Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 76aac0e9 authored by David Howells's avatar David Howells Committed by James Morris
Browse files

CRED: Wrap task credential accesses in the core kernel 



Wrap access to task credentials so that they can be separated more easily from
the task_struct during the introduction of COW creds.

Change most current->(|e|s|fs)[ug]id to current_(|e|s|fs)[ug]id().

Change some task->e?[ug]id to task_e?[ug]id().  In some places it makes more
sense to use RCU directly rather than a convenient wrapper; these will be
addressed by later patches.

Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Reviewed-by: default avatarJames Morris <jmorris@namei.org>
Acked-by: default avatarSerge Hallyn <serue@us.ibm.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-audit@redhat.com
Cc: containers@lists.linux-foundation.org
Cc: linux-mm@kvack.org
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent b103c598

kernel/acct.c

+3 −4
Original line number Diff line number Diff line
@@ -530,15 +530,14 @@ static void do_acct_process(struct bsd_acct_struct *acct, 
	do_div(elapsed, AHZ);

	ac.ac_btime = get_seconds() - elapsed;

	/* we really need to bite the bullet and change layout */

	ac.ac_uid = current->uid;

	ac.ac_gid = current->gid;

	current_uid_gid(&ac.ac_uid, &ac.ac_gid);

#if ACCT_VERSION==2

	ac.ac_ahz = AHZ;

#endif

#if ACCT_VERSION==1 || ACCT_VERSION==2

	/* backward-compatible 16 bit fields */

	ac.ac_uid16 = current->uid;

	ac.ac_gid16 = current->gid;

	ac.ac_uid16 = ac.ac_uid;

	ac.ac_gid16 = ac.ac_gid;

#endif

#if ACCT_VERSION==3

	ac.ac_pid = task_tgid_nr_ns(current, ns);

kernel/auditsc.c

+4 −2
Original line number Diff line number Diff line
@@ -2628,7 +2628,8 @@ void audit_core_dumps(long signr) 
{

	struct audit_buffer *ab;

	u32 sid;

	uid_t auid = audit_get_loginuid(current);

	uid_t auid = audit_get_loginuid(current), uid;

	gid_t gid;

	unsigned int sessionid = audit_get_sessionid(current);



	if (!audit_enabled)
@@ -2638,8 +2639,9 @@ void audit_core_dumps(long signr) 
		return;



	ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_ANOM_ABEND);

	current_uid_gid(&uid, &gid);

	audit_log_format(ab, "auid=%u uid=%u gid=%u ses=%u",

			auid, current->uid, current->gid, sessionid);

			 auid, uid, gid, sessionid);

	security_task_getsecid(current, &sid);

	if (sid) {

		char *ctx = NULL;

kernel/cgroup.c

+5 −4
Original line number Diff line number Diff line
@@ -571,8 +571,8 @@ static struct inode *cgroup_new_inode(mode_t mode, struct super_block *sb) 


	if (inode) {

		inode->i_mode = mode;

		inode->i_uid = current->fsuid;

		inode->i_gid = current->fsgid;

		inode->i_uid = current_fsuid();

		inode->i_gid = current_fsgid();

		inode->i_blocks = 0;

		inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME;

		inode->i_mapping->backing_dev_info = &cgroup_backing_dev_info;
@@ -1279,6 +1279,7 @@ int cgroup_attach_task(struct cgroup *cgrp, struct task_struct *tsk) 
static int attach_task_by_pid(struct cgroup *cgrp, u64 pid)

{

	struct task_struct *tsk;

	uid_t euid;

	int ret;



	if (pid) {
@@ -1291,8 +1292,8 @@ static int attach_task_by_pid(struct cgroup *cgrp, u64 pid) 
		get_task_struct(tsk);

		rcu_read_unlock();



		if ((current->euid) && (current->euid != tsk->uid)

		    && (current->euid != tsk->suid)) {

		euid = current_euid();

		if (euid && euid != tsk->uid && euid != tsk->suid) {

			put_task_struct(tsk);

			return -EACCES;

		}

kernel/futex.c

+5 −3
Original line number Diff line number Diff line
@@ -439,10 +439,11 @@ static void free_pi_state(struct futex_pi_state *pi_state) 
static struct task_struct * futex_find_get_task(pid_t pid)

{

	struct task_struct *p;

	uid_t euid = current_euid();



	rcu_read_lock();

	p = find_task_by_vpid(pid);

	if (!p || ((current->euid != p->euid) && (current->euid != p->uid)))

	if (!p || (euid != p->euid && euid != p->uid))

		p = ERR_PTR(-ESRCH);

	else

		get_task_struct(p);
@@ -1829,6 +1830,7 @@ sys_get_robust_list(int pid, struct robust_list_head __user * __user *head_ptr, 
{

	struct robust_list_head __user *head;

	unsigned long ret;

	uid_t euid = current_euid();



	if (!futex_cmpxchg_enabled)

		return -ENOSYS;
@@ -1844,7 +1846,7 @@ sys_get_robust_list(int pid, struct robust_list_head __user * __user *head_ptr, 
		if (!p)

			goto err_unlock;

		ret = -EPERM;

		if ((current->euid != p->euid) && (current->euid != p->uid) &&

		if (euid != p->euid && euid != p->uid &&

		    !capable(CAP_SYS_PTRACE))

			goto err_unlock;

		head = p->robust_list;

kernel/futex_compat.c

+2 −1
Original line number Diff line number Diff line
@@ -135,6 +135,7 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr, 
{

	struct compat_robust_list_head __user *head;

	unsigned long ret;

	uid_t euid = current_euid();



	if (!futex_cmpxchg_enabled)

		return -ENOSYS;
@@ -150,7 +151,7 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr, 
		if (!p)

			goto err_unlock;

		ret = -EPERM;

		if ((current->euid != p->euid) && (current->euid != p->uid) &&

		if (euid != p->euid && euid != p->uid &&

				!capable(CAP_SYS_PTRACE))

			goto err_unlock;

		head = p->compat_robust_list;