209 	struct cred *new;  in cred_alloc_blank()  local
211 	new = kmem_cache_zalloc(cred_jar, GFP_KERNEL);  in cred_alloc_blank()
212 	if (!new)  in cred_alloc_blank()
215 	atomic_set(&new->usage, 1);  in cred_alloc_blank()
217 	new->magic = CRED_MAGIC;  in cred_alloc_blank()
220 	if (security_cred_alloc_blank(new, GFP_KERNEL) < 0)  in cred_alloc_blank()
223 	return new;  in cred_alloc_blank()
226 	abort_creds(new);  in cred_alloc_blank()
248 	struct cred *new;  in prepare_creds()  local
252 	new = kmem_cache_alloc(cred_jar, GFP_KERNEL);  in prepare_creds()
253 	if (!new)  in prepare_creds()
256 	kdebug("prepare_creds() alloc %p", new);  in prepare_creds()
259 	memcpy(new, old, sizeof(struct cred));  in prepare_creds()
261 	atomic_set(&new->usage, 1);  in prepare_creds()
262 	set_cred_subscribers(new, 0);  in prepare_creds()
263 	get_group_info(new->group_info);  in prepare_creds()
264 	get_uid(new->user);  in prepare_creds()
265 	get_user_ns(new->user_ns);  in prepare_creds()
268 	key_get(new->session_keyring);  in prepare_creds()
269 	key_get(new->process_keyring);  in prepare_creds()
270 	key_get(new->thread_keyring);  in prepare_creds()
271 	key_get(new->request_key_auth);  in prepare_creds()
275 	new->security = NULL;  in prepare_creds()
278 	if (security_prepare_creds(new, old, GFP_KERNEL) < 0)  in prepare_creds()
280 	validate_creds(new);  in prepare_creds()
281 	return new;  in prepare_creds()
284 	abort_creds(new);  in prepare_creds()
295 	struct cred *new;  in prepare_exec_creds()  local
297 	new = prepare_creds();  in prepare_exec_creds()
298 	if (!new)  in prepare_exec_creds()
299 		return new;  in prepare_exec_creds()
303 	key_put(new->thread_keyring);  in prepare_exec_creds()
304 	new->thread_keyring = NULL;  in prepare_exec_creds()
307 	key_put(new->process_keyring);  in prepare_exec_creds()
308 	new->process_keyring = NULL;  in prepare_exec_creds()
311 	return new;  in prepare_exec_creds()
325 	struct cred *new;  in copy_creds()  local
344 	new = prepare_creds();  in copy_creds()
345 	if (!new)  in copy_creds()
349 		ret = create_user_ns(new);  in copy_creds()
357 	if (new->thread_keyring) {  in copy_creds()
358 		key_put(new->thread_keyring);  in copy_creds()
359 		new->thread_keyring = NULL;  in copy_creds()
361 			install_thread_keyring_to_cred(new);  in copy_creds()
368 		key_put(new->process_keyring);  in copy_creds()
369 		new->process_keyring = NULL;  in copy_creds()
373 	atomic_inc(&new->user->processes);  in copy_creds()
374 	p->cred = p->real_cred = get_cred(new);  in copy_creds()
375 	alter_cred_subscribers(new, 2);  in copy_creds()
376 	validate_creds(new);  in copy_creds()
380 	put_cred(new);  in copy_creds()
423 int commit_creds(struct cred *new)  in commit_creds()  argument
428 	kdebug("commit_creds(%p{%d,%d})", new,  in commit_creds()
429 	       atomic_read(&new->usage),  in commit_creds()
430 	       read_cred_subscribers(new));  in commit_creds()
436 	validate_creds(new);  in commit_creds()
438 	BUG_ON(atomic_read(&new->usage) < 1);  in commit_creds()
440 	get_cred(new); /* we will require a ref for the subj creds too */  in commit_creds()
443 	if (!uid_eq(old->euid, new->euid) ||  in commit_creds()
444 	    !gid_eq(old->egid, new->egid) ||  in commit_creds()
445 	    !uid_eq(old->fsuid, new->fsuid) ||  in commit_creds()
446 	    !gid_eq(old->fsgid, new->fsgid) ||  in commit_creds()
447 	    !cred_cap_issubset(old, new)) {  in commit_creds()
455 	if (!uid_eq(new->fsuid, old->fsuid))  in commit_creds()
457 	if (!gid_eq(new->fsgid, old->fsgid))  in commit_creds()
464 	alter_cred_subscribers(new, 2);  in commit_creds()
465 	if (new->user != old->user)  in commit_creds()
466 		atomic_inc(&new->user->processes);  in commit_creds()
467 	rcu_assign_pointer(task->real_cred, new);  in commit_creds()
468 	rcu_assign_pointer(task->cred, new);  in commit_creds()
469 	if (new->user != old->user)  in commit_creds()
474 	if (!uid_eq(new->uid,   old->uid)  ||  in commit_creds()
475 	    !uid_eq(new->euid,  old->euid) ||  in commit_creds()
476 	    !uid_eq(new->suid,  old->suid) ||  in commit_creds()
477 	    !uid_eq(new->fsuid, old->fsuid))  in commit_creds()
480 	if (!gid_eq(new->gid,   old->gid)  ||  in commit_creds()
481 	    !gid_eq(new->egid,  old->egid) ||  in commit_creds()
482 	    !gid_eq(new->sgid,  old->sgid) ||  in commit_creds()
483 	    !gid_eq(new->fsgid, old->fsgid))  in commit_creds()
500 void abort_creds(struct cred *new)  in abort_creds()  argument
502 	kdebug("abort_creds(%p{%d,%d})", new,  in abort_creds()
503 	       atomic_read(&new->usage),  in abort_creds()
504 	       read_cred_subscribers(new));  in abort_creds()
507 	BUG_ON(read_cred_subscribers(new) != 0);  in abort_creds()
509 	BUG_ON(atomic_read(&new->usage) < 1);  in abort_creds()
510 	put_cred(new);  in abort_creds()
521 const struct cred *override_creds(const struct cred *new)  in override_creds()  argument
525 	kdebug("override_creds(%p{%d,%d})", new,  in override_creds()
526 	       atomic_read(&new->usage),  in override_creds()
527 	       read_cred_subscribers(new));  in override_creds()
530 	validate_creds(new);  in override_creds()
531 	get_cred(new);  in override_creds()
532 	alter_cred_subscribers(new, 1);  in override_creds()
533 	rcu_assign_pointer(current->cred, new);  in override_creds()
598 	struct cred *new;  in prepare_kernel_cred()  local
600 	new = kmem_cache_alloc(cred_jar, GFP_KERNEL);  in prepare_kernel_cred()
601 	if (!new)  in prepare_kernel_cred()
604 	kdebug("prepare_kernel_cred() alloc %p", new);  in prepare_kernel_cred()
613 	*new = *old;  in prepare_kernel_cred()
614 	atomic_set(&new->usage, 1);  in prepare_kernel_cred()
615 	set_cred_subscribers(new, 0);  in prepare_kernel_cred()
616 	get_uid(new->user);  in prepare_kernel_cred()
617 	get_user_ns(new->user_ns);  in prepare_kernel_cred()
618 	get_group_info(new->group_info);  in prepare_kernel_cred()
621 	new->session_keyring = NULL;  in prepare_kernel_cred()
622 	new->process_keyring = NULL;  in prepare_kernel_cred()
623 	new->thread_keyring = NULL;  in prepare_kernel_cred()
624 	new->request_key_auth = NULL;  in prepare_kernel_cred()
625 	new->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING;  in prepare_kernel_cred()
629 	new->security = NULL;  in prepare_kernel_cred()
631 	if (security_prepare_creds(new, old, GFP_KERNEL) < 0)  in prepare_kernel_cred()
635 	validate_creds(new);  in prepare_kernel_cred()
636 	return new;  in prepare_kernel_cred()
639 	put_cred(new);  in prepare_kernel_cred()
653 int set_security_override(struct cred *new, u32 secid)  in set_security_override()  argument
655 	return security_kernel_act_as(new, secid);  in set_security_override()
669 int set_security_override_from_ctx(struct cred *new, const char *secctx)  in set_security_override_from_ctx()  argument
678 	return set_security_override(new, secid);  in set_security_override_from_ctx()
691 int set_create_files_as(struct cred *new, struct inode *inode)  in set_create_files_as()  argument
695 	new->fsuid = inode->i_uid;  in set_create_files_as()
696 	new->fsgid = inode->i_gid;  in set_create_files_as()
697 	return security_kernel_create_files_as(new, inode);  in set_create_files_as()