From owner-freebsd-dtrace@freebsd.org  Sun Oct 28 10:56:15 2018
Return-Path: <owner-freebsd-dtrace@freebsd.org>
Delivered-To: freebsd-dtrace@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id ACECB10860A4
 for <freebsd-dtrace@mailman.ysv.freebsd.org>;
 Sun, 28 Oct 2018 10:56:15 +0000 (UTC)
 (envelope-from longwitz@incore.de)
Received: from dss.incore.de (dss.incore.de [195.145.1.138])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 2164A7C31C;
 Sun, 28 Oct 2018 10:56:15 +0000 (UTC)
 (envelope-from longwitz@incore.de)
Received: from inetmail.dmz (inetmail.dmz [10.3.0.3])
 by dss.incore.de (Postfix) with ESMTP id D8AF9139B2;
 Sun, 28 Oct 2018 11:56:12 +0100 (CET)
X-Virus-Scanned: amavisd-new at incore.de
Received: from dss.incore.de ([10.3.0.3])
 by inetmail.dmz (inetmail.dmz [10.3.0.3]) (amavisd-new, port 10024)
 with LMTP id PoqEy1OCnA0q; Sun, 28 Oct 2018 11:56:11 +0100 (CET)
Received: from mail.local.incore (fwintern.dmz [10.0.0.253])
 by dss.incore.de (Postfix) with ESMTP id 84DC4139B5;
 Sun, 28 Oct 2018 11:56:11 +0100 (CET)
Received: from bsdmhs.longwitz (unknown [192.168.99.6])
 by mail.local.incore (Postfix) with ESMTP id 615A9166;
 Sun, 28 Oct 2018 11:56:11 +0100 (CET)
Message-ID: <5BD595CB.5030800@incore.de>
Date: Sun, 28 Oct 2018 11:56:11 +0100
From: Andreas Longwitz <longwitz@incore.de>
User-Agent: Thunderbird 2.0.0.19 (X11/20090113)
MIME-Version: 1.0
To: Mark Johnston <markj@freebsd.org>
CC: "freebsd-dtrace@freebsd.org" <freebsd-dtrace@freebsd.org>
Subject: Re: Why my DTrace script does not work after installing a new kernel
 without reboot
References: <5BD4E965.9040006@incore.de> <20181027225339.GA4191@spy>
In-Reply-To: <20181027225339.GA4191@spy>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-dtrace@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A discussion list for developers working on DTrace in FreeBSD."
 <freebsd-dtrace.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-dtrace>, 
 <mailto:freebsd-dtrace-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-dtrace/>
List-Post: <mailto:freebsd-dtrace@freebsd.org>
List-Help: <mailto:freebsd-dtrace-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-dtrace>,
 <mailto:freebsd-dtrace-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Oct 2018 10:56:15 -0000

Thans very much for quick answer !

>> I have a simple, probably stupid question. I run FreeBSD 10.4 Stable
>> r338093 and use the script
>>
>> #!/usr/sbin/dtrace -s
>>
>> dtrace:::BEGIN
>> {
>> printf("pf_default_rule.timeout[2/16/17]=%d/%d/%d\n",
>>   kernel`pf_default_rule.timeout[2], kernel`pf_default_rule.timeout[16],
>>   kernel`pf_default_rule.timeout[17]);
>> }
>>
>> The output normally is
>>   pf_default_rule.timeout[2/16/17]=86400/6000/12000
>>
>> But when I change the sourcefile /sys/netpfil/pf/pf.c trying a patch and
>> build and install the new kernel but without reboot, then the output of
>> the script is wrong:
>>
>>   pf_default_rule.timeout[2/16/17]=3237216124/0/0
>>
>> After reboot everything works again.
> 
> Does your patch change the layout of the timeout structure?  If so, the
> problem is that dtrace(1) is using the CTF from kern.bootfile, but that
> doesn't match the layout of the structures used by the running kernel.

My patch does not change data structures, I have added a debug statement
for an actual pf problem:

--- pf.c.orig   2018-08-14 10:17:41.000000000 +0200
+++ pf.c        2018-10-28 00:04:45.441327000 +0200
@@ -1543,6 +1543,12 @@
        if (start) {
                end = state->rule.ptr->timeout[PFTM_ADAPTIVE_END];
                states = counter_u64_fetch(state->rule.ptr->states_cur);
+               if (bootverbose > 5) {
+                       if (states > 10000) {
+                               bootverbose--;
+                               printf("%s: counter value %u too big ",
__func__, states);
+                       }
+               }
        } else {
                start = V_pf_default_rule.timeout[PFTM_ADAPTIVE_START];
                end = V_pf_default_rule.timeout[PFTM_ADAPTIVE_END];

If dtrace(1) uses the CTF of kern.bootfile, then everything should work
as expected. Normally I have

 -> sysctl kern.bootfile
kern.bootfile: /boot/kernel/kernel

and after building and installing the patched kernel I have

 -> sysctl kern.bootfile
kern.bootfile: /boot/kernel.old/kernel

and that is correct the file of the actual running kernel.

I do not understand the logic of dtrace(1) in handling the kern.bootfile
variable. This is done in sourcefile dt_open.c:

  /*
   * On FreeBSD the kernel module name can't be hard-coded. The
   * 'kern.bootfile' sysctl value tells us exactly which file is being
   * used as the kernel.
   */
#ifndef illumos
  {
  char bootfile[MAXPATHLEN];
  char *p;
  int i;
  size_t len = sizeof(bootfile);

  /* This call shouldn't fail, but use a default just in case. */
  if (sysctlbyname("kern.bootfile", bootfile, &len, NULL, 0) != 0)
          strlcpy(bootfile, "kernel", sizeof(bootfile));

  if ((p = strrchr(bootfile, '/')) != NULL)
          p++;
  else
          p = bootfile;

If I am not comletely wrong this code snippet does not do what can be
read in the comment. The function strrchr() returns a pointer to the
last occurrence of '/' in bootfile, so we always end with *p="kernel".

After
  cd /boot; mv kernel kernel.new; mv kernel.old kernel
my DTrace script works correct again, that means dtrace(1) always uses
/boot/kernel/kernel.

So there may be a bug in handling the kern.bootfile variable in dtrace.



Best regards,
Andreas