aboutsummaryrefslogtreecommitdiffstats
path: root/security/keys
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2019-06-19 16:10:15 +0100
committerDavid Howells <dhowells@redhat.com>2019-06-19 16:10:15 +0100
commita09003b5d7cea71ce4b59e409d5a7158c789e1b4 (patch)
tree73413808f4345d629c7e0460cd1b3ad06a7fdcdd /security/keys
parentkeys: Fix request_key() lack of Link perm check on found key (diff)
downloadlinux-dev-a09003b5d7cea71ce4b59e409d5a7158c789e1b4.tar.xz
linux-dev-a09003b5d7cea71ce4b59e409d5a7158c789e1b4.zip
keys: Invalidate used request_key authentication keys
Invalidate used request_key authentication keys rather than revoking them so that they get cleaned up immediately rather than potentially hanging around. There doesn't seem any need to keep the revoked keys around. Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'security/keys')
-rw-r--r--security/keys/key.c4
-rw-r--r--security/keys/request_key.c2
2 files changed, 3 insertions, 3 deletions
diff --git a/security/keys/key.c b/security/keys/key.c
index bba71acec886..e792d65c0af8 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -459,7 +459,7 @@ static int __key_instantiate_and_link(struct key *key,
/* disable the authorisation key */
if (authkey)
- key_revoke(authkey);
+ key_invalidate(authkey);
if (prep->expiry != TIME64_MAX) {
key->expiry = prep->expiry;
@@ -616,7 +616,7 @@ int key_reject_and_link(struct key *key,
/* disable the authorisation key */
if (authkey)
- key_revoke(authkey);
+ key_invalidate(authkey);
}
mutex_unlock(&key_construction_mutex);
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index a6543ed98b1f..244e538d113f 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -222,7 +222,7 @@ static int construct_key(struct key *key, const void *callout_info,
/* check that the actor called complete_request_key() prior to
* returning an error */
WARN_ON(ret < 0 &&
- !test_bit(KEY_FLAG_REVOKED, &authkey->flags));
+ !test_bit(KEY_FLAG_INVALIDATED, &authkey->flags));
key_put(authkey);
kleave(" = %d", ret);