The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=93811883500b99f9f1fb4ffd6e764226d37dcfd0
commit 93811883500b99f9f1fb4ffd6e764226d37dcfd0 Author: Mark Johnston <[email protected]> AuthorDate: 2025-12-18 14:17:20 +0000 Commit: Mark Johnston <[email protected]> CommitDate: 2025-12-18 19:46:42 +0000 armv8rng: Fix an inverted test in random_rndr_read_one() If we get a random number, the NZCV is set to 0b0000. Then "cset %w1, ne" will test whether Z == 0 and set %w1 to 1 if so. More specifically, "cset %w1, ne" maps to "csinc %w1, wzr, wzr, eq", which stores 0 in %w1 when NZCV == 0b0100 and 1 otherwise. Thus, on a successful read we expect ret != 0, so the loop condition needs to be fixed. In practice this means that we would end up trying to fetch entropy up to ten times in a row. If all attempts are successful, the last will be returned, otherwise no entropy will be returned. Reported by: Kevin Day <[email protected]> Reviewed by: andrew Fixes: 9eecef052155 ("Add an Armv8 rndr random number provider") MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D54259 --- sys/dev/random/armv8rng.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/dev/random/armv8rng.c b/sys/dev/random/armv8rng.c index 524d80317681..9573c09aa77a 100644 --- a/sys/dev/random/armv8rng.c +++ b/sys/dev/random/armv8rng.c @@ -64,7 +64,7 @@ random_rndr_read_one(u_long *buf) /* 1 on success, 0 on failure */ "cset %w1, ne\n" : "=&r" (val), "=&r"(ret) :: "cc"); - } while (ret != 0 && --loop > 0); + } while (ret == 0 && --loop > 0); if (ret != 0) *buf = val;
