Install and use Systemtap and unzip tusystemtap on Ubuntu

Install and use Systemtap and unzip tusystemtap on Ubuntu

As I recently started to learn about Nginx, I saw someone on the Internet introducing a powerful kernel detection tool Systemtap, so I was ready to learn this tool to prepare for future code analysis.

The first step is install. It also took some effort to install it on your computer. Therefore, in order to prevent future installation, we hope that we can help people who want to learn more, and write a blog here to make a record.

The installation steps are as follows:

(0) install elfutils, provide library functions for analyzing debugging information, and libcap-dev.

With the help of Ubuntu's powerful package manager, you can easily install it as follows:

sudo apt-get install elfutils

sudo apt-get install  libcap-dev

(1) install systemtap.

With the help of Ubuntu's powerful package manager, you can easily install it as follows:

sudo apt-get install systemtap

To uninstall the SDK, run the following command:

sudo apt-get remove systemtap

You can also install through the source code,: https://sourceware.org/systemtap/ftp/releases. Decompress the package and enter the root directory. Run the following command:

./configuremakesudo make instal

If you need to uninstall it later, go to the root directory and execute the following command:

sudo make uninstall

(2) install debug symbols.

1) Configure ddeb repository.

sudo cat > /etc/apt/sources.list.d/ddebs.list << EOFdeb http://ddebs.ubuntu.com/ precise main restricted universe multiverseEOFsudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys ECDCAD72428D7C01sudo apt-get update

You can add a repository address directly to the ddebs. list file.

2) After adding repository, download the debug symbols corresponding to your current kernel version. Here I recommend a foreign friend to write the script, write very well, blog Link (http://www.domaigne.com/blog/random/getting-debug-kernel-on-ubuntu/), interested can go to learning. To reduce errors, use the script here to download and install them:

wget http://www.domaigne.com/download/tools/get-dbgsymchmod +x get-dbgsym

sudo ./get-dbgsy

After executing the script, you can do other things, because it may take a long time.

3) generate the module information required by systemtap/libelf. Put the following command into debug_ko.sh:

for file in `find /usr/lib/debug -name '*.ko' -print`do        buildid=`eu-readelf -n $file| grep Build.ID: | awk '{print $3}'`        dir=`echo $buildid | cut -c1-2`        fn=`echo $buildid | cut -c3-`        mkdir -p /usr/lib/debug/.build-id/$dir        ln -s $file /usr/lib/debug/.build-id/$dir/$fn        ln -s $file /usr/lib/debug/.build-id/$dir/${fn}.debugdone

Then execute the file:

sudo ./debug_ko.sh

(4) test whether the installation is successful. Run the following command:

stap -e 'probe kernel.function("sys_open") {log("hello world") exit()}'

If "hello world" is printed on the terminal, the installation is successful. If not, continue.

(5) If the installation is still unavailable after the above steps are followed, please refer to the following scenarios for additional information.

1) if the command in (4) is executed, the terminal prints the following information:

stap: Symbol `SSL_ImplementedCiphers' has different size in shared object, consider re-linkingIn file included from include/linux/mutex.h:15:0,                 from /tmp/staphH2yQD/stap_6e022ad97cbe9c6f46b582f7a0eac81d_1242_src.c:25:include/linux/spinlock_types.h:55:14: error: ‘__ARCH_SPIN_LOCK_UNLOCKED’ undeclared here (not in a function)  .raw_lock = __ARCH_SPIN_LOCK_UNLOCKED, \              ^include/linux/spinlock_types.h:79:15: note: in expansion of macro ‘__RAW_SPIN_LOCK_INITIALIZER’  { { .rlock = __RAW_SPIN_LOCK_INITIALIZER(lockname) } }               ^include/linux/spinlock_types.h:82:16: note: in expansion of macro ‘__SPIN_LOCK_INITIALIZER’  (spinlock_t ) __SPIN_LOCK_INITIALIZER(lockname)                ^include/linux/mutex.h:111:18: note: in expansion of macro ‘__SPIN_LOCK_UNLOCKED’   , .wait_lock = __SPIN_LOCK_UNLOCKED(lockname.wait_lock) \                  ^include/linux/mutex.h:117:27: note: in expansion of macro ‘__MUTEX_INITIALIZER’  struct mutex mutexname = __MUTEX_INITIALIZER(mutexname)                           ^/tmp/staphH2yQD/stap_6e022ad97cbe9c6f46b582f7a0eac81d_1242_src.c:26:8: note: in expansion of macro ‘DEFINE_MUTEX’ static DEFINE_MUTEX(module_refresh_mutex);        ^scripts/Makefile.build:258: recipe for target '/tmp/staphH2yQD/stap_6e022ad97cbe9c6f46b582f7a0eac81d_1242_src.o' failedmake[1]: *** [/tmp/staphH2yQD/stap_6e022ad97cbe9c6f46b582f7a0eac81d_1242_src.o] Error 1Makefile:1398: recipe for target '_module_/tmp/staphH2yQD' failedmake: *** [_module_/tmp/staphH2yQD] Error 2WARNING: kbuild exited with status: 2Pass 4: compilation failed.  [man error::pass4]

Some shared libraries need to be re-readlink and run the following command:

readlink /lib/modules/`uname -r`/build/

 

The reference document is as follows:

1. http://www.domaigne.com/blog/random/running-systemtap-on-ubuntu/

2. https://sourceware.org/systemtap/wiki/SystemtapOnUbuntu

3. https://wiki.ubuntu.com/Kernel/Systemtap

[Note] reprint requires my consent and indicate the source: http://www.cnblogs.com/wtb2012/p/5218889.html