tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
cgroup: use credential guards in cgroup_attach_permissions()
Use credential guards for scoped credential override with automatic
restoration on scope exit.
Link: https://patch.msgid.link/20251103-work-creds-guards-simple-v1-15-a3e156839e7f@kernel.org
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
+4
-6
+4
-6
kernel/cgroup/cgroup.c
+4
-6
kernel/cgroup/cgroup.c
···
5363
5363
struct cgroup_file_ctx *ctx = of->priv;
5364
5364
struct cgroup *src_cgrp, *dst_cgrp;
5365
5365
struct task_struct *task;
5366
-
const struct cred *saved_cred;
5367
5366
ssize_t ret;
5368
5367
enum cgroup_attach_lock_mode lock_mode;
5369
5368
···
5385
5386
* permissions using the credentials from file open to protect against
5386
5387
* inherited fd attacks.
5387
5388
*/
5388
-
saved_cred = override_creds(of->file->f_cred);
5389
-
ret = cgroup_attach_permissions(src_cgrp, dst_cgrp,
5390
-
of->file->f_path.dentry->d_sb,
5391
-
threadgroup, ctx->ns);
5392
-
revert_creds(saved_cred);
5389
+
scoped_with_creds(of->file->f_cred)
5390
+
ret = cgroup_attach_permissions(src_cgrp, dst_cgrp,
5391
+
of->file->f_path.dentry->d_sb,
5392
+
threadgroup, ctx->ns);
5393
5393
if (ret)
5394
5394
goto out_finish;
5395
5395