From: "Theodore Ts'o" <tytso@mit.edu>
To: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Andrew Morton <akpm@linux-foundation.org>,
Chris Mason <clm@meta.com>, Steven Rostedt <rostedt@goodmis.org>,
Borislav Petkov <bp@alien8.de>,
LKML <linux-kernel@vger.kernel.org>,
Masami Hiramatsu <mhiramat@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Kees Cook <keescook@chromium.org>,
Josh Poimboeuf <jpoimboe@redhat.com>,
KP Singh <kpsingh@kernel.org>,
Mark Rutland <mark.rutland@arm.com>,
Florent Revest <revest@chromium.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Christoph Hellwig <hch@infradead.org>,
Benjamin Tissoires <benjamin.tissoires@redhat.com>
Subject: Re: [PATCH] error-injection: Add prompt for function error injection
Date: Fri, 2 Dec 2022 10:56:52 -0500 [thread overview]
Message-ID: <Y4ogRH7zWLpmVXzJ@mit.edu> (raw)
In-Reply-To: <20221202014129.n5lmvzsy436ebo4b@macbook-pro-6.dhcp.thefacebook.com>
On Thu, Dec 01, 2022 at 05:41:29PM -0800, Alexei Starovoitov wrote:
>
> The fault injection framework disables individual syscall with zero performance
> overhead comparing to LSM and seccomp mechanisms.
> BPF is not involved here. It's a kprobe in one spot.
> All other syscalls don't notice it.
> It's an attractive way to improve security.
>
> A BPF prog over syscall can filter by user, cgroup, task and give fine grain
> control over security surface.
> tbh I'm not aware of folks doing "syscall disabling" through command line like
> above (I've only seen it through bpf), but it doesn't mean that somebody will
> not start complaining that their script broke, because distro disabled fault
> injection.
>
> So should we split FUNCTION_ERROR_INJECTION kconfig into two ?
> And do default N for things like should_failslab() and
> default Y for syscalls?
How about calling the latter something like bpf syscall hooks, and not
using the terminology "error injection" in relation to system calls?
I think that might be less confusing.
- Ted
next prev parent reply other threads:[~2022-12-02 15:57 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-21 15:44 [PATCH] error-injection: Add prompt for function error injection Steven Rostedt
2022-11-21 19:32 ` Borislav Petkov
2022-11-21 23:36 ` Alexei Starovoitov
2022-11-22 0:09 ` Masami Hiramatsu
2022-11-22 0:24 ` Steven Rostedt
2022-11-22 0:40 ` Steven Rostedt
2022-11-22 10:39 ` Borislav Petkov
2022-11-22 17:42 ` Chris Mason
2022-11-22 18:16 ` Borislav Petkov
2022-11-22 18:29 ` Steven Rostedt
2022-11-22 19:51 ` Chris Mason
2022-11-30 22:37 ` Andrew Morton
2022-12-01 16:58 ` Alexei Starovoitov
2022-12-01 17:39 ` Benjamin Tissoires
2022-12-01 21:12 ` Andrew Morton
2022-12-01 21:13 ` Linus Torvalds
2022-12-02 0:46 ` Jiri Kosina
2022-12-02 0:57 ` Linus Torvalds
2022-12-02 1:03 ` Jiri Kosina
2022-12-02 1:32 ` Steven Rostedt
2022-12-02 1:41 ` Alexei Starovoitov
2022-12-02 15:56 ` Theodore Ts'o [this message]
2022-12-02 21:27 ` Alexei Starovoitov
2022-12-02 23:17 ` Steven Rostedt
2022-12-03 0:55 ` Alexei Starovoitov
2022-12-04 22:50 ` Masami Hiramatsu
2022-12-06 2:05 ` Alexei Starovoitov
2022-12-02 14:55 ` Benjamin Tissoires
2022-12-02 19:30 ` Alexei Starovoitov
2022-12-05 17:01 ` Benjamin Tissoires
2022-12-01 14:41 ` Masami Hiramatsu
2022-12-01 16:37 ` [RFC PATCH] panic: Add new taint flag for fault injection Masami Hiramatsu (Google)
2022-12-01 16:39 ` Kees Cook
2022-12-01 16:48 ` Steven Rostedt
2022-12-01 16:53 ` Kees Cook
2022-12-01 19:14 ` Steven Rostedt
2022-12-01 21:00 ` Chris Mason
2022-12-01 21:18 ` Linus Torvalds
2022-12-02 6:17 ` Christoph Hellwig
2022-12-01 21:25 ` Steven Rostedt
2022-12-01 21:29 ` Steven Rostedt
2022-12-02 0:46 ` Masami Hiramatsu
2022-12-01 16:40 ` Steven Rostedt
2022-11-21 22:24 ` [PATCH] error-injection: Add prompt for function error injection Masami Hiramatsu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y4ogRH7zWLpmVXzJ@mit.edu \
--to=tytso@mit.edu \
--cc=akpm@linux-foundation.org \
--cc=alexei.starovoitov@gmail.com \
--cc=benjamin.tissoires@redhat.com \
--cc=bp@alien8.de \
--cc=clm@meta.com \
--cc=gregkh@linuxfoundation.org \
--cc=hch@infradead.org \
--cc=jpoimboe@redhat.com \
--cc=keescook@chromium.org \
--cc=kpsingh@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=mhiramat@kernel.org \
--cc=peterz@infradead.org \
--cc=revest@chromium.org \
--cc=rostedt@goodmis.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.