diff options
Diffstat (limited to 'fs')
98 files changed, 643 insertions, 490 deletions
diff --git a/fs/9p/fid.c b/fs/9p/fid.c index 3031e3233dd6..a43e4ab7c6c3 100644 --- a/fs/9p/fid.c +++ b/fs/9p/fid.c | |||
@@ -120,7 +120,7 @@ struct p9_fid *v9fs_fid_lookup(struct dentry *dentry) | |||
120 | switch (access) { | 120 | switch (access) { |
121 | case V9FS_ACCESS_SINGLE: | 121 | case V9FS_ACCESS_SINGLE: |
122 | case V9FS_ACCESS_USER: | 122 | case V9FS_ACCESS_USER: |
123 | uid = current->fsuid; | 123 | uid = current_fsuid(); |
124 | any = 0; | 124 | any = 0; |
125 | break; | 125 | break; |
126 | 126 | ||
diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c index 8314d3f43b71..8fddfe86a0dc 100644 --- a/fs/9p/vfs_inode.c +++ b/fs/9p/vfs_inode.c | |||
@@ -215,8 +215,8 @@ struct inode *v9fs_get_inode(struct super_block *sb, int mode) | |||
215 | inode = new_inode(sb); | 215 | inode = new_inode(sb); |
216 | if (inode) { | 216 | if (inode) { |
217 | inode->i_mode = mode; | 217 | inode->i_mode = mode; |
218 | inode->i_uid = current->fsuid; | 218 | inode->i_uid = current_fsuid(); |
219 | inode->i_gid = current->fsgid; | 219 | inode->i_gid = current_fsgid(); |
220 | inode->i_blocks = 0; | 220 | inode->i_blocks = 0; |
221 | inode->i_rdev = 0; | 221 | inode->i_rdev = 0; |
222 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; | 222 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; |
diff --git a/fs/9p/vfs_super.c b/fs/9p/vfs_super.c index d6cb1a0ca724..93212e40221a 100644 --- a/fs/9p/vfs_super.c +++ b/fs/9p/vfs_super.c | |||
@@ -113,8 +113,8 @@ static int v9fs_get_sb(struct file_system_type *fs_type, int flags, | |||
113 | struct v9fs_session_info *v9ses = NULL; | 113 | struct v9fs_session_info *v9ses = NULL; |
114 | struct p9_wstat *st = NULL; | 114 | struct p9_wstat *st = NULL; |
115 | int mode = S_IRWXUGO | S_ISVTX; | 115 | int mode = S_IRWXUGO | S_ISVTX; |
116 | uid_t uid = current->fsuid; | 116 | uid_t uid = current_fsuid(); |
117 | gid_t gid = current->fsgid; | 117 | gid_t gid = current_fsgid(); |
118 | struct p9_fid *fid; | 118 | struct p9_fid *fid; |
119 | int retval = 0; | 119 | int retval = 0; |
120 | 120 | ||
diff --git a/fs/affs/inode.c b/fs/affs/inode.c index a13b334a3910..415d9c67ac16 100644 --- a/fs/affs/inode.c +++ b/fs/affs/inode.c | |||
@@ -293,8 +293,8 @@ affs_new_inode(struct inode *dir) | |||
293 | mark_buffer_dirty_inode(bh, inode); | 293 | mark_buffer_dirty_inode(bh, inode); |
294 | affs_brelse(bh); | 294 | affs_brelse(bh); |
295 | 295 | ||
296 | inode->i_uid = current->fsuid; | 296 | inode->i_uid = current_fsuid(); |
297 | inode->i_gid = current->fsgid; | 297 | inode->i_gid = current_fsgid(); |
298 | inode->i_ino = block; | 298 | inode->i_ino = block; |
299 | inode->i_nlink = 1; | 299 | inode->i_nlink = 1; |
300 | inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC; | 300 | inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC; |
diff --git a/fs/affs/super.c b/fs/affs/super.c index 8989c93193ed..a19d64b582aa 100644 --- a/fs/affs/super.c +++ b/fs/affs/super.c | |||
@@ -163,8 +163,8 @@ parse_options(char *options, uid_t *uid, gid_t *gid, int *mode, int *reserved, s | |||
163 | 163 | ||
164 | /* Fill in defaults */ | 164 | /* Fill in defaults */ |
165 | 165 | ||
166 | *uid = current->uid; | 166 | *uid = current_uid(); |
167 | *gid = current->gid; | 167 | *gid = current_gid(); |
168 | *reserved = 2; | 168 | *reserved = 2; |
169 | *root = -1; | 169 | *root = -1; |
170 | *blocksize = -1; | 170 | *blocksize = -1; |
diff --git a/fs/anon_inodes.c b/fs/anon_inodes.c index 3662dd44896b..c16d9be1b017 100644 --- a/fs/anon_inodes.c +++ b/fs/anon_inodes.c | |||
@@ -154,8 +154,8 @@ static struct inode *anon_inode_mkinode(void) | |||
154 | */ | 154 | */ |
155 | inode->i_state = I_DIRTY; | 155 | inode->i_state = I_DIRTY; |
156 | inode->i_mode = S_IRUSR | S_IWUSR; | 156 | inode->i_mode = S_IRUSR | S_IWUSR; |
157 | inode->i_uid = current->fsuid; | 157 | inode->i_uid = current_fsuid(); |
158 | inode->i_gid = current->fsgid; | 158 | inode->i_gid = current_fsgid(); |
159 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; | 159 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; |
160 | return inode; | 160 | return inode; |
161 | } | 161 | } |
@@ -29,13 +29,13 @@ int inode_change_ok(struct inode *inode, struct iattr *attr) | |||
29 | 29 | ||
30 | /* Make sure a caller can chown. */ | 30 | /* Make sure a caller can chown. */ |
31 | if ((ia_valid & ATTR_UID) && | 31 | if ((ia_valid & ATTR_UID) && |
32 | (current->fsuid != inode->i_uid || | 32 | (current_fsuid() != inode->i_uid || |
33 | attr->ia_uid != inode->i_uid) && !capable(CAP_CHOWN)) | 33 | attr->ia_uid != inode->i_uid) && !capable(CAP_CHOWN)) |
34 | goto error; | 34 | goto error; |
35 | 35 | ||
36 | /* Make sure caller can chgrp. */ | 36 | /* Make sure caller can chgrp. */ |
37 | if ((ia_valid & ATTR_GID) && | 37 | if ((ia_valid & ATTR_GID) && |
38 | (current->fsuid != inode->i_uid || | 38 | (current_fsuid() != inode->i_uid || |
39 | (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid)) && | 39 | (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid)) && |
40 | !capable(CAP_CHOWN)) | 40 | !capable(CAP_CHOWN)) |
41 | goto error; | 41 | goto error; |
diff --git a/fs/autofs/inode.c b/fs/autofs/inode.c index b70eea1e8c59..c773680d5c60 100644 --- a/fs/autofs/inode.c +++ b/fs/autofs/inode.c | |||
@@ -76,8 +76,8 @@ static int parse_options(char *options, int *pipefd, uid_t *uid, gid_t *gid, | |||
76 | substring_t args[MAX_OPT_ARGS]; | 76 | substring_t args[MAX_OPT_ARGS]; |
77 | int option; | 77 | int option; |
78 | 78 | ||
79 | *uid = current->uid; | 79 | *uid = current_uid(); |
80 | *gid = current->gid; | 80 | *gid = current_gid(); |
81 | *pgrp = task_pgrp_nr(current); | 81 | *pgrp = task_pgrp_nr(current); |
82 | 82 | ||
83 | *minproto = *maxproto = AUTOFS_PROTO_VERSION; | 83 | *minproto = *maxproto = AUTOFS_PROTO_VERSION; |
diff --git a/fs/autofs4/dev-ioctl.c b/fs/autofs4/dev-ioctl.c index 33bf8cbfd051..63b7c7afe8df 100644 --- a/fs/autofs4/dev-ioctl.c +++ b/fs/autofs4/dev-ioctl.c | |||
@@ -308,7 +308,8 @@ static int autofs_dev_ioctl_open_mountpoint(const char *path, dev_t devid) | |||
308 | goto out; | 308 | goto out; |
309 | } | 309 | } |
310 | 310 | ||
311 | filp = dentry_open(nd.path.dentry, nd.path.mnt, O_RDONLY); | 311 | filp = dentry_open(nd.path.dentry, nd.path.mnt, O_RDONLY, |
312 | current_cred()); | ||
312 | if (IS_ERR(filp)) { | 313 | if (IS_ERR(filp)) { |
313 | err = PTR_ERR(filp); | 314 | err = PTR_ERR(filp); |
314 | goto out; | 315 | goto out; |
diff --git a/fs/autofs4/inode.c b/fs/autofs4/inode.c index c7e65bb30ba0..7b19802cfef4 100644 --- a/fs/autofs4/inode.c +++ b/fs/autofs4/inode.c | |||
@@ -235,8 +235,8 @@ static int parse_options(char *options, int *pipefd, uid_t *uid, gid_t *gid, | |||
235 | substring_t args[MAX_OPT_ARGS]; | 235 | substring_t args[MAX_OPT_ARGS]; |
236 | int option; | 236 | int option; |
237 | 237 | ||
238 | *uid = current->uid; | 238 | *uid = current_uid(); |
239 | *gid = current->gid; | 239 | *gid = current_gid(); |
240 | *pgrp = task_pgrp_nr(current); | 240 | *pgrp = task_pgrp_nr(current); |
241 | 241 | ||
242 | *minproto = AUTOFS_MIN_PROTO_VERSION; | 242 | *minproto = AUTOFS_MIN_PROTO_VERSION; |
diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c index 4b67c2a2d77c..e02cc8ae5eb3 100644 --- a/fs/autofs4/waitq.c +++ b/fs/autofs4/waitq.c | |||
@@ -391,8 +391,8 @@ int autofs4_wait(struct autofs_sb_info *sbi, struct dentry *dentry, | |||
391 | memcpy(&wq->name, &qstr, sizeof(struct qstr)); | 391 | memcpy(&wq->name, &qstr, sizeof(struct qstr)); |
392 | wq->dev = autofs4_get_dev(sbi); | 392 | wq->dev = autofs4_get_dev(sbi); |
393 | wq->ino = autofs4_get_ino(sbi); | 393 | wq->ino = autofs4_get_ino(sbi); |
394 | wq->uid = current->uid; | 394 | wq->uid = current_uid(); |
395 | wq->gid = current->gid; | 395 | wq->gid = current_gid(); |
396 | wq->pid = current->pid; | 396 | wq->pid = current->pid; |
397 | wq->tgid = current->tgid; | 397 | wq->tgid = current->tgid; |
398 | wq->status = -EINTR; /* Status return if interrupted */ | 398 | wq->status = -EINTR; /* Status return if interrupted */ |
diff --git a/fs/bfs/dir.c b/fs/bfs/dir.c index daae463068e4..4dd1b623f937 100644 --- a/fs/bfs/dir.c +++ b/fs/bfs/dir.c | |||
@@ -106,8 +106,8 @@ static int bfs_create(struct inode *dir, struct dentry *dentry, int mode, | |||
106 | } | 106 | } |
107 | set_bit(ino, info->si_imap); | 107 | set_bit(ino, info->si_imap); |
108 | info->si_freei--; | 108 | info->si_freei--; |
109 | inode->i_uid = current->fsuid; | 109 | inode->i_uid = current_fsuid(); |
110 | inode->i_gid = (dir->i_mode & S_ISGID) ? dir->i_gid : current->fsgid; | 110 | inode->i_gid = (dir->i_mode & S_ISGID) ? dir->i_gid : current_fsgid(); |
111 | inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC; | 111 | inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC; |
112 | inode->i_blocks = 0; | 112 | inode->i_blocks = 0; |
113 | inode->i_op = &bfs_file_inops; | 113 | inode->i_op = &bfs_file_inops; |
diff --git a/fs/binfmt_aout.c b/fs/binfmt_aout.c index 204cfd1d7676..f1f3f4192a60 100644 --- a/fs/binfmt_aout.c +++ b/fs/binfmt_aout.c | |||
@@ -320,7 +320,7 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs) | |||
320 | current->mm->free_area_cache = current->mm->mmap_base; | 320 | current->mm->free_area_cache = current->mm->mmap_base; |
321 | current->mm->cached_hole_size = 0; | 321 | current->mm->cached_hole_size = 0; |
322 | 322 | ||
323 | compute_creds(bprm); | 323 | install_exec_creds(bprm); |
324 | current->flags &= ~PF_FORKNOEXEC; | 324 | current->flags &= ~PF_FORKNOEXEC; |
325 | #ifdef __sparc__ | 325 | #ifdef __sparc__ |
326 | if (N_MAGIC(ex) == NMAGIC) { | 326 | if (N_MAGIC(ex) == NMAGIC) { |
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 8fcfa398d350..f458c1217c5e 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c | |||
@@ -157,7 +157,7 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, | |||
157 | int items; | 157 | int items; |
158 | elf_addr_t *elf_info; | 158 | elf_addr_t *elf_info; |
159 | int ei_index = 0; | 159 | int ei_index = 0; |
160 | struct task_struct *tsk = current; | 160 | const struct cred *cred = current_cred(); |
161 | struct vm_area_struct *vma; | 161 | struct vm_area_struct *vma; |
162 | 162 | ||
163 | /* | 163 | /* |
@@ -223,10 +223,10 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, | |||
223 | NEW_AUX_ENT(AT_BASE, interp_load_addr); | 223 | NEW_AUX_ENT(AT_BASE, interp_load_addr); |
224 | NEW_AUX_ENT(AT_FLAGS, 0); | 224 | NEW_AUX_ENT(AT_FLAGS, 0); |
225 | NEW_AUX_ENT(AT_ENTRY, exec->e_entry); | 225 | NEW_AUX_ENT(AT_ENTRY, exec->e_entry); |
226 | NEW_AUX_ENT(AT_UID, tsk->uid); | 226 | NEW_AUX_ENT(AT_UID, cred->uid); |
227 | NEW_AUX_ENT(AT_EUID, tsk->euid); | 227 | NEW_AUX_ENT(AT_EUID, cred->euid); |
228 | NEW_AUX_ENT(AT_GID, tsk->gid); | 228 | NEW_AUX_ENT(AT_GID, cred->gid); |
229 | NEW_AUX_ENT(AT_EGID, tsk->egid); | 229 | NEW_AUX_ENT(AT_EGID, cred->egid); |
230 | NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm)); | 230 | NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm)); |
231 | NEW_AUX_ENT(AT_EXECFN, bprm->exec); | 231 | NEW_AUX_ENT(AT_EXECFN, bprm->exec); |
232 | if (k_platform) { | 232 | if (k_platform) { |
@@ -956,7 +956,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) | |||
956 | } | 956 | } |
957 | #endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */ | 957 | #endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */ |
958 | 958 | ||
959 | compute_creds(bprm); | 959 | install_exec_creds(bprm); |
960 | current->flags &= ~PF_FORKNOEXEC; | 960 | current->flags &= ~PF_FORKNOEXEC; |
961 | retval = create_elf_tables(bprm, &loc->elf_ex, | 961 | retval = create_elf_tables(bprm, &loc->elf_ex, |
962 | load_addr, interp_load_addr); | 962 | load_addr, interp_load_addr); |
@@ -1361,6 +1361,7 @@ static void fill_prstatus(struct elf_prstatus *prstatus, | |||
1361 | static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p, | 1361 | static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p, |
1362 | struct mm_struct *mm) | 1362 | struct mm_struct *mm) |
1363 | { | 1363 | { |
1364 | const struct cred *cred; | ||
1364 | unsigned int i, len; | 1365 | unsigned int i, len; |
1365 | 1366 | ||
1366 | /* first copy the parameters from user space */ | 1367 | /* first copy the parameters from user space */ |
@@ -1388,8 +1389,11 @@ static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p, | |||
1388 | psinfo->pr_zomb = psinfo->pr_sname == 'Z'; | 1389 | psinfo->pr_zomb = psinfo->pr_sname == 'Z'; |
1389 | psinfo->pr_nice = task_nice(p); | 1390 | psinfo->pr_nice = task_nice(p); |
1390 | psinfo->pr_flag = p->flags; | 1391 | psinfo->pr_flag = p->flags; |
1391 | SET_UID(psinfo->pr_uid, p->uid); | 1392 | rcu_read_lock(); |
1392 | SET_GID(psinfo->pr_gid, p->gid); | 1393 | cred = __task_cred(p); |
1394 | SET_UID(psinfo->pr_uid, cred->uid); | ||
1395 | SET_GID(psinfo->pr_gid, cred->gid); | ||
1396 | rcu_read_unlock(); | ||
1393 | strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname)); | 1397 | strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname)); |
1394 | 1398 | ||
1395 | return 0; | 1399 | return 0; |
diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c index 5b5424cb3391..aa5b43205e37 100644 --- a/fs/binfmt_elf_fdpic.c +++ b/fs/binfmt_elf_fdpic.c | |||
@@ -404,7 +404,7 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm, | |||
404 | current->mm->start_stack = current->mm->start_brk + stack_size; | 404 | current->mm->start_stack = current->mm->start_brk + stack_size; |
405 | #endif | 405 | #endif |
406 | 406 | ||
407 | compute_creds(bprm); | 407 | install_exec_creds(bprm); |
408 | current->flags &= ~PF_FORKNOEXEC; | 408 | current->flags &= ~PF_FORKNOEXEC; |
409 | if (create_elf_fdpic_tables(bprm, current->mm, | 409 | if (create_elf_fdpic_tables(bprm, current->mm, |
410 | &exec_params, &interp_params) < 0) | 410 | &exec_params, &interp_params) < 0) |
@@ -475,6 +475,7 @@ static int create_elf_fdpic_tables(struct linux_binprm *bprm, | |||
475 | struct elf_fdpic_params *exec_params, | 475 | struct elf_fdpic_params *exec_params, |
476 | struct elf_fdpic_params *interp_params) | 476 | struct elf_fdpic_params *interp_params) |
477 | { | 477 | { |
478 | const struct cred *cred = current_cred(); | ||
478 | unsigned long sp, csp, nitems; | 479 | unsigned long sp, csp, nitems; |
479 | elf_caddr_t __user *argv, *envp; | 480 | elf_caddr_t __user *argv, *envp; |
480 | size_t platform_len = 0, len; | 481 | size_t platform_len = 0, len; |
@@ -623,10 +624,10 @@ static int create_elf_fdpic_tables(struct linux_binprm *bprm, | |||
623 | NEW_AUX_ENT(AT_BASE, interp_params->elfhdr_addr); | 624 | NEW_AUX_ENT(AT_BASE, interp_params->elfhdr_addr); |
624 | NEW_AUX_ENT(AT_FLAGS, 0); | 625 | NEW_AUX_ENT(AT_FLAGS, 0); |
625 | NEW_AUX_ENT(AT_ENTRY, exec_params->entry_addr); | 626 | NEW_AUX_ENT(AT_ENTRY, exec_params->entry_addr); |
626 | NEW_AUX_ENT(AT_UID, (elf_addr_t) current->uid); | 627 | NEW_AUX_ENT(AT_UID, (elf_addr_t) cred->uid); |
627 | NEW_AUX_ENT(AT_EUID, (elf_addr_t) current->euid); | 628 | NEW_AUX_ENT(AT_EUID, (elf_addr_t) cred->euid); |
628 | NEW_AUX_ENT(AT_GID, (elf_addr_t) current->gid); | 629 | NEW_AUX_ENT(AT_GID, (elf_addr_t) cred->gid); |
629 | NEW_AUX_ENT(AT_EGID, (elf_addr_t) current->egid); | 630 | NEW_AUX_ENT(AT_EGID, (elf_addr_t) cred->egid); |
630 | NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm)); | 631 | NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm)); |
631 | NEW_AUX_ENT(AT_EXECFN, bprm->exec); | 632 | NEW_AUX_ENT(AT_EXECFN, bprm->exec); |
632 | 633 | ||
@@ -1413,6 +1414,7 @@ static void fill_prstatus(struct elf_prstatus *prstatus, | |||
1413 | static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p, | 1414 | static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p, |
1414 | struct mm_struct *mm) | 1415 | struct mm_struct *mm) |
1415 | { | 1416 | { |
1417 | const struct cred *cred; | ||
1416 | unsigned int i, len; | 1418 | unsigned int i, len; |
1417 | 1419 | ||
1418 | /* first copy the parameters from user space */ | 1420 | /* first copy the parameters from user space */ |
@@ -1440,8 +1442,11 @@ static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p, | |||
1440 | psinfo->pr_zomb = psinfo->pr_sname == 'Z'; | 1442 | psinfo->pr_zomb = psinfo->pr_sname == 'Z'; |
1441 | psinfo->pr_nice = task_nice(p); | 1443 | psinfo->pr_nice = task_nice(p); |
1442 | psinfo->pr_flag = p->flags; | 1444 | psinfo->pr_flag = p->flags; |
1443 | SET_UID(psinfo->pr_uid, p->uid); | 1445 | rcu_read_lock(); |
1444 | SET_GID(psinfo->pr_gid, p->gid); | 1446 | cred = __task_cred(p); |
1447 | SET_UID(psinfo->pr_uid, cred->uid); | ||
1448 | SET_GID(psinfo->pr_gid, cred->gid); | ||
1449 | rcu_read_unlock(); | ||
1445 | strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname)); | 1450 | strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname)); |
1446 | 1451 | ||
1447 | return 0; | 1452 | return 0; |
diff --git a/fs/binfmt_flat.c b/fs/binfmt_flat.c index ccb781a6a804..7bbd5c6b3725 100644 --- a/fs/binfmt_flat.c +++ b/fs/binfmt_flat.c | |||
@@ -880,7 +880,7 @@ static int load_flat_binary(struct linux_binprm * bprm, struct pt_regs * regs) | |||
880 | (libinfo.lib_list[j].loaded)? | 880 | (libinfo.lib_list[j].loaded)? |
881 | libinfo.lib_list[j].start_data:UNLOADED_LIB; | 881 | libinfo.lib_list[j].start_data:UNLOADED_LIB; |
882 | 882 | ||
883 | compute_creds(bprm); | 883 | install_exec_creds(bprm); |
884 | current->flags &= ~PF_FORKNOEXEC; | 884 | current->flags &= ~PF_FORKNOEXEC; |
885 | 885 | ||
886 | set_binfmt(&flat_format); | 886 | set_binfmt(&flat_format); |
diff --git a/fs/binfmt_som.c b/fs/binfmt_som.c index 74e587a52796..08644a61616e 100644 --- a/fs/binfmt_som.c +++ b/fs/binfmt_som.c | |||
@@ -255,7 +255,7 @@ load_som_binary(struct linux_binprm * bprm, struct pt_regs * regs) | |||
255 | kfree(hpuxhdr); | 255 | kfree(hpuxhdr); |
256 | 256 | ||
257 | set_binfmt(&som_format); | 257 | set_binfmt(&som_format); |
258 | compute_creds(bprm); | 258 | install_exec_creds(bprm); |
259 | setup_arg_pages(bprm, STACK_TOP, EXSTACK_DEFAULT); | 259 | setup_arg_pages(bprm, STACK_TOP, EXSTACK_DEFAULT); |
260 | 260 | ||
261 | create_som_tables(bprm); | 261 | create_som_tables(bprm); |
diff --git a/fs/cifs/cifs_fs_sb.h b/fs/cifs/cifs_fs_sb.h index 877c85409f1f..1e7b87497f26 100644 --- a/fs/cifs/cifs_fs_sb.h +++ b/fs/cifs/cifs_fs_sb.h | |||
@@ -19,7 +19,7 @@ | |||
19 | #define _CIFS_FS_SB_H | 19 | #define _CIFS_FS_SB_H |
20 | 20 | ||
21 | #define CIFS_MOUNT_NO_PERM 1 /* do not do client vfs_perm check */ | 21 | #define CIFS_MOUNT_NO_PERM 1 /* do not do client vfs_perm check */ |
22 | #define CIFS_MOUNT_SET_UID 2 /* set current->euid in create etc. */ | 22 | #define CIFS_MOUNT_SET_UID 2 /* set current's euid in create etc. */ |
23 | #define CIFS_MOUNT_SERVER_INUM 4 /* inode numbers from uniqueid from server */ | 23 | #define CIFS_MOUNT_SERVER_INUM 4 /* inode numbers from uniqueid from server */ |
24 | #define CIFS_MOUNT_DIRECT_IO 8 /* do not write nor read through page cache */ | 24 | #define CIFS_MOUNT_DIRECT_IO 8 /* do not write nor read through page cache */ |
25 | #define CIFS_MOUNT_NO_XATTR 0x10 /* if set - disable xattr support */ | 25 | #define CIFS_MOUNT_NO_XATTR 0x10 /* if set - disable xattr support */ |
diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h index 6f21ecb85ce5..9d8b978137ad 100644 --- a/fs/cifs/cifsproto.h +++ b/fs/cifs/cifsproto.h | |||
@@ -39,7 +39,7 @@ extern int smb_send(struct socket *, struct smb_hdr *, | |||
39 | unsigned int /* length */ , struct sockaddr *, bool); | 39 | unsigned int /* length */ , struct sockaddr *, bool); |
40 | extern unsigned int _GetXid(void); | 40 | extern unsigned int _GetXid(void); |
41 | extern void _FreeXid(unsigned int); | 41 | extern void _FreeXid(unsigned int); |
42 | #define GetXid() (int)_GetXid(); cFYI(1,("CIFS VFS: in %s as Xid: %d with uid: %d",__func__, xid,current->fsuid)); | 42 | #define GetXid() (int)_GetXid(); cFYI(1,("CIFS VFS: in %s as Xid: %d with uid: %d",__func__, xid,current_fsuid())); |
43 | #define FreeXid(curr_xid) {_FreeXid(curr_xid); cFYI(1,("CIFS VFS: leaving %s (xid = %d) rc = %d",__func__,curr_xid,(int)rc));} | 43 | #define FreeXid(curr_xid) {_FreeXid(curr_xid); cFYI(1,("CIFS VFS: leaving %s (xid = %d) rc = %d",__func__,curr_xid,(int)rc));} |
44 | extern char *build_path_from_dentry(struct dentry *); | 44 | extern char *build_path_from_dentry(struct dentry *); |
45 | extern char *build_wildcard_path_from_dentry(struct dentry *direntry); | 45 | extern char *build_wildcard_path_from_dentry(struct dentry *direntry); |
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index e9f9248cb3fe..e5dca9a48d9f 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c | |||
@@ -833,8 +833,8 @@ cifs_parse_mount_options(char *options, const char *devname, | |||
833 | /* null target name indicates to use *SMBSERVR default called name | 833 | /* null target name indicates to use *SMBSERVR default called name |
834 | if we end up sending RFC1001 session initialize */ | 834 | if we end up sending RFC1001 session initialize */ |
835 | vol->target_rfc1001_name[0] = 0; | 835 | vol->target_rfc1001_name[0] = 0; |
836 | vol->linux_uid = current->uid; /* current->euid instead? */ | 836 | vol->linux_uid = current_uid(); /* use current_euid() instead? */ |
837 | vol->linux_gid = current->gid; | 837 | vol->linux_gid = current_gid(); |
838 | vol->dir_mode = S_IRWXUGO; | 838 | vol->dir_mode = S_IRWXUGO; |
839 | /* 2767 perms indicate mandatory locking support */ | 839 | /* 2767 perms indicate mandatory locking support */ |
840 | vol->file_mode = (S_IRWXUGO | S_ISGID) & (~S_IXGRP); | 840 | vol->file_mode = (S_IRWXUGO | S_ISGID) & (~S_IXGRP); |
diff --git a/fs/cifs/dir.c b/fs/cifs/dir.c index e962e75e6f7b..2f02c52db666 100644 --- a/fs/cifs/dir.c +++ b/fs/cifs/dir.c | |||
@@ -235,11 +235,11 @@ cifs_create(struct inode *inode, struct dentry *direntry, int mode, | |||
235 | }; | 235 | }; |
