This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
Re: whitelist for safe-mode probes (or just a better blacklist?)
- From: Martin Hunt <hunt at redhat dot com>
- To: "Frank Ch. Eigler" <fche at redhat dot com>
- Cc: systemtap at sources dot redhat dot com
- Date: Wed, 20 Sep 2006 11:42:40 -0400
- Subject: Re: whitelist for safe-mode probes (or just a better blacklist?)
- Organization: Red Hat Inc.
- References: <1158683336.10983.27.camel@dragon> <y0mu032d0zd.fsf@ton.toronto.redhat.com>
On Wed, 2006-09-20 at 11:14 -0400, Frank Ch. Eigler wrote:
> Martin Hunt <hunt@redhat.com> writes:
>
> > [...] To guarantee a probe will not crash the kernel it is going to
> > be necessary to generate a whitelist of probe points.
>
> Sure, except that this guarantee is only as good as the method used to
> generate the whitelist.
Of course.
> > [...] How would this all work? The whitelist and blacklist would be
> > files distributed with Systemtap. They would be updated
> > automatically with a test script. [...]
>
> How do you imagine this test script working? Could it generate a list
> roughly matching the "in-our-experience-so-far-safe" set in a
> reasonable timeframe? (It would not be very helpful if it took months
> to run, or resulted in a small list.)
I imagine this would be a list that would be checked into CVS of
functions that have been tested and never caused problems. The only
reason to use a whitelist instead of a blacklist is because we should be
paranoid and not assume as new functions get added to the kernel, they
are safely probeable, as we do now.
Writing a script to do this testing is not difficult, except for the
problems with lockups which require a way to remotely reboot a system.
This requires we assume the existence of special hardware or that the
test system is running on a specific virtualization system. This needs
done regardless of what we decide about the need for a whitelist. I
hoped to provoke some discussion about this. We've talked about it, but
has anyone actually written any test scripts to test all the kernel
functions this way?
Martin