Re: [PATCH v1 2/2] certs: Remove panic() calls from system_trusted_keyring_init()

From: Mickaël Salaün
Date: Thu Mar 17 2022 - 04:30:36 EST

Next message: Quan Nguyen: "Re: [PATCH v6 1/4] ipmi: ssif_bmc: Add SSIF BMC driver"
Previous message: Ilpo Järvinen: "Re: [PATCH v4 2/5] serial/8250: Use the cache value of the FCR register"
In reply to: Mickaël Salaün: "Re: [PATCH v1 2/2] certs: Remove panic() calls from system_trusted_keyring_init()"
Next in thread: Jarkko Sakkinen: "Re: [PATCH v1 2/2] certs: Remove panic() calls from system_trusted_keyring_init()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 17/03/2022 09:30, Mickaël Salaün wrote:

On 17/03/2022 08:36, Jarkko Sakkinen wrote:

On Fri, Mar 11, 2022 at 06:47:41PM +0100, Mickaël Salaün wrote:

From: Mickaël Salaün <mic@xxxxxxxxxxxxxxxxxxx>

Replace panic() calls from device_initcall(system_trusted_keyring_init)
with proper error handling using -ENODEV.

Suggested-by: Jarkko Sakkinen <jarkko@xxxxxxxxxx> [1]
Link: https://lore.kernel.org/r/Yik0C2t7G272YZ73@xxxxxx [1]
Signed-off-by: Mickaël Salaün <mic@xxxxxxxxxxxxxxxxxxx>
Link: https://lore.kernel.org/r/20220311174741.250424-3-mic@xxxxxxxxxxx
---
certs/system_keyring.c | 26 ++++++++++++++++++++------
1 file changed, 20 insertions(+), 6 deletions(-)

diff --git a/certs/system_keyring.c b/certs/system_keyring.c
index 05b66ce9d1c9..428046a7aa7f 100644
--- a/certs/system_keyring.c
+++ b/certs/system_keyring.c
@@ -148,8 +148,10 @@ static __init int system_trusted_keyring_init(void)
                    KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH),
                    KEY_ALLOC_NOT_IN_QUOTA,
                    NULL, NULL);
-    if (IS_ERR(builtin_trusted_keys))
-        panic("Can't allocate builtin trusted keyring\n");
+    if (IS_ERR(builtin_trusted_keys)) {
+        pr_err("Can't allocate builtin trusted keyring\n");
+        return -ENODEV;
+    }
#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
      secondary_trusted_keys =
@@ -161,14 +163,26 @@ static __init int system_trusted_keyring_init(void)
                    KEY_ALLOC_NOT_IN_QUOTA,
                    get_builtin_and_secondary_restriction(),
                    NULL);
-    if (IS_ERR(secondary_trusted_keys))
-        panic("Can't allocate secondary trusted keyring\n");
+    if (IS_ERR(secondary_trusted_keys)) {
+        pr_err("Can't allocate secondary trusted keyring\n");
+        goto err_secondary;
+    }
-    if (key_link(secondary_trusted_keys, builtin_trusted_keys) < 0)
-        panic("Can't link trusted keyrings\n");
+    if (key_link(secondary_trusted_keys, builtin_trusted_keys) < 0) {
+        pr_err("Can't link trusted keyrings\n");
+        goto err_link;
+    }
#endif
      return 0;
+
+err_link:
+    key_put(secondary_trusted_keys);
+
+err_secondary:
+    key_put(builtin_trusted_keys);
+
+    return -ENODEV;
}
/*
--
2.35.1

Changes make sense to me but you should implement all this to the original
patch set.

Do you mean to squash these two patches together?

You agreed to add this patch on top of the others a few days ago: https://lore.kernel.org/r/f8b1ea77afe8d6698b4a2122254ff8be310412b1.camel@xxxxxxxxxx

What do you think about Paul's concerns?

Next message: Quan Nguyen: "Re: [PATCH v6 1/4] ipmi: ssif_bmc: Add SSIF BMC driver"
Previous message: Ilpo Järvinen: "Re: [PATCH v4 2/5] serial/8250: Use the cache value of the FCR register"
In reply to: Mickaël Salaün: "Re: [PATCH v1 2/2] certs: Remove panic() calls from system_trusted_keyring_init()"
Next in thread: Jarkko Sakkinen: "Re: [PATCH v1 2/2] certs: Remove panic() calls from system_trusted_keyring_init()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]