From: SF Markus Elfring <elfring@users.sourceforge.net>
To: keyrings@vger.kernel.org, linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org,
David Howells <dhowells@redhat.com>,
James Morris <james.l.morris@oracle.com>,
Mimi Zohar <zohar@linux.vnet.ibm.com>,
"Serge E. Hallyn" <serge@hallyn.com>
Cc: LKML <linux-kernel@vger.kernel.org>, kernel-janitors@vger.kernel.org
Subject: [PATCH 1/2] KEYS: trusted: Use common error handling code in trusted_update()
Date: Fri, 10 Nov 2017 20:29:16 +0000 [thread overview]
Message-ID: <658d88c1-b29b-cf8c-2ce0-8a2755ec9f33@users.sourceforge.net> (raw)
In-Reply-To: <479805df-edaf-1e9a-57be-d7c4f38e9d31@users.sourceforge.net>
From: Markus Elfring <elfring@users.sourceforge.net>
Date: Fri, 10 Nov 2017 20:50:15 +0100
Adjust jump targets so that a bit of exception handling can be better
reused at the end of this function.
This issue was detected by using the Coccinelle software.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
---
security/keys/trusted.c | 44 ++++++++++++++++++++------------------------
1 file changed, 20 insertions(+), 24 deletions(-)
diff --git a/security/keys/trusted.c b/security/keys/trusted.c
index bd85315cbfeb..fd06d0c5323b 100644
--- a/security/keys/trusted.c
+++ b/security/keys/trusted.c
@@ -1078,30 +1078,18 @@ static int trusted_update(struct key *key, struct key_preparsed_payload *prep)
if (!datablob)
return -ENOMEM;
new_o = trusted_options_alloc();
- if (!new_o) {
- ret = -ENOMEM;
- goto out;
- }
+ if (!new_o)
+ goto e_nomem;
+
new_p = trusted_payload_alloc(key);
- if (!new_p) {
- ret = -ENOMEM;
- goto out;
- }
+ if (!new_p)
+ goto e_nomem;
memcpy(datablob, prep->data, datalen);
datablob[datalen] = '\0';
ret = datablob_parse(datablob, new_p, new_o);
- if (ret != Opt_update) {
- ret = -EINVAL;
- kzfree(new_p);
- goto out;
- }
-
- if (!new_o->keyhandle) {
- ret = -EINVAL;
- kzfree(new_p);
- goto out;
- }
+ if (ret != Opt_update || !new_o->keyhandle)
+ goto e_inval;
/* copy old key values, and reseal with new pcrs */
new_p->migratable = p->migratable;
@@ -1113,23 +1101,31 @@ static int trusted_update(struct key *key, struct key_preparsed_payload *prep)
ret = key_seal(new_p, new_o);
if (ret < 0) {
pr_info("trusted_key: key_seal failed (%d)\n", ret);
- kzfree(new_p);
- goto out;
+ goto free_payload;
}
if (new_o->pcrlock) {
ret = pcrlock(new_o->pcrlock);
if (ret < 0) {
pr_info("trusted_key: pcrlock failed (%d)\n", ret);
- kzfree(new_p);
- goto out;
+ goto free_payload;
}
}
rcu_assign_keypointer(key, new_p);
call_rcu(&p->rcu, trusted_rcu_free);
-out:
+free_data:
kzfree(datablob);
kzfree(new_o);
return ret;
+
+e_nomem:
+ ret = -ENOMEM;
+ goto free_data;
+
+e_inval:
+ ret = -EINVAL;
+free_payload:
+ kzfree(new_p);
+ goto free_data;
}
/*
--
2.15.0
WARNING: multiple messages have this Message-ID (diff)
From: SF Markus Elfring <elfring@users.sourceforge.net>
To: keyrings@vger.kernel.org, linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org,
David Howells <dhowells@redhat.com>,
James Morris <james.l.morris@oracle.com>,
Mimi Zohar <zohar@linux.vnet.ibm.com>,
"Serge E. Hallyn" <serge@hallyn.com>
Cc: LKML <linux-kernel@vger.kernel.org>, kernel-janitors@vger.kernel.org
Subject: [PATCH 1/2] KEYS: trusted: Use common error handling code in trusted_update()
Date: Fri, 10 Nov 2017 21:29:16 +0100 [thread overview]
Message-ID: <658d88c1-b29b-cf8c-2ce0-8a2755ec9f33@users.sourceforge.net> (raw)
In-Reply-To: <479805df-edaf-1e9a-57be-d7c4f38e9d31@users.sourceforge.net>
From: Markus Elfring <elfring@users.sourceforge.net>
Date: Fri, 10 Nov 2017 20:50:15 +0100
Adjust jump targets so that a bit of exception handling can be better
reused at the end of this function.
This issue was detected by using the Coccinelle software.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
---
security/keys/trusted.c | 44 ++++++++++++++++++++------------------------
1 file changed, 20 insertions(+), 24 deletions(-)
diff --git a/security/keys/trusted.c b/security/keys/trusted.c
index bd85315cbfeb..fd06d0c5323b 100644
--- a/security/keys/trusted.c
+++ b/security/keys/trusted.c
@@ -1078,30 +1078,18 @@ static int trusted_update(struct key *key, struct key_preparsed_payload *prep)
if (!datablob)
return -ENOMEM;
new_o = trusted_options_alloc();
- if (!new_o) {
- ret = -ENOMEM;
- goto out;
- }
+ if (!new_o)
+ goto e_nomem;
+
new_p = trusted_payload_alloc(key);
- if (!new_p) {
- ret = -ENOMEM;
- goto out;
- }
+ if (!new_p)
+ goto e_nomem;
memcpy(datablob, prep->data, datalen);
datablob[datalen] = '\0';
ret = datablob_parse(datablob, new_p, new_o);
- if (ret != Opt_update) {
- ret = -EINVAL;
- kzfree(new_p);
- goto out;
- }
-
- if (!new_o->keyhandle) {
- ret = -EINVAL;
- kzfree(new_p);
- goto out;
- }
+ if (ret != Opt_update || !new_o->keyhandle)
+ goto e_inval;
/* copy old key values, and reseal with new pcrs */
new_p->migratable = p->migratable;
@@ -1113,23 +1101,31 @@ static int trusted_update(struct key *key, struct key_preparsed_payload *prep)
ret = key_seal(new_p, new_o);
if (ret < 0) {
pr_info("trusted_key: key_seal failed (%d)\n", ret);
- kzfree(new_p);
- goto out;
+ goto free_payload;
}
if (new_o->pcrlock) {
ret = pcrlock(new_o->pcrlock);
if (ret < 0) {
pr_info("trusted_key: pcrlock failed (%d)\n", ret);
- kzfree(new_p);
- goto out;
+ goto free_payload;
}
}
rcu_assign_keypointer(key, new_p);
call_rcu(&p->rcu, trusted_rcu_free);
-out:
+free_data:
kzfree(datablob);
kzfree(new_o);
return ret;
+
+e_nomem:
+ ret = -ENOMEM;
+ goto free_data;
+
+e_inval:
+ ret = -EINVAL;
+free_payload:
+ kzfree(new_p);
+ goto free_data;
}
/*
--
2.15.0
WARNING: multiple messages have this Message-ID (diff)
From: elfring@users.sourceforge.net (SF Markus Elfring)
To: linux-security-module@vger.kernel.org
Subject: [PATCH 1/2] KEYS: trusted: Use common error handling code in trusted_update()
Date: Fri, 10 Nov 2017 21:29:16 +0100 [thread overview]
Message-ID: <658d88c1-b29b-cf8c-2ce0-8a2755ec9f33@users.sourceforge.net> (raw)
In-Reply-To: <479805df-edaf-1e9a-57be-d7c4f38e9d31@users.sourceforge.net>
From: Markus Elfring <elfring@users.sourceforge.net>
Date: Fri, 10 Nov 2017 20:50:15 +0100
Adjust jump targets so that a bit of exception handling can be better
reused at the end of this function.
