Re: [RFC] modpost: add option to allow external modules to avoid taint

From: Rusty Russell
Date: Mon Dec 19 2011 - 01:09:47 EST

Next message: Rusty Russell: "Re: [PATCH 13/15] module_param: make bool parameters really bool (sound)"
Previous message: Rusty Russell: "Re: [RFC] virtio: use mandatory barriers for remote processor vdevs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 16 Dec 2011 04:39:49 +0000, Ben Hutchings <ben@xxxxxxxxxxxxxxx> wrote:
Non-text part: multipart/signed
> On Fri, 2011-12-16 at 14:26 +1030, Rusty Russell wrote:
> > On Wed, 14 Dec 2011 11:20:03 -0500, "John W. Linville" <linville@xxxxxxxxxxxxx> wrote:
> > We really want to indicate "out-of-support" which is only a 1:1
> > mapping to out-of-tree for upstream kernels.
>
> Who are 'we' in this instance?

Whoever turns this flag on. I was using friendly, inclusive language :)

> > How does Debian handle this?
>
> All the modules in Debian's kernel binary packages are built in-tree.
> Backported modules are patched in as necessary.
>
> Debian includes many packages of OOT modules, but those are supported by
> their respective maintainers and not the kernel team. So for the kernel
> team, the 'O' flag does not mean 'unsupported' but may indicate that
> another maintainer should handle the bug (or it may also be irrelevant
> to the bug).

So, in your case, the kernel team want to know what's outside their
support, so this flag works well for you.

As John pointed out, it's a bit useless for them. We could enable it
with a config option, or they could ignore it, since they're going to
module-signing route anyway.

> > Perhaps it makes more sense to use the proposed module signing stuff in
> > a simplified mode to mark built-with-kernel modules (eg. just put the
> > sha of known modules inside the kernel).
>
> Unlike commercial distributions, no-one is paying Debian for support
> contracts and no-one can game the system by hiding OOT modules. So it's
> probably not worthwhile for us to use module signing at all.
>
> However, supposing we did go down this route, I would guess that
> checksums for ~3000 modules take up more space than the signature
> checking code. Instead, we could perhaps generate a key pair during
> build, include the public key in the kernel and then discard the private
> key. (But getting entropy would likely be a problem for the key
> generation.)

Agreed, 60k is a bit expensive for this minor feature.

Thanks,
Rusty.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Rusty Russell: "Re: [PATCH 13/15] module_param: make bool parameters really bool (sound)"
Previous message: Rusty Russell: "Re: [RFC] virtio: use mandatory barriers for remote processor vdevs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]