From: Christian Brauner <brauner@kernel.org>
To: Amir Goldstein <amir73il@gmail.com>
Cc: Miklos Szeredi <miklos@szeredi.hu>,
Linus Torvalds <torvalds@linux-foundation.org>,
linux-unionfs@vger.kernel.org, linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH 1/6] ovl: add prepare_creds_ovl cleanup guard
Date: Fri, 14 Nov 2025 14:34:17 +0100 [thread overview]
Message-ID: <20251114-irrational-vordach-e9dffb0968cd@brauner> (raw)
In-Reply-To: <CAOQ4uxhpwpNKeTzR4D_LzOkwxMdpTrik0GmR1Z0UtMf16O29PQ@mail.gmail.com>
On Fri, Nov 14, 2025 at 01:04:22PM +0100, Amir Goldstein wrote:
> On Fri, Nov 14, 2025 at 11:15 AM Christian Brauner <brauner@kernel.org> wrote:
> >
> > The current code to override credentials for creation operations is
> > pretty difficult to understand. We effectively override the credentials
> > twice:
> >
> > (1) override with the mounter's credentials
> > (2) copy the mounts credentials and override the fs{g,u}id with the inode {u,g}id
> >
> > And then we elide the revert because it would be an idempotent revert.
> > That elision doesn't buy us anything anymore though because I've made it
> > all work without any reference counting anyway. All it does is mix the
> > two credential overrides together.
> >
> > We can use a cleanup guard to clarify the creation codepaths and make
> > them easier to understand.
> >
> > This just introduces the cleanup guard keeping the patch reviewable.
> > We'll convert the caller in follow-up patches and then drop the
> > duplicated code.
> >
> > Signed-off-by: Christian Brauner <brauner@kernel.org>
> > ---
> > fs/overlayfs/dir.c | 36 ++++++++++++++++++++++++++++++++++++
> > 1 file changed, 36 insertions(+)
> >
> > diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c
> > index 0030f5a69d22..87f6c5ea6ce0 100644
> > --- a/fs/overlayfs/dir.c
> > +++ b/fs/overlayfs/dir.c
> > @@ -575,6 +575,42 @@ static int ovl_create_over_whiteout(struct dentry *dentry, struct inode *inode,
> > goto out_dput;
> > }
> >
> > +static const struct cred *ovl_prepare_creds(struct dentry *dentry, struct inode *inode, umode_t mode)
> > +{
> > + int err;
> > +
> > + if (WARN_ON_ONCE(current->cred != ovl_creds(dentry->d_sb)))
> > + return ERR_PTR(-EINVAL);
> > +
> > + CLASS(prepare_creds, override_cred)();
> > + if (!override_cred)
> > + return ERR_PTR(-ENOMEM);
> > +
> > + override_cred->fsuid = inode->i_uid;
> > + override_cred->fsgid = inode->i_gid;
> > +
> > + err = security_dentry_create_files_as(dentry, mode, &dentry->d_name,
> > + current->cred, override_cred);
> > + if (err)
> > + return ERR_PTR(err);
> > +
> > + return override_creds(no_free_ptr(override_cred));
> > +}
> > +
> > +static void ovl_revert_creds(const struct cred *old_cred)
> > +{
> > + const struct cred *override_cred;
> > +
> > + override_cred = revert_creds(old_cred);
> > + put_cred(override_cred);
> > +}
> > +
>
> Earlier patch removed a helper by the same name that does not put_cred()
> That's a backporting trap.
>
> Maybe something like ovl_revert_create_creds()?
>
> And ovl_prepare_create_creds()?
Ok.
>
> > +DEFINE_CLASS(prepare_creds_ovl,
> > + const struct cred *,
> > + if (!IS_ERR(_T)) ovl_revert_creds(_T),
> > + ovl_prepare_creds(dentry, inode, mode),
> > + struct dentry *dentry, struct inode *inode, umode_t mode)
> > +
>
> Maybe also matching CLASS name.
Ok.
next prev parent reply other threads:[~2025-11-14 13:34 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-14 10:15 [PATCH 0/6] ovl: convert creation credential override to cred guard Christian Brauner
2025-11-14 10:15 ` [PATCH 1/6] ovl: add prepare_creds_ovl cleanup guard Christian Brauner
2025-11-14 12:04 ` Amir Goldstein
2025-11-14 13:34 ` Christian Brauner [this message]
2025-11-14 10:15 ` [PATCH 2/6] ovl: port ovl_create_tmpfile() to new " Christian Brauner
2025-11-14 10:15 ` [PATCH 3/6] ovl: reflow ovl_create_or_link() Christian Brauner
2025-11-14 11:52 ` Amir Goldstein
2025-11-14 12:00 ` Christian Brauner
2025-11-14 12:07 ` Amir Goldstein
2025-11-14 17:41 ` Miklos Szeredi
2025-11-14 10:15 ` [PATCH 4/6] ovl: mark ovl_setup_cred_for_create() as unused temporarily Christian Brauner
2025-11-14 10:15 ` [PATCH 5/6] ovl: port ovl_create_or_link() to new prepare_creds_ovl cleanup guard Christian Brauner
2025-11-14 10:15 ` [PATCH 6/6] ovl: drop ovl_setup_cred_for_create() Christian Brauner
2025-11-14 12:15 ` [PATCH 0/6] ovl: convert creation credential override to cred guard Amir Goldstein
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251114-irrational-vordach-e9dffb0968cd@brauner \
--to=brauner@kernel.org \
--cc=amir73il@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-unionfs@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).