From ed2bcd44cce72438419b29c38717a205e311a60e Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Tue, 25 Jun 2024 12:18:59 +0000 Subject: [PATCH] x86: Defer x86_rndseed until after pmap_bootstrap. Loading the random seed, which is what x86_rndseed does, requires direct map access on KASLR kernels, which requires pmap_bootstrap to have run. This had been broken in amd64/machdep.c 1.359 i386/machdep.c 1.832 because we apparently don't have any automatic test setup for KASLR kernels, which we should address. This change shouldn't cause any security regression on kernels that previously owrked, because none of the logic that now happens before x86_rndseed uses the entropy pool anyway (uvm_md_init, init_x86_clusters, xen_parse_cmdline, . PR port-amd64/58366 --- sys/arch/amd64/amd64/machdep.c | 25 ++++++++++++++++--------- sys/arch/i386/i386/machdep.c | 25 ++++++++++++++++--------- 2 files changed, 32 insertions(+), 18 deletions(-) diff --git a/sys/arch/amd64/amd64/machdep.c b/sys/arch/amd64/amd64/machdep.c index bc91a3595ae5..b77bcf98c4c9 100644 --- a/sys/arch/amd64/amd64/machdep.c +++ b/sys/arch/amd64/amd64/machdep.c @@ -1754,15 +1754,6 @@ init_x86_64(paddr_t first_avail) consinit(); /* XXX SHOULD NOT BE DONE HERE */ - /* - * Initialize RNG to get entropy ASAP either from CPU - * RDRAND/RDSEED or from seed on disk. Must happen after - * cpu_init_msrs. Prefer to happen after consinit so we have - * the opportunity to print useful feedback. - */ - cpu_rng_init(); - x86_rndseed(); - /* * Initialize PAGE_SIZE-dependent variables. */ @@ -1803,6 +1794,22 @@ init_x86_64(paddr_t first_avail) */ pmap_bootstrap(VM_MIN_KERNEL_ADDRESS); + /* + * Initialize RNG to get entropy ASAP either from CPU + * RDRAND/RDSEED or from seed on disk. Constraints: + * + * - Must happen after cpu_init_msrs so that curcpu() and + * curlwp work. + * + * - Must happen after consinit so we have the opportunity to + * print useful feedback. + * + * - On KASLR kernels, must happen after pmap_bootstrap because + * x86_rndseed requires access to the direct map. + */ + cpu_rng_init(); + x86_rndseed(); + #ifndef XENPV /* Internalize the physical pages into the VM system. */ init_x86_vm(avail_start); diff --git a/sys/arch/i386/i386/machdep.c b/sys/arch/i386/i386/machdep.c index f176330f9d64..dd46efb6afe4 100644 --- a/sys/arch/i386/i386/machdep.c +++ b/sys/arch/i386/i386/machdep.c @@ -1280,15 +1280,6 @@ init386(paddr_t first_avail) consinit(); /* XXX SHOULD NOT BE DONE HERE */ - /* - * Initialize RNG to get entropy ASAP either from CPU - * RDRAND/RDSEED or from seed on disk. Must happen after - * cpu_init_msrs. Prefer to happen after consinit so we have - * the opportunity to print useful feedback. - */ - cpu_rng_init(); - x86_rndseed(); - #ifdef DEBUG_MEMLOAD printf("mem_cluster_count: %d\n", mem_cluster_cnt); #endif @@ -1299,6 +1290,22 @@ init386(paddr_t first_avail) */ pmap_bootstrap((vaddr_t)atdevbase + IOM_SIZE); + /* + * Initialize RNG to get entropy ASAP either from CPU + * RDRAND/RDSEED or from seed on disk. Constraints: + * + * - Must happen after cpu_init_msrs so that curcpu() and + * curlwp work. + * + * - Must happen after consinit so we have the opportunity to + * print useful feedback. + * + * - On KASLR kernels, must happen after pmap_bootstrap because + * x86_rndseed requires access to the direct map. + */ + cpu_rng_init(); + x86_rndseed(); + #ifndef XENPV /* Initialize the memory clusters. */ init_x86_clusters();