From: Masami Hiramatsu <mhiramat@kernel.org>
To: Christoph Hellwig <hch@lst.de>
Cc: x86@kernel.org, Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Linus Torvalds <torvalds@linux-foundation.org>,
Andrew Morton <akpm@linux-foundation.org>,
linux-parisc@vger.kernel.org, linux-um@lists.infradead.org,
netdev@vger.kernel.org, bpf@vger.kernel.org, linux-mm@kvack.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 14/23] tracing/kprobes: handle mixed kernel/userspace probes better
Date: Fri, 22 May 2020 09:04:50 +0900 [thread overview]
Message-ID: <20200522090450.a6ef7a53878c61d10340949a@kernel.org> (raw)
In-Reply-To: <20200521152301.2587579-15-hch@lst.de>
On Thu, 21 May 2020 17:22:52 +0200
Christoph Hellwig <hch@lst.de> wrote:
> Instead of using the dangerous probe_kernel_read and strncpy_from_unsafe
> helpers, rework probes to try a user probe based on the address if the
> architecture has a common address space for kernel and userspace.
>
This looks good to me.
Acked-by: Masami Hiramatsu <mhiramat@kernel.org>
Thank you!
> Signed-off-by: Christoph Hellwig <hch@lst.de>
> ---
> kernel/trace/trace_kprobe.c | 72 ++++++++++++++++++++++---------------
> 1 file changed, 43 insertions(+), 29 deletions(-)
>
> diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c
> index 4325f9e7fadaa..4aeaef53ba970 100644
> --- a/kernel/trace/trace_kprobe.c
> +++ b/kernel/trace/trace_kprobe.c
> @@ -1200,6 +1200,15 @@ static const struct file_operations kprobe_profile_ops = {
>
> /* Kprobe specific fetch functions */
>
> +/* Return the length of string -- including null terminal byte */
> +static nokprobe_inline int
> +fetch_store_strlen_user(unsigned long addr)
> +{
> + const void __user *uaddr = (__force const void __user *)addr;
> +
> + return strnlen_user_nofault(uaddr, MAX_STRING_SIZE);
> +}
> +
> /* Return the length of string -- including null terminal byte */
> static nokprobe_inline int
> fetch_store_strlen(unsigned long addr)
> @@ -1207,30 +1216,27 @@ fetch_store_strlen(unsigned long addr)
> int ret, len = 0;
> u8 c;
>
> +#ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
> + if (addr < TASK_SIZE)
> + return fetch_store_strlen_user(addr);
> +#endif
> +
> do {
> - ret = probe_kernel_read(&c, (u8 *)addr + len, 1);
> + ret = probe_kernel_read_strict(&c, (u8 *)addr + len, 1);
> len++;
> } while (c && ret == 0 && len < MAX_STRING_SIZE);
>
> return (ret < 0) ? ret : len;
> }
>
> -/* Return the length of string -- including null terminal byte */
> -static nokprobe_inline int
> -fetch_store_strlen_user(unsigned long addr)
> -{
> - const void __user *uaddr = (__force const void __user *)addr;
> -
> - return strnlen_user_nofault(uaddr, MAX_STRING_SIZE);
> -}
> -
> /*
> - * Fetch a null-terminated string. Caller MUST set *(u32 *)buf with max
> - * length and relative data location.
> + * Fetch a null-terminated string from user. Caller MUST set *(u32 *)buf
> + * with max length and relative data location.
> */
> static nokprobe_inline int
> -fetch_store_string(unsigned long addr, void *dest, void *base)
> +fetch_store_string_user(unsigned long addr, void *dest, void *base)
> {
> + const void __user *uaddr = (__force const void __user *)addr;
> int maxlen = get_loc_len(*(u32 *)dest);
> void *__dest;
> long ret;
> @@ -1240,11 +1246,7 @@ fetch_store_string(unsigned long addr, void *dest, void *base)
>
> __dest = get_loc_data(dest, base);
>
> - /*
> - * Try to get string again, since the string can be changed while
> - * probing.
