Received: by 2002:ac0:b08d:0:0:0:0:0 with SMTP id l13csp1802512imc; Fri, 22 Feb 2019 11:27:50 -0800 (PST) X-Google-Smtp-Source: AHgI3IYgBTjng3MfN7p2usFJD2rA5Z9NYOQbAG6ztmPKiMUazNkiWzoGKxRF09Hw+5+xlRQl+Tmh X-Received: by 2002:a63:c0e:: with SMTP id b14mr5498728pgl.236.1550863670882; Fri, 22 Feb 2019 11:27:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550863670; cv=none; d=google.com; s=arc-20160816; b=drfGhBBB4BdHpG5avqZ7q/UJwFSq2sczom+IaploZQh5iuchoivzbb5V3C/EP93QOT wREXLUFsiyM6Sc3hkSW1bKNW6WdCE1ru2bXOc1dODhaJCbhwZ6iWUOSKi6dCUN1qpTbr HFXlq30yBdaA/DaV6zlVxMbYyuCC0w95qOB1cDu/9mO+dzmGI0NR08gAiaNjuBZo0+pJ QJ5HpfYu4YL7lMYktnittZtZUFJkolGEkpEtWFlvnBeICk3FDeQS/U2vPAgyUPlcZPMJ j1hy7NttEtbcSRgoobZ83i+ja8N3siStVSzpY7OEkYYll6qS0a1TVxAUxQe89JYxRiyD 1O8A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=nDHebHk2FC9eL64ZE7wNCWO/8mfhIQQ7cEirqiHiwl4=; b=Lyb7F7WH9rfkfrEcOUASZfx4h1uZHNdiJK/1W3Vahs4OMF8ML3YCt0avrcGyRY3REW KUPESCWvCZv6CZQKrDiLgxhjL84aDl9meyf1zAaJAtg0GPnmZ2vTT3XUjfwRqAxhnQsK k3GQIfA23ZLlNBNjDJZtz4GrOo7Rnt2UbwZf5cuQ/GYpSIFe4X1t7nWqb1CGRJI96I6x +IB0co+S5PYBHBJ52KrVD2R5GZ66BWf6SkXTvZUgO8zLhgptk/ysHeB7/rTB9gg2aQy4 LW9XvMrKlJfxLLGUmvUPD+bLTeqH/CC1VepjtINe2MY25uj+Br7KzzvXaomEKHZT510/ AtXg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=RWj9fvTq; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m20si524576pgv.136.2019.02.22.11.27.35; Fri, 22 Feb 2019 11:27:50 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=RWj9fvTq; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726684AbfBVT1J (ORCPT + 99 others); Fri, 22 Feb 2019 14:27:09 -0500 Received: from mail-pf1-f194.google.com ([209.85.210.194]:41418 "EHLO mail-pf1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725832AbfBVT1I (ORCPT ); Fri, 22 Feb 2019 14:27:08 -0500 Received: by mail-pf1-f194.google.com with SMTP id d25so1536531pfn.8; Fri, 22 Feb 2019 11:27:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=nDHebHk2FC9eL64ZE7wNCWO/8mfhIQQ7cEirqiHiwl4=; b=RWj9fvTqifjlVod1DoeN8yqfePcxUKvomRdwyx95mvQxdPQ5r4SraA/ZyTNtK1FpaH EIQOx7D9DGq/vdoIyMYxtN+VSxZyYB3MKRmRvzjPh5DnH5SKo6j/okNYT1RQyR7FlS0Y utH9J6WeyBA8lrWVhVII8WG0XUZzHKklXDtwniOuQtipMnvTgLz6MouTc5qHIrK1wsZC zOuJg0f/VHYEdSFYmHZzU/nwGY806tnX0WFV2rMprtvuTFGPTrOnkT9GvPfBWOHiUM1T 3Q8PSCBsSugmZjcSxa/9K9Ag2VxMnH50CpUuVaH5jXrIdtoGDO8b17CzIGlQxgfV7OEu U/xg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=nDHebHk2FC9eL64ZE7wNCWO/8mfhIQQ7cEirqiHiwl4=; b=tP3Y0wdEAXHDEL5C5zLXx16Mv470MUFJ8h7FxVkL4ehOnbuoyKS1Yb2OJzkd0+RwYl 1G/5Ihjf6LZBNxVADTjtp9KCnhDY9bT5kObjsQ1jba8fjC59aBjv88mqoKOu8+YC0iyi FZ8MjcOUUra46UHDro9OoJG9WwhhxaOtZec6VeZofPIS12MHfG5eWvHIE1ELktttyCX9 mIJFEbtydMFNV9SfZrhohSfty8FXKyUSJEwc8b3vEe2OdNHvoHOsnGyZpVla4Bj9UHec DCvIwDh/MB6X8c0dpraJQUVNoAFWXtdDBSu/RYOx7eRLhuzCglHyjU6CGJKBl6pwyNSD KqBA== X-Gm-Message-State: AHQUAuYa6A1aB5lxaOsCgTe8FqtDsJdLrPow0S6rTpBFs3MdytM7YcjX 5lZlFFn5CmyqE2+9D2eQJJg= X-Received: by 2002:a63:6a48:: with SMTP id f69mr5372116pgc.7.1550863627877; Fri, 22 Feb 2019 11:27:07 -0800 (PST) Received: from ast-mbp.dhcp.thefacebook.com ([2620:10d:c090:200::4:1d52]) by smtp.gmail.com with ESMTPSA id t10sm4813299pfa.151.2019.02.22.11.27.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 22 Feb 2019 11:27:07 -0800 (PST) Date: Fri, 22 Feb 2019 11:27:05 -0800 From: Alexei Starovoitov To: Linus Torvalds Cc: Masami Hiramatsu , Steven Rostedt , Andy Lutomirski , Linux List Kernel Mailing , Ingo Molnar , Andrew Morton , stable , Changbin Du , Jann Horn , Kees Cook , Andy Lutomirski , daniel@iogearbox.net, netdev@vger.kernel.org, bpf@vger.kernel.org Subject: Re: [PATCH 1/2 v2] kprobe: Do not use uaccess functions to access kernel memory that can fault Message-ID: <20190222192703.epvgxghwybte7gxs@ast-mbp.dhcp.thefacebook.com> References: <20190219111802.1d6dbaa3@gandalf.local.home> <20190219140330.5dd9e876@gandalf.local.home> <20190220171019.5e81a4946b56982f324f7c45@kernel.org> <20190220094926.0ab575b3@gandalf.local.home> <20190222172745.2c7205d62003c0a858e33278@kernel.org> <20190222173509.88489b7c5d1bf0e2ec2382ee@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20180223 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Feb 22, 2019 at 09:43:14AM -0800, Linus Torvalds wrote: > > Then we should still probably fix up "__probe_kernel_read()" to not > allow user accesses. The easiest way to do that is actually likely to > use the "unsafe_get_user()" functions *without* doing a > uaccess_begin(), which will mean that modern CPU's will simply fault > on a kernel access to user space. On bpf side the bpf_probe_read() helper just calls probe_kernel_read() and users pass both user and kernel addresses into it and expect that the helper will actually try to read from that address. If __probe_kernel_read will suddenly start failing on all user addresses it will break the expectations. How do we solve it in bpf_probe_read? Call probe_kernel_read and if that fails call unsafe_get_user byte-by-byte in the loop? That's doable, but people already complain that bpf_probe_read() is slow and shows up in their perf report.