[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALCETrUU-456u3R=D08fuJFEiiMLB3n=jdCTxvLqbSGA87r-9A@mail.gmail.com>
Date: Fri, 9 Mar 2018 19:45:11 +0000
From: Andy Lutomirski <luto@...capital.net>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: David Miller <davem@...emloft.net>,
Alexei Starovoitov <ast@...com>,
Kees Cook <keescook@...omium.org>,
Alexei Starovoitov <ast@...nel.org>,
Djalal Harouni <tixxdz@...il.com>,
Al Viro <viro@...iv.linux.org.uk>,
Daniel Borkmann <daniel@...earbox.net>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
"Luis R. Rodriguez" <mcgrof@...nel.org>,
Network Development <netdev@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
kernel-team <kernel-team@...com>,
Linux API <linux-api@...r.kernel.org>
Subject: Re: [PATCH net-next] modules: allow modprobe load regular elf binaries
On Fri, Mar 9, 2018 at 7:38 PM, Linus Torvalds
<torvalds@...ux-foundation.org> wrote:
> On Fri, Mar 9, 2018 at 11:12 AM, Linus Torvalds
> <torvalds@...ux-foundation.org> wrote:
>>
>> How are you going to handle five processes doing the same setup concurrently?
>
> Side note: it's not just serialization. It's also "is it actually up
> and running".
>
I think the right way to solve this would be to take a hint from
systemd's socket activation model. The current patch had the module
load process kick off an ELF binary that goes an registers itself to
handle something. We can turn that around. Make the module init
function create the socket (or pipe or whatever) receives request and
pass it to the user program as stdin. Then the kernel can start
queueing requests into the socket immediately, and the user program
will get to them whenever it finishes initializing. Or it can write
some message to the socket saying "hey, I'm ready".
This also completely avoids the issue where some clever user manually
loads the "module" with exec() ("hey, I'm so clever, I can just run
the damn thing instead if using init_module()!" or writes an
out-of-tree program that uses whatever supposedly secret API the
in-kernel binary is supposed to use to register itself (and I know
people who would do exactly that!) and the kernel does
request_module() at roughly the same time.
Powered by blists - more mailing lists