Re: kprobe string arg does not return proper value

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jan 29, 2019 at 07:16:19AM +0100, Heiko Carstens wrote:
> On Mon, Jan 28, 2019 at 10:14:58PM +0100, Jiri Olsa wrote:
> > hi,
> > we see a problem on s390x when trying to retrieve string
> > argument for kprobe, like:
> > 
> >   # perf probe 'do_sys_open filename:string'
> >   # perf record -e probe:do_sys_open -a find / > /dev/null
> >   ^C[ perf record: Woken up 3 times to write data ]
> >   [ perf record: Captured and wrote 0.774 MB perf.data (7382 samples) ]
> >   # perf script 
> >      find 22222 [001] 296517.144464: probe:do_sys_open: (34a7c0) filename_string=""
> >      find 22222 [001] 296517.144536: probe:do_sys_open: (34a7c0) filename_string=""
> >      find 22222 [001] 296517.144551: probe:do_sys_open: (34a7c0) filename_string=""
> >      find 22222 [001] 296517.144580: probe:do_sys_open: (34a7c0) filename_string=""
> >   ...
> > 
> > we see the same error after enabling the same event via tracefs, like:
> > 
> >   # cd /sys/kernel/debug/tracing
> >   # cat trace
> >      <...>-18602 [000] d... 288289.847945: do_sys_open: (do_sys_open+0x0/0x238) filename_string=(fault)
> >      <...>-18602 [000] d... 288289.848586: do_sys_open: (do_sys_open+0x0/0x238) filename_string=(fault)
> >      <...>-18602 [000] d... 288289.852643: do_sys_open: (do_sys_open+0x0/0x238) filename_string=(fault)
> >      <...>-18602 [000] d... 288289.853202: do_sys_open: (do_sys_open+0x0/0x238) filename_string=(fault)
> >   ...
> > 
> > I'm getting this on latest upstream 5.0.0-rc3+
> > 
> > looks like we call strncpy_from_unsafe -> __get_user, which fails
> > in this case.. any idea if this is perhaps some known issue on s390x?
> 
> This looks like the wrong address space is accessed. The "string" type
> is supposed to copy a string from _kernel_ space while the filename
> argument of do_sys_open() is a user space pointer.
> 
> This doesn't work on s390 due to the complete distinct address
> spaces. At least that's what this looks like at a first glance.
> 
> And if I'm correct it is not easy to "fix". _If_ this functionality is
> desired then the kprobes interface must probably be changed so that it
> would be possible to specify the address space from where something
> should be copied. Or.. maybe the "__user" annotation in the kernel
> code can be instrumented(?).
> 

I see, I'd like to find out some more about this..  I found some docs in
Documentation/s390, would you please point me to some other s390 docs?

thanks,
jirka



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Kernel Development]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Info]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Linux Media]     [Device Mapper]

  Powered by Linux