Differentiate usage of bpf_probe_read for userspace and kernelspace access

[pawsten]

Since Linux 5.5. function probe_read_user should be split for bpf_probe_read_user for userspace read and bpf_probe_read_kernel for kernelspace access. https://man7.org/linux/man-pages/man7/bpf-helpers.7.html

[pawsten]

It may be related with following stacktrace:

[ 34.327482] sysfillrect ghash_clmulni_intel sysimgblt usbhid aesni_intel fb_sys_fops ixgbe crypto_simd cryptd mxm_wmi igb xfrm_algo lpc_ich ahci drm glue_helper hid i2c_algo_bit dca megaraid_sas libahci mdio wmi [ 34.327491] CPU: 4 PID: 3051 Comm: oneagentnettrac Tainted: G OE 5.4.0-176-generic #196-Ubuntu [ 34.327492] Hardware name: Dell Inc. PowerEdge R730/072T6D, BIOS 2.11.0 11/02/2019 [ 34.327493] RIP: 0010:ex_handler_uaccess+0x52/0x60 [ 34.327495] Code: c4 08 b8 01 00 00 00 5b 5d c3 80 3d ab fa b8 01 00 75 db 48 c7 c7 58 8b 72 83 48 89 75 f0 c6 05 97 fa b8 01 01 e8 4c b6 a2 00 <0f> 0b 48 8b 75 f0 eb bc 66 0f 1f 44 00 00 0f 1f 44 00 00 55 80 3d [ 34.327495] RSP: 0018:ffffafb5e0237a10 EFLAGS: 00010282 [ 34.327496] RAX: 0000000000000000 RBX: ffffffff83202870 RCX: 0000000000000000 [ 34.327497] RDX: 000000000000003f RSI: ffffffff84f9e65f RDI: 0000000000000246 [ 34.327497] RBP: ffffafb5e0237a20 R08: ffffffff84f9e620 R09: 000000000000003f [ 34.327497] R10: 0000000000000000 R11: 0000000000000001 R12: ffffafb5e0237a88 [ 34.327498] R13: 0000000000000000 R14: 000000000000000d R15: 0000000000000000 [ 34.327499] FS: 00007f4ae742b780(0000) GS:ffff9a57bf880000(0000) knlGS:0000000000000000 [ 34.327499] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 34.327500] CR2: 00007f4ae75da5e0 CR3: 0000001fb511a002 CR4: 00000000003606e0 [ 34.327500] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 34.327501] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 34.327501] Call Trace: [ 34.327507] ? show_regs.cold+0x1a/0x1f [ 34.327510] ? __warn+0x98/0xe0 [ 34.327511] ? ex_handler_uaccess+0x52/0x60 [ 34.327513] ? report_bug+0xd1/0x100 [ 34.327515] ? vprintk_store+0x103/0x210 [ 34.327519] ? do_error_trap+0x9b/0xc0 [ 34.327520] ? do_invalid_op+0x3c/0x50 [ 34.327521] ? ex_handler_uaccess+0x52/0x60 [ 34.327524] ? invalid_op+0x1e/0x30 [ 34.327526] ? ex_handler_uaccess+0x52/0x60 [ 34.327528] fixup_exception+0x4a/0x70 [ 34.327530] do_general_protection+0x50/0x160 [ 34.327532] general_protection+0x28/0x30 [ 34.327535] RIP: 0010:copy_user_generic_unrolled+0x9e/0xc0 [ 34.327536] Code: 48 8d 7f 40 ff c9 75 b6 89 d1 83 e2 07 c1 e9 03 74 12 4c 8b 06 4c 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10 89 d1 <8a> 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 31 c0 0f 01 ca c3 66 66 [ 34.327537] RSP: 0018:ffffafb5e0237b30 EFLAGS: 00050202 [ 34.327538] RAX: 0000000000000000 RBX: ffff9a57b4b70000 RCX: 0000000000000004 [ 34.327539] RDX: 0000000000000004 RSI: 0100007f0200007f RDI: ffffafb5e0237bfc [ 34.327540] RBP: ffffafb5e0237b60 R08: ffffafb5e0237ba0 R09: 00000000000000c0 [ 34.327541] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000004 [ 34.327541] R13: 00007ffffffff000 R14: 0100007f0200007f R15: ffffafb5e0237bfc [ 34.327545] ? __probe_kernel_read+0x5a/0x90 [ 34.327549] bpf_probe_read+0x33/0x60 [ 34.327551] ? trace_call_bpf+0x69/0xe0 [ 34.327556] ? tcp_getsockopt+0x1/0x40 [ 34.327559] ? kprobe_perf_func+0x23e/0x290 [ 34.327562] ? _cond_resched+0x19/0x30 [ 34.327563] ? _raw_spin_unlock_bh+0x1e/0x20 [ 34.327565] ? tcp_get_info+0x434/0x450 [ 34.327566] ? tcp_getsockopt+0x1/0x40 [ 34.327568] ? tcp_getsockopt+0x5/0x40 [ 34.327570] ? kprobe_dispatcher+0x5d/0x70 [ 34.327571] ? tcp_getsockopt+0x1/0x40 [ 34.327574] ? kprobe_ftrace_handler+0x90/0xf0 [ 34.327576] ? sock_common_getsockopt+0x1a/0x20 [ 34.327579] ? ftrace_ops_assist_func+0x8d/0x120 [ 34.327581] ? __kmalloc+0x194/0x290 [ 34.327584] ? 0xffffffffc12c60da [ 34.327585] ? do_tcp_getsockopt.isra.0+0xdd0/0xdd0 [ 34.327587] ? hrtimer_nanosleep+0xc2/0x1c0 [ 34.327588] ? tcp_getsockopt+0x1/0x40 [ 34.327589] ? tcp_getsockopt+0x5/0x40 [ 34.327590] ? sock_common_getsockopt+0x1a/0x20 [ 34.327591] ? tcp_getsockopt+0x5/0x40 [ 34.327592] ? sock_common_getsockopt+0x1a/0x20 [ 34.327595] ? __sys_getsockopt+0x8d/0x120 [ 34.327596] ? __x64_sys_getsockopt+0x25/0x30 [ 34.327599] ? do_syscall_64+0x57/0x190 [ 34.327600] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 34.327602] ---[ end trace 19b8ce88871e95c2 ]---