From owner-svn-src-head@freebsd.org  Sat Oct  6 02:10:32 2018
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id BDF4210BF874;
 Sat,  6 Oct 2018 02:10:32 +0000 (UTC)
 (envelope-from jamie@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 7538B7B28F;
 Sat,  6 Oct 2018 02:10:32 +0000 (UTC)
 (envelope-from jamie@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7020D1DF3C;
 Sat,  6 Oct 2018 02:10:32 +0000 (UTC)
 (envelope-from jamie@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w962AWvb066304;
 Sat, 6 Oct 2018 02:10:32 GMT (envelope-from jamie@FreeBSD.org)
Received: (from jamie@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w962AWmS066303;
 Sat, 6 Oct 2018 02:10:32 GMT (envelope-from jamie@FreeBSD.org)
Message-Id: <201810060210.w962AWmS066303@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: jamie set sender to
 jamie@FreeBSD.org using -f
From: Jamie Gritton <jamie@FreeBSD.org>
Date: Sat, 6 Oct 2018 02:10:32 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r339211 - head/sys/kern
X-SVN-Group: head
X-SVN-Commit-Author: jamie
X-SVN-Commit-Paths: head/sys/kern
X-SVN-Commit-Revision: 339211
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Oct 2018 02:10:32 -0000

Author: jamie
Date: Sat Oct  6 02:10:32 2018
New Revision: 339211
URL: https://svnweb.freebsd.org/changeset/base/339211

Log:
  Fix the test prohibiting jails from sharing IP addresses.
  
  It's not supposed to be legal for two jails to contain the same IP address,
  unless both jails contain only that one address.  This is the behavior
  documented in jail(8), and is there to prevent confusion when multiple
  jails are listening on IADDR_ANY.
  
  VIMAGE jails (now the default for GENERIC kernels) test this correctly,
  but non-VIMAGE jails have been performing an incomplete test when nested
  jails are used.
  
  Approved by:	re@ (kib@)
  MFC after:	5 days

Modified:
  head/sys/kern/kern_jail.c

Modified: head/sys/kern/kern_jail.c
==============================================================================
--- head/sys/kern/kern_jail.c	Fri Oct  5 21:10:03 2018	(r339210)
+++ head/sys/kern/kern_jail.c	Sat Oct  6 02:10:32 2018	(r339211)
@@ -1393,11 +1393,12 @@ kern_jail_set(struct thread *td, struct uio *optuio, i
 		 * there is a duplicate on a jail with more than one
 		 * IP stop checking and return error.
 		 */
-		tppr = ppr;
 #ifdef VIMAGE
-		for (; tppr != &prison0; tppr = tppr->pr_parent)
+		for (tppr = ppr; tppr != &prison0; tppr = tppr->pr_parent)
 			if (tppr->pr_flags & PR_VNET)
 				break;
+#else
+		tppr = &prison0;
 #endif
 		FOREACH_PRISON_DESCENDANT(tppr, tpr, descend) {
 			if (tpr == pr ||
@@ -1460,11 +1461,12 @@ kern_jail_set(struct thread *td, struct uio *optuio, i
 			}
 		}
 		/* Check for conflicting IP addresses. */
-		tppr = ppr;
 #ifdef VIMAGE
-		for (; tppr != &prison0; tppr = tppr->pr_parent)
+		for (tppr = ppr; tppr != &prison0; tppr = tppr->pr_parent)
 			if (tppr->pr_flags & PR_VNET)
 				break;
+#else
+		tppr = &prison0;
 #endif
 		FOREACH_PRISON_DESCENDANT(tppr, tpr, descend) {
 			if (tpr == pr ||