xref: /linux-6.3-rc2/kernel/cred.c

41 struct cred init_cred = {
66 static inline void set_cred_subscribers(struct cred *cred, int n)  in set_cred_subscribers()  argument
69 	atomic_set(&cred->subscribers, n);  in set_cred_subscribers()
73 static inline int read_cred_subscribers(const struct cred *cred)  in read_cred_subscribers()  argument
76 	return atomic_read(&cred->subscribers);  in read_cred_subscribers()
82 static inline void alter_cred_subscribers(const struct cred *_cred, int n)  in alter_cred_subscribers()
85 	struct cred *cred = (struct cred *) _cred;  in alter_cred_subscribers()  local
87 	atomic_add(n, &cred->subscribers);  in alter_cred_subscribers()
96 	struct cred *cred = container_of(rcu, struct cred, rcu);  in put_cred_rcu()  local
98 	kdebug("put_cred_rcu(%p)", cred);  in put_cred_rcu()
101 	if (cred->magic != CRED_MAGIC_DEAD ||  in put_cred_rcu()
102 	    atomic_read(&cred->usage) != 0 ||  in put_cred_rcu()
103 	    read_cred_subscribers(cred) != 0)  in put_cred_rcu()
106 		      cred, cred->magic, cred->put_addr,  in put_cred_rcu()
107 		      atomic_read(&cred->usage),  in put_cred_rcu()
108 		      read_cred_subscribers(cred));  in put_cred_rcu()
110 	if (atomic_read(&cred->usage) != 0)  in put_cred_rcu()
112 		      cred, atomic_read(&cred->usage));  in put_cred_rcu()
115 	security_cred_free(cred);  in put_cred_rcu()
116 	key_put(cred->session_keyring);  in put_cred_rcu()
117 	key_put(cred->process_keyring);  in put_cred_rcu()
118 	key_put(cred->thread_keyring);  in put_cred_rcu()
119 	key_put(cred->request_key_auth);  in put_cred_rcu()
120 	if (cred->group_info)  in put_cred_rcu()
121 		put_group_info(cred->group_info);  in put_cred_rcu()
122 	free_uid(cred->user);  in put_cred_rcu()
123 	if (cred->ucounts)  in put_cred_rcu()
124 		put_ucounts(cred->ucounts);  in put_cred_rcu()
125 	put_user_ns(cred->user_ns);  in put_cred_rcu()
126 	kmem_cache_free(cred_jar, cred);  in put_cred_rcu()
135 void __put_cred(struct cred *cred)  in __put_cred()  argument
137 	kdebug("__put_cred(%p{%d,%d})", cred,  in __put_cred()
138 	       atomic_read(&cred->usage),  in __put_cred()
139 	       read_cred_subscribers(cred));  in __put_cred()
141 	BUG_ON(atomic_read(&cred->usage) != 0);  in __put_cred()
143 	BUG_ON(read_cred_subscribers(cred) != 0);  in __put_cred()
144 	cred->magic = CRED_MAGIC_DEAD;  in __put_cred()
145 	cred->put_addr = __builtin_return_address(0);  in __put_cred()
147 	BUG_ON(cred == current->cred);  in __put_cred()
148 	BUG_ON(cred == current->real_cred);  in __put_cred()
150 	if (cred->non_rcu)  in __put_cred()
151 		put_cred_rcu(&cred->rcu);  in __put_cred()
153 		call_rcu(&cred->rcu, put_cred_rcu);  in __put_cred()
162 	struct cred *cred;  in exit_creds()  local
164 	kdebug("exit_creds(%u,%p,%p,{%d,%d})", tsk->pid, tsk->real_cred, tsk->cred,  in exit_creds()
165 	       atomic_read(&tsk->cred->usage),  in exit_creds()
166 	       read_cred_subscribers(tsk->cred));  in exit_creds()
168 	cred = (struct cred *) tsk->real_cred;  in exit_creds()
170 	validate_creds(cred);  in exit_creds()
171 	alter_cred_subscribers(cred, -1);  in exit_creds()
172 	put_cred(cred);  in exit_creds()
174 	cred = (struct cred *) tsk->cred;  in exit_creds()
175 	tsk->cred = NULL;  in exit_creds()
176 	validate_creds(cred);  in exit_creds()
177 	alter_cred_subscribers(cred, -1);  in exit_creds()
178 	put_cred(cred);  in exit_creds()
196 const struct cred *get_task_cred(struct task_struct *task)  in get_task_cred()
198 	const struct cred *cred;  in get_task_cred()  local
203 		cred = __task_cred((task));  in get_task_cred()
204 		BUG_ON(!cred);  in get_task_cred()
205 	} while (!get_cred_rcu(cred));  in get_task_cred()
208 	return cred;  in get_task_cred()
216 struct cred *cred_alloc_blank(void)  in cred_alloc_blank()
218 	struct cred *new;  in cred_alloc_blank()
252 struct cred *prepare_creds(void)  in prepare_creds()
255 	const struct cred *old;  in prepare_creds()
256 	struct cred *new;  in prepare_creds()
266 	old = task->cred;  in prepare_creds()
267 	memcpy(new, old, sizeof(struct cred));  in prepare_creds()
307 struct cred *prepare_exec_creds(void)  in prepare_exec_creds()
309 	struct cred *new;  in prepare_exec_creds()
342 	struct cred *new;  in copy_creds()
351 		!p->cred->thread_keyring &&  in copy_creds()
355 		p->real_cred = get_cred(p->cred);  in copy_creds()
356 		get_cred(p->cred);  in copy_creds()
357 		alter_cred_subscribers(p->cred, 2);  in copy_creds()
359 		       p->cred, atomic_read(&p->cred->usage),  in copy_creds()
360 		       read_cred_subscribers(p->cred));  in copy_creds()
397 	p->cred = p->real_cred = get_cred(new);  in copy_creds()
408 static bool cred_cap_issubset(const struct cred *set, const struct cred *subset)  in cred_cap_issubset()
447 int commit_creds(struct cred *new)  in commit_creds()
450 	const struct cred *old = task->real_cred;  in commit_creds()
456 	BUG_ON(task->cred != old);  in commit_creds()
501 	rcu_assign_pointer(task->cred, new);  in commit_creds()
533 void abort_creds(struct cred *new)  in abort_creds()
554 const struct cred *override_creds(const struct cred *new)  in override_creds()
556 	const struct cred *old = current->cred;  in override_creds()
576 	get_new_cred((struct cred *)new);  in override_creds()
578 	rcu_assign_pointer(current->cred, new);  in override_creds()
595 void revert_creds(const struct cred *old)  in revert_creds()
597 	const struct cred *override = current->cred;  in revert_creds()
606 	rcu_assign_pointer(current->cred, old);  in revert_creds()
626 int cred_fscmp(const struct cred *a, const struct cred *b)  in cred_fscmp()
666 int set_cred_ucounts(struct cred *new)  in set_cred_ucounts()
692 	cred_jar = kmem_cache_create("cred_jar", sizeof(struct cred), 0,  in cred_init()
712 struct cred *prepare_kernel_cred(struct task_struct *daemon)  in prepare_kernel_cred()
714 	const struct cred *old;  in prepare_kernel_cred()
715 	struct cred *new;  in prepare_kernel_cred()
774 int set_security_override(struct cred *new, u32 secid)  in set_security_override()
790 int set_security_override_from_ctx(struct cred *new, const char *secctx)  in set_security_override_from_ctx()
812 int set_create_files_as(struct cred *new, struct inode *inode)  in set_create_files_as()
824 bool creds_are_invalid(const struct cred *cred)  in creds_are_invalid()  argument
826 	if (cred->magic != CRED_MAGIC)  in creds_are_invalid()
835 static void dump_invalid_creds(const struct cred *cred, const char *label,  in dump_invalid_creds()  argument
839 	       label, cred,  in dump_invalid_creds()
840 	       cred == &init_cred ? "[init]" : "",  in dump_invalid_creds()
841 	       cred == tsk->real_cred ? "[real]" : "",  in dump_invalid_creds()
842 	       cred == tsk->cred ? "[eff]" : "");  in dump_invalid_creds()
844 	       cred->magic, cred->put_addr);  in dump_invalid_creds()
846 	       atomic_read(&cred->usage),  in dump_invalid_creds()
847 	       read_cred_subscribers(cred));  in dump_invalid_creds()
849 		from_kuid_munged(&init_user_ns, cred->uid),  in dump_invalid_creds()
850 		from_kuid_munged(&init_user_ns, cred->euid),  in dump_invalid_creds()
851 		from_kuid_munged(&init_user_ns, cred->suid),  in dump_invalid_creds()
852 		from_kuid_munged(&init_user_ns, cred->fsuid));  in dump_invalid_creds()
854 		from_kgid_munged(&init_user_ns, cred->gid),  in dump_invalid_creds()
855 		from_kgid_munged(&init_user_ns, cred->egid),  in dump_invalid_creds()
856 		from_kgid_munged(&init_user_ns, cred->sgid),  in dump_invalid_creds()
857 		from_kgid_munged(&init_user_ns, cred->fsgid));  in dump_invalid_creds()
859 	printk(KERN_ERR "CRED: ->security is %p\n", cred->security);  in dump_invalid_creds()
860 	if ((unsigned long) cred->security >= PAGE_SIZE &&  in dump_invalid_creds()
861 	    (((unsigned long) cred->security & 0xffffff00) !=  in dump_invalid_creds()
864 		       ((u32*)cred->security)[0],  in dump_invalid_creds()
865 		       ((u32*)cred->security)[1]);  in dump_invalid_creds()
872 void __noreturn __invalid_creds(const struct cred *cred, const char *file, unsigned line)  in __invalid_creds()  argument
876 	dump_invalid_creds(cred, "Specified", current);  in __invalid_creds()
887 	if (tsk->cred == tsk->real_cred) {  in __validate_process_creds()
888 		if (unlikely(read_cred_subscribers(tsk->cred) < 2 ||  in __validate_process_creds()
889 			     creds_are_invalid(tsk->cred)))  in __validate_process_creds()
893 			     read_cred_subscribers(tsk->cred) < 1 ||  in __validate_process_creds()
895 			     creds_are_invalid(tsk->cred)))  in __validate_process_creds()
905 	if (tsk->cred != tsk->real_cred)  in __validate_process_creds()
906 		dump_invalid_creds(tsk->cred, "Effective", tsk);  in __validate_process_creds()
919 	       tsk->real_cred, tsk->cred,  in validate_creds_for_do_exit()
920 	       atomic_read(&tsk->cred->usage),  in validate_creds_for_do_exit()
921 	       read_cred_subscribers(tsk->cred));  in validate_creds_for_do_exit()

Last Index update Sun Aug 20 00:18:20 CST 2023