CRED: Separate task security context from task_struct
Separate the task security context from task_struct. At this point, the
security data is temporarily embedded in the task_struct with two pointers
pointing to it.
Note that the Alpha arch is altered as it refers to (E)UID and (E)GID in
entry.S via asm-offsets.
With comment fixes Signed-off-by: Marc Dionne <marc.c.dionne@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index 8fcfa39..7a52477 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -223,10 +223,10 @@
NEW_AUX_ENT(AT_BASE, interp_load_addr);
NEW_AUX_ENT(AT_FLAGS, 0);
NEW_AUX_ENT(AT_ENTRY, exec->e_entry);
- NEW_AUX_ENT(AT_UID, tsk->uid);
- NEW_AUX_ENT(AT_EUID, tsk->euid);
- NEW_AUX_ENT(AT_GID, tsk->gid);
- NEW_AUX_ENT(AT_EGID, tsk->egid);
+ NEW_AUX_ENT(AT_UID, tsk->cred->uid);
+ NEW_AUX_ENT(AT_EUID, tsk->cred->euid);
+ NEW_AUX_ENT(AT_GID, tsk->cred->gid);
+ NEW_AUX_ENT(AT_EGID, tsk->cred->egid);
NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm));
NEW_AUX_ENT(AT_EXECFN, bprm->exec);
if (k_platform) {
@@ -1388,8 +1388,8 @@
psinfo->pr_zomb = psinfo->pr_sname == 'Z';
psinfo->pr_nice = task_nice(p);
psinfo->pr_flag = p->flags;
- SET_UID(psinfo->pr_uid, p->uid);
- SET_GID(psinfo->pr_gid, p->gid);
+ SET_UID(psinfo->pr_uid, p->cred->uid);
+ SET_GID(psinfo->pr_gid, p->cred->gid);
strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
return 0;
diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c
index 488584c..9f67054 100644
--- a/fs/binfmt_elf_fdpic.c
+++ b/fs/binfmt_elf_fdpic.c
@@ -623,10 +623,10 @@
NEW_AUX_ENT(AT_BASE, interp_params->elfhdr_addr);
NEW_AUX_ENT(AT_FLAGS, 0);
NEW_AUX_ENT(AT_ENTRY, exec_params->entry_addr);
- NEW_AUX_ENT(AT_UID, (elf_addr_t) current_uid());
- NEW_AUX_ENT(AT_EUID, (elf_addr_t) current_euid());
- NEW_AUX_ENT(AT_GID, (elf_addr_t) current_gid());
- NEW_AUX_ENT(AT_EGID, (elf_addr_t) current_egid());
+ NEW_AUX_ENT(AT_UID, (elf_addr_t) current->cred->uid);
+ NEW_AUX_ENT(AT_EUID, (elf_addr_t) current->cred->euid);
+ NEW_AUX_ENT(AT_GID, (elf_addr_t) current->cred->gid);
+ NEW_AUX_ENT(AT_EGID, (elf_addr_t) current->cred->egid);
NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm));
NEW_AUX_ENT(AT_EXECFN, bprm->exec);
@@ -1440,8 +1440,8 @@
psinfo->pr_zomb = psinfo->pr_sname == 'Z';
psinfo->pr_nice = task_nice(p);
psinfo->pr_flag = p->flags;
- SET_UID(psinfo->pr_uid, p->uid);
- SET_GID(psinfo->pr_gid, p->gid);
+ SET_UID(psinfo->pr_uid, p->cred->uid);
+ SET_GID(psinfo->pr_gid, p->cred->gid);
strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
return 0;
diff --git a/fs/exec.c b/fs/exec.c
index 604834f..31149e4 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1738,7 +1738,7 @@
*/
if (get_dumpable(mm) == 2) { /* Setuid core dump mode */
flag = O_EXCL; /* Stop rewrite attacks */
- current->fsuid = 0; /* Dump root private */
+ current->cred->fsuid = 0; /* Dump root private */
}
retval = coredump_wait(exit_code, &core_state);
@@ -1834,7 +1834,7 @@
if (helper_argv)
argv_free(helper_argv);
- current->fsuid = fsuid;
+ current->cred->fsuid = fsuid;
coredump_finish(mm);
fail:
return retval;
diff --git a/fs/fcntl.c b/fs/fcntl.c
index bf049a8..63964d8 100644
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
