On Sat, Jun 2, 2018 at 8:54 AM Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote: > > On Fri, Jun 01, 2018 at 04:02:43PM -0700, Matthew Garrett wrote: > > Trying to instantiate a non-existent crypto algorithm will cause the > > kernel to trigger a module load. If EVM appraisal is enabled, this will > > in turn trigger appraisal of the module, which will fail because the > > crypto algorithm isn't available. Add a CRYPTO_NOLOAD flag and skip > > module loading if it's set, and add that flag in the EVM case. > > > > Signed-off-by: Matthew Garrett <mjg59@xxxxxxxxxx> > > I don't get it. Without your patch it will fail because the > EVM appraisal fails. With your patch it will fail because there > is no algorithm registered. So what's the difference? Without my patch it will deadlock as it recursively calls back into EVM to perform the module appraisal. Sorry, the description was unclear on that point.