aboutsummaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
Diffstat (limited to 'kernel')
-rw-r--r--kernel/acct.c8
-rw-r--r--kernel/cred.c293
-rw-r--r--kernel/exit.c4
-rw-r--r--kernel/fork.c6
-rw-r--r--kernel/kmod.c5
-rw-r--r--kernel/ptrace.c2
-rw-r--r--kernel/sysctl.c1
7 files changed, 306 insertions, 13 deletions
diff --git a/kernel/acct.c b/kernel/acct.c
index 9f3391090b3e..9a4715a2f6bf 100644
--- a/kernel/acct.c
+++ b/kernel/acct.c
@@ -491,13 +491,17 @@ static void do_acct_process(struct bsd_acct_struct *acct,
491 u64 run_time; 491 u64 run_time;
492 struct timespec uptime; 492 struct timespec uptime;
493 struct tty_struct *tty; 493 struct tty_struct *tty;
494 const struct cred *orig_cred;
495
496 /* Perform file operations on behalf of whoever enabled accounting */
497 orig_cred = override_creds(file->f_cred);
494 498
495 /* 499 /*
496 * First check to see if there is enough free_space to continue 500 * First check to see if there is enough free_space to continue
497 * the process accounting system. 501 * the process accounting system.
498 */ 502 */
499 if (!check_free_space(acct, file)) 503 if (!check_free_space(acct, file))
500 return; 504 goto out;
501 505
502 /* 506 /*
503 * Fill the accounting struct with the needed info as recorded 507 * Fill the accounting struct with the needed info as recorded
@@ -578,6 +582,8 @@ static void do_acct_process(struct bsd_acct_struct *acct,
578 sizeof(acct_t), &file->f_pos); 582 sizeof(acct_t), &file->f_pos);
579 current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim; 583 current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim;
580 set_fs(fs); 584 set_fs(fs);
585out:
586 revert_creds(orig_cred);
581} 587}
582 588
583/** 589/**
diff --git a/kernel/cred.c b/kernel/cred.c
index 1bb4d7e5d616..006fcab009d5 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -18,6 +18,18 @@
18#include <linux/cn_proc.h> 18#include <linux/cn_proc.h>
19#include "cred-internals.h" 19#include "cred-internals.h"
20 20
21#if 0
22#define kdebug(FMT, ...) \
23 printk("[%-5.5s%5u] "FMT"\n", current->comm, current->pid ,##__VA_ARGS__)
24#else
25static inline __attribute__((format(printf, 1, 2)))
26void no_printk(const char *fmt, ...)
27{
28}
29#define kdebug(FMT, ...) \
30 no_printk("[%-5.5s%5u] "FMT"\n", current->comm, current->pid ,##__VA_ARGS__)
31#endif
32
21static struct kmem_cache *cred_jar; 33static struct kmem_cache *cred_jar;
22 34
23/* 35/*
@@ -36,6 +48,10 @@ static struct thread_group_cred init_tgcred = {
36 */ 48 */
37struct cred init_cred = { 49struct cred init_cred = {
38 .usage = ATOMIC_INIT(4), 50 .usage = ATOMIC_INIT(4),
51#ifdef CONFIG_DEBUG_CREDENTIALS
52 .subscribers = ATOMIC_INIT(2),
53 .magic = CRED_MAGIC,
54#endif
39 .securebits = SECUREBITS_DEFAULT, 55 .securebits = SECUREBITS_DEFAULT,
40 .cap_inheritable = CAP_INIT_INH_SET, 56 .cap_inheritable = CAP_INIT_INH_SET,
41 .cap_permitted = CAP_FULL_SET, 57 .cap_permitted = CAP_FULL_SET,
@@ -48,6 +64,31 @@ struct cred init_cred = {
48#endif 64#endif
49}; 65};
50 66
67static inline void set_cred_subscribers(struct cred *cred, int n)
68{
69#ifdef CONFIG_DEBUG_CREDENTIALS
70 atomic_set(&cred->subscribers, n);
71#endif
72}
73
74static inline int read_cred_subscribers(const struct cred *cred)
75{
76#ifdef CONFIG_DEBUG_CREDENTIALS
77 return atomic_read(&cred->subscribers);
78#else
79 return 0;
80#endif
81}
82
83static inline void alter_cred_subscribers(const struct cred *_cred, int n)
84{
85#ifdef CONFIG_DEBUG_CREDENTIALS
86 struct cred *cred = (struct cred *) _cred;
87
88 atomic_add(n, &cred->subscribers);
89#endif
90}
91
51/* 92/*
52 * Dispose of the shared task group credentials 93 * Dispose of the shared task group credentials
53 */ 94 */
@@ -85,9 +126,22 @@ static void put_cred_rcu(struct rcu_head *rcu)
85{ 126{
86 struct cred *cred = container_of(rcu, struct cred, rcu); 127 struct cred *cred = container_of(rcu, struct cred, rcu);
87 128
129 kdebug("put_cred_rcu(%p)", cred);
130
131#ifdef CONFIG_DEBUG_CREDENTIALS
132 if (cred->magic != CRED_MAGIC_DEAD ||
133 atomic_read(&cred->usage) != 0 ||
134 read_cred_subscribers(cred) != 0)
135 panic("CRED: put_cred_rcu() sees %p with"
136 " mag %x, put %p, usage %d, subscr %d\n",
137 cred, cred->magic, cred->put_addr,
138 atomic_read(&cred->usage),
139 read_cred_subscribers(cred));
140#else
88 if (atomic_read(&cred->usage) != 0) 141 if (atomic_read(&cred->usage) != 0)
89 panic("CRED: put_cred_rcu() sees %p with usage %d\n", 142 panic("CRED: put_cred_rcu() sees %p with usage %d\n",
90 cred, atomic_read(&cred->usage)); 143 cred, atomic_read(&cred->usage));
144#endif
91 145
92 security_cred_free(cred); 146 security_cred_free(cred);
93 key_put(cred->thread_keyring); 147 key_put(cred->thread_keyring);
@@ -106,12 +160,90 @@ static void put_cred_rcu(struct rcu_head *rcu)
106 */ 160 */
107void __put_cred(struct cred *cred) 161void __put_cred(struct cred *cred)
108{ 162{
163 kdebug("__put_cred(%p{%d,%d})", cred,
164 atomic_read(&cred->usage),
165 read_cred_subscribers(cred));
166
109 BUG_ON(atomic_read(&cred->usage) != 0); 167 BUG_ON(atomic_read(&cred->usage) != 0);
168#ifdef CONFIG_DEBUG_CREDENTIALS
169 BUG_ON(read_cred_subscribers(cred) != 0);
170 cred->magic = CRED_MAGIC_DEAD;
171 cred->put_addr = __builtin_return_address(0);
172#endif
173 BUG_ON(cred == current->cred);
174 BUG_ON(cred == current->real_cred);
110 175
111 call_rcu(&cred->rcu, put_cred_rcu); 176 call_rcu(&cred->rcu, put_cred_rcu);
112} 177}
113EXPORT_SYMBOL(__put_cred); 178EXPORT_SYMBOL(__put_cred);
114 179
180/*
181 * Clean up a task's credentials when it exits
182 */
183void exit_creds(struct task_struct *tsk)
184{
185 struct cred *cred;
186
187 kdebug("exit_creds(%u,%p,%p,{%d,%d})", tsk->pid, tsk->real_cred, tsk->cred,
188 atomic_read(&tsk->cred->usage),
189 read_cred_subscribers(tsk->cred));
190
191 cred = (struct cred *) tsk->real_cred;
192 tsk->real_cred = NULL;
193 validate_creds(cred);
194 alter_cred_subscribers(cred, -1);
195 put_cred(cred);
196
197 cred = (struct cred *) tsk->cred;
198 tsk->cred = NULL;
199 validate_creds(cred);
200 alter_cred_subscribers(cred, -1);
201 put_cred(cred);
202
203 cred = (struct cred *) tsk->replacement_session_keyring;
204 if (cred) {
205 tsk->replacement_session_keyring = NULL;
206 validate_creds(cred);
207 put_cred(cred);
208 }
209}
210
211/*
212 * Allocate blank credentials, such that the credentials can be filled in at a
213 * later date without risk of ENOMEM.
214 */
215struct cred *cred_alloc_blank(void)
216{
217 struct cred *new;
218
219 new = kmem_cache_zalloc(cred_jar, GFP_KERNEL);
220 if (!new)
221 return NULL;
222
223#ifdef CONFIG_KEYS
224 new->tgcred = kzalloc(sizeof(*new->tgcred), GFP_KERNEL);
225 if (!new->tgcred) {
226 kfree(new);
227 return NULL;
228 }
229 atomic_set(&new->tgcred->usage, 1);
230#endif
231
232 atomic_set(&new->usage, 1);
233
234 if (security_cred_alloc_blank(new, GFP_KERNEL) < 0)
235 goto error;
236
237#ifdef CONFIG_DEBUG_CREDENTIALS
238 new->magic = CRED_MAGIC;
239#endif
240 return new;
241
242error:
243 abort_creds(new);
244 return NULL;
245}
246
115/** 247/**
116 * prepare_creds - Prepare a new set of credentials for modification 248 * prepare_creds - Prepare a new set of credentials for modification
117 * 249 *
@@ -132,16 +264,19 @@ struct cred *prepare_creds(void)
132 const struct cred *old; 264 const struct cred *old;
133 struct cred *new; 265 struct cred *new;
134 266
135 BUG_ON(atomic_read(&task->real_cred->usage) < 1); 267 validate_process_creds();
136 268
137 new = kmem_cache_alloc(cred_jar, GFP_KERNEL); 269 new = kmem_cache_alloc(cred_jar, GFP_KERNEL);
138 if (!new) 270 if (!new)
139 return NULL; 271 return NULL;
140 272
273 kdebug("prepare_creds() alloc %p", new);
274
141 old = task->cred; 275 old = task->cred;
142 memcpy(new, old, sizeof(struct cred)); 276 memcpy(new, old, sizeof(struct cred));
143 277
144 atomic_set(&new->usage, 1); 278 atomic_set(&new->usage, 1);
279 set_cred_subscribers(new, 0);
145 get_group_info(new->group_info); 280 get_group_info(new->group_info);
146 get_uid(new->user); 281 get_uid(new->user);
147 282
@@ -157,6 +292,7 @@ struct cred *prepare_creds(void)
157 292
158 if (security_prepare_creds(new, old, GFP_KERNEL) < 0) 293 if (security_prepare_creds(new, old, GFP_KERNEL) < 0)
159 goto error; 294 goto error;
295 validate_creds(new);
160 return new; 296 return new;
161 297
162error: 298error:
@@ -229,9 +365,12 @@ struct cred *prepare_usermodehelper_creds(void)
229 if (!new) 365 if (!new)
230 return NULL; 366 return NULL;
231 367
368 kdebug("prepare_usermodehelper_creds() alloc %p", new);
369
232 memcpy(new, &init_cred, sizeof(struct cred)); 370 memcpy(new, &init_cred, sizeof(struct cred));
233 371
234 atomic_set(&new->usage, 1); 372 atomic_set(&new->usage, 1);
373 set_cred_subscribers(new, 0);
235 get_group_info(new->group_info); 374 get_group_info(new->group_info);
236 get_uid(new->user); 375 get_uid(new->user);
237 376
@@ -250,6 +389,7 @@ struct cred *prepare_usermodehelper_creds(void)
250#endif 389#endif
251 if (security_prepare_creds(new, &init_cred, GFP_ATOMIC) < 0) 390 if (security_prepare_creds(new, &init_cred, GFP_ATOMIC) < 0)
252 goto error; 391 goto error;
392 validate_creds(new);
253 393
254 BUG_ON(atomic_read(&new->usage) != 1); 394 BUG_ON(atomic_read(&new->usage) != 1);
255 return new; 395 return new;
@@ -286,6 +426,10 @@ int copy_creds(struct task_struct *p, unsigned long clone_flags)
286 ) { 426 ) {
287 p->real_cred = get_cred(p->cred); 427 p->real_cred = get_cred(p->cred);
288 get_cred(p->cred); 428 get_cred(p->cred);
429 alter_cred_subscribers(p->cred, 2);
430 kdebug("share_creds(%p{%d,%d})",
431 p->cred, atomic_read(&p->cred->usage),
432 read_cred_subscribers(p->cred));
289 atomic_inc(&p->cred->user->processes); 433 atomic_inc(&p->cred->user->processes);
290 return 0; 434 return 0;
291 } 435 }
@@ -331,6 +475,8 @@ int copy_creds(struct task_struct *p, unsigned long clone_flags)
331 475
332 atomic_inc(&new->user->processes); 476 atomic_inc(&new->user->processes);
333 p->cred = p->real_cred = get_cred(new); 477 p->cred = p->real_cred = get_cred(new);
478 alter_cred_subscribers(new, 2);
479 validate_creds(new);
334 return 0; 480 return 0;
335 481
336error_put: 482error_put:
@@ -355,13 +501,20 @@ error_put:
355int commit_creds(struct cred *new) 501int commit_creds(struct cred *new)
356{ 502{
357 struct task_struct *task = current; 503 struct task_struct *task = current;
358 const struct cred *old; 504 const struct cred *old = task->real_cred;
359 505
360 BUG_ON(task->cred != task->real_cred); 506 kdebug("commit_creds(%p{%d,%d})", new,
361 BUG_ON(atomic_read(&task->real_cred->usage) < 2); 507 atomic_read(&new->usage),
508 read_cred_subscribers(new));
509
510 BUG_ON(task->cred != old);
511#ifdef CONFIG_DEBUG_CREDENTIALS
512 BUG_ON(read_cred_subscribers(old) < 2);
513 validate_creds(old);
514 validate_creds(new);
515#endif
362 BUG_ON(atomic_read(&new->usage) < 1); 516 BUG_ON(atomic_read(&new->usage) < 1);
363 517
364 old = task->real_cred;
365 security_commit_creds(new, old); 518 security_commit_creds(new, old);
366 519
367 get_cred(new); /* we will require a ref for the subj creds too */ 520 get_cred(new); /* we will require a ref for the subj creds too */
@@ -390,12 +543,14 @@ int commit_creds(struct cred *new)
390 * cheaply with the new uid cache, so if it matters 543 * cheaply with the new uid cache, so if it matters
391 * we should be checking for it. -DaveM 544 * we should be checking for it. -DaveM
392 */ 545 */
546 alter_cred_subscribers(new, 2);
393 if (new->user != old->user) 547 if (new->user != old->user)
394 atomic_inc(&new->user->processes); 548 atomic_inc(&new->user->processes);
395 rcu_assign_pointer(task->real_cred, new); 549 rcu_assign_pointer(task->real_cred, new);
396 rcu_assign_pointer(task->cred, new); 550 rcu_assign_pointer(task->cred, new);
397 if (new->user != old->user) 551 if (new->user != old->user)
398 atomic_dec(&old->user->processes); 552 atomic_dec(&old->user->processes);
553 alter_cred_subscribers(old, -2);
399 554
400 sched_switch_user(task); 555 sched_switch_user(task);
401 556
@@ -428,6 +583,13 @@ EXPORT_SYMBOL(commit_creds);
428 */ 583 */
429void abort_creds(struct cred *new) 584void abort_creds(struct cred *new)
430{ 585{
586 kdebug("abort_creds(%p{%d,%d})", new,
587 atomic_read(&new->usage),
588 read_cred_subscribers(new));
589
590#ifdef CONFIG_DEBUG_CREDENTIALS
591 BUG_ON(read_cred_subscribers(new) != 0);
592#endif
431 BUG_ON(atomic_read(&new->usage) < 1); 593 BUG_ON(atomic_read(&new->usage) < 1);
432 put_cred(new); 594 put_cred(new);
433} 595}
@@ -444,7 +606,20 @@ const struct cred *override_creds(const struct cred *new)
444{ 606{
445 const struct cred *old = current->cred; 607 const struct cred *old = current->cred;
446 608
447 rcu_assign_pointer(current->cred, get_cred(new)); 609 kdebug("override_creds(%p{%d,%d})", new,
610 atomic_read(&new->usage),
611 read_cred_subscribers(new));
612
613 validate_creds(old);
614 validate_creds(new);
615 get_cred(new);
616 alter_cred_subscribers(new, 1);
617 rcu_assign_pointer(current->cred, new);
618 alter_cred_subscribers(old, -1);
619
620 kdebug("override_creds() = %p{%d,%d}", old,
621 atomic_read(&old->usage),
622 read_cred_subscribers(old));
448 return old; 623 return old;
449} 624}
450EXPORT_SYMBOL(override_creds); 625EXPORT_SYMBOL(override_creds);
@@ -460,7 +635,15 @@ void revert_creds(const struct cred *old)
460{ 635{
461 const struct cred *override = current->cred; 636 const struct cred *override = current->cred;
462 637
638 kdebug("revert_creds(%p{%d,%d})", old,
639 atomic_read(&old->usage),
640 read_cred_subscribers(old));
641
642 validate_creds(old);
643 validate_creds(override);
644 alter_cred_subscribers(old, 1);
463 rcu_assign_pointer(current->cred, old); 645 rcu_assign_pointer(current->cred, old);
646 alter_cred_subscribers(override, -1);
464 put_cred(override); 647 put_cred(override);
465} 648}
466EXPORT_SYMBOL(revert_creds); 649EXPORT_SYMBOL(revert_creds);
@@ -502,11 +685,15 @@ struct cred *prepare_kernel_cred(struct task_struct *daemon)
502 if (!new) 685 if (!new)
503 return NULL; 686 return NULL;
504 687
688 kdebug("prepare_kernel_cred() alloc %p", new);
689
505 if (daemon) 690 if (daemon)
506 old = get_task_cred(daemon); 691 old = get_task_cred(daemon);
507 else 692 else
508 old = get_cred(&init_cred); 693 old = get_cred(&init_cred);
509 694
695 validate_creds(old);
696
510 *new = *old; 697 *new = *old;
511 get_uid(new->user); 698 get_uid(new->user);
512 get_group_info(new->group_info); 699 get_group_info(new->group_info);
@@ -526,7 +713,9 @@ struct cred *prepare_kernel_cred(struct task_struct *daemon)
526 goto error; 713 goto error;
527 714
528 atomic_set(&new->usage, 1); 715 atomic_set(&new->usage, 1);
716 set_cred_subscribers(new, 0);
529 put_cred(old); 717 put_cred(old);
718 validate_creds(new);
530 return new; 719 return new;
531 720
532error: 721error:
@@ -589,3 +778,95 @@ int set_create_files_as(struct cred *new, struct inode *inode)
589 return security_kernel_create_files_as(new, inode); 778 return security_kernel_create_files_as(new, inode);
590} 779}
591EXPORT_SYMBOL(set_create_files_as); 780EXPORT_SYMBOL(set_create_files_as);
781
782#ifdef CONFIG_DEBUG_CREDENTIALS
783
784/*
785 * dump invalid credentials
786 */
787static void dump_invalid_creds(const struct cred *cred, const char *label,
788 const struct task_struct *tsk)
789{
790 printk(KERN_ERR "CRED: %s credentials: %p %s%s%s\n",
791 label, cred,
792 cred == &init_cred ? "[init]" : "",
793 cred == tsk->real_cred ? "[real]" : "",
794 cred == tsk->cred ? "[eff]" : "");
795 printk(KERN_ERR "CRED: ->magic=%x, put_addr=%p\n",
