lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080925220454.GA12116@suse.de>
Date:	Thu, 25 Sep 2008 15:04:54 -0700
From:	Greg KH <gregkh@...e.de>
To:	Parag Warudkar <parag.lkml@...il.com>
Cc:	Linus Torvalds <torvalds@...ux-foundation.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	linux-kernel@...r.kernel.org, Andreas Gruenbacher <agruen@...e.de>,
	Jeff Mahoney <jeffm@...e.de>
Subject: Re: [patch 00/04] RFC: Staging tree (drivers/staging)

On Thu, Sep 25, 2008 at 05:40:28PM -0400, Parag Warudkar wrote:
> On Thu, Sep 25, 2008 at 4:53 PM, Greg KH <gregkh@...e.de> wrote:
> >
> > Heh, ok, so the basic premise of getting code that is not currently in
> > mergable shape into the tree earlier to get wider usage and testing is
> > something that you agree with?
> 
> I don't think I got my point across - let me try again.
> 
> My disagreement was with getting crap code in mainline, re-classifying
> it as something other than experimental when it is not, expecting
> users to use it, printing warning when it is used, tainting the kernel
> for even more harassment and then having developers not support it  as
> a bonus - all cumulative. The naming part was also something that I
> did not like but that like I said was just my preference and does not
> matter because I disagree there is no need to TAINT  in first place.

I'm sorry we disagree here.  Also note that this goes against what a
number of us decided at the kernel summit, we want this code into the
tree as easily as possible.

> I can imagine that getting crap code in mainline is helpful for some
> class of users and developers - no problem we can have it in on that
> basis - I give up my objection there.

Great.

> But my objections to the other parts remain -  i.e. we should
> definitely avoid the useless re-classification and TAINT, we should
> change little or no other kernel code in the process of integrating
> this crap, give enough deterrent for people to really think before
> loading the crap code, and do not make it an official statement that
> you will get no support on LKML if you load this driver. Because
> certainly not all developers agree and we by definition of this
> staging effort have an interest in fixing the code.
> 
> The below approach I referred few times earlier will allow us to do
> exactly that - it would be good if you can tell me if this is
> workable.

So you now agree with the idea, just the implementation of the area
around the drivers, nice that's easy to work out.

> 1) Give a staging directory for all such low quality crap

Done in the patches I sent out.

> 2) Give a KConfig group "Staging Drivers (Low Quality/High Risk)" and
> if that is selected allow users to individually select the crappy
> drivers they want to actually use - default all entries to N

Done in the patches I sent out.

> 3) Name all modules under staging  with a _stg suffix or something unique

A name doesn't really matter here, the modinfo tag is just as
sufficient like I already did.

> 4) By default do NOT load anything with a _stg suffix - deal with this
> in insmod code, not the kernel

Um, no, I'm not going to force all userspace users to upgrade their
version of module-init-tools, JUST to prevent them from automatically
loading these drivers.  That's not going to happen, sorry.

> 5) Require that -f be specified to load _stg modules - which will
> auto-taint the kernel and developers can decide on their judgment /
> situation whether or not to pursue it

So you have to load the modules by "hand"?  Ick, no, that too is not
acceptable as it means no one will ever do it.  Don't break the
wonderful infrastructure we already have around the kernel of
auto-loading the proper driver for the proper hardware just because you
want to make the user jump through an extra step please.

>  6) OOPS reports with force loaded taint and _stg in module list will
> allow developers to decide whether or not to go after it

My patch set already does this, and it does so in a way that uniquely
distinguishes from the -f option, which some of us don't want to debug
as well.

> The above approach avoids re-classification/TAINTING, touches no
> kernel code and does not load the crap code automatically and still
> allows you to do what you intended.

What's the objection for the 9 extra lines in module.c, 2 lines in
panic.c, and 9 lines on scripts/mod/modpost.c?  Is this some huge
overhead that is unmaintainable?

Heck, the insmod changes would be more than that I imagine (and it would
be in modprobe, not insmod, it has to do with alias matching and that
chunk of code is _nasty_, I sure don't want to touch that.)

> Hopefully this doesn't sound like another "let us arm wrestle on what
> to name it" - because it is clearly more than that!

No, I really think it isn't more than that.  For some reason you are
afraid of another taint flag, why?  There is no extra overhead, and no
user needs to upgrade any userspace component at all (which, if you have
any experience with, you will know it just will not happen fast, if at
all for the large majority of users/developers.)

I don't want to make the kernel require a new version of
module-init-tools, and my current proposal of infrastructure changes
requires a massive core change of:

 Documentation/sysctl/kernel.txt |    1 +
 include/linux/kernel.h          |    1 +
 kernel/module.c                 |    9 +++++++++
 kernel/panic.c                  |    6 ++++--
 scripts/mod/modpost.c           |    9 +++++++++
5 files changed, 24 insertions(+), 2 deletions(-)

How much smaller do you expect this to get?

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