On Tue, 2020-02-11 at 11:14 -0800, Tushar Sugandhi wrote:
> Hi Joe,
Rehi Tushar.
> On 2020-02-10 7:23 p.m., Joe Perches wrote:
> > On Mon, 2020-02-10 at 18:47 -0800, Tushar Sugandhi wrote:
> > > process_buffer_measurement() and ima_alloc_key_entry()
> > > functions do not have log messages for failure conditions.
[]
> > > diff --git a/security/integrity/ima/ima_queue_keys.c b/security/integrity/ima/ima_queue_keys.c
> > []
> > > @@ -90,6 +90,7 @@ static struct ima_key_entry *ima_alloc_key_entry(struct key *keyring,
> > >
> > > out:
> > > if (rc) {
> > > + pr_err("Key entry allocation failed, result: %d\n", rc);
> > > ima_free_key_entry(entry);
> > > entry = NULL;
> > > }
> >
> > Likely the pr_err is unnecessary here as kmalloc, kstrdup
> > and kmemdup all emit a dump_stack() on allocation failure.
> Thanks for pointing out kmalloc, kstrdup, and kmemdup emit a
> dump_stack(). But keeping the above pr_err() will help associate the
> failure with IMA.
> For instance - "dmesg | grep ima:" will include this error.
> Perhaps I should add __func__ here as well.
> And since we are redefining the pr_fmt to prefix module and base names,
> it will help further to pinpoint where exactly the failure is coming from.
The dump_stack is preferred over a single printk message
and the association isn't particularly useful.
> Thanks again. This recommended change certainly makes the code more
> readable. But again, I am not sure if this patchset is the right one for
> this proposed change.
> Perhaps I can create another patchset for the above two recommended
> changes, and only focus on improving logging in this patchset?
Your choice.
