On Fri, Feb 22, 2019 at 03:59:30PM -0800, Andy Lutomirski wrote: > > > > A relatively simple approach might be to teach BPF not to run kprobe > > programs and such in contexts where current->mm isn't the active mm? > > Maybe using nmi_uaccess_okay(), or something like that? It looks like > > perf_callchain_user() also already uses that. Except that a lot of > > this code is x86-specific... > > This sounds like exactly the right solution. If you're running from > some unknown context (like NMI or tracing), then you should check > nmi_uaccess_okay(). I think we should just promote that to be a > non-arch-specific function (that returns true by default) and check it > the relevant bpf_probe_xyz() functions. > > Alexei, does that seem reasonable?
yep. I think that should work.
