Preventing a tapscript from accessing user space.

public inbox for systemtap@sourceware.org
 help / color / mirror / Atom feed

* Preventing a tapscript from accessing user space.
@ 2007-02-06  0:07 David Wilder
  2007-06-10 17:23 ` Frank Ch. Eigler
  0 siblings, 1 reply; 2+ messages in thread
From: David Wilder @ 2007-02-06  0:07 UTC (permalink / raw)
  To: systemtap

What prevents a tapscript from attempting to access user space 
directly?  For example:
if   $arg is a pointer to a struct in user space (presumably passed to 
the kernel via some system call).
What prevents me from doing   i=$arg->j in the tapscript.

Also when I looked at the code generated by stap I was hoping to see 
deref() used but that is not what I found.
I could have missed something...

On i386 the above example works ok because we can just access the user 
space, it works but it is not correct.
On s390 I can't do that I must use something like get_user(),  but I 
cant do that ether because get_user() calls might_sleep() and the probe 
is running with interrupts off.

-- 
David Wilder
IBM Linux Technology Center
Beaverton, Oregon, USA 
dwilder@us.ibm.com
(503)578-3789

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: Preventing a tapscript from accessing user space.
  2007-02-06  0:07 Preventing a tapscript from accessing user space David Wilder
@ 2007-06-10 17:23 ` Frank Ch. Eigler
  0 siblings, 0 replies; 2+ messages in thread
From: Frank Ch. Eigler @ 2007-06-10 17:23 UTC (permalink / raw)
  To: David Wilder; +Cc: systemtap

David Wilder wrote (some time ago):

> [...] For example: if $arg is a pointer to a struct in user space
> (presumably passed to the kernel via some system call).  What
> prevents me from doing i=$arg->j in the tapscript?

Nothing - we can't.  The "__user" modifier doesn't make it into the
debugging data.  The old bug #2049 outlines a way of letting the
script explicitly designate user- vs. kernel-space pointer
dereferences.

> Also when I looked at the code generated by stap I was hoping to see
> deref() used but that is not what I found.

There should be one there, inside the generated "tvar_get" function.

> On i386 the above example works ok because we can just access the
> user space, it works but it is not correct.  On s390 I can't do that
> I must use something like get_user(), but I cant do that ether
> because get_user() calls might_sleep() and the probe is running with
> interrupts off.

The i386 code is predicated on the assumption that user-space accesses
are possible with ordinary loads/stores, but exceptions are caught and
returned as -EFAULT values rather than sleeping or whatnot.

- FChE

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2007-06-10 17:23 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-02-06  0:07 Preventing a tapscript from accessing user space David Wilder
2007-06-10 17:23 ` Frank Ch. Eigler

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).