From 0a670e151a71434765de69590944e18c08ee08cf Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:09:57 +0100 Subject: [PATCH 01/30] tree-wide: s/override_creds()/override_creds_light(get_new_cred())/g Convert all callers from override_creds() to override_creds_light(get_new_cred()) in preparation of making override_creds() not take a separate reference at all. Link: https://lore.kernel.org/r/20241125-work-cred-v2-1-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- drivers/base/firmware_loader/main.c | 2 +- drivers/crypto/ccp/sev-dev.c | 2 +- drivers/target/target_core_configfs.c | 2 +- fs/aio.c | 2 +- fs/binfmt_misc.c | 2 +- fs/cachefiles/internal.h | 2 +- fs/coredump.c | 2 +- fs/nfs/localio.c | 4 ++-- fs/nfs/nfs4idmap.c | 2 +- fs/nfsd/auth.c | 2 +- fs/nfsd/nfs4recover.c | 2 +- fs/nfsd/nfsfh.c | 2 +- fs/open.c | 2 +- fs/overlayfs/copy_up.c | 2 +- fs/smb/client/cifs_spnego.c | 2 +- fs/smb/client/cifsacl.c | 4 ++-- fs/smb/server/smb_common.c | 2 +- include/linux/cred.h | 5 +++-- io_uring/io_uring.c | 2 +- io_uring/sqpoll.c | 2 +- kernel/acct.c | 2 +- kernel/cgroup/cgroup.c | 2 +- kernel/trace/trace_events_user.c | 2 +- net/dns_resolver/dns_query.c | 2 +- 24 files changed, 28 insertions(+), 27 deletions(-) diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index cb0912ea3e62..75eb6fd75927 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -911,7 +911,7 @@ _request_firmware(const struct firmware **firmware_p, const char *name, ret = -ENOMEM; goto out; } - old_cred = override_creds(kern_cred); + old_cred = override_creds_light(get_new_cred(kern_cred)); ret = fw_get_filesystem_firmware(device, fw->priv, "", NULL); diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index af018afd9cd7..2ad6e41af085 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -244,7 +244,7 @@ static struct file *open_file_as_root(const char *filename, int flags, umode_t m if (!cred) return ERR_PTR(-ENOMEM); cred->fsuid = GLOBAL_ROOT_UID; - old_cred = override_creds(cred); + old_cred = override_creds_light(get_new_cred(cred)); fp = file_open_root(&root, filename, flags, mode); path_put(&root); diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c index c40217f44b1b..be98d16b2c57 100644 --- a/drivers/target/target_core_configfs.c +++ b/drivers/target/target_core_configfs.c @@ -3756,7 +3756,7 @@ static int __init target_core_init_configfs(void) ret = -ENOMEM; goto out; } - old_cred = override_creds(kern_cred); + old_cred = override_creds_light(get_new_cred(kern_cred)); target_init_dbroot(); revert_creds(old_cred); put_cred(kern_cred); diff --git a/fs/aio.c b/fs/aio.c index 50671640b588..a52fe2e999e7 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -1639,7 +1639,7 @@ static int aio_write(struct kiocb *req, const struct iocb *iocb, static void aio_fsync_work(struct work_struct *work) { struct aio_kiocb *iocb = container_of(work, struct aio_kiocb, fsync.work); - const struct cred *old_cred = override_creds(iocb->fsync.creds); + const struct cred *old_cred = override_creds_light(get_new_cred(iocb->fsync.creds)); iocb->ki_res.res = vfs_fsync(iocb->fsync.file, iocb->fsync.datasync); revert_creds(old_cred); diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c index 6a3a16f91051..21eb501ae03d 100644 --- a/fs/binfmt_misc.c +++ b/fs/binfmt_misc.c @@ -829,7 +829,7 @@ static ssize_t bm_register_write(struct file *file, const char __user *buffer, * didn't matter much as only a privileged process could open * the register file. */ - old_cred = override_creds(file->f_cred); + old_cred = override_creds_light(get_new_cred(file->f_cred)); f = open_exec(e->interpreter); revert_creds(old_cred); if (IS_ERR(f)) { diff --git a/fs/cachefiles/internal.h b/fs/cachefiles/internal.h index 7b99bd98de75..b156cc2e0e63 100644 --- a/fs/cachefiles/internal.h +++ b/fs/cachefiles/internal.h @@ -393,7 +393,7 @@ extern int cachefiles_determine_cache_security(struct cachefiles_cache *cache, static inline void cachefiles_begin_secure(struct cachefiles_cache *cache, const struct cred **_saved_cred) { - *_saved_cred = override_creds(cache->cache_cred); + *_saved_cred = override_creds_light(get_new_cred(cache->cache_cred)); } static inline void cachefiles_end_secure(struct cachefiles_cache *cache, diff --git a/fs/coredump.c b/fs/coredump.c index d48edb37bc35..b6aae41b80d2 100644 --- a/fs/coredump.c +++ b/fs/coredump.c @@ -576,7 +576,7 @@ void do_coredump(const kernel_siginfo_t *siginfo) if (retval < 0) goto fail_creds; - old_cred = override_creds(cred); + old_cred = override_creds_light(get_new_cred(cred)); ispipe = format_corename(&cn, &cprm, &argv, &argc); diff --git a/fs/nfs/localio.c b/fs/nfs/localio.c index 4b8618cf114c..98393c2efb75 100644 --- a/fs/nfs/localio.c +++ b/fs/nfs/localio.c @@ -374,7 +374,7 @@ static void nfs_local_call_read(struct work_struct *work) struct iov_iter iter; ssize_t status; - save_cred = override_creds(filp->f_cred); + save_cred = override_creds_light(get_new_cred(filp->f_cred)); nfs_local_iter_init(&iter, iocb, READ); @@ -545,7 +545,7 @@ static void nfs_local_call_write(struct work_struct *work) ssize_t status; current->flags |= PF_LOCAL_THROTTLE | PF_MEMALLOC_NOIO; - save_cred = override_creds(filp->f_cred); + save_cred = override_creds_light(get_new_cred(filp->f_cred)); nfs_local_iter_init(&iter, iocb, WRITE); diff --git a/fs/nfs/nfs4idmap.c b/fs/nfs/nfs4idmap.c index 25a7c771cfd8..b9442f70271d 100644 --- a/fs/nfs/nfs4idmap.c +++ b/fs/nfs/nfs4idmap.c @@ -311,7 +311,7 @@ static ssize_t nfs_idmap_get_key(const char *name, size_t namelen, const struct user_key_payload *payload; ssize_t ret; - saved_cred = override_creds(id_resolver_cache); + saved_cred = override_creds_light(get_new_cred(id_resolver_cache)); rkey = nfs_idmap_request_key(name, namelen, type, idmap); revert_creds(saved_cred); diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c index 93e33d1ee891..614a5ec4824b 100644 --- a/fs/nfsd/auth.c +++ b/fs/nfsd/auth.c @@ -79,7 +79,7 @@ int nfsd_setuser(struct svc_cred *cred, struct svc_export *exp) else new->cap_effective = cap_raise_nfsd_set(new->cap_effective, new->cap_permitted); - put_cred(override_creds(new)); + put_cred(override_creds_light(get_new_cred(new))); put_cred(new); return 0; diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c index 4a765555bf84..886d03953d7a 100644 --- a/fs/nfsd/nfs4recover.c +++ b/fs/nfsd/nfs4recover.c @@ -81,7 +81,7 @@ nfs4_save_creds(const struct cred **original_creds) new->fsuid = GLOBAL_ROOT_UID; new->fsgid = GLOBAL_ROOT_GID; - *original_creds = override_creds(new); + *original_creds = override_creds_light(get_new_cred(new)); put_cred(new); return 0; } diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c index 6a831cb242df..4819364190d3 100644 --- a/fs/nfsd/nfsfh.c +++ b/fs/nfsd/nfsfh.c @@ -221,7 +221,7 @@ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct net *net, new->cap_effective = cap_raise_nfsd_set(new->cap_effective, new->cap_permitted); - put_cred(override_creds(new)); + put_cred(override_creds_light(get_new_cred(new))); put_cred(new); } else { error = nfsd_setuser_and_check_port(rqstp, cred, exp); diff --git a/fs/open.c b/fs/open.c index e6911101fe71..2459cd061f47 100644 --- a/fs/open.c +++ b/fs/open.c @@ -448,7 +448,7 @@ static const struct cred *access_override_creds(void) */ override_cred->non_rcu = 1; - old_cred = override_creds(override_cred); + old_cred = override_creds_light(get_new_cred(override_cred)); /* override_cred() gets its own ref */ put_cred(override_cred); diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index 3601ddfeddc2..527b041213c8 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -741,7 +741,7 @@ static int ovl_prep_cu_creds(struct dentry *dentry, struct ovl_cu_creds *cc) return err; if (cc->new) - cc->old = override_creds(cc->new); + cc->old = override_creds_light(get_new_cred(cc->new)); return 0; } diff --git a/fs/smb/client/cifs_spnego.c b/fs/smb/client/cifs_spnego.c index 28f568b5fc27..721d8b1254b6 100644 --- a/fs/smb/client/cifs_spnego.c +++ b/fs/smb/client/cifs_spnego.c @@ -173,7 +173,7 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo, } cifs_dbg(FYI, "key description = %s\n", description); - saved_cred = override_creds(spnego_cred); + saved_cred = override_creds_light(get_new_cred(spnego_cred)); spnego_key = request_key(&cifs_spnego_key_type, description, ""); revert_creds(saved_cred); diff --git a/fs/smb/client/cifsacl.c b/fs/smb/client/cifsacl.c index ba79aa2107cc..b1ea4ea3de4b 100644 --- a/fs/smb/client/cifsacl.c +++ b/fs/smb/client/cifsacl.c @@ -292,7 +292,7 @@ id_to_sid(unsigned int cid, uint sidtype, struct smb_sid *ssid) return -EINVAL; rc = 0; - saved_cred = override_creds(root_cred); + saved_cred = override_creds_light(get_new_cred(root_cred)); sidkey = request_key(&cifs_idmap_key_type, desc, ""); if (IS_ERR(sidkey)) { rc = -EINVAL; @@ -398,7 +398,7 @@ try_upcall_to_get_id: if (!sidstr) return -ENOMEM; - saved_cred = override_creds(root_cred); + saved_cred = override_creds_light(get_new_cred(root_cred)); sidkey = request_key(&cifs_idmap_key_type, sidstr, ""); if (IS_ERR(sidkey)) { cifs_dbg(FYI, "%s: Can't map SID %s to a %cid\n", diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c index 4e6f169fcf83..5662f2651b8e 100644 --- a/fs/smb/server/smb_common.c +++ b/fs/smb/server/smb_common.c @@ -780,7 +780,7 @@ int __ksmbd_override_fsids(struct ksmbd_work *work, cred->cap_effective = cap_drop_fs_set(cred->cap_effective); WARN_ON(work->saved_cred); - work->saved_cred = override_creds(cred); + work->saved_cred = override_creds_light(get_new_cred(cred)); if (!work->saved_cred) { abort_creds(cred); return -EINVAL; diff --git a/include/linux/cred.h b/include/linux/cred.h index e4a3155fe409..b0bc1fea9ca0 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -211,9 +211,10 @@ static inline struct cred *get_new_cred_many(struct cred *cred, int nr) * Get a reference on the specified set of new credentials. The caller must * release the reference. */ -static inline struct cred *get_new_cred(struct cred *cred) +static inline struct cred *get_new_cred(const struct cred *cred) { - return get_new_cred_many(cred, 1); + struct cred *nonconst_cred = (struct cred *) cred; + return get_new_cred_many(nonconst_cred, 1); } /** diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index 06ff41484e29..0b25ddea943e 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -1728,7 +1728,7 @@ static int io_issue_sqe(struct io_kiocb *req, unsigned int issue_flags) return -EBADF; if (unlikely((req->flags & REQ_F_CREDS) && req->creds != current_cred())) - creds = override_creds(req->creds); + creds = override_creds_light(get_new_cred(req->creds)); if (!def->audit_skip) audit_uring_entry(req->opcode); diff --git a/io_uring/sqpoll.c b/io_uring/sqpoll.c index 6df5e649c413..58a76d581895 100644 --- a/io_uring/sqpoll.c +++ b/io_uring/sqpoll.c @@ -174,7 +174,7 @@ static int __io_sq_thread(struct io_ring_ctx *ctx, bool cap_entries) const struct cred *creds = NULL; if (ctx->sq_creds != current_cred()) - creds = override_creds(ctx->sq_creds); + creds = override_creds_light(get_new_cred(ctx->sq_creds)); mutex_lock(&ctx->uring_lock); if (!wq_list_empty(&ctx->iopoll_list)) diff --git a/kernel/acct.c b/kernel/acct.c index 179848ad33e9..8f18eb02dd41 100644 --- a/kernel/acct.c +++ b/kernel/acct.c @@ -501,7 +501,7 @@ static void do_acct_process(struct bsd_acct_struct *acct) flim = rlimit(RLIMIT_FSIZE); current->signal->rlim[RLIMIT_FSIZE].rlim_cur = RLIM_INFINITY; /* Perform file operations on behalf of whoever enabled accounting */ - orig_cred = override_creds(file->f_cred); + orig_cred = override_creds_light(get_new_cred(file->f_cred)); /* * First check to see if there is enough free_space to continue diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c index d9061bd55436..97329b4fe502 100644 --- a/kernel/cgroup/cgroup.c +++ b/kernel/cgroup/cgroup.c @@ -5216,7 +5216,7 @@ static ssize_t __cgroup_procs_write(struct kernfs_open_file *of, char *buf, * permissions using the credentials from file open to protect against * inherited fd attacks. */ - saved_cred = override_creds(of->file->f_cred); + saved_cred = override_creds_light(get_new_cred(of->file->f_cred)); ret = cgroup_attach_permissions(src_cgrp, dst_cgrp, of->file->f_path.dentry->d_sb, threadgroup, ctx->ns); diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c index 17bcad8f79de..4dd7c45d227e 100644 --- a/kernel/trace/trace_events_user.c +++ b/kernel/trace/trace_events_user.c @@ -1469,7 +1469,7 @@ static int user_event_set_call_visible(struct user_event *user, bool visible) */ cred->fsuid = GLOBAL_ROOT_UID; - old_cred = override_creds(cred); + old_cred = override_creds_light(get_new_cred(cred)); if (visible) ret = trace_add_event_call(&user->call); diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c index 82b084cc1cc6..a54f5f841cea 100644 --- a/net/dns_resolver/dns_query.c +++ b/net/dns_resolver/dns_query.c @@ -124,7 +124,7 @@ int dns_query(struct net *net, /* make the upcall, using special credentials to prevent the use of * add_key() to preinstall malicious redirections */ - saved_cred = override_creds(dns_resolver_cache); + saved_cred = override_creds_light(get_new_cred(dns_resolver_cache)); rkey = request_key_net(&key_type_dns_resolver, desc, net, options); revert_creds(saved_cred); kfree(desc); From 95c54bc81791c210b131f2b1013942487e74896f Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:09:58 +0100 Subject: [PATCH 02/30] cred: return old creds from revert_creds_light() So we can easily convert revert_creds() callers over to drop the reference count explicitly. Link: https://lore.kernel.org/r/20241125-work-cred-v2-2-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- include/linux/cred.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/include/linux/cred.h b/include/linux/cred.h index b0bc1fea9ca0..57cf0256ea29 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -185,9 +185,12 @@ static inline const struct cred *override_creds_light(const struct cred *overrid return old; } -static inline void revert_creds_light(const struct cred *revert_cred) +static inline const struct cred *revert_creds_light(const struct cred *revert_cred) { + const struct cred *override_cred = current->cred; + rcu_assign_pointer(current->cred, revert_cred); + return override_cred; } /** From f905e00904cc5899c89897b93bebfcf6656f608e Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:09:59 +0100 Subject: [PATCH 03/30] tree-wide: s/revert_creds()/put_cred(revert_creds_light())/g Convert all calls to revert_creds() over to explicitly dropping reference counts in preparation for converting revert_creds() to revert_creds_light() semantics. Link: https://lore.kernel.org/r/20241125-work-cred-v2-3-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- drivers/base/firmware_loader/main.c | 2 +- drivers/crypto/ccp/sev-dev.c | 2 +- drivers/target/target_core_configfs.c | 2 +- fs/aio.c | 2 +- fs/binfmt_misc.c | 2 +- fs/cachefiles/internal.h | 2 +- fs/coredump.c | 2 +- fs/nfs/localio.c | 4 ++-- fs/nfs/nfs4idmap.c | 2 +- fs/nfsd/auth.c | 2 +- fs/nfsd/filecache.c | 2 +- fs/nfsd/nfs4recover.c | 2 +- fs/open.c | 2 +- fs/overlayfs/copy_up.c | 2 +- fs/smb/client/cifs_spnego.c | 2 +- fs/smb/client/cifsacl.c | 4 ++-- fs/smb/server/smb_common.c | 2 +- io_uring/io_uring.c | 2 +- io_uring/sqpoll.c | 2 +- kernel/acct.c | 2 +- kernel/cgroup/cgroup.c | 2 +- kernel/trace/trace_events_user.c | 2 +- net/dns_resolver/dns_query.c | 2 +- 23 files changed, 25 insertions(+), 25 deletions(-) diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index 75eb6fd75927..b5677e173f91 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -943,7 +943,7 @@ _request_firmware(const struct firmware **firmware_p, const char *name, } else ret = assign_fw(fw, device); - revert_creds(old_cred); + put_cred(revert_creds_light(old_cred)); put_cred(kern_cred); out: diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 2ad6e41af085..9111a51d53e0 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -249,7 +249,7 @@ static struct file *open_file_as_root(const char *filename, int flags, umode_t m fp = file_open_root(&root, filename, flags, mode); path_put(&root); - revert_creds(old_cred); + put_cred(revert_creds_light(old_cred)); return fp; } diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c index be98d16b2c57..564bc71d2d09 100644 --- a/drivers/target/target_core_configfs.c +++ b/drivers/target/target_core_configfs.c @@ -3758,7 +3758,7 @@ static int __init target_core_init_configfs(void) } old_cred = override_creds_light(get_new_cred(kern_cred)); target_init_dbroot(); - revert_creds(old_cred); + put_cred(revert_creds_light(old_cred)); put_cred(kern_cred); return 0; diff --git a/fs/aio.c b/fs/aio.c index a52fe2e999e7..6b987c48b671 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -1642,7 +1642,7 @@ static void aio_fsync_work(struct work_struct *work) const struct cred *old_cred = override_creds_light(get_new_cred(iocb->fsync.creds)); iocb->ki_res.res = vfs_fsync(iocb->fsync.file, iocb->fsync.datasync); - revert_creds(old_cred); + put_cred(revert_creds_light(old_cred)); put_cred(iocb->fsync.creds); iocb_put(iocb); } diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c index 21eb501ae03d..586862ca8738 100644 --- a/fs/binfmt_misc.c +++ b/fs/binfmt_misc.c @@ -831,7 +831,7 @@ static ssize_t bm_register_write(struct file *file, const char __user *buffer, */ old_cred = override_creds_light(get_new_cred(file->f_cred)); f = open_exec(e->interpreter); - revert_creds(old_cred); + put_cred(revert_creds_light(old_cred)); if (IS_ERR(f)) { pr_notice("register: failed to install interpreter file %s\n", e->interpreter); diff --git a/fs/cachefiles/internal.h b/fs/cachefiles/internal.h index b156cc2e0e63..809305dd5317 100644 --- a/fs/cachefiles/internal.h +++ b/fs/cachefiles/internal.h @@ -399,7 +399,7 @@ static inline void cachefiles_begin_secure(struct cachefiles_cache *cache, static inline void cachefiles_end_secure(struct cachefiles_cache *cache, const struct cred *saved_cred) { - revert_creds(saved_cred); + put_cred(revert_creds_light(saved_cred)); } /* diff --git a/fs/coredump.c b/fs/coredump.c index b6aae41b80d2..ff119aaa5c31 100644 --- a/fs/coredump.c +++ b/fs/coredump.c @@ -781,7 +781,7 @@ fail_unlock: kfree(argv); kfree(cn.corename); coredump_finish(core_dumped); - revert_creds(old_cred); + put_cred(revert_creds_light(old_cred)); fail_creds: put_cred(cred); fail: diff --git a/fs/nfs/localio.c b/fs/nfs/localio.c index 98393c2efb75..deca5559a56b 100644 --- a/fs/nfs/localio.c +++ b/fs/nfs/localio.c @@ -384,7 +384,7 @@ static void nfs_local_call_read(struct work_struct *work) nfs_local_read_done(iocb, status); nfs_local_pgio_release(iocb); - revert_creds(save_cred); + put_cred(revert_creds_light(save_cred)); } static int @@ -558,7 +558,7 @@ static void nfs_local_call_write(struct work_struct *work) nfs_local_vfs_getattr(iocb); nfs_local_pgio_release(iocb); - revert_creds(save_cred); + put_cred(revert_creds_light(save_cred)); current->flags = old_flags; } diff --git a/fs/nfs/nfs4idmap.c b/fs/nfs/nfs4idmap.c index b9442f70271d..629979b20e98 100644 --- a/fs/nfs/nfs4idmap.c +++ b/fs/nfs/nfs4idmap.c @@ -313,7 +313,7 @@ static ssize_t nfs_idmap_get_key(const char *name, size_t namelen, saved_cred = override_creds_light(get_new_cred(id_resolver_cache)); rkey = nfs_idmap_request_key(name, namelen, type, idmap); - revert_creds(saved_cred); + put_cred(revert_creds_light(saved_cred)); if (IS_ERR(rkey)) { ret = PTR_ERR(rkey); diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c index 614a5ec4824b..dda14811d092 100644 --- a/fs/nfsd/auth.c +++ b/fs/nfsd/auth.c @@ -27,7 +27,7 @@ int nfsd_setuser(struct svc_cred *cred, struct svc_export *exp) int flags = nfsexp_flags(cred, exp); /* discard any old override before preparing the new set */ - revert_creds(get_cred(current_real_cred())); + put_cred(revert_creds_light(get_cred(current_real_cred()))); new = prepare_creds(); if (!new) return -ENOMEM; diff --git a/fs/nfsd/filecache.c b/fs/nfsd/filecache.c index a1cdba42c4fa..c05cd2ae8139 100644 --- a/fs/nfsd/filecache.c +++ b/fs/nfsd/filecache.c @@ -1248,7 +1248,7 @@ nfsd_file_acquire_local(struct net *net, struct svc_cred *cred, beres = nfsd_file_do_acquire(NULL, net, cred, client, fhp, may_flags, NULL, pnf, true); - revert_creds(save_cred); + put_cred(revert_creds_light(save_cred)); return beres; } diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c index 886d03953d7a..bf166a23d8b4 100644 --- a/fs/nfsd/nfs4recover.c +++ b/fs/nfsd/nfs4recover.c @@ -89,7 +89,7 @@ nfs4_save_creds(const struct cred **original_creds) static void nfs4_reset_creds(const struct cred *original) { - revert_creds(original); + put_cred(revert_creds_light(original)); } static void diff --git a/fs/open.c b/fs/open.c index 2459cd061f47..23c414c10883 100644 --- a/fs/open.c +++ b/fs/open.c @@ -523,7 +523,7 @@ out_path_release: } out: if (old_cred) - revert_creds(old_cred); + put_cred(revert_creds_light(old_cred)); return res; } diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index 527b041213c8..0f19bdbc78a4 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -749,7 +749,7 @@ static int ovl_prep_cu_creds(struct dentry *dentry, struct ovl_cu_creds *cc) static void ovl_revert_cu_creds(struct ovl_cu_creds *cc) { if (cc->new) { - revert_creds(cc->old); + put_cred(revert_creds_light(cc->old)); put_cred(cc->new); } } diff --git a/fs/smb/client/cifs_spnego.c b/fs/smb/client/cifs_spnego.c index 721d8b1254b6..f2353bccc9f5 100644 --- a/fs/smb/client/cifs_spnego.c +++ b/fs/smb/client/cifs_spnego.c @@ -175,7 +175,7 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo, cifs_dbg(FYI, "key description = %s\n", description); saved_cred = override_creds_light(get_new_cred(spnego_cred)); spnego_key = request_key(&cifs_spnego_key_type, description, ""); - revert_creds(saved_cred); + put_cred(revert_creds_light(saved_cred)); #ifdef