From: Thomas Gleixner <tglx@linutronix.de>
To: "Frank Ch. Eigler" <fche@redhat.com>
Cc: Ingo Molnar <mingo@elte.hu>,
Linus Torvalds <torvalds@linux-foundation.org>,
Steven Rostedt <rostedt@goodmis.org>,
Fr??d??ric Weisbecker <fweisbec@gmail.com>,
Arnaldo Carvalho de Melo <acme@redhat.com>,
Li Zefan <lizf@cn.fujitsu.com>, Tom Zanussi <tzanussi@gmail.com>,
systemtap@sources.redhat.com, dle-develop@lists.sourceforge.net,
Andrew Morton <akpm@linux-foundation.org>,
Stephen Rothwell <sfr@canb.auug.org.au>,
Ananth N Mavinakayanahalli <ananth@in.ibm.com>,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Peter Zijlstra <peterz@infradead.org>,
LKML <linux-kernel@vger.kernel.org>,
linux-next@vger.kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
utrace-devel@redhat.com
Subject: Re: linux-next: add utrace tree
Date: Sun, 24 Jan 2010 17:36:21 +0100 (CET) [thread overview]
Message-ID: <alpine.LFD.2.00.1001241731270.2906@localhost.localdomain> (raw)
In-Reply-To: <20100123120301.GD7828@redhat.com>
On Sat, 23 Jan 2010, Frank Ch. Eigler wrote:
> On Sat, Jan 23, 2010 at 07:04:01AM +0100, Ingo Molnar wrote:
>
> > [...] Also, if any systemtap person is interested in helping us
> > create a more generic filter engine out of the current ftrace filter
> > engine (which is really a precursor of a safe, sandboxed in-kernel
> > script engine), that would be excellent as well. [...]
>
> Thank you for the invitation.
>
> > More could be done - a simple C-like set of function perhaps - some minimal
> > per probe local variable state, etc. (perhaps even looping as well, with a
> > limit on number of predicament executions per filter invocation.)
>
> Yes, at some point when such bytecode intepreter gets rich enough, one
> may not need the translated-to-C means of running scripts.
>
>
> > ( _Such_ a facility, could then perhaps be used to allow applications access
> > to safe syscall sandboxing techniques: i.e. a programmable seccomp concept
> > in essence, controlled via ASCII space filter expressions [...]
> > IMHO that would be a superior concept for security modules too [...]
> >
> > [...] specific functionality with an immediately visible upside,
> > with no need for opaque hooks.
>
> This OTOH seem like rather a stretch. If one claims that "opaque
> hooks" are bad, so instead have hooks that jump not to auditable C
> code but an bytecode interpreter? And have the bytecodes be uploaded
> from userspace? How is this supposed to produce "transparency" from
> the kernel/hook point of view?
Simply because the kernel controls which byte code is executed and has
control over the functionality behind it. That makes the hooks well
defined and transparent.
Thanks,
tglx
next prev parent reply other threads:[~2010-01-24 16:37 UTC|newest]
Thread overview: 125+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20100119211646.GF16096@redhat.com>
2010-01-20 0:12 ` linux-next: add utrace tree Stephen Rothwell
2010-01-20 5:49 ` Ingo Molnar
2010-01-20 6:15 ` Ananth N Mavinakayanahalli
2010-01-20 6:28 ` Ingo Molnar
2010-01-20 6:40 ` Ananth N Mavinakayanahalli
2010-01-20 10:43 ` Frederic Weisbecker
2010-01-20 6:59 ` Stephen Rothwell
2010-01-20 13:24 ` Frank Ch. Eigler
2010-01-20 7:29 ` Ingo Molnar
2010-01-20 14:38 ` Stephen Rothwell
2010-01-21 1:22 ` Roland McGrath
2010-01-22 0:17 ` Stephen Rothwell
2010-01-22 0:30 ` Andrew Morton
2010-01-22 0:31 ` Andrew Morton
2010-01-22 0:51 ` Frank Ch. Eigler
2010-01-22 1:05 ` Andrew Morton
2010-01-22 1:25 ` Frank Ch. Eigler
2010-01-22 1:32 ` Linus Torvalds
2010-01-22 2:22 ` Frank Ch. Eigler
2010-01-22 2:35 ` Linus Torvalds
2010-01-22 20:51 ` Oleg Nesterov
2010-01-23 6:04 ` Ingo Molnar
2010-01-23 12:03 ` Frank Ch. Eigler
2010-01-24 16:36 ` Thomas Gleixner [this message]
2010-01-22 1:28 ` Linus Torvalds
2010-01-22 5:21 ` Ananth N Mavinakayanahalli
2010-01-22 13:43 ` Valdis.Kletnieks
2010-01-22 19:39 ` Oleg Nesterov
2010-01-26 13:58 ` Pavel Machek
2010-01-22 18:28 ` Oleg Nesterov
