ksmbd: run set info with opener credentials

SMB2 SET_INFO handlers call path-based VFS helpers after checking the
access mask granted to the SMB handle. Those helpers perform their owner,
inode permission and LSM checks using the current ksmbd worker credentials.

Run the complete SET_INFO dispatch with the credentials captured when the
handle was opened. This also removes the separate security information
credential setup and keeps all SET_INFO classes under one credential scope.

Direct override_creds() is used because it can nest with the request
credential overrides already used by rename and link helpers.

Cc: stable@vger.kernel.org
Reported-by: Musaab Khan <musaab.khan@protonmail.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c
index 96dcb78cfb925d3813ea5009dc7baee5ca8c8251..6d3f975d582f4bfbbe060e4af93163e95da4b6fe 100644 (file)
--- a/fs/smb/server/smb2pdu.c
+++ b/fs/smb/server/smb2pdu.c
@@ -6762,6 +6762,7 @@ static int smb2_set_info_sec(struct ksmbd_file *fp, int addition_info,
  */
 int smb2_set_info(struct ksmbd_work *work)
 {
+       const struct cred *saved_cred;
        struct smb2_set_info_req *req;
        struct smb2_set_info_rsp *rsp;
        struct ksmbd_file *fp = NULL;
@@ -6803,6 +6804,7 @@ int smb2_set_info(struct ksmbd_work *work)
                goto err_out;
        }
 
+       saved_cred = override_creds(fp->filp->f_cred);
        switch (req->InfoType) {
        case SMB2_O_INFO_FILE:
                ksmbd_debug(SMB, "GOT SMB2_O_INFO_FILE\n");
@@ -6810,19 +6812,15 @@ int smb2_set_info(struct ksmbd_work *work)
                break;
        case SMB2_O_INFO_SECURITY:
                ksmbd_debug(SMB, "GOT SMB2_O_INFO_SECURITY\n");
-               if (ksmbd_override_fsids(work)) {
-                       rc = -ENOMEM;
-                       goto err_out;
-               }
                rc = smb2_set_info_sec(fp,
                                       le32_to_cpu(req->AdditionalInformation),
                                       (char *)req + le16_to_cpu(req->BufferOffset),
                                       le32_to_cpu(req->BufferLength));
-               ksmbd_revert_fsids(work);
                break;
        default:
                rc = -EOPNOTSUPP;
        }
+       revert_creds(saved_cred);
 
        if (rc < 0)
                goto err_out;