Page MenuHomeFreeBSD

DTrace: Add an invariant to check for recursion in dtrace_probe()
ClosedPublic

Authored by domagoj.stolfa_gmail.com on Mar 26 2018, 11:23 PM.
Tags
None
Referenced Files
Unknown Object (File)
Oct 17 2024, 6:35 PM
Unknown Object (File)
Oct 17 2024, 6:35 PM
Unknown Object (File)
Oct 17 2024, 6:30 PM
Unknown Object (File)
Oct 17 2024, 5:46 PM
Unknown Object (File)
Oct 17 2024, 5:46 PM
Unknown Object (File)
Oct 3 2024, 12:14 AM
Unknown Object (File)
Sep 27 2024, 8:19 PM
Unknown Object (File)
Sep 22 2024, 1:12 AM
Subscribers

Details

Summary

dtrace_probe() is a function that can be called in many sensitive contexts and relies on never recursing. This is because if there is a recursive call to dtrace_probe(), there will either be an ordering violation or there is a programmer error and a function was instrumented that should not have been.

Currently, when the latter happens the machine locks up due to continuously recursing in the kernel and it can be difficult to debug. This patch adds a new flag in DTrace-specific thread options that denotes recursion and asserts that we are not recursing unless dtrace_probe() is called with dtrace_probeid_error.

Sponsored by: DARPA/AFRL.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

Is there anything else I can do for this to land?

sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c
7342

Maybe make a dtrace_probe_{enter,exit}() that handles this flag and interrupts.

sys/cddl/dev/dtrace/dtrace_cddl.h
67

This isn't really the right place. Note the union with _td_dtrace_ft, which is supposed to contain fasttrap flags, and note also that u_long is 32-bits on ILP32 platforms. You can pack the new field after td_dtrace_sig.

This union is kind of weird. I prefer the FreeBSD model where we just have an explicit flags variable. Changing that is out of scope for this change though.

dtrace_wouldrecurse isn't a great name IMO, as it's more specific than it needs to be. I'd call it td_dtrace_in_probe or something like that.

domagoj.stolfa_gmail.com removed 1 blocking reviewer(s): gnn.

Looks ok to me modulo some pedantic nitpicking.

sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c
7265

I prefer dtrace_probe_enter(), as it's only for use by dtrace_probe().

7267

There should be a newline after the declaration.

7271

I don't think this comment is very useful: it's pretty standard for assertions to be compiled out of non-debug builds in any code base.

7282

You can set this before disabling interrupts.

sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c
7282

No, I'm wrong. The thread might be interrupted after setting inprobe, and a function in the interrupt handling path may be instrumented.

Address the other comments by @markj and fix a misleading word in the dtrace_probe_exit() comment.

This revision was not accepted when it landed; it landed in state Needs Review.Apr 10 2018, 1:47 PM
This revision was automatically updated to reflect the committed changes.