korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-15 00:04:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

random: fix BUG_ON caused by accounting simplification

Browse Source 
Commit ee1de406ba ("random: simplify accounting logic") simplified
things too much, in that it allows the following to trigger an
overflow that results in a BUG_ON crash:

dd if=/dev/urandom of=/dev/zero bs=67108707 count=1

Thanks to Peter Zihlstra for discovering the crash, and Hannes
Frederic for analyizing the root cause.

Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Reported-by: Peter Zijlstra <peterz@infradead.org>
Reported-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Cc: Greg Price <price@mit.edu>
This commit is contained in:
Theodore Ts'o 2014-05-16 21:40:41 -04:00
parent d6d211db37
commit f9c6d4987b
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
drivers/char/random.c
View File

@ -995,8 +995,11 @@ retry:
ibytes = min_t(size_t, ibytes, have_bytes - reserved);
if (ibytes < min)
ibytes = 0;
entropy_count = max_t(int, 0,
entropy_count - (ibytes << (ENTROPY_SHIFT + 3)));
if (have_bytes >= ibytes + reserved)
entropy_count -= ibytes << (ENTROPY_SHIFT + 3);
else
entropy_count = reserved << (ENTROPY_SHIFT + 3);
if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig)
goto retry;