Date: Mon, 14 Feb 2022 14:03:54 +0000 From: Amit kumar <akamit91@hotmail.com> To: "markj@FreeBSD.org" <markj@FreeBSD.org> Cc: "freebsd-dtrace@FreeBSD.org" <freebsd-dtrace@FreeBSD.org> Subject: Re: dtrace fails to trace on FreeBSD-14(CURRENT) with ASLR and W^X Message-ID: <SJ0PR18MB4932A03F77D5D999AEAE83C4DC339@SJ0PR18MB4932.namprd18.prod.outlook.com> In-Reply-To: <Ygpe285ALGK1d5lm@nuc> References: <SJ0PR18MB49326C3D1DF915EB841CC2D8DC339@SJ0PR18MB4932.namprd18.prod.outlook.com> <Ygpe285ALGK1d5lm@nuc>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] >Does the problem persist with allow_wx = 1? No In that case there would be no core dump, but the script would time out after 300 seconds. Doing some manual experiments It seems it fails to set the watchpoint or the probes wont fire # sysctl kern.elf64.allow_wx=1 kern.elf64.allow_wx: 0 -> 1 # sysctl kern.elf64.aslr.enable=1 kern.elf64.aslr.enable: 1 -> 1 # sysctl kern.elf64.aslr.pie_enable=1 kern.elf64.aslr.pie_enable: 1 -> 1 # exec find / > /dev/null 2>&1 & [1] 27041 akumar3-79afpc2-1# dtrace -n pid27041:a.out:: dtrace: description 'pid27041:a.out::' matched 6828 probes CTRL+C -Amit ________________________________ From: Mark Johnston <markjdb@gmail.com> on behalf of markj@FreeBSD.org <markj@freebsd.org> Sent: Monday, February 14, 2022 7:23 PM To: Amit kumar <akamit91@hotmail.com> Cc: freebsd-dtrace@FreeBSD.org <freebsd-dtrace@freebsd.org> Subject: Re: dtrace fails to trace on FreeBSD-14(CURRENT) with ASLR and W^X On Mon, Feb 14, 2022 at 11:03:47AM +0000, Amit kumar wrote: > Encountered this issue while running https://github.com/freebsd/freebsd-src/blob/main/cddl/contrib/opensolaris/cmd/dtrace/test/tst/common/pid/tst.emptystack.d > > a somewhat simpler method to reproduce > > configuration > file /usr/bin/find > /usr/bin/find: ELF 64-bit LSB shared object, x86-64, <.....> > > kern.elf64.allow_wx: 0 > kern.elf64.aslr.pie_enable: 1 > kern.elf64.aslr.enable: 1 Does the problem persist with allow_wx = 1? > # dtrace -n pid92817:::entry > dtrace: description 'pid92817:::entry' matched 4380 probes > [2] + trace trap (core dumped) exec find / > /dev/null 2>&1 > > # exec find / > /dev/null 2>&1 & > [1] 85293 > # dtrace -n pid85293:a.out:: > dtrace: description 'pid85293:a.out::' matched 6828 probes > [1] + trace trap (core dumped) exec find / > /dev/null 2>&1 > CPU ID FUNCTION:NAME > 1 89149 find_execute:1f8 > > looking at find core in gdb > (gdb) p $_siginfo > $1 = { > si_signo = 5, > si_errno = 0, > si_code = 3, > . > . > . > > Can someone help me understand why am I seeing core due to SIGTRAP TRAP_DTRACE ? > > Regards > Amit [-- Attachment #2 --] <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> <style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style> </head> <body dir="ltr"> <div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);"> <span style="font-family:"Segoe UI", "Segoe UI Web (West European)", -apple-system, BlinkMacSystemFont, Roboto, "Helvetica Neue", sans-serif;font-size:14.6667px;background-color:rgb(255, 255, 255);display:inline !important">>Does the problem persist with allow_wx = 1?</span><br> </div> <div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);"> <span style="font-family:"Segoe UI", "Segoe UI Web (West European)", -apple-system, BlinkMacSystemFont, Roboto, "Helvetica Neue", sans-serif;font-size:14.6667px;background-color:rgb(255, 255, 255);display:inline !important">No In that case there would be no core dump, but the script would time out after 300 seconds.</span></div> <div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);"> <span style="font-family:"Segoe UI", "Segoe UI Web (West European)", -apple-system, BlinkMacSystemFont, Roboto, "Helvetica Neue", sans-serif;font-size:14.6667px;background-color:rgb(255, 255, 255);display:inline !important">Doing some manual experiments</span></div> <div style="color: rgb(0, 0, 0);"><span style="font-size: 14.6667px;">It seems it fails to set the watchpoint or the probes wont fire</span></div> <div style="color: rgb(0, 0, 0);"><span style="font-size: 14.6667px;"><br> </span></div> <div style="color: rgb(0, 0, 0);"><span style="font-size: 14.6667px;"># sysctl kern.elf64.allow_wx=1 <div>kern.elf64.allow_wx: 0 -> 1</div> <div># sysctl kern.elf64.aslr.enable=1</div> <div>kern.elf64.aslr.enable: 1 -> 1</div> <div># sysctl kern.elf64.aslr.pie_enable=1</div> <div>kern.elf64.aslr.pie_enable: 1 -> 1</div> <div># exec find / > /dev/null 2>&1 &</div> <div>[1] 27041</div> <div>akumar3-79afpc2-1# dtrace -n pid27041:a.out::</div> dtrace: description 'pid27041:a.out::' matched 6828 probes</span></div> <div style="color: rgb(0, 0, 0);"><span style="font-size: 14.6667px;"><br> </span></div> <div style="color: rgb(0, 0, 0);"><span style="font-size: 14.6667px;">CTRL+C </span></div> <div style="color: rgb(0, 0, 0);"><span style="font-size: 14.6667px;"><br> </span></div> <div style="color: rgb(0, 0, 0);"><span style="font-size: 14.6667px;">-Amit</span></div> <div id="appendonsend"></div> <hr style="display:inline-block;width:98%" tabindex="-1"> <div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Mark Johnston <markjdb@gmail.com> on behalf of markj@FreeBSD.org <markj@freebsd.org><br> <b>Sent:</b> Monday, February 14, 2022 7:23 PM<br> <b>To:</b> Amit kumar <akamit91@hotmail.com><br> <b>Cc:</b> freebsd-dtrace@FreeBSD.org <freebsd-dtrace@freebsd.org><br> <b>Subject:</b> Re: dtrace fails to trace on FreeBSD-14(CURRENT) with ASLR and W^X</font> <div> </div> </div> <div class="BodyFragment"><font size="2"><span style="font-size:11pt;"> <div class="PlainText">On Mon, Feb 14, 2022 at 11:03:47AM +0000, Amit kumar wrote:<br> > Encountered this issue while running <a href="https://github.com/freebsd/freebsd-src/blob/main/cddl/contrib/opensolaris/cmd/dtrace/test/tst/common/pid/tst.emptystack.d">; https://github.com/freebsd/freebsd-src/blob/main/cddl/contrib/opensolaris/cmd/dtrace/test/tst/common/pid/tst.emptystack.d</a><br>; > <br> > a somewhat simpler method to reproduce<br> > <br> > configuration<br> > file /usr/bin/find<br> > /usr/bin/find: ELF 64-bit LSB shared object, x86-64, <.....><br> > <br> > kern.elf64.allow_wx: 0<br> > kern.elf64.aslr.pie_enable: 1<br> > kern.elf64.aslr.enable: 1<br> <br> Does the problem persist with allow_wx = 1?<br> <br> > # dtrace -n pid92817:::entry<br> > dtrace: description 'pid92817:::entry' matched 4380 probes<br> > [2] + trace trap (core dumped) exec find / > /dev/null 2>&1<br> > <br> > # exec find / > /dev/null 2>&1 &<br> > [1] 85293<br> > # dtrace -n pid85293:a.out::<br> > dtrace: description 'pid85293:a.out::' matched 6828 probes<br> > [1] + trace trap (core dumped) exec find / > /dev/null 2>&1<br> > CPU ID FUNCTION:NAME<br> > 1 89149 find_execute:1f8<br> > <br> > looking at find core in gdb<br> > (gdb) p $_siginfo<br> > $1 = {<br> > si_signo = 5,<br> > si_errno = 0,<br> > si_code = 3,<br> > .<br> > .<br> > .<br> > <br> > Can someone help me understand why am I seeing core due to SIGTRAP TRAP_DTRACE ?<br> > <br> > Regards<br> > Amit<br> </div> </span></font></div> </body> </html>help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?SJ0PR18MB4932A03F77D5D999AEAE83C4DC339>