[ktap] Re: [PATCH] FFI support for ktap
- From: Jovi Zhangwei <jovi.zhangwei@xxxxxxxxx>
- To: ktap@xxxxxxxxxxxxx
- Date: Tue, 5 Nov 2013 10:24:36 +0800
On Tue, Nov 5, 2013 at 1:47 AM, Qingping Hou <dave2008713@xxxxxxxxx> wrote:
> On Mon 04 Nov 2013 08:06:18 AM EST, Jovi Zhangwei wrote:
>>>> I planed to use a command option like "guru mode"(similar with Systemtap)
>>>> in ktap, but I also doubt whether the command option really is enough to
>>>> make
>>>> ktap safe, user still can crash the kernel easily on ktap installed
>>>> system, like
>>>> the example you posted, just call the schedule in atomic context.
>>>>
>
> ktapc will be able to detect whehter user is using FFI API later because
> we will be parsing C function defitnion and generating ktap vm chunk
> accordingly. So IMHO guru mode is enough to prevent user running FFI
> enabled ktap script in compilation time. That said, they can still feed
> in unsafe chunk directly to ktap VM, which I doubt anyone will do unless
> they want to crash the kernel intentionally ;p
>
> So if we want to have a complete safe ktap runtime, CONFIG_KTAP_FFI and
> sysctl is the way to go. FFI should be easy to disable at runtme since
> all FFI features are accessed by indexing into global C table, we can
> just set that table to nil.
>
Maybe reject the execution in load stage is more clear for user,
we don't want to execute script if we can detect FFI needed in script, and then
tell user:
1) "FFI is disabled in ktapvm, please check
/proc/sys/debug/ktap-intrusive-mod"
2) "FFI isn't compiled in ktapvm, please enable CONFIG_KTAP_FFI"
Perhaps we need a FFI flag(generate by ktapc) in ktap_parm, to tell ktapvm the
script need FFI support.
Jovi
Other related posts:
