From nobody Sun Feb 8 00:38:52 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6BE6B303CA0; Mon, 3 Nov 2025 11:27:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762169230; cv=none; b=sdBRIUpisf+ELDfwlO3Z2k3XKVr295zPqudx0IK3UHeskypaW4xKttgETZAh+vMB4XqzdgNogz1taHcAnJJD8wGa3EgaVPEbwYGQZ4ktAegiLCLDAzFUEX6HRQaOQZTAbim6BVEbeghtIYCa1QmjueL10Jz8BxWQBWYWXlZVve0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762169230; c=relaxed/simple; bh=7XvDmuLKWtrG8tCoP/2+H/Ukc4K30gpuVQ4WPA2E0lk=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=DMh8KZmLAxtFN+2x6KRRpwaijoyPkedLxPBWNC0E1omBxVo2ntLixsBajvZmSoy5M/aRLoJ2LeR98l0+hI8QS+w0SHAZv7WSJ7wit+yLHQHy7+b5eCxRdkc39/JBwiU5C+I0UGf42BSJUQBJ1LbjrCQ7ipHX8a/S5gCpwAHxPtE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=jLdXqD5l; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="jLdXqD5l" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8CE21C4CEFD; Mon, 3 Nov 2025 11:27:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1762169230; bh=7XvDmuLKWtrG8tCoP/2+H/Ukc4K30gpuVQ4WPA2E0lk=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=jLdXqD5l4Xp7KDST1IF1JQXGHsTch3QsJa+I3ofzc8gfQryyrnneR8N/I6s7hKetC BFrHmiKj1wdpeC76SqGIPoko1Km7hHPkR0s1O3NaEryoOEda10C0l3Fz+TrAzfOIVL E9+YjcIznWS82YD3+WBJDVthx0MkS94g4YuBBDOb1Hb2HKaMQ3z3ZcxhiswtBXTOq0 BuAIU/8QYb7SPzY6cnnnMtzMvkGBLGVtaPAstqThfphVP0+oJ6AaodsxzoBrXjnQi5 GkRonLkT/Ce79Z7YJzgDK1vTNBiRvcvNm5/AE18gfxbiG1Hlg30QV94YkWb+3I9XJK GnVL/AHRfZe4g== From: Christian Brauner Date: Mon, 03 Nov 2025 12:26:49 +0100 Subject: [PATCH 01/16] cred: add {scoped_}with_creds() guards Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251103-work-creds-guards-simple-v1-1-a3e156839e7f@kernel.org> References: <20251103-work-creds-guards-simple-v1-0-a3e156839e7f@kernel.org> In-Reply-To: <20251103-work-creds-guards-simple-v1-0-a3e156839e7f@kernel.org> To: Linus Torvalds Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-aio@kvack.org, linux-unionfs@vger.kernel.org, linux-erofs@lists.ozlabs.org, linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org, samba-technical@lists.samba.org, cgroups@vger.kernel.org, netdev@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-96507 X-Developer-Signature: v=1; a=openpgp-sha256; l=1136; i=brauner@kernel.org; h=from:subject:message-id; bh=7XvDmuLKWtrG8tCoP/2+H/Ukc4K30gpuVQ4WPA2E0lk=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWRyTGxfdtUr4Hmjparc28LU2KdX86XOvFbRTs9PTr24I aZh6+HjHaUsDGJcDLJiiiwO7Sbhcst5KjYbZWrAzGFlAhnCwMUpABNRSmb4p7WoYI2EzgP+yo22 DCdF9vvXv9HlX3Re1yzg203+Q0unuzAyXGhTWzeVqc786WudX0Y3/2ROOMlg5ekSOSkveqPHDt1 UdgA= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 and implement with_kernel_creds() and scoped_with_kernel_creds() on top of them. Signed-off-by: Christian Brauner Reviewed-by: Amir Goldstein --- include/linux/cred.h | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/include/linux/cred.h b/include/linux/cred.h index c4f7630763f4..1778c0535b90 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -192,11 +192,15 @@ DEFINE_CLASS(override_creds, revert_creds(_T), override_creds(override_cred), const struct cred *override_cred) =20 -#define with_kernel_creds() \ - CLASS(override_creds, __UNIQUE_ID(cred))(kernel_cred()) +#define with_creds(cred) \ + CLASS(override_creds, __UNIQUE_ID(label))(cred) =20 -#define scoped_with_kernel_creds() \ - scoped_class(override_creds, __UNIQUE_ID(cred), kernel_cred()) +#define scoped_with_creds(cred) \ + scoped_class(override_creds, __UNIQUE_ID(label), cred) + +#define with_kernel_creds() with_creds(kernel_cred()) + +#define scoped_with_kernel_creds() scoped_with_creds(kernel_cred()) =20 /** * get_cred_many - Get references on a set of credentials --=20 2.47.3 From nobody Sun Feb 8 00:38:52 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 77D17304BB4; Mon, 3 Nov 2025 11:27:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762169234; cv=none; b=YLrB3k11LyUx/8X0/B7Hg0S6c4Lya7KP7wivNE7HqxKZ6xHvjHWG0J97EOVzNL29fGwu95uYLRaZzRtDlQ68XHXJDy/4dA2XE0u22VdJT5GdtuxXvD3uvT+prslwiX6gUSekuK6ceocmQxItFg7/IKrn5GsIpjdbGEfgnFApmIs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762169234; c=relaxed/simple; bh=VcUIGwwKN/fhXkDTSmha7C+Rr/wXO/1VNsCTsLfj5Z0=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=WsS7UiHAMMyiHP0b1T9CdbCefhDbPFPKuEeWxaDgN5E6TWqTWjERoX0bmgAp31mNKiTa2DkRWW06uBHom2YdmzZ/jpZ2cko3lOyQ98hI4H7d4ie08+n2eDoNRRYJ8OpFsK1CigdQ/18LXJKTw/nI9E7xQn9MnC9yEA5SX4s/b5A= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=IGnAQ3tR; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="IGnAQ3tR" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 71722C4CEF8; Mon, 3 Nov 2025 11:27:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1762169233; bh=VcUIGwwKN/fhXkDTSmha7C+Rr/wXO/1VNsCTsLfj5Z0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=IGnAQ3tRPPjorQ1+iD6J8WpE2snil5nXhlYYaMzMblC27Q7UW1C8AUCNkhTTnHmXB ojpglavzAw+t7jnhjOOKrx9FgI8J3v6b1yj54L+7I7QGmMWwbJuwjf0EK6tgMoXOP9 Ln6zCdjmMlbCeXOKTzDRpiGH+o+4Oflmm6UMSvDT2G8VsOMkO01JezyGV6I8IrczaX cAhLr8VJSQFB1BDpdoSNdcEOz01LjdagIuipmDSHu6PXHBFcl4xH9qgiSwQlcJq9x+ wBteyF/8mfMS8WG4rFcgzyVYXm7b1kaP5ppeCVQCxt0TOfrzSXjpdsIVXMnZoH+wKy Cijms8FKajLOA== From: Christian Brauner Date: Mon, 03 Nov 2025 12:26:50 +0100 Subject: [PATCH 02/16] aio: use credential guards Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251103-work-creds-guards-simple-v1-2-a3e156839e7f@kernel.org> References: <20251103-work-creds-guards-simple-v1-0-a3e156839e7f@kernel.org> In-Reply-To: <20251103-work-creds-guards-simple-v1-0-a3e156839e7f@kernel.org> To: Linus Torvalds Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-aio@kvack.org, linux-unionfs@vger.kernel.org, linux-erofs@lists.ozlabs.org, linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org, samba-technical@lists.samba.org, cgroups@vger.kernel.org, netdev@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-96507 X-Developer-Signature: v=1; a=openpgp-sha256; l=925; i=brauner@kernel.org; h=from:subject:message-id; bh=VcUIGwwKN/fhXkDTSmha7C+Rr/wXO/1VNsCTsLfj5Z0=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWRyTGx34UuK1y8Wn/fcvmTfbgm2oJ3Rc9hyGCcu6knct GCXTrtRRykLgxgXg6yYIotDu0m43HKeis1GmRowc1iZQIYwcHEKwEQ25jL84Qx9qzArhc+RXZhj 5Z3Lq1eYP7C/eGoZWwtvAtfjurrJaYwM7/3/v9Q8HpPxIqeDceLPo1ZfbuxaZBP6Wp8ndtW908r CLAA= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Use credential guards for scoped credential override with automatic restoration on scope exit. Signed-off-by: Christian Brauner Reviewed-by: Amir Goldstein --- fs/aio.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/fs/aio.c b/fs/aio.c index 5bc133386407..0a23a8c0717f 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -1640,10 +1640,10 @@ static int aio_write(struct kiocb *req, const struc= t iocb *iocb, static void aio_fsync_work(struct work_struct *work) { struct aio_kiocb *iocb =3D container_of(work, struct aio_kiocb, fsync.wor= k); - const struct cred *old_cred =3D override_creds(iocb->fsync.creds); =20 - iocb->ki_res.res =3D vfs_fsync(iocb->fsync.file, iocb->fsync.datasync); - revert_creds(old_cred); + scoped_with_creds(iocb->fsync.creds) + iocb->ki_res.res =3D vfs_fsync(iocb->fsync.file, iocb->fsync.datasync); + put_cred(iocb->fsync.creds); iocb_put(iocb); } --=20 2.47.3 From nobody Sun Feb 8 00:38:52 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6D5B53054DB; Mon, 3 Nov 2025 11:27:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762169236; cv=none; b=dwS7E1NIpD8FQwmoIRjU23z12LVEDxx5yQXl67Z4lCRymRhA09AH0k6KWrR5easbwIAMDVYrjea/C3ZoCWaGwH7iNiC/9ioYNNFg7puV2ewTtiImXMD9PTFDtzYwkxoSPy3FjGFEhF9g7jGvhYtAohmxsh5mUS+hEf1fuMIUrs4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762169236; c=relaxed/simple; bh=Te6t6WBv6LcIE3Mz3jIDSKVou5veHZxj8ddg+uVgoIk=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=ovZKQQ2kCXvnk69xPwjn5oZpfmRaEKbYkSzmCIavlo9YWY59FnNQkgWqzIrbsOFRlhHBeFzFcV2vbYT0YDNGiQyt8I1a0rpOce4urOq0CLSm8bHIAb5S3YHkk/7wtuHa7t7flAVwquDGR9mI7BaxRm+ujLh/fCgXQvEKclAyEo8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=sGzomzn+; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="sGzomzn+" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7ED62C116B1; Mon, 3 Nov 2025 11:27:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1762169236; bh=Te6t6WBv6LcIE3Mz3jIDSKVou5veHZxj8ddg+uVgoIk=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=sGzomzn+PGDjvCwVJp7q7eb+dM1qxws72K6VH6xrXYmiGMTqrkYKH5g+ub4EUHZjN jAnATZTZMkKxvekdh/YRrdgGycnz6CGT3CDuRJR2YY0e1Zr4UyVqpldjAjR+bNT1u7 iiMA1FmOiSALrUAa+gellLW9ZhHuuud6bFbDlSAT77tgEqHbbjHusLuF2KHjkqvsvX VOetbNFCU0wnAJPhI53xqUam9lcXUp1hwNSpnKscop8OqOs6+t0/RoZDPoC30RwPkB OFF9MtFrUp0bTHvXUuLg9O5p9VvocMC31CLCjvY2a7BtHOKWiZL8k6PtoNchqYTvOd S3jdiMZckWqtw== From: Christian Brauner Date: Mon, 03 Nov 2025 12:26:51 +0100 Subject: [PATCH 03/16] backing-file: use credential guards for reads Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251103-work-creds-guards-simple-v1-3-a3e156839e7f@kernel.org> References: <20251103-work-creds-guards-simple-v1-0-a3e156839e7f@kernel.org> In-Reply-To: <20251103-work-creds-guards-simple-v1-0-a3e156839e7f@kernel.org> To: Linus Torvalds Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-aio@kvack.org, linux-unionfs@vger.kernel.org, linux-erofs@lists.ozlabs.org, linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org, samba-technical@lists.samba.org, cgroups@vger.kernel.org, netdev@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-96507 X-Developer-Signature: v=1; a=openpgp-sha256; l=2556; i=brauner@kernel.org; h=from:subject:message-id; bh=Te6t6WBv6LcIE3Mz3jIDSKVou5veHZxj8ddg+uVgoIk=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWRyTGz38X4ce1HzVa/FXFUmtYYbMyeKTlf3c6gz+HNeT UZ2t6dqRykLgxgXg6yYIotDu0m43HKeis1GmRowc1iZQIYwcHEKwETmNzIyrAgrqVBzevihy0q+ cEaCUKh4gH265rKLiUmZ3/MdWiJFGX4xPcraW37lS0tS87Zpued+eQrIv7x3fl4Qi0yXyfXruRy cAA== X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Use credential guards for scoped credential override with automatic restoration on scope exit. Signed-off-by: Christian Brauner Reviewed-by: Amir Goldstein --- fs/backing-file.c | 52 ++++++++++++++++++++++++++++------------------------ 1 file changed, 28 insertions(+), 24 deletions(-) diff --git a/fs/backing-file.c b/fs/backing-file.c index 15a7f8031084..4cb7276e7ead 100644 --- a/fs/backing-file.c +++ b/fs/backing-file.c @@ -157,13 +157,37 @@ static int backing_aio_init_wq(struct kiocb *iocb) return sb_init_dio_done_wq(sb); } =20 +static int do_backing_file_read_iter(struct file *file, struct iov_iter *i= ter, + struct kiocb *iocb, int flags) +{ + struct backing_aio *aio =3D NULL; + int ret; + + if (is_sync_kiocb(iocb)) { + rwf_t rwf =3D iocb_to_rw_flags(flags); + + return vfs_iter_read(file, iter, &iocb->ki_pos, rwf); + } + + aio =3D kmem_cache_zalloc(backing_aio_cachep, GFP_KERNEL); + if (!aio) + return -ENOMEM; + + aio->orig_iocb =3D iocb; + kiocb_clone(&aio->iocb, iocb, get_file(file)); + aio->iocb.ki_complete =3D backing_aio_rw_complete; + refcount_set(&aio->ref, 2); + ret =3D vfs_iocb_iter_read(file, &aio->iocb, iter); + backing_aio_put(aio); + if (ret !=3D -EIOCBQUEUED) + backing_aio_cleanup(aio, ret); + return ret; +} =20 ssize_t backing_file_read_iter(struct file *file, struct iov_iter *iter, struct kiocb *iocb, int flags, struct backing_file_ctx *ctx) { - struct backing_aio *aio =3D NULL; - const struct cred *old_cred; ssize_t ret; =20 if (WARN_ON_ONCE(!(file->f_mode & FMODE_BACKING))) @@ -176,28 +200,8 @@ ssize_t backing_file_read_iter(struct file *file, stru= ct iov_iter *iter, !(file->f_mode & FMODE_CAN_ODIRECT)) return -EINVAL; =20 - old_cred =3D override_creds(ctx->cred); - if (is_sync_kiocb(iocb)) { - rwf_t rwf =3D iocb_to_rw_flags(flags); - - ret =3D vfs_iter_read(file, iter, &iocb->ki_pos, rwf); - } else { - ret =3D -ENOMEM; - aio =3D kmem_cache_zalloc(backing_aio_cachep, GFP_KERNEL); - if (!aio) - goto out; - - aio->orig_iocb =3D iocb; - kiocb_clone(&aio->iocb, iocb, get_file(file)); - aio->iocb.ki_complete =3D backing_aio_rw_complete; - refcount_set(&aio->ref, 2); - ret =3D vfs_iocb_iter_read(file, &aio->iocb, iter); - backing_aio_put(aio); - if (ret !=3D -EIOCBQUEUED) - backing_aio_cleanup(aio, ret); - } -out: - revert_creds(old_cred); + scoped_with_creds(ctx->cred) + do_backing_file_read_iter(file, iter, iocb, flags); =20 if (ctx->accessed) ctx->accessed(iocb->ki_filp); --=20 2.47.3 From nobody Sun Feb 8 00:38:52 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 47F52302752; Mon, 3 Nov 2025 11:27:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762169239; cv=none; b=eCr8EAUzQoAXm2g8Sfu0/O3G8FPkFhQ/z/u6DqlCylIa4GeFXs9Fi0mOMRjXhbFG9b4K0QeVQTZwZSTLKlwuWFvo5DxzaqRHy5p6n6vCeze+pzSIRfH8xoot0QhdHpoe9fh3rEZUD5hJutuunohDYPncjAiBd0aeWDGKdqaIeDw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762169239; c=relaxed/simple; bh=nM6vUvQd4AMD+xtcLBWx9Qk09b196BZxjzjS13mYIcc=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=PxuszvqR1lrKFnRBIv6+3D/pKD1Rz+OEmKI5oeMIWTrtVWTTHo5pEZ5esUqJT720AeepBMw772xU5i8+xnhSX01mg+DHXh7k+S095D+skTT5rkk96l7aJ8LWD0RU1ovwexfIuyZHXIien6rrZeOy1MhnO67Txv2ZUBgizahrl0E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=r2H84mnV; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="r2H84mnV" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6D419C4CEFD; Mon, 3 Nov 2025 11:27:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1762169238; bh=nM6vUvQd4AMD+xtcLBWx9Qk09b196BZxjzjS13mYIcc=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=r2H84mnVSjhuIGEO5aLRQorevyb8zjgiiHeJZlPPmhXri/0/4PMO+OYDGVDt50NKB t0kn67GHFwA3X/jWuiYZuKDHgD+g1gfQrcbGiNZwci38VGJ07IFFvQozVUJs/dGnV7 nJHrrn/pV9R7ErJ65CuBBGwYTj7bJhGRaUo4JKPKQLV43ib/wO415hgFNLv/frAmAs hfp+Ykng5R99V6EcXlMks/+KbMSfMZHWO27TPXbywi+fYqp/PsHhqqHGmjW4AHNNkt SLDK+VhWs+5h/66bqjmnvlcuVtCVf1CXZfdTPwJZG8V4GX4N4ddhJ5/LMW6Jutesb7 2Mmj5DXtPgLVw== From: Christian Brauner Date: Mon, 03 Nov 2025 12:26:52 +0100 Subject: [PATCH 04/16] backing-file: use credential guards for writes Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251103-work-creds-guards-simple-v1-4-a3e156839e7f@kernel.org> References: <20251103-work-creds-guards-simple-v1-0-a3e156839e7f@kernel.org> In-Reply-To: <20251103-work-creds-guards-simple-v1-0-a3e156839e7f@kernel.org> To: Linus Torvalds Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-aio@kvack.org, linux-unionfs@vger.kernel.org, linux-erofs@lists.ozlabs.org, linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org, samba-technical@lists.samba.org, cgroups@vger.kernel.org, netdev@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-96507 X-Developer-Signature: v=1; a=openpgp-sha256; l=3033; i=brauner@kernel.org; h=from:subject:message-id; bh=nM6vUvQd4AMD+xtcLBWx9Qk09b196BZxjzjS13mYIcc=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWRyTGzfO2uy4qzbchqXxHO5jrbyGT776n08N2zn67qjv IH3X6d87ShlYRDjYpAVU2RxaDcJl1vOU7HZKFMDZg4rE8gQBi5OAZiIeDXD/3DflS25m8pkl4uc /rlhwwKZR8KTu1oVjt2fl6HIqaf5Zx7D/9TpR5O508w/XTv+5owO47I/vx/cZDwjZ374u2TULvF ni5kA X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Use credential guards for scoped credential override with automatic restoration on scope exit. Signed-off-by: Christian Brauner Reviewed-by: Amir Goldstein --- fs/backing-file.c | 74 +++++++++++++++++++++++++++++----------------------= ---- 1 file changed, 39 insertions(+), 35 deletions(-) diff --git a/fs/backing-file.c b/fs/backing-file.c index 4cb7276e7ead..9bea737d5bef 100644 --- a/fs/backing-file.c +++ b/fs/backing-file.c @@ -210,11 +210,47 @@ ssize_t backing_file_read_iter(struct file *file, str= uct iov_iter *iter, } EXPORT_SYMBOL_GPL(backing_file_read_iter); =20 +static int do_backing_file_write_iter(struct file *file, struct iov_iter *= iter, + struct kiocb *iocb, int flags, + void (*end_write)(struct kiocb *, ssize_t)) +{ + struct backing_aio *aio; + int ret; + + if (is_sync_kiocb(iocb)) { + rwf_t rwf =3D iocb_to_rw_flags(flags); + + ret =3D vfs_iter_write(file, iter, &iocb->ki_pos, rwf); + if (end_write) + end_write(iocb, ret); + return ret; + } + + ret =3D backing_aio_init_wq(iocb); + if (ret) + return ret; + + aio =3D kmem_cache_zalloc(backing_aio_cachep, GFP_KERNEL); + if (!aio) + return -ENOMEM; + + aio->orig_iocb =3D iocb; + aio->end_write =3D end_write; + kiocb_clone(&aio->iocb, iocb, get_file(file)); + aio->iocb.ki_flags =3D flags; + aio->iocb.ki_complete =3D backing_aio_queue_completion; + refcount_set(&aio->ref, 2); + ret =3D vfs_iocb_iter_write(file, &aio->iocb, iter); + backing_aio_put(aio); + if (ret !=3D -EIOCBQUEUED) + backing_aio_cleanup(aio, ret); + return ret; +} + ssize_t backing_file_write_iter(struct file *file, struct iov_iter *iter, struct kiocb *iocb, int flags, struct backing_file_ctx *ctx) { - const struct cred *old_cred; ssize_t ret; =20 if (WARN_ON_ONCE(!(file->f_mode & FMODE_BACKING))) @@ -237,40 +273,8 @@ ssize_t backing_file_write_iter(struct file *file, str= uct iov_iter *iter, */ flags &=3D ~IOCB_DIO_CALLER_COMP; =20 - old_cred =3D override_creds(ctx->cred); - if (is_sync_kiocb(iocb)) { - rwf_t rwf =3D iocb_to_rw_flags(flags); - - ret =3D vfs_iter_write(file, iter, &iocb->ki_pos, rwf); - if (ctx->end_write) - ctx->end_write(iocb, ret); - } else { - struct backing_aio *aio; - - ret =3D backing_aio_init_wq(iocb); - if (ret) - goto out; - - ret =3D -ENOMEM; - aio =3D kmem_cache_zalloc(backing_aio_cachep, GFP_KERNEL); - if (!aio) - goto out; - - aio->orig_iocb =3D iocb; - aio->end_write =3D ctx->end_write; - kiocb_clone(&aio->iocb, iocb, get_file(file)); - aio->iocb.ki_flags =3D flags; - aio->iocb.ki_complete =3D backing_aio_queue_completion; - refcount_set(&aio->ref, 2); - ret =3D vfs_iocb_iter_write(file, &aio->iocb, iter); - backing_aio_put(aio); - if (ret !=3D -EIOCBQUEUED) - backing_aio_cleanup(aio, ret); - } -out: - revert_creds(old_cred); - - return ret; + with_creds(ctx->cred); + return do_backing_file_write_iter(file, iter, iocb, flags, ctx->end_write= ); } EXPORT_SYMBOL_GPL(backing_file_write_iter); =20 --=20 2.47.3 From nobody Sun Feb 8 00:38:52 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 48210306B35; Mon, 3 Nov 2025 11:27:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762169242; cv=none; b=RJJdcWyr4A2FGgO7PJ6sYS89uMwwQrhCCG0rN8KsVmyuTOMtfmAhjS6VMiK2p5w0REOgrM327AtLti4cQ3gDZjpdTtJ6SbWGdDHE42CcpJ2+v5rFiNC7pOPSOCjQFpk7+MfIAgBSb1NpyKNvUMY/N1jmRNgQAF2DGYMuWUwLjsI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762169242; c=relaxed/simple; bh=AQ/Nv+Gm1iyA4MT1Cr+T/3KGkzWrrlBvcUFCgBNnIOc=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=H/e1OBh67+UTWtrppRN4C/NM6DNhBkrhJqPs+9PKOa8WKHkb/X+BIXmQhIgmPuOf3azFEcRekKitvtYxKq6BqIezugZdi3eMlmfocmdI2u+tEq5w4F8kx95vf1XkqjOkoGM2PnVqAKGdkrur5KdJoMU0GVo1ox4a/AQz75LsTWU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=mwSwtBJN; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="mwSwtBJN" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5C4BFC116C6; Mon, 3 Nov 2025 11:27:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1762169241; bh=AQ/Nv+Gm1iyA4MT1Cr+T/3KGkzWrrlBvcUFCgBNnIOc=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=mwSwtBJNrczmBeLlfXA5znjbKF562UqPh69bEu98DZ5XRywF891sJAKAL7N7Gg2+w DB1h3pjxaVeeJBv3r961WONcu6m9YzhdpFb7vuefHWS16ZOhQCejJwH4OWnG4vBduW 6pPLAELxrWssqj4wrKct4I6KpAjrWpFyXBP0vXWhUSUCbOZT0a0GyBd0qaL6w4heK1 IMjF0/0GbHnKk9wL2jspcIyNQr2koBxUd5HJSK0KfPYo+CZkTCzzp7QYZZ+XQU+/YF sGtJimvYvKECLQII6gkpylUAUqISFS62sDoYUuyQfOWLqmxpuxV3VL1B6MaRsGpLMM uqMEtsDtsY3Vg== From: Christian Brauner Date: Mon, 03 Nov 2025 12:26:53 +0100 Subject: [PATCH 05/16] backing-file: use credential guards for splice read Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251103-work-creds-guards-simple-v1-5-a3e156839e7f@kernel.org> References: <20251103-work-creds-guards-simple-v1-0-a3e156839e7f@kernel.org> In-Reply-To: <20251103-work-creds-guards-simple-v1-0-a3e156839e7f@kernel.org> To: Linus Torvalds Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-aio@kvack.org, linux-unionfs@vger.kernel.org, linux-erofs@lists.ozlabs.org, linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org, samba-technical@lists.samba.org, cgroups@vger.kernel.org, netdev@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-96507 X-Developer-Signature: v=1; a=openpgp-sha256; l=970; i=brauner@kernel.org; h=from:subject:message-id; bh=AQ/Nv+Gm1iyA4MT1Cr+T/3KGkzWrrlBvcUFCgBNnIOc=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWRyTGw/4lX90OxD2/XgZRU3XBsyapnSRLz73uuFJzSdy FHuyTvXUcrCIMbFICumyOLQbhIut5ynYrNRpgbMHFYmkCEMXJwCMJFTLxgZTr4N3npssUFilvmv iJMN6fdkjL//OFtaeaP49bfWg7u58xj+iuVXbjG7k7XtT/70zS/bDXP36c1mMZ+1PyBx08u41wn GnAA= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Use credential guards for scoped credential override with automatic restoration on scope exit. Signed-off-by: Christian Brauner Reviewed-by: Amir Goldstein --- fs/backing-file.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/fs/backing-file.c b/fs/backing-file.c index 9bea737d5bef..8ebc62f49bad 100644 --- a/fs/backing-file.c +++ b/fs/backing-file.c @@ -283,15 +283,13 @@ ssize_t backing_file_splice_read(struct file *in, str= uct kiocb *iocb, unsigned int flags, struct backing_file_ctx *ctx) { - const struct cred *old_cred; ssize_t ret; =20 if (WARN_ON_ONCE(!(in->f_mode & FMODE_BACKING))) return -EIO; =20 - old_cred =3D override_creds(ctx->cred); - ret =3D vfs_splice_read(in, &iocb->ki_pos, pipe, len, flags); - revert_creds(old_cred); + scoped_with_creds(ctx->cred) + ret =3D vfs_splice_read(in, &iocb->ki_pos, pipe, len, flags); =20 if (ctx->accessed) ctx->accessed(iocb->ki_filp); --=20 2.47.3 From nobody Sun Feb 8 00:38:52 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 127AF307ACF; Mon, 3 Nov 2025 11:27:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762169245; cv=none; b=phk40vlRabNAsq78QxOa7IKce0jyD6vjaWw5P8z9HoHFzPMx0cOvR7ZoUP75ru0eFZtBZpFLK+x1tmv3+qvQ1CdPvfBSsO3Lsr/UnGVzHBCrhCMqxioyRjOx8LyKjHF54mMHTZBoj2rSJKRjzo3Yi05HQ2KjovQupBbxI8oLE6M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762169245; c=relaxed/simple; bh=mlLhVVRd/xxD3/60oVSWrFdPcpqIel0cuCN6B/lJA2U=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=Cj9vxzhmYuyFoMR4JY5Fm/JH3TE5tagGxFnz4VZ943/swqjHYdfKtXcds1mcVfoboOcAJ0TDIbL9h+phX6koawuU+FzKI2eXyrPMtcWEap/XT7mKMo3WagTNPFmo26aey6DlCC0LdkcsUhVe4uQFf3O3qaByxcNvxI/tX8bYQm4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=dSJOLdYs; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="dSJOLdYs" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4214FC4CEF8; Mon, 3 Nov 2025 11:27:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1762169244; bh=mlLhVVRd/xxD3/60oVSWrFdPcpqIel0cuCN6B/lJA2U=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=dSJOLdYsbOtv8x75jqQRz94Oo7UCb7902vSZu0lMMEMCXX/RorZSIkWG8wMed0DWX Ouy8AGG2Fk4WbaOjNzHC2oj3oZgQz3oknW5LY+JpTrie1MhL2dYKPeI8Z/JKT6rbIF Xdn+JLAllNO5yjbH+XulE9RPblj14m06XiM6A7MA3VtBbJYHXSWd58SvLppxpaWaxc SPZ5UeZvxHBPP6kfNsq/eg4oSKVdePHLrKMEM9nYnEEzvLs9V7QIEX9/NqClTOITqR HJQqn+BrCZ8jtneil1XvrBoe6VXIjMjfOLZWm7vksU/vRSN03kt5Vs3y4oZqk2pw9Z He0fs7fz/JbSw== From: Christian Brauner Date: Mon, 03 Nov 2025 12:26:54 +0100 Subject: [PATCH 06/16] backing-file: use credential guards for splice write Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251103-work-creds-guards-simple-v1-6-a3e156839e7f@kernel.org> References: <20251103-work-creds-guards-simple-v1-0-a3e156839e7f@kernel.org> In-Reply-To: <20251103-work-creds-guards-simple-v1-0-a3e156839e7f@kernel.org> To: Linus Torvalds Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-aio@kvack.org, linux-unionfs@vger.kernel.org, linux-erofs@lists.ozlabs.org, linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org, samba-technical@lists.samba.org, cgroups@vger.kernel.org, netdev@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-96507 X-Developer-Signature: v=1; a=openpgp-sha256; l=1206; i=brauner@kernel.org; h=from:subject:message-id; bh=mlLhVVRd/xxD3/60oVSWrFdPcpqIel0cuCN6B/lJA2U=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWRyTGzXdZtwz9bEwErmpcLqufXHk27pXpnv09HpmZD0Y Y6C+a20jlIWBjEuBlkxRRaHdpNwueU8FZuNMjVg5rAygQxh4OIUgIlMlmT4Z7vMQkfcbFZTvPjK Ewmagtc3vf6j5+nFsSeJ/4GEQ3oNDyPDlF/cWhO2zF8gfDJJW6Ut7fjsf/KJewqqFmuk6rpyt3j yAAA= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Use credential guards for scoped credential override with automatic restoration on scope exit. Signed-off-by: Christian Brauner Reviewed-by: Amir Goldstein --- fs/backing-file.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/fs/backing-file.c b/fs/backing-file.c index 8ebc62f49bad..9c63a3368b66 100644 --- a/fs/backing-file.c +++ b/fs/backing-file.c @@ -303,7 +303,6 @@ ssize_t backing_file_splice_write(struct pipe_inode_inf= o *pipe, size_t len, unsigned int flags, struct backing_file_ctx *ctx) { - const struct cred *old_cred; ssize_t ret; =20 if (WARN_ON_ONCE(!(out->f_mode & FMODE_BACKING))) @@ -316,11 +315,11 @@ ssize_t backing_file_splice_write(struct pipe_inode_i= nfo *pipe, if (ret) return ret; =20 - old_cred =3D override_creds(ctx->cred); - file_start_write(out); - ret =3D out->f_op->splice_write(pipe, out, &iocb->ki_pos, len, flags); - file_end_write(out); - revert_creds(old_cred); + scoped_with_creds(ctx->cred) { + file_start_write(out); + ret =3D out->f_op->splice_write(pipe, out, &iocb->ki_pos, len, flags); + file_end_write(out); + } =20 if (ctx->end_write) ctx->end_write(iocb, ret); --=20 2.47.3 From nobody Sun Feb 8 00:38:52 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CADC9308F00; Mon, 3 Nov 2025 11:27:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762169247; cv=none; b=aM80Oj38KT1xe61dHYav1xs4MKrJ95XlFjwJ68Gu328J+wbDF9T7fw5MkO4HejkzqZC6qdZTAjO5uc/hSvWZnwX16VUf6BN5jknd+WXPRucGbZ4Uo9Ckhm3+YOa9P5sqbhAZFa4SjUJRuMyfhmwpN36GrM+jpJgRDfcfxcEQXqo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762169247; c=relaxed/simple; bh=xUgfCnEjAJd8zsIOSMA0urqHXlAuN0jLc7ICsbqbewI=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=XiF8df5ilFM8sOYKFNeGQnknhbBga6Hq8zbNzol8oKIaD3uGk7Ypsn3AGiy1T8r4MmmTarPOjhOhpHAk/cH3WJRZQim9qPmbtr1hCX4uc891xjm51UEEtsJzJb5isMtjy6Sryu768PuEQMzz1m2t6h2APDELlvMkHlZ23x0LdRU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=t/7pepPe; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="t/7pepPe" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 47F83C4CEF8; Mon, 3 Nov 2025 11:27:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1762169247; bh=xUgfCnEjAJd8zsIOSMA0urqHXlAuN0jLc7ICsbqbewI=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=t/7pepPe+E2EpzUMqDzgHBspZi4YmYJq/8kyKPd8F4ea0WwzTWUKxbhr9BQn21g5p 4vUpHCHemXB6WCn+RWve8MTpNaOMgVq+V0G5Yt9dQGt0TYSSpSuF+1vBLHm6cV79V4 /Ef3Br+/I9RsZpUSXomjNPfGTamKACdaOSk0aWyoYYbif609YCwiJSx2Jh98aQ0Ofq CUodanmAKxk14DxR2ZdZsqfrSW1kzhfNI30558rjyOaZaOOTPVDEixp7GSLHnmdi6W X5H+Gu6tSKRCbmMwJz3DH/sLJXc1koIR94pNFloTG1GIny0GDGT2y0+626ZCaEyXMX Gic7qzrFm9jUA== From: Christian Brauner Date: Mon, 03 Nov 2025 12:26:55 +0100 Subject: [PATCH 07/16] backing-file: use credential guards for mmap Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251103-work-creds-guards-simple-v1-7-a3e156839e7f@kernel.org> References: <20251103-work-creds-guards-simple-v1-0-a3e156839e7f@kernel.org> In-Reply-To: <20251103-work-creds-guards-simple-v1-0-a3e156839e7f@kernel.org> To: Linus Torvalds Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-aio@kvack.org, linux-unionfs@vger.kernel.org, linux-erofs@lists.ozlabs.org, linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org, samba-technical@lists.samba.org, cgroups@vger.kernel.org, netdev@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-96507 X-Developer-Signature: v=1; a=openpgp-sha256; l=1027; i=brauner@kernel.org; h=from:subject:message-id; bh=xUgfCnEjAJd8zsIOSMA0urqHXlAuN0jLc7ICsbqbewI=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWRyTGx/tYdp5/3NnxKWxT267pvpVHLYZbnKu5ednnuOs ptrr97xpaOUhUGMi0FWTJHFod0kXG45T8Vmo0wNmDmsTCBDGLg4BWAiB3oYGf7bPVoYHBDtkvTm j0NBZrlhXOds+5m3OFIvVuu+nu7zMJ6RYXlZ6M8HAc6f/y7vskkP+syb1GXX780bzNOpyb/ifMp edgA= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Use credential guards for scoped credential override with automatic restoration on scope exit. Signed-off-by: Christian Brauner Reviewed-by: Amir Goldstein --- fs/backing-file.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/fs/backing-file.c b/fs/backing-file.c index 9c63a3368b66..5cc4b59aa460 100644 --- a/fs/backing-file.c +++ b/fs/backing-file.c @@ -331,7 +331,6 @@ EXPORT_SYMBOL_GPL(backing_file_splice_write); int backing_file_mmap(struct file *file, struct vm_area_struct *vma, struct backing_file_ctx *ctx) { - const struct cred *old_cred; struct file *user_file =3D vma->vm_file; int ret; =20 @@ -343,9 +342,8 @@ int backing_file_mmap(struct file *file, struct vm_area= _struct *vma, =20 vma_set_file(vma, file); =20 - old_cred =3D override_creds(ctx->cred); - ret =3D vfs_mmap(vma->vm_file, vma); - revert_creds(old_cred); + scoped_with_creds(ctx->cred) + ret =3D vfs_mmap(vma->vm_file, vma); =20 if (ctx->accessed) ctx->accessed(user_file); --=20 2.47.3 From nobody Sun Feb 8 00:38:52 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3AC57303A2F; Mon, 3 Nov 2025 11:27:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762169251; cv=none; b=n6H+3VQlqDSP2wu7doRydDT9DFoXPDIpFFrCs0t05qZTsnQlFbXO4AwyHnPnousMirQmGCwk74ponB0Kiq53SCeCQDUWqn2k1JBhzp1Pk2F7YbjqE25khHOCIdoa1YIov5to58HpptzbTxSgwC+NQKM+B8Yx0ijQUkr0Wh/a6D0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762169251; c=relaxed/simple; bh=mYlstSLu9EjMbm9NKODOYBWD+LPqr6dAu0tzrPktmzQ=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=SMKBpEnOd0GVyl7nUUGnq72XwAqT82r++iGZciqJv3l/GxIinOiOq8EcBP+7UWv93qoX+4hvDgVkCvEYKlUsJPMQg/3tAcN0CiOyWpUQKLSU+8gCwe7UJ/iOFTafqt3WHeOuM8grDSeFIbfTvUVIbox6m+S3kdc0n/+FUSDQ29k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=STqrMrI4; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="STqrMrI4" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 286ADC4CEE7; Mon, 3 Nov 2025 11:27:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1762169250; bh=mYlstSLu9EjMbm9NKODOYBWD+LPqr6dAu0tzrPktmzQ=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=STqrMrI4HTdVciHFTQo6X/rWq9AuCwH8cjr9x8+n6+sG8Ivb5pFAr/LHYe5ukSl3Y /xOm63eQeS5pMMZE5xjNg9VDY4XYAN5G6gQqED6X5+od9W9xPQXtK4d8Iv2e02+w0i Wd6O2dhyK3zL3U11rEGhZdsx5Z0pLVA83ls9eVzpGSPPSbL0iICNZDfbyoPPyZ1ZL2 0UPGQZun8LiPfvFilfZkttbHKMGAv17ErlWMEg9EcML+jOM4Mv0+FbKtSqZ3hFRVwg e5YDmEPGlN2ZfqtZWOK6oD41JlWuDosnLjx1hNgTh3glvEN5HiztiFysvvXU3DoIe4 7GNQ753m8/85w== From: Christian Brauner Date: Mon, 03 Nov 2025 12:26:56 +0100 Subject: [PATCH 08/16] binfmt_misc: use credential guards Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251103-work-creds-guards-simple-v1-8-a3e156839e7f@kernel.org> References: <20251103-work-creds-guards-simple-v1-0-a3e156839e7f@kernel.org> In-Reply-To: <20251103-work-creds-guards-simple-v1-0-a3e156839e7f@kernel.org> To: Linus Torvalds Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-aio@kvack.org, linux-unionfs@vger.kernel.org, linux-erofs@lists.ozlabs.org, linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org, samba-technical@lists.samba.org, cgroups@vger.kernel.org, netdev@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-96507 X-Developer-Signature: v=1; a=openpgp-sha256; l=1225; i=brauner@kernel.org; h=from:subject:message-id; bh=mYlstSLu9EjMbm9NKODOYBWD+LPqr6dAu0tzrPktmzQ=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWRyTGz/+WIFh9nrxRFbP9Uf+F5deo/n7QrmSybR9YfeC tz4fe/fm45SFgYxLgZZMUUWh3aTcLnlPBWbjTI1YOawMoEMYeDiFICJ1OsyMtxbwXNRcorXnde1 VRofdN8wFEYdEtv4JnqO0e+9GibWf2cz/I/OXytfrjPh+IulfbmKUgKiPxLjXAWTRDaHFx95/kj sGDMA X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Use credential guards for scoped credential override with automatic restoration on scope exit. Signed-off-by: Christian Brauner Reviewed-by: Amir Goldstein --- fs/binfmt_misc.