[thirdparty/kernel/stable-queue.git] / releases / 4.4.129 / random-use-a-tighter-cap-in-credit_entropy_bits_safe.patch

From 9f886f4d1d292442b2f22a0a33321eae821bde40 Mon Sep 17 00:00:00 2001
From: Theodore Ts'o <tytso@mit.edu>
Date: Sat, 25 Feb 2017 18:21:33 -0400
Subject: random: use a tighter cap in credit_entropy_bits_safe()

From: Theodore Ts'o <tytso@mit.edu>

commit 9f886f4d1d292442b2f22a0a33321eae821bde40 upstream.

This fixes a harmless UBSAN where root could potentially end up
causing an overflow while bumping the entropy_total field (which is
ignored once the entropy pool has been initialized, and this generally
is completed during the boot sequence).

This is marginal for the stable kernel series, but it's a really
trivial patch, and it fixes UBSAN warning that might cause security
folks to get overly excited for no reason.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reported-by: Chen Feng <puck.chen@hisilicon.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/char/random.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -724,7 +724,7 @@ retry:
 
 static int credit_entropy_bits_safe(struct entropy_store *r, int nbits)
 {
-	const int nbits_max = (int)(~0U >> (ENTROPY_SHIFT + 1));
+	const int nbits_max = r->poolinfo->poolwords * 32;
 
 	if (nbits < 0)
 		return -EINVAL;
Commit	Line	Data
89e7a3a9 GKH	1	From 9f886f4d1d292442b2f22a0a33321eae821bde40 Mon Sep 17 00:00:00 2001
	2	From: Theodore Ts'o <tytso@mit.edu>
	3	Date: Sat, 25 Feb 2017 18:21:33 -0400
	4	Subject: random: use a tighter cap in credit_entropy_bits_safe()
	5
	6	From: Theodore Ts'o <tytso@mit.edu>
	7
	8	commit 9f886f4d1d292442b2f22a0a33321eae821bde40 upstream.
	9
	10	This fixes a harmless UBSAN where root could potentially end up
	11	causing an overflow while bumping the entropy_total field (which is
	12	ignored once the entropy pool has been initialized, and this generally
	13	is completed during the boot sequence).
	14
	15	This is marginal for the stable kernel series, but it's a really
	16	trivial patch, and it fixes UBSAN warning that might cause security
	17	folks to get overly excited for no reason.
	18
	19	Signed-off-by: Theodore Ts'o <tytso@mit.edu>
	20	Reported-by: Chen Feng <puck.chen@hisilicon.com>
	21	Cc: stable@vger.kernel.org
	22	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	23
	24	---
	25	drivers/char/random.c \| 2 +-
	26	1 file changed, 1 insertion(+), 1 deletion(-)
	27
	28	--- a/drivers/char/random.c
	29	+++ b/drivers/char/random.c
	30	@@ -724,7 +724,7 @@ retry:
	31
	32	static int credit_entropy_bits_safe(struct entropy_store *r, int nbits)
	33	{
	34	- const int nbits_max = (int)(~0U >> (ENTROPY_SHIFT + 1));
	35	+ const int nbits_max = r->poolinfo->poolwords * 32;
	36
	37	if (nbits < 0)
	38	return -EINVAL;