From nobody Sun Jun 21 11:48:09 2026 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gjqMt1l7nz6jZHL for ; Sun, 21 Jun 2026 11:48:10 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "YR1" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gjqMs5gX6z3W7Y for ; Sun, 21 Jun 2026 11:48:09 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1782042489; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=L+yXkI9ENZYRimcsnq7Kcsb8Qm99vlPeFhPkEbvQVKc=; b=A74+rSq9Axd1jKrlmIpOP+3z81WfrDClTiB91wgXhAXOIRQFKQEUTHq/FThs6cihshF8vx fDwWcX95tkM1hVKAqVxWUZgCLtWkpRRCRUduxS5w4YfL1/+beFmmgMs5JdCQbY6buwMio3 SnrQGOSFzhLc2eOGfjHo2pvmu6YqIpyVjYEyLmvsRLoJbm8klfzTtDdUF+kI7q2+aC7kwQ hPVHbNVUKJYCGdahrpf7vmfnS1lYS2Z15/iLf5Q5j+UmdXfVNqqsG2VfHLHGzc3ik/egLW pf19Ry0baxRoKRBq9aarWglYy17wZg014w/5W1eRsojhJiKwR6Y7KURM3cctLg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1782042489; a=rsa-sha256; cv=none; b=kTkp18ZR7iCaxGNWRMFWmUQ1NcaHUrSL4jdukB4Gbd+9xStxd0kBOEM5y/BPy4hyR6o65B S11s7xhxxUPICs+YfjYYPLfYQ59vbAy2foZ2K/aCdZ1Iq9wFwnYtzTm2HNrXsmFvGYPwPi Bvmtt4ZoQ0fMkmBmtvYjQ0/c8ZK4vt9hYfkFvGdgtADBOfPBSjx2mduH9IcsxDqf3qiyQ9 hdhb1FDUpMwIUqWWhEv7yrBJrxeF4kNhoxtmo0kdGy9LQRB6mZbRGDJp17btTZt4lJpkxX x99uVjdyelXTazPwiCQlYkK2hT+VjkmUm7eH7Ke3+XAgmvbHL0Sh0koo9q5LeQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1782042489; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=L+yXkI9ENZYRimcsnq7Kcsb8Qm99vlPeFhPkEbvQVKc=; b=ehZ4IBhi1XV1H1cmL0lmPf5S4800vGj6XyWaOAC5ovuOLlcT76OO7feW9CnUiZfh1Nksol Ugo/fqKwgY6B+GFXfs3FxIsbk3BXLEqZpGjUeBCkHIq2aylwWExCRaIheqxOw2CPF1+68I 9GIdtRDKICsFtSzbV5yrksxo3Sc2LKWLzLR+3Y/DoW24D6RhxZ132NcEwNvy2JjesIRFpH KGSWg7Vz+V9fiIPX2B24uFefvp7bmwZlf1HHFjNSV/8/l9+SAmTDpy14H+osKmOYDRC7DV tFK96uEIyB7odsIwnmahevEU+hxB1+UrBAAwmC6e0Sgr5Qd4jFKCUYm7MsL3yQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4gjqMs4R1fz1Dbs for ; Sun, 21 Jun 2026 11:48:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 26861 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Sun, 21 Jun 2026 11:48:09 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Konstantin Belousov Subject: git: 836749817036 - main - kern_resource.c: disallow execve around sysctl kern.proc.rlimitusage List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 836749817036b90b60af0584fa21f2d9dbd60ff7 Auto-Submitted: auto-generated Date: Sun, 21 Jun 2026 11:48:09 +0000 Message-Id: <6a37cf79.26861.38dd2ba8@gitrepo.freebsd.org> The branch main has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=836749817036b90b60af0584fa21f2d9dbd60ff7 commit 836749817036b90b60af0584fa21f2d9dbd60ff7 Author: Konstantin Belousov AuthorDate: 2026-06-16 04:34:16 +0000 Commit: Konstantin Belousov CommitDate: 2026-06-21 11:46:53 +0000 kern_resource.c: disallow execve around sysctl kern.proc.rlimitusage Reviewed by: markj Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: htts://reviews.freebsd.org/D57497 --- sys/kern/kern_resource.c | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/sys/kern/kern_resource.c b/sys/kern/kern_resource.c index 95c4e7d5eead..044e95fa64a0 100644 --- a/sys/kern/kern_resource.c +++ b/sys/kern/kern_resource.c @@ -46,6 +46,7 @@ #include #include #include +#include #include #include #include @@ -823,11 +824,11 @@ sys_getrlimit(struct thread *td, struct getrlimit_args *uap) } static int -getrlimitusage_one(struct proc *p, u_int which, int flags, rlim_t *res) +getrlimitusage_one(struct proc *p, struct vmspace *vm, u_int which, int flags, + rlim_t *res) { struct thread *td; struct uidinfo *ui; - struct vmspace *vm; uid_t uid; int error; @@ -838,7 +839,6 @@ getrlimitusage_one(struct proc *p, u_int which, int flags, rlim_t *res) PROC_UNLOCK(p); ui = uifind(uid); - vm = vmspace_acquire_ref(p); switch (which) { case RLIMIT_CPU: @@ -919,7 +919,6 @@ getrlimitusage_one(struct proc *p, u_int which, int flags, rlim_t *res) break; } - vmspace_free(vm); uifree(ui); return (error); } @@ -927,12 +926,15 @@ getrlimitusage_one(struct proc *p, u_int which, int flags, rlim_t *res) int sys_getrlimitusage(struct thread *td, struct getrlimitusage_args *uap) { + struct proc *p; rlim_t res; int error; if ((uap->flags & ~(GETRLIMITUSAGE_EUID)) != 0) return (EINVAL); - error = getrlimitusage_one(curproc, uap->which, uap->flags, &res); + p = curproc; + error = getrlimitusage_one(p, p->p_vmspace, uap->which, uap->flags, + &res); if (error == 0) error = copyout(&res, uap->res, sizeof(res)); return (error); @@ -1797,6 +1799,8 @@ sysctl_kern_proc_rlimit_usage(SYSCTL_HANDLER_ARGS) { rlim_t resval[RLIM_NLIMITS]; struct proc *p; + struct thread *td; + struct vmspace *vm; size_t len; int error, *name, i; @@ -1806,15 +1810,20 @@ sysctl_kern_proc_rlimit_usage(SYSCTL_HANDLER_ARGS) if (req->newptr != NULL) return (EINVAL); - error = pget((pid_t)name[0], PGET_WANTREAD, &p); + td = curthread; + error = pget((pid_t)name[0], PGET_HOLD | PGET_NOTWEXIT, &p); if (error != 0) return (error); + error = proc_vmspace_ref(td, p, PRVM_BLOCK_EXEC | + PRVM_CHECK_VISIBILITY, &vm); + if (error != 0) + goto out; if ((u_int)arg2 == 1) { len = sizeof(resval); memset(resval, 0, sizeof(resval)); for (i = 0; i < RLIM_NLIMITS; i++) { - error = getrlimitusage_one(p, (unsigned)i, 0, + error = getrlimitusage_one(p, vm, (unsigned)i, 0, &resval[i]); if (error == ENXIO) { resval[i] = -1; @@ -1825,7 +1834,7 @@ sysctl_kern_proc_rlimit_usage(SYSCTL_HANDLER_ARGS) } } else { len = sizeof(resval[0]); - error = getrlimitusage_one(p, (unsigned)name[1], 0, + error = getrlimitusage_one(p, vm, (unsigned)name[1], 0, &resval[0]); if (error == ENXIO) { resval[0] = -1; @@ -1834,6 +1843,8 @@ sysctl_kern_proc_rlimit_usage(SYSCTL_HANDLER_ARGS) } if (error == 0) error = SYSCTL_OUT(req, resval, len); + proc_vmspace_unref(td, p, PRVM_BLOCK_EXEC | PRVM_CHECK_VISIBILITY, vm); +out: PRELE(p); return (error); }