6468390 dtrace_canstore()'s mechanism for validating dynamic variable stores needs improving

6578110 The DIF 'ret' instruction doesn't work as advertised

3 files changed, 111 insertions, 1 deletions

diff --git a/usr/src/cmd/dtrace/test/tst/common/assocs/tst.invalidref.d b/usr/src/cmd/dtrace/test/tst/common/assocs/tst.invalidref.d
new file mode 100644
index 0000000000..446acfad4d
--- /dev/null
+++ b/usr/src/cmd/dtrace/test/tst/common/assocs/tst.invalidref.d
@@ -0,0 +1,75 @@
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
+ *
+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ * or http://www.opensolaris.org/os/licensing.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ * If applicable, add the following below this CDDL HEADER, with the
+ * fields enclosed by brackets "[]" replaced with your own identifying
+ * information: Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ */
+
+/*
+ * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+#pragma ident	"%Z%%M%	%I%	%E% SMI"
+
+/*
+ * Test to ensure that invalid stores to a global associative array
+ * are caught correctly.
+ */
+
+#pragma D option quiet
+
+int last_cmds[int][4];
+
+BEGIN
+{
+	errors = 0;
+	forward = 0;
+	backward = 0;
+}
+
+tick-1s
+/!forward/
+{
+	forward = 1;
+	last_cmds[1][4] = 0xdeadbeef;
+}
+
+tick-1s
+/!backward/
+{
+	backward = 1;
+	last_cmds[1][-5] = 0xdeadbeef;
+}
+
+tick-1s
+/errors > 1/
+{
+	exit(0);
+}
+
+tick-1s
+/n++ > 5/
+{
+	exit(1);
+}
+
+ERROR
+/arg4 == DTRACEFLT_BADADDR/
+{
+	errors++;
+}
diff --git a/usr/src/pkgdefs/SUNWdtrt/prototype_com b/usr/src/pkgdefs/SUNWdtrt/prototype_com
index f1984e79f0..5c037707fb 100644
--- a/usr/src/pkgdefs/SUNWdtrt/prototype_com
+++ b/usr/src/pkgdefs/SUNWdtrt/prototype_com
@@ -229,6 +229,7 @@ f none SUNWdtrt/tst/common/assocs/tst.misc.d 0444 root bin
 f none SUNWdtrt/tst/common/assocs/tst.orthogonality.d 0444 root bin
 f none SUNWdtrt/tst/common/assocs/tst.this.d 0444 root bin
 f none SUNWdtrt/tst/common/assocs/tst.valassign.d.out 0444 root bin
+f none SUNWdtrt/tst/common/assocs/tst.invalidref.d 0444 root bin
 d none SUNWdtrt/tst/common/begin 0755 root bin
 f none SUNWdtrt/tst/common/begin/err.D_PDESC_ZERO.begin.d 0444 root bin
 f none SUNWdtrt/tst/common/begin/err.D_PDESC_ZERO.tick.d 0444 root bin
diff --git a/usr/src/uts/common/dtrace/dtrace.c b/usr/src/uts/common/dtrace/dtrace.c
index 923ceb0cbe..09f050c19d 100644
--- a/usr/src/uts/common/dtrace/dtrace.c
+++ b/usr/src/uts/common/dtrace/dtrace.c
@@ -607,8 +607,41 @@ dtrace_canstore(uint64_t addr, size_t sz, dtrace_mstate_t *mstate,
 	 * variables.
 	 */
 	if (DTRACE_INRANGE(addr, sz, (uintptr_t)vstate->dtvs_dynvars.dtds_base,
-	    vstate->dtvs_dynvars.dtds_size))
+	    vstate->dtvs_dynvars.dtds_size)) {
+		dtrace_dstate_t *dstate = &vstate->dtvs_dynvars;
+		uintptr_t base = (uintptr_t)dstate->dtds_base +
+		    (dstate->dtds_hashsize * sizeof (dtrace_dynhash_t));
+		uintptr_t chunkoffs;
+
+		/*
+		 * Before we assume that we can store here, we need to make
+		 * sure that it isn't in our metadata -- storing to our
+		 * dynamic variable metadata would corrupt our state.  For
+		 * the range to not include any dynamic variable metadata,
+		 * it must:
+		 *
+		 *	(1) Start above the hash table that is at the base of
+		 *	the dynamic variable space
+		 *
+		 *	(2) Have a starting chunk offset that is beyond the
+		 *	dtrace_dynvar_t that is at the base of every chunk
+		 *
+		 *	(3) Not span a chunk boundary
+		 *
+		 */
+		if (addr < base)
+			return (0);
+
+		chunkoffs = (addr - base) % dstate->dtds_chunksize;
+
+		if (chunkoffs < sizeof (dtrace_dynvar_t))
+			return (0);
+
+		if (chunkoffs + sz > dstate->dtds_chunksize)
+			return (0);
+
 		return (1);
+	}
 
 	/*
 	 * Finally, check the static local and global variables.  These checks
@@ -4527,6 +4560,7 @@ dtrace_dif_emulate(dtrace_difo_t *difo, dtrace_mstate_t *mstate,
 			break;
 		case DIF_OP_RET:
 			rval = regs[rd];
+			pc = textlen;
 			break;
 		case DIF_OP_NOP:
 			break;