[PATCH 1/8] cmd: rng: fix error handling for dm_rng_read()

Simon Glass sjg at chromium.org
Thu Jun 25 16:38:36 CEST 2026 

Hi Jamie,

On 2026-06-25T12:23:17, Jamie Gibbons <jamie.gibbons at microchip.com> wrote:
> cmd: rng: fix error handling for dm_rng_read()
>
> The rng command treated any non-zero return value from dm_rng_read() as
> an error, even though the API returns the number of bytes read on
> success.
>
> Update the error handling to only report a failure when dm_rng_read()
> returns a negative error code, or when a short read occurs.
>
> This fixes false "Reading RNG failed" messages when RNG drivers
> successfully return data.
>
> Signed-off-by: Jamie Gibbons <jamie.gibbons at microchip.com>
>
> cmd/rng.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

> diff --git a/cmd/rng.c b/cmd/rng.c
> @@ -62,7 +62,7 @@ static int do_rng(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
>       n = min(n, sizeof(buf));
>
>       err = dm_rng_read(dev, buf, n);
> -     if (err) {
> +     if (err < 0 || err != n) {
>               puts(err == -EINTR ? 'Abort\n' : "Reading RNG failed\n");
>               ret = CMD_RET_FAILURE;
>       } else {

Not quite. The contract in include/rng.h is:

    Return:     0 if OK, -ve on error

and every existing driver (arm_rndr, sandbox_rng, stm32_rng, etc.)
returns 0 on success, not the byte count. With this change those
drivers will hit err != n and the command will print 'Reading RNG
failed' for every successful read.

The real problem is that the new mpfs_rng driver in patch 4 returns
len on success instead of 0. Fix it there - make mpfs_rng_read()
return 0 on success like the rest of the uclass.

If you want to change the uclass contract to "returns bytes read"
(matching Linux hwrng semantics), that is a much bigger change: update
dm_rng_read()'s kerneldoc, convert every in-tree driver, and update
all callers (cmd/rng.c, boot/fdt_support.c, lib/uuid.c, efi_loader,
etc.). It should not be slipped in via a one-line cmd/rng.c tweak.

Also, n is size_t and err is int, so err != n is a signed/unsigned comparison.

Regards,
Simon

More information about the U-Boot mailing list