| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20190513211130.24735357a329cfdc25fcecf9@kernel.org>
Date: Mon, 13 May 2019 21:11:30 +0900
From: Masami Hiramatsu <mhiramat@...nel.org>
To: Steven Rostedt <rostedt@...dmis.org>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
Shuah Khan <shuah@...nel.org>,
Arnaldo Carvalho de Melo <acme@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
linux-kernel@...r.kernel.org,
Andy Lutomirski <luto@...capital.net>,
Ingo Molnar <mingo@...nel.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Changbin Du <changbin.du@...il.com>,
Jann Horn <jannh@...gle.com>,
Kees Cook <keescook@...omium.org>,
Andy Lutomirski <luto@...nel.org>,
Alexei Starovoitov <alexei.starovoitov@...il.com>,
Nadav Amit <namit@...are.com>,
Joel Fernandes <joel@...lfernandes.org>, yhs@...com
Subject: Re: [RFC PATCH v6 4/6] tracing/probe: Support user-space
dereference
On Wed, 8 May 2019 11:22:37 -0400
Steven Rostedt <rostedt@...dmis.org> wrote:
> > > > Per-Probe Event Filtering
> > > > -------------------------
> > > > diff --git a/Documentation/trace/uprobetracer.rst b/Documentation/trace/uprobetracer.rst
> > > > index 4346e23e3ae7..de8812c932bc 100644
> > > > --- a/Documentation/trace/uprobetracer.rst
> > > > +++ b/Documentation/trace/uprobetracer.rst
> > > > @@ -42,16 +42,17 @@ Synopsis of uprobe_tracer
> > > > @+OFFSET : Fetch memory at OFFSET (OFFSET from same file as PATH)
> > > > $stackN : Fetch Nth entry of stack (N >= 0)
> > > > $stack : Fetch stack address.
> > > > - $retval : Fetch return value.(*)
> > > > + $retval : Fetch return value.(\*1)
> > > > $comm : Fetch current task comm.
> > > > - +|-offs(FETCHARG) : Fetch memory at FETCHARG +|- offs address.(**)
> > > > + +|-[u]OFFS(FETCHARG) : Fetch memory at FETCHARG +|- OFFS address.(\*2)(\*3)
> > > > NAME=FETCHARG : Set NAME as the argument name of FETCHARG.
> > > > FETCHARG:TYPE : Set TYPE as the type of FETCHARG. Currently, basic types
> > > > (u8/u16/u32/u64/s8/s16/s32/s64), hexadecimal types
> > > > (x8/x16/x32/x64), "string" and bitfield are supported.
> > >
> > > Hmm, shouldn't uprobes default to userspace. Isn't the purpose mostly
> > > to find out what's going on in userspace. Perhaps we should add a 'k'
> > > annotation to uprobes to denote that it's for kernel space, as that
> > > should be the exception and not the norm.
> >
> > No, uprobe can not access kernel space, because it doesn't have the
> > current kernel context. Note that all registers, stacks which
> > can be accessed from uprobe handler are user-space. We can not access
> > kernel context from that. See below
> >
> > > > - (*) only for return probe.
> > > > - (**) this is useful for fetching a field of data structures.
> > > > + (\*1) only for return probe.
> > > > + (\*2) this is useful for fetching a field of data structures.
> > > > + (\*3) Unlike kprobe event, "u" prefix will just be ignored.
> >
> > Thus the 'u' is just ignored on uprobe event.
>
> I totally missed the footnote here. Can we stress this point more up in
> the "User Memory Access" section. Specifically state something like:
> "Uprobes only access userspace memory, thus the 'u' is not required,
> and if it is added to a uprobe, it will simply be ignored".
Sorry, I missed this mail.
Since the "User Memory Access" section is only in kprobetrace.rst, I think
mentioning uprobe-events in kprobetrace.rst is meaningless. Uprobe user
might read uprobetracer.rst instead of kprobetrace.rst.
So I think it is enough to mention it as a footnote in uprobetracer.rst.
Thank you,
--
Masami Hiramatsu <mhiramat@...nel.org>
Powered by blists - more mailing lists