2022-05-03 14:47:30

by Ondrej Mosnacek

[permalink] [raw]
Subject: [PATCH] crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ

The commit referenced in the Fixes tag removed the 'break' from the else
branch in qcom_rng_read(), causing an infinite loop whenever 'max' is
not a multiple of WORD_SZ. This can be reproduced e.g. by running:

kcapi-rng -b 67 >/dev/null

There are many ways to fix this without adding back the 'break', but
they all seem more awkward than simply adding it back, so do just that.

Tested on a machine with Qualcomm Amberwing processor.

Fixes: a680b1832ced ("crypto: qcom-rng - ensure buffer for generate is completely filled")
Cc: [email protected]
Signed-off-by: Ondrej Mosnacek <[email protected]>
---
drivers/crypto/qcom-rng.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/drivers/crypto/qcom-rng.c b/drivers/crypto/qcom-rng.c
index 11f30fd48c141..031b5f701a0a3 100644
--- a/drivers/crypto/qcom-rng.c
+++ b/drivers/crypto/qcom-rng.c
@@ -65,6 +65,7 @@ static int qcom_rng_read(struct qcom_rng *rng, u8 *data, unsigned int max)
} else {
/* copy only remaining bytes */
memcpy(data, &val, max - currsize);
+ break;
}
} while (currsize < max);

--
2.35.1


2022-05-04 00:26:19

by Brian Masney

[permalink] [raw]
Subject: Re: [PATCH] crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ

On Tue, May 03, 2022 at 01:50:10PM +0200, Ondrej Mosnacek wrote:
> The commit referenced in the Fixes tag removed the 'break' from the else
> branch in qcom_rng_read(), causing an infinite loop whenever 'max' is
> not a multiple of WORD_SZ. This can be reproduced e.g. by running:
>
> kcapi-rng -b 67 >/dev/null
>
> There are many ways to fix this without adding back the 'break', but
> they all seem more awkward than simply adding it back, so do just that.
>
> Tested on a machine with Qualcomm Amberwing processor.
>
> Fixes: a680b1832ced ("crypto: qcom-rng - ensure buffer for generate is completely filled")
> Cc: [email protected]
> Signed-off-by: Ondrej Mosnacek <[email protected]>

Reviewed-by: Brian Masney <b[email protected]>

We should add '# 5.17+' to the end of the stable line.