CONFIG_CIFS_DEBUG2 if (cifsFYI && !IS_ERR(spnego_key)) { diff --git a/fs/smb/client/cifsacl.c b/fs/smb/client/cifsacl.c index b1ea4ea3de4b..81d8d9802a56 100644 --- a/fs/smb/client/cifsacl.c +++ b/fs/smb/client/cifsacl.c @@ -327,7 +327,7 @@ id_to_sid(unsigned int cid, uint sidtype, struct smb_sid *ssid) out_key_put: key_put(sidkey); out_revert_creds: - revert_creds(saved_cred); + put_cred(revert_creds_light(saved_cred)); return rc; invalidate_key: @@ -438,7 +438,7 @@ try_upcall_to_get_id: out_key_put: key_put(sidkey); out_revert_creds: - revert_creds(saved_cred); + put_cred(revert_creds_light(saved_cred)); kfree(sidstr); /* diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c index 5662f2651b8e..1bd9b9c9db70 100644 --- a/fs/smb/server/smb_common.c +++ b/fs/smb/server/smb_common.c @@ -800,7 +800,7 @@ void ksmbd_revert_fsids(struct ksmbd_work *work) WARN_ON(!work->saved_cred); cred = current_cred(); - revert_creds(work->saved_cred); + put_cred(revert_creds_light(work->saved_cred)); put_cred(cred); work->saved_cred = NULL; } diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index 0b25ddea943e..66b5bd9d26ab 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -1739,7 +1739,7 @@ static int io_issue_sqe(struct io_kiocb *req, unsigned int issue_flags) audit_uring_exit(!ret, ret); if (creds) - revert_creds(creds); + put_cred(revert_creds_light(creds)); if (ret == IOU_OK) { if (issue_flags & IO_URING_F_COMPLETE_DEFER) diff --git a/io_uring/sqpoll.c b/io_uring/sqpoll.c index 58a76d581895..42ca6e07e0f7 100644 --- a/io_uring/sqpoll.c +++ b/io_uring/sqpoll.c @@ -192,7 +192,7 @@ static int __io_sq_thread(struct io_ring_ctx *ctx, bool cap_entries) if (to_submit && wq_has_sleeper(&ctx->sqo_sq_wait)) wake_up(&ctx->sqo_sq_wait); if (creds) - revert_creds(creds); + put_cred(revert_creds_light(creds)); } return ret; diff --git a/kernel/acct.c b/kernel/acct.c index 8f18eb02dd41..4e28aa9e1ef2 100644 --- a/kernel/acct.c +++ b/kernel/acct.c @@ -541,7 +541,7 @@ static void do_acct_process(struct bsd_acct_struct *acct) } out: current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim; - revert_creds(orig_cred); + put_cred(revert_creds_light(orig_cred)); } /** diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c index 97329b4fe502..68b816955c9c 100644 --- a/kernel/cgroup/cgroup.c +++ b/kernel/cgroup/cgroup.c @@ -5220,7 +5220,7 @@ static ssize_t __cgroup_procs_write(struct kernfs_open_file *of, char *buf, ret = cgroup_attach_permissions(src_cgrp, dst_cgrp, of->file->f_path.dentry->d_sb, threadgroup, ctx->ns); - revert_creds(saved_cred); + put_cred(revert_creds_light(saved_cred)); if (ret) goto out_finish; diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c index 4dd7c45d227e..2fdadb2e8547 100644 --- a/kernel/trace/trace_events_user.c +++ b/kernel/trace/trace_events_user.c @@ -1476,7 +1476,7 @@ static int user_event_set_call_visible(struct user_event *user, bool visible) else ret = trace_remove_event_call(&user->call); - revert_creds(old_cred); + put_cred(revert_creds_light(old_cred)); put_cred(cred); return ret; diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c index a54f5f841cea..297059b7e2a3 100644 --- a/net/dns_resolver/dns_query.c +++ b/net/dns_resolver/dns_query.c @@ -126,7 +126,7 @@ int dns_query(struct net *net, */ saved_cred = override_creds_light(get_new_cred(dns_resolver_cache)); rkey = request_key_net(&key_type_dns_resolver, desc, net, options); - revert_creds(saved_cred); + put_cred(revert_creds_light(saved_cred)); kfree(desc); if (IS_ERR(rkey)) { ret = PTR_ERR(rkey); From a51a1d6bcaa345cc88e738cad468083c4e13aa3b Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:00 +0100 Subject: [PATCH 04/30] cred: remove old {override,revert}_creds() helpers They are now unused. Link: https://lore.kernel.org/r/20241125-work-cred-v2-4-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- include/linux/cred.h | 7 ------- kernel/cred.c | 50 -------------------------------------------- 2 files changed, 57 deletions(-) diff --git a/include/linux/cred.h b/include/linux/cred.h index 57cf0256ea29..80dcc18ef6e4 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -155,8 +155,6 @@ extern struct cred *prepare_creds(void); extern struct cred *prepare_exec_creds(void); extern int commit_creds(struct cred *); extern void abort_creds(struct cred *); -extern const struct cred *override_creds(const struct cred *); -extern void revert_creds(const struct cred *); extern struct cred *prepare_kernel_cred(struct task_struct *); extern int set_security_override(struct cred *, u32); extern int set_security_override_from_ctx(struct cred *, const char *); @@ -172,11 +170,6 @@ static inline bool cap_ambient_invariant_ok(const struct cred *cred) cred->cap_inheritable)); } -/* - * Override creds without bumping reference count. Caller must ensure - * reference remains valid or has taken reference. Almost always not the - * interface you want. Use override_creds()/revert_creds() instead. - */ static inline const struct cred *override_creds_light(const struct cred *override_cred) { const struct cred *old = current->cred; diff --git a/kernel/cred.c b/kernel/cred.c index da7da250f7c8..9676965c0981 100644 --- a/kernel/cred.c +++ b/kernel/cred.c @@ -476,56 +476,6 @@ void abort_creds(struct cred *new) } EXPORT_SYMBOL(abort_creds); -/** - * override_creds - Override the current process's subjective credentials - * @new: The credentials to be assigned - * - * Install a set of temporary override subjective credentials on the current - * process, returning the old set for later reversion. - */ -const struct cred *override_creds(const struct cred *new) -{ - const struct cred *old; - - kdebug("override_creds(%p{%ld})", new, - atomic_long_read(&new->usage)); - - /* - * NOTE! This uses 'get_new_cred()' rather than 'get_cred()'. - * - * That means that we do not clear the 'non_rcu' flag, since - * we are only installing the cred into the thread-synchronous - * '->cred' pointer, not the '->real_cred' pointer that is - * visible to other threads under RCU. - */ - get_new_cred((struct cred *)new); - old = override_creds_light(new); - - kdebug("override_creds() = %p{%ld}", old, - atomic_long_read(&old->usage)); - return old; -} -EXPORT_SYMBOL(override_creds); - -/** - * revert_creds - Revert a temporary subjective credentials override - * @old: The credentials to be restored - * - * Revert a temporary set of override subjective credentials to an old set, - * discarding the override set. - */ -void revert_creds(const struct cred *old) -{ - const struct cred *override = current->cred; - - kdebug("revert_creds(%p{%ld})", old, - atomic_long_read(&old->usage)); - - revert_creds_light(old); - put_cred(override); -} -EXPORT_SYMBOL(revert_creds); - /** * cred_fscmp - Compare two credentials with respect to filesystem access. * @a: The first credential From 6771e004b40962402d0e973fc7d2e0e61364fdfb Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:01 +0100 Subject: [PATCH 05/30] tree-wide: s/override_creds_light()/override_creds()/g Rename all calls to override_creds_light() back to overrid_creds(). Link: https://lore.kernel.org/r/20241125-work-cred-v2-5-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- drivers/base/firmware_loader/main.c | 2 +- drivers/crypto/ccp/sev-dev.c | 2 +- drivers/target/target_core_configfs.c | 2 +- fs/aio.c | 2 +- fs/backing-file.c | 10 +++++----- fs/binfmt_misc.c | 2 +- fs/cachefiles/internal.h | 2 +- fs/coredump.c | 2 +- fs/nfs/localio.c | 4 ++-- fs/nfs/nfs4idmap.c | 2 +- fs/nfsd/auth.c | 2 +- fs/nfsd/nfs4recover.c | 2 +- fs/nfsd/nfsfh.c | 2 +- fs/open.c | 2 +- fs/overlayfs/copy_up.c | 2 +- fs/overlayfs/dir.c | 2 +- fs/overlayfs/util.c | 2 +- fs/smb/client/cifs_spnego.c | 2 +- fs/smb/client/cifsacl.c | 4 ++-- fs/smb/server/smb_common.c | 2 +- include/linux/cred.h | 2 +- io_uring/io_uring.c | 2 +- io_uring/sqpoll.c | 2 +- kernel/acct.c | 2 +- kernel/cgroup/cgroup.c | 2 +- kernel/trace/trace_events_user.c | 2 +- net/dns_resolver/dns_query.c | 2 +- 27 files changed, 33 insertions(+), 33 deletions(-) diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index b5677e173f91..294c75025dcb 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -911,7 +911,7 @@ _request_firmware(const struct firmware **firmware_p, const char *name, ret = -ENOMEM; goto out; } - old_cred = override_creds_light(get_new_cred(kern_cred)); + old_cred = override_creds(get_new_cred(kern_cred)); ret = fw_get_filesystem_firmware(device, fw->priv, "", NULL); diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 9111a51d53e0..ffae20fd52bc 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -244,7 +244,7 @@ static struct file *open_file_as_root(const char *filename, int flags, umode_t m if (!cred) return ERR_PTR(-ENOMEM); cred->fsuid = GLOBAL_ROOT_UID; - old_cred = override_creds_light(get_new_cred(cred)); + old_cred = override_creds(get_new_cred(cred)); fp = file_open_root(&root, filename, flags, mode); path_put(&root); diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c index 564bc71d2d09..7788e1fe2633 100644 --- a/drivers/target/target_core_configfs.c +++ b/drivers/target/target_core_configfs.c @@ -3756,7 +3756,7 @@ static int __init target_core_init_configfs(void) ret = -ENOMEM; goto out; } - old_cred = override_creds_light(get_new_cred(kern_cred)); + old_cred = override_creds(get_new_cred(kern_cred)); target_init_dbroot(); put_cred(revert_creds_light(old_cred)); put_cred(kern_cred); diff --git a/fs/aio.c b/fs/aio.c index 6b987c48b671..7e0ec687f480 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -1639,7 +1639,7 @@ static int aio_write(struct kiocb *req, const struct iocb *iocb, static void aio_fsync_work(struct work_struct *work) { struct aio_kiocb *iocb = container_of(work, struct aio_kiocb, fsync.work); - const struct cred *old_cred = override_creds_light(get_new_cred(iocb->fsync.creds)); + const struct cred *old_cred = override_creds(get_new_cred(iocb->fsync.creds)); iocb->ki_res.res = vfs_fsync(iocb->fsync.file, iocb->fsync.datasync); put_cred(revert_creds_light(old_cred)); diff --git a/fs/backing-file.c b/fs/backing-file.c index cbdad8b68474..37c5a66e5dad 100644 --- a/fs/backing-file.c +++ b/fs/backing-file.c @@ -176,7 +176,7 @@ ssize_t backing_file_read_iter(struct file *file, struct iov_iter *iter, !(file->f_mode & FMODE_CAN_ODIRECT)) return -EINVAL; - old_cred = override_creds_light(ctx->cred); + old_cred = override_creds(ctx->cred); if (is_sync_kiocb(iocb)) { rwf_t rwf = iocb_to_rw_flags(flags); @@ -233,7 +233,7 @@ ssize_t backing_file_write_iter(struct file *file, struct iov_iter *iter, */ flags &= ~IOCB_DIO_CALLER_COMP; - old_cred = override_creds_light(ctx->cred); + old_cred = override_creds(ctx->cred); if (is_sync_kiocb(iocb)) { rwf_t rwf = iocb_to_rw_flags(flags); @@ -281,7 +281,7 @@ ssize_t backing_file_splice_read(struct file *in, struct kiocb *iocb, if (WARN_ON_ONCE(!(in->f_mode & FMODE_BACKING))) return -EIO; - old_cred = override_creds_light(ctx->cred); + old_cred = override_creds(ctx->cred); ret = vfs_splice_read(in, &iocb->ki_pos, pipe, len, flags); revert_creds_light(old_cred); @@ -310,7 +310,7 @@ ssize_t backing_file_splice_write(struct pipe_inode_info *pipe, if (ret) return ret; - old_cred = override_creds_light(ctx->cred); + old_cred = override_creds(ctx->cred); file_start_write(out); ret = out->f_op->splice_write(pipe, out, &iocb->ki_pos, len, flags); file_end_write(out); @@ -338,7 +338,7 @@ int backing_file_mmap(struct file *file, struct vm_area_struct *vma, vma_set_file(vma, file); - old_cred = override_creds_light(ctx->cred); + old_cred = override_creds(ctx->cred); ret = call_mmap(vma->vm_file, vma); revert_creds_light(old_cred); diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c index 586862ca8738..5756ec49f79e 100644 --- a/fs/binfmt_misc.c +++ b/fs/binfmt_misc.c @@ -829,7 +829,7 @@ static ssize_t bm_register_write(struct file *file, const char __user *buffer, * didn't matter much as only a privileged process could open * the register file. */ - old_cred = override_creds_light(get_new_cred(file->f_cred)); + old_cred = override_creds(get_new_cred(file->f_cred)); f = open_exec(e->interpreter); put_cred(revert_creds_light(old_cred)); if (IS_ERR(f)) { diff --git a/fs/cachefiles/internal.h b/fs/cachefiles/internal.h index 809305dd5317..05b1d4cfb55a 100644 --- a/fs/cachefiles/internal.h +++ b/fs/cachefiles/internal.h @@ -393,7 +393,7 @@ extern int cachefiles_determine_cache_security(struct cachefiles_cache *cache, static inline void cachefiles_begin_secure(struct cachefiles_cache *cache, const struct cred **_saved_cred) { - *_saved_cred = override_creds_light(get_new_cred(cache->cache_cred)); + *_saved_cred = override_creds(get_new_cred(cache->cache_cred)); } static inline void cachefiles_end_secure(struct cachefiles_cache *cache, diff --git a/fs/coredump.c b/fs/coredump.c index ff119aaa5c31..4eae37892da5 100644 --- a/fs/coredump.c +++ b/fs/coredump.c @@ -576,7 +576,7 @@ void do_coredump(const kernel_siginfo_t *siginfo) if (retval < 0) goto fail_creds; - old_cred = override_creds_light(get_new_cred(cred)); + old_cred = override_creds(get_new_cred(cred)); ispipe = format_corename(&cn, &cprm, &argv, &argc); diff --git a/fs/nfs/localio.c b/fs/nfs/localio.c index deca5559a56b..682d951ed69a 100644 --- a/fs/nfs/localio.c +++ b/fs/nfs/localio.c @@ -374,7 +374,7 @@ static void nfs_local_call_read(struct work_struct *work) struct iov_iter iter; ssize_t status; - save_cred = override_creds_light(get_new_cred(filp->f_cred)); + save_cred = override_creds(get_new_cred(filp->f_cred)); nfs_local_iter_init(&iter, iocb, READ); @@ -545,7 +545,7 @@ static void nfs_local_call_write(struct work_struct *work) ssize_t status; current->flags |= PF_LOCAL_THROTTLE | PF_MEMALLOC_NOIO; - save_cred = override_creds_light(get_new_cred(filp->f_cred)); + save_cred = override_creds(get_new_cred(filp->f_cred)); nfs_local_iter_init(&iter, iocb, WRITE); diff --git a/fs/nfs/nfs4idmap.c b/fs/nfs/nfs4idmap.c index 629979b20e98..3cae4057f8ba 100644 --- a/fs/nfs/nfs4idmap.c +++ b/fs/nfs/nfs4idmap.c @@ -311,7 +311,7 @@ static ssize_t nfs_idmap_get_key(const char *name, size_t namelen, const struct user_key_payload *payload; ssize_t ret; - saved_cred = override_creds_light(get_new_cred(id_resolver_cache)); + saved_cred = override_creds(get_new_cred(id_resolver_cache)); rkey = nfs_idmap_request_key(name, namelen, type, idmap); put_cred(revert_creds_light(saved_cred)); diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c index dda14811d092..dafea9183b4e 100644 --- a/fs/nfsd/auth.c +++ b/fs/nfsd/auth.c @@ -79,7 +79,7 @@ int nfsd_setuser(struct svc_cred *cred, struct svc_export *exp) else new->cap_effective = cap_raise_nfsd_set(new->cap_effective, new->cap_permitted); - put_cred(override_creds_light(get_new_cred(new))); + put_cred(override_creds(get_new_cred(new))); put_cred(new); return 0; diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c index bf166a23d8b4..0ab22b4e940f 100644 --- a/fs/nfsd/nfs4recover.c +++ b/fs/nfsd/nfs4recover.c @@ -81,7 +81,7 @@ nfs4_save_creds(const struct cred **original_creds) new->fsuid = GLOBAL_ROOT_UID; new->fsgid = GLOBAL_ROOT_GID; - *original_creds = override_creds_light(get_new_cred(new)); + *original_creds = override_creds(get_new_cred(new)); put_cred(new); return 0; } diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c index 4819364190d3..1cf52f3d5412 100644 --- a/fs/nfsd/nfsfh.c +++ b/fs/nfsd/nfsfh.c @@ -221,7 +221,7 @@ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct net *net, new->cap_effective = cap_raise_nfsd_set(new->cap_effective, new->cap_permitted); - put_cred(override_creds_light(get_new_cred(new))); + put_cred(override_creds(get_new_cred(new))); put_cred(new); } else { error = nfsd_setuser_and_check_port(rqstp, cred, exp); diff --git a/fs/open.c b/fs/open.c index 23c414c10883..bd0a34653f0e 100644 --- a/fs/open.c +++ b/fs/open.c @@ -448,7 +448,7 @@ static const struct cred *access_override_creds(void) */ override_cred->non_rcu = 1; - old_cred = override_creds_light(get_new_cred(override_cred)); + old_cred = override_creds(get_new_cred(override_cred)); /* override_cred() gets its own ref */ put_cred(override_cred); diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index 0f19bdbc78a4..7805667b2e05 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -741,7 +741,7 @@ static int ovl_prep_cu_creds(struct dentry *dentry, struct ovl_cu_creds *cc) return err; if (cc->new) - cc->old = override_creds_light(get_new_cred(cc->new)); + cc->old = override_creds(get_new_cred(cc->new)); return 0; } diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c index 08e683917d12..151271f0586c 100644 --- a/fs/overlayfs/dir.c +++ b/fs/overlayfs/dir.c @@ -580,7 +580,7 @@ static const struct cred *ovl_setup_cred_for_create(struct dentry *dentry, * We must be called with creator creds already, otherwise we risk * leaking creds. */ - old_cred = override_creds_light(override_cred); + old_cred = override_creds(override_cred); WARN_ON_ONCE(old_cred != ovl_creds(dentry->d_sb)); return override_cred; diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c index 9aa7493b1e10..2513a79a10b0 100644 --- a/fs/overlayfs/util.c +++ b/fs/overlayfs/util.c @@ -65,7 +65,7 @@ const struct cred *ovl_override_creds(struct super_block *sb) { struct ovl_fs *ofs = OVL_FS(sb); - return override_creds_light(ofs->creator_cred); + return override_creds(ofs->creator_cred); } void ovl_revert_creds(const struct cred *old_cred) diff --git a/fs/smb/client/cifs_spnego.c b/fs/smb/client/cifs_spnego.c index f2353bccc9f5..f22dc0be357f 100644 --- a/fs/smb/client/cifs_spnego.c +++ b/fs/smb/client/cifs_spnego.c @@ -173,7 +173,7 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo, } cifs_dbg(FYI, "key description = %s\n", description); - saved_cred = override_creds_light(get_new_cred(spnego_cred)); + saved_cred = override_creds(get_new_cred(spnego_cred)); spnego_key = request_key(&cifs_spnego_key_type, description, ""); put_cred(revert_creds_light(saved_cred)); diff --git a/fs/smb/client/cifsacl.c b/fs/smb/client/cifsacl.c index 81d8d9802a56..d65e094b97cb 100644 --- a/fs/smb/client/cifsacl.c +++ b/fs/smb/client/cifsacl.c @@ -292,7 +292,7 @@ id_to_sid(unsigned int cid, uint sidtype, struct smb_sid *ssid) return -EINVAL; rc = 0; - saved_cred = override_creds_light(get_new_cred(root_cred)); + saved_cred = override_creds(get_new_cred(root_cred)); sidkey = request_key(&cifs_idmap_key_type, desc, ""); if (IS_ERR(sidkey)) { rc = -EINVAL; @@ -398,7 +398,7 @@ try_upcall_to_get_id: if (!sidstr) return -ENOMEM; - saved_cred = override_creds_light(get_new_cred(root_cred)); + saved_cred = override_creds(get_new_cred(root_cred)); sidkey = request_key(&cifs_idmap_key_type, sidstr, ""); if (IS_ERR(sidkey)) { cifs_dbg(FYI, "%s: Can't map SID %s to a %cid\n", diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c index 1bd9b9c9db70..4a4cb9e4d45a 100644 --- a/fs/smb/server/smb_common.c +++ b/fs/smb/server/smb_common.c @@ -780,7 +780,7 @@ int __ksmbd_override_fsids(struct ksmbd_work *work, cred->cap_effective = cap_drop_fs_set(cred->cap_effective); WARN_ON(work->saved_cred); - work->saved_cred = override_creds_light(get_new_cred(cred)); + work->saved_cred = override_creds(get_new_cred(cred)); if (!work->saved_cred) { abort_creds(cred); return -EINVAL; diff --git a/include/linux/cred.h b/include/linux/cred.h index 80dcc18ef6e4..a073e6163c4e 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -170,7 +170,7 @@ static inline bool cap_ambient_invariant_ok(const struct cred *cred) cred->cap_inheritable)); } -static inline const struct cred *override_creds_light(const struct cred *override_cred) +static inline const struct cred *override_creds(const struct cred *override_cred) { const struct cred *old = current->cred; diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index 66b5bd9d26ab..5b1cc024deea 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -1728,7 +1728,7 @@ static int io_issue_sqe(struct io_kiocb *req, unsigned int issue_flags) return -EBADF; if (unlikely((req->flags & REQ_F_CREDS) && req->creds != current_cred())) - creds = override_creds_light(get_new_cred(req->creds)); + creds = override_creds(get_new_cred(req->creds)); if (!def->audit_skip) audit_uring_entry(req->opcode); diff --git a/io_uring/sqpoll.c b/io_uring/sqpoll.c index 42ca6e07e0f7..0fd424442118 100644 --- a/io_uring/sqpoll.c +++ b/io_uring/sqpoll.c @@ -174,7 +174,7 @@ static int __io_sq_thread(struct io_ring_ctx *ctx, bool cap_entries) const struct cred *creds = NULL; if (ctx->sq_creds != current_cred()) - creds = override_creds_light(get_new_cred(ctx->sq_creds)); + creds = override_creds(get_new_cred(ctx->sq_creds)); mutex_lock(&ctx->uring_lock); if (!wq_list_empty(&ctx->iopoll_list)) diff --git a/kernel/acct.c b/kernel/acct.c index 4e28aa9e1ef2..a51a3b483fd9 100644 --- a/kernel/acct.c +++ b/kernel/acct.c @@ -501,7 +501,7 @@ static void do_acct_process(struct bsd_acct_struct *acct) flim = rlimit(RLIMIT_FSIZE); current->signal->rlim[RLIMIT_FSIZE].rlim_cur = RLIM_INFINITY; /* Perform file operations on behalf of whoever enabled accounting */ - orig_cred = override_creds_light(get_new_cred(file->f_cred)); + orig_cred = override_creds(get_new_cred(file->f_cred)); /* * First check to see if there is enough free_space to continue diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c index 68b816955c9c..2d618b577e52 100644 --- a/kernel/cgroup/cgroup.c +++ b/kernel/cgroup/cgroup.c @@ -5216,7 +5216,7 @@ static ssize_t __cgroup_procs_write(struct kernfs_open_file *of, char *buf, * permissions using the credentials from file open to protect against * inherited fd attacks. */ - saved_cred = override_creds_light(get_new_cred(of->file->f_cred)); + saved_cred = override_creds(get_new_cred(of->file->f_cred)); ret = cgroup_attach_permissions(src_cgrp, dst_cgrp, of->file->f_path.dentry->d_sb, threadgroup, ctx->ns); diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c index 2fdadb2e8547..857124d81f12 100644 --- a/kernel/trace/trace_events_user.c +++ b/kernel/trace/trace_events_user.c @@ -1469,7 +1469,7 @@ static int user_event_set_call_visible(struct user_event *user, bool visible) */ cred->fsuid = GLOBAL_ROOT_UID; - old_cred = override_creds_light(get_new_cred(cred)); + old_cred = override_creds(get_new_cred(cred)); if (visible) ret = trace_add_event_call(&user->call); diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c index 297059b7e2a3..f8749d688d66 100644 --- a/net/dns_resolver/dns_query.c +++ b/net/dns_resolver/dns_query.c @@ -124,7 +124,7 @@ int dns_query(struct net *net, /* make the upcall, using special credentials to prevent the use of * add_key() to preinstall malicious redirections */ - saved_cred = override_creds_light(get_new_cred(dns_resolver_cache)); + saved_cred = override_creds(get_new_cred(dns_resolver_cache)); rkey = request_key_net(&key_type_dns_resolver, desc, net, options); put_cred(revert_creds_light(saved_cred)); kfree(desc); From 51c0bcf0973a3836adfc46f30f876f412478e376 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:02 +0100 Subject: [PATCH 06/30] tree-wide: s/revert_creds_light()/revert_creds()/g Rename all calls to revert_creds_light() back to revert_creds(). Link: https://lore.kernel.org/r/20241125-work-cred-v2-6-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- drivers/base/firmware_loader/main.c | 2 +- drivers/crypto/ccp/sev-dev.c | 2 +- drivers/target/target_core_configfs.c | 2 +- fs/aio.c | 2 +- fs/backing-file.c | 10 +++++----- fs/binfmt_misc.c | 2 +- fs/cachefiles/internal.h | 2 +- fs/coredump.c | 2 +- fs/nfs/localio.c | 4 ++-- fs/nfs/nfs4idmap.c | 2 +- fs/nfsd/auth.c | 2 +- fs/nfsd/filecache.c | 2 +- fs/nfsd/nfs4recover.c | 2 +- fs/open.c | 2 +- fs/overlayfs/copy_up.c | 2 +- fs/overlayfs/dir.c | 2 +- fs/overlayfs/util.c | 2 +- fs/smb/client/cifs_spnego.c | 2 +- fs/smb/client/cifsacl.c | 4 ++-- fs/smb/server/smb_common.c | 2 +- include/linux/cred.h | 2 +- io_uring/io_uring.c | 2 +- io_uring/sqpoll.c | 2 +- kernel/acct.c | 2 +- kernel/cgroup/cgroup.c | 2 +- kernel/trace/trace_events_user.c | 2 +- net/dns_resolver/dns_query.c | 2 +- 27 files changed, 33 insertions(+), 33 deletions(-) diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index 294c75025dcb..a97fa36ee4bd 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -943,7 +943,7 @@ _request_firmware(const struct firmware **firmware_p, const char *name, } else ret = assign_fw(fw, device); - put_cred(revert_creds_light(old_cred)); + put_cred(revert_creds(old_cred)); put_cred(kern_cred); out: diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index ffae20fd52bc..187c34b02442 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -249,7 +249,7 @@ static struct file *open_file_as_root(const char *filename, int flags, umode_t m fp = file_open_root(&root, filename, flags, mode); path_put(&root); - put_cred(revert_creds_light(old_cred)); + put_cred(revert_creds(old_cred)); return fp; } diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c index 7788e1fe2633..ec7a55987193 100644 --- a/drivers/target/target_core_configfs.c +++ b/drivers/target/target_core_configfs.c @@ -3758,7 +3758,7 @@ static int __init target_core_init_configfs(void) } old_cred = override_creds(get_new_cred(kern_cred)); target_init_dbroot(); - put_cred(revert_creds_light(old_cred)); + put_cred(revert_creds(old_cred)); put_cred(kern_cred); return 0; diff --git a/fs/aio.c b/fs/aio.c index 7e0ec687f480..5e57dcaed7f1 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -1642,7 +1642,7 @@ static void aio_fsync_work(struct work_struct *work) const struct cred *old_cred = override_creds(get_new_cred(iocb->fsync.creds)); iocb->ki_res.res = vfs_fsync(iocb->fsync.file, iocb->fsync.datasync); - put_cred(revert_creds_light(old_cred)); + put_cred(revert_creds(old_cred)); put_cred(iocb->fsync.creds); iocb_put(iocb); } diff --git a/fs/backing-file.c b/fs/backing-file.c index 37c5a66e5dad..763fbe9b72b2 100644 --- a/fs/backing-file.c +++ b/fs/backing-file.c @@ -197,7 +197,7 @@ ssize_t backing_file_read_iter(struct file *file, struct iov_iter *iter, backing_aio_cleanup(aio, ret); } out: - revert_creds_light(old_cred); + revert_creds(old_cred); if (ctx->accessed) ctx->accessed(iocb->ki_filp); @@ -264,7 +264,7 @@ ssize_t backing_file_write_iter(struct file *file, struct iov_iter *iter, backing_aio_cleanup(aio, ret); } out: - revert_creds_light(old_cred); + revert_creds(old_cred); return ret; } @@ -283,7 +283,7 @@ ssize_t backing_file_splice_read(struct file *in, struct kiocb *iocb, old_cred = override_creds(ctx->cred); ret = vfs_splice_read(in, &iocb->ki_pos, pipe, len, flags); - revert_creds_light(old_cred); + revert_creds(old_cred); if (ctx->accessed) ctx->accessed(iocb->ki_filp); @@ -314,7 +314,7 @@ ssize_t backing_file_splice_write(struct pipe_inode_info *pipe, file_start_write(out); ret = out->f_op->splice_write(pipe, out, &iocb->ki_pos, len, flags); file_end_write(out); - revert_creds_light(old_cred); + revert_creds(old_cred); if (ctx->end_write) ctx->end_write(iocb, ret); @@ -340,7 +340,7 @@ int backing_file_mmap(struct file *file, struct vm_area_struct *vma, old_cred = override_creds(ctx->cred); ret = call_mmap(vma->vm_file, vma); - revert_creds_light(old_cred); + revert_creds(old_cred); if (ctx->accessed) ctx->accessed(user_file); diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c index 5756ec49f79e..3270c2158552 100644 --- a/fs/binfmt_misc.c +++ b/fs/binfmt_misc.c @@ -831,7 +831,7 @@ static ssize_t bm_register_write(struct file *file, const char __user *buffer, */ old_cred = override_creds(get_new_cred(file->f_cred)); f = open_exec(e->interpreter); - put_cred(revert_creds_light(old_cred)); + put_cred(revert_creds(old_cred)); if (IS_ERR(f)) { pr_notice("register: failed to install interpreter file %s\n", e->interpreter); diff --git a/fs/cachefiles/internal.h b/fs/cachefiles/internal.h index 05b1d4cfb55a..1cfeb3b38319 100644 --- a/fs/cachefiles/internal.h +++ b/fs/cachefiles/internal.h @@ -399,7 +399,7 @@ static inline void cachefiles_begin_secure(struct cachefiles_cache *cache, static inline void cachefiles_end_secure(struct cachefiles_cache *cache, const struct cred *saved_cred) { - put_cred(revert_creds_light(saved_cred)); + put_cred(revert_creds(saved_cred)); } /* diff --git a/fs/coredump.c b/fs/coredump.c index 4eae37892da5..0d3a65cac546 100644 --- a/fs/coredump.c +++ b/fs/coredump.c @@ -781,7 +781,7 @@ fail_unlock: kfree(argv); kfree(cn.corename); coredump_finish(core_dumped); - put_cred(revert_creds_light(old_cred)); + put_cred(revert_creds(old_cred)); fail_creds: put_cred(cred); fail: diff --git a/fs/nfs/localio.c b/fs/nfs/localio.c index 682d951ed69a..720a4a99bd8a 100644 --- a/fs/nfs/localio.c +++ b/fs/nfs/localio.c @@ -384,7 +384,7 @@ static void nfs_local_call_read(struct work_struct *work) nfs_local_read_done(iocb, status); nfs_local_pgio_release(iocb); - put_cred(revert_creds_light(save_cred)); + put_cred(revert_creds(save_cred)); } static int @@ -558,7 +558,7 @@ static void nfs_local_call_write(struct work_struct *work) nfs_local_vfs_getattr(iocb); nfs_local_pgio_release(iocb); - put_cred(revert_creds_light(save_cred)); + put_cred(revert_creds(save_cred)); current->flags = old_flags; } diff --git a/fs/nfs/nfs4idmap.c b/fs/nfs/nfs4idmap.c index 3cae4057f8ba..25b6a8920a65 100644 --- a/fs/nfs/nfs4idmap.c +++ b/fs/nfs/nfs4idmap.c @@ -313,7 +313,7 @@ static ssize_t nfs_idmap_get_key(const char *name, size_t namelen, saved_cred = override_creds(get_new_cred(id_resolver_cache)); rkey = nfs_idmap_request_key(name, namelen, type, idmap); - put_cred(revert_creds_light(saved_cred)); + put_cred(revert_creds(saved_cred)); if (IS_ERR(rkey)) { ret = PTR_ERR(rkey); diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c index dafea9183b4e..c399a5f030af 100644 --- a/fs/nfsd/auth.c +++ b/fs/nfsd/auth.c @@ -27,7 +27,7 @@ int nfsd_setuser(struct svc_cred *cred, struct svc_export *exp) int flags = nfsexp_flags(cred, exp); /* discard any old override before preparing the new set */ - put_cred(revert_creds_light(get_cred(current_real_cred()))); + put_cred(revert_creds(get_cred(current_real_cred()))); new = prepare_creds(); if (!new) return -ENOMEM; diff --git a/fs/nfsd/filecache.c b/fs/nfsd/filecache.c index c05cd2ae8139..dc5c9d8e8202 100644 --- a/fs/nfsd/filecache.c +++ b/fs/nfsd/filecache.c @@ -1248,7 +1248,7 @@ nfsd_file_acquire_local(struct net *net, struct svc_cred *cred, beres = nfsd_file_do_acquire(NULL, net, cred, client, fhp, may_flags, NULL, pnf, true); - put_cred(revert_creds_light(save_cred)); + put_cred(revert_creds(save_cred)); return beres; } diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c index 0ab22b4e940f..f3837167b6a1 100644 --- a/fs/nfsd/nfs4recover.c +++ b/fs/nfsd/nfs4recover.c @@ -89,7 +89,7 @@ nfs4_save_creds(const struct cred **original_creds) static void nfs4_reset_creds(const struct cred *original) { - put_cred(revert_creds_light(original)); + put_cred(revert_creds(original)); } static void diff --git a/fs/open.c b/fs/open.c index bd0a34653f0e..0a5cd8e74fb9 100644 --- a/fs/open.c +++ b/fs/open.c @@ -523,7 +523,7 @@ out_path_release: } out: if (old_cred) - put_cred(revert_creds_light(old_cred)); + put_cred(revert_creds(old_cred)); return res; } diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index 7805667b2e05..439bd9a5ceec 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -749,7 +749,7 @@ static int ovl_prep_cu_creds(struct dentry *dentry, struct ovl_cu_creds *cc) static void ovl_revert_cu_creds(struct ovl_cu_creds *cc) { if (cc->new) { - put_cred(revert_creds_light(cc->old)); + put_cred(revert_creds(cc->old)); put_cred(cc->new); } } diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c index 151271f0586c..c9993ff66fc2 100644 --- a/fs/overlayfs/dir.c +++ b/fs/overlayfs/dir.c @@ -575,7 +575,7 @@ static const struct cred *ovl_setup_cred_for_create(struct dentry *dentry, } /* - * Caller is going to match this with revert_creds_light() and drop + * Caller is going to match this with revert_creds() and drop * referenec on the returned creds. * We must be called with creator creds already, otherwise we risk * leaking creds. diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c index 2513a79a10b0..0819c739cc2f 100644 --- a/fs/overlayfs/util.c +++ b/fs/overlayfs/util.c @@ -70,7 +70,7 @@ const struct cred *ovl_override_creds(struct super_block *sb) void ovl_revert_creds(const struct cred *old_cred) { - revert_creds_light(old_cred); + revert_creds(old_cred); } /* diff --git a/fs/smb/client/cifs_spnego.c b/fs/smb/client/cifs_spnego.c index f22dc0be357f..6284d924fdb1 100644 --- a/fs/smb/client/cifs_spnego.c +++ b/fs/smb/client/cifs_spnego.c @@ -175,7 +175,7 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo, cifs_dbg(FYI, "key description = %s\n", description); saved_cred = override_creds(get_new_cred(spnego_cred)); spnego_key = request_key(&cifs_spnego_key_type, description, ""); - put_cred(revert_creds_light(saved_cred)); + put_cred(revert_creds(saved_cred)); #ifdef CONFIG_CIFS_DEBUG2 if (cifsFYI && !IS_ERR(spnego_key)) { diff --git a/fs/smb/client/cifsacl.c b/fs/smb/client/cifsacl.c index d65e094b97cb..5718906369a9 100644 --- a/fs/smb/client/cifsacl.c +++ b/fs/smb/client/cifsacl.c @@ -327,7 +327,7 @@ id_to_sid(unsigned int cid, uint sidtype, struct smb_sid *ssid) out_key_put: key_put(sidkey); out_revert_creds: - put_cred(revert_creds_light(saved_cred)); + put_cred(revert_creds(saved_cred)); return rc; invalidate_key: @@ -438,7 +438,7 @@ try_upcall_to_get_id: out_key_put: key_put(sidkey); out_revert_creds: - put_cred(revert_creds_light(saved_cred)); + put_cred(revert_creds(saved_cred)); kfree(sidstr); /* diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c index 4a4cb9e4d45a..ec4106aa1945 100644 --- a/fs/smb/server/smb_common.c +++ b/fs/smb/server/smb_common.c @@ -800,7 +800,7 @@ void ksmbd_revert_fsids(struct ksmbd_work *work) WARN_ON(!work->saved_cred); cred = current_cred(); - put_cred(revert_creds_light(work->saved_cred)); + put_cred(revert_creds(work->saved_cred)); put_cred(cred); work->saved_cred = NULL; } diff --git a/include/linux/cred.h b/include/linux/cred.h index a073e6163c4e..a7df1c759ef0 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -178,7 +178,7 @@ static inline const struct cred *override_creds(const struct cred *override_cred return old; } -static inline const struct cred *revert_creds_light(const struct cred *revert_cred) +static inline const struct cred *revert_creds(const struct cred *revert_cred) { const struct cred *override_cred = current->cred; diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index 5b1cc024deea..3e408c8442d4 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -1739,7 +1739,7 @@ static int io_issue_sqe(struct io_kiocb *req, unsigned int issue_flags) audit_uring_exit(!ret, ret); if (creds) - put_cred(revert_creds_light(creds)); + put_cred(revert_creds(creds)); if (ret == IOU_OK) { if (issue_flags & IO_URING_F_COMPLETE_DEFER) diff --git a/io_uring/sqpoll.c b/io_uring/sqpoll.c index 0fd424442118..1ca963474336 100644 --- a/io_uring/sqpoll.c +++ b/io_uring/sqpoll.c @@ -192,7 +192,7 @@ static int __io_sq_thread(struct io_ring_ctx *ctx, bool cap_entries) if (to_submit && wq_has_sleeper(&ctx->sqo_sq_wait)) wake_up(&ctx->sqo_sq_wait); if (creds) - put_cred(revert_creds_light(creds)); + put_cred(revert_creds(creds)); } return ret; diff --git a/kernel/acct.c b/kernel/acct.c index a51a3b483fd9..ea8c94887b58 100644 --- a/kernel/acct.c +++ b/kernel/acct.c @@ -541,7 +541,7 @@ static void do_acct_process(struct bsd_acct_struct *acct) } out: current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim; - put_cred(revert_creds_light(orig_cred)); + put_cred(revert_creds(orig_cred)); } /** diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c index 2d618b577e52..1a94e8b154be 100644 --- a/kernel/cgroup/cgroup.c +++ b/kernel/cgroup/cgroup.c @@ -5220,7 +5220,7 @@ static ssize_t __cgroup_procs_write(struct kernfs_open_file *of, char *buf, ret = cgroup_attach_permissions(src_cgrp, dst_cgrp, of->file->f_path.dentry->d_sb, threadgroup, ctx->ns); - put_cred(revert_creds_light(saved_cred)); + put_cred(revert_creds(saved_cred)); if (ret) goto out_finish; diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c index 857124d81f12..c54ae15f425c 100644 --- a/kernel/trace/trace_events_user.c +++ b/kernel/trace/trace_events_user.c @@ -1476,7 +1476,7 @@ static int user_event_set_call_visible(struct user_event *user, bool visible) else ret = trace_remove_event_call(&user->call); - put_cred(revert_creds_light(old_cred)); + put_cred(revert_creds(old_cred)); put_cred(cred); return ret; diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c index f8749d688d66..0b0789fe2194 100644 --- a/net/dns_resolver/dns_query.c +++ b/net/dns_resolver/dns_query.c @@ -126,7 +126,7 @@ int dns_query(struct net *net, */ saved_cred = override_creds(get_new_cred(dns_resolver_cache)); rkey = request_key_net(&key_type_dns_resolver, desc, net, options); - put_cred(revert_creds_light(saved_cred)); + put_cred(revert_creds(saved_cred)); kfree(desc); if (IS_ERR(rkey)) { ret = PTR_ERR(rkey); From 7915f42453602697b402d8cbbeb7689166fb569b Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:03 +0100 Subject: [PATCH 07/30] firmware: avoid pointless reference count bump The creds are allocated via prepare_kernel_cred() which has already taken a reference. Link: https://lore.kernel.org/r/20241125-work-cred-v2-7-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- drivers/base/firmware_loader/main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index a97fa36ee4bd..cb0912ea3e62 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -911,7 +911,7 @@ _request_firmware(const struct firmware **firmware_p, const char *name, ret = -ENOMEM; goto out; } - old_cred = override_creds(get_new_cred(kern_cred)); + old_cred = override_creds(kern_cred); ret = fw_get_filesystem_firmware(device, fw->priv, "", NULL); @@ -943,7 +943,7 @@ _request_firmware(const struct firmware **firmware_p, const char *name, } else ret = assign_fw(fw, device); - put_cred(revert_creds(old_cred)); + revert_creds(old_cred); put_cred(kern_cred); out: From 25fe3d58e4ba20b1ec98d7ce9067ddd234e8e448 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:04 +0100 Subject: [PATCH 08/30] sev-dev: avoid pointless cred reference count bump and fix a memory leak while at it. The new creds are created via prepare_creds() and then reverted via put_cred(revert_creds()). The additional reference count bump from override_creds() wasn't even taken into account before. Link: https://lore.kernel.org/r/20241125-work-cred-v2-8-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- drivers/crypto/ccp/sev-dev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 187c34b02442..2e87ca0e292a 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -244,7 +244,7 @@ static struct file *open_file_as_root(const char *filename, int flags, umode_t m if (!cred) return ERR_PTR(-ENOMEM); cred->fsuid = GLOBAL_ROOT_UID; - old_cred = override_creds(get_new_cred(cred)); + old_cred = override_creds(cred); fp = file_open_root(&root, filename, flags, mode); path_put(&root); From 7c0c3b346adafb515a5ff085c68c92695c4fdb04 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:05 +0100 Subject: [PATCH 09/30] target_core_configfs: avoid pointless cred reference count bump The creds are allocated via prepare_kernel_cred() which has already taken a reference. Link: https://lore.kernel.org/r/20241125-work-cred-v2-9-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- drivers/target/target_core_configfs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c index ec7a55987193..c40217f44b1b 100644 --- a/drivers/target/target_core_configfs.c +++ b/drivers/target/target_core_configfs.c @@ -3756,9 +3756,9 @@ static int __init target_core_init_configfs(void) ret = -ENOMEM; goto out; } - old_cred = override_creds(get_new_cred(kern_cred)); + old_cred = override_creds(kern_cred); target_init_dbroot(); - put_cred(revert_creds(old_cred)); + revert_creds(old_cred); put_cred(kern_cred); return 0; From b37eab47cf5479f974c029e23d84f9049d4df009 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:06 +0100 Subject: [PATCH 10/30] aio: avoid pointless cred reference count bump iocb->fsync.creds already holds a reference count that is stable while the operation is performed. Link: https://lore.kernel.org/r/20241125-work-cred-v2-10-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- fs/aio.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/aio.c b/fs/aio.c index 5e57dcaed7f1..50671640b588 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -1639,10 +1639,10 @@ static int aio_write(struct kiocb *req, const struct iocb *iocb, static void aio_fsync_work(struct work_struct *work) { struct aio_kiocb *iocb = container_of(work, struct aio_kiocb, fsync.work); - const struct cred *old_cred = override_creds(get_new_cred(iocb->fsync.creds)); + const struct cred *old_cred = override_creds(iocb->fsync.creds); iocb->ki_res.res = vfs_fsync(iocb->fsync.file, iocb->fsync.datasync); - put_cred(revert_creds(old_cred)); + revert_creds(old_cred); put_cred(iocb->fsync.creds); iocb_put(iocb); } From caf6bf48f902e8e353f124325dd635d143331476 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:07 +0100 Subject: [PATCH 11/30] binfmt_misc: avoid pointless cred reference count bump file->f_cred already holds a reference count that is stable during the operation. Link: https://lore.kernel.org/r/20241125-work-cred-v2-11-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- fs/binfmt_misc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c index 3270c2158552..6a3a16f91051 100644 --- a/fs/binfmt_misc.c +++ b/fs/binfmt_misc.c @@ -829,9 +829,9 @@ static ssize_t bm_register_write(struct file *file, const char __user *buffer, * didn't matter much as only a privileged process could open * the register file. */ - old_cred = override_creds(get_new_cred(file->f_cred)); + old_cred = override_creds(file->f_cred); f = open_exec(e->interpreter); - put_cred(revert_creds(old_cred)); + revert_creds(old_cred); if (IS_ERR(f)) { pr_notice("register: failed to install interpreter file %s\n", e->interpreter); From bd05aeb1eedc60dee05f82efe97339330239f37e Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:08 +0100 Subject: [PATCH 12/30] coredump: avoid pointless cred reference count bump The creds are allocated via prepare_creds() which has already taken a reference. Link: https://lore.kernel.org/r/20241125-work-cred-v2-12-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- fs/coredump.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/coredump.c b/fs/coredump.c index 0d3a65cac546..d48edb37bc35 100644 --- a/fs/coredump.c +++ b/fs/coredump.c @@ -576,7 +576,7 @@ void do_coredump(const kernel_siginfo_t *siginfo) if (retval < 0) goto fail_creds; - old_cred = override_creds(get_new_cred(cred)); + old_cred = override_creds(cred); ispipe = format_corename(&cn, &cprm, &argv, &argc); @@ -781,7 +781,7 @@ fail_unlock: kfree(argv); kfree(cn.corename); coredump_finish(core_dumped); - put_cred(revert_creds(old_cred)); + revert_creds(old_cred); fail_creds: put_cred(cred); fail: From 6c7a0a6afd0e45ba4879d6fb2bafa9807cde6e2c Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:09 +0100 Subject: [PATCH 13/30] nfs/localio: avoid pointless cred reference count bumps filp->f_cred already holds a reference count that is stable during the operation. Link: https://lore.kernel.org/r/20241125-work-cred-v2-13-68b9d38bb5b2@kernel.org Acked-by: Chuck Lever Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- fs/nfs/localio.