[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20221118114519.2711d890@gandalf.local.home>
Date: Fri, 18 Nov 2022 11:45:19 -0500
From: Steven Rostedt <rostedt@...dmis.org>
To: Mark Rutland <mark.rutland@....com>
Cc: Chris Mason <clm@...a.com>,
Alexei Starovoitov <alexei.starovoitov@...il.com>,
Florent Revest <revest@...omium.org>,
bpf <bpf@...r.kernel.org>, Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>,
KP Singh <kpsingh@...nel.org>,
Brendan Jackman <jackmanb@...gle.com>, markowsky@...gle.com,
Masami Hiramatsu <mhiramat@...nel.org>,
Xu Kuohai <xukuohai@...wei.com>,
LKML <linux-kernel@...r.kernel.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Christoph Hellwig <hch@...radead.org>,
Peter Zijlstra <peterz@...radead.org>
Subject: Re: [RFC 0/1] BPF tracing for arm64 using fprobe
On Fri, 18 Nov 2022 16:34:50 +0000
Mark Rutland <mark.rutland@....com> wrote:
> > Not alarmist, but concern as being able to modify what a kernel function can
> > do is not something I take lightly.
>
> FWIW, given that the aim here seems to be to expose all kernel internals to be
> overridden arbitrarily, I'm also concerned that there's a huge surface area for
> issues with maintainability, robustness/correctness, and security.
>
> I really don't want to be stuck in a position where someone argues that all
> kernel internal functions are ABI and need to stay around as-is to be hooked by
> eBPF, and I hope that we all agree that there are no guarantees on that front.
My biggest concern is changing functionality of arbitrary functions by BPF.
I would much rather limit what functions BPF could change with some
annotation.
int __bpf_modify foo()
{
...
}
That way if somethings not working, you can see directly in the code that
the function could be modified by a BPF program, instead of getting some
random bug report because a function returned an unexpected result that the
code of that function could never produce.
-- Steve
Powered by blists - more mailing lists