From nobody Mon Sep 15 04:04:16 2025
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cQBHP2JSsz680H3;
	Mon, 15 Sep 2025 04:04:17 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4cQBHP1dWjz42Pw;
	Mon, 15 Sep 2025 04:04:17 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1757909057;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=ubYt7Hc+cCTNB+c1ErPeahrH/AmOoWAx/fLXDa7fmtY=;
	b=GK90yrDJa09idlZ+t1CCHbLBG/LirA8TVdfRmul9xZbsR3fDVIFlgXaLfOLREVZF37V0mr
	FyW/tqt7Nz00ng111BXuT4wkIlKCuqotfPV0qTgwV2S4viclMndFaDqt93+k6+/wC2ZNaM
	k+eNeYwGCHroTpx4f+8YTYMDcFcX9rA0Y+y8EAe/N91KHb8Q13RVQdrVqFEZ+ZbwP/WoF2
	0pDcdX/zuoDe5TeuV6EAx2Hacx8aieq3WR1PpHu5GOHo0ZA0yCEMgfadz+v3JqNqhjcN4E
	JD3Bj8ofdknowpg02HPoHSdEF2ByyZ+c48570GYAzYHTKnIhSzEKWajX8H+DmA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1757909057;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=ubYt7Hc+cCTNB+c1ErPeahrH/AmOoWAx/fLXDa7fmtY=;
	b=Pl8JDUQ5JzZa0ZIyNeWN0BoExWjgZ4sgZUIqlWF5gKxuNph4E9PoxYy0QjpjOkQF9QMkb5
	M6Wl15WOJ1s92Avi3Y6OlWPZXPvVBxM1VK6of/iA9g6Mt7RoeTeZhRYh9QLIT+qyIGXbBc
	XmBg3KUJohNN9ctguAvyifgg5Jhb0SjQ1LsOiYbekYiKZgkWQWP33b+gCG6ckjLYLPL6lC
	CvMhT1LrwPi0bs+43yeImu2RNhM4hLBiwG1dQeQSOKQO8t1peZSGVXcMmgUlnMUjd/pohl
	m+JvS3PlZqtCphIMpXjIymf7NCLDFfkNWrPdQwZVsBBMM+F7UWKsLqLbUCA55g==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1757909057; a=rsa-sha256; cv=none;
	b=Ml3zdRs3o4ApfLeooaBUa20nVnwUeM2fTDIdzXSsIALKdhzp99eQReA3qNm6GaONpp/zjE
	w2Y3K4hb4fyacomIplaocvvQeeadpnLfhep2GP98mpeUGRTR3s1wId9fz4OPzWUhN1Ipx4
	x8k+ye3Rw4H/9SDlp9gKSRsWNBRim5Grrq5i7PSdm4A3N1GVoXquG+S9IUlDsMjG8aL4M9
	W5PDV169F5SkUjS11VzhAHQAx1D4z8HTHQGbnB+oFx06vMWxwJxqX//WmxSCWRA9Uz47xC
	LgFtY4/RLTDDiUgPHA5Spq0x2c4zgCMX1HkhkbDp7EZWgrNXk2KyA7C/GRv34A==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cQBHP0fvbzfVM;
	Mon, 15 Sep 2025 04:04:17 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 58F44GGs046666;
	Mon, 15 Sep 2025 04:04:16 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 58F44G5K046663;
	Mon, 15 Sep 2025 04:04:16 GMT
	(envelope-from git)
Date: Mon, 15 Sep 2025 04:04:16 GMT
Message-Id: <202509150404.58F44G5K046663@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Jamie Gritton <jamie@FreeBSD.org>
Subject: git: 1a849ff1e9a9 - stable/15 - jail: simplify EVFILT_JAIL
  events
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: jamie
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/15
X-Git-Reftype: branch
X-Git-Commit: 1a849ff1e9a93f2d0f66c962a17b20af13796f01
Auto-Submitted: auto-generated

The branch stable/15 has been updated by jamie:

