43 struct cred init_cred = {
67 static inline void set_cred_subscribers(struct cred *cred, int n)  in set_cred_subscribers()  argument
70 	atomic_set(&cred->subscribers, n);  in set_cred_subscribers()
74 static inline int read_cred_subscribers(const struct cred *cred)  in read_cred_subscribers()  argument
77 	return atomic_read(&cred->subscribers);  in read_cred_subscribers()
83 static inline void alter_cred_subscribers(const struct cred *_cred, int n)  in alter_cred_subscribers()
86 	struct cred *cred = (struct cred *) _cred;  in alter_cred_subscribers()  local
88 	atomic_add(n, &cred->subscribers);  in alter_cred_subscribers()
97 	struct cred *cred = container_of(rcu, struct cred, rcu);  in put_cred_rcu()  local
99 	kdebug("put_cred_rcu(%p)", cred);  in put_cred_rcu()
102 	if (cred->magic != CRED_MAGIC_DEAD ||  in put_cred_rcu()
103 	    atomic_read(&cred->usage) != 0 ||  in put_cred_rcu()
104 	    read_cred_subscribers(cred) != 0)  in put_cred_rcu()
107 		      cred, cred->magic, cred->put_addr,  in put_cred_rcu()
108 		      atomic_read(&cred->usage),  in put_cred_rcu()
109 		      read_cred_subscribers(cred));  in put_cred_rcu()
111 	if (atomic_read(&cred->usage) != 0)  in put_cred_rcu()
113 		      cred, atomic_read(&cred->usage));  in put_cred_rcu()
116 	security_cred_free(cred);  in put_cred_rcu()
117 	key_put(cred->session_keyring);  in put_cred_rcu()
118 	key_put(cred->process_keyring);  in put_cred_rcu()
119 	key_put(cred->thread_keyring);  in put_cred_rcu()
120 	key_put(cred->request_key_auth);  in put_cred_rcu()
121 	if (cred->group_info)  in put_cred_rcu()
122 		put_group_info(cred->group_info);  in put_cred_rcu()
123 	free_uid(cred->user);  in put_cred_rcu()
124 	put_user_ns(cred->user_ns);  in put_cred_rcu()
125 	kmem_cache_free(cred_jar, cred);  in put_cred_rcu()
134 void __put_cred(struct cred *cred)  in __put_cred()  argument
136 	kdebug("__put_cred(%p{%d,%d})", cred,  in __put_cred()
137 	       atomic_read(&cred->usage),  in __put_cred()
138 	       read_cred_subscribers(cred));  in __put_cred()
140 	BUG_ON(atomic_read(&cred->usage) != 0);  in __put_cred()
142 	BUG_ON(read_cred_subscribers(cred) != 0);  in __put_cred()
143 	cred->magic = CRED_MAGIC_DEAD;  in __put_cred()
144 	cred->put_addr = __builtin_return_address(0);  in __put_cred()
146 	BUG_ON(cred == current->cred);  in __put_cred()
147 	BUG_ON(cred == current->real_cred);  in __put_cred()
149 	call_rcu(&cred->rcu, put_cred_rcu);  in __put_cred()
158 	struct cred *cred;  in exit_creds()  local
160 	kdebug("exit_creds(%u,%p,%p,{%d,%d})", tsk->pid, tsk->real_cred, tsk->cred,  in exit_creds()
161 	       atomic_read(&tsk->cred->usage),  in exit_creds()
162 	       read_cred_subscribers(tsk->cred));  in exit_creds()
164 	cred = (struct cred *) tsk->real_cred;  in exit_creds()
166 	validate_creds(cred);  in exit_creds()
167 	alter_cred_subscribers(cred, -1);  in exit_creds()
168 	put_cred(cred);  in exit_creds()
170 	cred = (struct cred *) tsk->cred;  in exit_creds()
171 	tsk->cred = NULL;  in exit_creds()
172 	validate_creds(cred);  in exit_creds()
173 	alter_cred_subscribers(cred, -1);  in exit_creds()
174 	put_cred(cred);  in exit_creds()
187 const struct cred *get_task_cred(struct task_struct *task)  in get_task_cred()
189 	const struct cred *cred;  in get_task_cred()  local
194 		cred = __task_cred((task));  in get_task_cred()
195 		BUG_ON(!cred);  in get_task_cred()
196 	} while (!atomic_inc_not_zero(&((struct cred *)cred)->usage));  in get_task_cred()
199 	return cred;  in get_task_cred()
206 struct cred *cred_alloc_blank(void)  in cred_alloc_blank()
208 	struct cred *new;  in cred_alloc_blank()
243 struct cred *prepare_creds(void)  in prepare_creds()
246 	const struct cred *old;  in prepare_creds()
247 	struct cred *new;  in prepare_creds()
257 	old = task->cred;  in prepare_creds()
258 	memcpy(new, old, sizeof(struct cred));  in prepare_creds()
292 struct cred *prepare_exec_creds(void)  in prepare_exec_creds()
294 	struct cred *new;  in prepare_exec_creds()
324 	struct cred *new;  in copy_creds()
329 		!p->cred->thread_keyring &&  in copy_creds()
333 		p->real_cred = get_cred(p->cred);  in copy_creds()
334 		get_cred(p->cred);  in copy_creds()
335 		alter_cred_subscribers(p->cred, 2);  in copy_creds()
337 		       p->cred, atomic_read(&p->cred->usage),  in copy_creds()
338 		       read_cred_subscribers(p->cred));  in copy_creds()
339 		atomic_inc(&p->cred->user->processes);  in copy_creds()
373 	p->cred = p->real_cred = get_cred(new);  in copy_creds()
383 static bool cred_cap_issubset(const struct cred *set, const struct cred *subset)  in cred_cap_issubset()
422 int commit_creds(struct cred *new)  in commit_creds()
425 	const struct cred *old = task->real_cred;  in commit_creds()
431 	BUG_ON(task->cred != old);  in commit_creds()
467 	rcu_assign_pointer(task->cred, new);  in commit_creds()
499 void abort_creds(struct cred *new)  in abort_creds()
520 const struct cred *override_creds(const struct cred *new)  in override_creds()
522 	const struct cred *old = current->cred;  in override_creds()
532 	rcu_assign_pointer(current->cred, new);  in override_creds()
549 void revert_creds(const struct cred *old)  in revert_creds()
551 	const struct cred *override = current->cred;  in revert_creds()
560 	rcu_assign_pointer(current->cred, old);  in revert_creds()
572 	cred_jar = kmem_cache_create("cred_jar", sizeof(struct cred),  in cred_init()
594 struct cred *prepare_kernel_cred(struct task_struct *daemon)  in prepare_kernel_cred()
596 	const struct cred *old;  in prepare_kernel_cred()
597 	struct cred *new;  in prepare_kernel_cred()
652 int set_security_override(struct cred *new, u32 secid)  in set_security_override()
668 int set_security_override_from_ctx(struct cred *new, const char *secctx)  in set_security_override_from_ctx()
690 int set_create_files_as(struct cred *new, struct inode *inode)  in set_create_files_as()
700 bool creds_are_invalid(const struct cred *cred)  in creds_are_invalid()  argument
702 	if (cred->magic != CRED_MAGIC)  in creds_are_invalid()
709 	if (selinux_is_enabled() && cred->security) {  in creds_are_invalid()
710 		if ((unsigned long) cred->security < PAGE_SIZE)  in creds_are_invalid()
712 		if ((*(u32 *)cred->security & 0xffffff00) ==  in creds_are_invalid()
724 static void dump_invalid_creds(const struct cred *cred, const char *label,  in dump_invalid_creds()  argument
728 	       label, cred,  in dump_invalid_creds()
729 	       cred == &init_cred ? "[init]" : "",  in dump_invalid_creds()
730 	       cred == tsk->real_cred ? "[real]" : "",  in dump_invalid_creds()
731 	       cred == tsk->cred ? "[eff]" : "");  in dump_invalid_creds()
733 	       cred->magic, cred->put_addr);  in dump_invalid_creds()
735 	       atomic_read(&cred->usage),  in dump_invalid_creds()
736 	       read_cred_subscribers(cred));  in dump_invalid_creds()
738 		from_kuid_munged(&init_user_ns, cred->uid),  in dump_invalid_creds()
739 		from_kuid_munged(&init_user_ns, cred->euid),  in dump_invalid_creds()
740 		from_kuid_munged(&init_user_ns, cred->suid),  in dump_invalid_creds()
741 		from_kuid_munged(&init_user_ns, cred->fsuid));  in dump_invalid_creds()
743 		from_kgid_munged(&init_user_ns, cred->gid),  in dump_invalid_creds()
744 		from_kgid_munged(&init_user_ns, cred->egid),  in dump_invalid_creds()
745 		from_kgid_munged(&init_user_ns, cred->sgid),  in dump_invalid_creds()
746 		from_kgid_munged(&init_user_ns, cred->fsgid));  in dump_invalid_creds()
748 	printk(KERN_ERR "CRED: ->security is %p\n", cred->security);  in dump_invalid_creds()
749 	if ((unsigned long) cred->security >= PAGE_SIZE &&  in dump_invalid_creds()
750 	    (((unsigned long) cred->security & 0xffffff00) !=  in dump_invalid_creds()
753 		       ((u32*)cred->security)[0],  in dump_invalid_creds()
754 		       ((u32*)cred->security)[1]);  in dump_invalid_creds()
761 void __invalid_creds(const struct cred *cred, const char *file, unsigned line)  in __invalid_creds()  argument
765 	dump_invalid_creds(cred, "Specified", current);  in __invalid_creds()
776 	if (tsk->cred == tsk->real_cred) {  in __validate_process_creds()
777 		if (unlikely(read_cred_subscribers(tsk->cred) < 2 ||  in __validate_process_creds()
778 			     creds_are_invalid(tsk->cred)))  in __validate_process_creds()
782 			     read_cred_subscribers(tsk->cred) < 1 ||  in __validate_process_creds()
784 			     creds_are_invalid(tsk->cred)))  in __validate_process_creds()
794 	if (tsk->cred != tsk->real_cred)  in __validate_process_creds()
795 		dump_invalid_creds(tsk->cred, "Effective", tsk);  in __validate_process_creds()
808 	       tsk->real_cred, tsk->cred,  in validate_creds_for_do_exit()
809 	       atomic_read(&tsk->cred->usage),  in validate_creds_for_do_exit()
810 	       read_cred_subscribers(tsk->cred));  in validate_creds_for_do_exit()