diff options
author | David Howells <dhowells@redhat.com> | 2008-11-13 18:39:18 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-11-13 18:39:18 -0500 |
commit | 86a264abe542cfececb4df129bc45a0338d8cdb9 (patch) | |
tree | 30152f04ba847f311028d5ca697f864c16c7ebb3 | |
parent | f1752eec6145c97163dbce62d17cf5d928e28a27 (diff) |
CRED: Wrap current->cred and a few other accessors
Wrap current->cred and a few other accessors to hide their actual
implementation.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r-- | arch/ia64/ia32/sys_ia32.c | 7 | ||||
-rw-r--r-- | drivers/net/tun.c | 8 | ||||
-rw-r--r-- | drivers/usb/core/devio.c | 10 | ||||
-rw-r--r-- | fs/binfmt_elf.c | 10 | ||||
-rw-r--r-- | fs/binfmt_elf_fdpic.c | 9 | ||||
-rw-r--r-- | fs/exec.c | 5 | ||||
-rw-r--r-- | fs/fcntl.c | 3 | ||||
-rw-r--r-- | fs/file_table.c | 7 | ||||
-rw-r--r-- | fs/hugetlbfs/inode.c | 5 | ||||
-rw-r--r-- | fs/ioprio.c | 4 | ||||
-rw-r--r-- | fs/smbfs/dir.c | 3 | ||||
-rw-r--r-- | include/linux/cred.h | 187 | ||||
-rw-r--r-- | include/linux/securebits.h | 2 | ||||
-rw-r--r-- | ipc/mqueue.c | 2 | ||||
-rw-r--r-- | ipc/shm.c | 4 | ||||
-rw-r--r-- | kernel/sys.c | 59 | ||||
-rw-r--r-- | kernel/uid16.c | 31 | ||||
-rw-r--r-- | net/core/scm.c | 2 | ||||
-rw-r--r-- | net/sunrpc/auth.c | 14 | ||||
-rw-r--r-- | security/commoncap.c | 2 | ||||
-rw-r--r-- | security/keys/process_keys.c | 2 | ||||
-rw-r--r-- | security/keys/request_key.c | 11 | ||||
-rw-r--r-- | security/selinux/exports.c | 8 | ||||
-rw-r--r-- | security/selinux/xfrm.c | 6 | ||||
-rw-r--r-- | security/smack/smack_access.c | 2 | ||||
-rw-r--r-- | security/smack/smack_lsm.c | 26 | ||||
-rw-r--r-- | security/smack/smackfs.c | 4 |
27 files changed, 271 insertions, 162 deletions
diff --git a/arch/ia64/ia32/sys_ia32.c b/arch/ia64/ia32/sys_ia32.c index 2445a9d3488e..16ef61a91d95 100644 --- a/arch/ia64/ia32/sys_ia32.c +++ b/arch/ia64/ia32/sys_ia32.c | |||
@@ -1767,25 +1767,24 @@ groups16_from_user(struct group_info *group_info, short __user *grouplist) | |||
1767 | asmlinkage long | 1767 | asmlinkage long |
1768 | sys32_getgroups16 (int gidsetsize, short __user *grouplist) | 1768 | sys32_getgroups16 (int gidsetsize, short __user *grouplist) |
1769 | { | 1769 | { |
1770 | const struct cred *cred = current_cred(); | ||
1770 | int i; | 1771 | int i; |
1771 | 1772 | ||
1772 | if (gidsetsize < 0) | 1773 | if (gidsetsize < 0) |
1773 | return -EINVAL; | 1774 | return -EINVAL; |
1774 | 1775 | ||
1775 | get_group_info(current->cred->group_info); | 1776 | i = cred->group_info->ngroups; |
1776 | i = current->cred->group_info->ngroups; | ||
1777 | if (gidsetsize) { | 1777 | if (gidsetsize) { |
1778 | if (i > gidsetsize) { | 1778 | if (i > gidsetsize) { |
1779 | i = -EINVAL; | 1779 | i = -EINVAL; |
1780 | goto out; | 1780 | goto out; |
1781 | } | 1781 | } |
1782 | if (groups16_to_user(grouplist, current->cred->group_info)) { | 1782 | if (groups16_to_user(grouplist, cred->group_info)) { |
1783 | i = -EFAULT; | 1783 | i = -EFAULT; |
1784 | goto out; | 1784 | goto out; |
1785 | } | 1785 | } |
1786 | } | 1786 | } |
1787 | out: | 1787 | out: |
1788 | put_group_info(current->cred->group_info); | ||
1789 | return i; | 1788 | return i; |
1790 | } | 1789 | } |
1791 | 1790 | ||
diff --git a/drivers/net/tun.c b/drivers/net/tun.c index b14e2025e221..55dc70c6b4db 100644 --- a/drivers/net/tun.c +++ b/drivers/net/tun.c | |||
@@ -702,6 +702,7 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr) | |||
702 | struct tun_net *tn; | 702 | struct tun_net *tn; |
703 | struct tun_struct *tun; | 703 | struct tun_struct *tun; |
704 | struct net_device *dev; | 704 | struct net_device *dev; |
705 | const struct cred *cred = current_cred(); | ||
705 | int err; | 706 | int err; |
706 | 707 | ||
707 | tn = net_generic(net, tun_net_id); | 708 | tn = net_generic(net, tun_net_id); |
@@ -712,11 +713,12 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr) | |||
712 | 713 | ||
713 | /* Check permissions */ | 714 | /* Check permissions */ |
714 | if (((tun->owner != -1 && | 715 | if (((tun->owner != -1 && |
715 | current_euid() != tun->owner) || | 716 | cred->euid != tun->owner) || |
716 | (tun->group != -1 && | 717 | (tun->group != -1 && |
717 | current_egid() != tun->group)) && | 718 | cred->egid != tun->group)) && |
718 | !capable(CAP_NET_ADMIN)) | 719 | !capable(CAP_NET_ADMIN)) { |
719 | return -EPERM; | 720 | return -EPERM; |
721 | } | ||
720 | } | 722 | } |
721 | else if (__dev_get_by_name(net, ifr->ifr_name)) | 723 | else if (__dev_get_by_name(net, ifr->ifr_name)) |
722 | return -EINVAL; | 724 | return -EINVAL; |
diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c index 1aadb9387027..aa79280df15d 100644 --- a/drivers/usb/core/devio.c +++ b/drivers/usb/core/devio.c | |||
@@ -574,6 +574,7 @@ static int usbdev_open(struct inode *inode, struct file *file) | |||
574 | { | 574 | { |
575 | struct usb_device *dev = NULL; | 575 | struct usb_device *dev = NULL; |
576 | struct dev_state *ps; | 576 | struct dev_state *ps; |
577 | const struct cred *cred = current_cred(); | ||
577 | int ret; | 578 | int ret; |
578 | 579 | ||
579 | lock_kernel(); | 580 | lock_kernel(); |
@@ -617,8 +618,8 @@ static int usbdev_open(struct inode *inode, struct file *file) | |||
617 | init_waitqueue_head(&ps->wait); | 618 | init_waitqueue_head(&ps->wait); |
618 | ps->discsignr = 0; | 619 | ps->discsignr = 0; |
619 | ps->disc_pid = get_pid(task_pid(current)); | 620 | ps->disc_pid = get_pid(task_pid(current)); |
620 | ps->disc_uid = current_uid(); | 621 | ps->disc_uid = cred->uid; |
621 | ps->disc_euid = current_euid(); | 622 | ps->disc_euid = cred->euid; |
622 | ps->disccontext = NULL; | 623 | ps->disccontext = NULL; |
623 | ps->ifclaimed = 0; | 624 | ps->ifclaimed = 0; |
624 | security_task_getsecid(current, &ps->secid); | 625 | security_task_getsecid(current, &ps->secid); |
@@ -967,6 +968,7 @@ static int proc_do_submiturb(struct dev_state *ps, struct usbdevfs_urb *uurb, | |||
967 | struct usb_host_endpoint *ep; | 968 | struct usb_host_endpoint *ep; |
968 | struct async *as; | 969 | struct async *as; |
969 | struct usb_ctrlrequest *dr = NULL; | 970 | struct usb_ctrlrequest *dr = NULL; |
971 | const struct cred *cred = current_cred(); | ||
970 | unsigned int u, totlen, isofrmlen; | 972 | unsigned int u, totlen, isofrmlen; |
971 | int ret, ifnum = -1; | 973 | int ret, ifnum = -1; |
972 | int is_in; | 974 | int is_in; |
@@ -1174,8 +1176,8 @@ static int proc_do_submiturb(struct dev_state *ps, struct usbdevfs_urb *uurb, | |||
1174 | as->signr = uurb->signr; | 1176 | as->signr = uurb->signr; |
1175 | as->ifnum = ifnum; | 1177 | as->ifnum = ifnum; |
1176 | as->pid = get_pid(task_pid(current)); | 1178 | as->pid = get_pid(task_pid(current)); |
1177 | as->uid = current_uid(); | 1179 | as->uid = cred->uid; |
1178 | as->euid = current_euid(); | 1180 | as->euid = cred->euid; |
1179 | security_task_getsecid(current, &as->secid); | 1181 | security_task_getsecid(current, &as->secid); |
1180 | if (!is_in) { | 1182 | if (!is_in) { |
1181 | if (copy_from_user(as->urb->transfer_buffer, uurb->buffer, | 1183 | if (copy_from_user(as->urb->transfer_buffer, uurb->buffer, |
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 7a52477ce493..0e6655613169 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c | |||
@@ -157,7 +157,7 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, | |||
157 | int items; | 157 | int items; |
158 | elf_addr_t *elf_info; | 158 | elf_addr_t *elf_info; |
159 | int ei_index = 0; | 159 | int ei_index = 0; |
160 | struct task_struct *tsk = current; | 160 | const struct cred *cred = current_cred(); |
161 | struct vm_area_struct *vma; | 161 | struct vm_area_struct *vma; |
162 | 162 | ||
163 | /* | 163 | /* |
@@ -223,10 +223,10 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, | |||
223 | NEW_AUX_ENT(AT_BASE, interp_load_addr); | 223 | NEW_AUX_ENT(AT_BASE, interp_load_addr); |
224 | NEW_AUX_ENT(AT_FLAGS, 0); | 224 | NEW_AUX_ENT(AT_FLAGS, 0); |
225 | NEW_AUX_ENT(AT_ENTRY, exec->e_entry); | 225 | NEW_AUX_ENT(AT_ENTRY, exec->e_entry); |
226 | NEW_AUX_ENT(AT_UID, tsk->cred->uid); | 226 | NEW_AUX_ENT(AT_UID, cred->uid); |
227 | NEW_AUX_ENT(AT_EUID, tsk->cred->euid); | 227 | NEW_AUX_ENT(AT_EUID, cred->euid); |
228 | NEW_AUX_ENT(AT_GID, tsk->cred->gid); | 228 | NEW_AUX_ENT(AT_GID, cred->gid); |
229 | NEW_AUX_ENT(AT_EGID, tsk->cred->egid); | 229 | NEW_AUX_ENT(AT_EGID, cred->egid); |
230 | NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm)); | 230 | NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm)); |
231 | NEW_AUX_ENT(AT_EXECFN, bprm->exec); | 231 | NEW_AUX_ENT(AT_EXECFN, bprm->exec); |
232 | if (k_platform) { | 232 | if (k_platform) { |
diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c index 9f67054c2c4e..1f6e8c023b4c 100644 --- a/fs/binfmt_elf_fdpic.c +++ b/fs/binfmt_elf_fdpic.c | |||
@@ -475,6 +475,7 @@ static int create_elf_fdpic_tables(struct linux_binprm *bprm, | |||
475 | struct elf_fdpic_params *exec_params, | 475 | struct elf_fdpic_params *exec_params, |
476 | struct elf_fdpic_params *interp_params) | 476 | struct elf_fdpic_params *interp_params) |
477 | { | 477 | { |
478 | const struct cred *cred = current_cred(); | ||
478 | unsigned long sp, csp, nitems; | 479 | unsigned long sp, csp, nitems; |
479 | elf_caddr_t __user *argv, *envp; | 480 | elf_caddr_t __user *argv, *envp; |
480 | size_t platform_len = 0, len; | 481 | size_t platform_len = 0, len; |
@@ -623,10 +624,10 @@ static int create_elf_fdpic_tables(struct linux_binprm *bprm, | |||
623 | NEW_AUX_ENT(AT_BASE, interp_params->elfhdr_addr); | 624 | NEW_AUX_ENT(AT_BASE, interp_params->elfhdr_addr); |
624 | NEW_AUX_ENT(AT_FLAGS, 0); | 625 | NEW_AUX_ENT(AT_FLAGS, 0); |
625 | NEW_AUX_ENT(AT_ENTRY, exec_params->entry_addr); | 626 | NEW_AUX_ENT(AT_ENTRY, exec_params->entry_addr); |
626 | NEW_AUX_ENT(AT_UID, (elf_addr_t) current->cred->uid); | 627 | NEW_AUX_ENT(AT_UID, (elf_addr_t) cred->uid); |
627 | NEW_AUX_ENT(AT_EUID, (elf_addr_t) current->cred->euid); | 628 | NEW_AUX_ENT(AT_EUID, (elf_addr_t) cred->euid); |
628 | NEW_AUX_ENT(AT_GID, (elf_addr_t) current->cred->gid); | 629 | NEW_AUX_ENT(AT_GID, (elf_addr_t) cred->gid); |
629 | NEW_AUX_ENT(AT_EGID, (elf_addr_t) current->cred->egid); | 630 | NEW_AUX_ENT(AT_EGID, (elf_addr_t) cred->egid); |
630 | NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm)); | 631 | NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm)); |
631 | NEW_AUX_ENT(AT_EXECFN, bprm->exec); | 632 | NEW_AUX_ENT(AT_EXECFN, bprm->exec); |
632 | 633 | ||
@@ -1388,6 +1388,7 @@ EXPORT_SYMBOL(set_binfmt); | |||
1388 | */ | 1388 | */ |
1389 | static int format_corename(char *corename, long signr) | 1389 | static int format_corename(char *corename, long signr) |
1390 | { | 1390 | { |
1391 | const struct cred *cred = current_cred(); | ||
1391 | const char *pat_ptr = core_pattern; | 1392 | const char *pat_ptr = core_pattern; |
1392 | int ispipe = (*pat_ptr == '|'); | 1393 | int ispipe = (*pat_ptr == '|'); |
1393 | char *out_ptr = corename; | 1394 | char *out_ptr = corename; |
@@ -1424,7 +1425,7 @@ static int format_corename(char *corename, long signr) | |||
1424 | /* uid */ | 1425 | /* uid */ |
1425 | case 'u': | 1426 | case 'u': |
1426 | rc = snprintf(out_ptr, out_end - out_ptr, | 1427 | rc = snprintf(out_ptr, out_end - out_ptr, |
1427 | "%d", current_uid()); | 1428 | "%d", cred->uid); |
1428 | if (rc > out_end - out_ptr) | 1429 | if (rc > out_end - out_ptr) |
1429 | goto out; | 1430 | goto out; |
1430 | out_ptr += rc; | 1431 | out_ptr += rc; |
@@ -1432,7 +1433,7 @@ static int format_corename(char *corename, long signr) | |||
1432 | /* gid */ | 1433 | /* gid */ |
1433 | case 'g': | 1434 | case 'g': |
1434 | rc = snprintf(out_ptr, out_end - out_ptr, | 1435 | rc = snprintf(out_ptr, out_end - out_ptr, |
1435 | "%d", current_gid()); | 1436 | "%d", cred->gid); |
1436 | if (rc > out_end - out_ptr) | 1437 | if (rc > out_end - out_ptr) |
1437 | goto out; | 1438 | goto out; |
1438 | out_ptr += rc; | 1439 | out_ptr += rc; |
diff --git a/fs/fcntl.c b/fs/fcntl.c index 63964d863ad6..c594cc0e40fb 100644 --- a/fs/fcntl.c +++ b/fs/fcntl.c | |||
@@ -205,13 +205,14 @@ static void f_modown(struct file *filp, struct pid *pid, enum pid_type type, | |||
205 | int __f_setown(struct file *filp, struct pid *pid, enum pid_type type, | 205 | int __f_setown(struct file *filp, struct pid *pid, enum pid_type type, |
206 | int force) | 206 | int force) |
207 | { | 207 | { |
208 | const struct cred *cred = current_cred(); | ||
208 | int err; | 209 | int err; |
209 | 210 | ||
210 | err = security_file_set_fowner(filp); | 211 | err = security_file_set_fowner(filp); |
211 | if (err) | 212 | if (err) |
212 | return err; | 213 | return err; |
213 | 214 | ||
214 | f_modown(filp, pid, type, current_uid(), current_euid(), force); | 215 | f_modown(filp, pid, type, cred->uid, cred->euid, force); |
215 | return 0; | 216 | return 0; |
216 | } | 217 | } |
217 | EXPORT_SYMBOL(__f_setown); | 218 | EXPORT_SYMBOL(__f_setown); |
diff --git a/fs/file_table.c b/fs/file_table.c index 3152b53cfab0..bc4563fe791d 100644 --- a/fs/file_table.c +++ b/fs/file_table.c | |||
@@ -94,7 +94,7 @@ int proc_nr_files(ctl_table *table, int write, struct file *filp, | |||
94 | */ | 94 | */ |
95 | struct file *get_empty_filp(void) | 95 | struct file *get_empty_filp(void) |
96 | { | 96 | { |
97 | struct task_struct *tsk; | 97 | const struct cred *cred = current_cred(); |
98 | static int old_max; | 98 | static int old_max; |
99 | struct file * f; | 99 | struct file * f; |
100 | 100 | ||
@@ -118,12 +118,11 @@ struct file *get_empty_filp(void) | |||
118 | if (security_file_alloc(f)) | 118 | if (security_file_alloc(f)) |
119 | goto fail_sec; | 119 | goto fail_sec; |
120 | 120 | ||
121 | tsk = current; | ||
122 | INIT_LIST_HEAD(&f->f_u.fu_list); | 121 | INIT_LIST_HEAD(&f->f_u.fu_list); |
123 | atomic_long_set(&f->f_count, 1); | 122 | atomic_long_set(&f->f_count, 1); |
124 | rwlock_init(&f->f_owner.lock); | 123 | rwlock_init(&f->f_owner.lock); |
125 | f->f_uid = tsk->cred->fsuid; | 124 | f->f_uid = cred->fsuid; |
126 | f->f_gid = tsk->cred->fsgid; | 125 | f->f_gid = cred->fsgid; |
127 | eventpoll_init_file(f); | 126 | eventpoll_init_file(f); |
128 | /* f->f_version: 0 */ | 127 | /* f->f_version: 0 */ |
129 | return f; | 128 | return f; |
diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c index 870a721b8bd2..7d479ce3aceb 100644 --- a/fs/hugetlbfs/inode.c +++ b/fs/hugetlbfs/inode.c | |||
@@ -951,6 +951,7 @@ struct file *hugetlb_file_setup(const char *name, size_t size) | |||
951 | struct inode *inode; | 951 | struct inode *inode; |
952 | struct dentry *dentry, *root; | 952 | struct dentry *dentry, *root; |
953 | struct qstr quick_string; | 953 | struct qstr quick_string; |
954 | struct user_struct *user = current_user(); | ||
954 | 955 | ||
955 | if (!hugetlbfs_vfsmount) | 956 | if (!hugetlbfs_vfsmount) |
956 | return ERR_PTR(-ENOENT); | 957 | return ERR_PTR(-ENOENT); |
@@ -958,7 +959,7 @@ struct file *hugetlb_file_setup(const char *name, size_t size) | |||
958 | if (!can_do_hugetlb_shm()) | 959 | if (!can_do_hugetlb_shm()) |
959 | return ERR_PTR(-EPERM); | 960 | return ERR_PTR(-EPERM); |
960 | 961 | ||
961 | if (!user_shm_lock(size, current->cred->user)) | 962 | if (!user_shm_lock(size, user)) |
962 | return ERR_PTR(-ENOMEM); | 963 | return ERR_PTR(-ENOMEM); |
963 | 964 | ||
964 | root = hugetlbfs_vfsmount->mnt_root; | 965 | root = hugetlbfs_vfsmount->mnt_root; |
@@ -998,7 +999,7 @@ out_inode: | |||
998 | out_dentry: | 999 | out_dentry: |
999 | dput(dentry); | 1000 | dput(dentry); |
1000 | out_shm_unlock: | 1001 | out_shm_unlock: |
1001 | user_shm_unlock(size, current->cred->user); | 1002 | user_shm_unlock(size, user); |
1002 | return ERR_PTR(error); | 1003 | return ERR_PTR(error); |
1003 | } | 1004 | } |
1004 | 1005 | ||
diff --git a/fs/ioprio.c b/fs/ioprio.c index bb5210af77c2..5112554fd210 100644 --- a/fs/ioprio.c +++ b/fs/ioprio.c | |||
@@ -123,7 +123,7 @@ asmlinkage long sys_ioprio_set(int which, int who, int ioprio) | |||
123 | break; | 123 | break; |
124 | case IOPRIO_WHO_USER: | 124 | case IOPRIO_WHO_USER: |
125 | if (!who) | 125 | if (!who) |
126 | user = current->cred->user; | 126 | user = current_user(); |
127 | else | 127 | else |
128 | user = find_user(who); | 128 | user = find_user(who); |
129 | 129 | ||
@@ -216,7 +216,7 @@ asmlinkage long sys_ioprio_get(int which, int who) | |||
216 | break; | 216 | break; |
217 | case IOPRIO_WHO_USER: | 217 | case IOPRIO_WHO_USER: |
218 | if (!who) | 218 | if (!who) |
219 | user = current->cred->user; | 219 | user = current_user(); |
220 | else | 220 | else |
221 | user = find_user(who); | 221 | user = find_user(who); |
222 | 222 | ||
diff --git a/fs/smbfs/dir.c b/fs/smbfs/dir.c index 9e9bb0db4f6d..e7ddd0328ddc 100644 --- a/fs/smbfs/dir.c +++ b/fs/smbfs/dir.c | |||
@@ -667,8 +667,7 @@ smb_make_node(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) | |||
667 | 667 | ||
668 | attr.ia_valid = ATTR_MODE | ATTR_UID | ATTR_GID; | 668 | attr.ia_valid = ATTR_MODE | ATTR_UID | ATTR_GID; |
669 | attr.ia_mode = mode; | 669 | attr.ia_mode = mode; |
670 | attr.ia_uid = current_euid(); | 670 | current_euid_egid(&attr.ia_uid, &attr.ia_gid); |
671 | attr.ia_gid = current_egid(); | ||
672 | 671 | ||
673 | if (!new_valid_dev(dev)) | 672 | if (!new_valid_dev(dev)) |
674 | return -EINVAL; | 673 | return -EINVAL; |
diff --git a/include/linux/cred.h b/include/linux/cred.h index a7a686074cb0..4221ec6000c1 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h | |||
@@ -37,15 +37,16 @@ struct group_info { | |||
37 | * get_group_info - Get a reference to a group info structure | 37 | * get_group_info - Get a reference to a group info structure |
38 | * @group_info: The group info to reference | 38 | * @group_info: The group info to reference |
39 | * | 39 | * |
40 | * This must be called with the owning task locked (via task_lock()) when task | 40 | * This gets a reference to a set of supplementary groups. |
41 | * != current. The reason being that the vast majority of callers are looking | 41 | * |
42 | * at current->group_info, which can not be changed except by the current task. | 42 | * If the caller is accessing a task's credentials, they must hold the RCU read |
43 | * Changing current->group_info requires the task lock, too. | 43 | * lock when reading. |
44 | */ | 44 | */ |
45 | #define get_group_info(group_info) \ | 45 | static inline struct group_info *get_group_info(struct group_info *gi) |
46 | do { \ | 46 | { |
47 | atomic_inc(&(group_info)->usage); \ | 47 | atomic_inc(&gi->usage); |
48 | } while (0) | 48 | return gi; |
49 | } | ||
49 | 50 | ||
50 | /** | 51 | /** |
51 | * put_group_info - Release a reference to a group info structure | 52 | * put_group_info - Release a reference to a group info structure |
@@ -61,7 +62,7 @@ extern struct group_info *groups_alloc(int); | |||
61 | extern void groups_free(struct group_info *); | 62 | extern void groups_free(struct group_info *); |
62 | extern int set_current_groups(struct group_info *); | 63 | extern int set_current_groups(struct group_info *); |
63 | extern int set_groups(struct cred *, struct group_info *); | 64 | extern int set_groups(struct cred *, struct group_info *); |
64 | extern int groups_search(struct group_info *, gid_t); | 65 | extern int groups_search(const struct group_info *, gid_t); |
65 | 66 | ||
66 | /* access the groups "array" with this macro */ | 67 | /* access the groups "array" with this macro */ |
67 | #define GROUP_AT(gi, i) \ | 68 | #define GROUP_AT(gi, i) \ |
@@ -123,41 +124,6 @@ struct cred { | |||
123 | spinlock_t lock; /* lock for pointer changes */ | 124 | spinlock_t lock; /* lock for pointer changes */ |
124 | }; | 125 | }; |
125 | 126 | ||
126 | #define get_current_user() (get_uid(current->cred->user)) | ||
127 | |||
128 | #define task_uid(task) ((task)->cred->uid) | ||
129 | #define task_gid(task) ((task)->cred->gid) | ||
130 | #define task_euid(task) ((task)->cred->euid) | ||
131 | #define task_egid(task) ((task)->cred->egid) | ||
132 | |||
133 | #define current_uid() (current->cred->uid) | ||
134 | #define current_gid() (current->cred->gid) | ||
135 | #define current_euid() (current->cred->euid) | ||
136 | #define current_egid() (current->cred->egid) | ||
137 | #define current_suid() (current->cred->suid) | ||
138 | #define current_sgid() (current->cred->sgid) | ||
139 | #define current_fsuid() (current->cred->fsuid) | ||
140 | #define current_fsgid() (current->cred->fsgid) | ||
141 | #define current_cap() (current->cred->cap_effective) | ||
142 | |||
143 | #define current_uid_gid(_uid, _gid) \ | ||
144 | do { \ | ||
145 | *(_uid) = current->cred->uid; \ | ||
146 | *(_gid) = current->cred->gid; \ | ||
147 | } while(0) | ||
148 | |||
149 | #define current_euid_egid(_uid, _gid) \ | ||
150 | do { \ | ||
151 | *(_uid) = current->cred->euid; \ | ||
152 | *(_gid) = current->cred->egid; \ | ||
153 | } while(0) | ||
154 | |||
155 | #define current_fsuid_fsgid(_uid, _gid) \ | ||
156 | do { \ | ||
157 | *(_uid) = current->cred->fsuid; \ | ||
158 | *(_gid) = current->cred->fsgid; \ | ||
159 | } while(0) | ||
160 | |||
161 | extern void __put_cred(struct cred *); | 127 | extern void __put_cred(struct cred *); |
162 | extern int copy_creds(struct task_struct *, unsigned long); | 128 | extern int copy_creds(struct task_struct *, unsigned long); |
163 | 129 | ||
@@ -187,4 +153,137 @@ static inline void put_cred(struct cred *cred) | |||
187 | __put_cred(cred); | 153 | __put_cred(cred); |
188 | } | 154 | } |
189 | 155 | ||
156 | /** | ||
157 | * current_cred - Access the current task's credentials | ||
158 | * | ||
159 | * Access the credentials of the current task. | ||
