git: e41c28e67fac - main - linux_prlimit(): block execve for the target
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 21 Jun 2026 11:48:11 UTC
The branch main has been updated by kib:
URL: https://cgit.FreeBSD.org/src/commit/?id=e41c28e67fac9cd22a85b160c5c9d0477ed03600
commit e41c28e67fac9cd22a85b160c5c9d0477ed03600
Author: Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2026-06-07 19:21:40 +0000
Commit: Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2026-06-21 11:46:53 +0000
linux_prlimit(): block execve for the target
Reviewed by: markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D57497
---
sys/compat/linux/linux_misc.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/sys/compat/linux/linux_misc.c b/sys/compat/linux/linux_misc.c
index c863e1db8b02..3aecc0106aaa 100644
--- a/sys/compat/linux/linux_misc.c
+++ b/sys/compat/linux/linux_misc.c
@@ -2038,6 +2038,7 @@ linux_prlimit64(struct thread *td, struct linux_prlimit64_args *args)
u_int which;
int flags;
int error;
+ bool exec_blocked;
if (args->new == NULL && args->old != NULL) {
if (linux_get_dummy_limit(td, args->resource, &rlim)) {
@@ -2065,6 +2066,7 @@ linux_prlimit64(struct thread *td, struct linux_prlimit64_args *args)
return (error);
}
+ exec_blocked = false;
flags = PGET_HOLD | PGET_NOTWEXIT;
if (args->new != NULL)
flags |= PGET_CANDEBUG;
@@ -2077,6 +2079,14 @@ linux_prlimit64(struct thread *td, struct linux_prlimit64_args *args)
error = pget(args->pid, flags, &p);
if (error != 0)
return (error);
+ exec_blocked = true;
+ PROC_LOCK(p);
+ execve_block_wait(td, p);
+ error = args->new != NULL ? p_candebug(td, p) :
+ p_cansee(td, p);
+ PROC_UNLOCK(p);
+ if (error != 0)
+ goto out;
}
if (args->old != NULL) {
PROC_LOCK(p);
@@ -2099,6 +2109,11 @@ linux_prlimit64(struct thread *td, struct linux_prlimit64_args *args)
error = kern_proc_setrlimit(td, p, which, &nrlim);
out:
+ if (exec_blocked) {
+ PROC_LOCK(p);
+ execve_unblock(td, p);
+ PROC_UNLOCK(p);
+ }
PRELE(p);
return (error);
}