LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Serve your customers, not your servers, with VERIO Linux VPS. Full-access test-drive here.

Recent Features

LWN.net Weekly Edition for May 15, 2008

Distributed bug tracking

A Talk with Fedora Project Leader Paul Frields

LWN.net Weekly Edition for May 8, 2008

Blizzard tests the reach of copyright law

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Re: [patch 4/4] Markers Support for Proprierary Modules

[Posted March 24, 2008 by corbet]

From:  Ingo Molnar <mingo-AT-elte.hu>
To:  "Frank Ch. Eigler" <fche-AT-redhat.com>
Subject:  Re: [patch 4/4] Markers Support for Proprierary Modules
Date:  Thu, 20 Mar 2008 23:05:40 +0100
Message-ID:  <20080320220540.GA29012@elte.hu>
Cc:  Mathieu Desnoyers <mathieu.desnoyers-AT-polymtl.ca>, akpm-AT-linux-foundation.org, linux-kernel-AT-vger.kernel.org, Jon Masters <jcm-AT-jonmasters.org>, Jon Masters <jcm-AT-redhat.com>, Rusty Russell <rusty-AT-rustcorp.com.au>, Christoph Hellwig <hch-AT-infradead.org>, Linus Torvalds <torvalds-AT-linux-foundation.org>
Archive-link:  Article, Thread 


* Frank Ch. Eigler <fche@redhat.com> wrote:

> Ingo Molnar <mingo@elte.hu> writes:
> 
> >> There seems to be good arguments for markers to support proprierary 
> >> modules. So I am throwing this one-liner in and let's see how people 
> >> react. [...]
> >
> > ugh, this is unbelievably stupid move technically - so a very strong 
> > NACK. Allowing marker use in unfixable modules (today it's placing 
> > markers into unfixable modules, 
> 
> As the thread suggested, this can benefit us more than it benefits
> them, because it may let us see more into the blobs.
> 
> > tomorrow it's marker use by such modules) has only one clear and 
> > predictable effect: it turns marker calls into essential ABIs [...]
> 
> The marker_probe_*register calls are already EXPORT_SYMBOL_GPL'd, so 
> that covers your "tomorrow" case.  NACK that all you like when/if 
> someone proposes changing that.

i very much know that they are exported that way. It's the concept i'm 
against - dont we have 9 million lines of proper kernel source code to 
worry about? Why are we even arguing about this? Binary modules should 
be as isolated as possible - it's a totally untrusted entity and history 
has shown it again and again that the less infrastructure coupling we 
have to them, the better.

> > [if the proprietary modules attach to kernel markers ...] then all 
> > the pressure is on those who _can_ fix their code - meaning the 
> > kernel subsystem maintainers that use [you mean: define] markers.
> 
> (In a way, it would be a nice problem to have.  At this moment, there 
> are still no markers actually committed within -mm nor -linus.)

... which makes it doubly problematic to expose them to binary-only 
modules in any way, shape or form. Really, once _any_ kernel facility is 
used by such a module, it's pain for us to change it from that point on. 
Once markers are a 10 year concept that nobody in their right mind would 
want to change, sure, we dont _care_ about whether it's export or not, 
and basic courtesy might say that it's OK to do it. But to proactively 
export any aspect of a half-done piece of infrastructure is crazy.

	Ingo
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.