Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp598377yba; Fri, 3 May 2019 07:29:11 -0700 (PDT) X-Google-Smtp-Source: APXvYqxt/lZFJPy4sEuLjqz932orlftd2uYzZKVN+kxsmOwJis1Cl/1AhRuginIqiWLwC/mlH6fJ X-Received: by 2002:a63:fd0c:: with SMTP id d12mr10833824pgh.172.1556893751369; Fri, 03 May 2019 07:29:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556893751; cv=none; d=google.com; s=arc-20160816; b=tFOwBicba3CFzvo8Mo/xJJdHxJ1fAhvleWZR52a3MQoE2SoZzeFxceiBaXZRLLtgfJ /Vjjv/Sb1v68Ya6sjcLL5+LB6YKP5Zw0lu0YSrMyqZNaPWuLExpaNX9EOlV378iGN1xH v96PirU4wJGN4Lc5l64zsKDLcMpJfYUgZI8wvODcAutq8P8uVji1thLsQjje5C6cXryS YGnYkk8KPJgJV/54OdTWV3Vqu0B+fKx5wUMxMQvHjFYOayuLVyRx2HjkaPLaqu/fVll7 oTTCy1umTKl4PGeTPcrKMsbSgMVOzZupwjYyNz9j4GntZgrU1iyON9VwYpnu0Fes6jbQ TzRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=YbV5zA2MeNWo1HH53CUwXHZxLjGUUubpf5kENAQ1Fww=; b=cSIfGgvBfSUBazEiu4fZme9uYAr4wePcl6cKulpjRwObSxe5WWervYrb9ee1hrsAeV QyeXQNGqh6utgaJmmU+DAyJIh+25ULSv2MB9g2xd7L93VRwSN/eJ1wpwXn5m613UW9Px gur+OopGSArJAXLwc5seeyMGZPhR5OcbdisK1DSU1YZWEJZtjHoPchXe6hFxIGgR5hjS /hYxGlWGh1MkwshAYeR/LBDUlXIqJm7RUJ/ZcTtXdEoXJ7kvD/e9RXsirsh8wQyfplBN RQBshYwowqo0lwEGQYt9I9Wo0HTl05Tu3FnLM+C7XKTqtEPzz9YkWZnQHag9+FvBTUDd 6n3w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@joelfernandes.org header.s=google header.b=H5yn1xC3; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z124si2531183pfz.212.2019.05.03.07.28.55; Fri, 03 May 2019 07:29:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@joelfernandes.org header.s=google header.b=H5yn1xC3; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728010AbfECNtm (ORCPT + 99 others); Fri, 3 May 2019 09:49:42 -0400 Received: from mail-pl1-f193.google.com ([209.85.214.193]:42487 "EHLO mail-pl1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727972AbfECNtj (ORCPT ); Fri, 3 May 2019 09:49:39 -0400 Received: by mail-pl1-f193.google.com with SMTP id x15so2738278pln.9 for ; Fri, 03 May 2019 06:49:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelfernandes.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=YbV5zA2MeNWo1HH53CUwXHZxLjGUUubpf5kENAQ1Fww=; b=H5yn1xC39sPwBsUQ5J0XTmkSV9bjL93S9mGPkFTB/vh0detwjvTV64fXThu4RUOqC0 HhZAG5qZEtWdCBJJ50pexgIWqFvy7pyo1qlpyaSLNMvkf4gCRSX4BcpyVytSD/im5iZ1 eCQk23OM+5y5ILdVE+GKyBh0UgOSqK60kQZh8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=YbV5zA2MeNWo1HH53CUwXHZxLjGUUubpf5kENAQ1Fww=; b=GqDiIOt7/GhKPaEp0J19GIn0uqze0tme80KNFPASk5xZVemYPPjlis+gse95+e0uaV tlqT1U6jK7cUZWFzIv157fnedegBh+CWDb2DXqh6c6xd+lzS2KTzvGwEEB6aClxgbJcS ERFcLr0cvirQyfXmMcHVdtrfhsULQZbAsAxyj145QBDMUY5dOtxiU0+KMXOuwB1RLKJe HPO+JQLF5edqvDjFsPnRdAzynnyETkSMIzDrL47DWSkUoE+BoZhEEPu9+uDVWJdmGqx4 IIIRbgAkksqg+SCnZhXJ8H0eZjRi5or7++Z66rigZDPI8Glwbdt+EjbrutXgJkS1S9MH BsTg== X-Gm-Message-State: APjAAAU8eq3vzwYGyv+WDYF1+cIJQMZbTaVfuXIbrmOhXBVlYnb/nikv 6L2Pg9Ygky04ceY/i2M48OeQRQ== X-Received: by 2002:a17:902:784d:: with SMTP id e13mr10589818pln.152.1556891378169; Fri, 03 May 2019 06:49:38 -0700 (PDT) Received: from localhost ([2620:15c:6:12:9c46:e0da:efbf:69cc]) by smtp.gmail.com with ESMTPSA id z9sm2717911pga.92.2019.05.03.06.49.36 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 03 May 2019 06:49:37 -0700 (PDT) Date: Fri, 3 May 2019 09:49:35 -0400 From: Joel Fernandes To: Qais Yousef Cc: linux-kernel@vger.kernel.org, Michal Gregorczyk , Adrian Ratiu , Mohammad Husain , Srinivas Ramana , duyuchao , Manjo Raja Rao , Karim