From nobody Fri Jan 16 00:24:20 2026 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4dsgZs094Bz6NQJN for ; Fri, 16 Jan 2026 00:24:21 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4dsgZr45yZz3Znt for ; Fri, 16 Jan 2026 00:24:20 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1768523060; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=lSj/dXYRrEJ8b1+1MpUCLc7gmoC+wPIdaOvBNhNaP/0=; b=aZskKW4SqIU6nQkoAwrsqcLTYFshjbsgepsBov5UFxmeXubUrfzSCWG+/3cujcn3gZ4UmY 8IbtuTSHaFBlwQ1Vb30zGIcLss3mo+CZ/EBT8KpqDiIKgXOfYc0ay1ZNzcsuypojW2pVMh CsZYoALMWQ2KTkXOXd+GcehQZ9anf4lmsIMo0CqCuqm2PJw59xT9vD5+3r4dQ7wwSlAAHN q7RS65LAPZYxFSdXD5wj1S9TbSz8QGdDtsr0s+d1xEKa1QpDS5xJEn7IDVhZXNP+haxpDz 1hgjUKY4DZ+vVi9OJbngzepFqtsWqNvwIRG1mYIfxbx3Wq0GuXVEFkGGzL9Xsw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1768523060; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=lSj/dXYRrEJ8b1+1MpUCLc7gmoC+wPIdaOvBNhNaP/0=; b=sHsvicF8SjGAzssSVg8mzVKZ1R/RKhNPHlhEK+MVVGGg3gl/OVBdNWtnnEXI/+7qr1iuXK 3v4h3j29KJKeRrO9VnxQ3GfXGCxqs1GzlZa71wzJCMvwNAlyQfhnwFOqEY51AsZ7DzUSxU M654cyDfQsBcBzUDMBIoEeuzDYdqpg0g2uF/3X7Nb9jNOmSIfqAk1D47EPyWGo+AeNt1ET 2leHJ8NtsbvPpBrIIqL9P9QO+bGLmMTuGtPrUhP9vADbScyY93+yCu2VswwfLEJV9C8N0U EwBIuib/RCVGCOpKBMsCB97CyvCAxgFx07Pw9a+IppAuvDYcjl0qPdcJ+IVLwA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1768523060; a=rsa-sha256; cv=none; b=W4R7nyIuWOs0aHX7fV885p6e1pVcvnCewOleOO2wTQ7noBYYZSbPawAqXgaNAi16O88zuL 6PyfHgUug6N/TnbQbbWSXNzgmORNRRSbOrR3V2RKTGGk7G1cssP+NRZeQNDogIY1CtWVuo pHAmHlq4I3Ia2Nv2/lgAQX8cBt0oafOtiTPyCgRTp0SZi8ytLtr0gKlShzJUIi7H5penCa iu1TwrVVYPvPeHc3bgjhlbHWxAI+/pdwweI1GZsER+X9zGUlD6FDcT9afI0AH0XVzX34eX O0qvswKaYaWnUUnJYNOeTiM4yZ4Sr9HAOqQa/gEDn6/XqQk4YD4thdyc9pGHnQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4dsgZr3g4QzrW7 for ; Fri, 16 Jan 2026 00:24:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 3ba77 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Fri, 16 Jan 2026 00:24:20 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kyle Evans Subject: git: d7a517eb6d77 - main - jaildesc: add an accessor for the struct prison in a jaildesc List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: d7a517eb6d770e22db6a46a46677db27f565767c Auto-Submitted: auto-generated Date: Fri, 16 Jan 2026 00:24:20 +0000 Message-Id: <69698534.3ba77.7ea9c693@gitrepo.freebsd.org> The branch main has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=d7a517eb6d770e22db6a46a46677db27f565767c commit d7a517eb6d770e22db6a46a46677db27f565767c Author: Kyle Evans AuthorDate: 2025-10-26 01:42:30 +0000 Commit: Kyle Evans CommitDate: 2026-01-16 00:23:39 +0000 jaildesc: add an accessor for the struct prison in a jaildesc We'll subsequently use this in the MAC framework to get a struct prison when we already have the struct file in question, rather than an fd. Reviewed by: jamie, olce Differential Revision: https://reviews.freebsd.org/D53955 --- sys/kern/kern_jaildesc.c | 77 +++++++++++++++++++++++++++++++++++------------- sys/sys/jaildesc.h | 1 + 2 files changed, 57 insertions(+), 21 deletions(-) diff --git a/sys/kern/kern_jaildesc.c b/sys/kern/kern_jaildesc.c index f4e31801201f..80d0f3d07d7c 100644 --- a/sys/kern/kern_jaildesc.c +++ b/sys/kern/kern_jaildesc.c @@ -72,42 +72,66 @@ static const struct fileops jaildesc_ops = { }; /* - * Given a jail descriptor number, return its prison and/or its - * credential. They are returned held, and will need to be released - * by the caller. + * Retrieve a prison from a jail descriptor. If prp is not NULL, then the + * prison will be held and subsequently returned, and must be released by the + * caller. This differs from jaildesc_get_prison in that it doesn't actually + * require the caller to take the struct prison, which we use internally when + * the caller doesn't necessarily need it- it might just want to check validity. */ -int -jaildesc_find(struct thread *td, int fd, struct prison **prp, - struct ucred **ucredp) +static int +jaildesc_get_prison_impl(struct file *fp, struct prison **prp) { - struct file *fp; - struct jaildesc *jd; struct prison *pr; - int error; + struct jaildesc *jd; + + if (fp->f_type != DTYPE_JAILDESC) + return (EINVAL); - error = fget(td, fd, &cap_no_rights, &fp); - if (error != 0) - return (error); - if (fp->f_type != DTYPE_JAILDESC) { - error = EINVAL; - goto out; - } jd = fp->f_data; JAILDESC_LOCK(jd); pr = jd->jd_prison; if (pr == NULL || !prison_isvalid(pr)) { - error = ENOENT; JAILDESC_UNLOCK(jd); - goto out; + return (ENOENT); } + if (prp != NULL) { prison_hold(pr); *prp = pr; } + JAILDESC_UNLOCK(jd); - if (ucredp != NULL) - *ucredp = crhold(fp->f_cred); - out: + + return (0); +} + +/* + * Given a jail descriptor number, return its prison and/or its + * credential. They are returned held, and will need to be released + * by the caller. + */ +int +jaildesc_find(struct thread *td, int fd, struct prison **prp, + struct ucred **ucredp) +{ + struct file *fp; + int error; + + error = fget(td, fd, &cap_no_rights, &fp); + if (error != 0) + return (error); + + error = jaildesc_get_prison_impl(fp, prp); + if (error == 0) { + /* + * jaildesc_get_prison validated the file and held the prison + * for us if the caller wants it, so we just need to grab the + * ucred on the way out. + */ + if (ucredp != NULL) + *ucredp = crhold(fp->f_cred); + } + fdrop(fp, td); return (error); } @@ -145,6 +169,17 @@ jaildesc_alloc(struct thread *td, struct file **fpp, int *fdp, int owning) return (0); } +/* + * Retrieve a prison from a jail descriptor. It will be returned held, and must + * be released by the caller. + */ +int +jaildesc_get_prison(struct file *fp, struct prison **prp) +{ + MPASS(prp != NULL); + return (jaildesc_get_prison_impl(fp, prp)); +} + /* * Assocate a jail descriptor with its prison. */ diff --git a/sys/sys/jaildesc.h b/sys/sys/jaildesc.h index fda270d62e70..b0a1a6238cc9 100644 --- a/sys/sys/jaildesc.h +++ b/sys/sys/jaildesc.h @@ -78,6 +78,7 @@ struct jaildesc { int jaildesc_find(struct thread *td, int fd, struct prison **prp, struct ucred **ucredp); int jaildesc_alloc(struct thread *td, struct file **fpp, int *fdp, int owning); +int jaildesc_get_prison(struct file *jd, struct prison **prp); void jaildesc_set_prison(struct file *jd, struct prison *pr); void jaildesc_prison_cleanup(struct prison *pr); void jaildesc_knote(struct prison *pr, long hint);