CRED: Differentiate objective and effective subjective credentials on a task

[GitHub/mt8127/android_kernel_alcatel_ttab.git] / kernel / fork.c
diff --git a/kernel/fork.c b/kernel/fork.c

index 30de644a40c4d4d9617d650589f4c90da1e977a2..af0d0f04585ca65b0cd02629733b61bc4c74a6d0 100644 (file)
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -58,6 +58,7 @@
  #include <linux/tty.h>
  #include <linux/proc_fs.h>
  #include <linux/blkdev.h>
+#include <trace/sched.h>
  
  #include <asm/pgtable.h>
  #include <asm/pgalloc.h>
@@ -145,9 +146,8 @@ void __put_task_struct(struct task_struct *tsk)
         WARN_ON(atomic_read(&tsk->usage));
         WARN_ON(tsk == current);
  
-       security_task_free(tsk);
-       free_uid(tsk->user);
-       put_group_info(tsk->group_info);
+       put_cred(tsk->real_cred);
+       put_cred(tsk->cred);
         delayacct_tsk_free(tsk);
  
         if (!profile_handoff_task(tsk))
@@ -759,27 +759,50 @@ void __cleanup_sighand(struct sighand_struct *sighand)
                 kmem_cache_free(sighand_cachep, sighand);
  }
  
+
+/*
+ * Initialize POSIX timer handling for a thread group.
+ */
+static void posix_cpu_timers_init_group(struct signal_struct *sig)
+{
+       /* Thread group counters. */
+       thread_group_cputime_init(sig);
+
+       /* Expiration times and increments. */
+       sig->it_virt_expires = cputime_zero;
+       sig->it_virt_incr = cputime_zero;
+       sig->it_prof_expires = cputime_zero;
+       sig->it_prof_incr = cputime_zero;
+
+       /* Cached expiration times. */
+       sig->cputime_expires.prof_exp = cputime_zero;
+       sig->cputime_expires.virt_exp = cputime_zero;
+       sig->cputime_expires.sched_exp = 0;
+
+       /* The timer lists. */
+       INIT_LIST_HEAD(&sig->cpu_timers[0]);
+       INIT_LIST_HEAD(&sig->cpu_timers[1]);
+       INIT_LIST_HEAD(&sig->cpu_timers[2]);
+}
+
  static int copy_signal(unsigned long clone_flags, struct task_struct *tsk)
  {
         struct signal_struct *sig;
         int ret;
  
         if (clone_flags & CLONE_THREAD) {
-               atomic_inc(&current->signal->count);
-               atomic_inc(&current->signal->live);
-               return 0;
+               ret = thread_group_cputime_clone_thread(current);
+               if (likely(!ret)) {
+                       atomic_inc(&current->signal->count);
+                       atomic_inc(&current->signal->live);
+               }
+               return ret;
         }
         sig = kmem_cache_alloc(signal_cachep, GFP_KERNEL);
         tsk->signal = sig;
         if (!sig)
                 return -ENOMEM;
  
-       ret = copy_thread_group_keys(tsk);
-       if (ret < 0) {
-               kmem_cache_free(signal_cachep, sig);
-               return ret;
-       }
-
         atomic_set(&sig->count, 1);
         atomic_set(&sig->live, 1);
         init_waitqueue_head(&sig->wait_chldexit);
@@ -795,40 +818,25 @@ static int copy_signal(unsigned long clone_flags, struct task_struct *tsk)
         sig->it_real_incr.tv64 = 0;
         sig->real_timer.function = it_real_fn;
  
-       sig->it_virt_expires = cputime_zero;
-       sig->it_virt_incr = cputime_zero;
-       sig->it_prof_expires = cputime_zero;
-       sig->it_prof_incr = cputime_zero;
-
         sig->leader = 0;        /* session leadership doesn't inherit */
         sig->tty_old_pgrp = NULL;
         sig->tty = NULL;
  
-       sig->utime = sig->stime = sig->cutime = sig->cstime = cputime_zero;
+       sig->cutime = sig->cstime = cputime_zero;
         sig->gtime = cputime_zero;
         sig->cgtime = cputime_zero;
         sig->nvcsw = sig->nivcsw = sig->cnvcsw = sig->cnivcsw = 0;
         sig->min_flt = sig->maj_flt = sig->cmin_flt = sig->cmaj_flt = 0;
         sig->inblock = sig->oublock = sig->cinblock = sig->coublock = 0;
         task_io_accounting_init(&sig->ioac);
-       sig->sum_sched_runtime = 0;
-       INIT_LIST_HEAD(&sig->cpu_timers[0]);
-       INIT_LIST_HEAD(&sig->cpu_timers[1]);
-       INIT_LIST_HEAD(&sig->cpu_timers[2]);
         taskstats_tgid_init(sig);
  
         task_lock(current->group_leader);
         memcpy(sig->rlim, current->signal->rlim, sizeof sig->rlim);
         task_unlock(current->group_leader);
  
-       if (sig->rlim[RLIMIT_CPU].rlim_cur != RLIM_INFINITY) {
-               /*
-                * New sole thread in the process gets an expiry time
-                * of the whole CPU time limit.
-                */
-               tsk->it_prof_expires =
-                       secs_to_cputime(sig->rlim[RLIMIT_CPU].rlim_cur);
-       }
+       posix_cpu_timers_init_group(sig);
+
         acct_init_pacct(&sig->pacct);
  
         tty_audit_fork(sig);
@@ -838,7 +846,7 @@ static int copy_signal(unsigned long clone_flags, struct task_struct *tsk)
  
  void __cleanup_signal(struct signal_struct *sig)
  {
-       exit_thread_group_keys(sig);
+       thread_group_cputime_free(sig);
         tty_kref_put(sig->tty);
         kmem_cache_free(signal_cachep, sig);
  }
@@ -887,6 +895,19 @@ void mm_init_owner(struct mm_struct *mm, struct task_struct *p)
  }
  #endif /* CONFIG_MM_OWNER */
  
+/*
+ * Initialize POSIX timer handling for a single task.
+ */
+static void posix_cpu_timers_init(struct task_struct *tsk)
+{
+       tsk->cputime_expires.prof_exp = cputime_zero;
+       tsk->cputime_expires.virt_exp = cputime_zero;
+       tsk->cputime_expires.sched_exp = 0;
+       INIT_LIST_HEAD(&tsk->cpu_timers[0]);
+       INIT_LIST_HEAD(&tsk->cpu_timers[1]);
+       INIT_LIST_HEAD(&tsk->cpu_timers[2]);
+}
+
  /*
   * This creates a new process as a copy of the old one,
   * but does not actually start it yet.
@@ -941,16 +962,16 @@ static struct task_struct *copy_process(unsigned long clone_flags,
         DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled);
  #endif
         retval = -EAGAIN;
-       if (atomic_read(&p->user->processes) >=
+       if (atomic_read(&p->real_cred->user->processes) >=
                         p->signal->rlim[RLIMIT_NPROC].rlim_cur) {
                 if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) &&
-                   p->user != current->nsproxy->user_ns->root_user)
+                   p->real_cred->user != current->nsproxy->user_ns->root_user)
                         goto bad_fork_free;
         }
  
-       atomic_inc(&p->user->__count);
-       atomic_inc(&p->user->processes);
-       get_group_info(p->group_info);
+       retval = copy_creds(p, clone_flags);
+       if (retval < 0)
+               goto bad_fork_free;
  
         /*
          * If multiple threads are within copy_process(), then this check
@@ -989,6 +1010,8 @@ static struct task_struct *copy_process(unsigned long clone_flags,
         p->prev_utime = cputime_zero;
         p->prev_stime = cputime_zero;
  
+       p->default_timer_slack_ns = current->timer_slack_ns;
+
  #ifdef CONFIG_DETECT_SOFTLOCKUP
         p->last_switch_count = 0;
         p->last_switch_timestamp = 0;
@@ -997,21 +1020,12 @@ static struct task_struct *copy_process(unsigned long clone_flags,
         task_io_accounting_init(&p->ioac);
         acct_clear_integrals(p);
  
