xenbits.xensource.com Git - people/aperard/linux.git/commit

author	Michal Koutný <mkoutny@suse.com>
	Thu, 1 Feb 2024 13:09:42 +0000 (14:09 +0100)
committer	Jakub Kicinski <kuba@kernel.org>
	Fri, 2 Feb 2024 18:57:55 +0000 (10:57 -0800)
commit	2c15a5aee2f32e341d1585fa1867eece76a1edb8
tree	2bd5ff1f5cc96cc16cf7454dccd16284676a7a72	tree
parent	241a94abcf465ba9363d93168da5ddd47002930f	commit \| diff

net/sched: Load modules via their alias

The cls_,sch_,act_ modules may be loaded lazily during network
configuration but without user's awareness and control.

Switch the lazy loading from canonical module names to a module alias.
This allows finer control over lazy loading, the precedent from
commit 7f78e0351394 ("fs: Limit sys_mount to only request filesystem
modules.") explains it already:

Using aliases means user space can control the policy of which
filesystem^W net/sched modules are auto-loaded by editing
/etc/modprobe.d/*.conf with blacklist and alias directives.
Allowing simple, safe, well understood work-arounds to known
problematic software.

By default, nothing changes. However, if a specific module is
blacklisted (its canonical name), it won't be modprobe'd when requested
under its alias (i.e. kernel auto-loading). It would appear as if the
given module was unknown.

The module can still be loaded under its canonical name, which is an
explicit (privileged) user action.

Signed-off-by: Michal Koutný <mkoutny@suse.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
Link: https://lore.kernel.org/r/20240201130943.19536-4-mkoutny@suse.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

net/sched/act_api.c		diff \| blob \| blame \| history
net/sched/cls_api.c		diff \| blob \| blame \| history
net/sched/sch_api.c		diff \| blob \| blame \| history