Re: kprobe string arg does not return proper value

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Jan 28, 2019 at 10:14:58PM +0100, Jiri Olsa wrote:
> hi,
> we see a problem on s390x when trying to retrieve string
> argument for kprobe, like:
> 
>   # perf probe 'do_sys_open filename:string'
>   # perf record -e probe:do_sys_open -a find / > /dev/null
>   ^C[ perf record: Woken up 3 times to write data ]
>   [ perf record: Captured and wrote 0.774 MB perf.data (7382 samples) ]
>   # perf script 
>      find 22222 [001] 296517.144464: probe:do_sys_open: (34a7c0) filename_string=""
>      find 22222 [001] 296517.144536: probe:do_sys_open: (34a7c0) filename_string=""
>      find 22222 [001] 296517.144551: probe:do_sys_open: (34a7c0) filename_string=""
>      find 22222 [001] 296517.144580: probe:do_sys_open: (34a7c0) filename_string=""
>   ...
> 
> we see the same error after enabling the same event via tracefs, like:
> 
>   # cd /sys/kernel/debug/tracing
>   # cat trace
>      <...>-18602 [000] d... 288289.847945: do_sys_open: (do_sys_open+0x0/0x238) filename_string=(fault)
>      <...>-18602 [000] d... 288289.848586: do_sys_open: (do_sys_open+0x0/0x238) filename_string=(fault)
>      <...>-18602 [000] d... 288289.852643: do_sys_open: (do_sys_open+0x0/0x238) filename_string=(fault)
>      <...>-18602 [000] d... 288289.853202: do_sys_open: (do_sys_open+0x0/0x238) filename_string=(fault)
>   ...
> 
> I'm getting this on latest upstream 5.0.0-rc3+
> 
> looks like we call strncpy_from_unsafe -> __get_user, which fails
> in this case.. any idea if this is perhaps some known issue on s390x?

This looks like the wrong address space is accessed. The "string" type
is supposed to copy a string from _kernel_ space while the filename
argument of do_sys_open() is a user space pointer.

This doesn't work on s390 due to the complete distinct address
spaces. At least that's what this looks like at a first glance.

And if I'm correct it is not easy to "fix". _If_ this functionality is
desired then the kprobes interface must probably be changed so that it
would be possible to specify the address space from where something
should be copied. Or.. maybe the "__user" annotation in the kernel
code can be instrumented(?).
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Kernel Development]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Info]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Linux Media]     [Device Mapper]

  Powered by Linux