Commit 553d603c8fce8cf727eb26e4bf6b9549cd4623f1
Committed by
James Morris
1 parent
0ffbe2699c
Exists in
master
and in
7 other branches
KEYS: keyring_serialise_link_sem is only needed for keyring->keyring links
keyring_serialise_link_sem is only needed for keyring->keyring links as it's used to prevent cycle detection from being avoided by parallel keyring additions. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
Showing 1 changed file with 9 additions and 7 deletions Side-by-side Diff
security/keys/keyring.c
... | ... | @@ -705,13 +705,14 @@ |
705 | 705 | if (keyring->type != &key_type_keyring) |
706 | 706 | goto error; |
707 | 707 | |
708 | - /* serialise link/link calls to prevent parallel calls causing a | |
709 | - * cycle when applied to two keyring in opposite orders */ | |
710 | - down_write(&keyring_serialise_link_sem); | |
711 | - | |
712 | - /* check that we aren't going to create a cycle adding one keyring to | |
713 | - * another */ | |
708 | + /* do some special keyring->keyring link checks */ | |
714 | 709 | if (key->type == &key_type_keyring) { |
710 | + /* serialise link/link calls to prevent parallel calls causing | |
711 | + * a cycle when applied to two keyring in opposite orders */ | |
712 | + down_write(&keyring_serialise_link_sem); | |
713 | + | |
714 | + /* check that we aren't going to create a cycle adding one | |
715 | + * keyring to another */ | |
715 | 716 | ret = keyring_detect_cycle(keyring, key); |
716 | 717 | if (ret < 0) |
717 | 718 | goto error2; |
... | ... | @@ -814,7 +815,8 @@ |
814 | 815 | done: |
815 | 816 | ret = 0; |
816 | 817 | error2: |
817 | - up_write(&keyring_serialise_link_sem); | |
818 | + if (key->type == &key_type_keyring) | |
819 | + up_write(&keyring_serialise_link_sem); | |
818 | 820 | error: |
819 | 821 | return ret; |
820 | 822 |