creds: Dump creds with the help of parasite

Currently move there the secbits dumping, which is not dumped
via misc-dumping command. This patch is required to support
per-task groups dumping (setgroups/getgroups) -- we'll have to
drain the groups from parasite.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

cr-dump.c

@@ -20,6 +20,13 @@
 
 #include <linux/major.h>
 
+#include "protobuf.h"
+#include "protobuf/fdinfo.pb-c.h"
+#include "protobuf/fs.pb-c.h"
+#include "protobuf/mm.pb-c.h"
+#include "protobuf/creds.pb-c.h"
+#include "protobuf/core.pb-c.h"
+
 #include "types.h"
 #include "list.h"
 #include "file-ids.h"
@@ -50,13 +57,6 @@
 #include "tty.h"
 #include "net.h"
 
-#include "protobuf.h"
-#include "protobuf/fdinfo.pb-c.h"
-#include "protobuf/fs.pb-c.h"
-#include "protobuf/mm.pb-c.h"
-#include "protobuf/creds.pb-c.h"
-#include "protobuf/core.pb-c.h"
-
 #ifndef CONFIG_X86_64
 # error No x86-32 support yet
 #endif
@@ -442,18 +442,17 @@ err:
 	return ret;
 }
 
-static int dump_task_creds(pid_t pid, const struct parasite_dump_misc *misc,
-			   const struct cr_fdset *fds)
+static int dump_task_creds(struct parasite_ctl *ctl, const struct cr_fdset *fds)
 {
 	int ret;
 	struct proc_status_creds cr;
 	CredsEntry ce = CREDS_ENTRY__INIT;
 
 	pr_info("\n");
-	pr_info("Dumping creds for %d)\n", pid);
+	pr_info("Dumping creds for %d)\n", ctl->pid);
 	pr_info("----------------------------------------\n");
 
-	ret = parse_pid_status(pid, &cr);
+	ret = parse_pid_status(ctl->pid, &cr);
 	if (ret < 0)
 		return ret;
 
@@ -477,7 +476,8 @@ static int dump_task_creds(pid_t pid, const struct parasite_dump_misc *misc,
 	ce.n_cap_bnd = CR_CAP_SIZE;
 	ce.cap_bnd = cr.cap_bnd;
 
-	ce.secbits = misc->secbits;
+	if (parasite_dump_creds(ctl, &ce) < 0)
+		return -1;
 
 	return pb_write_one(fdset_fd(fds, CR_FD_CREDS), &ce, PB_CREDS);
 }
@@ -1531,21 +1531,21 @@ static int dump_one_task(struct pstree_item *item)
 		goto err_cure;
 	}
 
-	ret = parasite_cure_seized(parasite_ctl);
+	ret = dump_task_creds(parasite_ctl, cr_fdset);
 	if (ret) {
-		pr_err("Can't cure (pid: %d) from parasite\n", pid);
+		pr_err("Dump creds (pid: %d) failed with %d\n", pid, ret);
 		goto err;
 	}
 
-	ret = dump_task_mappings(pid, &vma_area_list, cr_fdset);
+	ret = parasite_cure_seized(parasite_ctl);
 	if (ret) {
-		pr_err("Dump mappings (pid: %d) failed with %d\n", pid, ret);
+		pr_err("Can't cure (pid: %d) from parasite\n", pid);
 		goto err;
 	}
 
-	ret = dump_task_creds(pid, &misc, cr_fdset);
+	ret = dump_task_mappings(pid, &vma_area_list, cr_fdset);
 	if (ret) {
-		pr_err("Dump creds (pid: %d) failed with %d\n", pid, ret);
+		pr_err("Dump mappings (pid: %d) failed with %d\n", pid, ret);
 		goto err;
 	}
 

include/parasite-syscall.h

@@ -30,6 +30,7 @@ extern int parasite_dump_itimers_seized(struct parasite_ctl *ctl, struct cr_fdse
 
 struct parasite_dump_misc;
 extern int parasite_dump_misc_seized(struct parasite_ctl *ctl, struct parasite_dump_misc *misc);
+extern int parasite_dump_creds(struct parasite_ctl *ctl, CredsEntry *ce);
 extern int parasite_dump_pages_seized(struct parasite_ctl *ctl,
 				      struct list_head *vma_area_list,
 				      struct cr_fdset *cr_fdset);

include/parasite.h

@@ -29,6 +29,7 @@ enum {
 	PARASITE_CMD_DUMP_SIGACTS,
 	PARASITE_CMD_DUMP_ITIMERS,
 	PARASITE_CMD_DUMP_MISC,
+	PARASITE_CMD_DUMP_CREDS,
 	PARASITE_CMD_DUMP_TID_ADDR,
 	PARASITE_CMD_DRAIN_FDS,
 	PARASITE_CMD_GET_PROC_FD,
@@ -71,7 +72,6 @@ struct parasite_dump_itimers_args {
  */
 
 struct parasite_dump_misc {
-	unsigned int		secbits;
 	unsigned long		brk;
 	k_rtsigset_t		blocked;
 
@@ -80,6 +80,10 @@ struct parasite_dump_misc {
 	u32 pgid;
 };
 
+struct parasite_dump_creds {
+	unsigned int		secbits;
+};
+
 struct parasite_dump_tid_info {
 	unsigned int		*tid_addr;
 	int			tid;

parasite-syscall.c

@@ -4,6 +4,11 @@
 #include <sys/wait.h>
 #include <sys/mman.h>
 
+#include "protobuf.h"
+#include "protobuf/sa.pb-c.h"
+#include "protobuf/itimer.pb-c.h"
+#include "protobuf/creds.pb-c.h"
+
 #include "syscall.h"
 #include "ptrace.h"
 #include "processor-flags.h"
@@ -14,10 +19,6 @@
 #include "namespaces.h"
 #include "pstree.h"
 
-#include "protobuf.h"
-#include "protobuf/sa.pb-c.h"
-#include "protobuf/itimer.pb-c.h"
-
 #include <string.h>
 #include <stdlib.h>
 
@@ -531,6 +532,18 @@ int parasite_dump_misc_seized(struct parasite_ctl *ctl, struct parasite_dump_mis
 	return 0;
 }
 
+int parasite_dump_creds(struct parasite_ctl *ctl, CredsEntry *ce)
+{
+	struct parasite_dump_creds *pc;
+
+	pc = parasite_args(ctl, sizeof(*pc));
+	if (parasite_execute(PARASITE_CMD_DUMP_CREDS, ctl) < 0)
+		return -1;
+
+	ce->secbits = pc->secbits;
+	return 0;
+}
+
 /*
  * This routine drives parasite code (been previously injected into a victim
  * process) and tells it to dump pages into the file.

parasite.c

@@ -302,7 +302,6 @@ static int reset_blocked = 0;
 
 static int dump_misc(struct parasite_dump_misc *args)
 {
-	args->secbits = sys_prctl(PR_GET_SECUREBITS, 0, 0, 0, 0);
 	args->brk = sys_brk(0);
 	args->blocked = old_blocked;
 
@@ -313,6 +312,12 @@ static int dump_misc(struct parasite_dump_misc *args)
 	return 0;
 }
 
+static int dump_creds(struct parasite_dump_creds *args)
+{
+	args->secbits = sys_prctl(PR_GET_SECUREBITS, 0, 0, 0, 0);
+	return 0;
+}
+
 static int dump_tid_info(struct parasite_dump_tid_info *args)
 {
 	int ret;
@@ -474,6 +479,8 @@ int __used parasite_service(unsigned int cmd, void *args)
 		return dump_itimers((struct parasite_dump_itimers_args *)args);
 	case PARASITE_CMD_DUMP_MISC:
 		return dump_misc((struct parasite_dump_misc *)args);
+	case PARASITE_CMD_DUMP_CREDS:
+		return dump_creds((struct parasite_dump_creds *)args);
 	case PARASITE_CMD_DUMP_TID_ADDR:
 		return dump_tid_info((struct parasite_dump_tid_info *)args);
 	case PARASITE_CMD_DRAIN_FDS: