diff options
| author | Mateusz Guzik <mjg@FreeBSD.org> | 2019-08-17 17:56:43 +0000 |
|---|---|---|
| committer | Mateusz Guzik <mjg@FreeBSD.org> | 2019-08-17 17:56:43 +0000 |
| commit | 60cdcb644d94df119b83b74be32369add0cb339b (patch) | |
| tree | fe91b30a4f85271dad72b813939507ea2432d985 /sys/kern/kern_fork.c | |
| parent | b05641b6bde45eb526b4247c68956587c10a9ea9 (diff) | |
Notes
Diffstat (limited to 'sys/kern/kern_fork.c')
| -rw-r--r-- | sys/kern/kern_fork.c | 23 |
1 files changed, 10 insertions, 13 deletions
diff --git a/sys/kern/kern_fork.c b/sys/kern/kern_fork.c index 28ef275ba274..c7edf76ac6de 100644 --- a/sys/kern/kern_fork.c +++ b/sys/kern/kern_fork.c @@ -800,9 +800,10 @@ fork1(struct thread *td, struct fork_req *fr) struct proc *p1, *newproc; struct thread *td2; struct vmspace *vm2; + struct ucred *cred; struct file *fp_procdesc; vm_ooffset_t mem_charged; - int error, nprocs_new, ok; + int error, nprocs_new; static int curfail; static struct timeval lastfail; int flags, pages; @@ -973,21 +974,17 @@ fork1(struct thread *td, struct fork_req *fr) /* * Increment the count of procs running with this uid. Don't allow * a nonprivileged user to exceed their current limit. - * - * XXXRW: Can we avoid privilege here if it's not needed? */ - error = priv_check_cred(td->td_ucred, PRIV_PROC_LIMIT); - if (error == 0) - ok = chgproccnt(td->td_ucred->cr_ruidinfo, 1, 0); - else { - ok = chgproccnt(td->td_ucred->cr_ruidinfo, 1, - lim_cur(td, RLIMIT_NPROC)); - } - if (ok) { - do_fork(td, fr, newproc, td2, vm2, fp_procdesc); - return (0); + cred = td->td_ucred; + if (!chgproccnt(cred->cr_ruidinfo, 1, lim_cur(td, RLIMIT_NPROC))) { + if (priv_check_cred(cred, PRIV_PROC_LIMIT) != 0) + goto fail0; + chgproccnt(cred->cr_ruidinfo, 1, 0); } + do_fork(td, fr, newproc, td2, vm2, fp_procdesc); + return (0); +fail0: error = EAGAIN; sx_xunlock(&allproc_lock); #ifdef MAC |