Date: Sat, 16 Jun 2018 17:12:01 -0600 From: James Gritton <jamie@freebsd.org> To: Fabian Freyer <fabian.freyer@physik.tu-berlin.de> Cc: freebsd-jail@freebsd.org, freebsd-hackers@freebsd.org Subject: Re: sizeof jail parameter values Message-ID: <92cb2f93a546e02a7fb5e11ea976e846@freebsd.org> In-Reply-To: <d33a0f84-ca48-9f35-6ab0-61247dff2cb3@physik.tu-berlin.de> References: <e7b27a24a56dd883777804e058e31737@freebsd.org> <d33a0f84-ca48-9f35-6ab0-61247dff2cb3@physik.tu-berlin.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2018-06-16 11:31, Fabian Freyer wrote:
> On 05/18/2018 18:49, James Gritton wrote:
>
>> I would recommend skipping out on jail_getv(), which is really only
>> good for getting a few well-known parameters, and instead use the more
>> complete but more complex jailparam_init/get/export/free.
> Thanks! I ended up writing wrappers around the jail_get(2) and
> jail_set(2) interfaces and constructing the iovectors myself, which
> ended up quite a bit cleaner. The jailparam_{init,get,export,free}
> APIs are unnecessarily complex and don't seem to be a good fit
> (writing wrappers around wrappers around wrappers etc...).
They're an attempt to make generic handlers in C, which isn't exactly a
language geared toward such things. If you're working only with a few
specific known fields, your way is just as well.
>> It gets more complicated with array parameters, those that can hold an
>> arbitrary number of values. The IP addresses are the best example of
>> that.
> I've now hit that snag. I see that the security.jail.param.ip4.addr
> and security.jail.param.ip6.addr sysctls contain the sizes of an
> in_addr_t and an in6_addr_t, respectively. How would I now determine
> the number of IPv4 and IPv6 addresses, or should I just allocate
> security.jail.jail_max_af_ips per family? I've tried to go through how
> libjail does it, but don't quite understand it, nor the implied race
> conditions (?) it attempts to mitigate by reading the vector multiple
> times:
>
> lib/libjail/jail.c:
> /*
> * Get the prison. If there are array elements, retry a few times
> * in case their sizes changed from under us.
> */
> for (sanity = 0;; sanity++) {
> [...]
If you read a parameters with the value's iov_base set to NULL, it will
return the parameter's length into your iov_len. So the way to read any
variable-length parameter is to call jail_get(2) once with a NULL value,
allocate a buffer according to the returned length, and then call it
again
with the allocated iov_base.
The race condition I look for is the jail changing between the time I
get
the length and the time I read the value - like most races, very
unlikely.
Once again, this is for the generic case. If you have a value with a
known
(and reasonably sized) maximum, such as MAXHOSTNAMELEN or max_af_ips,
it's
easier to just use that.
- James
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?92cb2f93a546e02a7fb5e11ea976e846>