Unnamed repository; edit this file 'description' to name the repository. https://git.kobert.dev/pm24.git/atom?h=v3.7-rc8 2012-06-01T00:49:28Z 2012-06-01T00:49:28Z Oleg Nesterov oleg@redhat.com 2012-05-31T23:26:16Z urn:sha1:43e13cc107cf6cd3c15fbe1cef849435c2223d50 Commit 8f92054e7ca1 ("CRED: Fix __task_cred()'s lockdep check and banner comment"): add the following validation condition: task->exit_state >= 0 to permit the access if the target task is dead and therefore unable to change its own credentials. OK, but afaics currently this can only help wait_task_zombie() which calls __task_cred() without rcu lock. Remove this validation and change wait_task_zombie() to use task_uid() instead. This means we do rcu_read_lock() only to shut up the lockdep, but we already do the same in, say, wait_task_stopped(). task_is_dead() should die, task->exit_state != 0 means that this task has passed exit_notify(), only do_wait-like code paths should use this. Unfortunately, we can't kill task_is_dead() right now, it has already acquired buggy users in drivers/staging. The fix already exists. Signed-off-by: Oleg Nesterov <oleg@redhat.com> Reviewed-by: "Eric W. Biederman" <ebiederm@xmission.com> Acked-by: David Howells <dhowells@redhat.com> Cc: Jiri Olsa <jolsa@redhat.com> Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Cc: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2012-05-03T10:29:33Z Eric W. Biederman ebiederm@xmission.com 2012-02-09T17:09:39Z urn:sha1:72cda3d1ef24ab0a9a89c15e9776ca737b75f45a Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> 2012-05-03T10:28:38Z Eric W. Biederman ebiederm@xmission.com 2012-02-08T15:00:08Z urn:sha1:078de5f706ece36afd73bb4b8283314132d2dfdf cred.h and a few trivial users of struct cred are changed. The rest of the users of struct cred are left for other patches as there are too many changes to make in one go and leave the change reviewable. If the user namespace is disabled and CONFIG_UIDGID_STRICT_TYPE_CHECKS are disabled the code will contiue to compile and behave correctly. Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> 2012-05-03T10:27:21Z Eric W. Biederman ebiederm@xmission.com 2011-11-14T23:56:38Z urn:sha1:ae2975bc3476243b45a1e2344236d7920c268f38 As a first step to converting struct cred to be all kuid_t and kgid_t values convert the group values stored in group_info to always be kgid_t values. Unless user namespaces are used this change should have no effect. Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> 2012-04-07T23:55:52Z Eric W. Biederman ebiederm@xmission.com 2011-11-17T05:52:53Z urn:sha1:0093ccb68f3753c0ba4d74c89d7e0f444b8d6123 struct user_struct will shortly loose it's user_ns reference so make the cred user_ns reference a proper reference complete with reference counting. Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> 2012-04-07T23:55:50Z Eric W. Biederman ebiederm@xmission.com 2011-11-15T03:29:17Z urn:sha1:7e6bd8fadd1216f50468f965d0308f45e5109ced Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> 2012-01-05T23:52:59Z Eric Paris eparis@redhat.com 2012-01-03T17:25:15Z urn:sha1:f1c84dae0ecc51aa35c81f19a0ebcd6c0921ddcb task_ in the front of a function, in the security subsystem anyway, means to me at least, that we are operating with that task as the subject of the security decision. In this case what it means is that we are using current as the subject but we use the task to get the right namespace. Who in the world would ever realize that's what task_ns_capability means just by the name? This patch eliminates the task_ns functions entirely and uses the has_ns_capability function instead. This means we explicitly open code the ns in question in the caller. I think it makes the caller a LOT more clear what is going on. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com> 2011-08-08T18:33:23Z Linus Torvalds torvalds@linux-foundation.org 2011-08-08T18:33:23Z urn:sha1:638a8439096c582bdb523fcea9d875d3e1fed38a Avoid annoying warnings from these functions ("discards qualifiers") because they assign 'current_cred()' to a non-const pointer. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2011-08-08T16:03:16Z David Howells dhowells@redhat.com 2011-08-08T14:54:53Z urn:sha1:27e4e4362756a78b15e83ef104c8bbe257f40f90 Commit 3295514841c2 ("fix rcu annotations noise in cred.h") accidentally dropped the const of current->cred inside current_cred() by the insertion of a cast to deal with an RCU annotation loss warning from sparce. Use an appropriate RCU wrapper instead so as not to lose the const. Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2011-08-07T20:42:35Z Al Viro viro@ZenIV.linux.org.uk 2011-08-07T17:55:11Z urn:sha1:3295514841c2112d94451ba5deaf54f5afb78ea9 task->cred is declared as __rcu, and access to other tasks' ->cred is, indeed, protected. Access to current->cred does not need rcu_dereference() at all, since only the task itself can change its ->cred. sparse, of course, has no way of knowing that... Add force-cast in current_cred(), make current_fsuid() et.al. use it. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>