From: Ard Biesheuvel <[email protected]> The lockless get_random_uXX() reads the next value from the linear buffer and then overwrites it with a 0x0 value. This is racy, as the code might be re-entered by an interrupt handler, and so the store might redundantly wipe the location accessed by the interrupt context rather than the interrupted context.
To plug this race, wipe the preceding location when reading the next value from the linear buffer. Given that the position is always non-zero outside of the critical section, this is guaranteed to be safe, and ensures that the produced values are always wiped from the buffer. Signed-off-by: Ard Biesheuvel <[email protected]> --- drivers/char/random.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/char/random.c b/drivers/char/random.c index 71bd74871540..e8ba460c5c9c 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -547,6 +547,7 @@ type get_random_ ##type(void) \ next = (u64)next_gen << 32; \ if (likely(batch->position < ARRAY_SIZE(batch->entropy))) { \ next |= batch->position + 1; /* next-1 is bogus otherwise */ \ + batch->entropy[batch->position - 1] = 0; \ ret = batch->entropy[batch->position]; \ } \ if (cmpxchg64_local(&batch->posgen, next, next - 1) != next - 1) { \ -- 2.52.0.107.ga0afd4fd5b-goog
