[v3] overlayfs: Optimize override/revert creds

[PATCH overlayfs-next v3 4/4] fs/overlayfs: Drop creds usage decrement for ovl_setup_for_create()

Posted by Vinicius Costa Gomes 2 weeks, 4 days ago

After the previous commit, we do not need to modify the mounter
credentials (returned by override_creds()) 'usage' counter when
preparing for "create" operations, as 'usage' will be kept constant.

Add a warning to verify that we are indeed working with the mounter
credentials (stored in the superblock). Failure in this assumption
means that creds may leak.

Suggested-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
---
 fs/overlayfs/dir.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c
index 74769d47c8ae..de012db6c169 100644
--- a/fs/overlayfs/dir.c
+++ b/fs/overlayfs/dir.c
@@ -571,7 +571,12 @@ static int ovl_setup_cred_for_create(struct dentry *dentry, struct inode *inode,
 		put_cred(override_cred);
 		return err;
 	}
-	put_cred(override_creds(override_cred));
+
+	/*
+	 * We must be called with creator creds already, otherwise we risk
+	 * leaking creds.
+	 */
+	WARN_ON_ONCE(override_creds(override_cred) != ovl_creds(dentry->d_sb));
 	put_cred(override_cred);
 
 	return 0;
-- 
2.47.0

[PATCH overlayfs-next v3 1/4] cred: Add a light version of override/revert_creds()
[PATCH overlayfs-next v3 2/4] fs/backing-file: Convert to revert/override_creds_light()
[PATCH overlayfs-next v3 3/4] fs/overlayfs: Optimize override/revert creds
[PATCH overlayfs-next v3 4/4] fs/overlayfs: Drop creds usage decrement for ovl_setup_for_create()