]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blobdiff - security/keys/gc.c
projects / mirror_ubuntu-bionic-kernel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
KEYS: Use structure to capture key restriction function and data
[mirror_ubuntu-bionic-kernel.git] / security / keys / gc.c
diff --git a/security/keys/gc.c b/security/keys/gc.c
index 44789256c88cb36b31400519b7d0854d89c2126e..15b9ddf510e4eaccf0b7c56aa4c99f1e099a4731 100644 (file)
--- a/security/keys/gc.c
+++ b/security/keys/gc.c
@@ -229,6 +229,9 @@ continue_scanning:
                                set_bit(KEY_FLAG_DEAD, &key->flags);
                                key->perm = 0;
                                goto skip_dead_key;
+                       } else if (key->type == &key_type_keyring &&
+                                  key->restrict_link) {
+                               goto found_restricted_keyring;
                        }
                }
 
@@ -334,6 +337,14 @@ found_unreferenced_key:
        gc_state |= KEY_GC_REAP_AGAIN;
        goto maybe_resched;
 
+       /* We found a restricted keyring and need to update the restriction if
+        * it is associated with the dead key type.
+        */
+found_restricted_keyring:
+       spin_unlock(&key_serial_lock);
+       keyring_restriction_gc(key, key_gc_dead_keytype);
+       goto maybe_resched;
+
        /* We found a keyring and we need to check the payload for links to
         * dead or expired keys.  We don't flag another reap immediately as we
         * have to wait for the old payload to be destroyed by RCU before we
ubuntu-bionic-kernel mirror