Re: [RFC PATCH v7 04/16] ipe: add userspace interface
On 11/3/2021 2:42 AM, Roberto Sassu wrote:
>
> +
> +/**
> + * ipe_init_securityfs: Initialize IPE's securityfs tree at fsinit
> + *
> + * Return:
> + * !0 - Error
> + * 0 - OK
> + */
> +static int __init ipe_init_securityfs(void)
> +{
> + int rc = 0;
> + struct ipe_context *ctx = NULL;
> +
> + ctx = ipe_current_ctx();
Hi Deven
the instruction above should be executed only if IPE LSM is
enabled. Otherwise, the kernel panics due to the illegal access
to the security blob of the task.
I see. I mistakenly assumed that failure in the LSM init would cause
a kernel panic (as the system is now booting without a potentially
required security component) as opposed to just disabling the LSM
and emitting a warning.
Easy fix for v8.
Thanks for pointing it out.