keys: Invalidate used request_key authentication keys

Invalidate used request_key authentication keys rather than revoking them so that they get cleaned up immediately rather than potentially hanging around. There doesn't seem any need to keep the revoked keys around. Signed-off-by: David Howells <dhowells@redhat.com>
author: David Howells <dhowells@redhat.com> 2019-06-19 17:10:15 +0200
committer: David Howells <dhowells@redhat.com> 2019-06-19 17:10:15 +0200
commit: a09003b5d7cea71ce4b59e409d5a7158c789e1b4 (patch)
tree: 73413808f4345d629c7e0460cd1b3ad06a7fdcdd /security/keys/key.c
parent: keys: Fix request_key() lack of Link perm check on found key (diff)
download: linux-a09003b5d7cea71ce4b59e409d5a7158c789e1b4.tar.xz
linux-a09003b5d7cea71ce4b59e409d5a7158c789e1b4.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/security/keys/key.c b/security/keys/key.c
index bba71acec886..e792d65c0af8 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -459,7 +459,7 @@ static int __key_instantiate_and_link(struct key *key,
 
 			/* disable the authorisation key */
 			if (authkey)
-				key_revoke(authkey);
+				key_invalidate(authkey);
 
 			if (prep->expiry != TIME64_MAX) {
 				key->expiry = prep->expiry;
@@ -616,7 +616,7 @@ int key_reject_and_link(struct key *key,
 
 		/* disable the authorisation key */
 		if (authkey)
-			key_revoke(authkey);
+			key_invalidate(authkey);
 	}
 
 	mutex_unlock(&key_construction_mutex);
author	David Howells <dhowells@redhat.com>	2019-06-19 17:10:15 +0200
committer	David Howells <dhowells@redhat.com>	2019-06-19 17:10:15 +0200
commit	a09003b5d7cea71ce4b59e409d5a7158c789e1b4 (patch)
tree	73413808f4345d629c7e0460cd1b3ad06a7fdcdd /security/keys/key.c
parent	keys: Fix request_key() lack of Link perm check on found key (diff)
download	linux-a09003b5d7cea71ce4b59e409d5a7158c789e1b4.tar.xz linux-a09003b5d7cea71ce4b59e409d5a7158c789e1b4.zip