From: Alexei Starovoitov <alexei.starovoitov@gmail.com>
To: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Kees Cook <keescook@chromium.org>,
Andrew Morton <akpm@linux-foundation.org>,
Alexei Starovoitov <ast@kernel.org>,
David Miller <davem@davemloft.net>,
Al Viro <viro@zeniv.linux.org.uk>, bpf <bpf@vger.kernel.org>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Jakub Kicinski <kuba@kernel.org>,
Masahiro Yamada <yamada.masahiro@socionext.com>,
Gary Lin <GLin@suse.com>, Bruno Meneguele <bmeneg@redhat.com>
Subject: Re: [RFC][PATCH] net/bpfilter: Remove this broken and apparently unmantained
Date: Tue, 9 Jun 2020 17:05:46 -0700
Message-ID: <20200610000546.4hh4n53vaxc4hypi@ast-mbp.dhcp.thefacebook.com> (raw)
In-Reply-To: <6a8b284f-461e-11b5-9985-6dc70012f774@i-love.sakura.ne.jp>
On Wed, Jun 10, 2020 at 08:30:31AM +0900, Tetsuo Handa wrote:
> On 2020/06/10 7:32, Alexei Starovoitov wrote:
> >> You can't start a usermode helper which requires access to filesystems (e.g. ELF loaders,
> >> shared libraries) before call_usermodehelper() can start a usermode helper which requires
> >> access to filesystems. Under such a restricted condition, what is nice with starting a
> >> usermode helper? Programs which can be started under such condition will be quite limited.
> >> My question is: why you can't use existing call_usermodehelper() (if you need to call
> >> a usermode helper) ?
> >
> > I think the confusion comes from assumption that usermode blob is a dynamic file that
> > needs ld.so, shared libs and rootfs.
>
> Yes, I assume that usermode blob needs to be able to access the rootfs.
>
> > This mode is supported by the blob loading
> > logic, but it's not a primary use case. It's nice to be able to compile
> > that blob with -g and be able to 'gdb -p' into it.
>
> Where can the gdb come from when the rootfs is not accessible?
>
> > That works and very
> > convenient when it comes to debugging. Compare that to debugging a kernel module!
>
> Userspace is convenient for debugging, at the cost of robustness (e.g. being killed
> by SIGKILL).
>
> >
> > The main mode of bpfilter operation was envisioned as rootfs-less.
> > It must work with any init= including busybox. For production the bpfilter
> > user mode blob was compiled as static binary with no dependencies.
>
> I still can't imagine. Compiling a user mode blob as a static binary is possible.
> But what does 'It must work with any init=' mean? The use of init= depends on
> the rootfs being ready.
>
> > So there is no path to point to. It should be ready before pid 1
> > will do its first iptables sys_setsockopt.
>
> There has to be at least the root directory in order to use init= parameter.
I think you're still missing that usermode_blob is completely fs-less.
It doesn't need any fs to work.
>
> What does the "pid 1" mean? Why you can't specify your "user mode blob" using init=
> parameter and then transfer the control of "pid 1" from your "user mode blob" to
> "some program which will do its first iptables sys_setsockopt()" ?
because init= is user cmdline and usermode_blob() is used by the kernel feature.
they are independent.
> > If user reboots the kernel
> > with different init= cmdline the bpfilter should still be doing its job.
> > Like builtin kernel module.
>
> Even when rebooting the kernel with different init= cmdline, you have a space for
> running your "user mode blob" (e.g.
>
> init=/path/to/your/user/mode/blob init_after_blob=/path/to/some/program/which/will/do/something/else
>
> ), don't you?
>
> There is no need to use call_usermodehelper(), let alone fork_usermode_blob()...
Using the same argument there is no need for kernel modules and certainly
no need for builtin kernel modules. That back and forth is not going anywhere.
