Re: [RFC 0/1] BPF tracing for arm64 using fprobe

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Nov 21, 2022 at 4:15 PM Steven Rostedt <rostedt@xxxxxxxxxxx> wrote:
>
> On Mon, 21 Nov 2022 14:47:10 +0100
> KP Singh <kpsingh@xxxxxxxxxx> wrote:
>
> > This annotation already exists, i.e. ALLOW_ERROR_INJECTION
> >
> > Users, with CONFIG_FUNCTION_ERROR_INJECTION, can already modify return
> > values of kernel functions using kprobes and the failure injection
> > framework [1] for functions annotated with ALLOW_ERROR_INJECTION.
> >
> > BPF just provides another way to do the same thing with "modify
> > return" programs and this also respects the error injection list [2]
> > and users can *only* attach these programs to the functions annotated
> > with ALLOW_ERROR_INJECTION.
>
> WAIT!
>
> Looking at the Kconfigs, I see
>
> CONFIG_FUNCTION_ERROR_INJECTION is set when
> CONFIG_HAVE_FUNCTION_ERROR_INJECTION is set, and when CONFIG_KPROBES is set.
>
> And ALLOW_ERROR_INJECTION() is set when CONFIG_FUNCTION_ERROR_INJECTION is.
>
> There's no way to turn it off on x86 except by disabling kprobes!
>
> WTF!
>
> I don't want a kernel that can add error injection just because kprobes is
> enabled. There's two kinds of kprobes. One that is for visibility only (for
> tracing) and one that can be used for functional changes. I want the
> visibility without the ability to change the kernel. The visibility portion
> is very useful for security, where as the modifying one can be used to
> circumvent security.

I am not sure how they can circumvent security since this needs root /
root equivalent permissions. Fault injection is actually a very useful
debugging tool.

>
> As kprobes are set in most production environments, so is error injection.
> Do we really want error injection enabled on production environments?
> I don't.
>
> I think we need this patch ASAP!
>
> -- Steve
>
> diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
> index c3c0b077ade3..9ee72d8860c3 100644
> --- a/lib/Kconfig.debug
> +++ b/lib/Kconfig.debug
> @@ -1874,8 +1874,14 @@ config NETDEV_NOTIFIER_ERROR_INJECT
>           If unsure, say N.
>
>  config FUNCTION_ERROR_INJECTION
> -       def_bool y
> +       bool "Fault-injections of functions"
>         depends on HAVE_FUNCTION_ERROR_INJECTION && KPROBES
> +       help
> +         Add fault injections into various functions that are annotated with
> +         ALLOW_ERROR_INJECTION() in the kernel. BPF may also modify the return
> +         value of theses functions. This is useful to test error paths of code.
> +
> +         If unsure, say N
>
>  config FAULT_INJECTION
>         bool "Fault-injection framework"



[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux