Robert J Robert J - 10 months ago 128
Linux Question

Dirty CoW patch on CentOS 7.2 - semantic error: while resolving probe point

I am working on implementing a temp patch (non-persistent) on my system as described here (while waiting for the official distro kernel):

I have tested a dirty copy on write script for the intent of testing the resolution of this bug on my system but note that I am getting a semantic error and that this bug is still active on my system:

SuperUser Shell ~/> # stap -g -p 4 fix.stp
semantic error: while resolving probe point: identifier 'syscall' at fix.stp:5:7
source: probe syscall.ptrace { // includes compat ptrace as well

semantic error: no match

Pass 2: analysis failed. [man error::pass2]
SuperUser Shell ~/>

With color (if that's your thing):

enter image description here

Reading this article:

I see a brief explanation:

semantic error: no match for probe point, while resolving probe point

The events / handler function foo could not be resolved
altogether, for a variety of reasons. This error occurs when the
script contains the event kernel.function("blah"), and blah does not
exist. In some cases, the error could also mean the script contains an
invalid kernel file name or source line number.


  • This is essentially stating that the
    kernel function is not recognized, correct?

  • Has anyone successfully implemented this temp fix on CentOS 7.x yet?

Thanks for any help

PS: Sorry if this seems somewhat script kiddy-ish (I don't fully understand this hot fix yet).

Answer Source

Yes, I have successfully implemented this temporary mitigation on CentOS 7.

As described in one of the comments on that bugzilla entry, you need to install the both systemtap and the debuginfo for the kernel in order for this mitigation to work.

The commands given are:

yum install systemtap yum-utils
debuginfo-install kernel-$(uname -r)

Based on what you posted, presumably you already have systemtap, but the error you're getting suggests you need the debuginfo packages. The second command above should install the right stuff; you could also get the RPMs by hand from (this is what I ended up doing)

By the way, this mitigation using systemtap is not a real fix, it just makes one of the proof of concept programs fail. It is worth doing, but no substitute for a real patched kernel.

I don't understand why Red Hat and CentOS haven't pushed out patched kernel packages yet, Ubuntu and others had their updates out days ago. What's the holdup?