Received: by 2002:a05:7412:e794:b0:fa:551:50a7 with SMTP id o20csp2464095rdd; Fri, 12 Jan 2024 10:07:20 -0800 (PST) X-Google-Smtp-Source: AGHT+IHyr9l/SKwuSlonMZNZSN5MxTVRnUxTpB8HBX2cg/roXg/nFzLuhMB9OLKbUAOfV2JbXkqy X-Received: by 2002:a05:6902:2687:b0:dbe:d09c:c333 with SMTP id dx7-20020a056902268700b00dbed09cc333mr1204669ybb.47.1705082839803; Fri, 12 Jan 2024 10:07:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1705082839; cv=none; d=google.com; s=arc-20160816; b=mR1bap5iIBIBpRAxDLN1q8xaFm0D3V/vR20r9BAwNGAbyG4dxidaj3HkUWt4HrJ+NK Q+/w4tvbFJv9afBs2dLWqHGkrmdA+Lthn9wtxQLgB9DAYIuSpnVAdnJzyBmAmysnHdfn IqAo97xmbjgT39eAmnAxqOum58eeARlMVUcG9IFufYVDXS+iVKxOQ0wOJ4NWgKZs7URh 2ClZh29NbADlqt2pBsLHh5tZLqt1oFTlJg123PNSQ7Mrc9NIOSC5RBXG8peYdWvjD0wl OaQVgUNZz3Aagh30po2MV/4jXPh2f1z9o0+uWpBO6N2ImdIDaJq9ceftQVNfciv04KsX 2A4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature:dkim-signature; bh=ie5t95U12SvIYn0Ymuu06e9r7g/gfEKTgTlhyAcyn3A=; fh=a4IwiDc1rQTJUNsQPpfsZCkn5Tpe7qIl8+Qi0hPvcJM=; b=tBRbmHDtkzdmu8KXsEMKl4mPR3iHJ5JfY4Iooaa7S0HAYC0t5BRxBDyuqcwgy593Mu EVvrgLFzSVpAKwfumvnqDrE3a72MeZjypz5Lbq7RDCU2cimnAufRzwAYALrRsHwKg7BX H53A6YFx/DUVoWkEFRQ8t8/fiahlBDzIJr9BNxQ3ag0BFJJm/OAt7qir0xci38fbrNRf 1WkptC4iGNDT6DkWYVPGbH7Aw6MMesZMdcMUBnqttfRac6ojLXTRGgfrBsqCCYibmHEa fsuugRKmETCgJzfUd4j5QxwVIXwpbWEcKubxSGVXfnbuM3vSU9D78XqLBA64kYNnQd6S X7rw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=WdbASQOM; dkim=pass header.i=@suse.com header.s=susede1 header.b=WdbASQOM; spf=pass (google.com: domain of linux-kernel+bounces-24950-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-24950-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id v9-20020a05610205c900b0046805f12767si682270vsf.328.2024.01.12.10.07.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 12 Jan 2024 10:07:19 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-24950-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=WdbASQOM; dkim=pass header.i=@suse.com header.s=susede1 header.b=WdbASQOM; spf=pass (google.com: domain of linux-kernel+bounces-24950-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-24950-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 7AD251C219B6 for ; Fri, 12 Jan 2024 18:07:19 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id C06D51AAD4; Fri, 12 Jan 2024 18:06:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com header.b="WdbASQOM"; dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com header.b="WdbASQOM" Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D9DBB17C8D; Fri, 12 Jan 2024 18:06:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.com Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 965851FCE7; Fri, 12 Jan 2024 18:06:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1705082808; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ie5t95U12SvIYn0Ymuu06e9r7g/gfEKTgTlhyAcyn3A=; b=WdbASQOMV6ypKNMmu9yy8GpUXIQxCUqArJ9rAnhWYDvRkHUHx+SW7F1Wzb2i9IQgkaM+e4 hWv0wKda6uP5L9kMdoE2RnI8TJRzMrfZpHXaeoewWsBegZVrMN0X77z4mYyzdhHAiMAveL PRfeZP6wdg2ZTu0ngKZKAZiqWuNYSPc= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1705082808; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ie5t95U12SvIYn0Ymuu06e9r7g/gfEKTgTlhyAcyn3A=; b=WdbASQOMV6ypKNMmu9yy8GpUXIQxCUqArJ9rAnhWYDvRkHUHx+SW7F1Wzb2i9IQgkaM+e4 hWv0wKda6uP5L9kMdoE2RnI8TJRzMrfZpHXaeoewWsBegZVrMN0X77z4mYyzdhHAiMAveL PRfeZP6wdg2ZTu0ngKZKAZiqWuNYSPc= Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 16F95136A4; Fri, 12 Jan 2024 18:06:48 +0000 (UTC) Received: from dovecot-director2.suse.de ([10.150.64.162]) by imap1.dmz-prg2.suse.org with ESMTPSA id rUi1BLh/oWXLQwAAD6G6ig (envelope-from ); Fri, 12 Jan 2024 18:06:48 +0000 From: =?UTF-8?q?Michal=20Koutn=C3=BD?= To: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org, cake@lists.bufferbloat.net Cc: "David S . Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Jamal Hadi Salim , Cong Wang , Jiri Pirko , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , =?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?= , Vinicius Costa Gomes , Stephen Hemminger , Petr Pavlu , Michal Kubecek , Martin Wilck Subject: [PATCH v3 0/4] net/sched: Load modules via alias Date: Fri, 12 Jan 2024 19:06:42 +0100 Message-ID: <20240112180646.13232-1-mkoutny@suse.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Authentication-Results: smtp-out2.suse.de; none X-Spam-Level: ****** X-Spam-Score: 6.30 X-Spamd-Result: default: False [6.30 / 50.