Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751216AbdFBPxo (ORCPT ); Fri, 2 Jun 2017 11:53:44 -0400 Received: from frisell.zx2c4.com ([192.95.5.64]:54561 "EHLO frisell.zx2c4.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750813AbdFBPxm (ORCPT ); Fri, 2 Jun 2017 11:53:42 -0400 MIME-Version: 1.0 In-Reply-To: References: From: "Jason A. Donenfeld" Date: Fri, 2 Jun 2017 17:53:39 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: get_random_bytes returns bad randomness before seeding is complete To: Stephan Mueller , "Theodore Ts'o" , Linux Crypto Mailing List , LKML , kernel-hardening@lists.openwall.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1170 Lines: 39 (Meanwhile...) In my own code, I'm currently playing with a workaround that looks like this: --- a/src/main.c +++ b/src/main.c +#include +#include +struct rng_initializer { + struct completion done; + struct random_ready_callback cb; +}; +static void rng_initialized_callback(struct random_ready_callback *cb) +{ + complete(&container_of(cb, struct rng_initializer, cb)->done); +} + static int __init mod_init(void) { int ret; + struct rng_initializer rng = { + .done = COMPLETION_INITIALIZER(rng.done), + .cb = { .owner = THIS_MODULE, .func = rng_initialized_callback } + }; + + ret = add_random_ready_callback(&rng.cb); + if (!ret) + wait_for_completion(&rng.done); + else if (ret != -EALREADY) + return ret; do_things_with_get_random_bytes_maybe(); Depending on the situation, however, I could imagine that wait_for_completion never returning, if its blocking activity that contributes to the seed actually being available, if this is called from a compiled-in module, so I find this a bit sub-optimal...