Received: by 2002:ac0:b08d:0:0:0:0:0 with SMTP id l13csp1910939imc;
        Fri, 22 Feb 2019 13:39:23 -0800 (PST)
X-Google-Smtp-Source: AHgI3IayN3xYFIWW4uEQ6bkWrDbZcJ8Dr2PdsYuIg/5PUyl4d452kLw/k03YMYQVl17A9AxVhCBO
X-Received: by 2002:a17:902:b181:: with SMTP id s1mr6239089plr.321.1550871563802;
        Fri, 22 Feb 2019 13:39:23 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1550871563; cv=none;
        d=google.com; s=arc-20160816;
        b=AKSS+olmWpJJC0YUv3ujzZazqDbdg7dqxs2ThBh6qZl3uzrw/KWjEnTl6eIjBm72sr
         iIUsITpnf/PEU4yISwH0hbYjd99pIpUxqwChGphoViKe5dQmyi9KTZCE6MNCV7shLJLo
         F6UTPX1//5UvgAcv2wkRh2ZBjtWFqkc0sPyNm4PEFrdyAL0K/VPI3ITDB+QLUar+Gk9+
         152e/2/tsra51TEjqXedmB1zk7z8S/tEHDlVSMs69bTUPLbozj0bd+BCEVpCvY8MsvzV
         DdQ77+zUpnPnUszir0J5OpKaAATEIPzPYsy3lM/i8L3pso0V699qz2cRCfQyoqm/MICM
         LyKg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:from:subject:cc:to:message-id:date;
        bh=1n05y1pXQMY1FVoxMdGuNhNUC8oOqCCtlMH6U+3qxmQ=;
        b=e5ciOAp2BkDFZ/ROKZARGFcJtJfAFVAlVKGQRjrqc7e4WqpgOTcDrKOKkySTLC8wwB
         IlmFS8UmE0qXe9L0HmqUN4On+drbXb1BE7TRug5j1gDPvUajQgjdwWtGCmQ6ExNrnLZk
         H/E1+cb0rsFlVXGxoqD2DxUGndRs/trVwekQ2P8ctNkqvEb+TeOTxU3senVw0Z7xTF2d
         FPy0cvLgaGFuvkMrfu8muVW/SvG7FhRyus13fi0x6gJTDLvHW+FPK/vR5MTY7bLzNyCu
         LkluKjxL77ffF2QNhNvZ2XbR98EsKY8PMuYgvM85UNAxVKH4WsLoxmske/o3IVGqoDFc
         RlbA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id r35si2271750pgl.379.2019.02.22.13.39.07;
        Fri, 22 Feb 2019 13:39:23 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726116AbfBVViq (ORCPT <rfc822;arandomawesomegeek@gmail.com>
        + 99 others); Fri, 22 Feb 2019 16:38:46 -0500
Received: from shards.monkeyblade.net ([23.128.96.9]:58590 "EHLO
        shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725832AbfBVViq (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 22 Feb 2019 16:38:46 -0500
Received: from localhost (unknown [IPv6:2601:601:9f80:35cd::bf5])
        (using TLSv1 with cipher AES256-SHA (256/256 bits))
        (Client did not present a certificate)
        (Authenticated sender: davem-davemloft)
        by shards.monkeyblade.net (Postfix) with ESMTPSA id EFB5614ABC727;
        Fri, 22 Feb 2019 13:38:44 -0800 (PST)
Date:   Fri, 22 Feb 2019 13:38:42 -0800 (PST)
Message-Id: <20190222.133842.1637029078039923178.davem@davemloft.net>
To:     torvalds@linux-foundation.org
Cc:     alexei.starovoitov@gmail.com, mhiramat@kernel.org,
        rostedt@goodmis.org, luto@amacapital.net,
        linux-kernel@vger.kernel.org, mingo@kernel.org,
        akpm@linux-foundation.org, stable@vger.kernel.org,
        changbin.du@gmail.com, jannh@google.com, keescook@chromium.org,
        luto@kernel.org, daniel@iogearbox.net, netdev@vger.kernel.org,
        bpf@vger.kernel.org
Subject: Re: [PATCH 1/2 v2] kprobe: Do not use uaccess functions to access
 kernel memory that can fault
From:   David Miller <davem@davemloft.net>
In-Reply-To: <CAHk-=wib9VSbwbS+N82ZPNtvt4vrvYyHyQduhFimX8nyjCyZyA@mail.gmail.com>
References: <CAHk-=whNf_n1WXWW+ugAVeL5ZK0GcEP3cTYocju1nS85VtMjjQ@mail.gmail.com>
        <20190222192703.epvgxghwybte7gxs@ast-mbp.dhcp.thefacebook.com>
        <CAHk-=wib9VSbwbS+N82ZPNtvt4vrvYyHyQduhFimX8nyjCyZyA@mail.gmail.com>
X-Mailer: Mew version 6.8 on Emacs 26.1
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Fri, 22 Feb 2019 13:38:45 -0800 (PST)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Fri, 22 Feb 2019 13:20:58 -0800

> On Fri, Feb 22, 2019 at 11:27 AM Alexei Starovoitov
> <alexei.starovoitov@gmail.com> wrote:
>>
>> On bpf side the bpf_probe_read() helper just calls probe_kernel_read()
>> and users pass both user and kernel addresses into it and expect
>> that the helper will actually try to read from that address.
> 
> As mentioned earlier in the thread, that's actually fundamentally broken.
> 
> There are architectures that have physically separate address spaces,
> with the same pointer value in both kernel and user space.
> 
> They are rare, but they exist. At least sparc32 and the old 4G:4G split x86.

And sparc64.

> So a pointer really should always unambiguously always be explicitly
> _either_ a kernel pointer, or a user pointer. You can't have "this is
> a pointer", and then try to figure it out by looking at the value.
> That may happen to work on x86-64, but it's literally a "happen to
> work on the most common architectures", not a design thing.

Don't be surprised if we see more separation like this in the future too.

So it's not a smart thing to code against even if you can discount all of
the examples Linus gives above.