[PATCH 2/3 RESEND] cred: Do not use RCU primitives to access cred pointer

Thu, 02 Apr 2020 06:29:52 -0700 

Since task_struct::cred can only be used task-synchronously,
and is not visible to other threads under RCU context,
we do not require RCU primitives to read/write to it and incur
heavy barriers.

Suggested-by: Jann Horn <[email protected]>
Co-developed-by: Joel Fernandes (Google) <[email protected]>
Signed-off-by: Joel Fernandes (Google) <[email protected]>
Signed-off-by: Amol Grover <[email protected]>
---
 include/linux/cred.h | 5 ++---
 kernel/cred.c        | 6 +++---
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/include/linux/cred.h b/include/linux/cred.h
index 18639c069263..5973791e5fe4 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -291,11 +291,10 @@ static inline void put_cred(const struct cred *_cred)
 /**
  * current_cred - Access the current task's subjective credentials
  *
- * Access the subjective credentials of the current task.  RCU-safe,
- * since nobody else can modify it.
+ * Access the subjective credentials of the current task.
  */
 #define current_cred() \
-       rcu_dereference_protected(current->cred, 1)
+       (current->cred)
 
 /**
  * current_real_cred - Access the current task's objective credentials
diff --git a/kernel/cred.c b/kernel/cred.c
index 809a985b1793..3956c31d068d 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -485,7 +485,7 @@ int commit_creds(struct cred *new)
        if (new->user != old->user)
                atomic_inc(&new->user->processes);
        rcu_assign_pointer(task->real_cred, new);
-       rcu_assign_pointer(task->cred, new);
+       task->cred = new;
        if (new->user != old->user)
                atomic_dec(&old->user->processes);
        alter_cred_subscribers(old, -2);
@@ -562,7 +562,7 @@ const struct cred *override_creds(const struct cred *new)
         */
        get_new_cred((struct cred *)new);
        alter_cred_subscribers(new, 1);
-       rcu_assign_pointer(current->cred, new);
+       current->cred = new;
        alter_cred_subscribers(old, -1);
 
        kdebug("override_creds() = %p{%d,%d}", old,
@@ -590,7 +590,7 @@ void revert_creds(const struct cred *old)
        validate_creds(old);
        validate_creds(override);
        alter_cred_subscribers(old, 1);
-       rcu_assign_pointer(current->cred, old);
+       current->cred = old;
        alter_cred_subscribers(override, -1);
        put_cred(override);
 }
-- 
2.24.1


--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit

Reply via email to