On Fri, 21 Sep 2018, Kees Cook wrote: > On Fri, Sep 21, 2018 at 5:19 PM, Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > > + * lsm_early_inode - during initialization allocate a composite inode blob > > + * @inode: the inode that needs a blob > > + * > > + * Allocate the inode blob for all the modules if it's not already there > > + */ > > +void lsm_early_inode(struct inode *inode) > > +{ > > + int rc; > > + > > + if (inode == NULL) > > + panic("%s: NULL inode.\n", __func__); > > + if (inode->i_security != NULL) > > + return; > > + rc = lsm_inode_alloc(inode); > > + if (rc) > > + panic("%s: Early inode alloc failed.\n", __func__); > > +} > > I'm still advising against using panic(), but I'll leave it up to James. > Calling panic() is not appropriate here. Perhaps if it was during boot-time initialization of LSM infrastructure, but not on the fly. Use a WARN_ONCE then propagate the error back and fail the operation. -- James Morris <jmorris@xxxxxxxxx>