lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 13 Mar 2020 09:22:33 -0700
From:   Lucas De Marchi <lucas.de.marchi@...il.com>
To:     Konstantin Kharlamov <hi-angel@...dex.ru>
Cc:     linux-modules <linux-modules@...r.kernel.org>,
        Jessica Yu <jeyu@...nel.org>,
        lkml <linux-kernel@...r.kernel.org>,
        Steven Rostedt <rostedt@...dmis.org>
Subject: Re: [RFE] Who's using a module?

+Jessica +Steve +lkml

On Wed, Mar 11, 2020 at 6:33 AM Konstantin Kharlamov <hi-angel@...dex.ru> wrote:
>
> Once in a while there's a need to remove a module (for example because you rebuilt it, or to reload it with different parameters, or whatever…). And then doing `rmmod modulename` and `modprobe -r modulename` gives:
>
>         rmmod: ERROR: Module modulename is in use
>
> If you're lucky, firing up `lsmod | grep modulename` will get you offenders inside "used by" column. But often there's nothing except the count above zero. It is very easy to reproduce if you check `lsmod` output for your graphics driver. I checked it on `i915` and `amdgpu`: when graphics session is opened you can't remove it and `lsmod` doesn't show who's using it.
>
> There's very popular and old question on SO¹ that at the moment has over 55k views, and the only answer that seem to work for people is insanely big and convoluted; it is using a custom kernel driver and kernel tracing capabilities. I guess this amount of research means: no, currently there's no easy way to get who's using a module.
>
> It would be amazing if kernel has capability to figure out who's using a module.

Yeah, right now this would need some work on the kernel side to record
the callers of try_module_get()/__module_get()... usually done e.g on
fops-like structs in a owner field.
The only thing we have there right now is the trace. The trace is not
so bad since it can be added in the kernel command line, but would
usually only be enabled while debugging.

For implementing such a feature I think we would need to add/remove
module owner into the mod struct whenever we have a _get()/_put().
Maybe it's worth it, but it doesn't
come without overhead. I'd like to hear what other people think.

Thanks
Lucas De Marchi


>
> 1: https://stackoverflow.com/questions/448999/is-there-a-way-to-figure-out-what-is-using-a-linux-kernel-module
>
> P.S.: please, add me to CC when replying, I'm not subscribed to the list.



--
Lucas De Marchi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