[PATCH 8/8] boot: fdt: downgrade KASLR RNG failure to warning
Simon Glass
sjg at chromium.org
Thu Jun 25 16:38:38 CEST 2026
Hi Jamie,
On 2026-06-25T12:23:17, Jamie Gibbons <jamie.gibbons at microchip.com> wrote:
> boot: fdt: downgrade KASLR RNG failure to warning
>
> During early boot, dm_rng_read() may fail if the underlying RNG
> is temporarily unavailable. This causes KASLR seeding to fail,
> but does not affect boot correctness.
>
> Currently, fdt_kaslrseed() treats this condition as a hard error
> and logs an error message, even though the system continues to
> boot normally.
>
> Downgrade the failure to a warning and continue booting without
> KASLR, making the behaviour explicit without implying a fatal
> error.
>
> Signed-off-by: Jamie Gibbons <jamie.gibbons at microchip.com>
>
> boot/fdt_support.c | 13 ++++++++++---
> 1 file changed, 10 insertions(+), 3 deletions(-)
> diff --git a/boot/fdt_support.c b/boot/fdt_support.c
> @@ -314,9 +314,16 @@ int fdt_kaslrseed(void *fdt, bool overwrite)
> err = dm_rng_read(dev, &data, sizeof(data));
> - if (err) {
> - dev_err(dev, "dm_rng_read failed: %d\n", err);
> - return err;
> + if (err < 0) {
> + /*
> + * RNG may be unavailable during early boot.
> + * KASLR is best-effort in this case; warn and continue.
> + */
The continuation '*' should be aligned with the '*' of '/*':
checkpatch should catch this.
> diff --git a/boot/fdt_support.c b/boot/fdt_support.c
> @@ -314,9 +314,16 @@ int fdt_kaslrseed(void *fdt, bool overwrite)
> + } else if (err != sizeof(data)) {
> + dev_warn(dev, "KASLR seed unavailable (no entropy), continuing without KASLR\n");
> + return 0;
> }
Please drop this branch - see comments on patch 1 about the
dm_rng_read() contract.
> diff --git a/boot/fdt_support.c b/boot/fdt_support.c
> @@ -314,9 +314,16 @@ int fdt_kaslrseed(void *fdt, bool overwrite)
> - if (err) {
> - dev_err(dev, "dm_rng_read failed: %d\n", err);
> - return err;
> + if (err < 0) {
> + /*
> + * RNG may be unavailable during early boot.
> + * KASLR is best-effort in this case; warn and continue.
> + */
> + dev_warn(dev, "KASLR seed unavailable (RNG error %d), continuing without KASLR\n", err);
> + return 0;
This is a behavioural change for every platform that uses
fdt_kaslrseed(), not just MPFS - the commit message frames it as
MPFS-specific but the effect is global. cmd/kaslrseed.c does 'if
(fdt_kaslrseed(working_fdt, true) < 0)' to decide CMD_RET_FAILURE, so
the user-invoked kaslrseed command will now silently succeed even when
no seed was written. Please mention the cross-platform impact in the
commit message, and consider whether the explicit command should still
propagate the error (e.g. keep the propagation in the caller, or add a
best_effort flag).
> diff --git a/boot/fdt_support.c b/boot/fdt_support.c
> @@ -314,9 +314,16 @@ int fdt_kaslrseed(void *fdt, bool overwrite)
> + dev_warn(dev, "KASLR seed unavailable (RNG error %d), continuing without KASLR\n", err);
Just to check - have you considered log_warning() at a lower
verbosity, or only warning once? Repeated boot messages tend to
attract bug reports.
Regards,
Simon
More information about the U-Boot
mailing list