forked from pool/systemtap
converted link to branch
OBS-URL: https://build.opensuse.org/package/show/devel:tools/systemtap?expand=0&rev=9
This commit is contained in:
parent
a9cdc7d2f9
commit
f843c43c01
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:c57c639399982ad2d0f6e903066397a7cac0b99babdaa611901b5d3083ffabb6
|
|
||||||
size 1172877
|
|
3
systemtap-1.0.tar.bz2
Normal file
3
systemtap-1.0.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:9a942ba85d6360023e6f8503a8dd4c8493d16b17cb474cc8f0ad5a50cec3607a
|
||||||
|
size 1205746
|
135
systemtap-CVE-limit-dwarf-expression-stack-size.patch
Normal file
135
systemtap-CVE-limit-dwarf-expression-stack-size.patch
Normal file
@ -0,0 +1,135 @@
|
|||||||
|
From: Jan Lieskovsky <jlieskov@redhat.com>
|
||||||
|
Subject: Three SystemTap-1.0 denial of service issues
|
||||||
|
References: CVE-2009-2911, BNC#548361
|
||||||
|
Upstream: yes
|
||||||
|
|
||||||
|
Three denial of service flaws were found in the SystemTap
|
||||||
|
instrumentation system of version 1.0, when the --unprivileged mode was
|
||||||
|
activated:
|
||||||
|
|
||||||
|
b, Kernel stack frame overflow allows local attackers to cause denial
|
||||||
|
of service via specially-crafted user-provided DWARF information.
|
||||||
|
|
||||||
|
diff --git a/dwflpp.cxx b/dwflpp.cxx
|
||||||
|
index 636cd38..c31548d 100644
|
||||||
|
--- a/dwflpp.cxx
|
||||||
|
+++ b/dwflpp.cxx
|
||||||
|
@@ -2272,7 +2272,15 @@ dwflpp::express_as_string (string prelude,
|
||||||
|
|
||||||
|
fprintf(memstream, "{\n");
|
||||||
|
fprintf(memstream, "%s", prelude.c_str());
|
||||||
|
- bool deref = c_emit_location (memstream, head, 1);
|
||||||
|
+
|
||||||
|
+ unsigned int stack_depth;
|
||||||
|
+ bool deref = c_emit_location (memstream, head, 1, &stack_depth);
|
||||||
|
+
|
||||||
|
+ // Ensure that DWARF keeps loc2c to a "reasonable" stack size
|
||||||
|
+ // 32 intptr_t leads to max 256 bytes on the stack
|
||||||
|
+ if (stack_depth > 32)
|
||||||
|
+ throw semantic_error("oversized DWARF stack");
|
||||||
|
+
|
||||||
|
fprintf(memstream, "%s", postlude.c_str());
|
||||||
|
fprintf(memstream, " goto out;\n");
|
||||||
|
|
||||||
|
diff --git a/loc2c-test.c b/loc2c-test.c
|
||||||
|
index 495a95f..ed7aa4b 100644
|
||||||
|
--- a/loc2c-test.c
|
||||||
|
+++ b/loc2c-test.c
|
||||||
|
@@ -329,11 +329,14 @@ handle_variable (Dwarf_Die *lscopes, int lnscopes, int out,
|
||||||
|
"{\n"
|
||||||
|
" intptr_t value;");
|
||||||
|
|
||||||
|
- bool deref = c_emit_location (stdout, head, 1);
|
||||||
|
+ unsigned int stack_depth;
|
||||||
|
+ bool deref = c_emit_location (stdout, head, 1, &stack_depth);
|
||||||
|
|
||||||
|
obstack_free (&pool, NULL);
|
||||||
|
|
||||||
|
- puts (store ? " return;" :
|
||||||
|
+ printf (" /* max expression stack depth %u */\n", stack_depth);
|
||||||
|
+
|
||||||
|
+ puts (store ? " return;" :
|
||||||
|
" printk (\" ---> %ld\\n\", (unsigned long) value);\n"
|
||||||
|
" return;");
|
||||||
|
|
||||||
|
diff --git a/loc2c.c b/loc2c.c
|
||||||
|
index 5d6b549..0716c7d 100644
|
||||||
|
--- a/loc2c.c
|
||||||
|
+++ b/loc2c.c
|
||||||
|
@@ -2071,7 +2071,8 @@ emit_loc_address (FILE *out, struct location *loc, unsigned int indent,
|
||||||
|
assign it to an address-sized value. */
|
||||||
|
static void
|
||||||
|
emit_loc_value (FILE *out, struct location *loc, unsigned int indent,
|
||||||
|
- const char *target, bool declare)
|
||||||
|
+ const char *target, bool declare,
|
||||||
|
+ bool *used_deref, unsigned int *max_stack)
|
||||||
|
{
|
||||||
|
if (declare)
|
||||||
|
emit ("%*s%s %s;\n", indent * 2, "", STACK_TYPE, target);
|
||||||
|
@@ -2091,6 +2092,9 @@ emit_loc_value (FILE *out, struct location *loc, unsigned int indent,
|
||||||
|
case loc_address:
|
||||||
|
case loc_value:
|
||||||
|
emit_loc_address (out, loc, indent, target);
|
||||||
|
+ *used_deref = *used_deref || loc->address.used_deref;
|
||||||
|
+ if (loc->address.stack_depth > *max_stack)
|
||||||
|
+ *max_stack = loc->address.stack_depth;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -2098,7 +2102,8 @@ emit_loc_value (FILE *out, struct location *loc, unsigned int indent,
|
||||||
|
}
|
||||||
|
|
||||||
|
bool
|
||||||
|
-c_emit_location (FILE *out, struct location *loc, int indent)
|
||||||
|
+c_emit_location (FILE *out, struct location *loc, int indent,
|
||||||
|
+ unsigned int *max_stack)
|
||||||
|
{
|
||||||
|
emit ("%*s{\n", indent * 2, "");
|
||||||
|
|
||||||
|
@@ -2134,9 +2139,11 @@ c_emit_location (FILE *out, struct location *loc, int indent)
|
||||||
|
}
|
||||||
|
|
||||||
|
bool deref = false;
|
||||||
|
+ *max_stack = 0;
|
||||||
|
|
||||||
|
if (loc->frame_base != NULL)
|
||||||
|
- emit_loc_value (out, loc->frame_base, indent, "frame_base", true);
|
||||||
|
+ emit_loc_value (out, loc->frame_base, indent, "frame_base", true,
|
||||||
|
+ &deref, max_stack);
|
||||||
|
|
||||||
|
for (; loc->next != NULL; loc = loc->next)
|
||||||
|
switch (loc->type)
|
||||||
|
@@ -2144,8 +2151,7 @@ c_emit_location (FILE *out, struct location *loc, int indent)
|
||||||
|
case loc_address:
|
||||||
|
case loc_value:
|
||||||
|
/* Emit the program fragment to calculate the address. */
|
||||||
|
- emit_loc_value (out, loc, indent + 1, "addr", false);
|
||||||
|
- deref = deref || loc->address.used_deref;
|
||||||
|
+ emit_loc_value (out, loc, indent + 1, "addr", false, &deref, max_stack);
|
||||||
|
break;
|
||||||
|
|
||||||
|
case loc_fragment:
|
||||||
|
@@ -2172,6 +2178,9 @@ c_emit_location (FILE *out, struct location *loc, int indent)
|
||||||
|
|
||||||
|
emit ("%s%*s}\n", loc->address.program, indent * 2, "");
|
||||||
|
|
||||||
|
+ if (loc->address.stack_depth > *max_stack)
|
||||||
|
+ *max_stack = loc->address.stack_depth;
|
||||||
|
+
|
||||||
|
return deref || loc->address.used_deref;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/loc2c.h b/loc2c.h
|
||||||
|
index becf2d8..45d9382 100644
|
||||||
|
--- a/loc2c.h
|
||||||
|
+++ b/loc2c.h
|
||||||
|
@@ -112,6 +112,7 @@ struct location *c_translate_argument (struct obstack *,
|
||||||
|
|
||||||
|
Writes complete lines of C99, code forming a complete C block, to STREAM.
|
||||||
|
Return value is true iff that code uses the `deref' runtime macros. */
|
||||||
|
-bool c_emit_location (FILE *stream, struct location *loc, int indent);
|
||||||
|
+bool c_emit_location (FILE *stream, struct location *loc, int indent,
|
||||||
|
+ unsigned int *max_stack);
|
||||||
|
|
||||||
|
/* vim: set sw=2 ts=8 cino=>4,n-2,{2,^-2,t0,(0,u0,w1,M1 : */
|
||||||
|
|
75
systemtap-CVE-limit-printf-arguments.patch
Normal file
75
systemtap-CVE-limit-printf-arguments.patch
Normal file
@ -0,0 +1,75 @@
|
|||||||
|
From: Jan Lieskovsky <jlieskov@redhat.com>
|
||||||
|
Subject: Three SystemTap-1.0 denial of service issues
|
||||||
|
References: CVE-2009-2911, BNC#548361
|
||||||
|
Upstream: yes
|
||||||
|
|
||||||
|
Three denial of service flaws were found in the SystemTap
|
||||||
|
instrumentation system of version 1.0, when the --unprivileged mode was
|
||||||
|
activated:
|
||||||
|
|
||||||
|
a, Kernel stack overflow allows local attackers to cause denial of service or
|
||||||
|
execute arbitrary code via long number of parameters, provided to the print*
|
||||||
|
call.
|
||||||
|
|
||||||
|
diff --git a/buildrun.cxx b/buildrun.cxx
|
||||||
|
index 100cbc4..c86a442 100644
|
||||||
|
--- a/buildrun.cxx
|
||||||
|
+++ b/buildrun.cxx
|
||||||
|
@@ -200,6 +200,9 @@ compile_pass (systemtap_session& s)
|
||||||
|
|
||||||
|
// o << "CFLAGS += -fno-unit-at-a-time" << endl;
|
||||||
|
|
||||||
|
+ // 512 bytes should be enough for anybody
|
||||||
|
+ o << "EXTRA_CFLAGS += $(call cc-option,-Wframe-larger-than=512)" << endl;
|
||||||
|
+
|
||||||
|
// Assumes linux 2.6 kbuild
|
||||||
|
o << "EXTRA_CFLAGS += -Wno-unused -Werror" << endl;
|
||||||
|
#if CHECK_POINTER_ARITH_PR5947
|
||||||
|
diff --git a/testsuite/transko/varargs.stp b/testsuite/transko/varargs.stp
|
||||||
|
new file mode 100755
|
||||||
|
index 0000000..f38309a
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/testsuite/transko/varargs.stp
|
||||||
|
@@ -0,0 +1,10 @@
|
||||||
|
+#! stap -p3
|
||||||
|
+
|
||||||
|
+probe begin {
|
||||||
|
+ // PR10750 enforces at most 32 print args
|
||||||
|
+ println(1, 2, 3, 4, 5, 6, 7, 8,
|
||||||
|
+ 9, 10, 11, 12, 13, 14, 15, 16,
|
||||||
|
+ 17, 18, 19, 20, 21, 22, 23, 24,
|
||||||
|
+ 25, 26, 27, 28, 29, 30, 31, 32,
|
||||||
|
+ 33)
|
||||||
|
+}
|
||||||
|
diff --git a/testsuite/transok/varargs.stp b/testsuite/transok/varargs.stp
|
||||||
|
new file mode 100755
|
||||||
|
index 0000000..216166f
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/testsuite/transok/varargs.stp
|
||||||
|
@@ -0,0 +1,9 @@
|
||||||
|
+#! stap -p3
|
||||||
|
+
|
||||||
|
+probe begin {
|
||||||
|
+ // PR10750 enforces at most 32 print args
|
||||||
|
+ println(1, 2, 3, 4, 5, 6, 7, 8,
|
||||||
|
+ 9, 10, 11, 12, 13, 14, 15, 16,
|
||||||
|
+ 17, 18, 19, 20, 21, 22, 23, 24,
|
||||||
|
+ 25, 26, 27, 28, 29, 30, 31, 32)
|
||||||
|
+}
|
||||||
|
diff --git a/translate.cxx b/translate.cxx
|
||||||
|
index 04a9247..c73a5bd 100644
|
||||||
|
--- a/translate.cxx
|
||||||
|
+++ b/translate.cxx
|
||||||
|
@@ -4151,6 +4151,11 @@ c_unparser::visit_print_format (print_format* e)
|
||||||
|
{
|
||||||
|
stmt_expr block(*this);
|
||||||
|
|
||||||
|
+ // PR10750: Enforce a reasonable limit on # of varargs
|
||||||
|
+ // 32 varargs leads to max 256 bytes on the stack
|
||||||
|
+ if (e->args.size() > 32)
|
||||||
|
+ throw semantic_error("too many arguments to print", e->tok);
|
||||||
|
+
|
||||||
|
// Compute actual arguments
|
||||||
|
vector<tmpvar> tmp;
|
||||||
|
|
||||||
|
|
193
systemtap-CVE-unwind-table-size-checks.patch
Normal file
193
systemtap-CVE-unwind-table-size-checks.patch
Normal file
@ -0,0 +1,193 @@
|
|||||||
|
From: Jan Lieskovsky <jlieskov@redhat.com>
|
||||||
|
Subject: Three SystemTap-1.0 denial of service issues
|
||||||
|
References: CVE-2009-2911, BNC#548361
|
||||||
|
Upstream: yes
|
||||||
|
|
||||||
|
Three denial of service flaws were found in the SystemTap
|
||||||
|
instrumentation system of version 1.0, when the --unprivileged mode was
|
||||||
|
activated:
|
||||||
|
|
||||||
|
c, Absent check(s) for the upper bound of the size of the unwind table
|
||||||
|
and for the upper bound of the size of each of the CIE/CFI records, could
|
||||||
|
allow an attacker to cause a denial of service (infinite loop).
