1.282. systemtap

Updated systemtap packages that fix two security issues are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below.
SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system.

Security Fixes

CVE-2011-1769, CVE-2011-1781
Two divide-by-zero flaws were found in the way SystemTap handled malformed debugging information in DWARF format. When SystemTap unprivileged mode was enabled, an unprivileged user in the stapusr group could use these flaws to crash the system. Additionally, a privileged user (root, or a member of the stapdev group) could trigger these flaws when tricked into instrumenting a specially-crafted ELF binary, even when unprivileged mode was not enabled.
SystemTap users should upgrade to these updated packages, which contain a backported patch to correct these issues.
Updated systemtap packages that fix two security issues are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below.
SystemTap is an instrumentation system for systems running the Linux kernel. The system allows developers to write scripts to collect data on the operation of the system.

Security Fixes

CVE-2011-2502
It was found that SystemTap did not perform proper module path sanity checking if a user specified a custom path to the uprobes module, used when performing user-space probing ("staprun -u"). A local user who is a member of the stapusr group could use this flaw to bypass intended module-loading restrictions, allowing them to escalate their privileges by loading an arbitrary, unsigned module.
CVE-2011-2503
A race condition flaw was found in the way the staprun utility performed module loading. A local user who is a member of the stapusr group could use this flaw to modify a signed module while it is being loaded, allowing them to escalate their privileges.
SystemTap users should upgrade to these updated packages, which contain backported patches to correct these issues.
SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system.
With this update SystemTap is now re-based on upstream version 1.4. This re-base features several enhancements.

Bug Fixes

BZ#600382
Some SystemTap probes require the additional module, uprobes.ko, at run time. This additional module is usually built automatically when the script is compiled. However, in the client-server case, the uprobes.ko module is not returned by the server to the client. Consequently, missing symbols are reported when the module representing the script is loaded. To work around this issue, use the following command to manually build the uprobes.ko module on the client host.
        make -C prefix/share/systemtap/runtime/uprobes
Note that prefix is the install prefix for SystemTap, and that this manual build of uprobes.ko will only need to be done once.
BZ#609636
Unwinding through a Common Flash Memory Interface (CFI) from the .debug_frame section in a prelinked shared library was broken on an i686. This update ensures user space shared libraries are no longer a special case, but are treated similarly to other sections using .debug_frames for unwinding, resulting in unwinding working as expected on an i686. This also fixes a similar issue with unwinding through kernel modules.
BZ#618867
Probing ioblock.stp failed with the error "ERROR: kernel read fault" before shutting down. This was due to an error with the null pointer dereference. In this update, before kread to occur, a check is added to monitor another parameter in the "bio" structure. This gives the count of the vector pages allocated. If there are none the pointer is not dereferenced. This allows ioblock.stp to be probed as expected.
BZ#624657
When sending stapio a signal to unload a module, it would fail with an error saying that the script was still running. This was because, after the signal was sent, it was not waiting for the module to be unloaded before continuing with the script. This update adds a check to ensure the module has finished being unloaded before declaring a success, allowing the module to be unmounted as expected.
BZ#625849
SystemTap provides bench.sh, a script that compiles benchmark code on a system, then monitors the system as it runs the code. The benchmark code previously provided with SystemTap was designed to run on the 64-bit x86 architecture. Therefore, attempting to run the script on other architectures would fail. This updated package provides code that runs on architectures other than 64-bit x86. Users of SystemTap can now measure probe performance on all architectures supported by Red Hat.
BZ#634995
This update rebases SystemTap from the upstream release which includes several new features, including the --remote command, allowing users to build the SystemTap module locally, and execute remotely via SSH.
BZ#640097
An automated stress test for userspace apps with extensive probing failed with segmentation faults. This was caused by two things. The first was uprobes with vfork were not being handled correctly. Now, when a vfork'ed thread executes, probes are not removed from the vfork parent while the thread associations are cleaned up. The second problem was regarding uprobes problems with empty functions/newer GCCs. With this patch, the newer GCCs that were emitting conditional returns for empty functions, which uprobes instruction handler was not expecting, have been fixed. This allows the probing to proceed as expected.
BZ#643866
When testing the client.stp script, libvirtd printed out a lot of errors when it started up. This occurred whenever the CLONE_NEWPID flag was called as SystemTap was looking for the Process Identifier (PID) in the private PID namespace instead of the public PID namespace. This has been rectified in this patch, allowing the client.stp script to run as expected.
BZ#607227
Previously, the code for starting, stopping, and restarting SystemTap was defined in SystemTap's own initscript rather than using the globally defined behaviors on the system. SystemTap's own handling of the 'restart' action did not start SystemTap if it was not already running. This updated package copies the $SCRIPTS global scripts as a basis for its initscript actions. The 'restart' action therefore has the same default behavior as other initscripts on the system and additionally now honors the 'force-reload', 'reload', 'condrestart' and 'try-restart' actions.
BZ#646871
After a prelink was used, attempting to use SystemTap user-space probes that target functions or statements in certain shared libraries, or exectuables based on separate debuginfo, resolved to the wrong PC location in a prelinked binary. This resulted in the intended probes failing to fire at the correct place in the program, leading to the program crashing or misbehaving due to a corrupted instruction sequence resulting from incorrect breakpoint insertion. This update adjusts the libdwfl (libdw.so) library code to use more reliable methods of compensating for prelink's effect on the address layout of a binary while aligning a runtime PC address with an address computed from the separate debuginfo file. This allows SystemTap probes to work the same on prelinked binaries as they do on the same binaries when they have not been adjusted by prelink.
BZ#670644
When attempting to build an exectuable of Ruby including SystemTap marker, some arguments for markers were truncated to 8 bits in size. This was caused by the function "%rbx being an 8 bit register rather than the full 64 bit register. This function has been changed to 64 bit which resolves the issue.
BZ#671004
GCC sometimes emitted the code sequence repnz;ret to end a function. SystemTap's uprobes module then rejected this as an unknown instruction sequence. This patch allows such instructions to be treated as rep;ret = ret, allowing stap to run without risk, even with such optimized GCC code.
BZ#676641
Previously /user/bin/dtrace was provided by systemtap-sdt-devel, while dtrace(1) man page was provided by SystemTap. This caused confusion when the binary was not found. This update puts the dtrace(1) man page in the same package as the binary, removing the confusion and resolving this issue.
BZ#681190
Previously, SystemTap's user module build id check was not aware of address space. Consequently, running a user space tracing script could fail. In this updated package, the get_user() function in the build id check is bracketed by set_fs(), which ensures that the function is called in the correct space and that user space tracing scripts run correctly.
BZ#683569
The SystemTap Beginner's Guide gave inaccurate instructions on how to configure yum to access the debuginfo packages. With Red Hat Enterprise Linux 6, the debuginfo packages are located in the Red Hat Network. With this patch the documentation now reflects this.
BZ#690597
Previously, python's sys/sdt.h probes were not being activated on IBM System z architectures. This was because some IBM System z architectures do not have noexec mappings for data sections so the .probes section with SDT semaphores was mapped with RWX rather than RW-. This patch checks VM flag needs to accommodate this giving the ability to deal with mappings that are both executable and writable so semaphores can be found.
BZ#691693
The testcase systemtap.base/bench.exp FAILed. This was due to a change of output from Red Hat Enterprise Linux 6.0 and Red Hat Enterprise Linux 6.1. This patch updates the test to handle newer probe timing report output, preventing this.
BZ#691750
The testcase systemtap.printf/ring_buffer.exp had 1 FAIL. This was because the variable was already static so needed to be initialized to 0. This patch removes the unneeded initializer and eliminated a warning message from compiling the code, preventing this error.
BZ#691760
The testcase systemtap.stress/conversions.exp had 3 FAILs. This was because PR12168 eliminated duplicated error messages and changed the count of ERROR and WARNING messages. This patch adds the -vv option which turns off the duplication eliminate and allows an accurate count of the number of times ERROR and WARNING messages occurred, preventing these errors.
BZ#692869
The testcases systemtap.examples/process/errsnoop build, buildok/syscall.stp, and buildok/syscalls2-detailed.stp failed to build with a semantic error. This patch checks for the existence of dwarf variables instead of using CONFIG_NFSD, which allows these testcases to build successfully.
Updated systemtap packages that fix two bugs bug are now available for Red Hat Enterprise Linux 6.
SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system.
Bug Fixes
BZ#725809
When the system ran out of memory in a module, systemtap failed to remove the module directory created by the debugfs debugger. Consequently, systemtap was unable to load the same module until after a system reboot; sometimes even a kernel panic occurred. With this update, a patch has been provided to address this issue, and systemtap now properly removes the module directory in the described scenario, thus fixing this bug.
BZ#726051
Under unusual circumstances, the rate of error or warning messages sent from the probe module to userspace exceeded various buffers. As a consequence, some control messages were sometimes lost which eventually led to a kernel panic in some cases. With this update, the transport layer ensures that all control messages are delivered even if there is a flood of warning or error messages, thus fixing this bug.
Affected systemtap users should upgrade to these updated packages, which fix these bugs.