Received: by 2002:a05:7412:3290:b0:fa:6e18:a558 with SMTP id ev16csp640893rdb; Fri, 26 Jan 2024 06:34:42 -0800 (PST) X-Google-Smtp-Source: AGHT+IFsKcocriXnddZ0bm2KIK/vpCj8GzNi3mlthtuCfvIY3Ro1iys5w7Q53BwyyemCuALvY1ah X-Received: by 2002:a17:903:20f:b0:1d7:6301:96d7 with SMTP id r15-20020a170903020f00b001d7630196d7mr1429454plh.115.1706279682038; Fri, 26 Jan 2024 06:34:42 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706279682; cv=pass; d=google.com; s=arc-20160816; b=yIDIYIV5LKLJCXpwl8T9XSyTjfX+48hhHV+T0ZlflgHv+/zOXj0AYYRvGh6V3uV/F+ 2wq7TQ9jY+Ngc4hszsvJIUjU3631mWvXh84JbHozyU7dAxwiOXnRNko7VR7wA8+d7rud VcOjAM8KIYRe4XvudxFPyRnFOpqXeETUGxqWCcnNHowS2brlPyKlHBCj/YS6p1MOOH54 LtsizIHpsuBgKEcSVoUS70iL7667w0cHikifTaWQlv6+dCT4S8lGwOB0FcBJQLK/ZhiI mqjINDsHqDg5i7naw2VkRMNW5gIBSW7DugD+4gt2PCWZ2HyOcgD8qPOANl1ccBXyrvL0 Vm4Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=emTp1NUA7NOW6whRrPCnnRtv6Gl2tOXIM2ZOxRmunDs=; fh=5j3o3gRPXlaGk7hEQhcSZhqvv1K4HL1ubtD6i+K8Y3U=; b=T6p6qPCkeH84SBwf1yiytP3n/P+voeC2LaX2gsMgzl58og1WklSvM6qbpNBzFumQqr 7QObcC6L4x3Gh9y7V0GVgXVEFq+VcNOhZBIyzL2CI0pkS4LpWyVAnvDQU2BiFOJnkvEE SqEHzt1FfF6B2+mOpaY8bQm5AksAPQ2mMvFbe5s0JUMIpm6MTB4ZKUWaTyY99Qc0WXAL 0yO8evwaspblQYkgSo1X9GUSCkoZyaGqUDRjksB3fVsU5XMbiEYTjHUDC8YFCImRHvQA ojjVOts9Xr+Wt4RU4cC0u9OPbmCUbdD96K+LmHYNHDQw0dBHjzS2ugCnyCYx45PjC+ks Fpdw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=NmoiS7im; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-40187-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-40187-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id u6-20020a170903124600b001d6ed2e9c87si1228390plh.29.2024.01.26.06.34.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 26 Jan 2024 06:34:42 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-40187-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=NmoiS7im; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-40187-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-40187-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id A82B12851EB for ; Fri, 26 Jan 2024 14:34:41 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 0B4481C69D; Fri, 26 Jan 2024 14:34:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="NmoiS7im" Received: from mail-ot1-f49.google.com (mail-ot1-f49.google.com [209.85.210.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BE2B61C683; Fri, 26 Jan 2024 14:34:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.49 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706279674; cv=none; b=FOH3YORLcQEgjD01LsOsNxPEKZygrHlcm3yE+XLqZ0Jt3vwQ3Y5Oy283yNtYeW5/C0JiV4dc62Gb8Pu9DnJEZFRB2STQVUZQYk26FoTIQiS69QhgAgcZTXsbeePje9JXC0BT8WD2ZDNb0iVHnKhoHVMr/e6aSqSx/xvBKDOkZDE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706279674; c=relaxed/simple; bh=VlHEm8CiSi592wojj3UsutYwrubNjD27MWN2kaDZJdc=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=VFjgmSz1x1I9+gPGi1u15c0MLSDQXdL47PvUIj+Jz0FnYMUYnK2ExtRXilZVnsloaVpTQanToHAnuoBCC5OzlhCYtwc3fovxeKvRNNeoJ/gULeWBXjZGCbH2njTinfPqOT5Bh3XNu4Ue10TSfmhYG4zAka4N7qrSjJtD3/6BZUw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=NmoiS7im; arc=none smtp.client-ip=209.85.210.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-ot1-f49.google.com with SMTP id 46e09a7af769-6de424cef01so229260a34.2; Fri, 26 Jan 2024 06:34:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1706279672; x=1706884472; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=emTp1NUA7NOW6whRrPCnnRtv6Gl2tOXIM2ZOxRmunDs=; b=NmoiS7imJiUtRUi5c4YdV5gWnq1RBF+J7v5gncs243EgcIHrX8hFnoMSuHdL5+dokC zJZKNvFZYVW1XzPVAK/dyAxlrPDYPgQ5HYZqEByrLUOBV7st2W3Ioq+nV/ByUKj0qEOl cTrFbQD7EhmOIqEf9V+l1dDON53/XRhfVPm7V8vxi+/pHSrcXD9OEd5rP3uWZhPOVSqz Wk2OecxIzmtxDxIy7CD8jt0tSpXKVVgvdWsNxRXpRXToRAHPHaJSIghvGwSpKVjzrElZ ri2f5Wcwl7mf1EogrNqgjLO7jutY+vr5ujtc4Dy9227RjsJtRs0cvSeYqPZYZLXXvuzs 01mQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706279672; x=1706884472; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=emTp1NUA7NOW6whRrPCnnRtv6Gl2tOXIM2ZOxRmunDs=; b=LERoHmJw2yHEtw2179d4ATivuyVBUJjvdvcoGA35f5HRtbuKeYgLjl3/KLrYzjhu+A pqmNs+umsrCrzzUqWEC6cgVQuRfNrQhUZs7SDp8zsmelicRXc+5gul1abvd4lpk1REey /xFp9U+GXyoG3XKq1wTHZ9SXrYbBKkTFHd48BbUzr0SnwvPT2AG0hgg/3OJIfpiesCVE a38/znwdCIfzSQdEIRoPQXGLl3F96pu16in6KoCYCuFNJNUEP1Tc04LYza2MUoSDJOJW Yi2nYDem2NoMJY5P+Mm2lcMS6Ql8AjTyl/IHsCS2IQ+gBz2vakLh4T4gTNq/UAL97RbM z1FQ== X-Gm-Message-State: AOJu0YxvYtQMrpF/TQP6uBvw3wRd2ng7XljyM3pMNYFiSRs6y9RD7qbZ nkbjBE/B+WsjkwkWm17kd0CRq7eF0C7nlicPtJZxjl2FOyrgOIiH/fwZeoS4lMxUhV+yaDXwIeY Wi2oNVi+qTwORWSt3L0oa9hj7z4s= X-Received: by 2002:a05:6830:33fc:b0:6e1:3a1:3358 with SMTP id i28-20020a05683033fc00b006e103a13358mr1343858otu.52.1706279671719; Fri, 26 Jan 2024 06:34:31 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240125235723.39507-1-vinicius.gomes@intel.com> <20240125235723.39507-3-vinicius.gomes@intel.com> In-Reply-To: <20240125235723.39507-3-vinicius.gomes@intel.com> From: Amir Goldstein Date: Fri, 26 Jan 2024 16:34:20 +0200 Message-ID: Subject: Re: [RFC v2 2/4] cred: Add a light version of override/revert_creds() To: Vinicius Costa Gomes Cc: brauner@kernel.org, hu1.chen@intel.com, miklos@szeredi.hu, malini.bhandaru@intel.com, tim.c.chen@intel.com, mikko.ylinen@intel.com, lizhen.you@intel.com, linux-unionfs@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Fri, Jan 26, 2024 at 1:57=E2=80=AFAM Vinicius Costa Gomes wrote: > > Add a light version of override/revert_creds(), this should only be > used when the credentials in question will outlive the critical > section and the critical section doesn't change the ->usage of the > credentials. > > To make their usage less error prone, introduce cleanup guards asto be > used like this: > > guard(cred)(credentials_to_override_and_restore); > > or this: > > scoped_guard(cred, credentials_to_override_and_restore) { > /* with credentials overridden */ > } > > Signed-off-by: Vinicius Costa Gomes You may add: Reviewed-by: Amir Goldstein I would also add: Suggested-by: Christian Brauner Thanks, Amir. > --- > include/linux/cred.h | 21 +++++++++++++++++++++ > kernel/cred.c | 6 +++--- > 2 files changed, 24 insertions(+), 3 deletions(-) > > diff --git a/include/linux/cred.h b/include/linux/cred.h > index 2976f534a7a3..e9f2237e4bf8 100644 > --- a/include/linux/cred.h > +++ b/include/linux/cred.h > @@ -172,6 +172,27 @@ static inline bool cap_ambient_invariant_ok(const st= ruct cred *cred) > cred->cap_inheritable)); > } > > +/* > + * Override creds without bumping reference count. Caller must ensure > + * reference remains valid or has taken reference. Almost always not the > + * interface you want. Use override_creds()/revert_creds() instead. > + */ > +static inline const struct cred *override_creds_light(const struct cred = *override_cred) > +{ > + const struct cred *old =3D current->cred; > + > + rcu_assign_pointer(current->cred, override_cred); > + return old; > +} > + > +static inline void revert_creds_light(const struct cred *revert_cred) > +{ > + rcu_assign_pointer(current->cred, revert_cred); > +} > + > +DEFINE_GUARD(cred, const struct cred *, _T =3D override_creds_light(_T), > + revert_creds_light(_T)); > + > /** > * get_new_cred_many - Get references on a new set of credentials > * @cred: The new credentials to reference > diff --git a/kernel/cred.c b/kernel/cred.c > index c033a201c808..f95f71e3ac1d 100644 > --- a/kernel/cred.c > +++ b/kernel/cred.c > @@ -485,7 +485,7 @@ EXPORT_SYMBOL(abort_creds); > */ > const struct cred *override_creds(const struct cred *new) > { > - const struct cred *old =3D current->cred; > + const struct cred *old; > > kdebug("override_creds(%p{%ld})", new, > atomic_long_read(&new->usage)); > @@ -499,7 +499,7 @@ const struct cred *override_creds(const struct cred *= new) > * visible to other threads under RCU. > */ > get_new_cred((struct cred *)new); > - rcu_assign_pointer(current->cred, new); > + old =3D override_creds_light(new); > > kdebug("override_creds() =3D %p{%ld}", old, > atomic_long_read(&old->usage)); > @@ -521,7 +521,7 @@ void revert_creds(const struct cred *old) > kdebug("revert_creds(%p{%ld})", old, > atomic_long_read(&old->usage)); > > - rcu_assign_pointer(current->cred, old); > + revert_creds_light(old); > put_cred(override); > } > EXPORT_SYMBOL(revert_creds); > -- > 2.43.0 >