Re: Firefox crash during dtrace attach under -CURRENT

Wed, 23 Oct 2013 19:59:57 -0700 

On Wed, Oct 23, 2013 at 09:30:09PM +0100, [email protected] wrote:
> Hi,
> 
> http://dtrace.org/blogs/brendan/2011/02/11/dtrace-pid-provider-arguments/
> 
> I tried to follow some of the examples but I crash the Firefox process
> each time. Sometimes DTrace manages to collect a little data before the
> death.
> 
> [...]
> 
> Is this a known problem or should I send a PR?

Thanks for reporting this: I was able to reproduce the crash and managed
to find a nasty pair of bugs. Could you test the patch below and let me
know if it fixes the problem for you as well? If you see more crashes,
please include the backtrace and signo from gdb again; it would likely
be a different problem that needs to be debugged and fixed separately.

For anyone interested, the bug is that fasttrap's ebp push instruction
emulation code is just wrong: it's supposed to save %rbp at %rsp - 8.
But instead it tries to save %rsp at %rsp - 8, and also reverses the
uaddr/kaddr arguments to copyout(), resulting in strange crashes. I
managed to narrow in on the problem with a test program that prints %rbp
immediately before and after a tracepoint.

Can anyone review this diff? I'd like to check it in soon, assuming
that I haven't also made a mistake somewhere. :)

Thanks,
-Mark

diff --git a/sys/cddl/contrib/opensolaris/uts/intel/dtrace/fasttrap_isa.c 
b/sys/cddl/contrib/opensolaris/uts/intel/dtrace/fasttrap_isa.c
index 8b5ce9f..bb5c9af 100644
--- a/sys/cddl/contrib/opensolaris/uts/intel/dtrace/fasttrap_isa.c
+++ b/sys/cddl/contrib/opensolaris/uts/intel/dtrace/fasttrap_isa.c
@@ -1399,12 +1399,12 @@ fasttrap_pid_probe(struct reg *rp)
 #ifdef __amd64
                if (p->p_model == DATAMODEL_NATIVE) {
                        addr = rp->r_rsp - sizeof (uintptr_t);
-                       ret = fasttrap_sulword((void *)addr, &rp->r_rsp);
+                       ret = fasttrap_sulword(&rp->r_rbp, (void *)addr);
                } else {
 #endif
 #ifdef __i386__
                        addr = rp->r_rsp - sizeof (uint32_t);
-                       ret = fasttrap_suword32((void *)addr, &rp->r_rsp);
+                       ret = fasttrap_suword32(&rp->r_rbp, (void *)addr);
 #endif
 #ifdef __amd64
                }
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-dtrace
To unsubscribe, send any mail to "[email protected]"

Reply via email to