[RFC/RFT PATCH 5/6] random: Plug race in preceding patch
Ard Biesheuvel
ardb+git at google.com
Thu Nov 27 01:22:32 PST 2025
From: Ard Biesheuvel <ardb at kernel.org>
The lockless get_random_uXX() reads the next value from the linear
buffer and then overwrites it with a 0x0 value. This is racy, as the
code might be re-entered by an interrupt handler, and so the store might
redundantly wipe the location accessed by the interrupt context rather
than the interrupted context.
To plug this race, wipe the preceding location when reading the next
value from the linear buffer. Given that the position is always non-zero
outside of the critical section, this is guaranteed to be safe, and
ensures that the produced values are always wiped from the buffer.
Signed-off-by: Ard Biesheuvel <ardb at kernel.org>
---
drivers/char/random.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 71bd74871540..e8ba460c5c9c 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -547,6 +547,7 @@ type get_random_ ##type(void) \
next = (u64)next_gen << 32; \
if (likely(batch->position < ARRAY_SIZE(batch->entropy))) { \
next |= batch->position + 1; /* next-1 is bogus otherwise */ \
+ batch->entropy[batch->position - 1] = 0; \
ret = batch->entropy[batch->position]; \
} \
if (cmpxchg64_local(&batch->posgen, next, next - 1) != next - 1) { \
--
2.52.0.107.ga0afd4fd5b-goog
More information about the linux-arm-kernel
mailing list