Commit d9a2e5d7 authored by Dmitry Kasatkin's avatar Dmitry Kasatkin Committed by Mimi Zohar

integrity: prevent flooding with 'Request for unknown key'

If file has IMA signature, IMA in enforce mode, but key is missing
then file access is blocked and single error message is printed.

If IMA appraisal is enabled in fix mode, then system runs as usual
but might produce tons of 'Request for unknown key' messages.

This patch switches 'pr_warn' to 'pr_err_ratelimited'.
Signed-off-by: default avatarDmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
parent 3034a146
...@@ -13,6 +13,7 @@ ...@@ -13,6 +13,7 @@
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/err.h> #include <linux/err.h>
#include <linux/ratelimit.h>
#include <linux/key-type.h> #include <linux/key-type.h>
#include <crypto/public_key.h> #include <crypto/public_key.h>
#include <keys/asymmetric-type.h> #include <keys/asymmetric-type.h>
...@@ -45,7 +46,7 @@ static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid) ...@@ -45,7 +46,7 @@ static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid)
} }
if (IS_ERR(key)) { if (IS_ERR(key)) {
pr_warn("Request for unknown key '%s' err %ld\n", pr_err_ratelimited("Request for unknown key '%s' err %ld\n",
name, PTR_ERR(key)); name, PTR_ERR(key));
switch (PTR_ERR(key)) { switch (PTR_ERR(key)) {
/* Hide some search errors */ /* Hide some search errors */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment