Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal

Pull second pile of signal handling patches from Al Viro:
 "This one is just task_work_add() series + remaining prereqs for it.

  There probably will be another pull request from that tree this
  cycle - at least for helpers, to get them out of the way for per-arch
  fixes remaining in the tree."

Fix trivial conflict in kernel/irq/manage.c: the merge of Andrew's pile
had brought in commit 97fd75b7b8 ("kernel/irq/manage.c: use the
pr_foo() infrastructure to prefix printks") which changed one of the
pr_err() calls that this merge moves around.

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal:
  keys: kill task_struct->replacement_session_keyring
  keys: kill the dummy key_replace_session_keyring()
  keys: change keyctl_session_to_parent() to use task_work_add()
  genirq: reimplement exit_irq_thread() hook via task_work_add()
  task_work_add: generic process-context callbacks
  avr32: missed _TIF_NOTIFY_RESUME on one of do_notify_resume callers
  parisc: need to check NOTIFY_RESUME when exiting from syscall
  move key_repace_session_keyring() into tracehook_notify_resume()
  TIF_NOTIFY_RESUME is defined on all targets now
This commit is contained in:
Linus Torvalds
2012-05-31 18:47:30 -07:00
45 changed files with 220 additions and 186 deletions

View File

@@ -1454,50 +1454,57 @@ long keyctl_get_security(key_serial_t keyid,
*/
long keyctl_session_to_parent(void)
{
#ifdef TIF_NOTIFY_RESUME
struct task_struct *me, *parent;
const struct cred *mycred, *pcred;
struct cred *cred, *oldcred;
struct task_work *newwork, *oldwork;
key_ref_t keyring_r;
struct cred *cred;
int ret;
keyring_r = lookup_user_key(KEY_SPEC_SESSION_KEYRING, 0, KEY_LINK);
if (IS_ERR(keyring_r))
return PTR_ERR(keyring_r);
ret = -ENOMEM;
newwork = kmalloc(sizeof(struct task_work), GFP_KERNEL);
if (!newwork)
goto error_keyring;
/* our parent is going to need a new cred struct, a new tgcred struct
* and new security data, so we allocate them here to prevent ENOMEM in
* our parent */
ret = -ENOMEM;
cred = cred_alloc_blank();
if (!cred)
goto error_keyring;
goto error_newwork;
cred->tgcred->session_keyring = key_ref_to_ptr(keyring_r);
keyring_r = NULL;
init_task_work(newwork, key_change_session_keyring, cred);
me = current;
rcu_read_lock();
write_lock_irq(&tasklist_lock);
parent = me->real_parent;
ret = -EPERM;
oldwork = NULL;
parent = me->real_parent;
/* the parent mustn't be init and mustn't be a kernel thread */
if (parent->pid <= 1 || !parent->mm)
goto not_permitted;
goto unlock;
/* the parent must be single threaded */
if (!thread_group_empty(parent))
goto not_permitted;
goto unlock;
/* the parent and the child must have different session keyrings or
* there's no point */
mycred = current_cred();
pcred = __task_cred(parent);
if (mycred == pcred ||
mycred->tgcred->session_keyring == pcred->tgcred->session_keyring)
goto already_same;
mycred->tgcred->session_keyring == pcred->tgcred->session_keyring) {
ret = 0;
goto unlock;
}
/* the parent must have the same effective ownership and mustn't be
* SUID/SGID */
@@ -1507,50 +1514,40 @@ long keyctl_session_to_parent(void)
pcred->gid != mycred->egid ||
pcred->egid != mycred->egid ||
pcred->sgid != mycred->egid)
goto not_permitted;
goto unlock;
/* the keyrings must have the same UID */
if ((pcred->tgcred->session_keyring &&
pcred->tgcred->session_keyring->uid != mycred->euid) ||
mycred->tgcred->session_keyring->uid != mycred->euid)
goto not_permitted;
goto unlock;
/* if there's an already pending keyring replacement, then we replace
* that */
oldcred = parent->replacement_session_keyring;
/* cancel an already pending keyring replacement */
oldwork = task_work_cancel(parent, key_change_session_keyring);
/* the replacement session keyring is applied just prior to userspace
* restarting */
parent->replacement_session_keyring = cred;
cred = NULL;
set_ti_thread_flag(task_thread_info(parent), TIF_NOTIFY_RESUME);
ret = task_work_add(parent, newwork, true);
if (!ret)
newwork = NULL;
unlock:
write_unlock_irq(&tasklist_lock);
rcu_read_unlock();
if (oldcred)
put_cred(oldcred);
return 0;
already_same:
ret = 0;
not_permitted:
write_unlock_irq(&tasklist_lock);
rcu_read_unlock();
put_cred(cred);
if (oldwork) {
put_cred(oldwork->data);
kfree(oldwork);
}
if (newwork) {
put_cred(newwork->data);
kfree(newwork);
}
return ret;
error_newwork:
kfree(newwork);
error_keyring:
key_ref_put(keyring_r);
return ret;
#else /* !TIF_NOTIFY_RESUME */
/*
* To be removed when TIF_NOTIFY_RESUME has been implemented on
* m68k/xtensa
*/
#warning TIF_NOTIFY_RESUME not implemented
return -EOPNOTSUPP;
#endif /* !TIF_NOTIFY_RESUME */
}
/*