236 | 236 | ||
237 | if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) { | 237 | if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) { |
238 | args.uid = (__u64) current->fsuid; | 238 | args.uid = (__u64) current_fsuid(); |
239 | if (inode->i_mode & S_ISGID) | 239 | if (inode->i_mode & S_ISGID) |
240 | args.gid = (__u64) inode->i_gid; | 240 | args.gid = (__u64) inode->i_gid; |
241 | else | 241 | else |
242 | args.gid = (__u64) current->fsgid; | 242 | args.gid = (__u64) current_fsgid(); |
243 | } else { | 243 | } else { |
244 | args.uid = NO_CHANGE_64; | 244 | args.uid = NO_CHANGE_64; |
245 | args.gid = NO_CHANGE_64; | 245 | args.gid = NO_CHANGE_64; |
@@ -271,13 +271,13 @@ cifs_create(struct inode *inode, struct dentry *direntry, int mode, | |||
271 | if ((oplock & CIFS_CREATE_ACTION) && | 271 | if ((oplock & CIFS_CREATE_ACTION) && |
272 | (cifs_sb->mnt_cifs_flags & | 272 | (cifs_sb->mnt_cifs_flags & |
273 | CIFS_MOUNT_SET_UID)) { | 273 | CIFS_MOUNT_SET_UID)) { |
274 | newinode->i_uid = current->fsuid; | 274 | newinode->i_uid = current_fsuid(); |
275 | if (inode->i_mode & S_ISGID) | 275 | if (inode->i_mode & S_ISGID) |
276 | newinode->i_gid = | 276 | newinode->i_gid = |
277 | inode->i_gid; | 277 | inode->i_gid; |
278 | else | 278 | else |
279 | newinode->i_gid = | 279 | newinode->i_gid = |
280 | current->fsgid; | 280 | current_fsgid(); |
281 | } | 281 | } |
282 | } | 282 | } |
283 | } | 283 | } |
@@ -375,8 +375,8 @@ int cifs_mknod(struct inode *inode, struct dentry *direntry, int mode, | |||
375 | .device = device_number, | 375 | .device = device_number, |
376 | }; | 376 | }; |
377 | if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) { | 377 | if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) { |
378 | args.uid = (__u64) current->fsuid; | 378 | args.uid = (__u64) current_fsuid(); |
379 | args.gid = (__u64) current->fsgid; | 379 | args.gid = (__u64) current_fsgid(); |
380 | } else { | 380 | } else { |
381 | args.uid = NO_CHANGE_64; | 381 | args.uid = NO_CHANGE_64; |
382 | args.gid = NO_CHANGE_64; | 382 | args.gid = NO_CHANGE_64; |
diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c index ff8c68de4a92..8b7305e73d7e 100644 --- a/fs/cifs/inode.c +++ b/fs/cifs/inode.c | |||
@@ -1143,11 +1143,11 @@ mkdir_get_info: | |||
1143 | .device = 0, | 1143 | .device = 0, |
1144 | }; | 1144 | }; |
1145 | if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) { | 1145 | if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) { |
1146 | args.uid = (__u64)current->fsuid; | 1146 | args.uid = (__u64)current_fsuid(); |
1147 | if (inode->i_mode & S_ISGID) | 1147 | if (inode->i_mode & S_ISGID) |
1148 | args.gid = (__u64)inode->i_gid; | 1148 | args.gid = (__u64)inode->i_gid; |
1149 | else | 1149 | else |
1150 | args.gid = (__u64)current->fsgid; | 1150 | args.gid = (__u64)current_fsgid(); |
1151 | } else { | 1151 | } else { |
1152 | args.uid = NO_CHANGE_64; | 1152 | args.uid = NO_CHANGE_64; |
1153 | args.gid = NO_CHANGE_64; | 1153 | args.gid = NO_CHANGE_64; |
@@ -1184,13 +1184,13 @@ mkdir_get_info: | |||
1184 | if (cifs_sb->mnt_cifs_flags & | 1184 | if (cifs_sb->mnt_cifs_flags & |
1185 | CIFS_MOUNT_SET_UID) { | 1185 | CIFS_MOUNT_SET_UID) { |
1186 | direntry->d_inode->i_uid = | 1186 | direntry->d_inode->i_uid = |
1187 | current->fsuid; | 1187 | current_fsuid(); |
1188 | if (inode->i_mode & S_ISGID) | 1188 | if (inode->i_mode & S_ISGID) |
1189 | direntry->d_inode->i_gid = | 1189 | direntry->d_inode->i_gid = |
1190 | inode->i_gid; | 1190 | inode->i_gid; |
1191 | else | 1191 | else |
1192 | direntry->d_inode->i_gid = | 1192 | direntry->d_inode->i_gid = |
1193 | current->fsgid; | 1193 | current_fsgid(); |
1194 | } | 1194 | } |
1195 | } | 1195 | } |
1196 | } | 1196 | } |
diff --git a/fs/cifs/ioctl.c b/fs/cifs/ioctl.c index 0088a5b52564..f94650683a00 100644 --- a/fs/cifs/ioctl.c +++ b/fs/cifs/ioctl.c | |||
@@ -65,7 +65,7 @@ long cifs_ioctl(struct file *filep, unsigned int command, unsigned long arg) | |||
65 | switch (command) { | 65 | switch (command) { |
66 | case CIFS_IOC_CHECKUMOUNT: | 66 | case CIFS_IOC_CHECKUMOUNT: |
67 | cFYI(1, ("User unmount attempted")); | 67 | cFYI(1, ("User unmount attempted")); |
68 | if (cifs_sb->mnt_uid == current->uid) | 68 | if (cifs_sb->mnt_uid == current_uid()) |
69 | rc = 0; | 69 | rc = 0; |
70 | else { | 70 | else { |
71 | rc = -EACCES; | 71 | rc = -EACCES; |
diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c index 88786ba02d27..ec36410a9125 100644 --- a/fs/cifs/misc.c +++ b/fs/cifs/misc.c | |||
@@ -347,13 +347,13 @@ header_assemble(struct smb_hdr *buffer, char smb_command /* command */ , | |||
347 | /* BB Add support for establishing new tCon and SMB Session */ | 347 | /* BB Add support for establishing new tCon and SMB Session */ |
348 | /* with userid/password pairs found on the smb session */ | 348 | /* with userid/password pairs found on the smb session */ |
349 | /* for other target tcp/ip addresses BB */ | 349 | /* for other target tcp/ip addresses BB */ |
350 | if (current->fsuid != treeCon->ses->linux_uid) { | 350 | if (current_fsuid() != treeCon->ses->linux_uid) { |
351 | cFYI(1, ("Multiuser mode and UID " | 351 | cFYI(1, ("Multiuser mode and UID " |
352 | "did not match tcon uid")); | 352 | "did not match tcon uid")); |
353 | read_lock(&GlobalSMBSeslock); | 353 | read_lock(&GlobalSMBSeslock); |
354 | list_for_each(temp_item, &GlobalSMBSessionList) { | 354 | list_for_each(temp_item, &GlobalSMBSessionList) { |
355 | ses = list_entry(temp_item, struct cifsSesInfo, cifsSessionList); | 355 | ses = list_entry(temp_item, struct cifsSesInfo, cifsSessionList); |
356 | if (ses->linux_uid == current->fsuid) { | 356 | if (ses->linux_uid == current_fsuid()) { |
357 | if (ses->server == treeCon->ses->server) { | 357 | if (ses->server == treeCon->ses->server) { |
358 | cFYI(1, ("found matching uid substitute right smb_uid")); | 358 | cFYI(1, ("found matching uid substitute right smb_uid")); |
359 | buffer->Uid = ses->Suid; | 359 | buffer->Uid = ses->Suid; |
diff --git a/fs/coda/cache.c b/fs/coda/cache.c index 8a2370341c7a..a5bf5771a22a 100644 --- a/fs/coda/cache.c +++ b/fs/coda/cache.c | |||
@@ -32,8 +32,8 @@ void coda_cache_enter(struct inode *inode, int mask) | |||
32 | struct coda_inode_info *cii = ITOC(inode); | 32 | struct coda_inode_info *cii = ITOC(inode); |
33 | 33 | ||
34 | cii->c_cached_epoch = atomic_read(&permission_epoch); | 34 | cii->c_cached_epoch = atomic_read(&permission_epoch); |
35 | if (cii->c_uid != current->fsuid) { | 35 | if (cii->c_uid != current_fsuid()) { |
36 | cii->c_uid = current->fsuid; | 36 | cii->c_uid = current_fsuid(); |
37 | cii->c_cached_perm = mask; | 37 | cii->c_cached_perm = mask; |
38 | } else | 38 | } else |
39 | cii->c_cached_perm |= mask; | 39 | cii->c_cached_perm |= mask; |
@@ -60,7 +60,7 @@ int coda_cache_check(struct inode *inode, int mask) | |||
60 | int hit; | 60 | int hit; |
61 | 61 | ||
62 | hit = (mask & cii->c_cached_perm) == mask && | 62 | hit = (mask & cii->c_cached_perm) == mask && |
63 | cii->c_uid == current->fsuid && | 63 | cii->c_uid == current_fsuid() && |
64 | cii->c_cached_epoch == atomic_read(&permission_epoch); | 64 | cii->c_cached_epoch == atomic_read(&permission_epoch); |
65 | 65 | ||
66 | return hit; | 66 | return hit; |
diff --git a/fs/coda/file.c b/fs/coda/file.c index 29137ff3ca67..5a8769985494 100644 --- a/fs/coda/file.c +++ b/fs/coda/file.c | |||
@@ -174,7 +174,7 @@ int coda_release(struct inode *coda_inode, struct file *coda_file) | |||
174 | BUG_ON(!cfi || cfi->cfi_magic != CODA_MAGIC); | 174 | BUG_ON(!cfi || cfi->cfi_magic != CODA_MAGIC); |
175 | 175 | ||
176 | err = venus_close(coda_inode->i_sb, coda_i2f(coda_inode), | 176 | err = venus_close(coda_inode->i_sb, coda_i2f(coda_inode), |
177 | coda_flags, coda_file->f_uid); | 177 | coda_flags, coda_file->f_cred->fsuid); |
178 | 178 | ||
179 | host_inode = cfi->cfi_container->f_path.dentry->d_inode; | 179 | host_inode = cfi->cfi_container->f_path.dentry->d_inode; |
180 | cii = ITOC(coda_inode); | 180 | cii = ITOC(coda_inode); |
diff --git a/fs/coda/upcall.c b/fs/coda/upcall.c index ce432bca95d1..c274d949179d 100644 --- a/fs/coda/upcall.c +++ b/fs/coda/upcall.c | |||
@@ -52,7 +52,7 @@ static void *alloc_upcall(int opcode, int size) | |||
52 | inp->ih.opcode = opcode; | 52 | inp->ih.opcode = opcode; |
53 | inp->ih.pid = current->pid; | 53 | inp->ih.pid = current->pid; |
54 | inp->ih.pgid = task_pgrp_nr(current); | 54 | inp->ih.pgid = task_pgrp_nr(current); |
55 | inp->ih.uid = current->fsuid; | 55 | inp->ih.uid = current_fsuid(); |
56 | 56 | ||
57 | return (void*)inp; | 57 | return (void*)inp; |
58 | } | 58 | } |
diff --git a/fs/compat.c b/fs/compat.c index e5f49f538502..d1ece79b6411 100644 --- a/fs/compat.c +++ b/fs/compat.c | |||
@@ -1393,10 +1393,20 @@ int compat_do_execve(char * filename, | |||
1393 | if (!bprm) | 1393 | if (!bprm) |
1394 | goto out_ret; | 1394 | goto out_ret; |
1395 | 1395 | ||
1396 | retval = mutex_lock_interruptible(¤t->cred_exec_mutex); | ||
1397 | if (retval < 0) | ||
1398 | goto out_free; | ||
1399 | |||
1400 | retval = -ENOMEM; | ||
1401 | bprm->cred = prepare_exec_creds(); | ||
1402 | if (!bprm->cred) | ||
1403 | goto out_unlock; | ||
1404 | check_unsafe_exec(bprm); | ||
1405 | |||
1396 | file = open_exec(filename); | 1406 | file = open_exec(filename); |
1397 | retval = PTR_ERR(file); | 1407 | retval = PTR_ERR(file); |
1398 | if (IS_ERR(file)) | 1408 | if (IS_ERR(file)) |
1399 | goto out_kfree; | 1409 | goto out_unlock; |
1400 | 1410 | ||
1401 | sched_exec(); | 1411 | sched_exec(); |
1402 | 1412 | ||
@@ -1410,14 +1420,10 @@ int compat_do_execve(char * filename, | |||
1410 | 1420 | ||
1411 | bprm->argc = compat_count(argv, MAX_ARG_STRINGS); | 1421 | bprm->argc = compat_count(argv, MAX_ARG_STRINGS); |
1412 | if ((retval = bprm->argc) < 0) | 1422 | if ((retval = bprm->argc) < 0) |
1413 | goto out_mm; | 1423 | goto out; |
1414 | 1424 | ||
1415 | bprm->envc = compat_count(envp, MAX_ARG_STRINGS); | 1425 | bprm->envc = compat_count(envp, MAX_ARG_STRINGS); |
1416 | if ((retval = bprm->envc) < 0) | 1426 | if ((retval = bprm->envc) < 0) |
1417 | goto out_mm; | ||
1418 | |||
1419 | retval = security_bprm_alloc(bprm); | ||
1420 | if (retval) | ||
1421 | goto out; | 1427 | goto out; |
1422 | 1428 | ||
1423 | retval = prepare_binprm(bprm); | 1429 | retval = prepare_binprm(bprm); |
@@ -1438,19 +1444,16 @@ int compat_do_execve(char * filename, | |||
1438 | goto out; | 1444 | goto out; |
1439 | 1445 | ||
1440 | retval = search_binary_handler(bprm, regs); | 1446 | retval = search_binary_handler(bprm, regs); |
1441 | if (retval >= 0) { | 1447 | if (retval < 0) |
1442 | /* execve success */ | 1448 | goto out; |
1443 | security_bprm_free(bprm); | ||
1444 | acct_update_integrals(current); | ||
1445 | free_bprm(bprm); | ||
1446 | return retval; | ||
1447 | } | ||
1448 | 1449 | ||
1449 | out: | 1450 | /* execve succeeded */ |
1450 | if (bprm->security) | 1451 | mutex_unlock(¤t->cred_exec_mutex); |
1451 | security_bprm_free(bprm); | 1452 | acct_update_integrals(current); |
1453 | free_bprm(bprm); | ||
1454 | return retval; | ||
1452 | 1455 | ||
1453 | out_mm: | 1456 | out: |
1454 | if (bprm->mm) | 1457 | if (bprm->mm) |
1455 | mmput(bprm->mm); | 1458 | mmput(bprm->mm); |
1456 | 1459 | ||
@@ -1460,7 +1463,10 @@ out_file: | |||
1460 | fput(bprm->file); | 1463 | fput(bprm->file); |
1461 | } | 1464 | } |
1462 | 1465 | ||
1463 | out_kfree: | 1466 | out_unlock: |
1467 | mutex_unlock(¤t->cred_exec_mutex); | ||
1468 | |||
1469 | out_free: | ||
1464 | free_bprm(bprm); | 1470 | free_bprm(bprm); |
1465 | 1471 | ||
1466 | out_ret: | 1472 | out_ret: |
diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c index 4a714f6c1bed..5d61b7c06e13 100644 --- a/fs/devpts/inode.c +++ b/fs/devpts/inode.c | |||
@@ -222,8 +222,8 @@ int devpts_pty_new(struct inode *ptmx_inode, struct tty_struct *tty) | |||
222 | return -ENOMEM; | 222 | return -ENOMEM; |
223 | 223 | ||
224 | inode->i_ino = number+2; | 224 | inode->i_ino = number+2; |
225 | inode->i_uid = config.setuid ? config.uid : current->fsuid; | 225 | inode->i_uid = config.setuid ? config.uid : current_fsuid(); |
226 | inode->i_gid = config.setgid ? config.gid : current->fsgid; | 226 | inode->i_gid = config.setgid ? config.gid : current_fsgid(); |
227 | inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME; | 227 | inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME; |
228 | init_special_inode(inode, S_IFCHR|config.mode, device); | 228 | init_special_inode(inode, S_IFCHR|config.mode, device); |
229 | inode->i_private = tty; | 229 | inode->i_private = tty; |
diff --git a/fs/dquot.c b/fs/dquot.c index 5e95261005b2..c237ccc8581c 100644 --- a/fs/dquot.c +++ b/fs/dquot.c | |||
@@ -874,7 +874,7 @@ static inline int need_print_warning(struct dquot *dquot) | |||
874 | 874 | ||
875 | switch (dquot->dq_type) { | 875 | switch (dquot->dq_type) { |
876 | case USRQUOTA: | 876 | case USRQUOTA: |
877 | return current->fsuid == dquot->dq_id; | 877 | return current_fsuid() == dquot->dq_id; |
878 | case GRPQUOTA: | 878 | case GRPQUOTA: |
879 | return in_group_p(dquot->dq_id); | 879 | return in_group_p(dquot->dq_id); |
880 | } | 880 | } |
@@ -981,7 +981,7 @@ static void send_warning(const struct dquot *dquot, const char warntype) | |||
981 | MINOR(dquot->dq_sb->s_dev)); | 981 | MINOR(dquot->dq_sb->s_dev)); |
982 | if (ret) | 982 | if (ret) |
983 | goto attr_err_out; | 983 | goto attr_err_out; |
984 | ret = nla_put_u64(skb, QUOTA_NL_A_CAUSED_ID, current->user->uid); | 984 | ret = nla_put_u64(skb, QUOTA_NL_A_CAUSED_ID, current_uid()); |
985 | if (ret) | 985 | if (ret) |
986 | goto attr_err_out; | 986 | goto attr_err_out; |
987 | genlmsg_end(skb, msg_head); | 987 | genlmsg_end(skb, msg_head); |
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h index 3504cf9df358..a75026d35d16 100644 --- a/fs/ecryptfs/ecryptfs_kernel.h +++ b/fs/ecryptfs/ecryptfs_kernel.h | |||
@@ -691,7 +691,8 @@ int ecryptfs_init_kthread(void); | |||
691 | void ecryptfs_destroy_kthread(void); | 691 | void ecryptfs_destroy_kthread(void); |
692 | int ecryptfs_privileged_open(struct file **lower_file, | 692 | int ecryptfs_privileged_open(struct file **lower_file, |
693 | struct dentry *lower_dentry, | 693 | struct dentry *lower_dentry, |
694 | struct vfsmount *lower_mnt); | 694 | struct vfsmount *lower_mnt, |
695 | const struct cred *cred); | ||
695 | int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry); | 696 | int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry); |
696 | 697 | ||
697 | #endif /* #ifndef ECRYPTFS_KERNEL_H */ | 698 | #endif /* #ifndef ECRYPTFS_KERNEL_H */ |
diff --git a/fs/ecryptfs/kthread.c b/fs/ecryptfs/kthread.c index c440c6b58b2d..c6d7a4d748a0 100644 --- a/fs/ecryptfs/kthread.c +++ b/fs/ecryptfs/kthread.c | |||
@@ -73,7 +73,7 @@ static int ecryptfs_threadfn(void *ignored) | |||
73 | mntget(req->lower_mnt); | 73 | mntget(req->lower_mnt); |
74 | (*req->lower_file) = dentry_open( | 74 | (*req->lower_file) = dentry_open( |
75 | req->lower_dentry, req->lower_mnt, | 75 | req->lower_dentry, req->lower_mnt, |
76 | (O_RDWR | O_LARGEFILE)); | 76 | (O_RDWR | O_LARGEFILE), current_cred()); |
77 | req->flags |= ECRYPTFS_REQ_PROCESSED; | 77 | req->flags |= ECRYPTFS_REQ_PROCESSED; |
78 | } | 78 | } |
79 | wake_up(&req->wait); | 79 | wake_up(&req->wait); |
@@ -132,7 +132,8 @@ void ecryptfs_destroy_kthread(void) | |||
132 | */ | 132 | */ |
133 | int ecryptfs_privileged_open(struct file **lower_file, | 133 | int ecryptfs_privileged_open(struct file **lower_file, |
134 | struct dentry *lower_dentry, | 134 | struct dentry *lower_dentry, |
135 | struct vfsmount *lower_mnt) | 135 | struct vfsmount *lower_mnt, |
136 | const struct cred *cred) | ||
136 | { | 137 | { |
137 | struct ecryptfs_open_req *req; | 138 | struct ecryptfs_open_req *req; |
138 | int rc = 0; | 139 | int rc = 0; |
@@ -143,7 +144,7 @@ int ecryptfs_privileged_open(struct file **lower_file, | |||
143 | dget(lower_dentry); | 144 | dget(lower_dentry); |
144 | mntget(lower_mnt); | 145 | mntget(lower_mnt); |
145 | (*lower_file) = dentry_open(lower_dentry, lower_mnt, | 146 | (*lower_file) = dentry_open(lower_dentry, lower_mnt, |
146 | (O_RDWR | O_LARGEFILE)); | 147 | (O_RDWR | O_LARGEFILE), cred); |
147 | if (!IS_ERR(*lower_file)) | 148 | if (!IS_ERR(*lower_file)) |
148 | goto out; | 149 | goto out; |
149 | req = kmem_cache_alloc(ecryptfs_open_req_cache, GFP_KERNEL); | 150 | req = kmem_cache_alloc(ecryptfs_open_req_cache, GFP_KERNEL); |
@@ -184,7 +185,7 @@ int ecryptfs_privileged_open(struct file **lower_file, | |||
184 | dget(lower_dentry); | 185 | dget(lower_dentry); |
185 | mntget(lower_mnt); | 186 | mntget(lower_mnt); |
186 | (*lower_file) = dentry_open(lower_dentry, lower_mnt, | 187 | (*lower_file) = dentry_open(lower_dentry, lower_mnt, |
187 | (O_RDONLY | O_LARGEFILE)); | 188 | (O_RDONLY | O_LARGEFILE), cred); |
188 | if (IS_ERR(*lower_file)) { | 189 | if (IS_ERR(*lower_file)) { |
189 | rc = PTR_ERR(*req->lower_file); | 190 | rc = PTR_ERR(*req->lower_file); |
190 | (*lower_file) = NULL; | 191 | (*lower_file) = NULL; |
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c index 64d2ba980df4..fd630713c5c7 100644 --- a/fs/ecryptfs/main.c +++ b/fs/ecryptfs/main.c | |||
@@ -115,6 +115,7 @@ void __ecryptfs_printk(const char *fmt, ...) | |||
115 | */ | 115 | */ |
116 | int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry) | 116 | int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry) |
117 | { | 117 | { |
118 | const struct cred *cred = current_cred(); | ||
118 | struct ecryptfs_inode_info *inode_info = | 119 | struct ecryptfs_inode_info *inode_info = |
119 | ecryptfs_inode_to_private(ecryptfs_dentry->d_inode); | 120 | ecryptfs_inode_to_private(ecryptfs_dentry->d_inode); |
120 | int rc = 0; | 121 | int rc = 0; |
@@ -127,7 +128,7 @@ int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry) | |||
127 | 128 | ||
128 | lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry); | 129 | lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry); |
129 | rc = ecryptfs_privileged_open(&inode_info->lower_file, | 130 | rc = ecryptfs_privileged_open(&inode_info->lower_file, |
130 | lower_dentry, lower_mnt); | 131 | lower_dentry, lower_mnt, cred); |
131 | if (rc || IS_ERR(inode_info->lower_file)) { | 132 | if (rc || IS_ERR(inode_info->lower_file)) { |
132 | printk(KERN_ERR "Error opening lower persistent file " | 133 | printk(KERN_ERR "Error opening lower persistent file " |
133 | "for lower_dentry [0x%p] and lower_mnt [0x%p]; " | 134 | "for lower_dentry [0x%p] and lower_mnt [0x%p]; " |
diff --git a/fs/ecryptfs/messaging.c b/fs/ecryptfs/messaging.c index c6983978a31e..e0b0a4e28b9b 100644 --- a/fs/ecryptfs/messaging.c +++ b/fs/ecryptfs/messaging.c | |||
@@ -361,6 +361,7 @@ int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid, | |||
361 | size_t msg_size; | 361 | size_t msg_size; |
362 | struct nsproxy *nsproxy; | 362 | struct nsproxy *nsproxy; |
363 | struct user_namespace *current_user_ns; | 363 | struct user_namespace *current_user_ns; |
364 | uid_t ctx_euid; | ||
364 | int rc; | 365 | int rc; |
365 | 366 | ||
366 | if (msg->index >= ecryptfs_message_buf_len) { | 367 | if (msg->index >= ecryptfs_message_buf_len) { |
@@ -385,8 +386,8 @@ int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid, | |||
385 | goto wake_up; | 386 | goto wake_up; |
386 | } | 387 | } |
387 | current_user_ns = nsproxy->user_ns; | 388 | current_user_ns = nsproxy->user_ns; |
388 | rc = ecryptfs_find_daemon_by_euid(&daemon, msg_ctx->task->euid, | 389 | ctx_euid = task_euid(msg_ctx->task); |
389 | current_user_ns); | 390 | rc = ecryptfs_find_daemon_by_euid(&daemon, ctx_euid, current_user_ns); |
390 | rcu_read_unlock(); | 391 | rcu_read_unlock(); |
391 | mutex_unlock(&ecryptfs_daemon_hash_mux); | 392 | mutex_unlock(&ecryptfs_daemon_hash_mux); |
392 | if (rc) { | 393 | if (rc) { |
@@ -394,14 +395,14 @@ int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid, | |||
394 | printk(KERN_WARNING "%s: User [%d] received a " | 395 | printk(KERN_WARNING "%s: User [%d] received a " |
395 | "message response from process [0x%p] but does " | 396 | "message response from process [0x%p] but does " |
396 | "not have a registered daemon\n", __func__, | 397 | "not have a registered daemon\n", __func__, |
397 | msg_ctx->task->euid, pid); | 398 | ctx_euid, pid); |
398 | goto wake_up; | 399 | goto wake_up; |
399 | } | 400 | } |
400 | if (msg_ctx->task->euid != euid) { | 401 | if (ctx_euid != euid) { |
401 | rc = -EBADMSG; | 402 | rc = -EBADMSG; |
402 | printk(KERN_WARNING "%s: Received message from user " | 403 | printk(KERN_WARNING "%s: Received message from user " |
403 | "[%d]; expected message from user [%d]\n", __func__, | 404 | "[%d]; expected message from user [%d]\n", __func__, |
404 | euid, msg_ctx->task->euid); | 405 | euid, ctx_euid); |
405 | goto unlock; | 406 | goto unlock; |
406 | } | 407 | } |
407 | if (current_user_ns != user_ns) { | 408 | if (current_user_ns != user_ns) { |
@@ -415,7 +416,7 @@ int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid, | |||
415 | rc = -EBADMSG; | 416 | rc = -EBADMSG; |
416 | printk(KERN_ERR "%s: User [%d] sent a message response " | 417 | printk(KERN_ERR "%s: User [%d] sent a message response " |
417 | "from an unrecognized process [0x%p]\n", | 418 | "from an unrecognized process [0x%p]\n", |
418 | __func__, msg_ctx->task->euid, pid); | 419 | __func__, ctx_euid, pid); |
419 | goto unlock; | 420 | goto unlock; |
420 | } | 421 | } |
421 | if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_PENDING) { | 422 | if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_PENDING) { |
@@ -464,14 +465,15 @@ ecryptfs_send_message_locked(char *data, int data_len, u8 msg_type, | |||
464 | struct ecryptfs_msg_ctx **msg_ctx) | 465 | struct ecryptfs_msg_ctx **msg_ctx) |
465 | { | 466 | { |
466 | struct ecryptfs_daemon *daemon; | 467 | struct ecryptfs_daemon *daemon; |
468 | uid_t euid = current_euid(); | ||
467 | int rc; | 469 | int rc; |
468 | 470 | ||
469 | rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid, | 471 | rc = ecryptfs_find_daemon_by_euid(&daemon, euid, |
470 | current->nsproxy->user_ns); | 472 | current->nsproxy->user_ns); |
471 | if (rc || !daemon) { | 473 | if (rc || !daemon) { |
472 | rc = -ENOTCONN; | 474 | rc = -ENOTCONN; |
473 | printk(KERN_ERR "%s: User [%d] does not have a daemon " | 475 | printk(KERN_ERR "%s: User [%d] does not have a daemon " |
474 | "registered\n", __func__, current->euid); | 476 | "registered\n", __func__, euid); |
475 | goto out; | 477 | goto out; |
476 | } | 478 | } |
477 | mutex_lock(&ecryptfs_msg_ctx_lists_mux); | 479 | mutex_lock(&ecryptfs_msg_ctx_lists_mux); |
diff --git a/fs/ecryptfs/miscdev.c b/fs/ecryptfs/miscdev.c index b484792a0996..047ac609695b 100644 --- a/fs/ecryptfs/miscdev.c +++ b/fs/ecryptfs/miscdev.c | |||
@@ -42,11 +42,12 @@ ecryptfs_miscdev_poll(struct file *file, poll_table *pt) | |||
42 | { | 42 | { |
43 | struct ecryptfs_daemon *daemon; | 43 | struct ecryptfs_daemon *daemon; |
44 | unsigned int mask = 0; | 44 | unsigned int mask = 0; |
45 | uid_t euid = current_euid(); | ||
45 | int rc; | 46 | int rc; |
46 | 47 | ||
47 | mutex_lock(&ecryptfs_daemon_hash_mux); | 48 | mutex_lock(&ecryptfs_daemon_hash_mux); |
48 | /* TODO: Just use file->private_data? */ | 49 | /* TODO: Just use file->private_data? */ |
49 | rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid, | 50 | rc = ecryptfs_find_daemon_by_euid(&daemon, euid, |
50 | current->nsproxy->user_ns); | 51 | current->nsproxy->user_ns); |
51 | BUG_ON(rc || !daemon); | 52 | BUG_ON(rc || !daemon); |
52 | mutex_lock(&daemon->mux); | 53 | mutex_lock(&daemon->mux); |
@@ -83,6 +84,7 @@ static int | |||
83 | ecryptfs_miscdev_open(struct inode *inode, struct file *file) | 84 | ecryptfs_miscdev_open(struct inode *inode, struct file *file) |
84 | { | 85 | { |
85 | struct ecryptfs_daemon *daemon = NULL; | 86 | struct ecryptfs_daemon *daemon = NULL; |
87 | uid_t euid = current_euid(); | ||
86 | int rc; | 88 | int rc; |
87 | 89 | ||
88 | mutex_lock(&ecryptfs_daemon_hash_mux); | 90 | mutex_lock(&ecryptfs_daemon_hash_mux); |
@@ -93,10 +95,10 @@ ecryptfs_miscdev_open(struct inode *inode, struct file *file) | |||
93 | "count; rc = [%d]\n", __func__, rc); | 95 | "count; rc = [%d]\n", __func__, rc); |
94 | goto out_unlock_daemon_list; | 96 | goto out_unlock_daemon_list; |
95 | } | 97 | } |
96 | rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid, | 98 | rc = ecryptfs_find_daemon_by_euid(&daemon, euid, |
97 | current->nsproxy->user_ns); | 99 | current->nsproxy->user_ns); |
98 | if (rc || !daemon) { | 100 | if (rc || !daemon) { |
99 | rc = ecryptfs_spawn_daemon(&daemon, current->euid, | 101 | rc = ecryptfs_spawn_daemon(&daemon, euid, |
100 | current->nsproxy->user_ns, | 102 | current->nsproxy->user_ns, |
101 | task_pid(current)); | 103 | task_pid(current)); |
102 | if (rc) { | 104 | if (rc) { |
@@ -147,10 +149,11 @@ static int | |||
147 | ecryptfs_miscdev_release(struct inode *inode, struct file *file) | 149 | ecryptfs_miscdev_release(struct inode *inode, struct file *file) |
148 | { | 150 | { |
149 | struct ecryptfs_daemon *daemon = NULL; | 151 | struct ecryptfs_daemon *daemon = NULL; |
152 | uid_t euid = current_euid(); | ||
150 | int rc; | 153 | int rc; |
151 | 154 | ||
152 | mutex_lock(&ecryptfs_daemon_hash_mux); | 155 | mutex_lock(&ecryptfs_daemon_hash_mux); |
153 | rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid, | 156 | rc = ecryptfs_find_daemon_by_euid(&daemon, euid, |
154 | current->nsproxy->user_ns); | 157 | current->nsproxy->user_ns); |
155 | BUG_ON(rc || !daemon); | 158 | BUG_ON(rc || !daemon); |
156 | mutex_lock(&daemon->mux); | 159 | mutex_lock(&daemon->mux); |
@@ -246,11 +249,12 @@ ecryptfs_miscdev_read(struct file *file, char __user *buf, size_t count, | |||
246 | char packet_length[3]; | 249 | char packet_length[3]; |
247 | size_t i; | 250 | size_t i; |
248 | size_t total_length; | 251 | size_t total_length; |
252 | uid_t euid = current_euid(); | ||
249 | int rc; | 253 | int rc; |
250 | 254 | ||
251 | mutex_lock(&ecryptfs_daemon_hash_mux); | 255 | mutex_lock(&ecryptfs_daemon_hash_mux); |
252 | /* TODO: Just use file->private_data? */ | 256 | /* TODO: Just use file->private_data? */ |
253 | rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid, | 257 | rc = ecryptfs_find_daemon_by_euid(&daemon, euid, |
254 | current->nsproxy->user_ns); | 258 | current->nsproxy->user_ns); |
255 | BUG_ON(rc || !daemon); | 259 | BUG_ON(rc || !daemon); |
256 | mutex_lock(&daemon->mux); | 260 | mutex_lock(&daemon->mux); |
@@ -290,7 +294,7 @@ check_list: | |||
290 | * message from the queue; try again */ | 294 | * message from the queue; try again */ |
291 | goto check_list; | 295 | goto check_list; |
292 | } | 296 | } |
293 | BUG_ON(current->euid != daemon->euid); | 297 | BUG_ON(euid != daemon->euid); |
294 | BUG_ON(current->nsproxy->user_ns != daemon->user_ns); | 298 | BUG_ON(current->nsproxy->user_ns != daemon->user_ns); |
295 | BUG_ON(task_pid(current) != daemon->pid); | 299 | BUG_ON(task_pid(current) != daemon->pid); |
296 | msg_ctx = list_first_entry(&daemon->msg_ctx_out_queue, | 300 | msg_ctx = list_first_entry(&daemon->msg_ctx_out_queue, |
@@ -414,6 +418,7 @@ ecryptfs_miscdev_write(struct file *file, const char __user *buf, | |||
414 | size_t packet_size, packet_size_length, i; | 418 | size_t packet_size, packet_size_length, i; |
415 | ssize_t sz = 0; | 419 | ssize_t sz = 0; |
416 | char *data; | 420 | char *data; |
421 | uid_t euid = current_euid(); | ||
417 | int rc; | 422 | int rc; |
418 | 423 | ||
419 | if (count == 0) | 424 | if (count == 0) |
@@ -463,8 +468,7 @@ ecryptfs_miscdev_write(struct file *file, const char __user *buf, | |||
463 | goto out_free; | 468 | goto out_free; |
464 | } | 469 | } |
465 | rc = ecryptfs_miscdev_response(&data[i], packet_size, | 470 | rc = ecryptfs_miscdev_response(&data[i], packet_size, |
466 | current->euid, | 471 | euid, current->nsproxy->user_ns, |
467 | current->nsproxy->user_ns, | ||
468 | task_pid(current), seq); | 472 | task_pid(current), seq); |
469 | if (rc) | 473 | if (rc) |
470 | printk(KERN_WARNING "%s: Failed to deliver miscdev " | 474 | printk(KERN_WARNING "%s: Failed to deliver miscdev " |
@@ -55,6 +55,7 @@ | |||
55 | #include <asm/uaccess.h> | 55 | #include <asm/uaccess.h> |
56 | #include <asm/mmu_context.h> | 56 | #include <asm/mmu_context.h> |
57 | #include <asm/tlb.h> | 57 | #include <asm/tlb.h> |
58 | #include "internal.h" | ||
58 | 59 | ||
59 | #ifdef __alpha__ | 60 | #ifdef __alpha__ |
60 | /* for /sbin/loader handling in search_binary_handler() */ | 61 | /* for /sbin/loader handling in search_binary_handler() */ |
@@ -980,7 +981,7 @@ int flush_old_exec(struct linux_binprm * bprm) | |||
980 | /* This is the point of no return */ | 981 | /* This is the point of no return */ |
981 | current->sas_ss_sp = current->sas_ss_size = 0; | 982 | current->sas_ss_sp = current->sas_ss_size = 0; |
982 | 983 | ||
983 | if (current->euid == current->uid && current->egid == current->gid) | 984 | if (current_euid() == current_uid() && current_egid() == current_gid()) |
984 | set_dumpable(current->mm, 1); | 985 | set_dumpable(current->mm, 1); |
985 | else | 986 | else |
986 | set_dumpable(current->mm, suid_dumpable); | 987 | set_dumpable(current->mm, suid_dumpable); |
@@ -1007,16 +1008,17 @@ int flush_old_exec(struct linux_binprm * bprm) | |||
1007 | */ | 1008 | */ |
1008 | current->mm->task_size = TASK_SIZE; | 1009 | current->mm->task_size = TASK_SIZE; |
1009 | 1010 | ||
1010 | if (bprm->e_uid != current->euid || bprm->e_gid != current->egid) { | 1011 | /* install the new credentials */ |
1011 | suid_keys(current); | 1012 | if (bprm->cred->uid != current_euid() || |
1012 | set_dumpable(current->mm, suid_dumpable); | 1013 | bprm->cred->gid != current_egid()) { |
1013 | current->pdeath_signal = 0; | 1014 | current->pdeath_signal = 0; |
1014 | } else if (file_permission(bprm->file, MAY_READ) || | 1015 | } else if (file_permission(bprm->file, MAY_READ) || |
1015 | (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)) { | 1016 | bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP) { |
1016 | suid_keys(current); | ||
1017 | set_dumpable(current->mm, suid_dumpable); | 1017 | set_dumpable(current->mm, suid_dumpable); |
1018 | } | 1018 | } |
1019 | 1019 | ||
1020 | current->personality &= ~bprm->per_clear; | ||
1021 | |||
1020 | /* An exec changes our domain. We are no longer part of the thread | 1022 | /* An exec changes our domain. We are no longer part of the thread |
1021 | group */ | 1023 | group */ |
1022 | 1024 | ||
@@ -1033,13 +1035,50 @@ out: | |||
1033 | 1035 | ||
1034 | EXPORT_SYMBOL(flush_old_exec); | 1036 | EXPORT_SYMBOL(flush_old_exec); |
1035 | 1037 | ||
1038 | /* | ||
1039 | * install the new credentials for this executable | ||
1040 | */ | ||
1041 | void install_exec_creds(struct linux_binprm *bprm) | ||
1042 | { | ||
1043 | security_bprm_committing_creds(bprm); | ||
1044 | |||
1045 | commit_creds(bprm->cred); | ||
1046 | bprm->cred = NULL; | ||
1047 | |||
1048 | /* cred_exec_mutex must be held at least to this point to prevent | ||
1049 | * ptrace_attach() from altering our determination of the task's | ||
1050 | * credentials; any time after this it may be unlocked */ | ||
1051 | |||
1052 | security_bprm_committed_creds(bprm); | ||
1053 | } | ||
1054 | EXPORT_SYMBOL(install_exec_creds); | ||
1055 | |||
1056 | /* | ||
1057 | * determine how safe it is to execute the proposed program | ||
1058 | * - the caller must hold current->cred_exec_mutex to protect against | ||
1059 | * PTRACE_ATTACH | ||
1060 | */ | ||
1061 | void check_unsafe_exec(struct linux_binprm *bprm) | ||
1062 | { | ||
1063 | struct task_struct *p = current; | ||
1064 | |||
1065 | bprm->unsafe = tracehook_unsafe_exec(p); | ||
1066 | |||
1067 | if (atomic_read(&p->fs->count) > 1 || | ||
1068 | atomic_read(&p->files->count) > 1 || | ||
1069 | atomic_read(&p->sighand->count) > 1) | ||
1070 | bprm->unsafe |= LSM_UNSAFE_SHARE; | ||
1071 | } | ||
1072 | |||
1036 | /* | 1073 | /* |
1037 | * Fill the binprm structure from the inode. | 1074 | * Fill the binprm structure from the inode. |
1038 | * Check permissions, then read the first 128 (BINPRM_BUF_SIZE) bytes | 1075 | * Check permissions, then read the first 128 (BINPRM_BUF_SIZE) bytes |
1076 | * | ||
1077 | * This may be called multiple times for binary chains (scripts for example). | ||
1039 | */ | 1078 | */ |
1040 | int prepare_binprm(struct linux_binprm *bprm) | 1079 | int prepare_binprm(struct linux_binprm *bprm) |
1041 | { | 1080 | { |
1042 | int mode; | 1081 | umode_t mode; |
1043 | struct inode * inode = bprm->file->f_path.dentry->d_inode; | 1082 | struct inode * inode = bprm->file->f_path.dentry->d_inode; |
1044 | int retval; | 1083 | int retval; |
1045 | 1084 | ||
@@ -1047,14 +1086,15 @@ int prepare_binprm(struct linux_binprm *bprm) | |||
1047 | if (bprm->file->f_op == NULL) | 1086 | if (bprm->file->f_op == NULL) |
1048 | return -EACCES; | 1087 | return -EACCES; |
1049 | 1088 | ||
1050 | bprm->e_uid = current->euid; | 1089 | /* clear any previous set[ug]id data from a previous binary */ |
1051 | bprm->e_gid = current->egid; | 1090 | bprm->cred->euid = current_euid(); |
1091 | bprm->cred->egid = current_egid(); | ||
1052 | 1092 | ||
1053 | if(!(bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)) { | 1093 | if (!(bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)) { |
1054 | /* Set-uid? */ | 1094 | /* Set-uid? */ |
1055 | if (mode & S_ISUID) { | 1095 | if (mode & S_ISUID) { |
1056 | current->personality &= ~PER_CLEAR_ON_SETID; | 1096 | bprm->per_clear |= PER_CLEAR_ON_SETID; |
1057 | bprm->e_uid = inode->i_uid; | 1097 | bprm->cred->euid = inode->i_uid; |
1058 | } | 1098 | } |
1059 | 1099 | ||
1060 | /* Set-gid? */ | 1100 | /* Set-gid? */ |
@@ -1064,52 +1104,23 @@ int prepare_binprm(struct linux_binprm *bprm) | |||
1064 | * executable. | 1104 | * executable. |
1065 | */ | 1105 | */ |
1066 | if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) { | 1106 | if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) { |
1067 | current->personality &= ~PER_CLEAR_ON_SETID; | 1107 | bprm->per_clear |= PER_CLEAR_ON_SETID; |
1068 | bprm->e_gid = inode->i_gid; | 1108 | bprm->cred->egid = inode->i_gid; |
1069 | } | 1109 | } |
1070 | } | 1110 | } |
1071 | 1111 | ||
1072 | /* fill in binprm security blob */ | 1112 | /* fill in binprm security blob */ |
1073 | retval = security_bprm_set(bprm); | 1113 | retval = security_bprm_set_creds(bprm); |
1074 | if (retval) | 1114 | if (retval) |
1075 | return retval; | 1115 | return retval; |
1116 | bprm->cred_prepared = 1; | ||
1076 | 1117 | ||
1077 | memset(bprm->buf,0,BINPRM_BUF_SIZE); | 1118 | memset(bprm->buf, 0, BINPRM_BUF_SIZE); |
1078 | return kernel_read(bprm->file,0,bprm->buf,BINPRM_BUF_SIZE); | 1119 | return kernel_read(bprm->file, 0, bprm->buf, BINPRM_BUF_SIZE); |
1079 | } | 1120 | } |
1080 | 1121 | ||
1081 | EXPORT_SYMBOL(prepare_binprm); | 1122 | EXPORT_SYMBOL(prepare_binprm); |
1082 | 1123 | ||
1083 | static int unsafe_exec(struct task_struct *p) | ||
1084 | { | ||
1085 | int unsafe = tracehook_unsafe_exec(p); | ||
1086 | |||
1087 | if (atomic_read(&p->fs->count) > 1 || | ||
1088 | atomic_read(&p->files->count) > 1 || | ||
1089 | atomic_read(&p->sighand->count) > 1) | ||
1090 | unsafe |= LSM_UNSAFE_SHARE; | ||
1091 | |||
1092 | return unsafe; | ||
1093 | } | ||
1094 | |||
1095 | void compute_creds(struct linux_binprm *bprm) | ||
1096 | { | ||
1097 | int unsafe; | ||
1098 | |||
1099 | if (bprm->e_uid != current->uid) { | ||
1100 | suid_keys(current); | ||
1101 | current->pdeath_signal = 0; | ||
1102 | } | ||
1103 | exec_keys(current); | ||
1104 | |||
1105 | task_lock(current); | ||
1106 | unsafe = unsafe_exec(current); | ||
1107 | security_bprm_apply_creds(bprm, unsafe); | ||
1108 | task_unlock(current); | ||
1109 | security_bprm_post_apply_creds(bprm); | ||
1110 | } | ||
1111 | EXPORT_SYMBOL(compute_creds); | ||
1112 | |||
1113 | /* | 1124 | /* |
1114 | * Arguments are '\0' separated strings found at the location bprm->p | 1125 | * Arguments are '\0' separated strings found at the location bprm->p |
1115 | * points to; chop off the first by relocating brpm->p to right after | 1126 | * points to; chop off the first by relocating brpm->p to right after |
@@ -1262,6 +1273,8 @@ EXPORT_SYMBOL(search_binary_handler); | |||
1262 | void free_bprm(struct linux_binprm *bprm) | 1273 | void free_bprm(struct linux_binprm *bprm) |
1263 | { | 1274 | { |
1264 | free_arg_pages(bprm); | 1275 | free_arg_pages(bprm); |
1276 | if (bprm->cred) | ||
1277 | abort_creds(bprm->cred); | ||
1265 | kfree(bprm); | 1278 | kfree(bprm); |
1266 | } | 1279 | } |
1267 | 1280 | ||
@@ -1287,10 +1300,20 @@ int do_execve(char * filename, | |||
1287 | if (!bprm) | 1300 | if (!bprm) |
1288 | goto out_files; | 1301 | goto out_files; |
1289 | 1302 | ||
1303 | retval = mutex_lock_interruptible(¤t->cred_exec_mutex); | ||
1304 | if (retval < 0) | ||
1305 | goto out_free; | ||
1306 | |||
1307 | retval = -ENOMEM; | ||
1308 | bprm->cred = prepare_exec_creds(); | ||
1309 | if (!bprm->cred) | ||
1310 | goto out_unlock; | ||
1311 | check_unsafe_exec(bprm); | ||
1312 | |||
1290 | file = open_exec(filename); | 1313 | file = open_exec(filename); |
1291 | retval = PTR_ERR(file); | 1314 | retval = PTR_ERR(file); |
1292 | if (IS_ERR(file)) | 1315 | if (IS_ERR(file)) |
1293 | goto out_kfree; | 1316 | goto out_unlock; |
1294 | 1317 | ||
1295 | sched_exec(); | 1318 | sched_exec(); |
1296 | 1319 | ||
@@ -1304,14 +1327,10 @@ int do_execve(char * filename, | |||
1304 | 1327 | ||
1305 | bprm->argc = count(argv, MAX_ARG_STRINGS); | 1328 | bprm->argc = count(argv, MAX_ARG_STRINGS); |
1306 | if ((retval = bprm->argc) < 0) | 1329 | if ((retval = bprm->argc) < 0) |
1307 | goto out_mm; | 1330 | goto out; |
1308 | 1331 | ||
1309 | bprm->envc = count(envp, MAX_ARG_STRINGS); | 1332 | bprm->envc = count(envp, MAX_ARG_STRINGS); |
1310 | if ((retval = bprm->envc) < 0) | 1333 | if ((retval = bprm->envc) < 0) |
1311 | goto out_mm; | ||
1312 | |||
1313 | retval = security_bprm_alloc(bprm); | ||
1314 | if (retval) | ||
1315 | goto out; | 1334 | goto out; |
1316 | 1335 | ||
1317 | retval = prepare_binprm(bprm); | 1336 | retval = prepare_binprm(bprm); |
@@ -1333,21 +1352,18 @@ int do_execve(char * filename, | |||
1333 | 1352 | ||
1334 | current->flags &= ~PF_KTHREAD; | 1353 | current->flags &= ~PF_KTHREAD; |
1335 | retval = search_binary_handler(bprm,regs); | 1354 | retval = search_binary_handler(bprm,regs); |
1336 | if (retval >= 0) { | 1355 | if (retval < 0) |
1337 | /* execve success */ | 1356 | goto out; |
1338 | security_bprm_free(bprm); | ||
1339 | acct_update_integrals(current); | ||
1340 | free_bprm(bprm); | ||
1341 | if (displaced) | ||
1342 | put_files_struct(displaced); | ||
1343 | return retval; | ||
1344 | } | ||
1345 | 1357 | ||
1346 | out: | 1358 | /* execve succeeded */ |
1347 | if (bprm->security) | 1359 | mutex_unlock(¤t->cred_exec_mutex); |
1348 | security_bprm_free(bprm); | 1360 | acct_update_integrals(current); |
1361 | free_bprm(bprm); | ||
1362 | if (displaced) | ||
1363 | put_files_struct(displaced); | ||
1364 | return retval; | ||
1349 | 1365 | ||
1350 | out_mm: | 1366 | out: |
1351 | if (bprm->mm) | 1367 | if (bprm->mm) |
1352 | mmput (bprm->mm); | 1368 | mmput (bprm->mm); |
1353 | 1369 | ||
@@ -1356,7 +1372,11 @@ out_file: | |||
1356 | allow_write_access(bprm->file); | 1372 | allow_write_access(bprm->file); |
1357 | fput(bprm->file); | 1373 | fput(bprm->file); |
1358 | } | 1374 | } |
1359 | out_kfree: | 1375 | |
1376 | out_unlock: | ||
1377 | mutex_unlock(¤t->cred_exec_mutex); | ||
1378 | |||
1379 | out_free: | ||
1360 | free_bprm(bprm); | 1380 | free_bprm(bprm); |
1361 | 1381 | ||
1362 | out_files: | 1382 | out_files: |
@@ -1388,6 +1408,7 @@ EXPORT_SYMBOL(set_binfmt); | |||
1388 | */ | 1408 | */ |
1389 | static int format_corename(char *corename, long signr) | 1409 | static int format_corename(char *corename, long signr) |
1390 | { | 1410 | { |
1411 | const struct cred *cred = current_cred(); | ||
1391 | const char *pat_ptr = core_pattern; | 1412 | const char *pat_ptr = core_pattern; |
1392 | int ispipe = (*pat_ptr == '|'); | 1413 | int ispipe = (*pat_ptr == '|'); |
1393 | char *out_ptr = corename; | 1414 | char *out_ptr = corename; |
@@ -1424,7 +1445,7 @@ static int format_corename(char *corename, long signr) | |||
1424 | /* uid */ | 1445 | /* uid */ |
1425 | case 'u': | 1446 | case 'u': |
1426 | rc = snprintf(out_ptr, out_end - out_ptr, | 1447 | rc = snprintf(out_ptr, out_end - out_ptr, |
1427 | "%d", current->uid); | 1448 | "%d", cred->uid); |
1428 | if (rc > out_end - out_ptr) | 1449 | if (rc > out_end - out_ptr) |
1429 | goto out; | 1450 | goto out; |
1430 | out_ptr += rc; | 1451 | out_ptr += rc; |
@@ -1432,7 +1453,7 @@ static int format_corename(char *corename, long signr) | |||
1432 | /* gid */ | 1453 | /* gid */ |
1433 | case 'g': | 1454 | case 'g': |
1434 | rc = snprintf(out_ptr, out_end - out_ptr, | 1455 | rc = snprintf(out_ptr, out_end - out_ptr, |
1435 | "%d", current->gid); | 1456 | "%d", cred->gid); |
1436 | if (rc > out_end - out_ptr) | 1457 | if (rc > out_end - out_ptr) |
1437 | goto out; | 1458 | goto out; |
1438 | out_ptr += rc; | 1459 | out_ptr += rc; |
@@ -1708,8 +1729,9 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs) | |||
1708 | struct linux_binfmt * binfmt; | 1729 | struct linux_binfmt * binfmt; |
1709 | struct inode * inode; | 1730 | struct inode * inode; |
1710 | struct file * file; | 1731 | struct file * file; |
1732 | const struct cred *old_cred; | ||
1733 | struct cred *cred; | ||
1711 | int retval = 0; | 1734 | int retval = 0; |
1712 | int fsuid = current->fsuid; | ||
1713 | int flag = 0; | 1735 | int flag = 0; |
1714 | int ispipe = 0; | 1736 | int ispipe = 0; |
1715 | unsigned long core_limit = current->signal->rlim[RLIMIT_CORE].rlim_cur; | 1737 | unsigned long core_limit = current->signal->rlim[RLIMIT_CORE].rlim_cur; |
@@ -1722,12 +1744,20 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs) | |||
1722 | binfmt = current->binfmt; | 1744 | binfmt = current->binfmt; |
1723 | if (!binfmt || !binfmt->core_dump) | 1745 | if (!binfmt || !binfmt->core_dump) |
1724 | goto fail; | 1746 | goto fail; |
1747 | |||
1748 | cred = prepare_creds(); | ||
1749 | if (!cred) { | ||
1750 | retval = -ENOMEM; | ||
1751 | goto fail; | ||
1752 | } | ||
1753 | |||
1725 | down_write(&mm->mmap_sem); | 1754 | down_write(&mm->mmap_sem); |
1726 | /* | 1755 | /* |
1727 | * If another thread got here first, or we are not dumpable, bail out. | 1756 | * If another thread got here first, or we are not dumpable, bail out. |
1728 | */ | 1757 | */ |
1729 | if (mm->core_state || !get_dumpable(mm)) { | 1758 | if (mm->core_state || !get_dumpable(mm)) { |
1730 | up_write(&mm->mmap_sem); | 1759 | up_write(&mm->mmap_sem); |
1760 | put_cred(cred); | ||
1731 | goto fail; | 1761 | goto fail; |
1732 | } | 1762 | } |
1733 | 1763 | ||
@@ -1738,12 +1768,16 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs) | |||
1738 | */ | 1768 | */ |
1739 | if (get_dumpable(mm) == 2) { /* Setuid core dump mode */ | 1769 | if (get_dumpable(mm) == 2) { /* Setuid core dump mode */ |
1740 | flag = O_EXCL; /* Stop rewrite attacks */ | 1770 | flag = O_EXCL; /* Stop rewrite attacks */ |
1741 | current->fsuid = 0; /* Dump root private */ | 1771 | cred->fsuid = 0; /* Dump root private */ |
1742 | } | 1772 | } |
1743 | 1773 | ||
1744 | retval = coredump_wait(exit_code, &core_state); | 1774 | retval = coredump_wait(exit_code, &core_state); |
1745 | if (retval < 0) | 1775 | if (retval < 0) { |
1776 | put_cred(cred); | ||
1746 | goto fail; | 1777 | goto fail; |
1778 | } | ||
1779 | |||
1780 | old_cred = override_creds(cred); | ||
1747 | 1781 | ||
1748 | /* | 1782 | /* |
1749 | * Clear any false indication of pending signals that might | 1783 | * Clear any false indication of pending signals that might |
@@ -1815,7 +1849,7 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs) | |||
1815 | * Dont allow local users get cute and trick others to coredump | 1849 | * Dont allow local users get cute and trick others to coredump |
1816 | * into their pre-created files: | 1850 | * into their pre-created files: |
1817 | */ | 1851 | */ |
1818 | if (inode->i_uid != current->fsuid) | 1852 | if (inode->i_uid != current_fsuid()) |
1819 | goto close_fail; | 1853 | goto close_fail; |
1820 | if (!file->f_op) | 1854 | if (!file->f_op) |
1821 | goto close_fail; | 1855 | goto close_fail; |
@@ -1834,7 +1868,8 @@ fail_unlock: | |||
1834 | if (helper_argv) | 1868 | if (helper_argv) |
1835 | argv_free(helper_argv); | 1869 | argv_free(helper_argv); |
1836 | 1870 | ||
1837 | current->fsuid = fsuid; | 1871 | revert_creds(old_cred); |
1872 | put_cred(cred); | ||
1838 | coredump_finish(mm); | 1873 | coredump_finish(mm); |
1839 | fail: | 1874 | fail: |
1840 | return retval; | 1875 | return retval; |
diff --git a/fs/exportfs/expfs.c b/fs/exportfs/expfs.c index 80246bad1b7f..ec1fb918200f 100644 --- a/fs/exportfs/expfs.c +++ b/fs/exportfs/expfs.c | |||
@@ -14,6 +14,7 @@ | |||
14 | #include <linux/module.h> | 14 | #include <linux/module.h> |
15 | #include <linux/mount.h> | 15 | #include <linux/mount.h> |
16 | #include <linux/namei.h> | 16 | #include <linux/namei.h> |
17 | #include <linux/sched.h> | ||
17 | 18 | ||
18 | #define dprintk(fmt, args...) do{}while(0) | 19 | #define dprintk(fmt, args...) do{}while(0) |
19 | 20 | ||
@@ -249,6 +250,7 @@ static int filldir_one(void * __buf, const char * name, int len, | |||
249 | static int get_name(struct vfsmount *mnt, struct dentry *dentry, | 250 | static int get_name(struct vfsmount *mnt, struct dentry *dentry, |
250 | char *name, struct dentry *child) | 251 | char *name, struct dentry *child) |
251 | { | 252 | { |
253 | const struct cred *cred = current_cred(); | ||
252 | struct inode *dir = dentry->d_inode; | 254 | struct inode *dir = dentry->d_inode; |
253 | int error; | 255 | int error; |
254 | struct file *file; | 256 | struct file *file; |
@@ -263,7 +265,7 @@ static int get_name(struct vfsmount *mnt, struct dentry *dentry, | |||
263 | /* | 265 | /* |
264 | * Open the directory ... | 266 | * Open the directory ... |
265 | */ | 267 | */ |
266 | file = dentry_open(dget(dentry), mntget(mnt), O_RDONLY); | 268 | file = dentry_open(dget(dentry), mntget(mnt), O_RDONLY, cred); |
267 | error = PTR_ERR(file); | 269 | error = PTR_ERR(file); |
268 | if (IS_ERR(file)) | 270 | if (IS_ERR(file)) |
269 | goto out; | 271 | goto out; |
diff --git a/fs/ext2/balloc.c b/fs/ext2/balloc.c index 6dac7ba2d22d..4a29d6376081 100644 --- a/fs/ext2/balloc.c +++ b/fs/ext2/balloc.c | |||
@@ -1193,7 +1193,7 @@ static int ext2_has_free_blocks(struct ext2_sb_info *sbi) | |||
1193 | free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter); | 1193 | free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter); |
1194 | root_blocks = le32_to_cpu(sbi->s_es->s_r_blocks_count); | 1194 | root_blocks = le32_to_cpu(sbi->s_es->s_r_blocks_count); |
1195 | if (free_blocks < root_blocks + 1 && !capable(CAP_SYS_RESOURCE) && | 1195 | if (free_blocks < root_blocks + 1 && !capable(CAP_SYS_RESOURCE) && |
1196 | sbi->s_resuid != current->fsuid && | 1196 | sbi->s_resuid != current_fsuid() && |
1197 | (sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid))) { | 1197 | (sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid))) { |
1198 | return 0; | 1198 | return 0; |
1199 | } | 1199 | } |
diff --git a/fs/ext2/ialloc.c b/fs/ext2/ialloc.c index f59741346760..8d0add625870 100644 --- a/fs/ext2/ialloc.c +++ b/fs/ext2/ialloc.c | |||
@@ -550,7 +550,7 @@ got: | |||
550 | 550 | ||
551 | sb->s_dirt = 1; | 551 | sb->s_dirt = 1; |
552 | mark_buffer_dirty(bh2); | 552 | mark_buffer_dirty(bh2); |
553 | inode->i_uid = current->fsuid; | 553 | inode->i_uid = current_fsuid(); |
554 | if (test_opt (sb, GRPID)) | 554 | if (test_opt (sb, GRPID)) |
555 | inode->i_gid = dir->i_gid; | 555 | inode->i_gid = dir->i_gid; |
556 | else if (dir->i_mode & S_ISGID) { | 556 | else if (dir->i_mode & S_ISGID) { |
@@ -558,7 +558,7 @@ got: | |||
558 | if (S_ISDIR(mode)) | 558 | if (S_ISDIR(mode)) |
559 | mode |= S_ISGID; | 559 | mode |= S_ISGID; |
560 | } else | 560 | } else |
561 | inode->i_gid = current->fsgid; | 561 | inode->i_gid = current_fsgid(); |
562 | inode->i_mode = mode; | 562 | inode->i_mode = mode; |
563 | 563 | ||
564 | inode->i_ino = ino; | 564 | inode->i_ino = ino; |
diff --git a/fs/ext3/balloc.c b/fs/ext3/balloc.c index f5b57a2ca35a..0dbf1c048475 100644 --- a/fs/ext3/balloc.c +++ b/fs/ext3/balloc.c | |||
@@ -1422,7 +1422,7 @@ static int ext3_has_free_blocks(struct ext3_sb_info *sbi) | |||
1422 | free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter); | 1422 | free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter); |
1423 | root_blocks = le32_to_cpu(sbi->s_es->s_r_blocks_count); | 1423 | root_blocks = le32_to_cpu(sbi->s_es->s_r_blocks_count); |
1424 | if (free_blocks < root_blocks + 1 && !capable(CAP_SYS_RESOURCE) && | 1424 | if (free_blocks < root_blocks + 1 && !capable(CAP_SYS_RESOURCE) && |
1425 | sbi->s_resuid != current->fsuid && | 1425 | sbi->s_resuid != current_fsuid() && |
1426 | (sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid))) { | 1426 | (sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid))) { |
1427 | return 0; | 1427 | return 0; |
1428 | } | 1428 | } |
diff --git a/fs/ext3/ialloc.c b/fs/ext3/ialloc.c index 47b678d73e7a..490bd0ed7896 100644 --- a/fs/ext3/ialloc.c +++ b/fs/ext3/ialloc.c | |||
@@ -539,7 +539,7 @@ got: | |||
539 | percpu_counter_inc(&sbi->s_dirs_counter); | 539 | percpu_counter_inc(&sbi->s_dirs_counter); |
540 | sb->s_dirt = 1; | 540 | sb->s_dirt = 1; |
541 | 541 | ||
542 | inode->i_uid = current->fsuid; | 542 | inode->i_uid = current_fsuid(); |
543 | if (test_opt (sb, GRPID)) | 543 | if (test_opt (sb, GRPID)) |
544 | inode->i_gid = dir->i_gid; | 544 | inode->i_gid = dir->i_gid; |
545 | else if (dir->i_mode & S_ISGID) { | 545 | else if (dir->i_mode & S_ISGID) { |
@@ -547,7 +547,7 @@ got: | |||
547 | if (S_ISDIR(mode)) | 547 | if (S_ISDIR(mode)) |
548 | mode |= S_ISGID; | 548 | mode |= S_ISGID; |
549 | } else | 549 | } else |
550 | inode->i_gid = current->fsgid; | 550 | inode->i_gid = current_fsgid(); |
551 | inode->i_mode = mode; | 551 | inode->i_mode = mode; |
552 | 552 | ||
553 | inode->i_ino = ino; | 553 | inode->i_ino = ino; |
diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c index d2003cdc36aa..a932b9a29240 100644 --- a/fs/ext4/balloc.c +++ b/fs/ext4/balloc.c | |||
@@ -624,7 +624,7 @@ int ext4_has_free_blocks(struct ext4_sb_info *sbi, s64 nblocks) | |||
624 | return 1; | 624 | return 1; |
625 | 625 | ||
626 | /* Hm, nope. Are (enough) root reserved blocks available? */ | 626 | /* Hm, nope. Are (enough) root reserved blocks available? */ |
627 | if (sbi->s_resuid == current->fsuid || | 627 | if (sbi->s_resuid == current_fsuid() || |
628 | ((sbi->s_resgid != 0) && in_group_p(sbi->s_resgid)) || | 628 | ((sbi->s_resgid != 0) && in_group_p(sbi->s_resgid)) || |
629 | capable(CAP_SYS_RESOURCE)) { | 629 | capable(CAP_SYS_RESOURCE)) { |
630 | if (free_blocks >= (nblocks + dirty_blocks)) | 630 | if (free_blocks >= (nblocks + dirty_blocks)) |
diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c index 2a117e286e54..08cac9fcace2 100644 --- a/fs/ext4/ialloc.c +++ b/fs/ext4/ialloc.c | |||
@@ -787,7 +787,7 @@ got: | |||
787 | spin_unlock(sb_bgl_lock(sbi, flex_group)); | 787 | spin_unlock(sb_bgl_lock(sbi, flex_group)); |
788 | } | 788 | } |
789 | 789 | ||
790 | inode->i_uid = current->fsuid; | 790 | inode->i_uid = current_fsuid(); |
791 | if (test_opt(sb, GRPID)) | 791 | if (test_opt(sb, GRPID)) |
792 | inode->i_gid = dir->i_gid; | 792 | inode->i_gid = dir->i_gid; |
793 | else if (dir->i_mode & S_ISGID) { | 793 | else if (dir->i_mode & S_ISGID) { |
@@ -795,7 +795,7 @@ got: | |||
795 | if (S_ISDIR(mode)) | 795 | if (S_ISDIR(mode)) |
796 | mode |= S_ISGID; | 796 | mode |= S_ISGID; |
797 | } else | 797 | } else |
798 | inode->i_gid = current->fsgid; | 798 | inode->i_gid = current_fsgid(); |
799 | inode->i_mode = mode; | 799 | inode->i_mode = mode; |
800 | 800 | ||
801 | inode->i_ino = ino + group * EXT4_INODES_PER_GROUP(sb); | 801 | inode->i_ino = ino + group * EXT4_INODES_PER_GROUP(sb); |
diff --git a/fs/fat/file.c b/fs/fat/file.c index f06a4e525ece..0a7f4a9918b3 100644 --- a/fs/fat/file.c +++ b/fs/fat/file.c | |||
@@ -304,7 +304,7 @@ static int fat_allow_set_time(struct msdos_sb_info *sbi, struct inode *inode) | |||
304 | { | 304 | { |
305 | mode_t allow_utime = sbi->options.allow_utime; | 305 | mode_t allow_utime = sbi->options.allow_utime; |
306 | 306 | ||
307 | if (current->fsuid != inode->i_uid) { | 307 | if (current_fsuid() != inode->i_uid) { |
308 | if (in_group_p(inode->i_gid)) | 308 | if (in_group_p(inode->i_gid)) |
309 | allow_utime >>= 3; | 309 | allow_utime >>= 3; |
310 | if (allow_utime & MAY_WRITE) | 310 | if (allow_utime & MAY_WRITE) |
diff --git a/fs/fat/inode.c b/fs/fat/inode.c index bdd8fb7be2ca..d937aaf77374 100644 --- a/fs/fat/inode.c +++ b/fs/fat/inode.c | |||
@@ -926,8 +926,8 @@ static int parse_options(char *options, int is_vfat, int silent, int *debug, | |||
926 | 926 | ||
927 | opts->isvfat = is_vfat; | 927 | opts->isvfat = is_vfat; |
928 | 928 | ||
929 | opts->fs_uid = current->uid; | 929 | opts->fs_uid = current_uid(); |
930 | opts->fs_gid = current->gid; | 930 | opts->fs_gid = current_gid(); |
931 | opts->fs_fmask = opts->fs_dmask = current->fs->umask; | 931 | opts->fs_fmask = opts->fs_dmask = current->fs->umask; |
932 | opts->allow_utime = -1; | 932 | opts->allow_utime = -1; |
933 | opts->codepage = fat_default_codepage; | 933 | opts->codepage = fat_default_codepage; |
diff --git a/fs/fcntl.c b/fs/fcntl.c index ac4f7db9f134..87c39f1f0817 100644 --- a/fs/fcntl.c +++ b/fs/fcntl.c | |||
@@ -205,13 +205,14 @@ static void f_modown(struct file *filp, struct pid *pid, enum pid_type type, | |||
205 | int __f_setown(struct file *filp, struct pid *pid, enum pid_type type, | 205 | int __f_setown(struct file *filp, struct pid *pid, enum pid_type type, |
206 | int force) | 206 | int force) |
207 | { | 207 | { |
208 | const struct cred *cred = current_cred(); | ||
208 | int err; | 209 | int err; |
209 | 210 | ||
210 | err = security_file_set_fowner(filp); | 211 | err = security_file_set_fowner(filp); |
211 | if (err) | 212 | if (err) |
212 | return err; | 213 | return err; |
213 | 214 | ||
214 | f_modown(filp, pid, type, current->uid, current->euid, force); | 215 | f_modown(filp, pid, type, cred->uid, cred->euid, force); |
215 | return 0; | 216 | return 0; |
216 | } | 217 | } |
217 | EXPORT_SYMBOL(__f_setown); | 218 | EXPORT_SYMBOL(__f_setown); |
@@ -400,10 +401,17 @@ static const long band_table[NSIGPOLL] = { | |||
400 | static inline int sigio_perm(struct task_struct *p, | 401 | static inline int sigio_perm(struct task_struct *p, |
401 | struct fown_struct *fown, int sig) | 402 | struct fown_struct *fown, int sig) |
402 | { | 403 | { |
403 | return (((fown->euid == 0) || | 404 | const struct cred *cred; |
404 | (fown->euid == p->suid) || (fown->euid == p->uid) || | 405 | int ret; |
405 | (fown->uid == p->suid) || (fown->uid == p->uid)) && | 406 | |
406 | !security_file_send_sigiotask(p, fown, sig)); | 407 | rcu_read_lock(); |
408 | cred = __task_cred(p); | ||
409 | ret = ((fown->euid == 0 || | ||
410 | fown->euid == cred->suid || fown->euid == cred->uid || | ||
411 | fown->uid == cred->suid || fown->uid == cred->uid) && | ||
412 | !security_file_send_sigiotask(p, fown, sig)); | ||
413 | rcu_read_unlock(); | ||
414 | return ret; | ||
407 | } | 415 | } |
408 | 416 | ||
409 | static void send_sigio_to_task(struct task_struct *p, | 417 | static void send_sigio_to_task(struct task_struct *p, |
diff --git a/fs/file_table.c b/fs/file_table.c index 5ad0eca6eea2..0fbcacc3ea75 100644 --- a/fs/file_table.c +++ b/fs/file_table.c | |||
@@ -36,7 +36,9 @@ static struct percpu_counter nr_files __cacheline_aligned_in_smp; | |||
36 | 36 | ||
37 | static inline void file_free_rcu(struct rcu_head *head) | 37 | static inline void file_free_rcu(struct rcu_head *head) |
38 | { | 38 | { |
39 | struct file *f = container_of(head, struct file, f_u.fu_rcuhead); | 39 | struct file *f = container_of(head, struct file, f_u.fu_rcuhead); |
40 | |||
41 | put_cred(f->f_cred); | ||
40 | kmem_cache_free(filp_cachep, f); | 42 | kmem_cache_free(filp_cachep, f); |
41 | } | 43 | } |
42 | 44 | ||
@@ -94,7 +96,7 @@ int proc_nr_files(ctl_table *table, int write, struct file *filp, | |||
94 | */ | 96 | */ |
95 | struct file *get_empty_filp(void) | 97 | struct file *get_empty_filp(void) |
96 | { | 98 | { |
97 | struct task_struct *tsk; | 99 | const struct cred *cred = current_cred(); |
98 | static int old_max; | 100 | static int old_max; |
99 | struct file * f; | 101 | struct file * f; |
100 | 102 | ||
@@ -118,12 +120,10 @@ struct file *get_empty_filp(void) | |||
118 | if (security_file_alloc(f)) | 120 | if (security_file_alloc(f)) |
119 | goto fail_sec; | 121 | goto fail_sec; |
120 | 122 | ||
121 | tsk = current; | ||
122 | INIT_LIST_HEAD(&f->f_u.fu_list); | 123 | INIT_LIST_HEAD(&f->f_u.fu_list); |
123 | atomic_long_set(&f->f_count, 1); | 124 | atomic_long_set(&f->f_count, 1); |
124 | rwlock_init(&f->f_owner.lock); | 125 | rwlock_init(&f->f_owner.lock); |
125 | f->f_uid = tsk->fsuid; | 126 | f->f_cred = get_cred(cred); |
126 | f->f_gid = tsk->fsgid; | ||
127 | eventpoll_init_file(f); | 127 | eventpoll_init_file(f); |
128 | /* f->f_version: 0 */ | 128 | /* f->f_version: 0 */ |
129 | return f; | 129 | return f; |
diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c index b72361479be2..fba571648a8e 100644 --- a/fs/fuse/dev.c +++ b/fs/fuse/dev.c | |||
@@ -87,8 +87,8 @@ static void __fuse_put_request(struct fuse_req *req) | |||
87 | 87 | ||
88 | static void fuse_req_init_context(struct fuse_req *req) | 88 | static void fuse_req_init_context(struct fuse_req *req) |
89 | { | 89 | { |
90 | req->in.h.uid = current->fsuid; | 90 | req->in.h.uid = current_fsuid(); |
91 | req->in.h.gid = current->fsgid; | 91 | req->in.h.gid = current_fsgid(); |
92 | req->in.h.pid = current->pid; | 92 | req->in.h.pid = current->pid; |
93 | } | 93 | } |
94 | 94 | ||
diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c index fd03330cadeb..95bc22bdd060 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c | |||
@@ -869,18 +869,25 @@ int fuse_update_attributes(struct inode *inode, struct kstat *stat, | |||
869 | */ | 869 | */ |
870 | int fuse_allow_task(struct fuse_conn *fc, struct task_struct *task) | 870 | int fuse_allow_task(struct fuse_conn *fc, struct task_struct *task) |
871 | { | 871 | { |
872 | const struct cred *cred; | ||
873 | int ret; | ||
874 | |||
872 | if (fc->flags & FUSE_ALLOW_OTHER) | 875 | if (fc->flags & FUSE_ALLOW_OTHER) |
873 | return 1; | 876 | return 1; |
874 | 877 | ||
875 | if (task->euid == fc->user_id && | 878 | rcu_read_lock(); |
876 | task->suid == fc->user_id && | 879 | ret = 0; |
877 | task->uid == fc->user_id && | 880 | cred = __task_cred(task); |
878 | task->egid == fc->group_id && | 881 | if (cred->euid == fc->user_id && |
879 | task->sgid == fc->group_id && | 882 | cred->suid == fc->user_id && |
880 | task->gid == fc->group_id) | 883 | cred->uid == fc->user_id && |
881 | return 1; | 884 | cred->egid == fc->group_id && |
885 | cred->sgid == fc->group_id && | ||
886 | cred->gid == fc->group_id) | ||
887 | ret = 1; | ||
888 | rcu_read_unlock(); | ||
882 | 889 | ||
883 | return 0; | 890 | return ret; |
884 | } | 891 | } |
885 | 892 | ||
886 | static int fuse_access(struct inode *inode, int mask) | 893 | static int fuse_access(struct inode *inode, int mask) |
diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c index 7cee695fa441..d57616840e89 100644 --- a/fs/gfs2/inode.c +++ b/fs/gfs2/inode.c | |||
@@ -705,18 +705,18 @@ static void munge_mode_uid_gid(struct gfs2_inode *dip, unsigned int *mode, | |||
705 | (dip->i_inode.i_mode & S_ISUID) && dip->i_inode.i_uid) { | 705 | (dip->i_inode.i_mode & S_ISUID) && dip->i_inode.i_uid) { |
706 | if (S_ISDIR(*mode)) | 706 | if (S_ISDIR(*mode)) |
707 | *mode |= S_ISUID; | 707 | *mode |= S_ISUID; |
708 | else if (dip->i_inode.i_uid != current->fsuid) | 708 | else if (dip->i_inode.i_uid != current_fsuid()) |
709 | *mode &= ~07111; | 709 | *mode &= ~07111; |
710 | *uid = dip->i_inode.i_uid; | 710 | *uid = dip->i_inode.i_uid; |
711 | } else | 711 | } else |
712 | *uid = current->fsuid; | 712 | *uid = current_fsuid(); |
713 | 713 | ||
714 | if (dip->i_inode.i_mode & S_ISGID) { | 714 | if (dip->i_inode.i_mode & S_ISGID) { |
715 | if (S_ISDIR(*mode)) | 715 | if (S_ISDIR(*mode)) |
716 | *mode |= S_ISGID; | 716 | *mode |= S_ISGID; |
717 | *gid = dip->i_inode.i_gid; | 717 | *gid = dip->i_inode.i_gid; |
718 | } else | 718 | } else |
719 | *gid = current->fsgid; | 719 | *gid = current_fsgid(); |
720 | } | 720 | } |
721 | 721 | ||
722 | static int alloc_dinode(struct gfs2_inode *dip, u64 *no_addr, u64 *generation) | 722 | static int alloc_dinode(struct gfs2_inode *dip, u64 *no_addr, u64 *generation) |
@@ -1124,8 +1124,8 @@ int gfs2_unlink_ok(struct gfs2_inode *dip, const struct qstr *name, | |||
1124 | return -EPERM; | 1124 | return -EPERM; |
1125 | 1125 | ||
1126 | if ((dip->i_inode.i_mode & S_ISVTX) && | 1126 | if ((dip->i_inode.i_mode & S_ISVTX) && |
1127 | dip->i_inode.i_uid != current->fsuid && | 1127 | dip->i_inode.i_uid != current_fsuid() && |
1128 | ip->i_inode.i_uid != current->fsuid && !capable(CAP_FOWNER)) | 1128 | ip->i_inode.i_uid != current_fsuid() && !capable(CAP_FOWNER)) |
1129 | return -EPERM; | 1129 | return -EPERM; |
1130 | 1130 | ||
1131 | if (IS_APPEND(&dip->i_inode)) | 1131 | if (IS_APPEND(&dip->i_inode)) |
diff --git a/fs/hfs/inode.c b/fs/hfs/inode.c index c69b7ac75bf7..9435dda8f1e0 100644 --- a/fs/hfs/inode.c +++ b/fs/hfs/inode.c | |||
@@ -155,8 +155,8 @@ struct inode *hfs_new_inode(struct inode *dir, struct qstr *name, int mode) | |||
155 | hfs_cat_build_key(sb, (btree_key *)&HFS_I(inode)->cat_key, dir->i_ino, name); | 155 | hfs_cat_build_key(sb, (btree_key *)&HFS_I(inode)->cat_key, dir->i_ino, name); |
156 | inode->i_ino = HFS_SB(sb)->next_id++; | 156 | inode->i_ino = HFS_SB(sb)->next_id++; |
157 | inode->i_mode = mode; | 157 | inode->i_mode = mode; |
158 | inode->i_uid = current->fsuid; | 158 | inode->i_uid = current_fsuid(); |
159 | inode->i_gid = current->fsgid; | 159 | inode->i_gid = current_fsgid(); |
160 | inode->i_nlink = 1; | 160 | inode->i_nlink = 1; |
161 | inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC; | 161 | inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC; |
162 | HFS_I(inode)->flags = 0; | 162 | HFS_I(inode)->flags = 0; |
diff --git a/fs/hfs/super.c b/fs/hfs/super.c index 3c7c7637719c..c8b5acf4b0b7 100644 --- a/fs/hfs/super.c +++ b/fs/hfs/super.c | |||
@@ -210,8 +210,8 @@ static int parse_options(char *options, struct hfs_sb_info *hsb) | |||
210 | int tmp, token; | 210 | int tmp, token; |
211 | 211 | ||
212 | /* initialize the sb with defaults */ | 212 | /* initialize the sb with defaults */ |
213 | hsb->s_uid = current->uid; | 213 | hsb->s_uid = current_uid(); |
214 | hsb->s_gid = current->gid; | 214 | hsb->s_gid = current_gid(); |
215 | hsb->s_file_umask = 0133; | 215 | hsb->s_file_umask = 0133; |
216 | hsb->s_dir_umask = 0022; | 216 | hsb->s_dir_umask = 0022; |
217 | hsb->s_type = hsb->s_creator = cpu_to_be32(0x3f3f3f3f); /* == '????' */ | 217 | hsb->s_type = hsb->s_creator = cpu_to_be32(0x3f3f3f3f); /* == '????' */ |
diff --git a/fs/hfsplus/inode.c b/fs/hfsplus/inode.c index b207f0e6fc22..f105ee9e1cc4 100644 --- a/fs/hfsplus/inode.c +++ b/fs/hfsplus/inode.c | |||
@@ -296,8 +296,8 @@ struct inode *hfsplus_new_inode(struct super_block *sb, int mode) | |||
296 | 296 | ||
297 | inode->i_ino = HFSPLUS_SB(sb).next_cnid++; | 297 | inode->i_ino = HFSPLUS_SB(sb).next_cnid++; |
298 | inode->i_mode = mode; | 298 | inode->i_mode = mode; |
299 | inode->i_uid = current->fsuid; | 299 | inode->i_uid = current_fsuid(); |
300 | inode->i_gid = current->fsgid; | 300 | inode->i_gid = current_fsgid(); |
301 | inode->i_nlink = 1; | 301 | inode->i_nlink = 1; |
302 | inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC; | 302 | inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC; |
303 | INIT_LIST_HEAD(&HFSPLUS_I(inode).open_dir_list); | 303 | INIT_LIST_HEAD(&HFSPLUS_I(inode).open_dir_list); |
diff --git a/fs/hfsplus/options.c b/fs/hfsplus/options.c index 9699c56d323f..bab7f8d1bdfa 100644 --- a/fs/hfsplus/options.c +++ b/fs/hfsplus/options.c | |||
@@ -49,8 +49,8 @@ void hfsplus_fill_defaults(struct hfsplus_sb_info *opts) | |||
49 | opts->creator = HFSPLUS_DEF_CR_TYPE; | 49 | opts->creator = HFSPLUS_DEF_CR_TYPE; |
50 | opts->type = HFSPLUS_DEF_CR_TYPE; | 50 | opts->type = HFSPLUS_DEF_CR_TYPE; |
51 | opts->umask = current->fs->umask; | 51 | opts->umask = current->fs->umask; |
52 | opts->uid = current->uid; | 52 | opts->uid = current_uid(); |
53 | opts->gid = current->gid; | 53 | opts->gid = current_gid(); |
54 | opts->part = -1; | 54 | opts->part = -1; |
55 | opts->session = -1; | 55 | opts->session = -1; |
56 | } | 56 | } |
diff --git a/fs/hpfs/namei.c b/fs/hpfs/namei.c index 10783f3d265a..b649232dde97 100644 --- a/fs/hpfs/namei.c +++ b/fs/hpfs/namei.c | |||
@@ -92,11 +92,11 @@ static int hpfs_mkdir(struct inode *dir, struct dentry *dentry, int mode) | |||
92 | inc_nlink(dir); | 92 | inc_nlink(dir); |
93 | insert_inode_hash(result); | 93 | insert_inode_hash(result); |
94 | 94 | ||
95 | if (result->i_uid != current->fsuid || | 95 | if (result->i_uid != current_fsuid() || |
96 | result->i_gid != current->fsgid || | 96 | result->i_gid != current_fsgid() || |
97 | result->i_mode != (mode | S_IFDIR)) { | 97 | result->i_mode != (mode | S_IFDIR)) { |
98 | result->i_uid = current->fsuid; | 98 | result->i_uid = current_fsuid(); |
99 | result->i_gid = current->fsgid; | 99 | result->i_gid = current_fsgid(); |
100 | result->i_mode = mode | S_IFDIR; | 100 | result->i_mode = mode | S_IFDIR; |
