Adjust initialization of random(9) so it is usable earlier.

A few existing SYSINITs expect the in-kernel PRNG (random(9)) to be
useable at SI_SUB_RANDOM / SI_ORDER_ANY.  However, the random(4) overhaul
merged for 10.0 performs all of its initialization at SI_SUB_DRIVERS
(since it is tied in with creating the /dev/random character device).

This has changed in HEAD where the random initialization is split such
that the in-kernel random(9) is initialized at SI_SUB_RANDOM and the
supporting bits for userland random(4) (such as /dev/random) are initialized
later.

However, the changes in HEAD are large and invasive.  Instead, this change
is being directly committed to stable/10.

This change moves most of the random(9)/random(4) initialization to
SI_SUB_RANDOM with the exception that the creation of the harvesting kernel
process and the /dev/random character device are deferred to new
SYSINITs that run at SI_SUB_DRIVERS.

This fixes the "random device not loaded; using insecure entropy" message
output during boot on some systems.

PR:		205800
Reviewed by:	markm, so@
Approved by:	so
Approved by:	re (gjb)
Tested by:	Mark Saad <nonesuch@longcount.org>

7 files changed, 54 insertions, 19 deletions

diff --git a/sys/dev/random/live_entropy_sources.c b/sys/dev/random/live_entropy_sources.c
index d406ebd..d25201a 100644
--- a/sys/dev/random/live_entropy_sources.c
+++ b/sys/dev/random/live_entropy_sources.c
@@ -189,7 +189,7 @@ live_entropy_sources_deinit(void *unused)
 	sx_destroy(&les_lock);
 }
 
-SYSINIT(random_adaptors, SI_SUB_DRIVERS, SI_ORDER_FIRST,
+SYSINIT(random_adaptors, SI_SUB_RANDOM, SI_ORDER_FIRST,
     live_entropy_sources_init, NULL);
-SYSUNINIT(random_adaptors, SI_SUB_DRIVERS, SI_ORDER_FIRST,
+SYSUNINIT(random_adaptors, SI_SUB_RANDOM, SI_ORDER_FIRST,
     live_entropy_sources_deinit, NULL);
diff --git a/sys/dev/random/live_entropy_sources.h b/sys/dev/random/live_entropy_sources.h
index 9a23070..a1eec3e 100644
--- a/sys/dev/random/live_entropy_sources.h
+++ b/sys/dev/random/live_entropy_sources.h
@@ -52,7 +52,7 @@ void live_entropy_sources_feed(int, event_proc_f);
 	modevent,						\
 	0							\
     };								\
-    DECLARE_MODULE(name, name##_mod, SI_SUB_DRIVERS,		\
+    DECLARE_MODULE(name, name##_mod, SI_SUB_RANDOM,		\
 		   SI_ORDER_SECOND);				\
     MODULE_VERSION(name, ver);					\
     MODULE_DEPEND(name, random, 1, 1, 1);
diff --git a/sys/dev/random/random_adaptors.c b/sys/dev/random/random_adaptors.c
index 4f5ad2c..d17abf7 100644
--- a/sys/dev/random/random_adaptors.c
+++ b/sys/dev/random/random_adaptors.c
@@ -233,9 +233,9 @@ random_adaptors_init(void *unused)
 
 SYSCTL_NODE(_kern, OID_AUTO, random, CTLFLAG_RW, 0, "Random Number Generator");
 
-SYSINIT(random_adaptors, SI_SUB_DRIVERS, SI_ORDER_FIRST, random_adaptors_init,
+SYSINIT(random_adaptors, SI_SUB_RANDOM, SI_ORDER_FIRST, random_adaptors_init,
     NULL);
-SYSUNINIT(random_adaptors, SI_SUB_DRIVERS, SI_ORDER_FIRST,
+SYSUNINIT(random_adaptors, SI_SUB_RANDOM, SI_ORDER_FIRST,
     random_adaptors_deinit, NULL);
 
 static void
diff --git a/sys/dev/random/random_adaptors.h b/sys/dev/random/random_adaptors.h
index 4765694..b878b28 100644
--- a/sys/dev/random/random_adaptors.h
+++ b/sys/dev/random/random_adaptors.h
@@ -47,7 +47,7 @@ extern struct random_adaptor *random_adaptor;
 
 /*
  * random_adaptor's should be registered prior to
- * random module (SI_SUB_DRIVERS/SI_ORDER_MIDDLE)
+ * random module (SI_SUB_RANDOM/SI_ORDER_MIDDLE)
  */
 #define RANDOM_ADAPTOR_MODULE(name, modevent, ver)		\
     static moduledata_t name##_mod = {				\
@@ -55,7 +55,7 @@ extern struct random_adaptor *random_adaptor;
 	modevent,						\
 	0							\
     };								\
-    DECLARE_MODULE(name, name##_mod, SI_SUB_DRIVERS,		\
+    DECLARE_MODULE(name, name##_mod, SI_SUB_RANDOM,		\
 		   SI_ORDER_SECOND);				\
     MODULE_VERSION(name, ver);					\
     MODULE_DEPEND(name, random, 1, 1, 1);
diff --git a/sys/dev/random/random_harvestq.c b/sys/dev/random/random_harvestq.c
index b7b8381..2638ea3 100644
--- a/sys/dev/random/random_harvestq.c
+++ b/sys/dev/random/random_harvestq.c
@@ -81,6 +81,8 @@ int random_kthread_control = 0;
 
 static struct proc *random_kthread_proc;
 
+static event_proc_f random_cb;
+
 #ifdef RANDOM_RWFILE
 static const char *entropy_files[] = {
 	"/entropy",
@@ -219,7 +221,7 @@ random_kthread(void *arg)
 void
 random_harvestq_init(event_proc_f cb)
 {
-	int error, i;
+	int i;
 	struct harvest *np;
 
 	/* Initialise the harvest fifos */
@@ -238,13 +240,26 @@ random_harvestq_init(event_proc_f cb)
 
 	mtx_init(&harvest_mtx, "entropy harvest mutex", NULL, MTX_SPIN);
 
+	random_cb = cb;
+}
+
+static void
+random_harvestq_start_kproc(void *arg __unused)
+{
+	int error;
+
+	if (random_cb == NULL)
+		return;
+
 	/* Start the hash/reseed thread */
-	error = kproc_create(random_kthread, cb,
+	error = kproc_create(random_kthread, random_cb,
 	    &random_kthread_proc, RFHIGHPID, 0, "rand_harvestq"); /* RANDOM_CSPRNG_NAME */
 
 	if (error != 0)
 		panic("Cannot create entropy maintenance thread.");
 }
+SYSINIT(random_kthread, SI_SUB_DRIVERS, SI_ORDER_ANY,
+    random_harvestq_start_kproc, NULL);
 
 void
 random_harvestq_deinit(void)
@@ -265,6 +280,17 @@ random_harvestq_deinit(void)
 	}
 	harvestfifo.count = 0;
 
+	/*
+	 * Command the hash/reseed thread to end and wait for it to finish
+	 */
+	mtx_lock_spin(&harvest_mtx);
+	if (random_kthread_proc != NULL) {
+		random_kthread_control = -1;
+		msleep_spin((void *)&random_kthread_control, &harvest_mtx,
+		    "term", 0);
+	}
+	mtx_unlock_spin(&harvest_mtx);
+
 	mtx_destroy(&harvest_mtx);
 }
 
diff --git a/sys/dev/random/randomdev.c b/sys/dev/random/randomdev.c
index b76cb83..a220e7f 100644
--- a/sys/dev/random/randomdev.c
+++ b/sys/dev/random/randomdev.c
@@ -175,15 +175,24 @@ random_initialize(void *p, struct random_adaptor *s)
 
 	printf("random: <%s> initialized\n", s->ident);
 
+	/* mark random(4) as initialized, to avoid being called again */
+	random_inited = 1;
+}
+
+static void
+random_makedev(void *arg __unused)
+{
+
+	if (random_adaptor == NULL)
+		return;
+
 	/* Use an appropriately evil mode for those who are concerned
 	 * with daemons */
 	random_dev = make_dev_credf(MAKEDEV_ETERNAL_KLD, &random_cdevsw,
 	    RANDOM_MINOR, NULL, UID_ROOT, GID_WHEEL, 0666, "random");
 	make_dev_alias(random_dev, "urandom"); /* compatibility */
-
-	/* mark random(4) as initialized, to avoid being called again */
-	random_inited = 1;
 }
+SYSINIT(random_makedev, SI_SUB_DRIVERS, SI_ORDER_ANY, random_makedev, NULL);
 
 /* ARGSUSED */
 static int
@@ -229,5 +238,11 @@ random_modevent(module_t mod __unused, int type, void *data __unused)
 	return (error);
 }
 
-DEV_MODULE(random, random_modevent, NULL);
+static moduledata_t random_mod = {
+    "random",
+    random_modevent,
+    NULL
+};
+
+DECLARE_MODULE(random, random_mod, SI_SUB_RANDOM, SI_ORDER_MIDDLE);
 MODULE_VERSION(random, 1);
diff --git a/sys/dev/random/randomdev_soft.c b/sys/dev/random/randomdev_soft.c
index 0929704..6badecc 100644
--- a/sys/dev/random/randomdev_soft.c
+++ b/sys/dev/random/randomdev_soft.c
@@ -182,12 +182,6 @@ randomdev_deinit(void)
 	/* Deregister the randomness harvesting routine */
 	randomdev_deinit_harvester();
 
-	/*
-	 * Command the hash/reseed thread to end and wait for it to finish
-	 */
-	random_kthread_control = -1;
-	tsleep((void *)&random_kthread_control, 0, "term", 0);
-
 #if defined(RANDOM_YARROW)
 	random_yarrow_deinit_alg();
 #endif