Received: by 2002:a05:6a10:7420:0:0:0:0 with SMTP id hk32csp4028903pxb; Mon, 21 Feb 2022 10:26:43 -0800 (PST) X-Google-Smtp-Source: ABdhPJzJrhZgJ9zPpiFcBd/Z0+HPA70Y0OavRcKwkR9ele5YdTPylui63CQxKqNzO5ZmOj/Crjcj X-Received: by 2002:a05:6402:26cb:b0:3fa:3817:1f78 with SMTP id x11-20020a05640226cb00b003fa38171f78mr22578562edd.219.1645468003667; Mon, 21 Feb 2022 10:26:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645468003; cv=none; d=google.com; s=arc-20160816; b=SmZOBlZp3oFFWDC74Fa+Ipl4gp9F0B4caoxphRUo12WS2xQ2Xqz8eRPA19LgCEhGRI CjauDo8uzcFlYhDPAMd6WFeq3RLhpk0zg2gra7LchZBfp0j62dpHq2GSegLUr0MeklIH xHvQaDh0pR2w3qXwwWZdrO9zYMEeBg9UkxQRAeLOFmn5skuTuRiXBXh3JXxkmVtKfj8l XDXtW9X61E60LOMFI5FMDzPae+7A+qkncEEY7/XS9NfmY0Opb447dxHw/VIDmT0N7lHH z7uVDxf/dXL1IWf6XFB8vWyb+4ffUY01bVN3T+MOgJBBEBTSISzbEAEZOry9Aum8L/vu bB0A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=9SYqbBbOOpX0UfeMAMTLBNR2kViKQu3VdToU5a8Dqv0=; b=XPoZEZpmfc9H7vnI4CNREtXpDZUFu8fqOk9K6dmPW4NX/rFwE2VjOFZxqDKRLrOpag u3+hiY3UjN67dLK2wETuWpEIbhU4Sss+YvOr7jGrPkiuuZN2GpkQIGTmV5P+9SSteKQO NeGuP9vzb8P49rEPJhfPvRa9a8JNTvQJ4jQlpLQFTdEPb7CXK25wFTFVP65IFG2oSwXY uFLeDT68EEcrimZogMzWbiS6Pl6SqcVDsgA3b3M8knoZikUr7E4YgENymUgMD4XVXhYR t3Mk3RHttWsYiV4BM4R1Yv1W6E4Ui7OXDlOKdokB96VNIunKsijcA28+uGMlIPgTgu2s /I8Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ngQOg9zF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n12si14482374edx.380.2022.02.21.10.26.20; Mon, 21 Feb 2022 10:26:43 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ngQOg9zF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1354240AbiBUKDQ (ORCPT + 99 others); Mon, 21 Feb 2022 05:03:16 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:57230 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1352282AbiBUJzR (ORCPT ); Mon, 21 Feb 2022 04:55:17 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 122EC38D9B; Mon, 21 Feb 2022 01:24:27 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A538260E77; Mon, 21 Feb 2022 09:24:26 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 88ACBC340E9; Mon, 21 Feb 2022 09:24:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1645435466; bh=ndV0d7LE6q+zLbv7DPboGaYMp5aB/82uoAfM0/0l9TQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ngQOg9zFDCsoJ7196LKRx+PE7RsHZlyFGI79wMGiha1rNU2VXwwzwZLEkW/BXdU+h 0+JlJZS0f3oolpTpM9vJgOOZ/IXjYNoz2S3NdoohUD0teinDCrANUKw/485vzxL5JL KMQH4mvemnTdzaI5m6qAdJkjSBWLo55KKUe9DCXc= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, =?UTF-8?q?Michal=20Koutn=C3=BD?= , "Eric W. Biederman" Subject: [PATCH 5.16 173/227] ucounts: Base set_cred_ucounts changes on the real user Date: Mon, 21 Feb 2022 09:49:52 +0100 Message-Id: <20220221084940.562469023@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220221084934.836145070@linuxfoundation.org> References: <20220221084934.836145070@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Eric W. Biederman commit a55d07294f1e9b576093bdfa95422f8119941e83 upstream. Michal Koutný wrote: > Tasks are associated to multiple users at once. Historically and as per > setrlimit(2) RLIMIT_NPROC is enforce based on real user ID. > > The commit 21d1c5e386bc ("Reimplement RLIMIT_NPROC on top of ucounts") > made the accounting structure "indexed" by euid and hence potentially > account tasks differently. > > The effective user ID may be different e.g. for setuid programs but > those are exec'd into already existing task (i.e. below limit), so > different accounting is moot. > > Some special setresuid(2) users may notice the difference, justifying > this fix. I looked at cred->ucount and it is only used for rlimit operations that were previously stored in cred->user. Making the fact cred->ucount can refer to a different user from cred->user a bug, affecting all uses of cred->ulimit not just RLIMIT_NPROC. Fix set_cred_ucounts to always use the real uid not the effective uid. Further simplify set_cred_ucounts by noticing that set_cred_ucounts somehow retained a draft version of the check to see if alloc_ucounts was needed that checks the new->user and new->user_ns against the current_real_cred(). Remove that draft version of the check. All that matters for setting the cred->ucounts are the user_ns and uid fields in the cred. Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20220207121800.5079-4-mkoutny@suse.com Link: https://lkml.kernel.org/r/20220216155832.680775-3-ebiederm@xmission.com Reported-by: Michal Koutný Reviewed-by: Michal Koutný Fixes: 21d1c5e386bc ("Reimplement RLIMIT_NPROC on top of ucounts") Signed-off-by: "Eric W. Biederman" Signed-off-by: Greg Kroah-Hartman --- kernel/cred.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) --- a/kernel/cred.c +++ b/kernel/cred.c @@ -665,21 +665,16 @@ EXPORT_SYMBOL(cred_fscmp); int set_cred_ucounts(struct cred *new) { - struct task_struct *task = current; - const struct cred *old = task->real_cred; struct ucounts *new_ucounts, *old_ucounts = new->ucounts; - if (new->user == old->user && new->user_ns == old->user_ns) - return 0; - /* * This optimization is needed because alloc_ucounts() uses locks * for table lookups. */ - if (old_ucounts->ns == new->user_ns && uid_eq(old_ucounts->uid, new->euid)) + if (old_ucounts->ns == new->user_ns && uid_eq(old_ucounts->uid, new->uid)) return 0; - if (!(new_ucounts = alloc_ucounts(new->user_ns, new->euid))) + if (!(new_ucounts = alloc_ucounts(new->user_ns, new->uid))) return -EAGAIN; new->ucounts = new_ucounts;