-       p->it_virt_expires = cputime_zero;
-       p->it_prof_expires = cputime_zero;
-       p->it_sched_expires = 0;
-       INIT_LIST_HEAD(&p->cpu_timers[0]);
-       INIT_LIST_HEAD(&p->cpu_timers[1]);
-       INIT_LIST_HEAD(&p->cpu_timers[2]);
+       posix_cpu_timers_init(p);
  
         p->lock_depth = -1;             /* -1 = no lock */
         do_posix_clock_monotonic_gettime(&p->start_time);
         p->real_start_time = p->start_time;
         monotonic_to_bootbased(&p->real_start_time);
-#ifdef CONFIG_SECURITY
-       p->security = NULL;
-#endif
-       p->cap_bset = current->cap_bset;
         p->io_context = NULL;
         p->audit_context = NULL;
         cgroup_fork(p);
@@ -1056,10 +1070,8 @@ static struct task_struct *copy_process(unsigned long clone_flags,
         /* Perform scheduler related setup. Assign this task to a CPU. */
         sched_fork(p, clone_flags);
  
-       if ((retval = security_task_alloc(p)))
-               goto bad_fork_cleanup_policy;
         if ((retval = audit_alloc(p)))
-               goto bad_fork_cleanup_security;
+               goto bad_fork_cleanup_policy;
         /* copy all the process information */
         if ((retval = copy_semundo(clone_flags, p)))
                 goto bad_fork_cleanup_audit;
@@ -1073,10 +1085,8 @@ static struct task_struct *copy_process(unsigned long clone_flags,
                 goto bad_fork_cleanup_sighand;
         if ((retval = copy_mm(clone_flags, p)))
                 goto bad_fork_cleanup_signal;
-       if ((retval = copy_keys(clone_flags, p)))
-               goto bad_fork_cleanup_mm;
         if ((retval = copy_namespaces(clone_flags, p)))
-               goto bad_fork_cleanup_keys;
+               goto bad_fork_cleanup_mm;
         if ((retval = copy_io(clone_flags, p)))
                 goto bad_fork_cleanup_namespaces;
         retval = copy_thread(0, clone_flags, stack_start, stack_size, p, regs);
@@ -1203,21 +1213,6 @@ static struct task_struct *copy_process(unsigned long clone_flags,
         if (clone_flags & CLONE_THREAD) {
                 p->group_leader = current->group_leader;
                 list_add_tail_rcu(&p->thread_group, &p->group_leader->thread_group);
-
-               if (!cputime_eq(current->signal->it_virt_expires,
-                               cputime_zero) ||
-                   !cputime_eq(current->signal->it_prof_expires,
-                               cputime_zero) ||
-                   current->signal->rlim[RLIMIT_CPU].rlim_cur != RLIM_INFINITY ||
-                   !list_empty(&current->signal->cpu_timers[0]) ||
-                   !list_empty(&current->signal->cpu_timers[1]) ||
-                   !list_empty(&current->signal->cpu_timers[2])) {
-                       /*
-                        * Have child wake up on its first tick to check
-                        * for process CPU timers.
-                        */
-                       p->it_prof_expires = jiffies_to_cputime(1);
-               }
         }
  
         if (likely(p->pid)) {
@@ -1256,8 +1251,6 @@ bad_fork_cleanup_io:
         put_io_context(p->io_context);
  bad_fork_cleanup_namespaces:
         exit_task_namespaces(p);
-bad_fork_cleanup_keys:
-       exit_keys(p);
  bad_fork_cleanup_mm:
         if (p->mm)
                 mmput(p->mm);
@@ -1273,8 +1266,6 @@ bad_fork_cleanup_semundo:
         exit_sem(p);
  bad_fork_cleanup_audit:
         audit_free(p);
-bad_fork_cleanup_security:
-       security_task_free(p);
  bad_fork_cleanup_policy:
  #ifdef CONFIG_NUMA
         mpol_put(p->mempolicy);
@@ -1287,9 +1278,9 @@ bad_fork_cleanup_cgroup:
  bad_fork_cleanup_put_domain:
         module_put(task_thread_info(p)->exec_domain->module);
  bad_fork_cleanup_count:
-       put_group_info(p->group_info);
-       atomic_dec(&p->user->processes);
-       free_uid(p->user);
+       atomic_dec(&p->cred->user->processes);
+       put_cred(p->real_cred);
+       put_cred(p->cred);
  bad_fork_free:
         free_task(p);
  fork_out:
@@ -1364,6 +1355,8 @@ long do_fork(unsigned long clone_flags,
         if (!IS_ERR(p)) {
                 struct completion vfork;
  
+               trace_sched_process_fork(current, p);
+
                 nr = task_pid_vnr(p);
  
                 if (clone_flags & CLONE_PARENT_SETTID)