Received: by 2002:a05:7412:98c1:b0:fa:551:50a7 with SMTP id kc1csp234406rdb; Fri, 5 Jan 2024 08:08:08 -0800 (PST) X-Google-Smtp-Source: AGHT+IEm2AiFEVSHgBqnr+tBm6Sxim11tqBMvMV7ajHBOXOk8DoMeTbprwwhtZbLaUL0E7yhefba X-Received: by 2002:aa7:8a15:0:b0:6d9:bfef:119 with SMTP id m21-20020aa78a15000000b006d9bfef0119mr2216376pfa.7.1704470888469; Fri, 05 Jan 2024 08:08:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704470888; cv=none; d=google.com; s=arc-20160816; b=NoHoNACijW1LI+K7aF1mZDcPxlASuQ1udGAQmTlJFx5ngaQiUYS4DDOUh388CQLYV3 ZE6tjRzqLXhDdHrnHy0C0hMxVRX9i6EsznlX1pfFHZgewAZAF6bvUrqzOY3DfvCe1HEa O8dQ8K/L3zpCVjQwvj0bts7WJ3hDwSp2i0S9TQBgDhJ33xUot59S4vXTpUy5uE7cEzaX U41z9GFOrAxxasqAwki5SPd18KIuB2wYVYofb6/uQ8FcmMMzut9OFdZ55SZcetRdr6Ma m38IRPD5JzVtZ7VrwcX82ea8Cqg/qxYzb546GYTxt17MNtzL7jL5TTZ4zkJzMlf1GZ3Y tPLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:references:to:from:subject:cc:message-id:date :content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:dkim-signature; bh=BdEJRBnD80tANcDQefdrJ/s2N4HzXSkvbigcwSBiBKg=; fh=mjXkbI902aXwrjxoujP+P1sbyJW6HJEHlvWdmyUgPsE=; b=jOyR0W6Svwg6helRlwD2X93TNpkSRUkC9O3UpsuUMiL4dvCAINrUw5Aeq0n7TUoxnR lLnwJPez06JeCGs5PxDBUZFa/WEO7T2ei2eE2dHvC+2Dimti0zUiKiP4P5XAxJUlZN3h nDpEE0mLdqGY9ug1uZO6vPWxS6cY0xHnTfqcXWkUi/FVnoscwyFpsBz2mpxccEKtQLV4 jQm5jU5MMCdpTKS67JKjyEyOQItLe+kgJGwhm02ogtfw99XR+LCN68ewSSaMgQNefFIu ewu57sJb85fES6dUYDuAcVncPcwLQYovypqQ32ZW4tvQkQfjXLIDs7Agvc/qwAQPLWUl 0/eQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=iAy6+IeL; spf=pass (google.com: domain of linux-kernel+bounces-18038-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-18038-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id w22-20020aa78596000000b006da401b39basi1453656pfn.232.2024.01.05.08.08.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Jan 2024 08:08:08 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-18038-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=iAy6+IeL; spf=pass (google.com: domain of linux-kernel+bounces-18038-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-18038-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 2D9D2B25305 for ; Fri, 5 Jan 2024 16:04:56 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 19A4031A9A; Fri, 5 Jan 2024 16:02:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="iAy6+IeL" X-Original-To: linux-kernel@vger.kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 448753175C; Fri, 5 Jan 2024 16:02:42 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C0C24C433C8; Fri, 5 Jan 2024 16:02:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1704470562; bh=BdEJRBnD80tANcDQefdrJ/s2N4HzXSkvbigcwSBiBKg=; h=Date:Cc:Subject:From:To:References:In-Reply-To:From; b=iAy6+IeLThkJwLyZHHNs88zPMTckABq2hifD8khVykX80K6XyPT13D/QgxlfdRn6M zzwQeR+x9T9Hr4yzLYVDJcMHXdqmzWNGCILpKcP5x/qRqI8DKTEYW33PSh/K+nAQzB lNagiAmHsPhJKUNj5L7BKQ0kfV3P0HS/PA8JkDLAIe+ScWv+x/tpWfzKZTj2hSDCga aFRREN0R3IKEF7dBxGppBTUT18io7YS33AE7x0u0nCxFKfQ0kghpBF7LYXHt2xUFPQ wdwRAyBsM/2rKnnstJE8wi3LHzptDIq4+EDfkcUzq//jkrB/IRbv8YE5IFh7Us/h4Q DmcTFt9u8UuFw== Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Fri, 05 Jan 2024 18:02:38 +0200 Message-Id: Cc: , , "Mimi Zohar" , "Dmitry Kasatkin" , "Paul Moore" , "James Morris" , "Serge E. Hallyn" , "open list:SECURITY SUBSYSTEM" , "open list" Subject: Re: [PATCH] integrity: don't throw an error immediately when failed to add a cert to the .machine keyring From: "Jarkko Sakkinen" To: "Coiby Xu" X-Mailer: aerc 0.15.2 References: <20231227044156.166009-1-coxu@redhat.com> <43dozoqfip7m6nglbwzwyzykx23fpzbp7d42pcqzudnzlfvfkb@yjvuo5a6suvv> In-Reply-To: <43dozoqfip7m6nglbwzwyzykx23fpzbp7d42pcqzudnzlfvfkb@yjvuo5a6suvv> On Fri Jan 5, 2024 at 3:20 PM EET, Coiby Xu wrote: > On Wed, Jan 03, 2024 at 04:09:29PM +0200, Jarkko Sakkinen wrote: > >On Wed Dec 27, 2023 at 6:41 AM EET, Coiby Xu wrote: > >> Currently when the kernel fails to add a cert to the .machine keyring, > >> it will throw an error immediately in the function integrity_add_key. > >> > >> Since the kernel will try adding to the .platform keyring next or thro= w > >> an error (in the caller of integrity_add_key i.e. add_to_machine_keyri= ng), > >> so there is no need to throw an error immediately in integrity_add_key= . > >> > >> Reported-by: itrymybest80@protonmail.com > > > >Missing "Firstname Lastname". > > Thanks for raising this concern! I've asked the reporter if he/she can > share his/her name. Also, it is lacking fixes tag. Fixes tag is mandatory, name part would be super nice to have :-) Since this categories as a bug fix, getting them in is 1st priority and that thus does not absolutely block applying the change. Thanks for going trouble trying to query it, however. BR, Jarkko