selftests: pidfd: skip test if unshare fails with EPERM

[linux-2.6-microblaze.git] / kernel / kexec_file.c
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c

index bb05fd5..09cc78d 100644 (file)
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -181,34 +181,19 @@ void kimage_file_post_load_cleanup(struct kimage *image)
  static int
  kimage_validate_signature(struct kimage *image)
  {
-       const char *reason;
         int ret;
  
         ret = arch_kexec_kernel_verify_sig(image, image->kernel_buf,
                                            image->kernel_buf_len);
-       switch (ret) {
-       case 0:
-               break;
+       if (ret) {
  
-               /* Certain verification errors are non-fatal if we're not
-                * checking errors, provided we aren't mandating that there
-                * must be a valid signature.
-                */
-       case -ENODATA:
-               reason = "kexec of unsigned image";
-               goto decide;
-       case -ENOPKG:
-               reason = "kexec of image with unsupported crypto";
-               goto decide;
-       case -ENOKEY:
-               reason = "kexec of image with unavailable key";
-       decide:
                 if (IS_ENABLED(CONFIG_KEXEC_SIG_FORCE)) {
-                       pr_notice("%s rejected\n", reason);
+                       pr_notice("Enforced kernel signature verification failed (%d).\n", ret);
                         return ret;
                 }
  
-               /* If IMA is guaranteed to appraise a signature on the kexec
+               /*
+                * If IMA is guaranteed to appraise a signature on the kexec
                  * image, permit it even if the kernel is otherwise locked
                  * down.
                  */
@@ -216,17 +201,10 @@ kimage_validate_signature(struct kimage *image)
                     security_locked_down(LOCKDOWN_KEXEC))
                         return -EPERM;
  
-               return 0;
-
-               /* All other errors are fatal, including nomem, unparseable
-                * signatures and signature check failures - even if signatures
-                * aren't required.
-                */
-       default:
-               pr_notice("kernel signature verification failed (%d).\n", ret);
+               pr_debug("kernel signature verification failed (%d).\n", ret);
         }
  
-       return ret;
+       return 0;
  }
  #endif