Received: by 10.192.165.148 with SMTP id m20csp2456239imm;
        Sun, 22 Apr 2018 07:25:22 -0700 (PDT)
X-Google-Smtp-Source: AIpwx4+GGNTkNa0WHgpClshECR+buIbnq9nv3ohaAl7Lx2yw/VDvCIbr0oH8FspCFaPIrdDIzmw+
X-Received: by 10.99.117.93 with SMTP id f29mr13914194pgn.401.1524407122394;
        Sun, 22 Apr 2018 07:25:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1524407122; cv=none;
        d=google.com; s=arc-20160816;
        b=Icf4Q8OTpk3/Y8uQibP28QAftUbeUqYkz+tHsElsHT8V0j7NMz6d+iSEQLsSLbCYOx
         FMQU3SiPnYokeTYX4N8U5qIWWuNPC5m6K3DF+gm4Sb7vEuZRA+05f07K/32VSgD0vGw/
         kO82/uOADQXHW4B8OJQbrGEVT8D2X9JwCtEXjZ5JQ5i4ZyKJ7w7wN9HZfeQGMQ9JUo9R
         AmYggRVc8MIo53dW2lEG70LdCOlO38/rFSywmDx8Js5mG+v7/9RQ5lKthJaBUckWaS1D
         w9Takbv8Inh9DYaHecDpEICiy0w1h2jYTeIOBfF+NXoCDbpBKbZOJ2ZyykClG0kXa22n
         qk+Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:message-id:date:subject:cc:to:from
         :arc-authentication-results;
        bh=2q/zCY2CJzW1xz8uIF2XocB/t51PC4FhL+XAD0IYxaU=;
        b=h5WWBV9y7KXFvLVhzhQlUh0ujedzCFtFE02iA8VTunc1RxzBhExf+bkLPnsVV04Xyi
         KwZKQmTGV+7BYHcEyVGNGhuJm77jF6FgfYXNUX0Hv2R9pEbtiGPJYaApU+FRAHmZfx89
         R6fOkSrULp4efWtf8I/P3Ppk+yDim5485+CbuHNQcLAOF//QEeeYDRJDSBsWi+hdzFl6
         67qnqdjffZBXAroBlahRk9c8Vb2riZcJSQx+xz5F89yLRGu464D7b6Wl/xcK/XXlOEMU
         1A4FgQq/pZIbRT25TJF6yh/20rTeDBoeFN5wQBPVP+87od/PwsPxemA3d+UAp9z2/H85
         GRUQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id t74si8161899pgc.178.2018.04.22.07.24.47;
        Sun, 22 Apr 2018 07:25:22 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1757731AbeDVOWX (ORCPT <rfc822;lunatang2017@gmail.com>
        + 99 others); Sun, 22 Apr 2018 10:22:23 -0400
Received: from mail.linuxfoundation.org ([140.211.169.12]:33262 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1757300AbeDVOWH (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 22 Apr 2018 10:22:07 -0400
Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202])
        by mail.linuxfoundation.org (Postfix) with ESMTPSA id ADA58D1C;
        Sun, 22 Apr 2018 14:22:06 +0000 (UTC)
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Theodore Tso <tytso@mit.edu>,
        Chen Feng <puck.chen@hisilicon.com>
Subject: [PATCH 3.18 24/52] random: use a tighter cap in credit_entropy_bits_safe()
Date:   Sun, 22 Apr 2018 15:53:57 +0200
Message-Id: <20180422135316.507807049@linuxfoundation.org>
X-Mailer: git-send-email 2.17.0
In-Reply-To: <20180422135315.254787616@linuxfoundation.org>
References: <20180422135315.254787616@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Theodore Ts'o <tytso@mit.edu>

commit 9f886f4d1d292442b2f22a0a33321eae821bde40 upstream.

This fixes a harmless UBSAN where root could potentially end up
causing an overflow while bumping the entropy_total field (which is
ignored once the entropy pool has been initialized, and this generally
is completed during the boot sequence).

This is marginal for the stable kernel series, but it's a really
trivial patch, and it fixes UBSAN warning that might cause security
folks to get overly excited for no reason.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reported-by: Chen Feng <puck.chen@hisilicon.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/char/random.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -704,7 +704,7 @@ retry:
 
 static void credit_entropy_bits_safe(struct entropy_store *r, int nbits)
 {
-	const int nbits_max = (int)(~0U >> (ENTROPY_SHIFT + 1));
+	const int nbits_max = r->poolinfo->poolwords * 32;
 
 	/* Cap the value to avoid overflows */
 	nbits = min(nbits,  nbits_max);