From patchwork Mon Mar 21 17:45:48 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= X-Patchwork-Id: 12787607 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2A9DCC433F5 for ; Mon, 21 Mar 2022 17:45:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1350195AbiCURqf (ORCPT ); Mon, 21 Mar 2022 13:46:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48648 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1347990AbiCURqe (ORCPT ); Mon, 21 Mar 2022 13:46:34 -0400 Received: from smtp-8fab.mail.infomaniak.ch (smtp-8fab.mail.infomaniak.ch [IPv6:2001:1600:3:17::8fab]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E571D3B3F5 for ; Mon, 21 Mar 2022 10:45:08 -0700 (PDT) Received: from smtp-3-0000.mail.infomaniak.ch (unknown [10.4.36.107]) by smtp-2-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4KMhpV75KZzMqBgV; Mon, 21 Mar 2022 18:45:06 +0100 (CET) Received: from localhost (unknown [23.97.221.149]) by smtp-3-0000.mail.infomaniak.ch (Postfix) with ESMTPA id 4KMhpV4lQ6zlhRV4; Mon, 21 Mar 2022 18:45:06 +0100 (CET) From: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= To: Jarkko Sakkinen Cc: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , David Howells , "David S . Miller" , David Woodhouse , Eric Snowberg , Paul Moore , keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= Subject: [PATCH v1 1/1] certs: Explain the rational to call panic() Date: Mon, 21 Mar 2022 18:45:48 +0100 Message-Id: <20220321174548.510516-2-mic@digikod.net> In-Reply-To: <20220321174548.510516-1-mic@digikod.net> References: <20220321174548.510516-1-mic@digikod.net> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: keyrings@vger.kernel.org From: Mickaël Salaün The blacklist_init() function calls panic() for memory allocation errors. This change documents the reason why we don't return -ENODEV. Suggested-by: Paul Moore [1] Requested-by: Jarkko Sakkinen [1] Link: https://lore.kernel.org/r/YjeW2r6Wv55Du0bJ@iki.fi [1] Signed-off-by: Mickaël Salaün Link: https://lore.kernel.org/r/20220321174548.510516-2-mic@digikod.net Reviewed-by: Paul Moore Reviewed-by: Jarkko Sakkinen --- certs/blacklist.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/certs/blacklist.c b/certs/blacklist.c index 486ce0dd8e9c..ac26bcf9b9a5 100644 --- a/certs/blacklist.c +++ b/certs/blacklist.c @@ -307,6 +307,14 @@ static int restrict_link_for_blacklist(struct key *dest_keyring, /* * Initialise the blacklist + * + * The blacklist_init() function is registered as an initcall via + * device_initcall(). As a result the functionality doesn't load and the + * kernel continues on executing. While cleanly returning -ENODEV could be + * acceptable for some non-critical kernel parts, if the blacklist keyring + * fails to load it defeats the certificate/key based deny list for signed + * modules. If a critical piece of security functionality that users expect to + * be present fails to initialize, panic()ing is likely the right thing to do. */ static int __init blacklist_init(void) {