From owner-svn-src-stable@freebsd.org  Fri Oct 19 02:35:27 2018
Return-Path: <owner-svn-src-stable@freebsd.org>
Delivered-To: svn-src-stable@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 56305F7E297;
 Fri, 19 Oct 2018 02:35:27 +0000 (UTC)
 (envelope-from jamie@freebsd.org)
Received: from gritton.org (gritton.org [199.192.165.131])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "gritton.org", Issuer "Let's Encrypt Authority X3" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id CC1BB89B84;
 Fri, 19 Oct 2018 02:35:26 +0000 (UTC)
 (envelope-from jamie@freebsd.org)
Received: from gritton.org ([127.0.0.131])
 by gritton.org (8.15.2/8.15.2) with ESMTP id w9J2ZOeW047627;
 Thu, 18 Oct 2018 20:35:25 -0600 (MDT)
 (envelope-from jamie@freebsd.org)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8;
 format=flowed
Content-Transfer-Encoding: 8bit
Date: Thu, 18 Oct 2018 20:35:24 -0600
From: James Gritton <jamie@freebsd.org>
To: Julian Elischer <julian@freebsd.org>
Cc: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject: Re: svn commit: r339411 - stable/11/sys/kern
In-Reply-To: <e5b40f8b-6ac1-54bf-073f-ffc7cb95d574@freebsd.org>
References: <201810171617.w9HGHvVx031753@repo.freebsd.org>
 <e5b40f8b-6ac1-54bf-073f-ffc7cb95d574@freebsd.org>
Message-ID: <e128b6a0c893aaaea2eb69d5489c5e9a@freebsd.org>
X-Sender: jamie@freebsd.org
User-Agent: Roundcube Webmail/1.3.6
X-BeenThere: svn-src-stable@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SVN commit messages for all the -stable branches of the src tree
 <svn-src-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-stable>, 
 <mailto:svn-src-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable/>
List-Post: <mailto:svn-src-stable@freebsd.org>
List-Help: <mailto:svn-src-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-stable>,
 <mailto:svn-src-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Oct 2018 02:35:27 -0000

On 2018-10-18 16:14, Julian Elischer wrote:
> On 17/10/18 9:17 am, Jamie Gritton wrote:
>> Author: jamie
>> Date: Wed Oct 17 16:17:57 2018
>> New Revision: 339411
>> URL: https://svnweb.freebsd.org/changeset/base/339411
>> 
>> Log:
>>    MFC r339211:
>>         Fix the test prohibiting jails from sharing IP addresses.
>>         It's not supposed to be legal for two jails to contain the 
>> same IP address,
>>      unless both jails contain only that one address.  This is the 
>> behavior
>>      documented in jail(8), and is there to prevent confusion when 
>> multiple
>>      jails are listening on IADDR_ANY.
>>         VIMAGE jails (now the default for GENERIC kernels) test this 
>> correctly,
>>      but non-VIMAGE jails have been performing an incomplete test when 
>> nested
>>      jails are used.
> I think VIMAGE Jails should be able to have the same address
> optionally..  who says they are even in the same universe?

Indeed.  This is just bad wording - vnet jails didn't have such a 
restriction before this commit, and nothing has changed.  When I said 
they test this correctly, it was about how jails that are descendants of 
vnet jails correctly check all other descendants of their vnet-enabled 
ancestor (also correct before, and unchanged).

For vnet jails themselves, the altered code blocks aren't even executed 
(because "ip4s > 0" and "ip6s > 0" apply only to non-vnet).

- Jamie


>> 
>> Modified:
>>    stable/11/sys/kern/kern_jail.c
>> Directory Properties:
>>    stable/11/   (props changed)
>> 
>> Modified: stable/11/sys/kern/kern_jail.c
>> ==============================================================================
>> --- stable/11/sys/kern/kern_jail.c	Wed Oct 17 16:17:56 2018	(r339410)
>> +++ stable/11/sys/kern/kern_jail.c	Wed Oct 17 16:17:57 2018	(r339411)
>> @@ -1411,11 +1411,12 @@ kern_jail_set(struct thread *td, struct uio 
>> *optuio, i
>>   		 * there is a duplicate on a jail with more than one
>>   		 * IP stop checking and return error.
>>   		 */
>> -		tppr = ppr;
>>   #ifdef VIMAGE
>> -		for (; tppr != &prison0; tppr = tppr->pr_parent)
>> +		for (tppr = ppr; tppr != &prison0; tppr = tppr->pr_parent)
>>   			if (tppr->pr_flags & PR_VNET)
>>   				break;
>> +#else
>> +		tppr = &prison0;
>>   #endif
>>   		FOREACH_PRISON_DESCENDANT(tppr, tpr, descend) {
>>   			if (tpr == pr ||
>> @@ -1478,11 +1479,12 @@ kern_jail_set(struct thread *td, struct uio 
>> *optuio, i
>>   			}
>>   		}
>>   		/* Check for conflicting IP addresses. */
>> -		tppr = ppr;
>>   #ifdef VIMAGE
>> -		for (; tppr != &prison0; tppr = tppr->pr_parent)
>> +		for (tppr = ppr; tppr != &prison0; tppr = tppr->pr_parent)
>>   			if (tppr->pr_flags & PR_VNET)
>>   				break;
>> +#else
>> +		tppr = &prison0;
>>   #endif
>>   		FOREACH_PRISON_DESCENDANT(tppr, tpr, descend) {
>>   			if (tpr == pr ||
>> 
>>