Received: by 2002:a5d:9c59:0:0:0:0:0 with SMTP id 25csp2329850iof; Wed, 8 Jun 2022 02:38:27 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy7x58dDfJ/r0XVklcrQw3UoGKFVFiL9RMKrnwePHXgRoz/U/lCkeCYp92F9qenDdO+bo6K X-Received: by 2002:a17:903:41d0:b0:167:68a7:c3d with SMTP id u16-20020a17090341d000b0016768a70c3dmr20362484ple.161.1654681107417; Wed, 08 Jun 2022 02:38:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1654681107; cv=none; d=google.com; s=arc-20160816; b=oYwJYShhlyCF9cpOF/M1BShsYnPG2Ca/NiDi5il9R5u/navSFZAB8/tLeG17KJzk+L JtsnkowlVDjcX1TKg1RUaWDrNkh0PFp4e0Gr5OY+R2ZA4XCeMsMcOemKacAn2dYAJ4/Z lGMaAtu5+yl4u5d299c73W/59JpFxZIy4AXsaORIvJz0iuaeMz4u4BfrqPFtSIryrVUL Oz4eeZod8lqJmCla72elv6HkXjPk5wTmqQE9vcxa/2F7wSjtUBXtNFyTQpsbeYtRCqwN Xyr+WvKjkwE91MMHoj22zhke3xe2Jt22odU3ZlWCCVihR/+0tnJmJLDPbbKePKtFoFrC ZuUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=4n1dR04bOxmUGpvNsJq9bP1JZ1QwoiWvumMPYR7Ys+o=; b=kMDqRgrMkocEkpDoP2l8ryuwSrDMdsi2gNtIx/gnKAVZRqC3Z4GakzmLOtVdc628ho 6nPPijMf/S4YVrlfc8CJIG5y8XUGVItFmULO7U/mc3fdCi0E1/uzAdePlUYTixJZjSb9 XKDTMibpaK4olWlYgzfrEHrSuKj0YY7/OKTkeLnqPxFu5s/W/1QG1+3sO1qoMVJWbVSL ZQR43ORyRFeLORrZPeQVIL8FJg8GvqD5MOB4iFR8z+9AKvOCjMtIBXduCspF2Wb9z5t2 Kh2fIvHlnRmLk/uPz+1qzlEWl2qv1OgGNAJamqQA1eJGWLNDpOz8S/o9zKpmhng72/PU UXSQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Xnsxzz+q; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id s6-20020a056a001c4600b0050cfca6a183si22691811pfw.114.2022.06.08.02.38.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Jun 2022 02:38:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Xnsxzz+q; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 983241B3184; Wed, 8 Jun 2022 02:09:35 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232938AbiFHJHg (ORCPT + 99 others); Wed, 8 Jun 2022 05:07:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51616 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233690AbiFHJFi (ORCPT ); Wed, 8 Jun 2022 05:05:38 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DEB833B60B6 for ; Wed, 8 Jun 2022 01:24:37 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 58755B82606 for ; Wed, 8 Jun 2022 08:24:36 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 101F1C341C6 for ; Wed, 8 Jun 2022 08:24:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1654676675; bh=mb7wSkN8jvPB+WAq0VUpI6GigZN7Y0LbxGtiI8+txLQ=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=Xnsxzz+qUz80qbBBvqQ+QCiV4RqU8h3TGG4nVvp4LCbzKxe6zoYLmXJBLOUQOvnCz 9KpMrhHVNXZ3/88PXbYvKx+I2OTfOzbs69G5yzIbcwqk/29cYiJLU9yo4MpEYO5Y8P FQ+1PGPPyXdQ2OPfl55sH5M3Tcf5PN2+6yaPIhCac0sgFNwek11PaWmSnDBb0EFXlv x/fsIYUg8zWQiRqJifZzEPaE7VPeJglyVK7ujgl21SURCAIzNYY9wa3pnoE7YYKFGH C35i5Vv4fILkwPyEsKQA68VkM1Np7sxgowlLUrD8pcaCxZZxFaskJXTcAU8oCMXx2t LIUgmnipytxfg== Received: by mail-oi1-f174.google.com with SMTP id s124so9043117oia.0 for ; Wed, 08 Jun 2022 01:24:34 -0700 (PDT) X-Gm-Message-State: AOAM531Dqas4bgKcU7nPMfA+8HodTRI9hsjZ3Kl8N7OkleGOkSy4/Kqq dqDHO/iza7Im7gpM/leYLL/JDoRzUAI7EqIKpcw= X-Received: by 2002:a05:6808:300e:b0:32c:425e:df34 with SMTP id ay14-20020a056808300e00b0032c425edf34mr1722849oib.126.1654676674178; Wed, 08 Jun 2022 01:24:34 -0700 (PDT) MIME-Version: 1.0 References: <20220607100210.683136-1-Jason@zx2c4.com> In-Reply-To: <20220607100210.683136-1-Jason@zx2c4.com> From: Ard Biesheuvel Date: Wed, 8 Jun 2022 10:24:23 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] random: do not use jump labels before they are initialized To: "Jason A. Donenfeld" Cc: Linux Kernel Mailing List , Linux ARM , Stephen Boyd , Catalin Marinas , Russell King , Arnd Bergmann , Phil Elwell Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-3.