On 1/27/2020 6:57 PM, Andrey Smirnov wrote:
> @@ -60,12 +65,12 @@ static struct caam_rng_ctx *to_caam_rng_ctx(struct hwrng *r)
> static void caam_rng_done(struct device *jrdev, u32 *desc, u32 err,
> void *context)
> {
> - struct completion *done = context;
> + struct caam_rng_job_ctx *jctx = context;
>
> if (err)
> - caam_jr_strstatus(jrdev, err);
> + *jctx->err = caam_jr_strstatus(jrdev, err);
>
> - complete(done);
> + complete(jctx->done);
> }
>
> static u32 *caam_init_desc(u32 *desc, dma_addr_t dst_dma, int len)
> @@ -89,6 +94,10 @@ static int caam_rng_read_one(struct device *jrdev,
> {
> dma_addr_t dst_dma;
> int err;
> + struct caam_rng_job_ctx jctx = {
> + .done = done,
> + .err = &err,
> + };
>
> len = min_t(int, len, CAAM_RNG_MAX_FIFO_STORE_SIZE);
>
> @@ -101,7 +110,7 @@ static int caam_rng_read_one(struct device *jrdev,
> init_completion(done);
> err = caam_jr_enqueue(jrdev,
> caam_init_desc(desc, dst_dma, len),
> - caam_rng_done, done);
> + caam_rng_done, &jctx);
AFAICT there's a race condition b/w caam_jr_enqueue() and caam_rng_done(),
both writing to "err":
caam_jr_enqueue()
-> JR interrupt -> caam_jr_interrupt() -> tasklet_schedule()...
-> spin_unlock_bh()
-> caam_jr_dequeue() -> caam_rng_done() -> write err
-> return 0 -> write err
Horia