> - */
> - ret = strncpy_from_unsafe(__dest, (void *)addr, maxlen);
> + ret = strncpy_from_user_nofault(__dest, uaddr, maxlen);
> if (ret >= 0)
> *(u32 *)dest = make_data_loc(ret, __dest - base);
>
> @@ -1252,35 +1254,37 @@ fetch_store_string(unsigned long addr, void *dest, void *base)
> }
>
> /*
> - * Fetch a null-terminated string from user. Caller MUST set *(u32 *)buf
> - * with max length and relative data location.
> + * Fetch a null-terminated string. Caller MUST set *(u32 *)buf with max
> + * length and relative data location.
> */
> static nokprobe_inline int
> -fetch_store_string_user(unsigned long addr, void *dest, void *base)
> +fetch_store_string(unsigned long addr, void *dest, void *base)
> {
> - const void __user *uaddr = (__force const void __user *)addr;
> int maxlen = get_loc_len(*(u32 *)dest);
> void *__dest;
> long ret;
>
> +#ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
> + if ((unsigned long)addr < TASK_SIZE)
> + return fetch_store_string_user(addr, dest, base);
> +#endif
> +
> if (unlikely(!maxlen))
> return -ENOMEM;
>
> __dest = get_loc_data(dest, base);
>
> - ret = strncpy_from_user_nofault(__dest, uaddr, maxlen);
> + /*
> + * Try to get string again, since the string can be changed while
> + * probing.
> + */
> + ret = strncpy_from_user_nofault(__dest, (void *)addr, maxlen);
> if (ret >= 0)
> *(u32 *)dest = make_data_loc(ret, __dest - base);
>
> return ret;
> }
>
> -static nokprobe_inline int
> -probe_mem_read(void *dest, void *src, size_t size)
> -{
> - return probe_kernel_read(dest, src, size);
> -}
> -
> static nokprobe_inline int
> probe_mem_read_user(void *dest, void *src, size_t size)
> {
> @@ -1289,6 +1293,16 @@ probe_mem_read_user(void *dest, void *src, size_t size)
> return probe_user_read(dest, uaddr, size);
> }
>
> +static nokprobe_inline int
> +probe_mem_read(void *dest, void *src, size_t size)
> +{
> +#ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
> + if ((unsigned long)src < TASK_SIZE)
> + return probe_mem_read_user(dest, src, size);
> +#endif
> + return probe_kernel_read_strict(dest, src, size);
> +}
> +
> /* Note that we don't verify it, since the code does not come from user space */
> static int
> process_fetch_insn(struct fetch_insn *code, struct pt_regs *regs, void *dest,
> --
> 2.26.2
>
--
Masami Hiramatsu <mhiramat@kernel.org>
WARNING: multiple messages have this Message-ID (diff)
From: Masami Hiramatsu <mhiramat@kernel.org>
To: Christoph Hellwig <hch@lst.de>
Cc: linux-parisc@vger.kernel.org,
Daniel Borkmann <daniel@iogearbox.net>,
netdev@vger.kernel.org, x86@kernel.org,
linux-um@lists.infradead.org, Alexei Starovoitov <ast@kernel.org>,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
bpf@vger.kernel.org
Subject: Re: [PATCH 14/23] tracing/kprobes: handle mixed kernel/userspace probes better
Date: Fri, 22 May 2020 09:04:50 +0900 [thread overview]
Message-ID: <20200522090450.a6ef7a53878c61d10340949a@kernel.org> (raw)
In-Reply-To: <20200521152301.2587579-15-hch@lst.de>
On Thu, 21 May 2020 17:22:52 +0200
Christoph Hellwig <hch@lst.de> wrote:
> Instead of using the dangerous probe_kernel_read and strncpy_from_unsafe
> helpers, rework probes to try a user probe based on the address if the
> architecture has a common address space for kernel and userspace.
>
This looks good to me.
Acked-by: Masami Hiramatsu <mhiramat@kernel.org>
Thank you!
> Signed-off-by: Christoph Hellwig <hch@lst.de>
> ---
> kernel/trace/trace_kprobe.c | 72 ++++++++++++++++++++++---------------
> 1 file changed, 43 insertions(+), 29 deletions(-)
>
> diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c
> index 4325f9e7fadaa..4aeaef53ba970 100644
> --- a/kernel/trace/trace_kprobe.c
> +++ b/kernel/trace/trace_kprobe.c
> @@ -1200,6 +1200,15 @@ static const struct file_operations kprobe_profile_ops = {
>
> /* Kprobe specific fetch functions */
>
> +/* Return the length of string -- including null terminal byte */
> +static nokprobe_inline int
> +fetch_store_strlen_user(unsigned long addr)
> +{
> + const void __user *uaddr = (__force const void __user *)addr;
> +
> + return strnlen_user_nofault(uaddr, MAX_STRING_SIZE);
> +}
> +
> /* Return the length of string -- including null terminal byte */
> static nokprobe_inline int
> fetch_store_strlen(unsigned long addr)
> @@ -1207,30 +1216,27 @@ fetch_store_strlen(unsigned long addr)
> int ret, len = 0;
> u8 c;
>
> +#ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
> + if (addr < TASK_SIZE)
> + return fetch_store_strlen_user(addr);
> +#endif
> +
> do {
> - ret = probe_kernel_read(&c, (u8 *)addr + len, 1);
> + ret = probe_kernel_read_strict(&c, (u8 *)addr + len, 1);
> len++;
> } while (c && ret == 0 && len < MAX_STRING_SIZE);
>
> return (ret < 0) ? ret : len;
> }
>
> -/* Return the length of string -- including null terminal byte */
> -static nokprobe_inline int
> -fetch_store_strlen_user(unsigned long addr)
> -{
> - const void __user *uaddr = (__force const void __user *)addr;
> -
> - return strnlen_user_nofault(uaddr, MAX_STRING_SIZE);
> -}
> -
> /*
> - * Fetch a null-terminated string. Caller MUST set *(u32 *)buf with max
> - * length and relative data location.
> + * Fetch a null-terminated string from user. Caller MUST set *(u32 *)buf
> + * with max length and relative data location.
> */
> static nokprobe_inline int
> -fetch_store_string(unsigned long addr, void *dest, void *base)
> +fetch_store_string_user(unsigned long addr, void *dest, void *base)
> {
> + const void __user *uaddr = (__force const void __user *)addr;
> int maxlen = get_loc_len(*(u32 *)dest);
> void *__dest;
> long ret;
> @@ -1240,11 +1246,7 @@ fetch_store_string(unsigned long addr, void *dest, void *base)
>
> __dest = get_loc_data(dest, base);
>
> - /*
> - * Try to get string again, since the string can be changed while
> - * probing.
> - */
> - ret = strncpy_from_unsafe(__dest, (void *)addr, maxlen);
> + ret = strncpy_from_user_nofault(__dest, uaddr, maxlen);
> if (ret >= 0)
> *(u32 *)dest = make_data_loc(ret, __dest - base);
>
> @@ -1252,35 +1254,37 @@ fetch_store_string(unsigned long addr, void *dest, void *base)
> }
>
> /*
> - * Fetch a null-terminated string from user. Caller MUST set *(u32 *)buf
> - * with max length and relative data location.
> + * Fetch a null-terminated string. Caller MUST set *(u32 *)buf with max
> + * length and relative data location.
> */
> static nokprobe_inline int
> -fetch_store_string_user(unsigned long addr, void *dest, void *base)
> +fetch_store_string(unsigned long addr, void *dest, void *base)
> {
> - const void __user *uaddr = (__force const void __user *)addr;
> int maxlen = get_loc_len(*(u32 *)dest);
> void *__dest;
> long ret;
>
> +#ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
> + if ((unsigned long)addr < TASK_SIZE)
> + return fetch_store_string_user(addr, dest, base);
> +#endif
> +
> if (unlikely(!maxlen))
> return -ENOMEM;
>
> __dest = get_loc_data(dest, base);
>
> - ret = strncpy_from_user_nofault(__dest, uaddr, maxlen);
> + /*
> + * Try to get string again, since the string can be changed while
> + * probing.
