[PATCH] certs: Prevent spurious errors on repeated blacklisting
From: Thomas Weißschuh
Date: Thu Nov 03 2022 - 21:47:30 EST
When the blacklist keyring was changed to allow updates from the root
user it gained an ->update() function that disallows all updates.
When the a hash is blacklisted multiple times from the builtin or
firmware-provided blacklist this spams prominent logs during boot:
[ 0.890814] blacklist: Problem blacklisting hash (-13)
As all these repeated calls to mark_raw_hash_blacklisted() would create
the same keyring entry again anyways these errors can be safely ignored.
Fixes: 6364d106e041 ("certs: Allow root user to append signed hashes to the blacklist keyring")
Signed-off-by: Thomas Weißschuh <linux@xxxxxxxxxxxxxx>
---
certs/blacklist.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/certs/blacklist.c b/certs/blacklist.c
index 41f10601cc72..5f7f2882ced7 100644
--- a/certs/blacklist.c
+++ b/certs/blacklist.c
@@ -191,7 +191,9 @@ static int mark_raw_hash_blacklisted(const char *hash)
BLACKLIST_KEY_PERM,
KEY_ALLOC_NOT_IN_QUOTA |
KEY_ALLOC_BUILT_IN);
- if (IS_ERR(key)) {
+
+ /* Blacklisting the same hash twice fails but would be idempotent */
+ if (IS_ERR(key) && PTR_ERR(key) != -EACCES) {
pr_err("Problem blacklisting hash (%ld)\n", PTR_ERR(key));
return PTR_ERR(key);
}
base-commit: ee6050c8af96bba2f81e8b0793a1fc2f998fcd20
--
2.38.1