|
|
5b2885 |
From 29c11483101b460869a5e0dba1f425073862127d Mon Sep 17 00:00:00 2001
|
|
|
5b2885 |
From: Peter Jones <pjones@redhat.com>
|
|
|
5b2885 |
Date: Thu, 31 Jan 2019 13:45:30 -0500
|
|
|
5b2885 |
Subject: [PATCH 3/3] mok: consolidate mirroring code in a helper instead of
|
|
|
5b2885 |
using goto
|
|
|
5b2885 |
|
|
|
5b2885 |
There's no reason to complicate the logic with a goto here, instead just
|
|
|
5b2885 |
pull the logic we're jumping to out to a helper function.
|
|
|
5b2885 |
|
|
|
5b2885 |
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
|
5b2885 |
---
|
|
|
5b2885 |
mok.c | 41 ++++++++++++++++++++++++++++-------------
|
|
|
5b2885 |
shim.h | 2 ++
|
|
|
5b2885 |
2 files changed, 30 insertions(+), 13 deletions(-)
|
|
|
5b2885 |
|
|
|
5b2885 |
diff --git a/mok.c b/mok.c
|
|
|
5b2885 |
index 41925abbb49..2f495e6cf25 100644
|
|
|
5b2885 |
--- a/mok.c
|
|
|
5b2885 |
+++ b/mok.c
|
|
|
5b2885 |
@@ -130,7 +130,8 @@ struct mok_state_variable mok_state_variables[] = {
|
|
|
5b2885 |
{ NULL, }
|
|
|
5b2885 |
};
|
|
|
5b2885 |
|
|
|
5b2885 |
-static EFI_STATUS mirror_one_mok_variable(struct mok_state_variable *v)
|
|
|
5b2885 |
+static EFI_STATUS nonnull(1)
|
|
|
5b2885 |
+mirror_one_mok_variable(struct mok_state_variable *v)
|
|
|
5b2885 |
{
|
|
|
5b2885 |
EFI_STATUS efi_status = EFI_SUCCESS;
|
|
|
5b2885 |
void *FullData = NULL;
|
|
|
5b2885 |
@@ -196,6 +197,29 @@ static EFI_STATUS mirror_one_mok_variable(struct mok_state_variable *v)
|
|
|
5b2885 |
return efi_status;
|
|
|
5b2885 |
}
|
|
|
5b2885 |
|
|
|
5b2885 |
+/*
|
|
|
5b2885 |
+ * Mirror a variable if it has an rtname, and preserve any
|
|
|
5b2885 |
+ * EFI_SECURITY_VIOLATION status at the same time.
|
|
|
5b2885 |
+ */
|
|
|
5b2885 |
+static EFI_STATUS nonnull(1)
|
|
|
5b2885 |
+maybe_mirror_one_mok_variable(struct mok_state_variable *v, EFI_STATUS ret)
|
|
|
5b2885 |
+{
|
|
|
5b2885 |
+ EFI_STATUS efi_status;
|
|
|
5b2885 |
+ if (v->rtname) {
|
|
|
5b2885 |
+ if (v->flags & MOK_MIRROR_DELETE_FIRST)
|
|
|
5b2885 |
+ LibDeleteVariable(v->rtname, v->guid);
|
|
|
5b2885 |
+
|
|
|
5b2885 |
+ efi_status = mirror_one_mok_variable(v);
|
|
|
5b2885 |
+ if (EFI_ERROR(efi_status)) {
|
|
|
5b2885 |
+ if (ret != EFI_SECURITY_VIOLATION)
|
|
|
5b2885 |
+ ret = efi_status;
|
|
|
5b2885 |
+ perror(L"Could not create %s: %r\n", v->rtname,
|
|
|
5b2885 |
+ efi_status);
|
|
|
5b2885 |
+ }
|
|
|
5b2885 |
+ }
|
|
|
5b2885 |
+ return ret;
|
|
|
5b2885 |
+}
|
|
|
5b2885 |
+
|
|
|
5b2885 |
/*
|
|
|
5b2885 |
* Verify our non-volatile MoK state. This checks the variables above
|
|
|
5b2885 |
* accessable and have valid attributes. If they don't, it removes
|
|
|
5b2885 |
@@ -232,7 +256,7 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
|
|
|
5b2885 |
*v->guid, &attrs);
|
|
|
5b2885 |
if (efi_status == EFI_NOT_FOUND) {
|
|
|
5b2885 |
if (addend)
|
|
|
5b2885 |
- goto mirror_addend;
|
|
|
5b2885 |
+ ret = maybe_mirror_one_mok_variable(v, ret);
|
|
|
5b2885 |
/*
|
|
|
5b2885 |
* after possibly adding, we can continue, no
|
|
|
5b2885 |
* further checks to be done.
|
|
|
5b2885 |
@@ -312,16 +336,8 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
|
|
|
5b2885 |
}
|
|
|
5b2885 |
}
|
|
|
5b2885 |
|
|
|
5b2885 |
-mirror_addend:
|
|
|
5b2885 |
- if (v->rtname && (present || addend)) {
|
|
|
5b2885 |
- if (v->flags & MOK_MIRROR_DELETE_FIRST)
|
|
|
5b2885 |
- LibDeleteVariable(v->rtname, v->guid);
|
|
|
5b2885 |
-
|
|
|
5b2885 |
- efi_status = mirror_one_mok_variable(v);
|
|
|
5b2885 |
- if (EFI_ERROR(efi_status) &&
|
|
|
5b2885 |
- ret != EFI_SECURITY_VIOLATION)
|
|
|
5b2885 |
- ret = efi_status;
|
|
|
5b2885 |
- }
|
|
|
5b2885 |
+ if (present)
|
|
|
5b2885 |
+ ret = maybe_mirror_one_mok_variable(v, ret);
|
|
|
5b2885 |
}
|
|
|
5b2885 |
|
|
|
5b2885 |
/*
|
|
|
5b2885 |
@@ -340,4 +356,4 @@ mirror_addend:
|
|
|
5b2885 |
return ret;
|
|
|
5b2885 |
}
|
|
|
5b2885 |
|
|
|
5b2885 |
-// vim:fenc=utf-8:tw=75
|
|
|
5b2885 |
+// vim:fenc=utf-8:tw=75:noet
|
|
|
5b2885 |
diff --git a/shim.h b/shim.h
|
|
|
5b2885 |
index 2b359d821e3..c26d5f06538 100644
|
|
|
5b2885 |
--- a/shim.h
|
|
|
5b2885 |
+++ b/shim.h
|
|
|
5b2885 |
@@ -30,6 +30,8 @@
|
|
|
5b2885 |
|
|
|
5b2885 |
#include <stddef.h>
|
|
|
5b2885 |
|
|
|
5b2885 |
+#define nonnull(...) __attribute__((__nonnull__(__VA_ARGS__)))
|
|
|
5b2885 |
+
|
|
|
5b2885 |
#define min(a, b) ({(a) < (b) ? (a) : (b);})
|
|
|
5b2885 |
|
|
|
5b2885 |
#ifdef __x86_64__
|
|
|
5b2885 |
--
|
|
|
5b2885 |
2.20.1
|
|
|
5b2885 |
|