c/mirror_zfs
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_zfs.git synced 2025-07-12 10:47:40 +03:00
Code Issues Packages Projects Releases Wiki Activity
4ee13684b9
mirror_zfs/include/sys
History
Rob Norris 4ee13684b9 cred: properly pass and test creds on other threads (#17273) 
Various admin operations will be invoked by some userspace task, but the
work will be done on a separate kernel thread at a later time. Snapshots
are an example, which are triggered through zfs_ioc_snapshot() ->
dsl_dataset_snapshot(), but the actual work is from a task dispatched to
dp_sync_taskq.

Many such tasks end up in dsl_enforce_ds_ss_limits(), where various
limits and permissions are enforced. Among other things, it is necessary
to ensure that the invoking task (that is, the user) has permission to
do things. We can't simply check if the running task has permission; it
is a privileged kernel thread, which can do anything.

However, in the general case it's not safe to simply query the task for
its permissions at the check time, as the task may not exist any more,
or its permissions may have changed since it was first invoked. So
instead, we capture the permissions by saving CRED() in the user task,
and then using it for the check through the secpolicy_* functions.

The current code calls CRED() to get the credential, which gets a
pointer to the cred_t inside the current task and passes it to the
worker task. However, it doesn't take a reference to the cred_t, and so
expects that it won't change, and that the task continues to exist. In
practice that is always the case, because we don't let the calling task
return from the kernel until the work is done.

For Linux, we also take a reference to the current task, because the
Linux credential APIs for the most part do not check an arbitrary
credential, but rather, query what a task can do. See
secpolicy_zfs_proc(). Again, we don't take a reference on the task, just
a pointer to it.

We change to calling crhold() on the task credential, and crfree() when
we're done with it. This ensures it stays alive and unchanged for the
duration of the call.

On the Linux side, we change the main policy checking function
priv_policy_ns() to use override_creds()/revert_creds() if necessary to
make the provided credential active in the current task, allowing the
standard task-permission APIs to do the needed check. Since the task
pointer is no longer required, this lets us entirely remove
secpolicy_zfs_proc() and the need to carry a task pointer around as
well.

