On Wed, 2018-06-13 at 14:33 +0800, Herbert Xu wrote:
> On Fri, Jun 08, 2018 at 02:57:42PM -0700, Matthew Garrett wrote:
> > When EVM attempts to appraise a file signed with a crypto algorithm the
> > kernel doesn't have support for, it will cause the kernel to trigger a
> > module load. If the EVM policy includes appraisal of kernel modules this
> > will in turn call back into EVM - since EVM is holding a lock until the
> > crypto initialisation is complete, this triggers a deadlock. Add a
> > CRYPTO_NOLOAD flag and skip module loading if it's set, and add that flag
> > in the EVM case in order to fail gracefully with an error message
> > instead of deadlocking.
> > 
> > Signed-off-by: Matthew Garrett <mj...@google.com>
> 
> Acked-by: Herbert Xu <herb...@gondor.apana.org.au>

Thanks!  This patch and "evm: Allow non-SHA1 digital signatures" are
now queued in the next-integrity-queued branch.

Mimi

Reply via email to