From: Christian Brauner Date: Mon, 3 Nov 2025 11:26:56 +0000 (+0100) Subject: binfmt_misc: use credential guards X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ff2044cd277d8d2d6d6ea609d5a10fcbe68a23f9;p=thirdparty%2Flinux.git binfmt_misc: use credential guards Use credential guards for scoped credential override with automatic restoration on scope exit. Link: https://patch.msgid.link/20251103-work-creds-guards-simple-v1-8-a3e156839e7f@kernel.org Reviewed-by: Amir Goldstein Signed-off-by: Christian Brauner --- diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c index a839f960cd4a..558db4bd6c2a 100644 --- a/fs/binfmt_misc.c +++ b/fs/binfmt_misc.c @@ -782,8 +782,6 @@ static ssize_t bm_register_write(struct file *file, const char __user *buffer, return PTR_ERR(e); if (e->flags & MISC_FMT_OPEN_FILE) { - const struct cred *old_cred; - /* * Now that we support unprivileged binfmt_misc mounts make * sure we use the credentials that the register @file was @@ -791,9 +789,8 @@ static ssize_t bm_register_write(struct file *file, const char __user *buffer, * didn't matter much as only a privileged process could open * the register file. */ - old_cred = override_creds(file->f_cred); - f = open_exec(e->interpreter); - revert_creds(old_cred); + scoped_with_creds(file->f_cred) + f = open_exec(e->interpreter); if (IS_ERR(f)) { pr_notice("register: failed to install interpreter file %s\n", e->interpreter);