On Fri, 21 Sep 2018, Kees Cook wrote:

On Fri, Sep 21, 2018 at 5:19 PM, Casey Schaufler [off-list ref] wrote:

quoted

+ * lsm_early_inode - during initialization allocate a composite inode blob
+ * @inode: the inode that needs a blob
+ *
+ * Allocate the inode blob for all the modules if it's not already there
+ */
+void lsm_early_inode(struct inode *inode)
+{
+       int rc;
+
+       if (inode == NULL)
+               panic("%s: NULL inode.\n", __func__);
+       if (inode->i_security != NULL)
+               return;
+       rc = lsm_inode_alloc(inode);
+       if (rc)
+               panic("%s: Early inode alloc failed.\n", __func__);
+}

I'm still advising against using panic(), but I'll leave it up to James.

Calling panic() is not appropriate here. Perhaps if it was during 
boot-time initialization of LSM infrastructure, but not on the fly.

Use a WARN_ONCE then propagate the error back and fail the operation.


-- 
James Morris
[off-list ref]