Documentation/security/credentials.rst | 6 ++---- Documentation/translations/zh_CN/security/credentials.rst | 6 ++---- include/linux/cred.h | 1 - rust/helpers/task.c | 5 ----- rust/kernel/task.rs | 10 ---------- 5 files changed, 4 insertions(+), 24 deletions(-)
task_euid() is a very weird operation. You can see how weird it is by
grepping for task_euid() - binder is its only user. task_euid() obtains
the objective effective UID - it looks at the credentials of the task
for purposes of acting on it as an object, but then accesses the
effective UID (which the credentials.7 man page describes as "[...] used
by the kernel to determine the permissions that the process will have
when accessing shared resources [...]").
Since usage in Binder has now been removed, get rid of the resulting
dead code.
Changes to the zh_CN translation was carried out with the help of
Gemini and Google Translate.
Suggested-by: Jann Horn <jannh@google.com>
Signed-off-by: Alice Ryhl <aliceryhl@google.com>
---
Depends on these two changes:
https://lore.kernel.org/all/20260212-rust-uid-v1-1-deff4214c766@google.com/
https://lore.kernel.org/all/20260213-binder-uid-v1-0-7b795ae05523@google.com/
---
Documentation/security/credentials.rst | 6 ++----
Documentation/translations/zh_CN/security/credentials.rst | 6 ++----
include/linux/cred.h | 1 -
rust/helpers/task.c | 5 -----
rust/kernel/task.rs | 10 ----------
5 files changed, 4 insertions(+), 24 deletions(-)
diff --git a/Documentation/security/credentials.rst b/Documentation/security/credentials.rst
index d0191c8b8060edb7b272402c019cff941ec22743..81d3b5737d85bde9b77bff94dfb93ed8037b2302 100644
--- a/Documentation/security/credentials.rst
+++ b/Documentation/security/credentials.rst
@@ -393,16 +393,14 @@ the credentials so obtained when they're finished with.
The result of ``__task_cred()`` should not be passed directly to
``get_cred()`` as this may race with ``commit_cred()``.
-There are a couple of convenience functions to access bits of another task's
-credentials, hiding the RCU magic from the caller::
+There is a convenience function to access bits of another task's credentials,
+hiding the RCU magic from the caller::
uid_t task_uid(task) Task's real UID
- uid_t task_euid(task) Task's effective UID
If the caller is holding the RCU read lock at the time anyway, then::
__task_cred(task)->uid
- __task_cred(task)->euid
should be used instead. Similarly, if multiple aspects of a task's credentials
need to be accessed, RCU read lock should be used, ``__task_cred()`` called,
diff --git a/Documentation/translations/zh_CN/security/credentials.rst b/Documentation/translations/zh_CN/security/credentials.rst
index 88fcd9152ffe91d79fc10bfc7b2a37d301b4938a..f0b2efec342438b81be415dc513622c961bb7e59 100644
--- a/Documentation/translations/zh_CN/security/credentials.rst
+++ b/Documentation/translations/zh_CN/security/credentials.rst
@@ -337,15 +337,13 @@ const指针上操作,因此不需要进行类型转换,但需要临时放弃
``__task_cred()`` 的结果不应直接传递给 ``get_cred()`` ,
因为这可能与 ``commit_cred()`` 发生竞争条件。
-还有一些方便的函数可以访问另一个任务凭据的特定部分,将RCU操作对调用方隐藏起来::
+有一个方便的函数可用于访问另一个任务凭据的特定部分,从而对调用方隐藏RCU机制::
uid_t task_uid(task) Task's real UID
- uid_t task_euid(task) Task's effective UID
-如果调用方在此时已经持有RCU读锁,则应使用::
+如果调用方在此时已经持有RCU读锁,则应改为使用::
__task_cred(task)->uid
- __task_cred(task)->euid
类似地,如果需要访问任务凭据的多个方面,应使用RCU读锁,调用 ``__task_cred()``
函数,将结果存储在临时指针中,然后从临时指针中调用凭据的各个方面,最后释放锁。
diff --git a/include/linux/cred.h b/include/linux/cred.h
index ed1609d78cd7b16ed1434c937176495a4f38cf6e..b40ec3c72ee6673c7be5210a1667e3912cba9620 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -367,7 +367,6 @@ DEFINE_FREE(put_cred, struct cred *, if (!IS_ERR_OR_NULL(_T)) put_cred(_T))
})
#define task_uid(task) (task_cred_xxx((task), uid))
-#define task_euid(task) (task_cred_xxx((task), euid))
#define task_ucounts(task) (task_cred_xxx((task), ucounts))
#define current_cred_xxx(xxx) \
diff --git a/rust/helpers/task.c b/rust/helpers/task.c
index c0e1a06ede78c0b0641707b52a82725543e2c02c..b46b1433a67e8eb341a7ee32ca4247b304bf675f 100644
--- a/rust/helpers/task.c
+++ b/rust/helpers/task.c
@@ -28,11 +28,6 @@ __rust_helper kuid_t rust_helper_task_uid(struct task_struct *task)
return task_uid(task);
}
-__rust_helper kuid_t rust_helper_task_euid(struct task_struct *task)
-{
- return task_euid(task);
-}
-
#ifndef CONFIG_USER_NS
__rust_helper uid_t rust_helper_from_kuid(struct user_namespace *to, kuid_t uid)
{
diff --git a/rust/kernel/task.rs b/rust/kernel/task.rs
index e07d0ddd76f6917adc91ca3d17bb7719153ee17f..169ff1dde9363afc8914b431fe31f2238b213ada 100644
--- a/rust/kernel/task.rs
+++ b/rust/kernel/task.rs
@@ -218,16 +218,6 @@ pub fn uid(&self) -> Kuid {
Kuid::from_raw(unsafe { bindings::task_uid(self.as_ptr()) })
}
- /// Returns the objective effective UID of the given task.
- ///
- /// You should probably not be using this; the effective UID is normally
- /// only relevant in subjective credentials.
- #[inline]
- pub fn euid(&self) -> Kuid {
- // SAFETY: It's always safe to call `task_euid` on a valid task.
- Kuid::from_raw(unsafe { bindings::task_euid(self.as_ptr()) })
- }
-
/// Determines whether the given task has pending signals.
#[inline]
pub fn signal_pending(&self) -> bool {
---
base-commit: 2961f841b025fb234860bac26dfb7fa7cb0fb122
change-id: 20260219-remove-task-euid-19e4b00beebe
prerequisite-change-id: 20260212-rust-uid-f1b3a45c8084:v1
prerequisite-patch-id: 7ec4933af3a7f4c6bb0403c34a6dd41306836295
prerequisite-change-id: 20260213-binder-uid-a24ede5026a8:v1
prerequisite-patch-id: 7be0128bd8902879bb271d0587ac98bf242cf612
prerequisite-patch-id: 4a9d0f595d2084b3f8982a2d0d8b3df35b9fae0e
Best regards,
--
Alice Ryhl <aliceryhl@google.com>On Thu, Feb 19, 2026 at 12:14:39PM +0000, Alice Ryhl wrote: > include/linux/cred.h | 1 - I guess the title of this should probably be cred: delete task_euid() rather than use the 'task:' prefix. Alice
On 2026-02-19 12:14, Alice Ryhl wrote: > task_euid() is a very weird operation. You can see how weird it is by > grepping for task_euid() - binder is its only user. task_euid() obtains > the objective effective UID - it looks at the credentials of the task > for purposes of acting on it as an object, but then accesses the > effective UID (which the credentials.7 man page describes as "[...] > used > by the kernel to determine the permissions that the process will have > when accessing shared resources [...]"). > > Since usage in Binder has now been removed, get rid of the resulting > dead code. > > Changes to the zh_CN translation was carried out with the help of > Gemini and Google Translate. > > Suggested-by: Jann Horn <jannh@google.com> > Signed-off-by: Alice Ryhl <aliceryhl@google.com> Reviewed-by: Gary Guo <gary@garyguo.net> With Alex's translation suggestion applied. Thanks, Gary > --- > Depends on these two changes: > https://lore.kernel.org/all/20260212-rust-uid-v1-1-deff4214c766@google.com/ > https://lore.kernel.org/all/20260213-binder-uid-v1-0-7b795ae05523@google.com/ > --- > Documentation/security/credentials.rst | 6 ++---- > Documentation/translations/zh_CN/security/credentials.rst | 6 ++---- > include/linux/cred.h | 1 - > rust/helpers/task.c | 5 ----- > rust/kernel/task.rs | 10 > ---------- > 5 files changed, 4 insertions(+), 24 deletions(-)
On 2026/2/19 20:14, Alice Ryhl wrote: > task_euid() is a very weird operation. You can see how weird it is by > grepping for task_euid() - binder is its only user. task_euid() obtains > the objective effective UID - it looks at the credentials of the task > for purposes of acting on it as an object, but then accesses the > effective UID (which the credentials.7 man page describes as "[...] used > by the kernel to determine the permissions that the process will have > when accessing shared resources [...]"). > > Since usage in Binder has now been removed, get rid of the resulting > dead code. > > Changes to the zh_CN translation was carried out with the help of > Gemini and Google Translate. > > Suggested-by: Jann Horn<jannh@google.com> > Signed-off-by: Alice Ryhl<aliceryhl@google.com> > --- > Depends on these two changes: > https://lore.kernel.org/all/20260212-rust-uid-v1-1-deff4214c766@google.com/ > https://lore.kernel.org/all/20260213-binder-uid- > v1-0-7b795ae05523@google.com/ > --- > Documentation/security/credentials.rst | 6 ++---- > Documentation/translations/zh_CN/security/credentials.rst | 6 ++---- > include/linux/cred.h | 1 - > rust/helpers/task.c | 5 ----- > rust/kernel/task.rs | 10 ---------- > 5 files changed, 4 insertions(+), 24 deletions(-) > > diff --git a/Documentation/security/credentials.rst b/Documentation/security/credentials.rst > index d0191c8b8060edb7b272402c019cff941ec22743..81d3b5737d85bde9b77bff94dfb93ed8037b2302 100644 > --- a/Documentation/security/credentials.rst > +++ b/Documentation/security/credentials.rst > @@ -393,16 +393,14 @@ the credentials so obtained when they're finished with. > The result of ``__task_cred()`` should not be passed directly to > ``get_cred()`` as this may race with ``commit_cred()``. > > -There are a couple of convenience functions to access bits of another task's > -credentials, hiding the RCU magic from the caller:: > +There is a convenience function to access bits of another task's credentials, > +hiding the RCU magic from the caller:: > > uid_t task_uid(task) Task's real UID > - uid_t task_euid(task) Task's effective UID > > If the caller is holding the RCU read lock at the time anyway, then:: > > __task_cred(task)->uid > - __task_cred(task)->euid > > should be used instead. Similarly, if multiple aspects of a task's credentials > need to be accessed, RCU read lock should be used, ``__task_cred()`` called, > diff --git a/Documentation/translations/zh_CN/security/credentials.rst b/Documentation/translations/zh_CN/security/credentials.rst > index 88fcd9152ffe91d79fc10bfc7b2a37d301b4938a..f0b2efec342438b81be415dc513622c961bb7e59 100644 > --- a/Documentation/translations/zh_CN/security/credentials.rst > +++ b/Documentation/translations/zh_CN/security/credentials.rst > @@ -337,15 +337,13 @@ const指针上操作,因此不需要进行类型转换,但需要临时放弃 > ``__task_cred()`` 的结果不应直接传递给 ``get_cred()`` , > 因为这可能与 ``commit_cred()`` 发生竞争条件。 > > -还有一些方便的函数可以访问另一个任务凭据的特定部分,将RCU操作对调用方隐藏起来:: > +有一个方便的函数可用于访问另一个任务凭据的特定部分,从而对调用方隐藏RCU机制:: LGTM. > > uid_t task_uid(task) Task's real UID > - uid_t task_euid(task) Task's effective UID > > -如果调用方在此时已经持有RCU读锁,则应使用:: > +如果调用方在此时已经持有RCU读锁,则应改为使用:: Please keep the old version. the new one is a bit ambiguous. Thanks Alex
On Thu, Feb 19, 2026 at 10:27:01PM +0800, Alex Shi wrote: > > > On 2026/2/19 20:14, Alice Ryhl wrote: > > task_euid() is a very weird operation. You can see how weird it is by > > grepping for task_euid() - binder is its only user. task_euid() obtains > > the objective effective UID - it looks at the credentials of the task > > for purposes of acting on it as an object, but then accesses the > > effective UID (which the credentials.7 man page describes as "[...] used > > by the kernel to determine the permissions that the process will have > > when accessing shared resources [...]"). > > > > Since usage in Binder has now been removed, get rid of the resulting > > dead code. > > > > Changes to the zh_CN translation was carried out with the help of > > Gemini and Google Translate. > > diff --git a/Documentation/translations/zh_CN/security/credentials.rst b/Documentation/translations/zh_CN/security/credentials.rst > > index 88fcd9152ffe91d79fc10bfc7b2a37d301b4938a..f0b2efec342438b81be415dc513622c961bb7e59 100644 > > --- a/Documentation/translations/zh_CN/security/credentials.rst > > +++ b/Documentation/translations/zh_CN/security/credentials.rst > > @@ -337,15 +337,13 @@ const指针上操作,因此不需要进行类型转换,但需要临时放弃 > > ``__task_cred()`` 的结果不应直接传递给 ``get_cred()`` , > > 因为这可能与 ``commit_cred()`` 发生竞争条件。 > > -还有一些方便的函数可以访问另一个任务凭据的特定部分,将RCU操作对调用方隐藏起来:: > > +有一个方便的函数可用于访问另一个任务凭据的特定部分,从而对调用方隐藏RCU机制:: > > LGTM. > > > uid_t task_uid(task) Task's real UID > > - uid_t task_euid(task) Task's effective UID > > -如果调用方在此时已经持有RCU读锁,则应使用:: > > +如果调用方在此时已经持有RCU读锁,则应改为使用:: > > Please keep the old version. the new one is a bit ambiguous. Thanks for checking! Alice
© 2016 - 2026 Red Hat, Inc.