This issue was detected by using the Coccinelle software.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
---
security/keys/trusted.c | 44 ++++++++++++++++++++------------------------
1 file changed, 20 insertions(+), 24 deletions(-)
diff --git a/security/keys/trusted.c b/security/keys/trusted.c
index bd85315cbfeb..fd06d0c5323b 100644
--- a/security/keys/trusted.c
+++ b/security/keys/trusted.c
@@ -1078,30 +1078,18 @@ static int trusted_update(struct key *key, struct key_preparsed_payload *prep)
if (!datablob)
return -ENOMEM;
new_o = trusted_options_alloc();
- if (!new_o) {
- ret = -ENOMEM;
- goto out;
- }
+ if (!new_o)
+ goto e_nomem;
+
new_p = trusted_payload_alloc(key);
- if (!new_p) {
- ret = -ENOMEM;
- goto out;
- }
+ if (!new_p)
+ goto e_nomem;
memcpy(datablob, prep->data, datalen);
datablob[datalen] = '\0';
ret = datablob_parse(datablob, new_p, new_o);
- if (ret != Opt_update) {
- ret = -EINVAL;
- kzfree(new_p);
- goto out;
- }
-
- if (!new_o->keyhandle) {
- ret = -EINVAL;
- kzfree(new_p);
- goto out;
- }
+ if (ret != Opt_update || !new_o->keyhandle)
+ goto e_inval;
/* copy old key values, and reseal with new pcrs */
new_p->migratable = p->migratable;
@@ -1113,23 +1101,31 @@ static int trusted_update(struct key *key, struct key_preparsed_payload *prep)
ret = key_seal(new_p, new_o);
if (ret < 0) {
pr_info("trusted_key: key_seal failed (%d)\n", ret);
- kzfree(new_p);
- goto out;
+ goto free_payload;
}
if (new_o->pcrlock) {
ret = pcrlock(new_o->pcrlock);
if (ret < 0) {
pr_info("trusted_key: pcrlock failed (%d)\n", ret);
- kzfree(new_p);
- goto out;
+ goto free_payload;
}
}
rcu_assign_keypointer(key, new_p);
call_rcu(&p->rcu, trusted_rcu_free);
-out:
+free_data:
kzfree(datablob);
kzfree(new_o);
return ret;
+
+e_nomem:
+ ret = -ENOMEM;
+ goto free_data;
+
+e_inval:
+ ret = -EINVAL;
+free_payload:
+ kzfree(new_p);
+ goto free_data;
}
/*
--
2.15.0
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2017-11-10 20:29 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-10 20:28 [PATCH 0/2] security/keys/trusted: Fine-tuning for two function implementations SF Markus Elfring
2017-11-10 20:28 ` SF Markus Elfring
2017-11-10 20:28 ` SF Markus Elfring
2017-11-10 20:29 ` SF Markus Elfring [this message]
2017-11-10 20:29 ` [PATCH 1/2] KEYS: trusted: Use common error handling code in trusted_update() SF Markus Elfring
2017-11-10 20:29 ` SF Markus Elfring
2017-11-10 20:52 ` Julia Lawall
2017-11-10 20:52 ` Julia Lawall
2017-11-10 20:52 ` Julia Lawall
2017-11-11 9:37 ` SF Markus Elfring
2017-11-11 9:37 ` SF Markus Elfring
2017-11-11 9:37 ` SF Markus Elfring
2017-11-10 20:30 ` [PATCH 2/2] KEYS: trusted: Use common error handling code in tpm_unseal() SF Markus Elfring
2017-11-10 20:30 ` SF Markus Elfring
2017-11-10 20:30 ` SF Markus Elfring
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=658d88c1-b29b-cf8c-2ce0-8a2755ec9f33@users.sourceforge.net \
--to=elfring@users.sourceforge.net \
--cc=dhowells@redhat.com \
--cc=james.l.morris@oracle.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.