From patchwork Mon Nov 25 14:09:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 13884943 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D907F1AF0DB; Mon, 25 Nov 2024 14:10:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543823; cv=none; b=F4a/4G4lFdPyVGKtG07VmzMsatJ7AMqoPCVoUeF87EHXZU6UKMJGyUsdtzhqgUrm3phRN86STbqP8RQnOtPoo1NHznYpyKpnb2gprOli384Dy/8sZsT+z+wM2soGld6BdhskvWMRT+o5lLbzXDpd3qMFe+TMJaNLT9Xr/1m0apc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543823; c=relaxed/simple; bh=fLqCiF+mBsMIjOyHGEU55b0Zdv4itIK4uNb5S2hv8OY=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=dwKCgqWctwkmZNp4jcW6+UuymvllIGB73I2js1M8JddKYu2jIcrI7O93ezlMUnopP6A7qQbP0+Sr4v7V+6upSVa4J2V/WibzqA3HcLDl1i1JXKPZF6xhU24kaeLCcWzwqDXQbKNh/3H62CvVw1ujFpg1/3rdLcM6yF1WjKWndrI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=hbA6jDs9; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="hbA6jDs9" Received: by smtp.kernel.org (Postfix) with ESMTPSA id B517EC4CECE; Mon, 25 Nov 2024 14:10:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732543823; bh=fLqCiF+mBsMIjOyHGEU55b0Zdv4itIK4uNb5S2hv8OY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=hbA6jDs9IOLrQO18XtyaOg5JNwINHmrPOvKXlFRTwb1rpSyg4k6sjUmD3G6qmbYA7 Omue60Bimflz/QfP7m3KA8vOrk5DIx8k8lylffOAjrBN8Hh1vXegxt2SxsOY3aguAK NJZIwb+eDgzmYla+USdIahrzM/J3Tx+bsAPwh4kONbOsMMmztV/3r92OcFoicOHLbE Q8/2NC6QMuuc7rDxr3AZDSzlTm6vpnEIHRzVZLB8jNUEUlpYW5LmyTcKEN8y1ds4TT dUM0n7A4NxXmQwrtHfBWZO2wNlw8/r0cdALNZqwsUNKJeT1ENbEE8ErGsKgt+wNDLx vrgyrICGQSB0g== From: Christian Brauner Date: Mon, 25 Nov 2024 15:09:57 +0100 Subject: [PATCH v2 01/29] tree-wide: s/override_creds()/override_creds_light(get_new_cred())/g Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241125-work-cred-v2-1-68b9d38bb5b2@kernel.org> References: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> In-Reply-To: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> To: Linus Torvalds Cc: Amir Goldstein , Miklos Szeredi , Al Viro , Jens Axboe , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-355e8 X-Developer-Signature: v=1; a=openpgp-sha256; l=15828; i=brauner@kernel.org; h=from:subject:message-id; bh=fLqCiF+mBsMIjOyHGEU55b0Zdv4itIK4uNb5S2hv8OY=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaS7tHo8vPDtu2jLk6lSRzN+5C7kUY7xmn6sJJ+hdePZh vlN3NGdHaUsDGJcDLJiiiwO7Sbhcst5KjYbZWrAzGFlAhnCwMUpABN5VMHwT3Xio+5z21/YvDA1 UhU98aWYP8xoenfbQ4OSQEHOiQ+jMhj+e236XrAudYpdUvqpBWHW1cX7DigEXLyzb/btWHUfzbw KVgA= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Convert all callers from override_creds() to override_creds_light(get_new_cred()) in preparation of making override_creds() not take a separate reference at all. Signed-off-by: Christian Brauner --- drivers/base/firmware_loader/main.c | 2 +- drivers/crypto/ccp/sev-dev.c | 2 +- drivers/target/target_core_configfs.c | 2 +- fs/aio.c | 2 +- fs/binfmt_misc.c | 2 +- fs/cachefiles/internal.h | 2 +- fs/coredump.c | 2 +- fs/nfs/localio.c | 4 ++-- fs/nfs/nfs4idmap.c | 2 +- fs/nfsd/auth.c | 2 +- fs/nfsd/nfs4recover.c | 2 +- fs/nfsd/nfsfh.c | 2 +- fs/open.c | 2 +- fs/overlayfs/copy_up.c | 2 +- fs/smb/client/cifs_spnego.c | 2 +- fs/smb/client/cifsacl.c | 4 ++-- fs/smb/server/smb_common.c | 2 +- include/linux/cred.h | 5 +++-- io_uring/io_uring.c | 2 +- io_uring/sqpoll.c | 2 +- kernel/acct.c | 2 +- kernel/cgroup/cgroup.c | 2 +- kernel/trace/trace_events_user.c | 2 +- net/dns_resolver/dns_query.c | 2 +- 24 files changed, 28 insertions(+), 27 deletions(-) diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index 324a9a3c087aa2e2c4e0b53b30a2f11f61195aa3..74039d6b2b71b91d0d1d57b71f74501abaf646e2 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -912,7 +912,7 @@ _request_firmware(const struct firmware **firmware_p, const char *name, ret = -ENOMEM; goto out; } - old_cred = override_creds(kern_cred); + old_cred = override_creds_light(get_new_cred(kern_cred)); ret = fw_get_filesystem_firmware(device, fw->priv, "", NULL); diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index af018afd9cd7fc68c5f9004e2d0a2ee162d8c4b9..2ad6e41af085a400e88b3207c9b55345f57526e1 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -244,7 +244,7 @@ static struct file *open_file_as_root(const char *filename, int flags, umode_t m if (!cred) return ERR_PTR(-ENOMEM); cred->fsuid = GLOBAL_ROOT_UID; - old_cred = override_creds(cred); + old_cred = override_creds_light(get_new_cred(cred)); fp = file_open_root(&root, filename, flags, mode); path_put(&root); diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c index c40217f44b1bc53d149e8d5ea12c0e5297373800..be98d16b2c57c933ffe2c2477b881144f2283630 100644 --- a/drivers/target/target_core_configfs.c +++ b/drivers/target/target_core_configfs.c @@ -3756,7 +3756,7 @@ static int __init target_core_init_configfs(void) ret = -ENOMEM; goto out; } - old_cred = override_creds(kern_cred); + old_cred = override_creds_light(get_new_cred(kern_cred)); target_init_dbroot(); revert_creds(old_cred); put_cred(kern_cred); diff --git a/fs/aio.c b/fs/aio.c index 50671640b5883f5d20f652e23c4ea3fe04c989f2..a52fe2e999e73b00af9a19f1c01f0e384f667871 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -1639,7 +1639,7 @@ static int aio_write(struct kiocb *req, const struct iocb *iocb, static void aio_fsync_work(struct work_struct *work) { struct aio_kiocb *iocb = container_of(work, struct aio_kiocb, fsync.work); - const struct cred *old_cred = override_creds(iocb->fsync.creds); + const struct cred *old_cred = override_creds_light(get_new_cred(iocb->fsync.creds)); iocb->ki_res.res = vfs_fsync(iocb->fsync.file, iocb->fsync.datasync); revert_creds(old_cred); diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c index 31660d8cc2c610bd42f00f1de7ed6c39618cc5db..f8355eee3d19ef6d20565ec1938e8691ba084d83 100644 --- a/fs/binfmt_misc.c +++ b/fs/binfmt_misc.c @@ -826,7 +826,7 @@ static ssize_t bm_register_write(struct file *file, const char __user *buffer, * didn't matter much as only a privileged process could open * the register file. */ - old_cred = override_creds(file->f_cred); + old_cred = override_creds_light(get_new_cred(file->f_cred)); f = open_exec(e->interpreter); revert_creds(old_cred); if (IS_ERR(f)) { diff --git a/fs/cachefiles/internal.h b/fs/cachefiles/internal.h index 7b99bd98de75b8d95e09da1ca7cd1bb3378fcc62..b156cc2e0e63b28b521923b578cb3547dece5e66 100644 --- a/fs/cachefiles/internal.h +++ b/fs/cachefiles/internal.h @@ -393,7 +393,7 @@ extern int cachefiles_determine_cache_security(struct cachefiles_cache *cache, static inline void cachefiles_begin_secure(struct cachefiles_cache *cache, const struct cred **_saved_cred) { - *_saved_cred = override_creds(cache->cache_cred); + *_saved_cred = override_creds_light(get_new_cred(cache->cache_cred)); } static inline void cachefiles_end_secure(struct cachefiles_cache *cache, diff --git a/fs/coredump.c b/fs/coredump.c index d48edb37bc35c0896d97a2f6a6cc259d8812f936..b6aae41b80d22bfed78eed6f3e45bdeb5d2daf06 100644 --- a/fs/coredump.c +++ b/fs/coredump.c @@ -576,7 +576,7 @@ void do_coredump(const kernel_siginfo_t *siginfo) if (retval < 0) goto fail_creds; - old_cred = override_creds(cred); + old_cred = override_creds_light(get_new_cred(cred)); ispipe = format_corename(&cn, &cprm, &argv, &argc); diff --git a/fs/nfs/localio.c b/fs/nfs/localio.c index 8f0ce82a677e1589092a30240d6e60a289d64a58..018e8159c5679757f9fbf257ad3ef60e89d3ee09 100644 --- a/fs/nfs/localio.c +++ b/fs/nfs/localio.c @@ -371,7 +371,7 @@ static void nfs_local_call_read(struct work_struct *work) struct iov_iter iter; ssize_t status; - save_cred = override_creds(filp->f_cred); + save_cred = override_creds_light(get_new_cred(filp->f_cred)); nfs_local_iter_init(&iter, iocb, READ); @@ -541,7 +541,7 @@ static void nfs_local_call_write(struct work_struct *work) ssize_t status; current->flags |= PF_LOCAL_THROTTLE | PF_MEMALLOC_NOIO; - save_cred = override_creds(filp->f_cred); + save_cred = override_creds_light(get_new_cred(filp->f_cred)); nfs_local_iter_init(&iter, iocb, WRITE); diff --git a/fs/nfs/nfs4idmap.c b/fs/nfs/nfs4idmap.c index 25a7c771cfd89f3e6d494f26a78212d3d619c135..b9442f70271d8397fb36dcb62570f6d304fe5c71 100644 --- a/fs/nfs/nfs4idmap.c +++ b/fs/nfs/nfs4idmap.c @@ -311,7 +311,7 @@ static ssize_t nfs_idmap_get_key(const char *name, size_t namelen, const struct user_key_payload *payload; ssize_t ret; - saved_cred = override_creds(id_resolver_cache); + saved_cred = override_creds_light(get_new_cred(id_resolver_cache)); rkey = nfs_idmap_request_key(name, namelen, type, idmap); revert_creds(saved_cred); diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c index 93e33d1ee8917fc5d462f56b5c65380f7555e638..614a5ec4824b4ab9f6faa132c565688c94261704 100644 --- a/fs/nfsd/auth.c +++ b/fs/nfsd/auth.c @@ -79,7 +79,7 @@ int nfsd_setuser(struct svc_cred *cred, struct svc_export *exp) else new->cap_effective = cap_raise_nfsd_set(new->cap_effective, new->cap_permitted); - put_cred(override_creds(new)); + put_cred(override_creds_light(get_new_cred(new))); put_cred(new); return 0; diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c index b7d61eb8afe9e10d94b614ae50c2790fe6816732..f55ed06611aaaffa6dc8723b96b9876a3a3db0f7 100644 --- a/fs/nfsd/nfs4recover.c +++ b/fs/nfsd/nfs4recover.c @@ -81,7 +81,7 @@ nfs4_save_creds(const struct cred **original_creds) new->fsuid = GLOBAL_ROOT_UID; new->fsgid = GLOBAL_ROOT_GID; - *original_creds = override_creds(new); + *original_creds = override_creds_light(get_new_cred(new)); put_cred(new); return 0; } diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c index 40ad58a6a0361e48a48262a2c61abbcfd908a3bb..8e323cc8e2c5b26ec660ceedeb95be4ef0ac809e 100644 --- a/fs/nfsd/nfsfh.c +++ b/fs/nfsd/nfsfh.c @@ -221,7 +221,7 @@ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct net *net, new->cap_effective = cap_raise_nfsd_set(new->cap_effective, new->cap_permitted); - put_cred(override_creds(new)); + put_cred(override_creds_light(get_new_cred(new))); put_cred(new); } else { error = nfsd_setuser_and_check_port(rqstp, cred, exp); diff --git a/fs/open.c b/fs/open.c index e6911101fe71d665d5f1a6346e5f82212bb8ed65..2459cd061f47f46756b7d0a7bf2f563b631ec1d5 100644 --- a/fs/open.c +++ b/fs/open.c @@ -448,7 +448,7 @@ static const struct cred *access_override_creds(void) */ override_cred->non_rcu = 1; - old_cred = override_creds(override_cred); + old_cred = override_creds_light(get_new_cred(override_cred)); /* override_cred() gets its own ref */ put_cred(override_cred); diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index 3601ddfeddc2ec70764756905d528570ad1020e1..527b041213c8166d60d6a273675c2e2bc18dec36 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -741,7 +741,7 @@ static int ovl_prep_cu_creds(struct dentry *dentry, struct ovl_cu_creds *cc) return err; if (cc->new) - cc->old = override_creds(cc->new); + cc->old = override_creds_light(get_new_cred(cc->new)); return 0; } diff --git a/fs/smb/client/cifs_spnego.c b/fs/smb/client/cifs_spnego.c index af7849e5974ff36619405a12e667e7543bb3926f..da89c334dff3d77ac02b37ae9668d40e04241942 100644 --- a/fs/smb/client/cifs_spnego.c +++ b/fs/smb/client/cifs_spnego.c @@ -157,7 +157,7 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo, sprintf(dp, ";pid=0x%x", current->pid); cifs_dbg(FYI, "key description = %s\n", description); - saved_cred = override_creds(spnego_cred); + saved_cred = override_creds_light(get_new_cred(spnego_cred)); spnego_key = request_key(&cifs_spnego_key_type, description, ""); revert_creds(saved_cred); diff --git a/fs/smb/client/cifsacl.c b/fs/smb/client/cifsacl.c index 1d294d53f662479c0323d5f5a645478c6f590062..136fd84cba004e0e89996e29abcac154dce8674b 100644 --- a/fs/smb/client/cifsacl.c +++ b/fs/smb/client/cifsacl.c @@ -292,7 +292,7 @@ id_to_sid(unsigned int cid, uint sidtype, struct smb_sid *ssid) return -EINVAL; rc = 0; - saved_cred = override_creds(root_cred); + saved_cred = override_creds_light(get_new_cred(root_cred)); sidkey = request_key(&cifs_idmap_key_type, desc, ""); if (IS_ERR(sidkey)) { rc = -EINVAL; @@ -398,7 +398,7 @@ sid_to_id(struct cifs_sb_info *cifs_sb, struct smb_sid *psid, if (!sidstr) return -ENOMEM; - saved_cred = override_creds(root_cred); + saved_cred = override_creds_light(get_new_cred(root_cred)); sidkey = request_key(&cifs_idmap_key_type, sidstr, ""); if (IS_ERR(sidkey)) { cifs_dbg(FYI, "%s: Can't map SID %s to a %cid\n", diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c index 75b4eb856d32f7ddc856ad5cf04906638cede0b5..c2a59956e3a51b7727a7e358f3842d92d70f085d 100644 --- a/fs/smb/server/smb_common.c +++ b/fs/smb/server/smb_common.c @@ -780,7 +780,7 @@ int __ksmbd_override_fsids(struct ksmbd_work *work, cred->cap_effective = cap_drop_fs_set(cred->cap_effective); WARN_ON(work->saved_cred); - work->saved_cred = override_creds(cred); + work->saved_cred = override_creds_light(get_new_cred(cred)); if (!work->saved_cred) { abort_creds(cred); return -EINVAL; diff --git a/include/linux/cred.h b/include/linux/cred.h index e4a3155fe409d6b991fa6639005ebc233fc17dcc..b0bc1fea9ca05a26f4fa719f1d4701f010994288 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -211,9 +211,10 @@ static inline struct cred *get_new_cred_many(struct cred *cred, int nr) * Get a reference on the specified set of new credentials. The caller must * release the reference. */ -static inline struct cred *get_new_cred(struct cred *cred) +static inline struct cred *get_new_cred(const struct cred *cred) { - return get_new_cred_many(cred, 1); + struct cred *nonconst_cred = (struct cred *) cred; + return get_new_cred_many(nonconst_cred, 1); } /** diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index 8012933998837ddcef45c14f1dfe543947a9eaec..7ef3b67ebbde7b04d9428631ee72e7f45245feb4 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -1704,7 +1704,7 @@ static int io_issue_sqe(struct io_kiocb *req, unsigned int issue_flags) return -EBADF; if (unlikely((req->flags & REQ_F_CREDS) && req->creds != current_cred())) - creds = override_creds(req->creds); + creds = override_creds_light(get_new_cred(req->creds)); if (!def->audit_skip) audit_uring_entry(req->opcode); diff --git a/io_uring/sqpoll.c b/io_uring/sqpoll.c index 6df5e649c413e39e36db6cde2a8c6745e533bea9..58a76d5818959a9d7eeef52a8bacd29eba3f3d26 100644 --- a/io_uring/sqpoll.c +++ b/io_uring/sqpoll.c @@ -174,7 +174,7 @@ static int __io_sq_thread(struct io_ring_ctx *ctx, bool cap_entries) const struct cred *creds = NULL; if (ctx->sq_creds != current_cred()) - creds = override_creds(ctx->sq_creds); + creds = override_creds_light(get_new_cred(ctx->sq_creds)); mutex_lock(&ctx->uring_lock); if (!wq_list_empty(&ctx->iopoll_list)) diff --git a/kernel/acct.c b/kernel/acct.c index 179848ad33e978a557ce695a0d6020aa169177c6..8f18eb02dd416b884222b66f0f386379c46b30ea 100644 --- a/kernel/acct.c +++ b/kernel/acct.c @@ -501,7 +501,7 @@ static void do_acct_process(struct bsd_acct_struct *acct) flim = rlimit(RLIMIT_FSIZE); current->signal->rlim[RLIMIT_FSIZE].rlim_cur = RLIM_INFINITY; /* Perform file operations on behalf of whoever enabled accounting */ - orig_cred = override_creds(file->f_cred); + orig_cred = override_creds_light(get_new_cred(file->f_cred)); /* * First check to see if there is enough free_space to continue diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c index d9061bd55436b502e065b477a903ed682d722c2e..97329b4fe5027dcc5d80f6b074f4c494c4794df7 100644 --- a/kernel/cgroup/cgroup.c +++ b/kernel/cgroup/cgroup.c @@ -5216,7 +5216,7 @@ static ssize_t __cgroup_procs_write(struct kernfs_open_file *of, char *buf, * permissions using the credentials from file open to protect against * inherited fd attacks. */ - saved_cred = override_creds(of->file->f_cred); + saved_cred = override_creds_light(get_new_cred(of->file->f_cred)); ret = cgroup_attach_permissions(src_cgrp, dst_cgrp, of->file->f_path.dentry->d_sb, threadgroup, ctx->ns); diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c index 17bcad8f79de70a29fb58f84ce12ffb929515794..4dd7c45d227e9459e694535cee3f853c09826cff 100644 --- a/kernel/trace/trace_events_user.c +++ b/kernel/trace/trace_events_user.c @@ -1469,7 +1469,7 @@ static int user_event_set_call_visible(struct user_event *user, bool visible) */ cred->fsuid = GLOBAL_ROOT_UID; - old_cred = override_creds(cred); + old_cred = override_creds_light(get_new_cred(cred)); if (visible) ret = trace_add_event_call(&user->call); diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c index 82b084cc1cc6349bb532d5ada555b0bcbb1cdbea..a54f5f841cea1edd7f449d4e3e79e37b8ed865f4 100644 --- a/net/dns_resolver/dns_query.c +++ b/net/dns_resolver/dns_query.c @@ -124,7 +124,7 @@ int dns_query(struct net *net, /* make the upcall, using special credentials to prevent the use of * add_key() to preinstall malicious redirections */ - saved_cred = override_creds(dns_resolver_cache); + saved_cred = override_creds_light(get_new_cred(dns_resolver_cache)); rkey = request_key_net(&key_type_dns_resolver, desc, net, options); revert_creds(saved_cred); kfree(desc); From patchwork Mon Nov 25 14:09:58 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 13884944 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 556401B0F30; Mon, 25 Nov 2024 14:10:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543828; cv=none; b=UOnpmA8KBUdmqOWYiwhHO71mS5GHqeYE4Tfqmr4aloRTqOKId0uP76aDrBqe4iPsajjl27eaU8wHGffGD3oFjYU/QFShdViFBuFV4RSYPTgHyjWGAtLJg6vDr5QV8qaGKFmw07lBOy1vBQwv31g4B7Tm1Y6yLjm8AK9wewAOoUA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543828; c=relaxed/simple; bh=SjKEz2+li2uRPamFqPSEXlNbuDaFkAbRJpzDkJXTiBM=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=U5w+NTeeaPr+Tu0UvWcBiJoMZy93nvLzcuuUv/0f0ZUDDM1slQe3ZVK7q8KX0zC3EJiYb2F8fXlKorIKQDobYZhcUc3hHshYLgVUYF7z4ghdNvsF0hlswqa/9O3ZBWZLuiW1SkxRarlfZGjvhpmtXOXeaw2QdG/JxtLfdLiz4lY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=lHuHgJD1; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="lHuHgJD1" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 323B4C4CECF; Mon, 25 Nov 2024 14:10:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732543825; bh=SjKEz2+li2uRPamFqPSEXlNbuDaFkAbRJpzDkJXTiBM=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=lHuHgJD1TX58IfXYgJq7eo7Ss0wrhJ2KnZdPwTB0dF5LWyMLyJEYYYC2jsCjRBpXR lFd5ucx3NyHQ3LwGw6Me6Eww4xDsztvEt2NqTONp88AQX2aO03QywYhsTBxYLWQ96w gyR1wqSTGUSR9gOzIv7i+waE8sBEO64OyypSiG108hOPNNtUN/t10zrEf/c0qlTp63 fiTZQw88tEd7szlQOwx6uqHspYW80gXMP064V1XARjMGaGPw/nBXtYsK8yuJTeEzcn 5cNomuKtaLp2QGmV/xEGuwMCxwzrTbquVi0aYKEoXz4dNQfgmsCGv/Emot/DRfWTwJ AdQeJsn4lga/A== From: Christian Brauner Date: Mon, 25 Nov 2024 15:09:58 +0100 Subject: [PATCH v2 02/29] cred: return old creds from revert_creds_light() Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241125-work-cred-v2-2-68b9d38bb5b2@kernel.org> References: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> In-Reply-To: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> To: Linus Torvalds Cc: Amir Goldstein , Miklos Szeredi , Al Viro , Jens Axboe , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-355e8 X-Developer-Signature: v=1; a=openpgp-sha256; l=899; i=brauner@kernel.org; h=from:subject:message-id; bh=SjKEz2+li2uRPamFqPSEXlNbuDaFkAbRJpzDkJXTiBM=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaS7tHp0bbSay8K/xIbvVA/nzdYDvmVbAtwvBC9+lMUSy vFfQGJLRykLgxgXg6yYIotDu0m43HKeis1GmRowc1iZQIYwcHEKwEQ+LWb4KzHX6iVzXDPvdE/m rhvNn85Zmu756KE/5/17+SIL/gvr4xkZurSOveB88iFSrLDVgeHCtJ2e3LPfPS+dlPItvvtAUV0 FBwA= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 So we can easily convert revert_creds() callers over to drop the reference count explicitly. Signed-off-by: Christian Brauner --- include/linux/cred.