lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Mon,  9 Aug 2021 22:15:59 -0700
From:   Luis Chamberlain <>
        Luis Chamberlain <>
Subject: [PATCH v2 0/3] kmod: add patient module removal support

The kernel used to have wait support for delete_module() system call.
This was removed via commmit 3f2b9c9cdf389e ("module: remove rmmod
--wait option.") on v3.13 in favor for 10 second sleep on kmod. Lucas
later remove that sleep(10) on kmod commit 017893f244 ("rmmod: remove
--wait option") so on kmod 16.

There are races in module removal I have been chasing down and
clearly documenting them. Module removal is not crazy stuff, its
used in many test frameworks such as fstests and blktests and can
even be used to remove live patches if a distribution supports that.
If you are doing tests in a loop you can easily run into these races
as false positives in your testing results.

Contrary to the last kernel wait delete_module() effort this series
instead adds a patient module removal support into kmod and extends
modprobe and rmmod to use it.

The most important change other than the requested during patch
review this also now uses the same timeout to also re-try module
removal if it fails when patient module removal is used.

Changes on v2:

- replace looking at the refcnt with poll() as requested by Lucas.
  This uses clock_gettime(CLOCK_MONOTONIC), and systems without that
  won't get patient module removal support, we'd revert back to
  regular module removal attempt support. Since poll() in practice
  just busy loops on the refcnt sysfs file today, we guard verbose
  prints to only every 1/2 second. We can enhance poll() on the refcnt
  later, for now this busy read helps prove the issue and test for it.
- replaces the sleep(1) calls and make thie programmable timeouts as
  requested by Lucas
- extends macros to allow us to print something *more* on the library
  when something like modprobe -v is used.
- upon further testing and investigation of the refcnt issue where
  the refcnt is 0 but the module cannot be removed [0] I've determined
  that the only reasonable thing userspace can do is to retry the
  delete_modue() call when doing a patient removal. You *might*
  be tempted to look at this and suggest a new quiesce state which
  userspace can request, however such quiesce states could actually
  prove more problemantic than resolve anything. Consider how some
  subystems may need to re-open a device only to close it when tearing
  something down. Such quiesce efforts would break those subsystems.


Luis Chamberlain (3):
  libkmod: add a library notice log level print
  libkmod/libkmod-module: add refcnt fd helper
  libkmod-module: add support for a patient module removal option

 libkmod/docs/libkmod-sections.txt  |   4 +
 libkmod/libkmod-internal.h         |   2 +
 libkmod/libkmod-module.c           | 365 ++++++++++++++++++++++++++++-
 libkmod/libkmod.c                  |  71 ++++++
 libkmod/libkmod.h                  |   7 +
 libkmod/libkmod.sym                |   4 +
 libkmod/python/kmod/_libkmod_h.pxd |   3 +
 libkmod/python/kmod/module.pyx     |   4 +
 man/modprobe.xml                   |  59 +++++
 man/rmmod.xml                      |  60 +++++
 tools/modprobe.c                   |  21 +-
 tools/remove.c                     |  12 +-
 tools/rmmod.c                      |  27 ++-
 13 files changed, 610 insertions(+), 29 deletions(-)


Powered by blists - more mailing lists