1 files changed, 14 insertions, 0 deletions

diff --git a/security/keys/key.c b/security/keys/key.c
index bd9d2670e9c4..08531ad0f252 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -500,6 +500,7 @@ int key_negate_and_link(struct key *key,
                 set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
                 now = current_kernel_time();
                 key->expiry = now.tv_sec + timeout;
+                key_schedule_gc(key->expiry);
 
                 if (test_and_clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags))
                         awaken = 1;
@@ -888,6 +889,9 @@ EXPORT_SYMBOL(key_update);
  */
 void key_revoke(struct key *key)
 {
+        struct timespec now;
+        time_t time;
+
         key_check(key);
 
         /* make sure no one's trying to change or use the key when we mark it
@@ -900,6 +904,14 @@ void key_revoke(struct key *key)
             key->type->revoke)
                 key->type->revoke(key);
 
+        /* set the death time to no more than the expiry time */
+        now = current_kernel_time();
+        time = now.tv_sec;
+        if (key->revoked_at == 0 || key->revoked_at > time) {
+                key->revoked_at = time;
+                key_schedule_gc(key->revoked_at);
+        }
+
         up_write(&key->sem);
 
 } /* end key_revoke() */
@@ -984,6 +996,8 @@ void unregister_key_type(struct key_type *ktype)
         spin_unlock(&key_serial_lock);
         up_write(&key_types_sem);
 
+        key_schedule_gc(0);
+
 } /* end unregister_key_type() */
 
 EXPORT_SYMBOL(unregister_key_type);