lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 6 May 2019 23:24:19 +0100
From:   Qais Yousef <>
To:     "Joel Fernandes (Google)" <>
        Michal Gregorczyk <>,
        Adrian Ratiu <>,
        Mohammad Husain <>,
        Srinivas Ramana <>,
        duyuchao <>,
        Manjo Raja Rao <>,
        Karim Yaghmour <>,
        Tamir Carmeli <>,
        Yonghong Song <>,
        Alexei Starovoitov <>,
        Brendan Gregg <>,
        Masami Hiramatsu <>,
        Peter Ziljstra <>,
        Andrii Nakryiko <>,
        Steven Rostedt <>,
        Kees Cook <>,,, Daniel Borkmann <>,
        Ingo Molnar <>,
        Martin KaFai Lau <>,,
        Song Liu <>
Subject: Re: [PATCH v2 1/4] bpf: Add support for reading user pointers

On 05/06/19 14:31, Joel Fernandes (Google) wrote:
> The eBPF based opensnoop tool fails to read the file path string passed
> to the do_sys_open function. This is because it is a pointer to
> userspace address and causes an -EFAULT when read with
> probe_kernel_read. This is not an issue when running the tool on x86 but
> is an issue on arm64. This patch adds a new bpf function call based
> which calls the recently proposed probe_user_read function [1].
> Using this function call from opensnoop fixes the issue on arm64.

You haven't updated the commit message as agreed. Please add more explanation
on how arm64 fails or drop the reference. Anyone reads this as-is would
think it always fails on arm64 but it does under some circumstances which
should be explained properly.

I tried opensnoop on 5.1-rc7 and 4.9.173 stable on juno-r2 using the in-tree
defconfig and opensnoop returned the correct results on both cases.


Qais Yousef

Powered by blists - more mailing lists