summaryrefslogtreecommitdiff
path: root/init
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2019-04-19 23:27:05 -0400
committerTheodore Ts'o <tytso@mit.edu>2019-04-19 23:27:05 -0400
commitd55535232c3dbde9a523a9d10d68670f5fe5dec3 (patch)
tree43265cdcfde71ed2fdbd562c17f034c28aab15bc /init
parenteb9d1bf079bb438d1a066d72337092935fc770f6 (diff)
random: move rand_initialize() earlier
Right now rand_initialize() is run as an early_initcall(), but it only depends on timekeeping_init() (for mixing ktime_get_real() into the pools). However, the call to boot_init_stack_canary() for stack canary initialization runs earlier, which triggers a warning at boot: random: get_random_bytes called from start_kernel+0x357/0x548 with crng_init=0 Instead, this moves rand_initialize() to after timekeeping_init(), and moves canary initialization here as well. Note that this warning may still remain for machines that do not have UEFI RNG support (which initializes the RNG pools during setup_arch()), or for x86 machines without RDRAND (or booting without "random.trust=on" or CONFIG_RANDOM_TRUST_CPU=y). Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Diffstat (limited to 'init')
-rw-r--r--init/main.c21
1 files changed, 14 insertions, 7 deletions
diff --git a/init/main.c b/init/main.c
index 598e278b46f7..55243bc0a067 100644
--- a/init/main.c
+++ b/init/main.c
@@ -564,13 +564,6 @@ asmlinkage __visible void __init start_kernel(void)
page_address_init();
pr_notice("%s", linux_banner);
setup_arch(&command_line);
- /*
- * Set up the the initial canary and entropy after arch
- * and after adding latent and command line entropy.
- */
- add_latent_entropy();
- add_device_randomness(command_line, strlen(command_line));
- boot_init_stack_canary();
mm_init_cpumask(&init_mm);
setup_command_line(command_line);
setup_nr_cpu_ids();
@@ -655,6 +648,20 @@ asmlinkage __visible void __init start_kernel(void)
hrtimers_init();
softirq_init();
timekeeping_init();
+
+ /*
+ * For best initial stack canary entropy, prepare it after:
+ * - setup_arch() for any UEFI RNG entropy and boot cmdline access
+ * - timekeeping_init() for ktime entropy used in rand_initialize()
+ * - rand_initialize() to get any arch-specific entropy like RDRAND
+ * - add_latent_entropy() to get any latent entropy
+ * - adding command line entropy
+ */
+ rand_initialize();
+ add_latent_entropy();
+ add_device_randomness(command_line, strlen(command_line));
+ boot_init_stack_canary();
+
time_init();
printk_safe_init();
perf_event_init();