From 29c11483101b460869a5e0dba1f425073862127d Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Thu, 31 Jan 2019 13:45:30 -0500 Subject: [PATCH 3/3] mok: consolidate mirroring code in a helper instead of using goto There's no reason to complicate the logic with a goto here, instead just pull the logic we're jumping to out to a helper function. Signed-off-by: Peter Jones --- mok.c | 41 ++++++++++++++++++++++++++++------------- shim.h | 2 ++ 2 files changed, 30 insertions(+), 13 deletions(-) diff --git a/mok.c b/mok.c index 41925abbb49..2f495e6cf25 100644 --- a/mok.c +++ b/mok.c @@ -130,7 +130,8 @@ struct mok_state_variable mok_state_variables[] = { { NULL, } }; -static EFI_STATUS mirror_one_mok_variable(struct mok_state_variable *v) +static EFI_STATUS nonnull(1) +mirror_one_mok_variable(struct mok_state_variable *v) { EFI_STATUS efi_status = EFI_SUCCESS; void *FullData = NULL; @@ -196,6 +197,29 @@ static EFI_STATUS mirror_one_mok_variable(struct mok_state_variable *v) return efi_status; } +/* + * Mirror a variable if it has an rtname, and preserve any + * EFI_SECURITY_VIOLATION status at the same time. + */ +static EFI_STATUS nonnull(1) +maybe_mirror_one_mok_variable(struct mok_state_variable *v, EFI_STATUS ret) +{ + EFI_STATUS efi_status; + if (v->rtname) { + if (v->flags & MOK_MIRROR_DELETE_FIRST) + LibDeleteVariable(v->rtname, v->guid); + + efi_status = mirror_one_mok_variable(v); + if (EFI_ERROR(efi_status)) { + if (ret != EFI_SECURITY_VIOLATION) + ret = efi_status; + perror(L"Could not create %s: %r\n", v->rtname, + efi_status); + } + } + return ret; +} + /* * Verify our non-volatile MoK state. This checks the variables above * accessable and have valid attributes. If they don't, it removes @@ -232,7 +256,7 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle) *v->guid, &attrs); if (efi_status == EFI_NOT_FOUND) { if (addend) - goto mirror_addend; + ret = maybe_mirror_one_mok_variable(v, ret); /* * after possibly adding, we can continue, no * further checks to be done. @@ -312,16 +336,8 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle) } } -mirror_addend: - if (v->rtname && (present || addend)) { - if (v->flags & MOK_MIRROR_DELETE_FIRST) - LibDeleteVariable(v->rtname, v->guid); - - efi_status = mirror_one_mok_variable(v); - if (EFI_ERROR(efi_status) && - ret != EFI_SECURITY_VIOLATION) - ret = efi_status; - } + if (present) + ret = maybe_mirror_one_mok_variable(v, ret); } /* @@ -340,4 +356,4 @@ mirror_addend: return ret; } -// vim:fenc=utf-8:tw=75 +// vim:fenc=utf-8:tw=75:noet diff --git a/shim.h b/shim.h index 2b359d821e3..c26d5f06538 100644 --- a/shim.h +++ b/shim.h @@ -30,6 +30,8 @@ #include +#define nonnull(...) __attribute__((__nonnull__(__VA_ARGS__))) + #define min(a, b) ({(a) < (b) ? (a) : (b);}) #ifdef __x86_64__ -- 2.20.1