summaryrefslogtreecommitdiffstats
path: root/security/keys/key.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/keys/key.c')
-rw-r--r--security/keys/key.c24
1 files changed, 13 insertions, 11 deletions
diff --git a/security/keys/key.c b/security/keys/key.c
index 2ea5967121de..455c04d80bbb 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -500,21 +500,23 @@ int key_instantiate_and_link(struct key *key,
}
if (keyring) {
+ ret = __key_link_begin(keyring, &key->index_key, &edit);
+ if (ret < 0)
+ goto error;
+
if (keyring->restrict_link && keyring->restrict_link->check) {
struct key_restriction *keyres = keyring->restrict_link;
ret = keyres->check(keyring, key->type, &prep.payload,
keyres->key);
if (ret < 0)
- goto error;
+ goto error_link_end;
}
- ret = __key_link_begin(keyring, &key->index_key, &edit);
- if (ret < 0)
- goto error;
}
ret = __key_instantiate_and_link(key, &prep, keyring, authkey, &edit);
+error_link_end:
if (keyring)
__key_link_end(keyring, &key->index_key, edit);
@@ -855,21 +857,21 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
}
index_key.desc_len = strlen(index_key.description);
+ ret = __key_link_begin(keyring, &index_key, &edit);
+ if (ret < 0) {
+ key_ref = ERR_PTR(ret);
+ goto error_free_prep;
+ }
+
if (restrict_link && restrict_link->check) {
ret = restrict_link->check(keyring, index_key.type,
&prep.payload, restrict_link->key);
if (ret < 0) {
key_ref = ERR_PTR(ret);
- goto error_free_prep;
+ goto error_link_end;
}
}
- ret = __key_link_begin(keyring, &index_key, &edit);
- if (ret < 0) {
- key_ref = ERR_PTR(ret);
- goto error_free_prep;
- }
-
/* if we're going to allocate a new key, we're going to have
* to modify the keyring */
ret = key_permission(keyring_ref, KEY_NEED_WRITE);