* [PATCH] crypto: atmel-sha204a - Fix OTP address check and uninitialized data access
@ 2026-02-24 22:55 Thorsten Blum
2026-02-26 21:22 ` Lothar Rubusch
0 siblings, 1 reply; 2+ messages in thread
From: Thorsten Blum @ 2026-02-24 22:55 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, Nicolas Ferre, Alexandre Belloni,
Claudiu Beznea, Lothar Rubusch
Cc: Thorsten Blum, stable, linux-crypto, linux-arm-kernel,
linux-kernel
Return -EINVAL from atmel_i2c_init_read_otp_cmd() on invalid addresses
instead of -1. Since the OTP zone is accessed in 4-byte blocks, valid
addresses range from 0 to OTP_ZONE_SIZE / 4 - 1. Fix the bounds check
accordingly.
In atmel_sha204a_otp_read(), propagate the actual error code from
atmel_i2c_init_read_otp_cmd() instead of -1, and return early if
atmel_i2c_send_receive() fails to avoid checking potentially
uninitialized data in 'cmd.data'.
Also, return -EIO instead of -EINVAL when the device is not ready.
Fixes: e05ce444e9e5 ("crypto: atmel-sha204a - add reading from otp zone")
Cc: stable@vger.kernel.org
Reviewed-by: Lothar Rubusch <l.rubusch@gmail.com>
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
---
Compile-tested only.
This patch combines [1] and [2], as suggested by Lothar in [2].
Lothar's Reviewed-by: for [1] has been preserved.
In [2], Lothar questioned whether returning -EIO is appropriate; the
exact error code can be adjusted if needed. The errno is currently not
propagated to userspace, but [3] changes this.
[1] https://lore.kernel.org/lkml/20260215205152.518472-3-thorsten.blum@linux.dev/
[2] https://lore.kernel.org/lkml/20260220133135.1122081-2-thorsten.blum@linux.dev/
[3] https://lore.kernel.org/lkml/20260216074552.656814-1-thorsten.blum@linux.dev/
---
drivers/crypto/atmel-i2c.c | 4 ++--
drivers/crypto/atmel-sha204a.c | 11 ++++++++---
2 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/drivers/crypto/atmel-i2c.c b/drivers/crypto/atmel-i2c.c
index da3cd986b1eb..59d11fa5caeb 100644
--- a/drivers/crypto/atmel-i2c.c
+++ b/drivers/crypto/atmel-i2c.c
@@ -72,8 +72,8 @@ EXPORT_SYMBOL(atmel_i2c_init_read_config_cmd);
int atmel_i2c_init_read_otp_cmd(struct atmel_i2c_cmd *cmd, u16 addr)
{
- if (addr < 0 || addr > OTP_ZONE_SIZE)
- return -1;
+ if (addr >= OTP_ZONE_SIZE / 4)
+ return -EINVAL;
cmd->word_addr = COMMAND;
cmd->opcode = OPCODE_READ;
diff --git a/drivers/crypto/atmel-sha204a.c b/drivers/crypto/atmel-sha204a.c
index 8adc7fe71c04..b0480d3bec70 100644
--- a/drivers/crypto/atmel-sha204a.c
+++ b/drivers/crypto/atmel-sha204a.c
@@ -94,19 +94,24 @@ static int atmel_sha204a_rng_read(struct hwrng *rng, void *data, size_t max,
static int atmel_sha204a_otp_read(struct i2c_client *client, u16 addr, u8 *otp)
{
struct atmel_i2c_cmd cmd;
- int ret = -1;
+ int ret;
- if (atmel_i2c_init_read_otp_cmd(&cmd, addr) < 0) {
+ ret = atmel_i2c_init_read_otp_cmd(&cmd, addr);
+ if (ret < 0) {
dev_err(&client->dev, "failed, invalid otp address %04X\n",
addr);
return ret;
}
ret = atmel_i2c_send_receive(client, &cmd);
+ if (ret < 0) {
+ dev_err(&client->dev, "failed to read otp at %04X\n", addr);
+ return ret;
+ }
if (cmd.data[0] == 0xff) {
dev_err(&client->dev, "failed, device not ready\n");
- return -EINVAL;
+ return -EIO;
}
memcpy(otp, cmd.data+1, 4);
--
Thorsten Blum <thorsten.blum@linux.dev>
GPG: 1D60 735E 8AEF 3BE4 73B6 9D84 7336 78FD 8DFE EAD4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] crypto: atmel-sha204a - Fix OTP address check and uninitialized data access
2026-02-24 22:55 [PATCH] crypto: atmel-sha204a - Fix OTP address check and uninitialized data access Thorsten Blum
@ 2026-02-26 21:22 ` Lothar Rubusch
0 siblings, 0 replies; 2+ messages in thread
From: Lothar Rubusch @ 2026-02-26 21:22 UTC (permalink / raw)
To: Thorsten Blum
Cc: Herbert Xu, David S. Miller, Nicolas Ferre, Alexandre Belloni,
Claudiu Beznea, stable, linux-crypto, linux-arm-kernel,
linux-kernel
Hi Thorsten, thx for squashing. I hope this goes ok with the maintainers.
On Tue, Feb 24, 2026 at 11:57 PM Thorsten Blum <thorsten.blum@linux.dev> wrote:
>
> Return -EINVAL from atmel_i2c_init_read_otp_cmd() on invalid addresses
> instead of -1. Since the OTP zone is accessed in 4-byte blocks, valid
> addresses range from 0 to OTP_ZONE_SIZE / 4 - 1. Fix the bounds check
> accordingly.
>
> In atmel_sha204a_otp_read(), propagate the actual error code from
> atmel_i2c_init_read_otp_cmd() instead of -1, and return early if
> atmel_i2c_send_receive() fails to avoid checking potentially
> uninitialized data in 'cmd.data'.
>
> Also, return -EIO instead of -EINVAL when the device is not ready.
>
> Fixes: e05ce444e9e5 ("crypto: atmel-sha204a - add reading from otp zone")
> Cc: stable@vger.kernel.org
> Reviewed-by: Lothar Rubusch <l.rubusch@gmail.com>
> Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
> ---
> Compile-tested only.
>
> This patch combines [1] and [2], as suggested by Lothar in [2].
>
> Lothar's Reviewed-by: for [1] has been preserved.
>
> In [2], Lothar questioned whether returning -EIO is appropriate; the
> exact error code can be adjusted if needed. The errno is currently not
> propagated to userspace, but [3] changes this.
>
This was just more curiosity, nothing to mention.
> [1] https://lore.kernel.org/lkml/20260215205152.518472-3-thorsten.blum@linux.dev/
> [2] https://lore.kernel.org/lkml/20260220133135.1122081-2-thorsten.blum@linux.dev/
> [3] https://lore.kernel.org/lkml/20260216074552.656814-1-thorsten.blum@linux.dev/
> ---
> drivers/crypto/atmel-i2c.c | 4 ++--
> drivers/crypto/atmel-sha204a.c | 11 ++++++++---
> 2 files changed, 10 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/crypto/atmel-i2c.c b/drivers/crypto/atmel-i2c.c
> index da3cd986b1eb..59d11fa5caeb 100644
> --- a/drivers/crypto/atmel-i2c.c
> +++ b/drivers/crypto/atmel-i2c.c
> @@ -72,8 +72,8 @@ EXPORT_SYMBOL(atmel_i2c_init_read_config_cmd);
>
> int atmel_i2c_init_read_otp_cmd(struct atmel_i2c_cmd *cmd, u16 addr)
> {
> - if (addr < 0 || addr > OTP_ZONE_SIZE)
> - return -1;
> + if (addr >= OTP_ZONE_SIZE / 4)
> + return -EINVAL;
>
> cmd->word_addr = COMMAND;
> cmd->opcode = OPCODE_READ;
> diff --git a/drivers/crypto/atmel-sha204a.c b/drivers/crypto/atmel-sha204a.c
> index 8adc7fe71c04..b0480d3bec70 100644
> --- a/drivers/crypto/atmel-sha204a.c
> +++ b/drivers/crypto/atmel-sha204a.c
> @@ -94,19 +94,24 @@ static int atmel_sha204a_rng_read(struct hwrng *rng, void *data, size_t max,
> static int atmel_sha204a_otp_read(struct i2c_client *client, u16 addr, u8 *otp)
> {
> struct atmel_i2c_cmd cmd;
> - int ret = -1;
> + int ret;
>
> - if (atmel_i2c_init_read_otp_cmd(&cmd, addr) < 0) {
> + ret = atmel_i2c_init_read_otp_cmd(&cmd, addr);
> + if (ret < 0) {
> dev_err(&client->dev, "failed, invalid otp address %04X\n",
> addr);
> return ret;
> }
>
> ret = atmel_i2c_send_receive(client, &cmd);
> + if (ret < 0) {
> + dev_err(&client->dev, "failed to read otp at %04X\n", addr);
> + return ret;
> + }
>
> if (cmd.data[0] == 0xff) {
> dev_err(&client->dev, "failed, device not ready\n");
> - return -EINVAL;
> + return -EIO;
> }
>
> memcpy(otp, cmd.data+1, 4);
> --
> Thorsten Blum <thorsten.blum@linux.dev>
> GPG: 1D60 735E 8AEF 3BE4 73B6 9D84 7336 78FD 8DFE EAD4
>
I compiled this patch, loaded and unloaded it, sysfs entry also still
working. LGTM.
Reviewed-by: Lothar Rubusch <l.rubusch@gmail.com>
Best,
L
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-02-26 21:22 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-24 22:55 [PATCH] crypto: atmel-sha204a - Fix OTP address check and uninitialized data access Thorsten Blum
2026-02-26 21:22 ` Lothar Rubusch
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox