diff options
author | David Howells <dhowells@redhat.com> | 2008-11-13 18:39:16 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-11-13 18:39:16 -0500 |
commit | b6dff3ec5e116e3af6f537d4caedcad6b9e5082a (patch) | |
tree | 9e76f972eb7ce9b84e0146c8e4126a3f86acb428 /fs | |
parent | 15a2460ed0af7538ca8e6c610fe607a2cd9da142 (diff) |
CRED: Separate task security context from task_struct
Separate the task security context from task_struct. At this point, the
security data is temporarily embedded in the task_struct with two pointers
pointing to it.
Note that the Alpha arch is altered as it refers to (E)UID and (E)GID in
entry.S via asm-offsets.
With comment fixes Signed-off-by: Marc Dionne <marc.c.dionne@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/binfmt_elf.c | 12 | ||||
-rw-r--r-- | fs/binfmt_elf_fdpic.c | 12 | ||||
-rw-r--r-- | fs/exec.c | 4 | ||||
-rw-r--r-- | fs/fcntl.c | 4 | ||||
-rw-r--r-- | fs/file_table.c | 4 | ||||
-rw-r--r-- | fs/fuse/dir.c | 12 | ||||
-rw-r--r-- | fs/hugetlbfs/inode.c | 4 | ||||
-rw-r--r-- | fs/ioprio.c | 12 | ||||
-rw-r--r-- | fs/nfsd/auth.c | 22 | ||||
-rw-r--r-- | fs/nfsd/nfs4recover.c | 12 | ||||
-rw-r--r-- | fs/nfsd/nfsfh.c | 6 | ||||
-rw-r--r-- | fs/open.c | 17 | ||||
-rw-r--r-- | fs/proc/array.c | 18 | ||||
-rw-r--r-- | fs/proc/base.c | 16 | ||||
-rw-r--r-- | fs/xfs/linux-2.6/xfs_cred.h | 6 | ||||
-rw-r--r-- | fs/xfs/linux-2.6/xfs_globals.h | 2 | ||||
-rw-r--r-- | fs/xfs/xfs_inode.h | 2 | ||||
-rw-r--r-- | fs/xfs/xfs_vnodeops.h | 10 |
18 files changed, 89 insertions, 86 deletions
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 8fcfa398d350..7a52477ce493 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c | |||
@@ -223,10 +223,10 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, | |||
223 | NEW_AUX_ENT(AT_BASE, interp_load_addr); | 223 | NEW_AUX_ENT(AT_BASE, interp_load_addr); |
224 | NEW_AUX_ENT(AT_FLAGS, 0); | 224 | NEW_AUX_ENT(AT_FLAGS, 0); |
225 | NEW_AUX_ENT(AT_ENTRY, exec->e_entry); | 225 | NEW_AUX_ENT(AT_ENTRY, exec->e_entry); |
226 | NEW_AUX_ENT(AT_UID, tsk->uid); | 226 | NEW_AUX_ENT(AT_UID, tsk->cred->uid); |
227 | NEW_AUX_ENT(AT_EUID, tsk->euid); | 227 | NEW_AUX_ENT(AT_EUID, tsk->cred->euid); |
228 | NEW_AUX_ENT(AT_GID, tsk->gid); | 228 | NEW_AUX_ENT(AT_GID, tsk->cred->gid); |
229 | NEW_AUX_ENT(AT_EGID, tsk->egid); | 229 | NEW_AUX_ENT(AT_EGID, tsk->cred->egid); |
230 | NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm)); | 230 | NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm)); |
231 | NEW_AUX_ENT(AT_EXECFN, bprm->exec); | 231 | NEW_AUX_ENT(AT_EXECFN, bprm->exec); |
232 | if (k_platform) { | 232 | if (k_platform) { |
@@ -1388,8 +1388,8 @@ static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p, | |||
1388 | psinfo->pr_zomb = psinfo->pr_sname == 'Z'; | 1388 | psinfo->pr_zomb = psinfo->pr_sname == 'Z'; |
1389 | psinfo->pr_nice = task_nice(p); | 1389 | psinfo->pr_nice = task_nice(p); |
1390 | psinfo->pr_flag = p->flags; | 1390 | psinfo->pr_flag = p->flags; |
1391 | SET_UID(psinfo->pr_uid, p->uid); | 1391 | SET_UID(psinfo->pr_uid, p->cred->uid); |
1392 | SET_GID(psinfo->pr_gid, p->gid); | 1392 | SET_GID(psinfo->pr_gid, p->cred->gid); |
1393 | strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname)); | 1393 | strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname)); |
1394 | 1394 | ||
1395 | return 0; | 1395 | return 0; |
diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c index 488584c87512..9f67054c2c4e 100644 --- a/fs/binfmt_elf_fdpic.c +++ b/fs/binfmt_elf_fdpic.c | |||
@@ -623,10 +623,10 @@ static int create_elf_fdpic_tables(struct linux_binprm *bprm, | |||
623 | NEW_AUX_ENT(AT_BASE, interp_params->elfhdr_addr); | 623 | NEW_AUX_ENT(AT_BASE, interp_params->elfhdr_addr); |
624 | NEW_AUX_ENT(AT_FLAGS, 0); | 624 | NEW_AUX_ENT(AT_FLAGS, 0); |
625 | NEW_AUX_ENT(AT_ENTRY, exec_params->entry_addr); | 625 | NEW_AUX_ENT(AT_ENTRY, exec_params->entry_addr); |
626 | NEW_AUX_ENT(AT_UID, (elf_addr_t) current_uid()); | 626 | NEW_AUX_ENT(AT_UID, (elf_addr_t) current->cred->uid); |
627 | NEW_AUX_ENT(AT_EUID, (elf_addr_t) current_euid()); | 627 | NEW_AUX_ENT(AT_EUID, (elf_addr_t) current->cred->euid); |
628 | NEW_AUX_ENT(AT_GID, (elf_addr_t) current_gid()); | 628 | NEW_AUX_ENT(AT_GID, (elf_addr_t) current->cred->gid); |
629 | NEW_AUX_ENT(AT_EGID, (elf_addr_t) current_egid()); | 629 | NEW_AUX_ENT(AT_EGID, (elf_addr_t) current->cred->egid); |
630 | NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm)); | 630 | NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm)); |
631 | NEW_AUX_ENT(AT_EXECFN, bprm->exec); | 631 | NEW_AUX_ENT(AT_EXECFN, bprm->exec); |
632 | 632 | ||
@@ -1440,8 +1440,8 @@ static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p, | |||
1440 | psinfo->pr_zomb = psinfo->pr_sname == 'Z'; | 1440 | psinfo->pr_zomb = psinfo->pr_sname == 'Z'; |
1441 | psinfo->pr_nice = task_nice(p); | 1441 | psinfo->pr_nice = task_nice(p); |
1442 | psinfo->pr_flag = p->flags; | 1442 | psinfo->pr_flag = p->flags; |
1443 | SET_UID(psinfo->pr_uid, p->uid); | 1443 | SET_UID(psinfo->pr_uid, p->cred->uid); |
1444 | SET_GID(psinfo->pr_gid, p->gid); | 1444 | SET_GID(psinfo->pr_gid, p->cred->gid); |
1445 | strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname)); | 1445 | strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname)); |
1446 | 1446 | ||
1447 | return 0; | 1447 | return 0; |
@@ -1738,7 +1738,7 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs) | |||
1738 | */ | 1738 | */ |
1739 | if (get_dumpable(mm) == 2) { /* Setuid core dump mode */ | 1739 | if (get_dumpable(mm) == 2) { /* Setuid core dump mode */ |
1740 | flag = O_EXCL; /* Stop rewrite attacks */ | 1740 | flag = O_EXCL; /* Stop rewrite attacks */ |
1741 | current->fsuid = 0; /* Dump root private */ | 1741 | current->cred->fsuid = 0; /* Dump root private */ |
1742 | } | 1742 | } |
1743 | 1743 | ||
1744 | retval = coredump_wait(exit_code, &core_state); | 1744 | retval = coredump_wait(exit_code, &core_state); |
@@ -1834,7 +1834,7 @@ fail_unlock: | |||
1834 | if (helper_argv) | 1834 | if (helper_argv) |
1835 | argv_free(helper_argv); | 1835 | argv_free(helper_argv); |
1836 | 1836 | ||
1837 | current->fsuid = fsuid; | 1837 | current->cred->fsuid = fsuid; |
1838 | coredump_finish(mm); | 1838 | coredump_finish(mm); |
1839 | fail: | 1839 | fail: |
1840 | return retval; | 1840 | return retval; |
diff --git a/fs/fcntl.c b/fs/fcntl.c index bf049a805e59..63964d863ad6 100644 --- a/fs/fcntl.c +++ b/fs/fcntl.c | |||
@@ -401,8 +401,8 @@ static inline int sigio_perm(struct task_struct *p, | |||
401 | struct fown_struct *fown, int sig) | 401 | struct fown_struct *fown, int sig) |
402 | { | 402 | { |
403 | return (((fown->euid == 0) || | 403 | return (((fown->euid == 0) || |
404 | (fown->euid == p->suid) || (fown->euid == p->uid) || | 404 | (fown->euid == p->cred->suid) || (fown->euid == p->cred->uid) || |
405 | (fown->uid == p->suid) || (fown->uid == p->uid)) && | 405 | (fown->uid == p->cred->suid) || (fown->uid == p->cred->uid)) && |
406 | !security_file_send_sigiotask(p, fown, sig)); | 406 | !security_file_send_sigiotask(p, fown, sig)); |
407 | } | 407 | } |
408 | 408 | ||
diff --git a/fs/file_table.c b/fs/file_table.c index 5ad0eca6eea2..3152b53cfab0 100644 --- a/fs/file_table.c +++ b/fs/file_table.c | |||
@@ -122,8 +122,8 @@ struct file *get_empty_filp(void) | |||
122 | INIT_LIST_HEAD(&f->f_u.fu_list); | 122 | INIT_LIST_HEAD(&f->f_u.fu_list); |
123 | atomic_long_set(&f->f_count, 1); | 123 | atomic_long_set(&f->f_count, 1); |
124 | rwlock_init(&f->f_owner.lock); | 124 | rwlock_init(&f->f_owner.lock); |
125 | f->f_uid = tsk->fsuid; | 125 | f->f_uid = tsk->cred->fsuid; |
126 | f->f_gid = tsk->fsgid; | 126 | f->f_gid = tsk->cred->fsgid; |
127 | eventpoll_init_file(f); | 127 | eventpoll_init_file(f); |
128 | /* f->f_version: 0 */ | 128 | /* f->f_version: 0 */ |
129 | return f; | 129 | return f; |
diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c index fd03330cadeb..e97a98981862 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c | |||
@@ -872,12 +872,12 @@ int fuse_allow_task(struct fuse_conn *fc, struct task_struct *task) | |||
872 | if (fc->flags & FUSE_ALLOW_OTHER) | 872 | if (fc->flags & FUSE_ALLOW_OTHER) |
873 | return 1; | 873 | return 1; |
874 | 874 | ||
875 | if (task->euid == fc->user_id && | 875 | if (task->cred->euid == fc->user_id && |
876 | task->suid == fc->user_id && | 876 | task->cred->suid == fc->user_id && |
877 | task->uid == fc->user_id && | 877 | task->cred->uid == fc->user_id && |
878 | task->egid == fc->group_id && | 878 | task->cred->egid == fc->group_id && |
879 | task->sgid == fc->group_id && | 879 | task->cred->sgid == fc->group_id && |
880 | task->gid == fc->group_id) | 880 | task->cred->gid == fc->group_id) |
881 | return 1; | 881 | return 1; |
882 | 882 | ||
883 | return 0; | 883 | return 0; |
diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c index 08ad76c79b49..870a721b8bd2 100644 --- a/fs/hugetlbfs/inode.c +++ b/fs/hugetlbfs/inode.c | |||
@@ -958,7 +958,7 @@ struct file *hugetlb_file_setup(const char *name, size_t size) | |||
958 | if (!can_do_hugetlb_shm()) | 958 | if (!can_do_hugetlb_shm()) |
959 | return ERR_PTR(-EPERM); | 959 | return ERR_PTR(-EPERM); |
960 | 960 | ||
961 | if (!user_shm_lock(size, current->user)) | 961 | if (!user_shm_lock(size, current->cred->user)) |
962 | return ERR_PTR(-ENOMEM); | 962 | return ERR_PTR(-ENOMEM); |
963 | 963 | ||
964 | root = hugetlbfs_vfsmount->mnt_root; | 964 | root = hugetlbfs_vfsmount->mnt_root; |
@@ -998,7 +998,7 @@ out_inode: | |||
998 | out_dentry: | 998 | out_dentry: |
999 | dput(dentry); | 999 | dput(dentry); |
1000 | out_shm_unlock: | 1000 | out_shm_unlock: |
1001 | user_shm_unlock(size, current->user); | 1001 | user_shm_unlock(size, current->cred->user); |
1002 | return ERR_PTR(error); | 1002 | return ERR_PTR(error); |
1003 | } | 1003 | } |
1004 | 1004 | ||
diff --git a/fs/ioprio.c b/fs/ioprio.c index 68d2cd807118..bb5210af77c2 100644 --- a/fs/ioprio.c +++ b/fs/ioprio.c | |||
@@ -32,8 +32,8 @@ static int set_task_ioprio(struct task_struct *task, int ioprio) | |||
32 | int err; | 32 | int err; |
33 | struct io_context *ioc; | 33 | struct io_context *ioc; |
34 | 34 | ||
35 | if (task->uid != current_euid() && | 35 | if (task->cred->uid != current_euid() && |
36 | task->uid != current_uid() && !capable(CAP_SYS_NICE)) | 36 | task->cred->uid != current_uid() && !capable(CAP_SYS_NICE)) |
37 | return -EPERM; | 37 | return -EPERM; |
38 | 38 | ||
39 | err = security_task_setioprio(task, ioprio); | 39 | err = security_task_setioprio(task, ioprio); |
@@ -123,7 +123,7 @@ asmlinkage long sys_ioprio_set(int which, int who, int ioprio) | |||
123 | break; | 123 | break; |
124 | case IOPRIO_WHO_USER: | 124 | case IOPRIO_WHO_USER: |
125 | if (!who) | 125 | if (!who) |
126 | user = current->user; | 126 | user = current->cred->user; |
127 | else | 127 | else |
128 | user = find_user(who); | 128 | user = find_user(who); |
129 | 129 | ||
@@ -131,7 +131,7 @@ asmlinkage long sys_ioprio_set(int which, int who, int ioprio) | |||
131 | break; | 131 | break; |
132 | 132 | ||
133 | do_each_thread(g, p) { | 133 | do_each_thread(g, p) { |
134 | if (p->uid != who) | 134 | if (p->cred->uid != who) |
135 | continue; | 135 | continue; |
136 | ret = set_task_ioprio(p, ioprio); | 136 | ret = set_task_ioprio(p, ioprio); |
