On Wed, Apr 03, 2019 at 04:52:40PM +0100, Edward Cree wrote:
> On 02/04/2019 15:37, Daniel Borkmann wrote:
> > If we really want to have a kernel warn, then lets add a
> > helper macro verbose_and_warn(...) which will trigger a one-time warning,
> > but keeps
> > the verbose log intact as well.
> +1
>
> Any time the verifier detects that its internal invariants have been broken,
> logging a warning is the right thing to do, just like any other part of the
> kernel.
It's not black and white.
As I said I don't think verbose_and_warn() is necessary.
Messages like:
verbose(env, "bpf verifier is misconfigured\n");
are technically 'broken internal invariant', but it shouldn't be a warn.
Whereas this:
if (WARN_ON(regno >= MAX_BPF_REG)) {
verbose(env, "mark_reg_known_zero(regs, %u)\n", regno);
/* Something bad happened, let's kill all regs */
for (regno = 0; regno < MAX_BPF_REG; regno++)
__mark_reg_not_init(regs + regno);
return;
}
should stay as-is.
It's a warn, and verbose message, and clean of regs.
Similarly:
if (WARN_ON_ONCE(ptr_reg)) {
print_verifier_state(env, state);
verbose(env, "verifier internal error: unexpected ptr_reg\n");
return -EINVAL;
}
is a warn and more than just a verbose message.
verbose_and_warn() doesn't fit these two practical cases of warn + verbose.
Hence I see no reason to combine warn and verbose into single helper.
They're perfectly fine being separate.
