| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 12 Oct 2022 18:09:23 +0200
From: Tomas Marek <tomas.marek@...est.cz>
To: mpm@...enic.com, herbert@...dor.apana.org.au
Cc: mcoquelin.stm32@...il.com, linux-arm-kernel@...ts.infradead.org,
linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-stm32@...md-mailman.stormreply.com,
alexandre.torgue@...s.st.com, oleg.karfich@...o.com,
Tomas Marek <tomas.marek@...est.cz>
Subject: [PATCH 1/2] hwrng: stm32 - fix number of returned bytes on read
The stm32_rng_read() function uses `retval` variable as a counter of
generated random bytes. However, the same variable is used to store
a result of the polling function in case the driver is waiting until
the TRNG is ready. The TRNG generates random numbers by 16B. One
loop read 4B. So, the function calls the polling every 16B, i.e.
every 4th loop. The `retval` counter is reset on poll call and only
number of bytes read after the last poll call is returned to the
caller. The remaining sampled random bytes (for example 48 out of
64 in case 64 bytes are read) are not used.
Use different variable to store the polling function result and
do not overwrite `retval` counter.
Cc: Oleg Karfich <oleg.karfich@...o.com>
Signed-off-by: Tomas Marek <tomas.marek@...est.cz>
---
drivers/char/hw_random/stm32-rng.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/char/hw_random/stm32-rng.c b/drivers/char/hw_random/stm32-rng.c
index bc22178f83e8..8eaacefd498b 100644
--- a/drivers/char/hw_random/stm32-rng.c
+++ b/drivers/char/hw_random/stm32-rng.c
@@ -49,11 +49,13 @@ static int stm32_rng_read(struct hwrng *rng, void *data, size_t max, bool wait)
/* Manage timeout which is based on timer and take */
/* care of initial delay time when enabling rng */
if (!sr && wait) {
- retval = readl_relaxed_poll_timeout_atomic(priv->base
+ int ret;
+
+ ret = readl_relaxed_poll_timeout_atomic(priv->base
+ RNG_SR,
sr, sr,
10, 50000);
- if (retval)
+ if (ret)
dev_err((struct device *)priv->rng.priv,
"%s: timeout %x!\n", __func__, sr);
}
--
2.17.1
Powered by blists - more mailing lists