Received: by 10.223.185.111 with SMTP id b44csp687210wrg;
        Fri, 9 Mar 2018 11:46:44 -0800 (PST)
X-Google-Smtp-Source: AG47ELsNv+32VMc6oBMcpwJJ+CJP9EU+xmkjk3Q2afOriNEI2qwPsig7Sese0l4JhRSNL8aemYLV
X-Received: by 2002:a17:902:52c1:: with SMTP id a59-v6mr28832350pli.37.1520624804303;
        Fri, 09 Mar 2018 11:46:44 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1520624804; cv=none;
        d=google.com; s=arc-20160816;
        b=EhpNXxcgZtifRWKxktroihwU3YJl4h1pz3belJlTYSQIhIs/mNc54opWBUtchsAAxg
         s6u/of+AIkyxWP6VmTMn7/g6EOLlZwllJY3QgSfc/Ft3sOkvQOlu+Quyd57TSeJpEnMv
         KIkvXCYL1r87ZnAc4kB+HoEMOovaNNIyCAYV8/wBrfAYUNjkCBcQoU37NZKpnz6iBDiQ
         ULDk6VlObQxYX6CIN++KAHD+2i1PM4CXHAzA5U+Nv8qXa7ikY04F5gGFLePqa1+9MNxu
         SdO5kyRYq0Z1WAgqSGtvjVB8t5R12fVLDDutTqQDs0VTIzn7uFSnCzELZmXYMOGlk7OE
         Phgw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=xox8WYytT01LeRXrtcy104hFTxqAChSR0brmB4kbGj8=;
        b=ec6jPoiZ1ZMjB4xhT/Jhgto+vBeh6G0auiBnUlBPDaI4sA6CEgEQ2bU81zuEpjg00e
         1lia9jN6e/OQGvk++XJdG7qAszdyoBClrZllOKVQqst2EzwZ+49OuqWEwpX48yCnOxE8
         nn5YItU3OLmvAITOS3qyUa4xKENOmL5e9kqHTRKIy/9GU1Qcxl1ueSZNo8gO6LJMeHn4
         flg57SzngxARxe2t0lk9QXIWRTshr0oZqiSqPy7RII7KQQn30ug+q4VqBOexkfwBac5Y
         eB+uiw2pZJ4JMtwE0tBVTU8VlftnfVxhlzrP8kDHbLjqALAZebW2bSJkzcq/HesFrhA0
         ZIkQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=PrS2bg04;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 1-v6si1332025plk.52.2018.03.09.11.46.29;
        Fri, 09 Mar 2018 11:46:44 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=PrS2bg04;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S932473AbeCITpe (ORCPT <rfc822;kernelgary@gmail.com> + 99 others);
        Fri, 9 Mar 2018 14:45:34 -0500
Received: from mail-io0-f193.google.com ([209.85.223.193]:33676 "EHLO
        mail-io0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S932069AbeCITpc (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 9 Mar 2018 14:45:32 -0500
Received: by mail-io0-f193.google.com with SMTP id f1so4772856iob.0
        for <linux-kernel@vger.kernel.org>; Fri, 09 Mar 2018 11:45:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=amacapital-net.20150623.gappssmtp.com; s=20150623;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=xox8WYytT01LeRXrtcy104hFTxqAChSR0brmB4kbGj8=;
        b=PrS2bg04qhhACKSoPDB2duzmUb1VQXJ3Sd1bL7rtPTsPja6dmR7mdJOObKVgeGby8o
         4Tr/mL2US6XLck2X07k2aiabZ4W1JIqJXz7bP1Bmn88NCDSIIRlCSMXzPgE30tNXmv8E
         xXGzoaRTxbiAzeAay4eyMZ47/FZHRxnWr+mkSlvsX+wMNOOnE8FRbuooyPwWcDEPMPWV
         2KPHbgICOjda43jTdbY43ooQV1iF7K2X9H5JVBUEC0TjL9eWNs3c7+LkZ/ZcYon7PTCd
         Gj03yWacH09A1jX6Ul2b29Ou++SsrTpAiRqgN1QrIQvtp9ToEeWr4V83jLvRooKrfWLS
         LGhA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=xox8WYytT01LeRXrtcy104hFTxqAChSR0brmB4kbGj8=;
        b=LGpa46zXRGOYFqCrRxuxlurNDevU/JDOuBzZuhCcjkWVb460Vcyf9MOnvEEhgTIUUe
         IRa5+XLO0iUN252rZvXo3d/AqzusYQbtWQIjarN0G1orVhKCDzEmlRVTN5N4EP0S6Sp8
         LlS0Sd+HXHRB7/Qc2Xno5wdOAyuQ5hCFBQVTmi46Ihc50mlmF1psWCdtZBsTbDYJxhcs
         5UK59zN2ty5eH6ODQtR3swV4Nt9YY2a1IV5rWOI7ZL4CRNya96Ja8tJy217XqIXChmPV
