All of lore.kernel.org
 help / color / mirror / Atom feed
From: Steven Rostedt <rostedt@goodmis.org>
To: Mark Rutland <mark.rutland@arm.com>
Cc: Chris Mason <clm@meta.com>,
	Alexei Starovoitov <alexei.starovoitov@gmail.com>,
	Florent Revest <revest@chromium.org>, bpf <bpf@vger.kernel.org>,
	Alexei Starovoitov <ast@kernel.org>,
	Daniel Borkmann <daniel@iogearbox.net>,
	Andrii Nakryiko <andrii@kernel.org>,
	KP Singh <kpsingh@kernel.org>,
	Brendan Jackman <jackmanb@google.com>,
	markowsky@google.com, Masami Hiramatsu <mhiramat@kernel.org>,
	Xu Kuohai <xukuohai@huawei.com>,
	LKML <linux-kernel@vger.kernel.org>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Christoph Hellwig <hch@infradead.org>,
	Peter Zijlstra <peterz@infradead.org>
Subject: Re: [RFC 0/1] BPF tracing for arm64 using fprobe
Date: Fri, 18 Nov 2022 11:45:19 -0500	[thread overview]
Message-ID: <20221118114519.2711d890@gandalf.local.home> (raw)
In-Reply-To: <Y3e0KtnQrudxiZbz@FVFF77S0Q05N.cambridge.arm.com>

On Fri, 18 Nov 2022 16:34:50 +0000
Mark Rutland <mark.rutland@arm.com> wrote:

> > Not alarmist, but concern as being able to modify what a kernel function can
> > do is not something I take lightly.  
> 
> FWIW, given that the aim here seems to be to expose all kernel internals to be
> overridden arbitrarily, I'm also concerned that there's a huge surface area for
> issues with maintainability, robustness/correctness, and security.
> 
> I really don't want to be stuck in a position where someone argues that all
> kernel internal functions are ABI and need to stay around as-is to be hooked by
> eBPF, and I hope that we all agree that there are no guarantees on that front.

My biggest concern is changing functionality of arbitrary functions by BPF.
I would much rather limit what functions BPF could change with some
annotation.

int __bpf_modify foo()
{
	...
}


That way if somethings not working, you can see directly in the code that
the function could be modified by a BPF program, instead of getting some
random bug report because a function returned an unexpected result that the
code of that function could never produce.

-- Steve

  reply	other threads:[~2022-11-18 16:45 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-11-08 22:06 [RFC 0/1] BPF tracing for arm64 using fprobe Florent Revest
2022-11-08 22:06 ` [RFC 1/1] bpf: Invoke tracing progs using fprobe on archs without direct call Florent Revest
2022-11-17  2:41 ` [RFC 0/1] BPF tracing for arm64 using fprobe Alexei Starovoitov
2022-11-17 13:33   ` Masami Hiramatsu
2022-11-17 16:50     ` Alexei Starovoitov
2022-11-18 16:26       ` Mark Rutland
2022-11-17 17:16   ` Steven Rostedt
2022-11-17 21:55     ` Chris Mason
2022-11-17 22:40       ` Steven Rostedt
2022-11-18 16:34         ` Mark Rutland
2022-11-18 16:45           ` Steven Rostedt [this message]
2022-11-18 17:44             ` Chris Mason
2022-11-18 18:06               ` Steven Rostedt
2022-11-18 18:52                 ` Chris Mason
2022-11-21 13:47                   ` KP Singh
2022-11-21 14:16                     ` Peter Zijlstra
2022-11-21 14:23                       ` KP Singh
2022-11-21 15:15                     ` Steven Rostedt
2022-11-21 15:29                       ` KP Singh
2022-11-21 15:39                         ` Steven Rostedt
2022-11-21 16:16                         ` Jiri Kosina
2022-11-21 15:40                       ` Alexei Starovoitov
2022-11-21 15:45                         ` Steven Rostedt
2022-11-21 15:55                           ` Borislav Petkov
2022-11-21 10:09                 ` Peter Zijlstra
2022-11-21 14:40                   ` Masami Hiramatsu
2022-11-18 16:18       ` Mark Rutland
2022-11-17 13:16 ` Masami Hiramatsu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20221118114519.2711d890@gandalf.local.home \
    --to=rostedt@goodmis.org \
    --cc=alexei.starovoitov@gmail.com \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=clm@meta.com \
    --cc=daniel@iogearbox.net \
    --cc=gregkh@linuxfoundation.org \
    --cc=hch@infradead.org \
    --cc=jackmanb@google.com \
    --cc=kpsingh@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mark.rutland@arm.com \
    --cc=markowsky@google.com \
    --cc=mhiramat@kernel.org \
    --cc=peterz@infradead.org \
    --cc=revest@chromium.org \
    --cc=torvalds@linux-foundation.org \
    --cc=xukuohai@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.