From: Alison Schofield <alison.schofield@intel.com>
To: Vishal Verma <vishal.l.verma@intel.com>,
Dan Williams <dan.j.williams@intel.com>
Cc: Alison Schofield <alison.schofield@intel.com>, nvdimm@lists.linux.dev
Subject: [ndctl PATCH] ndctl: do not try to load a key already on the kernel keyring
Date: Fri, 18 Jun 2021 18:40:54 -0700 [thread overview]
Message-ID: <20210619014056.31907-1-alison.schofield@intel.com> (raw)
During a bulk load of kernel keys, an attempt to load a key that is
already on the kernel keyring emits this ndctl error message:
add_key failed: Invalid argument
and this message in the kernel log:
encrypted_key: keyword 'load' not allowed when called from .update method
Avoid these error messages by checking the kernel keyring before
trying to load.
Fixes: 9925be9d6793 ("ndctl: add a load-keys command and a modprobe config")
Signed-off-by: Alison Schofield <alison.schofield@intel.com>
---
ndctl/load-keys.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/ndctl/load-keys.c b/ndctl/load-keys.c
index 26648fe..9124d5b 100644
--- a/ndctl/load-keys.c
+++ b/ndctl/load-keys.c
@@ -132,6 +132,16 @@ static int load_dimm_keys(struct loadkeys *lk_ctx)
continue;
}
+ /* Skip if key is already on kernel keyring */
+ key = keyctl_search(KEY_SPEC_USER_KEYRING, "encrypted",
+ desc, 0);
+
+ if (key > 0) {
+ free(fname);
+ free(blob);
+ continue;
+ }
+
key = add_key("encrypted", desc, blob, size,
KEY_SPEC_USER_KEYRING);
if (key < 0)
base-commit: 4e646fa490ba4b782afa188dd8818b94c419924e
--
2.25.1
next reply other threads:[~2021-06-19 1:45 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-19 1:40 Alison Schofield [this message]
2021-06-19 1:40 ` [ndctl PATCH] ndctl: remove key from kernel keyring if blob storage fails Alison Schofield
2021-06-19 1:40 ` [ndctl PATCH] ndctl: return -errno when keyctl_read_alloc() fails Alison Schofield
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210619014056.31907-1-alison.schofield@intel.com \
--to=alison.schofield@intel.com \
--cc=dan.j.williams@intel.com \
--cc=nvdimm@lists.linux.dev \
--cc=vishal.l.verma@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).