Re: [PATCH v2 1/4] bpf: Add support for reading user pointers
From: Daniel Borkmann
Date: Mon May 06 2019 - 15:31:21 EST
On 05/06/2019 08:31 PM, Joel Fernandes (Google) wrote:
> The eBPF based opensnoop tool fails to read the file path string passed
> to the do_sys_open function. This is because it is a pointer to
> userspace address and causes an -EFAULT when read with
> probe_kernel_read. This is not an issue when running the tool on x86 but
> is an issue on arm64. This patch adds a new bpf function call based
> which calls the recently proposed probe_user_read function [1].
> Using this function call from opensnoop fixes the issue on arm64.
>
> [1] https://lore.kernel.org/patchwork/patch/1051588/
>
> Cc: Michal Gregorczyk <michalgr@xxxxxxxx>
> Cc: Adrian Ratiu <adrian.ratiu@xxxxxxxxxxxxx>
> Cc: Mohammad Husain <russoue@xxxxxxxxx>
> Cc: Qais Yousef <qais.yousef@xxxxxxx>
> Cc: Srinivas Ramana <sramana@xxxxxxxxxxxxxx>
> Cc: duyuchao <yuchao.du@xxxxxxxxxx>
> Cc: Manjo Raja Rao <linux@xxxxxxxxxxxxxxxx>
> Cc: Karim Yaghmour <karim.yaghmour@xxxxxxxxxxx>
> Cc: Tamir Carmeli <carmeli.tamir@xxxxxxxxx>
> Cc: Yonghong Song <yhs@xxxxxx>
> Cc: Alexei Starovoitov <ast@xxxxxxxxxx>
> Cc: Brendan Gregg <brendan.d.gregg@xxxxxxxxx>
> Cc: Masami Hiramatsu <mhiramat@xxxxxxxxxx>
> Cc: Peter Ziljstra <peterz@xxxxxxxxxxxxx>
> Cc: Andrii Nakryiko <andrii.nakryiko@xxxxxxxxx>
> Cc: Steven Rostedt <rostedt@xxxxxxxxxxx>
> Cc: Kees Cook <keescook@xxxxxxxxxxxx>
> Cc: kernel-team@xxxxxxxxxxx
> Signed-off-by: Joel Fernandes (Google) <joel@xxxxxxxxxxxxxxxxx>
> ---
> Masami, could you carry these patches in the series where are you add
> probe_user_read function?
>
> Previous submissions is here:
> https://lore.kernel.org/patchwork/patch/1069552/
> v1->v2: split tools uapi sync into separate commit, added deprecation
> warning for old bpf_probe_read function.
Please properly submit this series to bpf tree once the base
infrastructure from Masami is upstream. This series here should
also fix up all current probe read usage under samples/bpf/ and
tools/testing/selftests/bpf/.
Thanks,
Daniel