lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <e38f3115-1e77-ebce-423b-8ea445be9e0d@gmail.com>
Date:   Tue, 14 Apr 2020 18:20:40 +0200
From:   Heiner Kallweit <hkallweit1@...il.com>
To:     Jessica Yu <jeyu@...nel.org>
Cc:     Lucas De Marchi <lucas.demarchi@...el.com>,
        Petr Mladek <pmladek@...e.com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        linux-modules@...r.kernel.org,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        live-patching@...r.kernel.org
Subject: Re: RFC: Handle hard module dependencies that are not symbol-based
 (r8169 + realtek)

On 14.04.2020 18:09, Jessica Yu wrote:
> +++ Heiner Kallweit [10/04/20 00:25 +0200]:
>> On 09.04.2020 02:02, Lucas De Marchi wrote:
>>> On Wed, Apr 01, 2020 at 11:20:20PM +0200, Heiner Kallweit wrote:
>>>> Currently we have no way to express a hard dependency that is not
>>>> a symbol-based dependency (symbol defined in module A is used in
>>>> module B). Use case:
>>>> Network driver ND uses callbacks in the dedicated PHY driver DP
>>>> for the integrated PHY (namely read_page() and write_page() in
>>>> struct phy_driver). If DP can't be loaded (e.g. because ND is in
>>>> initramfs but DP is not), then phylib will use the generic
>>>> PHY driver GP. GP doesn't implement certain callbacks that are
>>>> needed by ND, therefore ND's probe has to bail out with an error
>>>> once it detects that DP is not loaded.
>>>> We have this problem with driver r8169 having such a dependency
>>>> on PHY driver realtek. Some distributions have tools for
>>>> configuring initramfs that consider hard dependencies based on
>>>> depmod output. Means so far somebody can add r8169.ko to initramfs,
>>>> and neither human being nor machine will have an idea that
>>>> realtek.ko needs to be added too.
>>>
>>> Could you expand on why softdep doesn't solve this problem
>>> with MODULE_SOFTDEP()
>>>
>>> initramfs tools can already read it and modules can already expose them
>>> (they end up in /lib/modules/$(uname -r)/modules.softdep and modprobe
>>> makes use of them)
>>>
>> Thanks for the feedback. I was under the impression that initramfs-tools
>> is affected, but you're right, it considers softdeps.
>> Therefore I checked the error reports again, and indeed they are about
>> Gentoo's "genkernel" tool only. See here:
>> https://bugzilla.kernel.org/show_bug.cgi?id=204343#c15
>>
>> If most kernel/initramfs tools consider softdeps, then I don't see
>> a need for the proposed change. But well, everything is good for
>> something, and I learnt something about the structure of kmod.
>> Sorry for the noise.
> 
> Well, I wouldn't really call it noise :) I think there *could* be
> cases out there where a establishing a non-symbol-based hard
> dependency would be beneficial.
> 
Thanks for the encouraging words ;)

> In the bug you linked, I think one could hypothetically run into the
> same oops if the realtek module fails to load for whatever reason, no?

Basically yes. Just that it wouldn't be an oops any longer, r8169
would detect the missing dedicated PHY driver and bail out in probe().

> Since realtek is only a soft dependency of r8169, modprobe would
> consider realtek optional and would still try to load r8169 even if
> realtek had failed to load previously. Then wouldn't the same problem
> (described in the bugzilla) arise?  Maybe a hard dependency could
> possibly come in handy in this case, because a softdep unfortunately
> implies that r8169 can work without realtek loaded.
> 
Right. Even though kmod treats a softdep more or less like a harddep
with regard to module loading, it's called "soft" for a reason.
Relying on a softdep to satisfy a hard dependency doesn't seem
to be the ideal solution.

> Another potential usecase - I think livepatch folks (CC'd) have
> contemplated establishing some type of hard dependency between patch
> module and the target module before. I have only briefly skimmed
> Petr's POC [1] and it looks like this patch module dependency is
> accomplished through a request_module() call during load_module()
> (specifically, in klp_module_coming()) so that the patch module gets
> loaded before the target module finishes loading.
> 
> I initially thought this dependency could be expressed through
> MODULE_HARDDEP(target_module) in the patch module source code, but it
> looks like livepatch might require something more fine-grained, since
> the current POC tries to load the patch module before the target
> module runs its init(). In addition, this method wouldn't prevent the
> target module from loading if the patch module fails to load..
> 
> In any case, I appreciate the RFC and don't really have any gripes
> against having an analogous MODULE_HARDDEP() macro. If more similar
> cases crop up then it may be worth seriously pursuing, and then we'll
> at least have this RFC to start with :)
> 
> Thanks,
> 
> Jessica

Heiner

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