bpf: Remove bpf_probe_write_user() warning message #8130
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![kernel-patches-daemon-bpf[bot]](https://avatars.githubusercontent.com/u/70728002?s=60&v=4){kind=small}
|
Upstream branch: c8d02b5 |
|
Upstream branch: c8d02b5 |
kernel-patches-daemon-bpf
bot
force-pushed
the
series/912778=>bpf-next
branch
from
ef1365a
to
94fd2d4
Compare
|
At least one diff in series https://patchwork.kernel.org/project/netdevbpf/list/?series=912778 expired. Closing PR. |
|
Upstream branch: c8d02b5 |
kernel-patches-daemon-bpf
bot
added
new
V3
and removed
changes-requested
V2
V2-ci-fail
labels
kernel-patches-daemon-bpf
bot
force-pushed
the
series/912778=>bpf-next
branch
from
94fd2d4
to
422a749
Compare
|
At least one diff in series https://patchwork.kernel.org/project/netdevbpf/list/?series=912831 expired. Closing PR. |
|
Upstream branch: c8d02b5 |
kernel-patches-daemon-bpf
bot
force-pushed
the
series/912778=>bpf-next
branch
from
422a749
to
1fe3eda
Compare
|
Upstream branch: c8d02b5 |
kernel-patches-daemon-bpf
bot
force-pushed
the
series/912778=>bpf-next
branch
from
1fe3eda
to
7c70ac6
Compare
The warning message for bpf_probe_write_user() was introduced in 96ae522 ("bpf: Add bpf_probe_write_user BPF helper to be called in tracers"), with the following in the commit message: Given this feature is meant for experiments, and it has a risk of crashing the system, and running programs, we print a warning on when a proglet that attempts to use this helper is installed, along with the pid and process name. After 8 years since 96ae522, bpf_probe_write_user() has found successful applications beyond experiments [1, 2], with no other good alternatives. Despite its intended purpose for "experiments", that doesn't stop Hyrum's law, and there are likely many more users depending on this helper: "[..] it does not matter what you promise [..] all observable behaviors of your system will be depended on by somebody." The ominous "helper that may corrupt user memory!" has offered no real benefit, and has been found to lead to confusion where the system administrator is loading programs with valid use cases. As such, remove the warning message. Link: https://lore.kernel.org/lkml/[email protected]/ [1] Link: https://lore.kernel.org/r/lkml/CAAn3qOUMD81-vxLLfep0H6rRd74ho2VaekdL4HjKq+Y1t9KdXQ@mail.gmail.com/ [2] Link: https://lore.kernel.org/all/CAEf4Bzb4D_=zuJrg3PawMOW3KqF8JvJm9SwF81_XHR2+u5hkUg@mail.gmail.com/ Signed-off-by: Marco Elver <[email protected]> Acked-by: Jiri Olsa <[email protected]> Acked-by: Daniel Borkmann <[email protected]>
…_proto() With bpf_get_probe_write_proto() no longer printing a message, we can avoid it being a special case with its own permission check. Refactor bpf_tracing_func_proto() similar to bpf_base_func_proto() to have a section conditional on bpf_token_capable(CAP_SYS_ADMIN), where the proto for bpf_probe_write_user() is returned. Finally, remove the unnecessary bpf_get_probe_write_proto(). This simplifies the code, and adding additional CAP_SYS_ADMIN-only helpers in future avoids duplicating the same CAP_SYS_ADMIN check. Suggested-by: Andrii Nakryiko <[email protected]> Signed-off-by: Marco Elver <[email protected]> Acked-by: Jiri Olsa <[email protected]> Acked-by: Daniel Borkmann <[email protected]>
|
Upstream branch: c8d02b5 |
kernel-patches-daemon-bpf
bot
force-pushed
the
series/912778=>bpf-next
branch
from
7c70ac6
to
582433f
Compare
kernel-patches-daemon-bpf
bot
force-pushed
the
bpf-next_base
branch
from
789c0d4
to
b87df96
Compare
|
At least one diff in series https://patchwork.kernel.org/project/netdevbpf/list/?series=913255 irrelevant now. Closing PR. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull request for series with
subject: bpf: Remove bpf_probe_write_user() warning message
version: 2
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=912778