Install and use Systemtap on Ubuntu

Install and use Systemtap on Ubuntu

Since I recently started to learn Nginx on Ubuntu, I saw someone on the Internet introducing a powerful kernel detection tool Systemtap, so I am ready to learn this tool to prepare for future code analysis.

The first step is install. It also took some effort to install it on your computer. Therefore, in order to prevent future installation, we hope that we can help people who want to learn more, and write a blog here to make a record.

The installation steps are as follows:

(0) install elfutils, provide library functions for analyzing debugging information, and libcap-dev.

With the help of Ubuntu's powerful package manager, you can easily install it as follows:

Sudo apt-get install elfutils

Sudo apt-get install libcap-dev

(1) install systemtap.

With the help of Ubuntu's powerful package manager, you can easily install it as follows:

Sudo apt-get install systemtap

To uninstall the SDK, run the following command:

Sudo apt-get remove systemtap

You can also install through the source code,: https://sourceware.org/systemtap/ftp/releases. Decompress the package and enter the root directory. Run the following command:

./Configure
Make
Sudo make instal

If you need to uninstall it later, go to the root directory and execute the following command:

Sudo make uninstall

(2) install debug symbols.

1) Configure ddeb repository.

Sudo cat>/etc/apt/sources. list. d/ddebs. list <EOF
Deb http://ddebs.ubuntu.com/precise main restricted universe multiverse
EOF

Sudo apt-key adv -- keyserver keyserver.ubuntu.com -- recv-keys ECDCAD72428D7C01
Sudo apt-get update

You can add a repository address directly to the ddebs. list file.

2) After adding repository, download the debug symbols corresponding to your current kernel version. Here I recommend a foreign friend to write the script, write very well, blog Link (http://www.domaigne.com/blog/random/getting-debug-kernel-on-ubuntu/), interested can go to learning. To reduce errors, use the script here to download and install them:

Wget http://www.domaigne.com/download/tools/get-dbgsym

Chmod + x get-dbgsym

Sudo./get-dbgsy

After executing the script, you can do other things, because it may take a long time.

3) generate the module information required by systemtap/libelf. Put the following command into debug_ko.sh:

For file in 'Find/usr/lib/debug-name' *. ko '-print'
Do
Buildid = 'EU-readelf-n $ file | grep Build. ID: | awk '{print $3 }''
Dir = 'echo $ buildid | cut-C1-2'
Fn = 'echo $ buildid | cut-c3 -'
Mkdir-p/usr/lib/debug/. build-id/$ dir
Ln-s $ file/usr/lib/debug/. build-id/$ dir/$ fn
Ln-s $ file/usr/lib/debug/. build-id/$ dir/$ {fn}. debug
Done

Then execute the file:

Sudo./debug_ko.sh

(4) test whether the installation is successful. Run the following command:

Stap-e 'probe kernel. function ("sys_open") {log ("hello world") exit ()}'

If "hello world" is printed on the terminal, the installation is successful. If not, continue.

(5) If the installation is still unavailable after the above steps are followed, please refer to the following scenarios for additional information.

1) if the command in (4) is executed, the terminal prints the following information:

Stap: Symbol 'ssl _ ImplementedCiphers 'has different size in shared object, consider re-linking
In file encoded ded from include/linux/mutex. h: 15: 0,
From/tmp/staphH2yQD/stap_6e022ad97cbe9c6f46b582f7a0eac81d_1242_src.c: 25:
Include/linux/spinlock_types.h: 55: 14: error: '_ ARCH_SPIN_LOCK_UNLOCKED' undeclared here (not in a function)
. Raw_lock = _ ARCH_SPIN_LOCK_UNLOCKED ,\
^
Include/linux/spinlock_types.h: 79: 15: note: in expansion of macro '_ RAW_SPIN_LOCK_INITIALIZER'
{. Rlock = _ RAW_SPIN_LOCK_INITIALIZER (lockname )}}
^
Include/linux/spinlock_types.h: 82: 16: note: in expansion of macro '_ SPIN_LOCK_INITIALIZER'
(Spinlock_t) _ SPIN_LOCK_INITIALIZER (lockname)
^
Include/linux/mutex. h: 111: 18: note: in expansion of macro '_ SPIN_LOCK_UNLOCKED'
,. Wait_lock = _ SPIN_LOCK_UNLOCKED (lockname. wait_lock )\
^
Include/linux/mutex. h: 117: 27: note: in expansion of macro '_ MUTEX_INITIALIZER'
Struct mutex mutexname = _ MUTEX_INITIALIZER (mutexname)
^
/Tmp/staphH2yQD/stap_6e022ad97cbe9c6f46b582f7a0eac81d_1242_src.c: 26: 8: note: in expansion of macro 'define _ MUTEX'
Static DEFINE_MUTEX (module_refresh_mutex );
^
Scripts/Makefile. build: 258: recipe for target '/tmp/staphH2yQD/stap_6e022ad97cbe9c6f46b582f7a0eac81d_1242_src.o' failed
Make [1]: *** [/tmp/staphH2yQD/stap_6e022ad97cbe9c6f46b582f7a0eac81d_1242_src.o] Error 1
Makefile: 1398: recipe for target '_ module _/tmp/staphH2yQD' failed
Make: *** [_ module _/tmp/staphH2yQD] Error 2
WARNING: kbuild exited with status: 2
Pass 4: compilation failed. [man error: pass4]

Some shared libraries need to be re-readlink and run the following command:

Readlink/lib/modules/'uname-R'/build/