From: Greg KH <gregkh@linuxfoundation.org>
To: Alexei Starovoitov <ast@fb.com>
Cc: Andy Lutomirski <luto@kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Kees Cook <keescook@chromium.org>,
Alexei Starovoitov <ast@kernel.org>,
Djalal Harouni <tixxdz@gmail.com>,
Al Viro <viro@zeniv.linux.org.uk>,
"David S. Miller" <davem@davemloft.net>,
Daniel Borkmann <daniel@iogearbox.net>,
"Luis R. Rodriguez" <mcgrof@kernel.org>,
Network Development <netdev@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
kernel-team <kernel-team@fb.com>,
Linux API <linux-api@vger.kernel.org>
Subject: Re: [PATCH net-next] modules: allow modprobe load regular elf binaries
Date: Fri, 9 Mar 2018 10:15:27 -0800 [thread overview]
Message-ID: <20180309181527.GA15803@kroah.com> (raw)
In-Reply-To: <c9388b10-19ac-0bd5-4986-9c306d23046e@fb.com>
On Fri, Mar 09, 2018 at 09:32:36AM -0800, Alexei Starovoitov wrote:
> On 3/9/18 8:24 AM, Andy Lutomirski wrote:
> > On Fri, Mar 9, 2018 at 3:39 PM, Alexei Starovoitov <ast@fb.com> wrote:
> > > On 3/9/18 7:16 AM, Andy Lutomirski wrote:
> > > > > >
> > > > > > On Mar 8, 2018, at 9:08 PM, Alexei Starovoitov <ast@fb.com> wrote:
> > > > > >
> > > > > > On 3/8/18 7:54 PM, Andy Lutomirski wrote:
> > > > > >
> > > > > >
> > > > > >
> > > > > > > On Mar 8, 2018, at 7:06 PM, Linus Torvalds
> > > > > > > <torvalds@linux-foundation.org> wrote:
> > > > > > >
> > > > > > >
> > > > > > > Honestly, that "read twice" thing may be what scuttles this.
> > > > > > > Initially, I thought it was a non-issue, because anybody who controls
> > > > > > > the module subdirectory enough to rewrite files would be in a position
> > > > > > > to just execute the file itself directly instead.
> > > > > >
> > > > > >
> > > > > > On further consideration, I think there’s another showstopper. This
> > > > > > patch is a potentially severe ABI break. Right now, loading a module
> > > > > > *copies* it into memory and does not hold a reference to the underlying fs.
> > > > > > With the patch applied, all kinds of use cases can break in gnarly ways.
> > > > > > Initramfs is maybe okay, but initrd may be screwed. If you load an ET_EXEC
> > > > > > module from initrd, then umount it, then clear the ramdisk, something will
> > > > > > go horribly wrong. Exactly what goes wrong depends on whether userspace
> > > > > > notices that umount() failed. Similarly, if you load one of these modules
> > > > > > over a network and then lose your connection, you have a problem.
> > > > >
> > > > >
> > > > > there is not abi breakage and file cannot disappear from running task.
> > > > > One cannot umount fs while file is still being used.
> > > >
> > > >
> > > > Sure it is. Without your patch, init_module doesn’t keep using the
> > > > file, so it’s common practice to load a module and then delete or
> > > > unmount it. With your patch, the unmount case breaks. This is likely
> > > > to break existing userspace, so, in Linux speak it’s an ABI break.
> > >
> > >
> > > please read the patch again.
> > > file is only used in case of umh modules.
> > > There is zero difference in default case.
> >
> > Say I'm running some distro or other working Linux setup. I upgrade
> > my kernel to a kernel that uses umh modules. The user tooling
> > generates some kind of boot entry that references the new kernel
> > image, and it also generates a list of modules to be loaded at various
> > times in the boot process. This list might, and probably should,
> > include one or more umh modules. (You are being very careful to make
> > sure that depmod keeps working, so umh modules are clearly intended to
> > work with existing tooling.) So now I have a kernel image and some
> > modules to be loaded from various places. And I have an init script
> > (initramfs's '/init' or similar) that will call init_module() on that
> > .ko file. That script was certainly written under the assumption
> > that, once init_module() returns, the kernel is done with the .ko
> > file. With your patch applied, that assumption is no longer true.
>
> There is no intent to use umh modules during boot process.
For _your_ use case, yes. For mine and Andy's and someone else's in the
future, it might be :)
You are creating a very generic, new, user/kernel api that a whole bunch
of people are going to want to use. Let's not hamper the ability for us
all to use this right from the beginning please.
> This is not a replacement for drivers and kernel modules.
> From your earlier comments regarding usb driver as umh module
> I suspect you're assuming that everything will sooner or later
> will convert to umh model.
We have userspace drivers for USB today, being able to drag that
out-of-tree codebase into the kernel is a _HUGE_ bonus, and something
that I would love to do for a lot of reasons. I also can see moving
some of our existing in-kernel drivers out of the kernel in a way that
provides "it just works" functionality by using this type of feature.
So again, please don't prevent us from using this, otherwise you should
be just calling this "bpf_usermode_helper" :)
Oh, and for the record, I like Andy's proposal as well as dumping this
into a kernel module "blob" with the exception that this now would take
up unswapable memory, which isn't the nicest and is one big reason we
removed the in-kernel-memory firmware blobs many years ago.
thanks,
greg k-h
next prev parent reply other threads:[~2018-03-09 18:15 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-06 1:34 [PATCH net-next] modules: allow modprobe load regular elf binaries Alexei Starovoitov
2018-03-06 1:34 ` Alexei Starovoitov
2018-03-06 2:13 ` Randy Dunlap
2018-03-06 3:02 ` Alexei Starovoitov
2018-03-06 3:02 ` Alexei Starovoitov
2018-03-06 11:05 ` Greg KH
2018-03-07 1:07 ` Alexei Starovoitov
2018-03-07 1:07 ` Alexei Starovoitov
2018-03-07 3:24 ` Greg KH
2018-03-06 19:12 ` Linus Torvalds
2018-03-06 23:42 ` Chris Mason
2018-05-02 9:12 ` Jesper Dangaard Brouer
2018-03-06 20:01 ` Andy Lutomirski
2018-03-06 20:26 ` Linus Torvalds
2018-03-07 17:22 ` David Miller
2018-03-08 1:23 ` Luis R. Rodriguez
2018-03-08 23:07 ` Alexei Starovoitov
2018-03-08 23:07 ` Alexei Starovoitov
2018-03-09 1:58 ` Luis R. Rodriguez
2018-03-09 0:24 ` Kees Cook
2018-03-09 0:57 ` Alexei Starovoitov
2018-03-09 0:57 ` Alexei Starovoitov
2018-03-09 1:04 ` Andy Lutomirski
2018-03-09 1:25 ` Alexei Starovoitov
2018-03-09 1:24 ` Kees Cook
2018-03-09 0:59 ` Andy Lutomirski
2018-03-09 1:20 ` Alexei Starovoitov
2018-03-09 2:12 ` Andy Lutomirski
2018-03-09 2:31 ` David Miller
2018-03-09 3:10 ` Andy Lutomirski
2018-03-09 3:27 ` Alexei Starovoitov
2018-03-09 1:38 ` Linus Torvalds
2018-03-09 1:44 ` Kees Cook
2018-03-09 3:06 ` Linus Torvalds
2018-03-09 3:17 ` Linus Torvalds
2018-03-09 3:54 ` Andy Lutomirski
2018-03-09 5:08 ` Alexei Starovoitov
2018-03-09 15:16 ` Andy Lutomirski
2018-03-09 15:39 ` Alexei Starovoitov
2018-03-09 16:24 ` Andy Lutomirski
2018-03-09 17:32 ` Alexei Starovoitov
2018-03-09 18:15 ` Greg KH [this message]
2018-03-09 18:23 ` Andy Lutomirski
2018-03-09 18:29 ` Greg KH
2018-03-09 18:50 ` Alexei Starovoitov
2018-03-09 18:55 ` David Miller
2018-03-09 19:37 ` Andy Lutomirski
2018-03-10 1:43 ` Alexei Starovoitov
2018-03-11 2:17 ` Andy Lutomirski
2018-03-09 18:17 ` Linus Torvalds
2018-03-09 18:35 ` David Miller
2018-03-09 18:43 ` Kees Cook
2018-03-09 18:50 ` Linus Torvalds
2018-03-09 18:54 ` Kees Cook
2018-03-09 18:58 ` Alexei Starovoitov
2018-03-12 12:02 ` Edward Cree
2018-03-12 17:49 ` Alexei Starovoitov
2018-03-09 18:48 ` Andy Lutomirski
2018-03-09 18:53 ` Linus Torvalds
2018-03-09 18:57 ` David Miller
2018-03-09 19:12 ` Linus Torvalds
2018-03-09 19:38 ` Linus Torvalds
2018-03-09 19:45 ` Andy Lutomirski
2018-03-10 2:34 ` Alexei Starovoitov
2018-03-10 14:08 ` Luis R. Rodriguez
2018-03-10 14:08 ` Luis R. Rodriguez
2018-03-10 15:16 ` Luis R. Rodriguez
2018-03-10 15:34 ` Luis R. Rodriguez
2018-03-12 17:22 ` Alexei Starovoitov
2018-03-13 8:48 ` Greg Kroah-Hartman
2018-03-22 20:54 ` Luis R. Rodriguez
2018-03-22 22:15 ` Andy Lutomirski
2018-03-22 22:21 ` Alexei Starovoitov
2018-03-22 22:21 ` Alexei Starovoitov
2018-03-23 2:47 ` Luis R. Rodriguez
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180309181527.GA15803@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=ast@fb.com \
--cc=ast@kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=keescook@chromium.org \
--cc=kernel-team@fb.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mcgrof@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=tixxdz@gmail.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.