| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 May 2013 02:47:54 +0100
From: Ben Hutchings <ben@...adent.org.uk>
To: Ingo Molnar <mingo@...nel.org>
Cc: Namhyung Kim <namhyung.kim@....com>,
Libin <huawei.libin@...wei.com>,
Peter Zijlstra <peterz@...radead.org>,
linux-kernel@...r.kernel.org, stable@...r.kernel.org,
jiang.liu@...wei.com, guohanjun@...wei.com,
Jonghwan Choi <jhbird.choi@...sung.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: Re: [ 22/42] sched/debug: Fix sd->*_idx limit range avoiding
overflow
On Fri, 2013-05-10 at 09:59 +0200, Ingo Molnar wrote:
> * Ben Hutchings <ben@...adent.org.uk> wrote:
>
> > On Tue, 2013-04-23 at 14:52 -0700, Greg Kroah-Hartman wrote:
> > > 3.8-stable review patch. If anyone has any objections, please let me know.
> > >
> > > ------------------
> > >
> > > From: libin <huawei.libin@...wei.com>
> > >
> > > commit fd9b86d37a600488dbd80fe60cca46b822bff1cd upstream.
> > >
> > > Commit 201c373e8e ("sched/debug: Limit sd->*_idx range on
> > > sysctl") was an incomplete bug fix.
> > [...]
> >
> > It seems like both these commits ought to be applied to earlier stable
> > branches. Or was the lack of range checking a regression after 3.4?
>
> Both should be applied indeed.
>
> They are not a huge problem as all these facilities are for debugging and
> are root-only, but the two fixes should be applied together or not at all.
I've queued up both of these for 3.2.
Ben.
--
Ben Hutchings
If at first you don't succeed, you're doing about average.
Download attachment "signature.asc" of type "application/pgp-signature" (829 bytes)
Powered by blists - more mailing lists