From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753480AbcLHU3z (ORCPT <rfc822;w@1wt.eu>);
        Thu, 8 Dec 2016 15:29:55 -0500
Received: from mail-io0-f176.google.com ([209.85.223.176]:33630 "EHLO
        mail-io0-f176.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752035AbcLHU3w (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 8 Dec 2016 15:29:52 -0500
MIME-Version: 1.0
In-Reply-To: <20161208194824.2532-1-mcgrof@kernel.org>
References: <20161208184801.1689-1-mcgrof@kernel.org> <20161208194824.2532-1-mcgrof@kernel.org>
From: Kees Cook <keescook@chromium.org>
Date: Thu, 8 Dec 2016 12:29:42 -0800
X-Google-Sender-Auth: u2q1AEQ1UiYfQ0gUiwKGpHtMnj0
Message-ID: <CAGXu5j+L4DpHC22NSk8uxpLUQxKYwZQ1AE+zdEJ6nwAm4Sv6JA@mail.gmail.com>
Subject: Re: [RFC 04/10] kmod: provide wrappers for kmod_concurrent inc/dec
To: "Luis R. Rodriguez" <mcgrof@kernel.org>
Cc: shuah@kernel.org, Jessica Yu <jeyu@redhat.com>,
        Rusty Russell <rusty@rustcorp.com.au>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        Dmitry Torokhov <dmitry.torokhov@gmail.com>,
        Arnaldo Carvalho de Melo <acme@redhat.com>,
        Jonathan Corbet <corbet@lwn.net>, martin.wilck@suse.com,
        Michal Marek <mmarek@suse.com>, Petr Mladek <pmladek@suse.com>,
        hare@suse.com, rwright@hpe.com, Jeff Mahoney <jeffm@suse.com>,
        DSterba@suse.com, fdmanana@suse.com, neilb@suse.com,
        Guenter Roeck <linux@roeck-us.net>, rgoldwyn@suse.com,
        subashab@codeaurora.org, Heinrich Schuchardt <xypron.glpk@gmx.de>,
        Aaron Tomlin <atomlin@redhat.com>, mbenes@suse.cz,
        "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
        Dan Williams <dan.j.williams@intel.com>,
        Josh Poimboeuf <jpoimboe@redhat.com>,
        "David S. Miller" <davem@davemloft.net>,
        Ingo Molnar <mingo@redhat.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        linux-kselftest@vger.kernel.org,
        "linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Dec 8, 2016 at 11:48 AM, Luis R. Rodriguez <mcgrof@kernel.org> wrote:
> kmod_concurrent is used as an atomic counter for enabling
> the allowed limit of modprobe calls, provide wrappers for it
> to enable this to be expanded on more easily. This will be done
> later.
>
> Signed-off-by: Luis R. Rodriguez <mcgrof@kernel.org>
> ---
>  kernel/kmod.c | 27 +++++++++++++++++++++------
>  1 file changed, 21 insertions(+), 6 deletions(-)
>
> diff --git a/kernel/kmod.c b/kernel/kmod.c
> index cb6f7ca7b8a5..049d7eabda38 100644
> --- a/kernel/kmod.c
> +++ b/kernel/kmod.c
> @@ -44,6 +44,9 @@
>  #include <trace/events/module.h>
>
>  extern int max_threads;
> +
> +static atomic_t kmod_concurrent = ATOMIC_INIT(0);
> +
>  unsigned int max_modprobes;
>  module_param(max_modprobes, uint, 0644);
>  MODULE_PARM_DESC(max_modprobes, "Max number of allowed concurrent modprobes");
> @@ -108,6 +111,20 @@ static int call_modprobe(char *module_name, int wait)
>         return -ENOMEM;
>  }
>
> +static int kmod_umh_threads_get(void)
> +{
> +       atomic_inc(&kmod_concurrent);
> +       if (atomic_read(&kmod_concurrent) < max_modprobes)
> +               return 0;
> +       atomic_dec(&kmod_concurrent);
> +       return -ENOMEM;
> +}
> +
> +static void kmod_umh_threads_put(void)
> +{
> +       atomic_dec(&kmod_concurrent);
> +}

Can you use a kref here instead? We're trying to kill raw use of
atomic_t for reference counting...

> +
>  /**
>   * __request_module - try to load a kernel module
>   * @wait: wait (or not) for the operation to complete
> @@ -129,7 +146,6 @@ int __request_module(bool wait, const char *fmt, ...)
>         va_list args;
>         char module_name[MODULE_NAME_LEN];
>         int ret;
> -       static atomic_t kmod_concurrent = ATOMIC_INIT(0);
>         static int kmod_loop_msg;
>
>         /*
> @@ -153,8 +169,8 @@ int __request_module(bool wait, const char *fmt, ...)
>         if (ret)
>                 return ret;
>
> -       atomic_inc(&kmod_concurrent);
> -       if (atomic_read(&kmod_concurrent) > max_modprobes) {
> +       ret = kmod_umh_threads_get();
> +       if (ret) {
>                 /* We may be blaming an innocent here, but unlikely */
>                 if (kmod_loop_msg < 5) {
>                         printk(KERN_ERR
> @@ -162,15 +178,14 @@ int __request_module(bool wait, const char *fmt, ...)
>                                module_name);
>                         kmod_loop_msg++;
>                 }
> -               atomic_dec(&kmod_concurrent);
> -               return -ENOMEM;
> +               return ret;
>         }
>
>         trace_module_request(module_name, wait, _RET_IP_);
>
>         ret = call_modprobe(module_name, wait ? UMH_WAIT_PROC : UMH_WAIT_EXEC);
>
> -       atomic_dec(&kmod_concurrent);
> +       kmod_umh_threads_put();
>         return ret;
>  }
>  EXPORT_SYMBOL(__request_module);
> --
> 2.10.1
>



-- 
Kees Cook
Nexus Security