DTrace suddenly running out of scratch space.

From: raichoo <raichoo_at_googlemail.com>
Date: Tue, 6 Mar 2018 12:07:02 +0100
Hi,

I'm encountering an issue with recent builds of FreeBSD CURRENT that
haven't been
present by the end of last year.

I gave a presentation at 34c3 where I demoed using DTrace to identify code
that is
susceptible to timing side channel attacks. The script is rather simple but
worked fine back
then.

 #pragma D option dynvarsize=512m

int len;

BEGIN
{
  len = 0;
}

pid$$target:authenticate:check:entry
{
  self->enter = vtimestamp;
  self->arg = copyinstr(arg0);
}

pid$$target:authenticate:check:return
/self->enter/
{
  _at_timing[self->arg] = lquantize(vtimestamp - self->enter, 700, 800, 10);
  if (strlen(self->arg) != len) {
    len = strlen(self->arg);
    trunc(_at_timing);
  }
  self->enter = 0;
}

pid$$target:authenticate:check:return
/arg1 == 1/
{
  printf("Password is: %s\n", self->arg);
  exit(0);
}

pid$$target:authenticate:check:return
{
  self->arg = 0;
}

tick-3s
{
  printa(_at_timing);
}

It basically measures the time it takes to compare 2 strings, nothing
fancy. For some
reason dtrace now reports the following when I run this script:

dtrace: error on enabled probe ID 2 (ID 76791:
pid3282:authenticate:check:entry): out of scratch space in action #2 at DIF
offset 12
dtrace: error on enabled probe ID 7 (ID 76792:
pid3282:authenticate:check:return): invalid address (0x0) in action #1 at
DIF offset 24

I'm not quite sure where this is coming from. Maybe the script was wrong in
the first place
and recent changes are reacting to that, but to me it seems as is the
aggregations are not
getting cleaned up properly.

Kind regards,
raichoo
Received on Tue Mar 06 2018 - 10:07:04 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:15 UTC