From nobody Tue Jun 9 22:32:33 2026 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gZkDx46C9z6gmLn for ; Tue, 09 Jun 2026 22:32:33 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gZkDx33X2z3JBc for ; Tue, 09 Jun 2026 22:32:33 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781044353; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Nde1Qw+cDllbC6t3PPGGc+dEF4GsS9vzk8liR9ee8L0=; b=TgSHTeCZf+ZuXIZFhpFazt2psuwsRJkiiP1be9CWjFcUknQuujxhjCVruDw0BhUBGuEfUw 5lVVTQARJ0EyQBfQlgjgfDPvnk/i1LYvHw1Ged8QsvyC/psKKW9o3VJFz5QOwQuBQzuVhl LCejDu33ZAfR7yZBJAmH4X6nc6AQndp8s4vM8cLAcxz5HgZZ29XPLMjJVGtYAXTKH9GS3q DL5Y4D862oQVmqA79UVkYPCadivf5VenEbwrU4pV8LlBlpoMUbZvCQQBjM4F+G57sBJHGW cmTzey5ohKh6mYNvz6VYxdpeckV0RpjwioPjNdC1w7JkrO6Ton+Z+5NEpCa8UA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1781044353; a=rsa-sha256; cv=none; b=Z9VuFeCs/h9Pf+aqyUZftnnpIR0Z8x5Q5ErzFChaTzL4pWP6Twq9eIxtBgEihI/meGcUOs NfpQ0VavBaMOY4c2YgHx4C50a1iPmtCqpPWZgMClJT/wz4T6/tjQMYC2OCWAoWvaWb+Sni chR6zFlePRfy2Xiy3670UOUQR+HmeIKvWnsJU18kEukRDqt70dBEKfGfq/JY32GLEYW0Hv aaSBHwuMwwNLiQvhJJGJCf3q+c4hzzy8wNjSIp8Nj/RpdrNve5rlCAxfA++d4sTVQ7AmXF jo6zsZqYtegGEbZjDhrNo4lOYYYyDO5de63JM/q91O/VNIE1OQps58wiPg7/Zg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781044353; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Nde1Qw+cDllbC6t3PPGGc+dEF4GsS9vzk8liR9ee8L0=; b=OE9/Kd/4/Mi/RExTA8coRYD8vWL+YEyPnQf+OVIQqi+dto3GDAciay35NwjIRL/hyIRWIp QPhQ0JrZG5HHbJQ11VdXWYnZqaKTOsBpSuQON0jlg5jUR0Ff5hrlU8m93txt26pRr+15++ jimZq3DNpaysOmssJTXmWrXt9ju5EZ8fjhEJL0S0UHsOuaBeZx85dPxav/iGyAalWJ9ty1 S0Bu+DC4mKW3krD0oE3Lq5DGU8E53XpomHawHAPdIQlYMq+3aFCHZ8fOXlLvCWPrKg/V4S yjyNFhA8KcoLzfPQGxxeTs9QVhCxcefUtR93qH4q6KgWbn8ziTJWhLcnK3gelw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4gZkDx2fKYzv2X for ; Tue, 09 Jun 2026 22:32:33 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 320f5 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Tue, 09 Jun 2026 22:32:33 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Jamie Gritton Subject: git: b52dc2067618 - main - jail: Don't double-free the current prison in kern_jail_set/get List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jamie X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: b52dc2067618fc73e8d4d20e4035d1a67a8b455d Auto-Submitted: auto-generated Date: Tue, 09 Jun 2026 22:32:33 +0000 Message-Id: <6a289481.320f5.78341fda@gitrepo.freebsd.org> The branch main has been updated by jamie: URL: https://cgit.FreeBSD.org/src/commit/?id=b52dc2067618fc73e8d4d20e4035d1a67a8b455d commit b52dc2067618fc73e8d4d20e4035d1a67a8b455d Author: Jamie Gritton AuthorDate: 2026-06-09 22:31:40 +0000 Commit: Jamie Gritton CommitDate: 2026-06-09 22:31:40 +0000 jail: Don't double-free the current prison in kern_jail_set/get Reported by: Yuxiang Yang, et al Discussed with: markj MFC after: 3 days --- sys/kern/kern_jail.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index bc80adb91cd6..a8d44012db0f 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -1117,14 +1117,17 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags) * Look up and create jails based on the * descriptor's prison. */ - prison_free(mypr); - error = jaildesc_find(td, jfd_in, &mypr, NULL); + struct prison *jdpr; + + error = jaildesc_find(td, jfd_in, &jdpr, NULL); if (error != 0) { vfs_opterror(opts, error == ENOENT ? "descriptor to dead jail" : "not a jail descriptor"); goto done_errmsg; } + prison_free(mypr); + mypr = jdpr; if ((flags & JAIL_CREATE) && mypr->pr_childmax == 0) { error = EPERM; goto done_free; @@ -2618,14 +2621,17 @@ kern_jail_get(struct thread *td, struct uio *optuio, int flags) } if (flags & JAIL_AT_DESC) { /* Look up jails based on the descriptor's prison. */ - prison_free(mypr); - error = jaildesc_find(td, jfd_in, &mypr, NULL); + struct prison *jdpr; + + error = jaildesc_find(td, jfd_in, &jdpr, NULL); if (error != 0) { vfs_opterror(opts, error == ENOENT ? "descriptor to dead jail" : "not a jail descriptor"); goto done; } + prison_free(mypr); + mypr = jdpr; } if (flags & (JAIL_GET_DESC | JAIL_OWN_DESC)) { /* Allocate a jail descriptor to return later. */