* [PATCH 00/12] credential guards: credential preparation
@ 2025-11-03 14:57 Christian Brauner
2025-11-03 14:57 ` [PATCH 01/12] cred: add prepare credential guard Christian Brauner
` (11 more replies)
0 siblings, 12 replies; 15+ messages in thread
From: Christian Brauner @ 2025-11-03 14:57 UTC (permalink / raw)
To: Linus Torvalds
Cc: linux-fsdevel, linux-kernel, linux-aio, linux-unionfs,
linux-erofs, linux-nfs, linux-cifs, samba-technical, cgroups,
netdev, linux-crypto, linux-trace-kernel, Christian Brauner
This converts most users combining
* prepare_creds()
* modify new creds
* override_creds()
* revert_creds()
* put_cred()
to rely on credentials guards.
Signed-off-by: Christian Brauner <brauner@kernel.org>
---
Christian Brauner (12):
cred: add prepare credential guard
sev-dev: use guard for path
sev-dev: use prepare credential guard
sev-dev: use override credential guards
coredump: move revert_cred() before coredump_cleanup()
coredump: pass struct linux_binfmt as const
coredump: mark struct mm_struct as const
coredump: split out do_coredump() from vfs_coredump()
coredump: use prepare credential guard
coredump: use override credential guard
trace: use prepare credential guard
trace: use override credential guard
drivers/crypto/ccp/sev-dev.c | 15 ++---
fs/coredump.c | 142 +++++++++++++++++++--------------------
include/linux/cred.h | 5 ++
include/linux/sched/coredump.h | 2 +-
kernel/trace/trace_events_user.c | 15 ++---
5 files changed, 86 insertions(+), 93 deletions(-)
---
base-commit: bcbcea89c608394efecb35237fa9fc1bf5f349d1
change-id: 20251103-work-creds-guards-prepare_creds-101e75226f70
^ permalink raw reply [flat|nested] 15+ messages in thread
* [PATCH 01/12] cred: add prepare credential guard
2025-11-03 14:57 [PATCH 00/12] credential guards: credential preparation Christian Brauner
@ 2025-11-03 14:57 ` Christian Brauner
2025-11-03 14:57 ` [PATCH 02/12] sev-dev: use guard for path Christian Brauner
` (10 subsequent siblings)
11 siblings, 0 replies; 15+ messages in thread
From: Christian Brauner @ 2025-11-03 14:57 UTC (permalink / raw)
To: Linus Torvalds
Cc: linux-fsdevel, linux-kernel, linux-aio, linux-unionfs,
linux-erofs, linux-nfs, linux-cifs, samba-technical, cgroups,
netdev, linux-crypto, linux-trace-kernel, Christian Brauner
A lot of code uses the following pattern:
* prepare new credentials
* modify them for their use-case
* drop them
Support that easier with the new guard infrastructure.
Signed-off-by: Christian Brauner <brauner@kernel.org>
---
include/linux/cred.h | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/include/linux/cred.h b/include/linux/cred.h
index 1778c0535b90..a1e33227e0c2 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -285,6 +285,11 @@ static inline void put_cred(const struct cred *cred)
put_cred_many(cred, 1);
}
+DEFINE_CLASS(prepare_creds,
+ struct cred *,
+ if (_T) put_cred(_T),
+ prepare_creds(), void)
+
DEFINE_FREE(put_cred, struct cred *, if (!IS_ERR_OR_NULL(_T)) put_cred(_T))
/**
--
2.47.3
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH 02/12] sev-dev: use guard for path
2025-11-03 14:57 [PATCH 00/12] credential guards: credential preparation Christian Brauner
2025-11-03 14:57 ` [PATCH 01/12] cred: add prepare credential guard Christian Brauner
@ 2025-11-03 14:57 ` Christian Brauner
2025-11-03 14:57 ` [PATCH 03/12] sev-dev: use prepare credential guard Christian Brauner
` (9 subsequent siblings)
11 siblings, 0 replies; 15+ messages in thread
From: Christian Brauner @ 2025-11-03 14:57 UTC (permalink / raw)
To: Linus Torvalds
Cc: linux-fsdevel, linux-kernel, linux-aio, linux-unionfs,
linux-erofs, linux-nfs, linux-cifs, samba-technical, cgroups,
netdev, linux-crypto, linux-trace-kernel, Christian Brauner
Just use a guard and also move the path_put() out of the credential
change's scope. There's no need to do this with the overridden
credentials.
Signed-off-by: Christian Brauner <brauner@kernel.org>
---
drivers/crypto/ccp/sev-dev.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
index 0d13d47c164b..c5e22af04abb 100644
--- a/drivers/crypto/ccp/sev-dev.c
+++ b/drivers/crypto/ccp/sev-dev.c
@@ -259,8 +259,8 @@ static int sev_cmd_buffer_len(int cmd)
static struct file *open_file_as_root(const char *filename, int flags, umode_t mode)
{
+ struct path root __free(path_put) = {};
struct file *fp;
- struct path root;
struct cred *cred;
const struct cred *old_cred;
@@ -275,7 +275,6 @@ static struct file *open_file_as_root(const char *filename, int flags, umode_t m
old_cred = override_creds(cred);
fp = file_open_root(&root, filename, flags, mode);
- path_put(&root);
put_cred(revert_creds(old_cred));
--
2.47.3
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH 03/12] sev-dev: use prepare credential guard
2025-11-03 14:57 [PATCH 00/12] credential guards: credential preparation Christian Brauner
2025-11-03 14:57 ` [PATCH 01/12] cred: add prepare credential guard Christian Brauner
2025-11-03 14:57 ` [PATCH 02/12] sev-dev: use guard for path Christian Brauner
@ 2025-11-03 14:57 ` Christian Brauner
2025-11-03 14:57 ` [PATCH 04/12] sev-dev: use override credential guards Christian Brauner
` (8 subsequent siblings)
11 siblings, 0 replies; 15+ messages in thread
From: Christian Brauner @ 2025-11-03 14:57 UTC (permalink / raw)
To: Linus Torvalds
Cc: linux-fsdevel, linux-kernel, linux-aio, linux-unionfs,
linux-erofs, linux-nfs, linux-cifs, samba-technical, cgroups,
netdev, linux-crypto, linux-trace-kernel, Christian Brauner
Use the prepare credential guard for allocating a new set of
credentials.
Signed-off-by: Christian Brauner <brauner@kernel.org>
---
drivers/crypto/ccp/sev-dev.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
index c5e22af04abb..09e4c9490d58 100644
--- a/drivers/crypto/ccp/sev-dev.c
+++ b/drivers/crypto/ccp/sev-dev.c
@@ -268,15 +268,16 @@ static struct file *open_file_as_root(const char *filename, int flags, umode_t m
get_fs_root(init_task.fs, &root);
task_unlock(&init_task);
- cred = prepare_creds();
+ CLASS(prepare_creds, cred)();
if (!cred)
return ERR_PTR(-ENOMEM);
+
cred->fsuid = GLOBAL_ROOT_UID;
old_cred = override_creds(cred);
fp = file_open_root(&root, filename, flags, mode);
- put_cred(revert_creds(old_cred));
+ revert_creds(old_cred);
return fp;
}
--
2.47.3
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH 04/12] sev-dev: use override credential guards
2025-11-03 14:57 [PATCH 00/12] credential guards: credential preparation Christian Brauner
` (2 preceding siblings ...)
2025-11-03 14:57 ` [PATCH 03/12] sev-dev: use prepare credential guard Christian Brauner
@ 2025-11-03 14:57 ` Christian Brauner
2025-11-03 14:57 ` [PATCH 05/12] coredump: move revert_cred() before coredump_cleanup() Christian Brauner
` (7 subsequent siblings)
11 siblings, 0 replies; 15+ messages in thread
From: Christian Brauner @ 2025-11-03 14:57 UTC (permalink / raw)
To: Linus Torvalds
Cc: linux-fsdevel, linux-kernel, linux-aio, linux-unionfs,
linux-erofs, linux-nfs, linux-cifs, samba-technical, cgroups,
netdev, linux-crypto, linux-trace-kernel, Christian Brauner
Use override credential guards for scoped credential override with
automatic restoration on scope exit.
Signed-off-by: Christian Brauner <brauner@kernel.org>
---
drivers/crypto/ccp/sev-dev.c | 9 ++-------
1 file changed, 2 insertions(+), 7 deletions(-)
diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
index 09e4c9490d58..19422f422a59 100644
--- a/drivers/crypto/ccp/sev-dev.c
+++ b/drivers/crypto/ccp/sev-dev.c
@@ -260,7 +260,6 @@ static int sev_cmd_buffer_len(int cmd)
static struct file *open_file_as_root(const char *filename, int flags, umode_t mode)
{
struct path root __free(path_put) = {};
- struct file *fp;
struct cred *cred;
const struct cred *old_cred;
@@ -273,13 +272,9 @@ static struct file *open_file_as_root(const char *filename, int flags, umode_t m
return ERR_PTR(-ENOMEM);
cred->fsuid = GLOBAL_ROOT_UID;
- old_cred = override_creds(cred);
-
- fp = file_open_root(&root, filename, flags, mode);
-
- revert_creds(old_cred);
- return fp;
+ with_creds(cred);
+ return file_open_root(&root, filename, flags, mode);
}
static int sev_read_init_ex_file(void)
--
2.47.3
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH 05/12] coredump: move revert_cred() before coredump_cleanup()
2025-11-03 14:57 [PATCH 00/12] credential guards: credential preparation Christian Brauner
` (3 preceding siblings ...)
2025-11-03 14:57 ` [PATCH 04/12] sev-dev: use override credential guards Christian Brauner
@ 2025-11-03 14:57 ` Christian Brauner
2025-11-03 14:57 ` [PATCH 06/12] coredump: pass struct linux_binfmt as const Christian Brauner
` (6 subsequent siblings)
11 siblings, 0 replies; 15+ messages in thread
From: Christian Brauner @ 2025-11-03 14:57 UTC (permalink / raw)
To: Linus Torvalds
Cc: linux-fsdevel, linux-kernel, linux-aio, linux-unionfs,
linux-erofs, linux-nfs, linux-cifs, samba-technical, cgroups,
netdev, linux-crypto, linux-trace-kernel, Christian Brauner
There's no need to pin the credentials across the coredump_cleanup()
call. Nothing in there depends on elevated credentials.
Signed-off-by: Christian Brauner <brauner@kernel.org>
---
fs/coredump.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/coredump.c b/fs/coredump.c
index 5c1c381ee380..4fce2a2f279c 100644
--- a/fs/coredump.c
+++ b/fs/coredump.c
@@ -1197,8 +1197,8 @@ void vfs_coredump(const kernel_siginfo_t *siginfo)
}
close_fail:
- coredump_cleanup(&cn, &cprm);
revert_creds(old_cred);
+ coredump_cleanup(&cn, &cprm);
return;
}
--
2.47.3
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH 06/12] coredump: pass struct linux_binfmt as const
2025-11-03 14:57 [PATCH 00/12] credential guards: credential preparation Christian Brauner
` (4 preceding siblings ...)
2025-11-03 14:57 ` [PATCH 05/12] coredump: move revert_cred() before coredump_cleanup() Christian Brauner
@ 2025-11-03 14:57 ` Christian Brauner
2025-11-03 14:57 ` [PATCH 07/12] coredump: mark struct mm_struct " Christian Brauner
` (5 subsequent siblings)
11 siblings, 0 replies; 15+ messages in thread
From: Christian Brauner @ 2025-11-03 14:57 UTC (permalink / raw)
To: Linus Torvalds
Cc: linux-fsdevel, linux-kernel, linux-aio, linux-unionfs,
linux-erofs, linux-nfs, linux-cifs, samba-technical, cgroups,
netdev, linux-crypto, linux-trace-kernel, Christian Brauner
We don't actually modify it.
Signed-off-by: Christian Brauner <brauner@kernel.org>
---
fs/coredump.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/coredump.c b/fs/coredump.c
index 4fce2a2f279c..590360ba0a28 100644
--- a/fs/coredump.c
+++ b/fs/coredump.c
@@ -1036,7 +1036,7 @@ static bool coredump_pipe(struct core_name *cn, struct coredump_params *cprm,
static bool coredump_write(struct core_name *cn,
struct coredump_params *cprm,
- struct linux_binfmt *binfmt)
+ const struct linux_binfmt *binfmt)
{
if (dump_interrupted())
@@ -1093,7 +1093,7 @@ void vfs_coredump(const kernel_siginfo_t *siginfo)
struct core_state core_state;
struct core_name cn;
struct mm_struct *mm = current->mm;
- struct linux_binfmt *binfmt = mm->binfmt;
+ const struct linux_binfmt *binfmt = mm->binfmt;
const struct cred *old_cred;
int argc = 0;
struct coredump_params cprm = {
--
2.47.3
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH 07/12] coredump: mark struct mm_struct as const
2025-11-03 14:57 [PATCH 00/12] credential guards: credential preparation Christian Brauner
` (5 preceding siblings ...)
2025-11-03 14:57 ` [PATCH 06/12] coredump: pass struct linux_binfmt as const Christian Brauner
@ 2025-11-03 14:57 ` Christian Brauner
2025-11-03 14:57 ` [PATCH 08/12] coredump: split out do_coredump() from vfs_coredump() Christian Brauner
` (4 subsequent siblings)
11 siblings, 0 replies; 15+ messages in thread
From: Christian Brauner @ 2025-11-03 14:57 UTC (permalink / raw)
To: Linus Torvalds
Cc: linux-fsdevel, linux-kernel, linux-aio, linux-unionfs,
linux-erofs, linux-nfs, linux-cifs, samba-technical, cgroups,
netdev, linux-crypto, linux-trace-kernel, Christian Brauner
We don't actually modify it.
Signed-off-by: Christian Brauner <brauner@kernel.org>
---
fs/coredump.c | 2 +-
include/linux/sched/coredump.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/coredump.c b/fs/coredump.c
index 590360ba0a28..8253b28bc728 100644
--- a/fs/coredump.c
+++ b/fs/coredump.c
@@ -1092,7 +1092,7 @@ void vfs_coredump(const kernel_siginfo_t *siginfo)
size_t *argv __free(kfree) = NULL;
struct core_state core_state;
struct core_name cn;
- struct mm_struct *mm = current->mm;
+ const struct mm_struct *mm = current->mm;
const struct linux_binfmt *binfmt = mm->binfmt;
const struct cred *old_cred;
int argc = 0;
diff --git a/include/linux/sched/coredump.h b/include/linux/sched/coredump.h
index b7fafe999073..624fda17a785 100644
--- a/include/linux/sched/coredump.h
+++ b/include/linux/sched/coredump.h
@@ -8,7 +8,7 @@
#define SUID_DUMP_USER 1 /* Dump as user of process */
#define SUID_DUMP_ROOT 2 /* Dump as root */
-static inline unsigned long __mm_flags_get_dumpable(struct mm_struct *mm)
+static inline unsigned long __mm_flags_get_dumpable(const struct mm_struct *mm)
{
/*
* By convention, dumpable bits are contained in first 32 bits of the
--
2.47.3
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH 08/12] coredump: split out do_coredump() from vfs_coredump()
2025-11-03 14:57 [PATCH 00/12] credential guards: credential preparation Christian Brauner
` (6 preceding siblings ...)
2025-11-03 14:57 ` [PATCH 07/12] coredump: mark struct mm_struct " Christian Brauner
@ 2025-11-03 14:57 ` Christian Brauner
2025-11-03 14:57 ` [PATCH 09/12] coredump: use prepare credential guard Christian Brauner
` (3 subsequent siblings)
11 siblings, 0 replies; 15+ messages in thread
From: Christian Brauner @ 2025-11-03 14:57 UTC (permalink / raw)
To: Linus Torvalds
Cc: linux-fsdevel, linux-kernel, linux-aio, linux-unionfs,
linux-erofs, linux-nfs, linux-cifs, samba-technical, cgroups,
netdev, linux-crypto, linux-trace-kernel, Christian Brauner
Make the function easier to follow and prepare for some of the following
changes.
Signed-off-by: Christian Brauner <brauner@kernel.org>
---
fs/coredump.c | 131 ++++++++++++++++++++++++++++++----------------------------
1 file changed, 68 insertions(+), 63 deletions(-)
diff --git a/fs/coredump.c b/fs/coredump.c
index 8253b28bc728..79c681f1d647 100644
--- a/fs/coredump.c
+++ b/fs/coredump.c
@@ -1086,6 +1086,73 @@ static inline bool coredump_skip(const struct coredump_params *cprm,
return false;
}
+static void do_coredump(struct core_name *cn, struct coredump_params *cprm,
+ size_t **argv, int *argc, const struct linux_binfmt *binfmt)
+{
+ if (!coredump_parse(cn, cprm, argv, argc)) {
+ coredump_report_failure("format_corename failed, aborting core");
+ return;
+ }
+
+ switch (cn->core_type) {
+ case COREDUMP_FILE:
+ if (!coredump_file(cn, cprm, binfmt))
+ return;
+ break;
+ case COREDUMP_PIPE:
+ if (!coredump_pipe(cn, cprm, *argv, *argc))
+ return;
+ break;
+ case COREDUMP_SOCK_REQ:
+ fallthrough;
+ case COREDUMP_SOCK:
+ if (!coredump_socket(cn, cprm))
+ return;
+ break;
+ default:
+ WARN_ON_ONCE(true);
+ return;
+ }
+
+ /* Don't even generate the coredump. */
+ if (cn->mask & COREDUMP_REJECT)
+ return;
+
+ /* get us an unshared descriptor table; almost always a no-op */
+ /* The cell spufs coredump code reads the file descriptor tables */
+ if (unshare_files())
+ return;
+
+ if ((cn->mask & COREDUMP_KERNEL) && !coredump_write(cn, cprm, binfmt))
+ return;
+
+ coredump_sock_shutdown(cprm->file);
+
+ /* Let the parent know that a coredump was generated. */
+ if (cn->mask & COREDUMP_USERSPACE)
+ cn->core_dumped = true;
+
+ /*
+ * When core_pipe_limit is set we wait for the coredump server
+ * or usermodehelper to finish before exiting so it can e.g.,
+ * inspect /proc/<pid>.
+ */
+ if (cn->mask & COREDUMP_WAIT) {
+ switch (cn->core_type) {
+ case COREDUMP_PIPE:
+ wait_for_dump_helpers(cprm->file);
+ break;
+ case COREDUMP_SOCK_REQ:
+ fallthrough;
+ case COREDUMP_SOCK:
+ coredump_sock_wait(cprm->file);
+ break;
+ default:
+ break;
+ }
+ }
+}
+
void vfs_coredump(const kernel_siginfo_t *siginfo)
{
struct cred *cred __free(put_cred) = NULL;
@@ -1133,70 +1200,8 @@ void vfs_coredump(const kernel_siginfo_t *siginfo)
old_cred = override_creds(cred);
- if (!coredump_parse(&cn, &cprm, &argv, &argc)) {
- coredump_report_failure("format_corename failed, aborting core");
- goto close_fail;
- }
-
- switch (cn.core_type) {
- case COREDUMP_FILE:
- if (!coredump_file(&cn, &cprm, binfmt))
- goto close_fail;
- break;
- case COREDUMP_PIPE:
- if (!coredump_pipe(&cn, &cprm, argv, argc))
- goto close_fail;
- break;
- case COREDUMP_SOCK_REQ:
- fallthrough;
- case COREDUMP_SOCK:
- if (!coredump_socket(&cn, &cprm))
- goto close_fail;
- break;
- default:
- WARN_ON_ONCE(true);
- goto close_fail;
- }
-
- /* Don't even generate the coredump. */
- if (cn.mask & COREDUMP_REJECT)
- goto close_fail;
-
- /* get us an unshared descriptor table; almost always a no-op */
- /* The cell spufs coredump code reads the file descriptor tables */
- if (unshare_files())
- goto close_fail;
-
- if ((cn.mask & COREDUMP_KERNEL) && !coredump_write(&cn, &cprm, binfmt))
- goto close_fail;
-
- coredump_sock_shutdown(cprm.file);
-
- /* Let the parent know that a coredump was generated. */
- if (cn.mask & COREDUMP_USERSPACE)
- cn.core_dumped = true;
-
- /*
- * When core_pipe_limit is set we wait for the coredump server
- * or usermodehelper to finish before exiting so it can e.g.,
- * inspect /proc/<pid>.
- */
- if (cn.mask & COREDUMP_WAIT) {
- switch (cn.core_type) {
- case COREDUMP_PIPE:
- wait_for_dump_helpers(cprm.file);
- break;
- case COREDUMP_SOCK_REQ:
- fallthrough;
- case COREDUMP_SOCK:
- coredump_sock_wait(cprm.file);
- break;
- default:
- break;
- }
- }
+ do_coredump(&cn, &cprm, &argv, &argc, binfmt);
-close_fail:
revert_creds(old_cred);
coredump_cleanup(&cn, &cprm);
return;
--
2.47.3
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH 09/12] coredump: use prepare credential guard
2025-11-03 14:57 [PATCH 00/12] credential guards: credential preparation Christian Brauner
` (7 preceding siblings ...)
2025-11-03 14:57 ` [PATCH 08/12] coredump: split out do_coredump() from vfs_coredump() Christian Brauner
@ 2025-11-03 14:57 ` Christian Brauner
2025-11-03 14:57 ` [PATCH 10/12] coredump: use override " Christian Brauner
` (2 subsequent siblings)
11 siblings, 0 replies; 15+ messages in thread
From: Christian Brauner @ 2025-11-03 14:57 UTC (permalink / raw)
To: Linus Torvalds
Cc: linux-fsdevel, linux-kernel, linux-aio, linux-unionfs,
linux-erofs, linux-nfs, linux-cifs, samba-technical, cgroups,
netdev, linux-crypto, linux-trace-kernel, Christian Brauner
Use the prepare credential guard for allocating a new set of
credentials.
Signed-off-by: Christian Brauner <brauner@kernel.org>
---
fs/coredump.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/fs/coredump.c b/fs/coredump.c
index 79c681f1d647..5424a6c4e360 100644
--- a/fs/coredump.c
+++ b/fs/coredump.c
@@ -1155,7 +1155,6 @@ static void do_coredump(struct core_name *cn, struct coredump_params *cprm,
void vfs_coredump(const kernel_siginfo_t *siginfo)
{
- struct cred *cred __free(put_cred) = NULL;
size_t *argv __free(kfree) = NULL;
struct core_state core_state;
struct core_name cn;
@@ -1183,7 +1182,7 @@ void vfs_coredump(const kernel_siginfo_t *siginfo)
if (coredump_skip(&cprm, binfmt))
return;
- cred = prepare_creds();
+ CLASS(prepare_creds, cred)();
if (!cred)
return;
/*
--
2.47.3
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH 10/12] coredump: use override credential guard
2025-11-03 14:57 [PATCH 00/12] credential guards: credential preparation Christian Brauner
` (8 preceding siblings ...)
2025-11-03 14:57 ` [PATCH 09/12] coredump: use prepare credential guard Christian Brauner
@ 2025-11-03 14:57 ` Christian Brauner
2025-11-03 14:57 ` [PATCH 11/12] trace: use prepare " Christian Brauner
2025-11-03 14:57 ` [PATCH 12/12] trace: use override " Christian Brauner
11 siblings, 0 replies; 15+ messages in thread
From: Christian Brauner @ 2025-11-03 14:57 UTC (permalink / raw)
To: Linus Torvalds
Cc: linux-fsdevel, linux-kernel, linux-aio, linux-unionfs,
linux-erofs, linux-nfs, linux-cifs, samba-technical, cgroups,
netdev, linux-crypto, linux-trace-kernel, Christian Brauner
Use override credential guards for scoped credential override with
automatic restoration on scope exit.
Signed-off-by: Christian Brauner <brauner@kernel.org>
---
fs/coredump.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/fs/coredump.c b/fs/coredump.c
index 5424a6c4e360..fe4099e0530b 100644
--- a/fs/coredump.c
+++ b/fs/coredump.c
@@ -1160,7 +1160,6 @@ void vfs_coredump(const kernel_siginfo_t *siginfo)
struct core_name cn;
const struct mm_struct *mm = current->mm;
const struct linux_binfmt *binfmt = mm->binfmt;
- const struct cred *old_cred;
int argc = 0;
struct coredump_params cprm = {
.siginfo = siginfo,
@@ -1197,11 +1196,8 @@ void vfs_coredump(const kernel_siginfo_t *siginfo)
if (coredump_wait(siginfo->si_signo, &core_state) < 0)
return;
- old_cred = override_creds(cred);
-
- do_coredump(&cn, &cprm, &argv, &argc, binfmt);
-
- revert_creds(old_cred);
+ scoped_with_creds(cred)
+ do_coredump(&cn, &cprm, &argv, &argc, binfmt);
coredump_cleanup(&cn, &cprm);
return;
}
--
2.47.3
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH 11/12] trace: use prepare credential guard
2025-11-03 14:57 [PATCH 00/12] credential guards: credential preparation Christian Brauner
` (9 preceding siblings ...)
2025-11-03 14:57 ` [PATCH 10/12] coredump: use override " Christian Brauner
@ 2025-11-03 14:57 ` Christian Brauner
2025-11-03 16:09 ` Steven Rostedt
2025-11-03 14:57 ` [PATCH 12/12] trace: use override " Christian Brauner
11 siblings, 1 reply; 15+ messages in thread
From: Christian Brauner @ 2025-11-03 14:57 UTC (permalink / raw)
To: Linus Torvalds
Cc: linux-fsdevel, linux-kernel, linux-aio, linux-unionfs,
linux-erofs, linux-nfs, linux-cifs, samba-technical, cgroups,
netdev, linux-crypto, linux-trace-kernel, Christian Brauner
Use the prepare credential guard for allocating a new set of
credentials.
Signed-off-by: Christian Brauner <brauner@kernel.org>
---
kernel/trace/trace_events_user.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c
index c428dafe7496..3461b1d29276 100644
--- a/kernel/trace/trace_events_user.c
+++ b/kernel/trace/trace_events_user.c
@@ -1453,8 +1453,7 @@ static int user_event_set_call_visible(struct user_event *user, bool visible)
const struct cred *old_cred;
struct cred *cred;
- cred = prepare_creds();
-
+ CLASS(prepare_creds, cred)();
if (!cred)
return -ENOMEM;
@@ -1477,7 +1476,6 @@ static int user_event_set_call_visible(struct user_event *user, bool visible)
ret = trace_remove_event_call(&user->call);
revert_creds(old_cred);
- put_cred(cred);
return ret;
}
--
2.47.3
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH 12/12] trace: use override credential guard
2025-11-03 14:57 [PATCH 00/12] credential guards: credential preparation Christian Brauner
` (10 preceding siblings ...)
2025-11-03 14:57 ` [PATCH 11/12] trace: use prepare " Christian Brauner
@ 2025-11-03 14:57 ` Christian Brauner
2025-11-03 16:10 ` Steven Rostedt
11 siblings, 1 reply; 15+ messages in thread
From: Christian Brauner @ 2025-11-03 14:57 UTC (permalink / raw)
To: Linus Torvalds
Cc: linux-fsdevel, linux-kernel, linux-aio, linux-unionfs,
linux-erofs, linux-nfs, linux-cifs, samba-technical, cgroups,
netdev, linux-crypto, linux-trace-kernel, Christian Brauner
Use override credential guards for scoped credential override with
automatic restoration on scope exit.
Signed-off-by: Christian Brauner <brauner@kernel.org>
---
kernel/trace/trace_events_user.c | 11 +++--------
1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c
index 3461b1d29276..4528c058d7cd 100644
--- a/kernel/trace/trace_events_user.c
+++ b/kernel/trace/trace_events_user.c
@@ -1449,8 +1449,6 @@ static struct trace_event_functions user_event_funcs = {
static int user_event_set_call_visible(struct user_event *user, bool visible)
{
- int ret;
- const struct cred *old_cred;
struct cred *cred;
CLASS(prepare_creds, cred)();
@@ -1470,14 +1468,11 @@ static int user_event_set_call_visible(struct user_event *user, bool visible)
old_cred = override_creds(cred);
+ with_creds(cred);
if (visible)
- ret = trace_add_event_call(&user->call);
- else
- ret = trace_remove_event_call(&user->call);
+ return trace_add_event_call(&user->call);
- revert_creds(old_cred);
-
- return ret;
+ return trace_remove_event_call(&user->call);
}
static int destroy_user_event(struct user_event *user)
--
2.47.3
^ permalink raw reply related [flat|nested] 15+ messages in thread
* Re: [PATCH 11/12] trace: use prepare credential guard
2025-11-03 14:57 ` [PATCH 11/12] trace: use prepare " Christian Brauner
@ 2025-11-03 16:09 ` Steven Rostedt
0 siblings, 0 replies; 15+ messages in thread
From: Steven Rostedt @ 2025-11-03 16:09 UTC (permalink / raw)
To: Christian Brauner
Cc: Linus Torvalds, linux-fsdevel, linux-kernel, linux-aio,
linux-unionfs, linux-erofs, linux-nfs, linux-cifs,
samba-technical, cgroups, netdev, linux-crypto,
linux-trace-kernel
On Mon, 03 Nov 2025 15:57:37 +0100
Christian Brauner <brauner@kernel.org> wrote:
> Use the prepare credential guard for allocating a new set of
> credentials.
>
> Signed-off-by: Christian Brauner <brauner@kernel.org>
> ---
> kernel/trace/trace_events_user.c | 4 +---
> 1 file changed, 1 insertion(+), 3 deletions(-)
>
Acked-by: Steven Rostedt (Google) <rostedt@goodmis.org>
-- Steve
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 12/12] trace: use override credential guard
2025-11-03 14:57 ` [PATCH 12/12] trace: use override " Christian Brauner
@ 2025-11-03 16:10 ` Steven Rostedt
0 siblings, 0 replies; 15+ messages in thread
From: Steven Rostedt @ 2025-11-03 16:10 UTC (permalink / raw)
To: Christian Brauner
Cc: Linus Torvalds, linux-fsdevel, linux-kernel, linux-aio,
linux-unionfs, linux-erofs, linux-nfs, linux-cifs,
samba-technical, cgroups, netdev, linux-crypto,
linux-trace-kernel
On Mon, 03 Nov 2025 15:57:38 +0100
Christian Brauner <brauner@kernel.org> wrote:
> Use override credential guards for scoped credential override with
> automatic restoration on scope exit.
>
> Signed-off-by: Christian Brauner <brauner@kernel.org>
> ---
> kernel/trace/trace_events_user.c | 11 +++--------
> 1 file changed, 3 insertions(+), 8 deletions(-)
Acked-by: Steven Rostedt (Google) <rostedt@goodmis.org>
-- Steve
^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2025-11-03 16:10 UTC | newest]
Thread overview: 15+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-11-03 14:57 [PATCH 00/12] credential guards: credential preparation Christian Brauner
2025-11-03 14:57 ` [PATCH 01/12] cred: add prepare credential guard Christian Brauner
2025-11-03 14:57 ` [PATCH 02/12] sev-dev: use guard for path Christian Brauner
2025-11-03 14:57 ` [PATCH 03/12] sev-dev: use prepare credential guard Christian Brauner
2025-11-03 14:57 ` [PATCH 04/12] sev-dev: use override credential guards Christian Brauner
2025-11-03 14:57 ` [PATCH 05/12] coredump: move revert_cred() before coredump_cleanup() Christian Brauner
2025-11-03 14:57 ` [PATCH 06/12] coredump: pass struct linux_binfmt as const Christian Brauner
2025-11-03 14:57 ` [PATCH 07/12] coredump: mark struct mm_struct " Christian Brauner
2025-11-03 14:57 ` [PATCH 08/12] coredump: split out do_coredump() from vfs_coredump() Christian Brauner
2025-11-03 14:57 ` [PATCH 09/12] coredump: use prepare credential guard Christian Brauner
2025-11-03 14:57 ` [PATCH 10/12] coredump: use override " Christian Brauner
2025-11-03 14:57 ` [PATCH 11/12] trace: use prepare " Christian Brauner
2025-11-03 16:09 ` Steven Rostedt
2025-11-03 14:57 ` [PATCH 12/12] trace: use override " Christian Brauner
2025-11-03 16:10 ` Steven Rostedt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).