From patchwork Thu Aug 22 01:25:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vinicius Costa Gomes X-Patchwork-Id: 13772403 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D8AFD1BC46; Thu, 22 Aug 2024 01:25:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724289935; cv=none; b=O2lVTabkDxsLjgF0SV+jlDGDFVMGcXmQNCIS2QDbpsRMRpfXFy7k6vfgAiXby36Ejn80RhUWw/WbdHBoAFgQe4QYEAgeEaQ/2MOuIWmOrGJxPpC+dVLFVLJmOh9BZ99eZikvki6TIMn919/lA7Jj3MFhAjZEn8bkgxKwXipb2Rg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724289935; c=relaxed/simple; bh=UfnD/vwYhJAG5eeyMGChyi/Mvp0W7sWbhsiXsNf8YOk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=JVtgrkkrnxdH+9VFViKybccF0UoBeGqNifdBX5YMQ4Wn+tpmeW1Nzc502i6ec2+DidR1nHrhVPZPURhgCDw+Iq6xMm6qltdMxLFvwm2M6YzbE8/P3GLq7ei+kOx/yEWuF8krcBFMiNPfM7Pdjk6sZlMq0YYPMTx7x5D6w6b6H7k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=af5on3lb; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="af5on3lb" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1724289934; x=1755825934; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=UfnD/vwYhJAG5eeyMGChyi/Mvp0W7sWbhsiXsNf8YOk=; b=af5on3lb6h1eRWVP86qYOEpSwPqEfRU8ewU3fob7Ur060RB3k7a6esZb 88BiEIIR3xdGiA7GTdQTULoLLh901gHMgssiWLzpjR+Id1EbH6b11OR8n yXvSvTVsxIkVRP1P3jlweQnd/JNIikbSCFxCoK1iktXrTOpOdNTNJjfNy iRR20SDPK19Y5iOJixvIHlNFcOsVYwz/qEzQiRAYuTo6YQ7jRv4MZYMCu BD+nfvKMfZJl0I6ElKVG3WB4cmOqNRxn22ki1/WOD1ukdatDAbJu3yTc9 6pLihuefb0YcCqqcyp/a+Wl+wat0ND/nsM91ZtUG8cI3evdQ9D45ZLe/r w==; X-CSE-ConnectionGUID: zTTbIjFDThS8pk8k2dZs+g== X-CSE-MsgGUID: jma/l9S8Rq6oYkXvFTXhog== X-IronPort-AV: E=McAfee;i="6700,10204,11171"; a="25574722" X-IronPort-AV: E=Sophos;i="6.10,165,1719903600"; d="scan'208";a="25574722" Received: from orviesa007.jf.intel.com ([10.64.159.147]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2024 18:25:32 -0700 X-CSE-ConnectionGUID: U/zxtZH3Sxawzi2S62cYuQ== X-CSE-MsgGUID: Cw+QmJQoSQuaebyuzQT6IQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.10,165,1719903600"; d="scan'208";a="61811017" Received: from unknown (HELO vcostago-mobl3.jf.intel.com) ([10.241.225.92]) by orviesa007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2024 18:25:32 -0700 From: Vinicius Costa Gomes To: brauner@kernel.org, amir73il@gmail.com, hu1.chen@intel.com Cc: miklos@szeredi.hu, malini.bhandaru@intel.com, tim.c.chen@intel.com, mikko.ylinen@intel.com, lizhen.you@intel.com, linux-unionfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Vinicius Costa Gomes Subject: [PATCH v2 01/16] cred: Add a light version of override/revert_creds() Date: Wed, 21 Aug 2024 18:25:08 -0700 Message-ID: <20240822012523.141846-2-vinicius.gomes@intel.com> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240822012523.141846-1-vinicius.gomes@intel.com> References: <20240822012523.141846-1-vinicius.gomes@intel.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Add a light version of override/revert_creds(), this should only be used when the credentials in question will outlive the critical section and the critical section doesn't change the ->usage of the credentials. Suggested-by: Christian Brauner Signed-off-by: Vinicius Costa Gomes --- include/linux/cred.h | 18 ++++++++++++++++++ kernel/cred.c | 6 +++--- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/include/linux/cred.h b/include/linux/cred.h index 2976f534a7a3..e4a3155fe409 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -172,6 +172,24 @@ static inline bool cap_ambient_invariant_ok(const struct cred *cred) cred->cap_inheritable)); } +/* + * Override creds without bumping reference count. Caller must ensure + * reference remains valid or has taken reference. Almost always not the + * interface you want. Use override_creds()/revert_creds() instead. + */ +static inline const struct cred *override_creds_light(const struct cred *override_cred) +{ + const struct cred *old = current->cred; + + rcu_assign_pointer(current->cred, override_cred); + return old; +} + +static inline void revert_creds_light(const struct cred *revert_cred) +{ + rcu_assign_pointer(current->cred, revert_cred); +} + /** * get_new_cred_many - Get references on a new set of credentials * @cred: The new credentials to reference diff --git a/kernel/cred.c b/kernel/cred.c index 075cfa7c896f..da7da250f7c8 100644 --- a/kernel/cred.c +++ b/kernel/cred.c @@ -485,7 +485,7 @@ EXPORT_SYMBOL(abort_creds); */ const struct cred *override_creds(const struct cred *new) { - const struct cred *old = current->cred; + const struct cred *old; kdebug("override_creds(%p{%ld})", new, atomic_long_read(&new->usage)); @@ -499,7 +499,7 @@ const struct cred *override_creds(const struct cred *new) * visible to other threads under RCU. */ get_new_cred((struct cred *)new); - rcu_assign_pointer(current->cred, new); + old = override_creds_light(new); kdebug("override_creds() = %p{%ld}", old, atomic_long_read(&old->usage)); @@ -521,7 +521,7 @@ void revert_creds(const struct cred *old) kdebug("revert_creds(%p{%ld})", old, atomic_long_read(&old->usage)); - rcu_assign_pointer(current->cred, old); + revert_creds_light(old); put_cred(override); } EXPORT_SYMBOL(revert_creds); From patchwork Thu Aug 22 01:25:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vinicius Costa Gomes X-Patchwork-Id: 13772404 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3ABA411711; Thu, 22 Aug 2024 01:25:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724289936; cv=none; b=VJbjUlz4Ga4dIPnmx0/LMpbHLiI+E1IfK2aI9wzeSQoErbcet5FI0x9xp6qio3rbt6PHv39UsveKWIxErJpBirlSsn5jKnP94pFVHujsScJ4BpKtwd5KEFdUjWtPK6aWkajh7cZIZPrrg+Ajwg8ixzt8P7jUNYZ+HPzckDyAzzc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724289936; c=relaxed/simple; bh=g3uaeVAsHyJeu5Tz3K7D6oV17IZ4IoQOeVs6zyE83IA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=W79okamGV4uc33JVGnyjwMSKnlmx2XCT0JBDaIq4Q8ewHchWdFBNruaLy+4eEGoXsJqmYPNRyrYLMeYlSNvgOlmh+I/smGfwVCXN5qGCZ+E+4tA2YpIbO2sEU0Wcyhvn65Xau4CtXYJP6tBwIaSKtvB1QXsqsBy9ZfqrcJWaEl0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=HzOxQFO3; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="HzOxQFO3" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1724289935; x=1755825935; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=g3uaeVAsHyJeu5Tz3K7D6oV17IZ4IoQOeVs6zyE83IA=; b=HzOxQFO3E8Ng7EkRfZ/q6ajnJ8+H+QcJLfkh47MGnPcifMrI1xQQ9i+n /uUUtyJ2VAFwub8AXxTb1FUQ1z4PUrxxEvMtiFBCiOzKjPtKCKNgc6CuT hBohdXBX3KxBBMgbyvOy8euLS0DWbC14tAgmI2QwYoOwP1es2yx16/thp IfxSq1w7iPPH6QPBfoofM9cepKz8mdJWYF9hT0qGM+jQul/FVcer61M0v G0mymfUf3FjMvZsWKHrjMqbUD7OqDgoE/7Z83vSz/aRKedC26SsVnmx8J 8KqpNpdifHrQq0VflbU+yRQKg8oaZhQtnRWe6LUo/Ro2f78Q4dsb0gs6P A==; X-CSE-ConnectionGUID: NiCt7usnRjiHnPlmUSjM6A== X-CSE-MsgGUID: cgrMSoouTriYYNCWnbhACg== X-IronPort-AV: E=McAfee;i="6700,10204,11171"; a="25574725" X-IronPort-AV: E=Sophos;i="6.10,165,1719903600"; d="scan'208";a="25574725" Received: from orviesa007.jf.intel.com ([10.64.159.147]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2024 18:25:32 -0700 X-CSE-ConnectionGUID: HWCknlldRFaxd9pasFUZVA== X-CSE-MsgGUID: P0nBnFf+SB29clGzd6sB1A== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.10,165,1719903600"; d="scan'208";a="61811021" Received: from unknown (HELO vcostago-mobl3.jf.intel.com) ([10.241.225.92]) by orviesa007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2024 18:25:32 -0700 From: Vinicius Costa Gomes To: brauner@kernel.org, amir73il@gmail.com, hu1.chen@intel.com Cc: miklos@szeredi.hu, malini.bhandaru@intel.com, tim.c.chen@intel.com, mikko.ylinen@intel.com, lizhen.you@intel.com, linux-unionfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Vinicius Costa Gomes Subject: [PATCH v2 02/16] fs/backing-file: Convert to revert/override_creds_light() Date: Wed, 21 Aug 2024 18:25:09 -0700 Message-ID: <20240822012523.141846-3-vinicius.gomes@intel.com> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240822012523.141846-1-vinicius.gomes@intel.com> References: <20240822012523.141846-1-vinicius.gomes@intel.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 As the credentials used by backing-file are long lived in relation to the critical section (override_creds() -> revert_creds()) we can replace them by their lighter alternatives. Signed-off-by: Vinicius Costa Gomes --- fs/backing-file.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/fs/backing-file.c b/fs/backing-file.c index afb557446c27..bc19e8e28e58 100644 --- a/fs/backing-file.c +++ b/fs/backing-file.c @@ -176,7 +176,7 @@ ssize_t backing_file_read_iter(struct file *file, struct iov_iter *iter, !(file->f_mode & FMODE_CAN_ODIRECT)) return -EINVAL; - old_cred = override_creds(ctx->cred); + old_cred = override_creds_light(ctx->cred); if (is_sync_kiocb(iocb)) { rwf_t rwf = iocb_to_rw_flags(flags); @@ -197,7 +197,7 @@ ssize_t backing_file_read_iter(struct file *file, struct iov_iter *iter, backing_aio_cleanup(aio, ret); } out: - revert_creds(old_cred); + revert_creds_light(old_cred); if (ctx->accessed) ctx->accessed(ctx->user_file); @@ -233,7 +233,7 @@ ssize_t backing_file_write_iter(struct file *file, struct iov_iter *iter, */ flags &= ~IOCB_DIO_CALLER_COMP; - old_cred = override_creds(ctx->cred); + old_cred = override_creds_light(ctx->cred); if (is_sync_kiocb(iocb)) { rwf_t rwf = iocb_to_rw_flags(flags); @@ -264,7 +264,7 @@ ssize_t backing_file_write_iter(struct file *file, struct iov_iter *iter, backing_aio_cleanup(aio, ret); } out: - revert_creds(old_cred); + revert_creds_light(old_cred); return ret; } @@ -281,9 +281,9 @@ ssize_t backing_file_splice_read(struct file *in, loff_t *ppos, if (WARN_ON_ONCE(!(in->f_mode & FMODE_BACKING))) return -EIO; - old_cred = override_creds(ctx->cred); + old_cred = override_creds_light(ctx->cred); ret = vfs_splice_read(in, ppos, pipe, len, flags); - revert_creds(old_cred); + revert_creds_light(old_cred); if (ctx->accessed) ctx->accessed(ctx->user_file); @@ -307,11 +307,11 @@ ssize_t backing_file_splice_write(struct pipe_inode_info *pipe, if (ret) return ret; - old_cred = override_creds(ctx->cred); + old_cred = override_creds_light(ctx->cred); file_start_write(out); ret = iter_file_splice_write(pipe, out, ppos, len, flags); file_end_write(out); - revert_creds(old_cred); + revert_creds_light(old_cred); if (ctx->end_write) ctx->end_write(ctx->user_file); @@ -335,9 +335,9 @@ int backing_file_mmap(struct file *file, struct vm_area_struct *vma, vma_set_file(vma, file); - old_cred = override_creds(ctx->cred); + old_cred = override_creds_light(ctx->cred); ret = call_mmap(vma->vm_file, vma); - revert_creds(old_cred); + revert_creds_light(old_cred); if (ctx->accessed) ctx->accessed(ctx->user_file); From patchwork Thu Aug 22 01:25:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vinicius Costa Gomes X-Patchwork-Id: 13772405 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 924E117999; Thu, 22 Aug 2024 01:25:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724289937; cv=none; b=VPTPfwnhRjwvLtinUgs7tXm/5o/1F8dmyYdcsMV+RtmrBQSKpPzx5I1124oKQVGhhokHGh3bo2hsR0Crarmw98+ak4Dsnr6VbNyIfFuX04sJHpBT7aNmOoRWXHcIpYxUQhO/hYDYVzc+wzBnBsiO+PkW8lS4wQtXAZ33oSeJGjo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724289937; c=relaxed/simple; bh=42X8Gh2L7dyGjX3VvIUPml7cHJOMOyQ+YrI4+eJU3i0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=OqTdXNRGaWzVQyASu0FI4nb/iAgp2xFi5HTapBlg47e+xSHmK/YP9sPLrhv/LbDvbxZjyA+CQ+W40W80DJi1zDbPO6qY0RdvKibqIg5bsQ59iRrH9oLVt9JzPXMNGb08VSm4XNl8w3q0WdqHc7OI8tlq9YdMkLndvgkZ07kb3qI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=WHmnCkMz; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="WHmnCkMz" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1724289936; x=1755825936; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=42X8Gh2L7dyGjX3VvIUPml7cHJOMOyQ+YrI4+eJU3i0=; b=WHmnCkMzcpAArlpU/1n1pOf/2S4t9De+DqnDi/G4pAyyfzDQK0IHzp93 GRpWZseM5RU2S1tMQ7GF6UwbhVOHBWfQdKRMsqlOwNQakbBI3+q/IbWCW JONEuakkjR9f8gArAm/QTHmbaWZ2sUkTBH9ZtyqW+wN/E7tzPQ7pF55UB 0fJLVTifEckqrwdIsJjaqbIZ2nZvX9yAqOoNTgfDoBzXMe0STpdbb2Clt KA8uq603mu8t/X1bvkbSGh1iVkSDO9F9pBX+MopmD1mqdWQf/UiHDYgeu 2UHb67HrJ3X1vuqISfWczyIz3723LeJdn2MMXug92MDEjH81D7c/Rds0b Q==; X-CSE-ConnectionGUID: 17BLysSrSdW9adgyZsr62g== X-CSE-MsgGUID: u2M5jakyT7W1o0omAvAYxA== X-IronPort-AV: E=McAfee;i="6700,10204,11171"; a="25574729" X-IronPort-AV: E=Sophos;i="6.10,165,1719903600"; d="scan'208";a="25574729" Received: from orviesa007.jf.intel.com ([10.64.159.147]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2024 18:25:32 -0700 X-CSE-ConnectionGUID: tiVfE80JT/CoE3tM7yMKJA== X-CSE-MsgGUID: qN8Nln/PSDqc4gyj4eZOyA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.10,165,1719903600"; d="scan'208";a="61811024" Received: from unknown (HELO vcostago-mobl3.jf.intel.com) ([10.241.225.92]) by orviesa007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2024 18:25:32 -0700 From: Vinicius Costa Gomes To: brauner@kernel.org, amir73il@gmail.com, hu1.chen@intel.com Cc: miklos@szeredi.hu, malini.bhandaru@intel.com, tim.c.chen@intel.com, mikko.ylinen@intel.com, lizhen.you@intel.com, linux-unionfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Vinicius Costa Gomes Subject: [PATCH v2 03/16] fs/overlayfs: Introduce ovl_override_creds_light() Date: Wed, 21 Aug 2024 18:25:10 -0700 Message-ID: <20240822012523.141846-4-vinicius.gomes@intel.com> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240822012523.141846-1-vinicius.gomes@intel.com> References: <20240822012523.141846-1-vinicius.gomes@intel.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Will be used when there are guarantees that the credentials usage count is not modified in the critical section. This is a temporary helper, that will be removed when all users are converted to use the credentials GUARD() helpers. Signed-off-by: Vinicius Costa Gomes --- fs/overlayfs/overlayfs.h | 1 + fs/overlayfs/util.c | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index 0bfe35da4b7b..557d8c4e3a01 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -429,6 +429,7 @@ int ovl_want_write(struct dentry *dentry); void ovl_drop_write(struct dentry *dentry); struct dentry *ovl_workdir(struct dentry *dentry); const struct cred *ovl_override_creds(struct super_block *sb); +const struct cred *ovl_override_creds_light(struct super_block *sb); static inline const struct cred *ovl_creds(struct super_block *sb) { diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c index edc9216f6e27..3525ede21600 100644 --- a/fs/overlayfs/util.c +++ b/fs/overlayfs/util.c @@ -68,6 +68,13 @@ const struct cred *ovl_override_creds(struct super_block *sb) return override_creds(ofs->creator_cred); } +const struct cred *ovl_override_creds_light(struct super_block *sb) +{ + struct ovl_fs *ofs = OVL_FS(sb); + + return override_creds_light(ofs->creator_cred); +} + /* * Check if underlying fs supports file handles and try to determine encoding * type, in order to deduce maximum inode number used by fs. From patchwork Thu Aug 22 01:25:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vinicius Costa Gomes X-Patchwork-Id: 13772406 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CF2151B27D; Thu, 22 Aug 2024 01:25:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724289937; cv=none; b=cdcMS/coGtSOaz1mQUB+V+6eTpt56oupAfvnOx3yWnPda38h3Hs/9VEatTv2DoQ1khaH0TvXz7GQuI344FOAJGNR6E7LGlbJN35EDRUSCUTzWmKW2n4RX2YmISWvtv8bcYk6x9iyAb2kjVceO1YU0vuQKnwl4P/PawCz8UQSEU4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724289937; c=relaxed/simple; bh=CZkEIxc+FPJaU+fDIa1vfhmaBsh7YXbodcWi0F7voVM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=qz0imvXHt/dzY3waWn7fBTphbyOGuhXdbtiIZ+CiseD3VHqXh4NosSt1BncRysLuALal+AQXmYB7bUN+iCh7yvG8Z/Z8cfl79nUAUI2Gf0hVsgN9Gwpx2H3CM3dgfzzUQqqeIb0AjPveTxS2mLDzqWOVvNA2fKm2CgVs8YM7tg8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=FsyfWWA8; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="FsyfWWA8" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1724289936; x=1755825936; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=CZkEIxc+FPJaU+fDIa1vfhmaBsh7YXbodcWi0F7voVM=; b=FsyfWWA8Bxpz6Xc9zKMSMAayNK9t+c3cn9obsKUZqc4sVh+P3c8FA+BE PhSYs+yWfb6aBb0Bdj12bafL0uWGSQ/dbgRnVsujsd/ulqkRLCnBmgpwn o6ALKZQL+pUZ4T8D0DqMG8zbVUlRk6R+eVGL9G6BtClysSMXCgdg1wus2 OzUKMfB98Re3469rYhNG/fO++VSoF6gvuaRgYczE8hHotwSU/OsNoiOR2 Ufk2qg/KsWzNb+0i0nuDfRSiQe77A2blJ23CvQfRUmmaQltED9a+ujGQZ OwAApkd/1yKhCI7bvr8XLCzBNSXTXiOIECecIW8EUoKa1EgCzmwi+TEGU w==; X-CSE-ConnectionGUID: CvimTQMATLKimauT2WpTrA== X-CSE-MsgGUID: Tub3MiOORFGOqff8cOUifg== X-IronPort-AV: E=McAfee;i="6700,10204,11171"; a="25574733" X-IronPort-AV: E=Sophos;i="6.10,165,1719903600"; d="scan'208";a="25574733" Received: from orviesa007.jf.intel.com ([10.64.159.147]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2024 18:25:32 -0700 X-CSE-ConnectionGUID: qGd1H4ZLS7iaqbvcQt7jbw== X-CSE-MsgGUID: ZvvVH9+UTlSlgf/5Z8ERMg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.10,165,1719903600"; d="scan'208";a="61811028" Received: from unknown (HELO vcostago-mobl3.jf.intel.com) ([10.241.225.92]) by orviesa007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2024 18:25:32 -0700 From: Vinicius Costa Gomes To: brauner@kernel.org, amir73il@gmail.com, hu1.chen@intel.com Cc: miklos@szeredi.hu, malini.bhandaru@intel.com, tim.c.chen@intel.com, mikko.ylinen@intel.com, lizhen.you@intel.com, linux-unionfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Vinicius Costa Gomes Subject: [PATCH v2 04/16] overlayfs: Document critical override_creds() operations Date: Wed, 21 Aug 2024 18:25:11 -0700 Message-ID: <20240822012523.141846-5-vinicius.gomes@intel.com> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240822012523.141846-1-vinicius.gomes@intel.com> References: <20240822012523.141846-1-vinicius.gomes@intel.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Add a comment to these operations that cannot use the _light version of override_creds()/revert_creds(), because during the critical section the struct cred .usage counter might be modified. Signed-off-by: Vinicius Costa Gomes --- fs/overlayfs/copy_up.c | 6 +++++- fs/overlayfs/dir.c | 3 +++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index a5ef2005a2cc..7dec275e08cd 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -718,8 +718,12 @@ static int ovl_prep_cu_creds(struct dentry *dentry, struct ovl_cu_creds *cc) if (err < 0) return err; - if (cc->new) + if (cc->new) { + /* Do not use the _light version, the credentials + * ->usage might be modified. + */ cc->old = override_creds(cc->new); + } return 0; } diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c index ab65e98a1def..851945904385 100644 --- a/fs/overlayfs/dir.c +++ b/fs/overlayfs/dir.c @@ -584,6 +584,7 @@ static int ovl_create_or_link(struct dentry *dentry, struct inode *inode, const struct cred *old_cred; struct dentry *parent = dentry->d_parent; + /* Do not use the _light version, cred->usage might be modified */ old_cred = ovl_override_creds(dentry->d_sb); /* @@ -1159,6 +1160,7 @@ static int ovl_rename(struct mnt_idmap *idmap, struct inode *olddir, goto out; } + /* Do not use the _light version, cred->usage might be modified */ old_cred = ovl_override_creds(old->d_sb); if (!list_empty(&list)) { @@ -1314,6 +1316,7 @@ static int ovl_create_tmpfile(struct file *file, struct dentry *dentry, int flags = file->f_flags | OVL_OPEN_FLAGS; int err; + /* Do not use the _light version, cred->usage might be modified */ old_cred = ovl_override_creds(dentry->d_sb); err = ovl_setup_cred_for_create(dentry, inode, mode, old_cred); if (err) From patchwork Thu Aug 22 01:25:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vinicius Costa Gomes X-Patchwork-Id: 13772408 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0520E210E7; Thu, 22 Aug 2024 01:25:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724289939; cv=none; b=B2PcrlEojPdZTTErYLDRGAzmcG8kQQrruqKOUuNrwN1bEzIJWz0iW9kRDtDrn4KD8LFb2boK1KJXiYY0LVOMNqvjEypLiCeUdWdZMsJUmywRz7C0TW1ztTXijdUnx2udLAkgD2lmxQKSaN2xz334sRgY5fxhCLODwxw0WzPp4VM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724289939; c=relaxed/simple; bh=lXgOrEnbrpLLD9kic5+pvhL5u9/hVs8V8wlwkACc8eM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=b9JDILa57yIfXkjYFguzKO6NIwvtfyM0/QbTWW3bhS4JD/ZRy2FOZk+BNeiKlPrkZzfCkrJwQXU1sdKPopvPtMQp4cez/SA7jon7iJ53eNY+twq5TckNkUH5+oDxL+LeHpnYZEunqntseNCMDc4eUnRhbfaY43knx6zl7GWTAyk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=Wq8bd9cb; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Wq8bd9cb" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1724289937; x=1755825937; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=lXgOrEnbrpLLD9kic5+pvhL5u9/hVs8V8wlwkACc8eM=; b=Wq8bd9cbC25IgPlzA4KKOvBM5iTk2/AJf1aJMNrHmZrRQ3bfl0O3LHRC vj3KqWmnMjFcWim74ixYXcBLOQmSH0d3zV7JIAn5cRJAozbQdtsjQkk9R QGMjdp1GFQbOYOdcOAX69+zdqK3ZXL01zNw140b9tIpkZF33Od3UMm/qM maf9wFc3huFJUs0JHBxwhMVdNPO+ibR93XnawvTy56cQy+SduZynSFR8e dWN8OGlJjBB3frcdz9KsijMBqiDYRp3pr2FlHjgC0Dpsvg3sGla8TbXxV 0mseGXqiFfA0W3dPwx4TNcZYj01wmwNf+I1je7NKK2ppOa5OhaaZVD7MK w==; X-CSE-ConnectionGUID: uBaWjmfkSV+tJG+aHdtMOQ== X-CSE-MsgGUID: yfK+wbkjQzSdDoQmnjzAiQ== X-IronPort-AV: E=McAfee;i="6700,10204,11171"; a="25574739" X-IronPort-AV: E=Sophos;i="6.10,165,1719903600"; d="scan'208";a="25574739" Received: from orviesa007.jf.intel.com ([10.64.159.147]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2024 18:25:32 -0700 X-CSE-ConnectionGUID: keXDrThMRXyNqBZMol3R6w== X-CSE-MsgGUID: HeU2AJbMSo+3AC1it+SOwA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.10,165,1719903600"; d="scan'208";a="61811033" Received: from unknown (HELO vcostago-mobl3.jf.intel.com) ([10.241.225.92]) by orviesa007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2024 18:25:32 -0700 From: Vinicius Costa Gomes To: brauner@kernel.org, amir73il@gmail.com, hu1.chen@intel.com Cc: miklos@szeredi.hu, malini.bhandaru@intel.com, tim.c.chen@intel.com, mikko.ylinen@intel.com, lizhen.you@intel.com, linux-unionfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Vinicius Costa Gomes Subject: [PATCH v2 05/16] overlayfs: Use ovl_override_creds_light()/revert_creds_light() Date: Wed, 21 Aug 2024 18:25:12 -0700 Message-ID: <20240822012523.141846-6-vinicius.gomes@intel.com> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240822012523.141846-1-vinicius.gomes@intel.com> References: <20240822012523.141846-1-vinicius.gomes@intel.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Convert to use ovl_override_creds_light()/revert_creds_light(), these functions assume that the critical section won't modify the usage counter of the credentials in question. In most overlayfs instances, the credentials lifetime is the duration of the filesystem being mounted, so it's safe to assume that it will continue to exist for that duration. NOTE: that in copy up there was an instance in which that the conversion is not safe, because there's a risk of the cred refcount being changed in the critical section. Signed-off-by: Vinicius Costa Gomes --- fs/overlayfs/copy_up.c | 4 ++-- fs/overlayfs/dir.c | 8 ++++---- fs/overlayfs/file.c | 28 ++++++++++++++-------------- fs/overlayfs/inode.c | 40 ++++++++++++++++++++-------------------- fs/overlayfs/namei.c | 18 +++++++++--------- fs/overlayfs/readdir.c | 16 ++++++++-------- fs/overlayfs/util.c | 8 ++++---- fs/overlayfs/xattrs.c | 17 ++++++++--------- 8 files changed, 69 insertions(+), 70 deletions(-) diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index 7dec275e08cd..7b1679ce996e 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -1204,7 +1204,7 @@ static int ovl_copy_up_flags(struct dentry *dentry, int flags) if (err) return err; - old_cred = ovl_override_creds(dentry->d_sb); + old_cred = ovl_override_creds_light(dentry->d_sb); while (!err) { struct dentry *next; struct dentry *parent = NULL; @@ -1229,7 +1229,7 @@ static int ovl_copy_up_flags(struct dentry *dentry, int flags) dput(parent); dput(next); } - revert_creds(old_cred); + revert_creds_light(old_cred); return err; } diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c index 851945904385..52021e56b235 100644 --- a/fs/overlayfs/dir.c +++ b/fs/overlayfs/dir.c @@ -701,9 +701,9 @@ static int ovl_set_link_redirect(struct dentry *dentry) const struct cred *old_cred; int err; - old_cred = ovl_override_creds(dentry->d_sb); + old_cred = ovl_override_creds_light(dentry->d_sb); err = ovl_set_redirect(dentry, false); - revert_creds(old_cred); + revert_creds_light(old_cred); return err; } @@ -908,12 +908,12 @@ static int ovl_do_remove(struct dentry *dentry, bool is_dir) if (err) goto out; - old_cred = ovl_override_creds(dentry->d_sb); + old_cred = ovl_override_creds_light(dentry->d_sb); if (!lower_positive) err = ovl_remove_upper(dentry, is_dir, &list); else err = ovl_remove_and_whiteout(dentry, &list); - revert_creds(old_cred); + revert_creds_light(old_cred); if (!err) { if (is_dir) clear_nlink(dentry->d_inode); diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c index 1a411cae57ed..5533fedcbc47 100644 --- a/fs/overlayfs/file.c +++ b/fs/overlayfs/file.c @@ -39,7 +39,7 @@ static struct file *ovl_open_realfile(const struct file *file, if (flags & O_APPEND) acc_mode |= MAY_APPEND; - old_cred = ovl_override_creds(inode->i_sb); + old_cred = ovl_override_creds_light(inode->i_sb); real_idmap = mnt_idmap(realpath->mnt); err = inode_permission(real_idmap, realinode, MAY_OPEN | acc_mode); if (err) { @@ -51,7 +51,7 @@ static struct file *ovl_open_realfile(const struct file *file, realfile = backing_file_open(&file->f_path, flags, realpath, current_cred()); } - revert_creds(old_cred); + revert_creds_light(old_cred); pr_debug("open(%p[%pD2/%c], 0%o) -> (%p, 0%o)\n", file, file, ovl_whatisit(inode, realinode), file->f_flags, @@ -211,9 +211,9 @@ static loff_t ovl_llseek(struct file *file, loff_t offset, int whence) ovl_inode_lock(inode); real.file->f_pos = file->f_pos; - old_cred = ovl_override_creds(inode->i_sb); + old_cred = ovl_override_creds_light(inode->i_sb); ret = vfs_llseek(real.file, offset, whence); - revert_creds(old_cred); + revert_creds_light(old_cred); file->f_pos = real.file->f_pos; ovl_inode_unlock(inode); @@ -398,9 +398,9 @@ static int ovl_fsync(struct file *file, loff_t start, loff_t end, int datasync) /* Don't sync lower file for fear of receiving EROFS error */ if (file_inode(real.file) == ovl_inode_upper(file_inode(file))) { - old_cred = ovl_override_creds(file_inode(file)->i_sb); + old_cred = ovl_override_creds_light(file_inode(file)->i_sb); ret = vfs_fsync_range(real.file, start, end, datasync); - revert_creds(old_cred); + revert_creds_light(old_cred); } fdput(real); @@ -438,9 +438,9 @@ static long ovl_fallocate(struct file *file, int mode, loff_t offset, loff_t len if (ret) goto out_unlock; - old_cred = ovl_override_creds(file_inode(file)->i_sb); + old_cred = ovl_override_creds_light(file_inode(file)->i_sb); ret = vfs_fallocate(real.file, mode, offset, len); - revert_creds(old_cred); + revert_creds_light(old_cred); /* Update size */ ovl_file_modified(file); @@ -463,9 +463,9 @@ static int ovl_fadvise(struct file *file, loff_t offset, loff_t len, int advice) if (ret) return ret; - old_cred = ovl_override_creds(file_inode(file)->i_sb); + old_cred = ovl_override_creds_light(file_inode(file)->i_sb); ret = vfs_fadvise(real.file, offset, len, advice); - revert_creds(old_cred); + revert_creds_light(old_cred); fdput(real); @@ -506,7 +506,7 @@ static loff_t ovl_copyfile(struct file *file_in, loff_t pos_in, goto out_unlock; } - old_cred = ovl_override_creds(file_inode(file_out)->i_sb); + old_cred = ovl_override_creds_light(file_inode(file_out)->i_sb); switch (op) { case OVL_COPY: ret = vfs_copy_file_range(real_in.file, pos_in, @@ -524,7 +524,7 @@ static loff_t ovl_copyfile(struct file *file_in, loff_t pos_in, flags); break; } - revert_creds(old_cred); + revert_creds_light(old_cred); /* Update size */ ovl_file_modified(file_out); @@ -584,9 +584,9 @@ static int ovl_flush(struct file *file, fl_owner_t id) return err; if (real.file->f_op->flush) { - old_cred = ovl_override_creds(file_inode(file)->i_sb); + old_cred = ovl_override_creds_light(file_inode(file)->i_sb); err = real.file->f_op->flush(real.file, id); - revert_creds(old_cred); + revert_creds_light(old_cred); } fdput(real); diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index 35fd3e3e1778..30460d718605 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -78,9 +78,9 @@ int ovl_setattr(struct mnt_idmap *idmap, struct dentry *dentry, goto out_put_write; inode_lock(upperdentry->d_inode); - old_cred = ovl_override_creds(dentry->d_sb); + old_cred = ovl_override_creds_light(dentry->d_sb); err = ovl_do_notify_change(ofs, upperdentry, attr); - revert_creds(old_cred); + revert_creds_light(old_cred); if (!err) ovl_copyattr(dentry->d_inode); inode_unlock(upperdentry->d_inode); @@ -169,7 +169,7 @@ int ovl_getattr(struct mnt_idmap *idmap, const struct path *path, metacopy_blocks = ovl_is_metacopy_dentry(dentry); type = ovl_path_real(dentry, &realpath); - old_cred = ovl_override_creds(dentry->d_sb); + old_cred = ovl_override_creds_light(dentry->d_sb); err = ovl_do_getattr(&realpath, stat, request_mask, flags); if (err) goto out; @@ -280,7 +280,7 @@ int ovl_getattr(struct mnt_idmap *idmap, const struct path *path, stat->nlink = dentry->d_inode->i_nlink; out: - revert_creds(old_cred); + revert_creds_light(old_cred); return err; } @@ -309,7 +309,7 @@ int ovl_permission(struct mnt_idmap *idmap, if (err) return err; - old_cred = ovl_override_creds(inode->i_sb); + old_cred = ovl_override_creds_light(inode->i_sb); if (!upperinode && !special_file(realinode->i_mode) && mask & MAY_WRITE) { mask &= ~(MAY_WRITE | MAY_APPEND); @@ -317,7 +317,7 @@ int ovl_permission(struct mnt_idmap *idmap, mask |= MAY_READ; } err = inode_permission(mnt_idmap(realpath.mnt), realinode, mask); - revert_creds(old_cred); + revert_creds_light(old_cred); return err; } @@ -332,9 +332,9 @@ static const char *ovl_get_link(struct dentry *dentry, if (!dentry) return ERR_PTR(-ECHILD); - old_cred = ovl_override_creds(dentry->d_sb); + old_cred = ovl_override_creds_light(dentry->d_sb); p = vfs_get_link(ovl_dentry_real(dentry), done); - revert_creds(old_cred); + revert_creds_light(old_cred); return p; } @@ -467,9 +467,9 @@ struct posix_acl *do_ovl_get_acl(struct mnt_idmap *idmap, } else { const struct cred *old_cred; - old_cred = ovl_override_creds(inode->i_sb); + old_cred = ovl_override_creds_light(inode->i_sb); acl = ovl_get_acl_path(&realpath, posix_acl_xattr_name(type), noperm); - revert_creds(old_cred); + revert_creds_light(old_cred); } return acl; @@ -495,10 +495,10 @@ static int ovl_set_or_remove_acl(struct dentry *dentry, struct inode *inode, struct posix_acl *real_acl; ovl_path_lower(dentry, &realpath); - old_cred = ovl_override_creds(dentry->d_sb); + old_cred = ovl_override_creds_light(dentry->d_sb); real_acl = vfs_get_acl(mnt_idmap(realpath.mnt), realdentry, acl_name); - revert_creds(old_cred); + revert_creds_light(old_cred); if (IS_ERR(real_acl)) { err = PTR_ERR(real_acl); goto out; @@ -518,12 +518,12 @@ static int ovl_set_or_remove_acl(struct dentry *dentry, struct inode *inode, if (err) goto out; - old_cred = ovl_override_creds(dentry->d_sb); + old_cred = ovl_override_creds_light(dentry->d_sb); if (acl) err = ovl_do_set_acl(ofs, realdentry, acl_name, acl); else err = ovl_do_remove_acl(ofs, realdentry, acl_name); - revert_creds(old_cred); + revert_creds_light(old_cred); ovl_drop_write(dentry); /* copy c/mtime */ @@ -598,9 +598,9 @@ static int ovl_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, if (!realinode->i_op->fiemap) return -EOPNOTSUPP; - old_cred = ovl_override_creds(inode->i_sb); + old_cred = ovl_override_creds_light(inode->i_sb); err = realinode->i_op->fiemap(realinode, fieinfo, start, len); - revert_creds(old_cred); + revert_creds_light(old_cred); return err; } @@ -660,7 +660,7 @@ int ovl_fileattr_set(struct mnt_idmap *idmap, if (err) goto out; - old_cred = ovl_override_creds(inode->i_sb); + old_cred = ovl_override_creds_light(inode->i_sb); /* * Store immutable/append-only flags in xattr and clear them * in upper fileattr (in case they were set by older kernel) @@ -671,7 +671,7 @@ int ovl_fileattr_set(struct mnt_idmap *idmap, err = ovl_set_protattr(inode, upperpath.dentry, fa); if (!err) err = ovl_real_fileattr_set(&upperpath, fa); - revert_creds(old_cred); + revert_creds_light(old_cred); ovl_drop_write(dentry); /* @@ -730,10 +730,10 @@ int ovl_fileattr_get(struct dentry *dentry, struct fileattr *fa) ovl_path_real(dentry, &realpath); - old_cred = ovl_override_creds(inode->i_sb); + old_cred = ovl_override_creds_light(inode->i_sb); err = ovl_real_fileattr_get(&realpath, fa); ovl_fileattr_prot_flags(inode, fa); - revert_creds(old_cred); + revert_creds_light(old_cred); return err; } diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c index 5764f91d283e..e52d6ae8eeb5 100644 --- a/fs/overlayfs/namei.c +++ b/fs/overlayfs/namei.c @@ -955,13 +955,13 @@ static int ovl_maybe_validate_verity(struct dentry *dentry) if (!ovl_test_flag(OVL_VERIFIED_DIGEST, inode)) { const struct cred *old_cred; - old_cred = ovl_override_creds(dentry->d_sb); + old_cred = ovl_override_creds_light(dentry->d_sb); err = ovl_validate_verity(ofs, &metapath, &datapath); if (err == 0) ovl_set_flag(OVL_VERIFIED_DIGEST, inode); - revert_creds(old_cred); + revert_creds_light(old_cred); } ovl_inode_unlock(inode); @@ -993,9 +993,9 @@ static int ovl_maybe_lookup_lowerdata(struct dentry *dentry) if (ovl_dentry_lowerdata(dentry)) goto out; - old_cred = ovl_override_creds(dentry->d_sb); + old_cred = ovl_override_creds_light(dentry->d_sb); err = ovl_lookup_data_layers(dentry, redirect, &datapath); - revert_creds(old_cred); + revert_creds_light(old_cred); if (err) goto out_err; @@ -1061,7 +1061,7 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, if (dentry->d_name.len > ofs->namelen) return ERR_PTR(-ENAMETOOLONG); - old_cred = ovl_override_creds(dentry->d_sb); + old_cred = ovl_override_creds_light(dentry->d_sb); upperdir = ovl_dentry_upper(dentry->d_parent); if (upperdir) { d.layer = &ofs->layers[0]; @@ -1342,7 +1342,7 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, ovl_dentry_init_reval(dentry, upperdentry, OVL_I_E(inode)); - revert_creds(old_cred); + revert_creds_light(old_cred); if (origin_path) { dput(origin_path->dentry); kfree(origin_path); @@ -1366,7 +1366,7 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, kfree(upperredirect); out: kfree(d.redirect); - revert_creds(old_cred); + revert_creds_light(old_cred); return ERR_PTR(err); } @@ -1390,7 +1390,7 @@ bool ovl_lower_positive(struct dentry *dentry) if (!ovl_dentry_upper(dentry)) return true; - old_cred = ovl_override_creds(dentry->d_sb); + old_cred = ovl_override_creds_light(dentry->d_sb); /* Positive upper -> have to look up lower to see whether it exists */ for (i = 0; !done && !positive && i < ovl_numlower(poe); i++) { struct dentry *this; @@ -1423,7 +1423,7 @@ bool ovl_lower_positive(struct dentry *dentry) dput(this); } } - revert_creds(old_cred); + revert_creds_light(old_cred); return positive; } diff --git a/fs/overlayfs/readdir.c b/fs/overlayfs/readdir.c index 0ca8af060b0c..c8bf681f5cf0 100644 --- a/fs/overlayfs/readdir.c +++ b/fs/overlayfs/readdir.c @@ -275,7 +275,7 @@ static int ovl_check_whiteouts(const struct path *path, struct ovl_readdir_data struct dentry *dentry, *dir = path->dentry; const struct cred *old_cred; - old_cred = ovl_override_creds(rdd->dentry->d_sb); + old_cred = ovl_override_creds_light(rdd->dentry->d_sb); err = down_write_killable(&dir->d_inode->i_rwsem); if (!err) { @@ -290,7 +290,7 @@ static int ovl_check_whiteouts(const struct path *path, struct ovl_readdir_data } inode_unlock(dir->d_inode); } - revert_creds(old_cred); + revert_creds_light(old_cred); return err; } @@ -756,7 +756,7 @@ static int ovl_iterate(struct file *file, struct dir_context *ctx) const struct cred *old_cred; int err; - old_cred = ovl_override_creds(dentry->d_sb); + old_cred = ovl_override_creds_light(dentry->d_sb); if (!ctx->pos) ovl_dir_reset(file); @@ -808,7 +808,7 @@ static int ovl_iterate(struct file *file, struct dir_context *ctx) } err = 0; out: - revert_creds(old_cred); + revert_creds_light(old_cred); return err; } @@ -858,9 +858,9 @@ static struct file *ovl_dir_open_realfile(const struct file *file, struct file *res; const struct cred *old_cred; - old_cred = ovl_override_creds(file_inode(file)->i_sb); + old_cred = ovl_override_creds_light(file_inode(file)->i_sb); res = ovl_path_open(realpath, O_RDONLY | (file->f_flags & O_LARGEFILE)); - revert_creds(old_cred); + revert_creds_light(old_cred); return res; } @@ -985,9 +985,9 @@ int ovl_check_empty_dir(struct dentry *dentry, struct list_head *list) struct rb_root root = RB_ROOT; const struct cred *old_cred; - old_cred = ovl_override_creds(dentry->d_sb); + old_cred = ovl_override_creds_light(dentry->d_sb); err = ovl_dir_read_merged(dentry, list, &root); - revert_creds(old_cred); + revert_creds_light(old_cred); if (err) return err; diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c index 3525ede21600..80caeb81c727 100644 --- a/fs/overlayfs/util.c +++ b/fs/overlayfs/util.c @@ -1177,7 +1177,7 @@ int ovl_nlink_start(struct dentry *dentry) if (d_is_dir(dentry) || !ovl_test_flag(OVL_INDEX, inode)) return 0; - old_cred = ovl_override_creds(dentry->d_sb); + old_cred = ovl_override_creds_light(dentry->d_sb); /* * The overlay inode nlink should be incremented/decremented IFF the * upper operation succeeds, along with nlink change of upper inode. @@ -1185,7 +1185,7 @@ int ovl_nlink_start(struct dentry *dentry) * value relative to the upper inode nlink in an upper inode xattr. */ err = ovl_set_nlink_upper(dentry); - revert_creds(old_cred); + revert_creds_light(old_cred); if (err) goto out_drop_write; @@ -1208,9 +1208,9 @@ void ovl_nlink_end(struct dentry *dentry) if (ovl_test_flag(OVL_INDEX, inode) && inode->i_nlink == 0) { const struct cred *old_cred; - old_cred = ovl_override_creds(dentry->d_sb); + old_cred = ovl_override_creds_light(dentry->d_sb); ovl_cleanup_index(dentry); - revert_creds(old_cred); + revert_creds_light(old_cred); } ovl_inode_unlock(inode); diff --git a/fs/overlayfs/xattrs.c b/fs/overlayfs/xattrs.c index 383978e4663c..0d315d0dd89e 100644 --- a/fs/overlayfs/xattrs.c +++ b/fs/overlayfs/xattrs.c @@ -45,9 +45,9 @@ static int ovl_xattr_set(struct dentry *dentry, struct inode *inode, const char if (!value && !upperdentry) { ovl_path_lower(dentry, &realpath); - old_cred = ovl_override_creds(dentry->d_sb); + old_cred = ovl_override_creds_light(dentry->d_sb); err = vfs_getxattr(mnt_idmap(realpath.mnt), realdentry, name, NULL, 0); - revert_creds(old_cred); + revert_creds_light(old_cred); if (err < 0) goto out; } @@ -64,7 +64,7 @@ static int ovl_xattr_set(struct dentry *dentry, struct inode *inode, const char if (err) goto out; - old_cred = ovl_override_creds(dentry->d_sb); + old_cred = ovl_override_creds_light(dentry->d_sb); if (value) { err = ovl_do_setxattr(ofs, realdentry, name, value, size, flags); @@ -72,7 +72,7 @@ static int ovl_xattr_set(struct dentry *dentry, struct inode *inode, const char WARN_ON(flags != XATTR_REPLACE); err = ovl_do_removexattr(ofs, realdentry, name); } - revert_creds(old_cred); + revert_creds_light(old_cred); ovl_drop_write(dentry); /* copy c/mtime */ @@ -89,9 +89,9 @@ static int ovl_xattr_get(struct dentry *dentry, struct inode *inode, const char struct path realpath; ovl_i_path_real(inode, &realpath); - old_cred = ovl_override_creds(dentry->d_sb); + old_cred = ovl_override_creds_light(dentry->d_sb); res = vfs_getxattr(mnt_idmap(realpath.mnt), realpath.dentry, name, value, size); - revert_creds(old_cred); + revert_creds_light(old_cred); return res; } @@ -119,9 +119,9 @@ ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size) const struct cred *old_cred; size_t prefix_len, name_len; - old_cred = ovl_override_creds(dentry->d_sb); + old_cred = ovl_override_creds_light(dentry->d_sb); res = vfs_listxattr(realdentry, list, size); - revert_creds(old_cred); + revert_creds_light(old_cred); if (res <= 0 || size == 0) return res; @@ -268,4 +268,3 @@ const struct xattr_handler * const *ovl_xattr_handlers(struct ovl_fs *ofs) return ofs->config.userxattr ? ovl_user_xattr_handlers : ovl_trusted_xattr_handlers; } - From patchwork Thu Aug 22 01:25:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vinicius Costa Gomes X-Patchwork-Id: 13772407 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 635D52261D; Thu, 22 Aug 2024 01:25:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724289939; cv=none; b=DQzIctpV03QeHzQk39WnpxiFzzak9VDb/Ic9DpuzzLekcTETR+1jUaz1kKfcXTiz6LNur9cC/gNYbAzYEtmCN3DgqX4mcbQgdbH8v2RMfm64uWTWcPli2jNZE84VU4jqr3XoV6NKUvWViMFhPVhEJHtV6WzrmUGe1Js9ReUA+TI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724289939; c=relaxed/simple; bh=MLzBpkUYJWmUiPCC11ofDmi4f/AtUmhAwsVRazuR2Xk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=HznRiUueMJzujUxYbcexgmdB439M26GHdjxhG9eI+4hvsggrZUnxDyl4F1UUfib8O/sl1iWdoTPNdX/LnWTaYNc5a2YOjasy9xDy+ii5kZTdP72F5VMqq6jsQ/yVGowovuKg9f5pCNc00Ey7EmRDFtd6luFkvUszGyaAg7z4nuk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=VAkvwVxt; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="VAkvwVxt" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1724289937; x=1755825937; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=MLzBpkUYJWmUiPCC11ofDmi4f/AtUmhAwsVRazuR2Xk=; b=VAkvwVxtmx9gKC/365AcAGRHd7A+QiaRVtuXBCkAyCeoMCbbbkn3GvYE 71PNwmmPXriKDEtWWq2yuL1AYZAGvMkUIt5S5Wg53ZPpKm9kD1QgGfSwg +slvhcqlXfKuALaFmmnOyRPypMseH6CtkIfNSz9Ll3oGMnGFIH0w4gBdx oGPCbEYRDcLtaOt9pwWPdUc9F41n7qfC4x2M4Bvkz1qwlijx4N0misHaF pAW8ycARbO15xNavk4ClR+0KuzcfJvN9GsFohT5HuoTR1htbKcOKJL4/6 kOdXBLhsH/klCp/mxGBS89yNC6acvS+cPrZ0tSf6CoKQaqAH2ULmRWJwM g==; X-CSE-ConnectionGUID: EP00pN1lRP+7LDkeyw7LTg== X-CSE-MsgGUID: 13vNRATuSN2MHJmGbPZkig== X-IronPort-AV: E=McAfee;i="6700,10204,11171"; a="25574744" X-IronPort-AV: E=Sophos;i="6.10,165,1719903600"; d="scan'208";a="25574744" Received: from orviesa007.jf.intel.com ([10.64.159.147]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2024 18:25:33 -0700 X-CSE-ConnectionGUID: 0WpHMbqjT32eHpo0Rj8ozA== X-CSE-MsgGUID: 27+qDwWQSK+S30ndu1F6jg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.10,165,1719903600"; d="scan'208";a="61811038" Received: from unknown (HELO vcostago-mobl3.jf.intel.com) ([10.241.225.92]) by orviesa007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2024 18:25:32 -0700 From: Vinicius Costa Gomes To: brauner@kernel.org, amir73il@gmail.com, hu1.chen@intel.com Cc: miklos@szeredi.hu, malini.bhandaru@intel.com, tim.c.chen@intel.com, mikko.ylinen@intel.com, lizhen.you@intel.com, linux-unionfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Vinicius Costa Gomes Subject: [PATCH v2 06/16] cred: Introduce cred_guard() and cred_scoped_guard() helpers Date: Wed, 21 Aug 2024 18:25:13 -0700 Message-ID: <20240822012523.141846-7-vinicius.gomes@intel.com> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240822012523.141846-1-vinicius.gomes@intel.com> References: <20240822012523.141846-1-vinicius.gomes@intel.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 These helpers will make it less error prone to use override_creds_light()/revert_creds_light(). They make sure that they are paired. As they use the _light() version of the credentials override/revert operations, they should only be used when there are guarantees that the lifetime of the credentials in question is not modified during the critical section. Suggested-by: Christian Brauner Signed-off-by: Vinicius Costa Gomes --- include/linux/cred.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/include/linux/cred.h b/include/linux/cred.h index e4a3155fe409..f4f3d55cd6a2 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -190,6 +190,13 @@ static inline void revert_creds_light(const struct cred *revert_cred) rcu_assign_pointer(current->cred, revert_cred); } +DEFINE_LOCK_GUARD_1(__cred, struct cred, + _T->lock = (struct cred *)override_creds_light(_T->lock), + revert_creds_light(_T->lock)); + +#define cred_guard(_cred) guard(__cred)(((struct cred *)_cred)) +#define cred_scoped_guard(_cred) scoped_guard(__cred, ((struct cred *)_cred)) + /** * get_new_cred_many - Get references on a new set of credentials * @cred: The new credentials to reference From patchwork Thu Aug 22 01:25:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vinicius Costa Gomes X-Patchwork-Id: 13772409 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A8B763A29A; Thu, 22 Aug 2024 01:25:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724289939; cv=none; b=aLKYopJKLNEFQVDZJOYPUROYZjjv957RgrN0yJz40Q4kJ3It72vIoHIf0twLsVFIxI/d+kBl9MMsssJm7WNPPqlWXov5nAUHjYXGRBx2RLAfUsultDOAW1Eavzx3ETtRnn2JSnjB2eqZQ2cPXrP8dY5G61+5J9A1WSIGy+NZNyc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724289939; c=relaxed/simple; bh=MsVu+pOxAoknyxwy+NhCOShej6wda6wAIt+kVuEWO0w=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=oy1MMpnXqUJDE5XpEx0cUKwIA5VGjMXRN0Cd0gqEVlsj2hamdXJml4UfxztlcqHlovds5QCJvkhgJ5/FmSlcaoa1FnChjge/VYM5p9zOjoATOL0nmV4wX64iGTn5yJJ3Hx30sj7jKaoEGw00nOmd5lNRWPR2UoqJNZ4d5F6oEW0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=ia/gE4s3; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="ia/gE4s3" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1724289938; x=1755825938; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=MsVu+pOxAoknyxwy+NhCOShej6wda6wAIt+kVuEWO0w=; b=ia/gE4s33ue+QvU9UE9ANvlkklCyChzUoMAgi960oaOSKPTdquGbHSfy RDtDvq3MpqgKHhuTliT+AFF/XzPUW8/rVjJn+kBUNrzdfhGBbpuRNVq/7 A8QIhUNxBpa73M0roJb32xDlzusNH+z+QoAIGQ9FN4ptA2U63cWQ7iNvm wESU+2lu/VxCfYsaU5J1Alr08CKH7b+ooJLEJe/1xfikvuK8RZ0hoGxaL sqWtOktuQ2Y4o2sX474i0ObPLvIE84zI+sFsGX2y0+y+0i3xryWId6TOy 534YmIpeeeXAo3ZfO3yBoP13/oEDetjDX5rcEo/hr78mEQU/5l2XUSgPd w==; X-CSE-ConnectionGUID: ChUxfJcMSdGyTKwyqgHiXw== X-CSE-MsgGUID: TSVCpE82SKmOCvzAL2Fprg== X-IronPort-AV: E=McAfee;i="6700,10204,11171"; a="25574748" X-IronPort-AV: E=Sophos;i="6.10,165,1719903600"; d="scan'208";a="25574748" Received: from orviesa007.jf.intel.com ([10.64.159.147]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2024 18:25:33 -0700 X-CSE-ConnectionGUID: oTQNyc6kRo2McHvALPjSUg== X-CSE-MsgGUID: 6L66q1ejQ2SsWO15gAb/1g== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.10,165,1719903600"; d="scan'208";a="61811041" Received: from unknown (HELO vcostago-mobl3.jf.intel.com) ([10.241.225.92]) by orviesa007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2024 18:25:32 -0700 From: Vinicius Costa Gomes To: brauner@kernel.org, amir73il@gmail.com, hu1.chen@intel.com Cc: miklos@szeredi.hu, malini.bhandaru@intel.com, tim.c.chen@intel.com, mikko.ylinen@intel.com, lizhen.you@intel.com, linux-unionfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Vinicius Costa Gomes Subject: [PATCH v2 07/16] fs/backing-file: Convert to cred_guard() Date: Wed, 21 Aug 2024 18:25:14 -0700 Message-ID: <20240822012523.141846-8-vinicius.gomes@intel.com> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240822012523.141846-1-vinicius.gomes@intel.com> References: <20240822012523.141846-1-vinicius.gomes@intel.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Replace the override_creds_light()/revert_creds_light() pairs of operations to cred_guard(). For fs/backing-file.c, backing_file_open() and backing_tmpfile_open() are not converted because they increase the usage counter of the credentials in question. Signed-off-by: Vinicius Costa Gomes --- fs/backing-file.c | 22 +++++----------------- 1 file changed, 5 insertions(+), 17 deletions(-) diff --git a/fs/backing-file.c b/fs/backing-file.c index bc19e8e28e58..29fe207a2032 100644 --- a/fs/backing-file.c +++ b/fs/backing-file.c @@ -163,7 +163,6 @@ ssize_t backing_file_read_iter(struct file *file, struct iov_iter *iter, struct backing_file_ctx *ctx) { struct backing_aio *aio = NULL; - const struct cred *old_cred; ssize_t ret; if (WARN_ON_ONCE(!(file->f_mode & FMODE_BACKING))) @@ -176,7 +175,7 @@ ssize_t backing_file_read_iter(struct file *file, struct iov_iter *iter, !(file->f_mode & FMODE_CAN_ODIRECT)) return -EINVAL; - old_cred = override_creds_light(ctx->cred); + cred_guard(ctx->cred); if (is_sync_kiocb(iocb)) { rwf_t rwf = iocb_to_rw_flags(flags); @@ -197,8 +196,6 @@ ssize_t backing_file_read_iter(struct file *file, struct iov_iter *iter, backing_aio_cleanup(aio, ret); } out: - revert_creds_light(old_cred); - if (ctx->accessed) ctx->accessed(ctx->user_file); @@ -210,7 +207,6 @@ ssize_t backing_file_write_iter(struct file *file, struct iov_iter *iter, struct kiocb *iocb, int flags, struct backing_file_ctx *ctx) { - const struct cred *old_cred; ssize_t ret; if (WARN_ON_ONCE(!(file->f_mode & FMODE_BACKING))) @@ -233,7 +229,7 @@ ssize_t backing_file_write_iter(struct file *file, struct iov_iter *iter, */ flags &= ~IOCB_DIO_CALLER_COMP; - old_cred = override_creds_light(ctx->cred); + cred_guard(ctx->cred); if (is_sync_kiocb(iocb)) { rwf_t rwf = iocb_to_rw_flags(flags); @@ -264,7 +260,6 @@ ssize_t backing_file_write_iter(struct file *file, struct iov_iter *iter, backing_aio_cleanup(aio, ret); } out: - revert_creds_light(old_cred); return ret; } @@ -275,15 +270,13 @@ ssize_t backing_file_splice_read(struct file *in, loff_t *ppos, unsigned int flags, struct backing_file_ctx *ctx) { - const struct cred *old_cred; ssize_t ret; if (WARN_ON_ONCE(!(in->f_mode & FMODE_BACKING))) return -EIO; - old_cred = override_creds_light(ctx->cred); + cred_guard(ctx->cred); ret = vfs_splice_read(in, ppos, pipe, len, flags); - revert_creds_light(old_cred); if (ctx->accessed) ctx->accessed(ctx->user_file); @@ -297,7 +290,6 @@ ssize_t backing_file_splice_write(struct pipe_inode_info *pipe, unsigned int flags, struct backing_file_ctx *ctx) { - const struct cred *old_cred; ssize_t ret; if (WARN_ON_ONCE(!(out->f_mode & FMODE_BACKING))) @@ -306,12 +298,10 @@ ssize_t backing_file_splice_write(struct pipe_inode_info *pipe, ret = file_remove_privs(ctx->user_file); if (ret) return ret; - - old_cred = override_creds_light(ctx->cred); + cred_guard(ctx->cred); file_start_write(out); ret = iter_file_splice_write(pipe, out, ppos, len, flags); file_end_write(out); - revert_creds_light(old_cred); if (ctx->end_write) ctx->end_write(ctx->user_file); @@ -323,7 +313,6 @@ EXPORT_SYMBOL_GPL(backing_file_splice_write); int backing_file_mmap(struct file *file, struct vm_area_struct *vma, struct backing_file_ctx *ctx) { - const struct cred *old_cred; int ret; if (WARN_ON_ONCE(!(file->f_mode & FMODE_BACKING)) || @@ -335,9 +324,8 @@ int backing_file_mmap(struct file *file, struct vm_area_struct *vma, vma_set_file(vma, file); - old_cred = override_creds_light(ctx->cred); + cred_guard(ctx->cred); ret = call_mmap(vma->vm_file, vma); - revert_creds_light(old_cred); if (ctx->accessed) ctx->accessed(ctx->user_file); From patchwork Thu Aug 22 01:25:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vinicius Costa Gomes X-Patchwork-Id: 13772410 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 604B1139D09; Thu, 22 Aug 2024 01:25:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724289941; cv=none; b=CirikqS9Re136ecO/mK03y1Fn7CmuTCPATYzX2OQYoc6mNN7W6eNp1TdTg+O/Pt1Uib9kQt1Tpfu+3+ySiTWnQlDX4snaqyDlRIuBEy10Qh00Sa4KK2UFn90HwFQkeFOTM6C5MOy6OSkrRGlEyaKxb21syap863Sx+r5MiOSNGk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724289941; c=relaxed/simple; bh=5rXnXbk1c4Kt4w3W/VDqUVSLfqQ4dhp6JFN14hVfuIg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=kSvdN25ulK2GbDVru9JSxaIJCFz37iGtBjqzjGkPjQ2k8eB7ED4LyX6m4WMQ3Mbo304neE5kf8VXK5cvEfv6vUyF2Y28dMaMRbdbHdcC35m3yqhqOZh0cFFflViDnLEKa9xD2TSHHRdL2hKidjKZt1rvjDWT8CGoKRu+T6VIvc8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=LFxfpoHU; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="LFxfpoHU" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1724289939; x=1755825939; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=5rXnXbk1c4Kt4w3W/VDqUVSLfqQ4dhp6JFN14hVfuIg=; b=LFxfpoHUj6urcaTS9J6vNDRfahbGQfD+kX/lteD3S0jUoFTZx46u8+7M Xoy/7e2deUDmh17NGznSs3XnzG20l91N5YRhF9l6DqrScwWl2FBrpb8Yc 3YVarXKD5QXhIigfbP+wN0vh6e/dGn8t8uMx3uxgAi+Ce2tXc02xHlrR4 TSPjA1Cewzr7Cr5XeJtaCV5hadjUEZt022jZLF++PxoXdQpQj5CE4gYfa LD013gz5Ger9TN1lWhscai5yS26Zi0R1yEKA+MdXTCkJuPAbDLOvMP2e0 uOc23kidzPLbKGhtIQmVOP8MlhCF+0lJogEMNo4EvRYHC2fXYRsE5hL4c Q==; X-CSE-ConnectionGUID: Y+LR17zcQhSEJCKZE8mWTw== X-CSE-MsgGUID: 1Ix7XCpOR1SOqvsav6WlGg== X-IronPort-AV: E=McAfee;i="6700,10204,11171"; a="25574753" X-IronPort-AV: E=Sophos;i="6.10,165,1719903600"; d="scan'208";a="25574753" Received: from orviesa007.jf.intel.com ([10.64.159.147]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2024 18:25:33 -0700 X-CSE-ConnectionGUID: PdiG4iYHQf2bvqRNmQBbug== X-CSE-MsgGUID: b08gBb1vTfOlEEwfPb/kgg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.10,165,1719903600"; d="scan'208";a="61811045" Received: from unknown (HELO vcostago-mobl3.jf.intel.com) ([10.241.225.92]) by orviesa007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2024 18:25:32 -0700 From: Vinicius Costa Gomes To: brauner@kernel.org, amir73il@gmail.com, hu1.chen@intel.com Cc: miklos@szeredi.hu, malini.bhandaru@intel.com, tim.c.chen@intel.com, mikko.ylinen@intel.com, lizhen.you@intel.com, linux-unionfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Vinicius Costa Gomes Subject: [PATCH v2 08/16] overlayfs/copy_up: Convert to cred_guard() Date: Wed, 21 Aug 2024 18:25:15 -0700 Message-ID: <20240822012523.141846-9-vinicius.gomes@intel.com> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240822012523.141846-1-vinicius.gomes@intel.com> References: <20240822012523.141846-1-vinicius.gomes@intel.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Replace the override_creds_light()/revert_creds_light() pairs of operations to cred_guard(). Only ovl_copy_up_flags() was converted to use cred_guard(). ovl_copy_up_workdir() and ovl_copy_up_tmpfile() use their own credentials helpers that may change the usage of creds in question. So these are not modified. Signed-off-by: Vinicius Costa Gomes --- fs/overlayfs/copy_up.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index 7b1679ce996e..cab87d390b54 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -1184,7 +1184,6 @@ static int ovl_copy_up_one(struct dentry *parent, struct dentry *dentry, static int ovl_copy_up_flags(struct dentry *dentry, int flags) { int err = 0; - const struct cred *old_cred; bool disconnected = (dentry->d_flags & DCACHE_DISCONNECTED); /* @@ -1204,7 +1203,7 @@ static int ovl_copy_up_flags(struct dentry *dentry, int flags) if (err) return err; - old_cred = ovl_override_creds_light(dentry->d_sb); + cred_guard(ovl_creds(dentry->d_sb)); while (!err) { struct dentry *next; struct dentry *parent = NULL; @@ -1229,7 +1228,6 @@ static int ovl_copy_up_flags(struct dentry *dentry, int flags) dput(parent); dput(next); } - revert_creds_light(old_cred); return err; } From patchwork Thu Aug 22 01:25:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vinicius Costa Gomes X-Patchwork-Id: 13772411 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AA42E13A86C; Thu, 22 Aug 2024 01:25:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724289941; cv=none; b=KQi5VGCMd7KHlJdwOyx7ZupuksXikTdreh7j1Uo2Iss1e2ojCYhuBCIBzBQqoJnQP+GjIpObtVcqSLGBppRjC2IRRgGchqExqMkwXyn+OrirFVOj9X/iEdiKrtpC1Jf7T5ajwdl3HJTW/Nufa/+kTihX0z4YkFSrZpO74kiDCSg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724289941; c=relaxed/simple; bh=hCCt2JYtwosbUEZibFLaQvSFYiptbQfDlsFFgg6wgIE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=gmP00ty/bxs9MYGoFWcEsShzIVnjU71L1sw4vuIhktywAVlg1t153LCoPRoWncMJoEsyhbmFY2D0QSAmrnGM3RvoEzyprfdT7Q8r7DCpvaPHf2Umk92q6U+UX2E+rLbN/8lwK+Wx4P/czVqaE05+bmKsVx2G0eHZ1XZ17bBC340= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=iBfzmNxH; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="iBfzmNxH" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1724289940; x=1755825940; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=hCCt2JYtwosbUEZibFLaQvSFYiptbQfDlsFFgg6wgIE=; b=iBfzmNxHQESdmCUNC7jLrGYlaBRw7xvIjC++5u7a8Yhe8tA8o9fb/UCV jaYmUUlHk7GhraDuRz8PoXXqo8rXvB6tOOldGzwSDPBjIooB00Uzl6MTQ 0T7eqyOWuSNn5cZs+RSHAviF70Cirm2JdGF8rmvZtC7W9LrQAbq8fJtDO Z+ONd3fTyox/Uql1QuAIpFAqJ2V3cjgtFsJQOKjD7BVA/APscelHtJ2xk S/ZuLA2lqny4fptcvKGtTwlXhB1GaNQi/dyXwpDtOn2sDg0lSsE6oV0I5 zKAMbKj5jdhpFJd7Vi2QQiMNl6SnY/nfQ4O+UnfhUw0oLZdFW0bay5lp2 w==; X-CSE-ConnectionGUID: gTqdWfumSFedWkj7lX5cVA== X-CSE-MsgGUID: UDnrOHpvRb2N//N0uXPk2Q== X-IronPort-AV: E=McAfee;i="6700,10204,11171"; a="25574756" X-IronPort-AV: E=Sophos;i="6.10,165,1719903600"; d="scan'208";a="25574756" Received: from orviesa007.jf.intel.com ([10.64.159.147]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2024 18:25:33 -0700 X-CSE-ConnectionGUID: Gtl0DjLhSfu7/XwFYEwnBw== X-CSE-MsgGUID: 15/t8TZ5QaSd03ToyA8eHg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.10,165,1719903600"; d="scan'208";a="61811048" Received: from unknown (HELO vcostago-mobl3.jf.intel.com) ([10.241.225.92]) by orviesa007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2024 18:25:32 -0700 From: Vinicius Costa Gomes To: brauner@kernel.org, amir73il@gmail.com, hu1.chen@intel.com Cc: miklos@szeredi.hu, malini.bhandaru@intel.com, tim.c.chen@intel.com, mikko.ylinen@intel.com, lizhen.you@intel.com, linux-unionfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Vinicius Costa Gomes Subject: [PATCH v2 09/16] overlayfs/dir: Convert to cred_guard() Date: Wed, 21 Aug 2024 18:25:16 -0700 Message-ID: <20240822012523.141846-10-vinicius.gomes@intel.com> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240822012523.141846-1-vinicius.gomes@intel.com> References: <20240822012523.141846-1-vinicius.gomes@intel.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Replace the override_creds_light()/revert_creds_light() pairs of operations with cred_guard()/cred_scoped_guard(). In ovl_do_remove(), cred_scoped_guard() was used because mixing cred_guard() with 'goto' can cause the cleanup part of the guard to run with garbage values. Signed-off-by: Vinicius Costa Gomes --- fs/overlayfs/dir.c | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c index 52021e56b235..28ea6bc0a298 100644 --- a/fs/overlayfs/dir.c +++ b/fs/overlayfs/dir.c @@ -698,12 +698,10 @@ static int ovl_symlink(struct mnt_idmap *idmap, struct inode *dir, static int ovl_set_link_redirect(struct dentry *dentry) { - const struct cred *old_cred; int err; - old_cred = ovl_override_creds_light(dentry->d_sb); + cred_guard(ovl_creds(dentry->d_sb)); err = ovl_set_redirect(dentry, false); - revert_creds_light(old_cred); return err; } @@ -889,7 +887,6 @@ static void ovl_drop_nlink(struct dentry *dentry) static int ovl_do_remove(struct dentry *dentry, bool is_dir) { int err; - const struct cred *old_cred; bool lower_positive = ovl_lower_positive(dentry); LIST_HEAD(list); @@ -908,12 +905,12 @@ static int ovl_do_remove(struct dentry *dentry, bool is_dir) if (err) goto out; - old_cred = ovl_override_creds_light(dentry->d_sb); - if (!lower_positive) - err = ovl_remove_upper(dentry, is_dir, &list); - else - err = ovl_remove_and_whiteout(dentry, &list); - revert_creds_light(old_cred); + cred_scoped_guard(ovl_creds(dentry->d_sb)) { + if (!lower_positive) + err = ovl_remove_upper(dentry, is_dir, &list); + else + err = ovl_remove_and_whiteout(dentry, &list); + } if (!err) { if (is_dir) clear_nlink(dentry->d_inode); From patchwork Thu Aug 22 01:25:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vinicius Costa Gomes X-Patchwork-Id: 13772412 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C52D713AA3E; Thu, 22 Aug 2024 01:25:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724289941; cv=none; b=oq4oishkEFJeOBNr3aquUn+j579H1PvTO+LPcaeMo7c5d8meal1f9hVojlkvhUhxFn/ME+gvxOJZ5SgKlAOiHJOUbAxwCjcH2mpWz7op1ApTCsgZ6bwZ/4sS9Jy2wclwEmdDGbRJbJmZuRZamR4x+JcIvrWRzxHaghJlwB+zGPs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724289941; c=relaxed/simple; bh=7DveBzB7W1KL7ipOUxxizYtH0r2UaXXCB9/K9sjQz2k=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=CjjIDFvhF5EZKhRwt5roiho+Nm26NJh/IqtyXOtHXTyFwtIKTVQqWGeUURDczCNfgWIS9DL+jf4HjCRfW+m7poHhCoieGWAhozFMR50Cy6GGLs7eVmB8L/nDFbyvH1xKl5ISwfAZDx+1VSGu0fvyrfwYcrzjRKpVYu2FSA/0dkM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=iw/TxV9q; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="iw/TxV9q" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1724289940; x=1755825940; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=7DveBzB7W1KL7ipOUxxizYtH0r2UaXXCB9/K9sjQz2k=; b=iw/TxV9qT1bBC1cPXC+Q3yU6abZQpl8AWGO3MEcPF+NsxQrc1KchQMQ2 kjc0A6nd0FkBV1J6GeTBE8hrY/88xtqkFOISDpIgVPngiSzZ69Zi20SPC OkWDSY121o94kIRtxmkQCWt42jNT2Q/zsPsXy99imWaryb8q4OgnOg0wh Pjt9Jlx+AXotJfArtcXKtAMAzf9PsL6dfQ5wCaR7UhZCP1tb1ObvoMq6f 4nsglRttnxf/vYxAu8xgvSAx/ZouE47Ufd33637LIuoMIP1ZTPJPC2lkN w4QW04f/JZ7mcZE5GW+m3xDapB6QebtEYc3ER9yWspIgsj7PIECBEp604 Q==; X-CSE-ConnectionGUID: JrQzlUkcTUW01Qp3QF+qWQ== X-CSE-MsgGUID: 2axf8dTsSzKk+SB89YCWBA== X-IronPort-AV: E=McAfee;i="6700,10204,11171"; a="25574760" X-IronPort-AV: E=Sophos;i="6.10,165,1719903600"; d="scan'208";a="25574760" Received: from orviesa007.jf.intel.com ([10.64.159.147]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2024 18:25:33 -0700 X-CSE-ConnectionGUID: jsnb3tybQX2n/2LWanMgPQ== X-CSE-MsgGUID: iY9/F+LHSbu4vM3g/4xQcQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.10,165,1719903600"; d="scan'208";a="61811051" Received: from unknown (HELO vcostago-mobl3.jf.intel.com) ([10.241.225.92]) by orviesa007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2024 18:25:32 -0700 From: Vinicius Costa Gomes To: brauner@kernel.org, amir73il@gmail.com, hu1.chen@intel.com Cc: miklos@szeredi.hu, malini.bhandaru@intel.com, tim.c.chen@intel.com, mikko.ylinen@intel.com, lizhen.you@intel.com, linux-unionfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Vinicius Costa Gomes Subject: [PATCH v2 10/16] overlayfs/file: Convert to cred_guard() Date: Wed, 21 Aug 2024 18:25:17 -0700 Message-ID: <20240822012523.141846-11-vinicius.gomes@intel.com> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240822012523.141846-1-vinicius.gomes@intel.com> References: <20240822012523.141846-1-vinicius.gomes@intel.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Replace the override_creds_light()/revert_creds_light() pairs of operations with cred_guard()/cred_scoped_guard(). Only ovl_copyfile() and ovl_fallocate() use cred_scoped_guard(), because of 'goto', which can cause the cleanup flow to run on garbage memory. Signed-off-by: Vinicius Costa Gomes --- fs/overlayfs/file.c | 64 ++++++++++++++++++--------------------------- 1 file changed, 25 insertions(+), 39 deletions(-) diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c index 5533fedcbc47..97aa657e6916 100644 --- a/fs/overlayfs/file.c +++ b/fs/overlayfs/file.c @@ -31,7 +31,6 @@ static struct file *ovl_open_realfile(const struct file *file, struct inode *inode = file_inode(file); struct mnt_idmap *real_idmap; struct file *realfile; - const struct cred *old_cred; int flags = file->f_flags | OVL_OPEN_FLAGS; int acc_mode = ACC_MODE(flags); int err; @@ -39,7 +38,7 @@ static struct file *ovl_open_realfile(const struct file *file, if (flags & O_APPEND) acc_mode |= MAY_APPEND; - old_cred = ovl_override_creds_light(inode->i_sb); + cred_guard(ovl_creds(inode->i_sb)); real_idmap = mnt_idmap(realpath->mnt); err = inode_permission(real_idmap, realinode, MAY_OPEN | acc_mode); if (err) { @@ -51,7 +50,6 @@ static struct file *ovl_open_realfile(const struct file *file, realfile = backing_file_open(&file->f_path, flags, realpath, current_cred()); } - revert_creds_light(old_cred); pr_debug("open(%p[%pD2/%c], 0%o) -> (%p, 0%o)\n", file, file, ovl_whatisit(inode, realinode), file->f_flags, @@ -182,7 +180,6 @@ static loff_t ovl_llseek(struct file *file, loff_t offset, int whence) { struct inode *inode = file_inode(file); struct fd real; - const struct cred *old_cred; loff_t ret; /* @@ -211,9 +208,8 @@ static loff_t ovl_llseek(struct file *file, loff_t offset, int whence) ovl_inode_lock(inode); real.file->f_pos = file->f_pos; - old_cred = ovl_override_creds_light(inode->i_sb); + cred_guard(ovl_creds(inode->i_sb)); ret = vfs_llseek(real.file, offset, whence); - revert_creds_light(old_cred); file->f_pos = real.file->f_pos; ovl_inode_unlock(inode); @@ -385,7 +381,6 @@ static ssize_t ovl_splice_write(struct pipe_inode_info *pipe, struct file *out, static int ovl_fsync(struct file *file, loff_t start, loff_t end, int datasync) { struct fd real; - const struct cred *old_cred; int ret; ret = ovl_sync_status(OVL_FS(file_inode(file)->i_sb)); @@ -398,9 +393,8 @@ static int ovl_fsync(struct file *file, loff_t start, loff_t end, int datasync) /* Don't sync lower file for fear of receiving EROFS error */ if (file_inode(real.file) == ovl_inode_upper(file_inode(file))) { - old_cred = ovl_override_creds_light(file_inode(file)->i_sb); + cred_guard(ovl_creds(file_inode(file)->i_sb)); ret = vfs_fsync_range(real.file, start, end, datasync); - revert_creds_light(old_cred); } fdput(real); @@ -424,7 +418,6 @@ static long ovl_fallocate(struct file *file, int mode, loff_t offset, loff_t len { struct inode *inode = file_inode(file); struct fd real; - const struct cred *old_cred; int ret; inode_lock(inode); @@ -438,9 +431,8 @@ static long ovl_fallocate(struct file *file, int mode, loff_t offset, loff_t len if (ret) goto out_unlock; - old_cred = ovl_override_creds_light(file_inode(file)->i_sb); - ret = vfs_fallocate(real.file, mode, offset, len); - revert_creds_light(old_cred); + cred_scoped_guard(ovl_creds(file_inode(file)->i_sb)) + ret = vfs_fallocate(real.file, mode, offset, len); /* Update size */ ovl_file_modified(file); @@ -456,16 +448,14 @@ static long ovl_fallocate(struct file *file, int mode, loff_t offset, loff_t len static int ovl_fadvise(struct file *file, loff_t offset, loff_t len, int advice) { struct fd real; - const struct cred *old_cred; int ret; ret = ovl_real_fdget(file, &real); if (ret) return ret; - old_cred = ovl_override_creds_light(file_inode(file)->i_sb); + cred_guard(ovl_creds(file_inode(file)->i_sb)); ret = vfs_fadvise(real.file, offset, len, advice); - revert_creds_light(old_cred); fdput(real); @@ -484,7 +474,6 @@ static loff_t ovl_copyfile(struct file *file_in, loff_t pos_in, { struct inode *inode_out = file_inode(file_out); struct fd real_in, real_out; - const struct cred *old_cred; loff_t ret; inode_lock(inode_out); @@ -506,26 +495,25 @@ static loff_t ovl_copyfile(struct file *file_in, loff_t pos_in, goto out_unlock; } - old_cred = ovl_override_creds_light(file_inode(file_out)->i_sb); - switch (op) { - case OVL_COPY: - ret = vfs_copy_file_range(real_in.file, pos_in, - real_out.file, pos_out, len, flags); - break; - - case OVL_CLONE: - ret = vfs_clone_file_range(real_in.file, pos_in, - real_out.file, pos_out, len, flags); - break; - - case OVL_DEDUPE: - ret = vfs_dedupe_file_range_one(real_in.file, pos_in, - real_out.file, pos_out, len, - flags); - break; + cred_scoped_guard(ovl_creds(file_inode(file_out)->i_sb)) { + switch (op) { + case OVL_COPY: + ret = vfs_copy_file_range(real_in.file, pos_in, + real_out.file, pos_out, len, flags); + break; + + case OVL_CLONE: + ret = vfs_clone_file_range(real_in.file, pos_in, + real_out.file, pos_out, len, flags); + break; + + case OVL_DEDUPE: + ret = vfs_dedupe_file_range_one(real_in.file, pos_in, + real_out.file, pos_out, len, + flags); + break; + } } - revert_creds_light(old_cred); - /* Update size */ ovl_file_modified(file_out); @@ -576,7 +564,6 @@ static loff_t ovl_remap_file_range(struct file *file_in, loff_t pos_in, static int ovl_flush(struct file *file, fl_owner_t id) { struct fd real; - const struct cred *old_cred; int err; err = ovl_real_fdget(file, &real); @@ -584,9 +571,8 @@ static int ovl_flush(struct file *file, fl_owner_t id) return err; if (real.file->f_op->flush) { - old_cred = ovl_override_creds_light(file_inode(file)->i_sb); + cred_guard(ovl_creds(file_inode(file)->i_sb)); err = real.file->f_op->flush(real.file, id); - revert_creds_light(old_cred); } fdput(real); From patchwork Thu Aug 22 01:25:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vinicius Costa Gomes X-Patchwork-Id: 13772413 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5DBAA17D340; Thu, 22 Aug 2024 01:25:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724289943; cv=none; b=n1eiJpDbHQR0YMgKYeLAO4WiuMq73TTboOnCVrC0zIeMbEAUFUNQ+2soWedQe97qjU/z+e6EDrV6UlhivYLoErSWmAq2l15kYwg4QkyVHlvVPoQlvaj3b+Rzbq29wmImpk8Fq+XvnUFn3v3z3lhGjKLIx0EHObu0OxS8yGECs+U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724289943; c=relaxed/simple; bh=DxnumIkvaje9VmBTsox3H2YKIrYVSNnSFqODz9w2OAs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=oIiDPGRYhVFW6UYmZRRAV4vetqpxq69z4MpzgumkdYAg+eCEOTMGnyxrBZ9hyCr3kRIRVbD0UYWOx+Dgzab8N2fWUZoZOJH1t2p6k64GElszwkhpPV/kRMVQEpPFNeRpWko4MY5EZO+nVXlAd/svNH5Civ77BrLT0kHg1mihPzs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=XcqDfrUs; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="XcqDfrUs" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1724289941; x=1755825941; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=DxnumIkvaje9VmBTsox3H2YKIrYVSNnSFqODz9w2OAs=; b=XcqDfrUsEeI6GyV1JMNhmJMamLCJro3gvBE+BhYwyUQPxGw2kCX9oyJp JqA2UJ9OqveHs41sPiKJGL/GI9c+2My2rOlkiAqmI3ZS2b39JdwKlFThJ +Anm/+ybvqctUAkZIUVawvFTfwaQr8RUk5gv0aLCVG5m85fgTeMZ2CFgf sfjiBD1kmxazGv3jUuagfgB1KdsZ8dAhx+WqO7Ii59n9KwKBcVyAHGtTX 4gvFAiL1ESrwAasoO5EgFhuZBDpLjB/UIM08AoxiZvJA6USWF20ld9LZ/ 3ez99vhmFv0iu74PLjxfVphQWkDzKbKURFw8OhJREIOdyfY2epgVAcPVR Q==; X-CSE-ConnectionGUID: HCPjzp3QTPGfXgJL8CJV9A== X-CSE-MsgGUID: nWRZvazUSmyNLsouMQ/tow== X-IronPort-AV: E=McAfee;i="6700,10204,11171"; a="25574767" X-IronPort-AV: E=Sophos;i="6.10,165,1719903600"; d="scan'208";a="25574767" Received: from orviesa007.jf.intel.com ([10.64.159.147]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2024 18:25:33 -0700 X-CSE-ConnectionGUID: dpQvcYHoRNmv9ygfnKAFCA== X-CSE-MsgGUID: HcjwI+7pRl2HkzXE8OdlgA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.10,165,1719903600"; d="scan'208";a="61811054" Received: from unknown (HELO vcostago-mobl3.jf.intel.com) ([10.241.225.92]) by orviesa007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2024 18:25:32 -0700 From: Vinicius Costa Gomes To: brauner@kernel.org, amir73il@gmail.com, hu1.chen@intel.com Cc: miklos@szeredi.hu, malini.bhandaru@intel.com, tim.c.chen@intel.com, mikko.ylinen@intel.com, lizhen.you@intel.com, linux-unionfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Vinicius Costa Gomes Subject: [PATCH v2 11/16] overlayfs/inode: Convert to cred_guard() Date: Wed, 21 Aug 2024 18:25:18 -0700 Message-ID: <20240822012523.141846-12-vinicius.gomes@intel.com> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240822012523.141846-1-vinicius.gomes@intel.com> References: <20240822012523.141846-1-vinicius.gomes@intel.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Replace the override_creds_light()/revert_creds_light() pairs of operations with cred_guard()/cred_scoped_guard(). In ovl_setattr(), ovl_set_or_remove_acl() and ovl_fileattr_set() use cred_scoped_guard(), because of 'goto', which can cause the cleanup flow to run on garbage memory. Signed-off-by: Vinicius Costa Gomes --- fs/overlayfs/inode.c | 73 +++++++++++++++++--------------------------- 1 file changed, 28 insertions(+), 45 deletions(-) diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index 30460d718605..a597e748397f 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -25,7 +25,6 @@ int ovl_setattr(struct mnt_idmap *idmap, struct dentry *dentry, struct ovl_fs *ofs = OVL_FS(dentry->d_sb); bool full_copy_up = false; struct dentry *upperdentry; - const struct cred *old_cred; err = setattr_prepare(&nop_mnt_idmap, dentry, attr); if (err) @@ -78,9 +77,8 @@ int ovl_setattr(struct mnt_idmap *idmap, struct dentry *dentry, goto out_put_write; inode_lock(upperdentry->d_inode); - old_cred = ovl_override_creds_light(dentry->d_sb); - err = ovl_do_notify_change(ofs, upperdentry, attr); - revert_creds_light(old_cred); + cred_scoped_guard(ovl_creds(dentry->d_sb)) + err = ovl_do_notify_change(ofs, upperdentry, attr); if (!err) ovl_copyattr(dentry->d_inode); inode_unlock(upperdentry->d_inode); @@ -159,7 +157,6 @@ int ovl_getattr(struct mnt_idmap *idmap, const struct path *path, struct dentry *dentry = path->dentry; enum ovl_path_type type; struct path realpath; - const struct cred *old_cred; struct inode *inode = d_inode(dentry); bool is_dir = S_ISDIR(inode->i_mode); int fsid = 0; @@ -169,7 +166,7 @@ int ovl_getattr(struct mnt_idmap *idmap, const struct path *path, metacopy_blocks = ovl_is_metacopy_dentry(dentry); type = ovl_path_real(dentry, &realpath); - old_cred = ovl_override_creds_light(dentry->d_sb); + cred_guard(ovl_creds(dentry->d_sb)); err = ovl_do_getattr(&realpath, stat, request_mask, flags); if (err) goto out; @@ -280,7 +277,6 @@ int ovl_getattr(struct mnt_idmap *idmap, const struct path *path, stat->nlink = dentry->d_inode->i_nlink; out: - revert_creds_light(old_cred); return err; } @@ -291,7 +287,6 @@ int ovl_permission(struct mnt_idmap *idmap, struct inode *upperinode = ovl_inode_upper(inode); struct inode *realinode; struct path realpath; - const struct cred *old_cred; int err; /* Careful in RCU walk mode */ @@ -309,7 +304,7 @@ int ovl_permission(struct mnt_idmap *idmap, if (err) return err; - old_cred = ovl_override_creds_light(inode->i_sb); + cred_guard(ovl_creds(inode->i_sb)); if (!upperinode && !special_file(realinode->i_mode) && mask & MAY_WRITE) { mask &= ~(MAY_WRITE | MAY_APPEND); @@ -317,7 +312,6 @@ int ovl_permission(struct mnt_idmap *idmap, mask |= MAY_READ; } err = inode_permission(mnt_idmap(realpath.mnt), realinode, mask); - revert_creds_light(old_cred); return err; } @@ -326,15 +320,13 @@ static const char *ovl_get_link(struct dentry *dentry, struct inode *inode, struct delayed_call *done) { - const struct cred *old_cred; const char *p; if (!dentry) return ERR_PTR(-ECHILD); - old_cred = ovl_override_creds_light(dentry->d_sb); + cred_guard(ovl_creds(dentry->d_sb)); p = vfs_get_link(ovl_dentry_real(dentry), done); - revert_creds_light(old_cred); return p; } @@ -465,11 +457,9 @@ struct posix_acl *do_ovl_get_acl(struct mnt_idmap *idmap, acl = get_cached_acl_rcu(realinode, type); } else { - const struct cred *old_cred; - old_cred = ovl_override_creds_light(inode->i_sb); + cred_guard(ovl_creds(inode->i_sb)); acl = ovl_get_acl_path(&realpath, posix_acl_xattr_name(type), noperm); - revert_creds_light(old_cred); } return acl; @@ -481,7 +471,6 @@ static int ovl_set_or_remove_acl(struct dentry *dentry, struct inode *inode, int err; struct path realpath; const char *acl_name; - const struct cred *old_cred; struct ovl_fs *ofs = OVL_FS(dentry->d_sb); struct dentry *upperdentry = ovl_dentry_upper(dentry); struct dentry *realdentry = upperdentry ?: ovl_dentry_lower(dentry); @@ -495,10 +484,9 @@ static int ovl_set_or_remove_acl(struct dentry *dentry, struct inode *inode, struct posix_acl *real_acl; ovl_path_lower(dentry, &realpath); - old_cred = ovl_override_creds_light(dentry->d_sb); + cred_guard(ovl_creds(dentry->d_sb)); real_acl = vfs_get_acl(mnt_idmap(realpath.mnt), realdentry, acl_name); - revert_creds_light(old_cred); if (IS_ERR(real_acl)) { err = PTR_ERR(real_acl); goto out; @@ -518,12 +506,12 @@ static int ovl_set_or_remove_acl(struct dentry *dentry, struct inode *inode, if (err) goto out; - old_cred = ovl_override_creds_light(dentry->d_sb); - if (acl) - err = ovl_do_set_acl(ofs, realdentry, acl_name, acl); - else - err = ovl_do_remove_acl(ofs, realdentry, acl_name); - revert_creds_light(old_cred); + cred_scoped_guard(ovl_creds(dentry->d_sb)) { + if (acl) + err = ovl_do_set_acl(ofs, realdentry, acl_name, acl); + else + err = ovl_do_remove_acl(ofs, realdentry, acl_name); + } ovl_drop_write(dentry); /* copy c/mtime */ @@ -590,7 +578,6 @@ static int ovl_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, { int err; struct inode *realinode = ovl_inode_realdata(inode); - const struct cred *old_cred; if (!realinode) return -EIO; @@ -598,9 +585,8 @@ static int ovl_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, if (!realinode->i_op->fiemap) return -EOPNOTSUPP; - old_cred = ovl_override_creds_light(inode->i_sb); + cred_guard(ovl_creds(inode->i_sb)); err = realinode->i_op->fiemap(realinode, fieinfo, start, len); - revert_creds_light(old_cred); return err; } @@ -648,7 +634,6 @@ int ovl_fileattr_set(struct mnt_idmap *idmap, { struct inode *inode = d_inode(dentry); struct path upperpath; - const struct cred *old_cred; unsigned int flags; int err; @@ -660,19 +645,19 @@ int ovl_fileattr_set(struct mnt_idmap *idmap, if (err) goto out; - old_cred = ovl_override_creds_light(inode->i_sb); - /* - * Store immutable/append-only flags in xattr and clear them - * in upper fileattr (in case they were set by older kernel) - * so children of "ovl-immutable" directories lower aliases of - * "ovl-immutable" hardlinks could be copied up. - * Clear xattr when flags are cleared. - */ - err = ovl_set_protattr(inode, upperpath.dentry, fa); - if (!err) - err = ovl_real_fileattr_set(&upperpath, fa); - revert_creds_light(old_cred); - ovl_drop_write(dentry); + cred_scoped_guard(ovl_creds(inode->i_sb)) { + /* + * Store immutable/append-only flags in xattr and clear them + * in upper fileattr (in case they were set by older kernel) + * so children of "ovl-immutable" directories lower aliases of + * "ovl-immutable" hardlinks could be copied up. + * Clear xattr when flags are cleared. + */ + err = ovl_set_protattr(inode, upperpath.dentry, fa); + if (!err) + err = ovl_real_fileattr_set(&upperpath, fa); + ovl_drop_write(dentry); + } /* * Merge real inode flags with inode flags read from @@ -725,15 +710,13 @@ int ovl_fileattr_get(struct dentry *dentry, struct fileattr *fa) { struct inode *inode = d_inode(dentry); struct path realpath; - const struct cred *old_cred; int err; ovl_path_real(dentry, &realpath); - old_cred = ovl_override_creds_light(inode->i_sb); + cred_guard(ovl_creds(inode->i_sb)); err = ovl_real_fileattr_get(&realpath, fa); ovl_fileattr_prot_flags(inode, fa); - revert_creds_light(old_cred); return err; } From patchwork Thu Aug 22 01:25:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vinicius Costa Gomes X-Patchwork-Id: 13772414 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9AB2A17DFF1; Thu, 22 Aug 2024 01:25:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724289943; cv=none; b=Itf1AHqRFoBIfHIWad2Mpu2h3SBUTeZaHEpWniSpq7jSyIEL+Jxe/W1v4S/kp+A5bInj0C4ENnIOgW3HKVu+kMDBQz7aCdQ0ezHm6tcJEtrrlYBTkVq1hFZpdmuN9pJyYNlp9+wmnkSq/nTnpIZwQhIt3WfmCbRyWLCIoCdEUkM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724289943; c=relaxed/simple; bh=Ab06tqTimEBOVZ57yicpTqqHZTz/fm/bVSgF/YElcBo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=sl6K8JnkydSikT3xMFL+FW+labpMYfZZTcZ4VX6EgAdHuO9L9UaokVYt64DEHlBiJV7Oo7rO/WgPr3I6ATIUYR6iiWaDA4n8wfusHheAhBNK9/3Nm8u4sUlPbiL/88eypXfMIsMNmSrZk14r/4C0gjrzMk2p5MXlN8ydxxX4s8Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=gD6JLkuC; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="gD6JLkuC" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1724289942; x=1755825942; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Ab06tqTimEBOVZ57yicpTqqHZTz/fm/bVSgF/YElcBo=; b=gD6JLkuCLVxmPUTAzvxrdyFsNAktIyRj4r7JcgVP9px97Y2lNiEJpqdw YCw0gmCErXXS5e22z700m7lou5t8QyT7h3OFnplfZOPyWjg4SHFveJ2vL mg6uSJoN03c1yGWhsVu0SoX1bVksQh4gEiFRcW/Be1E8ecboq/pmCpfpc hCFyMYlYNGI6dkSXfOUtDFOXWcRFqpdm0GNr29oakw9d1q1B8HS9gMGUw 4j/sgPt7sRsK6jxKrJ/s66vcN8VsrhW/a5bdr3mTqZNuxgukR0CBnl9J5 ZE6MCmaF43fNkHPYiNSnNbgrwLzFSbaOAIq+S4atuf13xLnWsmx1uFchp w==; X-CSE-ConnectionGUID: 4cSWJ+uPRHeZM+w5Ky52xg== X-CSE-MsgGUID: sugbZ8IDTBeii84SS6r5TA== X-IronPort-AV: E=McAfee;i="6700,10204,11171"; a="25574771" X-IronPort-AV: E=Sophos;i="6.10,165,1719903600"; d="scan'208";a="25574771" Received: from orviesa007.jf.intel.com ([10.64.159.147]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2024 18:25:33 -0700 X-CSE-ConnectionGUID: VCiGVqUCSTCOATsjMoRokQ== X-CSE-MsgGUID: UmESM1nbQEq1rqf37twETw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.10,165,1719903600"; d="scan'208";a="61811057" Received: from unknown (HELO vcostago-mobl3.jf.intel.com) ([10.241.225.92]) by orviesa007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2024 18:25:32 -0700 From: Vinicius Costa Gomes To: brauner@kernel.org, amir73il@gmail.com, hu1.chen@intel.com Cc: miklos@szeredi.hu, malini.bhandaru@intel.com, tim.c.chen@intel.com, mikko.ylinen@intel.com, lizhen.you@intel.com, linux-unionfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Vinicius Costa Gomes Subject: [PATCH v2 12/16] overlayfs/namei: Convert to cred_guard() Date: Wed, 21 Aug 2024 18:25:19 -0700 Message-ID: <20240822012523.141846-13-vinicius.gomes@intel.com> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240822012523.141846-1-vinicius.gomes@intel.com> References: <20240822012523.141846-1-vinicius.gomes@intel.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Replace the override_creds_light()/revert_creds_light() pairs of operations with cred_guard()/cred_scoped_guard(). Only ovl_maybe_lookup_lowerdata() use cred_scoped_guard(), because of 'goto', which can cause the cleanup flow to run on garbage memory. Signed-off-by: Vinicius Costa Gomes --- fs/overlayfs/namei.c | 20 +++++--------------- 1 file changed, 5 insertions(+), 15 deletions(-) diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c index e52d6ae8eeb5..723731bc3678 100644 --- a/fs/overlayfs/namei.c +++ b/fs/overlayfs/namei.c @@ -953,15 +953,12 @@ static int ovl_maybe_validate_verity(struct dentry *dentry) return err; if (!ovl_test_flag(OVL_VERIFIED_DIGEST, inode)) { - const struct cred *old_cred; - - old_cred = ovl_override_creds_light(dentry->d_sb); + cred_guard(ovl_creds(dentry->d_sb)); err = ovl_validate_verity(ofs, &metapath, &datapath); if (err == 0) ovl_set_flag(OVL_VERIFIED_DIGEST, inode); - revert_creds_light(old_cred); } ovl_inode_unlock(inode); @@ -975,7 +972,6 @@ static int ovl_maybe_lookup_lowerdata(struct dentry *dentry) struct inode *inode = d_inode(dentry); const char *redirect = ovl_lowerdata_redirect(inode); struct ovl_path datapath = {}; - const struct cred *old_cred; int err; if (!redirect || ovl_dentry_lowerdata(dentry)) @@ -993,9 +989,8 @@ static int ovl_maybe_lookup_lowerdata(struct dentry *dentry) if (ovl_dentry_lowerdata(dentry)) goto out; - old_cred = ovl_override_creds_light(dentry->d_sb); - err = ovl_lookup_data_layers(dentry, redirect, &datapath); - revert_creds_light(old_cred); + cred_scoped_guard(ovl_creds(dentry->d_sb)) + err = ovl_lookup_data_layers(dentry, redirect, &datapath); if (err) goto out_err; @@ -1030,7 +1025,6 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, unsigned int flags) { struct ovl_entry *oe = NULL; - const struct cred *old_cred; struct ovl_fs *ofs = OVL_FS(dentry->d_sb); struct ovl_entry *poe = OVL_E(dentry->d_parent); struct ovl_entry *roe = OVL_E(dentry->d_sb->s_root); @@ -1061,7 +1055,7 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, if (dentry->d_name.len > ofs->namelen) return ERR_PTR(-ENAMETOOLONG); - old_cred = ovl_override_creds_light(dentry->d_sb); + cred_guard(ovl_creds(dentry->d_sb)); upperdir = ovl_dentry_upper(dentry->d_parent); if (upperdir) { d.layer = &ofs->layers[0]; @@ -1342,7 +1336,6 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, ovl_dentry_init_reval(dentry, upperdentry, OVL_I_E(inode)); - revert_creds_light(old_cred); if (origin_path) { dput(origin_path->dentry); kfree(origin_path); @@ -1366,7 +1359,6 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, kfree(upperredirect); out: kfree(d.redirect); - revert_creds_light(old_cred); return ERR_PTR(err); } @@ -1374,7 +1366,6 @@ bool ovl_lower_positive(struct dentry *dentry) { struct ovl_entry *poe = OVL_E(dentry->d_parent); const struct qstr *name = &dentry->d_name; - const struct cred *old_cred; unsigned int i; bool positive = false; bool done = false; @@ -1390,7 +1381,7 @@ bool ovl_lower_positive(struct dentry *dentry) if (!ovl_dentry_upper(dentry)) return true; - old_cred = ovl_override_creds_light(dentry->d_sb); + cred_guard(ovl_creds(dentry->d_sb)); /* Positive upper -> have to look up lower to see whether it exists */ for (i = 0; !done && !positive && i < ovl_numlower(poe); i++) { struct dentry *this; @@ -1423,7 +1414,6 @@ bool ovl_lower_positive(struct dentry *dentry) dput(this); } } - revert_creds_light(old_cred); return positive; } From patchwork Thu Aug 22 01:25:20 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vinicius Costa Gomes X-Patchwork-Id: 13772415 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EB89F17E00B; Thu, 22 Aug 2024 01:25:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724289943; cv=none; b=eRFP9aooJS7Ucn1LwnNnHoKLNFvNIR1kRBR/mdHkwT+SAUXV5BTqAaHBHuLBpD0c99og/BS33BdqEYnPh8HOe1YMd5VwVMIUGfEj1/KAtFwUzk720G1BfmSgDylHZvbP/NADe0vpnHkA0AqxSPIsYoBubyNKszgjy6JnL9pfp+0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724289943; c=relaxed/simple; bh=6M6TuV11ei06FPTwgbqeUwJE2rETFxiK6ef+nSipYcE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=AIoaVipViUrnSEzU9fDDSjlBQ8BNY8Tvm/lLI1u4vcXxygXGPJ8zun4AyUY7tkqu9r6IjDpB/33ychW7kgFlELzOutwhjneti/sTViQs7yqcHfpQNaoDAeu6YUmvnqtIgLClzShHo2OhZNd4wapxCLc4AsJwwcro+fopVxNRu9I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=ZsvylOy9; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="ZsvylOy9" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1724289942; x=1755825942; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=6M6TuV11ei06FPTwgbqeUwJE2rETFxiK6ef+nSipYcE=; b=ZsvylOy9ZXfW0ABbxMSWfoJaM0n1p8MUQ2IkrnjxCtUF5Ejn4ayTYdn7 EpRF1CmkvaOaLEs/ZGKZPFQRdiQv4VpQhyLFeCjT1iEOmaZ1lMfyDG2VU zENG20WjW16ckiBtJMOuMsKkfbLCug5uzCsMOAbhRBxxo6Dz3TjFaq0QQ 5N3NCMSpqtwJqv9LFoyF+ejXAZFJota6KzGGIMueMHB6XywymjdyiIH+S FgDzMgFO2DHajhRkVRgRb/1WKAEJMhqijpW4/M5R0kfkTusqpj2pJ0M3f No1DBEVDiVG76txAgST8xkwwqzZwuBWQHu6HsgcfTIPOso2w17tZFw9H9 A==; X-CSE-ConnectionGUID: YgtJp8MqQoaxb+nvZYkX6g== X-CSE-MsgGUID: Wxj7DTMESLSX5n5FFGmaNg== X-IronPort-AV: E=McAfee;i="6700,10204,11171"; a="25574775" X-IronPort-AV: E=Sophos;i="6.10,165,1719903600"; d="scan'208";a="25574775" Received: from orviesa007.jf.intel.com ([10.64.159.147]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2024 18:25:33 -0700 X-CSE-ConnectionGUID: 7ywRWZ4aRvGJIYpPDiRPew== X-CSE-MsgGUID: ZK6B9VHvTPyXJoI+FElMlQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.10,165,1719903600"; d="scan'208";a="61811060" Received: from unknown (HELO vcostago-mobl3.jf.intel.com) ([10.241.225.92]) by orviesa007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2024 18:25:32 -0700 From: Vinicius Costa Gomes To: brauner@kernel.org, amir73il@gmail.com, hu1.chen@intel.com Cc: miklos@szeredi.hu, malini.bhandaru@intel.com, tim.c.chen@intel.com, mikko.ylinen@intel.com, lizhen.you@intel.com, linux-unionfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Vinicius Costa Gomes Subject: [PATCH v2 13/16] overlayfs/readdir: Convert to cred_guard() Date: Wed, 21 Aug 2024 18:25:20 -0700 Message-ID: <20240822012523.141846-14-vinicius.gomes@intel.com> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240822012523.141846-1-vinicius.gomes@intel.com> References: <20240822012523.141846-1-vinicius.gomes@intel.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Replace the override_creds_light()/revert_creds_light() pairs of operations with cred_guard()/cred_scoped_guard(). Signed-off-by: Vinicius Costa Gomes --- fs/overlayfs/readdir.c | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/fs/overlayfs/readdir.c b/fs/overlayfs/readdir.c index c8bf681f5cf0..41e01fe3ae4a 100644 --- a/fs/overlayfs/readdir.c +++ b/fs/overlayfs/readdir.c @@ -273,9 +273,8 @@ static int ovl_check_whiteouts(const struct path *path, struct ovl_readdir_data int err; struct ovl_cache_entry *p; struct dentry *dentry, *dir = path->dentry; - const struct cred *old_cred; - old_cred = ovl_override_creds_light(rdd->dentry->d_sb); + cred_guard(ovl_creds(rdd->dentry->d_sb)); err = down_write_killable(&dir->d_inode->i_rwsem); if (!err) { @@ -290,7 +289,6 @@ static int ovl_check_whiteouts(const struct path *path, struct ovl_readdir_data } inode_unlock(dir->d_inode); } - revert_creds_light(old_cred); return err; } @@ -753,10 +751,9 @@ static int ovl_iterate(struct file *file, struct dir_context *ctx) struct dentry *dentry = file->f_path.dentry; struct ovl_fs *ofs = OVL_FS(dentry->d_sb); struct ovl_cache_entry *p; - const struct cred *old_cred; int err; - old_cred = ovl_override_creds_light(dentry->d_sb); + cred_guard(ovl_creds(dentry->d_sb)); if (!ctx->pos) ovl_dir_reset(file); @@ -808,7 +805,6 @@ static int ovl_iterate(struct file *file, struct dir_context *ctx) } err = 0; out: - revert_creds_light(old_cred); return err; } @@ -856,11 +852,9 @@ static struct file *ovl_dir_open_realfile(const struct file *file, const struct path *realpath) { struct file *res; - const struct cred *old_cred; - old_cred = ovl_override_creds_light(file_inode(file)->i_sb); + cred_guard(ovl_creds(file_inode(file)->i_sb)); res = ovl_path_open(realpath, O_RDONLY | (file->f_flags & O_LARGEFILE)); - revert_creds_light(old_cred); return res; } @@ -983,11 +977,9 @@ int ovl_check_empty_dir(struct dentry *dentry, struct list_head *list) int err; struct ovl_cache_entry *p, *n; struct rb_root root = RB_ROOT; - const struct cred *old_cred; - old_cred = ovl_override_creds_light(dentry->d_sb); + cred_guard(ovl_creds(dentry->d_sb)); err = ovl_dir_read_merged(dentry, list, &root); - revert_creds_light(old_cred); if (err) return err; From patchwork Thu Aug 22 01:25:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vinicius Costa Gomes X-Patchwork-Id: 13772416 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6DC611802A8; Thu, 22 Aug 2024 01:25:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724289945; cv=none; b=U9JoNr38Y9TrUzAD1LZCe2JK+fzQsE8WRVTuKGP3g+pAyWuNxVPyq7LR8/59M5S5g/BdUN/gieSEVRkKni7VZqCkG7TAV9rjjR7X8NGjB2RgiRridIj7RqroqA1C3Iurhr4o5UYPwtscJ7qARnUyAOB/+RmClJKrKxwt9I55Hrk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724289945; c=relaxed/simple; bh=+8wcLF29EUtosA8Xrm+wTC4UhwuwLsycHTXnhxSk+Yo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=MVdwMkXnl3j/Ql0E4AOPojh5/xMAxErkVGZ18g+g6E079VYiMduLkCTSr39ssu3WIyBR1DewW547E/dywX6sVk2le7ijFg7jBWmYHXGhkrtblIZIeowumO3+TqaBHn38rA2HMpS2pKv/yLJbYmo2/3/BtRgvLil0MXHoqxIiPcg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=Dt+2ACs0; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Dt+2ACs0" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1724289943; x=1755825943; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=+8wcLF29EUtosA8Xrm+wTC4UhwuwLsycHTXnhxSk+Yo=; b=Dt+2ACs0Pp+eT8BLwO7i1dkJtcLzEAyzdiiM2rM6iAkvHOAlGUk2gVZl t89ntBW/c8Bq9uX0IYX2ZQt1WTILTXdUG1UAjButH8QBb8yVetOGOpGyr VdCfNrNWRPxhfC+wA6azqrljbhOQb9FCfEdaGOieTPl3tcNhTzXxjtA47 8MtXQj1QS4juPGaHpBw4AdlmG3yY16Fr1Q+wx+Cylm2c8ZsnChubGw5x8 FjY5cnRFG4/tjHDqXEuXjaRTze/5qzjDyRVYnUZgEFiZsT9huCeeYyaKt EJ2Da7bIYp61p3d/tj94soS7n4FJPc+CHAKNE8bAJwxwcDPix/FqemKIO g==; X-CSE-ConnectionGUID: /ptGFod/R3uOALnTRWEOuQ== X-CSE-MsgGUID: CcgjDDOJQ8ShZ0578ddG6w== X-IronPort-AV: E=McAfee;i="6700,10204,11171"; a="25574778" X-IronPort-AV: E=Sophos;i="6.10,165,1719903600"; d="scan'208";a="25574778" Received: from orviesa007.jf.intel.com ([10.64.159.147]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2024 18:25:33 -0700 X-CSE-ConnectionGUID: 4I8bHqtLTEurDToKHnpYCQ== X-CSE-MsgGUID: wZ3sLpasR+yah/MW453/kA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.10,165,1719903600"; d="scan'208";a="61811064" Received: from unknown (HELO vcostago-mobl3.jf.intel.com) ([10.241.225.92]) by orviesa007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2024 18:25:32 -0700 From: Vinicius Costa Gomes To: brauner@kernel.org, amir73il@gmail.com, hu1.chen@intel.com Cc: miklos@szeredi.hu, malini.bhandaru@intel.com, tim.c.chen@intel.com, mikko.ylinen@intel.com, lizhen.you@intel.com, linux-unionfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Vinicius Costa Gomes Subject: [PATCH v2 14/16] overlayfs/xattrs: Convert to cred_guard() Date: Wed, 21 Aug 2024 18:25:21 -0700 Message-ID: <20240822012523.141846-15-vinicius.gomes@intel.com> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240822012523.141846-1-vinicius.gomes@intel.com> References: <20240822012523.141846-1-vinicius.gomes@intel.