileged_user.
* runtime/staprun/staprun.c (insert_stap_module): Set _stp_unprivileged_user.
* runtime/staprun/modverify.h (MODULE_OK): #define it.
(MODULE_UNTRUSTED,MODULE_CHECK_ERROR,MODULE_ALTERED): Likewise.
* runtime/staprun/modverify.c (modverify.h): #include it.
(verify_it): Distiguish among verification failure due to errors,
tampering, untrusted signer.
(verify_module): Likewise.
* runtime/staprun/common.c (unprivileged_user): Define it.
* runtime/staprun/staprun.h (unprivileged_user): Declare it.
* cache.cxx (get_from_cache): Get the module signature file.
* stap-authorize-server-cert: Source `dirname $0`/stap-env.
* stap-authorize-signing-cert: Likewise.
* stap-client: Likewise.
* stap-find-or-start-server: Likewise.
* stap-find-servers: Likewise.
* stap-gen-cert: Likewise.
* stap-server: Likewise.
* stap-serverd: Likewise.
* stap-start-server: Likewise.
|
| |\| | |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
When the relay threads encounter an error, they now send SIGTERM to the
rest of the process before the thread exit, so we get a clean shutdown.
For EPIPE in particular, error messages are also suppressed.
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
configure
runtime/staprun/staprun_funcs.c
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
This fixes bugs in strftime-subset function. This modifies %C, %l and %j to
fit the output of date command.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This fixes a bug in stapio, which checks written data size and switches
new file when it exceeds a limit. The problem is that written-data-size
counter ignores the first written-data size when switching files. So,
actual file size always exceeds the limit. This changes stapio to
initialize written-data-size counter with the size of the data which
will be written in new file.
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
aclocal.m4
configure
testsuite/aclocal.m4
Also:
2009-03-30 Dave Brolley <brolley@redhat.com>
* nsscommon.c (nssError): Handle SEC_ERROR_BAD_SIGNATURE.
2009-03-30 Dave Brolley <brolley@redhat.com>
* modverify.c (verify_it): Print a message if the module may have been
tampered with.
|
| |\| |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
Makefile.in
|
| | | |
| | |
| | |
| | |
| | | |
* runtime/staprun/staprun_funcs.c (check_path): Save fully
canonicalized and checked module path for later loading.
|
| |\| | |
|
| | | |
| | |
| | |
| | |
| | | |
Add strftime subset format support for output file name to systemtap.
This format will be evaluated when opening a new output file.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add file-switching option(-S size[,N]) to stapio. This option has two
arguments, 'size' and 'N', and requires -o option.
- When the size of output file exceeds specified 'size'MB, staprun switches
output file to the next file. For this purpose, all output file has a serial
number as a suffix only when user specifies this option.
- Using this option in bulk mode, the output file name will be
'FILE_cpuX.SERIAL'.
- When the number of files exceeds specified N, staprun removes the oldest
file. This argument can be omitted.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add '-D'(daemon mode) option to staprun/stapio for daemon mode.
In this mode, stapio shows just its pid and detachs from console.
Since it has no stdio, this mode requires -o option. stapio will
exit when it receives SIGTERM or detects some error.
|
| | | |
| | |
| | |
| | |
| | | |
Add an interface (eprintf) to output error messages to syslogd,
because staprun has no stderr after detaching from console.
|
| |\| | |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The kernel lockdep checking found a possible deadlock if a forced rmmod
tried to destroy _stp_work_queue at the same time that the work queue
was unregistering tracepoints. An unlikely scenario, but still
possible.
Now the work queue will just issue a STP_REQUEST_EXIT down to usermode,
and usermode will echo back an STP_EXIT that triggers the actual probe
cleanup. This way the unregistrations are happening in exactly the same
context as the registrations were.
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* util.cxx (remove_file_or_dir): New function.
* util.h (remove_file_or_dir): New function.
* systemtap.spec (stap): Add stap-env, stap-gen-cert, stap-authorize-cert,
and stap-authorize-signing-cert.
(stap-client): Remove stap-find-or-start-server, stap-add-server-cert.
Add stap-authorize-server-cert.
(stap-server): Add stap-find-servers, stap-find-or-start-server,
stap-authorize-server-cert. Remove stap-gen-server-cert.
* stap-find-servers: Source stap-env. Use $stap_avahi_service_tag.
(initialization): Set timeout to 10.
(find_servers): Run avahi-browse in the background and wait for it.
Use a temp file for the output of avahi-browse. Kill avahi-browse if
the timeout expires.
(match_server): Set read timeout.
(fatal): New function.
* stap-find-or-start-server: Source stap-env. Use $stap_exec_prefix. Always
exit with 0.
* stap-start-server: Source stap-env. Check for the server PID as a running
process and for avahi-publish-service running as a child in order to
verify that the server is ready.
* stap-add-server-cert: Renamed to stap-authorize-server-cert. Source
stap-env. Call stap-authorize-cert.
* stap-client: Source stap-env. Use $stap_user_ssl_db and
$stap_root_ssl_db. Use $stap_tmpdir_prefix_client,
$stap_tmpdir_prefix_server. Use $stap_exec_prefix.
(configuration): Removed.
(staprun_running): Removed.
(interrupt): Don't kill staprun.
* stap-server: Source stap-env. Use $stap_user_ssl_db and
$stap_root_ssl_db. Use $stap_tmpdir_prefix_client,
$stap_tmpdir_prefix_server. Use $stap_exec_prefix.
(configuration): Removed.
* session.h (systemtap_session): Add cert_db_path.
* runtime/staprun/staprun_funcs.c (config.h): #include it.
(modverify.h): #include it.
(check_signature): New function.
(check_groups): New function extracted from check_permissions.
(check_permissions): Call check_groups and check_signature.
* runtime/staprun/mainloop.c (cleanup_and_exit): Pass modpath to staprun,
not modname.
* main.cxx (main): Initialize cert_db_path. Handle LONG_OPT_SIGN_MODULE.
Save the module signature if the module was signed and is being saved.
(LONG_OPT_SIGN_MODULE): #define it.
(long_options): Add --sign-module.
* cache.cxx (config.h): #include it.
(add_to_cache): Add the module signature file to the cache if the module
has been signed.
* buildrun.cxx (modsign.h): #include it.
(compile_pass): Call sign_module, if requested.
* configure.ac: Define HAVE_NSS if NSS libraries are available.
* Makefile.am (AM_CPPFLAGS): Add -DSYSCONFDIR.
(bin_SCRIPTS): Add stap-env, stap-gen-cert, stap-authorize-cert,
stap-authorize-signing-cert, stap-authorize-server-cert. Remove
stap-gen-server-cert, stap-add-server-cert.
(stap_SOURCES): Add nsscommon.c, modsign.cxx
(stap_CPPFLAGS): Add $(nss_CFLAGS), $(nspr_CFLAGS).
(stap_LDADD): Add -lnss3.
(staprun_SOURCES): Add nsscommon.c.
* modsign.cxx: New file.
* modsign.h: New file.
* nsscommon.c: New file.
* nsscommon.h: New file.
* runtime/staprun/modverify.c: New file.
* runtime/staprun/modverify.h: New file.
* stap-authorize-cert: New file.
* stap-authorize-signing-cert: New file.
* stap-env: New file.
* Makefile.in: Regenerated.
* aclocal.m4: Regenerated.
* config.in: Regenerated.
* configure: Regenerated.
* doc/Makefile.in: Regenerated.
* doc/SystemTap_Tapset_Reference/Makefile.in: Regenerated.
* testsuite/Makefile.in: Regenerated.
* testsuite/aclocal.m4: Regenerated.
|
| |
|
|
|
|
| |
Mark Wielaard, a dear friend of the departed, will be performing a song
and dance at the funeral services to commemorate the joyous times that
they had together.
|
| |
|
|
|
|
| |
PR9788
* mainloop.c (cleanup_and_exit): Added workaround for bug 9788 by
fork'ing/exec'ing staprun.
|
| | |
|
| | |
|
