From c708c57e247775928b9a6bce7b4d8d14883bf39b Mon Sep 17 00:00:00 2001
From: Jan Glauber <jang@linux.vnet.ibm.com>
Date: Wed, 20 Apr 2011 10:15:31 +0200
Subject: [PATCH] [S390] prng: prevent access beyond end of stack

While initializing the state of the prng only the first 8 bytes of
random data where used, the second 8 bytes were read from the memory
after the stack. If only 64 bytes of the kernel stack are used and
CONFIG_DEBUG_PAGEALLOC is enabled a kernel panic may occur because of
the invalid page access. Use the correct multiplicator to stay within
the random data buffer.

Signed-off-by: Jan Glauber <jang@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
---
 arch/s390/crypto/prng.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/s390/crypto/prng.c b/arch/s390/crypto/prng.c
index 975e3ab13cb54..44bca3f994b08 100644
--- a/arch/s390/crypto/prng.c
+++ b/arch/s390/crypto/prng.c
@@ -76,7 +76,7 @@ static void prng_seed(int nbytes)
 
 	/* Add the entropy */
 	while (nbytes >= 8) {
-		*((__u64 *)parm_block) ^= *((__u64 *)buf+i*8);
+		*((__u64 *)parm_block) ^= *((__u64 *)buf+i);
 		prng_add_entropy();
 		i += 8;
 		nbytes -= 8;
-- 
GitLab