> + */
> + ret = strncpy_from_user_nofault(__dest, (void *)addr, maxlen);
> if (ret >= 0)
> *(u32 *)dest = make_data_loc(ret, __dest - base);
>
> return ret;
> }
>
> -static nokprobe_inline int
> -probe_mem_read(void *dest, void *src, size_t size)
> -{
> - return probe_kernel_read(dest, src, size);
> -}
> -
> static nokprobe_inline int
> probe_mem_read_user(void *dest, void *src, size_t size)
> {
> @@ -1289,6 +1293,16 @@ probe_mem_read_user(void *dest, void *src, size_t size)
> return probe_user_read(dest, uaddr, size);
> }
>
> +static nokprobe_inline int
> +probe_mem_read(void *dest, void *src, size_t size)
> +{
> +#ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
> + if ((unsigned long)src < TASK_SIZE)
> + return probe_mem_read_user(dest, src, size);
> +#endif
> + return probe_kernel_read_strict(dest, src, size);
> +}
> +
> /* Note that we don't verify it, since the code does not come from user space */
> static int
> process_fetch_insn(struct fetch_insn *code, struct pt_regs *regs, void *dest,
> --
> 2.26.2
>
--
Masami Hiramatsu <mhiramat@kernel.org>
_______________________________________________
linux-um mailing list
linux-um@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-um
next prev parent reply other threads:[~2020-05-22 0:04 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-21 15:22 clean up and streamline probe_kernel_* and friends v4 Christoph Hellwig
2020-05-21 15:22 ` Christoph Hellwig
2020-05-21 15:22 ` [PATCH 01/23] maccess: unexport probe_kernel_write and probe_user_write Christoph Hellwig
2020-05-21 15:22 ` Christoph Hellwig
2020-05-21 15:22 ` [PATCH 02/23] maccess: remove various unused weak aliases Christoph Hellwig
2020-05-21 15:22 ` Christoph Hellwig
2020-05-21 15:22 ` [PATCH 03/23] maccess: remove duplicate kerneldoc comments Christoph Hellwig
2020-05-21 15:22 ` Christoph Hellwig
2020-05-21 15:22 ` [PATCH 04/23] maccess: clarify " Christoph Hellwig
2020-05-21 15:22 ` Christoph Hellwig
2020-05-21 15:22 ` [PATCH 05/23] maccess: update the top of file comment Christoph Hellwig
2020-05-21 15:22 ` Christoph Hellwig
2020-05-21 15:22 ` [PATCH 06/23] maccess: rename strncpy_from_unsafe_user to strncpy_from_user_nofault Christoph Hellwig
2020-05-21 15:22 ` Christoph Hellwig
2020-05-21 15:22 ` [PATCH 07/23] maccess: rename strncpy_from_unsafe_strict to strncpy_from_kernel_nofault Christoph Hellwig
2020-05-21 15:22 ` Christoph Hellwig
2020-05-21 15:22 ` [PATCH 08/23] maccess: rename strnlen_unsafe_user to strnlen_user_nofault Christoph Hellwig
2020-05-21 15:22 ` Christoph Hellwig
2020-05-21 15:22 ` [PATCH 09/23] maccess: remove probe_read_common and probe_write_common Christoph Hellwig
2020-05-21 15:22 ` Christoph Hellwig
2020-05-21 15:22 ` [PATCH 10/23] maccess: unify the probe kernel arch hooks Christoph Hellwig
2020-05-21 15:22 ` Christoph Hellwig
2020-05-28 0:55 ` Andrew Morton
2020-05-28 0:55 ` Andrew Morton
2020-05-21 15:22 ` [PATCH 11/23] bpf: factor out a bpf_trace_copy_string helper Christoph Hellwig
2020-05-21 15:22 ` Christoph Hellwig
2020-05-21 22:10 ` Andrii Nakryiko
2020-05-21 22:10 ` Andrii Nakryiko
2020-05-21 22:10 ` Andrii Nakryiko
2020-05-21 15:22 ` [PATCH 12/23] bpf: handle the compat string in bpf_trace_copy_string better Christoph Hellwig
2020-05-21 15:22 ` Christoph Hellwig
2020-05-21 22:10 ` Andrii Nakryiko
2020-05-21 22:10 ` Andrii Nakryiko
2020-05-21 22:10 ` Andrii Nakryiko
2020-05-28 2:04 ` Andrew Morton
2020-05-28 2:04 ` Andrew Morton
2020-05-28 2:26 ` Yonghong Song
2020-05-28 2:26 ` Yonghong Song
2020-05-28 4:39 ` Christoph Hellwig
2020-05-28 4:39 ` Christoph Hellwig
2020-05-28 17:06 ` Yonghong Song
2020-05-28 17:06 ` Yonghong Song
2020-05-21 15:22 ` [PATCH 13/23] bpf: rework the compat kernel probe handling Christoph Hellwig
2020-05-21 15:22 ` Christoph Hellwig
2020-05-21 22:10 ` Andrii Nakryiko
2020-05-21 22:10 ` Andrii Nakryiko
2020-05-21 22:10 ` Andrii Nakryiko
2020-05-21 15:22 ` [PATCH 14/23] tracing/kprobes: handle mixed kernel/userspace probes better Christoph Hellwig
2020-05-21 15:22 ` Christoph Hellwig
2020-05-22 0:04 ` Masami Hiramatsu [this message]
2020-05-22 0:04 ` Masami Hiramatsu
2020-05-21 15:22 ` [PATCH 15/23] maccess: remove strncpy_from_unsafe Christoph Hellwig
2020-05-21 15:22 ` Christoph Hellwig
2020-05-21 15:22 ` [PATCH 16/23] maccess: always use strict semantics for probe_kernel_read Christoph Hellwig
2020-05-21 15:22 ` Christoph Hellwig
2020-05-21 15:22 ` [PATCH 17/23] maccess: move user access routines together Christoph Hellwig
2020-05-21 15:22 ` Christoph Hellwig
2020-05-21 15:22 ` [PATCH 18/23] maccess: allow architectures to provide kernel probing directly Christoph Hellwig
2020-05-21 15:22 ` Christoph Hellwig
2020-05-21 15:22 ` [PATCH 19/23] x86: use non-set_fs based maccess routines Christoph Hellwig
2020-05-21 15:22 ` Christoph Hellwig
2020-05-21 15:22 ` [PATCH 20/23] maccess: rename probe_kernel_{read,write} to copy_{from,to}_kernel_nofault Christoph Hellwig
2020-05-21 15:22 ` [PATCH 20/23] maccess: rename probe_kernel_{read, write} to copy_{from, to}_kernel_nofault Christoph Hellwig
2020-05-21 15:22 ` [PATCH 21/23] maccess: rename probe_user_{read,write} to copy_{from,to}_user_nofault Christoph Hellwig
2020-05-21 15:22 ` [PATCH 21/23] maccess: rename probe_user_{read, write} to copy_{from, to}_user_nofault Christoph Hellwig
2020-05-21 15:23 ` [PATCH 22/23] maccess: rename probe_kernel_address to get_kernel_nofault Christoph Hellwig
2020-05-21 15:23 ` Christoph Hellwig
2020-05-21 15:23 ` [PATCH 23/23] maccess: return -ERANGE when copy_from_kernel_nofault_allowed fails Christoph Hellwig
2020-05-21 15:23 ` Christoph Hellwig
2020-05-21 18:03 ` clean up and streamline probe_kernel_* and friends v4 Linus Torvalds
2020-05-21 18:03 ` Linus Torvalds
2020-05-21 18:03 ` Linus Torvalds
2020-05-22 0:22 ` Masami Hiramatsu
2020-05-22 0:22 ` Masami Hiramatsu
2020-05-25 22:19 ` Andrew Morton
2020-05-25 22:19 ` Andrew Morton
2020-05-26 6:13 ` Christoph Hellwig
2020-05-26 6:13 ` Christoph Hellwig
2020-05-28 0:36 ` Andrew Morton
2020-05-28 0:36 ` Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200522090450.a6ef7a53878c61d10340949a@kernel.org \
--to=mhiramat@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=hch@lst.de \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-parisc@vger.kernel.org \
--cc=linux-um@lists.infradead.org \
--cc=netdev@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.