Re: Re: Re: Re: Re: [PATCH 1/3] switch_creds: Syscall to switch creds for file server ops

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jim Lieb <jlieb@panasas.com>
To: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Cc: <luto@amacapital.net>, <linux-fsdevel@vger.kernel.org>,
	<ebiederm@xmission.com>, <viro@zeniv.linux.org.uk>,
	<tytso@mit.edu>, <linux-kernel@vger.kernel.org>,
	<bfields@redhat.com>, <jlayton@redhat.com>
Subject: Re: Re: Re: Re: Re: [PATCH 1/3] switch_creds: Syscall to switch creds for file server ops
Date: Fri, 1 Nov 2013 08:49:12 -0700	[thread overview]
Message-ID: <3320616.dLyWU2ChR5@jlieb-e6410> (raw)
In-Reply-To: <201311012224.CBG18210.StOOMLHVJOFQFF@I-love.SAKURA.ne.jp>

On Friday, November 01, 2013 22:24:12 Tetsuo Handa wrote:
> Jim Lieb wrote:
> > Subsequent uses look like:
> > 	use_creds(cached fd);
> > 
> > followed by
> > 
> > 	open/creat/mknod/write
> > 
> > followed by
> > 
> > 	use_creds(-1);
> 
> Are you aware that calling commit_creds() is prohibitted between
> override_creds() and revert_creds() ?
> 
> If the caller does some operation that calls commit_creds() (like
> example below), the kernel triggers BUG().

Yes, I do.  I caught this in an early pass.  I only use override_creds() and 
revert_creds().  
> 
> ---------- example module start ----------
> #include <linux/module.h>
> #include <linux/cred.h>
> #include <linux/fs.h>
> #include <linux/file.h>
> 
> static int __init test_init(void)
> {
>         { /* switch_creds() syscall */
>                 struct fd f = fdget(0);
>                 if (!f.file)
>                         return -EBADF;
>                 put_cred(override_creds(f.file->f_cred));
>                 fdput(f);
>         }
>         { /* something that calls commit_creds() */
>                 struct cred *cred = prepare_creds();
>                 if (cred)
>                         commit_creds(cred);
>         }
>         return 0;
> }
> 
> static void test_exit(void)
> {
> }
> 
> module_init(test_init);
> module_exit(test_exit);
> MODULE_LICENSE("GPL");
> ---------- example module end ----------
> 
> Since nobody can guarantee that the caller of switch_creds() never does
> some operation that calls commit_creds(), I don't think switch_creds()
> based on override_creds() will work.

-- 
Jim Lieb
Linux Systems Engineer
Panasas Inc.

"If ease of use was the only requirement, we would all be riding tricycles"
- Douglas Engelbart 1925–2013

next prev parent reply	other threads:[~2013-11-01 15:49 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-10-16 22:01 [RFC PATCH 0/3] System call to switch user credentials Jim Lieb
2013-10-16 22:01 ` [PATCH 1/3] switch_creds: Syscall to switch creds for file server ops Jim Lieb
2013-10-16 22:42   ` Al Viro
2013-10-17  1:18     ` Eric W. Biederman
2013-10-17  1:20       ` Al Viro
2013-10-17  3:35         ` Jim Lieb
2013-10-17  3:35           ` Jim Lieb
2013-10-17  3:52         ` Eric W. Biederman
2013-10-24  1:14           ` Andy Lutomirski
2013-10-24  5:59             ` Eric W. Biederman
2013-10-24 19:04               ` Jim Lieb
2013-10-24 19:04                 ` Jim Lieb
2013-10-24 19:28               ` Andy Lutomirski
2013-10-24 20:24                 ` Jim Lieb
2013-10-24 20:24                   ` Jim Lieb
2013-10-31 19:09                   ` Andy Lutomirski
2013-10-31 19:09                     ` Andy Lutomirski
2013-10-31 19:43                     ` Jim Lieb
2013-10-31 19:48                       ` Andy Lutomirski
2013-10-31 20:39                         ` Jim Lieb
2013-11-01 13:24                           ` Tetsuo Handa
2013-11-01 15:49                             ` Jim Lieb [this message]
2013-11-01 16:07                               ` Tetsuo Handa
2013-11-01 17:16                                 ` Jim Lieb
2013-10-16 22:01 ` [PATCH 2/3] switch_creds: Add x86 syscall number Jim Lieb
2013-10-16 22:01 ` [PATCH 3/3] switch_creds: Assign x86_64 syscall number for switch_creds Jim Lieb

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3320616.dLyWU2ChR5@jlieb-e6410 \
    --to=jlieb@panasas.com \
    --cc=bfields@redhat.com \
    --cc=ebiederm@xmission.com \
    --cc=jlayton@redhat.com \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@amacapital.net \
    --cc=penguin-kernel@i-love.sakura.ne.jp \
    --cc=tytso@mit.edu \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.