LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Luis Chamberlain <email@example.com>
To: Eric Biggers <firstname.lastname@example.org>
Cc: NeilBrown <email@example.com>, Josh Triplett <firstname.lastname@example.org>,
email@example.com, Alexei Starovoitov <firstname.lastname@example.org>,
Andrew Morton <email@example.com>,
Greg Kroah-Hartman <firstname.lastname@example.org>,
Jeff Vander Stoep <email@example.com>,
Jessica Yu <firstname.lastname@example.org>, Kees Cook <email@example.com>
Subject: Re: [PATCH] kmod: make request_module() return an error when autoloading is disabled
Date: Wed, 11 Mar 2020 18:40:37 +0000 [thread overview]
Message-ID: <20200311184037.GP11244@42.do-not-panic.com> (raw)
On Wed, Mar 11, 2020 at 11:21:30AM -0700, Eric Biggers wrote:
> On Wed, Mar 11, 2020 at 06:00:02PM +0000, Luis Chamberlain wrote:
> > On Wed, Mar 11, 2020 at 10:35:45AM -0700, Eric Biggers wrote:
> > > On Wed, Mar 11, 2020 at 06:31:30AM +0000, Luis Chamberlain wrote:
> > > > On Tue, Mar 10, 2020 at 10:26:20PM -0700, Eric Biggers wrote:
> > > > > On Wed, Mar 11, 2020 at 04:32:21AM +0000, Luis Chamberlain wrote:
> > > > > > On Tue, Mar 10, 2020 at 03:37:31PM -0700, Eric Biggers wrote:
> > > > > > > From: Eric Biggers <firstname.lastname@example.org>
> > > > > > >
> > > > > > > It's long been possible to disable kernel module autoloading completely
> > > > > > > by setting /proc/sys/kernel/modprobe to the empty string. This can be
> > > > > > > preferable
> > > > > >
> > > > > > preferable but ... not documented. Or was this documented or recommended
> > > > > > somewhere?
> > > > > >
> > > > > > > to setting it to a nonexistent file since it avoids the
> > > > > > > overhead of an attempted execve(), avoids potential deadlocks, and
> > > > > > > avoids the call to security_kernel_module_request() and thus on
> > > > > > > SELinux-based systems eliminates the need to write SELinux rules to
> > > > > > > dontaudit module_request.
> > > > >
> > > > > Not that I know of, though I didn't look too hard. proc(5) mentions
> > > > > /proc/sys/kernel/modprobe but doesn't mention the empty string case.
> > > > >
> > > > > In any case, it's been supported for a long time, and it's useful for the
> > > > > reasons I mentioned.
> > > >
> > > > Sure. I think then its important to document it as such then, or perhaps
> > > > make a kconfig option which sets this to empty and document it on the
> > > > kconfig entry.
> > >
> > > I'll send a man-pages patch to document it in proc(5).
> > >
> > > Most users, including the one I have in mind, should just be able to run
> > > 'echo > /proc/sys/kernel/modprobe' early in the boot process. So I don't think
> > > the need for a kconfig option to control the default value has been clearly
> > > demonstrated yet. You're certainly welcome to send a patch for it if you
> > > believe it would be useful, though.
> > When doing a rewrite of some of this code I did wonder who would use
> > this and clear it out. A kconfig entry would remove any doubt over its
> > use and would allow one to skip the userspace / early init requirement
> > to empty it out, therefore actually being safer because you are not
> > racing against modules being loaded.
> > Is avoiding the race more suitable for your needs than echo'ing early on boot?
> Maybe. It would avoid the chance of races, but I haven't seen any yet.
> Also, our userspace has to support old kernels, so we still need the
> 'echo > /proc/sys/kernel/modprobe' anyway. If that turns out to be good enough,
> then it makes things easier for everyone.
> If setting the default at build time turns out to be needed, then sure in that
> case I'll send a patch that adds a kconfig option to do that. But I'm first
> trying to use the existing kernel functionality.
> Also, a kconfig option isn't really a substitute for documenting this existing
> sysctl. We still need to document it properly in proc(5) and
Yes, sure. Whatever mechanism you find *suitable* I think you may the
shiny best new user of it, and so given all that is shared now, I'm sure
you will document do what is needed. Whatever guidance you can provide
based on your experience is of huge value to this little corner of the
I just wanted to do away with unclear tribal knowledge and ensure we
support / test whatever you do well moving forward.
next prev parent reply other threads:[~2020-03-11 18:40 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-10 22:37 Eric Biggers
2020-03-11 4:32 ` Luis Chamberlain
2020-03-11 5:26 ` Eric Biggers
2020-03-11 6:31 ` Luis Chamberlain
2020-03-11 17:35 ` Eric Biggers
2020-03-11 18:00 ` Luis Chamberlain
2020-03-11 18:21 ` Eric Biggers
2020-03-11 18:40 ` Luis Chamberlain [this message]
2020-03-11 5:55 ` Josh Triplett
2020-03-11 6:32 ` Luis Chamberlain
2020-03-11 17:28 ` Kees Cook
2020-03-11 17:41 ` Eric Biggers
2020-03-11 17:50 ` Kees Cook
2020-03-11 18:01 ` Luis Chamberlain
2020-03-11 18:08 ` Eric Biggers
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--subject='Re: [PATCH] kmod: make request_module() return an error when autoloading is disabled' \
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).