Re: [PATCH RFC] random: fix syzkaller fuzzer test int overflow

From: Greg KH
Date: Mon Oct 30 2017 - 03:39:50 EST


On Sun, Oct 29, 2017 at 02:25:29PM -0400, Theodore Ts'o wrote:
> On Sat, Oct 28, 2017 at 11:22:00AM +0800, Chen Feng wrote:
> >
> > I checked the ioctl. What's the purpose of RNDADDTOENTCNT ioctl to
> > userspace?
>
> It's a legacy ioctl which is probably not used anywhere; it's been
> replaced by RNDADDENTROPY. It previously allows root to bump the
> entropy estimate, but the right way to do this by rngd is to
> atomically add entropy to the pool land and bump the entropy estimate
> at the same time.
>
> The UBSAN is harmless. The ioctl requires root, and the entropy_total
> field, which is involved in the UBSAN, is only used in the first few
> seconds of boot, to determine when the entropy pool has been
> initialized. In general on desktop and servers this happens before
> userspace has a chance to run.
>
> In any case, here's a fix for this.
>
> - Ted
>
> commit 6f7034d0c52e21f30002b95126b6b98e4618dc57
> Author: Theodore Ts'o <tytso@xxxxxxx>
> Date: Sun Oct 29 14:17:26 2017 -0400
>
> random: use a tighter cap in credit_entropy_bits_safe()
>
> This fixes a harmless UBSAN where root could potentially end up
> causing an overflow while bumping the entropy_total field (which is
> ignored once the entropy pool has been initialized, and this generally
> is completed during the boot sequence).
>
> This is marginal for the stable kernel series, but it's a really
> trivial patch, and it UBSAN warning that might cause security folks to
> get overly excited for no reason.
>
> Signed-off-by: Theodore Ts'o <tytso@xxxxxxx>
> Cc: stable@xxxxxxxxxxxxxxx

No "Reported-by:"?

thanks,

greg k-h