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c index a839f960cd4a..558db4bd6c2a 100644 --- a/fs/binfmt_misc.c +++ b/fs/binfmt_misc.c @@ -782,8 +782,6 @@ static ssize_t bm_register_write(struct file *file, con= st char __user *buffer, return PTR_ERR(e); =20 if (e->flags & MISC_FMT_OPEN_FILE) { - const struct cred *old_cred; - /* * Now that we support unprivileged binfmt_misc mounts make * sure we use the credentials that the register @file was @@ -791,9 +789,8 @@ static ssize_t bm_register_write(struct file *file, con= st char __user *buffer, * didn't matter much as only a privileged process could open * the register file. */ - old_cred =3D override_creds(file->f_cred); - f =3D open_exec(e->interpreter); - revert_creds(old_cred); + scoped_with_creds(file->f_cred) + f =3D open_exec(e->interpreter); if (IS_ERR(f)) { pr_notice("register: failed to install interpreter file %s\n", e->interpreter); --=20 2.47.3 From nobody Sun Feb 8 00:38:52 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1F56A309EE1; Mon, 3 Nov 2025 11:27:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762169254; cv=none; b=pgtnadJtNGd5a1GxIRocqpoUzWmw1UpoDYQFXotdOxnulGGv0WK3N2YvpObhTK7+YjIGKZd9x+JYpCBwqNa31UbgVLUOTEWaL9FO3/N0/YNu8m7qWuhuGqRZBb5WSufhdn8DXryg+R6PoVcoBa8Rh/m0ovJY1VezZONh58Pi4b8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762169254; c=relaxed/simple; bh=rKQ/y4Od9YwZy6lC+CZIwz4HC5HTRvkb8TpxPddq1Vk=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=Mo7KmbCQar3y+VnvZrBt2pwSb7nQEY6CiG2X4m0pzpsrVEhXULAnYO5DxsoLOIyFoXF8S5vGMwu6/d+vYbVefbNVOkmPLTiRXh+eXwW4thLA+dTnmNf7afTmKF4HAi5Et8jmNtztwsRE5c2pz+2hvzEaSZAzgzMBlwhx+9WgWts= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=U6WkkxGT; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="U6WkkxGT" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4AB8FC4CEF8; Mon, 3 Nov 2025 11:27:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1762169253; bh=rKQ/y4Od9YwZy6lC+CZIwz4HC5HTRvkb8TpxPddq1Vk=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=U6WkkxGTZLtlnNdBQazDAtsgeorAhuV5hDik2pKTcqsbl3AaR8l1x/LcjhuAqzZmM FnUljnz4oNoibMK6CNcTsI4Cmk8GCZDxmUgQLJpGu6LNbAdK3eBHjjmQmzO+eiozl6 LSrtXCRVfTPH0uCruRfXoi/ShDZVsvqVitWm7iob2y3dvUuZXBE+KFlybomgbT1jZl FiQr9dcZVjF6Q77JMbh+SdH48QAgj635490LAFLfFWZTbB3E61HjQO2q6btJFVZXXv JEtz2qOaA5A7hFtdB/OapYZMe47sQxmIQQAfCj0yV1hphNgVui5vZ4o+rXxARtLPvx xGUBJ68dEzFyA== From: Christian Brauner Date: Mon, 03 Nov 2025 12:26:57 +0100 Subject: [PATCH 09/16] erofs: use credential guards Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251103-work-creds-guards-simple-v1-9-a3e156839e7f@kernel.org> References: <20251103-work-creds-guards-simple-v1-0-a3e156839e7f@kernel.org> In-Reply-To: <20251103-work-creds-guards-simple-v1-0-a3e156839e7f@kernel.org> To: Linus Torvalds Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-aio@kvack.org, linux-unionfs@vger.kernel.org, linux-erofs@lists.ozlabs.org, linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org, samba-technical@lists.samba.org, cgroups@vger.kernel.org, netdev@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-96507 X-Developer-Signature: v=1; a=openpgp-sha256; l=1187; i=brauner@kernel.org; h=from:subject:message-id; bh=rKQ/y4Od9YwZy6lC+CZIwz4HC5HTRvkb8TpxPddq1Vk=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWRyTGwvdjrU7i51dLfjOt7O6IIJCSndv3gerc31srrjL W3fKHK3o5SFQYyLQVZMkcWh3SRcbjlPxWajTA2YOaxMIEMYuDgFYCLK+YwMJzeedL6l15ZWc+Rc huX+xWsVps0+7X4xPfcr3+sHt++GCTAyfPgWIblbax3XPz3/q2cNb1f6+T3fwW7ZOHnP15KSP9x rGQA= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Use credential guards for scoped credential override with automatic restoration on scope exit. Signed-off-by: Christian Brauner Reviewed-by: Amir Goldstein --- fs/erofs/fileio.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/fs/erofs/fileio.c b/fs/erofs/fileio.c index b7b3432a9882..d27938435b2f 100644 --- a/fs/erofs/fileio.c +++ b/fs/erofs/fileio.c @@ -47,7 +47,6 @@ static void erofs_fileio_ki_complete(struct kiocb *iocb, = long ret) =20 static void erofs_fileio_rq_submit(struct erofs_fileio_rq *rq) { - const struct cred *old_cred; struct iov_iter iter; int ret; =20 @@ -61,9 +60,8 @@ static void erofs_fileio_rq_submit(struct erofs_fileio_rq= *rq) rq->iocb.ki_flags =3D IOCB_DIRECT; iov_iter_bvec(&iter, ITER_DEST, rq->bvecs, rq->bio.bi_vcnt, rq->bio.bi_iter.bi_size); - old_cred =3D override_creds(rq->iocb.ki_filp->f_cred); - ret =3D vfs_iocb_iter_read(rq->iocb.ki_filp, &rq->iocb, &iter); - revert_creds(old_cred); + scoped_with_creds(rq->iocb.ki_filp->f_cred) + ret =3D vfs_iocb_iter_read(rq->iocb.ki_filp, &rq->iocb, &iter); if (ret !=3D -EIOCBQUEUED) erofs_fileio_ki_complete(&rq->iocb, ret); } --=20 2.47.3 From nobody Sun Feb 8 00:38:52 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3391F309EE4; Mon, 3 Nov 2025 11:27:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762169257; cv=none; b=Dn1/cUfz06idotqjdkYqDERUiIfMX3F58Rgjskx3bDKPN+UmgDyvFehVlYMJV4MLS1/CZZJukFkCSeGIlpRTyZ8kGl4iRUrIQn/HS9V0ytmqO+FcvdXFtkD9EnlwN444GD5S/TnCUJuui5/weussEauYQOzZuKbvoY2M8IWE+fE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762169257; c=relaxed/simple; bh=Dmlif8BKtwQInPdLdn5bmZmsNB9JrY68RKP9X41cJow=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=NTEa2ulo9HSbbr8hzkCPNeeBaINjqBS8cQZZk1EZUWNbXGsEvZUKAb7zh4gI9J2Lzmaz16SH1QUhIQc5t5PuNjzwZk6JztDnkGcbyyRH5jvjoops6zmjmp/DFt/CvPXumt2JMvEGzcuMOS7ZcbezOMOLPsqjxwphcdKbxnn9h8o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ZUPKtFV3; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ZUPKtFV3" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 38A7CC4CEE7; Mon, 3 Nov 2025 11:27:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1762169256; bh=Dmlif8BKtwQInPdLdn5bmZmsNB9JrY68RKP9X41cJow=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=ZUPKtFV3jOi39pVhMoqR8e+UPRvD8cPvGK/TkNTy8vTll6Oouo05sQCrhw0nfZDPU s/jAhMT0H65hYbdhOeiQsxtVsMu2oucHMQDOrDCEgqIFKjvOArwVTj8WgZCS6WFiCK 39I4k2MygY4lp/9bXa20yBCHpwDKravlvwx76sjTw87aegmCG+byCk1eMVdNGNiHqr OHcnSv4HAzT9yLtfFWHoxlCZUMAqe8rUAmhrVmli9jWYvaKUerYjqdhL1D1nTKJ68V vZ3TmrcA0bbjAy30X9+q9DMuC7dsyD5S/UzDlGW3QS4t7q0Ztr6NeHeOg0KpTkY4RS fk/zNlNTamaDg== From: Christian Brauner Date: Mon, 03 Nov 2025 12:26:58 +0100 Subject: [PATCH 10/16] nfs: use credential guards in nfs_local_call_read() Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251103-work-creds-guards-simple-v1-10-a3e156839e7f@kernel.org> References: <20251103-work-creds-guards-simple-v1-0-a3e156839e7f@kernel.org> In-Reply-To: <20251103-work-creds-guards-simple-v1-0-a3e156839e7f@kernel.org> To: Linus Torvalds Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-aio@kvack.org, linux-unionfs@vger.kernel.org, linux-erofs@lists.ozlabs.org, linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org, samba-technical@lists.samba.org, cgroups@vger.kernel.org, netdev@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-96507 X-Developer-Signature: v=1; a=openpgp-sha256; l=1941; i=brauner@kernel.org; h=from:subject:message-id; bh=Dmlif8BKtwQInPdLdn5bmZmsNB9JrY68RKP9X41cJow=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWRyTGyvbex6eulmk5e9TU2E55ZKDuFyts3v7um+t3b6t Hr52vMKHaUsDGJcDLJiiiwO7Sbhcst5KjYbZWrAzGFlAhnCwMUpABM594mR4WpZv4bwwY7YjsAH WcGLKz+8a2Bepp/NKm93q73nZ8Kxuwx/hZS+es9b9zIiqKb7TOm2x+5T+/mNXhjklOs8fJVioju DHQA= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Use credential guards for scoped credential override with automatic restoration on scope exit. Signed-off-by: Christian Brauner Reviewed-by: Amir Goldstein --- fs/nfs/localio.c | 31 ++++++++++++++----------------- 1 file changed, 14 insertions(+), 17 deletions(-) diff --git a/fs/nfs/localio.c b/fs/nfs/localio.c index 2c0455e91571..48bfe54b48a4 100644 --- a/fs/nfs/localio.c +++ b/fs/nfs/localio.c @@ -595,29 +595,26 @@ static void nfs_local_call_read(struct work_struct *w= ork) struct nfs_local_kiocb *iocb =3D container_of(work, struct nfs_local_kiocb, work); struct file *filp =3D iocb->kiocb.ki_filp; - const struct cred *save_cred; ssize_t status; =20 - save_cred =3D override_creds(filp->f_cred); - - for (int i =3D 0; i < iocb->n_iters ; i++) { - if (iocb->iter_is_dio_aligned[i]) { - iocb->kiocb.ki_flags |=3D IOCB_DIRECT; - iocb->kiocb.ki_complete =3D nfs_local_read_aio_complete; - iocb->aio_complete_work =3D nfs_local_read_aio_complete_work; - } + scoped_with_creds(filp->f_cred) { + for (int i =3D 0; i < iocb->n_iters ; i++) { + if (iocb->iter_is_dio_aligned[i]) { + iocb->kiocb.ki_flags |=3D IOCB_DIRECT; + iocb->kiocb.ki_complete =3D nfs_local_read_aio_complete; + iocb->aio_complete_work =3D nfs_local_read_aio_complete_work; + } =20 - iocb->kiocb.ki_pos =3D iocb->offset[i]; - status =3D filp->f_op->read_iter(&iocb->kiocb, &iocb->iters[i]); - if (status !=3D -EIOCBQUEUED) { - nfs_local_pgio_done(iocb->hdr, status); - if (iocb->hdr->task.tk_status) - break; + iocb->kiocb.ki_pos =3D iocb->offset[i]; + status =3D filp->f_op->read_iter(&iocb->kiocb, &iocb->iters[i]); + if (status !=3D -EIOCBQUEUED) { + nfs_local_pgio_done(iocb->hdr, status); + if (iocb->hdr->task.tk_status) + break; + } } } =20 - revert_creds(save_cred); - if (status !=3D -EIOCBQUEUED) { nfs_local_read_done(iocb, status); nfs_local_pgio_release(iocb); --=20 2.47.3 From nobody Sun Feb 8 00:38:52 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2934930AD12; Mon, 3 Nov 2025 11:27:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762169260; cv=none; b=FatQ5fVFCQRkZG79TV6+/hB5ast+aLMuuomA5ymeCqgICAKOgr1qy94KCpB+ezXVveoiMxkiCNFFMVLYz9OVkreSX61Kp0guP9j27UpCPzJOUoSgpFCyutMj/4q/pvRXLo/Ltf5pFG95y/vUeL9DMEFFuyqBsujz0ZgwVjAMz3o= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762169260; c=relaxed/simple; bh=S5SWhHP1AKnpAS9cvNavzXbz6fN+yKJB66DWhHiIX8U=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=nZX2p5FcJYbUR1Ner0Jd1QllklBOmZKi/fsPUYva5g5D1x5GQHYUfS8vKgEU8bZb4mIn3vsvnZ82TPDnnWCJcIPiSUnvq8+yb2v5b5LWw/ykzKA0vWVwDueeiYMf2WiVwpRuRf9soPyP2VjefFpp0u27b3ygjezwO+Obyw06d4M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=O0ftDU25; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="O0ftDU25" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 48643C4CEFD; Mon, 3 Nov 2025 11:27:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1762169260; bh=S5SWhHP1AKnpAS9cvNavzXbz6fN+yKJB66DWhHiIX8U=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=O0ftDU2583umsexJKbRZVn9zJiuCwK3OrzAB25iAlfQ7R7sQ3Wg+ni4/AJfDhnhjG 4sDpwHzKXBwubFvBfYWQMXDlKurxb2ZgEJ79NWi4SCcFCXm+zWmu2LuA8Tqx7G/IOY 7sPCsPHcSWjteCW4PWnclWDwdP9tGopfXU8zy72JJ8O9aN2A/pSkwH2dtX13myu8Hh IhxXoJ8ywUtbTTYpubuBigy2vviCiWcKk65gjwbfPw/ciGpKjVC3DO8s5l4z0fblkX 5KOX/B1Zv8juI/9V1O/vLt3bfgwjTw+pxFJ4697kdWV1JOXmUS4OCoxuuX1ZVlQ9w6 vskR40Jqe+pRw== From: Christian Brauner Date: Mon, 03 Nov 2025 12:26:59 +0100 Subject: [PATCH 11/16] nfs: use credential guards in nfs_local_call_write() Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251103-work-creds-guards-simple-v1-11-a3e156839e7f@kernel.org> References: <20251103-work-creds-guards-simple-v1-0-a3e156839e7f@kernel.org> In-Reply-To: <20251103-work-creds-guards-simple-v1-0-a3e156839e7f@kernel.org> To: Linus Torvalds Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-aio@kvack.org, linux-unionfs@vger.kernel.org, linux-erofs@lists.ozlabs.org, linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org, samba-technical@lists.samba.org, cgroups@vger.kernel.org, netdev@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-96507 X-Developer-Signature: v=1; a=openpgp-sha256; l=1874; i=brauner@kernel.org; h=from:subject:message-id; bh=S5SWhHP1AKnpAS9cvNavzXbz6fN+yKJB66DWhHiIX8U=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWRyTGy/fqQ6cGfSIttn8vfUa1PqJGbNeRPqc9AtXFnob Umq+DPljlIWBjEuBlkxRRaHdpNwueU8FZuNMjVg5rAygQxh4OIUgIkEpTIyfDkp9167567kgjTx sybv0n+tLPm0yiJlToyM+hQ/j+9WwowM17SSNCR0XDy0jbrcLXwm+AmtYerabNC6nH3apOAdm/w 4AQ== X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Use credential guards for scoped credential override with automatic restoration on scope exit. Signed-off-by: Christian Brauner Reviewed-by: Amir Goldstein --- fs/nfs/localio.c | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/fs/nfs/localio.c b/fs/nfs/localio.c index 48bfe54b48a4..0c89a9d1e089 100644 --- a/fs/nfs/localio.c +++ b/fs/nfs/localio.c @@ -781,18 +781,11 @@ static void nfs_local_write_aio_complete(struct kiocb= *kiocb, long ret) nfs_local_pgio_aio_complete(iocb); /* Calls nfs_local_write_aio_complete_= work */ } =20 -static void nfs_local_call_write(struct work_struct *work) +static ssize_t do_nfs_local_call_write(struct nfs_local_kiocb *iocb, + struct file *filp) { - struct nfs_local_kiocb *iocb =3D - container_of(work, struct nfs_local_kiocb, work); - struct file *filp =3D iocb->kiocb.ki_filp; - unsigned long old_flags =3D current->flags; - const struct cred *save_cred; ssize_t status; =20 - current->flags |=3D PF_LOCAL_THROTTLE | PF_MEMALLOC_NOIO; - save_cred =3D override_creds(filp->f_cred); - file_start_write(filp); for (int i =3D 0; i < iocb->n_iters ; i++) { if (iocb->iter_is_dio_aligned[i]) { @@ -837,7 +830,22 @@ static void nfs_local_call_write(struct work_struct *w= ork) } file_end_write(filp); =20 - revert_creds(save_cred); + return status; +} + +static void nfs_local_call_write(struct work_struct *work) +{ + struct nfs_local_kiocb *iocb =3D + container_of(work, struct nfs_local_kiocb, work); + struct file *filp =3D iocb->kiocb.ki_filp; + unsigned long old_flags =3D current->flags; + ssize_t status; + + current->flags |=3D PF_LOCAL_THROTTLE | PF_MEMALLOC_NOIO; + + scoped_with_creds(filp->f_cred) + status =3D do_nfs_local_call_write(iocb, filp); + current->flags =3D old_flags; =20 if (status !=3D -EIOCBQUEUED) { --=20 2.47.3 From nobody Sun Feb 8 00:38:52 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 330E630B524; Mon, 3 Nov 2025 11:27:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762169263; cv=none; b=iICZCztfF7Gyf7lEB3cn7pYdI1W/7j1D+1kPKI4YbS2vC1JF24s1Qn53z9xup8HAj3N1DVDuIjh/gjady2OksbE+YRnpbGuJgqRx8tAmFfUaGJtuoAfuGH9v90ObcH2H6mbFm+hAWI7LkFVuF89lGeZSgPfsbJ+YVJoBAx1HkhA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762169263; c=relaxed/simple; bh=8jsM42EFf4c9yOO+A2KOodgf1ewjQpXoGxD8DKkZDoc=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=Ct9luU7kniqpoegOqunqnExKK4aMBVqry0aK6yew6EFVXM12N2Kg6Jp853jL3+kQhhSOJntfI9Xoo0MFSeCkWK2pv81vCoYKS+bXOMscv3CBHxJrREWGa5AZJ0+92KfWfjFCBS7D06x3aPTc3Ps5Lony0sEZ0Qaqiual9GVUnaA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=FbAi9WBH; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="FbAi9WBH" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7A109C4CEE7; Mon, 3 Nov 2025 11:27:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1762169263; bh=8jsM42EFf4c9yOO+A2KOodgf1ewjQpXoGxD8DKkZDoc=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=FbAi9WBHffHsH+Y9i4zEwgXGAIiJkLuU4I+HseYDgpqTCTPTC4jOxJ/zZUZ5zwjIv AJnUHU9QLT9QwwAEE5tloDBUIKvCHD3verXxV4hMa02aXBOKbWgHdlKty0QYCpdXpW 3Ifm6xh7AQdPJsNCk5uRCEygGiUxHY9DAPFacy9ki7uVzyHze8Sj+E+LXUbFxtAEHJ GdsaJ3uUOHhyuAPkJ4dtaUpiXHG/SjvRIuRuQHulLMUTEibpTwF1bUXJxV8MqlR4pW 4o6yWUebx2bMZ9we+Y6QHTIvHodYlxQ1H7j2dd9PzCAqbHYax4rP9lp4aZkxy1S2Hs 54jUU1Y9ewvIA== From: Christian Brauner Date: Mon, 03 Nov 2025 12:27:00 +0100 Subject: [PATCH 12/16] nfs: use credential guards in nfs_idmap_get_key() Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251103-work-creds-guards-simple-v1-12-a3e156839e7f@kernel.org> References: <20251103-work-creds-guards-simple-v1-0-a3e156839e7f@kernel.org> In-Reply-To: <20251103-work-creds-guards-simple-v1-0-a3e156839e7f@kernel.org> To: Linus Torvalds Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-aio@kvack.org, linux-unionfs@vger.kernel.org, linux-erofs@lists.ozlabs.org, linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org, samba-technical@lists.samba.org, cgroups@vger.kernel.org, netdev@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-96507 X-Developer-Signature: v=1; a=openpgp-sha256; l=1008; i=brauner@kernel.org; h=from:subject:message-id; bh=8jsM42EFf4c9yOO+A2KOodgf1ewjQpXoGxD8DKkZDoc=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWRyTGz/8FlG9YDSAfX+gxrnPsoU75DNi/u4Js3hnvXDu fsfFKe96ChlYRDjYpAVU2RxaDcJl1vOU7HZKFMDZg4rE8gQBi5OAZiI4h1Ghofx+8P5r81wY7Tw Pqs/Yab/mnsf9pdx3eXulD8ZphDZLcfIsHdXoNyrEO2lryvXNolyp1mxdn4pSFe3vMPLe/TRy2w WNgA= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Use credential guards for scoped credential override with automatic restoration on scope exit. Signed-off-by: Christian Brauner Reviewed-by: Amir Goldstein --- fs/nfs/nfs4idmap.