Received: by 2002:ac0:a679:0:0:0:0:0 with SMTP id p54csp1304496imp; Fri, 22 Feb 2019 00:29:16 -0800 (PST) X-Google-Smtp-Source: AHgI3IafwSafh/kjmbENugwdrfajwwh/RbTVjiiRlqqMuQmRsgyLnmNK7ZeIe3P5qveXy9scI8wc X-Received: by 2002:a17:902:6681:: with SMTP id e1mr2989417plk.98.1550824156535; Fri, 22 Feb 2019 00:29:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550824156; cv=none; d=google.com; s=arc-20160816; b=CYpYyskXiAHcvtp/HfwcDvRL4nKRklLizX/eDA/+OZPvrj1onN/XtRg+ZXfES7TNc1 3B2a+qi+exN6req5QsEoLOp2XsSUYuOw/nFSbwjzxjZIOjBL5leg/Icaw05nowlOcGcp q/YNlgnnQIlecpVuXVm1kR1wDv5fSIMZuicdVRBPhBTSywQdwModFviRUxlscrmkv4rX 47UBDVqfRdcQdDQfHVcjVP6LAtXsxVPi9engw82zGlgi5zGNnDD7OBRIgATrgZK+6QWf aqYxo6Fbto3QwHXhWhFixQ6BgF5+58pDkG3oHcsvgChPqLvaXR+G0QfDjtYjouNgb4LV AqeQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date :dkim-signature; bh=TCShq+U6ZViuJs7wX8f3+qyFzWArT2lQX3UGXxAQ9NQ=; b=yhlKZp8D6z+LAh0nqz91sQVp9YoYUGKitwxq+DWfahnYSL3E4Bm7n+pv6TEk3eEAsj Ex80iaTUNHu+EAMtuk40zoRJTgipXLY0Ur5bB15tiQMRktWW6ajikpPQQOrofPmiYztG KLmt9iOFElpseedb6oKOmCBJ726YtLt+Ezv6iFRVAIoeDiTUCnqtcpIIVoCGzFhB/ZG7 TCPFboG2Ea+KuBT/H3SyGlCxfzZxFLhlmP9/vWCfR+yyTYU141EGRjq511nJD6Rat8Gz ib+0p4+vCFqkthCznEmrtSKUM0k55HN76sRWuVWAYQBGVdX6r96Te5FhjKUzXKCDTVuj DODw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Gmyjt723; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j2si763772pgp.418.2019.02.22.00.29.00; Fri, 22 Feb 2019 00:29:16 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Gmyjt723; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726695AbfBVI1z (ORCPT + 99 others); Fri, 22 Feb 2019 03:27:55 -0500 Received: from mail.kernel.org ([198.145.29.99]:32892 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725905AbfBVI1y (ORCPT ); Fri, 22 Feb 2019 03:27:54 -0500 Received: from devnote (sp49-106-215-210.msf.spmode.ne.jp [49.106.215.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 6AEFF20700; Fri, 22 Feb 2019 08:27:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1550824073; bh=tGgWPUqyM7wjfcZnqC+wlhCFfiZucxevDE3+vs6rSSo=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=Gmyjt723Zv6k3orjKs8o0L4j6QHcHCgxd4Woi82DBjrUS28gMP2AXpm1CeW5F5IZx CPhD9vP5QQLErSgRyRazM+nbppnwenEXNjamXV+puIyzgO0u5Xhwiq75xoESViUBje 7Ku9o6YkttOeqJClCMNpIEy93CHwyqn4NMhtZBk8= Date: Fri, 22 Feb 2019 17:27:45 +0900 From: Masami Hiramatsu To: Steven Rostedt Cc: Linus Torvalds , Andy Lutomirski , Linux List Kernel Mailing , Ingo Molnar , Andrew Morton , stable , Changbin Du , Jann Horn , Kees Cook , Andy Lutomirski Subject: Re: [PATCH 1/2 v2] kprobe: Do not use uaccess functions to access kernel memory that can fault Message-Id: <20190222172745.2c7205d62003c0a858e33278@kernel.org> In-Reply-To: <20190220094926.0ab575b3@gandalf.local.home> References: <20190215174712.372898450@goodmis.org> <20190215174945.557218316@goodmis.org> <20190215171539.4682f0b4@gandalf.local.home> <300C4516-A093-43AE-8707-1C42486807A4@amacapital.net> <20190215191949.04604191@gandalf.local.home> <20190219111802.1d6dbaa3@gandalf.local.home> <20190219140330.5dd9e876@gandalf.local.home> <20190220171019.5e81a4946b56982f324f7c45@kernel.org> <20190220094926.0ab575b3@gandalf.local.home> X-Mailer: Sylpheed 3.5.0 (GTK+ 2.24.30; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Steve, On Wed, 20 Feb 2019 09:49:26 -0500 Steven Rostedt wrote: > On Wed, 20 Feb 2019 17:10:19 +0900 > Masami Hiramatsu wrote: > > > Let me ensure what you want. So you want to access a "string" in user-space, > > not a data structure? In that case, it is very easy to me. It is enough to > > add a "ustring" type to kprobe events. For example, do_sys_opsn's path > > variable is one example. That will be +0(+0(%si)):ustring, and fetcher > > finally copy the string using strncpy_from_user() instead of > > strncpy_from_unsafe(). (*) > > ustring would be good. I've tried to implement ustring and u-offsets, but I got some issues. - access_ok() warns if it is called in IRQ context (kprobes is.) - copy_from_user uses access_ok(), so it is not designed for irq handler. Moreover, if we have different kernel/user address spaces, we have to assign target user-pages to kernel vma. Can we do that (doesn't it involve mutex locks)? If not, I think what we can do "in kprobes" is only probe_kernel_read() and strncpy_from_unsafe(). This means, on the architechture whoes kernel address space doesn't map user space, we can not support user-space data fetching in kprobe evevnts. Thank you, -- Masami Hiramatsu