Re: [PATCH] x86/kbuild: enable modversions for symbols exported from asm

From: Nicholas Piggin
Date: Thu Dec 08 2016 - 22:51:06 EST

On Thu, 1 Dec 2016 10:20:39 -0500
Don Zickus <dzickus@xxxxxxxxxx> wrote:

> On Thu, Dec 01, 2016 at 03:32:15PM +1100, Nicholas Piggin wrote:
> > > Anyway, MODVERSIONS is our way of protecting our kabi for the last 10 years.
> > > It isn't perfect and we have fixed the genksyms tool over the years, but so
> > > far it mostly works fine.
> >
> > Okay. It would be good to get all the distros in on this.
> >
> > What I want to do is work out exactly what it is that modversions is
> > giving you.
> >
> > We know it's fairly nasty code to maintain and it does not detect ABI
> > changes very well. But it's not such a burden that we can't maintain
> > it if there are good reasons to keep it.
> Hi Nick,
> I won't disagree with you there. :-)

Sorry for the late reply, I was moving house and got side tracked.

> modversions is a pretty heavy handed approach that basically says if all the
> symbols and types haven't changed for a given EXPORT_SYMBOL (recursively
> checked), then there is a high degree of confidence the OOT driver will not
> only load, but run correctly.

It's heavy handed in that it is quite complex in the kernel build system,
but it is also light handed in that it does not do a very good job.

I would say the degree of confidence is not very high. People have told
me modversions follows pointers to objects in its calculation, but I have
not seen that to be the case. Even if you did have that, it can not replace
a code review for semantics of data and code.

> The question is how to provide a similar guarantee if a different way?

As a tool to aid distro reviewers, modversions has some value, but the
debug info parsing tools that have been mentioned in this thread seem
superior (not that I've tested them).

> We have plenty of customers with 10 year old drivers, where the expertise
> has long left the company. The engineers still around, recompile and make
> tweaks to get things working on the latest RHEL. Verify it passes testing
> and release it. Then they hope to not touch it again for a few years until
> the next RHEL comes along.
> Scary, huh? :-)

Oh yeah my aim here is not to make distro or out of tree module vendors
life harder, actually the opposite. If it turns out modversions really is
the best approach, I'm not in a position to complain about its complexity
because we have Suse and Redhat people maintaining the build and module
systems :) I just want to see if we can do things better.