diff options
-rw-r--r-- | security/keys/internal.h | 1 | ||||
-rw-r--r-- | security/keys/process_keys.c | 8 | ||||
-rw-r--r-- | security/keys/request_key.c | 6 | ||||
-rw-r--r-- | security/keys/request_key_auth.c | 2 |
4 files changed, 11 insertions, 6 deletions
diff --git a/security/keys/internal.h b/security/keys/internal.h index d4f1468b9b50..df971feceaf2 100644 --- a/security/keys/internal.h +++ b/security/keys/internal.h @@ -124,6 +124,7 @@ extern key_ref_t search_my_process_keyrings(struct key_type *type, extern key_ref_t search_process_keyrings(struct key_type *type, const void *description, key_match_func_t match, + bool no_state_check, const struct cred *cred); extern struct key *find_keyring_by_name(const char *name, bool skip_perm_check); diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index 42defae1e161..a3410d605849 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c @@ -440,6 +440,7 @@ found: key_ref_t search_process_keyrings(struct key_type *type, const void *description, key_match_func_t match, + bool no_state_check, const struct cred *cred) { struct request_key_auth *rka; @@ -448,7 +449,7 @@ key_ref_t search_process_keyrings(struct key_type *type, might_sleep(); key_ref = search_my_process_keyrings(type, description, match, - false, cred); + no_state_check, cred); if (!IS_ERR(key_ref)) goto found; err = key_ref; @@ -468,7 +469,8 @@ key_ref_t search_process_keyrings(struct key_type *type, rka = cred->request_key_auth->payload.data; key_ref = search_process_keyrings(type, description, - match, rka->cred); + match, no_state_check, + rka->cred); up_read(&cred->request_key_auth->sem); @@ -675,7 +677,7 @@ try_again: /* check to see if we possess the key */ skey_ref = search_process_keyrings(key->type, key, lookup_user_key_possessed, - cred); + true, cred); if (!IS_ERR(skey_ref)) { key_put(key); diff --git a/security/keys/request_key.c b/security/keys/request_key.c index c411f9bb156b..172115b38054 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c @@ -390,7 +390,8 @@ static int construct_alloc_key(struct key_type *type, * waited for locks */ mutex_lock(&key_construction_mutex); - key_ref = search_process_keyrings(type, description, type->match, cred); + key_ref = search_process_keyrings(type, description, type->match, + false, cred); if (!IS_ERR(key_ref)) goto key_already_present; @@ -539,7 +540,8 @@ struct key *request_key_and_link(struct key_type *type, dest_keyring, flags); /* search all the process keyrings for a key */ - key_ref = search_process_keyrings(type, description, type->match, cred); + key_ref = search_process_keyrings(type, description, type->match, + false, cred); if (!IS_ERR(key_ref)) { key = key_ref_to_ptr(key_ref); diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c index 85730d5a5a59..92077de555df 100644 --- a/security/keys/request_key_auth.c +++ b/security/keys/request_key_auth.c @@ -247,7 +247,7 @@ struct key *key_get_instantiation_authkey(key_serial_t target_id) &key_type_request_key_auth, (void *) (unsigned long) target_id, key_get_instantiation_authkey_match, - cred); + false, cred); if (IS_ERR(authkey_ref)) { authkey = ERR_CAST(authkey_ref); |