lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3c6b312c-5763-0d9c-7c2c-436ee41f9be1@iogearbox.net>
Date:   Mon, 6 May 2019 21:11:19 +0200
From:   Daniel Borkmann <daniel@...earbox.net>
To:     "Joel Fernandes (Google)" <joel@...lfernandes.org>,
        linux-kernel@...r.kernel.org
Cc:     Michal Gregorczyk <michalgr@...e.com>,
        Adrian Ratiu <adrian.ratiu@...labora.com>,
        Mohammad Husain <russoue@...il.com>,
        Qais Yousef <qais.yousef@....com>,
        Srinivas Ramana <sramana@...eaurora.org>,
        duyuchao <yuchao.du@...soc.com>,
        Manjo Raja Rao <linux@...ojrajarao.com>,
        Karim Yaghmour <karim.yaghmour@...rsys.com>,
        Tamir Carmeli <carmeli.tamir@...il.com>,
        Yonghong Song <yhs@...com>,
        Alexei Starovoitov <ast@...nel.org>,
        Brendan Gregg <brendan.d.gregg@...il.com>,
        Masami Hiramatsu <mhiramat@...nel.org>,
        Peter Ziljstra <peterz@...radead.org>,
        Andrii Nakryiko <andrii.nakryiko@...il.com>,
        Steven Rostedt <rostedt@...dmis.org>,
        Kees Cook <keescook@...omium.org>, kernel-team@...roid.com,
        bpf@...r.kernel.org, Ingo Molnar <mingo@...hat.com>,
        Martin KaFai Lau <kafai@...com>, netdev@...r.kernel.org,
        Song Liu <songliubraving@...com>
Subject: Re: [PATCH v2 1/4] bpf: Add support for reading user pointers

On 05/06/2019 08:31 PM, Joel Fernandes (Google) wrote:
> The eBPF based opensnoop tool fails to read the file path string passed
> to the do_sys_open function. This is because it is a pointer to
> userspace address and causes an -EFAULT when read with
> probe_kernel_read. This is not an issue when running the tool on x86 but
> is an issue on arm64. This patch adds a new bpf function call based
> which calls the recently proposed probe_user_read function [1].
> Using this function call from opensnoop fixes the issue on arm64.
> 
> [1] https://lore.kernel.org/patchwork/patch/1051588/
> 
> Cc: Michal Gregorczyk <michalgr@...e.com>
> Cc: Adrian Ratiu <adrian.ratiu@...labora.com>
> Cc: Mohammad Husain <russoue@...il.com>
> Cc: Qais Yousef <qais.yousef@....com>
> Cc: Srinivas Ramana <sramana@...eaurora.org>
> Cc: duyuchao <yuchao.du@...soc.com>
> Cc: Manjo Raja Rao <linux@...ojrajarao.com>
> Cc: Karim Yaghmour <karim.yaghmour@...rsys.com>
> Cc: Tamir Carmeli <carmeli.tamir@...il.com>
> Cc: Yonghong Song <yhs@...com>
> Cc: Alexei Starovoitov <ast@...nel.org>
> Cc: Brendan Gregg <brendan.d.gregg@...il.com>
> Cc: Masami Hiramatsu <mhiramat@...nel.org>
> Cc: Peter Ziljstra <peterz@...radead.org>
> Cc: Andrii Nakryiko <andrii.nakryiko@...il.com>
> Cc: Steven Rostedt <rostedt@...dmis.org>
> Cc: Kees Cook <keescook@...omium.org>
> Cc: kernel-team@...roid.com
> Signed-off-by: Joel Fernandes (Google) <joel@...lfernandes.org>
> ---
> Masami, could you carry these patches in the series where are you add
> probe_user_read function?
> 
> Previous submissions is here:
> https://lore.kernel.org/patchwork/patch/1069552/
> v1->v2: split tools uapi sync into separate commit, added deprecation
> warning for old bpf_probe_read function.

Please properly submit this series to bpf tree once the base
infrastructure from Masami is upstream. This series here should
also fix up all current probe read usage under samples/bpf/ and
tools/testing/selftests/bpf/.

Thanks,
Daniel

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