Posts
273
Following
88
Followers
2841
gregkh
repeated
bagder@mastodon.social

daniel:// stenberg://

Reply to @bagder@mastodon.social

The short summary of if it has been worth the hassle: yeah I think so. It is now easy and fast to get new CVE IDs. We have a seat at a table where I can complain loudly on the system and what I say actually might have a (small) impact.

We have yet to deny someone else's crazy CVE attempts against curl.

2
3
0
gregkh
repeated
bagder@mastodon.social

daniel:// stenberg://

has been a CNA for a year now https://daniel.haxx.se/blog/2024/01/16/curl-is-a-cna/

2
2
0
gregkh

Greg K-H

Reply to @monsieuricon
@monsieuricon I wish someone would tell me the steps for CVE repair for the kernel so we don't have to keep making them up as we go along :)
0
0
3
gregkh

Greg K-H

Reply to @alwayscurious@infosec.exchange
@alwayscurious @sima @sourcejedi Again, reuse of major/minor numbers was a design requirement at the time. And, you know the path / label / metadata / whatever for the block device before you mount it, so go off of that information if you don't trust the device major/minor number information.
1
0
0
gregkh

Greg K-H

Reply to @alwayscurious@infosec.exchange
@alwayscurious @sima PCI devices, at the bus/slot/function level do not have device nodes, so I don't understand the issue here.

They might have a specific PCI driver bound to them, at the function level, and if so, the parent of the device node for that class device (i.e. input, tty, drm, etc.) will then point to that PCI function. But PCI slots don't always match up to PCI bus and device numbers either, as that's a physical thing and many PCI systems don't expose or even know that information (i.e. the BIOS doesn't know.)

Also, PCI bus numbers can change at boot, so you can't know what is happening.

Driver probing can be deferred at any time by userspace for USB devices, and I think that was recently added for PCI devices too, look for the "trusted" device information in the documentation somewhere.

Good luck!
1
0
0
gregkh

Greg K-H

Reply to @aho@ioc.exchange
@aho Thanks for the info, I'll look into it when I get a chance! I've fixed my original problem for now, so odds are I'll live with it until something breaks again.
0
0
1
gregkh

Greg K-H

Reply to @alwayscurious@infosec.exchange
@alwayscurious @sima @sourcejedi That ship sailed decades ago as we had to support device node reuse a long time ago, it was a requirement! But obviously not your requirement :)

You have full control over device node creation in userspace, that's what udev gives you if you want (or any udev-like program). set up a whole different /dev/ with just your naming/numbering scheme. The kernel gives you the interface and the information to do this, why not take advantage of it if you need it?
1
0
0
gregkh

Greg K-H

Reply to @alwayscurious@infosec.exchange
@alwayscurious @sima Then do that,the kernel provides you this information through sysfs, that is what it was explicitly designed for.

But yes, the race condition of "parse the topology, determine the device node, and go to open it" when the device is removed and a different one added right between those last two steps is real. Luckily in real-hardware situations, almost extremely rare if not physically impossible due to hardware debounce times, and one that we explicitly did not care about when we created sysfs and udev (i.e. physical access trumps anything).
1
0
0
gregkh

Greg K-H

New year, new hardware failure, must be time for a new motherboard, any recommendations of what the "best" AMD workstation motherboard is these days?
6
2
10
gregkh

Greg K-H

Reply to @lanodan@queer.hacktivis.me
@lanodan @sima @sourcejedi Ordering is never guaranteed stable.
0
0
1
gregkh

Greg K-H

Reply to @sourcejedi@mastodon.social
@sourcejedi @sima Yeah, no blog posts, just loads of lkml emails over the years, sorry.

That machine that randomly reassigned PCI ids at boot time is no longer with me, but it was great for testing. I'm sure you can do the same with virtual machines these days, passing in different virtual pci devices to them.

Persistent naming is for userspace to handle, the kernel just uses "grab the next free number" as it's naming "policy" as that's all it can really do.
2
0
3
gregkh
repeated
LWN@fosstodon.org

LWN.net

A new set of stable kernels

https://lwn.net/Articles/1002917/

0
1
1
gregkh

Greg K-H

Reply to @vegard@mastodon.social
@vegard Does our current documentation not make this clear?

If not, patches welcome :)
0
0
1
gregkh
repeated
mike@chinwag.org

Mike [SEC=OFFICIAL]

"Free Copilot in your GitHub account" is the 2020s version of "Free U2 album on your iPod".

5
25
2
gregkh

Greg K-H

Reply to @vegard@mastodon.social
@vegard Yes, that would miss the normal "review all the stable commits" process. If you think there is a mainline-only commit that needs to have a CVE, please let us know at the cve@k.o address and we can assign it then.

But better yet, backport the fix to stable and it all happens automatically for you :)
1
0
1
gregkh

Greg K-H

Reply to @matttbe@fosstodon.org
@matttbe @kernellogger Maybe, maybe not. Please see my old post here: http://www.kroah.com/log/blog/2021/02/03/helping-out-with-lts-kernel-releases/ for what drives all of this (hint, people actually asking that they need it AND providing the help to make it possible.)
0
2
5
gregkh
repeated
natashenka@infosec.exchange

Natalie Silvanovich

Can you find an ITW 0-day from crash logs? Project Zero finds out

https://googleprojectzero.blogspot.com/2024/12/qualcomm-dsp-driver-unexpectedly-excavating-exploit.html

1
7
0
gregkh
repeated
kernellogger@fosstodon.org

Thorsten Leemhuis (acct. 1/4)

The 's stable team extended the support timeframe for 6.11 from four to five years:

https://www.kernel.org/releases.html

To quote @gregkh from https://git.kernel.org/pub/scm/docs/kernel/website.git/commit/?id=e6083565a79c3d711c1a76d9312b8c00e06b826b:

'" Bump 6.1.y support up to 5 years.

Giving people a chance to phase in the shorter lifespans, if at all possible. Hopefully this should help a bit.'"

2
6
1
gregkh
repeated
whitequark@mastodon.social

✧✦✶✷Catherine✷✶✦✧

are you a programmer? do you like heavy metal? would you like to be *really upset* by a music video?

do i have something for you.

https://www.youtube.com/watch?v=yup8gIXxWDU

16
35
1
gregkh

Greg K-H

Reply to @xexaxo@fosstodon.org
@xexaxo We do have those devs, they are just very overworked :(
0
0
0
Show older
About social.kernel.org

Terms of service

  1. Please do not use this service in violation of the Linux Kernel Code of Conduct. Doing so will result in your account suspension with the referral of the matter to the CoC committee.

  2. "Repeating"/"boosting" someone else's status on this platform will be treated as endorsement and will fall under rule #1.

  3. You are encouraged to use this platform to promote your work on the Linux Kernel, but there is no restriction on permitted topics (with the exception of anything covered by #1 above).

  4. There is no requirement to post in English, but it should be considered the primary language of communication on this platform.

Privacy notice

The admins of this service have access to all posted statuses. They aren't looking, but if it's something they shouldn't know about, then you should not post it on this platform.

Please see the Linux Foundation Privacy Policy, which applies to this platform as well.

Getting your own account

If you would like an account on this instance, please check that the following applies to you:

  • You are listed in MAINTAINERS or CREDITS

  • OR: You have a kernel.org account or email address

  • OR: You have a long and established history of involvement with the Linux Kernel

If the above is true and you agree with the Terms of Service and Privacy Notice listed above, please use these instructions to request an account: