@@ -166,7 +166,6 @@ extern int commit_creds(struct cred *);
extern void abort_creds(struct cred *);
extern const struct cred *override_creds(const struct cred *);
extern void revert_creds(const struct cred *);
-extern struct cred *clone_cred(const struct cred *old);
extern struct cred *prepare_kernel_cred(struct task_struct *);
extern int change_create_files_as(struct cred *, struct inode *);
extern int set_security_override(struct cred *, u32);
@@ -574,30 +574,38 @@ void __init cred_init(void)
}
/**
- * clone_cred - Create a new copy of a set of credentials
- * @old: Credentials to be copied
+ * prepare_kernel_cred - Prepare a set of credentials for a kernel service
+ * @daemon: A userspace daemon to be used as a reference
+ *
+ * Prepare a set of credentials for a kernel service. This can then be used to
+ * override a task's own credentials so that work can be done on behalf of that
+ * task that requires a different subjective context.
+ *
+ * @daemon is used to provide a base for the security record, but can be NULL.
+ * If @daemon is supplied, then the security data will be derived from that;
+ * otherwise they'll be set to 0 and no groups, full capabilities and no keys.
*
- * Prepare a new set of credentials that is an exact copy of @old. This can
- * optionally be modified and used to override a task's own credentials so
- * that work can be done on behalf of that task that requires a different
- * subjective context.
+ * The caller may change these controls afterwards if desired.
*
- * Returns the new credentials or NULL if @old is NULL or if out of memory.
+ * Returns the new credentials or NULL if out of memory.
*
* Does not take, and does not return holding current->cred_replace_mutex.
*/
-struct cred *clone_cred(const struct cred *old)
+struct cred *prepare_kernel_cred(struct task_struct *daemon)
{
+ const struct cred *old;
struct cred *new;
- if (!old)
- return NULL;
-
new = kmem_cache_alloc(cred_jar, GFP_KERNEL);
if (!new)
return NULL;
- kdebug("clone_cred() alloc %p", new);
+ kdebug("prepare_kernel_cred() alloc %p", new);
+
+ if (daemon)
+ old = get_task_cred(daemon);
+ else
+ old = get_cred(&init_cred);
validate_creds(old);
@@ -622,46 +630,14 @@ struct cred *clone_cred(const struct cred *old)
if (security_prepare_creds(new, old, GFP_KERNEL) < 0)
goto error;
+ put_cred(old);
validate_creds(new);
return new;
error:
put_cred(new);
- return NULL;
-}
-EXPORT_SYMBOL(clone_cred);
-
-/**
- * prepare_kernel_cred - Prepare a set of credentials for a kernel service
- * @daemon: A userspace daemon to be used as a reference
- *
- * Prepare a set of credentials for a kernel service. This can then be used to
- * override a task's own credentials so that work can be done on behalf of that
- * task that requires a different subjective context.
- *
- * @daemon is used to provide a base for the security record, but can be NULL.
- * If @daemon is supplied, then the security data will be derived from that;
- * otherwise they'll be set to 0 and no groups, full capabilities and no keys.
- *
- * The caller may change these controls afterwards if desired.
- *
- * Returns the new credentials or NULL if out of memory.
- *
- * Does not take, and does not return holding current->cred_replace_mutex.
- */
-struct cred *prepare_kernel_cred(struct task_struct *daemon)
-{
- const struct cred *old;
- struct cred *new;
-
- if (daemon)
- old = get_task_cred(daemon);
- else
- old = get_cred(&init_cred);
-
- new = clone_cred(old);
put_cred(old);
- return new;
+ return NULL;
}
EXPORT_SYMBOL(prepare_kernel_cred);
BugLink: http://bugs.launchpad.net/bugs/1659417 This reverts commit 30c0ff60defac84439cd4b5e222a247a5d4caf47 since the clone_cred() interface is no longer used. Signed-off-by: Seth Forshee <seth.forshee@canonical.com> --- include/linux/cred.h | 1 - kernel/cred.c | 68 +++++++++++++++++----------------------------------- 2 files changed, 22 insertions(+), 47 deletions(-)