keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry

[platform/kernel/linux-starfive.git] / security / keys / internal.h

diff --git a/security/keys/internal.h b/security/keys/internal.h
index 3c1e712..ec2ec33 100644 (file)
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -174,6 +174,7 @@ extern unsigned key_gc_delay;
 extern void keyring_gc(struct key *keyring, time64_t limit);
 extern void keyring_restriction_gc(struct key *keyring,
                                   struct key_type *dead_type);
+void key_set_expiry(struct key *key, time64_t expiry);
 extern void key_schedule_gc(time64_t gc_at);
 extern void key_schedule_gc_links(void);
 extern void key_gc_keytype(struct key_type *ktype);
@@ -222,10 +223,18 @@ extern struct key *key_get_instantiation_authkey(key_serial_t target_id);
  */
 static inline bool key_is_dead(const struct key *key, time64_t limit)
 {
+       time64_t expiry = key->expiry;
+
+       if (expiry != TIME64_MAX) {
+               if (!(key->type->flags & KEY_TYPE_INSTANT_REAP))
+                       expiry += key_gc_delay;
+               if (expiry <= limit)
+                       return true;
+       }
+
        return
                key->flags & ((1 << KEY_FLAG_DEAD) |
                              (1 << KEY_FLAG_INVALIDATED)) ||
-               (key->expiry > 0 && key->expiry <= limit) ||
                key->domain_tag->removed;
 }