From nobody Sun Nov 24 05:25:55 2024 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C3238D515; Thu, 7 Nov 2024 00:57:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730941064; cv=none; b=Pfnh8Mqw+fw7f6hY5VvAHmU3QSt8gz6CjxeZl5cWbow/US8yrsoQFbD0IFpTvxfnIsf863RMAoKaSTvc8PXK5PE1fbBTvcQ+XLQ1VMrULHChyL8NJC5wgVrFxV44/N3Or2MRWgqpJLiz9ZddMr6dz+sgpPykJuMImEfPvz1wo8k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730941064; c=relaxed/simple; bh=Wd/qbg0Eyo7dMUuoAAhNI1ZG5Rq7Hpgl5iQzNCWNzk8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=L/vq7tY0Wp+vm+emajsbwws2mH/3eC3y/xalaRUePpI4C+6lth+AXnIi9HpSLxw0iLLtO6akCzGVcnF98h6ZKgFMQZ2ojepgnsFupotIr5CksjnLc+0RO001hxRAIIVrakQPgfJuBtA3FtSUwg1YorMFP2nxKtfB13HJUhB13lI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=G78dOpJK; arc=none smtp.client-ip=198.175.65.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="G78dOpJK" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1730941063; x=1762477063; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Wd/qbg0Eyo7dMUuoAAhNI1ZG5Rq7Hpgl5iQzNCWNzk8=; b=G78dOpJKfgCcKkVWWVvz7StR1fk75r5ufqBvpHtfZOYI+kTjqGjD7UlV X6EQaHLllV0JsV7JOl8WjMdSZFbJ3Pg1+SaxA9wj9hrLMsvgBiLjCNTMf WMByZRBV2BaSTLADATHdPf6jBU1NZ6ySiPsub6lsOXtO2pgnS3O9n/nmM AUsc2jMKwVxT3eLbbSWcRFXEFV2iBLzYSCfyuk8FBUKGJg8rTkEr7F2yy EVCDGkozsfjEHKey++siiH/SELbWfhUJbVVtwvtnoG4CENE+R7k3NdRSR /gh/iH8XwdyK+73mheMD/Cdt//IkOBun6mjTXpiKISPySLxOtHG5vkIhc w==; X-CSE-ConnectionGUID: HoyvKaILTMqgC+OIYoCe6Q== X-CSE-MsgGUID: rb/HBLl5Q0ejSpsgThwtMA== X-IronPort-AV: E=McAfee;i="6700,10204,11222"; a="41320183" X-IronPort-AV: E=Sophos;i="6.11,199,1725346800"; d="scan'208";a="41320183" Received: from fmviesa010.fm.intel.com ([10.60.135.150]) by orvoesa103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2024 16:57:42 -0800 X-CSE-ConnectionGUID: BvKh602rSHG+B2y9z+RxzQ== X-CSE-MsgGUID: 8cuCYh0pTyWFUUDOcdyiow== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.11,264,1725346800"; d="scan'208";a="85193423" Received: from rfrazer-mobl3.amr.corp.intel.com (HELO vcostago-mobl3.lan) ([10.124.222.105]) by fmviesa010-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2024 16:57:41 -0800 From: Vinicius Costa Gomes To: brauner@kernel.org, amir73il@gmail.com, hu1.chen@intel.com Cc: miklos@szeredi.hu, malini.bhandaru@intel.com, tim.c.chen@intel.com, mikko.ylinen@intel.com, linux-unionfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Vinicius Costa Gomes Subject: [PATCH v4 1/4] cred: Add a light version of override/revert_creds() Date: Wed, 6 Nov 2024 16:57:17 -0800 Message-ID: <20241107005720.901335-2-vinicius.gomes@intel.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241107005720.901335-1-vinicius.gomes@intel.com> References: <20241107005720.901335-1-vinicius.gomes@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add a light version of override/revert_creds(), this should only be used when the credentials in question will outlive the critical section and the critical section doesn't change the ->usage of the credentials. Suggested-by: Christian Brauner Signed-off-by: Vinicius Costa Gomes --- include/linux/cred.h | 18 ++++++++++++++++++ kernel/cred.c | 6 +++--- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/include/linux/cred.h b/include/linux/cred.h index 2976f534a7a3..e4a3155fe409 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -172,6 +172,24 @@ static inline bool cap_ambient_invariant_ok(const stru= ct cred *cred) cred->cap_inheritable)); } =20 +/* + * Override creds without bumping reference count. Caller must ensure + * reference remains valid or has taken reference. Almost always not the + * interface you want. Use override_creds()/revert_creds() instead. + */ +static inline const struct cred *override_creds_light(const struct cred *o= verride_cred) +{ + const struct cred *old =3D current->cred; + + rcu_assign_pointer(current->cred, override_cred); + return old; +} + +static inline void revert_creds_light(const struct cred *revert_cred) +{ + rcu_assign_pointer(current->cred, revert_cred); +} + /** * get_new_cred_many - Get references on a new set of credentials * @cred: The new credentials to reference diff --git a/kernel/cred.c b/kernel/cred.c index 075cfa7c896f..da7da250f7c8 100644 --- a/kernel/cred.c +++ b/kernel/cred.c @@ -485,7 +485,7 @@ EXPORT_SYMBOL(abort_creds); */ const struct cred *override_creds(const struct cred *new) { - const struct cred *old =3D current->cred; + const struct cred *old; =20 kdebug("override_creds(%p{%ld})", new, atomic_long_read(&new->usage)); @@ -499,7 +499,7 @@ const struct cred *override_creds(const struct cred *ne= w) * visible to other threads under RCU. */ get_new_cred((struct cred *)new); - rcu_assign_pointer(current->cred, new); + old =3D override_creds_light(new); =20 kdebug("override_creds() =3D %p{%ld}", old, atomic_long_read(&old->usage)); @@ -521,7 +521,7 @@ void revert_creds(const struct cred *old) kdebug("revert_creds(%p{%ld})", old, atomic_long_read(&old->usage)); =20 - rcu_assign_pointer(current->cred, old); + revert_creds_light(old); put_cred(override); } EXPORT_SYMBOL(revert_creds); --=20 2.47.0 From nobody Sun Nov 24 05:25:55 2024 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D51F1DDA9; Thu, 7 Nov 2024 00:57:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730941066; cv=none; b=k19raEAz2nESOh3ojzFxhti6JaHaMckj+whD/4wON+oP/blF/YbCTkQF09NsGPfefqfxhOkUEynv4h6ti/LhAeO5iA6a5RhViO70o+YTFHBNXcGAPsfnF+ulHRuNQafaaa0TDcVYoafV96TVtYUgcb0pQMPiaEXEU62IeN6YZbs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730941066; c=relaxed/simple; bh=Nv/kEc4CVTqwYdLKuLpdo5expB9qETdFqCz08KbSXzQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=X0J3Nk0qepNdMYq8iYc3fcipBdhs7fWnwAb4nUUqakhRnlLvPY9/bZCuFlnKPUKOiRoDW7zSbnvvIRdCt6/GbUTQ7u7zp8aItw66210LauKh06KuHWWlRGd7OwRAaxSF3m0CmAQ77f9EzwNZH0NqRLAzASl3/v/3nPJHmrjOj7Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=mgB3nxIv; arc=none smtp.client-ip=198.175.65.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="mgB3nxIv" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1730941065; x=1762477065; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Nv/kEc4CVTqwYdLKuLpdo5expB9qETdFqCz08KbSXzQ=; b=mgB3nxIvWJWRd1eZBEaQntHX8BFfu+jwuGoEV5tjIy2ljcREd8KDFxIG zbf0+WHlU7dO9EAEU8s0BxnDzZ/TffI5ljpR1RkZgVvAP6pl7bu0hD1Do TuXmeaFvf+XXEnN+587LvHrQaO2uYe+IIQOyxtdGNhGgDaoKdkUxjsvWy 80XV+0OZTtJkLr/3kBtRHDCi61mVC4pgpGvb7eeX7hx3+WybNoZ1HlVh+ BFX6Y7B8v6vVxbXzd5ynlGXfLKcKmyo++ruASWc+kLMjSHRwXeOUMxS0D gQ0/CbsGw7/8ioUQAvf29qD4NAiix/WQ5KUj7pmI4mzYmtCbcTTQYkatJ A==; X-CSE-ConnectionGUID: WEDjjHoYT2ec6k3Fa6AvOg== X-CSE-MsgGUID: yhjgoDMzSUui9/CvBbPjgw== X-IronPort-AV: E=McAfee;i="6700,10204,11222"; a="41320187" X-IronPort-AV: E=Sophos;i="6.11,199,1725346800"; d="scan'208";a="41320187" Received: from fmviesa010.fm.intel.com ([10.60.135.150]) by orvoesa103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2024 16:57:42 -0800 X-CSE-ConnectionGUID: JoIOGtVlQI+5hQCAKFKVNg== X-CSE-MsgGUID: A+8Ikt7yR8OeZ4wxzda/RQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.11,264,1725346800"; d="scan'208";a="85193431" Received: from rfrazer-mobl3.amr.corp.intel.com (HELO vcostago-mobl3.lan) ([10.124.222.105]) by fmviesa010-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2024 16:57:42 -0800 From: Vinicius Costa Gomes To: brauner@kernel.org, amir73il@gmail.com, hu1.chen@intel.com Cc: miklos@szeredi.hu, malini.bhandaru@intel.com, tim.c.chen@intel.com, mikko.ylinen@intel.com, linux-unionfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Vinicius Costa Gomes Subject: [PATCH v4 2/4] fs/backing-file: Convert to revert/override_creds_light() Date: Wed, 6 Nov 2024 16:57:18 -0800 Message-ID: <20241107005720.901335-3-vinicius.gomes@intel.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241107005720.901335-1-vinicius.gomes@intel.com> References: <20241107005720.901335-1-vinicius.gomes@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" As the credentials used by backing-file are long lived in relation to the critical section (override_creds() -> revert_creds()) we can replace them by their lighter alternatives. Signed-off-by: Vinicius Costa Gomes --- fs/backing-file.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/fs/backing-file.c b/fs/backing-file.c index a38737592ec7..526ddb4d6f76 100644 --- a/fs/backing-file.c +++ b/fs/backing-file.c @@ -176,7 +176,7 @@ ssize_t backing_file_read_iter(struct file *file, struc= t iov_iter *iter, !(file->f_mode & FMODE_CAN_ODIRECT)) return -EINVAL; =20 - old_cred =3D override_creds(ctx->cred); + old_cred =3D override_creds_light(ctx->cred); if (is_sync_kiocb(iocb)) { rwf_t rwf =3D iocb_to_rw_flags(flags); =20 @@ -197,7 +197,7 @@ ssize_t backing_file_read_iter(struct file *file, struc= t iov_iter *iter, backing_aio_cleanup(aio, ret); } out: - revert_creds(old_cred); + revert_creds_light(old_cred); =20 if (ctx->accessed) ctx->accessed(iocb->ki_filp); @@ -233,7 +233,7 @@ ssize_t backing_file_write_iter(struct file *file, stru= ct iov_iter *iter, */ flags &=3D ~IOCB_DIO_CALLER_COMP; =20 - old_cred =3D override_creds(ctx->cred); + old_cred =3D override_creds_light(ctx->cred); if (is_sync_kiocb(iocb)) { rwf_t rwf =3D iocb_to_rw_flags(flags); =20 @@ -264,7 +264,7 @@ ssize_t backing_file_write_iter(struct file *file, stru= ct iov_iter *iter, backing_aio_cleanup(aio, ret); } out: - revert_creds(old_cred); + revert_creds_light(old_cred); =20 return ret; } @@ -281,9 +281,9 @@ ssize_t backing_file_splice_read(struct file *in, struc= t kiocb *iocb, if (WARN_ON_ONCE(!(in->f_mode & FMODE_BACKING))) return -EIO; =20 - old_cred =3D override_creds(ctx->cred); + old_cred =3D override_creds_light(ctx->cred); ret =3D vfs_splice_read(in, &iocb->ki_pos, pipe, len, flags); - revert_creds(old_cred); + revert_creds_light(old_cred); =20 if (ctx->accessed) ctx->accessed(iocb->ki_filp); @@ -310,11 +310,11 @@ ssize_t backing_file_splice_write(struct pipe_inode_i= nfo *pipe, if (ret) return ret; =20 - old_cred =3D override_creds(ctx->cred); + old_cred =3D override_creds_light(ctx->cred); file_start_write(out); ret =3D out->f_op->splice_write(pipe, out, &iocb->ki_pos, len, flags); file_end_write(out); - revert_creds(old_cred); + revert_creds_light(old_cred); =20 if (ctx->end_write) ctx->end_write(iocb, ret); @@ -337,9 +337,9 @@ int backing_file_mmap(struct file *file, struct vm_area= _struct *vma, =20 vma_set_file(vma, file); =20 - old_cred =3D override_creds(ctx->cred); + old_cred =3D override_creds_light(ctx->cred); ret =3D call_mmap(vma->vm_file, vma); - revert_creds(old_cred); + revert_creds_light(old_cred); =20 if (ctx->accessed) ctx->accessed(vma->vm_file); --=20 2.47.0 From nobody Sun Nov 24 05:25:55 2024 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 80A8010A1F; Thu, 7 Nov 2024 00:57:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730941068; cv=none; b=ak46VY601t8nTjb6b2792qYxMBWz0F2lPfoqR/0asxK76JkRIEm/KH5yWNb7kF2X3PKdC3CZLUDtw4CeqaZbT4nN51aSGSPT7KgRkefhwM6PegyZwrhMD5ZkLU16wpn/Zgl2tWXqYUn84WeDbyHv4kXJQb4DvNcO9x288pL4LMw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730941068; c=relaxed/simple; bh=BgP7CUVEi1v7wLqOlPeBJI6W/NpcpFWJok8RKMmKwVM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=rLqFfGZExyx0GoZbAjFpu9yTlDJRWQDOVS8ZPuZoJ5BBNx39uyEz6diIQpd2eIE6B2Vrnk+L7Z5Y3k56hP9aZbF+PJBxWRrbA1kTz/Z5CRHLvT/gjJFi+Ggprk/GSYJA8KTLsOPSD8HX6rhS/UtxYDD/AlonA6azGtlaLereLag= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=kv1oxmmc; arc=none smtp.client-ip=198.175.65.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="kv1oxmmc" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1730941066; x=1762477066; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=BgP7CUVEi1v7wLqOlPeBJI6W/NpcpFWJok8RKMmKwVM=; b=kv1oxmmcJx4zB7/XuG542tH+DVtGmAVOP0jEezt0uEOq0nt7uMXVw+Lu sQsbvwLzcju4c+DzLlYHXhQmDDkXGFbhwUGnjW9vMiQU/crAZQ8/0+vaj GyZs64yab68g42cjSdGwgAPmOV40lYUJwgzTGmSRb1BsbNFiGpJ4vsqxx EcP7jZqhKQhatx3OFI0UcA1mqzZIMqhLiR+D4PGKlNSy+VRSCD4ozNqM7 1n7W1hp4+YUHsaeqBQI3GScugfFAAM47VJqgm1QF+XYXTetWUvWT4PTcv xtPYnKeipQKFZ8T/+bM0DZShoWUoAENRZeduV7GBTaPzwatWZbbdPAspd Q==; X-CSE-ConnectionGUID: YyAT43I/R9GWYaQ1sW9cBQ== X-CSE-MsgGUID: GLmnOKHmQ7Ka4R+Jm4ZxRw== X-IronPort-AV: E=McAfee;i="6700,10204,11222"; a="41320194" X-IronPort-AV: E=Sophos;i="6.11,199,1725346800"; d="scan'208";a="41320194" Received: from fmviesa010.fm.intel.com ([10.60.135.150]) by orvoesa103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2024 16:57:43 -0800 X-CSE-ConnectionGUID: 1EG1mS+WRuC1KdsV4VzkpQ== X-CSE-MsgGUID: ftjVFDwwTmCUR5pMu5MA/w== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.11,264,1725346800"; d="scan'208";a="85193440" Received: from rfrazer-mobl3.amr.corp.intel.com (HELO vcostago-mobl3.lan) ([10.124.222.105]) by fmviesa010-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2024 16:57:42 -0800 From: Vinicius Costa Gomes To: brauner@kernel.org, amir73il@gmail.com, hu1.chen@intel.com Cc: miklos@szeredi.hu, malini.bhandaru@intel.com, tim.c.chen@intel.com, mikko.ylinen@intel.com, linux-unionfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Vinicius Costa Gomes Subject: [PATCH v4 3/4] ovl: use wrapper ovl_revert_creds() Date: Wed, 6 Nov 2024 16:57:19 -0800 Message-ID: <20241107005720.901335-4-vinicius.gomes@intel.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241107005720.901335-1-vinicius.gomes@intel.com> References: <20241107005720.901335-1-vinicius.gomes@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Introduce ovl_revert_creds() wrapper of revert_creds() to match callers of ovl_override_creds(). Suggested-by: Amir Goldstein Signed-off-by: Vinicius Costa Gomes Signed-off-by: Amir Goldstein --- fs/overlayfs/copy_up.c | 2 +- fs/overlayfs/dir.c | 10 +++++----- fs/overlayfs/file.c | 14 +++++++------- fs/overlayfs/inode.c | 20 ++++++++++---------- fs/overlayfs/namei.c | 10 +++++----- fs/overlayfs/overlayfs.h | 1 + fs/overlayfs/readdir.c | 8 ++++---- fs/overlayfs/util.c | 9 +++++++-- fs/overlayfs/xattrs.c | 9 ++++----- 9 files changed, 44 insertions(+), 39 deletions(-) diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index 2ed6ad641a20..dafd1c71b977 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -1260,7 +1260,7 @@ static int ovl_copy_up_flags(struct dentry *dentry, i= nt flags) dput(parent); dput(next); } - revert_creds(old_cred); + ovl_revert_creds(old_cred); =20 return err; } diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c index ab65e98a1def..09db5eb19242 100644 --- a/fs/overlayfs/dir.c +++ b/fs/overlayfs/dir.c @@ -621,7 +621,7 @@ static int ovl_create_or_link(struct dentry *dentry, st= ruct inode *inode, err =3D ovl_create_over_whiteout(dentry, inode, attr); =20 out_revert_creds: - revert_creds(old_cred); + ovl_revert_creds(old_cred); return err; } =20 @@ -702,7 +702,7 @@ static int ovl_set_link_redirect(struct dentry *dentry) =20 old_cred =3D ovl_override_creds(dentry->d_sb); err =3D ovl_set_redirect(dentry, false); - revert_creds(old_cred); + ovl_revert_creds(old_cred); =20 return err; } @@ -912,7 +912,7 @@ static int ovl_do_remove(struct dentry *dentry, bool is= _dir) err =3D ovl_remove_upper(dentry, is_dir, &list); else err =3D ovl_remove_and_whiteout(dentry, &list); - revert_creds(old_cred); + ovl_revert_creds(old_cred); if (!err) { if (is_dir) clear_nlink(dentry->d_inode); @@ -1292,7 +1292,7 @@ static int ovl_rename(struct mnt_idmap *idmap, struct= inode *olddir, out_unlock: unlock_rename(new_upperdir, old_upperdir); out_revert_creds: - revert_creds(old_cred); + ovl_revert_creds(old_cred); if (update_nlink) ovl_nlink_end(new); else @@ -1337,7 +1337,7 @@ static int ovl_create_tmpfile(struct