lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210128205207.awdbh4bmx56pxxjl@treble> Date: Thu, 28 Jan 2021 14:52:07 -0600 From: Josh Poimboeuf <jpoimboe@...hat.com> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Masahiro Yamada <masahiroy@...nel.org>, Michal Marek <michal.lkml@...kovi.net>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Kees Cook <keescook@...omium.org>, linux-hardening@...r.kernel.org, Linux Kbuild mailing list <linux-kbuild@...r.kernel.org>, Peter Zijlstra <peterz@...radead.org>, Justin Forbes <jforbes@...hat.com>, Ondrej Mosnacek <omosnace@...hat.com>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Christoph Hellwig <hch@...radead.org>, Miroslav Benes <mbenes@...e.cz>, David Laight <David.Laight@...lab.com>, Jessica Yu <jeyu@...nel.org> Subject: Re: [PATCH RFC] kbuild: Prevent compiler mismatch with external modules On Thu, Jan 28, 2021 at 12:24:45PM -0800, Linus Torvalds wrote: > On Thu, Jan 28, 2021 at 12:08 PM Josh Poimboeuf <jpoimboe@...hat.com> wrote: > > > > Add a check for compiler mismatch, but only check the major version. > > I think this is wrong for multiple reasons. > > The most fundamental reason is that it's pointless and doesn't > actually do what you claim it does. > > Just doing a "make oldconfig" will reset the CONFIG_xyz_VERSION to > whatever is installed, and now your check doesn't actually do > anything, since you're not actually checking what the kernel was > compiled with! Huh? Why would you do a "make oldconfig" on a distro-released kernel before building an OOT module? Usually you build an OOT module against /lib/modules/$(uname -r)/build, and the .config isn't even writable. > So I think that check is pointless and entirely misleading. It doesn't > do what you want it to do, and what you claim it does. It's not a magic bullet, but doesn't it catch the vast majority of use cases? Which makes it a lot better than what we have now (nothing). > I'm not convinced about the whole magic vs minor argument either. The > whole "new compiler features" thing is a red herring - even if you do > have new compiler features, that in itself has very little to do with > whether the resulting object files are compatible or not. Hm? Are you saying the check is too strict, since GCC9 binaries _might_ be compatible with GCC10? -- Josh
Powered by blists - more mailing lists