Hi Xin, Thank you for the patch! Perhaps something to improve: [auto build test WARNING on linus/master] [also build test WARNING on v4.19-rc3 next-20180910] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/My-Name/kernel-prevent-submission-of-creds-with-higher-privileges-inside-container/20180911-135856 config: x86_64-randconfig-x009-201836 (attached as .config) compiler: gcc-7 (Debian 7.3.0-1) 7.3.0 reproduce: # save the attached .config to linux build tree make ARCH=x86_64 All warnings (new ones prefixed by >>): In file included from include/linux/init.h:5:0, from include/linux/cred.h:16, from kernel/cred.c:12: kernel/cred.c: In function 'commit_creds': kernel/cred.c:428:40: error: 'PROC_UTS_INIT_INO' undeclared (first use in this function) if (task->nsproxy->uts_ns->ns.inum != PROC_UTS_INIT_INO || ^ include/linux/compiler.h:58:30: note: in definition of macro '__trace_if' if (__builtin_constant_p(!!(cond)) ? !!(cond) : \ ^~~~ >> kernel/cred.c:428:2: note: in expansion of macro 'if' if (task->nsproxy->uts_ns->ns.inum != PROC_UTS_INIT_INO || ^~ kernel/cred.c:428:40: note: each undeclared identifier is reported only once for each function it appears in if (task->nsproxy->uts_ns->ns.inum != PROC_UTS_INIT_INO || ^ include/linux/compiler.h:58:30: note: in definition of macro '__trace_if' if (__builtin_constant_p(!!(cond)) ? !!(cond) : \ ^~~~ >> kernel/cred.c:428:2: note: in expansion of macro 'if' if (task->nsproxy->uts_ns->ns.inum != PROC_UTS_INIT_INO || ^~ kernel/cred.c:429:23: error: dereferencing pointer to incomplete type 'struct ipc_namespace' task->nsproxy->ipc_ns->ns.inum != PROC_IPC_INIT_INO || ^ include/linux/compiler.h:58:30: note: in definition of macro '__trace_if' if (__builtin_constant_p(!!(cond)) ? !!(cond) : \ ^~~~ >> kernel/cred.c:428:2: note: in expansion of macro 'if' if (task->nsproxy->uts_ns->ns.inum != PROC_UTS_INIT_INO || ^~ kernel/cred.c:429:36: error: 'PROC_IPC_INIT_INO' undeclared (first use in this function); did you mean 'PROC_UTS_INIT_INO'? task->nsproxy->ipc_ns->ns.inum != PROC_IPC_INIT_INO || ^ include/linux/compiler.h:58:30: note: in definition of macro '__trace_if' if (__builtin_constant_p(!!(cond)) ? !!(cond) : \ ^~~~ >> kernel/cred.c:428:2: note: in expansion of macro 'if' if (task->nsproxy->uts_ns->ns.inum != PROC_UTS_INIT_INO || ^~ kernel/cred.c:430:23: error: dereferencing pointer to incomplete type 'struct mnt_namespace' task->nsproxy->mnt_ns->ns.inum != 0xF0000000U || ^ include/linux/compiler.h:58:30: note: in definition of macro '__trace_if' if (__builtin_constant_p(!!(cond)) ? !!(cond) : \ ^~~~ >> kernel/cred.c:428:2: note: in expansion of macro 'if' if (task->nsproxy->uts_ns->ns.inum != PROC_UTS_INIT_INO || ^~ kernel/cred.c:431:49: error: 'PROC_PID_INIT_INO' undeclared (first use in this function); did you mean 'PROC_IPC_INIT_INO'? task->nsproxy->pid_ns_for_children->ns.inum != PROC_PID_INIT_INO || ^ include/linux/compiler.h:58:30: note: in definition of macro '__trace_if' if (__builtin_constant_p(!!(cond)) ? !!(cond) : \ ^~~~ >> kernel/cred.c:428:2: note: in expansion of macro 'if' if (task->nsproxy->uts_ns->ns.inum != PROC_UTS_INIT_INO || ^~ kernel/cred.c:433:27: error: 'PROC_USER_INIT_INO' undeclared (first use in this function); did you mean 'PROC_UTS_INIT_INO'? old->user_ns->ns.inum != PROC_USER_INIT_INO || ^ include/linux/compiler.h:58:30: note: in definition of macro '__trace_if' if (__builtin_constant_p(!!(cond)) ? !!(cond) : \ ^~~~ >> kernel/cred.c:428:2: note: in expansion of macro 'if' if (task->nsproxy->uts_ns->ns.inum != PROC_UTS_INIT_INO || ^~ kernel/cred.c:434:26: error: dereferencing pointer to incomplete type 'struct cgroup_namespace' task->nsproxy->cgroup_ns->ns.inum != PROC_CGROUP_INIT_INO) { ^ include/linux/compiler.h:58:30: note: in definition of macro '__trace_if' if (__builtin_constant_p(!!(cond)) ? !!(cond) : \ ^~~~ >> kernel/cred.c:428:2: note: in expansion of macro 'if' if (task->nsproxy->uts_ns->ns.inum != PROC_UTS_INIT_INO || ^~ kernel/cred.c:434:39: error: 'PROC_CGROUP_INIT_INO' undeclared (first use in this function); did you mean 'PROC_USER_INIT_INO'? task->nsproxy->cgroup_ns->ns.inum != PROC_CGROUP_INIT_INO) { ^ include/linux/compiler.h:58:30: note: in definition of macro '__trace_if' if (__builtin_constant_p(!!(cond)) ? !!(cond) : \ ^~~~ >> kernel/cred.c:428:2: note: in expansion of macro 'if' if (task->nsproxy->uts_ns->ns.inum != PROC_UTS_INIT_INO || ^~ vim +/if +428 kernel/cred.c 408 409 /** 410 * commit_creds - Install new credentials upon the current task 411 * @new: The credentials to be assigned 412 * 413 * Install a new set of credentials to the current task, using RCU to replace 414 * the old set. Both the objective and the subjective credentials pointers are 415 * updated. This function may not be called if the subjective credentials are 416 * in an overridden state. 417 * 418 * This function eats the caller's reference to the new credentials. 419 * 420 * Always returns 0 thus allowing this function to be tail-called at the end 421 * of, say, sys_setgid(). 422 */ 423 int commit_creds(struct cred *new) 424 { 425 struct task_struct *task = current; 426 const struct cred *old = task->real_cred; 427 > 428 if (task->nsproxy->uts_ns->ns.inum != PROC_UTS_INIT_INO || 429 task->nsproxy->ipc_ns->ns.inum != PROC_IPC_INIT_INO || 430 task->nsproxy->mnt_ns->ns.inum != 0xF0000000U || 431 task->nsproxy->pid_ns_for_children->ns.inum != PROC_PID_INIT_INO || 432 task->nsproxy->net_ns->ns.inum != 0xF0000075U || 433 old->user_ns->ns.inum != PROC_USER_INIT_INO || 434 task->nsproxy->cgroup_ns->ns.inum != PROC_CGROUP_INIT_INO) { 435 if (new->uid.val < old->uid.val || new->gid.val < old->gid.val 436 || new->cap_bset.cap[0] > old->cap_bset.cap[0]) 437 return 0; 438 } 439 440 kdebug("commit_creds(%p{%d,%d})", new, 441 atomic_read(&new->usage), 442 read_cred_subscribers(new)); 443 444 BUG_ON(task->cred != old); 445 #ifdef CONFIG_DEBUG_CREDENTIALS 446 BUG_ON(read_cred_subscribers(old) < 2); 447 validate_creds(old); 448 validate_creds(new); 449 #endif 450 BUG_ON(atomic_read(&new->usage) < 1); 451 452 get_cred(new); /* we will require a ref for the subj creds too */ 453 454 /* dumpability changes */ 455 if (!uid_eq(old->euid, new->euid) || 456 !gid_eq(old->egid, new->egid) || 457 !uid_eq(old->fsuid, new->fsuid) || 458 !gid_eq(old->fsgid, new->fsgid) || 459 !cred_cap_issubset(old, new)) { 460 if (task->mm) 461 set_dumpable(task->mm, suid_dumpable); 462 task->pdeath_signal = 0; 463 smp_wmb(); 464 } 465 466 /* alter the thread keyring */ 467 if (!uid_eq(new->fsuid, old->fsuid)) 468 key_fsuid_changed(task); 469 if (!gid_eq(new->fsgid, old->fsgid)) 470 key_fsgid_changed(task); 471 472 /* do it 473 * RLIMIT_NPROC limits on user->processes have already been checked 474 * in set_user(). 475 */ 476 alter_cred_subscribers(new, 2); 477 if (new->user != old->user) 478 atomic_inc(&new->user->processes); 479 rcu_assign_pointer(task->real_cred, new); 480 rcu_assign_pointer(task->cred, new); 481 if (new->user != old->user) 482 atomic_dec(&old->user->processes); 483 alter_cred_subscribers(old, -2); 484 485 /* send notifications */ 486 if (!uid_eq(new->uid, old->uid) || 487 !uid_eq(new->euid, old->euid) || 488 !uid_eq(new->suid, old->suid) || 489 !uid_eq(new->fsuid, old->fsuid)) 490 proc_id_connector(task, PROC_EVENT_UID); 491 492 if (!gid_eq(new->gid, old->gid) || 493 !gid_eq(new->egid, old->egid) || 494 !gid_eq(new->sgid, old->sgid) || 495 !gid_eq(new->fsgid, old->fsgid)) 496 proc_id_connector(task, PROC_EVENT_GID); 497 498 /* release the old obj and subj refs both */ 499 put_cred(old); 500 put_cred(old); 501 return 0; 502 } 503 EXPORT_SYMBOL(commit_creds); 504 --- 0-DAY kernel test infrastructure Open Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation