Merge remote-tracking branch 'airlied/drm-next' into drm-intel-next-queued
[platform/kernel/linux-starfive.git] / kernel / cred.c
1 /* Task credentials management - see Documentation/security/credentials.txt
2  *
3  * Copyright (C) 2008 Red Hat, Inc. All Rights Reserved.
4  * Written by David Howells (dhowells@redhat.com)
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public Licence
8  * as published by the Free Software Foundation; either version
9  * 2 of the Licence, or (at your option) any later version.
10  */
11 #include <linux/export.h>
12 #include <linux/cred.h>
13 #include <linux/slab.h>
14 #include <linux/sched.h>
15 #include <linux/key.h>
16 #include <linux/keyctl.h>
17 #include <linux/init_task.h>
18 #include <linux/security.h>
19 #include <linux/binfmts.h>
20 #include <linux/cn_proc.h>
21
22 #if 0
23 #define kdebug(FMT, ...)                                                \
24         printk("[%-5.5s%5u] " FMT "\n",                                 \
25                current->comm, current->pid, ##__VA_ARGS__)
26 #else
27 #define kdebug(FMT, ...)                                                \
28 do {                                                                    \
29         if (0)                                                          \
30                 no_printk("[%-5.5s%5u] " FMT "\n",                      \
31                           current->comm, current->pid, ##__VA_ARGS__);  \
32 } while (0)
33 #endif
34
35 static struct kmem_cache *cred_jar;
36
37 /* init to 2 - one for init_task, one to ensure it is never freed */
38 struct group_info init_groups = { .usage = ATOMIC_INIT(2) };
39
40 /*
41  * The initial credentials for the initial task
42  */
43 struct cred init_cred = {
44         .usage                  = ATOMIC_INIT(4),
45 #ifdef CONFIG_DEBUG_CREDENTIALS
46         .subscribers            = ATOMIC_INIT(2),
47         .magic                  = CRED_MAGIC,
48 #endif
49         .uid                    = GLOBAL_ROOT_UID,
50         .gid                    = GLOBAL_ROOT_GID,
51         .suid                   = GLOBAL_ROOT_UID,
52         .sgid                   = GLOBAL_ROOT_GID,
53         .euid                   = GLOBAL_ROOT_UID,
54         .egid                   = GLOBAL_ROOT_GID,
55         .fsuid                  = GLOBAL_ROOT_UID,
56         .fsgid                  = GLOBAL_ROOT_GID,
57         .securebits             = SECUREBITS_DEFAULT,
58         .cap_inheritable        = CAP_EMPTY_SET,
59         .cap_permitted          = CAP_FULL_SET,
60         .cap_effective          = CAP_FULL_SET,
61         .cap_bset               = CAP_FULL_SET,
62         .user                   = INIT_USER,
63         .user_ns                = &init_user_ns,
64         .group_info             = &init_groups,
65 };
66
67 static inline void set_cred_subscribers(struct cred *cred, int n)
68 {
69 #ifdef CONFIG_DEBUG_CREDENTIALS
70         atomic_set(&cred->subscribers, n);
71 #endif
72 }
73
74 static inline int read_cred_subscribers(const struct cred *cred)
75 {
76 #ifdef CONFIG_DEBUG_CREDENTIALS
77         return atomic_read(&cred->subscribers);
78 #else
79         return 0;
80 #endif
81 }
82
83 static inline void alter_cred_subscribers(const struct cred *_cred, int n)
84 {
85 #ifdef CONFIG_DEBUG_CREDENTIALS
86         struct cred *cred = (struct cred *) _cred;
87
88         atomic_add(n, &cred->subscribers);
89 #endif
90 }
91
92 /*
93  * The RCU callback to actually dispose of a set of credentials
94  */
95 static void put_cred_rcu(struct rcu_head *rcu)
96 {
97         struct cred *cred = container_of(rcu, struct cred, rcu);
98
99         kdebug("put_cred_rcu(%p)", cred);
100
101 #ifdef CONFIG_DEBUG_CREDENTIALS
102         if (cred->magic != CRED_MAGIC_DEAD ||
103             atomic_read(&cred->usage) != 0 ||
104             read_cred_subscribers(cred) != 0)
105                 panic("CRED: put_cred_rcu() sees %p with"
106                       " mag %x, put %p, usage %d, subscr %d\n",
107                       cred, cred->magic, cred->put_addr,
108                       atomic_read(&cred->usage),
109                       read_cred_subscribers(cred));
110 #else
111         if (atomic_read(&cred->usage) != 0)
112                 panic("CRED: put_cred_rcu() sees %p with usage %d\n",
113                       cred, atomic_read(&cred->usage));
114 #endif
115
116         security_cred_free(cred);
117         key_put(cred->session_keyring);
118         key_put(cred->process_keyring);
119         key_put(cred->thread_keyring);
120         key_put(cred->request_key_auth);
121         if (cred->group_info)
122                 put_group_info(cred->group_info);
123         free_uid(cred->user);
124         put_user_ns(cred->user_ns);
125         kmem_cache_free(cred_jar, cred);
126 }
127
128 /**
129  * __put_cred - Destroy a set of credentials
130  * @cred: The record to release
131  *
132  * Destroy a set of credentials on which no references remain.
