LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Re: [patch 4/4] Markers Support for Proprierary Modules

[Posted March 24, 2008 by corbet]

From:  Ingo Molnar <mingo-AT-elte.hu>
To:  "Frank Ch. Eigler" <fche-AT-redhat.com>
Subject:  Re: [patch 4/4] Markers Support for Proprierary Modules
Date:  Thu, 20 Mar 2008 23:05:40 +0100
Message-ID:  <20080320220540.GA29012@elte.hu>
Cc:  Mathieu Desnoyers <mathieu.desnoyers-AT-polymtl.ca>, akpm-AT-linux-foundation.org, linux-kernel-AT-vger.kernel.org, Jon Masters <jcm-AT-jonmasters.org>, Jon Masters <jcm-AT-redhat.com>, Rusty Russell <rusty-AT-rustcorp.com.au>, Christoph Hellwig <hch-AT-infradead.org>, Linus Torvalds <torvalds-AT-linux-foundation.org>
Archive-link:  Article, Thread 


* Frank Ch. Eigler <fche@redhat.com> wrote:

> Ingo Molnar <mingo@elte.hu> writes:
> 
> >> There seems to be good arguments for markers to support proprierary 
> >> modules. So I am throwing this one-liner in and let's see how people 
> >> react. [...]
> >
> > ugh, this is unbelievably stupid move technically - so a very strong 
> > NACK. Allowing marker use in unfixable modules (today it's placing 
> > markers into unfixable modules, 
> 
> As the thread suggested, this can benefit us more than it benefits
> them, because it may let us see more into the blobs.
> 
> > tomorrow it's marker use by such modules) has only one clear and 
> > predictable effect: it turns marker calls into essential ABIs [...]
> 
> The marker_probe_*register calls are already EXPORT_SYMBOL_GPL'd, so 
> that covers your "tomorrow" case.  NACK that all you like when/if 
> someone proposes changing that.

i very much know that they are exported that way. It's the concept i'm 
against - dont we have 9 million lines of proper kernel source code to 
worry about? Why are we even arguing about this? Binary modules should 
be as isolated as possible - it's a totally untrusted entity and history 
has shown it again and again that the less infrastructure coupling we 
have to them, the better.

> > [if the proprietary modules attach to kernel markers ...] then all 
> > the pressure is on those who _can_ fix their code - meaning the 
> > kernel subsystem maintainers that use [you mean: define] markers.
> 
> (In a way, it would be a nice problem to have.  At this moment, there 
> are still no markers actually committed within -mm nor -linus.)

... which makes it doubly problematic to expose them to binary-only 
modules in any way, shape or form. Really, once _any_ kernel facility is 
used by such a module, it's pain for us to change it from that point on. 
Once markers are a 10 year concept that nobody in their right mind would 
want to change, sure, we dont _care_ about whether it's export or not, 
and basic courtesy might say that it's OK to do it. But to proactively 
export any aspect of a half-done piece of infrastructure is crazy.

	Ingo
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds