lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190120161003.GB23827@google.com>
Date:   Sun, 20 Jan 2019 11:10:03 -0500
From:   Joel Fernandes <joel@...lfernandes.org>
To:     hpa@...or.com
Cc:     Greg KH <gregkh@...uxfoundation.org>,
        Christoph Hellwig <hch@...radead.org>,
        linux-kernel@...r.kernel.org,
        Andrew Morton <akpm@...ux-foundation.org>, ast@...nel.org,
        atishp04@...il.com, Borislav Petkov <bp@...en8.de>,
        dancol@...gle.com, Ingo Molnar <mingo@...hat.com>,
        Jan Kara <jack@...e.cz>, Jonathan Corbet <corbet@....net>,
        karim.yaghmour@...rsys.com, Kees Cook <keescook@...omium.org>,
        kernel-team@...roid.com, linux-doc@...r.kernel.org,
        Manoj Rao <linux@...ojrajarao.com>,
        Masahiro Yamada <yamada.masahiro@...ionext.com>,
        paulmck@...ux.vnet.ibm.com,
        "Peter Zijlstra (Intel)" <peterz@...radead.org>,
        rdunlap@...radead.org, rostedt@...dmis.org,
        Thomas Gleixner <tglx@...utronix.de>,
        "maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)" <x86@...nel.org>,
        yhs@...com
Subject: Re: [RFC] Provide in-kernel headers for making it easy to extend the
 kernel

On Sat, Jan 19, 2019 at 11:01:13PM -0800, hpa@...or.com wrote:
> On January 19, 2019 2:36:06 AM PST, Greg KH <gregkh@...uxfoundation.org> wrote:
> >On Sat, Jan 19, 2019 at 02:28:00AM -0800, Christoph Hellwig wrote:
> >> This seems like a pretty horrible idea and waste of kernel memory.
> >
> >It's only a waste if you want it to be a waste, i.e. if you load the
> >kernel module.
> >
> >This really isn't any different from how /proc/config.gz works.
> >
> >> Just add support to kbuild to store a compressed archive in initramfs
> >> and unpack it in the right place.
> >
> >I think the issue is that some devices do not use initramfs, or switch
> >away from it after init happens or something like that.  Joel has all
> >of
> >the looney details that he can provide.
> >
> >thanks,
> >
> >greg k-h
> 
> Yeah, well... but it is kind of a losing game... the more in-kernel stuff there is the less smiley are things to actually be supported.

It is better than nothing, and if this makes things a bit easier and solves
real-world issues people have been having, and is optional, then I don't see
why not.

> Modularizing is it in some ways even crazier in the sense that at that point you are relying on the filesystem containing the module, which has to be loaded into the kernel by a root user. One could even wonder if a better way to do this would be to have "make modules_install" park an archive file – or even a directory as opposed to a symlink – with this stuff in /lib/modules. We could even provide a tmpfs shim which autoloads such an archive via the firmware loader; this might even be generically useful, who knows.

All this seems to assume where the modules are located. In Android, we don't
have /lib/modules. This patch generically fits into the grand scheme things
and I think is just better made a part of the kernel since it is not that
huge once compressed, as Dan also pointed. The more complex, and the more
assumptions we make, the less likely people writing tools will get it right
and be able to easily use it.

> 
> Note also that initramfs contents can be built into the kernel. Extracting such content into a single-instance tmpfs would again be a possibility

Such an approach would bloat the kernel image size though, which may not work
for everyone. The module based approach, on the other hand, gives an option
to the user to enable the feature, but not have it loaded into memory or used
until it is really needed.

thanks,

 - Joel

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