133  */
134 void __put_cred(struct cred *cred)
135 {
136         kdebug("__put_cred(%p{%d,%d})", cred,
137                atomic_read(&cred->usage),
138                read_cred_subscribers(cred));
139
140         BUG_ON(atomic_read(&cred->usage) != 0);
141 #ifdef CONFIG_DEBUG_CREDENTIALS
142         BUG_ON(read_cred_subscribers(cred) != 0);
143         cred->magic = CRED_MAGIC_DEAD;
144         cred->put_addr = __builtin_return_address(0);
145 #endif
146         BUG_ON(cred == current->cred);
147         BUG_ON(cred == current->real_cred);
148
149         call_rcu(&cred->rcu, put_cred_rcu);
150 }
151 EXPORT_SYMBOL(__put_cred);
152
153 /*
154  * Clean up a task's credentials when it exits
155  */
156 void exit_creds(struct task_struct *tsk)
157 {
158         struct cred *cred;
159
160         kdebug("exit_creds(%u,%p,%p,{%d,%d})", tsk->pid, tsk->real_cred, tsk->cred,
161                atomic_read(&tsk->cred->usage),
162                read_cred_subscribers(tsk->cred));
163
164         cred = (struct cred *) tsk->real_cred;
165         tsk->real_cred = NULL;
166         validate_creds(cred);
167         alter_cred_subscribers(cred, -1);
168         put_cred(cred);
169
170         cred = (struct cred *) tsk->cred;
171         tsk->cred = NULL;
172         validate_creds(cred);
173         alter_cred_subscribers(cred, -1);
174         put_cred(cred);
175 }
176
177 /**
178  * get_task_cred - Get another task's objective credentials
179  * @task: The task to query
180  *
181  * Get the objective credentials of a task, pinning them so that they can't go
182  * away.  Accessing a task's credentials directly is not permitted.
183  *
184  * The caller must also make sure task doesn't get deleted, either by holding a
185  * ref on task or by holding tasklist_lock to prevent it from being unlinked.
186  */
187 const struct cred *get_task_cred(struct task_struct *task)
188 {
189         const struct cred *cred;
190
191         rcu_read_lock();
192
193         do {
194                 cred = __task_cred((task));
195                 BUG_ON(!cred);
196         } while (!atomic_inc_not_zero(&((struct cred *)cred)->usage));
197
198         rcu_read_unlock();
199         return cred;
200 }
201
202 /*
203  * Allocate blank credentials, such that the credentials can be filled in at a
204  * later date without risk of ENOMEM.
205  */
206 struct cred *cred_alloc_blank(void)
207 {
208         struct cred *new;
209
210         new = kmem_cache_zalloc(cred_jar, GFP_KERNEL);
211         if (!new)
212                 return NULL;
213
214         atomic_set(&new->usage, 1);
215 #ifdef CONFIG_DEBUG_CREDENTIALS
216         new->magic = CRED_MAGIC;
217 #endif
218
219         if (security_cred_alloc_blank(new, GFP_KERNEL) < 0)
220                 goto error;
221
222         return new;
223
224 error:
225         abort_creds(new);
226         return NULL;
227 }
228
229 /**
230  * prepare_creds - Prepare a new set of credentials for modification
231  *
232  * Prepare a new set of task credentials for modification.  A task's creds
233  * shouldn't generally be modified directly, therefore this function is used to
234  * prepare a new copy, which the caller then modifies and then commits by
235  * calling commit_creds().
236  *
237  * Preparation involves making a copy of the objective creds for modification.
238  *
239  * Returns a pointer to the new creds-to-be if successful, NULL otherwise.
240  *
241  * Call commit_creds() or abort_creds() to clean up.
242  */
243 struct cred *prepare_creds(void)
244 {
245         struct task_struct *task = current;
246         const struct cred *old;
247         struct cred *new;
248
249         validate_process_creds();
250
251         new = kmem_cache_alloc(cred_jar, GFP_KERNEL);
252         if (!new)
253                 return NULL;
254
255         kdebug("prepare_creds() alloc %p", new);
256
257         old = task->cred;
258         memcpy(new, old, sizeof(struct cred));
259
260         atomic_set(&new->usage, 1);
261         set_cred_subscribers(new, 0);
262         get_group_info(new->group_info);
263         get_uid(new->user);
264         get_user_ns(new->user_ns);
265
266 #ifdef CONFIG_KEYS
267         key_get(new->session_keyring);
268         key_get(new->process_keyring);
269         key_get(new->thread_keyring);
270         key_get(new->request_key_auth);
271 #endif
272
273 #ifdef CONFIG_SECURITY
274         new->security = NULL;
275 #endif
276
277         if (security_prepare_creds(new, old, GFP_KERNEL) < 0)
278                 goto error;
279         validate_creds(new);
280         return new;
281
282 error:
283         abort_creds(new);
284         return NULL;
285 }
286 EXPORT_SYMBOL(prepare_creds);
287
288 /*
289  * Prepare credentials for current to perform an execve()
290  * - The caller must hold ->cred_guard_mutex
291  */
292 struct cred *prepare_exec_creds(void)
293 {
294         struct cred *new;
295
296         new = prepare_creds();
297         if (!new)
298                 return new;
299
300 #ifdef CONFIG_KEYS
301         /* newly exec'd tasks don't get a thread keyring */
302         key_put(new->thread_keyring);
303         new->thread_keyring = NULL;
304
305         /* inherit the session keyring; new process keyring */
306         key_put(new->process_keyring);
307         new->process_keyring = NULL;
308 #endif
309
310         return new;
311 }
312
313 /*
314  * Copy credentials for the new process created by fork()
315  *
316  * We share if we can, but under some circumstances we have to generate a new
317  * set.
318  *
319  * The new process gets the current process's subjective credentials as its
320  * objective and subjective credentials
321  */
322 int copy_creds(struct task_struct *p, unsigned long clone_flags)
323 {
324         struct cred *new;
325         int ret;
326
327         if (
328 #ifdef CONFIG_KEYS
329                 !p->cred->thread_keyring &&
330 #endif
331                 clone_flags & CLONE_THREAD
332             ) {
333                 p->real_cred = get_cred(p->cred);
334                 get_cred(p->cred);
335                 alter_cred_subscribers(p->cred, 2);
336                 kdebug("share_creds(%p{%d,%d})",
337                        p->cred, atomic_read(&p->cred->usage),
338                        read_cred_subscribers(p->cred));
339                 atomic_inc(&p->cred->user->processes);
340                 return 0;
341         }
342
343         new = prepare_creds();
344         if (!new)
345                 return -ENOMEM;
346
347         if (clone_flags & CLONE_NEWUSER) {
348                 ret = create_user_ns(new);
349                 if (ret < 0)
350                         goto error_put;
351         }
352
353 #ifdef CONFIG_KEYS
354         /* new threads get their own thread keyrings if their parent already
355          * had one */
356         if (new->thread_keyring) {
357                 key_put(new->thread_keyring);
358                 new->thread_keyring = NULL;
359                 if (clone_flags & CLONE_THREAD)
360                         install_thread_keyring_to_cred(new);
361         }
362
363         /* The process keyring is only shared between the threads in a process;
364          * anything outside of those threads doesn't inherit.
365          */
366         if (!(clone_flags & CLONE_THREAD)) {
367                 key_put(new->process_keyring);
368                 new->process_keyring = NULL;
369         }
370 #endif
371
372         atomic_inc(&new->user->processes);
373         p->cred = p->real_cred = get_cred(new);
374         alter_cred_subscribers(new, 2);
375         validate_creds(new);
376         return 0;
377
378 error_put:
379         put_cred(new);
380         return ret;
381 }
382
383 static bool cred_cap_issubset(const struct cred *set, const struct cred *subset)
384 {
385         const struct user_namespace *set_ns = set->user_ns;
386         const struct user_namespace *subset_ns = subset->user_ns;
387
388         /* If the two credentials are in the same user namespace see if
389          * the capabilities of subset are a subset of set.
390          */
391         if (set_ns == subset_ns)
392                 return cap_issubset(subset->cap_permitted, set->cap_permitted);
393
394         /* The credentials are in a different user namespaces
395          * therefore one is a subset of the other only if a set is an
396          * ancestor of subset and set->euid is owner of subset or one
397          * of subsets ancestors.
398          */
399         for (;subset_ns != &init_user_ns; subset_ns = subset_ns->parent) {
400                 if ((set_ns == subset_ns->parent)  &&
401                     uid_eq(subset_ns->owner, set->euid))
402                         return true;
403         }
404
405         return false;
406 }
407
408 /**
409  * commit_creds - Install new credentials upon the current task
410  * @new: The credentials to be assigned
411  *
412  * Install a new set of credentials to the current task, using RCU to replace
413  * the old set.  Both the objective and the subjective credentials pointers are
414  * updated.  This function may not be called if the subjective credentials are
415  * in an overridden state.
416  *
417  * This function eats the caller's reference to the new credentials.
418  *
419  * Always returns 0 thus allowing this function to be tail-called at the end
420  * of, say, sys_setgid().
421  */
422 int commit_creds(struct cred *new)
423 {
424         struct task_struct *task = current;
425         const struct cred *old = task->real_cred;
426
427         kdebug("commit_creds(%p{%d,%d})", new,
428                atomic_read(&new->usage),
429                read_cred_subscribers(new));
430
431         BUG_ON(task->cred != old);
432 #ifdef CONFIG_DEBUG_CREDENTIALS
433         BUG_ON(read_cred_subscribers(old) < 2);
434         validate_creds(old);
435         validate_creds(new);
436 #endif
437         BUG_ON(atomic_read(&new->usage) < 1);
438
439         get_cred(new); /* we will require a ref for the subj creds too */
440
441         /* dumpability changes */
442         if (!uid_eq(old->euid, new->euid) ||
443             !gid_eq(old->egid, new->egid) ||
444             !uid_eq(old->fsuid, new->fsuid) ||
445             !gid_eq(old->fsgid, new->fsgid) ||
446             !cred_cap_issubset(old, new)) {
447                 if (task->mm)
448                         set_dumpable(task->mm, suid_dumpable);
449                 task->pdeath_signal = 0;
450                 smp_wmb();
451         }
452
453         /* alter the thread keyring */
454         if (!uid_eq(new->fsuid, old->fsuid))
455                 key_fsuid_changed(task);
456         if (!gid_eq(new->fsgid, old->fsgid))
457                 key_fsgid_changed(task);
458
459         /* do it
460          * RLIMIT_NPROC limits on user->processes have already been checked
461          * in set_user().
462          */
463         alter_cred_subscribers(new, 2);
464         if (new->user != old->user)
465                 atomic_inc(&new->user->processes);
466         rcu_assign_pointer(task->real_cred, new);
467         rcu_assign_pointer(task->cred, new);
468         if (new->user != old->user)
469                 atomic_dec(&old->user->processes);
470         alter_cred_subscribers(old, -2);
471
472         /* send notifications */
473         if (!uid_eq(new->uid,   old->uid)  ||
474             !uid_eq(new->euid,  old->euid) ||
475             !uid_eq(new->suid,  old->suid) ||
476             !uid_eq(new->fsuid, old->fsuid))
477                 proc_id_connector(task, PROC_EVENT_UID);
478
479         if (!gid_eq(new->gid,   old->gid)  ||
480             !gid_eq(new->egid,  old->egid) ||
481             !gid_eq(new->sgid,  old->sgid) ||
482             !gid_eq(new->fsgid, old->fsgid))
483                 proc_id_connector(task, PROC_EVENT_GID);
484
485         /* release the old obj and subj refs both */
486         put_cred(old);
487         put_cred(old);
488         return 0;
489 }
490 EXPORT_SYMBOL(commit_creds);
491
492 /**
493  * abort_creds - Discard a set of credentials and unlock the current task
494  * @new: The credentials that were going to be applied
495  *
496  * Discard a set of credentials that were under construction and unlock the
497  * current task.
498  */
499 void abort_creds(struct cred *new)
500 {
501         kdebug("abort_creds(%p{%d,%d})", new,
502                atomic_read(&new->usage),
503                read_cred_subscribers(new));
504
505 #ifdef CONFIG_DEBUG_CREDENTIALS
506         BUG_ON(read_cred_subscribers(new) != 0);
507 #endif
508         BUG_ON(atomic_read(&new->usage) < 1);
509         put_cred(new);
510 }
511 EXPORT_SYMBOL(abort_creds);
512
513 /**
514  * override_creds - Override the current process's subjective credentials
515  * @new: The credentials to be assigned
516  *
517  * Install a set of temporary override subjective credentials on the current
518  * process, returning the old set for later reversion.
519  */
520 const struct cred *override_creds(const struct cred *new)
521 {
522         const struct cred *old = current->cred;
523
524         kdebug("override_creds(%p{%d,%d})", new,
525                atomic_read(&new->usage),
526                read_cred_subscribers(new));
527
528         validate_creds(old);
529         validate_creds(new);
530         get_cred(new);
531         alter_cred_subscribers(new, 1);
532         rcu_assign_pointer(current->cred, new);
533         alter_cred_subscribers(old, -1);
534
535         kdebug("override_creds() = %p{%d,%d}", old,
536                atomic_read(&old->usage),
537                read_cred_subscribers(old));
538         return old;
539 }
540 EXPORT_SYMBOL(override_creds);
541
542 /**
543  * revert_creds - Revert a temporary subjective credentials override
544  * @old: The credentials to be restored
545  *
546  * Revert a temporary set of override subjective credentials to an old set,
547  * discarding the override set.
548  */
549 void revert_creds(const struct cred *old)
550 {
551         const struct cred *override = current->cred;
552
553         kdebug("revert_creds(%p{%d,%d})", old,
554                atomic_read(&old->usage),
555                read_cred_subscribers(old));
556
557         validate_creds(old);
558         validate_creds(override);
559         alter_cred_subscribers(old, 1);
560         rcu_assign_pointer(current->cred, old);
561         alter_cred_subscribers(override, -1);
562         put_cred(override);
563 }
564 EXPORT_SYMBOL(revert_creds);
565
566 /*
567  * initialise the credentials stuff
568  */
569 void __init cred_init(void)
570 {
571         /* allocate a slab in which we can store credentials */
572         cred_jar = kmem_cache_create("cred_jar", sizeof(struct cred), 0,
573                         SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_ACCOUNT, NULL);
574 }
575
576 /**
577  * prepare_kernel_cred - Prepare a set of credentials for a kernel service
578  * @daemon: A userspace daemon to be used as a reference
579  *
580  * Prepare a set of credentials for a kernel service.  This can then be used to
581  * override a task's own credentials so that work can be done on behalf of that
582  * task that requires a different subjective context.
583  *
584  * @daemon is used to provide a base for the security record, but can be NULL.
585  * If @daemon is supplied, then the security data will be derived from that;
586  * otherwise they'll be set to 0 and no groups, full capabilities and no keys.
587  *
588  * The caller may change these controls afterwards if desired.
589  *
590  * Returns the new credentials or NULL if out of memory.
591  *
592  * Does not take, and does not return holding current->cred_replace_mutex.
