systemtap 4.3 release

From: Frank Ch. Eigler
Date: Thu Jun 11 2020 - 11:28:02 EST


The SystemTap team announces release 4.3

Enhancements to this release include: Userspace probes may be targeted
by buildid as an alternate to a path name, script functions may use
probe $context variables, stapbpf improvements including try-catch
statements, and error probes.

= Where to get it

https://sourceware.org/systemtap/ - our project page
https://sourceware.org/systemtap/ftp/releases/
https://koji.fedoraproject.org/koji/packageinfo?packageID=615
git tag release-4.3 (commit c9c23c987d)

There have been over 120.31415 commits since the last release.
There have been 27+ bugs fixed / features added since the last release.

= SystemTap frontend (stap) changes

- The target of process probes may be specified by hexadecimal buildid
as an alternative to a path name. This makes it possible to probe a
variety of versions or aliases of a program, even if they are
running inside containers under a different path name. Works best
with a debuginfod server that publishes the executables / debuginfo.
The following probes glibc.so 2.32-2.fc32.x86_64 from fedora running
anywhere on your machine.
# export DEBUGINFOD_URLS=https://debuginfod.elfutils.org/
# stap -e 'probe process("7ca24d4dc3de9d62d9ad6bb25e5b70a3e57a342f")
.function("*system") { log("hi") }'

- Functions can now be context-sensitive, meaning that they may make
references to $context variables and similar constructs that could
formerly appear only inside probe handlers. This is implemented by
cloning such functions for each probe.
Only some probe point (dwarf-based user & kernel) types are supported.
function foo () { println ($$vars) }
probe kernel.function("do_exit") { foo() }
probe process("/bin/ls").function("main") { foo() }
probe process("/lib*/libc.so.6").mark("*") { foo() }

- The process(EXE).begin probe handlers are now always triggered for
already-running target processes.

= SystemTap backend changes

- Almost all of the kmalloc() allocations exceeding 4KB have been
replaced by vmalloc(). This helps stap's kernel runtime work
properly on systems with serious fragmentation in physical memory
address space.

- More $variable resolution errors may be generated, especially for
@var("") constructs that target global variables. These are
duplicate-eliminated by default, but may be seen with verbosity>=2.

- The stapbpf backend now supports try-catch statements, an improved
error tapset, and error probes.

- The "Build-id mismatch" condition now becomes a warning, so while
related probes are not inserted, the rest of the script may run.

= SystemTap tapset changes

- Added a new tapset function dump_stack() which prints the current
kernel backtrace to the kernel trace buffer (as a thin wrapper
around the kernel C API function dump_stack).

- The proc_mem_rss() tapset function now includes the resident shared
memory pages as expected. The old behavior can be restored by the
--compatible=4.2 option on the command line.

- Modules compiled with guru mode for a particular kernel version can
now only be loaded on kernels with exactly matching version
(vermagic string) instead of any kernel whose API matches according
to the modversions mechanism. Use -B CONFIG_MODVERSIONS=y to restore
the prior behaviour.

= SystemTap sample scripts

- All 180+ examples can be found at https://sourceware.org/systemtap/examples/

- New sample scripts:
security-band-aids/cve-2018-1000001.stp
security-band-aids/cve-2018-6485
Historical emergency security band-aid scripts for example purposes only

= Examples of tested kernel versions

2.6.32 (RHEL6 x86_64)
3.10.0 (RHEL7 x86_64)
4.15.0 (Ubuntu 18.04 x86_64)
4.18.0 (RHEL8 x86_64, aarch64, ppc64le, s390x)
5.3.8 (Fedora 30 i686)
5.3.9 (Fedora 31 x86_64)
5.4.0 (Fedora 32 x86_64)
5.7.0 (Fedora 33 x86_64)

= Known issues with this release

- A change to syscall wrappers has resulted in the loss of the ability
to modify syscall parameters. (PR26015)

- An sdt probe cannot parse a parameter that uses a segment register.
(PR13429)

- The presence of a line such as
*CFLAGS += $(call cc-option, -fno-var-tracking-assignments)
in the linux kernel Makefile unnecessarily reduces debuginfo quality,
consider removing that line if you build kernels.

= Contributors for this release

Aaron Merey, Alice Zhang*, Craig Ringer*, Frank Ch. Eigler, Frank
Sorenson*, HATAYAMA Daisuke*, Juri Lelli*, Sagar Patel, Serhei Makarov,
Siddhesh Poyarekar, William Cohen, Yichun Zhang (agentzh)

Special thanks to new contributors, marked with '*' above.

= Bugs fixed for this release <https://sourceware.org/PR#####>

6834 stap-client should not use bash network redirections
10280 allow relaxing of `uname -r` matching runtime assertion ro ABI-compatible kernel series
11249 uprobes fails on glibc get-pc-thunk call insn probe
11277 _stp_text_str uses bad octal escapes
11599 Support data pointer in tracepoint callbacks
12609 Cannot see variable values in partial inlined functions with gcc 4.6
12970 populate runtime/bad-addr database
13793 IPv6 nfs_proc.stp tapset changes needed
13896 use darkserver for downloading debuginfo
15016 kernel 3.7.2xen uprobes can cause SEGV on probed app
15774 Userspace syscall.return probes do not support $arg variables
16131 CONFIG_USER_NS support
18001 Using sysname(), caller(), or callers(n) causes a gcc internal error
20394 inconsistency in exe/library paths searching between @cast() and process.library.function probes
22182 On rawhide, we're getting lots of 'suspicious RCU usage' kernel warnings
22265 on rawhide, we're getting a kernel panic
22315 bpf: error handling / try-catch? / error() function
23276 suspicious RCU usage' on rawhide 4.18.0-0.rc0
23634 WARNING: Can't parse SDT_V3 operand for x86_64 qemu tapset probe points
24954 stapdyn on ppc/aarch64 do not support full register set
25186 Vim ftplugin creates conflicting autocmd group
25265 stapscripts using ustack, ubacktrace etc fail to compile on kernel 5.3
25290 process(EXE).begin may occasionally miss already-running target processes from EXE
25298 unused blocks may cause segmentation fault
25568 buildid-based process probes
25579 detect kernel lockdown/secureboot in effect
25686 user_buffer_quoted incorrectly octal-escapes non-printable characters
25841 probe-context features for functions
26074 adapt to unexported kallsyms_lookup_name
26099 adapt to new struct proc_ops in procfs_create_data
26109 bug when begin probe exits quickly