summaryrefslogtreecommitdiffstats
path: root/drivers/char
diff options
context:
space:
mode:
authorTheodore Ts'o <tytso@mit.edu>2017-02-25 18:21:33 -0400
committerTheodore Ts'o <tytso@mit.edu>2018-02-28 17:58:11 -0500
commit9f886f4d1d292442b2f22a0a33321eae821bde40 (patch)
tree2ab385f9ce61d26fe0da7d64dbce2edd3990fe1c /drivers/char
parent4a3928c6f8a53fa1aed28ccba227742486e8ddcb (diff)
downloadlinux-9f886f4d1d292442b2f22a0a33321eae821bde40.tar.gz
linux-9f886f4d1d292442b2f22a0a33321eae821bde40.tar.bz2
linux-9f886f4d1d292442b2f22a0a33321eae821bde40.zip
random: use a tighter cap in credit_entropy_bits_safe()
This fixes a harmless UBSAN where root could potentially end up causing an overflow while bumping the entropy_total field (which is ignored once the entropy pool has been initialized, and this generally is completed during the boot sequence). This is marginal for the stable kernel series, but it's a really trivial patch, and it fixes UBSAN warning that might cause security folks to get overly excited for no reason. Signed-off-by: Theodore Ts'o <tytso@mit.edu> Reported-by: Chen Feng <puck.chen@hisilicon.com> Cc: stable@vger.kernel.org
Diffstat (limited to 'drivers/char')
-rw-r--r--drivers/char/random.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/char/random.c b/drivers/char/random.c
index e5b3d3ba4660..11c23ca57430 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -732,7 +732,7 @@ retry:
static int credit_entropy_bits_safe(struct entropy_store *r, int nbits)
{
- const int nbits_max = (int)(~0U >> (ENTROPY_SHIFT + 1));
+ const int nbits_max = r->poolinfo->poolwords * 32;
if (nbits < 0)
return -EINVAL;