Received: by 10.223.164.202 with SMTP id h10csp1281861wrb; Sat, 11 Nov 2017 03:52:49 -0800 (PST) X-Google-Smtp-Source: AGs4zMYAlq/pBrDk8t4tQs1P2sYVvk/bd72QYvy83U+DtiCUJOwG7nuIz1GLey0qA0veFyqo8cct X-Received: by 10.101.97.20 with SMTP id z20mr3184557pgu.267.1510401169519; Sat, 11 Nov 2017 03:52:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510401169; cv=none; d=google.com; s=arc-20160816; b=L10qHeynXjY5A66hPpszaC/wNZA61XJ066Qpb7EGfq0re/d0MsbU/bctIsn1kkQYRF ouijz3HcBwA4M4IDgK6mZ5hMZhJ5Fu8aoYBRERWqA04PayxsmMStBszoPdmeVAx9Xc/b NozAXEbyup7nJpyrfJFQgPPOYfG0hJHx83xhzd+Xr7dYh3pj8/vXITwycA6nFTYcKbld CQV+h2HsFhXFDheuKNhwqmQICL/9rYjmM+zCWIbDY7uvM4zLDRzoRX0BnQRxzaPmCJE0 G4RPe9HBNkJa3RYwnuIHC+UdyTn/lvrp+pxuYE9Ix27JqUK53GkEoBzCdgFKGZcofjKW Kq5g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=UsunH7idb7KbuNaCMIzA5tZ5kNVXmOoe54QZZNZhRSk=; b=pjoXACoV75q8rBzr17imIc47rLKKXRn/2h90fGPgqk9ycVYmZOR0x9a2K1pWyYb6U5 Vcsn23AMwm4509ivYWv4syR7zV3jlc3lWMVVO3Jnrxqp0eVt5zFg3bgD7CdJGkvy7Jyk Q2lniP8eJHNkPP0RobUUdwexBuXTpfFu6JxiAIAaoIBu3pbCpVro56wErvJze0ceFP/x c8Nvt6q7ZbALAMU9MgJbEBanw2ZYSAv4N7/YQTTpUJWWRlTzwPS1ZyhRIAZZ2jHmiRJc FeQrW8OM0cWqCBR3FlojjiUf77CriS3E5u9e0aNLDiuWgc6hN2jRe9cvNCCfP0szUjio Z2wg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@toxicpanda-com.20150623.gappssmtp.com header.s=20150623 header.b=mYXM0eR7; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b6si10258427pgc.428.2017.11.11.03.52.37; Sat, 11 Nov 2017 03:52:49 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@toxicpanda-com.20150623.gappssmtp.com header.s=20150623 header.b=mYXM0eR7; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753050AbdKKLvN (ORCPT + 83 others); Sat, 11 Nov 2017 06:51:13 -0500 Received: from mail-qk0-f173.google.com ([209.85.220.173]:49731 "EHLO mail-qk0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751640AbdKKLvK (ORCPT ); Sat, 11 Nov 2017 06:51:10 -0500 Received: by mail-qk0-f173.google.com with SMTP id w125so4042607qkb.6 for ; Sat, 11 Nov 2017 03:51:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=UsunH7idb7KbuNaCMIzA5tZ5kNVXmOoe54QZZNZhRSk=; b=mYXM0eR7EQjq8n21XlYNg1Cp3qZ1DC3R2fp+MDx4pMpUub3FCKstdhgPFn1uFI46L0 BjkqW5AmDxaS5OMM0G9qcU7oSFHOwrMBOclO3lVv/miWOCovoPv61BRZxr2ELl9u2XAX T/fV0J5rIRTFZ0wIOwyLoDHuplfdFEE1hfK4zgb71AWsmDgx9ukML7tPkV/Pz5wy8lRR RDPkrMTbvrOAGMhiiwAADdm/6eHK++EN6SsaVVlthj+n+I1lXdgIRL+Pb42BKUnYIKF5 hUoUJlzBzqdOaGCnaaUCicw2IIVsRic6u1h5xitOwMLwddBP12DQDgZHDuygp9xl690S uOMg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=UsunH7idb7KbuNaCMIzA5tZ5kNVXmOoe54QZZNZhRSk=; b=DuzRDX+Q+vcKLheegvgbfKAlq5X+8sQk6in1kqMZSz1Lf0EKGYie8uZQf/QJB2mCln Ypv0Ay2+lyeIpxvtf+ldOVo4sGt6w4cUjqiWfLdNtBR0M+ONrDF+1aWa/sakm5XYXpbI FcewYj3WtMs7MhXEbKp8Up+Y4DxS4YLiHJ9hMLlzlWzi6XMjmJ1wFlWZIJuag+kC1eg6 kwkCT11P/1W8WLBxvJqGWTqbhA/ysrGlvvsCf2lAh7ly4LKXTqLaQ76LJ9Fg7nKx6m3t 0ALfKU3tam8G9Ng5PBQn0BvkT/Nqgxn3Yz71yptY50FpDLxpWNKWza8B0EBTIp3mpRef pgHw== X-Gm-Message-State: AJaThX5G1G0PesQeTycmC4KDFYiq1D95Ww322w1Q8p9R7Kn2Et3ygDeH 2yrA8CKIlDtVWK5meAk16qB6Ak/1wPs= X-Received: by 10.55.101.22 with SMTP id z22mr5211516qkb.140.1510401070091; Sat, 11 Nov 2017 03:51:10 -0800 (PST) Received: from localhost (cpe-2606-A000-4381-1201-225-22FF-FEB3-E51A.dyn6.twc.com. [2606:a000:4381:1201:225:22ff:feb3:e51a]) by smtp.gmail.com with ESMTPSA id l10sm4869109qki.87.2017.11.11.03.51.09 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 11 Nov 2017 03:51:09 -0800 (PST) Date: Sat, 11 Nov 2017 06:51:08 -0500 From: Josef Bacik To: Ingo Molnar Cc: Josef Bacik , rostedt@goodmis.org, mingo@redhat.com, davem@davemloft.net, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, ast@kernel.org, kernel-team@fb.com, daniel@iogearbox.net, Josef Bacik Subject: Re: [PATCH 1/2] bpf: add a bpf_override_function helper Message-ID: <20171111115107.utf6teuxddob2x5j@destiny> References: <1510086523-8859-1-git-send-email-josef@toxicpanda.com> <1510086523-8859-2-git-send-email-josef@toxicpanda.com> <20171110093459.w2pvo3ntkwbmgnha@gmail.com> <20171110171428.hrw5cpxy4sgzf7mn@destiny> <20171111081455.qx4rodxldofbzypb@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20171111081455.qx4rodxldofbzypb@gmail.com> User-Agent: NeoMutt/20170714 (1.8.3) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Nov 11, 2017 at 09:14:55AM +0100, Ingo Molnar wrote: > > * Josef Bacik wrote: > > > On Fri, Nov 10, 2017 at 10:34:59AM +0100, Ingo Molnar wrote: > > > > > > * Josef Bacik wrote: > > > > > > > @@ -551,6 +578,10 @@ static const struct bpf_func_proto *kprobe_prog_func_proto(enum bpf_func_id func > > > > return &bpf_get_stackid_proto; > > > > case BPF_FUNC_perf_event_read_value: > > > > return &bpf_perf_event_read_value_proto; > > > > + case BPF_FUNC_override_return: > > > > + pr_warn_ratelimited("%s[%d] is installing a program with bpf_override_return helper that may cause unexpected behavior!", > > > > + current->comm, task_pid_nr(current)); > > > > + return &bpf_override_return_proto; > > > > > > So if this new functionality is used we'll always print this into the syslog? > > > > > > The warning is also a bit passive aggressive about informing the user: what > > > unexpected behavior can happen, what is the worst case? > > > > > > > It's modeled after the other warnings bpf will spit out, but with this feature > > you are skipping a function and instead returning some arbitrary value, so > > anything could go wrong if you mess something up. For instance I screwed up my > > initial test case and made every IO submitted return an error instead of just on > > the one file system I was attempting to test, so all sorts of hilarity ensued. > > Ok, then for the x86 bits: > > NAK-ed-by: Ingo Molnar > > One of the major advantages of having an in-kernel BPF sandbox is to never crash > the kernel - and allowing BPF programs to just randomly modify the return value of > kernel functions sounds immensely broken to me. > > (And yes, I realize that kprobes are used here as a vehicle, but the point > remains.) > Only root can use this feature, and did you read the first email? The whole point of this is that error path checkig fucking sucks, and this gives us the ability to systematically check our error paths and make the kernel way more robust than it currently is. Can things go wrong? Sure, that's why its a config option and root only. You only want to turn this on for testing and not have it on in production. This is a valuable tool and well worth the risk. Thanks, Josef From 1583756781786131344@xxx Sat Nov 11 08:16:06 +0000 2017 X-GM-THRID: 1583463755336960738 X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread