Re: [PATCH v10 tip 5/9] tracing: allow BPF programs to call bpf_trace_printk()
From: Alexei Starovoitov
Date: Mon Mar 23 2015 - 13:50:26 EST
On 3/23/15 5:07 AM, Ingo Molnar wrote:
* David Laight <David.Laight@xxxxxxxxxx> wrote:
From: Alexei Starovoitov
Debugging of BPF programs needs some form of printk from the program,
so let programs call limited trace_printk() with %d %u %x %p modifiers only.
Should anyone be allowed to use BPF programs to determine the kernel
addresses of any items?
Looks as though it is leaking kernel addresses to userspace.
Note that the problem is with the arguments, not the format string.
All of these are privileged operations - inherent if you are trying to
debug the kernel.
yep.
There is a plan to add 'pointer leak detector' to bpf verifier and
'constant blinding' pass, so in the future we may let unprivileged
users load programs. seccomp will be first such user. But it will
take long time.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/