| Message ID | 20230910083418.8990-1-jonas.gorski@gmail.com |
|---|---|
| State | Accepted |
| Commit | 464bd8ec2f06707f3773676a1bd2c64832a3c805 |
| Headers | show |
| Series | hwrng: geode: fix accessing registers | expand |
On Sun, Sep 10, 2023 at 10:34:17AM +0200, Jonas Gorski wrote: > When the membase and pci_dev pointer were moved to a new struct in priv, > the actual membase users were left untouched, and they started reading > out arbitrary memory behind the struct instead of registers. This > unfortunately turned the RNG into a constant number generator, depending > on the content of what was at that offset. > > To fix this, update geode_rng_data_{read,present}() to also get the > membase via amd_geode_priv, and properly read from the right addresses > again. > > Fixes: 9f6ec8dc574e ("hwrng: geode - Fix PCI device refcount leak") > Reported-by: Timur I. Davletshin <timur.davletshin@gmail.com> > Closes: https://bugzilla.kernel.org/show_bug.cgi?id=217882 > Tested-by: Timur I. Davletshin <timur.davletshin@gmail.com> > Suggested-by: Jo-Philipp Wich <jo@mein.io> > Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com> > --- > drivers/char/hw_random/geode-rng.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) Patch applied. Thanks.
Hi Herbert, On Fri, 15 Sept 2023 at 12:46, Herbert Xu <herbert@gondor.apana.org.au> wrote: > > On Sun, Sep 10, 2023 at 10:34:17AM +0200, Jonas Gorski wrote: > > When the membase and pci_dev pointer were moved to a new struct in priv, > > the actual membase users were left untouched, and they started reading > > out arbitrary memory behind the struct instead of registers. This > > unfortunately turned the RNG into a constant number generator, depending > > on the content of what was at that offset. > > > > To fix this, update geode_rng_data_{read,present}() to also get the > > membase via amd_geode_priv, and properly read from the right addresses > > again. > > > > Fixes: 9f6ec8dc574e ("hwrng: geode - Fix PCI device refcount leak") > > Reported-by: Timur I. Davletshin <timur.davletshin@gmail.com> > > Closes: https://bugzilla.kernel.org/show_bug.cgi?id=217882 > > Tested-by: Timur I. Davletshin <timur.davletshin@gmail.com> > > Suggested-by: Jo-Philipp Wich <jo@mein.io> > > Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com> > > --- > > drivers/char/hw_random/geode-rng.c | 6 ++++-- > > 1 file changed, 4 insertions(+), 2 deletions(-) > > Patch applied. Thanks. Where was it applied? I don't see it neither in linus' tree nor in char-misc. Wondering if it got stuck somewhere. Best Regards, Jonas
On Fri, Oct 06, 2023 at 01:34:04PM +0200, Jonas Gorski wrote: > > Where was it applied? I don't see it neither in linus' tree nor in > char-misc. Wondering if it got stuck somewhere. https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git/commit/?id=464bd8ec2f06707f3773676a1bd2c64832a3c805 Cheers,
diff --git a/drivers/char/hw_random/geode-rng.c b/drivers/char/hw_random/geode-rng.c index 12fbe8091831..159baf00a867 100644 --- a/drivers/char/hw_random/geode-rng.c +++ b/drivers/char/hw_random/geode-rng.c @@ -58,7 +58,8 @@ struct amd_geode_priv { static int geode_rng_data_read(struct hwrng *rng, u32 *data) { - void __iomem *mem = (void __iomem *)rng->priv; + struct amd_geode_priv *priv = (struct amd_geode_priv *)rng->priv; + void __iomem *mem = priv->membase; *data = readl(mem + GEODE_RNG_DATA_REG); @@ -67,7 +68,8 @@ static int geode_rng_data_read(struct hwrng *rng, u32 *data) static int geode_rng_data_present(struct hwrng *rng, int wait) { - void __iomem *mem = (void __iomem *)rng->priv; + struct amd_geode_priv *priv = (struct amd_geode_priv *)rng->priv; + void __iomem *mem = priv->membase; int data, i; for (i = 0; i < 20; i++) {
When the membase and pci_dev pointer were moved to a new struct in priv, the actual membase users were left untouched, and they started reading out arbitrary memory behind the struct instead of registers. This unfortunately turned the RNG into a constant number generator, depending on the content of what was at that offset. To fix this, update geode_rng_data_{read,present}() to also get the membase via amd_geode_priv, and properly read from the right addresses again. Fixes: 9f6ec8dc574e ("hwrng: geode - Fix PCI device refcount leak") Reported-by: Timur I. Davletshin <timur.davletshin@gmail.com> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=217882 Tested-by: Timur I. Davletshin <timur.davletshin@gmail.com> Suggested-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com> --- drivers/char/hw_random/geode-rng.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)