Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp2232018pxp; Mon, 21 Mar 2022 14:29:23 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy6QGTTwkSrw6p1AsEiLRvqRv1F7z0qZkPhpjoi3O174P/XkWnfyit/2p3EDHmYBZaRPUlf X-Received: by 2002:a05:6a00:10c8:b0:4fa:81cc:c86e with SMTP id d8-20020a056a0010c800b004fa81ccc86emr12980602pfu.23.1647898163218; Mon, 21 Mar 2022 14:29:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1647898163; cv=none; d=google.com; s=arc-20160816; b=x7eCPgRTcbFCVTXOsD2GAZkq/NlE04C/Rl7j9WwbYFNE3z59Y4otTv65WqRalLChkz dGS6L0sIVGQUYVxnGzlXRVhWthRdlwNKFcZvwbY8FseUIQUPcfdbDKwWTShanAdDBk9n 3hoWk9pC+qeQEmcKzO7sIR8dmNGPldIHWk5tgnsmRKw+gQKGoi0m0u8lxZYmrjIMomtM fWbV3sjBjzucSRtFrPcV1pMGeVFVhNM3YUkKyecUopGdhLA+VvFpM7UkYowSn3KYVj04 BAu4sO2OCSFHvoLei+6mOWO8I4F8zE+et5R/f0P0neHsNsCxCiQHVH+2tTW2xBHeM0i8 R6ZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=Znlv0HuHzVHaeUAmdIRV55nsLLlzSzHPvRIX7fedcUo=; b=vDg34OFIQX0zvuLpBe+hrTRpsrPiNg5TGspD7mbY+9aqFrdIV2mpekVd87Jrw9YvcD 5edGWrZGP5wL/CQqeMQpmjYQW9wVqmBJS+ZiezMbXqA5pjql5/t1wX55DvdduaQ6rf23 PdoRKQaImMm1Y5fV07JzbB/sjOJxIQdzWTPz49tpeFGz4sotY36v6U8UjXKSDBmhO3dq PrZ7SoL5ZakPkpqBmzFh8IuGD7GPKUoA0PX4wAMB/zkZNdh+IsVzqC4CvmPwKC1q1yIu InpKxC3EP6oOVX7NppzU2Y2N1Lhrx/L9WrAhLSbu4hsbkJBt6D+i1KSKAAjYXRWGYtft bb5w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=dZCkQITW; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id d9-20020a170902c18900b00153b2d1642dsi10520548pld.53.2022.03.21.14.29.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 21 Mar 2022 14:29:23 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=dZCkQITW; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id A7F6C40911; Mon, 21 Mar 2022 14:09:21 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1351581AbiCUSZi (ORCPT + 99 others); Mon, 21 Mar 2022 14:25:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40744 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1350174AbiCUSZf (ORCPT ); Mon, 21 Mar 2022 14:25:35 -0400 Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F1B2420F5B for ; Mon, 21 Mar 2022 11:24:06 -0700 (PDT) Received: by mail-ed1-x529.google.com with SMTP id b15so18913657edn.4 for ; Mon, 21 Mar 2022 11:24:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=Znlv0HuHzVHaeUAmdIRV55nsLLlzSzHPvRIX7fedcUo=; b=dZCkQITWm7aAaXjcdC9aaJGWOSDwwhmiHMzz4T9vFTAIrBgplBxfZm25g+walJOkE/ s/1+FK3Q8iyr12mvERqN/SQqQAx8+ypB1IxkVGIV+lbjLfch6NahK1lz9WUKIGbWGR+O E8IS8fJy3WHAEZa0+eSiOxCHHFxFvaGzoT6eqWf2r56tqqoqrFu3VkO5TgA3xK9qS83K w2IIw1WGHDs8sRYaMoc2DFd1XNRIWbdYPKvYXJv0nfEchin0hxv2AgKt5z2XBcK6yq7K HzJG2S05OOtbPXSquUIJ7TEcM50PtjqiTEyoJkHNlHnL/pml7b0fEo0Pch55ynrJWRjB DxzA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=Znlv0HuHzVHaeUAmdIRV55nsLLlzSzHPvRIX7fedcUo=; b=Noq47wZTHwnAWJ9AE4/Mzf5F9bePphO9WbBmJxLHEJWAGymEjlUX8Bsk7QAHHdlfvL YetVMl1zLhEFZhk0td//QKtkZUMsUkqKb7Yp9OqRp4rAnif54h9W5p3hOccYD8II4Z9Z