From: Masami Hiramatsu (Google) <mhiramat@kernel.org>
To: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: LKML <linux-kernel@vger.kernel.org>,
bpf@vger.kernel.org, Borislav Petkov <bp@alien8.de>,
Steven Rostedt <rostedt@goodmis.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Andrew Morton <akpm@linux-foundation.org>,
Peter Zijlstra <peterz@infradead.org>,
Kees Cook <keescook@chromium.org>,
Josh Poimboeuf <jpoimboe@redhat.com>,
KP Singh <kpsingh@kernel.org>,
Mark Rutland <mark.rutland@arm.com>,
Florent Revest <revest@chromium.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Christoph Hellwig <hch@infradead.org>, Chris Mason <clm@meta.com>
Subject: Re: [PATCH v2] panic: Taint kernel if fault injection has been used
Date: Mon, 5 Dec 2022 07:59:21 +0900 [thread overview]
Message-ID: <20221205075921.02edfe6b54abc5c2f9831875@kernel.org> (raw)
In-Reply-To: <20221204223001.6wea7cgkofjsiy2z@macbook-pro-6.dhcp.thefacebook.com>
On Sun, 4 Dec 2022 14:30:01 -0800
Alexei Starovoitov <alexei.starovoitov@gmail.com> wrote:
> On Mon, Dec 05, 2022 at 07:22:44AM +0900, Masami Hiramatsu (Google) wrote:
> > From: Masami Hiramatsu (Google) <mhiramat@kernel.org>
> >
> > Since the function error injection framework in the fault injection
> > subsystem can change the function code flow forcibly, it may cause
> > unexpected behavior (and that is the purpose of this feature) even
> > if it is applied to the ALLOW_ERROR_INJECTION functions.
> > So this feature must be used only for debugging or testing purpose.
>
> The whole idea of tainting for kernel debugging is questionable.
> There are many other *inject* kconfigs and other debug flags
> for link lists, RCU, sleeping, etc.
> None of them taint the kernel.
>
> > To identify this in the kernel oops message, add a new taint flag
>
> Have you ever seen a single oops message because of this particular
> error injection?
No, but there is no guarantee that the FEI doesn't cause any issue
in the future too. If it happens, we need to know the precise
information about what FEI/bpf does.
FEI is a kind of temporal Livepatch for testing. If Livepatch taints
the kernel, why doesn't the FEI taint it too?
>
> > for the fault injection. This taint flag will be set by either
> > function error injection is used or the BPF use the kprobe_override
> > on error injectable functions (identified by ALLOW_ERROR_INJECTION).
>
> ...
>
> > /* set the new array to event->tp_event and set event->prog */
> > + if (prog->kprobe_override)
> > + add_taint(TAINT_FAULT_INJECTED, LOCKDEP_NOW_UNRELIABLE);
>
> Nack for bpf bits.
I think this is needed especially for bpf bits. If we see this flag,
we can ask reporters to share the bpf programs which they used.
Thank you,
--
Masami Hiramatsu (Google) <mhiramat@kernel.org>
next prev parent reply other threads:[~2022-12-04 22:59 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-04 22:22 [PATCH v2] panic: Taint kernel if fault injection has been used Masami Hiramatsu (Google)
2022-12-04 22:30 ` Alexei Starovoitov
2022-12-04 22:59 ` Masami Hiramatsu [this message]
2022-12-06 2:17 ` Alexei Starovoitov
2022-12-06 7:20 ` Masami Hiramatsu
2022-12-07 4:01 ` Alexei Starovoitov
2022-12-07 4:39 ` Steven Rostedt
2022-12-07 4:41 ` Steven Rostedt
2022-12-07 4:45 ` Alexei Starovoitov
2022-12-07 5:18 ` Steven Rostedt
2022-12-07 12:48 ` Steven Rostedt
2022-12-08 4:36 ` Alexei Starovoitov
2022-12-08 14:59 ` Steven Rostedt
2022-12-11 2:52 ` Masami Hiramatsu
2022-12-11 7:49 ` KP Singh
2022-12-11 15:14 ` Masami Hiramatsu
2022-12-12 21:39 ` KP Singh
2022-12-11 17:02 ` Steven Rostedt
2022-12-12 21:43 ` KP Singh
2022-12-12 0:53 ` Masami Hiramatsu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221205075921.02edfe6b54abc5c2f9831875@kernel.org \
--to=mhiramat@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=alexei.starovoitov@gmail.com \
--cc=bp@alien8.de \
--cc=bpf@vger.kernel.org \
--cc=clm@meta.com \
--cc=gregkh@linuxfoundation.org \
--cc=hch@infradead.org \
--cc=jpoimboe@redhat.com \
--cc=keescook@chromium.org \
--cc=kpsingh@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=peterz@infradead.org \
--cc=revest@chromium.org \
--cc=rostedt@goodmis.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox