CRED: Separate task security context from task_struct

Separate the task security context from task_struct. At this point, the security data is temporarily embedded in the task_struct with two pointers pointing to it. Note that the Alpha arch is altered as it refers to (E)UID and (E)GID in entry.S via asm-offsets. With comment fixes Signed-off-by: Marc Dionne <marc.c.dionne@gmail.com> Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: James Morris <jmorris@namei.org> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
author: David Howells <dhowells@redhat.com> 2008-11-13 18:39:16 -0500
committer: James Morris <jmorris@namei.org> 2008-11-13 18:39:16 -0500
commit: b6dff3ec5e116e3af6f537d4caedcad6b9e5082a (patch)
tree: 9e76f972eb7ce9b84e0146c8e4126a3f86acb428 /kernel/signal.c
parent: 15a2460ed0af7538ca8e6c610fe607a2cd9da142 (diff)
1 files changed, 8 insertions, 8 deletions
diff --git a/kernel/signal.c b/kernel/signal.c
index 167b535fe1a9..80e8a6489f97 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -187,7 +187,7 @@ static struct sigqueue *__sigqueue_alloc(struct task_struct *t, gfp_t flags,
         * In order to avoid problems with "switch_user()", we want to make
         * sure that the compiler doesn't re-load "t->user"
         */
-        user = t->user;
+        user = t->cred->user;
        barrier();
        atomic_inc(&user->sigpending);
        if (override_rlimit ||
@@ -582,8 +582,8 @@ static int check_kill_permission(int sig, struct siginfo *info,
        uid = current_uid();
        euid = current_euid();
-        if ((euid ^ t->suid) && (euid ^ t->uid) &&
+        if ((euid ^ t->cred->suid) && (euid ^ t->cred->uid) &&
-            (uid  ^ t->suid) && (uid  ^ t->uid) &&
+            (uid  ^ t->cred->suid) && (uid  ^ t->cred->uid) &&
            !capable(CAP_KILL)) {
                switch (sig) {
                case SIGCONT:
@@ -1100,8 +1100,8 @@ int kill_pid_info_as_uid(int sig, struct siginfo *info, struct pid *pid,
                goto out_unlock;
        }
        if ((info == SEND_SIG_NOINFO || (!is_si_special(info) && SI_FROMUSER(info)))
-            && (euid != p->suid) && (euid != p->uid)
+            && (euid != p->cred->suid) && (euid != p->cred->uid)
-            && (uid != p->suid) && (uid != p->uid)) {
+            && (uid != p->cred->suid) && (uid != p->cred->uid)) {
                ret = -EPERM;
                goto out_unlock;
        }
@@ -1374,7 +1374,7 @@ int do_notify_parent(struct task_struct *tsk, int sig)
        info.si_pid = task_pid_nr_ns(tsk, tsk->parent->nsproxy->pid_ns);
        rcu_read_unlock();
-        info.si_uid = tsk->uid;
+        info.si_uid = tsk->cred->uid;
        thread_group_cputime(tsk, &cputime);
        info.si_utime = cputime_to_jiffies(cputime.utime);
@@ -1445,7 +1445,7 @@ static void do_notify_parent_cldstop(struct task_struct *tsk, int why)
        info.si_pid = task_pid_nr_ns(tsk, tsk->parent->nsproxy->pid_ns);
        rcu_read_unlock();
-        info.si_uid = tsk->uid;
+        info.si_uid = tsk->cred->uid;
        info.si_utime = cputime_to_clock_t(tsk->utime);
        info.si_stime = cputime_to_clock_t(tsk->stime);
@@ -1713,7 +1713,7 @@ static int ptrace_signal(int signr, siginfo_t *info,
                info->si_errno = 0;
                info->si_code = SI_USER;
                info->si_pid = task_pid_vnr(current->parent);
-                info->si_uid = current->parent->uid;
+                info->si_uid = current->parent->cred->uid;
        }
        /* If the (new) signal is now blocked, requeue it.  */
author	David Howells <dhowells@redhat.com>	2008-11-13 18:39:16 -0500
committer	James Morris <jmorris@namei.org>	2008-11-13 18:39:16 -0500
commit	b6dff3ec5e116e3af6f537d4caedcad6b9e5082a (patch)
tree	9e76f972eb7ce9b84e0146c8e4126a3f86acb428 /kernel/signal.c
parent	15a2460ed0af7538ca8e6c610fe607a2cd9da142 (diff)

diff --git a/kernel/signal.c b/kernel/signal.c index 167b535fe1a9..80e8a6489f97 100644 --- a/kernel/signal.c +++ b/kernel/signal.c
@@ -187,7 +187,7 @@ static struct sigqueue __sigqueue_alloc(struct task_struct t, gfp_t flags,
187	* In order to avoid problems with "switch_user()", we want to make	187	* In order to avoid problems with "switch_user()", we want to make
188	* sure that the compiler doesn't re-load "t->user"	188	* sure that the compiler doesn't re-load "t->user"
189	*/	189	*/
190	user = t->user;	190	user = t->cred->user;
191	barrier();	191	barrier();
192	atomic_inc(&user->sigpending);	192	atomic_inc(&user->sigpending);
193	if (override_rlimit \|\|	193	if (override_rlimit \|\|
@@ -582,8 +582,8 @@ static int check_kill_permission(int sig, struct siginfo *info,
582		582
583	uid = current_uid();	583	uid = current_uid();
584	euid = current_euid();	584	euid = current_euid();
585	if ((euid ^ t->suid) && (euid ^ t->uid) &&	585	if ((euid ^ t->cred->suid) && (euid ^ t->cred->uid) &&
586	(uid ^ t->suid) && (uid ^ t->uid) &&	586	(uid ^ t->cred->suid) && (uid ^ t->cred->uid) &&
587	!capable(CAP_KILL)) {	587	!capable(CAP_KILL)) {
588	switch (sig) {	588	switch (sig) {
589	case SIGCONT:	589	case SIGCONT:
@@ -1100,8 +1100,8 @@ int kill_pid_info_as_uid(int sig, struct siginfo info, struct pid pid,
1100	goto out_unlock;	1100	goto out_unlock;
1101	}	1101	}
1102	if ((info == SEND_SIG_NOINFO \|\| (!is_si_special(info) && SI_FROMUSER(info)))	1102	if ((info == SEND_SIG_NOINFO \|\| (!is_si_special(info) && SI_FROMUSER(info)))
1103	&& (euid != p->suid) && (euid != p->uid)	1103	&& (euid != p->cred->suid) && (euid != p->cred->uid)
1104	&& (uid != p->suid) && (uid != p->uid)) {	1104	&& (uid != p->cred->suid) && (uid != p->cred->uid)) {
1105	ret = -EPERM;	1105	ret = -EPERM;
1106	goto out_unlock;	1106	goto out_unlock;
1107	}	1107	}
@@ -1374,7 +1374,7 @@ int do_notify_parent(struct task_struct *tsk, int sig)
1374	info.si_pid = task_pid_nr_ns(tsk, tsk->parent->nsproxy->pid_ns);	1374	info.si_pid = task_pid_nr_ns(tsk, tsk->parent->nsproxy->pid_ns);
1375	rcu_read_unlock();	1375	rcu_read_unlock();
1376		1376
1377	info.si_uid = tsk->uid;	1377	info.si_uid = tsk->cred->uid;
1378		1378
1379	thread_group_cputime(tsk, &cputime);	1379	thread_group_cputime(tsk, &cputime);
1380	info.si_utime = cputime_to_jiffies(cputime.utime);	1380	info.si_utime = cputime_to_jiffies(cputime.utime);
@@ -1445,7 +1445,7 @@ static void do_notify_parent_cldstop(struct task_struct *tsk, int why)
1445	info.si_pid = task_pid_nr_ns(tsk, tsk->parent->nsproxy->pid_ns);	1445	info.si_pid = task_pid_nr_ns(tsk, tsk->parent->nsproxy->pid_ns);
1446	rcu_read_unlock();	1446	rcu_read_unlock();
1447		1447
1448	info.si_uid = tsk->uid;	1448	info.si_uid = tsk->cred->uid;
1449		1449
1450	info.si_utime = cputime_to_clock_t(tsk->utime);	1450	info.si_utime = cputime_to_clock_t(tsk->utime);
1451	info.si_stime = cputime_to_clock_t(tsk->stime);	1451	info.si_stime = cputime_to_clock_t(tsk->stime);
@@ -1713,7 +1713,7 @@ static int ptrace_signal(int signr, siginfo_t *info,
1713	info->si_errno = 0;	1713	info->si_errno = 0;
1714	info->si_code = SI_USER;	1714	info->si_code = SI_USER;
1715	info->si_pid = task_pid_vnr(current->parent);	1715	info->si_pid = task_pid_vnr(current->parent);
1716	info->si_uid = current->parent->uid;	1716	info->si_uid = current->parent->cred->uid;
1717	}	1717	}
1718		1718
1719	/* If the (new) signal is now blocked, requeue it. */	1719	/* If the (new) signal is now blocked, requeue it. */