Re: [PATCH 1/2] evm: Don't deadlock if a crypto algorithm is unavailable

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Jun 2, 2018 at 8:54 AM Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote:
>
> On Fri, Jun 01, 2018 at 04:02:43PM -0700, Matthew Garrett wrote:
> > Trying to instantiate a non-existent crypto algorithm will cause the
> > kernel to trigger a module load. If EVM appraisal is enabled, this will
> > in turn trigger appraisal of the module, which will fail because the
> > crypto algorithm isn't available. Add a CRYPTO_NOLOAD flag and skip
> > module loading if it's set, and add that flag in the EVM case.
> >
> > Signed-off-by: Matthew Garrett <mjg59@xxxxxxxxxx>
>
> I don't get it.  Without your patch it will fail because the
> EVM appraisal fails.  With your patch it will fail because there
> is no algorithm registered.  So what's the difference?

Without my patch it will deadlock as it recursively calls back into
EVM to perform the module appraisal. Sorry, the description was
unclear on that point.



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux