diff --git a/security/keys/internal.h b/security/keys/internal.h
index d4f1468b9b50f4..df971feceaf220 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -124,6 +124,7 @@ extern key_ref_t search_my_process_keyrings(struct key_type *type,
 extern key_ref_t search_process_keyrings(struct key_type *type,
 					 const void *description,
 					 key_match_func_t match,
+					 bool no_state_check,
 					 const struct cred *cred);
 
 extern struct key *find_keyring_by_name(const char *name, bool skip_perm_check);
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index 42defae1e16163..a3410d60584992 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -440,6 +440,7 @@ key_ref_t search_my_process_keyrings(struct key_type *type,
 key_ref_t search_process_keyrings(struct key_type *type,
 				  const void *description,
 				  key_match_func_t match,
+				  bool no_state_check,
 				  const struct cred *cred)
 {
 	struct request_key_auth *rka;
@@ -448,7 +449,7 @@ key_ref_t search_process_keyrings(struct key_type *type,
 	might_sleep();
 
 	key_ref = search_my_process_keyrings(type, description, match,
-					     false, cred);
+					     no_state_check, cred);
 	if (!IS_ERR(key_ref))
 		goto found;
 	err = key_ref;
@@ -468,7 +469,8 @@ key_ref_t search_process_keyrings(struct key_type *type,
 			rka = cred->request_key_auth->payload.data;
 
 			key_ref = search_process_keyrings(type, description,
-							  match, rka->cred);
+							  match, no_state_check,
+							  rka->cred);
 
 			up_read(&cred->request_key_auth->sem);
 
@@ -675,7 +677,7 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
 		/* check to see if we possess the key */
 		skey_ref = search_process_keyrings(key->type, key,
 						   lookup_user_key_possessed,
-						   cred);
+						   true, cred);
 
 		if (!IS_ERR(skey_ref)) {
 			key_put(key);
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index c411f9bb156b20..172115b38054f0 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -390,7 +390,8 @@ static int construct_alloc_key(struct key_type *type,
 	 * waited for locks */
 	mutex_lock(&key_construction_mutex);
 
-	key_ref = search_process_keyrings(type, description, type->match, cred);
+	key_ref = search_process_keyrings(type, description, type->match,
+					  false, cred);
 	if (!IS_ERR(key_ref))
 		goto key_already_present;
 
@@ -539,7 +540,8 @@ struct key *request_key_and_link(struct key_type *type,
 	       dest_keyring, flags);
 
 	/* search all the process keyrings for a key */
-	key_ref = search_process_keyrings(type, description, type->match, cred);
+	key_ref = search_process_keyrings(type, description, type->match,
+					  false, cred);
 
 	if (!IS_ERR(key_ref)) {
 		key = key_ref_to_ptr(key_ref);
diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
index 85730d5a5a59a0..92077de555dfd5 100644
--- a/security/keys/request_key_auth.c
+++ b/security/keys/request_key_auth.c
@@ -247,7 +247,7 @@ struct key *key_get_instantiation_authkey(key_serial_t target_id)
 		&key_type_request_key_auth,
 		(void *) (unsigned long) target_id,
 		key_get_instantiation_authkey_match,
-		cred);
+		false, cred);
 
 	if (IS_ERR(authkey_ref)) {
 		authkey = ERR_CAST(authkey_ref);