• D
    NFSD: Don't hold unrefcounted creds over call to nfsd_setuser() · 033a666c
    David Howells 提交于
    nfsd_open() gets an unrefcounted pointer to the current process's effective
    credentials at the top of the function, then calls nfsd_setuser() via
    fh_verify() - which may replace and destroy the current process's effective
    credentials - and then passes the unrefcounted pointer to dentry_open() - but
    the credentials may have been destroyed by this point.
    
    Instead, the value from current_cred() should be passed directly to
    dentry_open() as one of its arguments, rather than being cached in a variable.
    
    Possibly fh_verify() should return the creds to use.
    
    This is a regression introduced by
    745ca247 "CRED: Pass credentials through
    dentry_open()".
    Signed-off-by: NDavid Howells <dhowells@redhat.com>
    Tested-and-Verified-By: NSteve Dickson <steved@redhat.com>
    Cc: stable@kernel.org
    Signed-off-by: NJ. Bruce Fields <bfields@citi.umich.edu>
    033a666c
vfs.c 53.4 KB