[RFC PATCH v7 04/16] ipe: add userspace interface
Deven Bowers
deven.desai at linux.microsoft.com
Thu Nov 4 16:50:10 UTC 2021
On 11/3/2021 2:42 AM, Roberto Sassu wrote:
>>
>> +
>> +/**
>> + * ipe_init_securityfs: Initialize IPE's securityfs tree at fsinit
>> + *
>> + * Return:
>> + * !0 - Error
>> + * 0 - OK
>> + */
>> +static int __init ipe_init_securityfs(void)
>> +{
>> + int rc = 0;
>> + struct ipe_context *ctx = NULL;
>> +
>> + ctx = ipe_current_ctx();
> Hi Deven
>
> the instruction above should be executed only if IPE LSM is
> enabled. Otherwise, the kernel panics due to the illegal access
> to the security blob of the task.
I see. I mistakenly assumed that failure in the LSM init would cause
a kernel panic (as the system is now booting without a potentially
required security component) as opposed to just disabling the LSM
and emitting a warning.
Easy fix for v8.
Thanks for pointing it out.
More information about the Linux-security-module-archive
mailing list