git.baikalelectronics.ru Git - kernel.git/commit

author	Eric W. Biederman <ebiederm@xmission.com>
	Thu, 26 Jul 2012 12:05:21 +0000 (05:05 -0700)
committer	Eric W. Biederman <ebiederm@xmission.com>
	Tue, 20 Nov 2012 12:17:44 +0000 (04:17 -0800)
commit	34eae3a9bd7a5064a0194e3d7aba0f62af811902
tree	c86f225e8256d28271acf3ea8926e70358f3e5c1	tree \| snapshot
parent	40b12bb1c1876cc304edeefa91ae4e73469485a8	commit \| diff

userns: Kill task_user_ns

The task_user_ns function hides the fact that it is getting the user
namespace from struct cred on the task. struct cred may go away as
soon as the rcu lock is released. This leads to a race where we
can dereference a stale user namespace pointer.

To make it obvious a struct cred is involved kill task_user_ns.

To kill the race modify the users of task_user_ns to only
reference the user namespace while the rcu lock is held.

Cc: Kees Cook <keescook@chromium.org>
Cc: James Morris <james.l.morris@oracle.com>
Acked-by: Kees Cook <keescook@chromium.org>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>

include/linux/cred.h		diff \| blob \| history
kernel/ptrace.c		diff \| blob \| history
kernel/sched/core.c		diff \| blob \| history
security/yama/yama_lsm.c		diff \| blob \| history