Remove extraneous code that used to expect nvdimm_get_and_verify_key() to return NULL when there's no kernel key. We want to enforce the behavior that when there is no kernel key we should fail security ops.
Signed-off-by: Dave Jiang <[email protected]> --- drivers/nvdimm/security.c | 35 ++++------------------------------- 1 file changed, 4 insertions(+), 31 deletions(-) diff --git a/drivers/nvdimm/security.c b/drivers/nvdimm/security.c index f9ca1575012e..7b5d7c77514d 100644 --- a/drivers/nvdimm/security.c +++ b/drivers/nvdimm/security.c @@ -135,7 +135,6 @@ int nvdimm_security_erase(struct nvdimm *nvdimm, unsigned int keyid) struct key *key; struct user_key_payload *payload; struct device *dev = &nvdimm->dev; - bool is_userkey = false; if (!nvdimm->security_ops) return -EOPNOTSUPP; @@ -161,18 +160,6 @@ int nvdimm_security_erase(struct nvdimm *nvdimm, unsigned int keyid) rc = PTR_ERR(key); goto out; } - if (!key) { - dev_dbg(dev, "No cached key found\n"); - /* get old user key */ - key = nvdimm_lookup_user_key(dev, keyid); - if (!key) { - dev_dbg(dev, "Unable to retrieve user key: %#x\n", - keyid); - rc = -ENOKEY; - goto out; - } - is_userkey = true; - } down_read(&key->sem); payload = key->payload.data[0]; @@ -181,10 +168,8 @@ int nvdimm_security_erase(struct nvdimm *nvdimm, unsigned int keyid) up_read(&key->sem); /* remove key since secure erase kills the passphrase */ - if (!is_userkey) { - key_invalidate(key); - nvdimm->key = NULL; - } + key_invalidate(key); + nvdimm->key = NULL; key_put(key); out: @@ -218,7 +203,6 @@ int nvdimm_security_disable(struct nvdimm *nvdimm, unsigned int keyid) struct key *key; struct user_key_payload *payload; struct device *dev = &nvdimm->dev; - bool is_userkey = false; if (!nvdimm->security_ops) return -EOPNOTSUPP; @@ -233,15 +217,6 @@ int nvdimm_security_disable(struct nvdimm *nvdimm, unsigned int keyid) mutex_unlock(&nvdimm->key_mutex); return PTR_ERR(key); } - if (!key) { - /* get old user key */ - key = nvdimm_lookup_user_key(dev, keyid); - if (!key) { - mutex_unlock(&nvdimm->key_mutex); - return -ENOKEY; - } - is_userkey = true; - } down_read(&key->sem); payload = key->payload.data[0]; @@ -255,10 +230,8 @@ int nvdimm_security_disable(struct nvdimm *nvdimm, unsigned int keyid) } /* If we succeed then remove the key */ - if (!is_userkey) { - key_invalidate(key); - nvdimm->key = NULL; - } + key_invalidate(key); + nvdimm->key = NULL; key_put(key); out: _______________________________________________ Linux-nvdimm mailing list [email protected] https://lists.01.org/mailman/listinfo/linux-nvdimm
