Re: [PATCH 1/2 v2] kprobe: Do not use uaccess functions to access kernel memory that can fault

From: Steven Rostedt
Date: Fri Feb 15 2019 - 21:08:39 EST

Next message: Masahiro Yamada: "Re: [PATCH] efi/libstub: refactor cmd_stubcopy"
Previous message: Jim Broadus: "Re: [PATCH] Fix resume for ELAN2097 touchscreen."
In reply to: Andy Lutomirski: "Re: [PATCH 1/2 v2] kprobe: Do not use uaccess functions to access kernel memory that can fault"
Next in thread: Andy Lutomirski: "Re: [PATCH 1/2 v2] kprobe: Do not use uaccess functions to access kernel memory that can fault"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 15 Feb 2019 17:32:55 -0800
Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote:

> > I added you just because I wanted help getting the change log correct,
> > as that's what Linus was complaining about. I kept using "kernel
> > address" when the sample bug used for the patch was really a
> > non-canonical address (as Linus said, it's just garbage. Neither kernel
> > or user space). But I pointed out that this can also bug if the
> > address is canonical and in the kernel address space. The old code
> > didn't complain about non-canonical or kernel address faulting before
> > commit 9da3f2b7405, which only talks about kernel address space
> > faulting (which is why I only mentioned that in my messages).
> >
> > Would changing all the mention of "kernel address" to "non user space"
> > be accurate?
> >
>
> I think âkernel addressâ is right. Itâs illegal to access anything that isnât known to be a valid kernel address while in KERNEL_DS.

But an non-canonical address is not a "kernel address", and that will
cause a bug too. This patch came about because it was changed that if
we do a uaccess on something other than a user space address and take a
fault (either because it was a non-canonical address, or a kernel
address), we BUG! Where before that one patch, it would just return a
fault.

>
> The old __copy seems likely to have always been a bit bogus.
>
> BTW, what is this probe_mem_read() thing? Some minimal inspection suggests itâs a buggy reimplementation of probe_kernel_read(). Can you delete it and just use probe_kernel_read() directly?

Well, the issue is that we have trace_probe_tmpl.h in that same
directory, which does the work for kprobes and uprobes. The
trace_kprobes.c defines all the functions for handling kprobes, and
trace_uprobes.c does all the handling of uprobes, then they include
trace_probe_tmpl.h which does the bulk of the work.

In the uprobes case, we have:

static nokprobe_inline int
probe_mem_read(void *dest, void *src, size_t size)
{
void __user *vaddr = (void __force __user *)src;

return copy_from_user(dest, vaddr, size) ? -EFAULT : 0;
}

Because that is adding probes on userspace code.

-- Steve

Next message: Masahiro Yamada: "Re: [PATCH] efi/libstub: refactor cmd_stubcopy"
Previous message: Jim Broadus: "Re: [PATCH] Fix resume for ELAN2097 touchscreen."
In reply to: Andy Lutomirski: "Re: [PATCH 1/2 v2] kprobe: Do not use uaccess functions to access kernel memory that can fault"
Next in thread: Andy Lutomirski: "Re: [PATCH 1/2 v2] kprobe: Do not use uaccess functions to access kernel memory that can fault"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]