lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 8 Feb 2021 13:48:06 +0000
From:   David Laight <David.Laight@...LAB.COM>
To:     'Sasha Levin' <sashal@...nel.org>,
        "masahiroy@...nel.org" <masahiroy@...nel.org>,
        "michal.lkml@...kovi.net" <michal.lkml@...kovi.net>
CC:     "linux-kbuild@...r.kernel.org" <linux-kbuild@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "torvalds@...ux-foundation.org" <torvalds@...ux-foundation.org>,
        "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>
Subject: RE: [PATCH 2/3] kbuild: clamp SUBLEVEL to 255

From: Sasha Levin
> Sent: 06 February 2021 03:51
> 
> Right now if SUBLEVEL becomes larger than 255 it will overflow into the
> territory of PATCHLEVEL, causing havoc in userspace that tests for
> specific kernel version.
> 
> While userspace code tests for MAJOR and PATCHLEVEL, it doesn't test
> SUBLEVEL at any point as ABI changes don't happen in the context of
> stable tree.
> 
> Thus, to avoid overflows, simply clamp SUBLEVEL to it's maximum value in
> the context of LINUX_VERSION_CODE. This does not affect "make
> kernelversion" and such.
> 
> Signed-off-by: Sasha Levin <sashal@...nel.org>
> ---
>  Makefile | 12 +++++++++---
>  1 file changed, 9 insertions(+), 3 deletions(-)
> 
> diff --git a/Makefile b/Makefile
> index 49ac1b7fe8e99..157be50c691e5 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -1258,9 +1258,15 @@ define filechk_utsrelease.h
>  endef
> 
>  define filechk_version.h
> -	echo \#define LINUX_VERSION_CODE $(shell                         \
> -	expr $(VERSION) \* 65536 + 0$(PATCHLEVEL) \* 256 + 0$(SUBLEVEL)); \
> -	echo '#define KERNEL_VERSION(a,b,c) (((a) << 16) + ((b) << 8) + (c))'
> +	if [ $(SUBLEVEL) -gt 255 ]; then                                 \
> +		echo \#define LINUX_VERSION_CODE $(shell                 \
> +		expr $(VERSION) \* 65536 + 0$(PATCHLEVEL) \* 256 + 255); \
> +	else                                                             \
> +		echo \#define LINUX_VERSION_CODE $(shell                 \
> +		expr $(VERSION) \* 65536 + 0$(PATCHLEVEL) \* 256 + $(SUBLEVEL)); \
> +	fi;                                                              \
> +	echo '#define KERNEL_VERSION(a,b,c) (((a) << 16) + ((b) << 8) +  \
> +	((c) > 255 ? 255 : (c)))'
>  endef

Why not use KERNEL_VERSION to define LINUX_VERSION_CODE ?
Basically just:
	echo '#define LINUX_VERSION_CODE KERNEL_VERSION($(VERSION), $(PATCHLEVEL)+0, $(SUBLEVEL)+0)'

If PATCHLEVEL and SUBLEVEL are guaranteed to be non-empty the +0
can be removed.
The patch assumes they are non-empty, the original pre-prended 0
to stop syntax error for empty version strings.

Note that the expr version will process 08 and 09.
gcc will treat them as octal, and may error them.

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