[GIT PULL] overlayfs updates for 6.13

[GIT PULL] overlayfs updates for 6.13

[Amir Goldstein]

Hi Linus,

Please pull overlayfs updates for 6.13.

This pull request has some changes in code outside of fs/overlayfs:

1. The backing_file API change touches fuse code - that was collaborated
   with Miklos who authored this API change

2. The additions of revert/override_creds_light() helpers in cred.{h,c}
   were collaborated with Christian who has suggested those helpers

There was also an overlayfs change in this cycle coming from Christian
(file descriptors based layer setup).  His changes do not conflict with
this branch and I have also tested his change along with the fs-next
community test branch.

Most of this branch has been sitting in linux-next for over a week except
for one syzbot issue fix that was added three days ago.

The code has gone through the usual overlayfs test routines.

The branch merges cleanly with master branch of the moment.

Thanks,
Amir.

----------------------------------------------------------------
The following changes since commit 2d5404caa8c7bb5c4e0435f94b28834ae5456623:

  Linux 6.12-rc7 (2024-11-10 14:19:35 -0800)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/overlayfs/vfs.git ovl-update-6.13

for you to fetch changes up to c8b359dddb418c60df1a69beea01d1b3322bfe83:

  ovl: Filter invalid inodes with missing lookup function (2024-11-20 10:23:04 +0100)

----------------------------------------------------------------
overlayfs updates for 6.13

- Fix a syzbot reported NULL pointer deref with bfs lower layers

- Fix a copy up failure of large file from lower fuse fs

- Followup cleanup of backing_file API from Miklos

- Introduction and use of revert/override_creds_light() helpers, that were
  suggested by Christian as a mitigation to cache line bouncing and false
  sharing of fields in overlayfs creator_cred long lived struct cred copy.

- Store up to two backing file references (upper and lower) in an ovl_file
  container instead of storing a single backing file in file->private_data.

  This is used to avoid the practice of opening a short lived backing file
  for the duration of some file operations and to avoid the specialized use
  of FDPUT_FPUT in such occasions, that was getting in the way of Al's
  fd_file() conversions.

----------------------------------------------------------------
Amir Goldstein (6):
      ovl: pass an explicit reference of creators creds to callers
      ovl: do not open non-data lower file for fsync
      ovl: allocate a container struct ovl_file for ovl private context
      ovl: store upper real file in ovl_file struct
      ovl: convert ovl_real_fdget_path() callers to ovl_real_file_path()
      ovl: convert ovl_real_fdget() callers to ovl_real_file()

Miklos Szeredi (1):
      backing-file: clean up the API

Oleksandr Tymoshenko (1):
      ovl: properly handle large files in ovl_security_fileattr

Vasiliy Kovalev (1):
      ovl: Filter invalid inodes with missing lookup function

Vinicius Costa Gomes (4):
      cred: Add a light version of override/revert_creds()
      fs/backing-file: Convert to revert/override_creds_light()
      ovl: use wrapper ovl_revert_creds()
      ovl: Optimize override/revert creds

 fs/backing-file.c            |  53 ++++---
 fs/fuse/passthrough.c        |  32 +++--
 fs/overlayfs/copy_up.c       |   2 +-
 fs/overlayfs/dir.c           |  68 ++++++---
 fs/overlayfs/file.c          | 327 +++++++++++++++++++++++++------------------
 fs/overlayfs/inode.c         |  27 ++--
 fs/overlayfs/namei.c         |  10 +-
 fs/overlayfs/overlayfs.h     |   4 +
 fs/overlayfs/readdir.c       |   8 +-
 fs/overlayfs/util.c          |  14 +-
 fs/overlayfs/xattrs.c        |   9 +-
 include/linux/backing-file.h |  11 +-
 include/linux/cred.h         |  18 +++
 kernel/cred.c                |   6 +-
 14 files changed, 352 insertions(+), 237 deletions(-)

Re: [GIT PULL] overlayfs updates for 6.13

[Linus Torvalds]

On Fri, 22 Nov 2024 at 01:57, Amir Goldstein <amir73il@gmail.com> wrote:
>
> - Introduction and use of revert/override_creds_light() helpers, that were
>   suggested by Christian as a mitigation to cache line bouncing and false
>   sharing of fields in overlayfs creator_cred long lived struct cred copy.

So I don't actively hate this, but I do wonder if this shouldn't have
been done differently.

In particular, I suspect *most* users of override_creds() actually
wants this "light" version, because they all already hold a ref to the
cred that they want to use as the override.

We did it that safe way with the extra refcount not because most
people would need it, but it was expected to not be a big deal.

Now you found that it *is* a big deal, and instead of just fixing the
old interface, you create a whole new interface and the mental burden
of having to know the difference between the two.

So may I ask that you look at perhaps just converting the (not very
many) users of the non-light cred override to the "light" version?

Because I suspect you will find that they basically *all* convert. I
wouldn't be surprised if some of them could convert automatically with
a coccinelle script.

Because we actually have several users that have a pattern line

        old_cred = override_creds(override_cred);

        /* override_cred() gets its own ref */
        put_cred(override_cred);

because it *didn't* want the new cred, because it's literally a
temporary cred that already had the single ref it needed, and the code
actually it wants it to go away when it does

        revert_creds(old_cred);

End result: I suspect what it *really* would have wanted is basically
to have 'override_creds()' not do the refcount at all, and at revert
time, it would want "revert_creds()" to return the creds that got
reverted, and then it would just do

        old_cred = override_creds(override_cred);
        ...
        put_cred(revert_creds(old_cred));

instead - which would not change the refcount on 'old_cred' at all at
any time (and does it for the override case only at the end when it
actually wants it free'd).

And the above is very annoyingly *almost* exactly what your "light"
interface does, except your interface is bad too: it doesn't return
the reverted creds.

So then users have to remember the override_creds *and* the old creds,
just to do their own cred refcounting outside of this all.

In other words, what I really dislike about this all is that

 (a) we had a flawed interface

 (b) you added *another* flawed interface for one special case you cared about

 (c) now we have *two* flawed interfaces instead of one better one

Hmm?

                  Linus

Re: [GIT PULL] overlayfs updates for 6.13

[Linus Torvalds]

On Fri, 22 Nov 2024 at 21:21, Linus Torvalds
<torvalds@linux-foundation.org> wrote:
>
> So I don't actively hate this, but I do wonder if this shouldn't have
> been done differently.

Just to clarify: because I understand *why* you wanted this, and
because I don't hate it with a passion, I have pulled your changes.

But I really think we could and should do better. Please?

               Linus

Re: [GIT PULL] overlayfs updates for 6.13

[pr-tracker-bot]

The pull request you sent on Fri, 22 Nov 2024 10:57:46 +0100:

> git://git.kernel.org/pub/scm/linux/kernel/git/overlayfs/vfs.git ovl-update-6.13

has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/e7675238b9bf4db0b872d5dbcd53efa31914c98f

Thank you!

-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/prtracker.html

Re: [GIT PULL] overlayfs updates for 6.13

[Linus Torvalds]

On Fri, 22 Nov 2024 at 21:21, Linus Torvalds
<torvalds@linux-foundation.org> wrote:
>
> So may I ask that you look at perhaps just converting the (not very
> many) users of the non-light cred override to the "light" version?

I think you could do a completely automated conversion:

 (a) add a new "dup_cred()" helper

    /* Get the cred without clearing the 'non_rcu' flag */
    const struct cred *dup_cred(const struct cred *cred)
    { get_new_cred((struct cred *)cred); return cred; }

 (b) mindlessly convert:

    override_creds(cred) -> override_creds_light(dup_cred(cred))

    revert_creds(cred) -> put_cred(revert_creds_light(old));

 (c) rename away the "_light" again:

    override_creds_light -> override_creds
    revert_creds_light -> revert_creds

and then finally the only non-automated part would be

 (d) simplify any obvious and trivial dup_cred -> put_cred chains.

which might take some effort, but there should be at least a couple of
really obvious cases of "that's not necessary".

Because honestly, I think I'd rather see a few cases of

        old_creds = override_creds(dup_cred(cred));
        ...
        put_cred(revert_creds(old));

that look a bit more complicated, and couldn't be trivially simplified away.

That seems better than the current case of having two very different
forms of override_creds() / put_cred() where people have to know
deeply when to use one or the other.

No?

                Linus

Re: [GIT PULL] overlayfs updates for 6.13

[Al Viro]

On Fri, Nov 22, 2024 at 10:09:04PM -0800, Linus Torvalds wrote:

>  (a) add a new "dup_cred()" helper
> 
>     /* Get the cred without clearing the 'non_rcu' flag */
>     const struct cred *dup_cred(const struct cred *cred)
>     { get_new_cred((struct cred *)cred); return cred; }

Umm...  Something like hold_cred() might be better - dup usually
implies copying an object...  For grapping a reference we
normally go for something like hold/get/grab/pin...

Re: [GIT PULL] overlayfs updates for 6.13

[Christian Brauner]

On Fri, Nov 22, 2024 at 09:21:58PM -0800, Linus Torvalds wrote:
> On Fri, 22 Nov 2024 at 01:57, Amir Goldstein <amir73il@gmail.com> wrote:
> >
> > - Introduction and use of revert/override_creds_light() helpers, that were
> >   suggested by Christian as a mitigation to cache line bouncing and false
> >   sharing of fields in overlayfs creator_cred long lived struct cred copy.
> 
> So I don't actively hate this, but I do wonder if this shouldn't have
> been done differently.
> 
> In particular, I suspect *most* users of override_creds() actually
> wants this "light" version, because they all already hold a ref to the
> cred that they want to use as the override.
> 
> We did it that safe way with the extra refcount not because most
> people would need it, but it was expected to not be a big deal.
> 
> Now you found that it *is* a big deal, and instead of just fixing the
> old interface, you create a whole new interface and the mental burden
> of having to know the difference between the two.

> So may I ask that you look at perhaps just converting the (not very
> many) users of the non-light cred override to the "light" version?

I think that could be a good idea in general.

But I have to say I'm feeling a bit defensive after having read your
message even though I usually try not to. :) 

So just to clarify when that issue was brought up I realized that the
cred bump was a big deal for overlayfs but from a quick grep I didn't
think for any of the other cases it really mattered that much.

Realistically, overlayfs is the prime example where that override cred
matters big time because it's called everywhere and in all core
operations one can think of. But so far I at least haven't heard
complaints outside of that and so the immediate focus was to bring about
a solution for overlayfs.

The reason the revert_creds_light() variant doesn't return the old creds
is so that callers don't put_cred() them blindly.

Because for overlayfs (and from a quick glance io_uring and nfs) the
refcount for the temporary creds is kept completely independent of the
callsites.

The lifetime is bound to the superblock and so the final put on the
temporary creds has nothing to do with the callers at all.

Re: [GIT PULL] overlayfs updates for 6.13

[Linus Torvalds]

On Fri, 22 Nov 2024 at 22:14, Al Viro <viro@zeniv.linux.org.uk> wrote:
>
> On Fri, Nov 22, 2024 at 10:09:04PM -0800, Linus Torvalds wrote:
>
> >  (a) add a new "dup_cred()" helper
> >
> >     /* Get the cred without clearing the 'non_rcu' flag */
> >     const struct cred *dup_cred(const struct cred *cred)
> >     { get_new_cred((struct cred *)cred); return cred; }
>
> Umm...  Something like hold_cred() might be better - dup usually
> implies copying an object...

Ack. "dup" is clearly a horrible name, and I'm ashamed and properly chastised.

               Linus

Re: [GIT PULL] overlayfs updates for 6.13

[Linus Torvalds]

On Sat, 23 Nov 2024 at 04:06, Christian Brauner <brauner@kernel.org> wrote:
>
> So just to clarify when that issue was brought up I realized that the
> cred bump was a big deal for overlayfs but from a quick grep I didn't
> think for any of the other cases it really mattered that much.

Oh, I agree. It's probably not really a performance issue anywhere
else. I don't think this has really ever come up before.

So my "please convert everything to one single new model" is not
because I think that would help performance, but because I really hate
having two differently flawed models when I think one would do.

We have other situations where we really do have two or more different
interfaces for the "same" thing, with very special rules: things like
fget() vs fget_raw() vs fget_task() (and similar issues wrt fdget).

But I think those other situations have more _reason_ for them.

The whole "override_creds()" thing is _already_ such a special
operation, that I hate seeing two subtly different versions of the
interface, both with their own quirks.

Because the old interface really isn't some "perfectly tailored"
thing. Yes, the performance implications were a surprise to me and I
hadn't seen that before, but the "refcounting isn't wonderful" was
_not_ really a big surprise at all.

                        Linus

Re: [GIT PULL] overlayfs updates for 6.13

[Christian Brauner]

On Sat, Nov 23, 2024 at 01:06:14PM +0100, Christian Brauner wrote:
> On Fri, Nov 22, 2024 at 09:21:58PM -0800, Linus Torvalds wrote:
> > On Fri, 22 Nov 2024 at 01:57, Amir Goldstein <amir73il@gmail.com> wrote:
> > >
> > > - Introduction and use of revert/override_creds_light() helpers, that were
> > >   suggested by Christian as a mitigation to cache line bouncing and false
> > >   sharing of fields in overlayfs creator_cred long lived struct cred copy.
> > 
> > So I don't actively hate this, but I do wonder if this shouldn't have
> > been done differently.
> > 
> > In particular, I suspect *most* users of override_creds() actually
> > wants this "light" version, because they all already hold a ref to the
> > cred that they want to use as the override.
> > 
> > We did it that safe way with the extra refcount not because most
> > people would need it, but it was expected to not be a big deal.
> > 
> > Now you found that it *is* a big deal, and instead of just fixing the
> > old interface, you create a whole new interface and the mental burden
> > of having to know the difference between the two.
> 
> > So may I ask that you look at perhaps just converting the (not very
> > many) users of the non-light cred override to the "light" version?
> 
> I think that could be a good idea in general.
> 
> But I have to say I'm feeling a bit defensive after having read your
> message even though I usually try not to. :) 

It was just pointed out to me that this was written like I'm not reading
you messages - which is obviously not the case. What I means it that I
usually try to not be defensive when valid criticism is brought up. :)

[PATCH 00/26] cred: rework {override,revert}_creds()

[Christian Brauner]

For the v6.13 cycle we switched overlayfs to a variant of
override_creds() that doesn't take an extra reference. To this end I
suggested introducing {override,revert}_creds_light() which overlayfs
could use.

This seems to work rather well. As Linus correctly points out that we
should look into unifying both and simply make {override,revert}_creds()
do what {override,revert}_creds_light() currently does. Caller's that
really need the extra reference count can take it manually.

This series does all that. Afaict, most callers can be directly
converted over and can avoid the extra reference count completely.

Lightly tested.

---
Christian Brauner (26):
      tree-wide: s/override_creds()/override_creds_light(get_new_cred())/g
      cred: return old creds from revert_creds_light()
      tree-wide: s/revert_creds()/put_cred(revert_creds_light())/g
      cred: remove old {override,revert}_creds() helpers
      tree-wide: s/override_creds_light()/override_creds()/g
      tree-wide: s/revert_creds_light()/revert_creds()/g
      firmware: avoid pointless reference count bump
      sev-dev: avoid pointless cred reference count bump
      target_core_configfs: avoid pointless cred reference count bump
      aio: avoid pointless cred reference count bump
      binfmt_misc: avoid pointless cred reference count bump
      coredump: avoid pointless cred reference count bump
      nfs/localio: avoid pointless cred reference count bumps
      nfs/nfs4idmap: avoid pointless reference count bump
      nfs/nfs4recover: avoid pointless cred reference count bump
      nfsfh: avoid pointless cred reference count bump
      open: avoid pointless cred reference count bump
      ovl: avoid pointless cred reference count bump
      cifs: avoid pointless cred reference count bump
      cifs: avoid pointless cred reference count bump
      smb: avoid pointless cred reference count bump
      io_uring: avoid pointless cred reference count bump
      acct: avoid pointless reference count bump
      cgroup: avoid pointless cred reference count bump
      trace: avoid pointless cred reference count bump
      dns_resolver: avoid pointless cred reference count bump

 drivers/base/firmware_loader/main.c   |  3 +--
 drivers/crypto/ccp/sev-dev.c          |  2 +-
 drivers/target/target_core_configfs.c |  3 +--
 fs/aio.c                              |  3 +--
 fs/backing-file.c                     | 20 +++++++-------
 fs/cachefiles/internal.h              |  4 +--
 fs/nfsd/auth.c                        |  4 +--
 fs/nfsd/filecache.c                   |  2 +-
 fs/nfsd/nfs4recover.c                 |  3 +--
 fs/nfsd/nfsfh.c                       |  1 -
 fs/open.c                             | 10 ++-----
 fs/overlayfs/copy_up.c                |  6 ++---
 fs/overlayfs/dir.c                    |  4 +--
 fs/overlayfs/util.c                   |  4 +--
 fs/smb/server/smb_common.c            |  4 +--
 include/linux/cred.h                  | 14 ++++------
 kernel/cred.c                         | 50 -----------------------------------
 kernel/trace/trace_events_user.c      |  3 +--
 18 files changed, 35 insertions(+), 105 deletions(-)
---
base-commit: 228a1157fb9fec47eb135b51c0202b574e079ebf
change-id: 20241124-work-cred-349b65450082

[PATCH 01/26] tree-wide: s/override_creds()/override_creds_light(get_new_cred())/g

[Christian Brauner]

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 drivers/base/firmware_loader/main.c   | 2 +-
 drivers/crypto/ccp/sev-dev.c          | 2 +-
 drivers/target/target_core_configfs.c | 2 +-
 fs/aio.c                              | 2 +-
 fs/binfmt_misc.c                      | 2 +-
 fs/cachefiles/internal.h              | 2 +-
 fs/coredump.c                         | 2 +-
 fs/nfs/localio.c                      | 4 ++--
 fs/nfs/nfs4idmap.c                    | 2 +-
 fs/nfsd/auth.c                        | 2 +-
 fs/nfsd/nfs4recover.c                 | 2 +-
 fs/nfsd/nfsfh.c                       | 2 +-
 fs/open.c                             | 2 +-
 fs/overlayfs/copy_up.c                | 2 +-
 fs/smb/client/cifs_spnego.c           | 2 +-
 fs/smb/client/cifsacl.c               | 4 ++--
 fs/smb/server/smb_common.c            | 2 +-
 io_uring/io_uring.c                   | 2 +-
 io_uring/sqpoll.c                     | 2 +-
 kernel/acct.c                         | 2 +-
 kernel/cgroup/cgroup.c                | 2 +-
 kernel/trace/trace_events_user.c      | 2 +-
 net/dns_resolver/dns_query.c          | 2 +-
 23 files changed, 25 insertions(+), 25 deletions(-)

diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c
index 324a9a3c087aa2e2c4e0b53b30a2f11f61195aa3..74039d6b2b71b91d0d1d57b71f74501abaf646e2 100644
--- a/drivers/base/firmware_loader/main.c
+++ b/drivers/base/firmware_loader/main.c
@@ -912,7 +912,7 @@ _request_firmware(const struct firmware **firmware_p, const char *name,
 		ret = -ENOMEM;
 		goto out;
 	}
-	old_cred = override_creds(kern_cred);
+	old_cred = override_creds_light(get_new_cred(kern_cred));
 
 	ret = fw_get_filesystem_firmware(device, fw->priv, "", NULL);
 
diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
index af018afd9cd7fc68c5f9004e2d0a2ee162d8c4b9..2ad6e41af085a400e88b3207c9b55345f57526e1 100644
--- a/drivers/crypto/ccp/sev-dev.c
+++ b/drivers/crypto/ccp/sev-dev.c
@@ -244,7 +244,7 @@ static struct file *open_file_as_root(const char *filename, int flags, umode_t m
 	if (!cred)
 		return ERR_PTR(-ENOMEM);
 	cred->fsuid = GLOBAL_ROOT_UID;
-	old_cred = override_creds(cred);
+	old_cred = override_creds_light(get_new_cred(cred));
 
 	fp = file_open_root(&root, filename, flags, mode);
 	path_put(&root);
diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c
index c40217f44b1bc53d149e8d5ea12c0e5297373800..be98d16b2c57c933ffe2c2477b881144f2283630 100644
--- a/drivers/target/target_core_configfs.c
+++ b/drivers/target/target_core_configfs.c
@@ -3756,7 +3756,7 @@ static int __init target_core_init_configfs(void)
 		ret = -ENOMEM;
 		goto out;
 	}
-	old_cred = override_creds(kern_cred);
+	old_cred = override_creds_light(get_new_cred(kern_cred));
 	target_init_dbroot();
 	revert_creds(old_cred);
 	put_cred(kern_cred);
diff --git a/fs/aio.c b/fs/aio.c
index 50671640b5883f5d20f652e23c4ea3fe04c989f2..a52fe2e999e73b00af9a19f1c01f0e384f667871 100644
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -1639,7 +1639,7 @@ static int aio_write(struct kiocb *req, const struct iocb *iocb,
 static void aio_fsync_work(struct work_struct *work)
 {
 	struct aio_kiocb *iocb = container_of(work, struct aio_kiocb, fsync.work);
-	const struct cred *old_cred = override_creds(iocb->fsync.creds);
+	const struct cred *old_cred = override_creds_light(get_new_cred(iocb->fsync.creds));
 
 	iocb->ki_res.res = vfs_fsync(iocb->fsync.file, iocb->fsync.datasync);
 	revert_creds(old_cred);
diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c
index 31660d8cc2c610bd42f00f1de7ed6c39618cc5db..f8355eee3d19ef6d20565ec1938e8691ba084d83 100644
--- a/fs/binfmt_misc.c
+++ b/fs/binfmt_misc.c
@@ -826,7 +826,7 @@ static ssize_t bm_register_write(struct file *file, const char __user *buffer,
 		 * didn't matter much as only a privileged process could open
 		 * the register file.
 		 */
-		old_cred = override_creds(file->f_cred);
+		old_cred = override_creds_light(get_new_cred(file->f_cred));
 		f = open_exec(e->interpreter);
 		revert_creds(old_cred);
 		if (IS_ERR(f)) {
diff --git a/fs/cachefiles/internal.h b/fs/cachefiles/internal.h
index 7b99bd98de75b8d95e09da1ca7cd1bb3378fcc62..b156cc2e0e63b28b521923b578cb3547dece5e66 100644
--- a/fs/cachefiles/internal.h
+++ b/fs/cachefiles/internal.h
@@ -393,7 +393,7 @@ extern int cachefiles_determine_cache_security(struct cachefiles_cache *cache,
 static inline void cachefiles_begin_secure(struct cachefiles_cache *cache,
 					   const struct cred **_saved_cred)
 {
-	*_saved_cred = override_creds(cache->cache_cred);
+	*_saved_cred = override_creds_light(get_new_cred(cache->cache_cred));
 }
 
 static inline void cachefiles_end_secure(struct cachefiles_cache *cache,
diff --git a/fs/coredump.c b/fs/coredump.c
index d48edb37bc35c0896d97a2f6a6cc259d8812f936..b6aae41b80d22bfed78eed6f3e45bdeb5d2daf06 100644
--- a/fs/coredump.c
+++ b/fs/coredump.c
@@ -576,7 +576,7 @@ void do_coredump(const kernel_siginfo_t *siginfo)
 	if (retval < 0)
 		goto fail_creds;
 
-	old_cred = override_creds(cred);
+	old_cred = override_creds_light(get_new_cred(cred));
 
 	ispipe = format_corename(&cn, &cprm, &argv, &argc);
 
diff --git a/fs/nfs/localio.c b/fs/nfs/localio.c
index 8f0ce82a677e1589092a30240d6e60a289d64a58..018e8159c5679757f9fbf257ad3ef60e89d3ee09 100644
--- a/fs/nfs/localio.c
+++ b/fs/nfs/localio.c
@@ -371,7 +371,7 @@ static void nfs_local_call_read(struct work_struct *work)
 	struct iov_iter iter;
 	ssize_t status;
 
-	save_cred = override_creds(filp->f_cred);
+	save_cred = override_creds_light(get_new_cred(filp->f_cred));
 
 	nfs_local_iter_init(&iter, iocb, READ);
 
@@ -541,7 +541,7 @@ static void nfs_local_call_write(struct work_struct *work)
 	ssize_t status;
 
 	current->flags |= PF_LOCAL_THROTTLE | PF_MEMALLOC_NOIO;
-	save_cred = override_creds(filp->f_cred);
+	save_cred = override_creds_light(get_new_cred(filp->f_cred));
 
 	nfs_local_iter_init(&iter, iocb, WRITE);
 
diff --git a/fs/nfs/nfs4idmap.c b/fs/nfs/nfs4idmap.c
index 25a7c771cfd89f3e6d494f26a78212d3d619c135..b9442f70271d8397fb36dcb62570f6d304fe5c71 100644
--- a/fs/nfs/nfs4idmap.c
+++ b/fs/nfs/nfs4idmap.c
@@ -311,7 +311,7 @@ static ssize_t nfs_idmap_get_key(const char *name, size_t namelen,
 	const struct user_key_payload *payload;
 	ssize_t ret;
 
-	saved_cred = override_creds(id_resolver_cache);
+	saved_cred = override_creds_light(get_new_cred(id_resolver_cache));
 	rkey = nfs_idmap_request_key(name, namelen, type, idmap);
 	revert_creds(saved_cred);
 
diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c
index 93e33d1ee8917fc5d462f56b5c65380f7555e638..614a5ec4824b4ab9f6faa132c565688c94261704 100644
--- a/fs/nfsd/auth.c
+++ b/fs/nfsd/auth.c
@@ -79,7 +79,7 @@ int nfsd_setuser(struct svc_cred *cred, struct svc_export *exp)
 	else
 		new->cap_effective = cap_raise_nfsd_set(new->cap_effective,
 							new->cap_permitted);
-	put_cred(override_creds(new));
+	put_cred(override_creds_light(get_new_cred(new)));
 	put_cred(new);
 	return 0;
 
diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c
index b7d61eb8afe9e10d94b614ae50c2790fe6816732..f55ed06611aaaffa6dc8723b96b9876a3a3db0f7 100644
--- a/fs/nfsd/nfs4recover.c
+++ b/fs/nfsd/nfs4recover.c
@@ -81,7 +81,7 @@ nfs4_save_creds(const struct cred **original_creds)
 
 	new->fsuid = GLOBAL_ROOT_UID;
 	new->fsgid = GLOBAL_ROOT_GID;
-	*original_creds = override_creds(new);
+	*original_creds = override_creds_light(get_new_cred(new));
 	put_cred(new);
 	return 0;
 }
diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c
index 40ad58a6a0361e48a48262a2c61abbcfd908a3bb..8e323cc8e2c5b26ec660ceedeb95be4ef0ac809e 100644
--- a/fs/nfsd/nfsfh.c
+++ b/fs/nfsd/nfsfh.c
@@ -221,7 +221,7 @@ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct net *net,
 		new->cap_effective =
 			cap_raise_nfsd_set(new->cap_effective,
 					   new->cap_permitted);
-		put_cred(override_creds(new));
+		put_cred(override_creds_light(get_new_cred(new)));
 		put_cred(new);
 	} else {
 		error = nfsd_setuser_and_check_port(rqstp, cred, exp);
diff --git a/fs/open.c b/fs/open.c
index e6911101fe71d665d5f1a6346e5f82212bb8ed65..2459cd061f47f46756b7d0a7bf2f563b631ec1d5 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -448,7 +448,7 @@ static const struct cred *access_override_creds(void)
 	 */
 	override_cred->non_rcu = 1;
 
-	old_cred = override_creds(override_cred);
+	old_cred = override_creds_light(get_new_cred(override_cred));
 
 	/* override_cred() gets its own ref */
 	put_cred(override_cred);
diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c
index 3601ddfeddc2ec70764756905d528570ad1020e1..527b041213c8166d60d6a273675c2e2bc18dec36 100644
--- a/fs/overlayfs/copy_up.c
+++ b/fs/overlayfs/copy_up.c
@@ -741,7 +741,7 @@ static int ovl_prep_cu_creds(struct dentry *dentry, struct ovl_cu_creds *cc)
 		return err;
 
 	if (cc->new)
-		cc->old = override_creds(cc->new);
+		cc->old = override_creds_light(get_new_cred(cc->new));
 
 	return 0;
 }
diff --git a/fs/smb/client/cifs_spnego.c b/fs/smb/client/cifs_spnego.c
index 28f568b5fc2771b7a11d0e83d0ac1cb9baf20636..721d8b1254b6491f0b4cb5318fd60d81e13b1599 100644
--- a/fs/smb/client/cifs_spnego.c
+++ b/fs/smb/client/cifs_spnego.c
@@ -173,7 +173,7 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo,
 	}
 
 	cifs_dbg(FYI, "key description = %s\n", description);
-	saved_cred = override_creds(spnego_cred);
+	saved_cred = override_creds_light(get_new_cred(spnego_cred));
 	spnego_key = request_key(&cifs_spnego_key_type, description, "");
 	revert_creds(saved_cred);
 
diff --git a/fs/smb/client/cifsacl.c b/fs/smb/client/cifsacl.c
index ba79aa2107cc9f5b5fa628e9b9998d04e78c8bc1..b1ea4ea3de4b15013ac74cfce988515613543532 100644
--- a/fs/smb/client/cifsacl.c
+++ b/fs/smb/client/cifsacl.c
@@ -292,7 +292,7 @@ id_to_sid(unsigned int cid, uint sidtype, struct smb_sid *ssid)
 		return -EINVAL;
 
 	rc = 0;
-	saved_cred = override_creds(root_cred);
+	saved_cred = override_creds_light(get_new_cred(root_cred));
 	sidkey = request_key(&cifs_idmap_key_type, desc, "");
 	if (IS_ERR(sidkey)) {
 		rc = -EINVAL;
@@ -398,7 +398,7 @@ sid_to_id(struct cifs_sb_info *cifs_sb, struct smb_sid *psid,
 	if (!sidstr)
 		return -ENOMEM;
 
-	saved_cred = override_creds(root_cred);
+	saved_cred = override_creds_light(get_new_cred(root_cred));
 	sidkey = request_key(&cifs_idmap_key_type, sidstr, "");
 	if (IS_ERR(sidkey)) {
 		cifs_dbg(FYI, "%s: Can't map SID %s to a %cid\n",
diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c
index 75b4eb856d32f7ddc856ad5cf04906638cede0b5..c2a59956e3a51b7727a7e358f3842d92d70f085d 100644
--- a/fs/smb/server/smb_common.c
+++ b/fs/smb/server/smb_common.c
@@ -780,7 +780,7 @@ int __ksmbd_override_fsids(struct ksmbd_work *work,
 		cred->cap_effective = cap_drop_fs_set(cred->cap_effective);
 
 	WARN_ON(work->saved_cred);
-	work->saved_cred = override_creds(cred);
+	work->saved_cred = override_creds_light(get_new_cred(cred));
 	if (!work->saved_cred) {
 		abort_creds(cred);
 		return -EINVAL;
diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c
index 8012933998837ddcef45c14f1dfe543947a9eaec..7ef3b67ebbde7b04d9428631ee72e7f45245feb4 100644
--- a/io_uring/io_uring.c
+++ b/io_uring/io_uring.c
@@ -1704,7 +1704,7 @@ static int io_issue_sqe(struct io_kiocb *req, unsigned int issue_flags)
 		return -EBADF;
 
 	if (unlikely((req->flags & REQ_F_CREDS) && req->creds != current_cred()))
-		creds = override_creds(req->creds);
+		creds = override_creds_light(get_new_cred(req->creds));
 
 	if (!def->audit_skip)
 		audit_uring_entry(req->opcode);
diff --git a/io_uring/sqpoll.c b/io_uring/sqpoll.c
index 6df5e649c413e39e36db6cde2a8c6745e533bea9..58a76d5818959a9d7eeef52a8bacd29eba3f3d26 100644
--- a/io_uring/sqpoll.c
+++ b/io_uring/sqpoll.c
@@ -174,7 +174,7 @@ static int __io_sq_thread(struct io_ring_ctx *ctx, bool cap_entries)
 		const struct cred *creds = NULL;
 
 		if (ctx->sq_creds != current_cred())
-			creds = override_creds(ctx->sq_creds);
+			creds = override_creds_light(get_new_cred(ctx->sq_creds));
 
 		mutex_lock(&ctx->uring_lock);
 		if (!wq_list_empty(&ctx->iopoll_list))
diff --git a/kernel/acct.c b/kernel/acct.c
index 179848ad33e978a557ce695a0d6020aa169177c6..8f18eb02dd416b884222b66f0f386379c46b30ea 100644
--- a/kernel/acct.c
+++ b/kernel/acct.c
@@ -501,7 +501,7 @@ static void do_acct_process(struct bsd_acct_struct *acct)
 	flim = rlimit(RLIMIT_FSIZE);
 	current->signal->rlim[RLIMIT_FSIZE].rlim_cur = RLIM_INFINITY;
 	/* Perform file operations on behalf of whoever enabled accounting */
-	orig_cred = override_creds(file->f_cred);
+	orig_cred = override_creds_light(get_new_cred(file->f_cred));
 
 	/*
 	 * First check to see if there is enough free_space to continue
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index d9061bd55436b502e065b477a903ed682d722c2e..97329b4fe5027dcc5d80f6b074f4c494c4794df7 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -5216,7 +5216,7 @@ static ssize_t __cgroup_procs_write(struct kernfs_open_file *of, char *buf,
 	 * permissions using the credentials from file open to protect against
 	 * inherited fd attacks.
 	 */
-	saved_cred = override_creds(of->file->f_cred);
+	saved_cred = override_creds_light(get_new_cred(of->file->f_cred));
 	ret = cgroup_attach_permissions(src_cgrp, dst_cgrp,
 					of->file->f_path.dentry->d_sb,
 					threadgroup, ctx->ns);
diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c
index 17bcad8f79de70a29fb58f84ce12ffb929515794..4dd7c45d227e9459e694535cee3f853c09826cff 100644
--- a/kernel/trace/trace_events_user.c
+++ b/kernel/trace/trace_events_user.c
@@ -1469,7 +1469,7 @@ static int user_event_set_call_visible(struct user_event *user, bool visible)
 	 */
 	cred->fsuid = GLOBAL_ROOT_UID;
 
-	old_cred = override_creds(cred);
+	old_cred = override_creds_light(get_new_cred(cred));
 
 	if (visible)
 		ret = trace_add_event_call(&user->call);
diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c
index 82b084cc1cc6349bb532d5ada555b0bcbb1cdbea..a54f5f841cea1edd7f449d4e3e79e37b8ed865f4 100644
--- a/net/dns_resolver/dns_query.c
+++ b/net/dns_resolver/dns_query.c
@@ -124,7 +124,7 @@ int dns_query(struct net *net,
 	/* make the upcall, using special credentials to prevent the use of
 	 * add_key() to preinstall malicious redirections
 	 */
-	saved_cred = override_creds(dns_resolver_cache);
+	saved_cred = override_creds_light(get_new_cred(dns_resolver_cache));
 	rkey = request_key_net(&key_type_dns_resolver, desc, net, options);
 	revert_creds(saved_cred);
 	kfree(desc);

-- 
2.45.2

[PATCH 02/26] cred: return old creds from revert_creds_light()

[Christian Brauner]

So we can easily convert revert_creds() callers over to drop the
reference count explicitly.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 include/linux/cred.h | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/include/linux/cred.h b/include/linux/cred.h
index e4a3155fe409d6b991fa6639005ebc233fc17dcc..382768a9707b5c3e6cbd3e8183769e1227a73107 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -185,9 +185,12 @@ static inline const struct cred *override_creds_light(const struct cred *overrid
 	return old;
 }
 
-static inline void revert_creds_light(const struct cred *revert_cred)
+static inline const struct cred *revert_creds_light(const struct cred *revert_cred)
 {
+	const struct cred *override_cred = current->cred;
+
 	rcu_assign_pointer(current->cred, revert_cred);
+	return override_cred;
 }
 
 /**

-- 
2.45.2

[PATCH 03/26] tree-wide: s/revert_creds()/put_cred(revert_creds_light())/g

[Christian Brauner]

Convert all calls to revert_creds() over to explicitly dropping
reference counts in preparation for converting revert_creds() to
revert_creds_light() semantics.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 drivers/base/firmware_loader/main.c   | 2 +-
 drivers/crypto/ccp/sev-dev.c          | 2 +-
 drivers/target/target_core_configfs.c | 2 +-
 fs/aio.c                              | 2 +-
 fs/binfmt_misc.c                      | 2 +-
 fs/cachefiles/internal.h              | 2 +-
 fs/coredump.c                         | 2 +-
 fs/nfs/localio.c                      | 4 ++--
 fs/nfs/nfs4idmap.c                    | 2 +-
 fs/nfsd/auth.c                        | 2 +-
 fs/nfsd/filecache.c                   | 2 +-
 fs/nfsd/nfs4recover.c                 | 2 +-
 fs/open.c                             | 2 +-
 fs/overlayfs/copy_up.c                | 2 +-
 fs/smb/client/cifs_spnego.c           | 2 +-
 fs/smb/client/cifsacl.c               | 4 ++--
 fs/smb/server/smb_common.c            | 2 +-
 io_uring/io_uring.c                   | 2 +-
 io_uring/sqpoll.c                     | 2 +-
 kernel/acct.c                         | 2 +-
 kernel/cgroup/cgroup.c                | 2 +-
 kernel/trace/trace_events_user.c      | 2 +-
 net/dns_resolver/dns_query.c          | 2 +-
 23 files changed, 25 insertions(+), 25 deletions(-)

diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c
index 74039d6b2b71b91d0d1d57b71f74501abaf646e2..8e3323a618e4436746258ce289a524f98c3ff60a 100644
--- a/drivers/base/firmware_loader/main.c
+++ b/drivers/base/firmware_loader/main.c
@@ -944,7 +944,7 @@ _request_firmware(const struct firmware **firmware_p, const char *name,
 	} else
 		ret = assign_fw(fw, device);
 
-	revert_creds(old_cred);
+	put_cred(revert_creds_light(old_cred));
 	put_cred(kern_cred);
 
 out:
diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
index 2ad6e41af085a400e88b3207c9b55345f57526e1..9111a51d53e0e74e6d66bffe5b4e1bf1bf9157d0 100644
--- a/drivers/crypto/ccp/sev-dev.c
+++ b/drivers/crypto/ccp/sev-dev.c
@@ -249,7 +249,7 @@ static struct file *open_file_as_root(const char *filename, int flags, umode_t m
 	fp = file_open_root(&root, filename, flags, mode);
 	path_put(&root);
 
-	revert_creds(old_cred);
+	put_cred(revert_creds_light(old_cred));
 
 	return fp;
 }
diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c
index be98d16b2c57c933ffe2c2477b881144f2283630..564bc71d2d0923b9fdd575d520fd22206259b40a 100644
--- a/drivers/target/target_core_configfs.c
+++ b/drivers/target/target_core_configfs.c
@@ -3758,7 +3758,7 @@ static int __init target_core_init_configfs(void)
 	}
 	old_cred = override_creds_light(get_new_cred(kern_cred));
 	target_init_dbroot();
-	revert_creds(old_cred);
+	put_cred(revert_creds_light(old_cred));
 	put_cred(kern_cred);
 
 	return 0;
diff --git a/fs/aio.c b/fs/aio.c
index a52fe2e999e73b00af9a19f1c01f0e384f667871..6b987c48b6712abe2601b23f6aa9fac74c09161c 100644
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -1642,7 +1642,7 @@ static void aio_fsync_work(struct work_struct *work)
 	const struct cred *old_cred = override_creds_light(get_new_cred(iocb->fsync.creds));
 
 	iocb->ki_res.res = vfs_fsync(iocb->fsync.file, iocb->fsync.datasync);
-	revert_creds(old_cred);
+	put_cred(revert_creds_light(old_cred));
 	put_cred(iocb->fsync.creds);
 	iocb_put(iocb);
 }
diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c
index f8355eee3d19ef6d20565ec1938e8691ba084d83..84a96abfd090230334f935f666a145571c78b3a8 100644
--- a/fs/binfmt_misc.c
+++ b/fs/binfmt_misc.c
@@ -828,7 +828,7 @@ static ssize_t bm_register_write(struct file *file, const char __user *buffer,
 		 */
 		old_cred = override_creds_light(get_new_cred(file->f_cred));
 		f = open_exec(e->interpreter);
-		revert_creds(old_cred);
+		put_cred(revert_creds_light(old_cred));
 		if (IS_ERR(f)) {
 			pr_notice("register: failed to install interpreter file %s\n",
 				 e->interpreter);
diff --git a/fs/cachefiles/internal.h b/fs/cachefiles/internal.h
index b156cc2e0e63b28b521923b578cb3547dece5e66..809305dd531760d47e781064c1fc6e328849fc6b 100644
--- a/fs/cachefiles/internal.h
+++ b/fs/cachefiles/internal.h
@@ -399,7 +399,7 @@ static inline void cachefiles_begin_secure(struct cachefiles_cache *cache,
 static inline void cachefiles_end_secure(struct cachefiles_cache *cache,
 					 const struct cred *saved_cred)
 {
-	revert_creds(saved_cred);
+	put_cred(revert_creds_light(saved_cred));
 }
 
 /*
diff --git a/fs/coredump.c b/fs/coredump.c
index b6aae41b80d22bfed78eed6f3e45bdeb5d2daf06..ff119aaa5c313306b1183270a5d95904ed5951f4 100644
--- a/fs/coredump.c
+++ b/fs/coredump.c
@@ -781,7 +781,7 @@ void do_coredump(const kernel_siginfo_t *siginfo)
 	kfree(argv);
 	kfree(cn.corename);
 	coredump_finish(core_dumped);
-	revert_creds(old_cred);
+	put_cred(revert_creds_light(old_cred));
 fail_creds:
 	put_cred(cred);
 fail:
diff --git a/fs/nfs/localio.c b/fs/nfs/localio.c
index 018e8159c5679757f9fbf257ad3ef60e89d3ee09..77ff066aa938158cd8fcf691ebfbda6385f70449 100644
--- a/fs/nfs/localio.c
+++ b/fs/nfs/localio.c
@@ -381,7 +381,7 @@ static void nfs_local_call_read(struct work_struct *work)
 	nfs_local_read_done(iocb, status);
 	nfs_local_pgio_release(iocb);
 
-	revert_creds(save_cred);
+	put_cred(revert_creds_light(save_cred));
 }
 
 static int
@@ -554,7 +554,7 @@ static void nfs_local_call_write(struct work_struct *work)
 	nfs_local_vfs_getattr(iocb);
 	nfs_local_pgio_release(iocb);
 
-	revert_creds(save_cred);
+	put_cred(revert_creds_light(save_cred));
 	current->flags = old_flags;
 }
 
diff --git a/fs/nfs/nfs4idmap.c b/fs/nfs/nfs4idmap.c
index b9442f70271d8397fb36dcb62570f6d304fe5c71..629979b20e98cbc37e148289570574d9ba2e7675 100644
--- a/fs/nfs/nfs4idmap.c
+++ b/fs/nfs/nfs4idmap.c
@@ -313,7 +313,7 @@ static ssize_t nfs_idmap_get_key(const char *name, size_t namelen,
 
 	saved_cred = override_creds_light(get_new_cred(id_resolver_cache));
 	rkey = nfs_idmap_request_key(name, namelen, type, idmap);
-	revert_creds(saved_cred);
+	put_cred(revert_creds_light(saved_cred));
 
 	if (IS_ERR(rkey)) {
 		ret = PTR_ERR(rkey);
diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c
index 614a5ec4824b4ab9f6faa132c565688c94261704..dda14811d092689e5aa44bdd29f25403e4e3a780 100644
--- a/fs/nfsd/auth.c
+++ b/fs/nfsd/auth.c
@@ -27,7 +27,7 @@ int nfsd_setuser(struct svc_cred *cred, struct svc_export *exp)
 	int flags = nfsexp_flags(cred, exp);
 
 	/* discard any old override before preparing the new set */
-	revert_creds(get_cred(current_real_cred()));
+	put_cred(revert_creds_light(get_cred(current_real_cred())));
 	new = prepare_creds();
 	if (!new)
 		return -ENOMEM;
diff --git a/fs/nfsd/filecache.c b/fs/nfsd/filecache.c
index 2e6783f63712454509c526969a622040985da577..fef2b8eb3a94736cbe8342a95f205f173f598447 100644
--- a/fs/nfsd/filecache.c
+++ b/fs/nfsd/filecache.c
@@ -1252,7 +1252,7 @@ nfsd_file_acquire_local(struct net *net, struct svc_cred *cred,
 
 	beres = nfsd_file_do_acquire(NULL, net, cred, client,
 				     fhp, may_flags, NULL, pnf, true);
-	revert_creds(save_cred);
+	put_cred(revert_creds_light(save_cred));
 	return beres;
 }
 
diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c
index f55ed06611aaaffa6dc8723b96b9876a3a3db0f7..61c8f4ab10777952088d1312f2e3d606dbc4f801 100644
--- a/fs/nfsd/nfs4recover.c
+++ b/fs/nfsd/nfs4recover.c
@@ -89,7 +89,7 @@ nfs4_save_creds(const struct cred **original_creds)
 static void
 nfs4_reset_creds(const struct cred *original)
 {
-	revert_creds(original);
+	put_cred(revert_creds_light(original));
 }
 
 static void
diff --git a/fs/open.c b/fs/open.c
index 2459cd061f47f46756b7d0a7bf2f563b631ec1d5..23c414c10883927129a925a33680affc6f3a0a78 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -523,7 +523,7 @@ static long do_faccessat(int dfd, const char __user *filename, int mode, int fla
 	}
 out:
 	if (old_cred)
-		revert_creds(old_cred);
+		put_cred(revert_creds_light(old_cred));
 
 	return res;
 }
diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c
index 527b041213c8166d60d6a273675c2e2bc18dec36..0f19bdbc78a45f35df2829ccc8cc65deef244ffd 100644
--- a/fs/overlayfs/copy_up.c
+++ b/fs/overlayfs/copy_up.c
@@ -749,7 +749,7 @@ static int ovl_prep_cu_creds(struct dentry *dentry, struct ovl_cu_creds *cc)
 static void ovl_revert_cu_creds(struct ovl_cu_creds *cc)
 {
 	if (cc->new) {
-		revert_creds(cc->old);
+		put_cred(revert_creds_light(cc->old));
 		put_cred(cc->new);
 	}
 }
diff --git a/fs/smb/client/cifs_spnego.c b/fs/smb/client/cifs_spnego.c
index 721d8b1254b6491f0b4cb5318fd60d81e13b1599..f2353bccc9f5e4637772a89dd0b0f42861fd21f3 100644
--- a/fs/smb/client/cifs_spnego.c
+++ b/fs/smb/client/cifs_spnego.c
@@ -175,7 +175,7 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo,
 	cifs_dbg(FYI, "key description = %s\n", description);
 	saved_cred = override_creds_light(get_new_cred(spnego_cred));
 	spnego_key = request_key(&cifs_spnego_key_type, description, "");
-	revert_creds(saved_cred);
+	put_cred(revert_creds_light(saved_cred));
 
 #ifdef CONFIG_CIFS_DEBUG2
 	if (cifsFYI && !IS_ERR(spnego_key)) {
diff --git a/fs/smb/client/cifsacl.c b/fs/smb/client/cifsacl.c
index b1ea4ea3de4b15013ac74cfce988515613543532..81d8d9802a56d4bb5d3d0480396f0c78c4c3fb80 100644
--- a/fs/smb/client/cifsacl.c
+++ b/fs/smb/client/cifsacl.c
@@ -327,7 +327,7 @@ id_to_sid(unsigned int cid, uint sidtype, struct smb_sid *ssid)
 out_key_put:
 	key_put(sidkey);
 out_revert_creds:
-	revert_creds(saved_cred);
+	put_cred(revert_creds_light(saved_cred));
 	return rc;
 
 invalidate_key:
@@ -438,7 +438,7 @@ sid_to_id(struct cifs_sb_info *cifs_sb, struct smb_sid *psid,
 out_key_put:
 	key_put(sidkey);
 out_revert_creds:
-	revert_creds(saved_cred);
+	put_cred(revert_creds_light(saved_cred));
 	kfree(sidstr);
 
 	/*
diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c
index c2a59956e3a51b7727a7e358f3842d92d70f085d..b13abbf67827fcad9c35606344cca055c09ba9c3 100644
--- a/fs/smb/server/smb_common.c
+++ b/fs/smb/server/smb_common.c
@@ -800,7 +800,7 @@ void ksmbd_revert_fsids(struct ksmbd_work *work)
 	WARN_ON(!work->saved_cred);
 
 	cred = current_cred();
-	revert_creds(work->saved_cred);
+	put_cred(revert_creds_light(work->saved_cred));
 	put_cred(cred);
 	work->saved_cred = NULL;
 }
diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c
index 7ef3b67ebbde7b04d9428631ee72e7f45245feb4..a6a50e86791e79745ace095af68c4b658e4a2cdc 100644
--- a/io_uring/io_uring.c
+++ b/io_uring/io_uring.c
@@ -1715,7 +1715,7 @@ static int io_issue_sqe(struct io_kiocb *req, unsigned int issue_flags)
 		audit_uring_exit(!ret, ret);
 
 	if (creds)
-		revert_creds(creds);
+		put_cred(revert_creds_light(creds));
 
 	if (ret == IOU_OK) {
 		if (issue_flags & IO_URING_F_COMPLETE_DEFER)
diff --git a/io_uring/sqpoll.c b/io_uring/sqpoll.c
index 58a76d5818959a9d7eeef52a8bacd29eba3f3d26..42ca6e07e0f7b0fe54a9f09857f87fecb5aa7085 100644
--- a/io_uring/sqpoll.c
+++ b/io_uring/sqpoll.c
@@ -192,7 +192,7 @@ static int __io_sq_thread(struct io_ring_ctx *ctx, bool cap_entries)
 		if (to_submit && wq_has_sleeper(&ctx->sqo_sq_wait))
 			wake_up(&ctx->sqo_sq_wait);
 		if (creds)
-			revert_creds(creds);
+			put_cred(revert_creds_light(creds));
 	}
 
 	return ret;
diff --git a/kernel/acct.c b/kernel/acct.c
index 8f18eb02dd416b884222b66f0f386379c46b30ea..4e28aa9e1ef278cd7fb3160a27b549155ceaffc3 100644
--- a/kernel/acct.c
+++ b/kernel/acct.c
@@ -541,7 +541,7 @@ static void do_acct_process(struct bsd_acct_struct *acct)
 	}
 out:
 	current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim;
-	revert_creds(orig_cred);
+	put_cred(revert_creds_light(orig_cred));
 }
 
 /**
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 97329b4fe5027dcc5d80f6b074f4c494c4794df7..68b816955c9c7e0141a073f54b14949b4c37aae6 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -5220,7 +5220,7 @@ static ssize_t __cgroup_procs_write(struct kernfs_open_file *of, char *buf,
 	ret = cgroup_attach_permissions(src_cgrp, dst_cgrp,
 					of->file->f_path.dentry->d_sb,
 					threadgroup, ctx->ns);
-	revert_creds(saved_cred);
+	put_cred(revert_creds_light(saved_cred));
 	if (ret)
 		goto out_finish;
 
diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c
index 4dd7c45d227e9459e694535cee3f853c09826cff..2fdadb2e8547ec86f48d84c81c95434c811cb3cd 100644
--- a/kernel/trace/trace_events_user.c
+++ b/kernel/trace/trace_events_user.c
@@ -1476,7 +1476,7 @@ static int user_event_set_call_visible(struct user_event *user, bool visible)
 	else
 		ret = trace_remove_event_call(&user->call);
 
-	revert_creds(old_cred);
+	put_cred(revert_creds_light(old_cred));
 	put_cred(cred);
 
 	return ret;
diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c
index a54f5f841cea1edd7f449d4e3e79e37b8ed865f4..297059b7e2a367f5e745aac4557cda5996689a00 100644
--- a/net/dns_resolver/dns_query.c
+++ b/net/dns_resolver/dns_query.c
@@ -126,7 +126,7 @@ int dns_query(struct net *net,
 	 */
 	saved_cred = override_creds_light(get_new_cred(dns_resolver_cache));
 	rkey = request_key_net(&key_type_dns_resolver, desc, net, options);
-	revert_creds(saved_cred);
+	put_cred(revert_creds_light(saved_cred));
 	kfree(desc);
 	if (IS_ERR(rkey)) {
 		ret = PTR_ERR(rkey);

-- 
2.45.2

[PATCH 04/26] cred: remove old {override,revert}_creds() helpers

[Christian Brauner]

They are now unused.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 include/linux/cred.h |  7 -------
 kernel/cred.c        | 50 --------------------------------------------------
 2 files changed, 57 deletions(-)

diff --git a/include/linux/cred.h b/include/linux/cred.h
index 382768a9707b5c3e6cbd3e8183769e1227a73107..439d7a1840e7ccbc94d814728698a4b383bc39b3 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -155,8 +155,6 @@ extern struct cred *prepare_creds(void);
 extern struct cred *prepare_exec_creds(void);
 extern int commit_creds(struct cred *);
 extern void abort_creds(struct cred *);
-extern const struct cred *override_creds(const struct cred *);
-extern void revert_creds(const struct cred *);
 extern struct cred *prepare_kernel_cred(struct task_struct *);
 extern int set_security_override(struct cred *, u32);
 extern int set_security_override_from_ctx(struct cred *, const char *);
@@ -172,11 +170,6 @@ static inline bool cap_ambient_invariant_ok(const struct cred *cred)
 					  cred->cap_inheritable));
 }
 
-/*
- * Override creds without bumping reference count. Caller must ensure
- * reference remains valid or has taken reference. Almost always not the
- * interface you want. Use override_creds()/revert_creds() instead.
- */
 static inline const struct cred *override_creds_light(const struct cred *override_cred)
 {
 	const struct cred *old = current->cred;
diff --git a/kernel/cred.c b/kernel/cred.c
index da7da250f7c8b5ad91feb938f1e949c5ccb4914b..9676965c0981a01121757b2d904785c1a59e885f 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -476,56 +476,6 @@ void abort_creds(struct cred *new)
 }
 EXPORT_SYMBOL(abort_creds);
 
-/**
- * override_creds - Override the current process's subjective credentials
- * @new: The credentials to be assigned
- *
- * Install a set of temporary override subjective credentials on the current
- * process, returning the old set for later reversion.
- */
-const struct cred *override_creds(const struct cred *new)
-{
-	const struct cred *old;
-
-	kdebug("override_creds(%p{%ld})", new,
-	       atomic_long_read(&new->usage));
-
-	/*
-	 * NOTE! This uses 'get_new_cred()' rather than 'get_cred()'.
-	 *
-	 * That means that we do not clear the 'non_rcu' flag, since
-	 * we are only installing the cred into the thread-synchronous
-	 * '->cred' pointer, not the '->real_cred' pointer that is
-	 * visible to other threads under RCU.
-	 */
-	get_new_cred((struct cred *)new);
-	old = override_creds_light(new);
-
-	kdebug("override_creds() = %p{%ld}", old,
-	       atomic_long_read(&old->usage));
-	return old;
-}
-EXPORT_SYMBOL(override_creds);
-
-/**
- * revert_creds - Revert a temporary subjective credentials override
- * @old: The credentials to be restored
- *
- * Revert a temporary set of override subjective credentials to an old set,
- * discarding the override set.
- */
-void revert_creds(const struct cred *old)
-{
-	const struct cred *override = current->cred;
-
-	kdebug("revert_creds(%p{%ld})", old,
-	       atomic_long_read(&old->usage));
-
-	revert_creds_light(old);
-	put_cred(override);
-}
-EXPORT_SYMBOL(revert_creds);
-
 /**
  * cred_fscmp - Compare two credentials with respect to filesystem access.
  * @a: The first credential

-- 
2.45.2

[PATCH 05/26] tree-wide: s/override_creds_light()/override_creds()/g

[Christian Brauner]

Rename all calls to override_creds_light() back to overrid_creds().

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 drivers/base/firmware_loader/main.c   |  2 +-
 drivers/crypto/ccp/sev-dev.c          |  2 +-
 drivers/target/target_core_configfs.c |  2 +-
 fs/aio.c                              |  2 +-
 fs/backing-file.c                     | 10 +++++-----
 fs/binfmt_misc.c                      |  2 +-
 fs/cachefiles/internal.h              |  2 +-
 fs/coredump.c                         |  2 +-
 fs/nfs/localio.c                      |  4 ++--
 fs/nfs/nfs4idmap.c                    |  2 +-
 fs/nfsd/auth.c                        |  2 +-
 fs/nfsd/nfs4recover.c                 |  2 +-
 fs/nfsd/nfsfh.c                       |  2 +-
 fs/open.c                             |  2 +-
 fs/overlayfs/copy_up.c                |  2 +-
 fs/overlayfs/dir.c                    |  2 +-
 fs/overlayfs/util.c                   |  2 +-
 fs/smb/client/cifs_spnego.c           |  2 +-
 fs/smb/client/cifsacl.c               |  4 ++--
 fs/smb/server/smb_common.c            |  2 +-
 include/linux/cred.h                  |  2 +-
 io_uring/io_uring.c                   |  2 +-
 io_uring/sqpoll.c                     |  2 +-
 kernel/acct.c                         |  2 +-
 kernel/cgroup/cgroup.c                |  2 +-
 kernel/trace/trace_events_user.c      |  2 +-
 net/dns_resolver/dns_query.c          |  2 +-
 27 files changed, 33 insertions(+), 33 deletions(-)

diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c
index 8e3323a618e4436746258ce289a524f98c3ff60a..729df15600efb743091d7e1b71a306cdfa9acbf0 100644
--- a/drivers/base/firmware_loader/main.c
+++ b/drivers/base/firmware_loader/main.c
@@ -912,7 +912,7 @@ _request_firmware(const struct firmware **firmware_p, const char *name,
 		ret = -ENOMEM;
 		goto out;
 	}
-	old_cred = override_creds_light(get_new_cred(kern_cred));
+	old_cred = override_creds(get_new_cred(kern_cred));
 
 	ret = fw_get_filesystem_firmware(device, fw->priv, "", NULL);
 
diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
index 9111a51d53e0e74e6d66bffe5b4e1bf1bf9157d0..ffae20fd52bc03e7123b116251c77a3ccd7c6cde 100644
--- a/drivers/crypto/ccp/sev-dev.c
+++ b/drivers/crypto/ccp/sev-dev.c
@@ -244,7 +244,7 @@ static struct file *open_file_as_root(const char *filename, int flags, umode_t m
 	if (!cred)
 		return ERR_PTR(-ENOMEM);
 	cred->fsuid = GLOBAL_ROOT_UID;
-	old_cred = override_creds_light(get_new_cred(cred));
+	old_cred = override_creds(get_new_cred(cred));
 
 	fp = file_open_root(&root, filename, flags, mode);
 	path_put(&root);
diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c
index 564bc71d2d0923b9fdd575d520fd22206259b40a..7788e1fe2633ded4f265ff874c62dc4a21fd1b6e 100644
--- a/drivers/target/target_core_configfs.c
+++ b/drivers/target/target_core_configfs.c
@@ -3756,7 +3756,7 @@ static int __init target_core_init_configfs(void)
 		ret = -ENOMEM;
 		goto out;
 	}
-	old_cred = override_creds_light(get_new_cred(kern_cred));
+	old_cred = override_creds(get_new_cred(kern_cred));
 	target_init_dbroot();
 	put_cred(revert_creds_light(old_cred));
 	put_cred(kern_cred);
diff --git a/fs/aio.c b/fs/aio.c
index 6b987c48b6712abe2601b23f6aa9fac74c09161c..7e0ec687f480c05358c6c40638a7e187aafd8124 100644
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -1639,7 +1639,7 @@ static int aio_write(struct kiocb *req, const struct iocb *iocb,
 static void aio_fsync_work(struct work_struct *work)
 {
 	struct aio_kiocb *iocb = container_of(work, struct aio_kiocb, fsync.work);
-	const struct cred *old_cred = override_creds_light(get_new_cred(iocb->fsync.creds));
+	const struct cred *old_cred = override_creds(get_new_cred(iocb->fsync.creds));
 
 	iocb->ki_res.res = vfs_fsync(iocb->fsync.file, iocb->fsync.datasync);
 	put_cred(revert_creds_light(old_cred));
diff --git a/fs/backing-file.c b/fs/backing-file.c
index 526ddb4d6f764e8d3b0566ec51c5efa90faff0ee..bcf8c0b9ff42e2dd30dc239bb2580942fe6c40a7 100644
--- a/fs/backing-file.c
+++ b/fs/backing-file.c
@@ -176,7 +176,7 @@ ssize_t backing_file_read_iter(struct file *file, struct iov_iter *iter,
 	    !(file->f_mode & FMODE_CAN_ODIRECT))
 		return -EINVAL;
 
-	old_cred = override_creds_light(ctx->cred);
+	old_cred = override_creds(ctx->cred);
 	if (is_sync_kiocb(iocb)) {
 		rwf_t rwf = iocb_to_rw_flags(flags);
 
@@ -233,7 +233,7 @@ ssize_t backing_file_write_iter(struct file *file, struct iov_iter *iter,
 	 */
 	flags &= ~IOCB_DIO_CALLER_COMP;
 
-	old_cred = override_creds_light(ctx->cred);
+	old_cred = override_creds(ctx->cred);
 	if (is_sync_kiocb(iocb)) {
 		rwf_t rwf = iocb_to_rw_flags(flags);
 
@@ -281,7 +281,7 @@ ssize_t backing_file_splice_read(struct file *in, struct kiocb *iocb,
 	if (WARN_ON_ONCE(!(in->f_mode & FMODE_BACKING)))
 		return -EIO;
 
-	old_cred = override_creds_light(ctx->cred);
+	old_cred = override_creds(ctx->cred);
 	ret = vfs_splice_read(in, &iocb->ki_pos, pipe, len, flags);
 	revert_creds_light(old_cred);
 
@@ -310,7 +310,7 @@ ssize_t backing_file_splice_write(struct pipe_inode_info *pipe,
 	if (ret)
 		return ret;
 
-	old_cred = override_creds_light(ctx->cred);
+	old_cred = override_creds(ctx->cred);
 	file_start_write(out);
 	ret = out->f_op->splice_write(pipe, out, &iocb->ki_pos, len, flags);
 	file_end_write(out);
@@ -337,7 +337,7 @@ int backing_file_mmap(struct file *file, struct vm_area_struct *vma,
 
 	vma_set_file(vma, file);
 
-	old_cred = override_creds_light(ctx->cred);
+	old_cred = override_creds(ctx->cred);
 	ret = call_mmap(vma->vm_file, vma);
 	revert_creds_light(old_cred);
 
diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c
index 84a96abfd090230334f935f666a145571c78b3a8..63544051404a9ff5ec8a74c754c3acfbc91f3279 100644
--- a/fs/binfmt_misc.c
+++ b/fs/binfmt_misc.c
@@ -826,7 +826,7 @@ static ssize_t bm_register_write(struct file *file, const char __user *buffer,
 		 * didn't matter much as only a privileged process could open
 		 * the register file.
 		 */
-		old_cred = override_creds_light(get_new_cred(file->f_cred));
+		old_cred = override_creds(get_new_cred(file->f_cred));
 		f = open_exec(e->interpreter);
 		put_cred(revert_creds_light(old_cred));
 		if (IS_ERR(f)) {
diff --git a/fs/cachefiles/internal.h b/fs/cachefiles/internal.h
index 809305dd531760d47e781064c1fc6e328849fc6b..05b1d4cfb55afefd025c5f9c08afa81f67fdb9eb 100644
--- a/fs/cachefiles/internal.h
+++ b/fs/cachefiles/internal.h
@@ -393,7 +393,7 @@ extern int cachefiles_determine_cache_security(struct cachefiles_cache *cache,
 static inline void cachefiles_begin_secure(struct cachefiles_cache *cache,
 					   const struct cred **_saved_cred)
 {
-	*_saved_cred = override_creds_light(get_new_cred(cache->cache_cred));
+	*_saved_cred = override_creds(get_new_cred(cache->cache_cred));
 }
 
 static inline void cachefiles_end_secure(struct cachefiles_cache *cache,
diff --git a/fs/coredump.c b/fs/coredump.c
index ff119aaa5c313306b1183270a5d95904ed5951f4..4eae37892da58e982b53da4596952a1b3d2e1630 100644
--- a/fs/coredump.c
+++ b/fs/coredump.c
@@ -576,7 +576,7 @@ void do_coredump(const kernel_siginfo_t *siginfo)
 	if (retval < 0)
 		goto fail_creds;
 
-	old_cred = override_creds_light(get_new_cred(cred));
+	old_cred = override_creds(get_new_cred(cred));
 
 	ispipe = format_corename(&cn, &cprm, &argv, &argc);
 
diff --git a/fs/nfs/localio.c b/fs/nfs/localio.c
index 77ff066aa938158cd8fcf691ebfbda6385f70449..374c6e35c7b4969ef193b71510ee9a34c45bb815 100644
--- a/fs/nfs/localio.c
+++ b/fs/nfs/localio.c
@@ -371,7 +371,7 @@ static void nfs_local_call_read(struct work_struct *work)
 	struct iov_iter iter;
 	ssize_t status;
 
-	save_cred = override_creds_light(get_new_cred(filp->f_cred));
+	save_cred = override_creds(get_new_cred(filp->f_cred));
 
 	nfs_local_iter_init(&iter, iocb, READ);
 
@@ -541,7 +541,7 @@ static void nfs_local_call_write(struct work_struct *work)
 	ssize_t status;
 
 	current->flags |= PF_LOCAL_THROTTLE | PF_MEMALLOC_NOIO;
-	save_cred = override_creds_light(get_new_cred(filp->f_cred));
+	save_cred = override_creds(get_new_cred(filp->f_cred));
 
 	nfs_local_iter_init(&iter, iocb, WRITE);
 
diff --git a/fs/nfs/nfs4idmap.c b/fs/nfs/nfs4idmap.c
index 629979b20e98cbc37e148289570574d9ba2e7675..3cae4057f8ba30914a91a3d368ace8f52175644d 100644
--- a/fs/nfs/nfs4idmap.c
+++ b/fs/nfs/nfs4idmap.c
@@ -311,7 +311,7 @@ static ssize_t nfs_idmap_get_key(const char *name, size_t namelen,
 	const struct user_key_payload *payload;
 	ssize_t ret;
 
-	saved_cred = override_creds_light(get_new_cred(id_resolver_cache));
+	saved_cred = override_creds(get_new_cred(id_resolver_cache));
 	rkey = nfs_idmap_request_key(name, namelen, type, idmap);
 	put_cred(revert_creds_light(saved_cred));
 
diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c
index dda14811d092689e5aa44bdd29f25403e4e3a780..dafea9183b4e6413d61c0c83a1b8f26a9712d5c6 100644
--- a/fs/nfsd/auth.c
+++ b/fs/nfsd/auth.c
@@ -79,7 +79,7 @@ int nfsd_setuser(struct svc_cred *cred, struct svc_export *exp)
 	else
 		new->cap_effective = cap_raise_nfsd_set(new->cap_effective,
 							new->cap_permitted);
-	put_cred(override_creds_light(get_new_cred(new)));
+	put_cred(override_creds(get_new_cred(new)));
 	put_cred(new);
 	return 0;
 
diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c
index 61c8f4ab10777952088d1312f2e3d606dbc4f801..475c47f1c0afa2de56038bbb7cdd9fc5e583c8bd 100644
--- a/fs/nfsd/nfs4recover.c
+++ b/fs/nfsd/nfs4recover.c
@@ -81,7 +81,7 @@ nfs4_save_creds(const struct cred **original_creds)
 
 	new->fsuid = GLOBAL_ROOT_UID;
 	new->fsgid = GLOBAL_ROOT_GID;
-	*original_creds = override_creds_light(get_new_cred(new));
+	*original_creds = override_creds(get_new_cred(new));
 	put_cred(new);
 	return 0;
 }
diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c
index 8e323cc8e2c5b26ec660ceedeb95be4ef0ac809e..60b0275d5529d49ac87e8b89e4eb650ecd624f71 100644
--- a/fs/nfsd/nfsfh.c
+++ b/fs/nfsd/nfsfh.c
@@ -221,7 +221,7 @@ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct net *net,
 		new->cap_effective =
 			cap_raise_nfsd_set(new->cap_effective,
 					   new->cap_permitted);
-		put_cred(override_creds_light(get_new_cred(new)));
+		put_cred(override_creds(get_new_cred(new)));
 		put_cred(new);
 	} else {
 		error = nfsd_setuser_and_check_port(rqstp, cred, exp);
diff --git a/fs/open.c b/fs/open.c
index 23c414c10883927129a925a33680affc6f3a0a78..bd0a34653f0ebe210ddfeabf5ea3bc002bf2833d 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -448,7 +448,7 @@ static const struct cred *access_override_creds(void)
 	 */
 	override_cred->non_rcu = 1;
 
-	old_cred = override_creds_light(get_new_cred(override_cred));
+	old_cred = override_creds(get_new_cred(override_cred));
 
 	/* override_cred() gets its own ref */
 	put_cred(override_cred);
diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c
index 0f19bdbc78a45f35df2829ccc8cc65deef244ffd..7805667b2e05264c011cd41ff6f77b9ae0fb30d9 100644
--- a/fs/overlayfs/copy_up.c
+++ b/fs/overlayfs/copy_up.c
@@ -741,7 +741,7 @@ static int ovl_prep_cu_creds(struct dentry *dentry, struct ovl_cu_creds *cc)
 		return err;
 
 	if (cc->new)
-		cc->old = override_creds_light(get_new_cred(cc->new));
+		cc->old = override_creds(get_new_cred(cc->new));
 
 	return 0;
 }
diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c
index 08e683917d121b1fe8f0f0b4d4ba4f0f3c72f47d..151271f0586c7249cfa61cd45d249ec930adaf82 100644
--- a/fs/overlayfs/dir.c
+++ b/fs/overlayfs/dir.c
@@ -580,7 +580,7 @@ static const struct cred *ovl_setup_cred_for_create(struct dentry *dentry,
 	 * We must be called with creator creds already, otherwise we risk
 	 * leaking creds.
 	 */
-	old_cred = override_creds_light(override_cred);
+	old_cred = override_creds(override_cred);
 	WARN_ON_ONCE(old_cred != ovl_creds(dentry->d_sb));
 
 	return override_cred;
diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c
index 9aa7493b1e10365cbcc97fceab26d614a319727f..2513a79a10b0bd69fa9d1c8a0f4726f3246ac39c 100644
--- a/fs/overlayfs/util.c
+++ b/fs/overlayfs/util.c
@@ -65,7 +65,7 @@ const struct cred *ovl_override_creds(struct super_block *sb)
 {
 	struct ovl_fs *ofs = OVL_FS(sb);
 
-	return override_creds_light(ofs->creator_cred);
+	return override_creds(ofs->creator_cred);
 }
 
 void ovl_revert_creds(const struct cred *old_cred)
diff --git a/fs/smb/client/cifs_spnego.c b/fs/smb/client/cifs_spnego.c
index f2353bccc9f5e4637772a89dd0b0f42861fd21f3..f22dc0be357fa03cecc524976de5c69fddeef1ca 100644
--- a/fs/smb/client/cifs_spnego.c
+++ b/fs/smb/client/cifs_spnego.c
@@ -173,7 +173,7 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo,
 	}
 
 	cifs_dbg(FYI, "key description = %s\n", description);
-	saved_cred = override_creds_light(get_new_cred(spnego_cred));
+	saved_cred = override_creds(get_new_cred(spnego_cred));
 	spnego_key = request_key(&cifs_spnego_key_type, description, "");
 	put_cred(revert_creds_light(saved_cred));
 
diff --git a/fs/smb/client/cifsacl.c b/fs/smb/client/cifsacl.c
index 81d8d9802a56d4bb5d3d0480396f0c78c4c3fb80..d65e094b97cb2b1bd1c79d1959443fd8cae93f8f 100644
--- a/fs/smb/client/cifsacl.c
+++ b/fs/smb/client/cifsacl.c
@@ -292,7 +292,7 @@ id_to_sid(unsigned int cid, uint sidtype, struct smb_sid *ssid)
 		return -EINVAL;
 
 	rc = 0;
-	saved_cred = override_creds_light(get_new_cred(root_cred));
+	saved_cred = override_creds(get_new_cred(root_cred));
 	sidkey = request_key(&cifs_idmap_key_type, desc, "");
 	if (IS_ERR(sidkey)) {
 		rc = -EINVAL;
@@ -398,7 +398,7 @@ sid_to_id(struct cifs_sb_info *cifs_sb, struct smb_sid *psid,
 	if (!sidstr)
 		return -ENOMEM;
 
-	saved_cred = override_creds_light(get_new_cred(root_cred));
+	saved_cred = override_creds(get_new_cred(root_cred));
 	sidkey = request_key(&cifs_idmap_key_type, sidstr, "");
 	if (IS_ERR(sidkey)) {
 		cifs_dbg(FYI, "%s: Can't map SID %s to a %cid\n",
diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c
index b13abbf67827fcad9c35606344cca055c09ba9c3..f09652bcca542464ed2f27fce9e912f797410612 100644
--- a/fs/smb/server/smb_common.c
+++ b/fs/smb/server/smb_common.c
@@ -780,7 +780,7 @@ int __ksmbd_override_fsids(struct ksmbd_work *work,
 		cred->cap_effective = cap_drop_fs_set(cred->cap_effective);
 
 	WARN_ON(work->saved_cred);
-	work->saved_cred = override_creds_light(get_new_cred(cred));
+	work->saved_cred = override_creds(get_new_cred(cred));
 	if (!work->saved_cred) {
 		abort_creds(cred);
 		return -EINVAL;
diff --git a/include/linux/cred.h b/include/linux/cred.h
index 439d7a1840e7ccbc94d814728698a4b383bc39b3..a049993d22cca4e122091309f11fbc9e10d2e955 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -170,7 +170,7 @@ static inline bool cap_ambient_invariant_ok(const struct cred *cred)
 					  cred->cap_inheritable));
 }
 
-static inline const struct cred *override_creds_light(const struct cred *override_cred)
+static inline const struct cred *override_creds(const struct cred *override_cred)
 {
 	const struct cred *old = current->cred;
 
diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c
index a6a50e86791e79745ace095af68c4b658e4a2cdc..946df208e7741a0e2e11eff2ee0b8978bcea7c3c 100644
--- a/io_uring/io_uring.c
+++ b/io_uring/io_uring.c
@@ -1704,7 +1704,7 @@ static int io_issue_sqe(struct io_kiocb *req, unsigned int issue_flags)
 		return -EBADF;
 
 	if (unlikely((req->flags & REQ_F_CREDS) && req->creds != current_cred()))
-		creds = override_creds_light(get_new_cred(req->creds));
+		creds = override_creds(get_new_cred(req->creds));
 
 	if (!def->audit_skip)
 		audit_uring_entry(req->opcode);
diff --git a/io_uring/sqpoll.c b/io_uring/sqpoll.c
index 42ca6e07e0f7b0fe54a9f09857f87fecb5aa7085..0fd424442118f38db0307fe10e0c6ee102c1f185 100644
--- a/io_uring/sqpoll.c
+++ b/io_uring/sqpoll.c
@@ -174,7 +174,7 @@ static int __io_sq_thread(struct io_ring_ctx *ctx, bool cap_entries)
 		const struct cred *creds = NULL;
 
 		if (ctx->sq_creds != current_cred())
-			creds = override_creds_light(get_new_cred(ctx->sq_creds));
+			creds = override_creds(get_new_cred(ctx->sq_creds));
 
 		mutex_lock(&ctx->uring_lock);
 		if (!wq_list_empty(&ctx->iopoll_list))
diff --git a/kernel/acct.c b/kernel/acct.c
index 4e28aa9e1ef278cd7fb3160a27b549155ceaffc3..a51a3b483fd9d94da916dc4e052ef4ab1042a39f 100644
--- a/kernel/acct.c
+++ b/kernel/acct.c
@@ -501,7 +501,7 @@ static void do_acct_process(struct bsd_acct_struct *acct)
 	flim = rlimit(RLIMIT_FSIZE);
 	current->signal->rlim[RLIMIT_FSIZE].rlim_cur = RLIM_INFINITY;
 	/* Perform file operations on behalf of whoever enabled accounting */
-	orig_cred = override_creds_light(get_new_cred(file->f_cred));
+	orig_cred = override_creds(get_new_cred(file->f_cred));
 
 	/*
 	 * First check to see if there is enough free_space to continue
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 68b816955c9c7e0141a073f54b14949b4c37aae6..2d618b577e52e0117f77340dac79581882599578 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -5216,7 +5216,7 @@ static ssize_t __cgroup_procs_write(struct kernfs_open_file *of, char *buf,
 	 * permissions using the credentials from file open to protect against
 	 * inherited fd attacks.
 	 */
-	saved_cred = override_creds_light(get_new_cred(of->file->f_cred));
+	saved_cred = override_creds(get_new_cred(of->file->f_cred));
 	ret = cgroup_attach_permissions(src_cgrp, dst_cgrp,
 					of->file->f_path.dentry->d_sb,
 					threadgroup, ctx->ns);
diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c
index 2fdadb2e8547ec86f48d84c81c95434c811cb3cd..857124d81f1255e7e6b4d18009b53191a71b57fc 100644
--- a/kernel/trace/trace_events_user.c
+++ b/kernel/trace/trace_events_user.c
@@ -1469,7 +1469,7 @@ static int user_event_set_call_visible(struct user_event *user, bool visible)
 	 */
 	cred->fsuid = GLOBAL_ROOT_UID;
 
-	old_cred = override_creds_light(get_new_cred(cred));
+	old_cred = override_creds(get_new_cred(cred));
 
 	if (visible)
 		ret = trace_add_event_call(&user->call);
diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c
index 297059b7e2a367f5e745aac4557cda5996689a00..f8749d688d6676dd83d0c4b8e83ca893f1bd4248 100644
--- a/net/dns_resolver/dns_query.c
+++ b/net/dns_resolver/dns_query.c
@@ -124,7 +124,7 @@ int dns_query(struct net *net,
 	/* make the upcall, using special credentials to prevent the use of
 	 * add_key() to preinstall malicious redirections
 	 */
-	saved_cred = override_creds_light(get_new_cred(dns_resolver_cache));
+	saved_cred = override_creds(get_new_cred(dns_resolver_cache));
 	rkey = request_key_net(&key_type_dns_resolver, desc, net, options);
 	put_cred(revert_creds_light(saved_cred));
 	kfree(desc);

-- 
2.45.2

[PATCH 06/26] tree-wide: s/revert_creds_light()/revert_creds()/g

[Christian Brauner]

Rename all calls to revert_creds_light() back to revert_creds().

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 drivers/base/firmware_loader/main.c   |  2 +-
 drivers/crypto/ccp/sev-dev.c          |  2 +-
 drivers/target/target_core_configfs.c |  2 +-
 fs/aio.c                              |  2 +-
 fs/backing-file.c                     | 10 +++++-----
 fs/binfmt_misc.c                      |  2 +-
 fs/cachefiles/internal.h              |  2 +-
 fs/coredump.c                         |  2 +-
 fs/nfs/localio.c                      |  4 ++--
 fs/nfs/nfs4idmap.c                    |  2 +-
 fs/nfsd/auth.c                        |  2 +-
 fs/nfsd/filecache.c                   |  2 +-
 fs/nfsd/nfs4recover.c                 |  2 +-
 fs/open.c                             |  2 +-
 fs/overlayfs/copy_up.c                |  2 +-
 fs/overlayfs/dir.c                    |  2 +-
 fs/overlayfs/util.c                   |  2 +-
 fs/smb/client/cifs_spnego.c           |  2 +-
 fs/smb/client/cifsacl.c               |  4 ++--
 fs/smb/server/smb_common.c            |  2 +-
 include/linux/cred.h                  |  2 +-
 io_uring/io_uring.c                   |  2 +-
 io_uring/sqpoll.c                     |  2 +-
 kernel/acct.c                         |  2 +-
 kernel/cgroup/cgroup.c                |  2 +-
 kernel/trace/trace_events_user.c      |  2 +-
 net/dns_resolver/dns_query.c          |  2 +-
 27 files changed, 33 insertions(+), 33 deletions(-)

diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c
index 729df15600efb743091d7e1b71a306cdfa9acbf0..96a2c3011ca82148b4ba547764a1f92e252dbf5f 100644
--- a/drivers/base/firmware_loader/main.c
+++ b/drivers/base/firmware_loader/main.c
@@ -944,7 +944,7 @@ _request_firmware(const struct firmware **firmware_p, const char *name,
 	} else
 		ret = assign_fw(fw, device);
 
-	put_cred(revert_creds_light(old_cred));
+	put_cred(revert_creds(old_cred));
 	put_cred(kern_cred);
 
 out:
diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
index ffae20fd52bc03e7123b116251c77a3ccd7c6cde..187c34b02442dd50640f88713bc5f6f88a1990f4 100644
--- a/drivers/crypto/ccp/sev-dev.c
+++ b/drivers/crypto/ccp/sev-dev.c
@@ -249,7 +249,7 @@ static struct file *open_file_as_root(const char *filename, int flags, umode_t m
 	fp = file_open_root(&root, filename, flags, mode);
 	path_put(&root);
 
-	put_cred(revert_creds_light(old_cred));
+	put_cred(revert_creds(old_cred));
 
 	return fp;
 }
diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c
index 7788e1fe2633ded4f265ff874c62dc4a21fd1b6e..ec7a5598719397da5cadfed12a05ca8eb81e46a9 100644
--- a/drivers/target/target_core_configfs.c
+++ b/drivers/target/target_core_configfs.c
@@ -3758,7 +3758,7 @@ static int __init target_core_init_configfs(void)
 	}
 	old_cred = override_creds(get_new_cred(kern_cred));
 	target_init_dbroot();
-	put_cred(revert_creds_light(old_cred));
+	put_cred(revert_creds(old_cred));
 	put_cred(kern_cred);
 
 	return 0;
diff --git a/fs/aio.c b/fs/aio.c
index 7e0ec687f480c05358c6c40638a7e187aafd8124..5e57dcaed7f1ae1e4b38009b51a665954b31f5bd 100644
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -1642,7 +1642,7 @@ static void aio_fsync_work(struct work_struct *work)
 	const struct cred *old_cred = override_creds(get_new_cred(iocb->fsync.creds));
 
 	iocb->ki_res.res = vfs_fsync(iocb->fsync.file, iocb->fsync.datasync);
-	put_cred(revert_creds_light(old_cred));
+	put_cred(revert_creds(old_cred));
 	put_cred(iocb->fsync.creds);
 	iocb_put(iocb);
 }
diff --git a/fs/backing-file.c b/fs/backing-file.c
index bcf8c0b9ff42e2dd30dc239bb2580942fe6c40a7..a38737592ec77b50fa4d417a98ca272ca5f89399 100644
--- a/fs/backing-file.c
+++ b/fs/backing-file.c
@@ -197,7 +197,7 @@ ssize_t backing_file_read_iter(struct file *file, struct iov_iter *iter,
 			backing_aio_cleanup(aio, ret);
 	}
 out:
-	revert_creds_light(old_cred);
+	revert_creds(old_cred);
 
 	if (ctx->accessed)
 		ctx->accessed(iocb->ki_filp);
@@ -264,7 +264,7 @@ ssize_t backing_file_write_iter(struct file *file, struct iov_iter *iter,
 			backing_aio_cleanup(aio, ret);
 	}
 out:
-	revert_creds_light(old_cred);
+	revert_creds(old_cred);
 
 	return ret;
 }
@@ -283,7 +283,7 @@ ssize_t backing_file_splice_read(struct file *in, struct kiocb *iocb,
 
 	old_cred = override_creds(ctx->cred);
 	ret = vfs_splice_read(in, &iocb->ki_pos, pipe, len, flags);
-	revert_creds_light(old_cred);
+	revert_creds(old_cred);
 
 	if (ctx->accessed)
 		ctx->accessed(iocb->ki_filp);
@@ -314,7 +314,7 @@ ssize_t backing_file_splice_write(struct pipe_inode_info *pipe,
 	file_start_write(out);
 	ret = out->f_op->splice_write(pipe, out, &iocb->ki_pos, len, flags);
 	file_end_write(out);
-	revert_creds_light(old_cred);
+	revert_creds(old_cred);
 
 	if (ctx->end_write)
 		ctx->end_write(iocb, ret);
@@ -339,7 +339,7 @@ int backing_file_mmap(struct file *file, struct vm_area_struct *vma,
 
 	old_cred = override_creds(ctx->cred);
 	ret = call_mmap(vma->vm_file, vma);
-	revert_creds_light(old_cred);
+	revert_creds(old_cred);
 
 	if (ctx->accessed)
 		ctx->accessed(vma->vm_file);
diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c
index 63544051404a9ff5ec8a74c754c3acfbc91f3279..5692c512b740bb8f11d5da89a2e5f388aafebc13 100644
--- a/fs/binfmt_misc.c
+++ b/fs/binfmt_misc.c
@@ -828,7 +828,7 @@ static ssize_t bm_register_write(struct file *file, const char __user *buffer,
 		 */
 		old_cred = override_creds(get_new_cred(file->f_cred));
 		f = open_exec(e->interpreter);
-		put_cred(revert_creds_light(old_cred));
+		put_cred(revert_creds(old_cred));
 		if (IS_ERR(f)) {
 			pr_notice("register: failed to install interpreter file %s\n",
 				 e->interpreter);
diff --git a/fs/cachefiles/internal.h b/fs/cachefiles/internal.h
index 05b1d4cfb55afefd025c5f9c08afa81f67fdb9eb..1cfeb3b3831900b7c389c55c59fc7e3b84acfca6 100644
--- a/fs/cachefiles/internal.h
+++ b/fs/cachefiles/internal.h
@@ -399,7 +399,7 @@ static inline void cachefiles_begin_secure(struct cachefiles_cache *cache,
 static inline void cachefiles_end_secure(struct cachefiles_cache *cache,
 					 const struct cred *saved_cred)
 {
-	put_cred(revert_creds_light(saved_cred));
+	put_cred(revert_creds(saved_cred));
 }
 
 /*
diff --git a/fs/coredump.c b/fs/coredump.c
index 4eae37892da58e982b53da4596952a1b3d2e1630..0d3a65cac546db6710eb1337b0a9c4ec0ffff679 100644
--- a/fs/coredump.c
+++ b/fs/coredump.c
@@ -781,7 +781,7 @@ void do_coredump(const kernel_siginfo_t *siginfo)
 	kfree(argv);
 	kfree(cn.corename);
 	coredump_finish(core_dumped);
-	put_cred(revert_creds_light(old_cred));
+	put_cred(revert_creds(old_cred));
 fail_creds:
 	put_cred(cred);
 fail:
diff --git a/fs/nfs/localio.c b/fs/nfs/localio.c
index 374c6e35c7b4969ef193b71510ee9a34c45bb815..cb0ba4a810324cc9a4913767ce5a9b4f52c416ac 100644
--- a/fs/nfs/localio.c
+++ b/fs/nfs/localio.c
@@ -381,7 +381,7 @@ static void nfs_local_call_read(struct work_struct *work)
 	nfs_local_read_done(iocb, status);
 	nfs_local_pgio_release(iocb);
 
-	put_cred(revert_creds_light(save_cred));
+	put_cred(revert_creds(save_cred));
 }
 
 static int
@@ -554,7 +554,7 @@ static void nfs_local_call_write(struct work_struct *work)
 	nfs_local_vfs_getattr(iocb);
 	nfs_local_pgio_release(iocb);
 
-	put_cred(revert_creds_light(save_cred));
+	put_cred(revert_creds(save_cred));
 	current->flags = old_flags;
 }
 
diff --git a/fs/nfs/nfs4idmap.c b/fs/nfs/nfs4idmap.c
index 3cae4057f8ba30914a91a3d368ace8f52175644d..25b6a8920a6545d43f437f2f0330ccc35380ccc3 100644
--- a/fs/nfs/nfs4idmap.c
+++ b/fs/nfs/nfs4idmap.c
@@ -313,7 +313,7 @@ static ssize_t nfs_idmap_get_key(const char *name, size_t namelen,
 
 	saved_cred = override_creds(get_new_cred(id_resolver_cache));
 	rkey = nfs_idmap_request_key(name, namelen, type, idmap);
-	put_cred(revert_creds_light(saved_cred));
+	put_cred(revert_creds(saved_cred));
 
 	if (IS_ERR(rkey)) {
 		ret = PTR_ERR(rkey);
diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c
index dafea9183b4e6413d61c0c83a1b8f26a9712d5c6..c399a5f030afbde6ad7bc9cf28f1e354d74db9a8 100644
--- a/fs/nfsd/auth.c
+++ b/fs/nfsd/auth.c
@@ -27,7 +27,7 @@ int nfsd_setuser(struct svc_cred *cred, struct svc_export *exp)
 	int flags = nfsexp_flags(cred, exp);
 
 	/* discard any old override before preparing the new set */
-	put_cred(revert_creds_light(get_cred(current_real_cred())));
+	put_cred(revert_creds(get_cred(current_real_cred())));
 	new = prepare_creds();
 	if (!new)
 		return -ENOMEM;
diff --git a/fs/nfsd/filecache.c b/fs/nfsd/filecache.c
index fef2b8eb3a94736cbe8342a95f205f173f598447..3ae9d8356d7de5190b4b038b1104b6d93d07eb65 100644
--- a/fs/nfsd/filecache.c
+++ b/fs/nfsd/filecache.c
@@ -1252,7 +1252,7 @@ nfsd_file_acquire_local(struct net *net, struct svc_cred *cred,
 
 	beres = nfsd_file_do_acquire(NULL, net, cred, client,
 				     fhp, may_flags, NULL, pnf, true);
-	put_cred(revert_creds_light(save_cred));
+	put_cred(revert_creds(save_cred));
 	return beres;
 }
 
diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c
index 475c47f1c0afa2de56038bbb7cdd9fc5e583c8bd..2834091cc988b1403aa2908f69e336f2fe4e0922 100644
--- a/fs/nfsd/nfs4recover.c
+++ b/fs/nfsd/nfs4recover.c
@@ -89,7 +89,7 @@ nfs4_save_creds(const struct cred **original_creds)
 static void
 nfs4_reset_creds(const struct cred *original)
 {
-	put_cred(revert_creds_light(original));
+	put_cred(revert_creds(original));
 }
 
 static void
diff --git a/fs/open.c b/fs/open.c
index bd0a34653f0ebe210ddfeabf5ea3bc002bf2833d..0a5cd8e74fb9bb4cc484d84096c6123b21acbf16 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -523,7 +523,7 @@ static long do_faccessat(int dfd, const char __user *filename, int mode, int fla
 	}
 out:
 	if (old_cred)
-		put_cred(revert_creds_light(old_cred));
+		put_cred(revert_creds(old_cred));
 
 	return res;
 }
diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c
index 7805667b2e05264c011cd41ff6f77b9ae0fb30d9..439bd9a5ceecc4d2f4dc5dfda7cea14c3d9411ba 100644
--- a/fs/overlayfs/copy_up.c
+++ b/fs/overlayfs/copy_up.c
@@ -749,7 +749,7 @@ static int ovl_prep_cu_creds(struct dentry *dentry, struct ovl_cu_creds *cc)
 static void ovl_revert_cu_creds(struct ovl_cu_creds *cc)
 {
 	if (cc->new) {
-		put_cred(revert_creds_light(cc->old));
+		put_cred(revert_creds(cc->old));
 		put_cred(cc->new);
 	}
 }
diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c
index 151271f0586c7249cfa61cd45d249ec930adaf82..c9993ff66fc26ec45ab5a5b4679d1d2056a01df2 100644
--- a/fs/overlayfs/dir.c
+++ b/fs/overlayfs/dir.c
@@ -575,7 +575,7 @@ static const struct cred *ovl_setup_cred_for_create(struct dentry *dentry,
 	}
 
 	/*
-	 * Caller is going to match this with revert_creds_light() and drop
+	 * Caller is going to match this with revert_creds() and drop
 	 * referenec on the returned creds.
 	 * We must be called with creator creds already, otherwise we risk
 	 * leaking creds.
diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c
index 2513a79a10b0bd69fa9d1c8a0f4726f3246ac39c..0819c739cc2ffce0dfefa84d3ff8f9f103eec191 100644
--- a/fs/overlayfs/util.c
+++ b/fs/overlayfs/util.c
@@ -70,7 +70,7 @@ const struct cred *ovl_override_creds(struct super_block *sb)
 
 void ovl_revert_creds(const struct cred *old_cred)
 {
-	revert_creds_light(old_cred);
+	revert_creds(old_cred);
 }
 
 /*
diff --git a/fs/smb/client/cifs_spnego.c b/fs/smb/client/cifs_spnego.c
index f22dc0be357fa03cecc524976de5c69fddeef1ca..6284d924fdb1e25e07af7e10b6286df97c0942dd 100644
--- a/fs/smb/client/cifs_spnego.c
+++ b/fs/smb/client/cifs_spnego.c
@@ -175,7 +175,7 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo,
 	cifs_dbg(FYI, "key description = %s\n", description);
 	saved_cred = override_creds(get_new_cred(spnego_cred));
 	spnego_key = request_key(&cifs_spnego_key_type, description, "");
-	put_cred(revert_creds_light(saved_cred));
+	put_cred(revert_creds(saved_cred));
 
 #ifdef CONFIG_CIFS_DEBUG2
 	if (cifsFYI && !IS_ERR(spnego_key)) {
diff --git a/fs/smb/client/cifsacl.c b/fs/smb/client/cifsacl.c
index d65e094b97cb2b1bd1c79d1959443fd8cae93f8f..5718906369a96fc80bee6a472f93bac1159f1709 100644
--- a/fs/smb/client/cifsacl.c
+++ b/fs/smb/client/cifsacl.c
@@ -327,7 +327,7 @@ id_to_sid(unsigned int cid, uint sidtype, struct smb_sid *ssid)
 out_key_put:
 	key_put(sidkey);
 out_revert_creds:
-	put_cred(revert_creds_light(saved_cred));
+	put_cred(revert_creds(saved_cred));
 	return rc;
 
 invalidate_key:
@@ -438,7 +438,7 @@ sid_to_id(struct cifs_sb_info *cifs_sb, struct smb_sid *psid,
 out_key_put:
 	key_put(sidkey);
 out_revert_creds:
-	put_cred(revert_creds_light(saved_cred));
+	put_cred(revert_creds(saved_cred));
 	kfree(sidstr);
 
 	/*
diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c
index f09652bcca542464ed2f27fce9e912f797410612..f1d770a214c8b2c7d7dd4083ef57c7130bbce52c 100644
--- a/fs/smb/server/smb_common.c
+++ b/fs/smb/server/smb_common.c
@@ -800,7 +800,7 @@ void ksmbd_revert_fsids(struct ksmbd_work *work)
 	WARN_ON(!work->saved_cred);
 
 	cred = current_cred();
-	put_cred(revert_creds_light(work->saved_cred));
+	put_cred(revert_creds(work->saved_cred));
 	put_cred(cred);
 	work->saved_cred = NULL;
 }
diff --git a/include/linux/cred.h b/include/linux/cred.h
index a049993d22cca4e122091309f11fbc9e10d2e955..7ce1551c8aa7b7e000dffbd49ba6b27530ebc9ef 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -178,7 +178,7 @@ static inline const struct cred *override_creds(const struct cred *override_cred
 	return old;
 }
 
-static inline const struct cred *revert_creds_light(const struct cred *revert_cred)
+static inline const struct cred *revert_creds(const struct cred *revert_cred)
 {
 	const struct cred *override_cred = current->cred;
 
diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c
index 946df208e7741a0e2e11eff2ee0b8978bcea7c3c..ad4d8e94a8665cf5f3e9ea0fd9bc6c03a03cc48f 100644
--- a/io_uring/io_uring.c
+++ b/io_uring/io_uring.c
@@ -1715,7 +1715,7 @@ static int io_issue_sqe(struct io_kiocb *req, unsigned int issue_flags)
 		audit_uring_exit(!ret, ret);
 
 	if (creds)
-		put_cred(revert_creds_light(creds));
+		put_cred(revert_creds(creds));
 
 	if (ret == IOU_OK) {
 		if (issue_flags & IO_URING_F_COMPLETE_DEFER)
diff --git a/io_uring/sqpoll.c b/io_uring/sqpoll.c
index 0fd424442118f38db0307fe10e0c6ee102c1f185..1ca96347433695de1eb0e3bec7c6da4299e9ceb0 100644
--- a/io_uring/sqpoll.c
+++ b/io_uring/sqpoll.c
@@ -192,7 +192,7 @@ static int __io_sq_thread(struct io_ring_ctx *ctx, bool cap_entries)
 		if (to_submit && wq_has_sleeper(&ctx->sqo_sq_wait))
 			wake_up(&ctx->sqo_sq_wait);
 		if (creds)
-			put_cred(revert_creds_light(creds));
+			put_cred(revert_creds(creds));
 	}
 
 	return ret;
diff --git a/kernel/acct.c b/kernel/acct.c
index a51a3b483fd9d94da916dc4e052ef4ab1042a39f..ea8c94887b5853b10e7a7e632f7b0bc4d52ab10b 100644
--- a/kernel/acct.c
+++ b/kernel/acct.c
@@ -541,7 +541,7 @@ static void do_acct_process(struct bsd_acct_struct *acct)
 	}
 out:
 	current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim;
-	put_cred(revert_creds_light(orig_cred));
+	put_cred(revert_creds(orig_cred));
 }
 
 /**
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 2d618b577e52e0117f77340dac79581882599578..1a94e8b154beeed45d69056917f3dd9fc6d950fa 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -5220,7 +5220,7 @@ static ssize_t __cgroup_procs_write(struct kernfs_open_file *of, char *buf,
 	ret = cgroup_attach_permissions(src_cgrp, dst_cgrp,
 					of->file->f_path.dentry->d_sb,
 					threadgroup, ctx->ns);
-	put_cred(revert_creds_light(saved_cred));
+	put_cred(revert_creds(saved_cred));
 	if (ret)
 		goto out_finish;
 
diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c
index 857124d81f1255e7e6b4d18009b53191a71b57fc..c54ae15f425c2c1dad3f8c776027beca2f00a0a5 100644
--- a/kernel/trace/trace_events_user.c
+++ b/kernel/trace/trace_events_user.c
@@ -1476,7 +1476,7 @@ static int user_event_set_call_visible(struct user_event *user, bool visible)
 	else
 		ret = trace_remove_event_call(&user->call);
 
-	put_cred(revert_creds_light(old_cred));
+	put_cred(revert_creds(old_cred));
 	put_cred(cred);
 
 	return ret;
diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c
index f8749d688d6676dd83d0c4b8e83ca893f1bd4248..0b0789fe2194151102d5234aca3fc2dae9a1ed69 100644
--- a/net/dns_resolver/dns_query.c
+++ b/net/dns_resolver/dns_query.c
@@ -126,7 +126,7 @@ int dns_query(struct net *net,
 	 */
 	saved_cred = override_creds(get_new_cred(dns_resolver_cache));
 	rkey = request_key_net(&key_type_dns_resolver, desc, net, options);
-	put_cred(revert_creds_light(saved_cred));
+	put_cred(revert_creds(saved_cred));
 	kfree(desc);
 	if (IS_ERR(rkey)) {
 		ret = PTR_ERR(rkey);

-- 
2.45.2

[PATCH 07/26] firmware: avoid pointless reference count bump

[Christian Brauner]

The creds are allocated via prepare_kernel_cred() which has already
taken a reference.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 drivers/base/firmware_loader/main.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c
index 96a2c3011ca82148b4ba547764a1f92e252dbf5f..740ef6223a62ca37e776d1558f840f09c7c46c95 100644
--- a/drivers/base/firmware_loader/main.c
+++ b/drivers/base/firmware_loader/main.c
@@ -912,7 +912,7 @@ _request_firmware(const struct firmware **firmware_p, const char *name,
 		ret = -ENOMEM;
 		goto out;
 	}
-	old_cred = override_creds(get_new_cred(kern_cred));
+	old_cred = override_creds(kern_cred);
 
 	ret = fw_get_filesystem_firmware(device, fw->priv, "", NULL);
 
@@ -945,7 +945,6 @@ _request_firmware(const struct firmware **firmware_p, const char *name,
 		ret = assign_fw(fw, device);
 
 	put_cred(revert_creds(old_cred));
-	put_cred(kern_cred);
 
 out:
 	if (ret < 0) {

-- 
2.45.2

[PATCH 08/26] sev-dev: avoid pointless cred reference count bump

[Christian Brauner]

and fix a memory leak while at it. The new creds are created via
prepare_creds() and then reverted via put_cred(revert_creds()). The
additional reference count bump from override_creds() wasn't even taken
into account before.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 drivers/crypto/ccp/sev-dev.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
index 187c34b02442dd50640f88713bc5f6f88a1990f4..2e87ca0e292a1c1706a8e878285159b481b68a6f 100644
--- a/drivers/crypto/ccp/sev-dev.c
+++ b/drivers/crypto/ccp/sev-dev.c
@@ -244,7 +244,7 @@ static struct file *open_file_as_root(const char *filename, int flags, umode_t m
 	if (!cred)
 		return ERR_PTR(-ENOMEM);
 	cred->fsuid = GLOBAL_ROOT_UID;
-	old_cred = override_creds(get_new_cred(cred));
+	old_cred = override_creds(cred);
 
 	fp = file_open_root(&root, filename, flags, mode);
 	path_put(&root);

-- 
2.45.2

[PATCH 09/26] target_core_configfs: avoid pointless cred reference count bump

[Christian Brauner]

The creds are allocated via prepare_kernel_cred() which has already
taken a reference.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 drivers/target/target_core_configfs.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c
index ec7a5598719397da5cadfed12a05ca8eb81e46a9..d102ab79c56dd7977465f7455749e6e7a2c9fba1 100644
--- a/drivers/target/target_core_configfs.c
+++ b/drivers/target/target_core_configfs.c
@@ -3756,10 +3756,9 @@ static int __init target_core_init_configfs(void)
 		ret = -ENOMEM;
 		goto out;
 	}
-	old_cred = override_creds(get_new_cred(kern_cred));
+	old_cred = override_creds(kern_cred);
 	target_init_dbroot();
 	put_cred(revert_creds(old_cred));
-	put_cred(kern_cred);
 
 	return 0;
 

-- 
2.45.2

[PATCH 10/26] aio: avoid pointless cred reference count bump

[Christian Brauner]

No need for the extra reference count bump.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 fs/aio.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/fs/aio.c b/fs/aio.c
index 5e57dcaed7f1ae1e4b38009b51a665954b31f5bd..98eb0f5d0ee49c564d87f9050d304c5a99130445 100644
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -1639,11 +1639,10 @@ static int aio_write(struct kiocb *req, const struct iocb *iocb,
 static void aio_fsync_work(struct work_struct *work)
 {
 	struct aio_kiocb *iocb = container_of(work, struct aio_kiocb, fsync.work);
-	const struct cred *old_cred = override_creds(get_new_cred(iocb->fsync.creds));
+	const struct cred *old_cred = override_creds(iocb->fsync.creds);
 
 	iocb->ki_res.res = vfs_fsync(iocb->fsync.file, iocb->fsync.datasync);
 	put_cred(revert_creds(old_cred));
-	put_cred(iocb->fsync.creds);
 	iocb_put(iocb);
 }
 

-- 
2.45.2

[PATCH 11/26] binfmt_misc: avoid pointless cred reference count bump

[Christian Brauner]

No need for the extra reference count bump.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 fs/binfmt_misc.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c
index 5692c512b740bb8f11d5da89a2e5f388aafebc13..31660d8cc2c610bd42f00f1de7ed6c39618cc5db 100644
--- a/fs/binfmt_misc.c
+++ b/fs/binfmt_misc.c
@@ -826,9 +826,9 @@ static ssize_t bm_register_write(struct file *file, const char __user *buffer,
 		 * didn't matter much as only a privileged process could open
 		 * the register file.
 		 */
-		old_cred = override_creds(get_new_cred(file->f_cred));
+		old_cred = override_creds(file->f_cred);
 		f = open_exec(e->interpreter);
-		put_cred(revert_creds(old_cred));
+		revert_creds(old_cred);
 		if (IS_ERR(f)) {
 			pr_notice("register: failed to install interpreter file %s\n",
 				 e->interpreter);

-- 
2.45.2

[PATCH 12/26] coredump: avoid pointless cred reference count bump

[Christian Brauner]

The creds are allocated via prepare_creds() which has already taken a
reference.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 fs/coredump.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/coredump.c b/fs/coredump.c
index 0d3a65cac546db6710eb1337b0a9c4ec0ffff679..d48edb37bc35c0896d97a2f6a6cc259d8812f936 100644
--- a/fs/coredump.c
+++ b/fs/coredump.c
@@ -576,7 +576,7 @@ void do_coredump(const kernel_siginfo_t *siginfo)
 	if (retval < 0)
 		goto fail_creds;
 
-	old_cred = override_creds(get_new_cred(cred));
+	old_cred = override_creds(cred);
 
 	ispipe = format_corename(&cn, &cprm, &argv, &argc);
 
@@ -781,7 +781,7 @@ void do_coredump(const kernel_siginfo_t *siginfo)
 	kfree(argv);
 	kfree(cn.corename);
 	coredump_finish(core_dumped);
-	put_cred(revert_creds(old_cred));
+	revert_creds(old_cred);
 fail_creds:
 	put_cred(cred);
 fail:

-- 
2.45.2

[PATCH 13/26] nfs/localio: avoid pointless cred reference count bumps

[Christian Brauner]

No need for the extra reference count bump.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 fs/nfs/localio.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/fs/nfs/localio.c b/fs/nfs/localio.c
index cb0ba4a810324cc9a4913767ce5a9b4f52c416ac..8f0ce82a677e1589092a30240d6e60a289d64a58 100644
--- a/fs/nfs/localio.c
+++ b/fs/nfs/localio.c
@@ -371,7 +371,7 @@ static void nfs_local_call_read(struct work_struct *work)
 	struct iov_iter iter;
 	ssize_t status;
 
-	save_cred = override_creds(get_new_cred(filp->f_cred));
+	save_cred = override_creds(filp->f_cred);
 
 	nfs_local_iter_init(&iter, iocb, READ);
 
@@ -381,7 +381,7 @@ static void nfs_local_call_read(struct work_struct *work)
 	nfs_local_read_done(iocb, status);
 	nfs_local_pgio_release(iocb);
 
-	put_cred(revert_creds(save_cred));
+	revert_creds(save_cred);
 }
 
 static int
@@ -541,7 +541,7 @@ static void nfs_local_call_write(struct work_struct *work)
 	ssize_t status;
 
 	current->flags |= PF_LOCAL_THROTTLE | PF_MEMALLOC_NOIO;
-	save_cred = override_creds(get_new_cred(filp->f_cred));
+	save_cred = override_creds(filp->f_cred);
 
 	nfs_local_iter_init(&iter, iocb, WRITE);
 
@@ -554,7 +554,7 @@ static void nfs_local_call_write(struct work_struct *work)
 	nfs_local_vfs_getattr(iocb);
 	nfs_local_pgio_release(iocb);
 
-	put_cred(revert_creds(save_cred));
+	revert_creds(save_cred);
 	current->flags = old_flags;
 }
 

-- 
2.45.2

[PATCH 14/26] nfs/nfs4idmap: avoid pointless reference count bump

[Christian Brauner]

No need for the extra reference count bump.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 fs/nfs/nfs4idmap.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/nfs/nfs4idmap.c b/fs/nfs/nfs4idmap.c
index 25b6a8920a6545d43f437f2f0330ccc35380ccc3..25a7c771cfd89f3e6d494f26a78212d3d619c135 100644
--- a/fs/nfs/nfs4idmap.c
+++ b/fs/nfs/nfs4idmap.c
@@ -311,9 +311,9 @@ static ssize_t nfs_idmap_get_key(const char *name, size_t namelen,
 	const struct user_key_payload *payload;
 	ssize_t ret;
 
-	saved_cred = override_creds(get_new_cred(id_resolver_cache));
+	saved_cred = override_creds(id_resolver_cache);
 	rkey = nfs_idmap_request_key(name, namelen, type, idmap);
-	put_cred(revert_creds(saved_cred));
+	revert_creds(saved_cred);
 
 	if (IS_ERR(rkey)) {
 		ret = PTR_ERR(rkey);

-- 
2.45.2

[PATCH 15/26] nfs/nfs4recover: avoid pointless cred reference count bump

[Christian Brauner]

No need for the extra reference count bump.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 fs/nfsd/nfs4recover.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c
index 2834091cc988b1403aa2908f69e336f2fe4e0922..5b1d36b26f93450bb14d1d922feeeb6c35399fd5 100644
--- a/fs/nfsd/nfs4recover.c
+++ b/fs/nfsd/nfs4recover.c
@@ -81,8 +81,7 @@ nfs4_save_creds(const struct cred **original_creds)
 
 	new->fsuid = GLOBAL_ROOT_UID;
 	new->fsgid = GLOBAL_ROOT_GID;
-	*original_creds = override_creds(get_new_cred(new));
-	put_cred(new);
+	*original_creds = override_creds(new);
 	return 0;
 }
 

-- 
2.45.2

[PATCH 16/26] nfsfh: avoid pointless cred reference count bump

[Christian Brauner]

No need for the extra reference count bump.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 fs/nfsd/nfsfh.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c
index 60b0275d5529d49ac87e8b89e4eb650ecd624f71..ef925d96078397a5bc0d0842dbafa44a5a49f358 100644
--- a/fs/nfsd/nfsfh.c
+++ b/fs/nfsd/nfsfh.c
@@ -221,8 +221,7 @@ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct net *net,
 		new->cap_effective =
 			cap_raise_nfsd_set(new->cap_effective,
 					   new->cap_permitted);
-		put_cred(override_creds(get_new_cred(new)));
-		put_cred(new);
+		put_cred(override_creds(new));
 	} else {
 		error = nfsd_setuser_and_check_port(rqstp, cred, exp);
 		if (error)

-- 
2.45.2

[PATCH 17/26] open: avoid pointless cred reference count bump

[Christian Brauner]

No need for the extra reference count bump.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 fs/open.c | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/fs/open.c b/fs/open.c
index 0a5cd8e74fb9bb4cc484d84096c6123b21acbf16..74ee5e02d68c590475f18f099b188f052f17f555 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -447,13 +447,7 @@ static const struct cred *access_override_creds(void)
 	 * freeing.
 	 */
 	override_cred->non_rcu = 1;
-
-	old_cred = override_creds(get_new_cred(override_cred));
-
-	/* override_cred() gets its own ref */
-	put_cred(override_cred);
-
-	return old_cred;
+	return override_creds(override_cred);
 }
 
 static long do_faccessat(int dfd, const char __user *filename, int mode, int flags)

-- 
2.45.2

[PATCH 18/26] ovl: avoid pointless cred reference count bump

[Christian Brauner]

No need for the extra reference count bump.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 fs/overlayfs/copy_up.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c
index 439bd9a5ceecc4d2f4dc5dfda7cea14c3d9411ba..39f08531abc7e99c32e709a46988939f072a9abe 100644
--- a/fs/overlayfs/copy_up.c
+++ b/fs/overlayfs/copy_up.c
@@ -741,17 +741,15 @@ static int ovl_prep_cu_creds(struct dentry *dentry, struct ovl_cu_creds *cc)
 		return err;
 
 	if (cc->new)
-		cc->old = override_creds(get_new_cred(cc->new));
+		cc->old = override_creds(cc->new);
 
 	return 0;
 }
 
 static void ovl_revert_cu_creds(struct ovl_cu_creds *cc)
 {
-	if (cc->new) {
+	if (cc->new)
 		put_cred(revert_creds(cc->old));
-		put_cred(cc->new);
-	}
 }
 
 /*

-- 
2.45.2

[PATCH 19/26] cifs: avoid pointless cred reference count bump

[Christian Brauner]

No need for the extra reference count bump.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 fs/smb/client/cifs_spnego.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/smb/client/cifs_spnego.c b/fs/smb/client/cifs_spnego.c
index 6284d924fdb1e25e07af7e10b6286df97c0942dd..28f568b5fc2771b7a11d0e83d0ac1cb9baf20636 100644
--- a/fs/smb/client/cifs_spnego.c
+++ b/fs/smb/client/cifs_spnego.c
@@ -173,9 +173,9 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo,
 	}
 
 	cifs_dbg(FYI, "key description = %s\n", description);
-	saved_cred = override_creds(get_new_cred(spnego_cred));
+	saved_cred = override_creds(spnego_cred);
 	spnego_key = request_key(&cifs_spnego_key_type, description, "");
-	put_cred(revert_creds(saved_cred));
+	revert_creds(saved_cred);
 
 #ifdef CONFIG_CIFS_DEBUG2
 	if (cifsFYI && !IS_ERR(spnego_key)) {

-- 
2.45.2

[PATCH 20/26] cifs: avoid pointless cred reference count bump

[Christian Brauner]

No need for the extra reference count bump.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 fs/smb/client/cifsacl.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/fs/smb/client/cifsacl.c b/fs/smb/client/cifsacl.c
index 5718906369a96fc80bee6a472f93bac1159f1709..ba79aa2107cc9f5b5fa628e9b9998d04e78c8bc1 100644
--- a/fs/smb/client/cifsacl.c
+++ b/fs/smb/client/cifsacl.c
@@ -292,7 +292,7 @@ id_to_sid(unsigned int cid, uint sidtype, struct smb_sid *ssid)
 		return -EINVAL;
 
 	rc = 0;
-	saved_cred = override_creds(get_new_cred(root_cred));
+	saved_cred = override_creds(root_cred);
 	sidkey = request_key(&cifs_idmap_key_type, desc, "");
 	if (IS_ERR(sidkey)) {
 		rc = -EINVAL;
@@ -327,7 +327,7 @@ id_to_sid(unsigned int cid, uint sidtype, struct smb_sid *ssid)
 out_key_put:
 	key_put(sidkey);
 out_revert_creds:
-	put_cred(revert_creds(saved_cred));
+	revert_creds(saved_cred);
 	return rc;
 
 invalidate_key:
@@ -398,7 +398,7 @@ sid_to_id(struct cifs_sb_info *cifs_sb, struct smb_sid *psid,
 	if (!sidstr)
 		return -ENOMEM;
 
-	saved_cred = override_creds(get_new_cred(root_cred));
+	saved_cred = override_creds(root_cred);
 	sidkey = request_key(&cifs_idmap_key_type, sidstr, "");
 	if (IS_ERR(sidkey)) {
 		cifs_dbg(FYI, "%s: Can't map SID %s to a %cid\n",
@@ -438,7 +438,7 @@ sid_to_id(struct cifs_sb_info *cifs_sb, struct smb_sid *psid,
 out_key_put:
 	key_put(sidkey);
 out_revert_creds:
-	put_cred(revert_creds(saved_cred));
+	revert_creds(saved_cred);
 	kfree(sidstr);
 
 	/*

-- 
2.45.2

[PATCH 21/26] smb: avoid pointless cred reference count bump

[Christian Brauner]

No need for the extra reference count bump.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 fs/smb/server/smb_common.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c
index f1d770a214c8b2c7d7dd4083ef57c7130bbce52c..a3f96804f84f03c22376769dffdf60cd66f5e3d2 100644
--- a/fs/smb/server/smb_common.c
+++ b/fs/smb/server/smb_common.c
@@ -780,7 +780,7 @@ int __ksmbd_override_fsids(struct ksmbd_work *work,
 		cred->cap_effective = cap_drop_fs_set(cred->cap_effective);
 
 	WARN_ON(work->saved_cred);
-	work->saved_cred = override_creds(get_new_cred(cred));
+	work->saved_cred = override_creds(cred);
 	if (!work->saved_cred) {
 		abort_creds(cred);
 		return -EINVAL;
@@ -799,9 +799,7 @@ void ksmbd_revert_fsids(struct ksmbd_work *work)
 
 	WARN_ON(!work->saved_cred);
 
-	cred = current_cred();
 	put_cred(revert_creds(work->saved_cred));
-	put_cred(cred);
 	work->saved_cred = NULL;
 }
 

-- 
2.45.2

[PATCH 22/26] io_uring: avoid pointless cred reference count bump

[Christian Brauner]

No need for the extra reference count bump.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 io_uring/io_uring.c | 4 ++--
 io_uring/sqpoll.c   | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c
index ad4d8e94a8665cf5f3e9ea0fd9bc6c03a03cc48f..8012933998837ddcef45c14f1dfe543947a9eaec 100644
--- a/io_uring/io_uring.c
+++ b/io_uring/io_uring.c
@@ -1704,7 +1704,7 @@ static int io_issue_sqe(struct io_kiocb *req, unsigned int issue_flags)
 		return -EBADF;
 
 	if (unlikely((req->flags & REQ_F_CREDS) && req->creds != current_cred()))
-		creds = override_creds(get_new_cred(req->creds));
+		creds = override_creds(req->creds);
 
 	if (!def->audit_skip)
 		audit_uring_entry(req->opcode);
@@ -1715,7 +1715,7 @@ static int io_issue_sqe(struct io_kiocb *req, unsigned int issue_flags)
 		audit_uring_exit(!ret, ret);
 
 	if (creds)
-		put_cred(revert_creds(creds));
+		revert_creds(creds);
 
 	if (ret == IOU_OK) {
 		if (issue_flags & IO_URING_F_COMPLETE_DEFER)
diff --git a/io_uring/sqpoll.c b/io_uring/sqpoll.c
index 1ca96347433695de1eb0e3bec7c6da4299e9ceb0..6df5e649c413e39e36db6cde2a8c6745e533bea9 100644
--- a/io_uring/sqpoll.c
+++ b/io_uring/sqpoll.c
@@ -174,7 +174,7 @@ static int __io_sq_thread(struct io_ring_ctx *ctx, bool cap_entries)
 		const struct cred *creds = NULL;
 
 		if (ctx->sq_creds != current_cred())
-			creds = override_creds(get_new_cred(ctx->sq_creds));
+			creds = override_creds(ctx->sq_creds);
 
 		mutex_lock(&ctx->uring_lock);
 		if (!wq_list_empty(&ctx->iopoll_list))
@@ -192,7 +192,7 @@ static int __io_sq_thread(struct io_ring_ctx *ctx, bool cap_entries)
 		if (to_submit && wq_has_sleeper(&ctx->sqo_sq_wait))
 			wake_up(&ctx->sqo_sq_wait);
 		if (creds)
-			put_cred(revert_creds(creds));
+			revert_creds(creds);
 	}
 
 	return ret;

-- 
2.45.2

[PATCH 23/26] acct: avoid pointless reference count bump

[Christian Brauner]

No need for the extra reference count bump.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 kernel/acct.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kernel/acct.c b/kernel/acct.c
index ea8c94887b5853b10e7a7e632f7b0bc4d52ab10b..179848ad33e978a557ce695a0d6020aa169177c6 100644
--- a/kernel/acct.c
+++ b/kernel/acct.c
@@ -501,7 +501,7 @@ static void do_acct_process(struct bsd_acct_struct *acct)
 	flim = rlimit(RLIMIT_FSIZE);
 	current->signal->rlim[RLIMIT_FSIZE].rlim_cur = RLIM_INFINITY;
 	/* Perform file operations on behalf of whoever enabled accounting */
-	orig_cred = override_creds(get_new_cred(file->f_cred));
+	orig_cred = override_creds(file->f_cred);
 
 	/*
 	 * First check to see if there is enough free_space to continue
@@ -541,7 +541,7 @@ static void do_acct_process(struct bsd_acct_struct *acct)
 	}
 out:
 	current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim;
-	put_cred(revert_creds(orig_cred));
+	revert_creds(orig_cred);
 }
 
 /**

-- 
2.45.2

[PATCH 24/26] cgroup: avoid pointless cred reference count bump

[Christian Brauner]

No need for the extra reference count bump.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 kernel/cgroup/cgroup.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 1a94e8b154beeed45d69056917f3dd9fc6d950fa..d9061bd55436b502e065b477a903ed682d722c2e 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -5216,11 +5216,11 @@ static ssize_t __cgroup_procs_write(struct kernfs_open_file *of, char *buf,
 	 * permissions using the credentials from file open to protect against
 	 * inherited fd attacks.
 	 */
-	saved_cred = override_creds(get_new_cred(of->file->f_cred));
+	saved_cred = override_creds(of->file->f_cred);
 	ret = cgroup_attach_permissions(src_cgrp, dst_cgrp,
 					of->file->f_path.dentry->d_sb,
 					threadgroup, ctx->ns);
-	put_cred(revert_creds(saved_cred));
+	revert_creds(saved_cred);
 	if (ret)
 		goto out_finish;
 

-- 
2.45.2

[PATCH 25/26] trace: avoid pointless cred reference count bump

[Christian Brauner]

No need for the extra reference count bump.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 kernel/trace/trace_events_user.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c
index c54ae15f425c2c1dad3f8c776027beca2f00a0a5..1ec83a4f19ac038a8580391c291653ab822ce664 100644
--- a/kernel/trace/trace_events_user.c
+++ b/kernel/trace/trace_events_user.c
@@ -1469,7 +1469,7 @@ static int user_event_set_call_visible(struct user_event *user, bool visible)
 	 */
 	cred->fsuid = GLOBAL_ROOT_UID;
 
-	old_cred = override_creds(get_new_cred(cred));
+	old_cred = override_creds(cred);
 
 	if (visible)
 		ret = trace_add_event_call(&user->call);
@@ -1477,7 +1477,6 @@ static int user_event_set_call_visible(struct user_event *user, bool visible)
 		ret = trace_remove_event_call(&user->call);
 
 	put_cred(revert_creds(old_cred));
-	put_cred(cred);
 
 	return ret;
 }

-- 
2.45.2

[PATCH 26/26] dns_resolver: avoid pointless cred reference count bump

[Christian Brauner]

No need for the extra reference count bump.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 net/dns_resolver/dns_query.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c
index 0b0789fe2194151102d5234aca3fc2dae9a1ed69..82b084cc1cc6349bb532d5ada555b0bcbb1cdbea 100644
--- a/net/dns_resolver/dns_query.c
+++ b/net/dns_resolver/dns_query.c
@@ -124,9 +124,9 @@ int dns_query(struct net *net,
 	/* make the upcall, using special credentials to prevent the use of
 	 * add_key() to preinstall malicious redirections
 	 */
-	saved_cred = override_creds(get_new_cred(dns_resolver_cache));
+	saved_cred = override_creds(dns_resolver_cache);
 	rkey = request_key_net(&key_type_dns_resolver, desc, net, options);
-	put_cred(revert_creds(saved_cred));
+	revert_creds(saved_cred);
 	kfree(desc);
 	if (IS_ERR(rkey)) {
 		ret = PTR_ERR(rkey);

-- 
2.45.2

Re: [PATCH 07/26] firmware: avoid pointless reference count bump

[Amir Goldstein]

On Sun, Nov 24, 2024 at 2:44 PM Christian Brauner <brauner@kernel.org> wrote:
>
> The creds are allocated via prepare_kernel_cred() which has already
> taken a reference.
>
> Signed-off-by: Christian Brauner <brauner@kernel.org>
> ---
>  drivers/base/firmware_loader/main.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c
> index 96a2c3011ca82148b4ba547764a1f92e252dbf5f..740ef6223a62ca37e776d1558f840f09c7c46c95 100644
> --- a/drivers/base/firmware_loader/main.c
> +++ b/drivers/base/firmware_loader/main.c
> @@ -912,7 +912,7 @@ _request_firmware(const struct firmware **firmware_p, const char *name,
>                 ret = -ENOMEM;
>                 goto out;
>         }
> -       old_cred = override_creds(get_new_cred(kern_cred));
> +       old_cred = override_creds(kern_cred);
>
>         ret = fw_get_filesystem_firmware(device, fw->priv, "", NULL);
>
> @@ -945,7 +945,6 @@ _request_firmware(const struct firmware **firmware_p, const char *name,
>                 ret = assign_fw(fw, device);
>
>         put_cred(revert_creds(old_cred));
> -       put_cred(kern_cred);

This may seem like nit picking, but I think that:
        revert_creds(old_cred));
        put_cred(kern_cred);

Is nicer. It is more balanced and it is more consistent with the majority of
patches in this series which in a balanced manner remove both the
get_new_cred from the override_creds line and the put_cred from the
revert_creds line.

If someone wanted to, both old_cred and kern_cred could be converted
to use scoped cleanup handlers. This is more apparent when the cleanup
is explicit on the local kern_cred var.

The same comment applies to a few other patches in this series.

Thanks,
Amir.

Re: [PATCH 18/26] ovl: avoid pointless cred reference count bump

[Amir Goldstein]

On Sun, Nov 24, 2024 at 2:44 PM Christian Brauner <brauner@kernel.org> wrote:
>
> No need for the extra reference count bump.
>
> Signed-off-by: Christian Brauner <brauner@kernel.org>
> ---
>  fs/overlayfs/copy_up.c | 6 ++----
>  1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c
> index 439bd9a5ceecc4d2f4dc5dfda7cea14c3d9411ba..39f08531abc7e99c32e709a46988939f072a9abe 100644
> --- a/fs/overlayfs/copy_up.c
> +++ b/fs/overlayfs/copy_up.c
> @@ -741,17 +741,15 @@ static int ovl_prep_cu_creds(struct dentry *dentry, struct ovl_cu_creds *cc)
>                 return err;
>
>         if (cc->new)
> -               cc->old = override_creds(get_new_cred(cc->new));
> +               cc->old = override_creds(cc->new);
>
>         return 0;
>  }
>
>  static void ovl_revert_cu_creds(struct ovl_cu_creds *cc)
>  {
> -       if (cc->new) {
> +       if (cc->new)
>                 put_cred(revert_creds(cc->old));
> -               put_cred(cc->new);
> -       }

Same comment here, I think this will read more clearly as
               revert_creds(cc->old));
               put_cred(cc->new);

and better reflects the counterpart of ovl_prep_cu_creds().

Thanks,
Amir.

Re: [PATCH 00/26] cred: rework {override,revert}_creds()

[Amir Goldstein]

On Sun, Nov 24, 2024 at 2:44 PM Christian Brauner <brauner@kernel.org> wrote:
>
> For the v6.13 cycle we switched overlayfs to a variant of
> override_creds() that doesn't take an extra reference. To this end I
> suggested introducing {override,revert}_creds_light() which overlayfs
> could use.
>
> This seems to work rather well. As Linus correctly points out that we
> should look into unifying both and simply make {override,revert}_creds()
> do what {override,revert}_creds_light() currently does. Caller's that
> really need the extra reference count can take it manually.
>
> This series does all that. Afaict, most callers can be directly
> converted over and can avoid the extra reference count completely.
>
> Lightly tested.

FWIW, your work.cred branch passes the overlayfs tests.

Thanks,
Amir.

>
> ---
> Christian Brauner (26):
>       tree-wide: s/override_creds()/override_creds_light(get_new_cred())/g
>       cred: return old creds from revert_creds_light()
>       tree-wide: s/revert_creds()/put_cred(revert_creds_light())/g
>       cred: remove old {override,revert}_creds() helpers
>       tree-wide: s/override_creds_light()/override_creds()/g
>       tree-wide: s/revert_creds_light()/revert_creds()/g
>       firmware: avoid pointless reference count bump
>       sev-dev: avoid pointless cred reference count bump
>       target_core_configfs: avoid pointless cred reference count bump
>       aio: avoid pointless cred reference count bump
>       binfmt_misc: avoid pointless cred reference count bump
>       coredump: avoid pointless cred reference count bump
>       nfs/localio: avoid pointless cred reference count bumps
>       nfs/nfs4idmap: avoid pointless reference count bump
>       nfs/nfs4recover: avoid pointless cred reference count bump
>       nfsfh: avoid pointless cred reference count bump
>       open: avoid pointless cred reference count bump
>       ovl: avoid pointless cred reference count bump
>       cifs: avoid pointless cred reference count bump
>       cifs: avoid pointless cred reference count bump
>       smb: avoid pointless cred reference count bump
>       io_uring: avoid pointless cred reference count bump
>       acct: avoid pointless reference count bump
>       cgroup: avoid pointless cred reference count bump
>       trace: avoid pointless cred reference count bump
>       dns_resolver: avoid pointless cred reference count bump
>
>  drivers/base/firmware_loader/main.c   |  3 +--
>  drivers/crypto/ccp/sev-dev.c          |  2 +-
>  drivers/target/target_core_configfs.c |  3 +--
>  fs/aio.c                              |  3 +--
>  fs/backing-file.c                     | 20 +++++++-------
>  fs/cachefiles/internal.h              |  4 +--
>  fs/nfsd/auth.c                        |  4 +--
>  fs/nfsd/filecache.c                   |  2 +-
>  fs/nfsd/nfs4recover.c                 |  3 +--
>  fs/nfsd/nfsfh.c                       |  1 -
>  fs/open.c                             | 10 ++-----
>  fs/overlayfs/copy_up.c                |  6 ++---
>  fs/overlayfs/dir.c                    |  4 +--
>  fs/overlayfs/util.c                   |  4 +--
>  fs/smb/server/smb_common.c            |  4 +--
>  include/linux/cred.h                  | 14 ++++------
>  kernel/cred.c                         | 50 -----------------------------------
>  kernel/trace/trace_events_user.c      |  3 +--
>  18 files changed, 35 insertions(+), 105 deletions(-)
> ---
> base-commit: 228a1157fb9fec47eb135b51c0202b574e079ebf
> change-id: 20241124-work-cred-349b65450082
>

Re: [PATCH 00/26] cred: rework {override,revert}_creds()

[Linus Torvalds]

On Sun, 24 Nov 2024 at 05:44, Christian Brauner <brauner@kernel.org> wrote:
>
> This series does all that. Afaict, most callers can be directly
> converted over and can avoid the extra reference count completely.
>
> Lightly tested.

Thanks, this looks good to me. I only had two reactions:

 (a) I was surprised that using get_new_cred() apparently "just worked".

I was expecting us to have cases where the cred was marked 'const',
because I had this memory of us actively marking things const to make
sure people didn't play games with modifying the creds in-place (and
then casting away the const just for ref updates).

But apparently that's never the case for override_creds() users, so
your patch actually ended up even simpler than I expected in that you
didn't end up needing any new helper for just incrementing the
refcount on a const cred.

 (b) a (slight) reaction was to wish for a short "why" on the
pointless reference bumps

partly to show that it was thought about, but also partly to
discourage people from doing it entirely mindlessly in other cases.

I mean, sometimes the reference bumps were just obviously pointless
because they ended up being right next to each other after being
exposed, like the get/put pattern in access_override_creds().

But in some other cases, like the aio_write case, I think it would
have been good to just say

 "The refcount is held by iocb->fsync.creds that cannot change over
the operation"

or similar. Or - very similarly - the binfmt_misc uses "file->f_cred",
and again, file->f_cred is set at open time and never changed, so we
can rely on it staying around for the file lifetime.

I actually don't know if there were any exceptions to this (ie cases
where the source of the override cred could actually go away from
under us during the operation) where you didn't end up removing the
refcount games as a result. You did have a couple of cases where you
actually explained why the bump wasn't necessary, but there were a
couple where I would have wished for that "the reference count is held
by X, which is stable over the whole sequence" kind of notes.

But not a big deal. Even in this form, I think this is a clear and
good improvement.

Thanks,
                    Linus

Re: [PATCH 08/26] sev-dev: avoid pointless cred reference count bump

[Al Viro]

On Sun, Nov 24, 2024 at 02:43:54PM +0100, Christian Brauner wrote:

>  drivers/crypto/ccp/sev-dev.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
> index 187c34b02442dd50640f88713bc5f6f88a1990f4..2e87ca0e292a1c1706a8e878285159b481b68a6f 100644
> --- a/drivers/crypto/ccp/sev-dev.c
> +++ b/drivers/crypto/ccp/sev-dev.c
> @@ -244,7 +244,7 @@ static struct file *open_file_as_root(const char *filename, int flags, umode_t m
>  	if (!cred)
>  		return ERR_PTR(-ENOMEM);
>  	cred->fsuid = GLOBAL_ROOT_UID;
> -	old_cred = override_creds(get_new_cred(cred));
> +	old_cred = override_creds(cred);
>  
>  	fp = file_open_root(&root, filename, flags, mode);
>  	path_put(&root);

Looks sane, but the use of file reads/writes in there does not.

At the very least, this
        nwrite = kernel_write(fp, sev_init_ex_buffer, NV_LENGTH, &offset);
        vfs_fsync(fp, 0);
        filp_close(fp, NULL);

        if (nwrite != NV_LENGTH) {
                dev_err(sev->dev,
                        "SEV: failed to write %u bytes to non volatile memory area, ret %ld\n",
                        NV_LENGTH, nwrite);
                return -EIO;
        }
is either too much or too little - if it's serious about reporting errors,
it would better check what fsync and close return...

Oh, well - unrelated to your patchset, obviously

Re: [PATCH 09/26] target_core_configfs: avoid pointless cred reference count bump

[Al Viro]

On Sun, Nov 24, 2024 at 02:43:55PM +0100, Christian Brauner wrote:
> The creds are allocated via prepare_kernel_cred() which has already
> taken a reference.
> 
> Signed-off-by: Christian Brauner <brauner@kernel.org>
> ---
>  drivers/target/target_core_configfs.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
> 
> diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c
> index ec7a5598719397da5cadfed12a05ca8eb81e46a9..d102ab79c56dd7977465f7455749e6e7a2c9fba1 100644
> --- a/drivers/target/target_core_configfs.c
> +++ b/drivers/target/target_core_configfs.c
> @@ -3756,10 +3756,9 @@ static int __init target_core_init_configfs(void)
>  		ret = -ENOMEM;
>  		goto out;
>  	}
> -	old_cred = override_creds(get_new_cred(kern_cred));
> +	old_cred = override_creds(kern_cred);
>  	target_init_dbroot();
>  	put_cred(revert_creds(old_cred));
> -	put_cred(kern_cred);

FWIW, I agree with Amir - 
 	revert_creds(old_cred);
	put_cred(kern_cred);
might be easier to follow.  In effect, you have two scopes here -
from prepare_kernel_cred() to put_cred() and, nested in it,
from override_creds() to revert_creds().

I'm not saying that __cleanup() is the right tool in those cases,
but the closing brackets of those scopes would be better off
separated.

Re: [PATCH 21/26] smb: avoid pointless cred reference count bump

[Al Viro]

On Sun, Nov 24, 2024 at 02:44:07PM +0100, Christian Brauner wrote:
> No need for the extra reference count bump.
> 
> Signed-off-by: Christian Brauner <brauner@kernel.org>
> ---
>  fs/smb/server/smb_common.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c
> index f1d770a214c8b2c7d7dd4083ef57c7130bbce52c..a3f96804f84f03c22376769dffdf60cd66f5e3d2 100644
> --- a/fs/smb/server/smb_common.c
> +++ b/fs/smb/server/smb_common.c
> @@ -780,7 +780,7 @@ int __ksmbd_override_fsids(struct ksmbd_work *work,
>  		cred->cap_effective = cap_drop_fs_set(cred->cap_effective);
>  
>  	WARN_ON(work->saved_cred);
> -	work->saved_cred = override_creds(get_new_cred(cred));
> +	work->saved_cred = override_creds(cred);
>  	if (!work->saved_cred) {
>  		abort_creds(cred);
>  		return -EINVAL;

Won't that leave a dangling pointer?

Re: [PATCH 21/26] smb: avoid pointless cred reference count bump

[Christian Brauner]

On Sun, Nov 24, 2024 at 06:37:43PM +0000, Al Viro wrote:
> On Sun, Nov 24, 2024 at 02:44:07PM +0100, Christian Brauner wrote:
> > No need for the extra reference count bump.
> > 
> > Signed-off-by: Christian Brauner <brauner@kernel.org>
> > ---
> >  fs/smb/server/smb_common.c | 4 +---
> >  1 file changed, 1 insertion(+), 3 deletions(-)
> > 
> > diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c
> > index f1d770a214c8b2c7d7dd4083ef57c7130bbce52c..a3f96804f84f03c22376769dffdf60cd66f5e3d2 100644
> > --- a/fs/smb/server/smb_common.c
> > +++ b/fs/smb/server/smb_common.c
> > @@ -780,7 +780,7 @@ int __ksmbd_override_fsids(struct ksmbd_work *work,
> >  		cred->cap_effective = cap_drop_fs_set(cred->cap_effective);
> >  
> >  	WARN_ON(work->saved_cred);
> > -	work->saved_cred = override_creds(get_new_cred(cred));
> > +	work->saved_cred = override_creds(cred);
> >  	if (!work->saved_cred) {
> >  		abort_creds(cred);
> >  		return -EINVAL;
> 
> Won't that leave a dangling pointer?

Afaict, the whole check doesn't make sense because I don't see how
override_creds() could be called on a task with current->cred == NULL.
There's no way to opt out of having current->cred set.

Re: [PATCH 18/26] ovl: avoid pointless cred reference count bump

[Christian Brauner]

On Sun, Nov 24, 2024 at 03:59:40PM +0100, Amir Goldstein wrote:
> On Sun, Nov 24, 2024 at 2:44 PM Christian Brauner <brauner@kernel.org> wrote:
> >
> > No need for the extra reference count bump.
> >
> > Signed-off-by: Christian Brauner <brauner@kernel.org>
> > ---
> >  fs/overlayfs/copy_up.c | 6 ++----
> >  1 file changed, 2 insertions(+), 4 deletions(-)
> >
> > diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c
> > index 439bd9a5ceecc4d2f4dc5dfda7cea14c3d9411ba..39f08531abc7e99c32e709a46988939f072a9abe 100644
> > --- a/fs/overlayfs/copy_up.c
> > +++ b/fs/overlayfs/copy_up.c
> > @@ -741,17 +741,15 @@ static int ovl_prep_cu_creds(struct dentry *dentry, struct ovl_cu_creds *cc)
> >                 return err;
> >
> >         if (cc->new)
> > -               cc->old = override_creds(get_new_cred(cc->new));
> > +               cc->old = override_creds(cc->new);
> >
> >         return 0;
> >  }
> >
> >  static void ovl_revert_cu_creds(struct ovl_cu_creds *cc)
> >  {
> > -       if (cc->new) {
> > +       if (cc->new)
> >                 put_cred(revert_creds(cc->old));
> > -               put_cred(cc->new);
> > -       }
> 
> Same comment here, I think this will read more clearly as
>                revert_creds(cc->old));
>                put_cred(cc->new);
> 
> and better reflects the counterpart of ovl_prep_cu_creds().

Ok, done.

Re: [PATCH 09/26] target_core_configfs: avoid pointless cred reference count bump

[Christian Brauner]

On Sun, Nov 24, 2024 at 06:26:12PM +0000, Al Viro wrote:
> On Sun, Nov 24, 2024 at 02:43:55PM +0100, Christian Brauner wrote:
> > The creds are allocated via prepare_kernel_cred() which has already
> > taken a reference.
> > 
> > Signed-off-by: Christian Brauner <brauner@kernel.org>
> > ---
> >  drivers/target/target_core_configfs.c | 3 +--
> >  1 file changed, 1 insertion(+), 2 deletions(-)
> > 
> > diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c
> > index ec7a5598719397da5cadfed12a05ca8eb81e46a9..d102ab79c56dd7977465f7455749e6e7a2c9fba1 100644
> > --- a/drivers/target/target_core_configfs.c
> > +++ b/drivers/target/target_core_configfs.c
> > @@ -3756,10 +3756,9 @@ static int __init target_core_init_configfs(void)
> >  		ret = -ENOMEM;
> >  		goto out;
> >  	}
> > -	old_cred = override_creds(get_new_cred(kern_cred));
> > +	old_cred = override_creds(kern_cred);
> >  	target_init_dbroot();
> >  	put_cred(revert_creds(old_cred));
> > -	put_cred(kern_cred);
> 
> FWIW, I agree with Amir - 
>  	revert_creds(old_cred);
> 	put_cred(kern_cred);

Ok, done.

Re: [PATCH 00/26] cred: rework {override,revert}_creds()

[Christian Brauner]

On Sun, Nov 24, 2024 at 10:00:24AM -0800, Linus Torvalds wrote:
> On Sun, 24 Nov 2024 at 05:44, Christian Brauner <brauner@kernel.org> wrote:
> >
> > This series does all that. Afaict, most callers can be directly
> > converted over and can avoid the extra reference count completely.
> >
> > Lightly tested.
> 
> Thanks, this looks good to me. I only had two reactions:
> 
>  (a) I was surprised that using get_new_cred() apparently "just worked".

There's only one case and that's io_uring where we can just cast because
we only need it temporarily during the conversion part of the patch
series. Later we don't take any reference count anymore in io_uring.

>  (b) a (slight) reaction was to wish for a short "why" on the
> pointless reference bumps

Yeah, sorry for some of the patches I just quickly jotted down the same
line in the commit message. I updated all those commit messages with
actual explanations why that's safe.

> But not a big deal. Even in this form, I think this is a clear and
> good improvement.

Cool.

Re: [PATCH 00/26] cred: rework {override,revert}_creds()

[Amir Goldstein]

On Sun, Nov 24, 2024 at 7:00 PM Linus Torvalds
<torvalds@linux-foundation.org> wrote:
>
> On Sun, 24 Nov 2024 at 05:44, Christian Brauner <brauner@kernel.org> wrote:
> >
> > This series does all that. Afaict, most callers can be directly
> > converted over and can avoid the extra reference count completely.
> >
> > Lightly tested.
>
> Thanks, this looks good to me. I only had two reactions:
>
>  (a) I was surprised that using get_new_cred() apparently "just worked".
>
> I was expecting us to have cases where the cred was marked 'const',
> because I had this memory of us actively marking things const to make
> sure people didn't play games with modifying the creds in-place (and
> then casting away the const just for ref updates).
>
> But apparently that's never the case for override_creds() users, so
> your patch actually ended up even simpler than I expected in that you
> didn't end up needing any new helper for just incrementing the
> refcount on a const cred.
>
>  (b) a (slight) reaction was to wish for a short "why" on the
> pointless reference bumps
>
> partly to show that it was thought about, but also partly to
> discourage people from doing it entirely mindlessly in other cases.
>
> I mean, sometimes the reference bumps were just obviously pointless
> because they ended up being right next to each other after being
> exposed, like the get/put pattern in access_override_creds().
>
> But in some other cases, like the aio_write case, I think it would
> have been good to just say
>
>  "The refcount is held by iocb->fsync.creds that cannot change over
> the operation"
>
> or similar. Or - very similarly - the binfmt_misc uses "file->f_cred",
> and again, file->f_cred is set at open time and never changed, so we
> can rely on it staying around for the file lifetime.
>
> I actually don't know if there were any exceptions to this (ie cases
> where the source of the override cred could actually go away from
> under us during the operation) where you didn't end up removing the
> refcount games as a result.

I was asking myself the same question.

I see that cachefiles_{begin,end}_secure() bump the refcount, but they
mostly follow a very similar pattern to the cases that do not bump the refcount,
so I wonder if you left this out because they were hidden in those
inline helpers
or because of the non-trivial case of  cachefiles_determine_cache_security()
which replaces the 'master' cache_creds?

Other that that, I stared at the creds code in nfsd_file_acquire_local() and
nfsd_setuser() more than I would like to admit, with lines like:

        /* discard any old override before preparing the new set */
        put_cred(revert_creds(get_cred(current_real_cred())));

And my only conclusion was this code is complicated enough,
so it'd better not use borrowed creds..

Thanks,
Amir.

Re: [PATCH 15/26] nfs/nfs4recover: avoid pointless cred reference count bump

[Chuck Lever]

On Sun, Nov 24, 2024 at 02:44:01PM +0100, Christian Brauner wrote:
> No need for the extra reference count bump.
> 
> Signed-off-by: Christian Brauner <brauner@kernel.org>
> ---
>  fs/nfsd/nfs4recover.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
> 
> diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c
> index 2834091cc988b1403aa2908f69e336f2fe4e0922..5b1d36b26f93450bb14d1d922feeeb6c35399fd5 100644
> --- a/fs/nfsd/nfs4recover.c
> +++ b/fs/nfsd/nfs4recover.c
> @@ -81,8 +81,7 @@ nfs4_save_creds(const struct cred **original_creds)
>  
>  	new->fsuid = GLOBAL_ROOT_UID;
>  	new->fsgid = GLOBAL_ROOT_GID;
> -	*original_creds = override_creds(get_new_cred(new));
> -	put_cred(new);
> +	*original_creds = override_creds(new);
>  	return 0;
>  }
>  
> 
> -- 
> 2.45.2
> 
> 

Acked-by: Chuck Lever <chuck.lever@oracle.com>

-- 
Chuck Lever

Re: [PATCH 16/26] nfsfh: avoid pointless cred reference count bump

[Chuck Lever]

On Sun, Nov 24, 2024 at 02:44:02PM +0100, Christian Brauner wrote:
> No need for the extra reference count bump.
> 
> Signed-off-by: Christian Brauner <brauner@kernel.org>
> ---
>  fs/nfsd/nfsfh.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
> 
> diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c
> index 60b0275d5529d49ac87e8b89e4eb650ecd624f71..ef925d96078397a5bc0d0842dbafa44a5a49f358 100644
> --- a/fs/nfsd/nfsfh.c
> +++ b/fs/nfsd/nfsfh.c
> @@ -221,8 +221,7 @@ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct net *net,
>  		new->cap_effective =
>  			cap_raise_nfsd_set(new->cap_effective,
>  					   new->cap_permitted);
> -		put_cred(override_creds(get_new_cred(new)));
> -		put_cred(new);
> +		put_cred(override_creds(new));
>  	} else {
>  		error = nfsd_setuser_and_check_port(rqstp, cred, exp);
>  		if (error)
> 
> -- 
> 2.45.2
> 
> 

Acked-by: Chuck Lever <chuck.lever@oracle.com>

-- 
Chuck Lever

Re: [PATCH 00/26] cred: rework {override,revert}_creds()

[Jeff Layton]

On Sun, 2024-11-24 at 14:43 +0100, Christian Brauner wrote:
> For the v6.13 cycle we switched overlayfs to a variant of
> override_creds() that doesn't take an extra reference. To this end I
> suggested introducing {override,revert}_creds_light() which overlayfs
> could use.
> 
> This seems to work rather well. As Linus correctly points out that we
> should look into unifying both and simply make {override,revert}_creds()
> do what {override,revert}_creds_light() currently does. Caller's that
> really need the extra reference count can take it manually.
> 
> This series does all that. Afaict, most callers can be directly
> converted over and can avoid the extra reference count completely.
> 
> Lightly tested.
> 
> ---
> Christian Brauner (26):
>       tree-wide: s/override_creds()/override_creds_light(get_new_cred())/g
>       cred: return old creds from revert_creds_light()
>       tree-wide: s/revert_creds()/put_cred(revert_creds_light())/g
>       cred: remove old {override,revert}_creds() helpers
>       tree-wide: s/override_creds_light()/override_creds()/g
>       tree-wide: s/revert_creds_light()/revert_creds()/g
>       firmware: avoid pointless reference count bump
>       sev-dev: avoid pointless cred reference count bump
>       target_core_configfs: avoid pointless cred reference count bump
>       aio: avoid pointless cred reference count bump
>       binfmt_misc: avoid pointless cred reference count bump
>       coredump: avoid pointless cred reference count bump
>       nfs/localio: avoid pointless cred reference count bumps
>       nfs/nfs4idmap: avoid pointless reference count bump
>       nfs/nfs4recover: avoid pointless cred reference count bump
>       nfsfh: avoid pointless cred reference count bump
>       open: avoid pointless cred reference count bump
>       ovl: avoid pointless cred reference count bump
>       cifs: avoid pointless cred reference count bump
>       cifs: avoid pointless cred reference count bump
>       smb: avoid pointless cred reference count bump
>       io_uring: avoid pointless cred reference count bump
>       acct: avoid pointless reference count bump
>       cgroup: avoid pointless cred reference count bump
>       trace: avoid pointless cred reference count bump
>       dns_resolver: avoid pointless cred reference count bump
> 
>  drivers/base/firmware_loader/main.c   |  3 +--
>  drivers/crypto/ccp/sev-dev.c          |  2 +-
>  drivers/target/target_core_configfs.c |  3 +--
>  fs/aio.c                              |  3 +--
>  fs/backing-file.c                     | 20 +++++++-------
>  fs/cachefiles/internal.h              |  4 +--
>  fs/nfsd/auth.c                        |  4 +--
>  fs/nfsd/filecache.c                   |  2 +-
>  fs/nfsd/nfs4recover.c                 |  3 +--
>  fs/nfsd/nfsfh.c                       |  1 -
>  fs/open.c                             | 10 ++-----
>  fs/overlayfs/copy_up.c                |  6 ++---
>  fs/overlayfs/dir.c                    |  4 +--
>  fs/overlayfs/util.c                   |  4 +--
>  fs/smb/server/smb_common.c            |  4 +--
>  include/linux/cred.h                  | 14 ++++------
>  kernel/cred.c                         | 50 -----------------------------------
>  kernel/trace/trace_events_user.c      |  3 +--
>  18 files changed, 35 insertions(+), 105 deletions(-)
> ---
> base-commit: 228a1157fb9fec47eb135b51c0202b574e079ebf
> change-id: 20241124-work-cred-349b65450082
> 
> 

Nice work. Looks like a fairly straightforward changeover and the new
API seems more intuitive. You can add:

Reviewed-by: Jeff Layton <jlayton@kernel.org>

Re: [PATCH 00/26] cred: rework {override,revert}_creds()

[Christian Brauner]

On Mon, Nov 25, 2024 at 01:55:25PM +0100, Amir Goldstein wrote:
> On Sun, Nov 24, 2024 at 7:00 PM Linus Torvalds
> <torvalds@linux-foundation.org> wrote:
> >
> > On Sun, 24 Nov 2024 at 05:44, Christian Brauner <brauner@kernel.org> wrote:
> > >
> > > This series does all that. Afaict, most callers can be directly
> > > converted over and can avoid the extra reference count completely.
> > >
> > > Lightly tested.
> >
> > Thanks, this looks good to me. I only had two reactions:
> >
> >  (a) I was surprised that using get_new_cred() apparently "just worked".
> >
> > I was expecting us to have cases where the cred was marked 'const',
> > because I had this memory of us actively marking things const to make
> > sure people didn't play games with modifying the creds in-place (and
> > then casting away the const just for ref updates).
> >
> > But apparently that's never the case for override_creds() users, so
> > your patch actually ended up even simpler than I expected in that you
> > didn't end up needing any new helper for just incrementing the
> > refcount on a const cred.
> >
> >  (b) a (slight) reaction was to wish for a short "why" on the
> > pointless reference bumps
> >
> > partly to show that it was thought about, but also partly to
> > discourage people from doing it entirely mindlessly in other cases.
> >
> > I mean, sometimes the reference bumps were just obviously pointless
> > because they ended up being right next to each other after being
> > exposed, like the get/put pattern in access_override_creds().
> >
> > But in some other cases, like the aio_write case, I think it would
> > have been good to just say
> >
> >  "The refcount is held by iocb->fsync.creds that cannot change over
> > the operation"
> >
> > or similar. Or - very similarly - the binfmt_misc uses "file->f_cred",
> > and again, file->f_cred is set at open time and never changed, so we
> > can rely on it staying around for the file lifetime.
> >
> > I actually don't know if there were any exceptions to this (ie cases
> > where the source of the override cred could actually go away from
> > under us during the operation) where you didn't end up removing the
> > refcount games as a result.
> 
> I was asking myself the same question.
> 
> I see that cachefiles_{begin,end}_secure() bump the refcount, but they
> mostly follow a very similar pattern to the cases that do not bump the refcount,
> so I wonder if you left this out because they were hidden in those
> inline helpers
> or because of the non-trivial case of  cachefiles_determine_cache_security()
> which replaces the 'master' cache_creds?
> 
> Other that that, I stared at the creds code in nfsd_file_acquire_local() and
> nfsd_setuser() more than I would like to admit, with lines like:
> 
>         /* discard any old override before preparing the new set */
>         put_cred(revert_creds(get_cred(current_real_cred())));
> 
> And my only conclusion was this code is complicated enough,
> so it'd better not use borrowed creds..

I actually ported cachefilesd and and nfsd in v2. I simply missed them.