Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp1296348ybh; Thu, 16 Jul 2020 08:20:44 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxrzGNlG3Dgic3iGqBQTs6Sv8okEBjuOzjLeRxK9FccO8q7MrMopK5GZuDjFQjbfNyOUnpO X-Received: by 2002:a17:907:11db:: with SMTP id va27mr4428102ejb.175.1594912844224; Thu, 16 Jul 2020 08:20:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594912844; cv=none; d=google.com; s=arc-20160816; b=yI1bfYMvRIqVoJnng7k2s8QIKiMWYkHH4NGFCRYqJQYa/2ukP+5cZZ6Lw2fkNKwLWL SHD1inxWP4cClmSn9jUCfxh7HiEiPij04YrOm27glYZsi90vi3h4WmGwuzE48prw3GPW AkSwX8UwtGsBbe6ZXJFo7hG2aX21qRFHhuZLHgytOpoUYH3vl++s/FecpU927Gj5nxrX QBaIL6scO5tF6qUIXCSAy8KBqwRrHDLsiMIc78bN93B91mkLwJJPyPTA93nFZfEktWsD VLeGeFZoAUEKDdkvkX9SxiA5M1Qo7YG7dz17JZIuirHLIO8MPYOalqMjIrXookEqTGDH 8Rkg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=HozkydmQpUvKd5NOCtzfpodg8BolrSSLpRppwaD1xMw=; b=jB8FMa7FoqNUKCdFjJ9rzC3um5RBwc4X1w//2nRBWbtt9PBO3Rtbwde/YDuRI9Blz+ VgbvmS0qJYjTXqfT6z12dOCN23EPPpA+vmbIYl9JqqEwsxicIImSOdi4XC3LdlYB0mEW WvQFCA2BSD3VmMKiDkVrjpDCl4+aexeEqbqSl9NeUZ8VvXf/vA8tLeHWP01cRPCPDWfb GH4zL5uSDfTDYXAcGHCx/BBtesX2lxcOb1eMkPefDY1MrzWhtgGv8jFr5+fUUA/D7u5W 9Gi1y0fE1kXPi3swiLGHBpukElxdbpeASNF1w54UGR0u0d3r4sTe3O1yBs00PVZNKmOq 0D+w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=fjQCXssP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id u3si3314787ejx.94.2020.07.16.08.20.20; Thu, 16 Jul 2020 08:20:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=fjQCXssP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728990AbgGPPTk (ORCPT + 99 others); Thu, 16 Jul 2020 11:19:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55484 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728515AbgGPPTj (ORCPT ); Thu, 16 Jul 2020 11:19:39 -0400 Received: from mail-pl1-x644.google.com (mail-pl1-x644.google.com [IPv6:2607:f8b0:4864:20::644]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 297F0C08C5DB for ; Thu, 16 Jul 2020 08:19:37 -0700 (PDT) Received: by mail-pl1-x644.google.com with SMTP id k4so3998299pld.12 for ; Thu, 16 Jul 2020 08:19:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=HozkydmQpUvKd5NOCtzfpodg8BolrSSLpRppwaD1xMw=; b=fjQCXssPxi4AjoXO4i5b2uodaOc83MJhnRTmtQeSd8KG0GnTJh8pMVwicp08Mg6cV/ PM2aJ65QS5F9K4jur1fgGCr2XAUDR56tq8TRLnpoC5h6PjiDp4gPPzzBFOBoChUYqju8 Nm0X11EpEfvlUee3IBx6hBV3SOZiV4gWiaPHc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=HozkydmQpUvKd5NOCtzfpodg8BolrSSLpRppwaD1xMw=; b=QbnorFgilYVa69j/tsQpXfU/7w0uQTXhjeyC8Sz/tfVKdcwR+FEeryAfexgStiwVaj Noy9thkVaPKOOxpKMqhJyyWxjPDMeOdWw7IpgKIIhEkqXDKENAVzMLk+YewveexPlCSt Xt3EpCvBncishcUoICbmQcKMcFHNTtptS+cKKHAYI1nvrpJwbFmjA/QRanKFNKi1QyiI XfZ5ls0XgHzOR3ZapTvP3RjzphyHP8NUg3F5LaYTzgFarAo54QcEtFj0DbA3MFNAjEMu LeqhVTsi6vpFkDi1Rx0M41A/PExJbZWirR/L7Bw0il0NihxvNyZFp943/2kM062tU79r KSYQ== X-Gm-Message-State: AOAM533Oe8BdmuQXCg3zhIJs0ysNPrWemR5VtsvEOCvePzSLPwVa38LB Y2OB+VGU/cCKC31WmBR66mR8qg== X-Received: by 2002:a17:902:bb83:: with SMTP id m3mr3611207pls.209.1594912776507; Thu, 16 Jul 2020 08:19:36 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id m20sm4225468pgn.62.2020.07.16.08.19.