Sponsored-by: https://despairlabs.com/sponsor/

Signed-off-by: Rob Norris <robn@despairlabs.com>
Reviewed-by: Pavel Snajdr <snajpa@snajpa.net>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Reviewed-by: Kyle Evans <kevans@FreeBSD.org>
Reviewed-by: Tony Hutter <hutter2@llnl.gov>
2025-06-02 16:49:51 -07:00
..
crypto Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
fm Add slow disk diagnosis to ZED 2024-04-29 13:50:05 -07:00
fs Add prefetch property 2024-04-30 10:01:15 -07:00
lua autoconf: single-step includes 2022-05-10 10:18:51 -07:00
sysevent Teach zpool scrub to scrub only blocks in error log 2023-05-18 11:59:42 -07:00
zstd Unbreak zstd build on sparc64 2022-05-25 09:18:49 -07:00
abd_impl.h abd_os: break out platform-specific header parts 2024-11-15 10:15:00 -08:00
abd.h abd_os: break out platform-specific header parts 2024-11-15 10:15:00 -08:00
aggsum.h More aggsum optimizations 2021-06-07 09:02:47 -07:00
arc_impl.h Unify arc_prune_async() code 2023-11-08 12:15:41 -08:00
arc.h Unify arc_prune_async() code 2023-11-08 12:15:41 -08:00
asm_linkage.h Unify Assembler files between Linux and Windows 2023-01-17 11:09:19 -08:00
avl_impl.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
avl.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
bitmap.h Replace dead opensolaris.org license links 2023-03-14 14:44:01 -07:00
bitops.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
blake3.h Update BLAKE3 for using the new impl handling 2023-03-02 13:52:27 -08:00
blkptr.h OpenZFS 8067 - zdb should be able to dump literal embedded block pointer 2017-07-07 11:28:01 -07:00
bplist.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
bpobj.h Add explicit prefetches to bpobj_iterate(). 2023-07-21 16:35:12 -07:00
bptree.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
bqueue.h Batch enqueue/dequeue for bqueue 2023-01-10 13:39:22 -08:00
brt_impl.h brt: lift internal definitions into _impl header 2023-11-28 12:56:43 -08:00
brt.h zdb: include cloned blocks in block statistics 2023-08-02 08:52:40 -07:00
btree.h btree: Implement faster binary search algorithm 2023-05-26 10:03:12 -07:00
dataset_kstats.h Update the kstat dataset_name when renaming a zvol 2024-01-08 16:11:39 -08:00
dbuf.h Pack dmu_buf_impl_t by 16 bytes 2024-11-26 09:55:29 -08:00
ddt.h Implementation of block cloning for ZFS 2023-03-10 11:59:53 -08:00
dmu_impl.h ZIL: Avoid dbuf_read() before dmu_sync(). 2023-08-25 11:58:44 -07:00
dmu_objset.h Add prefetch property 2024-04-30 10:01:15 -07:00
dmu_recv.h cred: properly pass and test creds on other threads (#17273) 2025-06-02 16:49:51 -07:00
dmu_redact.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
dmu_send.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
dmu_traverse.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
dmu_tx.h Add dmu_tx_hold_append() interface 2023-05-09 09:03:10 -07:00
dmu_zfetch.h Speculative prefetch for reordered requests 2024-04-19 10:13:38 -07:00
dmu.h ZAP: Massively switch to _by_dnode() interfaces 2024-04-19 10:13:38 -07:00
dnode.h Linux 6.3 compat: Fix memcpy "detected field-spanning write" error 2023-04-13 09:12:03 -07:00
dsl_bookmark.h Remaining {=> const} char|void *tag 2022-06-29 14:08:59 -07:00
dsl_crypt.h Allow block cloning across encrypted datasets 2024-01-08 16:11:39 -08:00
dsl_dataset.h cred: properly pass and test creds on other threads (#17273) 2025-06-02 16:49:51 -07:00
dsl_deadlist.h Cleanup: 64-bit kernel module parameters should use fixed width types 2022-10-13 10:03:29 -07:00
dsl_deleg.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
dsl_destroy.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
dsl_dir.h cred: properly pass and test creds on other threads (#17273) 2025-06-02 16:49:51 -07:00
dsl_pool.h Cleanup: 64-bit kernel module parameters should use fixed width types 2022-10-13 10:03:29 -07:00
dsl_prop.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
dsl_scan.h Fix scn_queue races on very old pools 2024-05-29 08:54:19 -07:00
dsl_synctask.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
dsl_userhold.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
edonr.h Remove unused constant EdonR256_BLOCK_BITSIZE 2023-03-22 08:39:48 -07:00
efi_partition.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
frame.h Linux 5.10 compat: frame.h renamed objtool.h 2020-11-02 22:01:10 +00:00
hkdf.h Encryption patch follow-up 2017-10-11 16:54:48 -04:00
metaslab_impl.h Reduce number of metaslab preload taskq threads. 2023-10-07 09:08:20 -07:00
metaslab.h Remove fastwrite mechanism. 2023-08-25 11:58:44 -07:00
mmp.h Cleanup: 64-bit kernel module parameters should use fixed width types 2022-10-13 10:03:29 -07:00
mntent.h Expose ZFS dataset case sensitivity setting via sb_opts 2022-07-14 10:38:16 -07:00
mod.h linux: module: weld all but spl.ko into zfs.ko 2022-04-20 13:28:24 -07:00
multilist.h L2ARC: Relax locking during write 2024-04-19 10:13:38 -07:00
nvpair_impl.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
nvpair.h nvpair: Use flexible array member for nvpair name strings 2023-03-14 15:25:55 -07:00
objlist.h Implement Redacted Send/Receive 2019-06-19 09:48:12 -07:00
pathname.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
qat.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
range_tree.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
rrwlock.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
sa_impl.h sa_impl: fix SA header bitfield docs 2024-11-05 15:43:52 -08:00
sa.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
sha2.h Add generic implementation handling and SHA2 impl 2023-03-02 13:52:21 -08:00
skein.h OpenZFS 4185 - add new cryptographic checksums to ZFS: SHA-512, Skein, Edon-R 2016-10-03 14:51:15 -07:00
spa_checkpoint.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
spa_checksum.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
