NACK/CMT: [SRU Focal] LP: #1888507 Allow BPF programs on s390x to read user memory
Kelsey Skunberg
kelsey.skunberg at canonical.com
Fri Sep 18 04:35:25 UTC 2020
Saw the bug for this has been invalidated and this is not currently
moving forward. NACKing this for now.
-Kelsey
On 2020-08-26 17:30:21 , Thadeu Lima de Souza Cascardo wrote:
> BugLink: https://bugs.launchpad.net/bugs/1888507
>
> [Impact]
> Some bpf programs will fail to execute on s390x, returning EFAULT when they
> should be able to read user memory.
>
> [Test case]
> apt-get source linux
> mkdir -p /usr/lib/perf/
> cp -a linux-5.4.0/tools/perf/include /usr/lib/perf/
> probe_read=$(grep -w probe_read /usr/lib/perf/include/bpf/bpf.h)
> probe_read_user=${probe_read//read/read_user}
> sed -i "/probe_read)/i$probe_read_user" /usr/lib/perf/include/bpf/bpf.h
> probe_read_user_str=${probe_read//read/read_user_str}
> sed -i "/probe_read)/i$probe_read_user_str" /usr/lib/perf/include/bpf/bpf.h
>
> ed - linux-5.4.0/tools/perf/examples/bpf/augmented_raw_syscalls.c << EOF
> 100c
> int string_len = probe_read_user_str(&augmented_arg->value, arg_len, arg);
> .
> w
> EOF
> perf trace -eopenat,augmented_raw_syscalls.c cat /etc/passwd > /dev/null
>
> You should see:
> 0.332 ( 0.002 ms): cat/3223 openat(dfd: CWD, filename: "/etc/passwd") = 3
> instead of
> 0.334 ( 0.003 ms): cat/3739 openat(dfd: CWD, filename: "") = 3
>
> [Potential regressions]
> One potential regression is that unprivileged code can be able to exploit the
> changes to read or write kernel memory.
>
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list