URL: https://cgit.FreeBSD.org/src/commit/?id=1a849ff1e9a93f2d0f66c962a17b20af13796f01

commit 1a849ff1e9a93f2d0f66c962a17b20af13796f01
Author:     Jamie Gritton <jamie@FreeBSD.org>
AuthorDate: 2025-09-12 05:22:45 +0000
Commit:     Jamie Gritton <jamie@FreeBSD.org>
CommitDate: 2025-09-15 03:33:18 +0000

    jail: simplify EVFILT_JAIL events
    
    Instead of using the EVFILT_PROC model of attempting to automatically
    register new events when a child jail is created, just give a single
    event when a child jail is created.  As was already done with jail
    attach events, make a best-effort report of the added jail's id in
    kn_data.  If the are multiple NOTE_JAIL_CHILD and/or NOTE_JAIL_ATTACH
    events, set the NOTE_JAIL_MULTI flag, and don't report anything in
    data, indicating that the caller will need to query the system state
    on their own.
    
    (cherry picked from commit dbcaac13e49c88d1c077f34f56dd2b7ba77a145a)
---
 lib/libsys/kqueue.2   | 41 +++++++++++------------------
 sys/kern/kern_event.c | 71 +++++++++++----------------------------------------
 sys/kern/kern_jail.c  |  4 +--
 sys/sys/event.h       | 17 ++++++------
 4 files changed, 39 insertions(+), 94 deletions(-)

diff --git a/lib/libsys/kqueue.2 b/lib/libsys/kqueue.2
index e413f7d4fbca..aafb5317c5e0 100644
--- a/lib/libsys/kqueue.2
+++ b/lib/libsys/kqueue.2
@@ -22,7 +22,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd September 4, 2025
+.Dd September 11, 2025
 .Dt KQUEUE 2
 .Os
 .Sh NAME
@@ -614,41 +614,30 @@ The process ID will be stored in
 If more than one process has attached since the last call to
 .Fn kevent ,
 .Va data
-will contain the most recently attached process ID,
-with
-.Dv NOTE_JAIL_ATTACH_MULTI
-set in
-.Va fflags .
+will be zero.
 .It Dv NOTE_JAIL_REMOVE
 The jail has been removed.
 .It Dv NOTE_JAIL_CHILD
 A child of the watched jail has been created.
-.It Dv NOTE_TRACK
-Follow child jails created under this jail.
-Register a new kevent to monitor the child jail using the same
-.Va fflags
-as the original event.
-The child jail will signal an event with
-.Dv NOTE_CHILD
-set in
-.Va fflags
-and the parent JID in
+Its jail ID will be stored in
 .Va data .
-.Pp
-If registering a new kevent fails
-.Pq usually due to resource limitations ,
-it will signal an event with
-.Dv NOTE_TRACKERR
-set in
-.Va fflags ,
-and the child jail will not signal a
-.Dv NOTE_CHILD
-event.
+If more than one jail has been created since the last call to
+.Fn kevent ,
+.Va data
+will be zero.
 .El
 .Pp
 On return,
 .Va fflags
 contains the events which triggered the filter.
+It will also contain
+.Dv NOTE_JAIL_MULTI
+if more than one
+.Dv NOTE_JAIL_ATTACH
+or
+.Dv NOTE_JAIL_CHILD
+event has been received since the last call to
+.Fn kevent .
 .It Dv EVFILT_TIMER
 Establishes an arbitrary timer identified by
 .Va ident .
diff --git a/sys/kern/kern_event.c b/sys/kern/kern_event.c
index 501adc151d44..8d1ff313735b 100644
--- a/sys/kern/kern_event.c
+++ b/sys/kern/kern_event.c
@@ -539,8 +539,7 @@ filt_proc(struct knote *kn, long hint)
  * process forked. Additionally, for each knote attached to the
  * parent, check whether user wants to track the new process. If so
  * attach a new knote to it, and immediately report an event with the
- * child's pid. This is also called on jail creation, which is treated
- * the same way by jail events.
+ * child's pid.
  */
 void
 knote_fork(struct knlist *list, int pid)
@@ -567,8 +566,6 @@ knote_fork(struct knlist *list, int pid)
 		/*
 		 * The same as knote(), activate the event.
 		 */
-		_Static_assert(NOTE_JAIL_CHILD == NOTE_FORK,
-		    "NOTE_JAIL_CHILD should be the same as NOTE_FORK");
 		if ((kn->kn_sfflags & NOTE_TRACK) == 0) {
 			if (kn->kn_fop->f_event(kn, NOTE_FORK))
 				KNOTE_ACTIVATE(kn, 1);
@@ -632,30 +629,11 @@ int
 filt_jailattach(struct knote *kn)
 {
 	struct prison *pr;
-	bool immediate;
 
