Merge remote-tracking branch 'torvalds/master' into perf/core

To pick up fixes and move perf/core forward, minor conflict as perf_evlist__add_dummy() lost its 'perf_' prefix as it operates on a 'struct evlist', not on a 'struct perf_evlist', i.e. its tools/perf/ specific, it is not in libperf. Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
author: Arnaldo Carvalho de Melo <acme@redhat.com> 2020-07-08 13:49:15 -0300
committer: Arnaldo Carvalho de Melo <acme@redhat.com> 2020-07-08 13:49:15 -0300
commit: facbf0b9820f34f14b54f567862b4a96e910f468 (patch)
tree: ee65e875e4167dd903f2745cfbf6b2735fd1cd9e /kernel/kexec_file.c
parent: 19bf119ccfa071b73a54465e8082ab2c8f8c30eb (diff)
parent: dcde237b9b0eb1d19306e6f48c0a4e058907619f (diff)
1 files changed, 6 insertions, 28 deletions
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index bb05fd52de850..09cc78df53c64 100644
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -181,34 +181,19 @@ void kimage_file_post_load_cleanup(struct kimage *image)
 static int
 kimage_validate_signature(struct kimage *image)
 {
-	const char *reason;
 	int ret;
 
 	ret = arch_kexec_kernel_verify_sig(image, image->kernel_buf,
 					   image->kernel_buf_len);
-	switch (ret) {
-	case 0:
-		break;
+	if (ret) {
 
-		/* Certain verification errors are non-fatal if we're not
-		 * checking errors, provided we aren't mandating that there
-		 * must be a valid signature.
-		 */
-	case -ENODATA:
-		reason = "kexec of unsigned image";
-		goto decide;
-	case -ENOPKG:
-		reason = "kexec of image with unsupported crypto";
-		goto decide;
-	case -ENOKEY:
-		reason = "kexec of image with unavailable key";
-	decide:
 		if (IS_ENABLED(CONFIG_KEXEC_SIG_FORCE)) {
-			pr_notice("%s rejected\n", reason);
+			pr_notice("Enforced kernel signature verification failed (%d).\n", ret);
 			return ret;
 		}
 
-		/* If IMA is guaranteed to appraise a signature on the kexec
+		/*
+		 * If IMA is guaranteed to appraise a signature on the kexec
 		 * image, permit it even if the kernel is otherwise locked
 		 * down.
 		 */
@@ -216,17 +201,10 @@ kimage_validate_signature(struct kimage *image)
 		    security_locked_down(LOCKDOWN_KEXEC))
 			return -EPERM;
 
-		return 0;
-
-		/* All other errors are fatal, including nomem, unparseable
-		 * signatures and signature check failures - even if signatures
-		 * aren't required.
-		 */
-	default:
-		pr_notice("kernel signature verification failed (%d).\n", ret);
+		pr_debug("kernel signature verification failed (%d).\n", ret);
 	}
 
-	return ret;
+	return 0;
 }
 #endif
author	Arnaldo Carvalho de Melo <acme@redhat.com>	2020-07-08 13:49:15 -0300
committer	Arnaldo Carvalho de Melo <acme@redhat.com>	2020-07-08 13:49:15 -0300
commit	facbf0b9820f34f14b54f567862b4a96e910f468 (patch)
tree	ee65e875e4167dd903f2745cfbf6b2735fd1cd9e /kernel/kexec_file.c
parent	19bf119ccfa071b73a54465e8082ab2c8f8c30eb (diff)
parent	dcde237b9b0eb1d19306e6f48c0a4e058907619f (diff)