This is the mail archive of the mailing list for the systemtap project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: whitelist for safe-mode probes (or just a better blacklist?)

On Wed, 2006-09-20 at 11:14 -0400, Frank Ch. Eigler wrote:
> Martin Hunt <> writes:
> > [...]  To guarantee a probe will not crash the kernel it is going to
> > be necessary to generate a whitelist of probe points.
> Sure, except that this guarantee is only as good as the method used to
> generate the whitelist.

Of course.

> > [...]  How would this all work? The whitelist and blacklist would be
> > files distributed with Systemtap.  They would be updated
> > automatically with a test script. [...]
> How do you imagine this test script working?  Could it generate a list
> roughly matching the "in-our-experience-so-far-safe" set in a
> reasonable timeframe?  (It would not be very helpful if it took months
> to run, or resulted in a small list.)

I imagine this would be a list that would be checked into CVS of
functions that have been tested and never caused problems.  The only
reason to use a whitelist instead of a blacklist is because we should be
paranoid and not assume as new functions get added to the kernel, they
are safely probeable, as we do now.

Writing a script to do this testing is not difficult, except for the
problems with lockups which require a way to remotely reboot a system.
This requires we assume the existence of special hardware or that the
test system is running on a specific virtualization system.  This needs
done regardless of what we decide about the need for a whitelist.  I
hoped to provoke some discussion about this.  We've talked about it, but
has anyone actually written any test scripts to test all the kernel
functions this way?


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]