CRED: Use RCU to access another task's creds and to release a task's own creds

Use RCU to access another task's creds and to release a task's own creds.
This means that it will be possible for the credentials of a task to be
replaced without another task (a) requiring a full lock to read them, and (b)
seeing deallocated memory.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>

1 files changed, 11 insertions, 4 deletions

diff --git a/fs/fcntl.c b/fs/fcntl.c
index c594cc0e40fb..87c39f1f0817 100644
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
@@ -401,10 +401,17 @@ static const long band_table[NSIGPOLL] = {
 static inline int sigio_perm(struct task_struct *p,
                              struct fown_struct *fown, int sig)
 {
-        return (((fown->euid == 0) ||
-                 (fown->euid == p->cred->suid) || (fown->euid == p->cred->uid) ||
-                 (fown->uid == p->cred->suid) || (fown->uid == p->cred->uid)) &&
-                !security_file_send_sigiotask(p, fown, sig));
+        const struct cred *cred;
+        int ret;
+
+        rcu_read_lock();
+        cred = __task_cred(p);
+        ret = ((fown->euid == 0 ||
+                fown->euid == cred->suid || fown->euid == cred->uid ||
+                fown->uid  == cred->suid || fown->uid  == cred->uid) &&
+               !security_file_send_sigiotask(p, fown, sig));
+        rcu_read_unlock();
+        return ret;
 }
 
 static void send_sigio_to_task(struct task_struct *p,