diff options
author | David Howells <dhowells@redhat.com> | 2008-11-13 18:39:12 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-11-13 18:39:12 -0500 |
commit | 76aac0e9a17742e60d408be1a706e9aaad370891 (patch) | |
tree | e873a000d9c96209726e0958e311f005c13b2ed5 | |
parent | b103c59883f1ec6e4d548b25054608cb5724453c (diff) |
CRED: Wrap task credential accesses in the core kernel
Wrap access to task credentials so that they can be separated more easily from
the task_struct during the introduction of COW creds.
Change most current->(|e|s|fs)[ug]id to current_(|e|s|fs)[ug]id().
Change some task->e?[ug]id to task_e?[ug]id(). In some places it makes more
sense to use RCU directly rather than a convenient wrapper; these will be
addressed by later patches.
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-audit@redhat.com
Cc: containers@lists.linux-foundation.org
Cc: linux-mm@kvack.org
Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r-- | kernel/acct.c | 7 | ||||
-rw-r--r-- | kernel/auditsc.c | 6 | ||||
-rw-r--r-- | kernel/cgroup.c | 9 | ||||
-rw-r--r-- | kernel/futex.c | 8 | ||||
-rw-r--r-- | kernel/futex_compat.c | 3 | ||||
-rw-r--r-- | kernel/ptrace.c | 15 | ||||
-rw-r--r-- | kernel/sched.c | 11 | ||||
-rw-r--r-- | kernel/signal.c | 15 | ||||
-rw-r--r-- | kernel/sys.c | 16 | ||||
-rw-r--r-- | kernel/sysctl.c | 2 | ||||
-rw-r--r-- | kernel/timer.c | 8 | ||||
-rw-r--r-- | kernel/user_namespace.c | 2 | ||||
-rw-r--r-- | mm/mempolicy.c | 7 | ||||
-rw-r--r-- | mm/migrate.c | 7 | ||||
-rw-r--r-- | mm/shmem.c | 8 |
15 files changed, 72 insertions, 52 deletions
diff --git a/kernel/acct.c b/kernel/acct.c index f6006a60df5d..d57b7cbb98b6 100644 --- a/kernel/acct.c +++ b/kernel/acct.c | |||
@@ -530,15 +530,14 @@ static void do_acct_process(struct bsd_acct_struct *acct, | |||
530 | do_div(elapsed, AHZ); | 530 | do_div(elapsed, AHZ); |
531 | ac.ac_btime = get_seconds() - elapsed; | 531 | ac.ac_btime = get_seconds() - elapsed; |
532 | /* we really need to bite the bullet and change layout */ | 532 | /* we really need to bite the bullet and change layout */ |
533 | ac.ac_uid = current->uid; | 533 | current_uid_gid(&ac.ac_uid, &ac.ac_gid); |
534 | ac.ac_gid = current->gid; | ||
535 | #if ACCT_VERSION==2 | 534 | #if ACCT_VERSION==2 |
536 | ac.ac_ahz = AHZ; | 535 | ac.ac_ahz = AHZ; |
537 | #endif | 536 | #endif |
538 | #if ACCT_VERSION==1 || ACCT_VERSION==2 | 537 | #if ACCT_VERSION==1 || ACCT_VERSION==2 |
539 | /* backward-compatible 16 bit fields */ | 538 | /* backward-compatible 16 bit fields */ |
540 | ac.ac_uid16 = current->uid; | 539 | ac.ac_uid16 = ac.ac_uid; |
541 | ac.ac_gid16 = current->gid; | 540 | ac.ac_gid16 = ac.ac_gid; |
542 | #endif | 541 | #endif |
543 | #if ACCT_VERSION==3 | 542 | #if ACCT_VERSION==3 |
544 | ac.ac_pid = task_tgid_nr_ns(current, ns); | 543 | ac.ac_pid = task_tgid_nr_ns(current, ns); |
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index cef34235b362..9c7e47ae4576 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
@@ -2628,7 +2628,8 @@ void audit_core_dumps(long signr) | |||
2628 | { | 2628 | { |
2629 | struct audit_buffer *ab; | 2629 | struct audit_buffer *ab; |
2630 | u32 sid; | 2630 | u32 sid; |
