On Tue, May 29, 2018 at 11:25 PM Wang,Junwen <wangjunwen@xxxxxxxxx> wrote: > if we need fix this problem > 1. load the hash algorithm at initial time instead of runtime > OR > 2. avoid the crypto_alloc_shash try to load modules in init_desc The outcome here is presumably going to be failure regardless - if appraisal is required and the hash module is unavailable, failing to load the module won't result in deadlock but will result in an unusable machine? I think the only way this can work is to ensure the crypto modules are available before a policy is enabled, but let me look to see if there's a way to at least make the failure clean and more debuggable.
