+/*
+ * allocate a new key in under-construction state and attempt to link it in to
+ * the requested place
+ * - may return a key that's already under construction instead
+ */
+static int construct_alloc_key(struct key_type *type,
+ const char *description,
+ struct key *dest_keyring,
+ unsigned long flags,
+ struct key_user *user,
+ struct key **_key)
+{
+ struct key *key;
+ key_ref_t key_ref;
+
+ kenter("%s,%s,,,", type->name, description);
+
+ mutex_lock(&user->cons_lock);
+
+ key = key_alloc(type, description,
+ current->fsuid, current->fsgid, current, KEY_POS_ALL,
+ flags);
+ if (IS_ERR(key))
+ goto alloc_failed;
+
+ set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
+
+ if (dest_keyring)
+ down_write(&dest_keyring->sem);
+
+ /* attach the key to the destination keyring under lock, but we do need
+ * to do another check just in case someone beat us to it whilst we
+ * waited for locks */
+ mutex_lock(&key_construction_mutex);
+
+ key_ref = search_process_keyrings(type, description, type->match,
+ current);
+ if (!IS_ERR(key_ref))
+ goto key_already_present;
+
+ if (dest_keyring)
+ construct_key_make_link(key, dest_keyring);
+
+ mutex_unlock(&key_construction_mutex);
+ if (dest_keyring)
+ up_write(&dest_keyring->sem);
+ mutex_unlock(&user->cons_lock);
+ *_key = key;
+ kleave(" = 0 [%d]", key_serial(key));
+ return 0;
+
+key_already_present:
+ mutex_unlock(&key_construction_mutex);
+ if (dest_keyring)
+ up_write(&dest_keyring->sem);
+ mutex_unlock(&user->cons_lock);
+ key_put(key);
+ *_key = key = key_ref_to_ptr(key_ref);
+ kleave(" = -EINPROGRESS [%d]", key_serial(key));
+ return -EINPROGRESS;
+
+alloc_failed:
+ mutex_unlock(&user->cons_lock);
+ *_key = NULL;
+ kleave(" = %ld", PTR_ERR(key));
+ return PTR_ERR(key);
+}
+
+/*
+ * commence key construction
+ */
+static struct key *construct_key_and_link(struct key_type *type,
+ const char *description,
+ const char *callout_info,
+ size_t callout_len,
+ void *aux,
+ struct key *dest_keyring,
+ unsigned long flags)
+{
+ struct key_user *user;
+ struct key *key;
+ int ret;
+
+ user = key_user_lookup(current->fsuid);
+ if (!user)
+ return ERR_PTR(-ENOMEM);
+
+ ret = construct_alloc_key(type, description, dest_keyring, flags, user,
+ &key);
+ key_user_put(user);
+
+ if (ret == 0) {
+ ret = construct_key(key, callout_info, callout_len, aux);
+ if (ret < 0)
+ goto construction_failed;
+ }
+
+ return key;
+
+construction_failed:
+ key_negate_and_link(key, key_negative_timeout, NULL, NULL);
+ key_put(key);
+ return ERR_PTR(ret);
+}