- fix creds

Changed files: kernel-vserver-fixes.patch -> 1.18
author: Arkadiusz Miśkiewicz 2010-12-02 18:43:12 (GMT)
committer: cvs2git 2012-06-24 12:13:13 (GMT)
commit: d858b99000da31fa809dadc5f0012be18672340c (patch)
tree: 7a113fc0a64896002f769591d5d2641ec5ded9da
parent: 9bea26c036516b82de2a7006556a930a48b45cc6 (diff)
download: kernel-d858b99000da31fa809dadc5f0012be18672340c.zip
kernel-d858b99000da31fa809dadc5f0012be18672340c.tar.gz
1 files changed, 233 insertions, 0 deletions
diff --git a/kernel-vserver-fixes.patch b/kernel-vserver-fixes.patch
index 15424a4..38368f4 100644
--- a/kernel-vserver-fixes.patch
+++ b/kernel-vserver-fixes.patch
@@ -44,3 +44,236 @@ Missing header for routes patch, caused vs2.3 route.h mixing
  	return ret;
  }
 -
+diff -NurpP linux-2.6.36-vs2.3.0.36.38/include/linux/cred.h linux-2.6.36-vs2.3.0.36.38.2/include/linux/cred.h
+--- linux-2.6.36-vs2.3.0.36.38/include/linux/cred.h	2010-08-02 16:52:53.000000000 +0200
++++ linux-2.6.36-vs2.3.0.36.38.2/include/linux/cred.h	2010-12-01 17:26:52.000000000 +0100
+@@ -208,6 +208,31 @@ static inline void validate_process_cred
+ }
+ #endif
+ 
++static inline void set_cred_subscribers(struct cred *cred, int n)
++{
++#ifdef CONFIG_DEBUG_CREDENTIALS
++	atomic_set(&cred->subscribers, n);
++#endif
++}
++
++static inline int read_cred_subscribers(const struct cred *cred)
++{
++#ifdef CONFIG_DEBUG_CREDENTIALS
++	return atomic_read(&cred->subscribers);
++#else
++	return 0;
++#endif
++}
++
++static inline void alter_cred_subscribers(const struct cred *_cred, int n)
++{
++#ifdef CONFIG_DEBUG_CREDENTIALS
++	struct cred *cred = (struct cred *) _cred;
++
++	atomic_add(n, &cred->subscribers);
++#endif
++}
++
+ /**
+  * get_new_cred - Get a reference on a new set of credentials
+  * @cred: The new credentials to reference
+diff -NurpP linux-2.6.36-vs2.3.0.36.38/include/linux/vserver/context.h linux-2.6.36-vs2.3.0.36.38.2/include/linux/vserver/context.h
+--- linux-2.6.36-vs2.3.0.36.38/include/linux/vserver/context.h	2010-10-21 13:09:36.000000000 +0200
++++ linux-2.6.36-vs2.3.0.36.38.2/include/linux/vserver/context.h	2010-12-01 17:36:51.000000000 +0100
+@@ -110,6 +110,8 @@ struct vx_info {
+ 	unsigned long vx_nsmask[VX_SPACES];	/* assignment mask */
+ 	struct nsproxy *vx_nsproxy[VX_SPACES];	/* private namespaces */
+ 	struct fs_struct *vx_fs[VX_SPACES];	/* private namespace fs */
++	const struct cred *vx_real_cred;	/* real task credentials */
++	const struct cred *vx_cred;		/* task credentials */
+ 
+ 	uint64_t vx_flags;			/* context flags */
+ 	uint64_t vx_ccaps;			/* context caps (vserver) */
+diff -NurpP linux-2.6.36-vs2.3.0.36.38/kernel/cred.c linux-2.6.36-vs2.3.0.36.38.2/kernel/cred.c
+--- linux-2.6.36-vs2.3.0.36.38/kernel/cred.c	2010-10-21 13:07:56.000000000 +0200
++++ linux-2.6.36-vs2.3.0.36.38.2/kernel/cred.c	2010-12-01 17:25:55.000000000 +0100
+@@ -60,31 +60,6 @@ struct cred init_cred = {
+ #endif
+ };
+ 
+-static inline void set_cred_subscribers(struct cred *cred, int n)
+-{
+-#ifdef CONFIG_DEBUG_CREDENTIALS
+-	atomic_set(&cred->subscribers, n);
+-#endif
+-}
+-
+-static inline int read_cred_subscribers(const struct cred *cred)
+-{
+-#ifdef CONFIG_DEBUG_CREDENTIALS
+-	return atomic_read(&cred->subscribers);
+-#else
+-	return 0;
+-#endif
+-}
+-
+-static inline void alter_cred_subscribers(const struct cred *_cred, int n)
+-{
+-#ifdef CONFIG_DEBUG_CREDENTIALS
+-	struct cred *cred = (struct cred *) _cred;
+-
+-	atomic_add(n, &cred->subscribers);
+-#endif
+-}
+-
+ /*
+  * Dispose of the shared task group credentials
+  */
+diff -NurpP linux-2.6.36-vs2.3.0.36.38/kernel/vserver/context.c linux-2.6.36-vs2.3.0.36.38.2/kernel/vserver/context.c
+--- linux-2.6.36-vs2.3.0.36.38/kernel/vserver/context.c	2010-10-21 14:39:59.000000000 +0200
++++ linux-2.6.36-vs2.3.0.36.38.2/kernel/vserver/context.c	2010-12-01 20:34:45.000000000 +0100
+@@ -3,7 +3,7 @@
+  *
+  *  Virtual Server: Context Support
+  *
+- *  Copyright (C) 2003-2007  Herbert P�tzl
++ *  Copyright (C) 2003-2010  Herbert P�tzl
+  *
+  *  V0.01  context helper
+  *  V0.02  vx_ctx_kill syscall command
+@@ -22,6 +22,7 @@
+  *  V0.15  added context stat
+  *  V0.16  have __create claim() the vxi
+  *  V0.17  removed older and legacy stuff
++ *  V0.18  added user credentials
+  *
+  */
+ 
+@@ -38,6 +39,7 @@
+ #include <linux/vserver/space.h>
+ #include <linux/init_task.h>
+ #include <linux/fs_struct.h>
++#include <linux/cred.h>
+ 
+ #include <linux/vs_context.h>
+ #include <linux/vs_limit.h>
+@@ -127,6 +129,10 @@ static struct vx_info *__alloc_vx_info(x
+ 		new->vx_fs[index] = &init_fs;
+ 	}
+ 
++	/* FIXME: we want defaults */
++	new->vx_real_cred = 0;
++	new->vx_cred = 0;
++ 
+ 	vxdprintk(VXD_CBIT(xid, 0),
+ 		"alloc_vx_info(%d) = %p", xid, new);
+ 	vxh_alloc_vx_info(new);
+@@ -183,6 +189,7 @@ static void __shutdown_vx_info(struct vx
+ {
+ 	struct nsproxy *nsproxy;
+ 	struct fs_struct *fs;
++	const struct cred *cred;
+ 	int index, kill;
+ 
+ 	might_sleep();
+@@ -202,6 +209,18 @@ static void __shutdown_vx_info(struct vx
+ 		if (kill)
+ 			free_fs_struct(fs);
+ 	}
++
++	cred = xchg(&vxi->vx_real_cred, NULL);
++	if (cred) {
++		alter_cred_subscribers(cred, -1);
++		put_cred(cred);
++	}
++
++	cred = xchg(&vxi->vx_cred, NULL);
++	if (cred) {
++		alter_cred_subscribers(cred, -1);
++		put_cred(cred);
++	}
+ }
+ 
+ /* exported stuff */
+diff -NurpP linux-2.6.36-vs2.3.0.36.38/kernel/vserver/space.c linux-2.6.36-vs2.3.0.36.38.2/kernel/vserver/space.c