2631 | uid_t auid = audit_get_loginuid(current); | 2631 | uid_t auid = audit_get_loginuid(current), uid; |
2632 | gid_t gid; | ||
2632 | unsigned int sessionid = audit_get_sessionid(current); | 2633 | unsigned int sessionid = audit_get_sessionid(current); |
2633 | 2634 | ||
2634 | if (!audit_enabled) | 2635 | if (!audit_enabled) |
@@ -2638,8 +2639,9 @@ void audit_core_dumps(long signr) | |||
2638 | return; | 2639 | return; |
2639 | 2640 | ||
2640 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_ANOM_ABEND); | 2641 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_ANOM_ABEND); |
2642 | current_uid_gid(&uid, &gid); | ||
2641 | audit_log_format(ab, "auid=%u uid=%u gid=%u ses=%u", | 2643 | audit_log_format(ab, "auid=%u uid=%u gid=%u ses=%u", |
2642 | auid, current->uid, current->gid, sessionid); | 2644 | auid, uid, gid, sessionid); |
2643 | security_task_getsecid(current, &sid); | 2645 | security_task_getsecid(current, &sid); |
2644 | if (sid) { | 2646 | if (sid) { |
2645 | char *ctx = NULL; | 2647 | char *ctx = NULL; |
diff --git a/kernel/cgroup.c b/kernel/cgroup.c index 35eebd5510c2..78f9b310c4f3 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c | |||
@@ -571,8 +571,8 @@ static struct inode *cgroup_new_inode(mode_t mode, struct super_block *sb) | |||
571 | 571 | ||
572 | if (inode) { | 572 | if (inode) { |
573 | inode->i_mode = mode; | 573 | inode->i_mode = mode; |
574 | inode->i_uid = current->fsuid; | 574 | inode->i_uid = current_fsuid(); |
575 | inode->i_gid = current->fsgid; | 575 | inode->i_gid = current_fsgid(); |
576 | inode->i_blocks = 0; | 576 | inode->i_blocks = 0; |
577 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; | 577 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; |
578 | inode->i_mapping->backing_dev_info = &cgroup_backing_dev_info; | 578 | inode->i_mapping->backing_dev_info = &cgroup_backing_dev_info; |
@@ -1279,6 +1279,7 @@ int cgroup_attach_task(struct cgroup *cgrp, struct task_struct *tsk) | |||
1279 | static int attach_task_by_pid(struct cgroup *cgrp, u64 pid) | 1279 | static int attach_task_by_pid(struct cgroup *cgrp, u64 pid) |
1280 | { | 1280 | { |
1281 | struct task_struct *tsk; | 1281 | struct task_struct *tsk; |
1282 | uid_t euid; | ||
1282 | int ret; | 1283 | int ret; |
1283 | 1284 | ||
1284 | if (pid) { | 1285 | if (pid) { |
@@ -1291,8 +1292,8 @@ static int attach_task_by_pid(struct cgroup *cgrp, u64 pid) | |||
1291 | get_task_struct(tsk); | 1292 | get_task_struct(tsk); |
1292 | rcu_read_unlock(); | 1293 | rcu_read_unlock(); |
1293 | 1294 | ||
1294 | if ((current->euid) && (current->euid != tsk->uid) | 1295 | euid = current_euid(); |
1295 | && (current->euid != tsk->suid)) { | 1296 | if (euid && euid != tsk->uid && euid != tsk->suid) { |
1296 | put_task_struct(tsk); | 1297 | put_task_struct(tsk); |
1297 | return -EACCES; | 1298 | return -EACCES; |
1298 | } | 1299 | } |
diff --git a/kernel/futex.c b/kernel/futex.c index 8af10027514b..e06962132aaf 100644 --- a/kernel/futex.c +++ b/kernel/futex.c | |||
@@ -439,10 +439,11 @@ static void free_pi_state(struct futex_pi_state *pi_state) | |||
439 | static struct task_struct * futex_find_get_task(pid_t pid) | 439 | static struct task_struct * futex_find_get_task(pid_t pid) |
440 | { | 440 | { |
