tracing: Have trace event string test handle zero length strings

[mirror_ubuntu-jammy-kernel.git] / kernel / cred.c

diff --git a/kernel/cred.c b/kernel/cred.c
index f784e08c2fbd6161e50c66a49f5ab4dfedef155b..29a653f4c671dba2866bd11ae4bfae91e1e20d4e 100644 (file)
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -225,8 +225,6 @@ struct cred *cred_alloc_blank(void)
 #ifdef CONFIG_DEBUG_CREDENTIALS
        new->magic = CRED_MAGIC;
 #endif
-       new->ucounts = get_ucounts(&init_ucounts);
-
        if (security_cred_alloc_blank(new, GFP_KERNEL_ACCOUNT) < 0)
                goto error;
 
@@ -501,7 +499,7 @@ int commit_creds(struct cred *new)
                inc_rlimit_ucounts(new->ucounts, UCOUNT_RLIMIT_NPROC, 1);
        rcu_assign_pointer(task->real_cred, new);
        rcu_assign_pointer(task->cred, new);
-       if (new->user != old->user)
+       if (new->user != old->user || new->user_ns != old->user_ns)
                dec_rlimit_ucounts(old->ucounts, UCOUNT_RLIMIT_NPROC, 1);
        alter_cred_subscribers(old, -2);
 
@@ -667,25 +665,20 @@ EXPORT_SYMBOL(cred_fscmp);
 
 int set_cred_ucounts(struct cred *new)
 {
-       struct task_struct *task = current;
-       const struct cred *old = task->real_cred;
-       struct ucounts *old_ucounts = new->ucounts;
-
-       if (new->user == old->user && new->user_ns == old->user_ns)
-               return 0;
+       struct ucounts *new_ucounts, *old_ucounts = new->ucounts;
 
        /*
         * This optimization is needed because alloc_ucounts() uses locks
         * for table lookups.
         */
-       if (old_ucounts && old_ucounts->ns == new->user_ns && uid_eq(old_ucounts->uid, new->euid))
+       if (old_ucounts->ns == new->user_ns && uid_eq(old_ucounts->uid, new->uid))
                return 0;
 
-       if (!(new->ucounts = alloc_ucounts(new->user_ns, new->euid)))
+       if (!(new_ucounts = alloc_ucounts(new->user_ns, new->uid)))
                return -EAGAIN;
 
-       if (old_ucounts)
-               put_ucounts(old_ucounts);
+       new->ucounts = new_ucounts;
+       put_ucounts(old_ucounts);
 
        return 0;
 }
@@ -774,14 +767,14 @@ EXPORT_SYMBOL(prepare_kernel_cred);
 /**
  * set_security_override - Set the security ID in a set of credentials
  * @new: The credentials to alter
- * @secid: The LSM security ID to set
+ * @blob: The LSM security information to set
  *
  * Set the LSM security ID in a set of credentials so that the subjective
  * security is overridden when an alternative set of credentials is used.
  */
-int set_security_override(struct cred *new, u32 secid)
+int set_security_override(struct cred *new, struct lsmblob *blob)
 {
-       return security_kernel_act_as(new, secid);
+       return security_kernel_act_as(new, blob);
 }
 EXPORT_SYMBOL(set_security_override);
 
@@ -797,14 +790,14 @@ EXPORT_SYMBOL(set_security_override);
  */
 int set_security_override_from_ctx(struct cred *new, const char *secctx)
 {
-       u32 secid;
+       struct lsmblob blob;
        int ret;
 
-       ret = security_secctx_to_secid(secctx, strlen(secctx), &secid);
+       ret = security_secctx_to_secid(secctx, strlen(secctx), &blob);
        if (ret < 0)
                return ret;
 
-       return set_security_override(new, secid);
+       return set_security_override(new, &blob);
 }
 EXPORT_SYMBOL(set_security_override_from_ctx);