Page MenuHomeFreeBSD
Files F142069481

D53563.id165939.diff
No OneTemporary
Actions

D53563.id165939.diff
View Options

diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -3043,14 +3043,19 @@
PROC_LOCK(p);
oldcred = crcopysafe(p, newcred);
newcred->cr_prison = pr;
- proc_set_cred(p, newcred);
- setsugid(p);
#ifdef RACCT
racct_proc_ucred_changed(p, oldcred, newcred);
#endif
#ifdef RCTL
crhold(newcred);
#endif
+ /*
+ * Takes over 'newcred''s reference, so 'newcred' must not be used
+ * besides this point except on RCTL where we took an additional
+ * reference above.
+ */
+ proc_set_cred(p, newcred);
+ setsugid(p);
PROC_UNLOCK(p);
#ifdef RCTL
rctl_proc_ucred_changed(p, newcred);
diff --git a/sys/kern/kern_loginclass.c b/sys/kern/kern_loginclass.c
--- a/sys/kern/kern_loginclass.c
+++ b/sys/kern/kern_loginclass.c
@@ -222,13 +222,18 @@
PROC_LOCK(p);
oldcred = crcopysafe(p, newcred);
newcred->cr_loginclass = newlc;
- proc_set_cred(p, newcred);
#ifdef RACCT
racct_proc_ucred_changed(p, oldcred, newcred);
#endif
#ifdef RCTL
crhold(newcred);
#endif
+ /*
+ * Takes over 'newcred''s reference, so 'newcred' must not be used
+ * besides this point except on RCTL where we took an additional
+ * reference above.
+ */
+ proc_set_cred(p, newcred);
PROC_UNLOCK(p);
#ifdef RCTL
rctl_proc_ucred_changed(p, newcred);
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -832,22 +832,31 @@
if (error != 0)
goto unlock_finish;
+#ifdef RACCT
/*
- * Set the new credentials, noting that they have changed.
+ * Hold a reference to 'new_cred', as we need to call some functions on
+ * it after proc_set_cred_enforce_proc_lim().
*/
+ crhold(new_cred);
+#endif
+
+ /* Set the new credentials. */
cred_set = proc_set_cred_enforce_proc_lim(p, new_cred);
if (cred_set) {
setsugid(p);
- to_free_cred = old_cred;
#ifdef RACCT
+ /* Adjust RACCT counters. */
racct_proc_ucred_changed(p, old_cred, new_cred);
#endif
-#ifdef RCTL
- crhold(new_cred);
-#endif
+ to_free_cred = old_cred;
MPASS(error == 0);
- } else
+ } else {
+#ifdef RACCT
+ /* Matches the crhold() just before the containing 'if'. */
+ crfree(new_cred);
+#endif
error = EAGAIN;
+ }
unlock_finish:
PROC_UNLOCK(p);
@@ -857,10 +866,12 @@
* finishing operations.
*/
-#ifdef RCTL
+#ifdef RACCT
if (cred_set) {
+#ifdef RCTL
rctl_proc_ucred_changed(p, new_cred);
- /* Paired with the crhold() just above. */
+#endif
+ /* Paired with the crhold() above. */
crfree(new_cred);
}
#endif
@@ -991,16 +1002,19 @@
change_euid(newcred, uip);
setsugid(p);
}
- /*
- * This also transfers the proc count to the new user.
- */
- proc_set_cred(p, newcred);
+
#ifdef RACCT
racct_proc_ucred_changed(p, oldcred, newcred);
#endif
#ifdef RCTL
crhold(newcred);
#endif
+ /*
+ * Takes over 'newcred''s reference, so 'newcred' must not be used
+ * besides this point except on RCTL where we took an additional
+ * reference above.
+ */
+ proc_set_cred(p, newcred);
PROC_UNLOCK(p);
#ifdef RCTL
rctl_proc_ucred_changed(p, newcred);
@@ -1404,13 +1418,18 @@
change_svuid(newcred, newcred->cr_uid);
setsugid(p);
}
- proc_set_cred(p, newcred);
#ifdef RACCT
racct_proc_ucred_changed(p, oldcred, newcred);
#endif
#ifdef RCTL
crhold(newcred);
#endif
+ /*
+ * Takes over 'newcred''s reference, so 'newcred' must not be used
+ * besides this point except on RCTL where we took an additional
+ * reference above.
+ */
+ proc_set_cred(p, newcred);
PROC_UNLOCK(p);
#ifdef RCTL
rctl_proc_ucred_changed(p, newcred);
@@ -1552,13 +1571,18 @@
change_svuid(newcred, suid);
setsugid(p);
}
- proc_set_cred(p, newcred);
#ifdef RACCT
racct_proc_ucred_changed(p, oldcred, newcred);
#endif
#ifdef RCTL
crhold(newcred);
#endif
+ /*
+ * Takes over 'newcred''s reference, so 'newcred' must not be used
+ * besides this point except on RCTL where we took an additional
+ * reference above.
+ */
+ proc_set_cred(p, newcred);
PROC_UNLOCK(p);
#ifdef RCTL
rctl_proc_ucred_changed(p, newcred);
@@ -2783,7 +2807,7 @@
* 'enforce_proc_lim' being true and if no new process can be accounted to the
* new real UID because of the current limit (see the inner comment for more
* details) and the caller does not have privilege (PRIV_PROC_LIMIT) to override
- * that.
+ * that. In this case, the reference to 'newcred' is not taken over.
*/
static bool
_proc_set_cred(struct proc *p, struct ucred *newcred, bool enforce_proc_lim)
diff --git a/sys/kern/kern_racct.c b/sys/kern/kern_racct.c
--- a/sys/kern/kern_racct.c
+++ b/sys/kern/kern_racct.c
@@ -949,8 +949,10 @@
}
/*
- * Called after credentials change, to move resource utilisation
- * between raccts.
+ * Called to signal credentials change, to move resource utilisation
+ * between raccts. Must be called with the proc lock held, in the same span as
+ * the credentials change itself (i.e., without the proc lock being unlocked
+ * between the two), but the order does not matter.
*/
void
racct_proc_ucred_changed(struct proc *p, struct ucred *oldcred,

File Metadata

Mime Type
text/plain
Expires
Fri, Jan 16, 5:55 PM (7 h, 12 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
27664048
Default Alt Text
D53563.id165939.diff (4 KB)

Event Timeline