Re: [RFC PATCH tip 0/5] tracing filters with BPF

From: Frank Ch. Eigler
Date: Thu Dec 05 2013 - 11:32:10 EST

Next message: Nicolas Ferre: "Re: [GIT PULL] at91: cleanup for 3.14 #1 (aka move to CCF)"
Previous message: Jiang Liu: "Re: [RFC PATCH v3 10/19] smp, metag: kill SMP single function callinterrupt"
In reply to: Jovi Zhangwei: "Re: [RFC PATCH tip 0/5] tracing filters with BPF"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Andi Kleen <andi@xxxxxxxxxxxxxx> writes:

> [...] While it sounds interesting, I would strongly advise to make
> this capability only available to root. Traditionally lots of
> complex byte code languages which were designed to be "safe" and
> verifiable weren't really. e.g. i managed to crash things with
> "safe" systemtap multiple times. [...]

Note that systemtap has never been a byte code language, that avenue
being considered lkml-futile at the time, but instead pure C. Its
safety comes from a mix of compiled-in checks (which you can inspect
via "stap -p3") and script-to-C translation checks (which are
self-explanatory). Its risks come from bugs in the checks (quite
rare), problems in the runtime library (rare), and problems in
underlying kernel facilities (rare or frequent - consider kprobes).

> So the likelyhood of this having some hole somewhere (either in
> the byte code or in some library function) is high.

Very true!

- FChE
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Nicolas Ferre: "Re: [GIT PULL] at91: cleanup for 3.14 #1 (aka move to CCF)"
Previous message: Jiang Liu: "Re: [RFC PATCH v3 10/19] smp, metag: kill SMP single function callinterrupt"
In reply to: Jovi Zhangwei: "Re: [RFC PATCH tip 0/5] tracing filters with BPF"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]