Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp4492418rwb; Mon, 21 Nov 2022 08:12:10 -0800 (PST) X-Google-Smtp-Source: AA0mqf4a2SVMJ66a7jpe7RkE+IOjvg+3qQpR3VNg6HvJPiIxNqglI1C8qSCQjTngZMykWi4jzX1S X-Received: by 2002:a17:906:b1c6:b0:7ad:e82b:b66b with SMTP id bv6-20020a170906b1c600b007ade82bb66bmr428986ejb.453.1669047130689; Mon, 21 Nov 2022 08:12:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669047130; cv=none; d=google.com; s=arc-20160816; b=MYNSUbyL+88fxVykR5aDT7Xyv1ZERuxzPSbLuwhpwNwXBol91JW4pdMoX62/CDmVbG rpCY/8mLbztq5Yvo9+oYYwosOu30ZItiZWmojDMApl7sfA0CAKTaQ2nvD8Luikfi0+Fj 2oA4dOOCnrP+LygHEcZyoz0gXIwYl65639RP9m3SlPPJbKavOYQldtQ9ckyT5kwMwbAn mQ4IPDQug8Cj7kjKuLs5vSw6fHCqhz/lVxF2W4DD1083IvbPEINKh522S6GnzOUf7msJ aQ/bL85ZwEj/0r8gYBxbV2JVbgVtDAjLofUZoQY8bBdQ5hjDXsUcbm6v2nfq7XVJoYQg 7qKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=COoPgvnYK1SFCOLn0lHl9w/NcHb1rVbYH+J4oOi9Dc4=; b=Agks8xL7VYinAMgV8Jop21/WFy6mNV69AjpdM2KCQke4J6DIJ8SYp9mON7tMFhb8/u CL3BiCgx5xg/E4c3MoG4qTgqcMELosUi9FGB4YiwHKcO1vwYInSPfbo6+Vt5/YThTW1F a0RPrkKKaiiqPKCSXIJq3wfEZxJLyrE5JpkefI2ezi2udnU0mvubxVbLw/rw101W2S6Z Z+4Hck/zpI5cRrKegEYF8v5LiTYwiRMxpi+om5LGpIjSdsec1cfdHngdZUTIQA3o2Nx6 PVFzgnnnyFp/nhRM0PhTJiP4Cd5yTphM31vSBqvQaRM8OKLJAoISao6wYs6JausBsUbS lgTw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=DMLGICqc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i4-20020a05640242c400b00468ccfbba7asi10321243edc.387.2022.11.21.08.11.35; Mon, 21 Nov 2022 08:12:10 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=DMLGICqc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231251AbiKUPk2 (ORCPT + 92 others); Mon, 21 Nov 2022 10:40:28 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42980 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231223AbiKUPk0 (ORCPT ); Mon, 21 Nov 2022 10:40:26 -0500 Received: from mail-ej1-x630.google.com (mail-ej1-x630.google.com [IPv6:2a00:1450:4864:20::630]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ACAD5419BD; Mon, 21 Nov 2022 07:40:25 -0800 (PST) Received: by mail-ej1-x630.google.com with SMTP id n20so29585133ejh.0; Mon, 21 Nov 2022 07:40:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=COoPgvnYK1SFCOLn0lHl9w/NcHb1rVbYH+J4oOi9Dc4=; b=DMLGICqccGObYCVEYuQgWtsQzkGw1R8WW0q/A2f2KtdYe4vMRI6tb8juqShkogJuaa 3j1tspGBDUqSvU2MBqd1BU8SsjcTxSjzviSZ77I23ynMPldZeciFvtx+RHLxs8rTfeQ0 3Gdsb3kqUoHbF2faBvyJ1uBVggxY0gd/rZ2vzj6+jMCttVGrAzBL1URzdyoIJYzx8eou azUWq/OZdi/lKfb7QjFdtRy2QPOG3hptK8jmTtiaMm28YRXNbG47SJ/n1JtUi7NPCs3h xGBxjR8qEv5Qzafp6Ir12HQncthscYvZEheg62WvBR9Q5Dqxv5a1yiv/7HOvIHyoYWyE e0ww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=COoPgvnYK1SFCOLn0lHl9w/NcHb1rVbYH+J4oOi9Dc4=; b=ZxG7+4Zpvu6XHJ+Z8DZ35Wg2HakJel0uAuIWyi9F2e4/3i836UsFo4gU8G8zQHeDIq XU9G2Q44f/dqkf85D6vSOU4ep7u+aawU3YW8z5NCHmgxvpk4mAb7GXq4nTUZi/FtJISW 472O5e5pD1oOHZH7PcWSmtd6pmjMXBoM+3GQ5GeaHMkoH8/VbaQKRB6cbybo3xCt7L7R +AXtgq4Zg/jfSBS9+NURt1Dc14njq10ye9224Ck5w+CLYZKGPeGt+LKDn3BkwRkXHGCs cUAAcI5Yz8r2ZsbXEn9u9xgczTckG2Smk12AOTXCbP+ZQJpqHRdEp9p+LUu0516+KIQ/ zEBw== X-Gm-Message-State: ANoB5pkMx1nGZwrzciD8DjU0OmCxlI0FLI++k0J47Llt8TlKKZKxqDrx MRlvqPHcvYs9kM7S1woxG9STWeA9Vr70cj6wUac= X-Received: by 2002:a17:906:4351:b0:78d:513d:f447 with SMTP id z17-20020a170906435100b0078d513df447mr2086377ejm.708.1669045223995; Mon, 21 Nov 2022 07:40:23 -0800 (PST) MIME-Version: 1.0 References: <20221108220651.24492-1-revest@chromium.org> <20221117121617.4e1529d3@gandalf.local.home> <20221117174030.0170cd36@gandalf.local.home> <20221118114519.2711d890@gandalf.local.home> <43d5d1f5-c01d-c0db-b421-386331c2b8c1@meta.com> <20221118130608.5ba89bd8@gandalf.local.home> <2ab2b854-723a-5f15-8c18-0b5730d1b535@meta.com> <20221121101537.674f5aca@gandalf.local.home> In-Reply-To: <20221121101537.674f5aca@gandalf.local.home> From: Alexei Starovoitov Date: Mon, 21 Nov 2022 07:40:11 -0800 Message-ID: Subject: Re: [RFC 0/1] BPF tracing for arm64 using fprobe To: Steven Rostedt Cc: KP Singh , Chris Mason , Mark Rutland , Florent Revest , bpf , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Brendan Jackman , markowsky@google.com, Masami Hiramatsu , Xu Kuohai , LKML , Greg Kroah-Hartman , Linus Torvalds , Christoph Hellwig , Peter Zijlstra Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Nov 21, 2022 at 7:15 AM Steven Rostedt wrote: > > On Mon, 21 Nov 2022 14:47:10 +0100 > KP Singh wrote: > > > This annotation already exists, i.e. ALLOW_ERROR_INJECTION > > > > Users, with CONFIG_FUNCTION_ERROR_INJECTION, can already modify return > > values of kernel functions using kprobes and the failure injection > > framework [1] for functions annotated with ALLOW_ERROR_INJECTION. > > > > BPF just provides another way to do the same thing with "modify > > return" programs and this also respects the error injection list [2] > > and users can *only* attach these programs to the functions annotated > > with ALLOW_ERROR_INJECTION. > > WAIT! > > Looking at the Kconfigs, I see > > CONFIG_FUNCTION_ERROR_INJECTION is set when > CONFIG_HAVE_FUNCTION_ERROR_INJECTION is set, and when CONFIG_KPROBES is set. > > And ALLOW_ERROR_INJECTION() is set when CONFIG_FUNCTION_ERROR_INJECTION is. > > There's no way to turn it off on x86 except by disabling kprobes! > > WTF! > > I don't want a kernel that can add error injection just because kprobes is > enabled. There's two kinds of kprobes. One that is for visibility only (for > tracing) and one that can be used for functional changes. I want the > visibility without the ability to change the kernel. The visibility portion > is very useful for security, where as the modifying one can be used to > circumvent security. > > As kprobes are set in most production environments, so is error injection. > Do we really want error injection enabled on production environments? We absolutely want it enabled in production. > I don't. Speak for yourself, because your employer thinks otherwise.