~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/kernel/cred.c

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /kernel/cred.c (Version linux-6.12-rc7) and /kernel/cred.c (Version linux-4.20.17)


  1 // SPDX-License-Identifier: GPL-2.0-or-later   << 
  2 /* Task credentials management - see Documenta      1 /* Task credentials management - see Documentation/security/credentials.rst
  3  *                                                  2  *
  4  * Copyright (C) 2008 Red Hat, Inc. All Rights      3  * Copyright (C) 2008 Red Hat, Inc. All Rights Reserved.
  5  * Written by David Howells (dhowells@redhat.c      4  * Written by David Howells (dhowells@redhat.com)
                                                   >>   5  *
                                                   >>   6  * This program is free software; you can redistribute it and/or
                                                   >>   7  * modify it under the terms of the GNU General Public Licence
                                                   >>   8  * as published by the Free Software Foundation; either version
                                                   >>   9  * 2 of the Licence, or (at your option) any later version.
  6  */                                                10  */
  7                                                << 
  8 #define pr_fmt(fmt) "CRED: " fmt               << 
  9                                                << 
 10 #include <linux/export.h>                          11 #include <linux/export.h>
 11 #include <linux/cred.h>                            12 #include <linux/cred.h>
 12 #include <linux/slab.h>                            13 #include <linux/slab.h>
 13 #include <linux/sched.h>                           14 #include <linux/sched.h>
 14 #include <linux/sched/coredump.h>                  15 #include <linux/sched/coredump.h>
 15 #include <linux/key.h>                             16 #include <linux/key.h>
 16 #include <linux/keyctl.h>                          17 #include <linux/keyctl.h>
 17 #include <linux/init_task.h>                       18 #include <linux/init_task.h>
 18 #include <linux/security.h>                        19 #include <linux/security.h>
 19 #include <linux/binfmts.h>                         20 #include <linux/binfmts.h>
 20 #include <linux/cn_proc.h>                         21 #include <linux/cn_proc.h>
 21 #include <linux/uidgid.h>                      << 
 22                                                    22 
 23 #if 0                                              23 #if 0
 24 #define kdebug(FMT, ...)                           24 #define kdebug(FMT, ...)                                                \
 25         printk("[%-5.5s%5u] " FMT "\n",            25         printk("[%-5.5s%5u] " FMT "\n",                                 \
 26                current->comm, current->pid, ##     26                current->comm, current->pid, ##__VA_ARGS__)
 27 #else                                              27 #else
 28 #define kdebug(FMT, ...)                           28 #define kdebug(FMT, ...)                                                \
 29 do {                                               29 do {                                                                    \
 30         if (0)                                     30         if (0)                                                          \
 31                 no_printk("[%-5.5s%5u] " FMT "     31                 no_printk("[%-5.5s%5u] " FMT "\n",                      \
 32                           current->comm, curre     32                           current->comm, current->pid, ##__VA_ARGS__);  \
 33 } while (0)                                        33 } while (0)
 34 #endif                                             34 #endif
 35                                                    35 
 36 static struct kmem_cache *cred_jar;                36 static struct kmem_cache *cred_jar;
 37                                                    37 
 38 /* init to 2 - one for init_task, one to ensur     38 /* init to 2 - one for init_task, one to ensure it is never freed */
 39 static struct group_info init_groups = { .usag !!  39 struct group_info init_groups = { .usage = ATOMIC_INIT(2) };
 40                                                    40 
 41 /*                                                 41 /*
 42  * The initial credentials for the initial tas     42  * The initial credentials for the initial task
 43  */                                                43  */
 44 struct cred init_cred = {                          44 struct cred init_cred = {
 45         .usage                  = ATOMIC_INIT(     45         .usage                  = ATOMIC_INIT(4),
                                                   >>  46 #ifdef CONFIG_DEBUG_CREDENTIALS
                                                   >>  47         .subscribers            = ATOMIC_INIT(2),
                                                   >>  48         .magic                  = CRED_MAGIC,
                                                   >>  49 #endif
 46         .uid                    = GLOBAL_ROOT_     50         .uid                    = GLOBAL_ROOT_UID,
 47         .gid                    = GLOBAL_ROOT_     51         .gid                    = GLOBAL_ROOT_GID,
 48         .suid                   = GLOBAL_ROOT_     52         .suid                   = GLOBAL_ROOT_UID,
 49         .sgid                   = GLOBAL_ROOT_     53         .sgid                   = GLOBAL_ROOT_GID,
 50         .euid                   = GLOBAL_ROOT_     54         .euid                   = GLOBAL_ROOT_UID,
 51         .egid                   = GLOBAL_ROOT_     55         .egid                   = GLOBAL_ROOT_GID,
 52         .fsuid                  = GLOBAL_ROOT_     56         .fsuid                  = GLOBAL_ROOT_UID,
 53         .fsgid                  = GLOBAL_ROOT_     57         .fsgid                  = GLOBAL_ROOT_GID,
 54         .securebits             = SECUREBITS_D     58         .securebits             = SECUREBITS_DEFAULT,
 55         .cap_inheritable        = CAP_EMPTY_SE     59         .cap_inheritable        = CAP_EMPTY_SET,
 56         .cap_permitted          = CAP_FULL_SET     60         .cap_permitted          = CAP_FULL_SET,
 57         .cap_effective          = CAP_FULL_SET     61         .cap_effective          = CAP_FULL_SET,
 58         .cap_bset               = CAP_FULL_SET     62         .cap_bset               = CAP_FULL_SET,
 59         .user                   = INIT_USER,       63         .user                   = INIT_USER,
 60         .user_ns                = &init_user_n     64         .user_ns                = &init_user_ns,
 61         .group_info             = &init_groups     65         .group_info             = &init_groups,
 62         .ucounts                = &init_ucount << 
 63 };                                                 66 };
 64                                                    67 
                                                   >>  68 static inline void set_cred_subscribers(struct cred *cred, int n)
                                                   >>  69 {
                                                   >>  70 #ifdef CONFIG_DEBUG_CREDENTIALS
                                                   >>  71         atomic_set(&cred->subscribers, n);
                                                   >>  72 #endif
                                                   >>  73 }
                                                   >>  74 
                                                   >>  75 static inline int read_cred_subscribers(const struct cred *cred)
                                                   >>  76 {
                                                   >>  77 #ifdef CONFIG_DEBUG_CREDENTIALS
                                                   >>  78         return atomic_read(&cred->subscribers);
                                                   >>  79 #else
                                                   >>  80         return 0;
                                                   >>  81 #endif
                                                   >>  82 }
                                                   >>  83 
                                                   >>  84 static inline void alter_cred_subscribers(const struct cred *_cred, int n)
                                                   >>  85 {
                                                   >>  86 #ifdef CONFIG_DEBUG_CREDENTIALS
                                                   >>  87         struct cred *cred = (struct cred *) _cred;
                                                   >>  88 
                                                   >>  89         atomic_add(n, &cred->subscribers);
                                                   >>  90 #endif
                                                   >>  91 }
                                                   >>  92 
 65 /*                                                 93 /*
 66  * The RCU callback to actually dispose of a s     94  * The RCU callback to actually dispose of a set of credentials
 67  */                                                95  */
 68 static void put_cred_rcu(struct rcu_head *rcu)     96 static void put_cred_rcu(struct rcu_head *rcu)
 69 {                                                  97 {
 70         struct cred *cred = container_of(rcu,      98         struct cred *cred = container_of(rcu, struct cred, rcu);
 71                                                    99 
 72         kdebug("put_cred_rcu(%p)", cred);         100         kdebug("put_cred_rcu(%p)", cred);
 73                                                   101 
 74         if (atomic_long_read(&cred->usage) !=  !! 102 #ifdef CONFIG_DEBUG_CREDENTIALS
 75                 panic("CRED: put_cred_rcu() se !! 103         if (cred->magic != CRED_MAGIC_DEAD ||
 76                       cred, atomic_long_read(& !! 104             atomic_read(&cred->usage) != 0 ||
                                                   >> 105             read_cred_subscribers(cred) != 0)
                                                   >> 106                 panic("CRED: put_cred_rcu() sees %p with"
                                                   >> 107                       " mag %x, put %p, usage %d, subscr %d\n",
                                                   >> 108                       cred, cred->magic, cred->put_addr,
                                                   >> 109                       atomic_read(&cred->usage),
                                                   >> 110                       read_cred_subscribers(cred));
                                                   >> 111 #else
                                                   >> 112         if (atomic_read(&cred->usage) != 0)
                                                   >> 113                 panic("CRED: put_cred_rcu() sees %p with usage %d\n",
                                                   >> 114                       cred, atomic_read(&cred->usage));
                                                   >> 115 #endif
 77                                                   116 
 78         security_cred_free(cred);                 117         security_cred_free(cred);
 79         key_put(cred->session_keyring);           118         key_put(cred->session_keyring);
 80         key_put(cred->process_keyring);           119         key_put(cred->process_keyring);
 81         key_put(cred->thread_keyring);            120         key_put(cred->thread_keyring);
 82         key_put(cred->request_key_auth);          121         key_put(cred->request_key_auth);
 83         if (cred->group_info)                     122         if (cred->group_info)
 84                 put_group_info(cred->group_inf    123                 put_group_info(cred->group_info);
 85         free_uid(cred->user);                     124         free_uid(cred->user);
 86         if (cred->ucounts)                     << 
 87                 put_ucounts(cred->ucounts);    << 
 88         put_user_ns(cred->user_ns);               125         put_user_ns(cred->user_ns);
 89         kmem_cache_free(cred_jar, cred);          126         kmem_cache_free(cred_jar, cred);
 90 }                                                 127 }
 91                                                   128 
 92 /**                                               129 /**
 93  * __put_cred - Destroy a set of credentials      130  * __put_cred - Destroy a set of credentials
 94  * @cred: The record to release                   131  * @cred: The record to release
 95  *                                                132  *
 96  * Destroy a set of credentials on which no re    133  * Destroy a set of credentials on which no references remain.
 97  */                                               134  */
 98 void __put_cred(struct cred *cred)                135 void __put_cred(struct cred *cred)
 99 {                                                 136 {
100         kdebug("__put_cred(%p{%ld})", cred,    !! 137         kdebug("__put_cred(%p{%d,%d})", cred,
101                atomic_long_read(&cred->usage)) !! 138                atomic_read(&cred->usage),
102                                                !! 139                read_cred_subscribers(cred));
103         BUG_ON(atomic_long_read(&cred->usage)  !! 140 
                                                   >> 141         BUG_ON(atomic_read(&cred->usage) != 0);
                                                   >> 142 #ifdef CONFIG_DEBUG_CREDENTIALS
                                                   >> 143         BUG_ON(read_cred_subscribers(cred) != 0);
                                                   >> 144         cred->magic = CRED_MAGIC_DEAD;
                                                   >> 145         cred->put_addr = __builtin_return_address(0);
                                                   >> 146 #endif
104         BUG_ON(cred == current->cred);            147         BUG_ON(cred == current->cred);
105         BUG_ON(cred == current->real_cred);       148         BUG_ON(cred == current->real_cred);
106                                                   149 
107         if (cred->non_rcu)                     !! 150         call_rcu(&cred->rcu, put_cred_rcu);
108                 put_cred_rcu(&cred->rcu);      << 
109         else                                   << 
110                 call_rcu(&cred->rcu, put_cred_ << 
111 }                                                 151 }
112 EXPORT_SYMBOL(__put_cred);                        152 EXPORT_SYMBOL(__put_cred);
113                                                   153 
114 /*                                                154 /*
115  * Clean up a task's credentials when it exits    155  * Clean up a task's credentials when it exits
116  */                                               156  */
117 void exit_creds(struct task_struct *tsk)          157 void exit_creds(struct task_struct *tsk)
118 {                                                 158 {
119         struct cred *real_cred, *cred;         !! 159         struct cred *cred;
120                                                   160 
121         kdebug("exit_creds(%u,%p,%p,{%ld})", t !! 161         kdebug("exit_creds(%u,%p,%p,{%d,%d})", tsk->pid, tsk->real_cred, tsk->cred,
122                atomic_long_read(&tsk->cred->us !! 162                atomic_read(&tsk->cred->usage),
                                                   >> 163                read_cred_subscribers(tsk->cred));
123                                                   164 
124         real_cred = (struct cred *) tsk->real_ !! 165         cred = (struct cred *) tsk->real_cred;
125         tsk->real_cred = NULL;                    166         tsk->real_cred = NULL;
                                                   >> 167         validate_creds(cred);
                                                   >> 168         alter_cred_subscribers(cred, -1);
                                                   >> 169         put_cred(cred);
126                                                   170 
127         cred = (struct cred *) tsk->cred;         171         cred = (struct cred *) tsk->cred;
128         tsk->cred = NULL;                         172         tsk->cred = NULL;
129                                                !! 173         validate_creds(cred);
130         if (real_cred == cred) {               !! 174         alter_cred_subscribers(cred, -1);
131                 put_cred_many(cred, 2);        !! 175         put_cred(cred);
132         } else {                               << 
133                 put_cred(real_cred);           << 
134                 put_cred(cred);                << 
135         }                                      << 
136                                                << 
137 #ifdef CONFIG_KEYS_REQUEST_CACHE               << 
138         key_put(tsk->cached_requested_key);    << 
139         tsk->cached_requested_key = NULL;      << 
140 #endif                                         << 
141 }                                                 176 }
142                                                   177 
143 /**                                               178 /**
144  * get_task_cred - Get another task's objectiv    179  * get_task_cred - Get another task's objective credentials
145  * @task: The task to query                       180  * @task: The task to query
146  *                                                181  *
147  * Get the objective credentials of a task, pi    182  * Get the objective credentials of a task, pinning them so that they can't go
148  * away.  Accessing a task's credentials direc    183  * away.  Accessing a task's credentials directly is not permitted.
149  *                                                184  *
150  * The caller must also make sure task doesn't    185  * The caller must also make sure task doesn't get deleted, either by holding a
151  * ref on task or by holding tasklist_lock to     186  * ref on task or by holding tasklist_lock to prevent it from being unlinked.
