git://git.whamcloud.com - fs/lustre-release.git/commit

author	Sebastien Buisson <sbuisson@ddn.com>
	Wed, 14 Aug 2024 16:08:17 +0000 (18:08 +0200)
committer	Oleg Drokin <green@whamcloud.com>
	Fri, 23 Aug 2024 22:09:19 +0000 (22:09 +0000)
commit	e2156e69cc87850cac455c1e16776bbd64cacf10
tree	62a65a4bde939f0c3a4d9c067af1b643f7e4cdad	tree \| snapshot
parent	bd73e2326a6f24a2b6e05655400293a54e911128	commit \| diff

LU-18145 gss: fix key unlink for regular user

In case a key is unlinked for a regular user, it can be necessary to
switch credentials to find a valid keyring for that user, which
implies changing the user namespace as well. This needs a reference
drop on the original namespace, as a ref was taken by prepare_creds(),
and also to take a reference on the newly set namespace, as a ref will
be dropped when put_cred() is finally called.

Because of the user switch, calling get_user_keyring() also adds one
more ref on the user keyring, for kernel implementation based on user
keyring pinned from the user_struct struct. This extra ref needs to be
dropped, but just for this specific case.

Test-Parameters: trivial
Test-Parameters: testgroup=review-dne-selinux-ssk-part-1
Test-Parameters: testgroup=review-dne-selinux-ssk-part-2
Test-Parameters: kerberos=true testlist=sanity-krb5
Fixes: bc740feeaa ("LU-17714 gss: support revoked session keyring")
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I4d8fb354394a9f97dedf8aca84e4e3381a98fc60
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/56053
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
Reviewed-by: Bruno Faccini <bfaccini@nvidia.com>
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>