lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <67fa104b-8b0e-dd70-3cc3-04dd008639be@pensando.io>
Date:   Sun, 26 Jan 2020 12:52:05 -0800
From:   Shannon Nelson <snelson@...sando.io>
To:     Leon Romanovsky <leon@...nel.org>
Cc:     "David S . Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        Michal Kalderon <michal.kalderon@...vell.com>,
        linux-netdev <netdev@...r.kernel.org>,
        RDMA mailing list <linux-rdma@...r.kernel.org>
Subject: Re: [PATCH net-next] net/core: Replace driver version to be kernel
 version

On 1/26/20 11:41 AM, Leon Romanovsky wrote:
> On Sun, Jan 26, 2020 at 10:56:17AM -0800, Shannon Nelson wrote:
>> On 1/23/20 5:05 AM, Leon Romanovsky wrote:
>>> From: Leon Romanovsky<leonro@...lanox.com>
>>>
>>> In order to stop useless driver version bumps and unify output
>>> presented by ethtool -i, let's overwrite the version string.
>>>
>>> Before this change:
>>> [leonro@...er ~]$ ethtool -i eth0
>>> driver: virtio_net
>>> version: 1.0.0
>>> After this change:
>>> [leonro@...ver ~]$ ethtool -i eth0
>>> driver: virtio_net
>>> version: 5.5.0-rc6+
>>>
>>> Signed-off-by: Leon Romanovsky<leonro@...lanox.com>
>>> ---
>>> I wanted to change to VERMAGIC_STRING, but the output doesn't
>>> look pleasant to my taste and on my system is truncated to be
>>> "version: 5.5.0-rc6+ SMP mod_unload modve".
>>>
>>> After this patch, we can drop all those version assignments
>>> from the drivers.
>>>
>>> Inspired by nfp and hns code.
>>> ---
>>>    net/core/ethtool.c | 3 +++
>>>    1 file changed, 3 insertions(+)
>>>
>>> diff --git a/net/core/ethtool.c b/net/core/ethtool.c
>>> index cd9bc67381b2..3c6fb13a78bf 100644
>>> --- a/net/core/ethtool.c
>>> +++ b/net/core/ethtool.c
>>> @@ -17,6 +17,7 @@
>>>    #include <linux/phy.h>
>>>    #include <linux/bitops.h>
>>>    #include <linux/uaccess.h>
>>> +#include <linux/vermagic.h>
>>>    #include <linux/vmalloc.h>
>>>    #include <linux/sfp.h>
>>>    #include <linux/slab.h>
>>> @@ -776,6 +777,8 @@ static noinline_for_stack int ethtool_get_drvinfo(struct net_device *dev,
>>>    		return -EOPNOTSUPP;
>>>    	}
>>>
>>> +	strlcpy(info.version, UTS_RELEASE, sizeof(info.version));
>>> +
>>>    	/*
>>>    	 * this method of obtaining string set info is deprecated;
>>>    	 * Use ETHTOOL_GSSET_INFO instead.
>>> --
>>> 2.20.1
>>>
>> First of all, although I've seen some of the arguments about distros and
>> their backporting, I still believe that the driver version number is
>> useful.  In most cases it at least gets us in the ballpark of what
>> generation the driver happens to be and is still useful. I'd really prefer
>> that it is just left alone for the device manufactures and their support
>> folks to deal with.
>>
>> Fine, I'm sure I lose that argument since there's already been plenty of
>> discussion about it.
>>
>> Meanwhile, there is some non-zero number of support scripts and processes,
>> possibly internal testing chains, that use that driver/vendor specific
>> version information and will be broken by this change.  Small number?  Large
>> number?  I don't know, but we're breaking them.
>>
>> Sure, I probably easily lose that argument too, but it still should be
>> stated.
>>
>> This will end up affecting out-of-tree drivers as well, where it is useful
>> to know what the version number is, most especially since it is different
>> from what the kernel provided driver is.  How else are we to get this
>> information out to the user?  If this feature gets squashed, we'll end up
>> having to abuse some other mechanism so we can get the live information from
>> the driver, and probably each vendor will find a different way to sneak it
>> out, giving us more chaos than where we started.  At least the ethtool
>> version field is a known and consistent place for the version info.
>>
>> Of course, out-of-tree drivers are not first class citizens, so I probably
>> lose that argument as well.
>>
>> So if you are so all fired up about not allowing the drivers to report their
>> own version number, then why report anything at all? Maybe just report a
>> blank field.  As some have said, the uname info is already available else
>> where, why are we sticking it here?
>>
>> Personally, I think this is a rather arbitrary, heavy handed and unnecessary
>> slam on the drivers, and will make support more difficult in the long run.
> The thing is that leaving this field as empty, for sure will break all
> applications. I have a feeling that it can be close to 100% hit rate.
> So, kernel version was chosen as an option, because it is already
> successfully in use by at least two drivers (nfp and hns).

I'm glad that works for those drivers.

> Leaving to deal with driver version to vendors is not an option too,
> because they prove for more than once that they are not capable to
> define user visible interfaces. It comes due to their natural believe
> that their company is alone in the world and user visible interface
> should be suitable for them only.

So you want to remove the one reliable place to put some information we 
find useful, thus forcing us to come up with creative new places to put 
it?  Shall we remove the firmware version number as well when we start 
abusing it by adding driver version information?

There has been a lot of work over the years to try to corral and unify 
various bits of information so that everyone can access it the same way, 
and now you're trying to remove one of those methods. This will only 
force driver writers to get "creative" on how to get the info they need 
out to the user.

> It is already impossible for users to distinguish properly versions
> of different vendors, because they use arbitrary strings with some
> numbers.

Shall we also fix it so those pesky distros can't add their own 
arbitrary version numbers to the kernel?

Again, I think you are trying to remove a useful bit of information.  
Just because it isn't useful to you doesn't mean it is useless to others.

sln

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