Re: [PATCH] error-injection: Add prompt for function error injection
From: Borislav Petkov
Date: Tue Nov 22 2022 - 13:16:51 EST
On Tue, Nov 22, 2022 at 12:42:33PM -0500, Chris Mason wrote:
> I think there are a few different sides to this:
>
> - it makes total sense that we all have wildly different ideas about
> which tools should be available in prod. Making this decision more fine
> grained seems reasonable.
>
> - fault injection for testing: we have a stage of qualification that
> does error injection against the prod kernel. It helps to have this
> against the debug kernel too, but that misses some races etc. I always
> just assumed distros and partners did some fault injection tests against
> the prod kernel builds?
That's what the debug kernel flavor is for. At least on SLES.
That's why we have the MCE injection module in the debug flavor and not
in the production one. For the very same reason.
> - overriding return values for security fixes: also not a common thing,
> but it's a tool we've used. There are usually better long term fixes,
> but it happens.
Yeah, that's what live patching is for.
> In other words, I really do care about the concerns you're expressing
> here, and I'm usually first in line to complain when random people make
> my job harder. I'm just not seeing these issues with BPF, and I see
> them actively trying to increase safety over time.
So this might be your opinion and I respect it but your first paragraph
was spot on: to *have* the option to decide whether a company wants to
support that in production or not.
I'm sure it makes sense for you in your production scenarios but it
doesn't for us. At least not at this point.
And I think this should be disabled in our kernels for now. When the
team decides someday that they wanna deal with bug reports of people
doing fault injection, then sure by all means.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette