mirror of
https://github.com/Fishwaldo/Star64_linux.git
synced 2025-06-20 21:51:05 +00:00
CRED: Use RCU to access another task's creds and to release a task's own creds
Use RCU to access another task's creds and to release a task's own creds. This means that it will be possible for the credentials of a task to be replaced without another task (a) requiring a full lock to read them, and (b) seeing deallocated memory. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: James Morris <jmorris@namei.org> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
David Howells
James Morris
parent
86a264abe5
commit
c69e8d9c01
28 changed files with 353 additions and 202 deletions
|
|
@ -447,7 +447,7 @@ static int audit_filter_rules(struct task_struct *tsk,
|
|||
struct audit_names *name,
|
||||
enum audit_state *state)
|
||||
{
|
||||
struct cred *cred = tsk->cred;
|
||||
const struct cred *cred = get_task_cred(tsk);
|
||||
int i, j, need_sid = 1;
|
||||
u32 sid;
|
||||
|
||||
|
|
@ -642,8 +642,10 @@ static int audit_filter_rules(struct task_struct *tsk,
|
|||
break;
|
||||
}
|
||||
|
||||
if (!result)
|
||||
if (!result) {
|
||||
put_cred(cred);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
if (rule->filterkey && ctx)
|
||||
ctx->filterkey = kstrdup(rule->filterkey, GFP_ATOMIC);
|
||||
|
|
@ -651,6 +653,7 @@ static int audit_filter_rules(struct task_struct *tsk,
|
|||
case AUDIT_NEVER: *state = AUDIT_DISABLED; break;
|
||||
case AUDIT_ALWAYS: *state = AUDIT_RECORD_CONTEXT; break;
|
||||
}
|
||||
put_cred(cred);
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
@ -1229,7 +1232,7 @@ static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name)
|
|||
|
||||
static void audit_log_exit(struct audit_context *context, struct task_struct *tsk)
|
||||
{
|
||||
struct cred *cred = tsk->cred;
|
||||
const struct cred *cred;
|
||||
int i, call_panic = 0;
|
||||
struct audit_buffer *ab;
|
||||
struct audit_aux_data *aux;
|
||||
|
|
@ -1239,13 +1242,14 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
|
|||
context->pid = tsk->pid;
|
||||
if (!context->ppid)
|
||||
context->ppid = sys_getppid();
|
||||
context->uid = cred->uid;
|
||||
context->gid = cred->gid;
|
||||
context->euid = cred->euid;
|
||||
context->suid = cred->suid;
|
||||
cred = current_cred();
|
||||
context->uid = cred->uid;
|
||||
context->gid = cred->gid;
|
||||
context->euid = cred->euid;
|
||||
context->suid = cred->suid;
|
||||
context->fsuid = cred->fsuid;
|
||||
context->egid = cred->egid;
|
||||
context->sgid = cred->sgid;
|
||||
context->egid = cred->egid;
|
||||
context->sgid = cred->sgid;
|
||||
context->fsgid = cred->fsgid;
|
||||
context->personality = tsk->personality;
|
||||
|
||||
|
|
@ -2088,7 +2092,7 @@ int audit_set_loginuid(struct task_struct *task, uid_t loginuid)
|
|||
audit_log_format(ab, "login pid=%d uid=%u "
|
||||
"old auid=%u new auid=%u"
|
||||
" old ses=%u new ses=%u",
|
||||
task->pid, task->cred->uid,
|
||||
task->pid, task_uid(task),
|
||||
task->loginuid, loginuid,
|
||||
task->sessionid, sessionid);
|
||||
audit_log_end(ab);
|
||||
|
|
@ -2471,7 +2475,7 @@ void __audit_ptrace(struct task_struct *t)
|
|||
|
||||
context->target_pid = t->pid;
|
||||
context->target_auid = audit_get_loginuid(t);
|
||||
context->target_uid = t->cred->uid;
|
||||
context->target_uid = task_uid(t);
|
||||
context->target_sessionid = audit_get_sessionid(t);
|
||||
security_task_getsecid(t, &context->target_sid);
|
||||
memcpy(context->target_comm, t->comm, TASK_COMM_LEN);
|
||||
|
|
@ -2490,6 +2494,7 @@ int __audit_signal_info(int sig, struct task_struct *t)
|
|||
struct audit_aux_data_pids *axp;
|
||||
struct task_struct *tsk = current;
|
||||
struct audit_context *ctx = tsk->audit_context;
|
||||
uid_t uid = current_uid(), t_uid = task_uid(t);
|
||||
|
||||
if (audit_pid && t->tgid == audit_pid) {
|
||||
if (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1 || sig == SIGUSR2) {
|
||||
|
|
@ -2497,7 +2502,7 @@ int __audit_signal_info(int sig, struct task_struct *t)
|
|||
if (tsk->loginuid != -1)
|
||||
audit_sig_uid = tsk->loginuid;
|
||||
else
|
||||
audit_sig_uid = tsk->cred->uid;
|
||||
audit_sig_uid = uid;
|
||||
security_task_getsecid(tsk, &audit_sig_sid);
|
||||
}
|
||||
if (!audit_signals || audit_dummy_context())
|
||||
|
|
@ -2509,7 +2514,7 @@ int __audit_signal_info(int sig, struct task_struct *t)
|
|||
if (!ctx->target_pid) {
|
||||
ctx->target_pid = t->tgid;
|
||||
ctx->target_auid = audit_get_loginuid(t);
|
||||
ctx->target_uid = t->cred->uid;
|
||||
ctx->target_uid = t_uid;
|
||||
ctx->target_sessionid = audit_get_sessionid(t);
|
||||
security_task_getsecid(t, &ctx->target_sid);
|
||||
memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN);
|
||||
|
|
@ -2530,7 +2535,7 @@ int __audit_signal_info(int sig, struct task_struct *t)
|
|||
|
||||
axp->target_pid[axp->pid_count] = t->tgid;
|
||||
axp->target_auid[axp->pid_count] = audit_get_loginuid(t);
|
||||
axp->target_uid[axp->pid_count] = t->cred->uid;
|
||||
axp->target_uid[axp->pid_count] = t_uid;
|
||||
axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t);
|
||||
security_task_getsecid(t, &axp->target_sid[axp->pid_count]);
|
||||
memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue