Re: port-amd64/58366: KASLR broken

[Taylor R Campbell <riastradh%NetBSD.org@localhost>]

Can you please try the attached patch?

From ed2bcd44cce72438419b29c38717a205e311a60e Mon Sep 17 00:00:00 2001
From: Taylor R Campbell <riastradh%NetBSD.org@localhost>
Date: Tue, 25 Jun 2024 12:18:59 +0000
Subject: [PATCH] x86: Defer x86_rndseed until after pmap_bootstrap.

Loading the random seed, which is what x86_rndseed does, requires
direct map access on KASLR kernels, which requires pmap_bootstrap to
have run.

This had been broken in

amd64/machdep.c 1.359
i386/machdep.c 1.832

because we apparently don't have any automatic test setup for KASLR
kernels, which we should address.

This change shouldn't cause any security regression on kernels that
previously owrked, because none of the logic that now happens before
x86_rndseed uses the entropy pool anyway (uvm_md_init,
init_x86_clusters, xen_parse_cmdline, .

PR port-amd64/58366
---
 sys/arch/amd64/amd64/machdep.c | 25 ++++++++++++++++---------
 sys/arch/i386/i386/machdep.c   | 25 ++++++++++++++++---------
 2 files changed, 32 insertions(+), 18 deletions(-)

diff --git a/sys/arch/amd64/amd64/machdep.c b/sys/arch/amd64/amd64/machdep.c
index bc91a3595ae5..b77bcf98c4c9 100644
--- a/sys/arch/amd64/amd64/machdep.c
+++ b/sys/arch/amd64/amd64/machdep.c
@@ -1754,15 +1754,6 @@ init_x86_64(paddr_t first_avail)
 
 	consinit();	/* XXX SHOULD NOT BE DONE HERE */
 
-	/*
-	 * Initialize RNG to get entropy ASAP either from CPU
-	 * RDRAND/RDSEED or from seed on disk.  Must happen after
-	 * cpu_init_msrs.  Prefer to happen after consinit so we have
-	 * the opportunity to print useful feedback.
-	 */
-	cpu_rng_init();
-	x86_rndseed();
-
 	/*
 	 * Initialize PAGE_SIZE-dependent variables.
 	 */
@@ -1803,6 +1794,22 @@ init_x86_64(paddr_t first_avail)
 	 */
 	pmap_bootstrap(VM_MIN_KERNEL_ADDRESS);
 
+	/*
+	 * Initialize RNG to get entropy ASAP either from CPU
+	 * RDRAND/RDSEED or from seed on disk.  Constraints:
+	 *
+	 * - Must happen after cpu_init_msrs so that curcpu() and
+	 *   curlwp work.
+	 *
+	 * - Must happen after consinit so we have the opportunity to
+	 *   print useful feedback.
+	 *
+	 * - On KASLR kernels, must happen after pmap_bootstrap because
+	 *   x86_rndseed requires access to the direct map.
+	 */
+	cpu_rng_init();
+	x86_rndseed();
+
 #ifndef XENPV
 	/* Internalize the physical pages into the VM system. */
 	init_x86_vm(avail_start);
diff --git a/sys/arch/i386/i386/machdep.c b/sys/arch/i386/i386/machdep.c
index f176330f9d64..dd46efb6afe4 100644
--- a/sys/arch/i386/i386/machdep.c
+++ b/sys/arch/i386/i386/machdep.c
@@ -1280,15 +1280,6 @@ init386(paddr_t first_avail)
 
 	consinit();	/* XXX SHOULD NOT BE DONE HERE */
 
-	/*
-	 * Initialize RNG to get entropy ASAP either from CPU
-	 * RDRAND/RDSEED or from seed on disk.  Must happen after
-	 * cpu_init_msrs.  Prefer to happen after consinit so we have
-	 * the opportunity to print useful feedback.
-	 */
-	cpu_rng_init();
-	x86_rndseed();
-
 #ifdef DEBUG_MEMLOAD
 	printf("mem_cluster_count: %d\n", mem_cluster_cnt);
 #endif
@@ -1299,6 +1290,22 @@ init386(paddr_t first_avail)
 	 */
 	pmap_bootstrap((vaddr_t)atdevbase + IOM_SIZE);
 
+	/*
+	 * Initialize RNG to get entropy ASAP either from CPU
+	 * RDRAND/RDSEED or from seed on disk.  Constraints:
+	 *
+	 * - Must happen after cpu_init_msrs so that curcpu() and
+	 *   curlwp work.
+	 *
+	 * - Must happen after consinit so we have the opportunity to
+	 *   print useful feedback.
+	 *
+	 * - On KASLR kernels, must happen after pmap_bootstrap because
+	 *   x86_rndseed requires access to the direct map.
+	 */
+	cpu_rng_init();
+	x86_rndseed();
+
 #ifndef XENPV
 	/* Initialize the memory clusters. */
 	init_x86_clusters();