Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1754647AbdL2BMI (ORCPT <rfc822;w@1wt.eu>);
        Thu, 28 Dec 2017 20:12:08 -0500
Received: from mx0a-00082601.pphosted.com ([67.231.145.42]:57954 "EHLO
        mx0a-00082601.pphosted.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1753302AbdL2BMF (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 28 Dec 2017 20:12:05 -0500
Subject: Re: [RFC PATCH bpf-next v2 4/4] error-injection: Support fault
 injection framework
To: Masami Hiramatsu <mhiramat@kernel.org>
References: <151427438796.32561.4235654585430455286.stgit@devbox>
 <151427450538.32561.2776225740675148782.stgit@devbox>
 <20171227021255.sahkcpgyzohl5brs@ast-mbp>
 <20171227170910.5ac1074bc86341f194130119@kernel.org>
 <87e5e909-593d-7fd6-c7bb-714c1e3022a0@fb.com>
 <20171228103849.9be1a4507298b280b9df9c20@kernel.org>
 <126a806d-e913-d243-6678-56fc3cff5e9e@fb.com>
 <20171228165140.0f9fc7f6067b5581c018e81d@kernel.org>
CC: Alexei Starovoitov <alexei.starovoitov@gmail.com>,
        Josef Bacik <jbacik@fb.com>, <rostedt@goodmis.org>, <mingo@redhat.com>,
        <davem@davemloft.net>, <netdev@vger.kernel.org>,
        <linux-kernel@vger.kernel.org>, <ast@kernel.org>, <kernel-team@fb.com>,
        <daniel@iogearbox.net>, <linux-btrfs@vger.kernel.org>,
        <darrick.wong@oracle.com>, Josef Bacik <josef@toxicpanda.com>,
        Akinobu Mita <akinobu.mita@gmail.com>
From: Alexei Starovoitov <ast@fb.com>
Message-ID: <099fa7d4-435a-3fa4-841c-17603a45e77e@fb.com>
Date: Thu, 28 Dec 2017 17:11:31 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0)
 Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <20171228165140.0f9fc7f6067b5581c018e81d@kernel.org>
Content-Type: text/plain; charset="windows-1252"; format=flowed
Content-Transfer-Encoding: 7bit
X-Originating-IP: [2620:10d:c090:180::7177]
X-ClientProxiedBy: CY4PR2201CA0012.namprd22.prod.outlook.com
 (2603:10b6:910:5f::22) To BL2PR15MB0962.namprd15.prod.outlook.com
 (2603:10b6:201:15::24)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 63e5d871-6fa2-4a37-2c12-08d54e591daa
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060);SRVR:BL2PR15MB0962;
X-Microsoft-Exchange-Diagnostics: 1;BL2PR15MB0962;3:u/HH9vCQxu3wj8rEQBt4naAk3oBCC+XraFGkIZcBemXDN4hmfCp1fC39W3B5d0SGyr46UCrI+HdprbUqDj4rzdq8VoVzOJ+SakZPBpMbERCxT1rc23QXjTw9X28L8f6aKb8ThkO954KehAua0jS1y6HhSXogr1ZPQjoHhRdJO3dfCcyuM3bCeZX95uD34CmkyYxkCsoDbfZR3SLKslalIiEbUH9FLY5TaTHPsiMXzayI1xH6Zzv3CeVoZNj6BejD;25:G2npiauryzqTVZ/zV5gtuBTrDJbMKkNWEJwCtpBGxxRzVXwvzxO/X0vxPR/AMBLNnobAAI9dKS2fUM/ZxbSJvGMbGrJj3PGoBCUfqQ4Twk3qZ8IjKgSck7svd+mKnp1utQxgtL48N71XFtdBf0wx7ldfEzvmiP8FW5IgdAwuKqj6rYAzUU9YjrZQn/dGdyIXv8XIvkZ7UITDNUxigNKlvoKObOzwhV6cNS10nYDHOFE3AZjIA4Bt3I6ZYZQnONg7Mx10PFzrsgHWy3doZqC+itq66+WgrgLfBY3zdgFWH90+jlhVacv44Da1m3JN7YnYgf9Cf143HJ7ArOcJU8APPw==;31:e5jvlSNdvY3RE3vqYSqZWk5va9B7JCpXFckMdENShc7qFa4S9R6Co0O2u6fn1OJt7ahy5m37VnR1nZktSj2uz8DYqR05Gq4f74baSd2BCA4ZJo18cJ3pBJGWHcPH4bhfap51Mgrp0knQVGE69zGaKwWUGhIcVSuK+X5MkEXr/QBP6YMeSC0AoX4VTk0oh+cF9TeAtz2mfXragv98mxsF4DlAYMxrjvyMr6rF9NutCG0=
