diff options
| author | Kees Cook <keescook@chromium.org> | 2019-04-19 23:27:05 -0400 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2022-06-25 11:48:57 +0200 |
| commit | d7b3bc8b4fa530f965edd6ad9229240e55549a96 (patch) | |
| tree | f8cc01f66a9667931f31820b3b66ef1c298c61ce /init | |
| parent | 915917713de00f0e1c22b9f68375ea1bc1ad4651 (diff) | |
| download | linux-d7b3bc8b4fa530f965edd6ad9229240e55549a96.tar.gz linux-d7b3bc8b4fa530f965edd6ad9229240e55549a96.tar.bz2 linux-d7b3bc8b4fa530f965edd6ad9229240e55549a96.zip | |
random: move rand_initialize() earlier
commit d55535232c3dbde9a523a9d10d68670f5fe5dec3 upstream.
Right now rand_initialize() is run as an early_initcall(), but it only
depends on timekeeping_init() (for mixing ktime_get_real() into the
pools). However, the call to boot_init_stack_canary() for stack canary
initialization runs earlier, which triggers a warning at boot:
random: get_random_bytes called from start_kernel+0x357/0x548 with crng_init=0
Instead, this moves rand_initialize() to after timekeeping_init(), and moves
canary initialization here as well.
Note that this warning may still remain for machines that do not have
UEFI RNG support (which initializes the RNG pools during setup_arch()),
or for x86 machines without RDRAND (or booting without "random.trust=on"
or CONFIG_RANDOM_TRUST_CPU=y).
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'init')
| -rw-r--r-- | init/main.c | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/init/main.c b/init/main.c index 272ec131211c..c101dd088b94 100644 --- a/init/main.c +++ b/init/main.c @@ -549,13 +549,6 @@ asmlinkage __visible void __init start_kernel(void) page_address_init(); pr_notice("%s", linux_banner); setup_arch(&command_line); - /* - * Set up the the initial canary and entropy after arch - * and after adding latent and command line entropy. - */ - add_latent_entropy(); - add_device_randomness(command_line, strlen(command_line)); - boot_init_stack_canary(); mm_init_cpumask(&init_mm); setup_command_line(command_line); setup_nr_cpu_ids(); @@ -640,6 +633,20 @@ asmlinkage __visible void __init start_kernel(void) hrtimers_init(); softirq_init(); timekeeping_init(); + + /* + * For best initial stack canary entropy, prepare it after: + * - setup_arch() for any UEFI RNG entropy and boot cmdline access + * - timekeeping_init() for ktime entropy used in rand_initialize() + * - rand_initialize() to get any arch-specific entropy like RDRAND + * - add_latent_entropy() to get any latent entropy + * - adding command line entropy + */ + rand_initialize(); + add_latent_entropy(); + add_device_randomness(command_line, strlen(command_line)); + boot_init_stack_canary(); + time_init(); perf_event_init(); profile_init(); |