summaryrefslogtreecommitdiff
path: root/security/keys/keyring.c
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2019-06-26 21:02:32 +0100
committerDavid Howells <dhowells@redhat.com>2019-06-26 21:02:32 +0100
commit218e6424e711ceee31eeba93212fed8ee92d6a11 (patch)
tree62358ec392304d17294f73779a1a13591468de7b /security/keys/keyring.c
parent3b6e4de05e9ee2e2f94e4a3fe14d945e2418d9a8 (diff)
keys: Garbage collect keys for which the domain has been removed
If a key operation domain (such as a network namespace) has been removed then attempt to garbage collect all the keys that use it. Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'security/keys/keyring.c')
-rw-r--r--security/keys/keyring.c15
1 files changed, 15 insertions, 0 deletions
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index 0da8fa282d56..d3c86fda1510 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -241,6 +241,21 @@ bool key_put_tag(struct key_tag *tag)
return false;
}
+/**
+ * key_remove_domain - Kill off a key domain and gc its keys
+ * @domain_tag: The domain tag to release.
+ *
+ * This marks a domain tag as being dead and releases a ref on it. If that
+ * wasn't the last reference, the garbage collector is poked to try and delete
+ * all keys that were in the domain.
+ */
+void key_remove_domain(struct key_tag *domain_tag)
+{
+ domain_tag->removed = true;
+ if (!key_put_tag(domain_tag))
+ key_schedule_gc_links();
+}
+
/*
* Build the next index key chunk.
*