x86: stackprotector: mix TSC to the boot canary

mix the TSC to the boot canary.

Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>

1 files changed, 17 insertions, 3 deletions

diff --git a/include/asm-x86/stackprotector.h b/include/asm-x86/stackprotector.h
index 0f91f7a2688..3baf7ad89be 100644
--- a/include/asm-x86/stackprotector.h
+++ b/include/asm-x86/stackprotector.h
@@ -1,6 +1,8 @@
 #ifndef _ASM_STACKPROTECTOR_H
 #define _ASM_STACKPROTECTOR_H 1
 
+#include <asm/tsc.h>
+
 /*
  * Initialize the stackprotector canary value.
  *
@@ -9,16 +11,28 @@
  */
 static __always_inline void boot_init_stack_canary(void)
 {
+	u64 canary;
+	u64 tsc;
+
 	/*
 	 * If we're the non-boot CPU, nothing set the PDA stack
 	 * canary up for us - and if we are the boot CPU we have
 	 * a 0 stack canary. This is a good place for updating
 	 * it, as we wont ever return from this function (so the
 	 * invalid canaries already on the stack wont ever
-	 * trigger):
+	 * trigger).
+	 *
+	 * We both use the random pool and the current TSC as a source
+	 * of randomness. The TSC only matters for very early init,
+	 * there it already has some randomness on most systems. Later
+	 * on during the bootup the random pool has true entropy too.
 	 */
-	current->stack_canary = get_random_int();
-	write_pda(stack_canary, current->stack_canary);
+	get_random_bytes(&canary, sizeof(canary));
+	tsc = __native_read_tsc();
+	canary += tsc + (tsc << 32UL);
+
+	current->stack_canary = canary;
+	write_pda(stack_canary, canary);
 }
 
 #endif