crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ
stable inclusion from stable-v4.19.245 commit 71a89789552b7faf3ef27969b9bc783fa0df3550 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I963JJ CVE: CVE-2022-48630 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=71a89789552b7faf3ef27969b9bc783fa0df3550 -------------------------------- commit 16287397 upstream. The commit referenced in the Fixes tag removed the 'break' from the else branch in qcom_rng_read(), causing an infinite loop whenever 'max' is not a multiple of WORD_SZ. This can be reproduced e.g. by running: kcapi-rng -b 67 >/dev/null There are many ways to fix this without adding back the 'break', but they all seem more awkward than simply adding it back, so do just that. Tested on a machine with Qualcomm Amberwing processor. Fixes: a680b183 ("crypto: qcom-rng - ensure buffer for generate is completely filled") Cc: stable@vger.kernel.org Signed-off-by:Ondrej Mosnacek <omosnace@redhat.com> Reviewed-by:
Loading
Please sign in to comment