From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ingo Molnar Subject: Re: [PATCH 1/2] bpf: add a bpf_override_function helper Date: Sat, 11 Nov 2017 09:14:55 +0100 Message-ID: <20171111081455.qx4rodxldofbzypb@gmail.com> References: <1510086523-8859-1-git-send-email-josef@toxicpanda.com> <1510086523-8859-2-git-send-email-josef@toxicpanda.com> <20171110093459.w2pvo3ntkwbmgnha@gmail.com> <20171110171428.hrw5cpxy4sgzf7mn@destiny> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: rostedt@goodmis.org, mingo@redhat.com, davem@davemloft.net, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, ast@kernel.org, kernel-team@fb.com, daniel@iogearbox.net, Josef Bacik To: Josef Bacik Return-path: Received: from mail-wm0-f65.google.com ([74.125.82.65]:37921 "EHLO mail-wm0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751636AbdKKIO7 (ORCPT ); Sat, 11 Nov 2017 03:14:59 -0500 Content-Disposition: inline In-Reply-To: <20171110171428.hrw5cpxy4sgzf7mn@destiny> Sender: netdev-owner@vger.kernel.org List-ID: * Josef Bacik wrote: > On Fri, Nov 10, 2017 at 10:34:59AM +0100, Ingo Molnar wrote: > > > > * Josef Bacik wrote: > > > > > @@ -551,6 +578,10 @@ static const struct bpf_func_proto *kprobe_prog_func_proto(enum bpf_func_id func > > > return &bpf_get_stackid_proto; > > > case BPF_FUNC_perf_event_read_value: > > > return &bpf_perf_event_read_value_proto; > > > + case BPF_FUNC_override_return: > > > + pr_warn_ratelimited("%s[%d] is installing a program with bpf_override_return helper that may cause unexpected behavior!", > > > + current->comm, task_pid_nr(current)); > > > + return &bpf_override_return_proto; > > > > So if this new functionality is used we'll always print this into the syslog? > > > > The warning is also a bit passive aggressive about informing the user: what > > unexpected behavior can happen, what is the worst case? > > > > It's modeled after the other warnings bpf will spit out, but with this feature > you are skipping a function and instead returning some arbitrary value, so > anything could go wrong if you mess something up. For instance I screwed up my > initial test case and made every IO submitted return an error instead of just on > the one file system I was attempting to test, so all sorts of hilarity ensued. Ok, then for the x86 bits: NAK-ed-by: Ingo Molnar One of the major advantages of having an in-kernel BPF sandbox is to never crash the kernel - and allowing BPF programs to just randomly modify the return value of kernel functions sounds immensely broken to me. (And yes, I realize that kprobes are used here as a vehicle, but the point remains.) Thanks, Ingo