c/mirror_zfs
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_zfs.git synced 2025-07-12 18:57:39 +03:00
Code Issues Packages Projects Releases Wiki Activity
21ad6444c7
mirror_zfs/module/zfs
History
Rob Norris 4ee13684b9 cred: properly pass and test creds on other threads (#17273) 
Various admin operations will be invoked by some userspace task, but the
work will be done on a separate kernel thread at a later time. Snapshots
are an example, which are triggered through zfs_ioc_snapshot() ->
dsl_dataset_snapshot(), but the actual work is from a task dispatched to
dp_sync_taskq.

Many such tasks end up in dsl_enforce_ds_ss_limits(), where various
limits and permissions are enforced. Among other things, it is necessary
to ensure that the invoking task (that is, the user) has permission to
do things. We can't simply check if the running task has permission; it
is a privileged kernel thread, which can do anything.

However, in the general case it's not safe to simply query the task for
its permissions at the check time, as the task may not exist any more,
or its permissions may have changed since it was first invoked. So
instead, we capture the permissions by saving CRED() in the user task,
and then using it for the check through the secpolicy_* functions.

The current code calls CRED() to get the credential, which gets a
pointer to the cred_t inside the current task and passes it to the
worker task. However, it doesn't take a reference to the cred_t, and so
expects that it won't change, and that the task continues to exist. In
practice that is always the case, because we don't let the calling task
return from the kernel until the work is done.

For Linux, we also take a reference to the current task, because the
Linux credential APIs for the most part do not check an arbitrary
credential, but rather, query what a task can do. See
secpolicy_zfs_proc(). Again, we don't take a reference on the task, just
a pointer to it.

We change to calling crhold() on the task credential, and crfree() when
we're done with it. This ensures it stays alive and unchanged for the
duration of the call.

On the Linux side, we change the main policy checking function
priv_policy_ns() to use override_creds()/revert_creds() if necessary to
make the provided credential active in the current task, allowing the
standard task-permission APIs to do the needed check. Since the task
pointer is no longer required, this lets us entirely remove
secpolicy_zfs_proc() and the need to carry a task pointer around as
well.

Sponsored-by: https://despairlabs.com/sponsor/

Signed-off-by: Rob Norris <robn@despairlabs.com>
Reviewed-by: Pavel Snajdr <snajpa@snajpa.net>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Reviewed-by: Kyle Evans <kevans@FreeBSD.org>
Reviewed-by: Tony Hutter <hutter2@llnl.gov>
2025-06-02 16:49:51 -07:00
..
abd.c abd: add page iterator 2024-03-28 13:29:46 -07:00
aggsum.c Remove bcopy(), bzero(), bcmp() 2022-03-15 15:13:42 -07:00
arc.c ARC: Avoid overflows in arc_evict_adj() (#17255) 2025-05-27 14:41:45 -07:00
blake3_zfs.c blake3: fix up bogus checksums in face of cpu migration 2023-05-01 17:21:27 -07:00
blkptr.c Remove bcopy(), bzero(), bcmp() 2022-03-15 15:13:42 -07:00
bplist.c Use list_remove_head() where possible. 2023-06-09 10:12:52 -07:00
bpobj.c Add explicit prefetches to bpobj_iterate(). 2023-07-21 16:35:12 -07:00
bptree.c Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
bqueue.c Batch enqueue/dequeue for bqueue 2023-01-10 13:39:22 -08:00
brt.c BRT: Skip getting length in brt_entry_lookup() 2024-04-19 10:13:38 -07:00
btree.c Replace P2ALIGN with P2ALIGN_TYPED and delete P2ALIGN. 2024-05-13 10:27:38 -05:00
dataset_kstats.c Fix null ptr deref when renaming a zvol with snaps and snapdev=visible (#16316) 2024-08-22 15:42:49 -07:00
dbuf_stats.c Revert "Reduce dbuf_find() lock contention" 2022-09-22 12:59:41 -07:00
dbuf.c BRT: Don't call brt_pending_remove() on holes/embedded 2024-11-26 09:55:29 -08:00
ddt_zap.c Pack our DDT ZAPs a bit denser. 2023-06-30 09:42:02 -07:00
ddt.c [zfs-2.2.8] GCC: Fix array subscript check 2025-05-27 15:49:12 -07:00
dmu_diff.c Simplify issig(). 2024-11-14 15:20:10 -08:00
dmu_object.c Replace P2ALIGN with P2ALIGN_TYPED and delete P2ALIGN. 2024-05-13 10:27:38 -05:00
dmu_objset.c cred: properly pass and test creds on other threads (#17273) 2025-06-02 16:49:51 -07:00
dmu_recv.c cred: properly pass and test creds on other threads (#17273) 2025-06-02 16:49:51 -07:00
dmu_redact.c Simplify issig(). 2024-11-14 15:20:10 -08:00
dmu_send.c Fix 2 bugs in non-raw send with encryption 2025-05-27 14:41:45 -07:00
dmu_traverse.c Fix prefetching of indirect blocks while destroying 2023-03-24 10:20:07 -07:00
dmu_tx.c Cleanup DB_DNODE() macros usage 2024-11-04 10:34:48 -08:00
dmu_zfetch.c Add prefetch property 2024-04-30 10:01:15 -07:00
dmu.c Cleanup DB_DNODE() macros usage 2024-11-04 10:34:48 -08:00
dnode_sync.c free_blocks(): Fix reports from 2016 PVS Studio FreeBSD report 2023-01-23 13:12:37 -08:00
dnode.c Linux: Report reclaimable memory to kernel as such (#16385) 2024-11-14 15:20:06 -08:00
dsl_bookmark.c nvpair: Constify string functions 2023-03-14 15:25:50 -07:00
dsl_crypt.c Properly release key in spa_keystore_dsl_key_hold_dd() 2024-11-05 15:43:52 -08:00
dsl_dataset.c cred: properly pass and test creds on other threads (#17273) 2025-06-02 16:49:51 -07:00
dsl_deadlist.c Refactor dmu_prefetch(). 2024-04-19 10:13:38 -07:00
dsl_deleg.c Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
dsl_destroy.c nvpair: Constify string functions 2023-03-14 15:25:50 -07:00
dsl_dir.c cred: properly pass and test creds on other threads (#17273) 2025-06-02 16:49:51 -07:00
dsl_pool.c Remove lock from dsl_pool_need_dirty_delay() 2023-11-06 16:46:55 -08:00
dsl_prop.c nvpair: Constify string functions 2023-03-14 15:25:50 -07:00
dsl_scan.c Fix scn_queue races on very old pools 2024-05-29 08:54:19 -07:00
dsl_synctask.c Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
dsl_userhold.c nvpair: Constify string functions 2023-03-14 15:25:50 -07:00
edonr_zfs.c Remove unused Edon-R variants 2023-03-14 15:59:58 -07:00
fm.c Use list_remove_head() where possible. 2023-06-09 10:12:52 -07:00
gzip.c Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
hkdf.c Remove bcopy(), bzero(), bcmp() 2022-03-15 15:13:42 -07:00
lz4_zfs.c Linux: Report reclaimable memory to kernel as such (#16385) 2024-11-14 15:20:06 -08:00
lz4.c lz4: Cherrypick fix for CVE-2021-3520 2022-01-12 16:14:36 -08:00
lzjb.c Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
metaslab.c Block remap for cloned blocks on device removal 2025-06-02 11:17:22 -07:00
mmp.c vdev probe to slow disk can stall mmp write checker 2024-04-30 10:01:15 -07:00
multilist.c L2ARC: Relax locking during write 2024-04-19 10:13:38 -07:00
objlist.c Implement Redacted Send/Receive 2019-06-19 09:48:12 -07:00
pathname.c Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
range_tree.c btree: Implement faster binary search algorithm 2023-05-26 10:03:12 -07:00
refcount.c Switch refcount tracking from lists to AVL-trees. 2023-06-14 08:02:27 -07:00
rrwlock.c Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
sa.c Linux: Report reclaimable memory to kernel as such (#16385) 2024-11-14 15:20:06 -08:00
sha2_zfs.c Add generic implementation handling and SHA2 impl 2023-03-02 13:52:21 -08:00
skein_zfs.c Remove bcopy(), bzero(), bcmp() 2022-03-15 15:13:42 -07:00
spa_checkpoint.c Cleanup: 64-bit kernel module parameters should use fixed width types 2022-10-13 10:03:29 -07:00
spa_config.c Add mutex_enter_interruptible() for interruptible sleeping IOCTLs 2023-11-06 16:47:41 -08:00
spa_errlog.c Update the MOS directory on spa_upgrade_errlog() 2023-09-19 08:51:00 -07:00
spa_history.c nvpair: Constify string functions 2023-03-14 15:25:50 -07:00
spa_log_spacemap.c Extend import_progress kstat with a notes field 2024-04-29 17:45:53 -07:00
spa_misc.c Extend import_progress kstat with a notes field 2024-04-29 17:45:53 -07:00
spa_stats.c Cleanup: Specify unsignedness on things that should not be signed 2022-09-27 16:42:41 -07:00
spa.c Some improvements to metaslabs eviction 2024-07-17 14:54:47 -07:00
space_map.c Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
space_reftree.c Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
THIRDPARTYLICENSE.cityhash OpenZFS 8484 - Implement aggregate sum and use for arc counters 2018-06-06 09:35:59 -07:00
THIRDPARTYLICENSE.cityhash.descrip OpenZFS 8484 - Implement aggregate sum and use for arc counters 2018-06-06 09:35:59 -07:00
txg.c vdev probe to slow disk can stall mmp write checker 2024-04-30 10:01:15 -07:00
uberblock.c Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
unique.c Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
vdev_draid_rand.c Distributed Spare (dRAID) Feature 2020-11-13 13:51:51 -08:00
vdev_draid.c nvpair: Constify string functions 2023-03-14 15:25:50 -07:00
vdev_indirect_births.c Remove bcopy(), bzero(), bcmp() 2022-03-15 15:13:42 -07:00
vdev_indirect_mapping.c Remove bcopy(), bzero(), bcmp() 2022-03-15 15:13:42 -07:00
vdev_indirect.c Don't emit cksum_{actual_expected} in ereport.fs.zfs.checksum events 2023-07-21 16:35:12 -07:00
vdev_initialize.c Add the ability to uninitialize 2023-05-18 10:02:20 -07:00
vdev_label.c vdev probe to slow disk can stall mmp write checker 2024-04-30 10:01:15 -07:00
vdev_mirror.c Improve too large physical ashift handling 2022-09-08 10:30:53 -07:00
vdev_missing.c Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
vdev_queue.c Fix accounting error for pending sync IO ops in zpool iostat 2023-11-16 14:23:03 -08:00
vdev_raidz_math_aarch64_neon_common.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
vdev_raidz_math_aarch64_neon.c Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
vdev_raidz_math_aarch64_neonx2.c Fix Clang 15 compilation errors 2022-11-30 13:46:26 -08:00
vdev_raidz_math_avx2.c Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
vdev_raidz_math_avx512bw.c Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
vdev_raidz_math_avx512f.c Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
vdev_raidz_math_impl.h Cleanup Raid-Z Typo fixes 2022-09-06 09:43:21 -07:00
vdev_raidz_math_powerpc_altivec_common.h Linux ppc64le ieee128 compat: Do not redefine __asm on external headers 2023-01-13 10:58:58 -08:00
vdev_raidz_math_powerpc_altivec.c Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
vdev_raidz_math_scalar.c Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
vdev_raidz_math_sse2.c Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
vdev_raidz_math_ssse3.c Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
vdev_raidz_math.c Miscellaneous FreBSD compilation bugfixes 2023-04-06 10:35:02 -07:00
vdev_raidz.c GCC: Fixes for gcc 14 on Fedora 40 2024-04-29 13:50:05 -07:00
vdev_rebuild.c Tweak rebuild in-flight hard limit 2023-10-03 09:06:07 -07:00
vdev_removal.c nvpair: Constify string functions 2023-03-14 15:25:50 -07:00
vdev_root.c Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
vdev_trim.c Autotrim High Load Average Fix 2024-01-18 11:33:29 -08:00
vdev.c On the first vdev open ignore impossible ashift hints 2024-11-06 10:06:29 -08:00
zap_leaf.c ZAP: Some cleanups/micro-optimizations 2024-04-19 10:13:38 -07:00
zap_micro.c ZAP: Massively switch to _by_dnode() interfaces 2024-04-19 10:13:38 -07:00
zap.c ZAP: Fix leaf references on zap_expand_leaf() errors 2024-05-29 08:54:19 -07:00
zcp_get.c nvpair: Constify string functions 2023-03-14 15:25:50 -07:00
zcp_global.c OpenZFS 8600 - ZFS channel programs - snapshot 2018-02-08 15:29:24 -08:00
zcp_iter.c nvpair: Constify string functions 2023-03-14 15:25:50 -07:00
zcp_set.c Support setting user properties in a channel program 2020-02-14 13:41:42 -08:00
zcp_synctask.c cred: properly pass and test creds on other threads (#17273) 2025-06-02 16:49:51 -07:00
zcp.c cred: properly pass and test creds on other threads (#17273) 2025-06-02 16:49:51 -07:00
zfeature.c Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zfs_byteswap.c Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zfs_chksum.c Add generic implementation handling and SHA2 impl 2023-03-02 13:52:21 -08:00
zfs_fm.c Add slow disk diagnosis to ZED 2024-04-29 13:50:05 -07:00
zfs_fuid.c Use list_remove_head() where possible. 2023-06-09 10:12:52 -07:00
zfs_impl.c Add generic implementation handling and SHA2 impl 2023-03-02 13:52:21 -08:00
zfs_ioctl.c Simplify issig(). 2024-11-14 15:20:10 -08:00
zfs_log.c zfs_log: add flex array fields to log record structs 2024-11-04 10:34:48 -08:00
zfs_onexit.c Use list_remove_head() where possible. 2023-06-09 10:12:52 -07:00
zfs_quota.c Implementation of block cloning for ZFS 2023-03-10 11:59:53 -08:00
zfs_ratelimit.c Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zfs_replay.c FreeBSD: remove support for FreeBSD < 13.0-RELEASE (#16372) 2024-11-15 10:15:00 -08:00
zfs_rlock.c Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zfs_sa.c Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zfs_vnops.c Simplify issig(). 2024-11-14 15:20:10 -08:00
zfs_znode.c zfs_znode: lift common code to a single shared file 2024-11-15 10:15:01 -08:00
zil.c zfs: add bounds checking to zil_parse (#16308) 2024-08-22 15:12:54 -07:00
zio_checksum.c ZIL: Assert record sizes in different places 2024-01-08 16:11:39 -08:00
zio_compress.c Skip memory allocation when compressing holes 2023-02-27 14:41:02 -08:00
zio_inject.c vdev probe to slow disk can stall mmp write checker 2024-04-30 10:01:15 -07:00
zio.c Linux: Report reclaimable memory to kernel as such (#16385) 2024-11-14 15:20:06 -08:00
zle.c Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zrlock.c Micro-optimize zrl_remove() 2022-11-29 09:26:03 -08:00
zthr.c Switch from _Noreturn to __attribute__((noreturn)) 2022-03-23 08:51:00 -07:00
zvol.c zvol: ensure device minors are properly cleaned up 2024-11-15 10:14:50 -08:00