lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 26 Jan 2020 12:49:57 -0800
From:   Jakub Kicinski <kuba@...nel.org>
To:     Leon Romanovsky <leon@...nel.org>
Cc:     Shannon Nelson <snelson@...sando.io>,
        "David S . Miller" <davem@...emloft.net>,
        Michal Kalderon <michal.kalderon@...vell.com>,
        linux-netdev <netdev@...r.kernel.org>,
        RDMA mailing list <linux-rdma@...r.kernel.org>
Subject: Re: [PATCH net-next] net/core: Replace driver version to be kernel
 version

On Sun, 26 Jan 2020 21:41:10 +0200, Leon Romanovsky wrote:
> > This will end up affecting out-of-tree drivers as well, where it is useful
> > to know what the version number is, most especially since it is different
> > from what the kernel provided driver is.  How else are we to get this
> > information out to the user?  If this feature gets squashed, we'll end up
> > having to abuse some other mechanism so we can get the live information from
> > the driver, and probably each vendor will find a different way to sneak it
> > out, giving us more chaos than where we started.  At least the ethtool
> > version field is a known and consistent place for the version info.
> >
> > Of course, out-of-tree drivers are not first class citizens, so I probably
> > lose that argument as well.
> >
> > So if you are so all fired up about not allowing the drivers to report their
> > own version number, then why report anything at all? Maybe just report a
> > blank field.  As some have said, the uname info is already available else
> > where, why are we sticking it here?
> >
> > Personally, I think this is a rather arbitrary, heavy handed and unnecessary
> > slam on the drivers, and will make support more difficult in the long run.  
> 
> The thing is that leaving this field as empty, for sure will break all
> applications. I have a feeling that it can be close to 100% hit rate.
> So, kernel version was chosen as an option, because it is already
> successfully in use by at least two drivers (nfp and hns).

Shannon does have a point that out of tree drivers still make use of
this field. Perhaps it would be a more suitable first step to print the
kernel version as default and add a comment saying upstream modules
shouldn't overwrite it (perhaps one day CI can catch new violators).

The NFP reports the git hash of the driver source plus the string
"(oot)" for out-of-tree:

https://github.com/Netronome/nfp-drv-kmods/blob/master/src/Kbuild#L297
https://github.com/Netronome/nfp-drv-kmods/blob/master/src/Kbuild#L315

> Leaving to deal with driver version to vendors is not an option too,
> because they prove for more than once that they are not capable to
> define user visible interfaces. It comes due to their natural believe
> that their company is alone in the world and user visible interface
> should be suitable for them only.
> 
> It is already impossible for users to distinguish properly versions
> of different vendors, because they use arbitrary strings with some
> numbers.

That is true. But reporting the kernel version without even as much as
in-tree/out-of-tree indication makes the field entirely meaningless.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