forked from h4ck3rm1k3/systemtap
-
Notifications
You must be signed in to change notification settings - Fork 0
/
README
142 lines (107 loc) · 5.3 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
systemtap: a linux trace/probe tool
Visit the project web site at <http://sourceware.org/systemtap>,
for documentation and mailing lists for developers and users.
This is free software.
See the COPYING file for redistribution/modification terms.
See the INSTALL file for generic build instructions.
See the HACKING file for contribution advice.
Prerequisites:
- linux kernel
- kernel module build environment (kernel-devel rpm) and/or dyninst
- optionally, debugging information for kernel/user-space being instrumented
- C compiler (same as what kernel was compiled with)
- elfutils with libdwfl for debugging information parsing
- root privileges
Installation steps:
- Install any debuginfo packages you need, for kernel and/or userspace.
On modern Fedora, # debuginfo-install kernel [...]
(Beware of confusion between kernel vs. kernel-debug vs kernel-PAE etc.
variants. Each likely has a corresponding development and debuginfo
package.)
- Install the systemtap package.
On modern Fedora, # yum install systemtap systemtap-runtime
Build steps:
- Consider installing the kernel-debuginfo, kernel-devel, gcc and
dependent packages (or see below if you are building your own
kernels from source). If using only the pure-userspace dyninst
backend, install gcc and dyninst-devel.
- If available, install your distribution's copy of elfutils and its
development headers/libraries.
Or if desired, download an elfutils source release to build in
"bundled mode" (below), and untar it into some new directory.
Or if desired, build elfutils separately one time, and install
it to /usr/local.
See http://fedorahosted.org/elfutils/
Version 0.151 is recommended for i386 hosts probing prelinked programs.
(PR12141)
- On modern Fedora, install general optional build-requisites:
# yum-builddep systemtap
On modern Debian/Ubuntu, similarly:
# apt-get build-dep systemtap
- Download systemtap sources:
http://sourceware.org/systemtap/ftp/releases/
http://sourceware.org/systemtap/ftp/snapshots/
(or)
git clone git://sourceware.org/git/systemtap.git
(or) http://sourceware.org/git/systemtap.git
- Build systemtap normally:
% .../configure [other autoconf options]
Or, with build it with a bundled internal copy of elfutils:
% .../configure --with-elfutils=ELFUTILS-SOURCE-DIR [other autoconf options]
(Note that elfutils > 0.139 requires gcc > 4.0 or else the
appropriate elfutils-portability.patch. Ensure decompression
library headers/libraries are installed for elfutils' use.)
Consider configuring with "--enable-dejazilla" to automatically
contribute to our public test result database.
Consider configuring with "--prefix=DIRECTORY" to specify an
installation directory other than /usr/local. It can be an ordinary
personal directory.
% make all
# make install
To uninstall systemtap:
# make uninstall
- Run systemtap:
To run systemtap after installation, add $prefix/bin to your $PATH, or
refer to $prefix/bin/stap directly. If you keep your build tree
around, you can also use the "stap" binary there.
Some samples should be available under $prefix/share/doc/systemtap/examples.
For the normal linux-kernel-module based backend, run "stap" as
root. If desired, create "stapdev" and "stapusr" entries in
/etc/groups. Any users in "stapdev"+"stapusr" will be able to run
systemtap as if with root privileges. Users in "stapusr" only may
launch (with "staprun") pre-compiled probe modules (created by "stap
-p4 ...") that a system administrator copied under
/lib/modules/`uname -r`/systemtap. "stapusr" may also be permitted
to create arbitrary unprivileged systemtap scripts of their own.
See README.unprivileged for additional setup instructions.
To run a simple test.
# stap -v -e 'probe vfs.read {printf("read performed\n"); exit()}'
To run the full test suite from the build tree.
# make installcheck
For the prototype dyninst pure-userspace backend, run "stap" as any user.
% stap --runtime=dyninst -e 'probe process.function("*") {
println(pn(), ":", $$parms) }' -c 'ls'
Tips:
- By default, systemtap looks for the debug info in these locations:
/boot/vmlinux-`uname -r`
/usr/lib/debug/lib/modules/`uname -r`/vmlinux
/lib/modules/`uname -r`/vmlinux
/lib/modules/`uname -r`/build/vmlinux
Building a kernel.org kernel:
- Consider applying the utrace kernel patches, if you wish to probe
user-space applications. http://sourceware.org/systemtap/wiki/utrace
Or if your kernel is near 3.5, apply the uprobes and related patches
(see NEWS). Or if your kernel is >= 3.5, enjoy the built-in uprobes.
- Build the kernel using your normal procedures. Enable
CONFIG_DEBUG_INFO, CONFIG_KPROBES, CONFIG_RELAY, CONFIG_DEBUG_FS,
CONFIG_MODULES, CONFIG_MODULE_UNLOAD, CONFIG_UTRACE if able
- % make modules_install install headers_install
- Boot into the kernel.
- If you wish to leave the kernel build tree in place, simply run
% stap -r /path/to/kernel/build/tree [...]
You're done.
- Or else, if you wish to install the kernel build/debuginfo data into
a place where systemtap will find it without the "-r" option:
% ln -s /path/to/kernel/build/tree /lib/modules/RELEASE/build
- Instead of using the "-r" option, you can also use the environment
variable SYSTEMTAP_RELEASE to direct systemtap to the kernel data.