From: "Kevin O'Connor" <kevin@koconnor.net>
To: Rusty Russell <rusty@rustcorp.com.au>
Cc: Greg KH <greg@kroah.com>,
linux-kernel@vger.kernel.org,
Roman Zippel <zippel@linux-m68k.org>
Subject: Re: [PATCH] In-kernel module loader 1/7
Date: Sat, 21 Sep 2002 03:38:30 -0400 [thread overview]
Message-ID: <20020921033830.A32446@arizona.localdomain> (raw)
In-Reply-To: <20020920040241.4C03F2C0D9@lists.samba.org>; from rusty@rustcorp.com.au on Fri, Sep 20, 2002 at 11:22:08AM +1000
On Fri, Sep 20, 2002 at 11:22:08AM +1000, Rusty Russell wrote:
> Well, it's up to you. You *could* implement:
>
> #define call_security(method , ...) \
> ({ int __ret; \
> if (try_module_get(security_ops->owner)) { \
> __ret = security_ops->method(__VA_ARGS__); \
> module_put(security_ops->owner); \
> } else \
> /* If unloading or loading, default to "allow" */ \
> __ret = 0; \
> __ret; \
> })
[...]
> Now, if you don't have CONFIG_MODULES this becomes the code as it is
> now.
Hi Rusty,
Please consider the following non-module code snippet:
int
sys_enable_foo_security()
{
foocache = kmalloc(100000);
register_security(&foo_ops);
}
int
sys_disable_foo_security()
{
unregister_security(&foo_ops);
kfree(foocache); // OOPS
}
If I follow Roman's argument correctly, the unload race is not module
specific. (The problem is that unregister_security() only asserts that no
new callers will be made to foo_ops, it doesn't guarantee that there are no
current callers.)
In the above example, one solution would be to reference count foocache.
However, another viable solution would be to ref-count the security_ops
field.
Anyway, given that the problem is a general resource management issue (and
not module specific), I think one could implement call_security() with less
overhead:
#define call_security(method , ...) \
({ int __ret; \
read_lock(&SecurityLock); \
__ret = security_ops->method(__VA_ARGS__); \
read_unlock(&SecurityLock); \
__ret; \
})
where (un)register_security used a write_lock to guard accesses to
security_ops changes.
This implementation is still a bit sluggish (as well as limiting), however
one could conceivable use RCU or a similar mechanism to further reduce
overhead of the common path.
-Kevin
P.S. it may also be possible for this alternate solution to work:
#define call_security(method , ...) \
({ int __ret; \
atomic_inc(&SecurityRefCount); \
__ret = security_ops->method(__VA_ARGS__); \
atomic_dec(&SecurityRefCount); \
})
where unregister_security set the security_ops field to a dummy value and
then waited for the ref-count to hit zero before returning. However, this
may depend too heavily on memory ordering..
--
------------------------------------------------------------------------
| Kevin O'Connor "BTW, IMHO we need a FAQ for |
| kevin@koconnor.net 'IMHO', 'FAQ', 'BTW', etc. !" |
------------------------------------------------------------------------
next prev parent reply other threads:[~2002-09-21 7:33 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-09-18 2:05 [PATCH] In-kernel module loader 1/7 Rusty Russell
2002-09-18 22:59 ` Roman Zippel
2002-09-19 1:00 ` Rusty Russell
2002-09-19 2:19 ` Daniel Jacobowitz
2002-09-19 3:57 ` Rusty Russell
2002-09-19 10:44 ` Roman Zippel
2002-09-19 12:51 ` Rusty Russell
2002-09-19 13:54 ` Roman Zippel
2002-09-19 18:38 ` Greg KH
2002-09-19 18:58 ` Alan Cox
2002-09-19 20:11 ` Greg KH
2002-09-19 20:42 ` Roman Zippel
2002-09-30 15:32 ` Daniel Phillips
2002-10-03 18:53 ` Rob Landley
2002-10-04 0:10 ` Daniel Phillips
2002-10-15 3:25 ` Rusty Russell
2002-10-15 15:28 ` Daniel Phillips
2002-10-15 23:53 ` Rusty Russell
2002-10-16 2:59 ` Daniel Phillips
2002-10-16 6:11 ` Rusty Russell
2002-10-16 17:33 ` Daniel Phillips
2002-10-16 22:48 ` Rusty Russell
2002-10-17 1:57 ` Daniel Phillips
2002-10-17 7:41 ` Rusty Russell
2002-10-17 14:49 ` Roman Zippel
2002-10-17 14:56 ` your mail Kai Germaschewski
2002-10-18 2:47 ` Rusty Russell
2002-10-18 21:50 ` Kai Germaschewski
2002-10-17 17:20 ` [RFC] change format of LSM hooks Daniel Phillips
2002-10-18 2:04 ` Rusty Russell
2002-10-17 17:25 ` Daniel Phillips
2002-10-16 8:15 ` [PATCH] In-kernel module loader 1/7 Chris Wright
2002-09-19 20:10 ` Roman Zippel
2002-09-20 1:22 ` Rusty Russell
2002-09-20 4:32 ` Greg KH
2002-09-20 9:25 ` Rusty Russell
2002-09-21 7:38 ` Kevin O'Connor [this message]
2002-09-22 23:31 ` Rusty Russell
2002-09-19 23:44 ` Rusty Russell
2002-09-20 9:32 ` Roman Zippel
2002-09-21 4:17 ` Rusty Russell
2002-09-21 17:09 ` Roman Zippel
2002-09-23 0:20 ` Rusty Russell
2002-09-24 10:16 ` Roman Zippel
2002-09-24 14:54 ` Rusty Russell
2002-09-25 0:46 ` Roman Zippel
2002-09-25 5:50 ` Rusty Russell
2002-09-25 11:36 ` Roman Zippel
2002-09-25 12:53 ` Rusty Russell
2002-09-25 21:28 ` Roman Zippel
2002-09-26 1:49 ` Rusty Russell
2002-09-26 23:38 ` Roman Zippel
2002-09-27 1:11 ` Scott Murray
2002-09-27 1:34 ` Roman Zippel
2002-09-28 0:48 ` David Lang
2002-10-15 4:53 ` Rusty Russell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20020921033830.A32446@arizona.localdomain \
--to=kevin@koconnor.net \
--cc=greg@kroah.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rusty@rustcorp.com.au \
--cc=zippel@linux-m68k.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).