代码拉取完成,页面将自动刷新
同步操作将从 src-openEuler/bcc 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
From ce5c8938c494eb03f0784c6e4ae81507139ca779 Mon Sep 17 00:00:00 2001
From: yonghong-song <ys114321@gmail.com>
Date: Tue, 30 Jan 2024 09:13:04 -0800
Subject: [PATCH 1/1] Fix ttysnoop.py with newer kernels (#4888)
Jerome Marchand reported that ttysnoop.py won't work properly
with newer kernels (#4884). I did some investigation and found
that some kernel data structure change caused verification failure.
The failure is caused by the following:
; kvec = from->kvec;
// R1=ptr_iov_iter()
15: (79) r1 = *(u64 *)(r1 +16) ; R1_w=scalar()
; count = kvec->iov_len;
16: (bf) r2 = r1 ; R1_w=scalar(id=1) R2_w=scalar(id=1)
17: (07) r2 += 8 ; R2_w=scalar()
18: (05) goto pc+3
;
22: (79) r2 = *(u64 *)(r2 +0)
R2 invalid mem access 'scalar'
So basically, loading 'iov_iter + 16' returns a scalar but verifier
expects it to be a pointer.
In v6.4, we have
struct iovec
{
void __user *iov_base; /* BSD uses caddr_t (1003.1g requires void *) */
__kernel_size_t iov_len; /* Must be size_t (1003.1g) */
};
struct iov_iter {
u8 iter_type;
bool copy_mc;
bool nofault;
bool data_source;
bool user_backed;
union {
size_t iov_offset;
int last_offset;
};
union {
struct iovec __ubuf_iovec;
struct {
union {
const struct iovec *__iov;
const struct kvec *kvec;
const struct bio_vec *bvec;
struct xarray *xarray;
struct pipe_inode_info *pipe;
void __user *ubuf;
};
size_t count;
};
};
union {
unsigned long nr_segs;
struct {
unsigned int head;
unsigned int start_head;
};
loff_t xarray_start;
};
};
The kernel traversal chain will be
"struct iov_iter" -> "struct iovec __ubuf_iovec" -> "void __user *iov_base".
Since the "iov_base" type is a ptr to void, the kernel considers the
loaded value as a scalar which caused verification failure.
But for old kernel like 5.19, we do not have this issue.
struct iovec
{
void __user *iov_base; /* BSD uses caddr_t (1003.1g requires void *) */
__kernel_size_t iov_len; /* Must be size_t (1003.1g) */
};
struct iov_iter {
u8 iter_type;
bool nofault;
bool data_source;
bool user_backed;
size_t iov_offset;
size_t count;
union {
const struct iovec *iov;
const struct kvec *kvec;
const struct bio_vec *bvec;
struct xarray *xarray;
struct pipe_inode_info *pipe;
void __user *ubuf;
};
union {
unsigned long nr_segs;
struct {
unsigned int head;
unsigned int start_head;
};
loff_t xarray_start;
};
};
The kernel traversal chain will be
"struct iov_iter" -> "const struct iovec *iov"
Note that "const struct iovec *iov" is used since it is the *first* member
inside the union. The traversal stops once we hit a pointer.
So the kernel verifier returns a 'struct iovec' object (untrusted, cannot
be used as a parameter to a call) and verifier can proceed.
To fix the problem, let us use bpf_probe_read_kernel() instead
so ttysnoop.py can continue to work with newer kernel.
Signed-off-by: Yonghong Song <yonghong.song@linux.dev>
---
tools/ttysnoop.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/ttysnoop.py b/tools/ttysnoop.py
index 77f97b7c..aca09db4 100755
--- a/tools/ttysnoop.py
+++ b/tools/ttysnoop.py
@@ -162,8 +162,8 @@ PROBE_TTY_WRITE
*/
case CASE_ITER_IOVEC_NAME:
kvec = from->kvec;
- buf = kvec->iov_base;
- count = kvec->iov_len;
+ bpf_probe_read_kernel(&buf, sizeof(buf), &kvec->iov_base);
+ bpf_probe_read_kernel(&count, sizeof(count), &kvec->iov_len);
break;
CASE_ITER_UBUF_TEXT
/* TODO: Support more type */
--
2.27.0
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手