| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YB6XfR5YDz8IjZHu@kroah.com>
Date: Sat, 6 Feb 2021 14:19:57 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Willy Tarreau <w@....eu>
Cc: Guenter Roeck <linux@...ck-us.net>, linux-kernel@...r.kernel.org,
akpm@...ux-foundation.org, torvalds@...ux-foundation.org,
stable@...r.kernel.org, lwn@....net, jslaby@...e.cz,
shuah@...nel.org, patches@...nelci.org,
lkft-triage@...ts.linaro.org, pavel@...x.de, jonathanh@...dia.com
Subject: Re: Linux 4.4.256
On Sat, Feb 06, 2021 at 02:11:13PM +0100, Willy Tarreau wrote:
> On Sat, Feb 06, 2021 at 02:00:27PM +0100, Greg Kroah-Hartman wrote:
> > I think Sasha's patch here:
> > https://lore.kernel.org/r/20210205174702.1904681-1-sashal@kernel.org
> > is looking like the solution.
>
> It might cause trouble to those forcing SUBLEVEL to a given version such
> as .0 to avoid exposing the exact stable version. I guess we should
> instead try to integrate a test on the value itself and cap it at 255.
That's the main goal of the upstream submission that checks the value
before capping it:
https://lore.kernel.org/r/20210206035033.2036180-2-sashal@kernel.org
> Something like this looks more robust to me, it will use SUBLEVEL for
> values 0 to 255 and 255 for any larger value:
>
> - expr $(VERSION) \* 65536 + 0$(PATCHLEVEL) \* 256 + 0$(SUBLEVEL)); \
> + expr $(VERSION) \* 65536 + 0$(PATCHLEVEL) \* 256 + 255 \* (0$(SUBLEVEL) > 255) + 0$(SUBLEVEL) * (0$(SUBLEVEL \<= 255)); \
I think you just rewrote the above linked patch :)
thanks,
greg k-h
Powered by blists - more mailing lists