[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87y3ytc8ka.fsf@rustcorp.com.au>
Date: Tue, 03 Jan 2017 10:34:53 +1030
From: Rusty Russell <rusty@...tcorp.com.au>
To: "Luis R. Rodriguez" <mcgrof@...nel.org>
Cc: Filipe Manana <fdmanana@...e.com>,
"Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>,
"linux-doc\@vger.kernel.org" <linux-doc@...r.kernel.org>,
rgoldwyn@...e.com, hare <hare@...e.com>,
Jonathan Corbet <corbet@....net>,
Linus Torvalds <torvalds@...ux-foundation.org>,
linux-kselftest@...r.kernel.org,
Andrew Morton <akpm@...ux-foundation.org>,
Dan Williams <dan.j.williams@...el.com>,
Aaron Tomlin <atomlin@...hat.com>, rwright@....com,
Heinrich Schuchardt <xypron.glpk@....de>,
Michal Marek <mmarek@...e.com>, martin.wilck@...e.com,
Jeff Mahoney <jeffm@...e.com>, Ingo Molnar <mingo@...hat.com>,
Petr Mladek <pmladek@...e.com>,
Dmitry Torokhov <dmitry.torokhov@...il.com>,
Guenter Roeck <linux@...ck-us.net>,
"Eric W. Biederman" <ebiederm@...ssion.com>, shuah@...nel.org,
DSterba@...e.com, Kees Cook <keescook@...omium.org>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Arnaldo Carvalho de Melo <acme@...hat.com>,
Miroslav Benes <mbenes@...e.cz>, NeilBrown <neilb@...e.com>,
"linux-kernel\@vger.kernel.o rg" <linux-kernel@...r.kernel.org>,
David Miller <davem@...emloft.net>,
Jessica Yu <jeyu@...hat.com>,
Subash Abhinov Kasiviswanathan <subashab@...eaurora.org>,
Julia Lawall <julia.lawall@...6.fr>
Subject: Re: [RFC 10/10] kmod: add a sanity check on module loading
"Luis R. Rodriguez" <mcgrof@...nel.org> writes:
>> Maybe a similar hack for try_then_request_module(), but many places seem
>> to open-code request_module() so it's not as trivial...
Hi Luis, Jessica (who is the main module maintainer now),
Back from break, sorry about delay.
> Right, out of ~350 request_module() calls (not included try requests)
> only ~46 check the return value. Hence a validation check, and come to
> think of it, *this* was the issue that originally had me believing
> that in some places we might end up in a null deref --if those open
> coded request_module() calls assume the driver is loaded there could
> be many places where a NULL is inevitable.
Yes, assuming success == module loade is simply a bug. I wrote
try_then_request_module() to attempt to encapsulate the correct logic
into a single place; maybe we need other helpers to cover (most of?) the
remaining cases?
> Granted, I agree they
> should be fixed, we could add a grammar rule to start nagging at
> driver developers for started, but it does beg the question also of
> what a tightly knit validation for modprobe might look like, and hence
> this patch and now the completed not-yet-posted alias work.
I really think aliases-in-kernel is too heavy a hammer, but a warning
when modprobe "succeeds" and the module still isn't found would be
a Good Thing.
> Would it be worthy as a kconfig kmod debugging aide for now? I can
> follow up with a semantic patch to nag about checking the return value
> of request_module(), and we can have 0-day then also complain about
> new invalid uses.
Yeah, a warning about this would be win for sure.
BTW, I wrote the original "check-for-module-before-loading" in
module-init-tools, but I'm starting to wonder if it was a premature
optimization. Have you thought about simply removing it and always
trying to load the module? If it doesn't slow things down, perhaps
simplicity FTW?
Thanks,
Rusty.
Powered by blists - more mailing lists