From: Greg KH <gregkh@linuxfoundation.org>
To: Alexei Starovoitov <ast@fb.com>
Cc: Andy Lutomirski <luto@kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Kees Cook <keescook@chromium.org>,
Alexei Starovoitov <ast@kernel.org>,
Djalal Harouni <tixxdz@gmail.com>,
Al Viro <viro@zeniv.linux.org.uk>,
"David S. Miller" <davem@davemloft.net>,
Daniel Borkmann <daniel@iogearbox.net>,
"Luis R. Rodriguez" <mcgrof@kernel.org>,
Network Development <netdev@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
kernel-team <kernel-team@fb.com>,
Linux API <linux-api@vger.kernel.org>
Subject: Re: [PATCH net-next] modules: allow modprobe load regular elf binaries
Date: Fri, 9 Mar 2018 10:15:27 -0800 [thread overview]
Message-ID: <20180309181527.GA15803@kroah.com> (raw)
In-Reply-To: <c9388b10-19ac-0bd5-4986-9c306d23046e@fb.com>
On Fri, Mar 09, 2018 at 09:32:36AM -0800, Alexei Starovoitov wrote:
> On 3/9/18 8:24 AM, Andy Lutomirski wrote:
> > On Fri, Mar 9, 2018 at 3:39 PM, Alexei Starovoitov <ast@fb.com> wrote:
> > > On 3/9/18 7:16 AM, Andy Lutomirski wrote:
> > > > > >
> > > > > > On Mar 8, 2018, at 9:08 PM, Alexei Starovoitov <ast@fb.com> wrote:
> > > > > >
> > > > > > On 3/8/18 7:54 PM, Andy Lutomirski wrote:
> > > > > >
> > > > > >
> > > > > >
> > > > > > > On Mar 8, 2018, at 7:06 PM, Linus Torvalds
> > > > > > > <torvalds@linux-foundation.org> wrote:
> > > > > > >
> > > > > > >
> > > > > > > Honestly, that "read twice" thing may be what scuttles this.
> > > > > > > Initially, I thought it was a non-issue, because anybody who controls
> > > > > > > the module subdirectory enough to rewrite files would be in a position
> > > > > > > to just execute the file itself directly instead.
> > > > > >
> > > > > >
> > > > > > On further consideration, I think there’s another showstopper. This
> > > > > > patch is a potentially severe ABI break. Right now, loading a module
> > > > > > *copies* it into memory and does not hold a reference to the underlying fs.
> > > > > > With the patch applied, all kinds of use cases can break in gnarly ways.
> > > > > > Initramfs is maybe okay, but initrd may be screwed. If you load an ET_EXEC
> > > > > > module from initrd, then umount it, then clear the ramdisk, something will
> > > > > > go horribly wrong. Exactly what goes wrong depends on whether userspace
> > > > > > notices that umount() failed. Similarly, if you load one of these modules
> > > > > > over a network and then lose your connection, you have a problem.
> > > > >
> > > > >
> > > > > there is not abi breakage and file cannot disappear from running task.
> > > > > One cannot umount fs while file is still being used.
> > > >
> > > >
> > > > Sure it is. Without your patch, init_module doesn’t keep using the
> > > > file, so it’s common practice to load a module and then delete or
> > > > unmount it. With your patch, the unmount case breaks. This is likely
> > > > to break existing userspace, so, in Linux speak it’s an ABI break.
> > >
> > >
> > > please read the patch again.
> > > file is only used in case of umh modules.
> > > There is zero difference in default case.
> >
> > Say I'm running some distro or other working Linux setup. I upgrade
> > my kernel to a kernel that uses umh modules. The user tooling
> > generates some kind of boot entry that references the new kernel
> > image, and it also generates a list of modules to be loaded at various
> > times in the boot process. This list might, and probably should,
> > include one or more umh modules. (You are being very careful to make
> > sure that depmod keeps working, so umh modules are clearly intended to
> > work with existing tooling.) So now I have a kernel image and some
> > modules to be loaded from various places. And I have an init script
> > (initramfs's '/init' or similar) that will call init_module() on that
> > .ko file. That script was certainly written under the assumption
> > that, once init_module() returns, the kernel is done with the .ko
> > file. With your patch applied, that assumption is no longer true.
>
> There is no intent to use umh modules during boot process.
For _your_ use case, yes. For mine and Andy's and someone else's in the
future, it might be :)
You are creating a very generic, new, user/kernel api that a whole bunch
of people are going to want to use. Let's not hamper the ability for us
all to use this right from the beginning please.
> This is not a replacement for drivers and kernel modules.
> From your earlier comments regarding usb driver as umh module
> I suspect you're assuming that everything will sooner or later
> will convert to umh model.
We have userspace drivers for USB today, being able to drag that
out-of-tree codebase into the kernel is a _HUGE_ bonus, and something
that I would love to do for a lot of reasons. I also can see moving
some of our existing in-kernel drivers out of the kernel in a way that
provides "it just works" functionality by using this type of feature.
So again, please don't prevent us from using this, otherwise you should
be just calling this "bpf_usermode_helper" :)
Oh, and for the record, I like Andy's proposal as well as dumping this
into a kernel module "blob" with the exception that this now would take
up unswapable memory, which isn't the nicest and is one big reason we
removed the in-kernel-memory firmware blobs many years ago.
thanks,
greg k-h
next prev parent reply other threads:[~2018-03-09 18:15 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-06 1:34 [PATCH net-next] modules: allow modprobe load regular elf binaries Alexei Starovoitov
2018-03-06 2:13 ` Randy Dunlap
2018-03-06 3:02 ` Alexei Starovoitov
2018-03-06 11:05 ` Greg KH
2018-03-07 1:07 ` Alexei Starovoitov
2018-03-07 3:24 ` Greg KH
2018-03-06 19:12 ` Linus Torvalds
2018-03-06 23:42 ` Chris Mason
2018-05-02 9:12 ` Jesper Dangaard Brouer
2018-03-06 20:01 ` Andy Lutomirski
2018-03-06 20:26 ` Linus Torvalds
2018-03-07 17:22 ` David Miller
2018-03-08 1:23 ` Luis R. Rodriguez
2018-03-08 23:07 ` Alexei Starovoitov
2018-03-09 1:58 ` Luis R. Rodriguez
2018-03-09 0:24 ` Kees Cook
2018-03-09 0:57 ` Alexei Starovoitov
2018-03-09 1:04 ` Andy Lutomirski
2018-03-09 1:25 ` Alexei Starovoitov
2018-03-09 1:24 ` Kees Cook
2018-03-09 0:59 ` Andy Lutomirski
2018-03-09 1:20 ` Alexei Starovoitov
2018-03-09 2:12 ` Andy Lutomirski
2018-03-09 2:31 ` David Miller
2018-03-09 3:10 ` Andy Lutomirski
2018-03-09 3:27 ` Alexei Starovoitov
2018-03-09 1:38 ` Linus Torvalds
2018-03-09 1:44 ` Kees Cook
2018-03-09 3:06 ` Linus Torvalds
2018-03-09 3:17 ` Linus Torvalds
2018-03-09 3:54 ` Andy Lutomirski
2018-03-09 5:08 ` Alexei Starovoitov
2018-03-09 15:16 ` Andy Lutomirski
2018-03-09 15:39 ` Alexei Starovoitov
2018-03-09 16:24 ` Andy Lutomirski
2018-03-09 17:32 ` Alexei Starovoitov
2018-03-09 18:15 ` Greg KH [this message]
2018-03-09 18:23 ` Andy Lutomirski
2018-03-09 18:29 ` Greg KH
2018-03-09 18:50 ` Alexei Starovoitov
2018-03-09 18:55 ` David Miller
2018-03-09 19:37 ` Andy Lutomirski
2018-03-10 1:43 ` Alexei Starovoitov
2018-03-11 2:17 ` Andy Lutomirski
2018-03-09 18:17 ` Linus Torvalds
2018-03-09 18:35 ` David Miller
2018-03-09 18:43 ` Kees Cook
2018-03-09 18:50 ` Linus Torvalds
2018-03-09 18:54 ` Kees Cook
2018-03-09 18:58 ` Alexei Starovoitov
2018-03-12 12:02 ` Edward Cree
2018-03-12 17:49 ` Alexei Starovoitov
2018-03-09 18:48 ` Andy Lutomirski
2018-03-09 18:53 ` Linus Torvalds
2018-03-09 18:57 ` David Miller
2018-03-09 19:12 ` Linus Torvalds
2018-03-09 19:38 ` Linus Torvalds
2018-03-09 19:45 ` Andy Lutomirski
2018-03-10 2:34 ` Alexei Starovoitov
2018-03-10 14:08 ` Luis R. Rodriguez
2018-03-10 15:16 ` Luis R. Rodriguez
2018-03-10 15:34 ` Luis R. Rodriguez
2018-03-12 17:22 ` Alexei Starovoitov
2018-03-13 8:48 ` Greg Kroah-Hartman
2018-03-22 20:54 ` Luis R. Rodriguez
2018-03-22 22:15 ` Andy Lutomirski
2018-03-22 22:21 ` Alexei Starovoitov
2018-03-23 2:47 ` Luis R. Rodriguez
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180309181527.GA15803@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=ast@fb.com \
--cc=ast@kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=keescook@chromium.org \
--cc=kernel-team@fb.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mcgrof@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=tixxdz@gmail.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).