Received: by 2002:ac0:b08d:0:0:0:0:0 with SMTP id l13csp2023044imc; Fri, 22 Feb 2019 16:10:26 -0800 (PST) X-Google-Smtp-Source: AHgI3IYckwQerFJTQqquE204/87aB9IqEQz2r8ZmntEYT7xmMnhFEQ7vAbgMYiO4QlNJ7yuB9yML X-Received: by 2002:a17:902:aa06:: with SMTP id be6mr6884645plb.57.1550880625969; Fri, 22 Feb 2019 16:10:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550880625; cv=none; d=google.com; s=arc-20160816; b=nAj84TID1MLqj2MNI+pvia8tQ1KkpdFGOl3LUfSN4uuSQ5H7t5VABemNHVABuxv+Bk pj0i6O9/uiGNVMKKQ47OLM7rT//ReuQf09qRLzU5XhIfOdkxJSJiiXW/BBerxHjm4ME1 keAQE0C9cXpLFEgQln8jm0bcBIrS7VjYRtnHl1tUlm3dFOFieUw4stnHmtaYEZEmQIPx EU4opDu14TU9lE4hfy0Y05n7AzphgLG9k+c+YRbwpcus5l3N8XdfsGmGVN4LmPLaT7oV u3bl98NBYP/TNIqGr8g6p9chYzccb5BdMVL/Yhh50MCG8w7cyUXAd6uiSKylQJloTUBE VjbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=nfPdBRc9tHlVx4731kzoTxYm9oHOsR9CfjKri/wmKro=; b=nUj+L3TK+6/JtBwNvZDCU8tzFKZdA2+EM0TLmMZ4R1naoydEVryY6NoAWVXKMPpf5W hT39hJVauqEoSEC/MJMC3AOjOj9amfcX6DZBa1Rv9QLa57HTXBPmJxl8WTrh2MruoZ21 hiEigYQ0i255o85SlvoTsbEKJam93wigIBKTC700YdRgiIe8vHKDmmiUMNlESW62zpAc EXDDOJ1ltrRFW9utdN8wT8HPLHQfwQdKJhm4w6zB5OvgKt8Cz+ar0tj42m1ZIEJphvOE hx9+9IhStHred/tk6p/O075zpWWFyNuoueTMbHpeTzKsAKM6xRfdONr9VfLHjZUUj3Jn uplw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=BXGnY8ug; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j2si2654720pfb.214.2019.02.22.16.10.10; Fri, 22 Feb 2019 16:10:25 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=BXGnY8ug; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727559AbfBWAJW (ORCPT + 99 others); Fri, 22 Feb 2019 19:09:22 -0500 Received: from mail-lj1-f193.google.com ([209.85.208.193]:33188 "EHLO mail-lj1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727498AbfBWAJV (ORCPT ); Fri, 22 Feb 2019 19:09:21 -0500 Received: by mail-lj1-f193.google.com with SMTP id z7so2843858lji.0 for ; Fri, 22 Feb 2019 16:09:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=nfPdBRc9tHlVx4731kzoTxYm9oHOsR9CfjKri/wmKro=; b=BXGnY8uguxJoyc8/1beXM666q65BcuL7j71qhPOZoQUyrJTsEoBKigunyokVuT5Sla 4ZSIiA9wLPQk8l0PVwcbkAN6IHjqJgRLEWbiMC6B1kscR3ZELS9Pz/ujsOgRDUjwp2jT E29kxlYkUCPPjzT/j1SLuTWgPw6Jk+sZ74gY4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=nfPdBRc9tHlVx4731kzoTxYm9oHOsR9CfjKri/wmKro=; b=lHoojhowMQAv8VMphLeC54G4Ga/QhSA4rmKXGL1T8mASg4rx0T6pY5ra0AmALOMj1I 8ttKcAy4bFQwkpDgB7n+whlu/HXzaTvfooRZwy4OK6YL5h1V1GktMsBM6h2MPQ9hVWSm wZLOV1VMkjI0J36zM0Mx1Fd2euMzg+xVEFUW3eN8oTPA56K/flNcg+8Ovz46os8X1MZs g8RrlOf/sJ3tq9pwzMYOtq2dI0tFWH3QqoJehtndFJDG2E3+5pQ9r8rT2D7XXuPiM7u6 Y7PTlhk61i+07fWw7EKithSRa0DpxRcEeqMoO5DkxAKiqSKdWtVpO+QFfkKPJxJauBPt 8Rlg== X-Gm-Message-State: AHQUAuZQUGcdFyxuY6g/qckd8cb8hwwJr+khS05c5WwvIuWRtnfkrRBJ jyzKMuIRPZAALEIIL7WBciNLq3f0uVQ= X-Received: by 2002:a2e:88d1:: with SMTP id a17mr3722904ljk.169.1550880558946; Fri, 22 Feb 2019 16:09:18 -0800 (PST) Received: from mail-lj1-f182.google.com (mail-lj1-f182.google.com. [209.85.208.182]) by smtp.gmail.com with ESMTPSA id p22sm828381ljb.93.2019.02.22.16.09.16 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 22 Feb 2019 16:09:16 -0800 (PST) Received: by mail-lj1-f182.google.com with SMTP id l5so3055192lje.1 for ; Fri, 22 Feb 2019 16:09:16 -0800 (PST) X-Received: by 2002:a2e:8585:: with SMTP id b5mr3689553lji.125.1550880555567; Fri, 22 Feb 2019 16:09:15 -0800 (PST) MIME-Version: 1.0 References: <20190222192703.epvgxghwybte7gxs@ast-mbp.dhcp.thefacebook.com> <20190222.133842.1637029078039923178.davem@davemloft.net> <20190222225103.o5rr5zr4fq77jdg4@ast-mbp.dhcp.thefacebook.com> <20190222235618.dxewmv5dukltaoxl@ast-mbp.dhcp.thefacebook.com> In-Reply-To: <20190222235618.dxewmv5dukltaoxl@ast-mbp.dhcp.thefacebook.com> From: Linus Torvalds Date: Fri, 22 Feb 2019 16:08:59 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 1/2 v2] kprobe: Do not use uaccess functions to access kernel memory that can fault To: Alexei Starovoitov Cc: David Miller , Masami Hiramatsu , Steven Rostedt , Andy Lutomirski , Linux List Kernel Mailing , Ingo Molnar , Andrew Morton , stable , Changbin Du , Jann Horn , Kees Cook , Andrew Lutomirski , Daniel Borkmann , Netdev , bpf@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Feb 22, 2019 at 3:56 PM Alexei Starovoitov wrote: > > It will preserve existing bpf_probe_read() behavior on x86. ... but that's the worst possible situation. It appears that people haven't understood that kernel and user addresses are distinct, and may have written programs that are fundamentally buggy. And we _want_ to make it clear that they are buggy on x86-64, exactly because x86-64 is the one that gets the most testing - by far. So if x86-64 continues working for buggy programs, then that only means that those bugs never get fixed. It would be much better to try to get those things fixed, and make the x86-64 implementation stricter, exactly so that people end up _realizing_ that they can't just think "a pointer is a pointer, and the context doesn't matter". From a pure functional safety standpoint, I thought bpf already knew what kind of a pointer it had? Linus