This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
Re: linux-next: add utrace tree
- From: Thomas Gleixner <tglx at linutronix dot de>
- To: "Frank Ch. Eigler" <fche at redhat dot com>
- Cc: Ingo Molnar <mingo at elte dot hu>, Linus Torvalds <torvalds at linux-foundation dot org>, Steven Rostedt <rostedt at goodmis dot org>, Fr??d??ric Weisbecker <fweisbec at gmail dot com>, Arnaldo Carvalho de Melo <acme at redhat dot com>, Li Zefan <lizf at cn dot fujitsu dot com>, Tom Zanussi <tzanussi at gmail dot com>, systemtap at sources dot redhat dot com, dle-develop at lists dot sourceforge dot net, Andrew Morton <akpm at linux-foundation dot org>, Stephen Rothwell <sfr at canb dot auug dot org dot au>, Ananth N Mavinakayanahalli <ananth at in dot ibm dot com>, Peter Zijlstra <a dot p dot zijlstra at chello dot nl>, Peter Zijlstra <peterz at infradead dot org>, LKML <linux-kernel at vger dot kernel dot org>, linux-next at vger dot kernel dot org, "H. Peter Anvin" <hpa at zytor dot com>, utrace-devel at redhat dot com
- Date: Sun, 24 Jan 2010 17:36:21 +0100 (CET)
- Subject: Re: linux-next: add utrace tree
- References: <20100122111747.3c224dfd.sfr@canb.auug.org.au> <20100121163004.8779bd69.akpm@linux-foundation.org> <20100121163145.7e958c3f.akpm@linux-foundation.org> <20100122005147.GD22003@redhat.com> <20100121170541.7425ff10.akpm@linux-foundation.org> <20100122012516.GE22003@redhat.com> <alpine.LFD.2.00.1001211729080.13231@localhost.localdomain> <20100122022255.GF22003@redhat.com> <alpine.LFD.2.00.1001211826060.13231@localhost.localdomain> <20100123060401.GB19399@elte.hu> <20100123120301.GD7828@redhat.com>
On Sat, 23 Jan 2010, Frank Ch. Eigler wrote:
> On Sat, Jan 23, 2010 at 07:04:01AM +0100, Ingo Molnar wrote:
>
> > [...] Also, if any systemtap person is interested in helping us
> > create a more generic filter engine out of the current ftrace filter
> > engine (which is really a precursor of a safe, sandboxed in-kernel
> > script engine), that would be excellent as well. [...]
>
> Thank you for the invitation.
>
> > More could be done - a simple C-like set of function perhaps - some minimal
> > per probe local variable state, etc. (perhaps even looping as well, with a
> > limit on number of predicament executions per filter invocation.)
>
> Yes, at some point when such bytecode intepreter gets rich enough, one
> may not need the translated-to-C means of running scripts.
>
>
> > ( _Such_ a facility, could then perhaps be used to allow applications access
> > to safe syscall sandboxing techniques: i.e. a programmable seccomp concept
> > in essence, controlled via ASCII space filter expressions [...]
> > IMHO that would be a superior concept for security modules too [...]
> >
> > [...] specific functionality with an immediately visible upside,
> > with no need for opaque hooks.
>
> This OTOH seem like rather a stretch. If one claims that "opaque
> hooks" are bad, so instead have hooks that jump not to auditable C
> code but an bytecode interpreter? And have the bytecodes be uploaded
> from userspace? How is this supposed to produce "transparency" from
> the kernel/hook point of view?
Simply because the kernel controls which byte code is executed and has
control over the functionality behind it. That makes the hooks well
defined and transparent.
Thanks,
tglx