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 7 Jun 2022 at 12:04, Jason A. Donenfeld wrote: > > [ I would like to pursue fixing this more directly first before actually > merging this, but I thought I'd send this to the list now anyway as a > the "backup" plan. If I can't figure out how to make headway on the > main plan in the next few days, it'll be easy to just do this. ] > > Stephen reported that a static key warning splat appears during early > boot on systems that credit randomness from device trees that contain an > "rng-seed" property, because because setup_machine_fdt() is called > before jump_label_init() during setup_arch(): > > static_key_enable_cpuslocked(): static key '0xffffffe51c6fcfc0' used before call to jump_label_init() > WARNING: CPU: 0 PID: 0 at kernel/jump_label.c:166 static_key_enable_cpuslocked+0xb0/0xb8 > Modules linked in: > CPU: 0 PID: 0 Comm: swapper Not tainted 5.18.0+ #224 44b43e377bfc84bc99bb5ab885ff694984ee09ff > pstate: 600001c9 (nZCv dAIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) > pc : static_key_enable_cpuslocked+0xb0/0xb8 > lr : static_key_enable_cpuslocked+0xb0/0xb8 > sp : ffffffe51c393cf0 > x29: ffffffe51c393cf0 x28: 000000008185054c x27: 00000000f1042f10 > x26: 0000000000000000 x25: 00000000f10302b2 x24: 0000002513200000 > x23: 0000002513200000 x22: ffffffe51c1c9000 x21: fffffffdfdc00000 > x20: ffffffe51c2f0831 x19: ffffffe51c6fcfc0 x18: 00000000ffff1020 > x17: 00000000e1e2ac90 x16: 00000000000000e0 x15: ffffffe51b710708 > x14: 0000000000000066 x13: 0000000000000018 x12: 0000000000000000 > x11: 0000000000000000 x10: 00000000ffffffff x9 : 0000000000000000 > x8 : 0000000000000000 x7 : 61632065726f6665 x6 : 6220646573752027 > x5 : ffffffe51c641d25 x4 : ffffffe51c13142c x3 : ffff0a00ffffff05 > x2 : 40000000ffffe003 x1 : 00000000000001c0 x0 : 0000000000000065 > Call trace: > static_key_enable_cpuslocked+0xb0/0xb8 > static_key_enable+0x2c/0x40 > crng_set_ready+0x24/0x30 > execute_in_process_context+0x80/0x90 > _credit_init_bits+0x100/0x154 > add_bootloader_randomness+0x64/0x78 > early_init_dt_scan_chosen+0x140/0x184 > early_init_dt_scan_nodes+0x28/0x4c > early_init_dt_scan+0x40/0x44 > setup_machine_fdt+0x7c/0x120 > setup_arch+0x74/0x1d8 > start_kernel+0x84/0x44c > __primary_switched+0xc0/0xc8 > ---[ end trace 0000000000000000 ]--- > random: crng init done > Machine model: Google Lazor (rev1 - 2) with LTE > > A trivial fix went in to address this on arm64, 73e2d827a501 ("arm64: > Initialize jump labels before setup_machine_fdt()"). But it appears that > fixing it on other platforms might not be so trivial. Instead, defer the > setting of the static branch until later in the boot process. > > Fixes: f5bda35fba61 ("random: use static branch for crng_ready()") > Reported-by: Stephen Boyd > Cc: Ard Biesheuvel > Cc: Catalin Marinas > Cc: Russell King > Cc: Arnd Bergmann > Cc: Phil Elwell > Signed-off-by: Jason A. Donenfeld Reviewed-by: Ard Biesheuvel > --- > drivers/char/random.c | 11 ++++++++++- > 1 file changed, 10 insertions(+), 1 deletion(-) > > diff --git a/drivers/char/random.c b/drivers/char/random.c > index 4862d4d3ec49..f9a020ec08b9 100644 > --- a/drivers/char/random.c > +++ b/drivers/char/random.c > @@ -650,7 +650,8 @@ static void __cold _credit_init_bits(size_t bits) > > if (orig < POOL_READY_BITS && new >= POOL_READY_BITS) { > crng_reseed(); /* Sets crng_init to CRNG_READY under base_crng.lock. */ > - execute_in_process_context(crng_set_ready, &set_ready); > + if (static_key_initialized) > + execute_in_process_context(crng_set_ready, &set_ready); > wake_up_interruptible(&crng_init_wait); > kill_fasync(&fasync, SIGIO, POLL_IN); > pr_notice("crng init done\n"); > @@ -779,6 +780,14 @@ int __init random_init(const char *command_line) > unsigned int i, arch_bytes; > unsigned long entropy; > > + /* > + * If we were initialized by the bootloader before jump labels are > + * initialized, then we should enable the static branch here, where > + * it's guaranteed that jump labels have been initialized. > + */ > + if (!static_branch_likely(&crng_is_ready) && crng_init >= CRNG_READY) > + crng_set_ready(NULL); > + > #if defined(LATENT_ENTROPY_PLUGIN) > static const u8 compiletime_seed[BLAKE2S_BLOCK_SIZE] __initconst __latent_entropy; > _mix_pool_bytes(compiletime_seed, sizeof(compiletime_seed)); > -- > 2.35.1 >