diff mbox series

[ndctl] ndctl: do not try to load a key already on the kernel keyring

Message ID 20210619014056.31907-1-alison.schofield@intel.com (mailing list archive)
State New, archived
Headers show
Series [ndctl] ndctl: do not try to load a key already on the kernel keyring | expand

Commit Message

Alison Schofield June 19, 2021, 1:40 a.m. UTC 
During a bulk load of kernel keys, an attempt to load a key that is
already on the kernel keyring emits this ndctl error message:
	add_key failed: Invalid argument

and this message in the kernel log:
	encrypted_key: keyword 'load' not allowed when called from .update method

Avoid these error messages by checking the kernel keyring before
trying to load.

Fixes: 9925be9d6793 ("ndctl: add a load-keys command and a modprobe config")
Signed-off-by: Alison Schofield <alison.schofield@intel.com>
---
 ndctl/load-keys.c | 10 ++++++++++
 1 file changed, 10 insertions(+)


base-commit: 4e646fa490ba4b782afa188dd8818b94c419924e
diff mbox series

Patch

diff --git a/ndctl/load-keys.c b/ndctl/load-keys.c
index 26648fe..9124d5b 100644
--- a/ndctl/load-keys.c
+++ b/ndctl/load-keys.c
@@ -132,6 +132,16 @@  static int load_dimm_keys(struct loadkeys *lk_ctx)
 			continue;
 		}
 
+		/* Skip if key is already on kernel keyring */
+		key = keyctl_search(KEY_SPEC_USER_KEYRING, "encrypted",
+				    desc, 0);
+
+		if (key > 0) {
+			free(fname);
+			free(blob);
+			continue;
+		}
+
 		key = add_key("encrypted", desc, blob, size,
 				KEY_SPEC_USER_KEYRING);
 		if (key < 0)