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Jul 2020 08:19:35 -0700 (PDT) Date: Thu, 16 Jul 2020 08:19:34 -0700 From: Kees Cook To: Aleksa Sarai Cc: Pavel Begunkov , Miklos Szeredi , Matthew Wilcox , Andy Lutomirski , Jann Horn , Stefano Garzarella , Christian Brauner , strace-devel@lists.strace.io, io-uring@vger.kernel.org, Linux API , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Michael Kerrisk , Stefan Hajnoczi Subject: Re: strace of io_uring events? Message-ID: <202007160812.A8D43ABBBE@keescook> References: <20200715171130.GG12769@casper.infradead.org> <7c09f6af-653f-db3f-2378-02dca2bc07f7@gmail.com> <48cc7eea-5b28-a584-a66c-4eed3fac5e76@gmail.com> <202007151511.2AA7718@keescook> <20200716131755.l5tsyhupimpinlfi@yavin.dot.cyphar.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200716131755.l5tsyhupimpinlfi@yavin.dot.cyphar.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jul 16, 2020 at 11:17:55PM +1000, Aleksa Sarai wrote: > On 2020-07-15, Kees Cook wrote: > > In the basic case of "I want to run strace", this is really just a > > creative use of ptrace in that interception is being used only for > > reporting. Does ptrace need to grow a way to create/attach an io_uring > > eventfd? Or should there be an entirely different tool for > > administrative analysis of io_uring events (kind of how disk IO can be > > monitored)? > > I would hope that we wouldn't introduce ptrace to io_uring, because > unless we plan to attach to io_uring events via GDB it's simply the > wrong tool for the job. strace does use ptrace, but that's mostly > because Linux's dynamic tracing was still in its infancy at the time > (and even today it requires more privileges than ptrace) -- but you can > emulate strace using bpftrace these days fairly easily. > > So really what is being asked here is "can we make it possible to debug > io_uring programs as easily as traditional I/O programs". And this does > not require ptrace, nor should ptrace be part of this discussion IMHO. I > believe this issue (along with seccomp-style filtering) have been > mentioned informally in the past, but I am happy to finally see a thread > about this appear. Yeah, I don't see any sane way to attach ptrace, especially when what's wanted is just "io_uring action logging", which is a much more narrow issue, and one that doesn't map well to processes. Can the io_uring eventfd be used for this kind of thing? It seems io_uring just needs a way to gain an administrative path to opening it? > > Solving the mapping of seccomp interception types into CQEs (or anything > > more severe) will likely inform what it would mean to map ptrace events > > to CQEs. So, I think they're related, and we should get seccomp hooked > > up right away, and that might help us see how (if) ptrace should be > > attached. > > We could just emulate the seccomp-bpf API with the pseudo-syscalls done > as a result of CQEs, though I'm not sure how happy folks will be with > this kind of glue code in "seccomp-uring" (though in theory it would > allow us to attach existing filters to io_uring...). Looking at the per-OP "syscall" implementations, I'm kind of alarmed that some (e.g. openat2) are rather "open coded". It seems like this should be fixed to have at least a common entry point for both io_uring and proper syscalls. -- Kees Cook