Re: [PATCH RFC 0/4] static key support for error injection functions
From: Vlastimil Babka
Date: Sat Jun 01 2024 - 16:49:15 EST
On 5/31/24 5:31 PM, Mark Rutland wrote:
> Hi,
>
> On Fri, May 31, 2024 at 11:33:31AM +0200, Vlastimil Babka wrote:
>> Incomplete, help needed from ftrace/kprobe and bpf folks.
>
>> - the generic error injection using kretprobes with
>> override_function_with_return is handled in patch 2. The
>> ALLOW_ERROR_INJECTION() annotation is extended so that static key
>> address can be passed, and the framework controls it when error
>> injection is enabled or disabled in debugfs for the function.
>>
>> There are two more users I know of but am not familiar enough to fix up
>> myself. I hope people that are more familiar can help me here.
>>
>> - ftrace seems to be using override_function_with_return from
>> #define ftrace_override_function_with_return but I found no place
>> where the latter is used. I assume it might be hidden behind more
>> macro magic? But the point is if ftrace can be instructed to act like
>> an error injection, it would also have to use some form of metadata
>> (from patch 2 presumably?) to get to the static key and control it.
>
> I don't think you've missed anything; nothing currently uses
> ftrace_override_function_with_return(). I added that in commit:
Ah, great, thanks for confirming that.
> 94d095ffa0e16bb7 ("ftrace: abstract DYNAMIC_FTRACE_WITH_ARGS accesses")
>
> ... so that it was possible to do anything that was possible with
> FTRACE_WITH_REGS and/or kprobes, under the expectation that we might
> want to move fault injection and BPF probes over to fprobes in future,
> as ftrace/fprobes is generally faster than kprobes (e.g. for
> architectures that can't do KPROBES_ON_FTRACE or OPTPROBES).
>
> That's just the mechanism for the handler to use; I'd expect whatever
> registered the handler to be responsible for flipping the static key,
> and I don't think anything needs to change within ftrace itself.
>
>> If ftrace can only observe the function being called, maybe it
>> wouldn't be wrong to just observe nothing if the static key isn't
>> enabled because nobody is doing the fault injection?
>
> Yep, that sounds right to me.
Good.
> Mark.