Let's table it.
next prev parent reply index
Thread overview: 193+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20200329005528.xeKtdz2A0%akpm@linux-foundation.org>
[not found] ` <13fb3ab7-9ab1-b25f-52f2-40a6ca5655e1@i-love.sakura.ne.jp>
[not found] ` <202006051903.C44988B@keescook>
2020-06-06 19:20 ` Eric W. Biederman
2020-06-06 20:19 ` Alexei Starovoitov
2020-06-06 22:33 ` Linus Torvalds
2020-06-07 1:49 ` Alexei Starovoitov
2020-06-07 2:19 ` Linus Torvalds
2020-06-07 16:09 ` Eric W. Biederman
2020-06-08 16:20 ` Alexei Starovoitov
2020-06-08 16:40 ` Greg KH
2020-06-08 18:35 ` Kees Cook
2020-06-09 1:26 ` Alexei Starovoitov
2020-06-09 15:37 ` Kees Cook
2020-06-09 19:51 ` Eric W. Biederman
2020-06-07 2:31 ` Tetsuo Handa
2020-06-08 16:23 ` Alexei Starovoitov
2020-06-08 23:22 ` Tetsuo Handa
2020-06-09 1:28 ` Alexei Starovoitov
2020-06-09 5:29 ` Tetsuo Handa
2020-06-09 22:32 ` Alexei Starovoitov
2020-06-09 23:30 ` Tetsuo Handa
2020-06-10 0:05 ` Alexei Starovoitov [this message]
2020-06-10 3:08 ` Tetsuo Handa
2020-06-10 3:32 ` Alexei Starovoitov
2020-06-10 7:30 ` Tetsuo Handa
2020-06-10 16:24 ` Casey Schaufler
2020-06-09 20:02 ` Eric W. Biederman
2020-06-09 23:56 ` Alexei Starovoitov
2020-06-10 21:12 ` Eric W. Biederman
2020-06-11 23:31 ` Alexei Starovoitov
2020-06-12 0:57 ` Tetsuo Handa
2020-06-13 3:38 ` Alexei Starovoitov
2020-06-13 4:22 ` Tetsuo Handa
2020-06-13 14:08 ` Eric W. Biederman
2020-06-13 15:33 ` Alexei Starovoitov
2020-06-13 16:14 ` Alexei Starovoitov
2020-06-14 14:51 ` Eric W. Biederman
2020-06-16 1:55 ` Alexei Starovoitov
2020-06-16 16:21 ` Alexei Starovoitov
2020-06-23 18:04 ` Eric W. Biederman
2020-06-23 18:35 ` Alexei Starovoitov
2020-06-23 18:53 ` Eric W. Biederman
2020-06-23 19:40 ` Alexei Starovoitov
2020-06-24 1:51 ` Tetsuo Handa
2020-06-24 4:00 ` Alexei Starovoitov
2020-06-24 4:58 ` Tetsuo Handa
2020-06-24 6:39 ` Alexei Starovoitov
2020-06-24 7:05 ` Tetsuo Handa
2020-06-24 15:41 ` Casey Schaufler
2020-06-24 17:54 ` Alexei Starovoitov
2020-06-24 19:48 ` Casey Schaufler
2020-06-24 6:05 ` Alexei Starovoitov
2020-06-24 14:18 ` Alexei Starovoitov
2020-06-24 12:13 ` Eric W. Biederman
2020-06-24 14:26 ` Alexei Starovoitov
2020-06-24 23:14 ` Tetsuo Handa
2020-06-25 1:35 ` Alexei Starovoitov
2020-06-25 6:38 ` Tetsuo Handa
2020-06-25 9:57 ` Greg KH
2020-06-25 11:03 ` Tetsuo Handa
2020-06-25 12:07 ` Greg KH
2020-06-25 14:21 ` Tetsuo Handa
2020-06-25 19:34 ` David Miller
2020-06-26 1:36 ` Linus Torvalds
2020-06-26 1:51 ` Alexei Starovoitov
2020-06-26 4:58 ` Tetsuo Handa
2020-06-26 5:41 ` Alexei Starovoitov
2020-06-26 6:20 ` Tetsuo Handa
2020-06-26 6:39 ` Alexei Starovoitov
2020-06-26 12:51 ` [PATCH 00/14] Make the user mode driver code a better citizen Eric W. Biederman
2020-06-26 12:53 ` [PATCH 01/14] umh: Capture the pid in umh_pipe_setup Eric W. Biederman
