From: Josef Bacik <josef@toxicpanda.com>
To: Ingo Molnar <mingo@kernel.org>
Cc: Josef Bacik <josef@toxicpanda.com>,
rostedt@goodmis.org, mingo@redhat.com, davem@davemloft.net,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
ast@kernel.org, kernel-team@fb.com, daniel@iogearbox.net,
Josef Bacik <jbacik@fb.com>
Subject: Re: [PATCH 1/2] bpf: add a bpf_override_function helper
Date: Sat, 11 Nov 2017 06:51:08 -0500 [thread overview]
Message-ID: <20171111115107.utf6teuxddob2x5j@destiny> (raw)
In-Reply-To: <20171111081455.qx4rodxldofbzypb@gmail.com>
On Sat, Nov 11, 2017 at 09:14:55AM +0100, Ingo Molnar wrote:
>
> * Josef Bacik <josef@toxicpanda.com> wrote:
>
> > On Fri, Nov 10, 2017 at 10:34:59AM +0100, Ingo Molnar wrote:
> > >
> > > * Josef Bacik <josef@toxicpanda.com> wrote:
> > >
> > > > @@ -551,6 +578,10 @@ static const struct bpf_func_proto *kprobe_prog_func_proto(enum bpf_func_id func
> > > > return &bpf_get_stackid_proto;
> > > > case BPF_FUNC_perf_event_read_value:
> > > > return &bpf_perf_event_read_value_proto;
> > > > + case BPF_FUNC_override_return:
> > > > + pr_warn_ratelimited("%s[%d] is installing a program with bpf_override_return helper that may cause unexpected behavior!",
> > > > + current->comm, task_pid_nr(current));
> > > > + return &bpf_override_return_proto;
> > >
> > > So if this new functionality is used we'll always print this into the syslog?
> > >
> > > The warning is also a bit passive aggressive about informing the user: what
> > > unexpected behavior can happen, what is the worst case?
> > >
> >
> > It's modeled after the other warnings bpf will spit out, but with this feature
> > you are skipping a function and instead returning some arbitrary value, so
> > anything could go wrong if you mess something up. For instance I screwed up my
> > initial test case and made every IO submitted return an error instead of just on
> > the one file system I was attempting to test, so all sorts of hilarity ensued.
>
> Ok, then for the x86 bits:
>
> NAK-ed-by: Ingo Molnar <mingo@kernel.org>
>
> One of the major advantages of having an in-kernel BPF sandbox is to never crash
> the kernel - and allowing BPF programs to just randomly modify the return value of
> kernel functions sounds immensely broken to me.
>
> (And yes, I realize that kprobes are used here as a vehicle, but the point
> remains.)
>
Only root can use this feature, and did you read the first email? The whole
point of this is that error path checkig fucking sucks, and this gives us the
ability to systematically check our error paths and make the kernel way more
robust than it currently is. Can things go wrong? Sure, that's why its a
config option and root only. You only want to turn this on for testing and not
have it on in production. This is a valuable tool and well worth the risk.
Thanks,
Josef
next prev parent reply other threads:[~2017-11-11 11:51 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-07 20:28 [PATCH 0/2][v5] Add the ability to do BPF directed error injection Josef Bacik
2017-11-07 20:28 ` [PATCH 1/2] bpf: add a bpf_override_function helper Josef Bacik
2017-11-08 2:28 ` Daniel Borkmann
2017-11-10 9:34 ` Ingo Molnar
2017-11-10 17:14 ` Josef Bacik
2017-11-11 8:14 ` Ingo Molnar
2017-11-11 11:51 ` Josef Bacik [this message]
2017-11-12 6:49 ` Alexei Starovoitov
2017-11-12 10:38 ` Ingo Molnar
2017-11-13 15:57 ` Josef Bacik
2017-11-15 7:34 ` Ingo Molnar
2017-11-07 20:28 ` [PATCH 2/2] samples/bpf: add a test for bpf_override_return Josef Bacik
2017-11-08 2:29 ` Daniel Borkmann
2017-11-07 21:43 ` [PATCH 0/2][v5] Add the ability to do BPF directed error injection Alexei Starovoitov
2017-11-10 9:06 ` David Miller
2017-11-10 9:20 ` Peter Zijlstra
2017-11-11 3:18 ` David Miller
2017-11-11 8:16 ` Ingo Molnar
2017-11-11 9:25 ` David Miller
-- strict thread matches above, loose matches on Subject: below --
2017-11-02 14:37 [PATCH 0/2][v4] " Josef Bacik
2017-11-02 14:37 ` [PATCH 1/2] bpf: add a bpf_override_function helper Josef Bacik
2017-11-02 23:12 ` Daniel Borkmann
2017-11-03 14:31 ` Josef Bacik
2017-11-03 16:52 ` Daniel Borkmann
2017-11-03 21:07 ` Alexei Starovoitov
2017-11-01 17:00 [PATCH 0/2][v3] Add the ability to do BPF directed error injection Josef Bacik
2017-11-01 17:00 ` [PATCH 1/2] bpf: add a bpf_override_function helper Josef Bacik
2017-11-01 17:18 ` Alexei Starovoitov
2017-11-02 1:08 ` Daniel Borkmann
2017-10-31 15:45 [PATCH 0/2][v2] Add the ability to do BPF directed error injection Josef Bacik
2017-10-31 15:45 ` [PATCH 1/2] bpf: add a bpf_override_function helper Josef Bacik
2017-11-01 4:47 ` Alexei Starovoitov
2017-10-30 21:19 [PATCH 0/2] Add the ability to do BPF directed error injection Josef Bacik
2017-10-30 21:19 ` [PATCH 1/2] bpf: add a bpf_override_function helper Josef Bacik
2017-10-31 1:35 ` Alexei Starovoitov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171111115107.utf6teuxddob2x5j@destiny \
--to=josef@toxicpanda.com \
--cc=ast@kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=jbacik@fb.com \
--cc=kernel-team@fb.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=mingo@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=rostedt@goodmis.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox