lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 4 Feb 2021 16:28:19 +0000
From:   David Laight <David.Laight@...LAB.COM>
To:     'Jiri Slaby' <jirislaby@...nel.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>
CC:     Jari Ruusu <jariruusu@...tonmail.com>,
        Sasha Levin <sashal@...nel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "stable@...r.kernel.org" <stable@...r.kernel.org>,
        "torvalds@...ux-foundation.org" <torvalds@...ux-foundation.org>,
        "masahiroy@...nel.org" <masahiroy@...nel.org>
Subject: RE: Kernel version numbers after 4.9.255 and 4.4.255

From: Jiri Slaby
> Sent: 04 February 2021 11:01
> 
> On 04. 02. 21, 9:51, Greg Kroah-Hartman wrote:
> >> It might work somewhere, but there are a lot of (X * 65536 + Y * 256 + Z)
> >> assumptions all around the world. So this doesn't look like a good idea.
> >
> > Ok, so what happens if we "wrap"?  What will break with that?  At first
> > glance, I can't see anything as we keep the padding the same, and our
> > build scripts seem to pick the number up from the Makefile and treat it
> > like a string.
> >
> > It's only the crazy out-of-tree kernel stuff that wants to do minor
> > version checks that might go boom.  And frankly, I'm not all that
> > concerned if they have problems :)
> 
> Agreed. But currently, sublevel won't "wrap", it will "overflow" to
> patchlevel. And that might be a problem. So we might need to update the
> header generation using e.g. "sublevel & 0xff" (wrap around) or
> "sublevel > 255 : 255 : sublevel" (be monotonic and get stuck at 255).
> 
> In both LINUX_VERSION_CODE generation and KERNEL_VERSION proper.

A full wrap might catch checks for less than (say) 4.4.2 which
might be present to avoid very early versions.
So sticking at 255 or wrapping onto (say) 128 to 255 might be better.

I'm actually intrigued about how often you expect people to update
systems running these LTS kernels.
At a release every week it takes 5 years to run out of sublevels.
No one is going to reboot a server anywhere near that often.

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