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; BAYES_SPAM(5.10)[100.00%]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; FREEMAIL_ENVRCPT(0.00)[gmail.com]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain]; NEURAL_HAM_LONG(-1.00)[-1.000]; R_RATELIMIT(0.00)[to_ip_from(RL63s8thh5w8zyxj4waeg9pq8e)]; RCVD_COUNT_THREE(0.00)[3]; DKIM_SIGNED(0.00)[suse.com:s=susede1]; NEURAL_HAM_SHORT(-0.20)[-1.000]; RCPT_COUNT_TWELVE(0.00)[28]; MID_CONTAINS_FROM(1.00)[]; FUZZY_BLOCKED(0.00)[rspamd.com]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_CC(0.00)[davemloft.net,google.com,kernel.org,redhat.com,mojatatu.com,gmail.com,resnulli.us,iogearbox.net,linux.dev,toke.dk,intel.com,networkplumber.org,suse.cz,suse.com]; RCVD_TLS_ALL(0.00)[]; SUSPICIOUS_RECIPS(1.50)[] X-Spam-Flag: NO These modules may be loaded lazily without user's awareness and control. Add respective aliases to modules and request them under these aliases so that modprobe's blacklisting mechanism (through aliases) works for them. (The same pattern exists e.g. for filesystem modules.) For example (before the change): $ tc filter add dev lo parent 1: protocol ip prio 1 handle 10 tcindex ... # cls_tcindex module is loaded despite a `blacklist cls_tcindex` entry # in /etc/modprobe.d/*.conf After the change: $ tc filter add dev lo parent 1: protocol ip prio 1 handle 10 tcindex ... Unknown filter "tcindex", hence option "..." is unparsable # explicit/acknowledged (privileged) action is needed $ modprobe cls_tcindex # blacklist entry won't apply to this direct modprobe, module is # loaded with awareness A considered alternative was invoking `modprobe -b` always from request_module(), however, dismissed as too intrusive and slightly confusing in favor of the precedented aliases (the commit 7f78e0351394 ("fs: Limit sys_mount to only request filesystem modules."). User experience suffers in both alternatives. It's improvement is orthogonal to blacklist honoring. Changes from v1 (https://lore.kernel.org/r/20231121175640.9981-1-mkoutny@suse.com) - Treat sch_ and act_ modules analogously to cls_ Changes from v2 (https://lore.kernel.org/r/20231206192752.18989-1-mkoutny@suse.com) - reorganized commits (one generated commit + manual pre-/post- work) - used alias names more fitting the existing net- aliases - more info in commit messages and cover letter - rebased on current master Michal Koutný (4): net/sched: Add helper macros with module names net/sched: Add module aliases for cls_,sch_,act_ modules net/sched: Load modules via their alias net/sched: Remove aliases of act_xt and sch_clsact include/net/act_api.h | 1 + include/net/pkt_cls.h | 1 + include/net/pkt_sched.h | 1 + net/sched/act_api.c | 2 +- net/sched/act_bpf.c | 1 + net/sched/act_connmark.c | 1 + net/sched/act_csum.c | 1 + net/sched/act_ct.c | 1 + net/sched/act_ctinfo.c | 1 + net/sched/act_gact.c | 1 + net/sched/act_gate.c | 1 + net/sched/act_ife.c | 1 + net/sched/act_ipt.c | 3 ++- net/sched/act_mirred.c | 1 + net/sched/act_mpls.c | 1 + net/sched/act_nat.c | 1 + net/sched/act_pedit.c | 1 + net/sched/act_police.c | 1 + net/sched/act_sample.c | 1 + net/sched/act_simple.c | 1 + net/sched/act_skbedit.c | 1 + net/sched/act_skbmod.c | 1 + net/sched/act_tunnel_key.c | 1 + net/sched/act_vlan.c | 1 + net/sched/cls_api.c | 2 +- net/sched/cls_basic.c | 1 + net/sched/cls_bpf.c | 1 + net/sched/cls_cgroup.c | 1 + net/sched/cls_flow.c | 1 + net/sched/cls_flower.c | 1 + net/sched/cls_fw.c | 1 + net/sched/cls_matchall.c | 1 + net/sched/cls_route.c | 1 + net/sched/cls_u32.c | 1 + net/sched/sch_api.c | 2 +- net/sched/sch_cake.c | 1 + net/sched/sch_cbs.c | 1 + net/sched/sch_choke.c | 1 + net/sched/sch_codel.c | 1 + net/sched/sch_drr.c | 1 + net/sched/sch_etf.c | 1 + net/sched/sch_ets.c | 1 + net/sched/sch_fq.c | 1 + net/sched/sch_fq_codel.c | 1 + net/sched/sch_gred.c | 1 + net/sched/sch_hfsc.c | 1 + net/sched/sch_hhf.c | 1 + net/sched/sch_htb.c | 1 + net/sched/sch_ingress.c | 3 ++- net/sched/sch_mqprio.c | 1 + net/sched/sch_multiq.c | 1 + net/sched/sch_netem.c | 1 + net/sched/sch_pie.c | 1 + net/sched/sch_plug.c | 1 + net/sched/sch_prio.c | 1 + net/sched/sch_qfq.c | 1 + net/sched/sch_red.c | 1 + net/sched/sch_sfb.c | 1 + net/sched/sch_sfq.c | 1 + net/sched/sch_skbprio.c | 1 + net/sched/sch_taprio.c | 1 + net/sched/sch_tbf.c | 1 + 62 files changed, 64 insertions(+), 5 deletions(-) -- 2.43.0