Re: [PATCH v2 1/4] bpf: Add support for reading user pointers

From: Daniel Borkmann
Date: Mon May 06 2019 - 15:31:21 EST

Next message: Arend Van Spriel: "Re: [PATCH RFC] brcmfmac: sanitize DMI strings v2"
Previous message: Thinh Nguyen: "Re: [PATCH 3/3] usb: dwc3: gadget: Add support for disabling U1 and U2 entries"
In reply to: Joel Fernandes (Google): "[PATCH v2 2/4] bpf: Add support for reading kernel pointers"
Next in thread: Joel Fernandes: "Re: [PATCH v2 1/4] bpf: Add support for reading user pointers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 05/06/2019 08:31 PM, Joel Fernandes (Google) wrote:
> The eBPF based opensnoop tool fails to read the file path string passed
> to the do_sys_open function. This is because it is a pointer to
> userspace address and causes an -EFAULT when read with
> probe_kernel_read. This is not an issue when running the tool on x86 but
> is an issue on arm64. This patch adds a new bpf function call based
> which calls the recently proposed probe_user_read function [1].
> Using this function call from opensnoop fixes the issue on arm64.
>
> [1] https://lore.kernel.org/patchwork/patch/1051588/
>
> Cc: Michal Gregorczyk <michalgr@xxxxxxxx>
> Cc: Adrian Ratiu <adrian.ratiu@xxxxxxxxxxxxx>
> Cc: Mohammad Husain <russoue@xxxxxxxxx>
> Cc: Qais Yousef <qais.yousef@xxxxxxx>
> Cc: Srinivas Ramana <sramana@xxxxxxxxxxxxxx>
> Cc: duyuchao <yuchao.du@xxxxxxxxxx>
> Cc: Manjo Raja Rao <linux@xxxxxxxxxxxxxxxx>
> Cc: Karim Yaghmour <karim.yaghmour@xxxxxxxxxxx>
> Cc: Tamir Carmeli <carmeli.tamir@xxxxxxxxx>
> Cc: Yonghong Song <yhs@xxxxxx>
> Cc: Alexei Starovoitov <ast@xxxxxxxxxx>
> Cc: Brendan Gregg <brendan.d.gregg@xxxxxxxxx>
> Cc: Masami Hiramatsu <mhiramat@xxxxxxxxxx>
> Cc: Peter Ziljstra <peterz@xxxxxxxxxxxxx>
> Cc: Andrii Nakryiko <andrii.nakryiko@xxxxxxxxx>
> Cc: Steven Rostedt <rostedt@xxxxxxxxxxx>
> Cc: Kees Cook <keescook@xxxxxxxxxxxx>
> Cc: kernel-team@xxxxxxxxxxx
> Signed-off-by: Joel Fernandes (Google) <joel@xxxxxxxxxxxxxxxxx>
> ---
> Masami, could you carry these patches in the series where are you add
> probe_user_read function?
>
> Previous submissions is here:
> https://lore.kernel.org/patchwork/patch/1069552/
> v1->v2: split tools uapi sync into separate commit, added deprecation
> warning for old bpf_probe_read function.

Please properly submit this series to bpf tree once the base
infrastructure from Masami is upstream. This series here should
also fix up all current probe read usage under samples/bpf/ and
tools/testing/selftests/bpf/.

Thanks,
Daniel

Next message: Arend Van Spriel: "Re: [PATCH RFC] brcmfmac: sanitize DMI strings v2"
Previous message: Thinh Nguyen: "Re: [PATCH 3/3] usb: dwc3: gadget: Add support for disabling U1 and U2 entries"
In reply to: Joel Fernandes (Google): "[PATCH v2 2/4] bpf: Add support for reading kernel pointers"
Next in thread: Joel Fernandes: "Re: [PATCH v2 1/4] bpf: Add support for reading user pointers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]