+--- linux-2.6.36-vs2.3.0.36.38/kernel/vserver/space.c	2010-10-21 14:41:06.000000000 +0200
++++ linux-2.6.36-vs2.3.0.36.38.2/kernel/vserver/space.c	2010-12-01 20:39:35.000000000 +0100
+@@ -3,12 +3,13 @@
+  *
+  *  Virtual Server: Context Space Support
+  *
+- *  Copyright (C) 2003-2007  Herbert P�tzl
++ *  Copyright (C) 2003-2010  Herbert P�tzl
+  *
+  *  V0.01  broken out from context.c 0.07
+  *  V0.02  added task locking for namespace
+  *  V0.03  broken out vx_enter_namespace
+  *  V0.04  added *space support and commands
++ *  V0.05  added credential support
+  *
+  */
+ 
+@@ -16,6 +17,7 @@
+ #include <linux/nsproxy.h>
+ #include <linux/err.h>
+ #include <linux/fs_struct.h>
++#include <linux/cred.h>
+ #include <asm/uaccess.h>
+ 
+ #include <linux/vs_context.h>
+@@ -238,6 +240,19 @@ int vx_enter_space(struct vx_info *vxi, 
+ 	}
+ 
+ 	proxy_new = xchg(&current->nsproxy, proxy_new);
++
++	if (mask & CLONE_NEWUSER) {
++		vxdprintk(VXD_CBIT(space, 10),
++			"vx_enter_space(%p[#%u],%p,%p) cred (%p,%p)",
++			vxi, vxi->vx_id, vxi->vx_real_cred, vxi->vx_cred,
++			current->real_cred, current->cred);
++		exit_creds(current);
++		current->real_cred = get_cred(vxi->vx_real_cred);
++		alter_cred_subscribers(current->real_cred, 1);
++		current->cred = get_cred(vxi->vx_cred);
++		alter_cred_subscribers(current->cred, 1);
++	}
++
+ 	ret = 0;
+ 
+ 	if (proxy_new)
+@@ -297,6 +312,38 @@ int vx_set_space(struct vx_info *vxi, un
+ 
+ 	proxy_new = xchg(&vxi->vx_nsproxy[index], proxy_new);
+ 	vxi->vx_nsmask[index] |= mask;
++
++	if (mask & CLONE_NEWUSER) {
++		const struct cred *cred;
++
++		vxdprintk(VXD_CBIT(space, 10),
++			"vx_set_space(%p[#%u],%p,%p) cred (%p,%p)",
++			vxi, vxi->vx_id, vxi->vx_real_cred, vxi->vx_cred,
++			current->real_cred, current->cred);
++
++		if (current->real_cred) {
++			cred = get_cred(current->real_cred);
++			alter_cred_subscribers(cred, 1);
++		} else
++			cred = NULL;
++		cred = xchg(&vxi->vx_real_cred, cred);
++		if (cred) {
++			alter_cred_subscribers(cred, -1);
++			put_cred(cred);
++		}
++
++		if (current->cred) {
++			cred = get_cred(current->cred);
++			alter_cred_subscribers(cred, 1);
++		} else
++			cred = NULL;
++		cred = xchg(&vxi->vx_cred, cred);
++		if (cred) {
++			alter_cred_subscribers(cred, -1);
++			put_cred(cred);
++		}
++	}
++
+ 	ret = 0;
+ 
+ 	if (proxy_new)
author	Arkadiusz Miśkiewicz	2010-12-02 18:43:12 (GMT)
committer	cvs2git	2012-06-24 12:13:13 (GMT)
commit	d858b99000da31fa809dadc5f0012be18672340c (patch)
tree	7a113fc0a64896002f769591d5d2641ec5ded9da
parent	9bea26c036516b82de2a7006556a930a48b45cc6 (diff)
download	kernel-d858b99000da31fa809dadc5f0012be18672340c.zip kernel-d858b99000da31fa809dadc5f0012be18672340c.tar.gz