Re: [kernel-hardening] [PATCH v4 05/13] crypto/rng: ensure that the RNG is ready before using
On Thu, Jun 8, 2017 at 2:41 AM, Theodore Ts'owrote: > The use in keys/big_key is _being_ removed, so this commit is > dependent on that commit landing, correct? (Order matters, because > otherwise we don't want to potentially screw up doing a kernel bisect > and causing their kernel to deadlock during the boot while they are > trying to track down an unreleated problem.) Yes. It's actually landing with get_random_bytes, to avoid a dependency problem when merging. After these both lands, I'll submit a third changing that over to get_random_bytes_wait in the right place.
Re: [kernel-hardening] [PATCH v4 05/13] crypto/rng: ensure that the RNG is ready before using
On Tue, Jun 06, 2017 at 07:47:56PM +0200, Jason A. Donenfeld wrote: > Otherwise, we might be seeding the RNG using bad randomness, which is > dangerous. The one use of this function from within the kernel -- not > from userspace -- is being removed (keys/big_key), so that call site > isn't relevant in assessing this. The use in keys/big_key is _being_ removed, so this commit is dependent on that commit landing, correct? (Order matters, because otherwise we don't want to potentially screw up doing a kernel bisect and causing their kernel to deadlock during the boot while they are trying to track down an unreleated problem.) - Ted