1 files changed, 20 insertions, 23 deletions
diff --git a/security/keys/permission.c b/security/keys/permission.c
index c35b5229e3cd..57d96363d7f1 100644
--- a/security/keys/permission.c
+++ b/security/keys/permission.c
@@ -87,32 +87,29 @@ EXPORT_SYMBOL(key_task_permission);
 * key_validate - Validate a key.
 * @key: The key to be validated.
 *
- * Check that a key is valid, returning 0 if the key is okay, -EKEYREVOKED if
+ * Check that a key is valid, returning 0 if the key is okay, -ENOKEY if the
- * the key's type has been removed or if the key has been revoked or
+ * key is invalidated, -EKEYREVOKED if the key's type has been removed or if
- * -EKEYEXPIRED if the key has expired.
+ * the key has been revoked or -EKEYEXPIRED if the key has expired.
 */
-int key_validate(struct key *key)
+int key_validate(const struct key *key)
 {
-        struct timespec now;
+        unsigned long flags = key->flags;
-        int ret = 0;
+        if (flags & (1 << KEY_FLAG_INVALIDATED))
-        if (key) {
+                return -ENOKEY;
-                /* check it's still accessible */
-                ret = -EKEYREVOKED;
+        /* check it's still accessible */
-                if (test_bit(KEY_FLAG_REVOKED, &key->flags) ||
+        if (flags & ((1 << KEY_FLAG_REVOKED) |
-                    test_bit(KEY_FLAG_DEAD, &key->flags))
+                     (1 << KEY_FLAG_DEAD)))
-                        goto error;
+                return -EKEYREVOKED;
-                /* check it hasn't expired */
+        /* check it hasn't expired */
-                ret = 0;
+        if (key->expiry) {
-                if (key->expiry) {
+                struct timespec now = current_kernel_time();
-                        now = current_kernel_time();
+                if (now.tv_sec >= key->expiry)
-                        if (now.tv_sec >= key->expiry)
+                        return -EKEYEXPIRED;
-                                ret = -EKEYEXPIRED;
-                }
        }
-error:
+        return 0;
-        return ret;
 }
 EXPORT_SYMBOL(key_validate);

diff --git a/security/keys/permission.c b/security/keys/permission.c index c35b5229e3cd..57d96363d7f1 100644 --- a/security/keys/permission.c +++ b/security/keys/permission.c
@@ -87,32 +87,29 @@ EXPORT_SYMBOL(key_task_permission);
87	* key_validate - Validate a key.	87	* key_validate - Validate a key.
88	* @key: The key to be validated.	88	* @key: The key to be validated.
89	*	89	*
90	* Check that a key is valid, returning 0 if the key is okay, -EKEYREVOKED if	90	* Check that a key is valid, returning 0 if the key is okay, -ENOKEY if the
91	* the key's type has been removed or if the key has been revoked or	91	* key is invalidated, -EKEYREVOKED if the key's type has been removed or if
92	* -EKEYEXPIRED if the key has expired.	92	* the key has been revoked or -EKEYEXPIRED if the key has expired.
93	*/	93	*/
94	int key_validate(struct key *key)	94	int key_validate(const struct key *key)
95	{	95	{
96	struct timespec now;	96	unsigned long flags = key->flags;
97	int ret = 0;	97
98		98	if (flags & (1 << KEY_FLAG_INVALIDATED))
99	if (key) {	99	return -ENOKEY;
100	/* check it's still accessible */	100
101	ret = -EKEYREVOKED;	101	/* check it's still accessible */
102	if (test_bit(KEY_FLAG_REVOKED, &key->flags) \|\|	102	if (flags & ((1 << KEY_FLAG_REVOKED) \|
103	test_bit(KEY_FLAG_DEAD, &key->flags))	103	(1 << KEY_FLAG_DEAD)))
104	goto error;	104	return -EKEYREVOKED;
105		105
106	/* check it hasn't expired */	106	/* check it hasn't expired */
107	ret = 0;	107	if (key->expiry) {
108	if (key->expiry) {	108	struct timespec now = current_kernel_time();
109	now = current_kernel_time();	109	if (now.tv_sec >= key->expiry)
110	if (now.tv_sec >= key->expiry)	110	return -EKEYEXPIRED;
111	ret = -EKEYEXPIRED;
112	}
113	}	111	}
114		112
115	error:	113	return 0;
116	return ret;
117	}	114	}
118	EXPORT_SYMBOL(key_validate);	115	EXPORT_SYMBOL(key_validate);