Yaghmour , Tamir Carmeli , Yonghong Song , Alexei Starovoitov , Brendan Gregg , Masami Hiramatsu , Peter Ziljstra , Steven Rostedt , Kees Cook , kernel-team@android.com, Daniel Borkmann , Ingo Molnar , netdev@vger.kernel.org Subject: Re: [PATCH RFC] bpf: Add support for reading user pointers Message-ID: <20190503134935.GA253329@google.com> References: <20190502204958.7868-1-joel@joelfernandes.org> <20190503121234.6don256zuvfjtdg6@e107158-lin.cambridge.arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190503121234.6don256zuvfjtdg6@e107158-lin.cambridge.arm.com> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, May 03, 2019 at 01:12:34PM +0100, Qais Yousef wrote: > Hi Joel > > On 05/02/19 16:49, Joel Fernandes (Google) wrote: > > The eBPF based opensnoop tool fails to read the file path string passed > > to the do_sys_open function. This is because it is a pointer to > > userspace address and causes an -EFAULT when read with > > probe_kernel_read. This is not an issue when running the tool on x86 but > > is an issue on arm64. This patch adds a new bpf function call based > > I just did an experiment and if I use Android 4.9 kernel I indeed fail to see > PATH info when running opensnoop. But if I run on 5.1-rc7 opensnoop behaves > correctly on arm64. > > My guess either a limitation that was fixed on later kernel versions or Android > kernel has some strict option/modifications that make this fail? Thanks a lot for checking, yes I was testing 4.9 kernel with this patch (pixel 3). I am not sure what has changed since then, but I still think it is a good idea to make the code more robust against such future issues anyway. In particular, we learnt with extensive discussions that user/kernel pointers are not necessarily distinguishable purely based on their address. I hope agree this is an issue we need to fix. See these discussions: https://lkml.kernel.org/r/20190220171019.5e81a4946b56982f324f7c45@kernel.org https://lore.kernel.org/lkml/20190220171019.5e81a4946b56982f324f7c45@kernel.org/T/#mf81816dbfe25ac5d0e96fbab029050e892f73af2 thanks, - Joel > root@buildroot:/# uname -a > Linux buildroot 5.1.0-rc7-00164-ga00214620959-dirty #41 SMP PREEMPT Thu May 2 16:33:00 BST 2019 aarch64 GNU/Linux > root@buildroot:/# opensnoop > PID COMM FD ERR PATH > 5180 default.script -1 2 /etc/ld.so.cache > 5180 default.script -1 2 /lib/tls/v8l/neon/vfp/libresolv.so.2 > 5180 default.script -1 2 /lib/tls/v8l/neon/libresolv.so.2 > 5180 default.script -1 2 /lib/tls/v8l/vfp/libresolv.so.2 > 5180 default.script -1 2 /lib/tls/v8l/libresolv.so.2 > 5180 default.script -1 2 /lib/tls/neon/vfp/libresolv.so.2 > 5180 default.script -1 2 /lib/tls/neon/libresolv.so.2 > 5180 default.script -1 2 /lib/tls/vfp/libresolv.so.2 > 5180 default.script -1 2 /lib/tls/libresolv.so.2 > 5180 default.script -1 2 /lib/v8l/neon/vfp/libresolv.so.2 > 5180 default.script -1 2 /lib/v8l/neon/libresolv.so.2 > 5180 default.script -1 2 /lib/v8l/vfp/libresolv.so.2 > 5180 default.script -1 2 /lib/v8l/libresolv.so.2 > 5180 default.script -1 2 /lib/neon/vfp/libresolv.so.2 > 5180 default.script -1 2 /lib/neon/libresolv.so.2 > 5180 default.script -1 2 /lib/vfp/libresolv.so.2 > 5180 default.script 3 0 /lib/libresolv.so.2 > 5180 default.script 3 0 /lib/libc.so.6 > 5180 default.script 3 0 /usr/share/udhcpc/default.script > 5180 default.script 3 0 /usr/share/udhcpc/default.script.d/ > > > > > -- > Qais Yousef