From owner-dev-commits-src-all@freebsd.org Thu Mar 11 19:24:56 2021 Return-Path: Delivered-To: dev-commits-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id ECE555AB059; Thu, 11 Mar 2021 19:24:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DxJmm6QnXz3p0H; Thu, 11 Mar 2021 19:24:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CF69724A6; Thu, 11 Mar 2021 19:24:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 12BJOuU6097756; Thu, 11 Mar 2021 19:24:56 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 12BJOubr097755; Thu, 11 Mar 2021 19:24:56 GMT (envelope-from git) Date: Thu, 11 Mar 2021 19:24:56 GMT Message-Id: <202103111924.12BJOubr097755@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kyle Evans Subject: git: 7a1f6858dabf - releng/13.0 - jail(8): reset to root cpuset before attaching to run commands MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.0 X-Git-Reftype: branch X-Git-Commit: 7a1f6858dabfdb24d9f58a52fd5e6e1fe0ceead1 Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for all branches of the src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Mar 2021 19:24:57 -0000 The branch releng/13.0 has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=7a1f6858dabfdb24d9f58a52fd5e6e1fe0ceead1 commit 7a1f6858dabfdb24d9f58a52fd5e6e1fe0ceead1 Author: Kyle Evans AuthorDate: 2021-03-04 19:28:53 +0000 Commit: Kyle Evans CommitDate: 2021-03-11 19:24:28 +0000 jail(8): reset to root cpuset before attaching to run commands Recent changes have made it such that attaching to a jail will augment the attaching process' cpu mask with the jail's cpuset. While this is convenient for allowing the administrator to cpuset arbitrary programs that will attach to a jail, this is decidedly not convenient for executing long-running daemons during jail creation. This change inserts a reset of the process cpuset to the root cpuset between the fork and attach to execute a command. This allows commands executed to have the widest mask possible, and the administrator can cpuset(1) it back down inside the jail as needed. With this applied, one should be able to change a jail's cpuset at exec.poststart in addition to exec.created. The former was made difficult if jail(8) itself was running with a constrained set, as then some processes may have been spawned inside the jail with a non-root set. The latter is the preferred option so that processes starting in the jail are constrained appropriately up front. Note that all system commands are still run with the process' initial cpuset applied. PR: 253724 Approved by: re (gjb) (cherry picked from commit 466df976babed65f8a8de9e36d7f016a444609af) (cherry picked from commit bdd61b6914f1f961b5f414b2d5cc623a5a829b89) --- usr.sbin/jail/command.c | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/usr.sbin/jail/command.c b/usr.sbin/jail/command.c index a5c1839849fd..c1d418d6cc69 100644 --- a/usr.sbin/jail/command.c +++ b/usr.sbin/jail/command.c @@ -30,6 +30,7 @@ __FBSDID("$FreeBSD$"); #include +#include #include #include #include @@ -84,6 +85,20 @@ static struct cfstring dummystring = { .len = 1 }; static struct phhead phash[PHASH_SIZE]; static int kq; +static cpusetid_t +root_cpuset_id(void) +{ + static cpusetid_t setid = CPUSET_INVALID; + static int error; + + /* Only try to get the cpuset once. */ + if (error == 0 && setid == CPUSET_INVALID) + error = cpuset_getid(CPU_LEVEL_ROOT, CPU_WHICH_PID, -1, &setid); + if (error != 0) + return (CPUSET_INVALID); + return (setid); +} + /* * Run the next command associated with a jail. */ @@ -283,6 +298,7 @@ run_command(struct cfjail *j) enum intparam comparam; size_t comlen; pid_t pid; + cpusetid_t setid; int argc, bg, clean, consfd, down, fib, i, injail, sjuser, timeout; #if defined(INET) || defined(INET6) char *addr, *extrap, *p, *val; @@ -632,6 +648,10 @@ run_command(struct cfjail *j) injail = comparam == IP_EXEC_START || comparam == IP_COMMAND || comparam == IP_EXEC_STOP; + if (injail) + setid = root_cpuset_id(); + else + setid = CPUSET_INVALID; clean = bool_param(j->intparams[IP_EXEC_CLEAN]); username = string_param(j->intparams[injail ? IP_EXEC_JAIL_USER : IP_EXEC_SYSTEM_USER]); @@ -700,6 +720,19 @@ run_command(struct cfjail *j) jail_warnx(j, "setfib: %s", strerror(errno)); exit(1); } + + /* + * We wouldn't have specialized our affinity, so just setid to + * root. We do this prior to attaching to avoid the kernel + * having to create a transient cpuset that we'll promptly + * free up with a reset to the jail's cpuset. + * + * This is just a best-effort to use as wide of mask as + * possible. + */ + if (setid != CPUSET_INVALID) + (void)cpuset_setid(CPU_WHICH_PID, -1, setid); + if (jail_attach(j->jid) < 0) { jail_warnx(j, "jail_attach: %s", strerror(errno)); exit(1);