Date: Tue, 21 Feb 2023 15:51:36 GMT From: Zhenlei Huang <zlei@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: b2d76b52fd48 - main - jail: Fix redoing ip restricting Message-ID: <202302211551.31LFpa3c073690@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by zlei: URL: https://cgit.FreeBSD.org/src/commit/?id=b2d76b52fd48306486deff193d49b728afbb04a3 commit b2d76b52fd48306486deff193d49b728afbb04a3 Author: Zhenlei Huang <zlei@FreeBSD.org> AuthorDate: 2023-02-21 15:43:25 +0000 Commit: Zhenlei Huang <zlei@FreeBSD.org> CommitDate: 2023-02-21 15:43:25 +0000 jail: Fix redoing ip restricting `prison_ip_restrict()` is called in loop FOREACH_PRISON_DESCENDANT_LOCKED. While under low memory, it is still possible that in subsequent rounds `prison_ip_restrict()` succeed and `redo_ip[46]` flip over from true to false, thus leave some prisons's IPv[46] addresses unrestricted. Reviewed by: jamie Fixes: 8bce8d28abe6 jail: Avoid multipurpose return value of function prison_ip_restrict() Differential Revision: https://reviews.freebsd.org/D38697 --- sys/kern/kern_jail.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index 75be0df85448..92e8e4f34b42 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -2047,7 +2047,8 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags) continue; } #endif - redo_ip4 = !prison_ip_restrict(tpr, PR_INET, &ip4); + if (!prison_ip_restrict(tpr, PR_INET, &ip4)) + redo_ip4 = true; } mtx_unlock(&pr->pr_mtx); } @@ -2066,7 +2067,8 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags) continue; } #endif - redo_ip6 = !prison_ip_restrict(tpr, PR_INET6, &ip6); + if (!prison_ip_restrict(tpr, PR_INET6, &ip6)) + redo_ip6 = true; } mtx_unlock(&pr->pr_mtx); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202302211551.31LFpa3c073690>