lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 5 May 2019 00:19:42 -0700 From: Alexei Starovoitov <alexei.starovoitov@...il.com> To: "Joel Fernandes (Google)" <joel@...lfernandes.org> Cc: LKML <linux-kernel@...r.kernel.org>, Michal Gregorczyk <michalgr@...e.com>, Adrian Ratiu <adrian.ratiu@...labora.com>, Mohammad Husain <russoue@...il.com>, Qais Yousef <qais.yousef@....com>, Srinivas Ramana <sramana@...eaurora.org>, duyuchao <yuchao.du@...soc.com>, Manjo Raja Rao <linux@...ojrajarao.com>, Karim Yaghmour <karim.yaghmour@...rsys.com>, Tamir Carmeli <carmeli.tamir@...il.com>, Yonghong Song <yhs@...com>, Alexei Starovoitov <ast@...nel.org>, Brendan Gregg <brendan.d.gregg@...il.com>, Masami Hiramatsu <mhiramat@...nel.org>, Peter Ziljstra <peterz@...radead.org>, Steven Rostedt <rostedt@...dmis.org>, Kees Cook <keescook@...omium.org>, Android Kernel Team <kernel-team@...roid.com>, Daniel Borkmann <daniel@...earbox.net>, Ingo Molnar <mingo@...hat.com>, Network Development <netdev@...r.kernel.org> Subject: Re: [PATCH RFC] bpf: Add support for reading user pointers On Thu, May 2, 2019 at 1:50 PM Joel Fernandes (Google) <joel@...lfernandes.org> wrote: > > The eBPF based opensnoop tool fails to read the file path string passed > to the do_sys_open function. This is because it is a pointer to > userspace address and causes an -EFAULT when read with > probe_kernel_read. This is not an issue when running the tool on x86 but > is an issue on arm64. This patch adds a new bpf function call based > which calls the recently proposed probe_user_read function [1]. > Using this function call from opensnoop fixes the issue on arm64. > > [1] https://lore.kernel.org/patchwork/patch/1051588/ ... > +BPF_CALL_3(bpf_probe_read_user, void *, dst, u32, size, const void *, unsafe_ptr) > +{ > + int ret; > + > + ret = probe_user_read(dst, unsafe_ptr, size); > + if (unlikely(ret < 0)) > + memset(dst, 0, size); > + > + return ret; > +} probe_user_read() doesn't exist in bpf-next therefore this patch has to wait for the next merge window. At the same time we would need to introduce bpf_probe_read_kernel() and introduce a load time warning for existing bpf_probe_read(), so we can deprecate it eventually.
Powered by blists - more mailing lists