CRED: Detach the credentials from task_struct

Detach the credentials from task_struct, duplicating them in copy_process() and releasing them in __put_task_struct(). Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: James Morris <jmorris@namei.org> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
author: David Howells <dhowells@redhat.com> 2008-11-13 18:39:17 -0500
committer: James Morris <jmorris@namei.org> 2008-11-13 18:39:17 -0500
commit: f1752eec6145c97163dbce62d17cf5d928e28a27 (patch)
tree: 16bc51166d38815092de36a461b845b0b4b522f9 /kernel/fork.c
parent: b6dff3ec5e116e3af6f537d4caedcad6b9e5082a (diff)
1 files changed, 6 insertions, 18 deletions
diff --git a/kernel/fork.c b/kernel/fork.c
index 81fdc7733908..c932e283ddfc 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -146,9 +146,7 @@ void __put_task_struct(struct task_struct *tsk)
        WARN_ON(atomic_read(&tsk->usage));
        WARN_ON(tsk == current);
-        security_task_free(tsk);
+        put_cred(tsk->cred);
-        free_uid(tsk->__temp_cred.user);
-        put_group_info(tsk->__temp_cred.group_info);
        delayacct_tsk_free(tsk);
        if (!profile_handoff_task(tsk))
@@ -969,7 +967,6 @@ static struct task_struct *copy_process(unsigned long clone_flags,
        DEBUG_LOCKS_WARN_ON(!p->hardirqs_enabled);
        DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled);
 #endif
-        p->cred = &p->__temp_cred;
        retval = -EAGAIN;
        if (atomic_read(&p->cred->user->processes) >=
                        p->signal->rlim[RLIMIT_NPROC].rlim_cur) {
@@ -978,9 +975,9 @@ static struct task_struct *copy_process(unsigned long clone_flags,
                        goto bad_fork_free;
        }
-        atomic_inc(&p->cred->user->__count);
+        retval = copy_creds(p, clone_flags);
-        atomic_inc(&p->cred->user->processes);
+        if (retval < 0)
-        get_group_info(p->cred->group_info);
+                goto bad_fork_free;
        /*
         * If multiple threads are within copy_process(), then this check
@@ -1035,9 +1032,6 @@ static struct task_struct *copy_process(unsigned long clone_flags,
        do_posix_clock_monotonic_gettime(&p->start_time);
        p->real_start_time = p->start_time;
        monotonic_to_bootbased(&p->real_start_time);
-#ifdef CONFIG_SECURITY
-        p->cred->security = NULL;
-#endif
        p->io_context = NULL;
        p->audit_context = NULL;
        cgroup_fork(p);
@@ -1082,10 +1076,8 @@ static struct task_struct *copy_process(unsigned long clone_flags,
        /* Perform scheduler related setup. Assign this task to a CPU. */
        sched_fork(p, clone_flags);
-        if ((retval = security_task_alloc(p)))
-                goto bad_fork_cleanup_policy;
        if ((retval = audit_alloc(p)))
-                goto bad_fork_cleanup_security;
+                goto bad_fork_cleanup_policy;
        /* copy all the process information */
        if ((retval = copy_semundo(clone_flags, p)))
                goto bad_fork_cleanup_audit;
@@ -1284,8 +1276,6 @@ bad_fork_cleanup_semundo:
        exit_sem(p);
 bad_fork_cleanup_audit:
        audit_free(p);
-bad_fork_cleanup_security:
-        security_task_free(p);
 bad_fork_cleanup_policy:
 #ifdef CONFIG_NUMA
        mpol_put(p->mempolicy);
@@ -1298,9 +1288,7 @@ bad_fork_cleanup_cgroup:
 bad_fork_cleanup_put_domain:
        module_put(task_thread_info(p)->exec_domain->module);
 bad_fork_cleanup_count:
-        put_group_info(p->cred->group_info);
+        put_cred(p->cred);
-        atomic_dec(&p->cred->user->processes);
-        free_uid(p->cred->user);
 bad_fork_free:
        free_task(p);
 fork_out:
author	David Howells <dhowells@redhat.com>	2008-11-13 18:39:17 -0500
committer	James Morris <jmorris@namei.org>	2008-11-13 18:39:17 -0500
commit	f1752eec6145c97163dbce62d17cf5d928e28a27 (patch)
tree	16bc51166d38815092de36a461b845b0b4b522f9 /kernel/fork.c
parent	b6dff3ec5e116e3af6f537d4caedcad6b9e5082a (diff)