The patch titled
ecryptfs: propagate key errors up at mount time
has been added to the -mm tree. Its filename is
ecryptfs-propagate-key-errors-up-at-mount-time.patch
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/SubmitChecklist when testing your code ***
See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this
The current -mm tree may be found at http://userweb.kernel.org/~akpm/mmotm/
------------------------------------------------------
Subject: ecryptfs: propagate key errors up at mount time
From: Eric Sandeen <sandeen@xxxxxxxxxx>
Mounting with invalid key signatures should probably fail, if they were
specifically requested but not available.
Also fix case checks in process_request_key_err() for the right sign of
the errnos, as spotted by Jan Tluka.
Signed-off-by: Eric Sandeen <sandeen@xxxxxxxxxx>
Reviewed-by: Jan Tluka <jtluka@xxxxxxxxxx>
Acked-by: Michael Halcrow <mhalcrow@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
fs/ecryptfs/keystore.c | 9 ++++-----
fs/ecryptfs/main.c | 4 ++--
2 files changed, 6 insertions(+), 7 deletions(-)
diff -puN fs/ecryptfs/keystore.c~ecryptfs-propagate-key-errors-up-at-mount-time fs/ecryptfs/keystore.c
--- a/fs/ecryptfs/keystore.c~ecryptfs-propagate-key-errors-up-at-mount-time
+++ a/fs/ecryptfs/keystore.c
@@ -44,15 +44,15 @@ static int process_request_key_err(long
int rc = 0;
switch (err_code) {
- case ENOKEY:
+ case -ENOKEY:
ecryptfs_printk(KERN_WARNING, "No key\n");
rc = -ENOENT;
break;
- case EKEYEXPIRED:
+ case -EKEYEXPIRED:
ecryptfs_printk(KERN_WARNING, "Key expired\n");
rc = -ETIME;
break;
- case EKEYREVOKED:
+ case -EKEYREVOKED:
ecryptfs_printk(KERN_WARNING, "Key revoked\n");
rc = -EINVAL;
break;
@@ -963,8 +963,7 @@ int ecryptfs_keyring_auth_tok_for_sig(st
if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
printk(KERN_ERR "Could not find key with description: [%s]\n",
sig);
- process_request_key_err(PTR_ERR(*auth_tok_key));
- rc = -EINVAL;
+ rc = process_request_key_err(PTR_ERR(*auth_tok_key));
goto out;
}
(*auth_tok) = ecryptfs_get_key_payload_data(*auth_tok_key);
diff -puN fs/ecryptfs/main.c~ecryptfs-propagate-key-errors-up-at-mount-time fs/ecryptfs/main.c
--- a/fs/ecryptfs/main.c~ecryptfs-propagate-key-errors-up-at-mount-time
+++ a/fs/ecryptfs/main.c
@@ -248,10 +248,11 @@ static int ecryptfs_init_global_auth_tok
"session keyring for sig specified in mount "
"option: [%s]\n", global_auth_tok->sig);
global_auth_tok->flags |= ECRYPTFS_AUTH_TOK_INVALID;
- rc = 0;
+ goto out;
} else
global_auth_tok->flags &= ~ECRYPTFS_AUTH_TOK_INVALID;
}
+out:
return rc;
}
@@ -416,7 +417,6 @@ static int ecryptfs_parse_options(struct
printk(KERN_WARNING "One or more global auth toks could not "
"properly register; rc = [%d]\n", rc);
}
- rc = 0;
out:
return rc;
}
_
Patches currently in -mm which might be from sandeen@xxxxxxxxxx are
find-dynamic-stack-allocations-in-checkstackpl.patch
fix-checkstackpl-arch-detection.patch
ecryptfs-privileged-kthread-for-lower-file-opens.patch
ecryptfs-propagate-key-errors-up-at-mount-time.patch
--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
