From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Jens Axboe <axboe@kernel.dk>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH 5.4 17/40] cred: switch to using atomic_long_t
Date: Mon, 18 Dec 2023 14:52:12 +0100 [thread overview]
Message-ID: <20231218135043.326595248@linuxfoundation.org> (raw)
In-Reply-To: <20231218135042.748715259@linuxfoundation.org>
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jens Axboe <axboe@kernel.dk>
commit f8fa5d76925991976b3e7076f9d1052515ec1fca upstream.
There are multiple ways to grab references to credentials, and the only
protection we have against overflowing it is the memory required to do
so.
With memory sizes only moving in one direction, let's bump the reference
count to 64-bit and move it outside the realm of feasibly overflowing.
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/cred.h | 8 +++---
kernel/cred.c | 64 +++++++++++++++++++++++++--------------------------
2 files changed, 36 insertions(+), 36 deletions(-)
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -109,7 +109,7 @@ static inline int groups_search(const st
* same context as task->real_cred.
*/
struct cred {
- atomic_t usage;
+ atomic_long_t usage;
#ifdef CONFIG_DEBUG_CREDENTIALS
atomic_t subscribers; /* number of processes subscribed */
void *put_addr;
@@ -227,7 +227,7 @@ static inline bool cap_ambient_invariant
*/
static inline struct cred *get_new_cred(struct cred *cred)
{
- atomic_inc(&cred->usage);
+ atomic_long_inc(&cred->usage);
return cred;
}
@@ -259,7 +259,7 @@ static inline const struct cred *get_cre
struct cred *nonconst_cred = (struct cred *) cred;
if (!cred)
return NULL;
- if (!atomic_inc_not_zero(&nonconst_cred->usage))
+ if (!atomic_long_inc_not_zero(&nonconst_cred->usage))
return NULL;
validate_creds(cred);
nonconst_cred->non_rcu = 0;
@@ -283,7 +283,7 @@ static inline void put_cred(const struct
if (cred) {
validate_creds(cred);
- if (atomic_dec_and_test(&(cred)->usage))
+ if (atomic_long_dec_and_test(&(cred)->usage))
__put_cred(cred);
}
}
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -98,17 +98,17 @@ static void put_cred_rcu(struct rcu_head
#ifdef CONFIG_DEBUG_CREDENTIALS
if (cred->magic != CRED_MAGIC_DEAD ||
- atomic_read(&cred->usage) != 0 ||
+ atomic_long_read(&cred->usage) != 0 ||
read_cred_subscribers(cred) != 0)
panic("CRED: put_cred_rcu() sees %p with"
- " mag %x, put %p, usage %d, subscr %d\n",
+ " mag %x, put %p, usage %ld, subscr %d\n",
cred, cred->magic, cred->put_addr,
- atomic_read(&cred->usage),
+ atomic_long_read(&cred->usage),
read_cred_subscribers(cred));
#else
- if (atomic_read(&cred->usage) != 0)
- panic("CRED: put_cred_rcu() sees %p with usage %d\n",
- cred, atomic_read(&cred->usage));
+ if (atomic_long_read(&cred->usage) != 0)
+ panic("CRED: put_cred_rcu() sees %p with usage %ld\n",
+ cred, atomic_long_read(&cred->usage));
#endif
security_cred_free(cred);
@@ -131,11 +131,11 @@ static void put_cred_rcu(struct rcu_head
*/
void __put_cred(struct cred *cred)
{
- kdebug("__put_cred(%p{%d,%d})", cred,
- atomic_read(&cred->usage),
+ kdebug("__put_cred(%p{%ld,%d})", cred,
+ atomic_long_read(&cred->usage),
read_cred_subscribers(cred));
- BUG_ON(atomic_read(&cred->usage) != 0);
+ BUG_ON(atomic_long_read(&cred->usage) != 0);
#ifdef CONFIG_DEBUG_CREDENTIALS
BUG_ON(read_cred_subscribers(cred) != 0);
cred->magic = CRED_MAGIC_DEAD;
@@ -158,8 +158,8 @@ void exit_creds(struct task_struct *tsk)
{
struct cred *cred;
- kdebug("exit_creds(%u,%p,%p,{%d,%d})", tsk->pid, tsk->real_cred, tsk->cred,
- atomic_read(&tsk->cred->usage),
+ kdebug("exit_creds(%u,%p,%p,{%ld,%d})", tsk->pid, tsk->real_cred, tsk->cred,
+ atomic_long_read(&tsk->cred->usage),
read_cred_subscribers(tsk->cred));
cred = (struct cred *) tsk->real_cred;
@@ -218,7 +218,7 @@ struct cred *cred_alloc_blank(void)
if (!new)
return NULL;
- atomic_set(&new->usage, 1);
+ atomic_long_set(&new->usage, 1);
#ifdef CONFIG_DEBUG_CREDENTIALS
new->magic = CRED_MAGIC;
#endif
@@ -265,7 +265,7 @@ struct cred *prepare_creds(void)
memcpy(new, old, sizeof(struct cred));
new->non_rcu = 0;
- atomic_set(&new->usage, 1);
+ atomic_long_set(&new->usage, 1);
set_cred_subscribers(new, 0);
get_group_info(new->group_info);
get_uid(new->user);
@@ -345,8 +345,8 @@ int copy_creds(struct task_struct *p, un
p->real_cred = get_cred(p->cred);
get_cred(p->cred);
alter_cred_subscribers(p->cred, 2);
- kdebug("share_creds(%p{%d,%d})",
- p->cred, atomic_read(&p->cred->usage),
+ kdebug("share_creds(%p{%ld,%d})",
+ p->cred, atomic_long_read(&p->cred->usage),
read_cred_subscribers(p->cred));
atomic_inc(&p->cred->user->processes);
return 0;
@@ -436,8 +436,8 @@ int commit_creds(struct cred *new)
struct task_struct *task = current;
const struct cred *old = task->real_cred;
- kdebug("commit_creds(%p{%d,%d})", new,
- atomic_read(&new->usage),
+ kdebug("commit_creds(%p{%ld,%d})", new,
+ atomic_long_read(&new->usage),
read_cred_subscribers(new));
BUG_ON(task->cred != old);
@@ -446,7 +446,7 @@ int commit_creds(struct cred *new)
validate_creds(old);
validate_creds(new);
#endif
- BUG_ON(atomic_read(&new->usage) < 1);
+ BUG_ON(atomic_long_read(&new->usage) < 1);
get_cred(new); /* we will require a ref for the subj creds too */
@@ -519,14 +519,14 @@ EXPORT_SYMBOL(commit_creds);
*/
void abort_creds(struct cred *new)
{
- kdebug("abort_creds(%p{%d,%d})", new,
- atomic_read(&new->usage),
+ kdebug("abort_creds(%p{%ld,%d})", new,
+ atomic_long_read(&new->usage),
read_cred_subscribers(new));
#ifdef CONFIG_DEBUG_CREDENTIALS
BUG_ON(read_cred_subscribers(new) != 0);
#endif
- BUG_ON(atomic_read(&new->usage) < 1);
+ BUG_ON(atomic_long_read(&new->usage) < 1);
put_cred(new);
}
EXPORT_SYMBOL(abort_creds);
@@ -542,8 +542,8 @@ const struct cred *override_creds(const
{
const struct cred *old = current->cred;
- kdebug("override_creds(%p{%d,%d})", new,
- atomic_read(&new->usage),
+ kdebug("override_creds(%p{%ld,%d})", new,
+ atomic_long_read(&new->usage),
read_cred_subscribers(new));
validate_creds(old);
@@ -565,8 +565,8 @@ const struct cred *override_creds(const
rcu_assign_pointer(current->cred, new);
alter_cred_subscribers(old, -1);
- kdebug("override_creds() = %p{%d,%d}", old,
- atomic_read(&old->usage),
+ kdebug("override_creds() = %p{%ld,%d}", old,
+ atomic_long_read(&old->usage),
read_cred_subscribers(old));
return old;
}
@@ -583,8 +583,8 @@ void revert_creds(const struct cred *old
{
const struct cred *override = current->cred;
- kdebug("revert_creds(%p{%d,%d})", old,
- atomic_read(&old->usage),
+ kdebug("revert_creds(%p{%ld,%d})", old,
+ atomic_long_read(&old->usage),
read_cred_subscribers(old));
validate_creds(old);
@@ -698,7 +698,7 @@ struct cred *prepare_kernel_cred(struct
*new = *old;
new->non_rcu = 0;
- atomic_set(&new->usage, 1);
+ atomic_long_set(&new->usage, 1);
set_cred_subscribers(new, 0);
get_uid(new->user);
get_user_ns(new->user_ns);
@@ -808,8 +808,8 @@ static void dump_invalid_creds(const str
cred == tsk->cred ? "[eff]" : "");
printk(KERN_ERR "CRED: ->magic=%x, put_addr=%p\n",
cred->magic, cred->put_addr);
- printk(KERN_ERR "CRED: ->usage=%d, subscr=%d\n",
- atomic_read(&cred->usage),
+ printk(KERN_ERR "CRED: ->usage=%ld, subscr=%d\n",
+ atomic_long_read(&cred->usage),
read_cred_subscribers(cred));
printk(KERN_ERR "CRED: ->*uid = { %d,%d,%d,%d }\n",
from_kuid_munged(&init_user_ns, cred->uid),
@@ -881,9 +881,9 @@ EXPORT_SYMBOL(__validate_process_creds);
*/
void validate_creds_for_do_exit(struct task_struct *tsk)
{
- kdebug("validate_creds_for_do_exit(%p,%p{%d,%d})",
+ kdebug("validate_creds_for_do_exit(%p,%p{%ld,%d})",
tsk->real_cred, tsk->cred,
- atomic_read(&tsk->cred->usage),
+ atomic_long_read(&tsk->cred->usage),
read_cred_subscribers(tsk->cred));
__validate_process_creds(tsk, __FILE__, __LINE__);
next prev parent reply other threads:[~2023-12-18 14:11 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-18 13:51 [PATCH 5.4 00/40] 5.4.265-rc1 review Greg Kroah-Hartman
2023-12-18 13:51 ` [PATCH 5.4 01/40] afs: Fix refcount underflow from error handling race Greg Kroah-Hartman
2023-12-18 13:51 ` [PATCH 5.4 02/40] net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX Greg Kroah-Hartman
2023-12-18 13:51 ` [PATCH 5.4 03/40] qca_debug: Prevent crash on TX ring changes Greg Kroah-Hartman
2023-12-18 13:51 ` [PATCH 5.4 04/40] qca_debug: Fix ethtool -G iface tx behavior Greg Kroah-Hartman
2023-12-18 13:52 ` [PATCH 5.4 05/40] qca_spi: Fix reset behavior Greg Kroah-Hartman
2023-12-18 13:52 ` [PATCH 5.4 06/40] atm: solos-pci: Fix potential deadlock on &cli_queue_lock Greg Kroah-Hartman
2023-12-18 13:52 ` [PATCH 5.4 07/40] atm: solos-pci: Fix potential deadlock on &tx_queue_lock Greg Kroah-Hartman
2023-12-18 13:52 ` [PATCH 5.4 08/40] atm: Fix Use-After-Free in do_vcc_ioctl Greg Kroah-Hartman
2023-12-18 13:52 ` [PATCH 5.4 09/40] net/rose: Fix Use-After-Free in rose_ioctl Greg Kroah-Hartman
2023-12-18 13:52 ` [PATCH 5.4 10/40] qed: Fix a potential use-after-free in qed_cxt_tables_alloc Greg Kroah-Hartman
2023-12-18 13:52 ` [PATCH 5.4 11/40] net: Remove acked SYN flag from packet in the transmit queue correctly Greg Kroah-Hartman
2023-12-18 13:52 ` [PATCH 5.4 12/40] sign-file: Fix incorrect return values check Greg Kroah-Hartman
2023-12-18 13:52 ` [PATCH 5.4 13/40] vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() Greg Kroah-Hartman
2023-12-18 13:52 ` [PATCH 5.4 14/40] net: stmmac: use dev_err_probe() for reporting mdio bus registration failure Greg Kroah-Hartman
2023-12-18 13:52 ` [PATCH 5.4 15/40] net: stmmac: Handle disabled MDIO busses from devicetree Greg Kroah-Hartman
2023-12-18 13:52 ` [PATCH 5.4 16/40] appletalk: Fix Use-After-Free in atalk_ioctl Greg Kroah-Hartman
2023-12-18 13:52 ` Greg Kroah-Hartman [this message]
2023-12-18 13:52 ` [PATCH 5.4 18/40] ALSA: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants Greg Kroah-Hartman
2023-12-18 13:52 ` [PATCH 5.4 19/40] Revert "PCI: acpiphp: Reassign resources on bridge if necessary" Greg Kroah-Hartman
2023-12-18 13:52 ` [PATCH 5.4 20/40] usb: aqc111: check packet for fixup for true limit Greg Kroah-Hartman
2023-12-18 13:52 ` [PATCH 5.4 21/40] blk-throttle: fix lockdep warning of "cgroup_mutex or RCU read lock required!" Greg Kroah-Hartman
2023-12-18 13:52 ` [PATCH 5.4 22/40] bcache: avoid oversize memory allocation by small stripe_size Greg Kroah-Hartman
2023-12-18 13:52 ` [PATCH 5.4 23/40] bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() Greg Kroah-Hartman
2023-12-18 13:52 ` [PATCH 5.4 24/40] bcache: avoid NULL checking to c->root in run_cache_set() Greg Kroah-Hartman
2023-12-18 13:52 ` [PATCH 5.4 25/40] platform/x86: intel_telemetry: Fix kernel doc descriptions Greg Kroah-Hartman
2023-12-18 13:52 ` [PATCH 5.4 26/40] HID: add ALWAYS_POLL quirk for Apple kb Greg Kroah-Hartman
2023-12-18 13:52 ` [PATCH 5.4 27/40] HID: hid-asus: reset the backlight brightness level on resume Greg Kroah-Hartman
2023-12-18 13:52 ` [PATCH 5.4 28/40] HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad Greg Kroah-Hartman
2023-12-18 13:52 ` [PATCH 5.4 29/40] asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation Greg Kroah-Hartman
2023-12-18 13:52 ` [PATCH 5.4 30/40] net: usb: qmi_wwan: claim interface 4 for ZTE MF290 Greg Kroah-Hartman
2023-12-18 13:52 ` [PATCH 5.4 31/40] HID: hid-asus: add const to read-only outgoing usb buffer Greg Kroah-Hartman
2023-12-18 13:52 ` [PATCH 5.4 32/40] perf: Fix perf_event_validate_size() lockdep splat Greg Kroah-Hartman
2023-12-18 13:52 ` [PATCH 5.4 33/40] soundwire: stream: fix NULL pointer dereference for multi_link Greg Kroah-Hartman
2023-12-18 13:52 ` [PATCH 5.4 34/40] ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS Greg Kroah-Hartman
2023-12-18 13:52 ` [PATCH 5.4 35/40] arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify Greg Kroah-Hartman
2023-12-18 13:52 ` [PATCH 5.4 36/40] team: Fix use-after-free when an option instance allocation fails Greg Kroah-Hartman
2023-12-18 13:52 ` [PATCH 5.4 37/40] ring-buffer: Fix memory leak of free page Greg Kroah-Hartman
2023-12-18 13:52 ` [PATCH 5.4 38/40] mmc: block: Be sure to wait while busy in CQE error recovery Greg Kroah-Hartman
2023-12-18 13:52 ` [PATCH 5.4 39/40] powerpc/ftrace: Create a dummy stackframe to fix stack unwind Greg Kroah-Hartman
2023-12-18 13:52 ` [PATCH 5.4 40/40] powerpc/ftrace: Fix stack teardown in ftrace_no_trace Greg Kroah-Hartman
2023-12-19 0:03 ` [PATCH 5.4 00/40] 5.4.265-rc1 review Shuah Khan
2023-12-19 6:19 ` Harshit Mogalapalli
2023-12-19 9:08 ` Naresh Kamboju
2023-12-19 11:30 ` Jon Hunter
2023-12-19 20:52 ` Florian Fainelli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231218135043.326595248@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=axboe@kernel.dk \
--cc=patches@lists.linux.dev \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox