From nobody Mon Feb 9 13:35:55 2026 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5DBAA17D340; Thu, 22 Aug 2024 01:25:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724289943; cv=none; b=n1eiJpDbHQR0YMgKYeLAO4WiuMq73TTboOnCVrC0zIeMbEAUFUNQ+2soWedQe97qjU/z+e6EDrV6UlhivYLoErSWmAq2l15kYwg4QkyVHlvVPoQlvaj3b+Rzbq29wmImpk8Fq+XvnUFn3v3z3lhGjKLIx0EHObu0OxS8yGECs+U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724289943; c=relaxed/simple; bh=DxnumIkvaje9VmBTsox3H2YKIrYVSNnSFqODz9w2OAs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=oIiDPGRYhVFW6UYmZRRAV4vetqpxq69z4MpzgumkdYAg+eCEOTMGnyxrBZ9hyCr3kRIRVbD0UYWOx+Dgzab8N2fWUZoZOJH1t2p6k64GElszwkhpPV/kRMVQEpPFNeRpWko4MY5EZO+nVXlAd/svNH5Civ77BrLT0kHg1mihPzs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=XcqDfrUs; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="XcqDfrUs" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1724289941; x=1755825941; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=DxnumIkvaje9VmBTsox3H2YKIrYVSNnSFqODz9w2OAs=; b=XcqDfrUsEeI6GyV1JMNhmJMamLCJro3gvBE+BhYwyUQPxGw2kCX9oyJp JqA2UJ9OqveHs41sPiKJGL/GI9c+2My2rOlkiAqmI3ZS2b39JdwKlFThJ +Anm/+ybvqctUAkZIUVawvFTfwaQr8RUk5gv0aLCVG5m85fgTeMZ2CFgf sfjiBD1kmxazGv3jUuagfgB1KdsZ8dAhx+WqO7Ii59n9KwKBcVyAHGtTX 4gvFAiL1ESrwAasoO5EgFhuZBDpLjB/UIM08AoxiZvJA6USWF20ld9LZ/ 3ez99vhmFv0iu74PLjxfVphQWkDzKbKURFw8OhJREIOdyfY2epgVAcPVR Q==; X-CSE-ConnectionGUID: HCPjzp3QTPGfXgJL8CJV9A== X-CSE-MsgGUID: nWRZvazUSmyNLsouMQ/tow== X-IronPort-AV: E=McAfee;i="6700,10204,11171"; a="25574767" X-IronPort-AV: E=Sophos;i="6.10,165,1719903600"; d="scan'208";a="25574767" Received: from orviesa007.jf.intel.com ([10.64.159.147]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2024 18:25:33 -0700 X-CSE-ConnectionGUID: dpQvcYHoRNmv9ygfnKAFCA== X-CSE-MsgGUID: HcjwI+7pRl2HkzXE8OdlgA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.10,165,1719903600"; d="scan'208";a="61811054" Received: from unknown (HELO vcostago-mobl3.jf.intel.com) ([10.241.225.92]) by orviesa007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2024 18:25:32 -0700 From: Vinicius Costa Gomes To: brauner@kernel.org, amir73il@gmail.com, hu1.chen@intel.com Cc: miklos@szeredi.hu, malini.bhandaru@intel.com, tim.c.chen@intel.com, mikko.ylinen@intel.com, lizhen.you@intel.com, linux-unionfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Vinicius Costa Gomes Subject: [PATCH v2 11/16] overlayfs/inode: Convert to cred_guard() Date: Wed, 21 Aug 2024 18:25:18 -0700 Message-ID: <20240822012523.141846-12-vinicius.gomes@intel.com> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240822012523.141846-1-vinicius.gomes@intel.com> References: <20240822012523.141846-1-vinicius.gomes@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Replace the override_creds_light()/revert_creds_light() pairs of operations with cred_guard()/cred_scoped_guard(). In ovl_setattr(), ovl_set_or_remove_acl() and ovl_fileattr_set() use cred_scoped_guard(), because of 'goto', which can cause the cleanup flow to run on garbage memory. Signed-off-by: Vinicius Costa Gomes --- fs/overlayfs/inode.c | 73 +++++++++++++++++--------------------------- 1 file changed, 28 insertions(+), 45 deletions(-) diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index 30460d718605..a597e748397f 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -25,7 +25,6 @@ int ovl_setattr(struct mnt_idmap *idmap, struct dentry *d= entry, struct