diff options
author | Sergey Shtylyov <s.shtylyov@omprussia.ru> | 2020-10-31 21:09:31 +0100 |
---|---|---|
committer | Jessica Yu <jeyu@kernel.org> | 2020-11-04 15:31:28 +0100 |
commit | 10ccd1abb808599a6dc7c9389560016ea3568085 (patch) | |
tree | 6e7e536540f65ff53e742fcb20dd0bface6e2563 /kernel/module.c | |
parent | module: merge repetitive strings in module_sig_check() (diff) | |
download | linux-10ccd1abb808599a6dc7c9389560016ea3568085.tar.xz linux-10ccd1abb808599a6dc7c9389560016ea3568085.zip |
module: avoid *goto*s in module_sig_check()
Let's move the common handling of the non-fatal errors after the *switch*
statement -- this avoids *goto*s inside that *switch*...
Suggested-by: Joe Perches <joe@perches.com>
Reviewed-by: Miroslav Benes <mbenes@suse.cz>
Signed-off-by: Sergey Shtylyov <s.shtylyov@omprussia.ru>
Signed-off-by: Jessica Yu <jeyu@kernel.org>
Diffstat (limited to 'kernel/module.c')
-rw-r--r-- | kernel/module.c | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/kernel/module.c b/kernel/module.c index 0e54d58babac..02b87bc84a42 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -2908,20 +2908,13 @@ static int module_sig_check(struct load_info *info, int flags) */ case -ENODATA: reason = "unsigned module"; - goto decide; + break; case -ENOPKG: reason = "module with unsupported crypto"; - goto decide; + break; case -ENOKEY: reason = "module with unavailable key"; - decide: - if (is_module_sig_enforced()) { - pr_notice("%s: loading of %s is rejected\n", - info->name, reason); - return -EKEYREJECTED; - } - - return security_locked_down(LOCKDOWN_MODULE_SIGNATURE); + break; /* All other errors are fatal, including nomem, unparseable * signatures and signature check failures - even if signatures @@ -2930,6 +2923,13 @@ static int module_sig_check(struct load_info *info, int flags) default: return err; } + + if (is_module_sig_enforced()) { + pr_notice("%s: loading of %s is rejected\n", info->name, reason); + return -EKEYREJECTED; + } + + return security_locked_down(LOCKDOWN_MODULE_SIGNATURE); } #else /* !CONFIG_MODULE_SIG */ static int module_sig_check(struct load_info *info, int flags) |