Documentation: security/credentials.rst: explain need to sort group_list

This patch updates the documentation with the observations that led to commit bdcf0a423ea1 ("kernel: make groups_sort calling a responsibility group_info allocators") and the new behaviour required. Specifically that groups_sort() should be called on a new group_list before set_groups() or set_current_groups() is called. Signed-off-by: NeilBrown <neilb@suse.com> [jc: use proper :c:func: references] Signed-off-by: Jonathan Corbet <corbet@lwn.net>
author: NeilBrown <neilb@suse.com> 2018-01-02 16:01:15 -0500
committer: Jonathan Corbet <corbet@lwn.net> 2018-01-08 16:20:31 -0500
commit: 0b345d722e07d77866edffcf350449a4607026b6 (patch)
tree: 3fa4dca4b1d05ecaf7257a5cec4b6bd0340032e0 /Documentation/security
parent: 536ec30477fe66d0564aff8f3595c8ce603f1411 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/Documentation/security/credentials.rst b/Documentation/security/credentials.rst
index 66a2e24939d8..5bb7125faeee 100644
--- a/Documentation/security/credentials.rst
+++ b/Documentation/security/credentials.rst
@@ -451,6 +451,13 @@ checks and hooks done.  Both the current and the proposed sets of credentials
 are available for this purpose as current_cred() will return the current set
 still at this point.
+When replacing the group list, the new list must be sorted before it
+is added to the credential, as a binary search is used to test for
+membership.  In practice, this means :c:func:`groups_sort` should be
+called before :c:func:`set_groups` or :c:func:`set_current_groups`.
+:c:func:`groups_sort)` must not be called on a ``struct group_list`` which
+is shared as it may permute elements as part of the sorting process
+even if the array is already sorted.
 When the credential set is ready, it should be committed to the current process
 by calling::
author	NeilBrown <neilb@suse.com>	2018-01-02 16:01:15 -0500
committer	Jonathan Corbet <corbet@lwn.net>	2018-01-08 16:20:31 -0500
commit	0b345d722e07d77866edffcf350449a4607026b6 (patch)
tree	3fa4dca4b1d05ecaf7257a5cec4b6bd0340032e0 /Documentation/security
parent	536ec30477fe66d0564aff8f3595c8ce603f1411 (diff)

diff --git a/Documentation/security/credentials.rst b/Documentation/security/credentials.rst index 66a2e24939d8..5bb7125faeee 100644 --- a/Documentation/security/credentials.rst +++ b/Documentation/security/credentials.rst
@@ -451,6 +451,13 @@ checks and hooks done. Both the current and the proposed sets of credentials
451	are available for this purpose as current_cred() will return the current set	451	are available for this purpose as current_cred() will return the current set
452	still at this point.	452	still at this point.
453		453
		454	When replacing the group list, the new list must be sorted before it
		455	is added to the credential, as a binary search is used to test for
		456	membership. In practice, this means :c:func:`groups_sort` should be
		457	called before :c:func:`set_groups` or :c:func:`set_current_groups`.
		458	:c:func:`groups_sort)` must not be called on a ``struct group_list`` which
		459	is shared as it may permute elements as part of the sorting process
		460	even if the array is already sorted.
454		461
455	When the credential set is ready, it should be committed to the current process	462	When the credential set is ready, it should be committed to the current process
456	by calling::	463	by calling::