CVS commit: src/sys/arch

Thu, 27 Jun 2024 16:58:57 -0700 

Module Name:    src
Committed By:   riastradh
Date:           Thu Jun 27 23:58:47 UTC 2024

Modified Files:
        src/sys/arch/amd64/amd64: machdep.c
        src/sys/arch/i386/i386: machdep.c

Log Message:
x86: Defer x86_rndseed until after pmap_bootstrap.

Loading the random seed, which is what x86_rndseed does, requires
direct map access on KASLR kernels, which requires pmap_bootstrap to
have run.

This had been broken in

amd64/machdep.c 1.359
i386/machdep.c 1.832

because we apparently don't have any automatic test setup for KASLR
kernels, which we should address.

This change shouldn't cause any security regression on kernels that
previously owrked, because none of the logic that now happens before
x86_rndseed uses the entropy pool anyway (uvm_md_init,
init_x86_clusters, xen_parse_cmdline).

PR port-amd64/58366


To generate a diff of this commit:
cvs rdiff -u -r1.368 -r1.369 src/sys/arch/amd64/amd64/machdep.c
cvs rdiff -u -r1.841 -r1.842 src/sys/arch/i386/i386/machdep.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/arch/amd64/amd64/machdep.c
diff -u src/sys/arch/amd64/amd64/machdep.c:1.368 src/sys/arch/amd64/amd64/machdep.c:1.369
--- src/sys/arch/amd64/amd64/machdep.c:1.368	Tue Mar  5 14:15:28 2024
+++ src/sys/arch/amd64/amd64/machdep.c	Thu Jun 27 23:58:46 2024
@@ -1,4 +1,4 @@
-/*	$NetBSD: machdep.c,v 1.368 2024/03/05 14:15:28 thorpej Exp $	*/
+/*	$NetBSD: machdep.c,v 1.369 2024/06/27 23:58:46 riastradh Exp $	*/
 
 /*
  * Copyright (c) 1996, 1997, 1998, 2000, 2006, 2007, 2008, 2011
@@ -110,7 +110,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.368 2024/03/05 14:15:28 thorpej Exp $");
+__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.369 2024/06/27 23:58:46 riastradh Exp $");
 
 #include "opt_modular.h"
 #include "opt_user_ldt.h"
@@ -1755,15 +1755,6 @@ init_x86_64(paddr_t first_avail)
 	consinit();	/* XXX SHOULD NOT BE DONE HERE */
 
 	/*
-	 * Initialize RNG to get entropy ASAP either from CPU
-	 * RDRAND/RDSEED or from seed on disk.  Must happen after
-	 * cpu_init_msrs.  Prefer to happen after consinit so we have
-	 * the opportunity to print useful feedback.
-	 */
-	cpu_rng_init();
-	x86_rndseed();
-
-	/*
 	 * Initialize PAGE_SIZE-dependent variables.
 	 */
 	uvm_md_init();
@@ -1803,6 +1794,22 @@ init_x86_64(paddr_t first_avail)
 	 */
 	pmap_bootstrap(VM_MIN_KERNEL_ADDRESS);
 
+	/*
+	 * Initialize RNG to get entropy ASAP either from CPU
+	 * RDRAND/RDSEED or from seed on disk.  Constraints:
+	 *
+	 * - Must happen after cpu_init_msrs so that curcpu() and
+	 *   curlwp work.
+	 *
+	 * - Must happen after consinit so we have the opportunity to
+	 *   print useful feedback.
+	 *
+	 * - On KASLR kernels, must happen after pmap_bootstrap because
+	 *   x86_rndseed requires access to the direct map.
+	 */
+	cpu_rng_init();
+	x86_rndseed();
+
 #ifndef XENPV
 	/* Internalize the physical pages into the VM system. */
 	init_x86_vm(avail_start);

Index: src/sys/arch/i386/i386/machdep.c
diff -u src/sys/arch/i386/i386/machdep.c:1.841 src/sys/arch/i386/i386/machdep.c:1.842
--- src/sys/arch/i386/i386/machdep.c:1.841	Tue Mar  5 14:15:32 2024
+++ src/sys/arch/i386/i386/machdep.c	Thu Jun 27 23:58:46 2024
@@ -1,4 +1,4 @@
-/*	$NetBSD: machdep.c,v 1.841 2024/03/05 14:15:32 thorpej Exp $	*/
+/*	$NetBSD: machdep.c,v 1.842 2024/06/27 23:58:46 riastradh Exp $	*/
 
 /*
  * Copyright (c) 1996, 1997, 1998, 2000, 2004, 2006, 2008, 2009, 2017
@@ -67,7 +67,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.841 2024/03/05 14:15:32 thorpej Exp $");
+__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.842 2024/06/27 23:58:46 riastradh Exp $");
 
 #include "opt_beep.h"
 #include "opt_compat_freebsd.h"
@@ -1280,15 +1280,6 @@ init386(paddr_t first_avail)
 
 	consinit();	/* XXX SHOULD NOT BE DONE HERE */
 
-	/*
-	 * Initialize RNG to get entropy ASAP either from CPU
-	 * RDRAND/RDSEED or from seed on disk.  Must happen after
-	 * cpu_init_msrs.  Prefer to happen after consinit so we have
-	 * the opportunity to print useful feedback.
-	 */
-	cpu_rng_init();
-	x86_rndseed();
-
 #ifdef DEBUG_MEMLOAD
 	printf("mem_cluster_count: %d\n", mem_cluster_cnt);
 #endif
@@ -1299,6 +1290,22 @@ init386(paddr_t first_avail)
 	 */
 	pmap_bootstrap((vaddr_t)atdevbase + IOM_SIZE);
 
+	/*
+	 * Initialize RNG to get entropy ASAP either from CPU
+	 * RDRAND/RDSEED or from seed on disk.  Constraints:
+	 *
+	 * - Must happen after cpu_init_msrs so that curcpu() and
+	 *   curlwp work.
+	 *
+	 * - Must happen after consinit so we have the opportunity to
+	 *   print useful feedback.
+	 *
+	 * - On KASLR kernels, must happen after pmap_bootstrap because
+	 *   x86_rndseed requires access to the direct map.
+	 */
+	cpu_rng_init();
+	x86_rndseed();
+
 #ifndef XENPV
 	/* Initialize the memory clusters. */
 	init_x86_clusters();

Reply via email to