5 files changed, 27 insertions, 20 deletions
diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt
index 9ede67084f0b..a4c33f1a7c6d 100644
--- a/Documentation/security/keys.txt
+++ b/Documentation/security/keys.txt
@@ -960,14 +960,17 @@ payload contents" for more information.
    the argument will not be parsed.
-(*) Extra references can be made to a key by calling the following function:
+(*) Extra references can be made to a key by calling one of the following
+    functions:
+        struct key *__key_get(struct key *key);
        struct key *key_get(struct key *key);
-    These need to be disposed of by calling key_put() when they've been
+    Keys so references will need to be disposed of by calling key_put() when
-    finished with. The key pointer passed in will be returned. If the pointer
+    they've been finished with.  The key pointer passed in will be returned.
-    is NULL or CONFIG_KEYS is not set then the key will not be dereferenced and
-    no increment will take place.
+    In the case of key_get(), if the pointer is NULL or CONFIG_KEYS is not set
+    then the key will not be dereferenced and no increment will take place.
 (*) A key's serial number can be obtained by calling:
diff --git a/include/linux/key.h b/include/linux/key.h
index d573e820a23d..ef596c7af585 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -219,13 +219,17 @@ extern void key_revoke(struct key *key);
 extern void key_invalidate(struct key *key);
 extern void key_put(struct key *key);
-static inline struct key *key_get(struct key *key)
+static inline struct key *__key_get(struct key *key)
 {
-        if (key)
+        atomic_inc(&key->usage);
-                atomic_inc(&key->usage);
        return key;
 }
+static inline struct key *key_get(struct key *key)
+{
+        return key ? __key_get(key) : key;
+}
 static inline void key_ref_put(key_ref_t key_ref)
 {
        key_put(key_ref_to_ptr(key_ref));
diff --git a/security/keys/key.c b/security/keys/key.c
index 7e6bc396bb23..1e23cc288106 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -644,7 +644,7 @@ found:
        /* this races with key_put(), but that doesn't matter since key_put()
         * doesn't actually change the key
         */
-        atomic_inc(&key->usage);
+        __key_get(key);
 error:
        spin_unlock(&key_serial_lock);
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index b42f2d4f7f83..87eff32b53f4 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -479,7 +479,7 @@ not_this_keyring:
        /* we found a viable match */
 found:
-        atomic_inc(&key->usage);
+        __key_get(key);
        key->last_used_at = ctx->now.tv_sec;
        keyring->last_used_at = ctx->now.tv_sec;
        while (sp > 0)
@@ -573,7 +573,7 @@ key_ref_t __keyring_search_one(key_ref_t keyring_ref,
        return ERR_PTR(-ENOKEY);
 found:
-        atomic_inc(&key->usage);
+        __key_get(key);
        keyring->last_used_at = key->last_used_at =
                current_kernel_time().tv_sec;
        rcu_read_unlock();
@@ -909,7 +909,7 @@ void __key_link(struct key *keyring, struct key *key,
        klist = rcu_dereference_locked_keyring(keyring);
-        atomic_inc(&key->usage);
+        __key_get(key);
        keyring->last_used_at = key->last_used_at =
                current_kernel_time().tv_sec;
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index e68a3e0e7aa0..68548ea6fe01 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -235,7 +235,7 @@ int install_session_keyring_to_cred(struct cred *cred, struct key *keyring)
                if (IS_ERR(keyring))
                        return PTR_ERR(keyring);
        } else {
-                atomic_inc(&keyring->usage);
+                __key_get(keyring);
        }
        /* install the keyring */
@@ -544,7 +544,7 @@ try_again:
                }
                key = ctx.cred->thread_keyring;
-                atomic_inc(&key->usage);
+                __key_get(key);
                key_ref = make_key_ref(key, 1);
                break;
@@ -562,7 +562,7 @@ try_again:
                }
                key = ctx.cred->process_keyring;
-                atomic_inc(&key->usage);
+                __key_get(key);
                key_ref = make_key_ref(key, 1);
                break;
@@ -593,7 +593,7 @@ try_again:
                rcu_read_lock();
                key = rcu_dereference(ctx.cred->session_keyring);
-                atomic_inc(&key->usage);
+                __key_get(key);
                rcu_read_unlock();
                key_ref = make_key_ref(key, 1);
                break;
@@ -606,7 +606,7 @@ try_again:
                }
                key = ctx.cred->user->uid_keyring;
-                atomic_inc(&key->usage);
+                __key_get(key);
                key_ref = make_key_ref(key, 1);
                break;
@@ -618,7 +618,7 @@ try_again:
                }
                key = ctx.cred->user->session_keyring;
-                atomic_inc(&key->usage);
+                __key_get(key);
                key_ref = make_key_ref(key, 1);
                break;
@@ -632,7 +632,7 @@ try_again:
                if (!key)
                        goto error;
-                atomic_inc(&key->usage);
+                __key_get(key);
                key_ref = make_key_ref(key, 1);
                break;
@@ -648,7 +648,7 @@ try_again:
                } else {
                        rka = ctx.cred->request_key_auth->payload.data;
                        key = rka->dest_keyring;
-                        atomic_inc(&key->usage);
+                        __key_get(key);
                }
                up_read(&ctx.cred->request_key_auth->sem);
                if (!key)

diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt index 9ede67084f0b..a4c33f1a7c6d 100644 --- a/Documentation/security/keys.txt +++ b/Documentation/security/keys.txt
@@ -960,14 +960,17 @@ payload contents" for more information.
960	the argument will not be parsed.	960	the argument will not be parsed.
961		961
962		962
963	(*) Extra references can be made to a key by calling the following function:	963	(*) Extra references can be made to a key by calling one of the following
		964	functions:
964		965
		966	struct key __key_get(struct key key);
965	struct key key_get(struct key key);	967	struct key key_get(struct key key);
966		968
967	These need to be disposed of by calling key_put() when they've been	969	Keys so references will need to be disposed of by calling key_put() when
968	finished with. The key pointer passed in will be returned. If the pointer	970	they've been finished with. The key pointer passed in will be returned.
969	is NULL or CONFIG_KEYS is not set then the key will not be dereferenced and	971
970	no increment will take place.	972	In the case of key_get(), if the pointer is NULL or CONFIG_KEYS is not set
		973	then the key will not be dereferenced and no increment will take place.
971		974
972		975
973	(*) A key's serial number can be obtained by calling:	976	(*) A key's serial number can be obtained by calling:


diff --git a/include/linux/key.h b/include/linux/key.h index d573e820a23d..ef596c7af585 100644 --- a/include/linux/key.h +++ b/include/linux/key.h
@@ -219,13 +219,17 @@ extern void key_revoke(struct key *key);
219	extern void key_invalidate(struct key *key);	219	extern void key_invalidate(struct key *key);
220	extern void key_put(struct key *key);	220	extern void key_put(struct key *key);
221		221
222	static inline struct key key_get(struct key key)	222	static inline struct key __key_get(struct key key)
223	{	223	{
224	if (key)	224	atomic_inc(&key->usage);
225	atomic_inc(&key->usage);
226	return key;	225	return key;
227	}	226	}
228		227
		228	static inline struct key key_get(struct key key)
		229	{
		230	return key ? __key_get(key) : key;
		231	}
		232
229	static inline void key_ref_put(key_ref_t key_ref)	233	static inline void key_ref_put(key_ref_t key_ref)
230	{	234	{
231	key_put(key_ref_to_ptr(key_ref));	235	key_put(key_ref_to_ptr(key_ref));


diff --git a/security/keys/key.c b/security/keys/key.c index 7e6bc396bb23..1e23cc288106 100644 --- a/security/keys/key.c +++ b/security/keys/key.c
@@ -644,7 +644,7 @@ found:
644	/* this races with key_put(), but that doesn't matter since key_put()	644	/* this races with key_put(), but that doesn't matter since key_put()
645	* doesn't actually change the key	645	* doesn't actually change the key
646	*/	646	*/
647	atomic_inc(&key->usage);	647	__key_get(key);
648		648
649	error:	649	error:
650	spin_unlock(&key_serial_lock);	650	spin_unlock(&key_serial_lock);


diff --git a/security/keys/keyring.c b/security/keys/keyring.c index b42f2d4f7f83..87eff32b53f4 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c
@@ -479,7 +479,7 @@ not_this_keyring:
479		479
480	/* we found a viable match */	480	/* we found a viable match */
481	found:	481	found:
482	atomic_inc(&key->usage);	482	__key_get(key);
483	key->last_used_at = ctx->now.tv_sec;	483	key->last_used_at = ctx->now.tv_sec;
484	keyring->last_used_at = ctx->now.tv_sec;	484	keyring->last_used_at = ctx->now.tv_sec;
485	while (sp > 0)	485	while (sp > 0)
@@ -573,7 +573,7 @@ key_ref_t __keyring_search_one(key_ref_t keyring_ref,
573	return ERR_PTR(-ENOKEY);	573	return ERR_PTR(-ENOKEY);
574		574
575	found:	575	found:
576	atomic_inc(&key->usage);	576	__key_get(key);
577	keyring->last_used_at = key->last_used_at =	577	keyring->last_used_at = key->last_used_at =
578	current_kernel_time().tv_sec;	578	current_kernel_time().tv_sec;
579	rcu_read_unlock();	579	rcu_read_unlock();
@@ -909,7 +909,7 @@ void __key_link(struct key keyring, struct key key,
909		909
910	klist = rcu_dereference_locked_keyring(keyring);	910	klist = rcu_dereference_locked_keyring(keyring);
911		911
912	atomic_inc(&key->usage);	912	__key_get(key);
913	keyring->last_used_at = key->last_used_at =	913	keyring->last_used_at = key->last_used_at =
914	current_kernel_time().tv_sec;	914	current_kernel_time().tv_sec;
915		915


diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index e68a3e0e7aa0..68548ea6fe01 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c
@@ -235,7 +235,7 @@ int install_session_keyring_to_cred(struct cred cred, struct key keyring)
235	if (IS_ERR(keyring))	235	if (IS_ERR(keyring))
236	return PTR_ERR(keyring);	236	return PTR_ERR(keyring);
237	} else {	237	} else {
238	atomic_inc(&keyring->usage);	238	__key_get(keyring);
239	}	239	}
240		240
241	/* install the keyring */	241	/* install the keyring */
@@ -544,7 +544,7 @@ try_again:
544	}	544	}
545		545
546	key = ctx.cred->thread_keyring;	546	key = ctx.cred->thread_keyring;
547	atomic_inc(&key->usage);	547	__key_get(key);
548	key_ref = make_key_ref(key, 1);	548	key_ref = make_key_ref(key, 1);
549	break;	549	break;
550		550
@@ -562,7 +562,7 @@ try_again:
562	}	562	}
563		563
564	key = ctx.cred->process_keyring;	564	key = ctx.cred->process_keyring;
565	atomic_inc(&key->usage);	565	__key_get(key);
566	key_ref = make_key_ref(key, 1);	566	key_ref = make_key_ref(key, 1);
567	break;	567	break;
568		568
@@ -593,7 +593,7 @@ try_again:
593		593
594	rcu_read_lock();	594	rcu_read_lock();
595	key = rcu_dereference(ctx.cred->session_keyring);	595	key = rcu_dereference(ctx.cred->session_keyring);
596	atomic_inc(&key->usage);	596	__key_get(key);
597	rcu_read_unlock();	597	rcu_read_unlock();
598	key_ref = make_key_ref(key, 1);	598	key_ref = make_key_ref(key, 1);
599	break;	599	break;
@@ -606,7 +606,7 @@ try_again:
606	}	606	}
607		607
608	key = ctx.cred->user->uid_keyring;	608	key = ctx.cred->user->uid_keyring;
609	atomic_inc(&key->usage);	609	__key_get(key);
610	key_ref = make_key_ref(key, 1);	610	key_ref = make_key_ref(key, 1);
611	break;	611	break;
612		612
@@ -618,7 +618,7 @@ try_again:
618	}	618	}
619		619
620	key = ctx.cred->user->session_keyring;	620	key = ctx.cred->user->session_keyring;
621	atomic_inc(&key->usage);	621	__key_get(key);
622	key_ref = make_key_ref(key, 1);	622	key_ref = make_key_ref(key, 1);
623	break;	623	break;
624		624
@@ -632,7 +632,7 @@ try_again:
632	if (!key)	632	if (!key)
633	goto error;	633	goto error;
634		634
635	atomic_inc(&key->usage);	635	__key_get(key);
636	key_ref = make_key_ref(key, 1);	636	key_ref = make_key_ref(key, 1);
637	break;	637	break;
638		638
@@ -648,7 +648,7 @@ try_again:
648	} else {	648	} else {
649	rka = ctx.cred->request_key_auth->payload.data;	649	rka = ctx.cred->request_key_auth->payload.data;
650	key = rka->dest_keyring;	650	key = rka->dest_keyring;
651	atomic_inc(&key->usage);	651	__key_get(key);
652	}	652	}
653	up_read(&ctx.cred->request_key_auth->sem);	653	up_read(&ctx.cred->request_key_auth->sem);
654	if (!key)	654	if (!key)