|
||||||
|
|
||||||
|
diff --git a/runtime/unwind.c b/runtime/unwind.c
|
||||||
|
index 00108a3..7607770 100644
|
||||||
|
--- a/runtime/unwind.c
|
||||||
|
+++ b/runtime/unwind.c
|
||||||
|
@@ -88,7 +88,7 @@ static sleb128_t get_sleb128(const u8 **pcur, const u8 *end)
|
||||||
|
|
||||||
|
/* given an FDE, find its CIE */
|
||||||
|
static const u32 *cie_for_fde(const u32 *fde, void *unwind_data,
|
||||||
|
- int is_ehframe)
|
||||||
|
+ uint32_t table_len, int is_ehframe)
|
||||||
|
{
|
||||||
|
const u32 *cie;
|
||||||
|
|
||||||
|
@@ -118,6 +118,11 @@ static const u32 *cie_for_fde(const u32 *fde, void *unwind_data,
|
||||||
|
else
|
||||||
|
cie = unwind_data + fde[1];
|
||||||
|
|
||||||
|
+ /* Make sure address falls in the table */
|
||||||
|
+ if (((void *)cie) < ((void*)unwind_data)
|
||||||
|
+ || ((void*)cie) > ((void*)(unwind_data + table_len)))
|
||||||
|
+ return NULL;
|
||||||
|
+
|
||||||
|
if (*cie <= sizeof(*cie) + 4 || *cie >= fde[1] - sizeof(*fde)
|
||||||
|
|| (*cie & (sizeof(*cie) - 1))
|
||||||
|
|| (cie[1] != 0xffffffff && cie[1] != 0)) {
|
||||||
|
@@ -200,7 +205,8 @@ static unsigned long read_pointer(const u8 **pLoc, const void *end, signed ptrTy
|
||||||
|
return value;
|
||||||
|
}
|
||||||
|
|
||||||
|
-static signed fde_pointer_type(const u32 *cie)
|
||||||
|
+static signed fde_pointer_type(const u32 *cie, void *unwind_data,
|
||||||
|
+ uint32_t table_len)
|
||||||
|
{
|
||||||
|
const u8 *ptr = (const u8 *)(cie + 2);
|
||||||
|
unsigned version = *ptr;
|
||||||
|
@@ -212,11 +218,16 @@ static signed fde_pointer_type(const u32 *cie)
|
||||||
|
const u8 *end = (const u8 *)(cie + 1) + *cie;
|
||||||
|
uleb128_t len;
|
||||||
|
|
||||||
|
+ /* end of cie should fall within unwind table. */
|
||||||
|
+ if (((void*)end) < ((void *)unwind_data)
|
||||||
|
+ || ((void *)end) > ((void *)(unwind_data + table_len)))
|
||||||
|
+ return -1;
|
||||||
|
+
|
||||||
|
/* check if augmentation size is first (and thus present) */
|
||||||
|
if (*ptr != 'z')
|
||||||
|
return -1;
|
||||||
|
/* check if augmentation string is nul-terminated */
|
||||||
|
- if ((ptr = memchr(aug = (const void *)ptr, 0, end - ptr)) == NULL)
|
||||||
|
+ if ((ptr = memchr(aug = (const void *)ptr, 0, end - ptr)) == NULL)
|
||||||
|
return -1;
|
||||||
|
++ptr; /* skip terminator */
|
||||||
|
get_uleb128(&ptr, end); /* skip code alignment */
|
||||||
|
@@ -267,6 +278,10 @@ static void set_rule(uleb128_t reg, enum item_location where, uleb128_t value, s
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+/* Limit the number of instructions we process. Arbitrary limit.
|
||||||
|
+ 512 should be enough for anybody... */
|
||||||
|
+#define MAX_CFI 512
|
||||||
|
+
|
||||||
|
static int processCFI(const u8 *start, const u8 *end, unsigned long targetLoc, signed ptrType, struct unwind_state *state)
|
||||||
|
{
|
||||||
|
union {
|
||||||
|
@@ -276,6 +291,9 @@ static int processCFI(const u8 *start, const u8 *end, unsigned long targetLoc, s
|
||||||
|
} ptr;
|
||||||
|
int result = 1;
|
||||||
|
|
||||||
|
+ if (end - start > MAX_CFI)
|
||||||
|
+ return 0;
|
||||||
|
+
|
||||||
|
dbug_unwind(1, "targetLoc=%lx state->loc=%lx\n", targetLoc, state->loc);
|
||||||
|
if (start != state->cieStart) {
|
||||||
|
state->loc = state->org;
|
||||||
|
@@ -606,10 +624,10 @@ static int unwind_frame(struct unwind_frame_info *frame,
|
||||||
|
|
||||||
|
/* found the fde, now set startLoc and endLoc */
|
||||||
|
if (fde != NULL) {
|
||||||
|
- cie = cie_for_fde(fde, table, is_ehframe);
|
||||||
|
+ cie = cie_for_fde(fde, table, table_len, is_ehframe);
|
||||||
|
if (likely(cie != NULL && cie != &bad_cie && cie != ¬_fde)) {
|
||||||
|
ptr = (const u8 *)(fde + 2);
|
||||||
|
- ptrType = fde_pointer_type(cie);
|
||||||
|
+ ptrType = fde_pointer_type(cie, table, table_len);
|
||||||
|
startLoc = read_pointer(&ptr, (const u8 *)(fde + 1) + *fde, ptrType);
|
||||||
|
startLoc = adjustStartLoc(startLoc, m, s, ptrType, is_ehframe);
|
||||||
|
|
||||||
|
@@ -632,12 +650,12 @@ static int unwind_frame(struct unwind_frame_info *frame,
|
||||||
|
for (fde = table, tableSize = table_len; cie = NULL, tableSize > sizeof(*fde)
|
||||||
|
&& tableSize - sizeof(*fde) >= *fde; tableSize -= sizeof(*fde) + *fde, fde += 1 + *fde / sizeof(*fde)) {
|
||||||
|
dbug_unwind(3, "fde=%lx tableSize=%d\n", (long)*fde, (int)tableSize);
|
||||||
|
- cie = cie_for_fde(fde, table, is_ehframe);
|
||||||
|
+ cie = cie_for_fde(fde, table, table_len, is_ehframe);
|
||||||
|
if (cie == &bad_cie) {
|
||||||
|
cie = NULL;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
- if (cie == NULL || cie == ¬_fde || (ptrType = fde_pointer_type(cie)) < 0)
|
||||||
|
+ if (cie == NULL || cie == ¬_fde || (ptrType = fde_pointer_type(cie, table, table_len)) < 0)
|
||||||
|
continue;
|
||||||
|
|
||||||
|
ptr = (const u8 *)(fde + 2);
|
||||||
|
@@ -666,6 +684,12 @@ static int unwind_frame(struct unwind_frame_info *frame,
|
||||||
|
state.cieEnd = ptr; /* keep here temporarily */
|
||||||
|
ptr = (const u8 *)(cie + 2);
|
||||||
|
end = (const u8 *)(cie + 1) + *cie;
|
||||||
|
+
|
||||||
|
+ /* end should fall within unwind table. */
|
||||||
|
+ if (((void *)end) < table
|
||||||
|
+ || ((void *)end) > ((void *)(table + table_len)))
|
||||||
|
+ goto err;
|
||||||
|
+
|
||||||
|
frame->call_frame = 1;
|
||||||
|
if ((state.version = *ptr) != 1) {
|
||||||
|
dbug_unwind(1, "CIE version number is %d. 1 is supported.\n", state.version);
|
||||||
|
@@ -723,6 +747,11 @@ static int unwind_frame(struct unwind_frame_info *frame,
|
||||||
|
state.cieEnd = end;
|
||||||
|
end = (const u8 *)(fde + 1) + *fde;
|
||||||
|
|
||||||
|
+ /* end should fall within unwind table. */
|
||||||
|
+ if (((void*)end) < table
|
||||||
|
+ || ((void *)end) > ((void *)(table + table_len)))
|
||||||
|
+ goto err;
|
||||||
|
+
|
||||||
|
/* skip augmentation */
|
||||||
|
if (((const char *)(cie + 2))[1] == 'z') {
|
||||||
|
uleb128_t augSize = get_uleb128(&ptr, end);
|
||||||
|
diff --git a/runtime/unwind/unwind.h b/runtime/unwind/unwind.h
|
||||||
|
index 285a3a3..023ea60 100644
|
||||||
|
--- a/runtime/unwind/unwind.h
|
||||||
|
+++ b/runtime/unwind/unwind.h
|
||||||
|
@@ -143,8 +143,10 @@ static unsigned long read_pointer(const u8 **pLoc,
|
||||||
|
const void *end,
|
||||||
|
signed ptrType);
|
||||||
|
static const u32 bad_cie, not_fde;
|
||||||
|
-static const u32 *cie_for_fde(const u32 *fde, void *table, int is_ehframe);
|
||||||
|
-static signed fde_pointer_type(const u32 *cie);
|
||||||
|
+static const u32 *cie_for_fde(const u32 *fde, void *table,
|
||||||
|
+ uint32_t table_len, int is_ehframe);
|
||||||
|
+static signed fde_pointer_type(const u32 *cie,
|
||||||
|
+ void *table, uint32_t table_len);
|
||||||
|
|
||||||
|
|
||||||
|
#endif /* STP_USE_DWARF_UNWINDER */
|
||||||
|
diff --git a/translate.cxx b/translate.cxx
|
||||||
|
index bc5d615..9d456bc 100644
|
||||||
|
--- a/translate.cxx
|
||||||
|
+++ b/translate.cxx
|
||||||
|
@@ -29,6 +29,11 @@ extern "C" {
|
||||||
|
#include <elfutils/libdwfl.h>
|
||||||
|
}
|
||||||
|
|
||||||
|
+// Max unwind table size (debug or eh) per module. Somewhat arbitrary
|
||||||
|
+// limit (a bit more than twice the .debug_frame size of my local
|
||||||
|
+// vmlinux for 2.6.31.4-83.fc12.x86_64)
|
||||||
|
+#define MAX_UNWIND_TABLE_SIZE (3 * 1024 * 1024)
|
||||||
|
+
|
||||||
|
using namespace std;
|
||||||
|
|
||||||
|
struct var;
|
||||||
|
@@ -4785,6 +4790,9 @@ dump_unwindsyms (Dwfl_Module *m,
|
||||||
|
get_unwind_data (m, &debug_frame, &eh_frame, &debug_len, &eh_len, &eh_addr);
|
||||||
|
if (debug_frame != NULL && debug_len > 0)
|
||||||
|
{
|
||||||
|
+ if (debug_len > MAX_UNWIND_TABLE_SIZE)
|
||||||
|
+ throw semantic_error ("module debug unwind table size too big");
|
||||||
|
+
|
||||||
|
c->output << "#if defined(STP_USE_DWARF_UNWINDER) && defined(STP_NEED_UNWIND_DATA)\n";
|
||||||
|
c->output << "static uint8_t _stp_module_" << stpmod_idx
|
||||||
|
<< "_debug_frame[] = \n";
|
||||||
|
@@ -4802,6 +4810,9 @@ dump_unwindsyms (Dwfl_Module *m,
|
||||||
|
|
||||||
|
if (eh_frame != NULL && eh_len > 0)
|
||||||
|
{
|
||||||
|
+ if (eh_len > MAX_UNWIND_TABLE_SIZE)
|
||||||
|
+ throw semantic_error ("module eh unwind table size too big");
|
||||||
|
+
|
||||||
|
c->output << "#if defined(STP_USE_DWARF_UNWINDER) && defined(STP_NEED_UNWIND_DATA)\n";
|
||||||
|
c->output << "static uint8_t _stp_module_" << stpmod_idx
|
||||||
|
<< "_eh_frame[] = \n";
|
@ -1,3 +1,13 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Dec 2 23:52:10 UTC 2009 - tonyj@novell.com
|
||||||
|
|
||||||
|
- Minor changes to spec file
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Oct 2 18:57:14 CEST 2009 - tonyj@suse.de
|
||||||
|
|
||||||
|
- updated to version 1.0. See systemtap.changes for full changelog.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Jul 21 08:47:33 CEST 2009 - tiwai@suse.de
|
Tue Jul 21 08:47:33 CEST 2009 - tiwai@suse.de
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# spec file for package systemtap-docs (Version 0.9.9)
|
# spec file for package systemtap-docs (Version 1.0)
|
||||||
#
|
#
|
||||||
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||||
#
|
#
|
||||||
@ -27,8 +27,8 @@ BuildRequires: fop
|
|||||||
BuildRequires: latex2html
|
BuildRequires: latex2html
|
||||||
%endif
|
%endif
|
||||||
%define use_snapshot 0
|
%define use_snapshot 0
|
||||||
License: GPL v2 or later
|
License: GPLv2+
|
||||||
Version: 0.9.9
|
Version: 1.0
|
||||||
Release: 1
|
Release: 1
|
||||||
Summary: Documents and examples for systemtap
|
Summary: Documents and examples for systemtap
|
||||||
Group: Development/Tools/Debuggers
|
Group: Development/Tools/Debuggers
|
||||||
@ -40,8 +40,7 @@ Url: http://sourceware.org/systemtap/
|
|||||||
%endif
|
%endif
|
||||||
Source: ftp://sources.redhat.com/pub/systemtap/snapshots/systemtap-%{package_version}.tar.bz2
|
Source: ftp://sources.redhat.com/pub/systemtap/snapshots/systemtap-%{package_version}.tar.bz2
|
||||||
Patch: systemtap-docdir-fix.diff
|
Patch: systemtap-docdir-fix.diff
|
||||||
# Patch2: systemtap-ioblock-suse-kernel-fix.diff
|
Patch2: systemtap-xmlto-fop.diff
|
||||||
Patch3: systemtap-xmlto-fop.diff
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
|
|
||||||
@ -65,9 +64,8 @@ Authors:
|
|||||||
%setup -n systemtap-%{package_version} -q
|
%setup -n systemtap-%{package_version} -q
|
||||||
%endif
|
%endif
|
||||||
%patch -p1
|
%patch -p1
|
||||||
# %patch2
|
|
||||||
%if %suse_version > 1030
|
%if %suse_version > 1030
|
||||||
%patch3 -p1
|
%patch2 -p1
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
--- tapset/ioblock.stp-dist 2008-12-05 08:14:19.000000000 +0100
|
--- a/tapset/ioblock.stp-dist 2008-12-05 08:14:19.000000000 +0100
|
||||||
+++ tapset/ioblock.stp 2008-12-05 08:14:27.000000000 +0100
|
+++ b/tapset/ioblock.stp 2008-12-05 08:14:27.000000000 +0100
|
||||||
@@ -122,7 +122,7 @@
|
@@ -122,7 +122,7 @@
|
||||||
vcnt = $bio->bi_vcnt
|
vcnt = $bio->bi_vcnt
|
||||||
idx = $bio->bi_idx
|
idx = $bio->bi_idx
|
||||||
|
@ -1,3 +1,38 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Dec 2 23:51:24 UTC 2009 - tonyj@novell.com
|
||||||
|
|
||||||
|
- Fixes for CVE-2009-2911, BNC#548361
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Oct 2 18:57:14 CEST 2009 - tonyj@suse.de
|
||||||
|
|
||||||
|
- updated to version 1.0:
|
||||||
|
* SystemTap frontend (stap) changes
|
||||||
|
- EXPERIMENTAL support for unprivileged users.
|
||||||
|
- -a ARCH allows cross compiling of scripts, stap-start-server arguments
|
||||||
|
extended to support starting a cross compiling server
|
||||||
|
- Change notion of architecture to be same as kernels
|
||||||
|
- Support output file switching by SIGUSR2
|
||||||
|
- New experimental transport mechanism using ftrace's ring_buffer
|
||||||
|
- Reduction in memory consumption for scripts using many uprobes
|
||||||
|
- Support for recognizing DW_OP_{stack,implicit}_value DWARF expressions
|
||||||
|
* SystemTap script language changes
|
||||||
|
- Dwarf probes now support C++ scopes and so can be limited to classes or
|
||||||
|
namespaces.
|
||||||
|
- Preprocessor support for || and &&
|
||||||
|
- Probe alias names may be overloaded (multiple aliases of same name)
|
||||||
|
* SystemTap tapset changes
|
||||||
|
- Enabling semaphore now used to reduce computation overhead of dorman
|
||||||
|
process().mark() probes.
|
||||||
|
- Many functions marked as usable by unprivileged users (return global info
|
||||||
|
or specific to user process).
|
||||||
|
- New netdev tapset probe points for monitoring network traffic and device
|
||||||
|
configurations.
|
||||||
|
- New task_backtrace function returns the current hex backtrace of any
|
||||||
|
arbitrary task in the system.
|
||||||
|
- Function is_myproc returns whether the current process is owned by user
|
||||||
|
which started systemtap script.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Aug 13 15:55:14 CEST 2009 - tiwai@suse.de
|
Thu Aug 13 15:55:14 CEST 2009 - tiwai@suse.de
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# spec file for package systemtap (Version 0.9.9)
|
# spec file for package systemtap (Version 1.0)
|
||||||
#
|
#
|
||||||
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||||
#
|
#
|
||||||
@ -22,8 +22,8 @@ Name: systemtap
|
|||||||
BuildRequires: gcc-c++ glib2-devel libcap-devel libebl-devel pkg-config sqlite-devel
|
BuildRequires: gcc-c++ glib2-devel libcap-devel libebl-devel pkg-config sqlite-devel
|
||||||
BuildRequires: mozilla-nspr-devel mozilla-nss-devel mozilla-nss-tools
|
BuildRequires: mozilla-nspr-devel mozilla-nss-devel mozilla-nss-tools
|
||||||
%define use_snapshot 0
|
%define use_snapshot 0
|
||||||
License: GPL v2 or later
|
License: GPLv2+
|
||||||
Version: 0.9.9
|
Version: 1.0
|
||||||
Release: 1
|
Release: 1
|
||||||
Summary: Instrumentation System
|
Summary: Instrumentation System
|
||||||
Group: Development/Tools/Debuggers
|
Group: Development/Tools/Debuggers
|
||||||
@ -38,7 +38,9 @@ Url: http://sourceware.org/systemtap/
|
|||||||
Source: ftp://sources.redhat.com/pub/systemtap/snapshots/systemtap-%{package_version}.tar.bz2
|
Source: ftp://sources.redhat.com/pub/systemtap/snapshots/systemtap-%{package_version}.tar.bz2
|
||||||
Patch: systemtap-docdir-fix.diff
|
Patch: systemtap-docdir-fix.diff
|
||||||
Patch2: systemtap-ioblock-suse-kernel-fix.diff
|
Patch2: systemtap-ioblock-suse-kernel-fix.diff
|
||||||
# Patch3: systemtap-xmlto-fop.diff
|
Patch3: systemtap-CVE-limit-dwarf-expression-stack-size.patch
|
||||||
|
Patch4: systemtap-CVE-limit-printf-arguments.patch
|
||||||
|
Patch5: systemtap-CVE-unwind-table-size-checks.patch
|
||||||
Requires: libebl1
|
Requires: libebl1
|
||||||
Requires: %{name}-runtime = %{version}-%{release}
|
Requires: %{name}-runtime = %{version}-%{release}
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
@ -58,7 +60,7 @@ Authors:
|
|||||||
Tom Zanussi <zanussi@us.ibm.com>
|
Tom Zanussi <zanussi@us.ibm.com>
|
||||||
|
|
||||||
%package runtime
|
%package runtime
|
||||||
License: GPL v2 or later
|
License: GPLv2+
|
||||||
Group: Development/Tools/Debuggers
|
Group: Development/Tools/Debuggers
|
||||||
Summary: Runtime environment for systemtap
|
Summary: Runtime environment for systemtap
|
||||||
|
|
||||||
@ -76,7 +78,7 @@ Authors:
|
|||||||
Tom Zanussi <zanussi@us.ibm.com>
|
Tom Zanussi <zanussi@us.ibm.com>
|
||||||
|
|
||||||
%package client
|
%package client
|
||||||
License: GPL v2 or later
|
License: GPLv2+
|
||||||
Group: Development/Tools/Debuggers
|
Group: Development/Tools/Debuggers
|
||||||
Summary: Systemtap client
|
Summary: Systemtap client
|
||||||
Requires: %{name}-runtime = %{version}-%{release}
|
Requires: %{name}-runtime = %{version}-%{release}
|
||||||
@ -95,7 +97,7 @@ Authors:
|
|||||||
Tom Zanussi <zanussi@us.ibm.com>
|
Tom Zanussi <zanussi@us.ibm.com>
|
||||||
|
|
||||||
%package server
|
%package server
|
||||||
License: GPL v2 or later
|
License: GPLv2+
|
||||||
Group: Development/Tools/Debuggers
|
Group: Development/Tools/Debuggers
|
||||||
Summary: Systemtap server
|
Summary: Systemtap server
|
||||||
Requires: %{name} = %{version}-%{release}
|
Requires: %{name} = %{version}-%{release}
|
||||||
@ -114,7 +116,7 @@ Authors:
|
|||||||
Tom Zanussi <zanussi@us.ibm.com>
|
Tom Zanussi <zanussi@us.ibm.com>
|
||||||
|
|
||||||
%package sdt-devel
|
%package sdt-devel
|
||||||
License: GPL v2 or later
|
License: GPLv2+
|
||||||
Group: Development/Tools/Debuggers
|
Group: Development/Tools/Debuggers
|
||||||
Summary: Static probe support tools
|
Summary: Static probe support tools
|
||||||
Requires: %{name} = %{version}-%{release}
|
Requires: %{name} = %{version}-%{release}
|
||||||
@ -139,10 +141,10 @@ Authors:
|
|||||||
%setup -n %{name}-%{package_version} -q
|
%setup -n %{name}-%{package_version} -q
|
||||||
%endif
|
%endif
|
||||||
%patch -p1
|
%patch -p1
|
||||||
%patch2
|
%patch2 -p1
|
||||||
# %if %suse_version > 1030
|
%patch3 -p1
|
||||||
# %patch3 -p1
|
%patch4 -p1
|
||||||
# %endif
|
%patch5 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
autoreconf -fi
|
autoreconf -fi
|
||||||
@ -197,6 +199,7 @@ rm -rf ${RPM_BUILD_ROOT}
|
|||||||
%{_bindir}/stap-authorize*
|
%{_bindir}/stap-authorize*
|
||||||
%{_bindir}/stap-env
|
%{_bindir}/stap-env
|
||||||
%{_bindir}/stap-gen-cert
|
%{_bindir}/stap-gen-cert
|
||||||
|
%{_bindir}/stap-sign-module
|
||||||
%{_mandir}/man8/stap-server.*
|
%{_mandir}/man8/stap-server.*
|
||||||
|
|
||||||
%files sdt-devel
|
%files sdt-devel
|
||||||
|
Loading…
Reference in New Issue
Block a user