From: Dmitry Vyukov <dvyukov@google.com>
To: Aleksandr Nogikh <nogikh@google.com>
Cc: Akinobu Mita <akinobu.mita@gmail.com>,
Aleksandr Nogikh <a.nogikh@gmail.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Andrey Konovalov <andreyknvl@google.com>,
Marco Elver <elver@google.com>,
Alexander Potapenko <glider@google.com>,
Kees Cook <keescook@google.com>,
LKML <linux-kernel@vger.kernel.org>,
linux-security-module <linux-security-module@vger.kernel.org>
Subject: Re: [RFC PATCH v2 2/2] docs: add fail_lsm_hooks info to fault-injection.rst
Date: Wed, 28 Oct 2020 10:41:04 +0100 [thread overview]
Message-ID: <CACT4Y+ZX=FjO0Ohoxnyjb3RqaTdGDpYs-Z4pJyiTo2TYY_ROqQ@mail.gmail.com> (raw)
In-Reply-To: <CANp29Y7sDaxrw+0wEVU0vo56AhKFRvbQSGeRc168gs6S8iK_-g@mail.gmail.com>
On Tue, Oct 27, 2020 at 6:34 PM Aleksandr Nogikh <nogikh@google.com> wrote:
> [...]
> > In addition to this global one, what do you think about per-hook fault
> > injection,
> > i.e. /sys/kernel/debug/fail_lsm_hooks/<FUNC>/retval ?
>
> I was thinking about this, but decided to begin with a simple version
> that could definitely be useful in practice (for syzbot/syzkaller it is just
> necessary to have a fault injection capability that will be triggered via
> fail-nth). If per-hook fault injection can also be useful to someone, I
> can try to add it as well.
Yes, before we add it, it would be useful to have a clear use case
(otherwise we can add an unused thing, or implement it in a way that
slightly misses the use case).
Note that fail-nth allows to fail a single concrete site for testing,
though it's not super convenient for this as one would need to figure
out the right N first. But as a one-off test it should do.
> > In this case, we need a fault_attr for each hook. (Maybe, we can use the same
> > technique that is used to define security_hook_heads).
>
> Yes, that technique should help to implement the feature in a very concise
> way. Thanks for the suggestion.
prev parent reply other threads:[~2020-10-28 23:38 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-26 12:52 [RFC PATCH v2 0/2] security: add fault injection to LSM hooks Aleksandr Nogikh
2020-10-26 12:52 ` [RFC PATCH v2 1/2] security: add fault injection capability Aleksandr Nogikh
2020-10-26 16:20 ` Casey Schaufler
2020-10-27 17:29 ` Aleksandr Nogikh
2020-10-27 17:56 ` Casey Schaufler
2020-10-26 12:52 ` [RFC PATCH v2 2/2] docs: add fail_lsm_hooks info to fault-injection.rst Aleksandr Nogikh
2020-10-27 15:31 ` Akinobu Mita
2020-10-27 17:33 ` Aleksandr Nogikh
2020-10-28 9:41 ` Dmitry Vyukov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CACT4Y+ZX=FjO0Ohoxnyjb3RqaTdGDpYs-Z4pJyiTo2TYY_ROqQ@mail.gmail.com' \
--to=dvyukov@google.com \
--cc=a.nogikh@gmail.com \
--cc=akinobu.mita@gmail.com \
--cc=andreyknvl@google.com \
--cc=elver@google.com \
--cc=glider@google.com \
--cc=jmorris@namei.org \
--cc=keescook@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=nogikh@google.com \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).