From: "rgoldber at redhat dot com" <sourceware-bugzilla@sourceware.org>
To: systemtap@sourceware.org
Subject: [Bug tapsets/29570] New: Standardized template stap script for security band-aids
Date: Tue, 13 Sep 2022 14:59:07 +0000 [thread overview]
Message-ID: <bug-29570-6586@http.sourceware.org/bugzilla/> (raw)
https://sourceware.org/bugzilla/show_bug.cgi?id=29570
Bug ID: 29570
Summary: Standardized template stap script for security
band-aids
Product: systemtap
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: tapsets
Assignee: systemtap at sourceware dot org
Reporter: rgoldber at redhat dot com
Target Milestone: ---
Created attachment 14333
--> https://sourceware.org/bugzilla/attachment.cgi?id=14333&action=edit
Template prototype stap script
It would be beneficial for the cve-*.stp scripts to begin to standardize
themselves to a single common format. They can all be broken into 2 components:
the boilerplate and the actual trace/fix payloads. And so I propose creating a
standard template as well as some minor stap syntax to remove these common
elements.
The attachment shows a prototype of what this template might look like where
the new proposed syntax `probe livepatch("CVE-YYYY-ABCD").mode(notify_p, fix_p,
trace_p)` is replaced by the stap frontend with the injected boilerplate stap
code.
This not only standardizes and makes the actual cve fix fit in gently, with
minimum boilerplate, but also provides the users with some useful prometheus
metrics such as how long the patch has been applied for and how many times the
fix/trace are used.
--
You are receiving this mail because:
You are the assignee for the bug.
next reply other threads:[~2022-09-13 14:59 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-13 14:59 rgoldber at redhat dot com [this message]
2022-10-03 20:48 ` [Bug tapsets/29570] " rgoldber at redhat dot com
2022-10-04 16:33 ` rgoldber at redhat dot com
2022-10-05 20:40 ` fche at redhat dot com
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-29570-6586@http.sourceware.org/bugzilla/ \
--to=sourceware-bugzilla@sourceware.org \
--cc=systemtap@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).