public inbox for systemtap@sourceware.org
 help / color / mirror / Atom feed
From: "rgoldber at redhat dot com" <sourceware-bugzilla@sourceware.org>
To: systemtap@sourceware.org
Subject: [Bug tapsets/29570] New: Standardized template stap script for security band-aids
Date: Tue, 13 Sep 2022 14:59:07 +0000	[thread overview]
Message-ID: <bug-29570-6586@http.sourceware.org/bugzilla/> (raw)

https://sourceware.org/bugzilla/show_bug.cgi?id=29570

            Bug ID: 29570
           Summary: Standardized template stap script for security
                    band-aids
           Product: systemtap
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: tapsets
          Assignee: systemtap at sourceware dot org
          Reporter: rgoldber at redhat dot com
  Target Milestone: ---

Created attachment 14333
  --> https://sourceware.org/bugzilla/attachment.cgi?id=14333&action=edit
Template prototype stap script

It would be beneficial for the cve-*.stp scripts to begin to standardize
themselves to a single common format. They can all be broken into 2 components:
the boilerplate and the actual trace/fix payloads. And so I propose creating a
standard template as well as some minor stap syntax to remove these common
elements. 

The attachment shows a prototype of what this template might look like where
the new proposed syntax `probe livepatch("CVE-YYYY-ABCD").mode(notify_p, fix_p,
trace_p)` is replaced by the stap frontend with the injected boilerplate stap
code.

This not only standardizes and makes the actual cve fix fit in gently, with
minimum boilerplate, but also provides the users with some useful prometheus
metrics such as how long the patch has been applied for and how many times the
fix/trace are used.

-- 
You are receiving this mail because:
You are the assignee for the bug.

             reply	other threads:[~2022-09-13 14:59 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-09-13 14:59 rgoldber at redhat dot com [this message]
2022-10-03 20:48 ` [Bug tapsets/29570] " rgoldber at redhat dot com
2022-10-04 16:33 ` rgoldber at redhat dot com
2022-10-05 20:40 ` fche at redhat dot com

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-29570-6586@http.sourceware.org/bugzilla/ \
    --to=sourceware-bugzilla@sourceware.org \
    --cc=systemtap@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).