aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2008-11-13 18:39:18 -0500
committerJames Morris <jmorris@namei.org>2008-11-13 18:39:18 -0500
commit86a264abe542cfececb4df129bc45a0338d8cdb9 (patch)
tree30152f04ba847f311028d5ca697f864c16c7ebb3
parentf1752eec6145c97163dbce62d17cf5d928e28a27 (diff)
CRED: Wrap current->cred and a few other accessors
Wrap current->cred and a few other accessors to hide their actual implementation. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: James Morris <jmorris@namei.org> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r--arch/ia64/ia32/sys_ia32.c7
-rw-r--r--drivers/net/tun.c8
-rw-r--r--drivers/usb/core/devio.c10
-rw-r--r--fs/binfmt_elf.c10
-rw-r--r--fs/binfmt_elf_fdpic.c9
-rw-r--r--fs/exec.c5
-rw-r--r--fs/fcntl.c3
-rw-r--r--fs/file_table.c7
-rw-r--r--fs/hugetlbfs/inode.c5
-rw-r--r--fs/ioprio.c4
-rw-r--r--fs/smbfs/dir.c3
-rw-r--r--include/linux/cred.h187
-rw-r--r--include/linux/securebits.h2
-rw-r--r--ipc/mqueue.c2
-rw-r--r--ipc/shm.c4
-rw-r--r--kernel/sys.c59
-rw-r--r--kernel/uid16.c31
-rw-r--r--net/core/scm.c2
-rw-r--r--net/sunrpc/auth.c14
-rw-r--r--security/commoncap.c2
-rw-r--r--security/keys/process_keys.c2
-rw-r--r--security/keys/request_key.c11
-rw-r--r--security/selinux/exports.c8
-rw-r--r--security/selinux/xfrm.c6
-rw-r--r--security/smack/smack_access.c2
-rw-r--r--security/smack/smack_lsm.c26
-rw-r--r--security/smack/smackfs.c4
27 files changed, 271 insertions, 162 deletions
diff --git a/arch/ia64/ia32/sys_ia32.c b/arch/ia64/ia32/sys_ia32.c
index 2445a9d3488e..16ef61a91d95 100644
--- a/arch/ia64/ia32/sys_ia32.c
+++ b/arch/ia64/ia32/sys_ia32.c
@@ -1767,25 +1767,24 @@ groups16_from_user(struct group_info *group_info, short __user *grouplist)
1767asmlinkage long 1767asmlinkage long
1768sys32_getgroups16 (int gidsetsize, short __user *grouplist) 1768sys32_getgroups16 (int gidsetsize, short __user *grouplist)
1769{ 1769{
1770 const struct cred *cred = current_cred();
1770 int i; 1771 int i;
1771 1772
1772 if (gidsetsize < 0) 1773 if (gidsetsize < 0)
1773 return -EINVAL; 1774 return -EINVAL;
1774 1775
1775 get_group_info(current->cred->group_info); 1776 i = cred->group_info->ngroups;
1776 i = current->cred->group_info->ngroups;
1777 if (gidsetsize) { 1777 if (gidsetsize) {
1778 if (i > gidsetsize) { 1778 if (i > gidsetsize) {
1779 i = -EINVAL; 1779 i = -EINVAL;
1780 goto out; 1780 goto out;
1781 } 1781 }
1782 if (groups16_to_user(grouplist, current->cred->group_info)) { 1782 if (groups16_to_user(grouplist, cred->group_info)) {
1783 i = -EFAULT; 1783 i = -EFAULT;
1784 goto out; 1784 goto out;
1785 } 1785 }
1786 } 1786 }
1787out: 1787out:
1788 put_group_info(current->cred->group_info);
1789 return i; 1788 return i;
1790} 1789}
1791 1790
diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index b14e2025e221..55dc70c6b4db 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -702,6 +702,7 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr)
702 struct tun_net *tn; 702 struct tun_net *tn;
703 struct tun_struct *tun; 703 struct tun_struct *tun;
704 struct net_device *dev; 704 struct net_device *dev;
705 const struct cred *cred = current_cred();
705 int err; 706 int err;
706 707
707 tn = net_generic(net, tun_net_id); 708 tn = net_generic(net, tun_net_id);
@@ -712,11 +713,12 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr)
712 713
713 /* Check permissions */ 714 /* Check permissions */
714 if (((tun->owner != -1 && 715 if (((tun->owner != -1 &&
715 current_euid() != tun->owner) || 716 cred->euid != tun->owner) ||
716 (tun->group != -1 && 717 (tun->group != -1 &&
717 current_egid() != tun->group)) && 718 cred->egid != tun->group)) &&
718 !capable(CAP_NET_ADMIN)) 719 !capable(CAP_NET_ADMIN)) {
719 return -EPERM; 720 return -EPERM;
721 }
720 } 722 }
721 else if (__dev_get_by_name(net, ifr->ifr_name)) 723 else if (__dev_get_by_name(net, ifr->ifr_name))
722 return -EINVAL; 724 return -EINVAL;
diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
index 1aadb9387027..aa79280df15d 100644
--- a/drivers/usb/core/devio.c
+++ b/drivers/usb/core/devio.c
@@ -574,6 +574,7 @@ static int usbdev_open(struct inode *inode, struct file *file)
574{ 574{
575 struct usb_device *dev = NULL; 575 struct usb_device *dev = NULL;
576 struct dev_state *ps; 576 struct dev_state *ps;
577 const struct cred *cred = current_cred();
577 int ret; 578 int ret;
578 579
579 lock_kernel(); 580 lock_kernel();
@@ -617,8 +618,8 @@ static int usbdev_open(struct inode *inode, struct file *file)
617 init_waitqueue_head(&ps->wait); 618 init_waitqueue_head(&ps->wait);
618 ps->discsignr = 0; 619 ps->discsignr = 0;
619 ps->disc_pid = get_pid(task_pid(current)); 620 ps->disc_pid = get_pid(task_pid(current));
620 ps->disc_uid = current_uid(); 621 ps->disc_uid = cred->uid;
621 ps->disc_euid = current_euid(); 622 ps->disc_euid = cred->euid;
622 ps->disccontext = NULL; 623 ps->disccontext = NULL;
623 ps->ifclaimed = 0; 624 ps->ifclaimed = 0;
624 security_task_getsecid(current, &ps->secid); 625 security_task_getsecid(current, &ps->secid);
@@ -967,6 +968,7 @@ static int proc_do_submiturb(struct dev_state *ps, struct usbdevfs_urb *uurb,
967 struct usb_host_endpoint *ep; 968 struct usb_host_endpoint *ep;
968 struct async *as; 969 struct async *as;
969 struct usb_ctrlrequest *dr = NULL; 970 struct usb_ctrlrequest *dr = NULL;
971 const struct cred *cred = current_cred();
970 unsigned int u, totlen, isofrmlen; 972 unsigned int u, totlen, isofrmlen;
971 int ret, ifnum = -1; 973 int ret, ifnum = -1;
972 int is_in; 974 int is_in;
@@ -1174,8 +1176,8 @@ static int proc_do_submiturb(struct dev_state *ps, struct usbdevfs_urb *uurb,
1174 as->signr = uurb->signr; 1176 as->signr = uurb->signr;
1175 as->ifnum = ifnum; 1177 as->ifnum = ifnum;
1176 as->pid = get_pid(task_pid(current)); 1178 as->pid = get_pid(task_pid(current));
1177 as->uid = current_uid(); 1179 as->uid = cred->uid;
1178 as->euid = current_euid(); 1180 as->euid = cred->euid;
1179 security_task_getsecid(current, &as->secid); 1181 security_task_getsecid(current, &as->secid);
1180 if (!is_in) { 1182 if (!is_in) {
1181 if (copy_from_user(as->urb->transfer_buffer, uurb->buffer, 1183 if (copy_from_user(as->urb->transfer_buffer, uurb->buffer,
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index 7a52477ce493..0e6655613169 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -157,7 +157,7 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
