Merge tag 'random_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso...

Pull randomness updates from Ted Ts'o:

 - initialize the random driver earler

 - fix CRNG initialization when we trust the CPU's RNG on NUMA systems

 - other miscellaneous cleanups and fixes.

* tag 'random_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random:
  random: add a spinlock_t to struct batched_entropy
  random: document get_random_int() family
  random: fix CRNG initialization when random.trust_cpu=1
  random: move rand_initialize() earlier
  random: only read from /dev/random after its pool has received 128 bits
  drivers/char/random.c: make primary_crng static
  drivers/char/random.c: remove unused stuct poolinfo::poolbits
  drivers/char/random.c: constify poolinfo_table

diff --combined init/main.c
index efe6d62,55243bc..33c87e9
--- 1/init/main.c
--- 2/init/main.c
+++ b/init/main.c
@@@ -504,10 -504,6 +504,10 @@@ void __init __weak thread_stack_cache_i
  
  void __init __weak mem_encrypt_init(void) { }
  
 +void __init __weak poking_init(void) { }
 +
 +void __init __weak pgd_cache_init(void) { }
 +
  bool initcall_debug;
  core_param(initcall_debug, initcall_debug, bool, 0644);
  
@@@ -539,7 -535,6 +539,7 @@@ static void __init mm_init(void
        init_espfix_bsp();
        /* Should be run after espfix64 is set up. */
        pti_init();
 +      pgd_cache_init();
  }
  
  void __init __weak arch_call_rest_init(void)
@@@ -569,13 -564,6 +569,6 @@@ asmlinkage __visible void __init start_
        page_address_init();
        pr_notice("%s", linux_banner);
        setup_arch(&command_line);
-       /*
-        * Set up the the initial canary and entropy after arch
-        * and after adding latent and command line entropy.
-        */
-       add_latent_entropy();
-       add_device_randomness(command_line, strlen(command_line));
-       boot_init_stack_canary();
        mm_init_cpumask(&init_mm);
        setup_command_line(command_line);
        setup_nr_cpu_ids();
@@@ -587,8 -575,6 +580,8 @@@
        page_alloc_init();
  
        pr_notice("Kernel command line: %s\n", boot_command_line);
 +      /* parameters may set static keys */
 +      jump_label_init();
        parse_early_param();
        after_dashes = parse_args("Booting kernel",
                                  static_command_line, __start___param,
@@@ -598,6 -584,8 +591,6 @@@
                parse_args("Setting init args", after_dashes, NULL, 0, -1, -1,
                           NULL, set_init_arg);
  
 -      jump_label_init();
 -
        /*
         * These use large bootmem allocations and must precede
         * kmem_cache_init()
@@@ -660,6 -648,20 +653,20 @@@
        hrtimers_init();
        softirq_init();
        timekeeping_init();
+ 
+       /*
+        * For best initial stack canary entropy, prepare it after:
+        * - setup_arch() for any UEFI RNG entropy and boot cmdline access
+        * - timekeeping_init() for ktime entropy used in rand_initialize()
+        * - rand_initialize() to get any arch-specific entropy like RDRAND
+        * - add_latent_entropy() to get any latent entropy
+        * - adding command line entropy
+        */
+       rand_initialize();
+       add_latent_entropy();
+       add_device_randomness(command_line, strlen(command_line));
+       boot_init_stack_canary();
+ 
        time_init();
        printk_safe_init();
        perf_event_init();
@@@ -742,7 -744,6 +749,7 @@@
        taskstats_init_early();
        delayacct_init();
  
 +      poking_init();
        check_bugs();
  
        acpi_subsystem_init();
@@@ -846,7 -847,7 +853,7 @@@ trace_initcall_start_cb(void *data, ini
  {
        ktime_t *calltime = (ktime_t *)data;
  
 -      printk(KERN_DEBUG "calling  %pF @ %i\n", fn, task_pid_nr(current));
 +      printk(KERN_DEBUG "calling  %pS @ %i\n", fn, task_pid_nr(current));
        *calltime = ktime_get();
  }
  
@@@ -860,7 -861,7 +867,7 @@@ trace_initcall_finish_cb(void *data, in
        rettime = ktime_get();
        delta = ktime_sub(rettime, *calltime);
        duration = (unsigned long long) ktime_to_ns(delta) >> 10;
 -      printk(KERN_DEBUG "initcall %pF returned %d after %lld usecs\n",
 +      printk(KERN_DEBUG "initcall %pS returned %d after %lld usecs\n",
                 fn, ret, duration);
  }
  
@@@ -917,7 -918,7 +924,7 @@@ int __init_or_module do_one_initcall(in
                strlcat(msgbuf, "disabled interrupts ", sizeof(msgbuf));
                local_irq_enable();
        }
 -      WARN(msgbuf[0], "initcall %pF returned with %s\n", fn, msgbuf);
 +      WARN(msgbuf[0], "initcall %pS returned with %s\n", fn, msgbuf);
  
        add_latent_entropy();
        return ret;