The crypto_early_init() function could only be called at most twice, and both of those were during startup. AFAICT leaking the first set of locks was the only non-idempotent thing.
