Re: kprobe string arg does not return proper value

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jan 29, 2019 at 04:37:08PM +0100, Heiko Carstens wrote:
> On Tue, Jan 29, 2019 at 09:20:09AM +0100, Jiri Olsa wrote:
> > On Tue, Jan 29, 2019 at 07:16:19AM +0100, Heiko Carstens wrote:
> > > On Mon, Jan 28, 2019 at 10:14:58PM +0100, Jiri Olsa wrote:
> > > >   # cd /sys/kernel/debug/tracing
> > > >   # cat trace
> > > >      <...>-18602 [000] d... 288289.847945: do_sys_open: (do_sys_open+0x0/0x238) filename_string=(fault)
> > > >      <...>-18602 [000] d... 288289.848586: do_sys_open: (do_sys_open+0x0/0x238) filename_string=(fault)
> > > >      <...>-18602 [000] d... 288289.852643: do_sys_open: (do_sys_open+0x0/0x238) filename_string=(fault)
> > > >      <...>-18602 [000] d... 288289.853202: do_sys_open: (do_sys_open+0x0/0x238) filename_string=(fault)
> > > >   ...
> > > > 
> > > > I'm getting this on latest upstream 5.0.0-rc3+
> > > > 
> > > > looks like we call strncpy_from_unsafe -> __get_user, which fails
> > > > in this case.. any idea if this is perhaps some known issue on s390x?
> > > 
> > > This looks like the wrong address space is accessed. The "string" type
> > > is supposed to copy a string from _kernel_ space while the filename
> > > argument of do_sys_open() is a user space pointer.
> > > 
> > > This doesn't work on s390 due to the complete distinct address
> > > spaces. At least that's what this looks like at a first glance.
> > > 
> > > And if I'm correct it is not easy to "fix". _If_ this functionality is
> > > desired then the kprobes interface must probably be changed so that it
> > > would be possible to specify the address space from where something
> > > should be copied. Or.. maybe the "__user" annotation in the kernel
> > > code can be instrumented(?).
> > > 
> > 
> > I see, I'd like to find out some more about this..  I found some docs in
> > Documentation/s390, would you please point me to some other s390 docs?
> 
> Well, there is only the architecture documentation. Not sure if you
> really want to read this:
> 
> http://publibfi.boulder.ibm.com/epubs/pdf/dz9zr011.pdf
> 
> The relevant part is chapter 3 (Storage) - Address Spaces and Dynamic
> Address Translation.
> 
> However the short form is: s390 uses two address spaces. "Home Space"
> for kernel address space and "Primary Address Space" for user space
> (there are some special cases where this isn't true, but that doesn't
> really matter here).
> 
> Each address space has it's own(!) page tables. To access user space
> from kernel space special instructions like MVCOS have to be used.
> 
> Especially this means (unlike on other architectures) that you can't
> tell from an address alone if it belongs to user space or kernel
> space.
> 

cool, thanks a lot for the info

jirka



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Kernel Development]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Info]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Linux Media]     [Device Mapper]

  Powered by Linux