Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp3112406pxp;
        Tue, 22 Mar 2022 12:19:56 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyq1q8fPySWPeshx4odNp9isEsDfLKzp0T8TLS6xqWY/WxP7WMSVxMQxFIUgPoVpca9k1F6
X-Received: by 2002:a17:907:7ba3:b0:6df:b07c:ee35 with SMTP id ne35-20020a1709077ba300b006dfb07cee35mr22512519ejc.588.1647976795926;
        Tue, 22 Mar 2022 12:19:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1647976795; cv=none;
        d=google.com; s=arc-20160816;
        b=L87rWmtXGVGy0pYG/mmO3tTWgbwA7nSwqfEq8ZRMANPZ/Ca4XRfxK2MPvzJozdz7Ke
         hKC6oSlKchUcdyjf+ksni8I8ilhYN0q0/YmtEpuXdOOI6oe1+avoZB2F25TwaaVeSwgJ
         yPmgMxagQVo7hcjm3KlcW2Dh6upxh8D+WxIjlOjVL4Piy2fhNsQ2Z67zglb3OaKWNY+Q
         xIR3mq354W7dpmnFP8nYY/iQ9FaNYZXTNdl+JbkmEHwwLwu5TvDxLkToQFL4ep/eaTtJ
         rZZC/8IwA+IXs2o/wIsSJvmrswBae2fqUfX+Uoj0BfrfPI3WAmhtoq5TDHFkiaDuHHuh
         d9tA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-transfer-encoding
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dkim-signature:dkim-filter;
        bh=PtoDzmpopQFbgY2xTih9vlGwSqLfSUwf2Sb2AlNYui8=;
        b=YH/9vvXW8NLvibawGMJkBrRqNiX0ZR+RptwcKW0fe7LzJkVkE2I6oYaaEXBc7Ka4c6
         FXOdgImcnCwa2CpIDs3nAvj2nWUnzuRsab/fNHK0dUrnLW/XQ6lrAdjw1K8nprlyiIyG
         GS+6mMrikfqjFWrYyv3yDDzsReOFs/KHyEGA3AyRsTnxnsM5TEYEO2UXCAEtPnx9yW0g
         03qL3REPZD9fRPacr1JgthdpGlAzoEOFCUI23j7WQAKrhogDnjPVIhIZuo6+bF+ovUNo
         2HgKHDGo23jWGaPdyr91rxIoXeEnFTQswwcj2Jyk8Y89QmMvwqJHWiDvQom3EuvYlvA4
         L0zw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linux.microsoft.com header.s=default header.b=ZFY4mGZe;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id l18-20020a1709062a9200b006df76385e23si9491056eje.707.2022.03.22.12.19.30;
        Tue, 22 Mar 2022 12:19:55 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linux.microsoft.com header.s=default header.b=ZFY4mGZe;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S239782AbiCVRlL (ORCPT <rfc822;benevolent.opressor@gmail.com>
        + 99 others); Tue, 22 Mar 2022 13:41:11 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47592 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S239787AbiCVRlK (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Tue, 22 Mar 2022 13:41:10 -0400
Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182])
        by lindbergh.monkeyblade.net (Postfix) with ESMTP id 97929888ED;
        Tue, 22 Mar 2022 10:39:39 -0700 (PDT)
Received: from sequoia (162-237-133-238.lightspeed.rcsntx.sbcglobal.net [162.237.133.238])
        by linux.microsoft.com (Postfix) with ESMTPSA id 7A9A520DE47A;
        Tue, 22 Mar 2022 10:39:38 -0700 (PDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 7A9A520DE47A
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com;
        s=default; t=1647970779;
        bh=PtoDzmpopQFbgY2xTih9vlGwSqLfSUwf2Sb2AlNYui8=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=ZFY4mGZeTZxZubHGDUEMEI3uzak1GNiVV7uxJ3M2ACpQgDK88FSTC/razs0NRr/HY
         PumUlS81DS9EPqFCos4W04o1DJ2f9iVq7b1jSbBHiZd/WlYzpRNaqYEKfGYs7Fh/5o
         u6jQlQ1UdFqfPsvtfRoK0djRD0w2yaIzeYoq5Dws=
Date:   Tue, 22 Mar 2022 12:39:32 -0500
From:   Tyler Hicks <tyhicks@linux.microsoft.com>
To:     =?iso-8859-1?Q?Micka=EBl_Sala=FCn?= <mic@digikod.net>
Cc:     Jarkko Sakkinen <jarkko@kernel.org>,
        David Howells <dhowells@redhat.com>,
        "David S . Miller" <davem@davemloft.net>,
        David Woodhouse <dwmw2@infradead.org>,
        Eric Snowberg <eric.snowberg@oracle.com>,
        Paul Moore <paul@paul-moore.com>, keyrings@vger.kernel.org,
        linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
        =?iso-8859-1?Q?Micka=EBl_Sala=FCn?= <mic@linux.microsoft.com>
Subject: Re: [PATCH v2 1/1] certs: Explain the rationale to call panic()
Message-ID: <20220322173932.GB7173@sequoia>
References: <20220322111323.542184-1-mic@digikod.net>
 <20220322111323.542184-2-mic@digikod.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20220322111323.542184-2-mic@digikod.net>
X-Spam-Status: No, score=-19.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_MED,
        SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,
        USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On 2022-03-22 12:13:23, Micka?l Sala?n wrote:
> From: Micka?l Sala?n <mic@linux.microsoft.com>
> 
> The blacklist_init() function calls panic() for memory allocation
> errors.  This change documents the reason why we don't return -ENODEV.
> 
> Suggested-by: Paul Moore <paul@paul-moore.com> [1]
> Requested-by: Jarkko Sakkinen <jarkko@kernel.org> [1]
> Link: https://lore.kernel.org/r/YjeW2r6Wv55Du0bJ@iki.fi [1]
> Reviewed-by: Paul Moore <paul@paul-moore.com>
> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
> Signed-off-by: Micka?l Sala?n <mic@linux.microsoft.com>
> Link: https://lore.kernel.org/r/20220322111323.542184-2-mic@digikod.net

Reviewed-by: Tyler Hicks <tyhicks@linux.microsoft.com>

Tyler

> ---
> 
> Changes since v1:
> * Fix commit subject spelling spotted by David Woodhouse.
> * Reword one sentence as suggested by Paul Moore.
> * Add Reviewed-by Paul Moore.
> * Add Reviewed-by Jarkko Sakkinen.
> ---
>  certs/blacklist.c | 9 +++++++++
>  1 file changed, 9 insertions(+)
> 
> diff --git a/certs/blacklist.c b/certs/blacklist.c
> index 486ce0dd8e9c..25094ea73600 100644
> --- a/certs/blacklist.c
> +++ b/certs/blacklist.c
> @@ -307,6 +307,15 @@ static int restrict_link_for_blacklist(struct key *dest_keyring,
>  
>  /*
>   * Initialise the blacklist
> + *
> + * The blacklist_init() function is registered as an initcall via
> + * device_initcall().  As a result if the blacklist_init() function fails for
> + * any reason the kernel continues to execute.  While cleanly returning -ENODEV
> + * could be acceptable for some non-critical kernel parts, if the blacklist
> + * keyring fails to load it defeats the certificate/key based deny list for
> + * signed modules.  If a critical piece of security functionality that users
> + * expect to be present fails to initialize, panic()ing is likely the right
> + * thing to do.
>   */
>  static int __init blacklist_init(void)
>  {
> -- 
> 2.35.1
>