160 | */ | ||
161 | #define current_cred() \ | ||
162 | (current->cred) | ||
163 | |||
164 | /** | ||
165 | * __task_cred - Access another task's credentials | ||
166 | * @task: The task to query | ||
167 | * | ||
168 | * Access the credentials of another task. The caller must hold the | ||
169 | * RCU readlock. | ||
170 | * | ||
171 | * The caller must make sure task doesn't go away, either by holding a ref on | ||
172 | * task or by holding tasklist_lock to prevent it from being unlinked. | ||
173 | */ | ||
174 | #define __task_cred(task) \ | ||
175 | ((const struct cred *)(rcu_dereference((task)->cred))) | ||
176 | |||
177 | /** | ||
178 | * get_task_cred - Get another task's credentials | ||
179 | * @task: The task to query | ||
180 | * | ||
181 | * Get the credentials of a task, pinning them so that they can't go away. | ||
182 | * Accessing a task's credentials directly is not permitted. | ||
183 | * | ||
184 | * The caller must make sure task doesn't go away, either by holding a ref on | ||
185 | * task or by holding tasklist_lock to prevent it from being unlinked. | ||
186 | */ | ||
187 | #define get_task_cred(task) \ | ||
188 | ({ \ | ||
189 | struct cred *__cred; \ | ||
190 | rcu_read_lock(); \ | ||
191 | __cred = (struct cred *) __task_cred((task)); \ | ||
192 | get_cred(__cred); \ | ||
193 | rcu_read_unlock(); \ | ||
194 | __cred; \ | ||
195 | }) | ||
196 | |||
197 | /** | ||
198 | * get_current_cred - Get the current task's credentials | ||
199 | * | ||
200 | * Get the credentials of the current task, pinning them so that they can't go | ||
201 | * away. Accessing the current task's credentials directly is not permitted. | ||
202 | */ | ||
203 | #define get_current_cred() \ | ||
204 | (get_cred(current_cred())) | ||
205 | |||
206 | /** | ||
207 | * get_current_user - Get the current task's user_struct | ||
208 | * | ||
209 | * Get the user record of the current task, pinning it so that it can't go | ||
210 | * away. | ||
211 | */ | ||
212 | #define get_current_user() \ | ||
213 | ({ \ | ||
214 | struct user_struct *__u; \ | ||
215 | struct cred *__cred; \ | ||
216 | __cred = (struct cred *) current_cred(); \ | ||
217 | __u = get_uid(__cred->user); \ | ||
218 | __u; \ | ||
219 | }) | ||
220 | |||
221 | /** | ||
222 | * get_current_groups - Get the current task's supplementary group list | ||
223 | * | ||
224 | * Get the supplementary group list of the current task, pinning it so that it | ||
225 | * can't go away. | ||
226 | */ | ||
227 | #define get_current_groups() \ | ||
228 | ({ \ | ||
229 | struct group_info *__groups; \ | ||
230 | struct cred *__cred; \ | ||
231 | __cred = (struct cred *) current_cred(); \ | ||
232 | __groups = get_group_info(__cred->group_info); \ | ||
233 | __groups; \ | ||
234 | }) | ||
235 | |||
236 | #define task_cred_xxx(task, xxx) \ | ||
237 | ({ \ | ||
238 | __typeof__(task->cred->xxx) ___val; \ | ||
239 | rcu_read_lock(); \ | ||
240 | ___val = __task_cred((task))->xxx; \ | ||
241 | rcu_read_unlock(); \ | ||
242 | ___val; \ | ||
243 | }) | ||
244 | |||
245 | #define task_uid(task) (task_cred_xxx((task), uid)) | ||
246 | #define task_euid(task) (task_cred_xxx((task), euid)) | ||
247 | |||
248 | #define current_cred_xxx(xxx) \ | ||
249 | ({ \ | ||
250 | current->cred->xxx; \ | ||
251 | }) | ||
252 | |||
253 | #define current_uid() (current_cred_xxx(uid)) | ||
254 | #define current_gid() (current_cred_xxx(gid)) | ||
255 | #define current_euid() (current_cred_xxx(euid)) | ||
256 | #define current_egid() (current_cred_xxx(egid)) | ||
257 | #define current_suid() (current_cred_xxx(suid)) | ||
258 | #define current_sgid() (current_cred_xxx(sgid)) | ||
259 | #define current_fsuid() (current_cred_xxx(fsuid)) | ||
260 | #define current_fsgid() (current_cred_xxx(fsgid)) | ||
261 | #define current_cap() (current_cred_xxx(cap_effective)) | ||
262 | #define current_user() (current_cred_xxx(user)) | ||
263 | #define current_security() (current_cred_xxx(security)) | ||
264 | |||
265 | #define current_uid_gid(_uid, _gid) \ | ||
266 | do { \ | ||
267 | const struct cred *__cred; \ | ||
268 | __cred = current_cred(); \ | ||
269 | *(_uid) = __cred->uid; \ | ||
270 | *(_gid) = __cred->gid; \ | ||
271 | } while(0) | ||
272 | |||
273 | #define current_euid_egid(_euid, _egid) \ | ||
274 | do { \ | ||
275 | const struct cred *__cred; \ | ||
276 | __cred = current_cred(); \ | ||
277 | *(_euid) = __cred->euid; \ | ||
278 | *(_egid) = __cred->egid; \ | ||
279 | } while(0) | ||
280 | |||
281 | #define current_fsuid_fsgid(_fsuid, _fsgid) \ | ||
282 | do { \ | ||
283 | const struct cred *__cred; \ | ||
284 | __cred = current_cred(); \ | ||
285 | *(_fsuid) = __cred->fsuid; \ | ||
286 | *(_fsgid) = __cred->fsgid; \ | ||
287 | } while(0) | ||
288 | |||
190 | #endif /* _LINUX_CRED_H */ | 289 | #endif /* _LINUX_CRED_H */ |
diff --git a/include/linux/securebits.h b/include/linux/securebits.h index 6d389491bfa2..d2c5ed845bcc 100644 --- a/include/linux/securebits.h +++ b/include/linux/securebits.h | |||
@@ -32,7 +32,7 @@ | |||
32 | setting is locked or not. A setting which is locked cannot be | 32 | setting is locked or not. A setting which is locked cannot be |
33 | changed from user-level. */ | 33 | changed from user-level. */ |
34 | #define issecure_mask(X) (1 << (X)) | 34 | #define issecure_mask(X) (1 << (X)) |
35 | #define issecure(X) (issecure_mask(X) & current->cred->securebits) | 35 | #define issecure(X) (issecure_mask(X) & current_cred_xxx(securebits)) |
36 | 36 | ||
37 | #define SECURE_ALL_BITS (issecure_mask(SECURE_NOROOT) | \ | 37 | #define SECURE_ALL_BITS (issecure_mask(SECURE_NOROOT) | \ |
38 | issecure_mask(SECURE_NO_SETUID_FIXUP) | \ | 38 | issecure_mask(SECURE_NO_SETUID_FIXUP) | \ |
diff --git a/ipc/mqueue.c b/ipc/mqueue.c index e1885b494bac..1151881ccb9a 100644 --- a/ipc/mqueue.c +++ b/ipc/mqueue.c | |||
@@ -112,6 +112,7 @@ static inline struct mqueue_inode_info *MQUEUE_I(struct inode *inode) | |||
112 | static struct inode *mqueue_get_inode(struct super_block *sb, int mode, | 112 | static struct inode *mqueue_get_inode(struct super_block *sb, int mode, |
113 | struct mq_attr *attr) | 113 | struct mq_attr *attr) |
114 | { | 114 | { |
115 | struct user_struct *u = current_user(); | ||
115 | struct inode *inode; | 116 | struct inode *inode; |
116 | 117 | ||
117 | inode = new_inode(sb); | 118 | inode = new_inode(sb); |
@@ -126,7 +127,6 @@ static struct inode *mqueue_get_inode(struct super_block *sb, int mode, | |||
126 | if (S_ISREG(mode)) { | 127 | if (S_ISREG(mode)) { |
127 | struct mqueue_inode_info *info; | 128 | struct mqueue_inode_info *info; |
128 | struct task_struct *p = current; | 129 | struct task_struct *p = current; |
129 | struct user_struct *u = p->cred->user; | ||
130 | unsigned long mq_bytes, mq_msg_tblsz; | 130 | unsigned long mq_bytes, mq_msg_tblsz; |
131 | 131 | ||
132 | inode->i_fop = &mqueue_file_operations; | 132 | inode->i_fop = &mqueue_file_operations; |
@@ -366,7 +366,7 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params) | |||
366 | if (shmflg & SHM_HUGETLB) { | 366 | if (shmflg & SHM_HUGETLB) { |
367 | /* hugetlb_file_setup takes care of mlock user accounting */ | 367 | /* hugetlb_file_setup takes care of mlock user accounting */ |
368 | file = hugetlb_file_setup(name, size); | 368 | file = hugetlb_file_setup(name, size); |
369 | shp->mlock_user = current->cred->user; | 369 | shp->mlock_user = current_user(); |
370 | } else { | 370 | } else { |
371 | int acctflag = VM_ACCOUNT; | 371 | int acctflag = VM_ACCOUNT; |
372 | /* | 372 | /* |
@@ -767,7 +767,7 @@ asmlinkage long sys_shmctl(int shmid, int cmd, struct shmid_ds __user *buf) | |||
767 | goto out_unlock; | 767 | goto out_unlock; |
768 | 768 | ||
769 | if(cmd==SHM_LOCK) { | 769 | if(cmd==SHM_LOCK) { |
770 | struct user_struct *user = current->cred->user; | 770 | struct user_struct *user = current_user(); |
771 | if (!is_file_hugepages(shp->shm_file)) { | 771 | if (!is_file_hugepages(shp->shm_file)) { |
772 | err = shmem_lock(shp->shm_file, 1, user); | 772 | err = shmem_lock(shp->shm_file, 1, user); |
773 | if (!err && !(shp->shm_perm.mode & SHM_LOCKED)){ | 773 | if (!err && !(shp->shm_perm.mode & SHM_LOCKED)){ |
diff --git a/kernel/sys.c b/kernel/sys.c index 5d81f07c0150..c4d6b59553e9 100644 --- a/kernel/sys.c +++ b/kernel/sys.c | |||
@@ -143,6 +143,7 @@ asmlinkage long sys_setpriority(int which, int who, int niceval) | |||
143 | { | 143 | { |
144 | struct task_struct *g, *p; | 144 | struct task_struct *g, *p; |
145 | struct user_struct *user; | 145 | struct user_struct *user; |
146 | const struct cred *cred = current_cred(); | ||
146 | int error = -EINVAL; | 147 | int error = -EINVAL; |
147 | struct pid *pgrp; | 148 | struct pid *pgrp; |
148 | 149 | ||
@@ -176,18 +177,18 @@ asmlinkage long sys_setpriority(int which, int who, int niceval) | |||
176 | } while_each_pid_thread(pgrp, PIDTYPE_PGID, p); | 177 | } while_each_pid_thread(pgrp, PIDTYPE_PGID, p); |
177 | break; | 178 | break; |
178 | case PRIO_USER: | 179 | case PRIO_USER: |
179 | user = current->cred->user; | 180 | user = cred->user; |
180 | if (!who) | 181 | if (!who) |
181 | who = current_uid(); | 182 | who = cred->uid; |
182 | else | 183 | else if ((who != cred->uid) && |
183 | if (who != current_uid() && !(user = find_user(who))) | 184 | !(user = find_user(who))) |
184 | goto out_unlock; /* No processes for this user */ | 185 | goto out_unlock; /* No processes for this user */ |
185 | 186 | ||
186 | do_each_thread(g, p) | 187 | do_each_thread(g, p) |
187 | if (p->cred->uid == who) | 188 | if (__task_cred(p)->uid == who) |
188 | error = set_one_prio(p, niceval, error); | 189 | error = set_one_prio(p, niceval, error); |
189 | while_each_thread(g, p); | 190 | while_each_thread(g, p); |
190 | if (who != current_uid()) | 191 | if (who != cred->uid) |
191 | free_uid(user); /* For find_user() */ | 192 | free_uid(user); /* For find_user() */ |
192 | break; | 193 | break; |
193 | } | 194 | } |
@@ -207,6 +208,7 @@ asmlinkage long sys_getpriority(int which, int who) | |||
207 | { | 208 | { |
208 | struct task_struct *g, *p; | 209 | struct task_struct *g, *p; |
209 | struct user_struct *user; | 210 | struct user_struct *user; |
211 | const struct cred *cred = current_cred(); | ||
210 | long niceval, retval = -ESRCH; | 212 | long niceval, retval = -ESRCH; |
211 | struct pid *pgrp; | 213 | struct pid *pgrp; |
212 | 214 | ||
@@ -238,21 +240,21 @@ asmlinkage long sys_getpriority(int which, int who) | |||
238 | } while_each_pid_thread(pgrp, PIDTYPE_PGID, p); | 240 | } while_each_pid_thread(pgrp, PIDTYPE_PGID, p); |
239 | break; | 241 | break; |
240 | case PRIO_USER: | 242 | case PRIO_USER: |
241 | user = current->cred->user; | 243 | user = (struct user_struct *) cred->user; |
242 | if (!who) | 244 | if (!who) |
243 | who = current_uid(); | 245 | who = cred->uid; |
244 | else | 246 | else if ((who != cred->uid) && |
245 | if (who != current_uid() && !(user = find_user(who))) | 247 | !(user = find_user(who))) |
246 | goto out_unlock; /* No processes for this user */ | 248 | goto out_unlock; /* No processes for this user */ |
247 | 249 | ||
248 | do_each_thread(g, p) | 250 | do_each_thread(g, p) |
249 | if (p->cred->uid == who) { | 251 | if (__task_cred(p)->uid == who) { |
250 | niceval = 20 - task_nice(p); | 252 | niceval = 20 - task_nice(p); |
251 | if (niceval > retval) | 253 | if (niceval > retval) |
252 | retval = niceval; | 254 | retval = niceval; |
253 | } | 255 | } |
254 | while_each_thread(g, p); | 256 | while_each_thread(g, p); |
255 | if (who != current_uid()) | 257 | if (who != cred->uid) |
256 | free_uid(user); /* for find_user() */ | 258 | free_uid(user); /* for find_user() */ |
257 | break; | 259 | break; |
258 | } | 260 | } |
@@ -743,11 +745,11 @@ asmlinkage long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid) | |||
743 | 745 | ||
744 | asmlinkage long sys_getresuid(uid_t __user *ruid, uid_t __user *euid, uid_t __user *suid) | 746 | asmlinkage long sys_getresuid(uid_t __user *ruid, uid_t __user *euid, uid_t __user *suid) |
745 | { | 747 | { |
746 | struct cred *cred = current->cred; | 748 | const struct cred *cred = current_cred(); |
747 | int retval; | 749 | int retval; |
748 | 750 | ||
749 | if (!(retval = put_user(cred->uid, ruid)) && | 751 | if (!(retval = put_user(cred->uid, ruid)) && |
750 | !(retval = put_user(cred->euid, euid))) | 752 | !(retval = put_user(cred->euid, euid))) |
751 | retval = put_user(cred->suid, suid); | 753 | retval = put_user(cred->suid, suid); |
752 | 754 | ||
753 | return retval; | 755 | return retval; |
@@ -796,11 +798,11 @@ asmlinkage long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid) | |||
796 | 798 | ||
797 | asmlinkage long sys_getresgid(gid_t __user *rgid, gid_t __user *egid, gid_t __user *sgid) | 799 | asmlinkage long sys_getresgid(gid_t __user *rgid, gid_t __user *egid, gid_t __user *sgid) |
798 | { | 800 | { |
799 | struct cred *cred = current->cred; | 801 | const struct cred *cred = current_cred(); |
800 | int retval; | 802 | int retval; |
801 | 803 | ||
802 | if (!(retval = put_user(cred->gid, rgid)) && | 804 | if (!(retval = put_user(cred->gid, rgid)) && |
803 | !(retval = put_user(cred->egid, egid))) | 805 | !(retval = put_user(cred->egid, egid))) |
804 | retval = put_user(cred->sgid, sgid); | 806 | retval = put_user(cred->sgid, sgid); |
805 | 807 | ||
806 | return retval; | 808 | return retval; |
@@ -1199,7 +1201,7 @@ static void groups_sort(struct group_info *group_info) | |||
1199 | } | 1201 | } |
1200 | 1202 | ||
1201 | /* a simple bsearch */ | 1203 | /* a simple bsearch */ |
1202 | int groups_search(struct group_info *group_info, gid_t grp) | 1204 | int groups_search(const struct group_info *group_info, gid_t grp) |
1203 | { | 1205 | { |
1204 | unsigned int left, right; | 1206 | unsigned int left, right; |
1205 | 1207 | ||
@@ -1268,13 +1270,8 @@ EXPORT_SYMBOL(set_current_groups); | |||
1268 | 1270 | ||
1269 | asmlinkage long sys_getgroups(int gidsetsize, gid_t __user *grouplist) | 1271 | asmlinkage long sys_getgroups(int gidsetsize, gid_t __user *grouplist) |
1270 | { | 1272 | { |
1271 | struct cred *cred = current->cred; | 1273 | const struct cred *cred = current_cred(); |
1272 | int i = 0; | 1274 | int i; |
1273 | |||
1274 | /* | ||
1275 | * SMP: Nobody else can change our grouplist. Thus we are | ||
1276 | * safe. | ||
1277 | */ | ||
1278 | 1275 | ||
1279 | if (gidsetsize < 0) | 1276 | if (gidsetsize < 0) |
1280 | return -EINVAL; | 1277 | return -EINVAL; |
@@ -1330,8 +1327,9 @@ asmlinkage long sys_setgroups(int gidsetsize, gid_t __user *grouplist) | |||
1330 | */ | 1327 | */ |
1331 | int in_group_p(gid_t grp) | 1328 | int in_group_p(gid_t grp) |
1332 | { | 1329 | { |
1333 | struct cred *cred = current->cred; | 1330 | const struct cred *cred = current_cred(); |
1334 | int retval = 1; | 1331 | int retval = 1; |
1332 | |||
1335 | if (grp != cred->fsgid) | 1333 | if (grp != cred->fsgid) |
1336 | retval = groups_search(cred->group_info, grp); | 1334 | retval = groups_search(cred->group_info, grp); |
1337 | return retval; | 1335 | return retval; |
@@ -1341,8 +1339,9 @@ EXPORT_SYMBOL(in_group_p); | |||
1341 | 1339 | ||
1342 | int in_egroup_p(gid_t grp) | 1340 | int in_egroup_p(gid_t grp) |
1343 | { | 1341 | { |
1344 | struct cred *cred = current->cred; | 1342 | const struct cred *cred = current_cred(); |
1345 | int retval = 1; | 1343 | int retval = 1; |
1344 | |||
1346 | if (grp != cred->egid) | 1345 | if (grp != cred->egid) |
1347 | retval = groups_search(cred->group_info, grp); | 1346 | retval = groups_search(cred->group_info, grp); |
1348 | return retval; | 1347 | return retval; |
diff --git a/kernel/uid16.c b/kernel/uid16.c index 71f07fc39fea..2460c3199b5a 100644 --- a/kernel/uid16.c +++ b/kernel/uid16.c | |||
@@ -84,11 +84,12 @@ asmlinkage long sys_setresuid16(old_uid_t ruid, old_uid_t euid, old_uid_t suid) | |||
84 | 84 | ||
85 | asmlinkage long sys_getresuid16(old_uid_t __user *ruid, old_uid_t __user *euid, old_uid_t __user *suid) | 85 | asmlinkage long sys_getresuid16(old_uid_t __user *ruid, old_uid_t __user *euid, old_uid_t __user *suid) |
86 | { | 86 | { |
87 | const struct cred *cred = current_cred(); | ||
87 | int retval; | 88 | int retval; |
88 | 89 | ||
89 | if (!(retval = put_user(high2lowuid(current->cred->uid), ruid)) && | 90 | if (!(retval = put_user(high2lowuid(cred->uid), ruid)) && |
90 | !(retval = put_user(high2lowuid(current->cred->euid), euid))) | 91 | !(retval = put_user(high2lowuid(cred->euid), euid))) |
91 | retval = put_user(high2lowuid(current->cred->suid), suid); | 92 | retval = put_user(high2lowuid(cred->suid), suid); |
92 | 93 | ||
93 | return retval; | 94 | return retval; |
94 | } | 95 | } |
@@ -104,11 +105,12 @@ asmlinkage long sys_setresgid16(old_gid_t rgid, old_gid_t egid, old_gid_t sgid) | |||
104 | 105 | ||
105 | asmlinkage long sys_getresgid16(old_gid_t __user *rgid, old_gid_t __user *egid, old_gid_t __user *sgid) | 106 | asmlinkage long sys_getresgid16(old_gid_t __user *rgid, old_gid_t __user *egid, old_gid_t __user *sgid) |
106 | { | 107 | { |
108 | const struct cred *cred = current_cred(); | ||
107 | int retval; | 109 | int retval; |
108 | 110 | ||
109 | if (!(retval = put_user(high2lowgid(current->cred->gid), rgid)) && | 111 | if (!(retval = put_user(high2lowgid(cred->gid), rgid)) && |
110 | !(retval = put_user(high2lowgid(current->cred->egid), egid))) | 112 | !(retval = put_user(high2lowgid(cred->egid), egid))) |
111 | retval = put_user(high2lowgid(current->cred->sgid), sgid); | 113 | retval = put_user(high2lowgid(cred->sgid), sgid); |
112 | 114 | ||
113 | return retval; | 115 | return retval; |
114 | } | 116 | } |
@@ -161,25 +163,24 @@ static int groups16_from_user(struct group_info *group_info, | |||
161 | 163 | ||
162 | asmlinkage long sys_getgroups16(int gidsetsize, old_gid_t __user *grouplist) | 164 | asmlinkage long sys_getgroups16(int gidsetsize, old_gid_t __user *grouplist) |
163 | { | 165 | { |
164 | int i = 0; | 166 | const struct cred *cred = current_cred(); |
167 | int i; | ||
165 | 168 | ||
166 | if (gidsetsize < 0) | 169 | if (gidsetsize < 0) |
167 | return -EINVAL; | 170 | return -EINVAL; |
168 | 171 | ||
169 | get_group_info(current->cred->group_info); | 172 | i = cred->group_info->ngroups; |
170 | i = current->cred->group_info->ngroups; | ||
171 | if (gidsetsize) { | 173 | if (gidsetsize) { |
172 | if (i > gidsetsize) { | 174 | if (i > gidsetsize) { |
173 | i = -EINVAL; | 175 | i = -EINVAL; |
174 | goto out; | 176 | goto out; |
175 | } | 177 | } |
176 | if (groups16_to_user(grouplist, current->cred->group_info)) { | 178 | if (groups16_to_user(grouplist, cred->group_info)) { |
177 | i = -EFAULT; | 179 | i = -EFAULT; |
178 | goto out; | 180 | goto out; |
179 | } | 181 | } |
180 | } | 182 | } |
181 | out: | 183 | out: |
182 | put_group_info(current->cred->group_info); | ||
183 | return i; | 184 | return i; |
184 | } | 185 | } |
185 | 186 | ||
@@ -210,20 +211,20 @@ asmlinkage long sys_setgroups16(int gidsetsize, old_gid_t __user *grouplist) | |||
210 | 211 | ||
211 | asmlinkage long sys_getuid16(void) | 212 | asmlinkage long sys_getuid16(void) |
212 | { | 213 | { |
213 | return high2lowuid(current->cred->uid); | 214 | return high2lowuid(current_uid()); |
214 | } | 215 | } |
215 | 216 | ||
216 | asmlinkage long sys_geteuid16(void) | 217 | asmlinkage long sys_geteuid16(void) |
217 | { | 218 | { |
218 | return high2lowuid(current->cred->euid); | 219 | return high2lowuid(current_euid()); |
219 | } | 220 | } |
220 | 221 | ||
221 | asmlinkage long sys_getgid16(void) | 222 | asmlinkage long sys_getgid16(void) |
222 | { | 223 | { |
223 | return high2lowgid(current->cred->gid); | 224 | return high2lowgid(current_gid()); |
224 | } | 225 | } |
225 | 226 | ||
226 | asmlinkage long sys_getegid16(void) | 227 | asmlinkage long sys_getegid16(void) |
227 | { | 228 | { |
228 | return high2lowgid(current->cred->egid); | 229 | return high2lowgid(current_egid()); |
229 | } | 230 | } |
diff --git a/net/core/scm.c b/net/core/scm.c index c28ca32a7d93..f73c44b17dda 100644 --- a/net/core/scm.c +++ b/net/core/scm.c | |||
@@ -44,7 +44,7 @@ | |||
44 | 44 | ||
45 | static __inline__ int scm_check_creds(struct ucred *creds) | 45 | static __inline__ int scm_check_creds(struct ucred *creds) |
46 | { | 46 | { |
47 | struct cred *cred = current->cred; | 47 | const struct cred *cred = current_cred(); |
48 | 48 | ||
49 | if ((creds->pid == task_tgid_vnr(current) || capable(CAP_SYS_ADMIN)) && | 49 | if ((creds->pid == task_tgid_vnr(current) || capable(CAP_SYS_ADMIN)) && |
50 | ((creds->uid == cred->uid || creds->uid == cred->euid || | 50 | ((creds->uid == cred->uid || creds->uid == cred->euid || |
diff --git a/net/sunrpc/auth.c b/net/sunrpc/auth.c index c79543212602..0443f8349458 100644 --- a/net/sunrpc/auth.c +++ b/net/sunrpc/auth.c | |||
@@ -350,16 +350,18 @@ EXPORT_SYMBOL_GPL(rpcauth_lookup_credcache); | |||
350 | struct rpc_cred * | 350 | struct rpc_cred * |
351 | rpcauth_lookupcred(struct rpc_auth *auth, int flags) | 351 | rpcauth_lookupcred(struct rpc_auth *auth, int flags) |
352 | { | 352 | { |
353 | struct auth_cred acred = { | 353 | struct auth_cred acred; |
354 | .uid = current_fsuid(), | ||
355 | .gid = current_fsgid(), | ||
356 | .group_info = current->cred->group_info, | ||
357 | }; | ||
358 | struct rpc_cred *ret; | 354 | struct rpc_cred *ret; |
355 | const struct cred *cred = current_cred(); | ||
359 | 356 | ||
360 | dprintk("RPC: looking up %s cred\n", | 357 | dprintk("RPC: looking up %s cred\n", |
361 | auth->au_ops->au_name); | 358 | auth->au_ops->au_name); |
362 | get_group_info(acred.group_info); | 359 | |
360 | memset(&acred, 0, sizeof(acred)); | ||
361 | acred.uid = cred->fsuid; | ||
362 | acred.gid = cred->fsgid; | ||
363 | acred.group_info = get_group_info(((struct cred *)cred)->group_info); | ||
364 | |||
363 | ret = auth->au_ops->lookup_cred(auth, &acred, flags); | 365 | ret = auth->au_ops->lookup_cred(auth, &acred, flags); |
364 | put_group_info(acred.group_info); | 366 | put_group_info(acred.group_info); |
365 | return ret; | 367 | return ret; |
diff --git a/security/commoncap.c b/security/commoncap.c index fa61679f8c73..61307f590003 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
@@ -641,7 +641,7 @@ int cap_task_setnice (struct task_struct *p, int nice) | |||
641 | int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, | 641 | int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, |
642 | unsigned long arg4, unsigned long arg5, long *rc_p) | 642 | unsigned long arg4, unsigned long arg5, long *rc_p) |
643 | { | 643 | { |
644 | struct cred *cred = current->cred; | 644 | struct cred *cred = current_cred(); |
645 | long error = 0; | 645 | long error = 0; |
646 | 646 | ||
647 | switch (option) { | 647 | switch (option) { |
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index b0904cdda2e7..ce8ac6073d57 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c | |||
@@ -582,7 +582,7 @@ key_ref_t lookup_user_key(key_serial_t id, int create, int partial, | |||
582 | { | 582 | { |
583 | struct request_key_auth *rka; | 583 | struct request_key_auth *rka; |
584 | struct task_struct *t = current; | 584 | struct task_struct *t = current; |
585 | struct cred *cred = t->cred; | 585 | struct cred *cred = current_cred(); |
586 | struct key *key; | 586 | struct key *key; |
587 | key_ref_t key_ref, skey_ref; | 587 | key_ref_t key_ref, skey_ref; |
588 | int ret; | 588 | int ret; |
diff --git a/security/keys/request_key.c b/security/keys/request_key.c index 3e9b9eb1dd28..0488b0af5bd6 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c | |||
@@ -67,6 +67,7 @@ static int call_sbin_request_key(struct key_construction *cons, | |||
67 | void *aux) | 67 | void *aux) |
68 | { | 68 | { |
69 | struct task_struct *tsk = current; | 69 | struct task_struct *tsk = current; |
70 | const struct cred *cred = current_cred(); | ||
70 | key_serial_t prkey, sskey; | 71 | key_serial_t prkey, sskey; |
71 | struct key *key = cons->key, *authkey = cons->authkey, *keyring; | 72 | struct key *key = cons->key, *authkey = cons->authkey, *keyring; |
72 | char *argv[9], *envp[3], uid_str[12], gid_str[12]; | 73 | char *argv[9], *envp[3], uid_str[12], gid_str[12]; |
@@ -96,16 +97,16 @@ static int call_sbin_request_key(struct key_construction *cons, | |||
96 | goto error_link; | 97 | goto error_link; |
97 | 98 | ||
98 | /* record the UID and GID */ | 99 | /* record the UID and GID */ |
99 | sprintf(uid_str, "%d", current_fsuid()); | 100 | sprintf(uid_str, "%d", cred->fsuid); |
100 | sprintf(gid_str, "%d", current_fsgid()); | 101 | sprintf(gid_str, "%d", cred->fsgid); |
101 | 102 | ||
102 | /* we say which key is under construction */ | 103 | /* we say which key is under construction */ |
103 | sprintf(key_str, "%d", key->serial); | 104 | sprintf(key_str, "%d", key->serial); |
104 | 105 | ||
105 | /* we specify the process's default keyrings */ | 106 | /* we specify the process's default keyrings */ |
106 | sprintf(keyring_str[0], "%d", | 107 | sprintf(keyring_str[0], "%d", |
107 | tsk->cred->thread_keyring ? | 108 | cred->thread_keyring ? |
108 | tsk->cred->thread_keyring->serial : 0); | 109 | cred->thread_keyring->serial : 0); |
109 | 110 | ||
110 | prkey = 0; | 111 | prkey = 0; |
111 | if (tsk->signal->process_keyring) | 112 | if (tsk->signal->process_keyring) |
@@ -118,7 +119,7 @@ static int call_sbin_request_key(struct key_construction *cons, | |||
118 | sskey = rcu_dereference(tsk->signal->session_keyring)->serial; | 119 | sskey = rcu_dereference(tsk->signal->session_keyring)->serial; |
119 | rcu_read_unlock(); | 120 | rcu_read_unlock(); |
120 | } else { | 121 | } else { |
121 | sskey = tsk->cred->user->session_keyring->serial; | 122 | sskey = cred->user->session_keyring->serial; |
122 | } | 123 | } |
123 | 124 | ||
124 | sprintf(keyring_str[2], "%d", sskey); | 125 | sprintf(keyring_str[2], "%d", sskey); |
diff --git a/security/selinux/exports.c b/security/selinux/exports.c index cf02490cd1eb..c73aeaa008e8 100644 --- a/security/selinux/exports.c +++ b/security/selinux/exports.c | |||
@@ -39,9 +39,13 @@ EXPORT_SYMBOL_GPL(selinux_string_to_sid); | |||
39 | int selinux_secmark_relabel_packet_permission(u32 sid) | 39 | int selinux_secmark_relabel_packet_permission(u32 sid) |
40 | { | 40 | { |
41 | if (selinux_enabled) { | 41 | if (selinux_enabled) { |
42 | struct task_security_struct *tsec = current->cred->security; | 42 | const struct task_security_struct *__tsec; |
43 | u32 tsid; | ||
43 | 44 | ||
44 | return avc_has_perm(tsec->sid, sid, SECCLASS_PACKET, | 45 | __tsec = current_security(); |
46 | tsid = __tsec->sid; | ||
47 | |||
48 | return avc_has_perm(tsid, sid, SECCLASS_PACKET, | ||
45 | PACKET__RELABELTO, NULL); | 49 | PACKET__RELABELTO, NULL); |
46 | } | 50 | } |
47 | return 0; | 51 | return 0; |
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index d7db76617b0e..c0eb72013d67 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c | |||
@@ -197,7 +197,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp, | |||
197 | struct xfrm_user_sec_ctx *uctx, u32 sid) | 197 | struct xfrm_user_sec_ctx *uctx, u32 sid) |
198 | { | 198 | { |
199 | int rc = 0; | 199 | int rc = 0; |
200 | struct task_security_struct *tsec = current->cred->security; | 200 | const struct task_security_struct *tsec = current_security(); |
201 | struct xfrm_sec_ctx *ctx = NULL; | 201 | struct xfrm_sec_ctx *ctx = NULL; |
202 | char *ctx_str = NULL; | 202 | char *ctx_str = NULL; |
203 | u32 str_len; | 203 | u32 str_len; |
@@ -333,7 +333,7 @@ void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx) | |||
333 | */ | 333 | */ |
334 | int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx) | 334 | int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx) |
335 | { | 335 | { |
336 | struct task_security_struct *tsec = current->cred->security; | 336 | const struct task_security_struct *tsec = current_security(); |
337 | int rc = 0; | 337 | int rc = 0; |
338 | 338 | ||
339 | if (ctx) { | 339 | if (ctx) { |
@@ -378,7 +378,7 @@ void selinux_xfrm_state_free(struct xfrm_state *x) | |||
378 | */ | 378 | */ |
379 | int selinux_xfrm_state_delete(struct xfrm_state *x) | 379 | int selinux_xfrm_state_delete(struct xfrm_state *x) |
380 | { | 380 | { |
381 | struct task_security_struct *tsec = current->cred->security; | 381 | const struct task_security_struct *tsec = current_security(); |
382 | struct xfrm_sec_ctx *ctx = x->security; | 382 | struct xfrm_sec_ctx *ctx = x->security; |
383 | int rc = 0; | 383 | int rc = 0; |
384 | 384 | ||
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index b6dd4fc0fb0b..247cec3b5a43 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c | |||
@@ -164,7 +164,7 @@ int smk_curacc(char *obj_label, u32 mode) | |||
164 | { | 164 | { |
165 | int rc; | 165 | int rc; |
166 | 166 | ||
167 | rc = smk_access(current->cred->security, obj_label, mode); | 167 | rc = smk_access(current_security(), obj_label, mode); |
168 | if (rc == 0) | 168 | if (rc == 0) |
169 | return 0; | 169 | return 0; |
170 | 170 | ||
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index cc837314fb0e..e8a4fcb1ad04 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
@@ -143,7 +143,7 @@ static int smack_ptrace_traceme(struct task_struct *ptp) | |||
143 | static int smack_syslog(int type) | 143 | static int smack_syslog(int type) |
144 | { | 144 | { |
145 | int rc; | 145 | int rc; |
146 | char *sp = current->cred->security; | 146 | char *sp = current_security(); |
147 | 147 | ||
148 | rc = cap_syslog(type); | 148 | rc = cap_syslog(type); |
149 | if (rc != 0) | 149 | if (rc != 0) |
@@ -375,7 +375,7 @@ static int smack_sb_umount(struct vfsmount *mnt, int flags) | |||
375 | */ | 375 | */ |
376 | static int smack_inode_alloc_security(struct inode *inode) | 376 | static int smack_inode_alloc_security(struct inode *inode) |
377 | { | 377 | { |
378 | inode->i_security = new_inode_smack(current->cred->security); | 378 | inode->i_security = new_inode_smack(current_security()); |
379 | if (inode->i_security == NULL) | 379 | if (inode->i_security == NULL) |
380 | return -ENOMEM; | 380 | return -ENOMEM; |
381 | return 0; | 381 | return 0; |
@@ -820,7 +820,7 @@ static int smack_file_permission(struct file *file, int mask) | |||
820 | */ | 820 | */ |
821 | static int smack_file_alloc_security(struct file *file) | 821 | static int smack_file_alloc_security(struct file *file) |
822 | { | 822 | { |
823 | file->f_security = current->cred->security; | 823 | file->f_security = current_security(); |
824 | return 0; | 824 | return 0; |
825 | } | 825 | } |
826 | 826 | ||
@@ -918,7 +918,7 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd, | |||
918 | */ | 918 | */ |
919 | static int smack_file_set_fowner(struct file *file) | 919 | static int smack_file_set_fowner(struct file *file) |
920 | { | 920 | { |
921 | file->f_security = current->cred->security; | 921 | file->f_security = current_security(); |
922 | return 0; | 922 | return 0; |
923 | } | 923 | } |
924 | 924 | ||
@@ -986,8 +986,7 @@ static int smack_file_receive(struct file *file) | |||
986 | */ | 986 | */ |
987 | static int smack_cred_alloc_security(struct cred *cred) | 987 | static int smack_cred_alloc_security(struct cred *cred) |
988 | { | 988 | { |
989 | cred->security = current->cred->security; | 989 | cred->security = current_security(); |
990 | |||
991 | return 0; | 990 | return 0; |
992 | } | 991 | } |
993 | 992 | ||
@@ -1225,7 +1224,7 @@ static void smack_task_to_inode(struct task_struct *p, struct inode *inode) | |||
1225 | */ | 1224 | */ |
1226 | static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) | 1225 | static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) |
1227 | { | 1226 | { |
1228 | char *csp = current->cred->security; | 1227 | char *csp = current_security(); |
1229 | struct socket_smack *ssp; | 1228 | struct socket_smack *ssp; |
1230 | 1229 | ||
1231 | ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); | 1230 | ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); |
@@ -1450,7 +1449,7 @@ static int smack_flags_to_may(int flags) | |||
1450 | */ | 1449 | */ |
1451 | static int smack_msg_msg_alloc_security(struct msg_msg *msg) | 1450 | static int smack_msg_msg_alloc_security(struct msg_msg *msg) |
1452 | { | 1451 | { |
1453 | msg->security = current->cred->security; | 1452 | msg->security = current_security(); |
1454 | return 0; | 1453 | return 0; |
1455 | } | 1454 | } |
1456 | 1455 | ||
@@ -1486,7 +1485,7 @@ static int smack_shm_alloc_security(struct shmid_kernel *shp) | |||
1486 | { | 1485 | { |
1487 | struct kern_ipc_perm *isp = &shp->shm_perm; | 1486 | struct kern_ipc_perm *isp = &shp->shm_perm; |
1488 | 1487 | ||
1489 | isp->security = current->cred->security; | 1488 | isp->security = current_security(); |
1490 | return 0; | 1489 | return 0; |
1491 | } | 1490 | } |
1492 | 1491 | ||
@@ -1595,7 +1594,7 @@ static int smack_sem_alloc_security(struct sem_array *sma) | |||
1595 | { | 1594 | { |
1596 | struct kern_ipc_perm *isp = &sma->sem_perm; | 1595 | struct kern_ipc_perm *isp = &sma->sem_perm; |
1597 | 1596 | ||
1598 | isp->security = current->cred->security; | 1597 | isp->security = current_security(); |
1599 | return 0; | 1598 | return 0; |
1600 | } | 1599 | } |
1601 | 1600 | ||
@@ -1699,7 +1698,7 @@ static int smack_msg_queue_alloc_security(struct msg_queue *msq) | |||
1699 | { | 1698 | { |
1700 | struct kern_ipc_perm *kisp = &msq->q_perm; | 1699 | struct kern_ipc_perm *kisp = &msq->q_perm; |
1701 | 1700 | ||
1702 | kisp->security = current->cred->security; | 1701 | kisp->security = current_security(); |
1703 | return 0; | 1702 | return 0; |
1704 | } | 1703 | } |
1705 | 1704 | ||
@@ -1854,7 +1853,7 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) | |||
1854 | struct super_block *sbp; | 1853 | struct super_block *sbp; |
1855 | struct superblock_smack *sbsp; | 1854 | struct superblock_smack *sbsp; |
1856 | struct inode_smack *isp; | 1855 | struct inode_smack *isp; |
1857 | char *csp = current->cred->security; | 1856 | char *csp = current_security(); |
1858 | char *fetched; | 1857 | char *fetched; |
1859 | char *final; | 1858 | char *final; |
1860 | struct dentry *dp; | 1859 | struct dentry *dp; |
@@ -2290,8 +2289,7 @@ static void smack_sock_graft(struct sock *sk, struct socket *parent) | |||
2290 | return; | 2289 | return; |
2291 | 2290 | ||
2292 | ssp = sk->sk_security; | 2291 | ssp = sk->sk_security; |
2293 | ssp->smk_in = current->cred->security; | 2292 | ssp->smk_in = ssp->smk_out = current_security(); |
2294 | ssp->smk_out = current->cred->security; | ||
2295 | ssp->smk_packet[0] = '\0'; | 2293 | ssp->smk_packet[0] = '\0'; |
2296 | 2294 | ||
2297 | rc = smack_netlabel(sk); | 2295 | rc = smack_netlabel(sk); |
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index c5ca279e0506..ca257dfdc75d 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c | |||
@@ -336,7 +336,7 @@ static void smk_cipso_doi(void) | |||
336 | 336 | ||
337 | audit_info.loginuid = audit_get_loginuid(current); | 337 | audit_info.loginuid = audit_get_loginuid(current); |
338 | audit_info.sessionid = audit_get_sessionid(current); | 338 | audit_info.sessionid = audit_get_sessionid(current); |
339 | audit_info.secid = smack_to_secid(current->cred->security); | 339 | audit_info.secid = smack_to_secid(current_security()); |
340 | 340 | ||
341 | rc = netlbl_cfg_map_del(NULL, &audit_info); | 341 | rc = netlbl_cfg_map_del(NULL, &audit_info); |
342 | if (rc != 0) | 342 | if (rc != 0) |
@@ -371,7 +371,7 @@ static void smk_unlbl_ambient(char *oldambient) | |||
371 | 371 | ||
372 | audit_info.loginuid = audit_get_loginuid(current); | 372 | audit_info.loginuid = audit_get_loginuid(current); |
373 | audit_info.sessionid = audit_get_sessionid(current); | 373 | audit_info.sessionid = audit_get_sessionid(current); |
374 | audit_info.secid = smack_to_secid(current->cred->security); | 374 | audit_info.secid = smack_to_secid(current_security()); |
375 | 375 | ||
376 | if (oldambient != NULL) { | 376 | if (oldambient != NULL) { |
377 | rc = netlbl_cfg_map_del(oldambient, &audit_info); | 377 | rc = netlbl_cfg_map_del(oldambient, &audit_info); |