aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2008-11-13 18:39:16 -0500
committerJames Morris <jmorris@namei.org>2008-11-13 18:39:16 -0500
commitb6dff3ec5e116e3af6f537d4caedcad6b9e5082a (patch)
tree9e76f972eb7ce9b84e0146c8e4126a3f86acb428 /fs
parent15a2460ed0af7538ca8e6c610fe607a2cd9da142 (diff)
CRED: Separate task security context from task_struct
Separate the task security context from task_struct. At this point, the security data is temporarily embedded in the task_struct with two pointers pointing to it. Note that the Alpha arch is altered as it refers to (E)UID and (E)GID in entry.S via asm-offsets. With comment fixes Signed-off-by: Marc Dionne <marc.c.dionne@gmail.com> Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: James Morris <jmorris@namei.org> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'fs')
-rw-r--r--fs/binfmt_elf.c12
-rw-r--r--fs/binfmt_elf_fdpic.c12
-rw-r--r--fs/exec.c4
-rw-r--r--fs/fcntl.c4
-rw-r--r--fs/file_table.c4
-rw-r--r--fs/fuse/dir.c12
-rw-r--r--fs/hugetlbfs/inode.c4
-rw-r--r--fs/ioprio.c12
-rw-r--r--fs/nfsd/auth.c22
-rw-r--r--fs/nfsd/nfs4recover.c12
-rw-r--r--fs/nfsd/nfsfh.c6
-rw-r--r--fs/open.c17
-rw-r--r--fs/proc/array.c18
-rw-r--r--fs/proc/base.c16
-rw-r--r--fs/xfs/linux-2.6/xfs_cred.h6
-rw-r--r--fs/xfs/linux-2.6/xfs_globals.h2
-rw-r--r--fs/xfs/xfs_inode.h2
-rw-r--r--fs/xfs/xfs_vnodeops.h10
18 files changed, 89 insertions, 86 deletions
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index 8fcfa398d350..7a52477ce493 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -223,10 +223,10 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
223 NEW_AUX_ENT(AT_BASE, interp_load_addr); 223 NEW_AUX_ENT(AT_BASE, interp_load_addr);
224 NEW_AUX_ENT(AT_FLAGS, 0); 224 NEW_AUX_ENT(AT_FLAGS, 0);
225 NEW_AUX_ENT(AT_ENTRY, exec->e_entry); 225 NEW_AUX_ENT(AT_ENTRY, exec->e_entry);
226 NEW_AUX_ENT(AT_UID, tsk->uid); 226 NEW_AUX_ENT(AT_UID, tsk->cred->uid);
227 NEW_AUX_ENT(AT_EUID, tsk->euid); 227 NEW_AUX_ENT(AT_EUID, tsk->cred->euid);
228 NEW_AUX_ENT(AT_GID, tsk->gid); 228 NEW_AUX_ENT(AT_GID, tsk->cred->gid);
229 NEW_AUX_ENT(AT_EGID, tsk->egid); 229 NEW_AUX_ENT(AT_EGID, tsk->cred->egid);
230 NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm)); 230 NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm));
231 NEW_AUX_ENT(AT_EXECFN, bprm->exec); 231 NEW_AUX_ENT(AT_EXECFN, bprm->exec);
232 if (k_platform) { 232 if (k_platform) {
@@ -1388,8 +1388,8 @@ static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
1388 psinfo->pr_zomb = psinfo->pr_sname == 'Z'; 1388 psinfo->pr_zomb = psinfo->pr_sname == 'Z';
1389 psinfo->pr_nice = task_nice(p); 1389 psinfo->pr_nice = task_nice(p);
1390 psinfo->pr_flag = p->flags; 1390 psinfo->pr_flag = p->flags;
1391 SET_UID(psinfo->pr_uid, p->uid); 1391 SET_UID(psinfo->pr_uid, p->cred->uid);
1392 SET_GID(psinfo->pr_gid, p->gid); 1392 SET_GID(psinfo->pr_gid, p->cred->gid);
1393 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname)); 1393 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
1394 1394
1395 return 0; 1395 return 0;
diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c
index 488584c87512..9f67054c2c4e 100644
--- a/fs/binfmt_elf_fdpic.c
+++ b/fs/binfmt_elf_fdpic.c
@@ -623,10 +623,10 @@ static int create_elf_fdpic_tables(struct linux_binprm *bprm,
623 NEW_AUX_ENT(AT_BASE, interp_params->elfhdr_addr); 623 NEW_AUX_ENT(AT_BASE, interp_params->elfhdr_addr);
624 NEW_AUX_ENT(AT_FLAGS, 0); 624 NEW_AUX_ENT(AT_FLAGS, 0);
625 NEW_AUX_ENT(AT_ENTRY, exec_params->entry_addr); 625 NEW_AUX_ENT(AT_ENTRY, exec_params->entry_addr);
626 NEW_AUX_ENT(AT_UID, (elf_addr_t) current_uid()); 626 NEW_AUX_ENT(AT_UID, (elf_addr_t) current->cred->uid);
627 NEW_AUX_ENT(AT_EUID, (elf_addr_t) current_euid()); 627 NEW_AUX_ENT(AT_EUID, (elf_addr_t) current->cred->euid);
628 NEW_AUX_ENT(AT_GID, (elf_addr_t) current_gid()); 628 NEW_AUX_ENT(AT_GID, (elf_addr_t) current->cred->gid);
629 NEW_AUX_ENT(AT_EGID, (elf_addr_t) current_egid()); 629 NEW_AUX_ENT(AT_EGID, (elf_addr_t) current->cred->egid);
630 NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm)); 630 NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm));
631 NEW_AUX_ENT(AT_EXECFN, bprm->exec); 631 NEW_AUX_ENT(AT_EXECFN, bprm->exec);
632 632
@@ -1440,8 +1440,8 @@ static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
1440 psinfo->pr_zomb = psinfo->pr_sname == 'Z'; 1440 psinfo->pr_zomb = psinfo->pr_sname == 'Z';
1441 psinfo->pr_nice = task_nice(p); 1441 psinfo->pr_nice = task_nice(p);
1442 psinfo->pr_flag = p->flags; 1442 psinfo->pr_flag = p->flags;
1443 SET_UID(psinfo->pr_uid, p->uid); 1443 SET_UID(psinfo->pr_uid, p->cred->uid);
1444 SET_GID(psinfo->pr_gid, p->gid); 1444 SET_GID(psinfo->pr_gid, p->cred->gid);
1445 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname)); 1445 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
1446 1446
1447 return 0; 1447 return 0;
diff --git a/fs/exec.c b/fs/exec.c
index 604834f3b208..31149e430a89 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1738,7 +1738,7 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs)
1738 */ 1738 */
1739 if (get_dumpable(mm) == 2) { /* Setuid core dump mode */ 1739 if (get_dumpable(mm) == 2) { /* Setuid core dump mode */
1740 flag = O_EXCL; /* Stop rewrite attacks */ 1740 flag = O_EXCL; /* Stop rewrite attacks */
1741 current->fsuid = 0; /* Dump root private */ 1741 current->cred->fsuid = 0; /* Dump root private */
1742 } 1742 }
1743 1743
1744 retval = coredump_wait(exit_code, &core_state); 1744 retval = coredump_wait(exit_code, &core_state);
@@ -1834,7 +1834,7 @@ fail_unlock:
1834 if (helper_argv) 1834 if (helper_argv)
1835 argv_free(helper_argv); 1835 argv_free(helper_argv);
1836 1836
1837 current->fsuid = fsuid; 1837 current->cred->fsuid = fsuid;
1838 coredump_finish(mm); 1838 coredump_finish(mm);
1839fail: 1839fail:
1840 return retval; 1840 return retval;
diff --git a/fs/fcntl.c b/fs/fcntl.c
index bf049a805e59..63964d863ad6 100644
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
@@ -401,8 +401,8 @@ static inline int sigio_perm(struct task_struct *p,
401 struct fown_struct *fown, int sig) 401 struct fown_struct *fown, int sig)
402{ 402{
403 return (((fown->euid == 0) || 403 return (((fown->euid == 0) ||
404 (fown->euid == p->suid) || (fown->euid == p->uid) || 404 (fown->euid == p->cred->suid) || (fown->euid == p->cred->uid) ||
405 (fown->uid == p->suid) || (fown->uid == p->uid)) && 405 (fown->uid == p->cred->suid) || (fown->uid == p->cred->uid)) &&
406 !security_file_send_sigiotask(p, fown, sig)); 406 !security_file_send_sigiotask(p, fown, sig));
407} 407}
408 408
diff --git a/fs/file_table.c b/fs/file_table.c
index 5ad0eca6eea2..3152b53cfab0 100644
--- a/fs/file_table.c
+++ b/fs/file_table.c
@@ -122,8 +122,8 @@ struct file *get_empty_filp(void)
122 INIT_LIST_HEAD(&f->f_u.fu_list); 122 INIT_LIST_HEAD(&f->f_u.fu_list);
123 atomic_long_set(&f->f_count, 1); 123 atomic_long_set(&f->f_count, 1);
124 rwlock_init(&f->f_owner.lock); 124 rwlock_init(&f->f_owner.lock);
125 f->f_uid = tsk->fsuid; 125 f->f_uid = tsk->cred->fsuid;
126 f->f_gid = tsk->fsgid; 126 f->f_gid = tsk->cred->fsgid;
127 eventpoll_init_file(f); 127 eventpoll_init_file(f);
128 /* f->f_version: 0 */ 128 /* f->f_version: 0 */
129 return f; 129 return f;
diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
index fd03330cadeb..e97a98981862 100644
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -872,12 +872,12 @@ int fuse_allow_task(struct fuse_conn *fc, struct task_struct *task)
872 if (fc->flags & FUSE_ALLOW_OTHER) 872 if (fc->flags & FUSE_ALLOW_OTHER)
873 return 1; 873 return 1;
874 874
875 if (task->euid == fc->user_id && 875 if (task->cred->euid == fc->user_id &&
876 task->suid == fc->user_id && 876 task->cred->suid == fc->user_id &&
877 task->uid == fc->user_id && 877 task->cred->uid == fc->user_id &&
878 task->egid == fc->group_id && 878 task->cred->egid == fc->group_id &&
879 task->sgid == fc->group_id && 879 task->cred->sgid == fc->group_id &&
880 task->gid == fc->group_id) 880 task->cred->gid == fc->group_id)
881 return 1; 881 return 1;
882 882
883 return 0; 883 return 0;
diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c
index 08ad76c79b49..870a721b8bd2 100644
--- a/fs/hugetlbfs/inode.c
+++ b/fs/hugetlbfs/inode.c
@@ -958,7 +958,7 @@ struct file *hugetlb_file_setup(const char *name, size_t size)
958 if (!can_do_hugetlb_shm()) 958 if (!can_do_hugetlb_shm())
959 return ERR_PTR(-EPERM); 959 return ERR_PTR(-EPERM);
960 960
961 if (!user_shm_lock(size, current->user)) 961 if (!user_shm_lock(size, current->cred->user))
962 return ERR_PTR(-ENOMEM); 962 return ERR_PTR(-ENOMEM);
963 963
964 root = hugetlbfs_vfsmount->mnt_root; 964 root = hugetlbfs_vfsmount->mnt_root;
@@ -998,7 +998,7 @@ out_inode:
998out_dentry: 998out_dentry:
999 dput(dentry); 999 dput(dentry);
1000out_shm_unlock: 1000out_shm_unlock:
1001 user_shm_unlock(size, current->user); 1001 user_shm_unlock(size, current->cred->user);
1002 return ERR_PTR(error); 1002 return ERR_PTR(error);
1003} 1003}
1004 1004
diff --git a/fs/ioprio.c b/fs/ioprio.c
index 68d2cd807118..bb5210af77c2 100644
--- a/fs/ioprio.c
+++ b/fs/ioprio.c
@@ -32,8 +32,8 @@ static int set_task_ioprio(struct task_struct *task, int ioprio)
32 int err; 32 int err;
33 struct io_context *ioc; 33 struct io_context *ioc;
34 34
35 if (task->uid != current_euid() && 35 if (task->cred->uid != current_euid() &&
36 task->uid != current_uid() && !capable(CAP_SYS_NICE)) 36 task->cred->uid != current_uid() && !capable(CAP_SYS_NICE))
37 return -EPERM; 37 return -EPERM;
38 38
39 err = security_task_setioprio(task, ioprio); 39 err = security_task_setioprio(task, ioprio);
@@ -123,7 +123,7 @@ asmlinkage long sys_ioprio_set(int which, int who, int ioprio)
123 break; 123 break;
124 case IOPRIO_WHO_USER: 124 case IOPRIO_WHO_USER:
125 if (!who) 125 if (!who)
126 user = current->user; 126 user = current->cred->user;
127 else 127 else
128 user = find_user(who); 128 user = find_user(who);
129 129
@@ -131,7 +131,7 @@ asmlinkage long sys_ioprio_set(int which, int who, int ioprio)
131 break; 131 break;
132 132
133 do_each_thread(g, p) { 133 do_each_thread(g, p) {
134 if (p->uid != who) 134 if (p->cred->uid != who)
135 continue; 135 continue;
136 ret = set_task_ioprio(p, ioprio); 136 ret = set_task_ioprio(p, ioprio);
137 if (ret) 137 if (ret)
@@ -216,7 +216,7 @@ asmlinkage long sys_ioprio_get(int which, int who)
216 break; 216 break;
217 case IOPRIO_WHO_USER: 217 case IOPRIO_WHO_USER:
218 if (!who) 218 if (!who)
219 user = current->user; 219 user = current->cred->user;
220 else 220 else
221 user = find_user(who); 221 user = find_user(who);
222 222
@@ -224,7 +224,7 @@ asmlinkage long sys_ioprio_get(int which, int who)
224 break; 224 break;
225 225
226 do_each_thread(g, p) { 226 do_each_thread(g, p) {
227 if (p->uid != user->uid) 227 if (p->cred->uid != user->uid)
228 continue; 228 continue;
229 tmpio = get_task_ioprio(p); 229 tmpio = get_task_ioprio(p);
230 if (tmpio < 0) 230 if (tmpio < 0)
diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c
index 294992e9bf69..808fc03a6fbd 100644
--- a/fs/nfsd/auth.c
+++ b/fs/nfsd/auth.c
@@ -27,6 +27,7 @@ int nfsexp_flags(struct svc_rqst *rqstp, struct svc_export *exp)
27 27
28int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp) 28int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
29{ 29{
30 struct cred *act_as = current->cred ;
30 struct svc_cred cred = rqstp->rq_cred; 31 struct svc_cred cred = rqstp->rq_cred;
31 int i; 32 int i;
32 int flags = nfsexp_flags(rqstp, exp); 33 int flags = nfsexp_flags(rqstp, exp);
@@ -55,25 +56,26 @@ int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
55 get_group_info(cred.cr_group_info); 56 get_group_info(cred.cr_group_info);
56 57
57 if (cred.cr_uid != (uid_t) -1) 58 if (cred.cr_uid != (uid_t) -1)
58 current->fsuid = cred.cr_uid; 59 act_as->fsuid = cred.cr_uid;
59 else 60 else
60 current->fsuid = exp->ex_anon_uid; 61 act_as->fsuid = exp->ex_anon_uid;
61 if (cred.cr_gid != (gid_t) -1) 62 if (cred.cr_gid != (gid_t) -1)
62 current->fsgid = cred.cr_gid; 63 act_as->fsgid = cred.cr_gid;
63 else 64 else
64 current->fsgid = exp->ex_anon_gid; 65 act_as->fsgid = exp->ex_anon_gid;
65 66
66 if (!cred.cr_group_info) 67 if (!cred.cr_group_info)
67 return -ENOMEM; 68 return -ENOMEM;
68 ret = set_current_groups(cred.cr_group_info); 69 ret = set_groups(act_as, cred.cr_group_info);
69 put_group_info(cred.cr_group_info); 70 put_group_info(cred.cr_group_info);
70 if ((cred.cr_uid)) { 71 if ((cred.cr_uid)) {
71 current->cap_effective = 72 act_as->cap_effective =
72 cap_drop_nfsd_set(current->cap_effective); 73 cap_drop_nfsd_set(act_as->cap_effective);
73 } else { 74 } else {
74 current->cap_effective = 75 act_as->cap_effective =
75 cap_raise_nfsd_set(current->cap_effective, 76 cap_raise_nfsd_set(act_as->cap_effective,
76 current->cap_permitted); 77 act_as->cap_permitted);
77 } 78 }
78 return ret; 79 return ret;
79} 80}
81
diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c
index bb93946ace22..a5e14e8695ea 100644
--- a/fs/nfsd/nfs4recover.c
+++ b/fs/nfsd/nfs4recover.c
@@ -57,17 +57,17 @@ static int rec_dir_init = 0;
57static void 57static void
58nfs4_save_user(uid_t *saveuid, gid_t *savegid) 58nfs4_save_user(uid_t *saveuid, gid_t *savegid)
59{ 59{
60 *saveuid = current->fsuid; 60 *saveuid = current->cred->fsuid;
61 *savegid = current->fsgid; 61 *savegid = current->cred->fsgid;
62 current->fsuid = 0; 62 current->cred->fsuid = 0;
63 current->fsgid = 0; 63 current->cred->fsgid = 0;
64} 64}
65 65
66static void 66static void
67nfs4_reset_user(uid_t saveuid, gid_t savegid) 67nfs4_reset_user(uid_t saveuid, gid_t savegid)
68{ 68{
69 current->fsuid = saveuid; 69 current->cred->fsuid = saveuid;
70 current->fsgid = savegid; 70 current->cred->fsgid = savegid;
71} 71}
72 72
73static void 73static void
diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c
index cd25d91895a1..e67cfaea0865 100644
--- a/fs/nfsd/nfsfh.c
+++ b/fs/nfsd/nfsfh.c
@@ -186,9 +186,9 @@ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct svc_fh *fhp)
186 * access control settings being in effect, we cannot 186 * access control settings being in effect, we cannot
187 * fix that case easily. 187 * fix that case easily.
188 */ 188 */
189 current->cap_effective = 189 current->cred->cap_effective =
190 cap_raise_nfsd_set(current->cap_effective, 190 cap_raise_nfsd_set(current->cred->cap_effective,
191 current->cap_permitted); 191 current->cred->cap_permitted);
192 } else { 192 } else {
193 error = nfsd_setuser_and_check_port(rqstp, exp); 193 error = nfsd_setuser_and_check_port(rqstp, exp);
194 if (error) 194 if (error)
diff --git a/fs/open.c b/fs/open.c
index 500cc0c54762..b1238e195e7e 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -425,6 +425,7 @@ out:
425 */ 425 */
426asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode) 426asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode)
427{ 427{
428 struct cred *cred = current->cred;
428 struct path path; 429 struct path path;
429 struct inode *inode; 430 struct inode *inode;
430 int old_fsuid, old_fsgid; 431 int old_fsuid, old_fsgid;
@@ -434,18 +435,18 @@ asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode)
434 if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */ 435 if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */
435 return -EINVAL; 436 return -EINVAL;
436 437
437 old_fsuid = current->fsuid; 438 old_fsuid = cred->fsuid;
438 old_fsgid = current->fsgid; 439 old_fsgid = cred->fsgid;
439 440
440 current->fsuid = current->uid; 441 cred->fsuid = cred->uid;
441 current->fsgid = current->gid; 442 cred->fsgid = cred->gid;
442 443
443 if (!issecure(SECURE_NO_SETUID_FIXUP)) { 444 if (!issecure(SECURE_NO_SETUID_FIXUP)) {
444 /* Clear the capabilities if we switch to a non-root user */ 445 /* Clear the capabilities if we switch to a non-root user */
445 if (current->uid) 446 if (current->cred->uid)
446 old_cap = cap_set_effective(__cap_empty_set); 447 old_cap = cap_set_effective(__cap_empty_set);
447 else 448 else
448 old_cap = cap_set_effective(current->cap_permitted); 449 old_cap = cap_set_effective(cred->cap_permitted);
449 } 450 }
450 451
451 res = user_path_at(dfd, filename, LOOKUP_FOLLOW, &path); 452 res = user_path_at(dfd, filename, LOOKUP_FOLLOW, &path);
@@ -484,8 +485,8 @@ asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode)
484out_path_release: 485out_path_release:
485 path_put(&path); 486 path_put(&path);
486out: 487out:
487 current->fsuid = old_fsuid; 488 cred->fsuid = old_fsuid;
488 current->fsgid = old_fsgid; 489 cred->fsgid = old_fsgid;
489 490
490 if (!issecure(SECURE_NO_SETUID_FIXUP)) 491 if (!issecure(SECURE_NO_SETUID_FIXUP))
491 cap_set_effective(old_cap); 492 cap_set_effective(old_cap);
diff --git a/fs/proc/array.c b/fs/proc/array.c
index 6af7fba7abb1..62fe9b2009b6 100644
--- a/fs/proc/array.c
+++ b/fs/proc/array.c
@@ -182,8 +182,8 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns,
182 task_tgid_nr_ns(p, ns), 182 task_tgid_nr_ns(p, ns),
183 pid_nr_ns(pid, ns), 183 pid_nr_ns(pid, ns),
184 ppid, tpid, 184 ppid, tpid,
185 p->uid, p->euid, p->suid, p->fsuid, 185 p->cred->uid, p->cred->euid, p->cred->suid, p->cred->fsuid,
186 p->gid, p->egid, p->sgid, p->fsgid); 186 p->cred->gid, p->cred->egid, p->cred->sgid, p->cred->fsgid);
187 187
188 task_lock(p); 188 task_lock(p);
189 if (p->files) 189 if (p->files)
@@ -194,7 +194,7 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns,
194 fdt ? fdt->max_fds : 0); 194 fdt ? fdt->max_fds : 0);
195 rcu_read_unlock(); 195 rcu_read_unlock();
196 196
197 group_info = p->group_info; 197 group_info = p->cred->group_info;
198 get_group_info(group_info); 198 get_group_info(group_info);
199 task_unlock(p); 199 task_unlock(p);
200 200
@@ -262,7 +262,7 @@ static inline void task_sig(struct seq_file *m, struct task_struct *p)
262 blocked = p->blocked; 262 blocked = p->blocked;
263 collect_sigign_sigcatch(p, &ignored, &caught); 263 collect_sigign_sigcatch(p, &ignored, &caught);
264 num_threads = atomic_read(&p->signal->count); 264 num_threads = atomic_read(&p->signal->count);
265 qsize = atomic_read(&p->user->sigpending); 265 qsize = atomic_read(&p->cred->user->sigpending);
266 qlim = p->signal->rlim[RLIMIT_SIGPENDING].rlim_cur; 266 qlim = p->signal->rlim[RLIMIT_SIGPENDING].rlim_cur;
267 unlock_task_sighand(p, &flags); 267 unlock_task_sighand(p, &flags);
268 } 268 }
@@ -293,10 +293,12 @@ static void render_cap_t(struct seq_file *m, const char *header,
293 293
294static inline void task_cap(struct seq_file *m, struct task_struct *p) 294static inline void task_cap(struct seq_file *m, struct task_struct *p)
295{ 295{
296 render_cap_t(m, "CapInh:\t", &p->cap_inheritable); 296 struct cred *cred = p->cred;
297 render_cap_t(m, "CapPrm:\t", &p->cap_permitted); 297
298 render_cap_t(m, "CapEff:\t", &p->cap_effective); 298 render_cap_t(m, "CapInh:\t", &cred->cap_inheritable);
299 render_cap_t(m, "CapBnd:\t", &p->cap_bset); 299 render_cap_t(m, "CapPrm:\t", &cred->cap_permitted);
300 render_cap_t(m, "CapEff:\t", &cred->cap_effective);
301 render_cap_t(m, "CapBnd:\t", &cred->cap_bset);
300} 302}
301 303
302static inline void task_context_switch_counts(struct seq_file *m, 304static inline void task_context_switch_counts(struct seq_file *m,
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 486cf3fe7139..6862b360c36c 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1428,8 +1428,8 @@ static struct inode *proc_pid_make_inode(struct super_block * sb, struct task_st
1428 inode->i_uid = 0; 1428 inode->i_uid = 0;
1429 inode->i_gid = 0; 1429 inode->i_gid = 0;
1430 if (task_dumpable(task)) { 1430 if (task_dumpable(task)) {
1431 inode->i_uid = task->euid; 1431 inode->i_uid = task->cred->euid;
1432 inode->i_gid = task->egid; 1432 inode->i_gid = task->cred->egid;
1433 } 1433 }
1434 security_task_to_inode(task, inode); 1434 security_task_to_inode(task, inode);
1435 1435
@@ -1454,8 +1454,8 @@ static int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat
1454 if (task) { 1454 if (task) {
1455 if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || 1455 if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
1456 task_dumpable(task)) { 1456 task_dumpable(task)) {
1457 stat->uid = task->euid; 1457 stat->uid = task->cred->euid;
1458 stat->gid = task->egid; 1458 stat->gid = task->cred->egid;
1459 } 1459 }
1460 } 1460 }
1461 rcu_read_unlock(); 1461 rcu_read_unlock();
@@ -1486,8 +1486,8 @@ static int pid_revalidate(struct dentry *dentry, struct nameidata *nd)
1486 if (task) { 1486 if (task) {
1487 if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || 1487 if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
1488 task_dumpable(task)) { 1488 task_dumpable(task)) {
1489 inode->i_uid = task->euid; 1489 inode->i_uid = task->cred->euid;
1490 inode->i_gid = task->egid; 1490 inode->i_gid = task->cred->egid;
1491 } else { 1491 } else {
1492 inode->i_uid = 0; 1492 inode->i_uid = 0;
1493 inode->i_gid = 0; 1493 inode->i_gid = 0;
@@ -1658,8 +1658,8 @@ static int tid_fd_revalidate(struct dentry *dentry, struct nameidata *nd)
1658 rcu_read_unlock(); 1658 rcu_read_unlock();
1659 put_files_struct(files); 1659 put_files_struct(files);
1660 if (task_dumpable(task)) { 1660 if (task_dumpable(task)) {
1661 inode->i_uid = task->euid; 1661 inode->i_uid = task->cred->euid;
1662 inode->i_gid = task->egid; 1662 inode->i_gid = task->cred->egid;
1663 } else { 1663 } else {
1664 inode->i_uid = 0; 1664 inode->i_uid = 0;
1665 inode->i_gid = 0; 1665 inode->i_gid = 0;
diff --git a/fs/xfs/linux-2.6/xfs_cred.h b/fs/xfs/linux-2.6/xfs_cred.h
index 293043a5573a..8c022cd0ad67 100644
--- a/fs/xfs/linux-2.6/xfs_cred.h
+++ b/fs/xfs/linux-2.6/xfs_cred.h
@@ -23,11 +23,9 @@
23/* 23/*
24 * Credentials 24 * Credentials
25 */ 25 */
26typedef struct cred { 26typedef const struct cred cred_t;
27 /* EMPTY */
28} cred_t;
29 27
30extern struct cred *sys_cred; 28extern cred_t *sys_cred;
31 29
32/* this is a hack.. (assumes sys_cred is the only cred_t in the system) */ 30/* this is a hack.. (assumes sys_cred is the only cred_t in the system) */
33static inline int capable_cred(cred_t *cr, int cid) 31static inline int capable_cred(cred_t *cr, int cid)
diff --git a/fs/xfs/linux-2.6/xfs_globals.h b/fs/xfs/linux-2.6/xfs_globals.h
index 2770b0085ee8..6eda8a3eb6f1 100644
--- a/fs/xfs/linux-2.6/xfs_globals.h
+++ b/fs/xfs/linux-2.6/xfs_globals.h
@@ -19,6 +19,6 @@
19#define __XFS_GLOBALS_H__ 19#define __XFS_GLOBALS_H__
20 20
21extern uint64_t xfs_panic_mask; /* set to cause more panics */ 21extern uint64_t xfs_panic_mask; /* set to cause more panics */
22extern struct cred *sys_cred; 22extern cred_t *sys_cred;
23 23
24#endif /* __XFS_GLOBALS_H__ */ 24#endif /* __XFS_GLOBALS_H__ */
diff --git a/fs/xfs/xfs_inode.h b/fs/xfs/xfs_inode.h
index 1420c49674d7..6be310d41daf 100644
--- a/fs/xfs/xfs_inode.h
+++ b/fs/xfs/xfs_inode.h
@@ -497,7 +497,7 @@ int xfs_iread(struct xfs_mount *, struct xfs_trans *, xfs_ino_t,
497 xfs_inode_t **, xfs_daddr_t, uint); 497 xfs_inode_t **, xfs_daddr_t, uint);
498int xfs_iread_extents(struct xfs_trans *, xfs_inode_t *, int); 498int xfs_iread_extents(struct xfs_trans *, xfs_inode_t *, int);
499int xfs_ialloc(struct xfs_trans *, xfs_inode_t *, mode_t, 499int xfs_ialloc(struct xfs_trans *, xfs_inode_t *, mode_t,
500 xfs_nlink_t, xfs_dev_t, struct cred *, xfs_prid_t, 500 xfs_nlink_t, xfs_dev_t, cred_t *, xfs_prid_t,
501 int, struct xfs_buf **, boolean_t *, xfs_inode_t **); 501 int, struct xfs_buf **, boolean_t *, xfs_inode_t **);
502void xfs_dinode_from_disk(struct xfs_icdinode *, 502void xfs_dinode_from_disk(struct xfs_icdinode *,
503 struct xfs_dinode_core *); 503 struct xfs_dinode_core *);
diff --git a/fs/xfs/xfs_vnodeops.h b/fs/xfs/xfs_vnodeops.h
index e932a96bec54..7b0c2ab88333 100644
--- a/fs/xfs/xfs_vnodeops.h
+++ b/fs/xfs/xfs_vnodeops.h
@@ -16,7 +16,7 @@ struct xfs_iomap;
16 16
17int xfs_open(struct xfs_inode *ip); 17int xfs_open(struct xfs_inode *ip);
18int xfs_setattr(struct xfs_inode *ip, struct iattr *vap, int flags, 18int xfs_setattr(struct xfs_inode *ip, struct iattr *vap, int flags,
19 struct cred *credp); 19 cred_t *credp);
20#define XFS_ATTR_DMI 0x01 /* invocation from a DMI function */ 20#define XFS_ATTR_DMI 0x01 /* invocation from a DMI function */
21#define XFS_ATTR_NONBLOCK 0x02 /* return EAGAIN if operation would block */ 21#define XFS_ATTR_NONBLOCK 0x02 /* return EAGAIN if operation would block */
22#define XFS_ATTR_NOLOCK 0x04 /* Don't grab any conflicting locks */ 22#define XFS_ATTR_NOLOCK 0x04 /* Don't grab any conflicting locks */
@@ -28,24 +28,24 @@ int xfs_inactive(struct xfs_inode *ip);
28int xfs_lookup(struct xfs_inode *dp, struct xfs_name *name, 28int xfs_lookup(struct xfs_inode *dp, struct xfs_name *name,
29 struct xfs_inode **ipp, struct xfs_name *ci_name); 29 struct xfs_inode **ipp, struct xfs_name *ci_name);
30int xfs_create(struct xfs_inode *dp, struct xfs_name *name, mode_t mode, 30int xfs_create(struct xfs_inode *dp, struct xfs_name *name, mode_t mode,
31 xfs_dev_t rdev, struct xfs_inode **ipp, struct cred *credp); 31 xfs_dev_t rdev, struct xfs_inode **ipp, cred_t *credp);
32int xfs_remove(struct xfs_inode *dp, struct xfs_name *name, 32int xfs_remove(struct xfs_inode *dp, struct xfs_name *name,
33 struct xfs_inode *ip); 33 struct xfs_inode *ip);
34int xfs_link(struct xfs_inode *tdp, struct xfs_inode *sip, 34int xfs_link(struct xfs_inode *tdp, struct xfs_inode *sip,
35 struct xfs_name *target_name); 35 struct xfs_name *target_name);
36int xfs_mkdir(struct xfs_inode *dp, struct xfs_name *dir_name, 36int xfs_mkdir(struct xfs_inode *dp, struct xfs_name *dir_name,
37 mode_t mode, struct xfs_inode **ipp, struct cred *credp); 37 mode_t mode, struct xfs_inode **ipp, cred_t *credp);
38int xfs_readdir(struct xfs_inode *dp, void *dirent, size_t bufsize, 38int xfs_readdir(struct xfs_inode *dp, void *dirent, size_t bufsize,
39 xfs_off_t *offset, filldir_t filldir); 39 xfs_off_t *offset, filldir_t filldir);
40int xfs_symlink(struct xfs_inode *dp, struct xfs_name *link_name, 40int xfs_symlink(struct xfs_inode *dp, struct xfs_name *link_name,
41 const char *target_path, mode_t mode, struct xfs_inode **ipp, 41 const char *target_path, mode_t mode, struct xfs_inode **ipp,
42 struct cred *credp); 42 cred_t *credp);
43int xfs_inode_flush(struct xfs_inode *ip, int flags); 43int xfs_inode_flush(struct xfs_inode *ip, int flags);
44int xfs_set_dmattrs(struct xfs_inode *ip, u_int evmask, u_int16_t state); 44int xfs_set_dmattrs(struct xfs_inode *ip, u_int evmask, u_int16_t state);
45int xfs_reclaim(struct xfs_inode *ip); 45int xfs_reclaim(struct xfs_inode *ip);
46int xfs_change_file_space(struct xfs_inode *ip, int cmd, 46int xfs_change_file_space(struct xfs_inode *ip, int cmd,
47 xfs_flock64_t *bf, xfs_off_t offset, 47 xfs_flock64_t *bf, xfs_off_t offset,
48 struct cred *credp, int attr_flags); 48 cred_t *credp, int attr_flags);
49int xfs_rename(struct xfs_inode *src_dp, struct xfs_name *src_name, 49int xfs_rename(struct xfs_inode *src_dp, struct xfs_name *src_name,
50 struct xfs_inode *src_ip, struct xfs_inode *target_dp, 50 struct xfs_inode *src_ip, struct xfs_inode *target_dp,
51 struct xfs_name *target_name, struct xfs_inode *target_ip); 51 struct xfs_name *target_name, struct xfs_inode *target_ip);