[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAPcyv4gdB6iOD8N0KAHY9WybpJtRx3EfEQCSM1zuTDkURrfuug@mail.gmail.com>
Date: Tue, 23 Jun 2020 18:03:36 -0700
From: Dan Williams <dan.j.williams@...el.com>
To: David Howells <dhowells@...hat.com>
Cc: "torvalds@...ux-foundation.org" <torvalds@...ux-foundation.org>,
"raven@...maw.net" <raven@...maw.net>,
"kzak@...hat.com" <kzak@...hat.com>,
"jarkko.sakkinen@...ux.intel.com" <jarkko.sakkinen@...ux.intel.com>,
"linux-nvdimm@...ts.01.org" <linux-nvdimm@...ts.01.org>,
"dray@...hat.com" <dray@...hat.com>,
"swhiteho@...hat.com" <swhiteho@...hat.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>,
"mszeredi@...hat.com" <mszeredi@...hat.com>,
"jlayton@...hat.com" <jlayton@...hat.com>,
"viro@...iv.linux.org.uk" <viro@...iv.linux.org.uk>,
"andres@...razel.de" <andres@...razel.de>,
"keyrings@...r.kernel.org" <keyrings@...r.kernel.org>,
"christian.brauner@...ntu.com" <christian.brauner@...ntu.com>
Subject: Re: [GIT PULL] General notification queue and key notifications
On Tue, Jun 23, 2020 at 5:55 PM David Howells <dhowells@...hat.com> wrote:
>
> Dan Williams <dan.j.williams@...el.com> wrote:
>
> > > This commit:
> > >
> > > > keys: Make the KEY_NEED_* perms an enum rather than a mask
> > >
> > > ...upstream as:
> > >
> > > 8c0637e950d6 keys: Make the KEY_NEED_* perms an enum rather than a mask
> > >
> > > ...triggers a regression in the libnvdimm unit test that exercises the
> > > encrypted keys used to store nvdimm passphrases. It results in the
> > > below warning.
> >
> > This regression is still present in tip of tree. David, have you had a
> > chance to take a look?
>
> nvdimm_lookup_user_key() needs to indicate to lookup_user_key() what it wants
> the key for so that the appropriate security checks can take place in SELinux
> and Smack. Note that I have a patch in the works that changes this still
> further.
>
> Does setting the third argument of lookup_user_key() to KEY_NEED_SEARCH work
> for you?
It does, thanks.
Shall I wait for your further reworks to fix this for v5.8, or is that
v5.9 material?
Powered by blists - more mailing lists