lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 3 May 2021 19:14:25 +0200 (CEST)
From:   "Maciej W. Rozycki" <macro@...am.me.uk>
To:     Theodore Ts'o <tytso@....edu>
cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        Tom Stellard <tstellar@...hat.com>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Masahiro Yamada <masahiroy@...nel.org>,
        Nathan Chancellor <nathan@...nel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        clang-built-linux <clang-built-linux@...glegroups.com>,
        Fangrui Song <maskray@...gle.com>,
        Serge Guelton <sguelton@...hat.com>,
        Sylvestre Ledru <sylvestre@...illa.com>
Subject: Re: Very slow clang kernel config ..

On Mon, 3 May 2021, Theodore Ts'o wrote:

> On Mon, May 03, 2021 at 10:38:12AM -0400, Theodore Ts'o wrote:
> > On Mon, May 03, 2021 at 03:03:31AM +0200, Maciej W. Rozycki wrote:
> > > 
> > > People went through great efforts to support shared libraries, sacrificed
> > > performance for it even back then when the computing power was much lower
> > > than nowadays.
> > 
> > That was because memory was *incredibly* restrictive in those days.
> > My first Linux server had one gig of memory, and so shared libraries
> > provided a huge performance boost --- because otherwise systems would
> > be swapping or paging their brains out.
> 
> Correction.  My bad, my first Linux machine had 16 megs of memory....

 There was memory and there was storage.  Back in 1990s I maintained Linux 
machines with as little as 4MiB of RAM or 2MiB even with some 80386SX box, 
and as little as 40MB HDD or 64MB SSD (which was pretty damn expensive and 
occupied the whole 3.5" drive space in the PATA form factor).  Yes, 2MiB 
used to be the minimum for x86 around 2.0.x, and you could actually boot a 
system multiuser with as little RAM.  And obviously dynamic executables 
took less storage space than static ones, so if you had more than just a 
couple, the saving balanced the overhead of the shared library files used.

 But I agree this is only relevant nowadays in certain specific use cases 
(which will often anyway choose to run things like BusyBox plus maybe just 
a bunch of tools, and won't see any benefit from memory sharing or storage 
saving).

> > However, these days, many if not most developers aren't capable of the
> > discpline needed to maintained the ABI stability needed for shared
> > libraries to work well.  I can think several packages where if you
> > used shared libraries, the major version number would need to be
> > bumped at every releases, because people don't know how to spell ABI,
> > never mind be able to *preserve* ABI.  Heck, it's the same reason that
> > we don't promise kernel ABI compatibility for kernel modules!
> > 
> > https://www.kernel.org/doc/Documentation/process/stable-api-nonsense.rst
> > 
> > And in the case of Debian, use of shared libraries means that every
> > time you release a new version of, say, f2fs-tools, things can get
> > stalled for months or in one case, over a year, due to the new package
> > review process (a shared library version bump means a new binary
> > package, and that in turn requires a full review of the entire source
> > package for GPL compliance from scratch, and f2fs-tools has bumped
> > their shared library major version *every* *single* *release*) ---
> > during which time, security bug fixes were being held up due to the
> > new package review tarpit.

 Well, SONAME maintenance is indeed a hassle, but to solve this problem 
we've had symbol versioning for decades now, ever since we've switched 
from libc 5 to glibc 2.0.  And glibc hasn't bumped the SONAMEs of the 
individual libraries ever since, while maintaining all the old ABIs (not 
necessarily available to link against) and adding new ones as required.

 So it has been pretty easy to maintain ABI compatibility nowadays without 
the need to carry multiple library versions along, as long as you actually 
care to do so.

> > If people could actually guarantee stable ABI's, then shared libraries
> > might make sense.  E2fsprogs hasn't had a major version bump in shared
> > libraries for over a decade (although some developers whine and
> > complain about how I reject function signature changes in the
> > libext2fs library to provide that ABI stability).  But how many
> > userspace packages can make that claim?

 That's actually the matter of general software quality and the competence 
of software developers.  I have no good answer except for a suggestion to 
see this talk: <https://lca2020.linux.org.au/schedule/presentation/105/>.

  Maciej

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