On Fri, 2018-06-01 at 13:52 -0700, Matthew Garrett wrote: > On Fri, Jun 1, 2018 at 4:21 AM Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote: > > On Thu, 2018-05-31 at 14:06 -0700, Matthew Garrett wrote: > > > EVM looks like it SELECTs CONFIG_SHA1, so I /think/ it should be ok > > > before that patch? > > > > According to Junwen, with CONFIG_TRUSTED_KEYS enabled the HMAC and > > SHA1 are allocated at __init. The locking problem occurs when > > CONFIG_TRUSTED_KEYS is not enabled. His solution would have been to > > move the crypto_alloc_shash() in EVM to an __init function. > > Ok - I think just allowing it to be deferred is preferable, since > otherwise we'd have to build in every hash algorithm that could be > used for the signatures (which wasn't a problem before the non-sha1 > patch). How would you prefer me to send these two? The non-sha1 patch > isn't in -next, so I can't add a fixes: for it at this point. Switch the order of the two patches. The bug fix goes first, then the non-sha1 patch. Remember we need an Ack from Herbert Xu for introducing CRYPTO_NOLOAD. Mimi
