| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 28 Jan 2021 16:08:03 -0600
From: Josh Poimboeuf <jpoimboe@...hat.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Masahiro Yamada <masahiroy@...nel.org>,
Michal Marek <michal.lkml@...kovi.net>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Kees Cook <keescook@...omium.org>,
linux-hardening@...r.kernel.org,
Linux Kbuild mailing list <linux-kbuild@...r.kernel.org>,
Peter Zijlstra <peterz@...radead.org>,
Justin Forbes <jforbes@...hat.com>,
Ondrej Mosnacek <omosnace@...hat.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Christoph Hellwig <hch@...radead.org>,
Miroslav Benes <mbenes@...e.cz>,
David Laight <David.Laight@...lab.com>,
Jessica Yu <jeyu@...nel.org>
Subject: Re: [PATCH RFC] kbuild: Prevent compiler mismatch with external
modules
On Thu, Jan 28, 2021 at 01:45:51PM -0800, Linus Torvalds wrote:
> On Thu, Jan 28, 2021 at 1:34 PM Josh Poimboeuf <jpoimboe@...hat.com> wrote:
> >
> > On Thu, Jan 28, 2021 at 01:23:11PM -0800, Linus Torvalds wrote:
> > > THAT workaround is long gone, but I didn't check what other ones we
> > > might have now. But the gcc version checks we _do_ have are not
> > > necessarily about major versions at all (ie I trivially found checks
> > > for 4.9, 4.9.2, 5.1, 7.2 and 9.1).
> >
> > Then maybe the check should be same major.minor?
>
> Well, how many of them are actually about things that generate
> incompatible object code?
>
> The main one I can think of is the KASAN ABI version checks, but
> honestly, I think that's irrelevant. I really hope no distros enable
> KASAN in user kernels.
>
> Another version check I looked at was the one that just checks whether
> the compiler natively supports __builtin_mul_overflow() or not - it
> doesn't generate incompatible object code, it just takes advantage of
> a compiler feature if one exists. You can mix and match those kinds of
> things well enough.
>
> So I'd really like to hear actual hard technical reasons with
> examples, for why you'd want to add this test in the first place.
Unfortunately I don't have technical reasons beyond what we've already
discussed, found from code inspection.
This patch was born from a discussion where wildly different opinions
were expressed about whether such a mismatch scenario (or even external
modules in general!) would be supported at all.
So I guess the goal is to clarify (in the code base) to what extent
compiler mismatches are supported/allowed/encouraged. Because they
definitely happen in the real world, but a lot of people seem to be
sticking their head in the sand about it.
If we decide it's not a cut-and-dry makefile check, then the policy
should at least be documented.
I'd prefer the warning though, since nobody's going to read the docs.
> No hand-waving "different compiler versions don't work together".
> Because that's simply not true.
>
> > And convert it to a strongly worded warning/disclaimer?
>
> A warning might be better for the simple reason that it wouldn't cause
> people to just fix it with "make oldconfig".
>
> Maybe you haven't looked at people who compile external modules, but
> they always have various "this is how to work around issues with
> version XYZ". That "make oldconfig" would simply just become the
> workaround for any build errors.
>
> And a warning might be more palatable even if different compiler
> version work fine together. Just a heads up on "it looks like you
> might be mixing compiler versions" is a valid note, and isn't
> necessarily wrong. Even when they work well together, maybe you want
> to have people at least _aware_ of it.
Sounds reasonable.
--
Josh
Powered by blists - more mailing lists