Hacking modversions

[Mike Hearn]

On Tue, 01 Mar 2005 19:56:07 +0100, Arjan van de Ven wrote:
> In practice those ALWAYS change. That's just speaking from experience.
> Fedora doesn't have kernel updates that are "just" minimal security
> fixes.

So I noticed. Right now it's a moot point because there are no patch RPMs,
but in future it might be worth making sure the amount you need to
download to stay secure is minimal. Otherwise dialup users are going to be
immediately left behind and insecure.

Something for the future though.

>       And even with those it's really hard to not break the internal
> abi (or even to know you didn't break the abi, since there is no abi
> definition or no way to really check it) to the point that it's ALWAYS
> better to just recompile. 

An ABI is a precise thing, I see that modversions already bases
the checksums on things like struct size (though in my kernels it looks
like every symbol changes so maybe it's random too). It should be possible
to look at a bugfix and say "Yep that doesn't change the ABI".

There are other types of breaking change which are harder, like 4k
stacks, but recompiling doesn't fix them anyway. So it doesn't matter from
the module loaders perspective.

>                           Once you're set up for that, there's no point
> in doing weird hacks for the 1 in 100 where you could avoid the
> recompile; it's then so rare that it becomes REALLY fragile and just
> breaks more than it fixes.

If Fedoras security updates were actually just security updates, and not
"fix a security bug and also rebase the kernel to a new patchset" then it
wouldn't be rare and fragile. But that's a totally different area of
policy I don't want to get into now ....

OK, thanks for explaining this Arjan. I'll consider the matter closed.

thanks -mike