On Mon, Nov 21, 2022 at 4:15 PM Steven Rostedt <rostedt@xxxxxxxxxxx> wrote: > > On Mon, 21 Nov 2022 14:47:10 +0100 > KP Singh <kpsingh@xxxxxxxxxx> wrote: > > > This annotation already exists, i.e. ALLOW_ERROR_INJECTION > > > > Users, with CONFIG_FUNCTION_ERROR_INJECTION, can already modify return > > values of kernel functions using kprobes and the failure injection > > framework [1] for functions annotated with ALLOW_ERROR_INJECTION. > > > > BPF just provides another way to do the same thing with "modify > > return" programs and this also respects the error injection list [2] > > and users can *only* attach these programs to the functions annotated > > with ALLOW_ERROR_INJECTION. > > WAIT! > > Looking at the Kconfigs, I see > > CONFIG_FUNCTION_ERROR_INJECTION is set when > CONFIG_HAVE_FUNCTION_ERROR_INJECTION is set, and when CONFIG_KPROBES is set. > > And ALLOW_ERROR_INJECTION() is set when CONFIG_FUNCTION_ERROR_INJECTION is. > > There's no way to turn it off on x86 except by disabling kprobes! > > WTF! > > I don't want a kernel that can add error injection just because kprobes is > enabled. There's two kinds of kprobes. One that is for visibility only (for > tracing) and one that can be used for functional changes. I want the > visibility without the ability to change the kernel. The visibility portion > is very useful for security, where as the modifying one can be used to > circumvent security. I am not sure how they can circumvent security since this needs root / root equivalent permissions. Fault injection is actually a very useful debugging tool. > > As kprobes are set in most production environments, so is error injection. > Do we really want error injection enabled on production environments? > I don't. > > I think we need this patch ASAP! > > -- Steve > > diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug > index c3c0b077ade3..9ee72d8860c3 100644 > --- a/lib/Kconfig.debug > +++ b/lib/Kconfig.debug > @@ -1874,8 +1874,14 @@ config NETDEV_NOTIFIER_ERROR_INJECT > If unsure, say N. > > config FUNCTION_ERROR_INJECTION > - def_bool y > + bool "Fault-injections of functions" > depends on HAVE_FUNCTION_ERROR_INJECTION && KPROBES > + help > + Add fault injections into various functions that are annotated with > + ALLOW_ERROR_INJECTION() in the kernel. BPF may also modify the return > + value of theses functions. This is useful to test error paths of code. > + > + If unsure, say N > > config FAULT_INJECTION > bool "Fault-injection framework"
