From 7915f42453602697b402d8cbbeb7689166fb569b Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:03 +0100 Subject: [PATCH 01/16] firmware: avoid pointless reference count bump The creds are allocated via prepare_kernel_cred() which has already taken a reference. Link: https://lore.kernel.org/r/20241125-work-cred-v2-7-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- drivers/base/firmware_loader/main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index a97fa36ee4bd..cb0912ea3e62 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -911,7 +911,7 @@ _request_firmware(const struct firmware **firmware_p, const char *name, ret = -ENOMEM; goto out; } - old_cred = override_creds(get_new_cred(kern_cred)); + old_cred = override_creds(kern_cred); ret = fw_get_filesystem_firmware(device, fw->priv, "", NULL); @@ -943,7 +943,7 @@ _request_firmware(const struct firmware **firmware_p, const char *name, } else ret = assign_fw(fw, device); - put_cred(revert_creds(old_cred)); + revert_creds(old_cred); put_cred(kern_cred); out: -- 2.51.0 From 25fe3d58e4ba20b1ec98d7ce9067ddd234e8e448 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:04 +0100 Subject: [PATCH 02/16] sev-dev: avoid pointless cred reference count bump and fix a memory leak while at it. The new creds are created via prepare_creds() and then reverted via put_cred(revert_creds()). The additional reference count bump from override_creds() wasn't even taken into account before. Link: https://lore.kernel.org/r/20241125-work-cred-v2-8-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- drivers/crypto/ccp/sev-dev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 187c34b02442..2e87ca0e292a 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -244,7 +244,7 @@ static struct file *open_file_as_root(const char *filename, int flags, umode_t m if (!cred) return ERR_PTR(-ENOMEM); cred->fsuid = GLOBAL_ROOT_UID; - old_cred = override_creds(get_new_cred(cred)); + old_cred = override_creds(cred); fp = file_open_root(&root, filename, flags, mode); path_put(&root); -- 2.51.0 From 7c0c3b346adafb515a5ff085c68c92695c4fdb04 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:05 +0100 Subject: [PATCH 03/16] target_core_configfs: avoid pointless cred reference count bump The creds are allocated via prepare_kernel_cred() which has already taken a reference. Link: https://lore.kernel.org/r/20241125-work-cred-v2-9-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- drivers/target/target_core_configfs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c index ec7a55987193..c40217f44b1b 100644 --- a/drivers/target/target_core_configfs.c +++ b/drivers/target/target_core_configfs.c @@ -3756,9 +3756,9 @@ static int __init target_core_init_configfs(void) ret = -ENOMEM; goto out; } - old_cred = override_creds(get_new_cred(kern_cred)); + old_cred = override_creds(kern_cred); target_init_dbroot(); - put_cred(revert_creds(old_cred)); + revert_creds(old_cred); put_cred(kern_cred); return 0; -- 2.51.0 From b37eab47cf5479f974c029e23d84f9049d4df009 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:06 +0100 Subject: [PATCH 04/16] aio: avoid pointless cred reference count bump iocb->fsync.creds already holds a reference count that is stable while the operation is performed. Link: https://lore.kernel.org/r/20241125-work-cred-v2-10-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- fs/aio.