| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 9 Aug 2021 22:15:59 -0700
From: Luis Chamberlain <mcgrof@...nel.org>
To: lucas.demarchi@...el.com, linux-modules@...r.kernel.org
Cc: live-patching@...r.kernel.org, fstests@...r.kernel.org,
linux-block@...r.kernel.org, hare@...e.de, dgilbert@...erlog.com,
jeyu@...nel.org, osandov@...com, linux-kernel@...r.kernel.org,
Luis Chamberlain <mcgrof@...nel.org>
Subject: [PATCH v2 0/3] kmod: add patient module removal support
The kernel used to have wait support for delete_module() system call.
This was removed via commmit 3f2b9c9cdf389e ("module: remove rmmod
--wait option.") on v3.13 in favor for 10 second sleep on kmod. Lucas
later remove that sleep(10) on kmod commit 017893f244 ("rmmod: remove
--wait option") so on kmod 16.
There are races in module removal I have been chasing down and
clearly documenting them. Module removal is not crazy stuff, its
used in many test frameworks such as fstests and blktests and can
even be used to remove live patches if a distribution supports that.
If you are doing tests in a loop you can easily run into these races
as false positives in your testing results.
Contrary to the last kernel wait delete_module() effort this series
instead adds a patient module removal support into kmod and extends
modprobe and rmmod to use it.
The most important change other than the requested during patch
review this also now uses the same timeout to also re-try module
removal if it fails when patient module removal is used.
Changes on v2:
- replace looking at the refcnt with poll() as requested by Lucas.
This uses clock_gettime(CLOCK_MONOTONIC), and systems without that
won't get patient module removal support, we'd revert back to
regular module removal attempt support. Since poll() in practice
just busy loops on the refcnt sysfs file today, we guard verbose
prints to only every 1/2 second. We can enhance poll() on the refcnt
later, for now this busy read helps prove the issue and test for it.
- replaces the sleep(1) calls and make thie programmable timeouts as
requested by Lucas
- extends macros to allow us to print something *more* on the library
when something like modprobe -v is used.
- upon further testing and investigation of the refcnt issue where
the refcnt is 0 but the module cannot be removed [0] I've determined
that the only reasonable thing userspace can do is to retry the
delete_modue() call when doing a patient removal. You *might*
be tempted to look at this and suggest a new quiesce state which
userspace can request, however such quiesce states could actually
prove more problemantic than resolve anything. Consider how some
subystems may need to re-open a device only to close it when tearing
something down. Such quiesce efforts would break those subsystems.
[0] https://bugzilla.kernel.org/show_bug.cgi?id=214015
Luis Chamberlain (3):
libkmod: add a library notice log level print
libkmod/libkmod-module: add refcnt fd helper
libkmod-module: add support for a patient module removal option
libkmod/docs/libkmod-sections.txt | 4 +
libkmod/libkmod-internal.h | 2 +
libkmod/libkmod-module.c | 365 ++++++++++++++++++++++++++++-
libkmod/libkmod.c | 71 ++++++
libkmod/libkmod.h | 7 +
libkmod/libkmod.sym | 4 +
libkmod/python/kmod/_libkmod_h.pxd | 3 +
libkmod/python/kmod/module.pyx | 4 +
man/modprobe.xml | 59 +++++
man/rmmod.xml | 60 +++++
tools/modprobe.c | 21 +-
tools/remove.c | 12 +-
tools/rmmod.c | 27 ++-
13 files changed, 610 insertions(+), 29 deletions(-)
--
2.30.2
Powered by blists - more mailing lists