From nobody Thu Nov 06 03:38:07 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4d27FD6347z6Fk31; Thu, 06 Nov 2025 03:38:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4d27FD1GSQz3wff; Thu, 06 Nov 2025 03:38:08 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1762400288; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=s2iR5MM/tgl6uZmOYdRCnS27cKALNP9uACUJUYjm5Ho=; b=H0dkiMdBH/7jxypg+j2JPWx9+7EtD9vT7SEt9HrMpwxMkfcVTvioohbVpsMbtL38uyJYm9 uq37D5XMyEYI9W09vPrzhx/XH8bEwT4eUjdDzaiRmFCTj/W5gScyHY0ZnBm5YFZi7Boa2P K/3G3WFbdxdX6dax4kFEVyUonGGLc8Mf1w5Ck+ISfp5ntzjL2LD7FEazRReIloxJgUNcxz DxU4fChgmw9OAUK4drndJpxCIA5smLiAmRpprDDfL4iU1wxN3HnxJ1gRcAx+x3C1lUNB9H TPidrcMOHDNrDlCX1+lWInnWOfWFdOkNrF6inmpzw8/uyHLyrdjsEhVkbQLhVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1762400288; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=s2iR5MM/tgl6uZmOYdRCnS27cKALNP9uACUJUYjm5Ho=; b=DIHP7PeexvGA+XZG6mv/kurWNyED5r/FmrzlncrX1Sd0F25lBL0H1ceulIzypv92jIt1cx 9Ck5/r6uKWPxGyGhEI+UyIfV65t3g47NrxjBHfiPkiwbElXoYdgqj1lhSvsON+CsMiKQj2 xIonUgOmpIMUSjRJfPVtUT0GB8HsKoCazYocjl233/b17OAhGniSae7rhyBfRNB+r9c0Jq 1hXOYS4UwvkGkE5S0j3LyxlkgNP/ks3ZsaW4B8gQzTauWC5RhSQ+X7S9DwOj54t3bd1YOM aEOrhb4tu11VqDGrgHmuNH6xG/upGksPJIl1Ts3FSChEAFYmlhP3rIEWBuVCSA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1762400288; a=rsa-sha256; cv=none; b=lie+lPwaLlxXhUqUtj1YZe7MW1X2Xomi1FGlbSHgHY7WjDL5+RMVZS7vliLxaepCFFmH7A OqDecYM1MOXYM6iUZhijHW1Carweb79hWhdmjMSzVfsAed1LMpYn86XKVThEbvsUP9OX+/ xm8whP12j0XkLlZa9THN/YPdI/XjtNw4PBI0p0H42HbKwU8za+bHRi6mSjtLXTxoO6o1g1 ahym1+4XSyaizOXRknekBTSoAoTgPQZbI0ZKqpjJ4dvN6H5yrTLXQFj/9TlKP6IWQof6YZ 3pxLEFzMpkafmOHN83rRilN2hQ1Z4Fei9V80F3s3F9vpSXL4YVy9sM6sVJ8UCw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4d27FC5dzpz1BFD; Thu, 06 Nov 2025 03:38:07 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5A63c7Q8090323; Thu, 6 Nov 2025 03:38:07 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5A63c7Ni090320; Thu, 6 Nov 2025 03:38:07 GMT (envelope-from git) Date: Thu, 6 Nov 2025 03:38:07 GMT Message-Id: <202511060338.5A63c7Ni090320@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Olivier Certner Subject: git: 2e76660cb71d - stable/15 - setcred(): Fix RACCT resource accounting on credentials change List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 2e76660cb71dc113a4f4e0eb05eb190d7fc99e7f Auto-Submitted: auto-generated The branch stable/15 has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=2e76660cb71dc113a4f4e0eb05eb190d7fc99e7f commit 2e76660cb71dc113a4f4e0eb05eb190d7fc99e7f Author: Olivier Certner AuthorDate: 2025-10-29 17:07:59 +0000 Commit: Olivier Certner CommitDate: 2025-11-06 03:36:33 +0000 setcred(): Fix RACCT resource accounting on credentials change When credentials are changed, we need to adjust the sum of resources associated to the initial and new process' user IDs (and old and new login classes and jails, but setcred() does not change them) for them to stay consistent. PR: 290352 MFC after: 3 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D53457 (cherry picked from commit 2be5127c4a31bacac9b4158395bfa844f6033626) --- sys/kern/kern_prot.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index df725cfebd97..3c145851b683 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -696,7 +696,7 @@ kern_setcred(struct thread *const td, const u_int flags, gid_t *groups = NULL; gid_t smallgroups[CRED_SMALLGROUPS_NB]; int error; - bool cred_set; + bool cred_set = false; /* Bail out on unrecognized flags. */ if (flags & ~SETCREDF_MASK) @@ -839,17 +839,32 @@ kern_setcred(struct thread *const td, const u_int flags, if (cred_set) { setsugid(p); to_free_cred = old_cred; +#ifdef RACCT + racct_proc_ucred_changed(p, old_cred, new_cred); +#endif +#ifdef RCTL + crhold(new_cred); +#endif MPASS(error == 0); } else error = EAGAIN; unlock_finish: PROC_UNLOCK(p); + /* * Part 3: After releasing the process lock, we perform cleanups and * finishing operations. */ +#ifdef RCTL + if (cred_set) { + rctl_proc_ucred_changed(p, new_cred); + /* Paired with the crhold() just above. */ + crfree(new_cred); + } +#endif + #ifdef MAC if (mac_set_proc_data != NULL) mac_set_proc_finish(td, proc_label_set, mac_set_proc_data);