On Tue, Oct 08, 2019 at 09:15:53PM +0200, gregkh@xxxxxxxxxxxxxxxxxxx wrote:
The patch below does not apply to the 5.3-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable@xxxxxxxxxxxxxxx>.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 674f31a352da5e9f621f757b9a89262f486533a0 Mon Sep 17 00:00:00 2001
From: Dave Jiang <dave.jiang@xxxxxxxxx>
Date: Tue, 24 Sep 2019 10:34:49 -0700
Subject: [PATCH] libnvdimm: prevent nvdimm from requesting key when security
is disabled
Current implementation attempts to request keys from the keyring even when
security is not enabled. Change behavior so when security is disabled it
will skip key request.
Error messages seen when no keys are installed and libnvdimm is loaded:
request-key[4598]: Cannot find command to construct key 661489677
request-key[4606]: Cannot find command to construct key 34713726
Cc: stable@xxxxxxxxxxxxxxx
Fixes: 4c6926a23b76 ("acpi/nfit, libnvdimm: Add unlock of nvdimm support for Intel DIMMs")
Signed-off-by: Dave Jiang <dave.jiang@xxxxxxxxx>
Link: https://lore.kernel.org/r/156934642272.30222.5230162488753445916.stgit@xxxxxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: Dan Williams <dan.j.williams@xxxxxxxxx>
The issue was that the way we represent security flags changed due to
d78c620a2e824 ("libnvdimm/security: Introduce a 'frozen' attribute"). I
fixed up 674f31a352da5 to address that and queued it for 5.3.
