Blame view

kernel/cred.c 22.1 KB
d410fa4ef   Randy Dunlap   Create Documentat...
1
  /* Task credentials management - see Documentation/security/credentials.txt
f1752eec6   David Howells   CRED: Detach the ...
2
3
4
5
6
7
8
9
10
   *
   * Copyright (C) 2008 Red Hat, Inc. All Rights Reserved.
   * Written by David Howells (dhowells@redhat.com)
   *
   * This program is free software; you can redistribute it and/or
   * modify it under the terms of the GNU General Public Licence
   * as published by the Free Software Foundation; either version
   * 2 of the Licence, or (at your option) any later version.
   */
9984de1a5   Paul Gortmaker   kernel: Map most ...
11
  #include <linux/export.h>
f1752eec6   David Howells   CRED: Detach the ...
12
  #include <linux/cred.h>
5a0e3ad6a   Tejun Heo   include cleanup: ...
13
  #include <linux/slab.h>
f1752eec6   David Howells   CRED: Detach the ...
14
15
16
17
18
  #include <linux/sched.h>
  #include <linux/key.h>
  #include <linux/keyctl.h>
  #include <linux/init_task.h>
  #include <linux/security.h>
d84f4f992   David Howells   CRED: Inaugurate ...
19
  #include <linux/cn_proc.h>
d84f4f992   David Howells   CRED: Inaugurate ...
20

e0e817392   David Howells   CRED: Add some co...
21
22
23
24
25
  #if 0
  #define kdebug(FMT, ...) \
  	printk("[%-5.5s%5u] "FMT"
  ", current->comm, current->pid ,##__VA_ARGS__)
  #else
e0e817392   David Howells   CRED: Add some co...
26
27
28
29
  #define kdebug(FMT, ...) \
  	no_printk("[%-5.5s%5u] "FMT"
  ", current->comm, current->pid ,##__VA_ARGS__)
  #endif
d84f4f992   David Howells   CRED: Inaugurate ...
30
  static struct kmem_cache *cred_jar;
f1752eec6   David Howells   CRED: Detach the ...
31
32
  
  /*
bb952bb98   David Howells   CRED: Separate pe...
33
34
35
36
37
38
   * The common credentials for the initial task's thread group
   */
  #ifdef CONFIG_KEYS
  static struct thread_group_cred init_tgcred = {
  	.usage	= ATOMIC_INIT(2),
  	.tgid	= 0,
10389a15e   Thomas Gleixner   cred: Replace dep...
39
  	.lock	= __SPIN_LOCK_UNLOCKED(init_cred.tgcred.lock),
bb952bb98   David Howells   CRED: Separate pe...
40
41
42
43
  };
  #endif
  
  /*
f1752eec6   David Howells   CRED: Detach the ...
44
45
46
   * The initial credentials for the initial task
   */
  struct cred init_cred = {
3b11a1dec   David Howells   CRED: Differentia...
47
  	.usage			= ATOMIC_INIT(4),
e0e817392   David Howells   CRED: Add some co...
48
49
50
51
  #ifdef CONFIG_DEBUG_CREDENTIALS
  	.subscribers		= ATOMIC_INIT(2),
  	.magic			= CRED_MAGIC,
  #endif
f1752eec6   David Howells   CRED: Detach the ...
52
  	.securebits		= SECUREBITS_DEFAULT,
a3232d2fa   Eric Paris   capabilities: del...
53
  	.cap_inheritable	= CAP_EMPTY_SET,
f1752eec6   David Howells   CRED: Detach the ...
54
  	.cap_permitted		= CAP_FULL_SET,
a3232d2fa   Eric Paris   capabilities: del...
55
56
  	.cap_effective		= CAP_FULL_SET,
  	.cap_bset		= CAP_FULL_SET,
f1752eec6   David Howells   CRED: Detach the ...
57
  	.user			= INIT_USER,
47a150edc   Serge E. Hallyn   Cache user_ns in ...
58
  	.user_ns		= &init_user_ns,
f1752eec6   David Howells   CRED: Detach the ...
59
  	.group_info		= &init_groups,
bb952bb98   David Howells   CRED: Separate pe...
60
61
62
  #ifdef CONFIG_KEYS
  	.tgcred			= &init_tgcred,
  #endif
f1752eec6   David Howells   CRED: Detach the ...
63
  };
e0e817392   David Howells   CRED: Add some co...
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
  static inline void set_cred_subscribers(struct cred *cred, int n)
  {
  #ifdef CONFIG_DEBUG_CREDENTIALS
  	atomic_set(&cred->subscribers, n);
  #endif
  }
  
  static inline int read_cred_subscribers(const struct cred *cred)
  {
  #ifdef CONFIG_DEBUG_CREDENTIALS
  	return atomic_read(&cred->subscribers);
  #else
  	return 0;
  #endif
  }
  
  static inline void alter_cred_subscribers(const struct cred *_cred, int n)
  {
  #ifdef CONFIG_DEBUG_CREDENTIALS
  	struct cred *cred = (struct cred *) _cred;
  
  	atomic_add(n, &cred->subscribers);
  #endif
  }
f1752eec6   David Howells   CRED: Detach the ...
88
  /*
bb952bb98   David Howells   CRED: Separate pe...
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
   * Dispose of the shared task group credentials
   */
  #ifdef CONFIG_KEYS
  static void release_tgcred_rcu(struct rcu_head *rcu)
  {
  	struct thread_group_cred *tgcred =
  		container_of(rcu, struct thread_group_cred, rcu);
  
