CRED: Wrap task credential accesses in the core kernel

Wrap access to task credentials so that they can be separated more easily from
the task_struct during the introduction of COW creds.

Change most current->(|e|s|fs)[ug]id to current_(|e|s|fs)[ug]id().

Change some task->e?[ug]id to task_e?[ug]id().  In some places it makes more
sense to use RCU directly rather than a convenient wrapper; these will be
addressed by later patches.

Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-audit@redhat.com
Cc: containers@lists.linux-foundation.org
Cc: linux-mm@kvack.org
Signed-off-by: James Morris <jmorris@namei.org>

1 files changed, 9 insertions, 6 deletions

diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index 1e68e4c39e2c..937f6b5b2008 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -123,16 +123,19 @@ int __ptrace_may_access(struct task_struct *task, unsigned int mode)
          * because setting up the necessary parent/child relationship
          * or halting the specified task is impossible.
          */
+        uid_t uid;
+        gid_t gid;
         int dumpable = 0;
         /* Don't let security modules deny introspection */
         if (task == current)
                 return 0;
-        if (((current->uid != task->euid) ||
-             (current->uid != task->suid) ||
-             (current->uid != task->uid) ||
-             (current->gid != task->egid) ||
-             (current->gid != task->sgid) ||
-             (current->gid != task->gid)) && !capable(CAP_SYS_PTRACE))
+        current_uid_gid(&uid, &gid);
+        if ((uid != task->euid ||
+             uid != task->suid ||
+             uid != task->uid  ||
+             gid != task->egid ||
+             gid != task->sgid ||
+             gid != task->gid) && !capable(CAP_SYS_PTRACE))
                 return -EPERM;
         smp_rmb();
         if (task->mm)