CRED: Add some configurable debugging [try #6]

Add a config option (CONFIG_DEBUG_CREDENTIALS) to turn on some debug checking for credential management. The additional code keeps track of the number of pointers from task_structs to any given cred struct, and checks to see that this number never exceeds the usage count of the cred struct (which includes all references, not just those from task_structs). Furthermore, if SELinux is enabled, the code also checks that the security pointer in the cred struct is never seen to be invalid. This attempts to catch the bug whereby inode_has_perm() faults in an nfsd kernel thread on seeing cred->security be a NULL pointer (it appears that the credential struct has been previously released): http://www.kerneloops.org/oops.php?number=252883 Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
author: David Howells <dhowells@redhat.com> 2009-09-02 04:13:40 -0400
committer: James Morris <jmorris@namei.org> 2009-09-02 07:29:01 -0400
commit: e0e817392b9acf2c98d3be80c233dddb1b52003d (patch)
tree: ee680c020039313c9f9c40ab3542bb30a7363381 /include/linux/cred.h
parent: ed6d76e4c32de0c2ad5f1d572b948ef49e465176 (diff)
1 files changed, 64 insertions, 1 deletions
diff --git a/include/linux/cred.h b/include/linux/cred.h
index b3c76e815d66..85439abdbc80 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -114,6 +114,13 @@ struct thread_group_cred {
 */
 struct cred {
        atomic_t        usage;
+#ifdef CONFIG_DEBUG_CREDENTIALS
+        atomic_t        subscribers;    /* number of processes subscribed */
+        void            *put_addr;
+        unsigned        magic;
+#define CRED_MAGIC      0x43736564
+#define CRED_MAGIC_DEAD 0x44656144
+#endif
        uid_t           uid;            /* real UID of the task */
        gid_t           gid;            /* real GID of the task */
        uid_t           suid;           /* saved UID of the task */
@@ -143,6 +150,7 @@ struct cred {
 };
 extern void __put_cred(struct cred *);
+extern void exit_creds(struct task_struct *);
 extern int copy_creds(struct task_struct *, unsigned long);
 extern struct cred *prepare_creds(void);
 extern struct cred *prepare_exec_creds(void);
@@ -158,6 +166,60 @@ extern int set_security_override_from_ctx(struct cred *, const char *);
 extern int set_create_files_as(struct cred *, struct inode *);
 extern void __init cred_init(void);
+/*
+ * check for validity of credentials
+ */
+#ifdef CONFIG_DEBUG_CREDENTIALS
+extern void __invalid_creds(const struct cred *, const char *, unsigned);
+extern void __validate_process_creds(struct task_struct *,
+                                     const char *, unsigned);
+static inline bool creds_are_invalid(const struct cred *cred)
+{
+        if (cred->magic != CRED_MAGIC)
+                return true;
+        if (atomic_read(&cred->usage) < atomic_read(&cred->subscribers))
+                return true;
+#ifdef CONFIG_SECURITY_SELINUX
+        if ((unsigned long) cred->security < PAGE_SIZE)
+                return true;
+        if ((*(u32*)cred->security & 0xffffff00) ==
+            (POISON_FREE << 24 | POISON_FREE << 16 | POISON_FREE << 8))
+                return true;
+#endif
+        return false;
+}
+static inline void __validate_creds(const struct cred *cred,
+                                    const char *file, unsigned line)
+{
+        if (unlikely(creds_are_invalid(cred)))
+                __invalid_creds(cred, file, line);
+}
+#define validate_creds(cred)                            \
+do {                                                    \
+        __validate_creds((cred), __FILE__, __LINE__);   \
+} while(0)
+#define validate_process_creds()                                \
+do {                                                            \
+        __validate_process_creds(current, __FILE__, __LINE__);  \
+} while(0)
+extern void validate_creds_for_do_exit(struct task_struct *);
+#else
+static inline void validate_creds(const struct cred *cred)
+{
+}
+static inline void validate_creds_for_do_exit(struct task_struct *tsk)
+{
+}
+static inline void validate_process_creds(void)
+{
+}
+#endif
 /**
 * get_new_cred - Get a reference on a new set of credentials
 * @cred: The new credentials to reference
@@ -187,6 +249,7 @@ static inline struct cred *get_new_cred(struct cred *cred)
 static inline const struct cred *get_cred(const struct cred *cred)
 {
        struct cred *nonconst_cred = (struct cred *) cred;
+        validate_creds(cred);
        return get_new_cred(nonconst_cred);
 }
@@ -205,7 +268,7 @@ static inline void put_cred(const struct cred *_cred)
 {
        struct cred *cred = (struct cred *) _cred;
-        BUG_ON(atomic_read(&(cred)->usage) <= 0);
+        validate_creds(cred);
        if (atomic_dec_and_test(&(cred)->usage))
                __put_cred(cred);
 }
author	David Howells <dhowells@redhat.com>	2009-09-02 04:13:40 -0400
committer	James Morris <jmorris@namei.org>	2009-09-02 07:29:01 -0400
commit	e0e817392b9acf2c98d3be80c233dddb1b52003d (patch)
tree	ee680c020039313c9f9c40ab3542bb30a7363381 /include/linux/cred.h
parent	ed6d76e4c32de0c2ad5f1d572b948ef49e465176 (diff)

diff --git a/include/linux/cred.h b/include/linux/cred.h index b3c76e815d66..85439abdbc80 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h
@@ -114,6 +114,13 @@ struct thread_group_cred {
114	*/	114	*/
115	struct cred {	115	struct cred {
116	atomic_t usage;	116	atomic_t usage;
		117	#ifdef CONFIG_DEBUG_CREDENTIALS
		118	atomic_t subscribers; /* number of processes subscribed */
		119	void *put_addr;
		120	unsigned magic;
		121	#define CRED_MAGIC 0x43736564
		122	#define CRED_MAGIC_DEAD 0x44656144
		123	#endif
117	uid_t uid; /* real UID of the task */	124	uid_t uid; /* real UID of the task */
118	gid_t gid; /* real GID of the task */	125	gid_t gid; /* real GID of the task */
119	uid_t suid; /* saved UID of the task */	126	uid_t suid; /* saved UID of the task */
@@ -143,6 +150,7 @@ struct cred {
143	};	150	};
144		151
145	extern void __put_cred(struct cred *);	152	extern void __put_cred(struct cred *);
		153	extern void exit_creds(struct task_struct *);
146	extern int copy_creds(struct task_struct *, unsigned long);	154	extern int copy_creds(struct task_struct *, unsigned long);
147	extern struct cred *prepare_creds(void);	155	extern struct cred *prepare_creds(void);
148	extern struct cred *prepare_exec_creds(void);	156	extern struct cred *prepare_exec_creds(void);
@@ -158,6 +166,60 @@ extern int set_security_override_from_ctx(struct cred , const char );
158	extern int set_create_files_as(struct cred , struct inode );	166	extern int set_create_files_as(struct cred , struct inode );
159	extern void __init cred_init(void);	167	extern void __init cred_init(void);
160		168
		169	/*
		170	* check for validity of credentials
		171	*/
		172	#ifdef CONFIG_DEBUG_CREDENTIALS
		173	extern void __invalid_creds(const struct cred , const char , unsigned);
		174	extern void __validate_process_creds(struct task_struct *,
		175	const char *, unsigned);
		176
		177	static inline bool creds_are_invalid(const struct cred *cred)
		178	{
		179	if (cred->magic != CRED_MAGIC)
		180	return true;
		181	if (atomic_read(&cred->usage) < atomic_read(&cred->subscribers))
		182	return true;
		183	#ifdef CONFIG_SECURITY_SELINUX
		184	if ((unsigned long) cred->security < PAGE_SIZE)
		185	return true;
		186	if (((u32)cred->security & 0xffffff00) ==
		187	(POISON_FREE << 24 \| POISON_FREE << 16 \| POISON_FREE << 8))
		188	return true;
		189	#endif
		190	return false;
		191	}
		192
		193	static inline void __validate_creds(const struct cred *cred,
		194	const char *file, unsigned line)
		195	{
		196	if (unlikely(creds_are_invalid(cred)))
		197	__invalid_creds(cred, file, line);
		198	}
		199
		200	#define validate_creds(cred) \
		201	do { \
		202	__validate_creds((cred), __FILE__, __LINE__); \
		203	} while(0)
		204
		205	#define validate_process_creds() \
		206	do { \
		207	__validate_process_creds(current, __FILE__, __LINE__); \
		208	} while(0)
		209
		210	extern void validate_creds_for_do_exit(struct task_struct *);
		211	#else
		212	static inline void validate_creds(const struct cred *cred)
		213	{
		214	}
		215	static inline void validate_creds_for_do_exit(struct task_struct *tsk)
		216	{
		217	}
		218	static inline void validate_process_creds(void)
		219	{
		220	}
		221	#endif
		222
161	/**	223	/**
162	* get_new_cred - Get a reference on a new set of credentials	224	* get_new_cred - Get a reference on a new set of credentials
163	* @cred: The new credentials to reference	225	* @cred: The new credentials to reference
@@ -187,6 +249,7 @@ static inline struct cred get_new_cred(struct cred cred)
187	static inline const struct cred get_cred(const struct cred cred)	249	static inline const struct cred get_cred(const struct cred cred)
188	{	250	{
189	struct cred nonconst_cred = (struct cred ) cred;	251	struct cred nonconst_cred = (struct cred ) cred;
		252	validate_creds(cred);
190	return get_new_cred(nonconst_cred);	253	return get_new_cred(nonconst_cred);
191	}	254	}
192		255
@@ -205,7 +268,7 @@ static inline void put_cred(const struct cred *_cred)
205	{	268	{
206	struct cred cred = (struct cred ) _cred;	269	struct cred cred = (struct cred ) _cred;
207		270
208	BUG_ON(atomic_read(&(cred)->usage) <= 0);	271	validate_creds(cred);
209	if (atomic_dec_and_test(&(cred)->usage))	272	if (atomic_dec_and_test(&(cred)->usage))
210	__put_cred(cred);	273	__put_cred(cred);
211	}	274	}