kallsyms: Refactor kallsyms_show_value() to take cred

commit 160251842cd35a75edfb0a1d76afa3eb674ff40a upstream. In order to perform future tests against the cred saved during open(), switch kallsyms_show_value() to operate on a cred, and have all current callers pass current_cred(). This makes it very obvious where callers are checking the wrong credential in their "read" contexts. These will be fixed in the coming patches. Additionally switch return value to bool, since it is always used as a direct permission check, not a 0-on-success, negative-on-error style function return. Cc: stable@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Kees Cook <keescook@chromium.org> 2020-07-02 11:49:23 -0700
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2020-07-16 08:17:26 +0200
commit: ebce5c1fb51b185b60927a6c5bf1fad12e1812fc (patch)
tree: 5d4e0d4c793e09c7f05d10393c3e23dd3aa8e1c7 /kernel/module.c
parent: 80d9453806d20c65d9d58875711dbe8e9d236ef2 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/module.c b/kernel/module.c
index 20fc0efc679c..08d4b7811ae5 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -4258,7 +4258,7 @@ static int modules_open(struct inode *inode, struct file *file)
 
 	if (!err) {
 		struct seq_file *m = file->private_data;
-		m->private = kallsyms_show_value() ? NULL : (void *)8ul;
+		m->private = kallsyms_show_value(current_cred()) ? NULL : (void *)8ul;
 	}
 
 	return err;
author	Kees Cook <keescook@chromium.org>	2020-07-02 11:49:23 -0700
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2020-07-16 08:17:26 +0200
commit	ebce5c1fb51b185b60927a6c5bf1fad12e1812fc (patch)
tree	5d4e0d4c793e09c7f05d10393c3e23dd3aa8e1c7 /kernel/module.c
parent	80d9453806d20c65d9d58875711dbe8e9d236ef2 (diff)