From: Gabriel Nesteruk <gneste...@sii.pl>
Reinitialize the descriptor for each RNG job, as it
may be modified by run_descriptor_jr().
Failing to do so can result in memory corruption when
dm_rng_read() is called a second time on NXP devices
with CONFIG_SYS_FSL_SEC_BE enabled.
Signed-off-by: Gabriel Nesteruk <gneste...@sii.pl>
Signed-off-by: Pawel Kochanowski <pkochanow...@sii.pl>
---
drivers/crypto/fsl/rng.c | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/drivers/crypto/fsl/rng.c b/drivers/crypto/fsl/rng.c
index 06364948052..440b26e3c94 100644
--- a/drivers/crypto/fsl/rng.c
+++ b/drivers/crypto/fsl/rng.c
@@ -27,8 +27,14 @@ struct caam_rng_priv {
static int caam_rng_read_one(struct caam_rng_priv *priv)
{
int size = ALIGN(CAAM_RNG_MAX_FIFO_STORE_SIZE, ARCH_DMA_MINALIGN);
+ ulong rng_desc_size = ALIGN(CAAM_RNG_DESC_LEN, ARCH_DMA_MINALIGN);
int ret;
+ inline_cnstr_jobdesc_rng(priv->desc, priv->data,
+ CAAM_RNG_MAX_FIFO_STORE_SIZE);
+ flush_dcache_range((unsigned long)priv->desc,
+ (unsigned long)priv->desc + rng_desc_size);
+
ret = run_descriptor_jr(priv->desc);
if (ret < 0)
return -EIO;
@@ -63,14 +69,6 @@ static int caam_rng_read(struct udevice *dev, void *data,
size_t len)
static int caam_rng_probe(struct udevice *dev)
{
- struct caam_rng_priv *priv = dev_get_priv(dev);
- ulong size = ALIGN(CAAM_RNG_DESC_LEN, ARCH_DMA_MINALIGN);
-
- inline_cnstr_jobdesc_rng(priv->desc, priv->data,
- CAAM_RNG_MAX_FIFO_STORE_SIZE);
- flush_dcache_range((unsigned long)priv->desc,
- (unsigned long)priv->desc + size);
-
return 0;
}
--
2.43.0
