diff options
| author | Jonas Gorski <jonas.gorski@gmail.com> | 2023-09-09 12:44:42 +0200 |
|---|---|---|
| committer | Jonas Gorski <jonas.gorski@gmail.com> | 2023-09-14 11:36:57 +0200 |
| commit | ac52e2013a03126ef181e596e6e63271cdbb3d35 (patch) | |
| tree | fcce4d67162e3099ebe6610e2f08cddaf3d909a7 | |
| parent | 383ae905a2991759f1cee402e52e58fbcefafbd7 (diff) | |
| download | openwrt-ac52e2013a03126ef181e596e6e63271cdbb3d35.tar.gz openwrt-ac52e2013a03126ef181e596e6e63271cdbb3d35.tar.bz2 openwrt-ac52e2013a03126ef181e596e6e63271cdbb3d35.zip | |
x86: geode: fix hwrng register accesses
When the membase and pci_dev pointer were moved to a new struct in priv,
the actual membase users were left untouched, and they started reading
out arbitrary memory behind the struct instead of registers. This
unfortunately turned the RNG into a constant number generator, depending
on the content of what was at that offset.
To fix this, update geode_rng_data_{read,present}() to also get the
membase via amd_geode_priv, and properly read from the right addresses
again.
Closes #13417.
Reported-by: Timur I. Davletshin <timur.davletshin@gmail.com>
Tested-by: Timur I. Davletshin <timur.davletshin@gmail.com>
Suggested-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
(cherry picked from commit 09d13cd8d87cc50fde67bbe81c6cca4b799b2724)
| -rw-r--r-- | target/linux/x86/patches-5.4/120-hwrng-geode-fix-accessing-registers.patch | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/target/linux/x86/patches-5.4/120-hwrng-geode-fix-accessing-registers.patch b/target/linux/x86/patches-5.4/120-hwrng-geode-fix-accessing-registers.patch new file mode 100644 index 0000000000..4c8015013b --- /dev/null +++ b/target/linux/x86/patches-5.4/120-hwrng-geode-fix-accessing-registers.patch @@ -0,0 +1,47 @@ +From 859bd2e0c0052967536f3f902716f204d5a978b1 Mon Sep 17 00:00:00 2001 +From: Jonas Gorski <jonas.gorski@gmail.com> +Date: Fri, 8 Sep 2023 22:48:33 +0200 +Subject: [PATCH] hwrng: geode: fix accessing registers + +When the membase and pci_dev pointer were moved to a new struct in priv, +the actual membase users were left untouched, and they started reading +out arbitrary memory behind the struct instead of registers. This +unfortunately turned the RNG into a constant number generator, depending +on the content of what was at that offset. + +To fix this, update geode_rng_data_{read,present}() to also get the +membase via amd_geode_priv, and properly read from the right addresses +again. + +Fixes: 9f6ec8dc574e ("hwrng: geode - Fix PCI device refcount leak") +Reported-by: Timur I. Davletshin <timur.davletshin@gmail.com> +Closes: https://bugzilla.kernel.org/show_bug.cgi?id=217882 +Tested-by: Timur I. Davletshin <timur.davletshin@gmail.com> +Suggested-by: Jo-Philipp Wich <jo@mein.io> +Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com> +--- + drivers/char/hw_random/geode-rng.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/drivers/char/hw_random/geode-rng.c ++++ b/drivers/char/hw_random/geode-rng.c +@@ -58,7 +58,8 @@ struct amd_geode_priv { + + static int geode_rng_data_read(struct hwrng *rng, u32 *data) + { +- void __iomem *mem = (void __iomem *)rng->priv; ++ struct amd_geode_priv *priv = (struct amd_geode_priv *)rng->priv; ++ void __iomem *mem = priv->membase; + + *data = readl(mem + GEODE_RNG_DATA_REG); + +@@ -67,7 +68,8 @@ static int geode_rng_data_read(struct hw + + static int geode_rng_data_present(struct hwrng *rng, int wait) + { +- void __iomem *mem = (void __iomem *)rng->priv; ++ struct amd_geode_priv *priv = (struct amd_geode_priv *)rng->priv; ++ void __iomem *mem = priv->membase; + int data, i; + + for (i = 0; i < 20; i++) { |