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Replace the override_creds_light()/revert_creds_light() pairs of operations with cred_guard()/cred_scoped_guard(). In ovl_xattr_set() use cred_scoped_guard(), because of 'goto', which can cause the cleanup flow to run on garbage memory. Signed-off-by: Vinicius Costa Gomes --- fs/overlayfs/xattrs.c | 31 +++++++++++++------------------ 1 file changed, 13 insertions(+), 18 deletions(-) diff --git a/fs/overlayfs/xattrs.c b/fs/overlayfs/xattrs.c index 0d315d0dd89e..c7eb3d06a9b8 100644 --- a/fs/overlayfs/xattrs.c +++ b/fs/overlayfs/xattrs.c @@ -41,15 +41,14 @@ static int ovl_xattr_set(struct dentry *dentry, struct inode *inode, const char struct dentry *upperdentry = ovl_i_dentry_upper(inode); struct dentry *realdentry = upperdentry ?: ovl_dentry_lower(dentry); struct path realpath; - const struct cred *old_cred; if (!value && !upperdentry) { ovl_path_lower(dentry, &realpath); - old_cred = ovl_override_creds_light(dentry->d_sb); - err = vfs_getxattr(mnt_idmap(realpath.mnt), realdentry, name, NULL, 0); - revert_creds_light(old_cred); + cred_scoped_guard(ovl_creds(dentry->d_sb)) + err = vfs_getxattr(mnt_idmap(realpath.mnt), realdentry, name, NULL, 0); if (err < 0) goto out; + } if (!upperdentry) { @@ -64,15 +63,15 @@ static int ovl_xattr_set(struct dentry *dentry, struct inode *inode, const char if (err) goto out; - old_cred = ovl_override_creds_light(dentry->d_sb); - if (value) { - err = ovl_do_setxattr(ofs, realdentry, name, value, size, - flags); - } else { - WARN_ON(flags != XATTR_REPLACE); - err = ovl_do_removexattr(ofs, realdentry, name); + cred_scoped_guard(ovl_creds(dentry->d_sb)) { + if (value) { + err = ovl_do_setxattr(ofs, realdentry, name, value, size, + flags); + } else { + WARN_ON(flags != XATTR_REPLACE); + err = ovl_do_removexattr(ofs, realdentry, name); + } } - revert_creds_light(old_cred); ovl_drop_write(dentry); /* copy c/mtime */ @@ -85,13 +84,11 @@ static int ovl_xattr_get(struct dentry *dentry, struct inode *inode, const char void *value, size_t size) { ssize_t res; - const struct cred *old_cred; struct path realpath; ovl_i_path_real(inode, &realpath); - old_cred = ovl_override_creds_light(dentry->d_sb); + cred_guard(ovl_creds(dentry->d_sb)); res = vfs_getxattr(mnt_idmap(realpath.mnt), realpath.dentry, name, value, size); - revert_creds_light(old_cred); return res; } @@ -116,12 +113,10 @@ ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size) ssize_t res; size_t len; char *s; - const struct cred *old_cred; size_t prefix_len, name_len; - old_cred = ovl_override_creds_light(dentry->d_sb); + cred_guard(ovl_creds(dentry->d_sb)); res = vfs_listxattr(realdentry, list, size); - revert_creds_light(old_cred); if (res <= 0 || size == 0) return res; From patchwork Thu Aug 22 01:25:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vinicius Costa Gomes X-Patchwork-Id: 13772417 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8E285183061; Thu, 22 Aug 2024 01:25:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724289945; cv=none; b=AFIQm8onkg678rQK60IpjzsNfhsSHGSYsRcyG32G4v0K9b9LrcP7U03G5/XaT7rcm1hT/yaRHCy73R7fs967E4lAX4TuseeT+2QW6HLL3v3UQMshfHu/YEMkqWyiREzQNhdbYP5be5RW8AHx6diXTxTLv9UgQgovRu3IvQAiZ6E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724289945; c=relaxed/simple; bh=jqDSnKF4M3GugtJniE15+Oim9lTUFyfIyrgNv8X+mMQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=aIEuRn2bp6OEHvBrQYYvYPNq4XJBWGLOzUwqJJhKr5oJ8jHtzDqYYDeaE8nvSF6s6vgDMfurJCPSSOcgOflWN/KISEDuuViqg0OXCk5G8QLPKBoonvbYEuEzZk/oGMvv4VTdyj4oxhhsUhJ+xNTLn7umc8iTyC/YC9sY8KDclWU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=Qpjk4eo1; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Qpjk4eo1" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1724289944; x=1755825944; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=jqDSnKF4M3GugtJniE15+Oim9lTUFyfIyrgNv8X+mMQ=; b=Qpjk4eo1Tz0zlVhg2GN2jtyvXCUot8omHdmECoGqdlNSYdyYWKS/e5lv 9Q16mzHvA1PcOeeTStyLozo6it/Kfyvoog4KP8SzSFr5k9s19zjbCMURh bmKjmbvhKjFpH1Tuek/Yfn9XxSQee9fKf3kPrG5Tp17UWoEFNQgYp/oBE rB5JJDHjD87E4jYxofp4M7NUgBrw/YCgY1zBLl4dGgx0s0JlTf2j+J0xe +etuSlKH/bMcS599ObyC5lpg/YbLY2E8gZqDFcj92Ecz5ePk6+Kkafhei ZTOyle1Vbm3wSkpefFUGTmijyCPwH3KEPPG4WbBI+mYzOdkb7009AHhou A==; X-CSE-ConnectionGUID: l940r3kRRruc2tpU13w3Pg== X-CSE-MsgGUID: tpcw42MhRQWGA18ooywHGA== X-IronPort-AV: E=McAfee;i="6700,10204,11171"; a="25574781" X-IronPort-AV: E=Sophos;i="6.10,165,1719903600"; d="scan'208";a="25574781" Received: from orviesa007.jf.intel.com ([10.64.159.147]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2024 18:25:33 -0700 X-CSE-ConnectionGUID: Qw1SseeDRVibf2T1q0h3Hw== X-CSE-MsgGUID: g9aB30pVQxWOM6qE4TP+qA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.10,165,1719903600"; d="scan'208";a="61811067" Received: from unknown (HELO vcostago-mobl3.jf.intel.com) ([10.241.225.92]) by orviesa007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2024 18:25:33 -0700 From: Vinicius Costa Gomes To: brauner@kernel.org, amir73il@gmail.com, hu1.chen@intel.com Cc: miklos@szeredi.hu, malini.bhandaru@intel.com, tim.c.chen@intel.com, mikko.ylinen@intel.com, lizhen.you@intel.com, linux-unionfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Vinicius Costa Gomes Subject: [PATCH v2 15/16] overlayfs/util: Convert to cred_guard() Date: Wed, 21 Aug 2024 18:25:22 -0700 Message-ID: <20240822012523.141846-16-vinicius.gomes@intel.com> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240822012523.141846-1-vinicius.gomes@intel.com> References: <20240822012523.141846-1-vinicius.gomes@intel.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Replace the override_creds_light()/revert_creds_light() pairs of operations with cred_guard()/cred_scoped_guard(). In ovl_nlink_start() use cred_scoped_guard(), because of 'goto', which can cause the cleanup flow to run on garbage memory. Signed-off-by: Vinicius Costa Gomes --- fs/overlayfs/util.c | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c index 80caeb81c727..77b8d01829a4 100644 --- a/fs/overlayfs/util.c +++ b/fs/overlayfs/util.c @@ -1140,7 +1140,6 @@ static void ovl_cleanup_index(struct dentry *dentry) int ovl_nlink_start(struct dentry *dentry) { struct inode *inode = d_inode(dentry); - const struct cred *old_cred; int err; if (WARN_ON(!inode)) @@ -1177,15 +1176,15 @@ int ovl_nlink_start(struct dentry *dentry) if (d_is_dir(dentry) || !ovl_test_flag(OVL_INDEX, inode)) return 0; - old_cred = ovl_override_creds_light(dentry->d_sb); - /* - * The overlay inode nlink should be incremented/decremented IFF the - * upper operation succeeds, along with nlink change of upper inode. - * Therefore, before link/unlink/rename, we store the union nlink - * value relative to the upper inode nlink in an upper inode xattr. - */ - err = ovl_set_nlink_upper(dentry); - revert_creds_light(old_cred); + cred_scoped_guard(ovl_creds(dentry->d_sb)) { + /* + * The overlay inode nlink should be incremented/decremented IFF the + * upper operation succeeds, along with nlink change of upper inode. + * Therefore, before link/unlink/rename, we store the union nlink + * value relative to the upper inode nlink in an upper inode xattr. + */ + err = ovl_set_nlink_upper(dentry); + } if (err) goto out_drop_write; @@ -1206,11 +1205,8 @@ void ovl_nlink_end(struct dentry *dentry) ovl_drop_write(dentry); if (ovl_test_flag(OVL_INDEX, inode) && inode->i_nlink == 0) { - const struct cred *old_cred; - - old_cred = ovl_override_creds_light(dentry->d_sb); + cred_guard(ovl_creds(dentry->d_sb)); ovl_cleanup_index(dentry); - revert_creds_light(old_cred); } ovl_inode_unlock(inode); From patchwork Thu Aug 22 01:25:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vinicius Costa Gomes X-Patchwork-Id: 13772418 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CD4E31836ED; Thu, 22 Aug 2024 01:25:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724289945; cv=none; b=FBF57s+RXhFHQf/JNUuwOILt4EnKj8KJAsi776UzGXek6YwNWmBYHqv6pe53QuT9CbDScMKpmDRtJJvpzwBkfesyl1QvjGF/BnA2YkLupFK30xcjLbRNl5MBmi6dXhEhRnjAbUitK1RpVDKkK3e3Zp8qg3FtwPgKMPlXOp4C7qA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724289945; c=relaxed/simple; bh=1sA07qhmx3hNY35eUvH1W+ptgOoM99mdc8JI5jE8SM0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=pDla3xMsTVeUcMvBTCcxcYU/rhle1/DnMO4yY4oTeUfCDKR10Rx8dpkSTKueK2GBs24BqIVCVaaArvbKJRTDyWayN5UIzfRG+yM/hSB5gXUY0O/7qpDkaB2a33YojV62LJtxifJMde2HWMt7DnJanUK9qPlPbYnXAYrouTpLdIM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=AbRrryIB; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="AbRrryIB" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1724289944; x=1755825944; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=1sA07qhmx3hNY35eUvH1W+ptgOoM99mdc8JI5jE8SM0=; b=AbRrryIBCMAHWkF1Zn29xjuEey687BGlYX9o8jw981MkEqc1kmCijtCO I6FBUFCvapeS/6yWvTT9+kpgdKsz1V1wKhFp4NbL3586veplqOZSf/ByC eepEBBbsJXWWyLnWtivUXM9pCdQDhYzHbS/l44TBRkuBSJeGPJ68orn0z WPJpiHkk3HhWn+dtEDiAOmqNAtrIy5b/4EvMmQLHmzyVVGcIfe3oMZQAu W9ZrqpCcDmJkSu2UuWlc1MWOMA9gxVpz6569teUAPuoU1G/lCiJ3RmsOj /gD/btPpyEhBSxwUhAD+LI2OfukdyWiDzpnSdbV/NgoG91ZmALV5aU/iT g==; X-CSE-ConnectionGUID: wxCznk8sSj2dt2tXuYhT4w== X-CSE-MsgGUID: iZ5tTzB8Rn+/tbGNdPjHGQ== X-IronPort-AV: E=McAfee;i="6700,10204,11171"; a="25574785" X-IronPort-AV: E=Sophos;i="6.10,165,1719903600"; d="scan'208";a="25574785" Received: from orviesa007.jf.intel.com ([10.64.159.147]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2024 18:25:33 -0700 X-CSE-ConnectionGUID: rM5jJrkeQwqpHZoJ8t7Zew== X-CSE-MsgGUID: 9f49qoRWQ66z1YYNza7nbw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.10,165,1719903600"; d="scan'208";a="61811070" Received: from unknown (HELO vcostago-mobl3.jf.intel.com) ([10.241.225.92]) by orviesa007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2024 18:25:33 -0700 From: Vinicius Costa Gomes To: brauner@kernel.org, amir73il@gmail.com, hu1.chen@intel.com Cc: miklos@szeredi.hu, malini.bhandaru@intel.com, tim.c.chen@intel.com, mikko.ylinen@intel.com, lizhen.you@intel.com, linux-unionfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Vinicius Costa Gomes Subject: [PATCH v2 16/16] overlayfs: Remove ovl_override_creds_light() Date: Wed, 21 Aug 2024 18:25:23 -0700 Message-ID: <20240822012523.141846-17-vinicius.gomes@intel.com> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240822012523.141846-1-vinicius.gomes@intel.com> References: <20240822012523.141846-1-vinicius.gomes@intel.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Remove the declaration of this unsafe helper. As the GUARD() helper guarantees that the cleanup will run, it is less error prone. Future usages should either use the GUARD helpers or the non "light" versions. Signed-off-by: Vinicius Costa Gomes --- fs/overlayfs/overlayfs.h | 1 - fs/overlayfs/util.c | 7 ------- 2 files changed, 8 deletions(-) diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index 557d8c4e3a01..0bfe35da4b7b 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -429,7 +429,6 @@ int ovl_want_write(struct dentry *dentry); void ovl_drop_write(struct dentry *dentry); struct dentry *ovl_workdir(struct dentry *dentry); const struct cred *ovl_override_creds(struct super_block *sb); -const struct cred *ovl_override_creds_light(struct super_block *sb); static inline const struct cred *ovl_creds(struct super_block *sb) { diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c index 77b8d01829a4..fafd8b709f64 100644 --- a/fs/overlayfs/util.c +++ b/fs/overlayfs/util.c @@ -68,13 +68,6 @@ const struct cred *ovl_override_creds(struct super_block *sb) return override_creds(ofs->creator_cred); } -const struct cred *ovl_override_creds_light(struct super_block *sb) -{ - struct ovl_fs *ofs = OVL_FS(sb); - - return override_creds_light(ofs->creator_cred); -} - /* * Check if underlying fs supports file handles and try to determine encoding * type, in order to deduce maximum inode number used by fs.