During a bulk load of kernel keys, an attempt to load a key that is
already on the kernel keyring emits this ndctl error message:
add_key failed: Invalid argument
and this message in the kernel log:
encrypted_key: keyword 'load' not allowed when called from .update
method
Avoid these error messages by checking the kernel keyring before
trying to load.
Fixes: 9925be9d6793 ("ndctl: add a load-keys command and a modprobe config")
Signed-off-by: Alison Schofield <[email protected]>
---
ndctl/load-keys.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/ndctl/load-keys.c b/ndctl/load-keys.c
index 26648fe..9124d5b 100644
--- a/ndctl/load-keys.c
+++ b/ndctl/load-keys.c
@@ -132,6 +132,16 @@ static int load_dimm_keys(struct loadkeys *lk_ctx)
continue;
}
+ /* Skip if key is already on kernel keyring */
+ key = keyctl_search(KEY_SPEC_USER_KEYRING, "encrypted",
+ desc, 0);
+
+ if (key > 0) {
+ free(fname);
+ free(blob);
+ continue;
+ }
+
key = add_key("encrypted", desc, blob, size,
KEY_SPEC_USER_KEYRING);
if (key < 0)
base-commit: 4e646fa490ba4b782afa188dd8818b94c419924e
--
2.25.1
