diff --git a/include/linux/key.h b/include/linux/key.h
index b145b054b3e0..5231800770e1 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -242,7 +242,7 @@ extern struct key *request_key_async_with_auxdata(struct key_type *type,
 
 extern int wait_for_key_construction(struct key *key, bool intr);
 
-extern int key_validate(struct key *key);
+extern int key_validate(const struct key *key);
 
 extern key_ref_t key_create_or_update(key_ref_t keyring,
 				      const char *type,
diff --git a/security/keys/permission.c b/security/keys/permission.c
index 5f4c00c0947d..57d96363d7f1 100644
--- a/security/keys/permission.c
+++ b/security/keys/permission.c
@@ -91,33 +91,25 @@ EXPORT_SYMBOL(key_task_permission);
  * key is invalidated, -EKEYREVOKED if the key's type has been removed or if
  * the key has been revoked or -EKEYEXPIRED if the key has expired.
  */
-int key_validate(struct key *key)
+int key_validate(const struct key *key)
 {
-	struct timespec now;
 	unsigned long flags = key->flags;
-	int ret = 0;
 
-	if (key) {
-		ret = -ENOKEY;
-		if (flags & (1 << KEY_FLAG_INVALIDATED))
-			goto error;
+	if (flags & (1 << KEY_FLAG_INVALIDATED))
+		return -ENOKEY;
 
-		/* check it's still accessible */
-		ret = -EKEYREVOKED;
-		if (flags & ((1 << KEY_FLAG_REVOKED) |
-			     (1 << KEY_FLAG_DEAD)))
-			goto error;
+	/* check it's still accessible */
+	if (flags & ((1 << KEY_FLAG_REVOKED) |
+		     (1 << KEY_FLAG_DEAD)))
+		return -EKEYREVOKED;
 
-		/* check it hasn't expired */
-		ret = 0;
-		if (key->expiry) {
-			now = current_kernel_time();
-			if (now.tv_sec >= key->expiry)
-				ret = -EKEYEXPIRED;
-		}
+	/* check it hasn't expired */
+	if (key->expiry) {
+		struct timespec now = current_kernel_time();
+		if (now.tv_sec >= key->expiry)
+			return -EKEYEXPIRED;
 	}
 
-error:
-	return ret;
+	return 0;
 }
 EXPORT_SYMBOL(key_validate);