Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal
Pull second pile of signal handling patches from Al Viro:
"This one is just task_work_add() series + remaining prereqs for it.
There probably will be another pull request from that tree this
cycle - at least for helpers, to get them out of the way for per-arch
fixes remaining in the tree."
Fix trivial conflict in kernel/irq/manage.c: the merge of Andrew's pile
had brought in commit 97fd75b7b8
("kernel/irq/manage.c: use the
pr_foo() infrastructure to prefix printks") which changed one of the
pr_err() calls that this merge moves around.
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal:
keys: kill task_struct->replacement_session_keyring
keys: kill the dummy key_replace_session_keyring()
keys: change keyctl_session_to_parent() to use task_work_add()
genirq: reimplement exit_irq_thread() hook via task_work_add()
task_work_add: generic process-context callbacks
avr32: missed _TIF_NOTIFY_RESUME on one of do_notify_resume callers
parisc: need to check NOTIFY_RESUME when exiting from syscall
move key_repace_session_keyring() into tracehook_notify_resume()
TIF_NOTIFY_RESUME is defined on all targets now
This commit is contained in:
@@ -1454,50 +1454,57 @@ long keyctl_get_security(key_serial_t keyid,
|
||||
*/
|
||||
long keyctl_session_to_parent(void)
|
||||
{
|
||||
#ifdef TIF_NOTIFY_RESUME
|
||||
struct task_struct *me, *parent;
|
||||
const struct cred *mycred, *pcred;
|
||||
struct cred *cred, *oldcred;
|
||||
struct task_work *newwork, *oldwork;
|
||||
key_ref_t keyring_r;
|
||||
struct cred *cred;
|
||||
int ret;
|
||||
|
||||
keyring_r = lookup_user_key(KEY_SPEC_SESSION_KEYRING, 0, KEY_LINK);
|
||||
if (IS_ERR(keyring_r))
|
||||
return PTR_ERR(keyring_r);
|
||||
|
||||
ret = -ENOMEM;
|
||||
newwork = kmalloc(sizeof(struct task_work), GFP_KERNEL);
|
||||
if (!newwork)
|
||||
goto error_keyring;
|
||||
|
||||
/* our parent is going to need a new cred struct, a new tgcred struct
|
||||
* and new security data, so we allocate them here to prevent ENOMEM in
|
||||
* our parent */
|
||||
ret = -ENOMEM;
|
||||
cred = cred_alloc_blank();
|
||||
if (!cred)
|
||||
goto error_keyring;
|
||||
goto error_newwork;
|
||||
|
||||
cred->tgcred->session_keyring = key_ref_to_ptr(keyring_r);
|
||||
keyring_r = NULL;
|
||||
init_task_work(newwork, key_change_session_keyring, cred);
|
||||
|
||||
me = current;
|
||||
rcu_read_lock();
|
||||
write_lock_irq(&tasklist_lock);
|
||||
|
||||
parent = me->real_parent;
|
||||
ret = -EPERM;
|
||||
oldwork = NULL;
|
||||
parent = me->real_parent;
|
||||
|
||||
/* the parent mustn't be init and mustn't be a kernel thread */
|
||||
if (parent->pid <= 1 || !parent->mm)
|
||||
goto not_permitted;
|
||||
goto unlock;
|
||||
|
||||
/* the parent must be single threaded */
|
||||
if (!thread_group_empty(parent))
|
||||
goto not_permitted;
|
||||
goto unlock;
|
||||
|
||||
/* the parent and the child must have different session keyrings or
|
||||
* there's no point */
|
||||
mycred = current_cred();
|
||||
pcred = __task_cred(parent);
|
||||
if (mycred == pcred ||
|
||||
mycred->tgcred->session_keyring == pcred->tgcred->session_keyring)
|
||||
goto already_same;
|
||||
mycred->tgcred->session_keyring == pcred->tgcred->session_keyring) {
|
||||
ret = 0;
|
||||
goto unlock;
|
||||
}
|
||||
|
||||
/* the parent must have the same effective ownership and mustn't be
|
||||
* SUID/SGID */
|
||||
@@ -1507,50 +1514,40 @@ long keyctl_session_to_parent(void)
|
||||
pcred->gid != mycred->egid ||
|
||||
pcred->egid != mycred->egid ||
|
||||
pcred->sgid != mycred->egid)
|
||||
goto not_permitted;
|
||||
goto unlock;
|
||||
|
||||
/* the keyrings must have the same UID */
|
||||
if ((pcred->tgcred->session_keyring &&
|
||||
pcred->tgcred->session_keyring->uid != mycred->euid) ||
|
||||
mycred->tgcred->session_keyring->uid != mycred->euid)
|
||||
goto not_permitted;
|
||||
goto unlock;
|
||||
|
||||
/* if there's an already pending keyring replacement, then we replace
|
||||
* that */
|
||||
oldcred = parent->replacement_session_keyring;
|
||||
/* cancel an already pending keyring replacement */
|
||||
oldwork = task_work_cancel(parent, key_change_session_keyring);
|
||||
|
||||
/* the replacement session keyring is applied just prior to userspace
|
||||
* restarting */
|
||||
parent->replacement_session_keyring = cred;
|
||||
cred = NULL;
|
||||
set_ti_thread_flag(task_thread_info(parent), TIF_NOTIFY_RESUME);
|
||||
|
||||
ret = task_work_add(parent, newwork, true);
|
||||
if (!ret)
|
||||
newwork = NULL;
|
||||
unlock:
|
||||
write_unlock_irq(&tasklist_lock);
|
||||
rcu_read_unlock();
|
||||
if (oldcred)
|
||||
put_cred(oldcred);
|
||||
return 0;
|
||||
|
||||
already_same:
|
||||
ret = 0;
|
||||
not_permitted:
|
||||
write_unlock_irq(&tasklist_lock);
|
||||
rcu_read_unlock();
|
||||
put_cred(cred);
|
||||
if (oldwork) {
|
||||
put_cred(oldwork->data);
|
||||
kfree(oldwork);
|
||||
}
|
||||
if (newwork) {
|
||||
put_cred(newwork->data);
|
||||
kfree(newwork);
|
||||
}
|
||||
return ret;
|
||||
|
||||
error_newwork:
|
||||
kfree(newwork);
|
||||
error_keyring:
|
||||
key_ref_put(keyring_r);
|
||||
return ret;
|
||||
|
||||
#else /* !TIF_NOTIFY_RESUME */
|
||||
/*
|
||||
* To be removed when TIF_NOTIFY_RESUME has been implemented on
|
||||
* m68k/xtensa
|
||||
*/
|
||||
#warning TIF_NOTIFY_RESUME not implemented
|
||||
return -EOPNOTSUPP;
|
||||
#endif /* !TIF_NOTIFY_RESUME */
|
||||
}
|
||||
|
||||
/*
|
||||
|
Reference in New Issue
Block a user