Re: [PATCH] error-injection: Add prompt for function error injection

From: Alexei Starovoitov
Date: Fri Dec 02 2022 - 16:27:22 EST


On Fri, Dec 02, 2022 at 10:56:52AM -0500, Theodore Ts'o wrote:
> On Thu, Dec 01, 2022 at 05:41:29PM -0800, Alexei Starovoitov wrote:
> >
> > The fault injection framework disables individual syscall with zero performance
> > overhead comparing to LSM and seccomp mechanisms.
> > BPF is not involved here. It's a kprobe in one spot.
> > All other syscalls don't notice it.
> > It's an attractive way to improve security.
> >
> > A BPF prog over syscall can filter by user, cgroup, task and give fine grain
> > control over security surface.
> > tbh I'm not aware of folks doing "syscall disabling" through command line like
> > above (I've only seen it through bpf), but it doesn't mean that somebody will
> > not start complaining that their script broke, because distro disabled fault
> > injection.
> >
> > So should we split FUNCTION_ERROR_INJECTION kconfig into two ?
> > And do default N for things like should_failslab() and
> > default Y for syscalls?
>
> How about calling the latter something like bpf syscall hooks, and not
> using the terminology "error injection" in relation to system calls?
> I think that might be less confusing.

I think 'syscall error injection' name fits well.
It's a generic feature that both kprobes and bpf should be able to use.
Here is the patch...

Even with this patch we have 7 failures in BPF selftests.
We will fix them later with the same mechanism as we will pick for hid-bpf.

This patch will keep 'syscall disabling' scripts working
and bpf syscall adjustment will work too.
So no chance of breaking anyone.
While actual error injection inside the kernel will be disabled.

Better name suggestions are welcome, of course.