lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 28 Feb 2019 16:00:55 +0900
From:   Masami Hiramatsu <mhiramat@...nel.org>
To:     Steven Rostedt <rostedt@...dmis.org>
Cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        linux-kernel@...r.kernel.org,
        Andy Lutomirski <luto@...capital.net>,
        Ingo Molnar <mingo@...nel.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Changbin Du <changbin.du@...il.com>,
        Jann Horn <jannh@...gle.com>,
        Kees Cook <keescook@...omium.org>,
        Andy Lutomirski <luto@...nel.org>,
        Alexei Starovoitov <alexei.starovoitov@...il.com>,
        Nadav Amit <namit@...are.com>,
        Peter Zijlstra <peterz@...radead.org>
Subject: Re: [PATCH v3 5/5] tracing/probe: Support user-space dereference

Hi Steve,

Thank you for the review.

On Wed, 27 Feb 2019 21:31:32 -0500
Steven Rostedt <rostedt@...dmis.org> wrote:

> On Wed, 27 Feb 2019 23:44:42 +0900
> Masami Hiramatsu <mhiramat@...nel.org> wrote:
> 
> >  
> > +.. _user_mem_access:
> > +User Memory Access
> > +------------------
> > +Kprobe events supports user-space memory access. For that purpose, you can use
> > +either user-space dereference syntax or 'ustring' type.
> > +
> > +user-space dereference syntax allows you to access a field of a data structure
> 
>   "The user-space"
> 
> > +n user-space. This is done by "u" prefix with dereference syntax. For example,
> 
>  in user-space?   "This is done by adding the "u" prefix to the dereference syntax"

Oops, it maybe a typo. yes "in user-space".
OK, I'll fix that.

> 
> 
> > ++u4(%si) means read a user memory from the user-space address %si+4. You can
> 
>  "means it will read memory from the address in the register %si offset
>  by 4, and that memory is expected to be in user-space."

OK,

> 
> 
> > +use this for string too, e.g. +u0(%si):string means that the read a user space
> 
> 	"for strings too"

OK,

> 
> > +string from the address where %si register points. 'ustring' is a kind of
> > +short-cut. You can use +0(%si):ustring instead of that.
> 
> "+u0(%si):string will read a string from the address in the register
>  %si that is expected to be in user-space. 'ustring' is a shortcut way
>  off performing the same task. That is, +0(%si):ustring is equivalent
>  to +u0(%si):string."

Would you mean "of performing"?

> 
> 
> > +
> > +Note that kprobe-event provides user-memory access syntax, but it
> > doesn't +use it transparently. This means if you use normal
> > dereference or string type +for user memory, it might fail, and
> > always fails on some arch. So user has to +check if the targe data is
> > in kernel or in user space carefully. 
> >  Per-Probe Event Filtering
> >  -------------------------
> > diff --git a/Documentation/trace/uprobetracer.rst
> > b/Documentation/trace/uprobetracer.rst index
> > 4c3bfde2ba47..6144423b2368 100644 ---
> > a/Documentation/trace/uprobetracer.rst +++
> > b/Documentation/trace/uprobetracer.rst @@ -42,16 +42,17 @@ Synopsis
> > of uprobe_tracer @+OFFSET	: Fetch memory at OFFSET (OFFSET
> > from same file as PATH) $stackN	: Fetch Nth entry of stack (N
> > >= 0) $stack	: Fetch stack address.
> > -   $retval	: Fetch return value.(*)
> > +   $retval	: Fetch return value.(\*1)
> >     $comm	: Fetch current task comm.
> > -   +|-offs(FETCHARG) : Fetch memory at FETCHARG +|- offs address.(**)
> > +   +|-[u]OFFS(FETCHARG) : Fetch memory at FETCHARG +|- OFFS
> > address.(\*2)(\*3) NAME=FETCHARG     : Set NAME as the argument name
> > of FETCHARG. FETCHARG:TYPE     : Set TYPE as the type of FETCHARG.
> > Currently, basic types (u8/u16/u32/u64/s8/s16/s32/s64), hexadecimal
> > types (x8/x16/x32/x64), "string" and bitfield are supported.
> >  
> > -  (*) only for return probe.
> > -  (**) this is useful for fetching a field of data structures.
> > +  (\*1) only for return probe.
> > +  (\*2) this is useful for fetching a field of data structures.
> > +  (\*3) Unlike kprobe event, "u" prefix will be just ignored.
> 
> 					"will just be ignored."

OK. 

Thank you!

> 
> >  
> >  Types
> >  -----
> > diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
> > index 4cacbb0e1538..5408a82a015d 100644
> 
> 
> -- Steve


-- 
Masami Hiramatsu <mhiramat@...nel.org>

Powered by blists - more mailing lists