DNM: kernel: switch to prepare_creds

aviraxp · rsuntk · commit 318f868835d5 · 2025-06-10T15:38:06.000Z
- Picked from tiann#2631 - Minor changes: NULL the creds after commiting. Signed-off-by: rsuntk <90097027+rsuntk@users.noreply.github.com>
diff --git a/kernel/core_hook.c b/kernel/core_hook.c
@@ -139,21 +139,15 @@ void escape_to_root(void)
 {
 	struct cred *cred;
 
-	rcu_read_lock();
-
-	do {
-		cred = (struct cred *)__task_cred((current));
-		if (!cred) {
-			pr_err("%s: cred is NULL! bailing out..\n", __func__);
-			rcu_read_unlock();
-			return;
-		}
-	} while (!get_cred_rcu(cred));
+	cred = prepare_creds();
+	if (!cred) {
+		pr_err("%s: failed to allocate new cred.\n, __func__");
+		return;
+	}
 
 	if (cred->euid.val == 0) {
 		pr_warn("Already root, don't escape!\n");
-		rcu_read_unlock();
-		put_cred(cred);
+		abort_creds(cred);
 		return;
 	}
 
@@ -187,8 +181,7 @@ void escape_to_root(void)
 
 	setup_groups(profile, cred);
 
-	rcu_read_unlock();
-	put_cred(cred);
+	commit_creds(cred);
 
 	// Refer to kernel/seccomp.c: seccomp_set_mode_strict
 	// When disabling Seccomp, ensure that current->sighand->siglock is held during the operation.
@@ -197,6 +190,10 @@ void escape_to_root(void)
 	spin_unlock_irq(&current->sighand->siglock);
 
 	setup_selinux(profile->selinux_domain);
+
+	// https://elixir.bootlin.com/linux/v5.4/source/fs/exec.c#L1456
+	pr_info("%s: freeing creds", __func__);
+	cred = NULL;
 }
 
 int ksu_handle_rename(struct dentry *old_dentry, struct dentry *new_dentry)
