突破systemtap脚本对资源使用的限制
这是stap运行期为了避免用户滥用系统资源做出的保护,为了安全性牺牲下方便,但是会给我们需要长期运行的脚本造成很大的麻烦,所以我们演示下如何来回避这个事情:
$ uname -r 2.6.38-yufeng $ cat > test.stp global a probe begin { println(":"); for(i=0;i<2049;i++) a[i]=i; delete a; exit(); } CTRL+D $ sudo stap test.stp ERROR: Array overflow, check MAXMAPENTRIES near identifier \'a\' at test.stp:6:5 : WARNING: Number of errors: 1, skipped probes: 0 Pass 5: run failed. Try again with another \'--vp 00001\' option. $ sudo stap -DMAXMAPENTRIES=10240 test.stp :
我们来分析下stap如何做到的:
$ stap --disable-cache -p3 -DMAXMAPENTRIES=10240 test.stp 2>&1 |grep MAXMAPENTRIES #ifndef MAXMAPENTRIES #define MAXMAPENTRIES 2048 #生成的模块c源码里面是这么定义的, 最大项 2048 $ sudo stap --disable-cache -vvv -DMAXMAPENTRIES=10240 test.stp .. gcc -Wp,-MD,/tmp/stap6FKM9Q/.stap_4227.mod.o.d -nostdinc -isystem /usr/lib/gcc/x86_64-linux-gnu/4.4.5/include -I/usr/src/linux-2.6.38/arch/x86/include -Iinclude -include include/generated/autoconf.h -D__KERNEL__ -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -Werror-implicit-function-declaration -Wno-format-security -fno-delete-null-pointer-checks -O2 -m64 -mtune=generic -mno-red-zone -mcmodel=kernel -funit-at-a-time -maccumulate-outgoing-args -fstack-protector -DCONFIG_AS_CFI=1 -DCONFIG_AS_CFI_SIGNAL_FRAME=1 -DCONFIG_AS_CFI_SECTIONS=1 -DCONFIG_AS_FXSAVEQ=1 -pipe -Wno-sign-compare -fno-asynchronous-unwind-tables -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -Wframe-larger-than=1024 -fno-omit-frame-pointer -fno-optimize-sibling-calls -g -pg -Wdeclaration-after-statement -Wno-pointer-sign -fno-strict-overflow -fconserve-stack -Iinclude2/asm/mach-default -include /tmp/stap6FKM9Q/stapconf_4227.h -D "MAXMAPENTRIES=10240" -freorder-blocks -Wframe-larger-than=256 -Wno-unused -Werror -I"/usr/share/systemtap/runtime" -D"KBUILD_STR(s)=#s" -D"KBUILD_BASENAME=KBUILD_STR(stap_4227.mod)" -D"KBUILD_MODNAME=KBUILD_STR(stap_4227)" -DMODULE -c -o /tmp/stap6FKM9Q/stap_4227.mod.o /tmp/stap6FKM9Q/stap_4227.mod.c .. #我们可以看到gcc编译的时候使用了-D "MAXMAPENTRIES=10240" 来替换模块源码里面的macro MAXMAPENTRIES,最大项改成了10240
我们顺藤摸瓜, man stap下我们可以看到类似可以修改的参数还有其他的:
MAXNESTING
Maximum number of nested function calls. Default determined by script analysis, with a bonus 10 slots added for recursive scripts.
MAXSTRINGLEN
Maximum length of strings, default 128.
MAXTRYLOCK
Maximum number of iterations to wait for locks on global variables before declaring possible deadlock and skipping the probe, default 1000.
MAXACTION
Maximum number of statements to execute during any single probe hit (with interrupts disabled), default 1000.
MAXACTION_INTERRUPTIBLE
Maximum number of statements to execute during any single probe hit which is executed with interrupts enabled (such as begin/end probes),
default (MAXACTION * 10).
MAXMAPENTRIES
Maximum number of rows in any single global array, default 2048.
MAXERRORS
Maximum number of soft errors before an exit is triggered, default 0, which means that the first error will exit the script.
MAXSKIPPED
Maximum number of skipped probes before an exit is triggered, default 100. Running systemtap with -t (timing) mode gives more details about
skipped probes. With the default -DINTERRUPTIBLE=1 setting, probes skipped due to reentrancy are not accumulated against this limit.
MINSTACKSPACE
Minimum number of free kernel stack bytes required in order to run a probe handler, default 1024. This number should be large enough for
the probe handler’s own needs, plus a safety margin.
MAXUPROBES
Maximum number of concurrently armed user-space probes (uprobes), default somewhat larger than the number of user-space probe points named
in the script. This pool needs to be potentialy large because individual uprobe objects (about 64 bytes each) are allocated for each
process for each matching script-level probe.
STP_MAXMEMORY
Maximum amount of memory (in kilobytes) that the systemtap module should use, default unlimited. The memory size includes the size of the
module itself, plus any additional allocations. This only tracks direct allocations by the systemtap runtime. This does not track indirect
allocations (as done by kprobes/uprobes/etc. internals).
TASK_FINDER_VMA_ENTRY_ITEMS
Maximum number of VMA pages that will be tracked at runtime. This might get exhausted for system wide probes inspecting shared library vari
建议继续学习:
- 如何查找消耗资源较大的SQL (阅读:13500)
- Linux下如何知道文件被那个进程写 (阅读:5004)
- HTML5和CSS3工具资源汇总 (阅读:3702)
- 在Ubuntu上使用SystemTap (阅读:3027)
- UI设计师的盛宴:Web UI设计资源大系 (阅读:3062)
- 分享一些可视信息设计资源 (阅读:2717)
- systemtap函数调用栈信息不齐的原因和解决方法 (阅读:2255)
- systemtap全局变量自动打印的原因和解决方法 (阅读:1842)
- systemtap观察page_cache的使用情况 (阅读:1713)
- 游戏引擎中的资源生命期管理问题 (阅读:1079)
扫一扫订阅我的微信号:IT技术博客大学习
- 作者:Yu Feng 来源: Erlang非业余研究
- 标签: systemtap 资源
- 发布时间:2011-03-30 14:01:00
- [52] IOS安全–浅谈关于IOS加固的几种方法
- [51] android 开发入门
- [50] 如何拿下简短的域名
- [48] Oracle MTS模式下 进程地址与会话信
- [48] 图书馆的世界纪录
- [47] 【社会化设计】自我(self)部分――欢迎区
- [46] Go Reflect 性能
- [43] 读书笔记-壹百度:百度十年千倍的29条法则
- [37] 视觉调整-设计师 vs. 逻辑
- [34] 程序员技术练级攻略