lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Thu, 03 Nov 2022 18:01:19 -0400
From:   "Serhei Makarov" <serhei@...hei.io>
To:     systemtap <systemtap@...rceware.org>
Cc:     linux-kernel@...r.kernel.org, lwn@....net
Subject: SystemTap release 4.8

The SystemTap team announces release 4.8

Enhancements to this release include: kernel runtime improvements
on multi-CPU systems, python3 tapset support through python3.11,
tapset and template script for cve livepatching, bpf backend
embedded-code assembler improvements

= Where to get it

  https://sourceware.org/systemtap/ - our project page
  https://sourceware.org/systemtap/ftp/releases/
  https://koji.fedoraproject.org/koji/packageinfo?packageID=615
  git tag release-4.8 (commit b176afb2e49119ef844d193d27b0752a6d84fe8f)

  There have been over 95 commits since the last release.
  There have been 10+ bugs fixed / features added since the last release.

= SystemTap backend changes

- The kernel runtime now uses much less memory when the number of
  "possible CPUs" are way more than the online ones. For example,
  VMWare guests usually have 128 "possible CPUs" while fewer
  CPUs are actually present or online in the guest system.

- The memory allocation size is now irrelevant to the value of
  NR_CPUS of the current kernel. It is only subject to the number
  of "possible CPUs" or "online CPUs".

- CPU hotplug is supported to the extent that there won't be any
  kernel panics or memory corruptions.

= SystemTap frontend (stap) changes

- DWARF-related probes (.function, .statement) now merge DWARF and
  non-DWARF symbol-table based matches, rather than being either-or.

- The bpf backend's embedded-code assembler has been improved to
  support more conventional assembly syntax with named opcodes. The
  opcode names are based on the iovisor bpf-docs documentation at
  https://github.com/iovisor/bpf-docs/blob/master/eBPF.md

= SystemTap tapset changes

- A template cve band-aid script is now included, which demonstrates
  how to use a new 'livepatch.stp' tapset to standardize activation,
  interactive control, and monitoring of systemtap cve band-aids.

- The python3 tapset was extended to support python3 3.9, 3.10, and 3.11.
  See stapprobes(3stap) for further details on probing python functions.

- New tapsets:

  livepatch.stp
  The new tapset for creating security band-aid scripts.

= SystemTap sample scripts

- All 180+ examples can be found at https://sourceware.org/systemtap/examples/

- New sample scripts:

  general/pyexample.stp
  Combined version of the py2example.stp and py3example.stp sample scripts.

  security-band-aids/security-bandaid-template.stp
  The new template for creating security band-aid scripts.

  security-band-aids/cve-2016-0728-templatized.stp
  security-band-aids/cve-2018-6485-templatized.stp
  Example band-aid scripts based on the new template, for historical purposes only.

= Examples of tested kernel versions

  2.6.32 (RHEL6 x86_64, i686)
  4.18.0 (RHEL8 + CentOS Stream 8 x86_64, aarch64, ppc64le, s390x)
  5.14.0 (RHEL9 + CentOS Stream 9 x86_64, aarch64, ppc64le, s390x)
  5.19.9 (Fedora 35 x86_64)
  5.19.16 (Fedora 36,37 x86_64)
  6.0.0-rc5, 6.1.0-rc2, 6.1.0-rc3 (Fedora rawhide x86_64)

= Known issues with this release

- There are intermittent buffer transmission failures for high-trace-rate
  scripts.  Bulk mode (stap -b) helps. (see PR29108)

- There are known issues on kernel 5.10+ after adapting to set_fs()
  removal, with some memory accesses that previously returned valid data
  instead returning -EFAULT. (see PR26811)

= Contributors for this release

Sultan Alsawaf, Lumir Balhar*, Martin Cermak, William Cohen, Stan Cox,
Frank Ch. Eigler, Ryan Goldberg*, Serhei Makarov, Noah Sanci,
yaowenbin*, Yichun Zhang (agentzh)

Special thanks to new contributors, marked with '*' above.

= Bugs fixed for this release <https://sourceware.org/PR#####>

29676     wildcard function/symbol expansion inconsistent in debuginfo vs nondebuginfo cases
29246     sdt probes can fail inside a c++ method
27728     at_*.exp regressions (from bunsen data)
27730     abort.exp minor regressions (from bunsen data)
28634     ioscheduler.stp broken with new kernel 5.16.0-0.rc2
29037     Systemtap unable to find struct bitfield members for gcc11 compiled code
29507     update sample python interface tapset to rely on @cast auto context
29570     Standardized template stap script for security band-aids
29577     NULL pointer dereference in kernel tracepoint int3 execution
29661     default --rlimit-as is too small
29668     The make rpm target broken

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