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/fs/nfs/localio.c b/fs/nfs/localio.c index 720a4a99bd8a..4b8618cf114c 100644 --- a/fs/nfs/localio.c +++ b/fs/nfs/localio.c @@ -374,7 +374,7 @@ static void nfs_local_call_read(struct work_struct *work) struct iov_iter iter; ssize_t status; - save_cred = override_creds(get_new_cred(filp->f_cred)); + save_cred = override_creds(filp->f_cred); nfs_local_iter_init(&iter, iocb, READ); @@ -384,7 +384,7 @@ static void nfs_local_call_read(struct work_struct *work) nfs_local_read_done(iocb, status); nfs_local_pgio_release(iocb); - put_cred(revert_creds(save_cred)); + revert_creds(save_cred); } static int @@ -545,7 +545,7 @@ static void nfs_local_call_write(struct work_struct *work) ssize_t status; current->flags |= PF_LOCAL_THROTTLE | PF_MEMALLOC_NOIO; - save_cred = override_creds(get_new_cred(filp->f_cred)); + save_cred = override_creds(filp->f_cred); nfs_local_iter_init(&iter, iocb, WRITE); @@ -558,7 +558,7 @@ static void nfs_local_call_write(struct work_struct *work) nfs_local_vfs_getattr(iocb); nfs_local_pgio_release(iocb); - put_cred(revert_creds(save_cred)); + revert_creds(save_cred); current->flags = old_flags; } From 3e23a1cd849d96ff3615d731acdafa8332ca2206 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:10 +0100 Subject: [PATCH 14/30] nfs/nfs4idmap: avoid pointless reference count bump The override creds are allocated with a long-term refernce when the id_resolver is initialized via prepare_kernel_creds() that is put when the id_resolver is destroyed. Link: https://lore.kernel.org/r/20241125-work-cred-v2-14-68b9d38bb5b2@kernel.org Acked-by: Chuck Lever Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- fs/nfs/nfs4idmap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/nfs/nfs4idmap.c b/fs/nfs/nfs4idmap.c index 25b6a8920a65..25a7c771cfd8 100644 --- a/fs/nfs/nfs4idmap.c +++ b/fs/nfs/nfs4idmap.c @@ -311,9 +311,9 @@ static ssize_t nfs_idmap_get_key(const char *name, size_t namelen, const struct user_key_payload *payload; ssize_t ret; - saved_cred = override_creds(get_new_cred(id_resolver_cache)); + saved_cred = override_creds(id_resolver_cache); rkey = nfs_idmap_request_key(name, namelen, type, idmap); - put_cred(revert_creds(saved_cred)); + revert_creds(saved_cred); if (IS_ERR(rkey)) { ret = PTR_ERR(rkey); From dfce6a462a9490063852c5d91d0f41104c0aad6d Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:11 +0100 Subject: [PATCH 15/30] nfs/nfs4recover: avoid pointless cred reference count bump The code already got rid of the extra reference count from the old version of override_creds(). Link: https://lore.kernel.org/r/20241125-work-cred-v2-15-68b9d38bb5b2@kernel.org Acked-by: Chuck Lever Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- fs/nfsd/nfs4recover.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c index f3837167b6a1..7f2ceeb118a4 100644 --- a/fs/nfsd/nfs4recover.c +++ b/fs/nfsd/nfs4recover.c @@ -81,8 +81,7 @@ nfs4_save_creds(const struct cred **original_creds) new->fsuid = GLOBAL_ROOT_UID; new->fsgid = GLOBAL_ROOT_GID; - *original_creds = override_creds(get_new_cred(new)); - put_cred(new); + *original_creds = override_creds(new); return 0; } From 81be9a8a1090cdddea69aa326cd41b658932e84e Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:12 +0100 Subject: [PATCH 16/30] nfsfh: avoid pointless cred reference count bump The code already got rid of the extra reference count from the old version of override_creds(). Link: https://lore.kernel.org/r/20241125-work-cred-v2-16-68b9d38bb5b2@kernel.org Acked-by: Chuck Lever Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- fs/nfsd/nfsfh.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c index 1cf52f3d5412..98d6459724a7 100644 --- a/fs/nfsd/nfsfh.c +++ b/fs/nfsd/nfsfh.c @@ -221,8 +221,7 @@ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct net *net, new->cap_effective = cap_raise_nfsd_set(new->cap_effective, new->cap_permitted); - put_cred(override_creds(get_new_cred(new))); - put_cred(new); + put_cred(override_creds(new)); } else { error = nfsd_setuser_and_check_port(rqstp, cred, exp); if (error) From 7708f3a7d25f5f1e80a5ef6abc3abde00128f88c Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:13 +0100 Subject: [PATCH 17/30] open: avoid pointless cred reference count bump The code already got rid of the extra reference count from the old version of override_creds(). Link: https://lore.kernel.org/r/20241125-work-cred-v2-17-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- fs/open.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/fs/open.c b/fs/open.c index 0a5cd8e74fb9..ffcfef67ac86 100644 --- a/fs/open.c +++ b/fs/open.c @@ -402,7 +402,6 @@ static bool access_need_override_creds(int flags) static const struct cred *access_override_creds(void) { - const struct cred *old_cred; struct cred *override_cred; override_cred = prepare_creds(); @@ -447,13 +446,7 @@ static const struct cred *access_override_creds(void) * freeing. */ override_cred->non_rcu = 1; - - old_cred = override_creds(get_new_cred(override_cred)); - - /* override_cred() gets its own ref */ - put_cred(override_cred); - - return old_cred; + return override_creds(override_cred); } static long do_faccessat(int dfd, const char __user *filename, int mode, int flags) From facc239a8c4980e17c832a7d5ee3809a2e2a45bd Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:14 +0100 Subject: [PATCH 18/30] ovl: avoid pointless cred reference count bump security_inode_copy_up() allocates a set of new credentials and has taken a reference count. Link: https://lore.kernel.org/r/20241125-work-cred-v2-18-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- fs/overlayfs/copy_up.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index 439bd9a5ceec..3601ddfeddc2 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -741,7 +741,7 @@ static int ovl_prep_cu_creds(struct dentry *dentry, struct ovl_cu_creds *cc) return err; if (cc->new) - cc->old = override_creds(get_new_cred(cc->new)); + cc->old = override_creds(cc->new); return 0; } @@ -749,7 +749,7 @@ static int ovl_prep_cu_creds(struct dentry *dentry, struct ovl_cu_creds *cc) static void ovl_revert_cu_creds(struct ovl_cu_creds *cc) { if (cc->new) { - put_cred(revert_creds(cc->old)); + revert_creds(cc->old); put_cred(cc->new); } } From 6077c4620daad2c9823c5ed55b4b4226a2883794 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:15 +0100 Subject: [PATCH 19/30] cifs: avoid pointless cred reference count bump During module init spnego_cred will be allocated with its own reference which is only destroyed during module exit. Link: https://lore.kernel.org/r/20241125-work-cred-v2-19-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- fs/smb/client/cifs_spnego.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/smb/client/cifs_spnego.c b/fs/smb/client/cifs_spnego.c index 6284d924fdb1..28f568b5fc27 100644 --- a/fs/smb/client/cifs_spnego.c +++ b/fs/smb/client/cifs_spnego.c @@ -173,9 +173,9 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo, } cifs_dbg(FYI, "key description = %s\n", description); - saved_cred = override_creds(get_new_cred(spnego_cred)); + saved_cred = override_creds(spnego_cred); spnego_key = request_key(&cifs_spnego_key_type, description, ""); - put_cred(revert_creds(saved_cred)); + revert_creds(saved_cred); #ifdef CONFIG_CIFS_DEBUG2 if (cifsFYI && !IS_ERR(spnego_key)) { From 2b315eda9e45f21b6c0da298016677b1090df67d Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:16 +0100 Subject: [PATCH 20/30] cifs: avoid pointless cred reference count bump During module init root_cred will be allocated with its own reference which is only destroyed during module exit. Link: https://lore.kernel.org/r/20241125-work-cred-v2-20-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- fs/smb/client/cifsacl.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/fs/smb/client/cifsacl.c b/fs/smb/client/cifsacl.c index 5718906369a9..ba79aa2107cc 100644 --- a/fs/smb/client/cifsacl.c +++ b/fs/smb/client/cifsacl.c @@ -292,7 +292,7 @@ id_to_sid(unsigned int cid, uint sidtype, struct smb_sid *ssid) return -EINVAL; rc = 0; - saved_cred = override_creds(get_new_cred(root_cred)); + saved_cred = override_creds(root_cred); sidkey = request_key(&cifs_idmap_key_type, desc, ""); if (IS_ERR(sidkey)) { rc = -EINVAL; @@ -327,7 +327,7 @@ id_to_sid(unsigned int cid, uint sidtype, struct smb_sid *ssid) out_key_put: key_put(sidkey); out_revert_creds: - put_cred(revert_creds(saved_cred)); + revert_creds(saved_cred); return rc; invalidate_key: @@ -398,7 +398,7 @@ try_upcall_to_get_id: if (!sidstr) return -ENOMEM; - saved_cred = override_creds(get_new_cred(root_cred)); + saved_cred = override_creds(root_cred); sidkey = request_key(&cifs_idmap_key_type, sidstr, ""); if (IS_ERR(sidkey)) { cifs_dbg(FYI, "%s: Can't map SID %s to a %cid\n", @@ -438,7 +438,7 @@ try_upcall_to_get_id: out_key_put: key_put(sidkey); out_revert_creds: - put_cred(revert_creds(saved_cred)); + revert_creds(saved_cred); kfree(sidstr); /* From 62e5396c50ae3942ff94c0a8cec6f476c1c3da2f Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:17 +0100 Subject: [PATCH 21/30] smb: avoid pointless cred reference count bump The creds are allocated via prepare_kernel_cred() which has already taken a reference. This also removes a pointless check that gives the impression that override_creds() can ever be called on a task with current->cred NULL. That's not possible afaict. Remove the check to not imply that there can be a dangling pointer in current->cred. Link: https://lore.kernel.org/r/20241125-work-cred-v2-21-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- fs/smb/server/smb_common.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c index ec4106aa1945..d009651fd5a8 100644 --- a/fs/smb/server/smb_common.c +++ b/fs/smb/server/smb_common.c @@ -780,11 +780,7 @@ int __ksmbd_override_fsids(struct ksmbd_work *work, cred->cap_effective = cap_drop_fs_set(cred->cap_effective); WARN_ON(work->saved_cred); - work->saved_cred = override_creds(get_new_cred(cred)); - if (!work->saved_cred) { - abort_creds(cred); - return -EINVAL; - } + work->saved_cred = override_creds(cred); return 0; } @@ -796,13 +792,11 @@ int ksmbd_override_fsids(struct ksmbd_work *work) void ksmbd_revert_fsids(struct ksmbd_work *work) { const struct cred *cred; - WARN_ON(!work->saved_cred); - cred = current_cred(); - put_cred(revert_creds(work->saved_cred)); - put_cred(cred); + cred = revert_creds(work->saved_cred); work->saved_cred = NULL; + put_cred(cred); } __le32 smb_map_generic_desired_access(__le32 daccess) From b690668b65e504d3e9344aa038bdaa7b2354304f Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:18 +0100 Subject: [PATCH 22/30] io_uring: avoid pointless cred reference count bump req->creds and ctx->sq_creds already hold reference counts that are stable during the operations. Link: https://lore.kernel.org/r/20241125-work-cred-v2-22-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- io_uring/io_uring.c | 4 ++-- io_uring/sqpoll.