Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp3675206imm;
        Tue, 29 May 2018 11:22:07 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZoAZGN+o7EL5w59rT2LyjpOeB7se59iEk4YFpgF7Eq0/7vfGDozEDXGGotpChiykNhs0mq9
X-Received: by 2002:a63:3488:: with SMTP id b130-v6mr14498414pga.396.1527618127522;
        Tue, 29 May 2018 11:22:07 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1527618127; cv=none;
        d=google.com; s=arc-20160816;
        b=SWXBbOwuh1p9hhDqL/id48ZAd4eB+zEEy51tzMak4JcH3eBLlNpTx62xGn2P74R4LO
         3nZq7xEVlqpXWbpk5oP/3qHML76fYbDTsCC7HvIEQYclZob/so5fPgHyRrnFLsr1OuvR
         wlD5XHWiUAl9qVUZzNUS3nO5rlBofhN8WBYXLdadtrpz/CC/7erxO9RrFSLgKzs/NpMm
         2B/y1QmpiDoWG7C4rHpIzuLYP4yMEJ1g1q5vXPcp4wDiy0XVf7l31GcL2KZGjs/VK5GH
         dm/iFI8X+T0KS1pIjILSLmyjf1ihX+XyXKtVfUS3c8fjqHtdxFDI67NNCjo07LDEvOKT
         PrVA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:from:to:subject
         :content-transfer-encoding:mime-version:references:in-reply-to
         :user-agent:date:arc-authentication-results;
        bh=GC7y7H5apvCrSTQJdgjV9qpWh98g+650cReHTJTSIkA=;
        b=GlxuWxDsMuDHwcAwBDT/DNmRR5ZksNsqnp7HPM4K+4mNQN2zWkKeSgtg9zOm1cc0xV
         c0XNRnvOgsx/MjanVlJnynOI5YsjjGUQJsD/VM+pjA7rU2hM/n6Hn+aArvGw6tgybeVp
         uRMGCST8hsQQcY6O7lD1Eh1j5blcO+mBkLaprkYkFU2V17O38NhTAdLFka/Gt6JdhpIa
         bAO/Fmo1C+bpjdUbSelod+RoxFmhSVEZ379580U05NtOtGeqIIMTwuSRQaMJNSB1VN7J
         JOdr8P++cgU2QdHTWtN9kMyWrWSN9OdZthX3ASrw13VcHU8OtUYQufjjT2zs1NebWqHi
         IfFg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id p12-v6si13365918pll.142.2018.05.29.11.21.53;
        Tue, 29 May 2018 11:22:07 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S966156AbeE2ST4 convert rfc822-to-8bit (ORCPT
        <rfc822;lxz1983@gmail.com> + 99 others);
        Tue, 29 May 2018 14:19:56 -0400
Received: from terminus.zytor.com ([198.137.202.136]:52661 "EHLO
        mail.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S936904AbeE2STu (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 29 May 2018 14:19:50 -0400
Received: from [10.170.142.141] ([192.55.54.59])
        (authenticated bits=0)
        by mail.zytor.com (8.15.2/8.15.2) with ESMTPSA id w4TIJSIA2760773
        (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO);
        Tue, 29 May 2018 11:19:28 -0700
Date:   Tue, 29 May 2018 11:19:25 -0700
User-Agent: K-9 Mail for Android
In-Reply-To: <35cdbb04-7b1d-59ae-2ff8-af1d57751113@redhat.com>
References: <20180529123800.19627-1-prarit@redhat.com> <CAGXu5jJvJbTZT5=u7TJtLsN-TsuSEfw8h2EwV8w-oefJkADoBg@mail.gmail.com> <71b5df93-2e21-f3c3-fa22-4488729daeb5@redhat.com> <20180529160743.GA7381@thunk.org> <35cdbb04-7b1d-59ae-2ff8-af1d57751113@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: 8BIT
Subject: Re: [PATCH] x86, random: Fix get_random_bytes() warning in x86 start_kernel
To:     Prarit Bhargava <prarit@redhat.com>,
        "Theodore Y. Ts'o" <tytso@mit.edu>,
        Kees Cook <keescook@chromium.org>,
        LKML <linux-kernel@vger.kernel.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, X86 ML <x86@kernel.org>,
        Arnd Bergmann <arnd@arndb.de>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Rik van Riel <riel@redhat.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Philippe Ombredanne <pombredanne@nexb.com>,
        "Jason A. Donenfeld" <Jason@zx2c4.com>,
        Kate Stewart <kstewart@linuxfoundation.org>
From:   hpa@zytor.com
Message-ID: <54FF298C-0992-4592-AAF8-9ABBF8DE917D@zytor.com>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On May 29, 2018 9:58:10 AM PDT, Prarit Bhargava <prarit@redhat.com> wrote:
>
>
>On 05/29/2018 12:07 PM, Theodore Y. Ts'o wrote:
>> On Tue, May 29, 2018 at 11:01:07AM -0400, Prarit Bhargava wrote:
>>> Kees, in early boot no pool is available so the stack canary is
>initialized from
>>> the TSC.  Later in boot, the stack canary will use the the crng.
>>>
>>> ie) in early boot only TSC is okay, and late boot (when crng_ready()
>is true)
>>> the pool will be used.
>> 
>> But that means all of the kernel threads (e.g., workqueues, et. al)
>> would not be well protected by the stack canary.  That
>> seems.... rather unfortunate.
>
>Well, as stated the TSC is used as a source of entropy in early boot. 
>It's
>always been that way and get_random_bytes() AFAICT has always returned
>0.  CPUs
>added later on via hotplug do use get_random_bytes().
>
>Does anyone cc'd have a better idea on how to get another source of
>entropy this
>early in boot?
>
>P.
>
>> 
>>       	     	  	      	   	     - Ted
>> 

RDRAND/RDSEED for newer x86 processors.
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.