From 165de3f338b7fefecf44a1dcc258d0590f92aefa Mon Sep 17 00:00:00 2001 From: Mark Johnston Date: Sat, 26 Oct 2013 03:21:54 +0000 Subject: [PATCH] Fix a couple of bugs in the fasttrap emulation of a "push %rbp" instruction: the code was trying to save the stack pointer rather than the frame pointer, and the arguments to copyout(9) were reversed, so nothing ended up being saved on the stack. This would cause process crashes when the pid provider was being used to instrument calls of a function starting with this instruction. Reported by: symbolics@gmx.com Tested by: symbolics@gmx.com (earlier version) MFC after: 2 weeks --- .../opensolaris/uts/intel/dtrace/fasttrap_isa.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/sys/cddl/contrib/opensolaris/uts/intel/dtrace/fasttrap_isa.c b/sys/cddl/contrib/opensolaris/uts/intel/dtrace/fasttrap_isa.c index 8b5ce9f4672..4764fb58100 100644 --- a/sys/cddl/contrib/opensolaris/uts/intel/dtrace/fasttrap_isa.c +++ b/sys/cddl/contrib/opensolaris/uts/intel/dtrace/fasttrap_isa.c @@ -104,6 +104,7 @@ uwrite(proc_t *p, void *kaddr, size_t len, uintptr_t uaddr) #define r_rip r_eip #define r_rflags r_eflags #define r_rsp r_esp +#define r_rbp r_ebp #endif /* @@ -1394,29 +1395,27 @@ fasttrap_pid_probe(struct reg *rp) case FASTTRAP_T_PUSHL_EBP: { int ret = 0; - uintptr_t addr = 0; #ifdef __amd64 if (p->p_model == DATAMODEL_NATIVE) { - addr = rp->r_rsp - sizeof (uintptr_t); - ret = fasttrap_sulword((void *)addr, &rp->r_rsp); + rp->r_rsp -= sizeof (uintptr_t); + ret = fasttrap_sulword(&rp->r_rbp, (void *)rp->r_rsp); } else { #endif #ifdef __i386__ - addr = rp->r_rsp - sizeof (uint32_t); - ret = fasttrap_suword32((void *)addr, &rp->r_rsp); + rp->r_rsp -= sizeof (uint32_t); + ret = fasttrap_suword32(&rp->r_rbp, (void *)rp->r_rsp); #endif #ifdef __amd64 } #endif if (ret == -1) { - fasttrap_sigsegv(p, curthread, addr); + fasttrap_sigsegv(p, curthread, rp->r_rsp); new_pc = pc; break; } - rp->r_rsp = addr; new_pc = pc + tp->ftt_size; break; }