Rethinking kernel module version dependencies..

John Baldwin jhb at freebsd.org
Tue Apr 22 21:04:34 UTC 2008 

So a while back I added the automatic kernel module version dependencies to 
HEAD where a given kernel module has a dependency on certain versions of 
__FreeBSD_version so that you can't kldload a 6.x module on a 7.x kernel, 
etc.  However, the more I have thought about it, the more I think the current 
module version stuff is rather backwards.  Specifically, the list 
of "supported" versions is not in the module providing the interface, but in 
all the client modules and I think this is backwards.  So first off, some 
specific observations of what we have now:

* A given module (or interface) has a single version (the current version).
* In theory, we can apparently have multiple versions of the same module (the
  module dependency code supports this, and as a result we get non-useful
  error messages (kernel not found vs. kernel version not supported) when a
  version doesn't match).  In practice, though, all the symbols live in a
  single global namespace AFAICT, so having multiple versions of a module
  would probably not work very well.
* A client module lists a min version, a max version, and a preferred
  version and the module code attempts to match it to the "optimal" kernel
  module.
* As a consequence, the current automatic kernel dependency stuff requires
  clients to assume they will work ok with future versions of the kernel
  with no way to revoke that.

What stands out to me is that the model appears to be assuming that one would 
implement compatability for older versions of an interface/module by having a 
separate module with the older version.  However, in other places in our 
existing code we don't follow that model.  Instead, the newer version of the 
module includes its own compatiblity shims for the older version of the 
interface and provides both the old and new versions of the interface from a 
single module (as it were).

For example, 'struct cdevsw' has a d_version field that is always set to the 
current interface version when it is compiled, and the cdevsw handling code 
in kern_conf.c can choose to support older versions by checking the version.  
With symbol versioning my understanding is that a single library will include 
symbols for all supported versions and that the client just specifies a 
single desired version of a given symbol that it requires.

I'd like to change the kernel module versions to have the client modules just 
specify a single version (i.e. what I'm compiled against ala D_VERSION for 
cdevsw) and allow the kernel module declaration to specify a min,max version 
range.  One thing I really like about this is that the modules now have
control to specify exactly which interface versions they support (w/o having 
to have 1 MODULE_VERSION() per version).  Specifically, I'd like to change 
the MODULE_DEPEND() and MODULE_VERSION() macros from:

module implementation:
MODULE_VERSION(foo, <current ver>);

module client:
MODULE_DEPEND(foo, <min ver>, <current ver>, <max ver>);

to:

module_implementation:
MODULE_VERSION(foo, <min ver>, <current (max) ver>);

module client:
MODULE_DEPEND(foo, <current ver>);

So in terms of a specific example, assume that you have a kernel with a 
version of 800100 and you compile a kernel module using that set of headers.  
The kernel currently says that it only supports version 800100.  The kernel 
module says that it would work fine with any kernel version from 800100 to 
899999.  If for some reason you have a warranted ABI breakage (security hole, 
etc.) at 800200 then the module will still kldload ok even though it won't 
work and we have no easy way to prevent that.  However, if you let the kernel 
specify the range, then instead you end up with the kernel saying that it 
supports versions 800000 - 800100 and the kernel module just says it wants to 
use version 800100.  Normally the 800200 kernel would support versions of 
800000 - 800200.  However, if you did have an ABI breakage, then you could 
make the 800200 kernel have a different min version for when the ABI changed 
(e.g. a range of 800150 - 800200) and then the module would correctly fail to 
kldload.

I'm not advocating ABI breakage per se, but I think that the module 
implementation should be the one to set the policy about which versions of an 
interface are supported and that a client should just specify which interface 
version it uses and not have to have knowledge about other interface 
versions.

-- 
John Baldwin

More information about the freebsd-arch mailing list