Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp941712ybe; Thu, 5 Sep 2019 08:08:13 -0700 (PDT) X-Google-Smtp-Source: APXvYqzfc1TtC9AFskulXjGz2FX+vRL8k5EzQfTKNTSpZs4dH925n4T39Vk5QZrMiI2w78vwypQC X-Received: by 2002:a62:524a:: with SMTP id g71mr4374040pfb.154.1567696093299; Thu, 05 Sep 2019 08:08:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1567696093; cv=none; d=google.com; s=arc-20160816; b=laNqsMe+ZXRUHq5snX+b85q3qsOYhl/ZzUoB5Jdljr3ytu2atbFBi4iE9yHzRWTou1 oMcavVXoiyC/P9HKd4nle3SUNadAYeOZLYZq4k1SZ0ClQMKMyiaI4N8L6hj9hzlK5CLE rr+TgDIhrE+riVy5WHwR7gp2lvoKY10zw2Gk6ktfnXDrQUipqRVK8A8qG8cC4TBVer77 x/3b5wrXxaLw6HmjrQIge/2gMr2OUGLKeH7i5FyoimlVEHcib7jxj6ofWMP++0ZDtIMK y9cshHAWx4y0owpK5r7GPrHgdmbWFqABOgjokUG2YxAyg+IzYUtrOLeP7WX+kfsxj+Mj EK2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=eSSehVjGWa5LE0/gH3icTwBJRpC+AS+nnud+/72hXME=; b=qyKVBHouW05WpwQUpVvz3mauoYal9EVguXyu++EfZIIcaeXM1iwv3e3WzmF+c76YsO G9/PCNryKd7v2iSaWZWd5h4k+Cg23354w5xKrME3BRVNFCPp0bWf1weAcKO3XM8KWi1G ImZ7ph34bZ4T6VmcKXN724NqtCQrCqVCpr/Kx4iXg3ASwkpA51dpbmaGlW8m0TR4/mnq qOMEsf30+4fjj4auufgcWAQvw7S9LStkhXLb03J61nCAWjIlYkgy9pfpnDe5tpgNTuev O7N8xEynBhb5dizTFDDYlpv09jJId57/zJN2i6zVjgjWL3bA03oiWXk23nClCaGeeOGO kKag== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=Mt+7+hRD; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i5si2314802pfr.263.2019.09.05.08.07.56; Thu, 05 Sep 2019 08:08:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=Mt+7+hRD; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388387AbfIELZt (ORCPT + 99 others); Thu, 5 Sep 2019 07:25:49 -0400 Received: from mail-wr1-f65.google.com ([209.85.221.65]:40823 "EHLO mail-wr1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388377AbfIELZs (ORCPT ); Thu, 5 Sep 2019 07:25:48 -0400 Received: by mail-wr1-f65.google.com with SMTP id w13so2314755wru.7 for ; Thu, 05 Sep 2019 04:25:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=eSSehVjGWa5LE0/gH3icTwBJRpC+AS+nnud+/72hXME=; b=Mt+7+hRDjQpIIeJgMoGnabQHJimWM0kgJ2UdEMA4e/koR8gzYQ1321o30N4BZocB2u /qPsUN06ep9Ol+mmRjACdrinITrJu1c9O4N3xnvY5dqYqZ+/ItmVEl2A/ZYZrOg5W0oX d7PWqHT4dqRUH6829VDN0TFRWP1t1mvuuMzlSP+Tki8dp5s7y99j397jmCxbbgGWrbln y/8uvI+kalF1Wrvu+ca8Do/eDHZ/0edCauMNiGxvt5we7BPMssy+foqfahPlM0xsLnrz SkWQLtSRXNWpZA/0iWLZbGPpULHsaKv9wnWz3rTo1RkEttQopkNbw9P2GXMkDn5AWHGB KxTg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=eSSehVjGWa5LE0/gH3icTwBJRpC+AS+nnud+/72hXME=; b=XQGjU3e6Mv09gP09m/GzNJaJY8KveH5RgdsOfrA7aAgl/9rHZRaNOMjevSBm4ob9Zo +tmIH3inTq2KAAztdRS/cuKt10Q3hl9KNDSw/dgJ3ER7x3OcQ5EUVSVXfn787V4E8dnv O7HpXOyKYuye9Z25gqBstmxlJ5Kz0DPzKVxa28g098Mg+VdtzFGH82CAC3F5ez/YtwI0 NdDH58Jvyl14oIG+51rxRD3mNwEz1lCTu/nyzAMrhLAzsw5++OHUMUgNnSDkRgBYmGeC fp0BGOOW4J10DJYcvs8GzOkHtuRyX88XmU3Hq2nRHHjRgsrkBCZN0GPGbfxKJwAcXz9T 81tA== X-Gm-Message-State: APjAAAU9aIUDoyptqqKldU8t1YpkeYhAn1ldvXS1i/ll5jCPr9rGVnZT xmBC7iFRHm8DELmZE+WPKGkGbg== X-Received: by 2002:a5d:6211:: with SMTP id y17mr45427wru.35.1567682745012; Thu, 05 Sep 2019 04:25:45 -0700 (PDT) Received: from google.com ([2a00:79e0:d:210:e8f7:125b:61e9:733d]) by smtp.gmail.com with ESMTPSA id f3sm2347171wmh.9.2019.09.05.04.25.