@@ -401,8 +401,8 @@
struct fown_struct *fown, int sig)
{
return (((fown->euid == 0) ||
- (fown->euid == p->suid) || (fown->euid == p->uid) ||
- (fown->uid == p->suid) || (fown->uid == p->uid)) &&
+ (fown->euid == p->cred->suid) || (fown->euid == p->cred->uid) ||
+ (fown->uid == p->cred->suid) || (fown->uid == p->cred->uid)) &&
!security_file_send_sigiotask(p, fown, sig));
}
diff --git a/fs/file_table.c b/fs/file_table.c
index 5ad0eca..3152b53 100644
--- a/fs/file_table.c
+++ b/fs/file_table.c
@@ -122,8 +122,8 @@
INIT_LIST_HEAD(&f->f_u.fu_list);
atomic_long_set(&f->f_count, 1);
rwlock_init(&f->f_owner.lock);
- f->f_uid = tsk->fsuid;
- f->f_gid = tsk->fsgid;
+ f->f_uid = tsk->cred->fsuid;
+ f->f_gid = tsk->cred->fsgid;
eventpoll_init_file(f);
/* f->f_version: 0 */
return f;
diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
index fd03330..e97a989 100644
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -872,12 +872,12 @@
if (fc->flags & FUSE_ALLOW_OTHER)
return 1;
- if (task->euid == fc->user_id &&
- task->suid == fc->user_id &&
- task->uid == fc->user_id &&
- task->egid == fc->group_id &&
- task->sgid == fc->group_id &&
- task->gid == fc->group_id)
+ if (task->cred->euid == fc->user_id &&
+ task->cred->suid == fc->user_id &&
+ task->cred->uid == fc->user_id &&
+ task->cred->egid == fc->group_id &&
+ task->cred->sgid == fc->group_id &&
+ task->cred->gid == fc->group_id)
return 1;
return 0;
diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c
index 08ad76c..870a721 100644
--- a/fs/hugetlbfs/inode.c
+++ b/fs/hugetlbfs/inode.c
@@ -958,7 +958,7 @@
if (!can_do_hugetlb_shm())
return ERR_PTR(-EPERM);
- if (!user_shm_lock(size, current->user))
+ if (!user_shm_lock(size, current->cred->user))
return ERR_PTR(-ENOMEM);
root = hugetlbfs_vfsmount->mnt_root;
@@ -998,7 +998,7 @@
out_dentry:
dput(dentry);
out_shm_unlock:
- user_shm_unlock(size, current->user);
+ user_shm_unlock(size, current->cred->user);
return ERR_PTR(error);
}
diff --git a/fs/ioprio.c b/fs/ioprio.c
index 68d2cd8..bb5210a 100644
--- a/fs/ioprio.c
+++ b/fs/ioprio.c
@@ -32,8 +32,8 @@
int err;
struct io_context *ioc;
- if (task->uid != current_euid() &&
- task->uid != current_uid() && !capable(CAP_SYS_NICE))
+ if (task->cred->uid != current_euid() &&
+ task->cred->uid != current_uid() && !capable(CAP_SYS_NICE))
return -EPERM;
err = security_task_setioprio(task, ioprio);
@@ -123,7 +123,7 @@
break;
case IOPRIO_WHO_USER:
if (!who)
- user = current->user;
+ user = current->cred->user;
else
user = find_user(who);
@@ -131,7 +131,7 @@
break;
do_each_thread(g, p) {
- if (p->uid != who)
+ if (p->cred->uid != who)
continue;
ret = set_task_ioprio(p, ioprio);
if (ret)
@@ -216,7 +216,7 @@
break;
case IOPRIO_WHO_USER:
if (!who)
- user = current->user;
+ user = current->cred->user;
else
user = find_user(who);
@@ -224,7 +224,7 @@
break;
do_each_thread(g, p) {
- if (p->uid != user->uid)
+ if (p->cred->uid != user->uid)
continue;
tmpio = get_task_ioprio(p);
if (tmpio < 0)
diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c
index 294992e..808fc03 100644
--- a/fs/nfsd/auth.c
+++ b/fs/nfsd/auth.c
@@ -27,6 +27,7 @@
int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
{
+ struct cred *act_as = current->cred ;
struct svc_cred cred = rqstp->rq_cred;
int i;
int flags = nfsexp_flags(rqstp, exp);
@@ -55,25 +56,26 @@
get_group_info(cred.cr_group_info);
if (cred.cr_uid != (uid_t) -1)
- current->fsuid = cred.cr_uid;
+ act_as->fsuid = cred.cr_uid;
else
- current->fsuid = exp->ex_anon_uid;
+ act_as->fsuid = exp->ex_anon_uid;
if (cred.cr_gid != (gid_t) -1)
- current->fsgid = cred.cr_gid;
+ act_as->fsgid = cred.cr_gid;
else
- current->fsgid = exp->ex_anon_gid;
+ act_as->fsgid = exp->ex_anon_gid;
if (!cred.cr_group_info)
return -ENOMEM;
- ret = set_current_groups(cred.cr_group_info);
+ ret = set_groups(act_as, cred.cr_group_info);
put_group_info(cred.cr_group_info);
if ((cred.cr_uid)) {
- current->cap_effective =
- cap_drop_nfsd_set(current->cap_effective);
+ act_as->cap_effective =
+ cap_drop_nfsd_set(act_as->cap_effective);
} else {
- current->cap_effective =
- cap_raise_nfsd_set(current->cap_effective,
- current->cap_permitted);
+ act_as->cap_effective =
+ cap_raise_nfsd_set(act_as->cap_effective,
+ act_as->cap_permitted);
}
return ret;
}
+
diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c
index bb93946..a5e14e8 100644
--- a/fs/nfsd/nfs4recover.c
+++ b/fs/nfsd/nfs4recover.c
@@ -57,17 +57,17 @@
static void
nfs4_save_user(uid_t *saveuid, gid_t *savegid)
{
- *saveuid = current->fsuid;
- *savegid = current->fsgid;
- current->fsuid = 0;
- current->fsgid = 0;
+ *saveuid = current->cred->fsuid;
+ *savegid = current->cred->fsgid;
+ current->cred->fsuid = 0;
+ current->cred->fsgid = 0;
}
static void
nfs4_reset_user(uid_t saveuid, gid_t savegid)
{
- current->fsuid = saveuid;
- current->fsgid = savegid;
+ current->cred->fsuid = saveuid;
+ current->cred->fsgid = savegid;
}
static void
diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c
index cd25d91..e67cfae 100644
--- a/fs/nfsd/nfsfh.c
+++ b/fs/nfsd/nfsfh.c
@@ -186,9 +186,9 @@
* access control settings being in effect, we cannot
* fix that case easily.
*/
- current->cap_effective =
- cap_raise_nfsd_set(current->cap_effective,
- current->cap_permitted);
+ current->cred->cap_effective =
+ cap_raise_nfsd_set(current->cred->cap_effective,
+ current->cred->cap_permitted);
} else {
error = nfsd_setuser_and_check_port(rqstp, exp);
if (error)
diff --git a/fs/open.c b/fs/open.c
index 500cc0c..b1238e1 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -425,6 +425,7 @@
*/
asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode)
{
+ struct cred *cred = current->cred;
struct path path;
struct inode *inode;
int old_fsuid, old_fsgid;
@@ -434,18 +435,18 @@
if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */
return -EINVAL;
- old_fsuid = current->fsuid;
- old_fsgid = current->fsgid;
+ old_fsuid = cred->fsuid;
+ old_fsgid = cred->fsgid;
- current->fsuid = current->uid;
- current->fsgid = current->gid;
+ cred->fsuid = cred->uid;
+ cred->fsgid = cred->gid;
if (!issecure(SECURE_NO_SETUID_FIXUP)) {
/* Clear the capabilities if we switch to a non-root user */
- if (current->uid)
+ if (current->cred->uid)
old_cap = cap_set_effective(__cap_empty_set);
else
- old_cap = cap_set_effective(current->cap_permitted);
+ old_cap = cap_set_effective(cred->cap_permitted);
}
res = user_path_at(dfd, filename, LOOKUP_FOLLOW, &path);
@@ -484,8 +485,8 @@
out_path_release:
path_put(&path);
out:
- current->fsuid = old_fsuid;
- current->fsgid = old_fsgid;
+ cred->fsuid = old_fsuid;
+ cred->fsgid = old_fsgid;
if (!issecure(SECURE_NO_SETUID_FIXUP))
cap_set_effective(old_cap);
diff --git a/fs/proc/array.c b/fs/proc/array.c
index 6af7fba..62fe9b2 100644
--- a/fs/proc/array.c
+++ b/fs/proc/array.c
@@ -182,8 +182,8 @@
task_tgid_nr_ns(p, ns),
pid_nr_ns(pid, ns),
ppid, tpid,
- p->uid, p->euid, p->suid, p->fsuid,
- p->gid, p->egid, p->sgid, p->fsgid);
+ p->cred->uid, p->cred->euid, p->cred->suid, p->cred->fsuid,
+ p->cred->gid, p->cred->egid, p->cred->sgid, p->cred->fsgid);
task_lock(p);
if (p->files)
@@ -194,7 +194,7 @@
fdt ? fdt->max_fds : 0);
rcu_read_unlock();
- group_info = p->group_info;
+ group_info = p->cred->group_info;
get_group_info(group_info);
task_unlock(p);
@@ -262,7 +262,7 @@
blocked = p->blocked;
collect_sigign_sigcatch(p, &ignored, &caught);
num_threads = atomic_read(&p->signal->count);
- qsize = atomic_read(&p->user->sigpending);
+ qsize = atomic_read(&p->cred->user->sigpending);
qlim = p->signal->rlim[RLIMIT_SIGPENDING].rlim_cur;
unlock_task_sighand(p, &flags);
}
@@ -293,10 +293,12 @@
static inline void task_cap(struct seq_file *m, struct task_struct *p)
{
- render_cap_t(m, "CapInh:\t", &p->cap_inheritable);
- render_cap_t(m, "CapPrm:\t", &p->cap_permitted);
- render_cap_t(m, "CapEff:\t", &p->cap_effective);
- render_cap_t(m, "CapBnd:\t", &p->cap_bset);
+ struct cred *cred = p->cred;
+
+ render_cap_t(m, "CapInh:\t", &cred->cap_inheritable);
+ render_cap_t(m, "CapPrm:\t", &cred->cap_permitted);
+ render_cap_t(m, "CapEff:\t", &cred->cap_effective);
+ render_cap_t(m, "CapBnd:\t", &cred->cap_bset);
}
static inline void task_context_switch_counts(struct seq_file *m,
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 486cf3f..6862b36 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1428,8 +1428,8 @@
inode->i_uid = 0;
inode->i_gid = 0;
if (task_dumpable(task)) {
- inode->i_uid = task->euid;
- inode->i_gid = task->egid;
+ inode->i_uid = task->cred->euid;
+ inode->i_gid = task->cred->egid;
}
security_task_to_inode(task, inode);
@@ -1454,8 +1454,8 @@
if (task) {
if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
task_dumpable(task)) {
- stat->uid = task->euid;
- stat->gid = task->egid;
+ stat->uid = task->cred->euid;
+ stat->gid = task->cred->egid;
}
}
rcu_read_unlock();
@@ -1486,8 +1486,8 @@
if (task) {
if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
task_dumpable(task)) {
- inode->i_uid = task->euid;
- inode->i_gid = task->egid;
+ inode->i_uid = task->cred->euid;
+ inode->i_gid = task->cred->egid;
} else {
inode->i_uid = 0;
inode->i_gid = 0;
@@ -1658,8 +1658,8 @@
rcu_read_unlock();
put_files_struct(files);
if (task_dumpable(task)) {
- inode->i_uid = task->euid;
- inode->i_gid = task->egid;
+ inode->i_uid = task->cred->euid;
+ inode->i_gid = task->cred->egid;
} else {
inode->i_uid = 0;
inode->i_gid = 0;
diff --git a/fs/xfs/linux-2.6/xfs_cred.h b/fs/xfs/linux-2.6/xfs_cred.h
index 293043a..8c022cd 100644
--- a/fs/xfs/linux-2.6/xfs_cred.h
+++ b/fs/xfs/linux-2.6/xfs_cred.h
@@ -23,11 +23,9 @@
