Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: SELinux: do not destroy the avc_cache_nodep KEYS: Have the garbage collector set its timer for live expired keys tpm-fixup-pcrs-sysfs-file-update creds_are_invalid() needs to be exported for use by modules: include/linux/cred.h: fix build Fix trivial BUILD_BUG_ON-induced conflicts in drivers/char/tpm/tpm.c
2009-09-23 15:18:57 -07:00
parent a724eada8c 5224ee0863
commit c82ffab9a8
5 changed files with 39 additions and 26 deletions
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -782,6 +782,25 @@ EXPORT_SYMBOL(set_create_files_as);

 #ifdef CONFIG_DEBUG_CREDENTIALS

+bool creds_are_invalid(const struct cred *cred)
+{
+	if (cred->magic != CRED_MAGIC)
+		return true;
+	if (atomic_read(&cred->usage) < atomic_read(&cred->subscribers))
+		return true;
+#ifdef CONFIG_SECURITY_SELINUX
+	if (selinux_is_enabled()) {
+		if ((unsigned long) cred->security < PAGE_SIZE)
+			return true;
+		if ((*(u32 *)cred->security & 0xffffff00) ==
+		    (POISON_FREE << 24 | POISON_FREE << 16 | POISON_FREE << 8))
+			return true;
+	}
+#endif
+	return false;
+}
+EXPORT_SYMBOL(creds_are_invalid);
+
 /*
 * dump invalid credentials
 */