Re: [PATCH RFC v2 5/8] security/keys: ensure RNG is seeded before use

On Mon, Jun 5, 2017 at 5:47 AM, Jason A. Donenfeld wrote: > - get_random_bytes(>serial, sizeof(key->serial)); > + ret = get_random_bytes_wait(>serial, > sizeof(key->serial)); This actually isn't okay at bootup, but I've got a different change for

[PATCH RFC v2 5/8] security/keys: ensure RNG is seeded before use

Otherwise, we might use bad random numbers which, particularly in the case of IV generation, could be quite bad. It makes sense to use the synchronous API here, because we're always in process context (as the code is littered with GFP_KERNEL and the like). Signed-off-by: Jason A. Donenfeld