aboutsummaryrefslogtreecommitdiffstats
path: root/kernel/cred.c
diff options
context:
space:
mode:
Diffstat (limited to 'kernel/cred.c')
-rw-r--r--kernel/cred.c53
1 files changed, 25 insertions, 28 deletions
diff --git a/kernel/cred.c b/kernel/cred.c
index e70683d9ec32..de728ac50d82 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -49,6 +49,14 @@ struct cred init_cred = {
49 .subscribers = ATOMIC_INIT(2), 49 .subscribers = ATOMIC_INIT(2),
50 .magic = CRED_MAGIC, 50 .magic = CRED_MAGIC,
51#endif 51#endif
52 .uid = GLOBAL_ROOT_UID,
53 .gid = GLOBAL_ROOT_GID,
54 .suid = GLOBAL_ROOT_UID,
55 .sgid = GLOBAL_ROOT_GID,
56 .euid = GLOBAL_ROOT_UID,
57 .egid = GLOBAL_ROOT_GID,
58 .fsuid = GLOBAL_ROOT_UID,
59 .fsgid = GLOBAL_ROOT_GID,
52 .securebits = SECUREBITS_DEFAULT, 60 .securebits = SECUREBITS_DEFAULT,
53 .cap_inheritable = CAP_EMPTY_SET, 61 .cap_inheritable = CAP_EMPTY_SET,
54 .cap_permitted = CAP_FULL_SET, 62 .cap_permitted = CAP_FULL_SET,
@@ -148,6 +156,7 @@ static void put_cred_rcu(struct rcu_head *rcu)
148 if (cred->group_info) 156 if (cred->group_info)
149 put_group_info(cred->group_info); 157 put_group_info(cred->group_info);
150 free_uid(cred->user); 158 free_uid(cred->user);
159 put_user_ns(cred->user_ns);
151 kmem_cache_free(cred_jar, cred); 160 kmem_cache_free(cred_jar, cred);
152} 161}
153 162
@@ -198,13 +207,6 @@ void exit_creds(struct task_struct *tsk)
198 validate_creds(cred); 207 validate_creds(cred);
199 alter_cred_subscribers(cred, -1); 208 alter_cred_subscribers(cred, -1);
200 put_cred(cred); 209 put_cred(cred);
201
202 cred = (struct cred *) tsk->replacement_session_keyring;
203 if (cred) {
204 tsk->replacement_session_keyring = NULL;
205 validate_creds(cred);
206 put_cred(cred);
207 }
208} 210}
209 211
210/** 212/**
@@ -303,6 +305,7 @@ struct cred *prepare_creds(void)
303 set_cred_subscribers(new, 0); 305 set_cred_subscribers(new, 0);
304 get_group_info(new->group_info); 306 get_group_info(new->group_info);
305 get_uid(new->user); 307 get_uid(new->user);
308 get_user_ns(new->user_ns);
306 309
307#ifdef CONFIG_KEYS 310#ifdef CONFIG_KEYS
308 key_get(new->thread_keyring); 311 key_get(new->thread_keyring);
@@ -386,8 +389,6 @@ int copy_creds(struct task_struct *p, unsigned long clone_flags)
386 struct cred *new; 389 struct cred *new;
387 int ret; 390 int ret;
388 391
389 p->replacement_session_keyring = NULL;
390
391 if ( 392 if (
392#ifdef CONFIG_KEYS 393#ifdef CONFIG_KEYS
393 !p->cred->thread_keyring && 394 !p->cred->thread_keyring &&
@@ -414,11 +415,6 @@ int copy_creds(struct task_struct *p, unsigned long clone_flags)
414 goto error_put; 415 goto error_put;
415 } 416 }
416 417
417 /* cache user_ns in cred. Doesn't need a refcount because it will
418 * stay pinned by cred->user
419 */
420 new->user_ns = new->user->user_ns;
421
422#ifdef CONFIG_KEYS 418#ifdef CONFIG_KEYS
423 /* new threads get their own thread keyrings if their parent already 419 /* new threads get their own thread keyrings if their parent already
424 * had one */ 420 * had one */
@@ -493,10 +489,10 @@ int commit_creds(struct cred *new)
493 get_cred(new); /* we will require a ref for the subj creds too */ 489 get_cred(new); /* we will require a ref for the subj creds too */
494 490
495 /* dumpability changes */ 491 /* dumpability changes */
496 if (old->euid != new->euid || 492 if (!uid_eq(old->euid, new->euid) ||
497 old->egid != new->egid || 493 !gid_eq(old->egid, new->egid) ||
498 old->fsuid != new->fsuid || 494 !uid_eq(old->fsuid, new->fsuid) ||
499 old->fsgid != new->fsgid || 495 !gid_eq(old->fsgid, new->fsgid) ||
500 !cap_issubset(new->cap_permitted, old->cap_permitted)) { 496 !cap_issubset(new->cap_permitted, old->cap_permitted)) {
501 if (task->mm) 497 if (task->mm)
502 set_dumpable(task->mm, suid_dumpable); 498 set_dumpable(task->mm, suid_dumpable);
@@ -505,9 +501,9 @@ int commit_creds(struct cred *new)
505 } 501 }
506 502
507 /* alter the thread keyring */ 503 /* alter the thread keyring */
508 if (new->fsuid != old->fsuid) 504 if (!uid_eq(new->fsuid, old->fsuid))
509 key_fsuid_changed(task); 505 key_fsuid_changed(task);
510 if (new->fsgid != old->fsgid) 506 if (!gid_eq(new->fsgid, old->fsgid))
511 key_fsgid_changed(task); 507 key_fsgid_changed(task);
512 508
513 /* do it 509 /* do it
@@ -524,16 +520,16 @@ int commit_creds(struct cred *new)
524 alter_cred_subscribers(old, -2); 520 alter_cred_subscribers(old, -2);
525 521
526 /* send notifications */ 522 /* send notifications */
527 if (new->uid != old->uid || 523 if (!uid_eq(new->uid, old->uid) ||
528 new->euid != old->euid || 524 !uid_eq(new->euid, old->euid) ||
529 new->suid != old->suid || 525 !uid_eq(new->suid, old->suid) ||
530 new->fsuid != old->fsuid) 526 !uid_eq(new->fsuid, old->fsuid))
531 proc_id_connector(task, PROC_EVENT_UID); 527 proc_id_connector(task, PROC_EVENT_UID);
532 528
533 if (new->gid != old->gid || 529 if (!gid_eq(new->gid, old->gid) ||
534 new->egid != old->egid || 530 !gid_eq(new->egid, old->egid) ||
535 new->sgid != old->sgid || 531 !gid_eq(new->sgid, old->sgid) ||
536 new->fsgid != old->fsgid) 532 !gid_eq(new->fsgid, old->fsgid))
537 proc_id_connector(task, PROC_EVENT_GID); 533 proc_id_connector(task, PROC_EVENT_GID);
538 534
539 /* release the old obj and subj refs both */ 535 /* release the old obj and subj refs both */
@@ -678,6 +674,7 @@ struct cred *prepare_kernel_cred(struct task_struct *daemon)
678 atomic_set(&new->usage, 1); 674 atomic_set(&new->usage, 1);
679 set_cred_subscribers(new, 0); 675 set_cred_subscribers(new, 0);
680 get_uid(new->user); 676 get_uid(new->user);
677 get_user_ns(new->user_ns);
681 get_group_info(new->group_info); 678 get_group_info(new->group_info);
682 679
683#ifdef CONFIG_KEYS 680#ifdef CONFIG_KEYS
generated by cgit v1.2.2 (git 2.25.0) at 2025-09-21 03:35:05 -0400