101 | hpfs_write_inode_nolock(result); | 101 | hpfs_write_inode_nolock(result); |
102 | } | 102 | } |
@@ -184,11 +184,11 @@ static int hpfs_create(struct inode *dir, struct dentry *dentry, int mode, struc | |||
184 | 184 | ||
185 | insert_inode_hash(result); | 185 | insert_inode_hash(result); |
186 | 186 | ||
187 | if (result->i_uid != current->fsuid || | 187 | if (result->i_uid != current_fsuid() || |
188 | result->i_gid != current->fsgid || | 188 | result->i_gid != current_fsgid() || |
189 | result->i_mode != (mode | S_IFREG)) { | 189 | result->i_mode != (mode | S_IFREG)) { |
190 | result->i_uid = current->fsuid; | 190 | result->i_uid = current_fsuid(); |
191 | result->i_gid = current->fsgid; | 191 | result->i_gid = current_fsgid(); |
192 | result->i_mode = mode | S_IFREG; | 192 | result->i_mode = mode | S_IFREG; |
193 | hpfs_write_inode_nolock(result); | 193 | hpfs_write_inode_nolock(result); |
194 | } | 194 | } |
@@ -247,8 +247,8 @@ static int hpfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t | |||
247 | result->i_mtime.tv_nsec = 0; | 247 | result->i_mtime.tv_nsec = 0; |
248 | result->i_atime.tv_nsec = 0; | 248 | result->i_atime.tv_nsec = 0; |
249 | hpfs_i(result)->i_ea_size = 0; | 249 | hpfs_i(result)->i_ea_size = 0; |
250 | result->i_uid = current->fsuid; | 250 | result->i_uid = current_fsuid(); |
251 | result->i_gid = current->fsgid; | 251 | result->i_gid = current_fsgid(); |
252 | result->i_nlink = 1; | 252 | result->i_nlink = 1; |
253 | result->i_size = 0; | 253 | result->i_size = 0; |
254 | result->i_blocks = 1; | 254 | result->i_blocks = 1; |
@@ -325,8 +325,8 @@ static int hpfs_symlink(struct inode *dir, struct dentry *dentry, const char *sy | |||
325 | result->i_atime.tv_nsec = 0; | 325 | result->i_atime.tv_nsec = 0; |
326 | hpfs_i(result)->i_ea_size = 0; | 326 | hpfs_i(result)->i_ea_size = 0; |
327 | result->i_mode = S_IFLNK | 0777; | 327 | result->i_mode = S_IFLNK | 0777; |
328 | result->i_uid = current->fsuid; | 328 | result->i_uid = current_fsuid(); |
329 | result->i_gid = current->fsgid; | 329 | result->i_gid = current_fsgid(); |
330 | result->i_blocks = 1; | 330 | result->i_blocks = 1; |
331 | result->i_nlink = 1; | 331 | result->i_nlink = 1; |
332 | result->i_size = strlen(symlink); | 332 | result->i_size = strlen(symlink); |
diff --git a/fs/hpfs/super.c b/fs/hpfs/super.c index 29ad461d568f..0d049b8919c4 100644 --- a/fs/hpfs/super.c +++ b/fs/hpfs/super.c | |||
@@ -475,8 +475,8 @@ static int hpfs_fill_super(struct super_block *s, void *options, int silent) | |||
475 | 475 | ||
476 | init_MUTEX(&sbi->hpfs_creation_de); | 476 | init_MUTEX(&sbi->hpfs_creation_de); |
477 | 477 | ||
478 | uid = current->uid; | 478 | uid = current_uid(); |
479 | gid = current->gid; | 479 | gid = current_gid(); |
480 | umask = current->fs->umask; | 480 | umask = current->fs->umask; |
481 | lowercase = 0; | 481 | lowercase = 0; |
482 | conv = CONV_BINARY; | 482 | conv = CONV_BINARY; |
diff --git a/fs/hppfs/hppfs.c b/fs/hppfs/hppfs.c index 2b3d1828db99..b278f7f52024 100644 --- a/fs/hppfs/hppfs.c +++ b/fs/hppfs/hppfs.c | |||
@@ -426,6 +426,7 @@ static int file_mode(int fmode) | |||
426 | 426 | ||
427 | static int hppfs_open(struct inode *inode, struct file *file) | 427 | static int hppfs_open(struct inode *inode, struct file *file) |
428 | { | 428 | { |
429 | const struct cred *cred = file->f_cred; | ||
429 | struct hppfs_private *data; | 430 | struct hppfs_private *data; |
430 | struct vfsmount *proc_mnt; | 431 | struct vfsmount *proc_mnt; |
431 | struct dentry *proc_dentry; | 432 | struct dentry *proc_dentry; |
@@ -446,7 +447,7 @@ static int hppfs_open(struct inode *inode, struct file *file) | |||
446 | 447 | ||
447 | /* XXX This isn't closed anywhere */ | 448 | /* XXX This isn't closed anywhere */ |
448 | data->proc_file = dentry_open(dget(proc_dentry), mntget(proc_mnt), | 449 | data->proc_file = dentry_open(dget(proc_dentry), mntget(proc_mnt), |
449 | file_mode(file->f_mode)); | 450 | file_mode(file->f_mode), cred); |
450 | err = PTR_ERR(data->proc_file); | 451 | err = PTR_ERR(data->proc_file); |
451 | if (IS_ERR(data->proc_file)) | 452 | if (IS_ERR(data->proc_file)) |
452 | goto out_free1; | 453 | goto out_free1; |
@@ -489,6 +490,7 @@ static int hppfs_open(struct inode *inode, struct file *file) | |||
489 | 490 | ||
490 | static int hppfs_dir_open(struct inode *inode, struct file *file) | 491 | static int hppfs_dir_open(struct inode *inode, struct file *file) |
491 | { | 492 | { |
493 | const struct cred *cred = file->f_cred; | ||
492 | struct hppfs_private *data; | 494 | struct hppfs_private *data; |
493 | struct vfsmount *proc_mnt; | 495 | struct vfsmount *proc_mnt; |
494 | struct dentry *proc_dentry; | 496 | struct dentry *proc_dentry; |
@@ -502,7 +504,7 @@ static int hppfs_dir_open(struct inode *inode, struct file *file) | |||
502 | proc_dentry = HPPFS_I(inode)->proc_dentry; | 504 | proc_dentry = HPPFS_I(inode)->proc_dentry; |
503 | proc_mnt = inode->i_sb->s_fs_info; | 505 | proc_mnt = inode->i_sb->s_fs_info; |
504 | data->proc_file = dentry_open(dget(proc_dentry), mntget(proc_mnt), | 506 | data->proc_file = dentry_open(dget(proc_dentry), mntget(proc_mnt), |
505 | file_mode(file->f_mode)); | 507 | file_mode(file->f_mode), cred); |
506 | err = PTR_ERR(data->proc_file); | 508 | err = PTR_ERR(data->proc_file); |
507 | if (IS_ERR(data->proc_file)) | 509 | if (IS_ERR(data->proc_file)) |
508 | goto out_free; | 510 | goto out_free; |
diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c index 61edc701b0e6..7d479ce3aceb 100644 --- a/fs/hugetlbfs/inode.c +++ b/fs/hugetlbfs/inode.c | |||
@@ -551,9 +551,9 @@ static int hugetlbfs_mknod(struct inode *dir, | |||
551 | if (S_ISDIR(mode)) | 551 | if (S_ISDIR(mode)) |
552 | mode |= S_ISGID; | 552 | mode |= S_ISGID; |
553 | } else { | 553 | } else { |
554 | gid = current->fsgid; | 554 | gid = current_fsgid(); |
555 | } | 555 | } |
556 | inode = hugetlbfs_get_inode(dir->i_sb, current->fsuid, gid, mode, dev); | 556 | inode = hugetlbfs_get_inode(dir->i_sb, current_fsuid(), gid, mode, dev); |
557 | if (inode) { | 557 | if (inode) { |
558 | dir->i_ctime = dir->i_mtime = CURRENT_TIME; | 558 | dir->i_ctime = dir->i_mtime = CURRENT_TIME; |
559 | d_instantiate(dentry, inode); | 559 | d_instantiate(dentry, inode); |
@@ -586,9 +586,9 @@ static int hugetlbfs_symlink(struct inode *dir, | |||
586 | if (dir->i_mode & S_ISGID) | 586 | if (dir->i_mode & S_ISGID) |
587 | gid = dir->i_gid; | 587 | gid = dir->i_gid; |
588 | else | 588 | else |
589 | gid = current->fsgid; | 589 | gid = current_fsgid(); |
590 | 590 | ||
591 | inode = hugetlbfs_get_inode(dir->i_sb, current->fsuid, | 591 | inode = hugetlbfs_get_inode(dir->i_sb, current_fsuid(), |
592 | gid, S_IFLNK|S_IRWXUGO, 0); | 592 | gid, S_IFLNK|S_IRWXUGO, 0); |
593 | if (inode) { | 593 | if (inode) { |
594 | int l = strlen(symname)+1; | 594 | int l = strlen(symname)+1; |
@@ -854,8 +854,8 @@ hugetlbfs_fill_super(struct super_block *sb, void *data, int silent) | |||
854 | 854 | ||
855 | config.nr_blocks = -1; /* No limit on size by default */ | 855 | config.nr_blocks = -1; /* No limit on size by default */ |
856 | config.nr_inodes = -1; /* No limit on number of inodes by default */ | 856 | config.nr_inodes = -1; /* No limit on number of inodes by default */ |
857 | config.uid = current->fsuid; | 857 | config.uid = current_fsuid(); |
858 | config.gid = current->fsgid; | 858 | config.gid = current_fsgid(); |
859 | config.mode = 0755; | 859 | config.mode = 0755; |
860 | config.hstate = &default_hstate; | 860 | config.hstate = &default_hstate; |
861 | ret = hugetlbfs_parse_options(data, &config); | 861 | ret = hugetlbfs_parse_options(data, &config); |
@@ -951,6 +951,7 @@ struct file *hugetlb_file_setup(const char *name, size_t size) | |||
951 | struct inode *inode; | 951 | struct inode *inode; |
952 | struct dentry *dentry, *root; | 952 | struct dentry *dentry, *root; |
953 | struct qstr quick_string; | 953 | struct qstr quick_string; |
954 | struct user_struct *user = current_user(); | ||
954 | 955 | ||
955 | if (!hugetlbfs_vfsmount) | 956 | if (!hugetlbfs_vfsmount) |
956 | return ERR_PTR(-ENOENT); | 957 | return ERR_PTR(-ENOENT); |
@@ -958,7 +959,7 @@ struct file *hugetlb_file_setup(const char *name, size_t size) | |||
958 | if (!can_do_hugetlb_shm()) | 959 | if (!can_do_hugetlb_shm()) |
959 | return ERR_PTR(-EPERM); | 960 | return ERR_PTR(-EPERM); |
960 | 961 | ||
961 | if (!user_shm_lock(size, current->user)) | 962 | if (!user_shm_lock(size, user)) |
962 | return ERR_PTR(-ENOMEM); | 963 | return ERR_PTR(-ENOMEM); |
963 | 964 | ||
964 | root = hugetlbfs_vfsmount->mnt_root; | 965 | root = hugetlbfs_vfsmount->mnt_root; |
@@ -970,8 +971,8 @@ struct file *hugetlb_file_setup(const char *name, size_t size) | |||
970 | goto out_shm_unlock; | 971 | goto out_shm_unlock; |
971 | 972 | ||
972 | error = -ENOSPC; | 973 | error = -ENOSPC; |
973 | inode = hugetlbfs_get_inode(root->d_sb, current->fsuid, | 974 | inode = hugetlbfs_get_inode(root->d_sb, current_fsuid(), |
974 | current->fsgid, S_IFREG | S_IRWXUGO, 0); | 975 | current_fsgid(), S_IFREG | S_IRWXUGO, 0); |
975 | if (!inode) | 976 | if (!inode) |
976 | goto out_dentry; | 977 | goto out_dentry; |
977 | 978 | ||
@@ -998,7 +999,7 @@ out_inode: | |||
998 | out_dentry: | 999 | out_dentry: |
999 | dput(dentry); | 1000 | dput(dentry); |
1000 | out_shm_unlock: | 1001 | out_shm_unlock: |
1001 | user_shm_unlock(size, current->user); | 1002 | user_shm_unlock(size, user); |
1002 | return ERR_PTR(error); | 1003 | return ERR_PTR(error); |
1003 | } | 1004 | } |
1004 | 1005 | ||
diff --git a/fs/inotify_user.c b/fs/inotify_user.c index d367e9b92862..e2425bbd871f 100644 --- a/fs/inotify_user.c +++ b/fs/inotify_user.c | |||
@@ -601,7 +601,7 @@ asmlinkage long sys_inotify_init1(int flags) | |||
601 | goto out_put_fd; | 601 | goto out_put_fd; |
602 | } | 602 | } |
603 | 603 | ||
604 | user = get_uid(current->user); | 604 | user = get_current_user(); |
605 | if (unlikely(atomic_read(&user->inotify_devs) >= | 605 | if (unlikely(atomic_read(&user->inotify_devs) >= |
606 | inotify_max_user_instances)) { | 606 | inotify_max_user_instances)) { |
607 | ret = -EMFILE; | 607 | ret = -EMFILE; |
diff --git a/fs/internal.h b/fs/internal.h index 80aa9a023372..53af885f1732 100644 --- a/fs/internal.h +++ b/fs/internal.h | |||
@@ -10,6 +10,7 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | struct super_block; | 12 | struct super_block; |
13 | struct linux_binprm; | ||
13 | 14 | ||
14 | /* | 15 | /* |
15 | * block_dev.c | 16 | * block_dev.c |
@@ -40,6 +41,11 @@ static inline int sb_is_blkdev_sb(struct super_block *sb) | |||
40 | extern void __init chrdev_init(void); | 41 | extern void __init chrdev_init(void); |
41 | 42 | ||
42 | /* | 43 | /* |
44 | * exec.c | ||
45 | */ | ||
46 | extern void check_unsafe_exec(struct linux_binprm *); | ||
47 | |||
48 | /* | ||
43 | * namespace.c | 49 | * namespace.c |
44 | */ | 50 | */ |
45 | extern int copy_mount_options(const void __user *, unsigned long *); | 51 | extern int copy_mount_options(const void __user *, unsigned long *); |
diff --git a/fs/ioprio.c b/fs/ioprio.c index da3cc460d4df..3569e0ad86a2 100644 --- a/fs/ioprio.c +++ b/fs/ioprio.c | |||
@@ -31,10 +31,16 @@ static int set_task_ioprio(struct task_struct *task, int ioprio) | |||
31 | { | 31 | { |
32 | int err; | 32 | int err; |
33 | struct io_context *ioc; | 33 | struct io_context *ioc; |
34 | const struct cred *cred = current_cred(), *tcred; | ||
34 | 35 | ||
35 | if (task->uid != current->euid && | 36 | rcu_read_lock(); |
36 | task->uid != current->uid && !capable(CAP_SYS_NICE)) | 37 | tcred = __task_cred(task); |
38 | if (tcred->uid != cred->euid && | ||
39 | tcred->uid != cred->uid && !capable(CAP_SYS_NICE)) { | ||
40 | rcu_read_unlock(); | ||
37 | return -EPERM; | 41 | return -EPERM; |
42 | } | ||
43 | rcu_read_unlock(); | ||
38 | 44 | ||
39 | err = security_task_setioprio(task, ioprio); | 45 | err = security_task_setioprio(task, ioprio); |
40 | if (err) | 46 | if (err) |
@@ -123,7 +129,7 @@ asmlinkage long sys_ioprio_set(int which, int who, int ioprio) | |||
123 | break; | 129 | break; |
124 | case IOPRIO_WHO_USER: | 130 | case IOPRIO_WHO_USER: |
125 | if (!who) | 131 | if (!who) |
126 | user = current->user; | 132 | user = current_user(); |
127 | else | 133 | else |
128 | user = find_user(who); | 134 | user = find_user(who); |
129 | 135 | ||
@@ -131,7 +137,7 @@ asmlinkage long sys_ioprio_set(int which, int who, int ioprio) | |||
131 | break; | 137 | break; |
132 | 138 | ||
133 | do_each_thread(g, p) { | 139 | do_each_thread(g, p) { |
134 | if (p->uid != who) | 140 | if (__task_cred(p)->uid != who) |
135 | continue; | 141 | continue; |
136 | ret = set_task_ioprio(p, ioprio); | 142 | ret = set_task_ioprio(p, ioprio); |
137 | if (ret) | 143 | if (ret) |
@@ -216,7 +222,7 @@ asmlinkage long sys_ioprio_get(int which, int who) | |||
216 | break; | 222 | break; |
217 | case IOPRIO_WHO_USER: | 223 | case IOPRIO_WHO_USER: |
218 | if (!who) | 224 | if (!who) |
219 | user = current->user; | 225 | user = current_user(); |
220 | else | 226 | else |
221 | user = find_user(who); | 227 | user = find_user(who); |
222 | 228 | ||
@@ -224,7 +230,7 @@ asmlinkage long sys_ioprio_get(int which, int who) | |||
224 | break; | 230 | break; |
225 | 231 | ||
226 | do_each_thread(g, p) { | 232 | do_each_thread(g, p) { |
227 | if (p->uid != user->uid) | 233 | if (__task_cred(p)->uid != user->uid) |
228 | continue; | 234 | continue; |
229 | tmpio = get_task_ioprio(p); | 235 | tmpio = get_task_ioprio(p); |
230 | if (tmpio < 0) | 236 | if (tmpio < 0) |
diff --git a/fs/jfs/jfs_inode.c b/fs/jfs/jfs_inode.c index ed6574bee51a..70022fd1c539 100644 --- a/fs/jfs/jfs_inode.c +++ b/fs/jfs/jfs_inode.c | |||
@@ -93,13 +93,13 @@ struct inode *ialloc(struct inode *parent, umode_t mode) | |||
93 | return ERR_PTR(rc); | 93 | return ERR_PTR(rc); |
94 | } | 94 | } |
95 | 95 | ||
96 | inode->i_uid = current->fsuid; | 96 | inode->i_uid = current_fsuid(); |
97 | if (parent->i_mode & S_ISGID) { | 97 | if (parent->i_mode & S_ISGID) { |
98 | inode->i_gid = parent->i_gid; | 98 | inode->i_gid = parent->i_gid; |
99 | if (S_ISDIR(mode)) | 99 | if (S_ISDIR(mode)) |
100 | mode |= S_ISGID; | 100 | mode |= S_ISGID; |
101 | } else | 101 | } else |
102 | inode->i_gid = current->fsgid; | 102 | inode->i_gid = current_fsgid(); |
103 | 103 | ||
104 | /* | 104 | /* |
105 | * New inodes need to save sane values on disk when | 105 | * New inodes need to save sane values on disk when |
diff --git a/fs/locks.c b/fs/locks.c index 09062e3ff104..46a2e12f7d42 100644 --- a/fs/locks.c +++ b/fs/locks.c | |||
@@ -1349,7 +1349,7 @@ int generic_setlease(struct file *filp, long arg, struct file_lock **flp) | |||
1349 | struct inode *inode = dentry->d_inode; | 1349 | struct inode *inode = dentry->d_inode; |
1350 | int error, rdlease_count = 0, wrlease_count = 0; | 1350 | int error, rdlease_count = 0, wrlease_count = 0; |
1351 | 1351 | ||
1352 | if ((current->fsuid != inode->i_uid) && !capable(CAP_LEASE)) | 1352 | if ((current_fsuid() != inode->i_uid) && !capable(CAP_LEASE)) |
1353 | return -EACCES; | 1353 | return -EACCES; |
1354 | if (!S_ISREG(inode->i_mode)) | 1354 | if (!S_ISREG(inode->i_mode)) |
1355 | return -EINVAL; | 1355 | return -EINVAL; |
diff --git a/fs/minix/bitmap.c b/fs/minix/bitmap.c index 703cc35e04b9..3aebe322271a 100644 --- a/fs/minix/bitmap.c +++ b/fs/minix/bitmap.c | |||
@@ -262,8 +262,8 @@ struct inode * minix_new_inode(const struct inode * dir, int * error) | |||
262 | iput(inode); | 262 | iput(inode); |
263 | return NULL; | 263 | return NULL; |
264 | } | 264 | } |
265 | inode->i_uid = current->fsuid; | 265 | inode->i_uid = current_fsuid(); |
266 | inode->i_gid = (dir->i_mode & S_ISGID) ? dir->i_gid : current->fsgid; | 266 | inode->i_gid = (dir->i_mode & S_ISGID) ? dir->i_gid : current_fsgid(); |
267 | inode->i_ino = j; | 267 | inode->i_ino = j; |
268 | inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC; | 268 | inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC; |
269 | inode->i_blocks = 0; | 269 | inode->i_blocks = 0; |
diff --git a/fs/namei.c b/fs/namei.c index 09ce58e49e72..42d7b7606936 100644 --- a/fs/namei.c +++ b/fs/namei.c | |||
@@ -186,7 +186,7 @@ int generic_permission(struct inode *inode, int mask, | |||
186 | 186 | ||
187 | mask &= MAY_READ | MAY_WRITE | MAY_EXEC; | 187 | mask &= MAY_READ | MAY_WRITE | MAY_EXEC; |
188 | 188 | ||
189 | if (current->fsuid == inode->i_uid) | 189 | if (current_fsuid() == inode->i_uid) |
190 | mode >>= 6; | 190 | mode >>= 6; |
191 | else { | 191 | else { |
192 | if (IS_POSIXACL(inode) && (mode & S_IRWXG) && check_acl) { | 192 | if (IS_POSIXACL(inode) && (mode & S_IRWXG) && check_acl) { |
@@ -441,7 +441,7 @@ static int exec_permission_lite(struct inode *inode) | |||
441 | if (inode->i_op && inode->i_op->permission) | 441 | if (inode->i_op && inode->i_op->permission) |
442 | return -EAGAIN; | 442 | return -EAGAIN; |
443 | 443 | ||
444 | if (current->fsuid == inode->i_uid) | 444 | if (current_fsuid() == inode->i_uid) |
445 | mode >>= 6; | 445 | mode >>= 6; |
446 | else if (in_group_p(inode->i_gid)) | 446 | else if (in_group_p(inode->i_gid)) |
447 | mode >>= 3; | 447 | mode >>= 3; |
@@ -1334,11 +1334,13 @@ static int user_path_parent(int dfd, const char __user *path, | |||
1334 | */ | 1334 | */ |
1335 | static inline int check_sticky(struct inode *dir, struct inode *inode) | 1335 | static inline int check_sticky(struct inode *dir, struct inode *inode) |
1336 | { | 1336 | { |
1337 | uid_t fsuid = current_fsuid(); | ||
1338 | |||
1337 | if (!(dir->i_mode & S_ISVTX)) | 1339 | if (!(dir->i_mode & S_ISVTX)) |
1338 | return 0; | 1340 | return 0; |
1339 | if (inode->i_uid == current->fsuid) | 1341 | if (inode->i_uid == fsuid) |
1340 | return 0; | 1342 | return 0; |
1341 | if (dir->i_uid == current->fsuid) | 1343 | if (dir->i_uid == fsuid) |
1342 | return 0; | 1344 | return 0; |
1343 | return !capable(CAP_FOWNER); | 1345 | return !capable(CAP_FOWNER); |
1344 | } | 1346 | } |
diff --git a/fs/namespace.c b/fs/namespace.c index 65b3dc844c87..1c09cab8f7cf 100644 --- a/fs/namespace.c +++ b/fs/namespace.c | |||
@@ -1176,7 +1176,7 @@ static int mount_is_safe(struct path *path) | |||
1176 | if (S_ISLNK(path->dentry->d_inode->i_mode)) | 1176 | if (S_ISLNK(path->dentry->d_inode->i_mode)) |
1177 | return -EPERM; | 1177 | return -EPERM; |
1178 | if (path->dentry->d_inode->i_mode & S_ISVTX) { | 1178 | if (path->dentry->d_inode->i_mode & S_ISVTX) { |
1179 | if (current->uid != path->dentry->d_inode->i_uid) | 1179 | if (current_uid() != path->dentry->d_inode->i_uid) |
1180 | return -EPERM; | 1180 | return -EPERM; |
1181 | } | 1181 | } |
1182 | if (inode_permission(path->dentry->d_inode, MAY_WRITE)) | 1182 | if (inode_permission(path->dentry->d_inode, MAY_WRITE)) |
diff --git a/fs/ncpfs/ioctl.c b/fs/ncpfs/ioctl.c index 3a97c95e1ca2..6d04e050c74e 100644 --- a/fs/ncpfs/ioctl.c +++ b/fs/ncpfs/ioctl.c | |||
@@ -40,10 +40,10 @@ ncp_get_fs_info(struct ncp_server * server, struct file *file, | |||
40 | struct inode *inode = file->f_path.dentry->d_inode; | 40 | struct inode *inode = file->f_path.dentry->d_inode; |
41 | struct ncp_fs_info info; | 41 | struct ncp_fs_info info; |
42 | 42 | ||
43 | if ((file_permission(file, MAY_WRITE) != 0) | 43 | if (file_permission(file, MAY_WRITE) != 0 |
44 | && (current->uid != server->m.mounted_uid)) { | 44 | && current_uid() != server->m.mounted_uid) |
45 | return -EACCES; | 45 | return -EACCES; |
46 | } | 46 | |
47 | if (copy_from_user(&info, arg, sizeof(info))) | 47 | if (copy_from_user(&info, arg, sizeof(info))) |
48 | return -EFAULT; | 48 | return -EFAULT; |
49 | 49 | ||
@@ -70,10 +70,10 @@ ncp_get_fs_info_v2(struct ncp_server * server, struct file *file, | |||
70 | struct inode *inode = file->f_path.dentry->d_inode; | 70 | struct inode *inode = file->f_path.dentry->d_inode; |
71 | struct ncp_fs_info_v2 info2; | 71 | struct ncp_fs_info_v2 info2; |
72 | 72 | ||
73 | if ((file_permission(file, MAY_WRITE) != 0) | 73 | if (file_permission(file, MAY_WRITE) != 0 |
74 | && (current->uid != server->m.mounted_uid)) { | 74 | && current_uid() != server->m.mounted_uid) |
75 | return -EACCES; | 75 | return -EACCES; |
76 | } | 76 | |
77 | if (copy_from_user(&info2, arg, sizeof(info2))) | 77 | if (copy_from_user(&info2, arg, sizeof(info2))) |
78 | return -EFAULT; | 78 | return -EFAULT; |
79 | 79 | ||
@@ -141,10 +141,10 @@ ncp_get_compat_fs_info_v2(struct ncp_server * server, struct file *file, | |||
141 | struct inode *inode = file->f_path.dentry->d_inode; | 141 | struct inode *inode = file->f_path.dentry->d_inode; |
142 | struct compat_ncp_fs_info_v2 info2; | 142 | struct compat_ncp_fs_info_v2 info2; |
143 | 143 | ||
144 | if ((file_permission(file, MAY_WRITE) != 0) | 144 | if (file_permission(file, MAY_WRITE) != 0 |
145 | && (current->uid != server->m.mounted_uid)) { | 145 | && current_uid() != server->m.mounted_uid) |
146 | return -EACCES; | 146 | return -EACCES; |
147 | } | 147 | |
148 | if (copy_from_user(&info2, arg, sizeof(info2))) | 148 | if (copy_from_user(&info2, arg, sizeof(info2))) |
149 | return -EFAULT; | 149 | return -EFAULT; |
150 | 150 | ||
@@ -270,16 +270,17 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp, | |||
270 | struct ncp_ioctl_request request; | 270 | struct ncp_ioctl_request request; |
271 | char* bouncebuffer; | 271 | char* bouncebuffer; |
272 | void __user *argp = (void __user *)arg; | 272 | void __user *argp = (void __user *)arg; |
273 | uid_t uid = current_uid(); | ||
273 | 274 | ||
274 | switch (cmd) { | 275 | switch (cmd) { |
275 | #ifdef CONFIG_COMPAT | 276 | #ifdef CONFIG_COMPAT |
276 | case NCP_IOC_NCPREQUEST_32: | 277 | case NCP_IOC_NCPREQUEST_32: |
277 | #endif | 278 | #endif |
278 | case NCP_IOC_NCPREQUEST: | 279 | case NCP_IOC_NCPREQUEST: |
279 | if ((file_permission(filp, MAY_WRITE) != 0) | 280 | if (file_permission(filp, MAY_WRITE) != 0 |
280 | && (current->uid != server->m.mounted_uid)) { | 281 | && uid != server->m.mounted_uid) |
281 | return -EACCES; | 282 | return -EACCES; |
282 | } | 283 | |
283 | #ifdef CONFIG_COMPAT | 284 | #ifdef CONFIG_COMPAT |
284 | if (cmd == NCP_IOC_NCPREQUEST_32) { | 285 | if (cmd == NCP_IOC_NCPREQUEST_32) { |
285 | struct compat_ncp_ioctl_request request32; | 286 | struct compat_ncp_ioctl_request request32; |
@@ -356,10 +357,10 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp, | |||
356 | case NCP_IOC_GETMOUNTUID16: | 357 | case NCP_IOC_GETMOUNTUID16: |
357 | case NCP_IOC_GETMOUNTUID32: | 358 | case NCP_IOC_GETMOUNTUID32: |
358 | case NCP_IOC_GETMOUNTUID64: | 359 | case NCP_IOC_GETMOUNTUID64: |
359 | if ((file_permission(filp, MAY_READ) != 0) | 360 | if (file_permission(filp, MAY_READ) != 0 |
360 | && (current->uid != server->m.mounted_uid)) { | 361 | && uid != server->m.mounted_uid) |
361 | return -EACCES; | 362 | return -EACCES; |
362 | } | 363 | |
363 | if (cmd == NCP_IOC_GETMOUNTUID16) { | 364 | if (cmd == NCP_IOC_GETMOUNTUID16) { |
364 | u16 uid; | 365 | u16 uid; |
365 | SET_UID(uid, server->m.mounted_uid); | 366 | SET_UID(uid, server->m.mounted_uid); |
@@ -380,11 +381,10 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp, | |||
380 | { | 381 | { |
381 | struct ncp_setroot_ioctl sr; | 382 | struct ncp_setroot_ioctl sr; |
382 | 383 | ||
383 | if ((file_permission(filp, MAY_READ) != 0) | 384 | if (file_permission(filp, MAY_READ) != 0 |
384 | && (current->uid != server->m.mounted_uid)) | 385 | && uid != server->m.mounted_uid) |
385 | { | ||
386 | return -EACCES; | 386 | return -EACCES; |
387 | } | 387 | |
388 | if (server->m.mounted_vol[0]) { | 388 | if (server->m.mounted_vol[0]) { |
389 | struct dentry* dentry = inode->i_sb->s_root; | 389 | struct dentry* dentry = inode->i_sb->s_root; |
390 | 390 | ||
@@ -408,6 +408,7 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp, | |||
408 | return -EFAULT; | 408 | return -EFAULT; |
409 | return 0; | 409 | return 0; |
410 | } | 410 | } |
411 | |||
411 | case NCP_IOC_SETROOT: | 412 | case NCP_IOC_SETROOT: |
412 | { | 413 | { |
413 | struct ncp_setroot_ioctl sr; | 414 | struct ncp_setroot_ioctl sr; |
@@ -455,11 +456,10 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp, | |||
455 | 456 | ||
456 | #ifdef CONFIG_NCPFS_PACKET_SIGNING | 457 | #ifdef CONFIG_NCPFS_PACKET_SIGNING |
457 | case NCP_IOC_SIGN_INIT: | 458 | case NCP_IOC_SIGN_INIT: |
458 | if ((file_permission(filp, MAY_WRITE) != 0) | 459 | if (file_permission(filp, MAY_WRITE) != 0 |
459 | && (current->uid != server->m.mounted_uid)) | 460 | && uid != server->m.mounted_uid) |
460 | { | ||
461 | return -EACCES; | 461 | return -EACCES; |
462 | } | 462 | |
463 | if (argp) { | 463 | if (argp) { |
464 | if (server->sign_wanted) | 464 | if (server->sign_wanted) |
465 | { | 465 | { |
@@ -478,24 +478,22 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp, | |||
478 | return 0; | 478 | return 0; |
479 | 479 | ||
480 | case NCP_IOC_SIGN_WANTED: | 480 | case NCP_IOC_SIGN_WANTED: |
481 | if ((file_permission(filp, MAY_READ) != 0) | 481 | if (file_permission(filp, MAY_READ) != 0 |
482 | && (current->uid != server->m.mounted_uid)) | 482 | && uid != server->m.mounted_uid) |
483 | { | ||
484 | return -EACCES; | 483 | return -EACCES; |
485 | } | ||
486 | 484 | ||
487 | if (put_user(server->sign_wanted, (int __user *)argp)) | 485 | if (put_user(server->sign_wanted, (int __user *)argp)) |
488 | return -EFAULT; | 486 | return -EFAULT; |
489 | return 0; | 487 | return 0; |
488 | |||
490 | case NCP_IOC_SET_SIGN_WANTED: | 489 | case NCP_IOC_SET_SIGN_WANTED: |
491 | { | 490 | { |
492 | int newstate; | 491 | int newstate; |
493 | 492 | ||
494 | if ((file_permission(filp, MAY_WRITE) != 0) | 493 | if (file_permission(filp, MAY_WRITE) != 0 |
495 | && (current->uid != server->m.mounted_uid)) | 494 | && uid != server->m.mounted_uid) |
496 | { | ||
497 | return -EACCES; | 495 | return -EACCES; |
498 | } | 496 | |
499 | /* get only low 8 bits... */ | 497 | /* get only low 8 bits... */ |
500 | if (get_user(newstate, (unsigned char __user *)argp)) | 498 | if (get_user(newstate, (unsigned char __user *)argp)) |
501 | return -EFAULT; | 499 | return -EFAULT; |
@@ -512,11 +510,10 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp, | |||
512 | 510 | ||
513 | #ifdef CONFIG_NCPFS_IOCTL_LOCKING | 511 | #ifdef CONFIG_NCPFS_IOCTL_LOCKING |
514 | case NCP_IOC_LOCKUNLOCK: | 512 | case NCP_IOC_LOCKUNLOCK: |
515 | if ((file_permission(filp, MAY_WRITE) != 0) | 513 | if (file_permission(filp, MAY_WRITE) != 0 |
516 | && (current->uid != server->m.mounted_uid)) | 514 | && uid != server->m.mounted_uid) |
517 | { | ||
518 | return -EACCES; | 515 | return -EACCES; |
519 | } | 516 | |
520 | { | 517 | { |
521 | struct ncp_lock_ioctl rqdata; | 518 | struct ncp_lock_ioctl rqdata; |
522 | 519 | ||
@@ -585,9 +582,8 @@ outrel: | |||
585 | 582 | ||
586 | #ifdef CONFIG_COMPAT | 583 | #ifdef CONFIG_COMPAT |
587 | case NCP_IOC_GETOBJECTNAME_32: | 584 | case NCP_IOC_GETOBJECTNAME_32: |
588 | if (current->uid != server->m.mounted_uid) { | 585 | if (uid != server->m.mounted_uid) |
589 | return -EACCES; | 586 | return -EACCES; |
590 | } | ||
591 | { | 587 | { |
592 | struct compat_ncp_objectname_ioctl user; | 588 | struct compat_ncp_objectname_ioctl user; |
593 | size_t outl; | 589 | size_t outl; |
@@ -609,10 +605,10 @@ outrel: | |||
609 | return 0; | 605 | return 0; |
610 | } | 606 | } |
611 | #endif | 607 | #endif |
608 | |||
612 | case NCP_IOC_GETOBJECTNAME: | 609 | case NCP_IOC_GETOBJECTNAME: |
613 | if (current->uid != server->m.mounted_uid) { | 610 | if (uid != server->m.mounted_uid) |
614 | return -EACCES; | 611 | return -EACCES; |
615 | } | ||
616 | { | 612 | { |
617 | struct ncp_objectname_ioctl user; | 613 | struct ncp_objectname_ioctl user; |
618 | size_t outl; | 614 | size_t outl; |
@@ -633,13 +629,13 @@ outrel: | |||
633 | return -EFAULT; | 629 | return -EFAULT; |
634 | return 0; | 630 | return 0; |
635 | } | 631 | } |
632 | |||
636 | #ifdef CONFIG_COMPAT | 633 | #ifdef CONFIG_COMPAT |
637 | case NCP_IOC_SETOBJECTNAME_32: | 634 | case NCP_IOC_SETOBJECTNAME_32: |
638 | #endif | 635 | #endif |
639 | case NCP_IOC_SETOBJECTNAME: | 636 | case NCP_IOC_SETOBJECTNAME: |
640 | if (current->uid != server->m.mounted_uid) { | 637 | if (uid != server->m.mounted_uid) |
641 | return -EACCES; | 638 | return -EACCES; |
642 | } | ||
643 | { | 639 | { |
644 | struct ncp_objectname_ioctl user; | 640 | struct ncp_objectname_ioctl user; |
645 | void* newname; | 641 | void* newname; |
@@ -691,13 +687,13 @@ outrel: | |||
691 | kfree(oldname); | 687 | kfree(oldname); |
692 | return 0; | 688 | return 0; |
693 | } | 689 | } |
690 | |||
694 | #ifdef CONFIG_COMPAT | 691 | #ifdef CONFIG_COMPAT |
695 | case NCP_IOC_GETPRIVATEDATA_32: | 692 | case NCP_IOC_GETPRIVATEDATA_32: |
696 | #endif | 693 | #endif |
697 | case NCP_IOC_GETPRIVATEDATA: | 694 | case NCP_IOC_GETPRIVATEDATA: |
698 | if (current->uid != server->m.mounted_uid) { | 695 | if (uid != server->m.mounted_uid) |
699 | return -EACCES; | 696 | return -EACCES; |
700 | } | ||
701 | { | 697 | { |
702 | struct ncp_privatedata_ioctl user; | 698 | struct ncp_privatedata_ioctl user; |
703 | size_t outl; | 699 | size_t outl; |
@@ -736,13 +732,13 @@ outrel: | |||
736 | 732 | ||
737 | return 0; | 733 | return 0; |
738 | } | 734 | } |
735 | |||
739 | #ifdef CONFIG_COMPAT | 736 | #ifdef CONFIG_COMPAT |
740 | case NCP_IOC_SETPRIVATEDATA_32: | 737 | case NCP_IOC_SETPRIVATEDATA_32: |
741 | #endif | 738 | #endif |
742 | case NCP_IOC_SETPRIVATEDATA: | 739 | case NCP_IOC_SETPRIVATEDATA: |
743 | if (current->uid != server->m.mounted_uid) { | 740 | if (uid != server->m.mounted_uid) |
744 | return -EACCES; | 741 | return -EACCES; |
745 | } | ||
746 | { | 742 | { |
747 | struct ncp_privatedata_ioctl user; | 743 | struct ncp_privatedata_ioctl user; |
748 | void* new; | 744 | void* new; |
@@ -794,9 +790,10 @@ outrel: | |||
794 | #endif /* CONFIG_NCPFS_NLS */ | 790 | #endif /* CONFIG_NCPFS_NLS */ |
795 | 791 | ||
796 | case NCP_IOC_SETDENTRYTTL: | 792 | case NCP_IOC_SETDENTRYTTL: |
797 | if ((file_permission(filp, MAY_WRITE) != 0) && | 793 | if (file_permission(filp, MAY_WRITE) != 0 && |
798 | (current->uid != server->m.mounted_uid)) | 794 | uid != server->m.mounted_uid) |
799 | return -EACCES; | 795 | return -EACCES; |
796 | |||
800 | { | 797 | { |
801 | u_int32_t user; | 798 | u_int32_t user; |
802 | 799 | ||
diff --git a/fs/nfsctl.c b/fs/nfsctl.c index aed8145d9087..cc4ef2642a51 100644 --- a/fs/nfsctl.c +++ b/fs/nfsctl.c | |||
@@ -41,7 +41,8 @@ static struct file *do_open(char *name, int flags) | |||
41 | error = may_open(&nd, MAY_WRITE, FMODE_WRITE); | 41 | error = may_open(&nd, MAY_WRITE, FMODE_WRITE); |
42 | 42 | ||
43 | if (!error) | 43 | if (!error) |
44 | return dentry_open(nd.path.dentry, nd.path.mnt, flags); | 44 | return dentry_open(nd.path.dentry, nd.path.mnt, flags, |
45 | current_cred()); | ||
45 | 46 | ||
46 | path_put(&nd.path); | 47 | path_put(&nd.path); |
47 | return ERR_PTR(error); | 48 | return ERR_PTR(error); |
diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c index 294992e9bf69..0184fe9b514c 100644 --- a/fs/nfsd/auth.c +++ b/fs/nfsd/auth.c | |||
@@ -27,53 +27,70 @@ int nfsexp_flags(struct svc_rqst *rqstp, struct svc_export *exp) | |||
27 | 27 | ||
28 | int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp) | 28 | int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp) |
29 | { | 29 | { |
30 | struct svc_cred cred = rqstp->rq_cred; | 30 | struct group_info *rqgi; |
31 | struct group_info *gi; | ||
32 | struct cred *new; | ||
31 | int i; | 33 | int i; |
32 | int flags = nfsexp_flags(rqstp, exp); | 34 | int flags = nfsexp_flags(rqstp, exp); |
33 | int ret; | 35 | int ret; |
34 | 36 | ||
37 | /* discard any old override before preparing the new set */ | ||
38 | revert_creds(get_cred(current->real_cred)); | ||
39 | new = prepare_creds(); | ||
40 | if (!new) | ||
41 | return -ENOMEM; | ||
42 | |||
43 | new->fsuid = rqstp->rq_cred.cr_uid; | ||
44 | new->fsgid = rqstp->rq_cred.cr_gid; | ||
45 | |||
46 | rqgi = rqstp->rq_cred.cr_group_info; | ||
47 | |||
35 | if (flags & NFSEXP_ALLSQUASH) { | 48 | if (flags & NFSEXP_ALLSQUASH) { |
36 | cred.cr_uid = exp->ex_anon_uid; | 49 | new->fsuid = exp->ex_anon_uid; |
37 | cred.cr_gid = exp->ex_anon_gid; | 50 | new->fsgid = exp->ex_anon_gid; |
38 | cred.cr_group_info = groups_alloc(0); | 51 | gi = groups_alloc(0); |
39 | } else if (flags & NFSEXP_ROOTSQUASH) { | 52 | } else if (flags & NFSEXP_ROOTSQUASH) { |
40 | struct group_info *gi; | 53 | if (!new->fsuid) |
41 | if (!cred.cr_uid) | 54 | new->fsuid = exp->ex_anon_uid; |
42 | cred.cr_uid = exp->ex_anon_uid; | 55 | if (!new->fsgid) |
43 | if (!cred.cr_gid) | 56 | new->fsgid = exp->ex_anon_gid; |
44 | cred.cr_gid = exp->ex_anon_gid; | ||
45 | gi = groups_alloc(cred.cr_group_info->ngroups); | ||
46 | if (gi) | ||
47 | for (i = 0; i < cred.cr_group_info->ngroups; i++) { | ||
48 | if (!GROUP_AT(cred.cr_group_info, i)) | ||
49 | GROUP_AT(gi, i) = exp->ex_anon_gid; | ||
50 | else | ||
51 | GROUP_AT(gi, i) = GROUP_AT(cred.cr_group_info, i); | ||
52 | } | ||
53 | cred.cr_group_info = gi; | ||
54 | } else | ||
55 | get_group_info(cred.cr_group_info); | ||
56 | |||
57 | if (cred.cr_uid != (uid_t) -1) | ||
58 | current->fsuid = cred.cr_uid; | ||
59 | else | ||
60 | current->fsuid = exp->ex_anon_uid; | ||
61 | if (cred.cr_gid != (gid_t) -1) | ||
62 | current->fsgid = cred.cr_gid; | ||
63 | else | ||
64 | current->fsgid = exp->ex_anon_gid; | ||
65 | 57 | ||
66 | if (!cred.cr_group_info) | 58 | gi = groups_alloc(rqgi->ngroups); |
67 | return -ENOMEM; | 59 | if (!gi) |
68 | ret = set_current_groups(cred.cr_group_info); | 60 | goto oom; |
69 | put_group_info(cred.cr_group_info); | 61 | |
70 | if ((cred.cr_uid)) { | 62 | for (i = 0; i < rqgi->ngroups; i++) { |
71 | current->cap_effective = | 63 | if (!GROUP_AT(rqgi, i)) |
72 | cap_drop_nfsd_set(current->cap_effective); | 64 | GROUP_AT(gi, i) = exp->ex_anon_gid; |
65 | else | ||
66 | GROUP_AT(gi, i) = GROUP_AT(rqgi, i); | ||
67 | } | ||
73 | } else { | 68 | } else { |
74 | current->cap_effective = | 69 | gi = get_group_info(rqgi); |
75 | cap_raise_nfsd_set(current->cap_effective, | ||
76 | current->cap_permitted); | ||
77 | } | 70 | } |
71 | |||
72 | if (new->fsuid == (uid_t) -1) | ||
73 | new->fsuid = exp->ex_anon_uid; | ||
74 | if (new->fsgid == (gid_t) -1) | ||
75 | new->fsgid = exp->ex_anon_gid; | ||
76 | |||
77 | ret = set_groups(new, gi); | ||
78 | put_group_info(gi); | ||
79 | if (!ret) | ||
80 | goto error; | ||
81 | |||
82 | if (new->uid) | ||
83 | new->cap_effective = cap_drop_nfsd_set(new->cap_effective); | ||
84 | else | ||
85 | new->cap_effective = cap_raise_nfsd_set(new->cap_effective, | ||
86 | new->cap_permitted); | ||
87 | put_cred(override_creds(new)); | ||
88 | return 0; | ||
89 | |||
90 | oom: | ||
91 | ret = -ENOMEM; | ||
92 | error: | ||
93 | abort_creds(new); | ||
78 | return ret; | 94 | return ret; |
79 | } | 95 | } |
96 | |||
diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c index bb93946ace22..9371ea12d7fa 100644 --- a/fs/nfsd/nfs4recover.c +++ b/fs/nfsd/nfs4recover.c | |||
@@ -54,20 +54,26 @@ | |||
54 | static struct path rec_dir; | 54 | static struct path rec_dir; |
55 | static int rec_dir_init = 0; | 55 | static int rec_dir_init = 0; |
56 | 56 | ||
57 | static void | 57 | static int |
58 | nfs4_save_user(uid_t *saveuid, gid_t *savegid) | 58 | nfs4_save_creds(const struct cred **original_creds) |
59 | { | 59 | { |
60 | *saveuid = current->fsuid; | 60 | struct cred *new; |
61 | *savegid = current->fsgid; | 61 | |
62 | current->fsuid = 0; | 62 | new = prepare_creds(); |
63 | current->fsgid = 0; | 63 | if (!new) |
64 | return -ENOMEM; | ||
65 | |||
66 | new->fsuid = 0; | ||
67 | new->fsgid = 0; | ||
68 | *original_creds = override_creds(new); | ||
69 | put_cred(new); | ||
70 | return 0; | ||
64 | } | 71 | } |
65 | 72 | ||
66 | static void | 73 | static void |
67 | nfs4_reset_user(uid_t saveuid, gid_t savegid) | 74 | nfs4_reset_creds(const struct cred *original) |
68 | { | 75 | { |
69 | current->fsuid = saveuid; | 76 | revert_creds(original); |
70 | current->fsgid = savegid; | ||
71 | } | 77 | } |
72 | 78 | ||
73 | static void | 79 | static void |
@@ -129,10 +135,9 @@ nfsd4_sync_rec_dir(void) | |||
129 | int | 135 | int |
130 | nfsd4_create_clid_dir(struct nfs4_client *clp) | 136 | nfsd4_create_clid_dir(struct nfs4_client *clp) |
131 | { | 137 | { |
138 | const struct cred *original_cred; | ||
132 | char *dname = clp->cl_recdir; | 139 | char *dname = clp->cl_recdir; |
133 | struct dentry *dentry; | 140 | struct dentry *dentry; |
134 | uid_t uid; | ||
135 | gid_t gid; | ||
136 | int status; | 141 | int status; |
137 | 142 | ||
138 | dprintk("NFSD: nfsd4_create_clid_dir for \"%s\"\n", dname); | 143 | dprintk("NFSD: nfsd4_create_clid_dir for \"%s\"\n", dname); |
@@ -140,7 +145,9 @@ nfsd4_create_clid_dir(struct nfs4_client *clp) | |||
140 | if (!rec_dir_init || clp->cl_firststate) | 145 | if (!rec_dir_init || clp->cl_firststate) |
141 | return 0; | 146 | return 0; |
142 | 147 | ||
143 | nfs4_save_user(&uid, &gid); | 148 | status = nfs4_save_creds(&original_cred); |
149 | if (status < 0) | ||
150 | return status; | ||
144 | 151 | ||
145 | /* lock the parent */ | 152 | /* lock the parent */ |
146 | mutex_lock(&rec_dir.dentry->d_inode->i_mutex); | 153 | mutex_lock(&rec_dir.dentry->d_inode->i_mutex); |
@@ -168,7 +175,7 @@ out_unlock: | |||
168 | clp->cl_firststate = 1; | 175 | clp->cl_firststate = 1; |
169 | nfsd4_sync_rec_dir(); | 176 | nfsd4_sync_rec_dir(); |
170 | } | 177 | } |
171 | nfs4_reset_user(uid, gid); | 178 | nfs4_reset_creds(original_cred); |
172 | dprintk("NFSD: nfsd4_create_clid_dir returns %d\n", status); | 179 | dprintk("NFSD: nfsd4_create_clid_dir returns %d\n", status); |
173 | return status; | 180 | return status; |
174 | } | 181 | } |
@@ -211,22 +218,24 @@ nfsd4_build_dentrylist(void *arg, const char *name, int namlen, | |||
211 | static int | 218 | static int |
212 | nfsd4_list_rec_dir(struct dentry *dir, recdir_func *f) | 219 | nfsd4_list_rec_dir(struct dentry *dir, recdir_func *f) |
213 | { | 220 | { |
221 | const struct cred *original_cred; | ||
214 | struct file *filp; | 222 | struct file *filp; |
215 | struct dentry_list_arg dla = { | 223 | struct dentry_list_arg dla = { |
216 | .parent = dir, | 224 | .parent = dir, |
217 | }; | 225 | }; |
218 | struct list_head *dentries = &dla.dentries; | 226 | struct list_head *dentries = &dla.dentries; |
219 | struct dentry_list *child; | 227 | struct dentry_list *child; |
220 | uid_t uid; | ||
221 | gid_t gid; | ||
222 | int status; | 228 | int status; |
223 | 229 | ||
224 | if (!rec_dir_init) | 230 | if (!rec_dir_init) |
225 | return 0; | 231 | return 0; |
226 | 232 | ||
227 | nfs4_save_user(&uid, &gid); | 233 | status = nfs4_save_creds(&original_cred); |
234 | if (status < 0) | ||
235 | return status; | ||
228 | 236 | ||
229 | filp = dentry_open(dget(dir), mntget(rec_dir.mnt), O_RDONLY); | 237 | filp = dentry_open(dget(dir), mntget(rec_dir.mnt), O_RDONLY, |
238 | current_cred()); | ||
230 | status = PTR_ERR(filp); | 239 | status = PTR_ERR(filp); |
231 | if (IS_ERR(filp)) | 240 | if (IS_ERR(filp)) |
232 | goto out; | 241 | goto out; |
@@ -249,7 +258,7 @@ out: | |||
249 | dput(child->dentry); | 258 | dput(child->dentry); |
250 | kfree(child); | 259 | kfree(child); |
251 | } | 260 | } |
252 | nfs4_reset_user(uid, gid); | 261 | nfs4_reset_creds(original_cred); |
253 | return status; | 262 | return status; |
254 | } | 263 | } |
255 | 264 | ||
@@ -311,8 +320,7 @@ out: | |||
311 | void | 320 | void |
312 | nfsd4_remove_clid_dir(struct nfs4_client *clp) | 321 | nfsd4_remove_clid_dir(struct nfs4_client *clp) |
313 | { | 322 | { |
314 | uid_t uid; | 323 | const struct cred *original_cred; |
315 | gid_t gid; | ||
316 | int status; | 324 | int status; |
317 | 325 | ||
318 | if (!rec_dir_init || !clp->cl_firststate) | 326 | if (!rec_dir_init || !clp->cl_firststate) |
@@ -322,9 +330,13 @@ nfsd4_remove_clid_dir(struct nfs4_client *clp) | |||
322 | if (status) | 330 | if (status) |
323 | goto out; | 331 | goto out; |
324 | clp->cl_firststate = 0; | 332 | clp->cl_firststate = 0; |
325 | nfs4_save_user(&uid, &gid); | 333 | |
334 | status = nfs4_save_creds(&original_cred); | ||
335 | if (status < 0) | ||
336 | goto out; | ||
337 | |||
326 | status = nfsd4_unlink_clid_dir(clp->cl_recdir, HEXDIR_LEN-1); | 338 | status = nfsd4_unlink_clid_dir(clp->cl_recdir, HEXDIR_LEN-1); |
327 | nfs4_reset_user(uid, gid); | 339 | nfs4_reset_creds(original_cred); |
328 | if (status == 0) | 340 | if (status == 0) |
329 | nfsd4_sync_rec_dir(); | 341 | nfsd4_sync_rec_dir(); |
330 | mnt_drop_write(rec_dir.mnt); | 342 | mnt_drop_write(rec_dir.mnt); |
@@ -401,16 +413,21 @@ nfsd4_recdir_load(void) { | |||
401 | void | 413 | void |
402 | nfsd4_init_recdir(char *rec_dirname) | 414 | nfsd4_init_recdir(char *rec_dirname) |
403 | { | 415 | { |
404 | uid_t uid = 0; | 416 | const struct cred *original_cred; |
405 | gid_t gid = 0; | 417 | int status; |
406 | int status; | ||
407 | 418 | ||
408 | printk("NFSD: Using %s as the NFSv4 state recovery directory\n", | 419 | printk("NFSD: Using %s as the NFSv4 state recovery directory\n", |
409 | rec_dirname); | 420 | rec_dirname); |
410 | 421 | ||
411 | BUG_ON(rec_dir_init); | 422 | BUG_ON(rec_dir_init); |
412 | 423 | ||
413 | nfs4_save_user(&uid, &gid); | 424 | status = nfs4_save_creds(&original_cred); |
425 | if (status < 0) { | ||
426 | printk("NFSD: Unable to change credentials to find recovery" | ||
427 | " directory: error %d\n", | ||
428 | status); | ||
429 | return; | ||
430 | } | ||
414 | 431 | ||
415 | status = kern_path(rec_dirname, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, | 432 | status = kern_path(rec_dirname, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, |
416 | &rec_dir); | 433 | &rec_dir); |
@@ -420,7 +437,7 @@ nfsd4_init_recdir(char *rec_dirname) | |||
420 | 437 | ||
421 | if (!status) | 438 | if (!status) |
422 | rec_dir_init = 1; | 439 | rec_dir_init = 1; |
423 | nfs4_reset_user(uid, gid); | 440 | nfs4_reset_creds(original_cred); |
424 | } | 441 | } |
425 | 442 | ||
426 | void | 443 | void |
diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c index cd25d91895a1..f0da7d9c3a92 100644 --- a/fs/nfsd/nfsfh.c +++ b/fs/nfsd/nfsfh.c | |||
@@ -186,9 +186,14 @@ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct svc_fh *fhp) | |||
186 | * access control settings being in effect, we cannot | 186 | * access control settings being in effect, we cannot |
187 | * fix that case easily. | 187 | * fix that case easily. |
188 | */ | 188 | */ |
189 | current->cap_effective = | 189 | struct cred *new = prepare_creds(); |
190 | cap_raise_nfsd_set(current->cap_effective, | 190 | if (!new) |
191 | current->cap_permitted); | 191 | return nfserrno(-ENOMEM); |
192 | new->cap_effective = | ||
193 | cap_raise_nfsd_set(new->cap_effective, | ||
194 | new->cap_permitted); | ||
195 | put_cred(override_creds(new)); | ||
196 | put_cred(new); | ||
192 | } else { | 197 | } else { |
193 | error = nfsd_setuser_and_check_port(rqstp, exp); | 198 | error = nfsd_setuser_and_check_port(rqstp, exp); |
194 | if (error) | 199 | if (error) |
diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index 4433c8f00163..d1c5f787b365 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c | |||
@@ -671,6 +671,7 @@ __be32 | |||
671 | nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, | 671 | nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, |
672 | int access, struct file **filp) | 672 | int access, struct file **filp) |
673 | { | 673 | { |
674 | const struct cred *cred = current_cred(); | ||
674 | struct dentry *dentry; | 675 | struct dentry *dentry; |
675 | struct inode *inode; | 676 | struct inode *inode; |
676 | int flags = O_RDONLY|O_LARGEFILE; | 677 | int flags = O_RDONLY|O_LARGEFILE; |
@@ -725,7 +726,7 @@ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, | |||
725 | DQUOT_INIT(inode); | 726 | DQUOT_INIT(inode); |
726 | } | 727 | } |
727 | *filp = dentry_open(dget(dentry), mntget(fhp->fh_export->ex_path.mnt), | 728 | *filp = dentry_open(dget(dentry), mntget(fhp->fh_export->ex_path.mnt), |
728 | flags); | 729 | flags, cred); |
729 | if (IS_ERR(*filp)) | 730 | if (IS_ERR(*filp)) |
730 | host_err = PTR_ERR(*filp); | 731 | host_err = PTR_ERR(*filp); |
731 | out_nfserr: | 732 | out_nfserr: |
@@ -1169,7 +1170,7 @@ nfsd_create_setattr(struct svc_rqst *rqstp, struct svc_fh *resfhp, | |||
1169 | * send along the gid on create when it tries to implement | 1170 | * send along the gid on create when it tries to implement |
1170 | * setgid directories via NFS: | 1171 | * setgid directories via NFS: |
1171 | */ | 1172 | */ |
1172 | if (current->fsuid != 0) | 1173 | if (current_fsuid() != 0) |
1173 | iap->ia_valid &= ~(ATTR_UID|ATTR_GID); | 1174 | iap->ia_valid &= ~(ATTR_UID|ATTR_GID); |
1174 | if (iap->ia_valid) | 1175 | if (iap->ia_valid) |
1175 | return nfsd_setattr(rqstp, resfhp, iap, 0, (time_t)0); | 1176 | return nfsd_setattr(rqstp, resfhp, iap, 0, (time_t)0); |
@@ -2001,7 +2002,7 @@ nfsd_permission(struct svc_rqst *rqstp, struct svc_export *exp, | |||
2001 | IS_APPEND(inode)? " append" : "", | 2002 | IS_APPEND(inode)? " append" : "", |
2002 | __mnt_is_readonly(exp->ex_path.mnt)? " ro" : ""); | 2003 | __mnt_is_readonly(exp->ex_path.mnt)? " ro" : ""); |
2003 | dprintk(" owner %d/%d user %d/%d\n", | 2004 | dprintk(" owner %d/%d user %d/%d\n", |
2004 | inode->i_uid, inode->i_gid, current->fsuid, current->fsgid); | 2005 | inode->i_uid, inode->i_gid, current_fsuid(), current_fsgid()); |
2005 | #endif | 2006 | #endif |
2006 | 2007 | ||
2007 | /* Normally we reject any write/sattr etc access on a read-only file | 2008 | /* Normally we reject any write/sattr etc access on a read-only file |
@@ -2044,7 +2045,7 @@ nfsd_permission(struct svc_rqst *rqstp, struct svc_export *exp, | |||
2044 | * with NFSv3. | 2045 | * with NFSv3. |
2045 | */ | 2046 | */ |
2046 | if ((acc & NFSD_MAY_OWNER_OVERRIDE) && | 2047 | if ((acc & NFSD_MAY_OWNER_OVERRIDE) && |
2047 | inode->i_uid == current->fsuid) | 2048 | inode->i_uid == current_fsuid()) |
2048 | return 0; | 2049 | return 0; |
2049 | 2050 | ||
2050 | /* This assumes NFSD_MAY_{READ,WRITE,EXEC} == MAY_{READ,WRITE,EXEC} */ | 2051 | /* This assumes NFSD_MAY_{READ,WRITE,EXEC} == MAY_{READ,WRITE,EXEC} */ |
diff --git a/fs/ocfs2/dlm/dlmfs.c b/fs/ocfs2/dlm/dlmfs.c index 533a789c3ef8..3516d8a4166b 100644 --- a/fs/ocfs2/dlm/dlmfs.c +++ b/fs/ocfs2/dlm/dlmfs.c | |||
@@ -339,8 +339,8 @@ static struct inode *dlmfs_get_root_inode(struct super_block *sb) | |||
339 | ip = DLMFS_I(inode); | 339 | ip = DLMFS_I(inode); |
340 | 340 | ||
341 | inode->i_mode = mode; | 341 | inode->i_mode = mode; |
342 | inode->i_uid = current->fsuid; | 342 | inode->i_uid = current_fsuid(); |
343 | inode->i_gid = current->fsgid; | 343 | inode->i_gid = current_fsgid(); |
344 | inode->i_blocks = 0; | 344 | inode->i_blocks = 0; |
345 | inode->i_mapping->backing_dev_info = &dlmfs_backing_dev_info; | 345 | inode->i_mapping->backing_dev_info = &dlmfs_backing_dev_info; |
346 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; | 346 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; |
@@ -365,8 +365,8 @@ static struct inode *dlmfs_get_inode(struct inode *parent, | |||
365 | return NULL; | 365 | return NULL; |
366 | 366 | ||
367 | inode->i_mode = mode; | 367 | inode->i_mode = mode; |
368 | inode->i_uid = current->fsuid; | 368 | inode->i_uid = current_fsuid(); |
369 | inode->i_gid = current->fsgid; | 369 | inode->i_gid = current_fsgid(); |
370 | inode->i_blocks = 0; | 370 | inode->i_blocks = 0; |
371 | inode->i_mapping->backing_dev_info = &dlmfs_backing_dev_info; | 371 | inode->i_mapping->backing_dev_info = &dlmfs_backing_dev_info; |
372 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; | 372 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; |
diff --git a/fs/ocfs2/namei.c b/fs/ocfs2/namei.c index f4967e634ffd..2545e7402efe 100644 --- a/fs/ocfs2/namei.c +++ b/fs/ocfs2/namei.c | |||
@@ -421,13 +421,13 @@ static int ocfs2_mknod_locked(struct ocfs2_super *osb, | |||
421 | fe->i_blkno = cpu_to_le64(fe_blkno); | 421 | fe->i_blkno = cpu_to_le64(fe_blkno); |
422 | fe->i_suballoc_bit = cpu_to_le16(suballoc_bit); | 422 | fe->i_suballoc_bit = cpu_to_le16(suballoc_bit); |
423 | fe->i_suballoc_slot = cpu_to_le16(inode_ac->ac_alloc_slot); | 423 | fe->i_suballoc_slot = cpu_to_le16(inode_ac->ac_alloc_slot); |
424 | fe->i_uid = cpu_to_le32(current->fsuid); | 424 | fe->i_uid = cpu_to_le32(current_fsuid()); |
425 | if (dir->i_mode & S_ISGID) { | 425 | if (dir->i_mode & S_ISGID) { |
426 | fe->i_gid = cpu_to_le32(dir->i_gid); | 426 | fe->i_gid = cpu_to_le32(dir->i_gid); |
427 | if (S_ISDIR(mode)) | 427 | if (S_ISDIR(mode)) |
428 | mode |= S_ISGID; | 428 | mode |= S_ISGID; |
429 | } else | 429 | } else |
430 | fe->i_gid = cpu_to_le32(current->fsgid); | 430 | fe->i_gid = cpu_to_le32(current_fsgid()); |
431 | fe->i_mode = cpu_to_le16(mode); | 431 | fe->i_mode = cpu_to_le16(mode); |
432 | if (S_ISCHR(mode) || S_ISBLK(mode)) | 432 | if (S_ISCHR(mode) || S_ISBLK(mode)) |
433 | fe->id1.dev1.i_rdev = cpu_to_le64(huge_encode_dev(dev)); | 433 | fe->id1.dev1.i_rdev = cpu_to_le64(huge_encode_dev(dev)); |
diff --git a/fs/omfs/inode.c b/fs/omfs/inode.c index cbf047a847c5..6afe57c84f84 100644 --- a/fs/omfs/inode.c +++ b/fs/omfs/inode.c | |||
@@ -37,8 +37,8 @@ struct inode *omfs_new_inode(struct inode *dir, int mode) | |||
37 | 37 | ||
38 | inode->i_ino = new_block; | 38 | inode->i_ino = new_block; |
39 | inode->i_mode = mode; | 39 | inode->i_mode = mode; |
40 | inode->i_uid = current->fsuid; | 40 | inode->i_uid = current_fsuid(); |
41 | inode->i_gid = current->fsgid; | 41 | inode->i_gid = current_fsgid(); |
42 | inode->i_blocks = 0; | 42 | inode->i_blocks = 0; |
43 | inode->i_mapping->a_ops = &omfs_aops; | 43 | inode->i_mapping->a_ops = &omfs_aops; |
44 | 44 | ||
@@ -420,8 +420,8 @@ static int omfs_fill_super(struct super_block *sb, void *data, int silent) | |||
420 | 420 | ||
421 | sb->s_fs_info = sbi; | 421 | sb->s_fs_info = sbi; |
422 | 422 | ||
423 | sbi->s_uid = current->uid; | 423 | sbi->s_uid = current_uid(); |
424 | sbi->s_gid = current->gid; | 424 | sbi->s_gid = current_gid(); |
425 | sbi->s_dmask = sbi->s_fmask = current->fs->umask; | 425 | sbi->s_dmask = sbi->s_fmask = current->fs->umask; |
426 | 426 | ||
427 | if (!parse_options((char *) data, sbi)) | 427 | if (!parse_options((char *) data, sbi)) |
@@ -425,39 +425,33 @@ out: | |||
425 | */ | 425 | */ |
426 | asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode) | 426 | asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode) |
427 | { | 427 | { |
428 | const struct cred *old_cred; | ||
429 | struct cred *override_cred; | ||
428 | struct path path; | 430 | struct path path; |
429 | struct inode *inode; | 431 | struct inode *inode; |
430 | int old_fsuid, old_fsgid; | ||
431 | kernel_cap_t uninitialized_var(old_cap); /* !SECURE_NO_SETUID_FIXUP */ | ||
432 | int res; | 432 | int res; |
433 | 433 | ||
434 | if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */ | 434 | if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */ |
435 | return -EINVAL; | 435 | return -EINVAL; |
436 | 436 | ||
437 | old_fsuid = current->fsuid; | 437 | override_cred = prepare_creds(); |
438 | old_fsgid = current->fsgid; | 438 | if (!override_cred) |
439 | return -ENOMEM; | ||
439 | 440 | ||
440 | current->fsuid = current->uid; | 441 | override_cred->fsuid = override_cred->uid; |
441 | current->fsgid = current->gid; | 442 | override_cred->fsgid = override_cred->gid; |
442 | 443 | ||
443 | if (!issecure(SECURE_NO_SETUID_FIXUP)) { | 444 | if (!issecure(SECURE_NO_SETUID_FIXUP)) { |
444 | /* | 445 | /* Clear the capabilities if we switch to a non-root user */ |
445 | * Clear the capabilities if we switch to a non-root user | 446 | if (override_cred->uid) |
446 | */ | 447 | cap_clear(override_cred->cap_effective); |
447 | #ifndef CONFIG_SECURITY_FILE_CAPABILITIES | ||
448 | /* | ||
449 | * FIXME: There is a race here against sys_capset. The | ||
450 | * capabilities can change yet we will restore the old | ||
451 | * value below. We should hold task_capabilities_lock, | ||
452 | * but we cannot because user_path_at can sleep. | ||
453 | */ | ||
454 | #endif /* ndef CONFIG_SECURITY_FILE_CAPABILITIES */ | ||
455 | if (current->uid) | ||
456 | old_cap = cap_set_effective(__cap_empty_set); | ||
457 | else | 448 | else |
458 | old_cap = cap_set_effective(current->cap_permitted); | 449 | override_cred->cap_effective = |
450 | override_cred->cap_permitted; | ||
459 | } | 451 | } |
460 | 452 | ||
453 | old_cred = override_creds(override_cred); | ||
454 | |||
461 | res = user_path_at(dfd, filename, LOOKUP_FOLLOW, &path); | 455 | res = user_path_at(dfd, filename, LOOKUP_FOLLOW, &path); |
462 | if (res) | 456 | if (res) |
463 | goto out; | 457 | goto out; |
@@ -494,12 +488,8 @@ asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode) | |||
494 | out_path_release: | 488 | out_path_release: |
495 | path_put(&path); | 489 | path_put(&path); |
496 | out: | 490 | out: |
497 | current->fsuid = old_fsuid; | 491 | revert_creds(old_cred); |
498 | current->fsgid = old_fsgid; | 492 | put_cred(override_cred); |
499 | |||
500 | if (!issecure(SECURE_NO_SETUID_FIXUP)) | ||
501 | cap_set_effective(old_cap); | ||
502 | |||
503 | return res; | 493 | return res; |
504 | } | 494 | } |
505 | 495 | ||
@@ -792,7 +782,8 @@ static inline int __get_file_write_access(struct inode *inode, | |||
792 | 782 | ||
793 | static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt, | 783 | static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt, |
794 | int flags, struct file *f, | 784 | int flags, struct file *f, |
795 | int (*open)(struct inode *, struct file *)) | 785 | int (*open)(struct inode *, struct file *), |
786 | const struct cred *cred) | ||
796 | { | 787 | { |
797 | struct inode *inode; | 788 | struct inode *inode; |
798 | int error; | 789 | int error; |
@@ -816,7 +807,7 @@ static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt, | |||
816 | f->f_op = fops_get(inode->i_fop); | 807 | f->f_op = fops_get(inode->i_fop); |
817 | file_move(f, &inode->i_sb->s_files); | 808 | file_move(f, &inode->i_sb->s_files); |
818 | 809 | ||
819 | error = security_dentry_open(f); | 810 | error = security_dentry_open(f, cred); |
820 | if (error) | 811 | if (error) |
821 | goto cleanup_all; | 812 | goto cleanup_all; |
822 | 813 | ||
@@ -891,6 +882,8 @@ cleanup_file: | |||
891 | struct file *lookup_instantiate_filp(struct nameidata *nd, struct dentry *dentry, | 882 | struct file *lookup_instantiate_filp(struct nameidata *nd, struct dentry *dentry, |
892 | int (*open)(struct inode *, struct file *)) | 883 | int (*open)(struct inode *, struct file *)) |
893 | { | 884 | { |
885 | const struct cred *cred = current_cred(); | ||
886 | |||
894 | if (IS_ERR(nd->intent.open.file)) | 887 | if (IS_ERR(nd->intent.open.file)) |
895 | goto out; | 888 | goto out; |
896 | if (IS_ERR(dentry)) | 889 | if (IS_ERR(dentry)) |
@@ -898,7 +891,7 @@ struct file *lookup_instantiate_filp(struct nameidata *nd, struct dentry *dentry | |||
898 | nd->intent.open.file = __dentry_open(dget(dentry), mntget(nd->path.mnt), | 891 | nd->intent.open.file = __dentry_open(dget(dentry), mntget(nd->path.mnt), |
899 | nd->intent.open.flags - 1, | 892 | nd->intent.open.flags - 1, |
900 | nd->intent.open.file, | 893 | nd->intent.open.file, |
901 | open); | 894 | open, cred); |
902 | out: | 895 | out: |
903 | return nd->intent.open.file; | 896 | return nd->intent.open.file; |
904 | out_err: | 897 | out_err: |
@@ -917,6 +910,7 @@ EXPORT_SYMBOL_GPL(lookup_instantiate_filp); | |||
917 | */ | 910 | */ |
918 | struct file *nameidata_to_filp(struct nameidata *nd, int flags) | 911 | struct file *nameidata_to_filp(struct nameidata *nd, int flags) |
919 | { | 912 | { |
913 | const struct cred *cred = current_cred(); | ||
920 | struct file *filp; | 914 | struct file *filp; |
921 | 915 | ||
922 | /* Pick up the filp from the open intent */ | 916 | /* Pick up the filp from the open intent */ |
@@ -924,7 +918,7 @@ struct file *nameidata_to_filp(struct nameidata *nd, int flags) | |||
924 | /* Has the filesystem initialised the file for us? */ | 918 | /* Has the filesystem initialised the file for us? */ |
925 | if (filp->f_path.dentry == NULL) | 919 | if (filp->f_path.dentry == NULL) |
926 | filp = __dentry_open(nd->path.dentry, nd->path.mnt, flags, filp, | 920 | filp = __dentry_open(nd->path.dentry, nd->path.mnt, flags, filp, |
927 | NULL); | 921 | NULL, cred); |
928 | else | 922 | else |
929 | path_put(&nd->path); | 923 | path_put(&nd->path); |
930 | return filp; | 924 | return filp; |
@@ -934,7 +928,8 @@ struct file *nameidata_to_filp(struct nameidata *nd, int flags) | |||
934 | * dentry_open() will have done dput(dentry) and mntput(mnt) if it returns an | 928 | * dentry_open() will have done dput(dentry) and mntput(mnt) if it returns an |
935 | * error. | 929 | * error. |
936 | */ | 930 | */ |
937 | struct file *dentry_open(struct dentry *dentry, struct vfsmount *mnt, int flags) | 931 | struct file *dentry_open(struct dentry *dentry, struct vfsmount *mnt, int flags, |
932 | const struct cred *cred) | ||
938 | { | 933 | { |
939 | int error; | 934 | int error; |
940 | struct file *f; | 935 | struct file *f; |
@@ -959,7 +954,7 @@ struct file *dentry_open(struct dentry *dentry, struct vfsmount *mnt, int flags) | |||
959 | return ERR_PTR(error); | 954 | return ERR_PTR(error); |
960 | } | 955 | } |
961 | 956 | ||
962 | return __dentry_open(dentry, mnt, flags, f, NULL); | 957 | return __dentry_open(dentry, mnt, flags, f, NULL, cred); |
963 | } | 958 | } |
964 | EXPORT_SYMBOL(dentry_open); | 959 | EXPORT_SYMBOL(dentry_open); |
965 | 960 | ||
@@ -899,8 +899,8 @@ static struct inode * get_pipe_inode(void) | |||
899 | */ | 899 | */ |
900 | inode->i_state = I_DIRTY; | 900 | inode->i_state = I_DIRTY; |
901 | inode->i_mode = S_IFIFO | S_IRUSR | S_IWUSR; | 901 | inode->i_mode = S_IFIFO | S_IRUSR | S_IWUSR; |
902 | inode->i_uid = current->fsuid; | 902 | inode->i_uid = current_fsuid(); |
903 | inode->i_gid = current->fsgid; | 903 | inode->i_gid = current_fsgid(); |
904 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; | 904 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; |
905 | 905 | ||
906 | return inode; | 906 | return inode; |
diff --git a/fs/posix_acl.c b/fs/posix_acl.c index aec931e09973..39df95a0ec25 100644 --- a/fs/posix_acl.c +++ b/fs/posix_acl.c | |||
@@ -217,11 +217,11 @@ posix_acl_permission(struct inode *inode, const struct posix_acl *acl, int want) | |||
217 | switch(pa->e_tag) { | 217 | switch(pa->e_tag) { |
218 | case ACL_USER_OBJ: | 218 | case ACL_USER_OBJ: |
219 | /* (May have been checked already) */ | 219 | /* (May have been checked already) */ |
220 | if (inode->i_uid == current->fsuid) | 220 | if (inode->i_uid == current_fsuid()) |
221 | goto check_perm; | 221 | goto check_perm; |
222 | break; | 222 | break; |
223 | case ACL_USER: | 223 | case ACL_USER: |
224 | if (pa->e_id == current->fsuid) | 224 | if (pa->e_id == current_fsuid()) |
225 | goto mask; | 225 | goto mask; |
226 | break; | 226 | break; |
227 | case ACL_GROUP_OBJ: | 227 | case ACL_GROUP_OBJ: |
diff --git a/fs/proc/array.c b/fs/proc/array.c index 6af7fba7abb1..7e4877d9dcb5 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c | |||
@@ -159,6 +159,7 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns, | |||
159 | struct group_info *group_info; | 159 | struct group_info *group_info; |
160 | int g; | 160 | int g; |
161 | struct fdtable *fdt = NULL; | 161 | struct fdtable *fdt = NULL; |
162 | const struct cred *cred; | ||
162 | pid_t ppid, tpid; | 163 | pid_t ppid, tpid; |
163 | 164 | ||
164 | rcu_read_lock(); | 165 | rcu_read_lock(); |
@@ -170,6 +171,7 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns, | |||
170 | if (tracer) | 171 | if (tracer) |
171 | tpid = task_pid_nr_ns(tracer, ns); | 172 | tpid = task_pid_nr_ns(tracer, ns); |
172 | } | 173 | } |
174 | cred = get_cred((struct cred *) __task_cred(p)); | ||
173 | seq_printf(m, | 175 | seq_printf(m, |
174 | "State:\t%s\n" | 176 | "State:\t%s\n" |
175 | "Tgid:\t%d\n" | 177 | "Tgid:\t%d\n" |
@@ -182,8 +184,8 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns, | |||
182 | task_tgid_nr_ns(p, ns), | 184 | task_tgid_nr_ns(p, ns), |
183 | pid_nr_ns(pid, ns), | 185 | pid_nr_ns(pid, ns), |
184 | ppid, tpid, | 186 | ppid, tpid, |
185 | p->uid, p->euid, p->suid, p->fsuid, | 187 | cred->uid, cred->euid, cred->suid, cred->fsuid, |
186 | p->gid, p->egid, p->sgid, p->fsgid); | 188 | cred->gid, cred->egid, cred->sgid, cred->fsgid); |
187 | 189 | ||
188 | task_lock(p); | 190 | task_lock(p); |
189 | if (p->files) | 191 | if (p->files) |
@@ -194,13 +196,12 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns, | |||
194 | fdt ? fdt->max_fds : 0); | 196 | fdt ? fdt->max_fds : 0); |
195 | rcu_read_unlock(); | 197 | rcu_read_unlock(); |
196 | 198 | ||
197 | group_info = p->group_info; | 199 | group_info = cred->group_info; |
198 | get_group_info(group_info); | ||
199 | task_unlock(p); | 200 | task_unlock(p); |
200 | 201 | ||
201 | for (g = 0; g < min(group_info->ngroups, NGROUPS_SMALL); g++) | 202 | for (g = 0; g < min(group_info->ngroups, NGROUPS_SMALL); g++) |
202 | seq_printf(m, "%d ", GROUP_AT(group_info, g)); | 203 | seq_printf(m, "%d ", GROUP_AT(group_info, g)); |
203 | put_group_info(group_info); | 204 | put_cred(cred); |
204 | 205 | ||
205 | seq_printf(m, "\n"); | 206 | seq_printf(m, "\n"); |
206 | } | 207 | } |
@@ -262,7 +263,7 @@ static inline void task_sig(struct seq_file *m, struct task_struct *p) | |||
262 | blocked = p->blocked; | 263 | blocked = p->blocked; |
263 | collect_sigign_sigcatch(p, &ignored, &caught); | 264 | collect_sigign_sigcatch(p, &ignored, &caught); |
264 | num_threads = atomic_read(&p->signal->count); | 265 | num_threads = atomic_read(&p->signal->count); |
265 | qsize = atomic_read(&p->user->sigpending); | 266 | qsize = atomic_read(&__task_cred(p)->user->sigpending); |
266 | qlim = p->signal->rlim[RLIMIT_SIGPENDING].rlim_cur; | 267 | qlim = p->signal->rlim[RLIMIT_SIGPENDING].rlim_cur; |
267 | unlock_task_sighand(p, &flags); | 268 | unlock_task_sighand(p, &flags); |
268 | } | 269 | } |
@@ -293,10 +294,21 @@ static void render_cap_t(struct seq_file *m, const char *header, | |||
293 | 294 | ||
294 | static inline void task_cap(struct seq_file *m, struct task_struct *p) | 295 | static inline void task_cap(struct seq_file *m, struct task_struct *p) |
295 | { | 296 | { |
296 | render_cap_t(m, "CapInh:\t", &p->cap_inheritable); | 297 | const struct cred *cred; |
297 | render_cap_t(m, "CapPrm:\t", &p->cap_permitted); | 298 | kernel_cap_t cap_inheritable, cap_permitted, cap_effective, cap_bset; |
298 | render_cap_t(m, "CapEff:\t", &p->cap_effective); | 299 | |
299 | render_cap_t(m, "CapBnd:\t", &p->cap_bset); | 300 | rcu_read_lock(); |
301 | cred = __task_cred(p); | ||
302 | cap_inheritable = cred->cap_inheritable; | ||
303 | cap_permitted = cred->cap_permitted; | ||
304 | cap_effective = cred->cap_effective; | ||
305 | cap_bset = cred->cap_bset; | ||
306 | rcu_read_unlock(); | ||
307 | |||
308 | render_cap_t(m, "CapInh:\t", &cap_inheritable); | ||
309 | render_cap_t(m, "CapPrm:\t", &cap_permitted); | ||
310 | render_cap_t(m, "CapEff:\t", &cap_effective); | ||
311 | render_cap_t(m, "CapBnd:\t", &cap_bset); | ||
300 | } | 312 | } |
301 | 313 | ||
302 | static inline void task_context_switch_counts(struct seq_file *m, | 314 | static inline void task_context_switch_counts(struct seq_file *m, |
diff --git a/fs/proc/base.c b/fs/proc/base.c index 486cf3fe7139..cf42c42cbfbb 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c | |||
@@ -1406,6 +1406,7 @@ static struct inode *proc_pid_make_inode(struct super_block * sb, struct task_st | |||
1406 | { | 1406 | { |
1407 | struct inode * inode; | 1407 | struct inode * inode; |
1408 | struct proc_inode *ei; | 1408 | struct proc_inode *ei; |
1409 | const struct cred *cred; | ||
1409 | 1410 | ||
1410 | /* We need a new inode */ | 1411 | /* We need a new inode */ |
1411 | 1412 | ||
@@ -1428,8 +1429,11 @@ static struct inode *proc_pid_make_inode(struct super_block * sb, struct task_st | |||
1428 | inode->i_uid = 0; | 1429 | inode->i_uid = 0; |
1429 | inode->i_gid = 0; | 1430 | inode->i_gid = 0; |
1430 | if (task_dumpable(task)) { | 1431 | if (task_dumpable(task)) { |
1431 | inode->i_uid = task->euid; | 1432 | rcu_read_lock(); |
1432 | inode->i_gid = task->egid; | 1433 | cred = __task_cred(task); |
1434 | inode->i_uid = cred->euid; | ||
1435 | inode->i_gid = cred->egid; | ||
1436 | rcu_read_unlock(); | ||
1433 | } | 1437 | } |
1434 | security_task_to_inode(task, inode); | 1438 | security_task_to_inode(task, inode); |
1435 | 1439 | ||
@@ -1445,6 +1449,8 @@ static int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat | |||
1445 | { | 1449 | { |
1446 | struct inode *inode = dentry->d_inode; | 1450 | struct inode *inode = dentry->d_inode; |
1447 | struct task_struct *task; | 1451 | struct task_struct *task; |
1452 | const struct cred *cred; | ||
1453 | |||
1448 | generic_fillattr(inode, stat); | 1454 | generic_fillattr(inode, stat); |
1449 | 1455 | ||
1450 | rcu_read_lock(); | 1456 | rcu_read_lock(); |
@@ -1454,8 +1460,9 @@ static int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat | |||
1454 | if (task) { | 1460 | if (task) { |
1455 | if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || | 1461 | if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || |
1456 | task_dumpable(task)) { | 1462 | task_dumpable(task)) { |
1457 | stat->uid = task->euid; | 1463 | cred = __task_cred(task); |
1458 | stat->gid = task->egid; | 1464 | stat->uid = cred->euid; |
1465 | stat->gid = cred->egid; | ||
1459 | } | 1466 | } |
1460 | } | 1467 | } |
1461 | rcu_read_unlock(); | 1468 | rcu_read_unlock(); |
@@ -1483,11 +1490,16 @@ static int pid_revalidate(struct dentry *dentry, struct nameidata *nd) | |||
1483 | { | 1490 | { |
1484 | struct inode *inode = dentry->d_inode; | 1491 | struct inode *inode = dentry->d_inode; |
1485 | struct task_struct *task = get_proc_task(inode); | 1492 | struct task_struct *task = get_proc_task(inode); |
1493 | const struct cred *cred; | ||
1494 | |||
1486 | if (task) { | 1495 | if (task) { |
1487 | if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || | 1496 | if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || |
1488 | task_dumpable(task)) { | 1497 | task_dumpable(task)) { |
1489 | inode->i_uid = task->euid; | 1498 | rcu_read_lock(); |
1490 | inode->i_gid = task->egid; | 1499 | cred = __task_cred(task); |
1500 | inode->i_uid = cred->euid; | ||
1501 | inode->i_gid = cred->egid; | ||
1502 | rcu_read_unlock(); | ||
1491 | } else { | 1503 | } else { |
1492 | inode->i_uid = 0; | 1504 | inode->i_uid = 0; |
1493 | inode->i_gid = 0; | 1505 | inode->i_gid = 0; |
@@ -1649,6 +1661,7 @@ static int tid_fd_revalidate(struct dentry *dentry, struct nameidata *nd) | |||
1649 | struct task_struct *task = get_proc_task(inode); | 1661 | struct task_struct *task = get_proc_task(inode); |
1650 | int fd = proc_fd(inode); | 1662 | int fd = proc_fd(inode); |
1651 | struct files_struct *files; | 1663 | struct files_struct *files; |
1664 | const struct cred *cred; | ||
1652 | 1665 | ||
1653 | if (task) { | 1666 | if (task) { |
1654 | files = get_files_struct(task); | 1667 | files = get_files_struct(task); |
@@ -1658,8 +1671,11 @@ static int tid_fd_revalidate(struct dentry *dentry, struct nameidata *nd) | |||
1658 | rcu_read_unlock(); | 1671 | rcu_read_unlock(); |
1659 | put_files_struct(files); | 1672 | put_files_struct(files); |
1660 | if (task_dumpable(task)) { | 1673 | if (task_dumpable(task)) { |
1661 | inode->i_uid = task->euid; | 1674 | rcu_read_lock(); |
1662 | inode->i_gid = task->egid; | 1675 | cred = __task_cred(task); |
1676 | inode->i_uid = cred->euid; | ||
1677 | inode->i_gid = cred->egid; | ||
1678 | rcu_read_unlock(); | ||
1663 | } else { | 1679 | } else { |
1664 | inode->i_uid = 0; | 1680 | inode->i_uid = 0; |
1665 | inode->i_gid = 0; | 1681 | inode->i_gid = 0; |
diff --git a/fs/quota.c b/fs/quota.c index 7f4386ebc23a..b7fe44e01618 100644 --- a/fs/quota.c +++ b/fs/quota.c | |||
@@ -79,7 +79,7 @@ static int generic_quotactl_valid(struct super_block *sb, int type, int cmd, qid | |||
79 | 79 | ||
80 | /* Check privileges */ | 80 | /* Check privileges */ |
81 | if (cmd == Q_GETQUOTA) { | 81 | if (cmd == Q_GETQUOTA) { |
82 | if (((type == USRQUOTA && current->euid != id) || | 82 | if (((type == USRQUOTA && current_euid() != id) || |
83 | (type == GRPQUOTA && !in_egroup_p(id))) && | 83 | (type == GRPQUOTA && !in_egroup_p(id))) && |
84 | !capable(CAP_SYS_ADMIN)) | 84 | !capable(CAP_SYS_ADMIN)) |
85 | return -EPERM; | 85 | return -EPERM; |
@@ -130,7 +130,7 @@ static int xqm_quotactl_valid(struct super_block *sb, int type, int cmd, qid_t i | |||
130 | 130 | ||
131 | /* Check privileges */ | 131 | /* Check privileges */ |
132 | if (cmd == Q_XGETQUOTA) { | 132 | if (cmd == Q_XGETQUOTA) { |
133 | if (((type == XQM_USRQUOTA && current->euid != id) || | 133 | if (((type == XQM_USRQUOTA && current_euid() != id) || |
134 | (type == XQM_GRPQUOTA && !in_egroup_p(id))) && | 134 | (type == XQM_GRPQUOTA && !in_egroup_p(id))) && |
135 | !capable(CAP_SYS_ADMIN)) | 135 | !capable(CAP_SYS_ADMIN)) |
136 | return -EPERM; | 136 | return -EPERM; |
diff --git a/fs/ramfs/inode.c b/fs/ramfs/inode.c index f031d1c925f0..a83a3518ae33 100644 --- a/fs/ramfs/inode.c +++ b/fs/ramfs/inode.c | |||
@@ -55,8 +55,8 @@ struct inode *ramfs_get_inode(struct super_block *sb, int mode, dev_t dev) | |||
55 | 55 | ||
56 | if (inode) { | 56 | if (inode) { |
57 | inode->i_mode = mode; | 57 | inode->i_mode = mode; |
58 | inode->i_uid = current->fsuid; | 58 | inode->i_uid = current_fsuid(); |
59 | inode->i_gid = current->fsgid; | 59 | inode->i_gid = current_fsgid(); |
60 | inode->i_blocks = 0; | 60 | inode->i_blocks = 0; |
61 | inode->i_mapping->a_ops = &ramfs_aops; | 61 | inode->i_mapping->a_ops = &ramfs_aops; |
62 | inode->i_mapping->backing_dev_info = &ramfs_backing_dev_info; | 62 | inode->i_mapping->backing_dev_info = &ramfs_backing_dev_info; |
diff --git a/fs/reiserfs/namei.c b/fs/reiserfs/namei.c index f89ebb943f3f..4f322e5ed840 100644 --- a/fs/reiserfs/namei.c +++ b/fs/reiserfs/namei.c | |||
@@ -573,7 +573,7 @@ static int new_inode_init(struct inode *inode, struct inode *dir, int mode) | |||
573 | /* the quota init calls have to know who to charge the quota to, so | 573 | /* the quota init calls have to know who to charge the quota to, so |
574 | ** we have to set uid and gid here | 574 | ** we have to set uid and gid here |
575 | */ | 575 | */ |
576 | inode->i_uid = current->fsuid; | 576 | inode->i_uid = current_fsuid(); |
577 | inode->i_mode = mode; | 577 | inode->i_mode = mode; |
578 | /* Make inode invalid - just in case we are going to drop it before | 578 | /* Make inode invalid - just in case we are going to drop it before |
579 | * the initialization happens */ | 579 | * the initialization happens */ |
@@ -584,7 +584,7 @@ static int new_inode_init(struct inode *inode, struct inode *dir, int mode) | |||
584 | if (S_ISDIR(mode)) | 584 | if (S_ISDIR(mode)) |
585 | inode->i_mode |= S_ISGID; | 585 | inode->i_mode |= S_ISGID; |
586 | } else { | 586 | } else { |
587 | inode->i_gid = current->fsgid; | 587 | inode->i_gid = current_fsgid(); |
588 | } | 588 | } |
589 | DQUOT_INIT(inode); | 589 | DQUOT_INIT(inode); |
590 | return 0; | 590 | return 0; |
diff --git a/fs/smbfs/dir.c b/fs/smbfs/dir.c index 48da4fa6b7d4..e7ddd0328ddc 100644 --- a/fs/smbfs/dir.c +++ b/fs/smbfs/dir.c | |||
@@ -667,8 +667,7 @@ smb_make_node(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) | |||
667 | 667 | ||
668 | attr.ia_valid = ATTR_MODE | ATTR_UID | ATTR_GID; | 668 | attr.ia_valid = ATTR_MODE | ATTR_UID | ATTR_GID; |
669 | attr.ia_mode = mode; | 669 | attr.ia_mode = mode; |
670 | attr.ia_uid = current->euid; | 670 | current_euid_egid(&attr.ia_uid, &attr.ia_gid); |
671 | attr.ia_gid = current->egid; | ||
672 | 671 | ||
673 | if (!new_valid_dev(dev)) | 672 | if (!new_valid_dev(dev)) |
674 | return -EINVAL; | 673 | return -EINVAL; |
diff --git a/fs/smbfs/inode.c b/fs/smbfs/inode.c index 3528f40ffb0f..fc27fbfc5397 100644 --- a/fs/smbfs/inode.c +++ b/fs/smbfs/inode.c | |||
@@ -586,7 +586,7 @@ static int smb_fill_super(struct super_block *sb, void *raw_data, int silent) | |||
586 | if (parse_options(mnt, raw_data)) | 586 | if (parse_options(mnt, raw_data)) |
587 | goto out_bad_option; | 587 | goto out_bad_option; |
588 | } | 588 | } |
589 | mnt->mounted_uid = current->uid; | 589 | mnt->mounted_uid = current_uid(); |
590 | smb_setcodepage(server, &mnt->codepage); | 590 | smb_setcodepage(server, &mnt->codepage); |
591 | 591 | ||
592 | /* | 592 | /* |
diff --git a/fs/smbfs/proc.c b/fs/smbfs/proc.c index ee536e8a649a..9468168b9af5 100644 --- a/fs/smbfs/proc.c +++ b/fs/smbfs/proc.c | |||
@@ -864,7 +864,7 @@ smb_newconn(struct smb_sb_info *server, struct smb_conn_opt *opt) | |||
864 | goto out; | 864 | goto out; |
865 | 865 | ||
866 | error = -EACCES; | 866 | error = -EACCES; |
867 | if (current->uid != server->mnt->mounted_uid && | 867 | if (current_uid() != server->mnt->mounted_uid && |
868 | !capable(CAP_SYS_ADMIN)) | 868 | !capable(CAP_SYS_ADMIN)) |
869 | goto out; | 869 | goto out; |
870 | 870 | ||
diff --git a/fs/sysv/ialloc.c b/fs/sysv/ialloc.c index 115ab0d6f4bc..241e9765cfad 100644 --- a/fs/sysv/ialloc.c +++ b/fs/sysv/ialloc.c | |||
@@ -165,9 +165,9 @@ struct inode * sysv_new_inode(const struct inode * dir, mode_t mode) | |||
165 | if (S_ISDIR(mode)) | 165 | if (S_ISDIR(mode)) |
166 | mode |= S_ISGID; | 166 | mode |= S_ISGID; |
167 | } else | 167 | } else |
168 | inode->i_gid = current->fsgid; | 168 | inode->i_gid = current_fsgid(); |
169 | 169 | ||
170 | inode->i_uid = current->fsuid; | 170 | inode->i_uid = current_fsuid(); |
171 | inode->i_ino = fs16_to_cpu(sbi, ino); | 171 | inode->i_ino = fs16_to_cpu(sbi, ino); |
172 | inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC; | 172 | inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME_SEC; |
173 | inode->i_blocks = 0; | 173 | inode->i_blocks = 0; |
diff --git a/fs/ubifs/budget.c b/fs/ubifs/budget.c index 1a4973e10664..4a18f084cc42 100644 --- a/fs/ubifs/budget.c +++ b/fs/ubifs/budget.c | |||
@@ -363,7 +363,7 @@ long long ubifs_calc_available(const struct ubifs_info *c, int min_idx_lebs) | |||
363 | */ | 363 | */ |
364 | static int can_use_rp(struct ubifs_info *c) | 364 | static int can_use_rp(struct ubifs_info *c) |
365 | { | 365 | { |
366 | if (current->fsuid == c->rp_uid || capable(CAP_SYS_RESOURCE) || | 366 | if (current_fsuid() == c->rp_uid || capable(CAP_SYS_RESOURCE) || |
367 | (c->rp_gid != 0 && in_group_p(c->rp_gid))) | 367 | (c->rp_gid != 0 && in_group_p(c->rp_gid))) |
368 | return 1; | 368 | return 1; |
369 | return 0; | 369 | return 0; |
diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c index 526c01ec8003..856189014a3a 100644 --- a/fs/ubifs/dir.c +++ b/fs/ubifs/dir.c | |||
@@ -104,13 +104,13 @@ struct inode *ubifs_new_inode(struct ubifs_info *c, const struct inode *dir, | |||
104 | */ | 104 | */ |
105 | inode->i_flags |= (S_NOCMTIME); | 105 | inode->i_flags |= (S_NOCMTIME); |
106 | 106 | ||
107 | inode->i_uid = current->fsuid; | 107 | inode->i_uid = current_fsuid(); |
108 | if (dir->i_mode & S_ISGID) { | 108 | if (dir->i_mode & S_ISGID) { |
109 | inode->i_gid = dir->i_gid; | 109 | inode->i_gid = dir->i_gid; |
110 | if (S_ISDIR(mode)) | 110 | if (S_ISDIR(mode)) |
111 | mode |= S_ISGID; | 111 | mode |= S_ISGID; |
112 | } else | 112 | } else |
113 | inode->i_gid = current->fsgid; | 113 | inode->i_gid = current_fsgid(); |
114 | inode->i_mode = mode; | 114 | inode->i_mode = mode; |
115 | inode->i_mtime = inode->i_atime = inode->i_ctime = | 115 | inode->i_mtime = inode->i_atime = inode->i_ctime = |
116 | ubifs_current_time(inode); | 116 | ubifs_current_time(inode); |
diff --git a/fs/udf/ialloc.c b/fs/udf/ialloc.c index a4f2b3ce45b0..31fc84297ddb 100644 --- a/fs/udf/ialloc.c +++ b/fs/udf/ialloc.c | |||
@@ -126,13 +126,13 @@ struct inode *udf_new_inode(struct inode *dir, int mode, int *err) | |||
126 | } | 126 | } |
127 | mutex_unlock(&sbi->s_alloc_mutex); | 127 | mutex_unlock(&sbi->s_alloc_mutex); |
128 | inode->i_mode = mode; | 128 | inode->i_mode = mode; |
129 | inode->i_uid = current->fsuid; | 129 | inode->i_uid = current_fsuid(); |
130 | if (dir->i_mode & S_ISGID) { | 130 | if (dir->i_mode & S_ISGID) { |
131 | inode->i_gid = dir->i_gid; | 131 | inode->i_gid = dir->i_gid; |
132 | if (S_ISDIR(mode)) | 132 | if (S_ISDIR(mode)) |
133 | mode |= S_ISGID; | 133 | mode |= S_ISGID; |
134 | } else { | 134 | } else { |
135 | inode->i_gid = current->fsgid; | 135 | inode->i_gid = current_fsgid(); |
136 | } | 136 | } |
137 | 137 | ||
138 | iinfo->i_location.logicalBlockNum = block; | 138 | iinfo->i_location.logicalBlockNum = block; |
diff --git a/fs/udf/namei.c b/fs/udf/namei.c index 082409cd4b8a..f84bfaa8d941 100644 --- a/fs/udf/namei.c +++ b/fs/udf/namei.c | |||
@@ -604,7 +604,7 @@ static int udf_mknod(struct inode *dir, struct dentry *dentry, int mode, | |||
604 | goto out; | 604 | goto out; |
605 | 605 | ||
606 | iinfo = UDF_I(inode); | 606 | iinfo = UDF_I(inode); |
607 | inode->i_uid = current->fsuid; | 607 | inode->i_uid = current_fsuid(); |
608 | init_special_inode(inode, mode, rdev); | 608 | init_special_inode(inode, mode, rdev); |
609 | fi = udf_add_entry(dir, dentry, &fibh, &cfi, &err); | 609 | fi = udf_add_entry(dir, dentry, &fibh, &cfi, &err); |
610 | if (!fi) { | 610 | if (!fi) { |
diff --git a/fs/ufs/ialloc.c b/fs/ufs/ialloc.c index ac181f6806a3..6f5dcf006096 100644 --- a/fs/ufs/ialloc.c +++ b/fs/ufs/ialloc.c | |||
@@ -304,13 +304,13 @@ cg_found: | |||
304 | 304 | ||
305 | inode->i_ino = cg * uspi->s_ipg + bit; | 305 | inode->i_ino = cg * uspi->s_ipg + bit; |
306 | inode->i_mode = mode; | 306 | inode->i_mode = mode; |
307 | inode->i_uid = current->fsuid; | 307 | inode->i_uid = current_fsuid(); |
308 | if (dir->i_mode & S_ISGID) { | 308 | if (dir->i_mode & S_ISGID) { |
309 | inode->i_gid = dir->i_gid; | 309 | inode->i_gid = dir->i_gid; |
310 | if (S_ISDIR(mode)) | 310 | if (S_ISDIR(mode)) |
311 | inode->i_mode |= S_ISGID; | 311 | inode->i_mode |= S_ISGID; |
312 | } else | 312 | } else |
313 | inode->i_gid = current->fsgid; | 313 | inode->i_gid = current_fsgid(); |
314 | 314 | ||
315 | inode->i_blocks = 0; | 315 | inode->i_blocks = 0; |
316 | inode->i_generation = 0; | 316 | inode->i_generation = 0; |
diff --git a/fs/xfs/linux-2.6/xfs_cred.h b/fs/xfs/linux-2.6/xfs_cred.h index 652721ce0ea5..8c022cd0ad67 100644 --- a/fs/xfs/linux-2.6/xfs_cred.h +++ b/fs/xfs/linux-2.6/xfs_cred.h | |||
@@ -23,11 +23,9 @@ | |||
23 | /* | 23 | /* |
24 | * Credentials | 24 | * Credentials |
25 | */ | 25 | */ |
26 | typedef struct cred { | 26 | typedef const struct cred cred_t; |
27 | /* EMPTY */ | ||
28 | } cred_t; | ||
29 | 27 | ||
30 | extern struct cred *sys_cred; | 28 | extern cred_t *sys_cred; |
31 | 29 | ||
32 | /* this is a hack.. (assumes sys_cred is the only cred_t in the system) */ | 30 | /* this is a hack.. (assumes sys_cred is the only cred_t in the system) */ |
33 | static inline int capable_cred(cred_t *cr, int cid) | 31 | static inline int capable_cred(cred_t *cr, int cid) |
diff --git a/fs/xfs/linux-2.6/xfs_globals.h b/fs/xfs/linux-2.6/xfs_globals.h index 2770b0085ee8..6eda8a3eb6f1 100644 --- a/fs/xfs/linux-2.6/xfs_globals.h +++ b/fs/xfs/linux-2.6/xfs_globals.h | |||
@@ -19,6 +19,6 @@ | |||
19 | #define __XFS_GLOBALS_H__ | 19 | #define __XFS_GLOBALS_H__ |
20 | 20 | ||
21 | extern uint64_t xfs_panic_mask; /* set to cause more panics */ | 21 | extern uint64_t xfs_panic_mask; /* set to cause more panics */ |
22 | extern struct cred *sys_cred; | 22 | extern cred_t *sys_cred; |
23 | 23 | ||
24 | #endif /* __XFS_GLOBALS_H__ */ | 24 | #endif /* __XFS_GLOBALS_H__ */ |
diff --git a/fs/xfs/linux-2.6/xfs_ioctl.c b/fs/xfs/linux-2.6/xfs_ioctl.c index d3438c72dcaf..281cbd5a25cf 100644 --- a/fs/xfs/linux-2.6/xfs_ioctl.c +++ b/fs/xfs/linux-2.6/xfs_ioctl.c | |||
@@ -256,6 +256,7 @@ xfs_open_by_handle( | |||
256 | struct file *parfilp, | 256 | struct file *parfilp, |
257 | struct inode *parinode) | 257 | struct inode *parinode) |
258 | { | 258 | { |
259 | const struct cred *cred = current_cred(); | ||
259 | int error; | 260 | int error; |
260 | int new_fd; | 261 | int new_fd; |
261 | int permflag; | 262 | int permflag; |
@@ -321,7 +322,7 @@ xfs_open_by_handle( | |||
321 | mntget(parfilp->f_path.mnt); | 322 | mntget(parfilp->f_path.mnt); |
322 | 323 | ||
323 | /* Create file pointer. */ | 324 | /* Create file pointer. */ |
324 | filp = dentry_open(dentry, parfilp->f_path.mnt, hreq.oflags); | 325 | filp = dentry_open(dentry, parfilp->f_path.mnt, hreq.oflags, cred); |
325 | if (IS_ERR(filp)) { | 326 | if (IS_ERR(filp)) { |
326 | put_unused_fd(new_fd); | 327 | put_unused_fd(new_fd); |
327 | return -XFS_ERROR(-PTR_ERR(filp)); | 328 | return -XFS_ERROR(-PTR_ERR(filp)); |
@@ -1007,7 +1008,7 @@ xfs_ioctl_setattr( | |||
1007 | * to the file owner ID, except in cases where the | 1008 | * to the file owner ID, except in cases where the |
1008 | * CAP_FSETID capability is applicable. | 1009 | * CAP_FSETID capability is applicable. |
1009 | */ | 1010 | */ |
1010 | if (current->fsuid != ip->i_d.di_uid && !capable(CAP_FOWNER)) { | 1011 | if (current_fsuid() != ip->i_d.di_uid && !capable(CAP_FOWNER)) { |
1011 | code = XFS_ERROR(EPERM); | 1012 | code = XFS_ERROR(EPERM); |
1012 | goto error_return; | 1013 | goto error_return; |
1013 | } | 1014 | } |
diff --git a/fs/xfs/xfs_acl.c b/fs/xfs/xfs_acl.c index b2f639a1416f..91d69338d3b2 100644 --- a/fs/xfs/xfs_acl.c +++ b/fs/xfs/xfs_acl.c | |||
@@ -366,7 +366,7 @@ xfs_acl_allow_set( | |||
366 | return ENOTDIR; | 366 | return ENOTDIR; |
367 | if (vp->i_sb->s_flags & MS_RDONLY) | 367 | if (vp->i_sb->s_flags & MS_RDONLY) |
368 | return EROFS; | 368 | return EROFS; |
369 | if (XFS_I(vp)->i_d.di_uid != current->fsuid && !capable(CAP_FOWNER)) | 369 | if (XFS_I(vp)->i_d.di_uid != current_fsuid() && !capable(CAP_FOWNER)) |
370 | return EPERM; | 370 | return EPERM; |
371 | return 0; | 371 | return 0; |
372 | } | 372 | } |
@@ -413,13 +413,13 @@ xfs_acl_access( | |||
413 | switch (fap->acl_entry[i].ae_tag) { | 413 | switch (fap->acl_entry[i].ae_tag) { |
414 | case ACL_USER_OBJ: | 414 | case ACL_USER_OBJ: |
415 | seen_userobj = 1; | 415 | seen_userobj = 1; |
416 | if (fuid != current->fsuid) | 416 | if (fuid != current_fsuid()) |
417 | continue; | 417 | continue; |
418 | matched.ae_tag = ACL_USER_OBJ; | 418 | matched.ae_tag = ACL_USER_OBJ; |
419 | matched.ae_perm = allows; | 419 | matched.ae_perm = allows; |
420 | break; | 420 | break; |
421 | case ACL_USER: | 421 | case ACL_USER: |
422 | if (fap->acl_entry[i].ae_id != current->fsuid) | 422 | if (fap->acl_entry[i].ae_id != current_fsuid()) |
423 | continue; | 423 | continue; |
424 | matched.ae_tag = ACL_USER; | 424 | matched.ae_tag = ACL_USER; |
425 | matched.ae_perm = allows; | 425 | matched.ae_perm = allows; |
diff --git a/fs/xfs/xfs_inode.h b/fs/xfs/xfs_inode.h index 1420c49674d7..6be310d41daf 100644 --- a/fs/xfs/xfs_inode.h +++ b/fs/xfs/xfs_inode.h | |||
@@ -497,7 +497,7 @@ int xfs_iread(struct xfs_mount *, struct xfs_trans *, xfs_ino_t, | |||
497 | xfs_inode_t **, xfs_daddr_t, uint); | 497 | xfs_inode_t **, xfs_daddr_t, uint); |
498 | int xfs_iread_extents(struct xfs_trans *, xfs_inode_t *, int); | 498 | int xfs_iread_extents(struct xfs_trans *, xfs_inode_t *, int); |
499 | int xfs_ialloc(struct xfs_trans *, xfs_inode_t *, mode_t, | 499 | int xfs_ialloc(struct xfs_trans *, xfs_inode_t *, mode_t, |
500 | xfs_nlink_t, xfs_dev_t, struct cred *, xfs_prid_t, | 500 | xfs_nlink_t, xfs_dev_t, cred_t *, xfs_prid_t, |
501 | int, struct xfs_buf **, boolean_t *, xfs_inode_t **); | 501 | int, struct xfs_buf **, boolean_t *, xfs_inode_t **); |
502 | void xfs_dinode_from_disk(struct xfs_icdinode *, | 502 | void xfs_dinode_from_disk(struct xfs_icdinode *, |
503 | struct xfs_dinode_core *); | 503 | struct xfs_dinode_core *); |
diff --git a/fs/xfs/xfs_vnodeops.h b/fs/xfs/xfs_vnodeops.h index e932a96bec54..7b0c2ab88333 100644 --- a/fs/xfs/xfs_vnodeops.h +++ b/fs/xfs/xfs_vnodeops.h | |||
@@ -16,7 +16,7 @@ struct xfs_iomap; | |||
16 | 16 | ||
17 | int xfs_open(struct xfs_inode *ip); | 17 | int xfs_open(struct xfs_inode *ip); |
18 | int xfs_setattr(struct xfs_inode *ip, struct iattr *vap, int flags, | 18 | int xfs_setattr(struct xfs_inode *ip, struct iattr *vap, int flags, |
19 | struct cred *credp); | 19 | cred_t *credp); |
20 | #define XFS_ATTR_DMI 0x01 /* invocation from a DMI function */ | 20 | #define XFS_ATTR_DMI 0x01 /* invocation from a DMI function */ |
21 | #define XFS_ATTR_NONBLOCK 0x02 /* return EAGAIN if operation would block */ | 21 | #define XFS_ATTR_NONBLOCK 0x02 /* return EAGAIN if operation would block */ |
22 | #define XFS_ATTR_NOLOCK 0x04 /* Don't grab any conflicting locks */ | 22 | #define XFS_ATTR_NOLOCK 0x04 /* Don't grab any conflicting locks */ |
@@ -28,24 +28,24 @@ int xfs_inactive(struct xfs_inode *ip); | |||
28 | int xfs_lookup(struct xfs_inode *dp, struct xfs_name *name, | 28 | int xfs_lookup(struct xfs_inode *dp, struct xfs_name *name, |
29 | struct xfs_inode **ipp, struct xfs_name *ci_name); | 29 | struct xfs_inode **ipp, struct xfs_name *ci_name); |
30 | int xfs_create(struct xfs_inode *dp, struct xfs_name *name, mode_t mode, | 30 | int xfs_create(struct xfs_inode *dp, struct xfs_name *name, mode_t mode, |
31 | xfs_dev_t rdev, struct xfs_inode **ipp, struct cred *credp); | 31 | xfs_dev_t rdev, struct xfs_inode **ipp, cred_t *credp); |
32 | int xfs_remove(struct xfs_inode *dp, struct xfs_name *name, | 32 | int xfs_remove(struct xfs_inode *dp, struct xfs_name *name, |
33 | struct xfs_inode *ip); | 33 | struct xfs_inode *ip); |
34 | int xfs_link(struct xfs_inode *tdp, struct xfs_inode *sip, | 34 | int xfs_link(struct xfs_inode *tdp, struct xfs_inode *sip, |
35 | struct xfs_name *target_name); | 35 | struct xfs_name *target_name); |
36 | int xfs_mkdir(struct xfs_inode *dp, struct xfs_name *dir_name, | 36 | int xfs_mkdir(struct xfs_inode *dp, struct xfs_name *dir_name, |
37 | mode_t mode, struct xfs_inode **ipp, struct cred *credp); | 37 | mode_t mode, struct xfs_inode **ipp, cred_t *credp); |
38 | int xfs_readdir(struct xfs_inode *dp, void *dirent, size_t bufsize, | 38 | int xfs_readdir(struct xfs_inode *dp, void *dirent, size_t bufsize, |
39 | xfs_off_t *offset, filldir_t filldir); | 39 | xfs_off_t *offset, filldir_t filldir); |
40 | int xfs_symlink(struct xfs_inode *dp, struct xfs_name *link_name, | 40 | int xfs_symlink(struct xfs_inode *dp, struct xfs_name *link_name, |
41 | const char *target_path, mode_t mode, struct xfs_inode **ipp, | 41 | const char *target_path, mode_t mode, struct xfs_inode **ipp, |
42 | struct cred *credp); | 42 | cred_t *credp); |
43 | int xfs_inode_flush(struct xfs_inode *ip, int flags); | 43 | int xfs_inode_flush(struct xfs_inode *ip, int flags); |
44 | int xfs_set_dmattrs(struct xfs_inode *ip, u_int evmask, u_int16_t state); | 44 | int xfs_set_dmattrs(struct xfs_inode *ip, u_int evmask, u_int16_t state); |
45 | int xfs_reclaim(struct xfs_inode *ip); | 45 | int xfs_reclaim(struct xfs_inode *ip); |
46 | int xfs_change_file_space(struct xfs_inode *ip, int cmd, | 46 | int xfs_change_file_space(struct xfs_inode *ip, int cmd, |
47 | xfs_flock64_t *bf, xfs_off_t offset, | 47 | xfs_flock64_t *bf, xfs_off_t offset, |
48 | struct cred *credp, int attr_flags); | 48 | cred_t *credp, int attr_flags); |
49 | int xfs_rename(struct xfs_inode *src_dp, struct xfs_name *src_name, | 49 | int xfs_rename(struct xfs_inode *src_dp, struct xfs_name *src_name, |
50 | struct xfs_inode *src_ip, struct xfs_inode *target_dp, | 50 | struct xfs_inode *src_ip, struct xfs_inode *target_dp, |
51 | struct xfs_name *target_name, struct xfs_inode *target_ip); | 51 | struct xfs_name *target_name, struct xfs_inode *target_ip); |