[RFC/RFT PATCH 5/6] random: Plug race in preceding patch
Ard Biesheuvel
ardb at kernel.org
Fri Nov 28 03:18:38 PST 2025
On Fri, 28 Nov 2025 at 12:13, david laight <david.laight at runbox.com> wrote:
>
> On Thu, 27 Nov 2025 10:22:32 +0100
> Ard Biesheuvel <ardb+git at google.com> wrote:
>
> > From: Ard Biesheuvel <ardb at kernel.org>
> >
> > The lockless get_random_uXX() reads the next value from the linear
> > buffer and then overwrites it with a 0x0 value. This is racy, as the
> > code might be re-entered by an interrupt handler, and so the store might
> > redundantly wipe the location accessed by the interrupt context rather
> > than the interrupted context.
>
> Is overwriting the used value even useful?
That is an interesting question but it is orthogonal to this series.
More information about the linux-arm-kernel
mailing list