From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from Chamillionaire.breakpoint.cc ([146.0.238.67]:58272 "EHLO Chamillionaire.breakpoint.cc" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751733AbeBRXjD (ORCPT ); Sun, 18 Feb 2018 18:39:03 -0500 Date: Mon, 19 Feb 2018 00:35:38 +0100 From: Florian Westphal To: Daniel Borkmann Cc: netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, davem@davemloft.net, alexei.starovoitov@gmail.com Subject: Re: [PATCH RFC 0/4] net: add bpfilter Message-ID: <20180218233538.GG13493@breakpoint.cc> References: <20180216134023.15536-1-daniel@iogearbox.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180216134023.15536-1-daniel@iogearbox.net> Sender: netdev-owner@vger.kernel.org List-ID: Daniel Borkmann wrote: > As rule translation can potentially become very complex, this is performed > entirely in user space. In order to ease deployment, request_module() code > is extended to allow user mode helpers to be invoked. Idea is that user mode > helpers are built as part of the kernel build and installed as traditional > kernel modules with .ko file extension into distro specified location, > such that from a distribution point of view, they are no different than > regular kernel modules. Thus, allow request_module() logic to load such > user mode helper (umh) binaries via: > > request_module("foo") -> > call_umh("modprobe foo") -> > sys_finit_module(FD of /lib/modules/.../foo.ko) -> > call_umh(struct file) > > Such approach enables kernel to delegate functionality traditionally done > by kernel modules into user space processes (either root or !root) Unrelated: AFAIU this would allow to e.g. move the compat32 handlers (which are very ugly/error prone) off to userspace? compat_syscall -> umh_32_64_xlate -> syscall() ? [ feel free to move this to different thread, only mentioning this so I won't forget ]