#StackBounty: #debugging #systemtap How to get a parameter of a kernel function and cast void pointer to char in SystemTap?

Bounty: 100

I have a system tap script that probes the kernel function “memcpy”. I want to print the stack trace based on the content of the src buffer which is a void pointer.

My code:

%{
        #include <linux/string.h>
%}
probe begin
{
        printf("Beginn");
}
probe kernel.function("memcpy")
{
        buffer = @cast($src, "char");
        if (isinstr(buffer, "some pattern") != NULL) {
                printf("Foundn");
                print_backtrace();
        }
}

This script gives me an error when I ran the script as follows: “stap -g stacktrace.stp”

unresolved target-symbol expression: identifier ‘$src’

semantic error: type mismatch (string): identifier ‘buffer’ at stacktrace.stp:31:14

 source:         if (isinstr(buffer, "shubham") != NULL) {
                                ^

semantic error: type was first inferred here (long): identifier ‘buffer’ at :30:2

   source:         buffer = @cast($src, "char");
                    ^

Pass 2: analysis failed. [man error::pass2]

I have seen function definition of memcpy in linux kernel code and the parameter is named as src only. I am unable to get the variable name resolved. I tried different names $src, $from, $s, but nothing worked.

The machine’s kernel version is: 3.10.0-514.el7.x86_64 (RHEL 7.3 (Maipo))

The following kernel packages are installed on it:

  • kernel-debuginfo-common-x86_64-3.10.0-514.el7.x86_64
  • kernel-3.10.0-514.el7.x86_64
  • kernel-headers-3.10.0-514.el7.x86_64
  • kernel-debuginfo-3.10.0-514.el7.x86_64
  • kernel-devel-3.10.0-514.el7.x86_64


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.