aboutsummaryrefslogtreecommitdiffstats
path: root/security/keys/keyring.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/keys/keyring.c')
-rw-r--r--security/keys/keyring.c14
1 files changed, 8 insertions, 6 deletions
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index 4fa82a8a9c0e..a7e51f793867 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -414,7 +414,7 @@ static void keyring_describe(const struct key *keyring, struct seq_file *m)
414 else 414 else
415 seq_puts(m, "[anon]"); 415 seq_puts(m, "[anon]");
416 416
417 if (key_is_instantiated(keyring)) { 417 if (key_is_positive(keyring)) {
418 if (keyring->keys.nr_leaves_on_tree != 0) 418 if (keyring->keys.nr_leaves_on_tree != 0)
419 seq_printf(m, ": %lu", keyring->keys.nr_leaves_on_tree); 419 seq_printf(m, ": %lu", keyring->keys.nr_leaves_on_tree);
420 else 420 else
@@ -553,7 +553,8 @@ static int keyring_search_iterator(const void *object, void *iterator_data)
553{ 553{
554 struct keyring_search_context *ctx = iterator_data; 554 struct keyring_search_context *ctx = iterator_data;
555 const struct key *key = keyring_ptr_to_key(object); 555 const struct key *key = keyring_ptr_to_key(object);
556 unsigned long kflags = key->flags; 556 unsigned long kflags = READ_ONCE(key->flags);
557 short state = READ_ONCE(key->state);
557 558
558 kenter("{%d}", key->serial); 559 kenter("{%d}", key->serial);
559 560
@@ -565,6 +566,8 @@ static int keyring_search_iterator(const void *object, void *iterator_data)
565 566
566 /* skip invalidated, revoked and expired keys */ 567 /* skip invalidated, revoked and expired keys */
567 if (ctx->flags & KEYRING_SEARCH_DO_STATE_CHECK) { 568 if (ctx->flags & KEYRING_SEARCH_DO_STATE_CHECK) {
569 time_t expiry = READ_ONCE(key->expiry);
570
568 if (kflags & ((1 << KEY_FLAG_INVALIDATED) | 571 if (kflags & ((1 << KEY_FLAG_INVALIDATED) |
569 (1 << KEY_FLAG_REVOKED))) { 572 (1 << KEY_FLAG_REVOKED))) {
570 ctx->result = ERR_PTR(-EKEYREVOKED); 573 ctx->result = ERR_PTR(-EKEYREVOKED);
@@ -572,7 +575,7 @@ static int keyring_search_iterator(const void *object, void *iterator_data)
572 goto skipped; 575 goto skipped;
573 } 576 }
574 577
575 if (key->expiry && ctx->now.tv_sec >= key->expiry) { 578 if (expiry && ctx->now.tv_sec >= expiry) {
576 if (!(ctx->flags & KEYRING_SEARCH_SKIP_EXPIRED)) 579 if (!(ctx->flags & KEYRING_SEARCH_SKIP_EXPIRED))
577 ctx->result = ERR_PTR(-EKEYEXPIRED); 580 ctx->result = ERR_PTR(-EKEYEXPIRED);
578 kleave(" = %d [expire]", ctx->skipped_ret); 581 kleave(" = %d [expire]", ctx->skipped_ret);
@@ -597,9 +600,8 @@ static int keyring_search_iterator(const void *object, void *iterator_data)
597 600
598 if (ctx->flags & KEYRING_SEARCH_DO_STATE_CHECK) { 601 if (ctx->flags & KEYRING_SEARCH_DO_STATE_CHECK) {
599 /* we set a different error code if we pass a negative key */ 602 /* we set a different error code if we pass a negative key */
600 if (kflags & (1 << KEY_FLAG_NEGATIVE)) { 603 if (state < 0) {
601 smp_rmb(); 604 ctx->result = ERR_PTR(state);
602 ctx->result = ERR_PTR(key->reject_error);
603 kleave(" = %d [neg]", ctx->skipped_ret); 605 kleave(" = %d [neg]", ctx->skipped_ret);
604 goto skipped; 606 goto skipped;
605 } 607 }
generated by cgit v1.2.2 (git 2.25.0) at 2025-09-02 19:14:28 -0400