Commit 37c12fcb authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'kernel-6.14-rc1.cred' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs 

Pull cred refcount updates from Christian Brauner:
 "For the v6.13 cycle we switched overlayfs to a variant of
  override_creds() that doesn't take an extra reference. To this end the
  {override,revert}_creds_light() helpers were introduced.

  This generalizes the idea behind {override,revert}_creds_light() to
  the {override,revert}_creds() helpers. Afterwards overriding and
  reverting credentials is reference count free unless the caller
  explicitly takes a reference.

  All callers have been appropriately ported"

* tag 'kernel-6.14-rc1.cred' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs: (30 commits)
  cred: fold get_new_cred_many() into get_cred_many()
  cred: remove unused get_new_cred()
  nfsd: avoid pointless cred reference count bump
  cachefiles: avoid pointless cred reference count bump
  dns_resolver: avoid pointless cred reference count bump
  trace: avoid pointless cred reference count bump
  cgroup: avoid pointless cred reference count bump
  acct: avoid pointless reference count bump
  io_uring: avoid pointless cred reference count bump
  smb: avoid pointless cred reference count bump
  cifs: avoid pointless cred reference count bump
  cifs: avoid pointless cred reference count bump
  ovl: avoid pointless cred reference count bump
  open: avoid pointless cred reference count bump
  nfsfh: avoid pointless cred reference count bump
  nfs/nfs4recover: avoid pointless cred reference count bump
  nfs/nfs4idmap: avoid pointless reference count bump
  nfs/localio: avoid pointless cred reference count bumps
  coredump: avoid pointless cred reference count bump
  binfmt_misc: avoid pointless cred reference count bump
  ...
parents 5f85bd6a a6babf4c

Documentation/security/credentials.rst

+0 −5
Original line number Diff line number Diff line
@@ -527,11 +527,6 @@ There are some functions to help manage credentials: 
     This gets a reference on a live set of credentials, returning a pointer to

     that set of credentials.



 - ``struct cred *get_new_cred(struct cred *cred);``



     This gets a reference on a set of credentials that is under construction

     and is thus still mutable, returning a pointer to that set of credentials.





Open File Credentials

=====================

drivers/crypto/ccp/sev-dev.c

+1 −1
Original line number Diff line number Diff line
@@ -249,7 +249,7 @@ static struct file *open_file_as_root(const char *filename, int flags, umode_t m 
	fp = file_open_root(&root, filename, flags, mode);

	path_put(&root);



	revert_creds(old_cred);

	put_cred(revert_creds(old_cred));



	return fp;

}

fs/backing-file.c

+10 −10
Original line number Diff line number Diff line
@@ -176,7 +176,7 @@ ssize_t backing_file_read_iter(struct file *file, struct iov_iter *iter, 
	    !(file->f_mode & FMODE_CAN_ODIRECT))

		return -EINVAL;



	old_cred = override_creds_light(ctx->cred);

	old_cred = override_creds(ctx->cred);

	if (is_sync_kiocb(iocb)) {

		rwf_t rwf = iocb_to_rw_flags(flags);
@@ -197,7 +197,7 @@ ssize_t backing_file_read_iter(struct file *file, struct iov_iter *iter, 
			backing_aio_cleanup(aio, ret);

	}

out:

	revert_creds_light(old_cred);

	revert_creds(old_cred);



	if (ctx->accessed)

		ctx->accessed(iocb->ki_filp);
@@ -233,7 +233,7 @@ ssize_t backing_file_write_iter(struct file *file, struct iov_iter *iter, 
	 */

	flags &= ~IOCB_DIO_CALLER_COMP;



	old_cred = override_creds_light(ctx->cred);

	old_cred = override_creds(ctx->cred);

	if (is_sync_kiocb(iocb)) {

		rwf_t rwf = iocb_to_rw_flags(flags);
@@ -264,7 +264,7 @@ ssize_t backing_file_write_iter(struct file *file, struct iov_iter *iter, 
			backing_aio_cleanup(aio, ret);

	}

out:

	revert_creds_light(old_cred);

	revert_creds(old_cred);



	return ret;

}
@@ -281,9 +281,9 @@ ssize_t backing_file_splice_read(struct file *in, struct kiocb *iocb, 
	if (WARN_ON_ONCE(!(in->f_mode & FMODE_BACKING)))

		return -EIO;



	old_cred = override_creds_light(ctx->cred);

	old_cred = override_creds(ctx->cred);

	ret = vfs_splice_read(in, &iocb->ki_pos, pipe, len, flags);

	revert_creds_light(old_cred);

	revert_creds(old_cred);



	if (ctx->accessed)

		ctx->accessed(iocb->ki_filp);
@@ -310,11 +310,11 @@ ssize_t backing_file_splice_write(struct pipe_inode_info *pipe, 
	if (ret)

		return ret;



	old_cred = override_creds_light(ctx->cred);

	old_cred = override_creds(ctx->cred);

	file_start_write(out);

	ret = out->f_op->splice_write(pipe, out, &iocb->ki_pos, len, flags);

	file_end_write(out);

	revert_creds_light(old_cred);

	revert_creds(old_cred);



	if (ctx->end_write)

		ctx->end_write(iocb, ret);
@@ -338,9 +338,9 @@ int backing_file_mmap(struct file *file, struct vm_area_struct *vma, 


	vma_set_file(vma, file);



	old_cred = override_creds_light(ctx->cred);

	old_cred = override_creds(ctx->cred);

	ret = call_mmap(vma->vm_file, vma);

	revert_creds_light(old_cred);

	revert_creds(old_cred);



	if (ctx->accessed)

		ctx->accessed(user_file);

fs/nfsd/auth.c

+1 −2
Original line number Diff line number Diff line
@@ -27,7 +27,7 @@ int nfsd_setuser(struct svc_cred *cred, struct svc_export *exp) 
	int flags = nfsexp_flags(cred, exp);



	/* discard any old override before preparing the new set */

	revert_creds(get_cred(current_real_cred()));

	put_cred(revert_creds(get_cred(current_real_cred())));

	new = prepare_creds();

	if (!new)

		return -ENOMEM;
@@ -80,7 +80,6 @@ int nfsd_setuser(struct svc_cred *cred, struct svc_export *exp) 
		new->cap_effective = cap_raise_nfsd_set(new->cap_effective,

							new->cap_permitted);

	put_cred(override_creds(new));

	put_cred(new);

	return 0;



oom:

fs/nfsd/filecache.c

+1 −1
Original line number Diff line number Diff line
@@ -1248,7 +1248,7 @@ nfsd_file_acquire_local(struct net *net, struct svc_cred *cred, 


	beres = nfsd_file_do_acquire(NULL, net, cred, client,

				     fhp, may_flags, NULL, pnf, true);

	revert_creds(save_cred);

	put_cred(revert_creds(save_cred));

	return beres;

}