MODSIGN: Make shash allocation failure fatal

mod_is_hash_blacklisted() currently returns 0 (suceess) if
crypto_alloc_shash() fails.  This should instead be a fatal error,
so unwrap and pass up the error code.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/all/db-mok-keyring
Gbp-Pq: Name modsign-make-shash-allocation-failure-fatal.patch

diff --git a/kernel/module_signing.c b/kernel/module_signing.c
index 18d15c5396e47cbba55b515be4e685f98bd84c68..0eec5082b9f57185d7ddc3ca13d7b869e10aa49c 100644 (file)
--- a/kernel/module_signing.c
+++ b/kernel/module_signing.c
@@ -22,11 +22,13 @@ static int mod_is_hash_blacklisted(const void *mod, size_t verifylen)
        struct shash_desc *desc;
        size_t digest_size, desc_size;
        u8 *digest;
-       int ret = 0;
+       int ret;
 
        tfm = crypto_alloc_shash("sha256", 0, 0);
-       if (IS_ERR(tfm))
+       if (IS_ERR(tfm)) {
+               ret = PTR_ERR(tfm);
                goto error_return;
+       }
 
        desc_size = crypto_shash_descsize(tfm) + sizeof(*desc);
        digest_size = crypto_shash_digestsize(tfm);