Hi Jann,
On Wed, 20 Feb 2019 14:57:31 +0100 Jann Horn jannh@google.com wrote:
On Wed, Feb 20, 2019 at 9:10 AM Masami Hiramatsu mhiramat@kernel.org wrote:
On Tue, 19 Feb 2019 14:03:30 -0500 Steven Rostedt rostedt@goodmis.org wrote:
Basically, a kprobe is mostly used for debugging what's happening in a live kernel, to read any address.
My point is that "any address" is not sufficient to begin with. You need "kernel or user".
Having a flag for what _kind_ of kernel address is ok might then be required for other cases if they might not be ok with following page tables to IO space..
Good point. Looks like we should add a new flag for kprobe trace parameters, that tell kprobes if the address is expected to be user or kernel. That would be good regardless of the duplicate meanings, as we could use copy_from_user without touching KERNEL_DS, if the probe argument specifically states "this is user space". For example, when probing do_sys_open, and you want to read what path string was passed into the kernel.
Masami, thoughts?
Let me ensure what you want. So you want to access a "string" in user-space, not a data structure? In that case, it is very easy to me. It is enough to add a "ustring" type to kprobe events. For example, do_sys_opsn's path variable is one example. That will be +0(+0(%si)):ustring, and fetcher finally copy the string using strncpy_from_user() instead of strncpy_from_unsafe(). (*)
[...]
(*) BTW, there is another concern to use _from_user APIs in kprobe. Are those APIs might sleep??
If you want to access userspace without sleeping, and ignore data in non-present pages, you can do `pagefault_disable(); err = __copy_from_user_inatomic(...); pagefault_enable();`. (Actually, maybe the kernel should have a helper for that...)
Ok, we are going back to the start point of this thread :)
http://lkml.kernel.org/r/20190215174712.372898450@goodmis.org
So, if user tells kprobe it is user-pointer, we check it with access_ok(), and will do something similar to the strnlen_user() and strncpy_from_user(), but using __copy_from_user_inatomic() and pagefault_disable() for kprobes.
Thank you!