[Devel] [PATCH RHEL9 COMMIT] ucounts: Fix ucount incr/decr when uid is changed without changing the underlying user_struct

Konstantin Khorenko khorenko at virtuozzo.com
Tue Mar 14 17:10:47 MSK 2023 

The commit is pushed to "branch-rh9-5.14.0-162.18.1.vz9.19.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh9-5.14.0-162.18.1.vz9.19.1
------>
commit 63545f69bd2ae09654769f3adf56eb5c40db0b94
Author: Nikolay Borisov <nikolay.borisov at virtuozzo.com>
Date:   Thu Mar 9 12:37:01 2023 +0200

    ucounts: Fix ucount incr/decr when uid is changed without changing the underlying user_struct
    
    When preforming setuid the general expectation is that the underlying
    user_struct will also be changed. However, in our kernels this doesn't
    hold true to the presence of ff716deacf0c ("userns: associate
    user_struct with the user_namespace").
    
    Running userns08 testcase from ltp causes a warning to be triggered
    when decrementing NPROC count on process reap. The reason for the
    warning is when the uid is changed the relevant code in commit_cred()
    is supposed to adjust the ucounts for the old (pre-setuid) and new
    (after setuid) state. However, the check in the upstream kernel only
    triggers if userns or user_struct have changed. Fix the issue by
    augmenting the check to ensure NPROC is adjusted when just the uid is
    changed.
    
    https://jira.sw.ru/browse/PSBM-145641
    Signed-off-by: Nikolay Borisov <nikolay.borisov at virtuozzo.com>
    
    Feature: userns: make user related resources per userns
---
 kernel/cred.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/kernel/cred.c b/kernel/cred.c
index 96466cc1c527..9e7c04a8d8f1 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -495,11 +495,13 @@ int commit_creds(struct cred *new)
 	 * in set_user().
 	 */
 	alter_cred_subscribers(new, 2);
-	if (new->user != old->user || new->user_ns != old->user_ns)
+	if (new->user != old->user || new->user_ns != old->user_ns ||
+	    !uid_eq(new->uid, old->uid))
 		inc_rlimit_ucounts(new->ucounts, UCOUNT_RLIMIT_NPROC, 1);
 	rcu_assign_pointer(task->real_cred, new);
 	rcu_assign_pointer(task->cred, new);
-	if (new->user != old->user || new->user_ns != old->user_ns)
+	if (new->user != old->user || new->user_ns != old->user_ns ||
+	    !uid_eq(new->uid, old->uid))
 		dec_rlimit_ucounts(old->ucounts, UCOUNT_RLIMIT_NPROC, 1);
 	alter_cred_subscribers(old, -2);

More information about the Devel mailing list