]>
Commit | Line | Data |
---|---|---|
89e7a3a9 GKH |
1 | From 9f886f4d1d292442b2f22a0a33321eae821bde40 Mon Sep 17 00:00:00 2001 |
2 | From: Theodore Ts'o <tytso@mit.edu> | |
3 | Date: Sat, 25 Feb 2017 18:21:33 -0400 | |
4 | Subject: random: use a tighter cap in credit_entropy_bits_safe() | |
5 | ||
6 | From: Theodore Ts'o <tytso@mit.edu> | |
7 | ||
8 | commit 9f886f4d1d292442b2f22a0a33321eae821bde40 upstream. | |
9 | ||
10 | This fixes a harmless UBSAN where root could potentially end up | |
11 | causing an overflow while bumping the entropy_total field (which is | |
12 | ignored once the entropy pool has been initialized, and this generally | |
13 | is completed during the boot sequence). | |
14 | ||
15 | This is marginal for the stable kernel series, but it's a really | |
16 | trivial patch, and it fixes UBSAN warning that might cause security | |
17 | folks to get overly excited for no reason. | |
18 | ||
19 | Signed-off-by: Theodore Ts'o <tytso@mit.edu> | |
20 | Reported-by: Chen Feng <puck.chen@hisilicon.com> | |
21 | Cc: stable@vger.kernel.org | |
22 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
23 | ||
24 | --- | |
25 | drivers/char/random.c | 2 +- | |
26 | 1 file changed, 1 insertion(+), 1 deletion(-) | |
27 | ||
28 | --- a/drivers/char/random.c | |
29 | +++ b/drivers/char/random.c | |
30 | @@ -724,7 +724,7 @@ retry: | |
31 | ||
32 | static int credit_entropy_bits_safe(struct entropy_store *r, int nbits) | |
33 | { | |
34 | - const int nbits_max = (int)(~0U >> (ENTROPY_SHIFT + 1)); | |
35 | + const int nbits_max = r->poolinfo->poolwords * 32; | |
36 | ||
37 | if (nbits < 0) | |
38 | return -EINVAL; |