From owner-svn-src-all@freebsd.org Thu Feb 21 22:54:18 2019 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 68F4714F4C01; Thu, 21 Feb 2019 22:54:18 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0B7B26BD0E; Thu, 21 Feb 2019 22:54:18 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id ED1D02456C; Thu, 21 Feb 2019 22:54:17 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x1LMsH4x020673; Thu, 21 Feb 2019 22:54:17 GMT (envelope-from markj@FreeBSD.org) Received: (from markj@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x1LMsHo1020671; Thu, 21 Feb 2019 22:54:17 GMT (envelope-from markj@FreeBSD.org) Message-Id: <201902212254.x1LMsHo1020671@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: markj set sender to markj@FreeBSD.org using -f From: Mark Johnston Date: Thu, 21 Feb 2019 22:54:17 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r344452 - in head/sys/cddl: contrib/opensolaris/uts/common/dtrace contrib/opensolaris/uts/intel/dtrace dev/dtrace X-SVN-Group: head X-SVN-Commit-Author: markj X-SVN-Commit-Paths: in head/sys/cddl: contrib/opensolaris/uts/common/dtrace contrib/opensolaris/uts/intel/dtrace dev/dtrace X-SVN-Commit-Revision: 344452 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 0B7B26BD0E X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.96 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; NEURAL_HAM_SHORT(-0.96)[-0.959,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Feb 2019 22:54:18 -0000 Author: markj Date: Thu Feb 21 22:54:17 2019 New Revision: 344452 URL: https://svnweb.freebsd.org/changeset/base/344452 Log: Fix a tracepoint lookup race in fasttrap_pid_probe(). fasttrap hooks the userspace breakpoint handler; the hook looks up the breakpoint address in a hash table of tracepoints. It is possible for the tracepoint to be removed by a different thread in between the breakpoint trap and the hash table lookup, in which case SIGTRAP gets delivered to the target process. Fix the problem by adding a per-process generation counter that gets incremented when a tracepoint belonging to that process is removed. Then, when a lookup fails, the trapping instruction is restarted if the thread's counter doesn't match that of the process. Reviewed by: cem MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D19273 Modified: head/sys/cddl/contrib/opensolaris/uts/common/dtrace/fasttrap.c head/sys/cddl/contrib/opensolaris/uts/intel/dtrace/fasttrap_isa.c head/sys/cddl/dev/dtrace/dtrace_cddl.h Modified: head/sys/cddl/contrib/opensolaris/uts/common/dtrace/fasttrap.c ============================================================================== --- head/sys/cddl/contrib/opensolaris/uts/common/dtrace/fasttrap.c Thu Feb 21 22:49:39 2019 (r344451) +++ head/sys/cddl/contrib/opensolaris/uts/common/dtrace/fasttrap.c Thu Feb 21 22:54:17 2019 (r344452) @@ -1089,6 +1089,8 @@ fasttrap_tracepoint_disable(proc_t *p, fasttrap_probe_ ASSERT(p->p_proc_flag & P_PR_LOCK); #endif p->p_dtrace_count--; + + atomic_add_rel_64(&p->p_fasttrap_tp_gen, 1); } /* Modified: head/sys/cddl/contrib/opensolaris/uts/intel/dtrace/fasttrap_isa.c ============================================================================== --- head/sys/cddl/contrib/opensolaris/uts/intel/dtrace/fasttrap_isa.c Thu Feb 21 22:49:39 2019 (r344451) +++ head/sys/cddl/contrib/opensolaris/uts/intel/dtrace/fasttrap_isa.c Thu Feb 21 22:54:17 2019 (r344452) @@ -967,6 +967,7 @@ fasttrap_pid_probe(struct trapframe *tf) struct reg reg, *rp; proc_t *p = curproc, *pp; struct rm_priotracker tracker; + uint64_t gen; uintptr_t pc; uintptr_t new_pc = 0; fasttrap_bucket_t *bucket; @@ -1026,8 +1027,22 @@ fasttrap_pid_probe(struct trapframe *tf) while (pp->p_vmspace == pp->p_pptr->p_vmspace) pp = pp->p_pptr; pid = pp->p_pid; + if (pp != p) { + PROC_LOCK(pp); + if ((pp->p_flag & P_WEXIT) != 0) { + /* + * This can happen if the child was created with + * rfork(2). Userspace tracing cannot work reliably in + * such a scenario, but we can at least try. + */ + PROC_UNLOCK(pp); + sx_sunlock(&proctree_lock); + return (-1); + } + _PHOLD_LITE(pp); + PROC_UNLOCK(pp); + } sx_sunlock(&proctree_lock); - pp = NULL; rm_rlock(&fasttrap_tp_lock, &tracker); #endif @@ -1051,11 +1066,28 @@ fasttrap_pid_probe(struct trapframe *tf) if (tp == NULL) { #ifdef illumos mutex_exit(pid_mtx); + return (-1); #else rm_runlock(&fasttrap_tp_lock, &tracker); -#endif + gen = atomic_load_acq_64(&pp->p_fasttrap_tp_gen); + if (pp != p) + PRELE(pp); + if (curthread->t_fasttrap_tp_gen != gen) { + /* + * At least one tracepoint associated with this PID has + * been removed from the table since #BP was raised. + * Speculate that we hit a tracepoint that has since + * been removed, and retry the instruction. + */ + curthread->t_fasttrap_tp_gen = gen; + tf->tf_rip = pc; + return (0); + } return (-1); +#endif } + if (pp != p) + PRELE(pp); /* * Set the program counter to the address of the traced instruction Modified: head/sys/cddl/dev/dtrace/dtrace_cddl.h ============================================================================== --- head/sys/cddl/dev/dtrace/dtrace_cddl.h Thu Feb 21 22:49:39 2019 (r344451) +++ head/sys/cddl/dev/dtrace/dtrace_cddl.h Thu Feb 21 22:54:17 2019 (r344452) @@ -37,7 +37,7 @@ typedef struct kdtrace_proc { u_int64_t p_dtrace_count; /* Number of DTrace tracepoints */ void *p_dtrace_helpers; /* DTrace helpers, if any */ int p_dtrace_model; - + uint64_t p_fasttrap_tp_gen; /* Tracepoint hash table gen */ } kdtrace_proc_t; /* @@ -86,6 +86,7 @@ typedef struct kdtrace_thread { u_int64_t td_hrtime; /* Last time on cpu. */ void *td_dtrace_sscr; /* Saved scratch space location. */ void *td_systrace_args; /* syscall probe arguments. */ + uint64_t td_fasttrap_tp_gen; /* Tracepoint hash table gen. */ } kdtrace_thread_t; /* @@ -113,10 +114,12 @@ typedef struct kdtrace_thread { #define t_dtrace_regv td_dtrace->td_dtrace_regv #define t_dtrace_sscr td_dtrace->td_dtrace_sscr #define t_dtrace_systrace_args td_dtrace->td_systrace_args +#define t_fasttrap_tp_gen td_dtrace->td_fasttrap_tp_gen #define p_dtrace_helpers p_dtrace->p_dtrace_helpers #define p_dtrace_count p_dtrace->p_dtrace_count #define p_dtrace_probes p_dtrace->p_dtrace_probes #define p_model p_dtrace->p_dtrace_model +#define p_fasttrap_tp_gen p_dtrace->p_fasttrap_tp_gen #define DATAMODEL_NATIVE 0 #ifdef __amd64__