On Mon, May 06, 2019 at 09:11:19PM +0200, Daniel Borkmann wrote: > On 05/06/2019 08:31 PM, Joel Fernandes (Google) wrote: > > The eBPF based opensnoop tool fails to read the file path string passed > > to the do_sys_open function. This is because it is a pointer to > > userspace address and causes an -EFAULT when read with > > probe_kernel_read. This is not an issue when running the tool on x86 but > > is an issue on arm64. This patch adds a new bpf function call based > > which calls the recently proposed probe_user_read function [1]. > > Using this function call from opensnoop fixes the issue on arm64. > > > > [1] https://lore.kernel.org/patchwork/patch/1051588/ > > > > Cc: Michal Gregorczyk <michalgr@xxxxxxxx> > > Cc: Adrian Ratiu <adrian.ratiu@xxxxxxxxxxxxx> > > Cc: Mohammad Husain <russoue@xxxxxxxxx> > > Cc: Qais Yousef <qais.yousef@xxxxxxx> > > Cc: Srinivas Ramana <sramana@xxxxxxxxxxxxxx> > > Cc: duyuchao <yuchao.du@xxxxxxxxxx> > > Cc: Manjo Raja Rao <linux@xxxxxxxxxxxxxxxx> > > Cc: Karim Yaghmour <karim.yaghmour@xxxxxxxxxxx> > > Cc: Tamir Carmeli <carmeli.tamir@xxxxxxxxx> > > Cc: Yonghong Song <yhs@xxxxxx> > > Cc: Alexei Starovoitov <ast@xxxxxxxxxx> > > Cc: Brendan Gregg <brendan.d.gregg@xxxxxxxxx> > > Cc: Masami Hiramatsu <mhiramat@xxxxxxxxxx> > > Cc: Peter Ziljstra <peterz@xxxxxxxxxxxxx> > > Cc: Andrii Nakryiko <andrii.nakryiko@xxxxxxxxx> > > Cc: Steven Rostedt <rostedt@xxxxxxxxxxx> > > Cc: Kees Cook <keescook@xxxxxxxxxxxx> > > Cc: kernel-team@xxxxxxxxxxx > > Signed-off-by: Joel Fernandes (Google) <joel@xxxxxxxxxxxxxxxxx> > > --- > > Masami, could you carry these patches in the series where are you add > > probe_user_read function? > > > > Previous submissions is here: > > https://lore.kernel.org/patchwork/patch/1069552/ > > v1->v2: split tools uapi sync into separate commit, added deprecation > > warning for old bpf_probe_read function. > > Please properly submit this series to bpf tree once the base > infrastructure from Masami is upstream. Could you clarify what do you mean by "properly submit this series to bpf tree" mean? bpf@xxxxxxxxxxxxxxx is CC'd. > This series here should > also fix up all current probe read usage under samples/bpf/ and > tools/testing/selftests/bpf/. Ok. Agreed, will do that. thanks, - Joel
