From 8999415e74cdec620bffe41b4fea4fbdf6e0532f Mon Sep 17 00:00:00 2001
From: Ben Hutchings <ben@decadent.org.uk>
Date: Sun, 5 May 2019 13:45:06 +0100
Subject: [PATCH] MODSIGN: Make shash allocation failure fatal

mod_is_hash_blacklisted() currently returns 0 (suceess) if
crypto_alloc_shash() fails.  This should instead be a fatal error,
so unwrap and pass up the error code.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

Gbp-Pq: Topic features/all/db-mok-keyring
Gbp-Pq: Name modsign-make-shash-allocation-failure-fatal.patch
---
 kernel/module_signing.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/kernel/module_signing.c b/kernel/module_signing.c
index 0f041a21f41..5d800f1564b 100644
--- a/kernel/module_signing.c
+++ b/kernel/module_signing.c
@@ -22,11 +22,13 @@ static int mod_is_hash_blacklisted(const void *mod, size_t verifylen)
 	struct shash_desc *desc;
 	size_t digest_size, desc_size;
 	u8 *digest;
-	int ret = 0;
+	int ret;
 
 	tfm = crypto_alloc_shash("sha256", 0, 0);
-	if (IS_ERR(tfm))
+	if (IS_ERR(tfm)) {
+		ret = PTR_ERR(tfm);
 		goto error_return;
+	}
 
 	desc_size = crypto_shash_descsize(tfm) + sizeof(*desc);
 	digest_size = crypto_shash_digestsize(tfm);
-- 
2.30.2