KEYS: keyring_serialise_link_sem is only needed for keyring->keyring links

keyring_serialise_link_sem is only needed for keyring->keyring links as it's
used to prevent cycle detection from being avoided by parallel keyring
additions.

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>

diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index 2fb2bc9712ae17a6b5a561ee740d2458b5b94c11..29de5ee3457bd305676fca8a7c56a0613c6d0d8e 100644 (file)
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -705,13 +705,14 @@ int __key_link(struct key *keyring, struct key *key)
        if (keyring->type != &key_type_keyring)
                goto error;
 
-       /* serialise link/link calls to prevent parallel calls causing a
-        * cycle when applied to two keyring in opposite orders */
-       down_write(&keyring_serialise_link_sem);
-
-       /* check that we aren't going to create a cycle adding one keyring to
-        * another */
+       /* do some special keyring->keyring link checks */
        if (key->type == &key_type_keyring) {
+               /* serialise link/link calls to prevent parallel calls causing
+                * a cycle when applied to two keyring in opposite orders */
+               down_write(&keyring_serialise_link_sem);
+
+               /* check that we aren't going to create a cycle adding one
+                * keyring to another */
                ret = keyring_detect_cycle(keyring, key);
                if (ret < 0)
                        goto error2;
@@ -814,7 +815,8 @@ int __key_link(struct key *keyring, struct key *key)
 done:
        ret = 0;
 error2:
-       up_write(&keyring_serialise_link_sem);
+       if (key->type == &key_type_keyring)
+               up_write(&keyring_serialise_link_sem);
 error:
        return ret;