From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751805AbdJ3Hjr (ORCPT ); Mon, 30 Oct 2017 03:39:47 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:36320 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751269AbdJ3Hjq (ORCPT ); Mon, 30 Oct 2017 03:39:46 -0400 Date: Mon, 30 Oct 2017 08:39:56 +0100 From: Greg KH To: "Theodore Ts'o" , Chen Feng , zhaoyukun@huawei.com, arnd@arndb.de, linux-kernel@vger.kernel.org, suzhuangluan@hisilicon.com, dan.zhao@hisilicon.com Subject: Re: [PATCH RFC] random: fix syzkaller fuzzer test int overflow Message-ID: <20171030073956.GA17153@kroah.com> References: <20171024090927.GA20625@kroah.com> <20171024102528.7oywdwjriesoh3mk@thunk.org> <59F02FA0.7090605@hisilicon.com> <20171025065646.GA13386@kroah.com> <59F03887.7020700@hisilicon.com> <20171025084926.mpdec34mog3xcocz@thunk.org> <59F19BEB.7090100@hisilicon.com> <20171026150445.s3rxcy4btlisdu5q@thunk.org> <59F3F7D8.1080807@hisilicon.com> <20171029182529.rxmbawagx63e2dw4@thunk.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20171029182529.rxmbawagx63e2dw4@thunk.org> User-Agent: Mutt/1.9.1 (2017-09-22) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Oct 29, 2017 at 02:25:29PM -0400, Theodore Ts'o wrote: > On Sat, Oct 28, 2017 at 11:22:00AM +0800, Chen Feng wrote: > > > > I checked the ioctl. What's the purpose of RNDADDTOENTCNT ioctl to > > userspace? > > It's a legacy ioctl which is probably not used anywhere; it's been > replaced by RNDADDENTROPY. It previously allows root to bump the > entropy estimate, but the right way to do this by rngd is to > atomically add entropy to the pool land and bump the entropy estimate > at the same time. > > The UBSAN is harmless. The ioctl requires root, and the entropy_total > field, which is involved in the UBSAN, is only used in the first few > seconds of boot, to determine when the entropy pool has been > initialized. In general on desktop and servers this happens before > userspace has a chance to run. > > In any case, here's a fix for this. > > - Ted > > commit 6f7034d0c52e21f30002b95126b6b98e4618dc57 > Author: Theodore Ts'o > Date: Sun Oct 29 14:17:26 2017 -0400 > > random: use a tighter cap in credit_entropy_bits_safe() > > This fixes a harmless UBSAN where root could potentially end up > causing an overflow while bumping the entropy_total field (which is > ignored once the entropy pool has been initialized, and this generally > is completed during the boot sequence). > > This is marginal for the stable kernel series, but it's a really > trivial patch, and it UBSAN warning that might cause security folks to > get overly excited for no reason. > > Signed-off-by: Theodore Ts'o > Cc: stable@vger.kernel.org No "Reported-by:"? thanks, greg k-h