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 05 Sep 2019 04:25:44 -0700 (PDT) Date: Thu, 5 Sep 2019 12:25:41 +0100 From: Matthias Maennich To: Jessica Yu Cc: Matthew Dharm , Guenter Roeck , Masahiro Yamada , Linux Kernel Mailing List , Android Kernel Team , Arnd Bergmann , Greg Kroah-Hartman , "Joel Fernandes (Google)" , Lucas De Marchi , maco@android.com, sspatil@google.com, Will Deacon , Linux Kbuild mailing list , linux-modules@vger.kernel.org, linux-usb , USB Mass Storage on Linux , linux-watchdog@vger.kernel.org Subject: Re: [usb-storage] Re: [PATCH v4 12/12] RFC: watchdog: export core symbols in WATCHDOG_CORE namespace Message-ID: <20190905112541.GA227928@google.com> References: <20180716122125.175792-1-maco@android.com> <20190903150638.242049-1-maennich@google.com> <20190903150638.242049-13-maennich@google.com> <20190903161045.GA22754@roeck-us.net> <20190905104147.GA27788@linux-8ccs> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <20190905104147.GA27788@linux-8ccs> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Sep 05, 2019 at 12:41:47PM +0200, Jessica Yu wrote: >+++ Matthew Dharm [04/09/19 09:16 -0700]: >>On Wed, Sep 4, 2019 at 5:12 AM Guenter Roeck wrote: >>> >>>Note that I don't object to the patch set in general. There may be symbols >>>which only need be exported in the context of a single subsystem or even >>>driver (if a driver consists of more than one module). For example, a mfd >>>driver may export symbols which should only be called by its client drivers. >>>In such a situation, it may well be beneficial to limit the use of exported >>>symbols. >> >>I can appreciate this benefit. >> >>>I am not sure what good that does in practice (if I understand correctly, >>>a driver only has to declare that it wants to use a restricted use symbol >>>if it wants to use it), but that is a different question. >> >>I think this question implies that you are coming from the perspective >>of "security" or wanting to restrict access to the underlying >>functions, rather than wanting to clean-up the way symbols are handled >>for manageability / maintainability purposes (which is the goal, as I >>understand it). The goal of this patch set is to introduce structure into the exported surface that goes beyond naming conventions like 'usb_*'. So, it is rather about maintainability then security. In particular, creating the visibility of which parts of the kernel use which other parts, might help to find cases where suboptimal choices were made. Maybe already during development/review. As Guenter correctly noted, a module is able to declare that it wants to use a namespace. One idea that came up earlier was to maybe restrict the namespaces that can actually be imported by modules. But I would see anything in that direction as beyond the scope of this series. A nice side effect of having to declare the usage is that it shows up in modinfo and module users can reason about how the module interacts with the rest of the kernel. >>HOWEVER, I have one question: If these patches are included, and >>someone wants to introduce a bit of code which needs to use two >>symbols from different namespaces but with the same name, can that be >>done? That is, if driver A has symbol 'foo' and driver B has symbol >>'foo' (both in their respective namespaces), and driver C wants to use >>A.foo and B.foo, can that be supported? > >As of now, we currently don't support this - modpost will warn if a >symbol is exported more than once (across modules + vmlinux), and the >module loader currently assumes exported symbol names are unique. Do >you have a concrete use case? If there is a strong need for this, I >don't think it'd be too hard to implement. The implementation does not change the fact that symbol names need to be unique. As Arnd just mentioned in the other thread: the linker will already fail if two builtin symbols use the same name. It is rather a tag attached to the symbol. Cheers, Matthias