| From a8ae7965c30be7d9b94d7f9c00b693045f8eda59 Mon Sep 17 00:00:00 2001 |
| From: Jon DeVree <nuxi@vault24.org> |
| Date: Fri, 19 Apr 2019 23:35:16 -0400 |
| Subject: random: fix CRNG initialization when random.trust_cpu=1 |
| |
| [ Upstream commit fe6f1a6a8eedc1aa538fee0baa612b6a59639cf8 ] |
| |
| When the system boots with random.trust_cpu=1 it doesn't initialize the |
| per-NUMA CRNGs because it skips the rest of the CRNG startup code. This |
| means that the code from 1e7f583af67b ("random: make /dev/urandom scalable |
| for silly userspace programs") is not used when random.trust_cpu=1. |
| |
| crash> dmesg | grep random: |
| [ 0.000000] random: get_random_bytes called from start_kernel+0x94/0x530 with crng_init=0 |
| [ 0.314029] random: crng done (trusting CPU's manufacturer) |
| crash> print crng_node_pool |
| $6 = (struct crng_state **) 0x0 |
| |
| After adding the missing call to numa_crng_init() the per-NUMA CRNGs are |
| initialized again: |
| |
| crash> dmesg | grep random: |
| [ 0.000000] random: get_random_bytes called from start_kernel+0x94/0x530 with crng_init=0 |
| [ 0.314031] random: crng done (trusting CPU's manufacturer) |
| crash> print crng_node_pool |
| $1 = (struct crng_state **) 0xffff9a915f4014a0 |
| |
| The call to invalidate_batched_entropy() was also missing. This is |
| important for architectures like PPC and S390 which only have the |
| arch_get_random_seed_* functions. |
| |
| Fixes: 39a8883a2b98 ("random: add a config option to trust the CPU's hwrng") |
| Signed-off-by: Jon DeVree <nuxi@vault24.org> |
| Signed-off-by: Theodore Ts'o <tytso@mit.edu> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| drivers/char/random.c | 5 ++++- |
| 1 file changed, 4 insertions(+), 1 deletion(-) |
| |
| diff --git a/drivers/char/random.c b/drivers/char/random.c |
| index 38c6d1af6d1c0..d4d45ccfeefc0 100644 |
| --- a/drivers/char/random.c |
| +++ b/drivers/char/random.c |
| @@ -777,6 +777,7 @@ static struct crng_state **crng_node_pool __read_mostly; |
| #endif |
| |
| static void invalidate_batched_entropy(void); |
| +static void numa_crng_init(void); |
| |
| static bool trust_cpu __ro_after_init = IS_ENABLED(CONFIG_RANDOM_TRUST_CPU); |
| static int __init parse_trust_cpu(char *arg) |
| @@ -805,7 +806,9 @@ static void crng_initialize(struct crng_state *crng) |
| } |
| crng->state[i] ^= rv; |
| } |
| - if (trust_cpu && arch_init) { |
| + if (trust_cpu && arch_init && crng == &primary_crng) { |
| + invalidate_batched_entropy(); |
| + numa_crng_init(); |
| crng_init = 2; |
| pr_notice("random: crng done (trusting CPU's manufacturer)\n"); |
| } |
| -- |
| 2.20.1 |
| |