KEYS: keyring_serialise_link_sem is only needed for keyring->keyring links

keyring_serialise_link_sem is only needed for keyring->keyring links as it's
used to prevent cycle detection from being avoided by parallel keyring
additions.

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>

1 files changed, 9 insertions, 7 deletions

diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index 2fb2bc9712ae..29de5ee3457b 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -705,13 +705,14 @@ int __key_link(struct key *keyring, struct key *key)
         if (keyring->type != &key_type_keyring)
                 goto error;
 
-        /* serialise link/link calls to prevent parallel calls causing a
-         * cycle when applied to two keyring in opposite orders */
-        down_write(&keyring_serialise_link_sem);
-
-        /* check that we aren't going to create a cycle adding one keyring to
-         * another */
+        /* do some special keyring->keyring link checks */
         if (key->type == &key_type_keyring) {
+                /* serialise link/link calls to prevent parallel calls causing
+                 * a cycle when applied to two keyring in opposite orders */
+                down_write(&keyring_serialise_link_sem);
+
+                /* check that we aren't going to create a cycle adding one
+                 * keyring to another */
                 ret = keyring_detect_cycle(keyring, key);
                 if (ret < 0)
                         goto error2;
@@ -814,7 +815,8 @@ int __key_link(struct key *keyring, struct key *key)
 done:
         ret = 0;
 error2:
-        up_write(&keyring_serialise_link_sem);
+        if (key->type == &key_type_keyring)
+                up_write(&keyring_serialise_link_sem);
 error:
         return ret;