1. Patchew
  2. linux
  3. View series

[PATCH] hwrng: geode: fix accessing registers

Jonas Gorski posted 1 patch 2 years, 5 months ago 
drivers/char/hw_random/geode-rng.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
[PATCH] hwrng: geode: fix accessing registers
Posted by Jonas Gorski 2 years, 5 months ago 
When the membase and pci_dev pointer were moved to a new struct in priv,
the actual membase users were left untouched, and they started reading
out arbitrary memory behind the struct instead of registers. This
unfortunately turned the RNG into a constant number generator, depending
on the content of what was at that offset.

To fix this, update geode_rng_data_{read,present}() to also get the
membase via amd_geode_priv, and properly read from the right addresses
again.

Fixes: 9f6ec8dc574e ("hwrng: geode - Fix PCI device refcount leak")
Reported-by: Timur I. Davletshin <timur.davletshin@gmail.com>
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=217882
Tested-by: Timur I. Davletshin <timur.davletshin@gmail.com>
Suggested-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
---
 drivers/char/hw_random/geode-rng.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/char/hw_random/geode-rng.c b/drivers/char/hw_random/geode-rng.c
index 12fbe8091831..159baf00a867 100644
--- a/drivers/char/hw_random/geode-rng.c
+++ b/drivers/char/hw_random/geode-rng.c
@@ -58,7 +58,8 @@ struct amd_geode_priv {
 
 static int geode_rng_data_read(struct hwrng *rng, u32 *data)
 {
-	void __iomem *mem = (void __iomem *)rng->priv;
+	struct amd_geode_priv *priv = (struct amd_geode_priv *)rng->priv;
+	void __iomem *mem = priv->membase;
 
 	*data = readl(mem + GEODE_RNG_DATA_REG);
 
@@ -67,7 +68,8 @@ static int geode_rng_data_read(struct hwrng *rng, u32 *data)
 
 static int geode_rng_data_present(struct hwrng *rng, int wait)
 {
-	void __iomem *mem = (void __iomem *)rng->priv;
+	struct amd_geode_priv *priv = (struct amd_geode_priv *)rng->priv;
+	void __iomem *mem = priv->membase;
 	int data, i;
 
 	for (i = 0; i < 20; i++) {
-- 
2.34.1
Re: [PATCH] hwrng: geode: fix accessing registers
Posted by Herbert Xu 2 years, 4 months ago 
On Sun, Sep 10, 2023 at 10:34:17AM +0200, Jonas Gorski wrote:
> When the membase and pci_dev pointer were moved to a new struct in priv,
> the actual membase users were left untouched, and they started reading
> out arbitrary memory behind the struct instead of registers. This
> unfortunately turned the RNG into a constant number generator, depending
> on the content of what was at that offset.
> 
> To fix this, update geode_rng_data_{read,present}() to also get the
> membase via amd_geode_priv, and properly read from the right addresses
> again.
> 
> Fixes: 9f6ec8dc574e ("hwrng: geode - Fix PCI device refcount leak")
> Reported-by: Timur I. Davletshin <timur.davletshin@gmail.com>
> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=217882
> Tested-by: Timur I. Davletshin <timur.davletshin@gmail.com>
> Suggested-by: Jo-Philipp Wich <jo@mein.io>
> Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
> ---
>  drivers/char/hw_random/geode-rng.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)

Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Re: [PATCH] hwrng: geode: fix accessing registers
Posted by Jonas Gorski 2 years, 4 months ago 
Hi Herbert,

On Fri, 15 Sept 2023 at 12:46, Herbert Xu <herbert@gondor.apana.org.au> wrote:
>
> On Sun, Sep 10, 2023 at 10:34:17AM +0200, Jonas Gorski wrote:
> > When the membase and pci_dev pointer were moved to a new struct in priv,
> > the actual membase users were left untouched, and they started reading
> > out arbitrary memory behind the struct instead of registers. This
> > unfortunately turned the RNG into a constant number generator, depending
> > on the content of what was at that offset.
> >
> > To fix this, update geode_rng_data_{read,present}() to also get the
> > membase via amd_geode_priv, and properly read from the right addresses
> > again.
> >
> > Fixes: 9f6ec8dc574e ("hwrng: geode - Fix PCI device refcount leak")
> > Reported-by: Timur I. Davletshin <timur.davletshin@gmail.com>
> > Closes: https://bugzilla.kernel.org/show_bug.cgi?id=217882
> > Tested-by: Timur I. Davletshin <timur.davletshin@gmail.com>
> > Suggested-by: Jo-Philipp Wich <jo@mein.io>
> > Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
> > ---
> >  drivers/char/hw_random/geode-rng.c | 6 ++++--
> >  1 file changed, 4 insertions(+), 2 deletions(-)
>
> Patch applied.  Thanks.

Where was it applied? I don't see it neither in linus' tree nor in
char-misc. Wondering if it got stuck somewhere.

Best Regards,
Jonas
Re: [PATCH] hwrng: geode: fix accessing registers
Posted by Herbert Xu 2 years, 4 months ago 
On Fri, Oct 06, 2023 at 01:34:04PM +0200, Jonas Gorski wrote:
>
> Where was it applied? I don't see it neither in linus' tree nor in
> char-misc. Wondering if it got stuck somewhere.

https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git/commit/?id=464bd8ec2f06707f3773676a1bd2c64832a3c805

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.