Linux运行内核探针systemtap脚本失败,出现语义错误:"no match"; [英] Linux run kernel probe systemtap script failed with semantic error: no match"
问题描述
我有2个实验环境:CentOS 6.8和Ubuntu 16.04都在Virtualbox VM中运行.
I've got 2 experimental environment: CentOS 6.8 and Ubuntu 16.04 Both run inside Virtualbox VM.
在我安装的CentOS上
On CentOS I installed
yum install kernel-devel kernel-debug
在Ubuntu上,我安装了:
On Ubuntu I installed:
sudo apt-get install linux-headers-$(uname -r)
sudo apt-get install fakeroot build-essential crash kexec-tools makedumpfile kernel-wedge
在两个系统上,我都可以成功运行它:
On both systems I can run this successfully:
stap -ve 'probe begin { log("hello world") exit() }'
我尝试了 systemtap 指南中的 .stp 脚本:
I tried this .stp script from systemtap guide:
#!/usr/bin/stap
probe begin
{
log("begin probe")
}
probe syscall.open
{
printf("%s(%d) open (%s)\n",execname(),pid(),argstr)
}
probe timer.ms(4000)#4s later
{
exit()
}
probe end
{
log("end probe")
}
chmod + x ... 脚本并以 root 用户身份运行.两个系统都报告错误,例如:
chmod +x ... the script and run as root user. Both systems report errors like:
./test2.stp -v
Pass 1: parsed user script and 124 library script(s) using 217780virt/45168res/3204shr/42664data kb, in 210usr/20sys/238real ms.
semantic error: while resolving probe point: identifier 'kernel' at /usr/share/systemtap/tapset/linux/syscalls2.stp:197:24
source: probe __syscall.open = kernel.function("sys_open").call
^
semantic error: missing x86_64 kernel/module debuginfo [man warning::debuginfo] under '/lib/modules/2.6.32-642.el6.x86_64/build'
semantic error: while resolving probe point: identifier '__syscall' at :177:47
source: probe syscall.open = __syscall.compat_open ?, __syscall.open
^
semantic error: no match
semantic error: while resolving probe point: identifier 'syscall' at ./test2.stp:6:7
source: probe syscall.open
^
semantic error: no match
Pass 2: analyzed script: 3 probe(s), 6 function(s), 0 embed(s), 0 global(s) using 230172virt/57516res/5204shr/52952data kb, in 120usr/150sys/270real ms.
Pass 2: analysis failed. [man error::pass2]
这个错误是关于什么的?这是安装问题吗?我的脚本中有语法错误吗?
What's this error about? Is it an installation problem? Is there a syntax error in my script?
非常感谢.
推荐答案
tl; dr 安装内核映像调试符号,例如包 linux-image-$(uname -r)-dbgsym .
tl;dr install kernel image debug symbols, e.g. package linux-image-$(uname -r)-dbgsym.
我有类似的错误
$ sudo stap -v udp_detect_exec.stp
...
semantic error: while resolving probe point: identifier 'kernel' at /usr/share/systemtap/tapset/linux/udp.stp:39:21
source: probe udp.sendmsg = kernel.function("udp_sendmsg") {
从 systemtap 脚本到跟踪DNS请求
#! /usr/bin/env stap
probe udp.sendmsg (
if ( dport == 53 && ( daddr == "8.8.8.8" || daddr == "8.8.4.4" ) ) {
printf ("PID %5d (%s) sent UDP to %15s 53\n", pid(), execname(), daddr)
}
}
按照此blog.jeffli.me post ,一个 hello world systemtap 脚本起作用.
Following this blog.jeffli.me post, a hello world systemtap script worked.
sudo stap -e 'probe kernel.function("sys_open") {log("hello world") exit()}'
解决方案(安装内核调试符号)
此 wiki.ubuntu.com条目,我的Ubuntu 16.04 系统缺少内核调试符号.我执行了安装步骤:
Solution (install kernel debug symbols)
Following this wiki.ubuntu.com entry, my Ubuntu 16.04 system was missing the kernel debug symbols. I ran install steps:
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C8CAB6595FDFF622
codename=$(lsb_release -c | awk '{print $2}')
sudo tee /etc/apt/sources.list.d/ddebs.list << EOF
deb http://ddebs.ubuntu.com/ ${codename} main restricted universe multiverse
deb http://ddebs.ubuntu.com/ ${codename}-security main restricted universe multiverse
deb http://ddebs.ubuntu.com/ ${codename}-updates main restricted universe multiverse
deb http://ddebs.ubuntu.com/ ${codename}-proposed main restricted universe multiverse
EOF
sudo apt-get update
sudo apt-get install linux-image-$(uname -r)-dbgsym
脚本 udp_detect_exec.stp 成功运行.
我建议在 wiki.ubuntu.com 条目中检查更新的 apt-get install 步骤.
I recommended checking for updated apt-get install steps at the wiki.ubuntu.com entry.
这篇关于Linux运行内核探针systemtap脚本失败,出现语义错误:"no match";的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
