On Wed, 2006-09-20 at 11:14 -0400, Frank Ch. Eigler wrote:
Martin Hunt <hunt@redhat.com> writes:
[...] To guarantee a probe will not crash the kernel it is going to
be necessary to generate a whitelist of probe points.
Sure, except that this guarantee is only as good as the method used to
generate the whitelist.
Of course.
[...] How would this all work? The whitelist and blacklist would be
files distributed with Systemtap. They would be updated
automatically with a test script. [...]
How do you imagine this test script working? Could it generate a list
roughly matching the "in-our-experience-so-far-safe" set in a
reasonable timeframe? (It would not be very helpful if it took months
to run, or resulted in a small list.)
I imagine this would be a list that would be checked into CVS of
functions that have been tested and never caused problems. The only
reason to use a whitelist instead of a blacklist is because we should be
paranoid and not assume as new functions get added to the kernel, they
are safely probeable, as we do now.
Writing a script to do this testing is not difficult, except for the
problems with lockups which require a way to remotely reboot a system.
This requires we assume the existence of special hardware or that the
test system is running on a specific virtualization system. This needs
done regardless of what we decide about the need for a whitelist. I
hoped to provoke some discussion about this. We've talked about it, but
has anyone actually written any test scripts to test all the kernel
functions this way?
Martin