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/include/linux/cred.h b/include/linux/cred.h index b0bc1fea9ca05a26f4fa719f1d4701f010994288..57cf0256ea292b6c981238573658094649c4757a 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -185,9 +185,12 @@ static inline const struct cred *override_creds_light(const struct cred *overrid return old; } -static inline void revert_creds_light(const struct cred *revert_cred) +static inline const struct cred *revert_creds_light(const struct cred *revert_cred) { + const struct cred *override_cred = current->cred; + rcu_assign_pointer(current->cred, revert_cred); + return override_cred; } /** From patchwork Mon Nov 25 14:09:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 13884945 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 466A41B0F2E; Mon, 25 Nov 2024 14:10:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543828; cv=none; b=r/rk7QKf4ESK1oT25SQVn25IfMhXW1ihOS4V5L5o2XMsoAw7T0lA3mlLIFL2JTMANQb4nYszhPrlAuxmJ6BOyhz3F3X9orGP2O20++7nP47glGk3VzmzZK2I5ImuUCbP7zDx/uCsj3m2FEgl0Hc3cxuqJcP5fahfTipDNEzBK00= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543828; c=relaxed/simple; bh=gC0jRr7SJocuxeu8i3/i44uK6+CHFY73c8gGSEAwCj8=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=rCprbJpG2IT6QFXFPLuyVqz/DYmNrpJ1p7H+8ghx4OG2IulqXOe2Y27qwiEYkLiZL+rMgO7BOBlpIDuxCXD+Qtd/CbPBHh8xSBgrNImKswJ+yldtUWRbdV6Ykb6agJ0Kll41wyRtd/X1WfKu97nT2oujSyErF0SYGe0iuwU17kk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=SHl4YY3Z; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="SHl4YY3Z" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 45D16C4CED2; Mon, 25 Nov 2024 14:10:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732543828; bh=gC0jRr7SJocuxeu8i3/i44uK6+CHFY73c8gGSEAwCj8=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=SHl4YY3Z+QXIKiagn6NwKLE6FHUdqFGEEBAnhfqvH/yUfKukHgf32Mmn/f3Y928Wx Osrhl8K8G4rQJZpXyUjIFfyV2A1NQph0wjhuxkuGzNgVx2feBQzM7xi2Mhfbi/1k1c 3+RKYeTKO6fjhZ8hiCKxlaNgaMYsc5cMHMN4SFKBkkiND0apwJBeXAyH7NbhMP+FYZ TvdlLs+rhkUyKS4SxAwKX72uYfRH0xzw63FVsIgXpzyP/qluthFsfc2yaJQScEJ/sP qebQWHlUOCAA7Yk72N5DY1K50ifCD6+puP4FRVuP0qQTWDy5g2Yx06nxC8wppspNb8 Zv7DmdrXJpetA== From: Christian Brauner Date: Mon, 25 Nov 2024 15:09:59 +0100 Subject: [PATCH v2 03/29] tree-wide: s/revert_creds()/put_cred(revert_creds_light())/g Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241125-work-cred-v2-3-68b9d38bb5b2@kernel.org> References: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> In-Reply-To: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> To: Linus Torvalds Cc: Amir Goldstein , Miklos Szeredi , Al Viro , Jens Axboe , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-355e8 X-Developer-Signature: v=1; a=openpgp-sha256; l=13577; i=brauner@kernel.org; h=from:subject:message-id; bh=gC0jRr7SJocuxeu8i3/i44uK6+CHFY73c8gGSEAwCj8=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaS7tHrMn560sF9WkX293KK4dSlf7rsyfXnuEx3pfG9HR cJ7Xd6ojlIWBjEuBlkxRRaHdpNwueU8FZuNMjVg5rAygQxh4OIUgImoTWNkmCElVWcgmPB6jf/3 Obu7ZidrL/Uof5u+rfdwIcfiHT9v72f4Z/hSSGqHZ8G+4MOOLTEzPrDUPl3kx1bsc/nh3Ly+J7e EOAE= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Convert all calls to revert_creds() over to explicitly dropping reference counts in preparation for converting revert_creds() to revert_creds_light() semantics. Signed-off-by: Christian Brauner --- drivers/base/firmware_loader/main.c | 2 +- drivers/crypto/ccp/sev-dev.c | 2 +- drivers/target/target_core_configfs.c | 2 +- fs/aio.c | 2 +- fs/binfmt_misc.c | 2 +- fs/cachefiles/internal.h | 2 +- fs/coredump.c | 2 +- fs/nfs/localio.c | 4 ++-- fs/nfs/nfs4idmap.c | 2 +- fs/nfsd/auth.c | 2 +- fs/nfsd/filecache.c | 2 +- fs/nfsd/nfs4recover.c | 2 +- fs/open.c | 2 +- fs/overlayfs/copy_up.c | 2 +- fs/smb/client/cifs_spnego.c | 2 +- fs/smb/client/cifsacl.c | 4 ++-- fs/smb/server/smb_common.c | 2 +- io_uring/io_uring.c | 2 +- io_uring/sqpoll.c | 2 +- kernel/acct.c | 2 +- kernel/cgroup/cgroup.c | 2 +- kernel/trace/trace_events_user.c | 2 +- net/dns_resolver/dns_query.c | 2 +- 23 files changed, 25 insertions(+), 25 deletions(-) diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index 74039d6b2b71b91d0d1d57b71f74501abaf646e2..8e3323a618e4436746258ce289a524f98c3ff60a 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -944,7 +944,7 @@ _request_firmware(const struct firmware **firmware_p, const char *name, } else ret = assign_fw(fw, device); - revert_creds(old_cred); + put_cred(revert_creds_light(old_cred)); put_cred(kern_cred); out: diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 2ad6e41af085a400e88b3207c9b55345f57526e1..9111a51d53e0e74e6d66bffe5b4e1bf1bf9157d0 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -249,7 +249,7 @@ static struct file *open_file_as_root(const char *filename, int flags, umode_t m fp = file_open_root(&root, filename, flags, mode); path_put(&root); - revert_creds(old_cred); + put_cred(revert_creds_light(old_cred)); return fp; } diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c index be98d16b2c57c933ffe2c2477b881144f2283630..564bc71d2d0923b9fdd575d520fd22206259b40a 100644 --- a/drivers/target/target_core_configfs.c +++ b/drivers/target/target_core_configfs.c @@ -3758,7 +3758,7 @@ static int __init target_core_init_configfs(void) } old_cred = override_creds_light(get_new_cred(kern_cred)); target_init_dbroot(); - revert_creds(old_cred); + put_cred(revert_creds_light(old_cred)); put_cred(kern_cred); return 0; diff --git a/fs/aio.c b/fs/aio.c index a52fe2e999e73b00af9a19f1c01f0e384f667871..6b987c48b6712abe2601b23f6aa9fac74c09161c 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -1642,7 +1642,7 @@ static void aio_fsync_work(struct work_struct *work) const struct cred *old_cred = override_creds_light(get_new_cred(iocb->fsync.creds)); iocb->ki_res.res = vfs_fsync(iocb->fsync.file, iocb->fsync.datasync); - revert_creds(old_cred); + put_cred(revert_creds_light(old_cred)); put_cred(iocb->fsync.creds); iocb_put(iocb); } diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c index f8355eee3d19ef6d20565ec1938e8691ba084d83..84a96abfd090230334f935f666a145571c78b3a8 100644 --- a/fs/binfmt_misc.c +++ b/fs/binfmt_misc.c @@ -828,7 +828,7 @@ static ssize_t bm_register_write(struct file *file, const char __user *buffer, */ old_cred = override_creds_light(get_new_cred(file->f_cred)); f = open_exec(e->interpreter); - revert_creds(old_cred); + put_cred(revert_creds_light(old_cred)); if (IS_ERR(f)) { pr_notice("register: failed to install interpreter file %s\n", e->interpreter); diff --git a/fs/cachefiles/internal.h b/fs/cachefiles/internal.h index b156cc2e0e63b28b521923b578cb3547dece5e66..809305dd531760d47e781064c1fc6e328849fc6b 100644 --- a/fs/cachefiles/internal.h +++ b/fs/cachefiles/internal.h @@ -399,7 +399,7 @@ static inline void cachefiles_begin_secure(struct cachefiles_cache *cache, static inline void cachefiles_end_secure(struct cachefiles_cache *cache, const struct cred *saved_cred) { - revert_creds(saved_cred); + put_cred(revert_creds_light(saved_cred)); } /* diff --git a/fs/coredump.c b/fs/coredump.c index b6aae41b80d22bfed78eed6f3e45bdeb5d2daf06..ff119aaa5c313306b1183270a5d95904ed5951f4 100644 --- a/fs/coredump.c +++ b/fs/coredump.c @@ -781,7 +781,7 @@ void do_coredump(const kernel_siginfo_t *siginfo) kfree(argv); kfree(cn.corename); coredump_finish(core_dumped); - revert_creds(old_cred); + put_cred(revert_creds_light(old_cred)); fail_creds: put_cred(cred); fail: diff --git a/fs/nfs/localio.c b/fs/nfs/localio.c index 018e8159c5679757f9fbf257ad3ef60e89d3ee09..77ff066aa938158cd8fcf691ebfbda6385f70449 100644 --- a/fs/nfs/localio.c +++ b/fs/nfs/localio.c @@ -381,7 +381,7 @@ static void nfs_local_call_read(struct work_struct *work) nfs_local_read_done(iocb, status); nfs_local_pgio_release(iocb); - revert_creds(save_cred); + put_cred(revert_creds_light(save_cred)); } static int @@ -554,7 +554,7 @@ static void nfs_local_call_write(struct work_struct *work) nfs_local_vfs_getattr(iocb); nfs_local_pgio_release(iocb); - revert_creds(save_cred); + put_cred(revert_creds_light(save_cred)); current->flags = old_flags; } diff --git a/fs/nfs/nfs4idmap.c b/fs/nfs/nfs4idmap.c index b9442f70271d8397fb36dcb62570f6d304fe5c71..629979b20e98cbc37e148289570574d9ba2e7675 100644 --- a/fs/nfs/nfs4idmap.c +++ b/fs/nfs/nfs4idmap.c @@ -313,7 +313,7 @@ static ssize_t nfs_idmap_get_key(const char *name, size_t namelen, saved_cred = override_creds_light(get_new_cred(id_resolver_cache)); rkey = nfs_idmap_request_key(name, namelen, type, idmap); - revert_creds(saved_cred); + put_cred(revert_creds_light(saved_cred)); if (IS_ERR(rkey)) { ret = PTR_ERR(rkey); diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c index 614a5ec4824b4ab9f6faa132c565688c94261704..dda14811d092689e5aa44bdd29f25403e4e3a780 100644 --- a/fs/nfsd/auth.c +++ b/fs/nfsd/auth.c @@ -27,7 +27,7 @@ int nfsd_setuser(struct svc_cred *cred, struct svc_export *exp) int flags = nfsexp_flags(cred, exp); /* discard any old override before preparing the new set */ - revert_creds(get_cred(current_real_cred())); + put_cred(revert_creds_light(get_cred(current_real_cred()))); new = prepare_creds(); if (!new) return -ENOMEM; diff --git a/fs/nfsd/filecache.c b/fs/nfsd/filecache.c index 2e6783f63712454509c526969a622040985da577..fef2b8eb3a94736cbe8342a95f205f173f598447 100644 --- a/fs/nfsd/filecache.c +++ b/fs/nfsd/filecache.c @@ -1252,7 +1252,7 @@ nfsd_file_acquire_local(struct net *net, struct svc_cred *cred, beres = nfsd_file_do_acquire(NULL, net, cred, client, fhp, may_flags, NULL, pnf, true); - revert_creds(save_cred); + put_cred(revert_creds_light(save_cred)); return beres; } diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c index f55ed06611aaaffa6dc8723b96b9876a3a3db0f7..61c8f4ab10777952088d1312f2e3d606dbc4f801 100644 --- a/fs/nfsd/nfs4recover.c +++ b/fs/nfsd/nfs4recover.c @@ -89,7 +89,7 @@ nfs4_save_creds(const struct cred **original_creds) static void nfs4_reset_creds(const struct cred *original) { - revert_creds(original); + put_cred(revert_creds_light(original)); } static void diff --git a/fs/open.c b/fs/open.c index 2459cd061f47f46756b7d0a7bf2f563b631ec1d5..23c414c10883927129a925a33680affc6f3a0a78 100644 --- a/fs/open.c +++ b/fs/open.c @@ -523,7 +523,7 @@ static long do_faccessat(int dfd, const char __user *filename, int mode, int fla } out: if (old_cred) - revert_creds(old_cred); + put_cred(revert_creds_light(old_cred)); return res; } diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index 527b041213c8166d60d6a273675c2e2bc18dec36..0f19bdbc78a45f35df2829ccc8cc65deef244ffd 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -749,7 +749,7 @@ static int ovl_prep_cu_creds(struct dentry *dentry, struct ovl_cu_creds *cc) static void ovl_revert_cu_creds(struct ovl_cu_creds *cc) { if (cc->new) { - revert_creds(cc->old); + put_cred(revert_creds_light(cc->old)); put_cred(cc->new); } } diff --git a/fs/smb/client/cifs_spnego.c b/fs/smb/client/cifs_spnego.c index da89c334dff3d77ac02b37ae9668d40e04241942..dd270184e7104b597652893292e6586a78bf55c1 100644 --- a/fs/smb/client/cifs_spnego.c +++ b/fs/smb/client/cifs_spnego.c @@ -159,7 +159,7 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo, cifs_dbg(FYI, "key description = %s\n", description); saved_cred = override_creds_light(get_new_cred(spnego_cred)); spnego_key = request_key(&cifs_spnego_key_type, description, ""); - revert_creds(saved_cred); + put_cred(revert_creds_light(saved_cred)); #ifdef CONFIG_CIFS_DEBUG2 if (cifsFYI && !IS_ERR(spnego_key)) { diff --git a/fs/smb/client/cifsacl.c b/fs/smb/client/cifsacl.c index 136fd84cba004e0e89996e29abcac154dce8674b..1da3177fb6dc5a40a4ea79edc5525af11adf699a 100644 --- a/fs/smb/client/cifsacl.c +++ b/fs/smb/client/cifsacl.c @@ -327,7 +327,7 @@ id_to_sid(unsigned int cid, uint sidtype, struct smb_sid *ssid) out_key_put: key_put(sidkey); out_revert_creds: - revert_creds(saved_cred); + put_cred(revert_creds_light(saved_cred)); return rc; invalidate_key: @@ -438,7 +438,7 @@ sid_to_id(struct cifs_sb_info *cifs_sb, struct smb_sid *psid, out_key_put: key_put(sidkey); out_revert_creds: - revert_creds(saved_cred); + put_cred(revert_creds_light(saved_cred)); kfree(sidstr); /* diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c index c2a59956e3a51b7727a7e358f3842d92d70f085d..b13abbf67827fcad9c35606344cca055c09ba9c3 100644 --- a/fs/smb/server/smb_common.c +++ b/fs/smb/server/smb_common.c @@ -800,7 +800,7 @@ void ksmbd_revert_fsids(struct ksmbd_work *work) WARN_ON(!work->saved_cred); cred = current_cred(); - revert_creds(work->saved_cred); + put_cred(revert_creds_light(work->saved_cred)); put_cred(cred); work->saved_cred = NULL; } diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index 7ef3b67ebbde7b04d9428631ee72e7f45245feb4..a6a50e86791e79745ace095af68c4b658e4a2cdc 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -1715,7 +1715,7 @@ static int io_issue_sqe(struct io_kiocb *req, unsigned int issue_flags) audit_uring_exit(!ret, ret); if (creds) - revert_creds(creds); + put_cred(revert_creds_light(creds)); if (ret == IOU_OK) { if (issue_flags & IO_URING_F_COMPLETE_DEFER) diff --git a/io_uring/sqpoll.c b/io_uring/sqpoll.c index 58a76d5818959a9d7eeef52a8bacd29eba3f3d26..42ca6e07e0f7b0fe54a9f09857f87fecb5aa7085 100644 --- a/io_uring/sqpoll.c +++ b/io_uring/sqpoll.c @@ -192,7 +192,7 @@ static int __io_sq_thread(struct io_ring_ctx *ctx, bool cap_entries) if (to_submit && wq_has_sleeper(&ctx->sqo_sq_wait)) wake_up(&ctx->sqo_sq_wait); if (creds) - revert_creds(creds); + put_cred(revert_creds_light(creds)); } return ret; diff --git a/kernel/acct.c b/kernel/acct.c index 8f18eb02dd416b884222b66f0f386379c46b30ea..4e28aa9e1ef278cd7fb3160a27b549155ceaffc3 100644 --- a/kernel/acct.c +++ b/kernel/acct.c @@ -541,7 +541,7 @@ static void do_acct_process(struct bsd_acct_struct *acct) } out: current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim; - revert_creds(orig_cred); + put_cred(revert_creds_light(orig_cred)); } /** diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c index 97329b4fe5027dcc5d80f6b074f4c494c4794df7..68b816955c9c7e0141a073f54b14949b4c37aae6 100644 --- a/kernel/cgroup/cgroup.c +++ b/kernel/cgroup/cgroup.c @@ -5220,7 +5220,7 @@ static ssize_t __cgroup_procs_write(struct kernfs_open_file *of, char *buf, ret = cgroup_attach_permissions(src_cgrp, dst_cgrp, of->file->f_path.dentry->d_sb, threadgroup, ctx->ns); - revert_creds(saved_cred); + put_cred(revert_creds_light(saved_cred)); if (ret) goto out_finish; diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c index 4dd7c45d227e9459e694535cee3f853c09826cff..2fdadb2e8547ec86f48d84c81c95434c811cb3cd 100644 --- a/kernel/trace/trace_events_user.c +++ b/kernel/trace/trace_events_user.c @@ -1476,7 +1476,7 @@ static int user_event_set_call_visible(struct user_event *user, bool visible) else ret = trace_remove_event_call(&user->call); - revert_creds(old_cred); + put_cred(revert_creds_light(old_cred)); put_cred(cred); return ret; diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c index a54f5f841cea1edd7f449d4e3e79e37b8ed865f4..297059b7e2a367f5e745aac4557cda5996689a00 100644 --- a/net/dns_resolver/dns_query.c +++ b/net/dns_resolver/dns_query.c @@ -126,7 +126,7 @@ int dns_query(struct net *net, */ saved_cred = override_creds_light(get_new_cred(dns_resolver_cache)); rkey = request_key_net(&key_type_dns_resolver, desc, net, options); - revert_creds(saved_cred); + put_cred(revert_creds_light(saved_cred)); kfree(desc); if (IS_ERR(rkey)) { ret = PTR_ERR(rkey); From patchwork Mon Nov 25 14:10:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 13884946 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C8CC61B3920; Mon, 25 Nov 2024 14:10:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543830; cv=none; b=U43QBdMdqKhhA0zJsSIWS7oiFjTLSqiv0nMoNDkeQFyjpDpot2ZBdgUfbd2PmSKj0YEepxl0LHXPc/b19Dqs+eZ2r8JpNhA/FpXg8aRVHZkAwg/fAAH9GJ+dEf3lX2t0B1iOKRtaoddMAlqmMqB0O3sEuqn2pTCtoXlOx7VuS5Q= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543830; c=relaxed/simple; bh=UPw9aWgrIHIPegnUJkzvYBHKcE4XQB+Pw79Qimn96uA=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=rdglYPu2RJR3r2spIinUblRYVv8i9UrBfzhU4sS3dDmKgPGucUHZgJSVN71WdgNLR/O2z7ewUUkf8gfXw1y7xYamOTJ8S3NauRN0iOXGnd2oECbFENpx2yqBloyohS0BdY1FcVumCzx99BRpxp6CyHbAxAS/NMlJm9mk9ua42Q8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=eE7pou1T; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="eE7pou1T" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9641EC4CECF; Mon, 25 Nov 2024 14:10:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732543830; bh=UPw9aWgrIHIPegnUJkzvYBHKcE4XQB+Pw79Qimn96uA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=eE7pou1TJvRZwglU9X1raZEgxJ4N8eYrIRAWx8haxEXfGCFJ7nit/HTxn2UdNQHyK FziPqKUwyTn1LEhyZQQvjKkGzhDDhGxCesnasjLCpoF4sIDEE9RVHbq5BmjqqFHTce 4a3aX2hCD6PSnE9/513ImmFQLpVYgFt2+j5ZVTghzVfPU1WLK3J8hjyPk64TssdhTc cwhLgGUnb3Ar2fz3FehcqAkoGZeCIy/6qwxIA9+6xOySh9aNo5gLMXJvSi0VBujhwa pF29uzCpNa2beIzwgyC2EG1KUJnaUBaWAyzZ8UyceMXWtVSsY5KHlrpZlXlwPPeWQo WgOPHwJKWJzTg== From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:00 +0100 Subject: [PATCH v2 04/29] cred: remove old {override,revert}_creds() helpers Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241125-work-cred-v2-4-68b9d38bb5b2@kernel.org> References: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> In-Reply-To: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> To: Linus Torvalds Cc: Amir Goldstein , Miklos Szeredi , Al Viro , Jens Axboe , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-355e8 X-Developer-Signature: v=1; a=openpgp-sha256; l=3355; i=brauner@kernel.org; h=from:subject:message-id; bh=UPw9aWgrIHIPegnUJkzvYBHKcE4XQB+Pw79Qimn96uA=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaS7tHrMs2PjFK7Z/un73V3OXdsid26Tr9Ca9ebZ9Q92k TPzVjAzdJSyMIhxMciKKbI4tJuEyy3nqdhslKkBM4eVCWQIAxenAEykoZrhf+i82tQn3EUeVSeC T7G7uJ1wLnoXMT95JbvjvygjM5cGA4a/0kHRTza9eTDrpBPrZg4Rv63lcRa3k76Vf2a9+SvFNuI MMwA= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 They are now unused. Signed-off-by: Christian Brauner --- include/linux/cred.h | 7 ------- kernel/cred.c | 50 -------------------------------------------------- 2 files changed, 57 deletions(-) diff --git a/include/linux/cred.h b/include/linux/cred.h index 57cf0256ea292b6c981238573658094649c4757a..80dcc18ef6e402a3a30e2dc965e6c85eb9f27ee3 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -155,8 +155,6 @@ extern struct cred *prepare_creds(void); extern struct cred *prepare_exec_creds(void); extern int commit_creds(struct cred *); extern void abort_creds(struct cred *); -extern const struct cred *override_creds(const struct cred *); -extern void revert_creds(const struct cred *); extern struct cred *prepare_kernel_cred(struct task_struct *); extern int set_security_override(struct cred *, u32); extern int set_security_override_from_ctx(struct cred *, const char *); @@ -172,11 +170,6 @@ static inline bool cap_ambient_invariant_ok(const struct cred *cred) cred->cap_inheritable)); } -/* - * Override creds without bumping reference count. Caller must ensure - * reference remains valid or has taken reference. Almost always not the - * interface you want. Use override_creds()/revert_creds() instead. - */ static inline const struct cred *override_creds_light(const struct cred *override_cred) { const struct cred *old = current->cred; diff --git a/kernel/cred.c b/kernel/cred.c index da7da250f7c8b5ad91feb938f1e949c5ccb4914b..9676965c0981a01121757b2d904785c1a59e885f 100644 --- a/kernel/cred.c +++ b/kernel/cred.c @@ -476,56 +476,6 @@ void abort_creds(struct cred *new) } EXPORT_SYMBOL(abort_creds); -/** - * override_creds - Override the current process's subjective credentials - * @new: The credentials to be assigned - * - * Install a set of temporary override subjective credentials on the current - * process, returning the old set for later reversion. - */ -const struct cred *override_creds(const struct cred *new) -{ - const struct cred *old; - - kdebug("override_creds(%p{%ld})", new, - atomic_long_read(&new->usage)); - - /* - * NOTE! This uses 