ucount: Make get_ucount a safe get_user replacement
commit 61956630e41032f05c1e95e85f715c8f317304b1 from https://github.com/altera-opensource/linux-socfpga.git [upstream commit f9d87929] When the ucount code was refactored to create get_ucount it was missed that some of the contexts in which a rlimit is kept elevated can be the only reference to the user/ucount in the system. Ordinary ucount references exist in places that also have a reference to the user namspace, but in POSIX message queues, the SysV shm code, and the SIGPENDING code there is no independent user namespace reference. Inspection of the the user_namespace show no instance of circular references between struct ucounts and the user_namespace. So hold a reference from struct ucount to i's user_namespace to resolve this problem. Link: https://lore.kernel.org/lkml/YZV7Z+yXbsx9p3JN@fixkernel.com/ Reported-by: Qian Cai <quic_qiancai@quicinc.com> Reported-by: Mathias Krause <minipli@grsecurity.net> Tested-by: Mathias Krause <minipli@grsecurity.net> Reviewed-by: Mathias Krause <minipli@grsecurity.net> Reviewed-by: Alexey Gladkov <legion@kernel.org> Fixes: d6469690 ("Reimplement RLIMIT_SIGPENDING on top of ucounts") Fixes: 6e52a9f0 ("Reimplement RLIMIT_MSGQUEUE on top of ucounts") Fixes: d7c9e99a ("Reimplement RLIMIT_MEMLOCK on top of ucounts") Cc: stable@vger.kernel.org Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Please register or sign in to comment