libdrgn: linux_kernel: skip /sys/module fast path when non-root

Only root can open some of the files within /sys/module. Thankfully, the /sys/module code path is only an optimization. When we are running as a non-root user, fall back to the less performant method, which doesn't cause permission issues. Signed-off-by: Stephen Brennan <stephen@brennan.io>
osandov · Aug 17, 2023 · ff088f9 · ff088f9
1 parent 628f1dc
commit ff088f9
Showing 1 changed file with 13 additions and 3 deletions.
diff --git a/libdrgn/linux_kernel.c b/libdrgn/linux_kernel.c
@@ -1550,11 +1550,21 @@ report_kernel_modules(struct drgn_debug_info_load_state *load,
 	/*
 	 * If we're debugging the running kernel, we can use
 	 * /sys/module/$module/notes and /sys/module/$module/sections instead of
-	 * getting the equivalent information from the core dump. This fast path
-	 * can be disabled via an environment variable for testing.
+	 * getting the equivalent information from the core dump. But this is
+	 * only possible if we are running as root, since the files here have
+	 * restricted permissions.
+	 *
+	 * The vast majority of live kernel debugging cases, we're running as
+	 * root. But it's possible to be running as non-root during a live
+	 * kernel debugging session, if the program was created based on a file
+	 * descriptor for /proc/kcore passed to us via Unix socket by a task
+	 * with root permissions.
+	 *
+	 * This fast path can be disabled via an environment variable for
+	 * testing.
 	 */
 	bool use_sys_module = false;
-	if (prog->flags & DRGN_PROGRAM_IS_LIVE) {
+	if ((prog->flags & DRGN_PROGRAM_IS_LIVE) && getuid() == 0) {
 		char *env = getenv("DRGN_USE_SYS_MODULE");
 		use_sys_module = !env || atoi(env);
 	}