Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a09003b5 authored Jun 19, 2019 by David Howells

keys: Invalidate used request_key authentication keys

Invalidate used request_key authentication keys rather than revoking them
so that they get cleaned up immediately rather than potentially hanging
around. There doesn't seem any need to keep the revoked keys around.

Signed-off-by: David Howells <dhowells@redhat.com>

parent 504b69eb

security/keys/key.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -459,7 +459,7 @@ static int __key_instantiate_and_link(struct key *key,

		/* disable the authorisation key */
		if (authkey)
		key_revoke(authkey);
		key_invalidate(authkey);

		if (prep->expiry != TIME64_MAX) {
		key->expiry = prep->expiry;
		@@ -616,7 +616,7 @@ int key_reject_and_link(struct key *key,

		/* disable the authorisation key */
		if (authkey)
		key_revoke(authkey);
		key_invalidate(authkey);
		}

		mutex_unlock(&key_construction_mutex);

security/keys/request_key.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -222,7 +222,7 @@ static int construct_key(struct key key, const void callout_info,
		/* check that the actor called complete_request_key() prior to
		* returning an error */
		WARN_ON(ret < 0 &&
		!test_bit(KEY_FLAG_REVOKED, &authkey->flags));
		!test_bit(KEY_FLAG_INVALIDATED, &authkey->flags));

		key_put(authkey);
		kleave(" = %d", ret);