[UPSTREAM][RFC PATCH] integrity: add informational messages when revoking certs.

Krzysztof Kozlowski krzysztof.kozlowski at canonical.com
Mon May 10 15:06:27 UTC 2021


On 10/05/2021 11:04, Dimitri John Ledkov wrote:
> On Mon, May 10, 2021 at 3:48 PM Krzysztof Kozlowski
> <krzysztof.kozlowski at canonical.com> wrote:
>>
>>> diff --git a/certs/blacklist.c b/certs/blacklist.c
>>> index c9a435b15af40..738c496756516 100644
>>> --- a/certs/blacklist.c
>>> +++ b/certs/blacklist.c
>>> @@ -172,6 +172,10 @@ int add_key_to_revocation_list(const char *data, size_t size)
>>>       if (IS_ERR(key)) {
>>>               pr_err("Problem with revocation key (%ld)\n", PTR_ERR(key));
>>>               return PTR_ERR(key);
>>> +     } else {
>>> +             pr_notice("Revoked X.509 cert '%s'\n",
>>> +                       key_ref_to_ptr(key)->description);
>>> +             key_ref_put(key);
>>
>> This seems unrelated, based on the commit description. Why do you need it?
> 
> I think the original code today is leaky. I thought that after calling
> key_create_or_update() one should call key_ref_put(key) too.....
> 
> I wonder if I should mention that in the commit message, or send it separately.

Please send it separately with its own Fixes tag. The bugfixes should
never be mixed with other patches because it stops them from backporting
and makes review more difficult. Thanks!

Best regards,
Krzysztof



More information about the kernel-team mailing list