Re: [PATCH 0/8] Fix bpf: fix userspace access for bpf_probe_read{,str}()

[Greg KH <gregkh@linuxfoundation.org>]

On Fri, Apr 23, 2021 at 05:08:03PM +0200, Greg KH wrote:
> On Wed, Apr 21, 2021 at 04:05:32PM +0300, Zidenberg, Tsahi wrote:
> > In arm64, kernelspace address accessors cannot be used to access
> > userspace addresses, which means bpf_probe_read{,str}() cannot access
> > userspace addresses. That causes e.g. command-line parameters to not
> > appear when snooping execve using bpf.
> 
> Again, this really feels like a new feature, not a regression or bugfix
> at all.  And in looking at these patches, that feeling really gets
> stronger.
> 
> > This patch series takes the upstream solution. This solution also
> > changes user API in the following ways:
> > * Add probe_read_{user, kernel}{,_str} bpf helpers
> > * Add skb_output helper to the enum only (calling it not supported)
> > * Add support for %pks, %pus specifiers
> > 
> > An alternative fix only takes the required logic to existing API without
> > adding new API, was suggested here:
> > https://www.spinics.net/lists/stable/msg454945.html
> > 
> > Another option is to only take patches [1-4] of this patchset, and add
> > on top of them commit 8d92db5c04d1 ("bpf: rework the compat kernel probe
> > handling"). In that case, the last patch would require function renames
> > and conflict resolutions that were avoided in this patchset by pulling
> > patches [5-7].
> 
> The other option is to move your system to a newer kernel release that
> has this new feature, right?  :)
> 
> What prevents you from doing that today?  What bug is this solving that
> worked in previous kernel releases and was broken in 5.4.y?

And again, "feature parity across CPU architectures for the same
release" is nothing that Linux has EVER guaranteed...

thanks,

greg k-h