diff options
| author | David Howells <dhowells@redhat.com> | 2008-11-13 18:39:19 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2008-11-13 18:39:19 -0500 |
| commit | c69e8d9c01db2adc503464993c358901c9af9de4 (patch) | |
| tree | bed94aaa9aeb7a7834d1c880f72b62a11a752c78 /fs | |
| parent | 86a264abe542cfececb4df129bc45a0338d8cdb9 (diff) | |
CRED: Use RCU to access another task's creds and to release a task's own creds
Use RCU to access another task's creds and to release a task's own creds.
This means that it will be possible for the credentials of a task to be
replaced without another task (a) requiring a full lock to read them, and (b)
seeing deallocated memory.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/binfmt_elf.c | 8 | ||||
| -rw-r--r-- | fs/binfmt_elf_fdpic.c | 8 | ||||
| -rw-r--r-- | fs/fcntl.c | 15 | ||||
| -rw-r--r-- | fs/fuse/dir.c | 23 | ||||
| -rw-r--r-- | fs/ioprio.c | 14 | ||||
| -rw-r--r-- | fs/proc/array.c | 32 | ||||
| -rw-r--r-- | fs/proc/base.c | 32 |
7 files changed, 93 insertions, 39 deletions
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 0e6655613169..9142ff5dc8e6 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c | |||
| @@ -1361,6 +1361,7 @@ static void fill_prstatus(struct elf_prstatus *prstatus, | |||
| 1361 | static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p, | 1361 | static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p, |
| 1362 | struct mm_struct *mm) | 1362 | struct mm_struct *mm) |
| 1363 | { | 1363 | { |
| 1364 | const struct cred *cred; | ||
| 1364 | unsigned int i, len; | 1365 | unsigned int i, len; |
| 1365 | 1366 | ||
| 1366 | /* first copy the parameters from user space */ | 1367 | /* first copy the parameters from user space */ |
| @@ -1388,8 +1389,11 @@ static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p, | |||
| 1388 | psinfo->pr_zomb = psinfo->pr_sname == 'Z'; | 1389 | psinfo->pr_zomb = psinfo->pr_sname == 'Z'; |
| 1389 | psinfo->pr_nice = task_nice(p); | 1390 | psinfo->pr_nice = task_nice(p); |
| 1390 | psinfo->pr_flag = p->flags; | 1391 | psinfo->pr_flag = p->flags; |
| 1391 | SET_UID(psinfo->pr_uid, p->cred->uid); | 1392 | rcu_read_lock(); |
| 1392 | SET_GID(psinfo->pr_gid, p->cred->gid); | 1393 | cred = __task_cred(p); |
| 1394 | SET_UID(psinfo->pr_uid, cred->uid); | ||
| 1395 | SET_GID(psinfo->pr_gid, cred->gid); | ||
| 1396 | rcu_read_unlock(); | ||
| 1393 | strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname)); | 1397 | strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname)); |
| 1394 | 1398 | ||
| 1395 | return 0; | 1399 | return 0; |
diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c index 1f6e8c023b4c..45dabd59936f 100644 --- a/fs/binfmt_elf_fdpic.c +++ b/fs/binfmt_elf_fdpic.c | |||
| @@ -1414,6 +1414,7 @@ static void fill_prstatus(struct elf_prstatus *prstatus, | |||
| 1414 | static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p, | 1414 | static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p, |
| 1415 | struct mm_struct *mm) | 1415 | struct mm_struct *mm) |
| 1416 | { | 1416 | { |
| 1417 | const struct cred *cred; | ||
| 1417 | unsigned int i, len; | 1418 | unsigned int i, len; |
| 1418 | 1419 | ||
| 1419 | /* first copy the parameters from user space */ | 1420 | /* first copy the parameters from user space */ |
| @@ -1441,8 +1442,11 @@ static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p, | |||
| 1441 | psinfo->pr_zomb = psinfo->pr_sname == 'Z'; | 1442 | psinfo->pr_zomb = psinfo->pr_sname == 'Z'; |
| 1442 | psinfo->pr_nice = task_nice(p); | 1443 | psinfo->pr_nice = task_nice(p); |
| 1443 | psinfo->pr_flag = p->flags; | 1444 | psinfo->pr_flag = p->flags; |
| 1444 | SET_UID(psinfo->pr_uid, p->cred->uid); | 1445 | rcu_read_lock(); |
| 1445 | SET_GID(psinfo->pr_gid, p->cred->gid); | 1446 | cred = __task_cred(p); |
| 1447 | SET_UID(psinfo->pr_uid, cred->uid); | ||
| 1448 | SET_GID(psinfo->pr_gid, cred->gid); | ||
| 1449 | rcu_read_unlock(); | ||
| 1446 | strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname)); | 1450 | strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname)); |
| 1447 | 1451 | ||
| 1448 | return 0; | 1452 | return 0; |
diff --git a/fs/fcntl.c b/fs/fcntl.c index c594cc0e40fb..87c39f1f0817 100644 --- a/fs/fcntl.c +++ b/fs/fcntl.c | |||
| @@ -401,10 +401,17 @@ static const long band_table[NSIGPOLL] = { | |||
| 401 | static inline int sigio_perm(struct task_struct *p, | 401 | static inline int sigio_perm(struct task_struct *p, |
| 402 | struct fown_struct *fown, int sig) | 402 | struct fown_struct *fown, int sig) |
| 403 | { | 403 | { |
| 404 | return (((fown->euid == 0) || | 404 | const struct cred *cred; |
| 405 | (fown->euid == p->cred->suid) || (fown->euid == p->cred->uid) || | 405 | int ret; |
| 406 | (fown->uid == p->cred->suid) || (fown->uid == p->cred->uid)) && | 406 | |
| 407 | !security_file_send_sigiotask(p, fown, sig)); | 407 | rcu_read_lock(); |
| 408 | cred = __task_cred(p); | ||
| 409 | ret = ((fown->euid == 0 || | ||
| 410 | fown->euid == cred->suid || fown->euid == cred->uid || | ||
| 411 | fown->uid == cred->suid || fown->uid == cred->uid) && | ||
| 412 | !security_file_send_sigiotask(p, fown, sig)); | ||
| 413 | rcu_read_unlock(); | ||
| 414 | return ret; | ||
| 408 | } | 415 | } |
| 409 | 416 | ||
| 410 | static void send_sigio_to_task(struct task_struct *p, | 417 | static void send_sigio_to_task(struct task_struct *p, |
diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c index e97a98981862..95bc22bdd060 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c | |||
| @@ -869,18 +869,25 @@ int fuse_update_attributes(struct inode *inode, struct kstat *stat, | |||
| 869 | */ | 869 | */ |
| 870 | int fuse_allow_task(struct fuse_conn *fc, struct task_struct *task) | 870 | int fuse_allow_task(struct fuse_conn *fc, struct task_struct *task) |
| 871 | { | 871 | { |
| 872 | const struct cred *cred; | ||
| 873 | int ret; | ||
| 874 | |||
| 872 | if (fc->flags & FUSE_ALLOW_OTHER) | 875 | if (fc->flags & FUSE_ALLOW_OTHER) |
| 873 | return 1; | 876 | return 1; |
| 874 | 877 | ||
| 875 | if (task->cred->euid == fc->user_id && | 878 | rcu_read_lock(); |
| 876 | task->cred->suid == fc->user_id && | 879 | ret = 0; |
| 877 | task->cred->uid == fc->user_id && | 880 | cred = __task_cred(task); |
| 878 | task->cred->egid == fc->group_id && | 881 | if (cred->euid == fc->user_id && |
| 879 | task->cred->sgid == fc->group_id && | 882 | cred->suid == fc->user_id && |
| 880 | task->cred->gid == fc->group_id) | 883 | cred->uid == fc->user_id && |
| 881 | return 1; | 884 | cred->egid == fc->group_id && |
| 885 | cred->sgid == fc->group_id && | ||
| 886 | cred->gid == fc->group_id) | ||
| 887 | ret = 1; | ||
| 888 | rcu_read_unlock(); | ||
| 882 | 889 | ||
| 883 | return 0; | 890 | return ret; |
| 884 | } | 891 | } |
| 885 | 892 | ||
| 886 | static int fuse_access(struct inode *inode, int mask) | 893 | static int fuse_access(struct inode *inode, int mask) |
diff --git a/fs/ioprio.c b/fs/ioprio.c index 5112554fd210..3569e0ad86a2 100644 --- a/fs/ioprio.c +++ b/fs/ioprio.c | |||
| @@ -31,10 +31,16 @@ static int set_task_ioprio(struct task_struct *task, int ioprio) | |||
| 31 | { | 31 | { |
| 32 | int err; | 32 | int err; |
| 33 | struct io_context *ioc; | 33 | struct io_context *ioc; |
| 34 | const struct cred *cred = current_cred(), *tcred; | ||
| 34 | 35 | ||
| 35 | if (task->cred->uid != current_euid() && | 36 | rcu_read_lock(); |
| 36 | task->cred->uid != current_uid() && !capable(CAP_SYS_NICE)) | 37 | tcred = __task_cred(task); |
| 38 | if (tcred->uid != cred->euid && | ||
| 39 | tcred->uid != cred->uid && !capable(CAP_SYS_NICE)) { | ||
| 40 | rcu_read_unlock(); | ||
| 37 | return -EPERM; | 41 | return -EPERM; |
| 42 | } | ||
| 43 | rcu_read_unlock(); | ||
| 38 | 44 | ||
| 39 | err = security_task_setioprio(task, ioprio); | 45 | err = security_task_setioprio(task, ioprio); |
| 40 | if (err) | 46 | if (err) |
| @@ -131,7 +137,7 @@ asmlinkage long sys_ioprio_set(int which, int who, int ioprio) | |||
| 131 | break; | 137 | break; |
| 132 | 138 | ||
| 133 | do_each_thread(g, p) { | 139 | do_each_thread(g, p) { |
| 134 | if (p->cred->uid != who) | 140 | if (__task_cred(p)->uid != who) |
| 135 | continue; | 141 | continue; |
| 136 | ret = set_task_ioprio(p, ioprio); | 142 | ret = set_task_ioprio(p, ioprio); |
| 137 | if (ret) | 143 | if (ret) |
| @@ -224,7 +230,7 @@ asmlinkage long sys_ioprio_get(int which, int who) | |||
| 224 | break; | 230 | break; |
| 225 | 231 | ||
| 226 | do_each_thread(g, p) { | 232 | do_each_thread(g, p) { |
| 227 | if (p->cred->uid != user->uid) | 233 | if (__task_cred(p)->uid != user->uid) |
| 228 | continue; | 234 | continue; |
| 229 | tmpio = get_task_ioprio(p); | 235 | tmpio = get_task_ioprio(p); |
| 230 | if (tmpio < 0) | 236 | if (tmpio < 0) |
diff --git a/fs/proc/array.c b/fs/proc/array.c index 62fe9b2009b6..7e4877d9dcb5 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c | |||
| @@ -159,6 +159,7 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns, | |||
| 159 | struct group_info *group_info; | 159 | struct group_info *group_info; |
| 160 | int g; | 160 | int g; |
| 161 | struct fdtable *fdt = NULL; | 161 | struct fdtable *fdt = NULL; |
| 162 | const struct cred *cred; | ||
| 162 | pid_t ppid, tpid; | 163 | pid_t ppid, tpid; |
| 163 | 164 | ||
| 164 | rcu_read_lock(); | 165 | rcu_read_lock(); |
| @@ -170,6 +171,7 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns, | |||
| 170 | if (tracer) | 171 | if (tracer) |
| 171 | tpid = task_pid_nr_ns(tracer, ns); | 172 | tpid = task_pid_nr_ns(tracer, ns); |
| 172 | } | 173 | } |
| 174 | cred = get_cred((struct cred *) __task_cred(p)); | ||
| 173 | seq_printf(m, | 175 | seq_printf(m, |
| 174 | "State:\t%s\n" | 176 | "State:\t%s\n" |
| 175 | "Tgid:\t%d\n" | 177 | "Tgid:\t%d\n" |
| @@ -182,8 +184,8 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns, | |||
| 182 | task_tgid_nr_ns(p, ns), | 184 | task_tgid_nr_ns(p, ns), |
| 183 | pid_nr_ns(pid, ns), | 185 | pid_nr_ns(pid, ns), |
| 184 | ppid, tpid, | 186 | ppid, tpid, |
| 185 | p->cred->uid, p->cred->euid, p->cred->suid, p->cred->fsuid, | 187 | cred->uid, cred->euid, cred->suid, cred->fsuid, |
| 186 | p->cred->gid, p->cred->egid, p->cred->sgid, p->cred->fsgid); | 188 | cred->gid, cred->egid, cred->sgid, cred->fsgid); |
| 187 | 189 | ||
| 188 | task_lock(p); | 190 | task_lock(p); |
| 189 | if (p->files) | 191 | if (p->files) |
| @@ -194,13 +196,12 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns, | |||
| 194 | fdt ? fdt->max_fds : 0); | 196 | fdt ? fdt->max_fds : 0); |
| 195 | rcu_read_unlock(); | 197 | rcu_read_unlock(); |
| 196 | 198 | ||
| 197 | group_info = p->cred->group_info; | 199 | group_info = cred->group_info; |
| 198 | get_group_info(group_info); | ||
| 199 | task_unlock(p); | 200 | task_unlock(p); |
| 200 | 201 | ||
| 201 | for (g = 0; g < min(group_info->ngroups, NGROUPS_SMALL); g++) | 202 | for (g = 0; g < min(group_info->ngroups, NGROUPS_SMALL); g++) |
| 202 | seq_printf(m, "%d ", GROUP_AT(group_info, g)); | 203 | seq_printf(m, "%d ", GROUP_AT(group_info, g)); |
| 203 | put_group_info(group_info); | 204 | put_cred(cred); |
| 204 | 205 | ||
| 205 | seq_printf(m, "\n"); | 206 | seq_printf(m, "\n"); |
| 206 | } | 207 | } |
| @@ -262,7 +263,7 @@ static inline void task_sig(struct seq_file *m, struct task_struct *p) | |||
| 262 | blocked = p->blocked; | 263 | blocked = p->blocked; |
| 263 | collect_sigign_sigcatch(p, &ignored, &caught); | 264 | collect_sigign_sigcatch(p, &ignored, &caught); |
| 264 | num_threads = atomic_read(&p->signal->count); | 265 | num_threads = atomic_read(&p->signal->count); |
| 265 | qsize = atomic_read(&p->cred->user->sigpending); | 266 | qsize = atomic_read(&__task_cred(p)->user->sigpending); |
| 266 | qlim = p->signal->rlim[RLIMIT_SIGPENDING].rlim_cur; | 267 | qlim = p->signal->rlim[RLIMIT_SIGPENDING].rlim_cur; |
| 267 | unlock_task_sighand(p, &flags); | 268 | unlock_task_sighand(p, &flags); |
| 268 | } | 269 | } |
| @@ -293,12 +294,21 @@ static void render_cap_t(struct seq_file *m, const char *header, | |||
| 293 | 294 | ||
| 294 | static inline void task_cap(struct seq_file *m, struct task_struct *p) | 295 | static inline void task_cap(struct seq_file *m, struct task_struct *p) |
| 295 | { | 296 | { |
| 296 | struct cred *cred = p->cred; | 297 | const struct cred *cred; |
| 298 | kernel_cap_t cap_inheritable, cap_permitted, cap_effective, cap_bset; | ||
| 297 | 299 | ||
| 298 | render_cap_t(m, "CapInh:\t", &cred->cap_inheritable); | 300 | rcu_read_lock(); |
| 299 | render_cap_t(m, "CapPrm:\t", &cred->cap_permitted); | 301 | cred = __task_cred(p); |
| 300 | render_cap_t(m, "CapEff:\t", &cred->cap_effective); | 302 | cap_inheritable = cred->cap_inheritable; |
| 301 | render_cap_t(m, "CapBnd:\t", &cred->cap_bset); | 303 | cap_permitted = cred->cap_permitted; |
| 304 | cap_effective = cred->cap_effective; | ||
| 305 | cap_bset = cred->cap_bset; | ||
| 306 | rcu_read_unlock(); | ||
| 307 | |||
| 308 | render_cap_t(m, "CapInh:\t", &cap_inheritable); | ||
| 309 | render_cap_t(m, "CapPrm:\t", &cap_permitted); | ||
| 310 | render_cap_t(m, "CapEff:\t", &cap_effective); | ||
| 311 | render_cap_t(m, "CapBnd:\t", &cap_bset); | ||
| 302 | } | 312 | } |
| 303 | 313 | ||
| 304 | static inline void task_context_switch_counts(struct seq_file *m, | 314 | static inline void task_context_switch_counts(struct seq_file *m, |
diff --git a/fs/proc/base.c b/fs/proc/base.c index 6862b360c36c..cf42c42cbfbb 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c | |||
| @@ -1406,6 +1406,7 @@ static struct inode *proc_pid_make_inode(struct super_block * sb, struct task_st | |||
| 1406 | { | 1406 | { |
| 1407 | struct inode * inode; | 1407 | struct inode * inode; |
| 1408 | struct proc_inode *ei; | 1408 | struct proc_inode *ei; |
| 1409 | const struct cred *cred; | ||
| 1409 | 1410 | ||
| 1410 | /* We need a new inode */ | 1411 | /* We need a new inode */ |
| 1411 | 1412 | ||
| @@ -1428,8 +1429,11 @@ static struct inode *proc_pid_make_inode(struct super_block * sb, struct task_st | |||
| 1428 | inode->i_uid = 0; | 1429 | inode->i_uid = 0; |
| 1429 | inode->i_gid = 0; | 1430 | inode->i_gid = 0; |
| 1430 | if (task_dumpable(task)) { | 1431 | if (task_dumpable(task)) { |
| 1431 | inode->i_uid = task->cred->euid; | 1432 | rcu_read_lock(); |
| 1432 | inode->i_gid = task->cred->egid; | 1433 | cred = __task_cred(task); |
| 1434 | inode->i_uid = cred->euid; | ||
| 1435 | inode->i_gid = cred->egid; | ||
| 1436 | rcu_read_unlock(); | ||
| 1433 | } | 1437 | } |
| 1434 | security_task_to_inode(task, inode); | 1438 | security_task_to_inode(task, inode); |
| 1435 | 1439 | ||
| @@ -1445,6 +1449,8 @@ static int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat | |||
| 1445 | { | 1449 | { |
| 1446 | struct inode *inode = dentry->d_inode; | 1450 | struct inode *inode = dentry->d_inode; |
| 1447 | struct task_struct *task; | 1451 | struct task_struct *task; |
| 1452 | const struct cred *cred; | ||
| 1453 | |||
| 1448 | generic_fillattr(inode, stat); | 1454 | generic_fillattr(inode, stat); |
| 1449 | 1455 | ||
| 1450 | rcu_read_lock(); | 1456 | rcu_read_lock(); |
| @@ -1454,8 +1460,9 @@ static int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat | |||
| 1454 | if (task) { | 1460 | if (task) { |
| 1455 | if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || | 1461 | if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || |
| 1456 | task_dumpable(task)) { | 1462 | task_dumpable(task)) { |
| 1457 | stat->uid = task->cred->euid; | 1463 | cred = __task_cred(task); |
| 1458 | stat->gid = task->cred->egid; | 1464 | stat->uid = cred->euid; |
| 1465 | stat->gid = cred->egid; | ||
| 1459 | } | 1466 | } |
| 1460 | } | 1467 | } |
| 1461 | rcu_read_unlock(); | 1468 | rcu_read_unlock(); |
| @@ -1483,11 +1490,16 @@ static int pid_revalidate(struct dentry *dentry, struct nameidata *nd) | |||
| 1483 | { | 1490 | { |
| 1484 | struct inode *inode = dentry->d_inode; | 1491 | struct inode *inode = dentry->d_inode; |
| 1485 | struct task_struct *task = get_proc_task(inode); | 1492 | struct task_struct *task = get_proc_task(inode); |
| 1493 | const struct cred *cred; | ||
| 1494 | |||
| 1486 | if (task) { | 1495 | if (task) { |
| 1487 | if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || | 1496 | if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || |
| 1488 | task_dumpable(task)) { | 1497 | task_dumpable(task)) { |
| 1489 | inode->i_uid = task->cred->euid; | 1498 | rcu_read_lock(); |
| 1490 | inode->i_gid = task->cred->egid; | 1499 | cred = __task_cred(task); |
| 1500 | inode->i_uid = cred->euid; | ||
| 1501 | inode->i_gid = cred->egid; | ||
| 1502 | rcu_read_unlock(); | ||
| 1491 | } else { | 1503 | } else { |
| 1492 | inode->i_uid = 0; | 1504 | inode->i_uid = 0; |
| 1493 | inode->i_gid = 0; | 1505 | inode->i_gid = 0; |
| @@ -1649,6 +1661,7 @@ static int tid_fd_revalidate(struct dentry *dentry, struct nameidata *nd) | |||
| 1649 | struct task_struct *task = get_proc_task(inode); | 1661 | struct task_struct *task = get_proc_task(inode); |
| 1650 | int fd = proc_fd(inode); | 1662 | int fd = proc_fd(inode); |
| 1651 | struct files_struct *files; | 1663 | struct files_struct *files; |
| 1664 | const struct cred *cred; | ||
| 1652 | 1665 | ||
| 1653 | if (task) { | 1666 | if (task) { |
| 1654 | files = get_files_struct(task); | 1667 | files = get_files_struct(task); |
| @@ -1658,8 +1671,11 @@ static int tid_fd_revalidate(struct dentry *dentry, struct nameidata *nd) | |||
| 1658 | rcu_read_unlock(); | 1671 | rcu_read_unlock(); |
| 1659 | put_files_struct(files); | 1672 | put_files_struct(files); |
| 1660 | if (task_dumpable(task)) { | 1673 | if (task_dumpable(task)) { |
| 1661 | inode->i_uid = task->cred->euid; | 1674 | rcu_read_lock(); |
| 1662 | inode->i_gid = task->cred->egid; | 1675 | cred = __task_cred(task); |
| 1676 | inode->i_uid = cred->euid; | ||
| 1677 | inode->i_gid = cred->egid; | ||
| 1678 | rcu_read_unlock(); | ||
| 1663 | } else { | 1679 | } else { |
| 1664 | inode->i_uid = 0; | 1680 | inode->i_uid = 0; |
| 1665 | inode->i_gid = 0; | 1681 | inode->i_gid = 0; |