From patchwork Wed Aug 16 22:46:49 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Laura Abbott X-Patchwork-Id: 9904697 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 8A4F360244 for ; Wed, 16 Aug 2017 22:47:20 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7A8FB288A0 for ; Wed, 16 Aug 2017 22:47:20 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6163428A55; Wed, 16 Aug 2017 22:47:20 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id C76F828A2A for ; Wed, 16 Aug 2017 22:47:17 +0000 (UTC) Received: (qmail 25868 invoked by uid 550); 16 Aug 2017 22:47:11 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 25759 invoked from network); 16 Aug 2017 22:47:10 -0000 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=rBfBWJzrnILkIBjIgfjIvb4f9B7EHBSiX/SszIKZ+Rg=; b=raaNxVBOtt02aYMecbjnLHZ2tGWftII5JlHPA7BI1C0J1Q14DcruLP/jOGUlraSLq8 ehtxi8ZKATFs39i6DIGaUJzmqt+VQUintxhqneuWe4OkO2yZv/+hHdog4iVIexlyHCm5 w+ohBPjs0QMc59a5cNZJNp4w3f4nELJDdA66bztnfNRgXMYee4exaituuS999WGHsPap YGqkUkKdUuHeyQ21zHBfEb+RRfnKGX1BiwBMVIwyQyzps92FLj68Y5dXkauMYxHSAi84 XG1HJjLIDRer4+CavIQKQH/+AImdBe+2R20ottSbt5iNuXs/PeMPsXW3blAjXSEwuMPJ bt8A== X-Gm-Message-State: AHYfb5iMehyb+GAGxVWWYRj3DMgrc8/UlWhxDuB/NW7NY/v58pjDwijI CRU9ULhTNlmsXrBN X-Received: by 10.55.88.66 with SMTP id m63mr4367316qkb.196.1502923618747; Wed, 16 Aug 2017 15:46:58 -0700 (PDT) From: Laura Abbott To: Kees Cook Cc: Laura Abbott , kernel-hardening@lists.openwall.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, Andrew Morton , Daniel Micay , Laura Abbott Date: Wed, 16 Aug 2017 15:46:49 -0700 Message-Id: <20170816224650.1089-2-labbott@redhat.com> X-Mailer: git-send-email 2.13.0 In-Reply-To: <20170816224650.1089-1-labbott@redhat.com> References: <20170816224650.1089-1-labbott@redhat.com> Subject: [kernel-hardening] [PATCHv2 1/2] init: Move stack canary initialization after setup_arch X-Virus-Scanned: ClamAV using ClamSMTP From: Laura Abbott Stack canary intialization involves getting a random number. Getting this random number may involve accessing caches or other architectural specific features which are not available until after the architecture is setup. Move the stack canary initialization later to accomodate this. Signed-off-by: Laura Abbott Signed-off-by: Laura Abbott Acked-by: Kees Cook --- v2: Also moved add_latent_entropy per suggestion of Kees. --- init/main.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/init/main.c b/init/main.c index 052481fbe363..21d599eaad06 100644 --- a/init/main.c +++ b/init/main.c @@ -515,12 +515,6 @@ asmlinkage __visible void __init start_kernel(void) smp_setup_processor_id(); debug_objects_early_init(); - /* - * Set up the initial canary ASAP: - */ - add_latent_entropy(); - boot_init_stack_canary(); - cgroup_init_early(); local_irq_disable(); @@ -534,6 +528,11 @@ asmlinkage __visible void __init start_kernel(void) page_address_init(); pr_notice("%s", linux_banner); setup_arch(&command_line); + /* + * Set up the the initial canary and entropy after arch + */ + add_latent_entropy(); + boot_init_stack_canary(); mm_init_cpumask(&init_mm); setup_command_line(command_line); setup_nr_cpu_ids();