CRED: Use RCU to access another task's creds and to release a task's own creds

Use RCU to access another task's creds and to release a task's own creds.
This means that it will be possible for the credentials of a task to be
replaced without another task (a) requiring a full lock to read them, and (b)
seeing deallocated memory.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>

1 files changed, 8 insertions, 8 deletions

diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index e210526e6401..a512a75a5560 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -1279,7 +1279,7 @@ int cgroup_attach_task(struct cgroup *cgrp, struct task_struct *tsk)
 static int attach_task_by_pid(struct cgroup *cgrp, u64 pid)
 {
         struct task_struct *tsk;
-        uid_t euid;
+        const struct cred *cred = current_cred(), *tcred;
         int ret;
 
         if (pid) {
@@ -1289,16 +1289,16 @@ static int attach_task_by_pid(struct cgroup *cgrp, u64 pid)
                         rcu_read_unlock();
                         return -ESRCH;
                 }
-                get_task_struct(tsk);
-                rcu_read_unlock();
 
-                euid = current_euid();
-                if (euid &&
-                    euid != tsk->cred->uid &&
-                    euid != tsk->cred->suid) {
-                        put_task_struct(tsk);
+                tcred = __task_cred(tsk);
+                if (cred->euid &&
+                    cred->euid != tcred->uid &&
+                    cred->euid != tcred->suid) {
+                        rcu_read_unlock();
                         return -EACCES;
                 }
+                get_task_struct(tsk);
+                rcu_read_unlock();
         } else {
                 tsk = current;
                 get_task_struct(tsk);