diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -576,16 +576,43 @@ struct epoch_context ctx; uint32_t ips; #ifdef FUTURE_C + /* + * XXX Variable-length automatic arrays in union may be + * supported in future C. + */ union { + char pr_ip[]; struct in_addr pr_ip4[]; struct in6_addr pr_ip6[]; }; #else /* No future C :( */ -#define PR_IP(pip, i) ((const char *)((pip) + 1) + pr_families[af].size * (i)) -#define PR_IPD(pip, i) ((char *)((pip) + 1) + pr_families[af].size * (i)) + char pr_ip[]; #endif }; +static const char * +pr_ip_get(const struct prison_ip *pip, const pr_family_t af, int idx) +{ + MPASS(pip); + MPASS(af < PR_FAMILY_MAX); + MPASS(idx >= 0 && idx < pip->ips); + + return (pip->pr_ip + pr_families[af].size * idx); +} + +static char * +pr_ip_get_d(struct prison_ip *pip, const pr_family_t af, int idx) +{ + MPASS(pip); + MPASS(af < PR_FAMILY_MAX); + MPASS(idx >= 0 && idx < pip->ips); + + return (pip->pr_ip + pr_families[af].size * idx); +} + +#define PR_IP(pip, i) (pr_ip_get((pip), af, (i))) +#define PR_IPD(pip, i) (pr_ip_get_d((pip), af, (i))) + static struct prison_ip * prison_ip_alloc(const pr_family_t af, uint32_t cnt, int flags) { @@ -610,7 +637,7 @@ struct prison_ip *pip; pip = prison_ip_alloc(af, cnt, M_WAITOK); - bcopy(op, pip + 1, cnt * size); + bcopy(op, pip->pr_ip, cnt * size); /* * IP addresses are all sorted but ip[0] to preserve * the primary IP address as given from userland. @@ -620,8 +647,7 @@ * address to connect from. */ if (cnt > 1) - qsort((char *)(pip + 1) + size, cnt - 1, size, - pr_families[af].cmp); + qsort(pip->pr_ip + size, cnt - 1, size, pr_families[af].cmp); /* * Check for duplicate addresses and do some simple * zero and broadcast checks. If users give other bogus @@ -654,7 +680,7 @@ if (ppr->pr_addrs[af] != NULL) { pr->pr_addrs[af] = prison_ip_alloc(af, ppr->pr_addrs[af]->ips, M_WAITOK); - bcopy(ppr->pr_addrs[af] + 1, pr->pr_addrs[af] + 1, + bcopy(ppr->pr_addrs[af]->pr_ip, pr->pr_addrs[af]->pr_ip, pr->pr_addrs[af]->ips * pr_families[af].size); } } @@ -814,7 +840,7 @@ alloced = false; if (!(pr->pr_flags & pr_families[af].ip_flag)) { /* This has no user settings, so just copy the parent's list. */ - bcopy(ppip + 1, new + 1, ips * size); + bcopy(ppip->pr_ip, new->pr_ip, ips * size); } else { /* Remove addresses that aren't in the parent. */ int i; @@ -921,7 +947,7 @@ mtx_assert(&pr->pr_mtx, MA_OWNED); MPASS(pip); - return (pip + 1); + return (pip->pr_ip); } u_int @@ -2360,14 +2386,14 @@ if (error != 0 && error != ENOENT) goto done; #ifdef INET - error = vfs_setopt_part(opts, "ip4.addr", pr->pr_addrs[PR_INET] + 1, + error = vfs_setopt_part(opts, "ip4.addr", pr->pr_addrs[PR_INET]->pr_ip, pr->pr_addrs[PR_INET] ? pr->pr_addrs[PR_INET]->ips * pr_families[PR_INET].size : 0 ); if (error != 0 && error != ENOENT) goto done; #endif #ifdef INET6 - error = vfs_setopt_part(opts, "ip6.addr", pr->pr_addrs[PR_INET6] + 1, + error = vfs_setopt_part(opts, "ip6.addr", pr->pr_addrs[PR_INET6]->pr_ip, pr->pr_addrs[PR_INET6] ? pr->pr_addrs[PR_INET6]->ips * pr_families[PR_INET6].size : 0 ); if (error != 0 && error != ENOENT) @@ -4177,7 +4203,7 @@ mtx_lock(&pr->pr_mtx); goto again; } - bcopy(pr->pr_addrs[af] + 1, *out, pr->pr_addrs[af]->ips * size); + bcopy(pr->pr_addrs[af]->pr_ip, *out, pr->pr_addrs[af]->ips * size); } } #endif @@ -4852,6 +4878,7 @@ struct jailsys_flags *jsf; #if defined(INET) || defined(INET6) int ii; + struct prison_ip *pip; #endif unsigned f; #ifdef INET @@ -4911,28 +4938,25 @@ db_printf(" host.hostuuid = %s\n", pr->pr_hostuuid); db_printf(" host.hostid = %lu\n", pr->pr_hostid); #ifdef INET - if (pr->pr_addrs[PR_INET] != NULL) { + if ((pip = pr->pr_addrs[PR_INET]) != NULL) { pr_family_t af = PR_INET; - - db_printf(" ip4s = %d\n", pr->pr_addrs[af]->ips); - for (ii = 0; ii < pr->pr_addrs[af]->ips; ii++) + db_printf(" ip4s = %d\n", pip->ips); + for (ii = 0; ii < pip->ips; ii++) db_printf(" %s %s\n", ii == 0 ? "ip4.addr =" : " ", inet_ntoa_r( - *(const struct in_addr *)PR_IP(pr->pr_addrs[af], ii), - ip4buf)); + *(const struct in_addr *)PR_IP(pip, ii), ip4buf)); } #endif #ifdef INET6 - if (pr->pr_addrs[PR_INET6] != NULL) { + if ((pip = pr->pr_addrs[PR_INET6]) != NULL) { pr_family_t af = PR_INET6; - - db_printf(" ip6s = %d\n", pr->pr_addrs[af]->ips); - for (ii = 0; ii < pr->pr_addrs[af]->ips; ii++) + db_printf(" ip6s = %d\n", pip->ips); + for (ii = 0; ii < pip->ips; ii++) db_printf(" %s %s\n", ii == 0 ? "ip6.addr =" : " ", ip6_sprintf(ip6buf, - (const struct in6_addr *)PR_IP(pr->pr_addrs[af], ii))); + (const struct in6_addr *)PR_IP(pip, ii))); } #endif }