public inbox for systemtap@sourceware.org
 help / color / mirror / Atom feed
* [Bug tapsets/29570] New: Standardized template stap script for security band-aids
@ 2022-09-13 14:59 rgoldber at redhat dot com
  2022-10-03 20:48 ` [Bug tapsets/29570] " rgoldber at redhat dot com
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: rgoldber at redhat dot com @ 2022-09-13 14:59 UTC (permalink / raw)
  To: systemtap

https://sourceware.org/bugzilla/show_bug.cgi?id=29570

            Bug ID: 29570
           Summary: Standardized template stap script for security
                    band-aids
           Product: systemtap
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: tapsets
          Assignee: systemtap at sourceware dot org
          Reporter: rgoldber at redhat dot com
  Target Milestone: ---

Created attachment 14333
  --> https://sourceware.org/bugzilla/attachment.cgi?id=14333&action=edit
Template prototype stap script

It would be beneficial for the cve-*.stp scripts to begin to standardize
themselves to a single common format. They can all be broken into 2 components:
the boilerplate and the actual trace/fix payloads. And so I propose creating a
standard template as well as some minor stap syntax to remove these common
elements. 

The attachment shows a prototype of what this template might look like where
the new proposed syntax `probe livepatch("CVE-YYYY-ABCD").mode(notify_p, fix_p,
trace_p)` is replaced by the stap frontend with the injected boilerplate stap
code.

This not only standardizes and makes the actual cve fix fit in gently, with
minimum boilerplate, but also provides the users with some useful prometheus
metrics such as how long the patch has been applied for and how many times the
fix/trace are used.

-- 
You are receiving this mail because:
You are the assignee for the bug.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [Bug tapsets/29570] Standardized template stap script for security band-aids
  2022-09-13 14:59 [Bug tapsets/29570] New: Standardized template stap script for security band-aids rgoldber at redhat dot com
@ 2022-10-03 20:48 ` rgoldber at redhat dot com
  2022-10-04 16:33 ` rgoldber at redhat dot com
  2022-10-05 20:40 ` fche at redhat dot com
  2 siblings, 0 replies; 4+ messages in thread
From: rgoldber at redhat dot com @ 2022-10-03 20:48 UTC (permalink / raw)
  To: systemtap

https://sourceware.org/bugzilla/show_bug.cgi?id=29570

Ryan Goldberg <rgoldber at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #14333|0                           |1
        is obsolete|                            |

--- Comment #1 from Ryan Goldberg <rgoldber at redhat dot com> ---
Created attachment 14378
  --> https://sourceware.org/bugzilla/attachment.cgi?id=14378&action=edit
Submit A Patch for 29570

A new template for future CVE bandaids with a tapset containing some useful
tooling (convenient metrics, global parameters for toggling various aspects of
the patch, timeouts, ...)

-- 
You are receiving this mail because:
You are the assignee for the bug.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [Bug tapsets/29570] Standardized template stap script for security band-aids
  2022-09-13 14:59 [Bug tapsets/29570] New: Standardized template stap script for security band-aids rgoldber at redhat dot com
  2022-10-03 20:48 ` [Bug tapsets/29570] " rgoldber at redhat dot com
@ 2022-10-04 16:33 ` rgoldber at redhat dot com
  2022-10-05 20:40 ` fche at redhat dot com
  2 siblings, 0 replies; 4+ messages in thread
From: rgoldber at redhat dot com @ 2022-10-04 16:33 UTC (permalink / raw)
  To: systemtap

https://sourceware.org/bugzilla/show_bug.cgi?id=29570

Ryan Goldberg <rgoldber at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #14378|0                           |1
        is obsolete|                            |
                 CC|                            |rgoldber at redhat dot com

--- Comment #2 from Ryan Goldberg <rgoldber at redhat dot com> ---
Created attachment 14380
  --> https://sourceware.org/bugzilla/attachment.cgi?id=14380&action=edit
Submit A Patch for 29570, revised

At fche's suggestion made some nice modifications/simplifications to the
previous patch

-- 
You are receiving this mail because:
You are the assignee for the bug.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [Bug tapsets/29570] Standardized template stap script for security band-aids
  2022-09-13 14:59 [Bug tapsets/29570] New: Standardized template stap script for security band-aids rgoldber at redhat dot com
  2022-10-03 20:48 ` [Bug tapsets/29570] " rgoldber at redhat dot com
  2022-10-04 16:33 ` rgoldber at redhat dot com
@ 2022-10-05 20:40 ` fche at redhat dot com
  2 siblings, 0 replies; 4+ messages in thread
From: fche at redhat dot com @ 2022-10-05 20:40 UTC (permalink / raw)
  To: systemtap

https://sourceware.org/bugzilla/show_bug.cgi?id=29570

Frank Ch. Eigler <fche at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED
                 CC|                            |fche at redhat dot com

--- Comment #3 from Frank Ch. Eigler <fche at redhat dot com> ---
commit f2d9285fe0

-- 
You are receiving this mail because:
You are the assignee for the bug.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2022-10-05 20:40 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-09-13 14:59 [Bug tapsets/29570] New: Standardized template stap script for security band-aids rgoldber at redhat dot com
2022-10-03 20:48 ` [Bug tapsets/29570] " rgoldber at redhat dot com
2022-10-04 16:33 ` rgoldber at redhat dot com
2022-10-05 20:40 ` fche at redhat dot com

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).