2010-01-22 20:01 ` Frank Ch. Eigler
2010-01-22 20:16 ` Peter Zijlstra
2010-01-22 21:44 ` Frank Ch. Eigler
2010-01-22 21:59 ` Linus Torvalds
2010-01-22 22:13 ` Frank Ch. Eigler
2010-01-23 0:11 ` Linus Torvalds
2010-01-23 0:22 ` Linus Torvalds
2010-01-23 6:20 ` Kyle Moffett
2010-01-23 11:01 ` Alan Cox
2010-01-23 11:51 ` Frank Ch. Eigler
2010-01-23 15:57 ` Arnaldo Carvalho de Melo
2010-01-23 11:23 ` Ingo Molnar
2010-01-23 11:47 ` Frank Ch. Eigler
2010-01-23 19:48 ` tytso
2010-01-24 18:01 ` Frank Ch. Eigler
2010-01-25 1:42 ` Kyle Moffett
2010-01-25 4:55 ` tytso
2010-01-25 16:52 ` Linus Torvalds
2010-01-25 17:02 ` Frank Ch. Eigler
2010-01-25 17:36 ` Linus Torvalds
2010-01-25 17:45 ` Linus Torvalds
2010-01-25 17:54 ` Steven Rostedt
2010-01-25 18:03 ` Alan Cox
2010-01-25 18:12 ` Linus Torvalds
2010-01-25 18:30 ` Steven Rostedt
2010-01-25 18:45 ` Thomas Gleixner
2010-01-25 20:34 ` Ingo Molnar
2010-01-25 20:30 ` Mark Wielaard
2010-01-25 20:42 ` Linus Torvalds
2010-01-26 0:02 ` Renzo Davoli
2010-01-26 0:07 ` Linus Torvalds
2010-01-26 16:08 ` Johannes Stezenbach
2010-01-26 16:28 ` Linus Torvalds
2010-01-26 16:34 ` Christoph Hellwig
2010-01-28 23:53 ` Benjamin Herrenschmidt
2010-01-29 0:21 ` Linus Torvalds
2010-01-25 4:59 ` Ananth N Mavinakayanahalli
2010-01-25 10:13 ` Peter Zijlstra
2010-01-24 5:04 ` Linus Torvalds
2010-01-24 10:25 ` tytso
2010-01-24 13:20 ` Frank Ch. Eigler
2010-01-25 21:05 ` Tom Tromey
2010-01-25 21:41 ` Linus Torvalds
2010-01-26 14:21 ` Ananth N Mavinakayanahalli
2010-01-26 23:20 ` Tom Tromey
2010-01-26 23:37 ` Linus Torvalds
2010-01-27 6:52 ` Peter Zijlstra
2010-01-27 8:54 ` Ingo Molnar
2010-01-28 1:52 ` Jim Keniston
2010-01-28 8:55 ` Ingo Molnar
2010-01-29 0:59 ` Jim Keniston
2010-01-29 7:39 ` Ingo Molnar
2010-01-29 7:52 ` Ananth N Mavinakayanahalli
2010-01-29 7:55 ` Ananth N Mavinakayanahalli
2010-01-29 9:16 ` Ingo Molnar
2010-01-29 9:11 ` Ingo Molnar
2010-01-29 9:31 ` Ananth N Mavinakayanahalli
2010-01-29 9:51 ` Ingo Molnar
2010-01-29 18:13 ` Frank Ch. Eigler
2010-01-29 4:55 ` Ananth N Mavinakayanahalli
2010-01-29 7:42 ` Ingo Molnar
2010-01-30 17:49 ` Steven Rostedt
2010-01-30 17:59 ` Linus Torvalds
2010-02-02 6:47 ` Masami Hiramatsu
2010-01-27 10:43 ` Linus Torvalds
2010-01-27 10:55 ` Peter Zijlstra
2010-01-27 10:58 ` Peter Zijlstra
2010-01-27 11:04 ` Linus Torvalds
2010-01-27 16:01 ` Frederic Weisbecker
2010-01-27 11:05 ` Ananth N Mavinakayanahalli
2010-01-27 11:08 ` Peter Zijlstra
2010-01-27 11:20 ` Ananth N Mavinakayanahalli
2010-02-08 10:09 ` Avi Kivity
2010-01-27 11:07 ` Srikar Dronamraju
2010-01-27 13:59 ` Steven Rostedt
2010-01-27 17:42 ` H. Peter Anvin
2010-01-27 18:53 ` Steven Rostedt
2010-02-08 6:54 ` Pavel Machek
2010-02-08 9:30 ` H. Peter Anvin
2010-02-08 9:53 ` Arjan van de Ven
2010-01-27 19:18 ` H. Peter Anvin
2010-01-27 0:38 ` Frank Ch. Eigler
2010-01-26 15:00 ` Frank Ch. Eigler
2010-01-26 17:33 ` Andi Kleen
2010-01-26 18:46 ` Linus Torvalds
2010-01-26 21:02 ` Andi Kleen
2010-01-26 21:53 ` Oleg Nesterov
2010-01-26 22:03 ` Andi Kleen
2010-01-26 23:32 ` Oleg Nesterov
2010-01-26 21:30 ` Oleg Nesterov
2010-01-26 23:27 ` Tom Tromey
2010-01-23 8:05 ` Alexey Dobriyan
2010-01-22 17:45 ` Oleg Nesterov
2010-01-20 8:52 ` Peter Zijlstra
2010-01-20 13:01 ` Frank Ch. Eigler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LFD.2.00.1001241731270.2906@localhost.localdomain \
--to=tglx@linutronix.de \
--cc=a.p.zijlstra@chello.nl \
--cc=acme@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=ananth@in.ibm.com \
--cc=dle-develop@lists.sourceforge.net \
--cc=fche@redhat.com \
--cc=fweisbec@gmail.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-next@vger.kernel.org \
--cc=lizf@cn.fujitsu.com \
--cc=mingo@elte.hu \
--cc=peterz@infradead.org \
--cc=rostedt@goodmis.org \
--cc=sfr@canb.auug.org.au \
--cc=systemtap@sources.redhat.com \
--cc=torvalds@linux-foundation.org \
--cc=tzanussi@gmail.com \
--cc=utrace-devel@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox