Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp1106189pxp; Thu, 17 Mar 2022 03:01:51 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxtkGTFb2yqpNwWli+TdoOiGbf8cF5LyMfYwMhvicOyWu+qvQlUbwZ3BRn5re2vcC05IXcR X-Received: by 2002:a62:8c11:0:b0:4f6:e890:5be5 with SMTP id m17-20020a628c11000000b004f6e8905be5mr3989756pfd.19.1647511310887; Thu, 17 Mar 2022 03:01:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1647511310; cv=none; d=google.com; s=arc-20160816; b=By1hPseOemv+mrixmpjLhlFB8TLISouRYVJDLODkJQabjo0nh+jWaKNjPSChM8mMSW RGbsMIYkskTjzSsyyWMN8CgquSlmlqFRqF6Tr25O62ifTTT8Kr4kJKAvWhKKcJsci7f6 V3+uc5aiO2aGsD0cfJrWNMvm5/JWfVzc+oG8ZyL9MMGaAJrcBI+e/EgPn2BJuLetxwGF oNf1MB8+4+BPZxioLAAQ6RUZOrDa+qrIWf/eyvyH0N/0O4vVyrQxVATZNMLXHHMOJ3E1 jwkSMWPA2yJzVgmgIVbTs9aq1if1sNWblxMLbpsJQq2G68cvS73a/9iLQo34wzjtAUp8 uovQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:subject :from:references:cc:to:content-language:user-agent:mime-version:date :message-id; bh=r56GeuQKYLlfXJk3omm5ub0cU7/hw6HTcy4Cw/rW7kU=; b=SbquuPceVLAkik1r+BJWPu7/Dkvikn0SX40d9gJjkQ9PuolptfcUiNeZicrueGH0GM suDfndP2IwS7xtp23KrlMMBwyo1i6iW+OBlk7X6bt/Wk5n2YqFigTp+Y74/t2OBFEXyW 2O2aw3CIVRXNy5Y5AZqllferQ1tjfPecBMn87JObxuwtGTmLkwgKcxKPLC7VK2u2Ay5z 2Iri3uJy3L22uchvtuT9p6iyVrLRmxBWik4O/b3CUdIdgpmLd5/uTpa45+LxwlSZ4kAF q/64UiuXqM9+SHmYCYxHkQeMHKXogXRdXA3ux22H0rpjtUtZ0oOgM8/u/N75rmQg2xwe 1oZQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i2-20020a170902cf0200b0014ed57fd653si4141402plg.104.2022.03.17.03.01.29; Thu, 17 Mar 2022 03:01:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231252AbiCQIao (ORCPT + 99 others); Thu, 17 Mar 2022 04:30:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58496 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231247AbiCQIan (ORCPT ); Thu, 17 Mar 2022 04:30:43 -0400 Received: from smtp-8faa.mail.infomaniak.ch (smtp-8faa.mail.infomaniak.ch [IPv6:2001:1600:4:17::8faa]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 08A5FDAFD7 for ; Thu, 17 Mar 2022 01:29:22 -0700 (PDT) Received: from smtp-2-0000.mail.infomaniak.ch (unknown [10.5.36.107]) by smtp-3-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4KK0g45ZWXzMpnl0; Thu, 17 Mar 2022 09:29:20 +0100 (CET) Received: from ns3096276.ip-94-23-54.eu (unknown [23.97.221.149]) by smtp-2-0000.mail.infomaniak.ch (Postfix) with ESMTPA id 4KK0g342cGzlhSMZ; Thu, 17 Mar 2022 09:29:19 +0100 (CET) Message-ID: <57a2e3ef-5baa-16ef-7865-245134a26e25@digikod.net> Date: Thu, 17 Mar 2022 09:30:02 +0100 MIME-Version: 1.0 User-Agent: Content-Language: en-US To: Jarkko Sakkinen Cc: David Howells , David Woodhouse , "David S . Miller" , Eric Snowberg , =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= , Paul Moore , keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org References: <20220311174741.250424-1-mic@digikod.net> <20220311174741.250424-3-mic@digikod.net> From: =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= Subject: Re: [PATCH v1 2/2] certs: Remove panic() calls from system_trusted_keyring_init() In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On 17/03/2022 08:36, Jarkko Sakkinen wrote: > On Fri, Mar 11, 2022 at 06:47:41PM +0100, Mickaël Salaün wrote: >> From: Mickaël Salaün >> >> Replace panic() calls from device_initcall(system_trusted_keyring_init) >> with proper error handling using -ENODEV. >> >> Suggested-by: Jarkko Sakkinen [1] >> Link: https://lore.kernel.org/r/Yik0C2t7G272YZ73@iki.fi [1] >> Signed-off-by: Mickaël Salaün >> Link: https://lore.kernel.org/r/20220311174741.250424-3-mic@digikod.net >> --- >> certs/system_keyring.c | 26 ++++++++++++++++++++------ >> 1 file changed, 20 insertions(+), 6 deletions(-) >> >> diff --git a/certs/system_keyring.c b/certs/system_keyring.c >> index 05b66ce9d1c9..428046a7aa7f 100644 >> --- a/certs/system_keyring.c >> +++ b/certs/system_keyring.c >> @@ -148,8 +148,10 @@ static __init int system_trusted_keyring_init(void) >> KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH), >> KEY_ALLOC_NOT_IN_QUOTA, >> NULL, NULL); >> - if (IS_ERR(builtin_trusted_keys)) >> - panic("Can't allocate builtin trusted keyring\n"); >> + if (IS_ERR(builtin_trusted_keys)) { >> + pr_err("Can't allocate builtin trusted keyring\n"); >> + return -ENODEV; >> + } >> >> #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING >> secondary_trusted_keys = >> @@ -161,14 +163,26 @@ static __init int system_trusted_keyring_init(void) >> KEY_ALLOC_NOT_IN_QUOTA, >> get_builtin_and_secondary_restriction(), >> NULL); >> - if (IS_ERR(secondary_trusted_keys)) >> - panic("Can't allocate secondary trusted keyring\n"); >> + if (IS_ERR(secondary_trusted_keys)) { >> + pr_err("Can't allocate secondary trusted keyring\n"); >> + goto err_secondary; >> + } >> >> - if (key_link(secondary_trusted_keys, builtin_trusted_keys) < 0) >> - panic("Can't link trusted keyrings\n"); >> + if (key_link(secondary_trusted_keys, builtin_trusted_keys) < 0) { >> + pr_err("Can't link trusted keyrings\n"); >> + goto err_link; >> + } >> #endif >> >> return 0; >> + >> +err_link: >> + key_put(secondary_trusted_keys); >> + >> +err_secondary: >> + key_put(builtin_trusted_keys); >> + >> + return -ENODEV; >> } >> >> /* >> -- >> 2.35.1 >> > > Changes make sense to me but you should implement all this to the original > patch set. You agreed to add this patch on top of the others a few days ago: https://lore.kernel.org/r/f8b1ea77afe8d6698b4a2122254ff8be310412b1.camel@kernel.org What do you think about Paul's concerns?