From 90b5d4fe0b3ba7f589c6723c6bfb559d9e83956a Mon Sep 17 00:00:00 2001

From: Michael Ellerman <mpe@ellerman.id.au>

Date: Thu, 28 Jul 2022 00:32:17 +1000

Subject: [PATCH] powerpc/powernv: Avoid crashing if rng is NULL

References: bsc#1065729

Patch-mainline: v6.0-rc1

Git-commit: 90b5d4fe0b3ba7f589c6723c6bfb559d9e83956a

On a bare-metal Power8 system that doesn't have an "ibm,power-rng", a

malicious QEMU and guest that ignore the absence of the

KVM_CAP_PPC_HWRNG flag, and calls H_RANDOM anyway, will dereference a

NULL pointer.

In practice all Power8 machines have an "ibm,power-rng", but let's not

rely on that, add a NULL check and early return in

powernv_get_random_real_mode().

Fixes: e928e9cb3601 ("KVM: PPC: Book3S HV: Add fast real-mode H_RANDOM implementation.")

Cc: stable@vger.kernel.org # v4.1+

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>

Link: https://lore.kernel.org/r/20220727143219.2684192-1-mpe@ellerman.id.au

Acked-by: Michal Suchanek <msuchanek@suse.de>

---

 arch/powerpc/platforms/powernv/rng.c | 2 ++

 1 file changed, 2 insertions(+)

diff --git a/arch/powerpc/platforms/powernv/rng.c b/arch/powerpc/platforms/powernv/rng.c

index 3805ad13b8f3..2287c9cd0cd5 100644

--- a/arch/powerpc/platforms/powernv/rng.c

+++ b/arch/powerpc/platforms/powernv/rng.c

@@ -63,6 +63,8 @@ int powernv_get_random_real_mode(unsigned long *v)

 	struct powernv_rng *rng;

 	rng = raw_cpu_read(powernv_rng);

+	if (!rng)

+		return 0;

 	*v = rng_whiten(rng, __raw_rm_readq(rng->regs_real));

-- 

2.35.3