ovl_fs *ofs =3D OVL_FS(dentry->d_sb); bool full_copy_up =3D false; struct dentry *upperdentry; - const struct cred *old_cred; =20 err =3D setattr_prepare(&nop_mnt_idmap, dentry, attr); if (err) @@ -78,9 +77,8 @@ int ovl_setattr(struct mnt_idmap *idmap, struct dentry *d= entry, goto out_put_write; =20 inode_lock(upperdentry->d_inode); - old_cred =3D ovl_override_creds_light(dentry->d_sb); - err =3D ovl_do_notify_change(ofs, upperdentry, attr); - revert_creds_light(old_cred); + cred_scoped_guard(ovl_creds(dentry->d_sb)) + err =3D ovl_do_notify_change(ofs, upperdentry, attr); if (!err) ovl_copyattr(dentry->d_inode); inode_unlock(upperdentry->d_inode); @@ -159,7 +157,6 @@ int ovl_getattr(struct mnt_idmap *idmap, const struct p= ath *path, struct dentry *dentry =3D path->dentry; enum ovl_path_type type; struct path realpath; - const struct cred *old_cred; struct inode *inode =3D d_inode(dentry); bool is_dir =3D S_ISDIR(inode->i_mode); int fsid =3D 0; @@ -169,7 +166,7 @@ int ovl_getattr(struct mnt_idmap *idmap, const struct p= ath *path, metacopy_blocks =3D ovl_is_metacopy_dentry(dentry); =20 type =3D ovl_path_real(dentry, &realpath); - old_cred =3D ovl_override_creds_light(dentry->d_sb); + cred_guard(ovl_creds(dentry->d_sb)); err =3D ovl_do_getattr(&realpath, stat, request_mask, flags); if (err) goto out; @@ -280,7 +277,6 @@ int ovl_getattr(struct mnt_idmap *idmap, const struct p= ath *path, stat->nlink =3D dentry->d_inode->i_nlink; =20 out: - revert_creds_light(old_cred); =20 return err; } @@ -291,7 +287,6 @@ int ovl_permission(struct mnt_idmap *idmap, struct inode *upperinode =3D ovl_inode_upper(inode); struct inode *realinode; struct path realpath; - const struct cred *old_cred; int err; =20 /* Careful in RCU walk mode */ @@ -309,7 +304,7 @@ int ovl_permission(struct mnt_idmap *idmap, if (err) return err; =20 - old_cred =3D ovl_override_creds_light(inode->i_sb); + cred_guard(ovl_creds(inode->i_sb)); if (!upperinode && !special_file(realinode->i_mode) && mask & MAY_WRITE) { mask &=3D ~(MAY_WRITE | MAY_APPEND); @@ -317,7 +312,6 @@ int ovl_permission(struct mnt_idmap *idmap, mask |=3D MAY_READ; } err =3D inode_permission(mnt_idmap(realpath.mnt), realinode, mask); - revert_creds_light(old_cred); =20 return err; } @@ -326,15 +320,13 @@ static const char *ovl_get_link(struct dentry *dentry, struct inode *inode, struct delayed_call *done) { - const struct cred *old_cred; const char *p; =20 if (!dentry) return ERR_PTR(-ECHILD); =20 - old_cred =3D ovl_override_creds_light(dentry->d_sb); + cred_guard(ovl_creds(dentry->d_sb)); p =3D vfs_get_link(ovl_dentry_real(dentry), done); - revert_creds_light(old_cred); return p; } =20 @@ -465,11 +457,9 @@ struct posix_acl *do_ovl_get_acl(struct mnt_idmap *idm= ap, =20 acl =3D get_cached_acl_rcu(realinode, type); } else { - const struct cred *old_cred; =20 - old_cred =3D ovl_override_creds_light(inode->i_sb); + cred_guard(ovl_creds(inode->i_sb)); acl =3D ovl_get_acl_path(&realpath, posix_acl_xattr_name(type), noperm); - revert_creds_light(old_cred); } =20 return acl; @@ -481,7 +471,6 @@ static int ovl_set_or_remove_acl(struct dentry *dentry,= struct inode *inode, int err; struct path realpath; const char *acl_name; - const struct cred *old_cred; struct ovl_fs *ofs =3D OVL_FS(dentry->d_sb); struct dentry *upperdentry =3D ovl_dentry_upper(dentry); struct dentry *realdentry =3D upperdentry ?: ovl_dentry_lower(dentry); @@ -495,10 +484,9 @@ static int ovl_set_or_remove_acl(struct dentry *dentry= , struct inode *inode, struct posix_acl *real_acl; =20 ovl_path_lower(dentry, &realpath); - old_cred =3D ovl_override_creds_light(dentry->d_sb); + cred_guard(ovl_creds(dentry->d_sb)); real_acl =3D vfs_get_acl(mnt_idmap(realpath.mnt), realdentry, acl_name); - revert_creds_light(old_cred); if (IS_ERR(real_acl)) { err =3D PTR_ERR(real_acl); goto out; @@ -518,12 +506,12 @@ static int ovl_set_or_remove_acl(struct dentry *dentr= y, struct inode *inode, if (err) goto out; =20 - old_cred =3D ovl_override_creds_light(dentry->d_sb); - if (acl) - err =3D ovl_do_set_acl(ofs, realdentry, acl_name, acl); - else - err =3D ovl_do_remove_acl(ofs, realdentry, acl_name); - revert_creds_light(old_cred); + cred_scoped_guard(ovl_creds(dentry->d_sb)) { + if (acl) + err =3D ovl_do_set_acl(ofs, realdentry, acl_name, acl); + else + err =3D ovl_do_remove_acl(ofs, realdentry, acl_name); + } ovl_drop_write(dentry); =20 /* copy c/mtime */ @@ -590,7 +578,6 @@ static int ovl_fiemap(struct inode *inode, struct fiema= p_extent_info *fieinfo, { int err; struct inode *realinode =3D ovl_inode_realdata(inode); - const struct cred *old_cred; =20 if (!realinode) return -EIO; @@ -598,9 +585,8 @@ static int ovl_fiemap(struct inode *inode, struct fiema= p_extent_info *fieinfo, if (!realinode->i_op->fiemap) return -EOPNOTSUPP; =20 - old_cred =3D ovl_override_creds_light(inode->i_sb); + cred_guard(ovl_creds(inode->i_sb)); err =3D realinode->i_op->fiemap(realinode, fieinfo, start, len); - revert_creds_light(old_cred); =20 return err; } @@ -648,7 +634,6 @@ int ovl_fileattr_set(struct mnt_idmap *idmap, { struct inode *inode =3D d_inode(dentry); struct path upperpath; - const struct cred *old_cred; unsigned int flags; int err; =20 @@ -660,19 +645,19 @@ int ovl_fileattr_set(struct mnt_idmap *idmap, if (err) goto out; =20 - old_cred =3D ovl_override_creds_light(inode->i_sb); - /* - * Store immutable/append-only flags in xattr and clear them - * in upper fileattr (in case they were set by older kernel) - * so children of "ovl-immutable" directories lower aliases of - * "ovl-immutable" hardlinks could be copied up. - * Clear xattr when flags are cleared. - */ - err =3D ovl_set_protattr(inode, upperpath.dentry, fa); - if (!err) - err =3D ovl_real_fileattr_set(&upperpath, fa); - revert_creds_light(old_cred); - ovl_drop_write(dentry); + cred_scoped_guard(ovl_creds(inode->i_sb)) { + /* + * Store immutable/append-only flags in xattr and clear them + * in upper fileattr (in case they were set by older kernel) + * so children of "ovl-immutable" directories lower aliases of + * "ovl-immutable" hardlinks could be copied up. + * Clear xattr when flags are cleared. + */ + err =3D ovl_set_protattr(inode, upperpath.dentry, fa); + if (!err) + err =3D ovl_real_fileattr_set(&upperpath, fa); + ovl_drop_write(dentry); + } =20 /* * Merge real inode flags with inode flags read from @@ -725,15 +710,13 @@ int ovl_fileattr_get(struct dentry *dentry, struct fi= leattr *fa) { struct inode *inode =3D d_inode(dentry); struct path realpath; - const struct cred *old_cred; int err; =20 ovl_path_real(dentry, &realpath); =20 - old_cred =3D ovl_override_creds_light(inode->i_sb); + cred_guard(ovl_creds(inode->i_sb)); err =3D ovl_real_fileattr_get(&realpath, fa); ovl_fileattr_prot_flags(inode, fa); - revert_creds_light(old_cred); =20 return err; } --=20 2.46.0