NFSD: Don't hold unrefcounted creds over call to nfsd_setuser()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "J. Bruce Fields" <bfields@fieldses.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: David Howells <dhowells@redhat.com>,
	steved@redhat.com,
	rasmus-tUP8e6pgWdNlY7y4Fx5NiA@public.gmane.org,
	linux-nfs@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: NFSD: Don't hold unrefcounted creds over call to nfsd_setuser()
Date: Fri, 3 Jul 2009 11:47:57 -0400	[thread overview]
Message-ID: <20090703154757.GG31538@fieldses.org> (raw)
In-Reply-To: <31545.1246632086@redhat.com>

The following patch is appropriate for 2.6.31 (and stable), and is also
available from

  git://linux-nfs.org/~bfields/linux.git for-2.6.31

--b.

commit 033a666ccb842ab4134fcd0c861d5ba9f5d6bf3a
Author: David Howells <dhowells@redhat.com>
Date:   Thu Jul 2 14:35:32 2009 +0100

    NFSD: Don't hold unrefcounted creds over call to nfsd_setuser()
    
    nfsd_open() gets an unrefcounted pointer to the current process's effective
    credentials at the top of the function, then calls nfsd_setuser() via
    fh_verify() - which may replace and destroy the current process's effective
    credentials - and then passes the unrefcounted pointer to dentry_open() - but
    the credentials may have been destroyed by this point.
    
    Instead, the value from current_cred() should be passed directly to
    dentry_open() as one of its arguments, rather than being cached in a variable.
    
    Possibly fh_verify() should return the creds to use.
    
    This is a regression introduced by
    745ca2475a6ac596e3d8d37c2759c0fbe2586227 "CRED: Pass credentials through
    dentry_open()".
    
    Signed-off-by: David Howells <dhowells@redhat.com>
    Tested-and-Verified-By: Steve Dickson <steved@redhat.com>
    Cc: stable@kernel.org
    Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>

diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
index 4145083..23341c1 100644
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
@@ -678,7 +678,6 @@ __be32
 nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type,
 			int access, struct file **filp)
 {
-	const struct cred *cred = current_cred();
 	struct dentry	*dentry;
 	struct inode	*inode;
 	int		flags = O_RDONLY|O_LARGEFILE;
@@ -733,7 +732,7 @@ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type,
 		vfs_dq_init(inode);
 	}
 	*filp = dentry_open(dget(dentry), mntget(fhp->fh_export->ex_path.mnt),
-			    flags, cred);
+			    flags, current_cred());
 	if (IS_ERR(*filp))
 		host_err = PTR_ERR(*filp);
 	else

WARNING: multiple messages have this Message-ID (diff)

From: "J. Bruce Fields" <bfields@fieldses.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: David Howells <dhowells@redhat.com>,
	steved@redhat.com, rasmus@msconsult.dk,
	linux-nfs@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: NFSD: Don't hold unrefcounted creds over call to nfsd_setuser()
Date: Fri, 3 Jul 2009 11:47:57 -0400	[thread overview]
Message-ID: <20090703154757.GG31538@fieldses.org> (raw)
In-Reply-To: <31545.1246632086@redhat.com>

The following patch is appropriate for 2.6.31 (and stable), and is also
available from

  git://linux-nfs.org/~bfields/linux.git for-2.6.31

--b.

commit 033a666ccb842ab4134fcd0c861d5ba9f5d6bf3a
Author: David Howells <dhowells@redhat.com>
Date:   Thu Jul 2 14:35:32 2009 +0100

    NFSD: Don't hold unrefcounted creds over call to nfsd_setuser()
    
    nfsd_open() gets an unrefcounted pointer to the current process's effective
    credentials at the top of the function, then calls nfsd_setuser() via
    fh_verify() - which may replace and destroy the current process's effective
    credentials - and then passes the unrefcounted pointer to dentry_open() - but
    the credentials may have been destroyed by this point.
    
    Instead, the value from current_cred() should be passed directly to
    dentry_open() as one of its arguments, rather than being cached in a variable.
    
    Possibly fh_verify() should return the creds to use.
    
    This is a regression introduced by
    745ca2475a6ac596e3d8d37c2759c0fbe2586227 "CRED: Pass credentials through
    dentry_open()".
    
    Signed-off-by: David Howells <dhowells@redhat.com>
    Tested-and-Verified-By: Steve Dickson <steved@redhat.com>
    Cc: stable@kernel.org
    Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>

diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
index 4145083..23341c1 100644
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
@@ -678,7 +678,6 @@ __be32
 nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type,
 			int access, struct file **filp)
 {
-	const struct cred *cred = current_cred();
 	struct dentry	*dentry;
 	struct inode	*inode;
 	int		flags = O_RDONLY|O_LARGEFILE;
@@ -733,7 +732,7 @@ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type,
 		vfs_dq_init(inode);
 	}
 	*filp = dentry_open(dget(dentry), mntget(fhp->fh_export->ex_path.mnt),
-			    flags, cred);
+			    flags, current_cred());
 	if (IS_ERR(*filp))
 		host_err = PTR_ERR(*filp);
 	else

next prev parent reply	other threads:[~2009-07-03 15:48 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-07-02 13:35 [PATCH] NFSD: Don't hold unrefcounted creds over call to nfsd_setuser() David Howells
2009-07-02 13:35 ` David Howells
     [not found] ` <20090702133532.28297.89635.stgit-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2009-07-02 13:59   ` Steve Dickson
2009-07-02 13:59     ` Steve Dickson
2009-07-02 20:39   ` J. Bruce Fields
2009-07-02 20:39     ` J. Bruce Fields
2009-07-02 21:31     ` David Howells
2009-07-02 21:31       ` David Howells
2009-07-02 23:09       ` J. Bruce Fields
2009-07-02 23:09         ` J. Bruce Fields
2009-07-03 14:22         ` J. Bruce Fields
2009-07-03 14:22           ` J. Bruce Fields
2009-07-03 14:41           ` David Howells
2009-07-03 14:41             ` David Howells
2009-07-03 15:47             ` J. Bruce Fields [this message]
2009-07-03 15:47               ` J. Bruce Fields

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:4145083 dfblob:23341c1 dfblob:4145083 dfblob:23341c1 )
 OR (
bs:"NFSD: Don't hold unrefcounted creds over call to nfsd_setuser()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20090703154757.GG31538@fieldses.org \
    --to=bfields@fieldses.org \
    --cc=dhowells@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-nfs@vger.kernel.org \
    --cc=rasmus-tUP8e6pgWdNlY7y4Fx5NiA@public.gmane.org \
    --cc=steved@redhat.com \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.