[PATCH RESEND v6 1/3] certs: make blacklisted hash available in klog

Thomas Weißschuh linux at weissschuh.net
Mon Jan 9 23:59:41 UTC 2023


One common situation triggering this log statement are duplicate hashes
reported by the system firmware.

These duplicates should be removed from the firmware.

Without logging the blacklisted hash triggering the issue however the users
can not report it properly to the firmware vendors and the firmware vendors
can not easily see which specific hash is duplicated.

While changing the log message also use the dedicated ERR_PTR format
placeholder for the returned error value.

Signed-off-by: Thomas Weißschuh <linux at weissschuh.net>
Reviewed-by: Jarkko Sakkinen <jarkko at kernel.org>
---
 certs/blacklist.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/certs/blacklist.c b/certs/blacklist.c
index 41f10601cc72..6e260c4b6a19 100644
--- a/certs/blacklist.c
+++ b/certs/blacklist.c
@@ -192,7 +192,7 @@ static int mark_raw_hash_blacklisted(const char *hash)
 				   KEY_ALLOC_NOT_IN_QUOTA |
 				   KEY_ALLOC_BUILT_IN);
 	if (IS_ERR(key)) {
-		pr_err("Problem blacklisting hash (%ld)\n", PTR_ERR(key));
+		pr_err("Problem blacklisting hash %s: %pe\n", hash, key);
 		return PTR_ERR(key);
 	}
 	return 0;

-- 
2.39.0



More information about the Linux-security-module-archive mailing list