Received: by 2002:a05:6358:16cd:b0:dc:6189:e246 with SMTP id r13csp25791rwl; Thu, 3 Nov 2022 19:09:45 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4HPi7jHikDYnaB1oI456pxrL1i7/hqICpNGkBVX4SjAktT1sp1VbTx+OIvdJHOXIW+MHbH X-Received: by 2002:a17:907:6095:b0:78d:bb0b:c34d with SMTP id ht21-20020a170907609500b0078dbb0bc34dmr32094024ejc.662.1667527785523; Thu, 03 Nov 2022 19:09:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1667527785; cv=none; d=google.com; s=arc-20160816; b=hWe9TffKzvA1cVqGLoKaMheTPFyde75oxqeZB6W7SMKpZ4wPkZ3tbl4wLnTi+y+Biv WM9Y73ExI5hR1MSj+rQa6vpIxn0RQCEeeFwm+cnsXzlve1AWUwdZMukBTwMcPpbu+dRT cI9a5F41zjN+fMOdcFRE7e0I75scidbGObF6yDZp3bGkw0xin59hEjZc8paKJKosq0v0 zPaSOFIvU4podXoKWKN6UiZ7Gc/+RiFHm+4uxF3Gfu77lNntJZgbGSN+teWjHskt5km6 E0WMATGdVElE8KfipGyUIUbvuVY62scXSPB/38eCp2UyDqiYUTYmlvwRTVcv37KP9l2z 9l/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:dkim-signature:from; bh=xZPcQBiWXFjnWO8MPgkbTDO/BmT+oq4ipkIu1SUdyiI=; b=vWxYquLC54wGgjcrlKlPTv7+rKWC05lQw64Dmm8wxeGMz/ec5QkJw1HCSwC75urTmP p2+HmTUQviNrB6CFqnPZLWbzzD2p0Wn+qjhjFLaj8Q6hcBN88bH+FLDj8xLBlJDy/7Yq N+qN2hN8CClJPkxIdAIZuYzg+pFX4sCoYyI1/An0GcbErNNrsssQd32ELBOgfu2DBIJU NN0hw2HBB6udFRyh9dzfaANRQnZV+yng8I5LfNQ3OMchcd2zePgCBoCtLhE+YHcpF9d8 Of2en2dCTkxx0Wc84E1/rrNs15W2dx4JTzcv72wYW3ReD/ABxbwpzYiLbRyGIXqJGqrs zEfw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@weissschuh.net header.s=mail header.b=Rti15vTq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f9-20020a056402354900b00462b0599679si3808584edd.333.2022.11.03.19.09.21; Thu, 03 Nov 2022 19:09:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=fail header.i=@weissschuh.net header.s=mail header.b=Rti15vTq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229637AbiKDBr2 (ORCPT + 96 others); Thu, 3 Nov 2022 21:47:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42692 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229481AbiKDBr0 (ORCPT ); Thu, 3 Nov 2022 21:47:26 -0400 Received: from todd.t-8ch.de (todd.t-8ch.de [159.69.126.157]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 72384233AB; Thu, 3 Nov 2022 18:47:25 -0700 (PDT) From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=weissschuh.net; s=mail; t=1667526441; bh=zA6BOM4Lon4YmACr2oprtmCrkYDcna5kP8A9nDzjIyQ=; h=From:To:Cc:Subject:Date:From; b=Rti15vTqHTmnoxSOumHx9nR+wOhVCzHGsJIGz/GjeEvqALRluQ4JmqaFTXSR9/ZsO 3Wgf3vdUZBQe9fpW+3MtGDX6/yarLXYRxp4YHXHnQ05fMtpqMwKoPt8eSdrMdvwUiQ Oi/xQpDov5sB+8j+Hp15a3fPfUhB5X52ZKdxs920= To: David Howells , David Woodhouse Cc: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= , keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= Subject: [PATCH] certs: Prevent spurious errors on repeated blacklisting Date: Fri, 4 Nov 2022 02:47:04 +0100 Message-Id: <20221104014704.3469-1-linux@weissschuh.net> X-Mailer: git-send-email 2.38.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-Developer-Signature: v=1; a=ed25519-sha256; t=1667526395; l=1345; s=20211113; h=from:subject; bh=zA6BOM4Lon4YmACr2oprtmCrkYDcna5kP8A9nDzjIyQ=; b=klhYPd0ukYGk28HhUv7Q+VCjWvIYNkiMK7eI+uQbQZQrX6nT9RAW7Usn0s9WXbbblQ8jFYeFg58y 3tOqsWOzDZ96hlDb8JcaHzxd+HDEHfWnSNhGJxtB3pcyTuA8wN5K X-Developer-Key: i=linux@weissschuh.net; a=ed25519; pk=9LP6KM4vD/8CwHW7nouRBhWLyQLcK1MkP6aTZbzUlj4= Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When the blacklist keyring was changed to allow updates from the root user it gained an ->update() function that disallows all updates. When the a hash is blacklisted multiple times from the builtin or firmware-provided blacklist this spams prominent logs during boot: [ 0.890814] blacklist: Problem blacklisting hash (-13) As all these repeated calls to mark_raw_hash_blacklisted() would create the same keyring entry again anyways these errors can be safely ignored. Fixes: 6364d106e041 ("certs: Allow root user to append signed hashes to the blacklist keyring") Signed-off-by: Thomas Weißschuh --- certs/blacklist.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/certs/blacklist.c b/certs/blacklist.c index 41f10601cc72..5f7f2882ced7 100644 --- a/certs/blacklist.c +++ b/certs/blacklist.c @@ -191,7 +191,9 @@ static int mark_raw_hash_blacklisted(const char *hash) BLACKLIST_KEY_PERM, KEY_ALLOC_NOT_IN_QUOTA | KEY_ALLOC_BUILT_IN); - if (IS_ERR(key)) { + + /* Blacklisting the same hash twice fails but would be idempotent */ + if (IS_ERR(key) && PTR_ERR(key) != -EACCES) { pr_err("Problem blacklisting hash (%ld)\n", PTR_ERR(key)); return PTR_ERR(key); } base-commit: ee6050c8af96bba2f81e8b0793a1fc2f998fcd20 -- 2.38.1