tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

cred: make init_cred static

There's zero need to expose struct init_cred. The very few places that
need access can just go through init_task which is already exported.

Link: https://patch.msgid.link/20251103-work-creds-init_cred-v1-3-cb3ec8711a6a@kernel.org
Reviewed-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Christian Brauner <brauner@kernel.org>

Christian Brauner 40314c28 4c7ceeb6

+28 -29
-1
include/linux/init_task.h
··· 25 25 extern struct files_struct init_files; 26 26 extern struct fs_struct init_fs; 27 27 extern struct nsproxy init_nsproxy; 28 - extern struct cred init_cred; 29 28 30 29 #ifndef CONFIG_VIRT_CPU_ACCOUNTING_NATIVE 31 30 #define INIT_PREV_CPUTIME(x) .prev_cputime = { \
+27
init/init_task.c
··· 62 62 }; 63 63 #endif 64 64 65 + /* init to 2 - one for init_task, one to ensure it is never freed */ 66 + static struct group_info init_groups = { .usage = REFCOUNT_INIT(2) }; 67 + 68 + /* 69 + * The initial credentials for the initial task 70 + */ 71 + static struct cred init_cred = { 72 + .usage = ATOMIC_INIT(4), 73 + .uid = GLOBAL_ROOT_UID, 74 + .gid = GLOBAL_ROOT_GID, 75 + .suid = GLOBAL_ROOT_UID, 76 + .sgid = GLOBAL_ROOT_GID, 77 + .euid = GLOBAL_ROOT_UID, 78 + .egid = GLOBAL_ROOT_GID, 79 + .fsuid = GLOBAL_ROOT_UID, 80 + .fsgid = GLOBAL_ROOT_GID, 81 + .securebits = SECUREBITS_DEFAULT, 82 + .cap_inheritable = CAP_EMPTY_SET, 83 + .cap_permitted = CAP_FULL_SET, 84 + .cap_effective = CAP_FULL_SET, 85 + .cap_bset = CAP_FULL_SET, 86 + .user = INIT_USER, 87 + .user_ns = &init_user_ns, 88 + .group_info = &init_groups, 89 + .ucounts = &init_ucounts, 90 + }; 91 + 65 92 /* 66 93 * Set up the first task table, touch at your own risk!. Base=0, 67 94 * limit=0x1fffff (=2MB)
-27
kernel/cred.c
··· 35 35 36 36 static struct kmem_cache *cred_jar; 37 37 38 - /* init to 2 - one for init_task, one to ensure it is never freed */ 39 - static struct group_info init_groups = { .usage = REFCOUNT_INIT(2) }; 40 - 41 - /* 42 - * The initial credentials for the initial task 43 - */ 44 - struct cred init_cred = { 45 - .usage = ATOMIC_INIT(4), 46 - .uid = GLOBAL_ROOT_UID, 47 - .gid = GLOBAL_ROOT_GID, 48 - .suid = GLOBAL_ROOT_UID, 49 - .sgid = GLOBAL_ROOT_GID, 50 - .euid = GLOBAL_ROOT_UID, 51 - .egid = GLOBAL_ROOT_GID, 52 - .fsuid = GLOBAL_ROOT_UID, 53 - .fsgid = GLOBAL_ROOT_GID, 54 - .securebits = SECUREBITS_DEFAULT, 55 - .cap_inheritable = CAP_EMPTY_SET, 56 - .cap_permitted = CAP_FULL_SET, 57 - .cap_effective = CAP_FULL_SET, 58 - .cap_bset = CAP_FULL_SET, 59 - .user = INIT_USER, 60 - .user_ns = &init_user_ns, 61 - .group_info = &init_groups, 62 - .ucounts = &init_ucounts, 63 - }; 64 - 65 38 /* 66 39 * The RCU callback to actually dispose of a set of credentials 67 40 */
+1 -1
security/keys/process_keys.c
··· 51 51 if (!reg_keyring) { 52 52 reg_keyring = keyring_alloc(".user_reg", 53 53 user_ns->owner, INVALID_GID, 54 - &init_cred, 54 + kernel_cred(), 55 55 KEY_POS_WRITE | KEY_POS_SEARCH | 56 56 KEY_USR_VIEW | KEY_USR_READ, 57 57 0,