From 2d62e0d70f99987e98fedec648a10a286000eab0 Mon Sep 17 00:00:00 2001 From: Laura Abbott Date: Mon, 11 Mar 2019 13:35:25 -0700 Subject: Linux v5.0.1 rebase --- ...rt_list-not-complain-about-cert-lists-tha.patch | 49 ++++++++++------------ 1 file changed, 22 insertions(+), 27 deletions(-) (limited to '0001-Make-get_cert_list-not-complain-about-cert-lists-tha.patch') diff --git a/0001-Make-get_cert_list-not-complain-about-cert-lists-tha.patch b/0001-Make-get_cert_list-not-complain-about-cert-lists-tha.patch index 6e8a2e039..34934a970 100644 --- a/0001-Make-get_cert_list-not-complain-about-cert-lists-tha.patch +++ b/0001-Make-get_cert_list-not-complain-about-cert-lists-tha.patch @@ -6,27 +6,27 @@ Subject: [PATCH 1/3] Make get_cert_list() not complain about cert lists that Signed-off-by: Peter Jones --- - certs/load_uefi.c | 37 ++++++++++++++++++++++--------------- + security/integrity/platform_certs/load_uefi.c | 37 ++++++++++++++++++++++--------------- 1 file changed, 22 insertions(+), 15 deletions(-) -diff --git a/certs/load_uefi.c b/certs/load_uefi.c -index 3d884598601..9ef34c44fd1 100644 ---- a/certs/load_uefi.c -+++ b/certs/load_uefi.c -@@ -35,8 +35,8 @@ static __init bool uefi_check_ignore_db(void) +diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c +index 81b19c52832b..e188f3ecbce3 100644 +--- a/security/integrity/platform_certs/load_uefi.c ++++ b/security/integrity/platform_certs/load_uefi.c +@@ -38,8 +38,8 @@ static __init bool uefi_check_ignore_db(void) /* * Get a certificate list blob from the named EFI variable. */ -static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, - unsigned long *size) +static __init int get_cert_list(efi_char16_t *name, efi_guid_t *guid, -+ unsigned long *size, void **cert_list) ++ unsigned long *size , void **cert_list) { efi_status_t status; unsigned long lsize = 4; -@@ -44,26 +44,33 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, +@@ -47,24 +47,31 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, void *db; - + status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb); + if (status == EFI_NOT_FOUND) { + *size = 0; @@ -39,14 +39,12 @@ index 3d884598601..9ef34c44fd1 100644 - return NULL; + return efi_status_to_err(status); } - + db = kmalloc(lsize, GFP_KERNEL); - if (!db) { - pr_err("Couldn't allocate memory for uefi cert list\n"); + if (!db) - return NULL; + return -ENOMEM; - } - + status = efi.get_variable(name, guid, NULL, &lsize, db); if (status != EFI_SUCCESS) { kfree(db); @@ -54,15 +52,15 @@ index 3d884598601..9ef34c44fd1 100644 - return NULL; + return efi_status_to_err(status); } - + *size = lsize; - return db; + *cert_list = db; + return 0; } - + /* -@@ -152,10 +159,10 @@ static int __init load_uefi_certs(void) +@@ -153,10 +160,10 @@ static int __init load_uefi_certs(void) * an error if we can't get them. */ if (!uefi_check_ignore_db()) { @@ -74,36 +72,33 @@ index 3d884598601..9ef34c44fd1 100644 - } else { + } else if (dbsize != 0) { rc = parse_efi_signature_list("UEFI:db", - db, dbsize, get_handler_for_db); + db, dbsize, get_handler_for_db); if (rc) -@@ -164,10 +171,10 @@ static int __init load_uefi_certs(void) +@@ -166,10 +173,10 @@ static int __init load_uefi_certs(void) } } - + - mok = get_cert_list(L"MokListRT", &mok_var, &moksize); - if (!mok) { + rc = get_cert_list(L"MokListRT", &mok_var, &moksize, &mok); + if (rc < 0) { - pr_info("MODSIGN: Couldn't get UEFI MokListRT\n"); + pr_info("Couldn't get UEFI MokListRT\n"); - } else { + } else if (moksize != 0) { rc = parse_efi_signature_list("UEFI:MokListRT", mok, moksize, get_handler_for_db); if (rc) -@@ -175,10 +182,10 @@ static int __init load_uefi_certs(void) +@@ -177,10 +184,10 @@ static int __init load_uefi_certs(void) kfree(mok); } - + - dbx = get_cert_list(L"dbx", &secure_var, &dbxsize); - if (!dbx) { + rc = get_cert_list(L"dbx", &secure_var, &dbxsize, &dbx); + if (rc < 0) { - pr_info("MODSIGN: Couldn't get UEFI dbx list\n"); + pr_info("Couldn't get UEFI dbx list\n"); - } else { + } else if (dbxsize != 0) { rc = parse_efi_signature_list("UEFI:dbx", dbx, dbxsize, get_handler_for_dbx); --- -2.15.0 - -- cgit