796 cred->magic, cred->put_addr);
797 printk(KERN_ERR "CRED: ->usage=%d, subscr=%d\n",
798 atomic_read(&cred->usage),
799 read_cred_subscribers(cred));
800 printk(KERN_ERR "CRED: ->*uid = { %d,%d,%d,%d }\n",
801 cred->uid, cred->euid, cred->suid, cred->fsuid);
802 printk(KERN_ERR "CRED: ->*gid = { %d,%d,%d,%d }\n",
803 cred->gid, cred->egid, cred->sgid, cred->fsgid);
804#ifdef CONFIG_SECURITY
805 printk(KERN_ERR "CRED: ->security is %p\n", cred->security);
806 if ((unsigned long) cred->security >= PAGE_SIZE &&
807 (((unsigned long) cred->security & 0xffffff00) !=
808 (POISON_FREE << 24 | POISON_FREE << 16 | POISON_FREE << 8)))
809 printk(KERN_ERR "CRED: ->security {%x, %x}\n",
810 ((u32*)cred->security)[0],
811 ((u32*)cred->security)[1]);
812#endif
813}
814
815/*
816 * report use of invalid credentials
817 */
818void __invalid_creds(const struct cred *cred, const char *file, unsigned line)
819{
820 printk(KERN_ERR "CRED: Invalid credentials\n");
821 printk(KERN_ERR "CRED: At %s:%u\n", file, line);
822 dump_invalid_creds(cred, "Specified", current);
823 BUG();
824}
825EXPORT_SYMBOL(__invalid_creds);
826
827/*
828 * check the credentials on a process
829 */
830void __validate_process_creds(struct task_struct *tsk,
831 const char *file, unsigned line)
832{
833 if (tsk->cred == tsk->real_cred) {
834 if (unlikely(read_cred_subscribers(tsk->cred) < 2 ||
835 creds_are_invalid(tsk->cred)))
836 goto invalid_creds;
837 } else {
838 if (unlikely(read_cred_subscribers(tsk->real_cred) < 1 ||
839 read_cred_subscribers(tsk->cred) < 1 ||
840 creds_are_invalid(tsk->real_cred) ||
841 creds_are_invalid(tsk->cred)))
842 goto invalid_creds;
843 }
844 return;
845
846invalid_creds:
847 printk(KERN_ERR "CRED: Invalid process credentials\n");
848 printk(KERN_ERR "CRED: At %s:%u\n", file, line);
849
850 dump_invalid_creds(tsk->real_cred, "Real", tsk);
851 if (tsk->cred != tsk->real_cred)
852 dump_invalid_creds(tsk->cred, "Effective", tsk);
853 else
854 printk(KERN_ERR "CRED: Effective creds == Real creds\n");
855 BUG();
856}
857EXPORT_SYMBOL(__validate_process_creds);
858
859/*
860 * check creds for do_exit()
861 */
862void validate_creds_for_do_exit(struct task_struct *tsk)
863{
864 kdebug("validate_creds_for_do_exit(%p,%p{%d,%d})",
865 tsk->real_cred, tsk->cred,
866 atomic_read(&tsk->cred->usage),
867 read_cred_subscribers(tsk->cred));
868
869 __validate_process_creds(tsk, __FILE__, __LINE__);
870}
871
872#endif /* CONFIG_DEBUG_CREDENTIALS */
diff --git a/kernel/exit.c b/kernel/exit.c
index 869dc221733e..c98ff7a8025f 100644
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -901,6 +901,8 @@ NORET_TYPE void do_exit(long code)
901 901
902 tracehook_report_exit(&code); 902 tracehook_report_exit(&code);
903 903
904 validate_creds_for_do_exit(tsk);
905
904 /* 906 /*
905 * We're taking recursive faults here in do_exit. Safest is to just 907 * We're taking recursive faults here in do_exit. Safest is to just
906 * leave this task alone and wait for reboot. 908 * leave this task alone and wait for reboot.
