Received: by 10.223.185.116 with SMTP id b49csp4574904wrg; Tue, 6 Mar 2018 19:25:25 -0800 (PST) X-Google-Smtp-Source: AG47ELskEGPXMagDsDCEXLir2l/r29tp4LPWJe6z+cxX0LguMdnmkgTTck674W4EBA4Dpg5rOIth X-Received: by 10.101.96.142 with SMTP id t14mr16728028pgu.58.1520393125881; Tue, 06 Mar 2018 19:25:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1520393125; cv=none; d=google.com; s=arc-20160816; b=TPE44d8NV7AHAHDaCznx+XKk+8+wWDmIZvGDkD33jAmv3Pvu7Sq/5Zjs4KAS1ap2nX MU8yl8mTAlq5mzAkRV7o6FXMyLOKp11UlFchaflmU0PGDvYLc8DTiSLjMt/g8R2XjvOT 698Y+DewliEMqH4/yjM1fC+MNtTFQhBn3wQZ/rGpe05CQJR4tGyCEdsMsSCwOPpok3Km hsgpPBZrLSF4j0Cb3sG2XloLBRgv8UdYa2oCCK8iXKvjATIFuLEoDkt+0vsZHuN2QqEE 5DGJQVNvF0QLPjCoOAHfgWh2lg4SmP+Ll+s/5RC9YObygGvcAmd/W8TbPRuqNu4luC+C LqQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=dJN/okJJMunAt0u6q6gFa8yXZNYcL08hRV6UfoMXxrI=; b=y6Ltqvixk+rNjnkCQ7LrxLW+6DBBpfwl6aZH9ftxkk3fmKD8TROCH28zO/l7IJjrL3 7FE+g2qP4Fsz44oxmQLOLBc5FS/YjGjxjs0o6UuOLL2lLqpucbZnrvuDQlTkMWa4uGMq JRAcWRrxqw049otuXO2VksIaIUMKKMemYUBpulsPlWoyXosNtj/dFMpwctFC3R2hFwXw tbqbkc1mxnNsTGyOatb3PgZ0jdWSkbsrP6L8Hpb5/qUBHbGk/Cv6y53nTEdQDXpeLQn9 XHXcAcDKKw+awNLyeKrDlZzoXDfWOhho+QB8nJsXUhnkqmMmAKhlO0aSiwrZ3NC/jBsW w5OQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k75si10759159pgc.134.2018.03.06.19.25.10; Tue, 06 Mar 2018 19:25:25 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933182AbeCGDYN (ORCPT + 99 others); Tue, 6 Mar 2018 22:24:13 -0500 Received: from mail.linuxfoundation.org ([140.211.169.12]:48638 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753996AbeCGDYL (ORCPT ); Tue, 6 Mar 2018 22:24:11 -0500 Received: from localhost (unknown [185.236.200.248]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id CE78D1164; Wed, 7 Mar 2018 03:24:10 +0000 (UTC) Date: Tue, 6 Mar 2018 19:24:14 -0800 From: Greg KH To: Alexei Starovoitov Cc: Alexei Starovoitov , davem@davemloft.net, daniel@iogearbox.net, torvalds@linux-foundation.org, mcgrof@kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-team@fb.com, linux-api@vger.kernel.org Subject: Re: [PATCH net-next] modules: allow modprobe load regular elf binaries Message-ID: <20180307032414.GA24203@kroah.com> References: <20180306013457.1955486-1-ast@kernel.org> <20180306110549.GB31087@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.4 (2018-02-28) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Mar 06, 2018 at 05:07:45PM -0800, Alexei Starovoitov wrote: > combining multiple answers... > > On 3/6/18 3:05 AM, Greg KH wrote: > > > > Any chance you can add a field to your "umh module" type such that a > > normal 'modinfo' program will be able to notice it is different easily? > > ok. handling of modinfo turned out to be straightforward. > kmod tooling worked fine with simple addition of .modinfo section. > > $ modinfo bpfilter > filename: > /lib/modules/4.16.0-rc4-00799-g1716f0aa3039-dirty/net/bpfilter/bpfilter.ko > umh: Y Nice. But perhaps spell it out, "user_mode_helper"? Anyway, bikesheding now, sorry, whatever you want to call it is fine with me. > license: GPL > > I will require umh=Y and license to be present. > umh has to be set to Y for this 'umh modules' > and taint of kernel will happen if license is not gpl. Interesting, I like it :) > Other modinfo like vermagic are not applicable here, since > umh modules interact with kernel via normal kernel/user abi. Very true. > > > Since umh can crash, can be oom-ed by the kernel, killed by admin, > > > the subsystem that uses them (like bpfilter) need to manage life > > > time of umh on its own, so module infra doesn't do any accounting > > > of them. They don't appear in "lsmod" and cannot be "rmmod". > > > Multiple request_module("umh") will load multiple umh.ko processes. > > > > > > Similar to kernel modules the kernel will be tainted if "umh module" > > > has invalid signature. > > > > Shouldn't we fail to load the "module" if the signature is not valid if > > CONFIG_MODULE_SIG_FORCE=y is enabled, like we do for modules? I run my > > systems like that, and just "warning" isn't probably a good idea for > > systems that want to enforce that everything is signed properly? > > CONFIG_MODULE_SIG_FORCE=y is already handled by this patch. > It's checked first for either .ko or umh.ko (before any elf parsing) > and returns -ENOKEY to user space without any dmesg message. > I think it's best to keep it as-is. > The taint and warning is for 'undef SIG_FORCE' and when module > is signed, but incorrectly. Ah, sorry, I missed that, thanks for clearing it up. > > Other than that, one minor question: > > > > > @@ -1745,7 +1745,9 @@ static int do_execveat_common(int fd, struct filename *filename, > > > sched_exec(); > > > > > > bprm->file = file; > > > - if (fd == AT_FDCWD || filename->name[0] == '/') { > > > + if (!filename) { > > > + bprm->filename = "/dev/null"; > > > > Why the use of "/dev/null" for the filename here, and elsewhere in the > > code? While I'm "sure" that everyone really does have /dev/null/ > > mounted in the root namespace, what is the use of it here? > > filename is assumed to be non-null in several places further > down and instead of hacking it everywhere it's cleaner to assign > some string to it. > I'll change it to filename = "none" > Same in umh part. Thanks, that makes sense. greg k-h