On Mon, Mar 29, 2021 at 01:58:21PM +0300, Zidenberg, Tsahi wrote:
commit 8d92db5c04d10381f4db70ed99b1b576f5db18a7 upstream. This is an adaptation of parts from above commit to kernel 5.4.
This is very different from the upstream commit, let's not annotate it as that commit.
bpf_probe_read{,str}() BPF helpers are broken on arm64, where user addresses cannot be accessed with normal kernelspace access. Upstream solution got into v5.8 and cannot directly be cherry picked. We implement the same mechanism in kernel 5.4. Detection is only enabled for machines with non-overlapping address spaces using CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE from commits: commit 0ebeea8ca8a4 ("bpf: Restrict bpf_probe_read{, str}() only to archs where they work") commit d195b1d1d119 ("powerpc/bpf: Enable bpf_probe_read{, str}() on powerpc again") To generally fix the issue, upstream includes new BPF helpers: bpf_probe_read_{user,kernel}_str(). For details on them, see commit 6ae08ae3dea2 ("bpf: Add probe_read_{user, kernel} and probe_read_{user, kernel}_str helpers")
What stops us from taking that API back to 5.4? I took a look at the dependencies and they don't look too scary. Can we try that route instead? We really don't want to diverge from upstream that much. -- Thanks, Sasha