file *file, stru= ct dentry *dentry, fput(realfile); } out_revert_creds: - revert_creds(old_cred); + ovl_revert_creds(old_cred); return err; } =20 diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c index 12c4d502ff91..608a88ff8d81 100644 --- a/fs/overlayfs/file.c +++ b/fs/overlayfs/file.c @@ -51,7 +51,7 @@ static struct file *ovl_open_realfile(const struct file *= file, realfile =3D backing_file_open(&file->f_path, flags, realpath, current_cred()); } - revert_creds(old_cred); + ovl_revert_creds(old_cred); =20 pr_debug("open(%p[%pD2/%c], 0%o) -> (%p, 0%o)\n", file, file, ovl_whatisit(inode, realinode), file->f_flags, @@ -215,7 +215,7 @@ static loff_t ovl_llseek(struct file *file, loff_t offs= et, int whence) =20 old_cred =3D ovl_override_creds(inode->i_sb); ret =3D vfs_llseek(fd_file(real), offset, whence); - revert_creds(old_cred); + ovl_revert_creds(old_cred); =20 file->f_pos =3D fd_file(real)->f_pos; ovl_inode_unlock(inode); @@ -412,7 +412,7 @@ static int ovl_fsync(struct file *file, loff_t start, l= off_t end, int datasync) if (file_inode(fd_file(real)) =3D=3D ovl_inode_upper(file_inode(file))) { old_cred =3D ovl_override_creds(file_inode(file)->i_sb); ret =3D vfs_fsync_range(fd_file(real), start, end, datasync); - revert_creds(old_cred); + ovl_revert_creds(old_cred); } =20 fdput(real); @@ -451,7 +451,7 @@ static long ovl_fallocate(struct file *file, int mode, = loff_t offset, loff_t len =20 old_cred =3D ovl_override_creds(file_inode(file)->i_sb); ret =3D vfs_fallocate(fd_file(real), mode, offset, len); - revert_creds(old_cred); + ovl_revert_creds(old_cred); =20 /* Update size */ ovl_file_modified(file); @@ -476,7 +476,7 @@ static int ovl_fadvise(struct file *file, loff_t offset= , loff_t len, int advice) =20 old_cred =3D ovl_override_creds(file_inode(file)->i_sb); ret =3D vfs_fadvise(fd_file(real), offset, len, advice); - revert_creds(old_cred); + ovl_revert_creds(old_cred); =20 fdput(real); =20 @@ -535,7 +535,7 @@ static loff_t ovl_copyfile(struct file *file_in, loff_t= pos_in, flags); break; } - revert_creds(old_cred); + ovl_revert_creds(old_cred); =20 /* Update size */ ovl_file_modified(file_out); @@ -597,7 +597,7 @@ static int ovl_flush(struct file *file, fl_owner_t id) if (fd_file(real)->f_op->flush) { old_cred =3D ovl_override_creds(file_inode(file)->i_sb); err =3D fd_file(real)->f_op->flush(fd_file(real), id); - revert_creds(old_cred); + ovl_revert_creds(old_cred); } fdput(real); =20 diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index 35fd3e3e1778..6c3add3801be 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -80,7 +80,7 @@ int ovl_setattr(struct mnt_idmap *idmap, struct dentry *d= entry, inode_lock(upperdentry->d_inode); old_cred =3D ovl_override_creds(dentry->d_sb); err =3D ovl_do_notify_change(ofs, upperdentry, attr); - revert_creds(old_cred); + ovl_revert_creds(old_cred); if (!err) ovl_copyattr(dentry->d_inode); inode_unlock(upperdentry->d_inode); @@ -280,7 +280,7 @@ int ovl_getattr(struct mnt_idmap *idmap, const struct p= ath *path, stat->nlink =3D dentry->d_inode->i_nlink; =20 out: - revert_creds(old_cred); + ovl_revert_creds(old_cred); =20 return err; } @@ -317,7 +317,7 @@ int ovl_permission(struct mnt_idmap *idmap, mask |=3D MAY_READ; } err =3D inode_permission(mnt_idmap(realpath.mnt), realinode, mask); - revert_creds(old_cred); + ovl_revert_creds(old_cred); =20 return err; } @@ -334,7 +334,7 @@ static const char *ovl_get_link(struct dentry *dentry, =20 old_cred =3D ovl_override_creds(dentry->d_sb); p =3D vfs_get_link(ovl_dentry_real(dentry), done); - revert_creds(old_cred); + ovl_revert_creds(old_cred); return p; } =20 @@ -469,7 +469,7 @@ struct posix_acl *do_ovl_get_acl(struct mnt_idmap *idma= p, =20 old_cred =3D ovl_override_creds(inode->i_sb); acl =3D ovl_get_acl_path(&realpath, posix_acl_xattr_name(type), noperm); - revert_creds(old_cred); + ovl_revert_creds(old_cred); } =20 return acl; @@ -498,7 +498,7 @@ static int ovl_set_or_remove_acl(struct dentry *dentry,= struct inode *inode, old_cred =3D ovl_override_creds(dentry->d_sb); real_acl =3D vfs_get_acl(mnt_idmap(realpath.mnt), realdentry, acl_name); - revert_creds(old_cred); + ovl_revert_creds(old_cred); if (IS_ERR(real_acl)) { err =3D PTR_ERR(real_acl); goto out; @@ -523,7 +523,7 @@ static int ovl_set_or_remove_acl(struct dentry *dentry,= struct inode *inode, err =3D ovl_do_set_acl(ofs, realdentry, acl_name, acl); else err =3D ovl_do_remove_acl(ofs, realdentry, acl_name); - revert_creds(old_cred); + ovl_revert_creds(old_cred); ovl_drop_write(dentry); =20 /* copy c/mtime */ @@ -600,7 +600,7 @@ static int ovl_fiemap(struct inode *inode, struct fiema= p_extent_info *fieinfo, =20 old_cred =3D ovl_override_creds(inode->i_sb); err =3D realinode->i_op->fiemap(realinode, fieinfo, start, len); - revert_creds(old_cred); + ovl_revert_creds(old_cred); =20 return err; } @@ -671,7 +671,7 @@ int ovl_fileattr_set(struct mnt_idmap *idmap, err =3D ovl_set_protattr(inode, upperpath.dentry, fa); if (!err) err =3D ovl_real_fileattr_set(&upperpath, fa); - revert_creds(old_cred); + ovl_revert_creds(old_cred); ovl_drop_write(dentry); =20 /* @@ -733,7 +733,7 @@ int ovl_fileattr_get(struct dentry *dentry, struct file= attr *fa) old_cred =3D ovl_override_creds(inode->i_sb); err =3D ovl_real_fileattr_get(&realpath, fa); ovl_fileattr_prot_flags(inode, fa); - revert_creds(old_cred); + ovl_revert_creds(old_cred); =20 return err; } diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c index 5764f91d283e..7e27b7d4adee 100644 --- a/fs/overlayfs/namei.c +++ b/fs/overlayfs/namei.c @@ -961,7 +961,7 @@ static int ovl_maybe_validate_verity(struct dentry *den= try) if (err =3D=3D 0) ovl_set_flag(OVL_VERIFIED_DIGEST, inode); =20 - revert_creds(old_cred); + ovl_revert_creds(old_cred); } =20 ovl_inode_unlock(inode); @@ -995,7 +995,7 @@ static int ovl_maybe_lookup_lowerdata(struct dentry *de= ntry) =20 old_cred =3D ovl_override_creds(dentry->d_sb); err =3D ovl_lookup_data_layers(dentry, redirect, &datapath); - revert_creds(old_cred); + ovl_revert_creds(old_cred); if (err) goto out_err; =20 @@ -1342,7 +1342,7 @@ struct dentry *ovl_lookup(struct inode *dir, struct d= entry *dentry, =20 ovl_dentry_init_reval(dentry, upperdentry, OVL_I_E(inode)); =20 - revert_creds(old_cred); + ovl_revert_creds(old_cred); if (origin_path) { dput(origin_path->dentry); kfree(origin_path); @@ -1366,7 +1366,7 @@ struct dentry *ovl_lookup(struct inode *dir, struct d= entry *dentry, kfree(upperredirect); out: kfree(d.redirect); - revert_creds(old_cred); + ovl_revert_creds(old_cred); return ERR_PTR(err); } =20 @@ -1423,7 +1423,7 @@ bool ovl_lower_positive(struct dentry *dentry) dput(this); } } - revert_creds(old_cred); + ovl_revert_creds(old_cred); =20 return positive; } diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index 0bfe35da4b7b..7b7a6e3a43e2 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -429,6 +429,7 @@ int ovl_want_write(struct dentry *dentry); void ovl_drop_write(struct dentry *dentry); struct dentry *ovl_workdir(struct dentry *dentry); const struct cred *ovl_override_creds(struct super_block *sb); +void ovl_revert_creds(const struct cred *old_cred); =20 static inline const struct cred *ovl_creds(struct super_block *sb) { diff --git a/fs/overlayfs/readdir.c b/fs/overlayfs/readdir.c index 0ca8af060b0c..881ec5592da5 100644 --- a/fs/overlayfs/readdir.c +++ b/fs/overlayfs/readdir.c @@ -290,7 +290,7 @@ static int ovl_check_whiteouts(const struct path *path,= struct ovl_readdir_data } inode_unlock(dir->d_inode); } - revert_creds(old_cred); + ovl_revert_creds(old_cred); =20 return err; } @@ -808,7 +808,7 @@ static int ovl_iterate(struct file *file, struct dir_co= ntext *ctx) } err =3D 0; out: - revert_creds(old_cred); + ovl_revert_creds(old_cred); return