Re: [PATCH RFC] random: fix syzkaller fuzzer test int overflow

[Greg KH]

On Sun, Oct 29, 2017 at 02:25:29PM -0400, Theodore Ts'o wrote:
> On Sat, Oct 28, 2017 at 11:22:00AM +0800, Chen Feng wrote:
> > 
> > I checked the ioctl. What's the purpose of RNDADDTOENTCNT ioctl to
> > userspace?
> 
> It's a legacy ioctl which is probably not used anywhere; it's been
> replaced by RNDADDENTROPY.  It previously allows root to bump the
> entropy estimate, but the right way to do this by rngd is to
> atomically add entropy to the pool land and bump the entropy estimate
> at the same time.
> 
> The UBSAN is harmless.  The ioctl requires root, and the entropy_total
> field, which is involved in the UBSAN, is only used in the first few
> seconds of boot, to determine when the entropy pool has been
> initialized.  In general on desktop and servers this happens before
> userspace has a chance to run.
> 
> In any case, here's a fix for this.
> 
> 					- Ted
> 
> commit 6f7034d0c52e21f30002b95126b6b98e4618dc57
> Author: Theodore Ts'o <tytso@xxxxxxx>
> Date:   Sun Oct 29 14:17:26 2017 -0400
> 
>     random: use a tighter cap in credit_entropy_bits_safe()
>     
>     This fixes a harmless UBSAN where root could potentially end up
>     causing an overflow while bumping the entropy_total field (which is
>     ignored once the entropy pool has been initialized, and this generally
>     is completed during the boot sequence).
>     
>     This is marginal for the stable kernel series, but it's a really
>     trivial patch, and it UBSAN warning that might cause security folks to
>     get overly excited for no reason.
>     
>     Signed-off-by: Theodore Ts'o <tytso@xxxxxxx>
>     Cc: stable@xxxxxxxxxxxxxxx

No "Reported-by:"?

thanks,

greg k-h