From nobody Fri Dec 19 09:19:19 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4dXhn36W4mz6LBGP for ; Fri, 19 Dec 2025 09:19:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4dXhn3406pz44vB for ; Fri, 19 Dec 2025 09:19:19 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1766135959; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=iiYHnwJbFYFVDxregm9lfC8rIgzLqjuDoauaOSZBaw4=; b=routoAbRDJfPmptSHC8bVkWsszBUkodDL/h2vmJY4SS2VdOsDNRSxubmftM4HCJgRI6Au5 lHVoKsTGQ1dVYi9YnrU1nd8MzGAi4rMxlfkULEG02y97FMeU++o/paFm0DYdKyB/Mq87lj Y5+yzOtfbnLImxwnjcr726/tct5VTKo4UrNRXjlbJU1kK7KoNocGn2XJxW2SmwgkuVTz93 NyBE+6wSLr6XUtgvvRCTl2mHpznsltJ8o13QXz0cLQ9jwJNULVm4aALg8LIyuClpapKaBt bAdQeO+2CXdFlxQRKKJrKzhTO0pZj+rrIEMPSX9ErugE+5fTXuWwh0wnvZ4UTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1766135959; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=iiYHnwJbFYFVDxregm9lfC8rIgzLqjuDoauaOSZBaw4=; b=sV+kpReMNCR8AbV0gEK9Wac14E6lCFH5wDjRzWKfM6SV/jg6Go4KUIKuHX3goTVB8R/fj+ xRw1qnS5tFCqobb36xx1hrV4tvSQXb6VMRl+QRN3ou79W+x5k/njkxzhBcywXS3QMyNtRy ZuJuJgiAfavAgyijSSBpZvRr0lnRECvhoBPxQkaDIvHPw9kxohiF3qKIb84ZWUlOgJMQ64 63PJcPmvFiNk4kStdwH5uZ9NxXho9C1/4EgUg/1yOh4cf0YROaQeXDXdb7Neg3UdIBvoKZ YhnqQSM1q5G1ViZBTfZ06DeE178ZOojq4lQw/34PPyUVE1bSsahRRhK9EjCCKQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1766135959; a=rsa-sha256; cv=none; b=yV9upSTTm9BnP3GWlyyX31CEg9BgbSXK7gXcf4FbOnNYAhcktcrn1Kiu34LRzDFFj2tnaA fje5kY/Z1aYQPJ9Y1aaqlF9yTjxtvnU/nsOvIAobwU9EE9RQHxfghNkYaIKgIcmUkfe/5p v3aAy8AH4rvOYVBbYhGW2LZzEI6iHH1MqOATlDco1J4T8NRyIc8k7peKVH9NQ/C9VvdhCX 3zt9Mg5vEQFuqjQL+zNvQ68DBFDEmFpWg81huCn5XNR7S/x+yB0DDevs/MIQV1Bjk3UB90 RR3iZ9KRzaAjJ9RaImi23MFpnp0Jo17imQUGeQGZ5/r9SX6GRvUQiu/YgV80og== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4dXhn33cDpz1GX0 for ; Fri, 19 Dec 2025 09:19:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 3f885 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Fri, 19 Dec 2025 09:19:19 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Olivier Certner Subject: git: 8185ac38a099 - stable/14 - setcred(): Fix RACCT resource accounting on credentials change List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 8185ac38a099f244ae6a71d381ac6c226d9264eb Auto-Submitted: auto-generated Date: Fri, 19 Dec 2025 09:19:19 +0000 Message-Id: <69451897.3f885.29e9e1d7@gitrepo.freebsd.org> The branch stable/14 has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=8185ac38a099f244ae6a71d381ac6c226d9264eb commit 8185ac38a099f244ae6a71d381ac6c226d9264eb Author: Olivier Certner AuthorDate: 2025-10-29 17:07:59 +0000 Commit: Olivier Certner CommitDate: 2025-12-19 09:16:47 +0000 setcred(): Fix RACCT resource accounting on credentials change When credentials are changed, we need to adjust the sum of resources associated to the initial and new process' user IDs (and old and new login classes and jails, but setcred() does not change them) for them to stay consistent. PR: 290352 MFC after: 3 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D53457 (cherry picked from commit 2be5127c4a31bacac9b4158395bfa844f6033626) --- sys/kern/kern_prot.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index db7377ed9c9c..044b8091310f 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -670,7 +670,7 @@ kern_setcred(struct thread *const td, const u_int flags, gid_t *groups = NULL; gid_t smallgroups[CRED_SMALLGROUPS_NB]; int error; - bool cred_set; + bool cred_set = false; /* Bail out on unrecognized flags. */ if (flags & ~SETCREDF_MASK) @@ -821,17 +821,32 @@ kern_setcred(struct thread *const td, const u_int flags, if (cred_set) { setsugid(p); to_free_cred = old_cred; +#ifdef RACCT + racct_proc_ucred_changed(p, old_cred, new_cred); +#endif +#ifdef RCTL + crhold(new_cred); +#endif MPASS(error == 0); } else error = EAGAIN; unlock_finish: PROC_UNLOCK(p); + /* * Part 3: After releasing the process lock, we perform cleanups and * finishing operations. */ +#ifdef RCTL + if (cred_set) { + rctl_proc_ucred_changed(p, new_cred); + /* Paired with the crhold() just above. */ + crfree(new_cred); + } +#endif + #ifdef MAC if (mac_set_proc_data != NULL) mac_set_proc_finish(td, proc_label_set, mac_set_proc_data);