'get_new_cred()' rather than 'get_cred()'. - * - * That means that we do not clear the 'non_rcu' flag, since - * we are only installing the cred into the thread-synchronous - * '->cred' pointer, not the '->real_cred' pointer that is - * visible to other threads under RCU. - */ - get_new_cred((struct cred *)new); - old = override_creds_light(new); - - kdebug("override_creds() = %p{%ld}", old, - atomic_long_read(&old->usage)); - return old; -} -EXPORT_SYMBOL(override_creds); - -/** - * revert_creds - Revert a temporary subjective credentials override - * @old: The credentials to be restored - * - * Revert a temporary set of override subjective credentials to an old set, - * discarding the override set. - */ -void revert_creds(const struct cred *old) -{ - const struct cred *override = current->cred; - - kdebug("revert_creds(%p{%ld})", old, - atomic_long_read(&old->usage)); - - revert_creds_light(old); - put_cred(override); -} -EXPORT_SYMBOL(revert_creds); - /** * cred_fscmp - Compare two credentials with respect to filesystem access. * @a: The first credential From patchwork Mon Nov 25 14:10:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 13884947 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2768C1AF0C6; Mon, 25 Nov 2024 14:10:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543833; cv=none; b=QGCoq5E2775EjSOHT84HDJRiya8feihqRpLYFr3WUv/pylKvaq0XhDojrqtVbNMSv1r8Dbb8jPV57QtomWPDBI+mryImgRFeWnVa05oh5QX/X/jRuhn597tsgLiaurAgGQ8jLD85/bkM2ppF3MJHSER8p/MTZiQ0RYt+6eJ7eoY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543833; c=relaxed/simple; bh=oWcaF/rdLpJQ9HY2+6WJ7AlNAM8u14JVLoM9ZEjj67o=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=NaF51ZXUII4/ms/soXV3vaSOJY8iId79hzs9VOjsEbqtgHhLcKzKc2yVSJVlQGyzR9uHDdYqio3L/9MLXH61mOz6DlUdMBpBwLbJzZzkawQaNErYM6LDSQJFb8soa+QpoMSlaA44cSVOjuyTOsOx1HnjkbtDnaSMgs+yyvALrTY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=CgB1wvjz; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="CgB1wvjz" Received: by smtp.kernel.org (Postfix) with ESMTPSA id CDF61C4CED2; Mon, 25 Nov 2024 14:10:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732543832; bh=oWcaF/rdLpJQ9HY2+6WJ7AlNAM8u14JVLoM9ZEjj67o=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=CgB1wvjzZ38FCFGhTOnzEEoWZ4cFfYoZ3BtnhfURU9AlDca3W3WzZDMF1x0q/toNk 0Y7K1uamggVEkY/NhLMHBc6o1CuVgcnZXL6yPIQ16sKNMgEg23u6lzCXKQMY0HiO+2 QrUSELCXug1z4su/r8sJ65hzIlQv2POP/vIqbCb86Q1SW1W6R7t65p/BYNaXQXonsi BokogQiMYs8H7q3KPY6BaQFHzi+tdFLQ9D1IMi/OkhG/nw5lNZvgt9MI2Qwxfnkmg5 dpqyz3nukg4qaIu5H2ZWtgU0+4tmQc/JR+skH6fKSc1Rw6cWBUX8vh1adYCt2jqnAQ +zGrp+gAnasdQ== From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:01 +0100 Subject: [PATCH v2 05/29] tree-wide: s/override_creds_light()/override_creds()/g Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241125-work-cred-v2-5-68b9d38bb5b2@kernel.org> References: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> In-Reply-To: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> To: Linus Torvalds Cc: Amir Goldstein , Miklos Szeredi , Al Viro , Jens Axboe , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-355e8 X-Developer-Signature: v=1; a=openpgp-sha256; l=19064; i=brauner@kernel.org; h=from:subject:message-id; bh=oWcaF/rdLpJQ9HY2+6WJ7AlNAM8u14JVLoM9ZEjj67o=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaS7tHrUyKrWz3gS9OKyzuP8ZZNimVeZfeU9cXWNlsfpN bP4Q3wmdpSyMIhxMciKKbI4tJuEyy3nqdhslKkBM4eVCWQIAxenAEzE8yrDf4cFznJ+E1kCHn04 8PbstIjvR6cq62RxaRtMXnRMfNW8mZcY/pfavxDZcjXEI2bT6xbeM5tuFu4yDusTbLC2qlTLneA hzwYA X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Rename all calls to override_creds_light() back to overrid_creds(). Signed-off-by: Christian Brauner --- drivers/base/firmware_loader/main.c | 2 +- drivers/crypto/ccp/sev-dev.c | 2 +- drivers/target/target_core_configfs.c | 2 +- fs/aio.c | 2 +- fs/backing-file.c | 10 +++++----- fs/binfmt_misc.c | 2 +- fs/cachefiles/internal.h | 2 +- fs/coredump.c | 2 +- fs/nfs/localio.c | 4 ++-- fs/nfs/nfs4idmap.c | 2 +- fs/nfsd/auth.c | 2 +- fs/nfsd/nfs4recover.c | 2 +- fs/nfsd/nfsfh.c | 2 +- fs/open.c | 2 +- fs/overlayfs/copy_up.c | 2 +- fs/overlayfs/dir.c | 2 +- fs/overlayfs/util.c | 2 +- fs/smb/client/cifs_spnego.c | 2 +- fs/smb/client/cifsacl.c | 4 ++-- fs/smb/server/smb_common.c | 2 +- include/linux/cred.h | 2 +- io_uring/io_uring.c | 2 +- io_uring/sqpoll.c | 2 +- kernel/acct.c | 2 +- kernel/cgroup/cgroup.c | 2 +- kernel/trace/trace_events_user.c | 2 +- net/dns_resolver/dns_query.c | 2 +- 27 files changed, 33 insertions(+), 33 deletions(-) diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index 8e3323a618e4436746258ce289a524f98c3ff60a..729df15600efb743091d7e1b71a306cdfa9acbf0 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -912,7 +912,7 @@ _request_firmware(const struct firmware **firmware_p, const char *name, ret = -ENOMEM; goto out; } - old_cred = override_creds_light(get_new_cred(kern_cred)); + old_cred = override_creds(get_new_cred(kern_cred)); ret = fw_get_filesystem_firmware(device, fw->priv, "", NULL); diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 9111a51d53e0e74e6d66bffe5b4e1bf1bf9157d0..ffae20fd52bc03e7123b116251c77a3ccd7c6cde 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -244,7 +244,7 @@ static struct file *open_file_as_root(const char *filename, int flags, umode_t m if (!cred) return ERR_PTR(-ENOMEM); cred->fsuid = GLOBAL_ROOT_UID; - old_cred = override_creds_light(get_new_cred(cred)); + old_cred = override_creds(get_new_cred(cred)); fp = file_open_root(&root, filename, flags, mode); path_put(&root); diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c index 564bc71d2d0923b9fdd575d520fd22206259b40a..7788e1fe2633ded4f265ff874c62dc4a21fd1b6e 100644 --- a/drivers/target/target_core_configfs.c +++ b/drivers/target/target_core_configfs.c @@ -3756,7 +3756,7 @@ static int __init target_core_init_configfs(void) ret = -ENOMEM; goto out; } - old_cred = override_creds_light(get_new_cred(kern_cred)); + old_cred = override_creds(get_new_cred(kern_cred)); target_init_dbroot(); put_cred(revert_creds_light(old_cred)); put_cred(kern_cred); diff --git a/fs/aio.c b/fs/aio.c index 6b987c48b6712abe2601b23f6aa9fac74c09161c..7e0ec687f480c05358c6c40638a7e187aafd8124 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -1639,7 +1639,7 @@ static int aio_write(struct kiocb *req, const struct iocb *iocb, static void aio_fsync_work(struct work_struct *work) { struct aio_kiocb *iocb = container_of(work, struct aio_kiocb, fsync.work); - const struct cred *old_cred = override_creds_light(get_new_cred(iocb->fsync.creds)); + const struct cred *old_cred = override_creds(get_new_cred(iocb->fsync.creds)); iocb->ki_res.res = vfs_fsync(iocb->fsync.file, iocb->fsync.datasync); put_cred(revert_creds_light(old_cred)); diff --git a/fs/backing-file.c b/fs/backing-file.c index 526ddb4d6f764e8d3b0566ec51c5efa90faff0ee..bcf8c0b9ff42e2dd30dc239bb2580942fe6c40a7 100644 --- a/fs/backing-file.c +++ b/fs/backing-file.c @@ -176,7 +176,7 @@ ssize_t backing_file_read_iter(struct file *file, struct iov_iter *iter, !(file->f_mode & FMODE_CAN_ODIRECT)) return -EINVAL; - old_cred = override_creds_light(ctx->cred); + old_cred = override_creds(ctx->cred); if (is_sync_kiocb(iocb)) { rwf_t rwf = iocb_to_rw_flags(flags); @@ -233,7 +233,7 @@ ssize_t backing_file_write_iter(struct file *file, struct iov_iter *iter, */ flags &= ~IOCB_DIO_CALLER_COMP; - old_cred = override_creds_light(ctx->cred); + old_cred = override_creds(ctx->cred); if (is_sync_kiocb(iocb)) { rwf_t rwf = iocb_to_rw_flags(flags); @@ -281,7 +281,7 @@ ssize_t backing_file_splice_read(struct file *in, struct kiocb *iocb, if (WARN_ON_ONCE(!(in->f_mode & FMODE_BACKING))) return -EIO; - old_cred = override_creds_light(ctx->cred); + old_cred = override_creds(ctx->cred); ret = vfs_splice_read(in, &iocb->ki_pos, pipe, len, flags); revert_creds_light(old_cred); @@ -310,7 +310,7 @@ ssize_t backing_file_splice_write(struct pipe_inode_info *pipe, if (ret) return ret; - old_cred = override_creds_light(ctx->cred); + old_cred = override_creds(ctx->cred); file_start_write(out); ret = out->f_op->splice_write(pipe, out, &iocb->ki_pos, len, flags); file_end_write(out); @@ -337,7 +337,7 @@ int backing_file_mmap(struct file *file, struct vm_area_struct *vma, vma_set_file(vma, file); - old_cred = override_creds_light(ctx->cred); + old_cred = override_creds(ctx->cred); ret = call_mmap(vma->vm_file, vma); revert_creds_light(old_cred); diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c index 84a96abfd090230334f935f666a145571c78b3a8..63544051404a9ff5ec8a74c754c3acfbc91f3279 100644 --- a/fs/binfmt_misc.c +++ b/fs/binfmt_misc.c @@ -826,7 +826,7 @@ static ssize_t bm_register_write(struct file *file, const char __user *buffer, * didn't matter much as only a privileged process could open * the register file. */ - old_cred = override_creds_light(get_new_cred(file->f_cred)); + old_cred = override_creds(get_new_cred(file->f_cred)); f = open_exec(e->interpreter); put_cred(revert_creds_light(old_cred)); if (IS_ERR(f)) { diff --git a/fs/cachefiles/internal.h b/fs/cachefiles/internal.h index 809305dd531760d47e781064c1fc6e328849fc6b..05b1d4cfb55afefd025c5f9c08afa81f67fdb9eb 100644 --- a/fs/cachefiles/internal.h +++ b/fs/cachefiles/internal.h @@ -393,7 +393,7 @@ extern int cachefiles_determine_cache_security(struct cachefiles_cache *cache, static inline void cachefiles_begin_secure(struct cachefiles_cache *cache, const struct cred **_saved_cred) { - *_saved_cred = override_creds_light(get_new_cred(cache->cache_cred)); + *_saved_cred = override_creds(get_new_cred(cache->cache_cred)); } static inline void cachefiles_end_secure(struct cachefiles_cache *cache, diff --git a/fs/coredump.c b/fs/coredump.c index ff119aaa5c313306b1183270a5d95904ed5951f4..4eae37892da58e982b53da4596952a1b3d2e1630 100644 --- a/fs/coredump.c +++ b/fs/coredump.c @@ -576,7 +576,7 @@ void do_coredump(const kernel_siginfo_t *siginfo) if (retval < 0) goto fail_creds; - old_cred = override_creds_light(get_new_cred(cred)); + old_cred = override_creds(get_new_cred(cred)); ispipe = format_corename(&cn, &cprm, &argv, &argc); diff --git a/fs/nfs/localio.c b/fs/nfs/localio.c index 77ff066aa938158cd8fcf691ebfbda6385f70449..374c6e35c7b4969ef193b71510ee9a34c45bb815 100644 --- a/fs/nfs/localio.c +++ b/fs/nfs/localio.c @@ -371,7 +371,7 @@ static void nfs_local_call_read(struct work_struct *work) struct iov_iter iter; ssize_t status; - save_cred = override_creds_light(get_new_cred(filp->f_cred)); + save_cred = override_creds(get_new_cred(filp->f_cred)); nfs_local_iter_init(&iter, iocb, READ); @@ -541,7 +541,7 @@ static void nfs_local_call_write(struct work_struct *work) ssize_t status; current->flags |= PF_LOCAL_THROTTLE | PF_MEMALLOC_NOIO; - save_cred = override_creds_light(get_new_cred(filp->f_cred)); + save_cred = override_creds(get_new_cred(filp->f_cred)); nfs_local_iter_init(&iter, iocb, WRITE); diff --git a/fs/nfs/nfs4idmap.c b/fs/nfs/nfs4idmap.c index 629979b20e98cbc37e148289570574d9ba2e7675..3cae4057f8ba30914a91a3d368ace8f52175644d 100644 --- a/fs/nfs/nfs4idmap.c +++ b/fs/nfs/nfs4idmap.c @@ -311,7 +311,7 @@ static ssize_t nfs_idmap_get_key(const char *name, size_t namelen, const struct user_key_payload *payload; ssize_t ret; - saved_cred = override_creds_light(get_new_cred(id_resolver_cache)); + saved_cred = override_creds(get_new_cred(id_resolver_cache)); rkey = nfs_idmap_request_key(name, namelen, type, idmap); put_cred(revert_creds_light(saved_cred)); diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c index dda14811d092689e5aa44bdd29f25403e4e3a780..dafea9183b4e6413d61c0c83a1b8f26a9712d5c6 100644 --- a/fs/nfsd/auth.c +++ b/fs/nfsd/auth.c @@ -79,7 +79,7 @@ int nfsd_setuser(struct svc_cred *cred, struct svc_export *exp) else new->cap_effective = cap_raise_nfsd_set(new->cap_effective, new->cap_permitted); - put_cred(override_creds_light(get_new_cred(new))); + put_cred(override_creds(get_new_cred(new))); put_cred(new); return 0; diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c index 61c8f4ab10777952088d1312f2e3d606dbc4f801..475c47f1c0afa2de56038bbb7cdd9fc5e583c8bd 100644 --- a/fs/nfsd/nfs4recover.c +++ b/fs/nfsd/nfs4recover.c @@ -81,7 +81,7 @@ nfs4_save_creds(const struct cred **original_creds) new->fsuid = GLOBAL_ROOT_UID; new->fsgid = GLOBAL_ROOT_GID; - *original_creds = override_creds_light(get_new_cred(new)); + *original_creds = override_creds(get_new_cred(new)); put_cred(new); return 0; } diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c index 8e323cc8e2c5b26ec660ceedeb95be4ef0ac809e..60b0275d5529d49ac87e8b89e4eb650ecd624f71 100644 --- a/fs/nfsd/nfsfh.c +++ b/fs/nfsd/nfsfh.c @@ -221,7 +221,7 @@ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct net *net, new->cap_effective = cap_raise_nfsd_set(new->cap_effective, new->cap_permitted); - put_cred(override_creds_light(get_new_cred(new))); + put_cred(override_creds(get_new_cred(new))); put_cred(new); } else { error = nfsd_setuser_and_check_port(rqstp, cred, exp); diff --git a/fs/open.c b/fs/open.c index 23c414c10883927129a925a33680affc6f3a0a78..bd0a34653f0ebe210ddfeabf5ea3bc002bf2833d 100644 --- a/fs/open.c +++ b/fs/open.c @@ -448,7 +448,7 @@ static const struct cred *access_override_creds(void) */ override_cred->non_rcu = 1; - old_cred = override_creds_light(get_new_cred(override_cred)); + old_cred = override_creds(get_new_cred(override_cred)); /* override_cred() gets its own ref */ put_cred(override_cred); diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index 0f19bdbc78a45f35df2829ccc8cc65deef244ffd..7805667b2e05264c011cd41ff6f77b9ae0fb30d9 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -741,7 +741,7 @@ static int ovl_prep_cu_creds(struct dentry *dentry, struct ovl_cu_creds *cc) return err; if (cc->new) - cc->old = override_creds_light(get_new_cred(cc->new)); + cc->old = override_creds(get_new_cred(cc->new)); return 0; } diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c index 08e683917d121b1fe8f0f0b4d4ba4f0f3c72f47d..151271f0586c7249cfa61cd45d249ec930adaf82 100644 --- a/fs/overlayfs/dir.c +++ b/fs/overlayfs/dir.c @@ -580,7 +580,7 @@ static const struct cred *ovl_setup_cred_for_create(struct dentry *dentry, * We must be called with creator creds already, otherwise we risk * leaking creds. */ - old_cred = override_creds_light(override_cred); + old_cred = override_creds(override_cred); WARN_ON_ONCE(old_cred != ovl_creds(dentry->d_sb)); return override_cred; diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c index 9aa7493b1e10365cbcc97fceab26d614a319727f..2513a79a10b0bd69fa9d1c8a0f4726f3246ac39c 100644 --- a/fs/overlayfs/util.c +++ b/fs/overlayfs/util.c @@ -65,7 +65,7 @@ const struct cred *ovl_override_creds(struct super_block *sb) { struct ovl_fs *ofs = OVL_FS(sb); - return override_creds_light(ofs->creator_cred); + return override_creds(ofs->creator_cred); } void ovl_revert_creds(const struct cred *old_cred) diff --git a/fs/smb/client/cifs_spnego.c b/fs/smb/client/cifs_spnego.c index dd270184e7104b597652893292e6586a78bf55c1..11f3e3d2743d1e2c54c8153e6925c4707851d0ab 100644 --- a/fs/smb/client/cifs_spnego.c +++ b/fs/smb/client/cifs_spnego.c @@ -157,7 +157,7 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo, sprintf(dp, ";pid=0x%x", current->pid); cifs_dbg(FYI, "key description = %s\n", description); - saved_cred = override_creds_light(get_new_cred(spnego_cred)); + saved_cred = override_creds(get_new_cred(spnego_cred)); spnego_key = request_key(&cifs_spnego_key_type, description, ""); put_cred(revert_creds_light(saved_cred)); diff --git a/fs/smb/client/cifsacl.c b/fs/smb/client/cifsacl.c index 1da3177fb6dc5a40a4ea79edc5525af11adf699a..ab3932dab9538153bb9eed91cf14aa8261280a1e 100644 --- a/fs/smb/client/cifsacl.c +++ b/fs/smb/client/cifsacl.c @@ -292,7 +292,7 @@ id_to_sid(unsigned int cid, uint sidtype, struct smb_sid *ssid) return -EINVAL; rc = 0; - saved_cred = override_creds_light(get_new_cred(root_cred)); + saved_cred = override_creds(get_new_cred(root_cred)); sidkey = request_key(&cifs_idmap_key_type, desc, ""); if (IS_ERR(sidkey)) { rc = -EINVAL; @@ -398,7 +398,7 @@ sid_to_id(struct cifs_sb_info *cifs_sb, struct smb_sid *psid, if (!sidstr) return -ENOMEM; - saved_cred = override_creds_light(get_new_cred(root_cred)); + saved_cred = override_creds(get_new_cred(root_cred)); sidkey = request_key(&cifs_idmap_key_type, sidstr, ""); if (IS_ERR(sidkey)) { cifs_dbg(FYI, "%s: Can't map SID %s to a %cid\n", diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c index b13abbf67827fcad9c35606344cca055c09ba9c3..f09652bcca542464ed2f27fce9e912f797410612 100644 --- a/fs/smb/server/smb_common.c +++ b/fs/smb/server/smb_common.c @@ -780,7 +780,7 @@ int __ksmbd_override_fsids(struct ksmbd_work *work, cred->cap_effective = cap_drop_fs_set(cred->cap_effective); WARN_ON(work->saved_cred); - work->saved_cred = override_creds_light(get_new_cred(cred)); + work->saved_cred = override_creds(get_new_cred(cred)); if (!work->saved_cred) { abort_creds(cred); return -EINVAL; diff --git a/include/linux/cred.h b/include/linux/cred.h index 80dcc18ef6e402a3a30e2dc965e6c85eb9f27ee3..a073e6163c4ea5a78fc950d834bffeab9c5ba2be 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -170,7 +170,7 @@ static inline bool cap_ambient_invariant_ok(const struct cred *cred) cred->cap_inheritable)); } -static inline const struct cred *override_creds_light(const struct cred *override_cred) +static inline const struct cred *override_creds(const struct cred *override_cred) { const struct cred *old = current->cred; diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index a6a50e86791e79745ace095af68c4b658e4a2cdc..946df208e7741a0e2e11eff2ee0b8978bcea7c3c 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -1704,7 +1704,7 @@ static int io_issue_sqe(struct io_kiocb *req, unsigned int issue_flags) return -EBADF; if (unlikely((req->flags & REQ_F_CREDS) && req->creds != current_cred())) - creds = override_creds_light(get_new_cred(req->creds)); + creds = override_creds(get_new_cred(req->creds)); if (!def->audit_skip) audit_uring_entry(req->opcode); diff --git a/io_uring/sqpoll.c b/io_uring/sqpoll.c index 42ca6e07e0f7b0fe54a9f09857f87fecb5aa7085..0fd424442118f38db0307fe10e0c6ee102c1f185 100644 --- a/io_uring/sqpoll.c +++ b/io_uring/sqpoll.c @@ -174,7 +174,7 @@ static int __io_sq_thread(struct io_ring_ctx *ctx, bool cap_entries) const struct cred *creds = NULL; if (ctx->sq_creds != current_cred()) - creds = override_creds_light(get_new_cred(ctx->sq_creds)); + creds = override_creds(get_new_cred(ctx->sq_creds)); mutex_lock(&ctx->uring_lock); if (!wq_list_empty(&ctx->iopoll_list)) diff --git a/kernel/acct.c b/kernel/acct.c index 4e28aa9e1ef278cd7fb3160a27b549155ceaffc3..a51a3b483fd9d94da916dc4e052ef4ab1042a39f 100644 --- a/kernel/acct.c +++ b/kernel/acct.c @@ -501,7 +501,7 @@ static void do_acct_process(struct bsd_acct_struct *acct) flim = rlimit(RLIMIT_FSIZE); current->signal->rlim[RLIMIT_FSIZE].rlim_cur = RLIM_INFINITY; /* Perform file operations on behalf of whoever enabled accounting */ - orig_cred = override_creds_light(get_new_cred(file->f_cred)); + orig_cred = override_creds(get_new_cred(file->f_cred)); /* * First check to see if there is enough free_space to continue diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c index 68b816955c9c7e0141a073f54b14949b4c37aae6..2d618b577e52e0117f77340dac79581882599578 100644 --- a/kernel/cgroup/cgroup.c +++ b/kernel/cgroup/cgroup.c @@ -5216,7 +5216,7 @@ static ssize_t __cgroup_procs_write(struct kernfs_open_file *of, char *buf, * permissions using the credentials from file open to protect against * inherited fd attacks. */ - saved_cred = override_creds_light(get_new_cred(of->file->f_cred)); + saved_cred = override_creds(get_new_cred(of->file->f_cred)); ret = cgroup_attach_permissions(src_cgrp, dst_cgrp, of->file->f_path.dentry->d_sb, threadgroup, ctx->ns); diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c index 2fdadb2e8547ec86f48d84c81c95434c811cb3cd..857124d81f1255e7e6b4d18009b53191a71b57fc 100644 --- a/kernel/trace/trace_events_user.c +++ b/kernel/trace/trace_events_user.c @@ -1469,7 +1469,7 @@ static int user_event_set_call_visible(struct user_event *user, bool visible) */ cred->fsuid = GLOBAL_ROOT_UID; - old_cred = override_creds_light(get_new_cred(cred)); + old_cred = override_creds(get_new_cred(cred)); if (visible) ret = trace_add_event_call(&user->call); diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c index 297059b7e2a367f5e745aac4557cda5996689a00..f8749d688d6676dd83d0c4b8e83ca893f1bd4248 100644 --- a/net/dns_resolver/dns_query.c +++ b/net/dns_resolver/dns_query.c @@ -124,7 +124,7 @@ int dns_query(struct net *net, /* make the upcall, using special credentials to prevent the use of * add_key() to preinstall malicious redirections */ - saved_cred = override_creds_light(get_new_cred(dns_resolver_cache)); + saved_cred = override_creds(get_new_cred(dns_resolver_cache)); rkey = request_key_net(&key_type_dns_resolver, desc, net, options); put_cred(revert_creds_light(saved_cred)); kfree(desc); From patchwork Mon Nov 25 14:10:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 13884948 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0BF811B4127; Mon, 25 Nov 2024 14:10:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543835; cv=none; b=Vw0wjNIx5EzWng24HaAcbF/2aa8OVvH6zO4BrvJuMBM/d5NUV5d6mTwUNwqwN7xrScttaLHOgrR9kjl1Gc1LIoOhjCOXj0JEG/RnVtBnkPluRj5K4m3i+JifZPFlrivuqBqOhw1U2DhLJISSvgE+SMq6TGNOxNgXaWUdaAEuRyg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543835; c=relaxed/simple; bh=LIRJNbvSrIpLQiGrnagZgpu/b/NStay+l8ateQ3UjNs=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=uAyfFbnU+790+AklbLipQVwhcq7bGvBTJJ7+VQDX1uB04+xowE3ahoIMBh+rSf5orTgdIg1Q6ruucbrbhv00WyfxiE01ZGE6ulz1gdF9T+eusrd87GG37IuWx7kszGjCmlmYi53oHOrrt65qU9Bvb63UyL0DCrpMK+1WO8ttZTY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=EQr8yqgo; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="EQr8yqgo" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1EB73C4CECE; Mon, 25 Nov 2024 14:10:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732543834; bh=LIRJNbvSrIpLQiGrnagZgpu/b/NStay+l8ateQ3UjNs=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=EQr8yqgoaI3O1mN/1sPI+yIV3LRWn11cF9nBmrwYQVSnyL0O/IqhWCs/dfSEr/c/H l9Ootz8OtjTpZOBj29+jfNagHdyH0AnbM7SVg42vYpmChLQC9M6VCku6gaeRaShPne aK0jZgj05yawPJoMRySuc4fVCM3H3yn5H8rjn1bihTpdOIyDtzC/TDNseqbz3vAzCW 33It2TdpDpYRAuqZws1I+p/oJ3Q/VA/1YOg72EgCkMLToK1V5Nn+qZMhl/cN19r+Mk Qrv8VS0bMXIdoT5ElaultNibPipaKr6EHQLc6nGQGofPno2cZg8z4GN12MoPsucfbs p/QTfBcZcvIfg== From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:02 +0100 Subject: [PATCH v2 06/29] tree-wide: s/revert_creds_light()/revert_creds()/g Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241125-work-cred-v2-6-68b9d38bb5b2@kernel.org> References: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> In-Reply-To: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> To: Linus Torvalds Cc: Amir Goldstein , Miklos Szeredi , Al Viro , Jens Axboe , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-355e8 X-Developer-Signature: v=1; a=openpgp-sha256; l=17093; i=brauner@kernel.org; h=from:subject:message-id; bh=LIRJNbvSrIpLQiGrnagZgpu/b/NStay+l8ateQ3UjNs=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaS7tHq4Jix4HJC2ecm1W+/vnNSSNrCyNRY9a9O0c+WBP 34zzFsndpSyMIhxMciKKbI4tJuEyy3nqdhslKkBM4eVCWQIAxenAEzkzm5Ghp+yzqe7Hh7hKpg1 x71r9am2ri8rDtjzXdSXYlHqcir0kGX4X+YuvuVnupYEI4fb3ITZBTaBX7nzNoR3T9E53HCpb8t WFgA= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Rename all calls to revert_creds_light() back to revert_creds(). Signed-off-by: Christian Brauner --- drivers/base/firmware_loader/main.c | 2 +- drivers/crypto/ccp/sev-dev.c | 2 +- drivers/target/target_core_configfs.c | 2 +- fs/aio.c | 2 +- fs/backing-file.c | 10 +++++----- fs/binfmt_misc.c | 2 +- fs/cachefiles/internal.h | 2 +- fs/coredump.c | 2 +- fs/nfs/localio.c | 4 ++-- fs/nfs/nfs4idmap.c | 2 +- fs/nfsd/auth.c | 2 +- fs/nfsd/filecache.c | 2 +- fs/nfsd/nfs4recover.c | 2 +- fs/open.c | 2 +- fs/overlayfs/copy_up.c | 2 +- fs/overlayfs/dir.c | 2 +- fs/overlayfs/util.c | 2 +- fs/smb/client/cifs_spnego.c | 2 +- fs/smb/client/cifsacl.c | 4 ++-- fs/smb/server/smb_common.c | 2 +- include/linux/cred.h | 2 +- io_uring/io_uring.c | 2 +- io_uring/sqpoll.c | 2 +- kernel/acct.c | 2 +- kernel/cgroup/cgroup.c | 2 +- kernel/trace/trace_events_user.c | 2 +- net/dns_resolver/dns_query.c | 2 +- 27 files changed, 33 insertions(+), 33 deletions(-) diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index 729df15600efb743091d7e1b71a306cdfa9acbf0..96a2c3011ca82148b4ba547764a1f92e252dbf5f 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -944,7 +944,7 @@ _request_firmware(const struct firmware **firmware_p, const char *name, } else ret = assign_fw(fw, device); - put_cred(revert_creds_light(old_cred)); + put_cred(revert_creds(old_cred)); put_cred(kern_cred); out: diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index ffae20fd52bc03e7123b116251c77a3ccd7c6cde..187c34b02442dd50640f88713bc5f6f88a1990f4 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -249,7 +249,7 @@ static struct file *open_file_as_root(const char *filename, int flags, umode_t m fp = file_open_root(&root, filename, flags, mode); path_put(&root); - put_cred(revert_creds_light(old_cred)); + put_cred(revert_creds(old_cred)); return fp; } diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c index 7788e1fe2633ded4f265ff874c62dc4a21fd1b6e..ec7a5598719397da5cadfed12a05ca8eb81e46a9 100644 --- a/drivers/target/target_core_configfs.c +++ b/drivers/target/target_core_configfs.c @@ -3758,7 +3758,7 @@ static int __init target_core_init_configfs(void) } old_cred = override_creds(get_new_cred(kern_cred)); target_init_dbroot(); - put_cred(revert_creds_light(old_cred)); + put_cred(revert_creds(old_cred)); put_cred(kern_cred); return 0; diff --git a/fs/aio.c b/fs/aio.c index 7e0ec687f480c05358c6c40638a7e187aafd8124..5e57dcaed7f1ae1e4b38009b51a665954b31f5bd 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -1642,7 +1642,7 @@ static void aio_fsync_work(struct work_struct *work) const struct cred *old_cred = override_creds(get_new_cred(iocb->fsync.creds)); iocb->ki_res.res = vfs_fsync(iocb->fsync.file, iocb->fsync.datasync); - put_cred(revert_creds_light(old_cred)); + put_cred(revert_creds(old_cred)); put_cred(iocb->fsync.creds); iocb_put(iocb); } diff --git a/fs/backing-file.c b/fs/backing-file.c index bcf8c0b9ff42e2dd30dc239bb2580942fe6c40a7..a38737592ec77b50fa4d417a98ca272ca5f89399 100644 --- a/fs/backing-file.c +++ b/fs/backing-file.c @@ -197,7 +197,7 @@ ssize_t backing_file_read_iter(struct file *file, struct iov_iter *iter, backing_aio_cleanup(aio, ret); } out: - revert_creds_light(old_cred); + revert_creds(old_cred); if (ctx->accessed) ctx->accessed(iocb->ki_filp); @@ -264,7 +264,7 @@ ssize_t backing_file_write_iter(struct file *file, struct iov_iter *iter, backing_aio_cleanup(aio, ret); } out: - revert_creds_light(old_cred); + revert_creds(old_cred); return ret; } @@ -283,7 +283,7 @@ ssize_t backing_file_splice_read(struct file *in, struct kiocb *iocb, old_cred = override_creds(ctx->cred); ret = vfs_splice_read(in, &iocb->ki_pos, pipe, len, flags); - revert_creds_light(old_cred); + revert_creds(old_cred); if (ctx->accessed) ctx->accessed(iocb->ki_filp); @@ -314,7 +314,7 @@ ssize_t backing_file_splice_write(struct pipe_inode_info *pipe, file_start_write(out); ret = out->f_op->splice_write(pipe, out, &iocb->ki_pos, len, flags); file_end_write(out); - revert_creds_light(old_cred); + revert_creds(old_cred); if (ctx->end_write) ctx->end_write(iocb, ret); @@ -339,7 +339,7 @@ int backing_file_mmap(struct file *file, struct vm_area_struct *vma, old_cred = override_creds(ctx->cred); ret = call_mmap(vma->vm_file, vma); - revert_creds_light(old_cred); + revert_creds(old_cred); if (ctx->accessed) ctx->accessed(vma->vm_file); diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c index 63544051404a9ff5ec8a74c754c3acfbc91f3279..5692c512b740bb8f11d5da89a2e5f388aafebc13 100644 --- a/fs/binfmt_misc.c +++ b/fs/binfmt_misc.c @@ -828,7 +828,7 @@ static ssize_t bm_register_write(struct file *file, const char __user *buffer, */ old_cred = override_creds(get_new_cred(file->f_cred)); f = open_exec(e->interpreter); - put_cred(revert_creds_light(old_cred)); + put_cred(revert_creds(old_cred)); if (IS_ERR(f)) { pr_notice("register: failed to install interpreter file %s\n", e->interpreter); diff --git a/fs/cachefiles/internal.h b/fs/cachefiles/internal.h index 05b1d4cfb55afefd025c5f9c08afa81f67fdb9eb..1cfeb3b3831900b7c389c55c59fc7e3b84acfca6 100644 --- a/fs/cachefiles/internal.h +++ b/fs/cachefiles/internal.h @@ -399,7 +399,7 @@ static inline void cachefiles_begin_secure(struct cachefiles_cache *cache, static inline void cachefiles_end_secure(struct cachefiles_cache *cache, const struct cred *saved_cred) { - put_cred(revert_creds_light(saved_cred)); + put_cred(revert_creds(saved_cred)); } /* diff --git a/fs/coredump.c b/fs/coredump.c index 4eae37892da58e982b53da4596952a1b3d2e1630..0d3a65cac546db6710eb1337b0a9c4ec0ffff679 100644 --- a/fs/coredump.c +++ b/fs/coredump.c @@ -781,7 +781,7 @@ void do_coredump(const kernel_siginfo_t *siginfo) kfree(argv); kfree(cn.corename); coredump_finish(core_dumped); - put_cred(revert_creds_light(old_cred)); + put_cred(revert_creds(old_cred)); fail_creds: put_cred(cred); fail: diff --git a/fs/nfs/localio.c b/fs/nfs/localio.c index 374c6e35c7b4969ef193b71510ee9a34c45bb815..cb0ba4a810324cc9a4913767ce5a9b4f52c416ac 100644 --- a/fs/nfs/localio.c +++ b/fs/nfs/localio.c @@ -381,7 +381,7 @@ static void nfs_local_call_read(struct work_struct *work) nfs_local_read_done(iocb, status); nfs_local_pgio_release(iocb); - put_cred(revert_creds_light(save_cred)); + put_cred(revert_creds(save_cred)); } static int @@ -554,7 +554,7 @@ static void nfs_local_call_write(struct work_struct *work) nfs_local_vfs_getattr(iocb); nfs_local_pgio_release(iocb); - put_cred(revert_creds_light(save_cred)); + put_cred(revert_creds(save_cred)); current->flags = old_flags; } diff --git a/fs/nfs/nfs4idmap.c b/fs/nfs/nfs4idmap.c index 3cae4057f8ba30914a91a3d368ace8f52175644d..25b6a8920a6545d43f437f2f0330ccc35380ccc3 100644 --- a/fs/nfs/nfs4idmap.c +++ b/fs/nfs/nfs4idmap.c @@ -313,7 +313,7 @@ static ssize_t nfs_idmap_get_key(const char *name, size_t namelen, saved_cred = override_creds(get_new_cred(id_resolver_cache)); rkey = nfs_idmap_request_key(name, namelen, type, idmap); - put_cred(revert_creds_light(saved_cred)); + put_cred(revert_creds(saved_cred)); if (IS_ERR(rkey)) { ret = PTR_ERR(rkey); diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c index dafea9183b4e6413d61c0c83a1b8f26a9712d5c6..c399a5f030afbde6ad7bc9cf28f1e354d74db9a8 100644 --- a/fs/nfsd/auth.c +++ b/fs/nfsd/auth.c @@ -27,7 +27,7 @@ int nfsd_setuser(struct svc_cred *cred, struct svc_export *exp) int flags = nfsexp_flags(cred, exp); /* discard any old override before preparing the new set */ - put_cred(revert_creds_light(get_cred(current_real_cred()))); + put_cred(revert_creds(get_cred(current_real_cred()))); new = prepare_creds(); if (!new) return -ENOMEM; diff --git a/fs/nfsd/filecache.c b/fs/nfsd/filecache.c index fef2b8eb3a94736cbe8342a95f205f173f598447..3ae9d8356d7de5190b4b038b1104b6d93d07eb65 100644 --- a/fs/nfsd/filecache.c +++ b/fs/nfsd/filecache.c @@ -1252,7 +1252,7 @@ nfsd_file_acquire_local(struct net *net, struct svc_cred *cred, beres = nfsd_file_do_acquire(NULL, net, cred, client, fhp, may_flags, NULL, pnf, true); - put_cred(revert_creds_light(save_cred)); + put_cred(revert_creds(save_cred)); return beres; } diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c index 475c47f1c0afa2de56038bbb7cdd9fc5e583c8bd..2834091cc988b1403aa2908f69e336f2fe4e0922 100644 --- a/fs/nfsd/nfs4recover.c +++ b/fs/nfsd/nfs4recover.c @@ -89,7 +89,7 @@ nfs4_save_creds(const struct cred **original_creds) static void nfs4_reset_creds(const struct cred *original) { - put_cred(revert_creds_light(original)); + put_cred(revert_creds(original)); } static void diff --git a/fs/open.c b/fs/open.c index bd0a34653f0ebe210ddfeabf5ea3bc002bf2833d..0a5cd8e74fb9bb4cc484d84096c6123b21acbf16 100644 --- a/fs/open.c +++ b/fs/open.c @@ -523,7 +523,7 @@ static long do_faccessat(int dfd, const char __user *filename, int mode, int fla } out: if (old_cred) - put_cred(revert_creds_light(old_cred)); + put_cred(revert_creds(old_cred)); return res; } diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index 7805667b2e05264c011cd41ff6f77b9ae0fb30d9..439bd9a5ceecc4d2f4dc5dfda7cea14c3d9411ba 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -749,7 +749,7 @@ static int ovl_prep_cu_creds(struct dentry *dentry, struct ovl_cu_creds *cc) static void ovl_revert_cu_creds(struct ovl_cu_creds *cc) { if (cc->new) { - put_cred(revert_creds_light(cc->old)); + put_cred(revert_creds(cc->old)); put_cred(cc->new); } } diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c index 151271f0586c7249cfa61cd45d249ec930adaf82..c9993ff66fc26ec45ab5a5b4679d1d2056a01df2 100644 --- a/fs/overlayfs/dir.c +++ b/fs/overlayfs/dir.c @@ -575,7 +575,7 @@ static const struct cred *ovl_setup_cred_for_create(struct dentry *dentry, } /* - * Caller is going to match this with revert_creds_light() and drop + * Caller is going to match this with revert_creds() and drop * referenec on the returned creds. * We must be called with creator creds already, otherwise we risk * leaking creds. diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c index 2513a79a10b0bd69fa9d1c8a0f4726f3246ac39c..0819c739cc2ffce0dfefa84d3ff8f9f103eec191 100644 --- a/fs/overlayfs/util.c +++ b/fs/overlayfs/util.c @@ -70,7 +70,7 @@ const struct cred *ovl_override_creds(struct super_block *sb) void ovl_revert_creds(const struct cred *old_cred) { - revert_creds_light(old_cred); + revert_creds(old_cred); } /* diff --git a/fs/smb/client/cifs_spnego.c b/fs/smb/client/cifs_spnego.c index 11f3e3d2743d1e2c54c8153e6925c4707851d0ab..3f3a662c76fa43c1e843310cc814427bcfd0e821 100644 --- a/fs/smb/client/cifs_spnego.c +++ b/fs/smb/client/cifs_spnego.c @@ -159,7 +159,7 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo, cifs_dbg(FYI, "key description = %s\n", description); saved_cred = override_creds(get_new_cred(spnego_cred)); spnego_key = request_key(&cifs_spnego_key_type, description, ""); - put_cred(revert_creds_light(saved_cred)); + put_cred(revert_creds(saved_cred)); #ifdef CONFIG_CIFS_DEBUG2 if (cifsFYI && !IS_ERR(spnego_key)) { diff --git a/fs/smb/client/cifsacl.c b/fs/smb/client/cifsacl.c index ab3932dab9538153bb9eed91cf14aa8261280a1e..4cb3547f4934143c69a4dac3b9f957d75ae20e0b 100644 --- a/fs/smb/client/cifsacl.c +++ b/fs/smb/client/cifsacl.c @@ -327,7 +327,7 @@ id_to_sid(unsigned int cid, uint sidtype, struct smb_sid *ssid) out_key_put: key_put(sidkey); out_revert_creds: - put_cred(revert_creds_light(saved_cred)); + put_cred(revert_creds(saved_cred)); return rc; invalidate_key: @@ -438,7 +438,7 @@ sid_to_id(struct cifs_sb_info *cifs_sb, struct smb_sid *psid, out_key_put: key_put(sidkey); out_revert_creds: - put_cred(revert_creds_light(saved_cred)); + put_cred(revert_creds(saved_cred)); kfree(sidstr); /* diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c index f09652bcca542464ed2f27fce9e912f797410612..f1d770a214c8b2c7d7dd4083ef57c7130bbce52c 100644 --- a/fs/smb/server/smb_common.c +++ b/fs/smb/server/smb_common.c @@ -800,7 +800,7 @@ void ksmbd_revert_fsids(struct ksmbd_work *work) WARN_ON(!work->saved_cred); cred = current_cred(); - put_cred(revert_creds_light(work->saved_cred)); + put_cred(revert_creds(work->saved_cred)); put_cred(cred); work->saved_cred = NULL; } diff --git a/include/linux/cred.h b/include/linux/cred.h index a073e6163c4ea5a78fc950d834bffeab9c5ba2be..a7df1c759ef00a91ddf3fc448cf05dda843ea5b7 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -178,7 +178,7 @@ static inline const struct cred *override_creds(const struct cred *override_cred return old; } -static inline const struct cred *revert_creds_light(const struct cred *revert_cred) +static inline const struct cred *revert_creds(const struct cred *revert_cred) { const struct cred *override_cred = current->cred; diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index 946df208e7741a0e2e11eff2ee0b8978bcea7c3c..ad4d8e94a8665cf5f3e9ea0fd9bc6c03a03cc48f 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -1715,7 +1715,7 @@ static int io_issue_sqe(struct io_kiocb *req, unsigned int issue_flags) audit_uring_exit(!ret, ret); if (creds) - put_cred(revert_creds_light(creds)); + put_cred(revert_creds(creds)); if (ret == IOU_OK) { if (issue_flags & IO_URING_F_COMPLETE_DEFER) diff --git a/io_uring/sqpoll.c b/io_uring/sqpoll.c index 0fd424442118f38db0307fe10e0c6ee102c1f185..1ca96347433695de1eb0e3bec7c6da4299e9ceb0 100644 --- a/io_uring/sqpoll.c +++ b/io_uring/sqpoll.c @@ -192,7 +192,7 @@ static int __io_sq_thread(struct io_ring_ctx *ctx, bool cap_entries) if (to_submit && wq_has_sleeper(&ctx->sqo_sq_wait)) wake_up(&ctx->sqo_sq_wait); if (creds) - put_cred(revert_creds_light(creds)); + put_cred(revert_creds(creds)); } return ret; diff --git a/kernel/acct.c b/kernel/acct.c index a51a3b483fd9d94da916dc4e052ef4ab1042a39f..ea8c94887b5853b10e7a7e632f7b0bc4d52ab10b 100644 --- a/kernel/acct.c +++ b/kernel/acct.c @@ -541,7 +541,7 @@ static void do_acct_process(struct bsd_acct_struct *acct) } out: current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim; - put_cred(revert_creds_light(orig_cred)); + put_cred(revert_creds(orig_cred)); } /** diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c index 2d618b577e52e0117f77340dac79581882599578..1a94e8b154beeed45d69056917f3dd9fc6d950fa 100644 --- a/kernel/cgroup/cgroup.c +++ b/kernel/cgroup/cgroup.c @@ -5220,7 +5220,7 @@ static ssize_t __cgroup_procs_write(struct kernfs_open_file *of, char *buf, ret = cgroup_attach_permissions(src_cgrp, dst_cgrp, of->file->f_path.dentry->d_sb, threadgroup, ctx->ns); - put_cred(revert_creds_light(saved_cred)); + put_cred(revert_creds(saved_cred)); if (ret) goto out_finish; diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c index 857124d81f1255e7e6b4d18009b53191a71b57fc..c54ae15f425c2c1dad3f8c776027beca2f00a0a5 100644 --- a/kernel/trace/trace_events_user.c +++ b/kernel/trace/trace_events_user.c @@ -1476,7 +1476,7 @@ static int user_event_set_call_visible(struct user_event *user, bool visible) else ret = trace_remove_event_call(&user->call); - put_cred(revert_creds_light(old_cred)); + put_cred(revert_creds(old_cred)); put_cred(cred); return ret; diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c index f8749d688d6676dd83d0c4b8e83ca893f1bd4248..0b0789fe2194151102d5234aca3fc2dae9a1ed69 100644 --- a/net/dns_resolver/dns_query.c +++ b/net/dns_resolver/dns_query.c @@ -126,7 +126,7 @@ int dns_query(struct net *net, */ saved_cred = override_creds(get_new_cred(dns_resolver_cache)); rkey = request_key_net(&key_type_dns_resolver, desc, net, options); - put_cred(revert_creds_light(saved_cred)); + put_cred(revert_creds(saved_cred)); kfree(desc); if (IS_ERR(rkey)) { ret = PTR_ERR(rkey); From patchwork Mon Nov 25 14:10:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 13884949 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5FFC91B413B; Mon, 25 Nov 2024 14:10:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543837; cv=none; b=uXHuVawDYnWY2g/CRkoXOBhe/iX4apaKUCVgOGnC6DTGrFmAcQJiMVeuooJbqShnFNyToNkUO51bpaq9Qx1Vt7oFokHmnetVDay2ik6ypn1j+LhwPnKtILRIqnwPz/7tQQlg3QjqaI6a8b/Sz4TPE0XGNFEdRL3tX5wHjwwbC+8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543837; c=relaxed/simple; bh=7ABz71xzGONh3/Bpv6qrDvJuKIRj9Il7TEoVcJoZhTc=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=m+I9NcV72nX43Ai3vkdTNXhptKU8sY0BOJZqFV8o1Xi2ye2kCeMp6YUXI86ElXaPNkFztASoDQmPxyoA654fe57qpUIrXHx9DQuBWdQM3l+JywSXcwrGjpZvkrjV/JA4yLBAg/13RM4534Mi4yJozjlWaD8nbB3z2C37dOtSJAM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=b5cTmRdu; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="b5cTmRdu" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 725DEC4CECF; Mon, 25 Nov 2024 14:10:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732543837; bh=7ABz71xzGONh3/Bpv6qrDvJuKIRj9Il7TEoVcJoZhTc=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=b5cTmRduE0eu/rkwtgk/RB5jMzTJUeXFG82QO4+InDGHUp0mGbehJsECe7NJyk9am +su+p82ufNczzt1r6fYrWIzCENy5zsgsAN3SpOd2Pi3qUc5KGWi486fN4ETA9Xc77X CFQpl7De9aZTckpAAQCTMiTPvz5X5Z6vlJp6HEnbUDQb69ZzYcP6Ye88nIQxl6Sb2V jQzbNXiTqP1PtlLpoie4M9Pd4NSIWVMsA6gEv7L7Wqf7Gj6LgCuOlFpXKOZXyixQmW +sATPZSmqiWDjD20Yl5lhvHa3ASsCqqX0VJ4rcPEA0TYj4X3EPH3hyxYSGb/dOrUJg gco1dT70iqfgg== From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:03 +0100 Subject: [PATCH v2 07/29] firmware: avoid pointless reference count bump Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241125-work-cred-v2-7-68b9d38bb5b2@kernel.org> References: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> In-Reply-To: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> To: Linus Torvalds Cc: Amir Goldstein , Miklos Szeredi , Al Viro , Jens Axboe , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-355e8 X-Developer-Signature: v=1; a=openpgp-sha256; l=1071; i=brauner@kernel.org; h=from:subject:message-id; bh=7ABz71xzGONh3/Bpv6qrDvJuKIRj9Il7TEoVcJoZhTc=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaS7tHrU74vTUd6W4F9TeKFhV6T2vs8brE/O+M/OuUjg2 4z3cpXbOkpZGMS4GGTFFFkc2k3C5ZbzVGw2ytSAmcPKBDKEgYtTACayag4jQ4dzXFRQLr/t2qfJ 1302RM3c/vep8aKD9vP051Tejl35bQ0jw9nopbPLT67h86s/s1fQJsjcW4j56PfkkFvXTmx8WOS ezQcA X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 The creds are allocated via prepare_kernel_cred() which has already taken a reference. Signed-off-by: Christian Brauner --- drivers/base/firmware_loader/main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index 96a2c3011ca82148b4ba547764a1f92e252dbf5f..324a9a3c087aa2e2c4e0b53b30a2f11f61195aa3 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -912,7 +912,7 @@ _request_firmware(const struct firmware **firmware_p, const char *name, ret = -ENOMEM; goto out; } - old_cred = override_creds(get_new_cred(kern_cred)); + old_cred = override_creds(kern_cred); ret = fw_get_filesystem_firmware(device, fw->priv, "", NULL); @@ -944,7 +944,7 @@ _request_firmware(const struct firmware **firmware_p, const char *name, } else ret = assign_fw(fw, device); - put_cred(revert_creds(old_cred)); + revert_creds(old_cred); put_cred(kern_cred); out: From patchwork Mon Nov 25 14:10:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 13884950 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 03CBB1B4F17; Mon, 25 Nov 2024 14:10:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543840; cv=none; b=rtpiQ/f7zWzXTrIWxltP6D7qDsYlKdbrAkJzY1C7jdp9pc5hm+iVUpM1nUFm8TSHhO+aMLzKtHeftdBHrQ7Z4qrJuAAxIeywXrQGmHibMAsBGaH36Yu/AyRZ7HItOBboj9GJFsN4LN0hW3u5dccJUU1mDYhrUZPybPvMaZKGMxM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543840; c=relaxed/simple; bh=JyuYZyB4OGl5WxMFcCkQWT6w+5cVFX8MiGQmbuR3Uto=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=QcXhbC7t8uUDxOE41M8owLfMJHgd0Dh6Cp43rGa2pz9MPnSh7ykzvn60rfrUfspiy8FPQhjwwpY4nZYox7FvE0gPUWUWwuXsQxprYrUmLULsxuotODv5JmnQvRTRHL3xr34gCNHyp5jA+X2JDru+Fjhf+Bavz4ZV676vnVFFleU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=p9NF1VKG; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="p9NF1VKG" Received: by smtp.kernel.org (Postfix) with ESMTPSA id B0806C4CED2; Mon, 25 Nov 2024 14:10:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732543839; bh=JyuYZyB4OGl5WxMFcCkQWT6w+5cVFX8MiGQmbuR3Uto=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=p9NF1VKGQ7nIYyme8SpWwgcQ8pAtlobFiheI/USIYwQydfo6EgfB3eY4wNh9mwn1G 06hkUKBGCpjDZZyYPm8G6A79El2FUgY4DIqruIqc3M4lfRJL0zA/ri7Ti7bJv+BlmJ te4PFcJzhpjVZWJS7GGzuaAuCWXnwyadZ6rMrylSw8rNlCZXVJvUAn64bwp43XMGnI vIeb/Ow+joYhFO0cZwwcalllGxvMeIk2+MJPF9mUWYTkFOCE05s2rg1D26DmLLf5QT 8bUpEBdj2ucJU0GuUXEPksc1oGsbx5JcEWIOppBZ1sxFHSYZuJVMMSfgiA79Jcm6Fs 6ecXf/LSxnMQQ== From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:04 +0100 Subject: [PATCH v2 08/29] sev-dev: avoid pointless cred reference count bump Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241125-work-cred-v2-8-68b9d38bb5b2@kernel.org> References: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> In-Reply-To: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> To: Linus Torvalds Cc: Amir Goldstein , Miklos Szeredi , Al Viro , Jens Axboe , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-355e8 X-Developer-Signature: v=1; a=openpgp-sha256; l=980; i=brauner@kernel.org; h=from:subject:message-id; bh=JyuYZyB4OGl5WxMFcCkQWT6w+5cVFX8MiGQmbuR3Uto=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaS7tHoYedVklF49+HT3b1MnCf2YM0ui+2tvf5G+u/bA0 klTd+Sc7ihlYRDjYpAVU2RxaDcJl1vOU7HZKFMDZg4rE8gQBi5OAZjIBAZGhslny+6/F+a+HP7X N+3YlWStAwd+anp6p+zLuLbuwLr4diWG/+6xrLxLma1OVZw/uuDajKxmgQPaGqKzY8ov9/FwTv7 xlh8A X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 and fix a memory leak while at it. The new creds are created via prepare_creds() and then reverted via put_cred(revert_creds()). The additional reference count bump from override_creds() wasn't even taken into account before. Signed-off-by: Christian Brauner --- drivers/crypto/ccp/sev-dev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 187c34b02442dd50640f88713bc5f6f88a1990f4..2e87ca0e292a1c1706a8e878285159b481b68a6f 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -244,7 +244,7 @@ static struct file *open_file_as_root(const char *filename, int flags, umode_t m if (!cred) return ERR_PTR(-ENOMEM); cred->fsuid = GLOBAL_ROOT_UID; - old_cred = override_creds(get_new_cred(cred)); + old_cred = override_creds(cred); fp = file_open_root(&root, filename, flags, mode); path_put(&root); From patchwork Mon Nov 25 14:10:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 13884951 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DD1E61B6D02; Mon, 25 Nov 2024 14:10:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543842; cv=none; b=aYXit5ReMy6WZGjRcFaSDloJVSmS0dM5GuTm++kfSqrkQru8/NuRJeP3S07JfWsV+8QPDDgKL9+P52+L/DrAaKgpmrfx5TE71fw1GRbHDfeGUndGVFQUvTiDDebGyYAsVueQD5Y1rnVDDO8Vsjg89Hk+IR2ZbS2ZgF7HaCIcLeE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543842; c=relaxed/simple; bh=DitPWXlJL7W9zAvssowYYvwe4Rxzt3oAYriF89UVjcw=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=RBUx1zzDJ49M1DKrvTHS9xguBvktj0IE9yYJGK3za5j/6ddLvurzznbHHGPpOKdIl3HEuQfQgM4bHUkb2jHeKYIZTr3nOeoxQSMAvsIMXX6zPoWGHk3WHmi/zTOE7AHRkxRY6u7bV7ph65A4iZxdQvoAbOghlv/R92NHGvpTTUU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ncUJI9b0; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ncUJI9b0" Received: by smtp.kernel.org (Postfix) with ESMTPSA id E97D8C4CECE; Mon, 25 Nov 2024 14:10:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732543841; bh=DitPWXlJL7W9zAvssowYYvwe4Rxzt3oAYriF89UVjcw=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=ncUJI9b0dpl7BGqsLzUwH5bN7eUGuh2lp+c2J5EfdKmbpW2DlQugWlOqFLDpNBXnR yKL5oYH5GsRDKkc3CZ2M+hNjqRrFijL5NF5rtrFmqdcGB0FQM3rk2zt/dMKR+CBjOD qQUTj23FEJTI6E3evF0lLXIWQxGOswKvlK8tanov+RaZ3b1E1Ra5zUHl9tmj/Uq80n KfLwkBkOX4jHccf8KmG6x/Mt9CN47fk0A08LUli97QEVufnjMYfZroQhJUEZfwoqXd Q+WfGE6fDwjbZCHzSJunUu+xn3HCJUHmIS8sEgN62Saj83OmPzuMHZiVFiOvuChJb3 Y/nYK3mkHdfpw== From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:05 +0100 Subject: [PATCH v2 09/29] target_core_configfs: avoid pointless cred reference count bump Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241125-work-cred-v2-9-68b9d38bb5b2@kernel.org> References: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> In-Reply-To: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> To: Linus Torvalds Cc: Amir Goldstein , Miklos Szeredi , Al Viro , Jens Axboe , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-355e8 X-Developer-Signature: v=1; a=openpgp-sha256; l=882; i=brauner@kernel.org; h=from:subject:message-id; bh=DitPWXlJL7W9zAvssowYYvwe4Rxzt3oAYriF89UVjcw=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaS7tHpWtf5/KzVrTbpuHavC6kV73tVGNWRIW2z11tv3N 16Pt+VARykLgxgXg6yYIotDu0m43HKeis1GmRowc1iZQIYwcHEKwEQW6TEy3F+dLn84eCtz/oNC sYl8fZ57mF8f7pRfIMrAspap3e/4W4b/xW1OD/ib3BTubpsYwVLzpLrCxf+bvelq08j+kwobtvj yAwA= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 The creds are allocated via prepare_kernel_cred() which has already taken a reference. Signed-off-by: Christian Brauner --- drivers/target/target_core_configfs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c index ec7a5598719397da5cadfed12a05ca8eb81e46a9..c40217f44b1bc53d149e8d5ea12c0e5297373800 100644 --- a/drivers/target/target_core_configfs.c +++ b/drivers/target/target_core_configfs.c @@ -3756,9 +3756,9 @@ static int __init target_core_init_configfs(void) ret = -ENOMEM; goto out; } - old_cred = override_creds(get_new_cred(kern_cred)); + old_cred = override_creds(kern_cred); target_init_dbroot(); - put_cred(revert_creds(old_cred)); + revert_creds(old_cred); put_cred(kern_cred); return 0; From patchwork Mon Nov 25 14:10:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 13884952 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 40A951B6D06; Mon, 25 Nov 2024 14:10:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543844; cv=none; b=KxhvhWZrffIMgQhei0Oif/JqV+UIv3xOJPb/FiIjHYfSX0A0mvWfd5yYF8w9rxRtT5orQNOjLhdtxOC4/C8IoIBMiQeqaS5+s6xCbVUCnJVm/3JqXN2c2fp8FM8Yv/p9EYIY6h3YDmpvKAo0XpyTUlEXMHf4gLg2+nXZ3pnrozA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543844; c=relaxed/simple; bh=ABY5Uagf0J2R/aq8j5D/rTRPz0TPoL0WU6jzCxYW3J0=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=lwRFFklPuBoW1rcoEXc5F+4i6HkoXhd2JNonc8QDEL2rKTKHpwZ9aW96s+2AzXxyYtwdV2eq7bGJhR8JBHNSzt1ADeH4kjU5tQfPZPZByQMfPHTo8H3C/MHowF+bKYkNMp8bPkirPeqfQf1ojLE/UYX/PkJeG3l+q6WV5oVaF5M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=qOzUBOKr; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="qOzUBOKr" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4F1AAC4CECF; Mon, 25 Nov 2024 14:10:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732543844; bh=ABY5Uagf0J2R/aq8j5D/rTRPz0TPoL0WU6jzCxYW3J0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=qOzUBOKr5TsY6ML1jNW9dP+Ncf3b0S49O7oY/3phvZsoZnPLxG66c4DUNVvnqOme+ xA9wA3w5NWr9rsAbX7LfTyTliPDQzJceG7mkb5oi42lOOB4QIJ9XPosbKLdRhI44Kh hvq5uc8b5+v6eHKMit2iD99xa/xPTY6bitMx9mFcptRueADne75qfWGnaVU4uzeODY 3/VJoTll56ameEBKBOMVLYStn4qmMkwJEsepxz4m5votIPOb6r2koVgYxDBr97sHiZ Tkrb7MoDKn20EG26Gz82oU4fbMTqXIj86F/LIT+B8txgVvP1ZamkWghemyLxhQLL5n tvckiad7sBCnQ== From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:06 +0100 Subject: [PATCH v2 10/29] aio: avoid pointless cred reference count bump Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241125-work-cred-v2-10-68b9d38bb5b2@kernel.org> References: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> In-Reply-To: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> To: Linus Torvalds Cc: Amir Goldstein , Miklos Szeredi , Al Viro , Jens Axboe , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-355e8 X-Developer-Signature: v=1; a=openpgp-sha256; l=985; i=brauner@kernel.org; h=from:subject:message-id; bh=ABY5Uagf0J2R/aq8j5D/rTRPz0TPoL0WU6jzCxYW3J0=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaS7tHru+NAyIdtq1tbW1HXWVn/nMvXa5isXZhSumdtVO enWhG8mHaUsDGJcDLJiiiwO7Sbhcst5KjYbZWrAzGFlAhnCwMUpABPZ+J2R4WSSv8eCX5/0yuV2 6rrfszneP/eamS0vX/anfx9eZzQ8+cTIsPd417LVF27+eiAw9w9/aM0epmuel9dFck199i914qm +52wA X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 iocb->fsync.creds already holds a reference count that is stable while the operation is performed. Signed-off-by: Christian Brauner --- fs/aio.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/aio.c b/fs/aio.c index 5e57dcaed7f1ae1e4b38009b51a665954b31f5bd..50671640b5883f5d20f652e23c4ea3fe04c989f2 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -1639,10 +1639,10 @@ static int aio_write(struct kiocb *req, const struct iocb *iocb, static void aio_fsync_work(struct work_struct *work) { struct aio_kiocb *iocb = container_of(work, struct aio_kiocb, fsync.work); - const struct cred *old_cred = override_creds(get_new_cred(iocb->fsync.creds)); + const struct cred *old_cred = override_creds(iocb->fsync.creds); iocb->ki_res.res = vfs_fsync(iocb->fsync.file, iocb->fsync.datasync); - put_cred(revert_creds(old_cred)); + revert_creds(old_cred); put_cred(iocb->fsync.creds); iocb_put(iocb); } From patchwork Mon Nov 25 14:10:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 13884953 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EF8191B4F1A; Mon, 25 Nov 2024 14:10:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543847; cv=none; b=lMY8cDPJfqDC1csPUUzAaI+ygA5TAJyoVwrYG3Lnp6pEgHK8APGxjFZvCnIEguPk9phIxi9huh74wQ7cr7JDpJjXpRSXiZZ5SjSqDn3/LiCvUiW3p0toRFe5DHssDaGV5rs/oozppgNmVUam1FZiC8dJuQ2omBhKixLkawri0lk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543847; c=relaxed/simple; bh=SOhlGmJ+FST7cLV7knRpvEsHg1d/XybMiJ0MpBSZ/Js=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=bcxH5vMG4tTlq5Z7ZUl3pdKn5DO6BcLP/Rqy3NI7rthq/NUHRji6y1jujTe57waEJ4V7ZXxqBVWFaBI3zjArWR8vaM0KJlw9V+AoHf5tozsOMQF4UKUV5VaDI2P5K3pLZbh+KVy+9XWX3HXwtJvIpHNxRiE26hF9lw8sYcSZa/E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=PZwaE8c5; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="PZwaE8c5" Received: by smtp.kernel.org (Postfix) with ESMTPSA id A5E52C4CED2; Mon, 25 Nov 2024 14:10:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732543846; bh=SOhlGmJ+FST7cLV7knRpvEsHg1d/XybMiJ0MpBSZ/Js=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=PZwaE8c52fA6NmHPVkrRztNJR13dvGbpfLoi66rIbdqlTUqoXi0McF/3o9P6GhlQM 8o1iANloU59H3HYBIWSsKA2C6Z0iZN6BNNTxdarYGNkdBR4bt3dfvvgG7Vi2gOz0kh cmwE48UqDj4N8yeU8Aw6gQOfXZLr1Fr4iFjjnMvqb82V1/VqwohYvCVGThdXn1Nc5h F6kJrlVmZ4H7b9Q7Ppl4Ut54P+P0TQshJYLoAFogoIjJ+2NnCUrzkpd2TUQztoMvk1 TvDhNtdZVR7uX7DuM6YI267L2hZjTk2fa6BOJpducGMqnL31ctWwVfyjfUFilkB2D5 Os+pIf/QjdqUQ== From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:07 +0100 Subject: [PATCH v2 11/29] binfmt_misc: avoid pointless cred reference count bump Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241125-work-cred-v2-11-68b9d38bb5b2@kernel.org> References: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> In-Reply-To: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> To: Linus Torvalds Cc: Amir Goldstein , Miklos Szeredi , Al Viro , Jens Axboe , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-355e8 X-Developer-Signature: v=1; a=openpgp-sha256; l=954; i=brauner@kernel.org; h=from:subject:message-id; bh=SOhlGmJ+FST7cLV7knRpvEsHg1d/XybMiJ0MpBSZ/Js=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaS7tHruF00+wNhbpLNK2VFHp8L026PoL4+zE8znv5+RH 3Os+KVrRykLgxgXg6yYIotDu0m43HKeis1GmRowc1iZQIYwcHEKwERurmRkeHDiDv9zyZ86TSeO hsdYLS8QCs77919v0+o7flEC0n/Wz2H4zdaT0dPHsovneOjUPVN6TOfbuDhJKW18EjWN+9E9v+r djAA= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 file->f_cred already holds a reference count that is stable during the operation. Signed-off-by: Christian Brauner --- fs/binfmt_misc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c index 5692c512b740bb8f11d5da89a2e5f388aafebc13..31660d8cc2c610bd42f00f1de7ed6c39618cc5db 100644 --- a/fs/binfmt_misc.c +++ b/fs/binfmt_misc.c @@ -826,9 +826,9 @@ static ssize_t bm_register_write(struct file *file, const char __user *buffer, * didn't matter much as only a privileged process could open * the register file. */ - old_cred = override_creds(get_new_cred(file->f_cred)); + old_cred = override_creds(file->f_cred); f = open_exec(e->interpreter); - put_cred(revert_creds(old_cred)); + revert_creds(old_cred); if (IS_ERR(f)) { pr_notice("register: failed to install interpreter file %s\n", e->interpreter); From patchwork Mon Nov 25 14:10:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 13884954 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 31FE21BB6BA; Mon, 25 Nov 2024 14:10:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543849; cv=none; b=YjMn5qFgdk+yopGaah+voJMIW+yauLMyANKJ2Z8vUUpO3eewZrKH9to/zcyLBslG1Jk/UPAPyW244F4Y3q6qzjNRBOc6srTlz/b16zYIXIqU9ECfoA83FcV9RGEucvYbKXPnRRah15iSI3ytUwNnWdgjriRvjYyXuXS7NhNokEQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543849; c=relaxed/simple; bh=IFLM84NiqCXkwMMafq8E9pIDiDKUxCWKPeY0cpJ2rUw=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=iZEa/GxNtkItM2qRyu+Epa/M3ZU29xzThmfPtO94aT27Pn9ZJGwJrZcQjigz+ePYsdryu9crU/0+bawjgtYft08KZQn0N2DrMLQiRZfxEotsTavMfw5b4clFchQsonMNWfudBDSvq99OWmHUlQWBgzVU8T1JtMeEqwNzZij20Cc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=UJQiMV5J; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="UJQiMV5J" Received: by smtp.kernel.org (Postfix) with ESMTPSA id E4EE0C4CED3; Mon, 25 Nov 2024 14:10:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732543848; bh=IFLM84NiqCXkwMMafq8E9pIDiDKUxCWKPeY0cpJ2rUw=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=UJQiMV5JAOp/zBa2ro19c5jVETBKlkxuYKGDtBvNaK7H9IlEGoz1oKWQmUY8AiAma kh4aLXP5iCnsHEPtmh9tYVQpX/+AdLyrolYOZtlhp0BMsAmmPwS6diOILPAHBo8xCa E0HVWVMWvYfoFrtFlQPJdo2RhtmykHtEJVuxi7/x7wYgVAeGGUGl8jIYquxCCRR/U2 Sx7mnI9v0HP7aG3H74gQEnK1NEVSm8Msn5bsDPm8e39OlIt23UFiaq8VkXZJbmqFVH mcIEiCv1JEZOwlUUv67GMnplTXEclCovXk5tTeZpHmdZTZ1RUKbxCO1ZwWlf27pdA4 1kHDXMQqXB6RA== From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:08 +0100 Subject: [PATCH v2 12/29] coredump: avoid pointless cred reference count bump Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241125-work-cred-v2-12-68b9d38bb5b2@kernel.org> References: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> In-Reply-To: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> To: Linus Torvalds Cc: Amir Goldstein , Miklos Szeredi , Al Viro , Jens Axboe , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-355e8 X-Developer-Signature: v=1; a=openpgp-sha256; l=929; i=brauner@kernel.org; h=from:subject:message-id; bh=IFLM84NiqCXkwMMafq8E9pIDiDKUxCWKPeY0cpJ2rUw=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaS7tHr6qhRmdDsHZjjbfeU+sPD0rSxeHumzSkeL207Y+ Tn5bHvUUcrCIMbFICumyOLQbhIut5ynYrNRpgbMHFYmkCEMXJwCMBHb6YwMp+/UygqFvV0n8848 t0Y0S4lz9c2avqY55/98dP4XtMXgIsNv9uaZUiJ1zbUZXbq3xDLFb2iGddwqZSl8rSF9QU3qszs PAA== X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 The creds are allocated via prepare_creds() which has already taken a reference. Signed-off-by: Christian Brauner --- fs/coredump.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/coredump.c b/fs/coredump.c index 0d3a65cac546db6710eb1337b0a9c4ec0ffff679..d48edb37bc35c0896d97a2f6a6cc259d8812f936 100644 --- a/fs/coredump.c +++ b/fs/coredump.c @@ -576,7 +576,7 @@ void do_coredump(const kernel_siginfo_t *siginfo) if (retval < 0) goto fail_creds; - old_cred = override_creds(get_new_cred(cred)); + old_cred = override_creds(cred); ispipe = format_corename(&cn, &cprm, &argv, &argc); @@ -781,7 +781,7 @@ void do_coredump(const kernel_siginfo_t *siginfo) kfree(argv); kfree(cn.corename); coredump_finish(core_dumped); - put_cred(revert_creds(old_cred)); + revert_creds(old_cred); fail_creds: put_cred(cred); fail: From patchwork Mon Nov 25 14:10:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 13884955 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 30E7F1AE863; Mon, 25 Nov 2024 14:10:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543851; cv=none; b=uaTHfnDqO4O/yoMt73uFUeMNE5+zGC2C/FsHdhfsssQNPn3nZxD8DhoPT/wEEV5JS2pOpPEOqtAPqbxJaS0WdZf6t6AeGR2SXvr0stT++Gs0XND2WFTr99T0PNo6ohjADqzkxhRdYTkzej1vAieZACSpnptLQlTyvtRH1iUeVwo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543851; c=relaxed/simple; bh=Rvk44iZBpENZz5Rsbf1pzREJ1lmJXbhsL9AmhwrlzhQ=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=PV7z+JfOymq+3hv2VY5ie5pD5tD2WtJ6mtiXInGtazSXlpMxcu8FP+NV3+V4kvZHEeMV3szbqeEFCskDPkKEF0oqCzdS8LtqAx3Wn4xZlMh6+r32X8lLsR8lN2TM1UzlJB+D/PDHG3GZvLsUf16Ia5glWCREHuocoo+nZDlLMfI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=nSD8Rbki; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="nSD8Rbki" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 46328C4CECE; Mon, 25 Nov 2024 14:10:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732543851; bh=Rvk44iZBpENZz5Rsbf1pzREJ1lmJXbhsL9AmhwrlzhQ=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=nSD8RbkigLl5JW7QhY+CMPUAsZn83xm3zgUJeVigDUcpTKYXL+hsXxtN4CLjj04E3 49LTmjAIhjXGojv5u4Ud+jSTbvcD+s738e4IrIgx/h6JmP4SlBdMSuVdqTM89mx4fS WxRKwODRfSw+s/KmkV0CjX3ScUEb4Cs8BLmj236WB7FU7qOSYcQ+lHIp3GkDsSN/wV wyBY678rFAxs3GCXsjSFPoaCwYmtuTildqDMWNFBCFGMrQCDe+Y72AvVUOxnCHlxB6 VtNpaG3t9Nzabf5snuD+FQZ+6h3YVkfPnB6RCUkpnVdKJyLVMtq7+8UHPT7E3MMXo2 kwyQioNf+SW0w== From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:09 +0100 Subject: [PATCH v2 13/29] nfs/localio: avoid pointless cred reference count bumps Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241125-work-cred-v2-13-68b9d38bb5b2@kernel.org> References: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> In-Reply-To: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> To: Linus Torvalds Cc: Amir Goldstein , Miklos Szeredi , Al Viro , Jens Axboe , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-355e8 X-Developer-Signature: v=1; a=openpgp-sha256; l=1525; i=brauner@kernel.org; h=from:subject:message-id; bh=Rvk44iZBpENZz5Rsbf1pzREJ1lmJXbhsL9AmhwrlzhQ=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaS7tHreffHXt+jT3fZw+SVx+ilx17+kZ3748SfaSHJ+3 fL4xKdZHaUsDGJcDLJiiiwO7Sbhcst5KjYbZWrAzGFlAhnCwMUpABP5ZcTwv8Dle9W73bnnNqcm 805vvsn7TKH6mtnHhIo07v1thyNcihn+R/uaScTdenzmn/ky99CK4+0S15nyShsY5wu5910OEbn CBgA= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 filp->f_cred already holds a reference count that is stable during the operation. Signed-off-by: Christian Brauner --- fs/nfs/localio.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/fs/nfs/localio.c b/fs/nfs/localio.c index cb0ba4a810324cc9a4913767ce5a9b4f52c416ac..8f0ce82a677e1589092a30240d6e60a289d64a58 100644 --- a/fs/nfs/localio.c +++ b/fs/nfs/localio.c @@ -371,7 +371,7 @@ static void nfs_local_call_read(struct work_struct *work) struct iov_iter iter; ssize_t status; - save_cred = override_creds(get_new_cred(filp->f_cred)); + save_cred = override_creds(filp->f_cred); nfs_local_iter_init(&iter, iocb, READ); @@ -381,7 +381,7 @@ static void nfs_local_call_read(struct work_struct *work) nfs_local_read_done(iocb, status); nfs_local_pgio_release(iocb); - put_cred(revert_creds(save_cred)); + revert_creds(save_cred); } static int @@ -541,7 +541,7 @@ static void nfs_local_call_write(struct work_struct *work) ssize_t status; current->flags |= PF_LOCAL_THROTTLE | PF_MEMALLOC_NOIO; - save_cred = override_creds(get_new_cred(filp->f_cred)); + save_cred = override_creds(filp->f_cred); nfs_local_iter_init(&iter, iocb, WRITE); @@ -554,7 +554,7 @@ static void nfs_local_call_write(struct work_struct *work) nfs_local_vfs_getattr(iocb); nfs_local_pgio_release(iocb); - put_cred(revert_creds(save_cred)); + revert_creds(save_cred); current->flags = old_flags; } From patchwork Mon Nov 25 14:10:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 13884956 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6AA551BD9EA; Mon, 25 Nov 2024 14:10:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543853; cv=none; b=rU0/fHFtAB3CD/GNL7vRVx4X0/ZL3QmTao86joBigTtZiM/ulmoLSmpg0EZF4M/d0e0x2/omT8/ye9PAaI2VTINNxQULEGtsUa6tEHGRu2lQMNJx5394iJu8GZ+Zzs6qD2x/VHVBIP9DsfhXxL8aNheRB5T+KkDTi4LmlFhUwrE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543853; c=relaxed/simple; bh=4cgA6IsAxTTKPHviIv93Rrt2GwxVewQqHJ5F0vhgT3c=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=aBiWPaabBTJCoHVX/18KmUs354vGMlitZJ66HgJKt9TuWpv5XiRwL3uN16xs0o2soPIrUkFsTOcFCSdFdMKw5wSvMCVE7yn8du+NWVPEdmp+wIqqPY3p9CZix3jgokZXUguuTOrQ7Nxbxf1bS+EHuiPfFzXEFHpDcPceM8Whfos= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=pGtm1XrA; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="pGtm1XrA" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8140DC4CECF; Mon, 25 Nov 2024 14:10:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732543853; bh=4cgA6IsAxTTKPHviIv93Rrt2GwxVewQqHJ5F0vhgT3c=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=pGtm1XrAqMA1s9l3u8B5Xx8tjIRF70GOg6KxdZFhEEd0cH/DzO+MEjSXuMUbnjo2I NWKS+DVwPUM2gYq3Qyd4x9JoeWqJB53rV+4QSwK11OEKkr6nY++oaQuvcWQm3tlIkN RtgrQlejyvEosfQaVYZGylpzoclrXpyNgejSn09zCyljC8TJHmQxqbXA3w+amkxB2g VGCGrq6slIy109q3auMXnFb4KELwkUwSPMEDwdiV2ibkR/ZgsyWnKfCB7q0VOw/YzK GPsthsJ1evnm/ODQfsuD0+gR0/TptbaEpFstkxkv45Gin/H2ZWT5dtt/sYjpzR8sB1 aZAdCNK6tpnTQ== From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:10 +0100 Subject: [PATCH v2 14/29] nfs/nfs4idmap: avoid pointless reference count bump Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241125-work-cred-v2-14-68b9d38bb5b2@kernel.org> References: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> In-Reply-To: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> To: Linus Torvalds Cc: Amir Goldstein , Miklos Szeredi , Al Viro , Jens Axboe , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-355e8 X-Developer-Signature: v=1; a=openpgp-sha256; l=980; i=brauner@kernel.org; h=from:subject:message-id; bh=4cgA6IsAxTTKPHviIv93Rrt2GwxVewQqHJ5F0vhgT3c=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaS7tHpavfpWKsd7oFvi3MTIY8kPmj/ec0luOV76zoBtf brzGh79jlIWBjEuBlkxRRaHdpNwueU8FZuNMjVg5rAygQxh4OIUgIkw3GBkOHz1IJPDwylXWNde nXRurcU6Ph3jtYJftqi9vvbuz49jB98wMhydtS3D+9dnmfYNwauZUndNPZb8wtvt1bE996WkHtx 7IMsMAA== X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 The override creds are allocated with a long-term refernce when the id_resolver is initialized via prepare_kernel_creds() that is put when the id_resolver is destroyed. Signed-off-by: Christian Brauner --- fs/nfs/nfs4idmap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/nfs/nfs4idmap.c b/fs/nfs/nfs4idmap.c index 25b6a8920a6545d43f437f2f0330ccc35380ccc3..25a7c771cfd89f3e6d494f26a78212d3d619c135 100644 --- a/fs/nfs/nfs4idmap.c +++ b/fs/nfs/nfs4idmap.c @@ -311,9 +311,9 @@ static ssize_t nfs_idmap_get_key(const char *name, size_t namelen, const struct user_key_payload *payload; ssize_t ret; - saved_cred = override_creds(get_new_cred(id_resolver_cache)); + saved_cred = override_creds(id_resolver_cache); rkey = nfs_idmap_request_key(name, namelen, type, idmap); - put_cred(revert_creds(saved_cred)); + revert_creds(saved_cred); if (IS_ERR(rkey)) { ret = PTR_ERR(rkey); From patchwork Mon Nov 25 14:10:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 13884957 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 08A8C1C07C3; Mon, 25 Nov 2024 14:10:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543856; cv=none; b=GrhnTvY63z0ogM4gsHRbUhL7AR/jYSx1cEz/st8wLkpjJKabYHLxmEKYX45iqplEmBG7aFgw31I6jFmqF770D9Z98DWax3dStp2PGY+LsTNWKphwPGMcNnJDVuWtzg9mscaLCf1IjJBcFsxvnGQHMm8NZX3rZ6BPj3XZJdneg7w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543856; c=relaxed/simple; bh=uashmBaEdR6fdQIQMHMq1Z3iv/S7f/OPHqwJBo/qsYM=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=qLlpmtQQlhQb43wlXVzSQ4Pp7mT/qdPxBmyumnCa/O1WxB3Ssu3+X4ang7TG+x997xV7JbSZFjX88I/hoA6JfPafJiWN3dfQli+YkfDGgAS3Ddnm/ADzfXYRUvKMlw0s925duYQXavKslBoMe8sqibaOqIG9tvcBqYdssY4RhBM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ik1/m3fc; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ik1/m3fc" Received: by smtp.kernel.org (Postfix) with ESMTPSA id C1777C4CECF; Mon, 25 Nov 2024 14:10:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732543855; bh=uashmBaEdR6fdQIQMHMq1Z3iv/S7f/OPHqwJBo/qsYM=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=ik1/m3fc0xDCrDnuQVw29giCxgchwS4hCosOTnKiEAFcQAaMgpLoUPUGLmQiBhEMm tirRD52gohiFx2D1wS2A+kGs05Rx8JaR10drLDsgh/c2M30rpP8PA5c5+WHGOV2fyy VrcVAJZXM6Lg6n2l14qzddz4zw8ZTjxrFdQd5j/eLiHsnqKVa3Hl7B8d3OnB425v0A 0bkY1s8UsD21wSZK2eOw/QatOqNQo4SRXJsI/tIQWPcmG49fO/91Dh+MleKEVMKF9V zAawf1ifJx4X+uWdVfqWVzLnhAau9EJkBWdCHJE47wOYXlkzZI/W51RXi2nF9lSNt1 LsuSfB5RZXAUg== From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:11 +0100 Subject: [PATCH v2 15/29] nfs/nfs4recover: avoid pointless cred reference count bump Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241125-work-cred-v2-15-68b9d38bb5b2@kernel.org> References: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> In-Reply-To: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> To: Linus Torvalds Cc: Amir Goldstein , Miklos Szeredi , Al Viro , Jens Axboe , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-355e8 X-Developer-Signature: v=1; a=openpgp-sha256; l=749; i=brauner@kernel.org; h=from:subject:message-id; bh=uashmBaEdR6fdQIQMHMq1Z3iv/S7f/OPHqwJBo/qsYM=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaS7tHq+snzOVtuvmr1FlO83o+cZ3qiqOJ3wvN3/m4R22 HewLXnbUcrCIMbFICumyOLQbhIut5ynYrNRpgbMHFYmkCEMXJwCMJEZTxkZdro5qazQy7vuEPuS Q/g6r1jE28xNpdLBG80fSfJEB3acYPhfqnDLdorv54cGtRqx3cpmgf/u/vui//LwL6uY1Qo7j6c xAQA= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 The code already got rid of the extra reference count from the old version of override_creds(). Signed-off-by: Christian Brauner --- fs/nfsd/nfs4recover.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c index 2834091cc988b1403aa2908f69e336f2fe4e0922..5b1d36b26f93450bb14d1d922feeeb6c35399fd5 100644 --- a/fs/nfsd/nfs4recover.c +++ b/fs/nfsd/nfs4recover.c @@ -81,8 +81,7 @@ nfs4_save_creds(const struct cred **original_creds) new->fsuid = GLOBAL_ROOT_UID; new->fsgid = GLOBAL_ROOT_GID; - *original_creds = override_creds(get_new_cred(new)); - put_cred(new); + *original_creds = override_creds(new); return 0; } From patchwork Mon Nov 25 14:10:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 13884958 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0BDF21C303E; Mon, 25 Nov 2024 14:10:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543858; cv=none; b=FuXbAS3G+tJYMhGEjGHPxUt79Lp/rvY1ErrfJf1OZ/8IK8wax/iCREbuH3Vu/eqvyAp+uLPgRW1tQIDQIDZIiz7d9KuvOk1cYvsjl+uAmZjE9kaCWBdoQPvtZB0GuYz19Wh4pmGdOsJuizFT95Ex8RzK8eXzPtyUSUYp++oXr84= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543858; c=relaxed/simple; bh=E/xuZiaaXUS1dUjJCcyg4g+UNuKLiuXMKNRl4YbEaOM=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=uMqQ5NmfuiETg7Le4xNc561sg5yVBW+vz36d2vYlfCl50qV0OOjzuwuVNQEk4MLEf3wDm7+lPvCJWwan4/RMKmKN9N/RQd7hqrdgcG38qWAK7RjxrqQAIv0wIeJn4o5GWhdUmoZbqY7FbznkSrnbyQnBdgLHd5BtDvYILZuBTZA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ElVqWXj6; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ElVqWXj6" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 24420C4CED2; Mon, 25 Nov 2024 14:10:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732543857; bh=E/xuZiaaXUS1dUjJCcyg4g+UNuKLiuXMKNRl4YbEaOM=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=ElVqWXj6qyF8vO59t7q5N8a9Tzd1B4KnsVDU2TDzOZ9A5Yft98+hWNPwMTRINW/h3 wDe09MqwT4OGrMF90NAulb01ayXRrzfvdd+ZT18/taXZiC19ZiKTD/4B1e03p+Gr5H qKdP1FSVWtKoqJi1t4iCtLiwLbpQe4b9QVSq+HrAhAWYBtuihEV9exVrhr8j2qGnKY YoEhazeQfS5Uuaz0ZXH8bzQesKaPZmMBq51VjmyOXO7pUrkJZN+/5MXwQyN1XLDe0H 6Ftsv7VJB1gDy6maKOvsYPvtCwzTHexOdZ5HoQwmGIfM3ud0v/WxwunL63SqdQJ1y+ nTDw2MHhHMDEw== From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:12 +0100 Subject: [PATCH v2 16/29] nfsfh: avoid pointless cred reference count bump Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241125-work-cred-v2-16-68b9d38bb5b2@kernel.org> References: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> In-Reply-To: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> To: Linus Torvalds Cc: Amir Goldstein , Miklos Szeredi , Al Viro , Jens Axboe , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-355e8 X-Developer-Signature: v=1; a=openpgp-sha256; l=827; i=brauner@kernel.org; h=from:subject:message-id; bh=E/xuZiaaXUS1dUjJCcyg4g+UNuKLiuXMKNRl4YbEaOM=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaS7tHrOfSSyj68hk6nAe579Ph+lxdpfX9c/CdJMY5O0b Da9sOh5RykLgxgXg6yYIotDu0m43HKeis1GmRowc1iZQIYwcHEKwER08hgZenZ8+X+pj7F7y+T5 fs3MC1d1q5m+zn0mXnr1v8QV5s9ZzxgZ7j96JLl4zjav15ddnz5929UVyTG54MpLsS11mRqzODK cWAA= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 The code already got rid of the extra reference count from the old version of override_creds(). Signed-off-by: Christian Brauner --- fs/nfsd/nfsfh.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c index 60b0275d5529d49ac87e8b89e4eb650ecd624f71..ef925d96078397a5bc0d0842dbafa44a5a49f358 100644 --- a/fs/nfsd/nfsfh.c +++ b/fs/nfsd/nfsfh.c @@ -221,8 +221,7 @@ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct net *net, new->cap_effective = cap_raise_nfsd_set(new->cap_effective, new->cap_permitted); - put_cred(override_creds(get_new_cred(new))); - put_cred(new); + put_cred(override_creds(new)); } else { error = nfsd_setuser_and_check_port(rqstp, cred, exp); if (error) From patchwork Mon Nov 25 14:10:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 13884959 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C0EC91CBEAA; Mon, 25 Nov 2024 14:11:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543861; cv=none; b=pIAmjuOOxLGmBwByQJBwRYVf7M38HrxFguhrI9antiqvK8scuzUI4cM5GqktMLtKIIZWXiOvb4cQVXK4WN2mfZH2480gRwMEzwjV4VsWhPYp31396AEGPpKzNWm0uPgRsvKV3A3RjPmOYWt1bn/WJJbzYzpKBD2xU2YAGDJnfBA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543861; c=relaxed/simple; bh=yv6/Dvqanrk3w463KbC21JBdeY18xPTOfLBMKCFqXI4=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=bKueQo3NWKYmgDmQkTv6+KhSk3yQQtouxELm0SPXJ71MitVhfCx9ktjZRDaDZlkJBYqoCVs5zbQs1mbec9dIx+wCCka9/1oE5TXAnYlCYGV8dCo+zDaaII7eOe96NBCMF/8+5zQid5iDO2XhlRQ0k7l73CtzC2+Tck35ws/1D+8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=VcapAW4m; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="VcapAW4m" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6287BC4CECE; Mon, 25 Nov 2024 14:10:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732543860; bh=yv6/Dvqanrk3w463KbC21JBdeY18xPTOfLBMKCFqXI4=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=VcapAW4mWsthD+8bctfjLPUftvUAAVgB/4bv0hX9uWFGF/PKRxS1+CaRMe2b0bZNI pz/FFxBnWIBRTCWtMcPwEaj5cHME7IwWUqx3ncHlXkkkkQlnUX83ZyRSttewMXojBD LUIIMSN9rmZriDoaNXaIlTU8Z8WxtU4r2U9V86rNRT9J6fUnEvLTv8u4GS7p7JPscm gIxpNfOGYlweUHxlfy4lEpTuZWTOdcOKNn59PoK3DFqZ0hEO/w/FPxpW5SSkKpoG+Q l3ZH9UgD/T8Hwu8prelHh2b33SLf1eZXW1IyEF3bO/4ZiUp8xKLviJ3mbI6I3j81ZX 0K2PQzchmwbbQ== From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:13 +0100 Subject: [PATCH v2 17/29] open: avoid pointless cred reference count bump Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241125-work-cred-v2-17-68b9d38bb5b2@kernel.org> References: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> In-Reply-To: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> To: Linus Torvalds Cc: Amir Goldstein , Miklos Szeredi , Al Viro , Jens Axboe , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-355e8 X-Developer-Signature: v=1; a=openpgp-sha256; l=1076; i=brauner@kernel.org; h=from:subject:message-id; bh=yv6/Dvqanrk3w463KbC21JBdeY18xPTOfLBMKCFqXI4=; b=kA0DAAoWkcYbwGV43KIByyZiAGdEhUmg61gacRFkk6N3JYFavR+OdTJiCvWOQClkgn/xgXEyb Ih1BAAWCgAdFiEEQIc0Vx6nDHizMmkokcYbwGV43KIFAmdEhUkACgkQkcYbwGV43KJunQD8CDX3 mYbIgH8r0DSFu3ww2szScGM3uCCFQj7ssG+41L0A/ikf0BCNQz1g+mD9rI16N/BtELkQFaMln5I wBywgbvgF X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 The code already got rid of the extra reference count from the old version of override_creds(). Signed-off-by: Christian Brauner --- fs/open.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/fs/open.c b/fs/open.c index 0a5cd8e74fb9bb4cc484d84096c6123b21acbf16..ffcfef67ac864c8ddaf9719cbc2762d5575597f3 100644 --- a/fs/open.c +++ b/fs/open.c @@ -402,7 +402,6 @@ static bool access_need_override_creds(int flags) static const struct cred *access_override_creds(void) { - const struct cred *old_cred; struct cred *override_cred; override_cred = prepare_creds(); @@ -447,13 +446,7 @@ static const struct cred *access_override_creds(void) * freeing. */ override_cred->non_rcu = 1; - - old_cred = override_creds(get_new_cred(override_cred)); - - /* override_cred() gets its own ref */ - put_cred(override_cred); - - return old_cred; + return override_creds(override_cred); } static long do_faccessat(int dfd, const char __user *filename, int mode, int flags) From patchwork Mon Nov 25 14:10:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 13884960 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0368D1CD1E4; Mon, 25 Nov 2024 14:11:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543863; cv=none; b=utz5anVKeY9DU2s6NPghkBqNTF6P4LKwXlSiRuolmKXL3XUvcdYjniNKCP4gwZLyOVQJdGXWnX6WE1xpeVzyC4RwzZYfuDjJJYeQbP+Ok2Ifbplg0mZt8rM/pVLTCgJFiIUqD0Nu0SaXcHOKr5lRZpSt2ZFCB58utclf2NGeiIM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543863; c=relaxed/simple; bh=qn9Xf5o2GvqjcZpyBGVHdCcZBvfUa8h8mFJlHlRuGIA=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=m5wHREXn+GbFewr8NxPmHWz9OqcxACIAKvCngIPpMjAcR9TbAEFdgHfmcTB1OlQl6PTfftN0Szu/rUMJx9F0tNdu2+nb7yHkkkWesSZ744ZhXAN6h+XEcXPJ/FkRGRf1mJA+GCNRXHv3/T20zE5BJoxYpn/8dBv5ZUPdx1vTV7U= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=LMNgiK8A; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="LMNgiK8A" Received: by smtp.kernel.org (Postfix) with ESMTPSA id B877DC4CECF; Mon, 25 Nov 2024 14:11:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732543862; bh=qn9Xf5o2GvqjcZpyBGVHdCcZBvfUa8h8mFJlHlRuGIA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=LMNgiK8AnD6qJ2zTo/JPhfRH60F3MWk1rJ2ubGUw/QpqsZU3316giRMuI0MLgOq7F r34JHiWf518xWSBr+sZfLZMGNSIdex6bR53Pj/n90QTwinXkCABmp0cAAJWph/RyXp EPrlVrStFV/+ZaOlUZSu90wsP5XibsXpdq6b2DG3J6jiqhuPrvMGnkJWkwyzWTtyy/ VWtTNrel9d0OsMS0NiksfPddvrV4YIc9yYEass9TZQqWEDk7enja2fD7IhZC2zkC+R BkwiSuaVfM5lUpDKUEZjGeiX5ryiMoE5E8dc4KEJ+LjGWWiIMg/c3F7HpiWxErqpPw TudHBbXiRixJA== From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:14 +0100 Subject: [PATCH v2 18/29] ovl: avoid pointless cred reference count bump Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241125-work-cred-v2-18-68b9d38bb5b2@kernel.org> References: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> In-Reply-To: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> To: Linus Torvalds Cc: Amir Goldstein , Miklos Szeredi , Al Viro , Jens Axboe , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-355e8 X-Developer-Signature: v=1; a=openpgp-sha256; l=997; i=brauner@kernel.org; h=from:subject:message-id; bh=qn9Xf5o2GvqjcZpyBGVHdCcZBvfUa8h8mFJlHlRuGIA=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaS7tHqeW/3x1+016z7u75ViYBU9pXU8Pk5aIelvT0euo Hd0XUZhRykLgxgXg6yYIotDu0m43HKeis1GmRowc1iZQIYwcHEKwES2zGD478Q4wzZsYvzGr+1f 3T1WSd+crxrAn6UqFJn//98qBpO/jxl+MZ/4/E6vO+zAu9ObUi4KCtfMTO3VFDzy/wXD1ec3WtW Z+AA= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 security_inode_copy_up() allocates a set of new credentials and has taken a reference count. Signed-off-by: Christian Brauner --- fs/overlayfs/copy_up.