| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 10 May 2013 09:59:41 +0200
From: Ingo Molnar <mingo@...nel.org>
To: Ben Hutchings <ben@...adent.org.uk>
Cc: Namhyung Kim <namhyung.kim@....com>,
Libin <huawei.libin@...wei.com>,
Peter Zijlstra <peterz@...radead.org>,
linux-kernel@...r.kernel.org, stable@...r.kernel.org,
jiang.liu@...wei.com, guohanjun@...wei.com,
Jonghwan Choi <jhbird.choi@...sung.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: Re: [ 22/42] sched/debug: Fix sd->*_idx limit range avoiding overflow
* Ben Hutchings <ben@...adent.org.uk> wrote:
> On Tue, 2013-04-23 at 14:52 -0700, Greg Kroah-Hartman wrote:
> > 3.8-stable review patch. If anyone has any objections, please let me know.
> >
> > ------------------
> >
> > From: libin <huawei.libin@...wei.com>
> >
> > commit fd9b86d37a600488dbd80fe60cca46b822bff1cd upstream.
> >
> > Commit 201c373e8e ("sched/debug: Limit sd->*_idx range on
> > sysctl") was an incomplete bug fix.
> [...]
>
> It seems like both these commits ought to be applied to earlier stable
> branches. Or was the lack of range checking a regression after 3.4?
Both should be applied indeed.
They are not a huge problem as all these facilities are for debugging and
are root-only, but the two fixes should be applied together or not at all.
Thanks,
Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists