On Fri, Sep 24, 2010 at 12:07, Jeff Mahoney <jeffm@suse.com> wrote:
On 09/23/2010 09:27 PM, Andrew Joakimsen wrote:
On Thu, Sep 23, 2010 at 17:39, Vadym Krevs<vkrevs@serena.com> wrote:
On 23/09/10 22:18, Anders Johansson wrote:
On Thursday 23 September 2010, Vadym Krevs wrote:
Hi all,
just a heads up. If you use the ATI binary driver, and install the latest kernel update (2.6.34.7-0.3), then you will no longer be able to recompile the ATI driver due to missing compat_alloc_user_space() symbol in fglrx/kcl_ioctl.c.
According to http://www.gossamer-threads.com/lists/linux/kernel/1277377, the "compat_alloc_user_space()" symbol became GPL-only, got moved to another header, etc.
Personally, I find it unbelievable that openSUSE kernel team would release a minor kernel upgrade that would screw up all users of the ATI binary driver.
I don't think there was much of a choice, since upstream decided to license the new function "GPl only". Distributions can change things in open source code, but as far as I know only BSD style licenses allow relicensing.
FYI there is a patch for the ATI driver
Anders
IMHO, this could have been handled differently. E.g., the updated kernel could have been released once an updated ATI driver was available.
As to a patch - well, it is easy to find and apply, if you're a software engineer like myself. What about the average Joe user ... So much for the strategy statement: "The target users of the openSUSE distribution are people who need to get work done and want something *stable* and usable for their every day needs."
So why are these shenanigans from upstream allowed into openSUSE? Why not disable the useless GPL only code in the Kernel as it serves no real technical purpose, it adds nothing but bloat to the Kernel. What ever happened to "free as in freedom?"
It serves no purpose other than to fix a widely exploitable root hole.
We have tests in place to ensure that the kABI doesn't change between releases, and it hasn't. The API has and that had unforseen consequences. As other people have noted, getting a quick fix out for a root exploit trumps ensuring that a proprietary driver still builds. And the module built against the last kernel still works, but still has the exploit. We chose to keep the change rather than work around it since ATI had already developed a fix (and they had to, since the upstream commit wasn't going to change to accommodate them).
-Jeff
-- Jeff Mahoney SUSE Labs
That's not what I am getting at. Of course I would expect an upstream security patch to be implemented. What I understand from Anders Johansson's post is the ATI drivers were using an API in the kernel that suddenly got marked as GPL_ONLY/Proprietary taint. And what I am getting at is why does SUSE put of with these shenanigans instead of removing the GPL_ONLY bloat out of the Kernel? I don't see how this can cause a security issue. Or now only GPL code (or malicious code marked as GPL) can cause a vulnerability? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org