lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200414160930.GA20229@linux-8ccs>
Date:   Tue, 14 Apr 2020 18:09:31 +0200
From:   Jessica Yu <jeyu@...nel.org>
To:     Heiner Kallweit <hkallweit1@...il.com>
Cc:     Lucas De Marchi <lucas.demarchi@...el.com>,
        Petr Mladek <pmladek@...e.com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        linux-modules@...r.kernel.org,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        live-patching@...r.kernel.org
Subject: Re: RFC: Handle hard module dependencies that are not symbol-based
 (r8169 + realtek)

+++ Heiner Kallweit [10/04/20 00:25 +0200]:
>On 09.04.2020 02:02, Lucas De Marchi wrote:
>> On Wed, Apr 01, 2020 at 11:20:20PM +0200, Heiner Kallweit wrote:
>>> Currently we have no way to express a hard dependency that is not
>>> a symbol-based dependency (symbol defined in module A is used in
>>> module B). Use case:
>>> Network driver ND uses callbacks in the dedicated PHY driver DP
>>> for the integrated PHY (namely read_page() and write_page() in
>>> struct phy_driver). If DP can't be loaded (e.g. because ND is in
>>> initramfs but DP is not), then phylib will use the generic
>>> PHY driver GP. GP doesn't implement certain callbacks that are
>>> needed by ND, therefore ND's probe has to bail out with an error
>>> once it detects that DP is not loaded.
>>> We have this problem with driver r8169 having such a dependency
>>> on PHY driver realtek. Some distributions have tools for
>>> configuring initramfs that consider hard dependencies based on
>>> depmod output. Means so far somebody can add r8169.ko to initramfs,
>>> and neither human being nor machine will have an idea that
>>> realtek.ko needs to be added too.
>>
>> Could you expand on why softdep doesn't solve this problem
>> with MODULE_SOFTDEP()
>>
>> initramfs tools can already read it and modules can already expose them
>> (they end up in /lib/modules/$(uname -r)/modules.softdep and modprobe
>> makes use of them)
>>
>Thanks for the feedback. I was under the impression that initramfs-tools
>is affected, but you're right, it considers softdeps.
>Therefore I checked the error reports again, and indeed they are about
>Gentoo's "genkernel" tool only. See here:
>https://bugzilla.kernel.org/show_bug.cgi?id=204343#c15
>
>If most kernel/initramfs tools consider softdeps, then I don't see
>a need for the proposed change. But well, everything is good for
>something, and I learnt something about the structure of kmod.
>Sorry for the noise.

Well, I wouldn't really call it noise :) I think there *could* be
cases out there where a establishing a non-symbol-based hard
dependency would be beneficial.

In the bug you linked, I think one could hypothetically run into the
same oops if the realtek module fails to load for whatever reason, no?
Since realtek is only a soft dependency of r8169, modprobe would
consider realtek optional and would still try to load r8169 even if
realtek had failed to load previously. Then wouldn't the same problem
(described in the bugzilla) arise?  Maybe a hard dependency could
possibly come in handy in this case, because a softdep unfortunately
implies that r8169 can work without realtek loaded.

Another potential usecase - I think livepatch folks (CC'd) have
contemplated establishing some type of hard dependency between patch
module and the target module before. I have only briefly skimmed
Petr's POC [1] and it looks like this patch module dependency is
accomplished through a request_module() call during load_module()
(specifically, in klp_module_coming()) so that the patch module gets
loaded before the target module finishes loading.

I initially thought this dependency could be expressed through
MODULE_HARDDEP(target_module) in the patch module source code, but it
looks like livepatch might require something more fine-grained, since
the current POC tries to load the patch module before the target
module runs its init(). In addition, this method wouldn't prevent the
target module from loading if the patch module fails to load..

In any case, I appreciate the RFC and don't really have any gripes
against having an analogous MODULE_HARDDEP() macro. If more similar
cases crop up then it may be worth seriously pursuing, and then we'll
at least have this RFC to start with :)

Thanks,

Jessica

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