X-MS-TrafficTypeDiagnostic: BL2PR15MB0962:
X-Microsoft-Exchange-Diagnostics: 1;BL2PR15MB0962;20:3dDdSiw3MUvDeYWTc6pzClLJYmh6FH0DrAfFpDrHThSt2XgglxFH1YD3Mr8cpc5GM4dW3x+mf/z60RIDC4U/kUgVQgcFwVxOaUQvOTyUDLDLJ1wUYumStDJJjMd0BXxC1Ynf8iBT/PP440jSM6C5uMDbHwZDiWkokIiQ3AF47TZxJ6TPQNzWYS4sByXedbpXAqvhHYLmK5AUrW4feTSfX6j3YjA0soXdTWuTnFbES80/UaleFM5CcecFTvXj6gyLjHAI0CKccC8KcvST+gJuVgeRlL1JpmEWbATlBguFnBumyLetDU+F2F0MKih0ITKSn+Jbp2FqNuljCwt4v7sT1KG09WDcGcq3+f71Bb2VEJMAiLWrKjEmUip08FS+JSHjYnMNn4Mo+HS3Xm4owGlx9TbvJ2k3Lu4cBE4BrNh/4RPGe6d9uhGxZvIIDQGl8KjfmmpKQVH7JDoaFhCiFj6cVxHxBI5wK8XUS1waUSH1G2ExhiV0utnvEvVn7gfbJ2s0;4:z09r43vBIEeJJMM9IZVhl8MLjdAucMsNpdECAkTWWPjwXlnb1eqChA1G7wk1pseHs/Y06mlmVlpbopFCeVbSOnxKFw278LpiOyJ6qDLA2t7L4RZKj4puqWyiY3+Dp1UcdIk/w9XzSgL4v/LBsqbfIm16wiBV6xfdj+ZnL2N5Nd6M7N9wlErTU7Ku1Qo/D0uK8L26XKzU3MdLhZpQwLh004btcbYl+ZNMQIM2JlBjn7lC3CzFluh3wJHS/rUJZ+aFtyKvBfYOzBqpCfqz5ubnaQ==
X-Microsoft-Antispam-PRVS: <BL2PR15MB096227AA5386AC3F17F0A473D7050@BL2PR15MB0962.namprd15.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040470)(2401047)(5005006)(8121501046)(3002001)(10201501046)(93006095)(93001095)(3231023)(11241501184)(944501075)(6041268)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123558120)(20161123564045)(6072148)(201708071742011);SRVR:BL2PR15MB0962;BCL:0;PCL:0;RULEID:(100000803101)(100110400095);SRVR:BL2PR15MB0962;
X-Forefront-PRVS: 0536638EAC
X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(979002)(366004)(376002)(39860400002)(396003)(346002)(39380400002)(199004)(189003)(24454002)(39060400002)(76176011)(6486002)(386003)(47776003)(106356001)(65806001)(36756003)(53936002)(6916009)(2950100002)(6666003)(6246003)(7416002)(53546011)(93886005)(59450400001)(81166006)(81156014)(230700001)(52116002)(105586002)(23746002)(6116002)(7736002)(64126003)(83506002)(1706002)(52396003)(8676002)(54906003)(8936002)(58126008)(68736007)(67846002)(25786009)(2906002)(229853002)(31686004)(86362001)(5660300001)(50466002)(4326008)(305945005)(478600001)(316002)(31696002)(65826007)(65956001)(97736004)(42262002)(217873001)(969003)(989001)(999001)(1009001)(1019001);DIR:OUT;SFP:1102;SCL:1;SRVR:BL2PR15MB0962;H:[IPv6:2620:10d:c081:1132::1039];FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en;
X-Microsoft-Exchange-Diagnostics: =?Windows-1252?Q?1;BL2PR15MB0962;23:7KPq69zj/HNG8eDUYsaHFdIAeLgIk+1577zZz?=
 =?Windows-1252?Q?dlUwmppCO7UAE3oadnAmHZrCdGrhymHaO+JVA/U7YjjqRj6uXc8qXMlQ?=
 =?Windows-1252?Q?AALfIYaxwBwp16494nKJdQxY+ULQFmWUyqqjlK7psOH3HGpmFDpMGCEd?=
 =?Windows-1252?Q?Q1RsIq+bYaIG+BqKeQLlsQafhQCUPbYJ49VHKMdwMmrDOsYcxuWOinS+?=
 =?Windows-1252?Q?QRuMu5PBnI50PTHmIUfsB7UDFj7C2z0XsY6Kb/JcX2JInjdYeX061mFB?=
 =?Windows-1252?Q?vVOTKEQk/4BMZ2F5Mm3bFZpUIZN453qzGEoI46law8jLA7uRvnj3b8AE?=
 =?Windows-1252?Q?wJCCMsHhjrBk/5J8w6TIkt8DLpgH0RTfj+jDpP6uSFe2lWN8ZAo8/Xyv?=
 =?Windows-1252?Q?eEmBJgEjmxYQfdJqIbJMwq7JiJVevzQT6Zc2OYVHPb0xmk02GY6PlC2d?=
 =?Windows-1252?Q?8jX+tRvltrRYNOG5NQ15SlZcX4iHsBvm81UZ8CqoJYVgxNSz6ACPfGB3?=
 =?Windows-1252?Q?XfdZiBkGyfbC7SDSS33yP+TaUh4Z3BE/3+PzUqA8s1gzNzFLXPOq0Kny?=
 =?Windows-1252?Q?y25OKBcaMMd+6n4FJy9a0FM2YElsG2vr2kAPOkt8ClTn3Qw3S1UQ/Cgt?=
 =?Windows-1252?Q?Gv4omGXOwBvsuFD5U+xmmahUhYUemQn8THECicQEwS0bkvD1ETcY5LXv?=
 =?Windows-1252?Q?Y3WWbRSgnoW1OTaJDing6v/FDSb3tclp30PF/Kfc8aj32M+YWM+GgNkl?=
 =?Windows-1252?Q?UjrdEbkcQrolq8S48nRolEZ4RT/a9BPzhhsXGXVmB/Xf4CBWu5zx9z08?=
 =?Windows-1252?Q?+Rg6P+cYqWrVbQREZKlUcXV3CpznqeJhnVaSnLy+Q1zl6W5dXJiqKAbP?=
 =?Windows-1252?Q?l4sKD1M/dHIaO7l2luXaeo132MDvEKHrWxnwnOuATjiEyoZkAgMKMS4V?=
 =?Windows-1252?Q?yGu6EqMBdwJPPBMxKToik35Xv2QJtCR5NhaRNQibBk24ajXGE8hovLzc?=
 =?Windows-1252?Q?Pq3tLfr+aQt8s6m2iShQN6cmFP+K9RGwScg4ABJju9ECj6VZWsW2VkPc?=
 =?Windows-1252?Q?0ynN6XJrN2MuGrDUg8wR546WlRHFlvpO1kDKoBGMvakstZx7ZaF4FByw?=
 =?Windows-1252?Q?YaNQch73XHdEX+snO6p7M2w2mjEkJKzHKc2cwYNekOHSxa+5FSfX8VC9?=
 =?Windows-1252?Q?AKGPoYns6A6TNZOd9315klcpqPc2SlGSJpkkzGfWd7TxyBqCrMOu3OJx?=
 =?Windows-1252?Q?cVDdTFW2aHvdja2WllYXXshF7r2vn/Z7Wx2WiwC0uXPbJQvTQfTSefsJ?=
 =?Windows-1252?Q?WkR67fKCtcL4G/Yis6wA6UdOaiSXjg2vB1LhgHiFAGsU2shcvLCDnAtV?=
 =?Windows-1252?Q?QbkEuMc58y5ZNriENbgeNwvuBvltBOvy0ET29WHvBAHuCp1B6Fz0HgGN?=
 =?Windows-1252?Q?xQhPiImOcpbo44MWvXRzIPHU5wFvxfC70bYNVLUHam/Xebyk2yVr3gJP?=
 =?Windows-1252?Q?91MSeawwja+7Y+9D5palXdfYUw56S5DLIruqjKGP61YWADehymGnYywM?=
 =?Windows-1252?Q?BperjyhLua/33oo+mNAX2XJ+0ecZ+AzjAQKOAxHs19joicNjm0slji8h?=
 =?Windows-1252?Q?97GZvsbEN3Rc/uWQC/0JxA=3D?=
X-Microsoft-Exchange-Diagnostics: 1;BL2PR15MB0962;6:XeXe9Hrdo22ssyrf7R/PotJ2Takqnzk3EXCcgTGK1cU6Dcx2SP7itZ9mBJjF6vyqcr/DZ4b0d2JM8et1n00SFUqKSXNYo4WGsWdrVcoTfEfEsxHA8biYeXZpG83fvi3/QP+FdcRFupjQL115xXQqmJZ9D5Kbko3JjnxzMkhiyJW6W8RxXpn1MlQUqX3x5jVH6cVilA6vUQwl0H6eIPqSMbBws+61hSc8CxtGTo8Bu7pb268oBfaVUFEweoM/1OCuyctHsWOAEdu/XX0V9vOTnYyANHDpuEuJA6JDujRRhim14hIzXkrj+p2z7OTJtSa7uPcrtltcinQuhfnrIeoBQArdhsVBWT92UtzaVAcG4hs=;5:6lI21mrhAv8+6KPtGpdq8fgQNC5376tZyG/DomZQ/8abLiNFNrRg7k/dKUhwHgbkAYB3CmVPnAQqYaohQmZzUym66Jyq9VTXXLUIQY64/RQgy8KscbTrcJXTO3t3WOGMJhv16G1WtNytOrrKdmQSXO8cBjZca/AOBe7fGpSz1GA=;24:81u6f1YpexMkWuLhHezMVgDWL4OsHJ+HbxA7d5Rq0EleWmU/HYdY4NLmsBzVZHQWnFdku3DKCs8lsJONzf+tUzubMOeZ9ftQHRnHuLQ1fdI=;7:YKpnBueqkGip2G7AUtrAO2ugUZjA663uQjMlp06FWXnxbWtGx0qw3rQOcfaUf+D6HFGYIZ+ODnKS2cVxdW0BMshZ3s+1Z7RtBAYE21cXG1r1/OPSwUXvtGqG6+opu/WJpjkMbDS6yzugPIYf8ZKUYywNAGu0lTtJF2zDxcH5yVmqq3kG0Zyk7N+gYtkePTtM+c/ViF0TqKdlPkI3Gk+2VLlgj/cPADPC/Vxx5tsqMN8vULR3cUc7Nzk4OdFb+U9Y
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1;BL2PR15MB0962;20:6soue4F5MrowTphFhRVkGXJJ7Oa/x2mOCOgJibOq10m9OPBdtQRnopMEuNFwSV9stKIEjsLzXC+8xYlGflecE4NumIocJVI+/xNUS/pjzNtqkgbIVSO/8hAL1E3fX5KorVvEMYq9m3dQxsBq7xS/ull1MfF5883zhVVHR0IMkkE=
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Dec 2017 01:11:37.4226 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 63e5d871-6fa2-4a37-2c12-08d54e591daa
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL2PR15MB0962
X-OriginatorOrg: fb.com
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-12-29_01:,,
 signatures=0
X-Proofpoint-Spam-Reason: safe
X-FB-Internal: Safe
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1529
Lines: 40

On 12/27/17 11:51 PM, Masami Hiramatsu wrote:
>
> Then what happen if the user set invalid retval to those functions?
> even if we limit the injectable functions, it can cause a problem,
>
> for example,
>
>  obj = func_return_object();
>  if (!obj) {
>     handling_error...;
>  }
>  obj->field = x;
>
> In this case, obviously func_return_object() must return NULL if there is
> an error, not -ENOMEM. But without the correct retval information, how would
> you check the BPF code doesn't cause a trouble?
> Currently it seems you are expecting only the functions which return error code.
>
>  ret = func_return_state();
>  if (ret < 0) {
>     handling_error...;
>  }
>
> But how we can distinguish those?
>
> If we have the error range for each function, we can ensure what is
> *correct* error code, NULL or errno, or any other error numbers. :)

messing up return values may cause problems and range check is
not going to magically help.
The caller may handle only a certain set of errors or interpret
some of them like EBUSY as a signal to retry.
It's plain impossible to make sure that kernel will be functional
after error injection has been made.
Like kmalloc() unconditionally returning NULL will be deadly
for the kernel, hence this patch 4/4 has very limited practical
use. The bpf program need to make intelligent decisions when
to return an error and what kind of error to return.
Doing blank range check adds a false sense of additional safety.
More so it wastes kilobytes of memory to do this check, hence nack.