diff options
Diffstat (limited to 'mm')
| -rw-r--r-- | mm/mempolicy.c | 9 | ||||
| -rw-r--r-- | mm/migrate.c | 9 | ||||
| -rw-r--r-- | mm/oom_kill.c | 12 | ||||
| -rw-r--r-- | mm/shmem.c | 8 |
4 files changed, 24 insertions, 14 deletions
diff --git a/mm/mempolicy.c b/mm/mempolicy.c index e9493b1c1117..e412ffa8e52e 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c | |||
| @@ -1114,6 +1114,7 @@ asmlinkage long sys_migrate_pages(pid_t pid, unsigned long maxnode, | |||
| 1114 | const unsigned long __user *old_nodes, | 1114 | const unsigned long __user *old_nodes, |
| 1115 | const unsigned long __user *new_nodes) | 1115 | const unsigned long __user *new_nodes) |
| 1116 | { | 1116 | { |
| 1117 | const struct cred *cred = current_cred(), *tcred; | ||
| 1117 | struct mm_struct *mm; | 1118 | struct mm_struct *mm; |
| 1118 | struct task_struct *task; | 1119 | struct task_struct *task; |
| 1119 | nodemask_t old; | 1120 | nodemask_t old; |
| @@ -1148,12 +1149,16 @@ asmlinkage long sys_migrate_pages(pid_t pid, unsigned long maxnode, | |||
| 1148 | * capabilities, superuser privileges or the same | 1149 | * capabilities, superuser privileges or the same |
| 1149 | * userid as the target process. | 1150 | * userid as the target process. |
| 1150 | */ | 1151 | */ |
| 1151 | if ((current->euid != task->suid) && (current->euid != task->uid) && | 1152 | rcu_read_lock(); |
| 1152 | (current->uid != task->suid) && (current->uid != task->uid) && | 1153 | tcred = __task_cred(task); |
| 1154 | if (cred->euid != tcred->suid && cred->euid != tcred->uid && | ||
| 1155 | cred->uid != tcred->suid && cred->uid != tcred->uid && | ||
| 1153 | !capable(CAP_SYS_NICE)) { | 1156 | !capable(CAP_SYS_NICE)) { |
| 1157 | rcu_read_unlock(); | ||
| 1154 | err = -EPERM; | 1158 | err = -EPERM; |
| 1155 | goto out; | 1159 | goto out; |
| 1156 | } | 1160 | } |
| 1161 | rcu_read_unlock(); | ||
| 1157 | 1162 | ||
| 1158 | task_nodes = cpuset_mems_allowed(task); | 1163 | task_nodes = cpuset_mems_allowed(task); |
| 1159 | /* Is the user allowed to access the target nodes? */ | 1164 | /* Is the user allowed to access the target nodes? */ |
diff --git a/mm/migrate.c b/mm/migrate.c index 385db89f0c33..9dd10da1cc23 100644 --- a/mm/migrate.c +++ b/mm/migrate.c | |||
| @@ -1045,6 +1045,7 @@ asmlinkage long sys_move_pages(pid_t pid, unsigned long nr_pages, | |||
| 1045 | const int __user *nodes, | 1045 | const int __user *nodes, |
| 1046 | int __user *status, int flags) | 1046 | int __user *status, int flags) |
| 1047 | { | 1047 | { |
| 1048 | const struct cred *cred = current_cred(), *tcred; | ||
| 1048 | struct task_struct *task; | 1049 | struct task_struct *task; |
| 1049 | struct mm_struct *mm; | 1050 | struct mm_struct *mm; |
| 1050 | int err; | 1051 | int err; |
| @@ -1075,12 +1076,16 @@ asmlinkage long sys_move_pages(pid_t pid, unsigned long nr_pages, | |||
| 1075 | * capabilities, superuser privileges or the same | 1076 | * capabilities, superuser privileges or the same |
| 1076 | * userid as the target process. | 1077 | * userid as the target process. |
| 1077 | */ | 1078 | */ |
| 1078 | if ((current->euid != task->suid) && (current->euid != task->uid) && | 1079 | rcu_read_lock(); |
| 1079 | (current->uid != task->suid) && (current->uid != task->uid) && | 1080 | tcred = __task_cred(task); |
| 1081 | if (cred->euid != tcred->suid && cred->euid != tcred->uid && | ||
| 1082 | cred->uid != tcred->suid && cred->uid != tcred->uid && | ||
| 1080 | !capable(CAP_SYS_NICE)) { | 1083 | !capable(CAP_SYS_NICE)) { |
| 1084 | rcu_read_unlock(); | ||
| 1081 | err = -EPERM; | 1085 | err = -EPERM; |
| 1082 | goto out; | 1086 | goto out; |
| 1083 | } | 1087 | } |
| 1088 | rcu_read_unlock(); | ||
| 1084 | 1089 | ||
| 1085 | err = security_task_movememory(task); | 1090 | err = security_task_movememory(task); |
| 1086 | if (err) | 1091 | if (err) |
diff --git a/mm/oom_kill.c b/mm/oom_kill.c index a0a01902f551..558f9afe6e4e 100644 --- a/mm/oom_kill.c +++ b/mm/oom_kill.c | |||
| @@ -128,8 +128,8 @@ unsigned long badness(struct task_struct *p, unsigned long uptime) | |||
| 128 | * Superuser processes are usually more important, so we make it | 128 | * Superuser processes are usually more important, so we make it |
| 129 | * less likely that we kill those. | 129 | * less likely that we kill those. |
| 130 | */ | 130 | */ |
| 131 | if (has_capability(p, CAP_SYS_ADMIN) || | 131 | if (has_capability_noaudit(p, CAP_SYS_ADMIN) || |
| 132 | has_capability(p, CAP_SYS_RESOURCE)) | 132 | has_capability_noaudit(p, CAP_SYS_RESOURCE)) |
| 133 | points /= 4; | 133 | points /= 4; |
| 134 | 134 | ||
| 135 | /* | 135 | /* |
| @@ -138,7 +138,7 @@ unsigned long badness(struct task_struct *p, unsigned long uptime) | |||
| 138 | * tend to only have this flag set on applications they think | 138 | * tend to only have this flag set on applications they think |
| 139 | * of as important. | 139 | * of as important. |
| 140 | */ | 140 | */ |
| 141 | if (has_capability(p, CAP_SYS_RAWIO)) | 141 | if (has_capability_noaudit(p, CAP_SYS_RAWIO)) |
| 142 | points /= 4; | 142 | points /= 4; |
| 143 | 143 | ||
| 144 | /* | 144 | /* |
| @@ -299,9 +299,9 @@ static void dump_tasks(const struct mem_cgroup *mem) | |||
| 299 | 299 | ||
| 300 | task_lock(p); | 300 | task_lock(p); |
| 301 | printk(KERN_INFO "[%5d] %5d %5d %8lu %8lu %3d %3d %s\n", | 301 | printk(KERN_INFO "[%5d] %5d %5d %8lu %8lu %3d %3d %s\n", |
| 302 | p->pid, p->uid, p->tgid, p->mm->total_vm, | 302 | p->pid, __task_cred(p)->uid, p->tgid, |
| 303 | get_mm_rss(p->mm), (int)task_cpu(p), p->oomkilladj, | 303 | p->mm->total_vm, get_mm_rss(p->mm), (int)task_cpu(p), |
| 304 | p->comm); | 304 | p->oomkilladj, p->comm); |
| 305 | task_unlock(p); | 305 | task_unlock(p); |
| 306 | } while_each_thread(g, p); | 306 | } while_each_thread(g, p); |
| 307 | } | 307 | } |
diff --git a/mm/shmem.c b/mm/shmem.c index 0ed075215e5f..f1b0d4871f3a 100644 --- a/mm/shmem.c +++ b/mm/shmem.c | |||
| @@ -1513,8 +1513,8 @@ shmem_get_inode(struct super_block *sb, int mode, dev_t dev) | |||
| 1513 | inode = new_inode(sb); | 1513 | inode = new_inode(sb); |
| 1514 | if (inode) { | 1514 | if (inode) { |
| 1515 | inode->i_mode = mode; | 1515 | inode->i_mode = mode; |
| 1516 | inode->i_uid = current->fsuid; | 1516 | inode->i_uid = current_fsuid(); |
| 1517 | inode->i_gid = current->fsgid; | 1517 | inode->i_gid = current_fsgid(); |
| 1518 | inode->i_blocks = 0; | 1518 | inode->i_blocks = 0; |
| 1519 | inode->i_mapping->backing_dev_info = &shmem_backing_dev_info; | 1519 | inode->i_mapping->backing_dev_info = &shmem_backing_dev_info; |
| 1520 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; | 1520 | inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; |
| @@ -2278,8 +2278,8 @@ static int shmem_fill_super(struct super_block *sb, | |||
| 2278 | sbinfo->max_blocks = 0; | 2278 | sbinfo->max_blocks = 0; |
| 2279 | sbinfo->max_inodes = 0; | 2279 | sbinfo->max_inodes = 0; |
| 2280 | sbinfo->mode = S_IRWXUGO | S_ISVTX; | 2280 | sbinfo->mode = S_IRWXUGO | S_ISVTX; |
| 2281 | sbinfo->uid = current->fsuid; | 2281 | sbinfo->uid = current_fsuid(); |
| 2282 | sbinfo->gid = current->fsgid; | 2282 | sbinfo->gid = current_fsgid(); |
| 2283 | sbinfo->mpol = NULL; | 2283 | sbinfo->mpol = NULL; |
| 2284 | sb->s_fs_info = sbinfo; | 2284 | sb->s_fs_info = sbinfo; |
| 2285 | 2285 | ||