Re: [PATCH] crypto: atmel-sha204a - Fix uninitialized data access on OTP read error
From: Lothar Rubusch <hidden>
Date: 2026-02-22 17:30:28
Also in:
linux-crypto, lkml, stable
From: Lothar Rubusch <hidden>
Date: 2026-02-22 17:30:28
Also in:
linux-crypto, lkml, stable
Hi Thorsten! So this one was tested on your hardware? Wouldn't it make more sense to squash this with the patch before: 'Fix error codes in OTP reads' (which IMHO actually fixes mainly the bounds check)? This on it's own I'd consider rather a refac than "Fixes". On Fri, Feb 20, 2026 at 2:32 PM Thorsten Blum [off-list ref] wrote:
Return early if atmel_i2c_send_receive() fails to avoid checking potentially uninitialized data in 'cmd.data'. Cc: stable@vger.kernel.org Fixes: e05ce444e9e5 ("crypto: atmel-sha204a - add reading from otp zone") Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> --- drivers/crypto/atmel-sha204a.c | 4 ++++ 1 file changed, 4 insertions(+)diff --git a/drivers/crypto/atmel-sha204a.c b/drivers/crypto/atmel-sha204a.c index 0fcf4a39de27..f4a04b297257 100644 --- a/drivers/crypto/atmel-sha204a.c +++ b/drivers/crypto/atmel-sha204a.c@@ -103,6 +103,10 @@ static int atmel_sha204a_otp_read(struct i2c_client *client, u16 addr, u8 *otp) } ret = atmel_i2c_send_receive(client, &cmd); + if (ret < 0) { + dev_err(&client->dev, "failed to read otp at %04X\n", addr); + return ret; + } if (cmd.data[0] == 0xff) { dev_err(&client->dev, "failed, device not ready\n"); --Thorsten Blum [off-list ref] GPG: 1D60 735E 8AEF 3BE4 73B6 9D84 7336 78FD 8DFE EAD4