lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 8 Feb 2021 15:09:26 +0100
From:   "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>
To:     David Laight <David.Laight@...lab.com>
Cc:     'Sasha Levin' <sashal@...nel.org>,
        "masahiroy@...nel.org" <masahiroy@...nel.org>,
        "michal.lkml@...kovi.net" <michal.lkml@...kovi.net>,
        "linux-kbuild@...r.kernel.org" <linux-kbuild@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "torvalds@...ux-foundation.org" <torvalds@...ux-foundation.org>
Subject: Re: [PATCH 2/3] kbuild: clamp SUBLEVEL to 255

On Mon, Feb 08, 2021 at 01:48:06PM +0000, David Laight wrote:
> From: Sasha Levin
> > Sent: 06 February 2021 03:51
> > 
> > Right now if SUBLEVEL becomes larger than 255 it will overflow into the
> > territory of PATCHLEVEL, causing havoc in userspace that tests for
> > specific kernel version.
> > 
> > While userspace code tests for MAJOR and PATCHLEVEL, it doesn't test
> > SUBLEVEL at any point as ABI changes don't happen in the context of
> > stable tree.
> > 
> > Thus, to avoid overflows, simply clamp SUBLEVEL to it's maximum value in
> > the context of LINUX_VERSION_CODE. This does not affect "make
> > kernelversion" and such.
> > 
> > Signed-off-by: Sasha Levin <sashal@...nel.org>
> > ---
> >  Makefile | 12 +++++++++---
> >  1 file changed, 9 insertions(+), 3 deletions(-)
> > 
> > diff --git a/Makefile b/Makefile
> > index 49ac1b7fe8e99..157be50c691e5 100644
> > --- a/Makefile
> > +++ b/Makefile
> > @@ -1258,9 +1258,15 @@ define filechk_utsrelease.h
> >  endef
> > 
> >  define filechk_version.h
> > -	echo \#define LINUX_VERSION_CODE $(shell                         \
> > -	expr $(VERSION) \* 65536 + 0$(PATCHLEVEL) \* 256 + 0$(SUBLEVEL)); \
> > -	echo '#define KERNEL_VERSION(a,b,c) (((a) << 16) + ((b) << 8) + (c))'
> > +	if [ $(SUBLEVEL) -gt 255 ]; then                                 \
> > +		echo \#define LINUX_VERSION_CODE $(shell                 \
> > +		expr $(VERSION) \* 65536 + 0$(PATCHLEVEL) \* 256 + 255); \
> > +	else                                                             \
> > +		echo \#define LINUX_VERSION_CODE $(shell                 \
> > +		expr $(VERSION) \* 65536 + 0$(PATCHLEVEL) \* 256 + $(SUBLEVEL)); \
> > +	fi;                                                              \
> > +	echo '#define KERNEL_VERSION(a,b,c) (((a) << 16) + ((b) << 8) +  \
> > +	((c) > 255 ? 255 : (c)))'
> >  endef
> 
> Why not use KERNEL_VERSION to define LINUX_VERSION_CODE ?
> Basically just:
> 	echo '#define LINUX_VERSION_CODE KERNEL_VERSION($(VERSION), $(PATCHLEVEL)+0, $(SUBLEVEL)+0)'

Because we are "clamping" LINUX_VERSION_CODE() at a x.y.255, while
KERNEL_VERSION() continues on with the "real" minor number.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