Re: disabling SA in 5.0

[christos%zoulas.com@localhost (Christos Zoulas)]

On Mar 8,  3:37pm, ad%netbsd.org@localhost (Andrew Doran) wrote:
-- Subject: Re: disabling SA in 5.0

| On Sun, Mar 08, 2009 at 11:03:12AM -0400, Christos Zoulas wrote:
| 
| > Isn't this rather heavy-handed and will prevent people from plopping
| > a 5.0 kernel in a 4.0 userland and have things working?
| 
| ["Sort of working", but that is a different discussion it could be useful
| to have some time.]
| 
| > I thought it was enough to disable PTHREAD_CONCURRENCY to prevent the
| > crashes.
| 
| I think that will make the bugs harder to trigger, not fix them.
| 
| The SA code has not been proven. It has most of the same bugs it had in 4.0.
| I pointed out that it would take a lot of effort to get working right, but
| in the rush to tick a box not many seemed to pay attention.
| 
| This is not directed at you Christos - you are obviously trying to fix it,
| and thankyou for that - but, I note that it it's easy to spend a few minutes
| to abuse me over having to change one line in one file. It is far more
| difficult to spend days attempting to reproduce and fix bugs because that
| takes brains, motivation and self-discipline.
| 

I understand and I know that SA under 4.0 was susceptible to the
same kinds of crashes. I don't have any vested interest in preserving
SA.  I just care about the user experience during the upgrade from
4.0 to 5.0, and providing a stable (one that one cannot easily
crash via a local DoS) environment. These goals are often conflicting,
but we could do something like print a warning at boot time when
SA is enabled and keep it enabled in the INSTALL kernels and not
in GENERIC for example. In my opinion having SA turned on, is no
worse than having the unix domain file descriptor passing turned
on; they can both be exploited to crash the kernel.

christos