On Fri, Mar 17, 2023 at 7:53 AM Roberto Sassu <roberto.sassu@xxxxxxxxxxxxxxx> wrote: > > From: Roberto Sassu <roberto.sassu@xxxxxxxxxx> > > A User Mode Driver (UMD) is a specialization of a User Mode Helper (UMH), > which runs a user space process from a binary blob, and creates a > bidirectional pipe, so that the kernel can make a request to that process, > and the latter provides its response. It is currently used by bpfilter, > although it does not seem to do any useful work. FYI the new home for bpfilter is here: https://github.com/facebook/bpfilter > The problem is, if other users would like to implement a UMD similar to > bpfilter, they would have to duplicate the code. Instead, make an UMD > management library and API from the existing bpfilter and sockopt code, > and move it to common kernel code. > > Also, define the software architecture and the main components of the > library: the UMD Manager, running in the kernel, acting as the frontend > interface to any user or kernel-originated request; the UMD Loader, also > running in the kernel, responsible to load the UMD Handler; the UMD > Handler, running in user space, responsible to handle requests from the UMD > Manager and to send to it the response. That doesn't look like a generic interface for UMD. It was a quick hack to get bpfilter off the ground, but certainly not a generic one. > I have two use cases, but for sake of brevity I will propose one. > > I would like to add support for PGP keys and signatures in the kernel, so > that I can extend secure boot to applications, and allow/deny code > execution based on the signed file digests included in RPM headers. > > While I proposed a patch set a while ago (based on a previous work of David > Howells), the main objection was that the PGP packet parser should not run > in the kernel. > > That makes a perfect example for using a UMD. If the PGP parser is moved to > user space (UMD Handler), and the kernel (UMD Manager) just instantiates > the key and verifies the signature on already parsed data, this would > address the concern. I don't think PGP parser belongs to UMD either. Please do it as a normal user space process and define a proper protocol for communication between kernel and user space.
