linux-next: manual merge of the creds tree

linux-next: manual merge of the creds tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 566 bytes --]

Hi David,

Today's linux-next merge of the creds tree got a conflict in
include/linux/cred.h between commit
9e2b2dc4133f65272a6d3c5dcb2ce63f8a87cae9 ("CRED: Introduce credential
access wrappers") from Linus' tree and commit
353d37698a27cff3f5663f92ed61434a3209c37a ("CRED: Document the credential
API's (ab)use of const pointers") from the creds tree.

I just used the version from the creds tree.

How's the resync with Linus' tree coming along?
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

linux-next: manual merge of the creds tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 637 bytes --]

Hi David,

Today's linux-next merge of the creds tree got conflicts against the
security-testing tree (besides the two I tried to fix up).

I have dropped it again for today.

I think the only way forward is for you and James to come to some
arrangement.  Probably this will involve James merging your tree into his
and me removing creds as a separate tree from linux-next.

You may have to consider what happens to the userns tree as well (which I
have had to drop today as well since it depends on the creds tree).
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

Re: linux-next: manual merge of the creds tree

[David Howells]

Stephen Rothwell <sfr@canb.auug.org.au> wrote:

> 
> Today's linux-next merge of the creds tree got conflicts against the
> security-testing tree (besides the two I tried to fix up).
> 
> I have dropped it again for today.
> 
> I think the only way forward is for you and James to come to some
> arrangement.  Probably this will involve James merging your tree into his
> and me removing creds as a separate tree from linux-next.

We have come to an arrangement.  I'm fixing up my patches so that James can
just stack them on top of his tree.  After that, you'll get them via James.

David

Re: linux-next: manual merge of the creds tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 382 bytes --]

Hi David,

On Thu, 13 Nov 2008 12:33:04 +0000 David Howells <dhowells@redhat.com> wrote:
>
> We have come to an arrangement.  I'm fixing up my patches so that James can
> just stack them on top of his tree.  After that, you'll get them via James.

Thanks for that.

-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

Re: linux-next: manual merge of the creds tree

[Serge E. Hallyn]

Quoting David Howells (dhowells@redhat.com):
> Stephen Rothwell <sfr@canb.auug.org.au> wrote:
> 
> > 
> > Today's linux-next merge of the creds tree got conflicts against the
> > security-testing tree (besides the two I tried to fix up).
> > 
> > I have dropped it again for today.
> > 
> > I think the only way forward is for you and James to come to some
> > arrangement.  Probably this will involve James merging your tree into his
> > and me removing creds as a separate tree from linux-next.
> 
> We have come to an arrangement.  I'm fixing up my patches so that James can
> just stack them on top of his tree.  After that, you'll get them via James.

Please let me know when you have those - if they are done today, then
I'll try to port the userns patch tomorrow morning.  Otherwise, I'm
on vacation next week, and while I usually try to sneak in some lkml
reading, my wife has threatened to hide my laptop.

-serge

linux-next: manual merge of the creds tree

[Stephen Rothwell]

Hi David,

Today's linux-next merge of the creds tree got a conflict in
kernel/capability.c between commit
e68b75a027bb94066576139ee33676264f867b87 ("When the capset syscall is
used it is not possible for audit to record the") from the
security-testing tree and commit 2ea2fe20bdef1300ea07a9c38dbfea5d0c042898
("CRED: Neuter sys_capset()") from the creds tree.

Context changes. I fixed it up (see below) and can carry the fix for now
(though I am not sure of this fix).
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

diff --cc kernel/capability.c
index adb262f,6465ab7..0000000
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@@ -469,36 -259,18 +271,22 @@@ asmlinkage long sys_capset(cap_user_hea
  		i++;
  	}
  
 +	ret = audit_log_capset(pid, &effective, &inheritable, &permitted);
 +	if (ret)
 +		return ret;
 +
- 	if (pid && (pid != task_pid_vnr(current)))
- 		ret = do_sys_capset_other_tasks(pid, &effective, &inheritable,
- 						&permitted);
- 	else {
- 		/*
- 		 * This lock is required even when filesystem
- 		 * capability support is configured - it protects the
- 		 * sys_capget() call from returning incorrect data in
- 		 * the case that the targeted process is not the
- 		 * current one.
- 		 */
- 		spin_lock(&task_capability_lock);
- 
- 		ret = security_capset_check(current, &effective, &inheritable,
- 					    &permitted);
- 		/*
- 		 * Having verified that the proposed changes are
- 		 * legal, we now put them into effect.
- 		 */
- 		if (!ret)
- 			security_capset_set(current, &effective, &inheritable,
- 					    &permitted);
- 		spin_unlock(&task_capability_lock);
- 	}
+ 	new = prepare_creds();
+ 	if (!new)
+ 		return -ENOMEM;
  
+ 	ret = security_capset(new, current_cred(),
+ 			      &effective, &inheritable, &permitted);
+ 	if (ret < 0)
+ 		goto error;
+ 	return commit_creds(new);
  
+ error:
+ 	abort_creds(new);
  	return ret;
  }
  

linux-next: manual merge of the creds tree

[Stephen Rothwell]

Hi David,

Today's linux-next merge of the creds tree got a conflict in
include/linux/security.h between commit
06112163f5fd9e491a7f810443d81efa9d88e247 ("Add a new capable interface
that will be used by systems that use audit to") from the
security-testing tree and commit a9018998dcc1e3b4401a7f6d2050ffedbd1b64da
("CRED: Inaugurate COW credentials") from the creds tree.

Context changes.  I fixed it up (see below) and can carry it for a while.
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

diff --cc include/linux/security.h
index 5fe28a6,9a71bcf..0000000
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@@ -1303,15 -1281,12 +1285,12 @@@ struct security_operations 
  	int (*capget) (struct task_struct *target,
  		       kernel_cap_t *effective,
  		       kernel_cap_t *inheritable, kernel_cap_t *permitted);
- 	int (*capset_check) (struct task_struct *target,
- 			     kernel_cap_t *effective,
- 			     kernel_cap_t *inheritable,
- 			     kernel_cap_t *permitted);
- 	void (*capset_set) (struct task_struct *target,
- 			    kernel_cap_t *effective,
- 			    kernel_cap_t *inheritable,
- 			    kernel_cap_t *permitted);
+ 	int (*capset) (struct cred *new,
+ 		       const struct cred *old,
+ 		       const kernel_cap_t *effective,
+ 		       const kernel_cap_t *inheritable,
+ 		       const kernel_cap_t *permitted);
 -	int (*capable) (struct task_struct *tsk, int cap);
 +	int (*capable) (struct task_struct *tsk, int cap, int audit);
  	int (*acct) (struct file *file);
  	int (*sysctl) (struct ctl_table *table, int op);
  	int (*quotactl) (int cmds, int type, int id, struct super_block *sb);
@@@ -1572,16 -1548,11 +1552,12 @@@ int security_capget(struct task_struct 
  		    kernel_cap_t *effective,
  		    kernel_cap_t *inheritable,
  		    kernel_cap_t *permitted);
- int security_capset_check(struct task_struct *target,
- 			  kernel_cap_t *effective,
- 			  kernel_cap_t *inheritable,
- 			  kernel_cap_t *permitted);
- void security_capset_set(struct task_struct *target,
- 			 kernel_cap_t *effective,
- 			 kernel_cap_t *inheritable,
- 			 kernel_cap_t *permitted);
+ int security_capset(struct cred *new, const struct cred *old,
+ 		    const kernel_cap_t *effective,
+ 		    const kernel_cap_t *inheritable,
+ 		    const kernel_cap_t *permitted);
  int security_capable(struct task_struct *tsk, int cap);
 +int security_capable_noaudit(struct task_struct *tsk, int cap);
  int security_acct(struct file *file);
  int security_sysctl(struct ctl_table *table, int op);
  int security_quotactl(int cmds, int type, int id, struct super_block *sb);

linux-next: manual merge of the creds tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 593 bytes --]

Hi David,

Today's linux-next merge of the creds tree got a conflicts in
security/keys/internal.h and security/keys/process_keys.c between commit
1f8f5cf6e4f038552a3e47b66085452c08556d71 ("KEYS: Make request key
instantiate the per-user keyrings") from Linus' tree and
f71e534c1149637f4eb186b351e6afeb8584551c ("KEYS: Alter use of key
instantiation link-to-keyring argument") from the creds tree.

It needs local knowledge to fix up, so I will drop the creds tree for
today.
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

Re: linux-next: manual merge of the creds tree

[David Howells]

Stephen Rothwell <sfr@canb.auug.org.au> wrote:

> Today's linux-next merge of the creds tree got a conflicts in
> security/keys/internal.h and security/keys/process_keys.c between commit
> 1f8f5cf6e4f038552a3e47b66085452c08556d71 ("KEYS: Make request key
> instantiate the per-user keyrings") from Linus' tree and
> f71e534c1149637f4eb186b351e6afeb8584551c ("KEYS: Alter use of key
> instantiation link-to-keyring argument") from the creds tree.
> 
> It needs local knowledge to fix up, so I will drop the creds tree for
> today.

I've pushed a merge of that.

David

Re: linux-next: manual merge of the creds tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 814 bytes --]

Hi David,

On Wed, 12 Nov 2008 18:23:36 +0000 David Howells <dhowells@redhat.com> wrote:
>
> Stephen Rothwell <sfr@canb.auug.org.au> wrote:
> 
> > Today's linux-next merge of the creds tree got a conflicts in
> > security/keys/internal.h and security/keys/process_keys.c between commit
> > 1f8f5cf6e4f038552a3e47b66085452c08556d71 ("KEYS: Make request key
> > instantiate the per-user keyrings") from Linus' tree and
> > f71e534c1149637f4eb186b351e6afeb8584551c ("KEYS: Alter use of key
> > instantiation link-to-keyring argument") from the creds tree.
> > 
> > It needs local knowledge to fix up, so I will drop the creds tree for
> > today.
> 
> I've pushed a merge of that.

Thanks.

-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

linux-next: manual merge of the creds tree

[Stephen Rothwell]

Hi David,

Today's linux-next merge of the creds tree got a conflict in
fs/devpts/inode.c between commit 2f6b28889414a43b570123886d1fc38abbdd363e
("pty-per-mount-config") from the ttydev tree and commit
533a45d7003203b147c4861ff45353387b4b05db ("CRED: Wrap task credential
accesses in the devpts filesystem") from the creds tree.

Overlapping changes. I fixed it up (see below) and will carry it for a
while.  You should send the creds tree patch above to Alan now that the
APIs are available in mainline.

-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

diff --cc fs/devpts/inode.c
index 5006485,5d61b7c..0000000
--- a/fs/devpts/inode.c
+++ b/fs/devpts/inode.c
@@@ -594,11 -221,11 +594,11 @@@ int devpts_pty_new(struct inode *ptmx_i
  	if (!inode)
  		return -ENOMEM;
  
 -	inode->i_ino = number+2;
 -	inode->i_uid = config.setuid ? config.uid : current_fsuid();
 -	inode->i_gid = config.setgid ? config.gid : current_fsgid();
 +	inode->i_ino = number+3;
- 	inode->i_uid = opts->setuid ? opts->uid : current->fsuid;
- 	inode->i_gid = opts->setgid ? opts->gid : current->fsgid;
++	inode->i_uid = opts->setuid ? opts->uid : current_fsuid();
++	inode->i_gid = opts->setgid ? opts->gid : current_fsgid();
  	inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
 -	init_special_inode(inode, S_IFCHR|config.mode, device);
 +	init_special_inode(inode, S_IFCHR|opts->mode, device);
  	inode->i_private = tty;
  	tty->driver_data = inode;
  

linux-next: manual merge of the creds tree

[Stephen Rothwell]

Hi David,

Today's linux-next merge of the creds tree got conflicts in
security/selinux/hooks.c between commit
8b6a5a37f87a414ef8636e36ec75accb27bb7508 ("") from the security-testing
tree and commit selinux_dentry_open ("CRED: Make inode_has_perm() and
file_has_perm() take a cred pointer") from the creds tree.

Just overlapping changes.  I fixed it up (see below) and can carry the
fix.

The file also got a conflict between commit
41d9f9c524a53477467b7e0111ff3d644198f191 ("SELinux: hold tasklist_lock
and siglock while waking wait_chldexit") from the security-testing tree
and commit a3338909826d32d821158a6adc43ce0a1654b31d ("CRED: Make execve()
take advantage of copy-on-write credentials") from the creds tree.

This was more complex but I fixed it up as best I could (see below) and
can carry the fix.  Please let me know if it is not correct (or could be
better).
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

diff --cc security/selinux/hooks.c
index eb7955d,b530cd1..0000000
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@@ -2262,39 -2323,32 +2324,34 @@@ static void selinux_bprm_committing_cre
  }
  
  /*
-  * called after apply_creds without the task lock held
+  * Clean up the process immediately after the installation of new credentials
+  * due to exec
   */
- static void selinux_bprm_post_apply_creds(struct linux_binprm *bprm)
+ static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
  {
- 	struct task_security_struct *tsec;
- 	struct rlimit *rlim, *initrlim;
+ 	const struct task_security_struct *tsec = current_security();
  	struct itimerval itimer;
- 	struct bprm_security_struct *bsec;
 +	struct sighand_struct *psig;
+ 	u32 osid, sid;
  	int rc, i;
 +	unsigned long flags;
  
- 	tsec = current->security;
- 	bsec = bprm->security;
+ 	secondary_ops->bprm_committed_creds(bprm);
  
- 	if (bsec->unsafe) {
- 		force_sig_specific(SIGKILL, current);
- 		return;
- 	}
- 	if (tsec->osid == tsec->sid)
+ 	osid = tsec->osid;
+ 	sid = tsec->sid;
+ 
+ 	if (sid == osid)
  		return;
  
- 	/* Close files for which the new task SID is not authorized. */
- 	flush_unauthorized_files(current->files);
- 
- 	/* Check whether the new SID can inherit signal state
- 	   from the old SID.  If not, clear itimers to avoid
- 	   subsequent signal generation and flush and unblock
- 	   signals. This must occur _after_ the task SID has
- 	  been updated so that any kill done after the flush
- 	  will be checked against the new SID. */
- 	rc = avc_has_perm(tsec->osid, tsec->sid, SECCLASS_PROCESS,
- 			  PROCESS__SIGINH, NULL);
+ 	/* Check whether the new SID can inherit signal state from the old SID.
+ 	 * If not, clear itimers to avoid subsequent signal generation and
+ 	 * flush and unblock signals.
+ 	 *
+ 	 * This must occur _after_ the task SID has been updated so that any
+ 	 * kill done after the flush will be checked against the new SID.
+ 	 */
+ 	rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
  	if (rc) {
  		memset(&itimer, 0, sizeof itimer);
  		for (i = 0; i < 3; i++)
@@@ -2307,38 -2361,9 +2364,14 @@@
  		spin_unlock_irq(&current->sighand->siglock);
  	}
  
- 	/* Always clear parent death signal on SID transitions. */
- 	current->pdeath_signal = 0;
- 
- 	/* Check whether the new SID can inherit resource limits
- 	   from the old SID.  If not, reset all soft limits to
- 	   the lower of the current task's hard limit and the init
- 	   task's soft limit.  Note that the setting of hard limits
- 	   (even to lower them) can be controlled by the setrlimit
- 	   check. The inclusion of the init task's soft limit into
- 	   the computation is to avoid resetting soft limits higher
- 	   than the default soft limit for cases where the default
- 	   is lower than the hard limit, e.g. RLIMIT_CORE or
- 	   RLIMIT_STACK.*/
- 	rc = avc_has_perm(tsec->osid, tsec->sid, SECCLASS_PROCESS,
- 			  PROCESS__RLIMITINH, NULL);
- 	if (rc) {
- 		for (i = 0; i < RLIM_NLIMITS; i++) {
- 			rlim = current->signal->rlim + i;
- 			initrlim = init_task.signal->rlim+i;
- 			rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
- 		}
- 		update_rlimit_cpu(rlim->rlim_cur);
- 	}
- 
  	/* Wake up the parent if it is waiting so that it can
  	   recheck wait permission to the new task SID. */
 +	read_lock_irq(&tasklist_lock);
 +	psig = current->parent->sighand;
 +	spin_lock_irqsave(&psig->siglock, flags);
  	wake_up_interruptible(&current->parent->signal->wait_chldexit);
 +	spin_unlock_irqrestore(&psig->siglock, flags);
 +	read_unlock_irq(&tasklist_lock);
  }
  
  /* superblock security operations */
@@@ -2657,8 -2691,8 +2699,8 @@@ static int selinux_inode_permission(str
  		return 0;
  	}
  
- 	return inode_has_perm(current, inode,
+ 	return inode_has_perm(cred, inode,
 -			      open_file_mask_to_av(inode->i_mode, mask), NULL);
 +			      file_mask_to_av(inode->i_mode, mask), NULL);
  }
  
  static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
@@@ -3174,7 -3225,7 +3233,7 @@@ static int selinux_dentry_open(struct f
  	 * new inode label or new policy.
  	 * This check is not redundant - do not remove.
  	 */
- 	return inode_has_perm(current, inode, open_file_to_av(file), NULL);
 -	return inode_has_perm(cred, inode, file_to_av(file), NULL);
++	return inode_has_perm(cred, inode, open_file_to_av(file), NULL);
  }
  
  /* task security operations */

Re: linux-next: manual merge of the creds tree

[David Howells]

Stephen Rothwell <sfr@canb.auug.org.au> wrote:

>  +	read_lock_irq(&tasklist_lock);
>  +	psig = current->parent->sighand;
>  +	spin_lock_irqsave(&psig->siglock, flags);

There's no point using spin_lock_irqsave(): you've already disabled interrupts
with read_lock_irq().  Similarly:

>  +	spin_unlock_irqrestore(&psig->siglock, flags);
>  +	read_unlock_irq(&tasklist_lock);

spin_unlock_irqrestore() here is never going to re-enable interrupts.

Apart from that, it looks okay.

My tree and James's tree definitely need to meet before you see them.

David

linux-next: manual merge of the creds tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 678 bytes --]

Hi David,

Today's linux-next merge of the creds tree got a conflict in
security/selinux/hooks.c between commit
41d9f9c524a53477467b7e0111ff3d644198f191 ("SELinux: hold tasklist_lock
and siglock while waking wait_chldexit") from security-testing tree and
commit a3338909826d32d821158a6adc43ce0a1654b31d ("CRED: Make execve()
take advantage of copy-on-write credentials") from the creds tree.

I can't see how to fix this easily, so I will have to drop the tree for
today.  Please try the merge for yourself and see if you can come up with
a solution, thanks.
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

Re: linux-next: manual merge of the creds tree

[David Howells]

Stephen Rothwell <sfr@canb.auug.org.au> wrote:

> Today's linux-next merge of the creds tree got a conflict in
> security/selinux/hooks.c between commit
> 41d9f9c524a53477467b7e0111ff3d644198f191 ("SELinux: hold tasklist_lock
> and siglock while waking wait_chldexit") from security-testing tree and
> commit a3338909826d32d821158a6adc43ce0a1654b31d ("CRED: Make execve()
> take advantage of copy-on-write credentials") from the creds tree.
> 
> I can't see how to fix this easily, so I will have to drop the tree for
> today.  Please try the merge for yourself and see if you can come up with
> a solution, thanks.

James: is it worth you pulling my patches into your tree?

David

Re: linux-next: manual merge of the creds tree

[James Morris]

On Wed, 5 Nov 2008, David Howells wrote:

> 
> Stephen Rothwell <sfr@canb.auug.org.au> wrote:
> 
> > Today's linux-next merge of the creds tree got a conflict in
> > security/selinux/hooks.c between commit
> > 41d9f9c524a53477467b7e0111ff3d644198f191 ("SELinux: hold tasklist_lock
> > and siglock while waking wait_chldexit") from security-testing tree and
> > commit a3338909826d32d821158a6adc43ce0a1654b31d ("CRED: Make execve()
> > take advantage of copy-on-write credentials") from the creds tree.
> > 
> > I can't see how to fix this easily, so I will have to drop the tree for
> > today.  Please try the merge for yourself and see if you can come up with
> > a solution, thanks.
> 
> James: is it worth you pulling my patches into your tree?

Possibly after I get back from foss.my next week.  Can you tru and get 
more of the API changes into subsytem trees?

-- 
James Morris
<jmorris@namei.org>

Re: linux-next: manual merge of the creds tree

[David Howells]

James Morris <jmorris@namei.org> wrote:

> Possibly after I get back from foss.my next week.  Can you tru and get 
> more of the API changes into subsytem trees?

I can try, but you still have to carry the wrappers anyway.

I wonder if we can persuade Linus to take the wrappers now, even though it's
post merge window.

David

linux-next: manual merge of the creds tree

[Stephen Rothwell]

Hi David,

Today's linux-next merge of the creds tree got a conflict in
security/selinux/hooks.c between commit
8b6a5a37f87a414ef8636e36ec75accb27bb7508 ("SELinux: check open perms in
dentry_open not inode_permission") from the security-testing tree and
commits 7113316bdf8c9f91df7bd68ab739d9bd0f5e8efc ("CRED: Make
inode_has_perm() and file_has_perm() take a cred pointer") and
a9018998dcc1e3b4401a7f6d2050ffedbd1b64da ("CRED: Inaugurate COW
credentials") from the creds tree.

Overlapping changes.  I fixed it up (see below) and can carry the fix.
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

diff --cc security/selinux/hooks.c
index b8ad7ec,b90bbe4..0000000
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@@ -2648,8 -2689,8 +2690,8 @@@ static int selinux_inode_permission(str
  		return 0;
  	}
  
- 	return inode_has_perm(current, inode,
+ 	return inode_has_perm(cred, inode,
 -			      open_file_mask_to_av(inode->i_mode, mask), NULL);
 +			      file_mask_to_av(inode->i_mode, mask), NULL);
  }
  
  static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
@@@ -3165,7 -3223,7 +3224,7 @@@ static int selinux_dentry_open(struct f
  	 * new inode label or new policy.
  	 * This check is not redundant - do not remove.
  	 */
- 	return inode_has_perm(current, inode, open_file_to_av(file), NULL);
 -	return inode_has_perm(cred, inode, file_to_av(file), NULL);
++	return inode_has_perm(cred, inode, open_file_to_av(file), NULL);
  }
  
  /* task security operations */

Re: linux-next: manual merge of the creds tree

[David Howells]

Stephen Rothwell <sfr@canb.auug.org.au> wrote:

> - 	return inode_has_perm(current, inode,
> + 	return inode_has_perm(cred, inode,
>  -			      open_file_mask_to_av(inode->i_mode, mask), NULL);
>  +			      file_mask_to_av(inode->i_mode, mask), NULL);

...

> - 	return inode_has_perm(current, inode, open_file_to_av(file), NULL);
>  -	return inode_has_perm(cred, inode, file_to_av(file), NULL);
> ++	return inode_has_perm(cred, inode, open_file_to_av(file), NULL);

ACK.

Re: linux-next: manual merge of the creds tree

[Eric Paris]

On Fri, 2008-10-31 at 17:06 +1100, Stephen Rothwell wrote:
> Hi David,
> 
> Today's linux-next merge of the creds tree got a conflict in
> security/selinux/hooks.c between commit
> 8b6a5a37f87a414ef8636e36ec75accb27bb7508 ("SELinux: check open perms in
> dentry_open not inode_permission") from the security-testing tree and
> commits 7113316bdf8c9f91df7bd68ab739d9bd0f5e8efc ("CRED: Make
> inode_has_perm() and file_has_perm() take a cred pointer") and
> a9018998dcc1e3b4401a7f6d2050ffedbd1b64da ("CRED: Inaugurate COW
> credentials") from the creds tree.
> 
> Overlapping changes.  I fixed it up (see below) and can carry the fix.

ACK  Looks good to me, thanks.

linux-next: manual merge of the creds tree

[Stephen Rothwell]

Hi David,

Today's linux-next merge of the creds tree got conflicts in
include/linux/security.h and security/security.c between commit
731572d39fcd3498702eda4600db4c43d51e0b26 ("nfsd: fix vm overcommit
crash") from Linus' tree and commit
a3338909826d32d821158a6adc43ce0a1654b31d ("CRED: Make execve() take
advantage of copy-on-write credentials") from the creds tree.

Just overlapping additions changes. I fixed it up (see below).
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

diff --cc include/linux/security.h
index c13f1ce,438958c..0000000
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@@ -1585,13 -1561,10 +1561,11 @@@ int security_syslog(int type)
  int security_settime(struct timespec *ts, struct timezone *tz);
  int security_vm_enough_memory(long pages);
  int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
 +int security_vm_enough_memory_kern(long pages);
- int security_bprm_alloc(struct linux_binprm *bprm);
- void security_bprm_free(struct linux_binprm *bprm);
- void security_bprm_apply_creds(struct linux_binprm *bprm, int unsafe);
- void security_bprm_post_apply_creds(struct linux_binprm *bprm);
- int security_bprm_set(struct linux_binprm *bprm);
+ int security_bprm_set_creds(struct linux_binprm *bprm);
  int security_bprm_check(struct linux_binprm *bprm);
+ void security_bprm_committing_creds(struct linux_binprm *bprm);
+ void security_bprm_committed_creds(struct linux_binprm *bprm);
  int security_bprm_secureexec(struct linux_binprm *bprm);
  int security_sb_alloc(struct super_block *sb);
  void security_sb_free(struct super_block *sb);
diff --cc security/security.c
index c0acfa7,8ad807a..0000000
--- a/security/security.c
+++ b/security/security.c
@@@ -208,41 -199,24 +201,31 @@@ int security_vm_enough_memory_mm(struc
  	return security_ops->vm_enough_memory(mm, pages);
  }
  
 +int security_vm_enough_memory_kern(long pages)
 +{
 +	/* If current->mm is a kernel thread then we will pass NULL,
 +	   for this specific case that is fine */
 +	return security_ops->vm_enough_memory(current->mm, pages);
 +}
 +
- int security_bprm_alloc(struct linux_binprm *bprm)
+ int security_bprm_set_creds(struct linux_binprm *bprm)
  {
- 	return security_ops->bprm_alloc_security(bprm);
+ 	return security_ops->bprm_set_creds(bprm);
  }
  
- void security_bprm_free(struct linux_binprm *bprm)
- {
- 	security_ops->bprm_free_security(bprm);
- }
- 
- void security_bprm_apply_creds(struct linux_binprm *bprm, int unsafe)
- {
- 	security_ops->bprm_apply_creds(bprm, unsafe);
- }
- 
- void security_bprm_post_apply_creds(struct linux_binprm *bprm)
+ int security_bprm_check(struct linux_binprm *bprm)
  {
- 	security_ops->bprm_post_apply_creds(bprm);
+ 	return security_ops->bprm_check_security(bprm);
  }
  
- int security_bprm_set(struct linux_binprm *bprm)
+ void security_bprm_committing_creds(struct linux_binprm *bprm)
  {
- 	return security_ops->bprm_set_security(bprm);
+ 	return security_ops->bprm_committing_creds(bprm);
  }
  
- int security_bprm_check(struct linux_binprm *bprm)
+ void security_bprm_committed_creds(struct linux_binprm *bprm)
  {
- 	return security_ops->bprm_check_security(bprm);
+ 	return security_ops->bprm_committed_creds(bprm);
  }
  
  int security_bprm_secureexec(struct linux_binprm *bprm)

Re: linux-next: manual merge of the creds tree

[David Howells]

Stephen Rothwell <sfr@canb.auug.org.au> wrote:

> Today's linux-next merge of the creds tree got conflicts in
> include/linux/security.h and security/security.c between commit
> 731572d39fcd3498702eda4600db4c43d51e0b26 ("nfsd: fix vm overcommit
> crash") from Linus' tree and commit
> a3338909826d32d821158a6adc43ce0a1654b31d ("CRED: Make execve() take
> advantage of copy-on-write credentials") from the creds tree.
> 
> Just overlapping additions changes. I fixed it up (see below).

Looks good.  I've pushed my own version of this into my tree.

David

linux-next: manual merge of the creds tree

[Stephen Rothwell]

Hi David,

Today's linux-next merge of the creds tree got conflicts in
fs/ext4/balloc.c between commits 8c3bf8a01c005385e9be0bc992e10abfb355278c
("merge ext4_claim_free_blocks & ext4_has_free_blocks") and
a996031c87e093017c0763326a08896a3a4817f4 ("delay capable() check in
ext4_has_free_blocks()") from the ext4 tree and commit
e6396a30cfa855ccca8cc21bcd92bb40ed10619f ("CRED: Wrap task credential
accesses in the Ext4 filesystem") from the creds tree.

Overlapping change/move of code.  I fixed it up (see below) and can carry
the fix.
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

diff --cc fs/ext4/balloc.c
index 9ce2fcd,5ede818..0000000
--- a/fs/ext4/balloc.c
+++ b/fs/ext4/balloc.c
@@@ -618,19 -616,14 +618,19 @@@ int ext4_has_free_blocks(struct ext4_sb
  		}
  	}
  	/* Check whether we have space after
 -	 * accounting for current dirty blocks
 +	 * accounting for current dirty blocks & root reserved blocks.
  	 */
 -	if (free_blocks < ((root_blocks + nblocks) + dirty_blocks))
 -		/* we don't have free space */
 -		return -ENOSPC;
 +	if (free_blocks >= ((root_blocks + nblocks) + dirty_blocks))
 +		return 1;
 +
 +	/* Hm, nope.  Are (enough) root reserved blocks available? */
- 	if (sbi->s_resuid == current->fsuid ||
++	if (sbi->s_resuid == current_fsuid() ||
 +	    ((sbi->s_resgid != 0) && in_group_p(sbi->s_resgid)) ||
 +	    capable(CAP_SYS_RESOURCE)) {
 +		if (free_blocks >= (nblocks + dirty_blocks))
 +			return 1;
 +	}
  
 -	/* Add the blocks to nblocks */
 -	percpu_counter_add(dbc, nblocks);
  	return 0;
  }
  

Re: linux-next: manual merge of the creds tree

[David Howells]

Stephen Rothwell <sfr@canb.auug.org.au> wrote:

> - 	if (sbi->s_resuid == current->fsuid ||
> ++	if (sbi->s_resuid == current_fsuid() ||

ACK.

Re: linux-next: manual merge of the creds tree

[Eric Sandeen]

Stephen Rothwell wrote:
> Hi David,
> 
> Today's linux-next merge of the creds tree got conflicts in
> fs/ext4/balloc.c between commits 8c3bf8a01c005385e9be0bc992e10abfb355278c
> ("merge ext4_claim_free_blocks & ext4_has_free_blocks") and
> a996031c87e093017c0763326a08896a3a4817f4 ("delay capable() check in
> ext4_has_free_blocks()") from the ext4 tree and commit
> e6396a30cfa855ccca8cc21bcd92bb40ed10619f ("CRED: Wrap task credential
> accesses in the Ext4 filesystem") from the creds tree.
> 
> Overlapping change/move of code.  I fixed it up (see below) and can carry
> the fix.

Looks fine, thanks.

-Eric

linux-next: manual merge of the creds tree

[Stephen Rothwell]

Hi David,

Today's linux-next merge of the creds tree got conflicts in
fs/xfs/linux-2.6/xfs_cred.h, fs/xfs/linux-2.6/xfs_globals.h and
fs/xfs/xfs_vnodeops.h between commit
959f0f5b48d25a478694e04d024cd1ca681ea4bf ("[XFS] kill sys_cred") from the
xfs tree and commit 3634a8a33b2cd7296e265d01d606b58c22b6a557 ("CRED:
Separate task security context from task_struct") from the creds tree.

The former mostly removed what the latter changed.  I fixed it up (see
below - I just removed the "extern cred_t *sys_cred;" from xfs_globals.h
and the cred_t arguments to xfs_setattr and xfs_change_file_space in
xfs_vnodeops.h) and can carry the fix.
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

diff --cc fs/xfs/linux-2.6/xfs_cred.h
index 98da219,8c022cd..0000000
--- a/fs/xfs/linux-2.6/xfs_cred.h
+++ b/fs/xfs/linux-2.6/xfs_cred.h
@@@ -23,8 -23,14 +23,6 @@@
  /*
   * Credentials
   */
- typedef struct cred {
- 	/* EMPTY */
- } cred_t;
+ typedef const struct cred cred_t;
  
 -extern cred_t *sys_cred;
 -
 -/* this is a hack.. (assumes sys_cred is the only cred_t in the system) */
 -static inline int capable_cred(cred_t *cr, int cid)
 -{
 -	return (cr == sys_cred) ? 1 : capable(cid);
 -}
 -
  #endif  /* __XFS_CRED_H__ */

Re: linux-next: manual merge of the creds tree

[Christoph Hellwig]

On Thu, Oct 30, 2008 at 03:47:41PM +1100, Stephen Rothwell wrote:
> Hi David,
> 
> Today's linux-next merge of the creds tree got conflicts in
> fs/xfs/linux-2.6/xfs_cred.h, fs/xfs/linux-2.6/xfs_globals.h and
> fs/xfs/xfs_vnodeops.h between commit
> 959f0f5b48d25a478694e04d024cd1ca681ea4bf ("[XFS] kill sys_cred") from the
> xfs tree and commit 3634a8a33b2cd7296e265d01d606b58c22b6a557 ("CRED:
> Separate task security context from task_struct") from the creds tree.
> 
> The former mostly removed what the latter changed.  I fixed it up (see
> below - I just removed the "extern cred_t *sys_cred;" from xfs_globals.h
> and the cred_t arguments to xfs_setattr and xfs_change_file_space in
> xfs_vnodeops.h) and can carry the fix.
> -- 
> Cheers,
> Stephen Rothwell                    sfr@canb.auug.org.au
> http://www.canb.auug.org.au/~sfr/
> 
> diff --cc fs/xfs/linux-2.6/xfs_cred.h
> index 98da219,8c022cd..0000000
> --- a/fs/xfs/linux-2.6/xfs_cred.h
> +++ b/fs/xfs/linux-2.6/xfs_cred.h
> @@@ -23,8 -23,14 +23,6 @@@
>   /*
>    * Credentials
>    */
> - typedef struct cred {
> - 	/* EMPTY */
> - } cred_t;
> + typedef const struct cred cred_t;
>   
>  -extern cred_t *sys_cred;
>  -
>  -/* this is a hack.. (assumes sys_cred is the only cred_t in the system) */
>  -static inline int capable_cred(cred_t *cr, int cid)
>  -{
>  -	return (cr == sys_cred) ? 1 : capable(cid);
>  -}

Looks good - eventually we'll kill the cred_t type, too.

Re: linux-next: manual merge of the creds tree

[David Howells]

Hi Christoph,

Could you pull my XFS wrapper patch into the XFS tree?  That might make things
easier for Stephen.  The prerequisite patch is already upstream.  Now if only
Linus would take the rest of it.

David
---
From: David Howells <dhowells@redhat.com>

CRED: Wrap task credential accesses in the XFS filesystem

Wrap access to task credentials so that they can be separated more easily from
the task_struct during the introduction of COW creds.

Change most current->(|e|s|fs)[ug]id to current_(|e|s|fs)[ug]id().

Change some task->e?[ug]id to task_e?[ug]id().  In some places it makes more
sense to use RCU directly rather than a convenient wrapper; these will be
addressed by later patches.

Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Cc: xfs@oss.sgi.com
---

 fs/xfs/linux-2.6/xfs_cred.h  |    2 +-
 fs/xfs/linux-2.6/xfs_ioctl.c |    2 +-
 fs/xfs/xfs_acl.c             |    6 +++---
 3 files changed, 5 insertions(+), 5 deletions(-)


diff --git a/fs/xfs/linux-2.6/xfs_cred.h b/fs/xfs/linux-2.6/xfs_cred.h
index 652721c..293043a 100644
--- a/fs/xfs/linux-2.6/xfs_cred.h
+++ b/fs/xfs/linux-2.6/xfs_cred.h
@@ -24,7 +24,7 @@
  * Credentials
  */
 typedef struct cred {
-	/* EMPTY */
+       /* EMPTY */
 } cred_t;
 
 extern struct cred *sys_cred;
diff --git a/fs/xfs/linux-2.6/xfs_ioctl.c b/fs/xfs/linux-2.6/xfs_ioctl.c
index d3438c7..67c72ae 100644
--- a/fs/xfs/linux-2.6/xfs_ioctl.c
+++ b/fs/xfs/linux-2.6/xfs_ioctl.c
@@ -1007,7 +1007,7 @@ xfs_ioctl_setattr(
 	 * to the file owner ID, except in cases where the
 	 * CAP_FSETID capability is applicable.
 	 */
-	if (current->fsuid != ip->i_d.di_uid && !capable(CAP_FOWNER)) {
+	if (current_fsuid() != ip->i_d.di_uid && !capable(CAP_FOWNER)) {
 		code = XFS_ERROR(EPERM);
 		goto error_return;
 	}
diff --git a/fs/xfs/xfs_acl.c b/fs/xfs/xfs_acl.c
index b2f639a..91d6933 100644
--- a/fs/xfs/xfs_acl.c
+++ b/fs/xfs/xfs_acl.c
@@ -366,7 +366,7 @@ xfs_acl_allow_set(
 		return ENOTDIR;
 	if (vp->i_sb->s_flags & MS_RDONLY)
 		return EROFS;
-	if (XFS_I(vp)->i_d.di_uid != current->fsuid && !capable(CAP_FOWNER))
+	if (XFS_I(vp)->i_d.di_uid != current_fsuid() && !capable(CAP_FOWNER))
 		return EPERM;
 	return 0;
 }
@@ -413,13 +413,13 @@ xfs_acl_access(
 		switch (fap->acl_entry[i].ae_tag) {
 		case ACL_USER_OBJ:
 			seen_userobj = 1;
-			if (fuid != current->fsuid)
+			if (fuid != current_fsuid())
 				continue;
 			matched.ae_tag = ACL_USER_OBJ;
 			matched.ae_perm = allows;
 			break;
 		case ACL_USER:
-			if (fap->acl_entry[i].ae_id != current->fsuid)
+			if (fap->acl_entry[i].ae_id != current_fsuid())
 				continue;
 			matched.ae_tag = ACL_USER;
 			matched.ae_perm = allows;

Re: linux-next: manual merge of the creds tree

[Christoph Hellwig]

On Thu, Oct 30, 2008 at 10:14:07AM +0000, David Howells wrote:
> 
> Hi Christoph,
> 
> Could you pull my XFS wrapper patch into the XFS tree?  That might make things
> easier for Stephen.  The prerequisite patch is already upstream.  Now if only
> Linus would take the rest of it.

I can't put anything in the XFS tree.

Re: linux-next: manual merge of the creds tree

[Lachlan McIlroy]

Christoph Hellwig wrote:
> On Thu, Oct 30, 2008 at 10:14:07AM +0000, David Howells wrote:
>> Hi Christoph,
>>
>> Could you pull my XFS wrapper patch into the XFS tree?  That might make things
>> easier for Stephen.  The prerequisite patch is already upstream.  Now if only
>> Linus would take the rest of it.
> 
> I can't put anything in the XFS tree.
> 

I can.  It's in.

Re: linux-next: manual merge of the creds tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 598 bytes --]

Hi Lachlan,

On Fri, 31 Oct 2008 11:55:29 +1100 Lachlan McIlroy <lachlan@sgi.com> wrote:
>
> Christoph Hellwig wrote:
> > On Thu, Oct 30, 2008 at 10:14:07AM +0000, David Howells wrote:
> >>
> >> Could you pull my XFS wrapper patch into the XFS tree?  That might make things
> >> easier for Stephen.  The prerequisite patch is already upstream.  Now if only
> >> Linus would take the rest of it.
> > 
> > I can't put anything in the XFS tree.
> 
> I can.  It's in.

Thanks.

-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

Re: linux-next: manual merge of the creds tree

[David Howells]

Lachlan McIlroy <lachlan@sgi.com> wrote:

> > I can't put anything in the XFS tree.
> >
> 
> I can.  It's in.

Thanks!

David

Re: linux-next: manual merge of the creds tree

[David Howells]

Christoph Hellwig <hch@infradead.org> wrote:

> I can't put anything in the XFS tree.

Okay.

Re: linux-next: manual merge of the creds tree

[David Howells]

Stephen Rothwell <sfr@canb.auug.org.au> wrote:

> Today's linux-next merge of the creds tree got conflicts in
> fs/xfs/linux-2.6/xfs_cred.h, fs/xfs/linux-2.6/xfs_globals.h and
> fs/xfs/xfs_vnodeops.h between commit
> 959f0f5b48d25a478694e04d024cd1ca681ea4bf ("[XFS] kill sys_cred") from the
> xfs tree and commit 3634a8a33b2cd7296e265d01d606b58c22b6a557 ("CRED:
> Separate task security context from task_struct") from the creds tree.
> 
> The former mostly removed what the latter changed.  I fixed it up (see
> below - I just removed the "extern cred_t *sys_cred;" from xfs_globals.h
> and the cred_t arguments to xfs_setattr and xfs_change_file_space in
> xfs_vnodeops.h) and can carry the fix.

ACK.

David

Re: linux-next: manual merge of the creds tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 1043 bytes --]

Hi David,

On Thu, 30 Oct 2008 15:47:41 +1100 Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>
> Today's linux-next merge of the creds tree got conflicts in
> fs/xfs/linux-2.6/xfs_cred.h, fs/xfs/linux-2.6/xfs_globals.h and
> fs/xfs/xfs_vnodeops.h between commit
> 959f0f5b48d25a478694e04d024cd1ca681ea4bf ("[XFS] kill sys_cred") from the
> xfs tree and commit 3634a8a33b2cd7296e265d01d606b58c22b6a557 ("CRED:
> Separate task security context from task_struct") from the creds tree.
> 
> The former mostly removed what the latter changed.  I fixed it up (see
> below - I just removed the "extern cred_t *sys_cred;" from xfs_globals.h
> and the cred_t arguments to xfs_setattr and xfs_change_file_space in
> xfs_vnodeops.h) and can carry the fix.

These conflicts are now between the xfs tree and Linus' tree and so could
be sorted out by merging Linus' tree into the xfs tree before asking
Linus to pull the xfs tree.
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

linux-next: manual merge of the creds tree

[Stephen Rothwell]

Hi David,

Today's linux-next merge of the creds tree got a conflict in mm/migrate.c
between commit sys_move_pages ("mm: extract do_pages_move() out of
sys_move_pages()") from Linus' tree and commits
b76546e8e9ac10969037c4866fcc44716e66eef8 ("CRED: Wrap task credential
accesses in the core kernel"), 12da5768699059a4fe96080df5fa4e6d0e73a9ba
("CRED: Separate task security context from task_struct") and
e3c5b08cf35d6e1913789255e0755dfb46cc0807 ("CRED: Use RCU to access
another task's creds and to release a task's own creds") from the creds
tree.

I think I fixed it up (see below).
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

diff --cc mm/migrate.c
index 13c3019,ad44478..0000000
--- a/mm/migrate.c
+++ b/mm/migrate.c
@@@ -1045,9 -984,13 +1045,10 @@@ asmlinkage long sys_move_pages(pid_t pi
  			const int __user *nodes,
  			int __user *status, int flags)
  {
+ 	const struct cred *cred = current_cred(), *tcred;
 -	int err = 0;
 -	int i;
  	struct task_struct *task;
 -	nodemask_t task_nodes;
  	struct mm_struct *mm;
 -	struct page_to_node *pm = NULL;
 +	int err;
  
  	/* Check flags */
  	if (flags & ~(MPOL_MF_MOVE|MPOL_MF_MOVE_ALL))
@@@ -1075,12 -1018,16 +1076,16 @@@
  	 * capabilities, superuser privileges or the same
  	 * userid as the target process.
  	 */
- 	if ((current->euid != task->suid) && (current->euid != task->uid) &&
- 	    (current->uid != task->suid) && (current->uid != task->uid) &&
+ 	rcu_read_lock();
+ 	tcred = __task_cred(task);
+ 	if (cred->euid != tcred->suid && cred->euid != tcred->uid &&
+ 	    cred->uid  != tcred->suid && cred->uid  != tcred->uid &&
  	    !capable(CAP_SYS_NICE)) {
+ 		rcu_read_unlock();
  		err = -EPERM;
 -		goto out2;
 +		goto out;
  	}
+ 	rcu_read_unlock();
  
   	err = security_task_movememory(task);
   	if (err)

Re: linux-next: manual merge of the creds tree

[David Howells]

Stephen Rothwell <sfr@canb.auug.org.au> wrote:

> Today's linux-next merge of the creds tree got a conflict in mm/migrate.c
> between commit sys_move_pages ("mm: extract do_pages_move() out of
> sys_move_pages()") from Linus' tree and commits
> b76546e8e9ac10969037c4866fcc44716e66eef8 ("CRED: Wrap task credential
> accesses in the core kernel"), 12da5768699059a4fe96080df5fa4e6d0e73a9ba
> ("CRED: Separate task security context from task_struct") and
> e3c5b08cf35d6e1913789255e0755dfb46cc0807 ("CRED: Use RCU to access
> another task's creds and to release a task's own creds") from the creds
> tree.

ACK.

David

linux-next: manual merge of the creds tree

[Stephen Rothwell]

Hi David,

Today's linux-next merge of the creds tree got a conflict in
fs/devpts/inode.c between commit c7d2a0f75f034faef7e6504f6f8ea3ec87b324c2
("pty-per-mount-config") from ttydev tree and commit
955472187492d73580a4c4c65d5d6b1f8a603f58 ("CRED: Wrap task credential
accesses in the devpts filesystem") from the creds tree.

Just overlapping changes.  I fixed it up (see below) and can carry the fix.
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

diff --cc fs/devpts/inode.c
index 5006485,5d61b7c..0000000
--- a/fs/devpts/inode.c
+++ b/fs/devpts/inode.c
@@@ -594,11 -221,11 +594,11 @@@ int devpts_pty_new(struct inode *ptmx_i
  	if (!inode)
  		return -ENOMEM;
  
 -	inode->i_ino = number+2;
 -	inode->i_uid = config.setuid ? config.uid : current_fsuid();
 -	inode->i_gid = config.setgid ? config.gid : current_fsgid();
 +	inode->i_ino = number+3;
- 	inode->i_uid = opts->setuid ? opts->uid : current->fsuid;
- 	inode->i_gid = opts->setgid ? opts->gid : current->fsgid;
++	inode->i_uid = opts->setuid ? opts->uid : current_fsuid();
++	inode->i_gid = opts->setgid ? opts->gid : current_fsgid();
  	inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
 -	init_special_inode(inode, S_IFCHR|config.mode, device);
 +	init_special_inode(inode, S_IFCHR|opts->mode, device);
  	inode->i_private = tty;
  	tty->driver_data = inode;
  

Re: linux-next: manual merge of the creds tree

[David Howells]

Stephen Rothwell <sfr@canb.auug.org.au> wrote:

> - 	inode->i_uid = opts->setuid ? opts->uid : current->fsuid;
> - 	inode->i_gid = opts->setgid ? opts->gid : current->fsgid;
> ++	inode->i_uid = opts->setuid ? opts->uid : current_fsuid();
> ++	inode->i_gid = opts->setgid ? opts->gid : current_fsgid();

ACK.

linux-next: manual merge of the creds tree

[Stephen Rothwell]

Hi David,

Today's linux-next merge of the creds tree got a conflict in
include/linux/binfmts.h between commits
53112488bebe25c0f5f8a002470046c0fe9a6c61 ("alpha: introduce field 'taso'
into struct linux_binprm") and bf2a9a39639b8b51377905397a5005f444e9a892
("Allow recursion in binfmt_script and binfmt_misc") from Linus' tree and
commit e87a7f7a60e07326cd18987f1d490e42c083792c ("CRED: Make execve()
take advantage of copy-on-write credentials") from the creds tree.

Just context changes.  I fixed it up (see below).
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

diff --cc include/linux/binfmts.h
index 7394b5b,26f9c1b..0000000
--- a/include/linux/binfmts.h
+++ b/include/linux/binfmts.h
@@@ -35,16 -35,16 +35,20 @@@ struct linux_binprm
  	struct mm_struct *mm;
  	unsigned long p; /* current top of mem */
  	unsigned int sh_bang:1,
- 		     misc_bang:1;
+ 		misc_bang:1,
+ 		cred_prepared:1,/* true if creds already prepared (multiple
+ 				 * preps happen for interpreters) */
+ 		cap_effective:1;/* true if has elevated effective capabilities,
+ 				 * false if not; except for init which inherits
+ 				 * its parent's caps anyway */
 +#ifdef __alpha__
 +	unsigned int taso:1;
 +#endif
 +	unsigned int recursion_depth;
  	struct file * file;
- 	int e_uid, e_gid;
- 	kernel_cap_t cap_post_exec_permitted;
- 	bool cap_effective;
- 	void *security;
+ 	struct cred *cred;	/* new credentials */
+ 	int unsafe;		/* how unsafe this exec is (mask of LSM_UNSAFE_*) */
+ 	unsigned int per_clear;	/* bits to clear in current->personality */
  	int argc, envc;
  	char * filename;	/* Name of binary as seen by procps */
  	char * interp;		/* Name of the binary really executed. Most

Re: linux-next: manual merge of the creds tree

[David Howells]

Stephen Rothwell <sfr@canb.auug.org.au> wrote:

> Today's linux-next merge of the creds tree got a conflict in
> include/linux/binfmts.h between commits
> 53112488bebe25c0f5f8a002470046c0fe9a6c61 ("alpha: introduce field 'taso'
> into struct linux_binprm") and bf2a9a39639b8b51377905397a5005f444e9a892
> ("Allow recursion in binfmt_script and binfmt_misc") from Linus' tree and
> commit e87a7f7a60e07326cd18987f1d490e42c083792c ("CRED: Make execve()
> take advantage of copy-on-write credentials") from the creds tree.

ACK.

Re: linux-next: manual merge of the creds tree

[Kirill A. Shutemov]

[-- Attachment #1: Type: text/plain, Size: 728 bytes --]

On Fri, Oct 17, 2008 at 05:13:50PM +1100, Stephen Rothwell wrote:
> Hi David,
> 
> Today's linux-next merge of the creds tree got a conflict in
> include/linux/binfmts.h between commits
> 53112488bebe25c0f5f8a002470046c0fe9a6c61 ("alpha: introduce field 'taso'
> into struct linux_binprm") and bf2a9a39639b8b51377905397a5005f444e9a892
> ("Allow recursion in binfmt_script and binfmt_misc") from Linus' tree and
> commit e87a7f7a60e07326cd18987f1d490e42c083792c ("CRED: Make execve()
> take advantage of copy-on-write credentials") from the creds tree.
> 
> Just context changes.  I fixed it up (see below).

Ack.

-- 
Regards,  Kirill A. Shutemov
 + Belarus, Minsk
 + ALT Linux Team, http://www.altlinux.com/

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 197 bytes --]

linux-next: manual merge of the creds tree

[Stephen Rothwell]

Hi David,

Today's linux-next merge of the creds tree got a conflict in
fs/binfmt_elf_fdpic.c between commit
5edc2a5123a7c3d9bcb19ffcf3b91e8d6c246092 ("binfmt_elf_fdpic: wire up
AT_EXECFD, AT_EXECFN, AT_SECURE") from Linus' tree and commit
4865969c64ed7e911fae4e6a275e65789806f823 ("CRED: Wrap current->cred and a
few other accessors") from the creds tree.

Just context changes.  I fixed it up (see below).
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

diff --cc fs/binfmt_elf_fdpic.c
index 0e8367c,83a55ef..0000000
--- a/fs/binfmt_elf_fdpic.c
+++ b/fs/binfmt_elf_fdpic.c
@@@ -477,9 -465,10 +477,10 @@@ static int create_elf_fdpic_tables(stru
  {
  	unsigned long sp, csp, nitems;
  	elf_caddr_t __user *argv, *envp;
+ 	const struct cred *cred = current_cred();
  	size_t platform_len = 0, len;
 -	char *k_platform;
 -	char __user *u_platform, *p;
 +	char *k_platform, *k_base_platform;
 +	char __user *u_platform, *u_base_platform, *p;
  	long hwcap;
  	int loop;
  	int nr;	/* reset for each csp adjustment */
@@@ -623,12 -587,10 +624,12 @@@
  	NEW_AUX_ENT(AT_BASE,	interp_params->elfhdr_addr);
  	NEW_AUX_ENT(AT_FLAGS,	0);
  	NEW_AUX_ENT(AT_ENTRY,	exec_params->entry_addr);
- 	NEW_AUX_ENT(AT_UID,	(elf_addr_t) current->uid);
- 	NEW_AUX_ENT(AT_EUID,	(elf_addr_t) current->euid);
- 	NEW_AUX_ENT(AT_GID,	(elf_addr_t) current->gid);
- 	NEW_AUX_ENT(AT_EGID,	(elf_addr_t) current->egid);
+ 	NEW_AUX_ENT(AT_UID,	(elf_addr_t) cred->uid);
+ 	NEW_AUX_ENT(AT_EUID,	(elf_addr_t) cred->euid);
+ 	NEW_AUX_ENT(AT_GID,	(elf_addr_t) cred->gid);
+ 	NEW_AUX_ENT(AT_EGID,	(elf_addr_t) cred->egid);
 +	NEW_AUX_ENT(AT_SECURE,	security_bprm_secureexec(bprm));
 +	NEW_AUX_ENT(AT_EXECFN,	bprm->exec);
  
  #ifdef ARCH_DLINFO
  	nr = 0;

Re: linux-next: manual merge of the creds tree

[David Howells]

Stephen Rothwell <sfr@canb.auug.org.au> wrote:

> Today's linux-next merge of the creds tree got a conflict in
> fs/binfmt_elf_fdpic.c between commit
> 5edc2a5123a7c3d9bcb19ffcf3b91e8d6c246092 ("binfmt_elf_fdpic: wire up
> AT_EXECFD, AT_EXECFN, AT_SECURE") from Linus' tree and commit
> 4865969c64ed7e911fae4e6a275e65789806f823 ("CRED: Wrap current->cred and a
> few other accessors") from the creds tree.

ACK.

linux-next: manual merge of the creds tree

[Stephen Rothwell]

Hi David,

Today's linux-next merge of the creds tree got a conflict in
security/selinux/hooks.c between commit
f06febc96ba8e0af80bcc3eaec0a109e88275fac ("timers: fix itimer/many thread
hang") from the timers tree and commit
e87a7f7a60e07326cd18987f1d490e42c083792c ("CRED: Make execve() take
advantage of copy-on-write credentials") from the creds tree.

I think I fixed it up right (see below).
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

diff --cc security/selinux/hooks.c
index 3e3fde7,dffd963..0000000
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@@ -2202,59 -2276,53 +2277,46 @@@ static inline void flush_unauthorized_f
  	spin_unlock(&files->file_lock);
  }
  
- static void selinux_bprm_apply_creds(struct linux_binprm *bprm, int unsafe)
+ /*
+  * Prepare a process for imminent new credential changes due to exec
+  */
+ static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
  {
- 	struct task_security_struct *tsec;
- 	struct bprm_security_struct *bsec;
- 	u32 sid;
- 	int rc;
- 
- 	secondary_ops->bprm_apply_creds(bprm, unsafe);
- 
- 	tsec = current->security;
+ 	struct task_security_struct *new_tsec;
+ 	struct rlimit *rlim, *initrlim;
+ 	int rc, i;
  
- 	bsec = bprm->security;
- 	sid = bsec->sid;
+ 	secondary_ops->bprm_committing_creds(bprm);
  
- 	tsec->osid = tsec->sid;
- 	bsec->unsafe = 0;
- 	if (tsec->sid != sid) {
- 		/* Check for shared state.  If not ok, leave SID
- 		   unchanged and kill. */
- 		if (unsafe & LSM_UNSAFE_SHARE) {
- 			rc = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
- 					PROCESS__SHARE, NULL);
- 			if (rc) {
- 				bsec->unsafe = 1;
- 				return;
- 			}
- 		}
+ 	new_tsec = bprm->cred->security;
+ 	if (new_tsec->sid == new_tsec->osid)
+ 		return;
  
- 		/* Check for ptracing, and update the task SID if ok.
- 		   Otherwise, leave SID unchanged and kill. */
- 		if (unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
- 			struct task_struct *tracer;
- 			struct task_security_struct *sec;
- 			u32 ptsid = 0;
+ 	/* Close files for which the new task SID is not authorized. */
+ 	flush_unauthorized_files(bprm->cred, current->files);
  
- 			rcu_read_lock();
- 			tracer = tracehook_tracer_task(current);
- 			if (likely(tracer != NULL)) {
- 				sec = tracer->security;
- 				ptsid = sec->sid;
- 			}
- 			rcu_read_unlock();
+ 	/* Always clear parent death signal on SID transitions. */
+ 	current->pdeath_signal = 0;
  
- 			if (ptsid != 0) {
- 				rc = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,
- 						  PROCESS__PTRACE, NULL);
- 				if (rc) {
- 					bsec->unsafe = 1;
- 					return;
- 				}
- 			}
+ 	/* Check whether the new SID can inherit resource limits from the old
+ 	 * SID.  If not, reset all soft limits to the lower of the current
+ 	 * task's hard limit and the init task's soft limit.
+ 	 *
+ 	 * Note that the setting of hard limits (even to lower them) can be
+ 	 * controlled by the setrlimit check.  The inclusion of the init task's
+ 	 * soft limit into the computation is to avoid resetting soft limits
+ 	 * higher than the default soft limit for cases where the default is
+ 	 * lower than the hard limit, e.g. RLIMIT_CORE or RLIMIT_STACK.
+ 	 */
+ 	rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
+ 			  PROCESS__RLIMITINH, NULL);
+ 	if (rc) {
+ 		for (i = 0; i < RLIM_NLIMITS; i++) {
+ 			rlim = current->signal->rlim + i;
+ 			initrlim = init_task.signal->rlim+i;
+ 			rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
  		}
- 		tsec->sid = sid;
 -
 -		if (current->signal->rlim[RLIMIT_CPU].rlim_cur != RLIM_INFINITY) {
 -			/*
 -			 * This will cause RLIMIT_CPU calculations to be
 -			 * refigured.
 -			 */
 -			current->it_prof_expires = jiffies_to_cputime(1);
 -		}
++		update_rlimit_cpu(rlim->rlim_cur);
  	}
  }
  

Re: linux-next: manual merge of the creds tree

[David Howells]

Stephen Rothwell <sfr@canb.auug.org.au> wrote:

>   		}
> - 		tsec->sid = sid;
>  -
>  -		if (current->signal->rlim[RLIMIT_CPU].rlim_cur != RLIM_INFINITY) {
>  -			/*
>  -			 * This will cause RLIMIT_CPU calculations to be
>  -			 * refigured.
>  -			 */
>  -			current->it_prof_expires = jiffies_to_cputime(1);
>  -		}
> ++		update_rlimit_cpu(rlim->rlim_cur);

ACK, though I'd personally leave the blank line after the closing curly at the
end of the for-loop.  That's a very minor matter, though, so don't worry too
much about it.

David

linux-next: manual merge of the creds tree

[Stephen Rothwell]

Hi David,

Today's linux-next merge of the creds tree got a conflict in
net/9p/client.c between commit a3f01212456501bfc94fea289aaaee26c28f9833
("9p: remove unnecessary prototypes") from the v9fs tree and commit
1ce149d4dcc74288936d347870d34b1781a49fad ("CRED: Wrap task credential
accesses in 9P2000 filesystem") from the creds tree.

The former moved the code that the latter was changing.  I fixed it up
(see below).
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

diff --cc net/9p/client.c
index 1807ace,aee892e..0000000
--- a/net/9p/client.c
+++ b/net/9p/client.c
@@@ -124,578 -124,20 +124,578 @@@ static int parse_opts(char *opts, struc
  	return ret;
  }
  
 +/**
 + * p9_tag_alloc - lookup/allocate a request by tag
 + * @c: client session to lookup tag within
 + * @tag: numeric id for transaction
 + *
 + * this is a simple array lookup, but will grow the
 + * request_slots as necessary to accomodate transaction
 + * ids which did not previously have a slot.
 + *
 + * this code relies on the client spinlock to manage locks, its
 + * possible we should switch to something else, but I'd rather
 + * stick with something low-overhead for the common case.
 + *
 + */
 +
 +static struct p9_req_t *p9_tag_alloc(struct p9_client *c, u16 tag)
 +{
 +	unsigned long flags;
 +	int row, col;
 +	struct p9_req_t *req;
 +
 +	/* This looks up the original request by tag so we know which
 +	 * buffer to read the data into */
 +	tag++;
 +
 +	if (tag >= c->max_tag) {
 +		spin_lock_irqsave(&c->lock, flags);
 +		/* check again since original check was outside of lock */
 +		while (tag >= c->max_tag) {
 +			row = (tag / P9_ROW_MAXTAG);
 +			c->reqs[row] = kcalloc(P9_ROW_MAXTAG,
 +					sizeof(struct p9_req_t), GFP_ATOMIC);
 +
 +			if (!c->reqs[row]) {
 +				printk(KERN_ERR "Couldn't grow tag array\n");
 +				return ERR_PTR(-ENOMEM);
 +			}
 +			for (col = 0; col < P9_ROW_MAXTAG; col++) {
 +				c->reqs[row][col].status = REQ_STATUS_IDLE;
 +				c->reqs[row][col].tc = NULL;
 +			}
 +			c->max_tag += P9_ROW_MAXTAG;
 +		}
 +		spin_unlock_irqrestore(&c->lock, flags);
 +	}
 +	row = tag / P9_ROW_MAXTAG;
 +	col = tag % P9_ROW_MAXTAG;
 +
 +	req = &c->reqs[row][col];
 +	if (!req->tc) {
 +		req->wq = kmalloc(sizeof(wait_queue_head_t), GFP_KERNEL);
 +		if (!req->wq) {
 +			printk(KERN_ERR "Couldn't grow tag array\n");
 +			return ERR_PTR(-ENOMEM);
 +		}
 +		init_waitqueue_head(req->wq);
 +		req->tc = kmalloc(sizeof(struct p9_fcall)+c->msize,
 +								GFP_KERNEL);
 +		req->rc = kmalloc(sizeof(struct p9_fcall)+c->msize,
 +								GFP_KERNEL);
 +		if ((!req->tc) || (!req->rc)) {
 +			printk(KERN_ERR "Couldn't grow tag array\n");
 +			kfree(req->tc);
 +			kfree(req->rc);
 +			return ERR_PTR(-ENOMEM);
 +		}
 +		req->tc->sdata = (char *) req->tc + sizeof(struct p9_fcall);
 +		req->tc->capacity = c->msize;
 +		req->rc->sdata = (char *) req->rc + sizeof(struct p9_fcall);
 +		req->rc->capacity = c->msize;
 +	}
 +
 +	p9pdu_reset(req->tc);
 +	p9pdu_reset(req->rc);
 +
 +	req->flush_tag = 0;
 +	req->tc->tag = tag-1;
 +	req->status = REQ_STATUS_ALLOC;
 +
 +	return &c->reqs[row][col];
 +}
 +
 +/**
 + * p9_tag_lookup - lookup a request by tag
 + * @c: client session to lookup tag within
 + * @tag: numeric id for transaction
 + *
 + */
 +
 +struct p9_req_t *p9_tag_lookup(struct p9_client *c, u16 tag)
 +{
 +	int row, col;
 +
 +	/* This looks up the original request by tag so we know which
 +	 * buffer to read the data into */
 +	tag++;
 +
 +	BUG_ON(tag >= c->max_tag);
 +
 +	row = tag / P9_ROW_MAXTAG;
 +	col = tag % P9_ROW_MAXTAG;
 +
 +	return &c->reqs[row][col];
 +}
 +EXPORT_SYMBOL(p9_tag_lookup);
 +
 +/**
 + * p9_tag_init - setup tags structure and contents
 + * @tags: tags structure from the client struct
 + *
 + * This initializes the tags structure for each client instance.
 + *
 + */
 +
 +static int p9_tag_init(struct p9_client *c)
 +{
 +	int err = 0;
 +
 +	c->tagpool = p9_idpool_create();
 +	if (IS_ERR(c->tagpool)) {
 +		err = PTR_ERR(c->tagpool);
 +		c->tagpool = NULL;
 +		goto error;
 +	}
 +
 +	p9_idpool_get(c->tagpool); /* reserve tag 0 */
 +
 +	c->max_tag = 0;
 +error:
 +	return err;
 +}
  
  /**
 - * p9_client_rpc - sends 9P request and waits until a response is available.
 - *      The function can be interrupted.
 - * @c: client data
 - * @tc: request to be sent
 - * @rc: pointer where a pointer to the response is stored
 + * p9_tag_cleanup - cleans up tags structure and reclaims resources
 + * @tags: tags structure from the client struct
 + *
 + * This frees resources associated with the tags structure
 + *
   */
 +static void p9_tag_cleanup(struct p9_client *c)
 +{
 +	int row, col;
 +
 +	/* check to insure all requests are idle */
 +	for (row = 0; row < (c->max_tag/P9_ROW_MAXTAG); row++) {
 +		for (col = 0; col < P9_ROW_MAXTAG; col++) {
 +			if (c->reqs[row][col].status != REQ_STATUS_IDLE) {
 +				P9_DPRINTK(P9_DEBUG_MUX,
 +				  "Attempting to cleanup non-free tag %d,%d\n",
 +				  row, col);
 +				/* TODO: delay execution of cleanup */
 +				return;
 +			}
 +		}
 +	}
 +
 +	if (c->tagpool)
 +		p9_idpool_destroy(c->tagpool);
 +
 +	/* free requests associated with tags */
 +	for (row = 0; row < (c->max_tag/P9_ROW_MAXTAG); row++) {
 +		for (col = 0; col < P9_ROW_MAXTAG; col++) {
 +			kfree(c->reqs[row][col].wq);
 +			kfree(c->reqs[row][col].tc);
 +			kfree(c->reqs[row][col].rc);
 +		}
 +		kfree(c->reqs[row]);
 +	}
 +	c->max_tag = 0;
 +}
 +
 +/**
 + * p9_free_req - free a request and clean-up as necessary
 + * c: client state
 + * r: request to release
 + *
 + */
 +
 +static void p9_free_req(struct p9_client *c, struct p9_req_t *r)
 +{
 +	int tag = r->tc->tag;
 +	P9_DPRINTK(P9_DEBUG_MUX, "clnt %p req %p tag: %d\n", c, r, tag);
 +
 +	r->status = REQ_STATUS_IDLE;
 +	if (tag != P9_NOTAG && p9_idpool_check(tag, c->tagpool))
 +		p9_idpool_put(tag, c->tagpool);
 +
 +	/* if this was a flush request we have to free response fcall */
 +	if (r->rc->id == P9_RFLUSH) {
 +		kfree(r->tc);
 +		kfree(r->rc);
 +	}
 +}
 +
 +/**
 + * p9_client_cb - call back from transport to client
 + * c: client state
 + * req: request received
 + *
 + */
 +void p9_client_cb(struct p9_client *c, struct p9_req_t *req)
 +{
 +	struct p9_req_t *other_req;
 +	unsigned long flags;
 +
 +	P9_DPRINTK(P9_DEBUG_MUX, " tag %d\n", req->tc->tag);
 +
 +	if (req->status == REQ_STATUS_ERROR)
 +		wake_up(req->wq);
 +
 +	if (req->flush_tag) { 			/* flush receive path */
 +		P9_DPRINTK(P9_DEBUG_9P, "<<< RFLUSH %d\n", req->tc->tag);
 +		spin_lock_irqsave(&c->lock, flags);
 +		other_req = p9_tag_lookup(c, req->flush_tag);
 +		if (other_req->status != REQ_STATUS_FLSH) /* stale flush */
 +			spin_unlock_irqrestore(&c->lock, flags);
 +		else {
 +			other_req->status = REQ_STATUS_FLSHD;
 +			spin_unlock_irqrestore(&c->lock, flags);
 +			wake_up(other_req->wq);
 +		}
 +		p9_free_req(c, req);
 +	} else { 				/* normal receive path */
 +		P9_DPRINTK(P9_DEBUG_MUX, "normal: tag %d\n", req->tc->tag);
 +		spin_lock_irqsave(&c->lock, flags);
 +		if (req->status != REQ_STATUS_FLSHD)
 +			req->status = REQ_STATUS_RCVD;
 +		spin_unlock_irqrestore(&c->lock, flags);
 +		wake_up(req->wq);
 +		P9_DPRINTK(P9_DEBUG_MUX, "wakeup: %d\n", req->tc->tag);
 +	}
 +}
 +EXPORT_SYMBOL(p9_client_cb);
 +
 +/**
 + * p9_parse_header - parse header arguments out of a packet
 + * @pdu: packet to parse
 + * @size: size of packet
 + * @type: type of request
 + * @tag: tag of packet
 + * @rewind: set if we need to rewind offset afterwards
 + */
 +
  int
 -p9_client_rpc(struct p9_client *c, struct p9_fcall *tc,
 -	struct p9_fcall **rc)
 +p9_parse_header(struct p9_fcall *pdu, int32_t *size, int8_t *type, int16_t *tag,
 +								int rewind)
  {
 -	return c->trans->rpc(c->trans, tc, rc);
 +	int8_t r_type;
 +	int16_t r_tag;
 +	int32_t r_size;
 +	int offset = pdu->offset;
 +	int err;
 +
 +	pdu->offset = 0;
 +	if (pdu->size == 0)
 +		pdu->size = 7;
 +
 +	err = p9pdu_readf(pdu, 0, "dbw", &r_size, &r_type, &r_tag);
 +	if (err)
 +		goto rewind_and_exit;
 +
 +	pdu->size = r_size;
 +	pdu->id = r_type;
 +	pdu->tag = r_tag;
 +
 +	P9_DPRINTK(P9_DEBUG_9P, "<<< size=%d type: %d tag: %d\n", pdu->size,
 +							pdu->id, pdu->tag);
 +
 +	if (type)
 +		*type = r_type;
 +	if (tag)
 +		*tag = r_tag;
 +	if (size)
 +		*size = r_size;
 +
 +
 +rewind_and_exit:
 +	if (rewind)
 +		pdu->offset = offset;
 +	return err;
  }
 +EXPORT_SYMBOL(p9_parse_header);
 +
 +/**
 + * p9_check_errors - check 9p packet for error return and process it
 + * @c: current client instance
 + * @req: request to parse and check for error conditions
 + *
 + * returns error code if one is discovered, otherwise returns 0
 + *
 + * this will have to be more complicated if we have multiple
 + * error packet types
 + */
 +
 +static int p9_check_errors(struct p9_client *c, struct p9_req_t *req)
 +{
 +	int8_t type;
 +	int err;
 +
 +	err = p9_parse_header(req->rc, NULL, &type, NULL, 0);
 +	if (err) {
 +		P9_DPRINTK(P9_DEBUG_ERROR, "couldn't parse header %d\n", err);
 +		return err;
 +	}
 +
 +	if (type == P9_RERROR) {
 +		int ecode;
 +		char *ename;
 +
 +		err = p9pdu_readf(req->rc, c->dotu, "s?d", &ename, &ecode);
 +		if (err) {
 +			P9_DPRINTK(P9_DEBUG_ERROR, "couldn't parse error%d\n",
 +									err);
 +			return err;
 +		}
 +
 +		if (c->dotu)
 +			err = -ecode;
 +
 +		if (!err) {
 +			err = p9_errstr2errno(ename, strlen(ename));
 +
 +			/* string match failed */
 +			if (!err)
 +				err = -ESERVERFAULT;
 +		}
 +
 +		P9_DPRINTK(P9_DEBUG_9P, "<<< RERROR (%d) %s\n", -ecode, ename);
 +
 +		kfree(ename);
 +	} else
 +		err = 0;
 +
 +	return err;
 +}
 +
 +/**
 + * p9_client_flush - flush (cancel) a request
 + * c: client state
 + * req: request to cancel
 + *
 + * This sents a flush for a particular requests and links
 + * the flush request to the original request.  The current
 + * code only supports a single flush request although the protocol
 + * allows for multiple flush requests to be sent for a single request.
 + *
 + */
 +
 +static int p9_client_flush(struct p9_client *c, struct p9_req_t *oldreq)
 +{
 +	struct p9_req_t *req;
 +	int16_t oldtag;
 +	int err;
 +
 +	err = p9_parse_header(oldreq->tc, NULL, NULL, &oldtag, 1);
 +	if (err)
 +		return err;
 +
 +	P9_DPRINTK(P9_DEBUG_9P, ">>> TFLUSH tag %d\n", oldtag);
 +
 +	req = p9_client_rpc(c, P9_TFLUSH, "w", oldtag);
 +	if (IS_ERR(req))
 +		return PTR_ERR(req);
 +
 +	req->flush_tag = oldtag;
 +
 +	/* we don't free anything here because RPC isn't complete */
 +	return 0;
 +}
 +
 +/**
 + * p9_client_rpc - issue a request and wait for a response
 + * @c: client session
 + * @type: type of request
 + * @fmt: protocol format string (see protocol.c)
 + *
 + * Returns request structure (which client must free using p9_free_req)
 + */
 +
 +static struct p9_req_t *
 +p9_client_rpc(struct p9_client *c, int8_t type, const char *fmt, ...)
 +{
 +	va_list ap;
 +	int tag, err;
 +	struct p9_req_t *req;
 +	unsigned long flags;
 +	int sigpending;
 +	int flushed = 0;
 +
 +	P9_DPRINTK(P9_DEBUG_MUX, "client %p op %d\n", c, type);
 +
 +	if (c->status != Connected)
 +		return ERR_PTR(-EIO);
 +
 +	if (signal_pending(current)) {
 +		sigpending = 1;
 +		clear_thread_flag(TIF_SIGPENDING);
 +	} else
 +		sigpending = 0;
 +
 +	tag = P9_NOTAG;
 +	if (type != P9_TVERSION) {
 +		tag = p9_idpool_get(c->tagpool);
 +		if (tag < 0)
 +			return ERR_PTR(-ENOMEM);
 +	}
 +
 +	req = p9_tag_alloc(c, tag);
 +	if (IS_ERR(req))
 +		return req;
 +
 +	/* marshall the data */
 +	p9pdu_prepare(req->tc, tag, type);
 +	va_start(ap, fmt);
 +	err = p9pdu_vwritef(req->tc, c->dotu, fmt, ap);
 +	va_end(ap);
 +	p9pdu_finalize(req->tc);
 +
 +	err = c->trans_mod->request(c, req);
 +	if (err < 0) {
 +		c->status = Disconnected;
 +		goto reterr;
 +	}
 +
 +	/* if it was a flush we just transmitted, return our tag */
 +	if (type == P9_TFLUSH)
 +		return req;
 +again:
 +	P9_DPRINTK(P9_DEBUG_MUX, "wait %p tag: %d\n", req->wq, tag);
 +	err = wait_event_interruptible(*req->wq,
 +						req->status >= REQ_STATUS_RCVD);
 +	P9_DPRINTK(P9_DEBUG_MUX, "wait %p tag: %d returned %d (flushed=%d)\n",
 +						req->wq, tag, err, flushed);
 +
 +	if (req->status == REQ_STATUS_ERROR) {
 +		P9_DPRINTK(P9_DEBUG_ERROR, "req_status error %d\n", req->t_err);
 +		err = req->t_err;
 +	} else if (err == -ERESTARTSYS && flushed) {
 +		P9_DPRINTK(P9_DEBUG_MUX, "flushed - going again\n");
 +		goto again;
 +	} else if (req->status == REQ_STATUS_FLSHD) {
 +		P9_DPRINTK(P9_DEBUG_MUX, "flushed - erestartsys\n");
 +		err = -ERESTARTSYS;
 +	}
 +
 +	if ((err == -ERESTARTSYS) && (c->status == Connected) && (!flushed)) {
 +		P9_DPRINTK(P9_DEBUG_MUX, "flushing\n");
 +		spin_lock_irqsave(&c->lock, flags);
 +		if (req->status == REQ_STATUS_SENT)
 +			req->status = REQ_STATUS_FLSH;
 +		spin_unlock_irqrestore(&c->lock, flags);
 +		sigpending = 1;
 +		flushed = 1;
 +		clear_thread_flag(TIF_SIGPENDING);
 +
 +		if (c->trans_mod->cancel(c, req)) {
 +			err = p9_client_flush(c, req);
 +			if (err == 0)
 +				goto again;
 +		}
 +	}
 +
 +	if (sigpending) {
 +		spin_lock_irqsave(&current->sighand->siglock, flags);
 +		recalc_sigpending();
 +		spin_unlock_irqrestore(&current->sighand->siglock, flags);
 +	}
 +
 +	if (err < 0)
 +		goto reterr;
 +
 +	err = p9_check_errors(c, req);
 +	if (!err) {
 +		P9_DPRINTK(P9_DEBUG_MUX, "exit: client %p op %d\n", c, type);
 +		return req;
 +	}
 +
 +reterr:
 +	P9_DPRINTK(P9_DEBUG_MUX, "exit: client %p op %d error: %d\n", c, type,
 +									err);
 +	p9_free_req(c, req);
 +	return ERR_PTR(err);
 +}
 +
 +static struct p9_fid *p9_fid_create(struct p9_client *clnt)
 +{
 +	int err;
 +	struct p9_fid *fid;
 +
 +	P9_DPRINTK(P9_DEBUG_FID, "clnt %p\n", clnt);
 +	fid = kmalloc(sizeof(struct p9_fid), GFP_KERNEL);
 +	if (!fid)
 +		return ERR_PTR(-ENOMEM);
 +
 +	fid->fid = p9_idpool_get(clnt->fidpool);
 +	if (fid->fid < 0) {
 +		err = -ENOSPC;
 +		goto error;
 +	}
 +
 +	memset(&fid->qid, 0, sizeof(struct p9_qid));
 +	fid->mode = -1;
 +	fid->rdir_fpos = 0;
- 	fid->uid = current->fsuid;
++	fid->uid = current_fsuid();
 +	fid->clnt = clnt;
 +	fid->aux = NULL;
 +
 +	spin_lock(&clnt->lock);
 +	list_add(&fid->flist, &clnt->fidlist);
 +	spin_unlock(&clnt->lock);
 +
 +	return fid;
 +
 +error:
 +	kfree(fid);
 +	return ERR_PTR(err);
 +}
 +
 +static void p9_fid_destroy(struct p9_fid *fid)
 +{
 +	struct p9_client *clnt;
 +
 +	P9_DPRINTK(P9_DEBUG_FID, "fid %d\n", fid->fid);
 +	clnt = fid->clnt;
 +	p9_idpool_put(fid->fid, clnt->fidpool);
 +	spin_lock(&clnt->lock);
 +	list_del(&fid->flist);
 +	spin_unlock(&clnt->lock);
 +	kfree(fid);
 +}
 +
 +static int p9_client_version(struct p9_client *c)
 +{
 +	int err = 0;
 +	struct p9_req_t *req;
 +	char *version;
 +	int msize;
 +
 +	P9_DPRINTK(P9_DEBUG_9P, ">>> TVERSION msize %d extended %d\n",
 +							c->msize, c->dotu);
 +	req = p9_client_rpc(c, P9_TVERSION, "ds", c->msize,
 +				c->dotu ? "9P2000.u" : "9P2000");
 +	if (IS_ERR(req))
 +		return PTR_ERR(req);
 +
 +	err = p9pdu_readf(req->rc, c->dotu, "ds", &msize, &version);
 +	if (err) {
 +		P9_DPRINTK(P9_DEBUG_9P, "version error %d\n", err);
 +		p9pdu_dump(1, req->rc);
 +		goto error;
 +	}
 +
 +	P9_DPRINTK(P9_DEBUG_9P, "<<< RVERSION msize %d %s\n", msize, version);
 +	if (!memcmp(version, "9P2000.u", 8))
 +		c->dotu = 1;
 +	else if (!memcmp(version, "9P2000", 6))
 +		c->dotu = 0;
 +	else {
 +		err = -EREMOTEIO;
 +		goto error;
 +	}
 +
 +	if (msize < c->msize)
 +		c->msize = msize;
 +
 +error:
 +	kfree(version);
 +	p9_free_req(c, req);
 +
 +	return err;
 +}
 +EXPORT_SYMBOL(p9_client_version);
  
  struct p9_client *p9_client_create(const char *dev_name, char *options)
  {

Re: linux-next: manual merge of the creds tree

[David Howells]

Stephen Rothwell <sfr@canb.auug.org.au> wrote:

> - 	fid->uid = current->fsuid;
> ++	fid->uid = current_fsuid();

ACK.

linux-next: manual merge of the creds tree

[Stephen Rothwell]

Hi David,

Today's linux-next merge of the creds tree got a conflict in
kernel/signal.c between commit f06febc96ba8e0af80bcc3eaec0a109e88275fac
("timers: fix itimer/many thread hang") from the timers tree and commit
e3c5b08cf35d6e1913789255e0755dfb46cc0807 ("CRED: Use RCU to access
another task's creds and to release a task's own creds") from the creds
tree.

Just context changes.  I fixed it up (see below).
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

diff --cc kernel/signal.c
index 105217d,8da146a..0000000
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@@ -1368,13 -1384,13 +1388,12 @@@ int do_notify_parent(struct task_struc
  	 */
  	rcu_read_lock();
  	info.si_pid = task_pid_nr_ns(tsk, tsk->parent->nsproxy->pid_ns);
+ 	info.si_uid = __task_cred(tsk)->uid;
  	rcu_read_unlock();
  
- 	info.si_uid = tsk->uid;
- 
 -	info.si_utime = cputime_to_clock_t(cputime_add(tsk->utime,
 -						       tsk->signal->utime));
 -	info.si_stime = cputime_to_clock_t(cputime_add(tsk->stime,
 -						       tsk->signal->stime));
 +	thread_group_cputime(tsk, &cputime);
 +	info.si_utime = cputime_to_jiffies(cputime.utime);
 +	info.si_stime = cputime_to_jiffies(cputime.stime);
  
  	info.si_status = tsk->exit_code & 0x7f;
  	if (tsk->exit_code & 0x80)

Re: linux-next: manual merge of the creds tree

[David Howells]

Stephen Rothwell <sfr@canb.auug.org.au> wrote:

> + 	info.si_uid = __task_cred(tsk)->uid;
>   	rcu_read_unlock();
>   
> - 	info.si_uid = tsk->uid;
> - 
>  -	info.si_utime = cputime_to_clock_t(cputime_add(tsk->utime,
>  -						       tsk->signal->utime));
>  -	info.si_stime = cputime_to_clock_t(cputime_add(tsk->stime,
>  -						       tsk->signal->stime));
>  +	thread_group_cputime(tsk, &cputime);
>  +	info.si_utime = cputime_to_jiffies(cputime.utime);
>  +	info.si_stime = cputime_to_jiffies(cputime.stime);

ACK.

linux-next: manual merge of the creds tree

[Stephen Rothwell]

Hi David,

Today's linux-next merge of the creds tree got a conflict in
kernel/fork.c between commit f06febc96ba8e0af80bcc3eaec0a109e88275fac
("timers: fix itimer/many thread hang") from the timers tree and commit
3ef958261a38aaf9a7baab6565def2680e5743ed ("CRED: Separate per-task-group
keyrings from signal_struct") from the creds tree.

Overlapping addition/removal.  I fixed it up (see below).
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

diff --cc kernel/fork.c
index d8de863,e392e5a..0000000
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@@ -794,15 -761,11 +793,14 @@@ static void posix_cpu_timers_init_group
  static int copy_signal(unsigned long clone_flags, struct task_struct *tsk)
  {
  	struct signal_struct *sig;
- 	int ret;
  
  	if (clone_flags & CLONE_THREAD) {
 -		atomic_inc(&current->signal->count);
 -		atomic_inc(&current->signal->live);
 -		return 0;
 +		ret = thread_group_cputime_clone_thread(current);
 +		if (likely(!ret)) {
 +			atomic_inc(&current->signal->count);
 +			atomic_inc(&current->signal->live);
 +		}
 +		return ret;
  	}
  	sig = kmem_cache_alloc(signal_cachep, GFP_KERNEL);
  	tsk->signal = sig;
@@@ -858,8 -830,6 +850,7 @@@
  
  void __cleanup_signal(struct signal_struct *sig)
  {
 +	thread_group_cputime_free(sig);
- 	exit_thread_group_keys(sig);
  	tty_kref_put(sig->tty);
  	kmem_cache_free(signal_cachep, sig);
  }

Re: linux-next: manual merge of the creds tree

[David Howells]

Stephen Rothwell <sfr@canb.auug.org.au> wrote:

> - 	int ret;

Do you need to put 'ret' back as it's now used a little further on:

>   	if (clone_flags & CLONE_THREAD) {
>  -		atomic_inc(&current->signal->count);
>  -		atomic_inc(&current->signal->live);
>  -		return 0;
>  +		ret = thread_group_cputime_clone_thread(current);
>  +		if (likely(!ret)) {
>  +			atomic_inc(&current->signal->count);
>  +			atomic_inc(&current->signal->live);
>  +		}
>  +		return ret;

The next bit is fine:

>  +	thread_group_cputime_free(sig);
> - 	exit_thread_group_keys(sig);

David

Re: linux-next: manual merge of the creds tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 406 bytes --]

Hi David,

On Wed, 15 Oct 2008 13:02:19 +0100 David Howells <dhowells@redhat.com> wrote:
>
> Stephen Rothwell <sfr@canb.auug.org.au> wrote:
> 
> > - 	int ret;
> 
> Do you need to put 'ret' back as it's now used a little further on:

Yeah, I discovered that when I tried to build it :-(

-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

linux-next: manual merge of the creds tree

[Stephen Rothwell]

Hi David,

Today's linux-next merge of the creds tree got a conflict in
include/linux/sched.h between commit
f06febc96ba8e0af80bcc3eaec0a109e88275fac ("timers: fix itimer/many thread
hang") from the timers tree and commit
3ef958261a38aaf9a7baab6565def2680e5743ed ("CRED: Separate per-task-group
keyrings from signal_struct") from the creds tree.

Just context changes. I fixed it up (see below).
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

diff --cc include/linux/sched.h
index b7b4dcc,0812cfd..0000000
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@@ -563,12 -527,8 +563,6 @@@ struct signal_struct 
  	 */
  	struct rlimit rlim[RLIM_NLIMITS];
  
- 	/* keep the process-shared keyrings here so that they do the right
- 	 * thing in threads created with CLONE_THREAD */
- #ifdef CONFIG_KEYS
- 	struct key *session_keyring;	/* keyring inherited over fork */
- 	struct key *process_keyring;	/* keyring private to this process */
- #endif
 -	struct list_head cpu_timers[3];
 -
  #ifdef CONFIG_BSD_PROCESS_ACCT
  	struct pacct_struct pacct;	/* per-process accounting information */
  #endif

Re: linux-next: manual merge of the creds tree

[David Howells]

Stephen Rothwell <sfr@canb.auug.org.au> wrote:

> - 	/* keep the process-shared keyrings here so that they do the right
> - 	 * thing in threads created with CLONE_THREAD */
> - #ifdef CONFIG_KEYS
> - 	struct key *session_keyring;	/* keyring inherited over fork */
> - 	struct key *process_keyring;	/* keyring private to this process */
> - #endif
>  -	struct list_head cpu_timers[3];
>  -

ACK.

linux-next: manual merge of the creds tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 3132 bytes --]

Hi David,

Today's linux-next merge of the creds tree got a conflict in
security/selinux/hooks.c between commit
d9250dea3f89fe808a525f08888016b495240ed4 ("SELinux: add boundary support
and thread context assignment") from the security-testing tree and commit
89be244cbb79a6c4a6d73730a1f042fc04d30967 ("CRED: Inaugurate COW
credentials") from the creds tree.

I fixed it up as best I could (see below) and can carry the fix.

-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

diff --cc security/selinux/hooks.c
index 89f446d,b6ae264..0000000
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@@ -5206,49 -5312,30 +5312,37 @@@ static int selinux_setprocattr(struct t
  	/* Permission checking based on the specified context is
  	   performed during the actual operation (execve,
  	   open/mkdir/...), when we know the full context of the
- 	   operation.  See selinux_bprm_set_security for the execve
+ 	   operation.  See selinux_bprm_set_creds for the execve
  	   checks and may_create for the file creation checks. The
  	   operation will then fail if the context is not permitted. */
- 	tsec = p->security;
- 	if (!strcmp(name, "exec"))
+ 	tsec = new->security;
+ 	if (!strcmp(name, "exec")) {
  		tsec->exec_sid = sid;
- 	else if (!strcmp(name, "fscreate"))
+ 	} else if (!strcmp(name, "fscreate")) {
  		tsec->create_sid = sid;
- 	else if (!strcmp(name, "keycreate")) {
+ 	} else if (!strcmp(name, "keycreate")) {
  		error = may_create_key(sid, p);
  		if (error)
- 			return error;
+ 			goto abort_change;
  		tsec->keycreate_sid = sid;
- 	} else if (!strcmp(name, "sockcreate"))
+ 	} else if (!strcmp(name, "sockcreate")) {
  		tsec->sockcreate_sid = sid;
- 	else if (!strcmp(name, "current")) {
- 		struct av_decision avd;
- 
+ 	} else if (!strcmp(name, "current")) {
+ 		error = -EINVAL;
  		if (sid == 0)
- 			return -EINVAL;
+ 			goto abort_change;
+ 
 -		/* Only allow single threaded processes to change context */
 -		error = -EPERM;
 -		if (!is_single_threaded(p))
 -			goto abort_change;
 +		/*
 +		 * SELinux allows to change context in the following case only.
 +		 *  - Single threaded processes.
 +		 *  - Multi threaded processes intend to change its context into
 +		 *    more restricted domain (defined by TYPEBOUNDS statement).
 +		 */
- 		if (atomic_read(&p->mm->mm_users) != 1) {
- 			struct task_struct *g, *t;
- 			struct mm_struct *mm = p->mm;
- 			read_lock(&tasklist_lock);
- 			do_each_thread(g, t) {
- 				if (t->mm == mm && t != p) {
- 					read_unlock(&tasklist_lock);
- 					error = security_bounded_transition(tsec->sid, sid);
- 					if (!error)
- 						goto boundary_ok;
- 
- 					return error;
- 				}
- 			} while_each_thread(g, t);
- 			read_unlock(&tasklist_lock);
++		if (!is_single_threaded(p)) {
++			error = security_bounded_transition(tsec->sid, sid);
++			if (error)
++				goto abort_change;
 +		}
- boundary_ok:
  
  		/* Check permissions for the transition. */
  		error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

Re: linux-next: manual merge of the creds tree

[James Morris]

On Fri, 29 Aug 2008, Stephen Rothwell wrote:

> Hi David,
> 
> Today's linux-next merge of the creds tree got a conflict in
> security/selinux/hooks.c between commit
> d9250dea3f89fe808a525f08888016b495240ed4 ("SELinux: add boundary support
> and thread context assignment") from the security-testing tree and commit
> 89be244cbb79a6c4a6d73730a1f042fc04d30967 ("CRED: Inaugurate COW
> credentials") from the creds tree.
> 
> I fixed it up as best I could (see below) and can carry the fix.

Thanks -- hopefully there'll be a new creds branch available soon.


> 
> -- 
> Cheers,
> Stephen Rothwell                    sfr@canb.auug.org.au
> http://www.canb.auug.org.au/~sfr/
> 
> diff --cc security/selinux/hooks.c
> index 89f446d,b6ae264..0000000
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@@ -5206,49 -5312,30 +5312,37 @@@ static int selinux_setprocattr(struct t
>   	/* Permission checking based on the specified context is
>   	   performed during the actual operation (execve,
>   	   open/mkdir/...), when we know the full context of the
> - 	   operation.  See selinux_bprm_set_security for the execve
> + 	   operation.  See selinux_bprm_set_creds for the execve
>   	   checks and may_create for the file creation checks. The
>   	   operation will then fail if the context is not permitted. */
> - 	tsec = p->security;
> - 	if (!strcmp(name, "exec"))
> + 	tsec = new->security;
> + 	if (!strcmp(name, "exec")) {
>   		tsec->exec_sid = sid;
> - 	else if (!strcmp(name, "fscreate"))
> + 	} else if (!strcmp(name, "fscreate")) {
>   		tsec->create_sid = sid;
> - 	else if (!strcmp(name, "keycreate")) {
> + 	} else if (!strcmp(name, "keycreate")) {
>   		error = may_create_key(sid, p);
>   		if (error)
> - 			return error;
> + 			goto abort_change;
>   		tsec->keycreate_sid = sid;
> - 	} else if (!strcmp(name, "sockcreate"))
> + 	} else if (!strcmp(name, "sockcreate")) {
>   		tsec->sockcreate_sid = sid;
> - 	else if (!strcmp(name, "current")) {
> - 		struct av_decision avd;
> - 
> + 	} else if (!strcmp(name, "current")) {
> + 		error = -EINVAL;
>   		if (sid == 0)
> - 			return -EINVAL;
> + 			goto abort_change;
> + 
>  -		/* Only allow single threaded processes to change context */
>  -		error = -EPERM;
>  -		if (!is_single_threaded(p))
>  -			goto abort_change;
>  +		/*
>  +		 * SELinux allows to change context in the following case only.
>  +		 *  - Single threaded processes.
>  +		 *  - Multi threaded processes intend to change its context into
>  +		 *    more restricted domain (defined by TYPEBOUNDS statement).
>  +		 */
> - 		if (atomic_read(&p->mm->mm_users) != 1) {
> - 			struct task_struct *g, *t;
> - 			struct mm_struct *mm = p->mm;
> - 			read_lock(&tasklist_lock);
> - 			do_each_thread(g, t) {
> - 				if (t->mm == mm && t != p) {
> - 					read_unlock(&tasklist_lock);
> - 					error = security_bounded_transition(tsec->sid, sid);
> - 					if (!error)
> - 						goto boundary_ok;
> - 
> - 					return error;
> - 				}
> - 			} while_each_thread(g, t);
> - 			read_unlock(&tasklist_lock);
> ++		if (!is_single_threaded(p)) {
> ++			error = security_bounded_transition(tsec->sid, sid);
> ++			if (error)
> ++				goto abort_change;
>  +		}
> - boundary_ok:
>   
>   		/* Check permissions for the transition. */
>   		error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
> 

-- 
James Morris
<jmorris@namei.org>

Re: linux-next: manual merge of the creds tree

[David Howells]

Stephen Rothwell <sfr@canb.auug.org.au> wrote:

> I fixed it up as best I could (see below) and can carry the fix.

That looks right.

David

linux-next: manual merge of the creds tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 598 bytes --]

Hi David,

Today's linux-next merge of the creds tree got a conflict in
drivers/net/wan/sbni.c between commit
f2455eb176ac87081bbfc9a44b21c7cd2bc1967e ("wan: Missing capability checks
in sbni_ioctl()") from the net-current tree and commit
f4d399d40debd14b22967153294b94087cbcf789 ("CRED: Wrap most current->e?[ug]
id and some task->e?[ug]id") from the creds tree.

The former changed all usages of current->euid to capable() checks.  I
used the version from the net-current tree.
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

linux-next: manual merge of the creds tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 504 bytes --]

Hi David, James,

Today's linux-next merge of the creds tree got a conflict in
security/commoncap.c between commit
5cd9c58fbe9ec92b45b27e131719af4f2bd9eb40 ("security: Fix setting of
PF_SUPERPRIV by __capable()") from Linus' tree (which is also in the
creds tree) and various commits from the creds tree.

The latter commits are just further changes, so I tool the creds tree
version.

-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

Re: linux-next: manual merge of the creds tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 686 bytes --]

Hi David, James,

On Mon, 18 Aug 2008 16:33:36 +1000 Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>
> Today's linux-next merge of the creds tree got a conflict in
> security/commoncap.c between commit
> 5cd9c58fbe9ec92b45b27e131719af4f2bd9eb40 ("security: Fix setting of
> PF_SUPERPRIV by __capable()") from Linus' tree (which is also in the
> creds tree) and various commits from the creds tree.
> 
> The latter commits are just further changes, so I tool the creds tree
> version.

The same is true for security/selinux/hooks.c and
security/smack/smack_lsm.c.
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

linux-next: manual merge of the creds tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 588 bytes --]

Hi David,

Today's linux-next merge of the creds tree got a conflict in
kernel/exit.c between commit 177a5f86ba5f60c783e24603bedf037d6c43a193
("tracing, sched: LTTng instrumentation - scheduler") from the ftrace
tree and commit 89be244cbb79a6c4a6d73730a1f042fc04d30967 ("CRED:
Inaugurate COW credentials") from the creds tree.

Just overlapping additions.  I used both.

[David, I also got the expected conflicts against Linus' tree and fixed
them up appropriately.]

-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

linux-next: manual merge of the creds tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 503 bytes --]

Hi David, James,

Today's linux-next merge of the creds tree got a conflict in
kernel/fork.c between commit e830620e79e0a46e16d335de655c53a271ac235d
("tty-kref") from the ttydev tree and commit
cf7c7a530e568ca54ba3a3c021c7e7efb71fe10f ("CRED: Separate per-task-group
keyrings from signal_struct") from the creds tree.

Overlapping addition/removal.  I fixed it up and can carry the fix.
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

linux-next: manual merge of the creds tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 480 bytes --]

Hi David,

Today's linux-next merge of the creds tree got a conflict in
fs/nfsd/nfs4recover.c between commit
eec56f5904cd79d7cf99efd74ad02f39c829fff1 ("switch nfsd to kern_path()")
from the vfs tree and commit 3aef995c0537d5ba27936d2e8cb42d307084932c
("CRED: Pass credentials through dentry_open()") from the creds tree.

I did the obvious fixup and can carry it.
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

linux-next: manual merge of the creds tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 503 bytes --]

Hi David,

Today's linux-next merge of the creds tree got a conflict in
fs/namespace.c between commit 7125f0b2f3b13510a2e786503aecd4e35822ea62
("finally get rid of nameidata in namespace.c") from the vfs tree and
commit f4d399d40debd14b22967153294b94087cbcf789 ("CRED: Wrap most
current->e?[ug]id and some task->e?[ug]id") from the creds tree.

I did the obvious fixup and can carry it.
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

linux-next: manual merge of the creds tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 468 bytes --]

Hi David,

Today's linux-next merge of the creds tree got a conflict in
fs/xfs/xfs_acl.c between commit 6811235504abbeed42673cf70014759f39e12a9b
("[XFS] XFS: Kill xfs_vtoi()") from the xfs tree and commit
785af0f385cd424d4b40908bf0e467df3dc05434 ("CRED: Change current->fs[ug]id
to current_fs[ug]id()") from the creds tree.

I did the obvious fixup.

-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

Re: linux-next: manual merge of the creds tree

[David Howells]

Stephen Rothwell <sfr@canb.auug.org.au> wrote:

> ... ("CRED: Change current->fs[ug]id to current_fs[ug]id()") from the creds
> tree.
>
> I did the obvious fixup.

Yeah, it should be fairly straightforward for that patch.

David

Re: linux-next: manual merge of the creds tree

[James Morris]

On Fri, 8 Aug 2008, Stephen Rothwell wrote:

> Hi David,
> 
> Today's linux-next merge of the creds tree got a conflict in
> fs/xfs/xfs_acl.c between commit 6811235504abbeed42673cf70014759f39e12a9b
> ("[XFS] XFS: Kill xfs_vtoi()") from the xfs tree and commit
> 785af0f385cd424d4b40908bf0e467df3dc05434 ("CRED: Change current->fs[ug]id
> to current_fs[ug]id()") from the creds tree.
> 
> I did the obvious fixup.

I'm not 100% clear on the new process.

What happens with your fixup patch?  Is this something you maintain in 
your tree from now until these trees are merged with Linus?  (At which 
point we'll run into the same conflicts again ?)


- James
-- 
James Morris
<jmorris@namei.org>

Re: linux-next: manual merge of the creds tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 1055 bytes --]

Hi James,

On Fri, 8 Aug 2008 19:23:11 +1000 (EST) James Morris <jmorris@namei.org> wrote:
>
> I'm not 100% clear on the new process.
> 
> What happens with your fixup patch?  Is this something you maintain in 
> your tree from now until these trees are merged with Linus?  (At which 
> point we'll run into the same conflicts again ?)

I redo the conflict fixup (well, "git rerere" usually does it for me)
each day, and by the time the tree gets merged by Linus, he will either
fix the conflict as well, or somewhere along the way it gets taken care
of by the owner of one of the trees by doing a merge or rebase against
Linus' tree after the other tree gets merged.

Or sometimes we do a temporary form of an API change so that other trees
can do the API change early and thus remove the conflict.

There is nothing official about this procedure, I am just trying to make
things easier by noticing possible problems early.

-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

Re: linux-next: manual merge of the creds tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 1282 bytes --]

Hi James,

On Sun, 10 Aug 2008 22:53:18 +1000 Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>
> On Fri, 8 Aug 2008 19:23:11 +1000 (EST) James Morris <jmorris@namei.org> wrote:
> >
> > I'm not 100% clear on the new process.
> > 
> > What happens with your fixup patch?  Is this something you maintain in 
> > your tree from now until these trees are merged with Linus?  (At which 
> > point we'll run into the same conflicts again ?)
> 
> I redo the conflict fixup (well, "git rerere" usually does it for me)
> each day, and by the time the tree gets merged by Linus, he will either
> fix the conflict as well, or somewhere along the way it gets taken care
> of by the owner of one of the trees by doing a merge or rebase against
> Linus' tree after the other tree gets merged.
> 
> Or sometimes we do a temporary form of an API change so that other trees
> can do the API change early and thus remove the conflict.
> 
> There is nothing official about this procedure, I am just trying to make
> things easier by noticing possible problems early.

Of course build (and runtime) bugs are a different matter and should be
fixed as soon as possible.

-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

linux-next: manual merge of the creds tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 686 bytes --]

Hi David,

Today's linux-next merge of the creds tree got conflicts in fs/cifs/dir.c
between commits 4e1e7fb9e879d48011a887715d7966484d9644ea ("bundle up Unix
SET_PATH_INFO args into a struct and change name") and
95089910933e10768cfef1ab0bab0c55b962aacb ("[CIFS] cifs_mkdir and
cifs_create should respect the setgid bit on parent dir") from the cifs
tree and commit 785af0f385cd424d4b40908bf0e467df3dc05434 ("CRED: Change
current->fs[ug]id to current_fs[ug]id()") from the creds tree.

I fixed it up as best I could.  Might be worth a check once I publish the
tree.
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

Re: linux-next: manual merge of the creds tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 832 bytes --]

Hi David,

On Fri, 8 Aug 2008 16:01:43 +1000 Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>
> Today's linux-next merge of the creds tree got conflicts in fs/cifs/dir.c
> between commits 4e1e7fb9e879d48011a887715d7966484d9644ea ("bundle up Unix
> SET_PATH_INFO args into a struct and change name") and
> 95089910933e10768cfef1ab0bab0c55b962aacb ("[CIFS] cifs_mkdir and
> cifs_create should respect the setgid bit on parent dir") from the cifs
> tree and commit 785af0f385cd424d4b40908bf0e467df3dc05434 ("CRED: Change
> current->fs[ug]id to current_fs[ug]id()") from the creds tree.
> 
> I fixed it up as best I could.  Might be worth a check once I publish the
> tree.

The same applies to fs/cifs/inode.c

-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

Re: linux-next: manual merge of the creds tree

[Jeff Layton]

On Fri, 8 Aug 2008 16:03:03 +1000
Stephen Rothwell <sfr@canb.auug.org.au> wrote:

> Hi David,
> 
> On Fri, 8 Aug 2008 16:01:43 +1000 Stephen Rothwell <sfr@canb.auug.org.au> wrote:
> >
> > Today's linux-next merge of the creds tree got conflicts in fs/cifs/dir.c
> > between commits 4e1e7fb9e879d48011a887715d7966484d9644ea ("bundle up Unix
> > SET_PATH_INFO args into a struct and change name") and
> > 95089910933e10768cfef1ab0bab0c55b962aacb ("[CIFS] cifs_mkdir and
> > cifs_create should respect the setgid bit on parent dir") from the cifs
> > tree and commit 785af0f385cd424d4b40908bf0e467df3dc05434 ("CRED: Change
> > current->fs[ug]id to current_fs[ug]id()") from the creds tree.
> > 
> > I fixed it up as best I could.  Might be worth a check once I publish the
> > tree.
> 
> The same applies to fs/cifs/inode.c
> 

>From a quick look, your fixes look correct to me...

Thanks,
-- 
Jeff Layton <jlayton@redhat.com>

Re: linux-next: manual merge of the creds tree

[Steve French]

On Fri, Aug 8, 2008 at 6:41 AM, Jeff Layton <jlayton@redhat.com> wrote:
> On Fri, 8 Aug 2008 16:03:03 +1000
> Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>
>> Hi David,
>>
>> On Fri, 8 Aug 2008 16:01:43 +1000 Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>> >
>> > Today's linux-next merge of the creds tree got conflicts in fs/cifs/dir.c
>> > between commits 4e1e7fb9e879d48011a887715d7966484d9644ea ("bundle up Unix
>> > SET_PATH_INFO args into a struct and change name") and
>> > 95089910933e10768cfef1ab0bab0c55b962aacb ("[CIFS] cifs_mkdir and
>> > cifs_create should respect the setgid bit on parent dir") from the cifs
>> > tree and commit 785af0f385cd424d4b40908bf0e467df3dc05434 ("CRED: Change
>> > current->fs[ug]id to current_fs[ug]id()") from the creds tree.
FYI - am waiting on more test feedback from the usual cifs community
before pushing those
cifs-2.6.git changes up to mainline.    In my testing of the current
cifs-2.6 tree,
there are a couple things I noticed in testing against various Samba
versions, but it looks like
they were Samba problems that have been fixed (still investigating).
I am particularly
interested in attribute, size, time stamp related testing against non-Windows,
non-current-Samba servers ...


-- 
Thanks,

Steve