Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 6 Mar 2018 12:07:02 +0100
From:      raichoo <raichoo@googlemail.com>
To:        freebsd-current@freebsd.org
Subject:   DTrace suddenly running out of scratch space.
Message-ID:  <CAJaUxeyE4Ar9-JRkjWZsRw1fwq5z6SYk%2BZjwTr7mLN06PM0nAg@mail.gmail.com>

next in thread | raw e-mail | index | archive | help
Hi,

I'm encountering an issue with recent builds of FreeBSD CURRENT that
haven't been
present by the end of last year.

I gave a presentation at 34c3 where I demoed using DTrace to identify code
that is
susceptible to timing side channel attacks. The script is rather simple but
worked fine back
then.

 #pragma D option dynvarsize=512m

int len;

BEGIN
{
  len = 0;
}

pid$$target:authenticate:check:entry
{
  self->enter = vtimestamp;
  self->arg = copyinstr(arg0);
}

pid$$target:authenticate:check:return
/self->enter/
{
  @timing[self->arg] = lquantize(vtimestamp - self->enter, 700, 800, 10);
  if (strlen(self->arg) != len) {
    len = strlen(self->arg);
    trunc(@timing);
  }
  self->enter = 0;
}

pid$$target:authenticate:check:return
/arg1 == 1/
{
  printf("Password is: %s\n", self->arg);
  exit(0);
}

pid$$target:authenticate:check:return
{
  self->arg = 0;
}

tick-3s
{
  printa(@timing);
}

It basically measures the time it takes to compare 2 strings, nothing
fancy. For some
reason dtrace now reports the following when I run this script:

dtrace: error on enabled probe ID 2 (ID 76791:
pid3282:authenticate:check:entry): out of scratch space in action #2 at DIF
offset 12
dtrace: error on enabled probe ID 7 (ID 76792:
pid3282:authenticate:check:return): invalid address (0x0) in action #1 at
DIF offset 24

I'm not quite sure where this is coming from. Maybe the script was wrong in
the first place
and recent changes are reacting to that, but to me it seems as is the
aggregations are not
getting cleaned up properly.

Kind regards,
raichoo



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJaUxeyE4Ar9-JRkjWZsRw1fwq5z6SYk%2BZjwTr7mLN06PM0nAg>