random: use a tighter cap in credit_entropy_bits_safe()

This fixes a harmless UBSAN where root could potentially end up
causing an overflow while bumping the entropy_total field (which is
ignored once the entropy pool has been initialized, and this generally
is completed during the boot sequence).

This is marginal for the stable kernel series, but it's a really
trivial patch, and it fixes UBSAN warning that might cause security
folks to get overly excited for no reason.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reported-by: Chen Feng <puck.chen@hisilicon.com>
Cc: stable@vger.kernel.org

diff --git a/drivers/char/random.c b/drivers/char/random.c
index e5b3d3ba46604f7c0bb5612f3da867ea16884d20..11c23ca57430295d399a76b74cbcdbb9643d5b3c 100644 (file)
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -732,7 +732,7 @@ retry:
 
 static int credit_entropy_bits_safe(struct entropy_store *r, int nbits)
 {
-       const int nbits_max = (int)(~0U >> (ENTROPY_SHIFT + 1));
+       const int nbits_max = r->poolinfo->poolwords * 32;
 
        if (nbits < 0)
                return -EINVAL;