Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

4.198. systemtap

Updated systemtap packages that fix one security issue are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link associated with the description below.
SystemTap is an instrumentation system for systems running the Linux kernel. The system allows developers to write scripts to collect data on the operation of the system.

Security Fix

A race condition flaw was found in the way the staprun utility performed module loading. A local user who is a member of the stapusr group could use this flaw to modify a signed module while it is being loaded, allowing them to escalate their privileges.
SystemTap users should upgrade to these updated packages, which contain a backported patch to correct this issue.
Updated systemtap packages that fix various bugs are now available for Red Hat Enterprise Linux 5.
SystemTap provides infrastructure to simplify the gathering of information about the running Linux system. This assists diagnosis of a performance or a functional problem. Developers can write scripts to collect data without the need to go through the tedious and disruptive instrument, recompile, install, and reboot sequence that may be otherwise required to collect data.
The systemtap package has been upgraded to upstream version 1.6, which provides a number of bug fixes and enhancements over the previous version. (BZ#683481)

Bug Fixes

When running the "with server" portion of the SystemTap buildok test suite, the server needs an authorized certificate for signing the code the compiler server built. In some cases, a client running the test suite never obtained the authorized certificate. Consequently, additional failures were reported by the test suite compared to the self-hosted buildok test runs. This bug has been fixed and now, results for the "with server" portion of test suite and the self-hosted test suite match.
The systemtap data structure to track address accesses requires a locking mechanism to prevent data corruption. Previously, spinlocks were used but they caused kernel panics if excessive contention for reading the data structure occurred. With this update, the locking mechanism has been changed to rwlock, which allows concurrent reading of the data structure, thus fixing this bug.
For some error conditions (such as "out of memory"), the debugfs directory associated with a systemtap script remained in the system even after the script exited. Consequently, other scripts run afterwards were unable to create their own debugfs directory until the system had been rebooted. With this update, the runtime transport code has been updated to remove debugfs directories every time a systemtap script exits.
Previously, tracepoint names for softirq probe points (used in older kernels) and for the irq.stp tapset (used in newer kernels) did not match. Consequently, the softirq.* probe points were not found on kernels in Red Hat Enterprise Linux 5. Now, the irq.stp tapset has been updated to allow systemtap to find older softirq probe points in older kernels.
In some cases, the operands in the newest version of user-space markers could not be parsed, causing some tests to fail. With this update, SystemTap parsing of marker arguments has been fixed to handle the operands for the newest version of user-space markers and the tests now pass as expected.
The memory-write_shared_copy.stp test uses the memory.stp tapset's vm.write_shared_copy probe. In earlier versions of systemtap, this probe was a dummy, letting the test case falsely pass. In later versions, it became a real probe, but due to incomplete debug information generated by the gcc compiler, it cannot be fully resolved on a Red Hat Enterprise Linux 5 kernel. Consequently, the test case fails. This appeared as a regression, because the earlier pass of the test was in fact false. With this update, this test case has been designated as a "KFAIL" (known failure) and is no longer considered a regression.
Users of systemtap are advised to upgrade to these updated packages, which fix these bugs.