1 files changed, 34 insertions, 0 deletions
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index fb767c6cd99f..ddb3e05bc5fc 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -375,6 +375,37 @@ error:
 }
 /*
+ * Invalidate a key.
+ *
+ * The key must be grant the caller Invalidate permission for this to work.
+ * The key and any links to the key will be automatically garbage collected
+ * immediately.
+ *
+ * If successful, 0 is returned.
+ */
+long keyctl_invalidate_key(key_serial_t id)
+{
+        key_ref_t key_ref;
+        long ret;
+        kenter("%d", id);
+        key_ref = lookup_user_key(id, 0, KEY_SEARCH);
+        if (IS_ERR(key_ref)) {
+                ret = PTR_ERR(key_ref);
+                goto error;
+        }
+        key_invalidate(key_ref_to_ptr(key_ref));
+        ret = 0;
+        key_ref_put(key_ref);
+error:
+        kleave(" = %ld", ret);
+        return ret;
+}
+/*
 * Clear the specified keyring, creating an empty process keyring if one of the
 * special keyring IDs is used.
 *
@@ -1622,6 +1653,9 @@ SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3,
                        (unsigned) arg4,
                        (key_serial_t) arg5);
+        case KEYCTL_INVALIDATE:
+                return keyctl_invalidate_key((key_serial_t) arg2);
        default:
                return -EOPNOTSUPP;
        }

diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index fb767c6cd99f..ddb3e05bc5fc 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c
@@ -375,6 +375,37 @@ error:
375	}	375	}
376		376
377	/*	377	/*
		378	* Invalidate a key.
		379	*
		380	* The key must be grant the caller Invalidate permission for this to work.
		381	* The key and any links to the key will be automatically garbage collected
		382	* immediately.
		383	*
		384	* If successful, 0 is returned.
		385	*/
		386	long keyctl_invalidate_key(key_serial_t id)
		387	{
		388	key_ref_t key_ref;
		389	long ret;
		390
		391	kenter("%d", id);
		392
		393	key_ref = lookup_user_key(id, 0, KEY_SEARCH);
		394	if (IS_ERR(key_ref)) {
		395	ret = PTR_ERR(key_ref);
		396	goto error;
		397	}
		398
		399	key_invalidate(key_ref_to_ptr(key_ref));
		400	ret = 0;
		401
		402	key_ref_put(key_ref);
		403	error:
		404	kleave(" = %ld", ret);
		405	return ret;
		406	}
		407
		408	/*
378	* Clear the specified keyring, creating an empty process keyring if one of the	409	* Clear the specified keyring, creating an empty process keyring if one of the
379	* special keyring IDs is used.	410	* special keyring IDs is used.
380	*	411	*
@@ -1622,6 +1653,9 @@ SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3,
1622	(unsigned) arg4,	1653	(unsigned) arg4,
1623	(key_serial_t) arg5);	1654	(key_serial_t) arg5);
1624		1655
		1656	case KEYCTL_INVALIDATE:
		1657	return keyctl_invalidate_key((key_serial_t) arg2);
		1658
1625	default:	1659	default:
1626	return -EOPNOTSUPP;	1660	return -EOPNOTSUPP;
1627	}	1661	}