From: "Mickaël Salaün" <mic@digikod.net>
To: Jarkko Sakkinen <jarkko@kernel.org>
Cc: "Mickaël Salaün" <mic@digikod.net>,
"David Howells" <dhowells@redhat.com>,
"David S . Miller" <davem@davemloft.net>,
"David Woodhouse" <dwmw2@infradead.org>,
"Eric Snowberg" <eric.snowberg@oracle.com>,
"Paul Moore" <paul@paul-moore.com>,
keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org,
"Mickaël Salaün" <mic@linux.microsoft.com>
Subject: [PATCH v1 1/1] certs: Explain the rational to call panic()
Date: Mon, 21 Mar 2022 18:45:48 +0100 [thread overview]
Message-ID: <20220321174548.510516-2-mic@digikod.net> (raw)
In-Reply-To: <20220321174548.510516-1-mic@digikod.net>
From: Mickaël Salaün <mic@linux.microsoft.com>
The blacklist_init() function calls panic() for memory allocation
errors. This change documents the reason why we don't return -ENODEV.
Suggested-by: Paul Moore <paul@paul-moore.com> [1]
Requested-by: Jarkko Sakkinen <jarkko@kernel.org> [1]
Link: https://lore.kernel.org/r/YjeW2r6Wv55Du0bJ@iki.fi [1]
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
Link: https://lore.kernel.org/r/20220321174548.510516-2-mic@digikod.net
---
certs/blacklist.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/certs/blacklist.c b/certs/blacklist.c
index 486ce0dd8e9c..ac26bcf9b9a5 100644
--- a/certs/blacklist.c
+++ b/certs/blacklist.c
@@ -307,6 +307,14 @@ static int restrict_link_for_blacklist(struct key *dest_keyring,
/*
* Initialise the blacklist
+ *
+ * The blacklist_init() function is registered as an initcall via
+ * device_initcall(). As a result the functionality doesn't load and the
+ * kernel continues on executing. While cleanly returning -ENODEV could be
+ * acceptable for some non-critical kernel parts, if the blacklist keyring
+ * fails to load it defeats the certificate/key based deny list for signed
+ * modules. If a critical piece of security functionality that users expect to
+ * be present fails to initialize, panic()ing is likely the right thing to do.
*/
static int __init blacklist_init(void)
{
--
2.35.1
next prev parent reply other threads:[~2022-03-21 17:45 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-21 17:45 [PATCH v1 0/1] Explain panic() calls for keyring initialization Mickaël Salaün
2022-03-21 17:45 ` Mickaël Salaün [this message]
2022-03-21 18:23 ` [PATCH v1 1/1] certs: Explain the rational to call panic() Paul Moore
2022-03-21 23:53 ` Jarkko Sakkinen
2022-03-22 10:54 ` Mickaël Salaün
2022-03-22 10:53 ` Mickaël Salaün
2022-03-21 18:29 ` [PATCH v1 0/1] Explain panic() calls for keyring initialization David Woodhouse
2022-03-22 10:55 ` Mickaël Salaün
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220321174548.510516-2-mic@digikod.net \
--to=mic@digikod.net \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=eric.snowberg@oracle.com \
--cc=jarkko@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mic@linux.microsoft.com \
--cc=paul@paul-moore.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.