Re: [PATCH v2 1/4] bpf: Add support for reading user pointers

From: Qais Yousef
Date: Mon May 06 2019 - 18:25:18 EST

Next message: Linus Torvalds: "Re: [RFC][PATCH 1/2] x86: Allow breakpoints to emulate call functions"
Previous message: Kees Cook: "Re: [RFC PATCH v2 3/4] Fix twofish crypto functions prototype casts"
In reply to: Joel Fernandes: "Re: [PATCH v2 1/4] bpf: Add support for reading user pointers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 05/06/19 14:31, Joel Fernandes (Google) wrote:
> The eBPF based opensnoop tool fails to read the file path string passed
> to the do_sys_open function. This is because it is a pointer to
> userspace address and causes an -EFAULT when read with
> probe_kernel_read. This is not an issue when running the tool on x86 but
> is an issue on arm64. This patch adds a new bpf function call based
> which calls the recently proposed probe_user_read function [1].
> Using this function call from opensnoop fixes the issue on arm64.

You haven't updated the commit message as agreed. Please add more explanation
on how arm64 fails or drop the reference. Anyone reads this as-is would
think it always fails on arm64 but it does under some circumstances which
should be explained properly.

I tried opensnoop on 5.1-rc7 and 4.9.173 stable on juno-r2 using the in-tree
defconfig and opensnoop returned the correct results on both cases.

Thanks

--
Qais Yousef

Next message: Linus Torvalds: "Re: [RFC][PATCH 1/2] x86: Allow breakpoints to emulate call functions"
Previous message: Kees Cook: "Re: [RFC PATCH v2 3/4] Fix twofish crypto functions prototype casts"
In reply to: Joel Fernandes: "Re: [PATCH v2 1/4] bpf: Add support for reading user pointers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]