Google Git
Sign in
kernel/pub/scm/linux/kernel/git/ardb/linux.git/refs/heads/lockless-random-v2^!/.
commit
dbb71d73b311be70b14e89a9b5f804efeae1637f
[log] [tgz]
author
Ard Biesheuvel <ardb@kernel.org>
Wed Nov 26 17:26:28 2025 +0100
committer
Ard Biesheuvel <ardb@kernel.org>
Tue Dec 16 13:39:30 2025 +0100
tree
1f31b44d97bc0218998a548641410cf569da2fe6
parent
e09c333785b181335f70697c2bd41bf828e42dcd [diff]
random: Plug race in preceding patch

The lockless get_random_uXX() routines locklessly read the next value
from the respective linear buffer and then overwrite it with a 0x0
value. This is racy, as the code might be re-entered by an interrupt
handler, and so the store might redundantly wipe the location accessed
by the interrupt context rather than the interrupted context.

To plug this race, wipe the preceding location when reading the next
value from the linear buffer. Given that the position is always non-zero
outside of the critical section, this is guaranteed to be safe, and
ensures that the produced values are always wiped from the buffer.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>

diff --git a/drivers/char/random.c b/drivers/char/random.c
index cf7305e..514f893 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c

@@ -547,6 +547,7 @@ type get_random_ ##type(void)							\
 	next = (u64)next_gen << 32;						\
 	if (likely(batch->position < ARRAY_SIZE(batch->entropy))) {		\
 		next |=	batch->position; /* always > 0 */			\
+		batch->entropy[batch->position - 1] = 0;			\
 		ret = batch->entropy[batch->position];				\
 	}									\
 	if (!try_cmpxchg64_local(&batch->posgen, &next, next + 1)) {		\