From: Amir Goldstein <amir73il@gmail.com>
To: Christian Brauner <brauner@kernel.org>
Cc: Miklos Szeredi <miklos@szeredi.hu>,
Linus Torvalds <torvalds@linux-foundation.org>,
linux-unionfs@vger.kernel.org, linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH 1/6] ovl: add prepare_creds_ovl cleanup guard
Date: Fri, 14 Nov 2025 13:04:22 +0100 [thread overview]
Message-ID: <CAOQ4uxhpwpNKeTzR4D_LzOkwxMdpTrik0GmR1Z0UtMf16O29PQ@mail.gmail.com> (raw)
In-Reply-To: <20251114-work-ovl-cred-guard-prepare-v1-1-4fc1208afa3d@kernel.org>
On Fri, Nov 14, 2025 at 11:15 AM Christian Brauner <brauner@kernel.org> wrote:
>
> The current code to override credentials for creation operations is
> pretty difficult to understand. We effectively override the credentials
> twice:
>
> (1) override with the mounter's credentials
> (2) copy the mounts credentials and override the fs{g,u}id with the inode {u,g}id
>
> And then we elide the revert because it would be an idempotent revert.
> That elision doesn't buy us anything anymore though because I've made it
> all work without any reference counting anyway. All it does is mix the
> two credential overrides together.
>
> We can use a cleanup guard to clarify the creation codepaths and make
> them easier to understand.
>
> This just introduces the cleanup guard keeping the patch reviewable.
> We'll convert the caller in follow-up patches and then drop the
> duplicated code.
>
> Signed-off-by: Christian Brauner <brauner@kernel.org>
> ---
> fs/overlayfs/dir.c | 36 ++++++++++++++++++++++++++++++++++++
> 1 file changed, 36 insertions(+)
>
> diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c
> index 0030f5a69d22..87f6c5ea6ce0 100644
> --- a/fs/overlayfs/dir.c
> +++ b/fs/overlayfs/dir.c
> @@ -575,6 +575,42 @@ static int ovl_create_over_whiteout(struct dentry *dentry, struct inode *inode,
> goto out_dput;
> }
>
> +static const struct cred *ovl_prepare_creds(struct dentry *dentry, struct inode *inode, umode_t mode)
> +{
> + int err;
> +
> + if (WARN_ON_ONCE(current->cred != ovl_creds(dentry->d_sb)))
> + return ERR_PTR(-EINVAL);
> +
> + CLASS(prepare_creds, override_cred)();
> + if (!override_cred)
> + return ERR_PTR(-ENOMEM);
> +
> + override_cred->fsuid = inode->i_uid;
> + override_cred->fsgid = inode->i_gid;
> +
> + err = security_dentry_create_files_as(dentry, mode, &dentry->d_name,
> + current->cred, override_cred);
> + if (err)
> + return ERR_PTR(err);
> +
> + return override_creds(no_free_ptr(override_cred));
> +}
> +
> +static void ovl_revert_creds(const struct cred *old_cred)
> +{
> + const struct cred *override_cred;
> +
> + override_cred = revert_creds(old_cred);
> + put_cred(override_cred);
> +}
> +
Earlier patch removed a helper by the same name that does not put_cred()
That's a backporting trap.
Maybe something like ovl_revert_create_creds()?
And ovl_prepare_create_creds()?
> +DEFINE_CLASS(prepare_creds_ovl,
> + const struct cred *,
> + if (!IS_ERR(_T)) ovl_revert_creds(_T),
> + ovl_prepare_creds(dentry, inode, mode),
> + struct dentry *dentry, struct inode *inode, umode_t mode)
> +
Maybe also matching CLASS name.
Thanks,
Amir.
next prev parent reply other threads:[~2025-11-14 12:04 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-14 10:15 [PATCH 0/6] ovl: convert creation credential override to cred guard Christian Brauner
2025-11-14 10:15 ` [PATCH 1/6] ovl: add prepare_creds_ovl cleanup guard Christian Brauner
2025-11-14 12:04 ` Amir Goldstein [this message]
2025-11-14 13:34 ` Christian Brauner
2025-11-14 10:15 ` [PATCH 2/6] ovl: port ovl_create_tmpfile() to new " Christian Brauner
2025-11-14 10:15 ` [PATCH 3/6] ovl: reflow ovl_create_or_link() Christian Brauner
2025-11-14 11:52 ` Amir Goldstein
2025-11-14 12:00 ` Christian Brauner
2025-11-14 12:07 ` Amir Goldstein
2025-11-14 17:41 ` Miklos Szeredi
2025-11-14 10:15 ` [PATCH 4/6] ovl: mark ovl_setup_cred_for_create() as unused temporarily Christian Brauner
2025-11-14 10:15 ` [PATCH 5/6] ovl: port ovl_create_or_link() to new prepare_creds_ovl cleanup guard Christian Brauner
2025-11-14 10:15 ` [PATCH 6/6] ovl: drop ovl_setup_cred_for_create() Christian Brauner
2025-11-14 12:15 ` [PATCH 0/6] ovl: convert creation credential override to cred guard Amir Goldstein
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAOQ4uxhpwpNKeTzR4D_LzOkwxMdpTrik0GmR1Z0UtMf16O29PQ@mail.gmail.com \
--to=amir73il@gmail.com \
--cc=brauner@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-unionfs@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).