lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20210205184412.GA20410@duo.ucw.cz>
Date:   Fri, 5 Feb 2021 19:44:12 +0100
From:   Pavel Machek <pavel@....cz>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     Jiri Slaby <jirislaby@...nel.org>,
        Jari Ruusu <jariruusu@...tonmail.com>,
        Sasha Levin <sashal@...nel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "stable@...r.kernel.org" <stable@...r.kernel.org>,
        "torvalds@...ux-foundation.org" <torvalds@...ux-foundation.org>,
        masahiroy@...nel.org
Subject: Re: Kernel version numbers after 4.9.255 and 4.4.255

Hi!

> > > Ugh, I thought this was an internal representation, not an external one
> > > :(
> > > 
> > > > It might work somewhere, but there are a lot of (X * 65536 + Y * 256 + Z)
> > > > assumptions all around the world. So this doesn't look like a good idea.
> > > 
> > > Ok, so what happens if we "wrap"?  What will break with that?  At first
> > > glance, I can't see anything as we keep the padding the same, and our
> > > build scripts seem to pick the number up from the Makefile and treat it
> > > like a string.
> > > 
> > > It's only the crazy out-of-tree kernel stuff that wants to do minor
> > > version checks that might go boom.  And frankly, I'm not all that
> > > concerned if they have problems :)
> > > 
> > > So, let's leave it alone and just see what happens!
> > 
> > Yeah, stable is a great place to do the experiments. Not that this is
> > the first time :-(.
> 
> How else can we "test this out"?
> 
> Should I do an "empty" release of 4.4.256 and see if anyone complains?

It seems that would be bad idea, as it would cause problems when stuff
is compiled on 4.4.256, not simply by running it.

Sasha's patch seems like one option that could work.

Even safer option is to switch to 4.4.255-st1, 4.4.255-st2 ... scheme.

Best regards,
								Pavel
-- 
http://www.livejournal.com/~pavelmachek

Download attachment "signature.asc" of type "application/pgp-signature" (196 bytes)

Powered by blists - more mailing lists