On Tue, May 07, 2019 at 01:10:45AM +0200, Daniel Borkmann wrote: > On 05/06/2019 09:57 PM, Joel Fernandes wrote: > > On Mon, May 06, 2019 at 09:11:19PM +0200, Daniel Borkmann wrote: > >> On 05/06/2019 08:31 PM, Joel Fernandes (Google) wrote: > >>> The eBPF based opensnoop tool fails to read the file path string passed > >>> to the do_sys_open function. This is because it is a pointer to > >>> userspace address and causes an -EFAULT when read with > >>> probe_kernel_read. This is not an issue when running the tool on x86 but > >>> is an issue on arm64. This patch adds a new bpf function call based > >>> which calls the recently proposed probe_user_read function [1]. > >>> Using this function call from opensnoop fixes the issue on arm64. > >>> > >>> [1] https://lore.kernel.org/patchwork/patch/1051588/ > >>> > >>> Cc: Michal Gregorczyk <michalgr@xxxxxxxx> > >>> Cc: Adrian Ratiu <adrian.ratiu@xxxxxxxxxxxxx> > >>> Cc: Mohammad Husain <russoue@xxxxxxxxx> > >>> Cc: Qais Yousef <qais.yousef@xxxxxxx> > >>> Cc: Srinivas Ramana <sramana@xxxxxxxxxxxxxx> > >>> Cc: duyuchao <yuchao.du@xxxxxxxxxx> > >>> Cc: Manjo Raja Rao <linux@xxxxxxxxxxxxxxxx> > >>> Cc: Karim Yaghmour <karim.yaghmour@xxxxxxxxxxx> > >>> Cc: Tamir Carmeli <carmeli.tamir@xxxxxxxxx> > >>> Cc: Yonghong Song <yhs@xxxxxx> > >>> Cc: Alexei Starovoitov <ast@xxxxxxxxxx> > >>> Cc: Brendan Gregg <brendan.d.gregg@xxxxxxxxx> > >>> Cc: Masami Hiramatsu <mhiramat@xxxxxxxxxx> > >>> Cc: Peter Ziljstra <peterz@xxxxxxxxxxxxx> > >>> Cc: Andrii Nakryiko <andrii.nakryiko@xxxxxxxxx> > >>> Cc: Steven Rostedt <rostedt@xxxxxxxxxxx> > >>> Cc: Kees Cook <keescook@xxxxxxxxxxxx> > >>> Cc: kernel-team@xxxxxxxxxxx > >>> Signed-off-by: Joel Fernandes (Google) <joel@xxxxxxxxxxxxxxxxx> > >>> --- > >>> Masami, could you carry these patches in the series where are you add > >>> probe_user_read function? > >>> > >>> Previous submissions is here: > >>> https://lore.kernel.org/patchwork/patch/1069552/ > >>> v1->v2: split tools uapi sync into separate commit, added deprecation > >>> warning for old bpf_probe_read function. > >> > >> Please properly submit this series to bpf tree once the base > >> infrastructure from Masami is upstream. > > > > Could you clarify what do you mean by "properly submit this series to bpf > > tree" mean? bpf@xxxxxxxxxxxxxxx is CC'd. > > Yeah, send the BPF series to bpf@xxxxxxxxxxxxxxx once Masami's patches have > hit mainline, and we'll then route yours as fixes the usual path through > bpf tree. Sounds great to me, thanks! - Joel