Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp548075imm;
        Wed, 18 Jul 2018 06:47:29 -0700 (PDT)
X-Google-Smtp-Source: AAOMgpd7I+1h2hvSiib5JK09BSvEOJ+TQCkYNL/RSaSeT3weGyaM4BwRdTWotJSvFmrwmFz4Adql
X-Received: by 2002:a63:5350:: with SMTP id t16-v6mr5780855pgl.196.1531921649376;
        Wed, 18 Jul 2018 06:47:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1531921649; cv=none;
        d=google.com; s=arc-20160816;
        b=xm/N0vxPZfcSQ6wmfkMG1NNftplq5FKTFuEc+h82TCUeydabui5obtmtLgp7hMEpSH
         38Oy4gUUOhYUTOuFPpu5xjvicLvAr98Rt9vtlWVzUi9ej+jixHcRv2TmkcrVi6PU9AiB
         bkUkTiJJKqc1ruy+JXpoGyoKDFPYNQ4lLw9aBA6S40H+HAASE79hgCkAnlZ6zYCjHQZ3
         Syc75Ui0Zi3xyMVaDiQPUG5nIkl1iwSooC6M38e5Mpxunp072u3aPC5cMaxelPp8ZypF
         uF0xEvNvDOJyn0QXA6XuD9J0N1ys8RWn8oLJYj5S6QBjuylDlEpMBMH5AcmEVWt+KK+H
         pdCg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:arc-authentication-results;
        bh=gw2my4nd6H5Ebb6pnrNHZRZZgP6UoxWZpgwNKc2uVgE=;
        b=Ij2t37QiMgjmkbppp/2suoi7rqlvLthw+GEzIdA78F2aze61VleK+qLQt20XXiKafv
         sYsWzHp0vL4vqFaAgaRsLnR2FfZQTFC+3EDVLS902vcvxxVjOU8yo/bpG4gb52nnThWD
         iECHffuuZWNkZZ3oMlB3mDZDWW7jAbsN89hhHg/2lAPYWzLI5rlD3KQm0PWCT6Nnj8+y
         ixpz6F0KC9yiFOKcEHAFKTHpln0hIh0ZPnlDEFRasGwJLm7nlcZR3umekqdL36+W3tMC
         1orCwtA+fJHS93fpKlqx2j1tXO5xAhSVkTExYNHzzX97X0LyFIMpfHsS5MYaII+4B8Jl
         Zxlg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id s14-v6si3222266pga.21.2018.07.18.06.47.14;
        Wed, 18 Jul 2018 06:47:29 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731246AbeGROYk (ORCPT <rfc822;chenc2371@gmail.com> + 99 others);
        Wed, 18 Jul 2018 10:24:40 -0400
Received: from zeniv.linux.org.uk ([195.92.253.2]:58616 "EHLO
        ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1731046AbeGROYk (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 18 Jul 2018 10:24:40 -0400
Received: from viro by ZenIV.linux.org.uk with local (Exim 4.87 #1 (Red Hat Linux))
        id 1ffmmp-0003VY-09; Wed, 18 Jul 2018 13:46:35 +0000
Date:   Wed, 18 Jul 2018 14:46:34 +0100
From:   Al Viro <viro@ZenIV.linux.org.uk>
To:     Miklos Szeredi <mszeredi@redhat.com>
Cc:     Stephen Rothwell <sfr@canb.auug.org.au>,
        linux-fsdevel <linux-fsdevel@vger.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        David Howells <dhowells@redhat.com>
Subject: Re: vfs / overlayfs conflict resolution for linux-next
Message-ID: <20180718134634.GT30522@ZenIV.linux.org.uk>
References: <20180711152555.GR30522@ZenIV.linux.org.uk>
 <20180711161540.GS30522@ZenIV.linux.org.uk>
 <20180712124326.GA19272@ZenIV.linux.org.uk>
 <CA+55aFwyOHvwV4qkmM1kRYQ+4brWbLSHaXE8GPV41u5Sj-AG4Q@mail.gmail.com>
 <20180712155337.GU30522@ZenIV.linux.org.uk>
 <20180718025636.GA26175@ZenIV.linux.org.uk>
 <20180718132955.2bf185b7@canb.auug.org.au>
 <CAOssrKf60FHqgG6pB5zOP7iV-qdHdDUODdG7SVpoNh3Pipo=6w@mail.gmail.com>
 <CAOssrKdqnsPSipweUCers6d2AgJX2aVGQUs1pd7cB79GoSJH1Q@mail.gmail.com>
 <20180718124340.GS30522@ZenIV.linux.org.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20180718124340.GS30522@ZenIV.linux.org.uk>
User-Agent: Mutt/1.9.1 (2017-09-22)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Jul 18, 2018 at 01:43:40PM +0100, Al Viro wrote:

> It *is* broken.  For now leave override_creds() as in your variant, but
> we really want to deal with that crap eventually.
> 
> > Okay, so ->open() is a file op, and file ops should use file->f_cred,
> > but how are we going to enforce this?
> 
> I'd say we cut down on the use of current_cred() when deep in call chain...

Actually, how about this:

#define call_with_creds(__cred, expr) ({		\
	__typeof__(expr) ____res;			\
	const struct cred *____old = current->cred;	\
	const struct cred *____new = (__cred);		\
	rcu_assign_pointer(current->cred, ____new);	\
	____res = expr;					\
	BUG_ON(current->cred != ____new);		\
	rcu_assign_pointer(current->cred, ____old);	\
	____res;					\
})

and replacing
                error = open(inode, f);
with
		error = call_with_cred(f->f_cred, open(inode, f));

possibly with similar at other methods callsites?  Unlike override_creds()
and revert_creds() it's cheap - no validation of creds, no cacheline
ping-pong...

Folks?