From patchwork Tue Oct 10 22:26:40 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Garrett X-Patchwork-Id: 9998087 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id E18D5601AE for ; Tue, 10 Oct 2017 22:26:48 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D4B75287DB for ; Tue, 10 Oct 2017 22:26:48 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C9A84287E0; Tue, 10 Oct 2017 22:26:48 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 676B1287DB for ; Tue, 10 Oct 2017 22:26:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756166AbdJJW0s (ORCPT ); Tue, 10 Oct 2017 18:26:48 -0400 Received: from mail-qt0-f202.google.com ([209.85.216.202]:45385 "EHLO mail-qt0-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753520AbdJJW0r (ORCPT ); Tue, 10 Oct 2017 18:26:47 -0400 Received: by mail-qt0-f202.google.com with SMTP id h4so70292qtk.4 for ; Tue, 10 Oct 2017 15:26:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:date:message-id:subject:from:to:cc; bh=8eiCel8cGb5QNQZw2Mi807M+3G+1s9JzTXnIJfmEeQA=; b=nJSIQArg6iFiiYVX2gN9pkgV1KfDR1VFVxijsZkFG10pr/yYU0NyrsR9oYrF8bNhAq hjEhz6XfRUFeAf1eIcXbTuYQ8dWF8Z+EMcFSmL5ZwIBWpGakwh2Mczt1/ZcMBT7hADJq BuSoLFuFPAynYpv68mP4LXJ7ELrs2Bm7sI3WIJ+HjLcwf/VYJm1k6C8aLXE6k9YPfr2S Vy/jrQMmo1M7iYy5aAsRWvUhOMjqiYwJBGo2LZ2sUMxGd86Y9qPkTUx3SY8LQK+Mp5Yh plgFbHswhdRZMGM7CAnnAFhZgwYKz7G2SkqoefD6TJIGHWDT2ADDxOEMbcbnE+IFVFTy JGpQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:date:message-id:subject:from:to:cc; bh=8eiCel8cGb5QNQZw2Mi807M+3G+1s9JzTXnIJfmEeQA=; b=DvASO8Ez+ZGu5ETz7D7hwy3FqxyNll9TbEWxbS4ruBAWC7xi8LPuUcjQ7nSVgpKGCU 3ER1lSwW6V9qAxWywPX8oXdBmn2o6H9DdDRrys0mjqO3mRXrdPieBdAbDDgfCRlXDdm/ 1wfsd7k1o6ZRu9jlyhZudyqf7sZPAXkE9g5svrKnRP6vjBCKYUW7VdX+styIS0G4cbZg wqlbnsQgztr4aVAnePxlgt9Zu2/Gc0UVngxwWXUwA1vzWOL0uvBVqDMcJ0v7XMBGUROo mxtMzIJ50Ziym46xOMAloTUsnmQLLTRqUDYfN8dZfV+z4Uegaa/de/vWnX90SSDCuuzi qiGA== X-Gm-Message-State: AMCzsaXUHbmM8zQfKYTCZ8e8VKAf4EB+zc4pOQcEjDEmwxiF094jHjQk ihuaEGQXpGviomoROuXVQQvrt8NAzlX+nlh2hC5+9S7xyXUKVd/AZOQMKJ9KRiKe57f4euHB25y B6VXwPz9ZGilEjAqNHiuNl+Jo03/qC6/3Kjo= X-Google-Smtp-Source: AOwi7QAmCtYx61aLcgvTEMdg/AcjXf3S/fCUlSxhCEKWaDaeXFpp4bcTPwF788FcaejoVW+4k4l8H4o+b3mYQ6vtF8aWzQ== MIME-Version: 1.0 X-Received: by 10.55.169.212 with SMTP id s203mr1524768qke.15.1507674406579; Tue, 10 Oct 2017 15:26:46 -0700 (PDT) Date: Tue, 10 Oct 2017 15:26:40 -0700 Message-Id: <20171010222640.5539-1-mjg59@google.com> X-Mailer: git-send-email 2.14.2.920.gcf0c67979c-goog Subject: [PATCH] EVM: Only complain about a missing HMAC key once From: Matthew Garrett To: linux-integrity@vger.kernel.org Cc: zohar@linux.vnet.ibm.com, Matthew Garrett Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP A system can validate EVM digital signatures without requiring an HMAC key, but every EVM validation will generate a kernel error. Change this so we only generate an error once. Signed-off-by: Matthew Garrett --- security/integrity/evm/evm_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c index 6435f12b0067..abe53b28f3e3 100644 --- a/security/integrity/evm/evm_crypto.c +++ b/security/integrity/evm/evm_crypto.c @@ -80,7 +80,7 @@ static struct shash_desc *init_desc(char type) if (type == EVM_XATTR_HMAC) { if (!(evm_initialized & EVM_INIT_HMAC)) { - pr_err("HMAC key is not set\n"); + pr_err_once("HMAC key is not set\n"); return ERR_PTR(-ENOKEY); } tfm = &hmac_tfm;