Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp23639imm;
        Wed, 3 Oct 2018 11:14:03 -0700 (PDT)
X-Google-Smtp-Source: ACcGV61jjL6eLOrfPMVmyu7hxz+h4KZoie6WsTHv4K/j7be6wpPlTG5PI/weJ24oIzfbU0v1ydvW
X-Received: by 2002:a65:52c1:: with SMTP id z1-v6mr2412700pgp.65.1538590443769;
        Wed, 03 Oct 2018 11:14:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1538590443; cv=none;
        d=google.com; s=arc-20160816;
        b=KGA3zfXF4cd9WkhuG7Ms0ipLwJzv/BkXa10Ym5TvqZuLBVASleGoJ/7ve3CglpYKU/
         caadypAWsVSWQ2imXrXEQhDOcBPB4inLPVUw96hE4u2GSD0BBYFZ0pS2/hQAD4/qOQHG
         bobeuWMjP323ClkuqNN6nIi+Fb0AdG3s1o6+9KlSpLurQFNypKoPnuOUDw7lwt7TWQhi
         oYLtzLEh4+I5a9eBnUo/9JUasHq1HfVoqv4hDlYvjMRg84qiOKABW/rGEbdFgH3GBJ5z
         A77M7JTC+tNqonmeVVn0TvjAmC5AAfpiSbri8dC3GH3/AYQQFejTNTY+eYAQwDSgXUjV
         n5jA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :message-id:in-reply-to:subject:cc:to:from:date;
        bh=SV2RyGYa6oYBGh+UKzsmdEkD8DK5wEmqHdz77inAHas=;
        b=iPA3PwFR/bWjCOMZHhsiETFKFWxuxGbbZ6VK5qa7Kh0GJpkVwiC66YB4ERZ5F04KyY
         qeafL80aaspJwAPWlV/cyzm8jbAsv8qKz+poocy/7a/WPrPz8EBXFwhaRY5Yxvont7G6
         7l4u2TW+zeQQbh+SfEcVwJXEfxsg1YqyXTT5lmSf5OBPfxRKHuiK8WFwrWYMocKjciVD
         KguRPqUoAUNkuke9E5ee9QtNxxqQUy7scUQymaD1HrXILH9+3DYjNlj63fKbfTsZjr+J
         /E5ubug8NeajAFrGRP9s71TN1X4Yz9yTMjqgjK9JVFRQqWj0BfLTsQw4xMQCsf5VmfMb
         KJQA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id h21-v6si2539590plr.98.2018.10.03.11.13.44;
        Wed, 03 Oct 2018 11:14:03 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727336AbeJDBC5 (ORCPT <rfc822;saikripd@gmail.com> + 99 others);
        Wed, 3 Oct 2018 21:02:57 -0400
Received: from namei.org ([65.99.196.166]:35396 "EHLO namei.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726851AbeJDBC5 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 3 Oct 2018 21:02:57 -0400
Received: from localhost (localhost [127.0.0.1])
        by namei.org (8.14.4/8.14.4) with ESMTP id w93ID8Ag015144;
        Wed, 3 Oct 2018 18:13:08 GMT
Date:   Thu, 4 Oct 2018 04:13:08 +1000 (AEST)
From:   James Morris <jmorris@namei.org>
To:     Kees Cook <keescook@chromium.org>
cc:     Casey Schaufler <casey@schaufler-ca.com>,
        LSM <linux-security-module@vger.kernel.org>,
        SE Linux <selinux@tycho.nsa.gov>,
        LKLM <linux-kernel@vger.kernel.org>,
        John Johansen <john.johansen@canonical.com>,
        Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
        Paul Moore <paul@paul-moore.com>,
        Stephen Smalley <sds@tycho.nsa.gov>,
        "linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
        Alexey Dobriyan <adobriyan@gmail.com>,
        =?ISO-8859-15?Q?Micka=EBl_Sala=FCn?= <mic@digikod.net>,
        Salvatore Mesoraca <s.mesoraca16@gmail.com>
Subject: Re: [PATCH v4 14/19] LSM: Infrastructure management of the inode
 security
In-Reply-To: <CAGXu5jL1Ek85Hky+PZ2pGQF09_cd_odn-LanYU=vVKgw24b8vg@mail.gmail.com>
Message-ID: <alpine.LRH.2.21.1810040409280.13517@namei.org>
References: <e9bfb2d5-d987-55ce-4011-9b32ff745d36@schaufler-ca.com> <f24ab6a2-aa1d-1c36-9e51-22c924ad37e5@schaufler-ca.com> <CAGXu5jL1Ek85Hky+PZ2pGQF09_cd_odn-LanYU=vVKgw24b8vg@mail.gmail.com>
User-Agent: Alpine 2.21 (LRH 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, 21 Sep 2018, Kees Cook wrote:

> On Fri, Sep 21, 2018 at 5:19 PM, Casey Schaufler <casey@schaufler-ca.com> wrote:

> > + * lsm_early_inode - during initialization allocate a composite inode blob
> > + * @inode: the inode that needs a blob
> > + *
> > + * Allocate the inode blob for all the modules if it's not already there
> > + */
> > +void lsm_early_inode(struct inode *inode)
> > +{
> > +       int rc;
> > +
> > +       if (inode == NULL)
> > +               panic("%s: NULL inode.\n", __func__);
> > +       if (inode->i_security != NULL)
> > +               return;
> > +       rc = lsm_inode_alloc(inode);
> > +       if (rc)
> > +               panic("%s: Early inode alloc failed.\n", __func__);
> > +}
> 
> I'm still advising against using panic(), but I'll leave it up to James.
> 

Calling panic() is not appropriate here. Perhaps if it was during 
boot-time initialization of LSM infrastructure, but not on the fly.

Use a WARN_ONCE then propagate the error back and fail the operation.


-- 
James Morris
<jmorris@namei.org>