cred: make init_cred static

There's zero need to expose struct init_cred. The very few places that
need access can just go through init_task which is already exported.

Link: https://patch.msgid.link/20251103-work-creds-init_cred-v1-3-cb3ec8711a6a@kernel.org
Reviewed-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Christian Brauner <brauner@kernel.org>

diff --git a/include/linux/init_task.h b/include/linux/init_task.h
index bccb3f1f62621a7b8a804a1c496a5c620717180d..a6cb241ea00c3e1434b6c3fbf3e8bcea944085b2 100644 (file)
--- a/include/linux/init_task.h
+++ b/include/linux/init_task.h
@@ -25,7 +25,6 @@
 extern struct files_struct init_files;
 extern struct fs_struct init_fs;
 extern struct nsproxy init_nsproxy;
-extern struct cred init_cred;
 
 #ifndef CONFIG_VIRT_CPU_ACCOUNTING_NATIVE
 #define INIT_PREV_CPUTIME(x)   .prev_cputime = {                       \

diff --git a/init/init_task.c b/init/init_task.c
index a55e2189206fa4d6ae2345461e38533b38b76afa..d970a847b657260ef32024859dd1b9b7d43bb949 100644 (file)
--- a/init/init_task.c
+++ b/init/init_task.c
@@ -62,6 +62,33 @@ unsigned long init_shadow_call_stack[SCS_SIZE / sizeof(long)] = {
 };
 #endif
 
+/* init to 2 - one for init_task, one to ensure it is never freed */
+static struct group_info init_groups = { .usage = REFCOUNT_INIT(2) };
+
+/*
+ * The initial credentials for the initial task
+ */
+static struct cred init_cred = {
+       .usage                  = ATOMIC_INIT(4),
+       .uid                    = GLOBAL_ROOT_UID,
+       .gid                    = GLOBAL_ROOT_GID,
+       .suid                   = GLOBAL_ROOT_UID,
+       .sgid                   = GLOBAL_ROOT_GID,
+       .euid                   = GLOBAL_ROOT_UID,
+       .egid                   = GLOBAL_ROOT_GID,
+       .fsuid                  = GLOBAL_ROOT_UID,
+       .fsgid                  = GLOBAL_ROOT_GID,
+       .securebits             = SECUREBITS_DEFAULT,
+       .cap_inheritable        = CAP_EMPTY_SET,
+       .cap_permitted          = CAP_FULL_SET,
+       .cap_effective          = CAP_FULL_SET,
+       .cap_bset               = CAP_FULL_SET,
+       .user                   = INIT_USER,
+       .user_ns                = &init_user_ns,
+       .group_info             = &init_groups,
+       .ucounts                = &init_ucounts,
+};
+
 /*
  * Set up the first task table, touch at your own risk!. Base=0,
  * limit=0x1fffff (=2MB)

diff --git a/kernel/cred.c b/kernel/cred.c
index dbf6b687dc5c5a25cf2eb8af933c64f26c444b3f..ac87ed9d43b1c077fdfa01ca5e42e58a04f37495 100644 (file)
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -35,33 +35,6 @@ do {                                                                 \
 
 static struct kmem_cache *cred_jar;
 
-/* init to 2 - one for init_task, one to ensure it is never freed */
-static struct group_info init_groups = { .usage = REFCOUNT_INIT(2) };
-
-/*
- * The initial credentials for the initial task
- */
-struct cred init_cred = {
-       .usage                  = ATOMIC_INIT(4),
-       .uid                    = GLOBAL_ROOT_UID,
-       .gid                    = GLOBAL_ROOT_GID,
-       .suid                   = GLOBAL_ROOT_UID,
-       .sgid                   = GLOBAL_ROOT_GID,
-       .euid                   = GLOBAL_ROOT_UID,
-       .egid                   = GLOBAL_ROOT_GID,
-       .fsuid                  = GLOBAL_ROOT_UID,
-       .fsgid                  = GLOBAL_ROOT_GID,
-       .securebits             = SECUREBITS_DEFAULT,
-       .cap_inheritable        = CAP_EMPTY_SET,
-       .cap_permitted          = CAP_FULL_SET,
-       .cap_effective          = CAP_FULL_SET,
-       .cap_bset               = CAP_FULL_SET,
-       .user                   = INIT_USER,
-       .user_ns                = &init_user_ns,
-       .group_info             = &init_groups,
-       .ucounts                = &init_ucounts,
-};
-
 /*
  * The RCU callback to actually dispose of a set of credentials
  */

diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index b5d5333ab3300e86862515082946552fcf4e6e1d..a63c46bb2d148080add6a194579f7b1093c04d82 100644 (file)
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -51,7 +51,7 @@ static struct key *get_user_register(struct user_namespace *user_ns)
        if (!reg_keyring) {
                reg_keyring = keyring_alloc(".user_reg",
                                            user_ns->owner, INVALID_GID,
-                                           &init_cred,
+                                           kernel_cred(),
                                            KEY_POS_WRITE | KEY_POS_SEARCH |
                                            KEY_USR_VIEW | KEY_USR_READ,
                                            0,