Thu, Feb 01, 2024 at 02:09:39PM CET, mkoutny@xxxxxxxx wrote:
>These modules may be loaded lazily without user's awareness and
>control. Add respective aliases to modules and request them under these
>aliases so that modprobe's blacklisting mechanism (through aliases)
>works for them. (The same pattern exists e.g. for filesystem
>modules.)
>
>For example (before the change):
> $ tc filter add dev lo parent 10: protocol ip prio 10 handle 1: cgroup
> # cls_cgroup module is loaded despite a `blacklist cls_cgroup` entry
> # in /etc/modprobe.d/*.conf
>
>After the change:
> $ tc filter add dev lo parent 10: protocol ip prio 10 handle 1: cgroup
> Error: TC classifier not found.
> We have an error talking to the kernel
> # explicit/acknowledged (privileged) action is needed
> $ modprobe cls_cgroup
> # blacklist entry won't apply to this direct modprobe, module is
> # loaded with awareness
>
>A considered alternative was invoking `modprobe -b` always from
>request_module(), however, dismissed as too intrusive and slightly
>confusing in favor of the precedented aliases (the commit 7f78e0351394
>("fs: Limit sys_mount to only request filesystem modules.").
>
>User experience suffers in both alternatives. Its improvement is
>orthogonal to blacklist honoring.
>
>Changes from v1 (https://lore.kernel.org/r/20231121175640.9981-1-mkoutny@xxxxxxxx)
>- Treat sch_ and act_ modules analogously to cls_
>
>Changes from v2 (https://lore.kernel.org/r/20231206192752.18989-1-mkoutny@xxxxxxxx)
>- reorganized commits (one generated commit + manual pre-/post- work)
>- used alias names more fitting the existing net- aliases
>- more info in commit messages and cover letter
>- rebased on current master
>
>Changes from v3 (https://lore.kernel.org/r/20240112180646.13232-1-mkoutny@xxxxxxxx)
>- rebase on netdev/net-next/main
>- correct aliases in cls_* modules (wrong sed)
>- replace repeated prefix strings with a macro
>- patch also request_module call in qdisc_set_default()
>
>Changes from v4 (https://lore.kernel.org/r/20240123135242.11430-1-mkoutny@xxxxxxxx)
>- update example in cover letter to existing module (cls_tcindex->cls_cgroup)
> - tested that ':-)
>- remove __stringify in alias macro, net-cls-cgroup instead of net-cls-"cgroup"
>- pass correct argument to request_module() (Simon)
>- rebased on netdev-next/main
>
>Michal Koutný (4):
> net/sched: Add helper macros with module names
> net/sched: Add module aliases for cls_,sch_,act_ modules
> net/sched: Load modules via their alias
> net/sched: Remove alias of sch_clsact
Set looks fine to me:
Reviewed-by: Jiri Pirko <jiri@xxxxxxxxxx>
