From patchwork Wed Oct 11 19:11:12 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Garrett X-Patchwork-Id: 10000375 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id EC335602BF for ; Wed, 11 Oct 2017 19:11:26 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D503428B45 for ; Wed, 11 Oct 2017 19:11:26 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D3D7528B53; Wed, 11 Oct 2017 19:11:26 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 766F328B49 for ; Wed, 11 Oct 2017 19:11:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757553AbdJKTLZ (ORCPT ); Wed, 11 Oct 2017 15:11:25 -0400 Received: from mail-it0-f74.google.com ([209.85.214.74]:50016 "EHLO mail-it0-f74.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752123AbdJKTLX (ORCPT ); Wed, 11 Oct 2017 15:11:23 -0400 Received: by mail-it0-f74.google.com with SMTP id a125so2037827ita.8 for ; Wed, 11 Oct 2017 12:11:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:date:in-reply-to:message-id:references:subject:from:to :cc; bh=uAL+vS0DhosyiNXzUidGvgyVyuRwJc1vd/8ANPTbKSY=; b=uFZrzPLWrzDKG0WqadMGFmeNOH7xJgWorKPoJkif7tNSEkq6Rrw+USe1eAi4l01H4k +NBh0Q6f2UJux9Tk3eZuAefuZQySSPaxFVjF2zgt02/RlzOrAR1Lzl2kXuhGSD1oyMeL sLhKuCuLwT09UB0vHKETiUaOCf1ppNmrR82hPbA4RoBxmJH3ROeDrlFsbz6XSvpzBph2 AjlB4wgeWThquXrRMh9yG+/G8QOc1gYDylu/fJ3icSHKLLjUdx3UhXAH38IxNoUTiF8N 7WyzxP9XyJ2n9ubJk9n+zdjR5+8sUc0QFN6sPnfao/VeVCx0q9bxunTk4FY/nJNJmZik Ccng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:date:in-reply-to:message-id :references:subject:from:to:cc; bh=uAL+vS0DhosyiNXzUidGvgyVyuRwJc1vd/8ANPTbKSY=; b=HYgDOwx9es6bwsuXP2wUjhiLF04LANUxP67TZi8wPkxK0o0WTlj9prCj/PkrEltZMq +5wSRvavmlOqemfNpwJtFiaEFkpNZospFRLsjhrQujLEF/3RxMWx8Mp01G8BHYa+W/Fq 8RPkNA3Ycp3GErfHelnpu+ibldo/bCgGNVjMac4mRbgdaCYSKtNo1yh6dMa2xfbzNud9 eMVgK9VT06cgkXwCb43/+JV+3RmWOn3AyKgvNeVQRetUrKXWvR7mMWTjyhD5Hp11EmtP /MBy45ht6FBA9LYCZ0nmEOa+KWS/7gQeZv1OXe0fJ28eqLAUDIu3o0FwUwFh68Wgdqeu c/Pg== X-Gm-Message-State: AMCzsaWJS6XqDdeG4aSQKYoeisswwFgVh3ppOtry/N2B6ssRpoN9ZaRi v8/ZsBwhP3xz6Z7qm7urlnftiww4Xdifqz8dj9TDrdc5UgEKpc9uDVhKyJZ9MS7LEwNCuR0Hjfl Q/Cs/aMXLsamLVnFwJujNbUsaBqLBugBy8oA= X-Google-Smtp-Source: AOwi7QAbi7TeyXokgIWoecZA4ohCSYRKQ2+MElZs0p+hJ1Z0oLMK2Nh06i2n8u6rrWtNVDvPPvstK7BeRTmB5PgSQa+AjQ== MIME-Version: 1.0 X-Received: by 10.36.249.73 with SMTP id l70mr10322ith.27.1507749083163; Wed, 11 Oct 2017 12:11:23 -0700 (PDT) Date: Wed, 11 Oct 2017 12:11:12 -0700 In-Reply-To: <20171011191014.4426-1-mjg59@google.com> Message-Id: <20171011191112.4861-1-mjg59@google.com> References: <20171011191014.4426-1-mjg59@google.com> X-Mailer: git-send-email 2.15.0.rc0.271.g36b669edcc-goog Subject: [PATCH V2] EVM: Only complain about a missing HMAC key once From: Matthew Garrett To: linux-integrity@vger.kernel.org Cc: zohar@linux.vnet.ibm.com, Matthew Garrett Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP A system can validate EVM digital signatures without requiring an HMAC key, but every EVM validation will generate a kernel error. Change this so we only generate an error once. Signed-off-by: Matthew Garrett --- security/integrity/evm/evm_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c index 6435f12b0067..abe53b28f3e3 100644 --- a/security/integrity/evm/evm_crypto.c +++ b/security/integrity/evm/evm_crypto.c @@ -80,7 +80,7 @@ static struct shash_desc *init_desc(char type) if (type == EVM_XATTR_HMAC) { if (!(evm_initialized & EVM_INIT_HMAC)) { - pr_err("HMAC key is not set\n"); + pr_err_once("HMAC key is not set\n"); return ERR_PTR(-ENOKEY); } tfm = &hmac_tfm;