[SRU Focal] LP: #1888507 Allow BPF programs on s390x to read user memory

Thadeu Lima de Souza Cascardo cascardo at canonical.com
Wed Aug 26 20:30:21 UTC 2020


BugLink: https://bugs.launchpad.net/bugs/1888507

[Impact]
Some bpf programs will fail to execute on s390x, returning EFAULT when they
should be able to read user memory.

[Test case]
apt-get source linux
mkdir -p /usr/lib/perf/
cp -a linux-5.4.0/tools/perf/include /usr/lib/perf/
probe_read=$(grep -w probe_read /usr/lib/perf/include/bpf/bpf.h)
probe_read_user=${probe_read//read/read_user}
sed -i "/probe_read)/i$probe_read_user" /usr/lib/perf/include/bpf/bpf.h
probe_read_user_str=${probe_read//read/read_user_str}
sed -i "/probe_read)/i$probe_read_user_str" /usr/lib/perf/include/bpf/bpf.h

ed - linux-5.4.0/tools/perf/examples/bpf/augmented_raw_syscalls.c << EOF
100c
int string_len = probe_read_user_str(&augmented_arg->value, arg_len, arg);
.
w
EOF
perf trace -eopenat,augmented_raw_syscalls.c cat /etc/passwd > /dev/null

You should see:
     0.332 ( 0.002 ms): cat/3223 openat(dfd: CWD, filename: "/etc/passwd") = 3
instead of
     0.334 ( 0.003 ms): cat/3739 openat(dfd: CWD, filename: "") = 3

[Potential regressions]
One potential regression is that unprivileged code can be able to exploit the
changes to read or write kernel memory.





More information about the kernel-team mailing list