On Wed, Jun 06, 2018 at 02:57:11PM -0700, Matthew Garrett wrote: > When EVM attempts to appraise a file signed with a crypto algorithm the > kernel doesn't have support for, it will cause the kernel to trigger a > module load. If the EVM policy includes appraisal of kernel modules this > will in turn call back into EVM - since EVM is holding a lock until the > crypto initialisation is complete, this triggers a deadlock. Add a > CRYPTO_NOLOAD flag and skip module loading if it's set, and add that flag > in the EVM case in order to fail gracefully with an error message > instead of deadlocking. > > Signed-off-by: Matthew Garrett <mjg59@xxxxxxxxxx> > --- > crypto/api.c | 2 +- > include/linux/crypto.h | 5 +++++ > security/integrity/evm/evm_crypto.c | 3 ++- > 3 files changed, 8 insertions(+), 2 deletions(-) Acked-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt