lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 11 May 2020 12:04:09 -0700
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     Andreas Schwab <schwab@...e.de>
Cc:     Palmer Dabbelt <palmer@...belt.com>,
        linux-riscv@...ts.infradead.org,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [GIT PULL] RISC-V Fixes for 5.7-rc5

On Mon, May 11, 2020 at 1:13 AM Andreas Schwab <schwab@...e.de> wrote:
>
> On Mai 09 2020, Linus Torvalds wrote:
>
> > glibc depending on kernel version is WRONG. It's bogus. You can't do
> > feature detection based on kernel version, it's fundamentally broken.
> >
> > So I really would prefer to see glibc fixed not to do that stupid
> > thing, instead of adding pointless vdso notes to the kernel.
>
> I'm not aware of any discussion or bug report on this issue.  Any
> pointer?

We've discussed it informally several times, but that really is just
"I remember mentioning this before" than anything else.

Basically, testing kernel versions is pretty much always a bug. You
_will_ get it wrong, sometimes spectacularly (we've had programs
literally break when the major number changed, because they only
checked the minor number).

Other times you'll get it wrong in subtler ways - testing for features
by version number is wrong, if that feature is then disabled by a
config option (a lot of new kernel features work that way).

Or, the already mentioned "distros often port back features to their
older kernels". The latest example of that is Wireguard being ported
back to Ubuntu 20.04 - using kernel version 5.4, even though WG was
actually upstreamed in 5.6.

So the whole "look at kernel version to determine if it does X" is
simply fundamentally wrong.

Why is glibc doing it in the first place? Is it some historical thing
that is simply irrelevant on RISC-V simply because RISC-V doesn't have
that kind of history, perhaps?

                 Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