EVM: Only complain about a missing HMAC key once

A system can validate EVM digital signatures without requiring an HMAC
key, but every EVM validation will generate a kernel error. Change this
so we only generate an error once.

Signed-off-by: Matthew Garrett <mjg59@google.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c
index 1d32cd20009a3bd35cf77bc11027354c00eb8812..bcd64baf87881b4194cf9852c0167900d96ddddc 100644 (file)
--- a/security/integrity/evm/evm_crypto.c
+++ b/security/integrity/evm/evm_crypto.c
@@ -80,7 +80,7 @@ static struct shash_desc *init_desc(char type)
 
        if (type == EVM_XATTR_HMAC) {
                if (!(evm_initialized & EVM_INIT_HMAC)) {
-                       pr_err("HMAC key is not set\n");
+                       pr_err_once("HMAC key is not set\n");
                        return ERR_PTR(-ENOKEY);
                }
                tfm = &hmac_tfm;