random: do not re-init if crng_reseed completes before primary init

commit 9c3ddde3f811aabbb83778a2a615bf141b4909ef upstream.

If the bootloader supplies sufficient material and crng_reseed() is called
very early on, but not too early that wqs aren't available yet, then we
might transition to crng_init==2 before rand_initialize()'s call to
crng_initialize_primary() made. Then, when crng_initialize_primary() is
called, if we're trusting the CPU's RDRAND instructions, we'll
needlessly reinitialize the RNG and emit a message about it. This is
mostly harmless, as numa_crng_init() will allocate and then free what it
just allocated, and excessive calls to invalidate_batched_entropy()
aren't so harmful. But it is funky and the extra message is confusing,
so avoid the re-initialization all together by checking for crng_init <
2 in crng_initialize_primary(), just as we already do in crng_reseed().

Reviewed-by: Dominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/char/random.c b/drivers/char/random.c
index a69370f9edaf77d606be8f9510033f0dd49cc2e7..3db0859e73f12b73c04b854a8fd4897627bd4ae0 100644 (file)
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -828,7 +828,7 @@ static void __init crng_initialize_primary(struct crng_state *crng)
 {
        memcpy(&crng->state[0], "expand 32-byte k", 16);
        _extract_entropy(&input_pool, &crng->state[4], sizeof(__u32) * 12, 0);
-       if (crng_init_try_arch_early(crng) && trust_cpu) {
+       if (crng_init_try_arch_early(crng) && trust_cpu && crng_init < 2) {
                invalidate_batched_entropy();
                numa_crng_init();
                crng_init = 2;