fs/ecryptfs/keystore.c | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-)
The found_auth_tok variable is no longer needed, as the fact of finding
a token is determined directly by jumping to the found_matching_auth_tok
label inside the loop.
Remove found_auth_tok, simplifying the function logic.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Alexey Velichayshiy <a.velichayshiy@ispras.ru>
---
fs/ecryptfs/keystore.c | 16 +++++-----------
1 file changed, 5 insertions(+), 11 deletions(-)
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index e8494903bb42..0757531df5f9 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -1718,7 +1718,6 @@ int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
struct dentry *ecryptfs_dentry)
{
size_t i = 0;
- size_t found_auth_tok;
size_t next_packet_is_auth_tok_packet;
LIST_HEAD(auth_tok_list);
struct ecryptfs_auth_tok *matching_auth_tok;
@@ -1822,7 +1821,6 @@ int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
* the metadata. There may be several potential matches, but
* just one will be sufficient to decrypt to get the FEK. */
find_next_matching_auth_tok:
- found_auth_tok = 0;
list_for_each_entry(auth_tok_list_item, &auth_tok_list, list) {
candidate_auth_tok = &auth_tok_list_item->auth_tok;
if (unlikely(ecryptfs_verbosity > 0)) {
@@ -1843,17 +1841,13 @@ int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
&matching_auth_tok,
crypt_stat->mount_crypt_stat,
candidate_auth_tok_sig);
- if (!rc) {
- found_auth_tok = 1;
+ if (!rc)
goto found_matching_auth_tok;
- }
- }
- if (!found_auth_tok) {
- ecryptfs_printk(KERN_ERR, "Could not find a usable "
- "authentication token\n");
- rc = -EIO;
- goto out_wipe_list;
}
+ ecryptfs_printk(KERN_ERR, "Could not find a usable "
+ "authentication token\n");
+ rc = -EIO;
+ goto out_wipe_list;
found_matching_auth_tok:
if (candidate_auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) {
memcpy(&(candidate_auth_tok->token.private_key),
--
2.43.0On Sun, 12 Apr 2026 16:50:08 +0300, Alexey Velichayshiy wrote:
> The found_auth_tok variable is no longer needed, as the fact of finding
> a token is determined directly by jumping to the found_matching_auth_tok
> label inside the loop.
>
> Remove found_auth_tok, simplifying the function logic.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> [...]
Thank you! This has been applied to the next branch of the tyhicks/ecryptfs.git tree.
Note that I made a small change by unsplitting the error message that is passed
to ecryptfs_printk().
You can find a direct link below but please be aware that the commit hash is
unstable and, therefore, the URL may not be valid in the future.
[1/1] ecryptfs: remove redundant variable found_auth_tok
https://git.kernel.org/tyhicks/ecryptfs/c/0be6d8f0e111deb765c0bc01c1fe5d9920fe2fcd
Tyler
On 2026-04-20 21:50:58, Tyler Hicks wrote: > On Sun, 12 Apr 2026 16:50:08 +0300, Alexey Velichayshiy wrote: > > The found_auth_tok variable is no longer needed, as the fact of finding > > a token is determined directly by jumping to the found_matching_auth_tok > > label inside the loop. > > > > Remove found_auth_tok, simplifying the function logic. > > > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > > > [...] > > Thank you! This has been applied to the next branch of the tyhicks/ecryptfs.git tree. > > Note that I made a small change by unsplitting the error message that is passed > to ecryptfs_printk(). > > You can find a direct link below but please be aware that the commit hash is > unstable and, therefore, the URL may not be valid in the future. > > [1/1] ecryptfs: remove redundant variable found_auth_tok > https://git.kernel.org/tyhicks/ecryptfs/c/0be6d8f0e111deb765c0bc01c1fe5d9920fe2fcd That link is not correct. The correct link is here: https://git.kernel.org/tyhicks/ecryptfs/c/eb5e768eaf7c5f6274319e2894ceebf0f3cb5750 Tyler
© 2016 - 2026 Red Hat, Inc.