summaryrefslogtreecommitdiffstats
path: root/fs/exec.c
diff options
context:
space:
mode:
authorAlexey Gladkov <legion@kernel.org>2021-04-22 14:27:09 +0200
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2021-07-14 16:55:48 +0200
commitb2c4d9a33cc2dec7466f97eba2c4dd571ad798a5 (patch)
tree243f8dbe0078ed37b4ed749031d6dde24265f099 /fs/exec.c
parent61a7a634a0c8791729439c27b0193a34e6f3809a (diff)
downloadlinux-stable-b2c4d9a33cc2dec7466f97eba2c4dd571ad798a5.tar.gz
linux-stable-b2c4d9a33cc2dec7466f97eba2c4dd571ad798a5.tar.bz2
linux-stable-b2c4d9a33cc2dec7466f97eba2c4dd571ad798a5.zip
Add a reference to ucounts for each cred
[ Upstream commit 905ae01c4ae2ae3df05bb141801b1db4b7d83c61 ] For RLIMIT_NPROC and some other rlimits the user_struct that holds the global limit is kept alive for the lifetime of a process by keeping it in struct cred. Adding a pointer to ucounts in the struct cred will allow to track RLIMIT_NPROC not only for user in the system, but for user in the user_namespace. Updating ucounts may require memory allocation which may fail. So, we cannot change cred.ucounts in the commit_creds() because this function cannot fail and it should always return 0. For this reason, we modify cred.ucounts before calling the commit_creds(). Changelog v6: * Fix null-ptr-deref in is_ucounts_overlimit() detected by trinity. This error was caused by the fact that cred_alloc_blank() left the ucounts pointer empty. Reported-by: kernel test robot <oliver.sang@intel.com> Signed-off-by: Alexey Gladkov <legion@kernel.org> Link: https://lkml.kernel.org/r/b37aaef28d8b9b0d757e07ba6dd27281bbe39259.1619094428.git.legion@kernel.org Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'fs/exec.c')
-rw-r--r--fs/exec.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/fs/exec.c b/fs/exec.c
index ca89e0e3ef10..c7a4ef8df305 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1347,6 +1347,10 @@ int begin_new_exec(struct linux_binprm * bprm)
WRITE_ONCE(me->self_exec_id, me->self_exec_id + 1);
flush_signal_handlers(me, 0);
+ retval = set_cred_ucounts(bprm->cred);
+ if (retval < 0)
+ goto out_unlock;
+
/*
* install the new credentials for this executable
*/