2020-06-26 12:53 ` [PATCH 02/14] umh: Move setting PF_UMH into umh_pipe_setup Eric W. Biederman
2020-06-26 12:54 ` [PATCH 03/14] umh: Rename the user mode driver helpers for clarity Eric W. Biederman
2020-06-26 12:54 ` [PATCH 04/14] umh: Remove call_usermodehelper_setup_file Eric W. Biederman
2020-06-26 12:55 ` [PATCH 05/14] umh: Separate the user mode driver and the user mode helper support Eric W. Biederman
2020-06-26 16:22 ` Tetsuo Handa
2020-06-26 16:45 ` Eric W. Biederman
2020-06-27 1:26 ` Tetsuo Handa
2020-06-27 4:21 ` Eric W. Biederman
2020-06-27 4:36 ` Tetsuo Handa
2020-06-26 12:55 ` [PATCH 06/14] umd: For clarity rename umh_info umd_info Eric W. Biederman
2020-06-26 15:37 ` Kees Cook
2020-06-26 16:31 ` Eric W. Biederman
2020-06-26 12:56 ` [PATCH 07/14] umd: Rename umd_info.cmdline umd_info.driver_name Eric W. Biederman
2020-06-26 12:56 ` [PATCH 08/14] umd: Transform fork_usermode_blob into fork_usermode_driver Eric W. Biederman
2020-06-26 12:57 ` [PATCH 09/14] umh: Stop calling do_execve_file Eric W. Biederman
2020-06-26 12:57 ` [PATCH 10/14] exec: Remove do_execve_file Eric W. Biederman
2020-06-26 12:58 ` [PATCH 11/14] bpfilter: Move bpfilter_umh back into init data Eric W. Biederman
2020-06-26 12:58 ` [PATCH 12/14] umd: Track user space drivers with struct pid Eric W. Biederman
2020-06-26 12:59 ` [PATCH 13/14] bpfilter: Take advantage of the facilities of " Eric W. Biederman
2020-06-26 12:59 ` [PATCH 14/14] umd: Remove exit_umh Eric W. Biederman
2020-06-26 13:48 ` [PATCH 00/14] Make the user mode driver code a better citizen Eric W. Biederman
2020-06-29 19:55 ` [PATCH v2 00/15] " Eric W. Biederman
2020-06-29 19:56 ` [PATCH v2 01/15] umh: Capture the pid in umh_pipe_setup Eric W. Biederman
2020-06-29 19:57 ` [PATCH v2 02/15] umh: Move setting PF_UMH into umh_pipe_setup Eric W. Biederman
2020-06-29 19:57 ` [PATCH v2 03/15] umh: Rename the user mode driver helpers for clarity Eric W. Biederman
2020-06-29 19:59 ` [PATCH v2 04/15] umh: Remove call_usermodehelper_setup_file Eric W. Biederman
2020-06-29 20:00 ` [PATCH v2 05/15] umh: Separate the user mode driver and the user mode helper support Eric W. Biederman
2020-06-30 16:58 ` Linus Torvalds
2020-07-01 17:18 ` Eric W. Biederman
2020-07-01 17:42 ` Alexei Starovoitov
2020-06-29 20:01 ` [PATCH v2 06/15] umd: For clarity rename umh_info umd_info Eric W. Biederman
2020-06-29 20:02 ` [PATCH v2 07/15] umd: Rename umd_info.cmdline umd_info.driver_name Eric W. Biederman
2020-06-29 20:03 ` [PATCH v2 08/15] umd: Transform fork_usermode_blob into fork_usermode_driver Eric W. Biederman
2020-06-29 20:03 ` [PATCH v2 09/15] umh: Stop calling do_execve_file Eric W. Biederman
2020-06-29 20:04 ` [PATCH v2 10/15] exec: Remove do_execve_file Eric W. Biederman
2020-06-30 5:43 ` Christoph Hellwig
2020-06-30 12:14 ` Eric W. Biederman
2020-06-30 13:38 ` Christoph Hellwig
2020-06-30 14:28 ` Eric W. Biederman
2020-06-30 16:55 ` Alexei Starovoitov
2020-06-29 20:05 ` [PATCH v2 11/15] bpfilter: Move bpfilter_umh back into init data Eric W. Biederman
2020-06-29 20:06 ` [PATCH v2 12/15] umd: Track user space drivers with struct pid Eric W. Biederman
2020-06-29 20:06 ` [PATCH v2 13/15] bpfilter: Take advantage of the facilities of " Eric W. Biederman
2020-06-29 20:07 ` [PATCH v2 14/15] umd: Remove exit_umh Eric W. Biederman
2020-06-29 20:08 ` [PATCH v2 15/15] umd: Stop using split_argv Eric W. Biederman
2020-06-29 22:12 ` [PATCH v2 00/15] Make the user mode driver code a better citizen Alexei Starovoitov
2020-06-30 1:13 ` Eric W. Biederman
2020-06-30 6:16 ` Tetsuo Handa
2020-06-30 12:29 ` Eric W. Biederman
2020-06-30 13:21 ` Tetsuo Handa
2020-07-02 13:08 ` Eric W. Biederman
2020-07-02 13:40 ` Tetsuo Handa
2020-07-02 16:02 ` Eric W. Biederman
2020-07-03 13:19 ` Tetsuo Handa
2020-07-03 22:25 ` Eric W. Biederman
2020-07-04 6:57 ` Tetsuo Handa
2020-07-08 4:46 ` Eric W. Biederman
2020-06-30 16:52 ` Alexei Starovoitov
2020-07-01 17:12 ` Eric W. Biederman
2020-07-02 16:40 ` [PATCH v3 00/16] " Eric W. Biederman
2020-07-02 16:41 ` [PATCH v3 01/16] umh: Capture the pid in umh_pipe_setup Eric W. Biederman
2020-07-02 16:41 ` [PATCH v3 02/16] umh: Move setting PF_UMH into umh_pipe_setup Eric W. Biederman
2020-07-02 16:41 ` [PATCH v3 03/16] umh: Rename the user mode driver helpers for clarity Eric W. Biederman
2020-07-02 16:41 ` [PATCH v3 04/16] umh: Remove call_usermodehelper_setup_file Eric W. Biederman
2020-07-02 16:41 ` [PATCH v3 05/16] umh: Separate the user mode driver and the user mode helper support Eric W. Biederman
2020-07-02 16:41 ` [PATCH v3 06/16] umd: For clarity rename umh_info umd_info Eric W. Biederman
2020-07-02 16:41 ` [PATCH v3 07/16] umd: Rename umd_info.cmdline umd_info.driver_name Eric W. Biederman
2020-07-02 16:41 ` [PATCH v3 08/16] umd: Transform fork_usermode_blob into fork_usermode_driver Eric W. Biederman
2020-07-02 16:41 ` [PATCH v3 09/16] umh: Stop calling do_execve_file Eric W. Biederman
2020-07-02 16:41 ` [PATCH v3 10/16] exec: Remove do_execve_file Eric W. Biederman
2020-07-08 6:35 ` Luis Chamberlain
2020-07-08 12:41 ` Luis Chamberlain
2020-07-08 13:08 ` Eric W. Biederman
2020-07-08 13:32 ` Luis Chamberlain
2020-07-12 21:02 ` Pavel Machek
2020-07-02 16:41 ` [PATCH v3 11/16] bpfilter: Move bpfilter_umh back into init data Eric W. Biederman
2020-07-02 16:41 ` [PATCH v3 12/16] umd: Track user space drivers with struct pid Eric W. Biederman
2020-07-02 16:41 ` [PATCH v3 13/16] exit: Factor thread_group_exited out of pidfd_poll Eric W. Biederman
2020-07-03 20:30 ` Alexei Starovoitov
2020-07-03 21:37 ` Eric W. Biederman
2020-07-04 0:03 ` Alexei Starovoitov
2020-07-04 15:50 ` Christian Brauner
2020-07-07 17:09 ` Eric W. Biederman
2020-07-08 0:05 ` Daniel Borkmann
2020-07-08 3:50 ` Eric W. Biederman
2020-07-04 16:00 ` Christian Brauner
2020-07-02 16:41 ` [PATCH v3 14/16] bpfilter: Take advantage of the facilities of struct pid Eric W. Biederman
2020-07-02 16:41 ` [PATCH v3 15/16] umd: Remove exit_umh Eric W. Biederman
2020-07-02 16:41 ` [PATCH v3 16/16] umd: Stop using split_argv Eric W. Biederman
2020-07-02 23:51 ` [PATCH v3 00/16] Make the user mode driver code a better citizen Tetsuo Handa
2020-07-09 22:05 ` [merged][PATCH " Eric W. Biederman
2020-07-14 19:42 ` Alexei Starovoitov
2020-07-08 5:20 ` [PATCH v2 00/15] " Luis Chamberlain
2020-06-26 14:10 ` [PATCH 00/14] " Greg Kroah-Hartman
2020-06-26 16:40 ` Alexei Starovoitov
2020-06-26 17:17 ` Eric W. Biederman
2020-06-26 18:22 ` Alexei Starovoitov
2020-06-27 11:38 ` Tetsuo Handa
2020-06-27 12:59 ` Eric W. Biederman
2020-06-27 13:57 ` Tetsuo Handa
2020-06-28 19:44 ` Alexei Starovoitov
2020-06-29 2:20 ` Tetsuo Handa
2020-06-29 20:19 ` Eric W. Biederman
2020-06-30 6:28 ` Tetsuo Handa
2020-06-30 12:32 ` Eric W. Biederman
2020-06-30 16:48 ` Alexei Starovoitov
2020-06-30 21:54 ` Tetsuo Handa
2020-06-30 21:57 ` Alexei Starovoitov
2020-06-30 22:58 ` Tetsuo Handa
2020-06-25 12:56 ` [RFC][PATCH] net/bpfilter: Remove this broken and apparently unmantained Stephen Smalley
2020-06-25 13:25 ` Greg Kroah-Hartman
2020-06-25 14:26 ` Stephen Smalley
2020-06-25 14:36 ` Stephen Smalley
2020-06-25 15:21 ` Tetsuo Handa
2020-06-25 16:03 ` Stephen Smalley
2020-06-25 16:06 ` Casey Schaufler
2020-06-26 11:30 ` Eric W. Biederman
2020-06-07 5:58 ` Eric W. Biederman
2020-06-07 11:56 ` Eric W. Biederman
2020-06-08 16:35 ` Alexei Starovoitov
2020-06-08 16:33 ` Alexei Starovoitov
2020-06-06 20:43 ` Matthew Wilcox
2020-06-07 15:51 ` Eric W. Biederman
2020-06-07 1:13 ` Tetsuo Handa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200610000546.4hh4n53vaxc4hypi@ast-mbp.dhcp.thefacebook.com \
--to=alexei.starovoitov@gmail.com \
--cc=GLin@suse.com \
--cc=akpm@linux-foundation.org \
--cc=ast@kernel.org \
--cc=bmeneg@redhat.com \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=ebiederm@xmission.com \
--cc=keescook@chromium.org \
--cc=kuba@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
--cc=yamada.masahiro@socionext.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Linux-Fsdevel Archive on lore.kernel.org
Archives are clonable:
git clone --mirror https://lore.kernel.org/linux-fsdevel/0 linux-fsdevel/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 linux-fsdevel linux-fsdevel/ https://lore.kernel.org/linux-fsdevel \
linux-fsdevel@vger.kernel.org
public-inbox-index linux-fsdevel
Example config snippet for mirrors
Newsgroup available over NNTP:
nntp://nntp.lore.kernel.org/org.kernel.vger.linux-fsdevel
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git