From: Masami Hiramatsu <mhiramat@kernel.org>
To: Alexei Starovoitov <ast@fb.com>
Cc: Alexei Starovoitov <alexei.starovoitov@gmail.com>,
Josef Bacik <jbacik@fb.com>, <rostedt@goodmis.org>,
<mingo@redhat.com>, <davem@davemloft.net>,
<netdev@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
<ast@kernel.org>, <kernel-team@fb.com>, <daniel@iogearbox.net>,
<linux-btrfs@vger.kernel.org>, <darrick.wong@oracle.com>,
Josef Bacik <josef@toxicpanda.com>,
Akinobu Mita <akinobu.mita@gmail.com>
Subject: Re: [RFC PATCH bpf-next v2 4/4] error-injection: Support fault injection framework
Date: Fri, 29 Dec 2017 16:34:35 +0900 [thread overview]
Message-ID: <20171229163435.8ac2a001b3b3422d012bbd95@kernel.org> (raw)
In-Reply-To: <099fa7d4-435a-3fa4-841c-17603a45e77e@fb.com>
On Thu, 28 Dec 2017 17:11:31 -0800
Alexei Starovoitov <ast@fb.com> wrote:
> On 12/27/17 11:51 PM, Masami Hiramatsu wrote:
> >
> > Then what happen if the user set invalid retval to those functions?
> > even if we limit the injectable functions, it can cause a problem,
> >
> > for example,
> >
> > obj = func_return_object();
> > if (!obj) {
> > handling_error...;
> > }
> > obj->field = x;
> >
> > In this case, obviously func_return_object() must return NULL if there is
> > an error, not -ENOMEM. But without the correct retval information, how would
> > you check the BPF code doesn't cause a trouble?
> > Currently it seems you are expecting only the functions which return error code.
> >
> > ret = func_return_state();
> > if (ret < 0) {
> > handling_error...;
> > }
> >
> > But how we can distinguish those?
> >
> > If we have the error range for each function, we can ensure what is
> > *correct* error code, NULL or errno, or any other error numbers. :)
>
> messing up return values may cause problems and range check is
> not going to magically help.
> The caller may handle only a certain set of errors or interpret
> some of them like EBUSY as a signal to retry.
> It's plain impossible to make sure that kernel will be functional
> after error injection has been made.
Hmm, if so, why we need this injectable table?
If we can not make sure the safeness of the error injection (of course, yes)
why we need to limit the error injection on such limited functions?
I think we don't need it anymore. Any function can be injectable, and no
need to make sure the safeness.
Thank you,
> Like kmalloc() unconditionally returning NULL will be deadly
> for the kernel, hence this patch 4/4 has very limited practical
> use. The bpf program need to make intelligent decisions when
> to return an error and what kind of error to return.
> Doing blank range check adds a false sense of additional safety.
> More so it wastes kilobytes of memory to do this check, hence nack.
>
--
Masami Hiramatsu <mhiramat@kernel.org>
next prev parent reply other threads:[~2017-12-29 7:34 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-26 7:46 [RFC PATCH bpf-next v2 0/4] Separate error injection table from kprobes Masami Hiramatsu
2017-12-26 7:46 ` [RFC PATCH bpf-next v2 1/4] tracing/kprobe: bpf: Check error injectable event is on function entry Masami Hiramatsu
2017-12-27 1:57 ` Alexei Starovoitov
2017-12-27 5:56 ` Masami Hiramatsu
2017-12-27 22:46 ` Alexei Starovoitov
2017-12-28 2:34 ` Masami Hiramatsu
2017-12-28 3:45 ` Alexei Starovoitov
2017-12-28 4:16 ` Steven Rostedt
2017-12-28 4:32 ` Alexei Starovoitov
2017-12-28 8:20 ` Masami Hiramatsu
2017-12-29 1:03 ` Alexei Starovoitov
2017-12-29 8:20 ` Masami Hiramatsu
2018-01-08 3:01 ` Alexei Starovoitov
2018-01-08 13:21 ` Masami Hiramatsu
2017-12-28 7:56 ` Masami Hiramatsu
2017-12-26 7:47 ` [RFC PATCH bpf-next v2 2/4] tracing/kprobe: bpf: Compare instruction pointer with original one Masami Hiramatsu
2017-12-27 2:00 ` Alexei Starovoitov
2017-12-26 7:47 ` [RFC PATCH bpf-next v2 3/4] error-injection: Separate error-injection from kprobe Masami Hiramatsu
2017-12-27 2:07 ` Alexei Starovoitov
2017-12-26 7:48 ` [RFC PATCH bpf-next v2 4/4] error-injection: Support fault injection framework Masami Hiramatsu
2017-12-27 2:12 ` Alexei Starovoitov
2017-12-27 8:09 ` Masami Hiramatsu
2017-12-27 22:49 ` Alexei Starovoitov
2017-12-28 1:38 ` Masami Hiramatsu
2017-12-28 3:49 ` Alexei Starovoitov
2017-12-28 7:51 ` Masami Hiramatsu
2017-12-29 1:11 ` Alexei Starovoitov
2017-12-29 7:34 ` Masami Hiramatsu [this message]
2018-01-04 16:07 ` [RFC PATCH bpf-next v2 0/4] Separate error injection table from kprobes Josef Bacik
2018-01-09 1:17 ` Masami Hiramatsu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171229163435.8ac2a001b3b3422d012bbd95@kernel.org \
--to=mhiramat@kernel.org \
--cc=akinobu.mita@gmail.com \
--cc=alexei.starovoitov@gmail.com \
--cc=ast@fb.com \
--cc=ast@kernel.org \
--cc=daniel@iogearbox.net \
--cc=darrick.wong@oracle.com \
--cc=davem@davemloft.net \
--cc=jbacik@fb.com \
--cc=josef@toxicpanda.com \
--cc=kernel-team@fb.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=rostedt@goodmis.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).