@@ -1009,6 +1011,8 @@ NORET_TYPE void do_exit(long code)
1009 if (tsk->splice_pipe) 1011 if (tsk->splice_pipe)
1010 __free_pipe_info(tsk->splice_pipe); 1012 __free_pipe_info(tsk->splice_pipe);
1011 1013
1014 validate_creds_for_do_exit(tsk);
1015
1012 preempt_disable(); 1016 preempt_disable();
1013 /* causes final put_task_struct in finish_task_switch(). */ 1017 /* causes final put_task_struct in finish_task_switch(). */
1014 tsk->state = TASK_DEAD; 1018 tsk->state = TASK_DEAD;
diff --git a/kernel/fork.c b/kernel/fork.c
index e6c04d462ab2..aab8579c6093 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -152,8 +152,7 @@ void __put_task_struct(struct task_struct *tsk)
152 WARN_ON(atomic_read(&tsk->usage)); 152 WARN_ON(atomic_read(&tsk->usage));
153 WARN_ON(tsk == current); 153 WARN_ON(tsk == current);
154 154
155 put_cred(tsk->real_cred); 155 exit_creds(tsk);
156 put_cred(tsk->cred);
157 delayacct_tsk_free(tsk); 156 delayacct_tsk_free(tsk);
158 157
159 if (!profile_handoff_task(tsk)) 158 if (!profile_handoff_task(tsk))
@@ -1297,8 +1296,7 @@ bad_fork_cleanup_put_domain:
1297 module_put(task_thread_info(p)->exec_domain->module); 1296 module_put(task_thread_info(p)->exec_domain->module);
1298bad_fork_cleanup_count: 1297bad_fork_cleanup_count:
1299 atomic_dec(&p->cred->user->processes); 1298 atomic_dec(&p->cred->user->processes);
1300 put_cred(p->real_cred); 1299 exit_creds(p);
1301 put_cred(p->cred);
1302bad_fork_free: 1300bad_fork_free:
1303 free_task(p); 1301 free_task(p);
1304fork_out: 1302fork_out:
diff --git a/kernel/kmod.c b/kernel/kmod.c
index 385c31a1bdbf..4e8cae2e9148 100644
--- a/kernel/kmod.c
+++ b/kernel/kmod.c
@@ -78,6 +78,10 @@ int __request_module(bool wait, const char *fmt, ...)
78#define MAX_KMOD_CONCURRENT 50 /* Completely arbitrary value - KAO */ 78#define MAX_KMOD_CONCURRENT 50 /* Completely arbitrary value - KAO */
79 static int kmod_loop_msg; 79 static int kmod_loop_msg;
80 80
81 ret = security_kernel_module_request();
82 if (ret)
83 return ret;
84
81 va_start(args, fmt); 85 va_start(args, fmt);
82 ret = vsnprintf(module_name, MODULE_NAME_LEN, fmt, args); 86 ret = vsnprintf(module_name, MODULE_NAME_LEN, fmt, args);
83 va_end(args); 87 va_end(args);
@@ -462,6 +466,7 @@ int call_usermodehelper_exec(struct subprocess_info *sub_info,
462 int retval = 0; 466 int retval = 0;
463 467
464 BUG_ON(atomic_read(&sub_info->cred->usage) != 1); 468 BUG_ON(atomic_read(&sub_info->cred->usage) != 1);
469 validate_creds(sub_info->cred);
465 470
466 helper_lock(); 471 helper_lock();
467 if (sub_info->path[0] == '\0') 472 if (sub_info->path[0] == '\0')
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index 082c320e4dbf..307c285af59e 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -152,7 +152,7 @@ int __ptrace_may_access(struct task_struct *task, unsigned int mode)
152 if (!dumpable && !capable(CAP_SYS_PTRACE)) 152 if (!dumpable && !capable(CAP_SYS_PTRACE))
153 return -EPERM; 153 return -EPERM;
154 154
155 return security_ptrace_may_access(task, mode); 155 return security_ptrace_access_check(task, mode);
156} 156}
157 157
158bool ptrace_may_access(struct task_struct *task, unsigned int mode) 158bool ptrace_may_access(struct task_struct *task, unsigned int mode)
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 58be76017fd0..71d8dc7f9920 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -49,7 +49,6 @@
49#include <linux/acpi.h> 49#include <linux/acpi.h>
50#include <linux/reboot.h> 50#include <linux/reboot.h>
51#include <linux/ftrace.h> 51#include <linux/ftrace.h>
52#include <linux/security.h>
53#include <linux/slow-work.h> 52#include <linux/slow-work.h>
54#include <linux/perf_counter.h> 53#include <linux/perf_counter.h>
55 54
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-16 10:51:01 -0500