On 5/14/20 12:01 PM, David Laight wrote: [...]
If it's not a stupid question why is a BPF program allowed to get into a situation where it might have an invalid kernel address. It all stinks of a hole that allows all of kernel memory to be read and copied to userspace. Now you might want to something special so that BPF programs just abort on OOPS instead of possibly paniking the kernel. But that is different from a copy that expects to be passed garbage.
I suggest you read up on probe_kernel_read() and its uses in tracing in general, looks like you haven't done that.
