KEYRING_SEARCH_NO_STATE_CHECK overrides KEYRING_SEARCH_DO_STATE_CHECK because
it's needed for special operations like keyring cycle detection and possession
detection. Fix the header comment to this effect.
Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
---
security/keys/internal.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security/keys/internal.h b/security/keys/internal.h
index b8960c4959a5..9e77e33bf8bc 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -112,8 +112,8 @@ struct keyring_search_context {
const struct cred *cred;
struct key_match_data match_data;
unsigned flags;
-#define KEYRING_SEARCH_NO_STATE_CHECK 0x0001 /* Skip state checks */
-#define KEYRING_SEARCH_DO_STATE_CHECK 0x0002 /* Override NO_STATE_CHECK */
+#define KEYRING_SEARCH_NO_STATE_CHECK 0x0001 /* Skip state checks (overrides DO_STATE_CHECK) */
+#define KEYRING_SEARCH_DO_STATE_CHECK 0x0002 /* Request state checks */
#define KEYRING_SEARCH_NO_UPDATE_TIME 0x0004 /* Don't update times */
#define KEYRING_SEARCH_NO_CHECK_PERM 0x0008 /* Don't check permissions */
#define KEYRING_SEARCH_DETECT_TOO_DEEP 0x0010 /* Give an error on excessive depth */
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