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/aio.c b/fs/aio.c index 5e57dcaed7f1..50671640b588 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -1639,10 +1639,10 @@ static int aio_write(struct kiocb *req, const struct iocb *iocb, static void aio_fsync_work(struct work_struct *work) { struct aio_kiocb *iocb = container_of(work, struct aio_kiocb, fsync.work); - const struct cred *old_cred = override_creds(get_new_cred(iocb->fsync.creds)); + const struct cred *old_cred = override_creds(iocb->fsync.creds); iocb->ki_res.res = vfs_fsync(iocb->fsync.file, iocb->fsync.datasync); - put_cred(revert_creds(old_cred)); + revert_creds(old_cred); put_cred(iocb->fsync.creds); iocb_put(iocb); } -- 2.51.0 From caf6bf48f902e8e353f124325dd635d143331476 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:07 +0100 Subject: [PATCH 05/16] binfmt_misc: avoid pointless cred reference count bump file->f_cred already holds a reference count that is stable during the operation. Link: https://lore.kernel.org/r/20241125-work-cred-v2-11-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- fs/binfmt_misc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c index 3270c2158552..6a3a16f91051 100644 --- a/fs/binfmt_misc.c +++ b/fs/binfmt_misc.c @@ -829,9 +829,9 @@ static ssize_t bm_register_write(struct file *file, const char __user *buffer, * didn't matter much as only a privileged process could open * the register file. */ - old_cred = override_creds(get_new_cred(file->f_cred)); + old_cred = override_creds(file->f_cred); f = open_exec(e->interpreter); - put_cred(revert_creds(old_cred)); + revert_creds(old_cred); if (IS_ERR(f)) { pr_notice("register: failed to install interpreter file %s\n", e->interpreter); -- 2.51.0 From bd05aeb1eedc60dee05f82efe97339330239f37e Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:08 +0100 Subject: [PATCH 06/16] coredump: avoid pointless cred reference count bump The creds are allocated via prepare_creds() which has already taken a reference. Link: https://lore.kernel.org/r/20241125-work-cred-v2-12-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- fs/coredump.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/coredump.c b/fs/coredump.c index 0d3a65cac546..d48edb37bc35 100644 --- a/fs/coredump.c +++ b/fs/coredump.c @@ -576,7 +576,7 @@ void do_coredump(const kernel_siginfo_t *siginfo) if (retval < 0) goto fail_creds; - old_cred = override_creds(get_new_cred(cred)); + old_cred = override_creds(cred); ispipe = format_corename(&cn, &cprm, &argv, &argc); @@ -781,7 +781,7 @@ fail_unlock: kfree(argv); kfree(cn.corename); coredump_finish(core_dumped); - put_cred(revert_creds(old_cred)); + revert_creds(old_cred); fail_creds: put_cred(cred); fail: -- 2.51.0 From 6c7a0a6afd0e45ba4879d6fb2bafa9807cde6e2c Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:09 +0100 Subject: [PATCH 07/16] nfs/localio: avoid pointless cred reference count bumps filp->f_cred already holds a reference count that is stable during the operation. Link: https://lore.kernel.org/r/20241125-work-cred-v2-13-68b9d38bb5b2@kernel.org Acked-by: Chuck Lever Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- fs/nfs/localio.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/fs/nfs/localio.c b/fs/nfs/localio.c index 720a4a99bd8a..4b8618cf114c 100644 --- a/fs/nfs/localio.c +++ b/fs/nfs/localio.c @@ -374,7 +374,7 @@ static void nfs_local_call_read(struct work_struct *work) struct iov_iter iter; ssize_t status; - save_cred = override_creds(get_new_cred(filp->f_cred)); + save_cred = override_creds(filp->f_cred); nfs_local_iter_init(&iter, iocb, READ); @@ -384,7 +384,7 @@ static void nfs_local_call_read(struct work_struct *work) nfs_local_read_done(iocb, status); nfs_local_pgio_release(iocb); - put_cred(revert_creds(save_cred)); + revert_creds(save_cred); } static int @@ -545,7 +545,7 @@ static void nfs_local_call_write(struct work_struct *work) ssize_t status; current->flags |= PF_LOCAL_THROTTLE | PF_MEMALLOC_NOIO; - save_cred = override_creds(get_new_cred(filp->f_cred)); + save_cred = override_creds(filp->f_cred); nfs_local_iter_init(&iter, iocb, WRITE); @@ -558,7 +558,7 @@ static void nfs_local_call_write(struct work_struct *work) nfs_local_vfs_getattr(iocb); nfs_local_pgio_release(iocb); - put_cred(revert_creds(save_cred)); + revert_creds(save_cred); current->flags = old_flags; } -- 2.51.0 From 3e23a1cd849d96ff3615d731acdafa8332ca2206 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:10 +0100 Subject: [PATCH 08/16] nfs/nfs4idmap: avoid pointless reference count bump The override creds are allocated with a long-term refernce when the id_resolver is initialized via prepare_kernel_creds() that is put when the id_resolver is destroyed. Link: https://lore.kernel.org/r/20241125-work-cred-v2-14-68b9d38bb5b2@kernel.org Acked-by: Chuck Lever Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- fs/nfs/nfs4idmap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/nfs/nfs4idmap.c b/fs/nfs/nfs4idmap.c index 25b6a8920a65..25a7c771cfd8 100644 --- a/fs/nfs/nfs4idmap.c +++ b/fs/nfs/nfs4idmap.c @@ -311,9 +311,9 @@ static ssize_t nfs_idmap_get_key(const char *name, size_t namelen, const struct user_key_payload *payload; ssize_t ret; - saved_cred = override_creds(get_new_cred(id_resolver_cache)); + saved_cred = override_creds(id_resolver_cache); rkey = nfs_idmap_request_key(name, namelen, type, idmap); - put_cred(revert_creds(saved_cred)); + revert_creds(saved_cred); if (IS_ERR(rkey)) { ret = PTR_ERR(rkey); -- 2.51.0 From dfce6a462a9490063852c5d91d0f41104c0aad6d Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:11 +0100 Subject: [PATCH 09/16] nfs/nfs4recover: avoid pointless cred reference count bump The code already got rid of the extra reference count from the old version of override_creds(). Link: https://lore.kernel.org/r/20241125-work-cred-v2-15-68b9d38bb5b2@kernel.org Acked-by: Chuck Lever Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- fs/nfsd/nfs4recover.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c index f3837167b6a1..7f2ceeb118a4 100644 --- a/fs/nfsd/nfs4recover.c +++ b/fs/nfsd/nfs4recover.c @@ -81,8 +81,7 @@ nfs4_save_creds(const struct cred **original_creds) new->fsuid = GLOBAL_ROOT_UID; new->fsgid = GLOBAL_ROOT_GID; - *original_creds = override_creds(get_new_cred(new)); - put_cred(new); + *original_creds = override_creds(new); return 0; } -- 2.51.0 From 81be9a8a1090cdddea69aa326cd41b658932e84e Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:12 +0100 Subject: [PATCH 10/16] nfsfh: avoid pointless cred reference count bump The code already got rid of the extra reference count from the old version of override_creds(). Link: https://lore.kernel.org/r/20241125-work-cred-v2-16-68b9d38bb5b2@kernel.org Acked-by: Chuck Lever Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- fs/nfsd/nfsfh.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c index 1cf52f3d5412..98d6459724a7 100644 --- a/fs/nfsd/nfsfh.c +++ b/fs/nfsd/nfsfh.c @@ -221,8 +221,7 @@ static __be32 nfsd_set_fh_dentry(struct svc_rqst *rqstp, struct net *net, new->cap_effective = cap_raise_nfsd_set(new->cap_effective, new->cap_permitted); - put_cred(override_creds(get_new_cred(new))); - put_cred(new); + put_cred(override_creds(new)); } else { error = nfsd_setuser_and_check_port(rqstp, cred, exp); if (error) -- 2.51.0 From 7708f3a7d25f5f1e80a5ef6abc3abde00128f88c Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:13 +0100 Subject: [PATCH 11/16] open: avoid pointless cred reference count bump The code already got rid of the extra reference count from the old version of override_creds(). Link: https://lore.kernel.org/r/20241125-work-cred-v2-17-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- fs/open.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/fs/open.c b/fs/open.c index 0a5cd8e74fb9..ffcfef67ac86 100644 --- a/fs/open.c +++ b/fs/open.c @@ -402,7 +402,6 @@ static bool access_need_override_creds(int flags) static const struct cred *access_override_creds(void) { - const struct cred *old_cred; struct cred *override_cred; override_cred = prepare_creds(); @@ -447,13 +446,7 @@ static const struct cred *access_override_creds(void) * freeing. */ override_cred->non_rcu = 1; - - old_cred = override_creds(get_new_cred(override_cred)); - - /* override_cred() gets its own ref */ - put_cred(override_cred); - - return old_cred; + return override_creds(override_cred); } static long do_faccessat(int dfd, const char __user *filename, int mode, int flags) -- 2.51.0 From facc239a8c4980e17c832a7d5ee3809a2e2a45bd Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:14 +0100 Subject: [PATCH 12/16] ovl: avoid pointless cred reference count bump security_inode_copy_up() allocates a set of new credentials and has taken a reference count. Link: https://lore.kernel.org/r/20241125-work-cred-v2-18-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- fs/overlayfs/copy_up.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index 439bd9a5ceec..3601ddfeddc2 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -741,7 +741,7 @@ static int ovl_prep_cu_creds(struct dentry *dentry, struct ovl_cu_creds *cc) return err; if (cc->new) - cc->old = override_creds(get_new_cred(cc->new)); + cc->old = override_creds(cc->new); return 0; } @@ -749,7 +749,7 @@ static int ovl_prep_cu_creds(struct dentry *dentry, struct ovl_cu_creds *cc) static void ovl_revert_cu_creds(struct ovl_cu_creds *cc) { if (cc->new) { - put_cred(revert_creds(cc->old)); + revert_creds(cc->old); put_cred(cc->new); } } -- 2.51.0 From 6077c4620daad2c9823c5ed55b4b4226a2883794 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:15 +0100 Subject: [PATCH 13/16] cifs: avoid pointless cred reference count bump During module init spnego_cred will be allocated with its own reference which is only destroyed during module exit. Link: https://lore.kernel.org/r/20241125-work-cred-v2-19-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- fs/smb/client/cifs_spnego.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/smb/client/cifs_spnego.c b/fs/smb/client/cifs_spnego.c index 6284d924fdb1..28f568b5fc27 100644 --- a/fs/smb/client/cifs_spnego.c +++ b/fs/smb/client/cifs_spnego.c @@ -173,9 +173,9 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo, } cifs_dbg(FYI, "key description = %s\n", description); - saved_cred = override_creds(get_new_cred(spnego_cred)); + saved_cred = override_creds(spnego_cred); spnego_key = request_key(&cifs_spnego_key_type, description, ""); - put_cred(revert_creds(saved_cred)); + revert_creds(saved_cred); #ifdef CONFIG_CIFS_DEBUG2 if (cifsFYI && !IS_ERR(spnego_key)) { -- 2.51.0 From 2b315eda9e45f21b6c0da298016677b1090df67d Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:16 +0100 Subject: [PATCH 14/16] cifs: avoid pointless cred reference count bump During module init root_cred will be allocated with its own reference which is only destroyed during module exit. Link: https://lore.kernel.org/r/20241125-work-cred-v2-20-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- fs/smb/client/cifsacl.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/fs/smb/client/cifsacl.c b/fs/smb/client/cifsacl.c index 5718906369a9..ba79aa2107cc 100644 --- a/fs/smb/client/cifsacl.c +++ b/fs/smb/client/cifsacl.c @@ -292,7 +292,7 @@ id_to_sid(unsigned int cid, uint sidtype, struct smb_sid *ssid) return -EINVAL; rc = 0; - saved_cred = override_creds(get_new_cred(root_cred)); + saved_cred = override_creds(root_cred); sidkey = request_key(&cifs_idmap_key_type, desc, ""); if (IS_ERR(sidkey)) { rc = -EINVAL; @@ -327,7 +327,7 @@ id_to_sid(unsigned int cid, uint sidtype, struct smb_sid *ssid) out_key_put: key_put(sidkey); out_revert_creds: - put_cred(revert_creds(saved_cred)); + revert_creds(saved_cred); return rc; invalidate_key: @@ -398,7 +398,7 @@ try_upcall_to_get_id: if (!sidstr) return -ENOMEM; - saved_cred = override_creds(get_new_cred(root_cred)); + saved_cred = override_creds(root_cred); sidkey = request_key(&cifs_idmap_key_type, sidstr, ""); if (IS_ERR(sidkey)) { cifs_dbg(FYI, "%s: Can't map SID %s to a %cid\n", @@ -438,7 +438,7 @@ try_upcall_to_get_id: out_key_put: key_put(sidkey); out_revert_creds: - put_cred(revert_creds(saved_cred)); + revert_creds(saved_cred); kfree(sidstr); /* -- 2.51.0 From 62e5396c50ae3942ff94c0a8cec6f476c1c3da2f Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:17 +0100 Subject: [PATCH 15/16] smb: avoid pointless cred reference count bump The creds are allocated via prepare_kernel_cred() which has already taken a reference. This also removes a pointless check that gives the impression that override_creds() can ever be called on a task with current->cred NULL. That's not possible afaict. Remove the check to not imply that there can be a dangling pointer in current->cred. Link: https://lore.kernel.org/r/20241125-work-cred-v2-21-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- fs/smb/server/smb_common.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c index ec4106aa1945..d009651fd5a8 100644 --- a/fs/smb/server/smb_common.c +++ b/fs/smb/server/smb_common.c @@ -780,11 +780,7 @@ int __ksmbd_override_fsids(struct ksmbd_work *work, cred->cap_effective = cap_drop_fs_set(cred->cap_effective); WARN_ON(work->saved_cred); - work->saved_cred = override_creds(get_new_cred(cred)); - if (!work->saved_cred) { - abort_creds(cred); - return -EINVAL; - } + work->saved_cred = override_creds(cred); return 0; } @@ -796,13 +792,11 @@ int ksmbd_override_fsids(struct ksmbd_work *work) void ksmbd_revert_fsids(struct ksmbd_work *work) { const struct cred *cred; - WARN_ON(!work->saved_cred); - cred = current_cred(); - put_cred(revert_creds(work->saved_cred)); - put_cred(cred); + cred = revert_creds(work->saved_cred); work->saved_cred = NULL; + put_cred(cred); } __le32 smb_map_generic_desired_access(__le32 daccess) -- 2.51.0 From b690668b65e504d3e9344aa038bdaa7b2354304f Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 25 Nov 2024 15:10:18 +0100 Subject: [PATCH 16/16] io_uring: avoid pointless cred reference count bump req->creds and ctx->sq_creds already hold reference counts that are stable during the operations. Link: https://lore.kernel.org/r/20241125-work-cred-v2-22-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner --- io_uring/io_uring.c | 4 ++-- io_uring/sqpoll.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index 3e408c8442d4..06ff41484e29 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -1728,7 +1728,7 @@ static int io_issue_sqe(struct io_kiocb *req, unsigned int issue_flags) return -EBADF; if (unlikely((req->flags & REQ_F_CREDS) && req->creds != current_cred())) - creds = override_creds(get_new_cred(req->creds)); + creds = override_creds(req->creds); if (!def->audit_skip) audit_uring_entry(req->opcode); @@ -1739,7 +1739,7 @@ static int io_issue_sqe(struct io_kiocb *req, unsigned int issue_flags) audit_uring_exit(!ret, ret); if (creds) - put_cred(revert_creds(creds)); + revert_creds(creds); if (ret == IOU_OK) { if (issue_flags & IO_URING_F_COMPLETE_DEFER) diff --git a/io_uring/sqpoll.c b/io_uring/sqpoll.c index 1ca963474336..6df5e649c413 100644 --- a/io_uring/sqpoll.c +++ b/io_uring/sqpoll.c @@ -174,7 +174,7 @@ static int __io_sq_thread(struct io_ring_ctx *ctx, bool cap_entries) const struct cred *creds = NULL; if (ctx->sq_creds != current_cred()) - creds = override_creds(get_new_cred(ctx->sq_creds)); + creds = override_creds(ctx->sq_creds); mutex_lock(&ctx->uring_lock); if (!wq_list_empty(&ctx->iopoll_list)) @@ -192,7 +192,7 @@ static int __io_sq_thread(struct io_ring_ctx *ctx, bool cap_entries) if (to_submit && wq_has_sleeper(&ctx->sqo_sq_wait)) wake_up(&ctx->sqo_sq_wait); if (creds) - put_cred(revert_creds(creds)); + revert_creds(creds); } return ret; -- 2.51.0