On 21/04/2021 16:18, Greg KH wrote:
On Wed, Apr 21, 2021 at 04:05:32PM +0300, Zidenberg, Tsahi wrote:
In arm64, kernelspace address accessors cannot be used to access userspace addresses, which means bpf_probe_read{,str}() cannot access userspace addresses. That causes e.g. command-line parameters to not appear when snooping execve using bpf.
This patch series takes the upstream solution. This solution also changes user API in the following ways:
- Add probe_read_{user, kernel}{,_str} bpf helpers
- Add skb_output helper to the enum only (calling it not supported)
- Add support for %pks, %pus specifiers
An alternative fix only takes the required logic to existing API without adding new API, was suggested here: https://www.spinics.net/lists/stable/msg454945.html
Another option is to only take patches [1-4] of this patchset, and add on top of them commit 8d92db5c04d1 ("bpf: rework the compat kernel probe handling"). In that case, the last patch would require function renames and conflict resolutions that were avoided in this patchset by pulling patches [5-7].
What stable tree(s) are you expecting these to be relevant for?
Sorry I forgot to mention it here.. This patchset was created/tested for 5.4. I expect it to also be relevant for 4.19, but I didn't test it. If you like it for 5.4 I could test and resubmit or notify you. No updates are necessary for 5.10.
Thank you! Tsahi.