From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alexei Starovoitov Subject: Re: [PATCH net-next] modules: allow modprobe load regular elf binaries Date: Thu, 8 Mar 2018 17:20:48 -0800 Message-ID: <20180309012046.6kcivmzzkap3a4xc@ast-mbp> References: <20180306013457.1955486-1-ast@kernel.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org To: Andy Lutomirski Cc: Kees Cook , Alexei Starovoitov , Djalal Harouni , Al Viro , "David S. Miller" , Daniel Borkmann , Linus Torvalds , Greg KH , "Luis R. Rodriguez" , Network Development , LKML , kernel-team@fb.com, Linux API List-Id: linux-api@vger.kernel.org On Fri, Mar 09, 2018 at 12:59:36AM +0000, Andy Lutomirski wrote: > > Alexei, can you give an example use case? I'm sure it's upthread > somewhere, but I'm having trouble finding it. at the time of iptable's setsockopt() the kernel will do err = request_module("bpfilter"); once. The rough POC code: https://git.kernel.org/pub/scm/linux/kernel/git/ast/bpf.git/tree/net/ipv4/bpfilter/sockopt.c?h=ipt_bpf#n25 > Also, I just tested this concept a bit. Depmod invoked explicitly on > an ET_EXEC with a.ko extension gets mad, but depmod -a on a kernel > that has a "module" like that seems to work fine. Go figure. right. that's with the current patch. In v2 I require .modinfo section to make sure license is specified, but depmod still not very happy: $ depmod /lib/modules/`uname -r`/kernel/net/bpfilter/bpfilter.ko depmod: ERROR: Bad version passed /lib/modules/4.16.0-rc4-00799-g1716f0aa3039-dirty/kernel/net/bpfilter/bpfilter.ko I'm not sure it's worth to silence it, since as you noticed 'depmod -a' works.