PHNNdrdemgARp3Zrvxv0BQyDIEcU1OCtNMG5OGXMNU6aiwYPj/LtmMWljHV0ioFOtPpA wspRuEgsGXvtKzksZoQy/T7ALdQosunWXm0bhheh/dxvTqpNf2k1S29TsQKxqy6fVluz dphsVwD1cYjcgLyphAVy3Cj/fJiBzwttiShZfGpHRMos6Sko7TpU8rQIaFVcKGhy2HwQ 5N0Q== X-Gm-Message-State: AOAM533iDH/tzw44FeGCr2OCUkBvEXl+tXRahvMaiXlqi5wpFx2f/zy7 N3JheX7gGhPRkJvOd+H09LNBWzHlpoCbFuq7UNKf X-Received: by 2002:a05:6402:42d4:b0:412:c26b:789 with SMTP id i20-20020a05640242d400b00412c26b0789mr24724801edc.232.1647887045389; Mon, 21 Mar 2022 11:24:05 -0700 (PDT) MIME-Version: 1.0 References: <20220321174548.510516-1-mic@digikod.net> <20220321174548.510516-2-mic@digikod.net> In-Reply-To: <20220321174548.510516-2-mic@digikod.net> From: Paul Moore Date: Mon, 21 Mar 2022 14:23:54 -0400 Message-ID: Subject: Re: [PATCH v1 1/1] certs: Explain the rational to call panic() To: =?UTF-8?B?TWlja2HDq2wgU2FsYcO8bg==?= Cc: Jarkko Sakkinen , David Howells , "David S . Miller" , David Woodhouse , Eric Snowberg , keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, =?UTF-8?B?TWlja2HDq2wgU2FsYcO8bg==?= Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE, SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Mar 21, 2022 at 1:45 PM Micka=C3=ABl Sala=C3=BCn = wrote: > > From: Micka=C3=ABl Sala=C3=BCn > > The blacklist_init() function calls panic() for memory allocation > errors. This change documents the reason why we don't return -ENODEV. > > Suggested-by: Paul Moore [1] > Requested-by: Jarkko Sakkinen [1] > Link: https://lore.kernel.org/r/YjeW2r6Wv55Du0bJ@iki.fi [1] > Signed-off-by: Micka=C3=ABl Sala=C3=BCn > Link: https://lore.kernel.org/r/20220321174548.510516-2-mic@digikod.net > --- > certs/blacklist.c | 8 ++++++++ > 1 file changed, 8 insertions(+) I would suggest changing the second sentence as shown below, but otherwise it looks good to me. Reviewed-by: Paul Moore > diff --git a/certs/blacklist.c b/certs/blacklist.c > index 486ce0dd8e9c..ac26bcf9b9a5 100644 > --- a/certs/blacklist.c > +++ b/certs/blacklist.c > @@ -307,6 +307,14 @@ static int restrict_link_for_blacklist(struct key *d= est_keyring, > > /* > * Initialise the blacklist > + * > + * The blacklist_init() function is registered as an initcall via > + * device_initcall(). As a result the functionality doesn't load and th= e "As a result if the blacklist_init() function fails for any reason the kernel continues to execute." > + * kernel continues on executing. While cleanly returning -ENODEV could= be > + * acceptable for some non-critical kernel parts, if the blacklist keyri= ng > + * fails to load it defeats the certificate/key based deny list for sign= ed > + * modules. If a critical piece of security functionality that users ex= pect to > + * be present fails to initialize, panic()ing is likely the right thing = to do. > */ > static int __init blacklist_init(void) > { -- paul-moore.com