From owner-svn-src-head@freebsd.org Sat Dec 19 03:30:06 2020 Return-Path: Delivered-To: svn-src-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B80464B8688; Sat, 19 Dec 2020 03:30:06 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CyWSt4mKcz4b8P; Sat, 19 Dec 2020 03:30:06 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8BDC316811; Sat, 19 Dec 2020 03:30:06 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0BJ3U6cm068132; Sat, 19 Dec 2020 03:30:06 GMT (envelope-from kevans@FreeBSD.org) Received: (from kevans@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0BJ3U6b1068131; Sat, 19 Dec 2020 03:30:06 GMT (envelope-from kevans@FreeBSD.org) Message-Id: <202012190330.0BJ3U6b1068131@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kevans set sender to kevans@FreeBSD.org using -f From: Kyle Evans Date: Sat, 19 Dec 2020 03:30:06 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r368779 - head/sys/kern X-SVN-Group: head X-SVN-Commit-Author: kevans X-SVN-Commit-Paths: head/sys/kern X-SVN-Commit-Revision: 368779 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Dec 2020 03:30:06 -0000 Author: kevans Date: Sat Dec 19 03:30:06 2020 New Revision: 368779 URL: https://svnweb.freebsd.org/changeset/base/368779 Log: kern: cpuset: allow jails to modify child jails' roots This partially lifts a restriction imposed by r191639 ("Prevent a superuser inside a jail from modifying the dedicated root cpuset of that jail") that's perhaps beneficial after r192895 ("Add hierarchical jails."). Jails still cannot modify their own cpuset, but they can modify child jails' roots to further restrict them or widen them back to the modifying jails' own mask. As a side effect of this, the system root may once again widen the mask of jails as long as they're still using a subset of the parent jails' mask. This was previously prevented by the fact that cpuset_getroot of a root set will return that root, rather than the root's parent -- cpuset_modify uses cpuset_getroot since it was introduced in r327895, previously it was just validating against set->cs_parent which allowed the system root to widen jail masks. Reviewed by: jamie MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D27352 Modified: head/sys/kern/kern_cpuset.c Modified: head/sys/kern/kern_cpuset.c ============================================================================== --- head/sys/kern/kern_cpuset.c Sat Dec 19 03:07:38 2020 (r368778) +++ head/sys/kern/kern_cpuset.c Sat Dec 19 03:30:06 2020 (r368779) @@ -688,19 +688,34 @@ cpuset_modify(struct cpuset *set, cpuset_t *mask) if (error) return (error); /* - * In case we are called from within the jail + * In case we are called from within the jail, * we do not allow modifying the dedicated root * cpuset of the jail but may still allow to - * change child sets. + * change child sets, including subordinate jails' + * roots. */ - if (jailed(curthread->td_ucred) && - set->cs_flags & CPU_SET_ROOT) + if ((set->cs_flags & CPU_SET_ROOT) != 0 && + jailed(curthread->td_ucred) && + set == curthread->td_ucred->cr_prison->pr_cpuset) return (EPERM); /* * Verify that we have access to this set of * cpus. */ - root = cpuset_getroot(set); + if ((set->cs_flags & (CPU_SET_ROOT | CPU_SET_RDONLY)) == CPU_SET_ROOT) { + KASSERT(set->cs_parent != NULL, + ("jail.cpuset=%d is not a proper child of parent jail's root.", + set->cs_id)); + + /* + * cpuset_getroot() cannot work here due to how top-level jail + * roots are constructed. Top-level jails are parented to + * thread0's cpuset (i.e. cpuset 1) rather than the system root. + */ + root = set->cs_parent; + } else { + root = cpuset_getroot(set); + } mtx_lock_spin(&cpuset_lock); if (root && !CPU_SUBSET(&root->cs_mask, mask)) { error = EINVAL;