Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 19 Dec 2025 18:07:09 +0000
From:      Dag-Erling=?utf-8?Q? Sm=C3=B8rg?=rav <des@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: b063e9c13a91 - stable/13 - vfs: Let prison_enforce_statfs zero the fsid
Message-ID:  <6945944d.24352.76dacd29@gitrepo.freebsd.org>
index | next in thread | raw e-mail 

The branch stable/13 has been updated by des:

URL: https://cgit.FreeBSD.org/src/commit/?id=b063e9c13a916cea96596de5c32cd0206aaf1c08

commit b063e9c13a916cea96596de5c32cd0206aaf1c08
Author:     Dag-Erling Smørgrav <des@FreeBSD.org>
AuthorDate: 2025-12-14 13:16:16 +0000
Commit:     Dag-Erling Smørgrav <des@FreeBSD.org>
CommitDate: 2025-12-19 18:07:04 +0000

    vfs: Let prison_enforce_statfs zero the fsid
    
    Currently, we unconditionally zero the fsid before returning a struct
    statfs to a jailed process.  Move this into prison_enforce_statfs() so
    it only happens if enforce_statfs is greater than 1, or enforce_statfs
    is 1 but the mountpoint is outside the jail.
    
    PR:             291301
    MFC after:      1 week
    Reviewed by:    kib
    Differential Revision:  https://reviews.freebsd.org/D54214
    
    (cherry picked from commit d4f25d0c7957f0f1960028eec82625c2d6405537)
---
 sys/kern/kern_jail.c    | 3 +++
 sys/kern/vfs_syscalls.c | 5 +----
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index 5c2da1048b7b..a1ee1bf1aab8 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -3397,11 +3397,14 @@ prison_enforce_statfs(struct ucred *cred, struct mount *mp, struct statfs *sp)
 	if (pr->pr_enforce_statfs == 0)
 		return;
 	if (prison_canseemount(cred, mp) != 0) {
+		bzero(&sp->f_fsid, sizeof(sp->f_fsid));
 		bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
 		strlcpy(sp->f_mntonname, "[restricted]",
 		    sizeof(sp->f_mntonname));
 		return;
 	}
+	if (pr->pr_enforce_statfs > 1)
+		bzero(&sp->f_fsid, sizeof(sp->f_fsid));
 	if (pr->pr_root->v_mount == mp) {
 		/*
 		 * Clear current buffer data, so we are sure nothing from
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index 51f26b843c45..75568e858b78 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -291,10 +291,8 @@ kern_do_statfs(struct thread *td, struct mount *mp, struct statfs *buf)
 	error = VFS_STATFS(mp, buf);
 	if (error != 0)
 		goto out;
-	if (priv_check_cred_vfs_generation(td->td_ucred)) {
-		buf->f_fsid.val[0] = buf->f_fsid.val[1] = 0;
+	if (priv_check_cred_vfs_generation(td->td_ucred))
 		prison_enforce_statfs(td->td_ucred, mp, buf);
-	}
 out:
 	vfs_unbusy(mp);
 	return (error);
@@ -546,7 +544,6 @@ restart:
 			sptmp = malloc(sizeof(struct statfs), M_STATFS,
 			    M_WAITOK);
 			*sptmp = *sp;
-			sptmp->f_fsid.val[0] = sptmp->f_fsid.val[1] = 0;
 			prison_enforce_statfs(td->td_ucred, mp, sptmp);
 			sp = sptmp;
 		} else
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6945944d.24352.76dacd29>