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/fs/nfs/nfs4idmap.c b/fs/nfs/nfs4idmap.c index 00932500fce4..9e1c48c5c0b8 100644 --- a/fs/nfs/nfs4idmap.c +++ b/fs/nfs/nfs4idmap.c @@ -306,15 +306,12 @@ static ssize_t nfs_idmap_get_key(const char *name, si= ze_t namelen, const char *type, void *data, size_t data_size, struct idmap *idmap) { - const struct cred *saved_cred; struct key *rkey; const struct user_key_payload *payload; ssize_t ret; =20 - saved_cred =3D override_creds(id_resolver_cache); - rkey =3D nfs_idmap_request_key(name, namelen, type, idmap); - revert_creds(saved_cred); - + scoped_with_creds(id_resolver_cache) + rkey =3D nfs_idmap_request_key(name, namelen, type, idmap); if (IS_ERR(rkey)) { ret =3D PTR_ERR(rkey); goto out; --=20 2.47.3 From nobody Sun Feb 8 00:38:52 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6C778303CAA; Mon, 3 Nov 2025 11:27:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762169267; cv=none; b=EDNlyiA0/pyJ1od3b2kxKCd4bdswfneQkgUbaL3lViPIH5b2+k2SBzcIZpcta+6OXLnxGc7QljvBw3XC+AnqYYvztCxsQyB4G/zCJgHHX2dDd536DS3esQlQDTYdZV+lr5B8QvuB7OrQirJ57SArLCDNhh7bkALrQc/yjhwg9hI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762169267; c=relaxed/simple; bh=cI/wCkL2aCWjfu8Fn9+DnW9cfZKAM4aWc79J+WWc2Og=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=EAM2ipFa9fzakAjR89/6IdvbMuosOJfNS8TaVtE4eFESgx9Yr+ntX3YbKQjBq8B/eq3sH0Ivgj5S4OBv1UGGM7BB+id363CDo2D84lyR635TkaiiaDPskxHtxu8cot6pYUx8vXzPB403xiqlbYehpiKoVfybbM8R4uWpv5gbk2M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=WdXcmdeU; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="WdXcmdeU" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 84C00C4CEE7; Mon, 3 Nov 2025 11:27:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1762169266; bh=cI/wCkL2aCWjfu8Fn9+DnW9cfZKAM4aWc79J+WWc2Og=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=WdXcmdeUI7d7FY8An7/fIl/EVg+Uk/Gsp72iYPvHQI0TMM2ZwM+FkDEcH65fSeC4D lNzRLyt/nrrMaxqugF5szXDc9alaK5CA03yFADWm/OTnxfiPAkCFM1OqzyCAJ0HK3l VXHm3zRc1Bdg6sgv/WOuWWyHLMSdOtZzfNmt4hoFAGAnmp4lH55Y+6YtZBNCGREhhw B77COT6wrCa+L5PGDqDnseQOs99bJgfmOow1aYPlfXjeyssIHhn8PY7emMUot6cT+C ik2I+AlaNtzUU0XF4ol6l79HbigRNAT5Zg3vKGS6GXmAUSr3lyOXMu5tZ8llaYquKR pHoWbORGrPuBQ== From: Christian Brauner Date: Mon, 03 Nov 2025 12:27:01 +0100 Subject: [PATCH 13/16] smb: use credential guards in cifs_get_spnego_key() Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251103-work-creds-guards-simple-v1-13-a3e156839e7f@kernel.org> References: <20251103-work-creds-guards-simple-v1-0-a3e156839e7f@kernel.org> In-Reply-To: <20251103-work-creds-guards-simple-v1-0-a3e156839e7f@kernel.org> To: Linus Torvalds Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-aio@kvack.org, linux-unionfs@vger.kernel.org, linux-erofs@lists.ozlabs.org, linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org, samba-technical@lists.samba.org, cgroups@vger.kernel.org, netdev@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-96507 X-Developer-Signature: v=1; a=openpgp-sha256; l=1259; i=brauner@kernel.org; h=from:subject:message-id; bh=cI/wCkL2aCWjfu8Fn9+DnW9cfZKAM4aWc79J+WWc2Og=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWRyTOxILb32Z+vLgE6nhY+mnF68VHJekZl+4OTFuT9+F C4KTI/w7ShlYRDjYpAVU2RxaDcJl1vOU7HZKFMDZg4rE8gQBi5OAZjIzCeMDFM6cvZe2CyhUXbm V391qJP7NdHHgrxf58ez6pc7N2tPSGX4p/21dNKnHytYHyeuXL2ncu7aGzbbNxX7fM2M26B/TnT rYVYA X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Use credential guards for scoped credential override with automatic restoration on scope exit. Signed-off-by: Christian Brauner Reviewed-by: Amir Goldstein --- fs/smb/client/cifs_spnego.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/fs/smb/client/cifs_spnego.c b/fs/smb/client/cifs_spnego.c index 9891f55bac1e..da935bd1ce87 100644 --- a/fs/smb/client/cifs_spnego.c +++ b/fs/smb/client/cifs_spnego.c @@ -90,7 +90,6 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo, size_t desc_len; struct key *spnego_key; const char *hostname =3D server->hostname; - const struct cred *saved_cred; =20 /* length of fields (with semicolons): ver=3D0xyz ip4=3Dipaddress host=3Dhostname sec=3Dmechanism uid=3D0xFF user=3Dusername */ @@ -158,9 +157,8 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo, dp +=3D sprintf(dp, ";upcall_target=3Dapp"); =20 cifs_dbg(FYI, "key description =3D %s\n", description); - saved_cred =3D override_creds(spnego_cred); - spnego_key =3D request_key(&cifs_spnego_key_type, description, ""); - revert_creds(saved_cred); + scoped_with_creds(spnego_cred) + spnego_key =3D request_key(&cifs_spnego_key_type, description, ""); =20 #ifdef CONFIG_CIFS_DEBUG2 if (cifsFYI && !IS_ERR(spnego_key)) { --=20 2.47.3 From nobody Sun Feb 8 00:38:52 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6A85E30C61D; Mon, 3 Nov 2025 11:27:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762169269; cv=none; b=FPJQvYOzr11IrePCDJVXRMRS8wVO+eA8vR62ZcEb00zpJiUZtACrsv1yPt6e/tiQfo+/CEqOsyTM7nJSvHFeImBZ4xA3PIVTtL2WsmY/4CqBU+DJ6UtOfBmjA3KTlNneQrtCsciXYLz7Lz9I/8QloTHSzJKEE4+a7dB6JlYvi50= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762169269; c=relaxed/simple; bh=levEAcCe3qHl8KZRvufqmIV0fvjVebO71tbqxGWp4c8=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=mqonWyxkRRqYQ+hKhGMuRdqIGTagfgQ6+V/QrHsUUE9akNMD3UIg0fCxaxEo5phFXCjZ/lLVUqylgLSlDhENjOaR9u49/fYI4p/mBrGYQESMoYMJ4gFzjzfcEOPrd9HevmZAUqLThMc/OK4UeTS+jp4r6RX+sCcgxBnJGnnMdW8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=LDRfwTg0; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="LDRfwTg0" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6E30CC116B1; Mon, 3 Nov 2025 11:27:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1762169269; bh=levEAcCe3qHl8KZRvufqmIV0fvjVebO71tbqxGWp4c8=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=LDRfwTg0QjpeDhA96LiFXb2SmOmHJAJ6a9dSzCXfvQqX9nLZUjs+D0oIZPvsD13Cc DC6K459GxA2yHnye+Axchx4DJiiXPzjjzX0+hfnaBz9If5gYv7tBIXbx7+ChxrTMoL eS+yXl4PmkrV50ukt73jIWiKBHPVuVdCOOufeSS+jY7GWhmcnPx/+pqpJT+RU1h/Xl bbMQWziX/brtBe2/isOU1UN5rPdGXSRPfAU+36rZSsnXEhX3gdnqj2NlA9FcZqZEZa GbyQk5XcmL7JqQ2K0EJtLBN04m+wUYPmKmFMRgaRw8gBIKYkRSI3FjwzjbLJpOx2BP UJmL0TJCELZEg== From: Christian Brauner Date: Mon, 03 Nov 2025 12:27:02 +0100 Subject: [PATCH 14/16] act: use credential guards in acct_write_process() Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251103-work-creds-guards-simple-v1-14-a3e156839e7f@kernel.org> References: <20251103-work-creds-guards-simple-v1-0-a3e156839e7f@kernel.org> In-Reply-To: <20251103-work-creds-guards-simple-v1-0-a3e156839e7f@kernel.org> To: Linus Torvalds Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-aio@kvack.org, linux-unionfs@vger.kernel.org, linux-erofs@lists.ozlabs.org, linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org, samba-technical@lists.samba.org, cgroups@vger.kernel.org, netdev@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-96507 X-Developer-Signature: v=1; a=openpgp-sha256; l=1156; i=brauner@kernel.org; h=from:subject:message-id; bh=levEAcCe3qHl8KZRvufqmIV0fvjVebO71tbqxGWp4c8=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWRyTOy4whNlJb48P2yuqN7RhJvSEzzP//y2iuGPXsCzX Y79DkUqHaUsDGJcDLJiiiwO7Sbhcst5KjYbZWrAzGFlAhnCwMUpABOZeJ/hf8Fepp9pKmwlwSsn TzMRt3+Rap1ikW1ZHB53xcU9JfJCJ8Mf7tQYZ9mT/wXrbzy9nL06/M9HjkUTSsPLr+ZxdvjP2jy ZEwA= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Use credential guards for scoped credential override with automatic restoration on scope exit. Signed-off-by: Christian Brauner Reviewed-by: Amir Goldstein --- kernel/acct.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/kernel/acct.c b/kernel/acct.c index 61630110e29d..c1028f992529 100644 --- a/kernel/acct.c +++ b/kernel/acct.c @@ -520,12 +520,10 @@ static void fill_ac(struct bsd_acct_struct *acct) static void acct_write_process(struct bsd_acct_struct *acct) { struct file *file =3D acct->file; - const struct cred *cred; acct_t *ac =3D &acct->ac; =20 /* Perform file operations on behalf of whoever enabled accounting */ - cred =3D override_creds(file->f_cred); - + with_creds(file->f_cred); /* * First check to see if there is enough free_space to continue * the process accounting system. Then get freeze protection. If @@ -538,8 +536,6 @@ static void acct_write_process(struct bsd_acct_struct *= acct) __kernel_write(file, ac, sizeof(acct_t), &pos); file_end_write(file); } - - revert_creds(cred); } =20 static void do_acct_process(struct bsd_acct_struct *acct) --=20 2.47.3 From nobody Sun Feb 8 00:38:52 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 34D013043C8; Mon, 3 Nov 2025 11:27:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762169273; cv=none; b=k/Wr1dvKmmIEBCFB7i4yY/+loIrvaWbVdvDC0FvVbEugYBsCRG5lMw3wVqONzu9QurZnOqduBVKHajt+FG2zixWsHDlTX6oVLMeL5C0ph6iRBeE70HW3qIXGEXknahlrH4DsOvodehKh9P1k9N4c/I5wnksw5la6S7KeirR16P0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762169273; c=relaxed/simple; bh=M/gRfyTv5mKfZ+5BvhWQ76LEQ3tFhX77yWuNWTckzIg=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=eq6+YQ2FlLq/2aHMdTHdRbmHfmPdZ/oFTC0TgtnKGGiG6ichr2xChmNFrT5h24TZ+LXsaAkg4z30id+kHmy1840qDuZvgznSxpWSWWbQWedizzJYZfkBplaKTaQVfF1dculmdFMkk+XMRgc+5LiVGh5Jkw864nlbPcivskqh1Nk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=BVEFfMfx; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="BVEFfMfx" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6DAA1C4CEFD; Mon, 3 Nov 2025 11:27:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1762169271; bh=M/gRfyTv5mKfZ+5BvhWQ76LEQ3tFhX77yWuNWTckzIg=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=BVEFfMfxhAtcDHBJCjcRf39J+5yktLhjR/ZEOHo9p2nFmgkmjYFFNsz5oIU/U8ZTL 9irmY+G64LxOeURMJwzrYYPbRuyimLKkAsFmswkr6ayePhzuTycrYOMwvYBjeg44kL fZh4MxKTDUwste9fqOKAyNQ2wYd7iH3XkjngIZOlmUGVNO+/HlDAszhoz8tfJHzN7K A6ysUam7UPg/1PHBR93Mf6ID+j+UPcWIpBlrThXvVM3VzfY2pKJMW5jcUiwixDaa05 1ZHbalHthOrPVyftU1mntAlNvT/Fog0UCTJ0nGQl9ANDYuJecuRDHSA3zVl7E3MiBm NqcPsTSXtAoHQ== From: Christian Brauner Date: Mon, 03 Nov 2025 12:27:03 +0100 Subject: [PATCH 15/16] cgroup: use credential guards in cgroup_attach_permissions() Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251103-work-creds-guards-simple-v1-15-a3e156839e7f@kernel.org> References: <20251103-work-creds-guards-simple-v1-0-a3e156839e7f@kernel.org> In-Reply-To: <20251103-work-creds-guards-simple-v1-0-a3e156839e7f@kernel.org> To: Linus Torvalds Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-aio@kvack.org, linux-unionfs@vger.kernel.org, linux-erofs@lists.ozlabs.org, linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org, samba-technical@lists.samba.org, cgroups@vger.kernel.org, netdev@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-96507 X-Developer-Signature: v=1; a=openpgp-sha256; l=1349; i=brauner@kernel.org; h=from:subject:message-id; bh=M/gRfyTv5mKfZ+5BvhWQ76LEQ3tFhX77yWuNWTckzIg=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWRyTOwIF1HWiI55/L9ds6r6Ed+EQyobr71rc98e/UptT nKn4XWzjlIWBjEuBlkxRRaHdpNwueU8FZuNMjVg5rAygQxh4OIUgIn0SzH8sxB2VDhxXOsZr/O3 xuBV7de9Su/HHFLoTA64c5B7742/KYwMa6dOZXfuuuMXXnvh69dXJwVX68SutZe8tXda4kPLf4u mMwEA X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Use credential guards for scoped credential override with automatic restoration on scope exit. Signed-off-by: Christian Brauner Reviewed-by: Amir Goldstein --- kernel/cgroup/cgroup.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c index fdee387f0d6b..9f61f7cfc8d1 100644 --- a/kernel/cgroup/cgroup.c +++ b/kernel/cgroup/cgroup.c @@ -5363,7 +5363,6 @@ static ssize_t __cgroup_procs_write(struct kernfs_ope= n_file *of, char *buf, struct cgroup_file_ctx *ctx =3D of->priv; struct cgroup *src_cgrp, *dst_cgrp; struct task_struct *task; - const struct cred *saved_cred; ssize_t ret; enum cgroup_attach_lock_mode lock_mode; =20 @@ -5386,11 +5385,10 @@ static ssize_t __cgroup_procs_write(struct kernfs_o= pen_file *of, char *buf, * permissions using the credentials from file open to protect against * inherited fd attacks. */ - saved_cred =3D override_creds(of->file->f_cred); - ret =3D cgroup_attach_permissions(src_cgrp, dst_cgrp, - of->file->f_path.dentry->d_sb, - threadgroup, ctx->ns); - revert_creds(saved_cred); + scoped_with_creds(of->file->f_cred) + ret =3D cgroup_attach_permissions(src_cgrp, dst_cgrp, + of->file->f_path.dentry->d_sb, + threadgroup, ctx->ns); if (ret) goto out_finish; =20 --=20 2.47.3 From nobody Sun Feb 8 00:38:52 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1CC3730DEAC; Mon, 3 Nov 2025 11:27:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762169275; cv=none; b=R9cbITGTKo/wx4g9rMpHZX6EaDK2M5V3Pe0YTykDT3NgySTJX2Q/xA6kCdOUmdqVSMX4hTNzPGK/1owUbf11N315+vPwitItaVA7N+LT0iWPrXiMiPbzZNzxIehfWkyf4uF2d/rxt2ZpvVxZg+Fgrb2yS3TXKvj6FQURHDu+uYY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762169275; c=relaxed/simple; bh=bCAyE7tmk17boyOhhm5qwpsQaMCqCnHI3pfKUhK/d+4=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=FcU6fghtgD6msLW8OC9/LWEkswRYJ5TUQ0n/nhS5b8pP129jTLcmbLVY499NJi7qSpJfMaUKS18pvfJGueKAhosBg6CLmaEAm7tv02KHzyJJQZT+iPGulV4D3VHUkVA0ZjUiFHYgxsid4MP/bq8yN6n59OiI7jgEHr/FLDC/Ok0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=YaZ0aFlr; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="YaZ0aFlr" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5B2A1C116B1; Mon, 3 Nov 2025 11:27:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1762169274; bh=bCAyE7tmk17boyOhhm5qwpsQaMCqCnHI3pfKUhK/d+4=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=YaZ0aFlrmjLdV5jLyEWA8b2zPj7i9z0dEpY7E7rdwB2Ir37Qxszllxd+LNnnKGHpV 7g9uQsnEh6lDmbJfA/j3i7al14HMc1FhKJuhGYP5jeWI4FqTHyNwG4KUR4LgFazakm 9U6Bp0/ktbSbl18fmnOeWWaJYtfsjuu5jQIn2cic/xqnanYb+hX8H1N2l7eiHfwRYw WlWwRJueDrp/N+huW0lQhpsaThRzloG3shyGhe98eUpBRrQtTyTnupElathvxWorr+ VU2h9Ct67bfNGBcgfYLonCedVqZrKUuW4QK8H0K+yeAQc3FViZrQoKtD29+DH9/Hq9 IHBHH4/ABmXuA== From: Christian Brauner Date: Mon, 03 Nov 2025 12:27:04 +0100 Subject: [PATCH 16/16] net/dns_resolver: use credential guards in dns_query() Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251103-work-creds-guards-simple-v1-16-a3e156839e7f@kernel.org> References: <20251103-work-creds-guards-simple-v1-0-a3e156839e7f@kernel.org> In-Reply-To: <20251103-work-creds-guards-simple-v1-0-a3e156839e7f@kernel.org> To: Linus Torvalds Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-aio@kvack.org, linux-unionfs@vger.kernel.org, linux-erofs@lists.ozlabs.org, linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org, samba-technical@lists.samba.org, cgroups@vger.kernel.org, netdev@vger.kernel.org, Christian Brauner X-Mailer: b4 0.15-dev-96507 X-Developer-Signature: v=1; a=openpgp-sha256; l=1179; i=brauner@kernel.org; h=from:subject:message-id; bh=bCAyE7tmk17boyOhhm5qwpsQaMCqCnHI3pfKUhK/d+4=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMWRyTOz49t81KnHqZTWdoJ9Fp9KfSbosV32dkH//j7TF6 wVfllVmdpSyMIhxMciKKbI4tJuEyy3nqdhslKkBM4eVCWQIAxenAEwkoZLhv8td6YzC5sipYZKb NNX9Ju62Zvq6u5zZbmpraeA33c0/dzIyHF19l68/b9H/cwesPoX/dN9tnRlh6/AjVdTxeV6q8Y6 9rAA= X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Use credential guards for scoped credential override with automatic restoration on scope exit. Signed-off-by: Christian Brauner Reviewed-by: Amir Goldstein --- net/dns_resolver/dns_query.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c index 82b084cc1cc6..53da62984447 100644 --- a/net/dns_resolver/dns_query.c +++ b/net/dns_resolver/dns_query.c @@ -78,7 +78,6 @@ int dns_query(struct net *net, { struct key *rkey; struct user_key_payload *upayload; - const struct cred *saved_cred; size_t typelen, desclen; char *desc, *cp; int ret, len; @@ -124,9 +123,8 @@ int dns_query(struct net *net, /* make the upcall, using special credentials to prevent the use of * add_key() to preinstall malicious redirections */ - saved_cred =3D override_creds(dns_resolver_cache); - rkey =3D request_key_net(&key_type_dns_resolver, desc, net, options); - revert_creds(saved_cred); + scoped_with_creds(dns_resolver_cache) + rkey =3D request_key_net(&key_type_dns_resolver, desc, net, options); kfree(desc); if (IS_ERR(rkey)) { ret =3D PTR_ERR(rkey); --=20 2.47.3