Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 14 Dec 2025 13:46:16 +0000
From:      Dag-Erling=?utf-8?Q? Sm=C3=B8rg?=rav <des@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: d4f25d0c7957 - main - vfs: Let prison_enforce_statfs zero the fsid
Message-ID:  <693ebfa8.28a39.576ae4cc@gitrepo.freebsd.org>
index | next in thread | raw e-mail 

The branch main has been updated by des:

URL: https://cgit.FreeBSD.org/src/commit/?id=d4f25d0c7957f0f1960028eec82625c2d6405537

commit d4f25d0c7957f0f1960028eec82625c2d6405537
Author:     Dag-Erling Smørgrav <des@FreeBSD.org>
AuthorDate: 2025-12-14 13:16:16 +0000
Commit:     Dag-Erling Smørgrav <des@FreeBSD.org>
CommitDate: 2025-12-14 13:16:37 +0000

    vfs: Let prison_enforce_statfs zero the fsid
    
    Currently, we unconditionally zero the fsid before returning a struct
    statfs to a jailed process.  Move this into prison_enforce_statfs() so
    it only happens if enforce_statfs is greater than 1, or enforce_statfs
    is 1 but the mountpoint is outside the jail.
    
    PR:             291301
    MFC after:      1 week
    Reviewed by:    kib
    Differential Revision:  https://reviews.freebsd.org/D54214
---
 sys/kern/kern_jail.c    | 3 +++
 sys/kern/vfs_syscalls.c | 5 +----
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index d1149dd4fb3b..07b98fef8dfb 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -4117,11 +4117,14 @@ prison_enforce_statfs(struct ucred *cred, struct mount *mp, struct statfs *sp)
 	if (pr->pr_enforce_statfs == 0)
 		return;
 	if (prison_canseemount(cred, mp) != 0) {
+		bzero(&sp->f_fsid, sizeof(sp->f_fsid));
 		bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
 		strlcpy(sp->f_mntonname, "[restricted]",
 		    sizeof(sp->f_mntonname));
 		return;
 	}
+	if (pr->pr_enforce_statfs > 1)
+		bzero(&sp->f_fsid, sizeof(sp->f_fsid));
 	if (pr->pr_root->v_mount == mp) {
 		/*
 		 * Clear current buffer data, so we are sure nothing from
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index 1a739d354f1f..68f155de3db2 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -290,10 +290,8 @@ kern_do_statfs(struct thread *td, struct mount *mp, struct statfs *buf)
 	error = VFS_STATFS(mp, buf);
 	if (error != 0)
 		goto out;
-	if (priv_check_cred_vfs_generation(td->td_ucred)) {
-		buf->f_fsid.val[0] = buf->f_fsid.val[1] = 0;
+	if (priv_check_cred_vfs_generation(td->td_ucred))
 		prison_enforce_statfs(td->td_ucred, mp, buf);
-	}
 out:
 	vfs_unbusy(mp);
 	return (error);
@@ -545,7 +543,6 @@ restart:
 			sptmp = malloc(sizeof(struct statfs), M_STATFS,
 			    M_WAITOK);
 			*sptmp = *sp;
-			sptmp->f_fsid.val[0] = sptmp->f_fsid.val[1] = 0;
 			prison_enforce_statfs(td->td_ucred, mp, sptmp);
 			sp = sptmp;
 		} else
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?693ebfa8.28a39.576ae4cc>