Re: Proposal, again: Disable autoload of compat_xyz modules

To: Tech-kern <tech-kern%netbsd.org@localhost>
Subject: Re: Proposal, again: Disable autoload of compat_xyz modules
From: Valery Ushakov <uwe%stderr.spb.ru@localhost>
Date: Fri, 27 Sep 2019 15:39:41 +0300

On Fri, Sep 27, 2019 at 10:57:12 +0200, Jarom?r Dole?ek wrote:

> Le jeu. 26 sept. 2019 ? 18:08, Manuel Bouyer <bouyer%antioche.eu.org@localhost> a ?crit :
> >
> > On Thu, Sep 26, 2019 at 05:10:01PM +0200, Maxime Villard wrote:
> > > issues for a clearly marginal use case, and given the current general
> >          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >
> > This is where we dissagree. You guess it's marginal but there's no
> > evidence of that (and there's no evidence of the opposite either).
> 
> FYI - I've put also a lot of efford into fixing & enhancing
> compat_linux in past. I also greatly appreciate all the work work of
> other folks working on the layer, it's super useful in some situations
> - browser with flash support used to be important (thankfully not
> anymore), also vmware and matlab, I also used some Oracle dev tools.
> However, that is not the topic of the discussion.
> 
> Let's concentrate on whether it should be enabled by default.

Yes, please.  This discussion has veered way off topic.


> Given the history, to me it's completely clear compat_linux shouldn't
> be on by default. Any possible linux-specific exploits should only be
> problem for people actually explicitly enabling it. Let's just stop
> pretending that we'd setup any kind of reasonable testing suite for
> this - it has not been done in last >20 years, it's even less likely
> to happen now that most of the major use cases are actually moot.
> 
> As Maya suggested, let's keep this concentrated on COMPAT_LINUX only
> to avoid further bikeshed flogging, so basically I propose doing this:
> 1) Comment out COMPAT_LINUX from all kernels configs for all archs
> which support modular
> 2) Disable autoload for compat_linux, requiring the user to explicitly
> configure system to load it. No extra sysctl.
> 
> Any major and specific objections?

At some point it became very hard to follow the technical content of
this thread, but I don't think there were any.

Thanks!

-uwe

References:
- Re: Proposal, again: Disable autoload of compat_xyz modules
  - From: Mouse
- Re: Proposal, again: Disable autoload of compat_xyz modules
  - From: Maxime Villard
- Re: Proposal, again: Disable autoload of compat_xyz modules
  - From: Manuel Bouyer
- Re: Proposal, again: Disable autoload of compat_xyz modules
  - From: Maxime Villard
- Re: Proposal, again: Disable autoload of compat_xyz modules
  - From: Manuel Bouyer
- Re: Proposal, again: Disable autoload of compat_xyz modules
  - From: Maxime Villard
- Re: Proposal, again: Disable autoload of compat_xyz modules
  - From: Manuel Bouyer
- Re: Proposal, again: Disable autoload of compat_xyz modules
  - From: Maxime Villard
- Re: Proposal, again: Disable autoload of compat_xyz modules
  - From: Manuel Bouyer
- Re: Proposal, again: Disable autoload of compat_xyz modules
  - From: Jaromír Doleček

Prev by Date: Re: Proposal, again: Disable autoload of compat_xyz modules
Next by Date: Re: panic: UBSan: Undefined Behavior in /syzkaller/managers/netbsd-kubsan/kernel/sys/kern/kern_rndq.c:LINE, negation of -ADD
Previous by Thread: Re: Proposal, again: Disable autoload of compat_xyz modules
Next by Thread: Re: Proposal, again: Disable autoload of compat_xyz modules
Indexes:

Home | Main Index | Thread Index | Old Index