Received: by 2002:a05:6a10:7420:0:0:0:0 with SMTP id hk32csp4339437pxb;
        Mon, 21 Feb 2022 18:26:30 -0800 (PST)
X-Google-Smtp-Source: ABdhPJzZWF5P6lyh5P2nKnQPe7I0pap2XDCx7rYSBPivd9U65Ks4CNeXFvm6DlNpwB5TYkGF9rvY
X-Received: by 2002:aa7:c041:0:b0:410:ee83:3c91 with SMTP id k1-20020aa7c041000000b00410ee833c91mr24216332edo.407.1645496790092;
        Mon, 21 Feb 2022 18:26:30 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1645496790; cv=none;
        d=google.com; s=arc-20160816;
        b=nBst01xMf/prTbsoXqkAwsmmBOc8BSHaHQr6Qdzz4oan83uobTZNUPHZszSVvPaiIf
         O/L1cu6c75a2oNYEtjwAeHZce1YRCXye1AB50HX5sJBlvzKZUJcfj5XrEnF/mLtpWR1E
         ZuW84j+QBwxumPMxu3JwzSqjCZVwHn+DFlNc3h9+HuCmvAuZXUJ+aNddgSVxkLFMbKY2
         WVpLqRUr7e5XuHzko2iRwvgTv5Oy7R5LUO9kMCRLfA7tPpFJ7x+TGWrrG/q9mZ31qjSc
         Q7wkcKeRy3ic9dSXVfrauExCkdojIa/2ibnFAa/jUYKKmw/wjnQsNIDV8XS8dyC0MzsY
         MVjg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=owAuPlLPxUpdxXFn72T0y1A1djpcH5e6GJWmEZLTXOE=;
        b=owZF7wIAIb5Ac0A6/HgwEIMD7nDHpX6lzOoIaqDHzbVogv4gI46QWrwI0YZu3RklhE
         LUi0CMugonx+0mHU5I0ByI+h8PZ/0bI2NuK4lh0v+s4juOcXsEYeJWEa/SatQjVwUzuQ
         sZD3aVFtk+fmfoFm5RCEklSq7Ig0oQdGs4QZg/WzU0OQPjulq5W9vNgmYpfJFD1sNfwy
         ppO59eunUC4VXmi8377fI6ZxepAdRuan1iE+pyS+PjKWUerx/xznFzkgc4Zoa4JI66RE
         D2QCa6PgBBx2F8Fml/dUXqWCSruvURG/TVffG5qcOJXIG1Y9vPdop+jdShpjwj4e5pDE
         Rhaw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=JpJOqU9b;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id sh12si10106562ejc.109.2022.02.21.18.26.06;
        Mon, 21 Feb 2022 18:26:30 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=JpJOqU9b;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1354086AbiBUKMB (ORCPT <rfc822;andreykovskii@gmail.com>
        + 99 others); Mon, 21 Feb 2022 05:12:01 -0500
Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:56862 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1352868AbiBUJ4y (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 21 Feb 2022 04:56:54 -0500
Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D51B445048;
        Mon, 21 Feb 2022 01:24:42 -0800 (PST)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ams.source.kernel.org (Postfix) with ESMTPS id 83E6FB80EB8;
        Mon, 21 Feb 2022 09:24:41 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id BD81DC340E9;
        Mon, 21 Feb 2022 09:24:39 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1645435480;
        bh=7/FBbwrvHWUltZ4Jxxrkk2lhlNEV2NohBiXF+5Bj8II=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=JpJOqU9b3kLwHvoFCSUhxjjZmO2fmAzGUtK0H2+cYBdS0CCM9CCO8bxbpJ4m2JO6S
         IbUYRhD+Q5uZhDeHgZuMllVJVy5SHWJQFFdXFLfJgOXj0u6HDwxYNLKjL3h+orz+Ab
         PCQLJb/fKc4PVEcfb1f3CVtM21+NYjqjJZ8odrvQ=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, "Eric W. Biederman" <ebiederm@xmission.com>
Subject: [PATCH 5.16 177/227] ucounts: Move RLIMIT_NPROC handling after set_user
Date:   Mon, 21 Feb 2022 09:49:56 +0100
Message-Id: <20220221084940.695551387@linuxfoundation.org>
X-Mailer: git-send-email 2.35.1
In-Reply-To: <20220221084934.836145070@linuxfoundation.org>
References: <20220221084934.836145070@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Eric W. Biederman <ebiederm@xmission.com>

commit c923a8e7edb010da67424077cbf1a6f1396ebd2e upstream.

During set*id() which cred->ucounts to charge the the current process
to is not known until after set_cred_ucounts.  So move the
RLIMIT_NPROC checking into a new helper flag_nproc_exceeded and call
flag_nproc_exceeded after set_cred_ucounts.

This is very much an arbitrary subset of the places where we currently
change the RLIMIT_NPROC accounting, designed to preserve the existing
logic.

Fixing the existing logic will be the subject of another series of
changes.

Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/20220216155832.680775-4-ebiederm@xmission.com
Fixes: 21d1c5e386bc ("Reimplement RLIMIT_NPROC on top of ucounts")
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 kernel/sys.c |   19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -472,6 +472,16 @@ static int set_user(struct cred *new)
 	if (!new_user)
 		return -EAGAIN;
 
+	free_uid(new->user);
+	new->user = new_user;
+	return 0;
+}
+
+static void flag_nproc_exceeded(struct cred *new)
+{
+	if (new->ucounts == current_ucounts())
+		return;
+
 	/*
 	 * We don't fail in case of NPROC limit excess here because too many
 	 * poorly written programs don't check set*uid() return code, assuming
@@ -480,14 +490,10 @@ static int set_user(struct cred *new)
 	 * failure to the execve() stage.
 	 */
 	if (is_ucounts_overlimit(new->ucounts, UCOUNT_RLIMIT_NPROC, rlimit(RLIMIT_NPROC)) &&
-			new_user != INIT_USER)
+			new->user != INIT_USER)
 		current->flags |= PF_NPROC_EXCEEDED;
 	else
 		current->flags &= ~PF_NPROC_EXCEEDED;
-
-	free_uid(new->user);
-	new->user = new_user;
-	return 0;
 }
 
 /*
@@ -562,6 +568,7 @@ long __sys_setreuid(uid_t ruid, uid_t eu
 	if (retval < 0)
 		goto error;
 
+	flag_nproc_exceeded(new);
 	return commit_creds(new);
 
 error:
@@ -624,6 +631,7 @@ long __sys_setuid(uid_t uid)
 	if (retval < 0)
 		goto error;
 
+	flag_nproc_exceeded(new);
 	return commit_creds(new);
 
 error:
@@ -703,6 +711,7 @@ long __sys_setresuid(uid_t ruid, uid_t e
 	if (retval < 0)
 		goto error;
 
+	flag_nproc_exceeded(new);
 	return commit_creds(new);
 
 error: