From: David Smith <dsmith@redhat.com>
To: Martin Hunt <hunt@redhat.com>
Cc: "Frank Ch. Eigler" <fche@redhat.com>, systemtap@sources.redhat.com
Subject: Re: whitelist for safe-mode probes (or just a better blacklist?)
Date: Wed, 20 Sep 2006 18:02:00 -0000 [thread overview]
Message-ID: <45118205.3090108@redhat.com> (raw)
In-Reply-To: <1158766960.6220.13.camel@dragon>
Martin Hunt wrote:
> On Wed, 2006-09-20 at 11:14 -0400, Frank Ch. Eigler wrote:
>> Martin Hunt <hunt@redhat.com> writes:
>>
>>> [...] To guarantee a probe will not crash the kernel it is going to
>>> be necessary to generate a whitelist of probe points.
>> Sure, except that this guarantee is only as good as the method used to
>> generate the whitelist.
>
> Of course.
>
>>> [...] How would this all work? The whitelist and blacklist would be
>>> files distributed with Systemtap. They would be updated
>>> automatically with a test script. [...]
>> How do you imagine this test script working? Could it generate a list
>> roughly matching the "in-our-experience-so-far-safe" set in a
>> reasonable timeframe? (It would not be very helpful if it took months
>> to run, or resulted in a small list.)
>
> I imagine this would be a list that would be checked into CVS of
> functions that have been tested and never caused problems. The only
> reason to use a whitelist instead of a blacklist is because we should be
> paranoid and not assume as new functions get added to the kernel, they
> are safely probeable, as we do now.
>
> Writing a script to do this testing is not difficult, except for the
> problems with lockups which require a way to remotely reboot a system.
> This requires we assume the existence of special hardware or that the
> test system is running on a specific virtualization system. This needs
> done regardless of what we decide about the need for a whitelist. I
> hoped to provoke some discussion about this. We've talked about it, but
> has anyone actually written any test scripts to test all the kernel
> functions this way?
I can tell you that looking into the problems probing
'kernel.function("*")' on x86 over the last couple of days I've rebooted
my test system (what seems like) countless times. I certainly agree
with you that we'll need special hardware (perhaps x10 could be a simple
start) or virtualization to get this going using a script. I do think
that this testing would be extremely useful, even without a whitelist
feature.
I wonder if we really might need various levels of "whitelists" to
satisfy customer concerns. Something like anyone in group A can only
probe syscalls, users in group B can probe syscalls + exported kernel
functions, etc.
--
David Smith
dsmith@redhat.com
Red Hat, Inc.
http://www.redhat.com
256.217.0141 (direct)
256.837.0057 (fax)
next prev parent reply other threads:[~2006-09-20 18:02 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-09-19 16:29 Martin Hunt
2006-09-20 15:14 ` Frank Ch. Eigler
2006-09-20 15:42 ` Martin Hunt
2006-09-20 16:23 ` Vara Prasad
2006-09-22 9:43 ` Li Guanglei
2006-09-22 15:53 ` Li Guanglei
2006-09-20 18:02 ` David Smith [this message]
2006-09-21 22:13 ` David Wilder
2006-09-20 17:20 Stone, Joshua I
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=45118205.3090108@redhat.com \
--to=dsmith@redhat.com \
--cc=fche@redhat.com \
--cc=hunt@redhat.com \
--cc=systemtap@sources.redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).