lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20210206132411.GD7312@1wt.eu>
Date:   Sat, 6 Feb 2021 14:24:11 +0100
From:   Willy Tarreau <w@....eu>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     Guenter Roeck <linux@...ck-us.net>, linux-kernel@...r.kernel.org,
        akpm@...ux-foundation.org, torvalds@...ux-foundation.org,
        stable@...r.kernel.org, lwn@....net, jslaby@...e.cz,
        shuah@...nel.org, patches@...nelci.org,
        lkft-triage@...ts.linaro.org, pavel@...x.de, jonathanh@...dia.com
Subject: Re: Linux 4.4.256

On Sat, Feb 06, 2021 at 02:19:57PM +0100, Greg Kroah-Hartman wrote:
> On Sat, Feb 06, 2021 at 02:11:13PM +0100, Willy Tarreau wrote:
> > On Sat, Feb 06, 2021 at 02:00:27PM +0100, Greg Kroah-Hartman wrote:
> > > I think Sasha's patch here:
> > > 	https://lore.kernel.org/r/20210205174702.1904681-1-sashal@kernel.org
> > > is looking like the solution.
> > 
> > It might cause trouble to those forcing SUBLEVEL to a given version such
> > as .0 to avoid exposing the exact stable version. I guess we should
> > instead try to integrate a test on the value itself and cap it at 255.
> 
> That's the main goal of the upstream submission that checks the value
> before capping it:
> 	https://lore.kernel.org/r/20210206035033.2036180-2-sashal@kernel.org
>
> > Something like this looks more robust to me, it will use SUBLEVEL for
> > values 0 to 255 and 255 for any larger value:
> > 
> > -	expr $(VERSION) \* 65536 + 0$(PATCHLEVEL) \* 256 + 0$(SUBLEVEL)); \
> > +	expr $(VERSION) \* 65536 + 0$(PATCHLEVEL) \* 256 + 255 \* (0$(SUBLEVEL) > 255) + 0$(SUBLEVEL) * (0$(SUBLEVEL \<= 255)); \
> 
> I think you just rewrote the above linked patch :)

Ah I missed it, indeed! Sorry for the noise :-)

Willy

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