Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Differentiate usage of bpf_probe_read for userspace and kernelspace access #27

Open
pawsten opened this issue Apr 13, 2023 · 1 comment
Open

Differentiate usage of bpf_probe_read for userspace and kernelspace access #27

pawsten opened this issue Apr 13, 2023 · 1 comment
Labels
enhancement New feature or request

Comments

@pawsten
Copy link
Collaborator

pawsten commented Apr 13, 2023
edited
Loading

Since Linux 5.5. function probe_read_user should be split for bpf_probe_read_user for userspace read and bpf_probe_read_kernel for kernelspace access. https://man7.org/linux/man-pages/man7/bpf-helpers.7.html
@pawsten pawsten added the enhancement New feature or request label Apr 13, 2023
@pawsten pawsten changed the title Differentiate usage of bpf_probe_read for userspace read and kernelspace Differentiate usage of bpf_probe_read for userspace and kernelspace access Apr 13, 2023
@pawsten
Copy link
Collaborator Author

pawsten commented Apr 17, 2024

It may be related with following stacktrace:

[ 34.327482] sysfillrect ghash_clmulni_intel sysimgblt usbhid aesni_intel fb_sys_fops ixgbe crypto_simd cryptd mxm_wmi igb xfrm_algo lpc_ich ahci drm glue_helper hid i2c_algo_bit dca megaraid_sas libahci mdio wmi
[ 34.327491] CPU: 4 PID: 3051 Comm: oneagentnettrac Tainted: G OE 5.4.0-176-generic #196-Ubuntu
[ 34.327492] Hardware name: Dell Inc. PowerEdge R730/072T6D, BIOS 2.11.0 11/02/2019
[ 34.327493] RIP: 0010:ex_handler_uaccess+0x52/0x60
[ 34.327495] Code: c4 08 b8 01 00 00 00 5b 5d c3 80 3d ab fa b8 01 00 75 db 48 c7 c7 58 8b 72 83 48 89 75 f0 c6 05 97 fa b8 01 01 e8 4c b6 a2 00 <0f> 0b 48 8b 75 f0 eb bc 66 0f 1f 44 00 00 0f 1f 44 00 00 55 80 3d
[ 34.327495] RSP: 0018:ffffafb5e0237a10 EFLAGS: 00010282
[ 34.327496] RAX: 0000000000000000 RBX: ffffffff83202870 RCX: 0000000000000000
[ 34.327497] RDX: 000000000000003f RSI: ffffffff84f9e65f RDI: 0000000000000246
[ 34.327497] RBP: ffffafb5e0237a20 R08: ffffffff84f9e620 R09: 000000000000003f
[ 34.327497] R10: 0000000000000000 R11: 0000000000000001 R12: ffffafb5e0237a88
[ 34.327498] R13: 0000000000000000 R14: 000000000000000d R15: 0000000000000000
[ 34.327499] FS: 00007f4ae742b780(0000) GS:ffff9a57bf880000(0000) knlGS:0000000000000000
[ 34.327499] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 34.327500] CR2: 00007f4ae75da5e0 CR3: 0000001fb511a002 CR4: 00000000003606e0
[ 34.327500] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 34.327501] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 34.327501] Call Trace:
[ 34.327507] ? show_regs.cold+0x1a/0x1f
[ 34.327510] ? __warn+0x98/0xe0
[ 34.327511] ? ex_handler_uaccess+0x52/0x60
[ 34.327513] ? report_bug+0xd1/0x100
[ 34.327515] ? vprintk_store+0x103/0x210
[ 34.327519] ? do_error_trap+0x9b/0xc0
[ 34.327520] ? do_invalid_op+0x3c/0x50
[ 34.327521] ? ex_handler_uaccess+0x52/0x60
[ 34.327524] ? invalid_op+0x1e/0x30
[ 34.327526] ? ex_handler_uaccess+0x52/0x60
[ 34.327528] fixup_exception+0x4a/0x70
[ 34.327530] do_general_protection+0x50/0x160
[ 34.327532] general_protection+0x28/0x30
[ 34.327535] RIP: 0010:copy_user_generic_unrolled+0x9e/0xc0
[ 34.327536] Code: 48 8d 7f 40 ff c9 75 b6 89 d1 83 e2 07 c1 e9 03 74 12 4c 8b 06 4c 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10 89 d1 <8a> 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 31 c0 0f 01 ca c3 66 66
[ 34.327537] RSP: 0018:ffffafb5e0237b30 EFLAGS: 00050202
[ 34.327538] RAX: 0000000000000000 RBX: ffff9a57b4b70000 RCX: 0000000000000004
[ 34.327539] RDX: 0000000000000004 RSI: 0100007f0200007f RDI: ffffafb5e0237bfc
[ 34.327540] RBP: ffffafb5e0237b60 R08: ffffafb5e0237ba0 R09: 00000000000000c0
[ 34.327541] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000004
[ 34.327541] R13: 00007ffffffff000 R14: 0100007f0200007f R15: ffffafb5e0237bfc
[ 34.327545] ? __probe_kernel_read+0x5a/0x90
[ 34.327549] bpf_probe_read+0x33/0x60
[ 34.327551] ? trace_call_bpf+0x69/0xe0
[ 34.327556] ? tcp_getsockopt+0x1/0x40
[ 34.327559] ? kprobe_perf_func+0x23e/0x290
[ 34.327562] ? _cond_resched+0x19/0x30
[ 34.327563] ? _raw_spin_unlock_bh+0x1e/0x20
[ 34.327565] ? tcp_get_info+0x434/0x450
[ 34.327566] ? tcp_getsockopt+0x1/0x40
[ 34.327568] ? tcp_getsockopt+0x5/0x40
[ 34.327570] ? kprobe_dispatcher+0x5d/0x70
[ 34.327571] ? tcp_getsockopt+0x1/0x40
[ 34.327574] ? kprobe_ftrace_handler+0x90/0xf0
[ 34.327576] ? sock_common_getsockopt+0x1a/0x20
[ 34.327579] ? ftrace_ops_assist_func+0x8d/0x120
[ 34.327581] ? __kmalloc+0x194/0x290
[ 34.327584] ? 0xffffffffc12c60da
[ 34.327585] ? do_tcp_getsockopt.isra.0+0xdd0/0xdd0
[ 34.327587] ? hrtimer_nanosleep+0xc2/0x1c0
[ 34.327588] ? tcp_getsockopt+0x1/0x40
[ 34.327589] ? tcp_getsockopt+0x5/0x40
[ 34.327590] ? sock_common_getsockopt+0x1a/0x20
[ 34.327591] ? tcp_getsockopt+0x5/0x40
[ 34.327592] ? sock_common_getsockopt+0x1a/0x20
[ 34.327595] ? __sys_getsockopt+0x8d/0x120
[ 34.327596] ? __x64_sys_getsockopt+0x25/0x30
[ 34.327599] ? do_syscall_64+0x57/0x190
[ 34.327600] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 34.327602] ---[ end trace 19b8ce88871e95c2 ]---

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pawsten