diff mbox

KEYS: remove unnecessary get/put of explicit dest_keyring

Message ID 20171120225757.96498-1-ebiggers3@gmail.com (mailing list archive)
State New, archived
Headers show

Commit Message

Eric Biggers Nov. 20, 2017, 10:57 p.m. UTC
From: Eric Biggers <ebiggers@google.com>

In request_key_and_link(), in the case where the dest_keyring was
explicitly specified, there is no need to get another reference to
dest_keyring before calling key_link(), then drop it afterwards.  This
is because by definition, we already have a reference to dest_keyring.

This change is useful because we'll be making
construct_get_dest_keyring() able to return an error code, and we don't
want to have to handle that error here for no reason.

Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 security/keys/request_key.c | 2 --
 1 file changed, 2 deletions(-)

Comments

David Howells Nov. 24, 2017, 3:52 p.m. UTC | #1
Eric Biggers <ebiggers3@gmail.com> wrote:

> -			construct_get_dest_keyring(&dest_keyring);

This will break.  construct_get_dest_keyring() does other things than just
getting a ref on whatever dest_keyring points to.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Eric Biggers Nov. 24, 2017, 8:37 p.m. UTC | #2
On Fri, Nov 24, 2017 at 03:52:05PM +0000, David Howells wrote:
> Eric Biggers <ebiggers3@gmail.com> wrote:
> 
> > -			construct_get_dest_keyring(&dest_keyring);
> 
> This will break.  construct_get_dest_keyring() does other things than just
> getting a ref on whatever dest_keyring points to.
> 

Not if dest_keyring is non-NULL (i.e. explicitly specified), which it is in this
case.

Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
David Howells Nov. 24, 2017, 9:18 p.m. UTC | #3
Eric Biggers <ebiggers3@gmail.com> wrote:

> > > -			construct_get_dest_keyring(&dest_keyring);
> > 
> > This will break.  construct_get_dest_keyring() does other things than just
> > getting a ref on whatever dest_keyring points to.
> > 
> 
> Not if dest_keyring is non-NULL (i.e. explicitly specified), which it is in
> this case.

Actually, you're right.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
David Howells Nov. 24, 2017, 9:24 p.m. UTC | #4
Eric Biggers <ebiggers3@gmail.com> wrote:

>  		if (dest_keyring) {
> -			construct_get_dest_keyring(&dest_keyring);

Actually, I think I have the order of these lines inverted.
construct_get_dest_keyring() can actually return without setting dest_keyring
to anything.  This didn't used to be the case, but now that the user-session
keyring is made lazily, there's no guaranteed fallback.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index e8036cd0ad54..c6880af8b411 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -546,9 +546,7 @@  struct key *request_key_and_link(struct key_type *type,
 	if (!IS_ERR(key_ref)) {
 		key = key_ref_to_ptr(key_ref);
 		if (dest_keyring) {
-			construct_get_dest_keyring(&dest_keyring);
 			ret = key_link(dest_keyring, key);
-			key_put(dest_keyring);
 			if (ret < 0) {
 				key_put(key);
 				key = ERR_PTR(ret);