This eliminates a redundant get_current_cred() call, because ceph_mds_check_access() has already obtained this pointer.
As a side effect, this also fixes a reference leak in ceph_mds_auth_match(): by omitting the get_current_cred() call, no additional cred reference is taken.
Fixes: 596afb0b8933 ("ceph: add ceph_mds_check_access() helper") Cc: stable@vger.kernel.org Signed-off-by: Max Kellermann max.kellermann@ionos.com --- fs/ceph/mds_client.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c index 6baec1387f7d..e8a5994de8b6 100644 --- a/fs/ceph/mds_client.c +++ b/fs/ceph/mds_client.c @@ -5615,9 +5615,9 @@ void send_flush_mdlog(struct ceph_mds_session *s)
static int ceph_mds_auth_match(struct ceph_mds_client *mdsc, struct ceph_mds_cap_auth *auth, + const struct cred *cred, char *tpath) { - const struct cred *cred = get_current_cred(); u32 caller_uid = from_kuid(&init_user_ns, cred->fsuid); u32 caller_gid = from_kgid(&init_user_ns, cred->fsgid); struct ceph_client *cl = mdsc->fsc->client; @@ -5740,7 +5740,7 @@ int ceph_mds_check_access(struct ceph_mds_client *mdsc, char *tpath, int mask) for (i = 0; i < mdsc->s_cap_auths_num; i++) { struct ceph_mds_cap_auth *s = &mdsc->s_cap_auths[i];
- err = ceph_mds_auth_match(mdsc, s, tpath); + err = ceph_mds_auth_match(mdsc, s, cred, tpath); if (err < 0) { return err; } else if (err > 0) {
get_current_cred() increments the reference counter, but the put_cred() call was missing.
Fixes: 596afb0b8933 ("ceph: add ceph_mds_check_access() helper") Cc: stable@vger.kernel.org Signed-off-by: Max Kellermann max.kellermann@ionos.com --- fs/ceph/mds_client.c | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c index e8a5994de8b6..35d83c8c2874 100644 --- a/fs/ceph/mds_client.c +++ b/fs/ceph/mds_client.c @@ -5742,6 +5742,7 @@ int ceph_mds_check_access(struct ceph_mds_client *mdsc, char *tpath, int mask)
err = ceph_mds_auth_match(mdsc, s, cred, tpath); if (err < 0) { + put_cred(cred); return err; } else if (err > 0) { /* always follow the last auth caps' permision */ @@ -5757,6 +5758,8 @@ int ceph_mds_check_access(struct ceph_mds_client *mdsc, char *tpath, int mask) } }
+ put_cred(cred); + doutc(cl, "root_squash_perms %d, rw_perms_s %p\n", root_squash_perms, rw_perms_s); if (root_squash_perms && rw_perms_s == NULL) {
On 11/23/24 15:21, Max Kellermann wrote:
get_current_cred() increments the reference counter, but the put_cred() call was missing.
Fixes: 596afb0b8933 ("ceph: add ceph_mds_check_access() helper") Cc: stable@vger.kernel.org Signed-off-by: Max Kellermann max.kellermann@ionos.com
fs/ceph/mds_client.c | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c index e8a5994de8b6..35d83c8c2874 100644 --- a/fs/ceph/mds_client.c +++ b/fs/ceph/mds_client.c @@ -5742,6 +5742,7 @@ int ceph_mds_check_access(struct ceph_mds_client *mdsc, char *tpath, int mask) err = ceph_mds_auth_match(mdsc, s, cred, tpath); if (err < 0) {
put_cred(cred); return err;@@ -5757,6 +5758,8 @@ int ceph_mds_check_access(struct ceph_mds_client *mdsc, char *tpath, int mask) } }
- put_cred(cred);
- doutc(cl, "root_squash_perms %d, rw_perms_s %p\n", root_squash_perms, rw_perms_s); if (root_squash_perms && rw_perms_s == NULL) {
Good catch.
Reviewed-by: Xiubo Li xiubli@redhat.com
On Mon, Nov 25, 2024 at 1:53 AM Xiubo Li xiubli@redhat.com wrote:
On 11/23/24 15:21, Max Kellermann wrote:
get_current_cred() increments the reference counter, but the put_cred() call was missing.
Fixes: 596afb0b8933 ("ceph: add ceph_mds_check_access() helper") Cc: stable@vger.kernel.org Signed-off-by: Max Kellermann max.kellermann@ionos.com
fs/ceph/mds_client.c | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c index e8a5994de8b6..35d83c8c2874 100644 --- a/fs/ceph/mds_client.c +++ b/fs/ceph/mds_client.c @@ -5742,6 +5742,7 @@ int ceph_mds_check_access(struct ceph_mds_client *mdsc, char *tpath, int mask)
err = ceph_mds_auth_match(mdsc, s, cred, tpath); if (err < 0) {
put_cred(cred); return err; } else if (err > 0) { /* always follow the last auth caps' permision */@@ -5757,6 +5758,8 @@ int ceph_mds_check_access(struct ceph_mds_client *mdsc, char *tpath, int mask) } }
put_cred(cred);doutc(cl, "root_squash_perms %d, rw_perms_s %p\n", root_squash_perms, rw_perms_s); if (root_squash_perms && rw_perms_s == NULL) {Good catch.
Reviewed-by: Xiubo Li xiubli@redhat.com
Applied.
Thanks,
Ilya
On 11/23/24 15:21, Max Kellermann wrote:
This eliminates a redundant get_current_cred() call, because ceph_mds_check_access() has already obtained this pointer.
As a side effect, this also fixes a reference leak in ceph_mds_auth_match(): by omitting the get_current_cred() call, no additional cred reference is taken.
Fixes: 596afb0b8933 ("ceph: add ceph_mds_check_access() helper") Cc: stable@vger.kernel.org Signed-off-by: Max Kellermann max.kellermann@ionos.com
fs/ceph/mds_client.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c index 6baec1387f7d..e8a5994de8b6 100644 --- a/fs/ceph/mds_client.c +++ b/fs/ceph/mds_client.c @@ -5615,9 +5615,9 @@ void send_flush_mdlog(struct ceph_mds_session *s) static int ceph_mds_auth_match(struct ceph_mds_client *mdsc, struct ceph_mds_cap_auth *auth,
const struct cred *cred, char *tpath)
- const struct cred *cred = get_current_cred(); u32 caller_uid = from_kuid(&init_user_ns, cred->fsuid); u32 caller_gid = from_kgid(&init_user_ns, cred->fsgid); struct ceph_client *cl = mdsc->fsc->client;
@@ -5740,7 +5740,7 @@ int ceph_mds_check_access(struct ceph_mds_client *mdsc, char *tpath, int mask) for (i = 0; i < mdsc->s_cap_auths_num; i++) { struct ceph_mds_cap_auth *s = &mdsc->s_cap_auths[i];
err = ceph_mds_auth_match(mdsc, s, tpath);
err = ceph_mds_auth_match(mdsc, s, cred, tpath);
Good catch.
Reviewed-by: Xiubo Li xiubli@redhat.com
On Mon, Nov 25, 2024 at 1:53 AM Xiubo Li xiubli@redhat.com wrote:
On 11/23/24 15:21, Max Kellermann wrote:
This eliminates a redundant get_current_cred() call, because ceph_mds_check_access() has already obtained this pointer.
As a side effect, this also fixes a reference leak in ceph_mds_auth_match(): by omitting the get_current_cred() call, no additional cred reference is taken.
Fixes: 596afb0b8933 ("ceph: add ceph_mds_check_access() helper") Cc: stable@vger.kernel.org Signed-off-by: Max Kellermann max.kellermann@ionos.com
fs/ceph/mds_client.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c index 6baec1387f7d..e8a5994de8b6 100644 --- a/fs/ceph/mds_client.c +++ b/fs/ceph/mds_client.c @@ -5615,9 +5615,9 @@ void send_flush_mdlog(struct ceph_mds_session *s)
static int ceph_mds_auth_match(struct ceph_mds_client *mdsc, struct ceph_mds_cap_auth *auth,
const struct cred *cred, char *tpath)
const struct cred *cred = get_current_cred(); u32 caller_uid = from_kuid(&init_user_ns, cred->fsuid); u32 caller_gid = from_kgid(&init_user_ns, cred->fsgid); struct ceph_client *cl = mdsc->fsc->client;@@ -5740,7 +5740,7 @@ int ceph_mds_check_access(struct ceph_mds_client *mdsc, char *tpath, int mask) for (i = 0; i < mdsc->s_cap_auths_num; i++) { struct ceph_mds_cap_auth *s = &mdsc->s_cap_auths[i];
err = ceph_mds_auth_match(mdsc, s, tpath);
err = ceph_mds_auth_match(mdsc, s, cred, tpath); if (err < 0) { return err; } else if (err > 0) {Good catch.
Reviewed-by: Xiubo Li xiubli@redhat.com
Applied.
Thanks,
Ilya
linux-stable-mirror@lists.linaro.org
-
Ilya Dryomov -
Max Kellermann -
Xiubo Li