spa_impl.h fix: Uber block label not always found for aux vdevs 2024-01-29 14:53:29 -08:00
spa_log_spacemap.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
spa.h vdev probe to slow disk can stall mmp write checker 2024-04-30 10:01:15 -07:00
space_map.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
space_reftree.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
sysevent.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
txg_impl.h Properly pad struct tx_cpu to cache line 2023-11-06 16:46:44 -08:00
txg.h Cleanup: Specify unsignedness on things that should not be signed 2022-09-27 16:42:41 -07:00
u8_textprep_data.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
u8_textprep.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
uberblock_impl.h vdev probe to slow disk can stall mmp write checker 2024-04-30 10:01:15 -07:00
uberblock.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
uio_impl.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
unique.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
uuid.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
vdev_disk.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
vdev_draid.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
vdev_file.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
vdev_impl.h vdev probe to slow disk can stall mmp write checker 2024-04-30 10:01:15 -07:00
vdev_indirect_births.h OpenZFS 7614, 9064 - zfs device evacuation/removal 2018-04-14 12:16:17 -07:00
vdev_indirect_mapping.h OpenZFS 7614, 9064 - zfs device evacuation/removal 2018-04-14 12:16:17 -07:00
vdev_initialize.h Add the ability to uninitialize 2023-05-18 10:02:20 -07:00
vdev_raidz_impl.h Workaround UBSAN errors for variable arrays 2023-11-16 14:23:03 -08:00
vdev_raidz.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
vdev_rebuild.h Do not report bytes skipped by scan as issued. 2023-06-30 08:47:13 -07:00
vdev_removal.h Cleanup: Specify unsignedness on things that should not be signed 2022-09-27 16:42:41 -07:00
vdev_trim.h Fix short-lived txg caused by autotrim 2023-03-28 08:43:41 -07:00
vdev.h [zfs-2.2.7] Add vdev_check_boot_reserve() to vdev.h 2024-11-15 10:15:01 -08:00
xvattr.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zap_impl.h ZAP: Massively switch to _by_dnode() interfaces 2024-04-19 10:13:38 -07:00
zap_leaf.h zap_leaf: make l_hash[] variable length to silence UBSAN 2024-04-29 13:50:05 -07:00
zap.h ZAP: Massively switch to _by_dnode() interfaces 2024-04-19 10:13:38 -07:00
zcp_global.h OpenZFS 7431 - ZFS Channel Programs 2018-02-08 15:28:18 -08:00
zcp_iter.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zcp_prop.h OpenZFS 7431 - ZFS Channel Programs 2018-02-08 15:28:18 -08:00
zcp_set.h Support setting user properties in a channel program 2020-02-14 13:41:42 -08:00
zcp.h cred: properly pass and test creds on other threads (#17273) 2025-06-02 16:49:51 -07:00
zfeature.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zfs_acl.h Linux 6.3 compat: idmapped mount API changes 2023-04-10 14:15:36 -07:00
zfs_bootenv.h zfs label bootenv should store data as nvlist 2020-09-15 15:42:27 -07:00
zfs_chksum.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zfs_context.h cred: properly pass and test creds on other threads (#17273) 2025-06-02 16:49:51 -07:00
zfs_debug.h zdb/ztest: send dbgmsg output to stderr 2024-11-15 10:15:01 -08:00
zfs_delay.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zfs_file.h zfs_file: rename zfs_file_fallocate to zfs_file_deallocate 2024-11-15 10:15:00 -08:00
zfs_fuid.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zfs_impl.h Add generic implementation handling and SHA2 impl 2023-03-02 13:52:21 -08:00
zfs_ioctl_impl.h Cleanup: 64-bit kernel module parameters should use fixed width types 2022-10-13 10:03:29 -07:00
zfs_ioctl.h DMU_BACKUP_FEATURE: indicate that bit 28 and 29 are reserved 2022-09-27 16:55:32 -07:00
zfs_onexit.h zfs_onexit_add_cb: make action_handle point to a uintptr_t 2022-11-03 09:52:12 -07:00
zfs_project.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zfs_quota.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zfs_racct.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zfs_ratelimit.h Change checksum & IO delay ratelimit values 2018-03-04 17:34:51 -08:00
zfs_refcount.h Switch refcount tracking from lists to AVL-trees. 2023-06-14 08:02:27 -07:00
zfs_rlock.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zfs_sa.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zfs_stat.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zfs_sysfs.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zfs_vfsops.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zfs_vnops.h BRT: Fix FICLONE/FICLONERANGE shortened copy 2024-02-06 10:01:15 -08:00
zfs_znode.h zfs_znode: lift common code to a single shared file 2024-11-15 10:15:01 -08:00
zil_impl.h ZIL: Improve next log block size prediction 2024-04-19 10:13:38 -07:00
zil.h zfs_log: add flex array fields to log record structs 2024-11-04 10:34:48 -08:00
zio_checksum.h Don't emit cksum_{actual_expected} in ereport.fs.zfs.checksum events 2023-07-21 16:35:12 -07:00
zio_compress.h Skip memory allocation when compressing holes 2023-02-27 14:41:02 -08:00
zio_crypt.h Enable -Wwrite-strings 2022-06-29 14:08:54 -07:00
zio_impl.h value strings: pretty printers for flags and enums 2024-11-15 10:15:00 -08:00
zio_priority.h value strings: pretty printers for flags and enums 2024-11-15 10:15:00 -08:00
zio.h value strings: pretty printers for flags and enums 2024-11-15 10:15:00 -08:00
zrlock.h Pack zrlock_t by 8 bytes 2023-01-05 09:31:55 -08:00
zthr.h Avoid memory allocations in the ARC eviction thread 2022-01-21 10:28:13 -08:00
zvol_impl.h zvol: ensure device minors are properly cleaned up 2024-11-15 10:14:50 -08:00
zvol.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00