Re: [PATCH] Add Ingenic JZ4780 hardware RNG driver

[Daniel Thompson]

On 18/08/16 12:53, LABBE Corentin wrote:
> On Thu, Aug 18, 2016 at 10:44:18AM +0530, PrasannaKumar Muralidharan wrote:
> > > > +static int jz4780_rng_read(struct hwrng *rng, void *buf, size_t max, bool wait)
> > > > +{
> > > > +     struct jz4780_rng *jz4780_rng = container_of(rng, struct jz4780_rng,
> > > > +                                                     rng);
> > > > +     u32 *data = buf;
> > > > +     *data = jz4780_rng_readl(jz4780_rng, REG_RNG_DATA);
> > > > +     return 4;
> > > > +}
> > >
> > > If max is less than 4, its bad
> >
> > Data will be 4 bytes.
>
> No, according to comment in include/linux/hw_random.h "drivers can fill up to max bytes of data"
> So you cannot write more than max bytes without risking buffer overflow.
>
> And if max > 4, hwrng client need to recall your read function.
> The better example I found is tpm_get_random() in drivers/char/tpm/tpm-interface.c for handling both problem.

Right now the core code will never actually ask a RNG driver for <4 
bytes so perhaps it would be better to update the comment in 
include/linux/hw_random.h !

For devices with 32-bit RNG registers the extra code to handle a special 
case that doesn't actually exist is a waste.

There are 14 drivers in drivers/char/hw_random that support the ->read() 
interface but only three of these actually support max == 1 (existing 
accepted behavior varies between return 0, return 2, return 4 and return 
-EIO).


Daniel.