When a new passphrase key is created, the encrypted blob is always
written to storage. If the write to storage fails the passphrase is
not applied to the NVDIMM. That is all good. The unused key however
is left lingering on the kernel keyring. That blocks subsequent
attempts to add a passphrase key for the same NVDIMM. (presumably
after correcting the storage issue)
Unlink the key from the kernel keyring upon failures in key storage.
Fixes: 86b078b44275 ("ndctl: add passphrase management commands")
Signed-off-by: Alison Schofield <alison.schofi...@intel.com>
---
ndctl/util/keys.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/ndctl/util/keys.c b/ndctl/util/keys.c
index 30cb4c8..dbd622a 100644
--- a/ndctl/util/keys.c
+++ b/ndctl/util/keys.c
@@ -264,6 +264,7 @@ static key_serial_t dimm_create_key(struct ndctl_dimm *dimm,
rc = -errno;
fprintf(stderr, "Unable to open file %s: %s\n",
path, strerror(errno));
+ keyctl_unlink(key, KEY_SPEC_USER_KEYRING);
free(buffer);
return rc;
}
@@ -276,6 +277,7 @@ static key_serial_t dimm_create_key(struct ndctl_dimm *dimm,
rc = -EIO;
fprintf(stderr, "Failed to write to %s: %s\n",
path, strerror(-rc));
+ keyctl_unlink(key, KEY_SPEC_USER_KEYRING);
fclose(fp);
free(buffer);
return rc;
base-commit: 4e646fa490ba4b782afa188dd8818b94c419924e
--
2.25.1
