This is the mail archive of the systemtap@sources.redhat.com mailing list for the systemtap project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [1/6 PATCH] Kprobes : Prevent possible race conditions genericchanges


Andi Kleen wrote:

On Thu, Jul 07, 2005 at 03:25:37AM -0700, Andrew Morton wrote:


Prasanna S Panchamukhi <prasanna@in.ibm.com> wrote:


There are possible race conditions if probes are placed on routines within the
kprobes files and routines used by the kprobes.


So... don't do that then? Is it likely that anyone would want to stick a
probe on the kprobe code itself?



iirc one goal of systemtap (which uses kprobes) is to be provable
safe so that an user cannot crash the kernel by adding probes. Basically
to make it possible to use this on production systems safely. I have my
doubts they will fully reach it, but at least it's a nice goal.


Yes, you are right it is a lofty goal but we feel we can achieve this with safety features built into the system. To facilitate this we are providing two modes safe and guru. In safe mode we are trying to limit the user to do limited yet useful operations so that they don't compromise the integrity of the system. Guru mode is meant for power users where we expect the users to know what they are doing hence they can do more intrusive operations. Another feature we are doing is coming up with a library of routines for common needs. Users can activate these routines with a simple scripting language so that they don't write their own kernel modules, this limits their ability to compromise the integrity of the system. We expect users to use this method predominantly in the safe mode.



-int register_kprobe(struct kprobe *p)
+static int __kprobes in_kprobes_functions(unsigned long addr)
+{
+ /* Linker adds these: start and end of __kprobes functions */
+ extern char __kprobes_text_start[], __kprobes_text_end[];


There's an old unix convention that section markers (start, end, edata,
etc) are declared `int'. For some reason we don't do that in the kernel. Oh well.



The Linux convention is to put it into asm-generic/sections.h at least.


-Andi






Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]