1/* Task credentials management - see Documentation/credentials.txt 2 * 3 * Copyright (C) 2008 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public Licence 8 * as published by the Free Software Foundation; either version 9 * 2 of the Licence, or (at your option) any later version. 10 */ 11#include <linux/module.h> 12#include <linux/cred.h> 13#include <linux/slab.h> 14#include <linux/sched.h> 15#include <linux/key.h> 16#include <linux/keyctl.h> 17#include <linux/init_task.h> 18#include <linux/security.h> 19#include <linux/cn_proc.h> 20 21#define kdebug(FMT, ...) \ 22 no_printk("[%-5.5s%5u] "FMT"\n", current->comm, current->pid ,##__VA_ARGS__) 23 24static struct kmem_cache *cred_jar; 25 26/* 27 * The common credentials for the initial task's thread group 28 */ 29#ifdef CONFIG_KEYS 30static struct thread_group_cred init_tgcred = { 31 .usage = ATOMIC_INIT(2), 32 .tgid = 0, 33 .lock = SPIN_LOCK_UNLOCKED, 34}; 35#endif 36 37/* 38 * The initial credentials for the initial task 39 */ 40struct cred init_cred = { 41 .usage = ATOMIC_INIT(4), 42#ifdef CONFIG_DEBUG_CREDENTIALS 43 .subscribers = ATOMIC_INIT(2), 44 .magic = CRED_MAGIC, 45#endif 46 .securebits = SECUREBITS_DEFAULT, 47 .cap_inheritable = CAP_INIT_INH_SET, 48 .cap_permitted = CAP_FULL_SET, 49 .cap_effective = CAP_INIT_EFF_SET, 50 .cap_bset = CAP_INIT_BSET, 51 .user = INIT_USER, 52 .group_info = &init_groups, 53#ifdef CONFIG_KEYS 54 .tgcred = &init_tgcred, 55#endif 56}; 57 58static inline void set_cred_subscribers(struct cred *cred, int n) 59{ 60#ifdef CONFIG_DEBUG_CREDENTIALS 61 atomic_set(&cred->subscribers, n); 62#endif 63} 64 65static inline int read_cred_subscribers(const struct cred *cred) 66{ 67#ifdef CONFIG_DEBUG_CREDENTIALS 68 return atomic_read(&cred->subscribers); 69#else 70 return 0; 71#endif 72} 73 74static inline void alter_cred_subscribers(const struct cred *_cred, int n) 75{ 76#ifdef CONFIG_DEBUG_CREDENTIALS 77 struct cred *cred = (struct cred *) _cred; 78 79 atomic_add(n, &cred->subscribers); 80#endif 81} 82 83/* 84 * Dispose of the shared task group credentials 85 */ 86#ifdef CONFIG_KEYS 87static void release_tgcred_rcu(struct rcu_head *rcu) 88{ 89 struct thread_group_cred *tgcred = 90 container_of(rcu, struct thread_group_cred, rcu); 91 92 BUG_ON(atomic_read(&tgcred->usage) != 0); 93 94 key_put(tgcred->session_keyring); 95 key_put(tgcred->process_keyring); 96 kfree(tgcred); 97} 98#endif 99 100/* 101 * Release a set of thread group credentials. 102 */ 103static void release_tgcred(struct cred *cred) 104{ 105#ifdef CONFIG_KEYS 106 struct thread_group_cred *tgcred = cred->tgcred; 107 108 if (atomic_dec_and_test(&tgcred->usage)) 109 call_rcu(&tgcred->rcu, release_tgcred_rcu); 110#endif 111} 112 113/* 114 * The RCU callback to actually dispose of a set of credentials 115 */ 116static void put_cred_rcu(struct rcu_head *rcu) 117{ 118 struct cred *cred = container_of(rcu, struct cred, rcu); 119 120 kdebug("put_cred_rcu(%p)", cred); 121 122#ifdef CONFIG_DEBUG_CREDENTIALS 123 if (cred->magic != CRED_MAGIC_DEAD || 124 atomic_read(&cred->usage) != 0 || 125 read_cred_subscribers(cred) != 0) 126 panic("CRED: put_cred_rcu() sees %p with" 127 " mag %x, put %p, usage %d, subscr %d\n", 128 cred, cred->magic, cred->put_addr, 129 atomic_read(&cred->usage), 130 read_cred_subscribers(cred)); 131#else 132 if (atomic_read(&cred->usage) != 0) 133 panic("CRED: put_cred_rcu() sees %p with usage %d\n", 134 cred, atomic_read(&cred->usage)); 135#endif 136 137 security_cred_free(cred); 138 key_put(cred->thread_keyring); 139 key_put(cred->request_key_auth); 140 release_tgcred(cred); 141 if (cred->group_info) 142 put_group_info(cred->group_info); 143 free_uid(cred->user); 144 kmem_cache_free(cred_jar, cred); 145} 146 147/** 148 * __put_cred - Destroy a set of credentials 149 * @cred: The record to release 150 * 151 * Destroy a set of credentials on which no references remain. 152 */ 153void __put_cred(struct cred *cred) 154{ 155 kdebug("__put_cred(%p{%d,%d})", cred, 156 atomic_read(&cred->usage), 157 read_cred_subscribers(cred)); 158 159 BUG_ON(atomic_read(&cred->usage) != 0); 160#ifdef CONFIG_DEBUG_CREDENTIALS 161 BUG_ON(read_cred_subscribers(cred) != 0); 162 cred->magic = CRED_MAGIC_DEAD; 163 cred->put_addr = __builtin_return_address(0); 164#endif 165 BUG_ON(cred == current->cred); 166 BUG_ON(cred == current->real_cred); 167 168 call_rcu(&cred->rcu, put_cred_rcu); 169} 170EXPORT_SYMBOL(__put_cred); 171 172/* 173 * Clean up a task's credentials when it exits 174 */ 175void exit_creds(struct task_struct *tsk) 176{ 177 struct cred *cred; 178 179 kdebug("exit_creds(%u,%p,%p,{%d,%d})", tsk->pid, tsk->real_cred, tsk->cred, 180 atomic_read(&tsk->cred->usage), 181 read_cred_subscribers(tsk->cred)); 182 183 cred = (struct cred *) tsk->real_cred; 184 tsk->real_cred = NULL; 185 validate_creds(cred); 186 alter_cred_subscribers(cred, -1); 187 put_cred(cred); 188 189 cred = (struct cred *) tsk->cred; 190 tsk->cred = NULL; 191 validate_creds(cred); 192 alter_cred_subscribers(cred, -1); 193 put_cred(cred); 194 195 cred = (struct cred *) tsk->replacement_session_keyring; 196 if (cred) { 197 tsk->replacement_session_keyring = NULL; 198 validate_creds(cred); 199 put_cred(cred); 200 } 201} 202 203/** 204 * get_task_cred - Get another task's objective credentials 205 * @task: The task to query 206 * 207 * Get the objective credentials of a task, pinning them so that they can't go 208 * away. Accessing a task's credentials directly is not permitted. 209 * 210 * The caller must also make sure task doesn't get deleted, either by holding a 211 * ref on task or by holding tasklist_lock to prevent it from being unlinked. 212 */ 213const struct cred *get_task_cred(struct task_struct *task) 214{ 215 const struct cred *cred; 216 217 rcu_read_lock(); 218 219 do { 220 cred = __task_cred((task)); 221 BUG_ON(!cred); 222 } while (!atomic_inc_not_zero(&((struct cred *)cred)->usage)); 223 224 rcu_read_unlock(); 225 return cred; 226} 227 228/* 229 * Allocate blank credentials, such that the credentials can be filled in at a 230 * later date without risk of ENOMEM. 231 */ 232struct cred *cred_alloc_blank(void) 233{ 234 struct cred *new; 235 236 new = kmem_cache_zalloc(cred_jar, GFP_KERNEL); 237 if (!new) 238 return NULL; 239 240#ifdef CONFIG_KEYS 241 new->tgcred = kzalloc(sizeof(*new->tgcred), GFP_KERNEL); 242 if (!new->tgcred) { 243 kmem_cache_free(cred_jar, new); 244 return NULL; 245 } 246 atomic_set(&new->tgcred->usage, 1); 247#endif 248 249 atomic_set(&new->usage, 1); 250 251 if (security_cred_alloc_blank(new, GFP_KERNEL) < 0) 252 goto error; 253 254#ifdef CONFIG_DEBUG_CREDENTIALS 255 new->magic = CRED_MAGIC; 256#endif 257 return new; 258 259error: 260 abort_creds(new); 261 return NULL; 262} 263 264/** 265 * prepare_creds - Prepare a new set of credentials for modification 266 * 267 * Prepare a new set of task credentials for modification. A task's creds 268 * shouldn't generally be modified directly, therefore this function is used to 269 * prepare a new copy, which the caller then modifies and then commits by 270 * calling commit_creds(). 271 * 272 * Preparation involves making a copy of the objective creds for modification. 273 * 274 * Returns a pointer to the new creds-to-be if successful, NULL otherwise. 275 * 276 * Call commit_creds() or abort_creds() to clean up. 277 */ 278struct cred *prepare_creds(void) 279{ 280 struct task_struct *task = current; 281 const struct cred *old; 282 struct cred *new; 283 284 validate_process_creds(); 285 286 new = kmem_cache_alloc(cred_jar, GFP_KERNEL); 287 if (!new) 288 return NULL; 289 290 kdebug("prepare_creds() alloc %p", new); 291 292 old = task->cred; 293 memcpy(new, old, sizeof(struct cred)); 294 295 atomic_set(&new->usage, 1); 296 set_cred_subscribers(new, 0); 297 get_group_info(new->group_info); 298 get_uid(new->user); 299 300#ifdef CONFIG_KEYS 301 key_get(new->thread_keyring); 302 key_get(new->request_key_auth); 303 atomic_inc(&new->tgcred->usage); 304#endif 305 306#ifdef CONFIG_SECURITY 307 new->security = NULL; 308#endif 309 310 if (security_prepare_creds(new, old, GFP_KERNEL) < 0) 311 goto error; 312 validate_creds(new); 313 return new; 314 315error: 316 abort_creds(new); 317 return NULL; 318} 319EXPORT_SYMBOL(prepare_creds); 320 321/* 322 * Prepare credentials for current to perform an execve() 323 * - The caller must hold current->cred_guard_mutex 324 */ 325struct cred *prepare_exec_creds(void) 326{ 327 struct thread_group_cred *tgcred = NULL; 328 struct cred *new; 329 330#ifdef CONFIG_KEYS 331 tgcred = kmalloc(sizeof(*tgcred), GFP_KERNEL); 332 if (!tgcred) 333 return NULL; 334#endif 335 336 new = prepare_creds(); 337 if (!new) { 338 kfree(tgcred); 339 return new; 340 } 341 342#ifdef CONFIG_KEYS 343 /* newly exec'd tasks don't get a thread keyring */ 344 key_put(new->thread_keyring); 345 new->thread_keyring = NULL; 346 347 /* create a new per-thread-group creds for all this set of threads to 348 * share */ 349 memcpy(tgcred, new->tgcred, sizeof(struct thread_group_cred)); 350 351 atomic_set(&tgcred->usage, 1); 352 spin_lock_init(&tgcred->lock); 353 354 /* inherit the session keyring; new process keyring */ 355 key_get(tgcred->session_keyring); 356 tgcred->process_keyring = NULL; 357 358 release_tgcred(new); 359 new->tgcred = tgcred; 360#endif 361 362 return new; 363} 364 365/* 366 * Copy credentials for the new process created by fork() 367 * 368 * We share if we can, but under some circumstances we have to generate a new 369 * set. 370 * 371 * The new process gets the current process's subjective credentials as its 372 * objective and subjective credentials 373 */ 374int copy_creds(struct task_struct *p, unsigned long clone_flags) 375{ 376#ifdef CONFIG_KEYS 377 struct thread_group_cred *tgcred; 378#endif 379 struct cred *new; 380 int ret; 381 382 mutex_init(&p->cred_guard_mutex); 383 384 if ( 385#ifdef CONFIG_KEYS 386 !p->cred->thread_keyring && 387#endif 388 clone_flags & CLONE_THREAD 389 ) { 390 p->real_cred = get_cred(p->cred); 391 get_cred(p->cred); 392 alter_cred_subscribers(p->cred, 2); 393 kdebug("share_creds(%p{%d,%d})", 394 p->cred, atomic_read(&p->cred->usage), 395 read_cred_subscribers(p->cred)); 396 atomic_inc(&p->cred->user->processes); 397 return 0; 398 } 399 400 new = prepare_creds(); 401 if (!new) 402 return -ENOMEM; 403 404 if (clone_flags & CLONE_NEWUSER) { 405 ret = create_user_ns(new); 406 if (ret < 0) 407 goto error_put; 408 } 409 410#ifdef CONFIG_KEYS 411 /* new threads get their own thread keyrings if their parent already 412 * had one */ 413 if (new->thread_keyring) { 414 key_put(new->thread_keyring); 415 new->thread_keyring = NULL; 416 if (clone_flags & CLONE_THREAD) 417 install_thread_keyring_to_cred(new); 418 } 419 420 /* we share the process and session keyrings between all the threads in 421 * a process - this is slightly icky as we violate COW credentials a 422 * bit */ 423 if (!(clone_flags & CLONE_THREAD)) { 424 tgcred = kmalloc(sizeof(*tgcred), GFP_KERNEL); 425 if (!tgcred) { 426 ret = -ENOMEM; 427 goto error_put; 428 } 429 atomic_set(&tgcred->usage, 1); 430 spin_lock_init(&tgcred->lock); 431 tgcred->process_keyring = NULL; 432 tgcred->session_keyring = key_get(new->tgcred->session_keyring); 433 434 release_tgcred(new); 435 new->tgcred = tgcred; 436 } 437#endif 438 439 atomic_inc(&new->user->processes); 440 p->cred = p->real_cred = get_cred(new); 441 alter_cred_subscribers(new, 2); 442 validate_creds(new); 443 return 0; 444 445error_put: 446 put_cred(new); 447 return ret; 448} 449 450/** 451 * commit_creds - Install new credentials upon the current task 452 * @new: The credentials to be assigned 453 * 454 * Install a new set of credentials to the current task, using RCU to replace 455 * the old set. Both the objective and the subjective credentials pointers are 456 * updated. This function may not be called if the subjective credentials are 457 * in an overridden state. 458 * 459 * This function eats the caller's reference to the new credentials. 460 * 461 * Always returns 0 thus allowing this function to be tail-called at the end 462 * of, say, sys_setgid(). 463 */ 464int commit_creds(struct cred *new) 465{ 466 struct task_struct *task = current; 467 const struct cred *old = task->real_cred; 468 469 kdebug("commit_creds(%p{%d,%d})", new, 470 atomic_read(&new->usage), 471 read_cred_subscribers(new)); 472 473 BUG_ON(task->cred != old); 474#ifdef CONFIG_DEBUG_CREDENTIALS 475 BUG_ON(read_cred_subscribers(old) < 2); 476 validate_creds(old); 477 validate_creds(new); 478#endif 479 BUG_ON(atomic_read(&new->usage) < 1); 480 481 get_cred(new); /* we will require a ref for the subj creds too */ 482 483 /* dumpability changes */ 484 if (old->euid != new->euid || 485 old->egid != new->egid || 486 old->fsuid != new->fsuid || 487 old->fsgid != new->fsgid || 488 !cap_issubset(new->cap_permitted, old->cap_permitted)) { 489 if (task->mm) 490 set_dumpable(task->mm, suid_dumpable); 491 task->pdeath_signal = 0; 492 smp_wmb(); 493 } 494 495 /* alter the thread keyring */ 496 if (new->fsuid != old->fsuid) 497 key_fsuid_changed(task); 498 if (new->fsgid != old->fsgid) 499 key_fsgid_changed(task); 500 501 /* do it 502 * - What if a process setreuid()'s and this brings the 503 * new uid over his NPROC rlimit? We can check this now 504 * cheaply with the new uid cache, so if it matters 505 * we should be checking for it. -DaveM 506 */ 507 alter_cred_subscribers(new, 2); 508 if (new->user != old->user) 509 atomic_inc(&new->user->processes); 510 rcu_assign_pointer(task->real_cred, new); 511 rcu_assign_pointer(task->cred, new); 512 if (new->user != old->user) 513 atomic_dec(&old->user->processes); 514 alter_cred_subscribers(old, -2); 515 516 /* send notifications */ 517 if (new->uid != old->uid || 518 new->euid != old->euid || 519 new->suid != old->suid || 520 new->fsuid != old->fsuid) 521 proc_id_connector(task, PROC_EVENT_UID); 522 523 if (new->gid != old->gid || 524 new->egid != old->egid || 525 new->sgid != old->sgid || 526 new->fsgid != old->fsgid) 527 proc_id_connector(task, PROC_EVENT_GID); 528 529 /* release the old obj and subj refs both */ 530 put_cred(old); 531 put_cred(old); 532 return 0; 533} 534EXPORT_SYMBOL(commit_creds); 535 536/** 537 * abort_creds - Discard a set of credentials and unlock the current task 538 * @new: The credentials that were going to be applied 539 * 540 * Discard a set of credentials that were under construction and unlock the 541 * current task. 542 */ 543void abort_creds(struct cred *new) 544{ 545 kdebug("abort_creds(%p{%d,%d})", new, 546 atomic_read(&new->usage), 547 read_cred_subscribers(new)); 548 549#ifdef CONFIG_DEBUG_CREDENTIALS 550 BUG_ON(read_cred_subscribers(new) != 0); 551#endif 552 BUG_ON(atomic_read(&new->usage) < 1); 553 put_cred(new); 554} 555EXPORT_SYMBOL(abort_creds); 556 557/** 558 * override_creds - Override the current process's subjective credentials 559 * @new: The credentials to be assigned 560 * 561 * Install a set of temporary override subjective credentials on the current 562 * process, returning the old set for later reversion. 563 */ 564const struct cred *override_creds(const struct cred *new) 565{ 566 const struct cred *old = current->cred; 567 568 kdebug("override_creds(%p{%d,%d})", new, 569 atomic_read(&new->usage), 570 read_cred_subscribers(new)); 571 572 validate_creds(old); 573 validate_creds(new); 574 get_cred(new); 575 alter_cred_subscribers(new, 1); 576 rcu_assign_pointer(current->cred, new); 577 alter_cred_subscribers(old, -1); 578 579 kdebug("override_creds() = %p{%d,%d}", old, 580 atomic_read(&old->usage), 581 read_cred_subscribers(old)); 582 return old; 583} 584EXPORT_SYMBOL(override_creds); 585 586/** 587 * revert_creds - Revert a temporary subjective credentials override 588 * @old: The credentials to be restored 589 * 590 * Revert a temporary set of override subjective credentials to an old set, 591 * discarding the override set. 592 */ 593void revert_creds(const struct cred *old) 594{ 595 const struct cred *override = current->cred; 596 597 kdebug("revert_creds(%p{%d,%d})", old, 598 atomic_read(&old->usage), 599 read_cred_subscribers(old)); 600 601 validate_creds(old); 602 validate_creds(override); 603 alter_cred_subscribers(old, 1); 604 rcu_assign_pointer(current->cred, old); 605 alter_cred_subscribers(override, -1); 606 put_cred(override); 607} 608EXPORT_SYMBOL(revert_creds); 609 610/* 611 * initialise the credentials stuff 612 */ 613void __init cred_init(void) 614{ 615 /* allocate a slab in which we can store credentials */ 616 cred_jar = kmem_cache_create("cred_jar", sizeof(struct cred), 617 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL); 618} 619 620/** 621 * prepare_kernel_cred - Prepare a set of credentials for a kernel service 622 * @daemon: A userspace daemon to be used as a reference 623 * 624 * Prepare a set of credentials for a kernel service. This can then be used to 625 * override a task's own credentials so that work can be done on behalf of that 626 * task that requires a different subjective context. 627 * 628 * @daemon is used to provide a base for the security record, but can be NULL. 629 * If @daemon is supplied, then the security data will be derived from that; 630 * otherwise they'll be set to 0 and no groups, full capabilities and no keys. 631 * 632 * The caller may change these controls afterwards if desired. 633 * 634 * Returns the new credentials or NULL if out of memory. 635 * 636 * Does not take, and does not return holding current->cred_replace_mutex. 637 */ 638struct cred *prepare_kernel_cred(struct task_struct *daemon) 639{ 640 const struct cred *old; 641 struct cred *new; 642 643 new = kmem_cache_alloc(cred_jar, GFP_KERNEL); 644 if (!new) 645 return NULL; 646 647 kdebug("prepare_kernel_cred() alloc %p", new); 648 649 if (daemon) 650 old = get_task_cred(daemon); 651 else 652 old = get_cred(&init_cred); 653 654 validate_creds(old); 655 656 *new = *old; 657 get_uid(new->user); 658 get_group_info(new->group_info); 659 660#ifdef CONFIG_KEYS 661 atomic_inc(&init_tgcred.usage); 662 new->tgcred = &init_tgcred; 663 new->request_key_auth = NULL; 664 new->thread_keyring = NULL; 665 new->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING; 666#endif 667 668#ifdef CONFIG_SECURITY 669 new->security = NULL; 670#endif 671 if (security_prepare_creds(new, old, GFP_KERNEL) < 0) 672 goto error; 673 674 atomic_set(&new->usage, 1); 675 set_cred_subscribers(new, 0); 676 put_cred(old); 677 validate_creds(new); 678 return new; 679 680error: 681 put_cred(new); 682 put_cred(old); 683 return NULL; 684} 685EXPORT_SYMBOL(prepare_kernel_cred); 686 687/** 688 * set_security_override - Set the security ID in a set of credentials 689 * @new: The credentials to alter 690 * @secid: The LSM security ID to set 691 * 692 * Set the LSM security ID in a set of credentials so that the subjective 693 * security is overridden when an alternative set of credentials is used. 694 */ 695int set_security_override(struct cred *new, u32 secid) 696{ 697 return security_kernel_act_as(new, secid); 698} 699EXPORT_SYMBOL(set_security_override); 700 701/** 702 * set_security_override_from_ctx - Set the security ID in a set of credentials 703 * @new: The credentials to alter 704 * @secctx: The LSM security context to generate the security ID from. 705 * 706 * Set the LSM security ID in a set of credentials so that the subjective 707 * security is overridden when an alternative set of credentials is used. The 708 * security ID is specified in string form as a security context to be 709 * interpreted by the LSM. 710 */ 711int set_security_override_from_ctx(struct cred *new, const char *secctx) 712{ 713 u32 secid; 714 int ret; 715 716 ret = security_secctx_to_secid(secctx, strlen(secctx), &secid); 717 if (ret < 0) 718 return ret; 719 720 return set_security_override(new, secid); 721} 722EXPORT_SYMBOL(set_security_override_from_ctx); 723 724/** 725 * set_create_files_as - Set the LSM file create context in a set of credentials 726 * @new: The credentials to alter 727 * @inode: The inode to take the context from 728 * 729 * Change the LSM file creation context in a set of credentials to be the same 730 * as the object context of the specified inode, so that the new inodes have 731 * the same MAC context as that inode. 732 */ 733int set_create_files_as(struct cred *new, struct inode *inode) 734{ 735 new->fsuid = inode->i_uid; 736 new->fsgid = inode->i_gid; 737 return security_kernel_create_files_as(new, inode); 738} 739EXPORT_SYMBOL(set_create_files_as); 740 741#ifdef CONFIG_DEBUG_CREDENTIALS 742 743bool creds_are_invalid(const struct cred *cred) 744{ 745 if (cred->magic != CRED_MAGIC) 746 return true; 747#ifdef CONFIG_SECURITY_SELINUX 748 if (selinux_is_enabled()) { 749 if ((unsigned long) cred->security < PAGE_SIZE) 750 return true; 751 if ((*(u32 *)cred->security & 0xffffff00) == 752 (POISON_FREE << 24 | POISON_FREE << 16 | POISON_FREE << 8)) 753 return true; 754 } 755#endif 756 return false; 757} 758EXPORT_SYMBOL(creds_are_invalid); 759 760/* 761 * dump invalid credentials 762 */ 763static void dump_invalid_creds(const struct cred *cred, const char *label, 764 const struct task_struct *tsk) 765{ 766 printk(KERN_ERR "CRED: %s credentials: %p %s%s%s\n", 767 label, cred, 768 cred == &init_cred ? "[init]" : "", 769 cred == tsk->real_cred ? "[real]" : "", 770 cred == tsk->cred ? "[eff]" : ""); 771 printk(KERN_ERR "CRED: ->magic=%x, put_addr=%p\n", 772 cred->magic, cred->put_addr); 773 printk(KERN_ERR "CRED: ->usage=%d, subscr=%d\n", 774 atomic_read(&cred->usage), 775 read_cred_subscribers(cred)); 776 printk(KERN_ERR "CRED: ->*uid = { %d,%d,%d,%d }\n", 777 cred->uid, cred->euid, cred->suid, cred->fsuid); 778 printk(KERN_ERR "CRED: ->*gid = { %d,%d,%d,%d }\n", 779 cred->gid, cred->egid, cred->sgid, cred->fsgid); 780#ifdef CONFIG_SECURITY 781 printk(KERN_ERR "CRED: ->security is %p\n", cred->security); 782 if ((unsigned long) cred->security >= PAGE_SIZE && 783 (((unsigned long) cred->security & 0xffffff00) != 784 (POISON_FREE << 24 | POISON_FREE << 16 | POISON_FREE << 8))) 785 printk(KERN_ERR "CRED: ->security {%x, %x}\n", 786 ((u32*)cred->security)[0], 787 ((u32*)cred->security)[1]); 788#endif 789} 790 791/* 792 * report use of invalid credentials 793 */ 794void __invalid_creds(const struct cred *cred, const char *file, unsigned line) 795{ 796 printk(KERN_ERR "CRED: Invalid credentials\n"); 797 printk(KERN_ERR "CRED: At %s:%u\n", file, line); 798 dump_invalid_creds(cred, "Specified", current); 799 BUG(); 800} 801EXPORT_SYMBOL(__invalid_creds); 802 803/* 804 * check the credentials on a process 805 */ 806void __validate_process_creds(struct task_struct *tsk, 807 const char *file, unsigned line) 808{ 809 if (tsk->cred == tsk->real_cred) { 810 if (unlikely(read_cred_subscribers(tsk->cred) < 2 || 811 creds_are_invalid(tsk->cred))) 812 goto invalid_creds; 813 } else { 814 if (unlikely(read_cred_subscribers(tsk->real_cred) < 1 || 815 read_cred_subscribers(tsk->cred) < 1 || 816 creds_are_invalid(tsk->real_cred) || 817 creds_are_invalid(tsk->cred))) 818 goto invalid_creds; 819 } 820 return; 821 822invalid_creds: 823 printk(KERN_ERR "CRED: Invalid process credentials\n"); 824 printk(KERN_ERR "CRED: At %s:%u\n", file, line); 825 826 dump_invalid_creds(tsk->real_cred, "Real", tsk); 827 if (tsk->cred != tsk->real_cred) 828 dump_invalid_creds(tsk->cred, "Effective", tsk); 829 else 830 printk(KERN_ERR "CRED: Effective creds == Real creds\n"); 831 BUG(); 832} 833EXPORT_SYMBOL(__validate_process_creds); 834 835/* 836 * check creds for do_exit() 837 */ 838void validate_creds_for_do_exit(struct task_struct *tsk) 839{ 840 kdebug("validate_creds_for_do_exit(%p,%p{%d,%d})", 841 tsk->real_cred, tsk->cred, 842 atomic_read(&tsk->cred->usage), 843 read_cred_subscribers(tsk->cred)); 844 845 __validate_process_creds(tsk, __FILE__, __LINE__); 846} 847 848#endif /* CONFIG_DEBUG_CREDENTIALS */ 849