git://ftp.safe.ca
/
safe
/
jmp
/
linux-2.6
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
sysctl security/keys: Remove dead binary sysctl support
[safe/jmp/linux-2.6]
/
security
/
keys
/
key.c
diff --git
a/security/keys/key.c
b/security/keys/key.c
index
3762d5b
..
e50d264
100644
(file)
--- a/
security/keys/key.c
+++ b/
security/keys/key.c
@@
-500,6
+500,7
@@
int key_negate_and_link(struct key *key,
set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
now = current_kernel_time();
key->expiry = now.tv_sec + timeout;
set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
now = current_kernel_time();
key->expiry = now.tv_sec + timeout;
+ key_schedule_gc(key->expiry + key_gc_delay);
if (test_and_clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags))
awaken = 1;
if (test_and_clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags))
awaken = 1;
@@
-888,6
+889,9
@@
EXPORT_SYMBOL(key_update);
*/
void key_revoke(struct key *key)
{
*/
void key_revoke(struct key *key)
{
+ struct timespec now;
+ time_t time;
+
key_check(key);
/* make sure no one's trying to change or use the key when we mark it
key_check(key);
/* make sure no one's trying to change or use the key when we mark it
@@
-900,6
+904,14
@@
void key_revoke(struct key *key)
key->type->revoke)
key->type->revoke(key);
key->type->revoke)
key->type->revoke(key);
+ /* set the death time to no more than the expiry time */
+ now = current_kernel_time();
+ time = now.tv_sec;
+ if (key->revoked_at == 0 || key->revoked_at > time) {
+ key->revoked_at = time;
+ key_schedule_gc(key->revoked_at + key_gc_delay);
+ }
+
up_write(&key->sem);
} /* end key_revoke() */
up_write(&key->sem);
} /* end key_revoke() */
@@
-956,8
+968,10
@@
void unregister_key_type(struct key_type *ktype)
for (_n = rb_first(&key_serial_tree); _n; _n = rb_next(_n)) {
key = rb_entry(_n, struct key, serial_node);
for (_n = rb_first(&key_serial_tree); _n; _n = rb_next(_n)) {
key = rb_entry(_n, struct key, serial_node);
- if (key->type == ktype)
+ if (key->type == ktype)
{
key->type = &key_type_dead;
key->type = &key_type_dead;
+ set_bit(KEY_FLAG_DEAD, &key->flags);
+ }
}
spin_unlock(&key_serial_lock);
}
spin_unlock(&key_serial_lock);
@@
-982,6
+996,8
@@
void unregister_key_type(struct key_type *ktype)
spin_unlock(&key_serial_lock);
up_write(&key_types_sem);
spin_unlock(&key_serial_lock);
up_write(&key_types_sem);
+ key_schedule_gc(0);
+
} /* end unregister_key_type() */
EXPORT_SYMBOL(unregister_key_type);
} /* end unregister_key_type() */
EXPORT_SYMBOL(unregister_key_type);