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index 3e408c8442d4..06ff41484e29 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -1728,7 +1728,7 @@ static int io_issue_sqe(struct io_kiocb *req, unsigned int issue_flags) return -EBADF; if (unlikely((req->flags & REQ_F_CREDS) && req->creds != current_cred())) - creds = override_creds(get_new_cred(req->creds)); + creds = override_creds(req->creds); if (!def->audit_skip) audit_uring_entry(req->opcode); @@ -1739,7 +1739,7 @@ static int io_issue_sqe(struct io_kiocb *req, unsigned int issue_flags) audit_uring_exit(!ret, ret); if (creds) - put_cred(revert_creds(creds)); + revert_creds(creds); if (ret == IOU_OK) { if (issue_flags & IO_URING_F_COMPLETE_DEFER) diff --git a/io_uring/sqpoll.c b/io_uring/sqpoll.c index 1ca963474336..6df5e649c413 100644 --- a/io_uring/sqpoll.c +++ b/io_uring/sqpoll.c @@ -174,7 +174,7 @@ static int __io_sq_thread(struct io_ring_ctx *ctx, bool cap_entries) const struct cred *creds = NULL; if (ctx->sq_creds != current_cred()) - creds = override_creds(get_new_cred(ctx->sq_creds)); + creds = override_creds(ctx->sq_creds); mutex_lock(&ctx->uring_lock); if (!wq_list_empty(&ctx->iopoll_list)) @@ -192,7 +192,7 @@ static int __io_sq_thread(struct io_ring_ctx *ctx, bool cap_entries) if (to_submit && wq_has_sleeper(&ctx->sqo_sq_wait)) wake_up(&ctx->sqo_sq_wait); if (creds) - put_cred(revert_creds(creds)); + revert_creds(creds); } return ret; From 6256d2377ed8fef96087803051d8b9dba68d8904 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:19 +0100 Subject: [PATCH 23/30] acct: avoid pointless reference count bump file->f_cred already holds a reference count that is stable during the operation. Link: https://lore.kernel.org/r/20241125-work-cred-v2-23-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- kernel/acct.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/acct.c b/kernel/acct.c index ea8c94887b58..179848ad33e9 100644 --- a/kernel/acct.c +++ b/kernel/acct.c @@ -501,7 +501,7 @@ static void do_acct_process(struct bsd_acct_struct *acct) flim = rlimit(RLIMIT_FSIZE); current->signal->rlim[RLIMIT_FSIZE].rlim_cur = RLIM_INFINITY; /* Perform file operations on behalf of whoever enabled accounting */ - orig_cred = override_creds(get_new_cred(file->f_cred)); + orig_cred = override_creds(file->f_cred); /* * First check to see if there is enough free_space to continue @@ -541,7 +541,7 @@ static void do_acct_process(struct bsd_acct_struct *acct) } out: current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim; - put_cred(revert_creds(orig_cred)); + revert_creds(orig_cred); } /** From 34ab26fb6b2a70ae6b22fc3880bc6d8b68579564 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:20 +0100 Subject: [PATCH 24/30] cgroup: avoid pointless cred reference count bump of->file->f_cred already holds a reference count that is stable during the operation. Link: https://lore.kernel.org/r/20241125-work-cred-v2-24-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- kernel/cgroup/cgroup.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c index 1a94e8b154be..d9061bd55436 100644 --- a/kernel/cgroup/cgroup.c +++ b/kernel/cgroup/cgroup.c @@ -5216,11 +5216,11 @@ static ssize_t __cgroup_procs_write(struct kernfs_open_file *of, char *buf, * permissions using the credentials from file open to protect against * inherited fd attacks. */ - saved_cred = override_creds(get_new_cred(of->file->f_cred)); + saved_cred = override_creds(of->file->f_cred); ret = cgroup_attach_permissions(src_cgrp, dst_cgrp, of->file->f_path.dentry->d_sb, threadgroup, ctx->ns); - put_cred(revert_creds(saved_cred)); + revert_creds(saved_cred); if (ret) goto out_finish; From aeca632b3160b654769d6224e264fff9f03f4a9b Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:21 +0100 Subject: [PATCH 25/30] trace: avoid pointless cred reference count bump The creds are allocated via prepare_creds() which has already taken a reference. Link: https://lore.kernel.org/r/20241125-work-cred-v2-25-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- kernel/trace/trace_events_user.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c index c54ae15f425c..17bcad8f79de 100644 --- a/kernel/trace/trace_events_user.c +++ b/kernel/trace/trace_events_user.c @@ -1469,14 +1469,14 @@ static int user_event_set_call_visible(struct user_event *user, bool visible) */ cred->fsuid = GLOBAL_ROOT_UID; - old_cred = override_creds(get_new_cred(cred)); + old_cred = override_creds(cred); if (visible) ret = trace_add_event_call(&user->call); else ret = trace_remove_event_call(&user->call); - put_cred(revert_creds(old_cred)); + revert_creds(old_cred); put_cred(cred); return ret; From 9e8534f5ae4f506b6fbda62add578d629c657816 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:22 +0100 Subject: [PATCH 26/30] dns_resolver: avoid pointless cred reference count bump The dns_resolver_cache creds hold a long-term reference that is stable during the operation. Link: https://lore.kernel.org/r/20241125-work-cred-v2-26-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- net/dns_resolver/dns_query.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c index 0b0789fe2194..82b084cc1cc6 100644 --- a/net/dns_resolver/dns_query.c +++ b/net/dns_resolver/dns_query.c @@ -124,9 +124,9 @@ int dns_query(struct net *net, /* make the upcall, using special credentials to prevent the use of * add_key() to preinstall malicious redirections */ - saved_cred = override_creds(get_new_cred(dns_resolver_cache)); + saved_cred = override_creds(dns_resolver_cache); rkey = request_key_net(&key_type_dns_resolver, desc, net, options); - put_cred(revert_creds(saved_cred)); + revert_creds(saved_cred); kfree(desc); if (IS_ERR(rkey)) { ret = PTR_ERR(rkey); From 76a40086683933431660b348dbfefa80b9eaaa03 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:23 +0100 Subject: [PATCH 27/30] cachefiles: avoid pointless cred reference count bump The cache holds a long-term reference to the credentials that's taken when the cache is created and put when the cache becomes unused. Link: https://lore.kernel.org/r/20241125-work-cred-v2-27-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- fs/cachefiles/internal.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/cachefiles/internal.h b/fs/cachefiles/internal.h index 1cfeb3b38319..7b99bd98de75 100644 --- a/fs/cachefiles/internal.h +++ b/fs/cachefiles/internal.h @@ -393,13 +393,13 @@ extern int cachefiles_determine_cache_security(struct cachefiles_cache *cache, static inline void cachefiles_begin_secure(struct cachefiles_cache *cache, const struct cred **_saved_cred) { - *_saved_cred = override_creds(get_new_cred(cache->cache_cred)); + *_saved_cred = override_creds(cache->cache_cred); } static inline void cachefiles_end_secure(struct cachefiles_cache *cache, const struct cred *saved_cred) { - put_cred(revert_creds(saved_cred)); + revert_creds(saved_cred); } /* From 4fa6af563d4dcef43ae34a9bce9d1a9440f20867 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:24 +0100 Subject: [PATCH 28/30] nfsd: avoid pointless cred reference count bump The code already got rid of the extra reference count from the old version of override_creds(). Link: https://lore.kernel.org/r/20241125-work-cred-v2-28-68b9d38bb5b2@kernel.org Acked-by: Chuck Lever Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- fs/nfsd/auth.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c index c399a5f030af..4dc327e02456 100644 --- a/fs/nfsd/auth.c +++ b/fs/nfsd/auth.c @@ -79,8 +79,7 @@ int nfsd_setuser(struct svc_cred *cred, struct svc_export *exp) else new->cap_effective = cap_raise_nfsd_set(new->cap_effective, new->cap_permitted); - put_cred(override_creds(get_new_cred(new))); - put_cred(new); + put_cred(override_creds(new)); return 0; oom: From 6efbb80490a545cfd9f87ebd9225879d8cdbed93 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:25 +0100 Subject: [PATCH 29/30] cred: remove unused get_new_cred() This helper is not used anymore so remove it. Link: https://lore.kernel.org/r/20241125-work-cred-v2-29-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- Documentation/security/credentials.rst | 5 ----- include/linux/cred.h | 13 ------------- 2 files changed, 18 deletions(-) diff --git a/Documentation/security/credentials.rst b/Documentation/security/credentials.rst index 357328d566c8..2aa0791bcefe 100644 --- a/Documentation/security/credentials.rst +++ b/Documentation/security/credentials.rst @@ -527,11 +527,6 @@ There are some functions to help manage credentials: This gets a reference on a live set of credentials, returning a pointer to that set of credentials. - - ``struct cred *get_new_cred(struct cred *cred);`` - - This gets a reference on a set of credentials that is under construction - and is thus still mutable, returning a pointer to that set of credentials. - Open File Credentials ===================== diff --git a/include/linux/cred.h b/include/linux/cred.h index a7df1c759ef0..360f5fd3854b 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -200,19 +200,6 @@ static inline struct cred *get_new_cred_many(struct cred *cred, int nr) return cred; } -/** - * get_new_cred - Get a reference on a new set of credentials - * @cred: The new credentials to reference - * - * Get a reference on the specified set of new credentials. The caller must - * release the reference. - */ -static inline struct cred *get_new_cred(const struct cred *cred) -{ - struct cred *nonconst_cred = (struct cred *) cred; - return get_new_cred_many(nonconst_cred, 1); -} - /** * get_cred_many - Get references on a set of credentials * @cred: The credentials to reference From a6babf4cbeaaa1c97a205382cdc958571f668ea8 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Tue, 26 Nov 2024 14:22:16 +0100 Subject: [PATCH 30/30] cred: fold get_new_cred_many() into get_cred_many() There's no need for this to be a separate helper. Link: https://lore.kernel.org/r/20241126-zaunpfahl-wovon-c3979b990a63@brauner Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- include/linux/cred.h | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) diff --git a/include/linux/cred.h b/include/linux/cred.h index 360f5fd3854b..0c3c4b16b469 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -186,20 +186,6 @@ static inline const struct cred *revert_creds(const struct cred *revert_cred) return override_cred; } -/** - * get_new_cred_many - Get references on a new set of credentials - * @cred: The new credentials to reference - * @nr: Number of references to acquire - * - * Get references on the specified set of new credentials. The caller must - * release all acquired references. - */ -static inline struct cred *get_new_cred_many(struct cred *cred, int nr) -{ - atomic_long_add(nr, &cred->usage); - return cred; -} - /** * get_cred_many - Get references on a set of credentials * @cred: The credentials to reference @@ -220,7 +206,8 @@ static inline const struct cred *get_cred_many(const struct cred *cred, int nr) if (!cred) return cred; nonconst_cred->non_rcu = 0; - return get_new_cred_many(nonconst_cred, nr); + atomic_long_add(nr, &nonconst_cred->usage); + return cred; } /*