From: Jarkko Sakkinen <jarkko@kernel.org>
To: "Mickaël Salaün" <mic@digikod.net>
Cc: "David Howells" <dhowells@redhat.com>,
"David S . Miller" <davem@davemloft.net>,
"David Woodhouse" <dwmw2@infradead.org>,
"Eric Snowberg" <eric.snowberg@oracle.com>,
"Paul Moore" <paul@paul-moore.com>,
"Tyler Hicks" <tyhicks@linux.microsoft.com>,
keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org,
"Mickaël Salaün" <mic@linux.microsoft.com>
Subject: Re: [PATCH v2 1/1] certs: Explain the rationale to call panic()
Date: Tue, 22 Mar 2022 22:31:19 +0200 [thread overview]
Message-ID: <YjoyF02zD5WdAMOW@iki.fi> (raw)
In-Reply-To: <20220322111323.542184-2-mic@digikod.net>
On Tue, Mar 22, 2022 at 12:13:23PM +0100, Mickaël Salaün wrote:
> From: Mickaël Salaün <mic@linux.microsoft.com>
>
> The blacklist_init() function calls panic() for memory allocation
> errors. This change documents the reason why we don't return -ENODEV.
>
> Suggested-by: Paul Moore <paul@paul-moore.com> [1]
> Requested-by: Jarkko Sakkinen <jarkko@kernel.org> [1]
> Link: https://lore.kernel.org/r/YjeW2r6Wv55Du0bJ@iki.fi [1]
> Reviewed-by: Paul Moore <paul@paul-moore.com>
> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
> Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
> Link: https://lore.kernel.org/r/20220322111323.542184-2-mic@digikod.net
> ---
>
> Changes since v1:
> * Fix commit subject spelling spotted by David Woodhouse.
> * Reword one sentence as suggested by Paul Moore.
> * Add Reviewed-by Paul Moore.
> * Add Reviewed-by Jarkko Sakkinen.
> ---
> certs/blacklist.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/certs/blacklist.c b/certs/blacklist.c
> index 486ce0dd8e9c..25094ea73600 100644
> --- a/certs/blacklist.c
> +++ b/certs/blacklist.c
> @@ -307,6 +307,15 @@ static int restrict_link_for_blacklist(struct key *dest_keyring,
>
> /*
> * Initialise the blacklist
> + *
> + * The blacklist_init() function is registered as an initcall via
> + * device_initcall(). As a result if the blacklist_init() function fails for
> + * any reason the kernel continues to execute. While cleanly returning -ENODEV
> + * could be acceptable for some non-critical kernel parts, if the blacklist
> + * keyring fails to load it defeats the certificate/key based deny list for
> + * signed modules. If a critical piece of security functionality that users
> + * expect to be present fails to initialize, panic()ing is likely the right
> + * thing to do.
> */
> static int __init blacklist_init(void)
> {
> --
> 2.35.1
>
Thank you, I'll put this into my "queue" folder and apply as soon I have
bandwidth.
BR, Jarkko
next prev parent reply other threads:[~2022-03-22 20:32 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-22 11:13 [PATCH v2 0/1] Explain panic() calls for keyring initialization Mickaël Salaün
2022-03-22 11:13 ` [PATCH v2 1/1] certs: Explain the rationale to call panic() Mickaël Salaün
2022-03-22 17:39 ` Tyler Hicks
2022-03-22 20:31 ` Jarkko Sakkinen [this message]
2022-03-30 12:53 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YjoyF02zD5WdAMOW@iki.fi \
--to=jarkko@kernel.org \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=eric.snowberg@oracle.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mic@digikod.net \
--cc=mic@linux.microsoft.com \
--cc=paul@paul-moore.com \
--cc=tyhicks@linux.microsoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.