137 | if (ret) | 137 | if (ret) |
@@ -216,7 +216,7 @@ asmlinkage long sys_ioprio_get(int which, int who) | |||
216 | break; | 216 | break; |
217 | case IOPRIO_WHO_USER: | 217 | case IOPRIO_WHO_USER: |
218 | if (!who) | 218 | if (!who) |
219 | user = current->user; | 219 | user = current->cred->user; |
220 | else | 220 | else |
221 | user = find_user(who); | 221 | user = find_user(who); |
222 | 222 | ||
@@ -224,7 +224,7 @@ asmlinkage long sys_ioprio_get(int which, int who) | |||
224 | break; | 224 | break; |
225 | 225 | ||
226 | do_each_thread(g, p) { | 226 | do_each_thread(g, p) { |
227 | if (p->uid != user->uid) | 227 | if (p->cred->uid != user->uid) |
228 | continue; | 228 | continue; |
229 | tmpio = get_task_ioprio(p); | 229 | tmpio = get_task_ioprio(p); |
230 | if (tmpio < 0) | 230 | if (tmpio < 0) |
diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c index 294992e9bf69..808fc03a6fbd 100644 --- a/fs/nfsd/auth.c +++ b/fs/nfsd/auth.c | |||
@@ -27,6 +27,7 @@ int nfsexp_flags(struct svc_rqst *rqstp, struct svc_export *exp) | |||
27 | 27 | ||
28 | int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp) | 28 | int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp) |
29 | { | 29 | { |
30 | struct cred *act_as = current->cred ; | ||
30 | struct svc_cred cred = rqstp->rq_cred; | 31 | struct svc_cred cred = rqstp->rq_cred; |
31 | int i; | 32 | int i; |
32 | int flags = nfsexp_flags(rqstp, exp); | 33 | int flags = nfsexp_flags(rqstp, exp); |
@@ -55,25 +56,26 @@ int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp) | |||
55 | get_group_info(cred.cr_group_info); | 56 | get_group_info(cred.cr_group_info); |
56 | 57 | ||
57 | if (cred.cr_uid != (uid_t) -1) | 58 | if (cred.cr_uid != (uid_t) -1) |
58 | current->fsuid = cred.cr_uid; | 59 | act_as->fsuid = cred.cr_uid; |
59 | else | 60 | else |
60 | current->fsuid = exp->ex_anon_uid; | 61 | act_as->fsuid = exp->ex_anon_uid; |
61 | if (cred.cr_gid != (gid_t) -1) | 62 | if (cred.cr_gid != (gid_t) -1) |
62 | current->fsgid = cred.cr_gid; | 63 | act_as->fsgid = cred.cr_gid; |
63 | else | 64 | else |
64 | current->fsgid = exp->ex_anon_gid; | 65 | act_as->fsgid = exp->ex_anon_gid; |
65 | 66 | ||
66 | if (!cred.cr_group_info) | 67 | if (!cred.cr_group_info) |
67 | return -ENOMEM; | 68 | return -ENOMEM; |
68 | ret = set_current_groups(cred.cr_group_info); | 69 | ret = set_groups(act_as, cred.cr_group_info); |
69 | put_group_info(cred.cr_group_info); | 70 | put_group_info(cred.cr_group_info); |
70 | if ((cred.cr_uid)) { | 71 | if ((cred.cr_uid)) { |
71 | current->cap_effective = | 72 | act_as->cap_effective = |
72 | cap_drop_nfsd_set(current->cap_effective); | 73 | cap_drop_nfsd_set(act_as->cap_effective); |
73 | } else { | 74 | } else { |
74 | current->cap_effective = | 75 | act_as->cap_effective = |
75 | cap_raise_nfsd_set(current->cap_effective, | 76 | cap_raise_nfsd_set(act_as->cap_effective, |
76 | current->cap_permitted); | 77 | act_as->cap_permitted); |
77 | } | 78 | } |
78 | return ret; | 79 | return ret; |
79 | } | 80 | } |
81 | |||
diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c index bb93946ace22..a5e14e8695ea 100644 --- a/fs/nfsd/nfs4recover.c +++ b/fs/nfsd/nfs4recover.c | |||
@@ -57,17 +57,17 @@ static int rec_dir_init = 0; | |||
57 | static void | 57 | static void |
58 | nfs4_save_user(uid_t *saveuid, gid_t *savegid) | 58 | nfs4_save_user(uid_t *saveuid, gid_t *savegid) |
59 | { | 59 | { |
60 | *saveuid = current->fsuid; | 60 | *saveuid = current->cred->fsuid; |
61 | *savegid = current->fsgid; | 61 | *savegid = current->cred->fsgid; |
62 | current->fsuid = 0; | 62 | current->cred->fsuid = 0; |
63 | current->fsgid = 0; | 63 | current->cred->fsgid = 0; |
64 | } | 64 | } |
65 | 65 | ||
66 | static void | 66 | static void |
67 | nfs4_reset_user(uid_t saveuid, gid_t savegid) | 67 | nfs4_reset_user(uid_t saveuid, gid_t savegid) |
68 | { | 68 | { |
69 | current->fsuid = saveuid; | 69 | current->cred->fsuid = saveuid; |
70 | current->fsgid = savegid; | 70 | current->cred->fsgid = savegid; |
71 | } | 71 | } |
72 | 72 | ||
73 | static void | 73 | static void |
diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c index cd25d91895a1..e67cfaea0865 100644 --- a/fs/nfsd/nfsfh.c +++ b/fs/nfsd/nfsfh.c | |||
@@ -186,9 +186,9 @@ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct svc_fh *fhp) | |||
186 | * access control settings being in effect, we cannot | 186 | * access control settings being in effect, we cannot |
187 | * fix that case easily. | 187 | * fix that case easily. |
188 | */ | 188 | */ |
189 | current->cap_effective = | 189 | current->cred->cap_effective = |
190 | cap_raise_nfsd_set(current->cap_effective, | 190 | cap_raise_nfsd_set(current->cred->cap_effective, |
191 | current->cap_permitted); | 191 | current->cred->cap_permitted); |
192 | } else { | 192 | } else { |
193 | error = nfsd_setuser_and_check_port(rqstp, exp); | 193 | error = nfsd_setuser_and_check_port(rqstp, exp); |
194 | if (error) | 194 | if (error) |
@@ -425,6 +425,7 @@ out: | |||
425 | */ | 425 | */ |
426 | asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode) | 426 | asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode) |
427 | { | 427 | { |
428 | struct cred *cred = current->cred; | ||
428 | struct path path; | 429 | struct path path; |
429 | struct inode *inode; | 430 | struct inode *inode; |
430 | int old_fsuid, old_fsgid; | 431 | int old_fsuid, old_fsgid; |
@@ -434,18 +435,18 @@ asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode) | |||
434 | if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */ | 435 | if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */ |
435 | return -EINVAL; | 436 | return -EINVAL; |
436 | 437 | ||
437 | old_fsuid = current->fsuid; | 438 | old_fsuid = cred->fsuid; |
438 | old_fsgid = current->fsgid; | 439 | old_fsgid = cred->fsgid; |
439 | 440 | ||
440 | current->fsuid = current->uid; | 441 | cred->fsuid = cred->uid; |
441 | current->fsgid = current->gid; | 442 | cred->fsgid = cred->gid; |
442 | 443 | ||
443 | if (!issecure(SECURE_NO_SETUID_FIXUP)) { | 444 | if (!issecure(SECURE_NO_SETUID_FIXUP)) { |
444 | /* Clear the capabilities if we switch to a non-root user */ | 445 | /* Clear the capabilities if we switch to a non-root user */ |
445 | if (current->uid) | 446 | if (current->cred->uid) |
446 | old_cap = cap_set_effective(__cap_empty_set); | 447 | old_cap = cap_set_effective(__cap_empty_set); |
447 | else | 448 | else |
448 | old_cap = cap_set_effective(current->cap_permitted); | 449 | old_cap = cap_set_effective(cred->cap_permitted); |
449 | } | 450 | } |
450 | 451 | ||
451 | res = user_path_at(dfd, filename, LOOKUP_FOLLOW, &path); | 452 | res = user_path_at(dfd, filename, LOOKUP_FOLLOW, &path); |
@@ -484,8 +485,8 @@ asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode) | |||
484 | out_path_release: | 485 | out_path_release: |
485 | path_put(&path); | 486 | path_put(&path); |
486 | out: | 487 | out: |
487 | current->fsuid = old_fsuid; | 488 | cred->fsuid = old_fsuid; |
488 | current->fsgid = old_fsgid; | 489 | cred->fsgid = old_fsgid; |
489 | 490 | ||
490 | if (!issecure(SECURE_NO_SETUID_FIXUP)) | 491 | if (!issecure(SECURE_NO_SETUID_FIXUP)) |
491 | cap_set_effective(old_cap); | 492 | cap_set_effective(old_cap); |
diff --git a/fs/proc/array.c b/fs/proc/array.c index 6af7fba7abb1..62fe9b2009b6 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c | |||
@@ -182,8 +182,8 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns, | |||
182 | task_tgid_nr_ns(p, ns), | 182 | task_tgid_nr_ns(p, ns), |
183 | pid_nr_ns(pid, ns), | 183 | pid_nr_ns(pid, ns), |
184 | ppid, tpid, | 184 | ppid, tpid, |
185 | p->uid, p->euid, p->suid, p->fsuid, | 185 | p->cred->uid, p->cred->euid, p->cred->suid, p->cred->fsuid, |
186 | p->gid, p->egid, p->sgid, p->fsgid); | 186 | p->cred->gid, p->cred->egid, p->cred->sgid, p->cred->fsgid); |
187 | 187 | ||
188 | task_lock(p); | 188 | task_lock(p); |
189 | if (p->files) | 189 | if (p->files) |
@@ -194,7 +194,7 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns, | |||
194 | fdt ? fdt->max_fds : 0); | 194 | fdt ? fdt->max_fds : 0); |
195 | rcu_read_unlock(); | 195 | rcu_read_unlock(); |
196 | 196 | ||
197 | group_info = p->group_info; | 197 | group_info = p->cred->group_info; |
198 | get_group_info(group_info); | 198 | get_group_info(group_info); |
199 | task_unlock(p); | 199 | task_unlock(p); |
200 | 200 | ||
@@ -262,7 +262,7 @@ static inline void task_sig(struct seq_file *m, struct task_struct *p) | |||
262 | blocked = p->blocked; | 262 | blocked = p->blocked; |
263 | collect_sigign_sigcatch(p, &ignored, &caught); | 263 | collect_sigign_sigcatch(p, &ignored, &caught); |
264 | num_threads = atomic_read(&p->signal->count); | 264 | num_threads = atomic_read(&p->signal->count); |
265 | qsize = atomic_read(&p->user->sigpending); | 265 | qsize = atomic_read(&p->cred->user->sigpending); |
266 | qlim = p->signal->rlim[RLIMIT_SIGPENDING].rlim_cur; | 266 | qlim = p->signal->rlim[RLIMIT_SIGPENDING].rlim_cur; |
267 | unlock_task_sighand(p, &flags); | 267 | unlock_task_sighand(p, &flags); |
268 | } | 268 | } |
@@ -293,10 +293,12 @@ static void render_cap_t(struct seq_file *m, const char *header, | |||
293 | 293 | ||
294 | static inline void task_cap(struct seq_file *m, struct task_struct *p) | 294 | static inline void task_cap(struct seq_file *m, struct task_struct *p) |
295 | { | 295 | { |
296 | render_cap_t(m, "CapInh:\t", &p->cap_inheritable); | 296 | struct cred *cred = p->cred; |
297 | render_cap_t(m, "CapPrm:\t", &p->cap_permitted); | 297 | |
298 | render_cap_t(m, "CapEff:\t", &p->cap_effective); | 298 | render_cap_t(m, "CapInh:\t", &cred->cap_inheritable); |
299 | render_cap_t(m, "CapBnd:\t", &p->cap_bset); | 299 | render_cap_t(m, "CapPrm:\t", &cred->cap_permitted); |
300 | render_cap_t(m, "CapEff:\t", &cred->cap_effective); | ||
301 | render_cap_t(m, "CapBnd:\t", &cred->cap_bset); | ||
300 | } | 302 | } |
301 | 303 | ||
302 | static inline void task_context_switch_counts(struct seq_file *m, | 304 | static inline void task_context_switch_counts(struct seq_file *m, |
diff --git a/fs/proc/base.c b/fs/proc/base.c index 486cf3fe7139..6862b360c36c 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c | |||
@@ -1428,8 +1428,8 @@ static struct inode *proc_pid_make_inode(struct super_block * sb, struct task_st | |||
1428 | inode->i_uid = 0; | 1428 | inode->i_uid = 0; |
1429 | inode->i_gid = 0; | 1429 | inode->i_gid = 0; |
1430 | if (task_dumpable(task)) { | 1430 | if (task_dumpable(task)) { |
1431 | inode->i_uid = task->euid; | 1431 | inode->i_uid = task->cred->euid; |
1432 | inode->i_gid = task->egid; | 1432 | inode->i_gid = task->cred->egid; |
1433 | } | 1433 | } |
1434 | security_task_to_inode(task, inode); | 1434 | security_task_to_inode(task, inode); |
1435 | 1435 | ||
@@ -1454,8 +1454,8 @@ static int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat | |||
1454 | if (task) { | 1454 | if (task) { |
1455 | if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || | 1455 | if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || |
1456 | task_dumpable(task)) { | 1456 | task_dumpable(task)) { |
1457 | stat->uid = task->euid; | 1457 | stat->uid = task->cred->euid; |
1458 | stat->gid = task->egid; | 1458 | stat->gid = task->cred->egid; |
1459 | } | 1459 | } |
1460 | } | 1460 | } |
1461 | rcu_read_unlock(); | 1461 | rcu_read_unlock(); |
@@ -1486,8 +1486,8 @@ static int pid_revalidate(struct dentry *dentry, struct nameidata *nd) | |||
1486 | if (task) { | 1486 | if (task) { |
1487 | if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || | 1487 | if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || |
1488 | task_dumpable(task)) { | 1488 | task_dumpable(task)) { |
1489 | inode->i_uid = task->euid; | 1489 | inode->i_uid = task->cred->euid; |
1490 | inode->i_gid = task->egid; | 1490 | inode->i_gid = task->cred->egid; |
1491 | } else { | 1491 | } else { |
1492 | inode->i_uid = 0; | 1492 | inode->i_uid = 0; |
1493 | inode->i_gid = 0; | 1493 | inode->i_gid = 0; |
@@ -1658,8 +1658,8 @@ static int tid_fd_revalidate(struct dentry *dentry, struct nameidata *nd) | |||
1658 | rcu_read_unlock(); | 1658 | rcu_read_unlock(); |
1659 | put_files_struct(files); | 1659 | put_files_struct(files); |
1660 | if (task_dumpable(task)) { | 1660 | if (task_dumpable(task)) { |
1661 | inode->i_uid = task->euid; | 1661 | inode->i_uid = task->cred->euid; |
1662 | inode->i_gid = task->egid; | 1662 | inode->i_gid = task->cred->egid; |
1663 | } else { | 1663 | } else { |
1664 | inode->i_uid = 0; | 1664 | inode->i_uid = 0; |
1665 | inode->i_gid = 0; | 1665 | inode->i_gid = 0; |
diff --git a/fs/xfs/linux-2.6/xfs_cred.h b/fs/xfs/linux-2.6/xfs_cred.h index 293043a5573a..8c022cd0ad67 100644 --- a/fs/xfs/linux-2.6/xfs_cred.h +++ b/fs/xfs/linux-2.6/xfs_cred.h | |||
@@ -23,11 +23,9 @@ | |||
23 | /* | 23 | /* |
24 | * Credentials | 24 | * Credentials |
25 | */ | 25 | */ |
26 | typedef struct cred { | 26 | typedef const struct cred cred_t; |
27 | /* EMPTY */ | ||
28 | } cred_t; | ||
29 | 27 | ||
30 | extern struct cred *sys_cred; | 28 | extern cred_t *sys_cred; |
31 | 29 | ||
32 | /* this is a hack.. (assumes sys_cred is the only cred_t in the system) */ | 30 | /* this is a hack.. (assumes sys_cred is the only cred_t in the system) */ |
33 | static inline int capable_cred(cred_t *cr, int cid) | 31 | static inline int capable_cred(cred_t *cr, int cid) |
diff --git a/fs/xfs/linux-2.6/xfs_globals.h b/fs/xfs/linux-2.6/xfs_globals.h index 2770b0085ee8..6eda8a3eb6f1 100644 --- a/fs/xfs/linux-2.6/xfs_globals.h +++ b/fs/xfs/linux-2.6/xfs_globals.h | |||
@@ -19,6 +19,6 @@ | |||
19 | #define __XFS_GLOBALS_H__ | 19 | #define __XFS_GLOBALS_H__ |
20 | 20 | ||
21 | extern uint64_t xfs_panic_mask; /* set to cause more panics */ | 21 | extern uint64_t xfs_panic_mask; /* set to cause more panics */ |
22 | extern struct cred *sys_cred; | 22 | extern cred_t *sys_cred; |
23 | 23 | ||
24 | #endif /* __XFS_GLOBALS_H__ */ | 24 | #endif /* __XFS_GLOBALS_H__ */ |
diff --git a/fs/xfs/xfs_inode.h b/fs/xfs/xfs_inode.h index 1420c49674d7..6be310d41daf 100644 --- a/fs/xfs/xfs_inode.h +++ b/fs/xfs/xfs_inode.h | |||
@@ -497,7 +497,7 @@ int xfs_iread(struct xfs_mount *, struct xfs_trans *, xfs_ino_t, | |||
497 | xfs_inode_t **, xfs_daddr_t, uint); | 497 | xfs_inode_t **, xfs_daddr_t, uint); |
498 | int xfs_iread_extents(struct xfs_trans *, xfs_inode_t *, int); | 498 | int xfs_iread_extents(struct xfs_trans *, xfs_inode_t *, int); |
499 | int xfs_ialloc(struct xfs_trans *, xfs_inode_t *, mode_t, | 499 | int xfs_ialloc(struct xfs_trans *, xfs_inode_t *, mode_t, |
500 | xfs_nlink_t, xfs_dev_t, struct cred *, xfs_prid_t, | 500 | xfs_nlink_t, xfs_dev_t, cred_t *, xfs_prid_t, |
501 | int, struct xfs_buf **, boolean_t *, xfs_inode_t **); | 501 | int, struct xfs_buf **, boolean_t *, xfs_inode_t **); |
502 | void xfs_dinode_from_disk(struct xfs_icdinode *, | 502 | void xfs_dinode_from_disk(struct xfs_icdinode *, |
503 | struct xfs_dinode_core *); | 503 | struct xfs_dinode_core *); |
diff --git a/fs/xfs/xfs_vnodeops.h b/fs/xfs/xfs_vnodeops.h index e932a96bec54..7b0c2ab88333 100644 --- a/fs/xfs/xfs_vnodeops.h +++ b/fs/xfs/xfs_vnodeops.h | |||
@@ -16,7 +16,7 @@ struct xfs_iomap; | |||
16 | 16 | ||
17 | int xfs_open(struct xfs_inode *ip); | 17 | int xfs_open(struct xfs_inode *ip); |
18 | int xfs_setattr(struct xfs_inode *ip, struct iattr *vap, int flags, | 18 | int xfs_setattr(struct xfs_inode *ip, struct iattr *vap, int flags, |
19 | struct cred *credp); | 19 | cred_t *credp); |
20 | #define XFS_ATTR_DMI 0x01 /* invocation from a DMI function */ | 20 | #define XFS_ATTR_DMI 0x01 /* invocation from a DMI function */ |
21 | #define XFS_ATTR_NONBLOCK 0x02 /* return EAGAIN if operation would block */ | 21 | #define XFS_ATTR_NONBLOCK 0x02 /* return EAGAIN if operation would block */ |
22 | #define XFS_ATTR_NOLOCK 0x04 /* Don't grab any conflicting locks */ | 22 | #define XFS_ATTR_NOLOCK 0x04 /* Don't grab any conflicting locks */ |
@@ -28,24 +28,24 @@ int xfs_inactive(struct xfs_inode *ip); | |||
28 | int xfs_lookup(struct xfs_inode *dp, struct xfs_name *name, | 28 | int xfs_lookup(struct xfs_inode *dp, struct xfs_name *name, |
29 | struct xfs_inode **ipp, struct xfs_name *ci_name); | 29 | struct xfs_inode **ipp, struct xfs_name *ci_name); |
30 | int xfs_create(struct xfs_inode *dp, struct xfs_name *name, mode_t mode, | 30 | int xfs_create(struct xfs_inode *dp, struct xfs_name *name, mode_t mode, |
31 | xfs_dev_t rdev, struct xfs_inode **ipp, struct cred *credp); | 31 | xfs_dev_t rdev, struct xfs_inode **ipp, cred_t *credp); |
32 | int xfs_remove(struct xfs_inode *dp, struct xfs_name *name, | 32 | int xfs_remove(struct xfs_inode *dp, struct xfs_name *name, |
33 | struct xfs_inode *ip); | 33 | struct xfs_inode *ip); |
34 | int xfs_link(struct xfs_inode *tdp, struct xfs_inode *sip, | 34 | int xfs_link(struct xfs_inode *tdp, struct xfs_inode *sip, |
35 | struct xfs_name *target_name); | 35 | struct xfs_name *target_name); |
36 | int xfs_mkdir(struct xfs_inode *dp, struct xfs_name *dir_name, | 36 | int xfs_mkdir(struct xfs_inode *dp, struct xfs_name *dir_name, |
37 | mode_t mode, struct xfs_inode **ipp, struct cred *credp); | 37 | mode_t mode, struct xfs_inode **ipp, cred_t *credp); |
38 | int xfs_readdir(struct xfs_inode *dp, void *dirent, size_t bufsize, | 38 | int xfs_readdir(struct xfs_inode *dp, void *dirent, size_t bufsize, |
39 | xfs_off_t *offset, filldir_t filldir); | 39 | xfs_off_t *offset, filldir_t filldir); |
40 | int xfs_symlink(struct xfs_inode *dp, struct xfs_name *link_name, | 40 | int xfs_symlink(struct xfs_inode *dp, struct xfs_name *link_name, |
41 | const char *target_path, mode_t mode, struct xfs_inode **ipp, | 41 | const char *target_path, mode_t mode, struct xfs_inode **ipp, |
42 | struct cred *credp); | 42 | cred_t *credp); |
43 | int xfs_inode_flush(struct xfs_inode *ip, int flags); | 43 | int xfs_inode_flush(struct xfs_inode *ip, int flags); |
44 | int xfs_set_dmattrs(struct xfs_inode *ip, u_int evmask, u_int16_t state); | 44 | int xfs_set_dmattrs(struct xfs_inode *ip, u_int evmask, u_int16_t state); |
45 | int xfs_reclaim(struct xfs_inode *ip); | 45 | int xfs_reclaim(struct xfs_inode *ip); |
46 | int xfs_change_file_space(struct xfs_inode *ip, int cmd, | 46 | int xfs_change_file_space(struct xfs_inode *ip, int cmd, |
47 | xfs_flock64_t *bf, xfs_off_t offset, | 47 | xfs_flock64_t *bf, xfs_off_t offset, |
48 | struct cred *credp, int attr_flags); | 48 | cred_t *credp, int attr_flags); |
49 | int xfs_rename(struct xfs_inode *src_dp, struct xfs_name *src_name, | 49 | int xfs_rename(struct xfs_inode *src_dp, struct xfs_name *src_name, |
50 | struct xfs_inode *src_ip, struct xfs_inode *target_dp, | 50 | struct xfs_inode *src_ip, struct xfs_inode *target_dp, |
51 | struct xfs_name *target_name, struct xfs_inode *target_ip); | 51 | struct xfs_name *target_name, struct xfs_inode *target_ip); |