Re: [PATCH v3 00/11] Symbol Namespaces

From: Greg KH <gregkh@linuxfoundation.org>
To: Peter Zijlstra <peterz@infradead.org>
Cc: kstewart@linuxfoundation.org, oneukum@suse.com,
	linux-aspeed@lists.ozlabs.org,
	usb-storage@lists.one-eyed-alien.net,
	Toru Komatsu <k0ma@utam0k.jp>,
	Mauro Carvalho Chehab <mchehab+samsung@kernel.org>,
	Nicolas Ferre <nicolas.ferre@microchip.com>,
	David Howells <dhowells@redhat.com>,
	yamada.masahiro@socionext.com, Will Deacon <will@kernel.org>,
	patches@opensource.cirrus.com,
	Michael Ellerman <mpe@ellerman.id.au>,
	hpa@zytor.com, joel@joelfernandes.org,
	bcm-kernel-feedback-list@broadcom.com, sam@ravnborg.org,
	cocci@systeme.lip6.fr, linux-arch@vger.kernel.org,
	linux-samsung-soc@vger.kernel.org,
	Benjamin Fair <benjaminfair@google.com>,
	linux-scsi@vger.kernel.org, Fabio Estevam <festevam@gmail.com>,
	openbmc@lists.ozlabs.org, x86@kernel.org,
	lucas.de.marchi@gmail.com, Nancy Yuen <yuenn@google.com>,
	mingo@redhat.com, geert@linux-m68k.org,
	NXP Linux Team <linux-imx@nxp.com>,
	Johannes Weiner <hannes@cmpxchg.org>,
	Patrick Venture <venture@google.com>,
	stern@rowland.harvard.edu, kernel-team@android.com,
	Dan Williams <dan.j.williams@intel.com>,
	Ingo Molnar <mingo@kernel.org>,
	linux-rtc@vger.kernel.org,
	Gleb Fotengauer-Malinovskiy <glebfm@altlinux.org>,
	sspatil@google.com, linux-watchdog@vger.kernel.org,
	arnd@arndb.de, linux-kbuild@vger.kernel.org,
	Jani Nikula <jani.nikula@intel.com>,
	linux-arm-msm@vger.kernel.org, jeyu@kernel.org,
	Matthias Maennich <maennich@google.com>,
	Julia Lawall <julia.lawall@lip6.fr>,
	linux-m68k@lists.linux-m68k.org,
	linux-mediatek@lists.infradead.org,
	linux-rpi-kernel@lists.infradead.org,
	linux-tegra@vger.kernel.org, linux-amlogic@lists.infradead.org,
	tglx@linutronix.de, maco@android.com,
	linux-arm-kernel@lists.infradead.org,
	Adrian Reber <adrian@lisas.de>,
	linux-hwmon@vger.kernel.org, michal.lkml@markovi.net,
	Ard Biesheuvel <ard.biesheuvel@linaro.org>,
	Andrew Jeffery <andrew@aj.id.au>,
	Alexey Gladkov <gladkov.alexey@gmail.com>,
	linux-usb@vger.kernel.org,
	linux-stm32@st-md-mailman.stormreply.com,
	linux-kernel@vger.kernel.org, Nicolas Pitre <nico@fluxnic.net>,
	Patrick Bellasi <patrick.bellasi@arm.com>,
	Richard Guy Briggs <rgb@redhat.com>,
	maco@google.com, Pengutronix Kernel Team <kernel@pengutronix.de>,
	pombredanne@nexb.com, Tejun Heo <tj@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	"David S. Miller" <davem@davemloft.net>,
	linux-modules@vger.kernel.org
Subject: Re: [PATCH v3 00/11] Symbol Namespaces
Date: Wed, 21 Aug 2019 06:38:46 -0700	[thread overview]
Message-ID: <20190821133846.GC4890@kroah.com> (raw)
In-Reply-To: <20190821131140.GC2349@hirez.programming.kicks-ass.net>

On Wed, Aug 21, 2019 at 03:11:40PM +0200, Peter Zijlstra wrote:
> On Wed, Aug 21, 2019 at 12:49:15PM +0100, Matthias Maennich wrote:
> > As of Linux 5.3-rc5, there are 31205 [1] exported symbols in the kernel.
> > That is a growth of roughly 1000 symbols since 4.17 (30206 [2]).  There
> > seems to be some consensus amongst kernel devs that the export surface
> > is too large, and hard to reason about.
> > 
> > Generally, these symbols fall in one of these categories:
> > 1) Symbols actually meant for drivers
> > 2) Symbols that are only exported because functionality is split over
> >    multiple modules, yet they really shouldn't be used by modules outside
> >    of their own subsystem
> > 3) Symbols really only meant for in-tree use
> > 
> > When module developers try to upstream their code, it regularly turns
> > out that they are using exported symbols that they really shouldn't be
> > using. This problem is even bigger for drivers that are currently
> > out-of-tree, which may be using many symbols that they shouldn't be
> > using, and that break when those symbols are removed or modified.
> > 
> > This patch allows subsystem maintainers to partition their exported
> > symbols into separate namespaces, and module authors to import such
> > namespaces only when needed.
> > 
> > This allows subsystem maintainers to more easily limit availability of
> > these namespaced symbols to other parts of the kernel. It can also be
> > used to partition the set of exported symbols for documentation
> > purposes; for example, a set of symbols that is really only used for
> > debugging could be in a "SUBSYSTEM_DEBUG" namespace.
> 
> I'm missing how one can prohibit these random out of tree modules from
> doing MODULE_IMPORT_NS().

Nothing, but then they are explicitly being "bad" :)

> That is; suppose I stick all the preempt_notifier symbols in a KVM
> namespace, how do I enforce no out-of-tree modules ever do
> MODULE_IMPORT_NS(KVM) and gain access?
> 
> (the above would basically break virtualbox, which I knows uses preempt
> notifiers too, but I don't give a rats arse about that)

It's a huge red flag for anyone reviewing the code that this module is
doing something it probably really should not be doing at all.  It will
make reviewing code easier, this isn't there to try to "prevent bad
actors" at all, sorry.

thanks,

greg k-h

_______________________________________________
linux-amlogic mailing list
linux-amlogic@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-amlogic