| From 9f886f4d1d292442b2f22a0a33321eae821bde40 Mon Sep 17 00:00:00 2001 |
| From: Theodore Ts'o <tytso@mit.edu> |
| Date: Sat, 25 Feb 2017 18:21:33 -0400 |
| Subject: random: use a tighter cap in credit_entropy_bits_safe() |
| |
| From: Theodore Ts'o <tytso@mit.edu> |
| |
| commit 9f886f4d1d292442b2f22a0a33321eae821bde40 upstream. |
| |
| This fixes a harmless UBSAN where root could potentially end up |
| causing an overflow while bumping the entropy_total field (which is |
| ignored once the entropy pool has been initialized, and this generally |
| is completed during the boot sequence). |
| |
| This is marginal for the stable kernel series, but it's a really |
| trivial patch, and it fixes UBSAN warning that might cause security |
| folks to get overly excited for no reason. |
| |
| Signed-off-by: Theodore Ts'o <tytso@mit.edu> |
| Reported-by: Chen Feng <puck.chen@hisilicon.com> |
| Cc: stable@vger.kernel.org |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| drivers/char/random.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| --- a/drivers/char/random.c |
| +++ b/drivers/char/random.c |
| @@ -741,7 +741,7 @@ retry: |
| |
| static int credit_entropy_bits_safe(struct entropy_store *r, int nbits) |
| { |
| - const int nbits_max = (int)(~0U >> (ENTROPY_SHIFT + 1)); |
| + const int nbits_max = r->poolinfo->poolwords * 32; |
| |
| if (nbits < 0) |
| return -EINVAL; |