From: Vinicius Costa Gomes <vinicius.gomes@intel.com>
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: brauner@kernel.org, amir73il@gmail.com, hu1.chen@intel.com,
malini.bhandaru@intel.com, tim.c.chen@intel.com,
mikko.ylinen@intel.com, lizhen.you@intel.com,
linux-unionfs@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 04/16] overlayfs: Document critical override_creds() operations
Date: Tue, 24 Sep 2024 18:13:39 -0300 [thread overview]
Message-ID: <87h6a43gcc.fsf@intel.com> (raw)
In-Reply-To: <87wmk2lx3s.fsf@intel.com>
Vinicius Costa Gomes <vinicius.gomes@intel.com> writes:
> Miklos Szeredi <miklos@szeredi.hu> writes:
>
>> On Thu, 22 Aug 2024 at 03:25, Vinicius Costa Gomes
>> <vinicius.gomes@intel.com> wrote:
>>>
>>> Add a comment to these operations that cannot use the _light version
>>> of override_creds()/revert_creds(), because during the critical
>>> section the struct cred .usage counter might be modified.
>>
>> Why is it a problem if the usage counter is modified? Why is the
>> counter modified in each of these cases?
>>
>
> Working on getting some logs from the crash that I get when I convert
> the remaining cases to use the _light() functions.
>
See the log below.
> Perhaps I was wrong on my interpretation of the crash.
>
What I am seeing is that ovl_setup_cred_for_create() has a "side
effect", it creates another set of credentials, runs the security hooks
with this new credentials, and the side effect is that when it returns,
by design, 'current->cred' is this new credentials (a third set of
credentials).
And this implies that refcounting for this is somewhat tricky, as said
in commit d0e13f5bbe4b ("ovl: fix uid/gid when creating over whiteout").
I see two ways forward:
1. Keep using the non _light() versions in functions that call
ovl_setup_cred_for_create().
2. Change ovl_setup_cred_for_create() so it doesn't drop the "extra"
refcount.
I went with (1), and it still sounds to me like the best way, but I
agree that my explanation was not good enough, will add the information
I just learned to the commit message and to the code.
Do you see another way forward? Or do you think that I should go with
(2)?
> Thanks for raising this, I should have added more information about this.
>
>
> Cheers,
> --
> Vinicius
[ 4.646955] [touch 1512] commit_creds(0000000009e62474{1})
[ 4.648637] [touch 1512] __put_cred(00000000200a9944{0})
[ 4.648844] [virtm 1502] prepare_creds() alloc 0000000050563530
[ 4.651631] [virtm 1513] prepare_creds() alloc 00000000da716e80
[ 4.652515] [mktem 1513] commit_creds(00000000da716e80{1})
[ 4.654056] ovl_create_or_link: [override] cred 0000000007112f42
[ 4.654108] ovl_override_creds_light: new cred 0000000007112f42{1}
[ 4.654155] ovl_override_creds_light: old cred 00000000da716e80{3}
[ 4.654199] [mktem 1513] prepare_creds() alloc 000000003c8d17b7
[ 4.654246] [mktem 1513] override_creds(000000003c8d17b7{1})
[ 4.654292] [mktem 1513] override_creds() = 0000000007112f42{1}
[ 4.654337] [mktem 1513] __put_cred(0000000007112f42{0})
[ 4.654388] [mktem 1513] __put_cred(0000000007112f42{0})
[ 4.654431] ------------[ cut here ]------------
[ 4.654470] ODEBUG: activate active (active state 1) object: 00000000ad88840d object type: rcu_head hint: 0x0
[ 4.654484] [swapp 0] exit_creds(1507,00000000efafcffd,00000000efafcffd,{2})
[ 4.654575] WARNING: CPU: 23 PID: 1513 at lib/debugobjects.c:515 debug_print_object+0x7d/0xb0
[ 4.654596] [swapp 0] __put_cred(00000000efafcffd{0})
[ 4.654674] Modules linked in: sha512_ssse3(E) isst_if_common(E-) crct10dif_pclmul(E) sha256_ssse3(E) skx_edac_common(E) nfit(E) virtio_net(E) net_failover(E) i2c_piix4(E) input_leds(E) psmouse(E) serio_raw(E) failover(E) i2c_smbus(E) pata_acpi(E) floppy(E) qemu_fw_cfg(E) mac_hid(E) overlay(E) 9pnet_virtio(E) virtiofs(E) 9p(E) 9pnet(E) netfs(E)
[ 4.654686] CPU: 23 UID: 0 PID: 1513 Comm: mktemp Tainted: G E 6.11.0-rc5+ #4
[ 4.654689] Tainted: [E]=UNSIGNED_MODULE
[ 4.654689] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
[ 4.654690] RIP: 0010:debug_print_object+0x7d/0xb0
[ 4.654692] Code: 01 8b 4b 14 48 c7 c7 d8 ce 3a 99 89 15 ec 53 77 02 8b 53 10 50 4c 8b 4d 00 48 8b 14 d5 80 32 e8 98 4c 8b 43 18 e8 73 fb a0 ff <0f> 0b 58 83 05 dd 35 c6 01 01 48 83 c4 08 5b 5d c3 cc cc cc cc 83
[ 4.654693] RSP: 0018:ff5fa086c391bd28 EFLAGS: 00010282
[ 4.654695] RAX: 0000000000000000 RBX: ff5fa086c391bd60 RCX: 0000000000140017
[ 4.654696] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000001
[ 4.654697] RBP: ffffffff98e28c40 R08: 0000000000000000 R09: ff4deb8a8531a0a8
[ 4.654697] R10: 0000000000000000 R11: 0000000000000001 R12: ff4deb8a87d29de8
[ 4.654698] R13: ffffffff98e28c40 R14: 0000000000000202 R15: ffffffff9aa64e58
[ 4.654699] FS: 00007ff8543af740(0000) GS:ff4deb8ab8580000(0000) knlGS:0000000000000000
[ 4.654700] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 4.654701] CR2: 00007ff8540ec040 CR3: 0000000005784002 CR4: 0000000000771ef0
[ 4.654704] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 4.654705] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400
[ 4.654706] PKRU: 55555554
[ 4.654707] Call Trace:
[ 4.654709] <TASK>
[ 4.654710] ? __warn+0x83/0x130
[ 4.654725] ? debug_print_object+0x7d/0xb0
[ 4.654726] ? report_bug+0x18e/0x1a0
[ 4.654773] [swapp 0] exit_creds(1508,00000000b957e777,00000000b957e777,{2})
Cheers,
--
Vinicius
next prev parent reply other threads:[~2024-09-24 21:13 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-22 1:25 [PATCH v2 00/16] overlayfs: Optimize override/revert creds Vinicius Costa Gomes
2024-08-22 1:25 ` [PATCH v2 01/16] cred: Add a light version of override/revert_creds() Vinicius Costa Gomes
2024-08-22 1:25 ` [PATCH v2 02/16] fs/backing-file: Convert to revert/override_creds_light() Vinicius Costa Gomes
2024-08-22 1:25 ` [PATCH v2 03/16] fs/overlayfs: Introduce ovl_override_creds_light() Vinicius Costa Gomes
2024-08-22 1:25 ` [PATCH v2 04/16] overlayfs: Document critical override_creds() operations Vinicius Costa Gomes
2024-08-22 8:14 ` Miklos Szeredi
2024-08-26 22:48 ` Vinicius Costa Gomes
2024-09-24 21:13 ` Vinicius Costa Gomes [this message]
2024-09-25 9:57 ` Christian Brauner
2024-09-25 14:17 ` Vinicius Costa Gomes
2024-10-07 11:12 ` Amir Goldstein
2024-10-07 16:13 ` Vinicius Costa Gomes
2024-08-22 1:25 ` [PATCH v2 05/16] overlayfs: Use ovl_override_creds_light()/revert_creds_light() Vinicius Costa Gomes
2024-08-22 8:26 ` Miklos Szeredi
2024-08-26 22:57 ` Vinicius Costa Gomes
2024-08-22 1:25 ` [PATCH v2 06/16] cred: Introduce cred_guard() and cred_scoped_guard() helpers Vinicius Costa Gomes
2024-08-22 1:25 ` [PATCH v2 07/16] fs/backing-file: Convert to cred_guard() Vinicius Costa Gomes
2024-08-22 8:31 ` Miklos Szeredi
2024-08-26 22:58 ` Vinicius Costa Gomes
2024-08-22 1:25 ` [PATCH v2 08/16] overlayfs/copy_up: " Vinicius Costa Gomes
2024-08-22 1:25 ` [PATCH v2 09/16] overlayfs/dir: " Vinicius Costa Gomes
2024-08-22 1:25 ` [PATCH v2 10/16] overlayfs/file: " Vinicius Costa Gomes
2024-08-22 8:41 ` Miklos Szeredi
2024-08-26 23:12 ` Vinicius Costa Gomes
2024-08-22 11:06 ` Amir Goldstein
2024-08-26 23:18 ` Vinicius Costa Gomes
2024-08-22 1:25 ` [PATCH v2 11/16] overlayfs/inode: " Vinicius Costa Gomes
2024-08-22 1:25 ` [PATCH v2 12/16] overlayfs/namei: " Vinicius Costa Gomes
2024-08-22 1:25 ` [PATCH v2 13/16] overlayfs/readdir: " Vinicius Costa Gomes
2024-08-22 1:25 ` [PATCH v2 14/16] overlayfs/xattrs: " Vinicius Costa Gomes
2024-08-22 1:25 ` [PATCH v2 15/16] overlayfs/util: " Vinicius Costa Gomes
2024-08-22 1:25 ` [PATCH v2 16/16] overlayfs: Remove ovl_override_creds_light() Vinicius Costa Gomes
2024-08-22 8:59 ` Miklos Szeredi
2024-08-26 23:21 ` Vinicius Costa Gomes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87h6a43gcc.fsf@intel.com \
--to=vinicius.gomes@intel.com \
--cc=amir73il@gmail.com \
--cc=brauner@kernel.org \
--cc=hu1.chen@intel.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-unionfs@vger.kernel.org \
--cc=lizhen.you@intel.com \
--cc=malini.bhandaru@intel.com \
--cc=mikko.ylinen@intel.com \
--cc=miklos@szeredi.hu \
--cc=tim.c.chen@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.