aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2011-11-17 00:52:53 -0500
committerEric W. Biederman <ebiederm@xmission.com>2012-04-07 19:55:52 -0400
commit0093ccb68f3753c0ba4d74c89d7e0f444b8d6123 (patch)
treea6fc0ea2a6dfc338fa8fc7126005f40109ef8dce
parentc4a4d603796c727b9555867571f89483be9c565e (diff)
cred: Refcount the user_ns pointed to by the cred.
struct user_struct will shortly loose it's user_ns reference so make the cred user_ns reference a proper reference complete with reference counting. Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
-rw-r--r--include/linux/cred.h2
-rw-r--r--kernel/cred.c8
-rw-r--r--kernel/user_namespace.c8
-rw-r--r--security/keys/process_keys.c2
4 files changed, 10 insertions, 10 deletions
diff --git a/include/linux/cred.h b/include/linux/cred.h
index d12c4e475c15..2c60ec802678 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -146,7 +146,7 @@ struct cred {
146 void *security; /* subjective LSM security */ 146 void *security; /* subjective LSM security */
147#endif 147#endif
148 struct user_struct *user; /* real user ID subscription */ 148 struct user_struct *user; /* real user ID subscription */
149 struct user_namespace *user_ns; /* cached user->user_ns */ 149 struct user_namespace *user_ns; /* user_ns the caps and keyrings are relative to. */
150 struct group_info *group_info; /* supplementary groups for euid/fsgid */ 150 struct group_info *group_info; /* supplementary groups for euid/fsgid */
151 struct rcu_head rcu; /* RCU deletion hook */ 151 struct rcu_head rcu; /* RCU deletion hook */
152}; 152};
diff --git a/kernel/cred.c b/kernel/cred.c
index 97b36eeca4c9..7a0d80669886 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -148,6 +148,7 @@ static void put_cred_rcu(struct rcu_head *rcu)
148 if (cred->group_info) 148 if (cred->group_info)
149 put_group_info(cred->group_info); 149 put_group_info(cred->group_info);
150 free_uid(cred->user); 150 free_uid(cred->user);
151 put_user_ns(cred->user_ns);
151 kmem_cache_free(cred_jar, cred); 152 kmem_cache_free(cred_jar, cred);
152} 153}
153 154
@@ -303,6 +304,7 @@ struct cred *prepare_creds(void)
303 set_cred_subscribers(new, 0); 304 set_cred_subscribers(new, 0);
304 get_group_info(new->group_info); 305 get_group_info(new->group_info);
305 get_uid(new->user); 306 get_uid(new->user);
307 get_user_ns(new->user_ns);
306 308
307#ifdef CONFIG_KEYS 309#ifdef CONFIG_KEYS
308 key_get(new->thread_keyring); 310 key_get(new->thread_keyring);
@@ -412,11 +414,6 @@ int copy_creds(struct task_struct *p, unsigned long clone_flags)
412 goto error_put; 414 goto error_put;
413 } 415 }
414 416
415 /* cache user_ns in cred. Doesn't need a refcount because it will
416 * stay pinned by cred->user
417 */
418 new->user_ns = new->user->user_ns;
419
420#ifdef CONFIG_KEYS 417#ifdef CONFIG_KEYS
421 /* new threads get their own thread keyrings if their parent already 418 /* new threads get their own thread keyrings if their parent already
422 * had one */ 419 * had one */
@@ -676,6 +673,7 @@ struct cred *prepare_kernel_cred(struct task_struct *daemon)
676 atomic_set(&new->usage, 1); 673 atomic_set(&new->usage, 1);
677 set_cred_subscribers(new, 0); 674 set_cred_subscribers(new, 0);
678 get_uid(new->user); 675 get_uid(new->user);
676 get_user_ns(new->user_ns);
679 get_group_info(new->group_info); 677 get_group_info(new->group_info);
680 678
681#ifdef CONFIG_KEYS 679#ifdef CONFIG_KEYS
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index f084083a0fd3..58bb8781a778 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -24,7 +24,7 @@ static struct kmem_cache *user_ns_cachep __read_mostly;
24 */ 24 */
25int create_user_ns(struct cred *new) 25int create_user_ns(struct cred *new)
26{ 26{
27 struct user_namespace *ns; 27 struct user_namespace *ns, *parent_ns = new->user_ns;
28 struct user_struct *root_user; 28 struct user_struct *root_user;
29 int n; 29 int n;
30 30
@@ -57,8 +57,10 @@ int create_user_ns(struct cred *new)
57#endif 57#endif
58 /* tgcred will be cleared in our caller bc CLONE_THREAD won't be set */ 58 /* tgcred will be cleared in our caller bc CLONE_THREAD won't be set */
59 59
60 /* root_user holds a reference to ns, our reference can be dropped */ 60 /* Leave the reference to our user_ns with the new cred */
61 put_user_ns(ns); 61 new->user_ns = ns;
62
63 put_user_ns(parent_ns);
62 64
63 return 0; 65 return 0;
64} 66}
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index 70febff06da9..447fb7618ff3 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -858,7 +858,7 @@ void key_replace_session_keyring(void)
858 new-> sgid = old-> sgid; 858 new-> sgid = old-> sgid;
859 new->fsgid = old->fsgid; 859 new->fsgid = old->fsgid;
860 new->user = get_uid(old->user); 860 new->user = get_uid(old->user);
861 new->user_ns = new->user_ns; 861 new->user_ns = get_user_ns(new->user_ns);
862 new->group_info = get_group_info(old->group_info); 862 new->group_info = get_group_info(old->group_info);
863 863
864 new->securebits = old->securebits; 864 new->securebits = old->securebits;