-	immediate = false;
 	if (kn->kn_id == 0) {
 		/* Let jid=0 watch the current prison (including prison0). */
 		pr = curthread->td_ucred->cr_prison;
 		mtx_lock(&pr->pr_mtx);
-	} else if (kn->kn_flags & (EV_FLAG1 | EV_FLAG2)) {
-		/*
-		 * The kernel registers prisons before they are valid,
-		 * so prison_find_child will fail.
-		 */
-		TAILQ_FOREACH(pr, &allprison, pr_list) {
-			if (pr->pr_id < kn->kn_id)
-				continue;
-			if (pr->pr_id > kn->kn_id) {
-				pr = NULL;
-				break;
-			}
-			mtx_lock(&pr->pr_mtx);
-			break;
-		}
-		if (pr == NULL)
-			return (ENOENT);
 	} else {
 		sx_slock(&allprison_lock);
 		pr = prison_find_child(curthread->td_ucred->cr_prison,
@@ -670,32 +648,7 @@ filt_jailattach(struct knote *kn)
 	}
 	kn->kn_ptr.p_prison = pr;
 	kn->kn_flags |= EV_CLEAR;
-
-	/*
-	 * Internal flag indicating registration done by kernel for the
-	 * purposes of getting a NOTE_CHILD notification.
-	 */
-	if (kn->kn_flags & EV_FLAG2) {
-		kn->kn_flags &= ~EV_FLAG2;
-		kn->kn_data = kn->kn_sdata;		/* parent id */
-		kn->kn_fflags = NOTE_CHILD;
-		kn->kn_sfflags &= ~NOTE_JAIL_CTRLMASK;
-		immediate = true; /* Force immediate activation of child note. */
-	}
-	/*
-	 * Internal flag indicating registration done by kernel (for other than
-	 * NOTE_CHILD).
-	 */
-	if (kn->kn_flags & EV_FLAG1) {
-		kn->kn_flags &= ~EV_FLAG1;
-	}
-
 	knlist_add(pr->pr_klist, kn, 1);
-
-	/* Immediately activate any child notes. */
-	if (immediate)
-		KNOTE_ACTIVATE(kn, 0);
-
 	mtx_unlock(&pr->pr_mtx);
 	return (0);
 }
@@ -720,18 +673,24 @@ filt_jail(struct knote *kn, long hint)
 	if (pr == NULL) /* already activated, from attach filter */
 		return (0);
 
-	/* Mask off extra data. */
-	event = (u_int)hint & NOTE_JAIL_CTRLMASK;
+	/*
+	 * Mask off extra data.  In the NOTE_JAIL_CHILD case, that's
+	 * everything except the NOTE_JAIL_CHILD bit itself, since a
+	 * JID is any positive integer.
+	 */
+	event = ((u_int)hint & NOTE_JAIL_CHILD) ? NOTE_JAIL_CHILD :
+	    (u_int)hint & NOTE_JAIL_CTRLMASK;
 
 	/* If the user is interested in this event, record it. */
 	if (kn->kn_sfflags & event)
 		kn->kn_fflags |= event;
 
-	/* Report the attached process id. */
-	if (event == NOTE_JAIL_ATTACH) {
+	/* Report the created jail id or attached process id. */
+	if (event == NOTE_JAIL_CHILD || event == NOTE_JAIL_ATTACH) {
 		if (kn->kn_data != 0)
-			kn->kn_fflags |= NOTE_JAIL_ATTACH_MULTI;
-		kn->kn_data = hint & NOTE_JAIL_DATAMASK;
+			kn->kn_fflags |= NOTE_JAIL_MULTI;
+		kn->kn_data = (kn->kn_fflags & NOTE_JAIL_MULTI) ? 0U :
+		    (u_int)hint & ~event;
 	}
 
 	/* Prison is gone, so flag the event as finished. */
@@ -1729,8 +1688,8 @@ findkn:
 		/*
 		 * If possible, find an existing knote to use for this kevent.
 		 */
-		if ((kev->filter == EVFILT_PROC || kev->filter == EVFILT_JAIL)
-		    && (kev->flags & (EV_FLAG1 | EV_FLAG2)) != 0) {
+		if (kev->filter == EVFILT_PROC &&
+		    (kev->flags & (EV_FLAG1 | EV_FLAG2)) != 0) {
 			/* This is an internal creation of a process tracking
 			 * note. Don't attempt to coalesce this with an
 			 * existing note.
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index 3d18b03119ff..d90ccf4a04c8 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -2221,9 +2221,7 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags)
 	 */
 	if (created) {
 		sx_assert(&allprison_lock, SX_XLOCKED);
-		mtx_lock(&ppr->pr_mtx);
-		knote_fork(ppr->pr_klist, pr->pr_id);
-		mtx_unlock(&ppr->pr_mtx);
+		prison_knote(ppr, NOTE_JAIL_CHILD | pr->pr_id);
 		mtx_lock(&pr->pr_mtx);
 		drflags |= PD_LOCKED;
 		pr->pr_state = PRISON_STATE_ALIVE;
diff --git a/sys/sys/event.h b/sys/sys/event.h
index f161d2c938c1..91fbaa4834f7 100644
--- a/sys/sys/event.h
+++ b/sys/sys/event.h
@@ -205,19 +205,18 @@ struct freebsd11_kevent32 {
 #define	NOTE_PCTRLMASK	0xf0000000		/* mask for hint bits */
 #define	NOTE_PDATAMASK	0x000fffff		/* mask for pid */
 
+/* additional flags for EVFILT_PROC */
+#define	NOTE_TRACK	0x00000001		/* follow across fork/create */
+#define	NOTE_TRACKERR	0x00000002		/* could not track child */
+#define	NOTE_CHILD	0x00000004		/* am a child process */
+
 /* data/hint flags for EVFILT_JAIL */
-#define	NOTE_JAIL_SET		0x80000000	/* jail was modified */
-#define	NOTE_JAIL_CHILD		0x40000000	/* child jail was created */
+#define	NOTE_JAIL_CHILD		0x80000000	/* child jail was created */
+#define	NOTE_JAIL_SET		0x40000000	/* jail was modified */
 #define	NOTE_JAIL_ATTACH	0x20000000	/* jail was attached to */
 #define	NOTE_JAIL_REMOVE	0x10000000	/* jail was removed */
-#define NOTE_JAIL_ATTACH_MULTI	0x08000000	/* multiple procs attached */
+#define NOTE_JAIL_MULTI		0x08000000	/* multiple child or attach */
 #define	NOTE_JAIL_CTRLMASK	0xf0000000	/* mask for hint bits */
-#define	NOTE_JAIL_DATAMASK	0x000fffff	/* mask for pid */
-
-/* additional flags for EVFILT_PROC and EVFILT_JAIL */
-#define	NOTE_TRACK	0x00000001		/* follow across fork/create */
-#define	NOTE_TRACKERR	0x00000002		/* could not track child */
-#define	NOTE_CHILD	0x00000004		/* am a child process/jail */
 
 /* additional flags for EVFILT_TIMER */
 #define NOTE_SECONDS		0x00000001	/* data is seconds */