diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2014-06-17 14:23:14 -1000 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2014-06-17 14:23:14 -1000 |
commit | 5ee22beeb25a5fa7fc6daf3597a8d9265f8c9ce1 (patch) | |
tree | 209058ef31be54ecdd8a023ed3fb531c3a939d33 | |
parent | 5cfb277d660b8b285fc831701e91f01ec933c7b4 (diff) | |
parent | e33ba5fa7afce1a9f159704121d4e4d110df8185 (diff) |
Merge tag 'random_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random
Pull randomness bugfix from Ted Ts'o:
"random: fix entropy accounting bug introduced in v3.15"
* tag 'random_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random:
random: fix nasty entropy accounting bug
-rw-r--r-- | drivers/char/random.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/drivers/char/random.c b/drivers/char/random.c index 4ad71ef2cd59..0a7ac0a7b252 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -980,7 +980,6 @@ static void push_to_pool(struct work_struct *work) static size_t account(struct entropy_store *r, size_t nbytes, int min, int reserved) { - int have_bytes; int entropy_count, orig; size_t ibytes; @@ -989,17 +988,19 @@ static size_t account(struct entropy_store *r, size_t nbytes, int min, /* Can we pull enough? */ retry: entropy_count = orig = ACCESS_ONCE(r->entropy_count); - have_bytes = entropy_count >> (ENTROPY_SHIFT + 3); ibytes = nbytes; /* If limited, never pull more than available */ - if (r->limit) - ibytes = min_t(size_t, ibytes, have_bytes - reserved); + if (r->limit) { + int have_bytes = entropy_count >> (ENTROPY_SHIFT + 3); + + if ((have_bytes -= reserved) < 0) + have_bytes = 0; + ibytes = min_t(size_t, ibytes, have_bytes); + } if (ibytes < min) ibytes = 0; - if (have_bytes >= ibytes + reserved) - entropy_count -= ibytes << (ENTROPY_SHIFT + 3); - else - entropy_count = reserved << (ENTROPY_SHIFT + 3); + if ((entropy_count -= ibytes << (ENTROPY_SHIFT + 3)) < 0) + entropy_count = 0; if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig) goto retry; |