From nobody Thu Jul 31 19:00:37 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4btJLv02Jnz62vmf; Thu, 31 Jul 2025 19:00:39 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4btJLt5wZtz3mxT; Thu, 31 Jul 2025 19:00:38 +0000 (UTC) (envelope-from kevans@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1753988438; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=D/cRWnfwKyZ0AJwjLN0tKta9MUO2FxY4TgA4wd5ywCw=; b=FjxqWwaqbdCumdF41Pe7fG9EZqKEtbWR3kMV6oYYwR/XH7EAYCOZTC3RSHw6af++DY62tV tXQiPlJhxnlNuDqt62MlWFiozziGdx1kyWGcUdtBhY4+C1Pu9MlfjFtkOadzad/wnS4Dwp nv84qgOp57zNwPQrZbPLDGQQZVa7G7/1ejz4q4ivk+w4ovm5+f32mpwrU8NxkXn/5DyjPT kcMhmrUBCCdEPGEbCxcp81sCaps0KMJuntZYAwAnPZVHFCmzOduclfrRC3RA++dHbIGLy+ 4yfNqjxwJR+rwLyrCb0eLOLa7AjO8lG6IFpJdAgVXnDx2EzOrxGZlF4hPLQerg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1753988438; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=D/cRWnfwKyZ0AJwjLN0tKta9MUO2FxY4TgA4wd5ywCw=; b=YRL43jzwaoplfKNuEenXxx+RUSxiHaznlAlW7DAmSXMad6ojY/oK1tDRf3bvdB0JK5FAow AntIlb5RLJffy0NyQJj2L2wfb9+AFieFvFcuJGnrcsLPhZ+PfqXs4ymvrP2KVQ11/2WgE+ MxA53tBPcuYJwo5phIPB0bj4b5vofLaNlue4a8VfKSNg9boswrrAKl1aGzyHFV+2a5hAw0 2rDXZetc1r0R2rWPhAsMK+SjLXzU9LASjWhVs3ygh+GuKDnHab0MwEtWKhdNVnrwx47uz5 MJuGx+SXo+6WsUq4qnWeMtYFiu1E1KB1S8VUUqTdp7A9nOdysXgg3BSRjsso9Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1753988438; a=rsa-sha256; cv=none; b=waqsySDNpIaHafseGh5Q2fcpQuc8KUWeI57QdGLEqCgANV99jPW5K5zNnF7Yxq6BXnAv2s 6hEDLXfoI05pYjXcy99Q0dH5bz+qON8+yBhM/kMw2TMmNsy/apCOpZx0bgstfvdOli/bOZ Vm2BvrbEMnMm/xzhAgoxObEuuJ8mGOaYtCeyRu5kd0rQCjt9OFh7VkheaolODJwkJVHqh5 0wsg197f/RLAMK9m8EpLGDz9wHR1MlMh+fe75LKNL+/Hvs2e0eUBtKpE/gmYf9j5Tuo6wD SvJoNfQXmfDCd3PSGXR+BTcUpVXvw3E391v491LCPY1TNB4UFThPPvbsGmC+8w== Received: from [10.9.4.95] (unknown [209.182.120.176]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: kevans/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4btJLt2hmgzP62; Thu, 31 Jul 2025 19:00:37 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Message-ID: <4184e804-b731-4b4e-9399-d27f776f575d@FreeBSD.org> Date: Thu, 31 Jul 2025 14:00:37 -0500 List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: git: be1f7435ef21 - main - kern: start tracking cr_gid outside of cr_groups[] To: Mark Johnston , olce@freebsd.org Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org References: <202507310444.56V4icA3054832@gitrepo.freebsd.org> Content-Language: en-US From: Kyle Evans In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 7/31/25 13:46, Mark Johnston wrote: > On Thu, Jul 31, 2025 at 04:44:38AM +0000, Kyle Evans wrote: >> The branch main has been updated by kevans: >> >> URL: https://cgit.FreeBSD.org/src/commit/?id=be1f7435ef218b1df35aebf3b90dd65ffd8bbe51 >> >> commit be1f7435ef218b1df35aebf3b90dd65ffd8bbe51 >> Author: Kyle Evans >> AuthorDate: 2025-07-31 04:44:11 +0000 >> Commit: Kyle Evans >> CommitDate: 2025-07-31 04:44:11 +0000 >> >> kern: start tracking cr_gid outside of cr_groups[] >> >> This is the (mostly) kernel side of de-conflating cr_gid and the >> supplemental groups. The pre-existing behavior for getgroups() and >> setgroups() is retained to keep the user <-> kernel boundary >> functionally the same while we audit use of these syscalls, but we can >> remove a lot of the internal special-casing just by reorganizing ucred >> like this. >> >> struct xucred has been altered because the cr_gid macro becomes >> problematic if ucred has a real cr_gid member but xucred does not. Most >> notably, they both also have cr_groups[] members, so the definition >> means that we could easily have situations where we end up using the >> first supplemental group as the egid in some places. We really can't >> change the ABI of xucred, so instead we alias the first member to the >> `cr_gid` name and maintain the status quo. >> >> This also fixes the Linux setgroups(2)/getgroups(2) implementation to >> more cleanly preserve the group set, now that we don't need to special >> case cr_groups[0]. >> >> __FreeBSD_version bumped for the `struct ucred` ABI break. >> >> For relnotes: downstreams and out-of-tree modules absolutely must fix >> any references to cr_groups[0] in their code. These are almost >> exclusively incorrect in the new world, and cr_gid should be used >> instead. There is a cr_gid macro available in earlier FreeBSD versions >> that can be used to avoid having version-dependant conditionals to refer >> to the effective group id. Surrounding code may need adjusted if it >> peels off the first element of cr_groups and uses the others as the >> supplemental groups, since the supplemental groups start at cr_groups[0] >> now if &cr_groups[0] != &cr_gid. >> >> Relnotes: yes (see last paragraph) >> Co-authored-by: olce >> Differential Revision: https://reviews.freebsd.org/D51489 > > This syzbot report looks like it might be related to this change: > https://syzkaller.appspot.com/bug?extid=4e68da43c26f357a2b7e > > No reproducer yet, but sometimes it takes a little while. I'll keep an eye out, thanks. It strikes me that crsetgroups_internal should probably grow a groups_check_max_len() call; this assertion likely would have happened in a much more useful spot in the first place. Thanks, Kyle Evans