On Tue, 2019-03-19 at 17:20 -0700, Dan Williams wrote: > On Tue, Mar 19, 2019 at 5:07 PM Mimi Zohar <zo...@linux.ibm.com> wrote: > > > > On Mon, 2019-03-18 at 23:06 -0700, Dan Williams wrote: > > > > < snip > > > > > > +/* > > > + * request_trusted_key - request the trusted key > > > + * > > > + * Trusted keys are sealed to PCRs and other metadata. Although userspace > > > + * manages both trusted/encrypted key-types, like the encrypted key type > > > + * data, trusted key type data is not visible decrypted from userspace. > > > + */ > > > +static struct key *request_trusted_key(const char *trusted_desc, > > > + const u8 **master_key, size_t > > > *master_keylen) > > > +{ > > > + struct trusted_key_payload *tpayload; > > > + struct key_type *type; > > > + struct key *tkey; > > > + > > > + type = key_type_lookup("trusted"); > > > > The associated key_type_put() will need to be called. > > Yes.
I don't know if defining a key_type_lookup() wrapper, perhaps named is_key_type_available(), would help. Both key_type_lookup() and key_type_put() would be called. The existing code could then remain the same. Mimi > > > > > > + if (IS_ERR(type)) { > > > + tkey = (struct key *)type; > > > + goto error; > > > + } > > > + tkey = request_key(type, trusted_desc, NULL); > > > + if (IS_ERR(tkey)) > > > + goto error; > > > + > > > + down_read(&tkey->sem); > > > + tpayload = tkey->payload.data[0]; > > > + *master_key = tpayload->key; > > > + *master_keylen = tpayload->key_len; > > > +error: > > > + return tkey; > > > +} > > > + > > _______________________________________________ Linux-nvdimm mailing list Linux-nvdimm@lists.01.org https://lists.01.org/mailman/listinfo/linux-nvdimm