157 int items; 157 int items;
158 elf_addr_t *elf_info; 158 elf_addr_t *elf_info;
159 int ei_index = 0; 159 int ei_index = 0;
160 struct task_struct *tsk = current; 160 const struct cred *cred = current_cred();
161 struct vm_area_struct *vma; 161 struct vm_area_struct *vma;
162 162
163 /* 163 /*
@@ -223,10 +223,10 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
223 NEW_AUX_ENT(AT_BASE, interp_load_addr); 223 NEW_AUX_ENT(AT_BASE, interp_load_addr);
224 NEW_AUX_ENT(AT_FLAGS, 0); 224 NEW_AUX_ENT(AT_FLAGS, 0);
225 NEW_AUX_ENT(AT_ENTRY, exec->e_entry); 225 NEW_AUX_ENT(AT_ENTRY, exec->e_entry);
226 NEW_AUX_ENT(AT_UID, tsk->cred->uid); 226 NEW_AUX_ENT(AT_UID, cred->uid);
227 NEW_AUX_ENT(AT_EUID, tsk->cred->euid); 227 NEW_AUX_ENT(AT_EUID, cred->euid);
228 NEW_AUX_ENT(AT_GID, tsk->cred->gid); 228 NEW_AUX_ENT(AT_GID, cred->gid);
229 NEW_AUX_ENT(AT_EGID, tsk->cred->egid); 229 NEW_AUX_ENT(AT_EGID, cred->egid);
230 NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm)); 230 NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm));
231 NEW_AUX_ENT(AT_EXECFN, bprm->exec); 231 NEW_AUX_ENT(AT_EXECFN, bprm->exec);
232 if (k_platform) { 232 if (k_platform) {
diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c
index 9f67054c2c4e..1f6e8c023b4c 100644
--- a/fs/binfmt_elf_fdpic.c
+++ b/fs/binfmt_elf_fdpic.c
@@ -475,6 +475,7 @@ static int create_elf_fdpic_tables(struct linux_binprm *bprm,
475 struct elf_fdpic_params *exec_params, 475 struct elf_fdpic_params *exec_params,
476 struct elf_fdpic_params *interp_params) 476 struct elf_fdpic_params *interp_params)
477{ 477{
478 const struct cred *cred = current_cred();
478 unsigned long sp, csp, nitems; 479 unsigned long sp, csp, nitems;
479 elf_caddr_t __user *argv, *envp; 480 elf_caddr_t __user *argv, *envp;
480 size_t platform_len = 0, len; 481 size_t platform_len = 0, len;
@@ -623,10 +624,10 @@ static int create_elf_fdpic_tables(struct linux_binprm *bprm,
623 NEW_AUX_ENT(AT_BASE, interp_params->elfhdr_addr); 624 NEW_AUX_ENT(AT_BASE, interp_params->elfhdr_addr);
624 NEW_AUX_ENT(AT_FLAGS, 0); 625 NEW_AUX_ENT(AT_FLAGS, 0);
625 NEW_AUX_ENT(AT_ENTRY, exec_params->entry_addr); 626 NEW_AUX_ENT(AT_ENTRY, exec_params->entry_addr);
626 NEW_AUX_ENT(AT_UID, (elf_addr_t) current->cred->uid); 627 NEW_AUX_ENT(AT_UID, (elf_addr_t) cred->uid);
627 NEW_AUX_ENT(AT_EUID, (elf_addr_t) current->cred->euid); 628 NEW_AUX_ENT(AT_EUID, (elf_addr_t) cred->euid);
628 NEW_AUX_ENT(AT_GID, (elf_addr_t) current->cred->gid); 629 NEW_AUX_ENT(AT_GID, (elf_addr_t) cred->gid);
629 NEW_AUX_ENT(AT_EGID, (elf_addr_t) current->cred->egid); 630 NEW_AUX_ENT(AT_EGID, (elf_addr_t) cred->egid);
630 NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm)); 631 NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm));
631 NEW_AUX_ENT(AT_EXECFN, bprm->exec); 632 NEW_AUX_ENT(AT_EXECFN, bprm->exec);
632 633
diff --git a/fs/exec.c b/fs/exec.c
index 31149e430a89..a5330e1a2216 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1388,6 +1388,7 @@ EXPORT_SYMBOL(set_binfmt);
1388 */ 1388 */
1389static int format_corename(char *corename, long signr) 1389static int format_corename(char *corename, long signr)
1390{ 1390{
1391 const struct cred *cred = current_cred();
1391 const char *pat_ptr = core_pattern; 1392 const char *pat_ptr = core_pattern;
1392 int ispipe = (*pat_ptr == '|'); 1393 int ispipe = (*pat_ptr == '|');
1393 char *out_ptr = corename; 1394 char *out_ptr = corename;
@@ -1424,7 +1425,7 @@ static int format_corename(char *corename, long signr)
1424 /* uid */ 1425 /* uid */
1425 case 'u': 1426 case 'u':
1426 rc = snprintf(out_ptr, out_end - out_ptr, 1427 rc = snprintf(out_ptr, out_end - out_ptr,
1427 "%d", current_uid()); 1428 "%d", cred->uid);
1428 if (rc > out_end - out_ptr) 1429 if (rc > out_end - out_ptr)
1429 goto out; 1430 goto out;
1430 out_ptr += rc; 1431 out_ptr += rc;
@@ -1432,7 +1433,7 @@ static int format_corename(char *corename, long signr)
1432 /* gid */ 1433 /* gid */
1433 case 'g': 1434 case 'g':
1434 rc = snprintf(out_ptr, out_end - out_ptr, 1435 rc = snprintf(out_ptr, out_end - out_ptr,
1435 "%d", current_gid()); 1436 "%d", cred->gid);
1436 if (rc > out_end - out_ptr) 1437 if (rc > out_end - out_ptr)
1437 goto out; 1438 goto out;
1438 out_ptr += rc; 1439 out_ptr += rc;
diff --git a/fs/fcntl.c b/fs/fcntl.c
index 63964d863ad6..c594cc0e40fb 100644
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
@@ -205,13 +205,14 @@ static void f_modown(struct file *filp, struct pid *pid, enum pid_type type,
205int __f_setown(struct file *filp, struct pid *pid, enum pid_type type, 205int __f_setown(struct file *filp, struct pid *pid, enum pid_type type,
206 int force) 206 int force)
207{ 207{
208 const struct cred *cred = current_cred();
208 int err; 209 int err;
209 210
210 err = security_file_set_fowner(filp); 211 err = security_file_set_fowner(filp);
211 if (err) 212 if (err)
212 return err; 213 return err;
213 214
214 f_modown(filp, pid, type, current_uid(), current_euid(), force); 215 f_modown(filp, pid, type, cred->uid, cred->euid, force);
215 return 0; 216 return 0;
216} 217}
217EXPORT_SYMBOL(__f_setown); 218EXPORT_SYMBOL(__f_setown);
diff --git a/fs/file_table.c b/fs/file_table.c
index 3152b53cfab0..bc4563fe791d 100644
--- a/fs/file_table.c
+++ b/fs/file_table.c
@@ -94,7 +94,7 @@ int proc_nr_files(ctl_table *table, int write, struct file *filp,
94 */ 94 */
95struct file *get_empty_filp(void) 95struct file *get_empty_filp(void)
96{ 96{
97 struct task_struct *tsk; 97 const struct cred *cred = current_cred();
98 static int old_max; 98 static int old_max;
99 struct file * f; 99 struct file * f;
100 100
@@ -118,12 +118,11 @@ struct file *get_empty_filp(void)
118 if (security_file_alloc(f)) 118 if (security_file_alloc(f))
119 goto fail_sec; 119 goto fail_sec;
120 120
121 tsk = current;
122 INIT_LIST_HEAD(&f->f_u.fu_list); 121 INIT_LIST_HEAD(&f->f_u.fu_list);
123 atomic_long_set(&f->f_count, 1); 122 atomic_long_set(&f->f_count, 1);
124 rwlock_init(&f->f_owner.lock); 123 rwlock_init(&f->f_owner.lock);
125 f->f_uid = tsk->cred->fsuid; 124 f->f_uid = cred->fsuid;
126 f->f_gid = tsk->cred->fsgid; 125 f->f_gid = cred->fsgid;
127 eventpoll_init_file(f); 126 eventpoll_init_file(f);
128 /* f->f_version: 0 */ 127 /* f->f_version: 0 */
129 return f; 128 return f;
diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c
index 870a721b8bd2..7d479ce3aceb 100644
--- a/fs/hugetlbfs/inode.c
+++ b/fs/hugetlbfs/inode.c
@@ -951,6 +951,7 @@ struct file *hugetlb_file_setup(const char *name, size_t size)
951 struct inode *inode; 951 struct inode *inode;
952 struct dentry *dentry, *root; 952 struct dentry *dentry, *root;
953 struct qstr quick_string; 953 struct qstr quick_string;
954 struct user_struct *user = current_user();
954 955
955 if (!hugetlbfs_vfsmount) 956 if (!hugetlbfs_vfsmount)
956 return ERR_PTR(-ENOENT); 957 return ERR_PTR(-ENOENT);
@@ -958,7 +959,7 @@ struct file *hugetlb_file_setup(const char *name, size_t size)
958 if (!can_do_hugetlb_shm()) 959 if (!can_do_hugetlb_shm())
959 return ERR_PTR(-EPERM); 960 return ERR_PTR(-EPERM);
960 961
961 if (!user_shm_lock(size, current->cred->user)) 962 if (!user_shm_lock(size, user))
962 return ERR_PTR(-ENOMEM); 963 return ERR_PTR(-ENOMEM);
963 964
964 root = hugetlbfs_vfsmount->mnt_root; 965 root = hugetlbfs_vfsmount->mnt_root;
@@ -998,7 +999,7 @@ out_inode:
998out_dentry: 999out_dentry:
999 dput(dentry); 1000 dput(dentry);
1000out_shm_unlock: 1001out_shm_unlock:
1001 user_shm_unlock(size, current->cred->user); 1002 user_shm_unlock(size, user);
1002 return ERR_PTR(error); 1003 return ERR_PTR(error);
1003} 1004}
1004 1005
diff --git a/fs/ioprio.c b/fs/ioprio.c
index bb5210af77c2..5112554fd210 100644
--- a/fs/ioprio.c
+++ b/fs/ioprio.c
@@ -123,7 +123,7 @@ asmlinkage long sys_ioprio_set(int which, int who, int ioprio)
123 break; 123 break;
124 case IOPRIO_WHO_USER: 124 case IOPRIO_WHO_USER:
125 if (!who) 125 if (!who)
126 user = current->cred->user; 126 user = current_user();
127 else 127 else
128 user = find_user(who); 128 user = find_user(who);
129 129
@@ -216,7 +216,7 @@ asmlinkage long sys_ioprio_get(int which, int who)
216 break; 216 break;
217 case IOPRIO_WHO_USER: 217 case IOPRIO_WHO_USER:
218 if (!who) 218 if (!who)
219 user = current->cred->user; 219 user = current_user();
220 else 220 else
221 user = find_user(who); 221 user = find_user(who);
222 222
diff --git a/fs/smbfs/dir.c b/fs/smbfs/dir.c
index 9e9bb0db4f6d..e7ddd0328ddc 100644
--- a/fs/smbfs/dir.c
+++ b/fs/smbfs/dir.c
@@ -667,8 +667,7 @@ smb_make_node(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
667 667
668 attr.ia_valid = ATTR_MODE | ATTR_UID | ATTR_GID; 668 attr.ia_valid = ATTR_MODE | ATTR_UID | ATTR_GID;
669 attr.ia_mode = mode; 669 attr.ia_mode = mode;
670 attr.ia_uid = current_euid(); 670 current_euid_egid(&attr.ia_uid, &attr.ia_gid);
671 attr.ia_gid = current_egid();
672 671
673 if (!new_valid_dev(dev)) 672 if (!new_valid_dev(dev))
674 return -EINVAL; 673 return -EINVAL;
diff --git a/include/linux/cred.h b/include/linux/cred.h
index a7a686074cb0..4221ec6000c1 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -37,15 +37,16 @@ struct group_info {
37 * get_group_info - Get a reference to a group info structure 37 * get_group_info - Get a reference to a group info structure
38 * @group_info: The group info to reference 38 * @group_info: The group info to reference
39 * 39 *
40 * This must be called with the owning task locked (via task_lock()) when task 40 * This gets a reference to a set of supplementary groups.
41 * != current. The reason being that the vast majority of callers are looking 41 *
42 * at current->group_info, which can not be changed except by the current task. 42 * If the caller is accessing a task's credentials, they must hold the RCU read
43 * Changing current->group_info requires the task lock, too. 43 * lock when reading.
44 */ 44 */
45#define get_group_info(group_info) \ 45static inline struct group_info *get_group_info(struct group_info *gi)
46do { \ 46{
47 atomic_inc(&(group_info)->usage); \ 47 atomic_inc(&gi->usage);
48} while (0) 48 return gi;
49}
49 50
50/** 51/**
51 * put_group_info - Release a reference to a group info structure 52 * put_group_info - Release a reference to a group info structure
@@ -61,7 +62,7 @@ extern struct group_info *groups_alloc(int);
61extern void groups_free(struct group_info *); 62extern void groups_free(struct group_info *);
62extern int set_current_groups(struct group_info *); 63extern int set_current_groups(struct group_info *);
63extern int set_groups(struct cred *, struct group_info *); 64extern int set_groups(struct cred *, struct group_info *);
64extern int groups_search(struct group_info *, gid_t); 65extern int groups_search(const struct group_info *, gid_t);
65 66
66/* access the groups "array" with this macro */ 67/* access the groups "array" with this macro */
67#define GROUP_AT(gi, i) \ 68#define GROUP_AT(gi, i) \
@@ -123,41 +124,6 @@ struct cred {
123 spinlock_t lock; /* lock for pointer changes */ 124 spinlock_t lock; /* lock for pointer changes */
124}; 125};
125 126
126#define get_current_user() (get_uid(current->cred->user))
127
128#define task_uid(task) ((task)->cred->uid)
129#define task_gid(task) ((task)->cred->gid)
130#define task_euid(task) ((task)->cred->euid)
131#define task_egid(task) ((task)->cred->egid)
132
133#define current_uid() (current->cred->uid)
134#define current_gid() (current->cred->gid)
135#define current_euid() (current->cred->euid)
136#define current_egid() (current->cred->egid)
137#define current_suid() (current->cred->suid)
138#define current_sgid() (current->cred->sgid)
139#define current_fsuid() (current->cred->fsuid)
140#define current_fsgid() (current->cred->fsgid)
141#define current_cap() (current->cred->cap_effective)
142
143#define current_uid_gid(_uid, _gid) \
144do { \
145 *(_uid) = current->cred->uid; \
146 *(_gid) = current->cred->gid; \
147} while(0)
148
149#define current_euid_egid(_uid, _gid) \
150do { \
151 *(_uid) = current->cred->euid; \
152 *(_gid) = current->cred->egid; \
153} while(0)
154
155#define current_fsuid_fsgid(_uid, _gid) \
156do { \
157 *(_uid) = current->cred->fsuid; \
158 *(_gid) = current->cred->fsgid; \
159} while(0)
160
161extern void __put_cred(struct cred *); 127extern void __put_cred(struct cred *);
162extern int copy_creds(struct task_struct *, unsigned long); 128extern int copy_creds(struct task_struct *, unsigned long);
163 129
@@ -187,4 +153,137 @@ static inline void put_cred(struct cred *cred)
187 __put_cred(cred); 153 __put_cred(cred);
188} 154}
189 155
156/**
157 * current_cred - Access the current task's credentials
158 *
159 * Access the credentials of the current task.
160 */
161#define current_cred() \
162 (current->cred)
163
164/**
165 * __task_cred - Access another task's credentials
166 * @task: The task to query
167 *
168 * Access the credentials of another task. The caller must hold the
169 * RCU readlock.
170 *
171 * The caller must make sure task doesn't go away, either by holding a ref on
172 * task or by holding tasklist_lock to prevent it from being unlinked.
173 */
174#define __task_cred(task) \
175 ((const struct cred *)(rcu_dereference((task)->cred)))
176
177/**
178 * get_task_cred - Get another task's credentials
179 * @task: The task to query
180 *
181 * Get the credentials of a task, pinning them so that they can't go away.
182 * Accessing a task's credentials directly is not permitted.
183 *
184 * The caller must make sure task doesn't go away, either by holding a ref on
185 * task or by holding tasklist_lock to prevent it from being unlinked.
186 */
187#define get_task_cred(task) \
188({ \
189 struct cred *__cred; \
190 rcu_read_lock(); \
191 __cred = (struct cred *) __task_cred((task)); \
192 get_cred(__cred); \
193 rcu_read_unlock(); \
194 __cred; \
195})
196
197/**
198 * get_current_cred - Get the current task's credentials
199 *
200 * Get the credentials of the current task, pinning them so that they can't go
201 * away. Accessing the current task's credentials directly is not permitted.
202 */
203#define get_current_cred() \
204 (get_cred(current_cred()))
205
206/**
207 * get_current_user - Get the current task's user_struct
208 *
209 * Get the user record of the current task, pinning it so that it can't go
210 * away.
211 */
212#define get_current_user() \
213({ \
214 struct user_struct *__u; \
215 struct cred *__cred; \
216 __cred = (struct cred *) current_cred(); \
217 __u = get_uid(__cred->user); \
218 __u; \
219})
220
221/**
222 * get_current_groups - Get the current task's supplementary group list
223 *
224 * Get the supplementary group list of the current task, pinning it so that it
225 * can't go away.
226 */
227#define get_current_groups() \
228({ \
229 struct group_info *__groups; \
230 struct cred *__cred; \
231 __cred = (struct cred *) current_cred(); \
232 __groups = get_group_info(__cred->group_info); \
233 __groups; \
234})
235
236#define task_cred_xxx(task, xxx) \
237({ \
238 __typeof__(task->cred->xxx) ___val; \
239 rcu_read_lock(); \
240 ___val = __task_cred((task))->xxx; \
241 rcu_read_unlock(); \
242 ___val; \
243})
244
245#define task_uid(task) (task_cred_xxx((task), uid))
246#define task_euid(task) (task_cred_xxx((task), euid))
247
248#define current_cred_xxx(xxx) \
249({ \
250 current->cred->xxx; \
251})
252
253#define current_uid() (current_cred_xxx(uid))
254#define current_gid() (current_cred_xxx(gid))
255#define current_euid() (current_cred_xxx(euid))
256#define current_egid() (current_cred_xxx(egid))
257#define current_suid() (current_cred_xxx(suid))
258#define current_sgid() (current_cred_xxx(sgid))
259#define current_fsuid() (current_cred_xxx(fsuid))
260#define current_fsgid() (current_cred_xxx(fsgid))
261#define current_cap() (current_cred_xxx(cap_effective))
262#define current_user() (current_cred_xxx(user))
263#define current_security() (current_cred_xxx(security))
264
265#define current_uid_gid(_uid, _gid) \
266do { \
267 const struct cred *__cred; \
268 __cred = current_cred(); \
269 *(_uid) = __cred->uid; \
270 *(_gid) = __cred->gid; \
271} while(0)
272
273#define current_euid_egid(_euid, _egid) \
274do { \
275 const struct cred *__cred; \
276 __cred = current_cred(); \
277 *(_euid) = __cred->euid; \
278 *(_egid) = __cred->egid; \
279} while(0)
280
281#define current_fsuid_fsgid(_fsuid, _fsgid) \
282do { \
283 const struct cred *__cred; \
284 __cred = current_cred(); \
285 *(_fsuid) = __cred->fsuid; \
286 *(_fsgid) = __cred->fsgid; \
287} while(0)
288
190#endif /* _LINUX_CRED_H */ 289#endif /* _LINUX_CRED_H */
diff --git a/include/linux/securebits.h b/include/linux/securebits.h
index 6d389491bfa2..d2c5ed845bcc 100644
--- a/include/linux/securebits.h
+++ b/include/linux/securebits.h
@@ -32,7 +32,7 @@
32 setting is locked or not. A setting which is locked cannot be 32 setting is locked or not. A setting which is locked cannot be
33 changed from user-level. */ 33 changed from user-level. */
34#define issecure_mask(X) (1 << (X)) 34#define issecure_mask(X) (1 << (X))
35#define issecure(X) (issecure_mask(X) & current->cred->securebits) 35#define issecure(X) (issecure_mask(X) & current_cred_xxx(securebits))
36 36
37#define SECURE_ALL_BITS (issecure_mask(SECURE_NOROOT) | \ 37#define SECURE_ALL_BITS (issecure_mask(SECURE_NOROOT) | \
38 issecure_mask(SECURE_NO_SETUID_FIXUP) | \ 38 issecure_mask(SECURE_NO_SETUID_FIXUP) | \
diff --git a/ipc/mqueue.c b/ipc/mqueue.c
index e1885b494bac..1151881ccb9a 100644
--- a/ipc/mqueue.c
+++ b/ipc/mqueue.c
@@ -112,6 +112,7 @@ static inline struct mqueue_inode_info *MQUEUE_I(struct inode *inode)
112static struct inode *mqueue_get_inode(struct super_block *sb, int mode, 112static struct inode *mqueue_get_inode(struct super_block *sb, int mode,
113 struct mq_attr *attr) 113 struct mq_attr *attr)
114{ 114{
115 struct user_struct *u = current_user();
115 struct inode *inode; 116 struct inode *inode;
116 117
117 inode = new_inode(sb); 118 inode = new_inode(sb);
@@ -126,7 +127,6 @@ static struct inode *mqueue_get_inode(struct super_block *sb, int mode,
126 if (S_ISREG(mode)) { 127 if (S_ISREG(mode)) {
127 struct mqueue_inode_info *info; 128 struct mqueue_inode_info *info;
128 struct task_struct *p = current; 129 struct task_struct *p = current;
129 struct user_struct *u = p->cred->user;
130 unsigned long mq_bytes, mq_msg_tblsz; 130 unsigned long mq_bytes, mq_msg_tblsz;
131 131
132 inode->i_fop = &mqueue_file_operations; 132 inode->i_fop = &mqueue_file_operations;
diff --git a/ipc/shm.c b/ipc/shm.c
index 264a9d33c5dd..38a055758a9b 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -366,7 +366,7 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
366 if (shmflg & SHM_HUGETLB) { 366 if (shmflg & SHM_HUGETLB) {
367 /* hugetlb_file_setup takes care of mlock user accounting */ 367 /* hugetlb_file_setup takes care of mlock user accounting */
368 file = hugetlb_file_setup(name, size); 368 file = hugetlb_file_setup(name, size);
369 shp->mlock_user = current->cred->user; 369 shp->mlock_user = current_user();
370 } else { 370 } else {
371 int acctflag = VM_ACCOUNT; 371 int acctflag = VM_ACCOUNT;
372 /* 372 /*
@@ -767,7 +767,7 @@ asmlinkage long sys_shmctl(int shmid, int cmd, struct shmid_ds __user *buf)
767 goto out_unlock; 767 goto out_unlock;
768 768
769 if(cmd==SHM_LOCK) { 769 if(cmd==SHM_LOCK) {
770 struct user_struct *user = current->cred->user; 770 struct user_struct *user = current_user();
771 if (!is_file_hugepages(shp->shm_file)) { 771 if (!is_file_hugepages(shp->shm_file)) {
772 err = shmem_lock(shp->shm_file, 1, user); 772 err = shmem_lock(shp->shm_file, 1, user);
773 if (!err && !(shp->shm_perm.mode & SHM_LOCKED)){ 773 if (!err && !(shp->shm_perm.mode & SHM_LOCKED)){
diff --git a/kernel/sys.c b/kernel/sys.c
index 5d81f07c0150..c4d6b59553e9 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -143,6 +143,7 @@ asmlinkage long sys_setpriority(int which, int who, int niceval)
143{ 143{
144 struct task_struct *g, *p; 144 struct task_struct *g, *p;
145 struct user_struct *user; 145 struct user_struct *user;
146 const struct cred *cred = current_cred();
146 int error = -EINVAL; 147 int error = -EINVAL;
147 struct pid *pgrp; 148 struct pid *pgrp;
148 149
@@ -176,18 +177,18 @@ asmlinkage long sys_setpriority(int which, int who, int niceval)
176 } while_each_pid_thread(pgrp, PIDTYPE_PGID, p); 177 } while_each_pid_thread(pgrp, PIDTYPE_PGID, p);
177 break; 178 break;
178 case PRIO_USER: 179 case PRIO_USER:
179 user = current->cred->user; 180 user = cred->user;
180 if (!who) 181 if (!who)
181 who = current_uid(); 182 who = cred->uid;
182 else 183 else if ((who != cred->uid) &&
183 if (who != current_uid() && !(user = find_user(who))) 184 !(user = find_user(who)))
184 goto out_unlock; /* No processes for this user */ 185 goto out_unlock; /* No processes for this user */
185 186
186 do_each_thread(g, p) 187 do_each_thread(g, p)
187 if (p->cred->uid == who) 188 if (__task_cred(p)->uid == who)
188 error = set_one_prio(p, niceval, error); 189 error = set_one_prio(p, niceval, error);
189 while_each_thread(g, p); 190 while_each_thread(g, p);
190 if (who != current_uid()) 191 if (who != cred->uid)
191 free_uid(user); /* For find_user() */ 192 free_uid(user); /* For find_user() */
192 break; 193 break;
193 } 194 }
@@ -207,6 +208,7 @@ asmlinkage long sys_getpriority(int which, int who)
207{ 208{
208 struct task_struct *g, *p; 209 struct task_struct *g, *p;
209 struct user_struct *user; 210 struct user_struct *user;
211 const struct cred *cred = current_cred();
210 long niceval, retval = -ESRCH; 212 long niceval, retval = -ESRCH;
211 struct pid *pgrp; 213 struct pid *pgrp;
212 214
@@ -238,21 +240,21 @@ asmlinkage long sys_getpriority(int which, int who)
238 } while_each_pid_thread(pgrp, PIDTYPE_PGID, p); 240 } while_each_pid_thread(pgrp, PIDTYPE_PGID, p);
239 break; 241 break;
240 case PRIO_USER: 242 case PRIO_USER:
241 user = current->cred->user; 243 user = (struct user_struct *) cred->user;
242 if (!who) 244 if (!who)
243 who = current_uid(); 245 who = cred->uid;
244 else 246 else if ((who != cred->uid) &&
245 if (who != current_uid() && !(user = find_user(who))) 247 !(user = find_user(who)))
246 goto out_unlock; /* No processes for this user */ 248 goto out_unlock; /* No processes for this user */
247 249
248 do_each_thread(g, p) 250 do_each_thread(g, p)
249 if (p->cred->uid == who) { 251 if (__task_cred(p)->uid == who) {
250 niceval = 20 - task_nice(p); 252 niceval = 20 - task_nice(p);
251 if (niceval > retval) 253 if (niceval > retval)
252 retval = niceval; 254 retval = niceval;
253 } 255 }
254 while_each_thread(g, p); 256 while_each_thread(g, p);
255 if (who != current_uid()) 257 if (who != cred->uid)
256 free_uid(user); /* for find_user() */ 258 free_uid(user); /* for find_user() */
257 break; 259 break;
258 } 260 }
@@ -743,11 +745,11 @@ asmlinkage long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid)
743 745
744asmlinkage long sys_getresuid(uid_t __user *ruid, uid_t __user *euid, uid_t __user *suid) 746asmlinkage long sys_getresuid(uid_t __user *ruid, uid_t __user *euid, uid_t __user *suid)
745{ 747{
746 struct cred *cred = current->cred; 748 const struct cred *cred = current_cred();
747 int retval; 749 int retval;
748 750
749 if (!(retval = put_user(cred->uid, ruid)) && 751 if (!(retval = put_user(cred->uid, ruid)) &&
750 !(retval = put_user(cred->euid, euid))) 752 !(retval = put_user(cred->euid, euid)))
751 retval = put_user(cred->suid, suid); 753 retval = put_user(cred->suid, suid);
752 754
753 return retval; 755 return retval;
@@ -796,11 +798,11 @@ asmlinkage long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid)
796 798
797asmlinkage long sys_getresgid(gid_t __user *rgid, gid_t __user *egid, gid_t __user *sgid) 799asmlinkage long sys_getresgid(gid_t __user *rgid, gid_t __user *egid, gid_t __user *sgid)
798{ 800{
799 struct cred *cred = current->cred; 801 const struct cred *cred = current_cred();
800 int retval; 802 int retval;
801 803
802 if (!(retval = put_user(cred->gid, rgid)) && 804 if (!(retval = put_user(cred->gid, rgid)) &&
803 !(retval = put_user(cred->egid, egid))) 805 !(retval = put_user(cred->egid, egid)))
804 retval = put_user(cred->sgid, sgid); 806 retval = put_user(cred->sgid, sgid);
805 807
806 return retval; 808 return retval;
@@ -1199,7 +1201,7 @@ static void groups_sort(struct group_info *group_info)
1199} 1201}
1200 1202
1201/* a simple bsearch */ 1203/* a simple bsearch */
1202int groups_search(struct group_info *group_info, gid_t grp) 1204int groups_search(const struct group_info *group_info, gid_t grp)
1203{ 1205{
1204 unsigned int left, right; 1206 unsigned int left, right;
1205 1207
@@ -1268,13 +1270,8 @@ EXPORT_SYMBOL(set_current_groups);
1268 1270
1269asmlinkage long sys_getgroups(int gidsetsize, gid_t __user *grouplist) 1271asmlinkage long sys_getgroups(int gidsetsize, gid_t __user *grouplist)
1270{ 1272{
1271 struct cred *cred = current->cred; 1273 const struct cred *cred = current_cred();
1272 int i = 0; 1274 int i;
1273
1274 /*
1275 * SMP: Nobody else can change our grouplist. Thus we are
1276 * safe.
1277 */
1278 1275
1279 if (gidsetsize < 0) 1276 if (gidsetsize < 0)
1280 return -EINVAL; 1277 return -EINVAL;
@@ -1330,8 +1327,9 @@ asmlinkage long sys_setgroups(int gidsetsize, gid_t __user *grouplist)
1330 */ 1327 */
1331int in_group_p(gid_t grp) 1328int in_group_p(gid_t grp)
1332{ 1329{
1333 struct cred *cred = current->cred; 1330 const struct cred *cred = current_cred();
1334 int retval = 1; 1331 int retval = 1;
1332
1335 if (grp != cred->fsgid) 1333 if (grp != cred->fsgid)
1336 retval = groups_search(cred->group_info, grp); 1334 retval = groups_search(cred->group_info, grp);
1337 return retval; 1335 return retval;
@@ -1341,8 +1339,9 @@ EXPORT_SYMBOL(in_group_p);
1341 1339
1342int in_egroup_p(gid_t grp) 1340int in_egroup_p(gid_t grp)
1343{ 1341{
1344 struct cred *cred = current->cred; 1342 const struct cred *cred = current_cred();
1345 int retval = 1; 1343 int retval = 1;
1344
1346 if (grp != cred->egid) 1345 if (grp != cred->egid)
1347 retval = groups_search(cred->group_info, grp); 1346 retval = groups_search(cred->group_info, grp);
1348 return retval; 1347 return retval;
diff --git a/kernel/uid16.c b/kernel/uid16.c
index 71f07fc39fea..2460c3199b5a 100644
--- a/kernel/uid16.c
+++ b/kernel/uid16.c
@@ -84,11 +84,12 @@ asmlinkage long sys_setresuid16(old_uid_t ruid, old_uid_t euid, old_uid_t suid)
84 84
85asmlinkage long sys_getresuid16(old_uid_t __user *ruid, old_uid_t __user *euid, old_uid_t __user *suid) 85asmlinkage long sys_getresuid16(old_uid_t __user *ruid, old_uid_t __user *euid, old_uid_t __user *suid)
86{ 86{
87 const struct cred *cred = current_cred();
87 int retval; 88 int retval;
88 89
89 if (!(retval = put_user(high2lowuid(current->cred->uid), ruid)) && 90 if (!(retval = put_user(high2lowuid(cred->uid), ruid)) &&
90 !(retval = put_user(high2lowuid(current->cred->euid), euid))) 91 !(retval = put_user(high2lowuid(cred->euid), euid)))
91 retval = put_user(high2lowuid(current->cred->suid), suid); 92 retval = put_user(high2lowuid(cred->suid), suid);
92 93
93 return retval; 94 return retval;
94} 95}
@@ -104,11 +105,12 @@ asmlinkage long sys_setresgid16(old_gid_t rgid, old_gid_t egid, old_gid_t sgid)
104 105
105asmlinkage long sys_getresgid16(old_gid_t __user *rgid, old_gid_t __user *egid, old_gid_t __user *sgid) 106asmlinkage long sys_getresgid16(old_gid_t __user *rgid, old_gid_t __user *egid, old_gid_t __user *sgid)
106{ 107{
108 const struct cred *cred = current_cred();
107 int retval; 109 int retval;
108 110
109 if (!(retval = put_user(high2lowgid(current->cred->gid), rgid)) && 111 if (!(retval = put_user(high2lowgid(cred->gid), rgid)) &&
110 !(retval = put_user(high2lowgid(current->cred->egid), egid))) 112 !(retval = put_user(high2lowgid(cred->egid), egid)))
111 retval = put_user(high2lowgid(current->cred->sgid), sgid); 113 retval = put_user(high2lowgid(cred->sgid), sgid);
112 114
113 return retval; 115 return retval;
114} 116}
@@ -161,25 +163,24 @@ static int groups16_from_user(struct group_info *group_info,
161 163
162asmlinkage long sys_getgroups16(int gidsetsize, old_gid_t __user *grouplist) 164asmlinkage long sys_getgroups16(int gidsetsize, old_gid_t __user *grouplist)
163{ 165{
164 int i = 0; 166 const struct cred *cred = current_cred();
167 int i;
165 168
166 if (gidsetsize < 0) 169 if (gidsetsize < 0)
167 return -EINVAL; 170 return -EINVAL;
168 171
169 get_group_info(current->cred->group_info); 172 i = cred->group_info->ngroups;
170 i = current->cred->group_info->ngroups;
171 if (gidsetsize) { 173 if (gidsetsize) {
172 if (i > gidsetsize) { 174 if (i > gidsetsize) {
173 i = -EINVAL; 175 i = -EINVAL;
174 goto out; 176 goto out;
175 } 177 }
176 if (groups16_to_user(grouplist, current->cred->group_info)) { 178 if (groups16_to_user(grouplist, cred->group_info)) {
177 i = -EFAULT; 179 i = -EFAULT;
178 goto out; 180 goto out;
179 } 181 }
180 } 182 }
181out: 183out:
182 put_group_info(current->cred->group_info);
183 return i; 184 return i;
184} 185}
185 186
@@ -210,20 +211,20 @@ asmlinkage long sys_setgroups16(int gidsetsize, old_gid_t __user *grouplist)
210 211
211asmlinkage long sys_getuid16(void) 212asmlinkage long sys_getuid16(void)
212{ 213{
213 return high2lowuid(current->cred->uid); 214 return high2lowuid(current_uid());
214} 215}
215 216
216asmlinkage long sys_geteuid16(void) 217asmlinkage long sys_geteuid16(void)
217{ 218{
218 return high2lowuid(current->cred->euid); 219 return high2lowuid(current_euid());
219} 220}
220 221
221asmlinkage long sys_getgid16(void) 222asmlinkage long sys_getgid16(void)
222{ 223{
223 return high2lowgid(current->cred->gid); 224 return high2lowgid(current_gid());
224} 225}
225 226
226asmlinkage long sys_getegid16(void) 227asmlinkage long sys_getegid16(void)
227{ 228{
228 return high2lowgid(current->cred->egid); 229 return high2lowgid(current_egid());
229} 230}
diff --git a/net/core/scm.c b/net/core/scm.c
index c28ca32a7d93..f73c44b17dda 100644
--- a/net/core/scm.c
+++ b/net/core/scm.c
@@ -44,7 +44,7 @@
44 44
45static __inline__ int scm_check_creds(struct ucred *creds) 45static __inline__ int scm_check_creds(struct ucred *creds)
46{ 46{
47 struct cred *cred = current->cred; 47 const struct cred *cred = current_cred();
48 48
49 if ((creds->pid == task_tgid_vnr(current) || capable(CAP_SYS_ADMIN)) && 49 if ((creds->pid == task_tgid_vnr(current) || capable(CAP_SYS_ADMIN)) &&
50 ((creds->uid == cred->uid || creds->uid == cred->euid || 50 ((creds->uid == cred->uid || creds->uid == cred->euid ||
diff --git a/net/sunrpc/auth.c b/net/sunrpc/auth.c
index c79543212602..0443f8349458 100644
--- a/net/sunrpc/auth.c
+++ b/net/sunrpc/auth.c
@@ -350,16 +350,18 @@ EXPORT_SYMBOL_GPL(rpcauth_lookup_credcache);
350struct rpc_cred * 350struct rpc_cred *
351rpcauth_lookupcred(struct rpc_auth *auth, int flags) 351rpcauth_lookupcred(struct rpc_auth *auth, int flags)
352{ 352{
353 struct auth_cred acred = { 353 struct auth_cred acred;
354 .uid = current_fsuid(),
355 .gid = current_fsgid(),
356 .group_info = current->cred->group_info,
357 };
358 struct rpc_cred *ret; 354 struct rpc_cred *ret;
355 const struct cred *cred = current_cred();
359 356
360 dprintk("RPC: looking up %s cred\n", 357 dprintk("RPC: looking up %s cred\n",
361 auth->au_ops->au_name); 358 auth->au_ops->au_name);
362 get_group_info(acred.group_info); 359
360 memset(&acred, 0, sizeof(acred));
361 acred.uid = cred->fsuid;
362 acred.gid = cred->fsgid;
363 acred.group_info = get_group_info(((struct cred *)cred)->group_info);
364
363 ret = auth->au_ops->lookup_cred(auth, &acred, flags); 365 ret = auth->au_ops->lookup_cred(auth, &acred, flags);
364 put_group_info(acred.group_info); 366 put_group_info(acred.group_info);
365 return ret; 367 return ret;
diff --git a/security/commoncap.c b/security/commoncap.c
index fa61679f8c73..61307f590003 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -641,7 +641,7 @@ int cap_task_setnice (struct task_struct *p, int nice)
641int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, 641int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
642 unsigned long arg4, unsigned long arg5, long *rc_p) 642 unsigned long arg4, unsigned long arg5, long *rc_p)
643{ 643{
644 struct cred *cred = current->cred; 644 struct cred *cred = current_cred();
645 long error = 0; 645 long error = 0;
646 646
647 switch (option) { 647 switch (option) {
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index b0904cdda2e7..ce8ac6073d57 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -582,7 +582,7 @@ key_ref_t lookup_user_key(key_serial_t id, int create, int partial,
582{ 582{
583 struct request_key_auth *rka; 583 struct request_key_auth *rka;
584 struct task_struct *t = current; 584 struct task_struct *t = current;
585 struct cred *cred = t->cred; 585 struct cred *cred = current_cred();
586 struct key *key; 586 struct key *key;
587 key_ref_t key_ref, skey_ref; 587 key_ref_t key_ref, skey_ref;
588 int ret; 588 int ret;
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index 3e9b9eb1dd28..0488b0af5bd6 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -67,6 +67,7 @@ static int call_sbin_request_key(struct key_construction *cons,
67 void *aux) 67 void *aux)
68{ 68{
69 struct task_struct *tsk = current; 69 struct task_struct *tsk = current;
70 const struct cred *cred = current_cred();
70 key_serial_t prkey, sskey; 71 key_serial_t prkey, sskey;
71 struct key *key = cons->key, *authkey = cons->authkey, *keyring; 72 struct key *key = cons->key, *authkey = cons->authkey, *keyring;
72 char *argv[9], *envp[3], uid_str[12], gid_str[12]; 73 char *argv[9], *envp[3], uid_str[12], gid_str[12];
@@ -96,16 +97,16 @@ static int call_sbin_request_key(struct key_construction *cons,
96 goto error_link; 97 goto error_link;
97 98
98 /* record the UID and GID */ 99 /* record the UID and GID */
99 sprintf(uid_str, "%d", current_fsuid()); 100 sprintf(uid_str, "%d", cred->fsuid);
100 sprintf(gid_str, "%d", current_fsgid()); 101 sprintf(gid_str, "%d", cred->fsgid);
101 102
102 /* we say which key is under construction */ 103 /* we say which key is under construction */
103 sprintf(key_str, "%d", key->serial); 104 sprintf(key_str, "%d", key->serial);
104 105
105 /* we specify the process's default keyrings */ 106 /* we specify the process's default keyrings */
106 sprintf(keyring_str[0], "%d", 107 sprintf(keyring_str[0], "%d",
107 tsk->cred->thread_keyring ? 108 cred->thread_keyring ?
108 tsk->cred->thread_keyring->serial : 0); 109 cred->thread_keyring->serial : 0);
109 110
110 prkey = 0; 111 prkey = 0;
111 if (tsk->signal->process_keyring) 112 if (tsk->signal->process_keyring)
@@ -118,7 +119,7 @@ static int call_sbin_request_key(struct key_construction *cons,
118 sskey = rcu_dereference(tsk->signal->session_keyring)->serial; 119 sskey = rcu_dereference(tsk->signal->session_keyring)->serial;
119 rcu_read_unlock(); 120 rcu_read_unlock();
120 } else { 121 } else {
121 sskey = tsk->cred->user->session_keyring->serial; 122 sskey = cred->user->session_keyring->serial;
122 } 123 }
123 124
124 sprintf(keyring_str[2], "%d", sskey); 125 sprintf(keyring_str[2], "%d", sskey);
diff --git a/security/selinux/exports.c b/security/selinux/exports.c
index cf02490cd1eb..c73aeaa008e8 100644
--- a/security/selinux/exports.c
+++ b/security/selinux/exports.c
@@ -39,9 +39,13 @@ EXPORT_SYMBOL_GPL(selinux_string_to_sid);
39int selinux_secmark_relabel_packet_permission(u32 sid) 39int selinux_secmark_relabel_packet_permission(u32 sid)
40{ 40{
41 if (selinux_enabled) { 41 if (selinux_enabled) {
42 struct task_security_struct *tsec = current->cred->security; 42 const struct task_security_struct *__tsec;
43 u32 tsid;
43 44
44 return avc_has_perm(tsec->sid, sid, SECCLASS_PACKET, 45 __tsec = current_security();
46 tsid = __tsec->sid;
47
48 return avc_has_perm(tsid, sid, SECCLASS_PACKET,
45 PACKET__RELABELTO, NULL); 49 PACKET__RELABELTO, NULL);
46 } 50 }
47 return 0; 51 return 0;
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index d7db76617b0e..c0eb72013d67 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -197,7 +197,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp,
197 struct xfrm_user_sec_ctx *uctx, u32 sid) 197 struct xfrm_user_sec_ctx *uctx, u32 sid)
198{ 198{
199 int rc = 0; 199 int rc = 0;
200 struct task_security_struct *tsec = current->cred->security; 200 const struct task_security_struct *tsec = current_security();
201 struct xfrm_sec_ctx *ctx = NULL; 201 struct xfrm_sec_ctx *ctx = NULL;
202 char *ctx_str = NULL; 202 char *ctx_str = NULL;
203 u32 str_len; 203 u32 str_len;
@@ -333,7 +333,7 @@ void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
333 */ 333 */
334int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx) 334int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
335{ 335{
336 struct task_security_struct *tsec = current->cred->security; 336 const struct task_security_struct *tsec = current_security();
337 int rc = 0; 337 int rc = 0;
338 338
339 if (ctx) { 339 if (ctx) {
@@ -378,7 +378,7 @@ void selinux_xfrm_state_free(struct xfrm_state *x)
378 */ 378 */
379int selinux_xfrm_state_delete(struct xfrm_state *x) 379int selinux_xfrm_state_delete(struct xfrm_state *x)
380{ 380{
381 struct task_security_struct *tsec = current->cred->security; 381 const struct task_security_struct *tsec = current_security();
382 struct xfrm_sec_ctx *ctx = x->security; 382 struct xfrm_sec_ctx *ctx = x->security;
383 int rc = 0; 383 int rc = 0;
384 384
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index b6dd4fc0fb0b..247cec3b5a43 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -164,7 +164,7 @@ int smk_curacc(char *obj_label, u32 mode)
164{ 164{
165 int rc; 165 int rc;
166 166
167 rc = smk_access(current->cred->security, obj_label, mode); 167 rc = smk_access(current_security(), obj_label, mode);
168 if (rc == 0) 168 if (rc == 0)
169 return 0; 169 return 0;
170 170
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index cc837314fb0e..e8a4fcb1ad04 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -143,7 +143,7 @@ static int smack_ptrace_traceme(struct task_struct *ptp)
143static int smack_syslog(int type) 143static int smack_syslog(int type)
144{ 144{
145 int rc; 145 int rc;
146 char *sp = current->cred->security; 146 char *sp = current_security();
147 147
148 rc = cap_syslog(type); 148 rc = cap_syslog(type);
149 if (rc != 0) 149 if (rc != 0)
@@ -375,7 +375,7 @@ static int smack_sb_umount(struct vfsmount *mnt, int flags)
375 */ 375 */
376static int smack_inode_alloc_security(struct inode *inode) 376static int smack_inode_alloc_security(struct inode *inode)
377{ 377{
378 inode->i_security = new_inode_smack(current->cred->security); 378 inode->i_security = new_inode_smack(current_security());
379 if (inode->i_security == NULL) 379 if (inode->i_security == NULL)
380 return -ENOMEM; 380 return -ENOMEM;
381 return 0; 381 return 0;
@@ -820,7 +820,7 @@ static int smack_file_permission(struct file *file, int mask)
820 */ 820 */
821static int smack_file_alloc_security(struct file *file) 821static int smack_file_alloc_security(struct file *file)
822{ 822{
823 file->f_security = current->cred->security; 823 file->f_security = current_security();
824 return 0; 824 return 0;
825} 825}
826 826
@@ -918,7 +918,7 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd,
918 */ 918 */
919static int smack_file_set_fowner(struct file *file) 919static int smack_file_set_fowner(struct file *file)
920{ 920{
921 file->f_security = current->cred->security; 921 file->f_security = current_security();
922 return 0; 922 return 0;
923} 923}
924 924
@@ -986,8 +986,7 @@ static int smack_file_receive(struct file *file)
986 */ 986 */
987static int smack_cred_alloc_security(struct cred *cred) 987static int smack_cred_alloc_security(struct cred *cred)
988{ 988{
989 cred->security = current->cred->security; 989 cred->security = current_security();
990
991 return 0; 990 return 0;
992} 991}
993 992
@@ -1225,7 +1224,7 @@ static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
1225 */ 1224 */
1226static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) 1225static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
1227{ 1226{
1228 char *csp = current->cred->security; 1227 char *csp = current_security();
1229 struct socket_smack *ssp; 1228 struct socket_smack *ssp;
1230 1229
1231 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); 1230 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
@@ -1450,7 +1449,7 @@ static int smack_flags_to_may(int flags)
1450 */ 1449 */
1451static int smack_msg_msg_alloc_security(struct msg_msg *msg) 1450static int smack_msg_msg_alloc_security(struct msg_msg *msg)
1452{ 1451{
1453 msg->security = current->cred->security; 1452 msg->security = current_security();
1454 return 0; 1453 return 0;
1455} 1454}
1456 1455
@@ -1486,7 +1485,7 @@ static int smack_shm_alloc_security(struct shmid_kernel *shp)
1486{ 1485{
1487 struct kern_ipc_perm *isp = &shp->shm_perm; 1486 struct kern_ipc_perm *isp = &shp->shm_perm;
1488 1487
1489 isp->security = current->cred->security; 1488 isp->security = current_security();
1490 return 0; 1489 return 0;
1491} 1490}
1492 1491
@@ -1595,7 +1594,7 @@ static int smack_sem_alloc_security(struct sem_array *sma)
1595{ 1594{
1596 struct kern_ipc_perm *isp = &sma->sem_perm; 1595 struct kern_ipc_perm *isp = &sma->sem_perm;
1597 1596
1598 isp->security = current->cred->security; 1597 isp->security = current_security();
1599 return 0; 1598 return 0;
1600} 1599}
1601 1600
@@ -1699,7 +1698,7 @@ static int smack_msg_queue_alloc_security(struct msg_queue *msq)
1699{ 1698{
1700 struct kern_ipc_perm *kisp = &msq->q_perm; 1699 struct kern_ipc_perm *kisp = &msq->q_perm;
1701 1700
1702 kisp->security = current->cred->security; 1701 kisp->security = current_security();
1703 return 0; 1702 return 0;
1704} 1703}
1705 1704
@@ -1854,7 +1853,7 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
1854 struct super_block *sbp; 1853 struct super_block *sbp;
1855 struct superblock_smack *sbsp; 1854 struct superblock_smack *sbsp;
1856 struct inode_smack *isp; 1855 struct inode_smack *isp;
1857 char *csp = current->cred->security; 1856 char *csp = current_security();
1858 char *fetched; 1857 char *fetched;
1859 char *final; 1858 char *final;
1860 struct dentry *dp; 1859 struct dentry *dp;
@@ -2290,8 +2289,7 @@ static void smack_sock_graft(struct sock *sk, struct socket *parent)
2290 return; 2289 return;
2291 2290
2292 ssp = sk->sk_security; 2291 ssp = sk->sk_security;
2293 ssp->smk_in = current->cred->security; 2292 ssp->smk_in = ssp->smk_out = current_security();
2294 ssp->smk_out = current->cred->security;
2295 ssp->smk_packet[0] = '\0'; 2293 ssp->smk_packet[0] = '\0';
2296 2294
2297 rc = smack_netlabel(sk); 2295 rc = smack_netlabel(sk);
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index c5ca279e0506..ca257dfdc75d 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -336,7 +336,7 @@ static void smk_cipso_doi(void)
336 336
337 audit_info.loginuid = audit_get_loginuid(current); 337 audit_info.loginuid = audit_get_loginuid(current);
338 audit_info.sessionid = audit_get_sessionid(current); 338 audit_info.sessionid = audit_get_sessionid(current);
339 audit_info.secid = smack_to_secid(current->cred->security); 339 audit_info.secid = smack_to_secid(current_security());
340 340
341 rc = netlbl_cfg_map_del(NULL, &audit_info); 341 rc = netlbl_cfg_map_del(NULL, &audit_info);
342 if (rc != 0) 342 if (rc != 0)
@@ -371,7 +371,7 @@ static void smk_unlbl_ambient(char *oldambient)
371 371
372 audit_info.loginuid = audit_get_loginuid(current); 372 audit_info.loginuid = audit_get_loginuid(current);
373 audit_info.sessionid = audit_get_sessionid(current); 373 audit_info.sessionid = audit_get_sessionid(current);
374 audit_info.secid = smack_to_secid(current->cred->security); 374 audit_info.secid = smack_to_secid(current_security());
375 375
376 if (oldambient != NULL) { 376 if (oldambient != NULL) {
377 rc = netlbl_cfg_map_del(oldambient, &audit_info); 377 rc = netlbl_cfg_map_del(oldambient, &audit_info);