593  */
594 struct cred *prepare_kernel_cred(struct task_struct *daemon)
595 {
596         const struct cred *old;
597         struct cred *new;
598
599         new = kmem_cache_alloc(cred_jar, GFP_KERNEL);
600         if (!new)
601                 return NULL;
602
603         kdebug("prepare_kernel_cred() alloc %p", new);
604
605         if (daemon)
606                 old = get_task_cred(daemon);
607         else
608                 old = get_cred(&init_cred);
609
610         validate_creds(old);
611
612         *new = *old;
613         atomic_set(&new->usage, 1);
614         set_cred_subscribers(new, 0);
615         get_uid(new->user);
616         get_user_ns(new->user_ns);
617         get_group_info(new->group_info);
618
619 #ifdef CONFIG_KEYS
620         new->session_keyring = NULL;
621         new->process_keyring = NULL;
622         new->thread_keyring = NULL;
623         new->request_key_auth = NULL;
624         new->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING;
625 #endif
626
627 #ifdef CONFIG_SECURITY
628         new->security = NULL;
629 #endif
630         if (security_prepare_creds(new, old, GFP_KERNEL) < 0)
631                 goto error;
632
633         put_cred(old);
634         validate_creds(new);
635         return new;
636
637 error:
638         put_cred(new);
639         put_cred(old);
640         return NULL;
641 }
642 EXPORT_SYMBOL(prepare_kernel_cred);
643
644 /**
645  * set_security_override - Set the security ID in a set of credentials
646  * @new: The credentials to alter
647  * @secid: The LSM security ID to set
648  *
649  * Set the LSM security ID in a set of credentials so that the subjective
650  * security is overridden when an alternative set of credentials is used.
651  */
652 int set_security_override(struct cred *new, u32 secid)
653 {
654         return security_kernel_act_as(new, secid);
655 }
656 EXPORT_SYMBOL(set_security_override);
657
658 /**
659  * set_security_override_from_ctx - Set the security ID in a set of credentials
660  * @new: The credentials to alter
661  * @secctx: The LSM security context to generate the security ID from.
662  *
663  * Set the LSM security ID in a set of credentials so that the subjective
664  * security is overridden when an alternative set of credentials is used.  The
665  * security ID is specified in string form as a security context to be
666  * interpreted by the LSM.
667  */
668 int set_security_override_from_ctx(struct cred *new, const char *secctx)
669 {
670         u32 secid;
671         int ret;
672
673         ret = security_secctx_to_secid(secctx, strlen(secctx), &secid);
674         if (ret < 0)
675                 return ret;
676
677         return set_security_override(new, secid);
678 }
679 EXPORT_SYMBOL(set_security_override_from_ctx);
680
681 /**
682  * set_create_files_as - Set the LSM file create context in a set of credentials
683  * @new: The credentials to alter
684  * @inode: The inode to take the context from
685  *
686  * Change the LSM file creation context in a set of credentials to be the same
687  * as the object context of the specified inode, so that the new inodes have
688  * the same MAC context as that inode.
689  */
690 int set_create_files_as(struct cred *new, struct inode *inode)
691 {
692         if (!uid_valid(inode->i_uid) || !gid_valid(inode->i_gid))
693                 return -EINVAL;
694         new->fsuid = inode->i_uid;
695         new->fsgid = inode->i_gid;
696         return security_kernel_create_files_as(new, inode);
697 }
698 EXPORT_SYMBOL(set_create_files_as);
699
700 #ifdef CONFIG_DEBUG_CREDENTIALS
701
702 bool creds_are_invalid(const struct cred *cred)
703 {
704         if (cred->magic != CRED_MAGIC)
705                 return true;
706 #ifdef CONFIG_SECURITY_SELINUX
707         /*
708          * cred->security == NULL if security_cred_alloc_blank() or
709          * security_prepare_creds() returned an error.
710          */
711         if (selinux_is_enabled() && cred->security) {
712                 if ((unsigned long) cred->security < PAGE_SIZE)
713                         return true;
714                 if ((*(u32 *)cred->security & 0xffffff00) ==
715                     (POISON_FREE << 24 | POISON_FREE << 16 | POISON_FREE << 8))
716                         return true;
717         }
718 #endif
719         return false;
720 }
721 EXPORT_SYMBOL(creds_are_invalid);
722
723 /*
724  * dump invalid credentials
725  */
726 static void dump_invalid_creds(const struct cred *cred, const char *label,
727                                const struct task_struct *tsk)
728 {
729         printk(KERN_ERR "CRED: %s credentials: %p %s%s%s\n",
730                label, cred,
731                cred == &init_cred ? "[init]" : "",
732                cred == tsk->real_cred ? "[real]" : "",
733                cred == tsk->cred ? "[eff]" : "");
734         printk(KERN_ERR "CRED: ->magic=%x, put_addr=%p\n",
735                cred->magic, cred->put_addr);
736         printk(KERN_ERR "CRED: ->usage=%d, subscr=%d\n",
737                atomic_read(&cred->usage),
738                read_cred_subscribers(cred));
739         printk(KERN_ERR "CRED: ->*uid = { %d,%d,%d,%d }\n",
740                 from_kuid_munged(&init_user_ns, cred->uid),
741                 from_kuid_munged(&init_user_ns, cred->euid),
742                 from_kuid_munged(&init_user_ns, cred->suid),
743                 from_kuid_munged(&init_user_ns, cred->fsuid));
744         printk(KERN_ERR "CRED: ->*gid = { %d,%d,%d,%d }\n",
745                 from_kgid_munged(&init_user_ns, cred->gid),
746                 from_kgid_munged(&init_user_ns, cred->egid),
747                 from_kgid_munged(&init_user_ns, cred->sgid),
748                 from_kgid_munged(&init_user_ns, cred->fsgid));
749 #ifdef CONFIG_SECURITY
750         printk(KERN_ERR "CRED: ->security is %p\n", cred->security);
751         if ((unsigned long) cred->security >= PAGE_SIZE &&
752             (((unsigned long) cred->security & 0xffffff00) !=
753              (POISON_FREE << 24 | POISON_FREE << 16 | POISON_FREE << 8)))
754                 printk(KERN_ERR "CRED: ->security {%x, %x}\n",
755                        ((u32*)cred->security)[0],
756                        ((u32*)cred->security)[1]);
757 #endif
758 }
759
760 /*
761  * report use of invalid credentials
762  */
763 void __invalid_creds(const struct cred *cred, const char *file, unsigned line)
764 {
765         printk(KERN_ERR "CRED: Invalid credentials\n");
766         printk(KERN_ERR "CRED: At %s:%u\n", file, line);
767         dump_invalid_creds(cred, "Specified", current);
768         BUG();
769 }
770 EXPORT_SYMBOL(__invalid_creds);
771
772 /*
773  * check the credentials on a process
774  */
775 void __validate_process_creds(struct task_struct *tsk,
776                               const char *file, unsigned line)
777 {
778         if (tsk->cred == tsk->real_cred) {
779                 if (unlikely(read_cred_subscribers(tsk->cred) < 2 ||
780                              creds_are_invalid(tsk->cred)))
781                         goto invalid_creds;
782         } else {
783                 if (unlikely(read_cred_subscribers(tsk->real_cred) < 1 ||
784                              read_cred_subscribers(tsk->cred) < 1 ||
785                              creds_are_invalid(tsk->real_cred) ||
786                              creds_are_invalid(tsk->cred)))
787                         goto invalid_creds;
788         }
789         return;
790
791 invalid_creds:
792         printk(KERN_ERR "CRED: Invalid process credentials\n");
793         printk(KERN_ERR "CRED: At %s:%u\n", file, line);
794
795         dump_invalid_creds(tsk->real_cred, "Real", tsk);
796         if (tsk->cred != tsk->real_cred)
797                 dump_invalid_creds(tsk->cred, "Effective", tsk);
798         else
799                 printk(KERN_ERR "CRED: Effective creds == Real creds\n");
800         BUG();
801 }
802 EXPORT_SYMBOL(__validate_process_creds);
803
804 /*
805  * check creds for do_exit()
806  */
807 void validate_creds_for_do_exit(struct task_struct *tsk)
808 {
809         kdebug("validate_creds_for_do_exit(%p,%p{%d,%d})",
810                tsk->real_cred, tsk->cred,
811                atomic_read(&tsk->cred->usage),
812                read_cred_subscribers(tsk->cred));
813
814         __validate_process_creds(tsk, __FILE__, __LINE__);
815 }
816
817 #endif /* CONFIG_DEBUG_CREDENTIALS */