0

systemtap 注册错误。

WARNING: probe process("/home/user/a.out").function("func").return inode-offset 00000000468ed0c6 registration error (rc -5)
WARNING: probe process("/home/user/a.out").function("func").call inode-offset 00000000468ed0c6 registration error (rc -5)
WARNING: task_finder mmap inode-uprobes callback for task 28532 failed: -5

我正在学习systemtap。我有一个在 while 循环中调用函数的进程。当我使用“stap -v test.stp”启动 systemtap 来探测用户空间函数时,我得到了注册错误。以下是完整的屏幕截图;

Pass 1: parsed user script and 465 library scripts using 112640virt/48788res/6452shr/42636data kb, in 100usr/20sys/123real ms.
Pass 2: analyzed script: 3 probes, 2 functions, 4 embeds, 3 globals using 114256virt/51968res/7840shr/44252data kb, in 50usr/110sys/162real ms.
Pass 3: using cached /root/.systemtap/cache/66/stap_662fe7689c5fb5d6ef569e8246fa1c8a_3296.c
Pass 4: using cached /root/.systemtap/cache/66/stap_662fe7689c5fb5d6ef569e8246fa1c8a_3296.ko
Pass 5: starting run.
WARNING: probe process("/home/admin/a.out").function("func").return inode-offset 00000000468ed0c6 registration error (rc 0)
WARNING: probe process("/home/admin/a.out").function("func").call inode-offset 00000000468ed0c6 registration error (rc 0)
^CERROR: empty aggregate near operator '@max' at test.stp:6:37
WARNING: Number of errors: 1, skipped probes: 0
WARNING: /usr/bin/staprun exited with status: 1
Pass 5: run completed in 0usr/20sys/9318real ms.
Pass 5: run failed.  [man error::pass5]

测试.stp

probe process("/home/user/a.out").function("func").return {
  stats <<< gettimeofday_ns() - @entry(gettimeofday_ns())
}
probe end {
  printf("max/avg/min: %d/%d/%d\n", @max(stats), @avg(stats), @min(stats))
  print(@hist_log(stats))
}
global stats

测试.c

#include <stdlib.h>
#include <unistd.h>
void func()
{
        printf("Hello\n");
    sleep(1);
}
int main()
{
    while (1)
    {
          func();
    }
}
4

1 回答 1

1

systemtap 不支持覆盖/联合文件系统。如果文件位于overlayfs 中,则必须更改systemtap 用户空间代码以获取文件的真实inode。为此,systemtap 需要更改和构建代码。下载systemtap源代码对文件进行修改uprobes-inode.c。更改是使用d_backing_inode查找inode。需要在两个地方进行更改。

    inode_1 = d_backing_inode(d_real((struct dentry *) dentry, NULL, 0, 0)); //use inode_1 in the following function.
    if ((vm_flags & VM_EXEC) && !(vm_flags & VM_WRITE))
        rc = stapiu_change_plus(target, task, addr, length,
                    offset, vm_flags, inode_1);
        //          offset, vm_flags, dentry->d_inode);


    vm_file = stap_find_exe_file(mm);
    if (vm_file) {
        if (vm_file->f_path.dentry)
        {
            //inode = vm_file->f_path.dentry->d_inode;
            inode = d_backing_inode(d_real((struct dentry *) vm_file->f_path.dentry, NULL, 0, 0));
        
        }
        fput(vm_file);
于 2019-08-16T06:58:08.840 回答