From owner-svn-src-stable@freebsd.org Mon Jun 27 21:25:03 2016 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E816EB85EA8; Mon, 27 Jun 2016 21:25:03 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B34BE24F9; Mon, 27 Jun 2016 21:25:03 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u5RLP2Cd019145; Mon, 27 Jun 2016 21:25:02 GMT (envelope-from bdrewery@FreeBSD.org) Received: (from bdrewery@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u5RLP1JC019131; Mon, 27 Jun 2016 21:25:01 GMT (envelope-from bdrewery@FreeBSD.org) Message-Id: <201606272125.u5RLP1JC019131@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bdrewery set sender to bdrewery@FreeBSD.org using -f From: Bryan Drewery Date: Mon, 27 Jun 2016 21:25:01 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r302229 - in stable/10/sys: compat/linux kern security/audit security/mac security/mac_lomac sys X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Jun 2016 21:25:04 -0000 Author: bdrewery Date: Mon Jun 27 21:25:01 2016 New Revision: 302229 URL: https://svnweb.freebsd.org/changeset/base/302229 Log: MFC r280130: cred: add proc_set_cred helper Modified: stable/10/sys/compat/linux/linux_misc.c stable/10/sys/compat/linux/linux_uid16.c stable/10/sys/kern/init_main.c stable/10/sys/kern/kern_exec.c stable/10/sys/kern/kern_exit.c stable/10/sys/kern/kern_fork.c stable/10/sys/kern/kern_jail.c stable/10/sys/kern/kern_loginclass.c stable/10/sys/kern/kern_prot.c stable/10/sys/kern/sys_capability.c stable/10/sys/security/audit/audit_syscalls.c stable/10/sys/security/mac/mac_syscalls.c stable/10/sys/security/mac_lomac/mac_lomac.c stable/10/sys/sys/ucred.h Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/compat/linux/linux_misc.c ============================================================================== --- stable/10/sys/compat/linux/linux_misc.c Mon Jun 27 20:54:02 2016 (r302228) +++ stable/10/sys/compat/linux/linux_misc.c Mon Jun 27 21:25:01 2016 (r302229) @@ -1338,7 +1338,7 @@ linux_setgroups(struct thread *td, struc newcred->cr_ngroups = 1; setsugid(p); - p->p_ucred = newcred; + proc_set_cred(p, newcred); PROC_UNLOCK(p); crfree(oldcred); error = 0; Modified: stable/10/sys/compat/linux/linux_uid16.c ============================================================================== --- stable/10/sys/compat/linux/linux_uid16.c Mon Jun 27 20:54:02 2016 (r302228) +++ stable/10/sys/compat/linux/linux_uid16.c Mon Jun 27 21:25:01 2016 (r302229) @@ -214,7 +214,7 @@ linux_setgroups16(struct thread *td, str newcred->cr_ngroups = 1; setsugid(td->td_proc); - p->p_ucred = newcred; + proc_set_cred(p, newcred); PROC_UNLOCK(p); crfree(oldcred); error = 0; Modified: stable/10/sys/kern/init_main.c ============================================================================== --- stable/10/sys/kern/init_main.c Mon Jun 27 20:54:02 2016 (r302228) +++ stable/10/sys/kern/init_main.c Mon Jun 27 21:25:01 2016 (r302229) @@ -437,6 +437,7 @@ proc0_init(void *dummy __unused) { struct proc *p; struct thread *td; + struct ucred *newcred; vm_paddr_t pageablemem; int i; @@ -513,19 +514,20 @@ proc0_init(void *dummy __unused) callout_init(&td->td_slpcallout, CALLOUT_MPSAFE); /* Create credentials. */ - p->p_ucred = crget(); - p->p_ucred->cr_ngroups = 1; /* group 0 */ - p->p_ucred->cr_uidinfo = uifind(0); - p->p_ucred->cr_ruidinfo = uifind(0); - p->p_ucred->cr_prison = &prison0; - p->p_ucred->cr_loginclass = loginclass_find("default"); + newcred = crget(); + newcred->cr_ngroups = 1; /* group 0 */ + newcred->cr_uidinfo = uifind(0); + newcred->cr_ruidinfo = uifind(0); + newcred->cr_prison = &prison0; + newcred->cr_loginclass = loginclass_find("default"); + proc_set_cred(p, newcred); #ifdef AUDIT - audit_cred_kproc0(p->p_ucred); + audit_cred_kproc0(newcred); #endif #ifdef MAC - mac_cred_create_swapper(p->p_ucred); + mac_cred_create_swapper(newcred); #endif - td->td_ucred = crhold(p->p_ucred); + td->td_ucred = crhold(newcred); /* Create sigacts. */ p->p_sigacts = sigacts_alloc(); @@ -844,7 +846,7 @@ create_init(const void *udata __unused) #ifdef AUDIT audit_cred_proc1(newcred); #endif - initproc->p_ucred = newcred; + proc_set_cred(initproc, newcred); PROC_UNLOCK(initproc); sx_xunlock(&proctree_lock); crfree(oldcred); Modified: stable/10/sys/kern/kern_exec.c ============================================================================== --- stable/10/sys/kern/kern_exec.c Mon Jun 27 20:54:02 2016 (r302228) +++ stable/10/sys/kern/kern_exec.c Mon Jun 27 21:25:01 2016 (r302229) @@ -751,7 +751,7 @@ interpret: */ change_svuid(newcred, newcred->cr_uid); change_svgid(newcred, newcred->cr_gid); - p->p_ucred = newcred; + proc_set_cred(p, newcred); } else { if (oldcred->cr_uid == oldcred->cr_ruid && oldcred->cr_gid == oldcred->cr_rgid) @@ -777,7 +777,7 @@ interpret: PROC_LOCK(p); change_svuid(newcred, newcred->cr_uid); change_svgid(newcred, newcred->cr_gid); - p->p_ucred = newcred; + proc_set_cred(p, newcred); } } Modified: stable/10/sys/kern/kern_exit.c ============================================================================== --- stable/10/sys/kern/kern_exit.c Mon Jun 27 20:54:02 2016 (r302228) +++ stable/10/sys/kern/kern_exit.c Mon Jun 27 21:25:01 2016 (r302229) @@ -937,7 +937,7 @@ proc_reap(struct thread *td, struct proc * Free credentials, arguments, and sigacts. */ crfree(p->p_ucred); - p->p_ucred = NULL; + proc_set_cred(p, NULL); pargs_drop(p->p_args); p->p_args = NULL; sigacts_free(p->p_sigacts); Modified: stable/10/sys/kern/kern_fork.c ============================================================================== --- stable/10/sys/kern/kern_fork.c Mon Jun 27 20:54:02 2016 (r302228) +++ stable/10/sys/kern/kern_fork.c Mon Jun 27 21:25:01 2016 (r302229) @@ -413,7 +413,8 @@ do_fork(struct thread *td, int flags, st p2->p_treeflag = 0; p2->p_filemon = NULL; - p2->p_ucred = crhold(td->td_ucred); + crhold(td->td_ucred); + proc_set_cred(p2, td->td_ucred); /* Tell the prison that we exist. */ prison_proc_hold(p2->p_ucred->cr_prison); @@ -913,7 +914,7 @@ fork1(struct thread *td, int flags, int * XXX: This is ugly; when we copy resource usage, we need to bump * per-cred resource counters. */ - newproc->p_ucred = p1->p_ucred; + proc_set_cred(newproc, p1->p_ucred); /* * Initialize resource accounting for the child process. Modified: stable/10/sys/kern/kern_jail.c ============================================================================== --- stable/10/sys/kern/kern_jail.c Mon Jun 27 20:54:02 2016 (r302228) +++ stable/10/sys/kern/kern_jail.c Mon Jun 27 21:25:01 2016 (r302229) @@ -2476,7 +2476,7 @@ do_jail_attach(struct thread *td, struct PROC_LOCK(p); oldcred = crcopysafe(p, newcred); newcred->cr_prison = pr; - p->p_ucred = newcred; + proc_set_cred(p, newcred); setsugid(p); PROC_UNLOCK(p); #ifdef RACCT Modified: stable/10/sys/kern/kern_loginclass.c ============================================================================== --- stable/10/sys/kern/kern_loginclass.c Mon Jun 27 20:54:02 2016 (r302228) +++ stable/10/sys/kern/kern_loginclass.c Mon Jun 27 21:25:01 2016 (r302229) @@ -205,7 +205,7 @@ sys_setloginclass(struct thread *td, str PROC_LOCK(p); oldcred = crcopysafe(p, newcred); newcred->cr_loginclass = newlc; - p->p_ucred = newcred; + proc_set_cred(p, newcred); PROC_UNLOCK(p); #ifdef RACCT racct_proc_ucred_changed(p, oldcred, newcred); Modified: stable/10/sys/kern/kern_prot.c ============================================================================== --- stable/10/sys/kern/kern_prot.c Mon Jun 27 20:54:02 2016 (r302228) +++ stable/10/sys/kern/kern_prot.c Mon Jun 27 21:25:01 2016 (r302229) @@ -582,7 +582,7 @@ sys_setuid(struct thread *td, struct set change_euid(newcred, uip); setsugid(p); } - p->p_ucred = newcred; + proc_set_cred(p, newcred); PROC_UNLOCK(p); #ifdef RACCT racct_proc_ucred_changed(p, oldcred, newcred); @@ -641,7 +641,7 @@ sys_seteuid(struct thread *td, struct se change_euid(newcred, euip); setsugid(p); } - p->p_ucred = newcred; + proc_set_cred(p, newcred); PROC_UNLOCK(p); uifree(euip); crfree(oldcred); @@ -741,7 +741,7 @@ sys_setgid(struct thread *td, struct set change_egid(newcred, gid); setsugid(p); } - p->p_ucred = newcred; + proc_set_cred(p, newcred); PROC_UNLOCK(p); crfree(oldcred); return (0); @@ -787,7 +787,7 @@ sys_setegid(struct thread *td, struct se change_egid(newcred, egid); setsugid(p); } - p->p_ucred = newcred; + proc_set_cred(p, newcred); PROC_UNLOCK(p); crfree(oldcred); return (0); @@ -860,7 +860,7 @@ kern_setgroups(struct thread *td, u_int crsetgroups_locked(newcred, ngrp, groups); } setsugid(p); - p->p_ucred = newcred; + proc_set_cred(p, newcred); PROC_UNLOCK(p); crfree(oldcred); return (0); @@ -923,7 +923,7 @@ sys_setreuid(register struct thread *td, change_svuid(newcred, newcred->cr_uid); setsugid(p); } - p->p_ucred = newcred; + proc_set_cred(p, newcred); PROC_UNLOCK(p); #ifdef RACCT racct_proc_ucred_changed(p, oldcred, newcred); @@ -990,7 +990,7 @@ sys_setregid(register struct thread *td, change_svgid(newcred, newcred->cr_groups[0]); setsugid(p); } - p->p_ucred = newcred; + proc_set_cred(p, newcred); PROC_UNLOCK(p); crfree(oldcred); return (0); @@ -1064,7 +1064,7 @@ sys_setresuid(register struct thread *td change_svuid(newcred, suid); setsugid(p); } - p->p_ucred = newcred; + proc_set_cred(p, newcred); PROC_UNLOCK(p); #ifdef RACCT racct_proc_ucred_changed(p, oldcred, newcred); @@ -1143,7 +1143,7 @@ sys_setresgid(register struct thread *td change_svgid(newcred, sgid); setsugid(p); } - p->p_ucred = newcred; + proc_set_cred(p, newcred); PROC_UNLOCK(p); crfree(oldcred); return (0); @@ -1956,6 +1956,31 @@ cred_update_thread(struct thread *td) crfree(cred); } +/* + * Change process credentials. + * Callers are responsible for providing the reference for current credentials + * and for freeing old ones. + * + * Process has to be locked except when it does not have credentials (as it + * should not be visible just yet) or when newcred is NULL (as this can be + * only used when the process is about to be freed, at which point it should + * not be visible anymore). + */ +struct ucred * +proc_set_cred(struct proc *p, struct ucred *newcred) +{ + struct ucred *oldcred; + + if (newcred == NULL) + MPASS(p->p_state == PRS_ZOMBIE); + else if (p->p_ucred != NULL) + PROC_LOCK_ASSERT(p, MA_OWNED); + + oldcred = p->p_ucred; + p->p_ucred = newcred; + return (oldcred); +} + struct ucred * crcopysafe(struct proc *p, struct ucred *cr) { Modified: stable/10/sys/kern/sys_capability.c ============================================================================== --- stable/10/sys/kern/sys_capability.c Mon Jun 27 20:54:02 2016 (r302228) +++ stable/10/sys/kern/sys_capability.c Mon Jun 27 21:25:01 2016 (r302229) @@ -105,7 +105,7 @@ sys_cap_enter(struct thread *td, struct oldcred = p->p_ucred; crcopy(newcred, oldcred); newcred->cr_flags |= CRED_FLAG_CAPMODE; - p->p_ucred = newcred; + proc_set_cred(p, newcred); PROC_UNLOCK(p); crfree(oldcred); return (0); Modified: stable/10/sys/security/audit/audit_syscalls.c ============================================================================== --- stable/10/sys/security/audit/audit_syscalls.c Mon Jun 27 20:54:02 2016 (r302228) +++ stable/10/sys/security/audit/audit_syscalls.c Mon Jun 27 21:25:01 2016 (r302229) @@ -461,7 +461,7 @@ sys_auditon(struct thread *td, struct au udata.au_aupinfo.ap_mask.am_success; newcred->cr_audit.ai_mask.am_failure = udata.au_aupinfo.ap_mask.am_failure; - tp->p_ucred = newcred; + proc_set_cred(tp, newcred); PROC_UNLOCK(tp); crfree(oldcred); break; @@ -600,7 +600,7 @@ sys_setauid(struct thread *td, struct se if (error) goto fail; newcred->cr_audit.ai_auid = id; - td->td_proc->p_ucred = newcred; + proc_set_cred(td->td_proc, newcred); PROC_UNLOCK(td->td_proc); crfree(oldcred); return (0); @@ -671,7 +671,7 @@ sys_setaudit(struct thread *td, struct s newcred->cr_audit.ai_termid.at_addr[0] = ai.ai_termid.machine; newcred->cr_audit.ai_termid.at_port = ai.ai_termid.port; newcred->cr_audit.ai_termid.at_type = AU_IPv4; - td->td_proc->p_ucred = newcred; + proc_set_cred(td->td_proc, newcred); PROC_UNLOCK(td->td_proc); crfree(oldcred); return (0); @@ -728,7 +728,7 @@ sys_setaudit_addr(struct thread *td, str if (error) goto fail; newcred->cr_audit = aia; - td->td_proc->p_ucred = newcred; + proc_set_cred(td->td_proc, newcred); PROC_UNLOCK(td->td_proc); crfree(oldcred); return (0); Modified: stable/10/sys/security/mac/mac_syscalls.c ============================================================================== --- stable/10/sys/security/mac/mac_syscalls.c Mon Jun 27 20:54:02 2016 (r302228) +++ stable/10/sys/security/mac/mac_syscalls.c Mon Jun 27 21:25:01 2016 (r302229) @@ -208,7 +208,7 @@ sys___mac_set_proc(struct thread *td, st setsugid(p); crcopy(newcred, oldcred); mac_cred_relabel(newcred, intlabel); - p->p_ucred = newcred; + proc_set_cred(p, newcred); PROC_UNLOCK(p); crfree(oldcred); Modified: stable/10/sys/security/mac_lomac/mac_lomac.c ============================================================================== --- stable/10/sys/security/mac_lomac/mac_lomac.c Mon Jun 27 20:54:02 2016 (r302228) +++ stable/10/sys/security/mac_lomac/mac_lomac.c Mon Jun 27 21:25:01 2016 (r302229) @@ -2275,7 +2275,7 @@ lomac_thread_userret(struct thread *td) crcopy(newcred, oldcred); crhold(newcred); lomac_copy(&subj->mac_lomac, SLOT(newcred->cr_label)); - p->p_ucred = newcred; + proc_set_cred(p, newcred); crfree(oldcred); dodrop = 1; out: Modified: stable/10/sys/sys/ucred.h ============================================================================== --- stable/10/sys/sys/ucred.h Mon Jun 27 20:54:02 2016 (r302228) +++ stable/10/sys/sys/ucred.h Mon Jun 27 21:25:01 2016 (r302229) @@ -106,6 +106,7 @@ struct ucred *crcopysafe(struct proc *p, struct ucred *crdup(struct ucred *cr); void crextend(struct ucred *cr, int n); void cred_update_thread(struct thread *td); +struct ucred *proc_set_cred(struct proc *p, struct ucred *cr); void crfree(struct ucred *cr); struct ucred *crget(void); struct ucred *crhold(struct ucred *cr);