On Thu, Jul 17, 2014 at 11:42 AM, Hannes Frederic Sowa <hannes@xxxxxxxxxxxxxxxxxxx> wrote: > > > On Thu, Jul 17, 2014, at 19:34, Andy Lutomirski wrote: >> On Thu, Jul 17, 2014 at 10:32 AM, Theodore Ts'o <tytso@xxxxxxx> wrote: >> > On Thu, Jul 17, 2014 at 10:12:27AM -0700, Andy Lutomirski wrote: >> >> >> >> Unless I'm reading the code wrong, the prandom_reseed_late call can >> >> happen after userspace is running. >> > >> > But there is also the prandom_reseed() call, which happens early. >> > >> >> Right -- I missed that. > > prandom_init is a core_initcall, prandom_reseed is a late_initcall. > During initialization of the network stack we have calls to prandom_u32 > before the late_initcall happens. That said, I think it is not that > important to seed prandom with rdseed/rdrand as security relevant > entropy extraction should always use get_random_bytes(), but we should > do it nonetheless. > Regardless, I don't want to do this as part of this patch series. One thing at a time... --Andy -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
