| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190227213132.50f3cef1@vmware.local.home>
Date: Wed, 27 Feb 2019 21:31:32 -0500
From: Steven Rostedt <rostedt@...dmis.org>
To: Masami Hiramatsu <mhiramat@...nel.org>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
linux-kernel@...r.kernel.org,
Andy Lutomirski <luto@...capital.net>,
Ingo Molnar <mingo@...nel.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Changbin Du <changbin.du@...il.com>,
Jann Horn <jannh@...gle.com>,
Kees Cook <keescook@...omium.org>,
Andy Lutomirski <luto@...nel.org>,
Alexei Starovoitov <alexei.starovoitov@...il.com>,
Nadav Amit <namit@...are.com>,
Peter Zijlstra <peterz@...radead.org>
Subject: Re: [PATCH v3 5/5] tracing/probe: Support user-space dereference
On Wed, 27 Feb 2019 23:44:42 +0900
Masami Hiramatsu <mhiramat@...nel.org> wrote:
>
> +.. _user_mem_access:
> +User Memory Access
> +------------------
> +Kprobe events supports user-space memory access. For that purpose, you can use
> +either user-space dereference syntax or 'ustring' type.
> +
> +user-space dereference syntax allows you to access a field of a data structure
"The user-space"
> +n user-space. This is done by "u" prefix with dereference syntax. For example,
in user-space? "This is done by adding the "u" prefix to the dereference syntax"
> ++u4(%si) means read a user memory from the user-space address %si+4. You can
"means it will read memory from the address in the register %si offset
by 4, and that memory is expected to be in user-space."
> +use this for string too, e.g. +u0(%si):string means that the read a user space
"for strings too"
> +string from the address where %si register points. 'ustring' is a kind of
> +short-cut. You can use +0(%si):ustring instead of that.
"+u0(%si):string will read a string from the address in the register
%si that is expected to be in user-space. 'ustring' is a shortcut way
off performing the same task. That is, +0(%si):ustring is equivalent
to +u0(%si):string."
> +
> +Note that kprobe-event provides user-memory access syntax, but it
> doesn't +use it transparently. This means if you use normal
> dereference or string type +for user memory, it might fail, and
> always fails on some arch. So user has to +check if the targe data is
> in kernel or in user space carefully.
> Per-Probe Event Filtering
> -------------------------
> diff --git a/Documentation/trace/uprobetracer.rst
> b/Documentation/trace/uprobetracer.rst index
> 4c3bfde2ba47..6144423b2368 100644 ---
> a/Documentation/trace/uprobetracer.rst +++
> b/Documentation/trace/uprobetracer.rst @@ -42,16 +42,17 @@ Synopsis
> of uprobe_tracer @+OFFSET : Fetch memory at OFFSET (OFFSET
> from same file as PATH) $stackN : Fetch Nth entry of stack (N
> >= 0) $stack : Fetch stack address.
> - $retval : Fetch return value.(*)
> + $retval : Fetch return value.(\*1)
> $comm : Fetch current task comm.
> - +|-offs(FETCHARG) : Fetch memory at FETCHARG +|- offs address.(**)
> + +|-[u]OFFS(FETCHARG) : Fetch memory at FETCHARG +|- OFFS
> address.(\*2)(\*3) NAME=FETCHARG : Set NAME as the argument name
> of FETCHARG. FETCHARG:TYPE : Set TYPE as the type of FETCHARG.
> Currently, basic types (u8/u16/u32/u64/s8/s16/s32/s64), hexadecimal
> types (x8/x16/x32/x64), "string" and bitfield are supported.
>
> - (*) only for return probe.
> - (**) this is useful for fetching a field of data structures.
> + (\*1) only for return probe.
> + (\*2) this is useful for fetching a field of data structures.
> + (\*3) Unlike kprobe event, "u" prefix will be just ignored.
"will just be ignored."
>
> Types
> -----
> diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
> index 4cacbb0e1538..5408a82a015d 100644
-- Steve
Powered by blists - more mailing lists