Received: by 2002:ac0:aed5:0:0:0:0:0 with SMTP id t21csp4532469imb; Wed, 6 Mar 2019 16:09:08 -0800 (PST) X-Google-Smtp-Source: APXvYqx7cRnUdLntTcEn2ejXajP7ppryIKZQVHxxRddFy3glPFPRDt6YiUUmlRHt9i66+6Xxvzo7 X-Received: by 2002:a17:902:ea8c:: with SMTP id cv12mr9600395plb.123.1551917347999; Wed, 06 Mar 2019 16:09:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551917347; cv=none; d=google.com; s=arc-20160816; b=MLnZMABMG1sZCiNcYr3XsYftobrYT8/giqOVd9MMII8v3Sm9eh1NY2e7zHRx8yqk+B VUMyE+YQvRudOZp4nn2WEAWNzRMODidzGFDh/5fGjvLMtKEFd/bImdzFeXO7N8U+LhkE DCO3zgQe/vfJdD/j2m6NP+AX2oCxlkpUVgF7J/FOn7+tKE2GjwlG570pxGv3DzK3iqq5 Km+zTg1HnN3QMOcsDJtV3Clc+e6aDjbc3qBZVU7mKOG+SaTuupAK4amfgKTX6cMngi3I dfJu52Hq3nRTiF+sa7ILFztkiLvG06vjPhC0+fpYUkm10pPaFzU2iktNGBnpNshUNwUb /Fmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=dHAWpIGnCCPRkm0+xdsHkCDrLGp504edTAXS9AFqHwQ=; b=G1nZ04E4pwUooKFaBUE8TPGjVUwvIemYCecEPrlwNm+Ga6Wddlzc9XM6kif/2572AV rM7lhfzOP29yPxDX6hfVla3VHWXWnDVG6h4MS8vlpb21aa5CutVBsMP3IKpfQv1SKk97 stMdyBIJxxnrhVnj50MQyrXetbKYWd2/1OfBQ+SzyhvtzO5eGVRiHRPvqbfNi6MX+tJM tcT0qRxth431hhwCQUdQEUNYAAN8FzFYd2qx5kG7KYl0hpseGgUKPwQNgaZV9IRH6MqW xnHPQHGIjqgWJnyabHyTeGrDtpMgX/O9EgdthqPk/0RQ2c4u10IBK8zqNo2rUr4r2VpO lhrA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a5si2716977plh.299.2019.03.06.16.08.52; Wed, 06 Mar 2019 16:09:07 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726242AbfCGAI1 (ORCPT + 99 others); Wed, 6 Mar 2019 19:08:27 -0500 Received: from terminus.zytor.com ([198.137.202.136]:51137 "EHLO mail.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725790AbfCGAI0 (ORCPT ); Wed, 6 Mar 2019 19:08:26 -0500 Received: from hanvin-mobl2.amr.corp.intel.com ([192.55.54.40]) (authenticated bits=0) by mail.zytor.com (8.15.2/8.15.2) with ESMTPSA id x2707HlQ1943640 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Wed, 6 Mar 2019 16:07:18 -0800 Subject: Re: [RFC] Provide in-kernel headers for making it easy to extend the kernel To: Daniel Colascione , Pavel Machek Cc: Joel Fernandes , Greg KH , linux-kernel , Andrew Morton , ast@kernel.org, atish patra , Borislav Petkov , Ingo Molnar , Jan Kara , Jonathan Corbet , Karim Yaghmour , Kees Cook , kernel-team@android.com, "open list:DOCUMENTATION" , Manoj Rao , Masahiro Yamada , Paul McKenney , "Peter Zijlstra (Intel)" , Randy Dunlap , rostedt@goodmis.org, Thomas Gleixner , "maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)" , yhs@fb.com References: <20190118225543.86996-1-joel@joelfernandes.org> <20190119082532.GA9004@kroah.com> <20190119162754.GC231277@google.com> <20190119232503.GA149403@google.com> <78AACAF1-8EBF-4DF3-BE94-5B14E78BA791@zytor.com> <20190120155838.GA23827@google.com> <20190306230944.GB7915@amd> From: "H. Peter Anvin" Message-ID: <754146f0-8b57-8644-81c1-528b5ca7dba1@zytor.com> Date: Wed, 6 Mar 2019 16:07:13 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 3/6/19 3:37 PM, Daniel Colascione wrote: > > I just don't get the opposition to Joel's work. The rest of the thread > already goes into detail about the problems with pure-filesystem > solutions, and you and others are just totally ignoring those > well-thought-out rationales for the module approach and doing > inflooping on "lol just use a tarball". That's not productive. > > Look; here's the bottom line: without this work, doing certain kinds > of system tracing is a nightmare, and with this patch, it Just Works. > You're arguing that various tools should do a better job of keeping > the filesystem in sync with the kernel. Maybe you're right. But we > don't live in a world where they will, because if this coherence were > going to happen, it'd work already. But this work solves the problem: > by necessity, anything that changes a kernel image *must* update > modules coherently, whether the kernel image and module come from the > filesystem, network boot, some kind of SQL database, or carrier > pigeon. There's nothing wrong with work that very cheaply makes the > kernel self-describing (introspection is elegant) and that takes > advantage of *existing* kernel tooling infrastructure to transparently > do a new thing. > > You don't have to use this patch if you don't want to. Please stop > trying to block it. > No, that's not how this works. It is far worse to do something the wrong way than not doing it at all, when it affects the kernel-user space interactions. Experience -- and we have almost 30 years of it -- has shown that hacks of this nature become engrained and all of a sudden is "mandatory". At the *very least* it needs to comply with the zero-one-infinity rule rather than being yet another ad hoc hack. More fundamentally, we already have multiple ways to handle objects that need to go into the filesystem: they can be installed with (or as) modules, they can use the firmware interface, and so on. Saying "it can be a module" is worse than a copout: even if dynamically loaded -- and many setups lock out post-boot module loadings for security reasons -- there is nothing to cause it to unload. The bottom line is that in the end there is no difference between making this an archive of some sort and a module, except that to use the module you need privilege that you otherwise may not need. If your argument is that someone may not be providing the whole set of items provided by "make modules_install", what is there to say that they would include your specific module? Here are some better ways of implementation I can see: 1. Include an archive in "make modules_install". Most trivial; no kernel changes at all. 2. Generalize the initramfs code to be able to create a pre-populated tmpfs at any time, that can be populated from an archive provided by the firmware loading mechanism; like all firmware allows it to either be built in or fetched from the filesystem. This allows it to be built in to the kernel image if that becomes necessary; using tmpfs means that it can be pushed out to swap rather than permanently stored in kernel memory, and this filesystem can be unmounted freeing its memory. 3. Use a squashfs image instead of an archive. -hpa