152  */                                               187  */
153 const struct cred *get_task_cred(struct task_s    188 const struct cred *get_task_cred(struct task_struct *task)
154 {                                                 189 {
155         const struct cred *cred;                  190         const struct cred *cred;
156                                                   191 
157         rcu_read_lock();                          192         rcu_read_lock();
158                                                   193 
159         do {                                      194         do {
160                 cred = __task_cred((task));       195                 cred = __task_cred((task));
161                 BUG_ON(!cred);                    196                 BUG_ON(!cred);
162         } while (!get_cred_rcu(cred));         !! 197         } while (!atomic_inc_not_zero(&((struct cred *)cred)->usage));
163                                                   198 
164         rcu_read_unlock();                        199         rcu_read_unlock();
165         return cred;                              200         return cred;
166 }                                                 201 }
167 EXPORT_SYMBOL(get_task_cred);                  << 
168                                                   202 
169 /*                                                203 /*
170  * Allocate blank credentials, such that the c    204  * Allocate blank credentials, such that the credentials can be filled in at a
171  * later date without risk of ENOMEM.             205  * later date without risk of ENOMEM.
172  */                                               206  */
173 struct cred *cred_alloc_blank(void)               207 struct cred *cred_alloc_blank(void)
174 {                                                 208 {
175         struct cred *new;                         209         struct cred *new;
176                                                   210 
177         new = kmem_cache_zalloc(cred_jar, GFP_    211         new = kmem_cache_zalloc(cred_jar, GFP_KERNEL);
178         if (!new)                                 212         if (!new)
179                 return NULL;                      213                 return NULL;
180                                                   214 
181         atomic_long_set(&new->usage, 1);       !! 215         atomic_set(&new->usage, 1);
182         if (security_cred_alloc_blank(new, GFP !! 216 #ifdef CONFIG_DEBUG_CREDENTIALS
                                                   >> 217         new->magic = CRED_MAGIC;
                                                   >> 218 #endif
                                                   >> 219 
                                                   >> 220         if (security_cred_alloc_blank(new, GFP_KERNEL) < 0)
183                 goto error;                       221                 goto error;
184                                                   222 
185         return new;                               223         return new;
186                                                   224 
187 error:                                            225 error:
188         abort_creds(new);                         226         abort_creds(new);
189         return NULL;                              227         return NULL;
190 }                                                 228 }
191                                                   229 
192 /**                                               230 /**
193  * prepare_creds - Prepare a new set of creden    231  * prepare_creds - Prepare a new set of credentials for modification
194  *                                                232  *
195  * Prepare a new set of task credentials for m    233  * Prepare a new set of task credentials for modification.  A task's creds
196  * shouldn't generally be modified directly, t    234  * shouldn't generally be modified directly, therefore this function is used to
197  * prepare a new copy, which the caller then m    235  * prepare a new copy, which the caller then modifies and then commits by
198  * calling commit_creds().                        236  * calling commit_creds().
199  *                                                237  *
200  * Preparation involves making a copy of the o    238  * Preparation involves making a copy of the objective creds for modification.
201  *                                                239  *
202  * Returns a pointer to the new creds-to-be if    240  * Returns a pointer to the new creds-to-be if successful, NULL otherwise.
203  *                                                241  *
204  * Call commit_creds() or abort_creds() to cle    242  * Call commit_creds() or abort_creds() to clean up.
205  */                                               243  */
206 struct cred *prepare_creds(void)                  244 struct cred *prepare_creds(void)
207 {                                                 245 {
208         struct task_struct *task = current;       246         struct task_struct *task = current;
209         const struct cred *old;                   247         const struct cred *old;
210         struct cred *new;                         248         struct cred *new;
211                                                   249 
                                                   >> 250         validate_process_creds();
                                                   >> 251 
212         new = kmem_cache_alloc(cred_jar, GFP_K    252         new = kmem_cache_alloc(cred_jar, GFP_KERNEL);
213         if (!new)                                 253         if (!new)
214                 return NULL;                      254                 return NULL;
215                                                   255 
216         kdebug("prepare_creds() alloc %p", new    256         kdebug("prepare_creds() alloc %p", new);
217                                                   257 
218         old = task->cred;                         258         old = task->cred;
219         memcpy(new, old, sizeof(struct cred));    259         memcpy(new, old, sizeof(struct cred));
220                                                   260 
221         new->non_rcu = 0;                      !! 261         atomic_set(&new->usage, 1);
222         atomic_long_set(&new->usage, 1);       !! 262         set_cred_subscribers(new, 0);
223         get_group_info(new->group_info);          263         get_group_info(new->group_info);
224         get_uid(new->user);                       264         get_uid(new->user);
225         get_user_ns(new->user_ns);                265         get_user_ns(new->user_ns);
226                                                   266 
227 #ifdef CONFIG_KEYS                                267 #ifdef CONFIG_KEYS
228         key_get(new->session_keyring);            268         key_get(new->session_keyring);
229         key_get(new->process_keyring);            269         key_get(new->process_keyring);
230         key_get(new->thread_keyring);             270         key_get(new->thread_keyring);
231         key_get(new->request_key_auth);           271         key_get(new->request_key_auth);
232 #endif                                            272 #endif
233                                                   273 
234 #ifdef CONFIG_SECURITY                            274 #ifdef CONFIG_SECURITY
235         new->security = NULL;                     275         new->security = NULL;
236 #endif                                            276 #endif
237                                                   277 
238         new->ucounts = get_ucounts(new->ucount !! 278         if (security_prepare_creds(new, old, GFP_KERNEL) < 0)
239         if (!new->ucounts)                     << 
240                 goto error;                    << 
241                                                << 
242         if (security_prepare_creds(new, old, G << 
243                 goto error;                       279                 goto error;
244                                                !! 280         validate_creds(new);
245         return new;                               281         return new;
246                                                   282 
247 error:                                            283 error:
248         abort_creds(new);                         284         abort_creds(new);
249         return NULL;                              285         return NULL;
250 }                                                 286 }
251 EXPORT_SYMBOL(prepare_creds);                     287 EXPORT_SYMBOL(prepare_creds);
252                                                   288 
253 /*                                                289 /*
254  * Prepare credentials for current to perform     290  * Prepare credentials for current to perform an execve()
255  * - The caller must hold ->cred_guard_mutex      291  * - The caller must hold ->cred_guard_mutex
256  */                                               292  */
257 struct cred *prepare_exec_creds(void)             293 struct cred *prepare_exec_creds(void)
258 {                                                 294 {
259         struct cred *new;                         295         struct cred *new;
260                                                   296 
261         new = prepare_creds();                    297         new = prepare_creds();
262         if (!new)                                 298         if (!new)
263                 return new;                       299                 return new;
264                                                   300 
265 #ifdef CONFIG_KEYS                                301 #ifdef CONFIG_KEYS
266         /* newly exec'd tasks don't get a thre    302         /* newly exec'd tasks don't get a thread keyring */
267         key_put(new->thread_keyring);             303         key_put(new->thread_keyring);
268         new->thread_keyring = NULL;               304         new->thread_keyring = NULL;
269                                                   305 
270         /* inherit the session keyring; new pr    306         /* inherit the session keyring; new process keyring */
271         key_put(new->process_keyring);            307         key_put(new->process_keyring);
272         new->process_keyring = NULL;              308         new->process_keyring = NULL;
273 #endif                                            309 #endif
274                                                   310 
275         new->suid = new->fsuid = new->euid;    << 
276         new->sgid = new->fsgid = new->egid;    << 
277                                                << 
278         return new;                               311         return new;
279 }                                                 312 }
280                                                   313 
281 /*                                                314 /*
282  * Copy credentials for the new process create    315  * Copy credentials for the new process created by fork()
283  *                                                316  *
284  * We share if we can, but under some circumst    317  * We share if we can, but under some circumstances we have to generate a new
285  * set.                                           318  * set.
286  *                                                319  *
287  * The new process gets the current process's     320  * The new process gets the current process's subjective credentials as its
288  * objective and subjective credentials           321  * objective and subjective credentials
289  */                                               322  */
290 int copy_creds(struct task_struct *p, unsigned    323 int copy_creds(struct task_struct *p, unsigned long clone_flags)
291 {                                                 324 {
292         struct cred *new;                         325         struct cred *new;
293         int ret;                                  326         int ret;
294                                                   327 
295 #ifdef CONFIG_KEYS_REQUEST_CACHE               << 
296         p->cached_requested_key = NULL;        << 
297 #endif                                         << 
298                                                << 
299         if (                                      328         if (
300 #ifdef CONFIG_KEYS                                329 #ifdef CONFIG_KEYS
301                 !p->cred->thread_keyring &&       330                 !p->cred->thread_keyring &&
302 #endif                                            331 #endif
303                 clone_flags & CLONE_THREAD        332                 clone_flags & CLONE_THREAD
304             ) {                                   333             ) {
305                 p->real_cred = get_cred_many(p !! 334                 p->real_cred = get_cred(p->cred);
306                 kdebug("share_creds(%p{%ld})", !! 335                 get_cred(p->cred);
307                        p->cred, atomic_long_re !! 336                 alter_cred_subscribers(p->cred, 2);
308                 inc_rlimit_ucounts(task_ucount !! 337                 kdebug("share_creds(%p{%d,%d})",
                                                   >> 338                        p->cred, atomic_read(&p->cred->usage),
                                                   >> 339                        read_cred_subscribers(p->cred));
                                                   >> 340                 atomic_inc(&p->cred->user->processes);
309                 return 0;                         341                 return 0;
310         }                                         342         }
311                                                   343 
312         new = prepare_creds();                    344         new = prepare_creds();
313         if (!new)                                 345         if (!new)
314                 return -ENOMEM;                   346                 return -ENOMEM;
315                                                   347 
316         if (clone_flags & CLONE_NEWUSER) {        348         if (clone_flags & CLONE_NEWUSER) {
317                 ret = create_user_ns(new);        349                 ret = create_user_ns(new);
318                 if (ret < 0)                      350                 if (ret < 0)
319                         goto error_put;           351                         goto error_put;
320                 ret = set_cred_ucounts(new);   << 
321                 if (ret < 0)                   << 
322                         goto error_put;        << 
323         }                                         352         }
324                                                   353 
325 #ifdef CONFIG_KEYS                                354 #ifdef CONFIG_KEYS
326         /* new threads get their own thread ke    355         /* new threads get their own thread keyrings if their parent already
327          * had one */                             356          * had one */
328         if (new->thread_keyring) {                357         if (new->thread_keyring) {
329                 key_put(new->thread_keyring);     358                 key_put(new->thread_keyring);
330                 new->thread_keyring = NULL;       359                 new->thread_keyring = NULL;
331                 if (clone_flags & CLONE_THREAD    360                 if (clone_flags & CLONE_THREAD)
332                         install_thread_keyring    361                         install_thread_keyring_to_cred(new);
333         }                                         362         }
334                                                   363 
335         /* The process keyring is only shared     364         /* The process keyring is only shared between the threads in a process;
336          * anything outside of those threads d    365          * anything outside of those threads doesn't inherit.
337          */                                       366          */
338         if (!(clone_flags & CLONE_THREAD)) {      367         if (!(clone_flags & CLONE_THREAD)) {
339                 key_put(new->process_keyring);    368                 key_put(new->process_keyring);
340                 new->process_keyring = NULL;      369                 new->process_keyring = NULL;
341         }                                         370         }
342 #endif                                            371 #endif
343                                                   372 
                                                   >> 373         atomic_inc(&new->user->processes);
344         p->cred = p->real_cred = get_cred(new)    374         p->cred = p->real_cred = get_cred(new);
345         inc_rlimit_ucounts(task_ucounts(p), UC !! 375         alter_cred_subscribers(new, 2);
                                                   >> 376         validate_creds(new);
346         return 0;                                 377         return 0;
347                                                   378 
348 error_put:                                        379 error_put:
349         put_cred(new);                            380         put_cred(new);
350         return ret;                               381         return ret;
351 }                                                 382 }
352                                                   383 
353 static bool cred_cap_issubset(const struct cre    384 static bool cred_cap_issubset(const struct cred *set, const struct cred *subset)
354 {                                                 385 {
355         const struct user_namespace *set_ns =     386         const struct user_namespace *set_ns = set->user_ns;
356         const struct user_namespace *subset_ns    387         const struct user_namespace *subset_ns = subset->user_ns;
357                                                   388 
358         /* If the two credentials are in the s    389         /* If the two credentials are in the same user namespace see if
359          * the capabilities of subset are a su    390          * the capabilities of subset are a subset of set.
360          */                                       391          */
361         if (set_ns == subset_ns)                  392         if (set_ns == subset_ns)
362                 return cap_issubset(subset->ca    393                 return cap_issubset(subset->cap_permitted, set->cap_permitted);
363                                                   394 
364         /* The credentials are in a different     395         /* The credentials are in a different user namespaces
365          * therefore one is a subset of the ot    396          * therefore one is a subset of the other only if a set is an
366          * ancestor of subset and set->euid is    397          * ancestor of subset and set->euid is owner of subset or one
367          * of subsets ancestors.                  398          * of subsets ancestors.
368          */                                       399          */
369         for (;subset_ns != &init_user_ns; subs    400         for (;subset_ns != &init_user_ns; subset_ns = subset_ns->parent) {
370                 if ((set_ns == subset_ns->pare    401                 if ((set_ns == subset_ns->parent)  &&
371                     uid_eq(subset_ns->owner, s    402                     uid_eq(subset_ns->owner, set->euid))
372                         return true;              403                         return true;
373         }                                         404         }
374                                                   405 
375         return false;                             406         return false;
376 }                                                 407 }
377                                                   408 
378 /**                                               409 /**
379  * commit_creds - Install new credentials upon    410  * commit_creds - Install new credentials upon the current task
380  * @new: The credentials to be assigned           411  * @new: The credentials to be assigned
381  *                                                412  *
382  * Install a new set of credentials to the cur    413  * Install a new set of credentials to the current task, using RCU to replace
383  * the old set.  Both the objective and the su    414  * the old set.  Both the objective and the subjective credentials pointers are
384  * updated.  This function may not be called i    415  * updated.  This function may not be called if the subjective credentials are
385  * in an overridden state.                        416  * in an overridden state.
386  *                                                417  *
387  * This function eats the caller's reference t    418  * This function eats the caller's reference to the new credentials.
388  *                                                419  *
389  * Always returns 0 thus allowing this functio    420  * Always returns 0 thus allowing this function to be tail-called at the end
390  * of, say, sys_setgid().                         421  * of, say, sys_setgid().
391  */                                               422  */
392 int commit_creds(struct cred *new)                423 int commit_creds(struct cred *new)
393 {                                                 424 {
394         struct task_struct *task = current;       425         struct task_struct *task = current;
395         const struct cred *old = task->real_cr    426         const struct cred *old = task->real_cred;
396                                                   427 
397         kdebug("commit_creds(%p{%ld})", new,   !! 428         kdebug("commit_creds(%p{%d,%d})", new,
398                atomic_long_read(&new->usage)); !! 429                atomic_read(&new->usage),
                                                   >> 430                read_cred_subscribers(new));
399                                                   431 
400         BUG_ON(task->cred != old);                432         BUG_ON(task->cred != old);
401         BUG_ON(atomic_long_read(&new->usage) < !! 433 #ifdef CONFIG_DEBUG_CREDENTIALS
                                                   >> 434         BUG_ON(read_cred_subscribers(old) < 2);
                                                   >> 435         validate_creds(old);
                                                   >> 436         validate_creds(new);
                                                   >> 437 #endif
                                                   >> 438         BUG_ON(atomic_read(&new->usage) < 1);
402                                                   439 
403         get_cred(new); /* we will require a re    440         get_cred(new); /* we will require a ref for the subj creds too */
404                                                   441 
405         /* dumpability changes */                 442         /* dumpability changes */
406         if (!uid_eq(old->euid, new->euid) ||      443         if (!uid_eq(old->euid, new->euid) ||
407             !gid_eq(old->egid, new->egid) ||      444             !gid_eq(old->egid, new->egid) ||
408             !uid_eq(old->fsuid, new->fsuid) ||    445             !uid_eq(old->fsuid, new->fsuid) ||
409             !gid_eq(old->fsgid, new->fsgid) ||    446             !gid_eq(old->fsgid, new->fsgid) ||
410             !cred_cap_issubset(old, new)) {       447             !cred_cap_issubset(old, new)) {
411                 if (task->mm)                     448                 if (task->mm)
412                         set_dumpable(task->mm,    449                         set_dumpable(task->mm, suid_dumpable);
413                 task->pdeath_signal = 0;          450                 task->pdeath_signal = 0;
414                 /*                             << 
415                  * If a task drops privileges  << 
416                  * the dumpability change must << 
417                  * the credential change; othe << 
418                  * racing with this change may << 
419                  * shouldn't be able to attach << 
420                  * privileges without becoming << 
421                  * Pairs with a read barrier i << 
422                  */                            << 
423                 smp_wmb();                        451                 smp_wmb();
424         }                                         452         }
425                                                   453 
426         /* alter the thread keyring */            454         /* alter the thread keyring */
427         if (!uid_eq(new->fsuid, old->fsuid))      455         if (!uid_eq(new->fsuid, old->fsuid))
428                 key_fsuid_changed(new);        !! 456                 key_fsuid_changed(task);
429         if (!gid_eq(new->fsgid, old->fsgid))      457         if (!gid_eq(new->fsgid, old->fsgid))
430                 key_fsgid_changed(new);        !! 458                 key_fsgid_changed(task);
431                                                   459 
432         /* do it                                  460         /* do it
433          * RLIMIT_NPROC limits on user->proces    461          * RLIMIT_NPROC limits on user->processes have already been checked
434          * in set_user().                         462          * in set_user().
435          */                                       463          */
436         if (new->user != old->user || new->use !! 464         alter_cred_subscribers(new, 2);
437                 inc_rlimit_ucounts(new->ucount !! 465         if (new->user != old->user)
                                                   >> 466                 atomic_inc(&new->user->processes);
438         rcu_assign_pointer(task->real_cred, ne    467         rcu_assign_pointer(task->real_cred, new);
439         rcu_assign_pointer(task->cred, new);      468         rcu_assign_pointer(task->cred, new);
440         if (new->user != old->user || new->use !! 469         if (new->user != old->user)
441                 dec_rlimit_ucounts(old->ucount !! 470                 atomic_dec(&old->user->processes);
                                                   >> 471         alter_cred_subscribers(old, -2);
442                                                   472 
443         /* send notifications */                  473         /* send notifications */
444         if (!uid_eq(new->uid,   old->uid)  ||     474         if (!uid_eq(new->uid,   old->uid)  ||
445             !uid_eq(new->euid,  old->euid) ||     475             !uid_eq(new->euid,  old->euid) ||
446             !uid_eq(new->suid,  old->suid) ||     476             !uid_eq(new->suid,  old->suid) ||
447             !uid_eq(new->fsuid, old->fsuid))      477             !uid_eq(new->fsuid, old->fsuid))
448                 proc_id_connector(task, PROC_E    478                 proc_id_connector(task, PROC_EVENT_UID);
449                                                   479 
450         if (!gid_eq(new->gid,   old->gid)  ||     480         if (!gid_eq(new->gid,   old->gid)  ||
451             !gid_eq(new->egid,  old->egid) ||     481             !gid_eq(new->egid,  old->egid) ||
452             !gid_eq(new->sgid,  old->sgid) ||     482             !gid_eq(new->sgid,  old->sgid) ||
453             !gid_eq(new->fsgid, old->fsgid))      483             !gid_eq(new->fsgid, old->fsgid))
454                 proc_id_connector(task, PROC_E    484                 proc_id_connector(task, PROC_EVENT_GID);
455                                                   485 
456         /* release the old obj and subj refs b    486         /* release the old obj and subj refs both */
457         put_cred_many(old, 2);                 !! 487         put_cred(old);
                                                   >> 488         put_cred(old);
458         return 0;                                 489         return 0;
459 }                                                 490 }
460 EXPORT_SYMBOL(commit_creds);                      491 EXPORT_SYMBOL(commit_creds);
461                                                   492 
462 /**                                               493 /**
463  * abort_creds - Discard a set of credentials     494  * abort_creds - Discard a set of credentials and unlock the current task
464  * @new: The credentials that were going to be    495  * @new: The credentials that were going to be applied
465  *                                                496  *
466  * Discard a set of credentials that were unde    497  * Discard a set of credentials that were under construction and unlock the
467  * current task.                                  498  * current task.
468  */                                               499  */
469 void abort_creds(struct cred *new)                500 void abort_creds(struct cred *new)
470 {                                                 501 {
471         kdebug("abort_creds(%p{%ld})", new,    !! 502         kdebug("abort_creds(%p{%d,%d})", new,
472                atomic_long_read(&new->usage)); !! 503                atomic_read(&new->usage),
                                                   >> 504                read_cred_subscribers(new));
473                                                   505 
474         BUG_ON(atomic_long_read(&new->usage) < !! 506 #ifdef CONFIG_DEBUG_CREDENTIALS
                                                   >> 507         BUG_ON(read_cred_subscribers(new) != 0);
                                                   >> 508 #endif
                                                   >> 509         BUG_ON(atomic_read(&new->usage) < 1);
475         put_cred(new);                            510         put_cred(new);
476 }                                                 511 }
477 EXPORT_SYMBOL(abort_creds);                       512 EXPORT_SYMBOL(abort_creds);
478                                                   513 
479 /**                                               514 /**
480  * override_creds - Override the current proce    515  * override_creds - Override the current process's subjective credentials
481  * @new: The credentials to be assigned           516  * @new: The credentials to be assigned
482  *                                                517  *
483  * Install a set of temporary override subject    518  * Install a set of temporary override subjective credentials on the current
484  * process, returning the old set for later re    519  * process, returning the old set for later reversion.
485  */                                               520  */
486 const struct cred *override_creds(const struct    521 const struct cred *override_creds(const struct cred *new)
487 {                                                 522 {
488         const struct cred *old = current->cred    523         const struct cred *old = current->cred;
489                                                   524 
490         kdebug("override_creds(%p{%ld})", new, !! 525         kdebug("override_creds(%p{%d,%d})", new,
491                atomic_long_read(&new->usage)); !! 526                atomic_read(&new->usage),
492                                                !! 527                read_cred_subscribers(new));
493         /*                                     !! 528 
494          * NOTE! This uses 'get_new_cred()' ra !! 529         validate_creds(old);
495          *                                     !! 530         validate_creds(new);
496          * That means that we do not clear the !! 531         get_cred(new);
497          * we are only installing the cred int !! 532         alter_cred_subscribers(new, 1);
498          * '->cred' pointer, not the '->real_c << 
499          * visible to other threads under RCU. << 
500          */                                    << 
501         get_new_cred((struct cred *)new);      << 
502         rcu_assign_pointer(current->cred, new)    533         rcu_assign_pointer(current->cred, new);
                                                   >> 534         alter_cred_subscribers(old, -1);
503                                                   535 
504         kdebug("override_creds() = %p{%ld}", o !! 536         kdebug("override_creds() = %p{%d,%d}", old,
505                atomic_long_read(&old->usage)); !! 537                atomic_read(&old->usage),
                                                   >> 538                read_cred_subscribers(old));
506         return old;                               539         return old;
507 }                                                 540 }
508 EXPORT_SYMBOL(override_creds);                    541 EXPORT_SYMBOL(override_creds);
509                                                   542 
510 /**                                               543 /**
511  * revert_creds - Revert a temporary subjectiv    544  * revert_creds - Revert a temporary subjective credentials override
512  * @old: The credentials to be restored           545  * @old: The credentials to be restored
513  *                                                546  *
514  * Revert a temporary set of override subjecti    547  * Revert a temporary set of override subjective credentials to an old set,
515  * discarding the override set.                   548  * discarding the override set.
516  */                                               549  */
517 void revert_creds(const struct cred *old)         550 void revert_creds(const struct cred *old)
518 {                                                 551 {
519         const struct cred *override = current-    552         const struct cred *override = current->cred;
520                                                   553 
521         kdebug("revert_creds(%p{%ld})", old,   !! 554         kdebug("revert_creds(%p{%d,%d})", old,
522                atomic_long_read(&old->usage)); !! 555                atomic_read(&old->usage),
523                                                !! 556                read_cred_subscribers(old));
                                                   >> 557 
                                                   >> 558         validate_creds(old);
                                                   >> 559         validate_creds(override);
                                                   >> 560         alter_cred_subscribers(old, 1);
524         rcu_assign_pointer(current->cred, old)    561         rcu_assign_pointer(current->cred, old);
                                                   >> 562         alter_cred_subscribers(override, -1);
525         put_cred(override);                       563         put_cred(override);
526 }                                                 564 }
527 EXPORT_SYMBOL(revert_creds);                      565 EXPORT_SYMBOL(revert_creds);
528                                                   566 
529 /**                                            << 
530  * cred_fscmp - Compare two credentials with r << 
531  * @a: The first credential                    << 
532  * @b: The second credential                   << 
533  *                                             << 
534  * cred_cmp() will return zero if both credent << 
535  * fsuid, fsgid, and supplementary groups.  Th << 
536  * provide the same access to files based on m << 
537  * If the credentials are different, then eith << 
538  * be returned depending on whether @a comes b << 
539  * respectively in an arbitrary, but stable, o << 
540  *                                             << 
541  * Return: -1, 0, or 1 depending on comparison << 
542  */                                            << 
543 int cred_fscmp(const struct cred *a, const str << 
544 {                                              << 
545         struct group_info *ga, *gb;            << 
546         int g;                                 << 
547                                                << 
548         if (a == b)                            << 
549                 return 0;                      << 
550         if (uid_lt(a->fsuid, b->fsuid))        << 
551                 return -1;                     << 
552         if (uid_gt(a->fsuid, b->fsuid))        << 
553                 return 1;                      << 
554                                                << 
555         if (gid_lt(a->fsgid, b->fsgid))        << 
556                 return -1;                     << 
557         if (gid_gt(a->fsgid, b->fsgid))        << 
558                 return 1;                      << 
559                                                << 
560         ga = a->group_info;                    << 
561         gb = b->group_info;                    << 
562         if (ga == gb)                          << 
563                 return 0;                      << 
564         if (ga == NULL)                        << 
565                 return -1;                     << 
566         if (gb == NULL)                        << 
567                 return 1;                      << 
568         if (ga->ngroups < gb->ngroups)         << 
569                 return -1;                     << 
570         if (ga->ngroups > gb->ngroups)         << 
571                 return 1;                      << 
572                                                << 
573         for (g = 0; g < ga->ngroups; g++) {    << 
574                 if (gid_lt(ga->gid[g], gb->gid << 
575                         return -1;             << 
576                 if (gid_gt(ga->gid[g], gb->gid << 
577                         return 1;              << 
578         }                                      << 
579         return 0;                              << 
580 }                                              << 
581 EXPORT_SYMBOL(cred_fscmp);                     << 
582                                                << 
583 int set_cred_ucounts(struct cred *new)         << 
584 {                                              << 
585         struct ucounts *new_ucounts, *old_ucou << 
586                                                << 
587         /*                                     << 
588          * This optimization is needed because << 
589          * for table lookups.                  << 
590          */                                    << 
591         if (old_ucounts->ns == new->user_ns && << 
592                 return 0;                      << 
593                                                << 
594         if (!(new_ucounts = alloc_ucounts(new- << 
595                 return -EAGAIN;                << 
596                                                << 
597         new->ucounts = new_ucounts;            << 
598         put_ucounts(old_ucounts);              << 
599                                                << 
600         return 0;                              << 
601 }                                              << 
602                                                << 
603 /*                                                567 /*
604  * initialise the credentials stuff               568  * initialise the credentials stuff
605  */                                               569  */
606 void __init cred_init(void)                       570 void __init cred_init(void)
607 {                                                 571 {
608         /* allocate a slab in which we can sto    572         /* allocate a slab in which we can store credentials */
609         cred_jar = KMEM_CACHE(cred,            !! 573         cred_jar = kmem_cache_create("cred_jar", sizeof(struct cred), 0,
610                               SLAB_HWCACHE_ALI !! 574                         SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_ACCOUNT, NULL);
611 }                                                 575 }
612                                                   576 
613 /**                                               577 /**
614  * prepare_kernel_cred - Prepare a set of cred    578  * prepare_kernel_cred - Prepare a set of credentials for a kernel service
615  * @daemon: A userspace daemon to be used as a    579  * @daemon: A userspace daemon to be used as a reference
616  *                                                580  *
617  * Prepare a set of credentials for a kernel s    581  * Prepare a set of credentials for a kernel service.  This can then be used to
618  * override a task's own credentials so that w    582  * override a task's own credentials so that work can be done on behalf of that
619  * task that requires a different subjective c    583  * task that requires a different subjective context.
620  *                                                584  *
621  * @daemon is used to provide a base cred, wit !! 585  * @daemon is used to provide a base for the security record, but can be NULL.
622  * that; if this is "&init_task", they'll be s !! 586  * If @daemon is supplied, then the security data will be derived from that;
623  * capabilities, and no keys.                  !! 587  * otherwise they'll be set to 0 and no groups, full capabilities and no keys.
624  *                                                588  *
625  * The caller may change these controls afterw    589  * The caller may change these controls afterwards if desired.
626  *                                                590  *
627  * Returns the new credentials or NULL if out     591  * Returns the new credentials or NULL if out of memory.
                                                   >> 592  *
                                                   >> 593  * Does not take, and does not return holding current->cred_replace_mutex.
628  */                                               594  */
629 struct cred *prepare_kernel_cred(struct task_s    595 struct cred *prepare_kernel_cred(struct task_struct *daemon)
630 {                                                 596 {
631         const struct cred *old;                   597         const struct cred *old;
632         struct cred *new;                         598         struct cred *new;
633                                                   599 
634         if (WARN_ON_ONCE(!daemon))             << 
635                 return NULL;                   << 
636                                                << 
637         new = kmem_cache_alloc(cred_jar, GFP_K    600         new = kmem_cache_alloc(cred_jar, GFP_KERNEL);
638         if (!new)                                 601         if (!new)
639                 return NULL;                      602                 return NULL;
640                                                   603 
641         kdebug("prepare_kernel_cred() alloc %p    604         kdebug("prepare_kernel_cred() alloc %p", new);
642                                                   605 
643         old = get_task_cred(daemon);           !! 606         if (daemon)
                                                   >> 607                 old = get_task_cred(daemon);
                                                   >> 608         else
                                                   >> 609                 old = get_cred(&init_cred);
                                                   >> 610 
                                                   >> 611         validate_creds(old);
644                                                   612 
645         *new = *old;                              613         *new = *old;
646         new->non_rcu = 0;                      !! 614         atomic_set(&new->usage, 1);
647         atomic_long_set(&new->usage, 1);       !! 615         set_cred_subscribers(new, 0);
648         get_uid(new->user);                       616         get_uid(new->user);
649         get_user_ns(new->user_ns);                617         get_user_ns(new->user_ns);
650         get_group_info(new->group_info);          618         get_group_info(new->group_info);
651                                                   619 
652 #ifdef CONFIG_KEYS                                620 #ifdef CONFIG_KEYS
653         new->session_keyring = NULL;              621         new->session_keyring = NULL;
654         new->process_keyring = NULL;              622         new->process_keyring = NULL;
655         new->thread_keyring = NULL;               623         new->thread_keyring = NULL;
656         new->request_key_auth = NULL;             624         new->request_key_auth = NULL;
657         new->jit_keyring = KEY_REQKEY_DEFL_THR    625         new->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING;
658 #endif                                            626 #endif
659                                                   627 
660 #ifdef CONFIG_SECURITY                            628 #ifdef CONFIG_SECURITY
661         new->security = NULL;                     629         new->security = NULL;
662 #endif                                            630 #endif
663         new->ucounts = get_ucounts(new->ucount !! 631         if (security_prepare_creds(new, old, GFP_KERNEL) < 0)
664         if (!new->ucounts)                     << 
665                 goto error;                    << 
666                                                << 
667         if (security_prepare_creds(new, old, G << 
668                 goto error;                       632                 goto error;
669                                                   633 
670         put_cred(old);                            634         put_cred(old);
                                                   >> 635         validate_creds(new);
671         return new;                               636         return new;
672                                                   637 
673 error:                                            638 error:
674         put_cred(new);                            639         put_cred(new);
675         put_cred(old);                            640         put_cred(old);
676         return NULL;                              641         return NULL;
677 }                                                 642 }
678 EXPORT_SYMBOL(prepare_kernel_cred);               643 EXPORT_SYMBOL(prepare_kernel_cred);
679                                                   644 
680 /**                                               645 /**
681  * set_security_override - Set the security ID    646  * set_security_override - Set the security ID in a set of credentials
682  * @new: The credentials to alter                 647  * @new: The credentials to alter
683  * @secid: The LSM security ID to set             648  * @secid: The LSM security ID to set
684  *                                                649  *
685  * Set the LSM security ID in a set of credent    650  * Set the LSM security ID in a set of credentials so that the subjective
686  * security is overridden when an alternative     651  * security is overridden when an alternative set of credentials is used.
687  */                                               652  */
688 int set_security_override(struct cred *new, u3    653 int set_security_override(struct cred *new, u32 secid)
689 {                                                 654 {
690         return security_kernel_act_as(new, sec    655         return security_kernel_act_as(new, secid);
691 }                                                 656 }
692 EXPORT_SYMBOL(set_security_override);             657 EXPORT_SYMBOL(set_security_override);
693                                                   658 
694 /**                                               659 /**
695  * set_security_override_from_ctx - Set the se    660  * set_security_override_from_ctx - Set the security ID in a set of credentials
696  * @new: The credentials to alter                 661  * @new: The credentials to alter
697  * @secctx: The LSM security context to genera    662  * @secctx: The LSM security context to generate the security ID from.
698  *                                                663  *
699  * Set the LSM security ID in a set of credent    664  * Set the LSM security ID in a set of credentials so that the subjective
700  * security is overridden when an alternative     665  * security is overridden when an alternative set of credentials is used.  The
701  * security ID is specified in string form as     666  * security ID is specified in string form as a security context to be
702  * interpreted by the LSM.                        667  * interpreted by the LSM.
703  */                                               668  */
704 int set_security_override_from_ctx(struct cred    669 int set_security_override_from_ctx(struct cred *new, const char *secctx)
705 {                                                 670 {
706         u32 secid;                                671         u32 secid;
707         int ret;                                  672         int ret;
708                                                   673 
709         ret = security_secctx_to_secid(secctx,    674         ret = security_secctx_to_secid(secctx, strlen(secctx), &secid);
710         if (ret < 0)                              675         if (ret < 0)
711                 return ret;                       676                 return ret;
712                                                   677 
713         return set_security_override(new, seci    678         return set_security_override(new, secid);
714 }                                                 679 }
715 EXPORT_SYMBOL(set_security_override_from_ctx);    680 EXPORT_SYMBOL(set_security_override_from_ctx);
716                                                   681 
717 /**                                               682 /**
718  * set_create_files_as - Set the LSM file crea    683  * set_create_files_as - Set the LSM file create context in a set of credentials
719  * @new: The credentials to alter                 684  * @new: The credentials to alter
720  * @inode: The inode to take the context from     685  * @inode: The inode to take the context from
721  *                                                686  *
722  * Change the LSM file creation context in a s    687  * Change the LSM file creation context in a set of credentials to be the same
723  * as the object context of the specified inod    688  * as the object context of the specified inode, so that the new inodes have
724  * the same MAC context as that inode.            689  * the same MAC context as that inode.
725  */                                               690  */
726 int set_create_files_as(struct cred *new, stru    691 int set_create_files_as(struct cred *new, struct inode *inode)
727 {                                                 692 {
728         if (!uid_valid(inode->i_uid) || !gid_v    693         if (!uid_valid(inode->i_uid) || !gid_valid(inode->i_gid))
729                 return -EINVAL;                   694                 return -EINVAL;
730         new->fsuid = inode->i_uid;                695         new->fsuid = inode->i_uid;
731         new->fsgid = inode->i_gid;                696         new->fsgid = inode->i_gid;
732         return security_kernel_create_files_as    697         return security_kernel_create_files_as(new, inode);
733 }                                                 698 }
734 EXPORT_SYMBOL(set_create_files_as);               699 EXPORT_SYMBOL(set_create_files_as);
                                                   >> 700 
                                                   >> 701 #ifdef CONFIG_DEBUG_CREDENTIALS
                                                   >> 702 
                                                   >> 703 bool creds_are_invalid(const struct cred *cred)
                                                   >> 704 {
                                                   >> 705         if (cred->magic != CRED_MAGIC)
                                                   >> 706                 return true;
                                                   >> 707 #ifdef CONFIG_SECURITY_SELINUX
                                                   >> 708         /*
                                                   >> 709          * cred->security == NULL if security_cred_alloc_blank() or
                                                   >> 710          * security_prepare_creds() returned an error.
                                                   >> 711          */
                                                   >> 712         if (selinux_is_enabled() && cred->security) {
                                                   >> 713                 if ((unsigned long) cred->security < PAGE_SIZE)
                                                   >> 714                         return true;
                                                   >> 715                 if ((*(u32 *)cred->security & 0xffffff00) ==
                                                   >> 716                     (POISON_FREE << 24 | POISON_FREE << 16 | POISON_FREE << 8))
                                                   >> 717                         return true;
                                                   >> 718         }
                                                   >> 719 #endif
                                                   >> 720         return false;
                                                   >> 721 }
                                                   >> 722 EXPORT_SYMBOL(creds_are_invalid);
                                                   >> 723 
                                                   >> 724 /*
                                                   >> 725  * dump invalid credentials
                                                   >> 726  */
                                                   >> 727 static void dump_invalid_creds(const struct cred *cred, const char *label,
                                                   >> 728                                const struct task_struct *tsk)
                                                   >> 729 {
                                                   >> 730         printk(KERN_ERR "CRED: %s credentials: %p %s%s%s\n",
                                                   >> 731                label, cred,
                                                   >> 732                cred == &init_cred ? "[init]" : "",
                                                   >> 733                cred == tsk->real_cred ? "[real]" : "",
                                                   >> 734                cred == tsk->cred ? "[eff]" : "");
                                                   >> 735         printk(KERN_ERR "CRED: ->magic=%x, put_addr=%p\n",
                                                   >> 736                cred->magic, cred->put_addr);
                                                   >> 737         printk(KERN_ERR "CRED: ->usage=%d, subscr=%d\n",
                                                   >> 738                atomic_read(&cred->usage),
                                                   >> 739                read_cred_subscribers(cred));
                                                   >> 740         printk(KERN_ERR "CRED: ->*uid = { %d,%d,%d,%d }\n",
                                                   >> 741                 from_kuid_munged(&init_user_ns, cred->uid),
                                                   >> 742                 from_kuid_munged(&init_user_ns, cred->euid),
                                                   >> 743                 from_kuid_munged(&init_user_ns, cred->suid),
                                                   >> 744                 from_kuid_munged(&init_user_ns, cred->fsuid));
                                                   >> 745         printk(KERN_ERR "CRED: ->*gid = { %d,%d,%d,%d }\n",
                                                   >> 746                 from_kgid_munged(&init_user_ns, cred->gid),
                                                   >> 747                 from_kgid_munged(&init_user_ns, cred->egid),
                                                   >> 748                 from_kgid_munged(&init_user_ns, cred->sgid),
                                                   >> 749                 from_kgid_munged(&init_user_ns, cred->fsgid));
                                                   >> 750 #ifdef CONFIG_SECURITY
                                                   >> 751         printk(KERN_ERR "CRED: ->security is %p\n", cred->security);
                                                   >> 752         if ((unsigned long) cred->security >= PAGE_SIZE &&
                                                   >> 753             (((unsigned long) cred->security & 0xffffff00) !=
                                                   >> 754              (POISON_FREE << 24 | POISON_FREE << 16 | POISON_FREE << 8)))
                                                   >> 755                 printk(KERN_ERR "CRED: ->security {%x, %x}\n",
                                                   >> 756                        ((u32*)cred->security)[0],
                                                   >> 757                        ((u32*)cred->security)[1]);
                                                   >> 758 #endif
                                                   >> 759 }
                                                   >> 760 
                                                   >> 761 /*
                                                   >> 762  * report use of invalid credentials
                                                   >> 763  */
                                                   >> 764 void __invalid_creds(const struct cred *cred, const char *file, unsigned line)
                                                   >> 765 {
                                                   >> 766         printk(KERN_ERR "CRED: Invalid credentials\n");
                                                   >> 767         printk(KERN_ERR "CRED: At %s:%u\n", file, line);
                                                   >> 768         dump_invalid_creds(cred, "Specified", current);
                                                   >> 769         BUG();
                                                   >> 770 }
                                                   >> 771 EXPORT_SYMBOL(__invalid_creds);
                                                   >> 772 
                                                   >> 773 /*
                                                   >> 774  * check the credentials on a process
                                                   >> 775  */
                                                   >> 776 void __validate_process_creds(struct task_struct *tsk,
                                                   >> 777                               const char *file, unsigned line)
                                                   >> 778 {
                                                   >> 779         if (tsk->cred == tsk->real_cred) {
                                                   >> 780                 if (unlikely(read_cred_subscribers(tsk->cred) < 2 ||
                                                   >> 781                              creds_are_invalid(tsk->cred)))
                                                   >> 782                         goto invalid_creds;
                                                   >> 783         } else {
                                                   >> 784                 if (unlikely(read_cred_subscribers(tsk->real_cred) < 1 ||
                                                   >> 785                              read_cred_subscribers(tsk->cred) < 1 ||
                                                   >> 786                              creds_are_invalid(tsk->real_cred) ||
                                                   >> 787                              creds_are_invalid(tsk->cred)))
                                                   >> 788                         goto invalid_creds;
                                                   >> 789         }
                                                   >> 790         return;
                                                   >> 791 
                                                   >> 792 invalid_creds:
                                                   >> 793         printk(KERN_ERR "CRED: Invalid process credentials\n");
                                                   >> 794         printk(KERN_ERR "CRED: At %s:%u\n", file, line);
                                                   >> 795 
                                                   >> 796         dump_invalid_creds(tsk->real_cred, "Real", tsk);
                                                   >> 797         if (tsk->cred != tsk->real_cred)
                                                   >> 798                 dump_invalid_creds(tsk->cred, "Effective", tsk);
                                                   >> 799         else
                                                   >> 800                 printk(KERN_ERR "CRED: Effective creds == Real creds\n");
                                                   >> 801         BUG();
                                                   >> 802 }
                                                   >> 803 EXPORT_SYMBOL(__validate_process_creds);
                                                   >> 804 
                                                   >> 805 /*
                                                   >> 806  * check creds for do_exit()
                                                   >> 807  */
                                                   >> 808 void validate_creds_for_do_exit(struct task_struct *tsk)
                                                   >> 809 {
                                                   >> 810         kdebug("validate_creds_for_do_exit(%p,%p{%d,%d})",
                                                   >> 811                tsk->real_cred, tsk->cred,
                                                   >> 812                atomic_read(&tsk->cred->usage),
                                                   >> 813                read_cred_subscribers(tsk->cred));
                                                   >> 814 
                                                   >> 815         __validate_process_creds(tsk, __FILE__, __LINE__);
                                                   >> 816 }
                                                   >> 817 
                                                   >> 818 #endif /* CONFIG_DEBUG_CREDENTIALS */
735                                                   819 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php