KEYS: Change the name of the dead type to ".dead" to prevent user access

[pandora-kernel.git] / security / keys / gc.c

diff --git a/security/keys/gc.c b/security/keys/gc.c
index bf4d8da..b67f6a2 100644 (file)
--- a/security/keys/gc.c
+++ b/security/keys/gc.c
@@ -46,7 +46,7 @@ static unsigned long key_gc_flags;
  * immediately unlinked.
  */
 struct key_type key_type_dead = {
-       .name = "dead",
+       .name = ".dead",
 };
 
 /*
@@ -172,6 +172,12 @@ static noinline void key_gc_unused_key(struct key *key)
 {
        key_check(key);
 
+       /* Throw away the key data if the key is instantiated */
+       if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags) &&
+           !test_bit(KEY_FLAG_NEGATIVE, &key->flags) &&
+           key->type->destroy)
+               key->type->destroy(key);
+
        security_key_free(key);
 
        /* deal with the user's key tracking and quota */
@@ -188,10 +194,6 @@ static noinline void key_gc_unused_key(struct key *key)
 
        key_user_put(key->user);
 
-       /* now throw away the key memory */
-       if (key->type->destroy)
-               key->type->destroy(key);
-
        kfree(key->description);
 
 #ifdef KEY_DEBUGGING