Skip to content
This repository has been archived by the owner on Jan 22, 2020. It is now read-only.

Commit

Permalink
random: use a tighter cap in credit_entropy_bits_safe()
Browse files Browse the repository at this point in the history 
commit 9f886f4d1d292442b2f22a0a33321eae821bde40 upstream.

This fixes a harmless UBSAN where root could potentially end up
causing an overflow while bumping the entropy_total field (which is
ignored once the entropy pool has been initialized, and this generally
is completed during the boot sequence).

This is marginal for the stable kernel series, but it's a really
trivial patch, and it fixes UBSAN warning that might cause security
folks to get overly excited for no reason.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reported-by: Chen Feng <puck.chen@hisilicon.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  • Loading branch information
@tytso @yudiwdynto
tytso authored and yudiwdynto committed Apr 24, 2018
1 parent 8bfd51b commit 65d11a2
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion drivers/char/random.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -740,7 +740,7 @@ static void credit_entropy_bits(struct entropy_store *r, int nbits)

static int credit_entropy_bits_safe(struct entropy_store *r, int nbits)
{
const int nbits_max = (int)(~0U >> (ENTROPY_SHIFT + 1));
const int nbits_max = r->poolinfo->poolwords * 32;

if (nbits < 0)
return -EINVAL;
Expand Down

0 comments on commit 65d11a2

Please sign in to comment.