BACKPORT: commoncap: don't alloc the credential unless needed in cap_task_prctl

In function cap_task_prctl(), we would allocate a credential
unconditionally and then check if we support the requested function.
If not we would release this credential with abort_creds() by using
RCU method. But on some archs such as powerpc, the sys_prctl is heavily
used to get/set the floating point exception mode. So the unnecessary
allocating/releasing of credential not only introduce runtime overhead
but also do cause OOM due to the RCU implementation.

This patch removes abort_creds() from cap_task_prctl() by calling
prepare_creds() only when we need to modify it.

Reported-by: Kevin Hao <>
Signed-off-by: Tetsuo Handa <>
Reviewed-by: Paul Moore <>
Acked-by: Serge E. Hallyn <>
Reviewed-by: Kees Cook <>
Signed-off-by: James Morris <>
(cherry picked from commit 6d6f3328422a3bc56b0d8dd026a5de845d2abfa7)

Bug: 35074030
Test: Builds.
Change-Id: I6f8136b017fd0dcafbf82553e64fbf002a268f20
Signed-off-by: Jorge Lucangeli Obes <>
1 file changed