| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241125-fernweh-autobahn-6006e984ec8b@brauner>
Date: Mon, 25 Nov 2024 12:22:42 +0100
From: Christian Brauner <brauner@...nel.org>
To: Al Viro <viro@...iv.linux.org.uk>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
Amir Goldstein <amir73il@...il.com>, Miklos Szeredi <miklos@...redi.hu>, linux-kernel@...r.kernel.org,
linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH 21/26] smb: avoid pointless cred reference count bump
On Sun, Nov 24, 2024 at 06:37:43PM +0000, Al Viro wrote:
> On Sun, Nov 24, 2024 at 02:44:07PM +0100, Christian Brauner wrote:
> > No need for the extra reference count bump.
> >
> > Signed-off-by: Christian Brauner <brauner@...nel.org>
> > ---
> > fs/smb/server/smb_common.c | 4 +---
> > 1 file changed, 1 insertion(+), 3 deletions(-)
> >
> > diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c
> > index f1d770a214c8b2c7d7dd4083ef57c7130bbce52c..a3f96804f84f03c22376769dffdf60cd66f5e3d2 100644
> > --- a/fs/smb/server/smb_common.c
> > +++ b/fs/smb/server/smb_common.c
> > @@ -780,7 +780,7 @@ int __ksmbd_override_fsids(struct ksmbd_work *work,
> > cred->cap_effective = cap_drop_fs_set(cred->cap_effective);
> >
> > WARN_ON(work->saved_cred);
> > - work->saved_cred = override_creds(get_new_cred(cred));
> > + work->saved_cred = override_creds(cred);
> > if (!work->saved_cred) {
> > abort_creds(cred);
> > return -EINVAL;
>
> Won't that leave a dangling pointer?
Afaict, the whole check doesn't make sense because I don't see how
override_creds() could be called on a task with current->cred == NULL.
There's no way to opt out of having current->cred set.
Powered by blists - more mailing lists