diff options
author | Sergey Shtylyov <s.shtylyov@omprussia.ru> | 2020-10-31 23:10:28 +0300 |
---|---|---|
committer | Jessica Yu <jeyu@kernel.org> | 2020-11-04 15:31:29 +0100 |
commit | 076aa52e402185e1e347bf5c62c61c6388fce4c7 (patch) | |
tree | 1eba3e721f9aba874a49e23e923023deee146eaf /kernel/module.c | |
parent | 10ccd1abb808599a6dc7c9389560016ea3568085 (diff) | |
download | linux-076aa52e402185e1e347bf5c62c61c6388fce4c7.tar.gz linux-076aa52e402185e1e347bf5c62c61c6388fce4c7.tar.bz2 linux-076aa52e402185e1e347bf5c62c61c6388fce4c7.zip |
module: only handle errors with the *switch* statement in module_sig_check()
Let's handle the successful call of mod_verify_sig() right after that call,
making the *switch* statement only handle the real errors, and then move
the comment from the first *case* before *switch* itself and the comment
before *default* after it. Fix the comment style, add article/comma/dash,
spell out "nomem" as "lack of memory" in these comments, while at it...
Suggested-by: Joe Perches <joe@perches.com>
Reviewed-by: Miroslav Benes <mbenes@suse.cz>
Signed-off-by: Sergey Shtylyov <s.shtylyov@omprussia.ru>
Signed-off-by: Jessica Yu <jeyu@kernel.org>
Diffstat (limited to 'kernel/module.c')
-rw-r--r-- | kernel/module.c | 26 |
1 files changed, 14 insertions, 12 deletions
diff --git a/kernel/module.c b/kernel/module.c index 02b87bc84a42..948d4bbbceb5 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -2895,17 +2895,18 @@ static int module_sig_check(struct load_info *info, int flags) /* We truncate the module to discard the signature */ info->len -= markerlen; err = mod_verify_sig(mod, info); + if (!err) { + info->sig_ok = true; + return 0; + } } + /* + * We don't permit modules to be loaded into the trusted kernels + * without a valid signature on them, but if we're not enforcing, + * certain errors are non-fatal. + */ switch (err) { - case 0: - info->sig_ok = true; - return 0; - - /* We don't permit modules to be loaded into trusted kernels - * without a valid signature on them, but if we're not - * enforcing, certain errors are non-fatal. - */ case -ENODATA: reason = "unsigned module"; break; @@ -2916,11 +2917,12 @@ static int module_sig_check(struct load_info *info, int flags) reason = "module with unavailable key"; break; - /* All other errors are fatal, including nomem, unparseable - * signatures and signature check failures - even if signatures - * aren't required. - */ default: + /* + * All other errors are fatal, including lack of memory, + * unparseable signatures, and signature check failures -- + * even if signatures aren't required. + */ return err; } |