* [PATCH] task: delete task_euid()
@ 2026-02-19 12:14 Alice Ryhl
2026-02-19 14:27 ` Alex Shi
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Alice Ryhl @ 2026-02-19 12:14 UTC (permalink / raw)
To: Paul Moore, Serge Hallyn, Jonathan Corbet, Greg Kroah-Hartman,
Shuah Khan, Alex Shi, Yanteng Si, Dongliang Mu
Cc: Miguel Ojeda, Boqun Feng, Gary Guo, Björn Roy Baron,
Benno Lossin, Andreas Hindborg, Trevor Gross, Danilo Krummrich,
linux-security-module, linux-doc, linux-kernel, rust-for-linux,
Jann Horn, Alice Ryhl
task_euid() is a very weird operation. You can see how weird it is by
grepping for task_euid() - binder is its only user. task_euid() obtains
the objective effective UID - it looks at the credentials of the task
for purposes of acting on it as an object, but then accesses the
effective UID (which the credentials.7 man page describes as "[...] used
by the kernel to determine the permissions that the process will have
when accessing shared resources [...]").
Since usage in Binder has now been removed, get rid of the resulting
dead code.
Changes to the zh_CN translation was carried out with the help of
Gemini and Google Translate.
Suggested-by: Jann Horn <jannh@google.com>
Signed-off-by: Alice Ryhl <aliceryhl@google.com>
---
Depends on these two changes:
https://lore.kernel.org/all/20260212-rust-uid-v1-1-deff4214c766@google.com/
https://lore.kernel.org/all/20260213-binder-uid-v1-0-7b795ae05523@google.com/
---
Documentation/security/credentials.rst | 6 ++----
Documentation/translations/zh_CN/security/credentials.rst | 6 ++----
include/linux/cred.h | 1 -
rust/helpers/task.c | 5 -----
rust/kernel/task.rs | 10 ----------
5 files changed, 4 insertions(+), 24 deletions(-)
diff --git a/Documentation/security/credentials.rst b/Documentation/security/credentials.rst
index d0191c8b8060edb7b272402c019cff941ec22743..81d3b5737d85bde9b77bff94dfb93ed8037b2302 100644
--- a/Documentation/security/credentials.rst
+++ b/Documentation/security/credentials.rst
@@ -393,16 +393,14 @@ the credentials so obtained when they're finished with.
The result of ``__task_cred()`` should not be passed directly to
``get_cred()`` as this may race with ``commit_cred()``.
-There are a couple of convenience functions to access bits of another task's
-credentials, hiding the RCU magic from the caller::
+There is a convenience function to access bits of another task's credentials,
+hiding the RCU magic from the caller::
uid_t task_uid(task) Task's real UID
- uid_t task_euid(task) Task's effective UID
If the caller is holding the RCU read lock at the time anyway, then::
__task_cred(task)->uid
- __task_cred(task)->euid
should be used instead. Similarly, if multiple aspects of a task's credentials
need to be accessed, RCU read lock should be used, ``__task_cred()`` called,
diff --git a/Documentation/translations/zh_CN/security/credentials.rst b/Documentation/translations/zh_CN/security/credentials.rst
index 88fcd9152ffe91d79fc10bfc7b2a37d301b4938a..f0b2efec342438b81be415dc513622c961bb7e59 100644
--- a/Documentation/translations/zh_CN/security/credentials.rst
+++ b/Documentation/translations/zh_CN/security/credentials.rst
@@ -337,15 +337,13 @@ const指针上操作,因此不需要进行类型转换,但需要临时放弃
``__task_cred()`` 的结果不应直接传递给 ``get_cred()`` ,
因为这可能与 ``commit_cred()`` 发生竞争条件。
-还有一些方便的函数可以访问另一个任务凭据的特定部分,将RCU操作对调用方隐藏起来::
+有一个方便的函数可用于访问另一个任务凭据的特定部分,从而对调用方隐藏RCU机制::
uid_t task_uid(task) Task's real UID
- uid_t task_euid(task) Task's effective UID
-如果调用方在此时已经持有RCU读锁,则应使用::
+如果调用方在此时已经持有RCU读锁,则应改为使用::
__task_cred(task)->uid
- __task_cred(task)->euid
类似地,如果需要访问任务凭据的多个方面,应使用RCU读锁,调用 ``__task_cred()``
函数,将结果存储在临时指针中,然后从临时指针中调用凭据的各个方面,最后释放锁。
diff --git a/include/linux/cred.h b/include/linux/cred.h
index ed1609d78cd7b16ed1434c937176495a4f38cf6e..b40ec3c72ee6673c7be5210a1667e3912cba9620 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -367,7 +367,6 @@ DEFINE_FREE(put_cred, struct cred *, if (!IS_ERR_OR_NULL(_T)) put_cred(_T))
})
#define task_uid(task) (task_cred_xxx((task), uid))
-#define task_euid(task) (task_cred_xxx((task), euid))
#define task_ucounts(task) (task_cred_xxx((task), ucounts))
#define current_cred_xxx(xxx) \
diff --git a/rust/helpers/task.c b/rust/helpers/task.c
index c0e1a06ede78c0b0641707b52a82725543e2c02c..b46b1433a67e8eb341a7ee32ca4247b304bf675f 100644
--- a/rust/helpers/task.c
+++ b/rust/helpers/task.c
@@ -28,11 +28,6 @@ __rust_helper kuid_t rust_helper_task_uid(struct task_struct *task)
return task_uid(task);
}
-__rust_helper kuid_t rust_helper_task_euid(struct task_struct *task)
-{
- return task_euid(task);
-}
-
#ifndef CONFIG_USER_NS
__rust_helper uid_t rust_helper_from_kuid(struct user_namespace *to, kuid_t uid)
{
diff --git a/rust/kernel/task.rs b/rust/kernel/task.rs
index e07d0ddd76f6917adc91ca3d17bb7719153ee17f..169ff1dde9363afc8914b431fe31f2238b213ada 100644
--- a/rust/kernel/task.rs
+++ b/rust/kernel/task.rs
@@ -218,16 +218,6 @@ pub fn uid(&self) -> Kuid {
Kuid::from_raw(unsafe { bindings::task_uid(self.as_ptr()) })
}
- /// Returns the objective effective UID of the given task.
- ///
- /// You should probably not be using this; the effective UID is normally
- /// only relevant in subjective credentials.
- #[inline]
- pub fn euid(&self) -> Kuid {
- // SAFETY: It's always safe to call `task_euid` on a valid task.
- Kuid::from_raw(unsafe { bindings::task_euid(self.as_ptr()) })
- }
-
/// Determines whether the given task has pending signals.
#[inline]
pub fn signal_pending(&self) -> bool {
---
base-commit: 2961f841b025fb234860bac26dfb7fa7cb0fb122
change-id: 20260219-remove-task-euid-19e4b00beebe
prerequisite-change-id: 20260212-rust-uid-f1b3a45c8084:v1
prerequisite-patch-id: 7ec4933af3a7f4c6bb0403c34a6dd41306836295
prerequisite-change-id: 20260213-binder-uid-a24ede5026a8:v1
prerequisite-patch-id: 7be0128bd8902879bb271d0587ac98bf242cf612
prerequisite-patch-id: 4a9d0f595d2084b3f8982a2d0d8b3df35b9fae0e
Best regards,
--
Alice Ryhl <aliceryhl@google.com>
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] task: delete task_euid()
2026-02-19 12:14 [PATCH] task: delete task_euid() Alice Ryhl
@ 2026-02-19 14:27 ` Alex Shi
2026-02-19 14:35 ` Alice Ryhl
2026-02-19 14:43 ` Gary Guo
2026-02-20 10:43 ` Alice Ryhl
2 siblings, 1 reply; 5+ messages in thread
From: Alex Shi @ 2026-02-19 14:27 UTC (permalink / raw)
To: Alice Ryhl, Paul Moore, Serge Hallyn, Jonathan Corbet,
Greg Kroah-Hartman, Shuah Khan, Alex Shi, Yanteng Si,
Dongliang Mu
Cc: Miguel Ojeda, Boqun Feng, Gary Guo, Björn Roy Baron,
Benno Lossin, Andreas Hindborg, Trevor Gross, Danilo Krummrich,
linux-security-module, linux-doc, linux-kernel, rust-for-linux,
Jann Horn
On 2026/2/19 20:14, Alice Ryhl wrote:
> task_euid() is a very weird operation. You can see how weird it is by
> grepping for task_euid() - binder is its only user. task_euid() obtains
> the objective effective UID - it looks at the credentials of the task
> for purposes of acting on it as an object, but then accesses the
> effective UID (which the credentials.7 man page describes as "[...] used
> by the kernel to determine the permissions that the process will have
> when accessing shared resources [...]").
>
> Since usage in Binder has now been removed, get rid of the resulting
> dead code.
>
> Changes to the zh_CN translation was carried out with the help of
> Gemini and Google Translate.
