ecryptfs: propagate key errors up at mount time

Mounting with invalid key signatures should probably fail, if they were
specifically requested but not available.

Also fix case checks in process_request_key_err() for the right sign of
the errnos, as spotted by Jan Tluka.

Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Reviewed-by: Jan Tluka <jtluka@redhat.com>
Acked-by: Michael Halcrow <mhalcrow@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

1 files changed, 4 insertions, 5 deletions

diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index e82b457180be..f5b76a331b9c 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -44,15 +44,15 @@ static int process_request_key_err(long err_code)
         int rc = 0;
 
         switch (err_code) {
-        case ENOKEY:
+        case -ENOKEY:
                 ecryptfs_printk(KERN_WARNING, "No key\n");
                 rc = -ENOENT;
                 break;
-        case EKEYEXPIRED:
+        case -EKEYEXPIRED:
                 ecryptfs_printk(KERN_WARNING, "Key expired\n");
                 rc = -ETIME;
                 break;
-        case EKEYREVOKED:
+        case -EKEYREVOKED:
                 ecryptfs_printk(KERN_WARNING, "Key revoked\n");
                 rc = -EINVAL;
                 break;
@@ -963,8 +963,7 @@ int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
         if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
                 printk(KERN_ERR "Could not find key with description: [%s]\n",
                        sig);
-                process_request_key_err(PTR_ERR(*auth_tok_key));
-                rc = -EINVAL;
+                rc = process_request_key_err(PTR_ERR(*auth_tok_key));
                 goto out;
         }
         (*auth_tok) = ecryptfs_get_key_payload_data(*auth_tok_key);