/*
* Credentials
*/
-typedef struct cred {
- /* EMPTY */
-} cred_t;
+typedef const struct cred cred_t;
-extern struct cred *sys_cred;
+extern cred_t *sys_cred;
/* this is a hack.. (assumes sys_cred is the only cred_t in the system) */
static inline int capable_cred(cred_t *cr, int cid)
diff --git a/fs/xfs/linux-2.6/xfs_globals.h b/fs/xfs/linux-2.6/xfs_globals.h
index 2770b00..6eda8a3 100644
--- a/fs/xfs/linux-2.6/xfs_globals.h
+++ b/fs/xfs/linux-2.6/xfs_globals.h
@@ -19,6 +19,6 @@
#define __XFS_GLOBALS_H__
extern uint64_t xfs_panic_mask; /* set to cause more panics */
-extern struct cred *sys_cred;
+extern cred_t *sys_cred;
#endif /* __XFS_GLOBALS_H__ */
diff --git a/fs/xfs/xfs_inode.h b/fs/xfs/xfs_inode.h
index 1420c49..6be310d 100644
--- a/fs/xfs/xfs_inode.h
+++ b/fs/xfs/xfs_inode.h
@@ -497,7 +497,7 @@
xfs_inode_t **, xfs_daddr_t, uint);
int xfs_iread_extents(struct xfs_trans *, xfs_inode_t *, int);
int xfs_ialloc(struct xfs_trans *, xfs_inode_t *, mode_t,
- xfs_nlink_t, xfs_dev_t, struct cred *, xfs_prid_t,
+ xfs_nlink_t, xfs_dev_t, cred_t *, xfs_prid_t,
int, struct xfs_buf **, boolean_t *, xfs_inode_t **);
void xfs_dinode_from_disk(struct xfs_icdinode *,
struct xfs_dinode_core *);
diff --git a/fs/xfs/xfs_vnodeops.h b/fs/xfs/xfs_vnodeops.h
index e932a96..7b0c2ab 100644
--- a/fs/xfs/xfs_vnodeops.h
+++ b/fs/xfs/xfs_vnodeops.h
@@ -16,7 +16,7 @@
int xfs_open(struct xfs_inode *ip);
int xfs_setattr(struct xfs_inode *ip, struct iattr *vap, int flags,
- struct cred *credp);
+ cred_t *credp);
#define XFS_ATTR_DMI 0x01 /* invocation from a DMI function */
#define XFS_ATTR_NONBLOCK 0x02 /* return EAGAIN if operation would block */
#define XFS_ATTR_NOLOCK 0x04 /* Don't grab any conflicting locks */
@@ -28,24 +28,24 @@
int xfs_lookup(struct xfs_inode *dp, struct xfs_name *name,
struct xfs_inode **ipp, struct xfs_name *ci_name);
int xfs_create(struct xfs_inode *dp, struct xfs_name *name, mode_t mode,
- xfs_dev_t rdev, struct xfs_inode **ipp, struct cred *credp);
+ xfs_dev_t rdev, struct xfs_inode **ipp, cred_t *credp);
int xfs_remove(struct xfs_inode *dp, struct xfs_name *name,
struct xfs_inode *ip);
int xfs_link(struct xfs_inode *tdp, struct xfs_inode *sip,
struct xfs_name *target_name);
int xfs_mkdir(struct xfs_inode *dp, struct xfs_name *dir_name,
- mode_t mode, struct xfs_inode **ipp, struct cred *credp);
+ mode_t mode, struct xfs_inode **ipp, cred_t *credp);
int xfs_readdir(struct xfs_inode *dp, void *dirent, size_t bufsize,
xfs_off_t *offset, filldir_t filldir);
int xfs_symlink(struct xfs_inode *dp, struct xfs_name *link_name,
const char *target_path, mode_t mode, struct xfs_inode **ipp,
- struct cred *credp);
+ cred_t *credp);
int xfs_inode_flush(struct xfs_inode *ip, int flags);
int xfs_set_dmattrs(struct xfs_inode *ip, u_int evmask, u_int16_t state);
int xfs_reclaim(struct xfs_inode *ip);
int xfs_change_file_space(struct xfs_inode *ip, int cmd,
xfs_flock64_t *bf, xfs_off_t offset,
- struct cred *credp, int attr_flags);
+ cred_t *credp, int attr_flags);
int xfs_rename(struct xfs_inode *src_dp, struct xfs_name *src_name,
struct xfs_inode *src_ip, struct xfs_inode *target_dp,
struct xfs_name *target_name, struct xfs_inode *target_ip);