From: Andy Lutomirski <luto@amacapital.net>
To: Steven Rostedt <rostedt@goodmis.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Linux List Kernel Mailing <linux-kernel@vger.kernel.org>,
Ingo Molnar <mingo@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
stable <stable@vger.kernel.org>,
Changbin Du <changbin.du@gmail.com>, Jann Horn <jannh@google.com>,
Kees Cook <keescook@chromium.org>,
Andy Lutomirski <luto@kernel.org>
Subject: Re: [PATCH 1/2 v2] kprobe: Do not use uaccess functions to access kernel memory that can fault
Date: Fri, 15 Feb 2019 18:14:21 -0800 [thread overview]
Message-ID: <1B52384E-5C02-4279-9111-34881BA3204E@amacapital.net> (raw)
In-Reply-To: <20190215210801.7f8c94cf@gandalf.local.home>
> On Feb 15, 2019, at 6:08 PM, Steven Rostedt <rostedt@goodmis.org> wrote:
>
> On Fri, 15 Feb 2019 17:32:55 -0800
> Andy Lutomirski <luto@amacapital.net> wrote:
>
>>> I added you just because I wanted help getting the change log correct,
>>> as that's what Linus was complaining about. I kept using "kernel
>>> address" when the sample bug used for the patch was really a
>>> non-canonical address (as Linus said, it's just garbage. Neither kernel
>>> or user space). But I pointed out that this can also bug if the
>>> address is canonical and in the kernel address space. The old code
>>> didn't complain about non-canonical or kernel address faulting before
>>> commit 9da3f2b7405, which only talks about kernel address space
>>> faulting (which is why I only mentioned that in my messages).
>>>
>>> Would changing all the mention of "kernel address" to "non user space"
>>> be accurate?
>>>
>>
>> I think “kernel address” is right. It’s illegal to access anything that isn’t known to be a valid kernel address while in KERNEL_DS.
>
> But an non-canonical address is not a "kernel address", and that will
> cause a bug too.
Indeed. A non-canonical address is not known to be a valid kernel address. I stand by my slightly pedantic statement :)
> This patch came about because it was changed that if
> we do a uaccess on something other than a user space address and take a
> fault (either because it was a non-canonical address, or a kernel
> address), we BUG! Where before that one patch, it would just return a
> fault.
>
>>
>> The old __copy seems likely to have always been a bit bogus.
>>
>> BTW, what is this probe_mem_read() thing? Some minimal inspection suggests it’s a buggy reimplementation of probe_kernel_read(). Can you delete it and just use probe_kernel_read() directly?
>
> Well, the issue is that we have trace_probe_tmpl.h in that same
> directory, which does the work for kprobes and uprobes. The
> trace_kprobes.c defines all the functions for handling kprobes, and
> trace_uprobes.c does all the handling of uprobes, then they include
> trace_probe_tmpl.h which does the bulk of the work.
>
> In the uprobes case, we have:
>
> static nokprobe_inline int
> probe_mem_read(void *dest, void *src, size_t size)
> {
> void __user *vaddr = (void __force __user *)src;
>
> return copy_from_user(dest, vaddr, size) ? -EFAULT : 0;
> }
>
> Because that is adding probes on userspace code.
>
>
Can the kprobe case call probe_kernel_read? Maybe it does already?
next prev parent reply other threads:[~2019-02-16 2:14 UTC|newest]
Thread overview: 85+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-15 17:47 [PATCH 0/2 v2] [GIT PULL (take two)] tracing: Two more fixes Steven Rostedt
2019-02-15 17:47 ` [PATCH 1/2 v2] kprobe: Do not use uaccess functions to access kernel memory that can fault Steven Rostedt
2019-02-15 17:55 ` Linus Torvalds
2019-02-15 22:15 ` Steven Rostedt
2019-02-15 23:49 ` Andy Lutomirski
2019-02-16 0:19 ` Steven Rostedt
2019-02-16 1:32 ` Andy Lutomirski
2019-02-16 2:08 ` Steven Rostedt
2019-02-16 2:14 ` Andy Lutomirski [this message]
2019-02-16 2:21 ` Steven Rostedt
2019-02-18 17:58 ` Linus Torvalds
2019-02-18 18:23 ` Linus Torvalds
2019-02-19 16:18 ` Steven Rostedt
2019-02-19 18:43 ` Linus Torvalds
2019-02-19 19:03 ` Steven Rostedt
2019-02-20 8:10 ` Masami Hiramatsu
2019-02-20 13:57 ` Jann Horn
2019-02-20 14:47 ` Steven Rostedt
2019-02-20 15:08 ` Masami Hiramatsu
2019-02-20 14:49 ` Steven Rostedt
2019-02-20 16:04 ` Masami Hiramatsu
2019-02-20 16:42 ` Steven Rostedt
2019-02-21 7:37 ` Masami Hiramatsu
2019-02-22 8:27 ` Masami Hiramatsu
2019-02-22 8:35 ` Masami Hiramatsu
2019-02-22 17:43 ` Linus Torvalds
2019-02-22 17:48 ` Andy Lutomirski
2019-02-22 18:28 ` Linus Torvalds
2019-02-22 19:52 ` Andy Lutomirski
2019-02-22 19:27 ` Alexei Starovoitov
2019-02-22 19:30 ` Steven Rostedt
2019-02-22 19:34 ` Alexei Starovoitov
2019-02-22 19:39 ` Steven Rostedt
2019-02-22 19:55 ` Andy Lutomirski
2019-02-22 21:43 ` Jann Horn
2019-02-22 22:08 ` Nadav Amit
2019-02-22 22:17 ` Jann Horn
2019-02-22 22:21 ` Nadav Amit
2019-02-22 22:39 ` Nadav Amit
2019-02-22 23:02 ` Jann Horn
2019-02-22 23:22 ` Nadav Amit
2019-02-22 23:59 ` Andy Lutomirski
2019-02-23 0:03 ` Alexei Starovoitov
2019-02-23 0:15 ` Nadav Amit
2019-02-24 19:35 ` Andy Lutomirski
2019-02-25 13:36 ` Masami Hiramatsu
2019-02-22 21:20 ` Linus Torvalds
2019-02-22 21:38 ` David Miller
2019-02-22 21:59 ` Linus Torvalds
2019-02-22 22:51 ` Alexei Starovoitov
2019-02-22 23:11 ` Jann Horn
2019-02-22 23:16 ` David Miller
2019-02-22 23:16 ` Linus Torvalds
2019-02-22 23:56 ` Alexei Starovoitov
2019-02-23 0:08 ` Linus Torvalds
2019-02-23 2:28 ` Alexei Starovoitov
2019-02-23 2:32 ` Linus Torvalds
2019-02-23 3:02 ` Steven Rostedt
2019-02-23 4:51 ` Masami Hiramatsu
2019-02-26 3:57 ` Christoph Hellwig
2019-02-26 15:24 ` Joel Fernandes
2019-02-28 12:29 ` Masami Hiramatsu
2019-02-28 15:18 ` Joel Fernandes
2019-02-23 3:47 ` Masami Hiramatsu
2019-02-24 0:44 ` Steven Rostedt
2019-02-24 4:38 ` Andy Lutomirski
2019-02-24 15:17 ` Masami Hiramatsu
2019-02-24 17:26 ` Linus Torvalds
2019-02-25 2:40 ` Masami Hiramatsu
2019-02-25 4:49 ` Andy Lutomirski
2019-02-25 8:09 ` Masami Hiramatsu
2019-02-25 16:40 ` Steven Rostedt
2019-02-26 1:35 ` Masami Hiramatsu
2019-02-25 8:33 ` Peter Zijlstra
2019-02-25 14:52 ` Peter Zijlstra
2019-02-25 16:48 ` Kees Cook
2019-02-25 16:58 ` Andy Lutomirski
2019-02-25 17:07 ` Kees Cook
2019-02-21 7:52 ` Masami Hiramatsu
2019-02-21 14:36 ` Steven Rostedt
2019-02-21 15:58 ` Masami Hiramatsu
2019-02-21 16:16 ` Masami Hiramatsu
2019-02-21 16:32 ` Steven Rostedt
2019-02-23 14:48 ` Masami Hiramatsu
2019-02-15 17:47 ` [PATCH 2/2 v2] tracing: Fix number of entries in trace header Steven Rostedt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1B52384E-5C02-4279-9111-34881BA3204E@amacapital.net \
--to=luto@amacapital.net \
--cc=akpm@linux-foundation.org \
--cc=changbin.du@gmail.com \
--cc=jannh@google.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@kernel.org \
--cc=rostedt@goodmis.org \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).