lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Z0SZ0T3UovP+gOwV@tissot.1015granger.net>
Date: Mon, 25 Nov 2024 10:37:53 -0500
From: Chuck Lever <chuck.lever@...cle.com>
To: Christian Brauner <brauner@...nel.org>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
        Amir Goldstein <amir73il@...il.com>,
        Miklos Szeredi <miklos@...redi.hu>, Al Viro <viro@...iv.linux.org.uk>,
        Jens Axboe <axboe@...nel.dk>, linux-kernel@...r.kernel.org,
        linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH v2 00/29] cred: rework {override,revert}_creds()

On Mon, Nov 25, 2024 at 03:09:56PM +0100, Christian Brauner wrote:
> For the v6.13 cycle we switched overlayfs to a variant of
> override_creds() that doesn't take an extra reference. To this end I
> suggested introducing {override,revert}_creds_light() which overlayfs
> could use.
> 
> This seems to work rather well. This series follow Linus advice and
> unifies the separate helpers and simply makes {override,revert}_creds()
> do what {override,revert}_creds_light() currently does. Caller's that
> really need the extra reference count can take it manually.
> 
> ---
> Changes in v2:
> - Remove confusion around dangling pointer.
> - Use the revert_creds(old) + put_cred(new) pattern instead of
>   put_cred(revert_creds(old)).
> - Fill in missing justifications in various commit message why not using
>   a separate reference count is safe.
> - Make get_new_cred() argument const to easily use it during the
>   conversion.
> - Get rid of get_new_cred() completely at the end of the series.
> - Link to v1: https://lore.kernel.org/r/20241124-work-cred-v1-0-f352241c3970@kernel.org
> 
> ---
> Christian Brauner (29):
>       tree-wide: s/override_creds()/override_creds_light(get_new_cred())/g
>       cred: return old creds from revert_creds_light()
>       tree-wide: s/revert_creds()/put_cred(revert_creds_light())/g
>       cred: remove old {override,revert}_creds() helpers
>       tree-wide: s/override_creds_light()/override_creds()/g
>       tree-wide: s/revert_creds_light()/revert_creds()/g
>       firmware: avoid pointless reference count bump
>       sev-dev: avoid pointless cred reference count bump
>       target_core_configfs: avoid pointless cred reference count bump
>       aio: avoid pointless cred reference count bump
>       binfmt_misc: avoid pointless cred reference count bump
>       coredump: avoid pointless cred reference count bump
>       nfs/localio: avoid pointless cred reference count bumps
>       nfs/nfs4idmap: avoid pointless reference count bump
>       nfs/nfs4recover: avoid pointless cred reference count bump
>       nfsfh: avoid pointless cred reference count bump
>       open: avoid pointless cred reference count bump
>       ovl: avoid pointless cred reference count bump
>       cifs: avoid pointless cred reference count bump
>       cifs: avoid pointless cred reference count bump
>       smb: avoid pointless cred reference count bump
>       io_uring: avoid pointless cred reference count bump
>       acct: avoid pointless reference count bump
>       cgroup: avoid pointless cred reference count bump
>       trace: avoid pointless cred reference count bump
>       dns_resolver: avoid pointless cred reference count bump
>       cachefiles: avoid pointless cred reference count bump
>       nfsd: avoid pointless cred reference count bump
>       cred: remove unused get_new_cred()
> 
>  Documentation/security/credentials.rst |  5 ----
>  drivers/crypto/ccp/sev-dev.c           |  2 +-
>  fs/backing-file.c                      | 20 +++++++-------
>  fs/nfsd/auth.c                         |  3 +-
>  fs/nfsd/filecache.c                    |  2 +-
>  fs/nfsd/nfs4recover.c                  |  3 +-
>  fs/nfsd/nfsfh.c                        |  1 -
>  fs/open.c                              | 11 ++------
>  fs/overlayfs/dir.c                     |  4 +--
>  fs/overlayfs/util.c                    |  4 +--
>  fs/smb/server/smb_common.c             | 10 ++-----
>  include/linux/cred.h                   | 26 ++++--------------
>  kernel/cred.c                          | 50 ----------------------------------
>  13 files changed, 27 insertions(+), 114 deletions(-)
> ---
> base-commit: e7675238b9bf4db0b872d5dbcd53efa31914c98f
> change-id: 20241124-work-cred-349b65450082
> 
> 

For the patches that touch fs/nfsd/*:

Acked-by: Chuck Lever <chuck.lever@...cle.com>

-- 
Chuck Lever

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