Message ID | 20240123135242.11430-4-mkoutny@suse.com (mailing list archive) |
---|---|
State | Superseded |
Delegated to: | Netdev Maintainers |
Headers | show |
Series | net/sched: Load modules via alias | expand |
On Tue, Jan 23, 2024 at 02:52:41PM +0100, Michal Koutný wrote: > The cls_,sch_,act_ modules may be loaded lazily during network > configuration but without user's awareness and control. > > Switch the lazy loading from canonical module names to a module alias. > This allows finer control over lazy loading, the precedent from > commit 7f78e0351394 ("fs: Limit sys_mount to only request filesystem > modules.") explains it already: > > Using aliases means user space can control the policy of which > filesystem^W net/sched modules are auto-loaded by editing > /etc/modprobe.d/*.conf with blacklist and alias directives. > Allowing simple, safe, well understood work-arounds to known > problematic software. > > By default, nothing changes. However, if a specific module is > blacklisted (its canonical name), it won't be modprobe'd when requested > under its alias (i.e. kernel auto-loading). It would appear as if the > given module was unknown. > > The module can still be loaded under its canonical name, which is an > explicit (privileged) user action. > > Signed-off-by: Michal Koutný <mkoutny@suse.com> > --- > net/sched/act_api.c | 2 +- > net/sched/cls_api.c | 2 +- > net/sched/sch_api.c | 4 ++-- > 3 files changed, 4 insertions(+), 4 deletions(-) > > diff --git a/net/sched/act_api.c b/net/sched/act_api.c > index 3e30d7260493..60c0fadfac6d 100644 > --- a/net/sched/act_api.c > +++ b/net/sched/act_api.c > @@ -1363,7 +1363,7 @@ struct tc_action_ops *tc_action_load_ops(struct nlattr *nla, u32 flags, > > if (rtnl_held) > rtnl_unlock(); > - request_module("act_%s", act_name); > + request_module(NET_ACT_ALIAS_PREFIX "%s", name); Hi Michal, name doesn't exist in this context, perhaps the line above should be: request_module(NET_ACT_ALIAS_PREFIX "%s", act_name); > if (rtnl_held) > rtnl_lock(); > > diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c > index 92a12e3d0fe6..b31b832598e7 100644 > --- a/net/sched/cls_api.c > +++ b/net/sched/cls_api.c > @@ -257,7 +257,7 @@ tcf_proto_lookup_ops(const char *kind, bool rtnl_held, > #ifdef CONFIG_MODULES > if (rtnl_held) > rtnl_unlock(); > - request_module("cls_%s", kind); > + request_module(NET_CLS_ALIAS_PREFIX "%s", name); Likewise, perhaps the line above should be: request_module(NET_CLS_ALIAS_PREFIX "%s", kind); > if (rtnl_held) > rtnl_lock(); > ops = __tcf_proto_lookup_ops(kind); ...
On Tue, Jan 23, 2024 at 05:40:02PM +0000, Simon Horman <horms@kernel.org> wrote:
> name doesn't exist in this context, perhaps the line above should be:
Well spotted (and shame on me for unchecked last-moment edits).
I will resend after some more feedback or time.
Thanks,
Michal
diff --git a/net/sched/act_api.c b/net/sched/act_api.c index 3e30d7260493..60c0fadfac6d 100644 --- a/net/sched/act_api.c +++ b/net/sched/act_api.c @@ -1363,7 +1363,7 @@ struct tc_action_ops *tc_action_load_ops(struct nlattr *nla, u32 flags, if (rtnl_held) rtnl_unlock(); - request_module("act_%s", act_name); + request_module(NET_ACT_ALIAS_PREFIX "%s", name); if (rtnl_held) rtnl_lock(); diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c index 92a12e3d0fe6..b31b832598e7 100644 --- a/net/sched/cls_api.c +++ b/net/sched/cls_api.c @@ -257,7 +257,7 @@ tcf_proto_lookup_ops(const char *kind, bool rtnl_held, #ifdef CONFIG_MODULES if (rtnl_held) rtnl_unlock(); - request_module("cls_%s", kind); + request_module(NET_CLS_ALIAS_PREFIX "%s", name); if (rtnl_held) rtnl_lock(); ops = __tcf_proto_lookup_ops(kind); diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c index 36b025cc4fd2..9d928f6a473a 100644 --- a/net/sched/sch_api.c +++ b/net/sched/sch_api.c @@ -228,7 +228,7 @@ int qdisc_set_default(const char *name) if (!ops) { /* Not found, drop lock and try to load module */ write_unlock(&qdisc_mod_lock); - request_module("sch_%s", name); + request_module(NET_SCH_ALIAS_PREFIX "%s", name); write_lock(&qdisc_mod_lock); ops = qdisc_lookup_default(name); @@ -1275,7 +1275,7 @@ static struct Qdisc *qdisc_create(struct net_device *dev, * go away in the mean time. */ rtnl_unlock(); - request_module("sch_%s", name); + request_module(NET_SCH_ALIAS_PREFIX "%s", name); rtnl_lock(); ops = qdisc_lookup_ops(kind); if (ops != NULL) {
The cls_,sch_,act_ modules may be loaded lazily during network configuration but without user's awareness and control. Switch the lazy loading from canonical module names to a module alias. This allows finer control over lazy loading, the precedent from commit 7f78e0351394 ("fs: Limit sys_mount to only request filesystem modules.") explains it already: Using aliases means user space can control the policy of which filesystem^W net/sched modules are auto-loaded by editing /etc/modprobe.d/*.conf with blacklist and alias directives. Allowing simple, safe, well understood work-arounds to known problematic software. By default, nothing changes. However, if a specific module is blacklisted (its canonical name), it won't be modprobe'd when requested under its alias (i.e. kernel auto-loading). It would appear as if the given module was unknown. The module can still be loaded under its canonical name, which is an explicit (privileged) user action. Signed-off-by: Michal Koutný <mkoutny@suse.com> --- net/sched/act_api.c | 2 +- net/sched/cls_api.c | 2 +- net/sched/sch_api.c | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-)