tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

certs: Explain the rationale to call panic()

The blacklist_init() function calls panic() for memory allocation
errors. This change documents the reason why we don't return -ENODEV.

Link: https://lore.kernel.org/r/20220322111323.542184-2-mic@digikod.net
Link: https://lore.kernel.org/r/YjeW2r6Wv55Du0bJ@iki.fi
Suggested-by: Paul Moore <paul@paul-moore.com>
Reviewed-by: Paul Moore <paul@paul-moore.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>

authored by

Mickaël Salaün and committed by
Jarkko Sakkinen 4d997501 6364d106

+9
+9
certs/blacklist.c
··· 307 307 308 308 /* 309 309 * Initialise the blacklist 310 + * 311 + * The blacklist_init() function is registered as an initcall via 312 + * device_initcall(). As a result if the blacklist_init() function fails for 313 + * any reason the kernel continues to execute. While cleanly returning -ENODEV 314 + * could be acceptable for some non-critical kernel parts, if the blacklist 315 + * keyring fails to load it defeats the certificate/key based deny list for 316 + * signed modules. If a critical piece of security functionality that users 317 + * expect to be present fails to initialize, panic()ing is likely the right 318 + * thing to do. 310 319 */ 311 320 static int __init blacklist_init(void) 312 321 {