lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190503121234.6don256zuvfjtdg6@e107158-lin.cambridge.arm.com> Date: Fri, 3 May 2019 13:12:34 +0100 From: Qais Yousef <qais.yousef@....com> To: "Joel Fernandes (Google)" <joel@...lfernandes.org> Cc: linux-kernel@...r.kernel.org, Michal Gregorczyk <michalgr@...e.com>, Adrian Ratiu <adrian.ratiu@...labora.com>, Mohammad Husain <russoue@...il.com>, Srinivas Ramana <sramana@...eaurora.org>, duyuchao <yuchao.du@...soc.com>, Manjo Raja Rao <linux@...ojrajarao.com>, Karim Yaghmour <karim.yaghmour@...rsys.com>, Tamir Carmeli <carmeli.tamir@...il.com>, Yonghong Song <yhs@...com>, Alexei Starovoitov <ast@...nel.org>, Brendan Gregg <brendan.d.gregg@...il.com>, Masami Hiramatsu <mhiramat@...nel.org>, Peter Ziljstra <peterz@...radead.org>, Steven Rostedt <rostedt@...dmis.org>, Kees Cook <keescook@...omium.org>, kernel-team@...roid.com, Daniel Borkmann <daniel@...earbox.net>, Ingo Molnar <mingo@...hat.com>, netdev@...r.kernel.org Subject: Re: [PATCH RFC] bpf: Add support for reading user pointers Hi Joel On 05/02/19 16:49, Joel Fernandes (Google) wrote: > The eBPF based opensnoop tool fails to read the file path string passed > to the do_sys_open function. This is because it is a pointer to > userspace address and causes an -EFAULT when read with > probe_kernel_read. This is not an issue when running the tool on x86 but > is an issue on arm64. This patch adds a new bpf function call based I just did an experiment and if I use Android 4.9 kernel I indeed fail to see PATH info when running opensnoop. But if I run on 5.1-rc7 opensnoop behaves correctly on arm64. My guess either a limitation that was fixed on later kernel versions or Android kernel has some strict option/modifications that make this fail? root@...ldroot:/# uname -a Linux buildroot 5.1.0-rc7-00164-ga00214620959-dirty #41 SMP PREEMPT Thu May 2 16:33:00 BST 2019 aarch64 GNU/Linux root@...ldroot:/# opensnoop PID COMM FD ERR PATH 5180 default.script -1 2 /etc/ld.so.cache 5180 default.script -1 2 /lib/tls/v8l/neon/vfp/libresolv.so.2 5180 default.script -1 2 /lib/tls/v8l/neon/libresolv.so.2 5180 default.script -1 2 /lib/tls/v8l/vfp/libresolv.so.2 5180 default.script -1 2 /lib/tls/v8l/libresolv.so.2 5180 default.script -1 2 /lib/tls/neon/vfp/libresolv.so.2 5180 default.script -1 2 /lib/tls/neon/libresolv.so.2 5180 default.script -1 2 /lib/tls/vfp/libresolv.so.2 5180 default.script -1 2 /lib/tls/libresolv.so.2 5180 default.script -1 2 /lib/v8l/neon/vfp/libresolv.so.2 5180 default.script -1 2 /lib/v8l/neon/libresolv.so.2 5180 default.script -1 2 /lib/v8l/vfp/libresolv.so.2 5180 default.script -1 2 /lib/v8l/libresolv.so.2 5180 default.script -1 2 /lib/neon/vfp/libresolv.so.2 5180 default.script -1 2 /lib/neon/libresolv.so.2 5180 default.script -1 2 /lib/vfp/libresolv.so.2 5180 default.script 3 0 /lib/libresolv.so.2 5180 default.script 3 0 /lib/libc.so.6 5180 default.script 3 0 /usr/share/udhcpc/default.script 5180 default.script 3 0 /usr/share/udhcpc/default.script.d/ -- Qais Yousef
Powered by blists - more mailing lists