On Mon, Jul 14, 2025 at 06:01:28PM +0000, Anthony Pighin (Nokia) wrote: >u-boot internals were being corrupted following an EFI callback to >get_rng(). One of the many footprints was a corruption of the EFI >protocols linked list. > >A request for >16 bytes of random data is broken into smaller requests. >Those requests are fed in a loop to the CAAM RNG, which uses a job >queue ring for interaction. > >However, the job queue descriptor is created only at probe time. That >descriptor may end up needing an endian swap (LS1046A) before being fed >to the CAAM RNG. This corrupts the descriptor for the next iteration, >since it will be blindly endian swapped yet again. > >Two issues arise. The number of words to endian swap is taken from the >input descriptor itself. So on the second iteration, the length has been >corrupted. This results in a corruption past the end of the descriptor: >whatever is after in memory is endian swapped too. Second, some of the >entries in the descriptor are DMA addresses. If the descriptor is still >somehow considered valid after swapping, the data at the corrupted DMA >address is now trampled. > >Linux properly initializes the descriptor for each iteration. This is >what is now done with this commit. > >Signed-off-by: Anthony Pighin <anthony.pig...@nokia.com>
This patch has some format issue that could not be applied by tools. Please fix your send-mail next time. I applied this patch manually. Regards Peng
