| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 Jan 2024 16:34:20 +0200
From: Amir Goldstein <amir73il@...il.com>
To: Vinicius Costa Gomes <vinicius.gomes@...el.com>
Cc: brauner@...nel.org, hu1.chen@...el.com, miklos@...redi.hu,
malini.bhandaru@...el.com, tim.c.chen@...el.com, mikko.ylinen@...el.com,
lizhen.you@...el.com, linux-unionfs@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [RFC v2 2/4] cred: Add a light version of override/revert_creds()
On Fri, Jan 26, 2024 at 1:57 AM Vinicius Costa Gomes
<vinicius.gomes@...el.com> wrote:
>
> Add a light version of override/revert_creds(), this should only be
> used when the credentials in question will outlive the critical
> section and the critical section doesn't change the ->usage of the
> credentials.
>
> To make their usage less error prone, introduce cleanup guards asto be
> used like this:
>
> guard(cred)(credentials_to_override_and_restore);
>
> or this:
>
> scoped_guard(cred, credentials_to_override_and_restore) {
> /* with credentials overridden */
> }
>
> Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@...el.com>
You may add:
Reviewed-by: Amir Goldstein <amir73il@...il.com>
I would also add:
Suggested-by: Christian Brauner <brauner@...nel.org>
Thanks,
Amir.
> ---
> include/linux/cred.h | 21 +++++++++++++++++++++
> kernel/cred.c | 6 +++---
> 2 files changed, 24 insertions(+), 3 deletions(-)
>
> diff --git a/include/linux/cred.h b/include/linux/cred.h
> index 2976f534a7a3..e9f2237e4bf8 100644
> --- a/include/linux/cred.h
> +++ b/include/linux/cred.h
> @@ -172,6 +172,27 @@ static inline bool cap_ambient_invariant_ok(const struct cred *cred)
> cred->cap_inheritable));
> }
>
> +/*
> + * Override creds without bumping reference count. Caller must ensure
> + * reference remains valid or has taken reference. Almost always not the
> + * interface you want. Use override_creds()/revert_creds() instead.
> + */
> +static inline const struct cred *override_creds_light(const struct cred *override_cred)
> +{
> + const struct cred *old = current->cred;
> +
> + rcu_assign_pointer(current->cred, override_cred);
> + return old;
> +}
> +
> +static inline void revert_creds_light(const struct cred *revert_cred)
> +{
> + rcu_assign_pointer(current->cred, revert_cred);
> +}
> +
> +DEFINE_GUARD(cred, const struct cred *, _T = override_creds_light(_T),
> + revert_creds_light(_T));
> +
> /**
> * get_new_cred_many - Get references on a new set of credentials
> * @cred: The new credentials to reference
> diff --git a/kernel/cred.c b/kernel/cred.c
> index c033a201c808..f95f71e3ac1d 100644
> --- a/kernel/cred.c
> +++ b/kernel/cred.c
> @@ -485,7 +485,7 @@ EXPORT_SYMBOL(abort_creds);
> */
> const struct cred *override_creds(const struct cred *new)
> {
> - const struct cred *old = current->cred;
> + const struct cred *old;
>
> kdebug("override_creds(%p{%ld})", new,
> atomic_long_read(&new->usage));
> @@ -499,7 +499,7 @@ const struct cred *override_creds(const struct cred *new)
> * visible to other threads under RCU.
> */
> get_new_cred((struct cred *)new);
> - rcu_assign_pointer(current->cred, new);
> + old = override_creds_light(new);
>
> kdebug("override_creds() = %p{%ld}", old,
> atomic_long_read(&old->usage));
> @@ -521,7 +521,7 @@ void revert_creds(const struct cred *old)
> kdebug("revert_creds(%p{%ld})", old,
> atomic_long_read(&old->usage));
>
> - rcu_assign_pointer(current->cred, old);
> + revert_creds_light(old);
> put_cred(override);
> }
> EXPORT_SYMBOL(revert_creds);
> --
> 2.43.0
>
Powered by blists - more mailing lists