>
> Suggested-by: Jann Horn<jannh@google.com>
> Signed-off-by: Alice Ryhl<aliceryhl@google.com>
> ---
> Depends on these two changes:
> https://lore.kernel.org/all/20260212-rust-uid-v1-1-deff4214c766@google.com/
> https://lore.kernel.org/all/20260213-binder-uid-
> v1-0-7b795ae05523@google.com/
> ---
> Documentation/security/credentials.rst | 6 ++----
> Documentation/translations/zh_CN/security/credentials.rst | 6 ++----
> include/linux/cred.h | 1 -
> rust/helpers/task.c | 5 -----
> rust/kernel/task.rs | 10 ----------
> 5 files changed, 4 insertions(+), 24 deletions(-)
>
> diff --git a/Documentation/security/credentials.rst b/Documentation/security/credentials.rst
> index d0191c8b8060edb7b272402c019cff941ec22743..81d3b5737d85bde9b77bff94dfb93ed8037b2302 100644
> --- a/Documentation/security/credentials.rst
> +++ b/Documentation/security/credentials.rst
> @@ -393,16 +393,14 @@ the credentials so obtained when they're finished with.
> The result of ``__task_cred()`` should not be passed directly to
> ``get_cred()`` as this may race with ``commit_cred()``.
>
> -There are a couple of convenience functions to access bits of another task's
> -credentials, hiding the RCU magic from the caller::
> +There is a convenience function to access bits of another task's credentials,
> +hiding the RCU magic from the caller::
>
> uid_t task_uid(task) Task's real UID
> - uid_t task_euid(task) Task's effective UID
>
> If the caller is holding the RCU read lock at the time anyway, then::
>
> __task_cred(task)->uid
> - __task_cred(task)->euid
>
> should be used instead. Similarly, if multiple aspects of a task's credentials
> need to be accessed, RCU read lock should be used, ``__task_cred()`` called,
> diff --git a/Documentation/translations/zh_CN/security/credentials.rst b/Documentation/translations/zh_CN/security/credentials.rst
> index 88fcd9152ffe91d79fc10bfc7b2a37d301b4938a..f0b2efec342438b81be415dc513622c961bb7e59 100644
> --- a/Documentation/translations/zh_CN/security/credentials.rst
> +++ b/Documentation/translations/zh_CN/security/credentials.rst
> @@ -337,15 +337,13 @@ const指针上操作,因此不需要进行类型转换,但需要临时放弃
> ``__task_cred()`` 的结果不应直接传递给 ``get_cred()`` ,
> 因为这可能与 ``commit_cred()`` 发生竞争条件。
>
> -还有一些方便的函数可以访问另一个任务凭据的特定部分,将RCU操作对调用方隐藏起来::
> +有一个方便的函数可用于访问另一个任务凭据的特定部分,从而对调用方隐藏RCU机制::
LGTM.
>
> uid_t task_uid(task) Task's real UID
> - uid_t task_euid(task) Task's effective UID
>
> -如果调用方在此时已经持有RCU读锁,则应使用::
> +如果调用方在此时已经持有RCU读锁,则应改为使用::
Please keep the old version. the new one is a bit ambiguous.
Thanks
Alex
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] task: delete task_euid()
2026-02-19 14:27 ` Alex Shi
@ 2026-02-19 14:35 ` Alice Ryhl
0 siblings, 0 replies; 5+ messages in thread
From: Alice Ryhl @ 2026-02-19 14:35 UTC (permalink / raw)
To: Alex Shi
Cc: Paul Moore, Serge Hallyn, Jonathan Corbet, Greg Kroah-Hartman,
Shuah Khan, Alex Shi, Yanteng Si, Dongliang Mu, Miguel Ojeda,
Boqun Feng, Gary Guo, Björn Roy Baron, Benno Lossin,
Andreas Hindborg, Trevor Gross, Danilo Krummrich,
linux-security-module, linux-doc, linux-kernel, rust-for-linux,
Jann Horn
On Thu, Feb 19, 2026 at 10:27:01PM +0800, Alex Shi wrote:
>
>
> On 2026/2/19 20:14, Alice Ryhl wrote:
> > task_euid() is a very weird operation. You can see how weird it is by
> > grepping for task_euid() - binder is its only user. task_euid() obtains
> > the objective effective UID - it looks at the credentials of the task
> > for purposes of acting on it as an object, but then accesses the
> > effective UID (which the credentials.7 man page describes as "[...] used
> > by the kernel to determine the permissions that the process will have
> > when accessing shared resources [...]").
> >
> > Since usage in Binder has now been removed, get rid of the resulting
> > dead code.
> >
> > Changes to the zh_CN translation was carried out with the help of
> > Gemini and Google Translate.
> > diff --git a/Documentation/translations/zh_CN/security/credentials.rst b/Documentation/translations/zh_CN/security/credentials.rst
> > index 88fcd9152ffe91d79fc10bfc7b2a37d301b4938a..f0b2efec342438b81be415dc513622c961bb7e59 100644
> > --- a/Documentation/translations/zh_CN/security/credentials.rst
> > +++ b/Documentation/translations/zh_CN/security/credentials.rst
> > @@ -337,15 +337,13 @@ const指针上操作,因此不需要进行类型转换,但需要临时放弃
> > ``__task_cred()`` 的结果不应直接传递给 ``get_cred()`` ,
> > 因为这可能与 ``commit_cred()`` 发生竞争条件。
> > -还有一些方便的函数可以访问另一个任务凭据的特定部分,将RCU操作对调用方隐藏起来::
> > +有一个方便的函数可用于访问另一个任务凭据的特定部分,从而对调用方隐藏RCU机制::
>
> LGTM.
>
> > uid_t task_uid(task) Task's real UID
> > - uid_t task_euid(task) Task's effective UID
> > -如果调用方在此时已经持有RCU读锁,则应使用::
> > +如果调用方在此时已经持有RCU读锁,则应改为使用::
>
> Please keep the old version. the new one is a bit ambiguous.
Thanks for checking!
Alice
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] task: delete task_euid()
2026-02-19 12:14 [PATCH] task: delete task_euid() Alice Ryhl
2026-02-19 14:27 ` Alex Shi
@ 2026-02-19 14:43 ` Gary Guo
2026-02-20 10:43 ` Alice Ryhl
2 siblings, 0 replies; 5+ messages in thread
From: Gary Guo @ 2026-02-19 14:43 UTC (permalink / raw)
To: Alice Ryhl
Cc: Paul Moore, Serge Hallyn, Jonathan Corbet, Greg Kroah-Hartman,
Shuah Khan, Alex Shi, Yanteng Si, Dongliang Mu, Miguel Ojeda,
Boqun Feng, Björn Roy Baron, Benno Lossin, Andreas Hindborg,
Trevor Gross, Danilo Krummrich, linux-security-module, linux-doc,
linux-kernel, rust-for-linux, Jann Horn
On 2026-02-19 12:14, Alice Ryhl wrote:
> task_euid() is a very weird operation. You can see how weird it is by
> grepping for task_euid() - binder is its only user. task_euid() obtains
> the objective effective UID - it looks at the credentials of the task
> for purposes of acting on it as an object, but then accesses the
> effective UID (which the credentials.7 man page describes as "[...]
> used
> by the kernel to determine the permissions that the process will have
> when accessing shared resources [...]").
>
> Since usage in Binder has now been removed, get rid of the resulting
> dead code.
>
> Changes to the zh_CN translation was carried out with the help of
> Gemini and Google Translate.
>
> Suggested-by: Jann Horn <jannh@google.com>
> Signed-off-by: Alice Ryhl <aliceryhl@google.com>
Reviewed-by: Gary Guo <gary@garyguo.net>
With Alex's translation suggestion applied.
Thanks,
Gary
> ---
> Depends on these two changes:
> https://lore.kernel.org/all/20260212-rust-uid-v1-1-deff4214c766@google.com/
> https://lore.kernel.org/all/20260213-binder-uid-v1-0-7b795ae05523@google.com/
> ---
> Documentation/security/credentials.rst | 6 ++----
> Documentation/translations/zh_CN/security/credentials.rst | 6 ++----
> include/linux/cred.h | 1 -
> rust/helpers/task.c | 5 -----
> rust/kernel/task.rs | 10
> ----------
> 5 files changed, 4 insertions(+), 24 deletions(-)
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] task: delete task_euid()
2026-02-19 12:14 [PATCH] task: delete task_euid() Alice Ryhl
2026-02-19 14:27 ` Alex Shi
2026-02-19 14:43 ` Gary Guo
@ 2026-02-20 10:43 ` Alice Ryhl
2 siblings, 0 replies; 5+ messages in thread
From: Alice Ryhl @ 2026-02-20 10:43 UTC (permalink / raw)
To: Paul Moore, Serge Hallyn, Jonathan Corbet, Greg Kroah-Hartman,
Shuah Khan, Alex Shi, Yanteng Si, Dongliang Mu
Cc: Miguel Ojeda, Boqun Feng, Gary Guo, Björn Roy Baron,
Benno Lossin, Andreas Hindborg, Trevor Gross, Danilo Krummrich,
linux-security-module, linux-doc, linux-kernel, rust-for-linux,
Jann Horn
On Thu, Feb 19, 2026 at 12:14:39PM +0000, Alice Ryhl wrote:
> include/linux/cred.h | 1 -
I guess the title of this should probably be
cred: delete task_euid()
rather than use the 'task:' prefix.
Alice
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2026-02-20 10:43 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-19 12:14 [PATCH] task: delete task_euid() Alice Ryhl
2026-02-19 14:27 ` Alex Shi
2026-02-19 14:35 ` Alice Ryhl
2026-02-19 14:43 ` Gary Guo
2026-02-20 10:43 ` Alice Ryhl
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox