On Fri, Apr 3, 2026 at 6:26 PM Menglong Dong <[email protected]> wrote: > > On 2026/4/2 21:20 Yafang Shao <[email protected]> write: > > On Thu, Apr 2, 2026 at 8:48 PM Menglong Dong <[email protected]> > > wrote: > > > > > > On 2026/4/2 17:26, Yafang Shao wrote: > > > > Introduce the ability for kprobes to override the return values of > > > > functions that have been livepatched. This functionality is guarded by > > > > the > > > > CONFIG_KPROBE_OVERRIDE_KLP_FUNC configuration option. > > > > > > Hi, Yafang. This is a interesting idea. > > > > [...] > > > > +/* noclone to avoid bond_get_slave_hook.constprop.0 */ > > +__attribute__((__noclone__, __noinline__)) > > +int bond_get_slave_hook(struct sk_buff *skb, u32 hash, unsigned int count) > > +{ > > + return -1; > > +} > > Hi, yafang. > > I see what you mean now. So you want to allow BPF program override > the return of all the kernel functions in a KLP module. > > I think the security problem is a big issue. Image that we have a KLP > in our environment. Any users can crash the kernel by hook a BPF > program on it with the calling of bpf_override_write().
This feature is guarded by the CONFIG_KPROBE_OVERRIDE_KLP_FUNC configuration option, which is disabled by default. Consequently, the user must explicitly enable this option to utilize the feature. > > What's more, this is a little weird for me. If we allow to use > bpf_override_return() > for the kernel functions in a KLP, why not we allow it in a common kernel > module, as KLP is a kind of kernel module. Then, why not we allow to > use it for all the kernel functions? By leveraging KLP, we can rapidly deploy new features without interrupting production workloads. Accordingly, this feature is specifically targeted at KLP-patched functions to maintain that seamless delivery model. > > Can we mark the "bond_get_slave_hook" with ALLOW_ERROR_INJECTION() in > your example? Then we can override its return directly. This is a more > reasonable for me. With ALLOW_ERROR_INJECTION(), we are telling people that > anyone can modify the return of this function safely. It is unfortunate that ALLOW_ERROR_INJECTION() is incompatible with KLP-patched functions, as this limits our ability to perform fault injection on livepatched code > > WDYT? > > BTW, this is a BPF modification, so maybe we can use "bpf: xxx" for the title > of this patch. Then, the BPF maintainers can notice this patch ;) I agree with the suggestion. I will update the subject prefix to "trace, bpf:" in the next version. -- Regards Yafang
