From: Chris Mason <clm@meta.com>
To: Steven Rostedt <rostedt@goodmis.org>,
Mark Rutland <mark.rutland@arm.com>
Cc: Alexei Starovoitov <alexei.starovoitov@gmail.com>,
Florent Revest <revest@chromium.org>, bpf <bpf@vger.kernel.org>,
Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>,
KP Singh <kpsingh@kernel.org>,
Brendan Jackman <jackmanb@google.com>,
markowsky@google.com, Masami Hiramatsu <mhiramat@kernel.org>,
Xu Kuohai <xukuohai@huawei.com>,
LKML <linux-kernel@vger.kernel.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Christoph Hellwig <hch@infradead.org>,
Peter Zijlstra <peterz@infradead.org>
Subject: Re: [RFC 0/1] BPF tracing for arm64 using fprobe
Date: Fri, 18 Nov 2022 12:44:00 -0500 [thread overview]
Message-ID: <43d5d1f5-c01d-c0db-b421-386331c2b8c1@meta.com> (raw)
In-Reply-To: <20221118114519.2711d890@gandalf.local.home>
On 11/18/22 11:45 AM, Steven Rostedt wrote:
> On Fri, 18 Nov 2022 16:34:50 +0000
> Mark Rutland <mark.rutland@arm.com> wrote:
>
>>> Not alarmist, but concern as being able to modify what a kernel function can
>>> do is not something I take lightly.
>>
>> FWIW, given that the aim here seems to be to expose all kernel internals to be
>> overridden arbitrarily, I'm also concerned that there's a huge surface area for
>> issues with maintainability, robustness/correctness, and security.
>>
>> I really don't want to be stuck in a position where someone argues that all
>> kernel internal functions are ABI and need to stay around as-is to be hooked by
>> eBPF, and I hope that we all agree that there are no guarantees on that front.
>
For ABI concerns, I don't think we're doing anything fundamentally
different from x86 here. So unless our ARM users are substantially more
exciting than the x86 crowd, it should all fall under the discussion
from maintainer's summit:
https://lwn.net/Articles/908464/
> My biggest concern is changing functionality of arbitrary functions by BPF.
> I would much rather limit what functions BPF could change with some
> annotation.
>
> int __bpf_modify foo()
> {
> ...
> }
>
>
> That way if somethings not working, you can see directly in the code that
> the function could be modified by a BPF program, instead of getting some
> random bug report because a function returned an unexpected result that the
> code of that function could never produce.
>
The good news is that BPF generally confines the function replacement
through struct ops interfaces. There are also explicit allow lists to
limit functions where you can do return value overrides etc, so I think
it's fair to say these concerns are already baked in. I'm sure they can
be improved over the long term, but I don't think that's related to this
set of functionality on ARM.
-chris
next prev parent reply other threads:[~2022-11-18 17:45 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-08 22:06 [RFC 0/1] BPF tracing for arm64 using fprobe Florent Revest
2022-11-08 22:06 ` [RFC 1/1] bpf: Invoke tracing progs using fprobe on archs without direct call Florent Revest
2022-11-17 2:41 ` [RFC 0/1] BPF tracing for arm64 using fprobe Alexei Starovoitov
2022-11-17 13:33 ` Masami Hiramatsu
2022-11-17 16:50 ` Alexei Starovoitov
2022-11-18 16:26 ` Mark Rutland
2022-11-17 17:16 ` Steven Rostedt
2022-11-17 21:55 ` Chris Mason
2022-11-17 22:40 ` Steven Rostedt
2022-11-18 16:34 ` Mark Rutland
2022-11-18 16:45 ` Steven Rostedt
2022-11-18 17:44 ` Chris Mason [this message]
2022-11-18 18:06 ` Steven Rostedt
2022-11-18 18:52 ` Chris Mason
2022-11-21 13:47 ` KP Singh
2022-11-21 14:16 ` Peter Zijlstra
2022-11-21 14:23 ` KP Singh
2022-11-21 15:15 ` Steven Rostedt
2022-11-21 15:29 ` KP Singh
2022-11-21 15:39 ` Steven Rostedt
2022-11-21 16:16 ` Jiri Kosina
2022-11-21 15:40 ` Alexei Starovoitov
2022-11-21 15:45 ` Steven Rostedt
2022-11-21 15:55 ` Borislav Petkov
2022-11-21 10:09 ` Peter Zijlstra
2022-11-21 14:40 ` Masami Hiramatsu
2022-11-18 16:18 ` Mark Rutland
2022-11-17 13:16 ` Masami Hiramatsu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43d5d1f5-c01d-c0db-b421-386331c2b8c1@meta.com \
--to=clm@meta.com \
--cc=alexei.starovoitov@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=gregkh@linuxfoundation.org \
--cc=hch@infradead.org \
--cc=jackmanb@google.com \
--cc=kpsingh@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=markowsky@google.com \
--cc=mhiramat@kernel.org \
--cc=peterz@infradead.org \
--cc=revest@chromium.org \
--cc=rostedt@goodmis.org \
--cc=torvalds@linux-foundation.org \
--cc=xukuohai@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox