diff options
author | Alexey Gladkov <legion@kernel.org> | 2021-04-22 14:27:09 +0200 |
---|---|---|
committer | Eric W. Biederman <ebiederm@xmission.com> | 2021-04-30 14:14:00 -0500 |
commit | 905ae01c4ae2ae3df05bb141801b1db4b7d83c61 (patch) | |
tree | c4216c817bd6859c8028a25900bcfe4330c1e3c9 /fs/exec.c | |
parent | f9c82a4ea89c384d49ce03768ba88d049ed3f1f0 (diff) | |
download | lwn-905ae01c4ae2ae3df05bb141801b1db4b7d83c61.tar.gz lwn-905ae01c4ae2ae3df05bb141801b1db4b7d83c61.zip |
Add a reference to ucounts for each cred
For RLIMIT_NPROC and some other rlimits the user_struct that holds the
global limit is kept alive for the lifetime of a process by keeping it
in struct cred. Adding a pointer to ucounts in the struct cred will
allow to track RLIMIT_NPROC not only for user in the system, but for
user in the user_namespace.
Updating ucounts may require memory allocation which may fail. So, we
cannot change cred.ucounts in the commit_creds() because this function
cannot fail and it should always return 0. For this reason, we modify
cred.ucounts before calling the commit_creds().
Changelog
v6:
* Fix null-ptr-deref in is_ucounts_overlimit() detected by trinity. This
error was caused by the fact that cred_alloc_blank() left the ucounts
pointer empty.
Reported-by: kernel test robot <oliver.sang@intel.com>
Signed-off-by: Alexey Gladkov <legion@kernel.org>
Link: https://lkml.kernel.org/r/b37aaef28d8b9b0d757e07ba6dd27281bbe39259.1619094428.git.legion@kernel.org
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Diffstat (limited to 'fs/exec.c')
-rw-r--r-- | fs/exec.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/fs/exec.c b/fs/exec.c index 18594f11c31f..d7c4187ca023 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -1360,6 +1360,10 @@ int begin_new_exec(struct linux_binprm * bprm) WRITE_ONCE(me->self_exec_id, me->self_exec_id + 1); flush_signal_handlers(me, 0); + retval = set_cred_ucounts(bprm->cred); + if (retval < 0) + goto out_unlock; + /* * install the new credentials for this executable */ |