Received: by 2002:a05:6a10:9e8c:0:0:0:0 with SMTP id y12csp2247208pxx; Sat, 31 Oct 2020 13:13:46 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz86k7/KTF6R65cpPyKlSIi9CJv4gs3j0LWE8RzUqJROARF0DAgXatkgz/mRoDSE050QZNr X-Received: by 2002:a17:906:512:: with SMTP id j18mr8684143eja.370.1604175226082; Sat, 31 Oct 2020 13:13:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1604175226; cv=none; d=google.com; s=arc-20160816; b=ZEX+wxeYwNVBVw7e6YXUIUJlFHSJvaTlwUxByYz9InDR5uIJKPOVuSHJXrbHhnQDxd rV9VkAAmwFDXkVWm0LqSciXhlNrRV/eOamUAatkG5Xe3DMUqPxClS6VrNsnMhhhpLHH8 vxChgGKhW04ewxokQ8BLtAA/IvgtdgKZSghlNsyGLyP5KhykwYpYsMV2UxyaPYnh1yDl e+G4yihJdkFAxPN3+iyZsRaz+leheas3gPlAvY1L6K8hqDM/WT09o2lFC4elc7xV+UbE gR4gtyHxB3ersk/Y0gMxxBydUB8QJ6f8UvC927MfSGPjKHF2IrfeKMZlUg2usW0gK45j 6uUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:organization :references:cc:to:from:subject:dkim-filter; bh=4RdBr0BtjKEF3zeT6/LLMV1Mkm63+gUyg3fCE1kUkuQ=; b=LHvHsyGoiKGq9ojwtiMMUy/KnIQW7ZYsT00V8gfmfVmuIJatu9O7epTtLCB3FsJ1Sf QcmBClzkB+ceXWUg8P6Hsuhoo6SXtg20SivnwxMm8/d8KB9MIh49WF6BhYVpyPpTje4n RJGgBcr8+u9tXmxkchnomNsuXWRVBJ/sAQ5/Vx18LMNZa7Oo3p+OW/C3YWBIbXYvr3Xc V/r053ce/2YVXexbOy7ujLC0LfXK11yoxeUMD0vTX5HX73CIOdRp8msaoHUojHWbwMcw xpZw984b5HuDAlER2hGT9oFK6oi0Z2y/sIuSI2LHOS5ad7PUlx1B48k2tCYwgBM9q1Ii NPOA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=omprussia.ru Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f11si7283045edt.426.2020.10.31.13.13.23; Sat, 31 Oct 2020 13:13:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=omprussia.ru Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728593AbgJaUJf (ORCPT + 99 others); Sat, 31 Oct 2020 16:09:35 -0400 Received: from mxout03.lancloud.ru ([89.108.73.187]:52830 "EHLO mxout03.lancloud.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728451AbgJaUJe (ORCPT ); Sat, 31 Oct 2020 16:09:34 -0400 Received: from LanCloud DKIM-Filter: OpenDKIM Filter v2.11.0 mxout03.lancloud.ru E0895206646C Received: from LanCloud Received: from LanCloud Received: from LanCloud Subject: [PATCH v2 2/3] module: avoid *goto*s in module_sig_check() From: Sergey Shtylyov To: Jessica Yu , CC: Joe Perches References: <22e48a3d-06ee-5b8e-6e56-3694871a7c2f@omprussia.ru> Organization: Open Mobile Platform, LLC Message-ID: Date: Sat, 31 Oct 2020 23:09:31 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.3.1 MIME-Version: 1.0 In-Reply-To: <22e48a3d-06ee-5b8e-6e56-3694871a7c2f@omprussia.ru> Content-Type: text/plain; charset="utf-8" Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [213.87.129.247] X-ClientProxiedBy: LFEXT01.lancloud.ru (fd00:f066::141) To LFEX1908.lancloud.ru (fd00:f066::208) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Let's move the common handling of the non-fatal errors after the *switch* statement -- this avoids *goto*s inside that *switch*... Suggested-by: Joe Perches Signed-off-by: Sergey Shtylyov --- Changes in version 2: - new patch. kernel/module.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) Index: linux/kernel/module.c =================================================================== --- linux.orig/kernel/module.c +++ linux/kernel/module.c @@ -2908,20 +2908,13 @@ static int module_sig_check(struct load_ */ case -ENODATA: reason = "unsigned module"; - goto decide; + break; case -ENOPKG: reason = "module with unsupported crypto"; - goto decide; + break; case -ENOKEY: reason = "module with unavailable key"; - decide: - if (is_module_sig_enforced()) { - pr_notice("%s: loading of %s is rejected\n", - info->name, reason); - return -EKEYREJECTED; - } - - return security_locked_down(LOCKDOWN_MODULE_SIGNATURE); + break; /* All other errors are fatal, including nomem, unparseable * signatures and signature check failures - even if signatures @@ -2930,6 +2923,13 @@ static int module_sig_check(struct load_ default: return err; } + + if (is_module_sig_enforced()) { + pr_notice("%s: loading of %s is rejected\n", info->name, reason); + return -EKEYREJECTED; + } + + return security_locked_down(LOCKDOWN_MODULE_SIGNATURE); } #else /* !CONFIG_MODULE_SIG */ static int module_sig_check(struct load_info *info, int flags)