Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp2326218rwb; Fri, 2 Dec 2022 08:18:42 -0800 (PST) X-Google-Smtp-Source: AA0mqf4GR2UPJUmVxJv6iK4rZwyPsKbJ4wmga4ABQNZK6vKec+4sH8SRcXt5iAKmM5KF99vE5e97 X-Received: by 2002:a63:d43:0:b0:477:cc1f:3f97 with SMTP id 3-20020a630d43000000b00477cc1f3f97mr37073335pgn.331.1669997922508; Fri, 02 Dec 2022 08:18:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669997922; cv=none; d=google.com; s=arc-20160816; b=OL16CRpEUQxCTyAvFGxG5+E9RymVnOfV+79VCnRjB5OVJp2T3LC5UPoGTj5iSksdCY kmIqXyNy5d7ZMA9SqJaB+B0tRL0aRKLCfzIJIWqADZ4pcKuaRB6P97jvkueaykUXirMy MVU3xWNEfTGJj+BQVdG9SLEKw5CeJtOCOLDixEwhsZqZ4PrF17BZSvtsjYSDXJiiJcio MjFI39xlL83NoWvVz8N2YVOjBdA8JMEbRWz6pX2BCy5h5NHs2zUXu5fw/ihY6u5ErxCJ GG9KMSs+Qo9OHOXhb/G3yr+J6Gs0Qnks9Ulj/mxYQC+pHuQlnJrwTzWj1s4FDR5Lsyvd 25ow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=NzpZl93icD3NxV8EmwNZaY5iVoEk6J4HM2bRPv7t5+g=; b=GxpFELjmpZi7FUdr+AGfWd6VbeQ0SnH7EYrdpYco4X1+Nc4vGVS3Xs/L7VorJg7KaH MNSB7tP6U59fi65rtu3qvqUC0X6ctoR9tnSrQG9AsLeRqAA2K35I3xJup017pWQwfYns ytM6fwqA95T6QhEOdJMUr4TNOhDqHbGHuMaU/rpGYuECThqjhNsykMWm+4bXA8rb13N5 xyMU71R0ktnRVW+myhU/INaJZ0dMbno8lgLycZiZ2pYzNRuW2QJVeiOS0vVVtA48pVLl LaCpg2KFU6nxh2Mu08tycI6/med0DwHGT5UbQ7Q2ykMevyFWN9vDV0nLZADD9bhgFs6y MpEA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@mit.edu header.s=outgoing header.b=eQ3424Mz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mit.edu Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n4-20020a056a0007c400b0056285c5a37asi7521208pfu.55.2022.12.02.08.18.30; Fri, 02 Dec 2022 08:18:42 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=fail header.i=@mit.edu header.s=outgoing header.b=eQ3424Mz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mit.edu Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233790AbiLBP5o (ORCPT + 82 others); Fri, 2 Dec 2022 10:57:44 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59330 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233041AbiLBP5l (ORCPT ); Fri, 2 Dec 2022 10:57:41 -0500 Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B1BCD24E for ; Fri, 2 Dec 2022 07:57:38 -0800 (PST) Received: from cwcc.thunk.org (pool-173-48-120-46.bstnma.fios.verizon.net [173.48.120.46]) (authenticated bits=0) (User authenticated as tytso@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 2B2Fuq0k006915 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 2 Dec 2022 10:56:53 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=outgoing; t=1669996618; bh=NzpZl93icD3NxV8EmwNZaY5iVoEk6J4HM2bRPv7t5+g=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=eQ3424MzYXhB0t2ItQIgSou/J/zhcEZf0xIFk5g2MA94AqgVI6VWsUepp1ENRCPdu IU681Xfe/4k4VdGtqbJ+Udm/cl/JfskvN2lUE5Y6hTljMyZvwKYPqD5feQUYyHIaoK lL/gQWfvAXG+Uxp2Fsm3Q9M1l+iRhprgiqMbhpkqT4YncDRu14sMvmvJRs5xLHTN6w 020+a8TcmRwcQxfA0RHAP2axo3ay3K2rvGgzbowcHfRXMfHBzM5PKEnkdstdE2MUVe F62RAxF4Zs9DxZ5wgaBVvnKEpqtqTcqyH9/Qu7MYP3gFL2TXDtrXIg8YgAZomh/x4y a8BlkPBwnyS9A== Received: by cwcc.thunk.org (Postfix, from userid 15806) id 2D9DE15C46FB; Fri, 2 Dec 2022 10:56:52 -0500 (EST) Date: Fri, 2 Dec 2022 10:56:52 -0500 From: "Theodore Ts'o" To: Alexei Starovoitov Cc: Linus Torvalds , Andrew Morton , Chris Mason , Steven Rostedt , Borislav Petkov , LKML , Masami Hiramatsu , Peter Zijlstra , Kees Cook , Josh Poimboeuf , KP Singh , Mark Rutland , Florent Revest , Greg Kroah-Hartman , Christoph Hellwig , Benjamin Tissoires Subject: Re: [PATCH] error-injection: Add prompt for function error injection Message-ID: References: <3fa8ec60-dd96-c41f-ea46-8856bf855949@meta.com> <20221122132905.12a8d5ad@gandalf.local.home> <20221130143719.07e36277d1471b83e9a1b627@linux-foundation.org> <20221202014129.n5lmvzsy436ebo4b@macbook-pro-6.dhcp.thefacebook.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20221202014129.n5lmvzsy436ebo4b@macbook-pro-6.dhcp.thefacebook.com> X-Spam-Status: No, score=-4.0 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Dec 01, 2022 at 05:41:29PM -0800, Alexei Starovoitov wrote: > > The fault injection framework disables individual syscall with zero performance > overhead comparing to LSM and seccomp mechanisms. > BPF is not involved here. It's a kprobe in one spot. > All other syscalls don't notice it. > It's an attractive way to improve security. > > A BPF prog over syscall can filter by user, cgroup, task and give fine grain > control over security surface. > tbh I'm not aware of folks doing "syscall disabling" through command line like > above (I've only seen it through bpf), but it doesn't mean that somebody will > not start complaining that their script broke, because distro disabled fault > injection. > > So should we split FUNCTION_ERROR_INJECTION kconfig into two ? > And do default N for things like should_failslab() and > default Y for syscalls? How about calling the latter something like bpf syscall hooks, and not using the terminology "error injection" in relation to system calls? I think that might be less confusing. - Ted