  	BUG_ON(atomic_read(&tgcred->usage) != 0);
  
  	key_put(tgcred->session_keyring);
  	key_put(tgcred->process_keyring);
  	kfree(tgcred);
  }
  #endif
  
  /*
   * Release a set of thread group credentials.
   */
a6f76f23d   David Howells   CRED: Make execve...
108
  static void release_tgcred(struct cred *cred)
bb952bb98   David Howells   CRED: Separate pe...
109
110
111
112
113
114
115
116
117
118
  {
  #ifdef CONFIG_KEYS
  	struct thread_group_cred *tgcred = cred->tgcred;
  
  	if (atomic_dec_and_test(&tgcred->usage))
  		call_rcu(&tgcred->rcu, release_tgcred_rcu);
  #endif
  }
  
  /*
f1752eec6   David Howells   CRED: Detach the ...
119
120
121
122
123
   * The RCU callback to actually dispose of a set of credentials
   */
  static void put_cred_rcu(struct rcu_head *rcu)
  {
  	struct cred *cred = container_of(rcu, struct cred, rcu);
e0e817392   David Howells   CRED: Add some co...
124
125
126
127
128
129
130
131
132
133
134
135
136
  	kdebug("put_cred_rcu(%p)", cred);
  
  #ifdef CONFIG_DEBUG_CREDENTIALS
  	if (cred->magic != CRED_MAGIC_DEAD ||
  	    atomic_read(&cred->usage) != 0 ||
  	    read_cred_subscribers(cred) != 0)
  		panic("CRED: put_cred_rcu() sees %p with"
  		      " mag %x, put %p, usage %d, subscr %d
  ",
  		      cred, cred->magic, cred->put_addr,
  		      atomic_read(&cred->usage),
  		      read_cred_subscribers(cred));
  #else
d84f4f992   David Howells   CRED: Inaugurate ...
137
138
139
140
  	if (atomic_read(&cred->usage) != 0)
  		panic("CRED: put_cred_rcu() sees %p with usage %d
  ",
  		      cred, atomic_read(&cred->usage));
e0e817392   David Howells   CRED: Add some co...
141
  #endif
f1752eec6   David Howells   CRED: Detach the ...
142

d84f4f992   David Howells   CRED: Inaugurate ...
143
  	security_cred_free(cred);
f1752eec6   David Howells   CRED: Detach the ...
144
145
  	key_put(cred->thread_keyring);
  	key_put(cred->request_key_auth);
bb952bb98   David Howells   CRED: Separate pe...
146
  	release_tgcred(cred);
4a5d6ba19   David Howells   CRED: Allow put_c...
147
148
  	if (cred->group_info)
  		put_group_info(cred->group_info);
f1752eec6   David Howells   CRED: Detach the ...
149
  	free_uid(cred->user);
d84f4f992   David Howells   CRED: Inaugurate ...
150
  	kmem_cache_free(cred_jar, cred);
f1752eec6   David Howells   CRED: Detach the ...
151
152
153
154
  }
  
  /**
   * __put_cred - Destroy a set of credentials
d84f4f992   David Howells   CRED: Inaugurate ...
155
   * @cred: The record to release
f1752eec6   David Howells   CRED: Detach the ...
156
157
158
159
160
   *
   * Destroy a set of credentials on which no references remain.
   */
  void __put_cred(struct cred *cred)
  {
e0e817392   David Howells   CRED: Add some co...
161
162
163
  	kdebug("__put_cred(%p{%d,%d})", cred,
  	       atomic_read(&cred->usage),
  	       read_cred_subscribers(cred));
d84f4f992   David Howells   CRED: Inaugurate ...
164
  	BUG_ON(atomic_read(&cred->usage) != 0);
e0e817392   David Howells   CRED: Add some co...
165
166
167
168
169
170
171
  #ifdef CONFIG_DEBUG_CREDENTIALS
  	BUG_ON(read_cred_subscribers(cred) != 0);
  	cred->magic = CRED_MAGIC_DEAD;
  	cred->put_addr = __builtin_return_address(0);
  #endif
  	BUG_ON(cred == current->cred);
  	BUG_ON(cred == current->real_cred);
d84f4f992   David Howells   CRED: Inaugurate ...
172

f1752eec6   David Howells   CRED: Detach the ...
173
174
175
  	call_rcu(&cred->rcu, put_cred_rcu);
  }
  EXPORT_SYMBOL(__put_cred);
e0e817392   David Howells   CRED: Add some co...
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
  /*
   * Clean up a task's credentials when it exits
   */
  void exit_creds(struct task_struct *tsk)
  {
  	struct cred *cred;
  
  	kdebug("exit_creds(%u,%p,%p,{%d,%d})", tsk->pid, tsk->real_cred, tsk->cred,
  	       atomic_read(&tsk->cred->usage),
  	       read_cred_subscribers(tsk->cred));
  
  	cred = (struct cred *) tsk->real_cred;
  	tsk->real_cred = NULL;
  	validate_creds(cred);
  	alter_cred_subscribers(cred, -1);
  	put_cred(cred);
  
  	cred = (struct cred *) tsk->cred;
  	tsk->cred = NULL;
  	validate_creds(cred);
  	alter_cred_subscribers(cred, -1);
  	put_cred(cred);
ee18d64c1   David Howells   KEYS: Add a keyct...
198
199
200
201
202
203
204
205
  
  	cred = (struct cred *) tsk->replacement_session_keyring;
  	if (cred) {
  		tsk->replacement_session_keyring = NULL;
  		validate_creds(cred);
  		put_cred(cred);
  	}
  }
de09a9771   David Howells   CRED: Fix get_tas...
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
  /**
   * get_task_cred - Get another task's objective credentials
   * @task: The task to query
   *
   * Get the objective credentials of a task, pinning them so that they can't go
   * away.  Accessing a task's credentials directly is not permitted.
   *
   * The caller must also make sure task doesn't get deleted, either by holding a
   * ref on task or by holding tasklist_lock to prevent it from being unlinked.
   */
  const struct cred *get_task_cred(struct task_struct *task)
  {
  	const struct cred *cred;
  
  	rcu_read_lock();
  
  	do {
  		cred = __task_cred((task));
  		BUG_ON(!cred);
  	} while (!atomic_inc_not_zero(&((struct cred *)cred)->usage));
  
  	rcu_read_unlock();
  	return cred;
  }
ee18d64c1   David Howells   KEYS: Add a keyct...
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
  /*
   * Allocate blank credentials, such that the credentials can be filled in at a
   * later date without risk of ENOMEM.
   */
  struct cred *cred_alloc_blank(void)
  {
  	struct cred *new;
  
  	new = kmem_cache_zalloc(cred_jar, GFP_KERNEL);
  	if (!new)
  		return NULL;
  
  #ifdef CONFIG_KEYS
  	new->tgcred = kzalloc(sizeof(*new->tgcred), GFP_KERNEL);
  	if (!new->tgcred) {
b8a1d37c5   Julia Lawall   kernel/cred.c: us...
245
  		kmem_cache_free(cred_jar, new);
ee18d64c1   David Howells   KEYS: Add a keyct...
246
247
248
249
250
251
  		return NULL;
  	}
  	atomic_set(&new->tgcred->usage, 1);
  #endif
  
  	atomic_set(&new->usage, 1);
2edeaa34a   Tetsuo Handa   CRED: Fix BUG() u...
252
253
254
  #ifdef CONFIG_DEBUG_CREDENTIALS
  	new->magic = CRED_MAGIC;
  #endif
ee18d64c1   David Howells   KEYS: Add a keyct...
255
256
257
  
  	if (security_cred_alloc_blank(new, GFP_KERNEL) < 0)
  		goto error;
ee18d64c1   David Howells   KEYS: Add a keyct...
258
259
260
261
262
  	return new;
  
  error:
  	abort_creds(new);
  	return NULL;
e0e817392   David Howells   CRED: Add some co...
263
  }
d84f4f992   David Howells   CRED: Inaugurate ...
264
265
266
267
268
269
270
271
  /**
   * prepare_creds - Prepare a new set of credentials for modification
   *
   * Prepare a new set of task credentials for modification.  A task's creds
   * shouldn't generally be modified directly, therefore this function is used to
   * prepare a new copy, which the caller then modifies and then commits by
   * calling commit_creds().
   *
3b11a1dec   David Howells   CRED: Differentia...
272
273
   * Preparation involves making a copy of the objective creds for modification.
   *
d84f4f992   David Howells   CRED: Inaugurate ...
274
275
276
277
278
279
280
281
282
   * Returns a pointer to the new creds-to-be if successful, NULL otherwise.
   *
   * Call commit_creds() or abort_creds() to clean up.
   */
  struct cred *prepare_creds(void)
  {
  	struct task_struct *task = current;
  	const struct cred *old;
  	struct cred *new;
e0e817392   David Howells   CRED: Add some co...
283
  	validate_process_creds();
d84f4f992   David Howells   CRED: Inaugurate ...
284
285
286
287
  
  	new = kmem_cache_alloc(cred_jar, GFP_KERNEL);
  	if (!new)
  		return NULL;
e0e817392   David Howells   CRED: Add some co...
288
  	kdebug("prepare_creds() alloc %p", new);
d84f4f992   David Howells   CRED: Inaugurate ...
289
290
291
292
  	old = task->cred;
  	memcpy(new, old, sizeof(struct cred));
  
  	atomic_set(&new->usage, 1);
e0e817392   David Howells   CRED: Add some co...
293
  	set_cred_subscribers(new, 0);
d84f4f992   David Howells   CRED: Inaugurate ...
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
  	get_group_info(new->group_info);
  	get_uid(new->user);
  
  #ifdef CONFIG_KEYS
  	key_get(new->thread_keyring);
  	key_get(new->request_key_auth);
  	atomic_inc(&new->tgcred->usage);
  #endif
  
  #ifdef CONFIG_SECURITY
  	new->security = NULL;
  #endif
  
  	if (security_prepare_creds(new, old, GFP_KERNEL) < 0)
  		goto error;
e0e817392   David Howells   CRED: Add some co...
309
  	validate_creds(new);
d84f4f992   David Howells   CRED: Inaugurate ...
310
311
312
313
314
315
316
317
318
  	return new;
  
  error:
  	abort_creds(new);
  	return NULL;
  }
  EXPORT_SYMBOL(prepare_creds);
  
  /*
a6f76f23d   David Howells   CRED: Make execve...
319
   * Prepare credentials for current to perform an execve()
9b1bf12d5   KOSAKI Motohiro   signals: move cre...
320
   * - The caller must hold ->cred_guard_mutex
a6f76f23d   David Howells   CRED: Make execve...
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
   */
  struct cred *prepare_exec_creds(void)
  {
  	struct thread_group_cred *tgcred = NULL;
  	struct cred *new;
  
  #ifdef CONFIG_KEYS
  	tgcred = kmalloc(sizeof(*tgcred), GFP_KERNEL);
  	if (!tgcred)
  		return NULL;
  #endif
  
  	new = prepare_creds();
  	if (!new) {
  		kfree(tgcred);
  		return new;
  	}
  
  #ifdef CONFIG_KEYS
  	/* newly exec'd tasks don't get a thread keyring */
  	key_put(new->thread_keyring);
  	new->thread_keyring = NULL;
  
  	/* create a new per-thread-group creds for all this set of threads to
  	 * share */
  	memcpy(tgcred, new->tgcred, sizeof(struct thread_group_cred));
  
  	atomic_set(&tgcred->usage, 1);
  	spin_lock_init(&tgcred->lock);
  
  	/* inherit the session keyring; new process keyring */
  	key_get(tgcred->session_keyring);
  	tgcred->process_keyring = NULL;
  
  	release_tgcred(new);
  	new->tgcred = tgcred;
  #endif
  
  	return new;
  }
  
  /*
f1752eec6   David Howells   CRED: Detach the ...
363
   * Copy credentials for the new process created by fork()
d84f4f992   David Howells   CRED: Inaugurate ...
364
365
366
   *
   * We share if we can, but under some circumstances we have to generate a new
   * set.
3b11a1dec   David Howells   CRED: Differentia...
367
368
369
   *
   * The new process gets the current process's subjective credentials as its
   * objective and subjective credentials
f1752eec6   David Howells   CRED: Detach the ...
370
371
372
   */
  int copy_creds(struct task_struct *p, unsigned long clone_flags)
  {
d84f4f992   David Howells   CRED: Inaugurate ...
373
374
375
376
  #ifdef CONFIG_KEYS
  	struct thread_group_cred *tgcred;
  #endif
  	struct cred *new;
18b6e0414   Serge Hallyn   User namespaces: ...
377
  	int ret;
d84f4f992   David Howells   CRED: Inaugurate ...
378

d84f4f992   David Howells   CRED: Inaugurate ...
379
380
381
382
383
384
  	if (
  #ifdef CONFIG_KEYS
  		!p->cred->thread_keyring &&
  #endif
  		clone_flags & CLONE_THREAD
  	    ) {
3b11a1dec   David Howells   CRED: Differentia...
385
  		p->real_cred = get_cred(p->cred);
d84f4f992   David Howells   CRED: Inaugurate ...
386
  		get_cred(p->cred);
e0e817392   David Howells   CRED: Add some co...
387
388
389
390
  		alter_cred_subscribers(p->cred, 2);
  		kdebug("share_creds(%p{%d,%d})",
  		       p->cred, atomic_read(&p->cred->usage),
  		       read_cred_subscribers(p->cred));
d84f4f992   David Howells   CRED: Inaugurate ...
391
392
393
394
395
396
  		atomic_inc(&p->cred->user->processes);
  		return 0;
  	}
  
  	new = prepare_creds();
  	if (!new)
f1752eec6   David Howells   CRED: Detach the ...
397
  		return -ENOMEM;
18b6e0414   Serge Hallyn   User namespaces: ...
398
399
400
401
402
  	if (clone_flags & CLONE_NEWUSER) {
  		ret = create_user_ns(new);
  		if (ret < 0)
  			goto error_put;
  	}
47a150edc   Serge E. Hallyn   Cache user_ns in ...
403
404
405
406
  	/* cache user_ns in cred.  Doesn't need a refcount because it will
  	 * stay pinned by cred->user
  	 */
  	new->user_ns = new->user->user_ns;
bb952bb98   David Howells   CRED: Separate pe...
407
  #ifdef CONFIG_KEYS
d84f4f992   David Howells   CRED: Inaugurate ...
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
  	/* new threads get their own thread keyrings if their parent already
  	 * had one */
  	if (new->thread_keyring) {
  		key_put(new->thread_keyring);
  		new->thread_keyring = NULL;
  		if (clone_flags & CLONE_THREAD)
  			install_thread_keyring_to_cred(new);
  	}
  
  	/* we share the process and session keyrings between all the threads in
  	 * a process - this is slightly icky as we violate COW credentials a
  	 * bit */
  	if (!(clone_flags & CLONE_THREAD)) {
  		tgcred = kmalloc(sizeof(*tgcred), GFP_KERNEL);
  		if (!tgcred) {
18b6e0414   Serge Hallyn   User namespaces: ...
423
424
  			ret = -ENOMEM;
  			goto error_put;
bb952bb98   David Howells   CRED: Separate pe...
425
  		}
d84f4f992   David Howells   CRED: Inaugurate ...
426
427
428
429
430
431
432
  		atomic_set(&tgcred->usage, 1);
  		spin_lock_init(&tgcred->lock);
  		tgcred->process_keyring = NULL;
  		tgcred->session_keyring = key_get(new->tgcred->session_keyring);
  
  		release_tgcred(new);
  		new->tgcred = tgcred;
bb952bb98   David Howells   CRED: Separate pe...
433
434
  	}
  #endif
d84f4f992   David Howells   CRED: Inaugurate ...
435
  	atomic_inc(&new->user->processes);
3b11a1dec   David Howells   CRED: Differentia...
436
  	p->cred = p->real_cred = get_cred(new);
e0e817392   David Howells   CRED: Add some co...
437
438
  	alter_cred_subscribers(new, 2);
  	validate_creds(new);
d84f4f992   David Howells   CRED: Inaugurate ...
439
  	return 0;
18b6e0414   Serge Hallyn   User namespaces: ...
440
441
442
443
  
  error_put:
  	put_cred(new);
  	return ret;
d84f4f992   David Howells   CRED: Inaugurate ...
444
  }
f1752eec6   David Howells   CRED: Detach the ...
445

d84f4f992   David Howells   CRED: Inaugurate ...
446
447
448
449
450
  /**
   * commit_creds - Install new credentials upon the current task
   * @new: The credentials to be assigned
   *
   * Install a new set of credentials to the current task, using RCU to replace
3b11a1dec   David Howells   CRED: Differentia...
451
452
453
   * the old set.  Both the objective and the subjective credentials pointers are
   * updated.  This function may not be called if the subjective credentials are
   * in an overridden state.
d84f4f992   David Howells   CRED: Inaugurate ...
454
455
456
457
458
459
460
461
462
   *
   * This function eats the caller's reference to the new credentials.
   *
   * Always returns 0 thus allowing this function to be tail-called at the end
   * of, say, sys_setgid().
   */
  int commit_creds(struct cred *new)
  {
  	struct task_struct *task = current;
e0e817392   David Howells   CRED: Add some co...
463
  	const struct cred *old = task->real_cred;
d84f4f992   David Howells   CRED: Inaugurate ...
464

e0e817392   David Howells   CRED: Add some co...
465
466
467
468
469
470
471
472
473
474
  	kdebug("commit_creds(%p{%d,%d})", new,
  	       atomic_read(&new->usage),
  	       read_cred_subscribers(new));
  
  	BUG_ON(task->cred != old);
  #ifdef CONFIG_DEBUG_CREDENTIALS
  	BUG_ON(read_cred_subscribers(old) < 2);
  	validate_creds(old);
  	validate_creds(new);
  #endif
d84f4f992   David Howells   CRED: Inaugurate ...
475
  	BUG_ON(atomic_read(&new->usage) < 1);
d84f4f992   David Howells   CRED: Inaugurate ...
476

3b11a1dec   David Howells   CRED: Differentia...
477
  	get_cred(new); /* we will require a ref for the subj creds too */
d84f4f992   David Howells   CRED: Inaugurate ...
478
479
480
481
482
483
  	/* dumpability changes */
  	if (old->euid != new->euid ||
  	    old->egid != new->egid ||
  	    old->fsuid != new->fsuid ||
  	    old->fsgid != new->fsgid ||
  	    !cap_issubset(new->cap_permitted, old->cap_permitted)) {
b9456371a   David Howells   CRED: Fix commit_...
484
485
  		if (task->mm)
  			set_dumpable(task->mm, suid_dumpable);
d84f4f992   David Howells   CRED: Inaugurate ...
486
487
  		task->pdeath_signal = 0;
  		smp_wmb();
f1752eec6   David Howells   CRED: Detach the ...
488
  	}
d84f4f992   David Howells   CRED: Inaugurate ...
489
490
491
492
493
494
495
  	/* alter the thread keyring */
  	if (new->fsuid != old->fsuid)
  		key_fsuid_changed(task);
  	if (new->fsgid != old->fsgid)
  		key_fsgid_changed(task);
  
  	/* do it
72fa59970   Vasiliy Kulikov   move RLIMIT_NPROC...
496
497
  	 * RLIMIT_NPROC limits on user->processes have already been checked
  	 * in set_user().
d84f4f992   David Howells   CRED: Inaugurate ...
498
  	 */
e0e817392   David Howells   CRED: Add some co...
499
  	alter_cred_subscribers(new, 2);
d84f4f992   David Howells   CRED: Inaugurate ...
500
501
  	if (new->user != old->user)
  		atomic_inc(&new->user->processes);
3b11a1dec   David Howells   CRED: Differentia...
502
  	rcu_assign_pointer(task->real_cred, new);
d84f4f992   David Howells   CRED: Inaugurate ...
503
504
505
  	rcu_assign_pointer(task->cred, new);
  	if (new->user != old->user)
  		atomic_dec(&old->user->processes);
e0e817392   David Howells   CRED: Add some co...
506
  	alter_cred_subscribers(old, -2);
d84f4f992   David Howells   CRED: Inaugurate ...
507

d84f4f992   David Howells   CRED: Inaugurate ...
508
509
510
511
512
513
  	/* send notifications */
  	if (new->uid   != old->uid  ||
  	    new->euid  != old->euid ||
  	    new->suid  != old->suid ||
  	    new->fsuid != old->fsuid)
  		proc_id_connector(task, PROC_EVENT_UID);
f1752eec6   David Howells   CRED: Detach the ...
514

d84f4f992   David Howells   CRED: Inaugurate ...
515
516
517
518
519
  	if (new->gid   != old->gid  ||
  	    new->egid  != old->egid ||
  	    new->sgid  != old->sgid ||
  	    new->fsgid != old->fsgid)
  		proc_id_connector(task, PROC_EVENT_GID);
f1752eec6   David Howells   CRED: Detach the ...
520

3b11a1dec   David Howells   CRED: Differentia...
521
522
  	/* release the old obj and subj refs both */
  	put_cred(old);
d84f4f992   David Howells   CRED: Inaugurate ...
523
  	put_cred(old);
f1752eec6   David Howells   CRED: Detach the ...
524
525
  	return 0;
  }
d84f4f992   David Howells   CRED: Inaugurate ...
526
527
528
529
530
531
532
533
534
535
536
  EXPORT_SYMBOL(commit_creds);
  
  /**
   * abort_creds - Discard a set of credentials and unlock the current task
   * @new: The credentials that were going to be applied
   *
   * Discard a set of credentials that were under construction and unlock the
   * current task.
   */
  void abort_creds(struct cred *new)
  {
e0e817392   David Howells   CRED: Add some co...
537
538
539
540
541
542
543
  	kdebug("abort_creds(%p{%d,%d})", new,
  	       atomic_read(&new->usage),
  	       read_cred_subscribers(new));
  
  #ifdef CONFIG_DEBUG_CREDENTIALS
  	BUG_ON(read_cred_subscribers(new) != 0);
  #endif
d84f4f992   David Howells   CRED: Inaugurate ...
544
545
546
547
548
549
  	BUG_ON(atomic_read(&new->usage) < 1);
  	put_cred(new);
  }
  EXPORT_SYMBOL(abort_creds);
  
  /**
3b11a1dec   David Howells   CRED: Differentia...
550
   * override_creds - Override the current process's subjective credentials
d84f4f992   David Howells   CRED: Inaugurate ...
551
552
   * @new: The credentials to be assigned
   *
3b11a1dec   David Howells   CRED: Differentia...
553
554
   * Install a set of temporary override subjective credentials on the current
   * process, returning the old set for later reversion.
d84f4f992   David Howells   CRED: Inaugurate ...
555
556
557
558
   */
  const struct cred *override_creds(const struct cred *new)
  {
  	const struct cred *old = current->cred;
e0e817392   David Howells   CRED: Add some co...
559
560
561
562
563
564
565
566
567
568
569
570
571
572
  	kdebug("override_creds(%p{%d,%d})", new,
  	       atomic_read(&new->usage),
  	       read_cred_subscribers(new));
  
  	validate_creds(old);
  	validate_creds(new);
  	get_cred(new);
  	alter_cred_subscribers(new, 1);
  	rcu_assign_pointer(current->cred, new);
  	alter_cred_subscribers(old, -1);
  
  	kdebug("override_creds() = %p{%d,%d}", old,
  	       atomic_read(&old->usage),
  	       read_cred_subscribers(old));
d84f4f992   David Howells   CRED: Inaugurate ...
573
574
575
576
577
  	return old;
  }
  EXPORT_SYMBOL(override_creds);
  
  /**
3b11a1dec   David Howells   CRED: Differentia...
578
   * revert_creds - Revert a temporary subjective credentials override
d84f4f992   David Howells   CRED: Inaugurate ...
579
580
   * @old: The credentials to be restored
   *
3b11a1dec   David Howells   CRED: Differentia...
581
582
   * Revert a temporary set of override subjective credentials to an old set,
   * discarding the override set.
d84f4f992   David Howells   CRED: Inaugurate ...
583
584
585
586
   */
  void revert_creds(const struct cred *old)
  {
  	const struct cred *override = current->cred;
e0e817392   David Howells   CRED: Add some co...
587
588
589
590
591
592
593
  	kdebug("revert_creds(%p{%d,%d})", old,
  	       atomic_read(&old->usage),
  	       read_cred_subscribers(old));
  
  	validate_creds(old);
  	validate_creds(override);
  	alter_cred_subscribers(old, 1);
d84f4f992   David Howells   CRED: Inaugurate ...
594
  	rcu_assign_pointer(current->cred, old);
e0e817392   David Howells   CRED: Add some co...
595
  	alter_cred_subscribers(override, -1);
d84f4f992   David Howells   CRED: Inaugurate ...
596
597
598
599
600
601
602
603
604
605
606
607
608
  	put_cred(override);
  }
  EXPORT_SYMBOL(revert_creds);
  
  /*
   * initialise the credentials stuff
   */
  void __init cred_init(void)
  {
  	/* allocate a slab in which we can store credentials */
  	cred_jar = kmem_cache_create("cred_jar", sizeof(struct cred),
  				     0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
  }
3a3b7ce93   David Howells   CRED: Allow kerne...
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
  
  /**
   * prepare_kernel_cred - Prepare a set of credentials for a kernel service
   * @daemon: A userspace daemon to be used as a reference
   *
   * Prepare a set of credentials for a kernel service.  This can then be used to
   * override a task's own credentials so that work can be done on behalf of that
   * task that requires a different subjective context.
   *
   * @daemon is used to provide a base for the security record, but can be NULL.
   * If @daemon is supplied, then the security data will be derived from that;
   * otherwise they'll be set to 0 and no groups, full capabilities and no keys.
   *
   * The caller may change these controls afterwards if desired.
   *
   * Returns the new credentials or NULL if out of memory.
   *
   * Does not take, and does not return holding current->cred_replace_mutex.
   */
  struct cred *prepare_kernel_cred(struct task_struct *daemon)
  {
012146d07   David Howells   CRED: Fix prepare...
630
631
632
  #ifdef CONFIG_KEYS
  	struct thread_group_cred *tgcred;
  #endif
3a3b7ce93   David Howells   CRED: Allow kerne...
633
634
635
636
637
638
  	const struct cred *old;
  	struct cred *new;
  
  	new = kmem_cache_alloc(cred_jar, GFP_KERNEL);
  	if (!new)
  		return NULL;
8ad346c62   Axel Lin   CRED: fix build e...
639
  #ifdef CONFIG_KEYS
012146d07   David Howells   CRED: Fix prepare...
640
641
642
643
644
  	tgcred = kmalloc(sizeof(*tgcred), GFP_KERNEL);
  	if (!tgcred) {
  		kmem_cache_free(cred_jar, new);
  		return NULL;
  	}
8ad346c62   Axel Lin   CRED: fix build e...
645
  #endif
012146d07   David Howells   CRED: Fix prepare...
646

e0e817392   David Howells   CRED: Add some co...
647
  	kdebug("prepare_kernel_cred() alloc %p", new);
3a3b7ce93   David Howells   CRED: Allow kerne...
648
649
650
651
  	if (daemon)
  		old = get_task_cred(daemon);
  	else
  		old = get_cred(&init_cred);
e0e817392   David Howells   CRED: Add some co...
652
  	validate_creds(old);
43529c971   David Howells   CRED: Must initia...
653
  	*new = *old;
fb2b2a1d3   Tetsuo Handa   CRED: Fix memory ...
654
655
  	atomic_set(&new->usage, 1);
  	set_cred_subscribers(new, 0);
3a3b7ce93   David Howells   CRED: Allow kerne...
656
657
658
659
  	get_uid(new->user);
  	get_group_info(new->group_info);
  
  #ifdef CONFIG_KEYS
012146d07   David Howells   CRED: Fix prepare...
660
661
662
663
664
  	atomic_set(&tgcred->usage, 1);
  	spin_lock_init(&tgcred->lock);
  	tgcred->process_keyring = NULL;
  	tgcred->session_keyring = NULL;
  	new->tgcred = tgcred;
3a3b7ce93   David Howells   CRED: Allow kerne...
665
666
667
668
669
670
671
672
673
674
  	new->request_key_auth = NULL;
  	new->thread_keyring = NULL;
  	new->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING;
  #endif
  
  #ifdef CONFIG_SECURITY
  	new->security = NULL;
  #endif
  	if (security_prepare_creds(new, old, GFP_KERNEL) < 0)
  		goto error;
3a3b7ce93   David Howells   CRED: Allow kerne...
675
  	put_cred(old);
e0e817392   David Howells   CRED: Add some co...
676
  	validate_creds(new);
3a3b7ce93   David Howells   CRED: Allow kerne...
677
678
679
680
  	return new;
  
  error:
  	put_cred(new);
0de336814   David Howells   CRED: Missing put...
681
  	put_cred(old);
3a3b7ce93   David Howells   CRED: Allow kerne...
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
  	return NULL;
  }
  EXPORT_SYMBOL(prepare_kernel_cred);
  
  /**
   * set_security_override - Set the security ID in a set of credentials
   * @new: The credentials to alter
   * @secid: The LSM security ID to set
   *
   * Set the LSM security ID in a set of credentials so that the subjective
   * security is overridden when an alternative set of credentials is used.
   */
  int set_security_override(struct cred *new, u32 secid)
  {
  	return security_kernel_act_as(new, secid);
  }
  EXPORT_SYMBOL(set_security_override);
  
  /**
   * set_security_override_from_ctx - Set the security ID in a set of credentials
   * @new: The credentials to alter
   * @secctx: The LSM security context to generate the security ID from.
   *
   * Set the LSM security ID in a set of credentials so that the subjective
   * security is overridden when an alternative set of credentials is used.  The
   * security ID is specified in string form as a security context to be
   * interpreted by the LSM.
   */
  int set_security_override_from_ctx(struct cred *new, const char *secctx)
  {
  	u32 secid;
  	int ret;
  
  	ret = security_secctx_to_secid(secctx, strlen(secctx), &secid);
  	if (ret < 0)
  		return ret;
  
  	return set_security_override(new, secid);
  }
  EXPORT_SYMBOL(set_security_override_from_ctx);
  
  /**
   * set_create_files_as - Set the LSM file create context in a set of credentials
   * @new: The credentials to alter
   * @inode: The inode to take the context from
   *
   * Change the LSM file creation context in a set of credentials to be the same
   * as the object context of the specified inode, so that the new inodes have
   * the same MAC context as that inode.
   */
  int set_create_files_as(struct cred *new, struct inode *inode)
  {
  	new->fsuid = inode->i_uid;
  	new->fsgid = inode->i_gid;
  	return security_kernel_create_files_as(new, inode);
  }
  EXPORT_SYMBOL(set_create_files_as);
e0e817392   David Howells   CRED: Add some co...
739
740
  
  #ifdef CONFIG_DEBUG_CREDENTIALS
74908a000   Andrew Morton   include/linux/cre...
741
742
743
744
  bool creds_are_invalid(const struct cred *cred)
  {
  	if (cred->magic != CRED_MAGIC)
  		return true;
74908a000   Andrew Morton   include/linux/cre...
745
  #ifdef CONFIG_SECURITY_SELINUX
2edeaa34a   Tetsuo Handa   CRED: Fix BUG() u...
746
747
748
749
750
  	/*
  	 * cred->security == NULL if security_cred_alloc_blank() or
  	 * security_prepare_creds() returned an error.
  	 */
  	if (selinux_is_enabled() && cred->security) {
74908a000   Andrew Morton   include/linux/cre...
751
752
753
754
755
756
757
758
759
  		if ((unsigned long) cred->security < PAGE_SIZE)
  			return true;
  		if ((*(u32 *)cred->security & 0xffffff00) ==
  		    (POISON_FREE << 24 | POISON_FREE << 16 | POISON_FREE << 8))
  			return true;
  	}
  #endif
  	return false;
  }
764db03fe   Randy Dunlap   creds_are_invalid...
760
  EXPORT_SYMBOL(creds_are_invalid);
74908a000   Andrew Morton   include/linux/cre...
761

e0e817392   David Howells   CRED: Add some co...
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
  /*
   * dump invalid credentials
   */
  static void dump_invalid_creds(const struct cred *cred, const char *label,
  			       const struct task_struct *tsk)
  {
  	printk(KERN_ERR "CRED: %s credentials: %p %s%s%s
  ",
  	       label, cred,
  	       cred == &init_cred ? "[init]" : "",
  	       cred == tsk->real_cred ? "[real]" : "",
  	       cred == tsk->cred ? "[eff]" : "");
  	printk(KERN_ERR "CRED: ->magic=%x, put_addr=%p
  ",
  	       cred->magic, cred->put_addr);
  	printk(KERN_ERR "CRED: ->usage=%d, subscr=%d
  ",
  	       atomic_read(&cred->usage),
  	       read_cred_subscribers(cred));
  	printk(KERN_ERR "CRED: ->*uid = { %d,%d,%d,%d }
  ",
  	       cred->uid, cred->euid, cred->suid, cred->fsuid);
  	printk(KERN_ERR "CRED: ->*gid = { %d,%d,%d,%d }
  ",
  	       cred->gid, cred->egid, cred->sgid, cred->fsgid);
  #ifdef CONFIG_SECURITY
  	printk(KERN_ERR "CRED: ->security is %p
  ", cred->security);
  	if ((unsigned long) cred->security >= PAGE_SIZE &&
  	    (((unsigned long) cred->security & 0xffffff00) !=
  	     (POISON_FREE << 24 | POISON_FREE << 16 | POISON_FREE << 8)))
  		printk(KERN_ERR "CRED: ->security {%x, %x}
  ",
  		       ((u32*)cred->security)[0],
  		       ((u32*)cred->security)[1]);
  #endif
  }
  
  /*
   * report use of invalid credentials
   */
  void __invalid_creds(const struct cred *cred, const char *file, unsigned line)
  {
  	printk(KERN_ERR "CRED: Invalid credentials
  ");
  	printk(KERN_ERR "CRED: At %s:%u
  ", file, line);
  	dump_invalid_creds(cred, "Specified", current);
  	BUG();
  }
  EXPORT_SYMBOL(__invalid_creds);
  
  /*
   * check the credentials on a process
   */
  void __validate_process_creds(struct task_struct *tsk,
  			      const char *file, unsigned line)
  {
  	if (tsk->cred == tsk->real_cred) {
  		if (unlikely(read_cred_subscribers(tsk->cred) < 2 ||
  			     creds_are_invalid(tsk->cred)))
  			goto invalid_creds;
  	} else {
  		if (unlikely(read_cred_subscribers(tsk->real_cred) < 1 ||
  			     read_cred_subscribers(tsk->cred) < 1 ||
  			     creds_are_invalid(tsk->real_cred) ||
  			     creds_are_invalid(tsk->cred)))
  			goto invalid_creds;
  	}
  	return;
  
  invalid_creds:
  	printk(KERN_ERR "CRED: Invalid process credentials
  ");
  	printk(KERN_ERR "CRED: At %s:%u
  ", file, line);
  
  	dump_invalid_creds(tsk->real_cred, "Real", tsk);
  	if (tsk->cred != tsk->real_cred)
  		dump_invalid_creds(tsk->cred, "Effective", tsk);
  	else
  		printk(KERN_ERR "CRED: Effective creds == Real creds
  ");
  	BUG();
  }
  EXPORT_SYMBOL(__validate_process_creds);
  
  /*
   * check creds for do_exit()
   */
  void validate_creds_for_do_exit(struct task_struct *tsk)
  {
  	kdebug("validate_creds_for_do_exit(%p,%p{%d,%d})",
  	       tsk->real_cred, tsk->cred,
  	       atomic_read(&tsk->cred->usage),
  	       read_cred_subscribers(tsk->cred));
  
  	__validate_process_creds(tsk, __FILE__, __LINE__);
  }
  
  #endif /* CONFIG_DEBUG_CREDENTIALS */