         ospNH/CfcEMYragMt8uU/D5e/jK91kmT4kagza2SzaLDB36exxgN2cUE5ulGGote0G+P
         txUA==
X-Gm-Message-State: AElRT7EVTe4tI5UPaMwmj0p8Ddv2b3lZywwsRcykO0nqioXgqTXFs4Ey
        s+Rhw0fUO38UtJ1ufi+cDDm0LGkPbGNdMbrf8Iuzew==
X-Received: by 10.107.151.209 with SMTP id z200mr29323498iod.150.1520624731385;
 Fri, 09 Mar 2018 11:45:31 -0800 (PST)
MIME-Version: 1.0
Received: by 10.2.137.101 with HTTP; Fri, 9 Mar 2018 11:45:10 -0800 (PST)
In-Reply-To: <CA+55aFx-kDp87_uv9TW5pYD2+nr8c65=ervvwcxhTBJVg7c_pQ@mail.gmail.com>
References: <CA+55aFwfcXzD+pzjN=vTcvscpK97pSztUZ2JK7pABs+rMtM7BQ@mail.gmail.com>
 <E459E6CC-F51B-4F2A-9D26-FFB7166E0A47@amacapital.net> <CA+55aFx7w1s7=5HzeczPkkksaU4oVsWQf+_c=aHS0O7i_9g+Kg@mail.gmail.com>
 <20180309.135724.452219538059491199.davem@davemloft.net> <CA+55aFyN8JDh76bm1VinBvrgMH5jNL6RbuFAkrH8vuYU1s9GDQ@mail.gmail.com>
 <CA+55aFx-kDp87_uv9TW5pYD2+nr8c65=ervvwcxhTBJVg7c_pQ@mail.gmail.com>
From:   Andy Lutomirski <luto@amacapital.net>
Date:   Fri, 9 Mar 2018 19:45:11 +0000
Message-ID: <CALCETrUU-456u3R=D08fuJFEiiMLB3n=jdCTxvLqbSGA87r-9A@mail.gmail.com>
Subject: Re: [PATCH net-next] modules: allow modprobe load regular elf binaries
To:     Linus Torvalds <torvalds@linux-foundation.org>
Cc:     David Miller <davem@davemloft.net>,
        Alexei Starovoitov <ast@fb.com>,
        Kees Cook <keescook@chromium.org>,
        Alexei Starovoitov <ast@kernel.org>,
        Djalal Harouni <tixxdz@gmail.com>,
        Al Viro <viro@zeniv.linux.org.uk>,
        Daniel Borkmann <daniel@iogearbox.net>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        "Luis R. Rodriguez" <mcgrof@kernel.org>,
        Network Development <netdev@vger.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        kernel-team <kernel-team@fb.com>,
        Linux API <linux-api@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Mar 9, 2018 at 7:38 PM, Linus Torvalds
<torvalds@linux-foundation.org> wrote:
> On Fri, Mar 9, 2018 at 11:12 AM, Linus Torvalds
> <torvalds@linux-foundation.org> wrote:
>>
>> How are you going to handle five processes doing the same setup concurrently?
>
> Side note: it's not just serialization. It's also "is it actually up
> and running".
>

I think the right way to solve this would be to take a hint from
systemd's socket activation model.  The current patch had the module
load process kick off an ELF binary that goes an registers itself to
handle something.  We can turn that around.  Make the module init
function create the socket (or pipe or whatever) receives request and
pass it to the user program as stdin.  Then the kernel can start
queueing requests into the socket immediately, and the user program
will get to them whenever it finishes initializing.  Or it can write
some message to the socket saying "hey, I'm ready".

This also completely avoids the issue where some clever user manually
loads the "module" with exec() ("hey, I'm so clever, I can just run
the damn thing instead if using init_module()!" or writes an
out-of-tree program that uses whatever supposedly secret API the
in-kernel binary is supposed to use to register itself (and I know
people who would do exactly that!) and the kernel does
request_module() at roughly the same time.