From 29c11483101b460869a5e0dba1f425073862127d Mon Sep 17 00:00:00 2001

From: Peter Jones <pjones@redhat.com>

Date: Thu, 31 Jan 2019 13:45:30 -0500

Subject: [PATCH 3/3] mok: consolidate mirroring code in a helper instead of

 using goto

There's no reason to complicate the logic with a goto here, instead just

pull the logic we're jumping to out to a helper function.

Signed-off-by: Peter Jones <pjones@redhat.com>

---

 mok.c  | 41 ++++++++++++++++++++++++++++-------------

 shim.h |  2 ++

 2 files changed, 30 insertions(+), 13 deletions(-)

diff --git a/mok.c b/mok.c

index 41925abbb49..2f495e6cf25 100644

--- a/mok.c

+++ b/mok.c

@@ -130,7 +130,8 @@ struct mok_state_variable mok_state_variables[] = {

 	{ NULL, }

 };

-static EFI_STATUS mirror_one_mok_variable(struct mok_state_variable *v)

+static EFI_STATUS nonnull(1)

+mirror_one_mok_variable(struct mok_state_variable *v)

 {

 	EFI_STATUS efi_status = EFI_SUCCESS;

 	void *FullData = NULL;

@@ -196,6 +197,29 @@ static EFI_STATUS mirror_one_mok_variable(struct mok_state_variable *v)

 	return efi_status;

 }

+/*

+ * Mirror a variable if it has an rtname, and preserve any

+ * EFI_SECURITY_VIOLATION status at the same time.

+ */

+static EFI_STATUS nonnull(1)

+maybe_mirror_one_mok_variable(struct mok_state_variable *v, EFI_STATUS ret)

+{

+	EFI_STATUS efi_status;

+	if (v->rtname) {

+		if (v->flags & MOK_MIRROR_DELETE_FIRST)

+			LibDeleteVariable(v->rtname, v->guid);

+

+		efi_status = mirror_one_mok_variable(v);

+		if (EFI_ERROR(efi_status)) {

+			if (ret != EFI_SECURITY_VIOLATION)

+				ret = efi_status;

+			perror(L"Could not create %s: %r\n", v->rtname,

+			       efi_status);

+		}

+	}

+	return ret;

+}

+

 /*

  * Verify our non-volatile MoK state.  This checks the variables above

  * accessable and have valid attributes.  If they don't, it removes

@@ -232,7 +256,7 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)

 					       *v->guid, &attrs);

 		if (efi_status == EFI_NOT_FOUND) {

 			if (addend)

-				goto mirror_addend;

+				ret = maybe_mirror_one_mok_variable(v, ret);

 			/*

 			 * after possibly adding, we can continue, no

 			 * further checks to be done.

@@ -312,16 +336,8 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)

 			}

 		}

-mirror_addend:

-		if (v->rtname && (present || addend)) {

-			if (v->flags & MOK_MIRROR_DELETE_FIRST)

-				LibDeleteVariable(v->rtname, v->guid);

-

-			efi_status = mirror_one_mok_variable(v);

-			if (EFI_ERROR(efi_status) &&

-			    ret != EFI_SECURITY_VIOLATION)

-				ret = efi_status;

-		}

+		if (present)

+			ret = maybe_mirror_one_mok_variable(v, ret);

 	}

 	/*

@@ -340,4 +356,4 @@ mirror_addend:

 	return ret;

 }

-// vim:fenc=utf-8:tw=75

+// vim:fenc=utf-8:tw=75:noet

diff --git a/shim.h b/shim.h

index 2b359d821e3..c26d5f06538 100644

--- a/shim.h

+++ b/shim.h

@@ -30,6 +30,8 @@

 #include <stddef.h>

+#define nonnull(...) __attribute__((__nonnull__(__VA_ARGS__)))

+

 #define min(a, b) ({(a) < (b) ? (a) : (b);})

 #ifdef __x86_64__

-- 

2.20.1