On Fri, Oct 12, 2018 at 11:24 AM Dave Jiang <[email protected]> wrote: > > Remove extraneous code that used to expect nvdimm_get_and_verify_key() to > return NULL when there's no kernel key. We want to enforce the behavior > that when there is no kernel key we should fail security ops. > > Signed-off-by: Dave Jiang <[email protected]> > --- > drivers/nvdimm/security.c | 35 ++++------------------------------- > 1 file changed, 4 insertions(+), 31 deletions(-) > > diff --git a/drivers/nvdimm/security.c b/drivers/nvdimm/security.c > index f9ca1575012e..7b5d7c77514d 100644 > --- a/drivers/nvdimm/security.c > +++ b/drivers/nvdimm/security.c > @@ -135,7 +135,6 @@ int nvdimm_security_erase(struct nvdimm *nvdimm, unsigned > int keyid) > struct key *key; > struct user_key_payload *payload; > struct device *dev = &nvdimm->dev; > - bool is_userkey = false; > > if (!nvdimm->security_ops) > return -EOPNOTSUPP; > @@ -161,18 +160,6 @@ int nvdimm_security_erase(struct nvdimm *nvdimm, > unsigned int keyid) > rc = PTR_ERR(key); > goto out; > } > - if (!key) { > - dev_dbg(dev, "No cached key found\n"); > - /* get old user key */ > - key = nvdimm_lookup_user_key(dev, keyid); > - if (!key) { > - dev_dbg(dev, "Unable to retrieve user key: %#x\n", > - keyid); > - rc = -ENOKEY; > - goto out; > - } > - is_userkey = true; > - } > > down_read(&key->sem); > payload = key->payload.data[0]; > @@ -181,10 +168,8 @@ int nvdimm_security_erase(struct nvdimm *nvdimm, > unsigned int keyid) > up_read(&key->sem); > > /* remove key since secure erase kills the passphrase */ > - if (!is_userkey) { > - key_invalidate(key); > - nvdimm->key = NULL; > - } > + key_invalidate(key); > + nvdimm->key = NULL; > key_put(key); > > out: > @@ -218,7 +203,6 @@ int nvdimm_security_disable(struct nvdimm *nvdimm, > unsigned int keyid) > struct key *key; > struct user_key_payload *payload; > struct device *dev = &nvdimm->dev; > - bool is_userkey = false; > > if (!nvdimm->security_ops) > return -EOPNOTSUPP; > @@ -233,15 +217,6 @@ int nvdimm_security_disable(struct nvdimm *nvdimm, > unsigned int keyid) > mutex_unlock(&nvdimm->key_mutex); > return PTR_ERR(key); > } > - if (!key) { > - /* get old user key */ > - key = nvdimm_lookup_user_key(dev, keyid); > - if (!key) { > - mutex_unlock(&nvdimm->key_mutex); > - return -ENOKEY; > - } > - is_userkey = true; > - } > > down_read(&key->sem); > payload = key->payload.data[0]; > @@ -255,10 +230,8 @@ int nvdimm_security_disable(struct nvdimm *nvdimm, > unsigned int keyid) > } > > /* If we succeed then remove the key */ > - if (!is_userkey) { > - key_invalidate(key); > - nvdimm->key = NULL; > - } > + key_invalidate(key); > + nvdimm->key = NULL; > key_put(key);
Looks good, perhaps just use the key_destroy() helper here? _______________________________________________ Linux-nvdimm mailing list [email protected] https://lists.01.org/mailman/listinfo/linux-nvdimm
