From: Mimi Zohar <zohar@linux.ibm.com>
To: linux-integrity@vger.kernel.org
Cc: Mimi Zohar <zohar@linux.ibm.com>, Petr Vorel <pvorel@suse.cz>,
Vitaly Chikunov <vt@altlinux.org>,
Stefan Berger <stefanb@linux.ibm.com>
Subject: [PATCH ima-evm-utils v4 02/17] log and reset 'errno' after failure to open non-critical files
Date: Tue, 1 Nov 2022 16:17:48 -0400 [thread overview]
Message-ID: <20221101201803.372652-3-zohar@linux.ibm.com> (raw)
In-Reply-To: <20221101201803.372652-1-zohar@linux.ibm.com>
Define a log_errno_reset macro to emit the errno string at or near the
time of error, similar to the existing log_errno macro, but also reset
errno to avoid dangling or duplicate errno messages on exit.
The initial usage is for non-critical file open failures.
Suggested-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
---
src/evmctl.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/src/evmctl.c b/src/evmctl.c
index 0412bc0ac2b0..54123bf20f03 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -166,6 +166,9 @@ struct tpm_bank_info {
static char *pcrfile[MAX_PCRFILE];
static unsigned npcrfile;
+#define log_errno_reset(level, fmt, args...) \
+ {do_log(level, fmt " (errno: %s)\n", ##args, strerror(errno)); errno = 0; }
+
static int bin2file(const char *file, const char *ext, const unsigned char *data, int len)
{
FILE *fp;
@@ -1911,8 +1914,10 @@ static int read_sysfs_pcrs(int num_banks, struct tpm_bank_info *tpm_banks)
fp = fopen(pcrs, "r");
if (!fp)
fp = fopen(misc_pcrs, "r");
- if (!fp)
+ if (!fp) {
+ log_errno_reset(LOG_DEBUG, "Failed to read TPM 1.2 PCRs");
return -1;
+ }
result = read_one_bank(&tpm_banks[0], fp);
fclose(fp);
@@ -2055,7 +2060,6 @@ static int ima_measurement(const char *file)
int err_padded = -1;
int err = -1;
- errno = 0;
memset(zero, 0, MAX_DIGEST_SIZE);
pseudo_padded_banks = init_tpm_banks(&num_banks);
@@ -2072,6 +2076,8 @@ static int ima_measurement(const char *file)
init_public_keys(imaevm_params.keyfile);
else /* assume read pubkey from x509 cert */
init_public_keys("/etc/keys/x509_evm.der");
+ if (errno)
+ log_errno_reset(LOG_DEBUG, "Failed to initialize public keys");
/*
* Reading the PCRs before walking the IMA measurement list
@@ -2746,6 +2752,8 @@ int main(int argc, char *argv[])
unsigned long keyid;
char *eptr;
+ errno = 0; /* initialize global errno */
+
#if !(OPENSSL_VERSION_NUMBER < 0x10100000)
OPENSSL_init_crypto(
#ifndef DISABLE_OPENSSL_CONF
--
2.31.1
next prev parent reply other threads:[~2022-11-01 20:18 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-01 20:17 [PATCH ima-evm-utils v4 00/17] address deprecated warnings Mimi Zohar
2022-11-01 20:17 ` [PATCH ima-evm-utils v4 01/17] Revert "Reset 'errno' after failure to open or access a file" Mimi Zohar
2022-11-01 21:46 ` Stefan Berger
2022-11-01 23:04 ` Mimi Zohar
2022-11-02 0:25 ` Stefan Berger
2022-11-03 13:54 ` Mimi Zohar
2022-11-03 14:32 ` Petr Vorel
2022-11-03 21:35 ` Mimi Zohar
2022-11-03 22:50 ` Vitaly Chikunov
2022-11-13 21:25 ` Mimi Zohar
2022-11-01 20:17 ` Mimi Zohar [this message]
2022-11-02 21:02 ` [PATCH ima-evm-utils v4 02/17] log and reset 'errno' after failure to open non-critical files Stefan Berger
2022-11-03 3:13 ` Mimi Zohar
2022-11-01 20:17 ` [PATCH ima-evm-utils v4 03/17] Log and reset 'errno' on lsetxattr failure Mimi Zohar
2022-11-02 15:55 ` Stefan Berger
2022-11-01 20:17 ` [PATCH ima-evm-utils v4 04/17] travis: update dist=focal Mimi Zohar
2022-11-01 20:17 ` [PATCH ima-evm-utils v4 05/17] Update configure.ac to address a couple of obsolete warnings Mimi Zohar
2022-11-01 20:17 ` [PATCH ima-evm-utils v4 06/17] Deprecate IMA signature version 1 Mimi Zohar
2022-11-01 20:17 ` [PATCH ima-evm-utils v4 07/17] Replace the low level SHA1 calls when calculating the TPM 1.2 PCRs Mimi Zohar
2022-11-01 20:17 ` [PATCH ima-evm-utils v4 08/17] Replace the low level HMAC calls when calculating the EVM HMAC Mimi Zohar
2022-11-01 20:17 ` [PATCH ima-evm-utils v4 09/17] Add missing EVP_MD_CTX_free() call in calc_evm_hash() Mimi Zohar
2022-11-01 20:17 ` [PATCH ima-evm-utils v4 10/17] Disable use of OpenSSL "engine" support Mimi Zohar
2022-11-01 20:17 ` [PATCH ima-evm-utils v4 11/17] Fix potential use after free in read_tpm_banks() Mimi Zohar
2022-11-01 20:17 ` [PATCH ima-evm-utils v4 12/17] Limit the file hash algorithm name length Mimi Zohar
2022-11-01 20:17 ` [PATCH ima-evm-utils v4 13/17] Missing template data size lower bounds checking Mimi Zohar
2022-11-01 20:18 ` [PATCH ima-evm-utils v4 14/17] Base sm2/sm3 test on openssl version installed Mimi Zohar
2022-11-01 21:25 ` Stefan Berger
2022-11-01 20:18 ` [PATCH ima-evm-utils v4 15/17] Compile a newer version of OpenSSL Mimi Zohar
2022-11-01 20:18 ` [PATCH ima-evm-utils v4 16/17] Build OpenSSL without engine support Mimi Zohar
2022-11-01 20:18 ` [PATCH ima-evm-utils v4 17/17] Fix d2i_x509_fp failure Mimi Zohar
2022-11-02 0:44 ` Stefan Berger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221101201803.372652-3-zohar@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=linux-integrity@vger.kernel.org \
--cc=pvorel@suse.cz \
--cc=stefanb@linux.ibm.com \
--cc=vt@altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).