On Sat, Aug 25, 2018 at 11:26:07AM +0100, Alexander Nasonov wrote: > > There is already a Lua-powered solution for traces in Linux: ktap. It > > uses nice rules written natively in Lua.. however it seems to be > > abandoned in favor of eBPF. > > I see two potential problems with using Lua bytecode: > > 1. It's not standartised and it will very likely change in future versions
That doesn't really matter as long as you're only using one version at a time... > 2. There is no bpf_validate for Lua bytecode. In fact, Lua team abandoned > an idea of bytecode validation few years ago. From Lua 5.3 manual: > > Lua does not check the consistency of binary chunks. Maliciously > crafted binary chunks can crash the interpreter. Are we talking about installing untrusted/unprivileged kernel trace logic? Because that seems like a bad idea, or at least a very hard thing to get right... and if not, it doesn't matter if there's a validator. (Also, isn't EBPF not really validatable either, or am I mixing it up with something else?) -- David A. Holland dholl...@netbsd.org