aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Documentation/credentials.txt582
-rw-r--r--Documentation/kernel-parameters.txt4
-rw-r--r--arch/alpha/kernel/asm-offsets.c11
-rw-r--r--arch/alpha/kernel/entry.S10
-rw-r--r--arch/ia64/ia32/sys_ia32.c7
-rw-r--r--arch/ia64/kernel/mca_drv.c2
-rw-r--r--arch/ia64/kernel/perfmon.c43
-rw-r--r--arch/ia64/kernel/signal.c4
-rw-r--r--arch/mips/kernel/kspd.c4
-rw-r--r--arch/mips/kernel/mips-mt-fpaff.c5
-rw-r--r--arch/mips/kernel/vpe.c4
-rw-r--r--arch/parisc/kernel/signal.c2
-rw-r--r--arch/powerpc/mm/fault.c2
-rw-r--r--arch/powerpc/platforms/cell/spufs/inode.c8
-rw-r--r--arch/s390/hypfs/inode.c4
-rw-r--r--arch/s390/kernel/compat_linux.c28
-rw-r--r--arch/um/drivers/mconsole_kern.c3
-rw-r--r--arch/x86/ia32/ia32_aout.c2
-rw-r--r--arch/x86/mm/fault.c2
-rw-r--r--drivers/block/loop.c6
-rw-r--r--drivers/char/tty_audit.c6
-rw-r--r--drivers/connector/cn_proc.c16
-rw-r--r--drivers/isdn/capi/capifs.c4
-rw-r--r--drivers/isdn/hysdn/hysdn_procconf.c6
-rw-r--r--drivers/net/tun.c8
-rw-r--r--drivers/usb/core/devio.c10
-rw-r--r--drivers/usb/core/inode.c4
-rw-r--r--fs/9p/fid.c2
-rw-r--r--fs/9p/vfs_inode.c4
-rw-r--r--fs/9p/vfs_super.c4
-rw-r--r--fs/affs/inode.c4
-rw-r--r--fs/affs/super.c4
-rw-r--r--fs/anon_inodes.c4
-rw-r--r--fs/attr.c4
-rw-r--r--fs/autofs/inode.c4
-rw-r--r--fs/autofs4/dev-ioctl.c3
-rw-r--r--fs/autofs4/inode.c4
-rw-r--r--fs/autofs4/waitq.c4
-rw-r--r--fs/bfs/dir.c4
-rw-r--r--fs/binfmt_aout.c2
-rw-r--r--fs/binfmt_elf.c20
-rw-r--r--fs/binfmt_elf_fdpic.c19
-rw-r--r--fs/binfmt_flat.c2
-rw-r--r--fs/binfmt_som.c2
-rw-r--r--fs/cifs/cifs_fs_sb.h2
-rw-r--r--fs/cifs/cifsproto.h2
-rw-r--r--fs/cifs/connect.c4
-rw-r--r--fs/cifs/dir.c12
-rw-r--r--fs/cifs/inode.c8
-rw-r--r--fs/cifs/ioctl.c2
-rw-r--r--fs/cifs/misc.c4
-rw-r--r--fs/coda/cache.c6
-rw-r--r--fs/coda/file.c2
-rw-r--r--fs/coda/upcall.c2
-rw-r--r--fs/compat.c42
-rw-r--r--fs/devpts/inode.c4
-rw-r--r--fs/dquot.c4
-rw-r--r--fs/ecryptfs/ecryptfs_kernel.h3
-rw-r--r--fs/ecryptfs/kthread.c9
-rw-r--r--fs/ecryptfs/main.c3
-rw-r--r--fs/ecryptfs/messaging.c18
-rw-r--r--fs/ecryptfs/miscdev.c20
-rw-r--r--fs/exec.c183
-rw-r--r--fs/exportfs/expfs.c4
-rw-r--r--fs/ext2/balloc.c2
-rw-r--r--fs/ext2/ialloc.c4
-rw-r--r--fs/ext3/balloc.c2
-rw-r--r--fs/ext3/ialloc.c4
-rw-r--r--fs/ext4/balloc.c2
-rw-r--r--fs/ext4/ialloc.c4
-rw-r--r--fs/fat/file.c2
-rw-r--r--fs/fat/inode.c4
-rw-r--r--fs/fcntl.c18
-rw-r--r--fs/file_table.c10
-rw-r--r--fs/fuse/dev.c4
-rw-r--r--fs/fuse/dir.c23
-rw-r--r--fs/gfs2/inode.c10
-rw-r--r--fs/hfs/inode.c4
-rw-r--r--fs/hfs/super.c4
-rw-r--r--fs/hfsplus/inode.c4
-rw-r--r--fs/hfsplus/options.c4
-rw-r--r--fs/hpfs/namei.c24
-rw-r--r--fs/hpfs/super.c4
-rw-r--r--fs/hppfs/hppfs.c6
-rw-r--r--fs/hugetlbfs/inode.c21
-rw-r--r--fs/inotify_user.c2
-rw-r--r--fs/internal.h6
-rw-r--r--fs/ioprio.c18
-rw-r--r--fs/jfs/jfs_inode.c4
-rw-r--r--fs/locks.c2
-rw-r--r--fs/minix/bitmap.c4
-rw-r--r--fs/namei.c10
-rw-r--r--fs/namespace.c2
-rw-r--r--fs/ncpfs/ioctl.c91
-rw-r--r--fs/nfsctl.c3
-rw-r--r--fs/nfsd/auth.c95
-rw-r--r--fs/nfsd/nfs4recover.c71
-rw-r--r--fs/nfsd/nfsfh.c11
-rw-r--r--fs/nfsd/vfs.c9
-rw-r--r--fs/ocfs2/dlm/dlmfs.c8
-rw-r--r--fs/ocfs2/namei.c4
-rw-r--r--fs/omfs/inode.c8
-rw-r--r--fs/open.c59
-rw-r--r--fs/pipe.c4
-rw-r--r--fs/posix_acl.c4
-rw-r--r--fs/proc/array.c32
-rw-r--r--fs/proc/base.c32
-rw-r--r--fs/quota.c4
-rw-r--r--fs/ramfs/inode.c4
-rw-r--r--fs/reiserfs/namei.c4
-rw-r--r--fs/smbfs/dir.c3
-rw-r--r--fs/smbfs/inode.c2
-rw-r--r--fs/smbfs/proc.c2
-rw-r--r--fs/sysv/ialloc.c4
-rw-r--r--fs/ubifs/budget.c2
-rw-r--r--fs/ubifs/dir.c4
-rw-r--r--fs/udf/ialloc.c4
-rw-r--r--fs/udf/namei.c2
-rw-r--r--fs/ufs/ialloc.c4
-rw-r--r--fs/xfs/linux-2.6/xfs_cred.h6
-rw-r--r--fs/xfs/linux-2.6/xfs_globals.h2
-rw-r--r--fs/xfs/linux-2.6/xfs_ioctl.c5
-rw-r--r--fs/xfs/xfs_acl.c6
-rw-r--r--fs/xfs/xfs_inode.h2
-rw-r--r--fs/xfs/xfs_vnodeops.h10
-rw-r--r--include/keys/keyring-type.h31
-rw-r--r--include/linux/audit.h26
-rw-r--r--include/linux/binfmts.h16
-rw-r--r--include/linux/capability.h25
-rw-r--r--include/linux/cred.h340
-rw-r--r--include/linux/fs.h8
-rw-r--r--include/linux/init_task.h13
-rw-r--r--include/linux/key-ui.h66
-rw-r--r--include/linux/key.h32
-rw-r--r--include/linux/keyctl.h4
-rw-r--r--include/linux/sched.h64
-rw-r--r--include/linux/securebits.h2
-rw-r--r--include/linux/security.h338
-rw-r--r--include/net/scm.h4
-rw-r--r--init/main.c1
-rw-r--r--ipc/mqueue.c19
-rw-r--r--ipc/shm.c9
-rw-r--r--ipc/util.c18
-rw-r--r--kernel/Makefile2
-rw-r--r--kernel/acct.c7
-rw-r--r--kernel/auditsc.c255
-rw-r--r--kernel/capability.c288
-rw-r--r--kernel/cgroup.c17
-rw-r--r--kernel/cred-internals.h21
-rw-r--r--kernel/cred.c577
-rw-r--r--kernel/exit.c23
-rw-r--r--kernel/fork.c44
-rw-r--r--kernel/futex.c20
-rw-r--r--kernel/futex_compat.c7
-rw-r--r--kernel/kmod.c30
-rw-r--r--kernel/ptrace.c29
-rw-r--r--kernel/sched.c26
-rw-r--r--kernel/signal.c60
-rw-r--r--kernel/sys.c584
-rw-r--r--kernel/sysctl.c2
-rw-r--r--kernel/timer.c8
-rw-r--r--kernel/trace/trace.c2
-rw-r--r--kernel/tsacct.c6
-rw-r--r--kernel/uid16.c31
-rw-r--r--kernel/user.c37
-rw-r--r--kernel/user_namespace.c14
-rw-r--r--kernel/workqueue.c8
-rw-r--r--lib/Makefile2
-rw-r--r--lib/is_single_threaded.c45
-rw-r--r--mm/mempolicy.c9
-rw-r--r--mm/migrate.c9
-rw-r--r--mm/oom_kill.c12
-rw-r--r--mm/shmem.c8
-rw-r--r--net/9p/client.c2
-rw-r--r--net/ax25/af_ax25.c2
-rw-r--r--net/ax25/ax25_route.c2
-rw-r--r--net/core/dev.c8
-rw-r--r--net/core/scm.c10
-rw-r--r--net/ipv4/netfilter/ipt_LOG.c4
-rw-r--r--net/ipv6/ip6_flowlabel.c2
-rw-r--r--net/ipv6/netfilter/ip6t_LOG.c4
-rw-r--r--net/netfilter/nfnetlink_log.c5
-rw-r--r--net/netfilter/xt_owner.c16
-rw-r--r--net/netrom/af_netrom.c4
-rw-r--r--net/rose/af_rose.c4
-rw-r--r--net/rxrpc/ar-key.c6
-rw-r--r--net/sched/cls_flow.c4
-rw-r--r--net/socket.c4
-rw-r--r--net/sunrpc/auth.c14
-rw-r--r--net/unix/af_unix.c11
-rw-r--r--security/capability.c56
-rw-r--r--security/commoncap.c830
-rw-r--r--security/keys/internal.h49
-rw-r--r--security/keys/key.c25
-rw-r--r--security/keys/keyctl.c210
-rw-r--r--security/keys/keyring.c15
-rw-r--r--security/keys/permission.c29
-rw-r--r--security/keys/proc.c8
-rw-r--r--security/keys/process_keys.c469
-rw-r--r--security/keys/request_key.c135
-rw-r--r--security/keys/request_key_auth.c46
-rw-r--r--security/root_plug.c13
-rw-r--r--security/security.c99
-rw-r--r--security/selinux/exports.c8
-rw-r--r--security/selinux/hooks.c1246
-rw-r--r--security/selinux/include/av_perm_to_string.h2
-rw-r--r--security/selinux/include/av_permissions.h2
-rw-r--r--security/selinux/include/class_to_string.h5
-rw-r--r--security/selinux/include/flask.h1
-rw-r--r--security/selinux/include/objsec.h11
-rw-r--r--security/selinux/nlmsgtab.c3
-rw-r--r--security/selinux/selinuxfs.c13
-rw-r--r--security/selinux/xfrm.c6
-rw-r--r--security/smack/smack_access.c4
-rw-r--r--security/smack/smack_lsm.c173
-rw-r--r--security/smack/smackfs.c6
216 files changed, 5492 insertions, 3193 deletions
diff --git a/Documentation/credentials.txt b/Documentation/credentials.txt
new file mode 100644
index 000000000000..df03169782ea
--- /dev/null
+++ b/Documentation/credentials.txt
@@ -0,0 +1,582 @@
1 ====================
2 CREDENTIALS IN LINUX
3 ====================
4
5By: David Howells <dhowells@redhat.com>
6
7Contents:
8
9 (*) Overview.
10
11 (*) Types of credentials.
12
13 (*) File markings.
14
15 (*) Task credentials.
16
17 - Immutable credentials.
18 - Accessing task credentials.
19 - Accessing another task's credentials.
20 - Altering credentials.
21 - Managing credentials.
22
23 (*) Open file credentials.
24
25 (*) Overriding the VFS's use of credentials.
26
27
28========
29OVERVIEW
30========
31
32There are several parts to the security check performed by Linux when one
33object acts upon another:
34
35 (1) Objects.
36
37 Objects are things in the system that may be acted upon directly by
38 userspace programs. Linux has a variety of actionable objects, including:
39
40 - Tasks
41 - Files/inodes
42 - Sockets
43 - Message queues
44 - Shared memory segments
45 - Semaphores
46 - Keys
47
48 As a part of the description of all these objects there is a set of
49 credentials. What's in the set depends on the type of object.
50
51 (2) Object ownership.
52
53 Amongst the credentials of most objects, there will be a subset that
54 indicates the ownership of that object. This is used for resource
55 accounting and limitation (disk quotas and task rlimits for example).
56
57 In a standard UNIX filesystem, for instance, this will be defined by the
58 UID marked on the inode.
59
60 (3) The objective context.
61
62 Also amongst the credentials of those objects, there will be a subset that
63 indicates the 'objective context' of that object. This may or may not be
64 the same set as in (2) - in standard UNIX files, for instance, this is the
65 defined by the UID and the GID marked on the inode.
66
67 The objective context is used as part of the security calculation that is
68 carried out when an object is acted upon.
69
70 (4) Subjects.
71
72 A subject is an object that is acting upon another object.
73
74 Most of the objects in the system are inactive: they don't act on other
75 objects within the system. Processes/tasks are the obvious exception:
76 they do stuff; they access and manipulate things.
77
78 Objects other than tasks may under some circumstances also be subjects.
79 For instance an open file may send SIGIO to a task using the UID and EUID
80 given to it by a task that called fcntl(F_SETOWN) upon it. In this case,
81 the file struct will have a subjective context too.
82
83 (5) The subjective context.
84
85 A subject has an additional interpretation of its credentials. A subset
86 of its credentials forms the 'subjective context'. The subjective context
87 is used as part of the security calculation that is carried out when a
88 subject acts.
89
90 A Linux task, for example, has the FSUID, FSGID and the supplementary
91 group list for when it is acting upon a file - which are quite separate
92 from the real UID and GID that normally form the objective context of the
93 task.
94
95 (6) Actions.
96
97 Linux has a number of actions available that a subject may perform upon an
98 object. The set of actions available depends on the nature of the subject
99 and the object.
100
101 Actions include reading, writing, creating and deleting files; forking or
102 signalling and tracing tasks.
103
104 (7) Rules, access control lists and security calculations.
105
106 When a subject acts upon an object, a security calculation is made. This
107 involves taking the subjective context, the objective context and the
108 action, and searching one or more sets of rules to see whether the subject
109 is granted or denied permission to act in the desired manner on the
110 object, given those contexts.
111
112 There are two main sources of rules:
113
114 (a) Discretionary access control (DAC):
115
116 Sometimes the object will include sets of rules as part of its
117 description. This is an 'Access Control List' or 'ACL'. A Linux
118 file may supply more than one ACL.
119
120 A traditional UNIX file, for example, includes a permissions mask that
121 is an abbreviated ACL with three fixed classes of subject ('user',
122 'group' and 'other'), each of which may be granted certain privileges
123 ('read', 'write' and 'execute' - whatever those map to for the object
124 in question). UNIX file permissions do not allow the arbitrary
125 specification of subjects, however, and so are of limited use.
126
127 A Linux file might also sport a POSIX ACL. This is a list of rules
128 that grants various permissions to arbitrary subjects.
129
130 (b) Mandatory access control (MAC):
131
132 The system as a whole may have one or more sets of rules that get
133 applied to all subjects and objects, regardless of their source.
134 SELinux and Smack are examples of this.
135
136 In the case of SELinux and Smack, each object is given a label as part
137 of its credentials. When an action is requested, they take the
138 subject label, the object label and the action and look for a rule
139 that says that this action is either granted or denied.
140
141
142====================
143TYPES OF CREDENTIALS
144====================
145
146The Linux kernel supports the following types of credentials:
147
148 (1) Traditional UNIX credentials.
149
150 Real User ID
151 Real Group ID
152
153 The UID and GID are carried by most, if not all, Linux objects, even if in
154 some cases it has to be invented (FAT or CIFS files for example, which are
155 derived from Windows). These (mostly) define the objective context of
156 that object, with tasks being slightly different in some cases.
157
158 Effective, Saved and FS User ID
159 Effective, Saved and FS Group ID
160 Supplementary groups
161
162 These are additional credentials used by tasks only. Usually, an
163 EUID/EGID/GROUPS will be used as the subjective context, and real UID/GID
164 will be used as the objective. For tasks, it should be noted that this is
165 not always true.
166
167 (2) Capabilities.
168
169 Set of permitted capabilities
170 Set of inheritable capabilities
171 Set of effective capabilities
172 Capability bounding set
173
174 These are only carried by tasks. They indicate superior capabilities
175 granted piecemeal to a task that an ordinary task wouldn't otherwise have.
176 These are manipulated implicitly by changes to the traditional UNIX
177 credentials, but can also be manipulated directly by the capset() system
178 call.
179
180 The permitted capabilities are those caps that the process might grant
181 itself to its effective or permitted sets through capset(). This
182 inheritable set might also be so constrained.
183
184 The effective capabilities are the ones that a task is actually allowed to
185 make use of itself.
186
187 The inheritable capabilities are the ones that may get passed across
188 execve().
189
190 The bounding set limits the capabilities that may be inherited across
191 execve(), especially when a binary is executed that will execute as UID 0.
192
193 (3) Secure management flags (securebits).
194
195 These are only carried by tasks. These govern the way the above
196 credentials are manipulated and inherited over certain operations such as
197 execve(). They aren't used directly as objective or subjective
198 credentials.
199
200 (4) Keys and keyrings.
201
202 These are only carried by tasks. They carry and cache security tokens
203 that don't fit into the other standard UNIX credentials. They are for
204 making such things as network filesystem keys available to the file
205 accesses performed by processes, without the necessity of ordinary
206 programs having to know about security details involved.
207
208 Keyrings are a special type of key. They carry sets of other keys and can
209 be searched for the desired key. Each process may subscribe to a number
210 of keyrings:
211
212 Per-thread keying
213 Per-process keyring
214 Per-session keyring
215
216 When a process accesses a key, if not already present, it will normally be
217 cached on one of these keyrings for future accesses to find.
218
219 For more information on using keys, see Documentation/keys.txt.
220
221 (5) LSM
222
223 The Linux Security Module allows extra controls to be placed over the
224 operations that a task may do. Currently Linux supports two main
225 alternate LSM options: SELinux and Smack.
226
227 Both work by labelling the objects in a system and then applying sets of
228 rules (policies) that say what operations a task with one label may do to
229 an object with another label.
230
231 (6) AF_KEY
232
233 This is a socket-based approach to credential management for networking
234 stacks [RFC 2367]. It isn't discussed by this document as it doesn't
235 interact directly with task and file credentials; rather it keeps system
236 level credentials.
237
238
239When a file is opened, part of the opening task's subjective context is
240recorded in the file struct created. This allows operations using that file
241struct to use those credentials instead of the subjective context of the task
242that issued the operation. An example of this would be a file opened on a
243network filesystem where the credentials of the opened file should be presented
244to the server, regardless of who is actually doing a read or a write upon it.
245
246
247=============
248FILE MARKINGS
249=============
250
251Files on disk or obtained over the network may have annotations that form the
252objective security context of that file. Depending on the type of filesystem,
253this may include one or more of the following:
254
255 (*) UNIX UID, GID, mode;
256
257 (*) Windows user ID;
258
259 (*) Access control list;
260
261 (*) LSM security label;
262
263 (*) UNIX exec privilege escalation bits (SUID/SGID);
264
265 (*) File capabilities exec privilege escalation bits.
266
267These are compared to the task's subjective security context, and certain
268operations allowed or disallowed as a result. In the case of execve(), the
269privilege escalation bits come into play, and may allow the resulting process
270extra privileges, based on the annotations on the executable file.
271
272
273================
274TASK CREDENTIALS
275================
276
277In Linux, all of a task's credentials are held in (uid, gid) or through
278(groups, keys, LSM security) a refcounted structure of type 'struct cred'.
279Each task points to its credentials by a pointer called 'cred' in its
280task_struct.
281
282Once a set of credentials has been prepared and committed, it may not be
283changed, barring the following exceptions:
284
285 (1) its reference count may be changed;
286
287 (2) the reference count on the group_info struct it points to may be changed;
288
289 (3) the reference count on the security data it points to may be changed;
290
291 (4) the reference count on any keyrings it points to may be changed;
292
293 (5) any keyrings it points to may be revoked, expired or have their security
294 attributes changed; and
295
296 (6) the contents of any keyrings to which it points may be changed (the whole
297 point of keyrings being a shared set of credentials, modifiable by anyone
298 with appropriate access).
299
300To alter anything in the cred struct, the copy-and-replace principle must be
301adhered to. First take a copy, then alter the copy and then use RCU to change
302the task pointer to make it point to the new copy. There are wrappers to aid
303with this (see below).
304
305A task may only alter its _own_ credentials; it is no longer permitted for a
306task to alter another's credentials. This means the capset() system call is no
307longer permitted to take any PID other than the one of the current process.
308Also keyctl_instantiate() and keyctl_negate() functions no longer permit
309attachment to process-specific keyrings in the requesting process as the
310instantiating process may need to create them.
311
312
313IMMUTABLE CREDENTIALS
314---------------------
315
316Once a set of credentials has been made public (by calling commit_creds() for
317example), it must be considered immutable, barring two exceptions:
318
319 (1) The reference count may be altered.
320
321 (2) Whilst the keyring subscriptions of a set of credentials may not be
322 changed, the keyrings subscribed to may have their contents altered.
323
324To catch accidental credential alteration at compile time, struct task_struct
325has _const_ pointers to its credential sets, as does struct file. Furthermore,
326certain functions such as get_cred() and put_cred() operate on const pointers,
327thus rendering casts unnecessary, but require to temporarily ditch the const
328qualification to be able to alter the reference count.
329
330
331ACCESSING TASK CREDENTIALS
332--------------------------
333
334A task being able to alter only its own credentials permits the current process
335to read or replace its own credentials without the need for any form of locking
336- which simplifies things greatly. It can just call:
337
338 const struct cred *current_cred()
339
340to get a pointer to its credentials structure, and it doesn't have to release
341it afterwards.
342
343There are convenience wrappers for retrieving specific aspects of a task's
344credentials (the value is simply returned in each case):
345
346 uid_t current_uid(void) Current's real UID
347 gid_t current_gid(void) Current's real GID
348 uid_t current_euid(void) Current's effective UID
349 gid_t current_egid(void) Current's effective GID
350 uid_t current_fsuid(void) Current's file access UID
351 gid_t current_fsgid(void) Current's file access GID
352 kernel_cap_t current_cap(void) Current's effective capabilities
353 void *current_security(void) Current's LSM security pointer
354 struct user_struct *current_user(void) Current's user account
355
356There are also convenience wrappers for retrieving specific associated pairs of
357a task's credentials:
358
359 void current_uid_gid(uid_t *, gid_t *);
360 void current_euid_egid(uid_t *, gid_t *);
361 void current_fsuid_fsgid(uid_t *, gid_t *);
362
363which return these pairs of values through their arguments after retrieving
364them from the current task's credentials.
365
366
367In addition, there is a function for obtaining a reference on the current
368process's current set of credentials:
369
370 const struct cred *get_current_cred(void);
371
372and functions for getting references to one of the credentials that don't
373actually live in struct cred:
374
375 struct user_struct *get_current_user(void);
376 struct group_info *get_current_groups(void);
377
378which get references to the current process's user accounting structure and
379supplementary groups list respectively.
380
381Once a reference has been obtained, it must be released with put_cred(),
382free_uid() or put_group_info() as appropriate.
383
384
385ACCESSING ANOTHER TASK'S CREDENTIALS
386------------------------------------
387
388Whilst a task may access its own credentials without the need for locking, the
389same is not true of a task wanting to access another task's credentials. It
390must use the RCU read lock and rcu_dereference().
391
392The rcu_dereference() is wrapped by:
393
394 const struct cred *__task_cred(struct task_struct *task);
395
396This should be used inside the RCU read lock, as in the following example:
397
398 void foo(struct task_struct *t, struct foo_data *f)
399 {
400 const struct cred *tcred;
401 ...
402 rcu_read_lock();
403 tcred = __task_cred(t);
404 f->uid = tcred->uid;
405 f->gid = tcred->gid;
406 f->groups = get_group_info(tcred->groups);
407 rcu_read_unlock();
408 ...
409 }
410
411A function need not get RCU read lock to use __task_cred() if it is holding a
412spinlock at the time as this implicitly holds the RCU read lock.
413
414Should it be necessary to hold another task's credentials for a long period of
415time, and possibly to sleep whilst doing so, then the caller should get a
416reference on them using:
417
418 const struct cred *get_task_cred(struct task_struct *task);
419
420This does all the RCU magic inside of it. The caller must call put_cred() on
421the credentials so obtained when they're finished with.
422
423There are a couple of convenience functions to access bits of another task's
424credentials, hiding the RCU magic from the caller:
425
426 uid_t task_uid(task) Task's real UID
427 uid_t task_euid(task) Task's effective UID
428
429If the caller is holding a spinlock or the RCU read lock at the time anyway,
430then:
431
432 __task_cred(task)->uid
433 __task_cred(task)->euid
434
435should be used instead. Similarly, if multiple aspects of a task's credentials
436need to be accessed, RCU read lock or a spinlock should be used, __task_cred()
437called, the result stored in a temporary pointer and then the credential
438aspects called from that before dropping the lock. This prevents the
439potentially expensive RCU magic from being invoked multiple times.
440
441Should some other single aspect of another task's credentials need to be
442accessed, then this can be used:
443
444 task_cred_xxx(task, member)
445
446where 'member' is a non-pointer member of the cred struct. For instance:
447
448 uid_t task_cred_xxx(task, suid);
449
450will retrieve 'struct cred::suid' from the task, doing the appropriate RCU
451magic. This may not be used for pointer members as what they point to may
452disappear the moment the RCU read lock is dropped.
453
454
455ALTERING CREDENTIALS
456--------------------
457
458As previously mentioned, a task may only alter its own credentials, and may not
459alter those of another task. This means that it doesn't need to use any
460locking to alter its own credentials.
461
462To alter the current process's credentials, a function should first prepare a
463new set of credentials by calling:
464
465 struct cred *prepare_creds(void);
466
467this locks current->cred_replace_mutex and then allocates and constructs a
468duplicate of the current process's credentials, returning with the mutex still
469held if successful. It returns NULL if not successful (out of memory).
470
471The mutex prevents ptrace() from altering the ptrace state of a process whilst
472security checks on credentials construction and changing is taking place as
473the ptrace state may alter the outcome, particularly in the case of execve().
474
475The new credentials set should be altered appropriately, and any security
476checks and hooks done. Both the current and the proposed sets of credentials
477are available for this purpose as current_cred() will return the current set
478still at this point.
479
480
481When the credential set is ready, it should be committed to the current process
482by calling:
483
484 int commit_creds(struct cred *new);
485
486This will alter various aspects of the credentials and the process, giving the
487LSM a chance to do likewise, then it will use rcu_assign_pointer() to actually
488commit the new credentials to current->cred, it will release
489current->cred_replace_mutex to allow ptrace() to take place, and it will notify
490the scheduler and others of the changes.
491
492This function is guaranteed to return 0, so that it can be tail-called at the
493end of such functions as sys_setresuid().
494
495Note that this function consumes the caller's reference to the new credentials.
496The caller should _not_ call put_cred() on the new credentials afterwards.
497
498Furthermore, once this function has been called on a new set of credentials,
499those credentials may _not_ be changed further.
500
501
502Should the security checks fail or some other error occur after prepare_creds()
503has been called, then the following function should be invoked:
504
505 void abort_creds(struct cred *new);
506
507This releases the lock on current->cred_replace_mutex that prepare_creds() got
508and then releases the new credentials.
509
510
511A typical credentials alteration function would look something like this:
512
513 int alter_suid(uid_t suid)
514 {
515 struct cred *new;
516 int ret;
517
518 new = prepare_creds();
519 if (!new)
520 return -ENOMEM;
521
522 new->suid = suid;
523 ret = security_alter_suid(new);
524 if (ret < 0) {
525 abort_creds(new);
526 return ret;
527 }
528
529 return commit_creds(new);
530 }
531
532
533MANAGING CREDENTIALS
534--------------------
535
536There are some functions to help manage credentials:
537
538 (*) void put_cred(const struct cred *cred);
539
540 This releases a reference to the given set of credentials. If the
541 reference count reaches zero, the credentials will be scheduled for
542 destruction by the RCU system.
543
544 (*) const struct cred *get_cred(const struct cred *cred);
545
546 This gets a reference on a live set of credentials, returning a pointer to
547 that set of credentials.
548
549 (*) struct cred *get_new_cred(struct cred *cred);
550
551 This gets a reference on a set of credentials that is under construction
552 and is thus still mutable, returning a pointer to that set of credentials.
553
554
555=====================
556OPEN FILE CREDENTIALS
557=====================
558
559When a new file is opened, a reference is obtained on the opening task's
560credentials and this is attached to the file struct as 'f_cred' in place of
561'f_uid' and 'f_gid'. Code that used to access file->f_uid and file->f_gid
562should now access file->f_cred->fsuid and file->f_cred->fsgid.
563
564It is safe to access f_cred without the use of RCU or locking because the
565pointer will not change over the lifetime of the file struct, and nor will the
566contents of the cred struct pointed to, barring the exceptions listed above
567(see the Task Credentials section).
568
569
570=======================================
571OVERRIDING THE VFS'S USE OF CREDENTIALS
572=======================================
573
574Under some circumstances it is desirable to override the credentials used by
575the VFS, and that can be done by calling into such as vfs_mkdir() with a
576different set of credentials. This is done in the following places:
577
578 (*) sys_faccessat().
579
580 (*) do_coredump().
581
582 (*) nfs4recover.c.
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index 9fa6508892c2..4974fbe546bc 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -1444,6 +1444,10 @@ and is between 256 and 4096 characters. It is defined in the file
1444 instruction doesn't work correctly and not to 1444 instruction doesn't work correctly and not to
1445 use it. 1445 use it.
1446 1446
1447 no_file_caps Tells the kernel not to honor file capabilities. The
1448 only way then for a file to be executed with privilege
1449 is to be setuid root or executed by root.
1450
1447 nohalt [IA-64] Tells the kernel not to use the power saving 1451 nohalt [IA-64] Tells the kernel not to use the power saving
1448 function PAL_HALT_LIGHT when idle. This increases 1452 function PAL_HALT_LIGHT when idle. This increases
1449 power-consumption. On the positive side, it reduces 1453 power-consumption. On the positive side, it reduces
diff --git a/arch/alpha/kernel/asm-offsets.c b/arch/alpha/kernel/asm-offsets.c
index 4b18cd94d59d..6ff8886e7e22 100644
--- a/arch/alpha/kernel/asm-offsets.c
+++ b/arch/alpha/kernel/asm-offsets.c
@@ -19,15 +19,18 @@ void foo(void)
19 BLANK(); 19 BLANK();
20 20
21 DEFINE(TASK_BLOCKED, offsetof(struct task_struct, blocked)); 21 DEFINE(TASK_BLOCKED, offsetof(struct task_struct, blocked));
22 DEFINE(TASK_UID, offsetof(struct task_struct, uid)); 22 DEFINE(TASK_CRED, offsetof(struct task_struct, cred));
23 DEFINE(TASK_EUID, offsetof(struct task_struct, euid));
24 DEFINE(TASK_GID, offsetof(struct task_struct, gid));
25 DEFINE(TASK_EGID, offsetof(struct task_struct, egid));
26 DEFINE(TASK_REAL_PARENT, offsetof(struct task_struct, real_parent)); 23 DEFINE(TASK_REAL_PARENT, offsetof(struct task_struct, real_parent));
27 DEFINE(TASK_GROUP_LEADER, offsetof(struct task_struct, group_leader)); 24 DEFINE(TASK_GROUP_LEADER, offsetof(struct task_struct, group_leader));
28 DEFINE(TASK_TGID, offsetof(struct task_struct, tgid)); 25 DEFINE(TASK_TGID, offsetof(struct task_struct, tgid));
29 BLANK(); 26 BLANK();
30 27
28 DEFINE(CRED_UID, offsetof(struct cred, uid));
29 DEFINE(CRED_EUID, offsetof(struct cred, euid));
30 DEFINE(CRED_GID, offsetof(struct cred, gid));
31 DEFINE(CRED_EGID, offsetof(struct cred, egid));
32 BLANK();
33
31 DEFINE(SIZEOF_PT_REGS, sizeof(struct pt_regs)); 34 DEFINE(SIZEOF_PT_REGS, sizeof(struct pt_regs));
32 DEFINE(PT_PTRACED, PT_PTRACED); 35 DEFINE(PT_PTRACED, PT_PTRACED);
33 DEFINE(CLONE_VM, CLONE_VM); 36 DEFINE(CLONE_VM, CLONE_VM);
diff --git a/arch/alpha/kernel/entry.S b/arch/alpha/kernel/entry.S
index 5fc61e281ac7..f77345bc66a9 100644
--- a/arch/alpha/kernel/entry.S
+++ b/arch/alpha/kernel/entry.S
@@ -850,8 +850,9 @@ osf_getpriority:
850sys_getxuid: 850sys_getxuid:
851 .prologue 0 851 .prologue 0
852 ldq $2, TI_TASK($8) 852 ldq $2, TI_TASK($8)
853 ldl $0, TASK_UID($2) 853 ldq $3, TASK_CRED($2)
854 ldl $1, TASK_EUID($2) 854 ldl $0, CRED_UID($3)
855 ldl $1, CRED_EUID($3)
855 stq $1, 80($sp) 856 stq $1, 80($sp)
856 ret 857 ret
857.end sys_getxuid 858.end sys_getxuid
@@ -862,8 +863,9 @@ sys_getxuid:
862sys_getxgid: 863sys_getxgid:
863 .prologue 0 864 .prologue 0
864 ldq $2, TI_TASK($8) 865 ldq $2, TI_TASK($8)
865 ldl $0, TASK_GID($2) 866 ldq $3, TASK_CRED($2)
866 ldl $1, TASK_EGID($2) 867 ldl $0, CRED_GID($3)
868 ldl $1, CRED_EGID($3)
867 stq $1, 80($sp) 869 stq $1, 80($sp)
868 ret 870 ret
869.end sys_getxgid 871.end sys_getxgid
diff --git a/arch/ia64/ia32/sys_ia32.c b/arch/ia64/ia32/sys_ia32.c
index 5e92ae00bdbb..16ef61a91d95 100644
--- a/arch/ia64/ia32/sys_ia32.c
+++ b/arch/ia64/ia32/sys_ia32.c
@@ -1767,25 +1767,24 @@ groups16_from_user(struct group_info *group_info, short __user *grouplist)
1767asmlinkage long 1767asmlinkage long
1768sys32_getgroups16 (int gidsetsize, short __user *grouplist) 1768sys32_getgroups16 (int gidsetsize, short __user *grouplist)
1769{ 1769{
1770 const struct cred *cred = current_cred();
1770 int i; 1771 int i;
1771 1772
1772 if (gidsetsize < 0) 1773 if (gidsetsize < 0)
1773 return -EINVAL; 1774 return -EINVAL;
1774 1775
1775 get_group_info(current->group_info); 1776 i = cred->group_info->ngroups;
1776 i = current->group_info->ngroups;
1777 if (gidsetsize) { 1777 if (gidsetsize) {
1778 if (i > gidsetsize) { 1778 if (i > gidsetsize) {
1779 i = -EINVAL; 1779 i = -EINVAL;
1780 goto out; 1780 goto out;
1781 } 1781 }
1782 if (groups16_to_user(grouplist, current->group_info)) { 1782 if (groups16_to_user(grouplist, cred->group_info)) {
1783 i = -EFAULT; 1783 i = -EFAULT;
1784 goto out; 1784 goto out;
1785 } 1785 }
1786 } 1786 }
1787out: 1787out:
1788 put_group_info(current->group_info);
1789 return i; 1788 return i;
1790} 1789}
1791 1790
diff --git a/arch/ia64/kernel/mca_drv.c b/arch/ia64/kernel/mca_drv.c
index fab1d21a4f2c..f94aaa86933f 100644
--- a/arch/ia64/kernel/mca_drv.c
+++ b/arch/ia64/kernel/mca_drv.c
@@ -158,7 +158,7 @@ mca_handler_bh(unsigned long paddr, void *iip, unsigned long ipsr)
158 ia64_mlogbuf_dump(); 158 ia64_mlogbuf_dump();
159 printk(KERN_ERR "OS_MCA: process [cpu %d, pid: %d, uid: %d, " 159 printk(KERN_ERR "OS_MCA: process [cpu %d, pid: %d, uid: %d, "
160 "iip: %p, psr: 0x%lx,paddr: 0x%lx](%s) encounters MCA.\n", 160 "iip: %p, psr: 0x%lx,paddr: 0x%lx](%s) encounters MCA.\n",
161 raw_smp_processor_id(), current->pid, current->uid, 161 raw_smp_processor_id(), current->pid, current_uid(),
162 iip, ipsr, paddr, current->comm); 162 iip, ipsr, paddr, current->comm);
163 163
164 spin_lock(&mca_bh_lock); 164 spin_lock(&mca_bh_lock);
diff --git a/arch/ia64/kernel/perfmon.c b/arch/ia64/kernel/perfmon.c
index 6543a5547c84..0e499757309b 100644
--- a/arch/ia64/kernel/perfmon.c
+++ b/arch/ia64/kernel/perfmon.c
@@ -2220,8 +2220,8 @@ pfm_alloc_file(pfm_context_t *ctx)
2220 DPRINT(("new inode ino=%ld @%p\n", inode->i_ino, inode)); 2220 DPRINT(("new inode ino=%ld @%p\n", inode->i_ino, inode));
2221 2221
2222 inode->i_mode = S_IFCHR|S_IRUGO; 2222 inode->i_mode = S_IFCHR|S_IRUGO;
2223 inode->i_uid = current->fsuid; 2223 inode->i_uid = current_fsuid();
2224 inode->i_gid = current->fsgid; 2224 inode->i_gid = current_fsgid();
2225 2225
2226 sprintf(name, "[%lu]", inode->i_ino); 2226 sprintf(name, "[%lu]", inode->i_ino);
2227 this.name = name; 2227 this.name = name;
@@ -2399,22 +2399,33 @@ error_kmem:
2399static int 2399static int
2400pfm_bad_permissions(struct task_struct *task) 2400pfm_bad_permissions(struct task_struct *task)
2401{ 2401{
2402 const struct cred *tcred;
2403 uid_t uid = current_uid();
2404 gid_t gid = current_gid();
2405 int ret;
2406
2407 rcu_read_lock();
2408 tcred = __task_cred(task);
2409
2402 /* inspired by ptrace_attach() */ 2410 /* inspired by ptrace_attach() */
2403 DPRINT(("cur: uid=%d gid=%d task: euid=%d suid=%d uid=%d egid=%d sgid=%d\n", 2411 DPRINT(("cur: uid=%d gid=%d task: euid=%d suid=%d uid=%d egid=%d sgid=%d\n",
2404 current->uid, 2412 uid,
2405 current->gid, 2413 gid,
2406 task->euid, 2414 tcred->euid,
2407 task->suid, 2415 tcred->suid,
2408 task->uid, 2416 tcred->uid,
2409 task->egid, 2417 tcred->egid,
2410 task->sgid)); 2418 tcred->sgid));
2411 2419
2412 return ((current->uid != task->euid) 2420 ret = ((uid != tcred->euid)
2413 || (current->uid != task->suid) 2421 || (uid != tcred->suid)
2414 || (current->uid != task->uid) 2422 || (uid != tcred->uid)
2415 || (current->gid != task->egid) 2423 || (gid != tcred->egid)
2416 || (current->gid != task->sgid) 2424 || (gid != tcred->sgid)
2417 || (current->gid != task->gid)) && !capable(CAP_SYS_PTRACE); 2425 || (gid != tcred->gid)) && !capable(CAP_SYS_PTRACE);
2426
2427 rcu_read_unlock();
2428 return ret;
2418} 2429}
2419 2430
2420static int 2431static int
diff --git a/arch/ia64/kernel/signal.c b/arch/ia64/kernel/signal.c
index e12500a9c443..e1821ca4c7df 100644
--- a/arch/ia64/kernel/signal.c
+++ b/arch/ia64/kernel/signal.c
@@ -229,7 +229,7 @@ ia64_rt_sigreturn (struct sigscratch *scr)
229 si.si_errno = 0; 229 si.si_errno = 0;
230 si.si_code = SI_KERNEL; 230 si.si_code = SI_KERNEL;
231 si.si_pid = task_pid_vnr(current); 231 si.si_pid = task_pid_vnr(current);
232 si.si_uid = current->uid; 232 si.si_uid = current_uid();
233 si.si_addr = sc; 233 si.si_addr = sc;
234 force_sig_info(SIGSEGV, &si, current); 234 force_sig_info(SIGSEGV, &si, current);
235 return retval; 235 return retval;
@@ -326,7 +326,7 @@ force_sigsegv_info (int sig, void __user *addr)
326 si.si_errno = 0; 326 si.si_errno = 0;
327 si.si_code = SI_KERNEL; 327 si.si_code = SI_KERNEL;
328 si.si_pid = task_pid_vnr(current); 328 si.si_pid = task_pid_vnr(current);
329 si.si_uid = current->uid; 329 si.si_uid = current_uid();
330 si.si_addr = addr; 330 si.si_addr = addr;
331 force_sig_info(SIGSEGV, &si, current); 331 force_sig_info(SIGSEGV, &si, current);
332 return 0; 332 return 0;
diff --git a/arch/mips/kernel/kspd.c b/arch/mips/kernel/kspd.c
index b0591ae0ce56..fd6e51224034 100644
--- a/arch/mips/kernel/kspd.c
+++ b/arch/mips/kernel/kspd.c
@@ -174,8 +174,8 @@ static unsigned int translate_open_flags(int flags)
174 174
175static void sp_setfsuidgid( uid_t uid, gid_t gid) 175static void sp_setfsuidgid( uid_t uid, gid_t gid)
176{ 176{
177 current->fsuid = uid; 177 current->cred->fsuid = uid;
178 current->fsgid = gid; 178 current->cred->fsgid = gid;
179 179
180 key_fsuid_changed(current); 180 key_fsuid_changed(current);
181 key_fsgid_changed(current); 181 key_fsgid_changed(current);
diff --git a/arch/mips/kernel/mips-mt-fpaff.c b/arch/mips/kernel/mips-mt-fpaff.c
index dc9eb72ed9de..5e77a3a21f98 100644
--- a/arch/mips/kernel/mips-mt-fpaff.c
+++ b/arch/mips/kernel/mips-mt-fpaff.c
@@ -51,6 +51,7 @@ asmlinkage long mipsmt_sys_sched_setaffinity(pid_t pid, unsigned int len,
51 int retval; 51 int retval;
52 struct task_struct *p; 52 struct task_struct *p;
53 struct thread_info *ti; 53 struct thread_info *ti;
54 uid_t euid;
54 55
55 if (len < sizeof(new_mask)) 56 if (len < sizeof(new_mask))
56 return -EINVAL; 57 return -EINVAL;
@@ -76,9 +77,9 @@ asmlinkage long mipsmt_sys_sched_setaffinity(pid_t pid, unsigned int len,
76 */ 77 */
77 get_task_struct(p); 78 get_task_struct(p);
78 79
80 euid = current_euid();
79 retval = -EPERM; 81 retval = -EPERM;
80 if ((current->euid != p->euid) && (current->euid != p->uid) && 82 if (euid != p->euid && euid != p->uid && !capable(CAP_SYS_NICE)) {
81 !capable(CAP_SYS_NICE)) {
82 read_unlock(&tasklist_lock); 83 read_unlock(&tasklist_lock);
83 goto out_unlock; 84 goto out_unlock;
84 } 85 }
diff --git a/arch/mips/kernel/vpe.c b/arch/mips/kernel/vpe.c
index 972b2d2b8401..09786e496375 100644
--- a/arch/mips/kernel/vpe.c
+++ b/arch/mips/kernel/vpe.c
@@ -1085,8 +1085,8 @@ static int vpe_open(struct inode *inode, struct file *filp)
1085 v->load_addr = NULL; 1085 v->load_addr = NULL;
1086 v->len = 0; 1086 v->len = 0;
1087 1087
1088 v->uid = filp->f_uid; 1088 v->uid = filp->f_cred->fsuid;
1089 v->gid = filp->f_gid; 1089 v->gid = filp->f_cred->fsgid;
1090 1090
1091#ifdef CONFIG_MIPS_APSP_KSPD 1091#ifdef CONFIG_MIPS_APSP_KSPD
1092 /* get kspd to tell us when a syscall_exit happens */ 1092 /* get kspd to tell us when a syscall_exit happens */
diff --git a/arch/parisc/kernel/signal.c b/arch/parisc/kernel/signal.c
index 06213d1d6d95..f82544225e8e 100644
--- a/arch/parisc/kernel/signal.c
+++ b/arch/parisc/kernel/signal.c
@@ -182,7 +182,7 @@ give_sigsegv:
182 si.si_errno = 0; 182 si.si_errno = 0;
183 si.si_code = SI_KERNEL; 183 si.si_code = SI_KERNEL;
184 si.si_pid = task_pid_vnr(current); 184 si.si_pid = task_pid_vnr(current);
185 si.si_uid = current->uid; 185 si.si_uid = current_uid();
186 si.si_addr = &frame->uc; 186 si.si_addr = &frame->uc;
187 force_sig_info(SIGSEGV, &si, current); 187 force_sig_info(SIGSEGV, &si, current);
188 return; 188 return;
diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c
index 565b7a237c84..866098686da8 100644
--- a/arch/powerpc/mm/fault.c
+++ b/arch/powerpc/mm/fault.c
@@ -339,7 +339,7 @@ bad_area_nosemaphore:
339 && printk_ratelimit()) 339 && printk_ratelimit())
340 printk(KERN_CRIT "kernel tried to execute NX-protected" 340 printk(KERN_CRIT "kernel tried to execute NX-protected"
341 " page (%lx) - exploit attempt? (uid: %d)\n", 341 " page (%lx) - exploit attempt? (uid: %d)\n",
342 address, current->uid); 342 address, current_uid());
343 343
344 return SIGSEGV; 344 return SIGSEGV;
345 345
diff --git a/arch/powerpc/platforms/cell/spufs/inode.c b/arch/powerpc/platforms/cell/spufs/inode.c
index cb85d237e492..6296bfd9cb0b 100644
--- a/arch/powerpc/platforms/cell/spufs/inode.c
+++ b/arch/powerpc/platforms/cell/spufs/inode.c
@@ -95,8 +95,8 @@ spufs_new_inode(struct super_block *sb, int mode)
95 goto out; 95 goto out;
96 96
97 inode->i_mode = mode; 97 inode->i_mode = mode;
98 inode->i_uid = current->fsuid; 98 inode->i_uid = current_fsuid();
99 inode->i_gid = current->fsgid; 99 inode->i_gid = current_fsgid();
100 inode->i_blocks = 0; 100 inode->i_blocks = 0;
101 inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; 101 inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME;
102out: 102out:
@@ -323,7 +323,7 @@ static int spufs_context_open(struct dentry *dentry, struct vfsmount *mnt)
323 goto out; 323 goto out;
324 } 324 }
325 325
326 filp = dentry_open(dentry, mnt, O_RDONLY); 326 filp = dentry_open(dentry, mnt, O_RDONLY, current_cred());
327 if (IS_ERR(filp)) { 327 if (IS_ERR(filp)) {
328 put_unused_fd(ret); 328 put_unused_fd(ret);
329 ret = PTR_ERR(filp); 329 ret = PTR_ERR(filp);
@@ -562,7 +562,7 @@ static int spufs_gang_open(struct dentry *dentry, struct vfsmount *mnt)
562 goto out; 562 goto out;
563 } 563 }
564 564
565 filp = dentry_open(dentry, mnt, O_RDONLY); 565 filp = dentry_open(dentry, mnt, O_RDONLY, current_cred());
566 if (IS_ERR(filp)) { 566 if (IS_ERR(filp)) {
567 put_unused_fd(ret); 567 put_unused_fd(ret);
568 ret = PTR_ERR(filp); 568 ret = PTR_ERR(filp);
diff --git a/arch/s390/hypfs/inode.c b/arch/s390/hypfs/inode.c
index 36313801cd5c..8aadcd7a7cf8 100644
--- a/arch/s390/hypfs/inode.c
+++ b/arch/s390/hypfs/inode.c
@@ -280,8 +280,8 @@ static int hypfs_fill_super(struct super_block *sb, void *data, int silent)
280 if (!sbi) 280 if (!sbi)
281 return -ENOMEM; 281 return -ENOMEM;
282 mutex_init(&sbi->lock); 282 mutex_init(&sbi->lock);
283 sbi->uid = current->uid; 283 sbi->uid = current_uid();
284 sbi->gid = current->gid; 284 sbi->gid = current_gid();
285 sb->s_fs_info = sbi; 285 sb->s_fs_info = sbi;
286 sb->s_blocksize = PAGE_CACHE_SIZE; 286 sb->s_blocksize = PAGE_CACHE_SIZE;
287 sb->s_blocksize_bits = PAGE_CACHE_SHIFT; 287 sb->s_blocksize_bits = PAGE_CACHE_SHIFT;
diff --git a/arch/s390/kernel/compat_linux.c b/arch/s390/kernel/compat_linux.c
index 4646382af34f..6cc87d8c8682 100644
--- a/arch/s390/kernel/compat_linux.c
+++ b/arch/s390/kernel/compat_linux.c
@@ -148,9 +148,9 @@ asmlinkage long sys32_getresuid16(u16 __user *ruid, u16 __user *euid, u16 __user
148{ 148{
149 int retval; 149 int retval;
150 150
151 if (!(retval = put_user(high2lowuid(current->uid), ruid)) && 151 if (!(retval = put_user(high2lowuid(current->cred->uid), ruid)) &&
152 !(retval = put_user(high2lowuid(current->euid), euid))) 152 !(retval = put_user(high2lowuid(current->cred->euid), euid)))
153 retval = put_user(high2lowuid(current->suid), suid); 153 retval = put_user(high2lowuid(current->cred->suid), suid);
154 154
155 return retval; 155 return retval;
156} 156}
@@ -165,9 +165,9 @@ asmlinkage long sys32_getresgid16(u16 __user *rgid, u16 __user *egid, u16 __user
165{ 165{
166 int retval; 166 int retval;
167 167
168 if (!(retval = put_user(high2lowgid(current->gid), rgid)) && 168 if (!(retval = put_user(high2lowgid(current->cred->gid), rgid)) &&
169 !(retval = put_user(high2lowgid(current->egid), egid))) 169 !(retval = put_user(high2lowgid(current->cred->egid), egid)))
170 retval = put_user(high2lowgid(current->sgid), sgid); 170 retval = put_user(high2lowgid(current->cred->sgid), sgid);
171 171
172 return retval; 172 return retval;
173} 173}
@@ -217,20 +217,20 @@ asmlinkage long sys32_getgroups16(int gidsetsize, u16 __user *grouplist)
217 if (gidsetsize < 0) 217 if (gidsetsize < 0)
218 return -EINVAL; 218 return -EINVAL;
219 219
220 get_group_info(current->group_info); 220 get_group_info(current->cred->group_info);
221 i = current->group_info->ngroups; 221 i = current->cred->group_info->ngroups;
222 if (gidsetsize) { 222 if (gidsetsize) {
223 if (i > gidsetsize) { 223 if (i > gidsetsize) {
224 i = -EINVAL; 224 i = -EINVAL;
225 goto out; 225 goto out;
226 } 226 }
227 if (groups16_to_user(grouplist, current->group_info)) { 227 if (groups16_to_user(grouplist, current->cred->group_info)) {
228 i = -EFAULT; 228 i = -EFAULT;
229 goto out; 229 goto out;
230 } 230 }
231 } 231 }
232out: 232out:
233 put_group_info(current->group_info); 233 put_group_info(current->cred->group_info);
234 return i; 234 return i;
235} 235}
236 236
@@ -261,22 +261,22 @@ asmlinkage long sys32_setgroups16(int gidsetsize, u16 __user *grouplist)
261 261
262asmlinkage long sys32_getuid16(void) 262asmlinkage long sys32_getuid16(void)
263{ 263{
264 return high2lowuid(current->uid); 264 return high2lowuid(current->cred->uid);
265} 265}
266 266
267asmlinkage long sys32_geteuid16(void) 267asmlinkage long sys32_geteuid16(void)
268{ 268{
269 return high2lowuid(current->euid); 269 return high2lowuid(current->cred->euid);
270} 270}
271 271
272asmlinkage long sys32_getgid16(void) 272asmlinkage long sys32_getgid16(void)
273{ 273{
274 return high2lowgid(current->gid); 274 return high2lowgid(current->cred->gid);
275} 275}
276 276
277asmlinkage long sys32_getegid16(void) 277asmlinkage long sys32_getegid16(void)
278{ 278{
279 return high2lowgid(current->egid); 279 return high2lowgid(current->cred->egid);
280} 280}
281 281
282/* 282/*
diff --git a/arch/um/drivers/mconsole_kern.c b/arch/um/drivers/mconsole_kern.c
index 19d579d74d27..16d3b3789a50 100644
--- a/arch/um/drivers/mconsole_kern.c
+++ b/arch/um/drivers/mconsole_kern.c
@@ -159,7 +159,8 @@ void mconsole_proc(struct mc_request *req)
159 goto out_kill; 159 goto out_kill;
160 } 160 }
161 161
162 file = dentry_open(nd.path.dentry, nd.path.mnt, O_RDONLY); 162 file = dentry_open(nd.path.dentry, nd.path.mnt, O_RDONLY,
163 current_cred());
163 if (IS_ERR(file)) { 164 if (IS_ERR(file)) {
164 mconsole_reply(req, "Failed to open file", 1, 0); 165 mconsole_reply(req, "Failed to open file", 1, 0);
165 goto out_kill; 166 goto out_kill;
diff --git a/arch/x86/ia32/ia32_aout.c b/arch/x86/ia32/ia32_aout.c
index 127ec3f07214..2a4d073d2cf1 100644
--- a/arch/x86/ia32/ia32_aout.c
+++ b/arch/x86/ia32/ia32_aout.c
@@ -327,7 +327,7 @@ static int load_aout_binary(struct linux_binprm *bprm, struct pt_regs *regs)
327 current->mm->cached_hole_size = 0; 327 current->mm->cached_hole_size = 0;
328 328
329 current->mm->mmap = NULL; 329 current->mm->mmap = NULL;
330 compute_creds(bprm); 330 install_exec_creds(bprm);
331 current->flags &= ~PF_FORKNOEXEC; 331 current->flags &= ~PF_FORKNOEXEC;
332 332
333 if (N_MAGIC(ex) == OMAGIC) { 333 if (N_MAGIC(ex) == OMAGIC) {
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index 31e8730fa246..3a1b6ef4f05d 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -393,7 +393,7 @@ static void show_fault_oops(struct pt_regs *regs, unsigned long error_code,
393 if (pte && pte_present(*pte) && !pte_exec(*pte)) 393 if (pte && pte_present(*pte) && !pte_exec(*pte))
394 printk(KERN_CRIT "kernel tried to execute " 394 printk(KERN_CRIT "kernel tried to execute "
395 "NX-protected page - exploit attempt? " 395 "NX-protected page - exploit attempt? "
396 "(uid: %d)\n", current->uid); 396 "(uid: %d)\n", current_uid());
397 } 397 }
398#endif 398#endif
399 399
diff --git a/drivers/block/loop.c b/drivers/block/loop.c
index 5c4ee70d5cf3..fb06ed659212 100644
--- a/drivers/block/loop.c
+++ b/drivers/block/loop.c
@@ -936,8 +936,10 @@ loop_set_status(struct loop_device *lo, const struct loop_info64 *info)
936{ 936{
937 int err; 937 int err;
938 struct loop_func_table *xfer; 938 struct loop_func_table *xfer;
939 uid_t uid = current_uid();
939 940
940 if (lo->lo_encrypt_key_size && lo->lo_key_owner != current->uid && 941 if (lo->lo_encrypt_key_size &&
942 lo->lo_key_owner != uid &&
941 !capable(CAP_SYS_ADMIN)) 943 !capable(CAP_SYS_ADMIN))
942 return -EPERM; 944 return -EPERM;
943 if (lo->lo_state != Lo_bound) 945 if (lo->lo_state != Lo_bound)
@@ -992,7 +994,7 @@ loop_set_status(struct loop_device *lo, const struct loop_info64 *info)
992 if (info->lo_encrypt_key_size) { 994 if (info->lo_encrypt_key_size) {
993 memcpy(lo->lo_encrypt_key, info->lo_encrypt_key, 995 memcpy(lo->lo_encrypt_key, info->lo_encrypt_key,
994 info->lo_encrypt_key_size); 996 info->lo_encrypt_key_size);
995 lo->lo_key_owner = current->uid; 997 lo->lo_key_owner = uid;
996 } 998 }
997 999
998 return 0; 1000 return 0;
diff --git a/drivers/char/tty_audit.c b/drivers/char/tty_audit.c
index 5787249934c8..d961fa9612c4 100644
--- a/drivers/char/tty_audit.c
+++ b/drivers/char/tty_audit.c
@@ -86,10 +86,12 @@ static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid,
86 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_TTY); 86 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_TTY);
87 if (ab) { 87 if (ab) {
88 char name[sizeof(tsk->comm)]; 88 char name[sizeof(tsk->comm)];
89 uid_t uid = task_uid(tsk);
89 90
90 audit_log_format(ab, "tty pid=%u uid=%u auid=%u ses=%u " 91 audit_log_format(ab, "tty pid=%u uid=%u auid=%u ses=%u "
91 "major=%d minor=%d comm=", tsk->pid, tsk->uid, 92 "major=%d minor=%d comm=",
92 loginuid, sessionid, buf->major, buf->minor); 93 tsk->pid, uid, loginuid, sessionid,
94 buf->major, buf->minor);
93 get_task_comm(name, tsk); 95 get_task_comm(name, tsk);
94 audit_log_untrustedstring(ab, name); 96 audit_log_untrustedstring(ab, name);
95 audit_log_format(ab, " data="); 97 audit_log_format(ab, " data=");
diff --git a/drivers/connector/cn_proc.c b/drivers/connector/cn_proc.c
index 5c9f67f98d10..c5afc98e2675 100644
--- a/drivers/connector/cn_proc.c
+++ b/drivers/connector/cn_proc.c
@@ -106,6 +106,7 @@ void proc_id_connector(struct task_struct *task, int which_id)
106 struct proc_event *ev; 106 struct proc_event *ev;
107 __u8 buffer[CN_PROC_MSG_SIZE]; 107 __u8 buffer[CN_PROC_MSG_SIZE];
108 struct timespec ts; 108 struct timespec ts;
109 const struct cred *cred;
109 110
110 if (atomic_read(&proc_event_num_listeners) < 1) 111 if (atomic_read(&proc_event_num_listeners) < 1)
111 return; 112 return;
@@ -115,14 +116,19 @@ void proc_id_connector(struct task_struct *task, int which_id)
115 ev->what = which_id; 116 ev->what = which_id;
116 ev->event_data.id.process_pid = task->pid; 117 ev->event_data.id.process_pid = task->pid;
117 ev->event_data.id.process_tgid = task->tgid; 118 ev->event_data.id.process_tgid = task->tgid;
119 rcu_read_lock();
120 cred = __task_cred(task);
118 if (which_id == PROC_EVENT_UID) { 121 if (which_id == PROC_EVENT_UID) {
119 ev->event_data.id.r.ruid = task->uid; 122 ev->event_data.id.r.ruid = cred->uid;
120 ev->event_data.id.e.euid = task->euid; 123 ev->event_data.id.e.euid = cred->euid;
121 } else if (which_id == PROC_EVENT_GID) { 124 } else if (which_id == PROC_EVENT_GID) {
122 ev->event_data.id.r.rgid = task->gid; 125 ev->event_data.id.r.rgid = cred->gid;
123 ev->event_data.id.e.egid = task->egid; 126 ev->event_data.id.e.egid = cred->egid;
124 } else 127 } else {
128 rcu_read_unlock();
125 return; 129 return;
130 }
131 rcu_read_unlock();
126 get_seq(&msg->seq, &ev->cpu); 132 get_seq(&msg->seq, &ev->cpu);
127 ktime_get_ts(&ts); /* get high res monotonic timestamp */ 133 ktime_get_ts(&ts); /* get high res monotonic timestamp */
128 put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns); 134 put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns);
diff --git a/drivers/isdn/capi/capifs.c b/drivers/isdn/capi/capifs.c
index 550e80f390a6..0aa66ec4cbdd 100644
--- a/drivers/isdn/capi/capifs.c
+++ b/drivers/isdn/capi/capifs.c
@@ -156,8 +156,8 @@ void capifs_new_ncci(unsigned int number, dev_t device)
156 if (!inode) 156 if (!inode)
157 return; 157 return;
158 inode->i_ino = number+2; 158 inode->i_ino = number+2;
159 inode->i_uid = config.setuid ? config.uid : current->fsuid; 159 inode->i_uid = config.setuid ? config.uid : current_fsuid();
160 inode->i_gid = config.setgid ? config.gid : current->fsgid; 160 inode->i_gid = config.setgid ? config.gid : current_fsgid();
161 inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME; 161 inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
162 init_special_inode(inode, S_IFCHR|config.mode, device); 162 init_special_inode(inode, S_IFCHR|config.mode, device);
163 //inode->i_op = &capifs_file_inode_operations; 163 //inode->i_op = &capifs_file_inode_operations;
diff --git a/drivers/isdn/hysdn/hysdn_procconf.c b/drivers/isdn/hysdn/hysdn_procconf.c
index 484299b031f8..8f9f4912de32 100644
--- a/drivers/isdn/hysdn/hysdn_procconf.c
+++ b/drivers/isdn/hysdn/hysdn_procconf.c
@@ -246,7 +246,8 @@ hysdn_conf_open(struct inode *ino, struct file *filep)
246 } 246 }
247 if (card->debug_flags & (LOG_PROC_OPEN | LOG_PROC_ALL)) 247 if (card->debug_flags & (LOG_PROC_OPEN | LOG_PROC_ALL))
248 hysdn_addlog(card, "config open for uid=%d gid=%d mode=0x%x", 248 hysdn_addlog(card, "config open for uid=%d gid=%d mode=0x%x",
249 filep->f_uid, filep->f_gid, filep->f_mode); 249 filep->f_cred->fsuid, filep->f_cred->fsgid,
250 filep->f_mode);
250 251
251 if ((filep->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_WRITE) { 252 if ((filep->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_WRITE) {
252 /* write only access -> write boot file or conf line */ 253 /* write only access -> write boot file or conf line */
@@ -331,7 +332,8 @@ hysdn_conf_close(struct inode *ino, struct file *filep)
331 } 332 }
332 if (card->debug_flags & (LOG_PROC_OPEN | LOG_PROC_ALL)) 333 if (card->debug_flags & (LOG_PROC_OPEN | LOG_PROC_ALL))
333 hysdn_addlog(card, "config close for uid=%d gid=%d mode=0x%x", 334 hysdn_addlog(card, "config close for uid=%d gid=%d mode=0x%x",
334 filep->f_uid, filep->f_gid, filep->f_mode); 335 filep->f_cred->fsuid, filep->f_cred->fsgid,
336 filep->f_mode);
335 337
336 if ((filep->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_WRITE) { 338 if ((filep->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_WRITE) {
337 /* write only access -> write boot file or conf line */ 339 /* write only access -> write boot file or conf line */
diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index 33b6d1b122fb..55dc70c6b4db 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -702,6 +702,7 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr)
702 struct tun_net *tn; 702 struct tun_net *tn;
703 struct tun_struct *tun; 703 struct tun_struct *tun;
704 struct net_device *dev; 704 struct net_device *dev;
705 const struct cred *cred = current_cred();
705 int err; 706 int err;
706 707
707 tn = net_generic(net, tun_net_id); 708 tn = net_generic(net, tun_net_id);
@@ -712,11 +713,12 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr)
712 713
713 /* Check permissions */ 714 /* Check permissions */
714 if (((tun->owner != -1 && 715 if (((tun->owner != -1 &&
715 current->euid != tun->owner) || 716 cred->euid != tun->owner) ||
716 (tun->group != -1 && 717 (tun->group != -1 &&
717 current->egid != tun->group)) && 718 cred->egid != tun->group)) &&
718 !capable(CAP_NET_ADMIN)) 719 !capable(CAP_NET_ADMIN)) {
719 return -EPERM; 720 return -EPERM;
721 }
720 } 722 }
721 else if (__dev_get_by_name(net, ifr->ifr_name)) 723 else if (__dev_get_by_name(net, ifr->ifr_name))
722 return -EINVAL; 724 return -EINVAL;
diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
index 2bccefebff1b..aa79280df15d 100644
--- a/drivers/usb/core/devio.c
+++ b/drivers/usb/core/devio.c
@@ -574,6 +574,7 @@ static int usbdev_open(struct inode *inode, struct file *file)
574{ 574{
575 struct usb_device *dev = NULL; 575 struct usb_device *dev = NULL;
576 struct dev_state *ps; 576 struct dev_state *ps;
577 const struct cred *cred = current_cred();
577 int ret; 578 int ret;
578 579
579 lock_kernel(); 580 lock_kernel();
@@ -617,8 +618,8 @@ static int usbdev_open(struct inode *inode, struct file *file)
617 init_waitqueue_head(&ps->wait); 618 init_waitqueue_head(&ps->wait);
618 ps->discsignr = 0; 619 ps->discsignr = 0;
619 ps->disc_pid = get_pid(task_pid(current)); 620 ps->disc_pid = get_pid(task_pid(current));
620 ps->disc_uid = current->uid; 621 ps->disc_uid = cred->uid;
621 ps->disc_euid = current->euid; 622 ps->disc_euid = cred->euid;
622 ps->disccontext = NULL; 623 ps->disccontext = NULL;
623 ps->ifclaimed = 0; 624 ps->ifclaimed = 0;
624 security_task_getsecid(current, &ps->secid); 625 security_task_getsecid(current, &ps->secid);
@@ -967,6 +968,7 @@ static int proc_do_submiturb(struct dev_state *ps, struct usbdevfs_urb *uurb,
967 struct usb_host_endpoint *ep; 968 struct usb_host_endpoint *ep;
968 struct async *as; 969 struct async *as;
969 struct usb_ctrlrequest *dr = NULL; 970 struct usb_ctrlrequest *dr = NULL;
971 const struct cred *cred = current_cred();
970 unsigned int u, totlen, isofrmlen; 972 unsigned int u, totlen, isofrmlen;
971 int ret, ifnum = -1; 973 int ret, ifnum = -1;
972 int is_in; 974 int is_in;
@@ -1174,8 +1176,8 @@ static int proc_do_submiturb(struct dev_state *ps, struct usbdevfs_urb *uurb,
1174 as->signr = uurb->signr; 1176 as->signr = uurb->signr;
1175 as->ifnum = ifnum; 1177 as->ifnum = ifnum;
1176 as->pid = get_pid(task_pid(current)); 1178 as->pid = get_pid(task_pid(current));
1177 as->uid = current->uid; 1179 as->uid = cred->uid;
1178 as->euid = current->euid; 1180 as->euid = cred->euid;
1179 security_task_getsecid(current, &as->secid); 1181 security_task_getsecid(current, &as->secid);
1180 if (!is_in) { 1182 if (!is_in) {
1181 if (copy_from_user(as->urb->transfer_buffer, uurb->buffer, 1183 if (copy_from_user(as->urb->transfer_buffer, uurb->buffer,
diff --git a/drivers/usb/core/inode.c b/drivers/usb/core/inode.c
index 94632264dccf..185be760833e 100644
--- a/drivers/usb/core/inode.c
+++ b/drivers/usb/core/inode.c
@@ -277,8 +277,8 @@ static struct inode *usbfs_get_inode (struct super_block *sb, int mode, dev_t de
277 277
278 if (inode) { 278 if (inode) {
279 inode->i_mode = mode; 279 inode->i_mode = mode;
280 inode->i_uid = current->fsuid; 280 inode->i_uid = current_fsuid();
281 inode->i_gid = current->fsgid; 281 inode->i_gid = current_fsgid();
282 inode->i_blocks = 0; 282 inode->i_blocks = 0;
283 inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; 283 inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME;
284 switch (mode & S_IFMT) { 284 switch (mode & S_IFMT) {
diff --git a/fs/9p/fid.c b/fs/9p/fid.c
index 3031e3233dd6..a43e4ab7c6c3 100644
--- a/fs/9p/fid.c
+++ b/fs/9p/fid.c
@@ -120,7 +120,7 @@ struct p9_fid *v9fs_fid_lookup(struct dentry *dentry)
120 switch (access) { 120 switch (access) {
121 case V9FS_ACCESS_SINGLE: 121 case V9FS_ACCESS_SINGLE:
122 case V9FS_ACCESS_USER: 122 case V9FS_ACCESS_USER:
123 uid = current->fsuid; 123 uid = current_fsuid();
124 any = 0; 124 any = 0;
125 break; 125 break;
126 126
diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c
index 8314d3f43b71..8fddfe86a0dc 100644
--- a/fs/9p/vfs_inode.c
+++ b/fs/9p/vfs_inode.c
@@ -215,8 +215,8 @@ struct inode *v9fs_get_inode(struct super_block *sb, int mode)
215 inode = new_inode(sb); 215 inode = new_inode(sb);
216 if (inode) { 216 if (inode) {
217 inode->i_mode = mode; 217 inode->i_mode = mode;
218 inode->i_uid = current->fsuid; 218 inode->i_uid = current_fsuid();
219 inode->i_gid = current->fsgid; 219 inode->i_gid = current_fsgid();
220 inode->i_blocks = 0; 220 inode->i_blocks = 0;
221 inode->i_rdev = 0; 221 inode->i_rdev = 0;
222 inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; 222 inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME;
diff --git a/fs/9p/vfs_super.c b/fs/9p/vfs_super.c
index d6cb1a0ca724..93212e40221a 100644
--- a/fs/9p/vfs_super.c
+++ b/fs/9p/vfs_super.c
@@ -113,8 +113,8 @@ static int v9fs_get_sb(struct file_system_type *fs_type, int flags,
113 struct v9fs_session_info *v9ses = NULL; 113 struct v9fs_session_info *v9ses = NULL;
114 struct p9_wstat *st = NULL; 114 struct p9_wstat *st = NULL;
115 int mode = S_IRWXUGO | S_ISVTX; 115 int mode = S_IRWXUGO | S_ISVTX;
116 uid_t uid = current->fsuid; 116 uid_t uid = current_fsuid();
117 gid_t gid = current->fsgid; 117 gid_t gid = current_fsgid();
118 struct p9_fid *fid; 118 struct p9_fid *fid;
119 int retval = 0; 119 int retval = 0;
120 120
diff --git a/fs/affs/inode.c b/fs/affs/inode.c
index a13b334a3910..415d9c67ac16 100644
--- a/fs/affs/inode.c
+++ b/fs/affs/inode.c
@@ -293,8 +293,8 @@ affs_new_inode(struct inode *dir)
293 mark_buffer_dirty_inode(bh, inode); 293 mark_buffer_dirty_inode(bh, inode);
294 affs_brelse(bh); 294 affs_brelse(bh);
295 295
296 inode->i_uid = current->fsuid; 296 inode->i_uid = current_fsuid();
297 inode->i_gid = current->fsgid; 297 inode->i_gid = current_fsgid();
298 inode->i_ino = block; 298 inode->i_ino = block;
299 inode->i_nlink = 1; 299 inode->i_nlink = 1;
300 inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC; 300 inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC;
diff --git a/fs/affs/super.c b/fs/affs/super.c
index 8989c93193ed..a19d64b582aa 100644
--- a/fs/affs/super.c
+++ b/fs/affs/super.c
@@ -163,8 +163,8 @@ parse_options(char *options, uid_t *uid, gid_t *gid, int *mode, int *reserved, s
163 163
164 /* Fill in defaults */ 164 /* Fill in defaults */
165 165
166 *uid = current->uid; 166 *uid = current_uid();
167 *gid = current->gid; 167 *gid = current_gid();
168 *reserved = 2; 168 *reserved = 2;
169 *root = -1; 169 *root = -1;
170 *blocksize = -1; 170 *blocksize = -1;
diff --git a/fs/anon_inodes.c b/fs/anon_inodes.c
index 3662dd44896b..c16d9be1b017 100644
--- a/fs/anon_inodes.c
+++ b/fs/anon_inodes.c
@@ -154,8 +154,8 @@ static struct inode *anon_inode_mkinode(void)
154 */ 154 */
155 inode->i_state = I_DIRTY; 155 inode->i_state = I_DIRTY;
156 inode->i_mode = S_IRUSR | S_IWUSR; 156 inode->i_mode = S_IRUSR | S_IWUSR;
157 inode->i_uid = current->fsuid; 157 inode->i_uid = current_fsuid();
158 inode->i_gid = current->fsgid; 158 inode->i_gid = current_fsgid();
159 inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; 159 inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME;
160 return inode; 160 return inode;
161} 161}
diff --git a/fs/attr.c b/fs/attr.c
index 7a83819f6ba2..f4360192a938 100644
--- a/fs/attr.c
+++ b/fs/attr.c
@@ -29,13 +29,13 @@ int inode_change_ok(struct inode *inode, struct iattr *attr)
29 29
30 /* Make sure a caller can chown. */ 30 /* Make sure a caller can chown. */
31 if ((ia_valid & ATTR_UID) && 31 if ((ia_valid & ATTR_UID) &&
32 (current->fsuid != inode->i_uid || 32 (current_fsuid() != inode->i_uid ||
33 attr->ia_uid != inode->i_uid) && !capable(CAP_CHOWN)) 33 attr->ia_uid != inode->i_uid) && !capable(CAP_CHOWN))
34 goto error; 34 goto error;
35 35
36 /* Make sure caller can chgrp. */ 36 /* Make sure caller can chgrp. */
37 if ((ia_valid & ATTR_GID) && 37 if ((ia_valid & ATTR_GID) &&
38 (current->fsuid != inode->i_uid || 38 (current_fsuid() != inode->i_uid ||
39 (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid)) && 39 (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid)) &&
40 !capable(CAP_CHOWN)) 40 !capable(CAP_CHOWN))
41 goto error; 41 goto error;
diff --git a/fs/autofs/inode.c b/fs/autofs/inode.c
index b70eea1e8c59..c773680d5c60 100644
--- a/fs/autofs/inode.c
+++ b/fs/autofs/inode.c
@@ -76,8 +76,8 @@ static int parse_options(char *options, int *pipefd, uid_t *uid, gid_t *gid,
76 substring_t args[MAX_OPT_ARGS]; 76 substring_t args[MAX_OPT_ARGS];
77 int option; 77 int option;
78 78
79 *uid = current->uid; 79 *uid = current_uid();
80 *gid = current->gid; 80 *gid = current_gid();
81 *pgrp = task_pgrp_nr(current); 81 *pgrp = task_pgrp_nr(current);
82 82
83 *minproto = *maxproto = AUTOFS_PROTO_VERSION; 83 *minproto = *maxproto = AUTOFS_PROTO_VERSION;
diff --git a/fs/autofs4/dev-ioctl.c b/fs/autofs4/dev-ioctl.c
index 33bf8cbfd051..63b7c7afe8df 100644
--- a/fs/autofs4/dev-ioctl.c
+++ b/fs/autofs4/dev-ioctl.c
@@ -308,7 +308,8 @@ static int autofs_dev_ioctl_open_mountpoint(const char *path, dev_t devid)
308 goto out; 308 goto out;
309 } 309 }
310 310
311 filp = dentry_open(nd.path.dentry, nd.path.mnt, O_RDONLY); 311 filp = dentry_open(nd.path.dentry, nd.path.mnt, O_RDONLY,
312 current_cred());
312 if (IS_ERR(filp)) { 313 if (IS_ERR(filp)) {
313 err = PTR_ERR(filp); 314 err = PTR_ERR(filp);
314 goto out; 315 goto out;
diff --git a/fs/autofs4/inode.c b/fs/autofs4/inode.c
index c7e65bb30ba0..7b19802cfef4 100644
--- a/fs/autofs4/inode.c
+++ b/fs/autofs4/inode.c
@@ -235,8 +235,8 @@ static int parse_options(char *options, int *pipefd, uid_t *uid, gid_t *gid,
235 substring_t args[MAX_OPT_ARGS]; 235 substring_t args[MAX_OPT_ARGS];
236 int option; 236 int option;
237 237
238 *uid = current->uid; 238 *uid = current_uid();
239 *gid = current->gid; 239 *gid = current_gid();
240 *pgrp = task_pgrp_nr(current); 240 *pgrp = task_pgrp_nr(current);
241 241
242 *minproto = AUTOFS_MIN_PROTO_VERSION; 242 *minproto = AUTOFS_MIN_PROTO_VERSION;
diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c
index 4b67c2a2d77c..e02cc8ae5eb3 100644
--- a/fs/autofs4/waitq.c
+++ b/fs/autofs4/waitq.c
@@ -391,8 +391,8 @@ int autofs4_wait(struct autofs_sb_info *sbi, struct dentry *dentry,
391 memcpy(&wq->name, &qstr, sizeof(struct qstr)); 391 memcpy(&wq->name, &qstr, sizeof(struct qstr));
392 wq->dev = autofs4_get_dev(sbi); 392 wq->dev = autofs4_get_dev(sbi);
393 wq->ino = autofs4_get_ino(sbi); 393 wq->ino = autofs4_get_ino(sbi);
394 wq->uid = current->uid; 394 wq->uid = current_uid();
395 wq->gid = current->gid; 395 wq->gid = current_gid();
396 wq->pid = current->pid; 396 wq->pid = current->pid;
397 wq->tgid = current->tgid; 397 wq->tgid = current->tgid;
398 wq->status = -EINTR; /* Status return if interrupted */ 398 wq->status = -EINTR; /* Status return if interrupted */
diff --git a/fs/bfs/dir.c b/fs/bfs/dir.c
index daae463068e4..4dd1b623f937 100644
--- a/fs/bfs/dir.c
+++ b/fs/bfs/dir.c
@@ -106,8 +106,8 @@ static int bfs_create(struct inode *dir, struct dentry *dentry, int mode,
106 } 106 }
107 set_bit(ino, info->si_imap); 107 set_bit(ino, info->si_imap);
108 info->si_freei--; 108 info->si_freei--;
109 inode->i_uid = current->fsuid; 109 inode->i_uid = current_fsuid();
110 inode->i_gid = (dir->i_mode & S_ISGID) ? dir->i_gid : current->fsgid; 110 inode->i_gid = (dir->i_mode & S_ISGID) ? dir->i_gid : current_fsgid();
111 inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC; 111 inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC;
112 inode->i_blocks = 0; 112 inode->i_blocks = 0;
113 inode->i_op = &bfs_file_inops; 113 inode->i_op = &bfs_file_inops;
diff --git a/fs/binfmt_aout.c b/fs/binfmt_aout.c
index 204cfd1d7676..f1f3f4192a60 100644
--- a/fs/binfmt_aout.c
+++ b/fs/binfmt_aout.c
@@ -320,7 +320,7 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs)
320 current->mm->free_area_cache = current->mm->mmap_base; 320 current->mm->free_area_cache = current->mm->mmap_base;
321 current->mm->cached_hole_size = 0; 321 current->mm->cached_hole_size = 0;
322 322
323 compute_creds(bprm); 323 install_exec_creds(bprm);
324 current->flags &= ~PF_FORKNOEXEC; 324 current->flags &= ~PF_FORKNOEXEC;
325#ifdef __sparc__ 325#ifdef __sparc__
326 if (N_MAGIC(ex) == NMAGIC) { 326 if (N_MAGIC(ex) == NMAGIC) {
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index 8fcfa398d350..f458c1217c5e 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -157,7 +157,7 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
157 int items; 157 int items;
158 elf_addr_t *elf_info; 158 elf_addr_t *elf_info;
159 int ei_index = 0; 159 int ei_index = 0;
160 struct task_struct *tsk = current; 160 const struct cred *cred = current_cred();
161 struct vm_area_struct *vma; 161 struct vm_area_struct *vma;
162 162
163 /* 163 /*
@@ -223,10 +223,10 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
223 NEW_AUX_ENT(AT_BASE, interp_load_addr); 223 NEW_AUX_ENT(AT_BASE, interp_load_addr);
224 NEW_AUX_ENT(AT_FLAGS, 0); 224 NEW_AUX_ENT(AT_FLAGS, 0);
225 NEW_AUX_ENT(AT_ENTRY, exec->e_entry); 225 NEW_AUX_ENT(AT_ENTRY, exec->e_entry);
226 NEW_AUX_ENT(AT_UID, tsk->uid); 226 NEW_AUX_ENT(AT_UID, cred->uid);
227 NEW_AUX_ENT(AT_EUID, tsk->euid); 227 NEW_AUX_ENT(AT_EUID, cred->euid);
228 NEW_AUX_ENT(AT_GID, tsk->gid); 228 NEW_AUX_ENT(AT_GID, cred->gid);
229 NEW_AUX_ENT(AT_EGID, tsk->egid); 229 NEW_AUX_ENT(AT_EGID, cred->egid);
230 NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm)); 230 NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm));
231 NEW_AUX_ENT(AT_EXECFN, bprm->exec); 231 NEW_AUX_ENT(AT_EXECFN, bprm->exec);
232 if (k_platform) { 232 if (k_platform) {
@@ -956,7 +956,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
956 } 956 }
957#endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */ 957#endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */
958 958
959 compute_creds(bprm); 959 install_exec_creds(bprm);
960 current->flags &= ~PF_FORKNOEXEC; 960 current->flags &= ~PF_FORKNOEXEC;
961 retval = create_elf_tables(bprm, &loc->elf_ex, 961 retval = create_elf_tables(bprm, &loc->elf_ex,
962 load_addr, interp_load_addr); 962 load_addr, interp_load_addr);
@@ -1361,6 +1361,7 @@ static void fill_prstatus(struct elf_prstatus *prstatus,
1361static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p, 1361static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
1362 struct mm_struct *mm) 1362 struct mm_struct *mm)
1363{ 1363{
1364 const struct cred *cred;
1364 unsigned int i, len; 1365 unsigned int i, len;
1365 1366
1366 /* first copy the parameters from user space */ 1367 /* first copy the parameters from user space */
@@ -1388,8 +1389,11 @@ static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
1388 psinfo->pr_zomb = psinfo->pr_sname == 'Z'; 1389 psinfo->pr_zomb = psinfo->pr_sname == 'Z';
1389 psinfo->pr_nice = task_nice(p); 1390 psinfo->pr_nice = task_nice(p);
1390 psinfo->pr_flag = p->flags; 1391 psinfo->pr_flag = p->flags;
1391 SET_UID(psinfo->pr_uid, p->uid); 1392 rcu_read_lock();
1392 SET_GID(psinfo->pr_gid, p->gid); 1393 cred = __task_cred(p);
1394 SET_UID(psinfo->pr_uid, cred->uid);
1395 SET_GID(psinfo->pr_gid, cred->gid);
1396 rcu_read_unlock();
1393 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname)); 1397 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
1394 1398
1395 return 0; 1399 return 0;
diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c
index 5b5424cb3391..aa5b43205e37 100644
--- a/fs/binfmt_elf_fdpic.c
+++ b/fs/binfmt_elf_fdpic.c
@@ -404,7 +404,7 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm,
404 current->mm->start_stack = current->mm->start_brk + stack_size; 404 current->mm->start_stack = current->mm->start_brk + stack_size;
405#endif 405#endif
406 406
407 compute_creds(bprm); 407 install_exec_creds(bprm);
408 current->flags &= ~PF_FORKNOEXEC; 408 current->flags &= ~PF_FORKNOEXEC;
409 if (create_elf_fdpic_tables(bprm, current->mm, 409 if (create_elf_fdpic_tables(bprm, current->mm,
410 &exec_params, &interp_params) < 0) 410 &exec_params, &interp_params) < 0)
@@ -475,6 +475,7 @@ static int create_elf_fdpic_tables(struct linux_binprm *bprm,
475 struct elf_fdpic_params *exec_params, 475 struct elf_fdpic_params *exec_params,
476 struct elf_fdpic_params *interp_params) 476 struct elf_fdpic_params *interp_params)
477{ 477{
478 const struct cred *cred = current_cred();
478 unsigned long sp, csp, nitems; 479 unsigned long sp, csp, nitems;
479 elf_caddr_t __user *argv, *envp; 480 elf_caddr_t __user *argv, *envp;
480 size_t platform_len = 0, len; 481 size_t platform_len = 0, len;
@@ -623,10 +624,10 @@ static int create_elf_fdpic_tables(struct linux_binprm *bprm,
623 NEW_AUX_ENT(AT_BASE, interp_params->elfhdr_addr); 624 NEW_AUX_ENT(AT_BASE, interp_params->elfhdr_addr);
624 NEW_AUX_ENT(AT_FLAGS, 0); 625 NEW_AUX_ENT(AT_FLAGS, 0);
625 NEW_AUX_ENT(AT_ENTRY, exec_params->entry_addr); 626 NEW_AUX_ENT(AT_ENTRY, exec_params->entry_addr);
626 NEW_AUX_ENT(AT_UID, (elf_addr_t) current->uid); 627 NEW_AUX_ENT(AT_UID, (elf_addr_t) cred->uid);
627 NEW_AUX_ENT(AT_EUID, (elf_addr_t) current->euid); 628 NEW_AUX_ENT(AT_EUID, (elf_addr_t) cred->euid);
628 NEW_AUX_ENT(AT_GID, (elf_addr_t) current->gid); 629 NEW_AUX_ENT(AT_GID, (elf_addr_t) cred->gid);
629 NEW_AUX_ENT(AT_EGID, (elf_addr_t) current->egid); 630 NEW_AUX_ENT(AT_EGID, (elf_addr_t) cred->egid);
630 NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm)); 631 NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm));
631 NEW_AUX_ENT(AT_EXECFN, bprm->exec); 632 NEW_AUX_ENT(AT_EXECFN, bprm->exec);
632 633
@@ -1413,6 +1414,7 @@ static void fill_prstatus(struct elf_prstatus *prstatus,
1413static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p, 1414static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
1414 struct mm_struct *mm) 1415 struct mm_struct *mm)
1415{ 1416{
1417 const struct cred *cred;
1416 unsigned int i, len; 1418 unsigned int i, len;
1417 1419
1418 /* first copy the parameters from user space */ 1420 /* first copy the parameters from user space */
@@ -1440,8 +1442,11 @@ static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
1440 psinfo->pr_zomb = psinfo->pr_sname == 'Z'; 1442 psinfo->pr_zomb = psinfo->pr_sname == 'Z';
1441 psinfo->pr_nice = task_nice(p); 1443 psinfo->pr_nice = task_nice(p);
1442 psinfo->pr_flag = p->flags; 1444 psinfo->pr_flag = p->flags;
1443 SET_UID(psinfo->pr_uid, p->uid); 1445 rcu_read_lock();
1444 SET_GID(psinfo->pr_gid, p->gid); 1446 cred = __task_cred(p);
1447 SET_UID(psinfo->pr_uid, cred->uid);
1448 SET_GID(psinfo->pr_gid, cred->gid);
1449 rcu_read_unlock();
1445 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname)); 1450 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
1446 1451
1447 return 0; 1452 return 0;
diff --git a/fs/binfmt_flat.c b/fs/binfmt_flat.c
index ccb781a6a804..7bbd5c6b3725 100644
--- a/fs/binfmt_flat.c
+++ b/fs/binfmt_flat.c
@@ -880,7 +880,7 @@ static int load_flat_binary(struct linux_binprm * bprm, struct pt_regs * regs)
880 (libinfo.lib_list[j].loaded)? 880 (libinfo.lib_list[j].loaded)?
881 libinfo.lib_list[j].start_data:UNLOADED_LIB; 881 libinfo.lib_list[j].start_data:UNLOADED_LIB;
882 882
883 compute_creds(bprm); 883 install_exec_creds(bprm);
884 current->flags &= ~PF_FORKNOEXEC; 884 current->flags &= ~PF_FORKNOEXEC;
885 885
886 set_binfmt(&flat_format); 886 set_binfmt(&flat_format);
diff --git a/fs/binfmt_som.c b/fs/binfmt_som.c
index 74e587a52796..08644a61616e 100644
--- a/fs/binfmt_som.c
+++ b/fs/binfmt_som.c
@@ -255,7 +255,7 @@ load_som_binary(struct linux_binprm * bprm, struct pt_regs * regs)
255 kfree(hpuxhdr); 255 kfree(hpuxhdr);
256 256
257 set_binfmt(&som_format); 257 set_binfmt(&som_format);
258 compute_creds(bprm); 258 install_exec_creds(bprm);
259 setup_arg_pages(bprm, STACK_TOP, EXSTACK_DEFAULT); 259 setup_arg_pages(bprm, STACK_TOP, EXSTACK_DEFAULT);
260 260
261 create_som_tables(bprm); 261 create_som_tables(bprm);
diff --git a/fs/cifs/cifs_fs_sb.h b/fs/cifs/cifs_fs_sb.h
index 877c85409f1f..1e7b87497f26 100644
--- a/fs/cifs/cifs_fs_sb.h
+++ b/fs/cifs/cifs_fs_sb.h
@@ -19,7 +19,7 @@
19#define _CIFS_FS_SB_H 19#define _CIFS_FS_SB_H
20 20
21#define CIFS_MOUNT_NO_PERM 1 /* do not do client vfs_perm check */ 21#define CIFS_MOUNT_NO_PERM 1 /* do not do client vfs_perm check */
22#define CIFS_MOUNT_SET_UID 2 /* set current->euid in create etc. */ 22#define CIFS_MOUNT_SET_UID 2 /* set current's euid in create etc. */
23#define CIFS_MOUNT_SERVER_INUM 4 /* inode numbers from uniqueid from server */ 23#define CIFS_MOUNT_SERVER_INUM 4 /* inode numbers from uniqueid from server */
24#define CIFS_MOUNT_DIRECT_IO 8 /* do not write nor read through page cache */ 24#define CIFS_MOUNT_DIRECT_IO 8 /* do not write nor read through page cache */
25#define CIFS_MOUNT_NO_XATTR 0x10 /* if set - disable xattr support */ 25#define CIFS_MOUNT_NO_XATTR 0x10 /* if set - disable xattr support */
diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h
index 6f21ecb85ce5..9d8b978137ad 100644
--- a/fs/cifs/cifsproto.h
+++ b/fs/cifs/cifsproto.h
@@ -39,7 +39,7 @@ extern int smb_send(struct socket *, struct smb_hdr *,
39 unsigned int /* length */ , struct sockaddr *, bool); 39 unsigned int /* length */ , struct sockaddr *, bool);
40extern unsigned int _GetXid(void); 40extern unsigned int _GetXid(void);
41extern void _FreeXid(unsigned int); 41extern void _FreeXid(unsigned int);
42#define GetXid() (int)_GetXid(); cFYI(1,("CIFS VFS: in %s as Xid: %d with uid: %d",__func__, xid,current->fsuid)); 42#define GetXid() (int)_GetXid(); cFYI(1,("CIFS VFS: in %s as Xid: %d with uid: %d",__func__, xid,current_fsuid()));
43#define FreeXid(curr_xid) {_FreeXid(curr_xid); cFYI(1,("CIFS VFS: leaving %s (xid = %d) rc = %d",__func__,curr_xid,(int)rc));} 43#define FreeXid(curr_xid) {_FreeXid(curr_xid); cFYI(1,("CIFS VFS: leaving %s (xid = %d) rc = %d",__func__,curr_xid,(int)rc));}
44extern char *build_path_from_dentry(struct dentry *); 44extern char *build_path_from_dentry(struct dentry *);
45extern char *build_wildcard_path_from_dentry(struct dentry *direntry); 45extern char *build_wildcard_path_from_dentry(struct dentry *direntry);
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index c7d341714586..683dee4d2f76 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -836,8 +836,8 @@ cifs_parse_mount_options(char *options, const char *devname,
836 /* null target name indicates to use *SMBSERVR default called name 836 /* null target name indicates to use *SMBSERVR default called name
837 if we end up sending RFC1001 session initialize */ 837 if we end up sending RFC1001 session initialize */
838 vol->target_rfc1001_name[0] = 0; 838 vol->target_rfc1001_name[0] = 0;
839 vol->linux_uid = current->uid; /* current->euid instead? */ 839 vol->linux_uid = current_uid(); /* use current_euid() instead? */
840 vol->linux_gid = current->gid; 840 vol->linux_gid = current_gid();
841 vol->dir_mode = S_IRWXUGO; 841 vol->dir_mode = S_IRWXUGO;
842 /* 2767 perms indicate mandatory locking support */ 842 /* 2767 perms indicate mandatory locking support */
843 vol->file_mode = (S_IRWXUGO | S_ISGID) & (~S_IXGRP); 843 vol->file_mode = (S_IRWXUGO | S_ISGID) & (~S_IXGRP);
diff --git a/fs/cifs/dir.c b/fs/cifs/dir.c
index e962e75e6f7b..2f02c52db666 100644
--- a/fs/cifs/dir.c
+++ b/fs/cifs/dir.c
@@ -235,11 +235,11 @@ cifs_create(struct inode *inode, struct dentry *direntry, int mode,
235 }; 235 };
236 236
237 if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) { 237 if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) {
238 args.uid = (__u64) current->fsuid; 238 args.uid = (__u64) current_fsuid();
239 if (inode->i_mode & S_ISGID) 239 if (inode->i_mode & S_ISGID)
240 args.gid = (__u64) inode->i_gid; 240 args.gid = (__u64) inode->i_gid;
241 else 241 else
242 args.gid = (__u64) current->fsgid; 242 args.gid = (__u64) current_fsgid();
243 } else { 243 } else {
244 args.uid = NO_CHANGE_64; 244 args.uid = NO_CHANGE_64;
245 args.gid = NO_CHANGE_64; 245 args.gid = NO_CHANGE_64;
@@ -271,13 +271,13 @@ cifs_create(struct inode *inode, struct dentry *direntry, int mode,
271 if ((oplock & CIFS_CREATE_ACTION) && 271 if ((oplock & CIFS_CREATE_ACTION) &&
272 (cifs_sb->mnt_cifs_flags & 272 (cifs_sb->mnt_cifs_flags &
273 CIFS_MOUNT_SET_UID)) { 273 CIFS_MOUNT_SET_UID)) {
274 newinode->i_uid = current->fsuid; 274 newinode->i_uid = current_fsuid();
275 if (inode->i_mode & S_ISGID) 275 if (inode->i_mode & S_ISGID)
276 newinode->i_gid = 276 newinode->i_gid =
277 inode->i_gid; 277 inode->i_gid;
278 else 278 else
279 newinode->i_gid = 279 newinode->i_gid =
280 current->fsgid; 280 current_fsgid();
281 } 281 }
282 } 282 }
283 } 283 }
@@ -375,8 +375,8 @@ int cifs_mknod(struct inode *inode, struct dentry *direntry, int mode,
375 .device = device_number, 375 .device = device_number,
376 }; 376 };
377 if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) { 377 if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) {
378 args.uid = (__u64) current->fsuid; 378 args.uid = (__u64) current_fsuid();
379 args.gid = (__u64) current->fsgid; 379 args.gid = (__u64) current_fsgid();
380 } else { 380 } else {
381 args.uid = NO_CHANGE_64; 381 args.uid = NO_CHANGE_64;
382 args.gid = NO_CHANGE_64; 382 args.gid = NO_CHANGE_64;
diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c
index ff8c68de4a92..8b7305e73d7e 100644
--- a/fs/cifs/inode.c
+++ b/fs/cifs/inode.c
@@ -1143,11 +1143,11 @@ mkdir_get_info:
1143 .device = 0, 1143 .device = 0,
1144 }; 1144 };
1145 if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) { 1145 if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) {
1146 args.uid = (__u64)current->fsuid; 1146 args.uid = (__u64)current_fsuid();
1147 if (inode->i_mode & S_ISGID) 1147 if (inode->i_mode & S_ISGID)
1148 args.gid = (__u64)inode->i_gid; 1148 args.gid = (__u64)inode->i_gid;
1149 else 1149 else
1150 args.gid = (__u64)current->fsgid; 1150 args.gid = (__u64)current_fsgid();
1151 } else { 1151 } else {
1152 args.uid = NO_CHANGE_64; 1152 args.uid = NO_CHANGE_64;
1153 args.gid = NO_CHANGE_64; 1153 args.gid = NO_CHANGE_64;
@@ -1184,13 +1184,13 @@ mkdir_get_info:
1184 if (cifs_sb->mnt_cifs_flags & 1184 if (cifs_sb->mnt_cifs_flags &
1185 CIFS_MOUNT_SET_UID) { 1185 CIFS_MOUNT_SET_UID) {
1186 direntry->d_inode->i_uid = 1186 direntry->d_inode->i_uid =
1187 current->fsuid; 1187 current_fsuid();
1188 if (inode->i_mode & S_ISGID) 1188 if (inode->i_mode & S_ISGID)
1189 direntry->d_inode->i_gid = 1189 direntry->d_inode->i_gid =
1190 inode->i_gid; 1190 inode->i_gid;
1191 else 1191 else
1192 direntry->d_inode->i_gid = 1192 direntry->d_inode->i_gid =
1193 current->fsgid; 1193 current_fsgid();
1194 } 1194 }
1195 } 1195 }
1196 } 1196 }
diff --git a/fs/cifs/ioctl.c b/fs/cifs/ioctl.c
index 0088a5b52564..f94650683a00 100644
--- a/fs/cifs/ioctl.c
+++ b/fs/cifs/ioctl.c
@@ -65,7 +65,7 @@ long cifs_ioctl(struct file *filep, unsigned int command, unsigned long arg)
65 switch (command) { 65 switch (command) {
66 case CIFS_IOC_CHECKUMOUNT: 66 case CIFS_IOC_CHECKUMOUNT:
67 cFYI(1, ("User unmount attempted")); 67 cFYI(1, ("User unmount attempted"));
68 if (cifs_sb->mnt_uid == current->uid) 68 if (cifs_sb->mnt_uid == current_uid())
69 rc = 0; 69 rc = 0;
70 else { 70 else {
71 rc = -EACCES; 71 rc = -EACCES;
diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c
index addd1dcc2d79..f108040ca1bc 100644
--- a/fs/cifs/misc.c
+++ b/fs/cifs/misc.c
@@ -338,13 +338,13 @@ header_assemble(struct smb_hdr *buffer, char smb_command /* command */ ,
338 /* BB Add support for establishing new tCon and SMB Session */ 338 /* BB Add support for establishing new tCon and SMB Session */
339 /* with userid/password pairs found on the smb session */ 339 /* with userid/password pairs found on the smb session */
340 /* for other target tcp/ip addresses BB */ 340 /* for other target tcp/ip addresses BB */
341 if (current->fsuid != treeCon->ses->linux_uid) { 341 if (current_fsuid() != treeCon->ses->linux_uid) {
342 cFYI(1, ("Multiuser mode and UID " 342 cFYI(1, ("Multiuser mode and UID "
343 "did not match tcon uid")); 343 "did not match tcon uid"));
344 read_lock(&cifs_tcp_ses_lock); 344 read_lock(&cifs_tcp_ses_lock);
345 list_for_each(temp_item, &treeCon->ses->server->smb_ses_list) { 345 list_for_each(temp_item, &treeCon->ses->server->smb_ses_list) {
346 ses = list_entry(temp_item, struct cifsSesInfo, smb_ses_list); 346 ses = list_entry(temp_item, struct cifsSesInfo, smb_ses_list);
347 if (ses->linux_uid == current->fsuid) { 347 if (ses->linux_uid == current_fsuid()) {
348 if (ses->server == treeCon->ses->server) { 348 if (ses->server == treeCon->ses->server) {
349 cFYI(1, ("found matching uid substitute right smb_uid")); 349 cFYI(1, ("found matching uid substitute right smb_uid"));
350 buffer->Uid = ses->Suid; 350 buffer->Uid = ses->Suid;
diff --git a/fs/coda/cache.c b/fs/coda/cache.c
index 8a2370341c7a..a5bf5771a22a 100644
--- a/fs/coda/cache.c
+++ b/fs/coda/cache.c
@@ -32,8 +32,8 @@ void coda_cache_enter(struct inode *inode, int mask)
32 struct coda_inode_info *cii = ITOC(inode); 32 struct coda_inode_info *cii = ITOC(inode);
33 33
34 cii->c_cached_epoch = atomic_read(&permission_epoch); 34 cii->c_cached_epoch = atomic_read(&permission_epoch);
35 if (cii->c_uid != current->fsuid) { 35 if (cii->c_uid != current_fsuid()) {
36 cii->c_uid = current->fsuid; 36 cii->c_uid = current_fsuid();
37 cii->c_cached_perm = mask; 37 cii->c_cached_perm = mask;
38 } else 38 } else
39 cii->c_cached_perm |= mask; 39 cii->c_cached_perm |= mask;
@@ -60,7 +60,7 @@ int coda_cache_check(struct inode *inode, int mask)
60 int hit; 60 int hit;
61 61
62 hit = (mask & cii->c_cached_perm) == mask && 62 hit = (mask & cii->c_cached_perm) == mask &&
63 cii->c_uid == current->fsuid && 63 cii->c_uid == current_fsuid() &&
64 cii->c_cached_epoch == atomic_read(&permission_epoch); 64 cii->c_cached_epoch == atomic_read(&permission_epoch);
65 65
66 return hit; 66 return hit;
diff --git a/fs/coda/file.c b/fs/coda/file.c
index 29137ff3ca67..5a8769985494 100644
--- a/fs/coda/file.c
+++ b/fs/coda/file.c
@@ -174,7 +174,7 @@ int coda_release(struct inode *coda_inode, struct file *coda_file)
174 BUG_ON(!cfi || cfi->cfi_magic != CODA_MAGIC); 174 BUG_ON(!cfi || cfi->cfi_magic != CODA_MAGIC);
175 175
176 err = venus_close(coda_inode->i_sb, coda_i2f(coda_inode), 176 err = venus_close(coda_inode->i_sb, coda_i2f(coda_inode),
177 coda_flags, coda_file->f_uid); 177 coda_flags, coda_file->f_cred->fsuid);
178 178
179 host_inode = cfi->cfi_container->f_path.dentry->d_inode; 179 host_inode = cfi->cfi_container->f_path.dentry->d_inode;
180 cii = ITOC(coda_inode); 180 cii = ITOC(coda_inode);
diff --git a/fs/coda/upcall.c b/fs/coda/upcall.c
index ce432bca95d1..c274d949179d 100644
--- a/fs/coda/upcall.c
+++ b/fs/coda/upcall.c
@@ -52,7 +52,7 @@ static void *alloc_upcall(int opcode, int size)
52 inp->ih.opcode = opcode; 52 inp->ih.opcode = opcode;
53 inp->ih.pid = current->pid; 53 inp->ih.pid = current->pid;
54 inp->ih.pgid = task_pgrp_nr(current); 54 inp->ih.pgid = task_pgrp_nr(current);
55 inp->ih.uid = current->fsuid; 55 inp->ih.uid = current_fsuid();
56 56
57 return (void*)inp; 57 return (void*)inp;
58} 58}
diff --git a/fs/compat.c b/fs/compat.c
index e5f49f538502..d1ece79b6411 100644
--- a/fs/compat.c
+++ b/fs/compat.c
@@ -1393,10 +1393,20 @@ int compat_do_execve(char * filename,
1393 if (!bprm) 1393 if (!bprm)
1394 goto out_ret; 1394 goto out_ret;
1395 1395
1396 retval = mutex_lock_interruptible(&current->cred_exec_mutex);
1397 if (retval < 0)
1398 goto out_free;
1399
1400 retval = -ENOMEM;
1401 bprm->cred = prepare_exec_creds();
1402 if (!bprm->cred)
1403 goto out_unlock;
1404 check_unsafe_exec(bprm);
1405
1396 file = open_exec(filename); 1406 file = open_exec(filename);
1397 retval = PTR_ERR(file); 1407 retval = PTR_ERR(file);
1398 if (IS_ERR(file)) 1408 if (IS_ERR(file))
1399 goto out_kfree; 1409 goto out_unlock;
1400 1410
1401 sched_exec(); 1411 sched_exec();
1402 1412
@@ -1410,14 +1420,10 @@ int compat_do_execve(char * filename,
1410 1420
1411 bprm->argc = compat_count(argv, MAX_ARG_STRINGS); 1421 bprm->argc = compat_count(argv, MAX_ARG_STRINGS);
1412 if ((retval = bprm->argc) < 0) 1422 if ((retval = bprm->argc) < 0)
1413 goto out_mm; 1423 goto out;
1414 1424
1415 bprm->envc = compat_count(envp, MAX_ARG_STRINGS); 1425 bprm->envc = compat_count(envp, MAX_ARG_STRINGS);
1416 if ((retval = bprm->envc) < 0) 1426 if ((retval = bprm->envc) < 0)
1417 goto out_mm;
1418
1419 retval = security_bprm_alloc(bprm);
1420 if (retval)
1421 goto out; 1427 goto out;
1422 1428
1423 retval = prepare_binprm(bprm); 1429 retval = prepare_binprm(bprm);
@@ -1438,19 +1444,16 @@ int compat_do_execve(char * filename,
1438 goto out; 1444 goto out;
1439 1445
1440 retval = search_binary_handler(bprm, regs); 1446 retval = search_binary_handler(bprm, regs);
1441 if (retval >= 0) { 1447 if (retval < 0)
1442 /* execve success */ 1448 goto out;
1443 security_bprm_free(bprm);
1444 acct_update_integrals(current);
1445 free_bprm(bprm);
1446 return retval;
1447 }
1448 1449
1449out: 1450 /* execve succeeded */
1450 if (bprm->security) 1451 mutex_unlock(&current->cred_exec_mutex);
1451 security_bprm_free(bprm); 1452 acct_update_integrals(current);
1453 free_bprm(bprm);
1454 return retval;
1452 1455
1453out_mm: 1456out:
1454 if (bprm->mm) 1457 if (bprm->mm)
1455 mmput(bprm->mm); 1458 mmput(bprm->mm);
1456 1459
@@ -1460,7 +1463,10 @@ out_file:
1460 fput(bprm->file); 1463 fput(bprm->file);
1461 } 1464 }
1462 1465
1463out_kfree: 1466out_unlock:
1467 mutex_unlock(&current->cred_exec_mutex);
1468
1469out_free:
1464 free_bprm(bprm); 1470 free_bprm(bprm);
1465 1471
1466out_ret: 1472out_ret:
diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c
index 4a714f6c1bed..5d61b7c06e13 100644
--- a/fs/devpts/inode.c
+++ b/fs/devpts/inode.c
@@ -222,8 +222,8 @@ int devpts_pty_new(struct inode *ptmx_inode, struct tty_struct *tty)
222 return -ENOMEM; 222 return -ENOMEM;
223 223
224 inode->i_ino = number+2; 224 inode->i_ino = number+2;
225 inode->i_uid = config.setuid ? config.uid : current->fsuid; 225 inode->i_uid = config.setuid ? config.uid : current_fsuid();
226 inode->i_gid = config.setgid ? config.gid : current->fsgid; 226 inode->i_gid = config.setgid ? config.gid : current_fsgid();
227 inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME; 227 inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
228 init_special_inode(inode, S_IFCHR|config.mode, device); 228 init_special_inode(inode, S_IFCHR|config.mode, device);
229 inode->i_private = tty; 229 inode->i_private = tty;
diff --git a/fs/dquot.c b/fs/dquot.c
index 5e95261005b2..c237ccc8581c 100644
--- a/fs/dquot.c
+++ b/fs/dquot.c
@@ -874,7 +874,7 @@ static inline int need_print_warning(struct dquot *dquot)
874 874
875 switch (dquot->dq_type) { 875 switch (dquot->dq_type) {
876 case USRQUOTA: 876 case USRQUOTA:
877 return current->fsuid == dquot->dq_id; 877 return current_fsuid() == dquot->dq_id;
878 case GRPQUOTA: 878 case GRPQUOTA:
879 return in_group_p(dquot->dq_id); 879 return in_group_p(dquot->dq_id);
880 } 880 }
@@ -981,7 +981,7 @@ static void send_warning(const struct dquot *dquot, const char warntype)
981 MINOR(dquot->dq_sb->s_dev)); 981 MINOR(dquot->dq_sb->s_dev));
982 if (ret) 982 if (ret)
983 goto attr_err_out; 983 goto attr_err_out;
984 ret = nla_put_u64(skb, QUOTA_NL_A_CAUSED_ID, current->user->uid); 984 ret = nla_put_u64(skb, QUOTA_NL_A_CAUSED_ID, current_uid());
985 if (ret) 985 if (ret)
986 goto attr_err_out; 986 goto attr_err_out;
987 genlmsg_end(skb, msg_head); 987 genlmsg_end(skb, msg_head);
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index 3504cf9df358..a75026d35d16 100644
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -691,7 +691,8 @@ int ecryptfs_init_kthread(void);
691void ecryptfs_destroy_kthread(void); 691void ecryptfs_destroy_kthread(void);
692int ecryptfs_privileged_open(struct file **lower_file, 692int ecryptfs_privileged_open(struct file **lower_file,
693 struct dentry *lower_dentry, 693 struct dentry *lower_dentry,
694 struct vfsmount *lower_mnt); 694 struct vfsmount *lower_mnt,
695 const struct cred *cred);
695int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry); 696int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry);
696 697
697#endif /* #ifndef ECRYPTFS_KERNEL_H */ 698#endif /* #ifndef ECRYPTFS_KERNEL_H */
diff --git a/fs/ecryptfs/kthread.c b/fs/ecryptfs/kthread.c
index c440c6b58b2d..c6d7a4d748a0 100644
--- a/fs/ecryptfs/kthread.c
+++ b/fs/ecryptfs/kthread.c
@@ -73,7 +73,7 @@ static int ecryptfs_threadfn(void *ignored)
73 mntget(req->lower_mnt); 73 mntget(req->lower_mnt);
74 (*req->lower_file) = dentry_open( 74 (*req->lower_file) = dentry_open(
75 req->lower_dentry, req->lower_mnt, 75 req->lower_dentry, req->lower_mnt,
76 (O_RDWR | O_LARGEFILE)); 76 (O_RDWR | O_LARGEFILE), current_cred());
77 req->flags |= ECRYPTFS_REQ_PROCESSED; 77 req->flags |= ECRYPTFS_REQ_PROCESSED;
78 } 78 }
79 wake_up(&req->wait); 79 wake_up(&req->wait);
@@ -132,7 +132,8 @@ void ecryptfs_destroy_kthread(void)
132 */ 132 */
133int ecryptfs_privileged_open(struct file **lower_file, 133int ecryptfs_privileged_open(struct file **lower_file,
134 struct dentry *lower_dentry, 134 struct dentry *lower_dentry,
135 struct vfsmount *lower_mnt) 135 struct vfsmount *lower_mnt,
136 const struct cred *cred)
136{ 137{
137 struct ecryptfs_open_req *req; 138 struct ecryptfs_open_req *req;
138 int rc = 0; 139 int rc = 0;
@@ -143,7 +144,7 @@ int ecryptfs_privileged_open(struct file **lower_file,
143 dget(lower_dentry); 144 dget(lower_dentry);
144 mntget(lower_mnt); 145 mntget(lower_mnt);
145 (*lower_file) = dentry_open(lower_dentry, lower_mnt, 146 (*lower_file) = dentry_open(lower_dentry, lower_mnt,
146 (O_RDWR | O_LARGEFILE)); 147 (O_RDWR | O_LARGEFILE), cred);
147 if (!IS_ERR(*lower_file)) 148 if (!IS_ERR(*lower_file))
148 goto out; 149 goto out;
149 req = kmem_cache_alloc(ecryptfs_open_req_cache, GFP_KERNEL); 150 req = kmem_cache_alloc(ecryptfs_open_req_cache, GFP_KERNEL);
@@ -184,7 +185,7 @@ int ecryptfs_privileged_open(struct file **lower_file,
184 dget(lower_dentry); 185 dget(lower_dentry);
185 mntget(lower_mnt); 186 mntget(lower_mnt);
186 (*lower_file) = dentry_open(lower_dentry, lower_mnt, 187 (*lower_file) = dentry_open(lower_dentry, lower_mnt,
187 (O_RDONLY | O_LARGEFILE)); 188 (O_RDONLY | O_LARGEFILE), cred);
188 if (IS_ERR(*lower_file)) { 189 if (IS_ERR(*lower_file)) {
189 rc = PTR_ERR(*req->lower_file); 190 rc = PTR_ERR(*req->lower_file);
190 (*lower_file) = NULL; 191 (*lower_file) = NULL;
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index 64d2ba980df4..fd630713c5c7 100644
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -115,6 +115,7 @@ void __ecryptfs_printk(const char *fmt, ...)
115 */ 115 */
116int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry) 116int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry)
117{ 117{
118 const struct cred *cred = current_cred();
118 struct ecryptfs_inode_info *inode_info = 119 struct ecryptfs_inode_info *inode_info =
119 ecryptfs_inode_to_private(ecryptfs_dentry->d_inode); 120 ecryptfs_inode_to_private(ecryptfs_dentry->d_inode);
120 int rc = 0; 121 int rc = 0;
@@ -127,7 +128,7 @@ int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry)
127 128
128 lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry); 129 lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
129 rc = ecryptfs_privileged_open(&inode_info->lower_file, 130 rc = ecryptfs_privileged_open(&inode_info->lower_file,
130 lower_dentry, lower_mnt); 131 lower_dentry, lower_mnt, cred);
131 if (rc || IS_ERR(inode_info->lower_file)) { 132 if (rc || IS_ERR(inode_info->lower_file)) {
132 printk(KERN_ERR "Error opening lower persistent file " 133 printk(KERN_ERR "Error opening lower persistent file "
133 "for lower_dentry [0x%p] and lower_mnt [0x%p]; " 134 "for lower_dentry [0x%p] and lower_mnt [0x%p]; "
diff --git a/fs/ecryptfs/messaging.c b/fs/ecryptfs/messaging.c
index c6983978a31e..e0b0a4e28b9b 100644
--- a/fs/ecryptfs/messaging.c
+++ b/fs/ecryptfs/messaging.c
@@ -361,6 +361,7 @@ int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid,
361 size_t msg_size; 361 size_t msg_size;
362 struct nsproxy *nsproxy; 362 struct nsproxy *nsproxy;
363 struct user_namespace *current_user_ns; 363 struct user_namespace *current_user_ns;
364 uid_t ctx_euid;
364 int rc; 365 int rc;
365 366
366 if (msg->index >= ecryptfs_message_buf_len) { 367 if (msg->index >= ecryptfs_message_buf_len) {
@@ -385,8 +386,8 @@ int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid,
385 goto wake_up; 386 goto wake_up;
386 } 387 }
387 current_user_ns = nsproxy->user_ns; 388 current_user_ns = nsproxy->user_ns;
388 rc = ecryptfs_find_daemon_by_euid(&daemon, msg_ctx->task->euid, 389 ctx_euid = task_euid(msg_ctx->task);
389 current_user_ns); 390 rc = ecryptfs_find_daemon_by_euid(&daemon, ctx_euid, current_user_ns);
390 rcu_read_unlock(); 391 rcu_read_unlock();
391 mutex_unlock(&ecryptfs_daemon_hash_mux); 392 mutex_unlock(&ecryptfs_daemon_hash_mux);
392 if (rc) { 393 if (rc) {
@@ -394,14 +395,14 @@ int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid,
394 printk(KERN_WARNING "%s: User [%d] received a " 395 printk(KERN_WARNING "%s: User [%d] received a "
395 "message response from process [0x%p] but does " 396 "message response from process [0x%p] but does "
396 "not have a registered daemon\n", __func__, 397 "not have a registered daemon\n", __func__,
397 msg_ctx->task->euid, pid); 398 ctx_euid, pid);
398 goto wake_up; 399 goto wake_up;
399 } 400 }
400 if (msg_ctx->task->euid != euid) { 401 if (ctx_euid != euid) {
401 rc = -EBADMSG; 402 rc = -EBADMSG;
402 printk(KERN_WARNING "%s: Received message from user " 403 printk(KERN_WARNING "%s: Received message from user "
403 "[%d]; expected message from user [%d]\n", __func__, 404 "[%d]; expected message from user [%d]\n", __func__,
404 euid, msg_ctx->task->euid); 405 euid, ctx_euid);
405 goto unlock; 406 goto unlock;
406 } 407 }
407 if (current_user_ns != user_ns) { 408 if (current_user_ns != user_ns) {
@@ -415,7 +416,7 @@ int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid,
415 rc = -EBADMSG; 416 rc = -EBADMSG;
416 printk(KERN_ERR "%s: User [%d] sent a message response " 417 printk(KERN_ERR "%s: User [%d] sent a message response "
417 "from an unrecognized process [0x%p]\n", 418 "from an unrecognized process [0x%p]\n",
418 __func__, msg_ctx->task->euid, pid); 419 __func__, ctx_euid, pid);
419 goto unlock; 420 goto unlock;
420 } 421 }
421 if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_PENDING) { 422 if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_PENDING) {
@@ -464,14 +465,15 @@ ecryptfs_send_message_locked(char *data, int data_len, u8 msg_type,
464 struct ecryptfs_msg_ctx **msg_ctx) 465 struct ecryptfs_msg_ctx **msg_ctx)
465{ 466{
466 struct ecryptfs_daemon *daemon; 467 struct ecryptfs_daemon *daemon;
468 uid_t euid = current_euid();
467 int rc; 469 int rc;
468 470
469 rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid, 471 rc = ecryptfs_find_daemon_by_euid(&daemon, euid,
470 current->nsproxy->user_ns); 472 current->nsproxy->user_ns);
471 if (rc || !daemon) { 473 if (rc || !daemon) {
472 rc = -ENOTCONN; 474 rc = -ENOTCONN;
473 printk(KERN_ERR "%s: User [%d] does not have a daemon " 475 printk(KERN_ERR "%s: User [%d] does not have a daemon "
474 "registered\n", __func__, current->euid); 476 "registered\n", __func__, euid);
475 goto out; 477 goto out;
476 } 478 }
477 mutex_lock(&ecryptfs_msg_ctx_lists_mux); 479 mutex_lock(&ecryptfs_msg_ctx_lists_mux);
diff --git a/fs/ecryptfs/miscdev.c b/fs/ecryptfs/miscdev.c
index b484792a0996..047ac609695b 100644
--- a/fs/ecryptfs/miscdev.c
+++ b/fs/ecryptfs/miscdev.c
@@ -42,11 +42,12 @@ ecryptfs_miscdev_poll(struct file *file, poll_table *pt)
42{ 42{
43 struct ecryptfs_daemon *daemon; 43 struct ecryptfs_daemon *daemon;
44 unsigned int mask = 0; 44 unsigned int mask = 0;
45 uid_t euid = current_euid();
45 int rc; 46 int rc;
46 47
47 mutex_lock(&ecryptfs_daemon_hash_mux); 48 mutex_lock(&ecryptfs_daemon_hash_mux);
48 /* TODO: Just use file->private_data? */ 49 /* TODO: Just use file->private_data? */
49 rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid, 50 rc = ecryptfs_find_daemon_by_euid(&daemon, euid,
50 current->nsproxy->user_ns); 51 current->nsproxy->user_ns);
51 BUG_ON(rc || !daemon); 52 BUG_ON(rc || !daemon);
52 mutex_lock(&daemon->mux); 53 mutex_lock(&daemon->mux);
@@ -83,6 +84,7 @@ static int
83ecryptfs_miscdev_open(struct inode *inode, struct file *file) 84ecryptfs_miscdev_open(struct inode *inode, struct file *file)
84{ 85{
85 struct ecryptfs_daemon *daemon = NULL; 86 struct ecryptfs_daemon *daemon = NULL;
87 uid_t euid = current_euid();
86 int rc; 88 int rc;
87 89
88 mutex_lock(&ecryptfs_daemon_hash_mux); 90 mutex_lock(&ecryptfs_daemon_hash_mux);
@@ -93,10 +95,10 @@ ecryptfs_miscdev_open(struct inode *inode, struct file *file)
93 "count; rc = [%d]\n", __func__, rc); 95 "count; rc = [%d]\n", __func__, rc);
94 goto out_unlock_daemon_list; 96 goto out_unlock_daemon_list;
95 } 97 }
96 rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid, 98 rc = ecryptfs_find_daemon_by_euid(&daemon, euid,
97 current->nsproxy->user_ns); 99 current->nsproxy->user_ns);
98 if (rc || !daemon) { 100 if (rc || !daemon) {
99 rc = ecryptfs_spawn_daemon(&daemon, current->euid, 101 rc = ecryptfs_spawn_daemon(&daemon, euid,
100 current->nsproxy->user_ns, 102 current->nsproxy->user_ns,
101 task_pid(current)); 103 task_pid(current));
102 if (rc) { 104 if (rc) {
@@ -147,10 +149,11 @@ static int
147ecryptfs_miscdev_release(struct inode *inode, struct file *file) 149ecryptfs_miscdev_release(struct inode *inode, struct file *file)
148{ 150{
149 struct ecryptfs_daemon *daemon = NULL; 151 struct ecryptfs_daemon *daemon = NULL;
152 uid_t euid = current_euid();
150 int rc; 153 int rc;
151 154
152 mutex_lock(&ecryptfs_daemon_hash_mux); 155 mutex_lock(&ecryptfs_daemon_hash_mux);
153 rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid, 156 rc = ecryptfs_find_daemon_by_euid(&daemon, euid,
154 current->nsproxy->user_ns); 157 current->nsproxy->user_ns);
155 BUG_ON(rc || !daemon); 158 BUG_ON(rc || !daemon);
156 mutex_lock(&daemon->mux); 159 mutex_lock(&daemon->mux);
@@ -246,11 +249,12 @@ ecryptfs_miscdev_read(struct file *file, char __user *buf, size_t count,
246 char packet_length[3]; 249 char packet_length[3];
247 size_t i; 250 size_t i;
248 size_t total_length; 251 size_t total_length;
252 uid_t euid = current_euid();
249 int rc; 253 int rc;
250 254
251 mutex_lock(&ecryptfs_daemon_hash_mux); 255 mutex_lock(&ecryptfs_daemon_hash_mux);
252 /* TODO: Just use file->private_data? */ 256 /* TODO: Just use file->private_data? */
253 rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid, 257 rc = ecryptfs_find_daemon_by_euid(&daemon, euid,
254 current->nsproxy->user_ns); 258 current->nsproxy->user_ns);
255 BUG_ON(rc || !daemon); 259 BUG_ON(rc || !daemon);
256 mutex_lock(&daemon->mux); 260 mutex_lock(&daemon->mux);
@@ -290,7 +294,7 @@ check_list:
290 * message from the queue; try again */ 294 * message from the queue; try again */
291 goto check_list; 295 goto check_list;
292 } 296 }
293 BUG_ON(current->euid != daemon->euid); 297 BUG_ON(euid != daemon->euid);
294 BUG_ON(current->nsproxy->user_ns != daemon->user_ns); 298 BUG_ON(current->nsproxy->user_ns != daemon->user_ns);
295 BUG_ON(task_pid(current) != daemon->pid); 299 BUG_ON(task_pid(current) != daemon->pid);
296 msg_ctx = list_first_entry(&daemon->msg_ctx_out_queue, 300 msg_ctx = list_first_entry(&daemon->msg_ctx_out_queue,
@@ -414,6 +418,7 @@ ecryptfs_miscdev_write(struct file *file, const char __user *buf,
414 size_t packet_size, packet_size_length, i; 418 size_t packet_size, packet_size_length, i;
415 ssize_t sz = 0; 419 ssize_t sz = 0;
416 char *data; 420 char *data;
421 uid_t euid = current_euid();
417 int rc; 422 int rc;
418 423
419 if (count == 0) 424 if (count == 0)
@@ -463,8 +468,7 @@ ecryptfs_miscdev_write(struct file *file, const char __user *buf,
463 goto out_free; 468 goto out_free;
464 } 469 }
465 rc = ecryptfs_miscdev_response(&data[i], packet_size, 470 rc = ecryptfs_miscdev_response(&data[i], packet_size,
466 current->euid, 471 euid, current->nsproxy->user_ns,
467 current->nsproxy->user_ns,
468 task_pid(current), seq); 472 task_pid(current), seq);
469 if (rc) 473 if (rc)
470 printk(KERN_WARNING "%s: Failed to deliver miscdev " 474 printk(KERN_WARNING "%s: Failed to deliver miscdev "
diff --git a/fs/exec.c b/fs/exec.c
index 4e834f16d9da..32f13e299417 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -55,6 +55,7 @@
55#include <asm/uaccess.h> 55#include <asm/uaccess.h>
56#include <asm/mmu_context.h> 56#include <asm/mmu_context.h>
57#include <asm/tlb.h> 57#include <asm/tlb.h>
58#include "internal.h"
58 59
59#ifdef __alpha__ 60#ifdef __alpha__
60/* for /sbin/loader handling in search_binary_handler() */ 61/* for /sbin/loader handling in search_binary_handler() */
@@ -980,7 +981,7 @@ int flush_old_exec(struct linux_binprm * bprm)
980 /* This is the point of no return */ 981 /* This is the point of no return */
981 current->sas_ss_sp = current->sas_ss_size = 0; 982 current->sas_ss_sp = current->sas_ss_size = 0;
982 983
983 if (current->euid == current->uid && current->egid == current->gid) 984 if (current_euid() == current_uid() && current_egid() == current_gid())
984 set_dumpable(current->mm, 1); 985 set_dumpable(current->mm, 1);
985 else 986 else
986 set_dumpable(current->mm, suid_dumpable); 987 set_dumpable(current->mm, suid_dumpable);
@@ -1007,16 +1008,17 @@ int flush_old_exec(struct linux_binprm * bprm)
1007 */ 1008 */
1008 current->mm->task_size = TASK_SIZE; 1009 current->mm->task_size = TASK_SIZE;
1009 1010
1010 if (bprm->e_uid != current->euid || bprm->e_gid != current->egid) { 1011 /* install the new credentials */
1011 suid_keys(current); 1012 if (bprm->cred->uid != current_euid() ||
1012 set_dumpable(current->mm, suid_dumpable); 1013 bprm->cred->gid != current_egid()) {
1013 current->pdeath_signal = 0; 1014 current->pdeath_signal = 0;
1014 } else if (file_permission(bprm->file, MAY_READ) || 1015 } else if (file_permission(bprm->file, MAY_READ) ||
1015 (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)) { 1016 bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP) {
1016 suid_keys(current);
1017 set_dumpable(current->mm, suid_dumpable); 1017 set_dumpable(current->mm, suid_dumpable);
1018 } 1018 }
1019 1019
1020 current->personality &= ~bprm->per_clear;
1021
1020 /* An exec changes our domain. We are no longer part of the thread 1022 /* An exec changes our domain. We are no longer part of the thread
1021 group */ 1023 group */
1022 1024
@@ -1033,13 +1035,50 @@ out:
1033 1035
1034EXPORT_SYMBOL(flush_old_exec); 1036EXPORT_SYMBOL(flush_old_exec);
1035 1037
1038/*
1039 * install the new credentials for this executable
1040 */
1041void install_exec_creds(struct linux_binprm *bprm)
1042{
1043 security_bprm_committing_creds(bprm);
1044
1045 commit_creds(bprm->cred);
1046 bprm->cred = NULL;
1047
1048 /* cred_exec_mutex must be held at least to this point to prevent
1049 * ptrace_attach() from altering our determination of the task's
1050 * credentials; any time after this it may be unlocked */
1051
1052 security_bprm_committed_creds(bprm);
1053}
1054EXPORT_SYMBOL(install_exec_creds);
1055
1056/*
1057 * determine how safe it is to execute the proposed program
1058 * - the caller must hold current->cred_exec_mutex to protect against
1059 * PTRACE_ATTACH
1060 */
1061void check_unsafe_exec(struct linux_binprm *bprm)
1062{
1063 struct task_struct *p = current;
1064
1065 bprm->unsafe = tracehook_unsafe_exec(p);
1066
1067 if (atomic_read(&p->fs->count) > 1 ||
1068 atomic_read(&p->files->count) > 1 ||
1069 atomic_read(&p->sighand->count) > 1)
1070 bprm->unsafe |= LSM_UNSAFE_SHARE;
1071}
1072
1036/* 1073/*
1037 * Fill the binprm structure from the inode. 1074 * Fill the binprm structure from the inode.
1038 * Check permissions, then read the first 128 (BINPRM_BUF_SIZE) bytes 1075 * Check permissions, then read the first 128 (BINPRM_BUF_SIZE) bytes
1076 *
1077 * This may be called multiple times for binary chains (scripts for example).
1039 */ 1078 */
1040int prepare_binprm(struct linux_binprm *bprm) 1079int prepare_binprm(struct linux_binprm *bprm)
1041{ 1080{
1042 int mode; 1081 umode_t mode;
1043 struct inode * inode = bprm->file->f_path.dentry->d_inode; 1082 struct inode * inode = bprm->file->f_path.dentry->d_inode;
1044 int retval; 1083 int retval;
1045 1084
@@ -1047,14 +1086,15 @@ int prepare_binprm(struct linux_binprm *bprm)
1047 if (bprm->file->f_op == NULL) 1086 if (bprm->file->f_op == NULL)
1048 return -EACCES; 1087 return -EACCES;
1049 1088
1050 bprm->e_uid = current->euid; 1089 /* clear any previous set[ug]id data from a previous binary */
1051 bprm->e_gid = current->egid; 1090 bprm->cred->euid = current_euid();
1091 bprm->cred->egid = current_egid();
1052 1092
1053 if(!(bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)) { 1093 if (!(bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)) {
1054 /* Set-uid? */ 1094 /* Set-uid? */
1055 if (mode & S_ISUID) { 1095 if (mode & S_ISUID) {
1056 current->personality &= ~PER_CLEAR_ON_SETID; 1096 bprm->per_clear |= PER_CLEAR_ON_SETID;
1057 bprm->e_uid = inode->i_uid; 1097 bprm->cred->euid = inode->i_uid;
1058 } 1098 }
1059 1099
1060 /* Set-gid? */ 1100 /* Set-gid? */
@@ -1064,52 +1104,23 @@ int prepare_binprm(struct linux_binprm *bprm)
1064 * executable. 1104 * executable.
1065 */ 1105 */
1066 if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) { 1106 if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
1067 current->personality &= ~PER_CLEAR_ON_SETID; 1107 bprm->per_clear |= PER_CLEAR_ON_SETID;
1068 bprm->e_gid = inode->i_gid; 1108 bprm->cred->egid = inode->i_gid;
1069 } 1109 }
1070 } 1110 }
1071 1111
1072 /* fill in binprm security blob */ 1112 /* fill in binprm security blob */
1073 retval = security_bprm_set(bprm); 1113 retval = security_bprm_set_creds(bprm);
1074 if (retval) 1114 if (retval)
1075 return retval; 1115 return retval;
1116 bprm->cred_prepared = 1;
1076 1117
1077 memset(bprm->buf,0,BINPRM_BUF_SIZE); 1118 memset(bprm->buf, 0, BINPRM_BUF_SIZE);
1078 return kernel_read(bprm->file,0,bprm->buf,BINPRM_BUF_SIZE); 1119 return kernel_read(bprm->file, 0, bprm->buf, BINPRM_BUF_SIZE);
1079} 1120}
1080 1121
1081EXPORT_SYMBOL(prepare_binprm); 1122EXPORT_SYMBOL(prepare_binprm);
1082 1123
1083static int unsafe_exec(struct task_struct *p)
1084{
1085 int unsafe = tracehook_unsafe_exec(p);
1086
1087 if (atomic_read(&p->fs->count) > 1 ||
1088 atomic_read(&p->files->count) > 1 ||
1089 atomic_read(&p->sighand->count) > 1)
1090 unsafe |= LSM_UNSAFE_SHARE;
1091
1092 return unsafe;
1093}
1094
1095void compute_creds(struct linux_binprm *bprm)
1096{
1097 int unsafe;
1098
1099 if (bprm->e_uid != current->uid) {
1100 suid_keys(current);
1101 current->pdeath_signal = 0;
1102 }
1103 exec_keys(current);
1104
1105 task_lock(current);
1106 unsafe = unsafe_exec(current);
1107 security_bprm_apply_creds(bprm, unsafe);
1108 task_unlock(current);
1109 security_bprm_post_apply_creds(bprm);
1110}
1111EXPORT_SYMBOL(compute_creds);
1112
1113/* 1124/*
1114 * Arguments are '\0' separated strings found at the location bprm->p 1125 * Arguments are '\0' separated strings found at the location bprm->p
1115 * points to; chop off the first by relocating brpm->p to right after 1126 * points to; chop off the first by relocating brpm->p to right after
@@ -1262,6 +1273,8 @@ EXPORT_SYMBOL(search_binary_handler);
1262void free_bprm(struct linux_binprm *bprm) 1273void free_bprm(struct linux_binprm *bprm)
1263{ 1274{
1264 free_arg_pages(bprm); 1275 free_arg_pages(bprm);
1276 if (bprm->cred)
1277 abort_creds(bprm->cred);
1265 kfree(bprm); 1278 kfree(bprm);
1266} 1279}
1267 1280
@@ -1287,10 +1300,20 @@ int do_execve(char * filename,
1287 if (!bprm) 1300 if (!bprm)
1288 goto out_files; 1301 goto out_files;
1289 1302
1303 retval = mutex_lock_interruptible(&current->cred_exec_mutex);
1304 if (retval < 0)
1305 goto out_free;
1306
1307 retval = -ENOMEM;
1308 bprm->cred = prepare_exec_creds();
1309 if (!bprm->cred)
1310 goto out_unlock;
1311 check_unsafe_exec(bprm);
1312
1290 file = open_exec(filename); 1313 file = open_exec(filename);
1291 retval = PTR_ERR(file); 1314 retval = PTR_ERR(file);
1292 if (IS_ERR(file)) 1315 if (IS_ERR(file))
1293 goto out_kfree; 1316 goto out_unlock;
1294 1317
1295 sched_exec(); 1318 sched_exec();
1296 1319
@@ -1304,14 +1327,10 @@ int do_execve(char * filename,
1304 1327
1305 bprm->argc = count(argv, MAX_ARG_STRINGS); 1328 bprm->argc = count(argv, MAX_ARG_STRINGS);
1306 if ((retval = bprm->argc) < 0) 1329 if ((retval = bprm->argc) < 0)
1307 goto out_mm; 1330 goto out;
1308 1331
1309 bprm->envc = count(envp, MAX_ARG_STRINGS); 1332 bprm->envc = count(envp, MAX_ARG_STRINGS);
1310 if ((retval = bprm->envc) < 0) 1333 if ((retval = bprm->envc) < 0)
1311 goto out_mm;
1312
1313 retval = security_bprm_alloc(bprm);
1314 if (retval)
1315 goto out; 1334 goto out;
1316 1335
1317 retval = prepare_binprm(bprm); 1336 retval = prepare_binprm(bprm);
@@ -1333,21 +1352,18 @@ int do_execve(char * filename,
1333 1352
1334 current->flags &= ~PF_KTHREAD; 1353 current->flags &= ~PF_KTHREAD;
1335 retval = search_binary_handler(bprm,regs); 1354 retval = search_binary_handler(bprm,regs);
1336 if (retval >= 0) { 1355 if (retval < 0)
1337 /* execve success */ 1356 goto out;
1338 security_bprm_free(bprm);
1339 acct_update_integrals(current);
1340 free_bprm(bprm);
1341 if (displaced)
1342 put_files_struct(displaced);
1343 return retval;
1344 }
1345 1357
1346out: 1358 /* execve succeeded */
1347 if (bprm->security) 1359 mutex_unlock(&current->cred_exec_mutex);
1348 security_bprm_free(bprm); 1360 acct_update_integrals(current);
1361 free_bprm(bprm);
1362 if (displaced)
1363 put_files_struct(displaced);
1364 return retval;
1349 1365
1350out_mm: 1366out:
1351 if (bprm->mm) 1367 if (bprm->mm)
1352 mmput (bprm->mm); 1368 mmput (bprm->mm);
1353 1369
@@ -1356,7 +1372,11 @@ out_file:
1356 allow_write_access(bprm->file); 1372 allow_write_access(bprm->file);
1357 fput(bprm->file); 1373 fput(bprm->file);
1358 } 1374 }
1359out_kfree: 1375
1376out_unlock:
1377 mutex_unlock(&current->cred_exec_mutex);
1378
1379out_free:
1360 free_bprm(bprm); 1380 free_bprm(bprm);
1361 1381
1362out_files: 1382out_files:
@@ -1388,6 +1408,7 @@ EXPORT_SYMBOL(set_binfmt);
1388 */ 1408 */
1389static int format_corename(char *corename, long signr) 1409static int format_corename(char *corename, long signr)
1390{ 1410{
1411 const struct cred *cred = current_cred();
1391 const char *pat_ptr = core_pattern; 1412 const char *pat_ptr = core_pattern;
1392 int ispipe = (*pat_ptr == '|'); 1413 int ispipe = (*pat_ptr == '|');
1393 char *out_ptr = corename; 1414 char *out_ptr = corename;
@@ -1424,7 +1445,7 @@ static int format_corename(char *corename, long signr)
1424 /* uid */ 1445 /* uid */
1425 case 'u': 1446 case 'u':
1426 rc = snprintf(out_ptr, out_end - out_ptr, 1447 rc = snprintf(out_ptr, out_end - out_ptr,
1427 "%d", current->uid); 1448 "%d", cred->uid);
1428 if (rc > out_end - out_ptr) 1449 if (rc > out_end - out_ptr)
1429 goto out; 1450 goto out;
1430 out_ptr += rc; 1451 out_ptr += rc;
@@ -1432,7 +1453,7 @@ static int format_corename(char *corename, long signr)
1432 /* gid */ 1453 /* gid */
1433 case 'g': 1454 case 'g':
1434 rc = snprintf(out_ptr, out_end - out_ptr, 1455 rc = snprintf(out_ptr, out_end - out_ptr,
1435 "%d", current->gid); 1456 "%d", cred->gid);
1436 if (rc > out_end - out_ptr) 1457 if (rc > out_end - out_ptr)
1437 goto out; 1458 goto out;
1438 out_ptr += rc; 1459 out_ptr += rc;
@@ -1708,8 +1729,9 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs)
1708 struct linux_binfmt * binfmt; 1729 struct linux_binfmt * binfmt;
1709 struct inode * inode; 1730 struct inode * inode;
1710 struct file * file; 1731 struct file * file;
1732 const struct cred *old_cred;
1733 struct cred *cred;
1711 int retval = 0; 1734 int retval = 0;
1712 int fsuid = current->fsuid;
1713 int flag = 0; 1735 int flag = 0;
1714 int ispipe = 0; 1736 int ispipe = 0;
1715 unsigned long core_limit = current->signal->rlim[RLIMIT_CORE].rlim_cur; 1737 unsigned long core_limit = current->signal->rlim[RLIMIT_CORE].rlim_cur;
@@ -1722,12 +1744,20 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs)
1722 binfmt = current->binfmt; 1744 binfmt = current->binfmt;
1723 if (!binfmt || !binfmt->core_dump) 1745 if (!binfmt || !binfmt->core_dump)
1724 goto fail; 1746 goto fail;
1747
1748 cred = prepare_creds();
1749 if (!cred) {
1750 retval = -ENOMEM;
1751 goto fail;
1752 }
1753
1725 down_write(&mm->mmap_sem); 1754 down_write(&mm->mmap_sem);
1726 /* 1755 /*
1727 * If another thread got here first, or we are not dumpable, bail out. 1756 * If another thread got here first, or we are not dumpable, bail out.
1728 */ 1757 */
1729 if (mm->core_state || !get_dumpable(mm)) { 1758 if (mm->core_state || !get_dumpable(mm)) {
1730 up_write(&mm->mmap_sem); 1759 up_write(&mm->mmap_sem);
1760 put_cred(cred);
1731 goto fail; 1761 goto fail;
1732 } 1762 }
1733 1763
@@ -1738,12 +1768,16 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs)
1738 */ 1768 */
1739 if (get_dumpable(mm) == 2) { /* Setuid core dump mode */ 1769 if (get_dumpable(mm) == 2) { /* Setuid core dump mode */
1740 flag = O_EXCL; /* Stop rewrite attacks */ 1770 flag = O_EXCL; /* Stop rewrite attacks */
1741 current->fsuid = 0; /* Dump root private */ 1771 cred->fsuid = 0; /* Dump root private */
1742 } 1772 }
1743 1773
1744 retval = coredump_wait(exit_code, &core_state); 1774 retval = coredump_wait(exit_code, &core_state);
1745 if (retval < 0) 1775 if (retval < 0) {
1776 put_cred(cred);
1746 goto fail; 1777 goto fail;
1778 }
1779
1780 old_cred = override_creds(cred);
1747 1781
1748 /* 1782 /*
1749 * Clear any false indication of pending signals that might 1783 * Clear any false indication of pending signals that might
@@ -1815,7 +1849,7 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs)
1815 * Dont allow local users get cute and trick others to coredump 1849 * Dont allow local users get cute and trick others to coredump
1816 * into their pre-created files: 1850 * into their pre-created files:
1817 */ 1851 */
1818 if (inode->i_uid != current->fsuid) 1852 if (inode->i_uid != current_fsuid())
1819 goto close_fail; 1853 goto close_fail;
1820 if (!file->f_op) 1854 if (!file->f_op)
1821 goto close_fail; 1855 goto close_fail;
@@ -1834,7 +1868,8 @@ fail_unlock:
1834 if (helper_argv) 1868 if (helper_argv)
1835 argv_free(helper_argv); 1869 argv_free(helper_argv);
1836 1870
1837 current->fsuid = fsuid; 1871 revert_creds(old_cred);
1872 put_cred(cred);
1838 coredump_finish(mm); 1873 coredump_finish(mm);
1839fail: 1874fail:
1840 return retval; 1875 return retval;
diff --git a/fs/exportfs/expfs.c b/fs/exportfs/expfs.c
index 80246bad1b7f..ec1fb918200f 100644
--- a/fs/exportfs/expfs.c
+++ b/fs/exportfs/expfs.c
@@ -14,6 +14,7 @@
14#include <linux/module.h> 14#include <linux/module.h>
15#include <linux/mount.h> 15#include <linux/mount.h>
16#include <linux/namei.h> 16#include <linux/namei.h>
17#include <linux/sched.h>
17 18
18#define dprintk(fmt, args...) do{}while(0) 19#define dprintk(fmt, args...) do{}while(0)
19 20
@@ -249,6 +250,7 @@ static int filldir_one(void * __buf, const char * name, int len,
249static int get_name(struct vfsmount *mnt, struct dentry *dentry, 250static int get_name(struct vfsmount *mnt, struct dentry *dentry,
250 char *name, struct dentry *child) 251 char *name, struct dentry *child)
251{ 252{
253 const struct cred *cred = current_cred();
252 struct inode *dir = dentry->d_inode; 254 struct inode *dir = dentry->d_inode;
253 int error; 255 int error;
254 struct file *file; 256 struct file *file;
@@ -263,7 +265,7 @@ static int get_name(struct vfsmount *mnt, struct dentry *dentry,
263 /* 265 /*
264 * Open the directory ... 266 * Open the directory ...
265 */ 267 */
266 file = dentry_open(dget(dentry), mntget(mnt), O_RDONLY); 268 file = dentry_open(dget(dentry), mntget(mnt), O_RDONLY, cred);
267 error = PTR_ERR(file); 269 error = PTR_ERR(file);
268 if (IS_ERR(file)) 270 if (IS_ERR(file))
269 goto out; 271 goto out;
diff --git a/fs/ext2/balloc.c b/fs/ext2/balloc.c
index 6dac7ba2d22d..4a29d6376081 100644
--- a/fs/ext2/balloc.c
+++ b/fs/ext2/balloc.c
@@ -1193,7 +1193,7 @@ static int ext2_has_free_blocks(struct ext2_sb_info *sbi)
1193 free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter); 1193 free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter);
1194 root_blocks = le32_to_cpu(sbi->s_es->s_r_blocks_count); 1194 root_blocks = le32_to_cpu(sbi->s_es->s_r_blocks_count);
1195 if (free_blocks < root_blocks + 1 && !capable(CAP_SYS_RESOURCE) && 1195 if (free_blocks < root_blocks + 1 && !capable(CAP_SYS_RESOURCE) &&
1196 sbi->s_resuid != current->fsuid && 1196 sbi->s_resuid != current_fsuid() &&
1197 (sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid))) { 1197 (sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid))) {
1198 return 0; 1198 return 0;
1199 } 1199 }
diff --git a/fs/ext2/ialloc.c b/fs/ext2/ialloc.c
index f59741346760..8d0add625870 100644
--- a/fs/ext2/ialloc.c
+++ b/fs/ext2/ialloc.c
@@ -550,7 +550,7 @@ got:
550 550
551 sb->s_dirt = 1; 551 sb->s_dirt = 1;
552 mark_buffer_dirty(bh2); 552 mark_buffer_dirty(bh2);
553 inode->i_uid = current->fsuid; 553 inode->i_uid = current_fsuid();
554 if (test_opt (sb, GRPID)) 554 if (test_opt (sb, GRPID))
555 inode->i_gid = dir->i_gid; 555 inode->i_gid = dir->i_gid;
556 else if (dir->i_mode & S_ISGID) { 556 else if (dir->i_mode & S_ISGID) {
@@ -558,7 +558,7 @@ got:
558 if (S_ISDIR(mode)) 558 if (S_ISDIR(mode))
559 mode |= S_ISGID; 559 mode |= S_ISGID;
560 } else 560 } else
561 inode->i_gid = current->fsgid; 561 inode->i_gid = current_fsgid();
562 inode->i_mode = mode; 562 inode->i_mode = mode;
563 563
564 inode->i_ino = ino; 564 inode->i_ino = ino;
diff --git a/fs/ext3/balloc.c b/fs/ext3/balloc.c
index f5b57a2ca35a..0dbf1c048475 100644
--- a/fs/ext3/balloc.c
+++ b/fs/ext3/balloc.c
@@ -1422,7 +1422,7 @@ static int ext3_has_free_blocks(struct ext3_sb_info *sbi)
1422 free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter); 1422 free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter);
1423 root_blocks = le32_to_cpu(sbi->s_es->s_r_blocks_count); 1423 root_blocks = le32_to_cpu(sbi->s_es->s_r_blocks_count);
1424 if (free_blocks < root_blocks + 1 && !capable(CAP_SYS_RESOURCE) && 1424 if (free_blocks < root_blocks + 1 && !capable(CAP_SYS_RESOURCE) &&
1425 sbi->s_resuid != current->fsuid && 1425 sbi->s_resuid != current_fsuid() &&
1426 (sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid))) { 1426 (sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid))) {
1427 return 0; 1427 return 0;
1428 } 1428 }
diff --git a/fs/ext3/ialloc.c b/fs/ext3/ialloc.c
index 47b678d73e7a..490bd0ed7896 100644
--- a/fs/ext3/ialloc.c
+++ b/fs/ext3/ialloc.c
@@ -539,7 +539,7 @@ got:
539 percpu_counter_inc(&sbi->s_dirs_counter); 539 percpu_counter_inc(&sbi->s_dirs_counter);
540 sb->s_dirt = 1; 540 sb->s_dirt = 1;
541 541
542 inode->i_uid = current->fsuid; 542 inode->i_uid = current_fsuid();
543 if (test_opt (sb, GRPID)) 543 if (test_opt (sb, GRPID))
544 inode->i_gid = dir->i_gid; 544 inode->i_gid = dir->i_gid;
545 else if (dir->i_mode & S_ISGID) { 545 else if (dir->i_mode & S_ISGID) {
@@ -547,7 +547,7 @@ got:
547 if (S_ISDIR(mode)) 547 if (S_ISDIR(mode))
548 mode |= S_ISGID; 548 mode |= S_ISGID;
549 } else 549 } else
550 inode->i_gid = current->fsgid; 550 inode->i_gid = current_fsgid();
551 inode->i_mode = mode; 551 inode->i_mode = mode;
552 552
553 inode->i_ino = ino; 553 inode->i_ino = ino;
diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c
index d2003cdc36aa..a932b9a29240 100644
--- a/fs/ext4/balloc.c
+++ b/fs/ext4/balloc.c
@@ -624,7 +624,7 @@ int ext4_has_free_blocks(struct ext4_sb_info *sbi, s64 nblocks)
624 return 1; 624 return 1;
625 625
626 /* Hm, nope. Are (enough) root reserved blocks available? */ 626 /* Hm, nope. Are (enough) root reserved blocks available? */
627 if (sbi->s_resuid == current->fsuid || 627 if (sbi->s_resuid == current_fsuid() ||
628 ((sbi->s_resgid != 0) && in_group_p(sbi->s_resgid)) || 628 ((sbi->s_resgid != 0) && in_group_p(sbi->s_resgid)) ||
629 capable(CAP_SYS_RESOURCE)) { 629 capable(CAP_SYS_RESOURCE)) {
630 if (free_blocks >= (nblocks + dirty_blocks)) 630 if (free_blocks >= (nblocks + dirty_blocks))
diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c
index 2a117e286e54..08cac9fcace2 100644
--- a/fs/ext4/ialloc.c
+++ b/fs/ext4/ialloc.c
@@ -787,7 +787,7 @@ got:
787 spin_unlock(sb_bgl_lock(sbi, flex_group)); 787 spin_unlock(sb_bgl_lock(sbi, flex_group));
788 } 788 }
789 789
790 inode->i_uid = current->fsuid; 790 inode->i_uid = current_fsuid();
791 if (test_opt(sb, GRPID)) 791 if (test_opt(sb, GRPID))
792 inode->i_gid = dir->i_gid; 792 inode->i_gid = dir->i_gid;
793 else if (dir->i_mode & S_ISGID) { 793 else if (dir->i_mode & S_ISGID) {
@@ -795,7 +795,7 @@ got:
795 if (S_ISDIR(mode)) 795 if (S_ISDIR(mode))
796 mode |= S_ISGID; 796 mode |= S_ISGID;
797 } else 797 } else
798 inode->i_gid = current->fsgid; 798 inode->i_gid = current_fsgid();
799 inode->i_mode = mode; 799 inode->i_mode = mode;
800 800
801 inode->i_ino = ino + group * EXT4_INODES_PER_GROUP(sb); 801 inode->i_ino = ino + group * EXT4_INODES_PER_GROUP(sb);
diff --git a/fs/fat/file.c b/fs/fat/file.c
index f06a4e525ece..0a7f4a9918b3 100644
--- a/fs/fat/file.c
+++ b/fs/fat/file.c
@@ -304,7 +304,7 @@ static int fat_allow_set_time(struct msdos_sb_info *sbi, struct inode *inode)
304{ 304{
305 mode_t allow_utime = sbi->options.allow_utime; 305 mode_t allow_utime = sbi->options.allow_utime;
306 306
307 if (current->fsuid != inode->i_uid) { 307 if (current_fsuid() != inode->i_uid) {
308 if (in_group_p(inode->i_gid)) 308 if (in_group_p(inode->i_gid))
309 allow_utime >>= 3; 309 allow_utime >>= 3;
310 if (allow_utime & MAY_WRITE) 310 if (allow_utime & MAY_WRITE)
diff --git a/fs/fat/inode.c b/fs/fat/inode.c
index bdd8fb7be2ca..d937aaf77374 100644
--- a/fs/fat/inode.c
+++ b/fs/fat/inode.c
@@ -926,8 +926,8 @@ static int parse_options(char *options, int is_vfat, int silent, int *debug,
926 926
927 opts->isvfat = is_vfat; 927 opts->isvfat = is_vfat;
928 928
929 opts->fs_uid = current->uid; 929 opts->fs_uid = current_uid();
930 opts->fs_gid = current->gid; 930 opts->fs_gid = current_gid();
931 opts->fs_fmask = opts->fs_dmask = current->fs->umask; 931 opts->fs_fmask = opts->fs_dmask = current->fs->umask;
932 opts->allow_utime = -1; 932 opts->allow_utime = -1;
933 opts->codepage = fat_default_codepage; 933 opts->codepage = fat_default_codepage;
diff --git a/fs/fcntl.c b/fs/fcntl.c
index ac4f7db9f134..87c39f1f0817 100644
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
@@ -205,13 +205,14 @@ static void f_modown(struct file *filp, struct pid *pid, enum pid_type type,
205int __f_setown(struct file *filp, struct pid *pid, enum pid_type type, 205int __f_setown(struct file *filp, struct pid *pid, enum pid_type type,
206 int force) 206 int force)
207{ 207{
208 const struct cred *cred = current_cred();
208 int err; 209 int err;
209 210
210 err = security_file_set_fowner(filp); 211 err = security_file_set_fowner(filp);
211 if (err) 212 if (err)
212 return err; 213 return err;
213 214
214 f_modown(filp, pid, type, current->uid, current->euid, force); 215 f_modown(filp, pid, type, cred->uid, cred->euid, force);
215 return 0; 216 return 0;
216} 217}
217EXPORT_SYMBOL(__f_setown); 218EXPORT_SYMBOL(__f_setown);
@@ -400,10 +401,17 @@ static const long band_table[NSIGPOLL] = {
400static inline int sigio_perm(struct task_struct *p, 401static inline int sigio_perm(struct task_struct *p,
401 struct fown_struct *fown, int sig) 402 struct fown_struct *fown, int sig)
402{ 403{
403 return (((fown->euid == 0) || 404 const struct cred *cred;
404 (fown->euid == p->suid) || (fown->euid == p->uid) || 405 int ret;
405 (fown->uid == p->suid) || (fown->uid == p->uid)) && 406
406 !security_file_send_sigiotask(p, fown, sig)); 407 rcu_read_lock();
408 cred = __task_cred(p);
409 ret = ((fown->euid == 0 ||
410 fown->euid == cred->suid || fown->euid == cred->uid ||
411 fown->uid == cred->suid || fown->uid == cred->uid) &&
412 !security_file_send_sigiotask(p, fown, sig));
413 rcu_read_unlock();
414 return ret;
407} 415}
408 416
409static void send_sigio_to_task(struct task_struct *p, 417static void send_sigio_to_task(struct task_struct *p,
diff --git a/fs/file_table.c b/fs/file_table.c
index 5ad0eca6eea2..0fbcacc3ea75 100644
--- a/fs/file_table.c
+++ b/fs/file_table.c
@@ -36,7 +36,9 @@ static struct percpu_counter nr_files __cacheline_aligned_in_smp;
36 36
37static inline void file_free_rcu(struct rcu_head *head) 37static inline void file_free_rcu(struct rcu_head *head)
38{ 38{
39 struct file *f = container_of(head, struct file, f_u.fu_rcuhead); 39 struct file *f = container_of(head, struct file, f_u.fu_rcuhead);
40
41 put_cred(f->f_cred);
40 kmem_cache_free(filp_cachep, f); 42 kmem_cache_free(filp_cachep, f);
41} 43}
42 44
@@ -94,7 +96,7 @@ int proc_nr_files(ctl_table *table, int write, struct file *filp,
94 */ 96 */
95struct file *get_empty_filp(void) 97struct file *get_empty_filp(void)
96{ 98{
97 struct task_struct *tsk; 99 const struct cred *cred = current_cred();
98 static int old_max; 100 static int old_max;
99 struct file * f; 101 struct file * f;
100 102
@@ -118,12 +120,10 @@ struct file *get_empty_filp(void)
118 if (security_file_alloc(f)) 120 if (security_file_alloc(f))
119 goto fail_sec; 121 goto fail_sec;
120 122
121 tsk = current;
122 INIT_LIST_HEAD(&f->f_u.fu_list); 123 INIT_LIST_HEAD(&f->f_u.fu_list);
123 atomic_long_set(&f->f_count, 1); 124 atomic_long_set(&f->f_count, 1);
124 rwlock_init(&f->f_owner.lock); 125 rwlock_init(&f->f_owner.lock);
125 f->f_uid = tsk->fsuid; 126 f->f_cred = get_cred(cred);
126 f->f_gid = tsk->fsgid;
127 eventpoll_init_file(f); 127 eventpoll_init_file(f);
128 /* f->f_version: 0 */ 128 /* f->f_version: 0 */
129 return f; 129 return f;
diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
index b72361479be2..fba571648a8e 100644
--- a/fs/fuse/dev.c
+++ b/fs/fuse/dev.c
@@ -87,8 +87,8 @@ static void __fuse_put_request(struct fuse_req *req)
87 87
88static void fuse_req_init_context(struct fuse_req *req) 88static void fuse_req_init_context(struct fuse_req *req)
89{ 89{
90 req->in.h.uid = current->fsuid; 90 req->in.h.uid = current_fsuid();
91 req->in.h.gid = current->fsgid; 91 req->in.h.gid = current_fsgid();
92 req->in.h.pid = current->pid; 92 req->in.h.pid = current->pid;
93} 93}
94 94
diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
index fd03330cadeb..95bc22bdd060 100644
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -869,18 +869,25 @@ int fuse_update_attributes(struct inode *inode, struct kstat *stat,
869 */ 869 */
870int fuse_allow_task(struct fuse_conn *fc, struct task_struct *task) 870int fuse_allow_task(struct fuse_conn *fc, struct task_struct *task)
871{ 871{
872 const struct cred *cred;
873 int ret;
874
872 if (fc->flags & FUSE_ALLOW_OTHER) 875 if (fc->flags & FUSE_ALLOW_OTHER)
873 return 1; 876 return 1;
874 877
875 if (task->euid == fc->user_id && 878 rcu_read_lock();
876 task->suid == fc->user_id && 879 ret = 0;
877 task->uid == fc->user_id && 880 cred = __task_cred(task);
878 task->egid == fc->group_id && 881 if (cred->euid == fc->user_id &&
879 task->sgid == fc->group_id && 882 cred->suid == fc->user_id &&
880 task->gid == fc->group_id) 883 cred->uid == fc->user_id &&
881 return 1; 884 cred->egid == fc->group_id &&
885 cred->sgid == fc->group_id &&
886 cred->gid == fc->group_id)
887 ret = 1;
888 rcu_read_unlock();
882 889
883 return 0; 890 return ret;
884} 891}
885 892
886static int fuse_access(struct inode *inode, int mask) 893static int fuse_access(struct inode *inode, int mask)
diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c
index 7cee695fa441..d57616840e89 100644
--- a/fs/gfs2/inode.c
+++ b/fs/gfs2/inode.c
@@ -705,18 +705,18 @@ static void munge_mode_uid_gid(struct gfs2_inode *dip, unsigned int *mode,
705 (dip->i_inode.i_mode & S_ISUID) && dip->i_inode.i_uid) { 705 (dip->i_inode.i_mode & S_ISUID) && dip->i_inode.i_uid) {
706 if (S_ISDIR(*mode)) 706 if (S_ISDIR(*mode))
707 *mode |= S_ISUID; 707 *mode |= S_ISUID;
708 else if (dip->i_inode.i_uid != current->fsuid) 708 else if (dip->i_inode.i_uid != current_fsuid())
709 *mode &= ~07111; 709 *mode &= ~07111;
710 *uid = dip->i_inode.i_uid; 710 *uid = dip->i_inode.i_uid;
711 } else 711 } else
712 *uid = current->fsuid; 712 *uid = current_fsuid();
713 713
714 if (dip->i_inode.i_mode & S_ISGID) { 714 if (dip->i_inode.i_mode & S_ISGID) {
715 if (S_ISDIR(*mode)) 715 if (S_ISDIR(*mode))
716 *mode |= S_ISGID; 716 *mode |= S_ISGID;
717 *gid = dip->i_inode.i_gid; 717 *gid = dip->i_inode.i_gid;
718 } else 718 } else
719 *gid = current->fsgid; 719 *gid = current_fsgid();
720} 720}
721 721
722static int alloc_dinode(struct gfs2_inode *dip, u64 *no_addr, u64 *generation) 722static int alloc_dinode(struct gfs2_inode *dip, u64 *no_addr, u64 *generation)
@@ -1124,8 +1124,8 @@ int gfs2_unlink_ok(struct gfs2_inode *dip, const struct qstr *name,
1124 return -EPERM; 1124 return -EPERM;
1125 1125
1126 if ((dip->i_inode.i_mode & S_ISVTX) && 1126 if ((dip->i_inode.i_mode & S_ISVTX) &&
1127 dip->i_inode.i_uid != current->fsuid && 1127 dip->i_inode.i_uid != current_fsuid() &&
1128 ip->i_inode.i_uid != current->fsuid && !capable(CAP_FOWNER)) 1128 ip->i_inode.i_uid != current_fsuid() && !capable(CAP_FOWNER))
1129 return -EPERM; 1129 return -EPERM;
1130 1130
1131 if (IS_APPEND(&dip->i_inode)) 1131 if (IS_APPEND(&dip->i_inode))
diff --git a/fs/hfs/inode.c b/fs/hfs/inode.c
index c69b7ac75bf7..9435dda8f1e0 100644
--- a/fs/hfs/inode.c
+++ b/fs/hfs/inode.c
@@ -155,8 +155,8 @@ struct inode *hfs_new_inode(struct inode *dir, struct qstr *name, int mode)
155 hfs_cat_build_key(sb, (btree_key *)&HFS_I(inode)->cat_key, dir->i_ino, name); 155 hfs_cat_build_key(sb, (btree_key *)&HFS_I(inode)->cat_key, dir->i_ino, name);
156 inode->i_ino = HFS_SB(sb)->next_id++; 156 inode->i_ino = HFS_SB(sb)->next_id++;
157 inode->i_mode = mode; 157 inode->i_mode = mode;
158 inode->i_uid = current->fsuid; 158 inode->i_uid = current_fsuid();
159 inode->i_gid = current->fsgid; 159 inode->i_gid = current_fsgid();
160 inode->i_nlink = 1; 160 inode->i_nlink = 1;
161 inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC; 161 inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC;
162 HFS_I(inode)->flags = 0; 162 HFS_I(inode)->flags = 0;
diff --git a/fs/hfs/super.c b/fs/hfs/super.c
index 3c7c7637719c..c8b5acf4b0b7 100644
--- a/fs/hfs/super.c
+++ b/fs/hfs/super.c
@@ -210,8 +210,8 @@ static int parse_options(char *options, struct hfs_sb_info *hsb)
210 int tmp, token; 210 int tmp, token;
211 211
212 /* initialize the sb with defaults */ 212 /* initialize the sb with defaults */
213 hsb->s_uid = current->uid; 213 hsb->s_uid = current_uid();
214 hsb->s_gid = current->gid; 214 hsb->s_gid = current_gid();
215 hsb->s_file_umask = 0133; 215 hsb->s_file_umask = 0133;
216 hsb->s_dir_umask = 0022; 216 hsb->s_dir_umask = 0022;
217 hsb->s_type = hsb->s_creator = cpu_to_be32(0x3f3f3f3f); /* == '????' */ 217 hsb->s_type = hsb->s_creator = cpu_to_be32(0x3f3f3f3f); /* == '????' */
diff --git a/fs/hfsplus/inode.c b/fs/hfsplus/inode.c
index b207f0e6fc22..f105ee9e1cc4 100644
--- a/fs/hfsplus/inode.c
+++ b/fs/hfsplus/inode.c
@@ -296,8 +296,8 @@ struct inode *hfsplus_new_inode(struct super_block *sb, int mode)
296 296
297 inode->i_ino = HFSPLUS_SB(sb).next_cnid++; 297 inode->i_ino = HFSPLUS_SB(sb).next_cnid++;
298 inode->i_mode = mode; 298 inode->i_mode = mode;
299 inode->i_uid = current->fsuid; 299 inode->i_uid = current_fsuid();
300 inode->i_gid = current->fsgid; 300 inode->i_gid = current_fsgid();
301 inode->i_nlink = 1; 301 inode->i_nlink = 1;
302 inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC; 302 inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC;
303 INIT_LIST_HEAD(&HFSPLUS_I(inode).open_dir_list); 303 INIT_LIST_HEAD(&HFSPLUS_I(inode).open_dir_list);
diff --git a/fs/hfsplus/options.c b/fs/hfsplus/options.c
index 9699c56d323f..bab7f8d1bdfa 100644
--- a/fs/hfsplus/options.c
+++ b/fs/hfsplus/options.c
@@ -49,8 +49,8 @@ void hfsplus_fill_defaults(struct hfsplus_sb_info *opts)
49 opts->creator = HFSPLUS_DEF_CR_TYPE; 49 opts->creator = HFSPLUS_DEF_CR_TYPE;
50 opts->type = HFSPLUS_DEF_CR_TYPE; 50 opts->type = HFSPLUS_DEF_CR_TYPE;
51 opts->umask = current->fs->umask; 51 opts->umask = current->fs->umask;
52 opts->uid = current->uid; 52 opts->uid = current_uid();
53 opts->gid = current->gid; 53 opts->gid = current_gid();
54 opts->part = -1; 54 opts->part = -1;
55 opts->session = -1; 55 opts->session = -1;
56} 56}
diff --git a/fs/hpfs/namei.c b/fs/hpfs/namei.c
index 10783f3d265a..b649232dde97 100644
--- a/fs/hpfs/namei.c
+++ b/fs/hpfs/namei.c
@@ -92,11 +92,11 @@ static int hpfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
92 inc_nlink(dir); 92 inc_nlink(dir);
93 insert_inode_hash(result); 93 insert_inode_hash(result);
94 94
95 if (result->i_uid != current->fsuid || 95 if (result->i_uid != current_fsuid() ||
96 result->i_gid != current->fsgid || 96 result->i_gid != current_fsgid() ||
97 result->i_mode != (mode | S_IFDIR)) { 97 result->i_mode != (mode | S_IFDIR)) {
98 result->i_uid = current->fsuid; 98 result->i_uid = current_fsuid();
99 result->i_gid = current->fsgid; 99 result->i_gid = current_fsgid();
100 result->i_mode = mode | S_IFDIR; 100 result->i_mode = mode | S_IFDIR;
101 hpfs_write_inode_nolock(result); 101 hpfs_write_inode_nolock(result);
102 } 102 }
@@ -184,11 +184,11 @@ static int hpfs_create(struct inode *dir, struct dentry *dentry, int mode, struc
184 184
185 insert_inode_hash(result); 185 insert_inode_hash(result);
186 186
187 if (result->i_uid != current->fsuid || 187 if (result->i_uid != current_fsuid() ||
188 result->i_gid != current->fsgid || 188 result->i_gid != current_fsgid() ||
189 result->i_mode != (mode | S_IFREG)) { 189 result->i_mode != (mode | S_IFREG)) {
190 result->i_uid = current->fsuid; 190 result->i_uid = current_fsuid();
191 result->i_gid = current->fsgid; 191 result->i_gid = current_fsgid();
192 result->i_mode = mode | S_IFREG; 192 result->i_mode = mode | S_IFREG;
193 hpfs_write_inode_nolock(result); 193 hpfs_write_inode_nolock(result);
194 } 194 }
@@ -247,8 +247,8 @@ static int hpfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t
247 result->i_mtime.tv_nsec = 0; 247 result->i_mtime.tv_nsec = 0;
248 result->i_atime.tv_nsec = 0; 248 result->i_atime.tv_nsec = 0;
249 hpfs_i(result)->i_ea_size = 0; 249 hpfs_i(result)->i_ea_size = 0;
250 result->i_uid = current->fsuid; 250 result->i_uid = current_fsuid();
251 result->i_gid = current->fsgid; 251 result->i_gid = current_fsgid();
252 result->i_nlink = 1; 252 result->i_nlink = 1;
253 result->i_size = 0; 253 result->i_size = 0;
254 result->i_blocks = 1; 254 result->i_blocks = 1;
@@ -325,8 +325,8 @@ static int hpfs_symlink(struct inode *dir, struct dentry *dentry, const char *sy
325 result->i_atime.tv_nsec = 0; 325 result->i_atime.tv_nsec = 0;
326 hpfs_i(result)->i_ea_size = 0; 326 hpfs_i(result)->i_ea_size = 0;
327 result->i_mode = S_IFLNK | 0777; 327 result->i_mode = S_IFLNK | 0777;
328 result->i_uid = current->fsuid; 328 result->i_uid = current_fsuid();
329 result->i_gid = current->fsgid; 329 result->i_gid = current_fsgid();
330 result->i_blocks = 1; 330 result->i_blocks = 1;
331 result->i_nlink = 1; 331 result->i_nlink = 1;
332 result->i_size = strlen(symlink); 332 result->i_size = strlen(symlink);
diff --git a/fs/hpfs/super.c b/fs/hpfs/super.c
index 29ad461d568f..0d049b8919c4 100644
--- a/fs/hpfs/super.c
+++ b/fs/hpfs/super.c
@@ -475,8 +475,8 @@ static int hpfs_fill_super(struct super_block *s, void *options, int silent)
475 475
476 init_MUTEX(&sbi->hpfs_creation_de); 476 init_MUTEX(&sbi->hpfs_creation_de);
477 477
478 uid = current->uid; 478 uid = current_uid();
479 gid = current->gid; 479 gid = current_gid();
480 umask = current->fs->umask; 480 umask = current->fs->umask;
481 lowercase = 0; 481 lowercase = 0;
482 conv = CONV_BINARY; 482 conv = CONV_BINARY;
diff --git a/fs/hppfs/hppfs.c b/fs/hppfs/hppfs.c
index 2b3d1828db99..b278f7f52024 100644
--- a/fs/hppfs/hppfs.c
+++ b/fs/hppfs/hppfs.c
@@ -426,6 +426,7 @@ static int file_mode(int fmode)
426 426
427static int hppfs_open(struct inode *inode, struct file *file) 427static int hppfs_open(struct inode *inode, struct file *file)
428{ 428{
429 const struct cred *cred = file->f_cred;
429 struct hppfs_private *data; 430 struct hppfs_private *data;
430 struct vfsmount *proc_mnt; 431 struct vfsmount *proc_mnt;
431 struct dentry *proc_dentry; 432 struct dentry *proc_dentry;
@@ -446,7 +447,7 @@ static int hppfs_open(struct inode *inode, struct file *file)
446 447
447 /* XXX This isn't closed anywhere */ 448 /* XXX This isn't closed anywhere */
448 data->proc_file = dentry_open(dget(proc_dentry), mntget(proc_mnt), 449 data->proc_file = dentry_open(dget(proc_dentry), mntget(proc_mnt),
449 file_mode(file->f_mode)); 450 file_mode(file->f_mode), cred);
450 err = PTR_ERR(data->proc_file); 451 err = PTR_ERR(data->proc_file);
451 if (IS_ERR(data->proc_file)) 452 if (IS_ERR(data->proc_file))
452 goto out_free1; 453 goto out_free1;
@@ -489,6 +490,7 @@ static int hppfs_open(struct inode *inode, struct file *file)
489 490
490static int hppfs_dir_open(struct inode *inode, struct file *file) 491static int hppfs_dir_open(struct inode *inode, struct file *file)
491{ 492{
493 const struct cred *cred = file->f_cred;
492 struct hppfs_private *data; 494 struct hppfs_private *data;
493 struct vfsmount *proc_mnt; 495 struct vfsmount *proc_mnt;
494 struct dentry *proc_dentry; 496 struct dentry *proc_dentry;
@@ -502,7 +504,7 @@ static int hppfs_dir_open(struct inode *inode, struct file *file)
502 proc_dentry = HPPFS_I(inode)->proc_dentry; 504 proc_dentry = HPPFS_I(inode)->proc_dentry;
503 proc_mnt = inode->i_sb->s_fs_info; 505 proc_mnt = inode->i_sb->s_fs_info;
504 data->proc_file = dentry_open(dget(proc_dentry), mntget(proc_mnt), 506 data->proc_file = dentry_open(dget(proc_dentry), mntget(proc_mnt),
505 file_mode(file->f_mode)); 507 file_mode(file->f_mode), cred);
506 err = PTR_ERR(data->proc_file); 508 err = PTR_ERR(data->proc_file);
507 if (IS_ERR(data->proc_file)) 509 if (IS_ERR(data->proc_file))
508 goto out_free; 510 goto out_free;
diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c
index 61edc701b0e6..7d479ce3aceb 100644
--- a/fs/hugetlbfs/inode.c
+++ b/fs/hugetlbfs/inode.c
@@ -551,9 +551,9 @@ static int hugetlbfs_mknod(struct inode *dir,
551 if (S_ISDIR(mode)) 551 if (S_ISDIR(mode))
552 mode |= S_ISGID; 552 mode |= S_ISGID;
553 } else { 553 } else {
554 gid = current->fsgid; 554 gid = current_fsgid();
555 } 555 }
556 inode = hugetlbfs_get_inode(dir->i_sb, current->fsuid, gid, mode, dev); 556 inode = hugetlbfs_get_inode(dir->i_sb, current_fsuid(), gid, mode, dev);
557 if (inode) { 557 if (inode) {
558 dir->i_ctime = dir->i_mtime = CURRENT_TIME; 558 dir->i_ctime = dir->i_mtime = CURRENT_TIME;
559 d_instantiate(dentry, inode); 559 d_instantiate(dentry, inode);
@@ -586,9 +586,9 @@ static int hugetlbfs_symlink(struct inode *dir,
586 if (dir->i_mode & S_ISGID) 586 if (dir->i_mode & S_ISGID)
587 gid = dir->i_gid; 587 gid = dir->i_gid;
588 else 588 else
589 gid = current->fsgid; 589 gid = current_fsgid();
590 590
591 inode = hugetlbfs_get_inode(dir->i_sb, current->fsuid, 591 inode = hugetlbfs_get_inode(dir->i_sb, current_fsuid(),
592 gid, S_IFLNK|S_IRWXUGO, 0); 592 gid, S_IFLNK|S_IRWXUGO, 0);
593 if (inode) { 593 if (inode) {
594 int l = strlen(symname)+1; 594 int l = strlen(symname)+1;
@@ -854,8 +854,8 @@ hugetlbfs_fill_super(struct super_block *sb, void *data, int silent)
854 854
855 config.nr_blocks = -1; /* No limit on size by default */ 855 config.nr_blocks = -1; /* No limit on size by default */
856 config.nr_inodes = -1; /* No limit on number of inodes by default */ 856 config.nr_inodes = -1; /* No limit on number of inodes by default */
857 config.uid = current->fsuid; 857 config.uid = current_fsuid();
858 config.gid = current->fsgid; 858 config.gid = current_fsgid();
859 config.mode = 0755; 859 config.mode = 0755;
860 config.hstate = &default_hstate; 860 config.hstate = &default_hstate;
861 ret = hugetlbfs_parse_options(data, &config); 861 ret = hugetlbfs_parse_options(data, &config);
@@ -951,6 +951,7 @@ struct file *hugetlb_file_setup(const char *name, size_t size)
951 struct inode *inode; 951 struct inode *inode;
952 struct dentry *dentry, *root; 952 struct dentry *dentry, *root;
953 struct qstr quick_string; 953 struct qstr quick_string;
954 struct user_struct *user = current_user();
954 955
955 if (!hugetlbfs_vfsmount) 956 if (!hugetlbfs_vfsmount)
956 return ERR_PTR(-ENOENT); 957 return ERR_PTR(-ENOENT);
@@ -958,7 +959,7 @@ struct file *hugetlb_file_setup(const char *name, size_t size)
958 if (!can_do_hugetlb_shm()) 959 if (!can_do_hugetlb_shm())
959 return ERR_PTR(-EPERM); 960 return ERR_PTR(-EPERM);
960 961
961 if (!user_shm_lock(size, current->user)) 962 if (!user_shm_lock(size, user))
962 return ERR_PTR(-ENOMEM); 963 return ERR_PTR(-ENOMEM);
963 964
964 root = hugetlbfs_vfsmount->mnt_root; 965 root = hugetlbfs_vfsmount->mnt_root;
@@ -970,8 +971,8 @@ struct file *hugetlb_file_setup(const char *name, size_t size)
970 goto out_shm_unlock; 971 goto out_shm_unlock;
971 972
972 error = -ENOSPC; 973 error = -ENOSPC;
973 inode = hugetlbfs_get_inode(root->d_sb, current->fsuid, 974 inode = hugetlbfs_get_inode(root->d_sb, current_fsuid(),
974 current->fsgid, S_IFREG | S_IRWXUGO, 0); 975 current_fsgid(), S_IFREG | S_IRWXUGO, 0);
975 if (!inode) 976 if (!inode)
976 goto out_dentry; 977 goto out_dentry;
977 978
@@ -998,7 +999,7 @@ out_inode:
998out_dentry: 999out_dentry:
999 dput(dentry); 1000 dput(dentry);
1000out_shm_unlock: 1001out_shm_unlock:
1001 user_shm_unlock(size, current->user); 1002 user_shm_unlock(size, user);
1002 return ERR_PTR(error); 1003 return ERR_PTR(error);
1003} 1004}
1004 1005
diff --git a/fs/inotify_user.c b/fs/inotify_user.c
index d367e9b92862..e2425bbd871f 100644
--- a/fs/inotify_user.c
+++ b/fs/inotify_user.c
@@ -601,7 +601,7 @@ asmlinkage long sys_inotify_init1(int flags)
601 goto out_put_fd; 601 goto out_put_fd;
602 } 602 }
603 603
604 user = get_uid(current->user); 604 user = get_current_user();
605 if (unlikely(atomic_read(&user->inotify_devs) >= 605 if (unlikely(atomic_read(&user->inotify_devs) >=
606 inotify_max_user_instances)) { 606 inotify_max_user_instances)) {
607 ret = -EMFILE; 607 ret = -EMFILE;
diff --git a/fs/internal.h b/fs/internal.h
index 80aa9a023372..53af885f1732 100644
--- a/fs/internal.h
+++ b/fs/internal.h
@@ -10,6 +10,7 @@
10 */ 10 */
11 11
12struct super_block; 12struct super_block;
13struct linux_binprm;
13 14
14/* 15/*
15 * block_dev.c 16 * block_dev.c
@@ -40,6 +41,11 @@ static inline int sb_is_blkdev_sb(struct super_block *sb)
40extern void __init chrdev_init(void); 41extern void __init chrdev_init(void);
41 42
42/* 43/*
44 * exec.c
45 */
46extern void check_unsafe_exec(struct linux_binprm *);
47
48/*
43 * namespace.c 49 * namespace.c
44 */ 50 */
45extern int copy_mount_options(const void __user *, unsigned long *); 51extern int copy_mount_options(const void __user *, unsigned long *);
diff --git a/fs/ioprio.c b/fs/ioprio.c
index da3cc460d4df..3569e0ad86a2 100644
--- a/fs/ioprio.c
+++ b/fs/ioprio.c
@@ -31,10 +31,16 @@ static int set_task_ioprio(struct task_struct *task, int ioprio)
31{ 31{
32 int err; 32 int err;
33 struct io_context *ioc; 33 struct io_context *ioc;
34 const struct cred *cred = current_cred(), *tcred;
34 35
35 if (task->uid != current->euid && 36 rcu_read_lock();
36 task->uid != current->uid && !capable(CAP_SYS_NICE)) 37 tcred = __task_cred(task);
38 if (tcred->uid != cred->euid &&
39 tcred->uid != cred->uid && !capable(CAP_SYS_NICE)) {
40 rcu_read_unlock();
37 return -EPERM; 41 return -EPERM;
42 }
43 rcu_read_unlock();
38 44
39 err = security_task_setioprio(task, ioprio); 45 err = security_task_setioprio(task, ioprio);
40 if (err) 46 if (err)
@@ -123,7 +129,7 @@ asmlinkage long sys_ioprio_set(int which, int who, int ioprio)
123 break; 129 break;
124 case IOPRIO_WHO_USER: 130 case IOPRIO_WHO_USER:
125 if (!who) 131 if (!who)
126 user = current->user; 132 user = current_user();
127 else 133 else
128 user = find_user(who); 134 user = find_user(who);
129 135
@@ -131,7 +137,7 @@ asmlinkage long sys_ioprio_set(int which, int who, int ioprio)
131 break; 137 break;
132 138
133 do_each_thread(g, p) { 139 do_each_thread(g, p) {
134 if (p->uid != who) 140 if (__task_cred(p)->uid != who)
135 continue; 141 continue;
136 ret = set_task_ioprio(p, ioprio); 142 ret = set_task_ioprio(p, ioprio);
137 if (ret) 143 if (ret)
@@ -216,7 +222,7 @@ asmlinkage long sys_ioprio_get(int which, int who)
216 break; 222 break;
217 case IOPRIO_WHO_USER: 223 case IOPRIO_WHO_USER:
218 if (!who) 224 if (!who)
219 user = current->user; 225 user = current_user();
220 else 226 else
221 user = find_user(who); 227 user = find_user(who);
222 228
@@ -224,7 +230,7 @@ asmlinkage long sys_ioprio_get(int which, int who)
224 break; 230 break;
225 231
226 do_each_thread(g, p) { 232 do_each_thread(g, p) {
227 if (p->uid != user->uid) 233 if (__task_cred(p)->uid != user->uid)
228 continue; 234 continue;
229 tmpio = get_task_ioprio(p); 235 tmpio = get_task_ioprio(p);
230 if (tmpio < 0) 236 if (tmpio < 0)
diff --git a/fs/jfs/jfs_inode.c b/fs/jfs/jfs_inode.c
index ed6574bee51a..70022fd1c539 100644
--- a/fs/jfs/jfs_inode.c
+++ b/fs/jfs/jfs_inode.c
@@ -93,13 +93,13 @@ struct inode *ialloc(struct inode *parent, umode_t mode)
93 return ERR_PTR(rc); 93 return ERR_PTR(rc);
94 } 94 }
95 95
96 inode->i_uid = current->fsuid; 96 inode->i_uid = current_fsuid();
97 if (parent->i_mode & S_ISGID) { 97 if (parent->i_mode & S_ISGID) {
98 inode->i_gid = parent->i_gid; 98 inode->i_gid = parent->i_gid;
99 if (S_ISDIR(mode)) 99 if (S_ISDIR(mode))
100 mode |= S_ISGID; 100 mode |= S_ISGID;
101 } else 101 } else
102 inode->i_gid = current->fsgid; 102 inode->i_gid = current_fsgid();
103 103
104 /* 104 /*
105 * New inodes need to save sane values on disk when 105 * New inodes need to save sane values on disk when
diff --git a/fs/locks.c b/fs/locks.c
index 09062e3ff104..46a2e12f7d42 100644
--- a/fs/locks.c
+++ b/fs/locks.c
@@ -1349,7 +1349,7 @@ int generic_setlease(struct file *filp, long arg, struct file_lock **flp)
1349 struct inode *inode = dentry->d_inode; 1349 struct inode *inode = dentry->d_inode;
1350 int error, rdlease_count = 0, wrlease_count = 0; 1350 int error, rdlease_count = 0, wrlease_count = 0;
1351 1351
1352 if ((current->fsuid != inode->i_uid) && !capable(CAP_LEASE)) 1352 if ((current_fsuid() != inode->i_uid) && !capable(CAP_LEASE))
1353 return -EACCES; 1353 return -EACCES;
1354 if (!S_ISREG(inode->i_mode)) 1354 if (!S_ISREG(inode->i_mode))
1355 return -EINVAL; 1355 return -EINVAL;
diff --git a/fs/minix/bitmap.c b/fs/minix/bitmap.c
index 703cc35e04b9..3aebe322271a 100644
--- a/fs/minix/bitmap.c
+++ b/fs/minix/bitmap.c
@@ -262,8 +262,8 @@ struct inode * minix_new_inode(const struct inode * dir, int * error)
262 iput(inode); 262 iput(inode);
263 return NULL; 263 return NULL;
264 } 264 }
265 inode->i_uid = current->fsuid; 265 inode->i_uid = current_fsuid();
266 inode->i_gid = (dir->i_mode & S_ISGID) ? dir->i_gid : current->fsgid; 266 inode->i_gid = (dir->i_mode & S_ISGID) ? dir->i_gid : current_fsgid();
267 inode->i_ino = j; 267 inode->i_ino = j;
268 inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC; 268 inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC;
269 inode->i_blocks = 0; 269 inode->i_blocks = 0;
diff --git a/fs/namei.c b/fs/namei.c
index 09ce58e49e72..42d7b7606936 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -186,7 +186,7 @@ int generic_permission(struct inode *inode, int mask,
186 186
187 mask &= MAY_READ | MAY_WRITE | MAY_EXEC; 187 mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
188 188
189 if (current->fsuid == inode->i_uid) 189 if (current_fsuid() == inode->i_uid)
190 mode >>= 6; 190 mode >>= 6;
191 else { 191 else {
192 if (IS_POSIXACL(inode) && (mode & S_IRWXG) && check_acl) { 192 if (IS_POSIXACL(inode) && (mode & S_IRWXG) && check_acl) {
@@ -441,7 +441,7 @@ static int exec_permission_lite(struct inode *inode)
441 if (inode->i_op && inode->i_op->permission) 441 if (inode->i_op && inode->i_op->permission)
442 return -EAGAIN; 442 return -EAGAIN;
443 443
444 if (current->fsuid == inode->i_uid) 444 if (current_fsuid() == inode->i_uid)
445 mode >>= 6; 445 mode >>= 6;
446 else if (in_group_p(inode->i_gid)) 446 else if (in_group_p(inode->i_gid))
447 mode >>= 3; 447 mode >>= 3;
@@ -1334,11 +1334,13 @@ static int user_path_parent(int dfd, const char __user *path,
1334 */ 1334 */
1335static inline int check_sticky(struct inode *dir, struct inode *inode) 1335static inline int check_sticky(struct inode *dir, struct inode *inode)
1336{ 1336{
1337 uid_t fsuid = current_fsuid();
1338
1337 if (!(dir->i_mode & S_ISVTX)) 1339 if (!(dir->i_mode & S_ISVTX))
1338 return 0; 1340 return 0;
1339 if (inode->i_uid == current->fsuid) 1341 if (inode->i_uid == fsuid)
1340 return 0; 1342 return 0;
1341 if (dir->i_uid == current->fsuid) 1343 if (dir->i_uid == fsuid)
1342 return 0; 1344 return 0;
1343 return !capable(CAP_FOWNER); 1345 return !capable(CAP_FOWNER);
1344} 1346}
diff --git a/fs/namespace.c b/fs/namespace.c
index 65b3dc844c87..1c09cab8f7cf 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1176,7 +1176,7 @@ static int mount_is_safe(struct path *path)
1176 if (S_ISLNK(path->dentry->d_inode->i_mode)) 1176 if (S_ISLNK(path->dentry->d_inode->i_mode))
1177 return -EPERM; 1177 return -EPERM;
1178 if (path->dentry->d_inode->i_mode & S_ISVTX) { 1178 if (path->dentry->d_inode->i_mode & S_ISVTX) {
1179 if (current->uid != path->dentry->d_inode->i_uid) 1179 if (current_uid() != path->dentry->d_inode->i_uid)
1180 return -EPERM; 1180 return -EPERM;
1181 } 1181 }
1182 if (inode_permission(path->dentry->d_inode, MAY_WRITE)) 1182 if (inode_permission(path->dentry->d_inode, MAY_WRITE))
diff --git a/fs/ncpfs/ioctl.c b/fs/ncpfs/ioctl.c
index 3a97c95e1ca2..6d04e050c74e 100644
--- a/fs/ncpfs/ioctl.c
+++ b/fs/ncpfs/ioctl.c
@@ -40,10 +40,10 @@ ncp_get_fs_info(struct ncp_server * server, struct file *file,
40 struct inode *inode = file->f_path.dentry->d_inode; 40 struct inode *inode = file->f_path.dentry->d_inode;
41 struct ncp_fs_info info; 41 struct ncp_fs_info info;
42 42
43 if ((file_permission(file, MAY_WRITE) != 0) 43 if (file_permission(file, MAY_WRITE) != 0
44 && (current->uid != server->m.mounted_uid)) { 44 && current_uid() != server->m.mounted_uid)
45 return -EACCES; 45 return -EACCES;
46 } 46
47 if (copy_from_user(&info, arg, sizeof(info))) 47 if (copy_from_user(&info, arg, sizeof(info)))
48 return -EFAULT; 48 return -EFAULT;
49 49
@@ -70,10 +70,10 @@ ncp_get_fs_info_v2(struct ncp_server * server, struct file *file,
70 struct inode *inode = file->f_path.dentry->d_inode; 70 struct inode *inode = file->f_path.dentry->d_inode;
71 struct ncp_fs_info_v2 info2; 71 struct ncp_fs_info_v2 info2;
72 72
73 if ((file_permission(file, MAY_WRITE) != 0) 73 if (file_permission(file, MAY_WRITE) != 0
74 && (current->uid != server->m.mounted_uid)) { 74 && current_uid() != server->m.mounted_uid)
75 return -EACCES; 75 return -EACCES;
76 } 76
77 if (copy_from_user(&info2, arg, sizeof(info2))) 77 if (copy_from_user(&info2, arg, sizeof(info2)))
78 return -EFAULT; 78 return -EFAULT;
79 79
@@ -141,10 +141,10 @@ ncp_get_compat_fs_info_v2(struct ncp_server * server, struct file *file,
141 struct inode *inode = file->f_path.dentry->d_inode; 141 struct inode *inode = file->f_path.dentry->d_inode;
142 struct compat_ncp_fs_info_v2 info2; 142 struct compat_ncp_fs_info_v2 info2;
143 143
144 if ((file_permission(file, MAY_WRITE) != 0) 144 if (file_permission(file, MAY_WRITE) != 0
145 && (current->uid != server->m.mounted_uid)) { 145 && current_uid() != server->m.mounted_uid)
146 return -EACCES; 146 return -EACCES;
147 } 147
148 if (copy_from_user(&info2, arg, sizeof(info2))) 148 if (copy_from_user(&info2, arg, sizeof(info2)))
149 return -EFAULT; 149 return -EFAULT;
150 150
@@ -270,16 +270,17 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp,
270 struct ncp_ioctl_request request; 270 struct ncp_ioctl_request request;
271 char* bouncebuffer; 271 char* bouncebuffer;
272 void __user *argp = (void __user *)arg; 272 void __user *argp = (void __user *)arg;
273 uid_t uid = current_uid();
273 274
274 switch (cmd) { 275 switch (cmd) {
275#ifdef CONFIG_COMPAT 276#ifdef CONFIG_COMPAT
276 case NCP_IOC_NCPREQUEST_32: 277 case NCP_IOC_NCPREQUEST_32:
277#endif 278#endif
278 case NCP_IOC_NCPREQUEST: 279 case NCP_IOC_NCPREQUEST:
279 if ((file_permission(filp, MAY_WRITE) != 0) 280 if (file_permission(filp, MAY_WRITE) != 0
280 && (current->uid != server->m.mounted_uid)) { 281 && uid != server->m.mounted_uid)
281 return -EACCES; 282 return -EACCES;
282 } 283
283#ifdef CONFIG_COMPAT 284#ifdef CONFIG_COMPAT
284 if (cmd == NCP_IOC_NCPREQUEST_32) { 285 if (cmd == NCP_IOC_NCPREQUEST_32) {
285 struct compat_ncp_ioctl_request request32; 286 struct compat_ncp_ioctl_request request32;
@@ -356,10 +357,10 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp,
356 case NCP_IOC_GETMOUNTUID16: 357 case NCP_IOC_GETMOUNTUID16:
357 case NCP_IOC_GETMOUNTUID32: 358 case NCP_IOC_GETMOUNTUID32:
358 case NCP_IOC_GETMOUNTUID64: 359 case NCP_IOC_GETMOUNTUID64:
359 if ((file_permission(filp, MAY_READ) != 0) 360 if (file_permission(filp, MAY_READ) != 0
360 && (current->uid != server->m.mounted_uid)) { 361 && uid != server->m.mounted_uid)
361 return -EACCES; 362 return -EACCES;
362 } 363
363 if (cmd == NCP_IOC_GETMOUNTUID16) { 364 if (cmd == NCP_IOC_GETMOUNTUID16) {
364 u16 uid; 365 u16 uid;
365 SET_UID(uid, server->m.mounted_uid); 366 SET_UID(uid, server->m.mounted_uid);
@@ -380,11 +381,10 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp,
380 { 381 {
381 struct ncp_setroot_ioctl sr; 382 struct ncp_setroot_ioctl sr;
382 383
383 if ((file_permission(filp, MAY_READ) != 0) 384 if (file_permission(filp, MAY_READ) != 0
384 && (current->uid != server->m.mounted_uid)) 385 && uid != server->m.mounted_uid)
385 {
386 return -EACCES; 386 return -EACCES;
387 } 387
388 if (server->m.mounted_vol[0]) { 388 if (server->m.mounted_vol[0]) {
389 struct dentry* dentry = inode->i_sb->s_root; 389 struct dentry* dentry = inode->i_sb->s_root;
390 390
@@ -408,6 +408,7 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp,
408 return -EFAULT; 408 return -EFAULT;
409 return 0; 409 return 0;
410 } 410 }
411
411 case NCP_IOC_SETROOT: 412 case NCP_IOC_SETROOT:
412 { 413 {
413 struct ncp_setroot_ioctl sr; 414 struct ncp_setroot_ioctl sr;
@@ -455,11 +456,10 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp,
455 456
456#ifdef CONFIG_NCPFS_PACKET_SIGNING 457#ifdef CONFIG_NCPFS_PACKET_SIGNING
457 case NCP_IOC_SIGN_INIT: 458 case NCP_IOC_SIGN_INIT:
458 if ((file_permission(filp, MAY_WRITE) != 0) 459 if (file_permission(filp, MAY_WRITE) != 0
459 && (current->uid != server->m.mounted_uid)) 460 && uid != server->m.mounted_uid)
460 {
461 return -EACCES; 461 return -EACCES;
462 } 462
463 if (argp) { 463 if (argp) {
464 if (server->sign_wanted) 464 if (server->sign_wanted)
465 { 465 {
@@ -478,24 +478,22 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp,
478 return 0; 478 return 0;
479 479
480 case NCP_IOC_SIGN_WANTED: 480 case NCP_IOC_SIGN_WANTED:
481 if ((file_permission(filp, MAY_READ) != 0) 481 if (file_permission(filp, MAY_READ) != 0
482 && (current->uid != server->m.mounted_uid)) 482 && uid != server->m.mounted_uid)
483 {
484 return -EACCES; 483 return -EACCES;
485 }
486 484
487 if (put_user(server->sign_wanted, (int __user *)argp)) 485 if (put_user(server->sign_wanted, (int __user *)argp))
488 return -EFAULT; 486 return -EFAULT;
489 return 0; 487 return 0;
488
490 case NCP_IOC_SET_SIGN_WANTED: 489 case NCP_IOC_SET_SIGN_WANTED:
491 { 490 {
492 int newstate; 491 int newstate;
493 492
494 if ((file_permission(filp, MAY_WRITE) != 0) 493 if (file_permission(filp, MAY_WRITE) != 0
495 && (current->uid != server->m.mounted_uid)) 494 && uid != server->m.mounted_uid)
496 {
497 return -EACCES; 495 return -EACCES;
498 } 496
499 /* get only low 8 bits... */ 497 /* get only low 8 bits... */
500 if (get_user(newstate, (unsigned char __user *)argp)) 498 if (get_user(newstate, (unsigned char __user *)argp))
501 return -EFAULT; 499 return -EFAULT;
@@ -512,11 +510,10 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp,
512 510
513#ifdef CONFIG_NCPFS_IOCTL_LOCKING 511#ifdef CONFIG_NCPFS_IOCTL_LOCKING
514 case NCP_IOC_LOCKUNLOCK: 512 case NCP_IOC_LOCKUNLOCK:
515 if ((file_permission(filp, MAY_WRITE) != 0) 513 if (file_permission(filp, MAY_WRITE) != 0
516 && (current->uid != server->m.mounted_uid)) 514 && uid != server->m.mounted_uid)
517 {
518 return -EACCES; 515 return -EACCES;
519 } 516
520 { 517 {
521 struct ncp_lock_ioctl rqdata; 518 struct ncp_lock_ioctl rqdata;
522 519
@@ -585,9 +582,8 @@ outrel:
585 582
586#ifdef CONFIG_COMPAT 583#ifdef CONFIG_COMPAT
587 case NCP_IOC_GETOBJECTNAME_32: 584 case NCP_IOC_GETOBJECTNAME_32:
588 if (current->uid != server->m.mounted_uid) { 585 if (uid != server->m.mounted_uid)
589 return -EACCES; 586 return -EACCES;
590 }
591 { 587 {
592 struct compat_ncp_objectname_ioctl user; 588 struct compat_ncp_objectname_ioctl user;
593 size_t outl; 589 size_t outl;
@@ -609,10 +605,10 @@ outrel:
609 return 0; 605 return 0;
610 } 606 }
611#endif 607#endif
608
612 case NCP_IOC_GETOBJECTNAME: 609 case NCP_IOC_GETOBJECTNAME:
613 if (current->uid != server->m.mounted_uid) { 610 if (uid != server->m.mounted_uid)
614 return -EACCES; 611 return -EACCES;
615 }
616 { 612 {
617 struct ncp_objectname_ioctl user; 613 struct ncp_objectname_ioctl user;
618 size_t outl; 614 size_t outl;
@@ -633,13 +629,13 @@ outrel:
633 return -EFAULT; 629 return -EFAULT;
634 return 0; 630 return 0;
635 } 631 }
632
636#ifdef CONFIG_COMPAT 633#ifdef CONFIG_COMPAT
637 case NCP_IOC_SETOBJECTNAME_32: 634 case NCP_IOC_SETOBJECTNAME_32:
638#endif 635#endif
639 case NCP_IOC_SETOBJECTNAME: 636 case NCP_IOC_SETOBJECTNAME:
640 if (current->uid != server->m.mounted_uid) { 637 if (uid != server->m.mounted_uid)
641 return -EACCES; 638 return -EACCES;
642 }
643 { 639 {
644 struct ncp_objectname_ioctl user; 640 struct ncp_objectname_ioctl user;
645 void* newname; 641 void* newname;
@@ -691,13 +687,13 @@ outrel:
691 kfree(oldname); 687 kfree(oldname);
692 return 0; 688 return 0;
693 } 689 }
690
694#ifdef CONFIG_COMPAT 691#ifdef CONFIG_COMPAT
695 case NCP_IOC_GETPRIVATEDATA_32: 692 case NCP_IOC_GETPRIVATEDATA_32:
696#endif 693#endif
697 case NCP_IOC_GETPRIVATEDATA: 694 case NCP_IOC_GETPRIVATEDATA:
698 if (current->uid != server->m.mounted_uid) { 695 if (uid != server->m.mounted_uid)
699 return -EACCES; 696 return -EACCES;
700 }
701 { 697 {
702 struct ncp_privatedata_ioctl user; 698 struct ncp_privatedata_ioctl user;
703 size_t outl; 699 size_t outl;
@@ -736,13 +732,13 @@ outrel:
736 732
737 return 0; 733 return 0;
738 } 734 }
735
739#ifdef CONFIG_COMPAT 736#ifdef CONFIG_COMPAT
740 case NCP_IOC_SETPRIVATEDATA_32: 737 case NCP_IOC_SETPRIVATEDATA_32:
741#endif 738#endif
742 case NCP_IOC_SETPRIVATEDATA: 739 case NCP_IOC_SETPRIVATEDATA:
743 if (current->uid != server->m.mounted_uid) { 740 if (uid != server->m.mounted_uid)
744 return -EACCES; 741 return -EACCES;
745 }
746 { 742 {
747 struct ncp_privatedata_ioctl user; 743 struct ncp_privatedata_ioctl user;
748 void* new; 744 void* new;
@@ -794,9 +790,10 @@ outrel:
794#endif /* CONFIG_NCPFS_NLS */ 790#endif /* CONFIG_NCPFS_NLS */
795 791
796 case NCP_IOC_SETDENTRYTTL: 792 case NCP_IOC_SETDENTRYTTL:
797 if ((file_permission(filp, MAY_WRITE) != 0) && 793 if (file_permission(filp, MAY_WRITE) != 0 &&
798 (current->uid != server->m.mounted_uid)) 794 uid != server->m.mounted_uid)
799 return -EACCES; 795 return -EACCES;
796
800 { 797 {
801 u_int32_t user; 798 u_int32_t user;
802 799
diff --git a/fs/nfsctl.c b/fs/nfsctl.c
index aed8145d9087..cc4ef2642a51 100644
--- a/fs/nfsctl.c
+++ b/fs/nfsctl.c
@@ -41,7 +41,8 @@ static struct file *do_open(char *name, int flags)
41 error = may_open(&nd, MAY_WRITE, FMODE_WRITE); 41 error = may_open(&nd, MAY_WRITE, FMODE_WRITE);
42 42
43 if (!error) 43 if (!error)
44 return dentry_open(nd.path.dentry, nd.path.mnt, flags); 44 return dentry_open(nd.path.dentry, nd.path.mnt, flags,
45 current_cred());
45 46
46 path_put(&nd.path); 47 path_put(&nd.path);
47 return ERR_PTR(error); 48 return ERR_PTR(error);
diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c
index 294992e9bf69..0184fe9b514c 100644
--- a/fs/nfsd/auth.c
+++ b/fs/nfsd/auth.c
@@ -27,53 +27,70 @@ int nfsexp_flags(struct svc_rqst *rqstp, struct svc_export *exp)
27 27
28int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp) 28int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
29{ 29{
30 struct svc_cred cred = rqstp->rq_cred; 30 struct group_info *rqgi;
31 struct group_info *gi;
32 struct cred *new;
31 int i; 33 int i;
32 int flags = nfsexp_flags(rqstp, exp); 34 int flags = nfsexp_flags(rqstp, exp);
33 int ret; 35 int ret;
34 36
37 /* discard any old override before preparing the new set */
38 revert_creds(get_cred(current->real_cred));
39 new = prepare_creds();
40 if (!new)
41 return -ENOMEM;
42
43 new->fsuid = rqstp->rq_cred.cr_uid;
44 new->fsgid = rqstp->rq_cred.cr_gid;
45
46 rqgi = rqstp->rq_cred.cr_group_info;
47
35 if (flags & NFSEXP_ALLSQUASH) { 48 if (flags & NFSEXP_ALLSQUASH) {
36 cred.cr_uid = exp->ex_anon_uid; 49 new->fsuid = exp->ex_anon_uid;
37 cred.cr_gid = exp->ex_anon_gid; 50 new->fsgid = exp->ex_anon_gid;
38 cred.cr_group_info = groups_alloc(0); 51 gi = groups_alloc(0);
39 } else if (flags & NFSEXP_ROOTSQUASH) { 52 } else if (flags & NFSEXP_ROOTSQUASH) {
40 struct group_info *gi; 53 if (!new->fsuid)
41 if (!cred.cr_uid) 54 new->fsuid = exp->ex_anon_uid;
42 cred.cr_uid = exp->ex_anon_uid; 55 if (!new->fsgid)
43 if (!cred.cr_gid) 56 new->fsgid = exp->ex_anon_gid;
44 cred.cr_gid = exp->ex_anon_gid;
45 gi = groups_alloc(cred.cr_group_info->ngroups);
46 if (gi)
47 for (i = 0; i < cred.cr_group_info->ngroups; i++) {
48 if (!GROUP_AT(cred.cr_group_info, i))
49 GROUP_AT(gi, i) = exp->ex_anon_gid;
50 else
51 GROUP_AT(gi, i) = GROUP_AT(cred.cr_group_info, i);
52 }
53 cred.cr_group_info = gi;
54 } else
55 get_group_info(cred.cr_group_info);
56
57 if (cred.cr_uid != (uid_t) -1)
58 current->fsuid = cred.cr_uid;
59 else
60 current->fsuid = exp->ex_anon_uid;
61 if (cred.cr_gid != (gid_t) -1)
62 current->fsgid = cred.cr_gid;
63 else
64 current->fsgid = exp->ex_anon_gid;
65 57
66 if (!cred.cr_group_info) 58 gi = groups_alloc(rqgi->ngroups);
67 return -ENOMEM; 59 if (!gi)
68 ret = set_current_groups(cred.cr_group_info); 60 goto oom;
69 put_group_info(cred.cr_group_info); 61
70 if ((cred.cr_uid)) { 62 for (i = 0; i < rqgi->ngroups; i++) {
71 current->cap_effective = 63 if (!GROUP_AT(rqgi, i))
72 cap_drop_nfsd_set(current->cap_effective); 64 GROUP_AT(gi, i) = exp->ex_anon_gid;
65 else
66 GROUP_AT(gi, i) = GROUP_AT(rqgi, i);
67 }
73 } else { 68 } else {
74 current->cap_effective = 69 gi = get_group_info(rqgi);
75 cap_raise_nfsd_set(current->cap_effective,
76 current->cap_permitted);
77 } 70 }
71
72 if (new->fsuid == (uid_t) -1)
73 new->fsuid = exp->ex_anon_uid;
74 if (new->fsgid == (gid_t) -1)
75 new->fsgid = exp->ex_anon_gid;
76
77 ret = set_groups(new, gi);
78 put_group_info(gi);
79 if (!ret)
80 goto error;
81
82 if (new->uid)
83 new->cap_effective = cap_drop_nfsd_set(new->cap_effective);
84 else
85 new->cap_effective = cap_raise_nfsd_set(new->cap_effective,
86 new->cap_permitted);
87 put_cred(override_creds(new));
88 return 0;
89
90oom:
91 ret = -ENOMEM;
92error:
93 abort_creds(new);
78 return ret; 94 return ret;
79} 95}
96
diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c
index bb93946ace22..9371ea12d7fa 100644
--- a/fs/nfsd/nfs4recover.c
+++ b/fs/nfsd/nfs4recover.c
@@ -54,20 +54,26 @@
54static struct path rec_dir; 54static struct path rec_dir;
55static int rec_dir_init = 0; 55static int rec_dir_init = 0;
56 56
57static void 57static int
58nfs4_save_user(uid_t *saveuid, gid_t *savegid) 58nfs4_save_creds(const struct cred **original_creds)
59{ 59{
60 *saveuid = current->fsuid; 60 struct cred *new;
61 *savegid = current->fsgid; 61
62 current->fsuid = 0; 62 new = prepare_creds();
63 current->fsgid = 0; 63 if (!new)
64 return -ENOMEM;
65
66 new->fsuid = 0;
67 new->fsgid = 0;
68 *original_creds = override_creds(new);
69 put_cred(new);
70 return 0;
64} 71}
65 72
66static void 73static void
67nfs4_reset_user(uid_t saveuid, gid_t savegid) 74nfs4_reset_creds(const struct cred *original)
68{ 75{
69 current->fsuid = saveuid; 76 revert_creds(original);
70 current->fsgid = savegid;
71} 77}
72 78
73static void 79static void
@@ -129,10 +135,9 @@ nfsd4_sync_rec_dir(void)
129int 135int
130nfsd4_create_clid_dir(struct nfs4_client *clp) 136nfsd4_create_clid_dir(struct nfs4_client *clp)
131{ 137{
138 const struct cred *original_cred;
132 char *dname = clp->cl_recdir; 139 char *dname = clp->cl_recdir;
133 struct dentry *dentry; 140 struct dentry *dentry;
134 uid_t uid;
135 gid_t gid;
136 int status; 141 int status;
137 142
138 dprintk("NFSD: nfsd4_create_clid_dir for \"%s\"\n", dname); 143 dprintk("NFSD: nfsd4_create_clid_dir for \"%s\"\n", dname);
@@ -140,7 +145,9 @@ nfsd4_create_clid_dir(struct nfs4_client *clp)
140 if (!rec_dir_init || clp->cl_firststate) 145 if (!rec_dir_init || clp->cl_firststate)
141 return 0; 146 return 0;
142 147
143 nfs4_save_user(&uid, &gid); 148 status = nfs4_save_creds(&original_cred);
149 if (status < 0)
150 return status;
144 151
145 /* lock the parent */ 152 /* lock the parent */
146 mutex_lock(&rec_dir.dentry->d_inode->i_mutex); 153 mutex_lock(&rec_dir.dentry->d_inode->i_mutex);
@@ -168,7 +175,7 @@ out_unlock:
168 clp->cl_firststate = 1; 175 clp->cl_firststate = 1;
169 nfsd4_sync_rec_dir(); 176 nfsd4_sync_rec_dir();
170 } 177 }
171 nfs4_reset_user(uid, gid); 178 nfs4_reset_creds(original_cred);
172 dprintk("NFSD: nfsd4_create_clid_dir returns %d\n", status); 179 dprintk("NFSD: nfsd4_create_clid_dir returns %d\n", status);
173 return status; 180 return status;
174} 181}
@@ -211,22 +218,24 @@ nfsd4_build_dentrylist(void *arg, const char *name, int namlen,
211static int 218static int
212nfsd4_list_rec_dir(struct dentry *dir, recdir_func *f) 219nfsd4_list_rec_dir(struct dentry *dir, recdir_func *f)
213{ 220{
221 const struct cred *original_cred;
214 struct file *filp; 222 struct file *filp;
215 struct dentry_list_arg dla = { 223 struct dentry_list_arg dla = {
216 .parent = dir, 224 .parent = dir,
217 }; 225 };
218 struct list_head *dentries = &dla.dentries; 226 struct list_head *dentries = &dla.dentries;
219 struct dentry_list *child; 227 struct dentry_list *child;
220 uid_t uid;
221 gid_t gid;
222 int status; 228 int status;
223 229
224 if (!rec_dir_init) 230 if (!rec_dir_init)
225 return 0; 231 return 0;
226 232
227 nfs4_save_user(&uid, &gid); 233 status = nfs4_save_creds(&original_cred);
234 if (status < 0)
235 return status;
228 236
229 filp = dentry_open(dget(dir), mntget(rec_dir.mnt), O_RDONLY); 237 filp = dentry_open(dget(dir), mntget(rec_dir.mnt), O_RDONLY,
238 current_cred());
230 status = PTR_ERR(filp); 239 status = PTR_ERR(filp);
231 if (IS_ERR(filp)) 240 if (IS_ERR(filp))
232 goto out; 241 goto out;
@@ -249,7 +258,7 @@ out:
249 dput(child->dentry); 258 dput(child->dentry);
250 kfree(child); 259 kfree(child);
251 } 260 }
252 nfs4_reset_user(uid, gid); 261 nfs4_reset_creds(original_cred);
253 return status; 262 return status;
254} 263}
255 264
@@ -311,8 +320,7 @@ out:
311void 320void
312nfsd4_remove_clid_dir(struct nfs4_client *clp) 321nfsd4_remove_clid_dir(struct nfs4_client *clp)
313{ 322{
314 uid_t uid; 323 const struct cred *original_cred;
315 gid_t gid;
316 int status; 324 int status;
317 325
318 if (!rec_dir_init || !clp->cl_firststate) 326 if (!rec_dir_init || !clp->cl_firststate)
@@ -322,9 +330,13 @@ nfsd4_remove_clid_dir(struct nfs4_client *clp)
322 if (status) 330 if (status)
323 goto out; 331 goto out;
324 clp->cl_firststate = 0; 332 clp->cl_firststate = 0;
325 nfs4_save_user(&uid, &gid); 333
334 status = nfs4_save_creds(&original_cred);
335 if (status < 0)
336 goto out;
337
326 status = nfsd4_unlink_clid_dir(clp->cl_recdir, HEXDIR_LEN-1); 338 status = nfsd4_unlink_clid_dir(clp->cl_recdir, HEXDIR_LEN-1);
327 nfs4_reset_user(uid, gid); 339 nfs4_reset_creds(original_cred);
328 if (status == 0) 340 if (status == 0)
329 nfsd4_sync_rec_dir(); 341 nfsd4_sync_rec_dir();
330 mnt_drop_write(rec_dir.mnt); 342 mnt_drop_write(rec_dir.mnt);
@@ -401,16 +413,21 @@ nfsd4_recdir_load(void) {
401void 413void
402nfsd4_init_recdir(char *rec_dirname) 414nfsd4_init_recdir(char *rec_dirname)
403{ 415{
404 uid_t uid = 0; 416 const struct cred *original_cred;
405 gid_t gid = 0; 417 int status;
406 int status;
407 418
408 printk("NFSD: Using %s as the NFSv4 state recovery directory\n", 419 printk("NFSD: Using %s as the NFSv4 state recovery directory\n",
409 rec_dirname); 420 rec_dirname);
410 421
411 BUG_ON(rec_dir_init); 422 BUG_ON(rec_dir_init);
412 423
413 nfs4_save_user(&uid, &gid); 424 status = nfs4_save_creds(&original_cred);
425 if (status < 0) {
426 printk("NFSD: Unable to change credentials to find recovery"
427 " directory: error %d\n",
428 status);
429 return;
430 }
414 431
415 status = kern_path(rec_dirname, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, 432 status = kern_path(rec_dirname, LOOKUP_FOLLOW | LOOKUP_DIRECTORY,
416 &rec_dir); 433 &rec_dir);
@@ -420,7 +437,7 @@ nfsd4_init_recdir(char *rec_dirname)
420 437
421 if (!status) 438 if (!status)
422 rec_dir_init = 1; 439 rec_dir_init = 1;
423 nfs4_reset_user(uid, gid); 440 nfs4_reset_creds(original_cred);
424} 441}
425 442
426void 443void
diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c
index cd25d91895a1..f0da7d9c3a92 100644
--- a/fs/nfsd/nfsfh.c
+++ b/fs/nfsd/nfsfh.c
@@ -186,9 +186,14 @@ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct svc_fh *fhp)
186 * access control settings being in effect, we cannot 186 * access control settings being in effect, we cannot
187 * fix that case easily. 187 * fix that case easily.
188 */ 188 */
189 current->cap_effective = 189 struct cred *new = prepare_creds();
190 cap_raise_nfsd_set(current->cap_effective, 190 if (!new)
191 current->cap_permitted); 191 return nfserrno(-ENOMEM);
192 new->cap_effective =
193 cap_raise_nfsd_set(new->cap_effective,
194 new->cap_permitted);
195 put_cred(override_creds(new));
196 put_cred(new);
192 } else { 197 } else {
193 error = nfsd_setuser_and_check_port(rqstp, exp); 198 error = nfsd_setuser_and_check_port(rqstp, exp);
194 if (error) 199 if (error)
diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
index 4433c8f00163..d1c5f787b365 100644
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
@@ -671,6 +671,7 @@ __be32
671nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, 671nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type,
672 int access, struct file **filp) 672 int access, struct file **filp)
673{ 673{
674 const struct cred *cred = current_cred();
674 struct dentry *dentry; 675 struct dentry *dentry;
675 struct inode *inode; 676 struct inode *inode;
676 int flags = O_RDONLY|O_LARGEFILE; 677 int flags = O_RDONLY|O_LARGEFILE;
@@ -725,7 +726,7 @@ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type,
725 DQUOT_INIT(inode); 726 DQUOT_INIT(inode);
726 } 727 }
727 *filp = dentry_open(dget(dentry), mntget(fhp->fh_export->ex_path.mnt), 728 *filp = dentry_open(dget(dentry), mntget(fhp->fh_export->ex_path.mnt),
728 flags); 729 flags, cred);
729 if (IS_ERR(*filp)) 730 if (IS_ERR(*filp))
730 host_err = PTR_ERR(*filp); 731 host_err = PTR_ERR(*filp);
731out_nfserr: 732out_nfserr:
@@ -1169,7 +1170,7 @@ nfsd_create_setattr(struct svc_rqst *rqstp, struct svc_fh *resfhp,
1169 * send along the gid on create when it tries to implement 1170 * send along the gid on create when it tries to implement
1170 * setgid directories via NFS: 1171 * setgid directories via NFS:
1171 */ 1172 */
1172 if (current->fsuid != 0) 1173 if (current_fsuid() != 0)
1173 iap->ia_valid &= ~(ATTR_UID|ATTR_GID); 1174 iap->ia_valid &= ~(ATTR_UID|ATTR_GID);
1174 if (iap->ia_valid) 1175 if (iap->ia_valid)
1175 return nfsd_setattr(rqstp, resfhp, iap, 0, (time_t)0); 1176 return nfsd_setattr(rqstp, resfhp, iap, 0, (time_t)0);
@@ -2001,7 +2002,7 @@ nfsd_permission(struct svc_rqst *rqstp, struct svc_export *exp,
2001 IS_APPEND(inode)? " append" : "", 2002 IS_APPEND(inode)? " append" : "",
2002 __mnt_is_readonly(exp->ex_path.mnt)? " ro" : ""); 2003 __mnt_is_readonly(exp->ex_path.mnt)? " ro" : "");
2003 dprintk(" owner %d/%d user %d/%d\n", 2004 dprintk(" owner %d/%d user %d/%d\n",
2004 inode->i_uid, inode->i_gid, current->fsuid, current->fsgid); 2005 inode->i_uid, inode->i_gid, current_fsuid(), current_fsgid());
2005#endif 2006#endif
2006 2007
2007 /* Normally we reject any write/sattr etc access on a read-only file 2008 /* Normally we reject any write/sattr etc access on a read-only file
@@ -2044,7 +2045,7 @@ nfsd_permission(struct svc_rqst *rqstp, struct svc_export *exp,
2044 * with NFSv3. 2045 * with NFSv3.
2045 */ 2046 */
2046 if ((acc & NFSD_MAY_OWNER_OVERRIDE) && 2047 if ((acc & NFSD_MAY_OWNER_OVERRIDE) &&
2047 inode->i_uid == current->fsuid) 2048 inode->i_uid == current_fsuid())
2048 return 0; 2049 return 0;
2049 2050
2050 /* This assumes NFSD_MAY_{READ,WRITE,EXEC} == MAY_{READ,WRITE,EXEC} */ 2051 /* This assumes NFSD_MAY_{READ,WRITE,EXEC} == MAY_{READ,WRITE,EXEC} */
diff --git a/fs/ocfs2/dlm/dlmfs.c b/fs/ocfs2/dlm/dlmfs.c
index 533a789c3ef8..3516d8a4166b 100644
--- a/fs/ocfs2/dlm/dlmfs.c
+++ b/fs/ocfs2/dlm/dlmfs.c
@@ -339,8 +339,8 @@ static struct inode *dlmfs_get_root_inode(struct super_block *sb)
339 ip = DLMFS_I(inode); 339 ip = DLMFS_I(inode);
340 340
341 inode->i_mode = mode; 341 inode->i_mode = mode;
342 inode->i_uid = current->fsuid; 342 inode->i_uid = current_fsuid();
343 inode->i_gid = current->fsgid; 343 inode->i_gid = current_fsgid();
344 inode->i_blocks = 0; 344 inode->i_blocks = 0;
345 inode->i_mapping->backing_dev_info = &dlmfs_backing_dev_info; 345 inode->i_mapping->backing_dev_info = &dlmfs_backing_dev_info;
346 inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; 346 inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME;
@@ -365,8 +365,8 @@ static struct inode *dlmfs_get_inode(struct inode *parent,
365 return NULL; 365 return NULL;
366 366
367 inode->i_mode = mode; 367 inode->i_mode = mode;
368 inode->i_uid = current->fsuid; 368 inode->i_uid = current_fsuid();
369 inode->i_gid = current->fsgid; 369 inode->i_gid = current_fsgid();
370 inode->i_blocks = 0; 370 inode->i_blocks = 0;
371 inode->i_mapping->backing_dev_info = &dlmfs_backing_dev_info; 371 inode->i_mapping->backing_dev_info = &dlmfs_backing_dev_info;
372 inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; 372 inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME;
diff --git a/fs/ocfs2/namei.c b/fs/ocfs2/namei.c
index f4967e634ffd..2545e7402efe 100644
--- a/fs/ocfs2/namei.c
+++ b/fs/ocfs2/namei.c
@@ -421,13 +421,13 @@ static int ocfs2_mknod_locked(struct ocfs2_super *osb,
421 fe->i_blkno = cpu_to_le64(fe_blkno); 421 fe->i_blkno = cpu_to_le64(fe_blkno);
422 fe->i_suballoc_bit = cpu_to_le16(suballoc_bit); 422 fe->i_suballoc_bit = cpu_to_le16(suballoc_bit);
423 fe->i_suballoc_slot = cpu_to_le16(inode_ac->ac_alloc_slot); 423 fe->i_suballoc_slot = cpu_to_le16(inode_ac->ac_alloc_slot);
424 fe->i_uid = cpu_to_le32(current->fsuid); 424 fe->i_uid = cpu_to_le32(current_fsuid());
425 if (dir->i_mode & S_ISGID) { 425 if (dir->i_mode & S_ISGID) {
426 fe->i_gid = cpu_to_le32(dir->i_gid); 426 fe->i_gid = cpu_to_le32(dir->i_gid);
427 if (S_ISDIR(mode)) 427 if (S_ISDIR(mode))
428 mode |= S_ISGID; 428 mode |= S_ISGID;
429 } else 429 } else
430 fe->i_gid = cpu_to_le32(current->fsgid); 430 fe->i_gid = cpu_to_le32(current_fsgid());
431 fe->i_mode = cpu_to_le16(mode); 431 fe->i_mode = cpu_to_le16(mode);
432 if (S_ISCHR(mode) || S_ISBLK(mode)) 432 if (S_ISCHR(mode) || S_ISBLK(mode))
433 fe->id1.dev1.i_rdev = cpu_to_le64(huge_encode_dev(dev)); 433 fe->id1.dev1.i_rdev = cpu_to_le64(huge_encode_dev(dev));
diff --git a/fs/omfs/inode.c b/fs/omfs/inode.c
index cbf047a847c5..6afe57c84f84 100644
--- a/fs/omfs/inode.c
+++ b/fs/omfs/inode.c
@@ -37,8 +37,8 @@ struct inode *omfs_new_inode(struct inode *dir, int mode)
37 37
38 inode->i_ino = new_block; 38 inode->i_ino = new_block;
39 inode->i_mode = mode; 39 inode->i_mode = mode;
40 inode->i_uid = current->fsuid; 40 inode->i_uid = current_fsuid();
41 inode->i_gid = current->fsgid; 41 inode->i_gid = current_fsgid();
42 inode->i_blocks = 0; 42 inode->i_blocks = 0;
43 inode->i_mapping->a_ops = &omfs_aops; 43 inode->i_mapping->a_ops = &omfs_aops;
44 44
@@ -420,8 +420,8 @@ static int omfs_fill_super(struct super_block *sb, void *data, int silent)
420 420
421 sb->s_fs_info = sbi; 421 sb->s_fs_info = sbi;
422 422
423 sbi->s_uid = current->uid; 423 sbi->s_uid = current_uid();
424 sbi->s_gid = current->gid; 424 sbi->s_gid = current_gid();
425 sbi->s_dmask = sbi->s_fmask = current->fs->umask; 425 sbi->s_dmask = sbi->s_fmask = current->fs->umask;
426 426
427 if (!parse_options((char *) data, sbi)) 427 if (!parse_options((char *) data, sbi))
diff --git a/fs/open.c b/fs/open.c
index 83cdb9dee0c1..c0a426d5766c 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -425,39 +425,33 @@ out:
425 */ 425 */
426asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode) 426asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode)
427{ 427{
428 const struct cred *old_cred;
429 struct cred *override_cred;
428 struct path path; 430 struct path path;
429 struct inode *inode; 431 struct inode *inode;
430 int old_fsuid, old_fsgid;
431 kernel_cap_t uninitialized_var(old_cap); /* !SECURE_NO_SETUID_FIXUP */
432 int res; 432 int res;
433 433
434 if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */ 434 if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */
435 return -EINVAL; 435 return -EINVAL;
436 436
437 old_fsuid = current->fsuid; 437 override_cred = prepare_creds();
438 old_fsgid = current->fsgid; 438 if (!override_cred)
439 return -ENOMEM;
439 440
440 current->fsuid = current->uid; 441 override_cred->fsuid = override_cred->uid;
441 current->fsgid = current->gid; 442 override_cred->fsgid = override_cred->gid;
442 443
443 if (!issecure(SECURE_NO_SETUID_FIXUP)) { 444 if (!issecure(SECURE_NO_SETUID_FIXUP)) {
444 /* 445 /* Clear the capabilities if we switch to a non-root user */
445 * Clear the capabilities if we switch to a non-root user 446 if (override_cred->uid)
446 */ 447 cap_clear(override_cred->cap_effective);
447#ifndef CONFIG_SECURITY_FILE_CAPABILITIES
448 /*
449 * FIXME: There is a race here against sys_capset. The
450 * capabilities can change yet we will restore the old
451 * value below. We should hold task_capabilities_lock,
452 * but we cannot because user_path_at can sleep.
453 */
454#endif /* ndef CONFIG_SECURITY_FILE_CAPABILITIES */
455 if (current->uid)
456 old_cap = cap_set_effective(__cap_empty_set);
457 else 448 else
458 old_cap = cap_set_effective(current->cap_permitted); 449 override_cred->cap_effective =
450 override_cred->cap_permitted;
459 } 451 }
460 452
453 old_cred = override_creds(override_cred);
454
461 res = user_path_at(dfd, filename, LOOKUP_FOLLOW, &path); 455 res = user_path_at(dfd, filename, LOOKUP_FOLLOW, &path);
462 if (res) 456 if (res)
463 goto out; 457 goto out;
@@ -494,12 +488,8 @@ asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode)
494out_path_release: 488out_path_release:
495 path_put(&path); 489 path_put(&path);
496out: 490out:
497 current->fsuid = old_fsuid; 491 revert_creds(old_cred);
498 current->fsgid = old_fsgid; 492 put_cred(override_cred);
499
500 if (!issecure(SECURE_NO_SETUID_FIXUP))
501 cap_set_effective(old_cap);
502
503 return res; 493 return res;
504} 494}
505 495
@@ -792,7 +782,8 @@ static inline int __get_file_write_access(struct inode *inode,
792 782
793static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt, 783static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt,
794 int flags, struct file *f, 784 int flags, struct file *f,
795 int (*open)(struct inode *, struct file *)) 785 int (*open)(struct inode *, struct file *),
786 const struct cred *cred)
796{ 787{
797 struct inode *inode; 788 struct inode *inode;
798 int error; 789 int error;
@@ -816,7 +807,7 @@ static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt,
816 f->f_op = fops_get(inode->i_fop); 807 f->f_op = fops_get(inode->i_fop);
817 file_move(f, &inode->i_sb->s_files); 808 file_move(f, &inode->i_sb->s_files);
818 809
819 error = security_dentry_open(f); 810 error = security_dentry_open(f, cred);
820 if (error) 811 if (error)
821 goto cleanup_all; 812 goto cleanup_all;
822 813
@@ -891,6 +882,8 @@ cleanup_file:
891struct file *lookup_instantiate_filp(struct nameidata *nd, struct dentry *dentry, 882struct file *lookup_instantiate_filp(struct nameidata *nd, struct dentry *dentry,
892 int (*open)(struct inode *, struct file *)) 883 int (*open)(struct inode *, struct file *))
893{ 884{
885 const struct cred *cred = current_cred();
886
894 if (IS_ERR(nd->intent.open.file)) 887 if (IS_ERR(nd->intent.open.file))
895 goto out; 888 goto out;
896 if (IS_ERR(dentry)) 889 if (IS_ERR(dentry))
@@ -898,7 +891,7 @@ struct file *lookup_instantiate_filp(struct nameidata *nd, struct dentry *dentry
898 nd->intent.open.file = __dentry_open(dget(dentry), mntget(nd->path.mnt), 891 nd->intent.open.file = __dentry_open(dget(dentry), mntget(nd->path.mnt),
899 nd->intent.open.flags - 1, 892 nd->intent.open.flags - 1,
900 nd->intent.open.file, 893 nd->intent.open.file,
901 open); 894 open, cred);
902out: 895out:
903 return nd->intent.open.file; 896 return nd->intent.open.file;
904out_err: 897out_err:
@@ -917,6 +910,7 @@ EXPORT_SYMBOL_GPL(lookup_instantiate_filp);
917 */ 910 */
918struct file *nameidata_to_filp(struct nameidata *nd, int flags) 911struct file *nameidata_to_filp(struct nameidata *nd, int flags)
919{ 912{
913 const struct cred *cred = current_cred();
920 struct file *filp; 914 struct file *filp;
921 915
922 /* Pick up the filp from the open intent */ 916 /* Pick up the filp from the open intent */
@@ -924,7 +918,7 @@ struct file *nameidata_to_filp(struct nameidata *nd, int flags)
924 /* Has the filesystem initialised the file for us? */ 918 /* Has the filesystem initialised the file for us? */
925 if (filp->f_path.dentry == NULL) 919 if (filp->f_path.dentry == NULL)
926 filp = __dentry_open(nd->path.dentry, nd->path.mnt, flags, filp, 920 filp = __dentry_open(nd->path.dentry, nd->path.mnt, flags, filp,
927 NULL); 921 NULL, cred);
928 else 922 else
929 path_put(&nd->path); 923 path_put(&nd->path);
930 return filp; 924 return filp;
@@ -934,7 +928,8 @@ struct file *nameidata_to_filp(struct nameidata *nd, int flags)
934 * dentry_open() will have done dput(dentry) and mntput(mnt) if it returns an 928 * dentry_open() will have done dput(dentry) and mntput(mnt) if it returns an
935 * error. 929 * error.
936 */ 930 */
937struct file *dentry_open(struct dentry *dentry, struct vfsmount *mnt, int flags) 931struct file *dentry_open(struct dentry *dentry, struct vfsmount *mnt, int flags,
932 const struct cred *cred)
938{ 933{
939 int error; 934 int error;
940 struct file *f; 935 struct file *f;
@@ -959,7 +954,7 @@ struct file *dentry_open(struct dentry *dentry, struct vfsmount *mnt, int flags)
959 return ERR_PTR(error); 954 return ERR_PTR(error);
960 } 955 }
961 956
962 return __dentry_open(dentry, mnt, flags, f, NULL); 957 return __dentry_open(dentry, mnt, flags, f, NULL, cred);
963} 958}
964EXPORT_SYMBOL(dentry_open); 959EXPORT_SYMBOL(dentry_open);
965 960
diff --git a/fs/pipe.c b/fs/pipe.c
index 7aea8b89baac..aaf797bd57b9 100644
--- a/fs/pipe.c
+++ b/fs/pipe.c
@@ -899,8 +899,8 @@ static struct inode * get_pipe_inode(void)
899 */ 899 */
900 inode->i_state = I_DIRTY; 900 inode->i_state = I_DIRTY;
901 inode->i_mode = S_IFIFO | S_IRUSR | S_IWUSR; 901 inode->i_mode = S_IFIFO | S_IRUSR | S_IWUSR;
902 inode->i_uid = current->fsuid; 902 inode->i_uid = current_fsuid();
903 inode->i_gid = current->fsgid; 903 inode->i_gid = current_fsgid();
904 inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; 904 inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME;
905 905
906 return inode; 906 return inode;
diff --git a/fs/posix_acl.c b/fs/posix_acl.c
index aec931e09973..39df95a0ec25 100644
--- a/fs/posix_acl.c
+++ b/fs/posix_acl.c
@@ -217,11 +217,11 @@ posix_acl_permission(struct inode *inode, const struct posix_acl *acl, int want)
217 switch(pa->e_tag) { 217 switch(pa->e_tag) {
218 case ACL_USER_OBJ: 218 case ACL_USER_OBJ:
219 /* (May have been checked already) */ 219 /* (May have been checked already) */
220 if (inode->i_uid == current->fsuid) 220 if (inode->i_uid == current_fsuid())
221 goto check_perm; 221 goto check_perm;
222 break; 222 break;
223 case ACL_USER: 223 case ACL_USER:
224 if (pa->e_id == current->fsuid) 224 if (pa->e_id == current_fsuid())
225 goto mask; 225 goto mask;
226 break; 226 break;
227 case ACL_GROUP_OBJ: 227 case ACL_GROUP_OBJ:
diff --git a/fs/proc/array.c b/fs/proc/array.c
index 6af7fba7abb1..7e4877d9dcb5 100644
--- a/fs/proc/array.c
+++ b/fs/proc/array.c
@@ -159,6 +159,7 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns,
159 struct group_info *group_info; 159 struct group_info *group_info;
160 int g; 160 int g;
161 struct fdtable *fdt = NULL; 161 struct fdtable *fdt = NULL;
162 const struct cred *cred;
162 pid_t ppid, tpid; 163 pid_t ppid, tpid;
163 164
164 rcu_read_lock(); 165 rcu_read_lock();
@@ -170,6 +171,7 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns,
170 if (tracer) 171 if (tracer)
171 tpid = task_pid_nr_ns(tracer, ns); 172 tpid = task_pid_nr_ns(tracer, ns);
172 } 173 }
174 cred = get_cred((struct cred *) __task_cred(p));
173 seq_printf(m, 175 seq_printf(m,
174 "State:\t%s\n" 176 "State:\t%s\n"
175 "Tgid:\t%d\n" 177 "Tgid:\t%d\n"
@@ -182,8 +184,8 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns,
182 task_tgid_nr_ns(p, ns), 184 task_tgid_nr_ns(p, ns),
183 pid_nr_ns(pid, ns), 185 pid_nr_ns(pid, ns),
184 ppid, tpid, 186 ppid, tpid,
185 p->uid, p->euid, p->suid, p->fsuid, 187 cred->uid, cred->euid, cred->suid, cred->fsuid,
186 p->gid, p->egid, p->sgid, p->fsgid); 188 cred->gid, cred->egid, cred->sgid, cred->fsgid);
187 189
188 task_lock(p); 190 task_lock(p);
189 if (p->files) 191 if (p->files)
@@ -194,13 +196,12 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns,
194 fdt ? fdt->max_fds : 0); 196 fdt ? fdt->max_fds : 0);
195 rcu_read_unlock(); 197 rcu_read_unlock();
196 198
197 group_info = p->group_info; 199 group_info = cred->group_info;
198 get_group_info(group_info);
199 task_unlock(p); 200 task_unlock(p);
200 201
201 for (g = 0; g < min(group_info->ngroups, NGROUPS_SMALL); g++) 202 for (g = 0; g < min(group_info->ngroups, NGROUPS_SMALL); g++)
202 seq_printf(m, "%d ", GROUP_AT(group_info, g)); 203 seq_printf(m, "%d ", GROUP_AT(group_info, g));
203 put_group_info(group_info); 204 put_cred(cred);
204 205
205 seq_printf(m, "\n"); 206 seq_printf(m, "\n");
206} 207}
@@ -262,7 +263,7 @@ static inline void task_sig(struct seq_file *m, struct task_struct *p)
262 blocked = p->blocked; 263 blocked = p->blocked;
263 collect_sigign_sigcatch(p, &ignored, &caught); 264 collect_sigign_sigcatch(p, &ignored, &caught);
264 num_threads = atomic_read(&p->signal->count); 265 num_threads = atomic_read(&p->signal->count);
265 qsize = atomic_read(&p->user->sigpending); 266 qsize = atomic_read(&__task_cred(p)->user->sigpending);
266 qlim = p->signal->rlim[RLIMIT_SIGPENDING].rlim_cur; 267 qlim = p->signal->rlim[RLIMIT_SIGPENDING].rlim_cur;
267 unlock_task_sighand(p, &flags); 268 unlock_task_sighand(p, &flags);
268 } 269 }
@@ -293,10 +294,21 @@ static void render_cap_t(struct seq_file *m, const char *header,
293 294
294static inline void task_cap(struct seq_file *m, struct task_struct *p) 295static inline void task_cap(struct seq_file *m, struct task_struct *p)
295{ 296{
296 render_cap_t(m, "CapInh:\t", &p->cap_inheritable); 297 const struct cred *cred;
297 render_cap_t(m, "CapPrm:\t", &p->cap_permitted); 298 kernel_cap_t cap_inheritable, cap_permitted, cap_effective, cap_bset;
298 render_cap_t(m, "CapEff:\t", &p->cap_effective); 299
299 render_cap_t(m, "CapBnd:\t", &p->cap_bset); 300 rcu_read_lock();
301 cred = __task_cred(p);
302 cap_inheritable = cred->cap_inheritable;
303 cap_permitted = cred->cap_permitted;
304 cap_effective = cred->cap_effective;
305 cap_bset = cred->cap_bset;
306 rcu_read_unlock();
307
308 render_cap_t(m, "CapInh:\t", &cap_inheritable);
309 render_cap_t(m, "CapPrm:\t", &cap_permitted);
310 render_cap_t(m, "CapEff:\t", &cap_effective);
311 render_cap_t(m, "CapBnd:\t", &cap_bset);
300} 312}
301 313
302static inline void task_context_switch_counts(struct seq_file *m, 314static inline void task_context_switch_counts(struct seq_file *m,
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 486cf3fe7139..cf42c42cbfbb 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1406,6 +1406,7 @@ static struct inode *proc_pid_make_inode(struct super_block * sb, struct task_st
1406{ 1406{
1407 struct inode * inode; 1407 struct inode * inode;
1408 struct proc_inode *ei; 1408 struct proc_inode *ei;
1409 const struct cred *cred;
1409 1410
1410 /* We need a new inode */ 1411 /* We need a new inode */
1411 1412
@@ -1428,8 +1429,11 @@ static struct inode *proc_pid_make_inode(struct super_block * sb, struct task_st
1428 inode->i_uid = 0; 1429 inode->i_uid = 0;
1429 inode->i_gid = 0; 1430 inode->i_gid = 0;
1430 if (task_dumpable(task)) { 1431 if (task_dumpable(task)) {
1431 inode->i_uid = task->euid; 1432 rcu_read_lock();
1432 inode->i_gid = task->egid; 1433 cred = __task_cred(task);
1434 inode->i_uid = cred->euid;
1435 inode->i_gid = cred->egid;
1436 rcu_read_unlock();
1433 } 1437 }
1434 security_task_to_inode(task, inode); 1438 security_task_to_inode(task, inode);
1435 1439
@@ -1445,6 +1449,8 @@ static int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat
1445{ 1449{
1446 struct inode *inode = dentry->d_inode; 1450 struct inode *inode = dentry->d_inode;
1447 struct task_struct *task; 1451 struct task_struct *task;
1452 const struct cred *cred;
1453
1448 generic_fillattr(inode, stat); 1454 generic_fillattr(inode, stat);
1449 1455
1450 rcu_read_lock(); 1456 rcu_read_lock();
@@ -1454,8 +1460,9 @@ static int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat
1454 if (task) { 1460 if (task) {
1455 if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || 1461 if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
1456 task_dumpable(task)) { 1462 task_dumpable(task)) {
1457 stat->uid = task->euid; 1463 cred = __task_cred(task);
1458 stat->gid = task->egid; 1464 stat->uid = cred->euid;
1465 stat->gid = cred->egid;
1459 } 1466 }
1460 } 1467 }
1461 rcu_read_unlock(); 1468 rcu_read_unlock();
@@ -1483,11 +1490,16 @@ static int pid_revalidate(struct dentry *dentry, struct nameidata *nd)
1483{ 1490{
1484 struct inode *inode = dentry->d_inode; 1491 struct inode *inode = dentry->d_inode;
1485 struct task_struct *task = get_proc_task(inode); 1492 struct task_struct *task = get_proc_task(inode);
1493 const struct cred *cred;
1494
1486 if (task) { 1495 if (task) {
1487 if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || 1496 if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
1488 task_dumpable(task)) { 1497 task_dumpable(task)) {
1489 inode->i_uid = task->euid; 1498 rcu_read_lock();
1490 inode->i_gid = task->egid; 1499 cred = __task_cred(task);
1500 inode->i_uid = cred->euid;
1501 inode->i_gid = cred->egid;
1502 rcu_read_unlock();
1491 } else { 1503 } else {
1492 inode->i_uid = 0; 1504 inode->i_uid = 0;
1493 inode->i_gid = 0; 1505 inode->i_gid = 0;
@@ -1649,6 +1661,7 @@ static int tid_fd_revalidate(struct dentry *dentry, struct nameidata *nd)
1649 struct task_struct *task = get_proc_task(inode); 1661 struct task_struct *task = get_proc_task(inode);
1650 int fd = proc_fd(inode); 1662 int fd = proc_fd(inode);
1651 struct files_struct *files; 1663 struct files_struct *files;
1664 const struct cred *cred;
1652 1665
1653 if (task) { 1666 if (task) {
1654 files = get_files_struct(task); 1667 files = get_files_struct(task);
@@ -1658,8 +1671,11 @@ static int tid_fd_revalidate(struct dentry *dentry, struct nameidata *nd)
1658 rcu_read_unlock(); 1671 rcu_read_unlock();
1659 put_files_struct(files); 1672 put_files_struct(files);
1660 if (task_dumpable(task)) { 1673 if (task_dumpable(task)) {
1661 inode->i_uid = task->euid; 1674 rcu_read_lock();
1662 inode->i_gid = task->egid; 1675 cred = __task_cred(task);
1676 inode->i_uid = cred->euid;
1677 inode->i_gid = cred->egid;
1678 rcu_read_unlock();
1663 } else { 1679 } else {
1664 inode->i_uid = 0; 1680 inode->i_uid = 0;
1665 inode->i_gid = 0; 1681 inode->i_gid = 0;
diff --git a/fs/quota.c b/fs/quota.c
index 7f4386ebc23a..b7fe44e01618 100644
--- a/fs/quota.c
+++ b/fs/quota.c
@@ -79,7 +79,7 @@ static int generic_quotactl_valid(struct super_block *sb, int type, int cmd, qid
79 79
80 /* Check privileges */ 80 /* Check privileges */
81 if (cmd == Q_GETQUOTA) { 81 if (cmd == Q_GETQUOTA) {
82 if (((type == USRQUOTA && current->euid != id) || 82 if (((type == USRQUOTA && current_euid() != id) ||
83 (type == GRPQUOTA && !in_egroup_p(id))) && 83 (type == GRPQUOTA && !in_egroup_p(id))) &&
84 !capable(CAP_SYS_ADMIN)) 84 !capable(CAP_SYS_ADMIN))
85 return -EPERM; 85 return -EPERM;
@@ -130,7 +130,7 @@ static int xqm_quotactl_valid(struct super_block *sb, int type, int cmd, qid_t i
130 130
131 /* Check privileges */ 131 /* Check privileges */
132 if (cmd == Q_XGETQUOTA) { 132 if (cmd == Q_XGETQUOTA) {
133 if (((type == XQM_USRQUOTA && current->euid != id) || 133 if (((type == XQM_USRQUOTA && current_euid() != id) ||
134 (type == XQM_GRPQUOTA && !in_egroup_p(id))) && 134 (type == XQM_GRPQUOTA && !in_egroup_p(id))) &&
135 !capable(CAP_SYS_ADMIN)) 135 !capable(CAP_SYS_ADMIN))
136 return -EPERM; 136 return -EPERM;
diff --git a/fs/ramfs/inode.c b/fs/ramfs/inode.c
index f031d1c925f0..a83a3518ae33 100644
--- a/fs/ramfs/inode.c
+++ b/fs/ramfs/inode.c
@@ -55,8 +55,8 @@ struct inode *ramfs_get_inode(struct super_block *sb, int mode, dev_t dev)
55 55
56 if (inode) { 56 if (inode) {
57 inode->i_mode = mode; 57 inode->i_mode = mode;
58 inode->i_uid = current->fsuid; 58 inode->i_uid = current_fsuid();
59 inode->i_gid = current->fsgid; 59 inode->i_gid = current_fsgid();
60 inode->i_blocks = 0; 60 inode->i_blocks = 0;
61 inode->i_mapping->a_ops = &ramfs_aops; 61 inode->i_mapping->a_ops = &ramfs_aops;
62 inode->i_mapping->backing_dev_info = &ramfs_backing_dev_info; 62 inode->i_mapping->backing_dev_info = &ramfs_backing_dev_info;
diff --git a/fs/reiserfs/namei.c b/fs/reiserfs/namei.c
index f89ebb943f3f..4f322e5ed840 100644
--- a/fs/reiserfs/namei.c
+++ b/fs/reiserfs/namei.c
@@ -573,7 +573,7 @@ static int new_inode_init(struct inode *inode, struct inode *dir, int mode)
573 /* the quota init calls have to know who to charge the quota to, so 573 /* the quota init calls have to know who to charge the quota to, so
574 ** we have to set uid and gid here 574 ** we have to set uid and gid here
575 */ 575 */
576 inode->i_uid = current->fsuid; 576 inode->i_uid = current_fsuid();
577 inode->i_mode = mode; 577 inode->i_mode = mode;
578 /* Make inode invalid - just in case we are going to drop it before 578 /* Make inode invalid - just in case we are going to drop it before
579 * the initialization happens */ 579 * the initialization happens */
@@ -584,7 +584,7 @@ static int new_inode_init(struct inode *inode, struct inode *dir, int mode)
584 if (S_ISDIR(mode)) 584 if (S_ISDIR(mode))
585 inode->i_mode |= S_ISGID; 585 inode->i_mode |= S_ISGID;
586 } else { 586 } else {
587 inode->i_gid = current->fsgid; 587 inode->i_gid = current_fsgid();
588 } 588 }
589 DQUOT_INIT(inode); 589 DQUOT_INIT(inode);
590 return 0; 590 return 0;
diff --git a/fs/smbfs/dir.c b/fs/smbfs/dir.c
index 48da4fa6b7d4..e7ddd0328ddc 100644
--- a/fs/smbfs/dir.c
+++ b/fs/smbfs/dir.c
@@ -667,8 +667,7 @@ smb_make_node(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
667 667
668 attr.ia_valid = ATTR_MODE | ATTR_UID | ATTR_GID; 668 attr.ia_valid = ATTR_MODE | ATTR_UID | ATTR_GID;
669 attr.ia_mode = mode; 669 attr.ia_mode = mode;
670 attr.ia_uid = current->euid; 670 current_euid_egid(&attr.ia_uid, &attr.ia_gid);
671 attr.ia_gid = current->egid;
672 671
673 if (!new_valid_dev(dev)) 672 if (!new_valid_dev(dev))
674 return -EINVAL; 673 return -EINVAL;
diff --git a/fs/smbfs/inode.c b/fs/smbfs/inode.c
index 3528f40ffb0f..fc27fbfc5397 100644
--- a/fs/smbfs/inode.c
+++ b/fs/smbfs/inode.c
@@ -586,7 +586,7 @@ static int smb_fill_super(struct super_block *sb, void *raw_data, int silent)
586 if (parse_options(mnt, raw_data)) 586 if (parse_options(mnt, raw_data))
587 goto out_bad_option; 587 goto out_bad_option;
588 } 588 }
589 mnt->mounted_uid = current->uid; 589 mnt->mounted_uid = current_uid();
590 smb_setcodepage(server, &mnt->codepage); 590 smb_setcodepage(server, &mnt->codepage);
591 591
592 /* 592 /*
diff --git a/fs/smbfs/proc.c b/fs/smbfs/proc.c
index ee536e8a649a..9468168b9af5 100644
--- a/fs/smbfs/proc.c
+++ b/fs/smbfs/proc.c
@@ -864,7 +864,7 @@ smb_newconn(struct smb_sb_info *server, struct smb_conn_opt *opt)
864 goto out; 864 goto out;
865 865
866 error = -EACCES; 866 error = -EACCES;
867 if (current->uid != server->mnt->mounted_uid && 867 if (current_uid() != server->mnt->mounted_uid &&
868 !capable(CAP_SYS_ADMIN)) 868 !capable(CAP_SYS_ADMIN))
869 goto out; 869 goto out;
870 870
diff --git a/fs/sysv/ialloc.c b/fs/sysv/ialloc.c
index 115ab0d6f4bc..241e9765cfad 100644
--- a/fs/sysv/ialloc.c
+++ b/fs/sysv/ialloc.c
@@ -165,9 +165,9 @@ struct inode * sysv_new_inode(const struct inode * dir, mode_t mode)
165 if (S_ISDIR(mode)) 165 if (S_ISDIR(mode))
166 mode |= S_ISGID; 166 mode |= S_ISGID;
167 } else 167 } else
168 inode->i_gid = current->fsgid; 168 inode->i_gid = current_fsgid();
169 169
170 inode->i_uid = current->fsuid; 170 inode->i_uid = current_fsuid();
171 inode->i_ino = fs16_to_cpu(sbi, ino); 171 inode->i_ino = fs16_to_cpu(sbi, ino);
172 inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC; 172 inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC;
173 inode->i_blocks = 0; 173 inode->i_blocks = 0;
diff --git a/fs/ubifs/budget.c b/fs/ubifs/budget.c
index 1a4973e10664..4a18f084cc42 100644
--- a/fs/ubifs/budget.c
+++ b/fs/ubifs/budget.c
@@ -363,7 +363,7 @@ long long ubifs_calc_available(const struct ubifs_info *c, int min_idx_lebs)
363 */ 363 */
364static int can_use_rp(struct ubifs_info *c) 364static int can_use_rp(struct ubifs_info *c)
365{ 365{
366 if (current->fsuid == c->rp_uid || capable(CAP_SYS_RESOURCE) || 366 if (current_fsuid() == c->rp_uid || capable(CAP_SYS_RESOURCE) ||
367 (c->rp_gid != 0 && in_group_p(c->rp_gid))) 367 (c->rp_gid != 0 && in_group_p(c->rp_gid)))
368 return 1; 368 return 1;
369 return 0; 369 return 0;
diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c
index 526c01ec8003..856189014a3a 100644
--- a/fs/ubifs/dir.c
+++ b/fs/ubifs/dir.c
@@ -104,13 +104,13 @@ struct inode *ubifs_new_inode(struct ubifs_info *c, const struct inode *dir,
104 */ 104 */
105 inode->i_flags |= (S_NOCMTIME); 105 inode->i_flags |= (S_NOCMTIME);
106 106
107 inode->i_uid = current->fsuid; 107 inode->i_uid = current_fsuid();
108 if (dir->i_mode & S_ISGID) { 108 if (dir->i_mode & S_ISGID) {
109 inode->i_gid = dir->i_gid; 109 inode->i_gid = dir->i_gid;
110 if (S_ISDIR(mode)) 110 if (S_ISDIR(mode))
111 mode |= S_ISGID; 111 mode |= S_ISGID;
112 } else 112 } else
113 inode->i_gid = current->fsgid; 113 inode->i_gid = current_fsgid();
114 inode->i_mode = mode; 114 inode->i_mode = mode;
115 inode->i_mtime = inode->i_atime = inode->i_ctime = 115 inode->i_mtime = inode->i_atime = inode->i_ctime =
116 ubifs_current_time(inode); 116 ubifs_current_time(inode);
diff --git a/fs/udf/ialloc.c b/fs/udf/ialloc.c
index a4f2b3ce45b0..31fc84297ddb 100644
--- a/fs/udf/ialloc.c
+++ b/fs/udf/ialloc.c
@@ -126,13 +126,13 @@ struct inode *udf_new_inode(struct inode *dir, int mode, int *err)
126 } 126 }
127 mutex_unlock(&sbi->s_alloc_mutex); 127 mutex_unlock(&sbi->s_alloc_mutex);
128 inode->i_mode = mode; 128 inode->i_mode = mode;
129 inode->i_uid = current->fsuid; 129 inode->i_uid = current_fsuid();
130 if (dir->i_mode & S_ISGID) { 130 if (dir->i_mode & S_ISGID) {
131 inode->i_gid = dir->i_gid; 131 inode->i_gid = dir->i_gid;
132 if (S_ISDIR(mode)) 132 if (S_ISDIR(mode))
133 mode |= S_ISGID; 133 mode |= S_ISGID;
134 } else { 134 } else {
135 inode->i_gid = current->fsgid; 135 inode->i_gid = current_fsgid();
136 } 136 }
137 137
138 iinfo->i_location.logicalBlockNum = block; 138 iinfo->i_location.logicalBlockNum = block;
diff --git a/fs/udf/namei.c b/fs/udf/namei.c
index 082409cd4b8a..f84bfaa8d941 100644
--- a/fs/udf/namei.c
+++ b/fs/udf/namei.c
@@ -604,7 +604,7 @@ static int udf_mknod(struct inode *dir, struct dentry *dentry, int mode,
604 goto out; 604 goto out;
605 605
606 iinfo = UDF_I(inode); 606 iinfo = UDF_I(inode);
607 inode->i_uid = current->fsuid; 607 inode->i_uid = current_fsuid();
608 init_special_inode(inode, mode, rdev); 608 init_special_inode(inode, mode, rdev);
609 fi = udf_add_entry(dir, dentry, &fibh, &cfi, &err); 609 fi = udf_add_entry(dir, dentry, &fibh, &cfi, &err);
610 if (!fi) { 610 if (!fi) {
diff --git a/fs/ufs/ialloc.c b/fs/ufs/ialloc.c
index ac181f6806a3..6f5dcf006096 100644
--- a/fs/ufs/ialloc.c
+++ b/fs/ufs/ialloc.c
@@ -304,13 +304,13 @@ cg_found:
304 304
305 inode->i_ino = cg * uspi->s_ipg + bit; 305 inode->i_ino = cg * uspi->s_ipg + bit;
306 inode->i_mode = mode; 306 inode->i_mode = mode;
307 inode->i_uid = current->fsuid; 307 inode->i_uid = current_fsuid();
308 if (dir->i_mode & S_ISGID) { 308 if (dir->i_mode & S_ISGID) {
309 inode->i_gid = dir->i_gid; 309 inode->i_gid = dir->i_gid;
310 if (S_ISDIR(mode)) 310 if (S_ISDIR(mode))
311 inode->i_mode |= S_ISGID; 311 inode->i_mode |= S_ISGID;
312 } else 312 } else
313 inode->i_gid = current->fsgid; 313 inode->i_gid = current_fsgid();
314 314
315 inode->i_blocks = 0; 315 inode->i_blocks = 0;
316 inode->i_generation = 0; 316 inode->i_generation = 0;
diff --git a/fs/xfs/linux-2.6/xfs_cred.h b/fs/xfs/linux-2.6/xfs_cred.h
index 652721ce0ea5..8c022cd0ad67 100644
--- a/fs/xfs/linux-2.6/xfs_cred.h
+++ b/fs/xfs/linux-2.6/xfs_cred.h
@@ -23,11 +23,9 @@
23/* 23/*
24 * Credentials 24 * Credentials
25 */ 25 */
26typedef struct cred { 26typedef const struct cred cred_t;
27 /* EMPTY */
28} cred_t;
29 27
30extern struct cred *sys_cred; 28extern cred_t *sys_cred;
31 29
32/* this is a hack.. (assumes sys_cred is the only cred_t in the system) */ 30/* this is a hack.. (assumes sys_cred is the only cred_t in the system) */
33static inline int capable_cred(cred_t *cr, int cid) 31static inline int capable_cred(cred_t *cr, int cid)
diff --git a/fs/xfs/linux-2.6/xfs_globals.h b/fs/xfs/linux-2.6/xfs_globals.h
index 2770b0085ee8..6eda8a3eb6f1 100644
--- a/fs/xfs/linux-2.6/xfs_globals.h
+++ b/fs/xfs/linux-2.6/xfs_globals.h
@@ -19,6 +19,6 @@
19#define __XFS_GLOBALS_H__ 19#define __XFS_GLOBALS_H__
20 20
21extern uint64_t xfs_panic_mask; /* set to cause more panics */ 21extern uint64_t xfs_panic_mask; /* set to cause more panics */
22extern struct cred *sys_cred; 22extern cred_t *sys_cred;
23 23
24#endif /* __XFS_GLOBALS_H__ */ 24#endif /* __XFS_GLOBALS_H__ */
diff --git a/fs/xfs/linux-2.6/xfs_ioctl.c b/fs/xfs/linux-2.6/xfs_ioctl.c
index d3438c72dcaf..281cbd5a25cf 100644
--- a/fs/xfs/linux-2.6/xfs_ioctl.c
+++ b/fs/xfs/linux-2.6/xfs_ioctl.c
@@ -256,6 +256,7 @@ xfs_open_by_handle(
256 struct file *parfilp, 256 struct file *parfilp,
257 struct inode *parinode) 257 struct inode *parinode)
258{ 258{
259 const struct cred *cred = current_cred();
259 int error; 260 int error;
260 int new_fd; 261 int new_fd;
261 int permflag; 262 int permflag;
@@ -321,7 +322,7 @@ xfs_open_by_handle(
321 mntget(parfilp->f_path.mnt); 322 mntget(parfilp->f_path.mnt);
322 323
323 /* Create file pointer. */ 324 /* Create file pointer. */
324 filp = dentry_open(dentry, parfilp->f_path.mnt, hreq.oflags); 325 filp = dentry_open(dentry, parfilp->f_path.mnt, hreq.oflags, cred);
325 if (IS_ERR(filp)) { 326 if (IS_ERR(filp)) {
326 put_unused_fd(new_fd); 327 put_unused_fd(new_fd);
327 return -XFS_ERROR(-PTR_ERR(filp)); 328 return -XFS_ERROR(-PTR_ERR(filp));
@@ -1007,7 +1008,7 @@ xfs_ioctl_setattr(
1007 * to the file owner ID, except in cases where the 1008 * to the file owner ID, except in cases where the
1008 * CAP_FSETID capability is applicable. 1009 * CAP_FSETID capability is applicable.
1009 */ 1010 */
1010 if (current->fsuid != ip->i_d.di_uid && !capable(CAP_FOWNER)) { 1011 if (current_fsuid() != ip->i_d.di_uid && !capable(CAP_FOWNER)) {
1011 code = XFS_ERROR(EPERM); 1012 code = XFS_ERROR(EPERM);
1012 goto error_return; 1013 goto error_return;
1013 } 1014 }
diff --git a/fs/xfs/xfs_acl.c b/fs/xfs/xfs_acl.c
index b2f639a1416f..91d69338d3b2 100644
--- a/fs/xfs/xfs_acl.c
+++ b/fs/xfs/xfs_acl.c
@@ -366,7 +366,7 @@ xfs_acl_allow_set(
366 return ENOTDIR; 366 return ENOTDIR;
367 if (vp->i_sb->s_flags & MS_RDONLY) 367 if (vp->i_sb->s_flags & MS_RDONLY)
368 return EROFS; 368 return EROFS;
369 if (XFS_I(vp)->i_d.di_uid != current->fsuid && !capable(CAP_FOWNER)) 369 if (XFS_I(vp)->i_d.di_uid != current_fsuid() && !capable(CAP_FOWNER))
370 return EPERM; 370 return EPERM;
371 return 0; 371 return 0;
372} 372}
@@ -413,13 +413,13 @@ xfs_acl_access(
413 switch (fap->acl_entry[i].ae_tag) { 413 switch (fap->acl_entry[i].ae_tag) {
414 case ACL_USER_OBJ: 414 case ACL_USER_OBJ:
415 seen_userobj = 1; 415 seen_userobj = 1;
416 if (fuid != current->fsuid) 416 if (fuid != current_fsuid())
417 continue; 417 continue;
418 matched.ae_tag = ACL_USER_OBJ; 418 matched.ae_tag = ACL_USER_OBJ;
419 matched.ae_perm = allows; 419 matched.ae_perm = allows;
420 break; 420 break;
421 case ACL_USER: 421 case ACL_USER:
422 if (fap->acl_entry[i].ae_id != current->fsuid) 422 if (fap->acl_entry[i].ae_id != current_fsuid())
423 continue; 423 continue;
424 matched.ae_tag = ACL_USER; 424 matched.ae_tag = ACL_USER;
425 matched.ae_perm = allows; 425 matched.ae_perm = allows;
diff --git a/fs/xfs/xfs_inode.h b/fs/xfs/xfs_inode.h
index 1420c49674d7..6be310d41daf 100644
--- a/fs/xfs/xfs_inode.h
+++ b/fs/xfs/xfs_inode.h
@@ -497,7 +497,7 @@ int xfs_iread(struct xfs_mount *, struct xfs_trans *, xfs_ino_t,
497 xfs_inode_t **, xfs_daddr_t, uint); 497 xfs_inode_t **, xfs_daddr_t, uint);
498int xfs_iread_extents(struct xfs_trans *, xfs_inode_t *, int); 498int xfs_iread_extents(struct xfs_trans *, xfs_inode_t *, int);
499int xfs_ialloc(struct xfs_trans *, xfs_inode_t *, mode_t, 499int xfs_ialloc(struct xfs_trans *, xfs_inode_t *, mode_t,
500 xfs_nlink_t, xfs_dev_t, struct cred *, xfs_prid_t, 500 xfs_nlink_t, xfs_dev_t, cred_t *, xfs_prid_t,
501 int, struct xfs_buf **, boolean_t *, xfs_inode_t **); 501 int, struct xfs_buf **, boolean_t *, xfs_inode_t **);
502void xfs_dinode_from_disk(struct xfs_icdinode *, 502void xfs_dinode_from_disk(struct xfs_icdinode *,
503 struct xfs_dinode_core *); 503 struct xfs_dinode_core *);
diff --git a/fs/xfs/xfs_vnodeops.h b/fs/xfs/xfs_vnodeops.h
index e932a96bec54..7b0c2ab88333 100644
--- a/fs/xfs/xfs_vnodeops.h
+++ b/fs/xfs/xfs_vnodeops.h
@@ -16,7 +16,7 @@ struct xfs_iomap;
16 16
17int xfs_open(struct xfs_inode *ip); 17int xfs_open(struct xfs_inode *ip);
18int xfs_setattr(struct xfs_inode *ip, struct iattr *vap, int flags, 18int xfs_setattr(struct xfs_inode *ip, struct iattr *vap, int flags,
19 struct cred *credp); 19 cred_t *credp);
20#define XFS_ATTR_DMI 0x01 /* invocation from a DMI function */ 20#define XFS_ATTR_DMI 0x01 /* invocation from a DMI function */
21#define XFS_ATTR_NONBLOCK 0x02 /* return EAGAIN if operation would block */ 21#define XFS_ATTR_NONBLOCK 0x02 /* return EAGAIN if operation would block */
22#define XFS_ATTR_NOLOCK 0x04 /* Don't grab any conflicting locks */ 22#define XFS_ATTR_NOLOCK 0x04 /* Don't grab any conflicting locks */
@@ -28,24 +28,24 @@ int xfs_inactive(struct xfs_inode *ip);
28int xfs_lookup(struct xfs_inode *dp, struct xfs_name *name, 28int xfs_lookup(struct xfs_inode *dp, struct xfs_name *name,
29 struct xfs_inode **ipp, struct xfs_name *ci_name); 29 struct xfs_inode **ipp, struct xfs_name *ci_name);
30int xfs_create(struct xfs_inode *dp, struct xfs_name *name, mode_t mode, 30int xfs_create(struct xfs_inode *dp, struct xfs_name *name, mode_t mode,
31 xfs_dev_t rdev, struct xfs_inode **ipp, struct cred *credp); 31 xfs_dev_t rdev, struct xfs_inode **ipp, cred_t *credp);
32int xfs_remove(struct xfs_inode *dp, struct xfs_name *name, 32int xfs_remove(struct xfs_inode *dp, struct xfs_name *name,
33 struct xfs_inode *ip); 33 struct xfs_inode *ip);
34int xfs_link(struct xfs_inode *tdp, struct xfs_inode *sip, 34int xfs_link(struct xfs_inode *tdp, struct xfs_inode *sip,
35 struct xfs_name *target_name); 35 struct xfs_name *target_name);
36int xfs_mkdir(struct xfs_inode *dp, struct xfs_name *dir_name, 36int xfs_mkdir(struct xfs_inode *dp, struct xfs_name *dir_name,
37 mode_t mode, struct xfs_inode **ipp, struct cred *credp); 37 mode_t mode, struct xfs_inode **ipp, cred_t *credp);
38int xfs_readdir(struct xfs_inode *dp, void *dirent, size_t bufsize, 38int xfs_readdir(struct xfs_inode *dp, void *dirent, size_t bufsize,
39 xfs_off_t *offset, filldir_t filldir); 39 xfs_off_t *offset, filldir_t filldir);
40int xfs_symlink(struct xfs_inode *dp, struct xfs_name *link_name, 40int xfs_symlink(struct xfs_inode *dp, struct xfs_name *link_name,
41 const char *target_path, mode_t mode, struct xfs_inode **ipp, 41 const char *target_path, mode_t mode, struct xfs_inode **ipp,
42 struct cred *credp); 42 cred_t *credp);
43int xfs_inode_flush(struct xfs_inode *ip, int flags); 43int xfs_inode_flush(struct xfs_inode *ip, int flags);
44int xfs_set_dmattrs(struct xfs_inode *ip, u_int evmask, u_int16_t state); 44int xfs_set_dmattrs(struct xfs_inode *ip, u_int evmask, u_int16_t state);
45int xfs_reclaim(struct xfs_inode *ip); 45int xfs_reclaim(struct xfs_inode *ip);
46int xfs_change_file_space(struct xfs_inode *ip, int cmd, 46int xfs_change_file_space(struct xfs_inode *ip, int cmd,
47 xfs_flock64_t *bf, xfs_off_t offset, 47 xfs_flock64_t *bf, xfs_off_t offset,
48 struct cred *credp, int attr_flags); 48 cred_t *credp, int attr_flags);
49int xfs_rename(struct xfs_inode *src_dp, struct xfs_name *src_name, 49int xfs_rename(struct xfs_inode *src_dp, struct xfs_name *src_name,
50 struct xfs_inode *src_ip, struct xfs_inode *target_dp, 50 struct xfs_inode *src_ip, struct xfs_inode *target_dp,
51 struct xfs_name *target_name, struct xfs_inode *target_ip); 51 struct xfs_name *target_name, struct xfs_inode *target_ip);
diff --git a/include/keys/keyring-type.h b/include/keys/keyring-type.h
new file mode 100644
index 000000000000..843f872a4b63
--- /dev/null
+++ b/include/keys/keyring-type.h
@@ -0,0 +1,31 @@
1/* Keyring key type
2 *
3 * Copyright (C) 2008 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 */
11
12#ifndef _KEYS_KEYRING_TYPE_H
13#define _KEYS_KEYRING_TYPE_H
14
15#include <linux/key.h>
16#include <linux/rcupdate.h>
17
18/*
19 * the keyring payload contains a list of the keys to which the keyring is
20 * subscribed
21 */
22struct keyring_list {
23 struct rcu_head rcu; /* RCU deletion hook */
24 unsigned short maxkeys; /* max keys this list can hold */
25 unsigned short nkeys; /* number of keys currently held */
26 unsigned short delkey; /* key to be unlinked by RCU */
27 struct key *keys[0];
28};
29
30
31#endif /* _KEYS_KEYRING_TYPE_H */
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 6272a395d43c..e8ce2c4c7ac7 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -99,6 +99,8 @@
99#define AUDIT_OBJ_PID 1318 /* ptrace target */ 99#define AUDIT_OBJ_PID 1318 /* ptrace target */
100#define AUDIT_TTY 1319 /* Input on an administrative TTY */ 100#define AUDIT_TTY 1319 /* Input on an administrative TTY */
101#define AUDIT_EOE 1320 /* End of multi-record event */ 101#define AUDIT_EOE 1320 /* End of multi-record event */
102#define AUDIT_BPRM_FCAPS 1321 /* Information about fcaps increasing perms */
103#define AUDIT_CAPSET 1322 /* Record showing argument to sys_capset */
102 104
103#define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ 105#define AUDIT_AVC 1400 /* SE Linux avc denial or grant */
104#define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ 106#define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */
@@ -452,6 +454,10 @@ extern int __audit_mq_timedsend(mqd_t mqdes, size_t msg_len, unsigned int msg_pr
452extern int __audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, unsigned int __user *u_msg_prio, const struct timespec __user *u_abs_timeout); 454extern int __audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, unsigned int __user *u_msg_prio, const struct timespec __user *u_abs_timeout);
453extern int __audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification); 455extern int __audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification);
454extern int __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat); 456extern int __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat);
457extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm,
458 const struct cred *new,
459 const struct cred *old);
460extern int __audit_log_capset(pid_t pid, const struct cred *new, const struct cred *old);
455 461
456static inline int audit_ipc_obj(struct kern_ipc_perm *ipcp) 462static inline int audit_ipc_obj(struct kern_ipc_perm *ipcp)
457{ 463{
@@ -501,6 +507,24 @@ static inline int audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat)
501 return __audit_mq_getsetattr(mqdes, mqstat); 507 return __audit_mq_getsetattr(mqdes, mqstat);
502 return 0; 508 return 0;
503} 509}
510
511static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm,
512 const struct cred *new,
513 const struct cred *old)
514{
515 if (unlikely(!audit_dummy_context()))
516 return __audit_log_bprm_fcaps(bprm, new, old);
517 return 0;
518}
519
520static inline int audit_log_capset(pid_t pid, const struct cred *new,
521 const struct cred *old)
522{
523 if (unlikely(!audit_dummy_context()))
524 return __audit_log_capset(pid, new, old);
525 return 0;
526}
527
504extern int audit_n_rules; 528extern int audit_n_rules;
505extern int audit_signals; 529extern int audit_signals;
506#else 530#else
@@ -532,6 +556,8 @@ extern int audit_signals;
532#define audit_mq_timedreceive(d,l,p,t) ({ 0; }) 556#define audit_mq_timedreceive(d,l,p,t) ({ 0; })
533#define audit_mq_notify(d,n) ({ 0; }) 557#define audit_mq_notify(d,n) ({ 0; })
534#define audit_mq_getsetattr(d,s) ({ 0; }) 558#define audit_mq_getsetattr(d,s) ({ 0; })
559#define audit_log_bprm_fcaps(b, ncr, ocr) ({ 0; })
560#define audit_log_capset(pid, ncr, ocr) ({ 0; })
535#define audit_ptrace(t) ((void)0) 561#define audit_ptrace(t) ((void)0)
536#define audit_n_rules 0 562#define audit_n_rules 0
537#define audit_signals 0 563#define audit_signals 0
diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h
index 7394b5b349ff..6cbfbe297180 100644
--- a/include/linux/binfmts.h
+++ b/include/linux/binfmts.h
@@ -35,16 +35,20 @@ struct linux_binprm{
35 struct mm_struct *mm; 35 struct mm_struct *mm;
36 unsigned long p; /* current top of mem */ 36 unsigned long p; /* current top of mem */
37 unsigned int sh_bang:1, 37 unsigned int sh_bang:1,
38 misc_bang:1; 38 misc_bang:1,
39 cred_prepared:1,/* true if creds already prepared (multiple
40 * preps happen for interpreters) */
41 cap_effective:1;/* true if has elevated effective capabilities,
42 * false if not; except for init which inherits
43 * its parent's caps anyway */
39#ifdef __alpha__ 44#ifdef __alpha__
40 unsigned int taso:1; 45 unsigned int taso:1;
41#endif 46#endif
42 unsigned int recursion_depth; 47 unsigned int recursion_depth;
43 struct file * file; 48 struct file * file;
44 int e_uid, e_gid; 49 struct cred *cred; /* new credentials */
45 kernel_cap_t cap_post_exec_permitted; 50 int unsafe; /* how unsafe this exec is (mask of LSM_UNSAFE_*) */
46 bool cap_effective; 51 unsigned int per_clear; /* bits to clear in current->personality */
47 void *security;
48 int argc, envc; 52 int argc, envc;
49 char * filename; /* Name of binary as seen by procps */ 53 char * filename; /* Name of binary as seen by procps */
50 char * interp; /* Name of the binary really executed. Most 54 char * interp; /* Name of the binary really executed. Most
@@ -101,7 +105,7 @@ extern int setup_arg_pages(struct linux_binprm * bprm,
101 int executable_stack); 105 int executable_stack);
102extern int bprm_mm_init(struct linux_binprm *bprm); 106extern int bprm_mm_init(struct linux_binprm *bprm);
103extern int copy_strings_kernel(int argc,char ** argv,struct linux_binprm *bprm); 107extern int copy_strings_kernel(int argc,char ** argv,struct linux_binprm *bprm);
104extern void compute_creds(struct linux_binprm *binprm); 108extern void install_exec_creds(struct linux_binprm *bprm);
105extern int do_coredump(long signr, int exit_code, struct pt_regs * regs); 109extern int do_coredump(long signr, int exit_code, struct pt_regs * regs);
106extern int set_binfmt(struct linux_binfmt *new); 110extern int set_binfmt(struct linux_binfmt *new);
107extern void free_bprm(struct linux_binprm *); 111extern void free_bprm(struct linux_binprm *);
diff --git a/include/linux/capability.h b/include/linux/capability.h
index 9d1fe30b6f6c..e22f48c2a46f 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -53,6 +53,7 @@ typedef struct __user_cap_data_struct {
53#define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX 53#define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX
54 54
55#define VFS_CAP_REVISION_MASK 0xFF000000 55#define VFS_CAP_REVISION_MASK 0xFF000000
56#define VFS_CAP_REVISION_SHIFT 24
56#define VFS_CAP_FLAGS_MASK ~VFS_CAP_REVISION_MASK 57#define VFS_CAP_FLAGS_MASK ~VFS_CAP_REVISION_MASK
57#define VFS_CAP_FLAGS_EFFECTIVE 0x000001 58#define VFS_CAP_FLAGS_EFFECTIVE 0x000001
58 59
@@ -68,6 +69,9 @@ typedef struct __user_cap_data_struct {
68#define VFS_CAP_U32 VFS_CAP_U32_2 69#define VFS_CAP_U32 VFS_CAP_U32_2
69#define VFS_CAP_REVISION VFS_CAP_REVISION_2 70#define VFS_CAP_REVISION VFS_CAP_REVISION_2
70 71
72#ifdef CONFIG_SECURITY_FILE_CAPABILITIES
73extern int file_caps_enabled;
74#endif
71 75
72struct vfs_cap_data { 76struct vfs_cap_data {
73 __le32 magic_etc; /* Little endian */ 77 __le32 magic_etc; /* Little endian */
@@ -96,6 +100,13 @@ typedef struct kernel_cap_struct {
96 __u32 cap[_KERNEL_CAPABILITY_U32S]; 100 __u32 cap[_KERNEL_CAPABILITY_U32S];
97} kernel_cap_t; 101} kernel_cap_t;
98 102
103/* exact same as vfs_cap_data but in cpu endian and always filled completely */
104struct cpu_vfs_cap_data {
105 __u32 magic_etc;
106 kernel_cap_t permitted;
107 kernel_cap_t inheritable;
108};
109
99#define _USER_CAP_HEADER_SIZE (sizeof(struct __user_cap_header_struct)) 110#define _USER_CAP_HEADER_SIZE (sizeof(struct __user_cap_header_struct))
100#define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t)) 111#define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t))
101 112
@@ -454,6 +465,13 @@ static inline int cap_isclear(const kernel_cap_t a)
454 return 1; 465 return 1;
455} 466}
456 467
468/*
469 * Check if "a" is a subset of "set".
470 * return 1 if ALL of the capabilities in "a" are also in "set"
471 * cap_issubset(0101, 1111) will return 1
472 * return 0 if ANY of the capabilities in "a" are not in "set"
473 * cap_issubset(1111, 0101) will return 0
474 */
457static inline int cap_issubset(const kernel_cap_t a, const kernel_cap_t set) 475static inline int cap_issubset(const kernel_cap_t a, const kernel_cap_t set)
458{ 476{
459 kernel_cap_t dest; 477 kernel_cap_t dest;
@@ -501,8 +519,6 @@ extern const kernel_cap_t __cap_empty_set;
501extern const kernel_cap_t __cap_full_set; 519extern const kernel_cap_t __cap_full_set;
502extern const kernel_cap_t __cap_init_eff_set; 520extern const kernel_cap_t __cap_init_eff_set;
503 521
504kernel_cap_t cap_set_effective(const kernel_cap_t pE_new);
505
506/** 522/**
507 * has_capability - Determine if a task has a superior capability available 523 * has_capability - Determine if a task has a superior capability available
508 * @t: The task in question 524 * @t: The task in question
@@ -514,9 +530,14 @@ kernel_cap_t cap_set_effective(const kernel_cap_t pE_new);
514 * Note that this does not set PF_SUPERPRIV on the task. 530 * Note that this does not set PF_SUPERPRIV on the task.
515 */ 531 */
516#define has_capability(t, cap) (security_capable((t), (cap)) == 0) 532#define has_capability(t, cap) (security_capable((t), (cap)) == 0)
533#define has_capability_noaudit(t, cap) (security_capable_noaudit((t), (cap)) == 0)
517 534
518extern int capable(int cap); 535extern int capable(int cap);
519 536
537/* audit system wants to get cap info from files as well */
538struct dentry;
539extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps);
540
520#endif /* __KERNEL__ */ 541#endif /* __KERNEL__ */
521 542
522#endif /* !_LINUX_CAPABILITY_H */ 543#endif /* !_LINUX_CAPABILITY_H */
diff --git a/include/linux/cred.h b/include/linux/cred.h
index b69222cc1fd2..26c1ab179946 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -1,4 +1,4 @@
1/* Credentials management 1/* Credentials management - see Documentation/credentials.txt
2 * 2 *
3 * Copyright (C) 2008 Red Hat, Inc. All Rights Reserved. 3 * Copyright (C) 2008 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com) 4 * Written by David Howells (dhowells@redhat.com)
@@ -12,39 +12,333 @@
12#ifndef _LINUX_CRED_H 12#ifndef _LINUX_CRED_H
13#define _LINUX_CRED_H 13#define _LINUX_CRED_H
14 14
15#define get_current_user() (get_uid(current->user)) 15#include <linux/capability.h>
16#include <linux/key.h>
17#include <asm/atomic.h>
16 18
17#define task_uid(task) ((task)->uid) 19struct user_struct;
18#define task_gid(task) ((task)->gid) 20struct cred;
19#define task_euid(task) ((task)->euid) 21struct inode;
20#define task_egid(task) ((task)->egid)
21 22
22#define current_uid() (current->uid) 23/*
23#define current_gid() (current->gid) 24 * COW Supplementary groups list
24#define current_euid() (current->euid) 25 */
25#define current_egid() (current->egid) 26#define NGROUPS_SMALL 32
26#define current_suid() (current->suid) 27#define NGROUPS_PER_BLOCK ((unsigned int)(PAGE_SIZE / sizeof(gid_t)))
27#define current_sgid() (current->sgid) 28
28#define current_fsuid() (current->fsuid) 29struct group_info {
29#define current_fsgid() (current->fsgid) 30 atomic_t usage;
30#define current_cap() (current->cap_effective) 31 int ngroups;
32 int nblocks;
33 gid_t small_block[NGROUPS_SMALL];
34 gid_t *blocks[0];
35};
36
37/**
38 * get_group_info - Get a reference to a group info structure
39 * @group_info: The group info to reference
40 *
41 * This gets a reference to a set of supplementary groups.
42 *
43 * If the caller is accessing a task's credentials, they must hold the RCU read
44 * lock when reading.
45 */
46static inline struct group_info *get_group_info(struct group_info *gi)
47{
48 atomic_inc(&gi->usage);
49 return gi;
50}
51
52/**
53 * put_group_info - Release a reference to a group info structure
54 * @group_info: The group info to release
55 */
56#define put_group_info(group_info) \
57do { \
58 if (atomic_dec_and_test(&(group_info)->usage)) \
59 groups_free(group_info); \
60} while (0)
61
62extern struct group_info *groups_alloc(int);
63extern void groups_free(struct group_info *);
64extern int set_current_groups(struct group_info *);
65extern int set_groups(struct cred *, struct group_info *);
66extern int groups_search(const struct group_info *, gid_t);
67
68/* access the groups "array" with this macro */
69#define GROUP_AT(gi, i) \
70 ((gi)->blocks[(i) / NGROUPS_PER_BLOCK][(i) % NGROUPS_PER_BLOCK])
71
72extern int in_group_p(gid_t);
73extern int in_egroup_p(gid_t);
74
75/*
76 * The common credentials for a thread group
77 * - shared by CLONE_THREAD
78 */
79#ifdef CONFIG_KEYS
80struct thread_group_cred {
81 atomic_t usage;
82 pid_t tgid; /* thread group process ID */
83 spinlock_t lock;
84 struct key *session_keyring; /* keyring inherited over fork */
85 struct key *process_keyring; /* keyring private to this process */
86 struct rcu_head rcu; /* RCU deletion hook */
87};
88#endif
89
90/*
91 * The security context of a task
92 *
93 * The parts of the context break down into two categories:
94 *
95 * (1) The objective context of a task. These parts are used when some other
96 * task is attempting to affect this one.
97 *
98 * (2) The subjective context. These details are used when the task is acting
99 * upon another object, be that a file, a task, a key or whatever.
100 *
101 * Note that some members of this structure belong to both categories - the
102 * LSM security pointer for instance.
103 *
104 * A task has two security pointers. task->real_cred points to the objective
105 * context that defines that task's actual details. The objective part of this
106 * context is used whenever that task is acted upon.
107 *
108 * task->cred points to the subjective context that defines the details of how
109 * that task is going to act upon another object. This may be overridden
110 * temporarily to point to another security context, but normally points to the
111 * same context as task->real_cred.
112 */
113struct cred {
114 atomic_t usage;
115 uid_t uid; /* real UID of the task */
116 gid_t gid; /* real GID of the task */
117 uid_t suid; /* saved UID of the task */
118 gid_t sgid; /* saved GID of the task */
119 uid_t euid; /* effective UID of the task */
120 gid_t egid; /* effective GID of the task */
121 uid_t fsuid; /* UID for VFS ops */
122 gid_t fsgid; /* GID for VFS ops */
123 unsigned securebits; /* SUID-less security management */
124 kernel_cap_t cap_inheritable; /* caps our children can inherit */
125 kernel_cap_t cap_permitted; /* caps we're permitted */
126 kernel_cap_t cap_effective; /* caps we can actually use */
127 kernel_cap_t cap_bset; /* capability bounding set */
128#ifdef CONFIG_KEYS
129 unsigned char jit_keyring; /* default keyring to attach requested
130 * keys to */
131 struct key *thread_keyring; /* keyring private to this thread */
132 struct key *request_key_auth; /* assumed request_key authority */
133 struct thread_group_cred *tgcred; /* thread-group shared credentials */
134#endif
135#ifdef CONFIG_SECURITY
136 void *security; /* subjective LSM security */
137#endif
138 struct user_struct *user; /* real user ID subscription */
139 struct group_info *group_info; /* supplementary groups for euid/fsgid */
140 struct rcu_head rcu; /* RCU deletion hook */
141};
142
143extern void __put_cred(struct cred *);
144extern int copy_creds(struct task_struct *, unsigned long);
145extern struct cred *prepare_creds(void);
146extern struct cred *prepare_exec_creds(void);
147extern struct cred *prepare_usermodehelper_creds(void);
148extern int commit_creds(struct cred *);
149extern void abort_creds(struct cred *);
150extern const struct cred *override_creds(const struct cred *);
151extern void revert_creds(const struct cred *);
152extern struct cred *prepare_kernel_cred(struct task_struct *);
153extern int change_create_files_as(struct cred *, struct inode *);
154extern int set_security_override(struct cred *, u32);
155extern int set_security_override_from_ctx(struct cred *, const char *);
156extern int set_create_files_as(struct cred *, struct inode *);
157extern void __init cred_init(void);
158
159/**
160 * get_new_cred - Get a reference on a new set of credentials
161 * @cred: The new credentials to reference
162 *
163 * Get a reference on the specified set of new credentials. The caller must
164 * release the reference.
165 */
166static inline struct cred *get_new_cred(struct cred *cred)
167{
168 atomic_inc(&cred->usage);
169 return cred;
170}
171
172/**
173 * get_cred - Get a reference on a set of credentials
174 * @cred: The credentials to reference
175 *
176 * Get a reference on the specified set of credentials. The caller must
177 * release the reference.
178 *
179 * This is used to deal with a committed set of credentials. Although the
180 * pointer is const, this will temporarily discard the const and increment the
181 * usage count. The purpose of this is to attempt to catch at compile time the
182 * accidental alteration of a set of credentials that should be considered
183 * immutable.
184 */
185static inline const struct cred *get_cred(const struct cred *cred)
186{
187 return get_new_cred((struct cred *) cred);
188}
189
190/**
191 * put_cred - Release a reference to a set of credentials
192 * @cred: The credentials to release
193 *
194 * Release a reference to a set of credentials, deleting them when the last ref
195 * is released.
196 *
197 * This takes a const pointer to a set of credentials because the credentials
198 * on task_struct are attached by const pointers to prevent accidental
199 * alteration of otherwise immutable credential sets.
200 */
201static inline void put_cred(const struct cred *_cred)
202{
203 struct cred *cred = (struct cred *) _cred;
204
205 BUG_ON(atomic_read(&(cred)->usage) <= 0);
206 if (atomic_dec_and_test(&(cred)->usage))
207 __put_cred(cred);
208}
209
210/**
211 * current_cred - Access the current task's subjective credentials
212 *
213 * Access the subjective credentials of the current task.
214 */
215#define current_cred() \
216 (current->cred)
217
218/**
219 * __task_cred - Access a task's objective credentials
220 * @task: The task to query
221 *
222 * Access the objective credentials of a task. The caller must hold the RCU
223 * readlock.
224 *
225 * The caller must make sure task doesn't go away, either by holding a ref on
226 * task or by holding tasklist_lock to prevent it from being unlinked.
227 */
228#define __task_cred(task) \
229 ((const struct cred *)(rcu_dereference((task)->real_cred)))
230
231/**
232 * get_task_cred - Get another task's objective credentials
233 * @task: The task to query
234 *
235 * Get the objective credentials of a task, pinning them so that they can't go
236 * away. Accessing a task's credentials directly is not permitted.
237 *
238 * The caller must make sure task doesn't go away, either by holding a ref on
239 * task or by holding tasklist_lock to prevent it from being unlinked.
240 */
241#define get_task_cred(task) \
242({ \
243 struct cred *__cred; \
244 rcu_read_lock(); \
245 __cred = (struct cred *) __task_cred((task)); \
246 get_cred(__cred); \
247 rcu_read_unlock(); \
248 __cred; \
249})
250
251/**
252 * get_current_cred - Get the current task's subjective credentials
253 *
254 * Get the subjective credentials of the current task, pinning them so that
255 * they can't go away. Accessing the current task's credentials directly is
256 * not permitted.
257 */
258#define get_current_cred() \
259 (get_cred(current_cred()))
260
261/**
262 * get_current_user - Get the current task's user_struct
263 *
264 * Get the user record of the current task, pinning it so that it can't go
265 * away.
266 */
267#define get_current_user() \
268({ \
269 struct user_struct *__u; \
270 struct cred *__cred; \
271 __cred = (struct cred *) current_cred(); \
272 __u = get_uid(__cred->user); \
273 __u; \
274})
275
276/**
277 * get_current_groups - Get the current task's supplementary group list
278 *
279 * Get the supplementary group list of the current task, pinning it so that it
280 * can't go away.
281 */
282#define get_current_groups() \
283({ \
284 struct group_info *__groups; \
285 struct cred *__cred; \
286 __cred = (struct cred *) current_cred(); \
287 __groups = get_group_info(__cred->group_info); \
288 __groups; \
289})
290
291#define task_cred_xxx(task, xxx) \
292({ \
293 __typeof__(((struct cred *)NULL)->xxx) ___val; \
294 rcu_read_lock(); \
295 ___val = __task_cred((task))->xxx; \
296 rcu_read_unlock(); \
297 ___val; \
298})
299
300#define task_uid(task) (task_cred_xxx((task), uid))
301#define task_euid(task) (task_cred_xxx((task), euid))
302
303#define current_cred_xxx(xxx) \
304({ \
305 current->cred->xxx; \
306})
307
308#define current_uid() (current_cred_xxx(uid))
309#define current_gid() (current_cred_xxx(gid))
310#define current_euid() (current_cred_xxx(euid))
311#define current_egid() (current_cred_xxx(egid))
312#define current_suid() (current_cred_xxx(suid))
313#define current_sgid() (current_cred_xxx(sgid))
314#define current_fsuid() (current_cred_xxx(fsuid))
315#define current_fsgid() (current_cred_xxx(fsgid))
316#define current_cap() (current_cred_xxx(cap_effective))
317#define current_user() (current_cred_xxx(user))
318#define current_security() (current_cred_xxx(security))
31 319
32#define current_uid_gid(_uid, _gid) \ 320#define current_uid_gid(_uid, _gid) \
33do { \ 321do { \
34 *(_uid) = current->uid; \ 322 const struct cred *__cred; \
35 *(_gid) = current->gid; \ 323 __cred = current_cred(); \
324 *(_uid) = __cred->uid; \
325 *(_gid) = __cred->gid; \
36} while(0) 326} while(0)
37 327
38#define current_euid_egid(_uid, _gid) \ 328#define current_euid_egid(_euid, _egid) \
39do { \ 329do { \
40 *(_uid) = current->euid; \ 330 const struct cred *__cred; \
41 *(_gid) = current->egid; \ 331 __cred = current_cred(); \
332 *(_euid) = __cred->euid; \
333 *(_egid) = __cred->egid; \
42} while(0) 334} while(0)
43 335
44#define current_fsuid_fsgid(_uid, _gid) \ 336#define current_fsuid_fsgid(_fsuid, _fsgid) \
45do { \ 337do { \
46 *(_uid) = current->fsuid; \ 338 const struct cred *__cred; \
47 *(_gid) = current->fsgid; \ 339 __cred = current_cred(); \
340 *(_fsuid) = __cred->fsuid; \
341 *(_fsgid) = __cred->fsgid; \
48} while(0) 342} while(0)
49 343
50#endif /* _LINUX_CRED_H */ 344#endif /* _LINUX_CRED_H */
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 0dcdd9458f4b..c0fb6d81d89b 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -315,6 +315,7 @@ struct poll_table_struct;
315struct kstatfs; 315struct kstatfs;
316struct vm_area_struct; 316struct vm_area_struct;
317struct vfsmount; 317struct vfsmount;
318struct cred;
318 319
319extern void __init inode_init(void); 320extern void __init inode_init(void);
320extern void __init inode_init_early(void); 321extern void __init inode_init_early(void);
@@ -826,7 +827,7 @@ struct file {
826 fmode_t f_mode; 827 fmode_t f_mode;
827 loff_t f_pos; 828 loff_t f_pos;
828 struct fown_struct f_owner; 829 struct fown_struct f_owner;
829 unsigned int f_uid, f_gid; 830 const struct cred *f_cred;
830 struct file_ra_state f_ra; 831 struct file_ra_state f_ra;
831 832
832 u64 f_version; 833 u64 f_version;
@@ -1193,7 +1194,7 @@ enum {
1193#define has_fs_excl() atomic_read(&current->fs_excl) 1194#define has_fs_excl() atomic_read(&current->fs_excl)
1194 1195
1195#define is_owner_or_cap(inode) \ 1196#define is_owner_or_cap(inode) \
1196 ((current->fsuid == (inode)->i_uid) || capable(CAP_FOWNER)) 1197 ((current_fsuid() == (inode)->i_uid) || capable(CAP_FOWNER))
1197 1198
1198/* not quite ready to be deprecated, but... */ 1199/* not quite ready to be deprecated, but... */
1199extern void lock_super(struct super_block *); 1200extern void lock_super(struct super_block *);
@@ -1673,7 +1674,8 @@ extern int do_truncate(struct dentry *, loff_t start, unsigned int time_attrs,
1673extern long do_sys_open(int dfd, const char __user *filename, int flags, 1674extern long do_sys_open(int dfd, const char __user *filename, int flags,
1674 int mode); 1675 int mode);
1675extern struct file *filp_open(const char *, int, int); 1676extern struct file *filp_open(const char *, int, int);
1676extern struct file * dentry_open(struct dentry *, struct vfsmount *, int); 1677extern struct file * dentry_open(struct dentry *, struct vfsmount *, int,
1678 const struct cred *);
1677extern int filp_close(struct file *, fl_owner_t id); 1679extern int filp_close(struct file *, fl_owner_t id);
1678extern char * getname(const char __user *); 1680extern char * getname(const char __user *);
1679 1681
diff --git a/include/linux/init_task.h b/include/linux/init_task.h
index 23fd8909b9e5..2597858035cd 100644
--- a/include/linux/init_task.h
+++ b/include/linux/init_task.h
@@ -113,6 +113,8 @@ extern struct group_info init_groups;
113# define CAP_INIT_BSET CAP_INIT_EFF_SET 113# define CAP_INIT_BSET CAP_INIT_EFF_SET
114#endif 114#endif
115 115
116extern struct cred init_cred;
117
116/* 118/*
117 * INIT_TASK is used to set up the first task table, touch at 119 * INIT_TASK is used to set up the first task table, touch at
118 * your own risk!. Base=0, limit=0x1fffff (=2MB) 120 * your own risk!. Base=0, limit=0x1fffff (=2MB)
@@ -147,13 +149,10 @@ extern struct group_info init_groups;
147 .children = LIST_HEAD_INIT(tsk.children), \ 149 .children = LIST_HEAD_INIT(tsk.children), \
148 .sibling = LIST_HEAD_INIT(tsk.sibling), \ 150 .sibling = LIST_HEAD_INIT(tsk.sibling), \
149 .group_leader = &tsk, \ 151 .group_leader = &tsk, \
150 .group_info = &init_groups, \ 152 .real_cred = &init_cred, \
151 .cap_effective = CAP_INIT_EFF_SET, \ 153 .cred = &init_cred, \
152 .cap_inheritable = CAP_INIT_INH_SET, \ 154 .cred_exec_mutex = \
153 .cap_permitted = CAP_FULL_SET, \ 155 __MUTEX_INITIALIZER(tsk.cred_exec_mutex), \
154 .cap_bset = CAP_INIT_BSET, \
155 .securebits = SECUREBITS_DEFAULT, \
156 .user = INIT_USER, \
157 .comm = "swapper", \ 156 .comm = "swapper", \
158 .thread = INIT_THREAD, \ 157 .thread = INIT_THREAD, \
159 .fs = &init_fs, \ 158 .fs = &init_fs, \
diff --git a/include/linux/key-ui.h b/include/linux/key-ui.h
deleted file mode 100644
index e8b8a7a5c496..000000000000
--- a/include/linux/key-ui.h
+++ /dev/null
@@ -1,66 +0,0 @@
1/* key-ui.h: key userspace interface stuff
2 *
3 * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 */
11
12#ifndef _LINUX_KEY_UI_H
13#define _LINUX_KEY_UI_H
14
15#include <linux/key.h>
16
17/* the key tree */
18extern struct rb_root key_serial_tree;
19extern spinlock_t key_serial_lock;
20
21/* required permissions */
22#define KEY_VIEW 0x01 /* require permission to view attributes */
23#define KEY_READ 0x02 /* require permission to read content */
24#define KEY_WRITE 0x04 /* require permission to update / modify */
25#define KEY_SEARCH 0x08 /* require permission to search (keyring) or find (key) */
26#define KEY_LINK 0x10 /* require permission to link */
27#define KEY_SETATTR 0x20 /* require permission to change attributes */
28#define KEY_ALL 0x3f /* all the above permissions */
29
30/*
31 * the keyring payload contains a list of the keys to which the keyring is
32 * subscribed
33 */
34struct keyring_list {
35 struct rcu_head rcu; /* RCU deletion hook */
36 unsigned short maxkeys; /* max keys this list can hold */
37 unsigned short nkeys; /* number of keys currently held */
38 unsigned short delkey; /* key to be unlinked by RCU */
39 struct key *keys[0];
40};
41
42/*
43 * check to see whether permission is granted to use a key in the desired way
44 */
45extern int key_task_permission(const key_ref_t key_ref,
46 struct task_struct *context,
47 key_perm_t perm);
48
49static inline int key_permission(const key_ref_t key_ref, key_perm_t perm)
50{
51 return key_task_permission(key_ref, current, perm);
52}
53
54extern key_ref_t lookup_user_key(struct task_struct *context,
55 key_serial_t id, int create, int partial,
56 key_perm_t perm);
57
58extern long join_session_keyring(const char *name);
59
60extern struct key_type *key_type_lookup(const char *type);
61extern void key_type_put(struct key_type *ktype);
62
63#define key_negative_timeout 60 /* default timeout on a negative key's existence */
64
65
66#endif /* _LINUX_KEY_UI_H */
diff --git a/include/linux/key.h b/include/linux/key.h
index 1b70e35a71e3..21d32a142c00 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -73,6 +73,7 @@ struct key;
73struct seq_file; 73struct seq_file;
74struct user_struct; 74struct user_struct;
75struct signal_struct; 75struct signal_struct;
76struct cred;
76 77
77struct key_type; 78struct key_type;
78struct key_owner; 79struct key_owner;
@@ -181,7 +182,7 @@ struct key {
181extern struct key *key_alloc(struct key_type *type, 182extern struct key *key_alloc(struct key_type *type,
182 const char *desc, 183 const char *desc,
183 uid_t uid, gid_t gid, 184 uid_t uid, gid_t gid,
184 struct task_struct *ctx, 185 const struct cred *cred,
185 key_perm_t perm, 186 key_perm_t perm,
186 unsigned long flags); 187 unsigned long flags);
187 188
@@ -249,7 +250,7 @@ extern int key_unlink(struct key *keyring,
249 struct key *key); 250 struct key *key);
250 251
251extern struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid, 252extern struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
252 struct task_struct *ctx, 253 const struct cred *cred,
253 unsigned long flags, 254 unsigned long flags,
254 struct key *dest); 255 struct key *dest);
255 256
@@ -276,24 +277,11 @@ extern ctl_table key_sysctls[];
276/* 277/*
277 * the userspace interface 278 * the userspace interface
278 */ 279 */
279extern void switch_uid_keyring(struct user_struct *new_user); 280extern int install_thread_keyring_to_cred(struct cred *cred);
280extern int copy_keys(unsigned long clone_flags, struct task_struct *tsk);
281extern int copy_thread_group_keys(struct task_struct *tsk);
282extern void exit_keys(struct task_struct *tsk);
283extern void exit_thread_group_keys(struct signal_struct *tg);
284extern int suid_keys(struct task_struct *tsk);
285extern int exec_keys(struct task_struct *tsk);
286extern void key_fsuid_changed(struct task_struct *tsk); 281extern void key_fsuid_changed(struct task_struct *tsk);
287extern void key_fsgid_changed(struct task_struct *tsk); 282extern void key_fsgid_changed(struct task_struct *tsk);
288extern void key_init(void); 283extern void key_init(void);
289 284
290#define __install_session_keyring(tsk, keyring) \
291({ \
292 struct key *old_session = tsk->signal->session_keyring; \
293 tsk->signal->session_keyring = keyring; \
294 old_session; \
295})
296
297#else /* CONFIG_KEYS */ 285#else /* CONFIG_KEYS */
298 286
299#define key_validate(k) 0 287#define key_validate(k) 0
@@ -302,17 +290,9 @@ extern void key_init(void);
302#define key_revoke(k) do { } while(0) 290#define key_revoke(k) do { } while(0)
303#define key_put(k) do { } while(0) 291#define key_put(k) do { } while(0)
304#define key_ref_put(k) do { } while(0) 292#define key_ref_put(k) do { } while(0)
305#define make_key_ref(k, p) ({ NULL; }) 293#define make_key_ref(k, p) NULL
306#define key_ref_to_ptr(k) ({ NULL; }) 294#define key_ref_to_ptr(k) NULL
307#define is_key_possessed(k) 0 295#define is_key_possessed(k) 0
308#define switch_uid_keyring(u) do { } while(0)
309#define __install_session_keyring(t, k) ({ NULL; })
310#define copy_keys(f,t) 0
311#define copy_thread_group_keys(t) 0
312#define exit_keys(t) do { } while(0)
313#define exit_thread_group_keys(tg) do { } while(0)
314#define suid_keys(t) do { } while(0)
315#define exec_keys(t) do { } while(0)
316#define key_fsuid_changed(t) do { } while(0) 296#define key_fsuid_changed(t) do { } while(0)
317#define key_fsgid_changed(t) do { } while(0) 297#define key_fsgid_changed(t) do { } while(0)
318#define key_init() do { } while(0) 298#define key_init() do { } while(0)
diff --git a/include/linux/keyctl.h b/include/linux/keyctl.h
index 656ee6b77a4a..c0688eb72093 100644
--- a/include/linux/keyctl.h
+++ b/include/linux/keyctl.h
@@ -1,6 +1,6 @@
1/* keyctl.h: keyctl command IDs 1/* keyctl.h: keyctl command IDs
2 * 2 *
3 * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved. 3 * Copyright (C) 2004, 2008 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com) 4 * Written by David Howells (dhowells@redhat.com)
5 * 5 *
6 * This program is free software; you can redistribute it and/or 6 * This program is free software; you can redistribute it and/or
@@ -20,6 +20,7 @@
20#define KEY_SPEC_USER_SESSION_KEYRING -5 /* - key ID for UID-session keyring */ 20#define KEY_SPEC_USER_SESSION_KEYRING -5 /* - key ID for UID-session keyring */
21#define KEY_SPEC_GROUP_KEYRING -6 /* - key ID for GID-specific keyring */ 21#define KEY_SPEC_GROUP_KEYRING -6 /* - key ID for GID-specific keyring */
22#define KEY_SPEC_REQKEY_AUTH_KEY -7 /* - key ID for assumed request_key auth key */ 22#define KEY_SPEC_REQKEY_AUTH_KEY -7 /* - key ID for assumed request_key auth key */
23#define KEY_SPEC_REQUESTOR_KEYRING -8 /* - key ID for request_key() dest keyring */
23 24
24/* request-key default keyrings */ 25/* request-key default keyrings */
25#define KEY_REQKEY_DEFL_NO_CHANGE -1 26#define KEY_REQKEY_DEFL_NO_CHANGE -1
@@ -30,6 +31,7 @@
30#define KEY_REQKEY_DEFL_USER_KEYRING 4 31#define KEY_REQKEY_DEFL_USER_KEYRING 4
31#define KEY_REQKEY_DEFL_USER_SESSION_KEYRING 5 32#define KEY_REQKEY_DEFL_USER_SESSION_KEYRING 5
32#define KEY_REQKEY_DEFL_GROUP_KEYRING 6 33#define KEY_REQKEY_DEFL_GROUP_KEYRING 6
34#define KEY_REQKEY_DEFL_REQUESTOR_KEYRING 7
33 35
34/* keyctl commands */ 36/* keyctl commands */
35#define KEYCTL_GET_KEYRING_ID 0 /* ask for a keyring's ID */ 37#define KEYCTL_GET_KEYRING_ID 0 /* ask for a keyring's ID */
diff --git a/include/linux/sched.h b/include/linux/sched.h
index 644ffbda17ca..2036e9f26020 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -572,12 +572,6 @@ struct signal_struct {
572 */ 572 */
573 struct rlimit rlim[RLIM_NLIMITS]; 573 struct rlimit rlim[RLIM_NLIMITS];
574 574
575 /* keep the process-shared keyrings here so that they do the right
576 * thing in threads created with CLONE_THREAD */
577#ifdef CONFIG_KEYS
578 struct key *session_keyring; /* keyring inherited over fork */
579 struct key *process_keyring; /* keyring private to this process */
580#endif
581#ifdef CONFIG_BSD_PROCESS_ACCT 575#ifdef CONFIG_BSD_PROCESS_ACCT
582 struct pacct_struct pacct; /* per-process accounting information */ 576 struct pacct_struct pacct; /* per-process accounting information */
583#endif 577#endif
@@ -661,6 +655,7 @@ extern struct user_struct *find_user(uid_t);
661extern struct user_struct root_user; 655extern struct user_struct root_user;
662#define INIT_USER (&root_user) 656#define INIT_USER (&root_user)
663 657
658
664struct backing_dev_info; 659struct backing_dev_info;
665struct reclaim_state; 660struct reclaim_state;
666 661
@@ -884,38 +879,7 @@ partition_sched_domains(int ndoms_new, cpumask_t *doms_new,
884#endif /* !CONFIG_SMP */ 879#endif /* !CONFIG_SMP */
885 880
886struct io_context; /* See blkdev.h */ 881struct io_context; /* See blkdev.h */
887#define NGROUPS_SMALL 32
888#define NGROUPS_PER_BLOCK ((unsigned int)(PAGE_SIZE / sizeof(gid_t)))
889struct group_info {
890 int ngroups;
891 atomic_t usage;
892 gid_t small_block[NGROUPS_SMALL];
893 int nblocks;
894 gid_t *blocks[0];
895};
896 882
897/*
898 * get_group_info() must be called with the owning task locked (via task_lock())
899 * when task != current. The reason being that the vast majority of callers are
900 * looking at current->group_info, which can not be changed except by the
901 * current task. Changing current->group_info requires the task lock, too.
902 */
903#define get_group_info(group_info) do { \
904 atomic_inc(&(group_info)->usage); \
905} while (0)
906
907#define put_group_info(group_info) do { \
908 if (atomic_dec_and_test(&(group_info)->usage)) \
909 groups_free(group_info); \
910} while (0)
911
912extern struct group_info *groups_alloc(int gidsetsize);
913extern void groups_free(struct group_info *group_info);
914extern int set_current_groups(struct group_info *group_info);
915extern int groups_search(struct group_info *group_info, gid_t grp);
916/* access the groups "array" with this macro */
917#define GROUP_AT(gi, i) \
918 ((gi)->blocks[(i)/NGROUPS_PER_BLOCK][(i)%NGROUPS_PER_BLOCK])
919 883
920#ifdef ARCH_HAS_PREFETCH_SWITCH_STACK 884#ifdef ARCH_HAS_PREFETCH_SWITCH_STACK
921extern void prefetch_stack(struct task_struct *t); 885extern void prefetch_stack(struct task_struct *t);
@@ -1182,17 +1146,12 @@ struct task_struct {
1182 struct list_head cpu_timers[3]; 1146 struct list_head cpu_timers[3];
1183 1147
1184/* process credentials */ 1148/* process credentials */
1185 uid_t uid,euid,suid,fsuid; 1149 const struct cred *real_cred; /* objective and real subjective task
1186 gid_t gid,egid,sgid,fsgid; 1150 * credentials (COW) */
1187 struct group_info *group_info; 1151 const struct cred *cred; /* effective (overridable) subjective task
1188 kernel_cap_t cap_effective, cap_inheritable, cap_permitted, cap_bset; 1152 * credentials (COW) */
1189 struct user_struct *user; 1153 struct mutex cred_exec_mutex; /* execve vs ptrace cred calculation mutex */
1190 unsigned securebits; 1154
1191#ifdef CONFIG_KEYS
1192 unsigned char jit_keyring; /* default keyring to attach requested keys to */
1193 struct key *request_key_auth; /* assumed request_key authority */
1194 struct key *thread_keyring; /* keyring private to this thread */
1195#endif
1196 char comm[TASK_COMM_LEN]; /* executable name excluding path 1155 char comm[TASK_COMM_LEN]; /* executable name excluding path
1197 - access with [gs]et_task_comm (which lock 1156 - access with [gs]et_task_comm (which lock
1198 it with task_lock()) 1157 it with task_lock())
@@ -1229,9 +1188,6 @@ struct task_struct {
1229 int (*notifier)(void *priv); 1188 int (*notifier)(void *priv);
1230 void *notifier_data; 1189 void *notifier_data;
1231 sigset_t *notifier_mask; 1190 sigset_t *notifier_mask;
1232#ifdef CONFIG_SECURITY
1233 void *security;
1234#endif
1235 struct audit_context *audit_context; 1191 struct audit_context *audit_context;
1236#ifdef CONFIG_AUDITSYSCALL 1192#ifdef CONFIG_AUDITSYSCALL
1237 uid_t loginuid; 1193 uid_t loginuid;
@@ -1771,7 +1727,6 @@ static inline struct user_struct *get_uid(struct user_struct *u)
1771 return u; 1727 return u;
1772} 1728}
1773extern void free_uid(struct user_struct *); 1729extern void free_uid(struct user_struct *);
1774extern void switch_uid(struct user_struct *);
1775extern void release_uids(struct user_namespace *ns); 1730extern void release_uids(struct user_namespace *ns);
1776 1731
1777#include <asm/current.h> 1732#include <asm/current.h>
@@ -1790,9 +1745,6 @@ extern void wake_up_new_task(struct task_struct *tsk,
1790extern void sched_fork(struct task_struct *p, int clone_flags); 1745extern void sched_fork(struct task_struct *p, int clone_flags);
1791extern void sched_dead(struct task_struct *p); 1746extern void sched_dead(struct task_struct *p);
1792 1747
1793extern int in_group_p(gid_t);
1794extern int in_egroup_p(gid_t);
1795
1796extern void proc_caches_init(void); 1748extern void proc_caches_init(void);
1797extern void flush_signals(struct task_struct *); 1749extern void flush_signals(struct task_struct *);
1798extern void ignore_signals(struct task_struct *); 1750extern void ignore_signals(struct task_struct *);
@@ -1924,6 +1876,8 @@ static inline unsigned long wait_task_inactive(struct task_struct *p,
1924#define for_each_process(p) \ 1876#define for_each_process(p) \
1925 for (p = &init_task ; (p = next_task(p)) != &init_task ; ) 1877 for (p = &init_task ; (p = next_task(p)) != &init_task ; )
1926 1878
1879extern bool is_single_threaded(struct task_struct *);
1880
1927/* 1881/*
1928 * Careful: do_each_thread/while_each_thread is a double loop so 1882 * Careful: do_each_thread/while_each_thread is a double loop so
1929 * 'break' will not work as expected - use goto instead. 1883 * 'break' will not work as expected - use goto instead.
diff --git a/include/linux/securebits.h b/include/linux/securebits.h
index 92f09bdf1175..d2c5ed845bcc 100644
--- a/include/linux/securebits.h
+++ b/include/linux/securebits.h
@@ -32,7 +32,7 @@
32 setting is locked or not. A setting which is locked cannot be 32 setting is locked or not. A setting which is locked cannot be
33 changed from user-level. */ 33 changed from user-level. */
34#define issecure_mask(X) (1 << (X)) 34#define issecure_mask(X) (1 << (X))
35#define issecure(X) (issecure_mask(X) & current->securebits) 35#define issecure(X) (issecure_mask(X) & current_cred_xxx(securebits))
36 36
37#define SECURE_ALL_BITS (issecure_mask(SECURE_NOROOT) | \ 37#define SECURE_ALL_BITS (issecure_mask(SECURE_NOROOT) | \
38 issecure_mask(SECURE_NO_SETUID_FIXUP) | \ 38 issecure_mask(SECURE_NO_SETUID_FIXUP) | \
diff --git a/include/linux/security.h b/include/linux/security.h
index c13f1cec9abb..59a11e19b617 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -37,6 +37,10 @@
37/* Maximum number of letters for an LSM name string */ 37/* Maximum number of letters for an LSM name string */
38#define SECURITY_NAME_MAX 10 38#define SECURITY_NAME_MAX 10
39 39
40/* If capable should audit the security request */
41#define SECURITY_CAP_NOAUDIT 0
42#define SECURITY_CAP_AUDIT 1
43
40struct ctl_table; 44struct ctl_table;
41struct audit_krule; 45struct audit_krule;
42 46
@@ -44,25 +48,25 @@ struct audit_krule;
44 * These functions are in security/capability.c and are used 48 * These functions are in security/capability.c and are used
45 * as the default capabilities functions 49 * as the default capabilities functions
46 */ 50 */
47extern int cap_capable(struct task_struct *tsk, int cap); 51extern int cap_capable(struct task_struct *tsk, int cap, int audit);
48extern int cap_settime(struct timespec *ts, struct timezone *tz); 52extern int cap_settime(struct timespec *ts, struct timezone *tz);
49extern int cap_ptrace_may_access(struct task_struct *child, unsigned int mode); 53extern int cap_ptrace_may_access(struct task_struct *child, unsigned int mode);
50extern int cap_ptrace_traceme(struct task_struct *parent); 54extern int cap_ptrace_traceme(struct task_struct *parent);
51extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); 55extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
52extern int cap_capset_check(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); 56extern int cap_capset(struct cred *new, const struct cred *old,
53extern void cap_capset_set(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); 57 const kernel_cap_t *effective,
54extern int cap_bprm_set_security(struct linux_binprm *bprm); 58 const kernel_cap_t *inheritable,
55extern void cap_bprm_apply_creds(struct linux_binprm *bprm, int unsafe); 59 const kernel_cap_t *permitted);
60extern int cap_bprm_set_creds(struct linux_binprm *bprm);
56extern int cap_bprm_secureexec(struct linux_binprm *bprm); 61extern int cap_bprm_secureexec(struct linux_binprm *bprm);
57extern int cap_inode_setxattr(struct dentry *dentry, const char *name, 62extern int cap_inode_setxattr(struct dentry *dentry, const char *name,
58 const void *value, size_t size, int flags); 63 const void *value, size_t size, int flags);
59extern int cap_inode_removexattr(struct dentry *dentry, const char *name); 64extern int cap_inode_removexattr(struct dentry *dentry, const char *name);
60extern int cap_inode_need_killpriv(struct dentry *dentry); 65extern int cap_inode_need_killpriv(struct dentry *dentry);
61extern int cap_inode_killpriv(struct dentry *dentry); 66extern int cap_inode_killpriv(struct dentry *dentry);
62extern int cap_task_post_setuid(uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags); 67extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags);
63extern void cap_task_reparent_to_init(struct task_struct *p);
64extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, 68extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
65 unsigned long arg4, unsigned long arg5, long *rc_p); 69 unsigned long arg4, unsigned long arg5);
66extern int cap_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp); 70extern int cap_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp);
67extern int cap_task_setioprio(struct task_struct *p, int ioprio); 71extern int cap_task_setioprio(struct task_struct *p, int ioprio);
68extern int cap_task_setnice(struct task_struct *p, int nice); 72extern int cap_task_setnice(struct task_struct *p, int nice);
@@ -105,7 +109,7 @@ extern unsigned long mmap_min_addr;
105struct sched_param; 109struct sched_param;
106struct request_sock; 110struct request_sock;
107 111
108/* bprm_apply_creds unsafe reasons */ 112/* bprm->unsafe reasons */
109#define LSM_UNSAFE_SHARE 1 113#define LSM_UNSAFE_SHARE 1
110#define LSM_UNSAFE_PTRACE 2 114#define LSM_UNSAFE_PTRACE 2
111#define LSM_UNSAFE_PTRACE_CAP 4 115#define LSM_UNSAFE_PTRACE_CAP 4
@@ -149,36 +153,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
149 * 153 *
150 * Security hooks for program execution operations. 154 * Security hooks for program execution operations.
151 * 155 *
152 * @bprm_alloc_security: 156 * @bprm_set_creds:
153 * Allocate and attach a security structure to the @bprm->security field.
154 * The security field is initialized to NULL when the bprm structure is
155 * allocated.
156 * @bprm contains the linux_binprm structure to be modified.
157 * Return 0 if operation was successful.
158 * @bprm_free_security:
159 * @bprm contains the linux_binprm structure to be modified.
160 * Deallocate and clear the @bprm->security field.
161 * @bprm_apply_creds:
162 * Compute and set the security attributes of a process being transformed
163 * by an execve operation based on the old attributes (current->security)
164 * and the information saved in @bprm->security by the set_security hook.
165 * Since this hook function (and its caller) are void, this hook can not
166 * return an error. However, it can leave the security attributes of the
167 * process unchanged if an access failure occurs at this point.
168 * bprm_apply_creds is called under task_lock. @unsafe indicates various
169 * reasons why it may be unsafe to change security state.
170 * @bprm contains the linux_binprm structure.
171 * @bprm_post_apply_creds:
172 * Runs after bprm_apply_creds with the task_lock dropped, so that
173 * functions which cannot be called safely under the task_lock can
174 * be used. This hook is a good place to perform state changes on
175 * the process such as closing open file descriptors to which access
176 * is no longer granted if the attributes were changed.
177 * Note that a security module might need to save state between
178 * bprm_apply_creds and bprm_post_apply_creds to store the decision
179 * on whether the process may proceed.
180 * @bprm contains the linux_binprm structure.
181 * @bprm_set_security:
182 * Save security information in the bprm->security field, typically based 157 * Save security information in the bprm->security field, typically based
183 * on information about the bprm->file, for later use by the apply_creds 158 * on information about the bprm->file, for later use by the apply_creds
184 * hook. This hook may also optionally check permissions (e.g. for 159 * hook. This hook may also optionally check permissions (e.g. for
@@ -191,15 +166,30 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
191 * @bprm contains the linux_binprm structure. 166 * @bprm contains the linux_binprm structure.
192 * Return 0 if the hook is successful and permission is granted. 167 * Return 0 if the hook is successful and permission is granted.
193 * @bprm_check_security: 168 * @bprm_check_security:
194 * This hook mediates the point when a search for a binary handler will 169 * This hook mediates the point when a search for a binary handler will
195 * begin. It allows a check the @bprm->security value which is set in 170 * begin. It allows a check the @bprm->security value which is set in the
196 * the preceding set_security call. The primary difference from 171 * preceding set_creds call. The primary difference from set_creds is
197 * set_security is that the argv list and envp list are reliably 172 * that the argv list and envp list are reliably available in @bprm. This
198 * available in @bprm. This hook may be called multiple times 173 * hook may be called multiple times during a single execve; and in each
199 * during a single execve; and in each pass set_security is called 174 * pass set_creds is called first.
200 * first.
201 * @bprm contains the linux_binprm structure. 175 * @bprm contains the linux_binprm structure.
202 * Return 0 if the hook is successful and permission is granted. 176 * Return 0 if the hook is successful and permission is granted.
177 * @bprm_committing_creds:
178 * Prepare to install the new security attributes of a process being
179 * transformed by an execve operation, based on the old credentials
180 * pointed to by @current->cred and the information set in @bprm->cred by
181 * the bprm_set_creds hook. @bprm points to the linux_binprm structure.
182 * This hook is a good place to perform state changes on the process such
183 * as closing open file descriptors to which access will no longer be
184 * granted when the attributes are changed. This is called immediately
185 * before commit_creds().
186 * @bprm_committed_creds:
187 * Tidy up after the installation of the new security attributes of a
188 * process being transformed by an execve operation. The new credentials
189 * have, by this point, been set to @current->cred. @bprm points to the
190 * linux_binprm structure. This hook is a good place to perform state
191 * changes on the process such as clearing out non-inheritable signal
192 * state. This is called immediately after commit_creds().
203 * @bprm_secureexec: 193 * @bprm_secureexec:
204 * Return a boolean value (0 or 1) indicating whether a "secure exec" 194 * Return a boolean value (0 or 1) indicating whether a "secure exec"
205 * is required. The flag is passed in the auxiliary table 195 * is required. The flag is passed in the auxiliary table
@@ -585,15 +575,31 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
585 * manual page for definitions of the @clone_flags. 575 * manual page for definitions of the @clone_flags.
586 * @clone_flags contains the flags indicating what should be shared. 576 * @clone_flags contains the flags indicating what should be shared.
587 * Return 0 if permission is granted. 577 * Return 0 if permission is granted.
588 * @task_alloc_security: 578 * @cred_free:
589 * @p contains the task_struct for child process. 579 * @cred points to the credentials.
590 * Allocate and attach a security structure to the p->security field. The 580 * Deallocate and clear the cred->security field in a set of credentials.
591 * security field is initialized to NULL when the task structure is 581 * @cred_prepare:
592 * allocated. 582 * @new points to the new credentials.
593 * Return 0 if operation was successful. 583 * @old points to the original credentials.
594 * @task_free_security: 584 * @gfp indicates the atomicity of any memory allocations.
595 * @p contains the task_struct for process. 585 * Prepare a new set of credentials by copying the data from the old set.
596 * Deallocate and clear the p->security field. 586 * @cred_commit:
587 * @new points to the new credentials.
588 * @old points to the original credentials.
589 * Install a new set of credentials.
590 * @kernel_act_as:
591 * Set the credentials for a kernel service to act as (subjective context).
592 * @new points to the credentials to be modified.
593 * @secid specifies the security ID to be set
594 * The current task must be the one that nominated @secid.
595 * Return 0 if successful.
596 * @kernel_create_files_as:
597 * Set the file creation context in a set of credentials to be the same as
598 * the objective context of the specified inode.
599 * @new points to the credentials to be modified.
600 * @inode points to the inode to use as a reference.
601 * The current task must be the one that nominated @inode.
602 * Return 0 if successful.
597 * @task_setuid: 603 * @task_setuid:
598 * Check permission before setting one or more of the user identity 604 * Check permission before setting one or more of the user identity
599 * attributes of the current process. The @flags parameter indicates 605 * attributes of the current process. The @flags parameter indicates
@@ -606,15 +612,13 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
606 * @id2 contains a uid. 612 * @id2 contains a uid.
607 * @flags contains one of the LSM_SETID_* values. 613 * @flags contains one of the LSM_SETID_* values.
608 * Return 0 if permission is granted. 614 * Return 0 if permission is granted.
609 * @task_post_setuid: 615 * @task_fix_setuid:
610 * Update the module's state after setting one or more of the user 616 * Update the module's state after setting one or more of the user
611 * identity attributes of the current process. The @flags parameter 617 * identity attributes of the current process. The @flags parameter
612 * indicates which of the set*uid system calls invoked this hook. If 618 * indicates which of the set*uid system calls invoked this hook. If
613 * @flags is LSM_SETID_FS, then @old_ruid is the old fs uid and the other 619 * @new is the set of credentials that will be installed. Modifications
614 * parameters are not used. 620 * should be made to this rather than to @current->cred.
615 * @old_ruid contains the old real uid (or fs uid if LSM_SETID_FS). 621 * @old is the set of credentials that are being replaces
616 * @old_euid contains the old effective uid (or -1 if LSM_SETID_FS).
617 * @old_suid contains the old saved uid (or -1 if LSM_SETID_FS).
618 * @flags contains one of the LSM_SETID_* values. 622 * @flags contains one of the LSM_SETID_* values.
619 * Return 0 on success. 623 * Return 0 on success.
620 * @task_setgid: 624 * @task_setgid:
@@ -717,13 +721,8 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
717 * @arg3 contains a argument. 721 * @arg3 contains a argument.
718 * @arg4 contains a argument. 722 * @arg4 contains a argument.
719 * @arg5 contains a argument. 723 * @arg5 contains a argument.
720 * @rc_p contains a pointer to communicate back the forced return code 724 * Return -ENOSYS if no-one wanted to handle this op, any other value to
721 * Return 0 if permission is granted, and non-zero if the security module 725 * cause prctl() to return immediately with that value.
722 * has taken responsibility (setting *rc_p) for the prctl call.
723 * @task_reparent_to_init:
724 * Set the security attributes in @p->security for a kernel thread that
725 * is being reparented to the init task.
726 * @p contains the task_struct for the kernel thread.
727 * @task_to_inode: 726 * @task_to_inode:
728 * Set the security attributes for an inode based on an associated task's 727 * Set the security attributes for an inode based on an associated task's
729 * security attributes, e.g. for /proc/pid inodes. 728 * security attributes, e.g. for /proc/pid inodes.
@@ -1000,7 +999,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
1000 * See whether a specific operational right is granted to a process on a 999 * See whether a specific operational right is granted to a process on a
1001 * key. 1000 * key.
1002 * @key_ref refers to the key (key pointer + possession attribute bit). 1001 * @key_ref refers to the key (key pointer + possession attribute bit).
1003 * @context points to the process to provide the context against which to 1002 * @cred points to the credentials to provide the context against which to
1004 * evaluate the security data on the key. 1003 * evaluate the security data on the key.
1005 * @perm describes the combination of permissions required of this key. 1004 * @perm describes the combination of permissions required of this key.
1006 * Return 1 if permission granted, 0 if permission denied and -ve it the 1005 * Return 1 if permission granted, 0 if permission denied and -ve it the
@@ -1162,6 +1161,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
1162 * @child process. 1161 * @child process.
1163 * Security modules may also want to perform a process tracing check 1162 * Security modules may also want to perform a process tracing check
1164 * during an execve in the set_security or apply_creds hooks of 1163 * during an execve in the set_security or apply_creds hooks of
1164 * tracing check during an execve in the bprm_set_creds hook of
1165 * binprm_security_ops if the process is being traced and its security 1165 * binprm_security_ops if the process is being traced and its security
1166 * attributes would be changed by the execve. 1166 * attributes would be changed by the execve.
1167 * @child contains the task_struct structure for the target process. 1167 * @child contains the task_struct structure for the target process.
@@ -1185,29 +1185,15 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
1185 * @inheritable contains the inheritable capability set. 1185 * @inheritable contains the inheritable capability set.
1186 * @permitted contains the permitted capability set. 1186 * @permitted contains the permitted capability set.
1187 * Return 0 if the capability sets were successfully obtained. 1187 * Return 0 if the capability sets were successfully obtained.
1188 * @capset_check: 1188 * @capset:
1189 * Check permission before setting the @effective, @inheritable, and
1190 * @permitted capability sets for the @target process.
1191 * Caveat: @target is also set to current if a set of processes is
1192 * specified (i.e. all processes other than current and init or a
1193 * particular process group). Hence, the capset_set hook may need to
1194 * revalidate permission to the actual target process.
1195 * @target contains the task_struct structure for target process.
1196 * @effective contains the effective capability set.
1197 * @inheritable contains the inheritable capability set.
1198 * @permitted contains the permitted capability set.
1199 * Return 0 if permission is granted.
1200 * @capset_set:
1201 * Set the @effective, @inheritable, and @permitted capability sets for 1189 * Set the @effective, @inheritable, and @permitted capability sets for
1202 * the @target process. Since capset_check cannot always check permission 1190 * the current process.
1203 * to the real @target process, this hook may also perform permission 1191 * @new contains the new credentials structure for target process.
1204 * checking to determine if the current process is allowed to set the 1192 * @old contains the current credentials structure for target process.
1205 * capability sets of the @target process. However, this hook has no way
1206 * of returning an error due to the structure of the sys_capset code.
1207 * @target contains the task_struct structure for target process.
1208 * @effective contains the effective capability set. 1193 * @effective contains the effective capability set.
1209 * @inheritable contains the inheritable capability set. 1194 * @inheritable contains the inheritable capability set.
1210 * @permitted contains the permitted capability set. 1195 * @permitted contains the permitted capability set.
1196 * Return 0 and update @new if permission is granted.
1211 * @capable: 1197 * @capable:
1212 * Check whether the @tsk process has the @cap capability. 1198 * Check whether the @tsk process has the @cap capability.
1213 * @tsk contains the task_struct for the process. 1199 * @tsk contains the task_struct for the process.
@@ -1299,15 +1285,12 @@ struct security_operations {
1299 int (*capget) (struct task_struct *target, 1285 int (*capget) (struct task_struct *target,
1300 kernel_cap_t *effective, 1286 kernel_cap_t *effective,
1301 kernel_cap_t *inheritable, kernel_cap_t *permitted); 1287 kernel_cap_t *inheritable, kernel_cap_t *permitted);
1302 int (*capset_check) (struct task_struct *target, 1288 int (*capset) (struct cred *new,
1303 kernel_cap_t *effective, 1289 const struct cred *old,
1304 kernel_cap_t *inheritable, 1290 const kernel_cap_t *effective,
1305 kernel_cap_t *permitted); 1291 const kernel_cap_t *inheritable,
1306 void (*capset_set) (struct task_struct *target, 1292 const kernel_cap_t *permitted);
1307 kernel_cap_t *effective, 1293 int (*capable) (struct task_struct *tsk, int cap, int audit);
1308 kernel_cap_t *inheritable,
1309 kernel_cap_t *permitted);
1310 int (*capable) (struct task_struct *tsk, int cap);
1311 int (*acct) (struct file *file); 1294 int (*acct) (struct file *file);
1312 int (*sysctl) (struct ctl_table *table, int op); 1295 int (*sysctl) (struct ctl_table *table, int op);
1313 int (*quotactl) (int cmds, int type, int id, struct super_block *sb); 1296 int (*quotactl) (int cmds, int type, int id, struct super_block *sb);
@@ -1316,13 +1299,11 @@ struct security_operations {
1316 int (*settime) (struct timespec *ts, struct timezone *tz); 1299 int (*settime) (struct timespec *ts, struct timezone *tz);
1317 int (*vm_enough_memory) (struct mm_struct *mm, long pages); 1300 int (*vm_enough_memory) (struct mm_struct *mm, long pages);
1318 1301
1319 int (*bprm_alloc_security) (struct linux_binprm *bprm); 1302 int (*bprm_set_creds) (struct linux_binprm *bprm);
1320 void (*bprm_free_security) (struct linux_binprm *bprm);
1321 void (*bprm_apply_creds) (struct linux_binprm *bprm, int unsafe);
1322 void (*bprm_post_apply_creds) (struct linux_binprm *bprm);
1323 int (*bprm_set_security) (struct linux_binprm *bprm);
1324 int (*bprm_check_security) (struct linux_binprm *bprm); 1303 int (*bprm_check_security) (struct linux_binprm *bprm);
1325 int (*bprm_secureexec) (struct linux_binprm *bprm); 1304 int (*bprm_secureexec) (struct linux_binprm *bprm);
1305 void (*bprm_committing_creds) (struct linux_binprm *bprm);
1306 void (*bprm_committed_creds) (struct linux_binprm *bprm);
1326 1307
1327 int (*sb_alloc_security) (struct super_block *sb); 1308 int (*sb_alloc_security) (struct super_block *sb);
1328 void (*sb_free_security) (struct super_block *sb); 1309 void (*sb_free_security) (struct super_block *sb);
@@ -1406,14 +1387,18 @@ struct security_operations {
1406 int (*file_send_sigiotask) (struct task_struct *tsk, 1387 int (*file_send_sigiotask) (struct task_struct *tsk,
1407 struct fown_struct *fown, int sig); 1388 struct fown_struct *fown, int sig);
1408 int (*file_receive) (struct file *file); 1389 int (*file_receive) (struct file *file);
1409 int (*dentry_open) (struct file *file); 1390 int (*dentry_open) (struct file *file, const struct cred *cred);
1410 1391
1411 int (*task_create) (unsigned long clone_flags); 1392 int (*task_create) (unsigned long clone_flags);
1412 int (*task_alloc_security) (struct task_struct *p); 1393 void (*cred_free) (struct cred *cred);
1413 void (*task_free_security) (struct task_struct *p); 1394 int (*cred_prepare)(struct cred *new, const struct cred *old,
1395 gfp_t gfp);
1396 void (*cred_commit)(struct cred *new, const struct cred *old);
1397 int (*kernel_act_as)(struct cred *new, u32 secid);
1398 int (*kernel_create_files_as)(struct cred *new, struct inode *inode);
1414 int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags); 1399 int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags);
1415 int (*task_post_setuid) (uid_t old_ruid /* or fsuid */ , 1400 int (*task_fix_setuid) (struct cred *new, const struct cred *old,
1416 uid_t old_euid, uid_t old_suid, int flags); 1401 int flags);
1417 int (*task_setgid) (gid_t id0, gid_t id1, gid_t id2, int flags); 1402 int (*task_setgid) (gid_t id0, gid_t id1, gid_t id2, int flags);
1418 int (*task_setpgid) (struct task_struct *p, pid_t pgid); 1403 int (*task_setpgid) (struct task_struct *p, pid_t pgid);
1419 int (*task_getpgid) (struct task_struct *p); 1404 int (*task_getpgid) (struct task_struct *p);
@@ -1433,8 +1418,7 @@ struct security_operations {
1433 int (*task_wait) (struct task_struct *p); 1418 int (*task_wait) (struct task_struct *p);
1434 int (*task_prctl) (int option, unsigned long arg2, 1419 int (*task_prctl) (int option, unsigned long arg2,
1435 unsigned long arg3, unsigned long arg4, 1420 unsigned long arg3, unsigned long arg4,
1436 unsigned long arg5, long *rc_p); 1421 unsigned long arg5);
1437 void (*task_reparent_to_init) (struct task_struct *p);
1438 void (*task_to_inode) (struct task_struct *p, struct inode *inode); 1422 void (*task_to_inode) (struct task_struct *p, struct inode *inode);
1439 1423
1440 int (*ipc_permission) (struct kern_ipc_perm *ipcp, short flag); 1424 int (*ipc_permission) (struct kern_ipc_perm *ipcp, short flag);
@@ -1539,10 +1523,10 @@ struct security_operations {
1539 1523
1540 /* key management security hooks */ 1524 /* key management security hooks */
1541#ifdef CONFIG_KEYS 1525#ifdef CONFIG_KEYS
1542 int (*key_alloc) (struct key *key, struct task_struct *tsk, unsigned long flags); 1526 int (*key_alloc) (struct key *key, const struct cred *cred, unsigned long flags);
1543 void (*key_free) (struct key *key); 1527 void (*key_free) (struct key *key);
1544 int (*key_permission) (key_ref_t key_ref, 1528 int (*key_permission) (key_ref_t key_ref,
1545 struct task_struct *context, 1529 const struct cred *cred,
1546 key_perm_t perm); 1530 key_perm_t perm);
1547 int (*key_getsecurity)(struct key *key, char **_buffer); 1531 int (*key_getsecurity)(struct key *key, char **_buffer);
1548#endif /* CONFIG_KEYS */ 1532#endif /* CONFIG_KEYS */
@@ -1568,15 +1552,12 @@ int security_capget(struct task_struct *target,
1568 kernel_cap_t *effective, 1552 kernel_cap_t *effective,
1569 kernel_cap_t *inheritable, 1553 kernel_cap_t *inheritable,
1570 kernel_cap_t *permitted); 1554 kernel_cap_t *permitted);
1571int security_capset_check(struct task_struct *target, 1555int security_capset(struct cred *new, const struct cred *old,
1572 kernel_cap_t *effective, 1556 const kernel_cap_t *effective,
1573 kernel_cap_t *inheritable, 1557 const kernel_cap_t *inheritable,
1574 kernel_cap_t *permitted); 1558 const kernel_cap_t *permitted);
1575void security_capset_set(struct task_struct *target,
1576 kernel_cap_t *effective,
1577 kernel_cap_t *inheritable,
1578 kernel_cap_t *permitted);
1579int security_capable(struct task_struct *tsk, int cap); 1559int security_capable(struct task_struct *tsk, int cap);
1560int security_capable_noaudit(struct task_struct *tsk, int cap);
1580int security_acct(struct file *file); 1561int security_acct(struct file *file);
1581int security_sysctl(struct ctl_table *table, int op); 1562int security_sysctl(struct ctl_table *table, int op);
1582int security_quotactl(int cmds, int type, int id, struct super_block *sb); 1563int security_quotactl(int cmds, int type, int id, struct super_block *sb);
@@ -1586,12 +1567,10 @@ int security_settime(struct timespec *ts, struct timezone *tz);
1586int security_vm_enough_memory(long pages); 1567int security_vm_enough_memory(long pages);
1587int security_vm_enough_memory_mm(struct mm_struct *mm, long pages); 1568int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
1588int security_vm_enough_memory_kern(long pages); 1569int security_vm_enough_memory_kern(long pages);
1589int security_bprm_alloc(struct linux_binprm *bprm); 1570int security_bprm_set_creds(struct linux_binprm *bprm);
1590void security_bprm_free(struct linux_binprm *bprm);
1591void security_bprm_apply_creds(struct linux_binprm *bprm, int unsafe);
1592void security_bprm_post_apply_creds(struct linux_binprm *bprm);
1593int security_bprm_set(struct linux_binprm *bprm);
1594int security_bprm_check(struct linux_binprm *bprm); 1571int security_bprm_check(struct linux_binprm *bprm);
1572void security_bprm_committing_creds(struct linux_binprm *bprm);
1573void security_bprm_committed_creds(struct linux_binprm *bprm);
1595int security_bprm_secureexec(struct linux_binprm *bprm); 1574int security_bprm_secureexec(struct linux_binprm *bprm);
1596int security_sb_alloc(struct super_block *sb); 1575int security_sb_alloc(struct super_block *sb);
1597void security_sb_free(struct super_block *sb); 1576void security_sb_free(struct super_block *sb);
@@ -1663,13 +1642,16 @@ int security_file_set_fowner(struct file *file);
1663int security_file_send_sigiotask(struct task_struct *tsk, 1642int security_file_send_sigiotask(struct task_struct *tsk,
1664 struct fown_struct *fown, int sig); 1643 struct fown_struct *fown, int sig);
1665int security_file_receive(struct file *file); 1644int security_file_receive(struct file *file);
1666int security_dentry_open(struct file *file); 1645int security_dentry_open(struct file *file, const struct cred *cred);
1667int security_task_create(unsigned long clone_flags); 1646int security_task_create(unsigned long clone_flags);
1668int security_task_alloc(struct task_struct *p); 1647void security_cred_free(struct cred *cred);
1669void security_task_free(struct task_struct *p); 1648int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
1649void security_commit_creds(struct cred *new, const struct cred *old);
1650int security_kernel_act_as(struct cred *new, u32 secid);
1651int security_kernel_create_files_as(struct cred *new, struct inode *inode);
1670int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags); 1652int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags);
1671int security_task_post_setuid(uid_t old_ruid, uid_t old_euid, 1653int security_task_fix_setuid(struct cred *new, const struct cred *old,
1672 uid_t old_suid, int flags); 1654 int flags);
1673int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags); 1655int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags);
1674int security_task_setpgid(struct task_struct *p, pid_t pgid); 1656int security_task_setpgid(struct task_struct *p, pid_t pgid);
1675int security_task_getpgid(struct task_struct *p); 1657int security_task_getpgid(struct task_struct *p);
@@ -1688,8 +1670,7 @@ int security_task_kill(struct task_struct *p, struct siginfo *info,
1688 int sig, u32 secid); 1670 int sig, u32 secid);
1689int security_task_wait(struct task_struct *p); 1671int security_task_wait(struct task_struct *p);
1690int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, 1672int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
1691 unsigned long arg4, unsigned long arg5, long *rc_p); 1673 unsigned long arg4, unsigned long arg5);
1692void security_task_reparent_to_init(struct task_struct *p);
1693void security_task_to_inode(struct task_struct *p, struct inode *inode); 1674void security_task_to_inode(struct task_struct *p, struct inode *inode);
1694int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag); 1675int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag);
1695void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid); 1676void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid);
@@ -1764,25 +1745,23 @@ static inline int security_capget(struct task_struct *target,
1764 return cap_capget(target, effective, inheritable, permitted); 1745 return cap_capget(target, effective, inheritable, permitted);
1765} 1746}
1766 1747
1767static inline int security_capset_check(struct task_struct *target, 1748static inline int security_capset(struct cred *new,
1768 kernel_cap_t *effective, 1749 const struct cred *old,
1769 kernel_cap_t *inheritable, 1750 const kernel_cap_t *effective,
1770 kernel_cap_t *permitted) 1751 const kernel_cap_t *inheritable,
1752 const kernel_cap_t *permitted)
1771{ 1753{
1772 return cap_capset_check(target, effective, inheritable, permitted); 1754 return cap_capset(new, old, effective, inheritable, permitted);
1773} 1755}
1774 1756
1775static inline void security_capset_set(struct task_struct *target, 1757static inline int security_capable(struct task_struct *tsk, int cap)
1776 kernel_cap_t *effective,
1777 kernel_cap_t *inheritable,
1778 kernel_cap_t *permitted)
1779{ 1758{
1780 cap_capset_set(target, effective, inheritable, permitted); 1759 return cap_capable(tsk, cap, SECURITY_CAP_AUDIT);
1781} 1760}
1782 1761
1783static inline int security_capable(struct task_struct *tsk, int cap) 1762static inline int security_capable_noaudit(struct task_struct *tsk, int cap)
1784{ 1763{
1785 return cap_capable(tsk, cap); 1764 return cap_capable(tsk, cap, SECURITY_CAP_NOAUDIT);
1786} 1765}
1787 1766
1788static inline int security_acct(struct file *file) 1767static inline int security_acct(struct file *file)
@@ -1831,32 +1810,22 @@ static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
1831 return cap_vm_enough_memory(mm, pages); 1810 return cap_vm_enough_memory(mm, pages);
1832} 1811}
1833 1812
1834static inline int security_bprm_alloc(struct linux_binprm *bprm) 1813static inline int security_bprm_set_creds(struct linux_binprm *bprm)
1835{
1836 return 0;
1837}
1838
1839static inline void security_bprm_free(struct linux_binprm *bprm)
1840{ }
1841
1842static inline void security_bprm_apply_creds(struct linux_binprm *bprm, int unsafe)
1843{ 1814{
1844 cap_bprm_apply_creds(bprm, unsafe); 1815 return cap_bprm_set_creds(bprm);
1845} 1816}
1846 1817
1847static inline void security_bprm_post_apply_creds(struct linux_binprm *bprm) 1818static inline int security_bprm_check(struct linux_binprm *bprm)
1848{ 1819{
1849 return; 1820 return 0;
1850} 1821}
1851 1822
1852static inline int security_bprm_set(struct linux_binprm *bprm) 1823static inline void security_bprm_committing_creds(struct linux_binprm *bprm)
1853{ 1824{
1854 return cap_bprm_set_security(bprm);
1855} 1825}
1856 1826
1857static inline int security_bprm_check(struct linux_binprm *bprm) 1827static inline void security_bprm_committed_creds(struct linux_binprm *bprm)
1858{ 1828{
1859 return 0;
1860} 1829}
1861 1830
1862static inline int security_bprm_secureexec(struct linux_binprm *bprm) 1831static inline int security_bprm_secureexec(struct linux_binprm *bprm)
@@ -2173,7 +2142,8 @@ static inline int security_file_receive(struct file *file)
2173 return 0; 2142 return 0;
2174} 2143}
2175 2144
2176static inline int security_dentry_open(struct file *file) 2145static inline int security_dentry_open(struct file *file,
2146 const struct cred *cred)
2177{ 2147{
2178 return 0; 2148 return 0;
2179} 2149}
@@ -2183,13 +2153,31 @@ static inline int security_task_create(unsigned long clone_flags)
2183 return 0; 2153 return 0;
2184} 2154}
2185 2155
2186static inline int security_task_alloc(struct task_struct *p) 2156static inline void security_cred_free(struct cred *cred)
2157{ }
2158
2159static inline int security_prepare_creds(struct cred *new,
2160 const struct cred *old,
2161 gfp_t gfp)
2187{ 2162{
2188 return 0; 2163 return 0;
2189} 2164}
2190 2165
2191static inline void security_task_free(struct task_struct *p) 2166static inline void security_commit_creds(struct cred *new,
2192{ } 2167 const struct cred *old)
2168{
2169}
2170
2171static inline int security_kernel_act_as(struct cred *cred, u32 secid)
2172{
2173 return 0;
2174}
2175
2176static inline int security_kernel_create_files_as(struct cred *cred,
2177 struct inode *inode)
2178{
2179 return 0;
2180}
2193 2181
2194static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, 2182static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2,
2195 int flags) 2183 int flags)
@@ -2197,10 +2185,11 @@ static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2,
2197 return 0; 2185 return 0;
2198} 2186}
2199 2187
2200static inline int security_task_post_setuid(uid_t old_ruid, uid_t old_euid, 2188static inline int security_task_fix_setuid(struct cred *new,
2201 uid_t old_suid, int flags) 2189 const struct cred *old,
2190 int flags)
2202{ 2191{
2203 return cap_task_post_setuid(old_ruid, old_euid, old_suid, flags); 2192 return cap_task_fix_setuid(new, old, flags);
2204} 2193}
2205 2194
2206static inline int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, 2195static inline int security_task_setgid(gid_t id0, gid_t id1, gid_t id2,
@@ -2287,14 +2276,9 @@ static inline int security_task_wait(struct task_struct *p)
2287static inline int security_task_prctl(int option, unsigned long arg2, 2276static inline int security_task_prctl(int option, unsigned long arg2,
2288 unsigned long arg3, 2277 unsigned long arg3,
2289 unsigned long arg4, 2278 unsigned long arg4,
2290 unsigned long arg5, long *rc_p) 2279 unsigned long arg5)
2291{
2292 return cap_task_prctl(option, arg2, arg3, arg3, arg5, rc_p);
2293}
2294
2295static inline void security_task_reparent_to_init(struct task_struct *p)
2296{ 2280{
2297 cap_task_reparent_to_init(p); 2281 return cap_task_prctl(option, arg2, arg3, arg3, arg5);
2298} 2282}
2299 2283
2300static inline void security_task_to_inode(struct task_struct *p, struct inode *inode) 2284static inline void security_task_to_inode(struct task_struct *p, struct inode *inode)
@@ -2720,16 +2704,16 @@ static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi
2720#ifdef CONFIG_KEYS 2704#ifdef CONFIG_KEYS
2721#ifdef CONFIG_SECURITY 2705#ifdef CONFIG_SECURITY
2722 2706
2723int security_key_alloc(struct key *key, struct task_struct *tsk, unsigned long flags); 2707int security_key_alloc(struct key *key, const struct cred *cred, unsigned long flags);
2724void security_key_free(struct key *key); 2708void security_key_free(struct key *key);
2725int security_key_permission(key_ref_t key_ref, 2709int security_key_permission(key_ref_t key_ref,
2726 struct task_struct *context, key_perm_t perm); 2710 const struct cred *cred, key_perm_t perm);
2727int security_key_getsecurity(struct key *key, char **_buffer); 2711int security_key_getsecurity(struct key *key, char **_buffer);
2728 2712
2729#else 2713#else
2730 2714
2731static inline int security_key_alloc(struct key *key, 2715static inline int security_key_alloc(struct key *key,
2732 struct task_struct *tsk, 2716 const struct cred *cred,
2733 unsigned long flags) 2717 unsigned long flags)
2734{ 2718{
2735 return 0; 2719 return 0;
@@ -2740,7 +2724,7 @@ static inline void security_key_free(struct key *key)
2740} 2724}
2741 2725
2742static inline int security_key_permission(key_ref_t key_ref, 2726static inline int security_key_permission(key_ref_t key_ref,
2743 struct task_struct *context, 2727 const struct cred *cred,
2744 key_perm_t perm) 2728 key_perm_t perm)
2745{ 2729{
2746 return 0; 2730 return 0;
diff --git a/include/net/scm.h b/include/net/scm.h
index 33e9986beb86..f45bb6eca7d4 100644
--- a/include/net/scm.h
+++ b/include/net/scm.h
@@ -55,8 +55,8 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg,
55 struct scm_cookie *scm) 55 struct scm_cookie *scm)
56{ 56{
57 struct task_struct *p = current; 57 struct task_struct *p = current;
58 scm->creds.uid = p->uid; 58 scm->creds.uid = current_uid();
59 scm->creds.gid = p->gid; 59 scm->creds.gid = current_gid();
60 scm->creds.pid = task_tgid_vnr(p); 60 scm->creds.pid = task_tgid_vnr(p);
61 scm->fp = NULL; 61 scm->fp = NULL;
62 scm->seq = 0; 62 scm->seq = 0;
diff --git a/init/main.c b/init/main.c
index 7e117a231af1..db843bff5732 100644
--- a/init/main.c
+++ b/init/main.c
@@ -669,6 +669,7 @@ asmlinkage void __init start_kernel(void)
669 efi_enter_virtual_mode(); 669 efi_enter_virtual_mode();
670#endif 670#endif
671 thread_info_cache_init(); 671 thread_info_cache_init();
672 cred_init();
672 fork_init(num_physpages); 673 fork_init(num_physpages);
673 proc_caches_init(); 674 proc_caches_init();
674 buffer_init(); 675 buffer_init();
diff --git a/ipc/mqueue.c b/ipc/mqueue.c
index 68eb857cfdea..d9393f8e4c3e 100644
--- a/ipc/mqueue.c
+++ b/ipc/mqueue.c
@@ -112,13 +112,14 @@ static inline struct mqueue_inode_info *MQUEUE_I(struct inode *inode)
112static struct inode *mqueue_get_inode(struct super_block *sb, int mode, 112static struct inode *mqueue_get_inode(struct super_block *sb, int mode,
113 struct mq_attr *attr) 113 struct mq_attr *attr)
114{ 114{
115 struct user_struct *u = current_user();
115 struct inode *inode; 116 struct inode *inode;
116 117
117 inode = new_inode(sb); 118 inode = new_inode(sb);
118 if (inode) { 119 if (inode) {
119 inode->i_mode = mode; 120 inode->i_mode = mode;
120 inode->i_uid = current->fsuid; 121 inode->i_uid = current_fsuid();
121 inode->i_gid = current->fsgid; 122 inode->i_gid = current_fsgid();
122 inode->i_blocks = 0; 123 inode->i_blocks = 0;
123 inode->i_mtime = inode->i_ctime = inode->i_atime = 124 inode->i_mtime = inode->i_ctime = inode->i_atime =
124 CURRENT_TIME; 125 CURRENT_TIME;
@@ -126,7 +127,6 @@ static struct inode *mqueue_get_inode(struct super_block *sb, int mode,
126 if (S_ISREG(mode)) { 127 if (S_ISREG(mode)) {
127 struct mqueue_inode_info *info; 128 struct mqueue_inode_info *info;
128 struct task_struct *p = current; 129 struct task_struct *p = current;
129 struct user_struct *u = p->user;
130 unsigned long mq_bytes, mq_msg_tblsz; 130 unsigned long mq_bytes, mq_msg_tblsz;
131 131
132 inode->i_fop = &mqueue_file_operations; 132 inode->i_fop = &mqueue_file_operations;
@@ -507,7 +507,7 @@ static void __do_notify(struct mqueue_inode_info *info)
507 sig_i.si_code = SI_MESGQ; 507 sig_i.si_code = SI_MESGQ;
508 sig_i.si_value = info->notify.sigev_value; 508 sig_i.si_value = info->notify.sigev_value;
509 sig_i.si_pid = task_tgid_vnr(current); 509 sig_i.si_pid = task_tgid_vnr(current);
510 sig_i.si_uid = current->uid; 510 sig_i.si_uid = current_uid();
511 511
512 kill_pid_info(info->notify.sigev_signo, 512 kill_pid_info(info->notify.sigev_signo,
513 &sig_i, info->notify_owner); 513 &sig_i, info->notify_owner);
@@ -594,6 +594,7 @@ static int mq_attr_ok(struct mq_attr *attr)
594static struct file *do_create(struct dentry *dir, struct dentry *dentry, 594static struct file *do_create(struct dentry *dir, struct dentry *dentry,
595 int oflag, mode_t mode, struct mq_attr __user *u_attr) 595 int oflag, mode_t mode, struct mq_attr __user *u_attr)
596{ 596{
597 const struct cred *cred = current_cred();
597 struct mq_attr attr; 598 struct mq_attr attr;
598 struct file *result; 599 struct file *result;
599 int ret; 600 int ret;
@@ -618,7 +619,7 @@ static struct file *do_create(struct dentry *dir, struct dentry *dentry,
618 if (ret) 619 if (ret)
619 goto out_drop_write; 620 goto out_drop_write;
620 621
621 result = dentry_open(dentry, mqueue_mnt, oflag); 622 result = dentry_open(dentry, mqueue_mnt, oflag, cred);
622 /* 623 /*
623 * dentry_open() took a persistent mnt_want_write(), 624 * dentry_open() took a persistent mnt_want_write(),
624 * so we can now drop this one. 625 * so we can now drop this one.
@@ -637,8 +638,10 @@ out:
637/* Opens existing queue */ 638/* Opens existing queue */
638static struct file *do_open(struct dentry *dentry, int oflag) 639static struct file *do_open(struct dentry *dentry, int oflag)
639{ 640{
640static int oflag2acc[O_ACCMODE] = { MAY_READ, MAY_WRITE, 641 const struct cred *cred = current_cred();
641 MAY_READ | MAY_WRITE }; 642
643 static const int oflag2acc[O_ACCMODE] = { MAY_READ, MAY_WRITE,
644 MAY_READ | MAY_WRITE };
642 645
643 if ((oflag & O_ACCMODE) == (O_RDWR | O_WRONLY)) { 646 if ((oflag & O_ACCMODE) == (O_RDWR | O_WRONLY)) {
644 dput(dentry); 647 dput(dentry);
@@ -652,7 +655,7 @@ static int oflag2acc[O_ACCMODE] = { MAY_READ, MAY_WRITE,
652 return ERR_PTR(-EACCES); 655 return ERR_PTR(-EACCES);
653 } 656 }
654 657
655 return dentry_open(dentry, mqueue_mnt, oflag); 658 return dentry_open(dentry, mqueue_mnt, oflag, cred);
656} 659}
657 660
658asmlinkage long sys_mq_open(const char __user *u_name, int oflag, mode_t mode, 661asmlinkage long sys_mq_open(const char __user *u_name, int oflag, mode_t mode,
diff --git a/ipc/shm.c b/ipc/shm.c
index 867e5d6a55c2..38a055758a9b 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -366,7 +366,7 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
366 if (shmflg & SHM_HUGETLB) { 366 if (shmflg & SHM_HUGETLB) {
367 /* hugetlb_file_setup takes care of mlock user accounting */ 367 /* hugetlb_file_setup takes care of mlock user accounting */
368 file = hugetlb_file_setup(name, size); 368 file = hugetlb_file_setup(name, size);
369 shp->mlock_user = current->user; 369 shp->mlock_user = current_user();
370 } else { 370 } else {
371 int acctflag = VM_ACCOUNT; 371 int acctflag = VM_ACCOUNT;
372 /* 372 /*
@@ -752,9 +752,10 @@ asmlinkage long sys_shmctl(int shmid, int cmd, struct shmid_ds __user *buf)
752 goto out_unlock; 752 goto out_unlock;
753 753
754 if (!capable(CAP_IPC_LOCK)) { 754 if (!capable(CAP_IPC_LOCK)) {
755 uid_t euid = current_euid();
755 err = -EPERM; 756 err = -EPERM;
756 if (current->euid != shp->shm_perm.uid && 757 if (euid != shp->shm_perm.uid &&
757 current->euid != shp->shm_perm.cuid) 758 euid != shp->shm_perm.cuid)
758 goto out_unlock; 759 goto out_unlock;
759 if (cmd == SHM_LOCK && 760 if (cmd == SHM_LOCK &&
760 !current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur) 761 !current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur)
@@ -766,7 +767,7 @@ asmlinkage long sys_shmctl(int shmid, int cmd, struct shmid_ds __user *buf)
766 goto out_unlock; 767 goto out_unlock;
767 768
768 if(cmd==SHM_LOCK) { 769 if(cmd==SHM_LOCK) {
769 struct user_struct * user = current->user; 770 struct user_struct *user = current_user();
770 if (!is_file_hugepages(shp->shm_file)) { 771 if (!is_file_hugepages(shp->shm_file)) {
771 err = shmem_lock(shp->shm_file, 1, user); 772 err = shmem_lock(shp->shm_file, 1, user);
772 if (!err && !(shp->shm_perm.mode & SHM_LOCKED)){ 773 if (!err && !(shp->shm_perm.mode & SHM_LOCKED)){
diff --git a/ipc/util.c b/ipc/util.c
index 49b3ea615dc5..c8a76701b6c9 100644
--- a/ipc/util.c
+++ b/ipc/util.c
@@ -258,6 +258,8 @@ int ipc_get_maxid(struct ipc_ids *ids)
258 258
259int ipc_addid(struct ipc_ids* ids, struct kern_ipc_perm* new, int size) 259int ipc_addid(struct ipc_ids* ids, struct kern_ipc_perm* new, int size)
260{ 260{
261 uid_t euid;
262 gid_t egid;
261 int id, err; 263 int id, err;
262 264
263 if (size > IPCMNI) 265 if (size > IPCMNI)
@@ -272,8 +274,9 @@ int ipc_addid(struct ipc_ids* ids, struct kern_ipc_perm* new, int size)
272 274
273 ids->in_use++; 275 ids->in_use++;
274 276
275 new->cuid = new->uid = current->euid; 277 current_euid_egid(&euid, &egid);
276 new->gid = new->cgid = current->egid; 278 new->cuid = new->uid = euid;
279 new->gid = new->cgid = egid;
277 280
278 new->seq = ids->seq++; 281 new->seq = ids->seq++;
279 if(ids->seq > ids->seq_max) 282 if(ids->seq > ids->seq_max)
@@ -616,13 +619,15 @@ void ipc_rcu_putref(void *ptr)
616 619
617int ipcperms (struct kern_ipc_perm *ipcp, short flag) 620int ipcperms (struct kern_ipc_perm *ipcp, short flag)
618{ /* flag will most probably be 0 or S_...UGO from <linux/stat.h> */ 621{ /* flag will most probably be 0 or S_...UGO from <linux/stat.h> */
622 uid_t euid = current_euid();
619 int requested_mode, granted_mode, err; 623 int requested_mode, granted_mode, err;
620 624
621 if (unlikely((err = audit_ipc_obj(ipcp)))) 625 if (unlikely((err = audit_ipc_obj(ipcp))))
622 return err; 626 return err;
623 requested_mode = (flag >> 6) | (flag >> 3) | flag; 627 requested_mode = (flag >> 6) | (flag >> 3) | flag;
624 granted_mode = ipcp->mode; 628 granted_mode = ipcp->mode;
625 if (current->euid == ipcp->cuid || current->euid == ipcp->uid) 629 if (euid == ipcp->cuid ||
630 euid == ipcp->uid)
626 granted_mode >>= 6; 631 granted_mode >>= 6;
627 else if (in_group_p(ipcp->cgid) || in_group_p(ipcp->gid)) 632 else if (in_group_p(ipcp->cgid) || in_group_p(ipcp->gid))
628 granted_mode >>= 3; 633 granted_mode >>= 3;
@@ -784,6 +789,7 @@ struct kern_ipc_perm *ipcctl_pre_down(struct ipc_ids *ids, int id, int cmd,
784 struct ipc64_perm *perm, int extra_perm) 789 struct ipc64_perm *perm, int extra_perm)
785{ 790{
786 struct kern_ipc_perm *ipcp; 791 struct kern_ipc_perm *ipcp;
792 uid_t euid;
787 int err; 793 int err;
788 794
789 down_write(&ids->rw_mutex); 795 down_write(&ids->rw_mutex);
@@ -803,8 +809,10 @@ struct kern_ipc_perm *ipcctl_pre_down(struct ipc_ids *ids, int id, int cmd,
803 if (err) 809 if (err)
804 goto out_unlock; 810 goto out_unlock;
805 } 811 }
806 if (current->euid == ipcp->cuid || 812
807 current->euid == ipcp->uid || capable(CAP_SYS_ADMIN)) 813 euid = current_euid();
814 if (euid == ipcp->cuid ||
815 euid == ipcp->uid || capable(CAP_SYS_ADMIN))
808 return ipcp; 816 return ipcp;
809 817
810 err = -EPERM; 818 err = -EPERM;
diff --git a/kernel/Makefile b/kernel/Makefile
index 19fad003b19d..b1e6b6625ea2 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -9,7 +9,7 @@ obj-y = sched.o fork.o exec_domain.o panic.o printk.o \
9 rcupdate.o extable.o params.o posix-timers.o \ 9 rcupdate.o extable.o params.o posix-timers.o \
10 kthread.o wait.o kfifo.o sys_ni.o posix-cpu-timers.o mutex.o \ 10 kthread.o wait.o kfifo.o sys_ni.o posix-cpu-timers.o mutex.o \
11 hrtimer.o rwsem.o nsproxy.o srcu.o semaphore.o \ 11 hrtimer.o rwsem.o nsproxy.o srcu.o semaphore.o \
12 notifier.o ksysfs.o pm_qos_params.o sched_clock.o 12 notifier.o ksysfs.o pm_qos_params.o sched_clock.o cred.o
13 13
14ifdef CONFIG_FUNCTION_TRACER 14ifdef CONFIG_FUNCTION_TRACER
15# Do not trace debug files and internal ftrace files 15# Do not trace debug files and internal ftrace files
diff --git a/kernel/acct.c b/kernel/acct.c
index f6006a60df5d..d57b7cbb98b6 100644
--- a/kernel/acct.c
+++ b/kernel/acct.c
@@ -530,15 +530,14 @@ static void do_acct_process(struct bsd_acct_struct *acct,
530 do_div(elapsed, AHZ); 530 do_div(elapsed, AHZ);
531 ac.ac_btime = get_seconds() - elapsed; 531 ac.ac_btime = get_seconds() - elapsed;
532 /* we really need to bite the bullet and change layout */ 532 /* we really need to bite the bullet and change layout */
533 ac.ac_uid = current->uid; 533 current_uid_gid(&ac.ac_uid, &ac.ac_gid);
534 ac.ac_gid = current->gid;
535#if ACCT_VERSION==2 534#if ACCT_VERSION==2
536 ac.ac_ahz = AHZ; 535 ac.ac_ahz = AHZ;
537#endif 536#endif
538#if ACCT_VERSION==1 || ACCT_VERSION==2 537#if ACCT_VERSION==1 || ACCT_VERSION==2
539 /* backward-compatible 16 bit fields */ 538 /* backward-compatible 16 bit fields */
540 ac.ac_uid16 = current->uid; 539 ac.ac_uid16 = ac.ac_uid;
541 ac.ac_gid16 = current->gid; 540 ac.ac_gid16 = ac.ac_gid;
542#endif 541#endif
543#if ACCT_VERSION==3 542#if ACCT_VERSION==3
544 ac.ac_pid = task_tgid_nr_ns(current, ns); 543 ac.ac_pid = task_tgid_nr_ns(current, ns);
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index cf5bc2f5f9c3..bc1e2d854bf6 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -65,6 +65,7 @@
65#include <linux/highmem.h> 65#include <linux/highmem.h>
66#include <linux/syscalls.h> 66#include <linux/syscalls.h>
67#include <linux/inotify.h> 67#include <linux/inotify.h>
68#include <linux/capability.h>
68 69
69#include "audit.h" 70#include "audit.h"
70 71
@@ -84,6 +85,15 @@ int audit_n_rules;
84/* determines whether we collect data for signals sent */ 85/* determines whether we collect data for signals sent */
85int audit_signals; 86int audit_signals;
86 87
88struct audit_cap_data {
89 kernel_cap_t permitted;
90 kernel_cap_t inheritable;
91 union {
92 unsigned int fE; /* effective bit of a file capability */
93 kernel_cap_t effective; /* effective set of a process */
94 };
95};
96
87/* When fs/namei.c:getname() is called, we store the pointer in name and 97/* When fs/namei.c:getname() is called, we store the pointer in name and
88 * we don't let putname() free it (instead we free all of the saved 98 * we don't let putname() free it (instead we free all of the saved
89 * pointers at syscall exit time). 99 * pointers at syscall exit time).
@@ -100,6 +110,8 @@ struct audit_names {
100 gid_t gid; 110 gid_t gid;
101 dev_t rdev; 111 dev_t rdev;
102 u32 osid; 112 u32 osid;
113 struct audit_cap_data fcap;
114 unsigned int fcap_ver;
103}; 115};
104 116
105struct audit_aux_data { 117struct audit_aux_data {
@@ -184,6 +196,20 @@ struct audit_aux_data_pids {
184 int pid_count; 196 int pid_count;
185}; 197};
186 198
199struct audit_aux_data_bprm_fcaps {
200 struct audit_aux_data d;
201 struct audit_cap_data fcap;
202 unsigned int fcap_ver;
203 struct audit_cap_data old_pcap;
204 struct audit_cap_data new_pcap;
205};
206
207struct audit_aux_data_capset {
208 struct audit_aux_data d;
209 pid_t pid;
210 struct audit_cap_data cap;
211};
212
187struct audit_tree_refs { 213struct audit_tree_refs {
188 struct audit_tree_refs *next; 214 struct audit_tree_refs *next;
189 struct audit_chunk *c[31]; 215 struct audit_chunk *c[31];
@@ -421,6 +447,7 @@ static int audit_filter_rules(struct task_struct *tsk,
421 struct audit_names *name, 447 struct audit_names *name,
422 enum audit_state *state) 448 enum audit_state *state)
423{ 449{
450 const struct cred *cred = get_task_cred(tsk);
424 int i, j, need_sid = 1; 451 int i, j, need_sid = 1;
425 u32 sid; 452 u32 sid;
426 453
@@ -440,28 +467,28 @@ static int audit_filter_rules(struct task_struct *tsk,
440 } 467 }
441 break; 468 break;
442 case AUDIT_UID: 469 case AUDIT_UID:
443 result = audit_comparator(tsk->uid, f->op, f->val); 470 result = audit_comparator(cred->uid, f->op, f->val);
444 break; 471 break;
445 case AUDIT_EUID: 472 case AUDIT_EUID:
446 result = audit_comparator(tsk->euid, f->op, f->val); 473 result = audit_comparator(cred->euid, f->op, f->val);
447 break; 474 break;
448 case AUDIT_SUID: 475 case AUDIT_SUID:
449 result = audit_comparator(tsk->suid, f->op, f->val); 476 result = audit_comparator(cred->suid, f->op, f->val);
450 break; 477 break;
451 case AUDIT_FSUID: 478 case AUDIT_FSUID:
452 result = audit_comparator(tsk->fsuid, f->op, f->val); 479 result = audit_comparator(cred->fsuid, f->op, f->val);
453 break; 480 break;
454 case AUDIT_GID: 481 case AUDIT_GID:
455 result = audit_comparator(tsk->gid, f->op, f->val); 482 result = audit_comparator(cred->gid, f->op, f->val);
456 break; 483 break;
457 case AUDIT_EGID: 484 case AUDIT_EGID:
458 result = audit_comparator(tsk->egid, f->op, f->val); 485 result = audit_comparator(cred->egid, f->op, f->val);
459 break; 486 break;
460 case AUDIT_SGID: 487 case AUDIT_SGID:
461 result = audit_comparator(tsk->sgid, f->op, f->val); 488 result = audit_comparator(cred->sgid, f->op, f->val);
462 break; 489 break;
463 case AUDIT_FSGID: 490 case AUDIT_FSGID:
464 result = audit_comparator(tsk->fsgid, f->op, f->val); 491 result = audit_comparator(cred->fsgid, f->op, f->val);
465 break; 492 break;
466 case AUDIT_PERS: 493 case AUDIT_PERS:
467 result = audit_comparator(tsk->personality, f->op, f->val); 494 result = audit_comparator(tsk->personality, f->op, f->val);
@@ -615,8 +642,10 @@ static int audit_filter_rules(struct task_struct *tsk,
615 break; 642 break;
616 } 643 }
617 644
618 if (!result) 645 if (!result) {
646 put_cred(cred);
619 return 0; 647 return 0;
648 }
620 } 649 }
621 if (rule->filterkey && ctx) 650 if (rule->filterkey && ctx)
622 ctx->filterkey = kstrdup(rule->filterkey, GFP_ATOMIC); 651 ctx->filterkey = kstrdup(rule->filterkey, GFP_ATOMIC);
@@ -624,6 +653,7 @@ static int audit_filter_rules(struct task_struct *tsk,
624 case AUDIT_NEVER: *state = AUDIT_DISABLED; break; 653 case AUDIT_NEVER: *state = AUDIT_DISABLED; break;
625 case AUDIT_ALWAYS: *state = AUDIT_RECORD_CONTEXT; break; 654 case AUDIT_ALWAYS: *state = AUDIT_RECORD_CONTEXT; break;
626 } 655 }
656 put_cred(cred);
627 return 1; 657 return 1;
628} 658}
629 659
@@ -1171,8 +1201,38 @@ static void audit_log_execve_info(struct audit_context *context,
1171 kfree(buf); 1201 kfree(buf);
1172} 1202}
1173 1203
1204static void audit_log_cap(struct audit_buffer *ab, char *prefix, kernel_cap_t *cap)
1205{
1206 int i;
1207
1208 audit_log_format(ab, " %s=", prefix);
1209 CAP_FOR_EACH_U32(i) {
1210 audit_log_format(ab, "%08x", cap->cap[(_KERNEL_CAPABILITY_U32S-1) - i]);
1211 }
1212}
1213
1214static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name)
1215{
1216 kernel_cap_t *perm = &name->fcap.permitted;
1217 kernel_cap_t *inh = &name->fcap.inheritable;
1218 int log = 0;
1219
1220 if (!cap_isclear(*perm)) {
1221 audit_log_cap(ab, "cap_fp", perm);
1222 log = 1;
1223 }
1224 if (!cap_isclear(*inh)) {
1225 audit_log_cap(ab, "cap_fi", inh);
1226 log = 1;
1227 }
1228
1229 if (log)
1230 audit_log_format(ab, " cap_fe=%d cap_fver=%x", name->fcap.fE, name->fcap_ver);
1231}
1232
1174static void audit_log_exit(struct audit_context *context, struct task_struct *tsk) 1233static void audit_log_exit(struct audit_context *context, struct task_struct *tsk)
1175{ 1234{
1235 const struct cred *cred;
1176 int i, call_panic = 0; 1236 int i, call_panic = 0;
1177 struct audit_buffer *ab; 1237 struct audit_buffer *ab;
1178 struct audit_aux_data *aux; 1238 struct audit_aux_data *aux;
@@ -1182,14 +1242,15 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
1182 context->pid = tsk->pid; 1242 context->pid = tsk->pid;
1183 if (!context->ppid) 1243 if (!context->ppid)
1184 context->ppid = sys_getppid(); 1244 context->ppid = sys_getppid();
1185 context->uid = tsk->uid; 1245 cred = current_cred();
1186 context->gid = tsk->gid; 1246 context->uid = cred->uid;
1187 context->euid = tsk->euid; 1247 context->gid = cred->gid;
1188 context->suid = tsk->suid; 1248 context->euid = cred->euid;
1189 context->fsuid = tsk->fsuid; 1249 context->suid = cred->suid;
1190 context->egid = tsk->egid; 1250 context->fsuid = cred->fsuid;
1191 context->sgid = tsk->sgid; 1251 context->egid = cred->egid;
1192 context->fsgid = tsk->fsgid; 1252 context->sgid = cred->sgid;
1253 context->fsgid = cred->fsgid;
1193 context->personality = tsk->personality; 1254 context->personality = tsk->personality;
1194 1255
1195 ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL); 1256 ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL);
@@ -1334,6 +1395,28 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
1334 audit_log_format(ab, "fd0=%d fd1=%d", axs->fd[0], axs->fd[1]); 1395 audit_log_format(ab, "fd0=%d fd1=%d", axs->fd[0], axs->fd[1]);
1335 break; } 1396 break; }
1336 1397
1398 case AUDIT_BPRM_FCAPS: {
1399 struct audit_aux_data_bprm_fcaps *axs = (void *)aux;
1400 audit_log_format(ab, "fver=%x", axs->fcap_ver);
1401 audit_log_cap(ab, "fp", &axs->fcap.permitted);
1402 audit_log_cap(ab, "fi", &axs->fcap.inheritable);
1403 audit_log_format(ab, " fe=%d", axs->fcap.fE);
1404 audit_log_cap(ab, "old_pp", &axs->old_pcap.permitted);
1405 audit_log_cap(ab, "old_pi", &axs->old_pcap.inheritable);
1406 audit_log_cap(ab, "old_pe", &axs->old_pcap.effective);
1407 audit_log_cap(ab, "new_pp", &axs->new_pcap.permitted);
1408 audit_log_cap(ab, "new_pi", &axs->new_pcap.inheritable);
1409 audit_log_cap(ab, "new_pe", &axs->new_pcap.effective);
1410 break; }
1411
1412 case AUDIT_CAPSET: {
1413 struct audit_aux_data_capset *axs = (void *)aux;
1414 audit_log_format(ab, "pid=%d", axs->pid);
1415 audit_log_cap(ab, "cap_pi", &axs->cap.inheritable);
1416 audit_log_cap(ab, "cap_pp", &axs->cap.permitted);
1417 audit_log_cap(ab, "cap_pe", &axs->cap.effective);
1418 break; }
1419
1337 } 1420 }
1338 audit_log_end(ab); 1421 audit_log_end(ab);
1339 } 1422 }
@@ -1421,6 +1504,8 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
1421 } 1504 }
1422 } 1505 }
1423 1506
1507 audit_log_fcaps(ab, n);
1508
1424 audit_log_end(ab); 1509 audit_log_end(ab);
1425 } 1510 }
1426 1511
@@ -1787,8 +1872,36 @@ static int audit_inc_name_count(struct audit_context *context,
1787 return 0; 1872 return 0;
1788} 1873}
1789 1874
1875
1876static inline int audit_copy_fcaps(struct audit_names *name, const struct dentry *dentry)
1877{
1878 struct cpu_vfs_cap_data caps;
1879 int rc;
1880
1881 memset(&name->fcap.permitted, 0, sizeof(kernel_cap_t));
1882 memset(&name->fcap.inheritable, 0, sizeof(kernel_cap_t));
1883 name->fcap.fE = 0;
1884 name->fcap_ver = 0;
1885
1886 if (!dentry)
1887 return 0;
1888
1889 rc = get_vfs_caps_from_disk(dentry, &caps);
1890 if (rc)
1891 return rc;
1892
1893 name->fcap.permitted = caps.permitted;
1894 name->fcap.inheritable = caps.inheritable;
1895 name->fcap.fE = !!(caps.magic_etc & VFS_CAP_FLAGS_EFFECTIVE);
1896 name->fcap_ver = (caps.magic_etc & VFS_CAP_REVISION_MASK) >> VFS_CAP_REVISION_SHIFT;
1897
1898 return 0;
1899}
1900
1901
1790/* Copy inode data into an audit_names. */ 1902/* Copy inode data into an audit_names. */
1791static void audit_copy_inode(struct audit_names *name, const struct inode *inode) 1903static void audit_copy_inode(struct audit_names *name, const struct dentry *dentry,
1904 const struct inode *inode)
1792{ 1905{
1793 name->ino = inode->i_ino; 1906 name->ino = inode->i_ino;
1794 name->dev = inode->i_sb->s_dev; 1907 name->dev = inode->i_sb->s_dev;
@@ -1797,6 +1910,7 @@ static void audit_copy_inode(struct audit_names *name, const struct inode *inode
1797 name->gid = inode->i_gid; 1910 name->gid = inode->i_gid;
1798 name->rdev = inode->i_rdev; 1911 name->rdev = inode->i_rdev;
1799 security_inode_getsecid(inode, &name->osid); 1912 security_inode_getsecid(inode, &name->osid);
1913 audit_copy_fcaps(name, dentry);
1800} 1914}
1801 1915
1802/** 1916/**
@@ -1831,7 +1945,7 @@ void __audit_inode(const char *name, const struct dentry *dentry)
1831 context->names[idx].name = NULL; 1945 context->names[idx].name = NULL;
1832 } 1946 }
1833 handle_path(dentry); 1947 handle_path(dentry);
1834 audit_copy_inode(&context->names[idx], inode); 1948 audit_copy_inode(&context->names[idx], dentry, inode);
1835} 1949}
1836 1950
1837/** 1951/**
@@ -1892,7 +2006,7 @@ void __audit_inode_child(const char *dname, const struct dentry *dentry,
1892 if (!strcmp(dname, n->name) || 2006 if (!strcmp(dname, n->name) ||
1893 !audit_compare_dname_path(dname, n->name, &dirlen)) { 2007 !audit_compare_dname_path(dname, n->name, &dirlen)) {
1894 if (inode) 2008 if (inode)
1895 audit_copy_inode(n, inode); 2009 audit_copy_inode(n, NULL, inode);
1896 else 2010 else
1897 n->ino = (unsigned long)-1; 2011 n->ino = (unsigned long)-1;
1898 found_child = n->name; 2012 found_child = n->name;
@@ -1906,7 +2020,7 @@ add_names:
1906 return; 2020 return;
1907 idx = context->name_count - 1; 2021 idx = context->name_count - 1;
1908 context->names[idx].name = NULL; 2022 context->names[idx].name = NULL;
1909 audit_copy_inode(&context->names[idx], parent); 2023 audit_copy_inode(&context->names[idx], NULL, parent);
1910 } 2024 }
1911 2025
1912 if (!found_child) { 2026 if (!found_child) {
@@ -1927,7 +2041,7 @@ add_names:
1927 } 2041 }
1928 2042
1929 if (inode) 2043 if (inode)
1930 audit_copy_inode(&context->names[idx], inode); 2044 audit_copy_inode(&context->names[idx], NULL, inode);
1931 else 2045 else
1932 context->names[idx].ino = (unsigned long)-1; 2046 context->names[idx].ino = (unsigned long)-1;
1933 } 2047 }
@@ -1978,7 +2092,7 @@ int audit_set_loginuid(struct task_struct *task, uid_t loginuid)
1978 audit_log_format(ab, "login pid=%d uid=%u " 2092 audit_log_format(ab, "login pid=%d uid=%u "
1979 "old auid=%u new auid=%u" 2093 "old auid=%u new auid=%u"
1980 " old ses=%u new ses=%u", 2094 " old ses=%u new ses=%u",
1981 task->pid, task->uid, 2095 task->pid, task_uid(task),
1982 task->loginuid, loginuid, 2096 task->loginuid, loginuid,
1983 task->sessionid, sessionid); 2097 task->sessionid, sessionid);
1984 audit_log_end(ab); 2098 audit_log_end(ab);
@@ -2361,7 +2475,7 @@ void __audit_ptrace(struct task_struct *t)
2361 2475
2362 context->target_pid = t->pid; 2476 context->target_pid = t->pid;
2363 context->target_auid = audit_get_loginuid(t); 2477 context->target_auid = audit_get_loginuid(t);
2364 context->target_uid = t->uid; 2478 context->target_uid = task_uid(t);
2365 context->target_sessionid = audit_get_sessionid(t); 2479 context->target_sessionid = audit_get_sessionid(t);
2366 security_task_getsecid(t, &context->target_sid); 2480 security_task_getsecid(t, &context->target_sid);
2367 memcpy(context->target_comm, t->comm, TASK_COMM_LEN); 2481 memcpy(context->target_comm, t->comm, TASK_COMM_LEN);
@@ -2380,6 +2494,7 @@ int __audit_signal_info(int sig, struct task_struct *t)
2380 struct audit_aux_data_pids *axp; 2494 struct audit_aux_data_pids *axp;
2381 struct task_struct *tsk = current; 2495 struct task_struct *tsk = current;
2382 struct audit_context *ctx = tsk->audit_context; 2496 struct audit_context *ctx = tsk->audit_context;
2497 uid_t uid = current_uid(), t_uid = task_uid(t);
2383 2498
2384 if (audit_pid && t->tgid == audit_pid) { 2499 if (audit_pid && t->tgid == audit_pid) {
2385 if (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1 || sig == SIGUSR2) { 2500 if (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1 || sig == SIGUSR2) {
@@ -2387,7 +2502,7 @@ int __audit_signal_info(int sig, struct task_struct *t)
2387 if (tsk->loginuid != -1) 2502 if (tsk->loginuid != -1)
2388 audit_sig_uid = tsk->loginuid; 2503 audit_sig_uid = tsk->loginuid;
2389 else 2504 else
2390 audit_sig_uid = tsk->uid; 2505 audit_sig_uid = uid;
2391 security_task_getsecid(tsk, &audit_sig_sid); 2506 security_task_getsecid(tsk, &audit_sig_sid);
2392 } 2507 }
2393 if (!audit_signals || audit_dummy_context()) 2508 if (!audit_signals || audit_dummy_context())
@@ -2399,7 +2514,7 @@ int __audit_signal_info(int sig, struct task_struct *t)
2399 if (!ctx->target_pid) { 2514 if (!ctx->target_pid) {
2400 ctx->target_pid = t->tgid; 2515 ctx->target_pid = t->tgid;
2401 ctx->target_auid = audit_get_loginuid(t); 2516 ctx->target_auid = audit_get_loginuid(t);
2402 ctx->target_uid = t->uid; 2517 ctx->target_uid = t_uid;
2403 ctx->target_sessionid = audit_get_sessionid(t); 2518 ctx->target_sessionid = audit_get_sessionid(t);
2404 security_task_getsecid(t, &ctx->target_sid); 2519 security_task_getsecid(t, &ctx->target_sid);
2405 memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); 2520 memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN);
@@ -2420,7 +2535,7 @@ int __audit_signal_info(int sig, struct task_struct *t)
2420 2535
2421 axp->target_pid[axp->pid_count] = t->tgid; 2536 axp->target_pid[axp->pid_count] = t->tgid;
2422 axp->target_auid[axp->pid_count] = audit_get_loginuid(t); 2537 axp->target_auid[axp->pid_count] = audit_get_loginuid(t);
2423 axp->target_uid[axp->pid_count] = t->uid; 2538 axp->target_uid[axp->pid_count] = t_uid;
2424 axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); 2539 axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t);
2425 security_task_getsecid(t, &axp->target_sid[axp->pid_count]); 2540 security_task_getsecid(t, &axp->target_sid[axp->pid_count]);
2426 memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); 2541 memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN);
@@ -2430,6 +2545,86 @@ int __audit_signal_info(int sig, struct task_struct *t)
2430} 2545}
2431 2546
2432/** 2547/**
2548 * __audit_log_bprm_fcaps - store information about a loading bprm and relevant fcaps
2549 * @bprm: pointer to the bprm being processed
2550 * @new: the proposed new credentials
2551 * @old: the old credentials
2552 *
2553 * Simply check if the proc already has the caps given by the file and if not
2554 * store the priv escalation info for later auditing at the end of the syscall
2555 *
2556 * -Eric
2557 */
2558int __audit_log_bprm_fcaps(struct linux_binprm *bprm,
2559 const struct cred *new, const struct cred *old)
2560{
2561 struct audit_aux_data_bprm_fcaps *ax;
2562 struct audit_context *context = current->audit_context;
2563 struct cpu_vfs_cap_data vcaps;
2564 struct dentry *dentry;
2565
2566 ax = kmalloc(sizeof(*ax), GFP_KERNEL);
2567 if (!ax)
2568 return -ENOMEM;
2569
2570 ax->d.type = AUDIT_BPRM_FCAPS;
2571 ax->d.next = context->aux;
2572 context->aux = (void *)ax;
2573
2574 dentry = dget(bprm->file->f_dentry);
2575 get_vfs_caps_from_disk(dentry, &vcaps);
2576 dput(dentry);
2577
2578 ax->fcap.permitted = vcaps.permitted;
2579 ax->fcap.inheritable = vcaps.inheritable;
2580 ax->fcap.fE = !!(vcaps.magic_etc & VFS_CAP_FLAGS_EFFECTIVE);
2581 ax->fcap_ver = (vcaps.magic_etc & VFS_CAP_REVISION_MASK) >> VFS_CAP_REVISION_SHIFT;
2582
2583 ax->old_pcap.permitted = old->cap_permitted;
2584 ax->old_pcap.inheritable = old->cap_inheritable;
2585 ax->old_pcap.effective = old->cap_effective;
2586
2587 ax->new_pcap.permitted = new->cap_permitted;
2588 ax->new_pcap.inheritable = new->cap_inheritable;
2589 ax->new_pcap.effective = new->cap_effective;
2590 return 0;
2591}
2592
2593/**
2594 * __audit_log_capset - store information about the arguments to the capset syscall
2595 * @pid: target pid of the capset call
2596 * @new: the new credentials
2597 * @old: the old (current) credentials
2598 *
2599 * Record the aguments userspace sent to sys_capset for later printing by the
2600 * audit system if applicable
2601 */
2602int __audit_log_capset(pid_t pid,
2603 const struct cred *new, const struct cred *old)
2604{
2605 struct audit_aux_data_capset *ax;
2606 struct audit_context *context = current->audit_context;
2607
2608 if (likely(!audit_enabled || !context || context->dummy))
2609 return 0;
2610
2611 ax = kmalloc(sizeof(*ax), GFP_KERNEL);
2612 if (!ax)
2613 return -ENOMEM;
2614
2615 ax->d.type = AUDIT_CAPSET;
2616 ax->d.next = context->aux;
2617 context->aux = (void *)ax;
2618
2619 ax->pid = pid;
2620 ax->cap.effective = new->cap_effective;
2621 ax->cap.inheritable = new->cap_effective;
2622 ax->cap.permitted = new->cap_permitted;
2623
2624 return 0;
2625}
2626
2627/**
2433 * audit_core_dumps - record information about processes that end abnormally 2628 * audit_core_dumps - record information about processes that end abnormally
2434 * @signr: signal value 2629 * @signr: signal value
2435 * 2630 *
@@ -2440,7 +2635,8 @@ void audit_core_dumps(long signr)
2440{ 2635{
2441 struct audit_buffer *ab; 2636 struct audit_buffer *ab;
2442 u32 sid; 2637 u32 sid;
2443 uid_t auid = audit_get_loginuid(current); 2638 uid_t auid = audit_get_loginuid(current), uid;
2639 gid_t gid;
2444 unsigned int sessionid = audit_get_sessionid(current); 2640 unsigned int sessionid = audit_get_sessionid(current);
2445 2641
2446 if (!audit_enabled) 2642 if (!audit_enabled)
@@ -2450,8 +2646,9 @@ void audit_core_dumps(long signr)
2450 return; 2646 return;
2451 2647
2452 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_ANOM_ABEND); 2648 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_ANOM_ABEND);
2649 current_uid_gid(&uid, &gid);
2453 audit_log_format(ab, "auid=%u uid=%u gid=%u ses=%u", 2650 audit_log_format(ab, "auid=%u uid=%u gid=%u ses=%u",
2454 auid, current->uid, current->gid, sessionid); 2651 auid, uid, gid, sessionid);
2455 security_task_getsecid(current, &sid); 2652 security_task_getsecid(current, &sid);
2456 if (sid) { 2653 if (sid) {
2457 char *ctx = NULL; 2654 char *ctx = NULL;
diff --git a/kernel/capability.c b/kernel/capability.c
index 33e51e78c2d8..36b4b4daebec 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -7,6 +7,7 @@
7 * 30 May 2002: Cleanup, Robert M. Love <rml@tech9.net> 7 * 30 May 2002: Cleanup, Robert M. Love <rml@tech9.net>
8 */ 8 */
9 9
10#include <linux/audit.h>
10#include <linux/capability.h> 11#include <linux/capability.h>
11#include <linux/mm.h> 12#include <linux/mm.h>
12#include <linux/module.h> 13#include <linux/module.h>
@@ -14,12 +15,7 @@
14#include <linux/syscalls.h> 15#include <linux/syscalls.h>
15#include <linux/pid_namespace.h> 16#include <linux/pid_namespace.h>
16#include <asm/uaccess.h> 17#include <asm/uaccess.h>
17 18#include "cred-internals.h"
18/*
19 * This lock protects task->cap_* for all tasks including current.
20 * Locking rule: acquire this prior to tasklist_lock.
21 */
22static DEFINE_SPINLOCK(task_capability_lock);
23 19
24/* 20/*
25 * Leveraged for setting/resetting capabilities 21 * Leveraged for setting/resetting capabilities
@@ -33,6 +29,17 @@ EXPORT_SYMBOL(__cap_empty_set);
33EXPORT_SYMBOL(__cap_full_set); 29EXPORT_SYMBOL(__cap_full_set);
34EXPORT_SYMBOL(__cap_init_eff_set); 30EXPORT_SYMBOL(__cap_init_eff_set);
35 31
32#ifdef CONFIG_SECURITY_FILE_CAPABILITIES
33int file_caps_enabled = 1;
34
35static int __init file_caps_disable(char *str)
36{
37 file_caps_enabled = 0;
38 return 1;
39}
40__setup("no_file_caps", file_caps_disable);
41#endif
42
36/* 43/*
37 * More recent versions of libcap are available from: 44 * More recent versions of libcap are available from:
38 * 45 *
@@ -115,167 +122,12 @@ static int cap_validate_magic(cap_user_header_t header, unsigned *tocopy)
115 return 0; 122 return 0;
116} 123}
117 124
118#ifndef CONFIG_SECURITY_FILE_CAPABILITIES
119
120/*
121 * Without filesystem capability support, we nominally support one process
122 * setting the capabilities of another
123 */
124static inline int cap_get_target_pid(pid_t pid, kernel_cap_t *pEp,
125 kernel_cap_t *pIp, kernel_cap_t *pPp)
126{
127 struct task_struct *target;
128 int ret;
129
130 spin_lock(&task_capability_lock);
131 read_lock(&tasklist_lock);
132
133 if (pid && pid != task_pid_vnr(current)) {
134 target = find_task_by_vpid(pid);
135 if (!target) {
136 ret = -ESRCH;
137 goto out;
138 }
139 } else
140 target = current;
141
142 ret = security_capget(target, pEp, pIp, pPp);
143
144out:
145 read_unlock(&tasklist_lock);
146 spin_unlock(&task_capability_lock);
147
148 return ret;
149}
150
151/*
152 * cap_set_pg - set capabilities for all processes in a given process
153 * group. We call this holding task_capability_lock and tasklist_lock.
154 */
155static inline int cap_set_pg(int pgrp_nr, kernel_cap_t *effective,
156 kernel_cap_t *inheritable,
157 kernel_cap_t *permitted)
158{
159 struct task_struct *g, *target;
160 int ret = -EPERM;
161 int found = 0;
162 struct pid *pgrp;
163
164 spin_lock(&task_capability_lock);
165 read_lock(&tasklist_lock);
166
167 pgrp = find_vpid(pgrp_nr);
168 do_each_pid_task(pgrp, PIDTYPE_PGID, g) {
169 target = g;
170 while_each_thread(g, target) {
171 if (!security_capset_check(target, effective,
172 inheritable, permitted)) {
173 security_capset_set(target, effective,
174 inheritable, permitted);
175 ret = 0;
176 }
177 found = 1;
178 }
179 } while_each_pid_task(pgrp, PIDTYPE_PGID, g);
180
181 read_unlock(&tasklist_lock);
182 spin_unlock(&task_capability_lock);
183
184 if (!found)
185 ret = 0;
186 return ret;
187}
188
189/*
190 * cap_set_all - set capabilities for all processes other than init
191 * and self. We call this holding task_capability_lock and tasklist_lock.
192 */
193static inline int cap_set_all(kernel_cap_t *effective,
194 kernel_cap_t *inheritable,
195 kernel_cap_t *permitted)
196{
197 struct task_struct *g, *target;
198 int ret = -EPERM;
199 int found = 0;
200
201 spin_lock(&task_capability_lock);
202 read_lock(&tasklist_lock);
203
204 do_each_thread(g, target) {
205 if (target == current
206 || is_container_init(target->group_leader))
207 continue;
208 found = 1;
209 if (security_capset_check(target, effective, inheritable,
210 permitted))
211 continue;
212 ret = 0;
213 security_capset_set(target, effective, inheritable, permitted);
214 } while_each_thread(g, target);
215
216 read_unlock(&tasklist_lock);
217 spin_unlock(&task_capability_lock);
218
219 if (!found)
220 ret = 0;
221
222 return ret;
223}
224
225/*
226 * Given the target pid does not refer to the current process we
227 * need more elaborate support... (This support is not present when
228 * filesystem capabilities are configured.)
229 */
230static inline int do_sys_capset_other_tasks(pid_t pid, kernel_cap_t *effective,
231 kernel_cap_t *inheritable,
232 kernel_cap_t *permitted)
233{
234 struct task_struct *target;
235 int ret;
236
237 if (!capable(CAP_SETPCAP))
238 return -EPERM;
239
240 if (pid == -1) /* all procs other than current and init */
241 return cap_set_all(effective, inheritable, permitted);
242
243 else if (pid < 0) /* all procs in process group */
244 return cap_set_pg(-pid, effective, inheritable, permitted);
245
246 /* target != current */
247 spin_lock(&task_capability_lock);
248 read_lock(&tasklist_lock);
249
250 target = find_task_by_vpid(pid);
251 if (!target)
252 ret = -ESRCH;
253 else {
254 ret = security_capset_check(target, effective, inheritable,
255 permitted);
256
257 /* having verified that the proposed changes are legal,
258 we now put them into effect. */
259 if (!ret)
260 security_capset_set(target, effective, inheritable,
261 permitted);
262 }
263
264 read_unlock(&tasklist_lock);
265 spin_unlock(&task_capability_lock);
266
267 return ret;
268}
269
270#else /* ie., def CONFIG_SECURITY_FILE_CAPABILITIES */
271
272/* 125/*
273 * If we have configured with filesystem capability support, then the 126 * The only thing that can change the capabilities of the current
274 * only thing that can change the capabilities of the current process 127 * process is the current process. As such, we can't be in this code
275 * is the current process. As such, we can't be in this code at the 128 * at the same time as we are in the process of setting capabilities
276 * same time as we are in the process of setting capabilities in this 129 * in this process. The net result is that we can limit our use of
277 * process. The net result is that we can limit our use of locks to 130 * locks to when we are reading the caps of another process.
278 * when we are reading the caps of another process.
279 */ 131 */
280static inline int cap_get_target_pid(pid_t pid, kernel_cap_t *pEp, 132static inline int cap_get_target_pid(pid_t pid, kernel_cap_t *pEp,
281 kernel_cap_t *pIp, kernel_cap_t *pPp) 133 kernel_cap_t *pIp, kernel_cap_t *pPp)
@@ -285,7 +137,6 @@ static inline int cap_get_target_pid(pid_t pid, kernel_cap_t *pEp,
285 if (pid && (pid != task_pid_vnr(current))) { 137 if (pid && (pid != task_pid_vnr(current))) {
286 struct task_struct *target; 138 struct task_struct *target;
287 139
288 spin_lock(&task_capability_lock);
289 read_lock(&tasklist_lock); 140 read_lock(&tasklist_lock);
290 141
291 target = find_task_by_vpid(pid); 142 target = find_task_by_vpid(pid);
@@ -295,50 +146,12 @@ static inline int cap_get_target_pid(pid_t pid, kernel_cap_t *pEp,
295 ret = security_capget(target, pEp, pIp, pPp); 146 ret = security_capget(target, pEp, pIp, pPp);
296 147
297 read_unlock(&tasklist_lock); 148 read_unlock(&tasklist_lock);
298 spin_unlock(&task_capability_lock);
299 } else 149 } else
300 ret = security_capget(current, pEp, pIp, pPp); 150 ret = security_capget(current, pEp, pIp, pPp);
301 151
302 return ret; 152 return ret;
303} 153}
304 154
305/*
306 * With filesystem capability support configured, the kernel does not
307 * permit the changing of capabilities in one process by another
308 * process. (CAP_SETPCAP has much less broad semantics when configured
309 * this way.)
310 */
311static inline int do_sys_capset_other_tasks(pid_t pid,
312 kernel_cap_t *effective,
313 kernel_cap_t *inheritable,
314 kernel_cap_t *permitted)
315{
316 return -EPERM;
317}
318
319#endif /* ie., ndef CONFIG_SECURITY_FILE_CAPABILITIES */
320
321/*
322 * Atomically modify the effective capabilities returning the original
323 * value. No permission check is performed here - it is assumed that the
324 * caller is permitted to set the desired effective capabilities.
325 */
326kernel_cap_t cap_set_effective(const kernel_cap_t pE_new)
327{
328 kernel_cap_t pE_old;
329
330 spin_lock(&task_capability_lock);
331
332 pE_old = current->cap_effective;
333 current->cap_effective = pE_new;
334
335 spin_unlock(&task_capability_lock);
336
337 return pE_old;
338}
339
340EXPORT_SYMBOL(cap_set_effective);
341
342/** 155/**
343 * sys_capget - get the capabilities of a given process. 156 * sys_capget - get the capabilities of a given process.
344 * @header: pointer to struct that contains capability version and 157 * @header: pointer to struct that contains capability version and
@@ -366,7 +179,6 @@ asmlinkage long sys_capget(cap_user_header_t header, cap_user_data_t dataptr)
366 return -EINVAL; 179 return -EINVAL;
367 180
368 ret = cap_get_target_pid(pid, &pE, &pI, &pP); 181 ret = cap_get_target_pid(pid, &pE, &pI, &pP);
369
370 if (!ret) { 182 if (!ret) {
371 struct __user_cap_data_struct kdata[_KERNEL_CAPABILITY_U32S]; 183 struct __user_cap_data_struct kdata[_KERNEL_CAPABILITY_U32S];
372 unsigned i; 184 unsigned i;
@@ -412,16 +224,14 @@ asmlinkage long sys_capget(cap_user_header_t header, cap_user_data_t dataptr)
412 * @data: pointer to struct that contains the effective, permitted, 224 * @data: pointer to struct that contains the effective, permitted,
413 * and inheritable capabilities 225 * and inheritable capabilities
414 * 226 *
415 * Set capabilities for a given process, all processes, or all 227 * Set capabilities for the current process only. The ability to any other
416 * processes in a given process group. 228 * process(es) has been deprecated and removed.
417 * 229 *
418 * The restrictions on setting capabilities are specified as: 230 * The restrictions on setting capabilities are specified as:
419 * 231 *
420 * [pid is for the 'target' task. 'current' is the calling task.] 232 * I: any raised capabilities must be a subset of the old permitted
421 * 233 * P: any raised capabilities must be a subset of the old permitted
422 * I: any raised capabilities must be a subset of the (old current) permitted 234 * E: must be set to a subset of new permitted
423 * P: any raised capabilities must be a subset of the (old current) permitted
424 * E: must be set to a subset of (new target) permitted
425 * 235 *
426 * Returns 0 on success and < 0 on error. 236 * Returns 0 on success and < 0 on error.
427 */ 237 */
@@ -430,6 +240,7 @@ asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data)
430 struct __user_cap_data_struct kdata[_KERNEL_CAPABILITY_U32S]; 240 struct __user_cap_data_struct kdata[_KERNEL_CAPABILITY_U32S];
431 unsigned i, tocopy; 241 unsigned i, tocopy;
432 kernel_cap_t inheritable, permitted, effective; 242 kernel_cap_t inheritable, permitted, effective;
243 struct cred *new;
433 int ret; 244 int ret;
434 pid_t pid; 245 pid_t pid;
435 246
@@ -440,10 +251,13 @@ asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data)
440 if (get_user(pid, &header->pid)) 251 if (get_user(pid, &header->pid))
441 return -EFAULT; 252 return -EFAULT;
442 253
443 if (copy_from_user(&kdata, data, tocopy 254 /* may only affect current now */
444 * sizeof(struct __user_cap_data_struct))) { 255 if (pid != 0 && pid != task_pid_vnr(current))
256 return -EPERM;
257
258 if (copy_from_user(&kdata, data,
259 tocopy * sizeof(struct __user_cap_data_struct)))
445 return -EFAULT; 260 return -EFAULT;
446 }
447 261
448 for (i = 0; i < tocopy; i++) { 262 for (i = 0; i < tocopy; i++) {
449 effective.cap[i] = kdata[i].effective; 263 effective.cap[i] = kdata[i].effective;
@@ -457,32 +271,23 @@ asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data)
457 i++; 271 i++;
458 } 272 }
459 273
460 if (pid && (pid != task_pid_vnr(current))) 274 new = prepare_creds();
461 ret = do_sys_capset_other_tasks(pid, &effective, &inheritable, 275 if (!new)
462 &permitted); 276 return -ENOMEM;
463 else {
464 /*
465 * This lock is required even when filesystem
466 * capability support is configured - it protects the
467 * sys_capget() call from returning incorrect data in
468 * the case that the targeted process is not the
469 * current one.
470 */
471 spin_lock(&task_capability_lock);
472 277
473 ret = security_capset_check(current, &effective, &inheritable, 278 ret = security_capset(new, current_cred(),
474 &permitted); 279 &effective, &inheritable, &permitted);
475 /* 280 if (ret < 0)
476 * Having verified that the proposed changes are 281 goto error;
477 * legal, we now put them into effect. 282
478 */ 283 ret = audit_log_capset(pid, new, current_cred());
479 if (!ret) 284 if (ret < 0)
480 security_capset_set(current, &effective, &inheritable, 285 return ret;
481 &permitted);
482 spin_unlock(&task_capability_lock);
483 }
484 286
287 return commit_creds(new);
485 288
289error:
290 abort_creds(new);
486 return ret; 291 return ret;
487} 292}
488 293
@@ -498,6 +303,11 @@ asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data)
498 */ 303 */
499int capable(int cap) 304int capable(int cap)
500{ 305{
306 if (unlikely(!cap_valid(cap))) {
307 printk(KERN_CRIT "capable() called with invalid cap=%u\n", cap);
308 BUG();
309 }
310
501 if (has_capability(current, cap)) { 311 if (has_capability(current, cap)) {
502 current->flags |= PF_SUPERPRIV; 312 current->flags |= PF_SUPERPRIV;
503 return 1; 313 return 1;
diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index 358e77564e6f..8fe8c0cb137b 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -571,8 +571,8 @@ static struct inode *cgroup_new_inode(mode_t mode, struct super_block *sb)
571 571
572 if (inode) { 572 if (inode) {
573 inode->i_mode = mode; 573 inode->i_mode = mode;
574 inode->i_uid = current->fsuid; 574 inode->i_uid = current_fsuid();
575 inode->i_gid = current->fsgid; 575 inode->i_gid = current_fsgid();
576 inode->i_blocks = 0; 576 inode->i_blocks = 0;
577 inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; 577 inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME;
578 inode->i_mapping->backing_dev_info = &cgroup_backing_dev_info; 578 inode->i_mapping->backing_dev_info = &cgroup_backing_dev_info;
@@ -1279,6 +1279,7 @@ int cgroup_attach_task(struct cgroup *cgrp, struct task_struct *tsk)
1279static int attach_task_by_pid(struct cgroup *cgrp, u64 pid) 1279static int attach_task_by_pid(struct cgroup *cgrp, u64 pid)
1280{ 1280{
1281 struct task_struct *tsk; 1281 struct task_struct *tsk;
1282 const struct cred *cred = current_cred(), *tcred;
1282 int ret; 1283 int ret;
1283 1284
1284 if (pid) { 1285 if (pid) {
@@ -1288,14 +1289,16 @@ static int attach_task_by_pid(struct cgroup *cgrp, u64 pid)
1288 rcu_read_unlock(); 1289 rcu_read_unlock();
1289 return -ESRCH; 1290 return -ESRCH;
1290 } 1291 }
1291 get_task_struct(tsk);
1292 rcu_read_unlock();
1293 1292
1294 if ((current->euid) && (current->euid != tsk->uid) 1293 tcred = __task_cred(tsk);
1295 && (current->euid != tsk->suid)) { 1294 if (cred->euid &&
1296 put_task_struct(tsk); 1295 cred->euid != tcred->uid &&
1296 cred->euid != tcred->suid) {
1297 rcu_read_unlock();
1297 return -EACCES; 1298 return -EACCES;
1298 } 1299 }
1300 get_task_struct(tsk);
1301 rcu_read_unlock();
1299 } else { 1302 } else {
1300 tsk = current; 1303 tsk = current;
1301 get_task_struct(tsk); 1304 get_task_struct(tsk);
diff --git a/kernel/cred-internals.h b/kernel/cred-internals.h
new file mode 100644
index 000000000000..2dc4fc2d0bf1
--- /dev/null
+++ b/kernel/cred-internals.h
@@ -0,0 +1,21 @@
1/* Internal credentials stuff
2 *
3 * Copyright (C) 2008 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public Licence
8 * as published by the Free Software Foundation; either version
9 * 2 of the Licence, or (at your option) any later version.
10 */
11
12/*
13 * user.c
14 */
15static inline void sched_switch_user(struct task_struct *p)
16{
17#ifdef CONFIG_USER_SCHED
18 sched_move_task(p);
19#endif /* CONFIG_USER_SCHED */
20}
21
diff --git a/kernel/cred.c b/kernel/cred.c
new file mode 100644
index 000000000000..13697ca2bb38
--- /dev/null
+++ b/kernel/cred.c
@@ -0,0 +1,577 @@
1/* Task credentials management - see Documentation/credentials.txt
2 *
3 * Copyright (C) 2008 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public Licence
8 * as published by the Free Software Foundation; either version
9 * 2 of the Licence, or (at your option) any later version.
10 */
11#include <linux/module.h>
12#include <linux/cred.h>
13#include <linux/sched.h>
14#include <linux/key.h>
15#include <linux/keyctl.h>
16#include <linux/init_task.h>
17#include <linux/security.h>
18#include <linux/cn_proc.h>
19#include "cred-internals.h"
20
21static struct kmem_cache *cred_jar;
22
23/*
24 * The common credentials for the initial task's thread group
25 */
26#ifdef CONFIG_KEYS
27static struct thread_group_cred init_tgcred = {
28 .usage = ATOMIC_INIT(2),
29 .tgid = 0,
30 .lock = SPIN_LOCK_UNLOCKED,
31};
32#endif
33
34/*
35 * The initial credentials for the initial task
36 */
37struct cred init_cred = {
38 .usage = ATOMIC_INIT(4),
39 .securebits = SECUREBITS_DEFAULT,
40 .cap_inheritable = CAP_INIT_INH_SET,
41 .cap_permitted = CAP_FULL_SET,
42 .cap_effective = CAP_INIT_EFF_SET,
43 .cap_bset = CAP_INIT_BSET,
44 .user = INIT_USER,
45 .group_info = &init_groups,
46#ifdef CONFIG_KEYS
47 .tgcred = &init_tgcred,
48#endif
49};
50
51/*
52 * Dispose of the shared task group credentials
53 */
54#ifdef CONFIG_KEYS
55static void release_tgcred_rcu(struct rcu_head *rcu)
56{
57 struct thread_group_cred *tgcred =
58 container_of(rcu, struct thread_group_cred, rcu);
59
60 BUG_ON(atomic_read(&tgcred->usage) != 0);
61
62 key_put(tgcred->session_keyring);
63 key_put(tgcred->process_keyring);
64 kfree(tgcred);
65}
66#endif
67
68/*
69 * Release a set of thread group credentials.
70 */
71static void release_tgcred(struct cred *cred)
72{
73#ifdef CONFIG_KEYS
74 struct thread_group_cred *tgcred = cred->tgcred;
75
76 if (atomic_dec_and_test(&tgcred->usage))
77 call_rcu(&tgcred->rcu, release_tgcred_rcu);
78#endif
79}
80
81/*
82 * The RCU callback to actually dispose of a set of credentials
83 */
84static void put_cred_rcu(struct rcu_head *rcu)
85{
86 struct cred *cred = container_of(rcu, struct cred, rcu);
87
88 if (atomic_read(&cred->usage) != 0)
89 panic("CRED: put_cred_rcu() sees %p with usage %d\n",
90 cred, atomic_read(&cred->usage));
91
92 security_cred_free(cred);
93 key_put(cred->thread_keyring);
94 key_put(cred->request_key_auth);
95 release_tgcred(cred);
96 put_group_info(cred->group_info);
97 free_uid(cred->user);
98 kmem_cache_free(cred_jar, cred);
99}
100
101/**
102 * __put_cred - Destroy a set of credentials
103 * @cred: The record to release
104 *
105 * Destroy a set of credentials on which no references remain.
106 */
107void __put_cred(struct cred *cred)
108{
109 BUG_ON(atomic_read(&cred->usage) != 0);
110
111 call_rcu(&cred->rcu, put_cred_rcu);
112}
113EXPORT_SYMBOL(__put_cred);
114
115/**
116 * prepare_creds - Prepare a new set of credentials for modification
117 *
118 * Prepare a new set of task credentials for modification. A task's creds
119 * shouldn't generally be modified directly, therefore this function is used to
120 * prepare a new copy, which the caller then modifies and then commits by
121 * calling commit_creds().
122 *
123 * Preparation involves making a copy of the objective creds for modification.
124 *
125 * Returns a pointer to the new creds-to-be if successful, NULL otherwise.
126 *
127 * Call commit_creds() or abort_creds() to clean up.
128 */
129struct cred *prepare_creds(void)
130{
131 struct task_struct *task = current;
132 const struct cred *old;
133 struct cred *new;
134
135 BUG_ON(atomic_read(&task->real_cred->usage) < 1);
136
137 new = kmem_cache_alloc(cred_jar, GFP_KERNEL);
138 if (!new)
139 return NULL;
140
141 old = task->cred;
142 memcpy(new, old, sizeof(struct cred));
143
144 atomic_set(&new->usage, 1);
145 get_group_info(new->group_info);
146 get_uid(new->user);
147
148#ifdef CONFIG_KEYS
149 key_get(new->thread_keyring);
150 key_get(new->request_key_auth);
151 atomic_inc(&new->tgcred->usage);
152#endif
153
154#ifdef CONFIG_SECURITY
155 new->security = NULL;
156#endif
157
158 if (security_prepare_creds(new, old, GFP_KERNEL) < 0)
159 goto error;
160 return new;
161
162error:
163 abort_creds(new);
164 return NULL;
165}
166EXPORT_SYMBOL(prepare_creds);
167
168/*
169 * Prepare credentials for current to perform an execve()
170 * - The caller must hold current->cred_exec_mutex
171 */
172struct cred *prepare_exec_creds(void)
173{
174 struct thread_group_cred *tgcred = NULL;
175 struct cred *new;
176
177#ifdef CONFIG_KEYS
178 tgcred = kmalloc(sizeof(*tgcred), GFP_KERNEL);
179 if (!tgcred)
180 return NULL;
181#endif
182
183 new = prepare_creds();
184 if (!new) {
185 kfree(tgcred);
186 return new;
187 }
188
189#ifdef CONFIG_KEYS
190 /* newly exec'd tasks don't get a thread keyring */
191 key_put(new->thread_keyring);
192 new->thread_keyring = NULL;
193
194 /* create a new per-thread-group creds for all this set of threads to
195 * share */
196 memcpy(tgcred, new->tgcred, sizeof(struct thread_group_cred));
197
198 atomic_set(&tgcred->usage, 1);
199 spin_lock_init(&tgcred->lock);
200
201 /* inherit the session keyring; new process keyring */
202 key_get(tgcred->session_keyring);
203 tgcred->process_keyring = NULL;
204
205 release_tgcred(new);
206 new->tgcred = tgcred;
207#endif
208
209 return new;
210}
211
212/*
213 * prepare new credentials for the usermode helper dispatcher
214 */
215struct cred *prepare_usermodehelper_creds(void)
216{
217#ifdef CONFIG_KEYS
218 struct thread_group_cred *tgcred = NULL;
219#endif
220 struct cred *new;
221
222#ifdef CONFIG_KEYS
223 tgcred = kzalloc(sizeof(*new->tgcred), GFP_ATOMIC);
224 if (!tgcred)
225 return NULL;
226#endif
227
228 new = kmem_cache_alloc(cred_jar, GFP_ATOMIC);
229 if (!new)
230 return NULL;
231
232 memcpy(new, &init_cred, sizeof(struct cred));
233
234 atomic_set(&new->usage, 1);
235 get_group_info(new->group_info);
236 get_uid(new->user);
237
238#ifdef CONFIG_KEYS
239 new->thread_keyring = NULL;
240 new->request_key_auth = NULL;
241 new->jit_keyring = KEY_REQKEY_DEFL_DEFAULT;
242
243 atomic_set(&tgcred->usage, 1);
244 spin_lock_init(&tgcred->lock);
245 new->tgcred = tgcred;
246#endif
247
248#ifdef CONFIG_SECURITY
249 new->security = NULL;
250#endif
251 if (security_prepare_creds(new, &init_cred, GFP_ATOMIC) < 0)
252 goto error;
253
254 BUG_ON(atomic_read(&new->usage) != 1);
255 return new;
256
257error:
258 put_cred(new);
259 return NULL;
260}
261
262/*
263 * Copy credentials for the new process created by fork()
264 *
265 * We share if we can, but under some circumstances we have to generate a new
266 * set.
267 *
268 * The new process gets the current process's subjective credentials as its
269 * objective and subjective credentials
270 */
271int copy_creds(struct task_struct *p, unsigned long clone_flags)
272{
273#ifdef CONFIG_KEYS
274 struct thread_group_cred *tgcred;
275#endif
276 struct cred *new;
277
278 mutex_init(&p->cred_exec_mutex);
279
280 if (
281#ifdef CONFIG_KEYS
282 !p->cred->thread_keyring &&
283#endif
284 clone_flags & CLONE_THREAD
285 ) {
286 p->real_cred = get_cred(p->cred);
287 get_cred(p->cred);
288 atomic_inc(&p->cred->user->processes);
289 return 0;
290 }
291
292 new = prepare_creds();
293 if (!new)
294 return -ENOMEM;
295
296#ifdef CONFIG_KEYS
297 /* new threads get their own thread keyrings if their parent already
298 * had one */
299 if (new->thread_keyring) {
300 key_put(new->thread_keyring);
301 new->thread_keyring = NULL;
302 if (clone_flags & CLONE_THREAD)
303 install_thread_keyring_to_cred(new);
304 }
305
306 /* we share the process and session keyrings between all the threads in
307 * a process - this is slightly icky as we violate COW credentials a
308 * bit */
309 if (!(clone_flags & CLONE_THREAD)) {
310 tgcred = kmalloc(sizeof(*tgcred), GFP_KERNEL);
311 if (!tgcred) {
312 put_cred(new);
313 return -ENOMEM;
314 }
315 atomic_set(&tgcred->usage, 1);
316 spin_lock_init(&tgcred->lock);
317 tgcred->process_keyring = NULL;
318 tgcred->session_keyring = key_get(new->tgcred->session_keyring);
319
320 release_tgcred(new);
321 new->tgcred = tgcred;
322 }
323#endif
324
325 atomic_inc(&new->user->processes);
326 p->cred = p->real_cred = get_cred(new);
327 return 0;
328}
329
330/**
331 * commit_creds - Install new credentials upon the current task
332 * @new: The credentials to be assigned
333 *
334 * Install a new set of credentials to the current task, using RCU to replace
335 * the old set. Both the objective and the subjective credentials pointers are
336 * updated. This function may not be called if the subjective credentials are
337 * in an overridden state.
338 *
339 * This function eats the caller's reference to the new credentials.
340 *
341 * Always returns 0 thus allowing this function to be tail-called at the end
342 * of, say, sys_setgid().
343 */
344int commit_creds(struct cred *new)
345{
346 struct task_struct *task = current;
347 const struct cred *old;
348
349 BUG_ON(task->cred != task->real_cred);
350 BUG_ON(atomic_read(&task->real_cred->usage) < 2);
351 BUG_ON(atomic_read(&new->usage) < 1);
352
353 old = task->real_cred;
354 security_commit_creds(new, old);
355
356 get_cred(new); /* we will require a ref for the subj creds too */
357
358 /* dumpability changes */
359 if (old->euid != new->euid ||
360 old->egid != new->egid ||
361 old->fsuid != new->fsuid ||
362 old->fsgid != new->fsgid ||
363 !cap_issubset(new->cap_permitted, old->cap_permitted)) {
364 set_dumpable(task->mm, suid_dumpable);
365 task->pdeath_signal = 0;
366 smp_wmb();
367 }
368
369 /* alter the thread keyring */
370 if (new->fsuid != old->fsuid)
371 key_fsuid_changed(task);
372 if (new->fsgid != old->fsgid)
373 key_fsgid_changed(task);
374
375 /* do it
376 * - What if a process setreuid()'s and this brings the
377 * new uid over his NPROC rlimit? We can check this now
378 * cheaply with the new uid cache, so if it matters
379 * we should be checking for it. -DaveM
380 */
381 if (new->user != old->user)
382 atomic_inc(&new->user->processes);
383 rcu_assign_pointer(task->real_cred, new);
384 rcu_assign_pointer(task->cred, new);
385 if (new->user != old->user)
386 atomic_dec(&old->user->processes);
387
388 sched_switch_user(task);
389
390 /* send notifications */
391 if (new->uid != old->uid ||
392 new->euid != old->euid ||
393 new->suid != old->suid ||
394 new->fsuid != old->fsuid)
395 proc_id_connector(task, PROC_EVENT_UID);
396
397 if (new->gid != old->gid ||
398 new->egid != old->egid ||
399 new->sgid != old->sgid ||
400 new->fsgid != old->fsgid)
401 proc_id_connector(task, PROC_EVENT_GID);
402
403 /* release the old obj and subj refs both */
404 put_cred(old);
405 put_cred(old);
406 return 0;
407}
408EXPORT_SYMBOL(commit_creds);
409
410/**
411 * abort_creds - Discard a set of credentials and unlock the current task
412 * @new: The credentials that were going to be applied
413 *
414 * Discard a set of credentials that were under construction and unlock the
415 * current task.
416 */
417void abort_creds(struct cred *new)
418{
419 BUG_ON(atomic_read(&new->usage) < 1);
420 put_cred(new);
421}
422EXPORT_SYMBOL(abort_creds);
423
424/**
425 * override_creds - Override the current process's subjective credentials
426 * @new: The credentials to be assigned
427 *
428 * Install a set of temporary override subjective credentials on the current
429 * process, returning the old set for later reversion.
430 */
431const struct cred *override_creds(const struct cred *new)
432{
433 const struct cred *old = current->cred;
434
435 rcu_assign_pointer(current->cred, get_cred(new));
436 return old;
437}
438EXPORT_SYMBOL(override_creds);
439
440/**
441 * revert_creds - Revert a temporary subjective credentials override
442 * @old: The credentials to be restored
443 *
444 * Revert a temporary set of override subjective credentials to an old set,
445 * discarding the override set.
446 */
447void revert_creds(const struct cred *old)
448{
449 const struct cred *override = current->cred;
450
451 rcu_assign_pointer(current->cred, old);
452 put_cred(override);
453}
454EXPORT_SYMBOL(revert_creds);
455
456/*
457 * initialise the credentials stuff
458 */
459void __init cred_init(void)
460{
461 /* allocate a slab in which we can store credentials */
462 cred_jar = kmem_cache_create("cred_jar", sizeof(struct cred),
463 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
464}
465
466/**
467 * prepare_kernel_cred - Prepare a set of credentials for a kernel service
468 * @daemon: A userspace daemon to be used as a reference
469 *
470 * Prepare a set of credentials for a kernel service. This can then be used to
471 * override a task's own credentials so that work can be done on behalf of that
472 * task that requires a different subjective context.
473 *
474 * @daemon is used to provide a base for the security record, but can be NULL.
475 * If @daemon is supplied, then the security data will be derived from that;
476 * otherwise they'll be set to 0 and no groups, full capabilities and no keys.
477 *
478 * The caller may change these controls afterwards if desired.
479 *
480 * Returns the new credentials or NULL if out of memory.
481 *
482 * Does not take, and does not return holding current->cred_replace_mutex.
483 */
484struct cred *prepare_kernel_cred(struct task_struct *daemon)
485{
486 const struct cred *old;
487 struct cred *new;
488
489 new = kmem_cache_alloc(cred_jar, GFP_KERNEL);
490 if (!new)
491 return NULL;
492
493 if (daemon)
494 old = get_task_cred(daemon);
495 else
496 old = get_cred(&init_cred);
497
498 get_uid(new->user);
499 get_group_info(new->group_info);
500
501#ifdef CONFIG_KEYS
502 atomic_inc(&init_tgcred.usage);
503 new->tgcred = &init_tgcred;
504 new->request_key_auth = NULL;
505 new->thread_keyring = NULL;
506 new->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING;
507#endif
508
509#ifdef CONFIG_SECURITY
510 new->security = NULL;
511#endif
512 if (security_prepare_creds(new, old, GFP_KERNEL) < 0)
513 goto error;
514
515 atomic_set(&new->usage, 1);
516 put_cred(old);
517 return new;
518
519error:
520 put_cred(new);
521 return NULL;
522}
523EXPORT_SYMBOL(prepare_kernel_cred);
524
525/**
526 * set_security_override - Set the security ID in a set of credentials
527 * @new: The credentials to alter
528 * @secid: The LSM security ID to set
529 *
530 * Set the LSM security ID in a set of credentials so that the subjective
531 * security is overridden when an alternative set of credentials is used.
532 */
533int set_security_override(struct cred *new, u32 secid)
534{
535 return security_kernel_act_as(new, secid);
536}
537EXPORT_SYMBOL(set_security_override);
538
539/**
540 * set_security_override_from_ctx - Set the security ID in a set of credentials
541 * @new: The credentials to alter
542 * @secctx: The LSM security context to generate the security ID from.
543 *
544 * Set the LSM security ID in a set of credentials so that the subjective
545 * security is overridden when an alternative set of credentials is used. The
546 * security ID is specified in string form as a security context to be
547 * interpreted by the LSM.
548 */
549int set_security_override_from_ctx(struct cred *new, const char *secctx)
550{
551 u32 secid;
552 int ret;
553
554 ret = security_secctx_to_secid(secctx, strlen(secctx), &secid);
555 if (ret < 0)
556 return ret;
557
558 return set_security_override(new, secid);
559}
560EXPORT_SYMBOL(set_security_override_from_ctx);
561
562/**
563 * set_create_files_as - Set the LSM file create context in a set of credentials
564 * @new: The credentials to alter
565 * @inode: The inode to take the context from
566 *
567 * Change the LSM file creation context in a set of credentials to be the same
568 * as the object context of the specified inode, so that the new inodes have
569 * the same MAC context as that inode.
570 */
571int set_create_files_as(struct cred *new, struct inode *inode)
572{
573 new->fsuid = inode->i_uid;
574 new->fsgid = inode->i_gid;
575 return security_kernel_create_files_as(new, inode);
576}
577EXPORT_SYMBOL(set_create_files_as);
diff --git a/kernel/exit.c b/kernel/exit.c
index 2d8be7ebb0f7..ccb87162ff62 100644
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -46,12 +46,14 @@
46#include <linux/blkdev.h> 46#include <linux/blkdev.h>
47#include <linux/task_io_accounting_ops.h> 47#include <linux/task_io_accounting_ops.h>
48#include <linux/tracehook.h> 48#include <linux/tracehook.h>
49#include <linux/init_task.h>
49#include <trace/sched.h> 50#include <trace/sched.h>
50 51
51#include <asm/uaccess.h> 52#include <asm/uaccess.h>
52#include <asm/unistd.h> 53#include <asm/unistd.h>
53#include <asm/pgtable.h> 54#include <asm/pgtable.h>
54#include <asm/mmu_context.h> 55#include <asm/mmu_context.h>
56#include "cred-internals.h"
55 57
56static void exit_mm(struct task_struct * tsk); 58static void exit_mm(struct task_struct * tsk);
57 59
@@ -164,7 +166,10 @@ void release_task(struct task_struct * p)
164 int zap_leader; 166 int zap_leader;
165repeat: 167repeat:
166 tracehook_prepare_release_task(p); 168 tracehook_prepare_release_task(p);
167 atomic_dec(&p->user->processes); 169 /* don't need to get the RCU readlock here - the process is dead and
170 * can't be modifying its own credentials */
171 atomic_dec(&__task_cred(p)->user->processes);
172
168 proc_flush_task(p); 173 proc_flush_task(p);
169 write_lock_irq(&tasklist_lock); 174 write_lock_irq(&tasklist_lock);
170 tracehook_finish_release_task(p); 175 tracehook_finish_release_task(p);
@@ -339,12 +344,12 @@ static void reparent_to_kthreadd(void)
339 /* cpus_allowed? */ 344 /* cpus_allowed? */
340 /* rt_priority? */ 345 /* rt_priority? */
341 /* signals? */ 346 /* signals? */
342 security_task_reparent_to_init(current);
343 memcpy(current->signal->rlim, init_task.signal->rlim, 347 memcpy(current->signal->rlim, init_task.signal->rlim,
344 sizeof(current->signal->rlim)); 348 sizeof(current->signal->rlim));
345 atomic_inc(&(INIT_USER->__count)); 349
350 atomic_inc(&init_cred.usage);
351 commit_creds(&init_cred);
346 write_unlock_irq(&tasklist_lock); 352 write_unlock_irq(&tasklist_lock);
347 switch_uid(INIT_USER);
348} 353}
349 354
350void __set_special_pids(struct pid *pid) 355void __set_special_pids(struct pid *pid)
@@ -1078,7 +1083,6 @@ NORET_TYPE void do_exit(long code)
1078 check_stack_usage(); 1083 check_stack_usage();
1079 exit_thread(); 1084 exit_thread();
1080 cgroup_exit(tsk, 1); 1085 cgroup_exit(tsk, 1);
1081 exit_keys(tsk);
1082 1086
1083 if (group_dead && tsk->signal->leader) 1087 if (group_dead && tsk->signal->leader)
1084 disassociate_ctty(1); 1088 disassociate_ctty(1);
@@ -1263,12 +1267,12 @@ static int wait_task_zombie(struct task_struct *p, int options,
1263 unsigned long state; 1267 unsigned long state;
1264 int retval, status, traced; 1268 int retval, status, traced;
1265 pid_t pid = task_pid_vnr(p); 1269 pid_t pid = task_pid_vnr(p);
1270 uid_t uid = __task_cred(p)->uid;
1266 1271
1267 if (!likely(options & WEXITED)) 1272 if (!likely(options & WEXITED))
1268 return 0; 1273 return 0;
1269 1274
1270 if (unlikely(options & WNOWAIT)) { 1275 if (unlikely(options & WNOWAIT)) {
1271 uid_t uid = p->uid;
1272 int exit_code = p->exit_code; 1276 int exit_code = p->exit_code;
1273 int why, status; 1277 int why, status;
1274 1278
@@ -1389,7 +1393,7 @@ static int wait_task_zombie(struct task_struct *p, int options,
1389 if (!retval && infop) 1393 if (!retval && infop)
1390 retval = put_user(pid, &infop->si_pid); 1394 retval = put_user(pid, &infop->si_pid);
1391 if (!retval && infop) 1395 if (!retval && infop)
1392 retval = put_user(p->uid, &infop->si_uid); 1396 retval = put_user(uid, &infop->si_uid);
1393 if (!retval) 1397 if (!retval)
1394 retval = pid; 1398 retval = pid;
1395 1399
@@ -1454,7 +1458,8 @@ static int wait_task_stopped(int ptrace, struct task_struct *p,
1454 if (!unlikely(options & WNOWAIT)) 1458 if (!unlikely(options & WNOWAIT))
1455 p->exit_code = 0; 1459 p->exit_code = 0;
1456 1460
1457 uid = p->uid; 1461 /* don't need the RCU readlock here as we're holding a spinlock */
1462 uid = __task_cred(p)->uid;
1458unlock_sig: 1463unlock_sig:
1459 spin_unlock_irq(&p->sighand->siglock); 1464 spin_unlock_irq(&p->sighand->siglock);
1460 if (!exit_code) 1465 if (!exit_code)
@@ -1528,10 +1533,10 @@ static int wait_task_continued(struct task_struct *p, int options,
1528 } 1533 }
1529 if (!unlikely(options & WNOWAIT)) 1534 if (!unlikely(options & WNOWAIT))
1530 p->signal->flags &= ~SIGNAL_STOP_CONTINUED; 1535 p->signal->flags &= ~SIGNAL_STOP_CONTINUED;
1536 uid = __task_cred(p)->uid;
1531 spin_unlock_irq(&p->sighand->siglock); 1537 spin_unlock_irq(&p->sighand->siglock);
1532 1538
1533 pid = task_pid_vnr(p); 1539 pid = task_pid_vnr(p);
1534 uid = p->uid;
1535 get_task_struct(p); 1540 get_task_struct(p);
1536 read_unlock(&tasklist_lock); 1541 read_unlock(&tasklist_lock);
1537 1542
diff --git a/kernel/fork.c b/kernel/fork.c
index 2a372a0e206f..29c18c14812d 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -147,9 +147,8 @@ void __put_task_struct(struct task_struct *tsk)
147 WARN_ON(atomic_read(&tsk->usage)); 147 WARN_ON(atomic_read(&tsk->usage));
148 WARN_ON(tsk == current); 148 WARN_ON(tsk == current);
149 149
150 security_task_free(tsk); 150 put_cred(tsk->real_cred);
151 free_uid(tsk->user); 151 put_cred(tsk->cred);
152 put_group_info(tsk->group_info);
153 delayacct_tsk_free(tsk); 152 delayacct_tsk_free(tsk);
154 153
155 if (!profile_handoff_task(tsk)) 154 if (!profile_handoff_task(tsk))
@@ -815,12 +814,6 @@ static int copy_signal(unsigned long clone_flags, struct task_struct *tsk)
815 if (!sig) 814 if (!sig)
816 return -ENOMEM; 815 return -ENOMEM;
817 816
818 ret = copy_thread_group_keys(tsk);
819 if (ret < 0) {
820 kmem_cache_free(signal_cachep, sig);
821 return ret;
822 }
823
824 atomic_set(&sig->count, 1); 817 atomic_set(&sig->count, 1);
825 atomic_set(&sig->live, 1); 818 atomic_set(&sig->live, 1);
826 init_waitqueue_head(&sig->wait_chldexit); 819 init_waitqueue_head(&sig->wait_chldexit);
@@ -865,7 +858,6 @@ static int copy_signal(unsigned long clone_flags, struct task_struct *tsk)
865void __cleanup_signal(struct signal_struct *sig) 858void __cleanup_signal(struct signal_struct *sig)
866{ 859{
867 thread_group_cputime_free(sig); 860 thread_group_cputime_free(sig);
868 exit_thread_group_keys(sig);
869 tty_kref_put(sig->tty); 861 tty_kref_put(sig->tty);
870 kmem_cache_free(signal_cachep, sig); 862 kmem_cache_free(signal_cachep, sig);
871} 863}
@@ -981,16 +973,16 @@ static struct task_struct *copy_process(unsigned long clone_flags,
981 DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled); 973 DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled);
982#endif 974#endif
983 retval = -EAGAIN; 975 retval = -EAGAIN;
984 if (atomic_read(&p->user->processes) >= 976 if (atomic_read(&p->real_cred->user->processes) >=
985 p->signal->rlim[RLIMIT_NPROC].rlim_cur) { 977 p->signal->rlim[RLIMIT_NPROC].rlim_cur) {
986 if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) && 978 if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) &&
987 p->user != current->nsproxy->user_ns->root_user) 979 p->real_cred->user != current->nsproxy->user_ns->root_user)
988 goto bad_fork_free; 980 goto bad_fork_free;
989 } 981 }
990 982
991 atomic_inc(&p->user->__count); 983 retval = copy_creds(p, clone_flags);
992 atomic_inc(&p->user->processes); 984 if (retval < 0)
993 get_group_info(p->group_info); 985 goto bad_fork_free;
994 986
995 /* 987 /*
996 * If multiple threads are within copy_process(), then this check 988 * If multiple threads are within copy_process(), then this check
@@ -1045,10 +1037,6 @@ static struct task_struct *copy_process(unsigned long clone_flags,
1045 do_posix_clock_monotonic_gettime(&p->start_time); 1037 do_posix_clock_monotonic_gettime(&p->start_time);
1046 p->real_start_time = p->start_time; 1038 p->real_start_time = p->start_time;
1047 monotonic_to_bootbased(&p->real_start_time); 1039 monotonic_to_bootbased(&p->real_start_time);
1048#ifdef CONFIG_SECURITY
1049 p->security = NULL;
1050#endif
1051 p->cap_bset = current->cap_bset;
1052 p->io_context = NULL; 1040 p->io_context = NULL;
1053 p->audit_context = NULL; 1041 p->audit_context = NULL;
1054 cgroup_fork(p); 1042 cgroup_fork(p);
@@ -1093,10 +1081,8 @@ static struct task_struct *copy_process(unsigned long clone_flags,
1093 /* Perform scheduler related setup. Assign this task to a CPU. */ 1081 /* Perform scheduler related setup. Assign this task to a CPU. */
1094 sched_fork(p, clone_flags); 1082 sched_fork(p, clone_flags);
1095 1083
1096 if ((retval = security_task_alloc(p)))
1097 goto bad_fork_cleanup_policy;
1098 if ((retval = audit_alloc(p))) 1084 if ((retval = audit_alloc(p)))
1099 goto bad_fork_cleanup_security; 1085 goto bad_fork_cleanup_policy;
1100 /* copy all the process information */ 1086 /* copy all the process information */
1101 if ((retval = copy_semundo(clone_flags, p))) 1087 if ((retval = copy_semundo(clone_flags, p)))
1102 goto bad_fork_cleanup_audit; 1088 goto bad_fork_cleanup_audit;
@@ -1110,10 +1096,8 @@ static struct task_struct *copy_process(unsigned long clone_flags,
1110 goto bad_fork_cleanup_sighand; 1096 goto bad_fork_cleanup_sighand;
1111 if ((retval = copy_mm(clone_flags, p))) 1097 if ((retval = copy_mm(clone_flags, p)))
1112 goto bad_fork_cleanup_signal; 1098 goto bad_fork_cleanup_signal;
1113 if ((retval = copy_keys(clone_flags, p)))
1114 goto bad_fork_cleanup_mm;
1115 if ((retval = copy_namespaces(clone_flags, p))) 1099 if ((retval = copy_namespaces(clone_flags, p)))
1116 goto bad_fork_cleanup_keys; 1100 goto bad_fork_cleanup_mm;
1117 if ((retval = copy_io(clone_flags, p))) 1101 if ((retval = copy_io(clone_flags, p)))
1118 goto bad_fork_cleanup_namespaces; 1102 goto bad_fork_cleanup_namespaces;
1119 retval = copy_thread(0, clone_flags, stack_start, stack_size, p, regs); 1103 retval = copy_thread(0, clone_flags, stack_start, stack_size, p, regs);
@@ -1278,8 +1262,6 @@ bad_fork_cleanup_io:
1278 put_io_context(p->io_context); 1262 put_io_context(p->io_context);
1279bad_fork_cleanup_namespaces: 1263bad_fork_cleanup_namespaces:
1280 exit_task_namespaces(p); 1264 exit_task_namespaces(p);
1281bad_fork_cleanup_keys:
1282 exit_keys(p);
1283bad_fork_cleanup_mm: 1265bad_fork_cleanup_mm:
1284 if (p->mm) 1266 if (p->mm)
1285 mmput(p->mm); 1267 mmput(p->mm);
@@ -1295,8 +1277,6 @@ bad_fork_cleanup_semundo:
1295 exit_sem(p); 1277 exit_sem(p);
1296bad_fork_cleanup_audit: 1278bad_fork_cleanup_audit:
1297 audit_free(p); 1279 audit_free(p);
1298bad_fork_cleanup_security:
1299 security_task_free(p);
1300bad_fork_cleanup_policy: 1280bad_fork_cleanup_policy:
1301#ifdef CONFIG_NUMA 1281#ifdef CONFIG_NUMA
1302 mpol_put(p->mempolicy); 1282 mpol_put(p->mempolicy);
@@ -1309,9 +1289,9 @@ bad_fork_cleanup_cgroup:
1309bad_fork_cleanup_put_domain: 1289bad_fork_cleanup_put_domain:
1310 module_put(task_thread_info(p)->exec_domain->module); 1290 module_put(task_thread_info(p)->exec_domain->module);
1311bad_fork_cleanup_count: 1291bad_fork_cleanup_count:
1312 put_group_info(p->group_info); 1292 atomic_dec(&p->cred->user->processes);
1313 atomic_dec(&p->user->processes); 1293 put_cred(p->real_cred);
1314 free_uid(p->user); 1294 put_cred(p->cred);
1315bad_fork_free: 1295bad_fork_free:
1316 free_task(p); 1296 free_task(p);
1317fork_out: 1297fork_out:
diff --git a/kernel/futex.c b/kernel/futex.c
index 8af10027514b..4fe790e89d0f 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -439,13 +439,20 @@ static void free_pi_state(struct futex_pi_state *pi_state)
439static struct task_struct * futex_find_get_task(pid_t pid) 439static struct task_struct * futex_find_get_task(pid_t pid)
440{ 440{
441 struct task_struct *p; 441 struct task_struct *p;
442 const struct cred *cred = current_cred(), *pcred;
442 443
443 rcu_read_lock(); 444 rcu_read_lock();
444 p = find_task_by_vpid(pid); 445 p = find_task_by_vpid(pid);
445 if (!p || ((current->euid != p->euid) && (current->euid != p->uid))) 446 if (!p) {
446 p = ERR_PTR(-ESRCH); 447 p = ERR_PTR(-ESRCH);
447 else 448 } else {
448 get_task_struct(p); 449 pcred = __task_cred(p);
450 if (cred->euid != pcred->euid &&
451 cred->euid != pcred->uid)
452 p = ERR_PTR(-ESRCH);
453 else
454 get_task_struct(p);
455 }
449 456
450 rcu_read_unlock(); 457 rcu_read_unlock();
451 458
@@ -1829,6 +1836,7 @@ sys_get_robust_list(int pid, struct robust_list_head __user * __user *head_ptr,
1829{ 1836{
1830 struct robust_list_head __user *head; 1837 struct robust_list_head __user *head;
1831 unsigned long ret; 1838 unsigned long ret;
1839 const struct cred *cred = current_cred(), *pcred;
1832 1840
1833 if (!futex_cmpxchg_enabled) 1841 if (!futex_cmpxchg_enabled)
1834 return -ENOSYS; 1842 return -ENOSYS;
@@ -1844,8 +1852,10 @@ sys_get_robust_list(int pid, struct robust_list_head __user * __user *head_ptr,
1844 if (!p) 1852 if (!p)
1845 goto err_unlock; 1853 goto err_unlock;
1846 ret = -EPERM; 1854 ret = -EPERM;
1847 if ((current->euid != p->euid) && (current->euid != p->uid) && 1855 pcred = __task_cred(p);
1848 !capable(CAP_SYS_PTRACE)) 1856 if (cred->euid != pcred->euid &&
1857 cred->euid != pcred->uid &&
1858 !capable(CAP_SYS_PTRACE))
1849 goto err_unlock; 1859 goto err_unlock;
1850 head = p->robust_list; 1860 head = p->robust_list;
1851 rcu_read_unlock(); 1861 rcu_read_unlock();
diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c
index 04ac3a9e42cf..d607a5b9ee29 100644
--- a/kernel/futex_compat.c
+++ b/kernel/futex_compat.c
@@ -135,6 +135,7 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr,
135{ 135{
136 struct compat_robust_list_head __user *head; 136 struct compat_robust_list_head __user *head;
137 unsigned long ret; 137 unsigned long ret;
138 const struct cred *cred = current_cred(), *pcred;
138 139
139 if (!futex_cmpxchg_enabled) 140 if (!futex_cmpxchg_enabled)
140 return -ENOSYS; 141 return -ENOSYS;
@@ -150,8 +151,10 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr,
150 if (!p) 151 if (!p)
151 goto err_unlock; 152 goto err_unlock;
152 ret = -EPERM; 153 ret = -EPERM;
153 if ((current->euid != p->euid) && (current->euid != p->uid) && 154 pcred = __task_cred(p);
154 !capable(CAP_SYS_PTRACE)) 155 if (cred->euid != pcred->euid &&
156 cred->euid != pcred->uid &&
157 !capable(CAP_SYS_PTRACE))
155 goto err_unlock; 158 goto err_unlock;
156 head = p->compat_robust_list; 159 head = p->compat_robust_list;
157 read_unlock(&tasklist_lock); 160 read_unlock(&tasklist_lock);
diff --git a/kernel/kmod.c b/kernel/kmod.c
index 3d3c3ea3a023..b46dbb908669 100644
--- a/kernel/kmod.c
+++ b/kernel/kmod.c
@@ -118,10 +118,10 @@ EXPORT_SYMBOL(request_module);
118struct subprocess_info { 118struct subprocess_info {
119 struct work_struct work; 119 struct work_struct work;
120 struct completion *complete; 120 struct completion *complete;
121 struct cred *cred;
121 char *path; 122 char *path;
122 char **argv; 123 char **argv;
123 char **envp; 124 char **envp;
124 struct key *ring;
125 enum umh_wait wait; 125 enum umh_wait wait;
126 int retval; 126 int retval;
127 struct file *stdin; 127 struct file *stdin;
@@ -134,19 +134,20 @@ struct subprocess_info {
134static int ____call_usermodehelper(void *data) 134static int ____call_usermodehelper(void *data)
135{ 135{
136 struct subprocess_info *sub_info = data; 136 struct subprocess_info *sub_info = data;
137 struct key *new_session, *old_session;
138 int retval; 137 int retval;
139 138
140 /* Unblock all signals and set the session keyring. */ 139 BUG_ON(atomic_read(&sub_info->cred->usage) != 1);
141 new_session = key_get(sub_info->ring); 140
141 /* Unblock all signals */
142 spin_lock_irq(&current->sighand->siglock); 142 spin_lock_irq(&current->sighand->siglock);
143 old_session = __install_session_keyring(current, new_session);
144 flush_signal_handlers(current, 1); 143 flush_signal_handlers(current, 1);
145 sigemptyset(&current->blocked); 144 sigemptyset(&current->blocked);
146 recalc_sigpending(); 145 recalc_sigpending();
147 spin_unlock_irq(&current->sighand->siglock); 146 spin_unlock_irq(&current->sighand->siglock);
148 147
149 key_put(old_session); 148 /* Install the credentials */
149 commit_creds(sub_info->cred);
150 sub_info->cred = NULL;
150 151
151 /* Install input pipe when needed */ 152 /* Install input pipe when needed */
152 if (sub_info->stdin) { 153 if (sub_info->stdin) {
@@ -185,6 +186,8 @@ void call_usermodehelper_freeinfo(struct subprocess_info *info)
185{ 186{
186 if (info->cleanup) 187 if (info->cleanup)
187 (*info->cleanup)(info->argv, info->envp); 188 (*info->cleanup)(info->argv, info->envp);
189 if (info->cred)
190 put_cred(info->cred);
188 kfree(info); 191 kfree(info);
189} 192}
190EXPORT_SYMBOL(call_usermodehelper_freeinfo); 193EXPORT_SYMBOL(call_usermodehelper_freeinfo);
@@ -240,6 +243,8 @@ static void __call_usermodehelper(struct work_struct *work)
240 pid_t pid; 243 pid_t pid;
241 enum umh_wait wait = sub_info->wait; 244 enum umh_wait wait = sub_info->wait;
242 245
246 BUG_ON(atomic_read(&sub_info->cred->usage) != 1);
247
243 /* CLONE_VFORK: wait until the usermode helper has execve'd 248 /* CLONE_VFORK: wait until the usermode helper has execve'd
244 * successfully We need the data structures to stay around 249 * successfully We need the data structures to stay around
245 * until that is done. */ 250 * until that is done. */
@@ -362,6 +367,9 @@ struct subprocess_info *call_usermodehelper_setup(char *path, char **argv,
362 sub_info->path = path; 367 sub_info->path = path;
363 sub_info->argv = argv; 368 sub_info->argv = argv;
364 sub_info->envp = envp; 369 sub_info->envp = envp;
370 sub_info->cred = prepare_usermodehelper_creds();
371 if (!sub_info->cred)
372 return NULL;
365 373
366 out: 374 out:
367 return sub_info; 375 return sub_info;
@@ -376,7 +384,13 @@ EXPORT_SYMBOL(call_usermodehelper_setup);
376void call_usermodehelper_setkeys(struct subprocess_info *info, 384void call_usermodehelper_setkeys(struct subprocess_info *info,
377 struct key *session_keyring) 385 struct key *session_keyring)
378{ 386{
379 info->ring = session_keyring; 387#ifdef CONFIG_KEYS
388 struct thread_group_cred *tgcred = info->cred->tgcred;
389 key_put(tgcred->session_keyring);
390 tgcred->session_keyring = key_get(session_keyring);
391#else
392 BUG();
393#endif
380} 394}
381EXPORT_SYMBOL(call_usermodehelper_setkeys); 395EXPORT_SYMBOL(call_usermodehelper_setkeys);
382 396
@@ -444,6 +458,8 @@ int call_usermodehelper_exec(struct subprocess_info *sub_info,
444 DECLARE_COMPLETION_ONSTACK(done); 458 DECLARE_COMPLETION_ONSTACK(done);
445 int retval = 0; 459 int retval = 0;
446 460
461 BUG_ON(atomic_read(&sub_info->cred->usage) != 1);
462
447 helper_lock(); 463 helper_lock();
448 if (sub_info->path[0] == '\0') 464 if (sub_info->path[0] == '\0')
449 goto out; 465 goto out;
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index 1e68e4c39e2c..f764b8806955 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -115,6 +115,8 @@ int ptrace_check_attach(struct task_struct *child, int kill)
115 115
116int __ptrace_may_access(struct task_struct *task, unsigned int mode) 116int __ptrace_may_access(struct task_struct *task, unsigned int mode)
117{ 117{
118 const struct cred *cred = current_cred(), *tcred;
119
118 /* May we inspect the given task? 120 /* May we inspect the given task?
119 * This check is used both for attaching with ptrace 121 * This check is used both for attaching with ptrace
120 * and for allowing access to sensitive information in /proc. 122 * and for allowing access to sensitive information in /proc.
@@ -127,13 +129,19 @@ int __ptrace_may_access(struct task_struct *task, unsigned int mode)
127 /* Don't let security modules deny introspection */ 129 /* Don't let security modules deny introspection */
128 if (task == current) 130 if (task == current)
129 return 0; 131 return 0;
130 if (((current->uid != task->euid) || 132 rcu_read_lock();
131 (current->uid != task->suid) || 133 tcred = __task_cred(task);
132 (current->uid != task->uid) || 134 if ((cred->uid != tcred->euid ||
133 (current->gid != task->egid) || 135 cred->uid != tcred->suid ||
134 (current->gid != task->sgid) || 136 cred->uid != tcred->uid ||
135 (current->gid != task->gid)) && !capable(CAP_SYS_PTRACE)) 137 cred->gid != tcred->egid ||
138 cred->gid != tcred->sgid ||
139 cred->gid != tcred->gid) &&
140 !capable(CAP_SYS_PTRACE)) {
141 rcu_read_unlock();
136 return -EPERM; 142 return -EPERM;
143 }
144 rcu_read_unlock();
137 smp_rmb(); 145 smp_rmb();
138 if (task->mm) 146 if (task->mm)
139 dumpable = get_dumpable(task->mm); 147 dumpable = get_dumpable(task->mm);
@@ -163,6 +171,14 @@ int ptrace_attach(struct task_struct *task)
163 if (same_thread_group(task, current)) 171 if (same_thread_group(task, current))
164 goto out; 172 goto out;
165 173
174 /* Protect exec's credential calculations against our interference;
175 * SUID, SGID and LSM creds get determined differently under ptrace.
176 */
177 retval = mutex_lock_interruptible(&current->cred_exec_mutex);
178 if (retval < 0)
179 goto out;
180
181 retval = -EPERM;
166repeat: 182repeat:
167 /* 183 /*
168 * Nasty, nasty. 184 * Nasty, nasty.
@@ -202,6 +218,7 @@ repeat:
202bad: 218bad:
203 write_unlock_irqrestore(&tasklist_lock, flags); 219 write_unlock_irqrestore(&tasklist_lock, flags);
204 task_unlock(task); 220 task_unlock(task);
221 mutex_unlock(&current->cred_exec_mutex);
205out: 222out:
206 return retval; 223 return retval;
207} 224}
diff --git a/kernel/sched.c b/kernel/sched.c
index c94baf2969e7..204d0662b438 100644
--- a/kernel/sched.c
+++ b/kernel/sched.c
@@ -345,7 +345,9 @@ static inline struct task_group *task_group(struct task_struct *p)
345 struct task_group *tg; 345 struct task_group *tg;
346 346
347#ifdef CONFIG_USER_SCHED 347#ifdef CONFIG_USER_SCHED
348 tg = p->user->tg; 348 rcu_read_lock();
349 tg = __task_cred(p)->user->tg;
350 rcu_read_unlock();
349#elif defined(CONFIG_CGROUP_SCHED) 351#elif defined(CONFIG_CGROUP_SCHED)
350 tg = container_of(task_subsys_state(p, cpu_cgroup_subsys_id), 352 tg = container_of(task_subsys_state(p, cpu_cgroup_subsys_id),
351 struct task_group, css); 353 struct task_group, css);
@@ -5133,6 +5135,22 @@ __setscheduler(struct rq *rq, struct task_struct *p, int policy, int prio)
5133 set_load_weight(p); 5135 set_load_weight(p);
5134} 5136}
5135 5137
5138/*
5139 * check the target process has a UID that matches the current process's
5140 */
5141static bool check_same_owner(struct task_struct *p)
5142{
5143 const struct cred *cred = current_cred(), *pcred;
5144 bool match;
5145
5146 rcu_read_lock();
5147 pcred = __task_cred(p);
5148 match = (cred->euid == pcred->euid ||
5149 cred->euid == pcred->uid);
5150 rcu_read_unlock();
5151 return match;
5152}
5153
5136static int __sched_setscheduler(struct task_struct *p, int policy, 5154static int __sched_setscheduler(struct task_struct *p, int policy,
5137 struct sched_param *param, bool user) 5155 struct sched_param *param, bool user)
5138{ 5156{
@@ -5192,8 +5210,7 @@ recheck:
5192 return -EPERM; 5210 return -EPERM;
5193 5211
5194 /* can't change other user's priorities */ 5212 /* can't change other user's priorities */
5195 if ((current->euid != p->euid) && 5213 if (!check_same_owner(p))
5196 (current->euid != p->uid))
5197 return -EPERM; 5214 return -EPERM;
5198 } 5215 }
5199 5216
@@ -5425,8 +5442,7 @@ long sched_setaffinity(pid_t pid, const cpumask_t *in_mask)
5425 read_unlock(&tasklist_lock); 5442 read_unlock(&tasklist_lock);
5426 5443
5427 retval = -EPERM; 5444 retval = -EPERM;
5428 if ((current->euid != p->euid) && (current->euid != p->uid) && 5445 if (!check_same_owner(p) && !capable(CAP_SYS_NICE))
5429 !capable(CAP_SYS_NICE))
5430 goto out_unlock; 5446 goto out_unlock;
5431 5447
5432 retval = security_task_setscheduler(p, 0, NULL); 5448 retval = security_task_setscheduler(p, 0, NULL);
diff --git a/kernel/signal.c b/kernel/signal.c
index 4530fc654455..2a64304ed54b 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -177,6 +177,11 @@ int next_signal(struct sigpending *pending, sigset_t *mask)
177 return sig; 177 return sig;
178} 178}
179 179
180/*
181 * allocate a new signal queue record
182 * - this may be called without locks if and only if t == current, otherwise an
183 * appopriate lock must be held to stop the target task from exiting
184 */
180static struct sigqueue *__sigqueue_alloc(struct task_struct *t, gfp_t flags, 185static struct sigqueue *__sigqueue_alloc(struct task_struct *t, gfp_t flags,
181 int override_rlimit) 186 int override_rlimit)
182{ 187{
@@ -184,11 +189,12 @@ static struct sigqueue *__sigqueue_alloc(struct task_struct *t, gfp_t flags,
184 struct user_struct *user; 189 struct user_struct *user;
185 190
186 /* 191 /*
187 * In order to avoid problems with "switch_user()", we want to make 192 * We won't get problems with the target's UID changing under us
188 * sure that the compiler doesn't re-load "t->user" 193 * because changing it requires RCU be used, and if t != current, the
194 * caller must be holding the RCU readlock (by way of a spinlock) and
195 * we use RCU protection here
189 */ 196 */
190 user = t->user; 197 user = get_uid(__task_cred(t)->user);
191 barrier();
192 atomic_inc(&user->sigpending); 198 atomic_inc(&user->sigpending);
193 if (override_rlimit || 199 if (override_rlimit ||
194 atomic_read(&user->sigpending) <= 200 atomic_read(&user->sigpending) <=
@@ -196,12 +202,14 @@ static struct sigqueue *__sigqueue_alloc(struct task_struct *t, gfp_t flags,
196 q = kmem_cache_alloc(sigqueue_cachep, flags); 202 q = kmem_cache_alloc(sigqueue_cachep, flags);
197 if (unlikely(q == NULL)) { 203 if (unlikely(q == NULL)) {
198 atomic_dec(&user->sigpending); 204 atomic_dec(&user->sigpending);
205 free_uid(user);
199 } else { 206 } else {
200 INIT_LIST_HEAD(&q->list); 207 INIT_LIST_HEAD(&q->list);
201 q->flags = 0; 208 q->flags = 0;
202 q->user = get_uid(user); 209 q->user = user;
203 } 210 }
204 return(q); 211
212 return q;
205} 213}
206 214
207static void __sigqueue_free(struct sigqueue *q) 215static void __sigqueue_free(struct sigqueue *q)
@@ -562,10 +570,12 @@ static int rm_from_queue(unsigned long mask, struct sigpending *s)
562 570
563/* 571/*
564 * Bad permissions for sending the signal 572 * Bad permissions for sending the signal
573 * - the caller must hold at least the RCU read lock
565 */ 574 */
566static int check_kill_permission(int sig, struct siginfo *info, 575static int check_kill_permission(int sig, struct siginfo *info,
567 struct task_struct *t) 576 struct task_struct *t)
568{ 577{
578 const struct cred *cred = current_cred(), *tcred;
569 struct pid *sid; 579 struct pid *sid;
570 int error; 580 int error;
571 581
@@ -579,8 +589,11 @@ static int check_kill_permission(int sig, struct siginfo *info,
579 if (error) 589 if (error)
580 return error; 590 return error;
581 591
582 if ((current->euid ^ t->suid) && (current->euid ^ t->uid) && 592 tcred = __task_cred(t);
583 (current->uid ^ t->suid) && (current->uid ^ t->uid) && 593 if ((cred->euid ^ tcred->suid) &&
594 (cred->euid ^ tcred->uid) &&
595 (cred->uid ^ tcred->suid) &&
596 (cred->uid ^ tcred->uid) &&
584 !capable(CAP_KILL)) { 597 !capable(CAP_KILL)) {
585 switch (sig) { 598 switch (sig) {
586 case SIGCONT: 599 case SIGCONT:
@@ -844,7 +857,7 @@ static int send_signal(int sig, struct siginfo *info, struct task_struct *t,
844 q->info.si_errno = 0; 857 q->info.si_errno = 0;
845 q->info.si_code = SI_USER; 858 q->info.si_code = SI_USER;
846 q->info.si_pid = task_pid_vnr(current); 859 q->info.si_pid = task_pid_vnr(current);
847 q->info.si_uid = current->uid; 860 q->info.si_uid = current_uid();
848 break; 861 break;
849 case (unsigned long) SEND_SIG_PRIV: 862 case (unsigned long) SEND_SIG_PRIV:
850 q->info.si_signo = sig; 863 q->info.si_signo = sig;
@@ -1008,6 +1021,10 @@ struct sighand_struct *lock_task_sighand(struct task_struct *tsk, unsigned long
1008 return sighand; 1021 return sighand;
1009} 1022}
1010 1023
1024/*
1025 * send signal info to all the members of a group
1026 * - the caller must hold the RCU read lock at least
1027 */
1011int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) 1028int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
1012{ 1029{
1013 unsigned long flags; 1030 unsigned long flags;
@@ -1029,8 +1046,8 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
1029/* 1046/*
1030 * __kill_pgrp_info() sends a signal to a process group: this is what the tty 1047 * __kill_pgrp_info() sends a signal to a process group: this is what the tty
1031 * control characters do (^C, ^Z etc) 1048 * control characters do (^C, ^Z etc)
1049 * - the caller must hold at least a readlock on tasklist_lock
1032 */ 1050 */
1033
1034int __kill_pgrp_info(int sig, struct siginfo *info, struct pid *pgrp) 1051int __kill_pgrp_info(int sig, struct siginfo *info, struct pid *pgrp)
1035{ 1052{
1036 struct task_struct *p = NULL; 1053 struct task_struct *p = NULL;
@@ -1086,6 +1103,7 @@ int kill_pid_info_as_uid(int sig, struct siginfo *info, struct pid *pid,
1086{ 1103{
1087 int ret = -EINVAL; 1104 int ret = -EINVAL;
1088 struct task_struct *p; 1105 struct task_struct *p;
1106 const struct cred *pcred;
1089 1107
1090 if (!valid_signal(sig)) 1108 if (!valid_signal(sig))
1091 return ret; 1109 return ret;
@@ -1096,9 +1114,11 @@ int kill_pid_info_as_uid(int sig, struct siginfo *info, struct pid *pid,
1096 ret = -ESRCH; 1114 ret = -ESRCH;
1097 goto out_unlock; 1115 goto out_unlock;
1098 } 1116 }
1099 if ((info == SEND_SIG_NOINFO || (!is_si_special(info) && SI_FROMUSER(info))) 1117 pcred = __task_cred(p);
1100 && (euid != p->suid) && (euid != p->uid) 1118 if ((info == SEND_SIG_NOINFO ||
1101 && (uid != p->suid) && (uid != p->uid)) { 1119 (!is_si_special(info) && SI_FROMUSER(info))) &&
1120 euid != pcred->suid && euid != pcred->uid &&
1121 uid != pcred->suid && uid != pcred->uid) {
1102 ret = -EPERM; 1122 ret = -EPERM;
1103 goto out_unlock; 1123 goto out_unlock;
1104 } 1124 }
@@ -1369,10 +1389,9 @@ int do_notify_parent(struct task_struct *tsk, int sig)
1369 */ 1389 */
1370 rcu_read_lock(); 1390 rcu_read_lock();
1371 info.si_pid = task_pid_nr_ns(tsk, tsk->parent->nsproxy->pid_ns); 1391 info.si_pid = task_pid_nr_ns(tsk, tsk->parent->nsproxy->pid_ns);
1392 info.si_uid = __task_cred(tsk)->uid;
1372 rcu_read_unlock(); 1393 rcu_read_unlock();
1373 1394
1374 info.si_uid = tsk->uid;
1375
1376 thread_group_cputime(tsk, &cputime); 1395 thread_group_cputime(tsk, &cputime);
1377 info.si_utime = cputime_to_jiffies(cputime.utime); 1396 info.si_utime = cputime_to_jiffies(cputime.utime);
1378 info.si_stime = cputime_to_jiffies(cputime.stime); 1397 info.si_stime = cputime_to_jiffies(cputime.stime);
@@ -1440,10 +1459,9 @@ static void do_notify_parent_cldstop(struct task_struct *tsk, int why)
1440 */ 1459 */
1441 rcu_read_lock(); 1460 rcu_read_lock();
1442 info.si_pid = task_pid_nr_ns(tsk, tsk->parent->nsproxy->pid_ns); 1461 info.si_pid = task_pid_nr_ns(tsk, tsk->parent->nsproxy->pid_ns);
1462 info.si_uid = __task_cred(tsk)->uid;
1443 rcu_read_unlock(); 1463 rcu_read_unlock();
1444 1464
1445 info.si_uid = tsk->uid;
1446
1447 info.si_utime = cputime_to_clock_t(tsk->utime); 1465 info.si_utime = cputime_to_clock_t(tsk->utime);
1448 info.si_stime = cputime_to_clock_t(tsk->stime); 1466 info.si_stime = cputime_to_clock_t(tsk->stime);
1449 1467
@@ -1598,7 +1616,7 @@ void ptrace_notify(int exit_code)
1598 info.si_signo = SIGTRAP; 1616 info.si_signo = SIGTRAP;
1599 info.si_code = exit_code; 1617 info.si_code = exit_code;
1600 info.si_pid = task_pid_vnr(current); 1618 info.si_pid = task_pid_vnr(current);
1601 info.si_uid = current->uid; 1619 info.si_uid = current_uid();
1602 1620
1603 /* Let the debugger run. */ 1621 /* Let the debugger run. */
1604 spin_lock_irq(&current->sighand->siglock); 1622 spin_lock_irq(&current->sighand->siglock);
@@ -1710,7 +1728,7 @@ static int ptrace_signal(int signr, siginfo_t *info,
1710 info->si_errno = 0; 1728 info->si_errno = 0;
1711 info->si_code = SI_USER; 1729 info->si_code = SI_USER;
1712 info->si_pid = task_pid_vnr(current->parent); 1730 info->si_pid = task_pid_vnr(current->parent);
1713 info->si_uid = current->parent->uid; 1731 info->si_uid = task_uid(current->parent);
1714 } 1732 }
1715 1733
1716 /* If the (new) signal is now blocked, requeue it. */ 1734 /* If the (new) signal is now blocked, requeue it. */
@@ -2211,7 +2229,7 @@ sys_kill(pid_t pid, int sig)
2211 info.si_errno = 0; 2229 info.si_errno = 0;
2212 info.si_code = SI_USER; 2230 info.si_code = SI_USER;
2213 info.si_pid = task_tgid_vnr(current); 2231 info.si_pid = task_tgid_vnr(current);
2214 info.si_uid = current->uid; 2232 info.si_uid = current_uid();
2215 2233
2216 return kill_something_info(sig, &info, pid); 2234 return kill_something_info(sig, &info, pid);
2217} 2235}
@@ -2228,7 +2246,7 @@ static int do_tkill(pid_t tgid, pid_t pid, int sig)
2228 info.si_errno = 0; 2246 info.si_errno = 0;
2229 info.si_code = SI_TKILL; 2247 info.si_code = SI_TKILL;
2230 info.si_pid = task_tgid_vnr(current); 2248 info.si_pid = task_tgid_vnr(current);
2231 info.si_uid = current->uid; 2249 info.si_uid = current_uid();
2232 2250
2233 rcu_read_lock(); 2251 rcu_read_lock();
2234 p = find_task_by_vpid(pid); 2252 p = find_task_by_vpid(pid);
diff --git a/kernel/sys.c b/kernel/sys.c
index 31deba8f7d16..ab735040468a 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -112,12 +112,17 @@ EXPORT_SYMBOL(cad_pid);
112 112
113void (*pm_power_off_prepare)(void); 113void (*pm_power_off_prepare)(void);
114 114
115/*
116 * set the priority of a task
117 * - the caller must hold the RCU read lock
118 */
115static int set_one_prio(struct task_struct *p, int niceval, int error) 119static int set_one_prio(struct task_struct *p, int niceval, int error)
116{ 120{
121 const struct cred *cred = current_cred(), *pcred = __task_cred(p);
117 int no_nice; 122 int no_nice;
118 123
119 if (p->uid != current->euid && 124 if (pcred->uid != cred->euid &&
120 p->euid != current->euid && !capable(CAP_SYS_NICE)) { 125 pcred->euid != cred->euid && !capable(CAP_SYS_NICE)) {
121 error = -EPERM; 126 error = -EPERM;
122 goto out; 127 goto out;
123 } 128 }
@@ -141,6 +146,7 @@ asmlinkage long sys_setpriority(int which, int who, int niceval)
141{ 146{
142 struct task_struct *g, *p; 147 struct task_struct *g, *p;
143 struct user_struct *user; 148 struct user_struct *user;
149 const struct cred *cred = current_cred();
144 int error = -EINVAL; 150 int error = -EINVAL;
145 struct pid *pgrp; 151 struct pid *pgrp;
146 152
@@ -174,18 +180,18 @@ asmlinkage long sys_setpriority(int which, int who, int niceval)
174 } while_each_pid_thread(pgrp, PIDTYPE_PGID, p); 180 } while_each_pid_thread(pgrp, PIDTYPE_PGID, p);
175 break; 181 break;
176 case PRIO_USER: 182 case PRIO_USER:
177 user = current->user; 183 user = (struct user_struct *) cred->user;
178 if (!who) 184 if (!who)
179 who = current->uid; 185 who = cred->uid;
180 else 186 else if ((who != cred->uid) &&
181 if ((who != current->uid) && !(user = find_user(who))) 187 !(user = find_user(who)))
182 goto out_unlock; /* No processes for this user */ 188 goto out_unlock; /* No processes for this user */
183 189
184 do_each_thread(g, p) 190 do_each_thread(g, p)
185 if (p->uid == who) 191 if (__task_cred(p)->uid == who)
186 error = set_one_prio(p, niceval, error); 192 error = set_one_prio(p, niceval, error);
187 while_each_thread(g, p); 193 while_each_thread(g, p);
188 if (who != current->uid) 194 if (who != cred->uid)
189 free_uid(user); /* For find_user() */ 195 free_uid(user); /* For find_user() */
190 break; 196 break;
191 } 197 }
@@ -205,6 +211,7 @@ asmlinkage long sys_getpriority(int which, int who)
205{ 211{
206 struct task_struct *g, *p; 212 struct task_struct *g, *p;
207 struct user_struct *user; 213 struct user_struct *user;
214 const struct cred *cred = current_cred();
208 long niceval, retval = -ESRCH; 215 long niceval, retval = -ESRCH;
209 struct pid *pgrp; 216 struct pid *pgrp;
210 217
@@ -236,21 +243,21 @@ asmlinkage long sys_getpriority(int which, int who)
236 } while_each_pid_thread(pgrp, PIDTYPE_PGID, p); 243 } while_each_pid_thread(pgrp, PIDTYPE_PGID, p);
237 break; 244 break;
238 case PRIO_USER: 245 case PRIO_USER:
239 user = current->user; 246 user = (struct user_struct *) cred->user;
240 if (!who) 247 if (!who)
241 who = current->uid; 248 who = cred->uid;
242 else 249 else if ((who != cred->uid) &&
243 if ((who != current->uid) && !(user = find_user(who))) 250 !(user = find_user(who)))
244 goto out_unlock; /* No processes for this user */ 251 goto out_unlock; /* No processes for this user */
245 252
246 do_each_thread(g, p) 253 do_each_thread(g, p)
247 if (p->uid == who) { 254 if (__task_cred(p)->uid == who) {
248 niceval = 20 - task_nice(p); 255 niceval = 20 - task_nice(p);
249 if (niceval > retval) 256 if (niceval > retval)
250 retval = niceval; 257 retval = niceval;
251 } 258 }
252 while_each_thread(g, p); 259 while_each_thread(g, p);
253 if (who != current->uid) 260 if (who != cred->uid)
254 free_uid(user); /* for find_user() */ 261 free_uid(user); /* for find_user() */
255 break; 262 break;
256 } 263 }
@@ -472,46 +479,48 @@ void ctrl_alt_del(void)
472 */ 479 */
473asmlinkage long sys_setregid(gid_t rgid, gid_t egid) 480asmlinkage long sys_setregid(gid_t rgid, gid_t egid)
474{ 481{
475 int old_rgid = current->gid; 482 const struct cred *old;
476 int old_egid = current->egid; 483 struct cred *new;
477 int new_rgid = old_rgid;
478 int new_egid = old_egid;
479 int retval; 484 int retval;
480 485
486 new = prepare_creds();
487 if (!new)
488 return -ENOMEM;
489 old = current_cred();
490
481 retval = security_task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE); 491 retval = security_task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE);
482 if (retval) 492 if (retval)
483 return retval; 493 goto error;
484 494
495 retval = -EPERM;
485 if (rgid != (gid_t) -1) { 496 if (rgid != (gid_t) -1) {
486 if ((old_rgid == rgid) || 497 if (old->gid == rgid ||
487 (current->egid==rgid) || 498 old->egid == rgid ||
488 capable(CAP_SETGID)) 499 capable(CAP_SETGID))
489 new_rgid = rgid; 500 new->gid = rgid;
490 else 501 else
491 return -EPERM; 502 goto error;
492 } 503 }
493 if (egid != (gid_t) -1) { 504 if (egid != (gid_t) -1) {
494 if ((old_rgid == egid) || 505 if (old->gid == egid ||
495 (current->egid == egid) || 506 old->egid == egid ||
496 (current->sgid == egid) || 507 old->sgid == egid ||
497 capable(CAP_SETGID)) 508 capable(CAP_SETGID))
498 new_egid = egid; 509 new->egid = egid;
499 else 510 else
500 return -EPERM; 511 goto error;
501 }
502 if (new_egid != old_egid) {
503 set_dumpable(current->mm, suid_dumpable);
504 smp_wmb();
505 } 512 }
513
506 if (rgid != (gid_t) -1 || 514 if (rgid != (gid_t) -1 ||
507 (egid != (gid_t) -1 && egid != old_rgid)) 515 (egid != (gid_t) -1 && egid != old->gid))
508 current->sgid = new_egid; 516 new->sgid = new->egid;
509 current->fsgid = new_egid; 517 new->fsgid = new->egid;
510 current->egid = new_egid; 518
511 current->gid = new_rgid; 519 return commit_creds(new);
512 key_fsgid_changed(current); 520
513 proc_id_connector(current, PROC_EVENT_GID); 521error:
514 return 0; 522 abort_creds(new);
523 return retval;
515} 524}
516 525
517/* 526/*
@@ -521,39 +530,42 @@ asmlinkage long sys_setregid(gid_t rgid, gid_t egid)
521 */ 530 */
522asmlinkage long sys_setgid(gid_t gid) 531asmlinkage long sys_setgid(gid_t gid)
523{ 532{
524 int old_egid = current->egid; 533 const struct cred *old;
534 struct cred *new;
525 int retval; 535 int retval;
526 536
537 new = prepare_creds();
538 if (!new)
539 return -ENOMEM;
540 old = current_cred();
541
527 retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID); 542 retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID);
528 if (retval) 543 if (retval)
529 return retval; 544 goto error;
530 545
531 if (capable(CAP_SETGID)) { 546 retval = -EPERM;
532 if (old_egid != gid) { 547 if (capable(CAP_SETGID))
533 set_dumpable(current->mm, suid_dumpable); 548 new->gid = new->egid = new->sgid = new->fsgid = gid;
534 smp_wmb(); 549 else if (gid == old->gid || gid == old->sgid)
535 } 550 new->egid = new->fsgid = gid;
536 current->gid = current->egid = current->sgid = current->fsgid = gid;
537 } else if ((gid == current->gid) || (gid == current->sgid)) {
538 if (old_egid != gid) {
539 set_dumpable(current->mm, suid_dumpable);
540 smp_wmb();
541 }
542 current->egid = current->fsgid = gid;
543 }
544 else 551 else
545 return -EPERM; 552 goto error;
546 553
547 key_fsgid_changed(current); 554 return commit_creds(new);
548 proc_id_connector(current, PROC_EVENT_GID); 555
549 return 0; 556error:
557 abort_creds(new);
558 return retval;
550} 559}
551 560
552static int set_user(uid_t new_ruid, int dumpclear) 561/*
562 * change the user struct in a credentials set to match the new UID
563 */
564static int set_user(struct cred *new)
553{ 565{
554 struct user_struct *new_user; 566 struct user_struct *new_user;
555 567
556 new_user = alloc_uid(current->nsproxy->user_ns, new_ruid); 568 new_user = alloc_uid(current->nsproxy->user_ns, new->uid);
557 if (!new_user) 569 if (!new_user)
558 return -EAGAIN; 570 return -EAGAIN;
559 571
@@ -564,13 +576,8 @@ static int set_user(uid_t new_ruid, int dumpclear)
564 return -EAGAIN; 576 return -EAGAIN;
565 } 577 }
566 578
567 switch_uid(new_user); 579 free_uid(new->user);
568 580 new->user = new_user;
569 if (dumpclear) {
570 set_dumpable(current->mm, suid_dumpable);
571 smp_wmb();
572 }
573 current->uid = new_ruid;
574 return 0; 581 return 0;
575} 582}
576 583
@@ -591,54 +598,56 @@ static int set_user(uid_t new_ruid, int dumpclear)
591 */ 598 */
592asmlinkage long sys_setreuid(uid_t ruid, uid_t euid) 599asmlinkage long sys_setreuid(uid_t ruid, uid_t euid)
593{ 600{
594 int old_ruid, old_euid, old_suid, new_ruid, new_euid; 601 const struct cred *old;
602 struct cred *new;
595 int retval; 603 int retval;
596 604
605 new = prepare_creds();
606 if (!new)
607 return -ENOMEM;
608 old = current_cred();
609
597 retval = security_task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE); 610 retval = security_task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE);
598 if (retval) 611 if (retval)
599 return retval; 612 goto error;
600
601 new_ruid = old_ruid = current->uid;
602 new_euid = old_euid = current->euid;
603 old_suid = current->suid;
604 613
614 retval = -EPERM;
605 if (ruid != (uid_t) -1) { 615 if (ruid != (uid_t) -1) {
606 new_ruid = ruid; 616 new->uid = ruid;
607 if ((old_ruid != ruid) && 617 if (old->uid != ruid &&
608 (current->euid != ruid) && 618 old->euid != ruid &&
609 !capable(CAP_SETUID)) 619 !capable(CAP_SETUID))
610 return -EPERM; 620 goto error;
611 } 621 }
612 622
613 if (euid != (uid_t) -1) { 623 if (euid != (uid_t) -1) {
614 new_euid = euid; 624 new->euid = euid;
615 if ((old_ruid != euid) && 625 if (old->uid != euid &&
616 (current->euid != euid) && 626 old->euid != euid &&
617 (current->suid != euid) && 627 old->suid != euid &&
618 !capable(CAP_SETUID)) 628 !capable(CAP_SETUID))
619 return -EPERM; 629 goto error;
620 } 630 }
621 631
622 if (new_ruid != old_ruid && set_user(new_ruid, new_euid != old_euid) < 0) 632 retval = -EAGAIN;
623 return -EAGAIN; 633 if (new->uid != old->uid && set_user(new) < 0)
634 goto error;
624 635
625 if (new_euid != old_euid) {
626 set_dumpable(current->mm, suid_dumpable);
627 smp_wmb();
628 }
629 current->fsuid = current->euid = new_euid;
630 if (ruid != (uid_t) -1 || 636 if (ruid != (uid_t) -1 ||
631 (euid != (uid_t) -1 && euid != old_ruid)) 637 (euid != (uid_t) -1 && euid != old->uid))
632 current->suid = current->euid; 638 new->suid = new->euid;
633 current->fsuid = current->euid; 639 new->fsuid = new->euid;
634 640
635 key_fsuid_changed(current); 641 retval = security_task_fix_setuid(new, old, LSM_SETID_RE);
636 proc_id_connector(current, PROC_EVENT_UID); 642 if (retval < 0)
637 643 goto error;
638 return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RE);
639}
640 644
645 return commit_creds(new);
641 646
647error:
648 abort_creds(new);
649 return retval;
650}
642 651
643/* 652/*
644 * setuid() is implemented like SysV with SAVED_IDS 653 * setuid() is implemented like SysV with SAVED_IDS
@@ -653,36 +662,41 @@ asmlinkage long sys_setreuid(uid_t ruid, uid_t euid)
653 */ 662 */
654asmlinkage long sys_setuid(uid_t uid) 663asmlinkage long sys_setuid(uid_t uid)
655{ 664{
656 int old_euid = current->euid; 665 const struct cred *old;
657 int old_ruid, old_suid, new_suid; 666 struct cred *new;
658 int retval; 667 int retval;
659 668
669 new = prepare_creds();
670 if (!new)
671 return -ENOMEM;
672 old = current_cred();
673
660 retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID); 674 retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID);
661 if (retval) 675 if (retval)
662 return retval; 676 goto error;
663 677
664 old_ruid = current->uid; 678 retval = -EPERM;
665 old_suid = current->suid;
666 new_suid = old_suid;
667
668 if (capable(CAP_SETUID)) { 679 if (capable(CAP_SETUID)) {
669 if (uid != old_ruid && set_user(uid, old_euid != uid) < 0) 680 new->suid = new->uid = uid;
670 return -EAGAIN; 681 if (uid != old->uid && set_user(new) < 0) {
671 new_suid = uid; 682 retval = -EAGAIN;
672 } else if ((uid != current->uid) && (uid != new_suid)) 683 goto error;
673 return -EPERM; 684 }
674 685 } else if (uid != old->uid && uid != new->suid) {
675 if (old_euid != uid) { 686 goto error;
676 set_dumpable(current->mm, suid_dumpable);
677 smp_wmb();
678 } 687 }
679 current->fsuid = current->euid = uid;
680 current->suid = new_suid;
681 688
682 key_fsuid_changed(current); 689 new->fsuid = new->euid = uid;
683 proc_id_connector(current, PROC_EVENT_UID); 690
691 retval = security_task_fix_setuid(new, old, LSM_SETID_ID);
692 if (retval < 0)
693 goto error;
684 694
685 return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_ID); 695 return commit_creds(new);
696
697error:
698 abort_creds(new);
699 return retval;
686} 700}
687 701
688 702
@@ -692,54 +706,63 @@ asmlinkage long sys_setuid(uid_t uid)
692 */ 706 */
693asmlinkage long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid) 707asmlinkage long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid)
694{ 708{
695 int old_ruid = current->uid; 709 const struct cred *old;
696 int old_euid = current->euid; 710 struct cred *new;
697 int old_suid = current->suid;
698 int retval; 711 int retval;
699 712
713 new = prepare_creds();
714 if (!new)
715 return -ENOMEM;
716
700 retval = security_task_setuid(ruid, euid, suid, LSM_SETID_RES); 717 retval = security_task_setuid(ruid, euid, suid, LSM_SETID_RES);
701 if (retval) 718 if (retval)
702 return retval; 719 goto error;
720 old = current_cred();
703 721
722 retval = -EPERM;
704 if (!capable(CAP_SETUID)) { 723 if (!capable(CAP_SETUID)) {
705 if ((ruid != (uid_t) -1) && (ruid != current->uid) && 724 if (ruid != (uid_t) -1 && ruid != old->uid &&
706 (ruid != current->euid) && (ruid != current->suid)) 725 ruid != old->euid && ruid != old->suid)
707 return -EPERM; 726 goto error;
708 if ((euid != (uid_t) -1) && (euid != current->uid) && 727 if (euid != (uid_t) -1 && euid != old->uid &&
709 (euid != current->euid) && (euid != current->suid)) 728 euid != old->euid && euid != old->suid)
710 return -EPERM; 729 goto error;
711 if ((suid != (uid_t) -1) && (suid != current->uid) && 730 if (suid != (uid_t) -1 && suid != old->uid &&
712 (suid != current->euid) && (suid != current->suid)) 731 suid != old->euid && suid != old->suid)
713 return -EPERM; 732 goto error;
714 } 733 }
734
735 retval = -EAGAIN;
715 if (ruid != (uid_t) -1) { 736 if (ruid != (uid_t) -1) {
716 if (ruid != current->uid && set_user(ruid, euid != current->euid) < 0) 737 new->uid = ruid;
717 return -EAGAIN; 738 if (ruid != old->uid && set_user(new) < 0)
739 goto error;
718 } 740 }
719 if (euid != (uid_t) -1) { 741 if (euid != (uid_t) -1)
720 if (euid != current->euid) { 742 new->euid = euid;
721 set_dumpable(current->mm, suid_dumpable);
722 smp_wmb();
723 }
724 current->euid = euid;
725 }
726 current->fsuid = current->euid;
727 if (suid != (uid_t) -1) 743 if (suid != (uid_t) -1)
728 current->suid = suid; 744 new->suid = suid;
745 new->fsuid = new->euid;
746
747 retval = security_task_fix_setuid(new, old, LSM_SETID_RES);
748 if (retval < 0)
749 goto error;
729 750
730 key_fsuid_changed(current); 751 return commit_creds(new);
731 proc_id_connector(current, PROC_EVENT_UID);
732 752
733 return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RES); 753error:
754 abort_creds(new);
755 return retval;
734} 756}
735 757
736asmlinkage long sys_getresuid(uid_t __user *ruid, uid_t __user *euid, uid_t __user *suid) 758asmlinkage long sys_getresuid(uid_t __user *ruid, uid_t __user *euid, uid_t __user *suid)
737{ 759{
760 const struct cred *cred = current_cred();
738 int retval; 761 int retval;
739 762
740 if (!(retval = put_user(current->uid, ruid)) && 763 if (!(retval = put_user(cred->uid, ruid)) &&
741 !(retval = put_user(current->euid, euid))) 764 !(retval = put_user(cred->euid, euid)))
742 retval = put_user(current->suid, suid); 765 retval = put_user(cred->suid, suid);
743 766
744 return retval; 767 return retval;
745} 768}
@@ -749,48 +772,55 @@ asmlinkage long sys_getresuid(uid_t __user *ruid, uid_t __user *euid, uid_t __us
749 */ 772 */
750asmlinkage long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid) 773asmlinkage long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid)
751{ 774{
775 const struct cred *old;
776 struct cred *new;
752 int retval; 777 int retval;
753 778
779 new = prepare_creds();
780 if (!new)
781 return -ENOMEM;
782 old = current_cred();
783
754 retval = security_task_setgid(rgid, egid, sgid, LSM_SETID_RES); 784 retval = security_task_setgid(rgid, egid, sgid, LSM_SETID_RES);
755 if (retval) 785 if (retval)
756 return retval; 786 goto error;
757 787
788 retval = -EPERM;
758 if (!capable(CAP_SETGID)) { 789 if (!capable(CAP_SETGID)) {
759 if ((rgid != (gid_t) -1) && (rgid != current->gid) && 790 if (rgid != (gid_t) -1 && rgid != old->gid &&
760 (rgid != current->egid) && (rgid != current->sgid)) 791 rgid != old->egid && rgid != old->sgid)
761 return -EPERM; 792 goto error;
762 if ((egid != (gid_t) -1) && (egid != current->gid) && 793 if (egid != (gid_t) -1 && egid != old->gid &&
763 (egid != current->egid) && (egid != current->sgid)) 794 egid != old->egid && egid != old->sgid)
764 return -EPERM; 795 goto error;
765 if ((sgid != (gid_t) -1) && (sgid != current->gid) && 796 if (sgid != (gid_t) -1 && sgid != old->gid &&
766 (sgid != current->egid) && (sgid != current->sgid)) 797 sgid != old->egid && sgid != old->sgid)
767 return -EPERM; 798 goto error;
768 } 799 }
769 if (egid != (gid_t) -1) { 800
770 if (egid != current->egid) {
771 set_dumpable(current->mm, suid_dumpable);
772 smp_wmb();
773 }
774 current->egid = egid;
775 }
776 current->fsgid = current->egid;
777 if (rgid != (gid_t) -1) 801 if (rgid != (gid_t) -1)
778 current->gid = rgid; 802 new->gid = rgid;
803 if (egid != (gid_t) -1)
804 new->egid = egid;
779 if (sgid != (gid_t) -1) 805 if (sgid != (gid_t) -1)
780 current->sgid = sgid; 806 new->sgid = sgid;
807 new->fsgid = new->egid;
781 808
782 key_fsgid_changed(current); 809 return commit_creds(new);
783 proc_id_connector(current, PROC_EVENT_GID); 810
784 return 0; 811error:
812 abort_creds(new);
813 return retval;
785} 814}
786 815
787asmlinkage long sys_getresgid(gid_t __user *rgid, gid_t __user *egid, gid_t __user *sgid) 816asmlinkage long sys_getresgid(gid_t __user *rgid, gid_t __user *egid, gid_t __user *sgid)
788{ 817{
818 const struct cred *cred = current_cred();
789 int retval; 819 int retval;
790 820
791 if (!(retval = put_user(current->gid, rgid)) && 821 if (!(retval = put_user(cred->gid, rgid)) &&
792 !(retval = put_user(current->egid, egid))) 822 !(retval = put_user(cred->egid, egid)))
793 retval = put_user(current->sgid, sgid); 823 retval = put_user(cred->sgid, sgid);
794 824
795 return retval; 825 return retval;
796} 826}
@@ -804,27 +834,35 @@ asmlinkage long sys_getresgid(gid_t __user *rgid, gid_t __user *egid, gid_t __us
804 */ 834 */
805asmlinkage long sys_setfsuid(uid_t uid) 835asmlinkage long sys_setfsuid(uid_t uid)
806{ 836{
807 int old_fsuid; 837 const struct cred *old;
838 struct cred *new;
839 uid_t old_fsuid;
808 840
809 old_fsuid = current->fsuid; 841 new = prepare_creds();
810 if (security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS)) 842 if (!new)
811 return old_fsuid; 843 return current_fsuid();
844 old = current_cred();
845 old_fsuid = old->fsuid;
812 846
813 if (uid == current->uid || uid == current->euid || 847 if (security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS) < 0)
814 uid == current->suid || uid == current->fsuid || 848 goto error;
849
850 if (uid == old->uid || uid == old->euid ||
851 uid == old->suid || uid == old->fsuid ||
815 capable(CAP_SETUID)) { 852 capable(CAP_SETUID)) {
816 if (uid != old_fsuid) { 853 if (uid != old_fsuid) {
817 set_dumpable(current->mm, suid_dumpable); 854 new->fsuid = uid;
818 smp_wmb(); 855 if (security_task_fix_setuid(new, old, LSM_SETID_FS) == 0)
856 goto change_okay;
819 } 857 }
820 current->fsuid = uid;
821 } 858 }
822 859
823 key_fsuid_changed(current); 860error:
824 proc_id_connector(current, PROC_EVENT_UID); 861 abort_creds(new);
825 862 return old_fsuid;
826 security_task_post_setuid(old_fsuid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS);
827 863
864change_okay:
865 commit_creds(new);
828 return old_fsuid; 866 return old_fsuid;
829} 867}
830 868
@@ -833,23 +871,34 @@ asmlinkage long sys_setfsuid(uid_t uid)
833 */ 871 */
834asmlinkage long sys_setfsgid(gid_t gid) 872asmlinkage long sys_setfsgid(gid_t gid)
835{ 873{
836 int old_fsgid; 874 const struct cred *old;
875 struct cred *new;
876 gid_t old_fsgid;
877
878 new = prepare_creds();
879 if (!new)
880 return current_fsgid();
881 old = current_cred();
882 old_fsgid = old->fsgid;
837 883
838 old_fsgid = current->fsgid;
839 if (security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS)) 884 if (security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS))
840 return old_fsgid; 885 goto error;
841 886
842 if (gid == current->gid || gid == current->egid || 887 if (gid == old->gid || gid == old->egid ||
843 gid == current->sgid || gid == current->fsgid || 888 gid == old->sgid || gid == old->fsgid ||
844 capable(CAP_SETGID)) { 889 capable(CAP_SETGID)) {
845 if (gid != old_fsgid) { 890 if (gid != old_fsgid) {
846 set_dumpable(current->mm, suid_dumpable); 891 new->fsgid = gid;
847 smp_wmb(); 892 goto change_okay;
848 } 893 }
849 current->fsgid = gid;
850 key_fsgid_changed(current);
851 proc_id_connector(current, PROC_EVENT_GID);
852 } 894 }
895
896error:
897 abort_creds(new);
898 return old_fsgid;
899
900change_okay:
901 commit_creds(new);
853 return old_fsgid; 902 return old_fsgid;
854} 903}
855 904
@@ -1118,7 +1167,7 @@ EXPORT_SYMBOL(groups_free);
1118 1167
1119/* export the group_info to a user-space array */ 1168/* export the group_info to a user-space array */
1120static int groups_to_user(gid_t __user *grouplist, 1169static int groups_to_user(gid_t __user *grouplist,
1121 struct group_info *group_info) 1170 const struct group_info *group_info)
1122{ 1171{
1123 int i; 1172 int i;
1124 unsigned int count = group_info->ngroups; 1173 unsigned int count = group_info->ngroups;
@@ -1186,7 +1235,7 @@ static void groups_sort(struct group_info *group_info)
1186} 1235}
1187 1236
1188/* a simple bsearch */ 1237/* a simple bsearch */
1189int groups_search(struct group_info *group_info, gid_t grp) 1238int groups_search(const struct group_info *group_info, gid_t grp)
1190{ 1239{
1191 unsigned int left, right; 1240 unsigned int left, right;
1192 1241
@@ -1208,51 +1257,74 @@ int groups_search(struct group_info *group_info, gid_t grp)
1208 return 0; 1257 return 0;
1209} 1258}
1210 1259
1211/* validate and set current->group_info */ 1260/**
1212int set_current_groups(struct group_info *group_info) 1261 * set_groups - Change a group subscription in a set of credentials
1262 * @new: The newly prepared set of credentials to alter
1263 * @group_info: The group list to install
1264 *
1265 * Validate a group subscription and, if valid, insert it into a set
1266 * of credentials.
1267 */
1268int set_groups(struct cred *new, struct group_info *group_info)
1213{ 1269{
1214 int retval; 1270 int retval;
1215 struct group_info *old_info;
1216 1271
1217 retval = security_task_setgroups(group_info); 1272 retval = security_task_setgroups(group_info);
1218 if (retval) 1273 if (retval)
1219 return retval; 1274 return retval;
1220 1275
1276 put_group_info(new->group_info);
1221 groups_sort(group_info); 1277 groups_sort(group_info);
1222 get_group_info(group_info); 1278 get_group_info(group_info);
1279 new->group_info = group_info;
1280 return 0;
1281}
1282
1283EXPORT_SYMBOL(set_groups);
1223 1284
1224 task_lock(current); 1285/**
1225 old_info = current->group_info; 1286 * set_current_groups - Change current's group subscription
1226 current->group_info = group_info; 1287 * @group_info: The group list to impose
1227 task_unlock(current); 1288 *
1289 * Validate a group subscription and, if valid, impose it upon current's task
1290 * security record.
1291 */
1292int set_current_groups(struct group_info *group_info)
1293{
1294 struct cred *new;
1295 int ret;
1228 1296
1229 put_group_info(old_info); 1297 new = prepare_creds();
1298 if (!new)
1299 return -ENOMEM;
1230 1300
1231 return 0; 1301 ret = set_groups(new, group_info);
1302 if (ret < 0) {
1303 abort_creds(new);
1304 return ret;
1305 }
1306
1307 return commit_creds(new);
1232} 1308}
1233 1309
1234EXPORT_SYMBOL(set_current_groups); 1310EXPORT_SYMBOL(set_current_groups);
1235 1311
1236asmlinkage long sys_getgroups(int gidsetsize, gid_t __user *grouplist) 1312asmlinkage long sys_getgroups(int gidsetsize, gid_t __user *grouplist)
1237{ 1313{
1238 int i = 0; 1314 const struct cred *cred = current_cred();
1239 1315 int i;
1240 /*
1241 * SMP: Nobody else can change our grouplist. Thus we are
1242 * safe.
1243 */
1244 1316
1245 if (gidsetsize < 0) 1317 if (gidsetsize < 0)
1246 return -EINVAL; 1318 return -EINVAL;
1247 1319
1248 /* no need to grab task_lock here; it cannot change */ 1320 /* no need to grab task_lock here; it cannot change */
1249 i = current->group_info->ngroups; 1321 i = cred->group_info->ngroups;
1250 if (gidsetsize) { 1322 if (gidsetsize) {
1251 if (i > gidsetsize) { 1323 if (i > gidsetsize) {
1252 i = -EINVAL; 1324 i = -EINVAL;
1253 goto out; 1325 goto out;
1254 } 1326 }
1255 if (groups_to_user(grouplist, current->group_info)) { 1327 if (groups_to_user(grouplist, cred->group_info)) {
1256 i = -EFAULT; 1328 i = -EFAULT;
1257 goto out; 1329 goto out;
1258 } 1330 }
@@ -1296,9 +1368,11 @@ asmlinkage long sys_setgroups(int gidsetsize, gid_t __user *grouplist)
1296 */ 1368 */
1297int in_group_p(gid_t grp) 1369int in_group_p(gid_t grp)
1298{ 1370{
1371 const struct cred *cred = current_cred();
1299 int retval = 1; 1372 int retval = 1;
1300 if (grp != current->fsgid) 1373
1301 retval = groups_search(current->group_info, grp); 1374 if (grp != cred->fsgid)
1375 retval = groups_search(cred->group_info, grp);
1302 return retval; 1376 return retval;
1303} 1377}
1304 1378
@@ -1306,9 +1380,11 @@ EXPORT_SYMBOL(in_group_p);
1306 1380
1307int in_egroup_p(gid_t grp) 1381int in_egroup_p(gid_t grp)
1308{ 1382{
1383 const struct cred *cred = current_cred();
1309 int retval = 1; 1384 int retval = 1;
1310 if (grp != current->egid) 1385
1311 retval = groups_search(current->group_info, grp); 1386 if (grp != cred->egid)
1387 retval = groups_search(cred->group_info, grp);
1312 return retval; 1388 return retval;
1313} 1389}
1314 1390
@@ -1624,50 +1700,56 @@ asmlinkage long sys_umask(int mask)
1624asmlinkage long sys_prctl(int option, unsigned long arg2, unsigned long arg3, 1700asmlinkage long sys_prctl(int option, unsigned long arg2, unsigned long arg3,
1625 unsigned long arg4, unsigned long arg5) 1701 unsigned long arg4, unsigned long arg5)
1626{ 1702{
1627 long error = 0; 1703 struct task_struct *me = current;
1704 unsigned char comm[sizeof(me->comm)];
1705 long error;
1628 1706
1629 if (security_task_prctl(option, arg2, arg3, arg4, arg5, &error)) 1707 error = security_task_prctl(option, arg2, arg3, arg4, arg5);
1708 if (error != -ENOSYS)
1630 return error; 1709 return error;
1631 1710
1711 error = 0;
1632 switch (option) { 1712 switch (option) {
1633 case PR_SET_PDEATHSIG: 1713 case PR_SET_PDEATHSIG:
1634 if (!valid_signal(arg2)) { 1714 if (!valid_signal(arg2)) {
1635 error = -EINVAL; 1715 error = -EINVAL;
1636 break; 1716 break;
1637 } 1717 }
1638 current->pdeath_signal = arg2; 1718 me->pdeath_signal = arg2;
1719 error = 0;
1639 break; 1720 break;
1640 case PR_GET_PDEATHSIG: 1721 case PR_GET_PDEATHSIG:
1641 error = put_user(current->pdeath_signal, (int __user *)arg2); 1722 error = put_user(me->pdeath_signal, (int __user *)arg2);
1642 break; 1723 break;
1643 case PR_GET_DUMPABLE: 1724 case PR_GET_DUMPABLE:
1644 error = get_dumpable(current->mm); 1725 error = get_dumpable(me->mm);
1645 break; 1726 break;
1646 case PR_SET_DUMPABLE: 1727 case PR_SET_DUMPABLE:
1647 if (arg2 < 0 || arg2 > 1) { 1728 if (arg2 < 0 || arg2 > 1) {
1648 error = -EINVAL; 1729 error = -EINVAL;
1649 break; 1730 break;
1650 } 1731 }
1651 set_dumpable(current->mm, arg2); 1732 set_dumpable(me->mm, arg2);
1733 error = 0;
1652 break; 1734 break;
1653 1735
1654 case PR_SET_UNALIGN: 1736 case PR_SET_UNALIGN:
1655 error = SET_UNALIGN_CTL(current, arg2); 1737 error = SET_UNALIGN_CTL(me, arg2);
1656 break; 1738 break;
1657 case PR_GET_UNALIGN: 1739 case PR_GET_UNALIGN:
1658 error = GET_UNALIGN_CTL(current, arg2); 1740 error = GET_UNALIGN_CTL(me, arg2);
1659 break; 1741 break;
1660 case PR_SET_FPEMU: 1742 case PR_SET_FPEMU:
1661 error = SET_FPEMU_CTL(current, arg2); 1743 error = SET_FPEMU_CTL(me, arg2);
1662 break; 1744 break;
1663 case PR_GET_FPEMU: 1745 case PR_GET_FPEMU:
1664 error = GET_FPEMU_CTL(current, arg2); 1746 error = GET_FPEMU_CTL(me, arg2);
1665 break; 1747 break;
1666 case PR_SET_FPEXC: 1748 case PR_SET_FPEXC:
1667 error = SET_FPEXC_CTL(current, arg2); 1749 error = SET_FPEXC_CTL(me, arg2);
1668 break; 1750 break;
1669 case PR_GET_FPEXC: 1751 case PR_GET_FPEXC:
1670 error = GET_FPEXC_CTL(current, arg2); 1752 error = GET_FPEXC_CTL(me, arg2);
1671 break; 1753 break;
1672 case PR_GET_TIMING: 1754 case PR_GET_TIMING:
1673 error = PR_TIMING_STATISTICAL; 1755 error = PR_TIMING_STATISTICAL;
@@ -1675,33 +1757,28 @@ asmlinkage long sys_prctl(int option, unsigned long arg2, unsigned long arg3,
1675 case PR_SET_TIMING: 1757 case PR_SET_TIMING:
1676 if (arg2 != PR_TIMING_STATISTICAL) 1758 if (arg2 != PR_TIMING_STATISTICAL)
1677 error = -EINVAL; 1759 error = -EINVAL;
1760 else
1761 error = 0;
1678 break; 1762 break;
1679 1763
1680 case PR_SET_NAME: { 1764 case PR_SET_NAME:
1681 struct task_struct *me = current; 1765 comm[sizeof(me->comm)-1] = 0;
1682 unsigned char ncomm[sizeof(me->comm)]; 1766 if (strncpy_from_user(comm, (char __user *)arg2,
1683 1767 sizeof(me->comm) - 1) < 0)
1684 ncomm[sizeof(me->comm)-1] = 0;
1685 if (strncpy_from_user(ncomm, (char __user *)arg2,
1686 sizeof(me->comm)-1) < 0)
1687 return -EFAULT; 1768 return -EFAULT;
1688 set_task_comm(me, ncomm); 1769 set_task_comm(me, comm);
1689 return 0; 1770 return 0;
1690 } 1771 case PR_GET_NAME:
1691 case PR_GET_NAME: { 1772 get_task_comm(comm, me);
1692 struct task_struct *me = current; 1773 if (copy_to_user((char __user *)arg2, comm,
1693 unsigned char tcomm[sizeof(me->comm)]; 1774 sizeof(comm)))
1694
1695 get_task_comm(tcomm, me);
1696 if (copy_to_user((char __user *)arg2, tcomm, sizeof(tcomm)))
1697 return -EFAULT; 1775 return -EFAULT;
1698 return 0; 1776 return 0;
1699 }
1700 case PR_GET_ENDIAN: 1777 case PR_GET_ENDIAN:
1701 error = GET_ENDIAN(current, arg2); 1778 error = GET_ENDIAN(me, arg2);
1702 break; 1779 break;
1703 case PR_SET_ENDIAN: 1780 case PR_SET_ENDIAN:
1704 error = SET_ENDIAN(current, arg2); 1781 error = SET_ENDIAN(me, arg2);
1705 break; 1782 break;
1706 1783
1707 case PR_GET_SECCOMP: 1784 case PR_GET_SECCOMP:
@@ -1725,6 +1802,7 @@ asmlinkage long sys_prctl(int option, unsigned long arg2, unsigned long arg3,
1725 current->default_timer_slack_ns; 1802 current->default_timer_slack_ns;
1726 else 1803 else
1727 current->timer_slack_ns = arg2; 1804 current->timer_slack_ns = arg2;
1805 error = 0;
1728 break; 1806 break;
1729 default: 1807 default:
1730 error = -EINVAL; 1808 error = -EINVAL;
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 9d048fa2d902..511031381c33 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -1641,7 +1641,7 @@ out:
1641 1641
1642static int test_perm(int mode, int op) 1642static int test_perm(int mode, int op)
1643{ 1643{
1644 if (!current->euid) 1644 if (!current_euid())
1645 mode >>= 6; 1645 mode >>= 6;
1646 else if (in_egroup_p(0)) 1646 else if (in_egroup_p(0))
1647 mode >>= 3; 1647 mode >>= 3;
diff --git a/kernel/timer.c b/kernel/timer.c
index dbd50fabe4c7..566257d1dc10 100644
--- a/kernel/timer.c
+++ b/kernel/timer.c
@@ -1192,25 +1192,25 @@ asmlinkage long sys_getppid(void)
1192asmlinkage long sys_getuid(void) 1192asmlinkage long sys_getuid(void)
1193{ 1193{
1194 /* Only we change this so SMP safe */ 1194 /* Only we change this so SMP safe */
1195 return current->uid; 1195 return current_uid();
1196} 1196}
1197 1197
1198asmlinkage long sys_geteuid(void) 1198asmlinkage long sys_geteuid(void)
1199{ 1199{
1200 /* Only we change this so SMP safe */ 1200 /* Only we change this so SMP safe */
1201 return current->euid; 1201 return current_euid();
1202} 1202}
1203 1203
1204asmlinkage long sys_getgid(void) 1204asmlinkage long sys_getgid(void)
1205{ 1205{
1206 /* Only we change this so SMP safe */ 1206 /* Only we change this so SMP safe */
1207 return current->gid; 1207 return current_gid();
1208} 1208}
1209 1209
1210asmlinkage long sys_getegid(void) 1210asmlinkage long sys_getegid(void)
1211{ 1211{
1212 /* Only we change this so SMP safe */ 1212 /* Only we change this so SMP safe */
1213 return current->egid; 1213 return current_egid();
1214} 1214}
1215 1215
1216#endif 1216#endif
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 697eda36b86a..ffe7c96fa09b 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -246,7 +246,7 @@ __update_max_tr(struct trace_array *tr, struct task_struct *tsk, int cpu)
246 246
247 memcpy(data->comm, tsk->comm, TASK_COMM_LEN); 247 memcpy(data->comm, tsk->comm, TASK_COMM_LEN);
248 data->pid = tsk->pid; 248 data->pid = tsk->pid;
249 data->uid = tsk->uid; 249 data->uid = task_uid(tsk);
250 data->nice = tsk->static_prio - 20 - MAX_RT_PRIO; 250 data->nice = tsk->static_prio - 20 - MAX_RT_PRIO;
251 data->policy = tsk->policy; 251 data->policy = tsk->policy;
252 data->rt_priority = tsk->rt_priority; 252 data->rt_priority = tsk->rt_priority;
diff --git a/kernel/tsacct.c b/kernel/tsacct.c
index 8ebcd8532dfb..2dc06ab35716 100644
--- a/kernel/tsacct.c
+++ b/kernel/tsacct.c
@@ -27,6 +27,7 @@
27 */ 27 */
28void bacct_add_tsk(struct taskstats *stats, struct task_struct *tsk) 28void bacct_add_tsk(struct taskstats *stats, struct task_struct *tsk)
29{ 29{
30 const struct cred *tcred;
30 struct timespec uptime, ts; 31 struct timespec uptime, ts;
31 u64 ac_etime; 32 u64 ac_etime;
32 33
@@ -53,10 +54,11 @@ void bacct_add_tsk(struct taskstats *stats, struct task_struct *tsk)
53 stats->ac_flag |= AXSIG; 54 stats->ac_flag |= AXSIG;
54 stats->ac_nice = task_nice(tsk); 55 stats->ac_nice = task_nice(tsk);
55 stats->ac_sched = tsk->policy; 56 stats->ac_sched = tsk->policy;
56 stats->ac_uid = tsk->uid;
57 stats->ac_gid = tsk->gid;
58 stats->ac_pid = tsk->pid; 57 stats->ac_pid = tsk->pid;
59 rcu_read_lock(); 58 rcu_read_lock();
59 tcred = __task_cred(tsk);
60 stats->ac_uid = tcred->uid;
61 stats->ac_gid = tcred->gid;
60 stats->ac_ppid = pid_alive(tsk) ? 62 stats->ac_ppid = pid_alive(tsk) ?
61 rcu_dereference(tsk->real_parent)->tgid : 0; 63 rcu_dereference(tsk->real_parent)->tgid : 0;
62 rcu_read_unlock(); 64 rcu_read_unlock();
diff --git a/kernel/uid16.c b/kernel/uid16.c
index 3e41c1673e2f..2460c3199b5a 100644
--- a/kernel/uid16.c
+++ b/kernel/uid16.c
@@ -84,11 +84,12 @@ asmlinkage long sys_setresuid16(old_uid_t ruid, old_uid_t euid, old_uid_t suid)
84 84
85asmlinkage long sys_getresuid16(old_uid_t __user *ruid, old_uid_t __user *euid, old_uid_t __user *suid) 85asmlinkage long sys_getresuid16(old_uid_t __user *ruid, old_uid_t __user *euid, old_uid_t __user *suid)
86{ 86{
87 const struct cred *cred = current_cred();
87 int retval; 88 int retval;
88 89
89 if (!(retval = put_user(high2lowuid(current->uid), ruid)) && 90 if (!(retval = put_user(high2lowuid(cred->uid), ruid)) &&
90 !(retval = put_user(high2lowuid(current->euid), euid))) 91 !(retval = put_user(high2lowuid(cred->euid), euid)))
91 retval = put_user(high2lowuid(current->suid), suid); 92 retval = put_user(high2lowuid(cred->suid), suid);
92 93
93 return retval; 94 return retval;
94} 95}
@@ -104,11 +105,12 @@ asmlinkage long sys_setresgid16(old_gid_t rgid, old_gid_t egid, old_gid_t sgid)
104 105
105asmlinkage long sys_getresgid16(old_gid_t __user *rgid, old_gid_t __user *egid, old_gid_t __user *sgid) 106asmlinkage long sys_getresgid16(old_gid_t __user *rgid, old_gid_t __user *egid, old_gid_t __user *sgid)
106{ 107{
108 const struct cred *cred = current_cred();
107 int retval; 109 int retval;
108 110
109 if (!(retval = put_user(high2lowgid(current->gid), rgid)) && 111 if (!(retval = put_user(high2lowgid(cred->gid), rgid)) &&
110 !(retval = put_user(high2lowgid(current->egid), egid))) 112 !(retval = put_user(high2lowgid(cred->egid), egid)))
111 retval = put_user(high2lowgid(current->sgid), sgid); 113 retval = put_user(high2lowgid(cred->sgid), sgid);
112 114
113 return retval; 115 return retval;
114} 116}
@@ -161,25 +163,24 @@ static int groups16_from_user(struct group_info *group_info,
161 163
162asmlinkage long sys_getgroups16(int gidsetsize, old_gid_t __user *grouplist) 164asmlinkage long sys_getgroups16(int gidsetsize, old_gid_t __user *grouplist)
163{ 165{
164 int i = 0; 166 const struct cred *cred = current_cred();
167 int i;
165 168
166 if (gidsetsize < 0) 169 if (gidsetsize < 0)
167 return -EINVAL; 170 return -EINVAL;
168 171
169 get_group_info(current->group_info); 172 i = cred->group_info->ngroups;
170 i = current->group_info->ngroups;
171 if (gidsetsize) { 173 if (gidsetsize) {
172 if (i > gidsetsize) { 174 if (i > gidsetsize) {
173 i = -EINVAL; 175 i = -EINVAL;
174 goto out; 176 goto out;
175 } 177 }
176 if (groups16_to_user(grouplist, current->group_info)) { 178 if (groups16_to_user(grouplist, cred->group_info)) {
177 i = -EFAULT; 179 i = -EFAULT;
178 goto out; 180 goto out;
179 } 181 }
180 } 182 }
181out: 183out:
182 put_group_info(current->group_info);
183 return i; 184 return i;
184} 185}
185 186
@@ -210,20 +211,20 @@ asmlinkage long sys_setgroups16(int gidsetsize, old_gid_t __user *grouplist)
210 211
211asmlinkage long sys_getuid16(void) 212asmlinkage long sys_getuid16(void)
212{ 213{
213 return high2lowuid(current->uid); 214 return high2lowuid(current_uid());
214} 215}
215 216
216asmlinkage long sys_geteuid16(void) 217asmlinkage long sys_geteuid16(void)
217{ 218{
218 return high2lowuid(current->euid); 219 return high2lowuid(current_euid());
219} 220}
220 221
221asmlinkage long sys_getgid16(void) 222asmlinkage long sys_getgid16(void)
222{ 223{
223 return high2lowgid(current->gid); 224 return high2lowgid(current_gid());
224} 225}
225 226
226asmlinkage long sys_getegid16(void) 227asmlinkage long sys_getegid16(void)
227{ 228{
228 return high2lowgid(current->egid); 229 return high2lowgid(current_egid());
229} 230}
diff --git a/kernel/user.c b/kernel/user.c
index 39d6159fae43..d476307dd4b0 100644
--- a/kernel/user.c
+++ b/kernel/user.c
@@ -16,6 +16,7 @@
16#include <linux/interrupt.h> 16#include <linux/interrupt.h>
17#include <linux/module.h> 17#include <linux/module.h>
18#include <linux/user_namespace.h> 18#include <linux/user_namespace.h>
19#include "cred-internals.h"
19 20
20struct user_namespace init_user_ns = { 21struct user_namespace init_user_ns = {
21 .kref = { 22 .kref = {
@@ -104,16 +105,10 @@ static int sched_create_user(struct user_struct *up)
104 return rc; 105 return rc;
105} 106}
106 107
107static void sched_switch_user(struct task_struct *p)
108{
109 sched_move_task(p);
110}
111
112#else /* CONFIG_USER_SCHED */ 108#else /* CONFIG_USER_SCHED */
113 109
114static void sched_destroy_user(struct user_struct *up) { } 110static void sched_destroy_user(struct user_struct *up) { }
115static int sched_create_user(struct user_struct *up) { return 0; } 111static int sched_create_user(struct user_struct *up) { return 0; }
116static void sched_switch_user(struct task_struct *p) { }
117 112
118#endif /* CONFIG_USER_SCHED */ 113#endif /* CONFIG_USER_SCHED */
119 114
@@ -448,36 +443,6 @@ out_unlock:
448 return NULL; 443 return NULL;
449} 444}
450 445
451void switch_uid(struct user_struct *new_user)
452{
453 struct user_struct *old_user;
454
455 /* What if a process setreuid()'s and this brings the
456 * new uid over his NPROC rlimit? We can check this now
457 * cheaply with the new uid cache, so if it matters
458 * we should be checking for it. -DaveM
459 */
460 old_user = current->user;
461 atomic_inc(&new_user->processes);
462 atomic_dec(&old_user->processes);
463 switch_uid_keyring(new_user);
464 current->user = new_user;
465 sched_switch_user(current);
466
467 /*
468 * We need to synchronize with __sigqueue_alloc()
469 * doing a get_uid(p->user).. If that saw the old
470 * user value, we need to wait until it has exited
471 * its critical region before we can free the old
472 * structure.
473 */
474 smp_mb();
475 spin_unlock_wait(&current->sighand->siglock);
476
477 free_uid(old_user);
478 suid_keys(current);
479}
480
481#ifdef CONFIG_USER_NS 446#ifdef CONFIG_USER_NS
482void release_uids(struct user_namespace *ns) 447void release_uids(struct user_namespace *ns)
483{ 448{
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index 532858fa5b88..0d9c51d67333 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -19,6 +19,7 @@ static struct user_namespace *clone_user_ns(struct user_namespace *old_ns)
19{ 19{
20 struct user_namespace *ns; 20 struct user_namespace *ns;
21 struct user_struct *new_user; 21 struct user_struct *new_user;
22 struct cred *new;
22 int n; 23 int n;
23 24
24 ns = kmalloc(sizeof(struct user_namespace), GFP_KERNEL); 25 ns = kmalloc(sizeof(struct user_namespace), GFP_KERNEL);
@@ -38,14 +39,23 @@ static struct user_namespace *clone_user_ns(struct user_namespace *old_ns)
38 } 39 }
39 40
40 /* Reset current->user with a new one */ 41 /* Reset current->user with a new one */
41 new_user = alloc_uid(ns, current->uid); 42 new_user = alloc_uid(ns, current_uid());
42 if (!new_user) { 43 if (!new_user) {
43 free_uid(ns->root_user); 44 free_uid(ns->root_user);
44 kfree(ns); 45 kfree(ns);
45 return ERR_PTR(-ENOMEM); 46 return ERR_PTR(-ENOMEM);
46 } 47 }
47 48
48 switch_uid(new_user); 49 /* Install the new user */
50 new = prepare_creds();
51 if (!new) {
52 free_uid(new_user);
53 free_uid(ns->root_user);
54 kfree(ns);
55 }
56 free_uid(new->user);
57 new->user = new_user;
58 commit_creds(new);
49 return ns; 59 return ns;
50} 60}
51 61
diff --git a/kernel/workqueue.c b/kernel/workqueue.c
index d4dc69ddebd7..4952322cba45 100644
--- a/kernel/workqueue.c
+++ b/kernel/workqueue.c
@@ -84,21 +84,21 @@ static cpumask_t cpu_singlethread_map __read_mostly;
84static cpumask_t cpu_populated_map __read_mostly; 84static cpumask_t cpu_populated_map __read_mostly;
85 85
86/* If it's single threaded, it isn't in the list of workqueues. */ 86/* If it's single threaded, it isn't in the list of workqueues. */
87static inline int is_single_threaded(struct workqueue_struct *wq) 87static inline int is_wq_single_threaded(struct workqueue_struct *wq)
88{ 88{
89 return wq->singlethread; 89 return wq->singlethread;
90} 90}
91 91
92static const cpumask_t *wq_cpu_map(struct workqueue_struct *wq) 92static const cpumask_t *wq_cpu_map(struct workqueue_struct *wq)
93{ 93{
94 return is_single_threaded(wq) 94 return is_wq_single_threaded(wq)
95 ? &cpu_singlethread_map : &cpu_populated_map; 95 ? &cpu_singlethread_map : &cpu_populated_map;
96} 96}
97 97
98static 98static
99struct cpu_workqueue_struct *wq_per_cpu(struct workqueue_struct *wq, int cpu) 99struct cpu_workqueue_struct *wq_per_cpu(struct workqueue_struct *wq, int cpu)
100{ 100{
101 if (unlikely(is_single_threaded(wq))) 101 if (unlikely(is_wq_single_threaded(wq)))
102 cpu = singlethread_cpu; 102 cpu = singlethread_cpu;
103 return per_cpu_ptr(wq->cpu_wq, cpu); 103 return per_cpu_ptr(wq->cpu_wq, cpu);
104} 104}
@@ -769,7 +769,7 @@ static int create_workqueue_thread(struct cpu_workqueue_struct *cwq, int cpu)
769{ 769{
770 struct sched_param param = { .sched_priority = MAX_RT_PRIO-1 }; 770 struct sched_param param = { .sched_priority = MAX_RT_PRIO-1 };
771 struct workqueue_struct *wq = cwq->wq; 771 struct workqueue_struct *wq = cwq->wq;
772 const char *fmt = is_single_threaded(wq) ? "%s" : "%s/%d"; 772 const char *fmt = is_wq_single_threaded(wq) ? "%s" : "%s/%d";
773 struct task_struct *p; 773 struct task_struct *p;
774 774
775 p = kthread_create(worker_thread, cwq, fmt, wq->name, cpu); 775 p = kthread_create(worker_thread, cwq, fmt, wq->name, cpu);
diff --git a/lib/Makefile b/lib/Makefile
index 7cb65d85aeb0..80fe8a3ec12a 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -11,7 +11,7 @@ lib-y := ctype.o string.o vsprintf.o cmdline.o \
11 rbtree.o radix-tree.o dump_stack.o \ 11 rbtree.o radix-tree.o dump_stack.o \
12 idr.o int_sqrt.o extable.o prio_tree.o \ 12 idr.o int_sqrt.o extable.o prio_tree.o \
13 sha1.o irq_regs.o reciprocal_div.o argv_split.o \ 13 sha1.o irq_regs.o reciprocal_div.o argv_split.o \
14 proportions.o prio_heap.o ratelimit.o show_mem.o 14 proportions.o prio_heap.o ratelimit.o show_mem.o is_single_threaded.o
15 15
16lib-$(CONFIG_MMU) += ioremap.o 16lib-$(CONFIG_MMU) += ioremap.o
17lib-$(CONFIG_SMP) += cpumask.o 17lib-$(CONFIG_SMP) += cpumask.o
diff --git a/lib/is_single_threaded.c b/lib/is_single_threaded.c
new file mode 100644
index 000000000000..f1ed2fe76c65
--- /dev/null
+++ b/lib/is_single_threaded.c
@@ -0,0 +1,45 @@
1/* Function to determine if a thread group is single threaded or not
2 *
3 * Copyright (C) 2008 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 * - Derived from security/selinux/hooks.c
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public Licence
9 * as published by the Free Software Foundation; either version
10 * 2 of the Licence, or (at your option) any later version.
11 */
12
13#include <linux/sched.h>
14
15/**
16 * is_single_threaded - Determine if a thread group is single-threaded or not
17 * @p: A task in the thread group in question
18 *
19 * This returns true if the thread group to which a task belongs is single
20 * threaded, false if it is not.
21 */
22bool is_single_threaded(struct task_struct *p)
23{
24 struct task_struct *g, *t;
25 struct mm_struct *mm = p->mm;
26
27 if (atomic_read(&p->signal->count) != 1)
28 goto no;
29
30 if (atomic_read(&p->mm->mm_users) != 1) {
31 read_lock(&tasklist_lock);
32 do_each_thread(g, t) {
33 if (t->mm == mm && t != p)
34 goto no_unlock;
35 } while_each_thread(g, t);
36 read_unlock(&tasklist_lock);
37 }
38
39 return true;
40
41no_unlock:
42 read_unlock(&tasklist_lock);
43no:
44 return false;
45}
diff --git a/mm/mempolicy.c b/mm/mempolicy.c
index e9493b1c1117..e412ffa8e52e 100644
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -1114,6 +1114,7 @@ asmlinkage long sys_migrate_pages(pid_t pid, unsigned long maxnode,
1114 const unsigned long __user *old_nodes, 1114 const unsigned long __user *old_nodes,
1115 const unsigned long __user *new_nodes) 1115 const unsigned long __user *new_nodes)
1116{ 1116{
1117 const struct cred *cred = current_cred(), *tcred;
1117 struct mm_struct *mm; 1118 struct mm_struct *mm;
1118 struct task_struct *task; 1119 struct task_struct *task;
1119 nodemask_t old; 1120 nodemask_t old;
@@ -1148,12 +1149,16 @@ asmlinkage long sys_migrate_pages(pid_t pid, unsigned long maxnode,
1148 * capabilities, superuser privileges or the same 1149 * capabilities, superuser privileges or the same
1149 * userid as the target process. 1150 * userid as the target process.
1150 */ 1151 */
1151 if ((current->euid != task->suid) && (current->euid != task->uid) && 1152 rcu_read_lock();
1152 (current->uid != task->suid) && (current->uid != task->uid) && 1153 tcred = __task_cred(task);
1154 if (cred->euid != tcred->suid && cred->euid != tcred->uid &&
1155 cred->uid != tcred->suid && cred->uid != tcred->uid &&
1153 !capable(CAP_SYS_NICE)) { 1156 !capable(CAP_SYS_NICE)) {
1157 rcu_read_unlock();
1154 err = -EPERM; 1158 err = -EPERM;
1155 goto out; 1159 goto out;
1156 } 1160 }
1161 rcu_read_unlock();
1157 1162
1158 task_nodes = cpuset_mems_allowed(task); 1163 task_nodes = cpuset_mems_allowed(task);
1159 /* Is the user allowed to access the target nodes? */ 1164 /* Is the user allowed to access the target nodes? */
diff --git a/mm/migrate.c b/mm/migrate.c
index 385db89f0c33..9dd10da1cc23 100644
--- a/mm/migrate.c
+++ b/mm/migrate.c
@@ -1045,6 +1045,7 @@ asmlinkage long sys_move_pages(pid_t pid, unsigned long nr_pages,
1045 const int __user *nodes, 1045 const int __user *nodes,
1046 int __user *status, int flags) 1046 int __user *status, int flags)
1047{ 1047{
1048 const struct cred *cred = current_cred(), *tcred;
1048 struct task_struct *task; 1049 struct task_struct *task;
1049 struct mm_struct *mm; 1050 struct mm_struct *mm;
1050 int err; 1051 int err;
@@ -1075,12 +1076,16 @@ asmlinkage long sys_move_pages(pid_t pid, unsigned long nr_pages,
1075 * capabilities, superuser privileges or the same 1076 * capabilities, superuser privileges or the same
1076 * userid as the target process. 1077 * userid as the target process.
1077 */ 1078 */
1078 if ((current->euid != task->suid) && (current->euid != task->uid) && 1079 rcu_read_lock();
1079 (current->uid != task->suid) && (current->uid != task->uid) && 1080 tcred = __task_cred(task);
1081 if (cred->euid != tcred->suid && cred->euid != tcred->uid &&
1082 cred->uid != tcred->suid && cred->uid != tcred->uid &&
1080 !capable(CAP_SYS_NICE)) { 1083 !capable(CAP_SYS_NICE)) {
1084 rcu_read_unlock();
1081 err = -EPERM; 1085 err = -EPERM;
1082 goto out; 1086 goto out;
1083 } 1087 }
1088 rcu_read_unlock();
1084 1089
1085 err = security_task_movememory(task); 1090 err = security_task_movememory(task);
1086 if (err) 1091 if (err)
diff --git a/mm/oom_kill.c b/mm/oom_kill.c
index a0a01902f551..558f9afe6e4e 100644
--- a/mm/oom_kill.c
+++ b/mm/oom_kill.c
@@ -128,8 +128,8 @@ unsigned long badness(struct task_struct *p, unsigned long uptime)
128 * Superuser processes are usually more important, so we make it 128 * Superuser processes are usually more important, so we make it
129 * less likely that we kill those. 129 * less likely that we kill those.
130 */ 130 */
131 if (has_capability(p, CAP_SYS_ADMIN) || 131 if (has_capability_noaudit(p, CAP_SYS_ADMIN) ||
132 has_capability(p, CAP_SYS_RESOURCE)) 132 has_capability_noaudit(p, CAP_SYS_RESOURCE))
133 points /= 4; 133 points /= 4;
134 134
135 /* 135 /*
@@ -138,7 +138,7 @@ unsigned long badness(struct task_struct *p, unsigned long uptime)
138 * tend to only have this flag set on applications they think 138 * tend to only have this flag set on applications they think
139 * of as important. 139 * of as important.
140 */ 140 */
141 if (has_capability(p, CAP_SYS_RAWIO)) 141 if (has_capability_noaudit(p, CAP_SYS_RAWIO))
142 points /= 4; 142 points /= 4;
143 143
144 /* 144 /*
@@ -299,9 +299,9 @@ static void dump_tasks(const struct mem_cgroup *mem)
299 299
300 task_lock(p); 300 task_lock(p);
301 printk(KERN_INFO "[%5d] %5d %5d %8lu %8lu %3d %3d %s\n", 301 printk(KERN_INFO "[%5d] %5d %5d %8lu %8lu %3d %3d %s\n",
302 p->pid, p->uid, p->tgid, p->mm->total_vm, 302 p->pid, __task_cred(p)->uid, p->tgid,
303 get_mm_rss(p->mm), (int)task_cpu(p), p->oomkilladj, 303 p->mm->total_vm, get_mm_rss(p->mm), (int)task_cpu(p),
304 p->comm); 304 p->oomkilladj, p->comm);
305 task_unlock(p); 305 task_unlock(p);
306 } while_each_thread(g, p); 306 } while_each_thread(g, p);
307} 307}
diff --git a/mm/shmem.c b/mm/shmem.c
index 0ed075215e5f..f1b0d4871f3a 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -1513,8 +1513,8 @@ shmem_get_inode(struct super_block *sb, int mode, dev_t dev)
1513 inode = new_inode(sb); 1513 inode = new_inode(sb);
1514 if (inode) { 1514 if (inode) {
1515 inode->i_mode = mode; 1515 inode->i_mode = mode;
1516 inode->i_uid = current->fsuid; 1516 inode->i_uid = current_fsuid();
1517 inode->i_gid = current->fsgid; 1517 inode->i_gid = current_fsgid();
1518 inode->i_blocks = 0; 1518 inode->i_blocks = 0;
1519 inode->i_mapping->backing_dev_info = &shmem_backing_dev_info; 1519 inode->i_mapping->backing_dev_info = &shmem_backing_dev_info;
1520 inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; 1520 inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME;
@@ -2278,8 +2278,8 @@ static int shmem_fill_super(struct super_block *sb,
2278 sbinfo->max_blocks = 0; 2278 sbinfo->max_blocks = 0;
2279 sbinfo->max_inodes = 0; 2279 sbinfo->max_inodes = 0;
2280 sbinfo->mode = S_IRWXUGO | S_ISVTX; 2280 sbinfo->mode = S_IRWXUGO | S_ISVTX;
2281 sbinfo->uid = current->fsuid; 2281 sbinfo->uid = current_fsuid();
2282 sbinfo->gid = current->fsgid; 2282 sbinfo->gid = current_fsgid();
2283 sbinfo->mpol = NULL; 2283 sbinfo->mpol = NULL;
2284 sb->s_fs_info = sbinfo; 2284 sb->s_fs_info = sbinfo;
2285 2285
diff --git a/net/9p/client.c b/net/9p/client.c
index 4b529454616d..821f1ec0b2c3 100644
--- a/net/9p/client.c
+++ b/net/9p/client.c
@@ -627,7 +627,7 @@ static struct p9_fid *p9_fid_create(struct p9_client *clnt)
627 memset(&fid->qid, 0, sizeof(struct p9_qid)); 627 memset(&fid->qid, 0, sizeof(struct p9_qid));
628 fid->mode = -1; 628 fid->mode = -1;
629 fid->rdir_fpos = 0; 629 fid->rdir_fpos = 0;
630 fid->uid = current->fsuid; 630 fid->uid = current_fsuid();
631 fid->clnt = clnt; 631 fid->clnt = clnt;
632 fid->aux = NULL; 632 fid->aux = NULL;
633 633
diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c
index 28c71574a781..00d9e5e13158 100644
--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c
@@ -1045,7 +1045,7 @@ static int ax25_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
1045 if (addr->fsa_ax25.sax25_family != AF_AX25) 1045 if (addr->fsa_ax25.sax25_family != AF_AX25)
1046 return -EINVAL; 1046 return -EINVAL;
1047 1047
1048 user = ax25_findbyuid(current->euid); 1048 user = ax25_findbyuid(current_euid());
1049 if (user) { 1049 if (user) {
1050 call = user->call; 1050 call = user->call;
1051 ax25_uid_put(user); 1051 ax25_uid_put(user);
diff --git a/net/ax25/ax25_route.c b/net/ax25/ax25_route.c
index 8672cd84fdf9..c833ba4c45a5 100644
--- a/net/ax25/ax25_route.c
+++ b/net/ax25/ax25_route.c
@@ -421,7 +421,7 @@ int ax25_rt_autobind(ax25_cb *ax25, ax25_address *addr)
421 goto put; 421 goto put;
422 } 422 }
423 423
424 user = ax25_findbyuid(current->euid); 424 user = ax25_findbyuid(current_euid());
425 if (user) { 425 if (user) {
426 ax25->source_addr = user->call; 426 ax25->source_addr = user->call;
427 ax25_uid_put(user); 427 ax25_uid_put(user);
diff --git a/net/core/dev.c b/net/core/dev.c
index 9174c77d3112..89912ae6de65 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -2961,6 +2961,8 @@ static void dev_change_rx_flags(struct net_device *dev, int flags)
2961static int __dev_set_promiscuity(struct net_device *dev, int inc) 2961static int __dev_set_promiscuity(struct net_device *dev, int inc)
2962{ 2962{
2963 unsigned short old_flags = dev->flags; 2963 unsigned short old_flags = dev->flags;
2964 uid_t uid;
2965 gid_t gid;
2964 2966
2965 ASSERT_RTNL(); 2967 ASSERT_RTNL();
2966 2968
@@ -2985,15 +2987,17 @@ static int __dev_set_promiscuity(struct net_device *dev, int inc)
2985 printk(KERN_INFO "device %s %s promiscuous mode\n", 2987 printk(KERN_INFO "device %s %s promiscuous mode\n",
2986 dev->name, (dev->flags & IFF_PROMISC) ? "entered" : 2988 dev->name, (dev->flags & IFF_PROMISC) ? "entered" :
2987 "left"); 2989 "left");
2988 if (audit_enabled) 2990 if (audit_enabled) {
2991 current_uid_gid(&uid, &gid);
2989 audit_log(current->audit_context, GFP_ATOMIC, 2992 audit_log(current->audit_context, GFP_ATOMIC,
2990 AUDIT_ANOM_PROMISCUOUS, 2993 AUDIT_ANOM_PROMISCUOUS,
2991 "dev=%s prom=%d old_prom=%d auid=%u uid=%u gid=%u ses=%u", 2994 "dev=%s prom=%d old_prom=%d auid=%u uid=%u gid=%u ses=%u",
2992 dev->name, (dev->flags & IFF_PROMISC), 2995 dev->name, (dev->flags & IFF_PROMISC),
2993 (old_flags & IFF_PROMISC), 2996 (old_flags & IFF_PROMISC),
2994 audit_get_loginuid(current), 2997 audit_get_loginuid(current),
2995 current->uid, current->gid, 2998 uid, gid,
2996 audit_get_sessionid(current)); 2999 audit_get_sessionid(current));
3000 }
2997 3001
2998 dev_change_rx_flags(dev, IFF_PROMISC); 3002 dev_change_rx_flags(dev, IFF_PROMISC);
2999 } 3003 }
diff --git a/net/core/scm.c b/net/core/scm.c
index b12303dd39d9..b7ba91b074b3 100644
--- a/net/core/scm.c
+++ b/net/core/scm.c
@@ -44,11 +44,13 @@
44 44
45static __inline__ int scm_check_creds(struct ucred *creds) 45static __inline__ int scm_check_creds(struct ucred *creds)
46{ 46{
47 const struct cred *cred = current_cred();
48
47 if ((creds->pid == task_tgid_vnr(current) || capable(CAP_SYS_ADMIN)) && 49 if ((creds->pid == task_tgid_vnr(current) || capable(CAP_SYS_ADMIN)) &&
48 ((creds->uid == current->uid || creds->uid == current->euid || 50 ((creds->uid == cred->uid || creds->uid == cred->euid ||
49 creds->uid == current->suid) || capable(CAP_SETUID)) && 51 creds->uid == cred->suid) || capable(CAP_SETUID)) &&
50 ((creds->gid == current->gid || creds->gid == current->egid || 52 ((creds->gid == cred->gid || creds->gid == cred->egid ||
51 creds->gid == current->sgid) || capable(CAP_SETGID))) { 53 creds->gid == cred->sgid) || capable(CAP_SETGID))) {
52 return 0; 54 return 0;
53 } 55 }
54 return -EPERM; 56 return -EPERM;
diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c
index fc6ce04a3e35..7b5dbe118c09 100644
--- a/net/ipv4/netfilter/ipt_LOG.c
+++ b/net/ipv4/netfilter/ipt_LOG.c
@@ -340,8 +340,8 @@ static void dump_packet(const struct nf_loginfo *info,
340 read_lock_bh(&skb->sk->sk_callback_lock); 340 read_lock_bh(&skb->sk->sk_callback_lock);
341 if (skb->sk->sk_socket && skb->sk->sk_socket->file) 341 if (skb->sk->sk_socket && skb->sk->sk_socket->file)
342 printk("UID=%u GID=%u ", 342 printk("UID=%u GID=%u ",
343 skb->sk->sk_socket->file->f_uid, 343 skb->sk->sk_socket->file->f_cred->fsuid,
344 skb->sk->sk_socket->file->f_gid); 344 skb->sk->sk_socket->file->f_cred->fsgid);
345 read_unlock_bh(&skb->sk->sk_callback_lock); 345 read_unlock_bh(&skb->sk->sk_callback_lock);
346 } 346 }
347 347
diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c
index 37a4e777e347..bd3c7b96bbaa 100644
--- a/net/ipv6/ip6_flowlabel.c
+++ b/net/ipv6/ip6_flowlabel.c
@@ -388,7 +388,7 @@ fl_create(struct net *net, struct in6_flowlabel_req *freq, char __user *optval,
388 fl->owner = current->pid; 388 fl->owner = current->pid;
389 break; 389 break;
390 case IPV6_FL_S_USER: 390 case IPV6_FL_S_USER:
391 fl->owner = current->euid; 391 fl->owner = current_euid();
392 break; 392 break;
393 default: 393 default:
394 err = -EINVAL; 394 err = -EINVAL;
diff --git a/net/ipv6/netfilter/ip6t_LOG.c b/net/ipv6/netfilter/ip6t_LOG.c
index caa441d09567..871d157cec4e 100644
--- a/net/ipv6/netfilter/ip6t_LOG.c
+++ b/net/ipv6/netfilter/ip6t_LOG.c
@@ -364,8 +364,8 @@ static void dump_packet(const struct nf_loginfo *info,
364 read_lock_bh(&skb->sk->sk_callback_lock); 364 read_lock_bh(&skb->sk->sk_callback_lock);
365 if (skb->sk->sk_socket && skb->sk->sk_socket->file) 365 if (skb->sk->sk_socket && skb->sk->sk_socket->file)
366 printk("UID=%u GID=%u ", 366 printk("UID=%u GID=%u ",
367 skb->sk->sk_socket->file->f_uid, 367 skb->sk->sk_socket->file->f_cred->fsuid,
368 skb->sk->sk_socket->file->f_gid); 368 skb->sk->sk_socket->file->f_cred->fsgid);
369 read_unlock_bh(&skb->sk->sk_callback_lock); 369 read_unlock_bh(&skb->sk->sk_callback_lock);
370 } 370 }
371 371
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index 41e0105d3828..38f9efd90e8d 100644
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -474,8 +474,9 @@ __build_packet_message(struct nfulnl_instance *inst,
474 if (skb->sk) { 474 if (skb->sk) {
475 read_lock_bh(&skb->sk->sk_callback_lock); 475 read_lock_bh(&skb->sk->sk_callback_lock);
476 if (skb->sk->sk_socket && skb->sk->sk_socket->file) { 476 if (skb->sk->sk_socket && skb->sk->sk_socket->file) {
477 __be32 uid = htonl(skb->sk->sk_socket->file->f_uid); 477 struct file *file = skb->sk->sk_socket->file;
478 __be32 gid = htonl(skb->sk->sk_socket->file->f_gid); 478 __be32 uid = htonl(file->f_cred->fsuid);
479 __be32 gid = htonl(file->f_cred->fsgid);
479 /* need to unlock here since NLA_PUT may goto */ 480 /* need to unlock here since NLA_PUT may goto */
480 read_unlock_bh(&skb->sk->sk_callback_lock); 481 read_unlock_bh(&skb->sk->sk_callback_lock);
481 NLA_PUT_BE32(inst->skb, NFULA_UID, uid); 482 NLA_PUT_BE32(inst->skb, NFULA_UID, uid);
diff --git a/net/netfilter/xt_owner.c b/net/netfilter/xt_owner.c
index f19ebd9b78f5..22b2a5e881ea 100644
--- a/net/netfilter/xt_owner.c
+++ b/net/netfilter/xt_owner.c
@@ -34,12 +34,12 @@ owner_mt_v0(const struct sk_buff *skb, const struct xt_match_param *par)
34 return false; 34 return false;
35 35
36 if (info->match & IPT_OWNER_UID) 36 if (info->match & IPT_OWNER_UID)
37 if ((filp->f_uid != info->uid) ^ 37 if ((filp->f_cred->fsuid != info->uid) ^
38 !!(info->invert & IPT_OWNER_UID)) 38 !!(info->invert & IPT_OWNER_UID))
39 return false; 39 return false;
40 40
41 if (info->match & IPT_OWNER_GID) 41 if (info->match & IPT_OWNER_GID)
42 if ((filp->f_gid != info->gid) ^ 42 if ((filp->f_cred->fsgid != info->gid) ^
43 !!(info->invert & IPT_OWNER_GID)) 43 !!(info->invert & IPT_OWNER_GID))
44 return false; 44 return false;
45 45
@@ -60,12 +60,12 @@ owner_mt6_v0(const struct sk_buff *skb, const struct xt_match_param *par)
60 return false; 60 return false;
61 61
62 if (info->match & IP6T_OWNER_UID) 62 if (info->match & IP6T_OWNER_UID)
63 if ((filp->f_uid != info->uid) ^ 63 if ((filp->f_cred->fsuid != info->uid) ^
64 !!(info->invert & IP6T_OWNER_UID)) 64 !!(info->invert & IP6T_OWNER_UID))
65 return false; 65 return false;
66 66
67 if (info->match & IP6T_OWNER_GID) 67 if (info->match & IP6T_OWNER_GID)
68 if ((filp->f_gid != info->gid) ^ 68 if ((filp->f_cred->fsgid != info->gid) ^
69 !!(info->invert & IP6T_OWNER_GID)) 69 !!(info->invert & IP6T_OWNER_GID))
70 return false; 70 return false;
71 71
@@ -93,14 +93,14 @@ owner_mt(const struct sk_buff *skb, const struct xt_match_param *par)
93 (XT_OWNER_UID | XT_OWNER_GID)) == 0; 93 (XT_OWNER_UID | XT_OWNER_GID)) == 0;
94 94
95 if (info->match & XT_OWNER_UID) 95 if (info->match & XT_OWNER_UID)
96 if ((filp->f_uid >= info->uid_min && 96 if ((filp->f_cred->fsuid >= info->uid_min &&
97 filp->f_uid <= info->uid_max) ^ 97 filp->f_cred->fsuid <= info->uid_max) ^
98 !(info->invert & XT_OWNER_UID)) 98 !(info->invert & XT_OWNER_UID))
99 return false; 99 return false;
100 100
101 if (info->match & XT_OWNER_GID) 101 if (info->match & XT_OWNER_GID)
102 if ((filp->f_gid >= info->gid_min && 102 if ((filp->f_cred->fsgid >= info->gid_min &&
103 filp->f_gid <= info->gid_max) ^ 103 filp->f_cred->fsgid <= info->gid_max) ^
104 !(info->invert & XT_OWNER_GID)) 104 !(info->invert & XT_OWNER_GID))
105 return false; 105 return false;
106 106
diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
index 9f1ea4a27b35..e9c05b8f4f45 100644
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
@@ -609,7 +609,7 @@ static int nr_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
609 } else { 609 } else {
610 source = &addr->fsa_ax25.sax25_call; 610 source = &addr->fsa_ax25.sax25_call;
611 611
612 user = ax25_findbyuid(current->euid); 612 user = ax25_findbyuid(current_euid());
613 if (user) { 613 if (user) {
614 nr->user_addr = user->call; 614 nr->user_addr = user->call;
615 ax25_uid_put(user); 615 ax25_uid_put(user);
@@ -683,7 +683,7 @@ static int nr_connect(struct socket *sock, struct sockaddr *uaddr,
683 } 683 }
684 source = (ax25_address *)dev->dev_addr; 684 source = (ax25_address *)dev->dev_addr;
685 685
686 user = ax25_findbyuid(current->euid); 686 user = ax25_findbyuid(current_euid());
687 if (user) { 687 if (user) {
688 nr->user_addr = user->call; 688 nr->user_addr = user->call;
689 ax25_uid_put(user); 689 ax25_uid_put(user);
diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
index a7f1ce11bc22..d902e2da2782 100644
--- a/net/rose/af_rose.c
+++ b/net/rose/af_rose.c
@@ -690,7 +690,7 @@ static int rose_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
690 690
691 source = &addr->srose_call; 691 source = &addr->srose_call;
692 692
693 user = ax25_findbyuid(current->euid); 693 user = ax25_findbyuid(current_euid());
694 if (user) { 694 if (user) {
695 rose->source_call = user->call; 695 rose->source_call = user->call;
696 ax25_uid_put(user); 696 ax25_uid_put(user);
@@ -791,7 +791,7 @@ static int rose_connect(struct socket *sock, struct sockaddr *uaddr, int addr_le
791 goto out_release; 791 goto out_release;
792 } 792 }
793 793
794 user = ax25_findbyuid(current->euid); 794 user = ax25_findbyuid(current_euid());
795 if (!user) { 795 if (!user) {
796 err = -EINVAL; 796 err = -EINVAL;
797 goto out_release; 797 goto out_release;
diff --git a/net/rxrpc/ar-key.c b/net/rxrpc/ar-key.c
index 9a8ff684da79..ad8c7a782da1 100644
--- a/net/rxrpc/ar-key.c
+++ b/net/rxrpc/ar-key.c
@@ -287,6 +287,7 @@ int rxrpc_get_server_data_key(struct rxrpc_connection *conn,
287 time_t expiry, 287 time_t expiry,
288 u32 kvno) 288 u32 kvno)
289{ 289{
290 const struct cred *cred = current_cred();
290 struct key *key; 291 struct key *key;
291 int ret; 292 int ret;
292 293
@@ -297,7 +298,7 @@ int rxrpc_get_server_data_key(struct rxrpc_connection *conn,
297 298
298 _enter(""); 299 _enter("");
299 300
300 key = key_alloc(&key_type_rxrpc, "x", 0, 0, current, 0, 301 key = key_alloc(&key_type_rxrpc, "x", 0, 0, cred, 0,
301 KEY_ALLOC_NOT_IN_QUOTA); 302 KEY_ALLOC_NOT_IN_QUOTA);
302 if (IS_ERR(key)) { 303 if (IS_ERR(key)) {
303 _leave(" = -ENOMEM [alloc %ld]", PTR_ERR(key)); 304 _leave(" = -ENOMEM [alloc %ld]", PTR_ERR(key));
@@ -340,10 +341,11 @@ EXPORT_SYMBOL(rxrpc_get_server_data_key);
340 */ 341 */
341struct key *rxrpc_get_null_key(const char *keyname) 342struct key *rxrpc_get_null_key(const char *keyname)
342{ 343{
344 const struct cred *cred = current_cred();
343 struct key *key; 345 struct key *key;
344 int ret; 346 int ret;
345 347
346 key = key_alloc(&key_type_rxrpc, keyname, 0, 0, current, 348 key = key_alloc(&key_type_rxrpc, keyname, 0, 0, cred,
347 KEY_POS_SEARCH, KEY_ALLOC_NOT_IN_QUOTA); 349 KEY_POS_SEARCH, KEY_ALLOC_NOT_IN_QUOTA);
348 if (IS_ERR(key)) 350 if (IS_ERR(key))
349 return key; 351 return key;
diff --git a/net/sched/cls_flow.c b/net/sched/cls_flow.c
index 0ebaff637e31..0ef4e3065bcd 100644
--- a/net/sched/cls_flow.c
+++ b/net/sched/cls_flow.c
@@ -260,14 +260,14 @@ static u32 flow_get_rtclassid(const struct sk_buff *skb)
260static u32 flow_get_skuid(const struct sk_buff *skb) 260static u32 flow_get_skuid(const struct sk_buff *skb)
261{ 261{
262 if (skb->sk && skb->sk->sk_socket && skb->sk->sk_socket->file) 262 if (skb->sk && skb->sk->sk_socket && skb->sk->sk_socket->file)
263 return skb->sk->sk_socket->file->f_uid; 263 return skb->sk->sk_socket->file->f_cred->fsuid;
264 return 0; 264 return 0;
265} 265}
266 266
267static u32 flow_get_skgid(const struct sk_buff *skb) 267static u32 flow_get_skgid(const struct sk_buff *skb)
268{ 268{
269 if (skb->sk && skb->sk->sk_socket && skb->sk->sk_socket->file) 269 if (skb->sk && skb->sk->sk_socket && skb->sk->sk_socket->file)
270 return skb->sk->sk_socket->file->f_gid; 270 return skb->sk->sk_socket->file->f_cred->fsgid;
271 return 0; 271 return 0;
272} 272}
273 273
diff --git a/net/socket.c b/net/socket.c
index 57550c3bcabe..62c7729527ff 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -491,8 +491,8 @@ static struct socket *sock_alloc(void)
491 sock = SOCKET_I(inode); 491 sock = SOCKET_I(inode);
492 492
493 inode->i_mode = S_IFSOCK | S_IRWXUGO; 493 inode->i_mode = S_IFSOCK | S_IRWXUGO;
494 inode->i_uid = current->fsuid; 494 inode->i_uid = current_fsuid();
495 inode->i_gid = current->fsgid; 495 inode->i_gid = current_fsgid();
496 496
497 get_cpu_var(sockets_in_use)++; 497 get_cpu_var(sockets_in_use)++;
498 put_cpu_var(sockets_in_use); 498 put_cpu_var(sockets_in_use);
diff --git a/net/sunrpc/auth.c b/net/sunrpc/auth.c
index cb216b2df666..0443f8349458 100644
--- a/net/sunrpc/auth.c
+++ b/net/sunrpc/auth.c
@@ -350,16 +350,18 @@ EXPORT_SYMBOL_GPL(rpcauth_lookup_credcache);
350struct rpc_cred * 350struct rpc_cred *
351rpcauth_lookupcred(struct rpc_auth *auth, int flags) 351rpcauth_lookupcred(struct rpc_auth *auth, int flags)
352{ 352{
353 struct auth_cred acred = { 353 struct auth_cred acred;
354 .uid = current->fsuid,
355 .gid = current->fsgid,
356 .group_info = current->group_info,
357 };
358 struct rpc_cred *ret; 354 struct rpc_cred *ret;
355 const struct cred *cred = current_cred();
359 356
360 dprintk("RPC: looking up %s cred\n", 357 dprintk("RPC: looking up %s cred\n",
361 auth->au_ops->au_name); 358 auth->au_ops->au_name);
362 get_group_info(acred.group_info); 359
360 memset(&acred, 0, sizeof(acred));
361 acred.uid = cred->fsuid;
362 acred.gid = cred->fsgid;
363 acred.group_info = get_group_info(((struct cred *)cred)->group_info);
364
363 ret = auth->au_ops->lookup_cred(auth, &acred, flags); 365 ret = auth->au_ops->lookup_cred(auth, &acred, flags);
364 put_group_info(acred.group_info); 366 put_group_info(acred.group_info);
365 return ret; 367 return ret;
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index eb90f77bb0e2..2775acbca199 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -467,8 +467,7 @@ static int unix_listen(struct socket *sock, int backlog)
467 sk->sk_state = TCP_LISTEN; 467 sk->sk_state = TCP_LISTEN;
468 /* set credentials so connect can copy them */ 468 /* set credentials so connect can copy them */
469 sk->sk_peercred.pid = task_tgid_vnr(current); 469 sk->sk_peercred.pid = task_tgid_vnr(current);
470 sk->sk_peercred.uid = current->euid; 470 current_euid_egid(&sk->sk_peercred.uid, &sk->sk_peercred.gid);
471 sk->sk_peercred.gid = current->egid;
472 err = 0; 471 err = 0;
473 472
474out_unlock: 473out_unlock:
@@ -1126,8 +1125,7 @@ restart:
1126 newsk->sk_state = TCP_ESTABLISHED; 1125 newsk->sk_state = TCP_ESTABLISHED;
1127 newsk->sk_type = sk->sk_type; 1126 newsk->sk_type = sk->sk_type;
1128 newsk->sk_peercred.pid = task_tgid_vnr(current); 1127 newsk->sk_peercred.pid = task_tgid_vnr(current);
1129 newsk->sk_peercred.uid = current->euid; 1128 current_euid_egid(&newsk->sk_peercred.uid, &newsk->sk_peercred.gid);
1130 newsk->sk_peercred.gid = current->egid;
1131 newu = unix_sk(newsk); 1129 newu = unix_sk(newsk);
1132 newsk->sk_sleep = &newu->peer_wait; 1130 newsk->sk_sleep = &newu->peer_wait;
1133 otheru = unix_sk(other); 1131 otheru = unix_sk(other);
@@ -1187,8 +1185,9 @@ static int unix_socketpair(struct socket *socka, struct socket *sockb)
1187 unix_peer(ska)=skb; 1185 unix_peer(ska)=skb;
1188 unix_peer(skb)=ska; 1186 unix_peer(skb)=ska;
1189 ska->sk_peercred.pid = skb->sk_peercred.pid = task_tgid_vnr(current); 1187 ska->sk_peercred.pid = skb->sk_peercred.pid = task_tgid_vnr(current);
1190 ska->sk_peercred.uid = skb->sk_peercred.uid = current->euid; 1188 current_euid_egid(&skb->sk_peercred.uid, &skb->sk_peercred.gid);
1191 ska->sk_peercred.gid = skb->sk_peercred.gid = current->egid; 1189 ska->sk_peercred.uid = skb->sk_peercred.uid;
1190 ska->sk_peercred.gid = skb->sk_peercred.gid;
1192 1191
1193 if (ska->sk_type != SOCK_DGRAM) { 1192 if (ska->sk_type != SOCK_DGRAM) {
1194 ska->sk_state = TCP_ESTABLISHED; 1193 ska->sk_state = TCP_ESTABLISHED;
diff --git a/security/capability.c b/security/capability.c
index 245874819036..b9e391425e6f 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -32,24 +32,19 @@ static int cap_quota_on(struct dentry *dentry)
32 return 0; 32 return 0;
33} 33}
34 34
35static int cap_bprm_alloc_security(struct linux_binprm *bprm) 35static int cap_bprm_check_security (struct linux_binprm *bprm)
36{ 36{
37 return 0; 37 return 0;
38} 38}
39 39
40static void cap_bprm_free_security(struct linux_binprm *bprm) 40static void cap_bprm_committing_creds(struct linux_binprm *bprm)
41{ 41{
42} 42}
43 43
44static void cap_bprm_post_apply_creds(struct linux_binprm *bprm) 44static void cap_bprm_committed_creds(struct linux_binprm *bprm)
45{ 45{
46} 46}
47 47
48static int cap_bprm_check_security(struct linux_binprm *bprm)
49{
50 return 0;
51}
52
53static int cap_sb_alloc_security(struct super_block *sb) 48static int cap_sb_alloc_security(struct super_block *sb)
54{ 49{
55 return 0; 50 return 0;
@@ -330,7 +325,7 @@ static int cap_file_receive(struct file *file)
330 return 0; 325 return 0;
331} 326}
332 327
333static int cap_dentry_open(struct file *file) 328static int cap_dentry_open(struct file *file, const struct cred *cred)
334{ 329{
335 return 0; 330 return 0;
336} 331}
@@ -340,15 +335,29 @@ static int cap_task_create(unsigned long clone_flags)
340 return 0; 335 return 0;
341} 336}
342 337
343static int cap_task_alloc_security(struct task_struct *p) 338static void cap_cred_free(struct cred *cred)
339{
340}
341
342static int cap_cred_prepare(struct cred *new, const struct cred *old, gfp_t gfp)
344{ 343{
345 return 0; 344 return 0;
346} 345}
347 346
348static void cap_task_free_security(struct task_struct *p) 347static void cap_cred_commit(struct cred *new, const struct cred *old)
349{ 348{
350} 349}
351 350
351static int cap_kernel_act_as(struct cred *new, u32 secid)
352{
353 return 0;
354}
355
356static int cap_kernel_create_files_as(struct cred *new, struct inode *inode)
357{
358 return 0;
359}
360
352static int cap_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) 361static int cap_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
353{ 362{
354 return 0; 363 return 0;
@@ -750,7 +759,7 @@ static void cap_release_secctx(char *secdata, u32 seclen)
750} 759}
751 760
752#ifdef CONFIG_KEYS 761#ifdef CONFIG_KEYS
753static int cap_key_alloc(struct key *key, struct task_struct *ctx, 762static int cap_key_alloc(struct key *key, const struct cred *cred,
754 unsigned long flags) 763 unsigned long flags)
755{ 764{
756 return 0; 765 return 0;
@@ -760,7 +769,7 @@ static void cap_key_free(struct key *key)
760{ 769{
761} 770}
762 771
763static int cap_key_permission(key_ref_t key_ref, struct task_struct *context, 772static int cap_key_permission(key_ref_t key_ref, const struct cred *cred,
764 key_perm_t perm) 773 key_perm_t perm)
765{ 774{
766 return 0; 775 return 0;
@@ -814,8 +823,7 @@ void security_fixup_ops(struct security_operations *ops)
814 set_to_cap_if_null(ops, ptrace_may_access); 823 set_to_cap_if_null(ops, ptrace_may_access);
815 set_to_cap_if_null(ops, ptrace_traceme); 824 set_to_cap_if_null(ops, ptrace_traceme);
816 set_to_cap_if_null(ops, capget); 825 set_to_cap_if_null(ops, capget);
817 set_to_cap_if_null(ops, capset_check); 826 set_to_cap_if_null(ops, capset);
818 set_to_cap_if_null(ops, capset_set);
819 set_to_cap_if_null(ops, acct); 827 set_to_cap_if_null(ops, acct);
820 set_to_cap_if_null(ops, capable); 828 set_to_cap_if_null(ops, capable);
821 set_to_cap_if_null(ops, quotactl); 829 set_to_cap_if_null(ops, quotactl);
@@ -824,11 +832,9 @@ void security_fixup_ops(struct security_operations *ops)
824 set_to_cap_if_null(ops, syslog); 832 set_to_cap_if_null(ops, syslog);
825 set_to_cap_if_null(ops, settime); 833 set_to_cap_if_null(ops, settime);
826 set_to_cap_if_null(ops, vm_enough_memory); 834 set_to_cap_if_null(ops, vm_enough_memory);
827 set_to_cap_if_null(ops, bprm_alloc_security); 835 set_to_cap_if_null(ops, bprm_set_creds);
828 set_to_cap_if_null(ops, bprm_free_security); 836 set_to_cap_if_null(ops, bprm_committing_creds);
829 set_to_cap_if_null(ops, bprm_apply_creds); 837 set_to_cap_if_null(ops, bprm_committed_creds);
830 set_to_cap_if_null(ops, bprm_post_apply_creds);
831 set_to_cap_if_null(ops, bprm_set_security);
832 set_to_cap_if_null(ops, bprm_check_security); 838 set_to_cap_if_null(ops, bprm_check_security);
833 set_to_cap_if_null(ops, bprm_secureexec); 839 set_to_cap_if_null(ops, bprm_secureexec);
834 set_to_cap_if_null(ops, sb_alloc_security); 840 set_to_cap_if_null(ops, sb_alloc_security);
@@ -890,10 +896,13 @@ void security_fixup_ops(struct security_operations *ops)
890 set_to_cap_if_null(ops, file_receive); 896 set_to_cap_if_null(ops, file_receive);
891 set_to_cap_if_null(ops, dentry_open); 897 set_to_cap_if_null(ops, dentry_open);
892 set_to_cap_if_null(ops, task_create); 898 set_to_cap_if_null(ops, task_create);
893 set_to_cap_if_null(ops, task_alloc_security); 899 set_to_cap_if_null(ops, cred_free);
894 set_to_cap_if_null(ops, task_free_security); 900 set_to_cap_if_null(ops, cred_prepare);
901 set_to_cap_if_null(ops, cred_commit);
902 set_to_cap_if_null(ops, kernel_act_as);
903 set_to_cap_if_null(ops, kernel_create_files_as);
895 set_to_cap_if_null(ops, task_setuid); 904 set_to_cap_if_null(ops, task_setuid);
896 set_to_cap_if_null(ops, task_post_setuid); 905 set_to_cap_if_null(ops, task_fix_setuid);
897 set_to_cap_if_null(ops, task_setgid); 906 set_to_cap_if_null(ops, task_setgid);
898 set_to_cap_if_null(ops, task_setpgid); 907 set_to_cap_if_null(ops, task_setpgid);
899 set_to_cap_if_null(ops, task_getpgid); 908 set_to_cap_if_null(ops, task_getpgid);
@@ -910,7 +919,6 @@ void security_fixup_ops(struct security_operations *ops)
910 set_to_cap_if_null(ops, task_wait); 919 set_to_cap_if_null(ops, task_wait);
911 set_to_cap_if_null(ops, task_kill); 920 set_to_cap_if_null(ops, task_kill);
912 set_to_cap_if_null(ops, task_prctl); 921 set_to_cap_if_null(ops, task_prctl);
913 set_to_cap_if_null(ops, task_reparent_to_init);
914 set_to_cap_if_null(ops, task_to_inode); 922 set_to_cap_if_null(ops, task_to_inode);
915 set_to_cap_if_null(ops, ipc_permission); 923 set_to_cap_if_null(ops, ipc_permission);
916 set_to_cap_if_null(ops, ipc_getsecid); 924 set_to_cap_if_null(ops, ipc_getsecid);
diff --git a/security/commoncap.c b/security/commoncap.c
index 3976613db829..79713545cd63 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -8,6 +8,7 @@
8 */ 8 */
9 9
10#include <linux/capability.h> 10#include <linux/capability.h>
11#include <linux/audit.h>
11#include <linux/module.h> 12#include <linux/module.h>
12#include <linux/init.h> 13#include <linux/init.h>
13#include <linux/kernel.h> 14#include <linux/kernel.h>
@@ -29,7 +30,7 @@
29 30
30int cap_netlink_send(struct sock *sk, struct sk_buff *skb) 31int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
31{ 32{
32 NETLINK_CB(skb).eff_cap = current->cap_effective; 33 NETLINK_CB(skb).eff_cap = current_cap();
33 return 0; 34 return 0;
34} 35}
35 36
@@ -39,23 +40,41 @@ int cap_netlink_recv(struct sk_buff *skb, int cap)
39 return -EPERM; 40 return -EPERM;
40 return 0; 41 return 0;
41} 42}
42
43EXPORT_SYMBOL(cap_netlink_recv); 43EXPORT_SYMBOL(cap_netlink_recv);
44 44
45/* 45/**
46 * cap_capable - Determine whether a task has a particular effective capability
47 * @tsk: The task to query
48 * @cap: The capability to check for
49 * @audit: Whether to write an audit message or not
50 *
51 * Determine whether the nominated task has the specified capability amongst
52 * its effective set, returning 0 if it does, -ve if it does not.
53 *
46 * NOTE WELL: cap_capable() cannot be used like the kernel's capable() 54 * NOTE WELL: cap_capable() cannot be used like the kernel's capable()
47 * function. That is, it has the reverse semantics: cap_capable() 55 * function. That is, it has the reverse semantics: cap_capable() returns 0
48 * returns 0 when a task has a capability, but the kernel's capable() 56 * when a task has a capability, but the kernel's capable() returns 1 for this
49 * returns 1 for this case. 57 * case.
50 */ 58 */
51int cap_capable (struct task_struct *tsk, int cap) 59int cap_capable(struct task_struct *tsk, int cap, int audit)
52{ 60{
61 __u32 cap_raised;
62
53 /* Derived from include/linux/sched.h:capable. */ 63 /* Derived from include/linux/sched.h:capable. */
54 if (cap_raised(tsk->cap_effective, cap)) 64 rcu_read_lock();
55 return 0; 65 cap_raised = cap_raised(__task_cred(tsk)->cap_effective, cap);
56 return -EPERM; 66 rcu_read_unlock();
67 return cap_raised ? 0 : -EPERM;
57} 68}
58 69
70/**
71 * cap_settime - Determine whether the current process may set the system clock
72 * @ts: The time to set
73 * @tz: The timezone to set
74 *
75 * Determine whether the current process may set the system clock and timezone
76 * information, returning 0 if permission granted, -ve if denied.
77 */
59int cap_settime(struct timespec *ts, struct timezone *tz) 78int cap_settime(struct timespec *ts, struct timezone *tz)
60{ 79{
61 if (!capable(CAP_SYS_TIME)) 80 if (!capable(CAP_SYS_TIME))
@@ -63,121 +82,157 @@ int cap_settime(struct timespec *ts, struct timezone *tz)
63 return 0; 82 return 0;
64} 83}
65 84
85/**
86 * cap_ptrace_may_access - Determine whether the current process may access
87 * another
88 * @child: The process to be accessed
89 * @mode: The mode of attachment.
90 *
91 * Determine whether a process may access another, returning 0 if permission
92 * granted, -ve if denied.
93 */
66int cap_ptrace_may_access(struct task_struct *child, unsigned int mode) 94int cap_ptrace_may_access(struct task_struct *child, unsigned int mode)
67{ 95{
68 /* Derived from arch/i386/kernel/ptrace.c:sys_ptrace. */ 96 int ret = 0;
69 if (cap_issubset(child->cap_permitted, current->cap_permitted)) 97
70 return 0; 98 rcu_read_lock();
71 if (capable(CAP_SYS_PTRACE)) 99 if (!cap_issubset(__task_cred(child)->cap_permitted,
72 return 0; 100 current_cred()->cap_permitted) &&
73 return -EPERM; 101 !capable(CAP_SYS_PTRACE))
102 ret = -EPERM;
103 rcu_read_unlock();
104 return ret;
74} 105}
75 106
107/**
108 * cap_ptrace_traceme - Determine whether another process may trace the current
109 * @parent: The task proposed to be the tracer
110 *
111 * Determine whether the nominated task is permitted to trace the current
112 * process, returning 0 if permission is granted, -ve if denied.
113 */
76int cap_ptrace_traceme(struct task_struct *parent) 114int cap_ptrace_traceme(struct task_struct *parent)
77{ 115{
78 /* Derived from arch/i386/kernel/ptrace.c:sys_ptrace. */ 116 int ret = 0;
79 if (cap_issubset(current->cap_permitted, parent->cap_permitted)) 117
80 return 0; 118 rcu_read_lock();
81 if (has_capability(parent, CAP_SYS_PTRACE)) 119 if (!cap_issubset(current_cred()->cap_permitted,
82 return 0; 120 __task_cred(parent)->cap_permitted) &&
83 return -EPERM; 121 !has_capability(parent, CAP_SYS_PTRACE))
122 ret = -EPERM;
123 rcu_read_unlock();
124 return ret;
84} 125}
85 126
86int cap_capget (struct task_struct *target, kernel_cap_t *effective, 127/**
87 kernel_cap_t *inheritable, kernel_cap_t *permitted) 128 * cap_capget - Retrieve a task's capability sets
129 * @target: The task from which to retrieve the capability sets
130 * @effective: The place to record the effective set
131 * @inheritable: The place to record the inheritable set
132 * @permitted: The place to record the permitted set
133 *
134 * This function retrieves the capabilities of the nominated task and returns
135 * them to the caller.
136 */
137int cap_capget(struct task_struct *target, kernel_cap_t *effective,
138 kernel_cap_t *inheritable, kernel_cap_t *permitted)
88{ 139{
140 const struct cred *cred;
141
89 /* Derived from kernel/capability.c:sys_capget. */ 142 /* Derived from kernel/capability.c:sys_capget. */
90 *effective = target->cap_effective; 143 rcu_read_lock();
91 *inheritable = target->cap_inheritable; 144 cred = __task_cred(target);
92 *permitted = target->cap_permitted; 145 *effective = cred->cap_effective;
146 *inheritable = cred->cap_inheritable;
147 *permitted = cred->cap_permitted;
148 rcu_read_unlock();
93 return 0; 149 return 0;
94} 150}
95 151
96#ifdef CONFIG_SECURITY_FILE_CAPABILITIES 152/*
97 153 * Determine whether the inheritable capabilities are limited to the old
98static inline int cap_block_setpcap(struct task_struct *target) 154 * permitted set. Returns 1 if they are limited, 0 if they are not.
99{ 155 */
100 /*
101 * No support for remote process capability manipulation with
102 * filesystem capability support.
103 */
104 return (target != current);
105}
106
107static inline int cap_inh_is_capped(void) 156static inline int cap_inh_is_capped(void)
108{ 157{
109 /* 158#ifdef CONFIG_SECURITY_FILE_CAPABILITIES
110 * Return 1 if changes to the inheritable set are limited
111 * to the old permitted set. That is, if the current task
112 * does *not* possess the CAP_SETPCAP capability.
113 */
114 return (cap_capable(current, CAP_SETPCAP) != 0);
115}
116
117static inline int cap_limit_ptraced_target(void) { return 1; }
118
119#else /* ie., ndef CONFIG_SECURITY_FILE_CAPABILITIES */
120 159
121static inline int cap_block_setpcap(struct task_struct *t) { return 0; } 160 /* they are so limited unless the current task has the CAP_SETPCAP
122static inline int cap_inh_is_capped(void) { return 1; } 161 * capability
123static inline int cap_limit_ptraced_target(void) 162 */
124{ 163 if (cap_capable(current, CAP_SETPCAP, SECURITY_CAP_AUDIT) == 0)
125 return !capable(CAP_SETPCAP); 164 return 0;
165#endif
166 return 1;
126} 167}
127 168
128#endif /* def CONFIG_SECURITY_FILE_CAPABILITIES */ 169/**
129 170 * cap_capset - Validate and apply proposed changes to current's capabilities
130int cap_capset_check (struct task_struct *target, kernel_cap_t *effective, 171 * @new: The proposed new credentials; alterations should be made here
131 kernel_cap_t *inheritable, kernel_cap_t *permitted) 172 * @old: The current task's current credentials
132{ 173 * @effective: A pointer to the proposed new effective capabilities set
133 if (cap_block_setpcap(target)) { 174 * @inheritable: A pointer to the proposed new inheritable capabilities set
134 return -EPERM; 175 * @permitted: A pointer to the proposed new permitted capabilities set
135 } 176 *
136 if (cap_inh_is_capped() 177 * This function validates and applies a proposed mass change to the current
137 && !cap_issubset(*inheritable, 178 * process's capability sets. The changes are made to the proposed new
138 cap_combine(target->cap_inheritable, 179 * credentials, and assuming no error, will be committed by the caller of LSM.
139 current->cap_permitted))) { 180 */
181int cap_capset(struct cred *new,
182 const struct cred *old,
183 const kernel_cap_t *effective,
184 const kernel_cap_t *inheritable,
185 const kernel_cap_t *permitted)
186{
187 if (cap_inh_is_capped() &&
188 !cap_issubset(*inheritable,
189 cap_combine(old->cap_inheritable,
190 old->cap_permitted)))
140 /* incapable of using this inheritable set */ 191 /* incapable of using this inheritable set */
141 return -EPERM; 192 return -EPERM;
142 } 193
143 if (!cap_issubset(*inheritable, 194 if (!cap_issubset(*inheritable,
144 cap_combine(target->cap_inheritable, 195 cap_combine(old->cap_inheritable,
145 current->cap_bset))) { 196 old->cap_bset)))
146 /* no new pI capabilities outside bounding set */ 197 /* no new pI capabilities outside bounding set */
147 return -EPERM; 198 return -EPERM;
148 }
149 199
150 /* verify restrictions on target's new Permitted set */ 200 /* verify restrictions on target's new Permitted set */
151 if (!cap_issubset (*permitted, 201 if (!cap_issubset(*permitted, old->cap_permitted))
152 cap_combine (target->cap_permitted,
153 current->cap_permitted))) {
154 return -EPERM; 202 return -EPERM;
155 }
156 203
157 /* verify the _new_Effective_ is a subset of the _new_Permitted_ */ 204 /* verify the _new_Effective_ is a subset of the _new_Permitted_ */
158 if (!cap_issubset (*effective, *permitted)) { 205 if (!cap_issubset(*effective, *permitted))
159 return -EPERM; 206 return -EPERM;
160 }
161 207
208 new->cap_effective = *effective;
209 new->cap_inheritable = *inheritable;
210 new->cap_permitted = *permitted;
162 return 0; 211 return 0;
163} 212}
164 213
165void cap_capset_set (struct task_struct *target, kernel_cap_t *effective, 214/*
166 kernel_cap_t *inheritable, kernel_cap_t *permitted) 215 * Clear proposed capability sets for execve().
167{ 216 */
168 target->cap_effective = *effective;
169 target->cap_inheritable = *inheritable;
170 target->cap_permitted = *permitted;
171}
172
173static inline void bprm_clear_caps(struct linux_binprm *bprm) 217static inline void bprm_clear_caps(struct linux_binprm *bprm)
174{ 218{
175 cap_clear(bprm->cap_post_exec_permitted); 219 cap_clear(bprm->cred->cap_permitted);
176 bprm->cap_effective = false; 220 bprm->cap_effective = false;
177} 221}
178 222
179#ifdef CONFIG_SECURITY_FILE_CAPABILITIES 223#ifdef CONFIG_SECURITY_FILE_CAPABILITIES
180 224
225/**
226 * cap_inode_need_killpriv - Determine if inode change affects privileges
227 * @dentry: The inode/dentry in being changed with change marked ATTR_KILL_PRIV
228 *
229 * Determine if an inode having a change applied that's marked ATTR_KILL_PRIV
230 * affects the security markings on that inode, and if it is, should
231 * inode_killpriv() be invoked or the change rejected?
232 *
233 * Returns 0 if granted; +ve if granted, but inode_killpriv() is required; and
234 * -ve to deny the change.
235 */
181int cap_inode_need_killpriv(struct dentry *dentry) 236int cap_inode_need_killpriv(struct dentry *dentry)
182{ 237{
183 struct inode *inode = dentry->d_inode; 238 struct inode *inode = dentry->d_inode;
@@ -192,6 +247,14 @@ int cap_inode_need_killpriv(struct dentry *dentry)
192 return 1; 247 return 1;
193} 248}
194 249
250/**
251 * cap_inode_killpriv - Erase the security markings on an inode
252 * @dentry: The inode/dentry to alter
253 *
254 * Erase the privilege-enhancing security markings on an inode.
255 *
256 * Returns 0 if successful, -ve on error.
257 */
195int cap_inode_killpriv(struct dentry *dentry) 258int cap_inode_killpriv(struct dentry *dentry)
196{ 259{
197 struct inode *inode = dentry->d_inode; 260 struct inode *inode = dentry->d_inode;
@@ -202,19 +265,75 @@ int cap_inode_killpriv(struct dentry *dentry)
202 return inode->i_op->removexattr(dentry, XATTR_NAME_CAPS); 265 return inode->i_op->removexattr(dentry, XATTR_NAME_CAPS);
203} 266}
204 267
205static inline int cap_from_disk(struct vfs_cap_data *caps, 268/*
206 struct linux_binprm *bprm, unsigned size) 269 * Calculate the new process capability sets from the capability sets attached
270 * to a file.
271 */
272static inline int bprm_caps_from_vfs_caps(struct cpu_vfs_cap_data *caps,
273 struct linux_binprm *bprm,
274 bool *effective)
275{
276 struct cred *new = bprm->cred;
277 unsigned i;
278 int ret = 0;
279
280 if (caps->magic_etc & VFS_CAP_FLAGS_EFFECTIVE)
281 *effective = true;
282
283 CAP_FOR_EACH_U32(i) {
284 __u32 permitted = caps->permitted.cap[i];
285 __u32 inheritable = caps->inheritable.cap[i];
286
287 /*
288 * pP' = (X & fP) | (pI & fI)
289 */
290 new->cap_permitted.cap[i] =
291 (new->cap_bset.cap[i] & permitted) |
292 (new->cap_inheritable.cap[i] & inheritable);
293
294 if (permitted & ~new->cap_permitted.cap[i])
295 /* insufficient to execute correctly */
296 ret = -EPERM;
297 }
298
299 /*
300 * For legacy apps, with no internal support for recognizing they
301 * do not have enough capabilities, we return an error if they are
302 * missing some "forced" (aka file-permitted) capabilities.
303 */
304 return *effective ? ret : 0;
305}
306
307/*
308 * Extract the on-exec-apply capability sets for an executable file.
309 */
310int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps)
207{ 311{
312 struct inode *inode = dentry->d_inode;
208 __u32 magic_etc; 313 __u32 magic_etc;
209 unsigned tocopy, i; 314 unsigned tocopy, i;
210 int ret; 315 int size;
316 struct vfs_cap_data caps;
317
318 memset(cpu_caps, 0, sizeof(struct cpu_vfs_cap_data));
319
320 if (!inode || !inode->i_op || !inode->i_op->getxattr)
321 return -ENODATA;
322
323 size = inode->i_op->getxattr((struct dentry *)dentry, XATTR_NAME_CAPS, &caps,
324 XATTR_CAPS_SZ);
325 if (size == -ENODATA || size == -EOPNOTSUPP)
326 /* no data, that's ok */
327 return -ENODATA;
328 if (size < 0)
329 return size;
211 330
212 if (size < sizeof(magic_etc)) 331 if (size < sizeof(magic_etc))
213 return -EINVAL; 332 return -EINVAL;
214 333
215 magic_etc = le32_to_cpu(caps->magic_etc); 334 cpu_caps->magic_etc = magic_etc = le32_to_cpu(caps.magic_etc);
216 335
217 switch ((magic_etc & VFS_CAP_REVISION_MASK)) { 336 switch (magic_etc & VFS_CAP_REVISION_MASK) {
218 case VFS_CAP_REVISION_1: 337 case VFS_CAP_REVISION_1:
219 if (size != XATTR_CAPS_SZ_1) 338 if (size != XATTR_CAPS_SZ_1)
220 return -EINVAL; 339 return -EINVAL;
@@ -229,77 +348,48 @@ static inline int cap_from_disk(struct vfs_cap_data *caps,
229 return -EINVAL; 348 return -EINVAL;
230 } 349 }
231 350
232 if (magic_etc & VFS_CAP_FLAGS_EFFECTIVE) {
233 bprm->cap_effective = true;
234 } else {
235 bprm->cap_effective = false;
236 }
237
238 ret = 0;
239
240 CAP_FOR_EACH_U32(i) { 351 CAP_FOR_EACH_U32(i) {
241 __u32 value_cpu; 352 if (i >= tocopy)
242 353 break;
243 if (i >= tocopy) { 354 cpu_caps->permitted.cap[i] = le32_to_cpu(caps.data[i].permitted);
244 /* 355 cpu_caps->inheritable.cap[i] = le32_to_cpu(caps.data[i].inheritable);
245 * Legacy capability sets have no upper bits
246 */
247 bprm->cap_post_exec_permitted.cap[i] = 0;
248 continue;
249 }
250 /*
251 * pP' = (X & fP) | (pI & fI)
252 */
253 value_cpu = le32_to_cpu(caps->data[i].permitted);
254 bprm->cap_post_exec_permitted.cap[i] =
255 (current->cap_bset.cap[i] & value_cpu) |
256 (current->cap_inheritable.cap[i] &
257 le32_to_cpu(caps->data[i].inheritable));
258 if (value_cpu & ~bprm->cap_post_exec_permitted.cap[i]) {
259 /*
260 * insufficient to execute correctly
261 */
262 ret = -EPERM;
263 }
264 } 356 }
265 357
266 /* 358 return 0;
267 * For legacy apps, with no internal support for recognizing they
268 * do not have enough capabilities, we return an error if they are
269 * missing some "forced" (aka file-permitted) capabilities.
270 */
271 return bprm->cap_effective ? ret : 0;
272} 359}
273 360
274/* Locate any VFS capabilities: */ 361/*
275static int get_file_caps(struct linux_binprm *bprm) 362 * Attempt to get the on-exec apply capability sets for an executable file from
363 * its xattrs and, if present, apply them to the proposed credentials being
364 * constructed by execve().
365 */
366static int get_file_caps(struct linux_binprm *bprm, bool *effective)
276{ 367{
277 struct dentry *dentry; 368 struct dentry *dentry;
278 int rc = 0; 369 int rc = 0;
279 struct vfs_cap_data vcaps; 370 struct cpu_vfs_cap_data vcaps;
280 struct inode *inode;
281 371
282 bprm_clear_caps(bprm); 372 bprm_clear_caps(bprm);
283 373
374 if (!file_caps_enabled)
375 return 0;
376
284 if (bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID) 377 if (bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID)
285 return 0; 378 return 0;
286 379
287 dentry = dget(bprm->file->f_dentry); 380 dentry = dget(bprm->file->f_dentry);
288 inode = dentry->d_inode;
289 if (!inode->i_op || !inode->i_op->getxattr)
290 goto out;
291 381
292 rc = inode->i_op->getxattr(dentry, XATTR_NAME_CAPS, &vcaps, 382 rc = get_vfs_caps_from_disk(dentry, &vcaps);
293 XATTR_CAPS_SZ); 383 if (rc < 0) {
294 if (rc == -ENODATA || rc == -EOPNOTSUPP) { 384 if (rc == -EINVAL)
295 /* no data, that's ok */ 385 printk(KERN_NOTICE "%s: get_vfs_caps_from_disk returned %d for %s\n",
296 rc = 0; 386 __func__, rc, bprm->filename);
387 else if (rc == -ENODATA)
388 rc = 0;
297 goto out; 389 goto out;
298 } 390 }
299 if (rc < 0)
300 goto out;
301 391
302 rc = cap_from_disk(&vcaps, bprm, rc); 392 rc = bprm_caps_from_vfs_caps(&vcaps, bprm, effective);
303 if (rc == -EINVAL) 393 if (rc == -EINVAL)
304 printk(KERN_NOTICE "%s: cap_from_disk returned %d for %s\n", 394 printk(KERN_NOTICE "%s: cap_from_disk returned %d for %s\n",
305 __func__, rc, bprm->filename); 395 __func__, rc, bprm->filename);
@@ -323,18 +413,57 @@ int cap_inode_killpriv(struct dentry *dentry)
323 return 0; 413 return 0;
324} 414}
325 415
326static inline int get_file_caps(struct linux_binprm *bprm) 416int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps)
417{
418 memset(cpu_caps, 0, sizeof(struct cpu_vfs_cap_data));
419 return -ENODATA;
420}
421
422static inline int get_file_caps(struct linux_binprm *bprm, bool *effective)
327{ 423{
328 bprm_clear_caps(bprm); 424 bprm_clear_caps(bprm);
329 return 0; 425 return 0;
330} 426}
331#endif 427#endif
332 428
333int cap_bprm_set_security (struct linux_binprm *bprm) 429/*
430 * Determine whether a exec'ing process's new permitted capabilities should be
431 * limited to just what it already has.
432 *
433 * This prevents processes that are being ptraced from gaining access to
434 * CAP_SETPCAP, unless the process they're tracing already has it, and the
435 * binary they're executing has filecaps that elevate it.
436 *
437 * Returns 1 if they should be limited, 0 if they are not.
438 */
439static inline int cap_limit_ptraced_target(void)
440{
441#ifndef CONFIG_SECURITY_FILE_CAPABILITIES
442 if (capable(CAP_SETPCAP))
443 return 0;
444#endif
445 return 1;
446}
447
448/**
449 * cap_bprm_set_creds - Set up the proposed credentials for execve().
450 * @bprm: The execution parameters, including the proposed creds
451 *
452 * Set up the proposed credentials for a new execution context being
453 * constructed by execve(). The proposed creds in @bprm->cred is altered,
454 * which won't take effect immediately. Returns 0 if successful, -ve on error.
455 */
456int cap_bprm_set_creds(struct linux_binprm *bprm)
334{ 457{
458 const struct cred *old = current_cred();
459 struct cred *new = bprm->cred;
460 bool effective;
335 int ret; 461 int ret;
336 462
337 ret = get_file_caps(bprm); 463 effective = false;
464 ret = get_file_caps(bprm, &effective);
465 if (ret < 0)
466 return ret;
338 467
339 if (!issecure(SECURE_NOROOT)) { 468 if (!issecure(SECURE_NOROOT)) {
340 /* 469 /*
@@ -342,75 +471,113 @@ int cap_bprm_set_security (struct linux_binprm *bprm)
342 * executables under compatibility mode, we override the 471 * executables under compatibility mode, we override the
343 * capability sets for the file. 472 * capability sets for the file.
344 * 473 *
345 * If only the real uid is 0, we do not set the effective 474 * If only the real uid is 0, we do not set the effective bit.
346 * bit.
347 */ 475 */
348 if (bprm->e_uid == 0 || current->uid == 0) { 476 if (new->euid == 0 || new->uid == 0) {
349 /* pP' = (cap_bset & ~0) | (pI & ~0) */ 477 /* pP' = (cap_bset & ~0) | (pI & ~0) */
350 bprm->cap_post_exec_permitted = cap_combine( 478 new->cap_permitted = cap_combine(old->cap_bset,
351 current->cap_bset, current->cap_inheritable 479 old->cap_inheritable);
352 );
353 bprm->cap_effective = (bprm->e_uid == 0);
354 ret = 0;
355 } 480 }
481 if (new->euid == 0)
482 effective = true;
356 } 483 }
357 484
358 return ret; 485 /* Don't let someone trace a set[ug]id/setpcap binary with the revised
359} 486 * credentials unless they have the appropriate permit
360 487 */
361void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe) 488 if ((new->euid != old->uid ||
362{ 489 new->egid != old->gid ||
363 if (bprm->e_uid != current->uid || bprm->e_gid != current->gid || 490 !cap_issubset(new->cap_permitted, old->cap_permitted)) &&
364 !cap_issubset(bprm->cap_post_exec_permitted, 491 bprm->unsafe & ~LSM_UNSAFE_PTRACE_CAP) {
365 current->cap_permitted)) { 492 /* downgrade; they get no more than they had, and maybe less */
366 set_dumpable(current->mm, suid_dumpable); 493 if (!capable(CAP_SETUID)) {
367 current->pdeath_signal = 0; 494 new->euid = new->uid;
368 495 new->egid = new->gid;
369 if (unsafe & ~LSM_UNSAFE_PTRACE_CAP) {
370 if (!capable(CAP_SETUID)) {
371 bprm->e_uid = current->uid;
372 bprm->e_gid = current->gid;
373 }
374 if (cap_limit_ptraced_target()) {
375 bprm->cap_post_exec_permitted = cap_intersect(
376 bprm->cap_post_exec_permitted,
377 current->cap_permitted);
378 }
379 } 496 }
497 if (cap_limit_ptraced_target())
498 new->cap_permitted = cap_intersect(new->cap_permitted,
499 old->cap_permitted);
380 } 500 }
381 501
382 current->suid = current->euid = current->fsuid = bprm->e_uid; 502 new->suid = new->fsuid = new->euid;
383 current->sgid = current->egid = current->fsgid = bprm->e_gid; 503 new->sgid = new->fsgid = new->egid;
384 504
385 /* For init, we want to retain the capabilities set 505 /* For init, we want to retain the capabilities set in the initial
386 * in the init_task struct. Thus we skip the usual 506 * task. Thus we skip the usual capability rules
387 * capability rules */ 507 */
388 if (!is_global_init(current)) { 508 if (!is_global_init(current)) {
389 current->cap_permitted = bprm->cap_post_exec_permitted; 509 if (effective)
390 if (bprm->cap_effective) 510 new->cap_effective = new->cap_permitted;
391 current->cap_effective = bprm->cap_post_exec_permitted;
392 else 511 else
393 cap_clear(current->cap_effective); 512 cap_clear(new->cap_effective);
394 } 513 }
514 bprm->cap_effective = effective;
395 515
396 /* AUD: Audit candidate if current->cap_effective is set */ 516 /*
517 * Audit candidate if current->cap_effective is set
518 *
519 * We do not bother to audit if 3 things are true:
520 * 1) cap_effective has all caps
521 * 2) we are root
522 * 3) root is supposed to have all caps (SECURE_NOROOT)
523 * Since this is just a normal root execing a process.
524 *
525 * Number 1 above might fail if you don't have a full bset, but I think
526 * that is interesting information to audit.
527 */
528 if (!cap_isclear(new->cap_effective)) {
529 if (!cap_issubset(CAP_FULL_SET, new->cap_effective) ||
530 new->euid != 0 || new->uid != 0 ||
531 issecure(SECURE_NOROOT)) {
532 ret = audit_log_bprm_fcaps(bprm, new, old);
533 if (ret < 0)
534 return ret;
535 }
536 }
397 537
398 current->securebits &= ~issecure_mask(SECURE_KEEP_CAPS); 538 new->securebits &= ~issecure_mask(SECURE_KEEP_CAPS);
539 return 0;
399} 540}
400 541
401int cap_bprm_secureexec (struct linux_binprm *bprm) 542/**
543 * cap_bprm_secureexec - Determine whether a secure execution is required
544 * @bprm: The execution parameters
545 *
546 * Determine whether a secure execution is required, return 1 if it is, and 0
547 * if it is not.
548 *
549 * The credentials have been committed by this point, and so are no longer
550 * available through @bprm->cred.
551 */
552int cap_bprm_secureexec(struct linux_binprm *bprm)
402{ 553{
403 if (current->uid != 0) { 554 const struct cred *cred = current_cred();
555
556 if (cred->uid != 0) {
404 if (bprm->cap_effective) 557 if (bprm->cap_effective)
405 return 1; 558 return 1;
406 if (!cap_isclear(bprm->cap_post_exec_permitted)) 559 if (!cap_isclear(cred->cap_permitted))
407 return 1; 560 return 1;
408 } 561 }
409 562
410 return (current->euid != current->uid || 563 return (cred->euid != cred->uid ||
411 current->egid != current->gid); 564 cred->egid != cred->gid);
412} 565}
413 566
567/**
568 * cap_inode_setxattr - Determine whether an xattr may be altered
569 * @dentry: The inode/dentry being altered
570 * @name: The name of the xattr to be changed
571 * @value: The value that the xattr will be changed to
572 * @size: The size of value
573 * @flags: The replacement flag
574 *
575 * Determine whether an xattr may be altered or set on an inode, returning 0 if
576 * permission is granted, -ve if denied.
577 *
578 * This is used to make sure security xattrs don't get updated or set by those
579 * who aren't privileged to do so.
580 */
414int cap_inode_setxattr(struct dentry *dentry, const char *name, 581int cap_inode_setxattr(struct dentry *dentry, const char *name,
415 const void *value, size_t size, int flags) 582 const void *value, size_t size, int flags)
416{ 583{
@@ -418,28 +585,42 @@ int cap_inode_setxattr(struct dentry *dentry, const char *name,
418 if (!capable(CAP_SETFCAP)) 585 if (!capable(CAP_SETFCAP))
419 return -EPERM; 586 return -EPERM;
420 return 0; 587 return 0;
421 } else if (!strncmp(name, XATTR_SECURITY_PREFIX, 588 }
589
590 if (!strncmp(name, XATTR_SECURITY_PREFIX,
422 sizeof(XATTR_SECURITY_PREFIX) - 1) && 591 sizeof(XATTR_SECURITY_PREFIX) - 1) &&
423 !capable(CAP_SYS_ADMIN)) 592 !capable(CAP_SYS_ADMIN))
424 return -EPERM; 593 return -EPERM;
425 return 0; 594 return 0;
426} 595}
427 596
597/**
598 * cap_inode_removexattr - Determine whether an xattr may be removed
599 * @dentry: The inode/dentry being altered
600 * @name: The name of the xattr to be changed
601 *
602 * Determine whether an xattr may be removed from an inode, returning 0 if
603 * permission is granted, -ve if denied.
604 *
605 * This is used to make sure security xattrs don't get removed by those who
606 * aren't privileged to remove them.
607 */
428int cap_inode_removexattr(struct dentry *dentry, const char *name) 608int cap_inode_removexattr(struct dentry *dentry, const char *name)
429{ 609{
430 if (!strcmp(name, XATTR_NAME_CAPS)) { 610 if (!strcmp(name, XATTR_NAME_CAPS)) {
431 if (!capable(CAP_SETFCAP)) 611 if (!capable(CAP_SETFCAP))
432 return -EPERM; 612 return -EPERM;
433 return 0; 613 return 0;
434 } else if (!strncmp(name, XATTR_SECURITY_PREFIX, 614 }
615
616 if (!strncmp(name, XATTR_SECURITY_PREFIX,
435 sizeof(XATTR_SECURITY_PREFIX) - 1) && 617 sizeof(XATTR_SECURITY_PREFIX) - 1) &&
436 !capable(CAP_SYS_ADMIN)) 618 !capable(CAP_SYS_ADMIN))
437 return -EPERM; 619 return -EPERM;
438 return 0; 620 return 0;
439} 621}
440 622
441/* moved from kernel/sys.c. */ 623/*
442/*
443 * cap_emulate_setxuid() fixes the effective / permitted capabilities of 624 * cap_emulate_setxuid() fixes the effective / permitted capabilities of
444 * a process after a call to setuid, setreuid, or setresuid. 625 * a process after a call to setuid, setreuid, or setresuid.
445 * 626 *
@@ -453,10 +634,10 @@ int cap_inode_removexattr(struct dentry *dentry, const char *name)
453 * 3) When set*uiding _from_ euid != 0 _to_ euid == 0, the effective 634 * 3) When set*uiding _from_ euid != 0 _to_ euid == 0, the effective
454 * capabilities are set to the permitted capabilities. 635 * capabilities are set to the permitted capabilities.
455 * 636 *
456 * fsuid is handled elsewhere. fsuid == 0 and {r,e,s}uid!= 0 should 637 * fsuid is handled elsewhere. fsuid == 0 and {r,e,s}uid!= 0 should
457 * never happen. 638 * never happen.
458 * 639 *
459 * -astor 640 * -astor
460 * 641 *
461 * cevans - New behaviour, Oct '99 642 * cevans - New behaviour, Oct '99
462 * A process may, via prctl(), elect to keep its capabilities when it 643 * A process may, via prctl(), elect to keep its capabilities when it
@@ -468,61 +649,60 @@ int cap_inode_removexattr(struct dentry *dentry, const char *name)
468 * files.. 649 * files..
469 * Thanks to Olaf Kirch and Peter Benie for spotting this. 650 * Thanks to Olaf Kirch and Peter Benie for spotting this.
470 */ 651 */
471static inline void cap_emulate_setxuid (int old_ruid, int old_euid, 652static inline void cap_emulate_setxuid(struct cred *new, const struct cred *old)
472 int old_suid)
473{ 653{
474 if ((old_ruid == 0 || old_euid == 0 || old_suid == 0) && 654 if ((old->uid == 0 || old->euid == 0 || old->suid == 0) &&
475 (current->uid != 0 && current->euid != 0 && current->suid != 0) && 655 (new->uid != 0 && new->euid != 0 && new->suid != 0) &&
476 !issecure(SECURE_KEEP_CAPS)) { 656 !issecure(SECURE_KEEP_CAPS)) {
477 cap_clear (current->cap_permitted); 657 cap_clear(new->cap_permitted);
478 cap_clear (current->cap_effective); 658 cap_clear(new->cap_effective);
479 }
480 if (old_euid == 0 && current->euid != 0) {
481 cap_clear (current->cap_effective);
482 }
483 if (old_euid != 0 && current->euid == 0) {
484 current->cap_effective = current->cap_permitted;
485 } 659 }
660 if (old->euid == 0 && new->euid != 0)
661 cap_clear(new->cap_effective);
662 if (old->euid != 0 && new->euid == 0)
663 new->cap_effective = new->cap_permitted;
486} 664}
487 665
488int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, 666/**
489 int flags) 667 * cap_task_fix_setuid - Fix up the results of setuid() call
668 * @new: The proposed credentials
669 * @old: The current task's current credentials
670 * @flags: Indications of what has changed
671 *
672 * Fix up the results of setuid() call before the credential changes are
673 * actually applied, returning 0 to grant the changes, -ve to deny them.
674 */
675int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags)
490{ 676{
491 switch (flags) { 677 switch (flags) {
492 case LSM_SETID_RE: 678 case LSM_SETID_RE:
493 case LSM_SETID_ID: 679 case LSM_SETID_ID:
494 case LSM_SETID_RES: 680 case LSM_SETID_RES:
495 /* Copied from kernel/sys.c:setreuid/setuid/setresuid. */ 681 /* juggle the capabilities to follow [RES]UID changes unless
496 if (!issecure (SECURE_NO_SETUID_FIXUP)) { 682 * otherwise suppressed */
497 cap_emulate_setxuid (old_ruid, old_euid, old_suid); 683 if (!issecure(SECURE_NO_SETUID_FIXUP))
498 } 684 cap_emulate_setxuid(new, old);
499 break; 685 break;
500 case LSM_SETID_FS:
501 {
502 uid_t old_fsuid = old_ruid;
503 686
504 /* Copied from kernel/sys.c:setfsuid. */ 687 case LSM_SETID_FS:
505 688 /* juggle the capabilties to follow FSUID changes, unless
506 /* 689 * otherwise suppressed
507 * FIXME - is fsuser used for all CAP_FS_MASK capabilities? 690 *
508 * if not, we might be a bit too harsh here. 691 * FIXME - is fsuser used for all CAP_FS_MASK capabilities?
509 */ 692 * if not, we might be a bit too harsh here.
510 693 */
511 if (!issecure (SECURE_NO_SETUID_FIXUP)) { 694 if (!issecure(SECURE_NO_SETUID_FIXUP)) {
512 if (old_fsuid == 0 && current->fsuid != 0) { 695 if (old->fsuid == 0 && new->fsuid != 0)
513 current->cap_effective = 696 new->cap_effective =
514 cap_drop_fs_set( 697 cap_drop_fs_set(new->cap_effective);
515 current->cap_effective); 698
516 } 699 if (old->fsuid != 0 && new->fsuid == 0)
517 if (old_fsuid != 0 && current->fsuid == 0) { 700 new->cap_effective =
518 current->cap_effective = 701 cap_raise_fs_set(new->cap_effective,
519 cap_raise_fs_set( 702 new->cap_permitted);
520 current->cap_effective,
521 current->cap_permitted);
522 }
523 }
524 break;
525 } 703 }
704 break;
705
526 default: 706 default:
527 return -EINVAL; 707 return -EINVAL;
528 } 708 }
@@ -543,42 +723,71 @@ int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid,
543 */ 723 */
544static int cap_safe_nice(struct task_struct *p) 724static int cap_safe_nice(struct task_struct *p)
545{ 725{
546 if (!cap_issubset(p->cap_permitted, current->cap_permitted) && 726 int is_subset;
547 !capable(CAP_SYS_NICE)) 727
728 rcu_read_lock();
729 is_subset = cap_issubset(__task_cred(p)->cap_permitted,
730 current_cred()->cap_permitted);
731 rcu_read_unlock();
732
733 if (!is_subset && !capable(CAP_SYS_NICE))
548 return -EPERM; 734 return -EPERM;
549 return 0; 735 return 0;
550} 736}
551 737
552int cap_task_setscheduler (struct task_struct *p, int policy, 738/**
739 * cap_task_setscheduler - Detemine if scheduler policy change is permitted
740 * @p: The task to affect
741 * @policy: The policy to effect
742 * @lp: The parameters to the scheduling policy
743 *
744 * Detemine if the requested scheduler policy change is permitted for the
745 * specified task, returning 0 if permission is granted, -ve if denied.
746 */
747int cap_task_setscheduler(struct task_struct *p, int policy,
553 struct sched_param *lp) 748 struct sched_param *lp)
554{ 749{
555 return cap_safe_nice(p); 750 return cap_safe_nice(p);
556} 751}
557 752
558int cap_task_setioprio (struct task_struct *p, int ioprio) 753/**
754 * cap_task_ioprio - Detemine if I/O priority change is permitted
755 * @p: The task to affect
756 * @ioprio: The I/O priority to set
757 *
758 * Detemine if the requested I/O priority change is permitted for the specified
759 * task, returning 0 if permission is granted, -ve if denied.
760 */
761int cap_task_setioprio(struct task_struct *p, int ioprio)
559{ 762{
560 return cap_safe_nice(p); 763 return cap_safe_nice(p);
561} 764}
562 765
563int cap_task_setnice (struct task_struct *p, int nice) 766/**
767 * cap_task_ioprio - Detemine if task priority change is permitted
768 * @p: The task to affect
769 * @nice: The nice value to set
770 *
771 * Detemine if the requested task priority change is permitted for the
772 * specified task, returning 0 if permission is granted, -ve if denied.
773 */
774int cap_task_setnice(struct task_struct *p, int nice)
564{ 775{
565 return cap_safe_nice(p); 776 return cap_safe_nice(p);
566} 777}
567 778
568/* 779/*
569 * called from kernel/sys.c for prctl(PR_CABSET_DROP) 780 * Implement PR_CAPBSET_DROP. Attempt to remove the specified capability from
570 * done without task_capability_lock() because it introduces 781 * the current task's bounding set. Returns 0 on success, -ve on error.
571 * no new races - i.e. only another task doing capget() on
572 * this task could get inconsistent info. There can be no
573 * racing writer bc a task can only change its own caps.
574 */ 782 */
575static long cap_prctl_drop(unsigned long cap) 783static long cap_prctl_drop(struct cred *new, unsigned long cap)
576{ 784{
577 if (!capable(CAP_SETPCAP)) 785 if (!capable(CAP_SETPCAP))
578 return -EPERM; 786 return -EPERM;
579 if (!cap_valid(cap)) 787 if (!cap_valid(cap))
580 return -EINVAL; 788 return -EINVAL;
581 cap_lower(current->cap_bset, cap); 789
790 cap_lower(new->cap_bset, cap);
582 return 0; 791 return 0;
583} 792}
584 793
@@ -598,22 +807,42 @@ int cap_task_setnice (struct task_struct *p, int nice)
598} 807}
599#endif 808#endif
600 809
810/**
811 * cap_task_prctl - Implement process control functions for this security module
812 * @option: The process control function requested
813 * @arg2, @arg3, @arg4, @arg5: The argument data for this function
814 *
815 * Allow process control functions (sys_prctl()) to alter capabilities; may
816 * also deny access to other functions not otherwise implemented here.
817 *
818 * Returns 0 or +ve on success, -ENOSYS if this function is not implemented
819 * here, other -ve on error. If -ENOSYS is returned, sys_prctl() and other LSM
820 * modules will consider performing the function.
821 */
601int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, 822int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
602 unsigned long arg4, unsigned long arg5, long *rc_p) 823 unsigned long arg4, unsigned long arg5)
603{ 824{
825 struct cred *new;
604 long error = 0; 826 long error = 0;
605 827
828 new = prepare_creds();
829 if (!new)
830 return -ENOMEM;
831
606 switch (option) { 832 switch (option) {
607 case PR_CAPBSET_READ: 833 case PR_CAPBSET_READ:
834 error = -EINVAL;
608 if (!cap_valid(arg2)) 835 if (!cap_valid(arg2))
609 error = -EINVAL; 836 goto error;
610 else 837 error = !!cap_raised(new->cap_bset, arg2);
611 error = !!cap_raised(current->cap_bset, arg2); 838 goto no_change;
612 break; 839
613#ifdef CONFIG_SECURITY_FILE_CAPABILITIES 840#ifdef CONFIG_SECURITY_FILE_CAPABILITIES
614 case PR_CAPBSET_DROP: 841 case PR_CAPBSET_DROP:
615 error = cap_prctl_drop(arg2); 842 error = cap_prctl_drop(new, arg2);
616 break; 843 if (error < 0)
844 goto error;
845 goto changed;
617 846
618 /* 847 /*
619 * The next four prctl's remain to assist with transitioning a 848 * The next four prctl's remain to assist with transitioning a
@@ -635,12 +864,12 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
635 * capability-based-privilege environment. 864 * capability-based-privilege environment.
636 */ 865 */
637 case PR_SET_SECUREBITS: 866 case PR_SET_SECUREBITS:
638 if ((((current->securebits & SECURE_ALL_LOCKS) >> 1) 867 error = -EPERM;
639 & (current->securebits ^ arg2)) /*[1]*/ 868 if ((((new->securebits & SECURE_ALL_LOCKS) >> 1)
640 || ((current->securebits & SECURE_ALL_LOCKS 869 & (new->securebits ^ arg2)) /*[1]*/
641 & ~arg2)) /*[2]*/ 870 || ((new->securebits & SECURE_ALL_LOCKS & ~arg2)) /*[2]*/
642 || (arg2 & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS)) /*[3]*/ 871 || (arg2 & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS)) /*[3]*/
643 || (cap_capable(current, CAP_SETPCAP) != 0)) { /*[4]*/ 872 || (cap_capable(current, CAP_SETPCAP, SECURITY_CAP_AUDIT) != 0) /*[4]*/
644 /* 873 /*
645 * [1] no changing of bits that are locked 874 * [1] no changing of bits that are locked
646 * [2] no unlocking of locks 875 * [2] no unlocking of locks
@@ -648,65 +877,80 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
648 * [4] doing anything requires privilege (go read about 877 * [4] doing anything requires privilege (go read about
649 * the "sendmail capabilities bug") 878 * the "sendmail capabilities bug")
650 */ 879 */
651 error = -EPERM; /* cannot change a locked bit */ 880 )
652 } else { 881 /* cannot change a locked bit */
653 current->securebits = arg2; 882 goto error;
654 } 883 new->securebits = arg2;
655 break; 884 goto changed;
885
656 case PR_GET_SECUREBITS: 886 case PR_GET_SECUREBITS:
657 error = current->securebits; 887 error = new->securebits;
658 break; 888 goto no_change;
659 889
660#endif /* def CONFIG_SECURITY_FILE_CAPABILITIES */ 890#endif /* def CONFIG_SECURITY_FILE_CAPABILITIES */
661 891
662 case PR_GET_KEEPCAPS: 892 case PR_GET_KEEPCAPS:
663 if (issecure(SECURE_KEEP_CAPS)) 893 if (issecure(SECURE_KEEP_CAPS))
664 error = 1; 894 error = 1;
665 break; 895 goto no_change;
896
666 case PR_SET_KEEPCAPS: 897 case PR_SET_KEEPCAPS:
898 error = -EINVAL;
667 if (arg2 > 1) /* Note, we rely on arg2 being unsigned here */ 899 if (arg2 > 1) /* Note, we rely on arg2 being unsigned here */
668 error = -EINVAL; 900 goto error;
669 else if (issecure(SECURE_KEEP_CAPS_LOCKED)) 901 error = -EPERM;
670 error = -EPERM; 902 if (issecure(SECURE_KEEP_CAPS_LOCKED))
671 else if (arg2) 903 goto error;
672 current->securebits |= issecure_mask(SECURE_KEEP_CAPS); 904 if (arg2)
905 new->securebits |= issecure_mask(SECURE_KEEP_CAPS);
673 else 906 else
674 current->securebits &= 907 new->securebits &= ~issecure_mask(SECURE_KEEP_CAPS);
675 ~issecure_mask(SECURE_KEEP_CAPS); 908 goto changed;
676 break;
677 909
678 default: 910 default:
679 /* No functionality available - continue with default */ 911 /* No functionality available - continue with default */
680 return 0; 912 error = -ENOSYS;
913 goto error;
681 } 914 }
682 915
683 /* Functionality provided */ 916 /* Functionality provided */
684 *rc_p = error; 917changed:
685 return 1; 918 return commit_creds(new);
686}
687 919
688void cap_task_reparent_to_init (struct task_struct *p) 920no_change:
689{ 921 error = 0;
690 cap_set_init_eff(p->cap_effective); 922error:
691 cap_clear(p->cap_inheritable); 923 abort_creds(new);
692 cap_set_full(p->cap_permitted); 924 return error;
693 p->securebits = SECUREBITS_DEFAULT;
694 return;
695} 925}
696 926
697int cap_syslog (int type) 927/**
928 * cap_syslog - Determine whether syslog function is permitted
929 * @type: Function requested
930 *
931 * Determine whether the current process is permitted to use a particular
932 * syslog function, returning 0 if permission is granted, -ve if not.
933 */
934int cap_syslog(int type)
698{ 935{
699 if ((type != 3 && type != 10) && !capable(CAP_SYS_ADMIN)) 936 if ((type != 3 && type != 10) && !capable(CAP_SYS_ADMIN))
700 return -EPERM; 937 return -EPERM;
701 return 0; 938 return 0;
702} 939}
703 940
941/**
942 * cap_vm_enough_memory - Determine whether a new virtual mapping is permitted
943 * @mm: The VM space in which the new mapping is to be made
944 * @pages: The size of the mapping
945 *
946 * Determine whether the allocation of a new virtual mapping by the current
947 * task is permitted, returning 0 if permission is granted, -ve if not.
948 */
704int cap_vm_enough_memory(struct mm_struct *mm, long pages) 949int cap_vm_enough_memory(struct mm_struct *mm, long pages)
705{ 950{
706 int cap_sys_admin = 0; 951 int cap_sys_admin = 0;
707 952
708 if (cap_capable(current, CAP_SYS_ADMIN) == 0) 953 if (cap_capable(current, CAP_SYS_ADMIN, SECURITY_CAP_NOAUDIT) == 0)
709 cap_sys_admin = 1; 954 cap_sys_admin = 1;
710 return __vm_enough_memory(mm, pages, cap_sys_admin); 955 return __vm_enough_memory(mm, pages, cap_sys_admin);
711} 956}
712
diff --git a/security/keys/internal.h b/security/keys/internal.h
index 239098f0fd76..81932abefe7b 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -12,8 +12,8 @@
12#ifndef _INTERNAL_H 12#ifndef _INTERNAL_H
13#define _INTERNAL_H 13#define _INTERNAL_H
14 14
15#include <linux/sched.h>
15#include <linux/key-type.h> 16#include <linux/key-type.h>
16#include <linux/key-ui.h>
17 17
18static inline __attribute__((format(printf, 1, 2))) 18static inline __attribute__((format(printf, 1, 2)))
19void no_printk(const char *fmt, ...) 19void no_printk(const char *fmt, ...)
@@ -26,7 +26,7 @@ void no_printk(const char *fmt, ...)
26#define kleave(FMT, ...) \ 26#define kleave(FMT, ...) \
27 printk(KERN_DEBUG "<== %s()"FMT"\n", __func__, ##__VA_ARGS__) 27 printk(KERN_DEBUG "<== %s()"FMT"\n", __func__, ##__VA_ARGS__)
28#define kdebug(FMT, ...) \ 28#define kdebug(FMT, ...) \
29 printk(KERN_DEBUG "xxx" FMT"yyy\n", ##__VA_ARGS__) 29 printk(KERN_DEBUG " "FMT"\n", ##__VA_ARGS__)
30#else 30#else
31#define kenter(FMT, ...) \ 31#define kenter(FMT, ...) \
32 no_printk(KERN_DEBUG "==> %s("FMT")\n", __func__, ##__VA_ARGS__) 32 no_printk(KERN_DEBUG "==> %s("FMT")\n", __func__, ##__VA_ARGS__)
@@ -82,6 +82,9 @@ extern struct mutex key_construction_mutex;
82extern wait_queue_head_t request_key_conswq; 82extern wait_queue_head_t request_key_conswq;
83 83
84 84
85extern struct key_type *key_type_lookup(const char *type);
86extern void key_type_put(struct key_type *ktype);
87
85extern int __key_link(struct key *keyring, struct key *key); 88extern int __key_link(struct key *keyring, struct key *key);
86 89
87extern key_ref_t __keyring_search_one(key_ref_t keyring_ref, 90extern key_ref_t __keyring_search_one(key_ref_t keyring_ref,
@@ -95,7 +98,7 @@ extern struct key *keyring_search_instkey(struct key *keyring,
95typedef int (*key_match_func_t)(const struct key *, const void *); 98typedef int (*key_match_func_t)(const struct key *, const void *);
96 99
97extern key_ref_t keyring_search_aux(key_ref_t keyring_ref, 100extern key_ref_t keyring_search_aux(key_ref_t keyring_ref,
98 struct task_struct *tsk, 101 const struct cred *cred,
99 struct key_type *type, 102 struct key_type *type,
100 const void *description, 103 const void *description,
101 key_match_func_t match); 104 key_match_func_t match);
@@ -103,13 +106,13 @@ extern key_ref_t keyring_search_aux(key_ref_t keyring_ref,
103extern key_ref_t search_process_keyrings(struct key_type *type, 106extern key_ref_t search_process_keyrings(struct key_type *type,
104 const void *description, 107 const void *description,
105 key_match_func_t match, 108 key_match_func_t match,
106 struct task_struct *tsk); 109 const struct cred *cred);
107 110
108extern struct key *find_keyring_by_name(const char *name, bool skip_perm_check); 111extern struct key *find_keyring_by_name(const char *name, bool skip_perm_check);
109 112
110extern int install_user_keyrings(struct task_struct *tsk); 113extern int install_user_keyrings(void);
111extern int install_thread_keyring(struct task_struct *tsk); 114extern int install_thread_keyring_to_cred(struct cred *);
112extern int install_process_keyring(struct task_struct *tsk); 115extern int install_process_keyring_to_cred(struct cred *);
113 116
114extern struct key *request_key_and_link(struct key_type *type, 117extern struct key *request_key_and_link(struct key_type *type,
115 const char *description, 118 const char *description,
@@ -119,12 +122,39 @@ extern struct key *request_key_and_link(struct key_type *type,
119 struct key *dest_keyring, 122 struct key *dest_keyring,
120 unsigned long flags); 123 unsigned long flags);
121 124
125extern key_ref_t lookup_user_key(key_serial_t id, int create, int partial,
126 key_perm_t perm);
127
128extern long join_session_keyring(const char *name);
129
130/*
131 * check to see whether permission is granted to use a key in the desired way
132 */
133extern int key_task_permission(const key_ref_t key_ref,
134 const struct cred *cred,
135 key_perm_t perm);
136
137static inline int key_permission(const key_ref_t key_ref, key_perm_t perm)
138{
139 return key_task_permission(key_ref, current_cred(), perm);
140}
141
142/* required permissions */
143#define KEY_VIEW 0x01 /* require permission to view attributes */
144#define KEY_READ 0x02 /* require permission to read content */
145#define KEY_WRITE 0x04 /* require permission to update / modify */
146#define KEY_SEARCH 0x08 /* require permission to search (keyring) or find (key) */
147#define KEY_LINK 0x10 /* require permission to link */
148#define KEY_SETATTR 0x20 /* require permission to change attributes */
149#define KEY_ALL 0x3f /* all the above permissions */
150
122/* 151/*
123 * request_key authorisation 152 * request_key authorisation
124 */ 153 */
125struct request_key_auth { 154struct request_key_auth {
126 struct key *target_key; 155 struct key *target_key;
127 struct task_struct *context; 156 struct key *dest_keyring;
157 const struct cred *cred;
128 void *callout_info; 158 void *callout_info;
129 size_t callout_len; 159 size_t callout_len;
130 pid_t pid; 160 pid_t pid;
@@ -133,7 +163,8 @@ struct request_key_auth {
133extern struct key_type key_type_request_key_auth; 163extern struct key_type key_type_request_key_auth;
134extern struct key *request_key_auth_new(struct key *target, 164extern struct key *request_key_auth_new(struct key *target,
135 const void *callout_info, 165 const void *callout_info,
136 size_t callout_len); 166 size_t callout_len,
167 struct key *dest_keyring);
137 168
138extern struct key *key_get_instantiation_authkey(key_serial_t target_id); 169extern struct key *key_get_instantiation_authkey(key_serial_t target_id);
139 170
diff --git a/security/keys/key.c b/security/keys/key.c
index 14948cf83ef6..f76c8a546fd3 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -218,7 +218,7 @@ serial_exists:
218 * instantiate the key or discard it before returning 218 * instantiate the key or discard it before returning
219 */ 219 */
220struct key *key_alloc(struct key_type *type, const char *desc, 220struct key *key_alloc(struct key_type *type, const char *desc,
221 uid_t uid, gid_t gid, struct task_struct *ctx, 221 uid_t uid, gid_t gid, const struct cred *cred,
222 key_perm_t perm, unsigned long flags) 222 key_perm_t perm, unsigned long flags)
223{ 223{
224 struct key_user *user = NULL; 224 struct key_user *user = NULL;
@@ -294,7 +294,7 @@ struct key *key_alloc(struct key_type *type, const char *desc,
294#endif 294#endif
295 295
296 /* let the security module know about the key */ 296 /* let the security module know about the key */
297 ret = security_key_alloc(key, ctx, flags); 297 ret = security_key_alloc(key, cred, flags);
298 if (ret < 0) 298 if (ret < 0)
299 goto security_error; 299 goto security_error;
300 300
@@ -391,7 +391,7 @@ static int __key_instantiate_and_link(struct key *key,
391 const void *data, 391 const void *data,
392 size_t datalen, 392 size_t datalen,
393 struct key *keyring, 393 struct key *keyring,
394 struct key *instkey) 394 struct key *authkey)
395{ 395{
396 int ret, awaken; 396 int ret, awaken;
397 397
@@ -421,8 +421,8 @@ static int __key_instantiate_and_link(struct key *key,
421 ret = __key_link(keyring, key); 421 ret = __key_link(keyring, key);
422 422
423 /* disable the authorisation key */ 423 /* disable the authorisation key */
424 if (instkey) 424 if (authkey)
425 key_revoke(instkey); 425 key_revoke(authkey);
426 } 426 }
427 } 427 }
428 428
@@ -444,14 +444,14 @@ int key_instantiate_and_link(struct key *key,
444 const void *data, 444 const void *data,
445 size_t datalen, 445 size_t datalen,
446 struct key *keyring, 446 struct key *keyring,
447 struct key *instkey) 447 struct key *authkey)
448{ 448{
449 int ret; 449 int ret;
450 450
451 if (keyring) 451 if (keyring)
452 down_write(&keyring->sem); 452 down_write(&keyring->sem);
453 453
454 ret = __key_instantiate_and_link(key, data, datalen, keyring, instkey); 454 ret = __key_instantiate_and_link(key, data, datalen, keyring, authkey);
455 455
456 if (keyring) 456 if (keyring)
457 up_write(&keyring->sem); 457 up_write(&keyring->sem);
@@ -469,7 +469,7 @@ EXPORT_SYMBOL(key_instantiate_and_link);
469int key_negate_and_link(struct key *key, 469int key_negate_and_link(struct key *key,
470 unsigned timeout, 470 unsigned timeout,
471 struct key *keyring, 471 struct key *keyring,
472 struct key *instkey) 472 struct key *authkey)
473{ 473{
474 struct timespec now; 474 struct timespec now;
475 int ret, awaken; 475 int ret, awaken;
@@ -504,8 +504,8 @@ int key_negate_and_link(struct key *key,
504 ret = __key_link(keyring, key); 504 ret = __key_link(keyring, key);
505 505
506 /* disable the authorisation key */ 506 /* disable the authorisation key */
507 if (instkey) 507 if (authkey)
508 key_revoke(instkey); 508 key_revoke(authkey);
509 } 509 }
510 510
511 mutex_unlock(&key_construction_mutex); 511 mutex_unlock(&key_construction_mutex);
@@ -743,6 +743,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
743 key_perm_t perm, 743 key_perm_t perm,
744 unsigned long flags) 744 unsigned long flags)
745{ 745{
746 const struct cred *cred = current_cred();
746 struct key_type *ktype; 747 struct key_type *ktype;
747 struct key *keyring, *key = NULL; 748 struct key *keyring, *key = NULL;
748 key_ref_t key_ref; 749 key_ref_t key_ref;
@@ -802,8 +803,8 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
802 } 803 }
803 804
804 /* allocate a new key */ 805 /* allocate a new key */
805 key = key_alloc(ktype, description, current->fsuid, current->fsgid, 806 key = key_alloc(ktype, description, cred->fsuid, cred->fsgid, cred,
806 current, perm, flags); 807 perm, flags);
807 if (IS_ERR(key)) { 808 if (IS_ERR(key)) {
808 key_ref = ERR_CAST(key); 809 key_ref = ERR_CAST(key);
809 goto error_3; 810 goto error_3;
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index acc9c89e40a8..7c72baa02f2e 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -103,7 +103,7 @@ asmlinkage long sys_add_key(const char __user *_type,
103 } 103 }
104 104
105 /* find the target keyring (which must be writable) */ 105 /* find the target keyring (which must be writable) */
106 keyring_ref = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE); 106 keyring_ref = lookup_user_key(ringid, 1, 0, KEY_WRITE);
107 if (IS_ERR(keyring_ref)) { 107 if (IS_ERR(keyring_ref)) {
108 ret = PTR_ERR(keyring_ref); 108 ret = PTR_ERR(keyring_ref);
109 goto error3; 109 goto error3;
@@ -185,7 +185,7 @@ asmlinkage long sys_request_key(const char __user *_type,
185 /* get the destination keyring if specified */ 185 /* get the destination keyring if specified */
186 dest_ref = NULL; 186 dest_ref = NULL;
187 if (destringid) { 187 if (destringid) {
188 dest_ref = lookup_user_key(NULL, destringid, 1, 0, KEY_WRITE); 188 dest_ref = lookup_user_key(destringid, 1, 0, KEY_WRITE);
189 if (IS_ERR(dest_ref)) { 189 if (IS_ERR(dest_ref)) {
190 ret = PTR_ERR(dest_ref); 190 ret = PTR_ERR(dest_ref);
191 goto error3; 191 goto error3;
@@ -235,7 +235,7 @@ long keyctl_get_keyring_ID(key_serial_t id, int create)
235 key_ref_t key_ref; 235 key_ref_t key_ref;
236 long ret; 236 long ret;
237 237
238 key_ref = lookup_user_key(NULL, id, create, 0, KEY_SEARCH); 238 key_ref = lookup_user_key(id, create, 0, KEY_SEARCH);
239 if (IS_ERR(key_ref)) { 239 if (IS_ERR(key_ref)) {
240 ret = PTR_ERR(key_ref); 240 ret = PTR_ERR(key_ref);
241 goto error; 241 goto error;
@@ -308,7 +308,7 @@ long keyctl_update_key(key_serial_t id,
308 } 308 }
309 309
310 /* find the target key (which must be writable) */ 310 /* find the target key (which must be writable) */
311 key_ref = lookup_user_key(NULL, id, 0, 0, KEY_WRITE); 311 key_ref = lookup_user_key(id, 0, 0, KEY_WRITE);
312 if (IS_ERR(key_ref)) { 312 if (IS_ERR(key_ref)) {
313 ret = PTR_ERR(key_ref); 313 ret = PTR_ERR(key_ref);
314 goto error2; 314 goto error2;
@@ -336,7 +336,7 @@ long keyctl_revoke_key(key_serial_t id)
336 key_ref_t key_ref; 336 key_ref_t key_ref;
337 long ret; 337 long ret;
338 338
339 key_ref = lookup_user_key(NULL, id, 0, 0, KEY_WRITE); 339 key_ref = lookup_user_key(id, 0, 0, KEY_WRITE);
340 if (IS_ERR(key_ref)) { 340 if (IS_ERR(key_ref)) {
341 ret = PTR_ERR(key_ref); 341 ret = PTR_ERR(key_ref);
342 goto error; 342 goto error;
@@ -362,7 +362,7 @@ long keyctl_keyring_clear(key_serial_t ringid)
362 key_ref_t keyring_ref; 362 key_ref_t keyring_ref;
363 long ret; 363 long ret;
364 364
365 keyring_ref = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE); 365 keyring_ref = lookup_user_key(ringid, 1, 0, KEY_WRITE);
366 if (IS_ERR(keyring_ref)) { 366 if (IS_ERR(keyring_ref)) {
367 ret = PTR_ERR(keyring_ref); 367 ret = PTR_ERR(keyring_ref);
368 goto error; 368 goto error;
@@ -388,13 +388,13 @@ long keyctl_keyring_link(key_serial_t id, key_serial_t ringid)
388 key_ref_t keyring_ref, key_ref; 388 key_ref_t keyring_ref, key_ref;
389 long ret; 389 long ret;
390 390
391 keyring_ref = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE); 391 keyring_ref = lookup_user_key(ringid, 1, 0, KEY_WRITE);
392 if (IS_ERR(keyring_ref)) { 392 if (IS_ERR(keyring_ref)) {
393 ret = PTR_ERR(keyring_ref); 393 ret = PTR_ERR(keyring_ref);
394 goto error; 394 goto error;
395 } 395 }
396 396
397 key_ref = lookup_user_key(NULL, id, 1, 0, KEY_LINK); 397 key_ref = lookup_user_key(id, 1, 0, KEY_LINK);
398 if (IS_ERR(key_ref)) { 398 if (IS_ERR(key_ref)) {
399 ret = PTR_ERR(key_ref); 399 ret = PTR_ERR(key_ref);
400 goto error2; 400 goto error2;
@@ -422,13 +422,13 @@ long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid)
422 key_ref_t keyring_ref, key_ref; 422 key_ref_t keyring_ref, key_ref;
423 long ret; 423 long ret;
424 424
425 keyring_ref = lookup_user_key(NULL, ringid, 0, 0, KEY_WRITE); 425 keyring_ref = lookup_user_key(ringid, 0, 0, KEY_WRITE);
426 if (IS_ERR(keyring_ref)) { 426 if (IS_ERR(keyring_ref)) {
427 ret = PTR_ERR(keyring_ref); 427 ret = PTR_ERR(keyring_ref);
428 goto error; 428 goto error;
429 } 429 }
430 430
431 key_ref = lookup_user_key(NULL, id, 0, 0, 0); 431 key_ref = lookup_user_key(id, 0, 0, 0);
432 if (IS_ERR(key_ref)) { 432 if (IS_ERR(key_ref)) {
433 ret = PTR_ERR(key_ref); 433 ret = PTR_ERR(key_ref);
434 goto error2; 434 goto error2;
@@ -464,7 +464,7 @@ long keyctl_describe_key(key_serial_t keyid,
464 char *tmpbuf; 464 char *tmpbuf;
465 long ret; 465 long ret;
466 466
467 key_ref = lookup_user_key(NULL, keyid, 0, 1, KEY_VIEW); 467 key_ref = lookup_user_key(keyid, 0, 1, KEY_VIEW);
468 if (IS_ERR(key_ref)) { 468 if (IS_ERR(key_ref)) {
469 /* viewing a key under construction is permitted if we have the 469 /* viewing a key under construction is permitted if we have the
470 * authorisation token handy */ 470 * authorisation token handy */
@@ -472,7 +472,7 @@ long keyctl_describe_key(key_serial_t keyid,
472 instkey = key_get_instantiation_authkey(keyid); 472 instkey = key_get_instantiation_authkey(keyid);
473 if (!IS_ERR(instkey)) { 473 if (!IS_ERR(instkey)) {
474 key_put(instkey); 474 key_put(instkey);
475 key_ref = lookup_user_key(NULL, keyid, 475 key_ref = lookup_user_key(keyid,
476 0, 1, 0); 476 0, 1, 0);
477 if (!IS_ERR(key_ref)) 477 if (!IS_ERR(key_ref))
478 goto okay; 478 goto okay;
@@ -557,7 +557,7 @@ long keyctl_keyring_search(key_serial_t ringid,
557 } 557 }
558 558
559 /* get the keyring at which to begin the search */ 559 /* get the keyring at which to begin the search */
560 keyring_ref = lookup_user_key(NULL, ringid, 0, 0, KEY_SEARCH); 560 keyring_ref = lookup_user_key(ringid, 0, 0, KEY_SEARCH);
561 if (IS_ERR(keyring_ref)) { 561 if (IS_ERR(keyring_ref)) {
562 ret = PTR_ERR(keyring_ref); 562 ret = PTR_ERR(keyring_ref);
563 goto error2; 563 goto error2;
@@ -566,7 +566,7 @@ long keyctl_keyring_search(key_serial_t ringid,
566 /* get the destination keyring if specified */ 566 /* get the destination keyring if specified */
567 dest_ref = NULL; 567 dest_ref = NULL;
568 if (destringid) { 568 if (destringid) {
569 dest_ref = lookup_user_key(NULL, destringid, 1, 0, KEY_WRITE); 569 dest_ref = lookup_user_key(destringid, 1, 0, KEY_WRITE);
570 if (IS_ERR(dest_ref)) { 570 if (IS_ERR(dest_ref)) {
571 ret = PTR_ERR(dest_ref); 571 ret = PTR_ERR(dest_ref);
572 goto error3; 572 goto error3;
@@ -636,7 +636,7 @@ long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen)
636 long ret; 636 long ret;
637 637
638 /* find the key first */ 638 /* find the key first */
639 key_ref = lookup_user_key(NULL, keyid, 0, 0, 0); 639 key_ref = lookup_user_key(keyid, 0, 0, 0);
640 if (IS_ERR(key_ref)) { 640 if (IS_ERR(key_ref)) {
641 ret = -ENOKEY; 641 ret = -ENOKEY;
642 goto error; 642 goto error;
@@ -699,7 +699,7 @@ long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid)
699 if (uid == (uid_t) -1 && gid == (gid_t) -1) 699 if (uid == (uid_t) -1 && gid == (gid_t) -1)
700 goto error; 700 goto error;
701 701
702 key_ref = lookup_user_key(NULL, id, 1, 1, KEY_SETATTR); 702 key_ref = lookup_user_key(id, 1, 1, KEY_SETATTR);
703 if (IS_ERR(key_ref)) { 703 if (IS_ERR(key_ref)) {
704 ret = PTR_ERR(key_ref); 704 ret = PTR_ERR(key_ref);
705 goto error; 705 goto error;
@@ -804,7 +804,7 @@ long keyctl_setperm_key(key_serial_t id, key_perm_t perm)
804 if (perm & ~(KEY_POS_ALL | KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL)) 804 if (perm & ~(KEY_POS_ALL | KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL))
805 goto error; 805 goto error;
806 806
807 key_ref = lookup_user_key(NULL, id, 1, 1, KEY_SETATTR); 807 key_ref = lookup_user_key(id, 1, 1, KEY_SETATTR);
808 if (IS_ERR(key_ref)) { 808 if (IS_ERR(key_ref)) {
809 ret = PTR_ERR(key_ref); 809 ret = PTR_ERR(key_ref);
810 goto error; 810 goto error;
@@ -817,7 +817,7 @@ long keyctl_setperm_key(key_serial_t id, key_perm_t perm)
817 down_write(&key->sem); 817 down_write(&key->sem);
818 818
819 /* if we're not the sysadmin, we can only change a key that we own */ 819 /* if we're not the sysadmin, we can only change a key that we own */
820 if (capable(CAP_SYS_ADMIN) || key->uid == current->fsuid) { 820 if (capable(CAP_SYS_ADMIN) || key->uid == current_fsuid()) {
821 key->perm = perm; 821 key->perm = perm;
822 ret = 0; 822 ret = 0;
823 } 823 }
@@ -829,6 +829,60 @@ error:
829 829
830} /* end keyctl_setperm_key() */ 830} /* end keyctl_setperm_key() */
831 831
832/*
833 * get the destination keyring for instantiation
834 */
835static long get_instantiation_keyring(key_serial_t ringid,
836 struct request_key_auth *rka,
837 struct key **_dest_keyring)
838{
839 key_ref_t dkref;
840
841 /* just return a NULL pointer if we weren't asked to make a link */
842 if (ringid == 0) {
843 *_dest_keyring = NULL;
844 return 0;
845 }
846
847 /* if a specific keyring is nominated by ID, then use that */
848 if (ringid > 0) {
849 dkref = lookup_user_key(ringid, 1, 0, KEY_WRITE);
850 if (IS_ERR(dkref))
851 return PTR_ERR(dkref);
852 *_dest_keyring = key_ref_to_ptr(dkref);
853 return 0;
854 }
855
856 if (ringid == KEY_SPEC_REQKEY_AUTH_KEY)
857 return -EINVAL;
858
859 /* otherwise specify the destination keyring recorded in the
860 * authorisation key (any KEY_SPEC_*_KEYRING) */
861 if (ringid >= KEY_SPEC_REQUESTOR_KEYRING) {
862 *_dest_keyring = rka->dest_keyring;
863 return 0;
864 }
865
866 return -ENOKEY;
867}
868
869/*
870 * change the request_key authorisation key on the current process
871 */
872static int keyctl_change_reqkey_auth(struct key *key)
873{
874 struct cred *new;
875
876 new = prepare_creds();
877 if (!new)
878 return -ENOMEM;
879
880 key_put(new->request_key_auth);
881 new->request_key_auth = key_get(key);
882
883 return commit_creds(new);
884}
885
832/*****************************************************************************/ 886/*****************************************************************************/
833/* 887/*
834 * instantiate the key with the specified payload, and, if one is given, link 888 * instantiate the key with the specified payload, and, if one is given, link
@@ -839,13 +893,15 @@ long keyctl_instantiate_key(key_serial_t id,
839 size_t plen, 893 size_t plen,
840 key_serial_t ringid) 894 key_serial_t ringid)
841{ 895{
896 const struct cred *cred = current_cred();
842 struct request_key_auth *rka; 897 struct request_key_auth *rka;
843 struct key *instkey; 898 struct key *instkey, *dest_keyring;
844 key_ref_t keyring_ref;
845 void *payload; 899 void *payload;
846 long ret; 900 long ret;
847 bool vm = false; 901 bool vm = false;
848 902
903 kenter("%d,,%zu,%d", id, plen, ringid);
904
849 ret = -EINVAL; 905 ret = -EINVAL;
850 if (plen > 1024 * 1024 - 1) 906 if (plen > 1024 * 1024 - 1)
851 goto error; 907 goto error;
@@ -853,7 +909,7 @@ long keyctl_instantiate_key(key_serial_t id,
853 /* the appropriate instantiation authorisation key must have been 909 /* the appropriate instantiation authorisation key must have been
854 * assumed before calling this */ 910 * assumed before calling this */
855 ret = -EPERM; 911 ret = -EPERM;
856 instkey = current->request_key_auth; 912 instkey = cred->request_key_auth;
857 if (!instkey) 913 if (!instkey)
858 goto error; 914 goto error;
859 915
@@ -883,28 +939,20 @@ long keyctl_instantiate_key(key_serial_t id,
883 939
884 /* find the destination keyring amongst those belonging to the 940 /* find the destination keyring amongst those belonging to the
885 * requesting task */ 941 * requesting task */
886 keyring_ref = NULL; 942 ret = get_instantiation_keyring(ringid, rka, &dest_keyring);
887 if (ringid) { 943 if (ret < 0)
888 keyring_ref = lookup_user_key(rka->context, ringid, 1, 0, 944 goto error2;
889 KEY_WRITE);
890 if (IS_ERR(keyring_ref)) {
891 ret = PTR_ERR(keyring_ref);
892 goto error2;
893 }
894 }
895 945
896 /* instantiate the key and link it into a keyring */ 946 /* instantiate the key and link it into a keyring */
897 ret = key_instantiate_and_link(rka->target_key, payload, plen, 947 ret = key_instantiate_and_link(rka->target_key, payload, plen,
898 key_ref_to_ptr(keyring_ref), instkey); 948 dest_keyring, instkey);
899 949
900 key_ref_put(keyring_ref); 950 key_put(dest_keyring);
901 951
902 /* discard the assumed authority if it's just been disabled by 952 /* discard the assumed authority if it's just been disabled by
903 * instantiation of the key */ 953 * instantiation of the key */
904 if (ret == 0) { 954 if (ret == 0)
905 key_put(current->request_key_auth); 955 keyctl_change_reqkey_auth(NULL);
906 current->request_key_auth = NULL;
907 }
908 956
909error2: 957error2:
910 if (!vm) 958 if (!vm)
@@ -923,15 +971,17 @@ error:
923 */ 971 */
924long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid) 972long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid)
925{ 973{
974 const struct cred *cred = current_cred();
926 struct request_key_auth *rka; 975 struct request_key_auth *rka;
927 struct key *instkey; 976 struct key *instkey, *dest_keyring;
928 key_ref_t keyring_ref;
929 long ret; 977 long ret;
930 978
979 kenter("%d,%u,%d", id, timeout, ringid);
980
931 /* the appropriate instantiation authorisation key must have been 981 /* the appropriate instantiation authorisation key must have been
932 * assumed before calling this */ 982 * assumed before calling this */
933 ret = -EPERM; 983 ret = -EPERM;
934 instkey = current->request_key_auth; 984 instkey = cred->request_key_auth;
935 if (!instkey) 985 if (!instkey)
936 goto error; 986 goto error;
937 987
@@ -941,27 +991,20 @@ long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid)
941 991
942 /* find the destination keyring if present (which must also be 992 /* find the destination keyring if present (which must also be
943 * writable) */ 993 * writable) */
944 keyring_ref = NULL; 994 ret = get_instantiation_keyring(ringid, rka, &dest_keyring);
945 if (ringid) { 995 if (ret < 0)
946 keyring_ref = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE); 996 goto error;
947 if (IS_ERR(keyring_ref)) {
948 ret = PTR_ERR(keyring_ref);
949 goto error;
950 }
951 }
952 997
953 /* instantiate the key and link it into a keyring */ 998 /* instantiate the key and link it into a keyring */
954 ret = key_negate_and_link(rka->target_key, timeout, 999 ret = key_negate_and_link(rka->target_key, timeout,
955 key_ref_to_ptr(keyring_ref), instkey); 1000 dest_keyring, instkey);
956 1001
957 key_ref_put(keyring_ref); 1002 key_put(dest_keyring);
958 1003
959 /* discard the assumed authority if it's just been disabled by 1004 /* discard the assumed authority if it's just been disabled by
960 * instantiation of the key */ 1005 * instantiation of the key */
961 if (ret == 0) { 1006 if (ret == 0)
962 key_put(current->request_key_auth); 1007 keyctl_change_reqkey_auth(NULL);
963 current->request_key_auth = NULL;
964 }
965 1008
966error: 1009error:
967 return ret; 1010 return ret;
@@ -975,35 +1018,56 @@ error:
975 */ 1018 */
976long keyctl_set_reqkey_keyring(int reqkey_defl) 1019long keyctl_set_reqkey_keyring(int reqkey_defl)
977{ 1020{
978 int ret; 1021 struct cred *new;
1022 int ret, old_setting;
1023
1024 old_setting = current_cred_xxx(jit_keyring);
1025
1026 if (reqkey_defl == KEY_REQKEY_DEFL_NO_CHANGE)
1027 return old_setting;
1028
1029 new = prepare_creds();
1030 if (!new)
1031 return -ENOMEM;
979 1032
980 switch (reqkey_defl) { 1033 switch (reqkey_defl) {
981 case KEY_REQKEY_DEFL_THREAD_KEYRING: 1034 case KEY_REQKEY_DEFL_THREAD_KEYRING:
982 ret = install_thread_keyring(current); 1035 ret = install_thread_keyring_to_cred(new);
983 if (ret < 0) 1036 if (ret < 0)
984 return ret; 1037 goto error;
985 goto set; 1038 goto set;
986 1039
987 case KEY_REQKEY_DEFL_PROCESS_KEYRING: 1040 case KEY_REQKEY_DEFL_PROCESS_KEYRING:
988 ret = install_process_keyring(current); 1041 ret = install_process_keyring_to_cred(new);
989 if (ret < 0) 1042 if (ret < 0) {
990 return ret; 1043 if (ret != -EEXIST)
1044 goto error;
1045 ret = 0;
1046 }
1047 goto set;
991 1048
992 case KEY_REQKEY_DEFL_DEFAULT: 1049 case KEY_REQKEY_DEFL_DEFAULT:
993 case KEY_REQKEY_DEFL_SESSION_KEYRING: 1050 case KEY_REQKEY_DEFL_SESSION_KEYRING:
994 case KEY_REQKEY_DEFL_USER_KEYRING: 1051 case KEY_REQKEY_DEFL_USER_KEYRING:
995 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: 1052 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
996 set: 1053 case KEY_REQKEY_DEFL_REQUESTOR_KEYRING:
997 current->jit_keyring = reqkey_defl; 1054 goto set;
998 1055
999 case KEY_REQKEY_DEFL_NO_CHANGE: 1056 case KEY_REQKEY_DEFL_NO_CHANGE:
1000 return current->jit_keyring;
1001
1002 case KEY_REQKEY_DEFL_GROUP_KEYRING: 1057 case KEY_REQKEY_DEFL_GROUP_KEYRING:
1003 default: 1058 default:
1004 return -EINVAL; 1059 ret = -EINVAL;
1060 goto error;
1005 } 1061 }
1006 1062
1063set:
1064 new->jit_keyring = reqkey_defl;
1065 commit_creds(new);
1066 return old_setting;
1067error:
1068 abort_creds(new);
1069 return -EINVAL;
1070
1007} /* end keyctl_set_reqkey_keyring() */ 1071} /* end keyctl_set_reqkey_keyring() */
1008 1072
1009/*****************************************************************************/ 1073/*****************************************************************************/
@@ -1018,7 +1082,7 @@ long keyctl_set_timeout(key_serial_t id, unsigned timeout)
1018 time_t expiry; 1082 time_t expiry;
1019 long ret; 1083 long ret;
1020 1084
1021 key_ref = lookup_user_key(NULL, id, 1, 1, KEY_SETATTR); 1085 key_ref = lookup_user_key(id, 1, 1, KEY_SETATTR);
1022 if (IS_ERR(key_ref)) { 1086 if (IS_ERR(key_ref)) {
1023 ret = PTR_ERR(key_ref); 1087 ret = PTR_ERR(key_ref);
1024 goto error; 1088 goto error;
@@ -1062,9 +1126,7 @@ long keyctl_assume_authority(key_serial_t id)
1062 1126
1063 /* we divest ourselves of authority if given an ID of 0 */ 1127 /* we divest ourselves of authority if given an ID of 0 */
1064 if (id == 0) { 1128 if (id == 0) {
1065 key_put(current->request_key_auth); 1129 ret = keyctl_change_reqkey_auth(NULL);
1066 current->request_key_auth = NULL;
1067 ret = 0;
1068 goto error; 1130 goto error;
1069 } 1131 }
1070 1132
@@ -1079,10 +1141,12 @@ long keyctl_assume_authority(key_serial_t id)
1079 goto error; 1141 goto error;
1080 } 1142 }
1081 1143
1082 key_put(current->request_key_auth); 1144 ret = keyctl_change_reqkey_auth(authkey);
1083 current->request_key_auth = authkey; 1145 if (ret < 0)
1084 ret = authkey->serial; 1146 goto error;
1147 key_put(authkey);
1085 1148
1149 ret = authkey->serial;
1086error: 1150error:
1087 return ret; 1151 return ret;
1088 1152
@@ -1105,7 +1169,7 @@ long keyctl_get_security(key_serial_t keyid,
1105 char *context; 1169 char *context;
1106 long ret; 1170 long ret;
1107 1171
1108 key_ref = lookup_user_key(NULL, keyid, 0, 1, KEY_VIEW); 1172 key_ref = lookup_user_key(keyid, 0, 1, KEY_VIEW);
1109 if (IS_ERR(key_ref)) { 1173 if (IS_ERR(key_ref)) {
1110 if (PTR_ERR(key_ref) != -EACCES) 1174 if (PTR_ERR(key_ref) != -EACCES)
1111 return PTR_ERR(key_ref); 1175 return PTR_ERR(key_ref);
@@ -1117,7 +1181,7 @@ long keyctl_get_security(key_serial_t keyid,
1117 return PTR_ERR(key_ref); 1181 return PTR_ERR(key_ref);
1118 key_put(instkey); 1182 key_put(instkey);
1119 1183
1120 key_ref = lookup_user_key(NULL, keyid, 0, 1, 0); 1184 key_ref = lookup_user_key(keyid, 0, 1, 0);
1121 if (IS_ERR(key_ref)) 1185 if (IS_ERR(key_ref))
1122 return PTR_ERR(key_ref); 1186 return PTR_ERR(key_ref);
1123 } 1187 }
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index a9ab8affc092..ed851574d073 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -16,6 +16,7 @@
16#include <linux/security.h> 16#include <linux/security.h>
17#include <linux/seq_file.h> 17#include <linux/seq_file.h>
18#include <linux/err.h> 18#include <linux/err.h>
19#include <keys/keyring-type.h>
19#include <asm/uaccess.h> 20#include <asm/uaccess.h>
20#include "internal.h" 21#include "internal.h"
21 22
@@ -244,14 +245,14 @@ static long keyring_read(const struct key *keyring,
244 * allocate a keyring and link into the destination keyring 245 * allocate a keyring and link into the destination keyring
245 */ 246 */
246struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid, 247struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
247 struct task_struct *ctx, unsigned long flags, 248 const struct cred *cred, unsigned long flags,
248 struct key *dest) 249 struct key *dest)
249{ 250{
250 struct key *keyring; 251 struct key *keyring;
251 int ret; 252 int ret;
252 253
253 keyring = key_alloc(&key_type_keyring, description, 254 keyring = key_alloc(&key_type_keyring, description,
254 uid, gid, ctx, 255 uid, gid, cred,
255 (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL, 256 (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL,
256 flags); 257 flags);
257 258
@@ -280,7 +281,7 @@ struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
280 * - we propagate the possession attribute from the keyring ref to the key ref 281 * - we propagate the possession attribute from the keyring ref to the key ref
281 */ 282 */
282key_ref_t keyring_search_aux(key_ref_t keyring_ref, 283key_ref_t keyring_search_aux(key_ref_t keyring_ref,
283 struct task_struct *context, 284 const struct cred *cred,
284 struct key_type *type, 285 struct key_type *type,
285 const void *description, 286 const void *description,
286 key_match_func_t match) 287 key_match_func_t match)
@@ -303,7 +304,7 @@ key_ref_t keyring_search_aux(key_ref_t keyring_ref,
303 key_check(keyring); 304 key_check(keyring);
304 305
305 /* top keyring must have search permission to begin the search */ 306 /* top keyring must have search permission to begin the search */
306 err = key_task_permission(keyring_ref, context, KEY_SEARCH); 307 err = key_task_permission(keyring_ref, cred, KEY_SEARCH);
307 if (err < 0) { 308 if (err < 0) {
308 key_ref = ERR_PTR(err); 309 key_ref = ERR_PTR(err);
309 goto error; 310 goto error;
@@ -376,7 +377,7 @@ descend:
376 377
377 /* key must have search permissions */ 378 /* key must have search permissions */
378 if (key_task_permission(make_key_ref(key, possessed), 379 if (key_task_permission(make_key_ref(key, possessed),
379 context, KEY_SEARCH) < 0) 380 cred, KEY_SEARCH) < 0)
380 continue; 381 continue;
381 382
382 /* we set a different error code if we pass a negative key */ 383 /* we set a different error code if we pass a negative key */
@@ -403,7 +404,7 @@ ascend:
403 continue; 404 continue;
404 405
405 if (key_task_permission(make_key_ref(key, possessed), 406 if (key_task_permission(make_key_ref(key, possessed),
406 context, KEY_SEARCH) < 0) 407 cred, KEY_SEARCH) < 0)
407 continue; 408 continue;
408 409
409 /* stack the current position */ 410 /* stack the current position */
@@ -458,7 +459,7 @@ key_ref_t keyring_search(key_ref_t keyring,
458 if (!type->match) 459 if (!type->match)
459 return ERR_PTR(-ENOKEY); 460 return ERR_PTR(-ENOKEY);
460 461
461 return keyring_search_aux(keyring, current, 462 return keyring_search_aux(keyring, current->cred,
462 type, description, type->match); 463 type, description, type->match);
463 464
464} /* end keyring_search() */ 465} /* end keyring_search() */
diff --git a/security/keys/permission.c b/security/keys/permission.c
index 3b41f9b52537..5d9fc7b93f2e 100644
--- a/security/keys/permission.c
+++ b/security/keys/permission.c
@@ -14,12 +14,19 @@
14#include "internal.h" 14#include "internal.h"
15 15
16/*****************************************************************************/ 16/*****************************************************************************/
17/* 17/**
18 * check to see whether permission is granted to use a key in the desired way, 18 * key_task_permission - Check a key can be used
19 * but permit the security modules to override 19 * @key_ref: The key to check
20 * @cred: The credentials to use
21 * @perm: The permissions to check for
22 *
23 * Check to see whether permission is granted to use a key in the desired way,
24 * but permit the security modules to override.
25 *
26 * The caller must hold either a ref on cred or must hold the RCU readlock or a
27 * spinlock.
20 */ 28 */
21int key_task_permission(const key_ref_t key_ref, 29int key_task_permission(const key_ref_t key_ref, const struct cred *cred,
22 struct task_struct *context,
23 key_perm_t perm) 30 key_perm_t perm)
24{ 31{
25 struct key *key; 32 struct key *key;
@@ -29,7 +36,7 @@ int key_task_permission(const key_ref_t key_ref,
29 key = key_ref_to_ptr(key_ref); 36 key = key_ref_to_ptr(key_ref);
30 37
31 /* use the second 8-bits of permissions for keys the caller owns */ 38 /* use the second 8-bits of permissions for keys the caller owns */
32 if (key->uid == context->fsuid) { 39 if (key->uid == cred->fsuid) {
33 kperm = key->perm >> 16; 40 kperm = key->perm >> 16;
34 goto use_these_perms; 41 goto use_these_perms;
35 } 42 }
@@ -37,15 +44,12 @@ int key_task_permission(const key_ref_t key_ref,
37 /* use the third 8-bits of permissions for keys the caller has a group 44 /* use the third 8-bits of permissions for keys the caller has a group
38 * membership in common with */ 45 * membership in common with */
39 if (key->gid != -1 && key->perm & KEY_GRP_ALL) { 46 if (key->gid != -1 && key->perm & KEY_GRP_ALL) {
40 if (key->gid == context->fsgid) { 47 if (key->gid == cred->fsgid) {
41 kperm = key->perm >> 8; 48 kperm = key->perm >> 8;
42 goto use_these_perms; 49 goto use_these_perms;
43 } 50 }
44 51
45 task_lock(context); 52 ret = groups_search(cred->group_info, key->gid);
46 ret = groups_search(context->group_info, key->gid);
47 task_unlock(context);
48
49 if (ret) { 53 if (ret) {
50 kperm = key->perm >> 8; 54 kperm = key->perm >> 8;
51 goto use_these_perms; 55 goto use_these_perms;
@@ -56,6 +60,7 @@ int key_task_permission(const key_ref_t key_ref,
56 kperm = key->perm; 60 kperm = key->perm;
57 61
58use_these_perms: 62use_these_perms:
63
59 /* use the top 8-bits of permissions for keys the caller possesses 64 /* use the top 8-bits of permissions for keys the caller possesses
60 * - possessor permissions are additive with other permissions 65 * - possessor permissions are additive with other permissions
61 */ 66 */
@@ -68,7 +73,7 @@ use_these_perms:
68 return -EACCES; 73 return -EACCES;
69 74
70 /* let LSM be the final arbiter */ 75 /* let LSM be the final arbiter */
71 return security_key_permission(key_ref, context, perm); 76 return security_key_permission(key_ref, cred, perm);
72 77
73} /* end key_task_permission() */ 78} /* end key_task_permission() */
74 79
diff --git a/security/keys/proc.c b/security/keys/proc.c
index f619170da760..7f508def50e3 100644
--- a/security/keys/proc.c
+++ b/security/keys/proc.c
@@ -136,8 +136,12 @@ static int proc_keys_show(struct seq_file *m, void *v)
136 int rc; 136 int rc;
137 137
138 /* check whether the current task is allowed to view the key (assuming 138 /* check whether the current task is allowed to view the key (assuming
139 * non-possession) */ 139 * non-possession)
140 rc = key_task_permission(make_key_ref(key, 0), current, KEY_VIEW); 140 * - the caller holds a spinlock, and thus the RCU read lock, making our
141 * access to __current_cred() safe
142 */
143 rc = key_task_permission(make_key_ref(key, 0), current_cred(),
144 KEY_VIEW);
141 if (rc < 0) 145 if (rc < 0)
142 return 0; 146 return 0;
143 147
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index 45b240af6dbe..2f5d89e92b85 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -40,13 +40,17 @@ struct key_user root_key_user = {
40/* 40/*
41 * install user and user session keyrings for a particular UID 41 * install user and user session keyrings for a particular UID
42 */ 42 */
43int install_user_keyrings(struct task_struct *tsk) 43int install_user_keyrings(void)
44{ 44{
45 struct user_struct *user = tsk->user; 45 struct user_struct *user;
46 const struct cred *cred;
46 struct key *uid_keyring, *session_keyring; 47 struct key *uid_keyring, *session_keyring;
47 char buf[20]; 48 char buf[20];
48 int ret; 49 int ret;
49 50
51 cred = current_cred();
52 user = cred->user;
53
50 kenter("%p{%u}", user, user->uid); 54 kenter("%p{%u}", user, user->uid);
51 55
52 if (user->uid_keyring) { 56 if (user->uid_keyring) {
@@ -67,7 +71,7 @@ int install_user_keyrings(struct task_struct *tsk)
67 uid_keyring = find_keyring_by_name(buf, true); 71 uid_keyring = find_keyring_by_name(buf, true);
68 if (IS_ERR(uid_keyring)) { 72 if (IS_ERR(uid_keyring)) {
69 uid_keyring = keyring_alloc(buf, user->uid, (gid_t) -1, 73 uid_keyring = keyring_alloc(buf, user->uid, (gid_t) -1,
70 tsk, KEY_ALLOC_IN_QUOTA, 74 cred, KEY_ALLOC_IN_QUOTA,
71 NULL); 75 NULL);
72 if (IS_ERR(uid_keyring)) { 76 if (IS_ERR(uid_keyring)) {
73 ret = PTR_ERR(uid_keyring); 77 ret = PTR_ERR(uid_keyring);
@@ -83,7 +87,7 @@ int install_user_keyrings(struct task_struct *tsk)
83 if (IS_ERR(session_keyring)) { 87 if (IS_ERR(session_keyring)) {
84 session_keyring = 88 session_keyring =
85 keyring_alloc(buf, user->uid, (gid_t) -1, 89 keyring_alloc(buf, user->uid, (gid_t) -1,
86 tsk, KEY_ALLOC_IN_QUOTA, NULL); 90 cred, KEY_ALLOC_IN_QUOTA, NULL);
87 if (IS_ERR(session_keyring)) { 91 if (IS_ERR(session_keyring)) {
88 ret = PTR_ERR(session_keyring); 92 ret = PTR_ERR(session_keyring);
89 goto error_release; 93 goto error_release;
@@ -115,140 +119,128 @@ error:
115 return ret; 119 return ret;
116} 120}
117 121
118/*****************************************************************************/
119/* 122/*
120 * deal with the UID changing 123 * install a fresh thread keyring directly to new credentials
121 */ 124 */
122void switch_uid_keyring(struct user_struct *new_user) 125int install_thread_keyring_to_cred(struct cred *new)
123{ 126{
124#if 0 /* do nothing for now */ 127 struct key *keyring;
125 struct key *old;
126
127 /* switch to the new user's session keyring if we were running under
128 * root's default session keyring */
129 if (new_user->uid != 0 &&
130 current->session_keyring == &root_session_keyring
131 ) {
132 atomic_inc(&new_user->session_keyring->usage);
133
134 task_lock(current);
135 old = current->session_keyring;
136 current->session_keyring = new_user->session_keyring;
137 task_unlock(current);
138 128
139 key_put(old); 129 keyring = keyring_alloc("_tid", new->uid, new->gid, new,
140 } 130 KEY_ALLOC_QUOTA_OVERRUN, NULL);
141#endif 131 if (IS_ERR(keyring))
132 return PTR_ERR(keyring);
142 133
143} /* end switch_uid_keyring() */ 134 new->thread_keyring = keyring;
135 return 0;
136}
144 137
145/*****************************************************************************/
146/* 138/*
147 * install a fresh thread keyring, discarding the old one 139 * install a fresh thread keyring, discarding the old one
148 */ 140 */
149int install_thread_keyring(struct task_struct *tsk) 141static int install_thread_keyring(void)
150{ 142{
151 struct key *keyring, *old; 143 struct cred *new;
152 char buf[20];
153 int ret; 144 int ret;
154 145
155 sprintf(buf, "_tid.%u", tsk->pid); 146 new = prepare_creds();
147 if (!new)
148 return -ENOMEM;
156 149
157 keyring = keyring_alloc(buf, tsk->uid, tsk->gid, tsk, 150 BUG_ON(new->thread_keyring);
158 KEY_ALLOC_QUOTA_OVERRUN, NULL); 151
159 if (IS_ERR(keyring)) { 152 ret = install_thread_keyring_to_cred(new);
160 ret = PTR_ERR(keyring); 153 if (ret < 0) {
161 goto error; 154 abort_creds(new);
155 return ret;
162 } 156 }
163 157
164 task_lock(tsk); 158 return commit_creds(new);
165 old = tsk->thread_keyring; 159}
166 tsk->thread_keyring = keyring;
167 task_unlock(tsk);
168 160
169 ret = 0; 161/*
162 * install a process keyring directly to a credentials struct
163 * - returns -EEXIST if there was already a process keyring, 0 if one installed,
164 * and other -ve on any other error
165 */
166int install_process_keyring_to_cred(struct cred *new)
167{
168 struct key *keyring;
169 int ret;
170 170
171 key_put(old); 171 if (new->tgcred->process_keyring)
172error: 172 return -EEXIST;
173
174 keyring = keyring_alloc("_pid", new->uid, new->gid,
175 new, KEY_ALLOC_QUOTA_OVERRUN, NULL);
176 if (IS_ERR(keyring))
177 return PTR_ERR(keyring);
178
179 spin_lock_irq(&new->tgcred->lock);
180 if (!new->tgcred->process_keyring) {
181 new->tgcred->process_keyring = keyring;
182 keyring = NULL;
183 ret = 0;
184 } else {
185 ret = -EEXIST;
186 }
187 spin_unlock_irq(&new->tgcred->lock);
188 key_put(keyring);
173 return ret; 189 return ret;
190}
174 191
175} /* end install_thread_keyring() */
176
177/*****************************************************************************/
178/* 192/*
179 * make sure a process keyring is installed 193 * make sure a process keyring is installed
194 * - we
180 */ 195 */
181int install_process_keyring(struct task_struct *tsk) 196static int install_process_keyring(void)
182{ 197{
183 struct key *keyring; 198 struct cred *new;
184 char buf[20];
185 int ret; 199 int ret;
186 200
187 might_sleep(); 201 new = prepare_creds();
188 202 if (!new)
189 if (!tsk->signal->process_keyring) { 203 return -ENOMEM;
190 sprintf(buf, "_pid.%u", tsk->tgid);
191
192 keyring = keyring_alloc(buf, tsk->uid, tsk->gid, tsk,
193 KEY_ALLOC_QUOTA_OVERRUN, NULL);
194 if (IS_ERR(keyring)) {
195 ret = PTR_ERR(keyring);
196 goto error;
197 }
198
199 /* attach keyring */
200 spin_lock_irq(&tsk->sighand->siglock);
201 if (!tsk->signal->process_keyring) {
202 tsk->signal->process_keyring = keyring;
203 keyring = NULL;
204 }
205 spin_unlock_irq(&tsk->sighand->siglock);
206 204
207 key_put(keyring); 205 ret = install_process_keyring_to_cred(new);
206 if (ret < 0) {
207 abort_creds(new);
208 return ret != -EEXIST ?: 0;
208 } 209 }
209 210
210 ret = 0; 211 return commit_creds(new);
211error: 212}
212 return ret;
213
214} /* end install_process_keyring() */
215 213
216/*****************************************************************************/
217/* 214/*
218 * install a session keyring, discarding the old one 215 * install a session keyring directly to a credentials struct
219 * - if a keyring is not supplied, an empty one is invented
220 */ 216 */
221static int install_session_keyring(struct task_struct *tsk, 217static int install_session_keyring_to_cred(struct cred *cred,
222 struct key *keyring) 218 struct key *keyring)
223{ 219{
224 unsigned long flags; 220 unsigned long flags;
225 struct key *old; 221 struct key *old;
226 char buf[20];
227 222
228 might_sleep(); 223 might_sleep();
229 224
230 /* create an empty session keyring */ 225 /* create an empty session keyring */
231 if (!keyring) { 226 if (!keyring) {
232 sprintf(buf, "_ses.%u", tsk->tgid);
233
234 flags = KEY_ALLOC_QUOTA_OVERRUN; 227 flags = KEY_ALLOC_QUOTA_OVERRUN;
235 if (tsk->signal->session_keyring) 228 if (cred->tgcred->session_keyring)
236 flags = KEY_ALLOC_IN_QUOTA; 229 flags = KEY_ALLOC_IN_QUOTA;
237 230
238 keyring = keyring_alloc(buf, tsk->uid, tsk->gid, tsk, 231 keyring = keyring_alloc("_ses", cred->uid, cred->gid,
239 flags, NULL); 232 cred, flags, NULL);
240 if (IS_ERR(keyring)) 233 if (IS_ERR(keyring))
241 return PTR_ERR(keyring); 234 return PTR_ERR(keyring);
242 } 235 } else {
243 else {
244 atomic_inc(&keyring->usage); 236 atomic_inc(&keyring->usage);
245 } 237 }
246 238
247 /* install the keyring */ 239 /* install the keyring */
248 spin_lock_irq(&tsk->sighand->siglock); 240 spin_lock_irq(&cred->tgcred->lock);
249 old = tsk->signal->session_keyring; 241 old = cred->tgcred->session_keyring;
250 rcu_assign_pointer(tsk->signal->session_keyring, keyring); 242 rcu_assign_pointer(cred->tgcred->session_keyring, keyring);
251 spin_unlock_irq(&tsk->sighand->siglock); 243 spin_unlock_irq(&cred->tgcred->lock);
252 244
253 /* we're using RCU on the pointer, but there's no point synchronising 245 /* we're using RCU on the pointer, but there's no point synchronising
254 * on it if it didn't previously point to anything */ 246 * on it if it didn't previously point to anything */
@@ -258,110 +250,29 @@ static int install_session_keyring(struct task_struct *tsk,
258 } 250 }
259 251
260 return 0; 252 return 0;
253}
261 254
262} /* end install_session_keyring() */
263
264/*****************************************************************************/
265/*
266 * copy the keys in a thread group for fork without CLONE_THREAD
267 */
268int copy_thread_group_keys(struct task_struct *tsk)
269{
270 key_check(current->thread_group->session_keyring);
271 key_check(current->thread_group->process_keyring);
272
273 /* no process keyring yet */
274 tsk->signal->process_keyring = NULL;
275
276 /* same session keyring */
277 rcu_read_lock();
278 tsk->signal->session_keyring =
279 key_get(rcu_dereference(current->signal->session_keyring));
280 rcu_read_unlock();
281
282 return 0;
283
284} /* end copy_thread_group_keys() */
285
286/*****************************************************************************/
287/*
288 * copy the keys for fork
289 */
290int copy_keys(unsigned long clone_flags, struct task_struct *tsk)
291{
292 key_check(tsk->thread_keyring);
293 key_check(tsk->request_key_auth);
294
295 /* no thread keyring yet */
296 tsk->thread_keyring = NULL;
297
298 /* copy the request_key() authorisation for this thread */
299 key_get(tsk->request_key_auth);
300
301 return 0;
302
303} /* end copy_keys() */
304
305/*****************************************************************************/
306/*
307 * dispose of thread group keys upon thread group destruction
308 */
309void exit_thread_group_keys(struct signal_struct *tg)
310{
311 key_put(tg->session_keyring);
312 key_put(tg->process_keyring);
313
314} /* end exit_thread_group_keys() */
315
316/*****************************************************************************/
317/*
318 * dispose of per-thread keys upon thread exit
319 */
320void exit_keys(struct task_struct *tsk)
321{
322 key_put(tsk->thread_keyring);
323 key_put(tsk->request_key_auth);
324
325} /* end exit_keys() */
326
327/*****************************************************************************/
328/* 255/*
329 * deal with execve() 256 * install a session keyring, discarding the old one
257 * - if a keyring is not supplied, an empty one is invented
330 */ 258 */
331int exec_keys(struct task_struct *tsk) 259static int install_session_keyring(struct key *keyring)
332{ 260{
333 struct key *old; 261 struct cred *new;
334 262 int ret;
335 /* newly exec'd tasks don't get a thread keyring */
336 task_lock(tsk);
337 old = tsk->thread_keyring;
338 tsk->thread_keyring = NULL;
339 task_unlock(tsk);
340
341 key_put(old);
342
343 /* discard the process keyring from a newly exec'd task */
344 spin_lock_irq(&tsk->sighand->siglock);
345 old = tsk->signal->process_keyring;
346 tsk->signal->process_keyring = NULL;
347 spin_unlock_irq(&tsk->sighand->siglock);
348
349 key_put(old);
350
351 return 0;
352 263
353} /* end exec_keys() */ 264 new = prepare_creds();
265 if (!new)
266 return -ENOMEM;
354 267
355/*****************************************************************************/ 268 ret = install_session_keyring_to_cred(new, NULL);
356/* 269 if (ret < 0) {
357 * deal with SUID programs 270 abort_creds(new);
358 * - we might want to make this invent a new session keyring 271 return ret;
359 */ 272 }
360int suid_keys(struct task_struct *tsk)
361{
362 return 0;
363 273
364} /* end suid_keys() */ 274 return commit_creds(new);
275}
365 276
366/*****************************************************************************/ 277/*****************************************************************************/
367/* 278/*
@@ -370,10 +281,11 @@ int suid_keys(struct task_struct *tsk)
370void key_fsuid_changed(struct task_struct *tsk) 281void key_fsuid_changed(struct task_struct *tsk)
371{ 282{
372 /* update the ownership of the thread keyring */ 283 /* update the ownership of the thread keyring */
373 if (tsk->thread_keyring) { 284 BUG_ON(!tsk->cred);
374 down_write(&tsk->thread_keyring->sem); 285 if (tsk->cred->thread_keyring) {
375 tsk->thread_keyring->uid = tsk->fsuid; 286 down_write(&tsk->cred->thread_keyring->sem);
376 up_write(&tsk->thread_keyring->sem); 287 tsk->cred->thread_keyring->uid = tsk->cred->fsuid;
288 up_write(&tsk->cred->thread_keyring->sem);
377 } 289 }
378 290
379} /* end key_fsuid_changed() */ 291} /* end key_fsuid_changed() */
@@ -385,10 +297,11 @@ void key_fsuid_changed(struct task_struct *tsk)
385void key_fsgid_changed(struct task_struct *tsk) 297void key_fsgid_changed(struct task_struct *tsk)
386{ 298{
387 /* update the ownership of the thread keyring */ 299 /* update the ownership of the thread keyring */
388 if (tsk->thread_keyring) { 300 BUG_ON(!tsk->cred);
389 down_write(&tsk->thread_keyring->sem); 301 if (tsk->cred->thread_keyring) {
390 tsk->thread_keyring->gid = tsk->fsgid; 302 down_write(&tsk->cred->thread_keyring->sem);
391 up_write(&tsk->thread_keyring->sem); 303 tsk->cred->thread_keyring->gid = tsk->cred->fsgid;
304 up_write(&tsk->cred->thread_keyring->sem);
392 } 305 }
393 306
394} /* end key_fsgid_changed() */ 307} /* end key_fsgid_changed() */
@@ -404,7 +317,7 @@ void key_fsgid_changed(struct task_struct *tsk)
404key_ref_t search_process_keyrings(struct key_type *type, 317key_ref_t search_process_keyrings(struct key_type *type,
405 const void *description, 318 const void *description,
406 key_match_func_t match, 319 key_match_func_t match,
407 struct task_struct *context) 320 const struct cred *cred)
408{ 321{
409 struct request_key_auth *rka; 322 struct request_key_auth *rka;
410 key_ref_t key_ref, ret, err; 323 key_ref_t key_ref, ret, err;
@@ -423,10 +336,10 @@ key_ref_t search_process_keyrings(struct key_type *type,
423 err = ERR_PTR(-EAGAIN); 336 err = ERR_PTR(-EAGAIN);
424 337
425 /* search the thread keyring first */ 338 /* search the thread keyring first */
426 if (context->thread_keyring) { 339 if (cred->thread_keyring) {
427 key_ref = keyring_search_aux( 340 key_ref = keyring_search_aux(
428 make_key_ref(context->thread_keyring, 1), 341 make_key_ref(cred->thread_keyring, 1),
429 context, type, description, match); 342 cred, type, description, match);
430 if (!IS_ERR(key_ref)) 343 if (!IS_ERR(key_ref))
431 goto found; 344 goto found;
432 345
@@ -444,10 +357,10 @@ key_ref_t search_process_keyrings(struct key_type *type,
444 } 357 }
445 358
446 /* search the process keyring second */ 359 /* search the process keyring second */
447 if (context->signal->process_keyring) { 360 if (cred->tgcred->process_keyring) {
448 key_ref = keyring_search_aux( 361 key_ref = keyring_search_aux(
449 make_key_ref(context->signal->process_keyring, 1), 362 make_key_ref(cred->tgcred->process_keyring, 1),
450 context, type, description, match); 363 cred, type, description, match);
451 if (!IS_ERR(key_ref)) 364 if (!IS_ERR(key_ref))
452 goto found; 365 goto found;
453 366
@@ -465,13 +378,13 @@ key_ref_t search_process_keyrings(struct key_type *type,
465 } 378 }
466 379
467 /* search the session keyring */ 380 /* search the session keyring */
468 if (context->signal->session_keyring) { 381 if (cred->tgcred->session_keyring) {
469 rcu_read_lock(); 382 rcu_read_lock();
470 key_ref = keyring_search_aux( 383 key_ref = keyring_search_aux(
471 make_key_ref(rcu_dereference( 384 make_key_ref(rcu_dereference(
472 context->signal->session_keyring), 385 cred->tgcred->session_keyring),
473 1), 386 1),
474 context, type, description, match); 387 cred, type, description, match);
475 rcu_read_unlock(); 388 rcu_read_unlock();
476 389
477 if (!IS_ERR(key_ref)) 390 if (!IS_ERR(key_ref))
@@ -490,10 +403,10 @@ key_ref_t search_process_keyrings(struct key_type *type,
490 } 403 }
491 } 404 }
492 /* or search the user-session keyring */ 405 /* or search the user-session keyring */
493 else if (context->user->session_keyring) { 406 else if (cred->user->session_keyring) {
494 key_ref = keyring_search_aux( 407 key_ref = keyring_search_aux(
495 make_key_ref(context->user->session_keyring, 1), 408 make_key_ref(cred->user->session_keyring, 1),
496 context, type, description, match); 409 cred, type, description, match);
497 if (!IS_ERR(key_ref)) 410 if (!IS_ERR(key_ref))
498 goto found; 411 goto found;
499 412
@@ -514,20 +427,20 @@ key_ref_t search_process_keyrings(struct key_type *type,
514 * search the keyrings of the process mentioned there 427 * search the keyrings of the process mentioned there
515 * - we don't permit access to request_key auth keys via this method 428 * - we don't permit access to request_key auth keys via this method
516 */ 429 */
517 if (context->request_key_auth && 430 if (cred->request_key_auth &&
518 context == current && 431 cred == current_cred() &&
519 type != &key_type_request_key_auth 432 type != &key_type_request_key_auth
520 ) { 433 ) {
521 /* defend against the auth key being revoked */ 434 /* defend against the auth key being revoked */
522 down_read(&context->request_key_auth->sem); 435 down_read(&cred->request_key_auth->sem);
523 436
524 if (key_validate(context->request_key_auth) == 0) { 437 if (key_validate(cred->request_key_auth) == 0) {
525 rka = context->request_key_auth->payload.data; 438 rka = cred->request_key_auth->payload.data;
526 439
527 key_ref = search_process_keyrings(type, description, 440 key_ref = search_process_keyrings(type, description,
528 match, rka->context); 441 match, rka->cred);
529 442
530 up_read(&context->request_key_auth->sem); 443 up_read(&cred->request_key_auth->sem);
531 444
532 if (!IS_ERR(key_ref)) 445 if (!IS_ERR(key_ref))
533 goto found; 446 goto found;
@@ -544,7 +457,7 @@ key_ref_t search_process_keyrings(struct key_type *type,
544 break; 457 break;
545 } 458 }
546 } else { 459 } else {
547 up_read(&context->request_key_auth->sem); 460 up_read(&cred->request_key_auth->sem);
548 } 461 }
549 } 462 }
550 463
@@ -572,93 +485,98 @@ static int lookup_user_key_possessed(const struct key *key, const void *target)
572 * - don't create special keyrings unless so requested 485 * - don't create special keyrings unless so requested
573 * - partially constructed keys aren't found unless requested 486 * - partially constructed keys aren't found unless requested
574 */ 487 */
575key_ref_t lookup_user_key(struct task_struct *context, key_serial_t id, 488key_ref_t lookup_user_key(key_serial_t id, int create, int partial,
576 int create, int partial, key_perm_t perm) 489 key_perm_t perm)
577{ 490{
578 key_ref_t key_ref, skey_ref; 491 struct request_key_auth *rka;
492 const struct cred *cred;
579 struct key *key; 493 struct key *key;
494 key_ref_t key_ref, skey_ref;
580 int ret; 495 int ret;
581 496
582 if (!context) 497try_again:
583 context = current; 498 cred = get_current_cred();
584
585 key_ref = ERR_PTR(-ENOKEY); 499 key_ref = ERR_PTR(-ENOKEY);
586 500
587 switch (id) { 501 switch (id) {
588 case KEY_SPEC_THREAD_KEYRING: 502 case KEY_SPEC_THREAD_KEYRING:
589 if (!context->thread_keyring) { 503 if (!cred->thread_keyring) {
590 if (!create) 504 if (!create)
591 goto error; 505 goto error;
592 506
593 ret = install_thread_keyring(context); 507 ret = install_thread_keyring();
594 if (ret < 0) { 508 if (ret < 0) {
595 key = ERR_PTR(ret); 509 key = ERR_PTR(ret);
596 goto error; 510 goto error;
597 } 511 }
512 goto reget_creds;
598 } 513 }
599 514
600 key = context->thread_keyring; 515 key = cred->thread_keyring;
601 atomic_inc(&key->usage); 516 atomic_inc(&key->usage);
602 key_ref = make_key_ref(key, 1); 517 key_ref = make_key_ref(key, 1);
603 break; 518 break;
604 519
605 case KEY_SPEC_PROCESS_KEYRING: 520 case KEY_SPEC_PROCESS_KEYRING:
606 if (!context->signal->process_keyring) { 521 if (!cred->tgcred->process_keyring) {
607 if (!create) 522 if (!create)
608 goto error; 523 goto error;
609 524
610 ret = install_process_keyring(context); 525 ret = install_process_keyring();
611 if (ret < 0) { 526 if (ret < 0) {
612 key = ERR_PTR(ret); 527 key = ERR_PTR(ret);
613 goto error; 528 goto error;
614 } 529 }
530 goto reget_creds;
615 } 531 }
616 532
617 key = context->signal->process_keyring; 533 key = cred->tgcred->process_keyring;
618 atomic_inc(&key->usage); 534 atomic_inc(&key->usage);
619 key_ref = make_key_ref(key, 1); 535 key_ref = make_key_ref(key, 1);
620 break; 536 break;
621 537
622 case KEY_SPEC_SESSION_KEYRING: 538 case KEY_SPEC_SESSION_KEYRING:
623 if (!context->signal->session_keyring) { 539 if (!cred->tgcred->session_keyring) {
624 /* always install a session keyring upon access if one 540 /* always install a session keyring upon access if one
625 * doesn't exist yet */ 541 * doesn't exist yet */
626 ret = install_user_keyrings(context); 542 ret = install_user_keyrings();
627 if (ret < 0) 543 if (ret < 0)
628 goto error; 544 goto error;
629 ret = install_session_keyring( 545 ret = install_session_keyring(
630 context, context->user->session_keyring); 546 cred->user->session_keyring);
547
631 if (ret < 0) 548 if (ret < 0)
632 goto error; 549 goto error;
550 goto reget_creds;
633 } 551 }
634 552
635 rcu_read_lock(); 553 rcu_read_lock();
636 key = rcu_dereference(context->signal->session_keyring); 554 key = rcu_dereference(cred->tgcred->session_keyring);
637 atomic_inc(&key->usage); 555 atomic_inc(&key->usage);
638 rcu_read_unlock(); 556 rcu_read_unlock();
639 key_ref = make_key_ref(key, 1); 557 key_ref = make_key_ref(key, 1);
640 break; 558 break;
641 559
642 case KEY_SPEC_USER_KEYRING: 560 case KEY_SPEC_USER_KEYRING:
643 if (!context->user->uid_keyring) { 561 if (!cred->user->uid_keyring) {
644 ret = install_user_keyrings(context); 562 ret = install_user_keyrings();
645 if (ret < 0) 563 if (ret < 0)
646 goto error; 564 goto error;
647 } 565 }
648 566
649 key = context->user->uid_keyring; 567 key = cred->user->uid_keyring;
650 atomic_inc(&key->usage); 568 atomic_inc(&key->usage);
651 key_ref = make_key_ref(key, 1); 569 key_ref = make_key_ref(key, 1);
652 break; 570 break;
653 571
654 case KEY_SPEC_USER_SESSION_KEYRING: 572 case KEY_SPEC_USER_SESSION_KEYRING:
655 if (!context->user->session_keyring) { 573 if (!cred->user->session_keyring) {
656 ret = install_user_keyrings(context); 574 ret = install_user_keyrings();
657 if (ret < 0) 575 if (ret < 0)
658 goto error; 576 goto error;
659 } 577 }
660 578
661 key = context->user->session_keyring; 579 key = cred->user->session_keyring;
662 atomic_inc(&key->usage); 580 atomic_inc(&key->usage);
663 key_ref = make_key_ref(key, 1); 581 key_ref = make_key_ref(key, 1);
664 break; 582 break;
@@ -669,7 +587,7 @@ key_ref_t lookup_user_key(struct task_struct *context, key_serial_t id,
669 goto error; 587 goto error;
670 588
671 case KEY_SPEC_REQKEY_AUTH_KEY: 589 case KEY_SPEC_REQKEY_AUTH_KEY:
672 key = context->request_key_auth; 590 key = cred->request_key_auth;
673 if (!key) 591 if (!key)
674 goto error; 592 goto error;
675 593
@@ -677,6 +595,25 @@ key_ref_t lookup_user_key(struct task_struct *context, key_serial_t id,
677 key_ref = make_key_ref(key, 1); 595 key_ref = make_key_ref(key, 1);
678 break; 596 break;
679 597
598 case KEY_SPEC_REQUESTOR_KEYRING:
599 if (!cred->request_key_auth)
600 goto error;
601
602 down_read(&cred->request_key_auth->sem);
603 if (cred->request_key_auth->flags & KEY_FLAG_REVOKED) {
604 key_ref = ERR_PTR(-EKEYREVOKED);
605 key = NULL;
606 } else {
607 rka = cred->request_key_auth->payload.data;
608 key = rka->dest_keyring;
609 atomic_inc(&key->usage);
610 }
611 up_read(&cred->request_key_auth->sem);
612 if (!key)
613 goto error;
614 key_ref = make_key_ref(key, 1);
615 break;
616
680 default: 617 default:
681 key_ref = ERR_PTR(-EINVAL); 618 key_ref = ERR_PTR(-EINVAL);
682 if (id < 1) 619 if (id < 1)
@@ -693,7 +630,7 @@ key_ref_t lookup_user_key(struct task_struct *context, key_serial_t id,
693 /* check to see if we possess the key */ 630 /* check to see if we possess the key */
694 skey_ref = search_process_keyrings(key->type, key, 631 skey_ref = search_process_keyrings(key->type, key,
695 lookup_user_key_possessed, 632 lookup_user_key_possessed,
696 current); 633 cred);
697 634
698 if (!IS_ERR(skey_ref)) { 635 if (!IS_ERR(skey_ref)) {
699 key_put(key); 636 key_put(key);
@@ -725,11 +662,12 @@ key_ref_t lookup_user_key(struct task_struct *context, key_serial_t id,
725 goto invalid_key; 662 goto invalid_key;
726 663
727 /* check the permissions */ 664 /* check the permissions */
728 ret = key_task_permission(key_ref, context, perm); 665 ret = key_task_permission(key_ref, cred, perm);
729 if (ret < 0) 666 if (ret < 0)
730 goto invalid_key; 667 goto invalid_key;
731 668
732error: 669error:
670 put_cred(cred);
733 return key_ref; 671 return key_ref;
734 672
735invalid_key: 673invalid_key:
@@ -737,6 +675,12 @@ invalid_key:
737 key_ref = ERR_PTR(ret); 675 key_ref = ERR_PTR(ret);
738 goto error; 676 goto error;
739 677
678 /* if we attempted to install a keyring, then it may have caused new
679 * creds to be installed */
680reget_creds:
681 put_cred(cred);
682 goto try_again;
683
740} /* end lookup_user_key() */ 684} /* end lookup_user_key() */
741 685
742/*****************************************************************************/ 686/*****************************************************************************/
@@ -748,20 +692,33 @@ invalid_key:
748 */ 692 */
749long join_session_keyring(const char *name) 693long join_session_keyring(const char *name)
750{ 694{
751 struct task_struct *tsk = current; 695 const struct cred *old;
696 struct cred *new;
752 struct key *keyring; 697 struct key *keyring;
753 long ret; 698 long ret, serial;
699
700 /* only permit this if there's a single thread in the thread group -
701 * this avoids us having to adjust the creds on all threads and risking
702 * ENOMEM */
703 if (!is_single_threaded(current))
704 return -EMLINK;
705
706 new = prepare_creds();
707 if (!new)
708 return -ENOMEM;
709 old = current_cred();
754 710
755 /* if no name is provided, install an anonymous keyring */ 711 /* if no name is provided, install an anonymous keyring */
756 if (!name) { 712 if (!name) {
757 ret = install_session_keyring(tsk, NULL); 713 ret = install_session_keyring_to_cred(new, NULL);
758 if (ret < 0) 714 if (ret < 0)
759 goto error; 715 goto error;
760 716
761 rcu_read_lock(); 717 serial = new->tgcred->session_keyring->serial;
762 ret = rcu_dereference(tsk->signal->session_keyring)->serial; 718 ret = commit_creds(new);
763 rcu_read_unlock(); 719 if (ret == 0)
764 goto error; 720 ret = serial;
721 goto okay;
765 } 722 }
766 723
767 /* allow the user to join or create a named keyring */ 724 /* allow the user to join or create a named keyring */
@@ -771,29 +728,33 @@ long join_session_keyring(const char *name)
771 keyring = find_keyring_by_name(name, false); 728 keyring = find_keyring_by_name(name, false);
772 if (PTR_ERR(keyring) == -ENOKEY) { 729 if (PTR_ERR(keyring) == -ENOKEY) {
773 /* not found - try and create a new one */ 730 /* not found - try and create a new one */
774 keyring = keyring_alloc(name, tsk->uid, tsk->gid, tsk, 731 keyring = keyring_alloc(name, old->uid, old->gid, old,
775 KEY_ALLOC_IN_QUOTA, NULL); 732 KEY_ALLOC_IN_QUOTA, NULL);
776 if (IS_ERR(keyring)) { 733 if (IS_ERR(keyring)) {
777 ret = PTR_ERR(keyring); 734 ret = PTR_ERR(keyring);
778 goto error2; 735 goto error2;
779 } 736 }
780 } 737 } else if (IS_ERR(keyring)) {
781 else if (IS_ERR(keyring)) {
782 ret = PTR_ERR(keyring); 738 ret = PTR_ERR(keyring);
783 goto error2; 739 goto error2;
784 } 740 }
785 741
786 /* we've got a keyring - now to install it */ 742 /* we've got a keyring - now to install it */
787 ret = install_session_keyring(tsk, keyring); 743 ret = install_session_keyring_to_cred(new, keyring);
788 if (ret < 0) 744 if (ret < 0)
789 goto error2; 745 goto error2;
790 746
747 commit_creds(new);
748 mutex_unlock(&key_session_mutex);
749
791 ret = keyring->serial; 750 ret = keyring->serial;
792 key_put(keyring); 751 key_put(keyring);
752okay:
753 return ret;
793 754
794error2: 755error2:
795 mutex_unlock(&key_session_mutex); 756 mutex_unlock(&key_session_mutex);
796error: 757error:
758 abort_creds(new);
797 return ret; 759 return ret;
798 760}
799} /* end join_session_keyring() */
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index abea08f87fe2..0e04f72ef2d4 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -19,6 +19,8 @@
19#include <linux/slab.h> 19#include <linux/slab.h>
20#include "internal.h" 20#include "internal.h"
21 21
22#define key_negative_timeout 60 /* default timeout on a negative key's existence */
23
22/* 24/*
23 * wait_on_bit() sleep function for uninterruptible waiting 25 * wait_on_bit() sleep function for uninterruptible waiting
24 */ 26 */
@@ -64,7 +66,7 @@ static int call_sbin_request_key(struct key_construction *cons,
64 const char *op, 66 const char *op,
65 void *aux) 67 void *aux)
66{ 68{
67 struct task_struct *tsk = current; 69 const struct cred *cred = current_cred();
68 key_serial_t prkey, sskey; 70 key_serial_t prkey, sskey;
69 struct key *key = cons->key, *authkey = cons->authkey, *keyring; 71 struct key *key = cons->key, *authkey = cons->authkey, *keyring;
70 char *argv[9], *envp[3], uid_str[12], gid_str[12]; 72 char *argv[9], *envp[3], uid_str[12], gid_str[12];
@@ -74,15 +76,17 @@ static int call_sbin_request_key(struct key_construction *cons,
74 76
75 kenter("{%d},{%d},%s", key->serial, authkey->serial, op); 77 kenter("{%d},{%d},%s", key->serial, authkey->serial, op);
76 78
77 ret = install_user_keyrings(tsk); 79 ret = install_user_keyrings();
78 if (ret < 0) 80 if (ret < 0)
79 goto error_alloc; 81 goto error_alloc;
80 82
81 /* allocate a new session keyring */ 83 /* allocate a new session keyring */
82 sprintf(desc, "_req.%u", key->serial); 84 sprintf(desc, "_req.%u", key->serial);
83 85
84 keyring = keyring_alloc(desc, current->fsuid, current->fsgid, current, 86 cred = get_current_cred();
87 keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred,
85 KEY_ALLOC_QUOTA_OVERRUN, NULL); 88 KEY_ALLOC_QUOTA_OVERRUN, NULL);
89 put_cred(cred);
86 if (IS_ERR(keyring)) { 90 if (IS_ERR(keyring)) {
87 ret = PTR_ERR(keyring); 91 ret = PTR_ERR(keyring);
88 goto error_alloc; 92 goto error_alloc;
@@ -94,29 +98,24 @@ static int call_sbin_request_key(struct key_construction *cons,
94 goto error_link; 98 goto error_link;
95 99
96 /* record the UID and GID */ 100 /* record the UID and GID */
97 sprintf(uid_str, "%d", current->fsuid); 101 sprintf(uid_str, "%d", cred->fsuid);
98 sprintf(gid_str, "%d", current->fsgid); 102 sprintf(gid_str, "%d", cred->fsgid);
99 103
100 /* we say which key is under construction */ 104 /* we say which key is under construction */
101 sprintf(key_str, "%d", key->serial); 105 sprintf(key_str, "%d", key->serial);
102 106
103 /* we specify the process's default keyrings */ 107 /* we specify the process's default keyrings */
104 sprintf(keyring_str[0], "%d", 108 sprintf(keyring_str[0], "%d",
105 tsk->thread_keyring ? tsk->thread_keyring->serial : 0); 109 cred->thread_keyring ? cred->thread_keyring->serial : 0);
106 110
107 prkey = 0; 111 prkey = 0;
108 if (tsk->signal->process_keyring) 112 if (cred->tgcred->process_keyring)
109 prkey = tsk->signal->process_keyring->serial; 113 prkey = cred->tgcred->process_keyring->serial;
110
111 sprintf(keyring_str[1], "%d", prkey);
112 114
113 if (tsk->signal->session_keyring) { 115 if (cred->tgcred->session_keyring)
114 rcu_read_lock(); 116 sskey = rcu_dereference(cred->tgcred->session_keyring)->serial;
115 sskey = rcu_dereference(tsk->signal->session_keyring)->serial; 117 else
116 rcu_read_unlock(); 118 sskey = cred->user->session_keyring->serial;
117 } else {
118 sskey = tsk->user->session_keyring->serial;
119 }
120 119
121 sprintf(keyring_str[2], "%d", sskey); 120 sprintf(keyring_str[2], "%d", sskey);
122 121
@@ -157,8 +156,8 @@ error_link:
157 key_put(keyring); 156 key_put(keyring);
158 157
159error_alloc: 158error_alloc:
160 kleave(" = %d", ret);
161 complete_request_key(cons, ret); 159 complete_request_key(cons, ret);
160 kleave(" = %d", ret);
162 return ret; 161 return ret;
163} 162}
164 163
@@ -167,7 +166,8 @@ error_alloc:
167 * - we ignore program failure and go on key status instead 166 * - we ignore program failure and go on key status instead
168 */ 167 */
169static int construct_key(struct key *key, const void *callout_info, 168static int construct_key(struct key *key, const void *callout_info,
170 size_t callout_len, void *aux) 169 size_t callout_len, void *aux,
170 struct key *dest_keyring)
171{ 171{
172 struct key_construction *cons; 172 struct key_construction *cons;
173 request_key_actor_t actor; 173 request_key_actor_t actor;
@@ -181,7 +181,8 @@ static int construct_key(struct key *key, const void *callout_info,
181 return -ENOMEM; 181 return -ENOMEM;
182 182
183 /* allocate an authorisation key */ 183 /* allocate an authorisation key */
184 authkey = request_key_auth_new(key, callout_info, callout_len); 184 authkey = request_key_auth_new(key, callout_info, callout_len,
185 dest_keyring);
185 if (IS_ERR(authkey)) { 186 if (IS_ERR(authkey)) {
186 kfree(cons); 187 kfree(cons);
187 ret = PTR_ERR(authkey); 188 ret = PTR_ERR(authkey);
@@ -209,46 +210,67 @@ static int construct_key(struct key *key, const void *callout_info,
209} 210}
210 211
211/* 212/*
212 * link a key to the appropriate destination keyring 213 * get the appropriate destination keyring for the request
213 * - the caller must hold a write lock on the destination keyring 214 * - we return whatever keyring we select with an extra reference upon it which
215 * the caller must release
214 */ 216 */
215static void construct_key_make_link(struct key *key, struct key *dest_keyring) 217static void construct_get_dest_keyring(struct key **_dest_keyring)
216{ 218{
217 struct task_struct *tsk = current; 219 struct request_key_auth *rka;
218 struct key *drop = NULL; 220 const struct cred *cred = current_cred();
221 struct key *dest_keyring = *_dest_keyring, *authkey;
219 222
220 kenter("{%d},%p", key->serial, dest_keyring); 223 kenter("%p", dest_keyring);
221 224
222 /* find the appropriate keyring */ 225 /* find the appropriate keyring */
223 if (!dest_keyring) { 226 if (dest_keyring) {
224 switch (tsk->jit_keyring) { 227 /* the caller supplied one */
228 key_get(dest_keyring);
229 } else {
230 /* use a default keyring; falling through the cases until we
231 * find one that we actually have */
232 switch (cred->jit_keyring) {
225 case KEY_REQKEY_DEFL_DEFAULT: 233 case KEY_REQKEY_DEFL_DEFAULT:
234 case KEY_REQKEY_DEFL_REQUESTOR_KEYRING:
235 if (cred->request_key_auth) {
236 authkey = cred->request_key_auth;
237 down_read(&authkey->sem);
238 rka = authkey->payload.data;
239 if (!test_bit(KEY_FLAG_REVOKED,
240 &authkey->flags))
241 dest_keyring =
242 key_get(rka->dest_keyring);
243 up_read(&authkey->sem);
244 if (dest_keyring)
245 break;
246 }
247
226 case KEY_REQKEY_DEFL_THREAD_KEYRING: 248 case KEY_REQKEY_DEFL_THREAD_KEYRING:
227 dest_keyring = tsk->thread_keyring; 249 dest_keyring = key_get(cred->thread_keyring);
228 if (dest_keyring) 250 if (dest_keyring)
229 break; 251 break;
230 252
231 case KEY_REQKEY_DEFL_PROCESS_KEYRING: 253 case KEY_REQKEY_DEFL_PROCESS_KEYRING:
232 dest_keyring = tsk->signal->process_keyring; 254 dest_keyring = key_get(cred->tgcred->process_keyring);
233 if (dest_keyring) 255 if (dest_keyring)
234 break; 256 break;
235 257
236 case KEY_REQKEY_DEFL_SESSION_KEYRING: 258 case KEY_REQKEY_DEFL_SESSION_KEYRING:
237 rcu_read_lock(); 259 rcu_read_lock();
238 dest_keyring = key_get( 260 dest_keyring = key_get(
239 rcu_dereference(tsk->signal->session_keyring)); 261 rcu_dereference(cred->tgcred->session_keyring));
240 rcu_read_unlock(); 262 rcu_read_unlock();
241 drop = dest_keyring;
242 263
243 if (dest_keyring) 264 if (dest_keyring)
244 break; 265 break;
245 266
246 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: 267 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
247 dest_keyring = tsk->user->session_keyring; 268 dest_keyring =
269 key_get(cred->user->session_keyring);
248 break; 270 break;
249 271
250 case KEY_REQKEY_DEFL_USER_KEYRING: 272 case KEY_REQKEY_DEFL_USER_KEYRING:
251 dest_keyring = tsk->user->uid_keyring; 273 dest_keyring = key_get(cred->user->uid_keyring);
252 break; 274 break;
253 275
254 case KEY_REQKEY_DEFL_GROUP_KEYRING: 276 case KEY_REQKEY_DEFL_GROUP_KEYRING:
@@ -257,10 +279,9 @@ static void construct_key_make_link(struct key *key, struct key *dest_keyring)
257 } 279 }
258 } 280 }
259 281
260 /* and attach the key to it */ 282 *_dest_keyring = dest_keyring;
261 __key_link(dest_keyring, key); 283 kleave(" [dk %d]", key_serial(dest_keyring));
262 key_put(drop); 284 return;
263 kleave("");
264} 285}
265 286
266/* 287/*
@@ -275,6 +296,7 @@ static int construct_alloc_key(struct key_type *type,
275 struct key_user *user, 296 struct key_user *user,
276 struct key **_key) 297 struct key **_key)
277{ 298{
299 const struct cred *cred = current_cred();
278 struct key *key; 300 struct key *key;
279 key_ref_t key_ref; 301 key_ref_t key_ref;
280 302
@@ -282,33 +304,28 @@ static int construct_alloc_key(struct key_type *type,
282 304
283 mutex_lock(&user->cons_lock); 305 mutex_lock(&user->cons_lock);
284 306
285 key = key_alloc(type, description, 307 key = key_alloc(type, description, cred->fsuid, cred->fsgid, cred,
286 current->fsuid, current->fsgid, current, KEY_POS_ALL, 308 KEY_POS_ALL, flags);
287 flags);
288 if (IS_ERR(key)) 309 if (IS_ERR(key))
289 goto alloc_failed; 310 goto alloc_failed;
290 311
291 set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags); 312 set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
292 313
293 if (dest_keyring) 314 down_write(&dest_keyring->sem);
294 down_write(&dest_keyring->sem);
295 315
296 /* attach the key to the destination keyring under lock, but we do need 316 /* attach the key to the destination keyring under lock, but we do need
297 * to do another check just in case someone beat us to it whilst we 317 * to do another check just in case someone beat us to it whilst we
298 * waited for locks */ 318 * waited for locks */
299 mutex_lock(&key_construction_mutex); 319 mutex_lock(&key_construction_mutex);
300 320
301 key_ref = search_process_keyrings(type, description, type->match, 321 key_ref = search_process_keyrings(type, description, type->match, cred);
302 current);
303 if (!IS_ERR(key_ref)) 322 if (!IS_ERR(key_ref))
304 goto key_already_present; 323 goto key_already_present;
305 324
306 if (dest_keyring) 325 __key_link(dest_keyring, key);
307 construct_key_make_link(key, dest_keyring);
308 326
309 mutex_unlock(&key_construction_mutex); 327 mutex_unlock(&key_construction_mutex);
310 if (dest_keyring) 328 up_write(&dest_keyring->sem);
311 up_write(&dest_keyring->sem);
312 mutex_unlock(&user->cons_lock); 329 mutex_unlock(&user->cons_lock);
313 *_key = key; 330 *_key = key;
314 kleave(" = 0 [%d]", key_serial(key)); 331 kleave(" = 0 [%d]", key_serial(key));
@@ -346,25 +363,36 @@ static struct key *construct_key_and_link(struct key_type *type,
346 struct key *key; 363 struct key *key;
347 int ret; 364 int ret;
348 365
349 user = key_user_lookup(current->fsuid); 366 kenter("");
367
368 user = key_user_lookup(current_fsuid());
350 if (!user) 369 if (!user)
351 return ERR_PTR(-ENOMEM); 370 return ERR_PTR(-ENOMEM);
352 371
372 construct_get_dest_keyring(&dest_keyring);
373
353 ret = construct_alloc_key(type, description, dest_keyring, flags, user, 374 ret = construct_alloc_key(type, description, dest_keyring, flags, user,
354 &key); 375 &key);
355 key_user_put(user); 376 key_user_put(user);
356 377
357 if (ret == 0) { 378 if (ret == 0) {
358 ret = construct_key(key, callout_info, callout_len, aux); 379 ret = construct_key(key, callout_info, callout_len, aux,
359 if (ret < 0) 380 dest_keyring);
381 if (ret < 0) {
382 kdebug("cons failed");
360 goto construction_failed; 383 goto construction_failed;
384 }
361 } 385 }
362 386
387 key_put(dest_keyring);
388 kleave(" = key %d", key_serial(key));
363 return key; 389 return key;
364 390
365construction_failed: 391construction_failed:
366 key_negate_and_link(key, key_negative_timeout, NULL, NULL); 392 key_negate_and_link(key, key_negative_timeout, NULL, NULL);
367 key_put(key); 393 key_put(key);
394 key_put(dest_keyring);
395 kleave(" = %d", ret);
368 return ERR_PTR(ret); 396 return ERR_PTR(ret);
369} 397}
370 398
@@ -383,6 +411,7 @@ struct key *request_key_and_link(struct key_type *type,
383 struct key *dest_keyring, 411 struct key *dest_keyring,
384 unsigned long flags) 412 unsigned long flags)
385{ 413{
414 const struct cred *cred = current_cred();
386 struct key *key; 415 struct key *key;
387 key_ref_t key_ref; 416 key_ref_t key_ref;
388 417
@@ -392,7 +421,7 @@ struct key *request_key_and_link(struct key_type *type,
392 421
393 /* search all the process keyrings for a key */ 422 /* search all the process keyrings for a key */
394 key_ref = search_process_keyrings(type, description, type->match, 423 key_ref = search_process_keyrings(type, description, type->match,
395 current); 424 cred);
396 425
397 if (!IS_ERR(key_ref)) { 426 if (!IS_ERR(key_ref)) {
398 key = key_ref_to_ptr(key_ref); 427 key = key_ref_to_ptr(key_ref);
diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
index bd237b0a6331..86747151ee5b 100644
--- a/security/keys/request_key_auth.c
+++ b/security/keys/request_key_auth.c
@@ -105,9 +105,9 @@ static void request_key_auth_revoke(struct key *key)
105 105
106 kenter("{%d}", key->serial); 106 kenter("{%d}", key->serial);
107 107
108 if (rka->context) { 108 if (rka->cred) {
109 put_task_struct(rka->context); 109 put_cred(rka->cred);
110 rka->context = NULL; 110 rka->cred = NULL;
111 } 111 }
112 112
113} /* end request_key_auth_revoke() */ 113} /* end request_key_auth_revoke() */
@@ -122,12 +122,13 @@ static void request_key_auth_destroy(struct key *key)
122 122
123 kenter("{%d}", key->serial); 123 kenter("{%d}", key->serial);
124 124
125 if (rka->context) { 125 if (rka->cred) {
126 put_task_struct(rka->context); 126 put_cred(rka->cred);
127 rka->context = NULL; 127 rka->cred = NULL;
128 } 128 }
129 129
130 key_put(rka->target_key); 130 key_put(rka->target_key);
131 key_put(rka->dest_keyring);
131 kfree(rka->callout_info); 132 kfree(rka->callout_info);
132 kfree(rka); 133 kfree(rka);
133 134
@@ -139,9 +140,10 @@ static void request_key_auth_destroy(struct key *key)
139 * access to the caller's security data 140 * access to the caller's security data
140 */ 141 */
141struct key *request_key_auth_new(struct key *target, const void *callout_info, 142struct key *request_key_auth_new(struct key *target, const void *callout_info,
142 size_t callout_len) 143 size_t callout_len, struct key *dest_keyring)
143{ 144{
144 struct request_key_auth *rka, *irka; 145 struct request_key_auth *rka, *irka;
146 const struct cred *cred = current->cred;
145 struct key *authkey = NULL; 147 struct key *authkey = NULL;
146 char desc[20]; 148 char desc[20];
147 int ret; 149 int ret;
@@ -163,31 +165,29 @@ struct key *request_key_auth_new(struct key *target, const void *callout_info,
163 165
164 /* see if the calling process is already servicing the key request of 166 /* see if the calling process is already servicing the key request of
165 * another process */ 167 * another process */
166 if (current->request_key_auth) { 168 if (cred->request_key_auth) {
167 /* it is - use that instantiation context here too */ 169 /* it is - use that instantiation context here too */
168 down_read(&current->request_key_auth->sem); 170 down_read(&cred->request_key_auth->sem);
169 171
170 /* if the auth key has been revoked, then the key we're 172 /* if the auth key has been revoked, then the key we're
171 * servicing is already instantiated */ 173 * servicing is already instantiated */
172 if (test_bit(KEY_FLAG_REVOKED, 174 if (test_bit(KEY_FLAG_REVOKED, &cred->request_key_auth->flags))
173 &current->request_key_auth->flags))
174 goto auth_key_revoked; 175 goto auth_key_revoked;
175 176
176 irka = current->request_key_auth->payload.data; 177 irka = cred->request_key_auth->payload.data;
177 rka->context = irka->context; 178 rka->cred = get_cred(irka->cred);
178 rka->pid = irka->pid; 179 rka->pid = irka->pid;
179 get_task_struct(rka->context);
180 180
181 up_read(&current->request_key_auth->sem); 181 up_read(&cred->request_key_auth->sem);
182 } 182 }
183 else { 183 else {
184 /* it isn't - use this process as the context */ 184 /* it isn't - use this process as the context */
185 rka->context = current; 185 rka->cred = get_cred(cred);
186 rka->pid = current->pid; 186 rka->pid = current->pid;
187 get_task_struct(rka->context);
188 } 187 }
189 188
190 rka->target_key = key_get(target); 189 rka->target_key = key_get(target);
190 rka->dest_keyring = key_get(dest_keyring);
191 memcpy(rka->callout_info, callout_info, callout_len); 191 memcpy(rka->callout_info, callout_info, callout_len);
192 rka->callout_len = callout_len; 192 rka->callout_len = callout_len;
193 193
@@ -195,7 +195,7 @@ struct key *request_key_auth_new(struct key *target, const void *callout_info,
195 sprintf(desc, "%x", target->serial); 195 sprintf(desc, "%x", target->serial);
196 196
197 authkey = key_alloc(&key_type_request_key_auth, desc, 197 authkey = key_alloc(&key_type_request_key_auth, desc,
198 current->fsuid, current->fsgid, current, 198 cred->fsuid, cred->fsgid, cred,
199 KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH | 199 KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH |
200 KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA); 200 KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA);
201 if (IS_ERR(authkey)) { 201 if (IS_ERR(authkey)) {
@@ -203,16 +203,16 @@ struct key *request_key_auth_new(struct key *target, const void *callout_info,
203 goto error_alloc; 203 goto error_alloc;
204 } 204 }
205 205
206 /* construct and attach to the keyring */ 206 /* construct the auth key */
207 ret = key_instantiate_and_link(authkey, rka, 0, NULL, NULL); 207 ret = key_instantiate_and_link(authkey, rka, 0, NULL, NULL);
208 if (ret < 0) 208 if (ret < 0)
209 goto error_inst; 209 goto error_inst;
210 210
211 kleave(" = {%d}", authkey->serial); 211 kleave(" = {%d,%d}", authkey->serial, atomic_read(&authkey->usage));
212 return authkey; 212 return authkey;
213 213
214auth_key_revoked: 214auth_key_revoked:
215 up_read(&current->request_key_auth->sem); 215 up_read(&cred->request_key_auth->sem);
216 kfree(rka->callout_info); 216 kfree(rka->callout_info);
217 kfree(rka); 217 kfree(rka);
218 kleave("= -EKEYREVOKED"); 218 kleave("= -EKEYREVOKED");
@@ -223,6 +223,7 @@ error_inst:
223 key_put(authkey); 223 key_put(authkey);
224error_alloc: 224error_alloc:
225 key_put(rka->target_key); 225 key_put(rka->target_key);
226 key_put(rka->dest_keyring);
226 kfree(rka->callout_info); 227 kfree(rka->callout_info);
227 kfree(rka); 228 kfree(rka);
228 kleave("= %d", ret); 229 kleave("= %d", ret);
@@ -254,6 +255,7 @@ static int key_get_instantiation_authkey_match(const struct key *key,
254 */ 255 */
255struct key *key_get_instantiation_authkey(key_serial_t target_id) 256struct key *key_get_instantiation_authkey(key_serial_t target_id)
256{ 257{
258 const struct cred *cred = current_cred();
257 struct key *authkey; 259 struct key *authkey;
258 key_ref_t authkey_ref; 260 key_ref_t authkey_ref;
259 261
@@ -261,7 +263,7 @@ struct key *key_get_instantiation_authkey(key_serial_t target_id)
261 &key_type_request_key_auth, 263 &key_type_request_key_auth,
262 (void *) (unsigned long) target_id, 264 (void *) (unsigned long) target_id,
263 key_get_instantiation_authkey_match, 265 key_get_instantiation_authkey_match,
264 current); 266 cred);
265 267
266 if (IS_ERR(authkey_ref)) { 268 if (IS_ERR(authkey_ref)) {
267 authkey = ERR_CAST(authkey_ref); 269 authkey = ERR_CAST(authkey_ref);
diff --git a/security/root_plug.c b/security/root_plug.c
index c3f68b5b372d..40fb4f15e27b 100644
--- a/security/root_plug.c
+++ b/security/root_plug.c
@@ -55,9 +55,9 @@ static int rootplug_bprm_check_security (struct linux_binprm *bprm)
55 struct usb_device *dev; 55 struct usb_device *dev;
56 56
57 root_dbg("file %s, e_uid = %d, e_gid = %d\n", 57 root_dbg("file %s, e_uid = %d, e_gid = %d\n",
58 bprm->filename, bprm->e_uid, bprm->e_gid); 58 bprm->filename, bprm->cred->euid, bprm->cred->egid);
59 59
60 if (bprm->e_gid == 0) { 60 if (bprm->cred->egid == 0) {
61 dev = usb_find_device(vendor_id, product_id); 61 dev = usb_find_device(vendor_id, product_id);
62 if (!dev) { 62 if (!dev) {
63 root_dbg("e_gid = 0, and device not found, " 63 root_dbg("e_gid = 0, and device not found, "
@@ -75,15 +75,12 @@ static struct security_operations rootplug_security_ops = {
75 .ptrace_may_access = cap_ptrace_may_access, 75 .ptrace_may_access = cap_ptrace_may_access,
76 .ptrace_traceme = cap_ptrace_traceme, 76 .ptrace_traceme = cap_ptrace_traceme,
77 .capget = cap_capget, 77 .capget = cap_capget,
78 .capset_check = cap_capset_check, 78 .capset = cap_capset,
79 .capset_set = cap_capset_set,
80 .capable = cap_capable, 79 .capable = cap_capable,
81 80
82 .bprm_apply_creds = cap_bprm_apply_creds, 81 .bprm_set_creds = cap_bprm_set_creds,
83 .bprm_set_security = cap_bprm_set_security,
84 82
85 .task_post_setuid = cap_task_post_setuid, 83 .task_fix_setuid = cap_task_fix_setuid,
86 .task_reparent_to_init = cap_task_reparent_to_init,
87 .task_prctl = cap_task_prctl, 84 .task_prctl = cap_task_prctl,
88 85
89 .bprm_check_security = rootplug_bprm_check_security, 86 .bprm_check_security = rootplug_bprm_check_security,
diff --git a/security/security.c b/security/security.c
index c0acfa7177e5..038ef04b2c7f 100644
--- a/security/security.c
+++ b/security/security.c
@@ -145,25 +145,23 @@ int security_capget(struct task_struct *target,
145 return security_ops->capget(target, effective, inheritable, permitted); 145 return security_ops->capget(target, effective, inheritable, permitted);
146} 146}
147 147
148int security_capset_check(struct task_struct *target, 148int security_capset(struct cred *new, const struct cred *old,
149 kernel_cap_t *effective, 149 const kernel_cap_t *effective,
150 kernel_cap_t *inheritable, 150 const kernel_cap_t *inheritable,
151 kernel_cap_t *permitted) 151 const kernel_cap_t *permitted)
152{ 152{
153 return security_ops->capset_check(target, effective, inheritable, permitted); 153 return security_ops->capset(new, old,
154 effective, inheritable, permitted);
154} 155}
155 156
156void security_capset_set(struct task_struct *target, 157int security_capable(struct task_struct *tsk, int cap)
157 kernel_cap_t *effective,
158 kernel_cap_t *inheritable,
159 kernel_cap_t *permitted)
160{ 158{
161 security_ops->capset_set(target, effective, inheritable, permitted); 159 return security_ops->capable(tsk, cap, SECURITY_CAP_AUDIT);
162} 160}
163 161
164int security_capable(struct task_struct *tsk, int cap) 162int security_capable_noaudit(struct task_struct *tsk, int cap)
165{ 163{
166 return security_ops->capable(tsk, cap); 164 return security_ops->capable(tsk, cap, SECURITY_CAP_NOAUDIT);
167} 165}
168 166
169int security_acct(struct file *file) 167int security_acct(struct file *file)
@@ -215,34 +213,24 @@ int security_vm_enough_memory_kern(long pages)
215 return security_ops->vm_enough_memory(current->mm, pages); 213 return security_ops->vm_enough_memory(current->mm, pages);
216} 214}
217 215
218int security_bprm_alloc(struct linux_binprm *bprm) 216int security_bprm_set_creds(struct linux_binprm *bprm)
219{
220 return security_ops->bprm_alloc_security(bprm);
221}
222
223void security_bprm_free(struct linux_binprm *bprm)
224{
225 security_ops->bprm_free_security(bprm);
226}
227
228void security_bprm_apply_creds(struct linux_binprm *bprm, int unsafe)
229{ 217{
230 security_ops->bprm_apply_creds(bprm, unsafe); 218 return security_ops->bprm_set_creds(bprm);
231} 219}
232 220
233void security_bprm_post_apply_creds(struct linux_binprm *bprm) 221int security_bprm_check(struct linux_binprm *bprm)
234{ 222{
235 security_ops->bprm_post_apply_creds(bprm); 223 return security_ops->bprm_check_security(bprm);
236} 224}
237 225
238int security_bprm_set(struct linux_binprm *bprm) 226void security_bprm_committing_creds(struct linux_binprm *bprm)
239{ 227{
240 return security_ops->bprm_set_security(bprm); 228 return security_ops->bprm_committing_creds(bprm);
241} 229}
242 230
243int security_bprm_check(struct linux_binprm *bprm) 231void security_bprm_committed_creds(struct linux_binprm *bprm)
244{ 232{
245 return security_ops->bprm_check_security(bprm); 233 return security_ops->bprm_committed_creds(bprm);
246} 234}
247 235
248int security_bprm_secureexec(struct linux_binprm *bprm) 236int security_bprm_secureexec(struct linux_binprm *bprm)
@@ -603,9 +591,9 @@ int security_file_receive(struct file *file)
603 return security_ops->file_receive(file); 591 return security_ops->file_receive(file);
604} 592}
605 593
606int security_dentry_open(struct file *file) 594int security_dentry_open(struct file *file, const struct cred *cred)
607{ 595{
608 return security_ops->dentry_open(file); 596 return security_ops->dentry_open(file, cred);
609} 597}
610 598
611int security_task_create(unsigned long clone_flags) 599int security_task_create(unsigned long clone_flags)
@@ -613,14 +601,29 @@ int security_task_create(unsigned long clone_flags)
613 return security_ops->task_create(clone_flags); 601 return security_ops->task_create(clone_flags);
614} 602}
615 603
616int security_task_alloc(struct task_struct *p) 604void security_cred_free(struct cred *cred)
617{ 605{
618 return security_ops->task_alloc_security(p); 606 security_ops->cred_free(cred);
619} 607}
620 608
621void security_task_free(struct task_struct *p) 609int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp)
622{ 610{
623 security_ops->task_free_security(p); 611 return security_ops->cred_prepare(new, old, gfp);
612}
613
614void security_commit_creds(struct cred *new, const struct cred *old)
615{
616 return security_ops->cred_commit(new, old);
617}
618
619int security_kernel_act_as(struct cred *new, u32 secid)
620{
621 return security_ops->kernel_act_as(new, secid);
622}
623
624int security_kernel_create_files_as(struct cred *new, struct inode *inode)
625{
626 return security_ops->kernel_create_files_as(new, inode);
624} 627}
625 628
626int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) 629int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
@@ -628,10 +631,10 @@ int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
628 return security_ops->task_setuid(id0, id1, id2, flags); 631 return security_ops->task_setuid(id0, id1, id2, flags);
629} 632}
630 633
631int security_task_post_setuid(uid_t old_ruid, uid_t old_euid, 634int security_task_fix_setuid(struct cred *new, const struct cred *old,
632 uid_t old_suid, int flags) 635 int flags)
633{ 636{
634 return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, flags); 637 return security_ops->task_fix_setuid(new, old, flags);
635} 638}
636 639
637int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags) 640int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags)
@@ -713,14 +716,9 @@ int security_task_wait(struct task_struct *p)
713} 716}
714 717
715int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, 718int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
716 unsigned long arg4, unsigned long arg5, long *rc_p) 719 unsigned long arg4, unsigned long arg5)
717{
718 return security_ops->task_prctl(option, arg2, arg3, arg4, arg5, rc_p);
719}
720
721void security_task_reparent_to_init(struct task_struct *p)
722{ 720{
723 security_ops->task_reparent_to_init(p); 721 return security_ops->task_prctl(option, arg2, arg3, arg4, arg5);
724} 722}
725 723
726void security_task_to_inode(struct task_struct *p, struct inode *inode) 724void security_task_to_inode(struct task_struct *p, struct inode *inode)
@@ -1120,9 +1118,10 @@ EXPORT_SYMBOL(security_skb_classify_flow);
1120 1118
1121#ifdef CONFIG_KEYS 1119#ifdef CONFIG_KEYS
1122 1120
1123int security_key_alloc(struct key *key, struct task_struct *tsk, unsigned long flags) 1121int security_key_alloc(struct key *key, const struct cred *cred,
1122 unsigned long flags)
1124{ 1123{
1125 return security_ops->key_alloc(key, tsk, flags); 1124 return security_ops->key_alloc(key, cred, flags);
1126} 1125}
1127 1126
1128void security_key_free(struct key *key) 1127void security_key_free(struct key *key)
@@ -1131,9 +1130,9 @@ void security_key_free(struct key *key)
1131} 1130}
1132 1131
1133int security_key_permission(key_ref_t key_ref, 1132int security_key_permission(key_ref_t key_ref,
1134 struct task_struct *context, key_perm_t perm) 1133 const struct cred *cred, key_perm_t perm)
1135{ 1134{
1136 return security_ops->key_permission(key_ref, context, perm); 1135 return security_ops->key_permission(key_ref, cred, perm);
1137} 1136}
1138 1137
1139int security_key_getsecurity(struct key *key, char **_buffer) 1138int security_key_getsecurity(struct key *key, char **_buffer)
diff --git a/security/selinux/exports.c b/security/selinux/exports.c
index 64af2d3409ef..c73aeaa008e8 100644
--- a/security/selinux/exports.c
+++ b/security/selinux/exports.c
@@ -39,9 +39,13 @@ EXPORT_SYMBOL_GPL(selinux_string_to_sid);
39int selinux_secmark_relabel_packet_permission(u32 sid) 39int selinux_secmark_relabel_packet_permission(u32 sid)
40{ 40{
41 if (selinux_enabled) { 41 if (selinux_enabled) {
42 struct task_security_struct *tsec = current->security; 42 const struct task_security_struct *__tsec;
43 u32 tsid;
43 44
44 return avc_has_perm(tsec->sid, sid, SECCLASS_PACKET, 45 __tsec = current_security();
46 tsid = __tsec->sid;
47
48 return avc_has_perm(tsid, sid, SECCLASS_PACKET,
45 PACKET__RELABELTO, NULL); 49 PACKET__RELABELTO, NULL);
46 } 50 }
47 return 0; 51 return 0;
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index f85597a4d733..520f82ab3fbf 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -156,33 +156,62 @@ static int selinux_secmark_enabled(void)
156 return (atomic_read(&selinux_secmark_refcount) > 0); 156 return (atomic_read(&selinux_secmark_refcount) > 0);
157} 157}
158 158
159/* Allocate and free functions for each kind of security blob. */ 159/*
160 160 * initialise the security for the init task
161static int task_alloc_security(struct task_struct *task) 161 */
162static void cred_init_security(void)
162{ 163{
164 struct cred *cred = (struct cred *) current->real_cred;
163 struct task_security_struct *tsec; 165 struct task_security_struct *tsec;
164 166
165 tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL); 167 tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL);
166 if (!tsec) 168 if (!tsec)
167 return -ENOMEM; 169 panic("SELinux: Failed to initialize initial task.\n");
168 170
169 tsec->osid = tsec->sid = SECINITSID_UNLABELED; 171 tsec->osid = tsec->sid = SECINITSID_KERNEL;
170 task->security = tsec; 172 cred->security = tsec;
173}
171 174
172 return 0; 175/*
176 * get the security ID of a set of credentials
177 */
178static inline u32 cred_sid(const struct cred *cred)
179{
180 const struct task_security_struct *tsec;
181
182 tsec = cred->security;
183 return tsec->sid;
173} 184}
174 185
175static void task_free_security(struct task_struct *task) 186/*
187 * get the objective security ID of a task
188 */
189static inline u32 task_sid(const struct task_struct *task)
176{ 190{
177 struct task_security_struct *tsec = task->security; 191 u32 sid;
178 task->security = NULL; 192
179 kfree(tsec); 193 rcu_read_lock();
194 sid = cred_sid(__task_cred(task));
195 rcu_read_unlock();
196 return sid;
180} 197}
181 198
199/*
200 * get the subjective security ID of the current task
201 */
202static inline u32 current_sid(void)
203{
204 const struct task_security_struct *tsec = current_cred()->security;
205
206 return tsec->sid;
207}
208
209/* Allocate and free functions for each kind of security blob. */
210
182static int inode_alloc_security(struct inode *inode) 211static int inode_alloc_security(struct inode *inode)
183{ 212{
184 struct task_security_struct *tsec = current->security;
185 struct inode_security_struct *isec; 213 struct inode_security_struct *isec;
214 u32 sid = current_sid();
186 215
187 isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS); 216 isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS);
188 if (!isec) 217 if (!isec)
@@ -193,7 +222,7 @@ static int inode_alloc_security(struct inode *inode)
193 isec->inode = inode; 222 isec->inode = inode;
194 isec->sid = SECINITSID_UNLABELED; 223 isec->sid = SECINITSID_UNLABELED;
195 isec->sclass = SECCLASS_FILE; 224 isec->sclass = SECCLASS_FILE;
196 isec->task_sid = tsec->sid; 225 isec->task_sid = sid;
197 inode->i_security = isec; 226 inode->i_security = isec;
198 227
199 return 0; 228 return 0;
@@ -215,15 +244,15 @@ static void inode_free_security(struct inode *inode)
215 244
216static int file_alloc_security(struct file *file) 245static int file_alloc_security(struct file *file)
217{ 246{
218 struct task_security_struct *tsec = current->security;
219 struct file_security_struct *fsec; 247 struct file_security_struct *fsec;
248 u32 sid = current_sid();
220 249
221 fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL); 250 fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL);
222 if (!fsec) 251 if (!fsec)
223 return -ENOMEM; 252 return -ENOMEM;
224 253
225 fsec->sid = tsec->sid; 254 fsec->sid = sid;
226 fsec->fown_sid = tsec->sid; 255 fsec->fown_sid = sid;
227 file->f_security = fsec; 256 file->f_security = fsec;
228 257
229 return 0; 258 return 0;
@@ -338,8 +367,9 @@ static const match_table_t tokens = {
338 367
339static int may_context_mount_sb_relabel(u32 sid, 368static int may_context_mount_sb_relabel(u32 sid,
340 struct superblock_security_struct *sbsec, 369 struct superblock_security_struct *sbsec,
341 struct task_security_struct *tsec) 370 const struct cred *cred)
342{ 371{
372 const struct task_security_struct *tsec = cred->security;
343 int rc; 373 int rc;
344 374
345 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, 375 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
@@ -354,8 +384,9 @@ static int may_context_mount_sb_relabel(u32 sid,
354 384
355static int may_context_mount_inode_relabel(u32 sid, 385static int may_context_mount_inode_relabel(u32 sid,
356 struct superblock_security_struct *sbsec, 386 struct superblock_security_struct *sbsec,
357 struct task_security_struct *tsec) 387 const struct cred *cred)
358{ 388{
389 const struct task_security_struct *tsec = cred->security;
359 int rc; 390 int rc;
360 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, 391 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
361 FILESYSTEM__RELABELFROM, NULL); 392 FILESYSTEM__RELABELFROM, NULL);
@@ -553,8 +584,8 @@ static int bad_option(struct superblock_security_struct *sbsec, char flag,
553static int selinux_set_mnt_opts(struct super_block *sb, 584static int selinux_set_mnt_opts(struct super_block *sb,
554 struct security_mnt_opts *opts) 585 struct security_mnt_opts *opts)
555{ 586{
587 const struct cred *cred = current_cred();
556 int rc = 0, i; 588 int rc = 0, i;
557 struct task_security_struct *tsec = current->security;
558 struct superblock_security_struct *sbsec = sb->s_security; 589 struct superblock_security_struct *sbsec = sb->s_security;
559 const char *name = sb->s_type->name; 590 const char *name = sb->s_type->name;
560 struct inode *inode = sbsec->sb->s_root->d_inode; 591 struct inode *inode = sbsec->sb->s_root->d_inode;
@@ -680,8 +711,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
680 711
681 /* sets the context of the superblock for the fs being mounted. */ 712 /* sets the context of the superblock for the fs being mounted. */
682 if (fscontext_sid) { 713 if (fscontext_sid) {
683 714 rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
684 rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, tsec);
685 if (rc) 715 if (rc)
686 goto out; 716 goto out;
687 717
@@ -695,12 +725,14 @@ static int selinux_set_mnt_opts(struct super_block *sb,
695 */ 725 */
696 if (context_sid) { 726 if (context_sid) {
697 if (!fscontext_sid) { 727 if (!fscontext_sid) {
698 rc = may_context_mount_sb_relabel(context_sid, sbsec, tsec); 728 rc = may_context_mount_sb_relabel(context_sid, sbsec,
729 cred);
699 if (rc) 730 if (rc)
700 goto out; 731 goto out;
701 sbsec->sid = context_sid; 732 sbsec->sid = context_sid;
702 } else { 733 } else {
703 rc = may_context_mount_inode_relabel(context_sid, sbsec, tsec); 734 rc = may_context_mount_inode_relabel(context_sid, sbsec,
735 cred);
704 if (rc) 736 if (rc)
705 goto out; 737 goto out;
706 } 738 }
@@ -712,7 +744,8 @@ static int selinux_set_mnt_opts(struct super_block *sb,
712 } 744 }
713 745
714 if (rootcontext_sid) { 746 if (rootcontext_sid) {
715 rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec, tsec); 747 rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,
748 cred);
716 if (rc) 749 if (rc)
717 goto out; 750 goto out;
718 751
@@ -730,7 +763,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
730 763
731 if (defcontext_sid != sbsec->def_sid) { 764 if (defcontext_sid != sbsec->def_sid) {
732 rc = may_context_mount_inode_relabel(defcontext_sid, 765 rc = may_context_mount_inode_relabel(defcontext_sid,
733 sbsec, tsec); 766 sbsec, cred);
734 if (rc) 767 if (rc)
735 goto out; 768 goto out;
736 } 769 }
@@ -1345,18 +1378,53 @@ static inline u32 signal_to_av(int sig)
1345 return perm; 1378 return perm;
1346} 1379}
1347 1380
1348/* Check permission betweeen a pair of tasks, e.g. signal checks, 1381/*
1349 fork check, ptrace check, etc. */ 1382 * Check permission between a pair of credentials
1350static int task_has_perm(struct task_struct *tsk1, 1383 * fork check, ptrace check, etc.
1351 struct task_struct *tsk2, 1384 */
1385static int cred_has_perm(const struct cred *actor,
1386 const struct cred *target,
1387 u32 perms)
1388{
1389 u32 asid = cred_sid(actor), tsid = cred_sid(target);
1390
1391 return avc_has_perm(asid, tsid, SECCLASS_PROCESS, perms, NULL);
1392}
1393
1394/*
1395 * Check permission between a pair of tasks, e.g. signal checks,
1396 * fork check, ptrace check, etc.
1397 * tsk1 is the actor and tsk2 is the target
1398 * - this uses the default subjective creds of tsk1
1399 */
1400static int task_has_perm(const struct task_struct *tsk1,
1401 const struct task_struct *tsk2,
1352 u32 perms) 1402 u32 perms)
1353{ 1403{
1354 struct task_security_struct *tsec1, *tsec2; 1404 const struct task_security_struct *__tsec1, *__tsec2;
1405 u32 sid1, sid2;
1355 1406
1356 tsec1 = tsk1->security; 1407 rcu_read_lock();
1357 tsec2 = tsk2->security; 1408 __tsec1 = __task_cred(tsk1)->security; sid1 = __tsec1->sid;
1358 return avc_has_perm(tsec1->sid, tsec2->sid, 1409 __tsec2 = __task_cred(tsk2)->security; sid2 = __tsec2->sid;
1359 SECCLASS_PROCESS, perms, NULL); 1410 rcu_read_unlock();
1411 return avc_has_perm(sid1, sid2, SECCLASS_PROCESS, perms, NULL);
1412}
1413
1414/*
1415 * Check permission between current and another task, e.g. signal checks,
1416 * fork check, ptrace check, etc.
1417 * current is the actor and tsk2 is the target
1418 * - this uses current's subjective creds
1419 */
1420static int current_has_perm(const struct task_struct *tsk,
1421 u32 perms)
1422{
1423 u32 sid, tsid;
1424
1425 sid = current_sid();
1426 tsid = task_sid(tsk);
1427 return avc_has_perm(sid, tsid, SECCLASS_PROCESS, perms, NULL);
1360} 1428}
1361 1429
1362#if CAP_LAST_CAP > 63 1430#if CAP_LAST_CAP > 63
@@ -1365,14 +1433,14 @@ static int task_has_perm(struct task_struct *tsk1,
1365 1433
1366/* Check whether a task is allowed to use a capability. */ 1434/* Check whether a task is allowed to use a capability. */
1367static int task_has_capability(struct task_struct *tsk, 1435static int task_has_capability(struct task_struct *tsk,
1368 int cap) 1436 int cap, int audit)
1369{ 1437{
1370 struct task_security_struct *tsec;
1371 struct avc_audit_data ad; 1438 struct avc_audit_data ad;
1439 struct av_decision avd;
1372 u16 sclass; 1440 u16 sclass;
1441 u32 sid = task_sid(tsk);
1373 u32 av = CAP_TO_MASK(cap); 1442 u32 av = CAP_TO_MASK(cap);
1374 1443 int rc;
1375 tsec = tsk->security;
1376 1444
1377 AVC_AUDIT_DATA_INIT(&ad, CAP); 1445 AVC_AUDIT_DATA_INIT(&ad, CAP);
1378 ad.tsk = tsk; 1446 ad.tsk = tsk;
@@ -1390,37 +1458,39 @@ static int task_has_capability(struct task_struct *tsk,
1390 "SELinux: out of range capability %d\n", cap); 1458 "SELinux: out of range capability %d\n", cap);
1391 BUG(); 1459 BUG();
1392 } 1460 }
1393 return avc_has_perm(tsec->sid, tsec->sid, sclass, av, &ad); 1461
1462 rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd);
1463 if (audit == SECURITY_CAP_AUDIT)
1464 avc_audit(sid, sid, sclass, av, &avd, rc, &ad);
1465 return rc;
1394} 1466}
1395 1467
1396/* Check whether a task is allowed to use a system operation. */ 1468/* Check whether a task is allowed to use a system operation. */
1397static int task_has_system(struct task_struct *tsk, 1469static int task_has_system(struct task_struct *tsk,
1398 u32 perms) 1470 u32 perms)
1399{ 1471{
1400 struct task_security_struct *tsec; 1472 u32 sid = task_sid(tsk);
1401 1473
1402 tsec = tsk->security; 1474 return avc_has_perm(sid, SECINITSID_KERNEL,
1403
1404 return avc_has_perm(tsec->sid, SECINITSID_KERNEL,
1405 SECCLASS_SYSTEM, perms, NULL); 1475 SECCLASS_SYSTEM, perms, NULL);
1406} 1476}
1407 1477
1408/* Check whether a task has a particular permission to an inode. 1478/* Check whether a task has a particular permission to an inode.
1409 The 'adp' parameter is optional and allows other audit 1479 The 'adp' parameter is optional and allows other audit
1410 data to be passed (e.g. the dentry). */ 1480 data to be passed (e.g. the dentry). */
1411static int inode_has_perm(struct task_struct *tsk, 1481static int inode_has_perm(const struct cred *cred,
1412 struct inode *inode, 1482 struct inode *inode,
1413 u32 perms, 1483 u32 perms,
1414 struct avc_audit_data *adp) 1484 struct avc_audit_data *adp)
1415{ 1485{
1416 struct task_security_struct *tsec;
1417 struct inode_security_struct *isec; 1486 struct inode_security_struct *isec;
1418 struct avc_audit_data ad; 1487 struct avc_audit_data ad;
1488 u32 sid;
1419 1489
1420 if (unlikely(IS_PRIVATE(inode))) 1490 if (unlikely(IS_PRIVATE(inode)))
1421 return 0; 1491 return 0;
1422 1492
1423 tsec = tsk->security; 1493 sid = cred_sid(cred);
1424 isec = inode->i_security; 1494 isec = inode->i_security;
1425 1495
1426 if (!adp) { 1496 if (!adp) {
@@ -1429,23 +1499,24 @@ static int inode_has_perm(struct task_struct *tsk,
1429 ad.u.fs.inode = inode; 1499 ad.u.fs.inode = inode;
1430 } 1500 }
1431 1501
1432 return avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, adp); 1502 return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp);
1433} 1503}
1434 1504
1435/* Same as inode_has_perm, but pass explicit audit data containing 1505/* Same as inode_has_perm, but pass explicit audit data containing
1436 the dentry to help the auditing code to more easily generate the 1506 the dentry to help the auditing code to more easily generate the
1437 pathname if needed. */ 1507 pathname if needed. */
1438static inline int dentry_has_perm(struct task_struct *tsk, 1508static inline int dentry_has_perm(const struct cred *cred,
1439 struct vfsmount *mnt, 1509 struct vfsmount *mnt,
1440 struct dentry *dentry, 1510 struct dentry *dentry,
1441 u32 av) 1511 u32 av)
1442{ 1512{
1443 struct inode *inode = dentry->d_inode; 1513 struct inode *inode = dentry->d_inode;
1444 struct avc_audit_data ad; 1514 struct avc_audit_data ad;
1515
1445 AVC_AUDIT_DATA_INIT(&ad, FS); 1516 AVC_AUDIT_DATA_INIT(&ad, FS);
1446 ad.u.fs.path.mnt = mnt; 1517 ad.u.fs.path.mnt = mnt;
1447 ad.u.fs.path.dentry = dentry; 1518 ad.u.fs.path.dentry = dentry;
1448 return inode_has_perm(tsk, inode, av, &ad); 1519 return inode_has_perm(cred, inode, av, &ad);
1449} 1520}
1450 1521
1451/* Check whether a task can use an open file descriptor to 1522/* Check whether a task can use an open file descriptor to
@@ -1456,33 +1527,35 @@ static inline int dentry_has_perm(struct task_struct *tsk,
1456 has the same SID as the process. If av is zero, then 1527 has the same SID as the process. If av is zero, then
1457 access to the file is not checked, e.g. for cases 1528 access to the file is not checked, e.g. for cases
1458 where only the descriptor is affected like seek. */ 1529 where only the descriptor is affected like seek. */
1459static int file_has_perm(struct task_struct *tsk, 1530static int file_has_perm(const struct cred *cred,
1460 struct file *file, 1531 struct file *file,
1461 u32 av) 1532 u32 av)
1462{ 1533{
1463 struct task_security_struct *tsec = tsk->security;
1464 struct file_security_struct *fsec = file->f_security; 1534 struct file_security_struct *fsec = file->f_security;
1465 struct inode *inode = file->f_path.dentry->d_inode; 1535 struct inode *inode = file->f_path.dentry->d_inode;
1466 struct avc_audit_data ad; 1536 struct avc_audit_data ad;
1537 u32 sid = cred_sid(cred);
1467 int rc; 1538 int rc;
1468 1539
1469 AVC_AUDIT_DATA_INIT(&ad, FS); 1540 AVC_AUDIT_DATA_INIT(&ad, FS);
1470 ad.u.fs.path = file->f_path; 1541 ad.u.fs.path = file->f_path;
1471 1542
1472 if (tsec->sid != fsec->sid) { 1543 if (sid != fsec->sid) {
1473 rc = avc_has_perm(tsec->sid, fsec->sid, 1544 rc = avc_has_perm(sid, fsec->sid,
1474 SECCLASS_FD, 1545 SECCLASS_FD,
1475 FD__USE, 1546 FD__USE,
1476 &ad); 1547 &ad);
1477 if (rc) 1548 if (rc)
1478 return rc; 1549 goto out;
1479 } 1550 }
1480 1551
1481 /* av is zero if only checking access to the descriptor. */ 1552 /* av is zero if only checking access to the descriptor. */
1553 rc = 0;
1482 if (av) 1554 if (av)
1483 return inode_has_perm(tsk, inode, av, &ad); 1555 rc = inode_has_perm(cred, inode, av, &ad);
1484 1556
1485 return 0; 1557out:
1558 return rc;
1486} 1559}
1487 1560
1488/* Check whether a task can create a file. */ 1561/* Check whether a task can create a file. */
@@ -1490,36 +1563,36 @@ static int may_create(struct inode *dir,
1490 struct dentry *dentry, 1563 struct dentry *dentry,
1491 u16 tclass) 1564 u16 tclass)
1492{ 1565{
1493 struct task_security_struct *tsec; 1566 const struct cred *cred = current_cred();
1567 const struct task_security_struct *tsec = cred->security;
1494 struct inode_security_struct *dsec; 1568 struct inode_security_struct *dsec;
1495 struct superblock_security_struct *sbsec; 1569 struct superblock_security_struct *sbsec;
1496 u32 newsid; 1570 u32 sid, newsid;
1497 struct avc_audit_data ad; 1571 struct avc_audit_data ad;
1498 int rc; 1572 int rc;
1499 1573
1500 tsec = current->security;
1501 dsec = dir->i_security; 1574 dsec = dir->i_security;
1502 sbsec = dir->i_sb->s_security; 1575 sbsec = dir->i_sb->s_security;
1503 1576
1577 sid = tsec->sid;
1578 newsid = tsec->create_sid;
1579
1504 AVC_AUDIT_DATA_INIT(&ad, FS); 1580 AVC_AUDIT_DATA_INIT(&ad, FS);
1505 ad.u.fs.path.dentry = dentry; 1581 ad.u.fs.path.dentry = dentry;
1506 1582
1507 rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR, 1583 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR,
1508 DIR__ADD_NAME | DIR__SEARCH, 1584 DIR__ADD_NAME | DIR__SEARCH,
1509 &ad); 1585 &ad);
1510 if (rc) 1586 if (rc)
1511 return rc; 1587 return rc;
1512 1588
1513 if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) { 1589 if (!newsid || sbsec->behavior == SECURITY_FS_USE_MNTPOINT) {
1514 newsid = tsec->create_sid; 1590 rc = security_transition_sid(sid, dsec->sid, tclass, &newsid);
1515 } else {
1516 rc = security_transition_sid(tsec->sid, dsec->sid, tclass,
1517 &newsid);
1518 if (rc) 1591 if (rc)
1519 return rc; 1592 return rc;
1520 } 1593 }
1521 1594
1522 rc = avc_has_perm(tsec->sid, newsid, tclass, FILE__CREATE, &ad); 1595 rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad);
1523 if (rc) 1596 if (rc)
1524 return rc; 1597 return rc;
1525 1598
@@ -1532,11 +1605,9 @@ static int may_create(struct inode *dir,
1532static int may_create_key(u32 ksid, 1605static int may_create_key(u32 ksid,
1533 struct task_struct *ctx) 1606 struct task_struct *ctx)
1534{ 1607{
1535 struct task_security_struct *tsec; 1608 u32 sid = task_sid(ctx);
1536 1609
1537 tsec = ctx->security; 1610 return avc_has_perm(sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL);
1538
1539 return avc_has_perm(tsec->sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL);
1540} 1611}
1541 1612
1542#define MAY_LINK 0 1613#define MAY_LINK 0
@@ -1549,13 +1620,12 @@ static int may_link(struct inode *dir,
1549 int kind) 1620 int kind)
1550 1621
1551{ 1622{
1552 struct task_security_struct *tsec;
1553 struct inode_security_struct *dsec, *isec; 1623 struct inode_security_struct *dsec, *isec;
1554 struct avc_audit_data ad; 1624 struct avc_audit_data ad;
1625 u32 sid = current_sid();
1555 u32 av; 1626 u32 av;
1556 int rc; 1627 int rc;
1557 1628
1558 tsec = current->security;
1559 dsec = dir->i_security; 1629 dsec = dir->i_security;
1560 isec = dentry->d_inode->i_security; 1630 isec = dentry->d_inode->i_security;
1561 1631
@@ -1564,7 +1634,7 @@ static int may_link(struct inode *dir,
1564 1634
1565 av = DIR__SEARCH; 1635 av = DIR__SEARCH;
1566 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME); 1636 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
1567 rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR, av, &ad); 1637 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad);
1568 if (rc) 1638 if (rc)
1569 return rc; 1639 return rc;
1570 1640
@@ -1584,7 +1654,7 @@ static int may_link(struct inode *dir,
1584 return 0; 1654 return 0;
1585 } 1655 }
1586 1656
1587 rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass, av, &ad); 1657 rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad);
1588 return rc; 1658 return rc;
1589} 1659}
1590 1660
@@ -1593,14 +1663,13 @@ static inline int may_rename(struct inode *old_dir,
1593 struct inode *new_dir, 1663 struct inode *new_dir,
1594 struct dentry *new_dentry) 1664 struct dentry *new_dentry)
1595{ 1665{
1596 struct task_security_struct *tsec;
1597 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec; 1666 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
1598 struct avc_audit_data ad; 1667 struct avc_audit_data ad;
1668 u32 sid = current_sid();
1599 u32 av; 1669 u32 av;
1600 int old_is_dir, new_is_dir; 1670 int old_is_dir, new_is_dir;
1601 int rc; 1671 int rc;
1602 1672
1603 tsec = current->security;
1604 old_dsec = old_dir->i_security; 1673 old_dsec = old_dir->i_security;
1605 old_isec = old_dentry->d_inode->i_security; 1674 old_isec = old_dentry->d_inode->i_security;
1606 old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode); 1675 old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
@@ -1609,16 +1678,16 @@ static inline int may_rename(struct inode *old_dir,
1609 AVC_AUDIT_DATA_INIT(&ad, FS); 1678 AVC_AUDIT_DATA_INIT(&ad, FS);
1610 1679
1611 ad.u.fs.path.dentry = old_dentry; 1680 ad.u.fs.path.dentry = old_dentry;
1612 rc = avc_has_perm(tsec->sid, old_dsec->sid, SECCLASS_DIR, 1681 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR,
1613 DIR__REMOVE_NAME | DIR__SEARCH, &ad); 1682 DIR__REMOVE_NAME | DIR__SEARCH, &ad);
1614 if (rc) 1683 if (rc)
1615 return rc; 1684 return rc;
1616 rc = avc_has_perm(tsec->sid, old_isec->sid, 1685 rc = avc_has_perm(sid, old_isec->sid,
1617 old_isec->sclass, FILE__RENAME, &ad); 1686 old_isec->sclass, FILE__RENAME, &ad);
1618 if (rc) 1687 if (rc)
1619 return rc; 1688 return rc;
1620 if (old_is_dir && new_dir != old_dir) { 1689 if (old_is_dir && new_dir != old_dir) {
1621 rc = avc_has_perm(tsec->sid, old_isec->sid, 1690 rc = avc_has_perm(sid, old_isec->sid,
1622 old_isec->sclass, DIR__REPARENT, &ad); 1691 old_isec->sclass, DIR__REPARENT, &ad);
1623 if (rc) 1692 if (rc)
1624 return rc; 1693 return rc;
@@ -1628,13 +1697,13 @@ static inline int may_rename(struct inode *old_dir,
1628 av = DIR__ADD_NAME | DIR__SEARCH; 1697 av = DIR__ADD_NAME | DIR__SEARCH;
1629 if (new_dentry->d_inode) 1698 if (new_dentry->d_inode)
1630 av |= DIR__REMOVE_NAME; 1699 av |= DIR__REMOVE_NAME;
1631 rc = avc_has_perm(tsec->sid, new_dsec->sid, SECCLASS_DIR, av, &ad); 1700 rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
1632 if (rc) 1701 if (rc)
1633 return rc; 1702 return rc;
1634 if (new_dentry->d_inode) { 1703 if (new_dentry->d_inode) {
1635 new_isec = new_dentry->d_inode->i_security; 1704 new_isec = new_dentry->d_inode->i_security;
1636 new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode); 1705 new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode);
1637 rc = avc_has_perm(tsec->sid, new_isec->sid, 1706 rc = avc_has_perm(sid, new_isec->sid,
1638 new_isec->sclass, 1707 new_isec->sclass,
1639 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad); 1708 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
1640 if (rc) 1709 if (rc)
@@ -1645,18 +1714,16 @@ static inline int may_rename(struct inode *old_dir,
1645} 1714}
1646 1715
1647/* Check whether a task can perform a filesystem operation. */ 1716/* Check whether a task can perform a filesystem operation. */
1648static int superblock_has_perm(struct task_struct *tsk, 1717static int superblock_has_perm(const struct cred *cred,
1649 struct super_block *sb, 1718 struct super_block *sb,
1650 u32 perms, 1719 u32 perms,
1651 struct avc_audit_data *ad) 1720 struct avc_audit_data *ad)
1652{ 1721{
1653 struct task_security_struct *tsec;
1654 struct superblock_security_struct *sbsec; 1722 struct superblock_security_struct *sbsec;
1723 u32 sid = cred_sid(cred);
1655 1724
1656 tsec = tsk->security;
1657 sbsec = sb->s_security; 1725 sbsec = sb->s_security;
1658 return avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, 1726 return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
1659 perms, ad);
1660} 1727}
1661 1728
1662/* Convert a Linux mode and permission mask to an access vector. */ 1729/* Convert a Linux mode and permission mask to an access vector. */
@@ -1687,15 +1754,39 @@ static inline u32 file_mask_to_av(int mode, int mask)
1687 return av; 1754 return av;
1688} 1755}
1689 1756
1757/* Convert a Linux file to an access vector. */
1758static inline u32 file_to_av(struct file *file)
1759{
1760 u32 av = 0;
1761
1762 if (file->f_mode & FMODE_READ)
1763 av |= FILE__READ;
1764 if (file->f_mode & FMODE_WRITE) {
1765 if (file->f_flags & O_APPEND)
1766 av |= FILE__APPEND;
1767 else
1768 av |= FILE__WRITE;
1769 }
1770 if (!av) {
1771 /*
1772 * Special file opened with flags 3 for ioctl-only use.
1773 */
1774 av = FILE__IOCTL;
1775 }
1776
1777 return av;
1778}
1779
1690/* 1780/*
1691 * Convert a file mask to an access vector and include the correct open 1781 * Convert a file to an access vector and include the correct open
1692 * open permission. 1782 * open permission.
1693 */ 1783 */
1694static inline u32 open_file_mask_to_av(int mode, int mask) 1784static inline u32 open_file_to_av(struct file *file)
1695{ 1785{
1696 u32 av = file_mask_to_av(mode, mask); 1786 u32 av = file_to_av(file);
1697 1787
1698 if (selinux_policycap_openperm) { 1788 if (selinux_policycap_openperm) {
1789 mode_t mode = file->f_path.dentry->d_inode->i_mode;
1699 /* 1790 /*
1700 * lnk files and socks do not really have an 'open' 1791 * lnk files and socks do not really have an 'open'
1701 */ 1792 */
@@ -1711,34 +1802,11 @@ static inline u32 open_file_mask_to_av(int mode, int mask)
1711 av |= DIR__OPEN; 1802 av |= DIR__OPEN;
1712 else 1803 else
1713 printk(KERN_ERR "SELinux: WARNING: inside %s with " 1804 printk(KERN_ERR "SELinux: WARNING: inside %s with "
1714 "unknown mode:%x\n", __func__, mode); 1805 "unknown mode:%o\n", __func__, mode);
1715 } 1806 }
1716 return av; 1807 return av;
1717} 1808}
1718 1809
1719/* Convert a Linux file to an access vector. */
1720static inline u32 file_to_av(struct file *file)
1721{
1722 u32 av = 0;
1723
1724 if (file->f_mode & FMODE_READ)
1725 av |= FILE__READ;
1726 if (file->f_mode & FMODE_WRITE) {
1727 if (file->f_flags & O_APPEND)
1728 av |= FILE__APPEND;
1729 else
1730 av |= FILE__WRITE;
1731 }
1732 if (!av) {
1733 /*
1734 * Special file opened with flags 3 for ioctl-only use.
1735 */
1736 av = FILE__IOCTL;
1737 }
1738
1739 return av;
1740}
1741
1742/* Hook functions begin here. */ 1810/* Hook functions begin here. */
1743 1811
1744static int selinux_ptrace_may_access(struct task_struct *child, 1812static int selinux_ptrace_may_access(struct task_struct *child,
@@ -1751,13 +1819,12 @@ static int selinux_ptrace_may_access(struct task_struct *child,
1751 return rc; 1819 return rc;
1752 1820
1753 if (mode == PTRACE_MODE_READ) { 1821 if (mode == PTRACE_MODE_READ) {
1754 struct task_security_struct *tsec = current->security; 1822 u32 sid = current_sid();
1755 struct task_security_struct *csec = child->security; 1823 u32 csid = task_sid(child);
1756 return avc_has_perm(tsec->sid, csec->sid, 1824 return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL);
1757 SECCLASS_FILE, FILE__READ, NULL);
1758 } 1825 }
1759 1826
1760 return task_has_perm(current, child, PROCESS__PTRACE); 1827 return current_has_perm(child, PROCESS__PTRACE);
1761} 1828}
1762 1829
1763static int selinux_ptrace_traceme(struct task_struct *parent) 1830static int selinux_ptrace_traceme(struct task_struct *parent)
@@ -1776,40 +1843,37 @@ static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
1776{ 1843{
1777 int error; 1844 int error;
1778 1845
1779 error = task_has_perm(current, target, PROCESS__GETCAP); 1846 error = current_has_perm(target, PROCESS__GETCAP);
1780 if (error) 1847 if (error)
1781 return error; 1848 return error;
1782 1849
1783 return secondary_ops->capget(target, effective, inheritable, permitted); 1850 return secondary_ops->capget(target, effective, inheritable, permitted);
1784} 1851}
1785 1852
1786static int selinux_capset_check(struct task_struct *target, kernel_cap_t *effective, 1853static int selinux_capset(struct cred *new, const struct cred *old,
1787 kernel_cap_t *inheritable, kernel_cap_t *permitted) 1854 const kernel_cap_t *effective,
1855 const kernel_cap_t *inheritable,
1856 const kernel_cap_t *permitted)
1788{ 1857{
1789 int error; 1858 int error;
1790 1859
1791 error = secondary_ops->capset_check(target, effective, inheritable, permitted); 1860 error = secondary_ops->capset(new, old,
1861 effective, inheritable, permitted);
1792 if (error) 1862 if (error)
1793 return error; 1863 return error;
1794 1864
1795 return task_has_perm(current, target, PROCESS__SETCAP); 1865 return cred_has_perm(old, new, PROCESS__SETCAP);
1796} 1866}
1797 1867
1798static void selinux_capset_set(struct task_struct *target, kernel_cap_t *effective, 1868static int selinux_capable(struct task_struct *tsk, int cap, int audit)
1799 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1800{
1801 secondary_ops->capset_set(target, effective, inheritable, permitted);
1802}
1803
1804static int selinux_capable(struct task_struct *tsk, int cap)
1805{ 1869{
1806 int rc; 1870 int rc;
1807 1871
1808 rc = secondary_ops->capable(tsk, cap); 1872 rc = secondary_ops->capable(tsk, cap, audit);
1809 if (rc) 1873 if (rc)
1810 return rc; 1874 return rc;
1811 1875
1812 return task_has_capability(tsk, cap); 1876 return task_has_capability(tsk, cap, audit);
1813} 1877}
1814 1878
1815static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid) 1879static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid)
@@ -1857,15 +1921,14 @@ static int selinux_sysctl(ctl_table *table, int op)
1857{ 1921{
1858 int error = 0; 1922 int error = 0;
1859 u32 av; 1923 u32 av;
1860 struct task_security_struct *tsec; 1924 u32 tsid, sid;
1861 u32 tsid;
1862 int rc; 1925 int rc;
1863 1926
1864 rc = secondary_ops->sysctl(table, op); 1927 rc = secondary_ops->sysctl(table, op);
1865 if (rc) 1928 if (rc)
1866 return rc; 1929 return rc;
1867 1930
1868 tsec = current->security; 1931 sid = current_sid();
1869 1932
1870 rc = selinux_sysctl_get_sid(table, (op == 0001) ? 1933 rc = selinux_sysctl_get_sid(table, (op == 0001) ?
1871 SECCLASS_DIR : SECCLASS_FILE, &tsid); 1934 SECCLASS_DIR : SECCLASS_FILE, &tsid);
@@ -1877,7 +1940,7 @@ static int selinux_sysctl(ctl_table *table, int op)
1877 /* The op values are "defined" in sysctl.c, thereby creating 1940 /* The op values are "defined" in sysctl.c, thereby creating
1878 * a bad coupling between this module and sysctl.c */ 1941 * a bad coupling between this module and sysctl.c */
1879 if (op == 001) { 1942 if (op == 001) {
1880 error = avc_has_perm(tsec->sid, tsid, 1943 error = avc_has_perm(sid, tsid,
1881 SECCLASS_DIR, DIR__SEARCH, NULL); 1944 SECCLASS_DIR, DIR__SEARCH, NULL);
1882 } else { 1945 } else {
1883 av = 0; 1946 av = 0;
@@ -1886,7 +1949,7 @@ static int selinux_sysctl(ctl_table *table, int op)
1886 if (op & 002) 1949 if (op & 002)
1887 av |= FILE__WRITE; 1950 av |= FILE__WRITE;
1888 if (av) 1951 if (av)
1889 error = avc_has_perm(tsec->sid, tsid, 1952 error = avc_has_perm(sid, tsid,
1890 SECCLASS_FILE, av, NULL); 1953 SECCLASS_FILE, av, NULL);
1891 } 1954 }
1892 1955
@@ -1895,6 +1958,7 @@ static int selinux_sysctl(ctl_table *table, int op)
1895 1958
1896static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb) 1959static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
1897{ 1960{
1961 const struct cred *cred = current_cred();
1898 int rc = 0; 1962 int rc = 0;
1899 1963
1900 if (!sb) 1964 if (!sb)
@@ -1906,14 +1970,12 @@ static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
1906 case Q_QUOTAOFF: 1970 case Q_QUOTAOFF:
1907 case Q_SETINFO: 1971 case Q_SETINFO:
1908 case Q_SETQUOTA: 1972 case Q_SETQUOTA:
1909 rc = superblock_has_perm(current, sb, FILESYSTEM__QUOTAMOD, 1973 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);
1910 NULL);
1911 break; 1974 break;
1912 case Q_GETFMT: 1975 case Q_GETFMT:
1913 case Q_GETINFO: 1976 case Q_GETINFO:
1914 case Q_GETQUOTA: 1977 case Q_GETQUOTA:
1915 rc = superblock_has_perm(current, sb, FILESYSTEM__QUOTAGET, 1978 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);
1916 NULL);
1917 break; 1979 break;
1918 default: 1980 default:
1919 rc = 0; /* let the kernel handle invalid cmds */ 1981 rc = 0; /* let the kernel handle invalid cmds */
@@ -1924,7 +1986,9 @@ static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
1924 1986
1925static int selinux_quota_on(struct dentry *dentry) 1987static int selinux_quota_on(struct dentry *dentry)
1926{ 1988{
1927 return dentry_has_perm(current, NULL, dentry, FILE__QUOTAON); 1989 const struct cred *cred = current_cred();
1990
1991 return dentry_has_perm(cred, NULL, dentry, FILE__QUOTAON);
1928} 1992}
1929 1993
1930static int selinux_syslog(int type) 1994static int selinux_syslog(int type)
@@ -1972,16 +2036,8 @@ static int selinux_syslog(int type)
1972static int selinux_vm_enough_memory(struct mm_struct *mm, long pages) 2036static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
1973{ 2037{
1974 int rc, cap_sys_admin = 0; 2038 int rc, cap_sys_admin = 0;
1975 struct task_security_struct *tsec = current->security;
1976
1977 rc = secondary_ops->capable(current, CAP_SYS_ADMIN);
1978 if (rc == 0)
1979 rc = avc_has_perm_noaudit(tsec->sid, tsec->sid,
1980 SECCLASS_CAPABILITY,
1981 CAP_TO_MASK(CAP_SYS_ADMIN),
1982 0,
1983 NULL);
1984 2039
2040 rc = selinux_capable(current, CAP_SYS_ADMIN, SECURITY_CAP_NOAUDIT);
1985 if (rc == 0) 2041 if (rc == 0)
1986 cap_sys_admin = 1; 2042 cap_sys_admin = 1;
1987 2043
@@ -1990,59 +2046,45 @@ static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
1990 2046
1991/* binprm security operations */ 2047/* binprm security operations */
1992 2048
1993static int selinux_bprm_alloc_security(struct linux_binprm *bprm) 2049static int selinux_bprm_set_creds(struct linux_binprm *bprm)
1994{
1995 struct bprm_security_struct *bsec;
1996
1997 bsec = kzalloc(sizeof(struct bprm_security_struct), GFP_KERNEL);
1998 if (!bsec)
1999 return -ENOMEM;
2000
2001 bsec->sid = SECINITSID_UNLABELED;
2002 bsec->set = 0;
2003
2004 bprm->security = bsec;
2005 return 0;
2006}
2007
2008static int selinux_bprm_set_security(struct linux_binprm *bprm)
2009{ 2050{
2010 struct task_security_struct *tsec; 2051 const struct task_security_struct *old_tsec;
2011 struct inode *inode = bprm->file->f_path.dentry->d_inode; 2052 struct task_security_struct *new_tsec;
2012 struct inode_security_struct *isec; 2053 struct inode_security_struct *isec;
2013 struct bprm_security_struct *bsec;
2014 u32 newsid;
2015 struct avc_audit_data ad; 2054 struct avc_audit_data ad;
2055 struct inode *inode = bprm->file->f_path.dentry->d_inode;
2016 int rc; 2056 int rc;
2017 2057
2018 rc = secondary_ops->bprm_set_security(bprm); 2058 rc = secondary_ops->bprm_set_creds(bprm);
2019 if (rc) 2059 if (rc)
2020 return rc; 2060 return rc;
2021 2061
2022 bsec = bprm->security; 2062 /* SELinux context only depends on initial program or script and not
2023 2063 * the script interpreter */
2024 if (bsec->set) 2064 if (bprm->cred_prepared)
2025 return 0; 2065 return 0;
2026 2066
2027 tsec = current->security; 2067 old_tsec = current_security();
2068 new_tsec = bprm->cred->security;
2028 isec = inode->i_security; 2069 isec = inode->i_security;
2029 2070
2030 /* Default to the current task SID. */ 2071 /* Default to the current task SID. */
2031 bsec->sid = tsec->sid; 2072 new_tsec->sid = old_tsec->sid;
2073 new_tsec->osid = old_tsec->sid;
2032 2074
2033 /* Reset fs, key, and sock SIDs on execve. */ 2075 /* Reset fs, key, and sock SIDs on execve. */
2034 tsec->create_sid = 0; 2076 new_tsec->create_sid = 0;
2035 tsec->keycreate_sid = 0; 2077 new_tsec->keycreate_sid = 0;
2036 tsec->sockcreate_sid = 0; 2078 new_tsec->sockcreate_sid = 0;
2037 2079
2038 if (tsec->exec_sid) { 2080 if (old_tsec->exec_sid) {
2039 newsid = tsec->exec_sid; 2081 new_tsec->sid = old_tsec->exec_sid;
2040 /* Reset exec SID on execve. */ 2082 /* Reset exec SID on execve. */
2041 tsec->exec_sid = 0; 2083 new_tsec->exec_sid = 0;
2042 } else { 2084 } else {
2043 /* Check for a default transition on this program. */ 2085 /* Check for a default transition on this program. */
2044 rc = security_transition_sid(tsec->sid, isec->sid, 2086 rc = security_transition_sid(old_tsec->sid, isec->sid,
2045 SECCLASS_PROCESS, &newsid); 2087 SECCLASS_PROCESS, &new_tsec->sid);
2046 if (rc) 2088 if (rc)
2047 return rc; 2089 return rc;
2048 } 2090 }
@@ -2051,33 +2093,63 @@ static int selinux_bprm_set_security(struct linux_binprm *bprm)
2051 ad.u.fs.path = bprm->file->f_path; 2093 ad.u.fs.path = bprm->file->f_path;
2052 2094
2053 if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) 2095 if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
2054 newsid = tsec->sid; 2096 new_tsec->sid = old_tsec->sid;
2055 2097
2056 if (tsec->sid == newsid) { 2098 if (new_tsec->sid == old_tsec->sid) {
2057 rc = avc_has_perm(tsec->sid, isec->sid, 2099 rc = avc_has_perm(old_tsec->sid, isec->sid,
2058 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad); 2100 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
2059 if (rc) 2101 if (rc)
2060 return rc; 2102 return rc;
2061 } else { 2103 } else {
2062 /* Check permissions for the transition. */ 2104 /* Check permissions for the transition. */
2063 rc = avc_has_perm(tsec->sid, newsid, 2105 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2064 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad); 2106 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
2065 if (rc) 2107 if (rc)
2066 return rc; 2108 return rc;
2067 2109
2068 rc = avc_has_perm(newsid, isec->sid, 2110 rc = avc_has_perm(new_tsec->sid, isec->sid,
2069 SECCLASS_FILE, FILE__ENTRYPOINT, &ad); 2111 SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
2070 if (rc) 2112 if (rc)
2071 return rc; 2113 return rc;
2072 2114
2073 /* Clear any possibly unsafe personality bits on exec: */ 2115 /* Check for shared state */
2074 current->personality &= ~PER_CLEAR_ON_SETID; 2116 if (bprm->unsafe & LSM_UNSAFE_SHARE) {
2117 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2118 SECCLASS_PROCESS, PROCESS__SHARE,
2119 NULL);
2120 if (rc)
2121 return -EPERM;
2122 }
2123
2124 /* Make sure that anyone attempting to ptrace over a task that
2125 * changes its SID has the appropriate permit */
2126 if (bprm->unsafe &
2127 (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
2128 struct task_struct *tracer;
2129 struct task_security_struct *sec;
2130 u32 ptsid = 0;
2131
2132 rcu_read_lock();
2133 tracer = tracehook_tracer_task(current);
2134 if (likely(tracer != NULL)) {
2135 sec = __task_cred(tracer)->security;
2136 ptsid = sec->sid;
2137 }
2138 rcu_read_unlock();
2075 2139
2076 /* Set the security field to the new SID. */ 2140 if (ptsid != 0) {
2077 bsec->sid = newsid; 2141 rc = avc_has_perm(ptsid, new_tsec->sid,
2142 SECCLASS_PROCESS,
2143 PROCESS__PTRACE, NULL);
2144 if (rc)
2145 return -EPERM;
2146 }
2147 }
2148
2149 /* Clear any possibly unsafe personality bits on exec: */
2150 bprm->per_clear |= PER_CLEAR_ON_SETID;
2078 } 2151 }
2079 2152
2080 bsec->set = 1;
2081 return 0; 2153 return 0;
2082} 2154}
2083 2155
@@ -2086,35 +2158,34 @@ static int selinux_bprm_check_security(struct linux_binprm *bprm)
2086 return secondary_ops->bprm_check_security(bprm); 2158 return secondary_ops->bprm_check_security(bprm);
2087} 2159}
2088 2160
2089
2090static int selinux_bprm_secureexec(struct linux_binprm *bprm) 2161static int selinux_bprm_secureexec(struct linux_binprm *bprm)
2091{ 2162{
2092 struct task_security_struct *tsec = current->security; 2163 const struct cred *cred = current_cred();
2164 const struct task_security_struct *tsec = cred->security;
2165 u32 sid, osid;
2093 int atsecure = 0; 2166 int atsecure = 0;
2094 2167
2095 if (tsec->osid != tsec->sid) { 2168 sid = tsec->sid;
2169 osid = tsec->osid;
2170
2171 if (osid != sid) {
2096 /* Enable secure mode for SIDs transitions unless 2172 /* Enable secure mode for SIDs transitions unless
2097 the noatsecure permission is granted between 2173 the noatsecure permission is granted between
2098 the two SIDs, i.e. ahp returns 0. */ 2174 the two SIDs, i.e. ahp returns 0. */
2099 atsecure = avc_has_perm(tsec->osid, tsec->sid, 2175 atsecure = avc_has_perm(osid, sid,
2100 SECCLASS_PROCESS, 2176 SECCLASS_PROCESS,
2101 PROCESS__NOATSECURE, NULL); 2177 PROCESS__NOATSECURE, NULL);
2102 } 2178 }
2103 2179
2104 return (atsecure || secondary_ops->bprm_secureexec(bprm)); 2180 return (atsecure || secondary_ops->bprm_secureexec(bprm));
2105} 2181}
2106 2182
2107static void selinux_bprm_free_security(struct linux_binprm *bprm)
2108{
2109 kfree(bprm->security);
2110 bprm->security = NULL;
2111}
2112
2113extern struct vfsmount *selinuxfs_mount; 2183extern struct vfsmount *selinuxfs_mount;
2114extern struct dentry *selinux_null; 2184extern struct dentry *selinux_null;
2115 2185
2116/* Derived from fs/exec.c:flush_old_files. */ 2186/* Derived from fs/exec.c:flush_old_files. */
2117static inline void flush_unauthorized_files(struct files_struct *files) 2187static inline void flush_unauthorized_files(const struct cred *cred,
2188 struct files_struct *files)
2118{ 2189{
2119 struct avc_audit_data ad; 2190 struct avc_audit_data ad;
2120 struct file *file, *devnull = NULL; 2191 struct file *file, *devnull = NULL;
@@ -2136,7 +2207,7 @@ static inline void flush_unauthorized_files(struct files_struct *files)
2136 interested in the inode-based check here. */ 2207 interested in the inode-based check here. */
2137 file = list_first_entry(&tty->tty_files, struct file, f_u.fu_list); 2208 file = list_first_entry(&tty->tty_files, struct file, f_u.fu_list);
2138 inode = file->f_path.dentry->d_inode; 2209 inode = file->f_path.dentry->d_inode;
2139 if (inode_has_perm(current, inode, 2210 if (inode_has_perm(cred, inode,
2140 FILE__READ | FILE__WRITE, NULL)) { 2211 FILE__READ | FILE__WRITE, NULL)) {
2141 drop_tty = 1; 2212 drop_tty = 1;
2142 } 2213 }
@@ -2171,7 +2242,7 @@ static inline void flush_unauthorized_files(struct files_struct *files)
2171 file = fget(i); 2242 file = fget(i);
2172 if (!file) 2243 if (!file)
2173 continue; 2244 continue;
2174 if (file_has_perm(current, 2245 if (file_has_perm(cred,
2175 file, 2246 file,
2176 file_to_av(file))) { 2247 file_to_av(file))) {
2177 sys_close(i); 2248 sys_close(i);
@@ -2185,7 +2256,10 @@ static inline void flush_unauthorized_files(struct files_struct *files)
2185 if (devnull) { 2256 if (devnull) {
2186 get_file(devnull); 2257 get_file(devnull);
2187 } else { 2258 } else {
2188 devnull = dentry_open(dget(selinux_null), mntget(selinuxfs_mount), O_RDWR); 2259 devnull = dentry_open(
2260 dget(selinux_null),
2261 mntget(selinuxfs_mount),
2262 O_RDWR, cred);
2189 if (IS_ERR(devnull)) { 2263 if (IS_ERR(devnull)) {
2190 devnull = NULL; 2264 devnull = NULL;
2191 put_unused_fd(fd); 2265 put_unused_fd(fd);
@@ -2204,94 +2278,78 @@ static inline void flush_unauthorized_files(struct files_struct *files)
2204 spin_unlock(&files->file_lock); 2278 spin_unlock(&files->file_lock);
2205} 2279}
2206 2280
2207static void selinux_bprm_apply_creds(struct linux_binprm *bprm, int unsafe) 2281/*
2282 * Prepare a process for imminent new credential changes due to exec
2283 */
2284static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
2208{ 2285{
2209 struct task_security_struct *tsec; 2286 struct task_security_struct *new_tsec;
2210 struct bprm_security_struct *bsec; 2287 struct rlimit *rlim, *initrlim;
2211 u32 sid; 2288 int rc, i;
2212 int rc;
2213
2214 secondary_ops->bprm_apply_creds(bprm, unsafe);
2215
2216 tsec = current->security;
2217 2289
2218 bsec = bprm->security; 2290 secondary_ops->bprm_committing_creds(bprm);
2219 sid = bsec->sid;
2220 2291
2221 tsec->osid = tsec->sid; 2292 new_tsec = bprm->cred->security;
2222 bsec->unsafe = 0; 2293 if (new_tsec->sid == new_tsec->osid)
2223 if (tsec->sid != sid) { 2294 return;
2224 /* Check for shared state. If not ok, leave SID
2225 unchanged and kill. */
2226 if (unsafe & LSM_UNSAFE_SHARE) {
2227 rc = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
2228 PROCESS__SHARE, NULL);
2229 if (rc) {
2230 bsec->unsafe = 1;
2231 return;
2232 }
2233 }
2234 2295
2235 /* Check for ptracing, and update the task SID if ok. 2296 /* Close files for which the new task SID is not authorized. */
2236 Otherwise, leave SID unchanged and kill. */ 2297 flush_unauthorized_files(bprm->cred, current->files);
2237 if (unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
2238 struct task_struct *tracer;
2239 struct task_security_struct *sec;
2240 u32 ptsid = 0;
2241 2298
2242 rcu_read_lock(); 2299 /* Always clear parent death signal on SID transitions. */
2243 tracer = tracehook_tracer_task(current); 2300 current->pdeath_signal = 0;
2244 if (likely(tracer != NULL)) {
2245 sec = tracer->security;
2246 ptsid = sec->sid;
2247 }
2248 rcu_read_unlock();
2249 2301
2250 if (ptsid != 0) { 2302 /* Check whether the new SID can inherit resource limits from the old
2251 rc = avc_has_perm(ptsid, sid, SECCLASS_PROCESS, 2303 * SID. If not, reset all soft limits to the lower of the current
2252 PROCESS__PTRACE, NULL); 2304 * task's hard limit and the init task's soft limit.
2253 if (rc) { 2305 *
2254 bsec->unsafe = 1; 2306 * Note that the setting of hard limits (even to lower them) can be
2255 return; 2307 * controlled by the setrlimit check. The inclusion of the init task's
2256 } 2308 * soft limit into the computation is to avoid resetting soft limits
2257 } 2309 * higher than the default soft limit for cases where the default is
2310 * lower than the hard limit, e.g. RLIMIT_CORE or RLIMIT_STACK.
2311 */
2312 rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
2313 PROCESS__RLIMITINH, NULL);
2314 if (rc) {
2315 for (i = 0; i < RLIM_NLIMITS; i++) {
2316 rlim = current->signal->rlim + i;
2317 initrlim = init_task.signal->rlim + i;
2318 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
2258 } 2319 }
2259 tsec->sid = sid; 2320 update_rlimit_cpu(rlim->rlim_cur);
2260 } 2321 }
2261} 2322}
2262 2323
2263/* 2324/*
2264 * called after apply_creds without the task lock held 2325 * Clean up the process immediately after the installation of new credentials
2326 * due to exec
2265 */ 2327 */
2266static void selinux_bprm_post_apply_creds(struct linux_binprm *bprm) 2328static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
2267{ 2329{
2268 struct task_security_struct *tsec; 2330 const struct task_security_struct *tsec = current_security();
2269 struct rlimit *rlim, *initrlim;
2270 struct itimerval itimer; 2331 struct itimerval itimer;
2271 struct bprm_security_struct *bsec; 2332 struct sighand_struct *psig;
2333 u32 osid, sid;
2272 int rc, i; 2334 int rc, i;
2335 unsigned long flags;
2273 2336
2274 tsec = current->security; 2337 secondary_ops->bprm_committed_creds(bprm);
2275 bsec = bprm->security;
2276 2338
2277 if (bsec->unsafe) { 2339 osid = tsec->osid;
2278 force_sig_specific(SIGKILL, current); 2340 sid = tsec->sid;
2279 return; 2341
2280 } 2342 if (sid == osid)
2281 if (tsec->osid == tsec->sid)
2282 return; 2343 return;
2283 2344
2284 /* Close files for which the new task SID is not authorized. */ 2345 /* Check whether the new SID can inherit signal state from the old SID.
2285 flush_unauthorized_files(current->files); 2346 * If not, clear itimers to avoid subsequent signal generation and
2286 2347 * flush and unblock signals.
2287 /* Check whether the new SID can inherit signal state 2348 *
2288 from the old SID. If not, clear itimers to avoid 2349 * This must occur _after_ the task SID has been updated so that any
2289 subsequent signal generation and flush and unblock 2350 * kill done after the flush will be checked against the new SID.
2290 signals. This must occur _after_ the task SID has 2351 */
2291 been updated so that any kill done after the flush 2352 rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
2292 will be checked against the new SID. */
2293 rc = avc_has_perm(tsec->osid, tsec->sid, SECCLASS_PROCESS,
2294 PROCESS__SIGINH, NULL);
2295 if (rc) { 2353 if (rc) {
2296 memset(&itimer, 0, sizeof itimer); 2354 memset(&itimer, 0, sizeof itimer);
2297 for (i = 0; i < 3; i++) 2355 for (i = 0; i < 3; i++)
@@ -2304,33 +2362,14 @@ static void selinux_bprm_post_apply_creds(struct linux_binprm *bprm)
2304 spin_unlock_irq(&current->sighand->siglock); 2362 spin_unlock_irq(&current->sighand->siglock);
2305 } 2363 }
2306 2364
2307 /* Always clear parent death signal on SID transitions. */ 2365 /* Wake up the parent if it is waiting so that it can recheck
2308 current->pdeath_signal = 0; 2366 * wait permission to the new task SID. */
2309 2367 read_lock_irq(&tasklist_lock);
2310 /* Check whether the new SID can inherit resource limits 2368 psig = current->parent->sighand;
2311 from the old SID. If not, reset all soft limits to 2369 spin_lock_irqsave(&psig->siglock, flags);
2312 the lower of the current task's hard limit and the init
2313 task's soft limit. Note that the setting of hard limits
2314 (even to lower them) can be controlled by the setrlimit
2315 check. The inclusion of the init task's soft limit into
2316 the computation is to avoid resetting soft limits higher
2317 than the default soft limit for cases where the default
2318 is lower than the hard limit, e.g. RLIMIT_CORE or
2319 RLIMIT_STACK.*/
2320 rc = avc_has_perm(tsec->osid, tsec->sid, SECCLASS_PROCESS,
2321 PROCESS__RLIMITINH, NULL);
2322 if (rc) {
2323 for (i = 0; i < RLIM_NLIMITS; i++) {
2324 rlim = current->signal->rlim + i;
2325 initrlim = init_task.signal->rlim+i;
2326 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
2327 }
2328 update_rlimit_cpu(rlim->rlim_cur);
2329 }
2330
2331 /* Wake up the parent if it is waiting so that it can
2332 recheck wait permission to the new task SID. */
2333 wake_up_interruptible(&current->parent->signal->wait_chldexit); 2370 wake_up_interruptible(&current->parent->signal->wait_chldexit);
2371 spin_unlock_irqrestore(&psig->siglock, flags);
2372 read_unlock_irq(&tasklist_lock);
2334} 2373}
2335 2374
2336/* superblock security operations */ 2375/* superblock security operations */
@@ -2437,6 +2476,7 @@ out:
2437 2476
2438static int selinux_sb_kern_mount(struct super_block *sb, void *data) 2477static int selinux_sb_kern_mount(struct super_block *sb, void *data)
2439{ 2478{
2479 const struct cred *cred = current_cred();
2440 struct avc_audit_data ad; 2480 struct avc_audit_data ad;
2441 int rc; 2481 int rc;
2442 2482
@@ -2446,16 +2486,17 @@ static int selinux_sb_kern_mount(struct super_block *sb, void *data)
2446 2486
2447 AVC_AUDIT_DATA_INIT(&ad, FS); 2487 AVC_AUDIT_DATA_INIT(&ad, FS);
2448 ad.u.fs.path.dentry = sb->s_root; 2488 ad.u.fs.path.dentry = sb->s_root;
2449 return superblock_has_perm(current, sb, FILESYSTEM__MOUNT, &ad); 2489 return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);
2450} 2490}
2451 2491
2452static int selinux_sb_statfs(struct dentry *dentry) 2492static int selinux_sb_statfs(struct dentry *dentry)
2453{ 2493{
2494 const struct cred *cred = current_cred();
2454 struct avc_audit_data ad; 2495 struct avc_audit_data ad;
2455 2496
2456 AVC_AUDIT_DATA_INIT(&ad, FS); 2497 AVC_AUDIT_DATA_INIT(&ad, FS);
2457 ad.u.fs.path.dentry = dentry->d_sb->s_root; 2498 ad.u.fs.path.dentry = dentry->d_sb->s_root;
2458 return superblock_has_perm(current, dentry->d_sb, FILESYSTEM__GETATTR, &ad); 2499 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2459} 2500}
2460 2501
2461static int selinux_mount(char *dev_name, 2502static int selinux_mount(char *dev_name,
@@ -2464,6 +2505,7 @@ static int selinux_mount(char *dev_name,
2464 unsigned long flags, 2505 unsigned long flags,
2465 void *data) 2506 void *data)
2466{ 2507{
2508 const struct cred *cred = current_cred();
2467 int rc; 2509 int rc;
2468 2510
2469 rc = secondary_ops->sb_mount(dev_name, path, type, flags, data); 2511 rc = secondary_ops->sb_mount(dev_name, path, type, flags, data);
@@ -2471,22 +2513,23 @@ static int selinux_mount(char *dev_name,
2471 return rc; 2513 return rc;
2472 2514
2473 if (flags & MS_REMOUNT) 2515 if (flags & MS_REMOUNT)
2474 return superblock_has_perm(current, path->mnt->mnt_sb, 2516 return superblock_has_perm(cred, path->mnt->mnt_sb,
2475 FILESYSTEM__REMOUNT, NULL); 2517 FILESYSTEM__REMOUNT, NULL);
2476 else 2518 else
2477 return dentry_has_perm(current, path->mnt, path->dentry, 2519 return dentry_has_perm(cred, path->mnt, path->dentry,
2478 FILE__MOUNTON); 2520 FILE__MOUNTON);
2479} 2521}
2480 2522
2481static int selinux_umount(struct vfsmount *mnt, int flags) 2523static int selinux_umount(struct vfsmount *mnt, int flags)
2482{ 2524{
2525 const struct cred *cred = current_cred();
2483 int rc; 2526 int rc;
2484 2527
2485 rc = secondary_ops->sb_umount(mnt, flags); 2528 rc = secondary_ops->sb_umount(mnt, flags);
2486 if (rc) 2529 if (rc)
2487 return rc; 2530 return rc;
2488 2531
2489 return superblock_has_perm(current, mnt->mnt_sb, 2532 return superblock_has_perm(cred, mnt->mnt_sb,
2490 FILESYSTEM__UNMOUNT, NULL); 2533 FILESYSTEM__UNMOUNT, NULL);
2491} 2534}
2492 2535
@@ -2506,21 +2549,22 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2506 char **name, void **value, 2549 char **name, void **value,
2507 size_t *len) 2550 size_t *len)
2508{ 2551{
2509 struct task_security_struct *tsec; 2552 const struct cred *cred = current_cred();
2553 const struct task_security_struct *tsec = cred->security;
2510 struct inode_security_struct *dsec; 2554 struct inode_security_struct *dsec;
2511 struct superblock_security_struct *sbsec; 2555 struct superblock_security_struct *sbsec;
2512 u32 newsid, clen; 2556 u32 sid, newsid, clen;
2513 int rc; 2557 int rc;
2514 char *namep = NULL, *context; 2558 char *namep = NULL, *context;
2515 2559
2516 tsec = current->security;
2517 dsec = dir->i_security; 2560 dsec = dir->i_security;
2518 sbsec = dir->i_sb->s_security; 2561 sbsec = dir->i_sb->s_security;
2519 2562
2520 if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) { 2563 sid = tsec->sid;
2521 newsid = tsec->create_sid; 2564 newsid = tsec->create_sid;
2522 } else { 2565
2523 rc = security_transition_sid(tsec->sid, dsec->sid, 2566 if (!newsid || sbsec->behavior == SECURITY_FS_USE_MNTPOINT) {
2567 rc = security_transition_sid(sid, dsec->sid,
2524 inode_mode_to_security_class(inode->i_mode), 2568 inode_mode_to_security_class(inode->i_mode),
2525 &newsid); 2569 &newsid);
2526 if (rc) { 2570 if (rc) {
@@ -2623,21 +2667,25 @@ static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dent
2623 2667
2624static int selinux_inode_readlink(struct dentry *dentry) 2668static int selinux_inode_readlink(struct dentry *dentry)
2625{ 2669{
2626 return dentry_has_perm(current, NULL, dentry, FILE__READ); 2670 const struct cred *cred = current_cred();
2671
2672 return dentry_has_perm(cred, NULL, dentry, FILE__READ);
2627} 2673}
2628 2674
2629static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata) 2675static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata)
2630{ 2676{
2677 const struct cred *cred = current_cred();
2631 int rc; 2678 int rc;
2632 2679
2633 rc = secondary_ops->inode_follow_link(dentry, nameidata); 2680 rc = secondary_ops->inode_follow_link(dentry, nameidata);
2634 if (rc) 2681 if (rc)
2635 return rc; 2682 return rc;
2636 return dentry_has_perm(current, NULL, dentry, FILE__READ); 2683 return dentry_has_perm(cred, NULL, dentry, FILE__READ);
2637} 2684}
2638 2685
2639static int selinux_inode_permission(struct inode *inode, int mask) 2686static int selinux_inode_permission(struct inode *inode, int mask)
2640{ 2687{
2688 const struct cred *cred = current_cred();
2641 int rc; 2689 int rc;
2642 2690
2643 rc = secondary_ops->inode_permission(inode, mask); 2691 rc = secondary_ops->inode_permission(inode, mask);
@@ -2649,12 +2697,13 @@ static int selinux_inode_permission(struct inode *inode, int mask)
2649 return 0; 2697 return 0;
2650 } 2698 }
2651 2699
2652 return inode_has_perm(current, inode, 2700 return inode_has_perm(cred, inode,
2653 open_file_mask_to_av(inode->i_mode, mask), NULL); 2701 file_mask_to_av(inode->i_mode, mask), NULL);
2654} 2702}
2655 2703
2656static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) 2704static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
2657{ 2705{
2706 const struct cred *cred = current_cred();
2658 int rc; 2707 int rc;
2659 2708
2660 rc = secondary_ops->inode_setattr(dentry, iattr); 2709 rc = secondary_ops->inode_setattr(dentry, iattr);
@@ -2666,18 +2715,22 @@ static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
2666 2715
2667 if (iattr->ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID | 2716 if (iattr->ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
2668 ATTR_ATIME_SET | ATTR_MTIME_SET)) 2717 ATTR_ATIME_SET | ATTR_MTIME_SET))
2669 return dentry_has_perm(current, NULL, dentry, FILE__SETATTR); 2718 return dentry_has_perm(cred, NULL, dentry, FILE__SETATTR);
2670 2719
2671 return dentry_has_perm(current, NULL, dentry, FILE__WRITE); 2720 return dentry_has_perm(cred, NULL, dentry, FILE__WRITE);
2672} 2721}
2673 2722
2674static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) 2723static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
2675{ 2724{
2676 return dentry_has_perm(current, mnt, dentry, FILE__GETATTR); 2725 const struct cred *cred = current_cred();
2726
2727 return dentry_has_perm(cred, mnt, dentry, FILE__GETATTR);
2677} 2728}
2678 2729
2679static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name) 2730static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name)
2680{ 2731{
2732 const struct cred *cred = current_cred();
2733
2681 if (!strncmp(name, XATTR_SECURITY_PREFIX, 2734 if (!strncmp(name, XATTR_SECURITY_PREFIX,
2682 sizeof XATTR_SECURITY_PREFIX - 1)) { 2735 sizeof XATTR_SECURITY_PREFIX - 1)) {
2683 if (!strcmp(name, XATTR_NAME_CAPS)) { 2736 if (!strcmp(name, XATTR_NAME_CAPS)) {
@@ -2692,18 +2745,17 @@ static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name)
2692 2745
2693 /* Not an attribute we recognize, so just check the 2746 /* Not an attribute we recognize, so just check the
2694 ordinary setattr permission. */ 2747 ordinary setattr permission. */
2695 return dentry_has_perm(current, NULL, dentry, FILE__SETATTR); 2748 return dentry_has_perm(cred, NULL, dentry, FILE__SETATTR);
2696} 2749}
2697 2750
2698static int selinux_inode_setxattr(struct dentry *dentry, const char *name, 2751static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
2699 const void *value, size_t size, int flags) 2752 const void *value, size_t size, int flags)
2700{ 2753{
2701 struct task_security_struct *tsec = current->security;
2702 struct inode *inode = dentry->d_inode; 2754 struct inode *inode = dentry->d_inode;
2703 struct inode_security_struct *isec = inode->i_security; 2755 struct inode_security_struct *isec = inode->i_security;
2704 struct superblock_security_struct *sbsec; 2756 struct superblock_security_struct *sbsec;
2705 struct avc_audit_data ad; 2757 struct avc_audit_data ad;
2706 u32 newsid; 2758 u32 newsid, sid = current_sid();
2707 int rc = 0; 2759 int rc = 0;
2708 2760
2709 if (strcmp(name, XATTR_NAME_SELINUX)) 2761 if (strcmp(name, XATTR_NAME_SELINUX))
@@ -2719,7 +2771,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
2719 AVC_AUDIT_DATA_INIT(&ad, FS); 2771 AVC_AUDIT_DATA_INIT(&ad, FS);
2720 ad.u.fs.path.dentry = dentry; 2772 ad.u.fs.path.dentry = dentry;
2721 2773
2722 rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass, 2774 rc = avc_has_perm(sid, isec->sid, isec->sclass,
2723 FILE__RELABELFROM, &ad); 2775 FILE__RELABELFROM, &ad);
2724 if (rc) 2776 if (rc)
2725 return rc; 2777 return rc;
@@ -2733,12 +2785,12 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
2733 if (rc) 2785 if (rc)
2734 return rc; 2786 return rc;
2735 2787
2736 rc = avc_has_perm(tsec->sid, newsid, isec->sclass, 2788 rc = avc_has_perm(sid, newsid, isec->sclass,
2737 FILE__RELABELTO, &ad); 2789 FILE__RELABELTO, &ad);
2738 if (rc) 2790 if (rc)
2739 return rc; 2791 return rc;
2740 2792
2741 rc = security_validate_transition(isec->sid, newsid, tsec->sid, 2793 rc = security_validate_transition(isec->sid, newsid, sid,
2742 isec->sclass); 2794 isec->sclass);
2743 if (rc) 2795 if (rc)
2744 return rc; 2796 return rc;
@@ -2778,12 +2830,16 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
2778 2830
2779static int selinux_inode_getxattr(struct dentry *dentry, const char *name) 2831static int selinux_inode_getxattr(struct dentry *dentry, const char *name)
2780{ 2832{
2781 return dentry_has_perm(current, NULL, dentry, FILE__GETATTR); 2833 const struct cred *cred = current_cred();
2834
2835 return dentry_has_perm(cred, NULL, dentry, FILE__GETATTR);
2782} 2836}
2783 2837
2784static int selinux_inode_listxattr(struct dentry *dentry) 2838static int selinux_inode_listxattr(struct dentry *dentry)
2785{ 2839{
2786 return dentry_has_perm(current, NULL, dentry, FILE__GETATTR); 2840 const struct cred *cred = current_cred();
2841
2842 return dentry_has_perm(cred, NULL, dentry, FILE__GETATTR);
2787} 2843}
2788 2844
2789static int selinux_inode_removexattr(struct dentry *dentry, const char *name) 2845static int selinux_inode_removexattr(struct dentry *dentry, const char *name)
@@ -2806,7 +2862,6 @@ static int selinux_inode_getsecurity(const struct inode *inode, const char *name
2806 u32 size; 2862 u32 size;
2807 int error; 2863 int error;
2808 char *context = NULL; 2864 char *context = NULL;
2809 struct task_security_struct *tsec = current->security;
2810 struct inode_security_struct *isec = inode->i_security; 2865 struct inode_security_struct *isec = inode->i_security;
2811 2866
2812 if (strcmp(name, XATTR_SELINUX_SUFFIX)) 2867 if (strcmp(name, XATTR_SELINUX_SUFFIX))
@@ -2821,13 +2876,7 @@ static int selinux_inode_getsecurity(const struct inode *inode, const char *name
2821 * and lack of permission just means that we fall back to the 2876 * and lack of permission just means that we fall back to the
2822 * in-core context value, not a denial. 2877 * in-core context value, not a denial.
2823 */ 2878 */
2824 error = secondary_ops->capable(current, CAP_MAC_ADMIN); 2879 error = selinux_capable(current, CAP_MAC_ADMIN, SECURITY_CAP_NOAUDIT);
2825 if (!error)
2826 error = avc_has_perm_noaudit(tsec->sid, tsec->sid,
2827 SECCLASS_CAPABILITY2,
2828 CAPABILITY2__MAC_ADMIN,
2829 0,
2830 NULL);
2831 if (!error) 2880 if (!error)
2832 error = security_sid_to_context_force(isec->sid, &context, 2881 error = security_sid_to_context_force(isec->sid, &context,
2833 &size); 2882 &size);
@@ -2894,6 +2943,7 @@ static void selinux_inode_getsecid(const struct inode *inode, u32 *secid)
2894 2943
2895static int selinux_revalidate_file_permission(struct file *file, int mask) 2944static int selinux_revalidate_file_permission(struct file *file, int mask)
2896{ 2945{
2946 const struct cred *cred = current_cred();
2897 int rc; 2947 int rc;
2898 struct inode *inode = file->f_path.dentry->d_inode; 2948 struct inode *inode = file->f_path.dentry->d_inode;
2899 2949
@@ -2906,7 +2956,7 @@ static int selinux_revalidate_file_permission(struct file *file, int mask)
2906 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE)) 2956 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
2907 mask |= MAY_APPEND; 2957 mask |= MAY_APPEND;
2908 2958
2909 rc = file_has_perm(current, file, 2959 rc = file_has_perm(cred, file,
2910 file_mask_to_av(inode->i_mode, mask)); 2960 file_mask_to_av(inode->i_mode, mask));
2911 if (rc) 2961 if (rc)
2912 return rc; 2962 return rc;
@@ -2917,16 +2967,16 @@ static int selinux_revalidate_file_permission(struct file *file, int mask)
2917static int selinux_file_permission(struct file *file, int mask) 2967static int selinux_file_permission(struct file *file, int mask)
2918{ 2968{
2919 struct inode *inode = file->f_path.dentry->d_inode; 2969 struct inode *inode = file->f_path.dentry->d_inode;
2920 struct task_security_struct *tsec = current->security;
2921 struct file_security_struct *fsec = file->f_security; 2970 struct file_security_struct *fsec = file->f_security;
2922 struct inode_security_struct *isec = inode->i_security; 2971 struct inode_security_struct *isec = inode->i_security;
2972 u32 sid = current_sid();
2923 2973
2924 if (!mask) { 2974 if (!mask) {
2925 /* No permission to check. Existence test. */ 2975 /* No permission to check. Existence test. */
2926 return 0; 2976 return 0;
2927 } 2977 }
2928 2978
2929 if (tsec->sid == fsec->sid && fsec->isid == isec->sid 2979 if (sid == fsec->sid && fsec->isid == isec->sid
2930 && fsec->pseqno == avc_policy_seqno()) 2980 && fsec->pseqno == avc_policy_seqno())
2931 return selinux_netlbl_inode_permission(inode, mask); 2981 return selinux_netlbl_inode_permission(inode, mask);
2932 2982
@@ -2946,6 +2996,7 @@ static void selinux_file_free_security(struct file *file)
2946static int selinux_file_ioctl(struct file *file, unsigned int cmd, 2996static int selinux_file_ioctl(struct file *file, unsigned int cmd,
2947 unsigned long arg) 2997 unsigned long arg)
2948{ 2998{
2999 const struct cred *cred = current_cred();
2949 u32 av = 0; 3000 u32 av = 0;
2950 3001
2951 if (_IOC_DIR(cmd) & _IOC_WRITE) 3002 if (_IOC_DIR(cmd) & _IOC_WRITE)
@@ -2955,11 +3006,14 @@ static int selinux_file_ioctl(struct file *file, unsigned int cmd,
2955 if (!av) 3006 if (!av)
2956 av = FILE__IOCTL; 3007 av = FILE__IOCTL;
2957 3008
2958 return file_has_perm(current, file, av); 3009 return file_has_perm(cred, file, av);
2959} 3010}
2960 3011
2961static int file_map_prot_check(struct file *file, unsigned long prot, int shared) 3012static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
2962{ 3013{
3014 const struct cred *cred = current_cred();
3015 int rc = 0;
3016
2963#ifndef CONFIG_PPC32 3017#ifndef CONFIG_PPC32
2964 if ((prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) { 3018 if ((prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) {
2965 /* 3019 /*
@@ -2967,9 +3021,9 @@ static int file_map_prot_check(struct file *file, unsigned long prot, int shared
2967 * private file mapping that will also be writable. 3021 * private file mapping that will also be writable.
2968 * This has an additional check. 3022 * This has an additional check.
2969 */ 3023 */
2970 int rc = task_has_perm(current, current, PROCESS__EXECMEM); 3024 rc = cred_has_perm(cred, cred, PROCESS__EXECMEM);
2971 if (rc) 3025 if (rc)
2972 return rc; 3026 goto error;
2973 } 3027 }
2974#endif 3028#endif
2975 3029
@@ -2984,9 +3038,11 @@ static int file_map_prot_check(struct file *file, unsigned long prot, int shared
2984 if (prot & PROT_EXEC) 3038 if (prot & PROT_EXEC)
2985 av |= FILE__EXECUTE; 3039 av |= FILE__EXECUTE;
2986 3040
2987 return file_has_perm(current, file, av); 3041 return file_has_perm(cred, file, av);
2988 } 3042 }
2989 return 0; 3043
3044error:
3045 return rc;
2990} 3046}
2991 3047
2992static int selinux_file_mmap(struct file *file, unsigned long reqprot, 3048static int selinux_file_mmap(struct file *file, unsigned long reqprot,
@@ -2994,7 +3050,7 @@ static int selinux_file_mmap(struct file *file, unsigned long reqprot,
2994 unsigned long addr, unsigned long addr_only) 3050 unsigned long addr, unsigned long addr_only)
2995{ 3051{
2996 int rc = 0; 3052 int rc = 0;
2997 u32 sid = ((struct task_security_struct *)(current->security))->sid; 3053 u32 sid = current_sid();
2998 3054
2999 if (addr < mmap_min_addr) 3055 if (addr < mmap_min_addr)
3000 rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT, 3056 rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,
@@ -3013,6 +3069,7 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
3013 unsigned long reqprot, 3069 unsigned long reqprot,
3014 unsigned long prot) 3070 unsigned long prot)
3015{ 3071{
3072 const struct cred *cred = current_cred();
3016 int rc; 3073 int rc;
3017 3074
3018 rc = secondary_ops->file_mprotect(vma, reqprot, prot); 3075 rc = secondary_ops->file_mprotect(vma, reqprot, prot);
@@ -3027,12 +3084,11 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
3027 rc = 0; 3084 rc = 0;
3028 if (vma->vm_start >= vma->vm_mm->start_brk && 3085 if (vma->vm_start >= vma->vm_mm->start_brk &&
3029 vma->vm_end <= vma->vm_mm->brk) { 3086 vma->vm_end <= vma->vm_mm->brk) {
3030 rc = task_has_perm(current, current, 3087 rc = cred_has_perm(cred, cred, PROCESS__EXECHEAP);
3031 PROCESS__EXECHEAP);
3032 } else if (!vma->vm_file && 3088 } else if (!vma->vm_file &&
3033 vma->vm_start <= vma->vm_mm->start_stack && 3089 vma->vm_start <= vma->vm_mm->start_stack &&
3034 vma->vm_end >= vma->vm_mm->start_stack) { 3090 vma->vm_end >= vma->vm_mm->start_stack) {
3035 rc = task_has_perm(current, current, PROCESS__EXECSTACK); 3091 rc = current_has_perm(current, PROCESS__EXECSTACK);
3036 } else if (vma->vm_file && vma->anon_vma) { 3092 } else if (vma->vm_file && vma->anon_vma) {
3037 /* 3093 /*
3038 * We are making executable a file mapping that has 3094 * We are making executable a file mapping that has
@@ -3041,8 +3097,7 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
3041 * modified content. This typically should only 3097 * modified content. This typically should only
3042 * occur for text relocations. 3098 * occur for text relocations.
3043 */ 3099 */
3044 rc = file_has_perm(current, vma->vm_file, 3100 rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD);
3045 FILE__EXECMOD);
3046 } 3101 }
3047 if (rc) 3102 if (rc)
3048 return rc; 3103 return rc;
@@ -3054,12 +3109,15 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
3054 3109
3055static int selinux_file_lock(struct file *file, unsigned int cmd) 3110static int selinux_file_lock(struct file *file, unsigned int cmd)
3056{ 3111{
3057 return file_has_perm(current, file, FILE__LOCK); 3112 const struct cred *cred = current_cred();
3113
3114 return file_has_perm(cred, file, FILE__LOCK);
3058} 3115}
3059 3116
3060static int selinux_file_fcntl(struct file *file, unsigned int cmd, 3117static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3061 unsigned long arg) 3118 unsigned long arg)
3062{ 3119{
3120 const struct cred *cred = current_cred();
3063 int err = 0; 3121 int err = 0;
3064 3122
3065 switch (cmd) { 3123 switch (cmd) {
@@ -3070,7 +3128,7 @@ static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3070 } 3128 }
3071 3129
3072 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) { 3130 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
3073 err = file_has_perm(current, file, FILE__WRITE); 3131 err = file_has_perm(cred, file, FILE__WRITE);
3074 break; 3132 break;
3075 } 3133 }
3076 /* fall through */ 3134 /* fall through */
@@ -3080,7 +3138,7 @@ static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3080 case F_GETOWN: 3138 case F_GETOWN:
3081 case F_GETSIG: 3139 case F_GETSIG:
3082 /* Just check FD__USE permission */ 3140 /* Just check FD__USE permission */
3083 err = file_has_perm(current, file, 0); 3141 err = file_has_perm(cred, file, 0);
3084 break; 3142 break;
3085 case F_GETLK: 3143 case F_GETLK:
3086 case F_SETLK: 3144 case F_SETLK:
@@ -3094,7 +3152,7 @@ static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3094 err = -EINVAL; 3152 err = -EINVAL;
3095 break; 3153 break;
3096 } 3154 }
3097 err = file_has_perm(current, file, FILE__LOCK); 3155 err = file_has_perm(cred, file, FILE__LOCK);
3098 break; 3156 break;
3099 } 3157 }
3100 3158
@@ -3103,12 +3161,10 @@ static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3103 3161
3104static int selinux_file_set_fowner(struct file *file) 3162static int selinux_file_set_fowner(struct file *file)
3105{ 3163{
3106 struct task_security_struct *tsec;
3107 struct file_security_struct *fsec; 3164 struct file_security_struct *fsec;
3108 3165
3109 tsec = current->security;
3110 fsec = file->f_security; 3166 fsec = file->f_security;
3111 fsec->fown_sid = tsec->sid; 3167 fsec->fown_sid = current_sid();
3112 3168
3113 return 0; 3169 return 0;
3114} 3170}
@@ -3117,14 +3173,13 @@ static int selinux_file_send_sigiotask(struct task_struct *tsk,
3117 struct fown_struct *fown, int signum) 3173 struct fown_struct *fown, int signum)
3118{ 3174{
3119 struct file *file; 3175 struct file *file;
3176 u32 sid = current_sid();
3120 u32 perm; 3177 u32 perm;
3121 struct task_security_struct *tsec;
3122 struct file_security_struct *fsec; 3178 struct file_security_struct *fsec;
3123 3179
3124 /* struct fown_struct is never outside the context of a struct file */ 3180 /* struct fown_struct is never outside the context of a struct file */
3125 file = container_of(fown, struct file, f_owner); 3181 file = container_of(fown, struct file, f_owner);
3126 3182
3127 tsec = tsk->security;
3128 fsec = file->f_security; 3183 fsec = file->f_security;
3129 3184
3130 if (!signum) 3185 if (!signum)
@@ -3132,20 +3187,23 @@ static int selinux_file_send_sigiotask(struct task_struct *tsk,
3132 else 3187 else
3133 perm = signal_to_av(signum); 3188 perm = signal_to_av(signum);
3134 3189
3135 return avc_has_perm(fsec->fown_sid, tsec->sid, 3190 return avc_has_perm(fsec->fown_sid, sid,
3136 SECCLASS_PROCESS, perm, NULL); 3191 SECCLASS_PROCESS, perm, NULL);
3137} 3192}
3138 3193
3139static int selinux_file_receive(struct file *file) 3194static int selinux_file_receive(struct file *file)
3140{ 3195{
3141 return file_has_perm(current, file, file_to_av(file)); 3196 const struct cred *cred = current_cred();
3197
3198 return file_has_perm(cred, file, file_to_av(file));
3142} 3199}
3143 3200
3144static int selinux_dentry_open(struct file *file) 3201static int selinux_dentry_open(struct file *file, const struct cred *cred)
3145{ 3202{
3146 struct file_security_struct *fsec; 3203 struct file_security_struct *fsec;
3147 struct inode *inode; 3204 struct inode *inode;
3148 struct inode_security_struct *isec; 3205 struct inode_security_struct *isec;
3206
3149 inode = file->f_path.dentry->d_inode; 3207 inode = file->f_path.dentry->d_inode;
3150 fsec = file->f_security; 3208 fsec = file->f_security;
3151 isec = inode->i_security; 3209 isec = inode->i_security;
@@ -3166,7 +3224,7 @@ static int selinux_dentry_open(struct file *file)
3166 * new inode label or new policy. 3224 * new inode label or new policy.
3167 * This check is not redundant - do not remove. 3225 * This check is not redundant - do not remove.
3168 */ 3226 */
3169 return inode_has_perm(current, inode, file_to_av(file), NULL); 3227 return inode_has_perm(cred, inode, open_file_to_av(file), NULL);
3170} 3228}
3171 3229
3172/* task security operations */ 3230/* task security operations */
@@ -3179,36 +3237,88 @@ static int selinux_task_create(unsigned long clone_flags)
3179 if (rc) 3237 if (rc)
3180 return rc; 3238 return rc;
3181 3239
3182 return task_has_perm(current, current, PROCESS__FORK); 3240 return current_has_perm(current, PROCESS__FORK);
3183} 3241}
3184 3242
3185static int selinux_task_alloc_security(struct task_struct *tsk) 3243/*
3244 * detach and free the LSM part of a set of credentials
3245 */
3246static void selinux_cred_free(struct cred *cred)
3186{ 3247{
3187 struct task_security_struct *tsec1, *tsec2; 3248 struct task_security_struct *tsec = cred->security;
3188 int rc; 3249 cred->security = NULL;
3189 3250 kfree(tsec);
3190 tsec1 = current->security; 3251}
3191 3252
3192 rc = task_alloc_security(tsk); 3253/*
3193 if (rc) 3254 * prepare a new set of credentials for modification
3194 return rc; 3255 */
3195 tsec2 = tsk->security; 3256static int selinux_cred_prepare(struct cred *new, const struct cred *old,
3257 gfp_t gfp)
3258{
3259 const struct task_security_struct *old_tsec;
3260 struct task_security_struct *tsec;
3196 3261
3197 tsec2->osid = tsec1->osid; 3262 old_tsec = old->security;
3198 tsec2->sid = tsec1->sid;
3199 3263
3200 /* Retain the exec, fs, key, and sock SIDs across fork */ 3264 tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp);
3201 tsec2->exec_sid = tsec1->exec_sid; 3265 if (!tsec)
3202 tsec2->create_sid = tsec1->create_sid; 3266 return -ENOMEM;
3203 tsec2->keycreate_sid = tsec1->keycreate_sid;
3204 tsec2->sockcreate_sid = tsec1->sockcreate_sid;
3205 3267
3268 new->security = tsec;
3206 return 0; 3269 return 0;
3207} 3270}
3208 3271
3209static void selinux_task_free_security(struct task_struct *tsk) 3272/*
3273 * commit new credentials
3274 */
3275static void selinux_cred_commit(struct cred *new, const struct cred *old)
3276{
3277 secondary_ops->cred_commit(new, old);
3278}
3279
3280/*
3281 * set the security data for a kernel service
3282 * - all the creation contexts are set to unlabelled
3283 */
3284static int selinux_kernel_act_as(struct cred *new, u32 secid)
3210{ 3285{
3211 task_free_security(tsk); 3286 struct task_security_struct *tsec = new->security;
3287 u32 sid = current_sid();
3288 int ret;
3289
3290 ret = avc_has_perm(sid, secid,
3291 SECCLASS_KERNEL_SERVICE,
3292 KERNEL_SERVICE__USE_AS_OVERRIDE,
3293 NULL);
3294 if (ret == 0) {
3295 tsec->sid = secid;
3296 tsec->create_sid = 0;
3297 tsec->keycreate_sid = 0;
3298 tsec->sockcreate_sid = 0;
3299 }
3300 return ret;
3301}
3302
3303/*
3304 * set the file creation context in a security record to the same as the
3305 * objective context of the specified inode
3306 */
3307static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
3308{
3309 struct inode_security_struct *isec = inode->i_security;
3310 struct task_security_struct *tsec = new->security;
3311 u32 sid = current_sid();
3312 int ret;
3313
3314 ret = avc_has_perm(sid, isec->sid,
3315 SECCLASS_KERNEL_SERVICE,
3316 KERNEL_SERVICE__CREATE_FILES_AS,
3317 NULL);
3318
3319 if (ret == 0)
3320 tsec->create_sid = isec->sid;
3321 return 0;
3212} 3322}
3213 3323
3214static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) 3324static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
@@ -3222,9 +3332,10 @@ static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
3222 return 0; 3332 return 0;
3223} 3333}
3224 3334
3225static int selinux_task_post_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) 3335static int selinux_task_fix_setuid(struct cred *new, const struct cred *old,
3336 int flags)
3226{ 3337{
3227 return secondary_ops->task_post_setuid(id0, id1, id2, flags); 3338 return secondary_ops->task_fix_setuid(new, old, flags);
3228} 3339}
3229 3340
3230static int selinux_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags) 3341static int selinux_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags)
@@ -3235,23 +3346,22 @@ static int selinux_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags)
3235 3346
3236static int selinux_task_setpgid(struct task_struct *p, pid_t pgid) 3347static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
3237{ 3348{
3238 return task_has_perm(current, p, PROCESS__SETPGID); 3349 return current_has_perm(p, PROCESS__SETPGID);
3239} 3350}
3240 3351
3241static int selinux_task_getpgid(struct task_struct *p) 3352static int selinux_task_getpgid(struct task_struct *p)
3242{ 3353{
3243 return task_has_perm(current, p, PROCESS__GETPGID); 3354 return current_has_perm(p, PROCESS__GETPGID);
3244} 3355}
3245 3356
3246static int selinux_task_getsid(struct task_struct *p) 3357static int selinux_task_getsid(struct task_struct *p)
3247{ 3358{
3248 return task_has_perm(current, p, PROCESS__GETSESSION); 3359 return current_has_perm(p, PROCESS__GETSESSION);
3249} 3360}
3250 3361
3251static void selinux_task_getsecid(struct task_struct *p, u32 *secid) 3362static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
3252{ 3363{
3253 struct task_security_struct *tsec = p->security; 3364 *secid = task_sid(p);
3254 *secid = tsec->sid;
3255} 3365}
3256 3366
3257static int selinux_task_setgroups(struct group_info *group_info) 3367static int selinux_task_setgroups(struct group_info *group_info)
@@ -3268,7 +3378,7 @@ static int selinux_task_setnice(struct task_struct *p, int nice)
3268 if (rc) 3378 if (rc)
3269 return rc; 3379 return rc;
3270 3380
3271 return task_has_perm(current, p, PROCESS__SETSCHED); 3381 return current_has_perm(p, PROCESS__SETSCHED);
3272} 3382}
3273 3383
3274static int selinux_task_setioprio(struct task_struct *p, int ioprio) 3384static int selinux_task_setioprio(struct task_struct *p, int ioprio)
@@ -3279,12 +3389,12 @@ static int selinux_task_setioprio(struct task_struct *p, int ioprio)
3279 if (rc) 3389 if (rc)
3280 return rc; 3390 return rc;
3281 3391
3282 return task_has_perm(current, p, PROCESS__SETSCHED); 3392 return current_has_perm(p, PROCESS__SETSCHED);
3283} 3393}
3284 3394
3285static int selinux_task_getioprio(struct task_struct *p) 3395static int selinux_task_getioprio(struct task_struct *p)
3286{ 3396{
3287 return task_has_perm(current, p, PROCESS__GETSCHED); 3397 return current_has_perm(p, PROCESS__GETSCHED);
3288} 3398}
3289 3399
3290static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim) 3400static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim)
@@ -3299,9 +3409,9 @@ static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim
3299 /* Control the ability to change the hard limit (whether 3409 /* Control the ability to change the hard limit (whether
3300 lowering or raising it), so that the hard limit can 3410 lowering or raising it), so that the hard limit can
3301 later be used as a safe reset point for the soft limit 3411 later be used as a safe reset point for the soft limit
3302 upon context transitions. See selinux_bprm_apply_creds. */ 3412 upon context transitions. See selinux_bprm_committing_creds. */
3303 if (old_rlim->rlim_max != new_rlim->rlim_max) 3413 if (old_rlim->rlim_max != new_rlim->rlim_max)
3304 return task_has_perm(current, current, PROCESS__SETRLIMIT); 3414 return current_has_perm(current, PROCESS__SETRLIMIT);
3305 3415
3306 return 0; 3416 return 0;
3307} 3417}
@@ -3314,17 +3424,17 @@ static int selinux_task_setscheduler(struct task_struct *p, int policy, struct s
3314 if (rc) 3424 if (rc)
3315 return rc; 3425 return rc;
3316 3426
3317 return task_has_perm(current, p, PROCESS__SETSCHED); 3427 return current_has_perm(p, PROCESS__SETSCHED);
3318} 3428}
3319 3429
3320static int selinux_task_getscheduler(struct task_struct *p) 3430static int selinux_task_getscheduler(struct task_struct *p)
3321{ 3431{
3322 return task_has_perm(current, p, PROCESS__GETSCHED); 3432 return current_has_perm(p, PROCESS__GETSCHED);
3323} 3433}
3324 3434
3325static int selinux_task_movememory(struct task_struct *p) 3435static int selinux_task_movememory(struct task_struct *p)
3326{ 3436{
3327 return task_has_perm(current, p, PROCESS__SETSCHED); 3437 return current_has_perm(p, PROCESS__SETSCHED);
3328} 3438}
3329 3439
3330static int selinux_task_kill(struct task_struct *p, struct siginfo *info, 3440static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
@@ -3332,7 +3442,6 @@ static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
3332{ 3442{
3333 u32 perm; 3443 u32 perm;
3334 int rc; 3444 int rc;
3335 struct task_security_struct *tsec;
3336 3445
3337 rc = secondary_ops->task_kill(p, info, sig, secid); 3446 rc = secondary_ops->task_kill(p, info, sig, secid);
3338 if (rc) 3447 if (rc)
@@ -3342,11 +3451,11 @@ static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
3342 perm = PROCESS__SIGNULL; /* null signal; existence test */ 3451 perm = PROCESS__SIGNULL; /* null signal; existence test */
3343 else 3452 else
3344 perm = signal_to_av(sig); 3453 perm = signal_to_av(sig);
3345 tsec = p->security;
3346 if (secid) 3454 if (secid)
3347 rc = avc_has_perm(secid, tsec->sid, SECCLASS_PROCESS, perm, NULL); 3455 rc = avc_has_perm(secid, task_sid(p),
3456 SECCLASS_PROCESS, perm, NULL);
3348 else 3457 else
3349 rc = task_has_perm(current, p, perm); 3458 rc = current_has_perm(p, perm);
3350 return rc; 3459 return rc;
3351} 3460}
3352 3461
@@ -3354,13 +3463,12 @@ static int selinux_task_prctl(int option,
3354 unsigned long arg2, 3463 unsigned long arg2,
3355 unsigned long arg3, 3464 unsigned long arg3,
3356 unsigned long arg4, 3465 unsigned long arg4,
3357 unsigned long arg5, 3466 unsigned long arg5)
3358 long *rc_p)
3359{ 3467{
3360 /* The current prctl operations do not appear to require 3468 /* The current prctl operations do not appear to require
3361 any SELinux controls since they merely observe or modify 3469 any SELinux controls since they merely observe or modify
3362 the state of the current process. */ 3470 the state of the current process. */
3363 return secondary_ops->task_prctl(option, arg2, arg3, arg4, arg5, rc_p); 3471 return secondary_ops->task_prctl(option, arg2, arg3, arg4, arg5);
3364} 3472}
3365 3473
3366static int selinux_task_wait(struct task_struct *p) 3474static int selinux_task_wait(struct task_struct *p)
@@ -3368,27 +3476,14 @@ static int selinux_task_wait(struct task_struct *p)
3368 return task_has_perm(p, current, PROCESS__SIGCHLD); 3476 return task_has_perm(p, current, PROCESS__SIGCHLD);
3369} 3477}
3370 3478
3371static void selinux_task_reparent_to_init(struct task_struct *p)
3372{
3373 struct task_security_struct *tsec;
3374
3375 secondary_ops->task_reparent_to_init(p);
3376
3377 tsec = p->security;
3378 tsec->osid = tsec->sid;
3379 tsec->sid = SECINITSID_KERNEL;
3380 return;
3381}
3382
3383static void selinux_task_to_inode(struct task_struct *p, 3479static void selinux_task_to_inode(struct task_struct *p,
3384 struct inode *inode) 3480 struct inode *inode)
3385{ 3481{
3386 struct task_security_struct *tsec = p->security;
3387 struct inode_security_struct *isec = inode->i_security; 3482 struct inode_security_struct *isec = inode->i_security;
3483 u32 sid = task_sid(p);
3388 3484
3389 isec->sid = tsec->sid; 3485 isec->sid = sid;
3390 isec->initialized = 1; 3486 isec->initialized = 1;
3391 return;
3392} 3487}
3393 3488
3394/* Returns error only if unable to parse addresses */ 3489/* Returns error only if unable to parse addresses */
@@ -3627,19 +3722,19 @@ static int socket_has_perm(struct task_struct *task, struct socket *sock,
3627 u32 perms) 3722 u32 perms)
3628{ 3723{
3629 struct inode_security_struct *isec; 3724 struct inode_security_struct *isec;
3630 struct task_security_struct *tsec;
3631 struct avc_audit_data ad; 3725 struct avc_audit_data ad;
3726 u32 sid;
3632 int err = 0; 3727 int err = 0;
3633 3728
3634 tsec = task->security;
3635 isec = SOCK_INODE(sock)->i_security; 3729 isec = SOCK_INODE(sock)->i_security;
3636 3730
3637 if (isec->sid == SECINITSID_KERNEL) 3731 if (isec->sid == SECINITSID_KERNEL)
3638 goto out; 3732 goto out;
3733 sid = task_sid(task);
3639 3734
3640 AVC_AUDIT_DATA_INIT(&ad, NET); 3735 AVC_AUDIT_DATA_INIT(&ad, NET);
3641 ad.u.net.sk = sock->sk; 3736 ad.u.net.sk = sock->sk;
3642 err = avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, &ad); 3737 err = avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);
3643 3738
3644out: 3739out:
3645 return err; 3740 return err;
@@ -3648,18 +3743,20 @@ out:
3648static int selinux_socket_create(int family, int type, 3743static int selinux_socket_create(int family, int type,
3649 int protocol, int kern) 3744 int protocol, int kern)
3650{ 3745{
3746 const struct cred *cred = current_cred();
3747 const struct task_security_struct *tsec = cred->security;
3748 u32 sid, newsid;
3749 u16 secclass;
3651 int err = 0; 3750 int err = 0;
3652 struct task_security_struct *tsec;
3653 u32 newsid;
3654 3751
3655 if (kern) 3752 if (kern)
3656 goto out; 3753 goto out;
3657 3754
3658 tsec = current->security; 3755 sid = tsec->sid;
3659 newsid = tsec->sockcreate_sid ? : tsec->sid; 3756 newsid = tsec->sockcreate_sid ?: sid;
3660 err = avc_has_perm(tsec->sid, newsid, 3757
3661 socket_type_to_security_class(family, type, 3758 secclass = socket_type_to_security_class(family, type, protocol);
3662 protocol), SOCKET__CREATE, NULL); 3759 err = avc_has_perm(sid, newsid, secclass, SOCKET__CREATE, NULL);
3663 3760
3664out: 3761out:
3665 return err; 3762 return err;
@@ -3668,18 +3765,26 @@ out:
3668static int selinux_socket_post_create(struct socket *sock, int family, 3765static int selinux_socket_post_create(struct socket *sock, int family,
3669 int type, int protocol, int kern) 3766 int type, int protocol, int kern)
3670{ 3767{
3671 int err = 0; 3768 const struct cred *cred = current_cred();
3769 const struct task_security_struct *tsec = cred->security;
3672 struct inode_security_struct *isec; 3770 struct inode_security_struct *isec;
3673 struct task_security_struct *tsec;
3674 struct sk_security_struct *sksec; 3771 struct sk_security_struct *sksec;
3675 u32 newsid; 3772 u32 sid, newsid;
3773 int err = 0;
3774
3775 sid = tsec->sid;
3776 newsid = tsec->sockcreate_sid;
3676 3777
3677 isec = SOCK_INODE(sock)->i_security; 3778 isec = SOCK_INODE(sock)->i_security;
3678 3779
3679 tsec = current->security; 3780 if (kern)
3680 newsid = tsec->sockcreate_sid ? : tsec->sid; 3781 isec->sid = SECINITSID_KERNEL;
3782 else if (newsid)
3783 isec->sid = newsid;
3784 else
3785 isec->sid = sid;
3786
3681 isec->sclass = socket_type_to_security_class(family, type, protocol); 3787 isec->sclass = socket_type_to_security_class(family, type, protocol);
3682 isec->sid = kern ? SECINITSID_KERNEL : newsid;
3683 isec->initialized = 1; 3788 isec->initialized = 1;
3684 3789
3685 if (sock->sk) { 3790 if (sock->sk) {
@@ -3714,7 +3819,6 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in
3714 if (family == PF_INET || family == PF_INET6) { 3819 if (family == PF_INET || family == PF_INET6) {
3715 char *addrp; 3820 char *addrp;
3716 struct inode_security_struct *isec; 3821 struct inode_security_struct *isec;
3717 struct task_security_struct *tsec;
3718 struct avc_audit_data ad; 3822 struct avc_audit_data ad;
3719 struct sockaddr_in *addr4 = NULL; 3823 struct sockaddr_in *addr4 = NULL;
3720 struct sockaddr_in6 *addr6 = NULL; 3824 struct sockaddr_in6 *addr6 = NULL;
@@ -3722,7 +3826,6 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in
3722 struct sock *sk = sock->sk; 3826 struct sock *sk = sock->sk;
3723 u32 sid, node_perm; 3827 u32 sid, node_perm;
3724 3828
3725 tsec = current->security;
3726 isec = SOCK_INODE(sock)->i_security; 3829 isec = SOCK_INODE(sock)->i_security;
3727 3830
3728 if (family == PF_INET) { 3831 if (family == PF_INET) {
@@ -4387,7 +4490,7 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
4387 "SELinux: unrecognized netlink message" 4490 "SELinux: unrecognized netlink message"
4388 " type=%hu for sclass=%hu\n", 4491 " type=%hu for sclass=%hu\n",
4389 nlh->nlmsg_type, isec->sclass); 4492 nlh->nlmsg_type, isec->sclass);
4390 if (!selinux_enforcing) 4493 if (!selinux_enforcing || security_get_allow_unknown())
4391 err = 0; 4494 err = 0;
4392 } 4495 }
4393 4496
@@ -4763,15 +4866,16 @@ static int ipc_alloc_security(struct task_struct *task,
4763 struct kern_ipc_perm *perm, 4866 struct kern_ipc_perm *perm,
4764 u16 sclass) 4867 u16 sclass)
4765{ 4868{
4766 struct task_security_struct *tsec = task->security;
4767 struct ipc_security_struct *isec; 4869 struct ipc_security_struct *isec;
4870 u32 sid;
4768 4871
4769 isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL); 4872 isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL);
4770 if (!isec) 4873 if (!isec)
4771 return -ENOMEM; 4874 return -ENOMEM;
4772 4875
4876 sid = task_sid(task);
4773 isec->sclass = sclass; 4877 isec->sclass = sclass;
4774 isec->sid = tsec->sid; 4878 isec->sid = sid;
4775 perm->security = isec; 4879 perm->security = isec;
4776 4880
4777 return 0; 4881 return 0;
@@ -4809,17 +4913,16 @@ static void msg_msg_free_security(struct msg_msg *msg)
4809static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, 4913static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
4810 u32 perms) 4914 u32 perms)
4811{ 4915{
4812 struct task_security_struct *tsec;
4813 struct ipc_security_struct *isec; 4916 struct ipc_security_struct *isec;
4814 struct avc_audit_data ad; 4917 struct avc_audit_data ad;
4918 u32 sid = current_sid();
4815 4919
4816 tsec = current->security;
4817 isec = ipc_perms->security; 4920 isec = ipc_perms->security;
4818 4921
4819 AVC_AUDIT_DATA_INIT(&ad, IPC); 4922 AVC_AUDIT_DATA_INIT(&ad, IPC);
4820 ad.u.ipc_id = ipc_perms->key; 4923 ad.u.ipc_id = ipc_perms->key;
4821 4924
4822 return avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, &ad); 4925 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);
4823} 4926}
4824 4927
4825static int selinux_msg_msg_alloc_security(struct msg_msg *msg) 4928static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
@@ -4835,22 +4938,21 @@ static void selinux_msg_msg_free_security(struct msg_msg *msg)
4835/* message queue security operations */ 4938/* message queue security operations */
4836static int selinux_msg_queue_alloc_security(struct msg_queue *msq) 4939static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
4837{ 4940{
4838 struct task_security_struct *tsec;
4839 struct ipc_security_struct *isec; 4941 struct ipc_security_struct *isec;
4840 struct avc_audit_data ad; 4942 struct avc_audit_data ad;
4943 u32 sid = current_sid();
4841 int rc; 4944 int rc;
4842 4945
4843 rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ); 4946 rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ);
4844 if (rc) 4947 if (rc)
4845 return rc; 4948 return rc;
4846 4949
4847 tsec = current->security;
4848 isec = msq->q_perm.security; 4950 isec = msq->q_perm.security;
4849 4951
4850 AVC_AUDIT_DATA_INIT(&ad, IPC); 4952 AVC_AUDIT_DATA_INIT(&ad, IPC);
4851 ad.u.ipc_id = msq->q_perm.key; 4953 ad.u.ipc_id = msq->q_perm.key;
4852 4954
4853 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ, 4955 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
4854 MSGQ__CREATE, &ad); 4956 MSGQ__CREATE, &ad);
4855 if (rc) { 4957 if (rc) {
4856 ipc_free_security(&msq->q_perm); 4958 ipc_free_security(&msq->q_perm);
@@ -4866,17 +4968,16 @@ static void selinux_msg_queue_free_security(struct msg_queue *msq)
4866 4968
4867static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg) 4969static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
4868{ 4970{
4869 struct task_security_struct *tsec;
4870 struct ipc_security_struct *isec; 4971 struct ipc_security_struct *isec;
4871 struct avc_audit_data ad; 4972 struct avc_audit_data ad;
4973 u32 sid = current_sid();
4872 4974
4873 tsec = current->security;
4874 isec = msq->q_perm.security; 4975 isec = msq->q_perm.security;
4875 4976
4876 AVC_AUDIT_DATA_INIT(&ad, IPC); 4977 AVC_AUDIT_DATA_INIT(&ad, IPC);
4877 ad.u.ipc_id = msq->q_perm.key; 4978 ad.u.ipc_id = msq->q_perm.key;
4878 4979
4879 return avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ, 4980 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
4880 MSGQ__ASSOCIATE, &ad); 4981 MSGQ__ASSOCIATE, &ad);
4881} 4982}
4882 4983
@@ -4910,13 +5011,12 @@ static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)
4910 5011
4911static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg) 5012static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg)
4912{ 5013{
4913 struct task_security_struct *tsec;
4914 struct ipc_security_struct *isec; 5014 struct ipc_security_struct *isec;
4915 struct msg_security_struct *msec; 5015 struct msg_security_struct *msec;
4916 struct avc_audit_data ad; 5016 struct avc_audit_data ad;
5017 u32 sid = current_sid();
4917 int rc; 5018 int rc;
4918 5019
4919 tsec = current->security;
4920 isec = msq->q_perm.security; 5020 isec = msq->q_perm.security;
4921 msec = msg->security; 5021 msec = msg->security;
4922 5022
@@ -4928,9 +5028,7 @@ static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
4928 * Compute new sid based on current process and 5028 * Compute new sid based on current process and
4929 * message queue this message will be stored in 5029 * message queue this message will be stored in
4930 */ 5030 */
4931 rc = security_transition_sid(tsec->sid, 5031 rc = security_transition_sid(sid, isec->sid, SECCLASS_MSG,
4932 isec->sid,
4933 SECCLASS_MSG,
4934 &msec->sid); 5032 &msec->sid);
4935 if (rc) 5033 if (rc)
4936 return rc; 5034 return rc;
@@ -4940,16 +5038,16 @@ static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
4940 ad.u.ipc_id = msq->q_perm.key; 5038 ad.u.ipc_id = msq->q_perm.key;
4941 5039
4942 /* Can this process write to the queue? */ 5040 /* Can this process write to the queue? */
4943 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ, 5041 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
4944 MSGQ__WRITE, &ad); 5042 MSGQ__WRITE, &ad);
4945 if (!rc) 5043 if (!rc)
4946 /* Can this process send the message */ 5044 /* Can this process send the message */
4947 rc = avc_has_perm(tsec->sid, msec->sid, 5045 rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG,
4948 SECCLASS_MSG, MSG__SEND, &ad); 5046 MSG__SEND, &ad);
4949 if (!rc) 5047 if (!rc)
4950 /* Can the message be put in the queue? */ 5048 /* Can the message be put in the queue? */
4951 rc = avc_has_perm(msec->sid, isec->sid, 5049 rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ,
4952 SECCLASS_MSGQ, MSGQ__ENQUEUE, &ad); 5050 MSGQ__ENQUEUE, &ad);
4953 5051
4954 return rc; 5052 return rc;
4955} 5053}
@@ -4958,23 +5056,22 @@ static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
4958 struct task_struct *target, 5056 struct task_struct *target,
4959 long type, int mode) 5057 long type, int mode)
4960{ 5058{
4961 struct task_security_struct *tsec;
4962 struct ipc_security_struct *isec; 5059 struct ipc_security_struct *isec;
4963 struct msg_security_struct *msec; 5060 struct msg_security_struct *msec;
4964 struct avc_audit_data ad; 5061 struct avc_audit_data ad;
5062 u32 sid = task_sid(target);
4965 int rc; 5063 int rc;
4966 5064
4967 tsec = target->security;
4968 isec = msq->q_perm.security; 5065 isec = msq->q_perm.security;
4969 msec = msg->security; 5066 msec = msg->security;
4970 5067
4971 AVC_AUDIT_DATA_INIT(&ad, IPC); 5068 AVC_AUDIT_DATA_INIT(&ad, IPC);
4972 ad.u.ipc_id = msq->q_perm.key; 5069 ad.u.ipc_id = msq->q_perm.key;
4973 5070
4974 rc = avc_has_perm(tsec->sid, isec->sid, 5071 rc = avc_has_perm(sid, isec->sid,
4975 SECCLASS_MSGQ, MSGQ__READ, &ad); 5072 SECCLASS_MSGQ, MSGQ__READ, &ad);
4976 if (!rc) 5073 if (!rc)
4977 rc = avc_has_perm(tsec->sid, msec->sid, 5074 rc = avc_has_perm(sid, msec->sid,
4978 SECCLASS_MSG, MSG__RECEIVE, &ad); 5075 SECCLASS_MSG, MSG__RECEIVE, &ad);
4979 return rc; 5076 return rc;
4980} 5077}
@@ -4982,22 +5079,21 @@ static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
4982/* Shared Memory security operations */ 5079/* Shared Memory security operations */
4983static int selinux_shm_alloc_security(struct shmid_kernel *shp) 5080static int selinux_shm_alloc_security(struct shmid_kernel *shp)
4984{ 5081{
4985 struct task_security_struct *tsec;
4986 struct ipc_security_struct *isec; 5082 struct ipc_security_struct *isec;
4987 struct avc_audit_data ad; 5083 struct avc_audit_data ad;
5084 u32 sid = current_sid();
4988 int rc; 5085 int rc;
4989 5086
4990 rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM); 5087 rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM);
4991 if (rc) 5088 if (rc)
4992 return rc; 5089 return rc;
4993 5090
4994 tsec = current->security;
4995 isec = shp->shm_perm.security; 5091 isec = shp->shm_perm.security;
4996 5092
4997 AVC_AUDIT_DATA_INIT(&ad, IPC); 5093 AVC_AUDIT_DATA_INIT(&ad, IPC);
4998 ad.u.ipc_id = shp->shm_perm.key; 5094 ad.u.ipc_id = shp->shm_perm.key;
4999 5095
5000 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_SHM, 5096 rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM,
5001 SHM__CREATE, &ad); 5097 SHM__CREATE, &ad);
5002 if (rc) { 5098 if (rc) {
5003 ipc_free_security(&shp->shm_perm); 5099 ipc_free_security(&shp->shm_perm);
@@ -5013,17 +5109,16 @@ static void selinux_shm_free_security(struct shmid_kernel *shp)
5013 5109
5014static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg) 5110static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
5015{ 5111{
5016 struct task_security_struct *tsec;
5017 struct ipc_security_struct *isec; 5112 struct ipc_security_struct *isec;
5018 struct avc_audit_data ad; 5113 struct avc_audit_data ad;
5114 u32 sid = current_sid();
5019 5115
5020 tsec = current->security;
5021 isec = shp->shm_perm.security; 5116 isec = shp->shm_perm.security;
5022 5117
5023 AVC_AUDIT_DATA_INIT(&ad, IPC); 5118 AVC_AUDIT_DATA_INIT(&ad, IPC);
5024 ad.u.ipc_id = shp->shm_perm.key; 5119 ad.u.ipc_id = shp->shm_perm.key;
5025 5120
5026 return avc_has_perm(tsec->sid, isec->sid, SECCLASS_SHM, 5121 return avc_has_perm(sid, isec->sid, SECCLASS_SHM,
5027 SHM__ASSOCIATE, &ad); 5122 SHM__ASSOCIATE, &ad);
5028} 5123}
5029 5124
@@ -5081,22 +5176,21 @@ static int selinux_shm_shmat(struct shmid_kernel *shp,
5081/* Semaphore security operations */ 5176/* Semaphore security operations */
5082static int selinux_sem_alloc_security(struct sem_array *sma) 5177static int selinux_sem_alloc_security(struct sem_array *sma)
5083{ 5178{
5084 struct task_security_struct *tsec;
5085 struct ipc_security_struct *isec; 5179 struct ipc_security_struct *isec;
5086 struct avc_audit_data ad; 5180 struct avc_audit_data ad;
5181 u32 sid = current_sid();
5087 int rc; 5182 int rc;
5088 5183
5089 rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM); 5184 rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM);
5090 if (rc) 5185 if (rc)
5091 return rc; 5186 return rc;
5092 5187
5093 tsec = current->security;
5094 isec = sma->sem_perm.security; 5188 isec = sma->sem_perm.security;
5095 5189
5096 AVC_AUDIT_DATA_INIT(&ad, IPC); 5190 AVC_AUDIT_DATA_INIT(&ad, IPC);
5097 ad.u.ipc_id = sma->sem_perm.key; 5191 ad.u.ipc_id = sma->sem_perm.key;
5098 5192
5099 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_SEM, 5193 rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5100 SEM__CREATE, &ad); 5194 SEM__CREATE, &ad);
5101 if (rc) { 5195 if (rc) {
5102 ipc_free_security(&sma->sem_perm); 5196 ipc_free_security(&sma->sem_perm);
@@ -5112,17 +5206,16 @@ static void selinux_sem_free_security(struct sem_array *sma)
5112 5206
5113static int selinux_sem_associate(struct sem_array *sma, int semflg) 5207static int selinux_sem_associate(struct sem_array *sma, int semflg)
5114{ 5208{
5115 struct task_security_struct *tsec;
5116 struct ipc_security_struct *isec; 5209 struct ipc_security_struct *isec;
5117 struct avc_audit_data ad; 5210 struct avc_audit_data ad;
5211 u32 sid = current_sid();
5118 5212
5119 tsec = current->security;
5120 isec = sma->sem_perm.security; 5213 isec = sma->sem_perm.security;
5121 5214
5122 AVC_AUDIT_DATA_INIT(&ad, IPC); 5215 AVC_AUDIT_DATA_INIT(&ad, IPC);
5123 ad.u.ipc_id = sma->sem_perm.key; 5216 ad.u.ipc_id = sma->sem_perm.key;
5124 5217
5125 return avc_has_perm(tsec->sid, isec->sid, SECCLASS_SEM, 5218 return avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5126 SEM__ASSOCIATE, &ad); 5219 SEM__ASSOCIATE, &ad);
5127} 5220}
5128 5221
@@ -5212,33 +5305,35 @@ static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
5212static int selinux_getprocattr(struct task_struct *p, 5305static int selinux_getprocattr(struct task_struct *p,
5213 char *name, char **value) 5306 char *name, char **value)
5214{ 5307{
5215 struct task_security_struct *tsec; 5308 const struct task_security_struct *__tsec;
5216 u32 sid; 5309 u32 sid;
5217 int error; 5310 int error;
5218 unsigned len; 5311 unsigned len;
5219 5312
5220 if (current != p) { 5313 if (current != p) {
5221 error = task_has_perm(current, p, PROCESS__GETATTR); 5314 error = current_has_perm(p, PROCESS__GETATTR);
5222 if (error) 5315 if (error)
5223 return error; 5316 return error;
5224 } 5317 }
5225 5318
5226 tsec = p->security; 5319 rcu_read_lock();
5320 __tsec = __task_cred(p)->security;
5227 5321
5228 if (!strcmp(name, "current")) 5322 if (!strcmp(name, "current"))
5229 sid = tsec->sid; 5323 sid = __tsec->sid;
5230 else if (!strcmp(name, "prev")) 5324 else if (!strcmp(name, "prev"))
5231 sid = tsec->osid; 5325 sid = __tsec->osid;
5232 else if (!strcmp(name, "exec")) 5326 else if (!strcmp(name, "exec"))
5233 sid = tsec->exec_sid; 5327 sid = __tsec->exec_sid;
5234 else if (!strcmp(name, "fscreate")) 5328 else if (!strcmp(name, "fscreate"))
5235 sid = tsec->create_sid; 5329 sid = __tsec->create_sid;
5236 else if (!strcmp(name, "keycreate")) 5330 else if (!strcmp(name, "keycreate"))
5237 sid = tsec->keycreate_sid; 5331 sid = __tsec->keycreate_sid;
5238 else if (!strcmp(name, "sockcreate")) 5332 else if (!strcmp(name, "sockcreate"))
5239 sid = tsec->sockcreate_sid; 5333 sid = __tsec->sockcreate_sid;
5240 else 5334 else
5241 return -EINVAL; 5335 goto invalid;
5336 rcu_read_unlock();
5242 5337
5243 if (!sid) 5338 if (!sid)
5244 return 0; 5339 return 0;
@@ -5247,6 +5342,10 @@ static int selinux_getprocattr(struct task_struct *p,
5247 if (error) 5342 if (error)
5248 return error; 5343 return error;
5249 return len; 5344 return len;
5345
5346invalid:
5347 rcu_read_unlock();
5348 return -EINVAL;
5250} 5349}
5251 5350
5252static int selinux_setprocattr(struct task_struct *p, 5351static int selinux_setprocattr(struct task_struct *p,
@@ -5254,7 +5353,8 @@ static int selinux_setprocattr(struct task_struct *p,
5254{ 5353{
5255 struct task_security_struct *tsec; 5354 struct task_security_struct *tsec;
5256 struct task_struct *tracer; 5355 struct task_struct *tracer;
5257 u32 sid = 0; 5356 struct cred *new;
5357 u32 sid = 0, ptsid;
5258 int error; 5358 int error;
5259 char *str = value; 5359 char *str = value;
5260 5360
@@ -5270,15 +5370,15 @@ static int selinux_setprocattr(struct task_struct *p,
5270 * above restriction is ever removed. 5370 * above restriction is ever removed.
5271 */ 5371 */
5272 if (!strcmp(name, "exec")) 5372 if (!strcmp(name, "exec"))
5273 error = task_has_perm(current, p, PROCESS__SETEXEC); 5373 error = current_has_perm(p, PROCESS__SETEXEC);
5274 else if (!strcmp(name, "fscreate")) 5374 else if (!strcmp(name, "fscreate"))
5275 error = task_has_perm(current, p, PROCESS__SETFSCREATE); 5375 error = current_has_perm(p, PROCESS__SETFSCREATE);
5276 else if (!strcmp(name, "keycreate")) 5376 else if (!strcmp(name, "keycreate"))
5277 error = task_has_perm(current, p, PROCESS__SETKEYCREATE); 5377 error = current_has_perm(p, PROCESS__SETKEYCREATE);
5278 else if (!strcmp(name, "sockcreate")) 5378 else if (!strcmp(name, "sockcreate"))
5279 error = task_has_perm(current, p, PROCESS__SETSOCKCREATE); 5379 error = current_has_perm(p, PROCESS__SETSOCKCREATE);
5280 else if (!strcmp(name, "current")) 5380 else if (!strcmp(name, "current"))
5281 error = task_has_perm(current, p, PROCESS__SETCURRENT); 5381 error = current_has_perm(p, PROCESS__SETCURRENT);
5282 else 5382 else
5283 error = -EINVAL; 5383 error = -EINVAL;
5284 if (error) 5384 if (error)
@@ -5301,87 +5401,75 @@ static int selinux_setprocattr(struct task_struct *p,
5301 return error; 5401 return error;
5302 } 5402 }
5303 5403
5404 new = prepare_creds();
5405 if (!new)
5406 return -ENOMEM;
5407
5304 /* Permission checking based on the specified context is 5408 /* Permission checking based on the specified context is
5305 performed during the actual operation (execve, 5409 performed during the actual operation (execve,
5306 open/mkdir/...), when we know the full context of the 5410 open/mkdir/...), when we know the full context of the
5307 operation. See selinux_bprm_set_security for the execve 5411 operation. See selinux_bprm_set_creds for the execve
5308 checks and may_create for the file creation checks. The 5412 checks and may_create for the file creation checks. The
5309 operation will then fail if the context is not permitted. */ 5413 operation will then fail if the context is not permitted. */
5310 tsec = p->security; 5414 tsec = new->security;
5311 if (!strcmp(name, "exec")) 5415 if (!strcmp(name, "exec")) {
5312 tsec->exec_sid = sid; 5416 tsec->exec_sid = sid;
5313 else if (!strcmp(name, "fscreate")) 5417 } else if (!strcmp(name, "fscreate")) {
5314 tsec->create_sid = sid; 5418 tsec->create_sid = sid;
5315 else if (!strcmp(name, "keycreate")) { 5419 } else if (!strcmp(name, "keycreate")) {
5316 error = may_create_key(sid, p); 5420 error = may_create_key(sid, p);
5317 if (error) 5421 if (error)
5318 return error; 5422 goto abort_change;
5319 tsec->keycreate_sid = sid; 5423 tsec->keycreate_sid = sid;
5320 } else if (!strcmp(name, "sockcreate")) 5424 } else if (!strcmp(name, "sockcreate")) {
5321 tsec->sockcreate_sid = sid; 5425 tsec->sockcreate_sid = sid;
5322 else if (!strcmp(name, "current")) { 5426 } else if (!strcmp(name, "current")) {
5323 struct av_decision avd; 5427 error = -EINVAL;
5324
5325 if (sid == 0) 5428 if (sid == 0)
5326 return -EINVAL; 5429 goto abort_change;
5327 /* 5430
5328 * SELinux allows to change context in the following case only. 5431 /* Only allow single threaded processes to change context */
5329 * - Single threaded processes. 5432 error = -EPERM;
5330 * - Multi threaded processes intend to change its context into 5433 if (!is_single_threaded(p)) {
5331 * more restricted domain (defined by TYPEBOUNDS statement). 5434 error = security_bounded_transition(tsec->sid, sid);
5332 */ 5435 if (error)
5333 if (atomic_read(&p->mm->mm_users) != 1) { 5436 goto abort_change;
5334 struct task_struct *g, *t;
5335 struct mm_struct *mm = p->mm;
5336 read_lock(&tasklist_lock);
5337 do_each_thread(g, t) {
5338 if (t->mm == mm && t != p) {
5339 read_unlock(&tasklist_lock);
5340 error = security_bounded_transition(tsec->sid, sid);
5341 if (!error)
5342 goto boundary_ok;
5343
5344 return error;
5345 }
5346 } while_each_thread(g, t);
5347 read_unlock(&tasklist_lock);
5348 } 5437 }
5349boundary_ok:
5350 5438
5351 /* Check permissions for the transition. */ 5439 /* Check permissions for the transition. */
5352 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS, 5440 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
5353 PROCESS__DYNTRANSITION, NULL); 5441 PROCESS__DYNTRANSITION, NULL);
5354 if (error) 5442 if (error)
5355 return error; 5443 goto abort_change;
5356 5444
5357 /* Check for ptracing, and update the task SID if ok. 5445 /* Check for ptracing, and update the task SID if ok.
5358 Otherwise, leave SID unchanged and fail. */ 5446 Otherwise, leave SID unchanged and fail. */
5447 ptsid = 0;
5359 task_lock(p); 5448 task_lock(p);
5360 rcu_read_lock();
5361 tracer = tracehook_tracer_task(p); 5449 tracer = tracehook_tracer_task(p);
5362 if (tracer != NULL) { 5450 if (tracer)
5363 struct task_security_struct *ptsec = tracer->security; 5451 ptsid = task_sid(tracer);
5364 u32 ptsid = ptsec->sid; 5452 task_unlock(p);
5365 rcu_read_unlock(); 5453
5366 error = avc_has_perm_noaudit(ptsid, sid, 5454 if (tracer) {
5367 SECCLASS_PROCESS, 5455 error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,
5368 PROCESS__PTRACE, 0, &avd); 5456 PROCESS__PTRACE, NULL);
5369 if (!error)
5370 tsec->sid = sid;
5371 task_unlock(p);
5372 avc_audit(ptsid, sid, SECCLASS_PROCESS,
5373 PROCESS__PTRACE, &avd, error, NULL);
5374 if (error) 5457 if (error)
5375 return error; 5458 goto abort_change;
5376 } else {
5377 rcu_read_unlock();
5378 tsec->sid = sid;
5379 task_unlock(p);
5380 } 5459 }
5381 } else
5382 return -EINVAL;
5383 5460
5461 tsec->sid = sid;
5462 } else {
5463 error = -EINVAL;
5464 goto abort_change;
5465 }
5466
5467 commit_creds(new);
5384 return size; 5468 return size;
5469
5470abort_change:
5471 abort_creds(new);
5472 return error;
5385} 5473}
5386 5474
5387static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 5475static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
@@ -5401,22 +5489,23 @@ static void selinux_release_secctx(char *secdata, u32 seclen)
5401 5489
5402#ifdef CONFIG_KEYS 5490#ifdef CONFIG_KEYS
5403 5491
5404static int selinux_key_alloc(struct key *k, struct task_struct *tsk, 5492static int selinux_key_alloc(struct key *k, const struct cred *cred,
5405 unsigned long flags) 5493 unsigned long flags)
5406{ 5494{
5407 struct task_security_struct *tsec = tsk->security; 5495 const struct task_security_struct *tsec;
5408 struct key_security_struct *ksec; 5496 struct key_security_struct *ksec;
5409 5497
5410 ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL); 5498 ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);
5411 if (!ksec) 5499 if (!ksec)
5412 return -ENOMEM; 5500 return -ENOMEM;
5413 5501
5502 tsec = cred->security;
5414 if (tsec->keycreate_sid) 5503 if (tsec->keycreate_sid)
5415 ksec->sid = tsec->keycreate_sid; 5504 ksec->sid = tsec->keycreate_sid;
5416 else 5505 else
5417 ksec->sid = tsec->sid; 5506 ksec->sid = tsec->sid;
5418 k->security = ksec;
5419 5507
5508 k->security = ksec;
5420 return 0; 5509 return 0;
5421} 5510}
5422 5511
@@ -5429,17 +5518,12 @@ static void selinux_key_free(struct key *k)
5429} 5518}
5430 5519
5431static int selinux_key_permission(key_ref_t key_ref, 5520static int selinux_key_permission(key_ref_t key_ref,
5432 struct task_struct *ctx, 5521 const struct cred *cred,
5433 key_perm_t perm) 5522 key_perm_t perm)
5434{ 5523{
5435 struct key *key; 5524 struct key *key;
5436 struct task_security_struct *tsec;
5437 struct key_security_struct *ksec; 5525 struct key_security_struct *ksec;
5438 5526 u32 sid;
5439 key = key_ref_to_ptr(key_ref);
5440
5441 tsec = ctx->security;
5442 ksec = key->security;
5443 5527
5444 /* if no specific permissions are requested, we skip the 5528 /* if no specific permissions are requested, we skip the
5445 permission check. No serious, additional covert channels 5529 permission check. No serious, additional covert channels
@@ -5447,8 +5531,12 @@ static int selinux_key_permission(key_ref_t key_ref,
5447 if (perm == 0) 5531 if (perm == 0)
5448 return 0; 5532 return 0;
5449 5533
5450 return avc_has_perm(tsec->sid, ksec->sid, 5534 sid = cred_sid(cred);
5451 SECCLASS_KEY, perm, NULL); 5535
5536 key = key_ref_to_ptr(key_ref);
5537 ksec = key->security;
5538
5539 return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, perm, NULL);
5452} 5540}
5453 5541
5454static int selinux_key_getsecurity(struct key *key, char **_buffer) 5542static int selinux_key_getsecurity(struct key *key, char **_buffer)
@@ -5473,8 +5561,7 @@ static struct security_operations selinux_ops = {
5473 .ptrace_may_access = selinux_ptrace_may_access, 5561 .ptrace_may_access = selinux_ptrace_may_access,
5474 .ptrace_traceme = selinux_ptrace_traceme, 5562 .ptrace_traceme = selinux_ptrace_traceme,
5475 .capget = selinux_capget, 5563 .capget = selinux_capget,
5476 .capset_check = selinux_capset_check, 5564 .capset = selinux_capset,
5477 .capset_set = selinux_capset_set,
5478 .sysctl = selinux_sysctl, 5565 .sysctl = selinux_sysctl,
5479 .capable = selinux_capable, 5566 .capable = selinux_capable,
5480 .quotactl = selinux_quotactl, 5567 .quotactl = selinux_quotactl,
@@ -5485,12 +5572,10 @@ static struct security_operations selinux_ops = {
5485 .netlink_send = selinux_netlink_send, 5572 .netlink_send = selinux_netlink_send,
5486 .netlink_recv = selinux_netlink_recv, 5573 .netlink_recv = selinux_netlink_recv,
5487 5574
5488 .bprm_alloc_security = selinux_bprm_alloc_security, 5575 .bprm_set_creds = selinux_bprm_set_creds,
5489 .bprm_free_security = selinux_bprm_free_security,
5490 .bprm_apply_creds = selinux_bprm_apply_creds,
5491 .bprm_post_apply_creds = selinux_bprm_post_apply_creds,
5492 .bprm_set_security = selinux_bprm_set_security,
5493 .bprm_check_security = selinux_bprm_check_security, 5576 .bprm_check_security = selinux_bprm_check_security,
5577 .bprm_committing_creds = selinux_bprm_committing_creds,
5578 .bprm_committed_creds = selinux_bprm_committed_creds,
5494 .bprm_secureexec = selinux_bprm_secureexec, 5579 .bprm_secureexec = selinux_bprm_secureexec,
5495 5580
5496 .sb_alloc_security = selinux_sb_alloc_security, 5581 .sb_alloc_security = selinux_sb_alloc_security,
@@ -5549,10 +5634,13 @@ static struct security_operations selinux_ops = {
5549 .dentry_open = selinux_dentry_open, 5634 .dentry_open = selinux_dentry_open,
5550 5635
5551 .task_create = selinux_task_create, 5636 .task_create = selinux_task_create,
5552 .task_alloc_security = selinux_task_alloc_security, 5637 .cred_free = selinux_cred_free,
5553 .task_free_security = selinux_task_free_security, 5638 .cred_prepare = selinux_cred_prepare,
5639 .cred_commit = selinux_cred_commit,
5640 .kernel_act_as = selinux_kernel_act_as,
5641 .kernel_create_files_as = selinux_kernel_create_files_as,
5554 .task_setuid = selinux_task_setuid, 5642 .task_setuid = selinux_task_setuid,
5555 .task_post_setuid = selinux_task_post_setuid, 5643 .task_fix_setuid = selinux_task_fix_setuid,
5556 .task_setgid = selinux_task_setgid, 5644 .task_setgid = selinux_task_setgid,
5557 .task_setpgid = selinux_task_setpgid, 5645 .task_setpgid = selinux_task_setpgid,
5558 .task_getpgid = selinux_task_getpgid, 5646 .task_getpgid = selinux_task_getpgid,
@@ -5569,7 +5657,6 @@ static struct security_operations selinux_ops = {
5569 .task_kill = selinux_task_kill, 5657 .task_kill = selinux_task_kill,
5570 .task_wait = selinux_task_wait, 5658 .task_wait = selinux_task_wait,
5571 .task_prctl = selinux_task_prctl, 5659 .task_prctl = selinux_task_prctl,
5572 .task_reparent_to_init = selinux_task_reparent_to_init,
5573 .task_to_inode = selinux_task_to_inode, 5660 .task_to_inode = selinux_task_to_inode,
5574 5661
5575 .ipc_permission = selinux_ipc_permission, 5662 .ipc_permission = selinux_ipc_permission,
@@ -5665,8 +5752,6 @@ static struct security_operations selinux_ops = {
5665 5752
5666static __init int selinux_init(void) 5753static __init int selinux_init(void)
5667{ 5754{
5668 struct task_security_struct *tsec;
5669
5670 if (!security_module_enable(&selinux_ops)) { 5755 if (!security_module_enable(&selinux_ops)) {
5671 selinux_enabled = 0; 5756 selinux_enabled = 0;
5672 return 0; 5757 return 0;
@@ -5680,10 +5765,7 @@ static __init int selinux_init(void)
5680 printk(KERN_INFO "SELinux: Initializing.\n"); 5765 printk(KERN_INFO "SELinux: Initializing.\n");
5681 5766
5682 /* Set the security state for the initial task. */ 5767 /* Set the security state for the initial task. */
5683 if (task_alloc_security(current)) 5768 cred_init_security();
5684 panic("SELinux: Failed to initialize initial task.\n");
5685 tsec = current->security;
5686 tsec->osid = tsec->sid = SECINITSID_KERNEL;
5687 5769
5688 sel_inode_cache = kmem_cache_create("selinux_inode_security", 5770 sel_inode_cache = kmem_cache_create("selinux_inode_security",
5689 sizeof(struct inode_security_struct), 5771 sizeof(struct inode_security_struct),
diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h
index 1223b4ff9bee..c0c885427b91 100644
--- a/security/selinux/include/av_perm_to_string.h
+++ b/security/selinux/include/av_perm_to_string.h
@@ -176,3 +176,5 @@
176 S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NAME_CONNECT, "name_connect") 176 S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NAME_CONNECT, "name_connect")
177 S_(SECCLASS_MEMPROTECT, MEMPROTECT__MMAP_ZERO, "mmap_zero") 177 S_(SECCLASS_MEMPROTECT, MEMPROTECT__MMAP_ZERO, "mmap_zero")
178 S_(SECCLASS_PEER, PEER__RECV, "recv") 178 S_(SECCLASS_PEER, PEER__RECV, "recv")
179 S_(SECCLASS_KERNEL_SERVICE, KERNEL_SERVICE__USE_AS_OVERRIDE, "use_as_override")
180 S_(SECCLASS_KERNEL_SERVICE, KERNEL_SERVICE__CREATE_FILES_AS, "create_files_as")
diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h
index c4c51165c505..0ba79fe00e11 100644
--- a/security/selinux/include/av_permissions.h
+++ b/security/selinux/include/av_permissions.h
@@ -841,3 +841,5 @@
841#define DCCP_SOCKET__NAME_CONNECT 0x00800000UL 841#define DCCP_SOCKET__NAME_CONNECT 0x00800000UL
842#define MEMPROTECT__MMAP_ZERO 0x00000001UL 842#define MEMPROTECT__MMAP_ZERO 0x00000001UL
843#define PEER__RECV 0x00000001UL 843#define PEER__RECV 0x00000001UL
844#define KERNEL_SERVICE__USE_AS_OVERRIDE 0x00000001UL
845#define KERNEL_SERVICE__CREATE_FILES_AS 0x00000002UL
diff --git a/security/selinux/include/class_to_string.h b/security/selinux/include/class_to_string.h
index bd813c366e34..21ec786611d4 100644
--- a/security/selinux/include/class_to_string.h
+++ b/security/selinux/include/class_to_string.h
@@ -72,3 +72,8 @@
72 S_(NULL) 72 S_(NULL)
73 S_("peer") 73 S_("peer")
74 S_("capability2") 74 S_("capability2")
75 S_(NULL)
76 S_(NULL)
77 S_(NULL)
78 S_(NULL)
79 S_("kernel_service")
diff --git a/security/selinux/include/flask.h b/security/selinux/include/flask.h
index febf8868e852..882f27d66fac 100644
--- a/security/selinux/include/flask.h
+++ b/security/selinux/include/flask.h
@@ -52,6 +52,7 @@
52#define SECCLASS_MEMPROTECT 61 52#define SECCLASS_MEMPROTECT 61
53#define SECCLASS_PEER 68 53#define SECCLASS_PEER 68
54#define SECCLASS_CAPABILITY2 69 54#define SECCLASS_CAPABILITY2 69
55#define SECCLASS_KERNEL_SERVICE 74
55 56
56/* 57/*
57 * Security identifier indices for initial entities 58 * Security identifier indices for initial entities
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index f8be8d7fa26d..3cc45168f674 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -77,17 +77,6 @@ struct ipc_security_struct {
77 u32 sid; /* SID of IPC resource */ 77 u32 sid; /* SID of IPC resource */
78}; 78};
79 79
80struct bprm_security_struct {
81 u32 sid; /* SID for transformed process */
82 unsigned char set;
83
84 /*
85 * unsafe is used to share failure information from bprm_apply_creds()
86 * to bprm_post_apply_creds().
87 */
88 char unsafe;
89};
90
91struct netif_security_struct { 80struct netif_security_struct {
92 int ifindex; /* device index */ 81 int ifindex; /* device index */
93 u32 sid; /* SID for this interface */ 82 u32 sid; /* SID for this interface */
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index ff59c0c4804b..4ed7bab89c59 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -63,6 +63,9 @@ static struct nlmsg_perm nlmsg_route_perms[] =
63 { RTM_GETANYCAST, NETLINK_ROUTE_SOCKET__NLMSG_READ }, 63 { RTM_GETANYCAST, NETLINK_ROUTE_SOCKET__NLMSG_READ },
64 { RTM_GETNEIGHTBL, NETLINK_ROUTE_SOCKET__NLMSG_READ }, 64 { RTM_GETNEIGHTBL, NETLINK_ROUTE_SOCKET__NLMSG_READ },
65 { RTM_SETNEIGHTBL, NETLINK_ROUTE_SOCKET__NLMSG_WRITE }, 65 { RTM_SETNEIGHTBL, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
66 { RTM_NEWADDRLABEL, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
67 { RTM_DELADDRLABEL, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
68 { RTM_GETADDRLABEL, NETLINK_ROUTE_SOCKET__NLMSG_READ },
66}; 69};
67 70
68static struct nlmsg_perm nlmsg_firewall_perms[] = 71static struct nlmsg_perm nlmsg_firewall_perms[] =
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 69c9dccc8cf0..c86303638235 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -95,13 +95,18 @@ extern void selnl_notify_setenforce(int val);
95static int task_has_security(struct task_struct *tsk, 95static int task_has_security(struct task_struct *tsk,
96 u32 perms) 96 u32 perms)
97{ 97{
98 struct task_security_struct *tsec; 98 const struct task_security_struct *tsec;
99 99 u32 sid = 0;
100 tsec = tsk->security; 100
101 rcu_read_lock();
102 tsec = __task_cred(tsk)->security;
103 if (tsec)
104 sid = tsec->sid;
105 rcu_read_unlock();
101 if (!tsec) 106 if (!tsec)
102 return -EACCES; 107 return -EACCES;
103 108
104 return avc_has_perm(tsec->sid, SECINITSID_SECURITY, 109 return avc_has_perm(sid, SECINITSID_SECURITY,
105 SECCLASS_SECURITY, perms, NULL); 110 SECCLASS_SECURITY, perms, NULL);
106} 111}
107 112
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index 8f17f542a116..c0eb72013d67 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -197,7 +197,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp,
197 struct xfrm_user_sec_ctx *uctx, u32 sid) 197 struct xfrm_user_sec_ctx *uctx, u32 sid)
198{ 198{
199 int rc = 0; 199 int rc = 0;
200 struct task_security_struct *tsec = current->security; 200 const struct task_security_struct *tsec = current_security();
201 struct xfrm_sec_ctx *ctx = NULL; 201 struct xfrm_sec_ctx *ctx = NULL;
202 char *ctx_str = NULL; 202 char *ctx_str = NULL;
203 u32 str_len; 203 u32 str_len;
@@ -333,7 +333,7 @@ void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
333 */ 333 */
334int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx) 334int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
335{ 335{
336 struct task_security_struct *tsec = current->security; 336 const struct task_security_struct *tsec = current_security();
337 int rc = 0; 337 int rc = 0;
338 338
339 if (ctx) { 339 if (ctx) {
@@ -378,7 +378,7 @@ void selinux_xfrm_state_free(struct xfrm_state *x)
378 */ 378 */
379int selinux_xfrm_state_delete(struct xfrm_state *x) 379int selinux_xfrm_state_delete(struct xfrm_state *x)
380{ 380{
381 struct task_security_struct *tsec = current->security; 381 const struct task_security_struct *tsec = current_security();
382 struct xfrm_sec_ctx *ctx = x->security; 382 struct xfrm_sec_ctx *ctx = x->security;
383 int rc = 0; 383 int rc = 0;
384 384
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index 79ff21ed4c3b..247cec3b5a43 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -164,7 +164,7 @@ int smk_curacc(char *obj_label, u32 mode)
164{ 164{
165 int rc; 165 int rc;
166 166
167 rc = smk_access(current->security, obj_label, mode); 167 rc = smk_access(current_security(), obj_label, mode);
168 if (rc == 0) 168 if (rc == 0)
169 return 0; 169 return 0;
170 170
@@ -173,7 +173,7 @@ int smk_curacc(char *obj_label, u32 mode)
173 * only one that gets privilege and current does not 173 * only one that gets privilege and current does not
174 * have that label. 174 * have that label.
175 */ 175 */
176 if (smack_onlycap != NULL && smack_onlycap != current->security) 176 if (smack_onlycap != NULL && smack_onlycap != current->cred->security)
177 return rc; 177 return rc;
178 178
179 if (capable(CAP_MAC_OVERRIDE)) 179 if (capable(CAP_MAC_OVERRIDE))
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 6e2dc0bab70d..8ad48161cef5 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -30,6 +30,8 @@
30 30
31#include "smack.h" 31#include "smack.h"
32 32
33#define task_security(task) (task_cred_xxx((task), security))
34
33/* 35/*
34 * I hope these are the hokeyist lines of code in the module. Casey. 36 * I hope these are the hokeyist lines of code in the module. Casey.
35 */ 37 */
@@ -102,7 +104,7 @@ static int smack_ptrace_may_access(struct task_struct *ctp, unsigned int mode)
102 if (rc != 0) 104 if (rc != 0)
103 return rc; 105 return rc;
104 106
105 rc = smk_access(current->security, ctp->security, MAY_READWRITE); 107 rc = smk_access(current_security(), task_security(ctp), MAY_READWRITE);
106 if (rc != 0 && capable(CAP_MAC_OVERRIDE)) 108 if (rc != 0 && capable(CAP_MAC_OVERRIDE))
107 return 0; 109 return 0;
108 return rc; 110 return rc;
@@ -124,7 +126,7 @@ static int smack_ptrace_traceme(struct task_struct *ptp)
124 if (rc != 0) 126 if (rc != 0)
125 return rc; 127 return rc;
126 128
127 rc = smk_access(ptp->security, current->security, MAY_READWRITE); 129 rc = smk_access(task_security(ptp), current_security(), MAY_READWRITE);
128 if (rc != 0 && has_capability(ptp, CAP_MAC_OVERRIDE)) 130 if (rc != 0 && has_capability(ptp, CAP_MAC_OVERRIDE))
129 return 0; 131 return 0;
130 return rc; 132 return rc;
@@ -141,7 +143,7 @@ static int smack_ptrace_traceme(struct task_struct *ptp)
141static int smack_syslog(int type) 143static int smack_syslog(int type)
142{ 144{
143 int rc; 145 int rc;
144 char *sp = current->security; 146 char *sp = current_security();
145 147
146 rc = cap_syslog(type); 148 rc = cap_syslog(type);
147 if (rc != 0) 149 if (rc != 0)
@@ -373,7 +375,7 @@ static int smack_sb_umount(struct vfsmount *mnt, int flags)
373 */ 375 */
374static int smack_inode_alloc_security(struct inode *inode) 376static int smack_inode_alloc_security(struct inode *inode)
375{ 377{
376 inode->i_security = new_inode_smack(current->security); 378 inode->i_security = new_inode_smack(current_security());
377 if (inode->i_security == NULL) 379 if (inode->i_security == NULL)
378 return -ENOMEM; 380 return -ENOMEM;
379 return 0; 381 return 0;
@@ -818,7 +820,7 @@ static int smack_file_permission(struct file *file, int mask)
818 */ 820 */
819static int smack_file_alloc_security(struct file *file) 821static int smack_file_alloc_security(struct file *file)
820{ 822{
821 file->f_security = current->security; 823 file->f_security = current_security();
822 return 0; 824 return 0;
823} 825}
824 826
@@ -916,7 +918,7 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd,
916 */ 918 */
917static int smack_file_set_fowner(struct file *file) 919static int smack_file_set_fowner(struct file *file)
918{ 920{
919 file->f_security = current->security; 921 file->f_security = current_security();
920 return 0; 922 return 0;
921} 923}
922 924
@@ -941,7 +943,7 @@ static int smack_file_send_sigiotask(struct task_struct *tsk,
941 * struct fown_struct is never outside the context of a struct file 943 * struct fown_struct is never outside the context of a struct file
942 */ 944 */
943 file = container_of(fown, struct file, f_owner); 945 file = container_of(fown, struct file, f_owner);
944 rc = smk_access(file->f_security, tsk->security, MAY_WRITE); 946 rc = smk_access(file->f_security, tsk->cred->security, MAY_WRITE);
945 if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE)) 947 if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE))
946 return 0; 948 return 0;
947 return rc; 949 return rc;
@@ -973,33 +975,75 @@ static int smack_file_receive(struct file *file)
973 */ 975 */
974 976
975/** 977/**
976 * smack_task_alloc_security - "allocate" a task blob 978 * smack_cred_free - "free" task-level security credentials
977 * @tsk: the task in need of a blob 979 * @cred: the credentials in question
978 * 980 *
979 * Smack isn't using copies of blobs. Everyone 981 * Smack isn't using copies of blobs. Everyone
980 * points to an immutable list. No alloc required. 982 * points to an immutable list. The blobs never go away.
981 * No data copy required. 983 * There is no leak here.
984 */
985static void smack_cred_free(struct cred *cred)
986{
987 cred->security = NULL;
988}
989
990/**
991 * smack_cred_prepare - prepare new set of credentials for modification
992 * @new: the new credentials
993 * @old: the original credentials
994 * @gfp: the atomicity of any memory allocations
995 *
996 * Prepare a new set of credentials for modification.
997 */
998static int smack_cred_prepare(struct cred *new, const struct cred *old,
999 gfp_t gfp)
1000{
1001 new->security = old->security;
1002 return 0;
1003}
1004
1005/*
1006 * commit new credentials
1007 * @new: the new credentials
1008 * @old: the original credentials
1009 */
1010static void smack_cred_commit(struct cred *new, const struct cred *old)
1011{
1012}
1013
1014/**
1015 * smack_kernel_act_as - Set the subjective context in a set of credentials
1016 * @new points to the set of credentials to be modified.
1017 * @secid specifies the security ID to be set
982 * 1018 *
983 * Always returns 0 1019 * Set the security data for a kernel service.
984 */ 1020 */
985static int smack_task_alloc_security(struct task_struct *tsk) 1021static int smack_kernel_act_as(struct cred *new, u32 secid)
986{ 1022{
987 tsk->security = current->security; 1023 char *smack = smack_from_secid(secid);
1024
1025 if (smack == NULL)
1026 return -EINVAL;
988 1027
1028 new->security = smack;
989 return 0; 1029 return 0;
990} 1030}
991 1031
992/** 1032/**
993 * smack_task_free_security - "free" a task blob 1033 * smack_kernel_create_files_as - Set the file creation label in a set of creds
994 * @task: the task with the blob 1034 * @new points to the set of credentials to be modified
1035 * @inode points to the inode to use as a reference
995 * 1036 *
996 * Smack isn't using copies of blobs. Everyone 1037 * Set the file creation context in a set of credentials to the same
997 * points to an immutable list. The blobs never go away. 1038 * as the objective context of the specified inode
998 * There is no leak here.
999 */ 1039 */
1000static void smack_task_free_security(struct task_struct *task) 1040static int smack_kernel_create_files_as(struct cred *new,
1041 struct inode *inode)
1001{ 1042{
1002 task->security = NULL; 1043 struct inode_smack *isp = inode->i_security;
1044
1045 new->security = isp->smk_inode;
1046 return 0;
1003} 1047}
1004 1048
1005/** 1049/**
@@ -1011,7 +1055,7 @@ static void smack_task_free_security(struct task_struct *task)
1011 */ 1055 */
1012static int smack_task_setpgid(struct task_struct *p, pid_t pgid) 1056static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
1013{ 1057{
1014 return smk_curacc(p->security, MAY_WRITE); 1058 return smk_curacc(task_security(p), MAY_WRITE);
1015} 1059}
1016 1060
1017/** 1061/**
@@ -1022,7 +1066,7 @@ static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
1022 */ 1066 */
1023static int smack_task_getpgid(struct task_struct *p) 1067static int smack_task_getpgid(struct task_struct *p)
1024{ 1068{
1025 return smk_curacc(p->security, MAY_READ); 1069 return smk_curacc(task_security(p), MAY_READ);
1026} 1070}
1027 1071
1028/** 1072/**
@@ -1033,7 +1077,7 @@ static int smack_task_getpgid(struct task_struct *p)
1033 */ 1077 */
1034static int smack_task_getsid(struct task_struct *p) 1078static int smack_task_getsid(struct task_struct *p)
1035{ 1079{
1036 return smk_curacc(p->security, MAY_READ); 1080 return smk_curacc(task_security(p), MAY_READ);
1037} 1081}
1038 1082
1039/** 1083/**
@@ -1045,7 +1089,7 @@ static int smack_task_getsid(struct task_struct *p)
1045 */ 1089 */
1046static void smack_task_getsecid(struct task_struct *p, u32 *secid) 1090static void smack_task_getsecid(struct task_struct *p, u32 *secid)
1047{ 1091{
1048 *secid = smack_to_secid(p->security); 1092 *secid = smack_to_secid(task_security(p));
1049} 1093}
1050 1094
1051/** 1095/**
@@ -1061,7 +1105,7 @@ static int smack_task_setnice(struct task_struct *p, int nice)
1061 1105
1062 rc = cap_task_setnice(p, nice); 1106 rc = cap_task_setnice(p, nice);
1063 if (rc == 0) 1107 if (rc == 0)
1064 rc = smk_curacc(p->security, MAY_WRITE); 1108 rc = smk_curacc(task_security(p), MAY_WRITE);
1065 return rc; 1109 return rc;
1066} 1110}
1067 1111
@@ -1078,7 +1122,7 @@ static int smack_task_setioprio(struct task_struct *p, int ioprio)
1078 1122
1079 rc = cap_task_setioprio(p, ioprio); 1123 rc = cap_task_setioprio(p, ioprio);
1080 if (rc == 0) 1124 if (rc == 0)
1081 rc = smk_curacc(p->security, MAY_WRITE); 1125 rc = smk_curacc(task_security(p), MAY_WRITE);
1082 return rc; 1126 return rc;
1083} 1127}
1084 1128
@@ -1090,7 +1134,7 @@ static int smack_task_setioprio(struct task_struct *p, int ioprio)
1090 */ 1134 */
1091static int smack_task_getioprio(struct task_struct *p) 1135static int smack_task_getioprio(struct task_struct *p)
1092{ 1136{
1093 return smk_curacc(p->security, MAY_READ); 1137 return smk_curacc(task_security(p), MAY_READ);
1094} 1138}
1095 1139
1096/** 1140/**
@@ -1108,7 +1152,7 @@ static int smack_task_setscheduler(struct task_struct *p, int policy,
1108 1152
1109 rc = cap_task_setscheduler(p, policy, lp); 1153 rc = cap_task_setscheduler(p, policy, lp);
1110 if (rc == 0) 1154 if (rc == 0)
1111 rc = smk_curacc(p->security, MAY_WRITE); 1155 rc = smk_curacc(task_security(p), MAY_WRITE);
1112 return rc; 1156 return rc;
1113} 1157}
1114 1158
@@ -1120,7 +1164,7 @@ static int smack_task_setscheduler(struct task_struct *p, int policy,
1120 */ 1164 */
1121static int smack_task_getscheduler(struct task_struct *p) 1165static int smack_task_getscheduler(struct task_struct *p)
1122{ 1166{
1123 return smk_curacc(p->security, MAY_READ); 1167 return smk_curacc(task_security(p), MAY_READ);
1124} 1168}
1125 1169
1126/** 1170/**
@@ -1131,7 +1175,7 @@ static int smack_task_getscheduler(struct task_struct *p)
1131 */ 1175 */
1132static int smack_task_movememory(struct task_struct *p) 1176static int smack_task_movememory(struct task_struct *p)
1133{ 1177{
1134 return smk_curacc(p->security, MAY_WRITE); 1178 return smk_curacc(task_security(p), MAY_WRITE);
1135} 1179}
1136 1180
1137/** 1181/**
@@ -1154,13 +1198,13 @@ static int smack_task_kill(struct task_struct *p, struct siginfo *info,
1154 * can write the receiver. 1198 * can write the receiver.
1155 */ 1199 */
1156 if (secid == 0) 1200 if (secid == 0)
1157 return smk_curacc(p->security, MAY_WRITE); 1201 return smk_curacc(task_security(p), MAY_WRITE);
1158 /* 1202 /*
1159 * If the secid isn't 0 we're dealing with some USB IO 1203 * If the secid isn't 0 we're dealing with some USB IO
1160 * specific behavior. This is not clean. For one thing 1204 * specific behavior. This is not clean. For one thing
1161 * we can't take privilege into account. 1205 * we can't take privilege into account.
1162 */ 1206 */
1163 return smk_access(smack_from_secid(secid), p->security, MAY_WRITE); 1207 return smk_access(smack_from_secid(secid), task_security(p), MAY_WRITE);
1164} 1208}
1165 1209
1166/** 1210/**
@@ -1173,7 +1217,7 @@ static int smack_task_wait(struct task_struct *p)
1173{ 1217{
1174 int rc; 1218 int rc;
1175 1219
1176 rc = smk_access(current->security, p->security, MAY_WRITE); 1220 rc = smk_access(current_security(), task_security(p), MAY_WRITE);
1177 if (rc == 0) 1221 if (rc == 0)
1178 return 0; 1222 return 0;
1179 1223
@@ -1204,7 +1248,7 @@ static int smack_task_wait(struct task_struct *p)
1204static void smack_task_to_inode(struct task_struct *p, struct inode *inode) 1248static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
1205{ 1249{
1206 struct inode_smack *isp = inode->i_security; 1250 struct inode_smack *isp = inode->i_security;
1207 isp->smk_inode = p->security; 1251 isp->smk_inode = task_security(p);
1208} 1252}
1209 1253
1210/* 1254/*
@@ -1223,7 +1267,7 @@ static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
1223 */ 1267 */
1224static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) 1268static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
1225{ 1269{
1226 char *csp = current->security; 1270 char *csp = current_security();
1227 struct socket_smack *ssp; 1271 struct socket_smack *ssp;
1228 1272
1229 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); 1273 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
@@ -1448,7 +1492,7 @@ static int smack_flags_to_may(int flags)
1448 */ 1492 */
1449static int smack_msg_msg_alloc_security(struct msg_msg *msg) 1493static int smack_msg_msg_alloc_security(struct msg_msg *msg)
1450{ 1494{
1451 msg->security = current->security; 1495 msg->security = current_security();
1452 return 0; 1496 return 0;
1453} 1497}
1454 1498
@@ -1484,7 +1528,7 @@ static int smack_shm_alloc_security(struct shmid_kernel *shp)
1484{ 1528{
1485 struct kern_ipc_perm *isp = &shp->shm_perm; 1529 struct kern_ipc_perm *isp = &shp->shm_perm;
1486 1530
1487 isp->security = current->security; 1531 isp->security = current_security();
1488 return 0; 1532 return 0;
1489} 1533}
1490 1534
@@ -1593,7 +1637,7 @@ static int smack_sem_alloc_security(struct sem_array *sma)
1593{ 1637{
1594 struct kern_ipc_perm *isp = &sma->sem_perm; 1638 struct kern_ipc_perm *isp = &sma->sem_perm;
1595 1639
1596 isp->security = current->security; 1640 isp->security = current_security();
1597 return 0; 1641 return 0;
1598} 1642}
1599 1643
@@ -1697,7 +1741,7 @@ static int smack_msg_queue_alloc_security(struct msg_queue *msq)
1697{ 1741{
1698 struct kern_ipc_perm *kisp = &msq->q_perm; 1742 struct kern_ipc_perm *kisp = &msq->q_perm;
1699 1743
1700 kisp->security = current->security; 1744 kisp->security = current_security();
1701 return 0; 1745 return 0;
1702} 1746}
1703 1747
@@ -1852,7 +1896,7 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
1852 struct super_block *sbp; 1896 struct super_block *sbp;
1853 struct superblock_smack *sbsp; 1897 struct superblock_smack *sbsp;
1854 struct inode_smack *isp; 1898 struct inode_smack *isp;
1855 char *csp = current->security; 1899 char *csp = current_security();
1856 char *fetched; 1900 char *fetched;
1857 char *final; 1901 char *final;
1858 struct dentry *dp; 1902 struct dentry *dp;
@@ -2009,7 +2053,7 @@ static int smack_getprocattr(struct task_struct *p, char *name, char **value)
2009 if (strcmp(name, "current") != 0) 2053 if (strcmp(name, "current") != 0)
2010 return -EINVAL; 2054 return -EINVAL;
2011 2055
2012 cp = kstrdup(p->security, GFP_KERNEL); 2056 cp = kstrdup(task_security(p), GFP_KERNEL);
2013 if (cp == NULL) 2057 if (cp == NULL)
2014 return -ENOMEM; 2058 return -ENOMEM;
2015 2059
@@ -2033,6 +2077,7 @@ static int smack_getprocattr(struct task_struct *p, char *name, char **value)
2033static int smack_setprocattr(struct task_struct *p, char *name, 2077static int smack_setprocattr(struct task_struct *p, char *name,
2034 void *value, size_t size) 2078 void *value, size_t size)
2035{ 2079{
2080 struct cred *new;
2036 char *newsmack; 2081 char *newsmack;
2037 2082
2038 /* 2083 /*
@@ -2055,7 +2100,11 @@ static int smack_setprocattr(struct task_struct *p, char *name,
2055 if (newsmack == NULL) 2100 if (newsmack == NULL)
2056 return -EINVAL; 2101 return -EINVAL;
2057 2102
2058 p->security = newsmack; 2103 new = prepare_creds();
2104 if (!new)
2105 return -ENOMEM;
2106 new->security = newsmack;
2107 commit_creds(new);
2059 return size; 2108 return size;
2060} 2109}
2061 2110
@@ -2288,8 +2337,7 @@ static void smack_sock_graft(struct sock *sk, struct socket *parent)
2288 return; 2337 return;
2289 2338
2290 ssp = sk->sk_security; 2339 ssp = sk->sk_security;
2291 ssp->smk_in = current->security; 2340 ssp->smk_in = ssp->smk_out = current_security();
2292 ssp->smk_out = current->security;
2293 ssp->smk_packet[0] = '\0'; 2341 ssp->smk_packet[0] = '\0';
2294 2342
2295 rc = smack_netlabel(sk); 2343 rc = smack_netlabel(sk);
@@ -2352,17 +2400,17 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
2352/** 2400/**
2353 * smack_key_alloc - Set the key security blob 2401 * smack_key_alloc - Set the key security blob
2354 * @key: object 2402 * @key: object
2355 * @tsk: the task associated with the key 2403 * @cred: the credentials to use
2356 * @flags: unused 2404 * @flags: unused
2357 * 2405 *
2358 * No allocation required 2406 * No allocation required
2359 * 2407 *
2360 * Returns 0 2408 * Returns 0
2361 */ 2409 */
2362static int smack_key_alloc(struct key *key, struct task_struct *tsk, 2410static int smack_key_alloc(struct key *key, const struct cred *cred,
2363 unsigned long flags) 2411 unsigned long flags)
2364{ 2412{
2365 key->security = tsk->security; 2413 key->security = cred->security;
2366 return 0; 2414 return 0;
2367} 2415}
2368 2416
@@ -2380,14 +2428,14 @@ static void smack_key_free(struct key *key)
2380/* 2428/*
2381 * smack_key_permission - Smack access on a key 2429 * smack_key_permission - Smack access on a key
2382 * @key_ref: gets to the object 2430 * @key_ref: gets to the object
2383 * @context: task involved 2431 * @cred: the credentials to use
2384 * @perm: unused 2432 * @perm: unused
2385 * 2433 *
2386 * Return 0 if the task has read and write to the object, 2434 * Return 0 if the task has read and write to the object,
2387 * an error code otherwise 2435 * an error code otherwise
2388 */ 2436 */
2389static int smack_key_permission(key_ref_t key_ref, 2437static int smack_key_permission(key_ref_t key_ref,
2390 struct task_struct *context, key_perm_t perm) 2438 const struct cred *cred, key_perm_t perm)
2391{ 2439{
2392 struct key *keyp; 2440 struct key *keyp;
2393 2441
@@ -2403,10 +2451,10 @@ static int smack_key_permission(key_ref_t key_ref,
2403 /* 2451 /*
2404 * This should not occur 2452 * This should not occur
2405 */ 2453 */
2406 if (context->security == NULL) 2454 if (cred->security == NULL)
2407 return -EACCES; 2455 return -EACCES;
2408 2456
2409 return smk_access(context->security, keyp->security, MAY_READWRITE); 2457 return smk_access(cred->security, keyp->security, MAY_READWRITE);
2410} 2458}
2411#endif /* CONFIG_KEYS */ 2459#endif /* CONFIG_KEYS */
2412 2460
@@ -2577,15 +2625,13 @@ struct security_operations smack_ops = {
2577 .ptrace_may_access = smack_ptrace_may_access, 2625 .ptrace_may_access = smack_ptrace_may_access,
2578 .ptrace_traceme = smack_ptrace_traceme, 2626 .ptrace_traceme = smack_ptrace_traceme,
2579 .capget = cap_capget, 2627 .capget = cap_capget,
2580 .capset_check = cap_capset_check, 2628 .capset = cap_capset,
2581 .capset_set = cap_capset_set,
2582 .capable = cap_capable, 2629 .capable = cap_capable,
2583 .syslog = smack_syslog, 2630 .syslog = smack_syslog,
2584 .settime = cap_settime, 2631 .settime = cap_settime,
2585 .vm_enough_memory = cap_vm_enough_memory, 2632 .vm_enough_memory = cap_vm_enough_memory,
2586 2633
2587 .bprm_apply_creds = cap_bprm_apply_creds, 2634 .bprm_set_creds = cap_bprm_set_creds,
2588 .bprm_set_security = cap_bprm_set_security,
2589 .bprm_secureexec = cap_bprm_secureexec, 2635 .bprm_secureexec = cap_bprm_secureexec,
2590 2636
2591 .sb_alloc_security = smack_sb_alloc_security, 2637 .sb_alloc_security = smack_sb_alloc_security,
@@ -2627,9 +2673,12 @@ struct security_operations smack_ops = {
2627 .file_send_sigiotask = smack_file_send_sigiotask, 2673 .file_send_sigiotask = smack_file_send_sigiotask,
2628 .file_receive = smack_file_receive, 2674 .file_receive = smack_file_receive,
2629 2675
2630 .task_alloc_security = smack_task_alloc_security, 2676 .cred_free = smack_cred_free,
2631 .task_free_security = smack_task_free_security, 2677 .cred_prepare = smack_cred_prepare,
2632 .task_post_setuid = cap_task_post_setuid, 2678 .cred_commit = smack_cred_commit,
2679 .kernel_act_as = smack_kernel_act_as,
2680 .kernel_create_files_as = smack_kernel_create_files_as,
2681 .task_fix_setuid = cap_task_fix_setuid,
2633 .task_setpgid = smack_task_setpgid, 2682 .task_setpgid = smack_task_setpgid,
2634 .task_getpgid = smack_task_getpgid, 2683 .task_getpgid = smack_task_getpgid,
2635 .task_getsid = smack_task_getsid, 2684 .task_getsid = smack_task_getsid,
@@ -2642,7 +2691,6 @@ struct security_operations smack_ops = {
2642 .task_movememory = smack_task_movememory, 2691 .task_movememory = smack_task_movememory,
2643 .task_kill = smack_task_kill, 2692 .task_kill = smack_task_kill,
2644 .task_wait = smack_task_wait, 2693 .task_wait = smack_task_wait,
2645 .task_reparent_to_init = cap_task_reparent_to_init,
2646 .task_to_inode = smack_task_to_inode, 2694 .task_to_inode = smack_task_to_inode,
2647 .task_prctl = cap_task_prctl, 2695 .task_prctl = cap_task_prctl,
2648 2696
@@ -2718,6 +2766,8 @@ struct security_operations smack_ops = {
2718 */ 2766 */
2719static __init int smack_init(void) 2767static __init int smack_init(void)
2720{ 2768{
2769 struct cred *cred;
2770
2721 if (!security_module_enable(&smack_ops)) 2771 if (!security_module_enable(&smack_ops))
2722 return 0; 2772 return 0;
2723 2773
@@ -2726,7 +2776,8 @@ static __init int smack_init(void)
2726 /* 2776 /*
2727 * Set the security state for the initial task. 2777 * Set the security state for the initial task.
2728 */ 2778 */
2729 current->security = &smack_known_floor.smk_known; 2779 cred = (struct cred *) current->cred;
2780 cred->security = &smack_known_floor.smk_known;
2730 2781
2731 /* 2782 /*
2732 * Initialize locks 2783 * Initialize locks
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index c21d8c8bf0c7..ca257dfdc75d 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -336,7 +336,7 @@ static void smk_cipso_doi(void)
336 336
337 audit_info.loginuid = audit_get_loginuid(current); 337 audit_info.loginuid = audit_get_loginuid(current);
338 audit_info.sessionid = audit_get_sessionid(current); 338 audit_info.sessionid = audit_get_sessionid(current);
339 audit_info.secid = smack_to_secid(current->security); 339 audit_info.secid = smack_to_secid(current_security());
340 340
341 rc = netlbl_cfg_map_del(NULL, &audit_info); 341 rc = netlbl_cfg_map_del(NULL, &audit_info);
342 if (rc != 0) 342 if (rc != 0)
@@ -371,7 +371,7 @@ static void smk_unlbl_ambient(char *oldambient)
371 371
372 audit_info.loginuid = audit_get_loginuid(current); 372 audit_info.loginuid = audit_get_loginuid(current);
373 audit_info.sessionid = audit_get_sessionid(current); 373 audit_info.sessionid = audit_get_sessionid(current);
374 audit_info.secid = smack_to_secid(current->security); 374 audit_info.secid = smack_to_secid(current_security());
375 375
376 if (oldambient != NULL) { 376 if (oldambient != NULL) {
377 rc = netlbl_cfg_map_del(oldambient, &audit_info); 377 rc = netlbl_cfg_map_del(oldambient, &audit_info);
@@ -843,7 +843,7 @@ static ssize_t smk_write_onlycap(struct file *file, const char __user *buf,
843 size_t count, loff_t *ppos) 843 size_t count, loff_t *ppos)
844{ 844{
845 char in[SMK_LABELLEN]; 845 char in[SMK_LABELLEN];
846 char *sp = current->security; 846 char *sp = current->cred->security;
847 847
848 if (!capable(CAP_MAC_ADMIN)) 848 if (!capable(CAP_MAC_ADMIN))
849 return -EPERM; 849 return -EPERM;