Re: [PATCH] error-injection: Add prompt for function error injection

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Chris Mason <clm@meta.com>
To: Borislav Petkov <bp@alien8.de>,
	Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: Steven Rostedt <rostedt@goodmis.org>,
	LKML <linux-kernel@vger.kernel.org>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Masami Hiramatsu <mhiramat@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	Peter Zijlstra <peterz@infradead.org>,
	Kees Cook <keescook@chromium.org>,
	Josh Poimboeuf <jpoimboe@redhat.com>,
	KP Singh <kpsingh@kernel.org>,
	Mark Rutland <mark.rutland@arm.com>,
	Florent Revest <revest@chromium.org>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Christoph Hellwig <hch@infradead.org>
Subject: Re: [PATCH] error-injection: Add prompt for function error injection
Date: Tue, 22 Nov 2022 12:42:33 -0500	[thread overview]
Message-ID: <3fa8ec60-dd96-c41f-ea46-8856bf855949@meta.com> (raw)
In-Reply-To: <Y3ymzAYRyH5IWEe/@zn.tnic>

On 11/22/22 5:39 AM, Borislav Petkov wrote:
> On Mon, Nov 21, 2022 at 03:36:08PM -0800, Alexei Starovoitov wrote:
>> The commit log is bogus and the lack of understanding what
> 
> You mean that:
> 
> Documentation/fault-injection/fault-injection.rst
> 
> ?
> 
> I don't want any of that possible in production setups. And until you
> give me a sane argument why it is good to have in production setups
> generically, this is end of story.
> 

I think there are a few different sides to this:

- it makes total sense that we all have wildly different ideas about
which tools should be available in prod.  Making this decision more fine
grained seems reasonable.

- fault injection for testing: we have a stage of qualification that
does error injection against the prod kernel.  It helps to have this
against the debug kernel too, but that misses some races etc.  I always
just assumed distros and partners did some fault injection tests against
the prod kernel builds?

- fault injection for debugging:  it doesn't happen often but at some
point we run out of ideas and start making different functions fail in
prod to figure out why we're not prodding.

- overriding return values for security fixes: also not a common thing,
but it's a tool we've used.  There are usually better long term fixes,
but it happens.

Stepping back to the big picture of debugging systems with bpf in use, I
love hearing (and telling) stories of debugging difficult problems.  As
far as I know, BPF telling lies hasn't really been a problem for us, so
even though it's a huge tangent, if you have specific examples of
problems you've seen, I'm really interested in hearing more.

When I talk about production, both overall stability and validating new
kernels, if I compare the BPF subsystem with MM, filesystems, cgroups,
the scheduler, networking, and all things Jens, the systems BPF
developers put in place are working really well for me.

If I expand the discussion to the BPF programs themselves, there have
been rare issues.   Still completely on par with the rest of the kernel
subsystems and within the noise in comparison with hardware failures.

In other words, I really do care about the concerns you're expressing
here, and I'm usually first in line to complain when random people make
my job harder.  I'm just not seeing these issues with BPF, and I see
them actively trying to increase safety over time.

-chris

next prev parent reply	other threads:[~2022-11-22 17:43 UTC|newest]

Thread overview: 44+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-11-21 15:44 [PATCH] error-injection: Add prompt for function error injection Steven Rostedt
2022-11-21 19:32 ` Borislav Petkov
2022-11-21 23:36   ` Alexei Starovoitov
2022-11-22  0:09     ` Masami Hiramatsu
2022-11-22  0:24     ` Steven Rostedt
2022-11-22  0:40       ` Steven Rostedt
2022-11-22 10:39     ` Borislav Petkov
2022-11-22 17:42       ` Chris Mason [this message]
2022-11-22 18:16         ` Borislav Petkov
2022-11-22 18:29         ` Steven Rostedt
2022-11-22 19:51           ` Chris Mason
2022-11-30 22:37             ` Andrew Morton
2022-12-01 16:58               ` Alexei Starovoitov
2022-12-01 17:39                 ` Benjamin Tissoires
2022-12-01 21:12                 ` Andrew Morton
2022-12-01 21:13                 ` Linus Torvalds
2022-12-02  0:46                   ` Jiri Kosina
2022-12-02  0:57                     ` Linus Torvalds
2022-12-02  1:03                       ` Jiri Kosina
2022-12-02  1:32                         ` Steven Rostedt
2022-12-02  1:41                   ` Alexei Starovoitov
2022-12-02 15:56                     ` Theodore Ts'o
2022-12-02 21:27                       ` Alexei Starovoitov
2022-12-02 23:17                         ` Steven Rostedt
2022-12-03  0:55                           ` Alexei Starovoitov
2022-12-04 22:50                         ` Masami Hiramatsu
2022-12-06  2:05                           ` Alexei Starovoitov
2022-12-02 14:55                   ` Benjamin Tissoires
2022-12-02 19:30                     ` Alexei Starovoitov
2022-12-05 17:01                       ` Benjamin Tissoires
2022-12-01 14:41         ` Masami Hiramatsu
2022-12-01 16:37           ` [RFC PATCH] panic: Add new taint flag for fault injection Masami Hiramatsu (Google)
2022-12-01 16:39             ` Kees Cook
2022-12-01 16:48               ` Steven Rostedt
2022-12-01 16:53                 ` Kees Cook
2022-12-01 19:14                   ` Steven Rostedt
2022-12-01 21:00                     ` Chris Mason
2022-12-01 21:18                       ` Linus Torvalds
2022-12-02  6:17                         ` Christoph Hellwig
2022-12-01 21:25                       ` Steven Rostedt
2022-12-01 21:29                         ` Steven Rostedt
2022-12-02  0:46                     ` Masami Hiramatsu
2022-12-01 16:40             ` Steven Rostedt
2022-11-21 22:24 ` [PATCH] error-injection: Add prompt for function error injection Masami Hiramatsu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3fa8ec60-dd96-c41f-ea46-8856bf855949@meta.com \
    --to=clm@meta.com \
    --cc=akpm@linux-foundation.org \
    --cc=alexei.starovoitov@gmail.com \
    --cc=bp@alien8.de \
    --cc=gregkh@linuxfoundation.org \
    --cc=hch@infradead.org \
    --cc=jpoimboe@redhat.com \
    --cc=keescook@chromium.org \
    --cc=kpsingh@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mark.rutland@arm.com \
    --cc=mhiramat@kernel.org \
    --cc=peterz@infradead.org \
    --cc=revest@chromium.org \
    --cc=rostedt@goodmis.org \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox