BACKPORT: commoncap: don't alloc the credential unless needed in cap_task_prctl
In function cap_task_prctl(), we would allocate a credential
unconditionally and then check if we support the requested function.
If not we would release this credential with abort_creds() by using
RCU method. But on some archs such as powerpc, the sys_prctl is heavily
used to get/set the floating point exception mode. So the unnecessary
allocating/releasing of credential not only introduce runtime overhead
but also do cause OOM due to the RCU implementation.
This patch removes abort_creds() from cap_task_prctl() by calling
prepare_creds() only when we need to modify it.
Reported-by: Kevin Hao <firstname.lastname@example.org>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reviewed-by: Paul Moore <email@example.com>
Acked-by: Serge E. Hallyn <firstname.lastname@example.org>
Reviewed-by: Kees Cook <email@example.com>
Signed-off-by: James Morris <firstname.lastname@example.org>
(cherry picked from commit 6d6f3328422a3bc56b0d8dd026a5de845d2abfa7)
Signed-off-by: Jorge Lucangeli Obes <email@example.com>
1 file changed