Don't allow jail "accidental" resurrection of dead jails.
ClosedPublic
Actions

Authored by jamie on Feb 6 2021, 9:21 PM.

Details

Reviewers: None
Commits: rGd2bbfc375487: MFC jail: Don't allow jails under dying parents
rG0a2a96f35a4c: jail: Don't allow jails under dying parents

Summary

Stop dying jails from become alive again via races in fork(2) and jail_attach(2), and by the implicit rebirth of parent jails when a child jail is added when they're dying. Explicit rebirth the documented way, via the JAIL_DYING flag in jail_set(2), is still allowed.

The jail state and user reference count are a little more out of sync, with jail_remove(2) setting the state to dying before all the user references (processes) are gone. This makes pr_state the clear indicator of jail aliveness.

This builds on D28419, D27876, D28458, and D28473

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

jamie requested review of this revision.Feb 6 2021, 9:21 PM

jamie created this revision.

Fix up prison_deref_kill, which had some typos in which prison it was acting on. Also move prisons off of their parent's child lists along with the loop instead of all at the end.

jamie mentioned this in D28150: jail: Don't allow resurrection of dead jails.Feb 8 2021, 2:11 AM

Updated for cc7b73065302 and d4380c0cdd05.

This revision was not accepted when it landed; it landed in state Needs Review.Feb 23 2021, 1:05 AM

Closed by commit rG0a2a96f35a4c: jail: Don't allow jails under dying parents (authored by jamie). · Explain Why

This revision was automatically updated to reflect the committed changes.

jamie added a commit: rG0a2a96f35a4c: jail: Don't allow jails under dying parents.

jamie added a commit: rGd2bbfc375487: MFC jail: Don't allow jails under dying parents.Mar 12 2021, 6:50 PM