lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1323752547.2825.101.camel@deadeye>
Date:	Tue, 13 Dec 2011 05:02:27 +0000
From:	Ben Hutchings <ben@...adent.org.uk>
To:	"Luis R. Rodriguez" <mcgrof@...jolero.org>
Cc:	"John W. Linville" <linville@...driver.com>,
	LKML <linux-kernel@...r.kernel.org>,
	Dave Jones <davej@...hat.com>, Greg KH <greg@...ah.com>,
	Debian kernel maintainers <debian-kernel@...ts.debian.org>,
	Rusty Russell <rusty@...tcorp.com.au>,
	linux-wireless <linux-wireless@...r.kernel.org>
Subject: Re: [PATCH] module,bug: Add TAINT_OOT_MODULE flag for modules not
 built in-tree

On Mon, 2011-12-12 at 14:47 -0800, Luis R. Rodriguez wrote:
> On Mon, Dec 12, 2011 at 1:58 PM, Ben Hutchings <ben@...adent.org.uk> wrote:
> > On Mon, Dec 12, 2011 at 01:40:44PM -0800, Luis R. Rodriguez wrote:
[...]
> >> It seems this taint flag will be used for driers backported through
> >> compat-wireless, the compat kernel module or any other backported
> >> driver, even if it is indeed upstream and whereby kernel developer
> >> *do* commit to actually fixing issues. In our experience
> >> compat-wireless bugs *are real bugs*, not backport bugs so we do look
> >> into them. In our latest linux-next.git based release for example
> >> backport code consists only of 1.3804% of the code.
> >
> > Now you can look for (O) after the module name in a BUG/Oops message
> > and you can tell whether the user really had the original or
> > compat-wireless version of the driver.
> >
> > It is really up to each distributor or developer how they treat
> > bug reports with the O taint.  When handling Debian bug reports I
> > won't automatically reject such a tainted kernel but I will look
> > carefully at the module list.
> 
> I'm working on getting my companies to abandon 802.11 proprietary
> drivers for good. For Station mode of operation this is pretty much
> mission complete. For AP products.. this is work in progress. The out
> of tree flag is a good utility one can use to help justify working
> upstream but if we treat any future-kernel-backported-driver equally
> to any out of tree crap piece of shit driver, it seems to do unjustice
> to the value of a properly upstream backported driver.

Well, it's a warning that not all the kernel code comes from the
original source tree that the version string identifies.  It's not a
value judgement (unlike TAINT_CRAP).

> I will note
> that I put a lot of effort to ensure that the backport effort is
> upstream-centric in an *extremely* upstream-biased way, see how I
> label extra patches for tarballs [1]. If your patches are not upstream
> the only way you get into these tarballs are by providing patches into
> these directories:
> 
>   * pending-stable/ stable fixes from linux-next.git not yet on a stable release
>   * linux-next-cherry-picks/ patches upstream but that won't go to the
> stable release that we want to cherry pick
>   * linux-next-pending/ patches posted on the public development
> mailing list, patch not yet merged due to the maintainer being away on
> vacation or whatever
>   * crap/ patches not even posted publicly yet
> 
> Each tarball used also gets pegged with a letter if *any* patch from
> any of these directories gets applied. The compat module, upon being
> loaded, will also print the kernel ring buffer the exact release,
> whether extra patches were provided, the upstream git tree used as
> base and so on.

Thanks, I appreciate that.

> So -- although from a technical perspective this may mean Debian /
> other kernel developers may ignore the taint flag for compat-wireless
> it'd sure be nice to avoid it for them all together. Just can't think
> of a way to do it yet... If you agree should we continue to think of a
> way if its possible?

Maybe we should be talking about updating the distribution packages
instead.  For the Debian kernel packages, we backport various drivers to
the stable distribution to add support for new hardware.  Please mail
debian-kernel@...ts.debian.org if you would like to work with us on
that.

Ben.

> [1] http://wireless.kernel.org/en/users/Download/stable#Legend
> 
>   Luis

-- 
Ben Hutchings
Computers are not intelligent.	They only think they are.

Download attachment "signature.asc" of type "application/pgp-signature" (829 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