441 | struct task_struct *p; | 441 | struct task_struct *p; |
442 | uid_t euid = current_euid(); | ||
442 | 443 | ||
443 | rcu_read_lock(); | 444 | rcu_read_lock(); |
444 | p = find_task_by_vpid(pid); | 445 | p = find_task_by_vpid(pid); |
445 | if (!p || ((current->euid != p->euid) && (current->euid != p->uid))) | 446 | if (!p || (euid != p->euid && euid != p->uid)) |
446 | p = ERR_PTR(-ESRCH); | 447 | p = ERR_PTR(-ESRCH); |
447 | else | 448 | else |
448 | get_task_struct(p); | 449 | get_task_struct(p); |
@@ -1829,6 +1830,7 @@ sys_get_robust_list(int pid, struct robust_list_head __user * __user *head_ptr, | |||
1829 | { | 1830 | { |
1830 | struct robust_list_head __user *head; | 1831 | struct robust_list_head __user *head; |
1831 | unsigned long ret; | 1832 | unsigned long ret; |
1833 | uid_t euid = current_euid(); | ||
1832 | 1834 | ||
1833 | if (!futex_cmpxchg_enabled) | 1835 | if (!futex_cmpxchg_enabled) |
1834 | return -ENOSYS; | 1836 | return -ENOSYS; |
@@ -1844,8 +1846,8 @@ sys_get_robust_list(int pid, struct robust_list_head __user * __user *head_ptr, | |||
1844 | if (!p) | 1846 | if (!p) |
1845 | goto err_unlock; | 1847 | goto err_unlock; |
1846 | ret = -EPERM; | 1848 | ret = -EPERM; |
1847 | if ((current->euid != p->euid) && (current->euid != p->uid) && | 1849 | if (euid != p->euid && euid != p->uid && |
1848 | !capable(CAP_SYS_PTRACE)) | 1850 | !capable(CAP_SYS_PTRACE)) |
1849 | goto err_unlock; | 1851 | goto err_unlock; |
1850 | head = p->robust_list; | 1852 | head = p->robust_list; |
1851 | rcu_read_unlock(); | 1853 | rcu_read_unlock(); |
diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c index 04ac3a9e42cf..3254d4e41e88 100644 --- a/kernel/futex_compat.c +++ b/kernel/futex_compat.c | |||
@@ -135,6 +135,7 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr, | |||
135 | { | 135 | { |
136 | struct compat_robust_list_head __user *head; | 136 | struct compat_robust_list_head __user *head; |
137 | unsigned long ret; | 137 | unsigned long ret; |
138 | uid_t euid = current_euid(); | ||
138 | 139 | ||
139 | if (!futex_cmpxchg_enabled) | 140 | if (!futex_cmpxchg_enabled) |
140 | return -ENOSYS; | 141 | return -ENOSYS; |
@@ -150,7 +151,7 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr, | |||
150 | if (!p) | 151 | if (!p) |
151 | goto err_unlock; | 152 | goto err_unlock; |
152 | ret = -EPERM; | 153 | ret = -EPERM; |
153 | if ((current->euid != p->euid) && (current->euid != p->uid) && | 154 | if (euid != p->euid && euid != p->uid && |
154 | !capable(CAP_SYS_PTRACE)) | 155 | !capable(CAP_SYS_PTRACE)) |
155 | goto err_unlock; | 156 | goto err_unlock; |
156 | head = p->compat_robust_list; | 157 | head = p->compat_robust_list; |
diff --git a/kernel/ptrace.c b/kernel/ptrace.c index 1e68e4c39e2c..937f6b5b2008 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c | |||
@@ -123,16 +123,19 @@ int __ptrace_may_access(struct task_struct *task, unsigned int mode) | |||
123 | * because setting up the necessary parent/child relationship | 123 | * because setting up the necessary parent/child relationship |
124 | * or halting the specified task is impossible. | 124 | * or halting the specified task is impossible. |
125 | */ | 125 | */ |
126 | uid_t uid; | ||
127 | gid_t gid; | ||
126 | int dumpable = 0; | 128 | int dumpable = 0; |
127 | /* Don't let security modules deny introspection */ | 129 | /* Don't let security modules deny introspection */ |
128 | if (task == current) | 130 | if (task == current) |
129 | return 0; | 131 | return 0; |
130 | if (((current->uid != task->euid) || | 132 | current_uid_gid(&uid, &gid); |
131 | (current->uid != task->suid) || | 133 | if ((uid != task->euid || |
132 | (current->uid != task->uid) || | 134 | uid != task->suid || |
133 | (current->gid != task->egid) || | 135 | uid != task->uid || |
134 | (current->gid != task->sgid) || | 136 | gid != task->egid || |
135 | (current->gid != task->gid)) && !capable(CAP_SYS_PTRACE)) | 137 | gid != task->sgid || |
138 | gid != task->gid) && !capable(CAP_SYS_PTRACE)) | ||
136 | return -EPERM; | 139 | return -EPERM; |
137 | smp_rmb(); | 140 | smp_rmb(); |
138 | if (task->mm) | 141 | if (task->mm) |
diff --git a/kernel/sched.c b/kernel/sched.c index e8819bc6f462..c3b8b1fcde0d 100644 --- a/kernel/sched.c +++ b/kernel/sched.c | |||
@@ -5128,6 +5128,7 @@ static int __sched_setscheduler(struct task_struct *p, int policy, | |||
5128 | unsigned long flags; | 5128 | unsigned long flags; |
5129 | const struct sched_class *prev_class = p->sched_class; | 5129 | const struct sched_class *prev_class = p->sched_class; |
5130 | struct rq *rq; | 5130 | struct rq *rq; |
5131 | uid_t euid; | ||
5131 | 5132 | ||
5132 | /* may grab non-irq protected spin_locks */ | 5133 | /* may grab non-irq protected spin_locks */ |
5133 | BUG_ON(in_interrupt()); | 5134 | BUG_ON(in_interrupt()); |
@@ -5180,8 +5181,9 @@ recheck: | |||
5180 | return -EPERM; | 5181 | return -EPERM; |
5181 | 5182 | ||
5182 | /* can't change other user's priorities */ | 5183 | /* can't change other user's priorities */ |
5183 | if ((current->euid != p->euid) && | 5184 | euid = current_euid(); |
5184 | (current->euid != p->uid)) | 5185 | if (euid != p->euid && |
5186 | euid != p->uid) | ||
5185 | return -EPERM; | 5187 | return -EPERM; |
5186 | } | 5188 | } |
5187 | 5189 | ||
@@ -5392,6 +5394,7 @@ long sched_setaffinity(pid_t pid, const cpumask_t *in_mask) | |||
5392 | cpumask_t cpus_allowed; | 5394 | cpumask_t cpus_allowed; |
5393 | cpumask_t new_mask = *in_mask; | 5395 | cpumask_t new_mask = *in_mask; |
5394 | struct task_struct *p; | 5396 | struct task_struct *p; |
5397 | uid_t euid; | ||
5395 | int retval; | 5398 | int retval; |
5396 | 5399 | ||
5397 | get_online_cpus(); | 5400 | get_online_cpus(); |
@@ -5412,9 +5415,9 @@ long sched_setaffinity(pid_t pid, const cpumask_t *in_mask) | |||
5412 | get_task_struct(p); | 5415 | get_task_struct(p); |
5413 | read_unlock(&tasklist_lock); | 5416 | read_unlock(&tasklist_lock); |
5414 | 5417 | ||
5418 | euid = current_euid(); | ||
5415 | retval = -EPERM; | 5419 | retval = -EPERM; |
5416 | if ((current->euid != p->euid) && (current->euid != p->uid) && | 5420 | if (euid != p->euid && euid != p->uid && !capable(CAP_SYS_NICE)) |
5417 | !capable(CAP_SYS_NICE)) | ||
5418 | goto out_unlock; | 5421 | goto out_unlock; |
5419 | 5422 | ||
5420 | retval = security_task_setscheduler(p, 0, NULL); | 5423 | retval = security_task_setscheduler(p, 0, NULL); |
diff --git a/kernel/signal.c b/kernel/signal.c index 4530fc654455..167b535fe1a9 100644 --- a/kernel/signal.c +++ b/kernel/signal.c | |||
@@ -567,6 +567,7 @@ static int check_kill_permission(int sig, struct siginfo *info, | |||
567 | struct task_struct *t) | 567 | struct task_struct *t) |
568 | { | 568 | { |
569 | struct pid *sid; | 569 | struct pid *sid; |
570 | uid_t uid, euid; | ||
570 | int error; | 571 | int error; |
571 | 572 | ||
572 | if (!valid_signal(sig)) | 573 | if (!valid_signal(sig)) |
@@ -579,8 +580,10 @@ static int check_kill_permission(int sig, struct siginfo *info, | |||
579 | if (error) | 580 | if (error) |
580 | return error; | 581 | return error; |
581 | 582 | ||
582 | if ((current->euid ^ t->suid) && (current->euid ^ t->uid) && | 583 | uid = current_uid(); |
583 | (current->uid ^ t->suid) && (current->uid ^ t->uid) && | 584 | euid = current_euid(); |
585 | if ((euid ^ t->suid) && (euid ^ t->uid) && | ||
586 | (uid ^ t->suid) && (uid ^ t->uid) && | ||
584 | !capable(CAP_KILL)) { | 587 | !capable(CAP_KILL)) { |
585 | switch (sig) { | 588 | switch (sig) { |
586 | case SIGCONT: | 589 | case SIGCONT: |
@@ -844,7 +847,7 @@ static int send_signal(int sig, struct siginfo *info, struct task_struct *t, | |||
844 | q->info.si_errno = 0; | 847 | q->info.si_errno = 0; |
845 | q->info.si_code = SI_USER; | 848 | q->info.si_code = SI_USER; |
846 | q->info.si_pid = task_pid_vnr(current); | 849 | q->info.si_pid = task_pid_vnr(current); |
847 | q->info.si_uid = current->uid; | 850 | q->info.si_uid = current_uid(); |
848 | break; | 851 | break; |
849 | case (unsigned long) SEND_SIG_PRIV: | 852 | case (unsigned long) SEND_SIG_PRIV: |
850 | q->info.si_signo = sig; | 853 | q->info.si_signo = sig; |
@@ -1598,7 +1601,7 @@ void ptrace_notify(int exit_code) | |||
1598 | info.si_signo = SIGTRAP; | 1601 | info.si_signo = SIGTRAP; |
1599 | info.si_code = exit_code; | 1602 | info.si_code = exit_code; |
1600 | info.si_pid = task_pid_vnr(current); | 1603 | info.si_pid = task_pid_vnr(current); |
1601 | info.si_uid = current->uid; | 1604 | info.si_uid = current_uid(); |
1602 | 1605 | ||
1603 | /* Let the debugger run. */ | 1606 | /* Let the debugger run. */ |
1604 | spin_lock_irq(¤t->sighand->siglock); | 1607 | spin_lock_irq(¤t->sighand->siglock); |
@@ -2211,7 +2214,7 @@ sys_kill(pid_t pid, int sig) | |||
2211 | info.si_errno = 0; | 2214 | info.si_errno = 0; |
2212 | info.si_code = SI_USER; | 2215 | info.si_code = SI_USER; |
2213 | info.si_pid = task_tgid_vnr(current); | 2216 | info.si_pid = task_tgid_vnr(current); |
2214 | info.si_uid = current->uid; | 2217 | info.si_uid = current_uid(); |
2215 | 2218 | ||
2216 | return kill_something_info(sig, &info, pid); | 2219 | return kill_something_info(sig, &info, pid); |
2217 | } | 2220 | } |
@@ -2228,7 +2231,7 @@ static int do_tkill(pid_t tgid, pid_t pid, int sig) | |||
2228 | info.si_errno = 0; | 2231 | info.si_errno = 0; |
2229 | info.si_code = SI_TKILL; | 2232 | info.si_code = SI_TKILL; |
2230 | info.si_pid = task_tgid_vnr(current); | 2233 | info.si_pid = task_tgid_vnr(current); |
2231 | info.si_uid = current->uid; | 2234 | info.si_uid = current_uid(); |
2232 | 2235 | ||
2233 | rcu_read_lock(); | 2236 | rcu_read_lock(); |
2234 | p = find_task_by_vpid(pid); | 2237 | p = find_task_by_vpid(pid); |
diff --git a/kernel/sys.c b/kernel/sys.c index 31deba8f7d16..ed5c29c748ac 100644 --- a/kernel/sys.c +++ b/kernel/sys.c | |||
@@ -114,10 +114,10 @@ void (*pm_power_off_prepare)(void); | |||
114 | 114 | ||
115 | static int set_one_prio(struct task_struct *p, int niceval, int error) | 115 | static int set_one_prio(struct task_struct *p, int niceval, int error) |
116 | { | 116 | { |
117 | uid_t euid = current_euid(); | ||
117 | int no_nice; | 118 | int no_nice; |
118 | 119 | ||
119 | if (p->uid != current->euid && | 120 | if (p->uid != euid && p->euid != euid && !capable(CAP_SYS_NICE)) { |
120 | p->euid != current->euid && !capable(CAP_SYS_NICE)) { | ||
121 | error = -EPERM; | 121 | error = -EPERM; |
122 | goto out; | 122 | goto out; |
123 | } | 123 | } |
@@ -176,16 +176,16 @@ asmlinkage long sys_setpriority(int which, int who, int niceval) | |||
176 | case PRIO_USER: | 176 | case PRIO_USER: |
177 | user = current->user; | 177 | user = current->user; |
178 | if (!who) | 178 | if (!who) |
179 | who = current->uid; | 179 | who = current_uid(); |
180 | else | 180 | else |
181 | if ((who != current->uid) && !(user = find_user(who))) | 181 | if (who != current_uid() && !(user = find_user(who))) |
182 | goto out_unlock; /* No processes for this user */ | 182 | goto out_unlock; /* No processes for this user */ |
183 | 183 | ||
184 | do_each_thread(g, p) | 184 | do_each_thread(g, p) |
185 | if (p->uid == who) | 185 | if (p->uid == who) |
186 | error = set_one_prio(p, niceval, error); | 186 | error = set_one_prio(p, niceval, error); |
187 | while_each_thread(g, p); | 187 | while_each_thread(g, p); |
188 | if (who != current->uid) | 188 | if (who != current_uid()) |
189 | free_uid(user); /* For find_user() */ | 189 | free_uid(user); /* For find_user() */ |
190 | break; | 190 | break; |
191 | } | 191 | } |
@@ -238,9 +238,9 @@ asmlinkage long sys_getpriority(int which, int who) | |||
238 | case PRIO_USER: | 238 | case PRIO_USER: |
239 | user = current->user; | 239 | user = current->user; |
240 | if (!who) | 240 | if (!who) |
241 | who = current->uid; | 241 | who = current_uid(); |
242 | else | 242 | else |
243 | if ((who != current->uid) && !(user = find_user(who))) | 243 | if (who != current_uid() && !(user = find_user(who))) |
244 | goto out_unlock; /* No processes for this user */ | 244 | goto out_unlock; /* No processes for this user */ |
245 | 245 | ||
246 | do_each_thread(g, p) | 246 | do_each_thread(g, p) |
@@ -250,7 +250,7 @@ asmlinkage long sys_getpriority(int which, int who) | |||
250 | retval = niceval; | 250 | retval = niceval; |
251 | } | 251 | } |
252 | while_each_thread(g, p); | 252 | while_each_thread(g, p); |
253 | if (who != current->uid) | 253 | if (who != current_uid()) |
254 | free_uid(user); /* for find_user() */ | 254 | free_uid(user); /* for find_user() */ |
255 | break; | 255 | break; |
256 | } | 256 | } |
diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 9d048fa2d902..511031381c33 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c | |||
@@ -1641,7 +1641,7 @@ out: | |||
1641 | 1641 | ||
1642 | static int test_perm(int mode, int op) | 1642 | static int test_perm(int mode, int op) |
1643 | { | 1643 | { |
1644 | if (!current->euid) | 1644 | if (!current_euid()) |
1645 | mode >>= 6; | 1645 | mode >>= 6; |
1646 | else if (in_egroup_p(0)) | 1646 | else if (in_egroup_p(0)) |
1647 | mode >>= 3; | 1647 | mode >>= 3; |
diff --git a/kernel/timer.c b/kernel/timer.c index 56becf373c58..b54e4646cee7 100644 --- a/kernel/timer.c +++ b/kernel/timer.c | |||
@@ -1123,25 +1123,25 @@ asmlinkage long sys_getppid(void) | |||
1123 | asmlinkage long sys_getuid(void) | 1123 | asmlinkage long sys_getuid(void) |
1124 | { | 1124 | { |
1125 | /* Only we change this so SMP safe */ | 1125 | /* Only we change this so SMP safe */ |
1126 | return current->uid; | 1126 | return current_uid(); |
1127 | } | 1127 | } |
1128 | 1128 | ||
1129 | asmlinkage long sys_geteuid(void) | 1129 | asmlinkage long sys_geteuid(void) |
1130 | { | 1130 | { |
1131 | /* Only we change this so SMP safe */ | 1131 | /* Only we change this so SMP safe */ |
1132 | return current->euid; | 1132 | return current_euid(); |
1133 | } | 1133 | } |
1134 | 1134 | ||
1135 | asmlinkage long sys_getgid(void) | 1135 | asmlinkage long sys_getgid(void) |
1136 | { | 1136 | { |
1137 | /* Only we change this so SMP safe */ | 1137 | /* Only we change this so SMP safe */ |
1138 | return current->gid; | 1138 | return current_gid(); |
1139 | } | 1139 | } |
1140 | 1140 | ||
1141 | asmlinkage long sys_getegid(void) | 1141 | asmlinkage long sys_getegid(void) |
1142 | { | 1142 | { |
1143 | /* Only we change this so SMP safe */ | 1143 | /* Only we change this so SMP safe */ |
1144 | return current->egid; | 1144 | return current_egid(); |
1145 | } | 1145 | } |
1146 | 1146 | ||
1147 | #endif | 1147 | #endif |
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c index 532858fa5b88..f82730adea00 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c | |||
@@ -38,7 +38,7 @@ static struct user_namespace *clone_user_ns(struct user_namespace *old_ns) | |||
38 | } | 38 | } |
39 | 39 | ||
40 | /* Reset current->user with a new one */ | 40 | /* Reset current->user with a new one */ |
41 | new_user = alloc_uid(ns, current->uid); | 41 | new_user = alloc_uid(ns, current_uid()); |
42 | if (!new_user) { | 42 | if (!new_user) { |
43 | free_uid(ns->root_user); | 43 | free_uid(ns->root_user); |
44 | kfree(ns); | 44 | kfree(ns); |
diff --git a/mm/mempolicy.c b/mm/mempolicy.c index 36f42573a335..07a96474077d 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c | |||
@@ -1115,6 +1115,7 @@ asmlinkage long sys_migrate_pages(pid_t pid, unsigned long maxnode, | |||
1115 | nodemask_t old; | 1115 | nodemask_t old; |
1116 | nodemask_t new; | 1116 | nodemask_t new; |
1117 | nodemask_t task_nodes; | 1117 | nodemask_t task_nodes; |
1118 | uid_t uid, euid; | ||
1118 | int err; | 1119 | int err; |
1119 | 1120 | ||
1120 | err = get_nodes(&old, old_nodes, maxnode); | 1121 | err = get_nodes(&old, old_nodes, maxnode); |
@@ -1144,8 +1145,10 @@ asmlinkage long sys_migrate_pages(pid_t pid, unsigned long maxnode, | |||
1144 | * capabilities, superuser privileges or the same | 1145 | * capabilities, superuser privileges or the same |
1145 | * userid as the target process. | 1146 | * userid as the target process. |
1146 | */ | 1147 | */ |
1147 | if ((current->euid != task->suid) && (current->euid != task->uid) && | 1148 | uid = current_uid(); |
1148 | (current->uid != task->suid) && (current->uid != task->uid) && | 1149 | euid = current_euid(); |
1150 | if (euid != task->suid && euid != task->uid && | ||
1151 | uid != task->suid && uid != task->uid && | ||
1149 | !capable(CAP_SYS_NICE)) { | 1152 | !capable(CAP_SYS_NICE)) { |
1150 | err = -EPERM; | 1153 | err = -EPERM; |
1151 | goto out; | 1154 | goto out; |
diff --git a/mm/migrate.c b/mm/migrate.c index 6602941bfab0..6263c24c4afe 100644 --- a/mm/migrate.c +++ b/mm/migrate.c | |||
@@ -1048,6 +1048,7 @@ asmlinkage long sys_move_pages(pid_t pid, unsigned long nr_pages, | |||
1048 | struct task_struct *task; | 1048 | struct task_struct *task; |
1049 | struct mm_struct *mm; | 1049 | struct mm_struct *mm; |
1050 | int err; | 1050 | int err; |
1051 | uid_t uid, euid; | ||
1051 | 1052 | ||
1052 | /* Check flags */ | 1053 | /* Check flags */ |
1053 | if (flags & ~(MPOL_MF_MOVE|MPOL_MF_MOVE_ALL)) | 1054 | if (flags & ~(MPOL_MF_MOVE|MPOL_MF_MOVE_ALL)) |
@@ -1075,8 +1076,10 @@ asmlinkage long sys_move_pages(pid_t pid, unsigned long nr_pages, | |||
1075 | * capabilities, superuser privileges or the same | 1076 | * capabilities, superuser privileges or the same |
1076 | * userid as the target process. | 1077 | * userid as the target process. |
1077 | */ | 1078 | */ |
1078 | if ((current->euid != task->suid) && (current->euid != task->uid) && | 1079 | uid = current_uid(); |
1079 | (current->uid != task->suid) && (current->uid != task->uid) && | 1080 | euid = current_euid(); |
1081 | if (euid != task->suid && euid != task->uid && | ||
1082 | uid != task->suid && uid != task->uid && | ||
1080 | !capable(CAP_SYS_NICE)) { | 1083 | !capable(CAP_SYS_NICE)) { |
1081 | err = -EPERM; | 1084 | err = -EPERM; |
1082 | goto out; | 1085 | goto out; |
diff --git a/mm/shmem.c b/mm/shmem.c index 0ed075215e5f..f1b0d4871f3a 100644 --- a/mm/shmem.c +++ b/mm/shmem.c | |||
@@ -1513,8 +1513,8 @@ shmem_get_inode(struct super_block *sb, int mode, dev_t dev) | |||
1513 | inode = new_inode(sb); | 1513 | inode = new_inode(sb); |
1514 | if (inode) { | 1514 | if (inode) { |
1515 | inode->i_mode = mode; | 1515 | inode->i_mode = mode; |
1516 | inode->i_uid = current->fsuid; | 1516 | inode->i_uid = current_fsuid(); |
1517 | inode->i_gid = current->fsgid; | 1517 | inode->i_gid = current_fsgid(); |
1518 | inode->i_blocks = 0; | 1518 | inode->i_blocks = 0; |
1519 | inode->i_mapping->backing_dev_info = &shmem_backing_dev_info; | 1519 | inode->i_mapping->backing_dev_info = &shmem_backing_dev_info; |
1520 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; | 1520 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; |
@@ -2278,8 +2278,8 @@ static int shmem_fill_super(struct super_block *sb, | |||
2278 | sbinfo->max_blocks = 0; | 2278 | sbinfo->max_blocks = 0; |
2279 | sbinfo->max_inodes = 0; | 2279 | sbinfo->max_inodes = 0; |
2280 | sbinfo->mode = S_IRWXUGO | S_ISVTX; | 2280 | sbinfo->mode = S_IRWXUGO | S_ISVTX; |
2281 | sbinfo->uid = current->fsuid; | 2281 | sbinfo->uid = current_fsuid(); |
2282 | sbinfo->gid = current->fsgid; | 2282 | sbinfo->gid = current_fsgid(); |
2283 | sbinfo->mpol = NULL; | 2283 | sbinfo->mpol = NULL; |
2284 | sb->s_fs_info = sbinfo; | 2284 | sb->s_fs_info = sbinfo; |
2285 | 2285 | ||