| Message ID | 20210619014056.31907-2-alison.schofield@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [ndctl] ndctl: remove key from kernel keyring if blob storage fails | expand |
diff --git a/ndctl/util/keys.c b/ndctl/util/keys.c index 30cb4c8..dbd622a 100644 --- a/ndctl/util/keys.c +++ b/ndctl/util/keys.c @@ -264,6 +264,7 @@ static key_serial_t dimm_create_key(struct ndctl_dimm *dimm, rc = -errno; fprintf(stderr, "Unable to open file %s: %s\n", path, strerror(errno)); + keyctl_unlink(key, KEY_SPEC_USER_KEYRING); free(buffer); return rc; } @@ -276,6 +277,7 @@ static key_serial_t dimm_create_key(struct ndctl_dimm *dimm, rc = -EIO; fprintf(stderr, "Failed to write to %s: %s\n", path, strerror(-rc)); + keyctl_unlink(key, KEY_SPEC_USER_KEYRING); fclose(fp); free(buffer); return rc;
When a new passphrase key is created, the encrypted blob is always written to storage. If the write to storage fails the passphrase is not applied to the NVDIMM. That is all good. The unused key however is left lingering on the kernel keyring. That blocks subsequent attempts to add a passphrase key for the same NVDIMM. (presumably after correcting the storage issue) Unlink the key from the kernel keyring upon failures in key storage. Fixes: 86b078b44275 ("ndctl: add passphrase management commands") Signed-off-by: Alison Schofield <alison.schofield@intel.com> --- ndctl/util/keys.c | 2 ++ 1 file changed, 2 insertions(+) base-commit: 4e646fa490ba4b782afa188dd8818b94c419924e