key = rb_entry(cursor, struct key, serial_node);
cursor = rb_next(cursor);
- if (atomic_read(&key->usage) == 0)
+ if (refcount_read(&key->usage) == 0)
goto found_unreferenced_key;
if (unlikely(gc_state & KEY_GC_REAPING_DEAD_1)) {
set_bit(KEY_FLAG_DEAD, &key->flags);
key->perm = 0;
goto skip_dead_key;
+ } else if (key->type == &key_type_keyring &&
+ key->restrict_link) {
+ goto found_restricted_keyring;
}
}
gc_state |= KEY_GC_REAP_AGAIN;
goto maybe_resched;
+ /* We found a restricted keyring and need to update the restriction if
+ * it is associated with the dead key type.
+ */
+found_restricted_keyring:
+ spin_unlock(&key_serial_lock);
+ keyring_restriction_gc(key, key_gc_dead_keytype);
+ goto maybe_resched;
+
/* We found a keyring and we need to check the payload for links to
* dead or expired keys. We don't flag another reap immediately as we
* have to wait for the old payload to be destroyed by RCU before we