diff options
author | Arkadiusz Miśkiewicz | 2010-12-02 18:43:12 (GMT) |
---|---|---|
committer | cvs2git | 2012-06-24 12:13:13 (GMT) |
commit | d858b99000da31fa809dadc5f0012be18672340c (patch) | |
tree | 7a113fc0a64896002f769591d5d2641ec5ded9da | |
parent | 9bea26c036516b82de2a7006556a930a48b45cc6 (diff) | |
download | kernel-d858b99000da31fa809dadc5f0012be18672340c.zip kernel-d858b99000da31fa809dadc5f0012be18672340c.tar.gz |
- fix creds
Changed files:
kernel-vserver-fixes.patch -> 1.18
-rw-r--r-- | kernel-vserver-fixes.patch | 233 |
1 files changed, 233 insertions, 0 deletions
diff --git a/kernel-vserver-fixes.patch b/kernel-vserver-fixes.patch index 15424a4..38368f4 100644 --- a/kernel-vserver-fixes.patch +++ b/kernel-vserver-fixes.patch @@ -44,3 +44,236 @@ Missing header for routes patch, caused vs2.3 route.h mixing return ret; } - +diff -NurpP linux-2.6.36-vs2.3.0.36.38/include/linux/cred.h linux-2.6.36-vs2.3.0.36.38.2/include/linux/cred.h +--- linux-2.6.36-vs2.3.0.36.38/include/linux/cred.h 2010-08-02 16:52:53.000000000 +0200 ++++ linux-2.6.36-vs2.3.0.36.38.2/include/linux/cred.h 2010-12-01 17:26:52.000000000 +0100 +@@ -208,6 +208,31 @@ static inline void validate_process_cred + } + #endif + ++static inline void set_cred_subscribers(struct cred *cred, int n) ++{ ++#ifdef CONFIG_DEBUG_CREDENTIALS ++ atomic_set(&cred->subscribers, n); ++#endif ++} ++ ++static inline int read_cred_subscribers(const struct cred *cred) ++{ ++#ifdef CONFIG_DEBUG_CREDENTIALS ++ return atomic_read(&cred->subscribers); ++#else ++ return 0; ++#endif ++} ++ ++static inline void alter_cred_subscribers(const struct cred *_cred, int n) ++{ ++#ifdef CONFIG_DEBUG_CREDENTIALS ++ struct cred *cred = (struct cred *) _cred; ++ ++ atomic_add(n, &cred->subscribers); ++#endif ++} ++ + /** + * get_new_cred - Get a reference on a new set of credentials + * @cred: The new credentials to reference +diff -NurpP linux-2.6.36-vs2.3.0.36.38/include/linux/vserver/context.h linux-2.6.36-vs2.3.0.36.38.2/include/linux/vserver/context.h +--- linux-2.6.36-vs2.3.0.36.38/include/linux/vserver/context.h 2010-10-21 13:09:36.000000000 +0200 ++++ linux-2.6.36-vs2.3.0.36.38.2/include/linux/vserver/context.h 2010-12-01 17:36:51.000000000 +0100 +@@ -110,6 +110,8 @@ struct vx_info { + unsigned long vx_nsmask[VX_SPACES]; /* assignment mask */ + struct nsproxy *vx_nsproxy[VX_SPACES]; /* private namespaces */ + struct fs_struct *vx_fs[VX_SPACES]; /* private namespace fs */ ++ const struct cred *vx_real_cred; /* real task credentials */ ++ const struct cred *vx_cred; /* task credentials */ + + uint64_t vx_flags; /* context flags */ + uint64_t vx_ccaps; /* context caps (vserver) */ +diff -NurpP linux-2.6.36-vs2.3.0.36.38/kernel/cred.c linux-2.6.36-vs2.3.0.36.38.2/kernel/cred.c +--- linux-2.6.36-vs2.3.0.36.38/kernel/cred.c 2010-10-21 13:07:56.000000000 +0200 ++++ linux-2.6.36-vs2.3.0.36.38.2/kernel/cred.c 2010-12-01 17:25:55.000000000 +0100 +@@ -60,31 +60,6 @@ struct cred init_cred = { + #endif + }; + +-static inline void set_cred_subscribers(struct cred *cred, int n) +-{ +-#ifdef CONFIG_DEBUG_CREDENTIALS +- atomic_set(&cred->subscribers, n); +-#endif +-} +- +-static inline int read_cred_subscribers(const struct cred *cred) +-{ +-#ifdef CONFIG_DEBUG_CREDENTIALS +- return atomic_read(&cred->subscribers); +-#else +- return 0; +-#endif +-} +- +-static inline void alter_cred_subscribers(const struct cred *_cred, int n) +-{ +-#ifdef CONFIG_DEBUG_CREDENTIALS +- struct cred *cred = (struct cred *) _cred; +- +- atomic_add(n, &cred->subscribers); +-#endif +-} +- + /* + * Dispose of the shared task group credentials + */ +diff -NurpP linux-2.6.36-vs2.3.0.36.38/kernel/vserver/context.c linux-2.6.36-vs2.3.0.36.38.2/kernel/vserver/context.c +--- linux-2.6.36-vs2.3.0.36.38/kernel/vserver/context.c 2010-10-21 14:39:59.000000000 +0200 ++++ linux-2.6.36-vs2.3.0.36.38.2/kernel/vserver/context.c 2010-12-01 20:34:45.000000000 +0100 +@@ -3,7 +3,7 @@ + * + * Virtual Server: Context Support + * +- * Copyright (C) 2003-2007 Herbert Pötzl ++ * Copyright (C) 2003-2010 Herbert Pötzl + * + * V0.01 context helper + * V0.02 vx_ctx_kill syscall command +@@ -22,6 +22,7 @@ + * V0.15 added context stat + * V0.16 have __create claim() the vxi + * V0.17 removed older and legacy stuff ++ * V0.18 added user credentials + * + */ + +@@ -38,6 +39,7 @@ + #include <linux/vserver/space.h> + #include <linux/init_task.h> + #include <linux/fs_struct.h> ++#include <linux/cred.h> + + #include <linux/vs_context.h> + #include <linux/vs_limit.h> +@@ -127,6 +129,10 @@ static struct vx_info *__alloc_vx_info(x + new->vx_fs[index] = &init_fs; + } + ++ /* FIXME: we want defaults */ ++ new->vx_real_cred = 0; ++ new->vx_cred = 0; ++ + vxdprintk(VXD_CBIT(xid, 0), + "alloc_vx_info(%d) = %p", xid, new); + vxh_alloc_vx_info(new); +@@ -183,6 +189,7 @@ static void __shutdown_vx_info(struct vx + { + struct nsproxy *nsproxy; + struct fs_struct *fs; ++ const struct cred *cred; + int index, kill; + + might_sleep(); +@@ -202,6 +209,18 @@ static void __shutdown_vx_info(struct vx + if (kill) + free_fs_struct(fs); + } ++ ++ cred = xchg(&vxi->vx_real_cred, NULL); ++ if (cred) { ++ alter_cred_subscribers(cred, -1); ++ put_cred(cred); ++ } ++ ++ cred = xchg(&vxi->vx_cred, NULL); ++ if (cred) { ++ alter_cred_subscribers(cred, -1); ++ put_cred(cred); ++ } + } + + /* exported stuff */ +diff -NurpP linux-2.6.36-vs2.3.0.36.38/kernel/vserver/space.c linux-2.6.36-vs2.3.0.36.38.2/kernel/vserver/space.c +--- linux-2.6.36-vs2.3.0.36.38/kernel/vserver/space.c 2010-10-21 14:41:06.000000000 +0200 ++++ linux-2.6.36-vs2.3.0.36.38.2/kernel/vserver/space.c 2010-12-01 20:39:35.000000000 +0100 +@@ -3,12 +3,13 @@ + * + * Virtual Server: Context Space Support + * +- * Copyright (C) 2003-2007 Herbert Pötzl ++ * Copyright (C) 2003-2010 Herbert Pötzl + * + * V0.01 broken out from context.c 0.07 + * V0.02 added task locking for namespace + * V0.03 broken out vx_enter_namespace + * V0.04 added *space support and commands ++ * V0.05 added credential support + * + */ + +@@ -16,6 +17,7 @@ + #include <linux/nsproxy.h> + #include <linux/err.h> + #include <linux/fs_struct.h> ++#include <linux/cred.h> + #include <asm/uaccess.h> + + #include <linux/vs_context.h> +@@ -238,6 +240,19 @@ int vx_enter_space(struct vx_info *vxi, + } + + proxy_new = xchg(¤t->nsproxy, proxy_new); ++ ++ if (mask & CLONE_NEWUSER) { ++ vxdprintk(VXD_CBIT(space, 10), ++ "vx_enter_space(%p[#%u],%p,%p) cred (%p,%p)", ++ vxi, vxi->vx_id, vxi->vx_real_cred, vxi->vx_cred, ++ current->real_cred, current->cred); ++ exit_creds(current); ++ current->real_cred = get_cred(vxi->vx_real_cred); ++ alter_cred_subscribers(current->real_cred, 1); ++ current->cred = get_cred(vxi->vx_cred); ++ alter_cred_subscribers(current->cred, 1); ++ } ++ + ret = 0; + + if (proxy_new) +@@ -297,6 +312,38 @@ int vx_set_space(struct vx_info *vxi, un + + proxy_new = xchg(&vxi->vx_nsproxy[index], proxy_new); + vxi->vx_nsmask[index] |= mask; ++ ++ if (mask & CLONE_NEWUSER) { ++ const struct cred *cred; ++ ++ vxdprintk(VXD_CBIT(space, 10), ++ "vx_set_space(%p[#%u],%p,%p) cred (%p,%p)", ++ vxi, vxi->vx_id, vxi->vx_real_cred, vxi->vx_cred, ++ current->real_cred, current->cred); ++ ++ if (current->real_cred) { ++ cred = get_cred(current->real_cred); ++ alter_cred_subscribers(cred, 1); ++ } else ++ cred = NULL; ++ cred = xchg(&vxi->vx_real_cred, cred); ++ if (cred) { ++ alter_cred_subscribers(cred, -1); ++ put_cred(cred); ++ } ++ ++ if (current->cred) { ++ cred = get_cred(current->cred); ++ alter_cred_subscribers(cred, 1); ++ } else ++ cred = NULL; ++ cred = xchg(&vxi->vx_cred, cred); ++ if (cred) { ++ alter_cred_subscribers(cred, -1); ++ put_cred(cred); ++ } ++ } ++ + ret = 0; + + if (proxy_new) |