lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <32d12a9f-d2c0-45bd-9f9a-e647a2ac7083@redhat.com>
Date: Mon, 25 Nov 2024 08:52:49 +0800
From: Xiubo Li <xiubli@...hat.com>
To: Max Kellermann <max.kellermann@...os.com>, idryomov@...il.com,
 ceph-devel@...r.kernel.org, linux-kernel@...r.kernel.org
Cc: stable@...r.kernel.org
Subject: Re: [PATCH 1/2] fs/ceph/mds_client: pass cred pointer to
 ceph_mds_auth_match()


On 11/23/24 15:21, Max Kellermann wrote:
> This eliminates a redundant get_current_cred() call, because
> ceph_mds_check_access() has already obtained this pointer.
>
> As a side effect, this also fixes a reference leak in
> ceph_mds_auth_match(): by omitting the get_current_cred() call, no
> additional cred reference is taken.
>
> Fixes: 596afb0b8933 ("ceph: add ceph_mds_check_access() helper")
> Cc: stable@...r.kernel.org
> Signed-off-by: Max Kellermann <max.kellermann@...os.com>
> ---
>   fs/ceph/mds_client.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c
> index 6baec1387f7d..e8a5994de8b6 100644
> --- a/fs/ceph/mds_client.c
> +++ b/fs/ceph/mds_client.c
> @@ -5615,9 +5615,9 @@ void send_flush_mdlog(struct ceph_mds_session *s)
>   
>   static int ceph_mds_auth_match(struct ceph_mds_client *mdsc,
>   			       struct ceph_mds_cap_auth *auth,
> +			       const struct cred *cred,
>   			       char *tpath)
>   {
> -	const struct cred *cred = get_current_cred();
>   	u32 caller_uid = from_kuid(&init_user_ns, cred->fsuid);
>   	u32 caller_gid = from_kgid(&init_user_ns, cred->fsgid);
>   	struct ceph_client *cl = mdsc->fsc->client;
> @@ -5740,7 +5740,7 @@ int ceph_mds_check_access(struct ceph_mds_client *mdsc, char *tpath, int mask)
>   	for (i = 0; i < mdsc->s_cap_auths_num; i++) {
>   		struct ceph_mds_cap_auth *s = &mdsc->s_cap_auths[i];
>   
> -		err = ceph_mds_auth_match(mdsc, s, tpath);
> +		err = ceph_mds_auth_match(mdsc, s, cred, tpath);
>   		if (err < 0) {
>   			return err;
>   		} else if (err > 0) {

Good catch.

Reviewed-by: Xiubo Li <xiubli@...hat.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