Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp2062375ybv;
        Fri, 14 Feb 2020 10:42:49 -0800 (PST)
X-Google-Smtp-Source: APXvYqyPI3kx4dgDuniFZCNbdApOXQ7lePYX6bmYBePfkOUzT9+hEWiOZ1Mx4/lZ8d2+xyZm9Joe
X-Received: by 2002:a05:6830:2154:: with SMTP id r20mr3540814otd.131.1581705768881;
        Fri, 14 Feb 2020 10:42:48 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1581705768; cv=none;
        d=google.com; s=arc-20160816;
        b=KvWszHr8JobKyOP4ihvzjf9lVG2kb+d6e/KiXjKs/n4cGVqxxl8WqTXHwcy6VKZcxG
         715UHb4FZM/4C2NeuiUH+zuAV/94lTrJnVQZwLlhMpuLdwIgj2Oin0ILDcbKL8SrLuij
         8ZPxokfkdx2IX3GkryDiaL/RwnsqZ3NThYgv+Wteo3NzSWDC96o+6dulk0O6s70wLuzj
         /uWRpLUEtcGpsmHIHKFLnTB214ivhF71dMB/szJXlmvE5cvdyt8jiPIninDAjr2K0bru
         tvZhN0lrIXlOXCNYEfgL/cgP7Svr3KPFTHV4y+C/nTBWujtAzniS3UK/jt4kU8PZTiKW
         XxkQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from;
        bh=FEoP7qbBwIPqLwpL+HpT6JGGNFeMxuKHxh2g3DxphNE=;
        b=kYjYyYlptBL5fViDvDKqNHsOl38uSuXxyRPXBaschrEUyd2+mwFkmHqfo0klrdLVMc
         qMcqeyteCn0ThKAKHbMq6Xa4zmg9+WRPK7IaooZcL0llgf0D5ktLh8N4lIEkJPkkjoBi
         82wuGHG0lvNcRvMG3YSqRdQxnxW8NIHSq9LAz80/DJcwhh1uFXekYpBMgX9Rh6RJY/7m
         /dC+l6XQPxa/UyviRaxQ8q/IDFZJunhTbSZH+ICeD9vDKtW2nUOyYvvuu9Jh0j0gnaH8
         SjNL0+6CpY+6yEG0XQ8mmycFxYKfH6uH71RktQ9Bxkltt3pVERyiQO7Qbs8zjYF8WVd6
         Ev8g==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id a22si3326489otp.84.2020.02.14.10.42.36;
        Fri, 14 Feb 2020 10:42:48 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2388668AbgBNSlf (ORCPT <rfc822;ahaning.tech@gmail.com>
        + 99 others); Fri, 14 Feb 2020 13:41:35 -0500
Received: from youngberry.canonical.com ([91.189.89.112]:33879 "EHLO
        youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1729595AbgBNSlf (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 14 Feb 2020 13:41:35 -0500
Received: from ip5f5bf7ec.dynamic.kabel-deutschland.de ([95.91.247.236] helo=wittgenstein.fritz.box)
        by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
        (Exim 4.86_2)
        (envelope-from <christian.brauner@ubuntu.com>)
        id 1j2fqo-0000uO-Ph; Fri, 14 Feb 2020 18:38:06 +0000
From:   Christian Brauner <christian.brauner@ubuntu.com>
To:     =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@ubuntu.com>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        Aleksa Sarai <cyphar@cyphar.com>, Jann Horn <jannh@google.com>
Cc:     smbarber@chromium.org, Seth Forshee <seth.forshee@canonical.com>,
        Alexander Viro <viro@zeniv.linux.org.uk>,
        Alexey Dobriyan <adobriyan@gmail.com>,
        Serge Hallyn <serge@hallyn.com>,
        James Morris <jmorris@namei.org>,
        Kees Cook <keescook@chromium.org>,
        Jonathan Corbet <corbet@lwn.net>,
        Phil Estes <estesp@gmail.com>, linux-kernel@vger.kernel.org,
        linux-fsdevel@vger.kernel.org,
        containers@lists.linux-foundation.org,
        linux-security-module@vger.kernel.org, linux-api@vger.kernel.org,
        Christian Brauner <christian.brauner@ubuntu.com>
Subject: [PATCH v2 27/28] ptrace: adapt ptrace_may_access() to always uses unmapped fsids
Date:   Fri, 14 Feb 2020 19:35:53 +0100
Message-Id: <20200214183554.1133805-28-christian.brauner@ubuntu.com>
X-Mailer: git-send-email 2.25.0
In-Reply-To: <20200214183554.1133805-1-christian.brauner@ubuntu.com>
References: <20200214183554.1133805-1-christian.brauner@ubuntu.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

ptrace_may_access() with PTRACE_MODE_FSCREDS is only used with proc and proc
wants to use the unmapped fsids.

Cc: Jann Horn <jannh@google.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
/* v2 */
patch added
---
 kernel/ptrace.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index 43d6179508d6..3734713cc0dd 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -304,8 +304,8 @@ static int __ptrace_may_access(struct task_struct *task, unsigned int mode)
 		return 0;
 	rcu_read_lock();
 	if (mode & PTRACE_MODE_FSCREDS) {
-		caller_uid = cred->fsuid;
-		caller_gid = cred->fsgid;
+		caller_uid = cred->kfsuid;
+		caller_gid = cred->kfsgid;
 	} else {
 		/*
 		 * Using the euid would make more sense here, but something
-- 
2.25.0