KEYS: keyring_serialise_link_sem is only needed for keyring->keyring links

keyring_serialise_link_sem is only needed for keyring->keyring links as it's used to prevent cycle detection from being avoided by parallel keyring additions. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>

KEYS: keyring_serialise_link_sem is only needed for keyring->keyring links
keyring_serialise_link_sem is only needed for keyring->keyring links as it's used to prevent cycle detection from being avoided by parallel keyring additions. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
David Howells · James Morris
1 parent 0ffbe2699c
Showing 1 changed file with 9 additions and 7 deletions Side-by-side Diff
security/keys/keyring.c
@@ -705,13 +705,14 @@
 	if (keyring->type != &key_type_keyring)
 		goto error;
  
-	/* serialise link/link calls to prevent parallel calls causing a
-	 * cycle when applied to two keyring in opposite orders */
-	down_write(&keyring_serialise_link_sem);
-
-	/* check that we aren't going to create a cycle adding one keyring to
-	 * another */
+	/* do some special keyring->keyring link checks */
 	if (key->type == &key_type_keyring) {
+		/* serialise link/link calls to prevent parallel calls causing
+		 * a cycle when applied to two keyring in opposite orders */
+		down_write(&keyring_serialise_link_sem);
+
+		/* check that we aren't going to create a cycle adding one
+		 * keyring to another */
 		ret = keyring_detect_cycle(keyring, key);
 		if (ret < 0)
 			goto error2;
@@ -814,7 +815,8 @@
 done:
 	ret = 0;
 error2:
-	up_write(&keyring_serialise_link_sem);
+	if (key->type == &key_type_keyring)
+		up_write(&keyring_serialise_link_sem);
 error:
 	return ret;
...	...	@@ -705,13 +705,14 @@
705	705	if (keyring->type != &key_type_keyring)
706	706	goto error;
707	707
708		- /* serialise link/link calls to prevent parallel calls causing a
709		- * cycle when applied to two keyring in opposite orders */
710		- down_write(&keyring_serialise_link_sem);
711		-
712		- /* check that we aren't going to create a cycle adding one keyring to
713		- * another */
	708	+ /* do some special keyring->keyring link checks */
714	709	if (key->type == &key_type_keyring) {
	710	+ /* serialise link/link calls to prevent parallel calls causing
	711	+ * a cycle when applied to two keyring in opposite orders */
	712	+ down_write(&keyring_serialise_link_sem);
	713	+
	714	+ /* check that we aren't going to create a cycle adding one
	715	+ * keyring to another */
715	716	ret = keyring_detect_cycle(keyring, key);
716	717	if (ret < 0)
717	718	goto error2;
...	...	@@ -814,7 +815,8 @@
814	815	done:
815	816	ret = 0;
816	817	error2:
817		- up_write(&keyring_serialise_link_sem);
	818	+ if (key->type == &key_type_keyring)
	819	+ up_write(&keyring_serialise_link_sem);
818	820	error:
819	821	return ret;
820	822