microsoft
/
WSL2-Linux-Kernel
зеркало из https://github.com/microsoft/WSL2-Linux-Kernel.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

cred: Refcount the user_ns pointed to by the cred. 

struct user_struct will shortly loose it's user_ns reference
so make the cred user_ns reference a proper reference complete
with reference counting.

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
This commit is contained in:
Eric W. Biederman 2011-11-16 21:52:53 -08:00
Родитель c4a4d60379
Коммит 0093ccb68f
4 изменённых файлов: 10 добавлений и 10 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
include/linux/cred.h
Просмотреть файл

@ -146,7 +146,7 @@ struct cred {
void *security; /* subjective LSM security */ void *security; /* subjective LSM security */
#endif #endif
struct user_struct *user; /* real user ID subscription */ struct user_struct *user; /* real user ID subscription */
struct user_namespace *user_ns; /* cached user->user_ns */ struct user_namespace *user_ns; /* user_ns the caps and keyrings are relative to. */
struct group_info *group_info; /* supplementary groups for euid/fsgid */ struct group_info *group_info; /* supplementary groups for euid/fsgid */
struct rcu_head rcu; /* RCU deletion hook */ struct rcu_head rcu; /* RCU deletion hook */
}; };

8
kernel/cred.c
Просмотреть файл

@ -148,6 +148,7 @@ static void put_cred_rcu(struct rcu_head *rcu)
if (cred->group_info) if (cred->group_info)
put_group_info(cred->group_info); put_group_info(cred->group_info);
free_uid(cred->user); free_uid(cred->user);
put_user_ns(cred->user_ns);
kmem_cache_free(cred_jar, cred); kmem_cache_free(cred_jar, cred);
} }
@ -303,6 +304,7 @@ struct cred *prepare_creds(void)
set_cred_subscribers(new, 0); set_cred_subscribers(new, 0);
get_group_info(new->group_info); get_group_info(new->group_info);
get_uid(new->user); get_uid(new->user);
get_user_ns(new->user_ns);
#ifdef CONFIG_KEYS #ifdef CONFIG_KEYS
key_get(new->thread_keyring); key_get(new->thread_keyring);
@ -412,11 +414,6 @@ int copy_creds(struct task_struct *p, unsigned long clone_flags)
goto error_put; goto error_put;
} }
/* cache user_ns in cred. Doesn't need a refcount because it will
* stay pinned by cred->user
*/
new->user_ns = new->user->user_ns;
#ifdef CONFIG_KEYS #ifdef CONFIG_KEYS
/* new threads get their own thread keyrings if their parent already /* new threads get their own thread keyrings if their parent already
* had one */ * had one */
@ -676,6 +673,7 @@ struct cred *prepare_kernel_cred(struct task_struct *daemon)
atomic_set(&new->usage, 1); atomic_set(&new->usage, 1);
set_cred_subscribers(new, 0); set_cred_subscribers(new, 0);
get_uid(new->user); get_uid(new->user);
get_user_ns(new->user_ns);
get_group_info(new->group_info); get_group_info(new->group_info);
#ifdef CONFIG_KEYS #ifdef CONFIG_KEYS

8
kernel/user_namespace.c
Просмотреть файл

@ -24,7 +24,7 @@ static struct kmem_cache *user_ns_cachep __read_mostly;
*/ */
int create_user_ns(struct cred *new) int create_user_ns(struct cred *new)
{ {
struct user_namespace *ns; struct user_namespace *ns, *parent_ns = new->user_ns;
struct user_struct *root_user; struct user_struct *root_user;
int n; int n;
@ -57,8 +57,10 @@ int create_user_ns(struct cred *new)
#endif #endif
/* tgcred will be cleared in our caller bc CLONE_THREAD won't be set */ /* tgcred will be cleared in our caller bc CLONE_THREAD won't be set */
/* root_user holds a reference to ns, our reference can be dropped */ /* Leave the reference to our user_ns with the new cred */
put_user_ns(ns); new->user_ns = ns;
put_user_ns(parent_ns);
return 0; return 0;
} }

2
security/keys/process_keys.c
Просмотреть файл

@ -858,7 +858,7 @@ void key_replace_session_keyring(void)
new-> sgid = old-> sgid; new-> sgid = old-> sgid;
new->fsgid = old->fsgid; new->fsgid = old->fsgid;
new->user = get_uid(old->user); new->user = get_uid(old->user);
new->user_ns = new->user_ns; new->user_ns = get_user_ns(new->user_ns);
new->group_info = get_group_info(old->group_info); new->group_info = get_group_info(old->group_info);
new->securebits = old->securebits; new->securebits = old->securebits;