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index 439bd9a5ceecc4d2f4dc5dfda7cea14c3d9411ba..3601ddfeddc2ec70764756905d528570ad1020e1 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -741,7 +741,7 @@ static int ovl_prep_cu_creds(struct dentry *dentry, struct ovl_cu_creds *cc) return err; if (cc->new) - cc->old = override_creds(get_new_cred(cc->new)); + cc->old = override_creds(cc->new); return 0; } @@ -749,7 +749,7 @@ static int ovl_prep_cu_creds(struct dentry *dentry, struct ovl_cu_creds *cc) static void ovl_revert_cu_creds(struct ovl_cu_creds *cc) { if (cc->new) { - put_cred(revert_creds(cc->old)); + revert_creds(cc->old); put_cred(cc->new); } } From patchwork Mon Nov 25 14:10:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 13884961 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D1C7B1B218C; Mon, 25 Nov 2024 14:11:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543864; cv=none; b=jPGmQ2Greba0++Z4jdqRrTxcQHueDO/t0hr97HfMu2aY1b3XlQeV9pTjnq+20wfV8hcnEvQ+U+abLUbVTn5LvUXqtgukIOW9qZ14XEN1a3CHJRLpNyXRhsGgAjhs6MZm9t2ixRHMYgkbdj5PNhwWDasFv1WnPPMI7jvgoNczDms= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543864; c=relaxed/simple; bh=vYpQ05179Z6Dqt6CQxkP15YpTonyrb52Yz/uOJlilSM=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=gV6CA4IAX70dhf/cKV4NvUl+pPpF06+yebt8QIjM3QAIvKXVr/Ro7WhRBHEDO7At7NXXi3LxGw2TwOuyNYny7TWzM7dWiXbluLjiP6E/Fv/FnjyNkiibwxBXIGSAdALAxnxOCW01dnmHrYloCKXuJcxcolPY4PA9usHkqeQ157M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=X45tH63I; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="X45tH63I" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 023D3C4CECE; Mon, 25 Nov 2024 14:11:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732543864; bh=vYpQ05179Z6Dqt6CQxkP15YpTonyrb52Yz/uOJlilSM=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=X45tH63Iyu9/yilJXyNJLXnqQse5SLeXYlL7q1xD9a3ECRkTTPZAkjaZ/O6idayUa wnFSNRa2HbjptJzeG5fTJ37FvKmSGSLIsV6oxHlu0LMRb94yra31zZ1jIP+2Rjjvd7 tRDjk9cR87yDY8KPA00ScQyz2WnuglksHM2QNt9vxGM3mNR0yilBPcLHYSdUqa06ZO UnFScyJAZHSWKxy61LXRjI4l2gWFKGsnZiyXKGtTPGaZwPgMyfoWsB39vEz0EaUfAV cRPxn+jNaYthyrZ8mFPNgeZl/14s9OcydS579xGEDm63HXaMAtoSoA+zLaDTuDl+oA mOyg/XRY2uoow== From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:15 +0100 Subject: [PATCH v2 19/29] cifs: avoid pointless cred reference count bump Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241125-work-cred-v2-19-68b9d38bb5b2@kernel.org> References: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> In-Reply-To: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> To: Linus Torvalds Cc: Amir Goldstein , Miklos Szeredi , Al Viro , Jens Axboe , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-355e8 X-Developer-Signature: v=1; a=openpgp-sha256; l=1008; i=brauner@kernel.org; h=from:subject:message-id; bh=vYpQ05179Z6Dqt6CQxkP15YpTonyrb52Yz/uOJlilSM=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaS7tHqmrteKPVzzu/Lekt2KN2pik9aHJd2+zC5xoirPe Fep64p1HaUsDGJcDLJiiiwO7Sbhcst5KjYbZWrAzGFlAhnCwMUpABNZ2M7IcKW0JqZlvdOen4Lp y08/n39t+7sN+TERFj69V3+c3ys1XYGR4XW26+MXZfdDNwmnxTfXL/5/M2rOjoMPZWN4Ck8nZTz J5wUA X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 During module init spnego_cred will be allocated with its own reference which is only destroyed during module exit. Signed-off-by: Christian Brauner --- fs/smb/client/cifs_spnego.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/smb/client/cifs_spnego.c b/fs/smb/client/cifs_spnego.c index 3f3a662c76fa43c1e843310cc814427bcfd0e821..af7849e5974ff36619405a12e667e7543bb3926f 100644 --- a/fs/smb/client/cifs_spnego.c +++ b/fs/smb/client/cifs_spnego.c @@ -157,9 +157,9 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo, sprintf(dp, ";pid=0x%x", current->pid); cifs_dbg(FYI, "key description = %s\n", description); - saved_cred = override_creds(get_new_cred(spnego_cred)); + saved_cred = override_creds(spnego_cred); spnego_key = request_key(&cifs_spnego_key_type, description, ""); - put_cred(revert_creds(saved_cred)); + revert_creds(saved_cred); #ifdef CONFIG_CIFS_DEBUG2 if (cifsFYI && !IS_ERR(spnego_key)) { From patchwork Mon Nov 25 14:10:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 13884962 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2CB2B1CDFCC; Mon, 25 Nov 2024 14:11:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543867; cv=none; b=CdoCMRHfU/Slv/cIfT0ZTBY4JFwr+Ijvx4ScqbbuWpckLoHsA4LKbgVUOzKS4XJR+OOfhB2nnOlbt42zKAYZTtuWKRQI5HMYlKyw6Zlmn7ihn4pr71CLrZk5qVbpTTVqRCviHTc6VRT5KfCq/jyl2Fwri+I4vcFg0XvPVoXaz/s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543867; c=relaxed/simple; bh=5c05Vem2w/kHFkWDmORyO4wP3SkXwO6vKNBNGdV0nuA=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=pTnH62eo6Pm1rRCykGMrEcpMqQNc0H5pIGGe+TAeLT8+FZza+PRLnygK8n8w5+FQRxRXRuTSLyYzHZYRym9BFIkH+OszHVrM2vj+sy2uHMp8pYTKsFYN5zExFwL5bXPCsVv03A8/LaQf6nOC1TFjLxerhJNLunsO+RkfOv4raRI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=GNxYxKuL; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="GNxYxKuL" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2947FC4CED3; Mon, 25 Nov 2024 14:11:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732543867; bh=5c05Vem2w/kHFkWDmORyO4wP3SkXwO6vKNBNGdV0nuA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=GNxYxKuL7ibSdoay8KjP+oZETaHOr1lxKW+Q1t+BoNvQdRD2ZNazV4PQ+iNqLqpxY /HlOWvZYrw4O61IH6I0n2u2eRIjo4HTTsV8nPrTw9runpNj/3W0bBeRqjSQ/kyFanc +/NowrXwBSr2Lg1kaMHYQjOmCwYDhlfIfhywI8yXdz0x1Smou4QbL5p6TmjqeEo9vc XW94KRZmS5NAvp77RnvW3kRkMjxLKXOKKJL7NBG7+YZiJAIF8TTdLjA2jhWdGzXOC+ gL37bKUXe/QZ6xOtjrMtcSqWW9yOIwIX33JxRS+LJziV//uxoOZ4sELE8b//+iOPTP DZSTDDQcalETA== From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:16 +0100 Subject: [PATCH v2 20/29] cifs: avoid pointless cred reference count bump Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241125-work-cred-v2-20-68b9d38bb5b2@kernel.org> References: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> In-Reply-To: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> To: Linus Torvalds Cc: Amir Goldstein , Miklos Szeredi , Al Viro , Jens Axboe , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-355e8 X-Developer-Signature: v=1; a=openpgp-sha256; l=1662; i=brauner@kernel.org; h=from:subject:message-id; bh=5c05Vem2w/kHFkWDmORyO4wP3SkXwO6vKNBNGdV0nuA=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaS7tHoFfcmXf3+ON/5dvOn7zGtv0//NvFHNeC+msM234 tTBCxrrOkpZGMS4GGTFFFkc2k3C5ZbzVGw2ytSAmcPKBDKEgYtTACbizM3IsLbquJFN1+oEm+Xf dKuFNz1cd+LIaY8TzY8rvWpSNH58bWf4zWZjIrpi07NL80JVDrJVfJ/1zO6x5cMFx1a/3nGueFr JBlYA X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 During module init root_cred will be allocated with its own reference which is only destroyed during module exit. Signed-off-by: Christian Brauner --- fs/smb/client/cifsacl.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/fs/smb/client/cifsacl.c b/fs/smb/client/cifsacl.c index 4cb3547f4934143c69a4dac3b9f957d75ae20e0b..1d294d53f662479c0323d5f5a645478c6f590062 100644 --- a/fs/smb/client/cifsacl.c +++ b/fs/smb/client/cifsacl.c @@ -292,7 +292,7 @@ id_to_sid(unsigned int cid, uint sidtype, struct smb_sid *ssid) return -EINVAL; rc = 0; - saved_cred = override_creds(get_new_cred(root_cred)); + saved_cred = override_creds(root_cred); sidkey = request_key(&cifs_idmap_key_type, desc, ""); if (IS_ERR(sidkey)) { rc = -EINVAL; @@ -327,7 +327,7 @@ id_to_sid(unsigned int cid, uint sidtype, struct smb_sid *ssid) out_key_put: key_put(sidkey); out_revert_creds: - put_cred(revert_creds(saved_cred)); + revert_creds(saved_cred); return rc; invalidate_key: @@ -398,7 +398,7 @@ sid_to_id(struct cifs_sb_info *cifs_sb, struct smb_sid *psid, if (!sidstr) return -ENOMEM; - saved_cred = override_creds(get_new_cred(root_cred)); + saved_cred = override_creds(root_cred); sidkey = request_key(&cifs_idmap_key_type, sidstr, ""); if (IS_ERR(sidkey)) { cifs_dbg(FYI, "%s: Can't map SID %s to a %cid\n", @@ -438,7 +438,7 @@ sid_to_id(struct cifs_sb_info *cifs_sb, struct smb_sid *psid, out_key_put: key_put(sidkey); out_revert_creds: - put_cred(revert_creds(saved_cred)); + revert_creds(saved_cred); kfree(sidstr); /* From patchwork Mon Nov 25 14:10:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 13884997 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C7AA71B219E; Mon, 25 Nov 2024 14:11:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543869; cv=none; b=aueCHPsesANFRpDXXR28ZkKzEExrBD/CxS892YKl1CZblPcPwR0RyrSmC6ZII+TeNFvi4V0uA2eFV/0c52HVpf6pja8stR+/wqXPaB0Xa3dgv9rdwXx63kV6ANM4PfdEp/BpQ1gvazBBSeC61pCFf2mjJbPFqqTG5+rSxPXoMWQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543869; c=relaxed/simple; bh=tl3xTNTeCJlrMJ7X8WfjBZE5bw28ffpb8r5WQgJyUZA=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=f3F55ZXHGqLAdaE55BG7VguMiE/t7fHqtQv6KbE/1TmYN0r+T93fq3WJWxG236jp+Sae2XHLinyK1/V1yuJZqBMHUFpbLcuPmf+/3GVXw17NZubbKaCeVz4Vp8fUNSK0wAuMwDl6To9MPnSyn808OsO6XNFxDtA+yqYaCwM14Zc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=amJa9TfN; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="amJa9TfN" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7E1ECC4CED2; Mon, 25 Nov 2024 14:11:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732543869; bh=tl3xTNTeCJlrMJ7X8WfjBZE5bw28ffpb8r5WQgJyUZA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=amJa9TfNA3ezGrW+bkaFm3U2lH95ENXj5cKB/bfew2xbOAZkpezXFDuB1BIeqEAGh GPCCRqhKnqQ42O02M9Hxy6EGY98B5dnCE5ezzl/A0ihBW34p6VNy+uG+KWa5fWvHJx Glo7UTtI+uTF/n9t+qNrthhL2TVgeNfgaxFBSqJH5PQvwuF5f9yVdZMcrHkeSp+J96 NYVawTU71RXBzUYdgJ63dQRYi0J6IpHTR3ijslb2lHQQFLuGMx9EMrGzJQ3kY/auSs GKkKkjybYi4GM6w62nWr7Hd7AO+iGT8E3CZ1FcGvrpYrASOb6yhX9buYjeOfDMAWKQ nJdKKsQwJc4Mg== From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:17 +0100 Subject: [PATCH v2 21/29] smb: avoid pointless cred reference count bump Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241125-work-cred-v2-21-68b9d38bb5b2@kernel.org> References: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> In-Reply-To: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> To: Linus Torvalds Cc: Amir Goldstein , Miklos Szeredi , Al Viro , Jens Axboe , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-355e8 X-Developer-Signature: v=1; a=openpgp-sha256; l=1561; i=brauner@kernel.org; h=from:subject:message-id; bh=tl3xTNTeCJlrMJ7X8WfjBZE5bw28ffpb8r5WQgJyUZA=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaS7tHoduejcVKl57M2xoHUbsgRjJ3pEmPy1+vW79vqkc unotMq3HaUsDGJcDLJiiiwO7Sbhcst5KjYbZWrAzGFlAhnCwMUpABOxeMXIsKgxTWHW4kUzaqdM e/BjebDrpD+r+ZOfsmhwFQROanQ6v56R4doGk1gd3f0cy3Zvc3KV78mp9D4cm32b91bWWZnbnP0 TGAE= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 The creds are allocated via prepare_kernel_cred() which has already taken a reference. This also removes a pointless check that gives the impression that override_creds() can ever be called on a task with current->cred NULL. That's not possible afaict. Remove the check to not imply that there can be a dangling pointer in current->cred. Signed-off-by: Christian Brauner --- fs/smb/server/smb_common.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c index f1d770a214c8b2c7d7dd4083ef57c7130bbce52c..a92e3081cead250dac89a0dc00fcee8444465b8a 100644 --- a/fs/smb/server/smb_common.c +++ b/fs/smb/server/smb_common.c @@ -780,11 +780,7 @@ int __ksmbd_override_fsids(struct ksmbd_work *work, cred->cap_effective = cap_drop_fs_set(cred->cap_effective); WARN_ON(work->saved_cred); - work->saved_cred = override_creds(get_new_cred(cred)); - if (!work->saved_cred) { - abort_creds(cred); - return -EINVAL; - } + work->saved_cred = override_creds(cred); return 0; } @@ -796,13 +792,11 @@ int ksmbd_override_fsids(struct ksmbd_work *work) void ksmbd_revert_fsids(struct ksmbd_work *work) { const struct cred *cred; - WARN_ON(!work->saved_cred); - cred = current_cred(); - put_cred(revert_creds(work->saved_cred)); - put_cred(cred); + cred = revert_creds(work->saved_cred); work->saved_cred = NULL; + put_cred(cred); } __le32 smb_map_generic_desired_access(__le32 daccess) From patchwork Mon Nov 25 14:10:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 13884999 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C5DA51CEEAE; Mon, 25 Nov 2024 14:11:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543871; cv=none; b=EJfQIMh9Wc8sTXRaVXSufPRs4jjFs+Y3C2+4K8N+gibOUdGszZm0Xo1IGVsbzgq1HbjwKPPJ6y8u6NjNkYgku33L9VWDsk3VU18849Ov++I7LeKfKPFZYWQblRNuEi7z3B0qWEFB64PeegKg39PbIZ4dVPeL1FeKDCcPwcw6JWM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543871; c=relaxed/simple; bh=jRtvthJGewUfHc1mOQfwDm7bvOrXc360RRI5kgtRqCQ=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=AQqeaExjx6sBn5URMXwO8h05OabT6ppdJ9wDq2Oq4PKu8roveerviu82UT+2Ver5Lxivp6fs7v3g90KyJY/vQRrV0dv9l6x1aijAHKkMxDnYfm92WbX4LNk7LLznHmx+Lp3z8ys366IlXYjDaYJd7ZXk93O8In0NWol9vjdctlI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=tO1fN8dB; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="tO1fN8dB" Received: by smtp.kernel.org (Postfix) with ESMTPSA id BC89AC4CECE; Mon, 25 Nov 2024 14:11:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732543871; bh=jRtvthJGewUfHc1mOQfwDm7bvOrXc360RRI5kgtRqCQ=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=tO1fN8dBxhC0vnv9Isqr8UJc1PmO89Hp16Vk6pHikpFM1kWMTNwaQIubhuwdxM3UA Lt9t/StAZfwMkN/1qzyrET9HB+vm+TVkcWcM5o1phg/jh25TAvar8W4uu1eR6MMbrd Ud2xSczgcueLLWZtFRE8hj4vxG1cp6fXOfw+2gY65wlJLrFuPKFdDTQkdKJq2XLLJN InrWgswe6HD8brnYN6LCjwsi35YwWhjRtC6fWSkf2K5Dqq4RHfeyFjGBKUwcXv7Nqt /Z+cq+jrHf/eRXPoqPEd9JdtN8PlxMFYgTD/GIA1+ouwyDJyjmydW/9QM9SeMkkjLs W3REUb6A71hyw== From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:18 +0100 Subject: [PATCH v2 22/29] io_uring: avoid pointless cred reference count bump Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241125-work-cred-v2-22-68b9d38bb5b2@kernel.org> References: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> In-Reply-To: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> To: Linus Torvalds Cc: Amir Goldstein , Miklos Szeredi , Al Viro , Jens Axboe , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-355e8 X-Developer-Signature: v=1; a=openpgp-sha256; l=1963; i=brauner@kernel.org; h=from:subject:message-id; bh=jRtvthJGewUfHc1mOQfwDm7bvOrXc360RRI5kgtRqCQ=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaS7tHo9Xhk/I+lTT+uVNNEt8boSV9N+Zwl/fxYz6c7lc 5MW3frm0VHKwiDGxSArpsji0G4SLrecp2KzUaYGzBxWJpAhDFycAjARzkSGX0y/dKYY7Hj34dcU +RkdKUdZtq2xN//w76y/mu/l+uW/TtQy/GZvXKwYJ7rjxZ2JIUHfFfTzniTdmvbyiN7Bh5bCffv 2/OMDAA== X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 req->creds and ctx->sq_creds already hold reference counts that are stable during the operations. Signed-off-by: Christian Brauner --- io_uring/io_uring.c | 4 ++-- io_uring/sqpoll.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index ad4d8e94a8665cf5f3e9ea0fd9bc6c03a03cc48f..8012933998837ddcef45c14f1dfe543947a9eaec 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -1704,7 +1704,7 @@ static int io_issue_sqe(struct io_kiocb *req, unsigned int issue_flags) return -EBADF; if (unlikely((req->flags & REQ_F_CREDS) && req->creds != current_cred())) - creds = override_creds(get_new_cred(req->creds)); + creds = override_creds(req->creds); if (!def->audit_skip) audit_uring_entry(req->opcode); @@ -1715,7 +1715,7 @@ static int io_issue_sqe(struct io_kiocb *req, unsigned int issue_flags) audit_uring_exit(!ret, ret); if (creds) - put_cred(revert_creds(creds)); + revert_creds(creds); if (ret == IOU_OK) { if (issue_flags & IO_URING_F_COMPLETE_DEFER) diff --git a/io_uring/sqpoll.c b/io_uring/sqpoll.c index 1ca96347433695de1eb0e3bec7c6da4299e9ceb0..6df5e649c413e39e36db6cde2a8c6745e533bea9 100644 --- a/io_uring/sqpoll.c +++ b/io_uring/sqpoll.c @@ -174,7 +174,7 @@ static int __io_sq_thread(struct io_ring_ctx *ctx, bool cap_entries) const struct cred *creds = NULL; if (ctx->sq_creds != current_cred()) - creds = override_creds(get_new_cred(ctx->sq_creds)); + creds = override_creds(ctx->sq_creds); mutex_lock(&ctx->uring_lock); if (!wq_list_empty(&ctx->iopoll_list)) @@ -192,7 +192,7 @@ static int __io_sq_thread(struct io_ring_ctx *ctx, bool cap_entries) if (to_submit && wq_has_sleeper(&ctx->sqo_sq_wait)) wake_up(&ctx->sqo_sq_wait); if (creds) - put_cred(revert_creds(creds)); + revert_creds(creds); } return ret; From patchwork Mon Nov 25 14:10:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 13885000 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C00921D049D; Mon, 25 Nov 2024 14:11:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543873; cv=none; b=epcgPI1vJimhSmQeXFdx/90Zb/F/yWQdrgx0qYevyYs2awlSv3pfRKvb0qwYpAEQvmOEjx5qvnGXKauFus3kfj2G34dUIK2To7a4emKbbh/+H5twWz8ki34IETW+7cF0XcB2MZ6qfX8eyf+k6Hc63bTOF5SDDp3J4/bjUGE4KbY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543873; c=relaxed/simple; bh=8xl/acLUl4L0b9zFmJu3StuC3yEGAh718uvyVtl7LjQ=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=nPzXCJlythVAXFmwwHUk5tNdPoyCXoLSqIXyP1A8z+3NHmKiKwZ3LKKEWi+TmjieYYPbNg+ec1Ws7wF7uwO+waVfdQo5IdJZWAJrIuZblKEGAW59pT/+X8ni+09B/ZxHBzXnlNX9y4gSd6z8KGSbYqKVYUiBZi4RI0cAAADCu8M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=FA6xDo7y; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="FA6xDo7y" Received: by smtp.kernel.org (Postfix) with ESMTPSA id E35DAC4CED2; Mon, 25 Nov 2024 14:11:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732543873; bh=8xl/acLUl4L0b9zFmJu3StuC3yEGAh718uvyVtl7LjQ=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=FA6xDo7ypzfiHi/idoPlzpjcUS2dGA+VjEf34Mh5/2Rmksa2YeUZb0H/SkCiQ5MoM 0pIk5lBzfGQ9BTKIqN9bsWhmNKI6AIzSCGiYZI2k6Xlt6N8+2xbf2kD9ikgmqCWpsy IqRjSDIFFdRXe0bj6Jm4YuVfQuqFcfOE1dMfJTwrGOYf2eKkvjuLG9rcXCerjqnbFm YIRTCfe+hw89HPiMhgwYszrn4+mKOURcatcx2d6zz3jTQYMtxKAURxhii3pej8HhHS ceS846ltvISWwhxbnpnW/vidZABwyqJuqRQEXypO74wq0pzZfxSbT9TYZt6eA0Jm7M aOwF4LAEyBDvw== From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:19 +0100 Subject: [PATCH v2 23/29] acct: avoid pointless reference count bump Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241125-work-cred-v2-23-68b9d38bb5b2@kernel.org> References: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> In-Reply-To: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> To: Linus Torvalds Cc: Amir Goldstein , Miklos Szeredi , Al Viro , Jens Axboe , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-355e8 X-Developer-Signature: v=1; a=openpgp-sha256; l=1076; i=brauner@kernel.org; h=from:subject:message-id; bh=8xl/acLUl4L0b9zFmJu3StuC3yEGAh718uvyVtl7LjQ=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaS7tHqdunRRYcvltWufVD1d1hV3VbX96wtL4bfWuRuLI 9d6WUyO7ShlYRDjYpAVU2RxaDcJl1vOU7HZKFMDZg4rE8gQBi5OAZjI20RGhjs7f6ReXaV/9sJL k9m3U2xfPuK1zH/ecuPUZMZXQnOkRPgZ/umvKLrB8Pll7cHPbfOW86dzbzvHdmfb7GmNPe+emF7 0z+YDAA== X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 file->f_cred already holds a reference count that is stable during the operation. Signed-off-by: Christian Brauner --- kernel/acct.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/acct.c b/kernel/acct.c index ea8c94887b5853b10e7a7e632f7b0bc4d52ab10b..179848ad33e978a557ce695a0d6020aa169177c6 100644 --- a/kernel/acct.c +++ b/kernel/acct.c @@ -501,7 +501,7 @@ static void do_acct_process(struct bsd_acct_struct *acct) flim = rlimit(RLIMIT_FSIZE); current->signal->rlim[RLIMIT_FSIZE].rlim_cur = RLIM_INFINITY; /* Perform file operations on behalf of whoever enabled accounting */ - orig_cred = override_creds(get_new_cred(file->f_cred)); + orig_cred = override_creds(file->f_cred); /* * First check to see if there is enough free_space to continue @@ -541,7 +541,7 @@ static void do_acct_process(struct bsd_acct_struct *acct) } out: current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim; - put_cred(revert_creds(orig_cred)); + revert_creds(orig_cred); } /** From patchwork Mon Nov 25 14:10:20 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 13885001 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D6E1D1D318F; Mon, 25 Nov 2024 14:11:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543875; cv=none; b=PmjrEuiGJ6RgFYIY5gpPbNEZaBBDTIN2ROETV+It5Sy8WeMhfRzdPmo3iXIr2rrmJAKs9+k4f8CJTvXHGfnThgHZdyo25Pi+msAaTUmnEQsxLxfvkEw+MVONPgggNjXWTzRcmzs1oRpX/c84ll1tAr573xICBVZoLj/d3sLsdNI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543875; c=relaxed/simple; bh=ARuoMeAmm6v0ZYv+MQ725lBpeEcaXVmaaIcqkE8icBE=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=AFJeCfCnQ5rNrmWt2HaXXBWkwbTcxeg2qXS885H0kgE0cmmhX/ghoWWjoR/CgZ73JtFhovaIMN1eXdmTZdiqj6DPVh4RvLqsHmrwVt/jUvWykaywV5/RPEhK5JLZt8ctku4An5cArXqnOwObyzqBUreMf+3nGDkWPWrcLHWsOF8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=qyCEkHS9; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="qyCEkHS9" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1C752C4CECF; Mon, 25 Nov 2024 14:11:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732543875; bh=ARuoMeAmm6v0ZYv+MQ725lBpeEcaXVmaaIcqkE8icBE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=qyCEkHS98Q7Yh/sZsW2v3EXBsjIVWHrvopYAS9dTxyee+uu+nCIloY62eTWN2Ya8J eEx4TukhlZhpP0eHo2zGgwIpYBHHtCw/DBV9dcTPGFqUkZiv6qKWASStXAUVnLtuWx ZVB2ANP+Zj30UIi6fza+Uar4Q2s0F3nZEtAaaGmG2gpEhmUeCXpFYS5wAPCjnlPx0P c2zWIskWCpTmMupExShHNx+uMsxxKOhb0cszYwlouASg1K0sPhROpucTw8ejZ4oEL5 7ghOId/xVE2NlWgDuHMrIT1LpYxNWp8GqlxftDEEOg6pE/u9+CZOeXZsX27xeBBZzZ Vn/MmT2B4ICWA== From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:20 +0100 Subject: [PATCH v2 24/29] cgroup: avoid pointless cred reference count bump Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241125-work-cred-v2-24-68b9d38bb5b2@kernel.org> References: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> In-Reply-To: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> To: Linus Torvalds Cc: Amir Goldstein , Miklos Szeredi , Al Viro , Jens Axboe , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-355e8 X-Developer-Signature: v=1; a=openpgp-sha256; l=1021; i=brauner@kernel.org; h=from:subject:message-id; bh=ARuoMeAmm6v0ZYv+MQ725lBpeEcaXVmaaIcqkE8icBE=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaS7tHoJhuYf1n9yu1nn7NeLMguyNeacXO2Uz3jqQEulf K/d7qatHaUsDGJcDLJiiiwO7Sbhcst5KjYbZWrAzGFlAhnCwMUpABORLmP4Z8XXs+aji2DI+VvR Rl0fV6RO9r264sytbpHNiXqH70ge+c7wP/Lg1teldn1C/5WX/e1cWjm5Y6PVfcFezaqy4vQ9Zie YOAE= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 of->file->f_cred already holds a reference count that is stable during the operation. Signed-off-by: Christian Brauner --- kernel/cgroup/cgroup.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c index 1a94e8b154beeed45d69056917f3dd9fc6d950fa..d9061bd55436b502e065b477a903ed682d722c2e 100644 --- a/kernel/cgroup/cgroup.c +++ b/kernel/cgroup/cgroup.c @@ -5216,11 +5216,11 @@ static ssize_t __cgroup_procs_write(struct kernfs_open_file *of, char *buf, * permissions using the credentials from file open to protect against * inherited fd attacks. */ - saved_cred = override_creds(get_new_cred(of->file->f_cred)); + saved_cred = override_creds(of->file->f_cred); ret = cgroup_attach_permissions(src_cgrp, dst_cgrp, of->file->f_path.dentry->d_sb, threadgroup, ctx->ns); - put_cred(revert_creds(saved_cred)); + revert_creds(saved_cred); if (ret) goto out_finish; From patchwork Mon Nov 25 14:10:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 13885002 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 709A81B21BE; Mon, 25 Nov 2024 14:11:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543880; cv=none; b=AjgLOe5aGo89YqNW2sNsAkJzRnFnPayniASzrUir20uf+mVip8F1ihj0geSUUURoizdlV/PgqtMSW78QHqVWFgUk9BO//Iqu05FyEb8xZMCDDAjOvDx/or7VpcqW2o0ij6AWWmrsamNSZgIiJ64lC6ZtDHNsAO+xWtkF2iI2TMs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543880; c=relaxed/simple; bh=QGQPjZpNC0Q49sf3UKqx2fuEWAqlGVH9NBRq1O/QCGw=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=L7HJgI7r2R42YpWfb/udhG/cbLT9AmN5uqdtjUyqMm7sykhF6Znh7debRtcaU/szRUOxRyxROELk0zSrIJ4csxgoT26LAAZ2pN7uDa3lTJ8QYLgNZF44kR7YPtj9KHY6lnexvBHR9OOjJNJf/ARGztstg+UwOCnQ+4QE8GgaJdk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=VneWMKgC; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="VneWMKgC" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 354CAC4CED3; Mon, 25 Nov 2024 14:11:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732543878; bh=QGQPjZpNC0Q49sf3UKqx2fuEWAqlGVH9NBRq1O/QCGw=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=VneWMKgCVQOm9iMZ7pp2vK5gZ7X53NCekEzKK9a1Jr4GrEKH8k8ttYhzkT4563t7Q 7ZAAqd2aG86CAHfQUoL/ssFi0jHLqRditnHxIMRCNzDYfWR05ZyNfslICT3Is9WT8f MTUEogEG1YSK//f2WMBclr79cCdoW/1q4RpwlNl+Uu/GOwaeY4jVtMjMnx5EfhWI3j TIiGsOM7Q0MLnKrCoYzt/FUrSkS8Ppl0549+7BX/lx++5hg+dbuKKyFbXctAJpsbqe VkcNayLsRqdK8K5W5DGGc2Ue4d4q1QRkppED8r2Yk9ZvHrtCiPDxX8gqg6yWNtbdJl W5DoQvJoXi4dg== From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:21 +0100 Subject: [PATCH v2 25/29] trace: avoid pointless cred reference count bump Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241125-work-cred-v2-25-68b9d38bb5b2@kernel.org> References: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> In-Reply-To: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> To: Linus Torvalds Cc: Amir Goldstein , Miklos Szeredi , Al Viro , Jens Axboe , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-355e8 X-Developer-Signature: v=1; a=openpgp-sha256; l=972; i=brauner@kernel.org; h=from:subject:message-id; bh=QGQPjZpNC0Q49sf3UKqx2fuEWAqlGVH9NBRq1O/QCGw=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaS7tHqJ33zocjrghVa0Rt4Nw6wA9xU383OOC5etbbtbM Xv/h9blHaUsDGJcDLJiiiwO7Sbhcst5KjYbZWrAzGFlAhnCwMUpABOp1WVkaLVcbnpx4c/f/6re f5i5wnmJyO2kC57TD7Arb9TbGu/5QYrhnyqzQbtb1HnOI1xhs+YHWiqtlNRLD9Quyzzy2X4Sq40 IMwA= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 The creds are allocated via prepare_creds() which has already taken a reference. Signed-off-by: Christian Brauner --- kernel/trace/trace_events_user.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c index c54ae15f425c2c1dad3f8c776027beca2f00a0a5..17bcad8f79de70a29fb58f84ce12ffb929515794 100644 --- a/kernel/trace/trace_events_user.c +++ b/kernel/trace/trace_events_user.c @@ -1469,14 +1469,14 @@ static int user_event_set_call_visible(struct user_event *user, bool visible) */ cred->fsuid = GLOBAL_ROOT_UID; - old_cred = override_creds(get_new_cred(cred)); + old_cred = override_creds(cred); if (visible) ret = trace_add_event_call(&user->call); else ret = trace_remove_event_call(&user->call); - put_cred(revert_creds(old_cred)); + revert_creds(old_cred); put_cred(cred); return ret; From patchwork Mon Nov 25 14:10:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 13885003 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A870C1B3725; Mon, 25 Nov 2024 14:11:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543880; cv=none; b=WZwrmYi/AIOOcF0HnR+nVoKCFPnrdXqKd7XQ4tKOCgVnkMow1GS4DNTKln6EKWge87oSxTm6ZaHakLhLdm+1QmSzZLyyaw1oyuXJHW5DRu5459LLXSPlJvh/XDbES0QPfAQA0it0EQpFrP2BSJ9+yfR1sf80Mxtr+OTG+06G170= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543880; c=relaxed/simple; bh=+Rz5NK6h9epgNKNwH1bCVeoUhuBFQQSQ8BdA9FLVdr0=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=LqygFpxKCxUlaJl0n1II7Ggb12geiBrms4G+n3TTzlf3OQCy/2TvJsAYCsoi6dqmc+VOr9loraIYDPFTUdLADF4P9QaeZL7G0KJ0vPCpxhn7jSmTAalH1/z1pKUCulvFB4myIJXjwCTPNlhoJLk5/F/0HKedhZOkseAv4M7xDCA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=frzXK3Nn; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="frzXK3Nn" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8D5B4C4CED2; Mon, 25 Nov 2024 14:11:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732543880; bh=+Rz5NK6h9epgNKNwH1bCVeoUhuBFQQSQ8BdA9FLVdr0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=frzXK3NnNnLBmugX3yTJ4TjKNfMMULPbCCx6nN/H2X80DrETmfN4VUDOgVIYnm68x diDrATBqyS8ANhTCD1INtLg/PpMWDsdAGqCl+xxvInbfCVmihZOmY0h+V26zUmkJhp LWBARCUGWHsnXSPiLO7i7WERPOkMMrX2XHyMhxWpNT/lX/j3JlvFFiAjfRSZf/Y1lh ppK+4u8tzskKC/Hwp+6XR3EG3IqM9/MFlf3acOH/qJu8829HRPaewo0YNY9aRbtYHD GWHHxWIu8IZDn954WZ4Wm9s4oNgeF+44y7YLGIbvF2IGCMQIcWVtCmeHKUKaV3OIFS cbtiaHjW6S/Hw== From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:22 +0100 Subject: [PATCH v2 26/29] dns_resolver: avoid pointless cred reference count bump Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241125-work-cred-v2-26-68b9d38bb5b2@kernel.org> References: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> In-Reply-To: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> To: Linus Torvalds Cc: Amir Goldstein , Miklos Szeredi , Al Viro , Jens Axboe , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-355e8 X-Developer-Signature: v=1; a=openpgp-sha256; l=1011; i=brauner@kernel.org; h=from:subject:message-id; bh=+Rz5NK6h9epgNKNwH1bCVeoUhuBFQQSQ8BdA9FLVdr0=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaS7tHrFnv5696dS4un977VWd7nuf/n+4uvfzNn8M9bkP i7aXCDj11HKwiDGxSArpsji0G4SLrecp2KzUaYGzBxWJpAhDFycAjCRB4kM/wyXzHPyP1Mtcm3T pSN7yxhLpK1SN2l3sd3TlH2pH8vxSJzhn/6qigOZhtuOLD1t9/PO/sVf3HNX+WrF1hbdM/hbHXa JkRsA X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 The dns_resolver_cache creds hold a long-term reference that is stable during the operation. Signed-off-by: Christian Brauner --- net/dns_resolver/dns_query.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c index 0b0789fe2194151102d5234aca3fc2dae9a1ed69..82b084cc1cc6349bb532d5ada555b0bcbb1cdbea 100644 --- a/net/dns_resolver/dns_query.c +++ b/net/dns_resolver/dns_query.c @@ -124,9 +124,9 @@ int dns_query(struct net *net, /* make the upcall, using special credentials to prevent the use of * add_key() to preinstall malicious redirections */ - saved_cred = override_creds(get_new_cred(dns_resolver_cache)); + saved_cred = override_creds(dns_resolver_cache); rkey = request_key_net(&key_type_dns_resolver, desc, net, options); - put_cred(revert_creds(saved_cred)); + revert_creds(saved_cred); kfree(desc); if (IS_ERR(rkey)) { ret = PTR_ERR(rkey); From patchwork Mon Nov 25 14:10:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 13885004 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C6F631B392B; Mon, 25 Nov 2024 14:11:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543882; cv=none; b=t0fLvRUNye4YwWJ68oqJOpGrBEV79hvdJkK0cm0uwdrcOhMrnDWcGNHAATtyq5XHf9sEY4ZndEkr/jHI6w//N4J3iYmqoybiKHJbDvNK5XTY9iqRTiQCrUWwvP19259Bjd76JX8HGuVR0RL2XIr0Y+x5zSJbKxjbSLBbfLRoaVM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543882; c=relaxed/simple; bh=5EYYXg0CTcaKcNVDKPWAP/w4kmhOJ/D6n9A7vR1vqfo=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=d5t3hmXfcMH4TlHCr8ikJLf/qxWz3WlPy456rkgxzxkBCD2bq8eZoq4SstvAQ5A2b4QWdXOXA3oWlx1KEQqxozLC3RG1K0JnmUZeh0mKEDMUSrFphPiuq1cqSd3MPz7ILkRIK494TXVApS32p+mMcXaaKATYUGoSkB4reMu9tE4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=XsYD5nQ5; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="XsYD5nQ5" Received: by smtp.kernel.org (Postfix) with ESMTPSA id E3026C4CECE; Mon, 25 Nov 2024 14:11:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732543882; bh=5EYYXg0CTcaKcNVDKPWAP/w4kmhOJ/D6n9A7vR1vqfo=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=XsYD5nQ5lVvAVly92Y54URgO5HAIT7UbElNo+uz70TCvTJnaXpvCmIsm10LnhXD7G I3QfxVzZ03x2SjETKQCX7+0fNMJlfHV5ymffRi4sKX5V602VbewylSoUiUNf2hrg9L C4Rye5cBxQGZPnUzL7yw5rE7lmTA5KV9NQMFpSSz2c7LJLj3c8pyXqKAUcki+CYn1o Jdm6xlitKDpS3lv1D1AUOCpRiCz4LKlQDK4s+dDORKNCDoXgqp1yfpImvTT0aHcBaj k1RHeWVDguiYMg7fzBBtTlF0wPrZ0AYOTWhN2jXIl9zTbjSeLI0ie3MOD+u68xcvdX hMD119kkFMjrQ== From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:23 +0100 Subject: [PATCH v2 27/29] cachefiles: avoid pointless cred reference count bump Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241125-work-cred-v2-27-68b9d38bb5b2@kernel.org> References: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> In-Reply-To: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> To: Linus Torvalds Cc: Amir Goldstein , Miklos Szeredi , Al Viro , Jens Axboe , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-355e8 X-Developer-Signature: v=1; a=openpgp-sha256; l=1080; i=brauner@kernel.org; h=from:subject:message-id; bh=5EYYXg0CTcaKcNVDKPWAP/w4kmhOJ/D6n9A7vR1vqfo=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaS7tHpFT4v7OPnPjrnaiq/VmApMRaKrYjLsCtm65Q+eO DVNVbm4o5SFQYyLQVZMkcWh3SRcbjlPxWajTA2YOaxMIEMYuDgFYCLzRBj+Ry2ZU/Hb60LPyldL wk9EqPo8Wyr7YpbxtUlfhHgznV+dWM7IcOXWrVRjm/atT1awN/m+rJBOT6mYWfRhgd3/u9uZ1ry Yzg0A X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 The cache holds a long-term reference to the credentials that's taken when the cache is created and put when the cache becomes unused. Signed-off-by: Christian Brauner --- fs/cachefiles/internal.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/cachefiles/internal.h b/fs/cachefiles/internal.h index 1cfeb3b3831900b7c389c55c59fc7e3b84acfca6..7b99bd98de75b8d95e09da1ca7cd1bb3378fcc62 100644 --- a/fs/cachefiles/internal.h +++ b/fs/cachefiles/internal.h @@ -393,13 +393,13 @@ extern int cachefiles_determine_cache_security(struct cachefiles_cache *cache, static inline void cachefiles_begin_secure(struct cachefiles_cache *cache, const struct cred **_saved_cred) { - *_saved_cred = override_creds(get_new_cred(cache->cache_cred)); + *_saved_cred = override_creds(cache->cache_cred); } static inline void cachefiles_end_secure(struct cachefiles_cache *cache, const struct cred *saved_cred) { - put_cred(revert_creds(saved_cred)); + revert_creds(saved_cred); } /* From patchwork Mon Nov 25 14:10:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 13885005 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4B0C81D54E3; Mon, 25 Nov 2024 14:11:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543885; cv=none; b=BBkSB+CavV9/M4K95RW7Q4wwrTSrnsrVWFlr6fwOOm/ozghvdMYIuFW2NRiNvUMipHuOr6mBkfTLfnaSXpwIlp2kmFMH8Xga6J7XOK62c2ufxTkERqhog9Z8b1EzNmNzEcubyF3z8uQviCSiN/EdeaEqDRLkX8oLvVDjyMpcQ80= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543885; c=relaxed/simple; bh=ARjWYSiY5xbhc+gDInx1b2j3Ejo4R74q3V4Z4Ao+Up4=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=VcEFcvrkwCt15S781wM1KwbkKvt/fdcP8wdcvTeP2RlLyUyIjekkVx3kwUUzxZysvezaxG/Ezv1fSLOsbnewnsJPdjKNaIJfMpb1/nIae+fpvc/uX341VecYZN3Q6lLDp5O73HlcA1kVacdJOhLNzCfcVlfz0rTfg4fvW0TrIVA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=W6g3Z7bA; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="W6g3Z7bA" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2D1D6C4CECE; Mon, 25 Nov 2024 14:11:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732543885; bh=ARjWYSiY5xbhc+gDInx1b2j3Ejo4R74q3V4Z4Ao+Up4=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=W6g3Z7bAshjUiLpnsfedyLH5juXVvHnYT4/FzcVri9y8xxzOu9aIZgMfH4TehzLD3 o8uAXGWE2+F9jby4L+nY/UOpjPPEyUOaBb+v5/PxRCPme6krMKhq6WiaT5Yo8MAujq HJq9ZNHCaIsB8L7LfNIj4Hs0ftaaqZVJovcN5h+OUIRhc74OCtW1eCXZ4Df8p0nscl e7HGU/glSZNG95UKRO8MyQssJd9KboiTgQGOdRbna28aq6FhVO1T4NVj9VRMqznGpx sJCW+CpQzCl6dfMd2sN1ssmr4fEaNS8GW/X/IaVKQNGbZFFfPrOHtLn4klkCndXb1u hdPs+ko4yEhhA== From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:24 +0100 Subject: [PATCH v2 28/29] nfsd: avoid pointless cred reference count bump Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241125-work-cred-v2-28-68b9d38bb5b2@kernel.org> References: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> In-Reply-To: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> To: Linus Torvalds Cc: Amir Goldstein , Miklos Szeredi , Al Viro , Jens Axboe , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-355e8 X-Developer-Signature: v=1; a=openpgp-sha256; l=746; i=brauner@kernel.org; h=from:subject:message-id; bh=ARjWYSiY5xbhc+gDInx1b2j3Ejo4R74q3V4Z4Ao+Up4=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaS7tHpNOJilMfEo63yX/IzC3UFfVspHHfkuKn4ufnZUS ev0z+5dHaUsDGJcDLJiiiwO7Sbhcst5KjYbZWrAzGFlAhnCwMUpABM5GsfwV+Bu6okdpzQfdzr9 7CtQnrWW9ZxfTu+EMuOpJx1ePhdc48XI8Oi9vbfZKW7u46FcMxdO5X209d7igitv11za1C1sunr jGhYA X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 The code already got rid of the extra reference count from the old version of override_creds(). Signed-off-by: Christian Brauner --- fs/nfsd/auth.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c index c399a5f030afbde6ad7bc9cf28f1e354d74db9a8..4dc327e024567107ac8b08828559c741e0bc89d6 100644 --- a/fs/nfsd/auth.c +++ b/fs/nfsd/auth.c @@ -79,8 +79,7 @@ int nfsd_setuser(struct svc_cred *cred, struct svc_export *exp) else new->cap_effective = cap_raise_nfsd_set(new->cap_effective, new->cap_permitted); - put_cred(override_creds(get_new_cred(new))); - put_cred(new); + put_cred(override_creds(new)); return 0; oom: From patchwork Mon Nov 25 14:10:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 13885006 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 59A9C1D5ADD; Mon, 25 Nov 2024 14:11:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543887; cv=none; b=c+XvYzrXs7p52ePYSGffuPnraZDKRMguFFu8hJpvCZREFMfacpM05b5vm5dp9ByyuiVhRfKT2AB3KJVZ2Lq/GgWj6rzuJei975If9ldE1aozgUTcxG6bb2PRQg0UFwb+GcHDIJSkpMedVBeKcJttjAPGDJ73Qx5+xqf4hE6Lgzc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732543887; c=relaxed/simple; bh=Z8CIq8mdbUKG4he8prOindcVT3zUf3cgGXDWEtNgmBQ=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=Fefwg0kNClZe/mopVsNwV/BpHw/Ylb8kEuHGW1/5x8KhKFqxHhi3QWTvab20jElcqFsNNxYSptWgFk6Q86M5InNCi70VQONzSNXqVhjnkG+bZd+/aCEI9fIWqoKGjMbH2oJj3mxpnoR6JzeFAd/Dege41uAWZN6jdmZmJvmtTVA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=OQMEcg97; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="OQMEcg97" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6A2DCC4CED2; Mon, 25 Nov 2024 14:11:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732543887; bh=Z8CIq8mdbUKG4he8prOindcVT3zUf3cgGXDWEtNgmBQ=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=OQMEcg974dbG/mmpFBZkWOYRO2yzypusDz383ve4yRhCMwz+MZtIqyVwteN+xx+Rf rntSMWpPZJReg7OJpGL+v+q9i6RafE6nrS7BkQLb0l4ya1H9rjwDsIFpbAOCHudNHp 3CiqJWam/wx+TVztSiOREBJ7dDBNIGOOkvC4qnkXgN533Zo2qGXJHEwt69+bdWluj/ tzdg6QuDxmrVnpODURTSBKj4HSannKOYQi3UBm4GBQTr2LwVQXZ1VGSUYRF5hlw29/ OtWxa8Vx1nN9zlPQA6m5YBdtNtDMoUwl/Z9q0Lm05rIrDTJQBcrI1k1/M7vBtL7JmI M+O//Yj67rLyQ== From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:25 +0100 Subject: [PATCH v2 29/29] cred: remove unused get_new_cred() Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20241125-work-cred-v2-29-68b9d38bb5b2@kernel.org> References: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> In-Reply-To: <20241125-work-cred-v2-0-68b9d38bb5b2@kernel.org> To: Linus Torvalds Cc: Amir Goldstein , Miklos Szeredi , Al Viro , Jens Axboe , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-355e8 X-Developer-Signature: v=1; a=openpgp-sha256; l=1869; i=brauner@kernel.org; h=from:subject:message-id; bh=Z8CIq8mdbUKG4he8prOindcVT3zUf3cgGXDWEtNgmBQ=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaS7tHrNnrXyouC3rDw2sT/fGUM6DkmXrZ233uwQc51NN c+cnuxXHaUsDGJcDLJiiiwO7Sbhcst5KjYbZWrAzGFlAhnCwMUpABN51cvI8CbpFfP1gMO7DZJ1 32a5dp/g/9b06lf3W+GpE/w0/0zb/Z6R4fzaLRcZKieLxR76vfR2lLr2ntQOQQ+WIzYqNquff6j 4zAkA X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 This helper is not used anymore so remove it. Signed-off-by: Christian Brauner --- Documentation/security/credentials.rst | 5 ----- include/linux/cred.h | 13 ------------- 2 files changed, 18 deletions(-) diff --git a/Documentation/security/credentials.rst b/Documentation/security/credentials.rst index 357328d566c803d3d7cde4536185b73a472309bb..2aa0791bcefe4c4a9de149317ffd55921f91a1be 100644 --- a/Documentation/security/credentials.rst +++ b/Documentation/security/credentials.rst @@ -527,11 +527,6 @@ There are some functions to help manage credentials: This gets a reference on a live set of credentials, returning a pointer to that set of credentials. - - ``struct cred *get_new_cred(struct cred *cred);`` - - This gets a reference on a set of credentials that is under construction - and is thus still mutable, returning a pointer to that set of credentials. - Open File Credentials ===================== diff --git a/include/linux/cred.h b/include/linux/cred.h index a7df1c759ef00a91ddf3fc448cf05dda843ea5b7..360f5fd3854bddf866abef141cb633ea95c38d73 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -200,19 +200,6 @@ static inline struct cred *get_new_cred_many(struct cred *cred, int nr) return cred; } -/** - * get_new_cred - Get a reference on a new set of credentials - * @cred: The new credentials to reference - * - * Get a reference on the specified set of new credentials. The caller must - * release the reference. - */ -static inline struct cred *get_new_cred(const struct cred *cred) -{ - struct cred *nonconst_cred = (struct cred *) cred; - return get_new_cred_many(nonconst_cred, 1); -} - /** * get_cred_many - Get references on a set of credentials * @cred: The credentials to reference