After 43838a23a05f ("random: fix crng_ready() test") early boot calls to get_random_bytes() will warn on x86 because the crng is not initialized. For example,
random: get_random_bytes called from start_kernel+0x8e/0x587 with crng_init=0 x86 only uses get_random_bytes() for better randomization of the stack canary value so the warning is of no consequence. Test if the crng is initialized before calling get_random_bytes(). If it is not available then attempt to read from the hardware random generator, before finally using the TSC. v2: Add HW random read based on feedback fro h...@zytor.com & ty...@mit.edu Signed-off-by: Prarit Bhargava <pra...@redhat.com> Cc: Thomas Gleixner <t...@linutronix.de> Cc: Ingo Molnar <mi...@redhat.com> Cc: "H. Peter Anvin" <h...@zytor.com> Cc: x...@kernel.org Cc: "Theodore Ts'o" <ty...@mit.edu> Cc: Arnd Bergmann <a...@arndb.de> Cc: Greg Kroah-Hartman <gre...@linuxfoundation.org> Cc: Rik van Riel <r...@redhat.com> Cc: Andrew Morton <a...@linux-foundation.org> Cc: Philippe Ombredanne <pombreda...@nexb.com> Cc: Kees Cook <keesc...@chromium.org> Cc: Prarit Bhargava <pra...@redhat.com> Cc: "Jason A. Donenfeld" <ja...@zx2c4.com> Cc: Kate Stewart <kstew...@linuxfoundation.org> --- arch/x86/include/asm/stackprotector.h | 14 +++++++++----- drivers/char/random.c | 5 ++++- include/linux/random.h | 1 + 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/arch/x86/include/asm/stackprotector.h b/arch/x86/include/asm/stackprotector.h index 8ec97a62c245..082100608d18 100644 --- a/arch/x86/include/asm/stackprotector.h +++ b/arch/x86/include/asm/stackprotector.h @@ -62,17 +62,21 @@ static __always_inline void boot_init_stack_canary(void) { u64 canary; u64 tsc; + int ret; #ifdef CONFIG_X86_64 BUILD_BUG_ON(offsetof(union irq_stack_union, stack_canary) != 40); #endif /* - * We both use the random pool and the current TSC as a source - * of randomness. The TSC only matters for very early init, - * there it already has some randomness on most systems. Later - * on during the bootup the random pool has true entropy too. + * During early boot the entropy pool may not be initialized. As an + * alternative and if one is available, try to use the hardware random + * generator. On most systems the TSC will have some randomness so it + * can also be used for entropy during early boot. */ - get_random_bytes(&canary, sizeof(canary)); + if (crng_ready()) + get_random_bytes(&canary, sizeof(canary)); + else + ret = get_random_bytes_arch(&canary, sizeof(canary)); tsc = rdtsc(); canary += tsc + (tsc << 32UL); canary &= CANARY_MASK; diff --git a/drivers/char/random.c b/drivers/char/random.c index 38c6d1af6d1c..ea6466a3ab14 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -428,7 +428,10 @@ struct crng_state primary_crng = { * its value (from 0->1->2). */ static int crng_init = 0; -#define crng_ready() (likely(crng_init > 1)) +int crng_ready(void) +{ + return likely(crng_init > 1); +} static int crng_init_cnt = 0; static unsigned long crng_global_init_time = 0; #define CRNG_INIT_CNT_THRESH (2*CHACHA_KEY_SIZE) diff --git a/include/linux/random.h b/include/linux/random.h index 445a0ea4ff49..3b5919cb62ca 100644 --- a/include/linux/random.h +++ b/include/linux/random.h @@ -197,4 +197,5 @@ static inline u32 next_pseudo_random32(u32 seed) return seed * 1664525 + 1013904223; } +extern int crng_ready(void); #endif /* _LINUX_RANDOM_H */ -- 2.17.2