summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--security/keys/internal.h1
-rw-r--r--security/keys/process_keys.c8
-rw-r--r--security/keys/request_key.c6
-rw-r--r--security/keys/request_key_auth.c2
4 files changed, 11 insertions, 6 deletions
diff --git a/security/keys/internal.h b/security/keys/internal.h
index d4f1468b9b50..df971feceaf2 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -124,6 +124,7 @@ extern key_ref_t search_my_process_keyrings(struct key_type *type,
extern key_ref_t search_process_keyrings(struct key_type *type,
const void *description,
key_match_func_t match,
+ bool no_state_check,
const struct cred *cred);
extern struct key *find_keyring_by_name(const char *name, bool skip_perm_check);
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index 42defae1e161..a3410d605849 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -440,6 +440,7 @@ found:
key_ref_t search_process_keyrings(struct key_type *type,
const void *description,
key_match_func_t match,
+ bool no_state_check,
const struct cred *cred)
{
struct request_key_auth *rka;
@@ -448,7 +449,7 @@ key_ref_t search_process_keyrings(struct key_type *type,
might_sleep();
key_ref = search_my_process_keyrings(type, description, match,
- false, cred);
+ no_state_check, cred);
if (!IS_ERR(key_ref))
goto found;
err = key_ref;
@@ -468,7 +469,8 @@ key_ref_t search_process_keyrings(struct key_type *type,
rka = cred->request_key_auth->payload.data;
key_ref = search_process_keyrings(type, description,
- match, rka->cred);
+ match, no_state_check,
+ rka->cred);
up_read(&cred->request_key_auth->sem);
@@ -675,7 +677,7 @@ try_again:
/* check to see if we possess the key */
skey_ref = search_process_keyrings(key->type, key,
lookup_user_key_possessed,
- cred);
+ true, cred);
if (!IS_ERR(skey_ref)) {
key_put(key);
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index c411f9bb156b..172115b38054 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -390,7 +390,8 @@ static int construct_alloc_key(struct key_type *type,
* waited for locks */
mutex_lock(&key_construction_mutex);
- key_ref = search_process_keyrings(type, description, type->match, cred);
+ key_ref = search_process_keyrings(type, description, type->match,
+ false, cred);
if (!IS_ERR(key_ref))
goto key_already_present;
@@ -539,7 +540,8 @@ struct key *request_key_and_link(struct key_type *type,
dest_keyring, flags);
/* search all the process keyrings for a key */
- key_ref = search_process_keyrings(type, description, type->match, cred);
+ key_ref = search_process_keyrings(type, description, type->match,
+ false, cred);
if (!IS_ERR(key_ref)) {
key = key_ref_to_ptr(key_ref);
diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
index 85730d5a5a59..92077de555df 100644
--- a/security/keys/request_key_auth.c
+++ b/security/keys/request_key_auth.c
@@ -247,7 +247,7 @@ struct key *key_get_instantiation_authkey(key_serial_t target_id)
&key_type_request_key_auth,
(void *) (unsigned long) target_id,
key_get_instantiation_authkey_match,
- cred);
+ false, cred);
if (IS_ERR(authkey_ref)) {
authkey = ERR_CAST(authkey_ref);