On Nov 14, 2014, at 6:20 AM, David Howells <dhowells@xxxxxxxxxx> wrote:
> Chuck Lever <chuck.lever@xxxxxxxxxx> wrote:
>
>> - if (ctx->flags & KEYRING_SEARCH_NO_STATE_CHECK)
>> - ctx->flags &= ~KEYRING_SEARCH_DO_STATE_CHECK;
>
> The problem is that this adversely affects keyring cycle checking and
> possession checking. Those absolutely must suppress the state check.
Thanks for the review.
OK, I feared there could be side effects of restoring the original
API contract, but hoped there would not be.
It’s this code:
if (ctx->match_data.lookup_type == KEYRING_SEARCH_LOOKUP_ITERATE ||
keyring_compare_object(keyring, &ctx->index_key)) {
ctx->skipped_ret = 2;
ctx->flags |= KEYRING_SEARCH_DO_STATE_CHECK;
that flips DO_STATE_CHECK back on in some cases, right?
Any suggestions?
--
Chuck Lever
chuck[dot]lever[at]oracle[dot]com
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
