Page MenuHomeFreeBSD
Differential D41722

dtrace: Fix a kernel panic in printm().
ClosedPublic
Actions

Authored by domagoj.stolfa_gmail.com on Sep 4 2023, 9:02 PM.
Tags
None
Referenced Files
F147014903: D41722.id126865.diff
Sat, Mar 7, 3:09 PM
Unknown Object (File)
Fri, Mar 6, 8:10 PM
Unknown Object (File)
Fri, Mar 6, 3:31 PM
Unknown Object (File)
Tue, Mar 3, 7:42 PM
Unknown Object (File)
Tue, Mar 3, 2:02 PM
Unknown Object (File)
Tue, Feb 17, 12:13 PM
Unknown Object (File)
Tue, Feb 17, 12:13 PM
Unknown Object (File)
Mon, Feb 16, 8:04 AM
View All Files
Subscribers
imp

Details

Reviewers
markj
gnn
Group Reviewers
DTrace
Commits
rG8ad93f44a5da: dtrace: Fix a kernel panic in printm()
rG49c1b353390c: dtrace: Fix a kernel panic in printm()
rG0df75d6c87a5: dtrace: Fix a kernel panic in printm()
rG8527bb2aee6c: dtrace: Fix a kernel panic in printm()
Summary
When using printm(), one should always pass a scratch pointer to it.
This is achieved by calling printm with memref

  BEGIN { printm(fixed_len, memref(ptr, var_len)); }

which will return a pointer to the DTrace scratch space of size
sizeof(uintptr_t) * 2. However, one can easily call printm() as follows

  BEGIN { printm(10, (void *)NULL); }

and panic the kernel as a result. This commit does two things:

  (1) adds a new macro DTRACE_INSCRATCHPTR(mstate, ptr, howmany) which
      checks if a certain pointer is in the DTrace scratch space;
  (2) uses DTRACE_INSCRATCHPTR() to implement a check on printm()'s DIFO
      return value in order to avoid the panic and sets CPU_DTRACE_BADADDR
      if the address is not in the scratch space.
Test Plan

Run

# dtrace -n 'BEGIN { printm(10, (void *)NULL); }'

with and without the patch.

Expected output with the patch:

dtrace: description 'BEGIN ' matched 1 probe
dtrace: error on enabled probe ID 1 (ID 1: dtrace:::BEGIN): invalid address (0x0) in action #1

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

domagoj.stolfa_gmail.com created this revision.Sep 4 2023, 9:02 PM
Herald added a reviewer: gnn. · View Herald TranscriptSep 4 2023, 9:02 PM
Herald added a subscriber: imp. · View Herald Transcript
domagoj.stolfa_gmail.com requested review of this revision.Sep 4 2023, 9:02 PM
markj added inline comments.Sep 4 2023, 9:15 PM
sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c
521

Isn't this testing whether the pointer points outside of the scratch space? That is, this looks inverted.

7759

From the comment, I'd expect this to read if (!DTRACE_INSCRATCHPTR(....

domagoj.stolfa_gmail.com updated this revision to Diff 126865.Sep 4 2023, 9:26 PM

That's true, it's late :). Updated the diff. Thanks!

domagoj.stolfa_gmail.com marked 2 inline comments as done.Sep 4 2023, 9:26 PM
markj accepted this revision as: markj.Sep 4 2023, 9:29 PM
This revision is now accepted and ready to land.Sep 4 2023, 9:29 PM
Closed by commit rG8527bb2aee6c: dtrace: Fix a kernel panic in printm() (authored by domagoj.stolfa_gmail.com, committed by markj). · Explain WhySep 6 2023, 2:01 PM
This revision was automatically updated to reflect the committed changes.
markj added a commit: rG8527bb2aee6c: dtrace: Fix a kernel panic in printm().
markj added a commit: rG0df75d6c87a5: dtrace: Fix a kernel panic in printm().Sep 27 2023, 12:53 PM
markj added a commit: rG49c1b353390c: dtrace: Fix a kernel panic in printm().
markj added a commit: rG8ad93f44a5da: dtrace: Fix a kernel panic in printm().Sep 28 2023, 8:41 PM

Revision Contents
Changeset List

PathSize
sys/
cddl/
contrib/
opensolaris/
uts/
common/
dtrace/
22 lines

Diff 126955

View Options

sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c

Loading...