lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 20 Jan 2021 09:01:03 -0800
From:   Saravana Kannan <saravanak@...gle.com>
To:     Christoph Hellwig <hch@...radead.org>
Cc:     Will McVicker <willmcvicker@...gle.com>,
        Jessica Yu <jeyu@...nel.org>,
        Masahiro Yamada <masahiroy@...nel.org>,
        Michal Marek <michal.lkml@...kovi.net>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Linux Kbuild mailing list <linux-kbuild@...r.kernel.org>,
        Android Kernel Team <kernel-team@...roid.com>
Subject: Re: [PATCH v5] modules: introduce the MODULE_SCMVERSION config

On Wed, Jan 20, 2021 at 6:26 AM Christoph Hellwig <hch@...radead.org> wrote:
>
> On Fri, Jan 08, 2021 at 12:30:35AM +0000, Will McVicker wrote:
> > For example, we have a CI setup that tests new kernel changes on the
> > hikey960 and db845c devices without updating their kernel modules. When
> > these tests fail, we need to be able to identify the exact device
> > configuration the test was using. By including MODULE_SCMVERSION, we can
> > identify the exact kernel and modules' SCM versions for debugging the
> > failures.
>
> Sorry, but this still has no business in the upstream kernel as every
> change to the kernel is free to just change any API.

Sure, and this patch is making no claims one way or the other on that topic.

> That is whatever
> you test there is a completely unsupported setup.

Plenty of distributions maintain stable kernels based on LTS. We've
done that too and we are able to do LTS kernel binary updates (so
better security) without waiting around for the modules to get
updated. Keep in mind, that not all modules might be updated at the
same time either. That's something that's definitely feasible and
works.

And if the API changes, MODVERSIONS catches + CI helps catch them. And
if something slips in and things fail, we want to find out what kernel
source was used vs what module source was used to debug the problem.
This is all relevant even for in-tree modules.

> More importantly the "scmversion" of a module simply does not matter,
> as we only support modules from the kernel tree and it thus must be the
> kernel version.
> be supported.

This is all talking about only in-tree modules. If you update the
kernel vs the modules separately, the scmversion does matter. Also, by
your argument, the vermagic or srcversion properties in a module
shouldn't be there either.

> You are still trying to sneak out of tree module infrastructure in here
> with a bad cover story.  Please stop doing that.

If Will needs to maintain a downstream patch for adding out-of-tree
module support, maintaining this additional patch isn't going to
significantly increase his work. But he's trying to upstream at least
the part that's useful for upstream. This is still a real problem for
a device/board that's fully upstream. Please stop ignoring real
upstream problems just because it can also be a problem for out of
tree modules. This is not how we encourage folks to upstream their
changes.

-Saravana

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