From owner-freebsd-current@freebsd.org  Thu May  9 03:32:17 2019
Return-Path: <owner-freebsd-current@freebsd.org>
Delivered-To: freebsd-current@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 14C26159B856
 for <freebsd-current@mailman.ysv.freebsd.org>;
 Thu,  9 May 2019 03:32:17 +0000 (UTC)
 (envelope-from markjdb@gmail.com)
Received: from mail-io1-xd44.google.com (mail-io1-xd44.google.com
 [IPv6:2607:f8b0:4864:20::d44])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 9C5A473C16;
 Thu,  9 May 2019 03:32:16 +0000 (UTC)
 (envelope-from markjdb@gmail.com)
Received: by mail-io1-xd44.google.com with SMTP id g84so524904ioa.1;
 Wed, 08 May 2019 20:32:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=sender:date:from:to:cc:subject:message-id:references:mime-version
 :content-disposition:in-reply-to:user-agent;
 bh=EioktTS0jGvmz5pG3gdMExbUYG5jhtp+6HJ7tDWlzuI=;
 b=efoHHpwXs/Q95PIUGk1D23v9aKfDAcBlo04j53tEnu9fINh634c2yWgpYv32X9tuFS
 EswAQvv9bCNLA2ZPu+V8UVp7bIup8SsqTLYy+DsZ7UrPUMxOIO3tkuIG+HnpejcmDoys
 MQdqQ3VptfHxgmnAQQBczKtHPjtrW/ezhy4CSvK1myNtjZSWj6mo45NHEUJ9glX6dRqa
 Ti3s+e2JyNovh2L7R2hlYn9H5NqQmaKE36dCjju3DbwzFF1ZMbUOvuM6xU/Ij/ka9jyf
 8WL9QNaupgbEr6RL2KRwzNgB80M6ABQKXluoD+3OOkHP1hQZawXXyGTZegDhy2P9T69l
 bFOA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:sender:date:from:to:cc:subject:message-id
 :references:mime-version:content-disposition:in-reply-to:user-agent;
 bh=EioktTS0jGvmz5pG3gdMExbUYG5jhtp+6HJ7tDWlzuI=;
 b=RQXalKRxg0iWg5wbFzG4KqT/YbLgD6DluA+y0guEKwH3+XJJ6Ki60vA3R5MBw3LzrC
 mVrc6iznTVh5Ll6rurbcr49ah8r5qWhz6/u/4ykVmt2g9+IrwGK7EvKLErdHexlBC5rS
 NdMOce/cuqXGyZRcwCENA0Ta2kxIoBB2oNAGmIPCdtg9LeOmrnABEa0S9te/4HNK1os7
 6Yf/N3XupOUiHVXrfhFvVahn3RTrALEGroXCix7pAEayRceu03hPq6nAACtVPqy8px4e
 Ppxn3fcJTmWIti1s00tV1O3LFtoFXcb+fFvunrAaSr3krZkWFPIHWIzEJqH49GmZ0il6
 AE7Q==
X-Gm-Message-State: APjAAAUgN0K7SHYBaXwq+BjsKoJgdlKBUID2PR667Zfh9py9Ktm7lNZe
 aa1q0HIEdUC9KTgXqfJzsS8h4JRO
X-Google-Smtp-Source: APXvYqy2i5naDxgVC1SBji0KmG/RC1VAGbqvNpzstoW+gmD7MvXvJUi/6isDum+otQ8tKEOx86qe6g==
X-Received: by 2002:a5e:8216:: with SMTP id l22mr953224iom.269.1557372734530; 
 Wed, 08 May 2019 20:32:14 -0700 (PDT)
Received: from raichu (toroon0560w-lp140-01-69-159-36-31.dsl.bell.ca.
 [69.159.36.31])
 by smtp.gmail.com with ESMTPSA id m10sm372299iol.20.2019.05.08.20.32.13
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Wed, 08 May 2019 20:32:13 -0700 (PDT)
Sender: Mark Johnston <markjdb@gmail.com>
Date: Wed, 8 May 2019 23:32:11 -0400
From: Mark Johnston <markj@freebsd.org>
To: Larry Rosenman <ler@freebsd.org>
Cc: freebsd-current@freebsd.org
Subject: Re: Crash loading dtraceall
Message-ID: <20190509033211.GE11774@raichu>
References: <20190508205245.ulbo6fusk3b4py7t@ler-imac.local>
 <20190508222932.GB11774@raichu>
 <845dd186ef038d98c1a95a7454e432d2@FreeBSD.org>
 <20190508225553.GC11774@raichu>
 <460d563e2fe48bfd90b489015b4c0f9d@FreeBSD.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <460d563e2fe48bfd90b489015b4c0f9d@FreeBSD.org>
User-Agent: Mutt/1.11.4 (2019-03-13)
X-Rspamd-Queue-Id: 9C5A473C16
X-Spamd-Bar: ------
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-6.97 / 15.00];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[];
 NEURAL_HAM_SHORT(-0.97)[-0.970,0]
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 09 May 2019 03:32:17 -0000

On Wed, May 08, 2019 at 05:57:18PM -0500, Larry Rosenman wrote:
> On 05/08/2019 5:55 pm, Mark Johnston wrote:
> > On Wed, May 08, 2019 at 05:47:08PM -0500, Larry Rosenman wrote:
> >> On 05/08/2019 5:29 pm, Mark Johnston wrote:
> >> > On Wed, May 08, 2019 at 03:52:45PM -0500, Larry Rosenman wrote:
> >> >> Greetings,
> >> >>
> >> >>     Somewhere between r346483 and r347241 loading dtraceall causes a
> >> >>     crash.  I have the cores and kernels.
> >> >>
> >> >>     It's hard for me to bisect more than this, as the box is remote.
> >> >>
> >> >>     What more do you need?  (this dump is fropm r347355).
> >> >
> >> > Please visit frame 8 and print *lf.
> >> >
> >> #9  fbt_provide_module_function (lf=0xfffff800020ff000, symindx=30763,
> >> symval=0xfffffe00d74d7e00, opaque=0xfffffe00d74d7e50) at
> >> /usr/src/sys/cddl/dev/fbt/x86/fbt_isa.c:191
> >> 191			if (*instr == FBT_PUSHL_EBP)
> >> (kgdb) print *lf
> >> $1 = {ops = 0xfffff800020f6000, refs = 202, userrefs = 1, flags = 1,
> >> link = {tqe_next = 0xfffff800020fec00, tqe_prev = 0xffffffff80c767d0
> >> <linker_files>}, filename = 0xfffff80002101030 "kernel",
> >>    pathname = 0xfffff80002104080 "/boot/kernel/kernel", id = 1, 
> >> address =
> >> 0xffffffff80200000 "\177ELF\002\001\001\t", size = 17612816, 
> >> ctors_addr
> >> = 0x0, ctors_size = 0, ndeps = 0, deps = 0x0, common = {stqh_first =
> >> 0x0,
> >>      stqh_last = 0xfffff800020ff070}, modules = {tqh_first =
> >> 0xfffff800020e5800, tqh_last = 0xfffff80002116790}, loaded = {tqe_next 
> >> =
> >> 0x0, tqe_prev = 0x0}, loadcnt = 1, nenabled = 0, fbt_nentries = 25062}
> >> (kgdb)
> > 
> > And could you show the output of:
> > 
> > $ readelf -s /boot/kernel/kernel | grep "30763:"
> > _______________________________________________
> > freebsd-current@freebsd.org mailing list
> > https://lists.freebsd.org/mailman/listinfo/freebsd-current
> > To unsubscribe, send any mail to 
> > "freebsd-current-unsubscribe@freebsd.org"
> 
> [root@oldtbh2 /var/crash]# readelf -s /boot/kernel/kernel | grep 
> "30763:"
>   30763: ffffffff80791310    75 IFUNC   GLOBAL DEFAULT    8 x86_rng_store
> [root@oldtbh2 /var/crash]#

The problem is with the kernel linker's handling of ifuncs.  When
enumerating symbols, it replaces ifunc symbol values with the return
value of the resolver but preserves the original symbol size, which is
that of the resolver.  I believe this patch will address the panic
you're seeing:

diff --git a/sys/kern/link_elf.c b/sys/kern/link_elf.c
index 6ceb34d66b74..8bd9a0219a1d 100644
--- a/sys/kern/link_elf.c
+++ b/sys/kern/link_elf.c
@@ -1350,17 +1350,23 @@ static int
 link_elf_symbol_values(linker_file_t lf, c_linker_sym_t sym,
     linker_symval_t *symval)
 {
+	c_linker_sym_t target;
 	elf_file_t ef;
 	const Elf_Sym *es;
 	caddr_t val;
+	long diff;
 
 	ef = (elf_file_t)lf;
 	es = (const Elf_Sym *)sym;
 	if (es >= ef->symtab && es < (ef->symtab + ef->nchains)) {
 		symval->name = ef->strtab + es->st_name;
 		val = (caddr_t)ef->address + es->st_value;
-		if (ELF_ST_TYPE(es->st_info) == STT_GNU_IFUNC)
+		if (ELF_ST_TYPE(es->st_info) == STT_GNU_IFUNC) {
 			val = ((caddr_t (*)(void))val)();
+			(void)link_elf_search_symbol(lf, val, &target, &diff);
+			if (diff == 0)
+				es = (const Elf_Sym *)target;
+		}
 		symval->value = val;
 		symval->size = es->st_size;
 		return (0);
@@ -1370,8 +1376,12 @@ link_elf_symbol_values(linker_file_t lf, c_linker_sym_t sym,
 	if (es >= ef->ddbsymtab && es < (ef->ddbsymtab + ef->ddbsymcnt)) {
 		symval->name = ef->ddbstrtab + es->st_name;
 		val = (caddr_t)ef->address + es->st_value;
-		if (ELF_ST_TYPE(es->st_info) == STT_GNU_IFUNC)
+		if (ELF_ST_TYPE(es->st_info) == STT_GNU_IFUNC) {
 			val = ((caddr_t (*)(void))val)();
+			(void)link_elf_search_symbol(lf, val, &target, &diff);
+			if (diff == 0)
+				es = (const Elf_Sym *)target;
+		}
 		symval->value = val;
 		symval->size = es->st_size;
 		return (0);
diff --git a/sys/kern/link_elf_obj.c b/sys/kern/link_elf_obj.c
index ac4cc8c085cb..5ce160a05699 100644
--- a/sys/kern/link_elf_obj.c
+++ b/sys/kern/link_elf_obj.c
@@ -1240,9 +1240,11 @@ static int
 link_elf_symbol_values(linker_file_t lf, c_linker_sym_t sym,
     linker_symval_t *symval)
 {
+	c_linker_sym_t target;
 	elf_file_t ef;
 	const Elf_Sym *es;
 	caddr_t val;
+	long diff;
 
 	ef = (elf_file_t) lf;
 	es = (const Elf_Sym*) sym;
@@ -1250,8 +1252,12 @@ link_elf_symbol_values(linker_file_t lf, c_linker_sym_t sym,
 	if (es >= ef->ddbsymtab && es < (ef->ddbsymtab + ef->ddbsymcnt)) {
 		symval->name = ef->ddbstrtab + es->st_name;
 		val = (caddr_t)es->st_value;
-		if (ELF_ST_TYPE(es->st_info) == STT_GNU_IFUNC)
+		if (ELF_ST_TYPE(es->st_info) == STT_GNU_IFUNC) {
 			val = ((caddr_t (*)(void))val)();
+			(void)link_elf_search_symbol(lf, val, &target, &diff);
+			if (diff == 0)
+				es = (const Elf_Sym *)target;
+		}
 		symval->value = val;
 		symval->size = es->st_size;
 		return 0;