err; } =20 @@ -860,7 +860,7 @@ static struct file *ovl_dir_open_realfile(const struct = file *file, =20 old_cred =3D ovl_override_creds(file_inode(file)->i_sb); res =3D ovl_path_open(realpath, O_RDONLY | (file->f_flags & O_LARGEFILE)); - revert_creds(old_cred); + ovl_revert_creds(old_cred); =20 return res; } @@ -987,7 +987,7 @@ int ovl_check_empty_dir(struct dentry *dentry, struct l= ist_head *list) =20 old_cred =3D ovl_override_creds(dentry->d_sb); err =3D ovl_dir_read_merged(dentry, list, &root); - revert_creds(old_cred); + ovl_revert_creds(old_cred); if (err) return err; =20 diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c index edc9216f6e27..9408046f4f41 100644 --- a/fs/overlayfs/util.c +++ b/fs/overlayfs/util.c @@ -68,6 +68,11 @@ const struct cred *ovl_override_creds(struct super_block= *sb) return override_creds(ofs->creator_cred); } =20 +void ovl_revert_creds(const struct cred *old_cred) +{ + revert_creds(old_cred); +} + /* * Check if underlying fs supports file handles and try to determine encod= ing * type, in order to deduce maximum inode number used by fs. @@ -1178,7 +1183,7 @@ int ovl_nlink_start(struct dentry *dentry) * value relative to the upper inode nlink in an upper inode xattr. */ err =3D ovl_set_nlink_upper(dentry); - revert_creds(old_cred); + ovl_revert_creds(old_cred); if (err) goto out_drop_write; =20 @@ -1203,7 +1208,7 @@ void ovl_nlink_end(struct dentry *dentry) =20 old_cred =3D ovl_override_creds(dentry->d_sb); ovl_cleanup_index(dentry); - revert_creds(old_cred); + ovl_revert_creds(old_cred); } =20 ovl_inode_unlock(inode); diff --git a/fs/overlayfs/xattrs.c b/fs/overlayfs/xattrs.c index 383978e4663c..88055deca936 100644 --- a/fs/overlayfs/xattrs.c +++ b/fs/overlayfs/xattrs.c @@ -47,7 +47,7 @@ static int ovl_xattr_set(struct dentry *dentry, struct in= ode *inode, const char ovl_path_lower(dentry, &realpath); old_cred =3D ovl_override_creds(dentry->d_sb); err =3D vfs_getxattr(mnt_idmap(realpath.mnt), realdentry, name, NULL, 0); - revert_creds(old_cred); + ovl_revert_creds(old_cred); if (err < 0) goto out; } @@ -72,7 +72,7 @@ static int ovl_xattr_set(struct dentry *dentry, struct in= ode *inode, const char WARN_ON(flags !=3D XATTR_REPLACE); err =3D ovl_do_removexattr(ofs, realdentry, name); } - revert_creds(old_cred); + ovl_revert_creds(old_cred); ovl_drop_write(dentry); =20 /* copy c/mtime */ @@ -91,7 +91,7 @@ static int ovl_xattr_get(struct dentry *dentry, struct in= ode *inode, const char ovl_i_path_real(inode, &realpath); old_cred =3D ovl_override_creds(dentry->d_sb); res =3D vfs_getxattr(mnt_idmap(realpath.mnt), realpath.dentry, name, valu= e, size); - revert_creds(old_cred); + ovl_revert_creds(old_cred); return res; } =20 @@ -121,7 +121,7 @@ ssize_t ovl_listxattr(struct dentry *dentry, char *list= , size_t size) =20 old_cred =3D ovl_override_creds(dentry->d_sb); res =3D vfs_listxattr(realdentry, list, size); - revert_creds(old_cred); + ovl_revert_creds(old_cred); if (res <=3D 0 || size =3D=3D 0) return res; =20 @@ -268,4 +268,3 @@ const struct xattr_handler * const *ovl_xattr_handlers(= struct ovl_fs *ofs) return ofs->config.userxattr ? ovl_user_xattr_handlers : ovl_trusted_xattr_handlers; } - --=20 2.47.0 From nobody Sun Nov 24 05:25:55 2024 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C736514F70; Thu, 7 Nov 2024 00:57:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730941068; cv=none; b=ohenuRwp/dQjSmf+A5FzGUGW+jdigIHky2fUbmbERpDM42arL0Ard+/Ugk2xgG7+JZ9OXWQwxxLDaV/w8eEWHCHb1n2lr4fYe55NY6tN0KvJKsF4SFr8jKb1ZwX3XuKG+unPlIMyKsT0phHFIOjrfFHZP5cTEjt14/q5O4ZBfXE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730941068; c=relaxed/simple; bh=lvczs+KGO/SNLRad/bgNhITn0FjIxg1/VkTgbqju/bE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Y6L8nT6BJpVu6ffp19c3PDnl8f/RSL1DWvHrwg8wC1/x61fCwFyht+ogKvWo+0insTuHTtkFMoYDLua5GYt1zuPFdP2Kb48GXpDWLqlEykSAQrHsBhpIhZkbgDigsNgDTXAz1CwXWbeuwF5JXpcE4kvPLZg+JRF4To75kLi1D8k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=WDik/j1G; arc=none smtp.client-ip=198.175.65.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="WDik/j1G" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1730941067; x=1762477067; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=lvczs+KGO/SNLRad/bgNhITn0FjIxg1/VkTgbqju/bE=; b=WDik/j1GmQ2wwfIFCn0oSDu7l/4Xh4+kRuzuisHTlNJIyIio9RoUkD2k g+yOvSUqh2NeUCB+OyOUbCaxey8RMxVYP8xygHBIdjnxe+4UcGHMjmhey g2kgxZpEUZNXEwGUCxRfnCllP5etIeQdwPJ1sQcAxrVOENS6hU+2Bqgt2 iVXhJEUxdjo5x4MC+qnxGqcq2980Lb78z+eXDZSUha+CdmphEL6NinzSZ 3/e7uU2jTzlYn8X587YXTfY9Nq7iQhzJ+X08JJV/qYaM3LsQpgg/Dr9ra nD+54nt3FEG84p5jTLgsl5mjegEFYFDy0XyEpL9hrHfKMTEHu+GQCXEzh A==; X-CSE-ConnectionGUID: by8ZH7PURNWxjzj3sQZovQ== X-CSE-MsgGUID: OnfS1c9jRgeuYWmG9sPRMA== X-IronPort-AV: E=McAfee;i="6700,10204,11222"; a="41320198" X-IronPort-AV: E=Sophos;i="6.11,199,1725346800"; d="scan'208";a="41320198" Received: from fmviesa010.fm.intel.com ([10.60.135.150]) by orvoesa103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2024 16:57:43 -0800 X-CSE-ConnectionGUID: FRrcaGJJRKq/UQ8rYpTXzA== X-CSE-MsgGUID: 5/a1YUR9RROdsKTCNAWlHQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.11,264,1725346800"; d="scan'208";a="85193449" Received: from rfrazer-mobl3.amr.corp.intel.com (HELO vcostago-mobl3.lan) ([10.124.222.105]) by fmviesa010-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2024 16:57:43 -0800 From: Vinicius Costa Gomes To: brauner@kernel.org, amir73il@gmail.com, hu1.chen@intel.com Cc: miklos@szeredi.hu, malini.bhandaru@intel.com, tim.c.chen@intel.com, mikko.ylinen@intel.com, linux-unionfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Vinicius Costa Gomes Subject: [PATCH v4 4/4] ovl: Optimize override/revert creds Date: Wed, 6 Nov 2024 16:57:20 -0800 Message-ID: <20241107005720.901335-5-vinicius.gomes@intel.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241107005720.901335-1-vinicius.gomes@intel.com> References: <20241107005720.901335-1-vinicius.gomes@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Use override_creds_light() in ovl_override_creds() and revert_creds_light() in ovl_revert_creds_light(). The _light() functions do not change the 'usage' of the credentials in question, as they refer to the credentials associated with the mounter, which have a longer lifetime. In ovl_setup_cred_for_create(), do not need to modify the mounter credentials (returned by override_creds()) 'usage' counter. Add a warning to verify that we are indeed working with the mounter credentials (stored in the superblock). Failure in this assumption means that creds may leak. Suggested-by: Christian Brauner Signed-off-by: Vinicius Costa Gomes Acked-by: Vinicius Costa Gomes --- fs/overlayfs/dir.c | 7 ++++++- fs/overlayfs/util.c | 4 ++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c index 09db5eb19242..136a2c7fb9e5 100644 --- a/fs/overlayfs/dir.c +++ b/fs/overlayfs/dir.c @@ -571,7 +571,12 @@ static int ovl_setup_cred_for_create(struct dentry *de= ntry, struct inode *inode, put_cred(override_cred); return err; } - put_cred(override_creds(override_cred)); + + /* + * We must be called with creator creds already, otherwise we risk + * leaking creds. + */ + WARN_ON_ONCE(override_creds(override_cred) !=3D ovl_creds(dentry->d_sb)); put_cred(override_cred); =20 return 0; diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c index 9408046f4f41..3bb107471fb4 100644 --- a/fs/overlayfs/util.c +++ b/fs/overlayfs/util.c @@ -65,12 +65,12 @@ const struct cred *ovl_override_creds(struct super_bloc= k *sb) { struct ovl_fs *ofs =3D OVL_FS(sb); =20 - return override_creds(ofs->creator_cred); + return override_creds_light(ofs->creator_cred); } =20 void ovl_revert_creds(const struct cred *old_cred) { - revert_creds(old_cred); + revert_creds_light(old_cred); } =20 /* --=20 2.47.0